arp-scan
arp-scan copied to clipboard
royhills
spec file contribution
Hi,
I have made a basic SPEC file for rpmbuilds on RPM based systems, which I am willing to share. Build tested on Centos8Stream, Fedora37 & 36, and I expect it will work on all RPM based systems with the listed pkgs installed. I plan on pursuing using fedpkg as well.
How does one go about contributing to this project? (even such a small bit :) ) Does anyone even care about packaging anymore?
I'm not familiar with building RPM packages, so I'm not sure where SPEC files belong.
It seems the latest arp-scan RPM package is 1.9.7, which was tagged in Nov 2019, based on this webpage: https://packages.fedoraproject.org/pkgs/arp-scan/arp-scan/. There is a request to upgrade to the latest upstream version here: https://bugzilla.redhat.com/show_bug.cgi?id=2133855. The build seems to be failing with a python script error, but I have no idea what the issue is:
GenericError: File upload failed: cli-build/1671024085.9577706.mDfJZUcX/arp-scan-1.10.0-1.fc36.src.rpm
Traceback:
File "/usr/local/lib/python3.10/site-packages/hotness/use_cases/package_scratch_build_use_case.py", line 56, in build
result = self.builder.build(request.package, request.opts)
File "/usr/local/lib/python3.10/site-packages/hotness/builders/koji.py", line 198, in build
output["build_id"] = self._scratch_build(session, package.name, srpm)
File "/usr/local/lib/python3.10/site-packages/hotness/builders/koji.py", line 451, in _scratch_build
session.uploadWrapper(source, serverdir)
File "/usr/lib/python3.10/site-packages/koji/__init__.py", line 3083, in uploadWrapper
self.fastUpload(localfile, path, name, callback, blocksize, overwrite, volume=volume)
File "/usr/lib/python3.10/site-packages/koji/__init__.py", line 3018, in fastUpload
raise GenericError("File upload failed: %s/%s" % (path, name))
Here's a summary of what arp-scan package versions are available for various distros:
https://repology.org/project/arp-scan/packages
I'm a bit surprised that there are no RPMs for anything later than 1.9.7, but other Linux distros are keeping more up to date so I think some maintainers do care about packaging arp-scan.
Maybe containing the appropriate Fedora/Redhat maintainer to see if there is a reason why a later version hasn't been packaged would be the best first step. If there are any issues with arp-scan that are preventing the RPM packaging process, I'd be happy to address these.
Fedora / Red Hat is censoring and suspending contributor`s account.
I was the maintainer of arp-scan rpm back in 2020, I can no longer keep it up-to-date because my account was blocked / suspended ( can`t login or commit to git repo anymore )
https://koji.fedoraproject.org/koji/packageinfo?packageID=4335
it`s happening with other contributors too, look this example ->
https://www.linuxadictos.com/en/red-hat-demando-a-daniel-pocock-el-uso-del-nombre-de-dominio-wemakefedora-org.html
https://koji.fedoraproject.org/koji/packageinfo?packageID=4335
Thanks, that's interesting. I see you've been packaging arp-scan for many years.
I'm not involved in the packaging, but I'm happy to make any changes that would aid packaging for any distro, or to facilitate discussion on the topic.
I tried to submit the spec file I have built (needs some adjustment from the fedora version; most notably adding the %global debug_package %{nil} section before %prep) but git mashes the formatting with the URL highlighting.
@royhills, if you just include a .spec file with the code, it makes the packager's task very simple. I have built many packages over the last while (from the early days of Redhat net install in 1997) and providing a basic spec file is always helpful to the individual users.
I don't usually wait for packages that lag behind the developers (as you mentioned, RH is still on 1.9.7) and build my own. zipped .spec file attached. arp-scan.zip
Thank you for the spec file. A couple of observations:
-
If you want to build with POSIX.1e capabilities support, you'll need
BuildRequires: libcap-devel(note that'slibcapnotlibPcapwhich is another dependency).If it's installed
./configureshould say:checking for sys/capability.h... yes checking for cap_set_proc in -lcap... yes checking whether to use libcap... yes configure: Including libcap POSIX.1e capability supportand
arp-scan --versionwill say:Built with libcap POSIX.1e capability support. If you don't havelibpcap-develinstalled, arp-scan will still build OK but won't include capabilities support. -
get-ouinow requiresText::CSVas well asLWP::UserAgentI had to installperl-Text-CSVandperl-LWP-Protocol-httpson Fedora 37.I don't like all the dependencies for
get-ouibecause I suspect that most people don't need it, and it will install a lot of perl libraries. Perhaps this should be split into a different package or something. -
mac-vendor.txtshould retain user changes if possible. I don't know if RPMs can do this, but if it's possiblemac-vendor.txtshould retain user changes and not just overwrite it with the upstream version. That was the reason behind moving it from$(pkgdatadir)to$(sysconfdir)/$(PACKAGE)in version 1.10.0. -
Installing with capabilities
make installwill now install the arp-scan binary withsetcap cap_net_raw+p /path/to/arp-scanif possible. Otherwise it will install SUID. This is new behaviour for version 1.10.0. Not sure if there are any distro rules about this sort of thing. See theinstall-exec-hookinMakefile.amto see what it does. -
Not sure why this chmod is needed:
#fix permissions for -debuginfo package chmod 0644 $RPM_BUILD_DIR/%{name}-%{version}/mt19937ar.cSeems strange to change the permissions on one source file. Maybe it had bad perms at some point, but all the C files are
0644when I do agit cloneon a Fedora 37 system:[rsh@fedora arp-scan]$ ls -l *.c -rw-r--r--. 1 rsh rsh 98505 Dec 17 18:25 arp-scan.c -rw-r--r--. 1 rsh rsh 2569 Dec 17 18:25 error.c -rw-r--r--. 1 rsh rsh 3853 Dec 17 18:25 format.c -rw-r--r--. 1 rsh rsh 3044 Dec 17 18:25 link-bpf.c -rw-r--r--. 1 rsh rsh 7140 Dec 17 18:25 link-dlpi.c -rw-r--r--. 1 rsh rsh 3215 Dec 17 18:25 link-packet-socket.c -rw-r--r--. 1 rsh rsh 5914 Dec 17 18:25 mt19937ar.c -rw-r--r--. 1 rsh rsh 2539 Dec 17 18:25 mt19937ar-test.c -rw-r--r--. 1 rsh rsh 9066 Dec 17 18:25 my_getopt.c -rw-r--r--. 1 rsh rsh 1614 Dec 17 18:25 strlcpy.c -rw-r--r--. 1 rsh rsh 15680 Dec 17 18:25 utils.c -rw-r--r--. 1 rsh rsh 3689 Dec 17 18:25 wrappers.cI also wonder if this
chmodis needed:#fix permissions for files in sbindir chmod 0755 $RPM_BUILD_ROOT%{_sbindir}/*
Thanks for the spec file. When I get some time I'll take a closer look at it.
Thanks for your response. That is a lot to unpack. :) I'll do my best to address your observations:
(I agree with all your observations.)
- Is there a situation where a package would NOT want POSIX.1e support?
Adding BuildRequires(libcap-devel) seems like it is okay, but if the system does NOT have POSIX.1e support it will not build? :/ I'm not super up-to-date on POSIX.1e so I think I need to read a little more.
added: # BuildRequires: libcap-devel #uncomment to enable POSIX.1e support
-
The
chmodstatements are from the fc37 spec file and may no longer be required. I defer to your judgment. -
I always use
setcap cap_net_raw+p /usr/sbin/arp-scaninstead of having a setuid binary (that I tend to avoid) so adding that is a very good idea.
I am reading it is possible to use it like this, in %post:
%caps(cap_net_raw=p) %{_sbindir}/arp-scan but it didn't work.
reverting to: setcap cap_net_raw=ep %{_sbindir}/arp-scan
-
I missed that the context of the new option; that is easily done.
noreplaceoption will preserve the mac-vendor.txt (writes the new one with suffix.rpmnew) like this:%config(noreplace,missingok) %{_sysconfdir}/arp-scan/ -
I feel like I don't really want to mess with the PERL stuff. Fedora/RH users are used to having to add a bunch of PERL packages for a feature. I agree it might be warranted to make another package with the get-oui feature. That dependency was inherited from the FC37 spec file...
Maybe I should ask in #fedora on libra.Chat?
Attached updated zipped .spec arp-scan.zip
-
Building with POSIX.1e capabilities Runtime support should be present on all Linux systems. The Linux kernel has capabilities support since
2.6.24(nearly 15 years ago) and all distros I know enable Kernel support. On Fedora, thelibcappackage contains thesetcapbinary (needed to install an executable with capabilities) and the shared librarylibcap.so.2(needed by arp-scan if it's built with capabilities support). Thelibcappackage is installed on a Fedora 37 "minimal install" so I expect that it's available on all Fedora systems and hopefully also CentOS / RHEL.If you're installing arp-scan with
setcap cap_net_raw+p /usr/sbin/arp-scanand running as a normal user then you must already be building with capabilities support on your own system.Note that if
arp-scanis built with capabilities support then it will always use capabilities. So if it's SUID root, the first thing it will do is drop all capabilities except CAP_NET_RAW (the only capabilityarp-scanneeds) and then drop SUID (so SUID is essentially as secure assetcap). Note also that it's not advisable to runarp-scanas root (e.g. with sudo) if it's (EDIT:) built with capabilities support because you'll end up with a process with UID 0 but with no special permissions (not even CAP_NET_RAW because that gets permanently dropped after it has opened the network sockets). -
Installing the arp-scan binary with
setcapmake installwill do this:# Install arp-scan with cap_net_raw if possible, otherwise SUID root install-exec-hook: @if command -v setcap > /dev/null; then \ if setcap cap_net_raw+p $(DESTDIR)$(bindir)/arp-scan$(EXEEXT); then \ echo "setcap cap_net_raw+p $(DESTDIR)$(bindir)/arp-scan$(EXEEXT)"; \ chmod u-s $(DESTDIR)$(bindir)/arp-scan$(EXEEXT); \ else \ echo "Setcap failed on $(DESTDIR)$(bindir)/arp-scan$(EXEEXT), falling back to setuid" >&2; \ echo "chmod u+s $(DESTDIR)$(bindir)/arp-scan$(EXEEXT)"; \ chmod u+s $(DESTDIR)$(bindir)/arp-scan$(EXEEXT); \ fi \ else \ echo "Setcap is not installed, falling back to setuid" >&2 ; \ echo "chmod u+s $(DESTDIR)$(bindir)/arp-scan$(EXEEXT)" ;\ chmod u+s $(DESTDIR)$(bindir)/arp-scan$(EXEEXT) ;\ fiThis deals with the following cases:
-
setcapis present and works (exit status 0): usesetcap. -
setcapis present but fails (maybe installing to a filesystem that doesn't support extended attributes like NFS): use SUID. -
setcapis not installed: use SUID. I think you only need to consider the first two cases for Fedora becausesetcapshould always be present.
-
-
noreplaceoption will preserve themac-vendor.txtGreat. That's exactly what we're looking for. Some users add their own MAC address/name mappings to this file so they can identify their devices, so it's good to support that use case.
-
Perl dependencies I only realised the extent of the dependencies when I installed
arp-scanon a fresh Fedora 37 system (minimal install):[rsh@fedora ~]$ sudo dnf install arp-scan Last metadata expiration check: 0:38:59 ago on Sun 18 Dec 2022 11:04:00 GMT. Dependencies resolved. ==================================================================================================================================== Package Architecture Version Repository Size ==================================================================================================================================== Installing: arp-scan x86_64 1.9.7-7.fc37 fedora 369 k Installing dependencies: mailcap noarch 2.1.53-4.fc37 fedora 33 k perl-AutoLoader noarch 5.74-492.fc37 fedora 24 k perl-B x86_64 1.83-492.fc37 fedora 184 k perl-Carp noarch 1.52-489.fc37 fedora 29 k perl-Class-Struct noarch 0.66-492.fc37 fedora 25 k perl-Compress-Raw-Bzip2 x86_64 2.201-2.fc37 fedora 34 k perl-Compress-Raw-Zlib x86_64 2.202-3.fc37 fedora 64 k perl-Data-Dump noarch 1.25-5.fc37 fedora 33 k perl-Data-Dumper x86_64 2.184-490.fc37 fedora 56 k perl-Digest noarch 1.20-489.fc37 fedora 26 k perl-Digest-HMAC noarch 1.04-6.fc37 fedora 23 k perl-Digest-MD5 x86_64 2.58-489.fc37 fedora 36 k perl-Digest-SHA x86_64 1:6.03-1.fc37 fedora 62 k perl-DynaLoader x86_64 1.52-492.fc37 fedora 29 k perl-Encode x86_64 4:3.19-492.fc37 fedora 1.7 M perl-Encode-Locale noarch 1.05-24.fc37 fedora 19 k perl-Errno x86_64 1.36-492.fc37 fedora 18 k perl-Exporter noarch 5.77-489.fc37 fedora 31 k perl-Fcntl x86_64 1.15-492.fc37 fedora 24 k perl-File-Basename noarch 2.85-492.fc37 fedora 20 k perl-File-Copy noarch 2.39-492.fc37 fedora 23 k perl-File-Listing noarch 6.15-3.fc37 fedora 25 k perl-File-Path noarch 2.18-489.fc37 fedora 35 k perl-File-Slurper noarch 0.013-4.fc37 fedora 21 k perl-File-Temp noarch 1:0.231.100-489.fc37 fedora 59 k perl-File-stat noarch 1.12-492.fc37 fedora 20 k perl-FileHandle noarch 2.03-492.fc37 fedora 19 k perl-Getopt-Long noarch 1:2.54-1.fc37 updates 60 k perl-Getopt-Std noarch 1.13-492.fc37 fedora 19 k perl-HTML-Parser x86_64 3.80-1.fc37 updates 126 k perl-HTML-Tagset noarch 3.20-52.fc37 fedora 19 k perl-HTTP-Cookies noarch 6.10-7.fc37 fedora 38 k perl-HTTP-Date noarch 6.05-10.fc37 fedora 24 k perl-HTTP-Message noarch 6.37-1.fc37 fedora 102 k perl-HTTP-Negotiate noarch 6.01-33.fc37 fedora 20 k perl-HTTP-Tiny noarch 0.082-1.fc37 fedora 55 k perl-I18N-Langinfo x86_64 0.21-492.fc37 fedora 26 k perl-IO x86_64 1.50-492.fc37 fedora 95 k perl-IO-Compress noarch 2.201-3.fc37 fedora 273 k perl-IO-HTML noarch 1.004-7.fc37 fedora 28 k perl-IO-Socket-IP noarch 0.41-490.fc37 fedora 42 k perl-IO-Socket-SSL noarch 2.075-1.fc37 fedora 221 k perl-IPC-Open3 noarch 1.22-492.fc37 fedora 26 k perl-LWP-MediaTypes noarch 6.04-12.fc37 fedora 33 k perl-MIME-Base64 x86_64 3.16-489.fc37 fedora 30 k perl-NTLM noarch 1.09-33.fc37 fedora 22 k perl-Net-HTTP noarch 6.22-3.fc37 fedora 40 k perl-Net-SSLeay x86_64 1.92-4.fc37 fedora 362 k perl-POSIX x86_64 2.03-492.fc37 fedora 101 k perl-PathTools x86_64 3.84-489.fc37 fedora 89 k perl-Pod-Escapes noarch 1:1.07-489.fc37 fedora 20 k perl-Pod-Perldoc noarch 3.28.01-490.fc37 fedora 90 k perl-Pod-Simple noarch 1:3.43-490.fc37 fedora 225 k perl-Pod-Usage noarch 4:2.03-3.fc37 fedora 40 k perl-Scalar-List-Utils x86_64 5:1.63-489.fc37 fedora 72 k perl-SelectSaver noarch 1.02-492.fc37 fedora 15 k perl-Socket x86_64 4:2.036-1.fc37 fedora 55 k perl-Storable x86_64 1:3.26-489.fc37 fedora 97 k perl-Symbol noarch 1.09-492.fc37 fedora 17 k perl-Term-ANSIColor noarch 5.01-490.fc37 fedora 48 k perl-Term-Cap noarch 1.17-489.fc37 fedora 22 k perl-Text-ParseWords noarch 3.31-489.fc37 fedora 16 k perl-Text-Tabs+Wrap noarch 2021.0814-489.fc37 fedora 22 k perl-Time-HiRes x86_64 4:1.9770-489.fc37 fedora 57 k perl-Time-Local noarch 2:1.300-489.fc37 fedora 33 k perl-TimeDate noarch 1:2.33-9.fc37 fedora 60 k perl-Try-Tiny noarch 0.31-4.fc37 fedora 42 k perl-URI noarch 5.17-1.fc37 updates 123 k perl-WWW-RobotRules noarch 6.02-33.fc37 fedora 20 k perl-base noarch 2.27-492.fc37 fedora 19 k perl-constant noarch 1.33-490.fc37 fedora 23 k perl-if noarch 0.61.000-492.fc37 fedora 17 k perl-interpreter x86_64 4:5.36.0-492.fc37 fedora 75 k perl-libnet noarch 3.14-490.fc37 fedora 132 k perl-libs x86_64 4:5.36.0-492.fc37 fedora 2.2 M perl-libwww-perl noarch 6.67-2.fc37 fedora 212 k perl-locale noarch 1.10-492.fc37 fedora 17 k perl-mro x86_64 1.26-492.fc37 fedora 32 k perl-overload noarch 1.35-492.fc37 fedora 49 k perl-overloading noarch 0.02-492.fc37 fedora 16 k perl-parent noarch 1:0.238-489.fc37 fedora 14 k perl-podlators noarch 1:4.14-489.fc37 fedora 116 k perl-subs noarch 1.04-492.fc37 fedora 15 k perl-vars noarch 1.05-492.fc37 fedora 16 k Installing weak dependencies: perl-Clone x86_64 0.45-9.fc37 fedora 22 k perl-IO-Compress-Brotli x86_64 0.004001-6.fc37 fedora 27 k perl-Mozilla-CA noarch 20211001-4.fc37 fedora 12 k perl-NDBM_File x86_64 1.15-492.fc37 fedora 25 k perl-PerlIO-utf8_strict x86_64 0.009-4.fc37 fedora 26 k Transaction Summary ==================================================================================================================================== Install 90 Packages Total download size: 8.9 M Installed size: 30 M Is this ok [y/N]:I think a lot of this is because it's pulling in Perl, and most people will probably have perl already installed. But it seemed like I was installing gnome or something complex, not just a simple network scanner. This is probably worthy of a seperate issue though, because I suspect it affects all distros.
-
Pasting the spec file into the issue causes weird formatting Enclose it between lines containing just ``` to format the whole block as plain text. I'll try pasting it in as a seperate comment so we can discuss the content in the thread.
Here's the spec file from the zip file posted earlier:
Name: arp-scan
Version: 1.10.0
Release: 1%{?dist}
Summary: Scanning and fingerprinting tool
# Includes getopt, which is LGPLv2+, but the whole is GPLv2+.
License: GPLv2+
Source0: https://github.com/royhills/arp-scan/releases/download/%{version}/%{name}-%{version}.tar.gz
# source code moved to github at https://github.com/royhills/arp-scan
BuildRequires: libpcap-devel
# BuildRequires: libcap-devel #uncomment to enable POSIX.1e support
BuildRequires: gcc
BuildRequires: perl-generators
BuildRequires: automake autoconf
BuildRequires: make
Requires: perl(LWP::Simple)
Requires: libpcap
# Requires: libcap #uncomment to enable POSIX.1e support
%description
arp-scan is a command-line tool that uses the ARP protocol to discover and
fingerprint IP hosts on the local network.
%global debug_package %{nil}
%prep
%setup -q
%build
autoreconf --install
#install to sbindir
%configure --bindir=%{_sbindir}
make %{?_smp_mflags}
%install
rm -rf $RPM_BUILD_ROOT
make install DESTDIR=$RPM_BUILD_ROOT
%files
%doc AUTHORS ChangeLog COPYING README TODO
%{_sbindir}/*
%config(noreplace,missingok) %{_sysconfdir}/arp-scan
%{_datadir}/arp-scan
%{_mandir}/man?/*
%post
setcap cap_net_raw=ep %{_sbindir}/arp-scan
%changelog
* Sat Dec 17 2022 sonikbhoom <[email protected]> - 1.10.0
- updated spec build with arp-scan-1.10.0 RC1
* Thu Dec 15 2022 sonikbhoom <[email protected]> - 1.10.0
- initial spec build with arp-scan-1.10.0 RC1
Note: Issue https://github.com/royhills/arp-scan/issues/115 shows that RPM package arp-scan-1.9.7-7.fc37 does not have all the correct dependencies but the error only occurs if get-oui is run for real (a simple compile check with perl -wc won't error).
As there have been no issues logged for this bug, I suspect most people probably don't use get-oui to update ieee-oui.txt.
I might be the only one I know that updates the ieee-oui.txt file and I have used: https://linuxnet.ca/ieee/oui/ in the past. However, the site has been a tad unreliable in the past year, not always loading. The manual update process is trivial enough, so I typically just grab https://linuxnet.ca/ieee/oui/nmap-mac-prefixes every other month or so, and copy it over the provided files...