search

VirusTotal / yara-x

A rewrite of YARA in Rust.
https://virustotal.github.io/yara-x/
BSD 3-Clause "New" or "Revised" License
566 stars 46 forks source link

question to golang #144

Open geraldstanje opened 6 days ago

geraldstanje commented 6 days ago

hi,

nice work.

i try to call yara.compile and yara.match like the github.com/VirusTotalyara-python lib...

do you have a small example which loads a yara file from disk, calls yara.compile and calls yara.match with an input string?

@plusvic does go get github.com/VirusTotal/yara-x/go@v0.4.0 also work? edit: seems yes.

how to compile the golang app using yarax for static build and what flags to set? i get error while loading shared lib: libyara_x_capi.so.0.4 - not found for:

go build . -o main; ./main

cc @steffenfritz

Thanks, Gerald

steffenfritz commented 6 days ago

This is also something I am struggling with. I use yara-x for my file indexer FileTrove (https://github.com/steffenfritz/FileTrove) and I am fighting with Rust -> C -> Go builds and creating releases with Github Actions.

I asked in Go-Groups, they said ask Rustians. Rustians say it is something with C and Go, ask there. :)

More on topic: I think with CGO enabled you won't get a static build. You can find an example here https://github.com/steffenfritz/FileTrove/blob/main/yara.go with a rule file here https://github.com/steffenfritz/FileTrove/blob/main/testdata/yara/testrule.yara and a test file here https://github.com/steffenfritz/FileTrove/blob/main/yara_test.go

plusvic commented 6 days ago

@steffenfritz @geraldstanje what's your OS? Linux or Windows?

In Linux it should be relatively easy, you must install the yara-x-capi library first, as described in: https://virustotal.github.io/yara-x/docs/api/c/c-/

After installation, you can check if pkg-config is able to find the installed library:

pkg-config --libs yara_x_capi

The command above should produce an output like:

-L/usr/local/lib -lyara_x_capi

If that works correctly you should be able to compile your Go program without any issues. The Go compiler uses pkg-config for locating the required header files and libraries. The Go binary while be dynamically linked to the yara_x_capi library, if you want static linking you must pass -tags static_link to the Go compiler, like in:

go build -tags static_link

In Windows things are a bit more more complex because the pkg-config mechanism doesn't work, therefore the Go compiler is unable to find the header files and libraries. I need still need to figure out an easy method for building the Go library in Windows.

geraldstanje commented 5 days ago

hi, im using mac osx in the host, run a docker container to build the binary FROM golang:latest AS builder ... for my target platform linux amd64

plusvic commented 5 days ago

So, the problem is not while building the Go program, it's actually that you are unable to build the libyara_x_capi library, as mentioned in #145. Right?

geraldstanje commented 5 days ago

yes - one more last question is have: can i build the go app without pkg-config?

steffenfritz commented 5 days ago

As I was mentioned in this issue I will also answer, hopefully not mixing things up.

I can build the library at Linux and MacOS without problems, Windows not tested so far.

However, I have no problem to ship the library with my tool, mentioned above. At the moment I struggle with exporting the artifacts from the Github Action.

It would be pretty cool if you could create library releases when you release yara-x binaries. It could be probably pretty easy implemented (for someone more familiar with the rust-toolchain than me). I tried my luck with this action, but without success https://github.com/VirusTotal/yara-x/blob/main/.github/workflows/golang.yaml

tl;dr: Could you also release the libraries during the release of new versions?