diff options
Diffstat (limited to 'CLAUDE.md')
| -rw-r--r-- | CLAUDE.md | 87 |
1 files changed, 87 insertions, 0 deletions
@@ -35,6 +35,93 @@ the repo root. --- +## Build Strategies + +Packages fall into several categories; the SlackBuild style differs +accordingly. + +### Source builds (Go) + +Packages such as `ffuf`, `gobuster`, `nuclei` are built from upstream source +tarballs using `go build`. Key points: + +- Set `GOPATH`, `GOPROXY`, `GOFLAGS` before building +- Use `-buildmode=pie -trimpath -mod=readonly -modcacherw` +- Strip ELF binaries after build +- Clean up `$GOPATH` / Go module cache before packaging +- `REQUIRES="google-go-lang"` in the `.info` file + +### Source builds (Rust) + +Packages such as `feroxbuster` build from a vendored crates tarball +(`<pkg>-<version>-vendor.tar.gz`) declared as a second source in `.info`, +alongside the upstream tarball. The SlackBuild unpacks it, points cargo at it +via `.cargo/config.toml`, and builds fully offline (`cargo build --offline +--locked`). The vendor tarball is generated once per version with +`cargo-vendor-filterer`, with `SOURCE_DATE_EPOCH` pinned to the release tag's +commit date for a byte-for-byte reproducible archive. The exact command is +recorded in the package's own `README`. + +### Binary repacks — Debian `.deb` + +Packages such as `metasploit-framework-bin` are repacked from upstream `.deb` +archives (SBo convention: `.deb`/binary repacks take a `-bin` suffix): + +- Extract with: `ar p <file>.deb data.tar.gz | tar xzv` +- Set `DOWNLOAD="UNSUPPORTED"` and use `DOWNLOAD_x86_64` / `MD5SUM_x86_64` + (plus the i386 pair when the package is multi-arch) +- Strip ELF binaries after extraction + +#### `metasploit-framework-bin`: msfvenom bash-completion + +The shipped `msfvenom.bash-completion` is a **pre-generated snapshot**, not a +static file. Upstream (kali) no longer ships it; they generate it at build +time with a ruby script that loads the framework and dumps the live +payload/encoder/arch/platform/format lists. We ship a snapshot instead of +running ruby at build time (hermetic build, no build-time dep). + +**Regenerate it on every version bump.** After building and installing the +new package so `/opt/metasploit-framework` is live, pull the current +generator and run it against the installed framework's bundled ruby: + +```bash +curl -o /tmp/gen.rb \ + https://gitlab.com/kalilinux/packages/metasploit-framework/-/raw/kali/master/debian/generate-msfvenom-bash-completion.rb +/opt/metasploit-framework/embedded/bin/ruby \ + -I/opt/metasploit-framework/embedded/framework/lib /tmp/gen.rb \ + > metasploit-framework-bin/msfvenom.bash-completion +``` + +Verify the output is non-empty and the `%s` slots were filled (grep for real +payload names like `windows/meterpreter`), then commit it with the bump. + +#### `metasploit-framework-bin`: man pages + +The .deb ships **no** metasploit man pages (its `share/man` tree is only for +bundled deps like postgres/ruby). We ship `msfconsole.1` and `msfvenom.1` +from kali, who maintain them by hand (no generator script). The SlackBuild +gzips them into `/usr/man/man1`. **Refresh them on version bumps** in case +kali has updated them: + +```bash +for p in msfconsole msfvenom ; do + curl -o metasploit-framework-bin/$p.1 \ + https://gitlab.com/kalilinux/packages/metasploit-framework/-/raw/kali/master/debian/extra/$p.1 +done +``` + +For metasploit bumps, `PRGNAM=metasploit-framework-bin` with +`SRCNAM=metasploit-framework` drives the `.deb` glob and `/opt` path; pull +both-arch filenames and MD5s from the apt Packages indexes (`binary-amd64` +and `binary-i386`). + +### Data / archive packages + +Packages such as `SecLists`, `exploitdb` install data files rather than +compiled binaries. No stripping needed. + +--- + ## SlackBuild Scripting Guidelines - Follow the [SBo template](https://slackbuilds.org/templates/) as the base for all scripts |
