pkgs/by-name/op/opensnitch/package.nix at python-updates

tjh.dev / nixpkgs
fork atom
nixpkgs mirror (for testing) github.com/NixOS/nixpkgs
nix
fork atom
nixpkgs / pkgs / by-name / op / opensnitch / package.nix
at python-updates 123 lines 2.9 kB view raw
wrap content
  1{
  2  buildGoModule,
  3  fetchFromGitHub,
  4  protobuf,
  5  go-protobuf,
  6  pkg-config,
  7  libnetfilter_queue,
  8  libnfnetlink,
  9  lib,
 10  iptables,
 11  makeWrapper,
 12  protoc-gen-go-grpc,
 13  testers,
 14  opensnitch,
 15  nixosTests,
 16  opensnitch-ui,
 17  nix-update-script,
 18}:
 19let
 20  # Override protoc-gen-go-grpc to use the compatible version
 21  # Should be droppable on opensnitch 1.7.0
 22  protoc-gen-go-grpc' = protoc-gen-go-grpc.overrideAttrs (oldAttrs: rec {
 23    version = "1.3.0";
 24
 25    src = fetchFromGitHub {
 26      owner = "grpc";
 27      repo = "grpc-go";
 28      rev = "cmd/protoc-gen-go-grpc/v${version}";
 29      hash = "sha256-Zy0k5X/KFzCao9xAGt5DNb0MMGEyqmEsDj+uvXI4xH4=";
 30    };
 31
 32    vendorHash = "sha256-y+/hjYUTFZuq55YAZ5M4T1cwIR+XFQBmWVE+Cg1Y7PI=";
 33  });
 34in
 35buildGoModule (finalAttrs: {
 36  pname = "opensnitch";
 37  version = "1.8.0";
 38
 39  src = fetchFromGitHub {
 40    owner = "evilsocket";
 41    repo = "opensnitch";
 42    tag = "v${finalAttrs.version}";
 43    hash = "sha256-Bz5h2DEC61vpkeWZxFlogh6NvTubJcnHuwgTNSzZd68=";
 44  };
 45
 46  postPatch = ''
 47    # Allow configuring Version at build time
 48    substituteInPlace daemon/core/version.go --replace-fail "const " "var "
 49  '';
 50
 51  modRoot = "daemon";
 52
 53  buildInputs = [
 54    libnetfilter_queue
 55    libnfnetlink
 56  ];
 57
 58  nativeBuildInputs = [
 59    pkg-config
 60    protobuf
 61    go-protobuf
 62    makeWrapper
 63    protoc-gen-go-grpc'
 64  ];
 65
 66  vendorHash = "sha256-6/N/E+uk6RVmSLy6fSWjHj+J5mPFXtHZwWThhFJnfYY=";
 67
 68  preBuild = ''
 69    make -C ../proto ../daemon/ui/protocol/ui.pb.go
 70  '';
 71
 72  postBuild = ''
 73    mv $GOPATH/bin/daemon $GOPATH/bin/opensnitchd
 74    mkdir -p $out/etc/opensnitchd $out/lib/systemd/system
 75    cp -r data/{rules,*.json} $out/etc/opensnitchd/
 76    substituteInPlace $out/etc/opensnitchd/default-config.json \
 77      --replace-fail "/var/log/opensnitchd.log" "/dev/stdout"
 78    # Fixup hardcoded paths
 79    substitute data/init/opensnitchd.service $out/lib/systemd/system/opensnitchd.service \
 80      --replace-fail "/usr/local/bin/opensnitchd" "$out/bin/opensnitchd"
 81  '';
 82
 83  ldflags = [
 84    "-s"
 85    "-w"
 86    "-X github.com/evilsocket/opensnitch/daemon/core.Version=${finalAttrs.version}"
 87  ];
 88
 89  postInstall = ''
 90    wrapProgram $out/bin/opensnitchd \
 91      --prefix PATH : ${lib.makeBinPath [ iptables ]}
 92  '';
 93
 94  passthru = {
 95    tests = {
 96      inherit (nixosTests) opensnitch;
 97      inherit opensnitch-ui;
 98      version = testers.testVersion {
 99        package = opensnitch;
100        command = "opensnitchd -version";
101      };
102    };
103
104    updater = nix-update-script {
105      extraArgs = [
106        "--version-regex"
107        "^v([0-9.]+)$"
108      ];
109    };
110  };
111
112  meta = {
113    description = "Application firewall";
114    mainProgram = "opensnitchd";
115    homepage = "https://github.com/evilsocket/opensnitch/wiki";
116    license = lib.licenses.gpl3Only;
117    maintainers = with lib.maintainers; [
118      onny
119      grimmauld
120    ];
121    platforms = lib.platforms.linux;
122  };
123})