Portmaster fails in every way possible in order to build it from source

[kemelzaidan]

Congrats for the designer who built the user interface of the Portmaster. It's a really good user experience, but besides that, Portmaster fails in every way possible. I decided to try to package Portmaster from source because I wanted to try to run it inside a raspberry pi, but building Portmaster from source showed to be something nearly impossible.

That's weird because golang source code is usually easily installable by just using go install. And that's what I did after I found the cmds folder with portmaster-start, portmaster-core and some other stuff in there. I could successfully build the core and start with go install and although the built binaries were in my $GOBIN path, trying to execute them gave me a message similar to "build portmaster-start using the provided build script".

Looking for it in the files, it took me a while to find the pack and build scripts inside the app root folder and in each of the folders inside cmds since it wasn't a standard makefile. Trying to run that gave me an error because I wasn't in a git folder, since I was trying to build the app from the 1.0.0 version release tarball. Here I went cloning the whole repository, checking out the v1.0.0 version and trying to build the code with the provided scripts once the standard "go install" way didn't work.

This times it fails because it was trying build it for mac and windows, including cross compiling to windows and linux ARM architectures and I didn't have the cross compile toolchain installed. This is completely unnecessary to Linux packaging, so, I modified the scripts in order to compile only for Linux. Took me a while to find the binaries were built in the the dists directory.

Great, now I had compiled both portmaster-core and portmaster-start. Trying to run "start" asks me for the data folder. I didn't know what to do, so, I read the installer script to find out what it does once it downloads the binaries. I was amazed to find that this shell script downloads another assets package that has another install.sh script in it which is run by the first one (what???).

Ok, it's just icons, desktop shortcuts and a systemd script, but why the hell those are not in the portmaster repository since they belong to the portmaster application? Why do you need a bash script to download more stuff, including another bash script which is going to end the process? 🤷‍♂️

Anyways, by reading the script I found I had to install the portmaster-start binary in the /opt/safing/portmaster and use the '--data=flag pointing to the same folder. That's what I did. No clue where to move theportmaster-core` binary. But one more surprise: I just found that after running the start application for the first time, it not just creates the folder templates needed but it downloads binaries for the portmaster-core, notifier and app. No way to use the built core I had created before.

I found that starting the home built core works fine with the downloaded portmaster-app although it complains that the parent process which initiated the core wasn't the portmaster-start. But what's the point in downloading binaries anyways and forcing them to be used by portmaster-start? I could not find a way to instruct start to use my version of core. The serious problem here is the fact that there is no garantie I'm running the open source version of portmaster with no extra malicious code in ti since the start application forces you to run downloaded binaries for you.

That's why, this way, we will never see Portmaster in any official distro repository (like in Debian or Fedora, for example), because you can't build everything from source and running it. I could try to build the portmaster-app myself to see if I could run my version of core and app without the need to use start, but this was already too much of an effort to me and I was done with it. Besides that, there is the need to run start at least once, not only to create the folder structure (which can be done manually) but to download the ads blocking database.

Besides all of that, I believe Portmaster has taken the bad choice of having only one Electron GUI application because doing a web GUI would be something trivial. Since Electron is simply a web application running on top the electron chromium shell, it could easily be a web application which you would install in a network border device to protect your whole network with a firewall. Usually that's what you do with firewalls. But we can see that Safing takes a Windows-minded approach to have only a desktop application, although that having separated app versions for both web and desktop would be easy.

If you want to be taken seriously as a security company you need to improve lots of things, including the basic build and installation process. Or you will convince only the Windows users who don't usually care how a software is built, to use it. I doubt any serious IT specialists or cyber security professionals will be convinced to take your application seriously once they are aware of this mess.

At last, you may have an open source application, but you don't possess an open source mindset. It will be very hard to receive any outside contribution if it's so difficult to build a development environment and build the code oneself.

[vlabo]

Thank you for taking the time to write this.
We understand your frustration and we are aware that the build process is not very intuitive. We are still a small team and we have to prioritize where to invest our time. We are definitely taking a note and we are going to improve it in the future.
Making a cross platform application with a reliable automatic updates is not trivial, this makes the build process more complicated.

In the mean time if you still want to try the arm version we have e prebuild binaries that you can use.
From this guide just replace linux_amd64 with linux_arm64.

If you still want to build the components from source I suggest cloning the repository and running the commands:

cd portmaster/cmds/portmaster-core/
GOOS=linux GOARCH=arm64 ./build
cd ../portmaster-start/
GOOS=linux GOARCH=arm64 ./build

This will build core and start modules for the arm. Portmaster will automatically fill the data dir, so if you pass an empty folder as an argument it will still work.

We also have a support for running the UI in a browser. Here is a FAQ for headless servers.