=============================== What's changed, how to upgrade? =============================== v0.20.0 ------- This release mostly fixes the bugs found in v0.19.0. The new addition is an experimental "Extract archive" option for guest-side archive extraction using Expand-Archive or 7-Zip installed on guest VM. It works well, but it's still WIP so it's not yet documented and may change in the future. This version was tested using `DRAKVUF v1.1-f619440 `_. Complete changelog can be found here: `v0.20.0 changelog `_. v0.19.0 ------- v0.19.0 is a complete rewrite compared to v0.18.x. That's why it's recommended to start from scratch and bring up a new instance. Not everything changed though and you may still try to reuse your guest disk image or parts of your previous configuration. Here the list of the most crucial changes comparing to v0.18.x: - There is no built-in Karton integration. The main interface for interacting with sandbox is Web UI/API. - Analyses are by default stored locally in ``/var/lib/drakrun/analyses``. S3 integration is optional. - There is no ``drakplayground``. Former ``draksetup`` CLI command is now ``drakrun`` and comes with a rich toolset for configuration and debugging. - Volume structure has not changed, so if you use e.g. qcow2 backend, you will still find ``vm-0.img`` in ``/var/lib/drakrun/volumes``. ``snapshot.sav`` is still there as well. - ``/etc/drakrun`` changes: - ``config.ini`` is now ``config.toml``. Configuration structure changed significantly, so you can't apply previous configuration file directly. - XL template is moved from ``scripts/cfg.template`` to ``cfg.template``. There is an additional serial port device that is required for drakshell. - VNC password was moved from ``cfg.template`` to ``install.json``. ``install.json`` should keep all variables that are applied on ``cfg.template`` - There is no ``configs`` dir, generated configurations are moved to ``/var/lib/drakrun/configs`` and should not be changed by user. - Analysis files structure is a bit different: - There are no `apicall` and `index` directories. Per-process logs are indexed using ``log_index`` file. It's a binary file so if you want to check its structure, check the ``drakrun.analyzer.postprocessing.indexer`` module. - ``dumps.zip`` doesn't contain ``.metadata`` files. More information about dumps can be found in ``metadata.json`` and ``report.json`` files - S3 directories are additionally prefixed with the first 4 letters of the UUID ``0/f/2/9/0f29ae1f-322a-496a-a79e-92d3a859053d/<...>`` and we call it "hash pathing", because same thing is done in MWDB S3 integration. Some S3 backends map the object name directly to the file-system hierarchy, so this naming highly increases S3 operation performance. - Other files should follow the same convention as in previous versions. - Drakvuf Sandbox Web UI and API changed a lot, but API is documented in ``http:///openapi/swagger``