net-analyzer/wireshark/wireshark-1.6.7.ebuild

# Copyright 1999-2012 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-analyzer/wireshark/wireshark-1.6.7.ebuild,v 1.7 2012/06/12 03:43:59 zmedico Exp $

EAPI="3"
PYTHON_DEPEND="python? 2"
inherit eutils flag-o-matic python toolchain-funcs user

[[ -n ${PV#*_rc} && ${PV#*_rc} != ${PV} ]] && MY_P=${PN}-${PV/_} || MY_P=${P}
DESCRIPTION="A network protocol analyzer formerly known as ethereal"
HOMEPAGE="http://www.wireshark.org/"
SRC_URI="http://www.wireshark.org/download/src/all-versions/${MY_P}.tar.bz2"

LICENSE="GPL-2"
SLOT="0"
KEYWORDS="~alpha amd64 hppa ~ia64 ~ppc ppc64 ~sparc x86 ~x86-fbsd"
IUSE="adns ares doc doc-pdf gtk ipv6 lua gcrypt geoip kerberos
profile +pcap portaudio python +caps selinux smi ssl threads zlib"

RDEPEND=">=dev-libs/glib-2.14:2
        zlib? ( sys-libs/zlib
                !=sys-libs/zlib-1.2.4 )
        smi? ( net-libs/libsmi )
        gtk? ( >=x11-libs/gtk+-2.4.0:2
                x11-libs/pango
                dev-libs/atk
                x11-misc/xdg-utils )
        ssl? ( <net-libs/gnutls-3 )
        gcrypt? ( dev-libs/libgcrypt )
        pcap? ( net-libs/libpcap )
        caps? ( sys-libs/libcap )
        kerberos? ( virtual/krb5 )
        portaudio? ( media-libs/portaudio )
        ares? ( >=net-dns/c-ares-1.5 )
        !ares? ( adns? ( net-libs/adns ) )
        geoip? ( dev-libs/geoip )
        lua? ( >=dev-lang/lua-5.1 )
        selinux? ( sec-policy/selinux-wireshark )"

DEPEND="${RDEPEND}
        doc? ( dev-libs/libxslt
                dev-libs/libxml2
                app-doc/doxygen
                doc-pdf? ( dev-java/fop ) )
        virtual/pkgconfig
        dev-lang/perl
        sys-devel/bison
        sys-apps/sed
        sys-devel/flex
        !!<net-analyzer/wireshark-1.6.0_rc1"

S=${WORKDIR}/${MY_P}

# borrowed from GSoC2010_Gentoo_Capabilities by constanze and flameyeys
# @FUNCTION: fcaps
# @USAGE: fcaps {uid:gid} {file-mode} {cap1[,cap2,...]} {file}
# @RETURN: 0 if all okay; non-zero if failure and fallback
# @DESCRIPTION:
# fcaps sets the specified capabilities in the effective and permitted set of
# the given file. In case of failure fcaps sets the given file-mode.
fcaps() {
        local uid_gid=$1
        local perms=$2
        local capset=$3
        local path=$4
        local res

        chmod $perms $path && \
        chown $uid_gid $path
        res=$?

        use caps || return $res

        #set the capability
        setcap "$capset=ep" "$path" &> /dev/null
        #check if the capabilitiy got set correctly
        setcap -v "$capset=ep" "$path" &> /dev/null
        res=$?

        if [ $res -ne 0 ]; then
                ewarn "Failed to set capabilities. Probable reason is missed kernel support."
                ewarn "Kernel must have <FS>_FS_SECURITY enabled where <FS> is the filesystem"
                ewarn "to store ${path} (e.g. EXT3_FS_SECURITY). For kernels version before"
                ewarn "2.6.33_rc1 SECURITY_FILE_CAPABILITIES must be enabled as well."
                ewarn
                ewarn "Falling back to suid now..."
                chmod u+s ${path}
        fi
        return $res
}

pkg_setup() {
        if ! use gtk; then
                ewarn "USE=-gtk disables gtk-based gui called wireshark."
                ewarn "Only command line utils will be built available"
        fi
        if use python; then
                python_set_active_version 2
                python_pkg_setup
        fi
        # Add group for users allowed to sniff.
        enewgroup wireshark
}

src_prepare() {
        epatch "${FILESDIR}"/${PN}-1.6.6-gtk-pcap.patch
}

src_configure() {
        local myconf

        if [[ $(gcc-major-version) -lt 3 ||
                ( $(gcc-major-version) -eq 3 &&
                        $(gcc-minor-version) -le 4 ) ]] ; then
                die "Unsupported compiler version, please upgrade."
        fi

        if use ares && use adns; then
                elog "You asked for both, ares and adns, but we can use only one of them."
                elog "c-ares supersedes adns resolver thus using c-ares (ares USE flag)."
                myconf="$(use_with ares c-ares) --without-adns"
        else
                myconf="$(use_with adns) $(use_with ares c-ares)"
        fi

        # profile and pie are incompatible #215806, #292991
        if use profile; then
                ewarn "You've enabled the 'profile' USE flag, building PIE binaries is disabled."
                ewarn "Also ignore \"unrecognized option '-nopie'\" gcc warning #358101."
                append-flags $(test-flags-CC -nopie)
        fi

        # Workaround bug #213705. If krb5-config --libs has -lcrypto then pass
        # --with-ssl to ./configure. (Mimics code from acinclude.m4).
        if use kerberos; then
                case `krb5-config --libs` in
                        *-lcrypto*)
                                ewarn "Kerberos was built with ssl support: linkage with openssl is enabled."
                                ewarn "Note there are annoying license incompatibilities between the OpenSSL"
                                ewarn "license and the GPL, so do your check before distributing such package."
                                myconf+=" --with-ssl"
                                ;;
                esac
        fi

        # Hack around inability to disable doxygen/fop doc generation
        use doc || export ac_cv_prog_HAVE_DOXYGEN=false
        use doc-pdf || export ac_cv_prog_HAVE_FOP=false

        # dumpcap requires libcap, setuid-install requires dumpcap
        econf $(use_enable gtk wireshark) \
                $(use_enable profile profile-build) \
                $(use_with ssl gnutls) \
                $(use_with gcrypt) \
                $(use_enable ipv6) \
                $(use_enable threads) \
                $(use_with lua) \
                $(use_with kerberos krb5) \
                $(use_with smi libsmi) \
                $(use_with zlib) \
                $(use_with geoip) \
                $(use_with portaudio) \
                $(use_with python) \
                $(use_with caps libcap) \
                $(use_with pcap) \
                $(use_with pcap dumpcap-group wireshark) \
                $(use pcap && use_enable caps setcap-install) \
                $(use pcap && use_enable !caps setuid-install) \
                --sysconfdir="${EPREFIX}"/etc/wireshark \
                --disable-extra-gcc-checks \
                ${myconf}
}

src_compile() {
        emake || die
        use doc && cd docbook && { emake || die; }
}

src_install() {
        emake DESTDIR="${D}" install || die "emake install failed"
        if use doc; then
                dohtml -r docbook/{release-notes.html,ws{d,u}g_html{,_chunked}}
                if use doc-pdf; then
                        insinto /usr/share/doc/${PF}/pdf/
                        doins docbook/{{developer,user}-guide,release-notes}-{a4,us}.pdf || die
                fi
        fi

        # FAQ is not required as is installed from help/faq.txt
        dodoc AUTHORS ChangeLog NEWS README{,.bsd,.linux,.macos,.vmware} \
                doc/{randpkt.txt,README*}

        insinto /usr/include/wiretap
        doins wiretap/wtap.h || die

        if use gtk; then
                for c in hi lo; do
                        for d in 16 32 48; do
                                insinto /usr/share/icons/${c}color/${d}x${d}/apps
                                newins image/${c}${d}-app-wireshark.png wireshark.png
                        done
                done
                domenu wireshark.desktop || die
        fi
        use pcap && chmod o-x "${ED}"/usr/bin/dumpcap #357237
}

pkg_postinst() {
        if use caps && use pcap; then
                fcaps 0:wireshark 550 cap_net_raw,cap_net_admin "${EROOT}"/usr/bin/dumpcap
        fi
        echo
        ewarn "NOTE: To run wireshark as normal user you have to add yourself to"
        ewarn "the wireshark group. This security measure ensures that only trusted"
        ewarn "users are allowed to sniff your traffic."
        echo
}
1	# Copyright 1999-2012 Gentoo Foundation
2	# Distributed under the terms of the GNU General Public License v2
3	# $Header: /var/cvsroot/gentoo-x86/net-analyzer/wireshark/wireshark-1.6.7.ebuild,v 1.7 2012/06/12 03:43:59 zmedico Exp $
4
5	EAPI="3"
6	PYTHON_DEPEND="python? 2"
7	inherit eutils flag-o-matic python toolchain-funcs user
8
9	[[ -n ${PV#_rc} && ${PV#_rc} != ${PV} ]] && MY_P=${PN}-${PV/_} \|\| MY_P=${P}
10	DESCRIPTION="A network protocol analyzer formerly known as ethereal"
11	HOMEPAGE="http://www.wireshark.org/"
12	SRC_URI="http://www.wireshark.org/download/src/all-versions/${MY_P}.tar.bz2"
13
14	LICENSE="GPL-2"
15	SLOT="0"
16	KEYWORDS="~alpha amd64 hppa ~ia64 ~ppc ppc64 ~sparc x86 ~x86-fbsd"
17	IUSE="adns ares doc doc-pdf gtk ipv6 lua gcrypt geoip kerberos
18	profile +pcap portaudio python +caps selinux smi ssl threads zlib"
19
20	RDEPEND=">=dev-libs/glib-2.14:2
21	zlib? ( sys-libs/zlib
22	!=sys-libs/zlib-1.2.4 )
23	smi? ( net-libs/libsmi )
24	gtk? ( >=x11-libs/gtk+-2.4.0:2
25	x11-libs/pango
26	dev-libs/atk
27	x11-misc/xdg-utils )
28	ssl? ( <net-libs/gnutls-3 )
29	gcrypt? ( dev-libs/libgcrypt )
30	pcap? ( net-libs/libpcap )
31	caps? ( sys-libs/libcap )
32	kerberos? ( virtual/krb5 )
33	portaudio? ( media-libs/portaudio )
34	ares? ( >=net-dns/c-ares-1.5 )
35	!ares? ( adns? ( net-libs/adns ) )
36	geoip? ( dev-libs/geoip )
37	lua? ( >=dev-lang/lua-5.1 )
38	selinux? ( sec-policy/selinux-wireshark )"
39
40	DEPEND="${RDEPEND}
41	doc? ( dev-libs/libxslt
42	dev-libs/libxml2
43	app-doc/doxygen
44	doc-pdf? ( dev-java/fop ) )
45	virtual/pkgconfig
46	dev-lang/perl
47	sys-devel/bison
48	sys-apps/sed
49	sys-devel/flex
50	!!<net-analyzer/wireshark-1.6.0_rc1"
51
52	S=${WORKDIR}/${MY_P}
53
54	# borrowed from GSoC2010_Gentoo_Capabilities by constanze and flameyeys
55	# @FUNCTION: fcaps
56	# @USAGE: fcaps {uid:gid} {file-mode} {cap1[,cap2,...]} {file}
57	# @RETURN: 0 if all okay; non-zero if failure and fallback
58	# @DESCRIPTION:
59	# fcaps sets the specified capabilities in the effective and permitted set of
60	# the given file. In case of failure fcaps sets the given file-mode.
61	fcaps() {
62	local uid_gid=$1
63	local perms=$2
64	local capset=$3
65	local path=$4
66	local res
67
68	chmod $perms $path && \
69	chown $uid_gid $path
70	res=$?
71
72	use caps \|\| return $res
73
74	#set the capability
75	setcap "$capset=ep" "$path" &> /dev/null
76	#check if the capabilitiy got set correctly
77	setcap -v "$capset=ep" "$path" &> /dev/null
78	res=$?
79
80	if [ $res -ne 0 ]; then
81	ewarn "Failed to set capabilities. Probable reason is missed kernel support."
82	ewarn "Kernel must have <FS>_FS_SECURITY enabled where <FS> is the filesystem"
83	ewarn "to store ${path} (e.g. EXT3_FS_SECURITY). For kernels version before"
84	ewarn "2.6.33_rc1 SECURITY_FILE_CAPABILITIES must be enabled as well."
85	ewarn
86	ewarn "Falling back to suid now..."
87	chmod u+s ${path}
88	fi
89	return $res
90	}
91
92	pkg_setup() {
93	if ! use gtk; then
94	ewarn "USE=-gtk disables gtk-based gui called wireshark."
95	ewarn "Only command line utils will be built available"
96	fi
97	if use python; then
98	python_set_active_version 2
99	python_pkg_setup
100	fi
101	# Add group for users allowed to sniff.
102	enewgroup wireshark
103	}
104
105	src_prepare() {
106	epatch "${FILESDIR}"/${PN}-1.6.6-gtk-pcap.patch
107	}
108
109	src_configure() {
110	local myconf
111
112	if [[ $(gcc-major-version) -lt 3 \|\|
113	( $(gcc-major-version) -eq 3 &&
114	$(gcc-minor-version) -le 4 ) ]] ; then
115	die "Unsupported compiler version, please upgrade."
116	fi
117
118	if use ares && use adns; then
119	elog "You asked for both, ares and adns, but we can use only one of them."
120	elog "c-ares supersedes adns resolver thus using c-ares (ares USE flag)."
121	myconf="$(use_with ares c-ares) --without-adns"
122	else
123	myconf="$(use_with adns) $(use_with ares c-ares)"
124	fi
125
126	# profile and pie are incompatible #215806, #292991
127	if use profile; then
128	ewarn "You've enabled the 'profile' USE flag, building PIE binaries is disabled."
129	ewarn "Also ignore \"unrecognized option '-nopie'\" gcc warning #358101."
130	append-flags $(test-flags-CC -nopie)
131	fi
132
133	# Workaround bug #213705. If krb5-config --libs has -lcrypto then pass
134	# --with-ssl to ./configure. (Mimics code from acinclude.m4).
135	if use kerberos; then
136	case `krb5-config --libs` in
137	-lcrypto)
138	ewarn "Kerberos was built with ssl support: linkage with openssl is enabled."
139	ewarn "Note there are annoying license incompatibilities between the OpenSSL"
140	ewarn "license and the GPL, so do your check before distributing such package."
141	myconf+=" --with-ssl"
142	;;
143	esac
144	fi
145
146	# Hack around inability to disable doxygen/fop doc generation
147	use doc \|\| export ac_cv_prog_HAVE_DOXYGEN=false
148	use doc-pdf \|\| export ac_cv_prog_HAVE_FOP=false
149
150	# dumpcap requires libcap, setuid-install requires dumpcap
151	econf $(use_enable gtk wireshark) \
152	$(use_enable profile profile-build) \
153	$(use_with ssl gnutls) \
154	$(use_with gcrypt) \
155	$(use_enable ipv6) \
156	$(use_enable threads) \
157	$(use_with lua) \
158	$(use_with kerberos krb5) \
159	$(use_with smi libsmi) \
160	$(use_with zlib) \
161	$(use_with geoip) \
162	$(use_with portaudio) \
163	$(use_with python) \
164	$(use_with caps libcap) \
165	$(use_with pcap) \
166	$(use_with pcap dumpcap-group wireshark) \
167	$(use pcap && use_enable caps setcap-install) \
168	$(use pcap && use_enable !caps setuid-install) \
169	--sysconfdir="${EPREFIX}"/etc/wireshark \
170	--disable-extra-gcc-checks \
171	${myconf}
172	}
173
174	src_compile() {
175	emake \|\| die
176	use doc && cd docbook && { emake \|\| die; }
177	}
178
179	src_install() {
180	emake DESTDIR="${D}" install \|\| die "emake install failed"
181	if use doc; then
182	dohtml -r docbook/{release-notes.html,ws{d,u}g_html{,_chunked}}
183	if use doc-pdf; then
184	insinto /usr/share/doc/${PF}/pdf/
185	doins docbook/{{developer,user}-guide,release-notes}-{a4,us}.pdf \|\| die
186	fi
187	fi
188
189	# FAQ is not required as is installed from help/faq.txt
190	dodoc AUTHORS ChangeLog NEWS README{,.bsd,.linux,.macos,.vmware} \
191	doc/{randpkt.txt,README*}
192
193	insinto /usr/include/wiretap
194	doins wiretap/wtap.h \|\| die
195
196	if use gtk; then
197	for c in hi lo; do
198	for d in 16 32 48; do
199	insinto /usr/share/icons/${c}color/${d}x${d}/apps
200	newins image/${c}${d}-app-wireshark.png wireshark.png
201	done
202	done
203	domenu wireshark.desktop \|\| die
204	fi
205	use pcap && chmod o-x "${ED}"/usr/bin/dumpcap #357237
206	}
207
208	pkg_postinst() {
209	if use caps && use pcap; then
210	fcaps 0:wireshark 550 cap_net_raw,cap_net_admin "${EROOT}"/usr/bin/dumpcap
211	fi
212	echo
213	ewarn "NOTE: To run wireshark as normal user you have to add yourself to"
214	ewarn "the wireshark group. This security measure ensures that only trusted"
215	ewarn "users are allowed to sniff your traffic."
216	echo
217	}