Skip to content

Building

Joachim Metz edited this page Jul 13, 2022 · 9 revisions

Read first

GitHub will offer you the download options "Source code (zip)" and "Source code (tar.gz)". These are copies of the source, as-is, in the git repository and not suited for distribution. Instead it is highly recommend to use the provided source distribution package, which contains all the necessary dependencies.

Introduction

The libevtx source code can be build with different compilers:

Or directly packaged with different package managers:

Getting the source

Source distribution package

To retrieve the source distribution package go to the downloads page and download the file named:

libevtx-alpha-<version>.tar.gz

To extract the source distribution package run:

tar xfv libevtx-alpha-<version>.tar.gz

This will create the source directory:

libevtx-<version>

Git

Note that the git repository holds the development version of the source code.

If you are not developing it is recommended that you download a source distribution package instead.

To retrieve the source from the git repository make sure to install:

  • git
  • aclocal
  • autoconf
  • automake
  • autopoint or gettextize
  • libtoolize
  • pkg-config

To download and prepare the source for building run:

git clone https://github.com/libyal/libevtx.git
cd libevtx/
./synclibs.sh
./autogen.sh

The source from the git repository will not work without synchronizing the library dependencies "./synclibs.sh" and having the autotools generate the necessary files "./autogen.sh".

Debian/Ubuntu

On Debian based Linux distributions such as Ubuntu install the following packages:

sudo apt install git autoconf automake autopoint libtool pkg-config

Fedora

On Fedora based Linux distributions install the following packages:

sudo dnf install git autoconf automake gettext-devel libtool pkg-config

macOS

On macOS the XCode command line tools no longer provide the autotools you can obtain them e.g. via MacPorts. Install the following packages:

sudo port install git autoconf automake gettext libtool pkgconfig

Microsoft Visual Studio

Since Microsoft Visual Studio does not come with a Unix shell or equivalent you'll need to use the Windows PowerShell scripts instead:

git clone https://github.com/libyal/libevtx.git
cd libevtx\
.\synclibs.ps1
.\autogen.ps1

Using GNU Compiler Collection (GCC)

Before you build the libevtx source code using the GNU Compiler Collection (GCC) you'll need to have compilation and build tools installed.

  • On a Linux system make sure you have build-essential (Debian-based) or the Development Tools (RedHat-based) packages installed.
  • On a macOS system make sure you have XCode (with command line tools) or MacPorts (or equivalent) installed.

To build the libevtx source code change into the source directory and run the following commands:

./configure
make

You can install the binaries that were build by running:

sudo make install

By default this will install the binaries in /usr/local. If you want to change this to e.g. /usr, add the configuration option --prefix=/usr, e.g.

./configure --prefix=/usr

On Linux make sure libevtx.so is in the library cache. Normally it suffices to run:

sudo ldconfig

Verbose and debug output

To troubleshoot issues or for low-level format analysis libevtx supports verbose and debug output.

To enable verbose and debug output support add --enable-verbose-output and --enable-debug-output to configure, e.g.

./configure --enable-verbose-output --enable-debug-output

This will generate vast amounts of debug information on stderr when the tools are run with -v.

Static library

To make a static library add --enable-shared=no to configure, .e.g:

./configure --enable-shared=no

Static executables

Some distributions provide separate packages for static versions of libraries. Make sure you have a static versions of:

  • glibc

To make static executables add --enable-static-executables=yes to configure, .e.g:

./configure --enable-static-executables=yes

Check if the executables can be run.

Disable multi-thread support with --enable-multi-threading-support=no if you get an error similar to:

libcthreads_read_write_lock_grab_for_write: unable to lock read/write lock for write with error: Deadlock condition detected.

Python-bindings

To compile the Python-bindings you'll need the Python development files.

Make sure that on:

  • a Linux machine, you have python3-dev (Debian-based) or python3-devel (RedHat-based) installed.
  • a macOS machine, XCode if you're using a different Python source tree see macOS notes below.

Adding --enable-python when running ./configure will enable the Python-bindings to be build.

./configure --enable-python

Cygwin

If you want to use Cygwin to build libevtx make sure to have the following packages installed:

  • autoconf
  • automake
  • binutils
  • gcc-core
  • gcc-g++
  • gettext-devel
  • libiconv
  • libtool
  • make
  • pkg-config

After following the GNU Compiler Collection (GCC) build instructions you should end up with the following DLL:

libevtx/.libs/cygevtx-0.dll

And the following executables:

evtxtools/.libs/evtxexport.exe
evtxtools/.libs/evtxinfo.exe

Using the DLL

Make sure you use define LIBEVTX_DLL_IMPORT before including <libevtx.h>.

To be able to use the DLL on other systems than the build system you'll also need to provide:

  • cygwin1.dll

macOS

libtoolize

If you find that libtoolize is missing use glibtoolize instead.

Python-bindings

macOS comes with multiple platform specific build Python versions. If you install a different version of Python on macOS make sure that when building and running the Python-bindings you're using the correct version otherwise it will likely result in one of the following errors:

Fatal Python error: Interpreter not initialized (version mismatch?)
Fatal Python error: PyThreadState_Get: no current thread

To build against a specific version you can tell configure where to look:

CFLAGS=-I/Library/Frameworks/Python.framework/Versions/2.7/include/ \
LDFLAGS=-L/Library/Frameworks/Python.framework/Versions/2.7/lib/ \
./configure --enable-python --with-pyprefix

Adding --with-pyprefix tells configure to use Python to determine where to install the Python-bindings.

Sun Solaris

To build libevtx on Sun Solaris make sure that /usr/ccs/bin and /usr/sfw/bin are defined in the PATH environment variable.

Using Minimalist GNU for Windows (MinGW)

To compile libevtx using MinGW you'll need:

  • MinGW

To build use:

mingw32-configure --prefix=/opt/local/i386-mingw32 --enable-winapi=yes
mingw32-make

It is recommended that you use WINAPI support but it is possible to compile libevtx without it (--enable-winapi=no). The default behavior is that configure will try to auto-detect MinGW and enable WINAPI support.

If mingw32-configure and mingw32-make are not available you can build it with:

./configure --host=i386-mingw32 --prefix=/opt/local/i386-mingw32 --enable-winapi=yes
make

If this does not work try a script similar to the following:

#!/bin/sh
CC=/opt/local/bin/i386-mingw32-gcc
CXX=/opt/local/bin/i386-mingw32-g++
AR=/opt/local/bin/i386-mingw32-ar
OBJDUMP=/opt/local/bin/i386-mingw32-objdump
RANLIB=/opt/local/bin/i386-mingw32-ranlib
STRIP=/opt/local/bin/i386-mingw32-strip
MINGWFLAGS="-mwin32 -mconsole -march=i586 "
CFLAGS="$MINGWFLAGS"
CXXFLAGS="$MINGWFLAGS"

CC=$CC CXX=$CXX AR=$AR OBJDUMP=$OBJDUMP RANLIB=$RANLIB STRIP=$STRIP ./configure --host=i586-mingw32msvc --prefix=/opt/local/i386-mingw32 --enable-winapi=yes
CC=$CC CXX=$CXX AR=$AR OBJDUMP=$OBJDUMP RANLIB=$RANLIB STRIP=$STRIP CFLAGS="$CFLAGS" CXXFLAGS="$CXXFLAGS" make

If you get compiler errors like:

#error WINAPI file open function for Windows 2000 or earlier NOT implemented yet

That means WINVER is not set or set to a version predating Windows XP (0x0501) and you'll have to set WINVER manually like:

CFLAGS=-DWINVER=0x0501 ./configure --host=i386-mingw32 --enable-winapi=yes

You should end up with the following DLL:

libevtx/.libs/libevtx-1.dll

And the following executables:

evtxtools/.libs/evtxexport.exe
evtxtools/.libs/evtxinfo.exe

To install libevtx and tools in the MinGW build tree use:

sudo make install

Using the DLL

Make sure you use define LIBEVTX_DLL_IMPORT before including <libevtx.h>.

To be able to use the DLL on other systems than the build system you'll also need to provide:

  • libgcc_s_dw2-1.dll (or equivalent)

Troubleshooting

While running make I get an error similar to the following:

libclocale_locale.c: In function 'libclocal_local_get_decimal_point':
libclocale_locale.c:357:2: warning implicit declaration of function 'GetLocaleInfoEx' [-Wimplicit-function-declaration]
libclocale_locale.c:358:7: error: 'LOCALE_NAME_USER_DEFAULT' undeclared (first use in this function)
libclocale_locale.c:358:7: note: each undeclared identifier is reported only once for every function it appears in

The version of MinGW does not support a WINAPI version of Vista or later (0x0600) try setting WINVER to 0x0501.

Using Microsoft Visual Studio

Before you build libevtx using Microsoft Visual Studio you'll need to have it installed. The libevtx packages comes with Microsoft Visual Studio files for version 2008. Version 2010 is able to convert these files into its newer versions.

The Microsoft Visual Studio express version is sufficient. Note that if you want to build 64-bit version with the express version you'll need at least 2010. Also see the section: Microsoft Visual Studio 2010 express and 64-bit compilation.

Note that if you want to build libevtx from source checked out of git with Visual Studio make sure the autotools are able to make a distribution package of libevtx before trying to build it. You can create distribution package by running: "make dist".

Verbose and debug output

To troubleshoot issues or for low-level format analysis libevtx supports verbose and debug output.

To enable verbose and debug output support edit:

common\config_winapi.h

Add the following definitions:

#define HAVE_VERBOSE_OUTPUT     1
#define HAVE_DEBUG_OUTPUT       1

Python-bindings

To compile the pyevtx Python-bindings you'll need the Python development files which are part of the Python.org Windows installer package.

The Microsoft Visual Studio files are configured to look in:

C:\Python2.7\

If you want to have the Python development files in a different location you'll have to change the pyevtx Microsoft Visual Studio settings.

Note that the VSDebug build of the Python-bindings will fail since the Python development files do not come with python2.7_d.lib.

If you do not intend to build the Python-bindings you can safely ignore build errors regarding: pyevtx.

Building

Open the file:

msvscpp\libevtx.sln

Note that the project files contain a Release and VSDebug configuration. The VSDebug builds the binaries with debug information. Note that this is not the same as debug output.

Make sure to check if your build environment defines the correct WINVER for your build. The code uses WINAPI version specific functions based on WINVER. You can define a custom WINVER in the Microsoft Visual Studio C++ project files or in common\config_winapi.h

And build the solution. The build files will be places in:

msvscpp\Release\

Using MSBuild

Another way to build libevtx with Visual Studio is to use MSBuild via the command line. MSBuild can be installed as part of the Microsoft.NET Framework.

First set-up the Visual Studio variables:

C:\Program Files\Microsoft Visual Studio 9.0\VC\bin\vcvars32.bat

Next run MSBuild:

msbuild msvscpp\libevtx.sln /p:Configuration=Release;Platform=Win32

Using the DLL

Make sure you use define LIBEVTX_DLL_IMPORT before including <libevtx.h>.

To be able to use the DLL on other systems than the build system you'll also need to provide:

  • the Microsoft Visual C++ Run-Time DLL (part of the Visual C++ Redistributable package)

64-bit with Microsoft Visual Studio express

To build a 64-bit version of libevtx with Microsoft Visual Studio express you'll need at least the 2010 version.

Microsoft Visual Studio express 2010 and later

First make sure to enabling 64-bit compilation support on Microsoft Visual Studio. For Visual Studio 2010 express this can be a tedious process, some relevant links:

If you have set up Visual Studio correctly the following should work:

Go to:

Configuration manager -> Active solution platform

Select "<New>"

  • Type or select the new platform: "x64"
  • Copy settings from: "Win32"
  • Create new project platforms: enabled

Additionally for every project change:

Configuration Properties -> General -> Platform Toolset

Into "Windows7.1SDK" or equivalent.

msvscpp-convert script

If you've Python installed on your Visual Studio build machine you can try running msvscpp-convert to convert the Visual Studio 2008 solution files to 2010 format and add the x64 settings for you with the option --extend-with-x64.

msvscpp-convert.py --extend-with-x64 --output-format 2010 msvscpp\libevtx.sln

This will create a subdirectory named vs2010 which contains the Visual Studio 2010 solution files.

Using Debian package tools (DEB)

To build libevtx using the Debian package tools make sure you have the following packages installed:

sudo apt install autotools-dev build-essential debhelper dh-autoreconf dh-python fakeroot pkg-config python3-dev python3-setuptools

If you downloaded the source using git make sure to run ./configure at least once to generate the dpkg packaging files.

To build the Debian packages change into the source directory and run:

cp -rf dpkg debian
dpkg-buildpackage -rfakeroot

This will create the following files in the parent directory:

libevtx_<version>-1_<arch>.deb
libevtx-dev_<version>-1_<arch>.deb
libevtx-python3_<version>-1_<arch>.deb
libevtx-tools_<version>-1_<arch>.deb

To install, e.g. the library:

sudo dpkg -i libevtx_<version>-1_<arch>.deb

Troubleshooting

dpkg-source: error: can't build with source format '3.0 (quilt)': no upstream tarball' found at ../libevtx-<version>.orig.tar.{bz2,gz,lzma,xz}

This means dpkg-buildpackage cannot find the source distribution package. Make sure it is provided as:

../libevtx-<version>.orig.tar.gz

Using RedHat package tools (RPM)

To build libevtx using the RedHat package tools make sure you have the following packages installed:

dnf install rpm-build python3-devel

To build:

mv libevtx-alpha-<version>.tar.gz libevtx-<version>.tar.gz
rpmbuild -ta libevtx-<version>.tar.gz

This will create the following files in the rpmbuild directory:

~/rpmbuild/RPMS/<arch>/libevtx-<version>-1.<arch>.rpm
~/rpmbuild/RPMS/<arch>/libevtx-devel-<version>-1.<arch>.rpm
~/rpmbuild/RPMS/<arch>/libevtx-python3-<version>-1.<arch>.rpm
~/rpmbuild/RPMS/<arch>/libevtx-tools-<version>-1.<arch>.rpm
~/rpmbuild/SRPMS/libevtx-<version>-1.src.rpm

To install, e.g. the library:

sudo rpm -ivh libevtx-<version>-1.<arch>.rpm

Using macOS pkgbuild

pkgbuild can be used to create a macOS package.

The following instructions show how to build libevtx.pkg and libevtx.dmg from the command line.

First build libevtx:

./configure --prefix=/usr/local --enable-python --with-pyprefix
make

For System Integrity Protection "/usr/local" is used instead of "/usr".

Next install the build files using DESTDIR

make install DESTDIR=$PWD/tmp

This will make sure that library paths in the dylib file is set correctly for distribution. This is not the case when you use:

./configure --prefix=$PWD/tmp --enable-python --with-pyprefix

You can check the library paths in the dylib by running:

otool -LT tmp/usr/lib/libevtx.1.dylib

After running "make install" the binaries are installed in:

$PWD/tmp/

If you are planning to distribute libevtx.pkg make sure it contains a copy of LGPL license:

mkdir -p $PWD/tmp/usr/share/doc/libevtx
cp AUTHORS COPYING COPYING.LESSER NEWS README $PWD/tmp/usr/share/doc/libevtx

To create the package (directory):

pkgbuild --root $PWD/tmp --identifier com.github.libyal.libevtx --version <version> --ownership recommended ../libevtx-<version>.pkg

To create a distributable disk image:

hdiutil create ../libevtx-<version>.dmg -srcfolder ../libevtx-<version>.pkg -fs HFS+

Using setup.py

setup.py can be used to create a Python-binding only build.

python setup.py build
sudo python setup.py install

For more details see:

python setup.py --help