diff options
| -rw-r--r-- | app-forensics/volatility3/Manifest | 1 | ||||
| -rw-r--r-- | app-forensics/volatility3/metadata.xml | 29 | ||||
| -rw-r--r-- | app-forensics/volatility3/volatility3-2.0.0.ebuild | 31 |
3 files changed, 61 insertions, 0 deletions
diff --git a/app-forensics/volatility3/Manifest b/app-forensics/volatility3/Manifest new file mode 100644 index 000000000000..696d54487e62 --- /dev/null +++ b/app-forensics/volatility3/Manifest @@ -0,0 +1 @@ +DIST volatility3-2.0.0.tar.gz 427713 BLAKE2B c88f44ad033094c7dbab703d3b5f296bb5329bfb13e375715d79616d042d68f828a895b34be07b48368f33dfab80f063f98bfd1a27c07b6ab2b40ba850dfd673 SHA512 e3ed4f05641af5315f01edd4d0afb608b2d1c8fea49a8d8b4e16b47fd10a3cd25f5c39750374801ec72c5ee8ddc3680f6a68d88a09a40faf166fd8ef1098bbef diff --git a/app-forensics/volatility3/metadata.xml b/app-forensics/volatility3/metadata.xml new file mode 100644 index 000000000000..edbcd55f84f9 --- /dev/null +++ b/app-forensics/volatility3/metadata.xml @@ -0,0 +1,29 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person" proxied="yes"> + <email>mario.haustein@hrz.tu-chemnitz.de</email> + <name>Mario Haustein</name> + </maintainer> + <maintainer type="person"> + <email>sam@gentoo.org</email> + <name>Sam James</name> + </maintainer> + <longdescription> + Volatility is the world's most widely used framework for extracting + digital artifacts from volatile memory (RAM) samples. The extraction + techniques are performed completely independent of the system being + investigated but offer visibility into the runtime state of the system. + </longdescription> + <use> + <flag name='crypt'>support plugins that decrypt passwords, password hashes, etc.</flag> + <flag name='disasm'>support plugins that perform malware analysis and disassemble code</flag> + <flag name='jsonschema'>improve error messages regarding improperly configured ISF files</flag> + <flag name='leechcore'>support memory acquisition via leechcore</flag> + <flag name='snappy'>support AVMLs native compression format</flag> + <flag name='yara'>support YARA pattern matching engine</flag> + </use> + <upstream> + <remote-id type="github">volatilityfoundation/volatility3</remote-id> + </upstream> +</pkgmetadata> diff --git a/app-forensics/volatility3/volatility3-2.0.0.ebuild b/app-forensics/volatility3/volatility3-2.0.0.ebuild new file mode 100644 index 000000000000..e36930a8b1a5 --- /dev/null +++ b/app-forensics/volatility3/volatility3-2.0.0.ebuild @@ -0,0 +1,31 @@ +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{8..10} ) + +inherit distutils-r1 + +MY_PV=${PV//_beta/-beta.} + +DESCRIPTION="Framework for analyzing volatile memory" +HOMEPAGE="https://github.com/volatilityfoundation/volatility3/ https://www.volatilityfoundation.org/" +SRC_URI="https://github.com/volatilityfoundation/volatility3/archive/v${MY_PV}.tar.gz -> ${P}.tar.gz" +S="${WORKDIR}"/${PN}-${MY_PV} + +LICENSE="GPL-2+" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="crypt disasm jsonschema leechcore snappy yara" + +RDEPEND=" + >=dev-python/pefile-2017.8.1[${PYTHON_USEDEP}] + crypt? ( >=dev-python/pycryptodome-3[${PYTHON_USEDEP}] ) + disasm? ( >=dev-libs/capstone-3.0.5[python,${PYTHON_USEDEP}] ) + jsonschema? ( >=dev-python/jsonschema-2.3.0[${PYTHON_USEDEP}] ) + leechcore? ( >=dev-python/leechcorepyc-2.4.0[${PYTHON_USEDEP}] ) + snappy? ( >=dev-python/snappy-0.6.0[${PYTHON_USEDEP}] ) + yara? ( >=dev-python/yara-python-3.8.0[${PYTHON_USEDEP}] ) +" +DEPEND="${RDEPEND}" |