From 31b9a9d18c4793ba327ebe80569a8b71c432c06a Mon Sep 17 00:00:00 2001 From: Jonas Heinrich Date: Sun, 24 Dec 2023 14:04:26 +0100 Subject: [PATCH] opensnitch: 1.6.4 -> 1.6.5, opensnitch-ui: 1.6.4 -> 1.6.5.1 --- .../modules/services/security/opensnitch.nix | 102 ++++++++++-------- nixos/tests/opensnitch.nix | 2 +- .../op/opensnitch-ui/package.nix} | 20 ++-- .../op}/opensnitch/go.mod | 17 ++- .../op}/opensnitch/go.sum | 48 +++++++-- .../op/opensnitch/package.nix} | 21 ++-- pkgs/top-level/all-packages.nix | 4 - 7 files changed, 131 insertions(+), 83 deletions(-) rename pkgs/{tools/networking/opensnitch/ui.nix => by-name/op/opensnitch-ui/package.nix} (91%) rename pkgs/{tools/networking => by-name/op}/opensnitch/go.mod (67%) rename pkgs/{tools/networking => by-name/op}/opensnitch/go.sum (84%) rename pkgs/{tools/networking/opensnitch/daemon.nix => by-name/op/opensnitch/package.nix} (82%) diff --git a/nixos/modules/services/security/opensnitch.nix b/nixos/modules/services/security/opensnitch.nix index 97ac3a72804c..42cf8159f3ea 100644 --- a/nixos/modules/services/security/opensnitch.nix +++ b/nixos/modules/services/security/opensnitch.nix @@ -36,7 +36,8 @@ in { description = mdDoc '' Declarative configuration of firewall rules. - All rules will be stored in `/var/lib/opensnitch/rules`. + All rules will be stored in `/var/lib/opensnitch/rules` by default. + Rules path can be configured with `settings.Rules.Path`. See [upstream documentation](https://github.com/evilsocket/opensnitch/wiki/Rules) for available options. ''; @@ -79,15 +80,6 @@ in { ''; }; - DefaultDuration = mkOption { - type = types.enum [ - "once" "always" "until restart" "30s" "5m" "15m" "30m" "1h" - ]; - description = mdDoc '' - Default duration of firewall rule. - ''; - }; - InterceptUnknown = mkOption { type = types.bool; description = mdDoc '' @@ -134,6 +126,30 @@ in { }; }; + + Ebpf.ModulesPath = mkOption { + type = types.path; + default = if cfg.settings.ProcMonitorMethod == "ebpf" then "${config.boot.kernelPackages.opensnitch-ebpf}/etc/opensnitchd" else null; + defaultText = literalExpression '' + if cfg.settings.ProcMonitorMethod == "ebpf" then + "\\$\\{config.boot.kernelPackages.opensnitch-ebpf\\}/etc/opensnitchd" + else null; + ''; + description = mdDoc '' + Configure eBPF modules path. Used when + `settings.ProcMonitorMethod` is set to `ebpf`. + ''; + }; + + Rules.Path = mkOption { + type = types.path; + default = "/var/lib/opensnitch/rules"; + description = mdDoc '' + Path to the directory where firewall rules can be found and will + get stored by the NixOS module. + ''; + }; + }; }; description = mdDoc '' @@ -151,40 +167,42 @@ in { systemd = { packages = [ pkgs.opensnitch ]; - services.opensnitchd.wantedBy = [ "multi-user.target" ]; + services.opensnitchd = { + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + ExecStart = [ + "" + "${pkgs.opensnitch}/bin/opensnitchd --config-file ${format.generate "default-config.json" cfg.settings}" + ]; + }; + preStart = mkIf (cfg.rules != {}) (let + rules = flip mapAttrsToList predefinedRules (file: content: { + inherit (content) file; + local = "${cfg.settings.Rules.Path}/${file}.json"; + }); + in '' + # Remove all firewall rules from rules path (configured with + # cfg.settings.Rules.Path) that are symlinks to a store-path, but aren't + # declared in `cfg.rules` (i.e. all networks that were "removed" from + # `cfg.rules`). + find ${cfg.settings.Rules.Path} -type l -lname '${builtins.storeDir}/*' ${optionalString (rules != {}) '' + -not \( ${concatMapStringsSep " -o " ({ local, ... }: + "-name '${baseNameOf local}*'") + rules} \) \ + ''} -delete + ${concatMapStrings ({ file, local }: '' + ln -sf '${file}' "${local}" + '') rules} + ''); + }; + tmpfiles.rules = [ + "d ${cfg.settings.Rules.Path} 0750 root root - -" + "L+ /etc/opensnitchd/system-fw.json - - - - ${pkgs.opensnitch}/etc/opensnitchd/system-fw.json" + ]; }; - systemd.services.opensnitchd.preStart = mkIf (cfg.rules != {}) (let - rules = flip mapAttrsToList predefinedRules (file: content: { - inherit (content) file; - local = "/var/lib/opensnitch/rules/${file}.json"; - }); - in '' - # Remove all firewall rules from `/var/lib/opensnitch/rules` that are symlinks to a store-path, - # but aren't declared in `cfg.rules` (i.e. all networks that were "removed" from - # `cfg.rules`). - find /var/lib/opensnitch/rules -type l -lname '${builtins.storeDir}/*' ${optionalString (rules != {}) '' - -not \( ${concatMapStringsSep " -o " ({ local, ... }: - "-name '${baseNameOf local}*'") - rules} \) \ - ''} -delete - ${concatMapStrings ({ file, local }: '' - ln -sf '${file}' "${local}" - '') rules} - - if [ ! -f /etc/opensnitchd/system-fw.json ]; then - cp "${pkgs.opensnitch}/etc/opensnitchd/system-fw.json" "/etc/opensnitchd/system-fw.json" - fi - ''); - - environment.etc = mkMerge [ ({ - "opensnitchd/default-config.json".source = format.generate "default-config.json" cfg.settings; - }) (mkIf (cfg.settings.ProcMonitorMethod == "ebpf") { - "opensnitchd/opensnitch.o".source = "${config.boot.kernelPackages.opensnitch-ebpf}/etc/opensnitchd/opensnitch.o"; - "opensnitchd/opensnitch-dns.o".source = "${config.boot.kernelPackages.opensnitch-ebpf}/etc/opensnitchd/opensnitch-dns.o"; - "opensnitchd/opensnitch-procs.o".source = "${config.boot.kernelPackages.opensnitch-ebpf}/etc/opensnitchd/opensnitch-procs.o"; - })]; - }; + + meta.maintainers = with lib.maintainers; [ onny ]; } diff --git a/nixos/tests/opensnitch.nix b/nixos/tests/opensnitch.nix index d84e4e0a935b..a1af07647f71 100644 --- a/nixos/tests/opensnitch.nix +++ b/nixos/tests/opensnitch.nix @@ -31,7 +31,7 @@ import ./make-test-python.nix ({ pkgs, ... }: { enable = true; settings.DefaultAction = "deny"; rules = { - opensnitch = { + curl = { name = "curl"; enabled = true; action = "allow"; diff --git a/pkgs/tools/networking/opensnitch/ui.nix b/pkgs/by-name/op/opensnitch-ui/package.nix similarity index 91% rename from pkgs/tools/networking/opensnitch/ui.nix rename to pkgs/by-name/op/opensnitch-ui/package.nix index 9e7903149070..c8aef3a05123 100644 --- a/pkgs/tools/networking/opensnitch/ui.nix +++ b/pkgs/by-name/op/opensnitch-ui/package.nix @@ -1,19 +1,18 @@ { python3Packages , fetchFromGitHub -, qtwayland -, wrapQtAppsHook +, qt5 , lib }: python3Packages.buildPythonApplication rec { pname = "opensnitch-ui"; - version = "1.6.4"; + version = "1.6.5.1"; src = fetchFromGitHub { owner = "evilsocket"; repo = "opensnitch"; rev = "refs/tags/v${version}"; - hash = "sha256-fkRykhcjWZ4MDl2HZ1ZFaQmEeRYhiCBeUxG/Eu7D8NA="; + hash = "sha256-IVrAAHzLS7A7cYhRk+IUx8/5TGKeqC7M/7iXOpPe2ZA="; }; postPatch = '' @@ -23,21 +22,22 @@ python3Packages.buildPythonApplication rec { nativeBuildInputs = [ python3Packages.pyqt5 - wrapQtAppsHook + qt5.wrapQtAppsHook ]; buildInputs = [ - qtwayland + qt5.qtwayland ]; propagatedBuildInputs = with python3Packages; [ grpcio-tools - pyqt5 - unidecode - unicode-slugify - pyinotify notify2 pyasn + pyinotify + pyqt5 + qt-material + unicode-slugify + unidecode ]; preBuild = '' diff --git a/pkgs/tools/networking/opensnitch/go.mod b/pkgs/by-name/op/opensnitch/go.mod similarity index 67% rename from pkgs/tools/networking/opensnitch/go.mod rename to pkgs/by-name/op/opensnitch/go.mod index f4a1c6c5fe9c..14242cd3cbb8 100644 --- a/pkgs/tools/networking/opensnitch/go.mod +++ b/pkgs/by-name/op/opensnitch/go.mod @@ -1,19 +1,19 @@ module github.com/evilsocket/opensnitch/daemon -go 1.14 +go 1.17 require ( github.com/fsnotify/fsnotify v1.4.7 github.com/golang/protobuf v1.5.0 - github.com/google/gopacket v1.1.14 + github.com/google/gopacket v1.1.19 github.com/google/nftables v0.1.0 github.com/google/uuid v1.3.0 github.com/iovisor/gobpf v0.2.0 github.com/varlink/go v0.4.0 - github.com/vishvananda/netlink v0.0.0-20210811191823-e1a867c6b452 + github.com/vishvananda/netlink v1.1.1-0.20220115184804-dd687eb2f2d4 github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae - golang.org/x/net v0.0.0-20211209124913-491a49abca63 - golang.org/x/sys v0.0.0-20211205182925-97ca703d548d + golang.org/x/net v0.17.0 + golang.org/x/sys v0.13.0 google.golang.org/grpc v1.32.0 google.golang.org/protobuf v1.26.0 ) @@ -24,10 +24,9 @@ require ( github.com/josharian/native v0.0.0-20200817173448-b6b71def0850 // indirect github.com/mdlayher/netlink v1.4.2 // indirect github.com/mdlayher/socket v0.0.0-20211102153432-57e3fa563ecb // indirect - golang.org/x/mod v0.5.1 // indirect - golang.org/x/text v0.3.7 // indirect - golang.org/x/tools v0.1.8 // indirect - golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect + golang.org/x/mod v0.8.0 // indirect + golang.org/x/text v0.13.0 // indirect + golang.org/x/tools v0.6.0 // indirect google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55 // indirect honnef.co/go/tools v0.2.2 // indirect ) diff --git a/pkgs/tools/networking/opensnitch/go.sum b/pkgs/by-name/op/opensnitch/go.sum similarity index 84% rename from pkgs/tools/networking/opensnitch/go.sum rename to pkgs/by-name/op/opensnitch/go.sum index 9b14c3bfb5b2..baafbc6dd3df 100644 --- a/pkgs/tools/networking/opensnitch/go.sum +++ b/pkgs/by-name/op/opensnitch/go.sum @@ -29,8 +29,8 @@ github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ= github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/gopacket v1.1.14 h1:1+TEhSu8Mh154ZBVjyd1Nt2Bb7cnyOeE3GQyb1WGLqI= -github.com/google/gopacket v1.1.14/go.mod h1:UCLx9mCmAwsVbn6qQl1WIEt2SO7Nd2fD0th1TBAsqBw= +github.com/google/gopacket v1.1.19 h1:ves8RnFZPGiFnTS0uPQStjwru6uO6h+nlr9j6fL7kF8= +github.com/google/gopacket v1.1.19/go.mod h1:iJ8V8n6KS+z2U1A8pUwu8bW5SyEMkXJB8Yo/Vo+TKTo= github.com/google/nftables v0.1.0 h1:T6lS4qudrMufcNIZ8wSRrL+iuwhsKxpN+zFLxhUWOqk= github.com/google/nftables v0.1.0/go.mod h1:b97ulCCFipUC+kSin+zygkvUVpx0vyIAwxXFdY3PlNc= github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= @@ -76,25 +76,32 @@ github.com/mdlayher/socket v0.0.0-20211102153432-57e3fa563ecb/go.mod h1:nFZ1EtZY github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/varlink/go v0.4.0 h1:+/BQoUO9eJK/+MTSHwFcJch7TMsb6N6Dqp6g0qaXXRo= github.com/varlink/go v0.4.0/go.mod h1:DKg9Y2ctoNkesREGAEak58l+jOC6JU2aqZvUYs5DynU= -github.com/vishvananda/netlink v0.0.0-20210811191823-e1a867c6b452 h1:xe1bLd/sNkKVWdZuAb2+4JeMQMYyQ7Av38iRrE1lhm8= -github.com/vishvananda/netlink v0.0.0-20210811191823-e1a867c6b452/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho= +github.com/vishvananda/netlink v1.1.1-0.20220115184804-dd687eb2f2d4 h1:fB26rIBlWTVJyEB6ONHdoEvUbvwoudH0/cMEXHiD1RU= +github.com/vishvananda/netlink v1.1.1-0.20220115184804-dd687eb2f2d4/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho= github.com/vishvananda/netns v0.0.0-20180720170159-13995c7128cc/go.mod h1:ZjcWmFBXmLKZu9Nxj3WKYEafiSqer2rnvPr0en9UNpI= github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae h1:4hwBBUfQCFe3Cym0ZtKyq7L16eZUtYKs+BaHDN6mAns= github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.4.0/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= +github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= +golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.5.1 h1:OJxoQ/rynoF0dcCdI7cLPktw/hR2cueqYfjm43oqK38= golang.org/x/mod v0.5.1/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= +golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8= +golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -117,14 +124,21 @@ golang.org/x/net v0.0.0-20210928044308-7d9f5e0b762b/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211020060615-d418f374d309/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211201190559-0a0e4e1bb54c/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20211209124913-491a49abca63 h1:iocB37TsdFuN6IBRZ+ry36wrkoV51/tl5vOWqkcPGvY= golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= +golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= +golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= +golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -148,30 +162,46 @@ golang.org/x/sys v0.0.0-20210216163648-f7da38b97c65/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210525143221-35b2ab0089ea/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211205182925-97ca703d548d h1:FjkYO/PPp4Wi0EAUOVLxePm7qVW4r4ctbWpURyuOD0E= golang.org/x/sys v0.0.0-20211205182925-97ca703d548d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= +golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= +golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= +golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= +golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= +golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo= -golang.org/x/tools v0.1.8 h1:P1HhGGuLW4aAclzjtmJdf0mJOjVUZUzOTqkAkWL+l6w= golang.org/x/tools v0.1.8/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU= +golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= +golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM= +golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/pkgs/tools/networking/opensnitch/daemon.nix b/pkgs/by-name/op/opensnitch/package.nix similarity index 82% rename from pkgs/tools/networking/opensnitch/daemon.nix rename to pkgs/by-name/op/opensnitch/package.nix index 9825d25bbc5a..795050cdc6d6 100644 --- a/pkgs/tools/networking/opensnitch/daemon.nix +++ b/pkgs/by-name/op/opensnitch/package.nix @@ -18,13 +18,13 @@ buildGoModule rec { pname = "opensnitch"; - version = "1.6.4"; + version = "1.6.5"; src = fetchFromGitHub { owner = "evilsocket"; repo = "opensnitch"; - rev = "v${version}"; - hash = "sha256-fkRykhcjWZ4MDl2HZ1ZFaQmEeRYhiCBeUxG/Eu7D8NA="; + rev = "refs/tags/v${version}"; + hash = "sha256-2HHyecgiodWhQkkn3eo0RJNroD7HaK6Je/+x9IqZfWE="; }; postPatch = '' @@ -47,7 +47,7 @@ buildGoModule rec { protoc-gen-go-grpc ]; - vendorHash = "sha256-bUzGWpQxeXzvkzQ7G53ljQJq6wwqiXqbi6bgeFlNvvM="; + vendorHash = "sha256-PX41xeUJb/WKv3+z5kbRmJNP1vFu8x35NZvN2Dgp4CQ="; preBuild = '' # Fix inconsistent vendoring build error @@ -64,13 +64,18 @@ buildGoModule rec { cp system-fw.json $out/etc/opensnitchd/ substitute default-config.json $out/etc/opensnitchd/default-config.json \ --replace "/var/log/opensnitchd.log" "/dev/stdout" + # Do not mkdir rules path + sed -i '8d' opensnitchd.service + # Fixup hardcoded paths substitute opensnitchd.service $out/lib/systemd/system/opensnitchd.service \ - --replace "/usr/local/bin/opensnitchd" "$out/bin/opensnitchd" \ - --replace "/etc/opensnitchd/rules" "/var/lib/opensnitch/rules" \ - --replace "/bin/mkdir" "${coreutils}/bin/mkdir" + --replace "/usr/local/bin/opensnitchd" "$out/bin/opensnitchd" ''; - ldflags = [ "-s" "-w" "-X github.com/evilsocket/opensnitch/daemon/core.Version=${version}" ]; + ldflags = [ + "-s" + "-w" + "-X github.com/evilsocket/opensnitch/daemon/core.Version=${version}" + ]; postInstall = '' wrapProgram $out/bin/opensnitchd \ diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 2c4fabbc52ef..6298698df642 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -11468,10 +11468,6 @@ with pkgs; openfortivpn = callPackage ../tools/networking/openfortivpn { }; - opensnitch = callPackage ../tools/networking/opensnitch/daemon.nix { }; - - opensnitch-ui = libsForQt5.callPackage ../tools/networking/opensnitch/ui.nix { }; - obexfs = callPackage ../tools/bluetooth/obexfs { }; obexftp = callPackage ../tools/bluetooth/obexftp { };