@automattic/yara 2.4.0 → 2.5.0

package/.dockerignore

@@ -0,0 +1,6 @@
+Dockerfile
+README.md
+build/
+deps/yara-*
+example/
+node_modules/

package/.github/dependabot.yml

@@ -0,0 +1,14 @@
+# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+# https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates#package-ecosystem
+version: 2
+
+updates:
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "daily"
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: daily

package/.github/workflows/build.yml

@@ -0,0 +1,108 @@
+# Here we build the yara.node binary, package it and copy it to the repository.
+# Both MacOS and Linux (Debian-based) versions are built here.
+name: Build the binary
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+
+# allow these jobs to commit to the repository
+permissions:
+  contents: write
+
+jobs:
+  # We need to use the node-yara binary on Debian 10.x machines
+  # hence we're using the container to build it
+  build-debian:
+    strategy:
+      fail-fast: false
+      matrix:
+        node-version:
+#        - '14'
+        - '16'
+#        - '18'
+
+    runs-on: ubuntu-22.04
+
+    steps:
+    - uses: actions/checkout@v3
+
+    - name: Build binaries inside the container
+      run: |
+        set -x
+        
+        # what's the package version?
+        # e.g.  Binary staged at "build/stage/Automattic/node-yara/raw/master/binaries/yara-v2.5.0-linux-x64.tar.gz"
+        export PACKAGE_VERSION=$(jq -r .version package.json)
+
+        # build inside the container and copy the package to the host
+        docker build -t yara/debian .
+        docker images
+        docker run --rm --volume /tmp:/tmp yara/debian cp ./binaries/yara-v${PACKAGE_VERSION}-linux-x64.tar.gz /tmp
+        ls -lh /tmp/yara-v${PACKAGE_VERSION}-*
+
+        # copy it to the repository clone and see if there's a difference
+        cp /tmp/yara-v${PACKAGE_VERSION}-* ./binaries
+        git status  --porcelain
+
+    # By default, the commit is made in the name of "GitHub Actions"
+    # and co-authored by the user that made the last commit.
+    # https://github.com/marketplace/actions/git-auto-commit
+    - name: Commit the changes to the binary files
+      if: false  # node-gyp builds are not reproducible, hence each build would create a "new" commit -> disabling for now (comment out this line if needed)
+      uses: stefanzweifel/git-auto-commit-action@v4
+      with:
+        ref: ${{ github.head_ref }}  # https://github.com/marketplace/actions/git-auto-commit#checkout-the-correct-branch
+        commit_message: Commit the binary package changes for Linux / Node.js ${{ matrix.node-version }}
+        file_pattern: './binaries/*.tar.gz'
+
+
+  build-macos:
+    strategy:
+      fail-fast: false
+      matrix:
+        node-version:
+#        - '14'
+        - '16'
+#        - '18'
+
+    runs-on: macos-12
+
+    steps:
+    - uses: actions/checkout@v3
+
+    - name: Setup MacOs
+      run: brew install autoconf automake libmagic
+
+    - name: Use Node.js ${{ matrix.node-version }}
+      uses: actions/setup-node@master
+      with:
+        node-version: ${{ matrix.node-version }}
+
+    - name: Build binaries with node-pre-gyp
+      run: |
+        set -x
+        npm install --ignore-scripts
+        time -p npx node-pre-gyp configure rebuild
+
+        otool -L build/Release/yara.node
+
+        npx node-pre-gyp configure package
+
+        cp ./build/stage/Automattic/node-yara/raw/master/binaries/yara-*.tar.gz ./binaries
+        git status  --porcelain
+
+    - name: Run tests
+      run: npm test
+
+    # By default, the commit is made in the name of "GitHub Actions"
+    # and co-authored by the user that made the last commit.
+    # https://github.com/marketplace/actions/git-auto-commit
+    - name: Commit the changes to the binary files
+      if: false  # node-gyp builds are not reproducible, hence each build would create a "new" commit -> disabling for now (comment out this line if needed)
+      uses: stefanzweifel/git-auto-commit-action@v4
+      with:
+        ref: ${{ github.head_ref }}  # https://github.com/marketplace/actions/git-auto-commit#checkout-the-correct-branch
+        commit_message: Commit the binary package changes for MacOS / Node.js ${{ matrix.node-version }}
+        file_pattern: './binaries/*.tar.gz'

package/.github/workflows/debian-tests.yml

@@ -0,0 +1,44 @@
+# Check if the binaries we have in this repository actually work when "npm i" is run
+name: Install and test the binary
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+
+jobs:
+  test:
+    strategy:
+      fail-fast: false
+      matrix:
+        node-version:
+#        - '14'
+        - '16.16'
+#        - '18'
+        container:
+        - 'node:16.16-buster-slim'
+        - 'node:16.16-bullseye-slim'
+        - 'debian:unstable-slim'
+
+    runs-on: 'ubuntu-22.04'  # the host system for the Action to be run, tests will be run inside the containers defined above
+
+    container:
+      image: ${{ matrix.container }}
+
+    steps:
+    - uses: actions/checkout@v3
+
+    - name: Use Node.js ${{ matrix.node-version }}
+      if: matrix.container == 'debian:unstable-slim'  # node:16.16 containers already have Node.js installed, obviously :)
+      uses: actions/setup-node@master
+      with:
+        node-version: ${{ matrix.node-version }}
+
+    - name: Print distro and Node.js version information
+      run: cat /etc/os-release && node -v && npm -v
+
+    - name: Install the package
+      run: npm install
+
+    - name: Run the tests
+      run: npm test

package/.github/workflows/npmpublish.yml

@@ -13,7 +13,7 @@ jobs:
   publish-npm:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - uses: actions/setup-node@v1
         with:
           node-version: 14

package/.github/workflows/tests.yml

@@ -1,7 +1,5 @@
-# This workflow will do a clean install of node dependencies, build the source code and run tests
-# For more information see: https://help.github.com/actions/language-and-framework-guides/using-nodejs-with-github-actions
-
-name: Tests
+# Check if the binaries we have in this repository actually work when "npm i" is run
+name: Install and test the binary
 
 on:
   push:
@@ -14,40 +12,25 @@ jobs:
       fail-fast: false
       matrix:
         node-version:
-        - '14'
+#        - '14'
         - '16'
-        - '18'
+#        - '18'
         os:
-        - 'ubuntu'
-        - 'macos'
+        - 'ubuntu-22.04'
+        - 'macos-12'
 
-    runs-on: ${{ matrix.os }}-latest
+    runs-on: ${{ matrix.os }}
 
     steps:
-    - uses: actions/checkout@v2
-
-    - name: Setup MacOs
-      if: matrix.os == 'macos'
-      run: brew install autoconf automake libmagic
+    - uses: actions/checkout@v3
 
     - name: Use Node.js ${{ matrix.node-version }}
       uses: actions/setup-node@master
       with:
         node-version: ${{ matrix.node-version }}
 
-    - name: Build binaries with node-pre-gyp
-      run: |
-        set -x
-        npm install --build-from-source
-
-        ls -lh ./build/Release
-        md5sum ./build/Release/yara.node || md5 ./build/Release/yara.node || true
-
-    - name: Upload binaries as Action run artifacts
-      uses: actions/upload-artifact@v2
-      with:
-        name: node${{ matrix.node-version }}-${{ matrix.os }}-yara.node
-        path: ./build/Release/yara.node
+    - name: Install the package
+      run: npm install
 
-    - name: Run tests
+    - name: Run the tests
       run: npm test

package/.nvmrc

@@ -0,0 +1 @@
+16.16.0

package/Dockerfile

@@ -0,0 +1,40 @@
+# this container is used to build binaries for Debian 10 (aka oldstable)
+FROM node:16.16-buster-slim
+
+RUN apt-get update -y && \
+	apt-get install -y \
+		autoconf \
+		build-essential \
+		curl \
+		libmagic-dev \
+		libssl-dev \
+		libtool \
+		pkg-config \
+		python3 \
+		time
+
+WORKDIR /opt/a8c/node-yara
+ENV HOME /opt/a8c/node-yara
+
+# leverage the build cache by copying only the dependencies definition
+COPY package.json .
+RUN npm install --ignore-scripts
+
+# now, let's copy the rest of the code
+COPY . .
+
+# we do not need root anymore
+RUN chown -R nobody:nogroup ${HOME}
+USER nobody
+
+# build and test it
+RUN time -p npx node-pre-gyp configure rebuild && \
+	npm t
+
+# see dynamic dependencies
+RUN ldd build/Release/yara.node
+
+# prepare a tar.gz package and copy it to the binaries/ directory
+RUN npx node-pre-gyp package && \
+	cp build/stage/Automattic/node-yara/raw/master/binaries/yara-*.tar.gz ./binaries && \
+	ls -lh ./binaries

package/README.md

@@ -5,18 +5,7 @@ This module implements [YARA][yara] bindings for [Node.js][nodejs].
 
 **This module is supported on Linux and MacOS (using homebrew) platforms only**
 
-This module uses the installed version of libyara 3.9. You should download,
-compile and install your preferred version, or use one of the following
-commands using your system package manager:
-
-	# CentOS/Red Hat
-	sudo yum install yara-devel
-	
-	# Debian/Ubuntu
-	sudo apt-get install libyara-dev
-	
-	# MacOS (using homebrew)
-	sudo brew install yara
+This module is built [using libyara 4.2.3](https://github.com/Automattic/node-yara/blob/master/Makefile#L14) and is statically linked against [libmagic](https://linux.die.net/man/3/libmagic).
 
 This module is installed using [node package manager (npm)][npm]:
 
@@ -26,6 +15,33 @@ This module is installed using [node package manager (npm)][npm]:
 
 	npm i --save "yara@npm:@automattic/yara@latest"
 
+# Developing
+
+Or when developing this module, run the following after cloning the repo:
+
+1. Clone the repo.
+2. Make sure the dependencies are installed.
+
+For Linux see the `Dockerfile`. For MacOS run `brew install autoconf automake libmagic`.
+
+3. Make sure that you're using the proper Node.js version by running `nvm use`.
+4. Run:
+```
+$ npm install --ignore-scripts
+
+$ ./node_modules/.bin/node-pre-gyp configure rebuild
+(...)
+  SOLINK_MODULE(target) Release/yara.node
+
+$ ./node_modules/.bin/node-pre-gyp package
+(...)
+node-pre-gyp info package Binary staged at "build/stage/Automattic/node-yara/raw/master/binaries/yara-v2.4.0-darwin-x64.tar.gz"
+node-pre-gyp info ok 
+
+$ mv build/stage/Automattic/node-yara/raw/master/binaries/yara-*.tar.gz ./binaries
+```
+5. Now you have a new `yara.tar.gz` archives in the `binaries` directory.
+
 It is loaded using the `require()` function:
 
 	var yara = require("yara")

package/binaries/README.md

@@ -0,0 +1,36 @@
+Binaries
+========
+
+These are pre-build binaries coming from the GH Action in this repository. They're used by `node-gyp` and fetched when you run `npm i` for `node-yara` package.
+
+For instance:
+
+```
+node-yara$ npm i
+
+> @automattic/yara@2.4.0 install
+> node-pre-gyp install --fallback-to-build
+
+node-pre-gyp info it worked if it ends with ok
+node-pre-gyp info using node-pre-gyp@1.0.10
+node-pre-gyp info using node@16.16.0 | linux | x64
+node-pre-gyp info check checked for "/tmp/node-yara/build/Release/yara.node" (not found)
+node-pre-gyp http GET https://github.com/Automattic/node-yara/raw/master/binaries/yara-v2.4.0-linux-x64.tar.gz
+node-pre-gyp info install unpacking Release/.deps/Release/obj.target/yara/src/yara.o.d
+node-pre-gyp info install unpacking Release/.deps/Release/obj.target/yara.node.d
+node-pre-gyp info install unpacking Release/.deps/Release/yara.node.d
+node-pre-gyp info install unpacking Release/.deps/build/yara.d
+node-pre-gyp info install unpacking Release/obj.target/yara/src/yara.o
+node-pre-gyp info install unpacking Release/obj.target/yara.node
+node-pre-gyp info extracted file count: 6 
+[@automattic/yara] Success: "/tmp/node-yara/build/Release/yara.node" is installed via remote
+node-pre-gyp info ok 
+node-pre-gyp info install unpacking Release/yara.node
+
+up to date, audited 119 packages in 4s
+
+22 packages are looking for funding
+  run `npm fund` for details
+
+found 0 vulnerabilities
+```

package/binding.gyp

@@ -1,5 +1,24 @@
 {
   "targets": [
+    {
+      "target_name": "action_before_build",
+      "type": "none",
+      "copies": [],
+      "conditions": [
+        ['OS == "linux"', {
+          "copies": [{
+            "files": [ "/usr/lib/x86_64-linux-gnu/libmagic.a" ],
+            "destination": "build/"
+          }],
+        }],
+        ['OS == "mac"', {
+          "copies": [{
+            "files": [ "/usr/local/opt/libmagic/lib/libmagic.a" ],
+            "destination": "build/"
+          }],
+        }],
+      ],
+    },
     {
       "target_name": "yara",
       "sources": [
@@ -14,7 +33,7 @@
         "./build/yara/include"
       ],
       "libraries": [
-        "-lmagic",
+        "../build/libmagic.a",
         "../build/yara/lib/libyara.a"
       ],
       "conditions": [

package/package.json

@@ -1,17 +1,26 @@
 {
   "name": "@automattic/yara",
-  "version": "2.4.0",
+  "version": "2.5.0",
   "description": "Automattic's fork of YARA support for Node.js",
   "main": "index.js",
   "directories": {
     "example": "example"
   },
   "dependencies": {
-    "nan": "2.14.*",
-    "typescript": "^3.8.3"
+    "@mapbox/node-pre-gyp": "^1.0.10",
+    "nan": "2.17.*",
+    "typescript": "^4.9.5"
   },
   "scripts": {
-    "test": "mocha test/*"
+    "test": "mocha test/*",
+    "install": "node-pre-gyp install --fallback-to-build"
+  },
+  "binary": {
+    "module_name": "yara",
+    "module_path": "./build/Release",
+    "host": "https://github.com/",
+    "remote_path": "/Automattic/node-yara/raw/master/binaries/",
+    "package_name": "{module_name}-v{version}-{platform}-{arch}.tar.gz"
   },
   "contributors": [
     {