Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create metapackages for common dependencies #673

Closed
Ana06 opened this issue Sep 29, 2023 · 4 comments · Fixed by #798
Closed

Create metapackages for common dependencies #673

Ana06 opened this issue Sep 29, 2023 · 4 comments · Fixed by #798
Assignees
@Ana06
Labels
🌀 COMMANDO-VM A package or future to be used by COMMANDO VM 🌀 FLARE-VM A package or feature to be used by FLARE-VM ❔ discussion Further discussion is needed 🆕 package New package request/idea/PR
Milestone
FLARE-VM 2023 Q4

Comments

@Ana06
Copy link
Member

Ana06 commented Sep 29, 2023

Installing several versions of the same software can be an issue (see for example: #622). That's why I think we should have metapackages for at least the several tools. This will make it easier in the future to keep them in sync.

python3.vm

We are currently using python [3.10.0, 3.11.0) in libraries.python3.vm, ida.plugin.capa.vm and didier-stevens-suite.vm.

openjdk.vm

We are currently using the open source openjdk in ghidra.vm and dex2jar.vm while we use javaruntime (last version of Java Oracle with a commercial license) in bytecodeviewer.vm. I propose we use a openjdk metapackage for all of them.

I think the only issue is that we need a workaround to open jar files by default.

At the moment we are using openjdk version [21.0.0], but I think we should update it to [21.0.0, 21.1.0) to prevent automatic updates. Only the metapackage will be tested when the dependency is updated. But even without the metapackage we are not testing that tools keep working in the CI only that they install successfully.

nodejs.vm

malware-jail.vm and pkg-unpacker (in #670) use nodejs version [20.7.0]. I propose to update to [20.7.0, 20.8.0) to prevent automatic updates for the reasons mention above.

@mandiant/flare-vm opinions? any other tools we should move to a metapackage?
@Ana06 Ana06 added ❔ discussion Further discussion is needed 🆕 package New package request/idea/PR labels Sep 29, 2023
@Ana06 Ana06 self-assigned this Sep 29, 2023
@Ana06 Ana06 added this to the FLARE-VM 2023 Q4 milestone Sep 29, 2023
@Ana06
Copy link
Member Author

Ana06 commented Oct 4, 2023
edited
Loading

I am thinking we should require libraries.python3.vm in ida.plugin.capa.vm and didier-stevens-suite.vm (and in general in other python packages) so that there are no conflicts with the basic libraries we install. I am not sure if we then want a python3.vm package that commando-vm can also use to keep the python version in sync as I assume they don't want to install our libraries. Or does it make sense to use the same libraries.python3.vm for both projects? @mandiant/flare-vm opinions?

@Ana06 Ana06 mentioned this issue Oct 4, 2023
Closed
@Ana06 Ana06 mentioned this issue Oct 12, 2023
Closed
@Ana06
Copy link
Member Author

Ana06 commented Oct 17, 2023

Documenting discussion with @MalwareMechanic:

We agree that dependencies should be contained in metapackages to prevent version issues

@Ana06 Ana06 mentioned this issue Oct 17, 2023
Closed
@Ana06 Ana06 added 🌀 FLARE-VM A package or feature to be used by FLARE-VM 🌀 COMMANDO-VM A package or future to be used by COMMANDO VM labels Oct 17, 2023
@Ana06 Ana06 mentioned this issue Oct 20, 2023
Merged
@Ana06
Copy link
Member Author

Ana06 commented Oct 25, 2023

vcredist140, used by nmap and rpcview is also a good candidate for a metapackage. I suggest to use version [14.36.32532, 14.37).

This was referenced Oct 25, 2023
Merged
Merged
@Ana06
Copy link
Member Author

Ana06 commented Dec 18, 2023

dotnet-6.vm is another candidate with version [6.0.400, 6.1)

This was referenced Dec 18, 2023
Merged
Merged
@Ana06 Ana06 mentioned this issue Dec 21, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Ana06 Ana06

Labels
🌀 COMMANDO-VM A package or future to be used by COMMANDO VM 🌀 FLARE-VM A package or feature to be used by FLARE-VM ❔ discussion Further discussion is needed 🆕 package New package request/idea/PR
Projects
None yet
Milestone
FLARE-VM 2023 Q4
Development

Successfully merging a pull request may close this issue.

Add metapackage for vcredist140 dependency Ana06/VM-Packages
1 participant
@Ana06