Go bindings for YARA, staying as
close as sensible to the library's C-API while taking inspiration from
the yara-python
implementation.
On a Unix system with libyara, its header files, and pkg-config
installed, the following should simply work, provided that GOPATH
is
set:
go get github.com/hillu/go-yara
go install github.com/hillu/go-yara
The pkg-config program should be able to output the correct compiler
and linker flags from the yara.pc
file that has been generated and
installed by YARA's build system. If libyara has been installed to
a custom location, the PKG_CONFIG_PATH
environment variable can be
used to point pkg-config at the right yara.pc
file. If
pkg-config cannot be used at all, please see "Build Tags" below.
Linker errors in the compiler output such as
undefined reference to `yr_compiler_add_file'
indicate that the linker is probably looking at an old version of libyara.
go-yara can be cross-built on a current Debian system using the
MinGW cross compiler (gcc-mingw-w64) if the Go compiler contains
Windows runtime libraries with CGO support
(cf.). After libyara has
been built from the source tree with the MinGW compiler using the
usual ./configure && make && make install
, go-yara can be built
and installed. Some environment variables need to be set when running
go build
or go install
:
GOOS
,GOARCH
indicate the cross compilation target.CGO_ENABLED
is set to 1 beacuse it defaults to 0 when cross-compiling.CC
has to specified because the go tool has no knowledge on what C compiler to use (it defaults to the system C compiler, usually gcc).PKG_CONFIG_PATH
is set so the go tool can determine correct locations for headers and libraries through pkg-config.
32bit:
$ cd ${YARA_SRC} \
&& ./bootstrap.sh \
&& ./configure --host=i686-w64-mingw32 --disable-magic --disable-cuckoo --without-crypto --prefix=${YARA_SRC}/i686-w64-mingw32 \
&& make -C ${YARA_SRC} \
&& make -C ${YARA_SRC} install
$ GOOS=windows GOARCH=amd64 CGO_ENABLED=1 \
CC=i686-w64-mingw32-gcc \
PKG_CONFIG_PATH=${YARA_SRC}/i686-w64-mingw32/lib/pkgconfig \
go install -ldflags '-extldflags "-static"' github.com/hillu/go-yara
64bit:
$ cd ${YARA_SRC} \
&& ./bootstrap.sh \
&& ./configure --host=x86_64-w64-mingw32 --disable-magic --disable-cuckoo --without-crypto --prefix=${YARA_SRC}/x86_64-w64-mingw32 \
&& make -C ${YARA_SRC} \
&& make -C ${YARA_SRC} install
$ GOOS=windows GOARCH=amd64 CGO_ENABLED=1 \
CC=x86_64-w64-mingw32-gcc \
PKG_CONFIG_PATH=${YARA_SRC}/x86_64-w64-mingw32/lib/pkgconfig \
go install -ldflags '-extldflags "-static"' github.com/hillu/go-yara
go-yara is tested with the latest stable version of YARA, currently
3.7. If you need to to build with an older version of YARA, certain
features that are not present in older versions can be excluded by
passing a build tag such as yara3.3
, yara3.4
, yara3.5
. If you
want to build with a git snapshot of YARA, you may use a build tag
corresponding to the upcoming stable YARA version, currently
yara3.8
.
The build tag yara_static
can be used to tell the Go toolchain to
run pkg-config with the --static
switch.
The build tag no_pkg_config
can be used to tell the Go toolchain not
to use pkg-config's output. In this case, any compiler or linker
flags have to be set via the CGO_CFLAGS
and CGO_LDFLAGS
environment variables, e.g.:
export CGO_CFLAGS="-I${YARA_SRC}/libyara/include"
export CGO_LDFLAGS="-L${YARA_SRC}/libyara/.libs -lyara"
go install github.com/hillu/go-yara -tags no_pkg_config
BSD 2-clause, see LICENSE file in the source distribution.
Hilko Bengen bengen@hilluzination.de