path: root/CLAUDE.md

# Slackware Pentesting Suite

A curated collection of penetration testing tools packaged as SlackBuilds for
Slackware GNU/Linux, following [SlackBuilds.org (SBo)](https://slackbuilds.org)
conventions where applicable.

---

## Repo Structure

Each package lives in its own top-level subfolder:

```
<package-name>/
├── <package-name>.SlackBuild   # Main build script
├── <package-name>.info         # Metadata (version, checksums, URLs)
├── README                      # Description and usage notes
├── slack-desc                  # Package description (11-line format)
├── <package-name>.desktop      # (optional) Desktop entry for GUI apps
├── doinst.sh                   # (optional) Post-install script
├── rc.<daemon>                 # (optional) Init script for daemon packages
├── patches/                    # (optional) Patch directory for source builds
│   ├── series                  # (optional) Ordered patch list
│   └── *.patch
└── [...]                       # Other optional files (man pages, completions, etc.)
```

---

## Build Strategies

Packages in this repo fall into several categories — the SlackBuild style
differs accordingly.

### 1. Source builds (Go)

Packages such as `ffuf`, `gobuster`, `nuclei` are built from upstream source
tarballs using `go build`. Key points:

- Set `GOPATH`, `GOPROXY`, `GOFLAGS` before building
- Use `-buildmode=pie -trimpath -mod=readonly -modcacherw`
- Strip ELF binaries after build
- Clean up `$GOPATH` / Go module cache before packaging
- `REQUIRES="google-go-lang"` in the `.info` file

### 2. Source builds (autotools / cmake)

Packages such as `hydra`, `cadaver` are built from source using `./configure`
or `cmake`. Follow standard SBo template conventions.

### 3. Binary repacks — Debian `.deb`

Packages such as `metasploit-framework` are repacked from upstream `.deb`
archives:

- Extract with: `ar p <file>.deb data.tar.gz | tar xzv`
- Set `DOWNLOAD="UNSUPPORTED"` and use `DOWNLOAD_x86_64` / `MD5SUM_x86_64`
- These packages are x86_64 only; exit with an error for other arches
- Strip ELF binaries after extraction

### 4. Binary repacks — RPM

Packages such as `nessus` are repacked from upstream `.rpm` archives:

- Extract with: `rpm2cpio <file>.rpm | cpio -idmv`
- Set `DOWNLOAD="UNSUPPORTED"` and use `DOWNLOAD_x86_64` / `MD5SUM_x86_64`

### 5. Data / archive packages

Packages such as `SecLists`, `exploitdb`, `webshells`, `windows-binaries`
install data files rather than compiled binaries. No stripping needed.

---

## SlackBuild Scripting Guidelines

- Follow the [SBo template](https://slackbuilds.org/templates/) as the base
- Use `set -e` to abort on errors
- Honor `$TMP`, `$BUILD`, `$TAG`, `$OUTPUT`; provide defaults if unset
- Use `$ARCH` detection with proper `SLKCFLAGS` and `LIBDIRSUFFIX`
- Strip binaries and libraries unless the package type makes it irrelevant
- Install docs to `/usr/doc/$PRGNAM-$VERSION/`
- Always include `find -L` + `chown`/`chmod` cleanup block before packaging
- Use `makepkg -l y -c n` to create the final package

### Patch support

When upstream patches are needed, store them in `patches/` and apply via:

```bash
if compgen -G "$CWD/patches/*.patch" > /dev/null; then
  if [ -f "$CWD/patches/series" ]; then
    while IFS= read -r PATCH; do
      [ -z "$PATCH" ] && continue
      [ "${PATCH#\#}" != "$PATCH" ] && continue
      patch -p1 -i "$CWD/patches/$PATCH"
    done < "$CWD/patches/series"
  else
    for PATCH in "$CWD"/patches/*.patch; do
      patch -p1 -i "$PATCH"
    done
  fi
fi
```

---

## `.info` File

Must contain:

```
PRGNAM="..."
VERSION="..."
HOMEPAGE="..."
DOWNLOAD="..."
MD5SUM="..."
DOWNLOAD_x86_64=""
MD5SUM_x86_64=""
REQUIRES=""
MAINTAINER="danix"
EMAIL="danix@danix.xyz"
```

- Use `DOWNLOAD="UNSUPPORTED"` when no 32-bit source exists
- Use `DOWNLOAD_x86_64` / `MD5SUM_x86_64` for architecture-specific downloads
- Checksums must match the exact source archive
- `REQUIRES=""` if no SBo dependencies; list space-separated SBo names otherwise
- For packages originally authored by others (e.g. Nessus), preserve the
  original `MAINTAINER` and `EMAIL` values

---

## `slack-desc`

- Exactly 11 lines in the `package-name: description` format
- First line: `package-name: package-name (short one-liner)`
- Lines 2–11: description; blank lines use `package-name:` with nothing after
- Do not include the ruler line in the committed file

---

## Tooling: sbo-maintainer-tools

Source: https://slackware.uk/~urchlay/repos/sbo-maintainer-tools

| Tool | Purpose |
|------|---------|
| `sbolint` | Lint `.SlackBuild`, `README`, `.info`, `slack-desc` |
| `sbopkglint` | Lint the built package |
| `sbofixinfo` | Auto-fix common `.info` file issues |
| `sbodl` | Download sources and verify `MD5SUM`/`SHA256SUM` from `.info` |

### Workflow per package

```bash
# 1. Fix any .info issues automatically
cd <package-name> && sbofixinfo

# 2. Download sources and verify checksums
# NOTE: when updating to a new version, sbodl will download the source but fail
# because the .info file still has the old (or placeholder) MD5SUM. In that case:
#   a) compute the checksum manually: md5sum <source-file>
#   b) update MD5SUM in the .info file
#   c) run sbodl again — it should now report "md5sum matches OK"
cd <package-name> && sbodl

# 3. Lint the script and metadata
cd <package-name> && sbolint

# 4. Build the package
cd <package-name> && sudo bash <package-name>.SlackBuild

# 5. Lint the built package
cd <package-name> && sbopkglint

# 6. Remove symlinks created by sbodl before staging
# sbodl creates symlinks in the package directory pointing to downloaded sources.
# These must never be committed to git.
find . -type l -delete

# 7. Commit
git add <package-name>/
git commit -m'<package-name>: add version X.Y.Z'
```

---

## Commit Conventions

- One commit per package add/update
- Commit message format:
  - Add: `<package-name>: add version X.Y.Z`
  - Update: `<package-name>: update to X.Y.Z`
  - Fix: `<package-name>: fix <short description>`

---

## Maintainer

danix — danix@danix.xyz