blob: 608a3cb2bb66590de320fac87cac0617f0f1091f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
|
# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
PYTHON_COMPAT=( python3_{10..12} )
inherit distutils-r1 linux-info systemd xdg-utils
DESCRIPTION="Desktop application firewall"
HOMEPAGE="https://github.com/evilsocket/opensnitch"
EGO_PN="github.com/evilsocket/opensnitch"
# modified from opensnitch/daemon/go.mod
# NOTE: build fails with github.com/josharian/native after commit 5c7d0dd6ab
EGO_VENDOR=(
"github.com/fsnotify/fsnotify v1.4.7"
"github.com/golang/protobuf v1.5.0"
"github.com/google/gopacket v1.1.14"
"github.com/google/nftables v0.1.0"
"github.com/google/uuid v1.3.0"
"github.com/iovisor/gobpf v0.2.0"
"github.com/varlink/go v0.4.0"
"github.com/vishvananda/netlink e1a867c6b452"
"golang.org/x/net 491a49abca63 github.com/golang/net"
"golang.org/x/sys v0.2.0 github.com/golang/sys"
"google.golang.org/grpc v1.32.0 github.com/grpc/grpc-go"
"google.golang.org/protobuf v1.27.1 github.com/protocolbuffers/protobuf-go"
"golang.org/x/sync v0.1.0 github.com/golang/sync"
"golang.org/x/text v0.7.0 github.com/golang/text"
"google.golang.org/genproto 0dfe4f8abfcc github.com/googleapis/go-genproto"
"github.com/mdlayher/netlink v1.7.1"
"github.com/mdlayher/socket 41a913f399"
"github.com/josharian/native v1.1.0"
"github.com/vishvananda/netns 7a452d2d15"
)
inherit golang-vcs-snapshot
SRC_URI="
https://github.com/evilsocket/opensnitch/archive/refs/tags/v${PV}.tar.gz -> ${P}.tar.gz
${EGO_VENDOR_URI}
"
LICENSE="GPL-3"
SLOT="0"
IUSE="+audit bpf +iptables +nftables systemd"
REQUIRED_USE="|| ( iptables nftables )"
KEYWORDS="~amd64 ~x86"
DEPEND=">=dev-lang/go-1.19
net-libs/libnetfilter_queue
dev-go/go-protobuf
dev-go/protoc-gen-go-grpc
"
RDEPEND="
dev-python/grpcio-tools[${PYTHON_USEDEP}]
dev-python/notify2[${PYTHON_USEDEP}]
dev-python/python-slugify[${PYTHON_USEDEP}]
dev-python/pyinotify[${PYTHON_USEDEP}]
dev-python/pyqt5[network,sql,${PYTHON_USEDEP}]
bpf? ( ~app-admin/opensnitch-ebpf-module-$PV )
"
RESTRICT+=" test"
pkg_setup() {
# see https://github.com/evilsocket/opensnitch/discussions/978
local CONFIG_CHECK="
INET_TCP_DIAG
INET_UDP_DIAG
INET_RAW_DIAG
INET_DIAG_DESTROY
NETFILTER_NETLINK_ACCT
NETFILTER_NETLINK_QUEUE
NF_CONNTRACK
NF_CT_NETLINK
PROC_FS
"
# config needed for the audit monitoring method
use audit && CONFIG_CHECK+="
AUDIT
"
# config needed for using iptables as firewall
use iptables && CONFIG_CHECK+="
NETFILTER_XT_MATCH_CONNTRACK
NETFILTER_XT_TARGET_NFQUEUE
"
# config needed for using nftables as firewall
use nftables && CONFIG_CHECK+="
NFT_CT
NFT_QUEUE
"
linux-info_pkg_setup
}
src_prepare() {
rm -rf src/${EGO_PN}/ui/tests || die
if use systemd; then
pushd ${WORKDIR}/${P}/src/${EGO_PN} > /dev/null || die
eapply "${FILESDIR}/${P}-systemd.patch"
popd > /dev/null || die
fi
pushd src/${EGO_PN} > /dev/null || die
eapply_user
popd > /dev/null || die
}
src_compile() {
emake -C src/${EGO_PN} protocol
pushd src/${EGO_PN}/ui > /dev/null || die
pyrcc5 -o opensnitch/{resources_rc.py,/res/resources.qrc}
# workaround for namespace conflict
# see https://github.com/evilsocket/opensnitch/issues/496
# and https://github.com/evilsocket/opensnitch/pull/442
sed -i 's/^import ui_pb2/from . import ui_pb2/' opensnitch/ui_pb2* || die
popd > /dev/null || die
# see https://github.com/evilsocket/opensnitch/issues/851
# opensnitch does not build without -fcf-protection when using go >= 1.19,
# error message:
# cgo: cannot load DWARF output from $WORK/..//_cgo_.o: zlib: invalid header
GOPATH="${S}:$(get_golibdir_gopath)" \
GOCACHE="${T}/go-cache" \
CGO_CPPFLAGS="${CPPFLAGS} -fcf-protection" \
CGO_CFLAGS="${CFLAGS} -fcf-protection" \
CGO_CXXFLAGS="${CXXFLAGS} -fcf-protection" \
go build -v \
-buildmode=pie \
-ldflags "-compressdwarf=false -linkmode external" \
-o opensnitchd \
"${EGO_PN}/daemon" || die
pushd src/${EGO_PN}/ui > /dev/null || die
distutils-r1_src_compile
popd > /dev/null || die
}
src_install(){
dobin opensnitchd
pushd src/${EGO_PN}/ui > /dev/null || die
distutils-r1_src_install
popd > /dev/null || die
pushd src/${EGO_PN}/daemon > /dev/null || die
insinto /etc/opensnitchd/rules
insinto /etc/opensnitchd/
doins default-config.json
doins system-fw.json
popd > /dev/null || die
if use systemd; then
pushd src/${EGO_PN}/daemon > /dev/null || die
systemd_dounit opensnitchd.service
popd > /dev/null || die
else
newinitd "${FILESDIR}"/opensnitch.initd ${PN}
fi
}
pkg_postinst() {
xdg_icon_cache_update
}
|