diff options
Diffstat (limited to 'nixpkgs/pkgs/applications/networking/sniffers/wireshark')
-rw-r--r-- | nixpkgs/pkgs/applications/networking/sniffers/wireshark/default.nix | 108 | ||||
-rw-r--r-- | nixpkgs/pkgs/applications/networking/sniffers/wireshark/wireshark-lookup-dumpcap-in-path.patch | 63 |
2 files changed, 171 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/applications/networking/sniffers/wireshark/default.nix b/nixpkgs/pkgs/applications/networking/sniffers/wireshark/default.nix new file mode 100644 index 000000000000..230bb2d4fe41 --- /dev/null +++ b/nixpkgs/pkgs/applications/networking/sniffers/wireshark/default.nix @@ -0,0 +1,108 @@ +{ lib, stdenv, fetchurl, pkg-config, pcre, perl, flex, bison, gettext, libpcap, libnl, c-ares +, gnutls, libgcrypt, libgpgerror, geoip, openssl, lua5, python3, libcap, glib +, libssh, nghttp2, zlib, cmake, makeWrapper +, withQt ? true, qt5 ? null +, ApplicationServices, SystemConfiguration, gmp +}: + +assert withQt -> qt5 != null; + +with lib; + +let + version = "3.4.5"; + variant = if withQt then "qt" else "cli"; + +in stdenv.mkDerivation { + pname = "wireshark-${variant}"; + inherit version; + outputs = [ "out" "dev" ]; + + src = fetchurl { + url = "https://www.wireshark.org/download/src/all-versions/wireshark-${version}.tar.xz"; + sha256 = "sha256-3hqv0QCh4SB8hQ0YDpfdkauNoPXra+7FRfclzbFF0zM="; + }; + + cmakeFlags = [ + "-DBUILD_wireshark=${if withQt then "ON" else "OFF"}" + "-DENABLE_APPLICATION_BUNDLE=${if withQt && stdenv.isDarwin then "ON" else "OFF"}" + # Fix `extcap` and `plugins` paths. See https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16444 + "-DCMAKE_INSTALL_LIBDIR=lib" + ]; + + # Avoid referencing -dev paths because of debug assertions. + NIX_CFLAGS_COMPILE = [ "-DQT_NO_DEBUG" ]; + + nativeBuildInputs = [ bison cmake flex makeWrapper pkg-config ] ++ optional withQt qt5.wrapQtAppsHook; + + buildInputs = [ + gettext pcre perl libpcap lua5 libssh nghttp2 openssl libgcrypt + libgpgerror gnutls geoip c-ares python3 glib zlib + ] ++ optionals withQt (with qt5; [ qtbase qtmultimedia qtsvg qttools ]) + ++ optionals stdenv.isLinux [ libcap libnl ] + ++ optionals stdenv.isDarwin [ SystemConfiguration ApplicationServices gmp ] + ++ optionals (withQt && stdenv.isDarwin) (with qt5; [ qtmacextras ]); + + patches = [ ./wireshark-lookup-dumpcap-in-path.patch ]; + + postPatch = '' + sed -i -e '1i cmake_policy(SET CMP0025 NEW)' CMakeLists.txt + ''; + + preBuild = '' + export LD_LIBRARY_PATH="$PWD/run" + ''; + + postInstall = '' + # to remove "cycle detected in the references" + mkdir -p $dev/lib/wireshark + mv $out/lib/wireshark/cmake $dev/lib/wireshark + '' + (if stdenv.isDarwin && withQt then '' + mkdir -p $out/Applications + mv $out/bin/Wireshark.app $out/Applications/Wireshark.app + + for f in $(find $out/Applications/Wireshark.app/Contents/PlugIns -name "*.so"); do + for dylib in $(otool -L $f | awk '/^\t*lib/ {print $1}'); do + install_name_tool -change "$dylib" "$out/lib/$dylib" "$f" + done + done + + wrapQtApp $out/Applications/Wireshark.app/Contents/MacOS/Wireshark + '' else optionalString withQt '' + install -Dm644 -t $out/share/applications ../wireshark.desktop + + install -Dm644 ../image/wsicon.svg $out/share/icons/wireshark.svg + mkdir $dev/include/{epan/{wmem,ftypes,dfilter},wsutil,wiretap} -pv + + cp config.h $dev/include/wireshark/ + cp ../ws_*.h $dev/include + cp ../epan/*.h $dev/include/epan/ + cp ../epan/wmem/*.h $dev/include/epan/wmem/ + cp ../epan/ftypes/*.h $dev/include/epan/ftypes/ + cp ../epan/dfilter/*.h $dev/include/epan/dfilter/ + cp ../wsutil/*.h $dev/include/wsutil/ + cp ../wiretap/*.h $dev/include/wiretap + ''); + + dontFixCmake = true; + + shellHook = '' + # to be able to run the resulting binary + export WIRESHARK_RUN_FROM_BUILD_DIRECTORY=1 + ''; + + meta = with lib; { + homepage = "https://www.wireshark.org/"; + description = "Powerful network protocol analyzer"; + license = licenses.gpl2Plus; + + longDescription = '' + Wireshark (formerly known as "Ethereal") is a powerful network + protocol analyzer developed by an international team of networking + experts. It runs on UNIX, macOS and Windows. + ''; + + platforms = platforms.linux ++ platforms.darwin; + maintainers = with maintainers; [ bjornfor fpletz ]; + }; +} diff --git a/nixpkgs/pkgs/applications/networking/sniffers/wireshark/wireshark-lookup-dumpcap-in-path.patch b/nixpkgs/pkgs/applications/networking/sniffers/wireshark/wireshark-lookup-dumpcap-in-path.patch new file mode 100644 index 000000000000..549da5436e60 --- /dev/null +++ b/nixpkgs/pkgs/applications/networking/sniffers/wireshark/wireshark-lookup-dumpcap-in-path.patch @@ -0,0 +1,63 @@ +From 5bef9deeff8a2e4401de0f45c9701cd6f98f29d8 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Bj=C3=B8rn=20Forsman?= <bjorn.forsman@gmail.com> +Date: Thu, 26 Nov 2015 21:03:35 +0100 +Subject: [PATCH] Lookup dumpcap in PATH + +NixOS patch: Look for dumpcap in PATH first, because there may be a +dumpcap wrapper that we want to use instead of the default +non-setuid dumpcap binary. + +Also change execv() to execvp() because we've set argv[0] to "dumpcap" +and have to enable PATH lookup. Wireshark is not a setuid program, so +looking in PATH is not a security issue. + +Signed-off-by: Franz Pletz <fpletz@fnordicwalking.de> +--- + capchild/capture_sync.c | 17 ++++++++++++++--- + 1 file changed, 14 insertions(+), 3 deletions(-) + +diff --git a/capchild/capture_sync.c b/capchild/capture_sync.c +index 970688e..49914d5 100644 +--- a/capchild/capture_sync.c ++++ b/capchild/capture_sync.c +@@ -332,7 +332,18 @@ init_pipe_args(int *argc) { + #ifdef _WIN32 + exename = g_strdup_printf("%s\\dumpcap.exe", progfile_dir); + #else +- exename = g_strdup_printf("%s/dumpcap", progfile_dir); ++ /* ++ * NixOS patch: Look for dumpcap in PATH first, because there may be a ++ * dumpcap wrapper that we want to use instead of the default ++ * non-setuid dumpcap binary. ++ */ ++ if (system("command -v dumpcap >/dev/null") == 0) { ++ /* Found working dumpcap */ ++ exename = g_strdup_printf("dumpcap"); ++ } else { ++ /* take Wireshark's absolute program path and replace "Wireshark" with "dumpcap" */ ++ exename = g_strdup_printf("%s/dumpcap", progfile_dir); ++ } + #endif + + /* Make that the first argument in the argument list (argv[0]). */ +@@ -729,7 +740,7 @@ sync_pipe_start(capture_options *capture_opts, capture_session *cap_session, voi + */ + dup2(sync_pipe[PIPE_WRITE], 2); + ws_close(sync_pipe[PIPE_READ]); +- execv(argv[0], argv); ++ execvp(argv[0], argv); + g_snprintf(errmsg, sizeof errmsg, "Couldn't run %s in child process: %s", + argv[0], g_strerror(errno)); + sync_pipe_errmsg_to_parent(2, errmsg, ""); +@@ -997,7 +1008,7 @@ sync_pipe_open_command(char** argv, int *data_read_fd, + dup2(sync_pipe[PIPE_WRITE], 2); + ws_close(sync_pipe[PIPE_READ]); + ws_close(sync_pipe[PIPE_WRITE]); +- execv(argv[0], argv); ++ execvp(argv[0], argv); + g_snprintf(errmsg, sizeof errmsg, "Couldn't run %s in child process: %s", + argv[0], g_strerror(errno)); + sync_pipe_errmsg_to_parent(2, errmsg, ""); +-- +2.6.3 + |