Add apt/brew package info for binwalk and {mk,un}squashfs

[ANogin]

• [ X] I have reviewed the OFRAK contributor guide and attest that this pull request is in accordance with it.

One sentence summary of this PR (This should go in the CHANGELOG!)
Add apt/brew package info for binwalk and mksqashfs/unsquashfs

Link to Related Issue(s)
N/A

Please describe the changes in your request.
Added apt/brew package info for binwalk and mksqashfs/unsquashfs - not sure why it was not there already?

Anyone you think should look at this, specifically?
Not sure

[rbs-jacob]

Binwalk apt/brew package info not included because it is assumed binwalk is installed from source, not from either of those package managers.

ofrak/ofrak_core/requirements-non-pypi.txt

Line 2 in 6052e9b

binwalk @ git+https://github.com/ReFirmLabs/[email protected]

If I recall correctly, the apt version of binwalk in the base Docker images we use is insanely out of date, and caused some problems at some point.

But also, in general, having as many of the dependencies as possible installed via pip (rather than using system package managers) is preferable in my opinion. It means that a user who does pip install ofrak gets many of the dependencies, even if they don't do further installation steps using their system package manager. It also means OFRAK is more portable to systems with package managers for which we do not have explicit support.

[ANogin]

@rbs-jacob makes sense. Unfortunately binwalk in PyPI is even more out of date, so we end up having to have the ofrak/ofrak_core/requirements-non-pypi.txt (since PyPI disallows a dependency on a non-PyPI package :( ).

Does apt/brew make sense to include for {mk,un}squashfs? If yes, I will mutate this PR to just that (or should I do a fresh one instead)?; if no, should just close this PR.

[rbs-jacob]

Tough to say about {mk,un}squashfs. We do build a specific version in Docker, I believe because apt ones were too out-of-date to have support for a particular command-line flag we need. But I don't know if that's necessarily a good case for not having the brew/apt package names listed in OFRAK.

ofrak/ofrak_core/Dockerstub

Lines 50 to 60 in 6052e9b

	# Install the correct version of squashfs-tools. We specifically need the
	# "-no-exit" argument, which is only available in version 4.5+
	RUN cd /tmp && \
	git clone https://github.com/plougher/squashfs-tools.git && \
	cd squashfs-tools/squashfs-tools && \
	git checkout 4.5.1 && \
	sed -i 's/^#\(XZ\|LZO\|LZ4\|ZSTD\)_SUPPORT/\1_SUPPORT/g' Makefile && \
	make -j && \
	make install && \
	cd /tmp && \
	rm -r squashfs-tools

I defer to @whyitfor and/or @EdwardLarson on this one.

[ANogin]

Actually, brew does install a recent binwalk (2.3.3) and squashfstools v4.6.1 (newer than what we do), so probably should be included.

For apt:

• Ubuntu 20.04 installs binwalk 2.2.0+dfsg1 and squashfs-tools 4.4
• Ubuntu 22.04 installs binwalk 2.3.3+dfsg1 and squashfs-tools 4.5

so perhaps good enough at least in some cases?

P.S. Broader longer-term question - should ofrak deps be capable of checking and then reporting to the user when a dependency is present, but is too old to be usable? At least for some of these, where the OS is likely to come with ones that are too old?

[rbs-jacob]

In the case of unsquashfs, the ofrak deps command will check that a new enough version is used.

ofrak/ofrak_core/ofrak/core/squashfs.py

Lines 25 to 48 in 5c1cd3b

	class _UnsquashfsV45Tool(ComponentExternalTool):
	def __init__(self):
	super().__init__("unsquashfs", "https://github.com/plougher/squashfs-tools", "")
	async def is_tool_installed(self) -> bool:
	try:
	cmd = ["unsquashfs", "-help"]
	proc = await asyncio.create_subprocess_exec(
	*cmd,
	stdout=asyncio.subprocess.PIPE,
	stderr=asyncio.subprocess.DEVNULL,
	)
	stdout, stderr = await proc.communicate()
	except FileNotFoundError:
	return False
	if 0 != proc.returncode:
	return False
	if b"-no-exit" not in stdout:
	# Version 4.5+ has the required -no-exit option
	return False
	return True

[whyitfor]

My understanding from before was that these packages (at least the brew one) were known to be {inaccurate, non-working, or unmaintained}. @rbs-jacob, does this sound familiar?

[whyitfor]

Also, see #482.

Have you validated that the apt and brew packages are the same as what is installed from source?

[ANogin]

@whyitfor have not rechecked just now, but:

• Per Add apt/brew package info for binwalk and {mk,un}squashfs #418 (comment), the brew one is newer than the one from source

[ANogin]

• And per the same comment, apt one is recent enough for at least Ubuntu 22.04

[whyitfor]

Similar situation here. In the ofrak Docker image, we build squashfs-tools from a specific tag: https://github.com/redballoonsecurity/ofrak/blob/master/ofrak_core/Dockerstub#L50.

Are the apt and brew packages the same version, and built from the github repo?

I think the general thinking here is:

• If an apt, brew package exist, and are generally known to work (and match what is in the Docker), we list them here. So it would be helpful if you validated this.
• If those packages have known deficiencies, or if they don't match what is in the Docker image, we don't list them; here the goal is the link provided will give the user enough information to decide how to fulfill this dependency.

[ANogin]

@whyitfor not rechecked just now, but per #418 (comment) :

• The brew one is new enough
• Apt one is recent enough for at least Ubuntu 22.04