plaso Version: 1.4.0+dfsg-2 ImportError: cannot import name protobuf_serializer

Meow-ops commented 8 years ago

Plaso version:

Version: 1.4.0+dfsg-2

Operating system Plaso is running on:

On debian unstable, plaso --help does not work

Installation method:

installed from the debian packages

Description of problem:

When running

plaso --help

the following errors show :

log2timeline.py --help
Traceback (most recent call last):
  File "/usr/bin/log2timeline.py", line 25, in <module>
    from plaso.frontend import log2timeline
  File "/usr/lib/python2.7/dist-packages/plaso/frontend/log2timeline.py", line 15, in <module>
    from plaso import output  # pylint: disable=unused-import
  File "/usr/lib/python2.7/dist-packages/plaso/output/__init__.py", line 11, in <module>
    from plaso.output import pstorage
  File "/usr/lib/python2.7/dist-packages/plaso/output/pstorage.py", line 8, in <module>
    from plaso.storage import zip_file
  File "/usr/lib/python2.7/dist-packages/plaso/storage/zip_file.py", line 101, in <module>
    from plaso.serializer import protobuf_serializer
  File "/usr/lib/python2.7/dist-packages/plaso/serializer/protobuf_serializer.py", line 6, in <module>
    from dfvfs.serializer import protobuf_serializer as dfvfs_protobuf_serializer
ImportError: cannot import name protobuf_serializer

I tried upgrading to the last protobuf version with pip and debian packages but that did not work. Thanks for your help.

Meow-ops commented 8 years ago

it ended up working by uninstalling some packages in pip, while keeping them in the packaging system. Looks like I have a log of cleanup to do.

joachimmetz commented 8 years ago

it ended up working by uninstalling some packages in pip, while keeping them in the packaging system. Looks like I have a log of cleanup to do.

Yes using pip is not recommended without virtualenv or docker.

joachimmetz commented 8 years ago

From: https://github.com/log2timeline/plaso/wiki/Dependencies---Ubuntu#manual-build

Alternative installation methods like installing directly from source, using easy_install or pip are not recommended because when not maintained correctly they can mess up your setup more easily than using deb packages.

mattbrun commented 7 years ago

@sarcarx @joachimmetz same problem here on Kali Rolling...

plaso is in the repos in two packages forensics-all and plaso:

$ apt search plaso
Sorting... Done
Full Text Search... Done
forensics-all/kali-rolling 1.2 all
  Debian Forensics Environment - essential components (metapackage)

plaso/kali-rolling 1.4.0+dfsg-2 all
  super timeline all the things

Either installing plaso through forensics-all and plaso packages results with the same error:

$ log2timeline.py --help
Traceback (most recent call last):
  File "/usr/bin/log2timeline.py", line 25, in <module>
    from plaso.frontend import log2timeline
  File "/usr/lib/python2.7/dist-packages/plaso/frontend/log2timeline.py", line 15, in <module>
    from plaso import output  # pylint: disable=unused-import
  File "/usr/lib/python2.7/dist-packages/plaso/output/__init__.py", line 11, in <module>
    from plaso.output import pstorage
  File "/usr/lib/python2.7/dist-packages/plaso/output/pstorage.py", line 8, in <module>
    from plaso.storage import zip_file
  File "/usr/lib/python2.7/dist-packages/plaso/storage/zip_file.py", line 101, in <module>
    from plaso.serializer import protobuf_serializer
  File "/usr/lib/python2.7/dist-packages/plaso/serializer/protobuf_serializer.py", line 6, in <module>
    from dfvfs.serializer import protobuf_serializer as dfvfs_protobuf_serializer
ImportError: cannot import name protobuf_serializer

Same error for pinfo, preg and psort:

$ pinfo.py --help
Traceback (most recent call last):
  File "/usr/bin/pinfo.py", line 15, in <module>
    from plaso.frontend import analysis_frontend
  File "/usr/lib/python2.7/dist-packages/plaso/frontend/analysis_frontend.py", line 6, in <module>
    from plaso.storage import zip_file as storage_zip_file
  File "/usr/lib/python2.7/dist-packages/plaso/storage/zip_file.py", line 101, in <module>
    from plaso.serializer import protobuf_serializer
  File "/usr/lib/python2.7/dist-packages/plaso/serializer/protobuf_serializer.py", line 6, in <module>
    from dfvfs.serializer import protobuf_serializer as dfvfs_protobuf_serializer
ImportError: cannot import name protobuf_serializer

$ preg.py --help
Traceback (most recent call last):
  File "/usr/bin/preg.py", line 46, in <module>
    from plaso.frontend import preg
  File "/usr/lib/python2.7/dist-packages/plaso/frontend/preg.py", line 15, in <module>
    from plaso.frontend import extraction_frontend
  File "/usr/lib/python2.7/dist-packages/plaso/frontend/extraction_frontend.py", line 26, in <module>
    from plaso.storage import writer as storage_writer
  File "/usr/lib/python2.7/dist-packages/plaso/storage/writer.py", line 6, in <module>
    from plaso.storage import zip_file as storage_zip_file
  File "/usr/lib/python2.7/dist-packages/plaso/storage/zip_file.py", line 101, in <module>
    from plaso.serializer import protobuf_serializer
  File "/usr/lib/python2.7/dist-packages/plaso/serializer/protobuf_serializer.py", line 6, in <module>
    from dfvfs.serializer import protobuf_serializer as dfvfs_protobuf_serializer
ImportError: cannot import name protobuf_serializer

$ psort.py --help
Traceback (most recent call last):
  File "/usr/bin/psort.py", line 23, in <module>
    from plaso.cli.helpers import manager as helpers_manager
  File "/usr/lib/python2.7/dist-packages/plaso/cli/helpers/__init__.py", line 4, in <module>
    from plaso.cli.helpers import elastic_output
  File "/usr/lib/python2.7/dist-packages/plaso/cli/helpers/elastic_output.py", line 8, in <module>
    from plaso.output import elastic
  File "/usr/lib/python2.7/dist-packages/plaso/output/__init__.py", line 11, in <module>
    from plaso.output import pstorage
  File "/usr/lib/python2.7/dist-packages/plaso/output/pstorage.py", line 8, in <module>
    from plaso.storage import zip_file
  File "/usr/lib/python2.7/dist-packages/plaso/storage/zip_file.py", line 101, in <module>
    from plaso.serializer import protobuf_serializer
  File "/usr/lib/python2.7/dist-packages/plaso/serializer/protobuf_serializer.py", line 6, in <module>
    from dfvfs.serializer import protobuf_serializer as dfvfs_protobuf_serializer
ImportError: cannot import name protobuf_serializer

image_export works fine, at least with --help option:

$ image_export.py --help
usage: image_export.py [-h] [-V] [-d] [-q] [--data PATH] [--logfile FILENAME]
                       [-w PATH] [-f FILE_FILTER]
                       [--date-filter TYPE_START_END] [-x EXTENSIONS]
                       [--names NAMES] [--signatures IDENTIFIERS]
                       [--include_duplicates] [--partition PARTITION_NUMBER]
                       [-o IMAGE_OFFSET] [--sector_size BYTES_PER_SECTOR]
                       [--ob IMAGE_OFFSET_BYTES] [--no_vss]
                       [--vss_stores VSS_STORES]
                       [IMAGE]

This is a simple collector designed to export files inside an image, both within a regular RAW image as well as inside a VSS. The tool uses a collection filter that uses the same syntax as a targeted plaso filter.
[...]

I didn't tried to manually install/remove things with pip. This is the dfVFS version it was installed through apt:

$ apt search dfvfs
Sorting... Done
Full Text Search... Done
python-dfvfs/kali-rolling,now 20160510-1 all [installed,automatic]
  Digital Forensics Virtual File System

Any hint on how to make it work without manually messing up dependencies with pip? Thanks for your help. M.

joachimmetz commented 7 years ago

Multiple options here:

remove protobuf from plaso
downgrade dfvfs
run plaso in a virtual env
we have announced a feature freeze and working on bug fixes, that means a 1.5 release candidate is in the pipeline, wait for that or try running plaso from HEAD

log2timeline / plaso

plaso Version: 1.4.0+dfsg-2 ImportError: cannot import name protobuf_serializer #720