Manual build¶
It is impossible for us to support all flavors of Fedora Core out there, so if you want smooth sailing, we recommend sticking with the supported version or live with the fact that a manual build of the dependencies can be a tedious task.
For ease of maintenance the following instructions use as much rpm package files as possible. Note that the resulting rpm files are not intended for public redistribution.
Alternative installation methods like installing directly from source, using easy_install or pip are not recommended because when not maintained correctly they can mess up your setup more easily than using rpm packages.
First create a build root directory:
mkdir plaso-build/
Next make sure your installation is up to date:
sudo dnf update
Build essentials¶
Make sure the necessary building tools and development packages are installed on the system:
sudo dnf groupinstall "Development Tools"
sudo dnf install gcc-c++ python-devel python-setuptools rpm-build git mercurial
TODO: move to libyal section.
For some of the dependent packages you also require:
sudo dnf install flex byacc zlib-devel bzip2-devel openssl-devel fuse-devel
Python modules¶
The following instructions apply to the following dependencies:
Name | Download URL | Comments | Dependencies — | — | — | — artifacts | https://github.com/ForensicArtifacts/artifacts/releases | | bencode | https://pypi.python.org/pypi/bencode | | binplist | https://github.com/google/binplist/releases | | construct | https://pypi.python.org/pypi/construct#downloads | 2.5.2 or later 2.x version | six dateutil | https://pypi.python.org/pypi/python-dateutil | | dpkt | https://pypi.python.org/pypi/dpkt | | google-apputils | https://pypi.python.org/pypi/google-apputils | | PyParsing | http://sourceforge.net/projects/pyparsing/files/ | 2.0.3 or later 2.x version | python-gflags | https://github.com/google/python-gflags/releases | | pytz | https://pypi.python.org/pypi/pytz | | PyYAML | http://pyyaml.org/wiki/PyYAML | | pyzmq | https://pypi.python.org/pypi/pyzmq | Needs Cython to build | requests | https://github.com/kennethreitz/requests/releases | Make sure to click on: “Show # newer tags” | six | https://pypi.python.org/pypi/six#downloads | | yara-python | https://github.com/VirusTotal/yara-python | |
Some of these Python modules can be directly installed via dnf:
sudo dnf install libyaml pyparsing python-dateutil python-requests python-six PyYAML pytz
construct - Troubleshooting¶
Note the construct package could conflict with Fedora distribute version of construct: python-construct.
DPKT - Troubleshooting¶
ImportError: cannot import name pystone
pystone can be found in python-test
sudo dnf install python-test
Building a RPM¶
Setup.py allows you to easily build a RPM in most cases. This paragraph contains a generic description of building a RPM so we do not have to repeat this for every dependency.
To build a RPM file from package-1.0.0.tar.gz run the following commands from the build root directory.
First extract the package:
tar zxvf package-1.0.0.tar.gz
Next change into the package source directory and have setup.py build a RPM:
cd package-1.0.0\
C:\Python27\python.exe setup.py bdist_rpm
This will create a RPM in the dist sub directory e.g.:
dist/package-1.0.0-1.noarch.rpm
Note that the actual RPM file name can vary per package.
To install the RPM from the command line:
sudo dnf install /package-1.0.0/dist/package-1.0.0-1.noarch.rpm
dfVFS¶
The dfVFS build instructions can be found here. Note that for dfVFS to function correctly several dependencies, like pytsk, mentioned later in a section of this page, are required.
Download the latest source package from: https://github.com/log2timeline/dfvfs/releases
To build rpm files run the following command from the build root directory:
tar xvf dfvfs-20140219.tar.gz
cd dfvfs-20140219/
python setup.py bdist_rpm
cd ..
To install the required rpm files run:
sudo rpm -ivh dfvfs-20140219/dist/dfvfs-20140219-1.noarch.rpm
IPython¶
By default Fedora 20 comes with IPython 0.13.2. Plaso requires version 1.2.1 or later.
TODO: describe
Hachoir¶
Download the latest source package from: https://bitbucket.org/haypo/hachoir/wiki/Install/source
You’ll need:
- hachoir-core-1.3.3.tar.gz
- hachoir-parser-1.3.4.tar.gz
- hachoir-metadata-1.3.3.tar.gz
To build rpm files run the following command from the build root directory:
tar xfv hachoir-core-1.3.3.tar.gz
cd hachoir-core-1.3.3
python setup.py build bdist_rpm
cd ..
To install the required rpm files run:
sudo rpm -ivh hachoir-core-1.3.3/dist/hachoir-core-1.3.3-1.noarch.rpm
To build rpm files run the following command from the build root directory:
tar xfv hachoir-parser-1.3.4.tar.gz
cd hachoir-parser-1.3.4
python setup.py build bdist_rpm
cd ..
To install the required rpm files run:
sudo rpm -ivh hachoir-parser-1.3.4/dist/hachoir-parser-1.3.4-1.noarch.rpm
To build rpm files run the following command from the build root directory:
tar xfv hachoir-metadata-1.3.3.tar.gz
cd hachoir-metadata-1.3.3
python setup.py build bdist_rpm
cd ..
To install the required rpm files run:
sudo rpm -ivh hachoir-metadata-1.3.3/dist/hachoir-metadata-1.3.3-1.noarch.rpm
libyal¶
The following instructions apply to the following dependencies:
Name | Download URL | Comments | Dependencies — | — | — | — libbde | https://github.com/libyal/libbde | | libfuse, libcrypto libesedb | https://github.com/libyal/libesedb | | libevt | https://github.com/libyal/libevt | | libevtx | https://github.com/libyal/libevtx | | libewf | https://github.com/libyal/libewf | | libfuse, libcrypto, zlib libfsntfs | https://github.com/libyal/libfsntfs | | libfvde | https://github.com/libyal/libfvde | | libfuse, libcrypto, zlib libfwsi | https://github.com/libyal/libfwsi | | liblnk | https://github.com/libyal/liblnk | | libmsiecf | https://github.com/libyal/libmsiecf | | libolecf | https://github.com/libyal/libolecf | | libfuse libqcow | https://github.com/libyal/libqcow | | libfuse, zlib libregf | https://github.com/libyal/libregf | | libfuse libscca | https://github.com/libyal/libscca | | libsigscan | https://github.com/libyal/libsigscan | | libsmdev | https://github.com/libyal/libsmdev | | libsmraw | https://github.com/libyal/libsmraw | | libfuse, libcrypto libvhdi | https://github.com/libyal/libvhdi | | libfuse libvmdk | https://github.com/libyal/libvmdk | | libfuse, zlib libvshadow | https://github.com/libyal/libvshadow | | libfuse
Install the following dependencies for building libyal:
sudo dnf install bzip2-devel libfuse-devel openssl-devel zlib-devel
Since the build process for the libyal libraries is very similar, the following paragraph provides building libevt as an example. For more details see the build instructions of the individual projects e.g. https://github.com/libyal/libevt/wiki/Building.
Note that there is also a script to batch build the libyal dependencies more information here: https://github.com/log2timeline/l2tdevtools/wiki/Build-script
Example: libevt and Python-bindings¶
Download the latest source package from: https://github.com/libyal/libevt/releases
mv libevt-alpha-20130923.tar.gz libevt-20130923.tar.gz
rpmbuild -ta libevt-20130923.tar.gz
On a 64-bit version or Fedora 18 this will create the rpm files in the directory:
~/rpmbuild/RPMS/x86_64/
To install the required rpm files run:
sudo rpm -ivh ~/rpmbuild/RPMS/x86_64/libevt-20130923-1.x86_64.rpm ~/rpmbuild/RPMS/x86_64/libevt-python-20130923-1.x86_64.rpm
Pefile¶
TODO describe
Psutil¶
Download the latest source package from: https://pypi.python.org/pypi/psutil
To build rpm files run the following command from the build root directory:
tar xvf psutil-1.2.1.tar.gz
cd psutil-1.2.1/
python setup.py bdist_rpm
cd ..
To install the required rpm files run:
sudo dnf install psutil-1.2.1/dist/psutil-1.2.1.x86_64.rpm
python-gflags¶
Download the latest source package from: https://github.com/google/python-gflags/releases
To build rpm files run the following command from the build root directory:
tar xvf python-gflags-python-gflags-2.0.tar.gz
cd python-gflags-python-gflags-2.0/
python setup.py bdist_rpm
cd ..
To install the required rpm files run:
sudo dnf install python-gflags-python-gflags-2.0/dist/python-gflags-2.0-1.noarch.rpm
Optional dependencies for output modules¶
elasticsearch-py¶
Download the latest source package from: https://github.com/elastic/elasticsearch-py
TODO: describe
XlsxWriter¶
Download the latest source package from: https://github.com/jmcnamara/XlsxWriter/releases
To build rpm files run the following command from the build root directory:
tar xvf XlsxWriter-RELEASE_0.7.3.tar.gz
cd XlsxWriter-RELEASE_0.7.3/
python setup.py bdist_rpm
cd ..
To install the required rpm files run:
sudo dnf install XlsxWriter-RELEASE_0.7.3.tar.gz/dist/XlsxWriter-0.7.3-1.noarch.rpm