Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

spec file contribution #114

Open
sonikbhoom opened this issue Dec 15, 2022 · 10 comments
Open

spec file contribution #114

sonikbhoom opened this issue Dec 15, 2022 · 10 comments
Labels
packaging

Comments

@sonikbhoom
Copy link

Hi,

I have made a basic SPEC file for rpmbuilds on RPM based systems, which I am willing to share. Build tested on Centos8Stream, Fedora37 & 36, and I expect it will work on all RPM based systems with the listed pkgs installed. I plan on pursuing using fedpkg as well.

How does one go about contributing to this project? (even such a small bit :) ) Does anyone even care about packaging anymore?
@royhills
Copy link
Owner

I'm not familiar with building RPM packages, so I'm not sure where SPEC files belong.

It seems the latest arp-scan RPM package is 1.9.7, which was tagged in Nov 2019, based on this webpage: https://packages.fedoraproject.org/pkgs/arp-scan/arp-scan/. There is a request to upgrade to the latest upstream version here: https://bugzilla.redhat.com/show_bug.cgi?id=2133855. The build seems to be failing with a python script error, but I have no idea what the issue is:

GenericError: File upload failed: cli-build/1671024085.9577706.mDfJZUcX/arp-scan-1.10.0-1.fc36.src.rpm
Traceback:
  File "/usr/local/lib/python3.10/site-packages/hotness/use_cases/package_scratch_build_use_case.py", line 56, in build
    result = self.builder.build(request.package, request.opts)
  File "/usr/local/lib/python3.10/site-packages/hotness/builders/koji.py", line 198, in build
    output["build_id"] = self._scratch_build(session, package.name, srpm)
  File "/usr/local/lib/python3.10/site-packages/hotness/builders/koji.py", line 451, in _scratch_build
    session.uploadWrapper(source, serverdir)
  File "/usr/lib/python3.10/site-packages/koji/__init__.py", line 3083, in uploadWrapper
    self.fastUpload(localfile, path, name, callback, blocksize, overwrite, volume=volume)
  File "/usr/lib/python3.10/site-packages/koji/__init__.py", line 3018, in fastUpload
    raise GenericError("File upload failed: %s/%s" % (path, name))

Here's a summary of what arp-scan package versions are available for various distros:

https://repology.org/project/arp-scan/packages

I'm a bit surprised that there are no RPMs for anything later than 1.9.7, but other Linux distros are keeping more up to date so I think some maintainers do care about packaging arp-scan.

Maybe containing the appropriate Fedora/Redhat maintainer to see if there is a reason why a later version hasn't been packaged would be the best first step. If there are any issues with arp-scan that are preventing the RPM packaging process, I'd be happy to address these.

@itamarjp
Copy link

Fedora / Red Hat is censoring and suspending contributor`s account.

I was the maintainer of arp-scan rpm back in 2020, I can no longer keep it up-to-date because my account was blocked / suspended ( can`t login or commit to git repo anymore )

https://koji.fedoraproject.org/koji/packageinfo?packageID=4335

it`s happening with other contributors too, look this example ->

https://www.linuxadictos.com/en/red-hat-demando-a-daniel-pocock-el-uso-del-nombre-de-dominio-wemakefedora-org.html

@royhills
Copy link
Owner

https://koji.fedoraproject.org/koji/packageinfo?packageID=4335

Thanks, that's interesting. I see you've been packaging arp-scan for many years.

I'm not involved in the packaging, but I'm happy to make any changes that would aid packaging for any distro, or to facilitate discussion on the topic.

@sonikbhoom
Copy link
Author

sonikbhoom commented Dec 17, 2022
edited

I tried to submit the spec file I have built (needs some adjustment from the fedora version; most notably adding the %global debug_package %{nil} section before %prep) but git mashes the formatting with the URL highlighting.

@royhills, if you just include a .spec file with the code, it makes the packager's task very simple. I have built many packages over the last while (from the early days of Redhat net install in 1997) and providing a basic spec file is always helpful to the individual users.

I don't usually wait for packages that lag behind the developers (as you mentioned, RH is still on 1.9.7) and build my own.
zipped .spec file attached.
arp-scan.zip

@royhills
Copy link
Owner

Thank you for the spec file. A couple of observations:

  • If you want to build with POSIX.1e capabilities support, you'll need BuildRequires: libcap-devel (note that's libcap not libPcap which is another dependency).

    If it's installed ./configure should say:

    checking for sys/capability.h... yes
checking for cap_set_proc in -lcap... yes
checking whether to use libcap... yes
configure: Including libcap POSIX.1e capability support

    and arp-scan --version will say: Built with libcap POSIX.1e capability support.
    If you don't have libpcap-devel installed, arp-scan will still build OK but won't include capabilities support.

  • get-oui now requires Text::CSV as well as LWP::UserAgent
    I had to install perl-Text-CSV and perl-LWP-Protocol-https on Fedora 37.

    I don't like all the dependencies for get-oui because I suspect that most people don't need it, and it will install a lot of perl libraries. Perhaps this should be split into a different package or something.

  • mac-vendor.txt should retain user changes if possible.
    I don't know if RPMs can do this, but if it's possible mac-vendor.txt should retain user changes and not just overwrite it with the upstream version. That was the reason behind moving it from $(pkgdatadir) to $(sysconfdir)/$(PACKAGE) in version 1.10.0.

  • Installing with capabilities
    make install will now install the arp-scan binary with setcap cap_net_raw+p /path/to/arp-scan if possible. Otherwise it will install SUID. This is new behaviour for version 1.10.0. Not sure if there are any distro rules about this sort of thing. See the install-exec-hook in Makefile.am to see what it does.

  • Not sure why this chmod is needed:

    #fix permissions for -debuginfo package
chmod 0644 $RPM_BUILD_DIR/%{name}-%{version}/mt19937ar.c

    Seems strange to change the permissions on one source file. Maybe it had bad perms at some point, but all the C files are 0644 when I do a git clone on a Fedora 37 system:

    [rsh@fedora arp-scan]$ ls -l *.c
-rw-r--r--. 1 rsh rsh 98505 Dec 17 18:25 arp-scan.c
-rw-r--r--. 1 rsh rsh  2569 Dec 17 18:25 error.c
-rw-r--r--. 1 rsh rsh  3853 Dec 17 18:25 format.c
-rw-r--r--. 1 rsh rsh  3044 Dec 17 18:25 link-bpf.c
-rw-r--r--. 1 rsh rsh  7140 Dec 17 18:25 link-dlpi.c
-rw-r--r--. 1 rsh rsh  3215 Dec 17 18:25 link-packet-socket.c
-rw-r--r--. 1 rsh rsh  5914 Dec 17 18:25 mt19937ar.c
-rw-r--r--. 1 rsh rsh  2539 Dec 17 18:25 mt19937ar-test.c
-rw-r--r--. 1 rsh rsh  9066 Dec 17 18:25 my_getopt.c
-rw-r--r--. 1 rsh rsh  1614 Dec 17 18:25 strlcpy.c
-rw-r--r--. 1 rsh rsh 15680 Dec 17 18:25 utils.c
-rw-r--r--. 1 rsh rsh  3689 Dec 17 18:25 wrappers.c

    I also wonder if this chmod is needed:

    #fix permissions for files in sbindir
chmod 0755 $RPM_BUILD_ROOT%{_sbindir}/*

Thanks for the spec file. When I get some time I'll take a closer look at it.

@sonikbhoom
Copy link
Author

Thanks for your response. That is a lot to unpack. :) I'll do my best to address your observations:

(I agree with all your observations.)

  • Is there a situation where a package would NOT want POSIX.1e support?

Adding BuildRequires(libcap-devel) seems like it is okay, but if the system does NOT have POSIX.1e support it will not build? :/ I'm not super up-to-date on POSIX.1e so I think I need to read a little more.

added: # BuildRequires: libcap-devel #uncomment to enable POSIX.1e support

  • The chmod statements are from the fc37 spec file and may no longer be required. I defer to your judgment.

  • I always use setcap cap_net_raw+p /usr/sbin/arp-scan instead of having a setuid binary (that I tend to avoid) so adding that is a very good idea.

I am reading it is possible to use it like this, in %post:
%caps(cap_net_raw=p) %{_sbindir}/arp-scan but it didn't work.
reverting to: setcap cap_net_raw=ep %{_sbindir}/arp-scan

  • I missed that the context of the new option; that is easily done.
    noreplace option will preserve the mac-vendor.txt (writes the new one with suffix .rpmnew)
    like this:
    %config(noreplace,missingok) %{_sysconfdir}/arp-scan/

  • I feel like I don't really want to mess with the PERL stuff. Fedora/RH users are used to having to add a bunch of PERL packages for a feature. I agree it might be warranted to make another package with the get-oui feature. That dependency was inherited from the FC37 spec file...

Maybe I should ask in #fedora on libra.Chat?

Attached updated zipped .spec
arp-scan.zip

@royhills
Copy link
Owner

royhills commented Dec 18, 2022
edited

  • Building with POSIX.1e capabilities
    Runtime support should be present on all Linux systems. The Linux kernel has capabilities support since 2.6.24 (nearly 15 years ago) and all distros I know enable Kernel support. On Fedora, the libcap package contains the setcap binary (needed to install an executable with capabilities) and the shared library libcap.so.2 (needed by arp-scan if it's built with capabilities support). The libcap package is installed on a Fedora 37 "minimal install" so I expect that it's available on all Fedora systems and hopefully also CentOS / RHEL.

    If you're installing arp-scan with setcap cap_net_raw+p /usr/sbin/arp-scan and running as a normal user then you must already be building with capabilities support on your own system.

    Note that if arp-scan is built with capabilities support then it will always use capabilities. So if it's SUID root, the first thing it will do is drop all capabilities except CAP_NET_RAW (the only capability arp-scan needs) and then drop SUID (so SUID is essentially as secure as setcap). Note also that it's not advisable to run arp-scan as root (e.g. with sudo) if it's (EDIT:) built with capabilities support because you'll end up with a process with UID 0 but with no special permissions (not even CAP_NET_RAW because that gets permanently dropped after it has opened the network sockets).

  • Installing the arp-scan binary with setcap
    make install will do this:

    # Install arp-scan with cap_net_raw if possible, otherwise SUID root
install-exec-hook:
        @if command -v setcap > /dev/null; then \
        if setcap cap_net_raw+p $(DESTDIR)$(bindir)/arp-scan$(EXEEXT); then \
        echo "setcap cap_net_raw+p $(DESTDIR)$(bindir)/arp-scan$(EXEEXT)"; \
        chmod u-s $(DESTDIR)$(bindir)/arp-scan$(EXEEXT); \
        else \
        echo "Setcap failed on $(DESTDIR)$(bindir)/arp-scan$(EXEEXT), falling back to setuid" >&2; \
        echo "chmod u+s $(DESTDIR)$(bindir)/arp-scan$(EXEEXT)";  \
        chmod u+s $(DESTDIR)$(bindir)/arp-scan$(EXEEXT);  \
        fi \
        else \
        echo "Setcap is not installed, falling back to setuid" >&2 ; \
        echo "chmod u+s $(DESTDIR)$(bindir)/arp-scan$(EXEEXT)" ;\
        chmod u+s $(DESTDIR)$(bindir)/arp-scan$(EXEEXT) ;\
        fi

    This deals with the following cases:

    • setcap is present and works (exit status 0): use setcap.
    • setcap is present but fails (maybe installing to a filesystem that doesn't support extended attributes like NFS): use SUID.
    • setcap is not installed: use SUID.
      I think you only need to consider the first two cases for Fedora because setcap should always be present.

  • noreplace option will preserve the mac-vendor.txt

    Great. That's exactly what we're looking for. Some users add their own MAC address/name mappings to this file so they can identify their devices, so it's good to support that use case.

  • Perl dependencies
    I only realised the extent of the dependencies when I installed arp-scan on a fresh Fedora 37 system (minimal install):

    [rsh@fedora ~]$ sudo dnf install arp-scan
Last metadata expiration check: 0:38:59 ago on Sun 18 Dec 2022 11:04:00 GMT.
Dependencies resolved.
====================================================================================================================================
 Package                                 Architecture           Version                               Repository               Size
====================================================================================================================================
Installing:
 arp-scan                                x86_64                 1.9.7-7.fc37                          fedora                  369 k
Installing dependencies:
 mailcap                                 noarch                 2.1.53-4.fc37                         fedora                   33 k
 perl-AutoLoader                         noarch                 5.74-492.fc37                         fedora                   24 k
 perl-B                                  x86_64                 1.83-492.fc37                         fedora                  184 k
 perl-Carp                               noarch                 1.52-489.fc37                         fedora                   29 k
 perl-Class-Struct                       noarch                 0.66-492.fc37                         fedora                   25 k
 perl-Compress-Raw-Bzip2                 x86_64                 2.201-2.fc37                          fedora                   34 k
 perl-Compress-Raw-Zlib                  x86_64                 2.202-3.fc37                          fedora                   64 k
 perl-Data-Dump                          noarch                 1.25-5.fc37                           fedora                   33 k
 perl-Data-Dumper                        x86_64                 2.184-490.fc37                        fedora                   56 k
 perl-Digest                             noarch                 1.20-489.fc37                         fedora                   26 k
 perl-Digest-HMAC                        noarch                 1.04-6.fc37                           fedora                   23 k
 perl-Digest-MD5                         x86_64                 2.58-489.fc37                         fedora                   36 k
 perl-Digest-SHA                         x86_64                 1:6.03-1.fc37                         fedora                   62 k
 perl-DynaLoader                         x86_64                 1.52-492.fc37                         fedora                   29 k
 perl-Encode                             x86_64                 4:3.19-492.fc37                       fedora                  1.7 M
 perl-Encode-Locale                      noarch                 1.05-24.fc37                          fedora                   19 k
 perl-Errno                              x86_64                 1.36-492.fc37                         fedora                   18 k
 perl-Exporter                           noarch                 5.77-489.fc37                         fedora                   31 k
 perl-Fcntl                              x86_64                 1.15-492.fc37                         fedora                   24 k
 perl-File-Basename                      noarch                 2.85-492.fc37                         fedora                   20 k
 perl-File-Copy                          noarch                 2.39-492.fc37                         fedora                   23 k
 perl-File-Listing                       noarch                 6.15-3.fc37                           fedora                   25 k
 perl-File-Path                          noarch                 2.18-489.fc37                         fedora                   35 k
 perl-File-Slurper                       noarch                 0.013-4.fc37                          fedora                   21 k
 perl-File-Temp                          noarch                 1:0.231.100-489.fc37                  fedora                   59 k
 perl-File-stat                          noarch                 1.12-492.fc37                         fedora                   20 k
 perl-FileHandle                         noarch                 2.03-492.fc37                         fedora                   19 k
 perl-Getopt-Long                        noarch                 1:2.54-1.fc37                         updates                  60 k
 perl-Getopt-Std                         noarch                 1.13-492.fc37                         fedora                   19 k
 perl-HTML-Parser                        x86_64                 3.80-1.fc37                           updates                 126 k
 perl-HTML-Tagset                        noarch                 3.20-52.fc37                          fedora                   19 k
 perl-HTTP-Cookies                       noarch                 6.10-7.fc37                           fedora                   38 k
 perl-HTTP-Date                          noarch                 6.05-10.fc37                          fedora                   24 k
 perl-HTTP-Message                       noarch                 6.37-1.fc37                           fedora                  102 k
 perl-HTTP-Negotiate                     noarch                 6.01-33.fc37                          fedora                   20 k
 perl-HTTP-Tiny                          noarch                 0.082-1.fc37                          fedora                   55 k
 perl-I18N-Langinfo                      x86_64                 0.21-492.fc37                         fedora                   26 k
 perl-IO                                 x86_64                 1.50-492.fc37                         fedora                   95 k
 perl-IO-Compress                        noarch                 2.201-3.fc37                          fedora                  273 k
 perl-IO-HTML                            noarch                 1.004-7.fc37                          fedora                   28 k
 perl-IO-Socket-IP                       noarch                 0.41-490.fc37                         fedora                   42 k
 perl-IO-Socket-SSL                      noarch                 2.075-1.fc37                          fedora                  221 k
 perl-IPC-Open3                          noarch                 1.22-492.fc37                         fedora                   26 k
 perl-LWP-MediaTypes                     noarch                 6.04-12.fc37                          fedora                   33 k
 perl-MIME-Base64                        x86_64                 3.16-489.fc37                         fedora                   30 k
 perl-NTLM                               noarch                 1.09-33.fc37                          fedora                   22 k
 perl-Net-HTTP                           noarch                 6.22-3.fc37                           fedora                   40 k
 perl-Net-SSLeay                         x86_64                 1.92-4.fc37                           fedora                  362 k
 perl-POSIX                              x86_64                 2.03-492.fc37                         fedora                  101 k
 perl-PathTools                          x86_64                 3.84-489.fc37                         fedora                   89 k
 perl-Pod-Escapes                        noarch                 1:1.07-489.fc37                       fedora                   20 k
 perl-Pod-Perldoc                        noarch                 3.28.01-490.fc37                      fedora                   90 k
 perl-Pod-Simple                         noarch                 1:3.43-490.fc37                       fedora                  225 k
 perl-Pod-Usage                          noarch                 4:2.03-3.fc37                         fedora                   40 k
 perl-Scalar-List-Utils                  x86_64                 5:1.63-489.fc37                       fedora                   72 k
 perl-SelectSaver                        noarch                 1.02-492.fc37                         fedora                   15 k
 perl-Socket                             x86_64                 4:2.036-1.fc37                        fedora                   55 k
 perl-Storable                           x86_64                 1:3.26-489.fc37                       fedora                   97 k
 perl-Symbol                             noarch                 1.09-492.fc37                         fedora                   17 k
 perl-Term-ANSIColor                     noarch                 5.01-490.fc37                         fedora                   48 k
 perl-Term-Cap                           noarch                 1.17-489.fc37                         fedora                   22 k
 perl-Text-ParseWords                    noarch                 3.31-489.fc37                         fedora                   16 k
 perl-Text-Tabs+Wrap                     noarch                 2021.0814-489.fc37                    fedora                   22 k
 perl-Time-HiRes                         x86_64                 4:1.9770-489.fc37                     fedora                   57 k
 perl-Time-Local                         noarch                 2:1.300-489.fc37                      fedora                   33 k
 perl-TimeDate                           noarch                 1:2.33-9.fc37                         fedora                   60 k
 perl-Try-Tiny                           noarch                 0.31-4.fc37                           fedora                   42 k
 perl-URI                                noarch                 5.17-1.fc37                           updates                 123 k
 perl-WWW-RobotRules                     noarch                 6.02-33.fc37                          fedora                   20 k
 perl-base                               noarch                 2.27-492.fc37                         fedora                   19 k
 perl-constant                           noarch                 1.33-490.fc37                         fedora                   23 k
 perl-if                                 noarch                 0.61.000-492.fc37                     fedora                   17 k
 perl-interpreter                        x86_64                 4:5.36.0-492.fc37                     fedora                   75 k
 perl-libnet                             noarch                 3.14-490.fc37                         fedora                  132 k
 perl-libs                               x86_64                 4:5.36.0-492.fc37                     fedora                  2.2 M
 perl-libwww-perl                        noarch                 6.67-2.fc37                           fedora                  212 k
 perl-locale                             noarch                 1.10-492.fc37                         fedora                   17 k
 perl-mro                                x86_64                 1.26-492.fc37                         fedora                   32 k
 perl-overload                           noarch                 1.35-492.fc37                         fedora                   49 k
 perl-overloading                        noarch                 0.02-492.fc37                         fedora                   16 k
 perl-parent                             noarch                 1:0.238-489.fc37                      fedora                   14 k
 perl-podlators                          noarch                 1:4.14-489.fc37                       fedora                  116 k
 perl-subs                               noarch                 1.04-492.fc37                         fedora                   15 k
 perl-vars                               noarch                 1.05-492.fc37                         fedora                   16 k
Installing weak dependencies:
 perl-Clone                              x86_64                 0.45-9.fc37                           fedora                   22 k
 perl-IO-Compress-Brotli                 x86_64                 0.004001-6.fc37                       fedora                   27 k
 perl-Mozilla-CA                         noarch                 20211001-4.fc37                       fedora                   12 k
 perl-NDBM_File                          x86_64                 1.15-492.fc37                         fedora                   25 k
 perl-PerlIO-utf8_strict                 x86_64                 0.009-4.fc37                          fedora                   26 k

Transaction Summary
====================================================================================================================================
Install  90 Packages

Total download size: 8.9 M
Installed size: 30 M
Is this ok [y/N]:

    I think a lot of this is because it's pulling in Perl, and most people will probably have perl already installed. But it seemed like I was installing gnome or something complex, not just a simple network scanner. This is probably worthy of a seperate issue though, because I suspect it affects all distros.

  • Pasting the spec file into the issue causes weird formatting
    Enclose it between lines containing just ``` to format the whole block as plain text. I'll try pasting it in as a seperate comment so we can discuss the content in the thread.

@royhills
Copy link
Owner

Here's the spec file from the zip file posted earlier:

Name:           arp-scan
Version:        1.10.0
Release:        1%{?dist}
Summary:        Scanning and fingerprinting tool

# Includes getopt, which is LGPLv2+, but the whole is GPLv2+.
License:        GPLv2+
Source0:        https://github.com/royhills/arp-scan/releases/download/%{version}/%{name}-%{version}.tar.gz
# source code moved to github at https://github.com/royhills/arp-scan
BuildRequires:  libpcap-devel
# BuildRequires:  libcap-devel  #uncomment to enable POSIX.1e support
BuildRequires:  gcc
BuildRequires:  perl-generators
BuildRequires:  automake autoconf
BuildRequires:  make
Requires:       perl(LWP::Simple)
Requires:       libpcap
# Requires:       libcap  #uncomment to enable POSIX.1e support


%description
arp-scan is a command-line tool that uses the ARP protocol to discover and
fingerprint IP hosts on the local network.

%global debug_package %{nil}

%prep
%setup -q

%build
autoreconf --install
#install to sbindir
%configure --bindir=%{_sbindir}
make %{?_smp_mflags}

%install
rm -rf $RPM_BUILD_ROOT
make install DESTDIR=$RPM_BUILD_ROOT


%files
%doc AUTHORS ChangeLog COPYING README TODO 
%{_sbindir}/*
%config(noreplace,missingok) %{_sysconfdir}/arp-scan
%{_datadir}/arp-scan
%{_mandir}/man?/*

%post
setcap cap_net_raw=ep %{_sbindir}/arp-scan


%changelog
* Sat Dec 17 2022 sonikbhoom <sonik.bhoom@bell.net> - 1.10.0
- updated spec build with arp-scan-1.10.0 RC1

* Thu Dec 15 2022 sonikbhoom <sonik.bhoom@bell.net> - 1.10.0
- initial spec build with arp-scan-1.10.0 RC1

@royhills
Copy link
Owner

Note: Issue #115 shows that RPM package arp-scan-1.9.7-7.fc37 does not have all the correct dependencies but the error only occurs if get-oui is run for real (a simple compile check with perl -wc won't error).

As there have been no issues logged for this bug, I suspect most people probably don't use get-oui to update ieee-oui.txt.

@sonikbhoom
Copy link
Author

I might be the only one I know that updates the ieee-oui.txt file and I have used: https://linuxnet.ca/ieee/oui/ in the past. However, the site has been a tad unreliable in the past year, not always loading. The manual update process is trivial enough, so I typically just grab https://linuxnet.ca/ieee/oui/nmap-mac-prefixes every other month or so, and copy it over the provided files...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
packaging
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@itamarjp @royhills @sonikbhoom