BlackArch · noptrix · Nov 24, 2024 · Nov 18, 2024
@@ -0,0 +1,30 @@
+python-acquire
+python-dissect.archive
+python-dissect.btrfs
+python-dissect.cim
+python-dissect.clfs
+python-dissect.cstruct
+python-dissect.esedb
+python-dissect.etl
+python-dissect.eventlog
+python-dissect.evidence
+python-dissect.executable
+python-dissect.extfs
+python-dissect.fat
+python-dissect.ffs
+python-dissect.fve
+python-dissect.hypervisor
+python-dissect.jffs
+python-dissect.ntfs
+python-dissect.ole
+python-dissect.regf
+python-dissect.shellitem
+python-dissect.sql
+python-dissect.squashfs
+python-dissect.target
+python-dissect.thumbcache
+python-dissect.util
+python-dissect.vmfs
+python-dissect.volume
+python-dissect.xfs
+python-flow.record
@@ -0,0 +1,48 @@
+# This file is part of BlackArch Linux ( https://www.blackarch.org/ ).
+# See COPYING for license details.
+
+pkgname=python-acquire
+_pkgname=${pkgname#python-}
+pkgver=3.17.r0.gef2e3d1
+pkgrel=1
+pkgdesc='Quickly gather forensic artifacts from disk images or a live system into a lightweight container.'
+arch=('x86_64' 'aarch64')
+groups=('blackarch' 'blackarch-forensic')
+url='https://github.com/fox-it/acquire'
+license=('AGPL-3.0-or-later')
+depends=('python' 'python-dissect.cstruct' 'python-dissect.target'
+         'python-minio' 'python-pycryptodome' 'python-requests'
+         'python-requests-toolbelt' 'python-rich')
+makedepends=('git' 'python-pip' 'python-build' 'python-installer'
+             'python-wheel' 'python-setuptools' 'python-setuptools-scm')
+options=(!emptydirs)
+source=("git+https://github.com/fox-it/$_pkgname.git")
+sha512sums=('SKIP')
+
+pkgver() {
+  cd $_pkgname
+
+  ( set -o pipefail
+    git describe --long --tags --abbrev=7 2>/dev/null |
+      sed 's/\([^-]*-g\)/r\1/;s/-/./g' ||
+    printf "%s.%s" "$(git rev-list --count HEAD)" \
+      "$(git rev-parse --short=7 HEAD)"
+  )
+}
+
+prepare() {
+  git -C "$srcdir/$_pkgname" clean -dfx
+}
+
+build() {
+  cd $_pkgname
+
+  python -m build --wheel --no-isolation
+}
+
+package() {
+  cd $_pkgname
+
+  python -m installer --destdir="$pkgdir" dist/*.whl
+}
+
@@ -0,0 +1,46 @@
+# This file is part of BlackArch Linux ( https://www.blackarch.org/ ).
+# See COPYING for license details.
+
+pkgname=python-dissect.archive
+_pkgname=${pkgname#python-}
+pkgver=1.3.r0.g5dfad11
+pkgrel=1
+pkgdesc='A Dissect module implementing parsers for various archive and backup formats.'
+arch=('x86_64' 'aarch64')
+groups=('blackarch' 'blackarch-forensic')
+url='https://github.com/fox-it/dissect.archive'
+license=('AGPL-3.0-or-later')
+depends=('python' 'python-dissect.cstruct' 'python-dissect.util')
+makedepends=('git' 'python-pip' 'python-build' 'python-installer'
+             'python-wheel' 'python-setuptools' 'python-setuptools-scm')
+options=(!emptydirs)
+source=("git+https://github.com/fox-it/$_pkgname.git")
+sha512sums=('SKIP')
+
+pkgver() {
+  cd $_pkgname
+
+  ( set -o pipefail
+    git describe --long --tags --abbrev=7 2>/dev/null |
+      sed 's/\([^-]*-g\)/r\1/;s/-/./g' ||
+    printf "%s.%s" "$(git rev-list --count HEAD)" \
+      "$(git rev-parse --short=7 HEAD)"
+  )
+}
+
+prepare() {
+  git -C "$srcdir/$_pkgname" clean -dfx
+}
+
+build() {
+  cd $_pkgname
+
+  python -m build --wheel --no-isolation
+}
+
+package() {
+  cd $_pkgname
+
+  python -m installer --destdir="$pkgdir" dist/*.whl
+}
+
@@ -0,0 +1,47 @@
+# This file is part of BlackArch Linux ( https://www.blackarch.org/ ).
+# See COPYING for license details.
+
+pkgname=python-dissect.btrfs
+_pkgname=${pkgname#python-}
+pkgver=1.6.r0.gfe4bbda
+pkgrel=1
+pkgdesc='A Dissect module implementing a parser for the btrfs file system.'
+arch=('x86_64' 'aarch64')
+groups=('blackarch' 'blackarch-forensic')
+url='https://github.com/fox-it/dissect.btrfs'
+license=('AGPL-3.0-or-later')
+depends=('python' 'python-dissect.cstruct' 'python-dissect.util'
+         'python-zstandard' 'lzo')
+makedepends=('git' 'python-pip' 'python-build' 'python-installer'
+             'python-wheel' 'python-setuptools' 'python-setuptools-scm')
+options=(!emptydirs)
+source=("git+https://github.com/fox-it/$_pkgname.git")
+sha512sums=('SKIP')
+
+pkgver() {
+  cd $_pkgname
+
+  ( set -o pipefail
+    git describe --long --tags --abbrev=7 2>/dev/null |
+      sed 's/\([^-]*-g\)/r\1/;s/-/./g' ||
+    printf "%s.%s" "$(git rev-list --count HEAD)" \
+      "$(git rev-parse --short=7 HEAD)"
+  )
+}
+
+prepare() {
+  git -C "$srcdir/$_pkgname" clean -dfx
+}
+
+build() {
+  cd $_pkgname
+
+  python -m build --wheel --no-isolation
+}
+
+package() {
+  cd $_pkgname
+
+  python -m installer --destdir="$pkgdir" dist/*.whl
+}
+
@@ -0,0 +1,46 @@
+# This file is part of BlackArch Linux ( https://www.blackarch.org/ ).
+# See COPYING for license details.
+
+pkgname=python-dissect.cim
+_pkgname=${pkgname#python-}
+pkgver=3.10.r0.g4d1effc
+pkgrel=1
+pkgdesc='A Dissect module implementing a parser for the Windows Common Information Model (CIM) database, used in the Windows operating system.'
+arch=('x86_64' 'aarch64')
+groups=('blackarch' 'blackarch-forensic')
+url='https://github.com/fox-it/dissect.cim'
+license=('AGPL-3.0-or-later')
+depends=('python' 'python-dissect.cstruct' 'python-dissect.util')
+makedepends=('git' 'python-pip' 'python-build' 'python-installer'
+             'python-wheel' 'python-setuptools' 'python-setuptools-scm')
+options=(!emptydirs)
+source=("git+https://github.com/fox-it/$_pkgname.git")
+sha512sums=('SKIP')
+
+pkgver() {
+  cd $_pkgname
+
+  ( set -o pipefail
+    git describe --long --tags --abbrev=7 2>/dev/null |
+      sed 's/\([^-]*-g\)/r\1/;s/-/./g' ||
+    printf "%s.%s" "$(git rev-list --count HEAD)" \
+      "$(git rev-parse --short=7 HEAD)"
+  )
+}
+
+prepare() {
+  git -C "$srcdir/$_pkgname" clean -dfx
+}
+
+build() {
+  cd $_pkgname
+
+  python -m build --wheel --no-isolation
+}
+
+package() {
+  cd $_pkgname
+
+  python -m installer --destdir="$pkgdir" dist/*.whl
+}
+
@@ -0,0 +1,46 @@
+# This file is part of BlackArch Linux ( https://www.blackarch.org/ ).
+# See COPYING for license details.
+
+pkgname=python-dissect.clfs
+_pkgname=${pkgname#python-}
+pkgver=1.9.r0.gd3e3b7f
+pkgrel=1
+pkgdesc='A Dissect module implementing a parser for the CLFS (Common Log File System) file system of Windows.'
+arch=('x86_64' 'aarch64')
+groups=('blackarch' 'blackarch-forensic')
+url='https://github.com/fox-it/dissect.clfs'
+license=('AGPL-3.0-or-later')
+depends=('python' 'python-dissect.cstruct')
+makedepends=('git' 'python-pip' 'python-build' 'python-installer'
+             'python-wheel' 'python-setuptools' 'python-setuptools-scm')
+options=(!emptydirs)
+source=("git+https://github.com/fox-it/$_pkgname.git")
+sha512sums=('SKIP')
+
+pkgver() {
+  cd $_pkgname
+
+  ( set -o pipefail
+    git describe --long --tags --abbrev=7 2>/dev/null |
+      sed 's/\([^-]*-g\)/r\1/;s/-/./g' ||
+    printf "%s.%s" "$(git rev-list --count HEAD)" \
+      "$(git rev-parse --short=7 HEAD)"
+  )
+}
+
+prepare() {
+  git -C "$srcdir/$_pkgname" clean -dfx
+}
+
+build() {
+  cd $_pkgname
+
+  python -m build --wheel --no-isolation
+}
+
+package() {
+  cd $_pkgname
+
+  python -m installer --destdir="$pkgdir" dist/*.whl
+}
+
@@ -3,17 +3,18 @@
 
 pkgname=python-dissect.cstruct
 _pkgname=${pkgname#python-}
-pkgver=4.2.r2.ged1daf2
+pkgver=4.3.r0.ged1daf2
 pkgrel=1
 pkgdesc='A Dissect module implementing a parser for C-like structures.'
-arch=('any')
+arch=('x86_64' 'aarch64')
+groups=('blackarch' 'blackarch-forensic')
 url='https://github.com/fox-it/dissect.cstruct'
 license=('Apache-2.0')
 depends=('python')
-makedepends=('git' 'lzo' 'python-pip' 'python-build' 'python-installer'
+makedepends=('git' 'python-pip' 'python-build' 'python-installer'
              'python-wheel' 'python-setuptools' 'python-setuptools-scm')
 options=(!emptydirs)
-source=("git+https://github.com/fox-it/$_pkgname")
+source=("git+https://github.com/fox-it/$_pkgname.git")
 sha512sums=('SKIP')
 
 pkgver() {
@@ -28,7 +29,7 @@ pkgver() {
 }
 
 prepare() {
-  git -C "${srcdir}/${_pkgname}" clean -dfx
+  git -C "$srcdir/$_pkgname" clean -dfx
 }
 
 build() {

@@ -0,0 +1,46 @@
+# This file is part of BlackArch Linux ( https://www.blackarch.org/ ).
+# See COPYING for license details.
+
+pkgname=python-dissect.esedb
+_pkgname=${pkgname#python-}
+pkgver=3.14.r0.gb052185
+pkgrel=1
+pkgdesc='A Dissect module implementing a parser for Microsofts Extensible Storage Engine Database (ESEDB), used for example in Active Directory, Exchange and Windows Update.'
+arch=('x86_64' 'aarch64')
+groups=('blackarch' 'blackarch-forensic')
+url='https://github.com/fox-it/dissect.esedb'
+license=('Apache-2.0')
+depends=('python' 'python-dissect.cstruct' 'python-dissect.util')
+makedepends=('git' 'python-pip' 'python-build' 'python-installer'
+             'python-wheel' 'python-setuptools' 'python-setuptools-scm')
+options=(!emptydirs)
+source=("git+https://github.com/fox-it/$_pkgname.git")
+sha512sums=('SKIP')
+
+pkgver() {
+  cd $_pkgname
+
+  ( set -o pipefail
+    git describe --long --tags --abbrev=7 2>/dev/null |
+      sed 's/\([^-]*-g\)/r\1/;s/-/./g' ||
+    printf "%s.%s" "$(git rev-list --count HEAD)" \
+      "$(git rev-parse --short=7 HEAD)"
+  )
+}
+
+prepare() {
+  git -C "$srcdir/$_pkgname" clean -dfx
+}
+
+build() {
+  cd $_pkgname
+
+  python -m build --wheel --no-isolation
+}
+
+package() {
+  cd $_pkgname
+
+  python -m installer --destdir="$pkgdir" dist/*.whl
+}
+
@@ -0,0 +1,47 @@
+# This file is part of BlackArch Linux ( https://www.blackarch.org/ ).
+# See COPYING for license details.
+
+pkgname=python-dissect.etl
+_pkgname=${pkgname#python-}
+pkgver=3.10.r0.g23354d6
+pkgrel=1
+pkgdesc='A Dissect module implementing a parser for Event Trace Log (ETL) files, used by the Windows operating system to log kernel events.'
+arch=('x86_64' 'aarch64')
+groups=('blackarch' 'blackarch-forensic')
+url='https://github.com/fox-it/dissect.etl'
+license=('AGPL-3.0-or-later')
+depends=('python' 'python-defusedxml' 'python-dissect.cstruct'
+         'python-dissect.util')
+makedepends=('git' 'python-pip' 'python-build' 'python-installer'
+             'python-wheel' 'python-setuptools' 'python-setuptools-scm')
+options=(!emptydirs)
+source=("git+https://github.com/fox-it/$_pkgname.git")
+sha512sums=('SKIP')
+
+pkgver() {
+  cd $_pkgname
+
+  ( set -o pipefail
+    git describe --long --tags --abbrev=7 2>/dev/null |
+      sed 's/\([^-]*-g\)/r\1/;s/-/./g' ||
+    printf "%s.%s" "$(git rev-list --count HEAD)" \
+      "$(git rev-parse --short=7 HEAD)"
+  )
+}
+
+prepare() {
+  git -C "$srcdir/$_pkgname" clean -dfx
+}
+
+build() {
+  cd $_pkgname
+
+  python -m build --wheel --no-isolation
+}
+
+package() {
+  cd $_pkgname
+
+  python -m installer --destdir="$pkgdir" dist/*.whl
+}
+