opensnitch: qt6 WiP

2025-12-06 08:25:01 +01:00 · 2025-08-20 09:52:21 +08:00 · 2025-08-20 09:52:21 +08:00 · 06cf8901f4
commit 06cf8901f4
parent ec2464951c
5 changed files with 184 additions and 0 deletions
--- a/app-admin/opensnitch/Manifest
+++ b/app-admin/opensnitch/Manifest
@ -2,3 +2,4 @@ DIST opensnitch-1.6.6-deps.tar.gz 52512745 BLAKE2B 5333a4cf94a19fba18a18ff2a0fac
 DIST opensnitch-1.6.6.gh.tar.gz 1359621 BLAKE2B b6b2fa5b13f39413deb622fc7b0ebaab1789f41f25522da2e0a86262754861e9407697362b4af3a5106f9b4f781c7f5727a089a8ae2d648aafa8994f1c4b9bf4 SHA512 2fcdcc3a6ae44b5d5ed1a436f6622e74d5834e01856c9a072bb759638192f8ba9f49cbb48bfd875978d87284a20d1206352690a0e6e5f584e247506c8829d99f
 DIST opensnitch-1.6.7-deps.tar.xz 33462988 BLAKE2B ad609b1e3de4592a5ebe5ce931047fd35426e8e09090412903b2d9f437cbe84bd67a420ecff559eb0df001bc45953388df158c08f753268d28411ebaa608e315 SHA512 d7152675345a6150cff576150c06e4d03fa37542dd13a4b666a4d041ca23482c8a23273b37a0734ec394c211a4c1a3001b74e8101635b9720b8a7e5f544a8bfb
 DIST opensnitch-1.6.7.gh.tar.gz 1374914 BLAKE2B 0797f2c41db320c95b88b27b4e1f119a0b92e8fd12f35bf8fe9c73f8c642ead1be866ceedf99e819777b882b63cfdab900663910d99253475f9399f3c8922fd8 SHA512 12234304b4fb1a8af0f57a3cdfa684e91f36839fb1862e567912bcc8e9bd09adb2d837b88d6f4461647968cffe2c2260d07873c435cb50825ecb806499c8d3ca
+DIST opensnitch-1.7.2.gh.tar.gz 1670398 BLAKE2B 6b36ded42105aa37816a6676059a137e1945f62f5dcde689dbea2aa957aeb89292c8d40ce4c4b3bdabc90a4d416cb4f682ba15293bf1ebc7270939411b31c540 SHA512 7a641b574af9569d8678f819cfc7116ee61362a656289c787bea88a74baf5614f4da6571e8e23dc8055a2c59e6a04245ffea5acdefe5b4abea2140e2e649b89c
--- a/app-admin/opensnitch/opensnitch-1.7.2.ebuild
+++ b/app-admin/opensnitch/opensnitch-1.7.2.ebuild
@ -0,0 +1,146 @@
+# Copyright 2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+DISTUTILS_USE_PEP517=setuptools
+PYTHON_COMPAT=( python3_{11..13} )
+inherit distutils-r1 go-module linux-info systemd xdg-utils
+
+DESCRIPTION="Desktop application firewall"
+HOMEPAGE="https://github.com/evilsocket/opensnitch"
+
+SRC_URI="
+	https://github.com/evilsocket/opensnitch/archive/refs/tags/v${PV}.tar.gz -> ${P}.gh.tar.gz
+	"
+#	https://dev.pentoo.ch/~blshkv/distfiles/${P}-deps.tar.xz
+
+LICENSE="GPL-3"
+SLOT="0"
+# Wait for the next release with qt6 support
+#KEYWORDS="amd64"
+
+IUSE="+audit bpf +iptables +nftables systemd"
+REQUIRED_USE="|| ( iptables nftables )"
+
+DEPEND=">=dev-lang/go-1.19
+	net-libs/libnetfilter_queue
+	dev-go/protobuf-go
+	dev-go/protoc-gen-go-grpc
+"
+RDEPEND="
+	dev-python/pyqt6[network,sql,${PYTHON_USEDEP}]
+	dev-python/protobuf[${PYTHON_USEDEP}]
+	dev-python/grpcio-tools[${PYTHON_USEDEP}]
+	dev-python/python-slugify[${PYTHON_USEDEP}]
+	dev-python/pyinotify[${PYTHON_USEDEP}]
+	dev-python/notify2[${PYTHON_USEDEP}]
+	dev-python/qt-material[${PYTHON_USEDEP}]
+
+	bpf? ( ~app-admin/opensnitch-ebpf-module-$PV )
+"
+
+RESTRICT+=" test"
+
+pkg_setup() {
+	# see https://github.com/evilsocket/opensnitch/discussions/978
+	local CONFIG_CHECK="
+		INET_TCP_DIAG
+		INET_UDP_DIAG
+		INET_RAW_DIAG
+		INET_DIAG_DESTROY
+		NETFILTER_NETLINK_ACCT
+		NETFILTER_NETLINK_QUEUE
+		NF_CONNTRACK
+		NF_CT_NETLINK
+		PROC_FS
+	"
+
+	# config needed for the audit monitoring method
+	use audit && CONFIG_CHECK+="
+		AUDIT
+	"
+
+	# config needed for using iptables as firewall
+	use iptables && CONFIG_CHECK+="
+		NETFILTER_XT_MATCH_CONNTRACK
+		NETFILTER_XT_TARGET_NFQUEUE
+	"
+
+	# config needed for using nftables as firewall
+	use nftables && CONFIG_CHECK+="
+		NFT_CT
+		NFT_QUEUE
+	"
+
+	linux-info_pkg_setup
+}
+
+PATCHES=(
+	"${FILESDIR}/fix-setup.py.patch"
+)
+
+src_unpack() {
+	unpack ${A} # skip go module verification
+}
+
+src_prepare() {
+	rm -rf ui/tests || die
+	use systemd && eapply "${FILESDIR}/systemd.patch"
+	default
+}
+
+src_compile() {
+	emake protocol || die
+
+	pushd ui || die
+	pyrcc5 -o opensnitch/{resources_rc.py,/res/resources.qrc} || die
+	# workaround for namespace conflict
+	# see https://github.com/evilsocket/opensnitch/issues/496
+	# and https://github.com/evilsocket/opensnitch/pull/442
+	sed -i 's/^import ui_pb2/from . import ui_pb2/' opensnitch/ui_pb2* || die
+	popd > /dev/null || die
+
+	pushd daemon || die
+	GOCACHE="${T}/go-cache" \
+	GOMODCACHE="${WORKDIR}/${PN}-${PV}/vendor" \
+	ego build -v -buildmode=pie -o opensnitchd || die
+	popd > /dev/null || die
+
+	pushd ui || die
+	distutils-r1_src_compile
+	popd > /dev/null || die
+}
+
+src_install(){
+	pushd ui || die
+	distutils-r1_src_install
+	popd > /dev/null || die
+
+	pushd daemon || die
+	dobin opensnitchd
+	keepdir /etc/opensnitchd/rules
+	insinto /etc/opensnitchd/
+	doins default-config.json
+	doins system-fw.json
+	popd > /dev/null || die
+
+	if use systemd; then
+		pushd daemon || die
+		systemd_dounit opensnitchd.service
+		popd > /dev/null || die
+	else
+		newinitd "${FILESDIR}"/opensnitch.initd ${PN}
+	fi
+}
+
+pkg_postinst() {
+	xdg_icon_cache_update
+
+	#FIXME upstream bug: https://github.com/evilsocket/opensnitch/issues/795
+	elog "Under regular user, run the following commands to display IP's network name:"
+	elog "cd ~/.config/opensnitch/"
+	elog "wget https://github.com/hadiasghari/pyasn/blob/master/data/ipasn_20140513_v12.dat.gz?raw=true -O ipasn_db.dat.gz"
+	elog  "wget https://github.com/hadiasghari/pyasn/blob/master/data/asnames.json?raw=true"
+
+}
--- a/dev-python/qt-material/Manifest
+++ b/dev-python/qt-material/Manifest
@ -0,0 +1 @@
+DIST qt_material-2.17.tar.gz 1668475 BLAKE2B da661275b240527e1f8ef2da8c1a7b43bd5b58ba883c099e7e4ad327c6e60cf2cb5f7bd2916b2ea86621f9623904beeccdd6b84c81f385c544a90771a96b2ee7 SHA512 2b84640753125fd743b9afb671b4bdaef19871804990b8a8b98cedf12f6f109950d75ea7a1f287dc40d43e237a08526206eb4f882b2ef854ef2de8484e5a6425
--- a/dev-python/qt-material/metadata.xml
+++ b/dev-python/qt-material/metadata.xml
@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="person">
+		<email>unknown@pentoo.ch</email>
+		<name>Author Unknown</name>
+	</maintainer>
+	<upstream>
+		<remote-id type="pypi">qt-material</remote-id>
+	</upstream>
+</pkgmetadata>
--- a/dev-python/qt-material/qt-material-2.17.ebuild
+++ b/dev-python/qt-material/qt-material-2.17.ebuild
@ -0,0 +1,25 @@
+# Copyright 2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+DISTUTILS_USE_PEP517=setuptools
+PYTHON_COMPAT=( python3_{11..13} )
+
+inherit distutils-r1 pypi
+
+DESCRIPTION="Material inspired stylesheet for PySide6 and PyQt6."
+HOMEPAGE="https://pypi.org/project/qt-material/"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="amd64 ~arm64 x86"
+
+RDEPEND="${PYTHON_DEPS}"
+DEPEND="${RDEPEND}
+	dev-python/jinja2[${PYTHON_USEDEP}]
+"
+REQUIRED_USE="${PYTHON_REQUIRED_USE}"
+
+RESTRICT="test"
+#distutils_enable_tests pytest
				`@ -0,0 +1 @@`
				`DIST qt_material-2.17.tar.gz 1668475 BLAKE2B da661275b240527e1f8ef2da8c1a7b43bd5b58ba883c099e7e4ad327c6e60cf2cb5f7bd2916b2ea86621f9623904beeccdd6b84c81f385c544a90771a96b2ee7 SHA512 2b84640753125fd743b9afb671b4bdaef19871804990b8a8b98cedf12f6f109950d75ea7a1f287dc40d43e237a08526206eb4f882b2ef854ef2de8484e5a6425`