# Copyright 1999-2013 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 # $Header: /var/cvsroot/gentoo-x86/net-analyzer/wireshark/wireshark-1.6.13.ebuild,v 1.15 2013/02/09 20:12:30 ago Exp $ EAPI=5 PYTHON_DEPEND="python? 2" inherit autotools eutils flag-o-matic python toolchain-funcs user [[ -n ${PV#*_rc} && ${PV#*_rc} != ${PV} ]] && MY_P=${PN}-${PV/_} || MY_P=${P} DESCRIPTION="A network protocol analyzer formerly known as ethereal" HOMEPAGE="http://www.wireshark.org/" SRC_URI="http://www.wireshark.org/download/src/all-versions/${MY_P}.tar.bz2" LICENSE="GPL-2" SLOT="0/${PV}" KEYWORDS="alpha amd64 hppa ia64 ppc ppc64 sparc x86 ~x86-fbsd" IUSE=" adns doc doc-pdf gtk ipv6 libadns lua crypt geoip kerberos profile +pcap portaudio python +caps selinux smi ssl threads zlib " RDEPEND=">=dev-libs/glib-2.14:2 zlib? ( sys-libs/zlib !=sys-libs/zlib-1.2.4 ) smi? ( net-libs/libsmi ) gtk? ( >=x11-libs/gtk+-2.4.0:2 x11-libs/pango dev-libs/atk x11-misc/xdg-utils ) ssl? ( =net-dns/c-ares-1.5 ) ) libadns? ( net-libs/adns ) geoip? ( dev-libs/geoip ) lua? ( >=dev-lang/lua-5.1 ) selinux? ( sec-policy/selinux-wireshark )" DEPEND="${RDEPEND} doc? ( dev-libs/libxslt dev-libs/libxml2 app-doc/doxygen doc-pdf? ( dev-java/fop ) ) virtual/pkgconfig dev-lang/perl sys-devel/bison sys-apps/sed sys-devel/flex " S=${WORKDIR}/${MY_P} # borrowed from GSoC2010_Gentoo_Capabilities by constanze and flameyeys # @FUNCTION: fcaps # @USAGE: fcaps {uid:gid} {file-mode} {cap1[,cap2,...]} {file} # @RETURN: 0 if all okay; non-zero if failure and fallback # @DESCRIPTION: # fcaps sets the specified capabilities in the effective and permitted set of # the given file. In case of failure fcaps sets the given file-mode. fcaps() { local uid_gid=$1 local perms=$2 local capset=$3 local path=$4 local res chmod $perms $path && \ chown $uid_gid $path res=$? use caps || return $res #set the capability setcap "$capset=ep" "$path" &> /dev/null #check if the capabilitiy got set correctly setcap -v "$capset=ep" "$path" &> /dev/null res=$? if [ $res -ne 0 ]; then ewarn "Failed to set capabilities. Probable reason is missed kernel support." ewarn "Kernel must have _FS_SECURITY enabled where is the filesystem" ewarn "to store ${path} (e.g. EXT3_FS_SECURITY). For kernels version before" ewarn "2.6.33_rc1 SECURITY_FILE_CAPABILITIES must be enabled as well." ewarn ewarn "Falling back to suid now..." chmod u+s ${path} fi return $res } pkg_setup() { if ! use gtk; then ewarn "USE=-gtk disables gtk-based gui called wireshark." ewarn "Only command line utils will be built available" fi if use python; then python_set_active_version 2 python_pkg_setup fi } src_prepare() { epatch \ "${FILESDIR}"/${PN}-1.6.6-gtk-pcap.patch \ "${FILESDIR}"/${PN}-1.6.13-ldflags.patch sed -i -e 's|.png||g' ${PN}.desktop || die eautoreconf } src_configure() { local myconf if [[ $(gcc-major-version) -lt 3 || ( $(gcc-major-version) -eq 3 && $(gcc-minor-version) -le 4 ) ]] ; then die "Unsupported compiler version, please upgrade." fi # profile and pie are incompatible #215806, #292991 if use profile; then ewarn "You've enabled the 'profile' USE flag, building PIE binaries is disabled." ewarn "Also ignore \"unrecognized option '-nopie'\" gcc warning #358101." append-flags $(test-flags-CC -nopie) fi if use adns; then if use libadns; then myconf+=" --with-adns --without-c-ares" else myconf+=" --without-adns --with-c-ares" fi else if use libadns; then myconf+=" --with-adns --without-c-ares" fi fi # Workaround bug #213705. If krb5-config --libs has -lcrypto then pass # --with-ssl to ./configure. (Mimics code from acinclude.m4). if use kerberos; then case `krb5-config --libs` in *-lcrypto*) ewarn "Kerberos was built with ssl support: linkage with openssl is enabled." ewarn "Note there are annoying license incompatibilities between the OpenSSL" ewarn "license and the GPL, so do your check before distributing such package." myconf+=" --with-ssl" ;; esac fi # Hack around inability to disable doxygen/fop doc generation use doc || export ac_cv_prog_HAVE_DOXYGEN=false use doc-pdf || export ac_cv_prog_HAVE_FOP=false # dumpcap requires libcap, setuid-install requires dumpcap econf \ $(use pcap && use_enable !caps setuid-install) \ $(use pcap && use_enable caps setcap-install) \ $(use_enable gtk wireshark) \ $(use_enable ipv6) \ $(use_enable profile profile-build) \ $(use_enable threads) \ $(use_with caps libcap) \ $(use_with crypt gcrypt) \ $(use_with geoip) \ $(use_with kerberos krb5) \ $(use_with lua) \ $(use_with pcap dumpcap-group wireshark) \ $(use_with pcap) \ $(use_with portaudio) \ $(use_with python) \ $(use_with smi libsmi) \ $(use_with ssl gnutls) \ $(use_with zlib) \ --sysconfdir="${EPREFIX}"/etc/wireshark \ --disable-extra-gcc-checks \ ${myconf} } src_compile() { default use doc && cd docbook && { emake; } } src_install() { default if use doc; then dohtml -r docbook/{release-notes.html,ws{d,u}g_html{,_chunked}} if use doc-pdf; then insinto /usr/share/doc/${PF}/pdf/ doins docbook/{{developer,user}-guide,release-notes}-{a4,us}.pdf fi fi # FAQ is not required as is installed from help/faq.txt dodoc AUTHORS ChangeLog NEWS README{,.bsd,.linux,.macos,.vmware} \ doc/{randpkt.txt,README*} insinto /usr/include/wiretap doins wiretap/wtap.h if use gtk; then for c in hi lo; do for d in 16 32 48; do insinto /usr/share/icons/${c}color/${d}x${d}/apps newins image/${c}${d}-app-wireshark.png wireshark.png done done domenu wireshark.desktop fi use pcap && chmod o-x "${ED}"/usr/bin/dumpcap #357237 } pkg_postinst() { # Add group for users allowed to sniff. enewgroup wireshark if use caps && use pcap; then fcaps 0:wireshark 550 cap_dac_read_search,cap_net_raw,cap_net_admin "${EROOT}"/usr/bin/dumpcap fi ewarn "NOTE: To run wireshark as normal user you have to add yourself to" ewarn "the wireshark group. This security measure ensures that only trusted" ewarn "users are allowed to sniff your traffic." }