# SBo SlackBuilds Repository SlackBuild scripts maintained by Danilo (danix) and submitted to [SlackBuilds.org (SBo)](https://slackbuilds.org). This repo holds ONLY the packages for which danix is the **official SBo maintainer**. Lead and experimental packages not on SBo under danix live in the separate `my-slackbuilds` repository. --- ## Repo Structure Each package lives in its own top-level subfolder: ``` / ├── .SlackBuild # Main build script ├── .info # Metadata (version, checksums, URLs) ├── README # Description and usage notes ├── slack-desc # Package description (11-line format) ├── .desktop # (optional) Desktop entry for GUI apps └── [...] # other optional files ``` Version tracking is handled by a single file: ``` .extras/nvchecker.toml # nvchecker config listing all packages ``` ### `.extras/` holds all non-package repo files Anything that is not a SlackBuild package must live under `.extras/`, never at the repo root. --- ## Build Strategies Packages fall into several categories; the SlackBuild style differs accordingly. ### Source builds (Go) Packages such as `ffuf`, `gobuster`, `nuclei` are built from upstream source tarballs using `go build`. Key points: - Set `GOPATH`, `GOPROXY`, `GOFLAGS` before building - Use `-buildmode=pie -trimpath -mod=readonly -modcacherw` - Strip ELF binaries after build - Clean up `$GOPATH` / Go module cache before packaging - `REQUIRES="google-go-lang"` in the `.info` file ### Source builds (Rust) Packages such as `feroxbuster` build from a vendored crates tarball (`--vendor.tar.gz`) declared as a second source in `.info`, alongside the upstream tarball. The SlackBuild unpacks it, points cargo at it via `.cargo/config.toml`, and builds fully offline (`cargo build --offline --locked`). The vendor tarball is generated once per version with `cargo-vendor-filterer`, with `SOURCE_DATE_EPOCH` pinned to the release tag's commit date for a byte-for-byte reproducible archive. The exact command is recorded in the package's own `README`. ### Binary repacks — Debian `.deb` Packages such as `metasploit-framework-bin` are repacked from upstream `.deb` archives (SBo convention: `.deb`/binary repacks take a `-bin` suffix): - Extract with: `ar p .deb data.tar.gz | tar xzv` - Set `DOWNLOAD="UNSUPPORTED"` and use `DOWNLOAD_x86_64` / `MD5SUM_x86_64` (plus the i386 pair when the package is multi-arch) - Strip ELF binaries after extraction #### `metasploit-framework-bin`: msfvenom bash-completion The shipped `msfvenom.bash-completion` is a **pre-generated snapshot**, not a static file. Upstream (kali) no longer ships it; they generate it at build time with a ruby script that loads the framework and dumps the live payload/encoder/arch/platform/format lists. We ship a snapshot instead of running ruby at build time (hermetic build, no build-time dep). **Regenerate it on every version bump.** After building and installing the new package so `/opt/metasploit-framework` is live, pull the current generator and run it against the installed framework's bundled ruby: ```bash curl -o /tmp/gen.rb \ https://gitlab.com/kalilinux/packages/metasploit-framework/-/raw/kali/master/debian/generate-msfvenom-bash-completion.rb /opt/metasploit-framework/embedded/bin/ruby \ -I/opt/metasploit-framework/embedded/framework/lib /tmp/gen.rb \ > metasploit-framework-bin/msfvenom.bash-completion ``` Verify the output is non-empty and the `%s` slots were filled (grep for real payload names like `windows/meterpreter`), then commit it with the bump. #### `metasploit-framework-bin`: man pages The .deb ships **no** metasploit man pages (its `share/man` tree is only for bundled deps like postgres/ruby). We ship `msfconsole.1` and `msfvenom.1` from kali, who maintain them by hand (no generator script). The SlackBuild gzips them into `/usr/man/man1`. **Refresh them on version bumps** in case kali has updated them: ```bash for p in msfconsole msfvenom ; do curl -o metasploit-framework-bin/$p.1 \ https://gitlab.com/kalilinux/packages/metasploit-framework/-/raw/kali/master/debian/extra/$p.1 done ``` For metasploit bumps, `PRGNAM=metasploit-framework-bin` with `SRCNAM=metasploit-framework` drives the `.deb` glob and `/opt` path; pull both-arch filenames and MD5s from the apt Packages indexes (`binary-amd64` and `binary-i386`). ### Data / archive packages Packages such as `SecLists`, `exploitdb` install data files rather than compiled binaries. No stripping needed. --- ## SlackBuild Scripting Guidelines - Follow the [SBo template](https://slackbuilds.org/templates/) as the base for all scripts - Use `set -e` to abort on errors - Honor `$TMP`, `$BUILD`, `$TAG`, `$OUTPUT` variables; default values must be set if unset - Use `$ARCH` detection with proper `SLKCFLAGS` and `LIBDIRSUFFIX` - Strip binaries and libraries unless upstream explicitly discourages it - Install docs to `/usr/doc/$PRGNAM-$VERSION/` - Always include `find -L` + `chown`/`chmod` cleanup block before packaging - Copy repo files into `$PKG` with `cat src > dest`, never `cp`. `cat` writes through a fresh destination so the build's umask/root ownership sets the perms; `cp` bleeds the git working-tree mode/ownership into the package. Applies to `slack-desc`, `doinst.sh`, and any file staged from `$CWD` (SlackBuild, README, `.nvchecker`) into `$PKG`. - Use `makepkg -l y -c n` to create the final package ### `.info` file Must contain: ``` PRGNAM, VERSION, HOMEPAGE, DOWNLOAD, MD5SUM (or SHA256SUM), REQUIRES, MAINTAINER, EMAIL ``` - Checksums must match the exact source archive - MAINTAINER/EMAIL are danix's, since this repo is his SBo-official packages - Use `REQUIRES=""` if no SBo dependencies; list space-separated SBo package names otherwise ### `slack-desc` - Exactly 11 lines in the `package-name: description` format - First line: `package-name: package-name (short one-liner)` - Lines 2–11: description, leave blank lines as `package-name:` - Handy ruler line must be included (but not shipped) --- ## Version Tracking: nvchecker A single `.extras/nvchecker.toml` tracks upstream versions for all packages. To check for new upstream versions: ```bash nvchecker -c .extras/nvchecker.toml ``` When a new version is detected, update `VERSION` in both `.SlackBuild` and `.info`, then run `sbofixinfo` to refresh checksums. **Every package added to this repo must have a corresponding entry in `.extras/nvchecker.toml`.** For **nvchecker** github stanzas prefer `use_latest_release` (hits `releases/latest`, lenient) over `use_max_tag` (hits `git/refs/tags`, tightly rate-limited and 403s under the shared anon budget); use `use_max_tag` only for repos that tag but don't cut Releases (a `use_latest_release` probe 404s on those). Probe ONE stanza with `nvchecker -c -e `. --- ## Tooling: sbo-maintainer-tools Source: https://slackware.uk/~urchlay/repos/sbo-maintainer-tools | Tool | Purpose | |------|---------| | `sbolint` | Lint `.SlackBuild`, `README`, `.info`, `slack-desc` | | `sbopkglint` | Lint the built package | | `sbofixinfo` | Auto-fix common `.info` file issues | | `sbodl` | Download sources and verify `MD5SUM`/`SHA256SUM` from `.info` | ### Git hook setup Both hooks are tracked in `.extras/hooks/`. Install them after cloning: ```bash cp .extras/hooks/pre-commit .git/hooks/pre-commit cp .extras/hooks/post-commit .git/hooks/post-commit chmod +x .git/hooks/pre-commit .git/hooks/post-commit ``` To bypass the pre-commit lint check in exceptional cases: ```bash SBOLINT=no git commit -m'Message here' ``` Note: `sbodl` creates symlinks in the package directory pointing to downloaded sources. Remove them before staging (`find . -type l -delete`); they must never be committed. --- ## Who builds SlackBuilds Only the user builds SlackBuilds, on their own infra. Claude authors/edits the sources (`.SlackBuild`, `.info`, `README`, `slack-desc`, `doinst.sh`, nvchecker stanzas) and runs only the non-building checks (`sbolint`, `sbodl`, `sbofixinfo`); the user builds and reports back. Never run or offer `bash .SlackBuild`, `sbopkglint`, or `slackrepo build`. --- ## SBo Submission Guidelines Before submitting or updating a package on SlackBuilds.org: 1. **Pass all lint checks** — `sbolint` and `sbopkglint` must report no errors 2. **Test the build** on a clean Slackware installation (or VM snapshot) 3. **Verify checksums** via `sbodl` before committing 4. **Check `README`** includes all non-SBo dependencies and any special build notes 5. **Follow the SBo submission guidelines**: https://slackbuilds.org/guidelines/ 6. **Bump `VERSION`** in both `.SlackBuild` and `.info` when updating 7. **Run `sbofixinfo`** after every version bump to catch stale checksums/URLs --- ## Commit Conventions - One commit per package add/update - Commit message format: `: add version X.Y.Z` or `: update to X.Y.Z` - For fixes: `: fix ` --- ## Maintainer danix