From patchwork Thu May 1 08:29:36 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Rutherther X-Patchwork-Id: 42200 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id E3BDE27BC4B; Thu, 1 May 2025 09:30:28 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,FROM_SUSPICIOUS_NTLD,MAILING_LIST_MULTI,PDS_OTHER_BAD_TLD, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_VALIDITY_CERTIFIED,RCVD_IN_VALIDITY_RPBL, RCVD_IN_VALIDITY_SAFE,SPF_HELO_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 8B00327BC49 for ; Thu, 1 May 2025 09:30:28 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1uAPJ3-0006vo-Fr; Thu, 01 May 2025 04:30:09 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uAPIz-0006sG-Tr for guix-patches@gnu.org; Thu, 01 May 2025 04:30:06 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1uAPIz-0004uJ-GS for guix-patches@gnu.org; Thu, 01 May 2025 04:30:05 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:References:In-Reply-To:Date:From:To:Subject; bh=MqRrWCV8Oea1MJmtrI5yz9A2VvObg69PeVbIxzMrdgo=; b=K2gbJUuL+qwEDmBZeN2W+s3j0B+LYGta52NmNBNfIY52GAxEwZYD9j9bmb7flN0maCUm1NZxWmnr7LPBGSOrIEi65IGidCAnBRucIjmPO77cDuEOGsLg78ZQQ/DbKxF2wYnDb1Qo4zqliwHhrTps+gYY4rseeX3qMYCFasiF7NN5QoWvTrLBcnqqRJwB6uxMgouQs9hFyIVn2veCSUAdRs6+yzYTSRyybV3yjtRcHWpvRsUY6PmhfJydD2pNlnseQoAnvkZWtkNEMDPSziWPvrzgSudXaqBseTot7Tvf1qLg5UH9onIlVZIHqShJo43ZLEVAVK2Ml64oZHmpcjBhRQ==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1uAPIz-00060H-9v for guix-patches@gnu.org; Thu, 01 May 2025 04:30:05 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#78179] [PATCH 3/4] gnu: wireshark: Wrap dumpcap with wrap-privileged. Resent-From: Rutherther Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 01 May 2025 08:30:05 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 78179 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 78179@debbugs.gnu.org Cc: Rutherther Received: via spool by 78179-submit@debbugs.gnu.org id=B78179.174608820122773 (code B ref 78179); Thu, 01 May 2025 08:30:05 +0000 Received: (at 78179) by debbugs.gnu.org; 1 May 2025 08:30:01 +0000 Received: from localhost ([127.0.0.1]:48395 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uAPIu-0005us-NL for submit@debbugs.gnu.org; Thu, 01 May 2025 04:30:01 -0400 Received: from ditigal.xyz ([78.46.201.50]:53198 helo=mail.ditigal.xyz) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1uAPIp-0005tw-S5 for 78179@debbugs.gnu.org; Thu, 01 May 2025 04:29:57 -0400 Received: by cerebrum (OpenSMTPD) with ESMTPSA id 4d1bf36f (TLSv1.3:TLS_CHACHA20_POLY1305_SHA256:256:NO); Thu, 1 May 2025 08:29:52 +0000 (UTC) Date: Thu, 1 May 2025 10:29:36 +0200 Message-ID: <9df66aad0fb0acd1419c1a805896ad1d8ba174b0.1746086472.git.rutherther@ditigal.xyz> X-Mailer: git-send-email 2.49.0 In-Reply-To: References: MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ditigal.xyz; i=@ditigal.xyz; q=dns/txt; s=20240917; t=1746088192; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : from; bh=UVd0wUvTqBuRE2zB5wHwNY8uXeWJ01Ny4MsQy791Za8=; b=DS9StrURv9Q1crkOoecp5UdIOzBmthbomNKaHdEVdy26ehFM2+IUVZMJnM2jqFYwZZAdn vMiCrBsj2TP804T9NqLbVLzdhU4VBvoxoNJjhu1tzuZDFl9SDuBnGUYTpzclHoG4jdtZNGh zxEcs21izIm8QmhVQlAPmxoFzbdIo9Q= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Rutherther X-ACL-Warn: , Rutherther via Guix-patches X-Patchwork-Original-From: Rutherther via Guix-patches via From: Rutherther Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches Wraps Wireshark so that dumpcap can be made a privileged program. The ...wireshark/bin/dumpcap will be a shell script that tries to execute /run/privileged/bin/dumpcap first and falls back to the original dumpcap that is stored in ...wireshark/privileged/dumpcap. * gnu/packages/networking.scm (wireshark)[modules]: Add guix build privileged. * gnu/packages/networking.scm (wireshark)[imported-modules]: Add guix build privileged. * gnu/packages/networking.scm (wireshark)[inputs]: Add bash. * gnu/packages/networking.scm (wireshark)[phases]: Add wrap-dumpcap phase executing wrap-privileged. Change-Id: Ia19670d0372af40c01a26c1d15f41ce668ce023d --- gnu/packages/networking.scm | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm index 2a27474826..f957cc02e5 100644 --- a/gnu/packages/networking.scm +++ b/gnu/packages/networking.scm @@ -87,6 +87,7 @@ (define-module (gnu packages networking) #:use-module ((guix licenses) #:prefix license:) #:use-module (guix packages) #:use-module (guix download) + #:use-module (guix modules) #:use-module (guix gexp) #:use-module (guix git-download) #:use-module (guix build-system cmake) @@ -1829,6 +1830,11 @@ (define-public wireshark (build-system qt-build-system) (arguments (list + #:modules `((guix build privileged) + (guix build qt-build-system) + (guix build utils)) + #:imported-modules `(,@(source-module-closure '((guix build privileged))) + ,@%qt-build-system-modules) ;; This causes the plugins to register runpaths for the wireshark ;; libraries, which would otherwise cause the validate-runpath phase to ;; fail. @@ -1844,9 +1850,16 @@ (define-public wireshark (invoke "ctest" "-VV" "-j" (if parallel-tests? (number->string (parallel-job-count)) - "1")))))))) + "1"))))) + (add-after 'qt-wrap 'wrap-dumpcap + (lambda _ + (wrap-privileged + #$output + "bin/dumpcap" + "dumpcap")))))) (inputs - (list c-ares + (list bash + c-ares glib gnutls brotli