Some of you might have found the earlier post on Building a Wireshark for CentOS 7. Since then several releases of Wireshark have passed, and now Wireshark has released version 2.4.0 as a stable version. You could skip to the TL;DR version if you just want the application. Don’t forget the release notes!
Update: 12 October 2018 We need to consider Wireshark – Building RPMs a different way since 2.6.4
There are a few changes for this, as they have removed the GTK+ environment entirely, focusing on Qt, which supports more platforms, and expands the Wireshark potential user base.
So let’s have a refresh of that original post, and build Wireshark 2.4.0 for Centos 7.
So the bits I need are to:
- Create a build environment
- Download the latest Wireshark code
- Compile the code
- Make RPM files
- Convert the RPM modules into a repository
- Sync the repository to somewhere public
- Publish the repository so others can find it
- Test the repo myself to make sure it works
So let’s get to it.
Creating a build environment
So first off, I need a gcc compiler, repo tools and the various dependencies for the code.
sudo yum install gcc gcc-c++ bison flex libpcap-devel qt-devel rpm-build libtool c-ares-devel qt5-qtbase-devel qt5-qtmultimedia-devel qt5-linguist desktop-file-utils createrepo
I have removed the need for
gtk3-devel as a library given that Wireshark no longer uses this front-end. In addition, you’ll need some new libraries that Wireshark 2.4.0 now requires to support other functions. These can be installed with the command:
sudo yum install libgcrypt-devel, lz4-devel, snappy-devel, libnghttp2-devel, libxml2-devel
Downloading the latest code
As of the time of writing, the latest version of Wireshark is 2.4.0, and they offer the source code for this as a .xz file, downloadable from this link. By the time you read this, the version might have increased. If you need to do this via a command line, then:
I place this in a work directory and unzip it using the command:
tar xfv wireshark-2.4.0.tar.xz
Compile the Wireshark code
Having done this a few times, I now realise that this step is unnecessary unless you want to compile using specific flags for yourself. The
make rpm-package configures the system directly without needing these steps.
So now a couple of commands to start the configuration process, prior to running the compile.
Which if things have gone well will result in a stream of text scrolling up the screen as configure does it’s thing and works out what you have installed.
Now we can compile the code, which will take some time (a LOT of packet decodes to compile), so grab a beverage whilst you wait..
Just as well it was a big cup of coffee.. at this point running
./wireshark should fire up a working copy of Wireshark, version 2.4.0
Make the Wireshark RPM files
But we need to create a package for those of you that don’t want to wait. This can be done directly, without needing to follow the Compile steps above.
Now we could install the rpm file directly using
sudo yum localinstall packaging/rpm/RPMS/x86_64/wireshark-gtk-2.4.0-1.rpm, but that’s not what I want to do, I’d like to give you the chance to make this as seamless as possible.
Now we do a bit that was in the other post about #SaferInternetDay, and hopefully, you have that environment still in place. If so, the commands below are all that are required.
rpm --resign *.rpm
createrepo --update .
This signs the RPM files with the key at the bottom of this post and updates the repository files to reflect the files being packaged.
Sync the repository to somewhere public
Now all I need to do is to put this out into the Internet so others can share in the results of my effort. To do this, I’ll use
rsync to copy this directory structure out to my public website location, but that’ll be in the background.
Publish the repository so others can find it
The RPM files and
repodata are on the website. To continue you need a
.repo file to allow yum to understand what it can download and update.
sudo mv wireshark.repo /etc/yum.repos.d
This downloads the pre-built version on the website, or if you are masochistic, the instructions below create your own version to use.
Build a Wireshark.repo file by hand
So as a user of the repository, I’m going to need to create a new .repo file in the
/etc/yum.repos.d/ directory. You can either create the file
wireshark.repo and fill it with the contents below using your favourite text editor, not forgetting to do this via sudo, as you’re writing to a system directory.
name=Wireshark for CentOS7
Test my Wireshark repository
If you’ve stuck with me this far, then let’s do the last few commands, and get you on your way.
If you’re coming from the 2.2.x series, you’ll need to remove the previous
yum remove wireshark-gtk.
Now it’s simply a case of running
sudo yum update and
sudo yum install wireshark-qt, and you’re now ready to go.
For the paranoid:
The key for the files should read: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v2.0.22 (GNU/Linux) mQENBFiZyXsBCADHkJwVI6lcprBhewbgqCdW/4AQMf2b6XbgceDntAgoTcjg++Kb VfL5Vigvo4vhLkILHcsJY00RKSQ6X6sWGRq2VVdUqIlczcS3u966JZIq155TxJLC QHWr6eATwjKFcHm/iXzdHKsJP7a4frKyayCu3YE+jJN0D9rHGuaXHHKtO9wQ+uKd Jz6WzXZCSR+UgprxgVDkIl6V+FNqDokS7LtktrTBufp/tGnT1iqmL9pB7BltHKVX Z4363gLT5JUfUkjLmfpCZlNob6VwQeewzEZgU+XozU2nYAS9jMCtOs63bIv9hFGk FC/wSrFy6OjcA0iptVH26kzfmCb8RRlB3tVnABEBAAG0blBhY2thZ2UgUHVibGlz aGVyIChQYWNrYWdlIFB1Ymxpc2hlciA8ZnVuY3Rpb25hbC1pZD4gQCB0aGlydGVl bi10ZW4gbmFub21ldGVyIG5ldHdvcmtzKSA8cHVibGlzaGVyQDEzMTBubS5uZXQ+ iQE/BBMBAgApBQJYmcl7AhsDBQkCx+oABwsJCAcDAgEGFQgCCQoLBBYCAwECHgEC F4AACgkQwiwud4tK4QLtKAf6ArwFM3TGE5X7tWDliOycuGikgkvQIen7pP1XwWJF k736dajFkq8tLujYw50L4xZU9IHeP79WtFMrHOvmL6/DqJ4urf4V1TghQQufMS7P R3bRMpQ60XinRT0uFkGZ43aTlC93YVBgGSEsCXWkguETglZdoQikxA/MxNdEMTe/ RDn9LRlm8dM12JJnJ+cQpMPXOdmujg8tRnpouCu7RKb6bBhzDex3PV/s3r9lE3KG v+/ujM8iLSpLVMA+wzph7vU64LU1DRpA/91+cDlgPG5jf5Nfw1SdE5KAk/OSW1w4 IQ9Y4De2TGzIADShkJi8/oboBidCXyS3Y2tcVemJx3jabLkBDQRYmcl7AQgAnEbt nlOfejiB605oFR+NypIphgAmunmVi2jnCLbnSql9UMwm3Migmdw7VFNSNM7hr4x0 2qgEQMhclngjdZXOYncIaU8UoqgfFe1FNLX3EBG7uLubxnGKOk7wsMKrro3cVryr 3nSEB6Ya6XW9MFB2l5+0ZThgt+eoaTfOYULqU0Bl5yj8gxrJhm1ol+ix+P/ETO0a s+nbCOXoGSUF1xXjCUAynKSwSuQGqD61z/Qw+FnmEMG4GWQW5hTfd2+4r0WHe1xh AKWzJEYbQ5aKp2j99TXmYTvMLOskg9BFn5BlJHEJi9GWixTN0QGypOw5DElPZvZe py6Mvnp8MaBp7p0Z7QARAQABiQElBBgBAgAPBQJYmcl7AhsMBQkCx+oAAAoJEMIs LneLSuEC5gMIAJpdRQH8Q8EbZeq8fgEhLdKpgHuq+y/lw/vEdFnD3d98jeELOMVQ AKKLCE5tSXH5/HFyZz1hCygeZCa7/BSmVs7VEVqE6ErbYehMGAMzkcALCcyz/GlJ 2YO26CRaWP7pNfpHdHZv5KCMq4NOQNuas8XjYNxoDOg+Cf/64M3MNkb8kHS3at+j WlRfZFAY4C9ZDMw2+SBrZ7h9aRp5b8+PTRacaamD/Uln5Nf6H49x4UVboBUrL0aR XPFSu/LCcwVLR3r1ROFN6vQAQhNcdD5Hy3t+oQnm8jWS6r4xHr4NteKeq5+yyTlB Uw5kXbPbIK7pY+v5TwaUC619wBLR4oa/eTs= =k+um -----END PGP PUBLIC KEY BLOCK-----