Hayabusa: package request - building error

D3vil0p3r · July 11, 2025, 1:31pm

I am trying to create a Nix package for https://github.com/Yamato-Security/hayabusa , a tool used for threat hunting.

I can build it locally from source but I am struggling on create a Nix package. The nix derivative I created until now is:

{ lib
, rustPlatform
, fetchFromGitHub
, pkg-config
, openssl
, perl
, bash
, musl
}:

rustPlatform.buildRustPackage {
  pname = "hayabusa";
  version = "0-unstable-2025-07-04";

  src = fetchFromGitHub {
    owner = "Yamato-Security";
    repo = "hayabusa";
    rev = "e2c23b6ad1b09fe238a9c2fc78ca8479f4f427ae";
    hash = "sha256-zVfvHr/nk6P1J0pX6vKDmVcWwC5QY+7AB1vkp3y3X4w=";
  };

  cargoHash = "sha256-wcH1Ron5Zx2ypWyaW0z7L9rCanAcosvpPQnP60qbvWQ=";

  nativeBuildInputs = [
    pkg-config
    perl
    bash
    musl
  ];

  buildInputs = [
    openssl
  ];
  
  env = {
    MAKEFLAGS = "SHELL=${bash}/bin/bash";
    OPENSSL_NO_VENDOR = "1";
    OPENSSL_DIR = openssl;
    OPENSSL_LIB_DIR = "${openssl.out}/lib";
    OPENSSL_INCLUDE_DIR = "${openssl.dev}/include";
  };

  meta = {
    description = "Sigma-based threat hunting and fast forensics timeline generator for Windows event logs";
    homepage = "https://github.com/Yamato-Security/hayabusa";
    license = lib.licenses.agpl3Plus;
    maintainers = with lib.maintainers; [ d3vil0p3r ];
    mainProgram = "hayabusa";
    platforms = lib.platforms.linux;
  };
}

and I build it by running:

nix-build -E 'with import <nixpkgs> {}; pkgs.pkgsCross.musl64.callPackage ./package.nix {}'

but I get errors like:

...
  src/ctl.c:4404:31: error: expected '=', ',', ';', 'asm' or '__attribute__' before '*' token
   4404 | static const ctl_named_node_t *
        |                               ^
  include/jemalloc/internal/malloc_io.h:57:8: error: old-style parameter declarations in prototyped function definition
     57 | size_t malloc_snprintf(char *str, size_t size, const char *format, ...)
        |        ^~~~~~~~~~~~~~~
  src/ctl.c:4415: error: expected '{' at end of input
  src/ctl.c:4415: warning: control reaches end of non-void function [-Wreturn-type]
  make: *** [Makefile:479: src/ctl.sym.o] Error 1

  thread 'main' panicked at /build/hayabusa-0-unstable-2025-07-04-vendor/jemalloc-sys-0.5.4+5.3.0-patched/build.rs:351:9:
  command did not execute successfully: cd "/build/source/target/x86_64-unknown-linux-musl/release/build/jemalloc-sys-5750750f14054230/out/build" && "make" "-j" "12"
  expected success, got: exit status: 2
  note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
warning: build failed, waiting for other jobs to finish...
error: Cannot build '/nix/store/dlvzbhcfclprd5jlkjg1ngyqwnkmc713-hayabusa-x86_64-unknown-linux-musl-0-unstable-2025-07-04.drv'.
       Reason: builder failed with exit code 101.
       Output paths:
         /nix/store/pwmblpdjw2xvxksvklxchg6yadmrj17y-hayabusa-x86_64-unknown-linux-musl-0-unstable-2025-07-04
       Last 25 log lines:
       >         |                             ^~~~~
       >   src/ctl.c:4340:31: error: expected '=', ',', ';', 'asm' or '__attribute__' before '*' token
       >    4340 | static const ctl_named_node_t *
       >         |                               ^
       >   src/ctl.c:4353:32: error: expected declaration specifiers or '...' before 'tsd_t'
       >    4353 | prof_stats_lextents_i_live_ctl(tsd_t *tsd, const size_t *mib, size_t miblen,
       >         |                                ^~~~~
       >   src/ctl.c:4379:33: error: expected declaration specifiers or '...' before 'tsd_t'
       >    4379 | prof_stats_lextents_i_accum_ctl(tsd_t *tsd, const size_t *mib, size_t miblen,
       >         |                                 ^~~~~
       >   src/ctl.c:4404:31: error: expected '=', ',', ';', 'asm' or '__attribute__' before '*' token
       >    4404 | static const ctl_named_node_t *
       >         |                               ^
       >   include/jemalloc/internal/malloc_io.h:57:8: error: old-style parameter declarations in prototyped function definition
       >      57 | size_t malloc_snprintf(char *str, size_t size, const char *format, ...)
       >         |        ^~~~~~~~~~~~~~~
       >   src/ctl.c:4415: error: expected '{' at end of input
       >   src/ctl.c:4415: warning: control reaches end of non-void function [-Wreturn-type]
       >   make: *** [Makefile:479: src/ctl.sym.o] Error 1
       >
       >   thread 'main' panicked at /build/hayabusa-0-unstable-2025-07-04-vendor/jemalloc-sys-0.5.4+5.3.0-patched/build.rs:351:9:
       >   command did not execute successfully: cd "/build/source/target/x86_64-unknown-linux-musl/release/build/jemalloc-sys-5750750f14054230/out/build" && "make" "-j" "12"
       >   expected success, got: exit status: 2
       >   note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
       > warning: build failed, waiting for other jobs to finish...
       For full logs, run:
         nix log /nix/store/dlvzbhcfclprd5jlkjg1ngyqwnkmc713-hayabusa-x86_64-unknown-linux-musl-0-unstable-2025-07-04.drv

Can you give me some help to make it working correctly please?

jjramsey · July 11, 2025, 5:34pm

It’s hard to tell based on just what you showed. While I gather that posting the full list of error messages directly in your post isn’t a good idea, you may want to use a Pastebin service here to make the full error message list available: https://github.com/lorien/awesome-pastebins

I noticed “error: expected '{' at end of input” in your error messages, which looks like a syntax error. Since you mentioned that you were able to compile the source locally, I would guess that some macro isn’t set to what it’s supposed to be when you build the package, causing the rest of the C file to be read wrong. That’s only a guess, though.

D3vil0p3r · July 12, 2025, 8:54am

Here the logs https://termbin.com/a3gv