X-Loop: help-debbugs@HIDDEN
Subject: [bug#41874] [PATCH] gnu: wireshark: Lookup 'dumpcap' in PATH.
Resent-From: Brice Waegeneire <brice@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Mon, 15 Jun 2020 16:20:02 +0000
Resent-Message-ID: <handler.41874.B.15922379562660 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: report 41874
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 41874 <at> debbugs.gnu.org
X-Debbugs-Original-To: guix-patches@HIDDEN
Received: via spool by submit <at> debbugs.gnu.org id=B.15922379562660
(code B ref -1); Mon, 15 Jun 2020 16:20:02 +0000
Received: (at submit) by debbugs.gnu.org; 15 Jun 2020 16:19:16 +0000
Received: from localhost ([127.0.0.1]:47271 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1jkrpI-0000gi-HI
for submit <at> debbugs.gnu.org; Mon, 15 Jun 2020 12:19:16 -0400
Received: from lists.gnu.org ([209.51.188.17]:50276)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <brice@HIDDEN>) id 1jkrpD-0000gX-Ow
for submit <at> debbugs.gnu.org; Mon, 15 Jun 2020 12:19:11 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:53036)
by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <brice@HIDDEN>) id 1jkrpD-00089M-Ip
for guix-patches@HIDDEN; Mon, 15 Jun 2020 12:19:07 -0400
Received: from relay12.mail.gandi.net ([217.70.178.232]:34791)
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <brice@HIDDEN>) id 1jkrp8-0004Gh-NU
for guix-patches@HIDDEN; Mon, 15 Jun 2020 12:19:07 -0400
Received: from localhost (luy13-1-78-237-113-178.fbx.proxad.net
[78.237.113.178]) (Authenticated sender: brice@HIDDEN)
by relay12.mail.gandi.net (Postfix) with ESMTPSA id 5F308200002
for <guix-patches@HIDDEN>; Mon, 15 Jun 2020 16:18:56 +0000 (UTC)
From: Brice Waegeneire <brice@HIDDEN>
Date: Mon, 15 Jun 2020 18:18:41 +0200
Message-Id: <20200615161841.24337-1-brice@HIDDEN>
X-Mailer: git-send-email 2.26.2
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=217.70.178.232; envelope-from=brice@HIDDEN;
helo=relay12.mail.gandi.net
X-detected-operating-system: by eggs.gnu.org: First seen = 2020/06/15 12:18:57
X-ACL-Warn: Detected OS = Linux 3.11 and newer
X-Spam_score_int: -25
X-Spam_score: -2.6
X-Spam_bar: --
X-Spam_report: (-2.6 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7,
SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001 autolearn=_AUTOLEARN
X-Spam_action: no action
X-Spam-Score: -1.6 (-)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.6 (--)
* gnu/packages/patches/wireshark-lookup-dumpcap-in-path.patch: New file
…
* gnu/local.mk: … add it …
* gnu/packages/networking.scm (wireshark)[origin]: … use it.
---
Together with https://issues.guix.info/41763 this patch allow to use wireshark
as a non-root user be adding the following to your “oeprating-system-services“
field:
--8<---------------cut here---------------start------------->8---
(simple-service 'wireshark-group account-service-type
(list (user-group (name "wireshark") (system? #t))))
(simple-service 'wireshark-dumpcap setuid-program-service-type
(list (list (file-append wireshark "/bin/dumpcap")
"root" "wireshark")))
--8<---------------cut here---------------end--------------->8---
Such feature was asked on the mailing list years ago[0].
[0]: https://lists.gnu.org/archive/html/help-guix/2016-11/msg00043.html
gnu/local.mk | 1 +
gnu/packages/networking.scm | 1 +
.../wireshark-lookup-dumpcap-in-path.patch | 66 +++++++++++++++++++
3 files changed, 68 insertions(+)
create mode 100644 gnu/packages/patches/wireshark-lookup-dumpcap-in-path.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index 79bdfe9be8..3b07aa248c 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1595,6 +1595,7 @@ dist_patch_DATA = \
%D%/packages/patches/wicd-get-selected-profile-fix.patch \
%D%/packages/patches/wicd-urwid-1.3.patch \
%D%/packages/patches/wicd-wpa2-ttls.patch \
+ %D%/packages/patches/wireshark-lookup-dumpcap-in-path.patch \
%D%/packages/patches/wmctrl-64-fix.patch \
%D%/packages/patches/wmfire-update-for-new-gdk-versions.patch \
%D%/packages/patches/wordnet-CVE-2008-2149.patch \
diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
index e8f398e521..216e5072a4 100644
--- a/gnu/packages/networking.scm
+++ b/gnu/packages/networking.scm
@@ -873,6 +873,7 @@ of the same name.")
(method url-fetch)
(uri (string-append "https://www.wireshark.org/download/src/wireshark-"
version ".tar.xz"))
+ (patches (search-patches "wireshark-lookup-dumpcap-in-path.patch"))
(sha256
(base32 "1amqgn94g6h6cfnsccm2zb4c73pfv1qmzi1i6h1hnbcyhhg4czfi"))))
(build-system cmake-build-system)
diff --git a/gnu/packages/patches/wireshark-lookup-dumpcap-in-path.patch b/gnu/packages/patches/wireshark-lookup-dumpcap-in-path.patch
new file mode 100644
index 0000000000..4c000c23a1
--- /dev/null
+++ b/gnu/packages/patches/wireshark-lookup-dumpcap-in-path.patch
@@ -0,0 +1,66 @@
+Taken from Nixpkgs:
+<https://github.com/NixOS/nixpkgs/blob/aa060ababf1490e8b39a6122d42112ea958f39cf/pkgs/applications/networking/sniffers/wireshark/wireshark-lookup-dumpcap-in-path.patch>
+
+From 5bef9deeff8a2e4401de0f45c9701cd6f98f29d8 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Bj=C3=B8rn=20Forsman?= <bjorn.forsman@HIDDEN>
+Date: Thu, 26 Nov 2015 21:03:35 +0100
+Subject: [PATCH] Lookup dumpcap in PATH
+
+NixOS patch: Look for dumpcap in PATH first, because there may be a
+dumpcap wrapper that we want to use instead of the default
+non-setuid dumpcap binary.
+
+Also change execv() to execvp() because we've set argv[0] to "dumpcap"
+and have to enable PATH lookup. Wireshark is not a setuid program, so
+looking in PATH is not a security issue.
+
+Signed-off-by: Franz Pletz <fpletz@HIDDEN>
+---
+ capchild/capture_sync.c | 17 ++++++++++++++---
+ 1 file changed, 14 insertions(+), 3 deletions(-)
+
+diff --git a/capchild/capture_sync.c b/capchild/capture_sync.c
+index 970688e..49914d5 100644
+--- a/capchild/capture_sync.c
++++ b/capchild/capture_sync.c
+@@ -332,7 +332,18 @@ init_pipe_args(int *argc) {
+ #ifdef _WIN32
+ exename = g_strdup_printf("%s\\dumpcap.exe", progfile_dir);
+ #else
+- exename = g_strdup_printf("%s/dumpcap", progfile_dir);
++ /*
++ * NixOS patch: Look for dumpcap in PATH first, because there may be a
++ * dumpcap wrapper that we want to use instead of the default
++ * non-setuid dumpcap binary.
++ */
++ if (system("command -v dumpcap >/dev/null") == 0) {
++ /* Found working dumpcap */
++ exename = g_strdup_printf("dumpcap");
++ } else {
++ /* take Wireshark's absolute program path and replace "Wireshark" with "dumpcap" */
++ exename = g_strdup_printf("%s/dumpcap", progfile_dir);
++ }
+ #endif
+
+ /* Make that the first argument in the argument list (argv[0]). */
+@@ -729,7 +740,7 @@ sync_pipe_start(capture_options *capture_opts, capture_session *cap_session, voi
+ */
+ dup2(sync_pipe[PIPE_WRITE], 2);
+ ws_close(sync_pipe[PIPE_READ]);
+- execv(argv[0], argv);
++ execvp(argv[0], argv);
+ g_snprintf(errmsg, sizeof errmsg, "Couldn't run %s in child process: %s",
+ argv[0], g_strerror(errno));
+ sync_pipe_errmsg_to_parent(2, errmsg, "");
+@@ -997,7 +1008,7 @@ sync_pipe_open_command(char** argv, int *data_read_fd,
+ dup2(sync_pipe[PIPE_WRITE], 2);
+ ws_close(sync_pipe[PIPE_READ]);
+ ws_close(sync_pipe[PIPE_WRITE]);
+- execv(argv[0], argv);
++ execvp(argv[0], argv);
+ g_snprintf(errmsg, sizeof errmsg, "Couldn't run %s in child process: %s",
+ argv[0], g_strerror(errno));
+ sync_pipe_errmsg_to_parent(2, errmsg, "");
+--
+2.6.3
+
--
2.26.2
Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) Content-Type: text/plain; charset=utf-8 X-Loop: help-debbugs@HIDDEN From: help-debbugs@HIDDEN (GNU bug Tracking System) To: Brice Waegeneire <brice@HIDDEN> Subject: bug#41874: Acknowledgement ([PATCH] gnu: wireshark: Lookup 'dumpcap' in PATH.) Message-ID: <handler.41874.B.15922379562660.ack <at> debbugs.gnu.org> References: <20200615161841.24337-1-brice@HIDDEN> X-Gnu-PR-Message: ack 41874 X-Gnu-PR-Package: guix-patches X-Gnu-PR-Keywords: patch Reply-To: 41874 <at> debbugs.gnu.org Date: Mon, 15 Jun 2020 16:20:02 +0000 Thank you for filing a new bug report with debbugs.gnu.org. This is an automatically generated reply to let you know your message has been received. Your message is being forwarded to the package maintainers and other interested parties for their attention; they will reply in due course. Your message has been sent to the package maintainer(s): guix-patches@HIDDEN If you wish to submit further information on this problem, please send it to 41874 <at> debbugs.gnu.org. Please do not send mail to help-debbugs@HIDDEN unless you wish to report a problem with the Bug-tracking system. --=20 41874: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D41874 GNU Bug Tracking System Contact help-debbugs@HIDDEN with problems
X-Loop: help-debbugs@HIDDEN
Subject: [bug#41874] [PATCH] gnu: wireshark: Lookup 'dumpcap' in PATH.
Resent-From: Mathieu Othacehe <othacehe@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Sun, 05 Jul 2020 09:59:02 +0000
Resent-Message-ID: <handler.41874.B41874.15939430927621 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 41874
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: Brice Waegeneire <brice@HIDDEN>
Cc: 41874 <at> debbugs.gnu.org
Received: via spool by 41874-submit <at> debbugs.gnu.org id=B41874.15939430927621
(code B ref 41874); Sun, 05 Jul 2020 09:59:02 +0000
Received: (at 41874) by debbugs.gnu.org; 5 Jul 2020 09:58:12 +0000
Received: from localhost ([127.0.0.1]:60058 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1js1PX-0001yr-Vz
for submit <at> debbugs.gnu.org; Sun, 05 Jul 2020 05:58:12 -0400
Received: from eggs.gnu.org ([209.51.188.92]:59224)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <othacehe@HIDDEN>) id 1js1PW-0001yf-N5
for 41874 <at> debbugs.gnu.org; Sun, 05 Jul 2020 05:58:11 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:59482)
by eggs.gnu.org with esmtp (Exim 4.90_1)
(envelope-from <othacehe@HIDDEN>)
id 1js1PQ-0003h0-0s; Sun, 05 Jul 2020 05:58:04 -0400
Received: from [2a01:e0a:fa:a50:84fd:6270:81db:82dd] (port=54962 helo=meru)
by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
(Exim 4.82) (envelope-from <othacehe@HIDDEN>)
id 1js1PO-0001i5-Sc; Sun, 05 Jul 2020 05:58:03 -0400
From: Mathieu Othacehe <othacehe@HIDDEN>
References: <20200615161841.24337-1-brice@HIDDEN>
Date: Sun, 05 Jul 2020 11:57:55 +0200
In-Reply-To: <20200615161841.24337-1-brice@HIDDEN> (Brice Waegeneire's
message of "Mon, 15 Jun 2020 18:18:41 +0200")
Message-ID: <87sge6i8rg.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
Hello Brice,
> Together with https://issues.guix.info/41763 this patch allow to use wire=
shark
> as a non-root user be adding the following to your =E2=80=9Coeprating-sys=
tem-services=E2=80=9C
> field:
>
> (simple-service 'wireshark-group account-service-type
> (list (user-group (name "wireshark") (system? #t))))
> (simple-service 'wireshark-dumpcap setuid-program-service-type
> (list (list (file-append wireshark "/bin/dumpcap")
> "root" "wireshark")))
When this mechanism will be pushed, we could maybe update wireshark
package description to refer to this "trick". In the meantime your patch
looks good to me.
Thanks,
Mathieu
Received: (at control) by debbugs.gnu.org; 5 Jul 2020 11:47:19 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sun Jul 05 07:47:19 2020 Received: from localhost ([127.0.0.1]:60154 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1js378-0006mp-Tr for submit <at> debbugs.gnu.org; Sun, 05 Jul 2020 07:47:19 -0400 Received: from relay12.mail.gandi.net ([217.70.178.232]:46233) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <brice@HIDDEN>) id 1js375-0006mZ-D8 for control <at> debbugs.gnu.org; Sun, 05 Jul 2020 07:47:17 -0400 Received: from webmail.gandi.net (webmail19.sd4.0x35.net [10.200.201.19]) (Authenticated sender: brice@HIDDEN) by relay12.mail.gandi.net (Postfix) with ESMTPA id BBFDD200003 for <control <at> debbugs.gnu.org>; Sun, 5 Jul 2020 11:47:08 +0000 (UTC) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Sun, 05 Jul 2020 11:47:08 +0000 From: Brice Waegeneire <brice@HIDDEN> To: control <at> debbugs.gnu.org Subject: Block #41874 Message-ID: <9667f027e8609b9f83d0d2a6773bb8de@HIDDEN> X-Sender: brice@HIDDEN User-Agent: Roundcube Webmail/1.3.13 X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.7 (-) block 41874 with 41763
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.