[bug#78179] [PATCH 3/4] gnu: wireshark: Wrap dumpcap with wrap-privilege

guix-patches

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#78179] [PATCH 3/4] gnu: wireshark: Wrap dumpcap with wrap-privilege

From:	Rutherther
Subject:	[bug#78179] [PATCH 3/4] gnu: wireshark: Wrap dumpcap with wrap-privileged.
Date:	Thu, 1 May 2025 10:29:36 +0200

Wraps Wireshark so that dumpcap can be made a privileged program.
The ...wireshark/bin/dumpcap will be a shell script that tries to execute
/run/privileged/bin/dumpcap first and falls back to the original dumpcap that
is stored in ...wireshark/privileged/dumpcap.

* gnu/packages/networking.scm (wireshark)[modules]: Add guix build privileged.
* gnu/packages/networking.scm (wireshark)[imported-modules]: Add guix build 
privileged.
* gnu/packages/networking.scm (wireshark)[inputs]: Add bash.
* gnu/packages/networking.scm (wireshark)[phases]: Add wrap-dumpcap phase
executing wrap-privileged.

Change-Id: Ia19670d0372af40c01a26c1d15f41ce668ce023d
---
 gnu/packages/networking.scm | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
index 2a27474826..f957cc02e5 100644
--- a/gnu/packages/networking.scm
+++ b/gnu/packages/networking.scm
@@ -87,6 +87,7 @@ (define-module (gnu packages networking)
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages)
   #:use-module (guix download)
+  #:use-module (guix modules)
   #:use-module (guix gexp)
   #:use-module (guix git-download)
   #:use-module (guix build-system cmake)
@@ -1829,6 +1830,11 @@ (define-public wireshark
     (build-system qt-build-system)
     (arguments
      (list
+      #:modules `((guix build privileged)
+                  (guix build qt-build-system)
+                  (guix build utils))
+      #:imported-modules `(,@(source-module-closure '((guix build privileged)))
+                           ,@%qt-build-system-modules)
       ;; This causes the plugins to register runpaths for the wireshark
       ;; libraries, which would otherwise cause the validate-runpath phase to
       ;; fail.
@@ -1844,9 +1850,16 @@ (define-public wireshark
                 (invoke "ctest" "-VV"
                         "-j" (if parallel-tests?
                                  (number->string (parallel-job-count))
-                                 "1"))))))))
+                                 "1")))))
+          (add-after 'qt-wrap 'wrap-dumpcap
+            (lambda _
+              (wrap-privileged
+               #$output
+               "bin/dumpcap"
+               "dumpcap"))))))
     (inputs
-     (list c-ares
+     (list bash
+           c-ares
            glib
            gnutls
            brotli
-- 
2.49.0

[Prev in Thread]

Current Thread

[Next in Thread]

[bug#78179] [PATCH 0/4] Add wireshark-service-type with privileged wrapper, Rutherther, 2025/05/01
- [bug#78179] [PATCH 1/4] gnu: %privileged-program-directory: Export variable., Rutherther, 2025/05/01
- [bug#78179] [PATCH 2/4] guix: Add (guix build privileged) module., Rutherther, 2025/05/01
- [bug#78179] [PATCH 4/4] services: Add wireshark-service-type., Rutherther, 2025/05/01
- [bug#78179] [PATCH 3/4] gnu: wireshark: Wrap dumpcap with wrap-privileged., Rutherther <=

Prev by Date: [bug#78179] [PATCH 4/4] services: Add wireshark-service-type.
Next by Date: [bug#70078] [PATCH v2] gnu: Add stremio.
Previous by thread: [bug#78179] [PATCH 4/4] services: Add wireshark-service-type.
Next by thread: [bug#70078] [PATCH v2] gnu: Add stremio.
Index(es):
- Date
- Thread