Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

opensnitch: init at 1.3.6 #117893

Merged
merged 1 commit into from Mar 29, 2021
Merged

opensnitch: init at 1.3.6 #117893

merged 1 commit into from Mar 29, 2021

Conversation

raboof
Copy link
Member

@raboof raboof commented Mar 28, 2021
edited

Motivation for this change
Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@raboof raboof changed the title <!-- To help with the large amounts of pull requests, we would appreciate your reviews of other pull requests, especially simple package updates. Just leave a comment describing what you have tested in the relevant package/service. Reviewing helps to reduce the average time-to-merge for everyone. Thanks a lot if you do! List of open PRs: https://github.com/NixOS/nixpkgs/pulls Reviewing guidelines: https://nixos.org/manual/nixpkgs/unstable/#chap-reviewing-contributions --> opensnitch: init at 1.3.6 Mar 28, 2021
@ofborg ofborg bot requested a review from kalbasit March 28, 2021 16:39
@r-rmcgibbo
Copy link

r-rmcgibbo commented Mar 28, 2021
edited

Result of nixpkgs-review pr 117893 at c8ca1fd0 run on aarch64-linux 1

1 package failed to build:
1 package built successfully:
  • opensnitch-ui
1 suggestion:
  • warning: no-python-tests

    Test runner could not discover any test cases: ‘Ran 0 tests in 0.000s’
    Near pkgs/tools/networking/opensnitch/ui.nix:42:0:

       |
42 |     description = "An application firewall";
   | ^

Note that build failures may predate this PR, and could be nondeterministic or hardware dependent.
Please exercise your independent judgement.

Result of nixpkgs-review pr 117893 at c8ca1fd0 run on x86_64-linux 1

1 package failed to build:
1 package built successfully:
  • opensnitch-ui
1 suggestion:
  • warning: no-python-tests

    Test runner could not discover any test cases: ‘Ran 0 tests in 0.000s’
    Near pkgs/tools/networking/opensnitch/ui.nix:42:0:

       |
42 |     description = "An application firewall";
   | ^

Note that build failures may predate this PR, and could be nondeterministic or hardware dependent.
Please exercise your independent judgement.

SuperSandro2000
SuperSandro2000 reviewed Mar 28, 2021
View reviewed changes
pkgs/tools/networking/opensnitch/daemon.nix Outdated
src = fetchFromGitHub {
owner = "evilsocket";
repo = "opensnitch";
rev = "tags/v${version}";
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
rev = "tags/v${version}";
rev = "v${version}";

pkgs/tools/networking/opensnitch/ui.nix Outdated
Comment on lines 6 to 7

with python3Packages;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
with python3Packages;

pkgs/tools/networking/opensnitch/ui.nix Outdated

nativeBuildInputs = [ wrapQtAppsHook ];

propagatedBuildInputs = [
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
propagatedBuildInputs = [
propagatedBuildInputs = with python3Packages; [

@raboof raboof requested review from Mic92 and zowoq as code owners March 29, 2021 07:08
zowoq
zowoq requested changes Mar 29, 2021
View reviewed changes
pkgs/tools/networking/opensnitch/daemon.nix Outdated
})
];

sourceRoot = "source/daemon";
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

patchFlags can be dropped with this change.

Suggested change
sourceRoot = "source/daemon";
modRoot = "daemon";

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice, thanks!

@raboof
opensnitch: init at 1.3.6
f46c4f5 
Just the daemon and ui programs. It would of course be nice to also have
it available as a NixOS service, but I'd like to leave that as future
work.
@SuperSandro2000 SuperSandro2000 merged commit ae46abe into NixOS:master Mar 29, 2021
@abvbv abvbv mentioned this pull request Apr 1, 2021
Closed
@onny
Copy link
Contributor

onny commented Apr 1, 2021

what is the recommended way to run this package? :)

@raboof
Copy link
Member Author

raboof commented Apr 1, 2021

Right now what I do is 'manually' run sudo opensnitchd and opensnitch-ui.

Of course we can/should add more infrastructure to make this more convenient, but it's a start ;)

(there might be some interesting work in #76897 that we could take into account, but I haven't looked into whether that is actually convenient yet)

@onny
Copy link
Contributor

onny commented Apr 2, 2021

@raboof Thank you for the response! I managed to setup it manually and wrote a small how-to :D https://blog.project-insanity.org/2021/04/01/setup-opensnitch-on-nixos/

@davidak davidak mentioned this pull request Apr 4, 2021
Closed
@asdf8dfafjk
Copy link
Contributor

Has anyone figured out a way to make rules based not on the executables' location in /nix/store but on /run/current-system?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kalbasit kalbasit Awaiting requested review from kalbasit

@Mic92 Mic92 Awaiting requested review from Mic92

@zowoq zowoq Awaiting requested review from zowoq

@SuperSandro2000 SuperSandro2000 Awaiting requested review from SuperSandro2000

Assignees
No one assigned
Labels
8.has: package (new) 10.rebuild-darwin: 0 10.rebuild-linux: 1-10 11.by: package-maintainer
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@raboof @r-rmcgibbo @onny @asdf8dfafjk @SuperSandro2000 @zowoq