# -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:filetype=tcl:et:sw=4:ts=4:sts=4

PortSystem          1.0

name                wireshark-chmodbpf
version             1.1
revision            0
platforms           any
categories          net
license             {GPL-2 GPL-3}
maintainers         {ra1nb0w @ra1nb0w} {darkart.com:opendarwin.org @ghosthound} openmaintainer
description         Enable Wireshark to acces macOS capture devices.
long_description    An access_bpf group will be created and its members \
    allowed access to BPF devices at boot to allow unprivileged packet \
    captures. It is meant to support Wireshark where unprivileged access \
    to macOS packet capture devices is desired.
homepage            https://www.wireshark.org
distfiles

# name of the group used on /dev/bpf*
set bpf_group       access_bpf

patchfiles-append \
    patch-wireshark-chmodbpf.diff

use_configure       no
build               {}
supported_archs     noarch

pre-destroot {
    # create the group to access capture devices
    addgroup ${bpf_group}
}

destroot {
    reinplace s|@BPF_GROUP@|${bpf_group}|g ${worksrcpath}/sbin/${name}
    xinstall -m 0755 -o root -g wheel ${worksrcpath}/sbin/${name} ${destroot}${prefix}/sbin/${name}
}

# fix group creation if installed from the binary package
post-install {
    # create the group to access capture devices
    addgroup ${bpf_group}
}

# create startup that run ${name} script
startupitem.create      yes
startupitem.name        wireshark.ChmodBPF
startupitem.autostart   yes
startupitem.executable  ${prefix}/sbin/${name}
startupitem.pidfile     none

notes "
  To fully complete your installation and use Wireshark
  to capture from devices (like network interfaces) please run:

    sudo dseditgroup -q -o edit -a \[USER\] -t user ${bpf_group}

  and change \[USER\] to the user that needs access to the devices.
  A reboot should not be required for this to take effect.
"