Linux

Below the instructions how to set up a build environment on Linux:

  • Ubuntu 12.04 and Linux Mint.
  • Fedora Core 20
Note that if sections are marked as WIP it means they are work in progress.

To check if you have all the dependencies installed you can run:
python utils/check_dependencies.py

Ubuntu 12.04/Linux Mint

TL;DR There is a quick and "dirty" way of installing plaso from source if you are on an Ubuntu system (ATM not for Linux Mint). All the dependencies have been built into debian packages and can be easily installed via a small script.

Download the "Ubuntu 12.04 dependency pack" from the code site: https://googledrive.com/host/0B30H7z4S52FleW5vUHBnblJfcjg/

And then the installation can be as simple as:
tar xfvz ubuntu_12_04_dependency_pack.tgz 
cd plaso_source_install
./install_missing_packages.sh

(p.s. don't run the install script as root, it will use sudo as appropriate).

This should be enough, and both plaso and all dependencies should be installed. N.b. it should be iterated that this install script and dependencies have only been tested on a stock Ubuntu 12.04, if you've already installed some of these dependencies or if there are some conflicting versions of some of the depending software this script may fail, forcing you either to manually debug the script/packages provided there or to go through the manual process of installing the tool, following the instructions provided below.

Below the instructions how to set up a build environment on Ubuntu 12.04 and Linux Mint.

First of all make sure your Ubuntu/Mint installation is up to date:
sudo apt-get update
sudo apt-get upgrade

Prebuilt binaries

Follow the steps below to build the following packages from source or grab one of the prebuilt versions:

Build essentials

Make sure the necessary building tools and development packages are installed on the system:
sudo apt-get install build-essential autotools-dev python-dev debhelper fakeroot quilt git mercurial python-dateutil python-setuptools libtool automake

For some of the dependent packages you also require:
sudo apt-get install libfuse-dev

For ease of maintenance we create/use as much package files as possible.

First create a build root directory:
mkdir plaso-build/

Bencode

To install bencode run:
sudo apt-get install python-bencode

Binplist

To install Binplist acquire the source package from the Downloads section of: https://code.google.com/p/binplist/

tar xvf binplist-0.1.4.tar.gz

cd binplist-0.1.4/

cp -rf config/dpkg debian


dpkg-buildpackage -rfakeroot

This will create the following files in the plaso-build directory:

binplist_0.1.4-1_all.deb


For plaso you'll need to install the Python library:

sudo dpkg -i binplist_0.1.4-1_all.deb


Construct

Install the six dependency:
sudo apt-get install python-six

Download the latest 2.x version from http://construct.readthedocs.org/en/latest/ and the Debian packaging files.

tar zxfv construct-2.5.1.tar.gz
cd construct-2.5.1/
tar zxfv ../construct-2.5.1-dpkg.tar.gz
cp -rf dpkg debian

To build the debian package:
dpkg-buildpackage -rfakeroot

This will create the following files in the plaso-build directory:
construct_2.5.1-1_all.deb

For plaso you'll need to install the Python module:
sudo dpkg -i construct_2.5.1-1_all.deb

dfVFS

The dfVFS build instructions can be found here. Note that for dfVFS to function correctly several dependencies, like pytsk, mentioned later in the plaso Ubuntu 12.04 build instructions, are required.


To install dfVFS download the source package from the downloads page.

tar xvf dfvfs-20140219.tar.gz

cd dfvfs-20140219/

cp -rf dpkg debian


dpkg-buildpackage -rfakeroot

This will create the following files in the plaso-build directory:

python-dfvfs_20140219-1_all.deb


For plaso you'll need to install the Python library:

sudo dpkg -i python-dfvfs_20140219-1_all.deb


DPKT

To install dpkt run:
sudo apt-get install python-dpkt

Hachoir

To install hachoir run:
sudo apt-get install python-hachoir-core python-hachoir-metadata python-hachoir-parser

Libprotobuf and Python-bindings

To install libprotobuf and Python-bindings run:
sudo apt-get install libprotobuf7 python-protobuf

Libyal and Python-bindings

The following instructions apply to:

Note that both libewf and libqcow have zlib as a dependency.

Since the building process for the libyal libraries is very similar, building libevt in the following paragraph is provided as an example.
More detailed instructions can be found on the Building wiki site of the individual projects.

Example: libevt and Python-bindings

Grab the latest libevt source package from the Downloads section of: http://code.google.com/p/libevt

E.g. libevt-alpha-20130923.tar.gz

tar xfv libevt-alpha-20130923.tar.gz
cd libevt-20130923
cp -rf dpkg debian
dpkg-buildpackage -rfakeroot

This will create the following files in the plaso-build directory:
libevt_20130923-1_amd64.deb
libevt-dev_20130923-1_amd64.deb
libevt-python_20130923-1_amd64.deb
libevt-tools_20130923-1_amd64.deb

For plaso you'll need to install the library and the Python-bindings:
sudo dpkg -i libevt_20130923-1_amd64.deb libevt-python_20130923-1_amd64.deb

Batch build

Note that the libyal libraries and Python-bindings also can be build in batch.

Tough you have to make sure you've set up your build system correctly first.

Get libyal-sync.py from the libyal git repository:
git clone https://code.google.com/p/libyal/

Make sure the required libraries are in LIBYAL_LIBRARIES in libyal-sync.py.

Then run libyal-sync e.g. to build with dpkg-buildpackage and create deb files:
cd plaso-build/
python libyal-sync.py dpkg

You should end up with multiple deb files inside the plaso-build directory.

More information regarding libyal-sync can be found here.

Libyaml and Python-bindings

To install libyaml and Python-bindings run:

sudo apt-get install libyaml-0-2 python-yaml

Sleuthkit 4.1.2 and Pytsk

Sleuthkit 4.1.2

Download the Sleuthkit 4.1.2 source from: www.sleuthkit.org.

At the moment it recommended to download the development version instead of the stable version due to bug fixes:
git clone https://github.com/sleuthkit/sleuthkit

Download the Debian packaging files.

To build the debian packages:
tar xfv sleuthkit-4.1.2.tar.gz
cd sleuthkit-4.1.2
tar xfv ../sleuthkit-4.1.2-dpkg.tar.gz
cp -rf dpkg debian
dpkg-buildpackage -rfakeroot

This will create the following files in the plaso-build directory:
sleuthkit_4.1.2-1_amd64.deb
libtsk_4.1.2-1_amd64.deb
libtsk-dev_4.1.2-1_amd64.deb

For plaso you'll need to install the library and development files to build the Pytsk Python-bindings:
sudo dpkg -i libtsk_4.1.2-1_amd64.deb libtsk-dev_4.1.2-1_amd64.deb

Pytsk

To download Pytsk you'll need to install the mercurial tools:
sudo apt-get install mercurial

To build Pytsk you'll need to install libtalloc and development files:
sudo apt-get install libtalloc2 libtalloc-dev

Download the latest version of Pytsk:
hg clone https://code.google.com/p/pytsk/
cd pytsk
cp -rf dpkg debian

To build the debian package:
dpkg-buildpackage -rfakeroot

This will create the following files in the plaso-build directory:
pytsk3_4.1.2-1_amd64.deb

For plaso you'll need to install the Pytsk Python-bindings:
sudo dpkg -i pytsk3_4.1.2-1_amd64.deb

PyParsing

To install PyParsing run:
sudo apt-get install python-pyparsing

Python modules

To install the necessary Python-modules run:
sudo apt-get install python-tz

IPython

By default Ubuntu 12.04 comes with IPython 0.12. Plaso requires version 0.13 or later.

To install lPython run:

sudo apt-get install ipython

TODO describe


Plaso

Grab a copy of the latest version of plaso.
git clone https://code.google.com/p/plaso/

PyLint

If you intend to do development on plaso you'll also need to install PyLint
By default Ubuntu 12.04 comes with PyLint 0.25. Plaso requires version 0.26 or later but we recommend updating to version 1.0.0 or later.
To update to version 1.0.0 follow the steps mentioned below.

Remove any older version of PyLint.
sudo apt-get remove pylint

Install the necessary dependencies for building PyLint:
sudo aptitude install python-epydoc graphviz python-unittest2

Download and build the python-logilab-common Debian package:
hg clone http://hg.logilab.org/logilab/common
cd common
dpkg-buildpackage -rfakeroot
cd ..

Since you're building from development branch it can be possible that you need to disable any failing tests.
Either report these as bugs to the PyLint project or fix them yourself.

Download and build the python-astroid Debian package:
hg clone https://bitbucket.org/logilab/astroid
cd astroid
dpkg-buildpackage -rfakeroot
cd ..


Download and build the pylint Debian package:
hg clone https://bitbucket.org/logilab/pylint
cd pylint
dpkg-buildpackage -rfakeroot
cd ..


Install the python-logilab-common, python-astroid and pylint Debian packages:
sudo dpkg -i python-logilab-common_0.60.0-1_all.deb python-astroid_1.0.1-1_all.deb pylint_1.0.0-1_all.deb

Fedora Core 20

Below the instructions how to set up a build environment on Fedora Core 20.

First of all make sure your Fedora installation is up to date:
sudo yum update

Build essentials

Make sure the necessary building tools and development packages are installed on the system:
sudo yum groupinstall "Development Tools"
sudo yum install gcc-c++ flex byacc 
rpm-build python-devel git mercurial python-dateutil python-setuptools

For some of the dependent packages you also require:
sudo yum install zlib-devel bzip2-devel openssl-devel fuse-devel

For ease of maintenance we create/use as much package files as possible.

First create a build root directory:
mkdir plaso-build/

Bencode

To install bencode acquire the source package from: https://pypi.python.org/pypi/bencode
tar xvf bencode-1.0.tar.gz 
cd bencode-1.0/

python setup.py bdist_rpm
sudo rpm -ivh dist/bencode-1.0-1.noarch.rpm

Binplist

To install binplist acquire the source package from the Downloads section of: https://code.google.com/p/binplist/

tar xvf binplist-0.1.4.tar.gz

cd binplist-0.1.4/


python setup.py bdist_rpm

sudo rpm -ivh dist/binplist-0.1.4-1.noarch.rpm


Construct

To install the distributed version of construct run:

sudo yum install python-construct python-six


Using easy_install

To install construct, the binary parsing library use easy_install:
sudo easy_install construct

From source

Install the six dependency:
sudo yum install python-six

Get the latest 2.x version from http://construct.readthedocs.org/en/latest/

tar xfv construct-2.5.1.tar.gz
cd construct-2.5.1/
python setup.py bdist_rpm
sudo rpm -ivh dist/construct-2.5.1-1.noarch.rpm

Note that this package could conflict with the distributed package.

dfVFS

The dfVFS build instructions can be found here. Note that for dfVFS to function correctly several dependencies, like pytsk, mentioned later in the plaso Ubuntu 12.04 build instructions, are required.


To install dfVFS download the source package from the downloads page.

tar xvf dfvfs-20140219.tar.gz

cd dfvfs-20140219/

python setup.py bdist_rpm


This will create the following files in the dist sub directory:

dfvfs-20140219-1.noarch.rpm


For plaso you'll need to install the Python library:

sudo rpm -ivh dist/dfvfs-20140219-1.noarch.rpm

DPKT

Get the latest dpkt version from: https://code.google.com/p/dpkt/

Currently there are multiple issues with dpkt one of which is: https://code.google.com/p/dpkt/issues/detail?id=34

tar xvf dpkt-1.8.tar.gz 
cd dpkt-1.8/

Edit the file:
dpkt/ip.py

On line 252 change:
mod = __import__(name, g)

into:
mod = __import__('dpkt.{}'.format(name), g)

python setup.py bdist_rpm
sudo rpm -ivh dist/dpkt-1.8-1.noarch.rpm

Hachoir

To install hachoir download the core, parser and metadata package from: https://bitbucket.org/haypo/hachoir/wiki/Install/source, e.g.
  • hachoir-core-1.3.3.tar.gz
  • hachoir-parser-1.3.4.tar.gz
  • hachoir-metadata-1.3.3.tar.gz

hachoir-core

To install hachoir-core run:
python setup.py build bdist_rpm

This will create several files in the dist sub directory.

For plaso you'll need to install the noarch package:
sudo rpm -ivh dist/hachoir-core-1.3.3-1.noarch.rpm

hachoir-parser

To install hachoir-parser run:
python setup.py build bdist_rpm

This will create several files in the dist sub directory.

For plaso you'll need to install the noarch package:
sudo rpm -ivh dist/hachoir-parser-1.3.4-1.noarch.rpm

Note that hachor-parser is dependent on hachoir-core.

hachoir-metadata

To install hachoir-parser run:
python setup.py build bdist_rpm

This will create several files in the dist sub directory.

For plaso you'll need to install the noarch package:
sudo rpm -ivh dist/hachoir-metadata-1.3.3-1.noarch.rpm

Note that hachor-metdata is dependent on hachoir-core and hachoir-parser.

Libprotobuf and Python-bindings

To install libprotobuf and Python-bindings run:
sudo yum install protobuf-python

If you intend to do development on plaso and change the protobuf definitions, you'll also need to install the protobuf compiler (protoc).
sudo yum install protobuf-compiler

Libyal and Python-bindings

The following instructions apply to:

Note that both libewf and libqcow have zlib as a dependency.

Since the building process for the libyal libraries is very similar, building libevt in the following paragraph is provided as an example.
More detailed instructions can be found on the Building wiki site of the individual projects.

Example: libevt and Python-bindings

Grab the latest libevt source package from the Downloads section of: http://code.google.com/p/libevt

E.g. libevt-alpha-20130923.tar.gz

mv libevt-alpha-20130923.tar.gz libevt-20130923.tar.gz
rpmbuild -ta libevt-20130923.tar.gz

On a 64-bit version or Fedora 18 this will create the rpm files in the directory:
~/rpmbuild/RPMS/x86_64/

For plaso you'll need to install the library and the Python-bindings:
sudo rpm -ivh ~/rpmbuild/RPMS/x86_64/libevt-20130923-1.x86_64.rpm ~/rpmbuild/RPMS/x86_64/libevt-python-20130923-1.x86_64.rpm

Batch build

Note that the libyal libraries and Python-bindings also can be build in batch.

Tough you have to make sure you've set up your build system correctly first.

Get libyal-sync.py from the libyal git repository:
git clone https://code.google.com/p/libyal/

Make sure the required libraries are in LIBYAL_LIBRARIES in libyal-sync.py.

Then run libyal-sync e.g. to build with rpmbuild and create rpm files:
cd plaso-build/
python libyal-sync.py rpm

You should end up with multiple rpm files inside the ~/rpmbuild/RPMS/ directory

More information regarding libyal-sync can be found here.

Libyaml and Python-bindings

To install libyaml and Python-bindings run:

sudo yum install libyaml PyYAML

Sleuthkit 4.1.2

First make sure to remove any other installation of the sleuthkit.

If rpmbuild does not exits, which should not happen if you ran the previous rpmbuild commands, but just incase, set-up the necessary directories:
mkdir ~/rpmbuild
mkdir ~/rpmbuild/SOURCES
mkdir ~/rpmbuild/SPECS

Download sleuthkit-4.1.2.tar.gz from www.sleuthkit.org.

At the moment it recommended to download the development version instead of the stable version due to bug fixes:
git clone https://github.com/sleuthkit/sleuthkit
cd 
sleuthkit
./bootstrap
./configure
make dist

Move sleuthkit-4.1.2.tar.gz into ~/rpmbuild/SOURCES/

Download sleuthkit.spec and move it into ~/rpmbuild/SPECS/

cd rpmbuild
rpmbuild -ba SPECS/sleuthkit.spec

On a 64-bit version or Fedora 18 this will create the rpm files in the directory:
~/rpmbuild/RPMS/x86_64/

The names of the library and development package are intentionally named differently then those available on Fedora 18.

For plaso you'll need to install the library and the development files.
sudo rpm -ivh RPMS/x86_64/sleuthkit-libs-4.1.2-1.x86_64.rpm RPMS/x86_64/sleuthkit-devel-4.1.2-1.x86_64.rpm

Pytsk

To download Pytsk you'll need to install the mercurial tools:
sudo yum install mercurial

To build Pytsk you'll need to install libtalloc and development files:
sudo yum install libtalloc libtalloc-devel

Download the latest version of Pytsk:
hg clone https://code.google.com/p/pytsk/
cd pytsk

Run:
python setup.py bdist_rpm

This will create several files in the dist sub directory.

For plaso you'll need to install the Pytsk Python-bindings e.g. for a 64-bit build of pytsk:
sudo rpm -ivh dist/pytsk3-4.1.2-1.x86_64.rpm

PyParsing

To install the necessary Python-modules run:
sudo yum install pyparsing

Python modules

To install the necessary Python-modules run:
sudo yum install pytz

IPython

To install lPython run:

sudo yum install ipython

Plaso

Grab a copy of the latest version of plaso.
git clone https://code.google.com/p/plaso/

PyLint

If you intend to do development on plaso you'll also need to install PyLint
sudo yum install pylint

Comments