Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:munix9
opensnitch
opensnitch.spec
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File opensnitch.spec of Package opensnitch
# # spec file for package opensnitch # # copyright (c) 2024 munix9@googlemail.com # Name: opensnitch Version: 1.6.5.1 Release: 0 Summary: GNU/Linux interactive application firewall License: GPL-3.0-or-later URL: https://github.com/evilsocket/opensnitch Source0: https://github.com/evilsocket/opensnitch/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz Source1: vendor.tar.xz # https://salsa.debian.org/go-team/packages/opensnitch/-/tree/debian/sid/debian/man Source10: opensnitchd.1 Source11: opensnitch-ui.1 Patch0: fix-systemd-service.patch Patch1: fix-go_mod-require.patch Patch2: fix-remove-go_get.patch Patch3: fix-remove-ui_deps.patch Patch4: fix-remove-dist_path.patch Patch5: fix-pyasn-data-path.patch Patch6: fix-potential-bashisms.patch Patch7: fix-setup_py.patch Patch8: fix-system-sleep.patch BuildRequires: AppStream BuildRequires: clang BuildRequires: fdupes BuildRequires: golang-packaging BuildRequires: kernel-default-devel BuildRequires: llvm BuildRequires: pkgconfig BuildRequires: protoc-gen-go BuildRequires: protoc-gen-go-grpc BuildRequires: python3-grpcio-tools BuildRequires: pkgconfig(libmnl) BuildRequires: pkgconfig(libnetfilter_queue) BuildRequires: pkgconfig(libpcap) BuildRequires: pkgconfig(protobuf) Requires: logrotate Recommends: %{name}-ui = %{version} Suggests: systemd-network %{?systemd_ordering} %description OpenSnitch is a GNU/Linux firewall application. Whenever a program makes a connection, it'll prompt the user to allow or deny it. The user can decide if block the outgoing connection based on properties of the connection: by port, by uid, by dst ip, by program or a combination of them. These rules can last forever, until the app restart or just one time. The GUI allows the user to view live outgoing connections, as well as search by process, user, host or port. OpenSnitch can also work as a system-wide domains blocker, by using lists of domains, list of IPs or list of regular expressions. %package ui Summary: GNU/Linux interactive application firewall GUI License: GPL-3.0-only BuildRequires: hicolor-icon-theme BuildRequires: python-rpm-macros BuildRequires: python3-pip BuildRequires: python3-qt5-devel BuildRequires: python3-setuptools BuildRequires: python3-wheel BuildRequires: update-desktop-files Requires: python3-grpcio-tools Requires: python3-notify2 Requires: python3-protobuf Requires: python3-pyinotify Requires: python3-python-slugify Requires: python3-qt5 Requires: xdg-user-dirs Recommends: %{name} = %{version} Recommends: python3-pyasn Recommends: python3-qt-material Suggests: QGnomePlatform-qt5 BuildArch: noarch %description ui opensnitch-ui is a GUI for opensnitch written in Python. It allows the user to view live outgoing connections, as well as search for details of the intercepted connections. The user can decide if block outgoing connections based on properties of the connection: by port, by uid, by dst ip, by program or a combination of them. These rules can last forever, until restart the daemon or just one time. OpenSnitch can also work as a system-wide domains blocker, by using lists of domains, list of IPs or list of regular expressions. %prep %autosetup -p1 tar -xf %{SOURCE1} -C daemon %if 0%{?suse_version} > 1500 %ifarch x86_64 sed -e 's/EXTRA_FLAGS) /EXTRA_FLAGS) -fcf-protection /' -i ebpf_prog/Makefile %endif %endif rm -r ui/tests %build # "-ldflags='-linkmode=external -buildid='" moved in fix-remove-go_get.patch export GOFLAGS="-mod=vendor -buildmode=pie -trimpath" # daemon make # ui pushd ui %python3_pyproject_wheel popd # ebpf-modules make -C ebpf_prog \ KERNEL_DIR=/lib/modules/$(uname -r)/source \ KERNEL_HEADERS=/lib/modules/$(uname -r)/build %install # daemon install -D -m 0755 -t %{buildroot}%{_sbindir} daemon/opensnitchd ln -s service %{buildroot}%{_sbindir}/rc%{name} install -D -m 0644 -t %{buildroot}%{_unitdir} \ utils/packaging/daemon/deb/debian/%{name}.service install -D -m 0755 utils/scripts/restart-opensnitch-onsleep.sh \ %{buildroot}%{_systemd_util_dir}/system-sleep/%{name} install -d -m 0755 %{buildroot}%{_sysconfdir}/opensnitchd/rules install -D -m 0644 -t %{buildroot}%{_sysconfdir}/opensnitchd \ daemon/{default-config,system-fw}.json install -D -m 0644 utils/packaging/daemon/deb/debian/%{name}.logrotate \ %{buildroot}%{_sysconfdir}/logrotate.d/%{name} install -d -m 0755 %{buildroot}%{_localstatedir}/log touch %{buildroot}%{_localstatedir}/log/opensnitchd.log # ui pushd ui %python3_pyproject_install %suse_update_desktop_file %{name}_ui appstreamcli validate --no-net \ %{buildroot}%{_datadir}/metainfo/io.github.evilsocket.%{name}.appdata.xml install -D -m 0644 -t %{buildroot}%{_sysconfdir}/xdg/autostart \ %{buildroot}%{_datadir}/applications/%{name}_ui.desktop popd # ebpf-modules #export NO_BRP_STRIP_DEBUG=true pushd ebpf_prog llvm-strip -g opensnitch{,-dns,-procs}.o install -D -m 0644 -t %{buildroot}%{_prefix}/lib/opensnitchd/ebpf \ opensnitch{,-dns,-procs}.o popd # man pages install -D -m 0644 -t %{buildroot}%{_mandir}/man1 %{SOURCE10} %{SOURCE11} %fdupes -s %{buildroot}%{_prefix}/lib %check cd ebpf_prog echo "check for '1 kprobe/tcp_v4_connect' in opensnitch.o ..." objdump -h opensnitch.o | grep "1 kprobe/tcp_v4_connect" %pre %service_add_pre %{name}.service %post %service_add_post %{name}.service %preun %service_del_preun %{name}.service %postun %service_del_postun %{name}.service %files %license LICENSE %doc README.md %doc utils/scripts/debug-ebpf-maps.sh %doc daemon/data/rules/000-allow-localhost.json %{_sbindir}/opensnitchd %{_sbindir}/rc%{name} %dir %{_sysconfdir}/opensnitchd %dir %{_sysconfdir}/opensnitchd/rules %config(noreplace) %{_sysconfdir}/logrotate.d/%{name} %config(noreplace) %{_sysconfdir}/opensnitchd/*.json %dir %{_prefix}/lib/opensnitchd %dir %{_prefix}/lib/opensnitchd/ebpf %{_prefix}/lib/opensnitchd/ebpf/opensnitch{,-dns,-procs}.o %dir %{_systemd_util_dir}/system-sleep %{_systemd_util_dir}/system-sleep/%{name} %{_unitdir}/%{name}.service %{_mandir}/man1/opensnitchd.1%{?ext_man} %ghost %{_localstatedir}/log/opensnitchd.log %files ui %license ui/LICENSE %doc README.md %{_bindir}/%{name}-ui %{_datadir}/applications/%{name}_ui.desktop %{_datadir}/icons/hicolor/*/apps/%{name}-ui.* %{_datadir}/kservices5 %{_datadir}/metainfo/io.github.evilsocket.%{name}.appdata.xml %config %{_sysconfdir}/xdg/autostart/%{name}_ui.desktop %{_mandir}/man1/opensnitch-ui.1%{?ext_man} %{python3_sitelib}/%{name} %{python3_sitelib}/%{name}_ui-*.dist-info %changelog
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor