feat: AFF4 mounting (logical + disk) — supersedes the aff4-mount scaffold#4
Merged
Conversation
Declare the aff4 0.2 dep + feature (default) and its test-helpers dev-dep. Add FsType::Aff4Disk / Aff4Logical (+ Display/FromStr) and a stubbed detect_aff4(&Path) that refines a ZIP-detected file into its AFF4 shape (AFF4 has no magic bytes). Three tests (disk, logical, non-AFF4) driven by aff4::testutil fail (unimplemented); implementation follows. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
detect_aff4 calls aff4::container_kind and maps Disk/Encrypted → FsType::Aff4Disk (encrypted refused at open) and Logical → FsType::Aff4Logical; non-AFF4 files return None. All three detection tests pass; clippy/fmt clean. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
New fs_aff4 module: Aff4ForensicFs skeleton (stubbed) over ArchiveTree, plus three tests driven by aff4::testutil's test_aff4_logical fixture builder (list + read a file byte-identical, a sliced range read, fs_info). map_err handles Aff4Error's non_exhaustive variants. All three fail (unimplemented); implementation follows. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Aff4ForensicFs::open enumerates LogicalContainer entries into an ArchiveTree (splitting each original_file_name, trimming the "./" prefix, synthesising parent dirs); read_range resolves the entry and slices the inflated bytes (AFF4-Logical has no positioned read). All three testutil-oracle tests pass; clippy/fmt clean. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Auto-detected ZIP files are refined via detect_aff4 (AFF4 has no magic). Two arms: Aff4Logical opens Aff4ForensicFs directly from the path (AD1-like); Aff4Disk opens aff4::Aff4Reader (Read+Seek), re-detects the inner filesystem, and mounts it via build_filesystem (EWF/VMDK-like). A forced --fs is respected as-is. Binary builds; clippy/fmt clean. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Commit an 863-byte AFF4-Logical fixture (aff4::testutil, verified to read back through Aff4ForensicFs), copied by gen-fixtures.sh and asserted by the `aff4` row (hello.txt = "hello from aff4"). The AFF4 disk shape isn't smoke-fixtured — the test writer is single-chunk and can't wrap a real inner FS; its Aff4Reader is tier-1 validated in the aff4 crate and its mount path is the EWF/VMDK glue. Provenance in tests/data/README.md. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
ADR 0002 captures why AFF4 mounts as two shapes (Logical via Aff4ForensicFs, Disk via Aff4Reader→inner FS), why detection uses the new upstream aff4::container_kind (AFF4 has no magic bytes), how encryption is refused, and why the disk shape relies on tier-1 upstream validation rather than a synthetic smoke fixture. Supersedes the aff4-integration handoff. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Mount AFF4 (Advanced Forensic Format 4) images. Implemented fully with strict TDD, replacing the scaffold-only
aff4-mountbranch (which declared only the dep + a plan).Upstream first — added
aff4::container_kind()(published aff4 0.2.1): AFF4 is a ZIP with no magic bytes, so this readsinformation.turtleonce to classify Disk/Logical/Encrypted. Validated tier-1 (real EvimetryBase-Linear.aff4→ Disk,encrypted-linear-password.aff4→ Encrypted) + tier-2 (testutil).4n6mount
FsType::Aff4Disk/Aff4Logical;detect_aff4refines an auto-detected ZIP viacontainer_kind.fs_aff4(RED→GREEN):Aff4ForensicFsmounts AFF4-Logical (AD1-like) overArchiveTree, validated byte-identical againstaff4::testutil.Aff4Reader(Read+Seek) → re-detects inner FS →build_filesystem(EWF/VMDK-like). Encrypted refused loudly.Test
Local: 208 lib + 10 integration green; clippy
-D warnings+ fmt clean;cargo denygreen withaff4 0.2.1.🤖 Generated with Claude Code