nixrc/packages/arachni/default.nix

{ stdenv, fetchFromGitHub, makeWrapper, ruby, bundlerEnv, defaultGemConfig, lib, curl, phantomjs2, qtbase }:

# Maintainer notes for updating:
# 1. increment version number in expression and in Gemfile
# ... then from the folder this file is in...
# 2. run $ nix-shell --command "bundler install && bundix -d"
# 3. run $ sed -i '/[ ]*dependencies =/d' gemset.nix
# 4. run $ nix-build -A arachni ../
# 5. update sha256sum in expression
# 6. run step 3 again

let
  env = bundlerEnv {
    inherit ruby;
    name = "arachni-bundler-env";
    gemdir = ./.;
    gemConfig = defaultGemConfig // {
      arachni = attrs: {
        # rb-readline-0.5.1 insists on home being a directory
        HOME = "/";
      };
    };
    preBuild = '''';
  };
in stdenv.mkDerivation rec {
  name = "arachni-${version}";
  version = "1.5.1";

  src = fetchFromGitHub {
    owner = "Arachni";
    repo = "arachni";
    rev = "v${version}";
    sha256 = "11fddxxxh3hm91kwdk26k377074dyvv29dlcmcqd81y0jqwm690y";
  };

  buildInputs = [ makeWrapper ];

  #dontPatchelf = true; # stay away from exploit executables
  # FIXME: Remove qtbase PATH entry once upgraded to 17.09

  installPhase = ''
    mkdir -p $out/{bin,share/arachni}

    cp -r * $out/share/arachni/

    (
      cd $out/share/arachni/bin/
      for i in arachni*; do
        makeWrapper ${env}/bin/bundle $out/bin/$i \
          --add-flags "exec ${ruby}/bin/ruby $out/share/arachni/bin/$i" \
          --set ARACHNI_FRAMEWORK_LOGDIR "\$HOME/.arachni/logs"         \
          --prefix "LD_LIBRARY_PATH" ":" "${lib.getLib curl}/lib"       \
          --prefix "PATH" ":" "${lib.makeBinPath [ phantomjs2 qtbase ]}"\
          --run 'mkdir -p ~/.arachni/logs'
      done
    )
  '';

  meta = with stdenv.lib; {
    description = "Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of modern web applications.";
    homepage = http://www.arachni-scanner.com/;
    platforms = platforms.unix; # FIXME?
    license = licenses.nonfree;
  };
}