Create Binary Ninja package #1229
Conversation
|
Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). View this failed invocation of the CLA check for more information. For the most up to date status, view the checks section at the bottom of the pull request. |
sreinhardt
force-pushed
the
binja
branch
3 times, most recently
from
5835d8d to
c461d41
Compare
There was a problem hiding this comment.
@sreinhardt thanks a lot for your contribution! 💐
As documented in the Coding Conventions page in our Wiki:
vm.common/vm.common.psm1 defines functions that start with
VM-to reuse code among packages and make package creation easier. TheVM-helper functions muss be used when possible.
You have used idafree.vm as an example. But it is not the best example, as it is a complicated package that can't use the VM-Install-With-Installer helper because we are in addition installing our own IDA launcher. I think in your case you should be able to use the VM-Install-With-Installer helper function. A good example to check is the package bindiff.vm, that uses that helper function (and consequently is much simpler).
The tool and id/package name should not include the free in this case as it is not included in the executable name (binaryninja.exe).
| Import-Module vm.common -Force -DisableNameChecking | ||
|
|
||
| try { | ||
| $toolName = 'BinaryNinja Free' |
There was a problem hiding this comment.
As documented in the Coding Conventions page in our Wiki:
The name of the tool being installed (usually the file name with the
.exe)
| $toolName = 'BinaryNinja Free' | |
| $toolName = 'binaryninja' |
| <?xml version="1.0" encoding="utf-8"?> | ||
| <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd"> | ||
| <metadata> | ||
| <id>binaryninja-free.vm</id> |
There was a problem hiding this comment.
As documented in the id section in our Wiki:
The
idis the tool name (usually the file name with the.exe) lowercased and with the following format:toolname.vmortool-name.vm. Theidmust be identical to the tool directory name.
| <id>binaryninja-free.vm</id> | |
| <id>binaryninja.vm</id> |
| <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd"> | ||
| <metadata> | ||
| <id>binaryninja-free.vm</id> | ||
| <version>4.2</version> |
There was a problem hiding this comment.
It seems the version is 4.2.6455:
| <version>4.2</version> | |
| <version>4.2.6455</version> |
| packageName = ${Env:ChocolateyPackageName} | ||
| fileType = 'exe' | ||
| silentArgs = '/S /ALLUSERS=1' | ||
| url = 'https://cdn.binary.ninja/installers/binaryninja_free_win64.exe' |
There was a problem hiding this comment.
URLs that do not include the version are an issue as the hash changes when a new version is released breaking the package. We can still add this package, but depending how often the tool is updated, this is a blocker to add this package to the default FLARE-VM configuration, as broken packages confuse users. Do you know how often this tool is released? Is it possible to use a different URL that includes the version?
We verify some packages using SigCheck instead of hash verification because of this reason. At the moment we only do it for Google/Microsoft tools as documented in the Wiki. We are planing to extend this verification to Zimmerman tools in #1199
Loosely copied Ida package to support Binary Ninja install. My understanding is this is free for personal use and adding a license enables any additional features or commercial use, so not sure how applicable free is?