GNU bug report logs - #40203
[PATCH] gnu: Add ROPgadget.

Previous Next

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 40203 in the body.
You can then email your comments to 40203 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Jakub Kądziołka <kuba <at> kadziolka.net>
To: guix-patches <at> gnu.org
Subject: [PATCH] gnu: Add ROPgadget.
Date: Tue, 24 Mar 2020 00:52:09 +0100

* gnu/packages/engineering.scm (ropgadget): New variable.
---
 gnu/packages/engineering.scm | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/gnu/packages/engineering.scm b/gnu/packages/engineering.scm
index 28a30a6831..bacfc2fbf6 100644
--- a/gnu/packages/engineering.scm
+++ b/gnu/packages/engineering.scm
@@ -1306,6 +1306,28 @@ bindings for Python, Java, OCaml and more.")
 (define-public python2-capstone
   (package-with-python2 python-capstone))
 
+(define-public ropgadget
+  (package
+    (name "ropgadget")
+    (version "6.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "ROPGadget" version))
+       (sha256
+        (base32
+         "0idiicgpijar9l9kqmfdh865c2mkfgxg0q7lpz77jc09l6q0afjh"))))
+    (build-system python-build-system)
+    (propagated-inputs
+     `(("python-capstone" ,python-capstone)))
+    (home-page "http://shell-storm.org/project/ROPgadget/")
+    (synopsis
+     "Gadget finder and auto-roper")
+    (description
+     "This tool lets you search for gadgets in binaries to help with ROP
+chain construction.")
+    (license license:bsd-3)))
+
 (define-public radare2
   (package
     (name "radare2")
-- 
2.25.2

Message #8 received at 40203 <at> debbugs.gnu.org (full text, mbox):

From: Jack Hill <jackhill <at> jackhill.us>
To: Jakub Kądziołka <kuba <at> kadziolka.net>
Cc: 40203 <at> debbugs.gnu.org
Subject: Re: [bug#40203] [PATCH] gnu: Add ROPgadget.
Date: Tue, 24 Mar 2020 11:18:05 -0400 (EDT)

[Message part 1 (text/plain, inline)]

On Tue, 24 Mar 2020, Jakub Kądziołka wrote:

[snip]

> +    (description
> +     "This tool lets you search for gadgets in binaries to help with ROP
> +chain construction.")

Perhaps we should expand what ROP means here. I as able to figure it out 
with some searching, but it would probably help non-domain experts know 
what this package is for.

I believe such a change would be in line with what the Guix manual 
recommends: https://guix.gnu.org/manual/en/html_node/Synopses-and-Descriptions.html

Best,
Jack

Message #11 received at 40203 <at> debbugs.gnu.org (full text, mbox):

From: Jakub Kądziołka <kuba <at> kadziolka.net>
To: Jack Hill <jackhill <at> jackhill.us>
Cc: 40203 <at> debbugs.gnu.org
Subject: Re: [bug#40203] [PATCH] gnu: Add ROPgadget.
Date: Tue, 24 Mar 2020 17:34:48 +0100

[Message part 1 (text/plain, inline)]

On Tue, Mar 24, 2020 at 11:18:05AM -0400, Jack Hill wrote:
> On Tue, 24 Mar 2020, Jakub Kądziołka wrote:
> 
> [snip]
> 
> > +    (description
> > +     "This tool lets you search for gadgets in binaries to help with ROP
> > +chain construction.")
> 
> Perhaps we should expand what ROP means here. I as able to figure it out
> with some searching, but it would probably help non-domain experts know what
> this package is for.

Thanks, I totally forgot about non-domain experts when writing that
description. What do you think about this revised version?

    (synopsis "Semiautomatic return oriented programming")
    (description
     "This tool lets you search for @acronym{ROP, Return Oriented Programming}
gadgets in binaries. Some facilities are included for automatically generating
chains of gadgets to execute system calls.")

Also, is the file in which I've put this package right? I choose that
place because that's where radare2 is, and it has a relatively
similar purpose. However, radare2 is a loose fit already, so ROPgadget
would be two steps removed from the original purpose of the file...

Regards,
Jakub Kądziołka

[signature.asc (application/pgp-signature, inline)]

Message #14 received at 40203 <at> debbugs.gnu.org (full text, mbox):

From: Jack Hill <jackhill <at> jackhill.us>
To: Jakub Kądziołka <kuba <at> kadziolka.net>
Cc: 40203 <at> debbugs.gnu.org
Subject: Re: [bug#40203] [PATCH] gnu: Add ROPgadget.
Date: Tue, 24 Mar 2020 12:53:41 -0400 (EDT)

[Message part 1 (text/plain, inline)]

On Tue, 24 Mar 2020, Jakub Kądziołka wrote:

> On Tue, Mar 24, 2020 at 11:18:05AM -0400, Jack Hill wrote:
>> On Tue, 24 Mar 2020, Jakub Kądziołka wrote:
>>
>> [snip]
>>
>>> +    (description
>>> +     "This tool lets you search for gadgets in binaries to help with ROP
>>> +chain construction.")
>>
>> Perhaps we should expand what ROP means here. I as able to figure it out
>> with some searching, but it would probably help non-domain experts know what
>> this package is for.
>
> Thanks, I totally forgot about non-domain experts when writing that
> description. What do you think about this revised version?
>
>    (synopsis "Semiautomatic return oriented programming")
>    (description
>     "This tool lets you search for @acronym{ROP, Return Oriented Programming}
> gadgets in binaries. Some facilities are included for automatically generating
> chains of gadgets to execute system calls.")

That makes it clearer to me, thanks!

> Also, is the file in which I've put this package right? I choose that
> place because that's where radare2 is, and it has a relatively
> similar purpose. However, radare2 is a loose fit already, so ROPgadget
> would be two steps removed from the original purpose of the file...

Indeed. (Package) organization is difficult. I don't think I have any 
useful insights.

Best,
Jack

Message #17 received at 40203 <at> debbugs.gnu.org (full text, mbox):

From: Jakub Kądziołka <kuba <at> kadziolka.net>
To: 40203 <at> debbugs.gnu.org
Cc: jackhill <at> jackhill.us
Subject: [PATCH v2] gnu: Add ROPgadget.
Date: Thu, 26 Mar 2020 22:55:29 +0100

* gnu/packages/cybersecurity.scm: New file.
(ropgadget): New variable.
* gnu/local.mk (GNU_SYSTEM_MODULES): Register the file.
---
I have decided to move the package to a separate file. I don't recall
ever doing that before, so I'm sending the package for another,
hopefully quick, round of review.

 gnu/local.mk                   |  1 +
 gnu/packages/cybersecurity.scm | 46 ++++++++++++++++++++++++++++++++++
 2 files changed, 47 insertions(+)
 create mode 100644 gnu/packages/cybersecurity.scm

diff --git a/gnu/local.mk b/gnu/local.mk
index 07b159c4fe..0a406dffa0 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -138,6 +138,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/cups.scm				\
   %D%/packages/curl.scm				\
   %D%/packages/cvassistant.scm			\
+  %D%/packages/cybersecurity.scm		\
   %D%/packages/cyrus-sasl.scm			\
   %D%/packages/databases.scm			\
   %D%/packages/datamash.scm			\
diff --git a/gnu/packages/cybersecurity.scm b/gnu/packages/cybersecurity.scm
new file mode 100644
index 0000000000..aedac03b8a
--- /dev/null
+++ b/gnu/packages/cybersecurity.scm
@@ -0,0 +1,46 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2020 Jakub Kądziołka <kuba <at> kadziolka.net>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages cybersecurity)
+  #:use-module (guix download)
+  #:use-module (guix packages)
+  #:use-module ((guix licenses) #:prefix license:)
+  #:use-module (guix build-system python)
+  #:use-module (gnu packages engineering))
+
+(define-public ropgadget
+  (package
+    (name "ropgadget")
+    (version "6.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "ROPGadget" version))
+       (sha256
+        (base32
+         "0idiicgpijar9l9kqmfdh865c2mkfgxg0q7lpz77jc09l6q0afjh"))))
+    (build-system python-build-system)
+    (propagated-inputs
+     `(("python-capstone" ,python-capstone)))
+    (home-page "http://shell-storm.org/project/ROPgadget/")
+    (synopsis "Semiautomatic return oriented programming")
+    (description
+     "This tool lets you search for @acronym{ROP, Return Oriented Programming}
+gadgets in binaries.  Some facilities are included for automatically generating
+chains of gadgets to execute system calls.")
+    (license license:bsd-3)))
-- 
2.25.2

Message #22 received at 40203-done <at> debbugs.gnu.org (full text, mbox):

From: Jakub Kądziołka <kuba <at> kadziolka.net>
To: 40203-done <at> debbugs.gnu.org
Subject: Done: [PATCH v2] gnu: Add ROPgadget.
Date: Thu, 26 Mar 2020 23:26:43 +0100

[Message part 1 (text/plain, inline)]

Pushed as commit 60eee3e6de2a11b425496bbdf90bfe1f807c8f49 after a review
from ngz on IRC.

[signature.asc (application/pgp-signature, inline)]

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.