app-forensics/volatility3: add 2.7.0

Signed-off-by: Mario Haustein <[email protected]>
Signed-off-by: Arthur Zamarin <[email protected]>

app-forensics/volatility3/Manifest

@@ -1,4 +1,5 @@
 DIST volatility3-2.4.1.gh.tar.gz 486648 BLAKE2B 7f00ec6b57eb9ef6420f4c1aa735203fbd51fca39aa13200eb821d13842f879c8743f63da7c5bbcf7d84a2850709a15c0aadc2b0311edbdf34dfa026f2a3dcd6 SHA512 5f785a778654b76fc85b7b82b2e9ba9e6315a99169d4d956a9af84ae91086e7a38cac343b7df0f00d6830361c77d377408bf8eab3679c161c8a02212c696389c
 DIST volatility3-2.5.2.gh.tar.gz 506557 BLAKE2B d6ea1b4a1fad3bcda8fbb38372a492d59659061e2cb9e7915a4f5d46af2fcdba0402b83575e5b5017f00f32975e98281c2885d7c9cfa576a3ee4a41f75f126a7 SHA512 02cfd06928f1667ec481e776c45e954d4a40fa6da6ffbdd30e0980bd5d09ce70d0e31de6e352a833c36045e67c2120ea6a10e2d3ec1327e9e4e4e1c2af494fcf
+DIST volatility3-2.7.0.gh.tar.gz 523445 BLAKE2B aa7209be5a3cb33b2f5b9fac52e3098407926b8135d2d5566746e0156d3873195ce9161e5652c2abf80e9bfd2955e7d02985ce75ac7fca3559d821866d0302cf SHA512 bb9f79604ce2e647d42a1003941802a69ecdf845c1400b1d3f67e13494a228c99269478d635fbcdcde8ae67b792b73e07e7e26ce9a8e2e7b80185af7cc7ac3c0
 DIST volatility3-linux-sample-1.bin.gz 143967523 BLAKE2B 3321e991a50b6e4ccf19e0ee48d779664f43f4cdbdb950ca31a5d08c8ee9de0018e2d4f69f42206f7e8f1c6ea735c47f8aa42806ed0f85e9a837b611f07b3289 SHA512 82a34aa1d4e7d7deb9ea12e892f14ba0a28908b2da2e31ca76efd1e9e59d87769064a1ffffe8979a58b992cea7005fa20954df50984dbe1dd186513ad95168d7
 DIST volatility3-win-xp-laptop-2005-06-25.img.gz 180343409 BLAKE2B 9fc10ddb9208d7023854e9619f6cf5ce140f2a2aa5772ccd8bcd852dd50c6f77e36298dbf7df1512334e7976b6ab35dd77f4c49505e531c3a289dd0f26cfc01e SHA512 a1f758cc1b4febcf11f64bc01b872c7528d19c686d81f8e03d742424fa0600254914e656cdf35c3752b406354f769a8aa256622b2f2afe2d691c4bb6d3be3f52

app-forensics/volatility3/volatility3-2.7.0.ebuild

@@ -0,0 +1,60 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+DISTUTILS_USE_PEP517=setuptools
+PYTHON_COMPAT=( python3_{10..12} )
+inherit distutils-r1
+
+MY_PV=${PV//_beta/-beta.}
+
+DESCRIPTION="Framework for analyzing volatile memory"
+HOMEPAGE="https://github.com/volatilityfoundation/volatility3/ https://www.volatilityfoundation.org/"
+SRC_URI="
+	https://github.com/volatilityfoundation/volatility3/archive/v${MY_PV}.tar.gz -> ${P}.gh.tar.gz
+	test?
+	(
+		https://downloads.volatilityfoundation.org/volatility3/images/win-xp-laptop-2005-06-25.img.gz -> ${PN}-win-xp-laptop-2005-06-25.img.gz
+		https://downloads.volatilityfoundation.org/volatility3/images/linux-sample-1.bin.gz -> ${PN}-linux-sample-1.bin.gz
+	)
+"
+S="${WORKDIR}"/${PN}-${MY_PV}
+
+LICENSE="GPL-2+"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="crypt disasm jsonschema leechcore snappy test yara"
+
+# We need to select *all* subslots of app-arch/snappy which select
+# SONAME=libsnappy.so.1. See (https://github.com/gentoo/gentoo/pull/30585#discussion_r1167753625)
+RDEPEND="
+	>=dev-python/pefile-2023.2.7[${PYTHON_USEDEP}]
+	crypt? ( >=dev-python/pycryptodome-3[${PYTHON_USEDEP}] )
+	disasm? ( >=dev-libs/capstone-3.0.5[python,${PYTHON_USEDEP}] )
+	jsonschema? ( >=dev-python/jsonschema-2.3.0[${PYTHON_USEDEP}] )
+	leechcore? ( >=dev-python/leechcorepyc-2.4.0[${PYTHON_USEDEP}] )
+	snappy? (
+		|| (
+			app-arch/snappy:0/1.1
+			app-arch/snappy:0/1.2
+		)
+	)
+	yara? ( >=dev-python/yara-python-3.8.0[${PYTHON_USEDEP}] )
+"
+DEPEND="${RDEPEND}"
+
+# Tests require optional features
+REQUIRED_USE="test? ( yara )"
+
+RESTRICT="!test? ( test )"
+
+python_test() {
+	# see .github/workflows/test.yaml
+	"${EPYTHON}" "${S}/test/test_volatility.py" --volatility=vol.py \
+		--image "${WORKDIR}/${PN}-win-xp-laptop-2005-06-25.img" -k test_windows -v || \
+		die "Tests fail with ${EPYTHON}"
+	"${EPYTHON}" "${S}/test/test_volatility.py" --volatility=vol.py \
+		--image "${WORKDIR}/${PN}-linux-sample-1.bin" -k test_linux -v || \
+		die "Tests fail with ${EPYTHON}"
+}