Wireshark-dev: Re: [Wireshark-dev] Distributing Linux binaries
From: Peter Wu <peter@xxxxxxxxxxxxx>
Date: Mon, 9 Mar 2020 23:06:13 +0000
(moving discussion to wireshark-dev since there may be other packaging experts) On Mon, Mar 09, 2020 at 10:28:21PM +0100, Dario Lombardo wrote: > Hi > I was playing a bit with snap. Is is a candidate for distributing an > official linux package? > If yes, why aren't we distributing it this way officially? > If not, why? Is there some technical constraint? I just had a quick look at the feasibility in providing the full feature set from a technical perspective. The primary concern are sandbox restrictions. If that prevents local packet captures, then it would not be appropriate to recommend it as official Linux version. >From a quick look, the default sandbox very restrictive, but can be relaxed using "interfaces": https://docs.ubuntu.com/core/en/guides/intro/security https://github.com/snapcore/snapd/blob/master/interfaces/builtin/network_observe.go https://github.com/snapcore/snapd/blob/master/interfaces/builtin/network_control.go The network-observe may not be sufficient for packet capturing due to lack of cap_net_admin for controlling interface options. However, I do not know to what extend this allows limiting capabilities to a single binary (dumpcap). Some other competing distribution formats: - AppImage, basically an executable + FUSE-mounted filesystem. Request: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14464 May not be suitable as capture privs are not available by default: https://github.com/flathub/org.wireshark.Wireshark/issues/4#issuecomment-596237545 - Platpak. Its sandbox seems too restrictive, even more so than snap. There is an open feature request pointing out limitations: https://github.com/flathub/org.wireshark.Wireshark/issues/4 For distributions such as Arch Linux, the latest version of software is always available. Users of these distros will likely not feel the need to install an external package, especially not if it is significantly larger with no other benefits. Not all Linux users may be familiar with building from source, and even if they do, they may not have the computing resources available to do this on a laptop on the road, so clearly there is demand for binary packages for Linux. We could rely on the community to provide these, and link to their documentation. On Ubuntu for example, the PPA usually provides a recent version: https://launchpad.net/~wireshark-dev/+archive/ubuntu/stable As long as Debian unstable is updated, it should automatically find its way to Kali Linux. The same packaging recipe has to be manually copied to the PPA. -- Kind regards, Peter Wu https://lekensteyn.nl
- Prev by Date: Re: [Wireshark-dev] GSoC | USB Audio/Video stream export
- Next by Date: [Wireshark-dev] bug 11723
- Previous by thread: Re: [Wireshark-dev] GSoC | USB Audio/Video stream export
- Next by thread: [Wireshark-dev] bug 11723
- Index(es):