Wireshark-dev: Re: [Wireshark-dev] Distributing Linux binaries

From: Peter Wu <peter@xxxxxxxxxxxxx>
Date: Mon, 9 Mar 2020 23:06:13 +0000
(moving discussion to wireshark-dev since there may be other packaging
experts)

On Mon, Mar 09, 2020 at 10:28:21PM +0100, Dario Lombardo wrote:
> Hi
> I was playing a bit with snap. Is is a candidate for distributing an
> official linux package?
> If yes, why aren't we distributing it this way officially?
> If not, why? Is there some technical constraint?

I just had a quick look at the feasibility in providing the full feature
set from a technical perspective. The primary concern are sandbox
restrictions. If that prevents local packet captures, then it would not
be appropriate to recommend it as official Linux version.

>From a quick look, the default sandbox very restrictive, but can be
relaxed using "interfaces":
https://docs.ubuntu.com/core/en/guides/intro/security
https://github.com/snapcore/snapd/blob/master/interfaces/builtin/network_observe.go
https://github.com/snapcore/snapd/blob/master/interfaces/builtin/network_control.go

The network-observe may not be sufficient for packet capturing due to
lack of cap_net_admin for controlling interface options. However, I do
not know to what extend this allows limiting capabilities to a single
binary (dumpcap).

Some other competing distribution formats:

 - AppImage, basically an executable + FUSE-mounted filesystem. Request:
   https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14464
   May not be suitable as capture privs are not available by default:
   https://github.com/flathub/org.wireshark.Wireshark/issues/4#issuecomment-596237545

 - Platpak. Its sandbox seems too restrictive, even more so than snap.
   There is an open feature request pointing out limitations:
   https://github.com/flathub/org.wireshark.Wireshark/issues/4

For distributions such as Arch Linux, the latest version of software is
always available. Users of these distros will likely not feel the need
to install an external package, especially not if it is significantly
larger with no other benefits.

Not all Linux users may be familiar with building from source, and even
if they do, they may not have the computing resources available to do
this on a laptop on the road, so clearly there is demand for binary
packages for Linux. We could rely on the community to provide these, and
link to their documentation.

On Ubuntu for example, the PPA usually provides a recent version:
https://launchpad.net/~wireshark-dev/+archive/ubuntu/stable
As long as Debian unstable is updated, it should automatically find its
way to Kali Linux. The same packaging recipe has to be manually copied
to the PPA.
-- 
Kind regards,
Peter Wu
https://lekensteyn.nl