Bug#1070855: RFH: opensnitch -- GNU/Linux interactive application firewall

To: "Petter Reinholdtsen" <pere@hungry.com>, "Martin Dosch" <martin@mdosch.de>
Cc: 1070855@bugs.debian.org, "Paul Wise" <pabs@debian.org>
Subject: Bug#1070855: RFH: opensnitch -- GNU/Linux interactive application firewall
From: "Charles Allhands" <cra@resistentialist.com>
Date: Mon, 14 Apr 2025 10:25:29 -0500
Message-id: <[🔎] 0cc4c3f8-40ed-46a1-81cd-fc5384bb8e50@app.fastmail.com>
Reply-to: "Charles Allhands" <cra@resistentialist.com>, 1070855@bugs.debian.org
In-reply-to: <[🔎] Z_z4T_iKxNvYnzMs@hjemme.reinholdtsen.name>
References: <20241013145339.zaaexo55xzvt56oc@mdosch.de> <[🔎] Z_z4T_iKxNvYnzMs@hjemme.reinholdtsen.name> <sa6le4hvgag.fsf@hjemme.reinholdtsen.name>

Hi Peter,
I'm still interested. I got about as far as setting up a salsa account and reading through the docs. I'll probably need some guidance as this is all new to me. I'll set up a build environment and see how it goes.

I joined the #opensnitch channel on libra.chat. 

-Charles

On Mon, Apr 14, 2025, at 06:58, Petter Reinholdtsen wrote:
> Dear Charles and Martin,
>
> Both of you seem to believe that I receive emails sent to
> 1070855@bugs.debian.org.  I do not, so it is a safer option to keep
> everyone involved in the To/CC list in the email thread.
>
> [Charles Allhands 2024-09-24]
>> I'm interested if you're still looking for help with this. I'm not
>> currently a package maintainer but I'm willing to learn. I've
>> started working through the documentation already. Please let me
>> know if I can be of assistance.
>
> I suggest we meet on IRC, #opensnitch, if you are still interested.
>
> [Martin Dosch 2025-10-13]
>> I was looking whether I can build the latest version and do some sort of
>> "drive by" RFS, but it seems something is off with the branches:
>
> Yeah.  I do not understand the setup myself, but suspect the salsa
> master branch is a clone of the upstream branch, and there is a trick
> to the git repository I do not understand.
>
>> Maybe the repo was not created using dh-make-golang and therefore
>> the layout differs from other golang team repos. If some experienced
>> DD could fix this it would probably ease team maintaining this
>> package as others could contribute using their well known tooling.
>
> I am at a loss, and ended up creating a new repo for my testing, using
> 'gbp import-dsc' and 'gbp import-orig'.
>
> Based on the 1.5.9-2 build rules in experimental, I managed to get
> 1.6.8 building (but not yet tested) using the following changes:
>
> diff --git a/debian/changelog b/debian/changelog
> index 527ce95..74dc85d 100644
> --- a/debian/changelog
> +++ b/debian/changelog
> @@ -1,3 +1,9 @@
> +opensnitch (1.6.8-1) UNRELEASED; urgency=medium
> +
> +  * New upstream version 1.6.8
> +
> + -- Petter Reinholdtsen <pere@hungry.com>  Mon, 14 Apr 2025 13:24:20 +0200
> +
>  opensnitch (1.5.9-2) experimental; urgency=medium
> 
>    [ Gustavo Iñiguez Goia ]
> diff --git a/debian/control b/debian/control
> index a66caf6..6f74d08 100644
> --- a/debian/control
> +++ b/debian/control
> @@ -9,16 +9,17 @@ Build-Depends:
>   dh-python,
>   golang-any,
>   golang-github-fsnotify-fsnotify-dev,
> + golang-github-gogo-protobuf-dev | golang-goprotobuf-dev,
>   golang-github-google-gopacket-dev,
>   golang-github-google-nftables-dev,
>   golang-github-iovisor-gobpf-dev,
> + golang-github-varlink-go-dev,
>   golang-github-vishvananda-netlink-dev,
>   golang-golang-x-net-dev,
>   golang-google-grpc-dev,
> - golang-goprotobuf-dev,
>   libmnl-dev,
>   libnetfilter-queue-dev,
> - pkg-config,
> + pkgconf,
>   protoc-gen-go-grpc,
>   pyqt5-dev-tools,
>   qttools5-dev-tools,
> diff --git a/debian/man/opensnitch-ui.1 b/debian/man/opensnitch-ui.1
> index 1f646df..b9ab2d9 100644
> --- a/debian/man/opensnitch-ui.1
> +++ b/debian/man/opensnitch-ui.1
> @@ -49,7 +49,9 @@ be launched.
>  .LP
>  The GUI (i.e.: the server) will listen for new connections from 
> daemons. You
>  can have the daemon installed on multiple machines, and manage them 
> from a
> -centralized GUI. https://github.com/evilsocket/opensnitch/wiki/Nodes
> +centralized GUI.
> +.UR https://github.com/evilsocket/opensnitch/wiki/Nodes
> +.UE
>  .LP
>  .SH OPTIONS
>  .TP
> @@ -84,13 +86,14 @@ $ opensnitch-ui
>  .SH REPORTING BUGS
>  Problems with
>  .B opensnitch-ui
> -should be reported on github 
> https://github.com/evilsocket/opensnitch/issues
> +should be reported on github
>  .UR https://github.com/evilsocket/opensnitch/issues
> +.UE
>  .SH "SEE ALSO"
>  .PP
> -.UR https://github.com/evilsocket/opensnitch
>  .B OpenSnitch
>  Home Page
> +.UR https://github.com/evilsocket/opensnitch
>  .UE
>  .LP
>  .SH HISTORY
> @@ -104,4 +107,6 @@ calesanz among others.
>  .SH AUTHORS
>  The complete list of
>  .B OpenSnitch
> -contributors can be found on https://github.com/evilsocket/opensnitch
> +contributors can be found on
> +.UR https://github.com/evilsocket/opensnitch
> +.UE
> diff --git a/debian/man/opensnitchd.1 b/debian/man/opensnitchd.1
> index 36f8849..a5e108f 100644
> --- a/debian/man/opensnitchd.1
> +++ b/debian/man/opensnitchd.1
> @@ -99,7 +99,10 @@ it's already used by other software, you can set 
> another queue number here.
>  Force to use this socket path, instead of the one defined in the 
> configuration.
>  The path format is unix:///path/to/socket.sock or ip:port 
> ("127.0.0.1:50051")
>  .RS
> -(https://github.com/grpc/grpc/blob/master/doc/naming.md)
> +(
> +.UR https://github.com/grpc/grpc/blob/master/doc/naming.md
> +.UE
> +)
>  .RE
>  .TP
>  .BI "\-version"
> @@ -155,8 +158,9 @@ Launch it from cli: /usr/bin/opensnitchd 
> -rules-path /etc/opensnitchd/rules/
>  .SH REPORTING BUGS
>  Problems with
>  .B opensnitchd
> -should be reported on github 
> https://github.com/evilsocket/opensnitch/issues
> +should be reported on github
>  .UR https://github.com/evilsocket/opensnitch/issues
> +.UE
>  .SH HISTORY
>  .B OpenSnitch
>  was originally written by Simone Margaritelli (evilsocket) in 
> 2017-2018.
> @@ -167,11 +171,13 @@ the esential help of the community, and valuable 
> contributions from themighty1 a
>  calesanz among others.
>  .SH "SEE ALSO"
>  .PP
> -.UR https://github.com/evilsocket/opensnitch
>  .B OpenSnitch
>  Home Page
> +.UR https://github.com/evilsocket/opensnitch
>  .UE
>  .SH AUTHORS
>  The complete list of
>  .B OpenSnitch
> -contributors can be found on https://github.com/evilsocket/opensnitch
> +contributors can be found on
> +.UR https://github.com/evilsocket/opensnitch
> +.UE
> diff --git a/debian/rules b/debian/rules
> index 1f9f4c4..81ac0b6 100755
> --- a/debian/rules
> +++ b/debian/rules
> @@ -43,6 +43,7 @@ override_dh_auto_clean:
>         $(RM) ui/opensnitch/resources_rc.py
>         $(RM) -r ui/opensnitch/i18n/
>         $(RM) ui/i18n/locales/*/*.qm
> +       $(RM) daemon/ui/protocol/ui_grpc.pb.go
>         cd ui && python3 setup.py clean -a
>         $(RM) -r ui/opensnitch_ui.egg-info/
>         find ui -name \*.pyc -exec rm {} \;
>
>
> The man page changes is to get rid of a lintian issue.  The rules
> change is for rebuildability.  The build dependency changes is to fix
> a package conflict in trixy and replace the obsolete pkg-config
> package.
>
> Perhaps we can join forces and get an updated package into unstable in
> time for Trixie?
>
> -- 
> Happy hacking
> Petter Reinholdtsen

Reply to:

References:
- Bug#1070855: RFH: opensnitch -- GNU/Linux interactive application firewall
  - From: Petter Reinholdtsen <pere@hungry.com>

Prev by Date: Processed: closing 1005771
Next by Date: Bug#1070855: RFH: opensnitch -- GNU/Linux interactive application firewall
Previous by thread: Bug#1070855: RFH: opensnitch -- GNU/Linux interactive application firewall
Next by thread: Bug#1070855: RFH: opensnitch -- GNU/Linux interactive application firewall
Index(es):
- Date
- Thread