Hi pabs > On Jun 23, 2021, at 8:52 PM, Paul Wise <p...@debian.org> wrote: > > On Wed, 2021-06-23 at 18:32 +0800, Tian Qiao wrote: > >> On Jun 23, 2021, at 1:06 AM, Tobias Frost wrote: >> >>> shellcodes/data/linux/*bin >>> - Are they rebuilt during package build? >> >> these are similar to static resources, which help users quickly build >> shellcode when writing exploit script. >> So won’t rebuild during package build. > > How were these files created? It looks like they are generated from the > assembly files in the src/ subdirectory. All generated files should be > built from source at build time, and preferably removed from the > upstream source repository and tarballs, or the Debian tarball. > > -- > bye, > pabs > > https://wiki.debian.org/PaulWise
If these files do not exist, they will be generated at runtime, and the corresponding code is at: https://github.com/knownsec/pocsuite3/blob/master/pocsuite3/shellcodes/generator.py One problem is that some tools are used to generate machine code through assembly code, such as nasm, objdump. If these tools do not exist on the users system, it is necessary to use pre-generated ones. Although these tools are provided in the upstream source code, but there will be copyright conflicts and lintian warnings will be triggered. So I've ask upstream to provide source-only tarballs, While available at: https://github.com/knownsec/pocsuite3/releases <https://github.com/knownsec/pocsuite3/releases> So, I think it's necessary to keep them. Thanks for attention and advice! Regards, — Tian