From 08ff63587b58139279e3069ebb7001d6c3acdfcd Mon Sep 17 00:00:00 2001
From: Jonas Heinrich <onny@project-insanity.org>
Date: Sat, 4 Dec 2021 18:35:35 +0100
Subject: [PATCH] opensnitch, opensnitch-ui: 1.3.6 > 1.4.3

---
 pkgs/tools/networking/opensnitch/daemon.nix   | 20 +++++++++++-----
 pkgs/tools/networking/opensnitch/go-mod.patch | 24 +++++++++++++++++++
 pkgs/tools/networking/opensnitch/ui.nix       | 18 +++++++++++---
 3 files changed, 53 insertions(+), 9 deletions(-)
 create mode 100644 pkgs/tools/networking/opensnitch/go-mod.patch

diff --git a/pkgs/tools/networking/opensnitch/daemon.nix b/pkgs/tools/networking/opensnitch/daemon.nix
index 2ebf9425f0e5..27d3a6ce5181 100644
--- a/pkgs/tools/networking/opensnitch/daemon.nix
+++ b/pkgs/tools/networking/opensnitch/daemon.nix
@@ -1,6 +1,8 @@
 { buildGoModule
 , fetchFromGitHub
 , fetchpatch
+, protobuf
+, go-protobuf
 , pkg-config
 , libnetfilter_queue
 , libnfnetlink
@@ -12,13 +14,13 @@
 
 buildGoModule rec {
   pname = "opensnitch";
-  version = "1.3.6";
+  version = "1.4.3";
 
   src = fetchFromGitHub {
     owner = "evilsocket";
     repo = "opensnitch";
     rev = "v${version}";
-    sha256 = "sha256-Cgo+bVQQeUZuYYhA1WSqlLyQQGAeXbbNno9LS7oNvhI=";
+    sha256 = "1c2v2x8hfqk524sa42vry74lda4lg6ii40ljk2qx9j2f69446sva";
   };
 
   patches = [
@@ -29,16 +31,22 @@ buildGoModule rec {
       url = "https://github.com/evilsocket/opensnitch/commit/8a3f63f36aa92658217bbbf46d39e6d20b2c0791.patch";
       sha256 = "sha256-WkwjKTQZppR0nqvRO4xiQoKZ307NvuUwoRx+boIpuTg=";
     })
+    # Upstream has inconsistent vendoring
+    ./go-mod.patch
   ];
 
   modRoot = "daemon";
 
-  vendorSha256 = "sha256-LMwQBFkHg1sWIUITLOX2FZi5QUfOivvrkcl9ELO3Trk=";
-
-  nativeBuildInputs = [ pkg-config makeWrapper ];
-
   buildInputs = [ libnetfilter_queue libnfnetlink ];
 
+  nativeBuildInputs = [ pkg-config protobuf go-protobuf makeWrapper ];
+
+  vendorSha256 = "sha256-sTfRfsvyiFk1bcga009W6jD6RllrySRAU6B/8mF6+ow=";
+
+  preBuild = ''
+    make -C ../proto ../daemon/ui/protocol/ui.pb.go
+  '';
+
   postBuild = ''
     mv $GOPATH/bin/daemon $GOPATH/bin/opensnitchd
     mkdir -p $out/lib/systemd/system
diff --git a/pkgs/tools/networking/opensnitch/go-mod.patch b/pkgs/tools/networking/opensnitch/go-mod.patch
new file mode 100644
index 000000000000..290e92ca755f
--- /dev/null
+++ b/pkgs/tools/networking/opensnitch/go-mod.patch
@@ -0,0 +1,24 @@
+diff --git a/daemon/go.mod b/daemon/go.mod
+index ec21c04..a859bfb 100644
+--- a/daemon/go.mod
++++ b/daemon/go.mod
+@@ -5,17 +5,12 @@ go 1.14
+ require (
+ 	github.com/evilsocket/ftrace v1.2.0
+ 	github.com/fsnotify/fsnotify v1.4.7
+-	github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b // indirect
+-	github.com/golang/protobuf v1.5.0
+ 	github.com/google/gopacket v1.1.14
+ 	github.com/google/nftables v0.0.0-20210514154851-a285acebcad3
+ 	github.com/iovisor/gobpf v0.2.0
+ 	github.com/vishvananda/netlink v1.1.0
+-	github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df // indirect
+-	golang.org/x/net v0.0.0-20190311183353-d8887717615a
+-	golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208 // indirect
+-	golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444 // indirect
+-	golang.org/x/text v0.3.0 // indirect
++	golang.org/x/net v0.0.0-20191028085509-fe3aa8a45271
++	golang.org/x/sys v0.0.0-20191029155521-f43be2a4598c
+ 	google.golang.org/grpc v1.27.0
+ 	google.golang.org/protobuf v1.26.0
+ )
diff --git a/pkgs/tools/networking/opensnitch/ui.nix b/pkgs/tools/networking/opensnitch/ui.nix
index 69b26492282d..d211a10d2c5a 100644
--- a/pkgs/tools/networking/opensnitch/ui.nix
+++ b/pkgs/tools/networking/opensnitch/ui.nix
@@ -6,16 +6,19 @@
 
 python3Packages.buildPythonApplication rec {
   pname = "opensnitch-ui";
-  version = "1.3.6";
+  version = "1.4.3";
 
   src = fetchFromGitHub {
     owner = "evilsocket";
     repo = "opensnitch";
     rev = "v${version}";
-    sha256 = "sha256-Cgo+bVQQeUZuYYhA1WSqlLyQQGAeXbbNno9LS7oNvhI=";
+    sha256 = "sha256-amtDSDJOyNSxmJICEqN5lKhGyfF5C6I0EWViB1EXW7A=";
   };
 
-  nativeBuildInputs = [ wrapQtAppsHook ];
+  nativeBuildInputs = [
+    python3Packages.pyqt5
+    wrapQtAppsHook
+  ];
 
   propagatedBuildInputs = with python3Packages; [
     grpcio-tools
@@ -25,6 +28,11 @@ python3Packages.buildPythonApplication rec {
     pyinotify
   ];
 
+  preBuild = ''
+    make -C ../proto ../ui/opensnitch/ui_pb2.py
+    pyrcc5 -o opensnitch/resources_rc.py opensnitch/res/resources.qrc
+  '';
+
   preConfigure = ''
     cd ui
   '';
@@ -33,6 +41,10 @@ python3Packages.buildPythonApplication rec {
     export PYTHONPATH=opensnitch:$PYTHONPATH
   '';
 
+  postInstall = ''
+    mv $out/lib/python3.9/site-packages/usr/* $out/
+  '';
+
   dontWrapQtApps = true;
   makeWrapperArgs = [ "\${qtWrapperArgs[@]}" ];