(define-module (battering packages opensnitch) #:use-module (guix packages) #:use-module (guix git-download) #:use-module (guix gexp) #:use-module (guix utils) #:use-module (guix build-system go) #:use-module (guix build-system python) #:use-module (guix build-system gnu) #:use-module (gnu packages algebra) #:use-module (gnu packages base) #:use-module (gnu packages bison) #:use-module (gnu packages compression) #:use-module (gnu packages elf) #:use-module (gnu packages flex) #:use-module (gnu packages golang) #:use-module (gnu packages golang-build) #:use-module (gnu packages golang-web) #:use-module (gnu packages golang-xyz) #:use-module (gnu packages linux) #:use-module (gnu packages llvm) #:use-module (gnu packages qt) #:use-module (gnu packages rpc) #:use-module (gnu packages tls) #:use-module (gnu packages pkg-config) #:use-module (gnu packages protobuf) #:use-module (gnu packages python-build) #:use-module (gnu packages python-web) #:use-module (gnu packages python-xyz) #:use-module (battering packages golang-xyz) #:use-module (battering packages python-xyz) #:use-module ((guix licenses) #:prefix license:)) (define-public opensnitch (package (name "opensnitch") (version "1.6.7") (source (origin (method git-fetch) (uri (git-reference (url "https://github.com/evilsocket/opensnitch/") (commit (string-append "v" version)))) (file-name (git-file-name name version)) (sha256 (base32 "0990hdc3vn50axyz21v11gwkc2svlwf9wlnf03lwxgnm2q4ha76q")))) (build-system python-build-system) (arguments (list #:phases #~(modify-phases %standard-phases (add-after 'unpack 'make-proto-definitions (lambda _ (with-directory-excursion "proto/" (invoke "make" "../ui/opensnitch/ui_pb2.py")))) (add-after 'make-proto-definitions 'chdir (lambda _ (chdir "ui"))) (add-after 'chdir 'patch-setup.py (lambda _ (substitute* "setup.py" (("/usr/") "")))) (add-after 'chdir 'generate-resources (lambda _ ;; Patch resource script (substitute* "i18n/generate_i18n.sh" (("/bin/sh") (which "sh"))) ;; Remove calls to pip in Makefile (substitute* "Makefile" (("@pip3.*$") "")) (invoke "make" "opensnitch/resources_rc.py"))) (add-before 'check 'include-opensnitch-in-pythonpath ;; Tests need this directory in the PYTHONPATH to ;; recognize some modules. It's weird. (lambda _ (setenv "PYTHONPATH" "opensnitch/")))))) (inputs (list python-grpcio-tools python-pyinotify python-slugify python-pyqt python-protobuf python-notify2 python-qt-material)) (native-inputs (list python-setuptools qttools-5)) (home-page "https://github.com/evilsocket/opensnitch/") (synopsis "GNU/Linux application firewall.") (description "OpenSnitch is an interactive GNU/Linux application firewall inspired by Little Snitch.") (license license:gpl3+))) (define linux-libre-headers-opensnitch (package (inherit linux-libre-headers) (name "linux-libre-headers-opensnitch") (native-inputs (modify-inputs (package-native-inputs linux-libre-headers) (append openssl bc elfutils))) (arguments (substitute-keyword-arguments (package-arguments linux-libre-headers-latest) ((#:phases p) #~(modify-phases #$p (replace 'build (lambda _ (invoke "make" "defconfig") (invoke "make" "prepare"))) (replace 'install (lambda _ (begin (copy-recursively "." #$output)))))) ((#:allowed-references _) #f))))) (define-public opensnitch-ebpf-module (package (name "opensnitch-ebpf-module") (version "1.6.7") (source (origin (method git-fetch) (uri (git-reference (url "https://github.com/evilsocket/opensnitch/") (commit (string-append "v" version)))) (file-name (git-file-name name version)) (sha256 (base32 "0990hdc3vn50axyz21v11gwkc2svlwf9wlnf03lwxgnm2q4ha76q")))) (build-system gnu-build-system) (inputs (list linux-libre linux-libre-headers)) (native-inputs (list clang tar zstd flex bison)) (arguments (list ;; TODO: make it buildable against any kernel? #:make-flags #~(list (format #f "KERNEL_DIR=~a" #$linux-libre-headers-opensnitch)) #:tests? #f #:phases #~(modify-phases %standard-phases (add-after 'unpack 'chdir (lambda _ (chdir "ebpf_prog/"))) (delete 'configure) (replace 'install (lambda _ (let ((lib (string-append #$output "/lib"))) (install-file "opensnitch-dns.o" lib) (install-file "opensnitch-procs.o" lib) (install-file "opensnitch.o" lib))))))) (home-page "https://github.com/evilsocket/opensnitch/") (synopsis "eBPF module for Opensnitch") (description "This package provides an additional module that allows Opensnitch to monitor traffic via eBPF rules.") (license license:gpl3+))) (define-public go-github-com-evilsocket-opensnitch-daemon (package (name "go-github-com-evilsocket-opensnitch-daemon") (version "1.6.7") (source (origin (method git-fetch) (uri (git-reference (url "https://github.com/evilsocket/opensnitch/") (commit (string-append "v" version)))) (file-name (git-file-name name version)) (sha256 (base32 "0990hdc3vn50axyz21v11gwkc2svlwf9wlnf03lwxgnm2q4ha76q")))) (build-system go-build-system) (arguments (list #:go go-1.23 #:import-path "github.com/evilsocket/opensnitch/daemon" #:unpack-path "github.com/evilsocket/opensnitch" #:tests? #f #:phases #~(modify-phases %standard-phases (add-after 'unpack 'fix-iptables-path (lambda* (#:key import-path #:allow-other-keys) (with-directory-excursion (string-append "src/" import-path "/firewall/iptables") (substitute* '("monitor.go" "iptables.go") (("\"(iptables|ip6tables)\"," all iptables-executable) (string-append "\"" #$iptables "/sbin/" iptables-executable "\",")))))) (add-before 'build 'make-proto-definitions (lambda* (#:key unpack-path #:allow-other-keys) (with-directory-excursion (format #f "src/~a/proto/" unpack-path) (invoke "make" "../daemon/ui/protocol/ui.pb.go")))) (add-before 'check 'delete-buggy-test-data (lambda* (#:key tests? import-path #:allow-other-keys) (when tests? (delete-file (string-append "src/" import-path "/ui/testdata/default-config.json")))))))) (inputs (list go-google-golang-org-grpc go-golang-org-x-sys go-golang-org-x-net go-github-com-vishvananda-netns go-github-com-vishvananda-netlink go-github-com-varlink-go go-github-com-iovisor-gobpf go-github-com-google-uuid go-github-com-google-nftables go-github-com-google-gopacket go-github-com-golang-protobuf go-github-com-fsnotify-fsnotify libnetfilter-queue libnfnetlink iptables)) (native-inputs (list protobuf protoc-gen-go go-google-golang-org-grpc-cmd-protoc-gen-go-grpc pkg-config)) (home-page "https://github.com/evilsocket/opensnitch") (synopsis "GNU/Linux application firewall.") (description "OpenSnitch is an interactive GNU/Linux application firewall inspired by Little Snitch.") (license license:gpl3))) (define-public opensnitchd (package/inherit go-github-com-evilsocket-opensnitch-daemon (name "opensnitchd") (arguments (substitute-keyword-arguments (package-arguments go-github-com-evilsocket-opensnitch-daemon) ((#:phases p) #~(modify-phases #$p (add-after 'install 'rename-daemon (lambda _ (rename-file (string-append #$output "/bin/daemon") (string-append #$output "/bin/opensnitchd")))) (add-after 'install 'install-config-file (lambda* (#:key tests? import-path #:allow-other-keys) (with-directory-excursion (format #f "src/~a/" import-path) (let ((etc (string-append #$output "/etc/"))) (mkdir-p etc) (copy-file "default-config.json" (string-append etc "/default-config.json")) (copy-file "system-fw.json" (string-append etc "/system-fw.json")))))))) ((#:install-source? _ #f) #f)))))