This package is a repackaged version of https://github.com/hillu/go-yara which focuses on making it easier to use.
Instead of requiring users to install the yara library on the build system, this package already includes the library within it. This makes it very easy to use - simply add the dependency and build normally.
The resulting binary will also be statically built and have no external shared object dependencies. No need to mess with build flags:
~/go/src/github.com/Velocidex/go-yara$ go build _examples/simple-yara/simple-yara.go
~/go/src/github.com/Velocidex/go-yara$ ldd simple-yara
linux-vdso.so.1 (0x00007ffd4085a000)
libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007fcd9867c000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fcd9828b000)
/lib64/ld-linux-x86-64.so.2 (0x00007fcd9889b000)
To build for windows, there is no need to build the yara library first, just build your project with the usual steps:
~/go/src/github.com/Velocidex/go-yara$ GOOS=windows GOARCH=amd64 \
CGO_ENABLED=1 CC=x86_64-w64-mingw32-gcc \
go build _examples/simple-yara/simple-yara.go
Go bindings for YARA, staying as
close as sensible to the library's C-API while taking inspiration from
the yara-python implementation.
On a Unix system with libyara, its header files, and pkg-config
installed, the following should simply work, provided that GOPATH is
set:
go get github.com/hillu/go-yara
go install github.com/hillu/go-yara
The pkg-config program should be able to output the correct compiler
and linker flags from the yara.pc file that has been generated and
installed by YARA's build system. If libyara has been installed to
a custom location, the PKG_CONFIG_PATH environment variable can be
used to point pkg-config at the right yara.pc file. If
pkg-config cannot be used at all, please refer to the "Build Tags" section.
Linker errors in the compiler output such as
undefined reference to `yr_compiler_add_file'
indicate that the linker is probably looking at an old version of libyara. Please refer to the "Build Tags" section below on how to work with old YARA versions.
go-yara can be cross-built for a different CPU architecture/operating system platform, provided a C cross-compiler for the target platform is available to be used by the cgo tool.
After the yara library has been built from its source tree using the
proper C cross-compiler through the usual configure / make / make install steps, go-yara can be built and installed. Some environment
variables need to be set when running go build or go install:
GOOS,GOARCHindicate the cross compilation target.CGO_ENABLEDhas to be set to 1 beacuse it defaults to 0 when cross-compiling.CChas to specified because cgo has no prior knowledge about what C compiler to chose for cross-compiling. (it defaults to the system C compiler, usually gcc).PKG_CONFIG_PATHhas to be set in so that pkg-config which is run by cgo for determining compiler and linker flags can find theyara.pcfile generated while cross-building yara.
Install the MinGW C compiler gcc-mingw-w64-i686,
gcc-mingw-w64-x86-64 for Win32, Win64, respectively.
Build libyara and go-yara for Win32:
$ cd ${YARA_SRC} \
&& ./bootstrap.sh \
&& ./configure --host=i686-w64-mingw32 --disable-magic --disable-cuckoo --without-crypto --prefix=${YARA_SRC}/i686-w64-mingw32 \
&& make -C ${YARA_SRC} \
&& make -C ${YARA_SRC} install
$ GOOS=windows GOARCH=amd64 CGO_ENABLED=1 \
CC=i686-w64-mingw32-gcc \
PKG_CONFIG_PATH=${YARA_SRC}/i686-w64-mingw32/lib/pkgconfig \
go inxstall -ldflags '-extldflags "-static"' github.com/hillu/go-yara
Build libyara and go-yara for Win64:
$ cd ${YARA_SRC} \
&& ./bootstrap.sh \
&& ./configure --host=x86_64-w64-mingw32 --disable-magic --disable-cuckoo --without-crypto --prefix=${YARA_SRC}/x86_64-w64-mingw32 \
&& make -C ${YARA_SRC} \
&& make -C ${YARA_SRC} install
$ GOOS=windows GOARCH=amd64 CGO_ENABLED=1 \
CC=x86_64-w64-mingw32-gcc \
PKG_CONFIG_PATH=${YARA_SRC}/x86_64-w64-mingw32/lib/pkgconfig \
go install -ldflags '-extldflags "-static"' github.com/hillu/go-yara
go-yara is tested with the latest stable version of YARA, currently
3.11. If you need to to build with an older version of YARA, certain
features that are not present in older versions can be excluded by
passing a build tag such as yara3.7, yara3.6, yara3.5, etc.. If
you want to build with a git snapshot of YARA, you may use a build tag
corresponding to the upcoming stable YARA version, currently
yara3.9. You also need to pass the tag when you build your own
project.
The build tag yara_static can be used to tell the Go toolchain to
run pkg-config with the --static switch. This is not enough for a
static build; the appropriate linker flags (e.g. -extldflags "-static") still need to be passed to the go tool.
The build tag no_pkg_config can be used to tell the Go toolchain not
to use pkg-config's output. In this case, any compiler or linker
flags have to be set via the CGO_CFLAGS and CGO_LDFLAGS
environment variables, e.g.:
export CGO_CFLAGS="-I${YARA_SRC}/libyara/include"
export CGO_LDFLAGS="-L${YARA_SRC}/libyara/.libs -lyara"
go install -tags no_pkg_config github.com/hillu/go-yara
BSD 2-clause, see LICENSE file in the source distribution.
Hilko Bengen [email protected]