opensnitch
opensnitch copied to clipboard
evilsocket
add opensnitch to debian repo and create a ppa
It would be handy to have opensnitch in the default debian repo, so it can be installed with: apt install opensnitch
Are there any plans to bring opensnitch to debian?
Also a ppa at https://launchpad.net/ would be usefull.
Hi @freddii !
There's an ITP ticket opened (Intent To Package), but there hasn' been activity since Feb 2019:
https://www.debian.org/devel/wnpp/being_packaged
opensnitch: Port of the Little Snitch application firewall, 813 days in preparation, last activity 665 days ago.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909567
Regarding the PPA, I created a repo at https://build.opensuse.org because you can create packages and repositories for RPM and DEB based distributions, for multiple architectures. I haven't worked on it since 4 months ago, but I'm planning to work on that direction.
@lamby an old ITP of yours is getting some attention :smile:
It looks like https://salsa.debian.org/lamby/pkg-opensnitch is where you left off, is that accurate? Did you intend to continue (especially now that the project is active again :eyes: :heart: :exclamation:)?
That's probably where I left off, yes. I do not intend to continue, however. :+1:
https://www.cyberciti.biz/python-tutorials/opensnitch-the-little-snitch-application-like-firewall-tool-for-linux/
yep agreed, the PPA would be great, but thanks anyways =)
Just a note, projects should not contain a debian folder. The only projects that should have this folder are Native Packages, opensnitch is not a good fit for this designation.
I don't have a usual recommendation for how to solve this, using a symlink(perhaps created/managed with a make target) and adding it to .gitignore seems like a good start.
Edit: I'm not doing a PR because it's a pain and there are bits to fill in for the dpkg-buildpackage options.
From 59b7964130e8045059cb3657d4ef4ac811cac91a Mon Sep 17 00:00:00 2001
From: Michael Mestnik <[email protected]>
Date: Wed, 10 Mar 2021 13:10:30 -0600
Subject: [PATCH] first steps to package for debian main
---
.gitignore | 1 +
Makefile | 3 +++
{debian => debian-ppa}/changelog | 0
{debian => debian-ppa}/control | 0
{debian => debian-ppa}/copyright | 0
{debian => debian-ppa}/gbp.conf | 0
{debian => debian-ppa}/gitlab-ci.yml | 0
{debian => debian-ppa}/opensnitch.init | 0
{debian => debian-ppa}/opensnitch.install | 0
{debian => debian-ppa}/opensnitch.logrotate | 0
{debian => debian-ppa}/opensnitch.service | 0
{debian => debian-ppa}/postinst | 0
{debian => debian-ppa}/prerm | 0
{debian => debian-ppa}/rules | 0
{debian => debian-ppa}/source/format | 0
{debian => debian-ppa}/watch | 0
16 files changed, 4 insertions(+)
rename {debian => debian-ppa}/changelog (100%)
rename {debian => debian-ppa}/control (100%)
rename {debian => debian-ppa}/copyright (100%)
rename {debian => debian-ppa}/gbp.conf (100%)
rename {debian => debian-ppa}/gitlab-ci.yml (100%)
rename {debian => debian-ppa}/opensnitch.init (100%)
rename {debian => debian-ppa}/opensnitch.install (100%)
rename {debian => debian-ppa}/opensnitch.logrotate (100%)
rename {debian => debian-ppa}/opensnitch.service (100%)
rename {debian => debian-ppa}/postinst (100%)
rename {debian => debian-ppa}/prerm (100%)
rename {debian => debian-ppa}/rules (100%)
rename {debian => debian-ppa}/source/format (100%)
rename {debian => debian-ppa}/watch (100%)
diff --git a/.gitignore b/.gitignore
index 2697ff8..b6f918a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,4 @@
*.pyc
*.profile
rules
+/debian
diff --git a/Makefile b/Makefile
index 96d668c..8a863e2 100644
--- a/Makefile
+++ b/Makefile
@@ -45,3 +45,6 @@ adblocker:
./daemon/opensnitchd -rules-path /etc/opensnitchd/rules -ui-socket unix:///tmp/osui.sock
+deb-build:
+ ln -fs debian-ppa debian
+ dpkg-buildpackage `#<options>`
diff --git a/debian/changelog b/debian-ppa/changelog
similarity index 100%
rename from debian/changelog
rename to debian-ppa/changelog
diff --git a/debian/control b/debian-ppa/control
similarity index 100%
rename from debian/control
rename to debian-ppa/control
diff --git a/debian/copyright b/debian-ppa/copyright
similarity index 100%
rename from debian/copyright
rename to debian-ppa/copyright
diff --git a/debian/gbp.conf b/debian-ppa/gbp.conf
similarity index 100%
rename from debian/gbp.conf
rename to debian-ppa/gbp.conf
diff --git a/debian/gitlab-ci.yml b/debian-ppa/gitlab-ci.yml
similarity index 100%
rename from debian/gitlab-ci.yml
rename to debian-ppa/gitlab-ci.yml
diff --git a/debian/opensnitch.init b/debian-ppa/opensnitch.init
similarity index 100%
rename from debian/opensnitch.init
rename to debian-ppa/opensnitch.init
diff --git a/debian/opensnitch.install b/debian-ppa/opensnitch.install
similarity index 100%
rename from debian/opensnitch.install
rename to debian-ppa/opensnitch.install
diff --git a/debian/opensnitch.logrotate b/debian-ppa/opensnitch.logrotate
similarity index 100%
rename from debian/opensnitch.logrotate
rename to debian-ppa/opensnitch.logrotate
diff --git a/debian/opensnitch.service b/debian-ppa/opensnitch.service
similarity index 100%
rename from debian/opensnitch.service
rename to debian-ppa/opensnitch.service
diff --git a/debian/postinst b/debian-ppa/postinst
similarity index 100%
rename from debian/postinst
rename to debian-ppa/postinst
diff --git a/debian/prerm b/debian-ppa/prerm
similarity index 100%
rename from debian/prerm
rename to debian-ppa/prerm
diff --git a/debian/rules b/debian-ppa/rules
similarity index 100%
rename from debian/rules
rename to debian-ppa/rules
diff --git a/debian/source/format b/debian-ppa/source/format
similarity index 100%
rename from debian/source/format
rename to debian-ppa/source/format
diff --git a/debian/watch b/debian-ppa/watch
similarity index 100%
rename from debian/watch
rename to debian-ppa/watch
--
2.20.1
Sorry, this needs an issue all it's own and doesn't deserve one. .gitignore for rules would exclude debian/rules, consider prefixing that with a / as I did in my example. The ignore rules won't do anything for entries that already exist, they only prevent git add and -a flag of git commit from seeing things.
What's going on about adding OpenSnitch to the official Debian repo? OpenSnitch is becoming more and more popular in the universe and is becoming a "must have" position :) Plus, having a Debian repo will dramatically increase your reach!
I had a look at this, and tried to build the latest version on Debian Bullseye. If I understand the recipe on https://github.com/evilsocket/opensnitch/wiki/Compilation correctly, there are several build dependencies missing in Debian (indicated by the use of 'go install' and 'pip install'), and the fact that the ubuntu recipe do not involve calling 'debuild' to build packages. These dependencies would have to be packaged first.
As I have stated in https://bugs.debian.org/909567 already, LI would be happy to assist if someone want to take on the task.
Hi @petterreinholdtsen ,
The missing Go dependencies for version 1.5.2 in Debian Bullseye are (as of today):
github.com/google/nftables v0.0.0-20210514154851-a285acebcad3 github.com/iovisor/gobpf v0.2.0 github.com/evilsocket/ftrace v1.2.0
google.golang.org/grpc/cmd/protoc-gen-go-grpc is also needed to compile the protobuffer.
It's packaged for Bookworm but not for Bullseye: https://packages.debian.org/bookworm/protoc-gen-go-grpc
We can get rid of ftrace, since is non longer used, but the other two are needed.
Regarding your message on the Debian bug report https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909567#44:
2023-01-19 21:56:02] IMP Starting opensnitch-daemon v1.0.0b
Latest stable version is v1.5.2. Could you try building it for v1.5.2?
Thank you very much for offer of help!
[Gustavo Iñiguez Goia]
The missing Go dependencies for version 1.5.2 in Debian Bullseye are (as of today):
github.com/google/nftables v0.0.0-20210514154851-a285acebcad3 github.com/iovisor/gobpf v0.2.0 github.com/evilsocket/ftrace v1.2.0
Aha. I guess the best approach here is to get in touch with the golang team in Debian to try to solicit help getting these into Debian. Anyone interested in doing this? I expect them, as the rest of the free software community, to be short on people and man-hours.
google.golang.org/grpc/cmd/protoc-gen-go-grpcis also needed to compile the protobuffer. It's packaged for Bookworm but not for Bullseye: https://packages.debian.org/bookworm/protoc-gen-go-grpc
Aha. Good to know. I can try again in my sid chroot with this package in the dependencies. I suspect it should be listed in debian/control.
Latest stable version is v1.5.2. Could you try building it for v1.5.2?
I did, as I stated at the end of the message but it failed to build. Now I suspect it is because of the missing dependencies, as I saw something about nftables in the block of error messages I got.
-- Happy hacking Petter Reinholdtsen
[Gustavo Iñiguez Goia]
The missing Go dependencies for version 1.5.2 in Debian Bullseye are (as of today):
These seem to be in Bookworm already. I asked for them on the #debian-golang IRC channel, and was told it was already in place.
github.com/google/nftables v0.0.0-20210514154851-a285acebcad3
<URL: https://tracker.debian.org/pkg/golang-github-google-nftables >
github.com/iovisor/gobpf v0.2.0
<URL: https://tracker.debian.org/pkg/golang-github-iovisor-gobpf >
github.com/evilsocket/ftrace v1.2.0
<URL: https://tracker.debian.org/pkg/golang-github-evilsocket-ftrace >
So I guess the only missing piece of the puzzle is opensnitch itself. Are you up for the task of maintaining it in Debian?
-- Happy hacking Petter Reinholdtsen
My heart (and I'm sure many others as well) skipped a beat when I heard that it might be in the Debian repo. Many users will benefit from this (not just Debian after all). But I don't know if you need to hurry? https://lists.debian.org/debian-devel-announce/2023/01/msg00004.html
[git70]
But I don't know if you need to hurry? https://lists.debian.org/debian-devel-announce/2023/01/msg00004.html
Personally I believe it is too late to get it past the ftpmasters in NEW before the package freeze, but would love to be proven wrong. Every second the initial upload is delayed reduces the changes, of course, but not conviced they are good to begin with. :)
We are discussing the debian packaging on the #debian-golang IRC channel.
Happy hacking Petter Reinholdtsen
Thanks to the good work of Gustavo, the "unofficial" version 1.5.2.1-1 was just uploaded to Debian for approval by the ftpmasters (aka the NEW queue). This make it possible to get it into Debian before the package freeze in less then a month, even thought it is quite unlikely it will get through the queue in time.
<URL: https://ftp-master.debian.org/new.html > show 116 packages in the queue.
-- Happy hacking Petter Reinholdtsen
thank you VERY MUCH Petter for sponsoring opensnitch, and helping out with all the work with the debian package. It'd have taken ages without your help.
The opensnitch package was just accepted into the Debian archive, <URL: https://tracker.debian.org/pkg/opensnitch >.
Now the polishing should begin. :)
-- Happy hacking Petter Reinholdtsen
I would recommend spending some time on the Debian package maintenance and paying attention to https://tracker.debian.org/pkg/opensnitch .