[PATCH] gnu: Add yara.

  • Open
  • quality assurance status badge
Details
2 participants
  • Jakob Kirsch
  • Bruno Victal
Owner
unassigned
Submitted by
Jakob Kirsch
Severity
normal
J
J
Jakob Kirsch wrote on 18 Oct 2023 16:57
(address . guix-patches@gnu.org)(name . Jakob Kirsch)(address . jakob.kirsch@web.de)
8fff56158eb150f2dab193ccdceb19fd451583e7.1697641034.git.jakob.kirsch@web.de
* gnu/packages/antivirus.scm (yara): New variable.
---
gnu/packages/antivirus.scm | 39 ++++++++++++++++++++++++++++++++++++++
1 file changed, 39 insertions(+)

Toggle diff (73 lines)
diff --git a/gnu/packages/antivirus.scm b/gnu/packages/antivirus.scm
index 750db04040..45a85e2faf 100644
--- a/gnu/packages/antivirus.scm
+++ b/gnu/packages/antivirus.scm
@@ -2,6 +2,7 @@
;;; Copyright © 2016, 2017, 2018, 2019, 2020 Eric Bavier <bavier@posteo.net>
;;; Copyright © 2018 Christopher Baines <mail@cbaines.net>
;;; Copyright © 2019–2021 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2023 Jakob Kirsch <jakob.kirsch@web.de>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -24,9 +25,11 @@ (define-module (gnu packages antivirus)
#:use-module (guix gexp)
#:use-module (guix packages)
#:use-module (guix download)
+ #:use-module (guix git-download)
#:use-module (guix utils)
#:use-module (gnu packages)
#:use-module (gnu packages autotools)
+ #:use-module (gnu packages bash)
#:use-module (gnu packages bison)
#:use-module (gnu packages check)
#:use-module (gnu packages compression)
@@ -38,6 +41,7 @@ (define-module (gnu packages antivirus)
#:use-module (gnu packages ncurses)
#:use-module (gnu packages pcre)
#:use-module (gnu packages pkg-config)
+ #:use-module (gnu packages protobuf)
#:use-module (gnu packages tls)
#:use-module (gnu packages web)
#:use-module (gnu packages xml))
@@ -156,3 +160,38 @@ (define-public clamav
(license:non-copyleft "libclamav/strlcat.c") ;"OpenBSD" license
license:asl2.0 ;libclamav/yara*
license:expat)))) ;shared/getopt.[ch]
+
+(define-public yara
+ (package
+ (name "yara")
+ (version "v4.4.0")
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/VirusTotal/yara")
+ (commit version)))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32 "1jc468iybjl1n0r6prpw7pwhd9jvfbjghqg9qdq1hbihnv5wa4bb"))))
+ (build-system gnu-build-system)
+ (native-inputs (list autoconf automake libtool protobuf pkg-config))
+ (inputs (list openssl bash))
+ (arguments
+ '(#:phases (modify-phases %standard-phases
+ (add-before 'check 'remove-bin-sh-in-test
+ (lambda* (#:key build-inputs #:allow-other-keys)
+ (substitute* "tests/test-rules.c"
+ (("/bin/sh")
+ (string-append (assoc-ref %build-inputs "bash")
+ "/bin/sh"))))))))
+
+ (synopsis "The pattern matching swiss knife")
+ (description
+ "YARA is a tool aimed at (but not limited to) helping malware researchers to
+identify and classify malware samples. With YARA you can create descriptions of
+malware families (or whatever you want to describe) based on textual or binary patterns.
+Each description, a.k.a. rule, consists of a set of strings and a boolean expression
+which determine its logic.")
+ (home-page "https://github.com/VirusTotal/yara")
+ (license license:bsd-3)))

base-commit: 1076f32111e512ed437f135c9eb6ce2daaafd623
--
2.41.0
B
B
Bruno Victal wrote on 19 Oct 2023 17:08
(name . Jakob Kirsch)(address . jakob.kirsch@web.de)(address . 66608@debbugs.gnu.org)
87lebyhcpx.fsf@makinata.eu
Hi Jakob,

Jakob Kirsch <jakob.kirsch@web.de> writes:

Toggle quote (9 lines)
> + (arguments
> + '(#:phases (modify-phases %standard-phases
> + (add-before 'check 'remove-bin-sh-in-test
> + (lambda* (#:key build-inputs #:allow-other-keys)
> + (substitute* "tests/test-rules.c"
> + (("/bin/sh")
> + (string-append (assoc-ref %build-inputs "bash")
> + "/bin/sh"))))))))

This can be written with G-Expressions as:
Toggle snippet (11 lines)
(arguments
(list
#:phases
#~(modify-phases %standard-phases
(add-before …
(lambda _
(substitute* …
(string-append #$(this-package-input "bash") "/bin/sh")
…))))))

--
Thanks,
Bruno.
J
J
Jakob Kirsch wrote on 19 Oct 2023 18:35
[PATCH v1] gnu: Add yara.
(address . 66608@debbugs.gnu.org)(name . Jakob Kirsch)(address . jakob.kirsch@web.de)
3c80693772d40bb13e8c1939a7e7d5e969a1602d.1697733307.git.jakob.kirsch@web.de
* gnu/packages/antivirus.scm (yara): New variable.
---
gnu/packages/antivirus.scm | 40 ++++++++++++++++++++++++++++++++++++++
1 file changed, 40 insertions(+)

Toggle diff (74 lines)
diff --git a/gnu/packages/antivirus.scm b/gnu/packages/antivirus.scm
index 750db04040..db039447bf 100644
--- a/gnu/packages/antivirus.scm
+++ b/gnu/packages/antivirus.scm
@@ -2,6 +2,7 @@
;;; Copyright © 2016, 2017, 2018, 2019, 2020 Eric Bavier <bavier@posteo.net>
;;; Copyright © 2018 Christopher Baines <mail@cbaines.net>
;;; Copyright © 2019–2021 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2023 Jakob Kirsch <jakob.kirsch@web.de>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -24,9 +25,11 @@ (define-module (gnu packages antivirus)
#:use-module (guix gexp)
#:use-module (guix packages)
#:use-module (guix download)
+ #:use-module (guix git-download)
#:use-module (guix utils)
#:use-module (gnu packages)
#:use-module (gnu packages autotools)
+ #:use-module (gnu packages bash)
#:use-module (gnu packages bison)
#:use-module (gnu packages check)
#:use-module (gnu packages compression)
@@ -38,6 +41,7 @@ (define-module (gnu packages antivirus)
#:use-module (gnu packages ncurses)
#:use-module (gnu packages pcre)
#:use-module (gnu packages pkg-config)
+ #:use-module (gnu packages protobuf)
#:use-module (gnu packages tls)
#:use-module (gnu packages web)
#:use-module (gnu packages xml))
@@ -156,3 +160,39 @@ (define-public clamav
(license:non-copyleft "libclamav/strlcat.c") ;"OpenBSD" license
license:asl2.0 ;libclamav/yara*
license:expat)))) ;shared/getopt.[ch]
+
+(define-public yara
+ (package
+ (name "yara")
+ (version "v4.4.0")
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/VirusTotal/yara")
+ (commit version)))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32 "1jc468iybjl1n0r6prpw7pwhd9jvfbjghqg9qdq1hbihnv5wa4bb"))))
+ (build-system gnu-build-system)
+ (native-inputs (list autoconf automake libtool protobuf pkg-config))
+ (inputs (list openssl bash))
+ (arguments
+ (list
+ #:phases #~(modify-phases %standard-phases
+ (add-before 'check 'remove-bin-sh-in-test
+ (lambda _
+ (substitute* "tests/test-rules.c"
+ (("/bin/sh")
+ (string-append #$(this-package-input "bash")
+ "/bin/sh"))))))))
+
+ (synopsis "The pattern matching swiss knife")
+ (description
+ "YARA is a tool aimed at (but not limited to) helping malware researchers to
+identify and classify malware samples. With YARA you can create descriptions of
+malware families (or whatever you want to describe) based on textual or binary patterns.
+Each description, a.k.a. rule, consists of a set of strings and a boolean expression
+which determine its logic.")
+ (home-page "https://github.com/VirusTotal/yara")
+ (license license:bsd-3)))

base-commit: c065da01ff956d3c2bdfc45a33d910e509a211d9
--
2.41.0
?
Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send an email to 66608@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 66608
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch