Date: Thursday, October 10, 2019 @ 00:32:41 Author: anthraxx Revision: 364298
upgpkg: kismet 2019_09_R1-1 (use network capabilities and sysusers) - upstream release - FS#36490 - FS#64009 Added: kismet/trunk/kismet.sysusers Modified: kismet/trunk/PKGBUILD kismet/trunk/kismet.install -----------------+ PKGBUILD | 51 +++++++++++++++++++++++++++++++++++++-------------- kismet.install | 18 ++++++++---------- kismet.sysusers | 1 + 3 files changed, 46 insertions(+), 24 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2019-10-09 21:18:17 UTC (rev 364297) +++ PKGBUILD 2019-10-10 00:32:41 UTC (rev 364298) @@ -4,42 +4,65 @@ # Contributor: Jason Chu <ja...@archlinux.org> pkgname=kismet -pkgver=2019_08_R1 +pkgver=2019_09_R1 _realver="${pkgver//_/-}" pkgrel=1 pkgdesc="802.11 layer2 wireless network detector, sniffer, and intrusion detection system" +url="https://www.kismetwireless.net/" arch=('x86_64') -url="https://www.kismetwireless.net/" license=('GPL') depends=('libpcap' 'pcre' 'bluez-libs' 'libcap' 'libmicrohttpd' 'protobuf-c' 'sqlite') -optdepends=('gpsd: log coordinates of detected networks' - 'wireshark-cli: provide OUI files used to determine device manufacturer' - 'wireshark-cli: mergecap, to merge multiple capture files' - 'sox: provide the default kismet sound playback binary' - 'festival: text-to-speech support' - 'flite: alternative/lightweight text-to-speech support' - 'ruby: ruby interface') -backup=('etc/kismet.conf') +optdepends=( + 'gpsd: log coordinates of detected networks' + 'wireshark-cli: provide OUI files used to determine device manufacturer' + 'wireshark-cli: mergecap, to merge multiple capture files' + 'sox: provide the default kismet sound playback binary' + 'festival: text-to-speech support' + 'flite: alternative/lightweight text-to-speech support' + 'ruby: ruby interface') +backup=( + etc/kismet/kismet.conf + etc/kismet/kismet_80211.conf + etc/kismet/kismet_alerts.conf + etc/kismet/kismet_filter.conf + etc/kismet/kismet_httpd.conf + etc/kismet/kismet_logging.conf + etc/kismet/kismet_memory.conf + etc/kismet/kismet_storage.conf + etc/kismet/kismet_uav.conf) install=kismet.install -source=("https://www.kismetwireless.net/code/${pkgname}-${_realver}.tar.xz") -sha256sums=('3a0bde964f34c5eceaa085b9f1dc4eb008a4ce3a38b68bec6d962d3404a0d96b') +source=(https://www.kismetwireless.net/code/${pkgname}-${_realver}.tar.xz + kismet.sysusers) +sha512sums=('eeaf069718206f2b6d292c41792217afc9c72c10ffa014c8c670de64195bd28d44f33364dba7d338610f17a5af2be3c125ccd1297cce362159a4968c9ddabb88' + '452b728c30c9932bdb91741af425267da87a66962ea9b736751948881f5477dee0bff8e2eeca2befdea2920da6d7d9e198bde69cef8c48bb49a0093a7f0ef897') validpgpkeys=('354689DF3C9DED803381A661D7B28822738BBDB1') # Michael Kershaw build() { cd ${pkgname}-${_realver} + autoreconf -fiv +} + +build() { + cd ${pkgname}-${_realver} ./configure \ --prefix=/usr \ --sysconfdir=/etc \ --localstatedir=/var \ - --disable-python-tools + --disable-python-tools \ + --sysconfdir=/etc/kismet make all plugins } package() { cd ${pkgname}-${_realver} - make DESTDIR="$pkgdir" install + make DESTDIR="${pkgdir}" install + # Makepkg strip bug #43600 chmod u+w "${pkgdir}"/usr/bin/kismet* + chmod o-x "${pkgdir}"/usr/bin/kismet_cap* + chown 0:315 "${pkgdir}"/usr/bin/kismet_cap* + + install -Dm 644 ../kismet.sysusers "${pkgdir}/usr/lib/sysusers.d/kismet.conf" } # vim: ts=2 sw=2 et: Modified: kismet.install =================================================================== --- kismet.install 2019-10-09 21:18:17 UTC (rev 364297) +++ kismet.install 2019-10-10 00:32:41 UTC (rev 364298) @@ -1,4 +1,3 @@ -## arg 1: the new package version post_install() { post_upgrade @@ -7,19 +6,18 @@ MUST edit /etc/kismet.conf and configure Kismet for your system, or it will NOT run properly!" - Kismet has been installed with a SUID ROOT CAPTURE HELPER executable by users - in the group ' kismet '. This WILL ALLOW USERS IN THIS GROUP TO ALTER YOUR - NETWORK INTERFACE STATES, but is more secure than running all of Kismet as - root. ONLY users in this group will be able to run Kismet and capture from - physical network devices. + Kismet has been installed with net_raw,net_admin capabilities capture helper + executable by users in the group ' kismet '. This WILL ALLOW USERS IN THIS + GROUP TO ALTER YOUR NETWORK INTERFACE STATES, but is more secure than running + all of Kismet as root. ONLY users in this group will be able to run Kismet + and capture from physical network devices. EOP } -## arg 1: the new package version -## arg 2: the old package version post_upgrade() { - # Add the group needed to use the limited-functionality binary "kismet_capture" - getent group "kismet" &>/dev/null || /usr/sbin/groupadd -r -g 315 kismet &>/dev/null + for cap_bin in /usr/bin/kismet_cap_*; do + setcap cap_net_raw,cap_net_admin=eip "${cap_bin}"; + done } # vim:set ts=2 sw=2 et: Added: kismet.sysusers =================================================================== --- kismet.sysusers (rev 0) +++ kismet.sysusers 2019-10-10 00:32:41 UTC (rev 364298) @@ -0,0 +1 @@ +g kismet 315 - - -