epm play: add portmaster2 (Portmaster v2 with predownloaded components)

pack.d/portmaster2.sh

+#!/bin/sh
+
+TAR="$1"
+RETURNTARNAME="$2"
+VERSION="$3"
+URL="$4"
+
+. $(dirname $0)/common.sh
+
+BINDIR=opt/portmaster2
+DATADIR=var/lib/portmaster
+
+# extract original installer deb (contains only portmaster-start bootstrap)
+erc --here unpack $TAR || fatal
+
+# fetch manifests
+MANIFEST_URL="https://updates.safing.io/stable.v3.json"
+eget -O manifest.json "$MANIFEST_URL" || fatal "Can't fetch manifest"
+
+INTEL_URL="https://updates.safing.io/intel.v3.json"
+eget -O intel.json "$INTEL_URL" || fatal "Can't fetch intel manifest"
+
+# parse with python3
+VERSION=$(python3 -c "import json; print(json.load(open('manifest.json'))['Version'])")
+[ -n "$VERSION" ] || fatal "Can't get version from manifest"
+
+get_url()
+{
+    python3 -c "
+import json,sys
+name, platform = sys.argv[1], sys.argv[2] if len(sys.argv)>2 else None
+d = json.load(open(sys.argv[3]))
+for a in d['Artifacts']:
+    if a['Filename'] == name:
+        if platform and a.get('Platform') != platform:
+            continue
+        print(a['URLs'][0])
+        break
+" "$1" "$2" "$3"
+}
+
+PKGNAME=$PRODUCT-$VERSION
+
+# download core and app binaries
+mkdir -p $BINDIR
+for artifact in portmaster-core portmaster; do
+    url=$(get_url "$artifact" "linux_amd64" manifest.json)
+    [ -n "$url" ] || fatal "Can't find URL for $artifact"
+    eget -O $BINDIR/$artifact "$url" || fatal "Can't download $artifact"
+    chmod +x $BINDIR/$artifact
+done
+
+# download UI modules
+for artifact in portmaster.zip assets.zip; do
+    url=$(get_url "$artifact" "" manifest.json)
+    [ -n "$url" ] || fatal "Can't find URL for $artifact"
+    eget -O $BINDIR/$artifact "$url" || fatal "Can't download $artifact"
+done
+
+# download intel data
+mkdir -p $DATADIR/intel
+for artifact in index.dsd base.dsdl intermediate.dsdl urgent.dsdl main-intel.yaml notifications.yaml news.yaml; do
+    url=$(get_url "$artifact" "" intel.json)
+    [ -n "$url" ] && eget -O $DATADIR/intel/$artifact "$url"
+done
+
+for artifact in geoipv4.mmdb geoipv6.mmdb; do
+    url=$(get_url "$artifact" "" intel.json)
+    [ -n "$url" ] && eget -O $DATADIR/intel/$artifact.gz "$url" && gunzip -f $DATADIR/intel/$artifact.gz
+done
+
+# create dirs for runtime
+mkdir -p $DATADIR/logs
+
+# collect files to pack
+erc pack $PKGNAME.tar $BINDIR $DATADIR
+
+cat <<EOF >$PKGNAME.tar.eepm.yaml
+name: $PRODUCT
+version: $VERSION
+summary: Portmaster v2 - Privacy Suite and Application Firewall
+url: https://safing.io/portmaster
+license: GPL-3.0
+EOF
+
+return_tar $PKGNAME.tar

play.d/portmaster2.sh

+#!/bin/sh
+
+PKGNAME=portmaster2
+SUPPORTEDARCHES="x86_64"
+VERSION="$2"
+DESCRIPTION="Portmaster v2 - Privacy Suite and Application Firewall from the official site"
+URL="https://safing.io/portmaster"
+
+. $(dirname $0)/common.sh
+
+warn_version_is_not_supported
+
+PKGURL="https://updates.safing.io/latest/linux_amd64/packages/portmaster-installer.deb"
+
+install_pack_pkgurl

repack.d/portmaster2.sh

+#!/bin/sh -x
+
+# It will be run with two args: buildroot spec
+BUILDROOT="$1"
+SPEC="$2"
+
+PRODUCT=portmaster2
+PRODUCTDIR=/opt/portmaster2
+
+. $(dirname $0)/common.sh
+
+# conflicts with legacy portmaster v1
+add_conflicts portmaster
+
+# portmaster (Tauri GUI) needs webkit2gtk
+add_requires 'libwebkit2gtk-4.1.so.0()(64bit)'
+
+# create systemd service
+cat <<'EOF' | create_file /lib/systemd/system/portmaster.service
+[Unit]
+Description=Portmaster Privacy Suite by Safing
+Documentation=https://docs.safing.io
+Before=nss-lookup.target network.target
+After=systemd-networkd.service
+Conflicts=firewalld.service
+
+[Service]
+Type=simple
+Restart=on-failure
+RestartSec=10
+ExecStart=/opt/portmaster2/portmaster-core --data /var/lib/portmaster
+PIDFile=/var/lib/portmaster/core-lock.pid
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+# create user-facing launcher
+cat <<'EOF' | create_exec_file /usr/bin/portmaster
+#!/bin/sh
+exec /opt/portmaster2/portmaster --data /var/lib/portmaster "$@"
+EOF
+
+# install icon from original deb if available
+if [ -f "$BUILDROOT/usr/share/icons/hicolor/128x128/apps/portmaster.png" ] ; then
+    install_file /usr/share/icons/hicolor/128x128/apps/portmaster.png /usr/share/pixmaps/portmaster.png
+fi
+
+cat <<EOF | create_file /usr/share/applications/portmaster.desktop
+[Desktop Entry]
+Version=1.0
+Type=Application
+Name=Portmaster
+Comment=Privacy Suite and Application Firewall
+Exec=portmaster
+Icon=portmaster
+Terminal=false
+Categories=Network;Security;
+EOF
+
+subst "s|^Group:.*|Group: Networking/Other|" $SPEC