Add PyAFF4 suppport - Githubissues

log2timeline / l2tdevtools

Development tools

Apache License 2.0

10 stars 19 forks source link

Add PyAFF4 suppport #657

Open joachimmetz opened 5 years ago

joachimmetz commented 5 years ago

To unblock https://github.com/log2timeline/dfvfs/issues/362 add PyAFF4 suppport to l2tdevtools and l2tbinaries/GIFT

https://pypi.org/project/PyAFF4/ https://github.com/aff4/pyaff4

@blschatz FYI

WIP: https://github.com/joachimmetz/l2tdevtools/tree/pyaff4

joachimmetz commented 5 years ago

No releases in https://github.com/aff4/pyaff4 and 2017 release in https://pypi.org/project/PyAFF4/

Let's get this updated first, marking as blocked

joachimmetz commented 5 years ago

Looks like this is going to be more involved:

~~future~~
aff4-snappy == 0.5.1
rdflib[sparql] == 4.2.2 (six, isodate, pyparsing)
intervaltree == 2.1.0
pyblake2 >= 0.9.3
expiringdict == 1.1.4
~~pyyaml~~
tzlocal
html5lib
~~python-dateutil~~
fastchunking (pybindgen)

joachimmetz commented 5 years ago

Potential licensing issues:

pyblake2 is public domain

blschatz commented 5 years ago

New release 0.27 in PyPi.

Re the observation that the dependency list is going to be more involved, can you elaborate?

joachimmetz commented 5 years ago

New release 0.27 in PyPi.

Thx

Re the observation that the dependency list is going to be more involved, can you elaborate?

The thing is that plaso ships a packaged version that includes all dependencies for this reason all dependencies need to be compatible with the plaso license (https://github.com/log2timeline/l2tdocs/blob/master/process/Dependencies.md). Seeing the uncertainty around compatibility of PD and FOSS (some context https://opensource.org/node/878) I would need to take a closer look how this affects plaso.

An option might be to make pyaff4 an optional dependency to dfVFS and not ship it as part of the packaged release of plaso. However this means additional steps in the release build process.

blschatz commented 5 years ago

We could make the pyblake2 dependency a soft one - it isn't regularly used.

joachimmetz commented 5 years ago

In general, the less dependencies the easier to deploy. Maybe an alternative approach is to have a pyaff4(-core) and pyaff4-blake (or equiv) split?

joachimmetz commented 5 years ago

What is aff4-snappy, a fork from https://github.com/andrix/python-snappy? Under rekall-innovations (https://github.com/rekall-innovations/aff4-snappy)?

Asked for clarification: https://github.com/aff4/pyaff4/issues/9