botherder / go-yara

Go bindings for YARA

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Logo

go-yara

GoDoc Travis Go Report Card

Go bindings for YARA, staying as close as sensible to the library's C-API while taking inspiration from the yara-python implementation.

Installation

Unix

On a Unix system with libyara, its header files, and pkg-config installed, the following should simply work, provided that GOPATH is set:

go get github.com/hillu/go-yara
go install github.com/hillu/go-yara

The pkg-config program should be able to output the correct compiler and linker flags from the yara.pc file that has been generated and installed by YARA's build system. If libyara has been installed to a custom location, the PKG_CONFIG_PATH environment variable can be used to point pkg-config at the right yara.pc file. If pkg-config cannot be used at all, please see "Build Tags" below.

Linker errors in the compiler output such as

undefined reference to `yr_compiler_add_file'

indicate that the linker is probably looking at an old version of libyara.

Cross-building for Windows

go-yara can be cross-built on a current Debian system using the MinGW cross compiler (gcc-mingw-w64) if the Go compiler contains Windows runtime libraries with CGO support (cf.). After libyara has been built from the source tree with the MinGW compiler using the usual ./configure && make && make install, go-yara can be built and installed. Some environment variables need to be set when running go build or go install:

  • GOOS, GOARCH indicate the cross compilation target.
  • CGO_ENABLED is set to 1 beacuse it defaults to 0 when cross-compiling.
  • CC has to specified because the go tool has no knowledge on what C compiler to use (it defaults to the system C compiler, usually gcc).
  • PKG_CONFIG_PATH is set so the go tool can determine correct locations for headers and libraries through pkg-config.

32bit:

$ cd ${YARA_SRC} \
  && ./bootstrap.sh \
  && ./configure --host=i686-w64-mingw32 --disable-magic --disable-cuckoo --without-crypto --prefix=${YARA_SRC}/i686-w64-mingw32 \
  && make -C ${YARA_SRC} \
  && make -C ${YARA_SRC} install 
$ GOOS=windows GOARCH=amd64 CGO_ENABLED=1 \
  CC=i686-w64-mingw32-gcc \
  PKG_CONFIG_PATH=${YARA_SRC}/i686-w64-mingw32/lib/pkgconfig \
  go install -ldflags '-extldflags "-static"' github.com/hillu/go-yara

64bit:

$ cd ${YARA_SRC} \
  && ./bootstrap.sh \
  && ./configure --host=x86_64-w64-mingw32 --disable-magic --disable-cuckoo --without-crypto --prefix=${YARA_SRC}/x86_64-w64-mingw32 \
  && make -C ${YARA_SRC} \
  && make -C ${YARA_SRC} install 
$ GOOS=windows GOARCH=amd64 CGO_ENABLED=1 \
  CC=x86_64-w64-mingw32-gcc \
  PKG_CONFIG_PATH=${YARA_SRC}/x86_64-w64-mingw32/lib/pkgconfig \
  go install -ldflags '-extldflags "-static"' github.com/hillu/go-yara

Build Tags

go-yara is tested with the latest stable version of YARA, currently 3.7. If you need to to build with an older version of YARA, certain features that are not present in older versions can be excluded by passing a build tag such as yara3.3, yara3.4, yara3.5. If you want to build with a git snapshot of YARA, you may use a build tag corresponding to the upcoming stable YARA version, currently yara3.8. You also need to pass the tag when you build your own project.

The build tag yara_static can be used to tell the Go toolchain to run pkg-config with the --static switch.

The build tag no_pkg_config can be used to tell the Go toolchain not to use pkg-config's output. In this case, any compiler or linker flags have to be set via the CGO_CFLAGS and CGO_LDFLAGS environment variables, e.g.:

export CGO_CFLAGS="-I${YARA_SRC}/libyara/include"
export CGO_LDFLAGS="-L${YARA_SRC}/libyara/.libs -lyara"
go install -tags no_pkg_config github.com/hillu/go-yara

License

BSD 2-clause, see LICENSE file in the source distribution.

Author

Hilko Bengen bengen@hilluzination.de

About

Go bindings for YARA

License:BSD 2-Clause "Simplified" License


Languages

Language:Go 100.0%