dissect.target.plugins.os.unix.linux.debian.dpkg

Module Contents

Classes

DpkgPlugin

Returns records for package details extracted from dpkg's status and log files.

Functions

read_status_blocks

Yield package status blocks read from fh text stream as the lists of lines.

parse_status_block

Parse package details block from dpkg status file.

parse_log_date_time

parse_log_line

Parse dpkg log file line.

Attributes

STATUS_FILE_NAME

LOG_FILES_GLOB

STATUS_FIELD_MAPPINGS

STATUS_FIELDS_TO_EXTRACT

DpkgPackageStatusRecord

DpkgPackageLogRecord

dissect.target.plugins.os.unix.linux.debian.dpkg.STATUS_FILE_NAME = '/var/lib/dpkg/status'
dissect.target.plugins.os.unix.linux.debian.dpkg.LOG_FILES_GLOB = '/var/log/dpkg.log*'
dissect.target.plugins.os.unix.linux.debian.dpkg.STATUS_FIELD_MAPPINGS
dissect.target.plugins.os.unix.linux.debian.dpkg.STATUS_FIELDS_TO_EXTRACT
dissect.target.plugins.os.unix.linux.debian.dpkg.DpkgPackageStatusRecord
dissect.target.plugins.os.unix.linux.debian.dpkg.DpkgPackageLogRecord
class dissect.target.plugins.os.unix.linux.debian.dpkg.DpkgPlugin(target: dissect.target.target.Target)

Bases: dissect.target.plugin.Plugin

Returns records for package details extracted from dpkg’s status and log files.

__namespace__ = 'dpkg'

Defines the plugin namespace.

check_compatible() None

Perform a compatibility check with the target.

This function should return None if the plugin is compatible with the current target (self.target). For example, check if a certain file exists. Otherwise it should raise an UnsupportedPluginError.

Raises:

UnsupportedPluginError – If the plugin could not be loaded.

status() collections.abc.Iterator[DpkgPackageStatusRecord]

Yield records for packages in dpkg’s status database.

log() collections.abc.Iterator[DpkgPackageLogRecord]

Yield records for actions logged in dpkg’s logs.

dissect.target.plugins.os.unix.linux.debian.dpkg.read_status_blocks(fh: TextIO) collections.abc.Iterator[list[str]]

Yield package status blocks read from fh text stream as the lists of lines.

dissect.target.plugins.os.unix.linux.debian.dpkg.parse_status_block(block_lines: list[str]) dict[str, str]

Parse package details block from dpkg status file.

dissect.target.plugins.os.unix.linux.debian.dpkg.parse_log_date_time(date_str: str, time_str: str, tzinfo: datetime.tzinfo = datetime.timezone.utc) datetime
dissect.target.plugins.os.unix.linux.debian.dpkg.parse_log_line(log_line: str, tzinfo: datetime.tzinfo = datetime.timezone.utc) dict[str, str]

Parse dpkg log file line.