dissect.target 3.16.dev23__py3-none-any.whl → 3.16.dev25__py3-none-any.whl

dissect/target/filesystem.py

@@ -1588,5 +1588,7 @@ register("btrfs", "BtrfsFilesystem")
 register("exfat", "ExfatFilesystem")
 register("squashfs", "SquashFSFilesystem")
 register("zip", "ZipFilesystem")
+register("tar", "TarFilesystem")
+register("cpio", "CpioFilesystem")
 register("ad1", "AD1Filesystem")
 register("jffs", "JFFSFilesystem")

dissect/target/filesystems/cpio.py

@@ -0,0 +1,18 @@
+from typing import BinaryIO, Optional
+
+from dissect.util import cpio
+
+from dissect.target.filesystems.tar import TarFilesystem
+from dissect.target.helpers.fsutil import open_decompress
+
+
+class CpioFilesystem(TarFilesystem):
+    __type__ = "cpio"
+
+    def __init__(self, fh: BinaryIO, base: Optional[str] = None, *args, **kwargs):
+        super().__init__(open_decompress(fileobj=fh), base, tarinfo=cpio.CpioInfo, *args, **kwargs)
+
+    @staticmethod
+    def _detect(fh: BinaryIO) -> bool:
+        """Detect a cpio file on a given file-like object."""
+        return cpio.detect_header(open_decompress(fileobj=fh)) != cpio.FORMAT_CPIO_UNKNOWN

dissect/target/helpers/fsutil.py

@@ -20,6 +20,13 @@ try:
 except ImportError:
     HAVE_BZ2 = False
 
+try:
+    import zstandard
+
+    HAVE_ZSTD = True
+except ImportError:
+    HAVE_ZSTD = False
+
 import dissect.target.filesystem as filesystem
 from dissect.target.exceptions import FileNotFoundError, SymlinkRecursionError
 from dissect.target.helpers.polypath import (
@@ -445,17 +452,22 @@ def resolve_link(
 
 
 def open_decompress(
-    path: TargetPath,
+    path: Optional[TargetPath] = None,
     mode: str = "rb",
+    *,
+    fileobj: Optional[BinaryIO] = None,
     encoding: Optional[str] = "UTF-8",
     errors: Optional[str] = "backslashreplace",
     newline: Optional[str] = None,
 ) -> Union[BinaryIO, TextIO]:
-    """Open and decompress a file. Handles gz and bz2 files. Uncompressed files are opened as-is.
+    """Open and decompress a file. Handles gz, bz2 and zstd files. Uncompressed files are opened as-is.
+
+    When passing in an already opened ``fileobj``, the mode, encoding, errors and newline arguments are ignored.
 
     Args:
         path: The path to the file to open and decompress. It is assumed this path exists.
         mode: The mode in which to open the file.
+        fileobj: The file-like object to open and decompress. This is mutually exclusive with path.
         encoding: The decoding for text streams. By default UTF-8 encoding is used.
         errors: The error handling for text streams. By default we're more lenient and use ``backslashreplace``.
         newline: How newlines are handled for text streams.
@@ -469,7 +481,17 @@ def open_decompress(
         for line in open_decompress(Path("/dir/file.gz"), "rt"):
             print(line)
     """
-    file = path.open()
+    if path and fileobj:
+        raise ValueError("path and fileobj are mutually exclusive")
+
+    if not path and not fileobj:
+        raise ValueError("path or fileobj is required")
+
+    if path:
+        file = path.open("rb")
+    else:
+        file = fileobj
+
     magic = file.read(4)
     file.seek(0)
 
@@ -480,13 +502,22 @@ def open_decompress(
 
     if magic[:2] == b"\x1f\x8b":
         return gzip.open(file, mode, encoding=encoding, errors=errors, newline=newline)
-    # In a valid bz2 header the 4th byte is in the range b'1' ... b'9'.
-    elif HAVE_BZ2 and magic[:3] == b"BZh" and 0x31 <= magic[3] <= 0x39:
+
+    if HAVE_BZ2 and magic[:3] == b"BZh" and 0x31 <= magic[3] <= 0x39:
+        # In a valid bz2 header the 4th byte is in the range b'1' ... b'9'.
         return bz2.open(file, mode, encoding=encoding, errors=errors, newline=newline)
-    else:
+
+    if HAVE_ZSTD and magic[:4] in [b"\xfd\x2f\xb5\x28", b"\x28\xb5\x2f\xfd"]:
+        # stream_reader is not seekable, so we have to resort to the less
+        # efficient decompressor which returns bytes.
+        return io.BytesIO(zstandard.decompress(file.read()))
+
+    if path:
         file.close()
         return path.open(mode, encoding=encoding, errors=errors, newline=newline)
 
+    return file
+
 
 def reverse_readlines(fh: TextIO, chunk_size: int = 1024 * 1024 * 8) -> Iterator[str]:
     """Like iterating over a ``TextIO`` file-like object, but starting from the end of the file.

dissect/target/plugin.py

@@ -932,6 +932,8 @@ class NamespacePlugin(Plugin):
             try:
                 subplugin = getattr(self.target, entry)
                 self._subplugins.append(subplugin)
+            except UnsupportedPluginError:
+                target.log.warning("Subplugin %s is not compatible with target.", entry)
             except Exception:
                 target.log.exception("Failed to load subplugin: %s", entry)
 

dissect/target/plugins/os/unix/locate/gnulocate.py

@@ -0,0 +1,92 @@
+from __future__ import annotations
+
+from typing import BinaryIO, Iterable
+
+from dissect.cstruct import cstruct
+
+from dissect.target.exceptions import UnsupportedPluginError
+from dissect.target.helpers.record import TargetRecordDescriptor
+from dissect.target.plugin import export
+from dissect.target.plugins.os.unix.locate.locate import BaseLocatePlugin
+
+gnulocate_def = """
+#define MAGIC 0x004c4f43415445303200             /* b'/x00LOCATE02/x00' */
+
+struct entry {
+    int8 offset;
+    char path[];
+}
+"""
+
+GNULocateRecord = TargetRecordDescriptor(
+    "linux/locate/gnulocate",
+    [
+        ("path", "path"),
+        ("string", "source"),
+    ],
+)
+
+c_gnulocate = cstruct()
+c_gnulocate.load(gnulocate_def)
+
+
+class GNULocateFile:
+    """locate file parser
+
+    Multiple formats exist for the locatedb file. This class only supports the most recent version ``LOCATE02``.
+
+    The file is encoded with front compression (incremental encoding). This is a form of compression
+    which takes a number of characters of the previous encoded entries. Entries are separated with a null byte.
+
+    Resources:
+        - https://manpages.ubuntu.com/manpages/trusty/en/man5/locatedb.5.html
+    """
+
+    def __init__(self, fh: BinaryIO):
+        self.fh = fh
+        self.count = 0
+        self.previous_path = ""
+
+        magic = int.from_bytes(self.fh.read(10), byteorder="big")
+        if magic != c_gnulocate.MAGIC:
+            raise ValueError(f"Invalid Locate file magic. Expected /x00LOCATE02/x00, got {magic}")
+
+    def __iter__(self) -> Iterable[GNULocateFile]:
+        try:
+            while True:
+                # NOTE: The offset could be negative, which indicates
+                # that we decrease the number of characters of the previous path.
+                entry = c_gnulocate.entry(self.fh)
+                current_filepath_end = entry.path.decode(errors="backslashreplace")
+                offset = entry.offset
+
+                self.count += offset
+
+                path = self.previous_path[0 : self.count] + current_filepath_end
+                self.previous_path = path
+                yield path
+        except EOFError:
+            return
+
+
+class GNULocatePlugin(BaseLocatePlugin):
+    __namespace__ = "gnulocate"
+
+    path = "/var/cache/locate/locatedb"
+
+    def check_compatible(self) -> None:
+        if not self.target.fs.path(self.path).exists():
+            raise UnsupportedPluginError(f"No locatedb file found at {self.path}")
+
+    @export(record=GNULocateRecord)
+    def locate(self) -> GNULocateRecord:
+        """Yield file and directory names from GNU findutils' locatedb file.
+
+        Resources:
+            - https://manpages.debian.org/testing/locate/locatedb.5.en.html
+        """
+        locate_fh = self.target.fs.path(self.path).open()
+        locate_file = GNULocateFile(locate_fh)
+
+        for path in locate_file:
+            yield GNULocateRecord(path=self.target.fs.path(path), source=self.path)

dissect/target/plugins/os/unix/locate/locate.py

@@ -0,0 +1,5 @@
+from dissect.target.plugin import NamespacePlugin
+
+
+class BaseLocatePlugin(NamespacePlugin):
+    __namespace__ = "locate"

dissect/target/plugins/os/unix/locate/mlocate.py

@@ -0,0 +1,150 @@
+from __future__ import annotations
+
+from dataclasses import dataclass
+from datetime import datetime
+from typing import BinaryIO, Iterable, Iterator
+
+from dissect.cstruct import cstruct
+from dissect.util.ts import from_unix
+
+from dissect.target.exceptions import UnsupportedPluginError
+from dissect.target.helpers.record import TargetRecordDescriptor
+from dissect.target.plugin import export
+from dissect.target.plugins.os.unix.locate.locate import BaseLocatePlugin
+
+# Resources: https://linux.die.net/man/5/locate.db
+mlocate_def = """
+#define MAGIC 0x006d6c6f63617465             /* b'/x00mlocate' */
+
+struct header_config {
+    int32 conf_size;
+    int8 version;                            /* file format version */
+    int8 require_visibility;
+    int8 pad[2];                             /* 32-bit total alignment */
+    char root_database;
+    char config_block[conf_size];
+    int8 pad;
+};
+
+enum DBE_TYPE: uint8 {                       /* database entry type */
+    FILE         = 0x0,                      /* file */
+    DIRECTORY    = 0x1,                      /* directory */
+    END          = 0x2                       /* end of directory */
+};
+
+struct directory_entry {
+    /* time is the 'maximum of st_ctime and
+       st_mtime of the directory' according to docs */
+    int64 time_seconds;
+    int32 time_nanoseconds;
+    int32 padding;
+    char path[];
+};
+
+struct entry {
+    char path[];
+};
+"""
+
+
+@dataclass
+class MLocate:
+    ts: datetime
+    ts_ns: int
+    parent: str
+    path: str
+    dbe_type: str
+
+
+MLocateRecord = TargetRecordDescriptor(
+    "linux/locate/mlocate",
+    [
+        ("datetime", "ts"),
+        ("varint", "ts_ns"),
+        ("path", "parent"),
+        ("path", "path"),
+        ("string", "type"),
+        ("string", "source"),
+    ],
+)
+
+c_mlocate = cstruct(endian=">")
+c_mlocate.load(mlocate_def)
+
+
+class MLocateFile:
+    """mlocate file parser
+
+    Resources:
+        - https://manpages.debian.org/testing/mlocate/mlocate.db.5.en.html
+    """
+
+    def __init__(self, fh: BinaryIO):
+        self.fh = fh
+
+        magic = int.from_bytes(self.fh.read(8), byteorder="big")
+        if magic != c_mlocate.MAGIC:
+            raise ValueError(f"Invalid mlocate file magic. Expected b'x00mlocate', got {magic}")
+
+        self.header = c_mlocate.header_config(self.fh)
+
+    def _parse_directory_entries(self) -> Iterator[str, c_mlocate.entry]:
+        while (dbe_type := c_mlocate.DBE_TYPE(self.fh)) != c_mlocate.DBE_TYPE.END:
+            entry = c_mlocate.entry(self.fh)
+            dbe_type = "file" if dbe_type == c_mlocate.DBE_TYPE.FILE else "directory"
+
+            yield dbe_type, entry
+
+    def __iter__(self) -> Iterable[MLocateFile]:
+        while True:
+            try:
+                directory_entry = c_mlocate.directory_entry(self.fh)
+                parent = directory_entry.path.decode()
+
+                for dbe_type, file_entry in self._parse_directory_entries():
+                    file_path = file_entry.path.decode()
+
+                    yield MLocate(
+                        ts=from_unix(directory_entry.time_seconds),
+                        ts_ns=directory_entry.time_nanoseconds,
+                        parent=parent,
+                        path=file_path,
+                        dbe_type=dbe_type,
+                    )
+            except EOFError:
+                return
+
+
+class MLocatePlugin(BaseLocatePlugin):
+    __namespace__ = "mlocate"
+
+    path = "/var/lib/mlocate/mlocate.db"
+
+    def check_compatible(self) -> None:
+        if not self.target.fs.path(self.path).exists():
+            raise UnsupportedPluginError(f"No mlocate.db file found at {self.path}")
+
+    @export(record=MLocateRecord)
+    def locate(self) -> Iterator[MLocateRecord]:
+        """Yield file and directory names from mlocate.db file.
+
+        ``mlocate`` is a new implementation of GNU locate,
+        but has been deprecated since Ubuntu 22.
+
+        Resources:
+            - https://manpages.debian.org/testing/mlocate/mlocate.db.5.en.html
+        """
+        mlocate_fh = self.target.fs.path(self.path).open()
+        mlocate_file = MLocateFile(mlocate_fh)
+
+        for item in mlocate_file:
+            parent = self.target.fs.path(item.parent)
+            yield MLocateRecord(
+                ts=item.ts,
+                ts_ns=item.ts_ns,
+                parent=parent,
+                path=parent.joinpath(item.path),
+                type=item.dbe_type,
+                source=self.path,
+                _target=self.target,
+            )

dissect/target/plugins/os/unix/locate/plocate.py

@@ -0,0 +1,189 @@
+from __future__ import annotations
+
+import platform
+import sys
+from io import BytesIO
+from typing import BinaryIO, Iterable
+
+from dissect.cstruct import cstruct
+from dissect.util.stream import RangeStream
+
+from dissect.target.exceptions import UnsupportedPluginError
+from dissect.target.helpers.record import TargetRecordDescriptor
+from dissect.target.plugin import export
+from dissect.target.plugins.os.unix.locate.locate import BaseLocatePlugin
+
+try:
+    import zstandard  # noqa
+
+    HAS_ZSTD = True
+except ImportError:
+    HAS_ZSTD = False
+
+# Resource: https://git.sesse.net/?p=plocate @ db.h
+plocate_def = """
+#define MAGIC 0x00706c6f63617465             /* b'/x00plocate' */
+
+struct header {
+    uint32_t version;
+    uint32_t hashtable_size;
+    uint32_t extra_ht_slots;
+    uint32_t num_docids;
+    uint64_t hash_table_offset_bytes;
+    uint64_t filename_index_offset_bytes;
+
+    /* Version 1 and up only. */
+    uint32_t max_version;
+    uint32_t zstd_dictionary_length_bytes;
+    uint64_t zstd_dictionary_offset_bytes;
+
+    /* Only if max_version >= 2, and only relevant for updatedb. */
+    uint64_t directory_data_length_bytes;
+    uint64_t directory_data_offset_bytes;
+    uint64_t next_zstd_dictionary_length_bytes;
+    uint64_t next_zstd_dictionary_offset_bytes;
+    uint64_t conf_block_length_bytes;
+    uint64_t conf_block_offset_bytes;
+
+    uint8_t check_visibility;
+    char padding[7];                         /* padding for alignment */
+};
+
+struct file {
+    char path[];
+};
+"""
+
+PLocateRecord = TargetRecordDescriptor(
+    "linux/locate/plocate",
+    [
+        ("path", "path"),
+        ("path", "source"),
+    ],
+)
+
+c_plocate = cstruct()
+c_plocate.load(plocate_def)
+
+
+class PLocateFile:
+    """plocate file parser
+
+    The ``plocate.db`` file contains a hashtable and trigrams to enable quick lookups of filenames.
+
+    We've implemented a few methods to gather those for possible future use, but for the PLocatePlugin
+    we're only interested in the filepaths stored in the database. Hence we don't use these methods.
+
+    Roughly speaking, the plocate.db file has the following structure:
+        - ``header`` (0x70 bytes)
+        - zstd compressed ``filename``s (until start of ``filename_index_offset_bytes``),
+          possibly including a dictionary
+        - hashtables (offset and length in ``header``)
+        - directory data (offset and length in ``header``)
+        - possible zstd dictionary (offset and length in ``header``)
+        - configuration block (offset and length in ``header``)
+
+    No documentation other than the source code is available on the format of this file.
+
+    Resources:
+        - https://git.sesse.net/?p=plocate
+    """
+
+    HEADER_SIZE = 0x70  # 0x8 bytes magic + 0x68 bytes header
+    NUM_OVERFLOW_SLOTS = 16
+    TRIGRAM_SIZE_BYTES = 16
+    DOCID_SIZE_BYTES = 8
+
+    def __init__(self, fh: BinaryIO):
+        self.fh = fh
+
+        magic = int.from_bytes(self.fh.read(8), byteorder="big")
+        if magic != c_plocate.MAGIC:
+            raise ValueError(f"Invalid plocate file magic. Expected b'/x00plocate', got {magic}")
+
+        self.header = c_plocate.header(self.fh)
+        self.dict_data = None
+
+        if self.header.zstd_dictionary_offset_bytes:
+            self.dict_data = zstandard.ZstdCompressionDict(self.fh.read(self.header.zstd_dictionary_length_bytes))
+
+        self.compressed_length_bytes = (
+            self.header.filename_index_offset_bytes - self.HEADER_SIZE - self.header.zstd_dictionary_length_bytes
+        )
+        self.ctx = zstandard.ZstdDecompressor(dict_data=self.dict_data)
+        self.buf = RangeStream(self.fh, self.fh.tell(), self.compressed_length_bytes)
+
+    def __iter__(self) -> Iterable[PLocateFile]:
+        # NOTE: This is a workaround for a PyPy 3.9 bug
+        # We don't know what breaks, but PyPy + zstandard = unhappy times
+        # You just get random garbage data back instead of the decompressed data
+        # This weird dance of using a decompressobj and unused data is the only way that seems to work
+        # It's more expensive on memory, but at least it doesn't break
+        if platform.python_implementation() == "PyPy" and sys.version_info < (3, 10):
+            obj = self.ctx.decompressobj()
+            buf = self.buf.read()
+
+            tmp = obj.decompress(buf)
+            while unused_data := obj.unused_data:
+                obj = self.ctx.decompressobj()
+                tmp += obj.decompress(unused_data)
+
+            reader = BytesIO(tmp)
+        else:
+            reader = self.ctx.stream_reader(self.buf)
+
+        with reader:
+            try:
+                while True:
+                    file = c_plocate.file(reader)
+                    yield file.path.decode(errors="surrogateescape")
+            except EOFError:
+                return
+
+    def filename_index(self) -> bytes:
+        """Return the filename index of the plocate.db file."""
+        self.fh.seek(self.header.filename_index_offset_bytes)
+        num_docids = self.header.num_docids
+        filename_index_size = num_docids * self.DOCID_SIZE_BYTES
+        return self.fh.read(filename_index_size)
+
+    def hashtable(self) -> bytes:
+        """Return the hashtable of the plocate.db file."""
+        self.fh.seek(self.header.hash_table_offset_bytes)
+        hashtable_size = (self.header.hashtable_size + self.NUM_OVERFLOW_SLOTS + 1) * self.TRIGRAM_SIZE_BYTES
+        return self.fh.read(hashtable_size)
+
+
+class PLocatePlugin(BaseLocatePlugin):
+    __namespace__ = "plocate"
+
+    path = "/var/lib/plocate/plocate.db"
+
+    def check_compatible(self) -> None:
+        if not self.target.fs.path(self.path).exists():
+            raise UnsupportedPluginError(f"No plocate.db file found at {self.path}")
+
+        if not HAS_ZSTD:
+            raise UnsupportedPluginError(
+                "Please install `python-zstandard` or `pip install zstandard` to use the PLocatePlugin"
+            )
+
+    @export(record=PLocateRecord)
+    def locate(self) -> PLocateRecord:
+        """Yield file and directory names from the plocate.db.
+
+        ``plocate`` is the default package on Ubuntu 22 and newer to locate files.
+        It replaces ``mlocate`` and GNU ``locate``.
+
+        Resources:
+            - https://manpages.debian.org/testing/plocate/plocate.1.en.html
+            - https://git.sesse.net/?p=plocate
+        """
+        plocate = self.target.fs.path(self.path)
+        plocate_file = PLocateFile(plocate.open())
+
+        for path in plocate_file:
+            yield PLocateRecord(
+                path=self.target.fs.path(path),
+                source=self.path,
+            )

{dissect.target-3.16.dev23.dist-info → dissect.target-3.16.dev25.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: dissect.target
-Version: 3.16.dev23
+Version: 3.16.dev25
 Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
 Author-email: Dissect Team <dissect@fox-it.com>
 License: Affero General Public License v3

{dissect.target-3.16.dev23.dist-info → dissect.target-3.16.dev25.dist-info}/RECORD

@@ -1,9 +1,9 @@
 dissect/target/__init__.py,sha256=Oc7ounTgq2hE4nR6YcNabetc7SQA40ldSa35VEdZcQU,63
 dissect/target/container.py,sha256=9ixufT1_0WhraqttBWwQjG80caToJqvCX8VjFk8d5F0,9307
 dissect/target/exceptions.py,sha256=VVW_Rq_vQinapz-2mbJ3UkxBEZpb2pE_7JlhMukdtrY,2877
-dissect/target/filesystem.py,sha256=aLkvZMgeah39Nhlscawh77cm2mzFYI9J5h3uT3Rigtc,53876
+dissect/target/filesystem.py,sha256=VuWp_nxaG5WI9xvhEjl0M6X37_sVdclzgt3pZvtZ3hE,53944
 dissect/target/loader.py,sha256=0-LcZNi7S0qsXR7XGtrzxpuCh9BsLcqNR1T15O7SnBM,7257
-dissect/target/plugin.py,sha256=ndqz4RpbBCN6wagCBvfHzHkL0l0-gnbHjc7c8Blite4,48473
+dissect/target/plugin.py,sha256=bwtTPASgJBUHBZ7Nr8eb5eXDOHMWfumduWj7loB0FP0,48605
 dissect/target/report.py,sha256=06uiP4MbNI8cWMVrC1SasNS-Yg6ptjVjckwj8Yhe0Js,7958
 dissect/target/target.py,sha256=xNJdecZSt2oHcZwf775kOSTFRA-c_hKoScXaDuK-8FI,32155
 dissect/target/volume.py,sha256=aQZAJiny8jjwkc9UtwIRwy7nINXjCxwpO-_UDfh6-BA,15801
@@ -25,6 +25,7 @@ dissect/target/filesystems/ad1.py,sha256=nEPzaaRsb6bL4ItFo0uLdmdLvrmK9BjqHeD3FOp
 dissect/target/filesystems/btrfs.py,sha256=5MBi193ZvclkEQcxDr_sDHfj_FYU_hyYNRL4YqpDu4M,6243
 dissect/target/filesystems/cb.py,sha256=6LcoJiwsYu1Han31IUzVpZVDTifhTLTx_gLfNpB_p6k,5329
 dissect/target/filesystems/config.py,sha256=C2JnzBzMqbAjchGFDwURItCeUY7uxkhw1Gen-6cGkAc,11432
+dissect/target/filesystems/cpio.py,sha256=ssVCjkAtLn2FqmNxeo6U5boyUdSYFxLWfXpytHYGPqs,641
 dissect/target/filesystems/dir.py,sha256=7GRvojL151_Vk9e3vqgZbWE3I8IL9bU6LUKc_xjk6D4,4050
 dissect/target/filesystems/exfat.py,sha256=PRkZPUVN5NlgB1VetFtywdNgF6Yj5OBtF5a25t-fFvw,5917
 dissect/target/filesystems/extfs.py,sha256=9Cke-H0CL-SPd3-xvdAgfc3YA5hYso0sq6hm0C9vGII,4640
@@ -46,7 +47,7 @@ dissect/target/helpers/configutil.py,sha256=t_UNvcWuMMT5C1tut_PgTwCnVUodf6RjhfXP
 dissect/target/helpers/cyber.py,sha256=Ki5oSU0GgQxjgC_yWoeieGP7GOY5blQCzNX7vy7Pgas,16782
 dissect/target/helpers/descriptor_extensions.py,sha256=uT8GwznfDAiIgMM7JKKOY0PXKMv2c0GCqJTCkWFgops,2605
 dissect/target/helpers/docs.py,sha256=J5U65Y3yOTqxDEZRCdrEmO63XQCeDzOJea1PwPM6Cyc,5146
-dissect/target/helpers/fsutil.py,sha256=jGinb11-w6TvbzH7z-9F6J09X5CY3_yxBoNsKxsFAXE,18637
+dissect/target/helpers/fsutil.py,sha256=NKwpAq_NlbFDvGGV9ahC5flPda_5jUBDqtF-Ch5ASDs,19543
 dissect/target/helpers/hashutil.py,sha256=SD24rcV_y0sBEl7M9T-isjm-VzJvCiTN2BoWMqAOAVI,2160
 dissect/target/helpers/keychain.py,sha256=wYH0sf7eaxP0bZTo80RF_BQMWulCWmIQ8Tzt9K5TSNQ,3611
 dissect/target/helpers/lazy.py,sha256=823VtmdWsbJyVZvNWopDhQdqq2i1xtj6b8IKfveboKw,1771
@@ -230,6 +231,11 @@ dissect/target/plugins/os/unix/linux/redhat/yum.py,sha256=kEvB-C2CNoqxSbgGRZiuo6
 dissect/target/plugins/os/unix/linux/suse/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/os/unix/linux/suse/_os.py,sha256=eaqgnkbunBJ2Hf_GE96THjfT3ybVIZvtWId-dx3JMV4,575
 dissect/target/plugins/os/unix/linux/suse/zypper.py,sha256=amepAWivvbHFt2AoJUHC8lIeuD5Iy8MFXTWKqTYAEqE,4142
+dissect/target/plugins/os/unix/locate/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+dissect/target/plugins/os/unix/locate/gnulocate.py,sha256=P-YbMFw901p2EBgTaZH6axShfIRRDrCx3APBy6Ii3lE,2934
+dissect/target/plugins/os/unix/locate/locate.py,sha256=uXFcWAqoz_3eNWHhsGoEtkkhmT5J3F1GYvr4uQxi308,122
+dissect/target/plugins/os/unix/locate/mlocate.py,sha256=DhrFgxDQF-fMZaA0WK8Z-5o9i9iDsuTHW7MHJtWwz6o,4485
+dissect/target/plugins/os/unix/locate/plocate.py,sha256=jUIqG-vD66hFn14SkQpJ2rfJnbtwOBMkJcaduWLtnlw,6591
 dissect/target/plugins/os/unix/log/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/os/unix/log/atop.py,sha256=UmaqdnSmE8AO8bEj4drGSc1HH2n4Pdlxpwfa7RgraIY,16314
 dissect/target/plugins/os/unix/log/audit.py,sha256=OjorWTmCFvCI5RJq6m6WNW0Lhb-poB2VAggKOGZUHK4,3722
@@ -325,10 +331,10 @@ dissect/target/volumes/luks.py,sha256=OmCMsw6rCUXG1_plnLVLTpsvE1n_6WtoRUGQbpmu1z
 dissect/target/volumes/lvm.py,sha256=wwQVR9I3G9YzmY6UxFsH2Y4MXGBcKL9aayWGCDTiWMU,2269
 dissect/target/volumes/md.py,sha256=j1K1iKmspl0C_OJFc7-Q1BMWN2OCC5EVANIgVlJ_fIE,1673
 dissect/target/volumes/vmfs.py,sha256=-LoUbn9WNwTtLi_4K34uV_-wDw2W5hgaqxZNj4UmqAQ,1730
-dissect.target-3.16.dev23.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
-dissect.target-3.16.dev23.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
-dissect.target-3.16.dev23.dist-info/METADATA,sha256=0sRgs6_clcf3PUsMUj5HEJkVmN398nl1HOMUtvwTe48,11113
-dissect.target-3.16.dev23.dist-info/WHEEL,sha256=oiQVh_5PnQM0E3gPdiz09WCNmwiHDMaGer_elqB3coM,92
-dissect.target-3.16.dev23.dist-info/entry_points.txt,sha256=tvFPa-Ap-gakjaPwRc6Fl6mxHzxEZ_arAVU-IUYeo_s,447
-dissect.target-3.16.dev23.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
-dissect.target-3.16.dev23.dist-info/RECORD,,
+dissect.target-3.16.dev25.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
+dissect.target-3.16.dev25.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
+dissect.target-3.16.dev25.dist-info/METADATA,sha256=dlfz79OtrmH132ugeqPIQsRDdu-FgcSqIbt0i1AdSgo,11113
+dissect.target-3.16.dev25.dist-info/WHEEL,sha256=oiQVh_5PnQM0E3gPdiz09WCNmwiHDMaGer_elqB3coM,92
+dissect.target-3.16.dev25.dist-info/entry_points.txt,sha256=tvFPa-Ap-gakjaPwRc6Fl6mxHzxEZ_arAVU-IUYeo_s,447
+dissect.target-3.16.dev25.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
+dissect.target-3.16.dev25.dist-info/RECORD,,