Andres, When I talked about packaging problem I meant problems with supported versions of e.g. python libs for current popular distros. Consider we have e.g. some Debian/Ubuntu distro and want to package/install w3af from official repo. w3af from feature/package branch requires lxml version exactly 2.3.2, but supported and packaged version of lxml for Ubuntu 13.10 is 3.2.0!
$ apt-cache show python-lxml Package: python-lxml Priority: optional Section: python Installed-Size: 2390 Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com> Original-Maintainer: Matthias Klose <d...@debian.org> Architecture: amd64 Source: lxml Version: 3.2.0-1 Because of that you can't simply make and provide w3af thought official repo. No one package maintainer will support several packaged minor versions of single lib.And for the end user there is only one way to install and use w3af. It is virtualenv + git clone :( > > 1. It makes impossible to package&install w3af, e.g. into deb package, > > doesn't it? > > That's a good question, I'm not packaging expert but I suppose there > is a solution? Also I suppose that this was an issue in the past, > without the specific version requirement? Lets follow this timeline: > * (assume) w3af is packaged in debian. Requires extra package > python-pdfminer-v1. No check for specific version of any pip package. > * foo is another debian package. Requires extra package > python-pdfminer-v2 * User installs w3af: apt-get install w3af > * Run w3af, it works > * User installs foo: apt-get install foo > - Command will warn that it will break the w3af install? (not > sure, not a packaging expert) > - Command will succeed and replace python-pdfminer-v1 with > python-pdfminer-v2 > * Run foo, it works > * Run w3af, it fails because now python-pdfminer-v2, which changes > the API is installed > > > 2. If w3af requires 3rd party A version 1 and another application on the > > system also requires 3rd party A but version 1.1, how it will be solved by > > the user? > > First, lets understand that this was an issue in the past too, right? > > You can always use virtualenv: > $ virtualenv w3af-venv > $ . w3af-venv/bin/activate > (w3af-venv)$ cd w3af-repo > (w3af-venv)/w3af-repo$ ./w3af_console > (w3af-venv)/w3af-repo$ pip install ... > > All the packages are installed inside the w3af-venv directory, and > while your prompt says "w3af-venv" you're using that specific python > > Regards, > > > В письме от 29 января 2014 19:03:23 пользователь Andres Riancho написал: > >> Taras, > >> > >> Added that because it is the best thing to do. Search the mailing > >> > >> list for the issue we had with pdfminer, what happen there was: > >> * w3af had a requirement for pdfminer, any version > >> * w3af worked without issues with version 1 of that library > >> * The pdfminer developers released version 2 of that library > >> * People trying to install w3af, and because the requirement > >> > >> didn't had any specific version installed pdfminer like "pip install > >> pdfminer" > >> > >> * w3af stopped working because pdfminer changed its API, and > >> > >> one of the functions we were calling wasn't there anymore > >> > >> * Fix> Add specific version matching for pip packages > >> > >> On Wed, Jan 29, 2014 at 5:46 PM, Taras <ox...@oxdef.info> wrote: > >> > I was wrong...I have working **master** branch :( > >> > > >> > Andres, why did you add requirement for **exact** match of versions in > >> > 'feature/module' branch? > >> > > >> > $ grep -B5 'version matches' > >> > w3af/core/controllers/dependency_check/dependency_check.py > >> > > >> > for w3af_req in pip_packages: > >> > if USE_PIP_MODULE: > >> > dependency_specs = w3af_req.package_name, > >> > w3af_req.package_version > >> > > >> > for dist in pip_distributions: > >> > if (dist.project_name, dist.version) == dependency_specs: > >> > # It's installed and the version matches! > >> > > >> > ... > >> > > >> > В письме от 26 января 2014 14:39:14 пользователь Taras написал: > >> >> Israel, I have working "feature/module" version of w3af on 13.10 > >> >> What problems do you have? > >> >> > >> >> В письме от 22 января 2014 21:53:48 пользователь Andres Riancho написал: > >> >> > Israel, > >> >> > > >> >> > Haven't tried with that specific version, but what's wrong with: > >> >> > git clone g...@github.com:andresriancho/w3af.git > >> >> > cd w3af > >> >> > git checkout feature/module > >> >> > ./w3af_console > >> >> > > >> >> > On Wed, Jan 22, 2014 at 6:00 PM, Israel Duvdavan > >> >> > > >> >> > <israelzero...@gmail.com> wrote: > >> >> > > Hi, does anyone have a working way to install W3af on 13.10? > >> >> > > -- > >> >> > > Israel > >> >> > > > >> >> > > ------------------------------------------------------------------ > >> >> > > --- > >> >> > > --- > >> >> > > -- > >> >> > > ---- CenturyLink Cloud: The Leader in Enterprise Cloud Services. > >> >> > > Learn Why More Businesses Are Choosing CenturyLink Cloud For > >> >> > > Critical Workloads, Development Environments & Everything In > >> >> > > Between. > >> >> > > Get a Quote or Start a Free Trial Today. > >> >> > > http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/o > >> >> > > stg > >> >> > > .cl > >> >> > > kt > >> >> > > rk _______________________________________________ > >> >> > > W3af-develop mailing list > >> >> > > W3af-develop@lists.sourceforge.net > >> >> > > https://lists.sourceforge.net/lists/listinfo/w3af-develop > >> > > >> > -- > >> > Taras > >> > https://www.oxdef.info > > > > -- > > Taras > > https://www.oxdef.info -- Taras https://www.oxdef.info ------------------------------------------------------------------------------ WatchGuard Dimension instantly turns raw network data into actionable security intelligence. It gives you real-time visual feedback on key security issues and trends. Skip the complicated setup - simply import a virtual appliance and go from zero to informed in seconds. http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
