GNU bug report logs - #78179
[PATCH 0/4] Add wireshark-service-type with privileged wrapper

Previous Next

Package: guix-patches;

Reported by: Rutherther <rutherther <at> ditigal.xyz>

Date: Thu, 1 May 2025 08:28:01 UTC

Severity: normal

Tags: patch

Full log

Message #17 received at 78179 <at> debbugs.gnu.org (full text, mbox):

From: Rutherther <rutherther <at> ditigal.xyz>
To: 78179 <at> debbugs.gnu.org
Cc: Rutherther <rutherther <at> ditigal.xyz>
Subject: [PATCH 3/4] gnu: wireshark: Wrap dumpcap with wrap-privileged.
Date: Thu,  1 May 2025 10:29:36 +0200

Wraps Wireshark so that dumpcap can be made a privileged program.
The ...wireshark/bin/dumpcap will be a shell script that tries to execute
/run/privileged/bin/dumpcap first and falls back to the original dumpcap that
is stored in ...wireshark/privileged/dumpcap.

* gnu/packages/networking.scm (wireshark)[modules]: Add guix build privileged.
* gnu/packages/networking.scm (wireshark)[imported-modules]: Add guix build privileged.
* gnu/packages/networking.scm (wireshark)[inputs]: Add bash.
* gnu/packages/networking.scm (wireshark)[phases]: Add wrap-dumpcap phase
executing wrap-privileged.

Change-Id: Ia19670d0372af40c01a26c1d15f41ce668ce023d
---
 gnu/packages/networking.scm | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
index 2a27474826..f957cc02e5 100644
--- a/gnu/packages/networking.scm
+++ b/gnu/packages/networking.scm
@@ -87,6 +87,7 @@ (define-module (gnu packages networking)
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages)
   #:use-module (guix download)
+  #:use-module (guix modules)
   #:use-module (guix gexp)
   #:use-module (guix git-download)
   #:use-module (guix build-system cmake)
@@ -1829,6 +1830,11 @@ (define-public wireshark
     (build-system qt-build-system)
     (arguments
      (list
+      #:modules `((guix build privileged)
+                  (guix build qt-build-system)
+                  (guix build utils))
+      #:imported-modules `(,@(source-module-closure '((guix build privileged)))
+                           ,@%qt-build-system-modules)
       ;; This causes the plugins to register runpaths for the wireshark
       ;; libraries, which would otherwise cause the validate-runpath phase to
       ;; fail.
@@ -1844,9 +1850,16 @@ (define-public wireshark
                 (invoke "ctest" "-VV"
                         "-j" (if parallel-tests?
                                  (number->string (parallel-job-count))
-                                 "1"))))))))
+                                 "1")))))
+          (add-after 'qt-wrap 'wrap-dumpcap
+            (lambda _
+              (wrap-privileged
+               #$output
+               "bin/dumpcap"
+               "dumpcap"))))))
     (inputs
-     (list c-ares
+     (list bash
+           c-ares
            glib
            gnutls
            brotli
-- 
2.49.0
This bug report was last modified 46 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.