Discussion:
[W3af-develop] Continuous integration to debian packages
Sergey
2015-02-26 04:30:12 UTC
Permalink
Hi, Andres and everybody.

Right now I see that we have working CI builds of w3af Docker images.
I'd like to know if anybody has some setup for building of w3af debian
packages. For example using virtualenv/dh-virtualenv or fabric/robe or
something like this?

Thank you.
Andres Riancho
2015-02-26 10:47:13 UTC
Permalink
Sergey,
Post by Sergey
Hi, Andres and everybody.
Right now I see that we have working CI builds of w3af Docker images.
We do! I've been working on the docker images last week and you can
see the latest in the develop branch :)
Post by Sergey
I'd like to know if anybody has some setup for building of w3af debian
packages. For example using virtualenv/dh-virtualenv or fabric/robe or
something like this?
Not that I know of, but you might be interested in this email thread
[0] where we discuss building kali packages in an automated way. The
summary is:
* I would love to have automated builds of .deb
* We could use docker images for testing the created deb packages in
Debian/Kali/etc.
* I've been using circleci.com and would like to continue using that
CI system (free for open source)
* This repository is the closest thing we have to an automated .deb
package [1] build

If you want to help, let me know and we can draft a plan.

[0] http://sourceforge.net/p/w3af/mailman/w3af-develop/thread/CA%2B1Rt66cek7ubXJHYe%2BbYxbUZg1HyvRDH7DViQkbUbvbWCxPLA%40mail.gmail.com/
[1] https://github.com/andresriancho/w3af-kali/
Post by Sergey
Thank you.
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
W3af-develop mailing list
https://lists.sourceforge.net/lists/listinfo/w3af-develop
--
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3
Andres Riancho
2015-02-27 16:09:37 UTC
Permalink
Guys,

Just found a github ticket you might find interesting.
https://github.com/andresriancho/w3af/issues/3351
Hi Andres,
I just started building the packages with virtualenv on a local vm.
Post by Andres Riancho
Sergey,
Post by Sergey
Hi, Andres and everybody.
Right now I see that we have working CI builds of w3af Docker images.
We do! I've been working on the docker images last week and you can
see the latest in the develop branch :)
Post by Sergey
I'd like to know if anybody has some setup for building of w3af debian
packages. For example using virtualenv/dh-virtualenv or fabric/robe or
something like this?
Not that I know of, but you might be interested in this email thread
[0] where we discuss building kali packages in an automated way. The
* I would love to have automated builds of .deb
* We could use docker images for testing the created deb packages in
Debian/Kali/etc.
* I've been using circleci.com and would like to continue using that
CI system (free for open source)
* This repository is the closest thing we have to an automated .deb
package [1] build
If you want to help, let me know and we can draft a plan.
[0]
http://sourceforge.net/p/w3af/mailman/w3af-develop/thread/CA%2B1Rt66cek7ubXJHYe%2BbYxbUZg1HyvRDH7DViQkbUbvbWCxPLA%40mail.gmail.com/
[1] https://github.com/andresriancho/w3af-kali/
I haven't worked with circleci before, but I would be willing to go along
with Sergey in this if he wants to. If he wanted to tackle the circleci
alone, I could just share what I learn from the virtualenv build process.
Post by Andres Riancho
Post by Sergey
Thank you.
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
W3af-develop mailing list
https://lists.sourceforge.net/lists/listinfo/w3af-develop
--
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
GPG: 0x93C344F3
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
W3af-develop mailing list
https://lists.sourceforge.net/lists/listinfo/w3af-develop
--
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3
Sergey
2015-03-02 12:42:45 UTC
Permalink
Thank you, Andres.

I'm not sure that w3af-kali fits my needs but it's definitely worth to
look at it.

As for the ticket, how much it would take to resolve it? What are the
main problems?

And btw how are dependencies' for w3af resolved in kali? Looks like
package may become broken by some unanticipated update of w3af requirements.
Post by Andres Riancho
Guys,
Just found a github ticket you might find interesting.
https://github.com/andresriancho/w3af/issues/3351
Hi Andres,
I just started building the packages with virtualenv on a local vm.
Post by Andres Riancho
Sergey,
Post by Sergey
Hi, Andres and everybody.
Right now I see that we have working CI builds of w3af Docker images.
We do! I've been working on the docker images last week and you can
see the latest in the develop branch :)
Post by Sergey
I'd like to know if anybody has some setup for building of w3af debian
packages. For example using virtualenv/dh-virtualenv or fabric/robe or
something like this?
Not that I know of, but you might be interested in this email thread
[0] where we discuss building kali packages in an automated way. The
* I would love to have automated builds of .deb
* We could use docker images for testing the created deb packages in
Debian/Kali/etc.
* I've been using circleci.com and would like to continue using that
CI system (free for open source)
* This repository is the closest thing we have to an automated .deb
package [1] build
If you want to help, let me know and we can draft a plan.
[0]
http://sourceforge.net/p/w3af/mailman/w3af-develop/thread/CA%2B1Rt66cek7ubXJHYe%2BbYxbUZg1HyvRDH7DViQkbUbvbWCxPLA%40mail.gmail.com/
[1] https://github.com/andresriancho/w3af-kali/
I haven't worked with circleci before, but I would be willing to go along
with Sergey in this if he wants to. If he wanted to tackle the circleci
alone, I could just share what I learn from the virtualenv build process.
Post by Andres Riancho
Post by Sergey
Thank you.
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
W3af-develop mailing list
https://lists.sourceforge.net/lists/listinfo/w3af-develop
--
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
GPG: 0x93C344F3
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
W3af-develop mailing list
https://lists.sourceforge.net/lists/listinfo/w3af-develop
Andres Riancho
2015-03-02 16:11:00 UTC
Permalink
Sergey,
Post by Sergey
Thank you, Andres.
I'm not sure that w3af-kali fits my needs but it's definitely worth to look
at it.
Well, Kali uses Debian's packaging system to the work that's done for
Kali can be re-used in Debian. The bad thing about Debian is that it
has very strict policies on what get's into their repositories, which
makes it a lengthy process (it took Luciano Bello and I almost 8
months to get w3af in the first time). Kali devs makes it
easier/faster :)
Post by Sergey
As for the ticket, how much it would take to resolve it?
If you're a packaging master, it might take you around 8 and 12h.
Post by Sergey
What are the main problems?
I believe there are no known issues/limitations/problems at sight,
just reviewed the ticket and it seems all straight forward. The main
thing here is to build all the scripts that circleci.com will use
during the build process and make sure that they:

* Work
* Give us good log messages to debug any issues
* Are stable (10 consecutive builds all PASS)
Post by Sergey
And btw how are dependencies' for w3af resolved in kali? Looks like package
may become broken by some unanticipated update of w3af requirements.
Yep, that's something that will happen and there is no automated fix.
When that happens the w3af-kali build must break and we need to:

a) Add the (existing in Kali) dependency to debian/control Depends
b) Contact the Kali devs for them to add the required dependencies
(if they are not in Kali), and then goto a)

See https://github.com/andresriancho/w3af-kali#package-dependencies

I believe the first steps would be for you to clone the w3af-kali
repository, sign up for circleci (free), hook w3af-kali and circleci,
and then start to play around with the build scripts that will
ultimately create and test the .deb file.
Post by Sergey
Post by Andres Riancho
Guys,
Just found a github ticket you might find interesting.
https://github.com/andresriancho/w3af/issues/3351
Hi Andres,
I just started building the packages with virtualenv on a local vm.
Post by Andres Riancho
Sergey,
Post by Sergey
Hi, Andres and everybody.
Right now I see that we have working CI builds of w3af Docker images.
We do! I've been working on the docker images last week and you can
see the latest in the develop branch :)
Post by Sergey
I'd like to know if anybody has some setup for building of w3af debian
packages. For example using virtualenv/dh-virtualenv or fabric/robe or
something like this?
Not that I know of, but you might be interested in this email thread
[0] where we discuss building kali packages in an automated way. The
* I would love to have automated builds of .deb
* We could use docker images for testing the created deb packages in
Debian/Kali/etc.
* I've been using circleci.com and would like to continue using that
CI system (free for open source)
* This repository is the closest thing we have to an automated .deb
package [1] build
If you want to help, let me know and we can draft a plan.
[0]
http://sourceforge.net/p/w3af/mailman/w3af-develop/thread/CA%2B1Rt66cek7ubXJHYe%2BbYxbUZg1HyvRDH7DViQkbUbvbWCxPLA%40mail.gmail.com/
[1] https://github.com/andresriancho/w3af-kali/
I haven't worked with circleci before, but I would be willing to go along
with Sergey in this if he wants to. If he wanted to tackle the circleci
alone, I could just share what I learn from the virtualenv build process.
Post by Andres Riancho
Post by Sergey
Thank you.
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
W3af-develop mailing list
https://lists.sourceforge.net/lists/listinfo/w3af-develop
--
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
GPG: 0x93C344F3
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub
for
all
things parallel software development, from weekly thought leadership
blogs
to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
W3af-develop mailing list
https://lists.sourceforge.net/lists/listinfo/w3af-develop
--
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3
Andres Riancho
2015-03-03 19:41:16 UTC
Permalink
I spent the last 15 working hours on trying to build a new .deb
package for Kali + automate some of the testing that's required after
building a package. More information about it here:

https://github.com/andresriancho/w3af-kali#testing-the-deb-files

This was done in an effort to release 1.6.46 in Kali and, while it's
related, is not focused on automating the whole process (which needs
to be done at https://github.com/andresriancho/w3af/issues/3351)
Post by Andres Riancho
Sergey,
Post by Sergey
Thank you, Andres.
I'm not sure that w3af-kali fits my needs but it's definitely worth to look
at it.
Well, Kali uses Debian's packaging system to the work that's done for
Kali can be re-used in Debian. The bad thing about Debian is that it
has very strict policies on what get's into their repositories, which
makes it a lengthy process (it took Luciano Bello and I almost 8
months to get w3af in the first time). Kali devs makes it
easier/faster :)
Post by Sergey
As for the ticket, how much it would take to resolve it?
If you're a packaging master, it might take you around 8 and 12h.
Post by Sergey
What are the main problems?
I believe there are no known issues/limitations/problems at sight,
just reviewed the ticket and it seems all straight forward. The main
thing here is to build all the scripts that circleci.com will use
* Work
* Give us good log messages to debug any issues
* Are stable (10 consecutive builds all PASS)
Post by Sergey
And btw how are dependencies' for w3af resolved in kali? Looks like package
may become broken by some unanticipated update of w3af requirements.
Yep, that's something that will happen and there is no automated fix.
a) Add the (existing in Kali) dependency to debian/control Depends
b) Contact the Kali devs for them to add the required dependencies
(if they are not in Kali), and then goto a)
See https://github.com/andresriancho/w3af-kali#package-dependencies
I believe the first steps would be for you to clone the w3af-kali
repository, sign up for circleci (free), hook w3af-kali and circleci,
and then start to play around with the build scripts that will
ultimately create and test the .deb file.
Post by Sergey
Post by Andres Riancho
Guys,
Just found a github ticket you might find interesting.
https://github.com/andresriancho/w3af/issues/3351
Hi Andres,
I just started building the packages with virtualenv on a local vm.
Post by Andres Riancho
Sergey,
Post by Sergey
Hi, Andres and everybody.
Right now I see that we have working CI builds of w3af Docker images.
We do! I've been working on the docker images last week and you can
see the latest in the develop branch :)
Post by Sergey
I'd like to know if anybody has some setup for building of w3af debian
packages. For example using virtualenv/dh-virtualenv or fabric/robe or
something like this?
Not that I know of, but you might be interested in this email thread
[0] where we discuss building kali packages in an automated way. The
* I would love to have automated builds of .deb
* We could use docker images for testing the created deb packages in
Debian/Kali/etc.
* I've been using circleci.com and would like to continue using that
CI system (free for open source)
* This repository is the closest thing we have to an automated .deb
package [1] build
If you want to help, let me know and we can draft a plan.
[0]
http://sourceforge.net/p/w3af/mailman/w3af-develop/thread/CA%2B1Rt66cek7ubXJHYe%2BbYxbUZg1HyvRDH7DViQkbUbvbWCxPLA%40mail.gmail.com/
[1] https://github.com/andresriancho/w3af-kali/
I haven't worked with circleci before, but I would be willing to go along
with Sergey in this if he wants to. If he wanted to tackle the circleci
alone, I could just share what I learn from the virtualenv build process.
Post by Andres Riancho
Post by Sergey
Thank you.
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
W3af-develop mailing list
https://lists.sourceforge.net/lists/listinfo/w3af-develop
--
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
GPG: 0x93C344F3
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub
for
all
things parallel software development, from weekly thought leadership
blogs
to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
W3af-develop mailing list
https://lists.sourceforge.net/lists/listinfo/w3af-develop
--
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
GPG: 0x93C344F3
--
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3
Loading...