From 9fdd1c5d593c021d10dfd42218c70247041fe1b7 Mon Sep 17 00:00:00 2001 From: Antoine Brodin Date: Thu, 10 Sep 2015 21:21:48 +0000 Subject: [PATCH] Update rekall to 1.4.1 It was split in 3 modules - security/py-rekall-core : CORE component with command line interface - security/py-rekall_gui : GUI with ipython and web interface - security/py-rekall : "meta" module --- security/Makefile | 4 ++- security/py-rekall-core/Makefile | 34 ++++++++++++++++++ security/py-rekall-core/distinfo | 2 ++ security/py-rekall-core/pkg-descr | 10 ++++++ security/py-rekall/Makefile | 38 +++------------------ security/py-rekall/distinfo | 4 +-- security/py-rekall_gui/Makefile | 30 ++++++++++++++++ security/py-rekall_gui/distinfo | 2 ++ security/py-rekall_gui/files/patch-setup.py | 12 +++++++ security/py-rekall_gui/pkg-descr | 10 ++++++ 10 files changed, 109 insertions(+), 37 deletions(-) create mode 100644 security/py-rekall-core/Makefile create mode 100644 security/py-rekall-core/distinfo create mode 100644 security/py-rekall-core/pkg-descr create mode 100644 security/py-rekall_gui/Makefile create mode 100644 security/py-rekall_gui/distinfo create mode 100644 security/py-rekall_gui/files/patch-setup.py create mode 100644 security/py-rekall_gui/pkg-descr diff --git a/security/Makefile b/security/Makefile index a96ca6503b4a..0821c736590e 100644 --- a/security/Makefile +++ b/security/Makefile @@ -275,8 +275,8 @@ SUBDIR += libassuan SUBDIR += libbeid SUBDIR += libbf - SUBDIR += libcryptui SUBDIR += libbzrtp + SUBDIR += libcryptui SUBDIR += libecc SUBDIR += libfprint SUBDIR += libgcrypt @@ -844,6 +844,8 @@ SUBDIR += py-pysha3 SUBDIR += py-python-registry SUBDIR += py-rekall + SUBDIR += py-rekall-core + SUBDIR += py-rekall_gui SUBDIR += py-requests-kerberos SUBDIR += py-rsa SUBDIR += py-service_identity diff --git a/security/py-rekall-core/Makefile b/security/py-rekall-core/Makefile new file mode 100644 index 000000000000..9f876d7808e9 --- /dev/null +++ b/security/py-rekall-core/Makefile @@ -0,0 +1,34 @@ +# Created by: antoine@FreeBSD.org +# $FreeBSD$ + +PORTNAME= rekall-core +PORTVERSION= 1.4.1 +CATEGORIES= security python +MASTER_SITES= CHEESESHOP +PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} + +MAINTAINER= antoine@FreeBSD.org +COMMENT= CORE component of the Rekall framework + +LICENSE= GPLv2 + +RUN_DEPENDS= cabextract:${PORTSDIR}/archivers/cabextract \ + ${PYTHON_PKGNAMEPREFIX}acora>=1.8:${PORTSDIR}/textproc/py-acora \ + ${PYTHON_PKGNAMEPREFIX}PyAFF4>=0.17:${PORTSDIR}/security/py-pyaff4 \ + ${PYTHON_PKGNAMEPREFIX}capstone>=0:${PORTSDIR}/devel/py-capstone \ + ${PYTHON_PKGNAMEPREFIX}distorm>=0:${PORTSDIR}/devel/py-distorm \ + ${PYTHON_PKGNAMEPREFIX}efilter>=1438631774:${PORTSDIR}/devel/py-efilter \ + ${PYTHON_PKGNAMEPREFIX}intervaltree>=2.0.4:${PORTSDIR}/devel/py-intervaltree \ + ${PYTHON_PKGNAMEPREFIX}pycrypto>=2.3.1:${PORTSDIR}/security/py-pycrypto \ + ${PYTHON_PKGNAMEPREFIX}pyelftools>=0.22:${PORTSDIR}/devel/py-pyelftools \ + ${PYTHON_PKGNAMEPREFIX}pytz>=2012:${PORTSDIR}/devel/py-pytz \ + ${PYTHON_PKGNAMEPREFIX}yaml>=2.10:${PORTSDIR}/devel/py-yaml \ + ${PYTHON_PKGNAMEPREFIX}yara>=0:${PORTSDIR}/security/py-yara + +USES= python:2 +USE_PYTHON= distutils autoplist + +post-patch: + @${REINPLACE_CMD} '/argparse/d' ${WRKSRC}/setup.py + +.include diff --git a/security/py-rekall-core/distinfo b/security/py-rekall-core/distinfo new file mode 100644 index 000000000000..a7dc97aafe24 --- /dev/null +++ b/security/py-rekall-core/distinfo @@ -0,0 +1,2 @@ +SHA256 (rekall-core-1.4.1.tar.gz) = 2708479ab985577ce23fabf1cc7f634cf64051e9c9b2abce47e40839ef31637f +SIZE (rekall-core-1.4.1.tar.gz) = 723180 diff --git a/security/py-rekall-core/pkg-descr b/security/py-rekall-core/pkg-descr new file mode 100644 index 000000000000..8944d2dc81df --- /dev/null +++ b/security/py-rekall-core/pkg-descr @@ -0,0 +1,10 @@ +The Rekall Framework is a completely open collection of tools, implemented in +Python under the GNU General Public License, for the extraction of digital +artifacts from volatile memory (RAM) samples. The extraction techniques are +performed completely independent of the system being investigated but offer +visibility into the runtime state of the system. The framework is intended to +introduce people to the techniques and complexities associated with extracting +digital artifacts from volatile memory samples and provide a platform for +further work into this exciting area of research. + +WWW: http://www.rekall-forensic.com/ diff --git a/security/py-rekall/Makefile b/security/py-rekall/Makefile index 336308a57175..4cdab81cbd9b 100644 --- a/security/py-rekall/Makefile +++ b/security/py-rekall/Makefile @@ -2,8 +2,7 @@ # $FreeBSD$ PORTNAME= rekall -PORTVERSION= 1.3.2 -PORTREVISION= 1 +PORTVERSION= 1.4.1 CATEGORIES= security python MASTER_SITES= CHEESESHOP PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} @@ -12,40 +11,11 @@ MAINTAINER= antoine@FreeBSD.org COMMENT= Memory forensics analysis framework LICENSE= GPLv2 -LICENSE_FILE= ${WRKSRC}/LICENSE.txt -RUN_DEPENDS= cabextract:${PORTSDIR}/archivers/cabextract \ - ${PYTHON_PKGNAMEPREFIX}acora>=1.8:${PORTSDIR}/textproc/py-acora \ - ${PYTHON_PKGNAMEPREFIX}PyAFF4>=0.12:${PORTSDIR}/security/py-pyaff4 \ - ${PYTHON_PKGNAMEPREFIX}capstone>=0:${PORTSDIR}/devel/py-capstone \ - ${PYTHON_PKGNAMEPREFIX}codegen>=1.0:${PORTSDIR}/devel/py-codegen \ - ${PYTHON_PKGNAMEPREFIX}distorm>=0:${PORTSDIR}/devel/py-distorm \ - ${PYTHON_PKGNAMEPREFIX}Flask>=0.10.1:${PORTSDIR}/www/py-flask \ - ${PYTHON_PKGNAMEPREFIX}Flask-Sockets>=0:${PORTSDIR}/www/py-flask-sockets \ - ${PYTHON_PKGNAMEPREFIX}gevent>=1.0.1:${PORTSDIR}/devel/py-gevent \ - ${PYTHON_PKGNAMEPREFIX}gevent-websocket>=0.9.3:${PORTSDIR}/www/py-gevent-websocket \ - ${PYTHON_PKGNAMEPREFIX}intervaltree>=2.0.4:${PORTSDIR}/devel/py-intervaltree \ - ${PYTHON_PKGNAMEPREFIX}ipython>=2.0.0:${PORTSDIR}/devel/ipython \ - ${PYTHON_PKGNAMEPREFIX}pycrypto>=2.3.1:${PORTSDIR}/security/py-pycrypto \ - ${PYTHON_PKGNAMEPREFIX}pyelftools>=0.22:${PORTSDIR}/devel/py-pyelftools \ - ${PYTHON_PKGNAMEPREFIX}pytz>=2012:${PORTSDIR}/devel/py-pytz \ - ${PYTHON_PKGNAMEPREFIX}yaml>=2.10:${PORTSDIR}/devel/py-yaml \ - ${PYTHON_PKGNAMEPREFIX}yara>=0:${PORTSDIR}/security/py-yara +RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}rekall-core>=1.4.0:${PORTSDIR}/security/py-rekall-core \ + ${PYTHON_PKGNAMEPREFIX}rekall_gui>=1.4.0:${PORTSDIR}/security/py-rekall_gui -USES= python:2 shebangfix -SHEBANG_FILES= manuskript/static/bower_components/bootstrap/test-infra/uncached-npm-install.sh +USES= python:2 USE_PYTHON= distutils autoplist -PORTDOCS= CREDITS.txt LEGAL.txt README.md - -OPTIONS_DEFINE= DOCS - -post-patch: - @${CHMOD} -R a+rX ${WRKSRC} - @${REINPLACE_CMD} '/argparse/d ; /ipython/s/3.0.0/2.0.0/' ${WRKSRC}/setup.py - -post-install: - @${MKDIR} ${STAGEDIR}${DOCSDIR} - ${INSTALL_DATA} ${PORTDOCS:S,^,${WRKSRC}/,} ${STAGEDIR}${DOCSDIR} - .include diff --git a/security/py-rekall/distinfo b/security/py-rekall/distinfo index acfb6663b8e5..9d6801b1ae1e 100644 --- a/security/py-rekall/distinfo +++ b/security/py-rekall/distinfo @@ -1,2 +1,2 @@ -SHA256 (rekall-1.3.2.tar.gz) = bc4f4d04a863e2b7aa21fbdbf8dcb7e23c2eb8cea526528321f4b9c6ff2b5b07 -SIZE (rekall-1.3.2.tar.gz) = 4145091 +SHA256 (rekall-1.4.1.tar.gz) = e06612eff622d7336b7046ab7663624c0317fa72eb8c7883ed2651d5d8be084f +SIZE (rekall-1.4.1.tar.gz) = 242194 diff --git a/security/py-rekall_gui/Makefile b/security/py-rekall_gui/Makefile new file mode 100644 index 000000000000..387edd19a90f --- /dev/null +++ b/security/py-rekall_gui/Makefile @@ -0,0 +1,30 @@ +# Created by: antoine@FreeBSD.org +# $FreeBSD$ + +PORTNAME= rekall_gui +PORTVERSION= 1.4.1 +CATEGORIES= security python +MASTER_SITES= CHEESESHOP +PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} + +MAINTAINER= antoine@FreeBSD.org +COMMENT= GUI component of the Rekall framework + +LICENSE= GPLv2 + +RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}codegen>=1.0:${PORTSDIR}/devel/py-codegen \ + ${PYTHON_PKGNAMEPREFIX}Flask>=0.10.1:${PORTSDIR}/www/py-flask \ + ${PYTHON_PKGNAMEPREFIX}Flask-Sockets>=0:${PORTSDIR}/www/py-flask-sockets \ + ${PYTHON_PKGNAMEPREFIX}gevent>=1.0.2:${PORTSDIR}/devel/py-gevent \ + ${PYTHON_PKGNAMEPREFIX}gevent-websocket>=0.9.3:${PORTSDIR}/www/py-gevent-websocket \ + ${PYTHON_PKGNAMEPREFIX}ipython>=3.0.0:${PORTSDIR}/devel/ipython \ + ${PYTHON_PKGNAMEPREFIX}rekall-core>=1.4.0:${PORTSDIR}/security/py-rekall-core + +USES= python:2 +USE_PYTHON= distutils autoplist + +.include + +PYDISTUTILS_INSTALLARGS+=--install-data ${PYTHONPREFIX_SITELIBDIR} + +.include diff --git a/security/py-rekall_gui/distinfo b/security/py-rekall_gui/distinfo new file mode 100644 index 000000000000..5818695e911e --- /dev/null +++ b/security/py-rekall_gui/distinfo @@ -0,0 +1,2 @@ +SHA256 (rekall_gui-1.4.1.tar.gz) = ab8602ab6073327c6fcf96faf662771ebc8d324689f72ad61a81f2fe563631c5 +SIZE (rekall_gui-1.4.1.tar.gz) = 2012182 diff --git a/security/py-rekall_gui/files/patch-setup.py b/security/py-rekall_gui/files/patch-setup.py new file mode 100644 index 000000000000..5243e2e5f142 --- /dev/null +++ b/security/py-rekall_gui/files/patch-setup.py @@ -0,0 +1,12 @@ +--- setup.py.orig 2015-09-10 14:25:33 UTC ++++ setup.py +@@ -38,7 +38,8 @@ def find_data_files_directory(source): + result = [] + for directory, _, files in os.walk(source): + files = [os.path.join(directory, x) for x in files] +- result.append((directory, files)) ++ if files: ++ result.append((directory, files)) + + return result + diff --git a/security/py-rekall_gui/pkg-descr b/security/py-rekall_gui/pkg-descr new file mode 100644 index 000000000000..8944d2dc81df --- /dev/null +++ b/security/py-rekall_gui/pkg-descr @@ -0,0 +1,10 @@ +The Rekall Framework is a completely open collection of tools, implemented in +Python under the GNU General Public License, for the extraction of digital +artifacts from volatile memory (RAM) samples. The extraction techniques are +performed completely independent of the system being investigated but offer +visibility into the runtime state of the system. The framework is intended to +introduce people to the techniques and complexities associated with extracting +digital artifacts from volatile memory samples and provide a platform for +further work into this exciting area of research. + +WWW: http://www.rekall-forensic.com/