[PATCH] gnu: Add yara.

Done

Details

5 participants

divya
Jakob Kirsch
Liliana Marie Prikler
Bruno Victal
Sergio Pastor Pérez

Owner: unassigned

Submitted by: Jakob Kirsch

Severity: normal

Debbugs page

Jakob Kirsch wrote 1 years ago

Recipients:(address . guix-patches@gnu.org)(name . Jakob Kirsch)(address . jakob.kirsch@web.de)

Message-ID:8fff56158eb150f2dab193ccdceb19fd451583e7.1697641034.git.jakob.kirsch@web.de

* gnu/packages/antivirus.scm (yara): New variable.

---

gnu/packages/antivirus.scm | 39 ++++++++++++++++++++++++++++++++++++++

1 file changed, 39 insertions(+)

Toggle diff (73 lines)diff --git a/gnu/packages/antivirus.scm b/gnu/packages/antivirus.scm
index 750db04040..45a85e2faf 100644
--- a/gnu/packages/antivirus.scm
+++ b/gnu/packages/antivirus.scm
@@ -2,6 +2,7 @@
 ;;; Copyright © 2016, 2017, 2018, 2019, 2020 Eric Bavier <bavier@posteo.net>
 ;;; Copyright © 2018 Christopher Baines <mail@cbaines.net>
 ;;; Copyright © 2019–2021 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2023 Jakob Kirsch <jakob.kirsch@web.de>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -24,9 +25,11 @@ (define-module (gnu packages antivirus)
   #:use-module (guix gexp)
   #:use-module (guix packages)
   #:use-module (guix download)
+  #:use-module (guix git-download)
   #:use-module (guix utils)
   #:use-module (gnu packages)
   #:use-module (gnu packages autotools)
+  #:use-module (gnu packages bash)
   #:use-module (gnu packages bison)
   #:use-module (gnu packages check)
   #:use-module (gnu packages compression)
@@ -38,6 +41,7 @@ (define-module (gnu packages antivirus)
   #:use-module (gnu packages ncurses)
   #:use-module (gnu packages pcre)
   #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages protobuf)
   #:use-module (gnu packages tls)
   #:use-module (gnu packages web)
   #:use-module (gnu packages xml))
@@ -156,3 +160,38 @@ (define-public clamav
                    (license:non-copyleft "libclamav/strlcat.c") ;"OpenBSD" license
                    license:asl2.0       ;libclamav/yara*
                    license:expat))))    ;shared/getopt.[ch]
+
+(define-public yara
+  (package
+    (name "yara")
+    (version "v4.4.0")
+    (source
+     (origin
+       (method git-fetch)
+       (uri (git-reference
+             (url "https://github.com/VirusTotal/yara")
+             (commit version)))
+       (file-name (git-file-name name version))
+       (sha256
+        (base32 "1jc468iybjl1n0r6prpw7pwhd9jvfbjghqg9qdq1hbihnv5wa4bb"))))
+    (build-system gnu-build-system)
+    (native-inputs (list autoconf automake libtool protobuf pkg-config))
+    (inputs (list openssl bash))
+    (arguments
+     '(#:phases (modify-phases %standard-phases
+                  (add-before 'check 'remove-bin-sh-in-test
+                    (lambda* (#:key build-inputs #:allow-other-keys)
+                      (substitute* "tests/test-rules.c"
+                        (("/bin/sh")
+                         (string-append (assoc-ref %build-inputs "bash")
+                                        "/bin/sh"))))))))
+
+    (synopsis "The pattern matching swiss knife")
+    (description
+     "YARA is a tool aimed at (but not limited to) helping malware researchers to
+identify and classify malware samples.  With YARA you can create descriptions of
+malware families (or whatever you want to describe) based on textual or binary patterns.
+Each description, a.k.a. rule, consists of a set of strings and a boolean expression
+which determine its logic.")
+    (home-page "https://github.com/VirusTotal/yara")
+    (license license:bsd-3)))

base-commit: 1076f32111e512ed437f135c9eb6ce2daaafd623

2.41.0

Bruno Victal wrote 1 years ago

Recipients:(name . Jakob Kirsch)(address . jakob.kirsch@web.de)(address . 66608@debbugs.gnu.org)

Message-ID:87lebyhcpx.fsf@makinata.eu

Hi Jakob,

Jakob Kirsch <jakob.kirsch@web.de> writes:

Toggle quote (9 lines)

> + (arguments

> + '(#:phases (modify-phases %standard-phases

> + (add-before 'check 'remove-bin-sh-in-test

> + (lambda* (#:key build-inputs #:allow-other-keys)

> + (substitute* "tests/test-rules.c"

> + (("/bin/sh")

> + (string-append (assoc-ref %build-inputs "bash")

> + "/bin/sh"))))))))

This can be written with G-Expressions as:

Toggle snippet (11 lines)(arguments
 (list
  #:phases
  #~(modify-phases %standard-phases
      (add-before …
       (lambda _
         (substitute* …
          (string-append #$(this-package-input "bash") "/bin/sh")
          …))))))

-- 
Thanks,
Bruno.

Jakob Kirsch wrote 1 years ago

[PATCH v1] gnu: Add yara.

Recipients:(address . 66608@debbugs.gnu.org)(name . Jakob Kirsch)(address . jakob.kirsch@web.de)

Message-ID:3c80693772d40bb13e8c1939a7e7d5e969a1602d.1697733307.git.jakob.kirsch@web.de

* gnu/packages/antivirus.scm (yara): New variable.

---

gnu/packages/antivirus.scm | 40 ++++++++++++++++++++++++++++++++++++++

1 file changed, 40 insertions(+)

Toggle diff (74 lines)diff --git a/gnu/packages/antivirus.scm b/gnu/packages/antivirus.scm
index 750db04040..db039447bf 100644
--- a/gnu/packages/antivirus.scm
+++ b/gnu/packages/antivirus.scm
@@ -2,6 +2,7 @@
 ;;; Copyright © 2016, 2017, 2018, 2019, 2020 Eric Bavier <bavier@posteo.net>
 ;;; Copyright © 2018 Christopher Baines <mail@cbaines.net>
 ;;; Copyright © 2019–2021 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2023 Jakob Kirsch <jakob.kirsch@web.de>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -24,9 +25,11 @@ (define-module (gnu packages antivirus)
   #:use-module (guix gexp)
   #:use-module (guix packages)
   #:use-module (guix download)
+  #:use-module (guix git-download)
   #:use-module (guix utils)
   #:use-module (gnu packages)
   #:use-module (gnu packages autotools)
+  #:use-module (gnu packages bash)
   #:use-module (gnu packages bison)
   #:use-module (gnu packages check)
   #:use-module (gnu packages compression)
@@ -38,6 +41,7 @@ (define-module (gnu packages antivirus)
   #:use-module (gnu packages ncurses)
   #:use-module (gnu packages pcre)
   #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages protobuf)
   #:use-module (gnu packages tls)
   #:use-module (gnu packages web)
   #:use-module (gnu packages xml))
@@ -156,3 +160,39 @@ (define-public clamav
                    (license:non-copyleft "libclamav/strlcat.c") ;"OpenBSD" license
                    license:asl2.0       ;libclamav/yara*
                    license:expat))))    ;shared/getopt.[ch]
+
+(define-public yara
+  (package
+    (name "yara")
+    (version "v4.4.0")
+    (source
+     (origin
+       (method git-fetch)
+       (uri (git-reference
+             (url "https://github.com/VirusTotal/yara")
+             (commit version)))
+       (file-name (git-file-name name version))
+       (sha256
+        (base32 "1jc468iybjl1n0r6prpw7pwhd9jvfbjghqg9qdq1hbihnv5wa4bb"))))
+    (build-system gnu-build-system)
+    (native-inputs (list autoconf automake libtool protobuf pkg-config))
+    (inputs (list openssl bash))
+    (arguments
+     (list
+      #:phases #~(modify-phases %standard-phases
+                   (add-before 'check 'remove-bin-sh-in-test
+                     (lambda _
+                       (substitute* "tests/test-rules.c"
+                         (("/bin/sh")
+                          (string-append #$(this-package-input "bash")
+                                         "/bin/sh"))))))))
+
+    (synopsis "The pattern matching swiss knife")
+    (description
+     "YARA is a tool aimed at (but not limited to) helping malware researchers to
+identify and classify malware samples.  With YARA you can create descriptions of
+malware families (or whatever you want to describe) based on textual or binary patterns.
+Each description, a.k.a. rule, consists of a set of strings and a boolean expression
+which determine its logic.")
+    (home-page "https://github.com/VirusTotal/yara")
+    (license license:bsd-3)))

base-commit: c065da01ff956d3c2bdfc45a33d910e509a211d9

2.41.0

divya wrote 1 weeks ago

Recipients:(address . 66608@debbugs.gnu.org)

Message-ID:a71b0872585c453233132f59fc61e6be@subvertising.org

Here's an updated version of the patch:

From 5f27ae5aa31622a0a08cde364aaee3eeb62306cc Mon Sep 17 00:00:00 2001

* gnu/packages/antivirus.scm (yara): New variable.

---

gnu/packages/antivirus.scm | 41 ++++++++++++++++++++++++++++++++++++++

1 file changed, 41 insertions(+)

Toggle diff (74 lines)diff --git a/gnu/packages/antivirus.scm b/gnu/packages/antivirus.scm
index 23af26f411..67100f20f6 100644
--- a/gnu/packages/antivirus.scm
+++ b/gnu/packages/antivirus.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2016, 2017, 2018, 2019, 2020 Eric Bavier <bavier@posteo.net>
 ;;; Copyright © 2018 Christopher Baines <mail@cbaines.net>
+;;; Copyright © 2023 Jakob Kirsch <jakob.kirsch@web.de>
 ;;; Copyright © 2019–2021 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2024 Nicolas Graves <ngraves@ngraves.fr>
 ;;;
@@ -27,8 +28,11 @@ (define-module (gnu packages antivirus)
   #:use-module (guix gexp)
   #:use-module (guix packages)
   #:use-module (guix download)
+  #:use-module (guix git-download)
   #:use-module (guix utils)
   #:use-module (gnu packages)
+  #:use-module (gnu packages autotools)
+  #:use-module (gnu packages bash)
   #:use-module (gnu packages check)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages cmake)
@@ -40,6 +44,7 @@ (define-module (gnu packages antivirus)
   #:use-module (gnu packages ncurses)
   #:use-module (gnu packages pcre)
   #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages protobuf)
   #:use-module (gnu packages python)
   #:use-module (gnu packages python-check)
   #:use-module (gnu packages rust-apps)
@@ -185,3 +190,39 @@ (define-public clamav
                    (license:non-copyleft "libclamav/strlcat.c") ;"OpenBSD" license
                    license:asl2.0       ;libclamav/yara*
                    license:expat))))    ;shared/getopt.[ch]
+
+(define-public yara
+  (package
+    (name "yara")
+    (version "v4.5.2")
+    (source
+     (origin
+       (method git-fetch)
+       (uri (git-reference
+             (url "https://github.com/VirusTotal/yara")
+             (commit version)))
+       (file-name (git-file-name name version))
+       (sha256
+        (base32 "1qaw1zv618jkqa5g39p1sdv8s6a7q23ayqfrqv0bj2z1g4nmn95g"))))
+    (build-system gnu-build-system)
+    (native-inputs (list autoconf automake libtool protobuf pkg-config))
+    (inputs (list openssl bash))
+    (arguments
+     (list
+      #:phases #~(modify-phases %standard-phases
+                   (add-before 'check 'remove-bin-sh-in-test
+                     (lambda _
+                       (substitute* "tests/test-rules.c"
+                         (("/bin/sh")
+                          (string-append #$(this-package-input "bash")
+                                         "/bin/sh"))))))))
+
+    (synopsis "The pattern matching swiss knife")
+    (description
+     "YARA is a tool aimed at (but not limited to) helping malware researchers to
+identify and classify malware samples.  With YARA you can create descriptions of
+malware families (or whatever you want to describe) based on textual or binary patterns.
+Each description, a.k.a. rule, consists of a set of strings and a boolean expression
+which determine its logic.")
+    (home-page "https://github.com/VirusTotal/yara")
+    (license license:bsd-3)))
-- 
2.48.1

Divya Ranjan wrote 7 days ago

[PATCH] gnu: Add yara.

Recipients:(address . 66608@debbugs.gnu.org)(name . Divya Ranjan)(address . divya@subvertising.org)

Message-ID:64e8f5f5bf2b2180983183e351012b894bc4279d.1741211524.git.divya@subvertising.org

* gnu/packages/antivirus.scm (yara): New variable.

Change-Id: I6ecad2cc6cc797102269ccde80071f7290db44e4

---

gnu/packages/antivirus.scm | 41 ++++++++++++++++++++++++++++++++++++++

1 file changed, 41 insertions(+)

Toggle diff (76 lines)diff --git a/gnu/packages/antivirus.scm b/gnu/packages/antivirus.scm
index 23af26f411..9e714ae092 100644
--- a/gnu/packages/antivirus.scm
+++ b/gnu/packages/antivirus.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2016, 2017, 2018, 2019, 2020 Eric Bavier <bavier@posteo.net>
 ;;; Copyright © 2018 Christopher Baines <mail@cbaines.net>
+;;; Copyright © 2023 Jakob Kirsch <jakob.kirsch@web.de>
 ;;; Copyright © 2019–2021 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2024 Nicolas Graves <ngraves@ngraves.fr>
 ;;;
@@ -27,8 +28,11 @@ (define-module (gnu packages antivirus)
   #:use-module (guix gexp)
   #:use-module (guix packages)
   #:use-module (guix download)
+  #:use-module (guix git-download)
   #:use-module (guix utils)
   #:use-module (gnu packages)
+  #:use-module (gnu packages autotools)
+  #:use-module (gnu packages bash)
   #:use-module (gnu packages check)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages cmake)
@@ -40,6 +44,7 @@ (define-module (gnu packages antivirus)
   #:use-module (gnu packages ncurses)
   #:use-module (gnu packages pcre)
   #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages protobuf)
   #:use-module (gnu packages python)
   #:use-module (gnu packages python-check)
   #:use-module (gnu packages rust-apps)
@@ -185,3 +190,39 @@ (define-public clamav
                    (license:non-copyleft "libclamav/strlcat.c") ;"OpenBSD" license
                    license:asl2.0       ;libclamav/yara*
                    license:expat))))    ;shared/getopt.[ch]
+
+(define-public yara
+  (package
+    (name "yara")
+    (version "v4.5.2")
+    (source
+     (origin
+       (method git-fetch)
+       (uri (git-reference
+             (url "https://github.com/VirusTotal/yara")
+             (commit version)))
+       (file-name (git-file-name name version))
+       (sha256
+        (base32 "1qaw1zv618jkqa5g39p1sdv8s6a7q23ayqfrqv0bj2z1g4nmn95g"))))
+    (build-system gnu-build-system)
+    (native-inputs (list autoconf automake libtool protobuf pkg-config))
+    (inputs (list openssl bash-minimal))
+    (arguments
+     (list
+      #:phases
+      #~(modify-phases %standard-phases
+          (add-before 'check 'remove-bin-sh-in-test
+            (lambda _
+              (substitute* "tests/test-rules.c"
+                (("/bin/sh")
+                 (string-append #$(this-package-input "bash") "/bin/sh"))))))))
+
+    (synopsis "The pattern matching swiss knife")
+    (description
+     "YARA is a tool aimed at (but not limited to) helping malware researchers to
+identify and classify malware samples.  With YARA you can create descriptions of
+malware families (or whatever you want to describe) based on textual or binary patterns.
+Each description, a.k.a. rule, consists of a set of strings and a boolean expression
+which determine its logic.")
+    (home-page "https://github.com/VirusTotal/yara")
+    (license license:bsd-3)))

base-commit: 310adf4ce70cbb864859274fcc7842bd519bbddc
-- 
2.48.1

Divya Ranjan wrote 7 days ago

Re: [bug#66608] [PATCH v2] gnu: Add yara.

Recipients:(address . 66608@debbugs.gnu.org)(name . Sharlatan Hellseher)(address . sharlatanus@gmail.com)

Message-ID:87eczbm8ir.fsf_-_@subvertising.org

The last patch was failing because I forgot to change bash to bash-minimal in the gexp, here’s a revised patch that builds and the linter doesn’t complain:

From 42d544e60f50052e5a263f63dda62fe0297fad35 Mon Sep 17 00:00:00 2001

Message-ID: <42d544e60f50052e5a263f63dda62fe0297fad35.1741212734.git.divya@subvertising.org>

* gnu/packages/antivirus.scm (yara): New variable.

Change-Id: I6ecad2cc6cc797102269ccde80071f7290db44e4

---

gnu/packages/antivirus.scm | 41 ++++++++++++++++++++++++++++++++++++++

1 file changed, 41 insertions(+)

Toggle diff (76 lines)diff --git a/gnu/packages/antivirus.scm b/gnu/packages/antivirus.scm
index 23af26f411..52bbe6b818 100644
--- a/gnu/packages/antivirus.scm
+++ b/gnu/packages/antivirus.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2016, 2017, 2018, 2019, 2020 Eric Bavier <bavier@posteo.net>
 ;;; Copyright © 2018 Christopher Baines <mail@cbaines.net>
+;;; Copyright © 2023 Jakob Kirsch <jakob.kirsch@web.de>
 ;;; Copyright © 2019–2021 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2024 Nicolas Graves <ngraves@ngraves.fr>
 ;;;
@@ -27,8 +28,11 @@ (define-module (gnu packages antivirus)
   #:use-module (guix gexp)
   #:use-module (guix packages)
   #:use-module (guix download)
+  #:use-module (guix git-download)
   #:use-module (guix utils)
   #:use-module (gnu packages)
+  #:use-module (gnu packages autotools)
+  #:use-module (gnu packages bash)
   #:use-module (gnu packages check)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages cmake)
@@ -40,6 +44,7 @@ (define-module (gnu packages antivirus)
   #:use-module (gnu packages ncurses)
   #:use-module (gnu packages pcre)
   #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages protobuf)
   #:use-module (gnu packages python)
   #:use-module (gnu packages python-check)
   #:use-module (gnu packages rust-apps)
@@ -185,3 +190,39 @@ (define-public clamav
                    (license:non-copyleft "libclamav/strlcat.c") ;"OpenBSD" license
                    license:asl2.0       ;libclamav/yara*
                    license:expat))))    ;shared/getopt.[ch]
+
+(define-public yara
+  (package
+    (name "yara")
+    (version "v4.5.2")
+    (source
+     (origin
+       (method git-fetch)
+       (uri (git-reference
+             (url "https://github.com/VirusTotal/yara")
+             (commit version)))
+       (file-name (git-file-name name version))
+       (sha256
+        (base32 "1qaw1zv618jkqa5g39p1sdv8s6a7q23ayqfrqv0bj2z1g4nmn95g"))))
+    (build-system gnu-build-system)
+    (native-inputs (list autoconf automake libtool protobuf pkg-config))
+    (inputs (list openssl bash-minimal))
+    (arguments
+     (list
+      #:phases
+      #~(modify-phases %standard-phases
+          (add-before 'check 'remove-bin-sh-in-test
+            (lambda _
+              (substitute* "tests/test-rules.c"
+                (("/bin/sh")
+                 (string-append #$(this-package-input "bash-minimal") "/bin/sh"))))))))
+
+    (synopsis "The pattern matching swiss knife")
+    (description
+     "YARA is a tool aimed at (but not limited to) helping malware researchers to
+identify and classify malware samples.  With YARA you can create descriptions of
+malware families (or whatever you want to describe) based on textual or binary patterns.
+Each description, a.k.a. rule, consists of a set of strings and a boolean expression
+which determine its logic.")
+    (home-page "https://github.com/VirusTotal/yara")
+    (license license:bsd-3)))

base-commit: 310adf4ce70cbb864859274fcc7842bd519bbddc
-- 
2.48.1

Divya Ranjan,

Philosophy, Mathematics, Libre Software.

PGP Fingerprint: F0B3 1A69 8006 8FB8 096A 2F12 B245 10C6 108C 8D4A

Sergio Pastor Pérez wrote 6 days ago

Recipients:(name . Divya Ranjan)(address . divya@subvertising.org)

Message-ID:84bjueqjob.fsf@gmail.com

Hello Divyá, thanks for the version bump.

The patch builds and lints successfully.

Guix style will add a line break at the `string-append' line, like so:

Toggle snippet (4 lines)

(string-append #$(this-package-input "bash-minimal")

"/bin/sh")

I think this can be done by the committer.

Other than that, the patch looks good to go.

Reviewed-by: Sergio Pastor Pérez <sergio.pastorperez@gmail.com>

Thanks!

Sergio.

Liliana Marie Prikler wrote 6 days ago

Recipients:

Message-ID:ce440f126135818457a8ba29fb1af9f01eb5e5e3.camel@gmail.com

Am Donnerstag, dem 06.03.2025 um 16:10 +0100 schrieb Sergio Pastor

Pérez:

Toggle quote (14 lines)> Hello Divyá, thanks for the version bump.
> 
> The patch builds and lints successfully.
> 
> Guix style will add a line break at the `string-append' line, like
> so:
> --8<---------------cut here---------------start------------->8---
> (string-append #$(this-package-input "bash-minimal")
>                "/bin/sh")
> --8<---------------cut here---------------end--------------->8---
> 
> I think this can be done by the committer.
> 
> Other than that, the patch looks good to go.

Well, I also reworded the synopsis and description and reordered the

fields, but it's done.

Cheers

Closed

Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send an email to 66608@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it

mumi current 66608

Then, you may apply the latest patchset in this issue (with sign off)

mumi am -- -s

Or, compose a reply to this issue

mumi compose

Or, send patches to this issue

mumi send-email *.patch

You may also tag this issue. See list of standard tags. For example, to set the confirmed and easy tags

mumi command -t +confirmed -t +easy

Or, remove the moreinfo tag and set the help tag

mumi command -t -moreinfo -t +help

is:open	open issues
is:done	closed issues
submitter:<who>	search issue submitter
author:<who>	search by message author
date:yesterday..now	search by issue date
mdate:3m..2d	search by message date