Ticket #42457: Portfile

# $Id: Portfile 70206 2010-08-01 23:28:25Z ryandesign@macports.org $

PortSystem          1.0
PortGroup           python 1.0

name                volatility
version             2.3.1
categories          security
platforms           darwin
maintainers         yahoo.fr:jul_bsd openmaintainer
license             GPL-2+

description         collection of tools for the extraction of digital \
                    artifacts from volatile memory (RAM) samples

long_description    The Volatility Framework is a completely open collection \
                    of tools for the extraction of digital artifacts from \
                    volatile memory (RAM) samples. The extraction techniques \
                    are performed completely independent of the system being \
                    investigated but offer unprecedented visibilty into the \
                    runtime state of the system. The framework is intended \
                    to introduce people to the techniques and complexities \
                    associated with extracting digital artifacts from \
                    volatile memory samples and provide a platform for \
                    further work into this exciting area of research.

homepage            https://code.google.com/p/volatility/
distfiles-append    MacProfilesAll.zip

supported_archs     noarch
python.versions     26 27
python.default_version     27

depends_run-append  port:yara

post-patch {
    reinplace "s|import sys|import sys\\\nsys.path.append('${python.pkgd}')|" \
        ${worksrcpath}/volatility
    reinplace "s|^#!c:\\\\python\\\\python.exe|#!${python.bin}|" \
        ${worksrcpath}/volatility
}

post-destroot {
    xinstall -d ${destroot}${prefix}/share/doc/${name}
    xinstall -m 644 -W ${worksrcpath} \
        AUTHORS.txt \
        CHANGELOG.txt \
        CREDITS.txt \
        LEGAL.txt \
        LICENSE.txt \
        README.txt \
        ${destroot}${prefix}/share/doc/${name}

    xinstall -d ${destroot}${prefix}/share/examples/${name}
    copy ${distpath}/MacProfilesAll.zip ${destroot}${prefix}/share/examples/${name}/
}

if {${subport} eq ${name}} {

    master_sites        googlecode

    checksums           volatility-${version}.tar.gz \
                        rmd160  621de1bf164e604314baeca42de9114c5289e67a \
                          sha256  bb1411fc671e0bf550a31e534fb1991b2f940f1dce1ebe4ce2fb627aec40726c \
                        MacProfilesAll.zip \
                        rmd160  b52ed3412093f72b75a2cc167a589c49d2cf3d6f \
                        sha256  455815a7b51e7ff1d6cbcae1850433174020687d0c3cd080fd81d2def21a789b

}

subport ${name}-devel {
    conflicts  ${name}

    fetch.type          svn
    svn.url             http://volatility.googlecode.com/svn/trunk
    ## Note: currently not tag/branch outside of releases
    svn.revision        r3588
    worksrcdir          trunk
    checksums           MacProfilesAll.zip \
                        rmd160  b52ed3412093f72b75a2cc167a589c49d2cf3d6f \
                        sha256  455815a7b51e7ff1d6cbcae1850433174020687d0c3cd080fd81d2def21a789b
}

notes "
You may need some kernel profile depending on memory image you want to analyze.
See https://code.google.com/p/volatility/wiki/MacMemoryForensics
"

livecheck.type      regex
livecheck.regex     "Download the latest release: <a href=\"https://code.google.com/p/volatility/downloads/list\" rel=\"nofollow\">Volatility Framework (\\d+(?:\\.\\d+)*)</a>"