-
Notifications
You must be signed in to change notification settings - Fork 91
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
4 changed files
with
218 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1,2 @@ | ||
| DIST opensnitch-1.6.6.gh.tar.gz 1359621 BLAKE2B b6b2fa5b13f39413deb622fc7b0ebaab1789f41f25522da2e0a86262754861e9407697362b4af3a5106f9b4f781c7f5727a089a8ae2d648aafa8994f1c4b9bf4 SHA512 2fcdcc3a6ae44b5d5ed1a436f6622e74d5834e01856c9a072bb759638192f8ba9f49cbb48bfd875978d87284a20d1206352690a0e6e5f584e247506c8829d99f | ||
| DIST opensnitch-1.6.7.gh.tar.gz 1374914 BLAKE2B 0797f2c41db320c95b88b27b4e1f119a0b92e8fd12f35bf8fe9c73f8c642ead1be866ceedf99e819777b882b63cfdab900663910d99253475f9399f3c8922fd8 SHA512 12234304b4fb1a8af0f57a3cdfa684e91f36839fb1862e567912bcc8e9bd09adb2d837b88d6f4461647968cffe2c2260d07873c435cb50825ecb806499c8d3ca |
74 changes: 74 additions & 0 deletions
74
app-admin/opensnitch-ebpf-module/opensnitch-ebpf-module-1.6.7.ebuild
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,74 @@ | ||
| # Copyright 1999-2024 Gentoo Authors | ||
| # Distributed under the terms of the GNU General Public License v2 | ||
|
|
||
| EAPI=8 | ||
|
|
||
| inherit linux-info | ||
|
|
||
| DESCRIPTION="eBPF process monitor module for opensnitch" | ||
| HOMEPAGE="https://github.com/evilsocket/opensnitch" | ||
| # NOTE: app-admin/opensnitch and this ebuild share the same source | ||
| SRC_URI=" | ||
| https://github.com/evilsocket/opensnitch/archive/refs/tags/v${PV}.tar.gz -> opensnitch-${PV}.gh.tar.gz | ||
| " | ||
|
|
||
| S="${WORKDIR}/opensnitch-${PV}" | ||
| LICENSE="GPL-3" | ||
| SLOT="0" | ||
| KEYWORDS="amd64" | ||
| IUSE="dist-kernel" | ||
|
|
||
| EBPF_DIR=ebpf_prog | ||
| MINKV=5.5 # only compatible with kernels >= 5.5 | ||
|
|
||
| RDEPEND=" | ||
| dist-kernel? ( virtual/dist-kernel:= ) | ||
| ~app-admin/opensnitch-$PV | ||
| " | ||
|
|
||
| DEPEND=" | ||
| virtual/linux-sources | ||
| >=sys-kernel/linux-headers-${MINKV} | ||
| " | ||
|
|
||
| BDEPEND=" | ||
| sys-devel/bc | ||
| llvm-core/clang | ||
| llvm-core/llvm | ||
| " | ||
|
|
||
| RESTRICT="strip test" | ||
| QA_PREBUILT="*" | ||
|
|
||
| pkg_setup() { | ||
| # see https://github.com/evilsocket/opensnitch/discussions/978 | ||
| local CONFIG_CHECK=" | ||
| CGROUP_BPF | ||
| BPF_EVENTS | ||
| FTRACE_SYSCALLS | ||
| KPROBES_ON_FTRACE | ||
| KPROBE_EVENTS | ||
| UPROBE_EVENTS | ||
| " | ||
|
|
||
| linux-info_pkg_setup | ||
| kernel_is -ge ${MINKV//./ } || die "Kernel version at least ${MINKV} required" | ||
| } | ||
|
|
||
| src_compile() { | ||
| MODULES_MAKEARGS+=( | ||
| ARCH="x86" | ||
| EXTRA_FLAGS="-fno-stack-protector -fcf-protection" | ||
| KERNEL_DIR="${KV_DIR}" | ||
| KERNEL_HEADERS=/usr # gentoo installs linux-headers to /usr | ||
| ) | ||
| emake "${MODULES_MAKEARGS[@]}" -C "$EBPF_DIR" || die | ||
| llvm-strip -g "$EBPF_DIR"/opensnitch*.o | ||
| } | ||
|
|
||
| src_install(){ | ||
| insinto /usr/lib/opensnitchd/ebpf/ | ||
| doins "$EBPF_DIR"/opensnitch.o | ||
| doins "$EBPF_DIR"/opensnitch-dns.o | ||
| doins "$EBPF_DIR"/opensnitch-procs.o | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,2 +1,4 @@ | ||
| DIST opensnitch-1.6.6-deps.tar.gz 52512745 BLAKE2B 5333a4cf94a19fba18a18ff2a0fac46d02f8b3ea65b772bbf3dee39d023cb3073b3e5247aa9061d23f77d04e950863536753c5c83d7ce7ce8bf809d74f96180a SHA512 9dcace493782cf061520fb94b9855d8f249216b6b2df8ee69e9aa534a72e562b41e36c72a2c4f4fbedc785a7f024d3f0645050d2eda2d11c2ac997c570d0af4f | ||
| DIST opensnitch-1.6.6.gh.tar.gz 1359621 BLAKE2B b6b2fa5b13f39413deb622fc7b0ebaab1789f41f25522da2e0a86262754861e9407697362b4af3a5106f9b4f781c7f5727a089a8ae2d648aafa8994f1c4b9bf4 SHA512 2fcdcc3a6ae44b5d5ed1a436f6622e74d5834e01856c9a072bb759638192f8ba9f49cbb48bfd875978d87284a20d1206352690a0e6e5f584e247506c8829d99f | ||
| DIST opensnitch-1.6.7-deps.tar.xz 33462988 BLAKE2B ad609b1e3de4592a5ebe5ce931047fd35426e8e09090412903b2d9f437cbe84bd67a420ecff559eb0df001bc45953388df158c08f753268d28411ebaa608e315 SHA512 d7152675345a6150cff576150c06e4d03fa37542dd13a4b666a4d041ca23482c8a23273b37a0734ec394c211a4c1a3001b74e8101635b9720b8a7e5f544a8bfb | ||
| DIST opensnitch-1.6.7.gh.tar.gz 1374914 BLAKE2B 0797f2c41db320c95b88b27b4e1f119a0b92e8fd12f35bf8fe9c73f8c642ead1be866ceedf99e819777b882b63cfdab900663910d99253475f9399f3c8922fd8 SHA512 12234304b4fb1a8af0f57a3cdfa684e91f36839fb1862e567912bcc8e9bd09adb2d837b88d6f4461647968cffe2c2260d07873c435cb50825ecb806499c8d3ca |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,141 @@ | ||
| # Copyright 1999-2024 Gentoo Authors | ||
| # Distributed under the terms of the GNU General Public License v2 | ||
|
|
||
| EAPI=8 | ||
|
|
||
| DISTUTILS_USE_PEP517=setuptools | ||
| PYTHON_COMPAT=( python3_{11..13} ) | ||
| inherit distutils-r1 go-module linux-info systemd xdg-utils | ||
|
|
||
| DESCRIPTION="Desktop application firewall" | ||
| HOMEPAGE="https://github.com/evilsocket/opensnitch" | ||
|
|
||
| SRC_URI=" | ||
| https://github.com/evilsocket/opensnitch/archive/refs/tags/v${PV}.tar.gz -> ${P}.gh.tar.gz | ||
| https://dev.pentoo.ch/~blshkv/distfiles/${P}-deps.tar.xz | ||
| " | ||
|
|
||
| LICENSE="GPL-3" | ||
| SLOT="0" | ||
| KEYWORDS="amd64" | ||
| IUSE="+audit bpf +iptables +nftables systemd" | ||
| REQUIRED_USE="|| ( iptables nftables )" | ||
|
|
||
| DEPEND=">=dev-lang/go-1.19 | ||
| net-libs/libnetfilter_queue | ||
| dev-go/protobuf-go | ||
| dev-go/protoc-gen-go-grpc | ||
| " | ||
| RDEPEND=" | ||
| dev-python/grpcio-tools[${PYTHON_USEDEP}] | ||
| dev-python/notify2[${PYTHON_USEDEP}] | ||
| dev-python/python-slugify[${PYTHON_USEDEP}] | ||
| dev-python/pyinotify[${PYTHON_USEDEP}] | ||
| dev-python/pyqt5[network,sql,${PYTHON_USEDEP}] | ||
| bpf? ( ~app-admin/opensnitch-ebpf-module-$PV ) | ||
| " | ||
|
|
||
| RESTRICT+=" test" | ||
|
|
||
| pkg_setup() { | ||
| # see https://github.com/evilsocket/opensnitch/discussions/978 | ||
| local CONFIG_CHECK=" | ||
| INET_TCP_DIAG | ||
| INET_UDP_DIAG | ||
| INET_RAW_DIAG | ||
| INET_DIAG_DESTROY | ||
| NETFILTER_NETLINK_ACCT | ||
| NETFILTER_NETLINK_QUEUE | ||
| NF_CONNTRACK | ||
| NF_CT_NETLINK | ||
| PROC_FS | ||
| " | ||
|
|
||
| # config needed for the audit monitoring method | ||
| use audit && CONFIG_CHECK+=" | ||
| AUDIT | ||
| " | ||
|
|
||
| # config needed for using iptables as firewall | ||
| use iptables && CONFIG_CHECK+=" | ||
| NETFILTER_XT_MATCH_CONNTRACK | ||
| NETFILTER_XT_TARGET_NFQUEUE | ||
| " | ||
|
|
||
| # config needed for using nftables as firewall | ||
| use nftables && CONFIG_CHECK+=" | ||
| NFT_CT | ||
| NFT_QUEUE | ||
| " | ||
|
|
||
| linux-info_pkg_setup | ||
| } | ||
|
|
||
| PATCHES=( | ||
| "${FILESDIR}/fix-setup.py.patch" | ||
| ) | ||
|
|
||
| src_unpack() { | ||
| unpack ${A} # skip go module verification | ||
| } | ||
|
|
||
| src_prepare() { | ||
| rm -rf ui/tests || die | ||
| use systemd && eapply "${FILESDIR}/systemd.patch" | ||
| default | ||
| } | ||
|
|
||
| src_compile() { | ||
| emake protocol || die | ||
|
|
||
| pushd ui || die | ||
| pyrcc5 -o opensnitch/{resources_rc.py,/res/resources.qrc} || die | ||
| # workaround for namespace conflict | ||
| # see https://github.com/evilsocket/opensnitch/issues/496 | ||
| # and https://github.com/evilsocket/opensnitch/pull/442 | ||
| sed -i 's/^import ui_pb2/from . import ui_pb2/' opensnitch/ui_pb2* || die | ||
| popd > /dev/null || die | ||
|
|
||
| pushd daemon || die | ||
| GOCACHE="${T}/go-cache" \ | ||
| GOMODCACHE="${WORKDIR}/${PN}-${PV}/vendor" \ | ||
| ego build -v -buildmode=pie -o opensnitchd || die | ||
| popd > /dev/null || die | ||
|
|
||
| pushd ui || die | ||
| distutils-r1_src_compile | ||
| popd > /dev/null || die | ||
| } | ||
|
|
||
| src_install(){ | ||
| pushd ui || die | ||
| distutils-r1_src_install | ||
| popd > /dev/null || die | ||
|
|
||
| pushd daemon || die | ||
| dobin opensnitchd | ||
| keepdir /etc/opensnitchd/rules | ||
| insinto /etc/opensnitchd/ | ||
| doins default-config.json | ||
| doins system-fw.json | ||
| popd > /dev/null || die | ||
|
|
||
| if use systemd; then | ||
| pushd daemon || die | ||
| systemd_dounit opensnitchd.service | ||
| popd > /dev/null || die | ||
| else | ||
| newinitd "${FILESDIR}"/opensnitch.initd ${PN} | ||
| fi | ||
| } | ||
|
|
||
| pkg_postinst() { | ||
| xdg_icon_cache_update | ||
|
|
||
| #FIXME upstream bug: https://github.com/evilsocket/opensnitch/issues/795 | ||
| elog "Under regular user, run the following commands to display IP's network name:" | ||
| elog "cd ~/.config/opensnitch/" | ||
| elog "wget https://github.com/hadiasghari/pyasn/blob/master/data/ipasn_20140513_v12.dat.gz?raw=true -O ipasn_db.dat.gz" | ||
| elog "wget https://github.com/hadiasghari/pyasn/blob/master/data/asnames.json?raw=true" | ||
|
|
||
| } |