From 44500f9c09ee6595883089c2346b84026ccba49b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gustavo=20I=C3=B1iguez=20Goia?= Date: Wed, 19 Oct 2022 13:13:45 +0200 Subject: [PATCH] pkgs, deb: improvements - Don't share sources (reduces deb size). - Install eBPF modules under /usr/lib/opensnitchd/ebpf/ /etc/is only mean for configuration files, and /usr/lib for object files and libraries. https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch03s07.html#purpose6 https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch04s06.html#purpose22 - Added NEWS file, to inform users about breaking changes and other relevant changes. --- utils/packaging/daemon/deb/debian/NEWS | 20 +++++++++++++++++++ .../daemon/deb/debian/opensnitch.install | 5 +++-- utils/packaging/daemon/deb/debian/rules | 3 +++ 3 files changed, 26 insertions(+), 2 deletions(-) create mode 100644 utils/packaging/daemon/deb/debian/NEWS diff --git a/utils/packaging/daemon/deb/debian/NEWS b/utils/packaging/daemon/deb/debian/NEWS new file mode 100644 index 00000000..5f48e74b --- /dev/null +++ b/utils/packaging/daemon/deb/debian/NEWS @@ -0,0 +1,20 @@ +opensnitch (1.6.0-rc.3-1) unstable; urgency=medium + + From now on the eBPF modules will be installed under + /usr/lib/opensnitchd/ebpf/. + + The daemon will look for the eBPF modules in these directories and order: + - /usr/local/lib/opensnitchd/ebpf/ + - /usr/lib/opensnitchd/ebpf/ + + Modules under /etc/opensnitchd/ will still ne loaded if found, but it's + deprecated and will be removed in the future. + + There's a new module to intercept processes execution. It may cause some + rules not to match: for example if you allowed /bin/telnet, now it may be + reported as /usr/bin/inteutils-telnet + + These cases are mostly expected. We'll keep improving it, sorry for + the inconveniences. + + -- gustavo-iniguez-goya Wed, 19 Oct 2022 00:15:19 +0200 diff --git a/utils/packaging/daemon/deb/debian/opensnitch.install b/utils/packaging/daemon/deb/debian/opensnitch.install index 5e473882..6c635c4e 100644 --- a/utils/packaging/daemon/deb/debian/opensnitch.install +++ b/utils/packaging/daemon/deb/debian/opensnitch.install @@ -1,4 +1,5 @@ daemon/default-config.json etc/opensnitchd/ daemon/system-fw.json etc/opensnitchd/ -ebpf_prog/opensnitch.o etc/opensnitchd/ -ebpf_prog/opensnitch-dns.o etc/opensnitchd/ +ebpf_prog/opensnitch.o usr/lib/opensnitchd/ebpf/ +ebpf_prog/opensnitch-dns.o usr/lib/opensnitchd/ebpf/ +ebpf_prog/opensnitch-procs.o usr/lib/opensnitchd/ebpf/ diff --git a/utils/packaging/daemon/deb/debian/rules b/utils/packaging/daemon/deb/debian/rules index 34f450d9..d7cacbbc 100755 --- a/utils/packaging/daemon/deb/debian/rules +++ b/utils/packaging/daemon/deb/debian/rules @@ -12,5 +12,8 @@ execute_before_dh_auto_install: mkdir -p $(DESTDIR)/usr/bin mv _build/bin/daemon $(DESTDIR)/usr/bin/opensnitchd +override_dh_auto_install: + dh_auto_install -- --no-source + %: dh $@ --builddirectory=_build --buildsystem=golang --with=golang