From debbugs-submit-bounces@debbugs.gnu.org Wed Oct 18 10:58:12 2023 Received: (at submit) by debbugs.gnu.org; 18 Oct 2023 14:58:12 +0000 Received: from localhost ([127.0.0.1]:34430 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qt7zw-0003BN-83 for submit@debbugs.gnu.org; Wed, 18 Oct 2023 10:58:12 -0400 Received: from lists.gnu.org ([2001:470:142::17]:51602) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qt7zr-0003Aq-59 for submit@debbugs.gnu.org; Wed, 18 Oct 2023 10:58:10 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qt7zL-0002sB-3d for guix-patches@gnu.org; Wed, 18 Oct 2023 10:57:35 -0400 Received: from mout.web.de ([217.72.192.78]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qt7zI-0004mi-UE for guix-patches@gnu.org; Wed, 18 Oct 2023 10:57:34 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=web.de; s=s29768273; t=1697641048; x=1698245848; i=jakob.kirsch@web.de; bh=9U14gAimEC5cdFNMdD47kdOCozL2xinjsn54RwMLmcQ=; h=X-UI-Sender-Class:From:To:Cc:Subject:Date; b=FI9uQxmyamhDniaNmU6opOJ66/Ml5cUW7+ovi1VTwHA7p/NSTpVEq+TmjGTAYoEmFIpfJgtJbQq PLL/G7B8veZg/1GpN6w8bMLcoakgEp0ngjb5zDOBFDirMtE5o+xSqz0o3L8TaPlG1YpFFVj3CTcZy t+jH37fC9ToWTl7pgLBZTQ1bXra+ajL5GCFnTAYwADJcAA6mITy5PJ/Dd1ev1pMV7BZKZmuTxzmHK BBuu4bN58EcTpbgafcLM4u2urNOxUQLuJZYK1lbCD/CyynchPAmYYvHFqbIpesa5Nvyo/7N86xK9e W4L+K8WhcF3/KAw9EZcpL7OmmSJ7BKQaqESg== X-UI-Sender-Class: 814a7b36-bfc1-4dae-8640-3722d8ec6cd6 Received: from guix.fritz.box ([134.19.20.68]) by smtp.web.de (mrweb105 [213.165.67.124]) with ESMTPSA (Nemesis) id 1MdwJY-1rQXb41Yne-00aypA; Wed, 18 Oct 2023 16:57:28 +0200 From: Jakob Kirsch To: guix-patches@gnu.org Subject: [PATCH] gnu: Add yara. Date: Wed, 18 Oct 2023 16:57:14 +0200 Message-ID: <8fff56158eb150f2dab193ccdceb19fd451583e7.1697641034.git.jakob.kirsch@web.de> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Provags-ID: V03:K1:lD5fecA5tiI/qVnhOq4UYOeI4DbNZzYM5T/2MTX3rukfb+bj548 BpzNZ3pL5D9nziRSAJj1LF3bQcbzbCKb+dQCZQLqiOsjjwIhIPYHQ29H4B3tXCgcHZNa414 cbE29n2Jt1sjKmwm/DW0B9JLoJ1PU0PUNCKyjvFqWPWF9S5/HIg8cd/kksO9ZjRXrtGKy83 Fo6EtUtFINqRTx4oDw+uQ== X-Spam-Flag: NO UI-OutboundReport: notjunk:1;M01:P0:3Aqf+Ov8GnM=;nSEkEXZNVBvuCdjnMQIrDSQTIlc elsLatcP7tyLA89pZMNToc3lwVon6fh7od/RGe224MGzSiap1tpH4Y4Uuwy29/+ME6pS2JBve pxTLMK3ACH2GjiCd8aemF0W2cjUMsXTSl3tkW8uzJ2poxs+hBuH/5nx7+W26Wkx10k2onKrMb W+DKa4amxjSlKePBo9cwfkjdgCOpVOBSGrlIVMnrULhTCoV0d5eCmmikJUdTmV9vAmvnNIqaq xchgluN+AUMilHvA3SdPMYEYi6V0iGMzx1bXSE4Z7J3nH3zbeFGzVT5dBrARrtn9R2kLVESsF j8IFYEHUa0dozux3Eg+dSAhW1EeTOKX0od1a4nTWWWqC1ODAFQdn20bcLHIZdtUikapzjQ3G/ rLNZyVCcyEJN4RDNDhpNKV4KKurYe7tSigNUjD+Vdk6qfCQbzY/gqIJ+wFbQbgbM3HPlLhnLc oK6nmomXkO96ipVpG/HUOocov+bxSjzQ58JrpHdpx7WBUtgsd6BasiBUp1mw6dt4vAB4EhGOQ 0ZyEOXH7tu18qWJ0bTggvskojECvco5zTvrUt1rm9ViVI1Ch2ffqZZrto09mgC2Ei/+FduIbC /k0/FYQPc3f2wBHwavVMYyU5G0eFVrbNttoZUuC3OiCCY5fn0kTJVi8rXXe74fhiUij2koYXp XpvJaCzvxWjMdQ4ytcolgA3lEbhXZJeJRTgbjUnSUaV521GwdN4t+whbch9SFGAVoyg0auCZ8 9/hh6wqd1OrWa2MjEkShiHKVwX7QfKlwzU5Fo6xUi3P+lhRvx7YBx3JJunuNLNwztj0mFzhlQ xrNyEyLry9/pEafCnT4gu3FG6E9nAPERh7rlxp2I7KB1Y+y0rfSyMhzFrrFvcg9xQXdAyJV09 ss8VeD6Jquz7PRzrf+tiz4fNlUHYoP0KH5CxVkdRTbyOHcbcq61F2tkyI9J7P7WT30LI5lvGc IWlQVnjQ2e8eGFSTr1KUoMrT6so= Received-SPF: pass client-ip=217.72.192.78; envelope-from=jakob.kirsch@web.de; helo=mout.web.de X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 3.0 (+++) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: * gnu/packages/antivirus.scm (yara): New variable. --- gnu/packages/antivirus.scm | 39 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/gnu/packages/antivirus.scm b/gnu/packages/antivirus.scm index 750db04040..45a85e2faf 100644 --- a/gnu/packages/antivirus.scm +++ b/gnu/packages/antivirus.scm @@ -2,6 +2,7 @@ ;;; Copyright [...] Content analysis details: (3.0 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (jakob.kirsch[at]web.de) -0.0 SPF_HELO_PASS SPF: HELO matches SPF record 1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) 2.0 SPOOFED_FREEMAIL No description available. X-Debbugs-Envelope-To: submit Cc: Jakob Kirsch X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) * gnu/packages/antivirus.scm (yara): New variable. =2D-- gnu/packages/antivirus.scm | 39 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/gnu/packages/antivirus.scm b/gnu/packages/antivirus.scm index 750db04040..45a85e2faf 100644 =2D-- a/gnu/packages/antivirus.scm +++ b/gnu/packages/antivirus.scm @@ -2,6 +2,7 @@ ;;; Copyright =C2=A9 2016, 2017, 2018, 2019, 2020 Eric Bavier ;;; Copyright =C2=A9 2018 Christopher Baines ;;; Copyright =C2=A9 2019=E2=80=932021 Tobias Geerinckx-Rice +;;; Copyright =C2=A9 2023 Jakob Kirsch ;;; ;;; This file is part of GNU Guix. ;;; @@ -24,9 +25,11 @@ (define-module (gnu packages antivirus) #:use-module (guix gexp) #:use-module (guix packages) #:use-module (guix download) + #:use-module (guix git-download) #:use-module (guix utils) #:use-module (gnu packages) #:use-module (gnu packages autotools) + #:use-module (gnu packages bash) #:use-module (gnu packages bison) #:use-module (gnu packages check) #:use-module (gnu packages compression) @@ -38,6 +41,7 @@ (define-module (gnu packages antivirus) #:use-module (gnu packages ncurses) #:use-module (gnu packages pcre) #:use-module (gnu packages pkg-config) + #:use-module (gnu packages protobuf) #:use-module (gnu packages tls) #:use-module (gnu packages web) #:use-module (gnu packages xml)) @@ -156,3 +160,38 @@ (define-public clamav (license:non-copyleft "libclamav/strlcat.c") ;"OpenBSD= " license license:asl2.0 ;libclamav/yara* license:expat)))) ;shared/getopt.[ch] + +(define-public yara + (package + (name "yara") + (version "v4.4.0") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/VirusTotal/yara") + (commit version))) + (file-name (git-file-name name version)) + (sha256 + (base32 "1jc468iybjl1n0r6prpw7pwhd9jvfbjghqg9qdq1hbihnv5wa4bb")))= ) + (build-system gnu-build-system) + (native-inputs (list autoconf automake libtool protobuf pkg-config)) + (inputs (list openssl bash)) + (arguments + '(#:phases (modify-phases %standard-phases + (add-before 'check 'remove-bin-sh-in-test + (lambda* (#:key build-inputs #:allow-other-keys) + (substitute* "tests/test-rules.c" + (("/bin/sh") + (string-append (assoc-ref %build-inputs "bash") + "/bin/sh")))))))) + + (synopsis "The pattern matching swiss knife") + (description + "YARA is a tool aimed at (but not limited to) helping malware resear= chers to +identify and classify malware samples. With YARA you can create descript= ions of +malware families (or whatever you want to describe) based on textual or b= inary patterns. +Each description, a.k.a. rule, consists of a set of strings and a boolean= expression +which determine its logic.") + (home-page "https://github.com/VirusTotal/yara") + (license license:bsd-3))) base-commit: 1076f32111e512ed437f135c9eb6ce2daaafd623 =2D- 2.41.0 From debbugs-submit-bounces@debbugs.gnu.org Thu Oct 19 11:08:47 2023 Received: (at 66608) by debbugs.gnu.org; 19 Oct 2023 15:08:47 +0000 Received: from localhost ([127.0.0.1]:37487 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qtUdi-0004gO-Nl for submit@debbugs.gnu.org; Thu, 19 Oct 2023 11:08:46 -0400 Received: from smtpm3.myservices.hosting ([185.26.105.234]:38818) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qtUdf-0004gE-5k for 66608@debbugs.gnu.org; Thu, 19 Oct 2023 11:08:45 -0400 Received: from mail1.netim.hosting (unknown [185.26.106.173]) by smtpm3.myservices.hosting (Postfix) with ESMTP id E7C1020F11; Thu, 19 Oct 2023 17:08:14 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by mail1.netim.hosting (Postfix) with ESMTP id 68E328009B; Thu, 19 Oct 2023 17:08:11 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at mail1.netim.hosting Received: from mail1.netim.hosting ([127.0.0.1]) by localhost (mail1-2.netim.hosting [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id DUfwML_ZQbxO; Thu, 19 Oct 2023 17:08:11 +0200 (CEST) Received: from guix-nuc (unknown [10.192.1.83]) (Authenticated sender: lumen@makinata.eu) by mail1.netim.hosting (Postfix) with ESMTPSA id C589980099; Thu, 19 Oct 2023 17:08:10 +0200 (CEST) From: Bruno Victal To: Jakob Kirsch Subject: Re: [bug#66608] [PATCH] gnu: Add yara. In-Reply-To: <8fff56158eb150f2dab193ccdceb19fd451583e7.1697641034.git.jakob.kirsch@web.de> (Jakob Kirsch's message of "Wed, 18 Oct 2023 16:57:14 +0200") References: <8fff56158eb150f2dab193ccdceb19fd451583e7.1697641034.git.jakob.kirsch@web.de> X-Hashcash: 1:26:231019:66608@debbugs.gnu.org::S61yYzi6hptZgSfu:23BLp X-Hashcash: 1:26:231019:jakob.kirsch@web.de::zbHuKIfbiwquqgbm:5TZX3 Date: Thu, 19 Oct 2023 16:08:10 +0100 Message-ID: <87lebyhcpx.fsf@makinata.eu> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.5 (/) X-Debbugs-Envelope-To: 66608 Cc: 66608@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.5 (-) Hi Jakob, Jakob Kirsch writes: > + (arguments > + '(#:phases (modify-phases %standard-phases > + (add-before 'check 'remove-bin-sh-in-test > + (lambda* (#:key build-inputs #:allow-other-keys) > + (substitute* "tests/test-rules.c" > + (("/bin/sh") > + (string-append (assoc-ref %build-inputs "bash") > + "/bin/sh")))))))) This can be written with G-Expressions as: --8<---------------cut here---------------start------------->8--- (arguments (list #:phases #~(modify-phases %standard-phases (add-before =E2=80=A6 (lambda _ (substitute* =E2=80=A6 (string-append #$(this-package-input "bash") "/bin/sh") =E2=80=A6)))))) --8<---------------cut here---------------end--------------->8--- --=20 Thanks, Bruno. From debbugs-submit-bounces@debbugs.gnu.org Thu Oct 19 12:36:09 2023 Received: (at 66608) by debbugs.gnu.org; 19 Oct 2023 16:36:10 +0000 Received: from localhost ([127.0.0.1]:37686 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qtW0H-0001uT-DB for submit@debbugs.gnu.org; Thu, 19 Oct 2023 12:36:09 -0400 Received: from mout.web.de ([217.72.192.78]:45481) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qtW0E-0001tq-TC for 66608@debbugs.gnu.org; Thu, 19 Oct 2023 12:36:08 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=web.de; s=s29768273; t=1697733333; x=1698338133; i=jakob.kirsch@web.de; bh=VjONO6hU5dbo2WMcRXBn/GY8ml80eJ2jtFMySjMbSvQ=; h=X-UI-Sender-Class:From:To:Cc:Subject:Date; b=a3KkIbaDiaAstARwHyd9n4greEyqNb2CVTA8U8K+OA/4NnTEBgtHurgkaSbJlGu1 K3BCwGAEyaq5eiYjzGjUhmS9PxEmjAptZUvnslSHroqq/5+6c+zSwGzTXqu+uL7Hm 09Z56BmHVtQSpRo8oGnh6p+lBZ1yj1BhMKhJmzXqN4HHILWqVf59AUOJtVqr+8j4d +Z3Y6kdTYrYenoDe+rLnEy+0J3//yRbF/IpuWAkYqsvvTjirPq4R9MlVj7q/ZW4Af Dlo9Pgxv6S2Q55c8qqAbEvLTHbQudn8V4pMv8uaHOscOagHaqNP3d15R23R8AsqDP hHCLis1tcztK5n984w== X-UI-Sender-Class: 814a7b36-bfc1-4dae-8640-3722d8ec6cd6 Received: from kernelpanicroom.fritz.box ([134.19.20.68]) by smtp.web.de (mrweb106 [213.165.67.124]) with ESMTPSA (Nemesis) id 1N5CQh-1rcReK2lLZ-011DAU; Thu, 19 Oct 2023 18:35:33 +0200 From: Jakob Kirsch To: 66608@debbugs.gnu.org Subject: [PATCH v1] gnu: Add yara. Date: Thu, 19 Oct 2023 18:35:07 +0200 Message-ID: <3c80693772d40bb13e8c1939a7e7d5e969a1602d.1697733307.git.jakob.kirsch@web.de> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Provags-ID: V03:K1:amMTiMouCypL3S3D0bnP8qdc0tUOzH2wvqr5QiiGRpk0KOQMZit bloHyEWcUYnoHVCQmlVk21JEwPl0IDTDcTnxhaMdW4YghjLpB72pNCaQkjXswr7tUKHH7aF YvoROPJzSdcE8IiCs1ARSGRTdI2FErfIBPqUrKLR2sn36v+2306XQOTqgoGEQbKvnMueBz6 z7Mlo2XndZS/Wkj4i9lLg== X-Spam-Flag: NO UI-OutboundReport: notjunk:1;M01:P0:is0IuSV5G8M=;sgtxaNL8bpXw2mVsyJUFN226bPF 2bAgcRI/yhzc51Yorf52awTJxQsDhJ61xBcCkoHZWyFr0IMuq3jrg+z5UrycKC0YPn2DAr6pk s1ZVbf4MLOQNFNHcXxyDS0zMqsa3w5N8aBIe++2n4K0FL9pK30Yxu7cwXa8b3yLWCCsrakChB ieEhq6YGanclt0jND8gSCHGgTVMkpa7ulxkBxDxDMmHRl79olBP9katwCFmv/V2x/qHH4KcRb cCLN/Dph80w0DbfpgvrkZKfXjMJO9Z2iCvf2pnNVzGJH4QGHVXawb9ONdHfcYVUTn+d/Z4X31 1toxBCja8FUnZQDcq4dXk8wrFr1pjNJzyi2kWCy3MZ5LbgnQxN/fFZGr24GAl+A6qJeX0BwrV 67wRsy64SuSlxXd7AfW3sfyBnAk3Tv1cEGoar07CrTQKeWVlPaduZ6NleaPuLh5sWapwIrtGc 8beQChf8jlUJ8HeBvCQlVncN1V6tDNzB01oNsAf3P9VZT+sKjF07kBchyw52pEdOzNafOj8w/ R1V3rf5eMIpr3s/PBdEoO5Mc2HD6w70sRn4VMaCJnD8PDPpDl1clcL0xxtu9sojjFGn85yq3w cJg7076bef3NPfWQnhW7skct1n4sWcOn6h/LtLijdnpS2Hs8+BshSLIPPmmO7vWAo59GxXeh3 o0NZIoRfT9bfsb5ckYlU6Z5N7CqlTI6DrTU29dl/FDpo2x85xsaaxJLHrImrXsKXKKSlr94Xr gT9Pvw+VvfbSJZwXKVJixVpQpuN5p6w3sXrcKqPTSDBMT6qG/jrbIpleYhfhNAcDe2nnbRENI NUynl+FLMkKCgdlpgJ/YTDw4GXWk1XZ+6lDElZiabjGZmxXb8nCDqICzv5vLZmb13JNQeTGV0 735OCfpX4eKJ0CkPREsepY39ZopJqBs7RGgv6CuaWueQJ5RBexntpoc3xgw8UNXaAYR51fIFM 4P+k/WDVTOtX86deaA/JoWMrw0M= X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 66608 Cc: Jakob Kirsch X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) * gnu/packages/antivirus.scm (yara): New variable. =2D-- gnu/packages/antivirus.scm | 40 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/gnu/packages/antivirus.scm b/gnu/packages/antivirus.scm index 750db04040..db039447bf 100644 =2D-- a/gnu/packages/antivirus.scm +++ b/gnu/packages/antivirus.scm @@ -2,6 +2,7 @@ ;;; Copyright =C2=A9 2016, 2017, 2018, 2019, 2020 Eric Bavier ;;; Copyright =C2=A9 2018 Christopher Baines ;;; Copyright =C2=A9 2019=E2=80=932021 Tobias Geerinckx-Rice +;;; Copyright =C2=A9 2023 Jakob Kirsch ;;; ;;; This file is part of GNU Guix. ;;; @@ -24,9 +25,11 @@ (define-module (gnu packages antivirus) #:use-module (guix gexp) #:use-module (guix packages) #:use-module (guix download) + #:use-module (guix git-download) #:use-module (guix utils) #:use-module (gnu packages) #:use-module (gnu packages autotools) + #:use-module (gnu packages bash) #:use-module (gnu packages bison) #:use-module (gnu packages check) #:use-module (gnu packages compression) @@ -38,6 +41,7 @@ (define-module (gnu packages antivirus) #:use-module (gnu packages ncurses) #:use-module (gnu packages pcre) #:use-module (gnu packages pkg-config) + #:use-module (gnu packages protobuf) #:use-module (gnu packages tls) #:use-module (gnu packages web) #:use-module (gnu packages xml)) @@ -156,3 +160,39 @@ (define-public clamav (license:non-copyleft "libclamav/strlcat.c") ;"OpenBSD= " license license:asl2.0 ;libclamav/yara* license:expat)))) ;shared/getopt.[ch] + +(define-public yara + (package + (name "yara") + (version "v4.4.0") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/VirusTotal/yara") + (commit version))) + (file-name (git-file-name name version)) + (sha256 + (base32 "1jc468iybjl1n0r6prpw7pwhd9jvfbjghqg9qdq1hbihnv5wa4bb")))= ) + (build-system gnu-build-system) + (native-inputs (list autoconf automake libtool protobuf pkg-config)) + (inputs (list openssl bash)) + (arguments + (list + #:phases #~(modify-phases %standard-phases + (add-before 'check 'remove-bin-sh-in-test + (lambda _ + (substitute* "tests/test-rules.c" + (("/bin/sh") + (string-append #$(this-package-input "bash") + "/bin/sh")))))))) + + (synopsis "The pattern matching swiss knife") + (description + "YARA is a tool aimed at (but not limited to) helping malware resear= chers to +identify and classify malware samples. With YARA you can create descript= ions of +malware families (or whatever you want to describe) based on textual or b= inary patterns. +Each description, a.k.a. rule, consists of a set of strings and a boolean= expression +which determine its logic.") + (home-page "https://github.com/VirusTotal/yara") + (license license:bsd-3))) base-commit: c065da01ff956d3c2bdfc45a33d910e509a211d9 =2D- 2.41.0 From debbugs-submit-bounces@debbugs.gnu.org Wed Mar 05 15:53:37 2025 Received: (at 66608) by debbugs.gnu.org; 5 Mar 2025 20:53:37 +0000 Received: from localhost ([127.0.0.1]:40066 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tpvkG-0008F0-VW for submit@debbugs.gnu.org; Wed, 05 Mar 2025 15:53:37 -0500 Received: from latitanza.investici.org ([82.94.249.234]:40915) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1tpvkD-0008Eo-4G for 66608@debbugs.gnu.org; Wed, 05 Mar 2025 15:53:34 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=subvertising.org; s=stigmate; t=1741208011; bh=283jF45B8FBWSff4hSakv85TggZ5CBfmDI//2iTwDq4=; h=Date:From:To:Subject:From; b=clWZ5wTIuZNHu3p9xG1BqmOskkaGzJ03A+n7hAVO+Bzhu+SNbRIE1aWQiAMgcwVgT 0E6LvZZqKHP1HKEaFWgOiaAE2ktoG/jPRNBsdwZjOXODIWzWhbmAKuLBXkEXcWZ402 BAHs2sa0y0ek/iN9YOqI/UungWcsRWHdbio1fgUo= Received: from 2.mail-backend.investici.org (unknown [10.0.0.12]) by latitanza.investici.org (Postfix) with ESMTP id 4Z7PsR4rrSzGp50 for <66608@debbugs.gnu.org>; Wed, 5 Mar 2025 20:53:31 +0000 (UTC) Received: from 2.webmail.investici.org (localhost [127.0.0.1]) (Authenticated sender: divya@subvertising.org) by 2.mail-backend.investici.org (Postfix) with ESMTPA id 4Z7PsR3xPvz2xGF for <66608@debbugs.gnu.org>; Wed, 5 Mar 2025 20:53:31 +0000 (UTC) MIME-Version: 1.0 Date: Wed, 05 Mar 2025 20:53:31 +0000 From: divya@subvertising.org To: 66608@debbugs.gnu.org Subject: [bug#66608] [PATCH v1] gnu: Add yara. User-Agent: Roundcube Webmail Message-ID: X-Sender: divya@subvertising.org Content-Type: multipart/mixed; boundary="=_9d77776f447be52d25a1b09424ad30df" X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 66608 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) --=_9d77776f447be52d25a1b09424ad30df Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII; format=flowed Here's an updated version of the patch: --=_9d77776f447be52d25a1b09424ad30df Content-Transfer-Encoding: base64 Content-Type: text/x-diff; name=0001-gnu-Add-yara.patch Content-Disposition: attachment; filename=0001-gnu-Add-yara.patch; size=3420 RnJvbSA1ZjI3YWU1YWEzMTYyMmEwYTA4Y2RlMzY0YWFlZTNlZWI2MjMwNmNjIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBEaXZ5YSBSYW5qYW4gPGRpdnlhQHN1YnZlcnRpc2luZy5vcmc+ CkRhdGU6IFdlZCwgNSBNYXIgMjAyNSAyMDozNToxNyArMDAwMApTdWJqZWN0OiBbUEFUQ0hdIGdu dTogQWRkIHlhcmEuCgoqIGdudS9wYWNrYWdlcy9hbnRpdmlydXMuc2NtICh5YXJhKTogTmV3IHZh cmlhYmxlLgotLS0KIGdudS9wYWNrYWdlcy9hbnRpdmlydXMuc2NtIHwgNDEgKysrKysrKysrKysr KysrKysrKysrKysrKysrKysrKysrKysrKysKIDEgZmlsZSBjaGFuZ2VkLCA0MSBpbnNlcnRpb25z KCspCgpkaWZmIC0tZ2l0IGEvZ251L3BhY2thZ2VzL2FudGl2aXJ1cy5zY20gYi9nbnUvcGFja2Fn ZXMvYW50aXZpcnVzLnNjbQppbmRleCAyM2FmMjZmNDExLi42NzEwMGYyMGY2IDEwMDY0NAotLS0g YS9nbnUvcGFja2FnZXMvYW50aXZpcnVzLnNjbQorKysgYi9nbnUvcGFja2FnZXMvYW50aXZpcnVz LnNjbQpAQCAtMSw2ICsxLDcgQEAKIDs7OyBHTlUgR3VpeCAtLS0gRnVuY3Rpb25hbCBwYWNrYWdl IG1hbmFnZW1lbnQgZm9yIEdOVQogOzs7IENvcHlyaWdodCDCqSAyMDE2LCAyMDE3LCAyMDE4LCAy MDE5LCAyMDIwIEVyaWMgQmF2aWVyIDxiYXZpZXJAcG9zdGVvLm5ldD4KIDs7OyBDb3B5cmlnaHQg wqkgMjAxOCBDaHJpc3RvcGhlciBCYWluZXMgPG1haWxAY2JhaW5lcy5uZXQ+Cis7OzsgQ29weXJp Z2h0IMKpIDIwMjMgSmFrb2IgS2lyc2NoIDxqYWtvYi5raXJzY2hAd2ViLmRlPgogOzs7IENvcHly aWdodCDCqSAyMDE54oCTMjAyMSBUb2JpYXMgR2VlcmluY2t4LVJpY2UgPG1lQHRvYmlhcy5ncj4K IDs7OyBDb3B5cmlnaHQgwqkgMjAyNCBOaWNvbGFzIEdyYXZlcyA8bmdyYXZlc0BuZ3JhdmVzLmZy PgogOzs7CkBAIC0yNyw4ICsyOCwxMSBAQCAoZGVmaW5lLW1vZHVsZSAoZ251IHBhY2thZ2VzIGFu dGl2aXJ1cykKICAgIzp1c2UtbW9kdWxlIChndWl4IGdleHApCiAgICM6dXNlLW1vZHVsZSAoZ3Vp eCBwYWNrYWdlcykKICAgIzp1c2UtbW9kdWxlIChndWl4IGRvd25sb2FkKQorICAjOnVzZS1tb2R1 bGUgKGd1aXggZ2l0LWRvd25sb2FkKQogICAjOnVzZS1tb2R1bGUgKGd1aXggdXRpbHMpCiAgICM6 dXNlLW1vZHVsZSAoZ251IHBhY2thZ2VzKQorICAjOnVzZS1tb2R1bGUgKGdudSBwYWNrYWdlcyBh dXRvdG9vbHMpCisgICM6dXNlLW1vZHVsZSAoZ251IHBhY2thZ2VzIGJhc2gpCiAgICM6dXNlLW1v ZHVsZSAoZ251IHBhY2thZ2VzIGNoZWNrKQogICAjOnVzZS1tb2R1bGUgKGdudSBwYWNrYWdlcyBj b21wcmVzc2lvbikKICAgIzp1c2UtbW9kdWxlIChnbnUgcGFja2FnZXMgY21ha2UpCkBAIC00MCw2 ICs0NCw3IEBAIChkZWZpbmUtbW9kdWxlIChnbnUgcGFja2FnZXMgYW50aXZpcnVzKQogICAjOnVz ZS1tb2R1bGUgKGdudSBwYWNrYWdlcyBuY3Vyc2VzKQogICAjOnVzZS1tb2R1bGUgKGdudSBwYWNr YWdlcyBwY3JlKQogICAjOnVzZS1tb2R1bGUgKGdudSBwYWNrYWdlcyBwa2ctY29uZmlnKQorICAj OnVzZS1tb2R1bGUgKGdudSBwYWNrYWdlcyBwcm90b2J1ZikKICAgIzp1c2UtbW9kdWxlIChnbnUg cGFja2FnZXMgcHl0aG9uKQogICAjOnVzZS1tb2R1bGUgKGdudSBwYWNrYWdlcyBweXRob24tY2hl Y2spCiAgICM6dXNlLW1vZHVsZSAoZ251IHBhY2thZ2VzIHJ1c3QtYXBwcykKQEAgLTE4NSwzICsx OTAsMzkgQEAgKGRlZmluZS1wdWJsaWMgY2xhbWF2CiAgICAgICAgICAgICAgICAgICAgKGxpY2Vu c2U6bm9uLWNvcHlsZWZ0ICJsaWJjbGFtYXYvc3RybGNhdC5jIikgOyJPcGVuQlNEIiBsaWNlbnNl CiAgICAgICAgICAgICAgICAgICAgbGljZW5zZTphc2wyLjAgICAgICAgO2xpYmNsYW1hdi95YXJh KgogICAgICAgICAgICAgICAgICAgIGxpY2Vuc2U6ZXhwYXQpKSkpICAgIDtzaGFyZWQvZ2V0b3B0 LltjaF0KKworKGRlZmluZS1wdWJsaWMgeWFyYQorICAocGFja2FnZQorICAgIChuYW1lICJ5YXJh IikKKyAgICAodmVyc2lvbiAidjQuNS4yIikKKyAgICAoc291cmNlCisgICAgIChvcmlnaW4KKyAg ICAgICAobWV0aG9kIGdpdC1mZXRjaCkKKyAgICAgICAodXJpIChnaXQtcmVmZXJlbmNlCisgICAg ICAgICAgICAgKHVybCAiaHR0cHM6Ly9naXRodWIuY29tL1ZpcnVzVG90YWwveWFyYSIpCisgICAg ICAgICAgICAgKGNvbW1pdCB2ZXJzaW9uKSkpCisgICAgICAgKGZpbGUtbmFtZSAoZ2l0LWZpbGUt bmFtZSBuYW1lIHZlcnNpb24pKQorICAgICAgIChzaGEyNTYKKyAgICAgICAgKGJhc2UzMiAiMXFh dzF6djYxOGprcWE1ZzM5cDFzZHY4czZhN3EyM2F5cWZycXYwYmoyejFnNG5tbjk1ZyIpKSkpCisg ICAgKGJ1aWxkLXN5c3RlbSBnbnUtYnVpbGQtc3lzdGVtKQorICAgIChuYXRpdmUtaW5wdXRzIChs aXN0IGF1dG9jb25mIGF1dG9tYWtlIGxpYnRvb2wgcHJvdG9idWYgcGtnLWNvbmZpZykpCisgICAg KGlucHV0cyAobGlzdCBvcGVuc3NsIGJhc2gpKQorICAgIChhcmd1bWVudHMKKyAgICAgKGxpc3QK KyAgICAgICM6cGhhc2VzICN+KG1vZGlmeS1waGFzZXMgJXN0YW5kYXJkLXBoYXNlcworICAgICAg ICAgICAgICAgICAgIChhZGQtYmVmb3JlICdjaGVjayAncmVtb3ZlLWJpbi1zaC1pbi10ZXN0Cisg ICAgICAgICAgICAgICAgICAgICAobGFtYmRhIF8KKyAgICAgICAgICAgICAgICAgICAgICAgKHN1 YnN0aXR1dGUqICJ0ZXN0cy90ZXN0LXJ1bGVzLmMiCisgICAgICAgICAgICAgICAgICAgICAgICAg KCgiL2Jpbi9zaCIpCisgICAgICAgICAgICAgICAgICAgICAgICAgIChzdHJpbmctYXBwZW5kICMk KHRoaXMtcGFja2FnZS1pbnB1dCAiYmFzaCIpCisgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICIvYmluL3NoIikpKSkpKSkpCisKKyAgICAoc3lub3BzaXMgIlRoZSBwYXR0 ZXJuIG1hdGNoaW5nIHN3aXNzIGtuaWZlIikKKyAgICAoZGVzY3JpcHRpb24KKyAgICAgIllBUkEg aXMgYSB0b29sIGFpbWVkIGF0IChidXQgbm90IGxpbWl0ZWQgdG8pIGhlbHBpbmcgbWFsd2FyZSBy ZXNlYXJjaGVycyB0bworaWRlbnRpZnkgYW5kIGNsYXNzaWZ5IG1hbHdhcmUgc2FtcGxlcy4gIFdp dGggWUFSQSB5b3UgY2FuIGNyZWF0ZSBkZXNjcmlwdGlvbnMgb2YKK21hbHdhcmUgZmFtaWxpZXMg KG9yIHdoYXRldmVyIHlvdSB3YW50IHRvIGRlc2NyaWJlKSBiYXNlZCBvbiB0ZXh0dWFsIG9yIGJp bmFyeSBwYXR0ZXJucy4KK0VhY2ggZGVzY3JpcHRpb24sIGEuay5hLiBydWxlLCBjb25zaXN0cyBv ZiBhIHNldCBvZiBzdHJpbmdzIGFuZCBhIGJvb2xlYW4gZXhwcmVzc2lvbgord2hpY2ggZGV0ZXJt aW5lIGl0cyBsb2dpYy4iKQorICAgIChob21lLXBhZ2UgImh0dHBzOi8vZ2l0aHViLmNvbS9WaXJ1 c1RvdGFsL3lhcmEiKQorICAgIChsaWNlbnNlIGxpY2Vuc2U6YnNkLTMpKSkKLS0gCjIuNDguMQoK --=_9d77776f447be52d25a1b09424ad30df-- From debbugs-submit-bounces@debbugs.gnu.org Wed Mar 05 16:55:54 2025 Received: (at 66608) by debbugs.gnu.org; 5 Mar 2025 21:55:54 +0000 Received: from localhost ([127.0.0.1]:40139 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tpwiX-0005iP-NF for submit@debbugs.gnu.org; Wed, 05 Mar 2025 16:55:54 -0500 Received: from confino.investici.org ([93.190.126.19]:53047) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1tpwiT-0005iE-Uz for 66608@debbugs.gnu.org; Wed, 05 Mar 2025 16:55:51 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=subvertising.org; s=stigmate; t=1741211747; bh=EBaUr0gyb0ZNTohNp6HBCW4UqboMo0TdpAfrz4NQh0I=; h=From:To:Cc:Subject:Date:From; b=RwZn91YBpLpePCjqs9Z+B9HLKelTTt0hJV5v4a3m4aWEgRTVli8xkafrA2W2DLZHD rH0xPopyGO6YgMutcH5U6YtUNc4k2R+0yMkKP5jwAe2P9rtRYK9Vb3w4OOaKh9ukFn mjjgcdDPJb9W0lOyaGJn0fnvdaSDEbgk4WKtXd8I= Received: from mx1.investici.org (unknown [127.0.0.1]) by confino.investici.org (Postfix) with ESMTP id 4Z7RFH2pLNz11HQ; Wed, 5 Mar 2025 21:55:47 +0000 (UTC) Received: from [93.190.126.19] (mx1.investici.org [93.190.126.19]) (Authenticated sender: divya@subvertising.org) by localhost (Postfix) with ESMTPSA id 4Z7RFG4SkXz11HF; Wed, 5 Mar 2025 21:55:46 +0000 (UTC) From: Divya Ranjan To: 66608@debbugs.gnu.org Subject: [PATCH] gnu: Add yara. Date: Wed, 5 Mar 2025 21:55:30 +0000 Message-ID: <64e8f5f5bf2b2180983183e351012b894bc4279d.1741211524.git.divya@subvertising.org> X-Mailer: git-send-email 2.48.1 MIME-Version: 1.0 X-Debbugs-Cc: Sharlatan Hellseher Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 66608 Cc: Divya Ranjan X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) * gnu/packages/antivirus.scm (yara): New variable. Change-Id: I6ecad2cc6cc797102269ccde80071f7290db44e4 --- gnu/packages/antivirus.scm | 41 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/gnu/packages/antivirus.scm b/gnu/packages/antivirus.scm index 23af26f411..9e714ae092 100644 --- a/gnu/packages/antivirus.scm +++ b/gnu/packages/antivirus.scm @@ -1,6 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2016, 2017, 2018, 2019, 2020 Eric Bavier ;;; Copyright © 2018 Christopher Baines +;;; Copyright © 2023 Jakob Kirsch ;;; Copyright © 2019–2021 Tobias Geerinckx-Rice ;;; Copyright © 2024 Nicolas Graves ;;; @@ -27,8 +28,11 @@ (define-module (gnu packages antivirus) #:use-module (guix gexp) #:use-module (guix packages) #:use-module (guix download) + #:use-module (guix git-download) #:use-module (guix utils) #:use-module (gnu packages) + #:use-module (gnu packages autotools) + #:use-module (gnu packages bash) #:use-module (gnu packages check) #:use-module (gnu packages compression) #:use-module (gnu packages cmake) @@ -40,6 +44,7 @@ (define-module (gnu packages antivirus) #:use-module (gnu packages ncurses) #:use-module (gnu packages pcre) #:use-module (gnu packages pkg-config) + #:use-module (gnu packages protobuf) #:use-module (gnu packages python) #:use-module (gnu packages python-check) #:use-module (gnu packages rust-apps) @@ -185,3 +190,39 @@ (define-public clamav (license:non-copyleft "libclamav/strlcat.c") ;"OpenBSD" license license:asl2.0 ;libclamav/yara* license:expat)))) ;shared/getopt.[ch] + +(define-public yara + (package + (name "yara") + (version "v4.5.2") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/VirusTotal/yara") + (commit version))) + (file-name (git-file-name name version)) + (sha256 + (base32 "1qaw1zv618jkqa5g39p1sdv8s6a7q23ayqfrqv0bj2z1g4nmn95g")))) + (build-system gnu-build-system) + (native-inputs (list autoconf automake libtool protobuf pkg-config)) + (inputs (list openssl bash-minimal)) + (arguments + (list + #:phases + #~(modify-phases %standard-phases + (add-before 'check 'remove-bin-sh-in-test + (lambda _ + (substitute* "tests/test-rules.c" + (("/bin/sh") + (string-append #$(this-package-input "bash") "/bin/sh")))))))) + + (synopsis "The pattern matching swiss knife") + (description + "YARA is a tool aimed at (but not limited to) helping malware researchers to +identify and classify malware samples. With YARA you can create descriptions of +malware families (or whatever you want to describe) based on textual or binary patterns. +Each description, a.k.a. rule, consists of a set of strings and a boolean expression +which determine its logic.") + (home-page "https://github.com/VirusTotal/yara") + (license license:bsd-3))) base-commit: 310adf4ce70cbb864859274fcc7842bd519bbddc -- 2.48.1 From debbugs-submit-bounces@debbugs.gnu.org Wed Mar 05 17:12:55 2025 Received: (at 66608) by debbugs.gnu.org; 5 Mar 2025 22:12:55 +0000 Received: from localhost ([127.0.0.1]:40155 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tpwz0-0006RD-SF for submit@debbugs.gnu.org; Wed, 05 Mar 2025 17:12:55 -0500 Received: from confino.investici.org ([2a11:7980:1::2:0]:56475) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1tpwyx-0006Qv-9C for 66608@debbugs.gnu.org; Wed, 05 Mar 2025 17:12:52 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=subvertising.org; s=stigmate; t=1741212768; bh=flbNiZGonDdMr+aFd1WOxWCMFU5WKFqJepI9MBR5ytk=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=QNumWi8OuAJt/G7LHyKb69C9u77mq6aLqg7mYeFW8DBl6S6iMwrIOkQ19zRZLOIH/ U0AOMXSX4YvjZPGbl09r+FEL2QFwqv7UtN1LlTHXAhPrBp3ZzxneA3K3cVvXFXn5Qs YCvgKDfUZT6Alk4KdeM59JA0hEN1wqEpE3SpUN64= Received: from mx1.investici.org (unknown [127.0.0.1]) by confino.investici.org (Postfix) with ESMTP id 4Z7Rcw0BSxz11Hm; Wed, 5 Mar 2025 22:12:48 +0000 (UTC) Received: from [93.190.126.19] (mx1.investici.org [93.190.126.19]) (Authenticated sender: divya@subvertising.org) by localhost (Postfix) with ESMTPSA id 4Z7Rcv1hrCz11Hr; Wed, 5 Mar 2025 22:12:47 +0000 (UTC) From: Divya Ranjan To: 66608@debbugs.gnu.org Subject: Re: [bug#66608] [PATCH v2] gnu: Add yara. In-Reply-To: <64e8f5f5bf2b2180983183e351012b894bc4279d.1741211524.git.divya@subvertising.org> (Divya Ranjan's message of "Wed, 5 Mar 2025 21:55:30 +0000") References: <8fff56158eb150f2dab193ccdceb19fd451583e7.1697641034.git.jakob.kirsch@web.de> <64e8f5f5bf2b2180983183e351012b894bc4279d.1741211524.git.divya@subvertising.org> Date: Wed, 05 Mar 2025 22:12:44 +0000 Message-ID: <87eczbm8ir.fsf_-_@subvertising.org> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 66608 Cc: Sharlatan Hellseher X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable The last patch was failing because I forgot to change bash to bash-minimal = in the gexp, here=E2=80=99s a revised patch that builds and the linter does= n=E2=80=99t complain: --=-=-= Content-Type: text/x-patch; charset=utf-8 Content-Disposition: attachment; filename=0001-gnu-Add-yara.patch Content-Transfer-Encoding: quoted-printable >From 42d544e60f50052e5a263f63dda62fe0297fad35 Mon Sep 17 00:00:00 2001 Message-ID: <42d544e60f50052e5a263f63dda62fe0297fad35.1741212734.git.divya@= subvertising.org> From: Divya Ranjan Date: Wed, 5 Mar 2025 21:50:45 +0000 Subject: [PATCH] gnu: Add yara. * gnu/packages/antivirus.scm (yara): New variable. Change-Id: I6ecad2cc6cc797102269ccde80071f7290db44e4 --- gnu/packages/antivirus.scm | 41 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/gnu/packages/antivirus.scm b/gnu/packages/antivirus.scm index 23af26f411..52bbe6b818 100644 --- a/gnu/packages/antivirus.scm +++ b/gnu/packages/antivirus.scm @@ -1,6 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright =C2=A9 2016, 2017, 2018, 2019, 2020 Eric Bavier ;;; Copyright =C2=A9 2018 Christopher Baines +;;; Copyright =C2=A9 2023 Jakob Kirsch ;;; Copyright =C2=A9 2019=E2=80=932021 Tobias Geerinckx-Rice ;;; Copyright =C2=A9 2024 Nicolas Graves ;;; @@ -27,8 +28,11 @@ (define-module (gnu packages antivirus) #:use-module (guix gexp) #:use-module (guix packages) #:use-module (guix download) + #:use-module (guix git-download) #:use-module (guix utils) #:use-module (gnu packages) + #:use-module (gnu packages autotools) + #:use-module (gnu packages bash) #:use-module (gnu packages check) #:use-module (gnu packages compression) #:use-module (gnu packages cmake) @@ -40,6 +44,7 @@ (define-module (gnu packages antivirus) #:use-module (gnu packages ncurses) #:use-module (gnu packages pcre) #:use-module (gnu packages pkg-config) + #:use-module (gnu packages protobuf) #:use-module (gnu packages python) #:use-module (gnu packages python-check) #:use-module (gnu packages rust-apps) @@ -185,3 +190,39 @@ (define-public clamav (license:non-copyleft "libclamav/strlcat.c") ;"OpenBSD"= license license:asl2.0 ;libclamav/yara* license:expat)))) ;shared/getopt.[ch] + +(define-public yara + (package + (name "yara") + (version "v4.5.2") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/VirusTotal/yara") + (commit version))) + (file-name (git-file-name name version)) + (sha256 + (base32 "1qaw1zv618jkqa5g39p1sdv8s6a7q23ayqfrqv0bj2z1g4nmn95g")))) + (build-system gnu-build-system) + (native-inputs (list autoconf automake libtool protobuf pkg-config)) + (inputs (list openssl bash-minimal)) + (arguments + (list + #:phases + #~(modify-phases %standard-phases + (add-before 'check 'remove-bin-sh-in-test + (lambda _ + (substitute* "tests/test-rules.c" + (("/bin/sh") + (string-append #$(this-package-input "bash-minimal") "/bi= n/sh")))))))) + + (synopsis "The pattern matching swiss knife") + (description + "YARA is a tool aimed at (but not limited to) helping malware researc= hers to +identify and classify malware samples. With YARA you can create descripti= ons of +malware families (or whatever you want to describe) based on textual or bi= nary patterns. +Each description, a.k.a. rule, consists of a set of strings and a boolean = expression +which determine its logic.") + (home-page "https://github.com/VirusTotal/yara") + (license license:bsd-3))) base-commit: 310adf4ce70cbb864859274fcc7842bd519bbddc --=20 2.48.1 --=-=-= Content-Type: text/plain - Divya Ranjan, Philosophy, Mathematics, Libre Software. PGP Fingerprint: F0B3 1A69 8006 8FB8 096A 2F12 B245 10C6 108C 8D4A --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Thu Mar 06 10:10:43 2025 Received: (at 66608) by debbugs.gnu.org; 6 Mar 2025 15:10:43 +0000 Received: from localhost ([127.0.0.1]:44725 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tqCry-0000Mz-Nh for submit@debbugs.gnu.org; Thu, 06 Mar 2025 10:10:43 -0500 Received: from mail-wm1-x334.google.com ([2a00:1450:4864:20::334]:54598) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from ) id 1tqCrt-0000Me-Bj for 66608@debbugs.gnu.org; Thu, 06 Mar 2025 10:10:38 -0500 Received: by mail-wm1-x334.google.com with SMTP id 5b1f17b1804b1-43bc4b16135so4846925e9.1 for <66608@debbugs.gnu.org>; Thu, 06 Mar 2025 07:10:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1741273830; x=1741878630; darn=debbugs.gnu.org; h=content-transfer-encoding:mime-version:user-agent:message-id:date :references:in-reply-to:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=4+GS5zmjs534oX+ZfGoEUPaZ2N5cB6IboNBvd1tnKho=; b=AoLsO+Q6eC1wad2fx00ZPPYpusUcEvz5+XdjtL3MIssNZ4vlFcc2f3s8zPficyeK/0 BhhtPRNqo/g7UUBzfcEL39N9DuIWjXvWGxBj+2JhiwoMkdXNF+2gqGq+D6NMbioX4YcB LgaFxPdGm1m17JdL5HsaTci9GtI1s98FakDcKuFZoCYZRw/YqWtQrWFgf8S6EIO7cEL/ ju0gYlCahMpLpiUmviOaQ3qTyc3Ukz6r07GD3QCfzNkwRB1Q4VQ1m4YvEhwub+pFsefr dnX0XQBZwyN/ODcV5gjLZ/z7BudUq+L8m4W13G62a7oEKu5uAuO9l+v12KFyHBxPLxXp ilTw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741273830; x=1741878630; h=content-transfer-encoding:mime-version:user-agent:message-id:date :references:in-reply-to:subject:cc:to:from:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=4+GS5zmjs534oX+ZfGoEUPaZ2N5cB6IboNBvd1tnKho=; b=ZebKlx855BGr67tA/IpxYytJoBo30U6HGy0a2o4Z6Dq8sLkMmvI+cWWZTFncu949j6 1SJOcmtSrg2vlK6nfHjyOZWnWMinow2564ys9znju0iry3R6hm5cB9lLra8Z1tqQYQNg a5nsvokIlZaTg7JXpmQ7+C/KOttyDI5jSLqebVzX+3paB9qhwzRj0BCz1ei6N9WioyZ3 9iPr+Dx0ssWUYHNwlIcskItGjxKUpW+zKaCM3dZ7GIKtvjxg9MblYIGDLStdeFEvaxI+ SGAOFJ77L0t3u3rFTdAymf8kI6qCF138S7p4Tk/9N0bgp4+mZ8sQ/Vmk4uMDH4j9qY8o Xi0w== X-Gm-Message-State: AOJu0YwDJ9R/Fr9289+nFzUERd7qHrTS6ed+xhyrmMGDVhyDfSFmDCtb StvvGxqM2dNfvmSYDMbj1Nk0IlKeaRoXkVMkhrR+boCATliwgJjE X-Gm-Gg: ASbGncubsHOJ1/ieizFXK/vPy6ZaGKw/5ojGFf30p26uAwGfKAEY+csNwuCRxpjkweJ /o5FXQcUhYZG9enMdh3VuYmHsu9RR4hkmj7xji/YlpuOaOz4rZubP5i2gWaNz7PTELTew44KAuX nwb4xjbSlS3X5UgIJ18Zpc3Sp6qsV8yNVMgPZ/MT9KwUoX7f+oRtZPkfBvN0kiFlTT69fnUuRXb DhD9uxAhmvYhnVIBIdUOLQ9+sC6eUuBTmP0xhZrtWMgWxD+b5GEdTdWiXtH+WzRXurUB1G4iEAs Vw5AAH59Ffd2hMHWyQEUbI2nYtE5I1ywjjW5coW9O/YkhIXl3Zka7bALZw== X-Google-Smtp-Source: AGHT+IHdI7ANWe9h+8sGQA89cANq5sDlPvONaGXI6sVtor9phj/e6zEkvmUK9KtR9fQhPF9l8A/RIQ== X-Received: by 2002:a05:600c:1988:b0:439:9377:fa21 with SMTP id 5b1f17b1804b1-43bd2aed6c2mr56184945e9.19.1741273829423; Thu, 06 Mar 2025 07:10:29 -0800 (PST) Received: from localhost ([2a0c:5a85:d50e:8e00:c7d4:a3dc:7540:dcad]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-3912c103035sm2282902f8f.88.2025.03.06.07.10.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 Mar 2025 07:10:28 -0800 (PST) From: =?utf-8?Q?Sergio_Pastor_P=C3=A9rez?= To: Divya Ranjan Subject: Re: [bug#66608] [PATCH v2] gnu: Add yara. In-Reply-To: <87eczbm8ir.fsf_-_@subvertising.org> (Divya Ranjan's message of "Wed, 05 Mar 2025 22:12:44 +0000") References: <8fff56158eb150f2dab193ccdceb19fd451583e7.1697641034.git.jakob.kirsch@web.de> <64e8f5f5bf2b2180983183e351012b894bc4279d.1741211524.git.divya@subvertising.org> <87eczbm8ir.fsf_-_@subvertising.org> Date: Thu, 06 Mar 2025 16:10:28 +0100 Message-ID: <84bjueqjob.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 66608 Cc: Sharlatan Hellseher , 66608@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hello Divy=C3=A1, thanks for the version bump. The patch builds and lints successfully. Guix style will add a line break at the `string-append' line, like so: --8<---------------cut here---------------start------------->8--- (string-append #$(this-package-input "bash-minimal") "/bin/sh") --8<---------------cut here---------------end--------------->8--- I think this can be done by the committer. Other than that, the patch looks good to go. Reviewed-by: Sergio Pastor P=C3=A9rez Thanks! Sergio. From debbugs-submit-bounces@debbugs.gnu.org Thu Mar 06 15:47:52 2025 Received: (at 66608-done) by debbugs.gnu.org; 6 Mar 2025 20:47:52 +0000 Received: from localhost ([127.0.0.1]:45622 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tqI8F-0007mr-Oq for submit@debbugs.gnu.org; Thu, 06 Mar 2025 15:47:52 -0500 Received: from mail-wm1-x343.google.com ([2a00:1450:4864:20::343]:61645) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from ) id 1tqI8D-0007me-Dc for 66608-done@debbugs.gnu.org; Thu, 06 Mar 2025 15:47:50 -0500 Received: by mail-wm1-x343.google.com with SMTP id 5b1f17b1804b1-43bc6a6aaf7so8964515e9.2 for <66608-done@debbugs.gnu.org>; Thu, 06 Mar 2025 12:47:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1741294063; x=1741898863; darn=debbugs.gnu.org; h=mime-version:user-agent:content-transfer-encoding:references :in-reply-to:date:cc:to:from:subject:message-id:from:to:cc:subject :date:message-id:reply-to; bh=fUEM2/QdNDt3ElFY/ESu9rXRsIT0clWGbS7EqLFpgq8=; b=aS0ZDUGrwAG0/nGL2tXXWp9JXZPvHczbyN+BDixnu4Nz8+FF3pIYWCgbB2T3JXKMWp ugLsx4dqbQF9+Q0x+Z5yzvu8/a7v1FjwKaoKZFQCR2uX1e1JBRXgJu5o2iRMfCsvozvw 0RoR0YnZXYTPgRkoiDTHUKpCPBIl4wojVg4l6CuKaZ6uRFHu4y4X//Nd5W+W3fRhCxwm wiUSdI9Vuj2f+ikdw3cUwMvWPzz+VEcH9fh/fmu5CM8i2Th7WNVTujlSvl7OeCjrKmaG sh+pLSrzsTuELp/A54BMOlku1BWM/1XHPHjPCBMR4V/agFF+T/+CGXtq0KbEIxzQqTam wBMg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741294063; x=1741898863; h=mime-version:user-agent:content-transfer-encoding:references :in-reply-to:date:cc:to:from:subject:message-id:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=fUEM2/QdNDt3ElFY/ESu9rXRsIT0clWGbS7EqLFpgq8=; b=Htc6N/M/7tBa4AOg2kq1+M2pxuDBcO3xrcaZIo7gIaPqMKYteDrjRQtB4EIN7sV7DW dV5sHuQ3UeUp90LFEa4ArnRgBAphsZhzavMTLdjvSgmFduKBiV29cSeRQ9FXY3yldp1t cHUI+F+3RzRJ0D9qKCkVD5sNlmzOAWWp/ckyTLJwFHOxgOAE4rLdoNEHPhQ3H8EoZtsS AbFCF3FoDxQQYmhyW7LKmnyjUW30D78bpE86H+/CDcbYYLMT5QJg8Kz+caYa+HS9o8DR PBwYjEtfQX3sHkcjzrYFfWjB3hneB5tYPbboRB6PRWDFjA6EHG9y+mVmWhUBTyCqm2SJ sCsQ== X-Forwarded-Encrypted: i=1; AJvYcCWo1gbT5E77vfjdCKpuI+XGyyCngI0pGUZghZSZf4Ei1LuZteuqV4pmwSTXzBc13V46ayZo7kOdqLyV@debbugs.gnu.org X-Gm-Message-State: AOJu0Yya16I+juKDSin1nXnlrAZ0dBc5uSmEq9EfgRkWhhNQQS65ACIb 53eFCOpdveFGIJ4t7yJu0Nh/fHnTA1d3+uv1VbMOJWX67Whj2HAK X-Gm-Gg: ASbGncsbwv+ooQO4qglfTo/OJuP0gA1R9fu27sAx2Vw+OTjX3XLeRzRbkbOtradUx0T 3gBtXpsY+PruQ8mvkrJfHj/yCfSU3D+/cbtjR/vW1xVFClQtuvYoMV725Te99+ObRF+fQ9wPIqc ucEksJelOsJ/BhSRVjw18KNGfCnP84b02nhAPVUGsku+lwzNTSX4nKbLKCEuwyKscD7kDtY1/Ln C1RzAVq6ttPM97jTrLP0UN0/SkW3Vvf0Hkkfli1PIPeGOcX3aUxcEIoYpzqoRmDLLyaCpx9A4AU 9yR02Qk7sE0nSWMtdA689wQBzae2okxLuyox7o8rABKbF8RFb94u4gTKU5indzp3gKzkFYfZAz0 BsTghynm8PI4CBU2E77aU X-Google-Smtp-Source: AGHT+IE1XbNwwnT0BOdz1r2W2YCbzI7kitzzT7QT+MjlpHc92xBmZT44/y55H1dcrQ0KWT0hDbM5Lg== X-Received: by 2002:a05:600c:5116:b0:439:689b:99eb with SMTP id 5b1f17b1804b1-43c5a5f9569mr8053485e9.7.1741294062762; Thu, 06 Mar 2025 12:47:42 -0800 (PST) Received: from lumine.fritz.box (85-127-114-32.dsl.dynamic.surfer.at. [85.127.114.32]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-43bd42c6203sm60118105e9.24.2025.03.06.12.47.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 Mar 2025 12:47:42 -0800 (PST) Message-ID: Subject: Re: [bug#66608] [PATCH v2] gnu: Add yara. From: Liliana Marie Prikler To: Sergio Pastor =?ISO-8859-1?Q?P=E9rez?= , Divya Ranjan Date: Thu, 06 Mar 2025 21:48:47 +0100 In-Reply-To: <84bjueqjob.fsf@gmail.com> References: <8fff56158eb150f2dab193ccdceb19fd451583e7.1697641034.git.jakob.kirsch@web.de> <64e8f5f5bf2b2180983183e351012b894bc4279d.1741211524.git.divya@subvertising.org> <87eczbm8ir.fsf_-_@subvertising.org> <84bjueqjob.fsf@gmail.com> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable User-Agent: Evolution 3.54.3 MIME-Version: 1.0 X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 66608-done Cc: Sharlatan Hellseher , 66608-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Am Donnerstag, dem 06.03.2025 um 16:10 +0100 schrieb Sergio Pastor P=C3=A9rez: > Hello Divy=C3=A1, thanks for the version bump. >=20 > The patch builds and lints successfully. >=20 > Guix style will add a line break at the `string-append' line, like > so: > --8<---------------cut here---------------start------------->8--- > (string-append #$(this-package-input "bash-minimal") > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0 "/bin/sh") > --8<---------------cut here---------------end--------------->8--- >=20 > I think this can be done by the committer. >=20 > Other than that, the patch looks good to go. Well, I also reworded the synopsis and description and reordered the fields, but it's done. Cheers From unknown Fri Jun 20 18:15:01 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Fri, 04 Apr 2025 11:24:05 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator