Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 272200

Summary: net-analyzer/w3af ebuild is broken
Product: Gentoo Linux Reporter: Anton Bolshakov <anton.bugs>
Component: New packagesAssignee: LABBE Corentin <clabbe.montjoie>
Status: RESOLVED FIXED    
Severity: QA CC: corentin.labbe, hwoarang
Priority: High Keywords: EBUILD
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://w3af.sourceforge.net/
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on: 237254, 340975    
Bug Blocks:    
Attachments: Ebuild for w3af
proposed diff
an updated ebuid
drop jsonpy dependency
w3af updated ebuild
w3af_gui launcher wrapper
w3af_console launcher wrapper
w3af updated ebuild

Description Anton Bolshakov 2009-06-02 01:44:58 UTC
w3af is a Web Application Attack and Audit Framework. The project's goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend.

w3af in the official Debian repositories - Fri, 22 May 2009 13:43:41 GMT
Thanks to the help of Luciano Bello, w3af made it to the official Debian repositories. For now, the package is only on the unstable branch, but for the dare-devils that use it, you can now install w3af by issuing "apt-get install w3af".

It would be useful to see it in Gentoo portage too.
Comment 1 Anton Bolshakov 2009-06-02 06:34:38 UTC
I've created an initial ebuild, but still working on it. So here is the link for now:
http://gentoo.o0o.nu/portage/net-analyzer/w3af/

Comment 2 montjoie 2010-08-05 14:42:12 UTC
http://www.gentoo.org/dyn/use-index.xml
(In reply to comment #1)
> I've created an initial ebuild, but still working on it. So here is the link
> for now:
> http://gentoo.o0o.nu/portage/net-analyzer/w3af/
> 

I have updated the ebuild with:
- use flag doc because documention is heavy
- Corrected dependency
- added a check for python build with sqlite

The dependance nltk isnt in portage (bug 237254 http://bugs.gentoo.org/237254)
Comment 3 montjoie 2010-08-05 14:45:05 UTC
Created attachment 241521 [details]
Ebuild for w3af
Comment 4 Anton Bolshakov 2010-08-06 13:13:15 UTC
(In reply to comment #2)
> I have updated the ebuild with:
> - use flag doc because documention is heavy
> - Corrected dependency
> - added a check for python build with sqlite

I've checked dependency list against listed packages in the documentation and believe that my ebuild is still better. For example, you need scapy and soappy packages. It also has a better RDEPEND category (required at runtime). Therefore, I won't adjust it in my ebuild. It also has sqlite enforcement and no documentation at all because it's mess (ODT, PDF and HTML).

FYI I've added "pentoo" temporary flag recently, because of pygoogle-ajax library in pentoo overlay. I hope to merge sectools overlay with pentoo sometime soon.
Comment 5 montjoie 2010-08-11 12:53:50 UTC
This is now in the sunrise overlay. You can find it at:
http://overlays.gentoo.org/proj/sunrise/browser/sunrise/net-analyzer/w3af/w3af-1.0_rc3.ebuild
Comment 6 Markos Chandras (RETIRED) gentoo-dev 2010-08-31 09:36:03 UTC
*w3af-1.0_rc3 (31 Aug 2010)

  31 Aug 2010; Markos Chandras <hwoarang@gentoo.org> +w3af-1.0_rc3.ebuild,
  +metadata.xml:
  Moved from sunrise overlay. Bug #272200. Thanks to LABBE Corentin
  (Montjoie) <corentin.labbe@geomatys.fr> for the ebuild
Comment 7 Anton Bolshakov 2010-08-31 10:15:24 UTC
As I mentioned, the attached ebuild is broken.

w3af_gui won't even run without pygoogle which you deleted in the ebuild.
The jsonpy library has been also deleted without any replacement.

Reopened.
Comment 8 Markos Chandras (RETIRED) gentoo-dev 2010-08-31 11:39:02 UTC
Created attachment 245462 [details, diff]
proposed diff

How about this patch?
Comment 9 Markos Chandras (RETIRED) gentoo-dev 2010-08-31 12:29:47 UTC
Fixed

Thank you
Comment 10 Anton Bolshakov 2010-08-31 17:17:48 UTC
Sorry, but it's not that simple to fix it. pygoogle is broken by itself, because google doesn't support SOAP anymore (see http://pygoogle.sourceforge.net/ for more details). We need dev-python/pygoogle-ajax (https://www.pentoo.ch/pentoo/browser/portage/trunk/dev-python/pygoogle-ajax) to replace it, I'll file a separate bug report.

So here is more questions for this ebuild:
- my ebuild (comment #1) has dev-python/pygraphviz instead of media-gfx/graphviz, does it make more sense?
- pentoo guys is also using dev-python/utidylib, but I'm not a python developer and not sure what is the purpose of it.
- Do we still need dev-python/soappy?

I'm reopening the bug for the last time for your review.
Thanks ..
Comment 11 Anton Bolshakov 2010-08-31 17:28:26 UTC
btw, your patch didn't address my comment about jsonpy.
We should remove binded version with w3af and use dev-python/json-py from the portage.

Comment 12 Markos Chandras (RETIRED) gentoo-dev 2010-08-31 17:40:17 UTC
(In reply to comment #11)
> btw, your patch didn't address my comment about jsonpy.
> We should remove binded version with w3af and use dev-python/json-py from the
> portage.
> 
There is no json-py in portage so we should stick with the bundled one until we come up with an ebuild

Perhaps I should mask the ebuild for now
Comment 13 Anton Bolshakov 2010-08-31 17:49:35 UTC
(In reply to comment #12)
> There is no json-py in portage so we should stick with the bundled one until we
> come up with an ebuild

You are right. Here is the candidate for yet another bug report:
http://gentoo.o0o.nu/portage/dev-python/json-py/
Comment 14 Markos Chandras (RETIRED) gentoo-dev 2010-08-31 19:08:52 UTC
OK i will mask the ebuild later until we figure out how to work on that
Comment 15 Anton Bolshakov 2010-10-14 08:26:17 UTC
(In reply to comment #14)
> OK i will mask the ebuild later until we figure out how to work on that
> 

Could you restrict the block to version that is the portage tree only? I'm using an ebuild from an overlay and that gets blocked as well.

http://trac.pentoo.ch/browser/portage/trunk/net-analyzer/w3af

Comment 16 Anton Bolshakov 2010-10-17 15:49:29 UTC
Created attachment 251027 [details]
an updated ebuid

I've merged my ebuild with portage's one. It works fine here if merged from pentoo overlay:
http://trac.pentoo.ch/browser/portage/trunk/net-analyzer/w3af

two more things need to be done to fix it in the portage:
 - dependent bugs resolved, including pygoogle-ajax package
 - "files" directory, as in pentoo
Comment 17 montjoie 2010-10-26 13:15:20 UTC
Created attachment 252027 [details, diff]
drop jsonpy dependency
Comment 18 montjoie 2010-10-26 13:15:39 UTC
Created attachment 252029 [details]
w3af updated ebuild
Comment 19 montjoie 2010-10-26 13:16:52 UTC
Created attachment 252031 [details]
w3af_gui launcher wrapper
Comment 20 montjoie 2010-10-26 13:17:07 UTC
Created attachment 252033 [details]
w3af_console launcher wrapper
Comment 21 montjoie 2010-10-27 14:50:10 UTC
Created attachment 252225 [details]
w3af updated ebuild
Comment 22 Markos Chandras (RETIRED) gentoo-dev 2010-10-27 15:53:18 UTC
I think it is in a better state now
Comment 23 Markos Chandras (RETIRED) gentoo-dev 2010-10-27 20:52:37 UTC
New ebuild on tree. Can you please verify that it works now?
Comment 24 Anton Bolshakov 2010-10-28 02:58:43 UTC
Thanks, basic functions work fine. Google search will be fixed in the next version.

The last touch (more for my information):
  shouldn't python wrapper dev-python/pygraphviz be used instead of media-gfx/graphviz (similar with pygtk)?
Comment 25 Markos Chandras (RETIRED) gentoo-dev 2010-10-28 10:19:48 UTC
Done

I will close this bug now. The ebuild will be masked until Sunday and then I will unmask it

Thank you all