First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 145405
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Forensics Herd <forensics@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Daniel Black <dragonheart@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:

Filename Description Type Creator Created Size Actions
sleuthkit-2.07.ebuild Ebuild sleuthkit-2.07.ebuild text/plain Olivier Castan 2007-01-31 16:31 0000 1.66 KB Details
sleuthkit-2.07_dbtool.patch Support for dbtool added to sleuthkit-2.07 patch Olivier Castan 2007-01-31 16:33 0000 28.07 KB Details | Diff
sleuthkit-2.08.ebuild Ebuild for sleuthkit 2.08 text/plain Raphael Marichez 2007-04-11 16:50 0000 1.23 KB Details
sleuthkit-makefiles_fix.patch Patch against makefiles for -j2 or more patch Raphael Marichez 2007-04-11 16:51 0000 3.97 KB Details | Diff
sleuthkit-fscheck.c_fix.patch Patch (optional) against fscheck.c which has not been upgraded to the new definitions patch Raphael Marichez 2007-04-11 16:52 0000 2.80 KB Details | Diff
sleuthkit-2.08_dbtool.patch.bz2 Dbtool from PyFlag 0.84RC2 and ported to the new sleuthkit interfaces application/octet-stream Raphael Marichez 2007-04-11 16:54 0000 8.84 KB Details
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 145405 depends on: Show dependency tree
Show dependency graph
Bug 145405 blocks:
Votes: 0    Show votes for this bug    Vote for this bug

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2006-08-28 14:07 0000 
version available with new goodies (features) and bug fixes. Also include
compile system changes (hopefully) for the better

------- Comment #1 From Jakub Moc (RETIRED) 2006-10-23 11:16:06 0000 ------- 
*** Bug 152574 has been marked as a duplicate of this bug. ***

------- Comment #2 From Olivier Castan 2007-01-31 16:31:38 0000 ------- 
Created an attachment (id=108762) [edit]
Ebuild sleuthkit-2.07.ebuild

Since mid-december version 2.07 is out. I think sleuthkit should be upgraded at
least to 2.04, since AFF and Encase image files support is a great feature.
I've modified the patch to add dbtool binary (I've add new options to dbtool.c
to be more consistent with the other tools).

------- Comment #3 From Olivier Castan 2007-01-31 16:33:12 0000 ------- 
Created an attachment (id=108763) [edit]
Support for dbtool added to sleuthkit-2.07

------- Comment #4 From Daniel Black 2007-01-31 21:26:19 0000 ------- 
thanks - will look at this soon

------- Comment #5 From Olivier Castan 2007-02-01 11:36:55 0000 ------- 
I ran the ebuild once more, and it failed because ranlib did not finished with
libtsk.a before this library was used in linking. I've just added
MAKEOPTS="${MAKEOPTS} -j1" to the ebuild to get rid of this.

------- Comment #6 From Ed Wiget 2007-02-04 18:21:24 0000 ------- 
successful install here:

 app-forensics/sleuthkit
    selected: 2.03
   protected: 2.07
     omitted: none

------- Comment #7 From Daniel Black 2007-02-05 21:06:37 0000 ------- 
thanks. Added 2.08

------- Comment #8 From Olivier Castan 2007-02-06 09:27:59 0000 ------- 
Many thanks, but... it was about sleuthkit (the tools to do the job) rather
than autopsy (the front-end) ;)
By the way, can you do something for Afflib:
http://bugs.gentoo.org/show_bug.cgi?id=123175
These are tools to compress (by block to remain usable) disk images. sleuthkit
can read them since 2.04 but does not produce them.

------- Comment #9 From Daniel Black 2007-02-06 10:57:45 0000 ------- 
opps - two web pages open and put the entry in the wrong bug report.

I haven't added sleuthkit because it is failing for me:
could be a parallel make issue as per comment #5. Haven't had time to look
through it.

i686-pc-linux-gnu-g++ -DLINUX2 -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE
-DVER=\"2.07\" -I../auxtools -I../imgtools  -ggdb3 -g -o ../../bin/jcat jcat.o
-L../../lib -ltsk -lz -lcrypto
i686-pc-linux-gnu-gcc -DLINUX2 -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE
-DVER=\"2.07\" -I../auxtools -I../imgtools  -ggdb3 -g   -c -o dbtool.o dbtool.c
make: *** No rule to make target `-L../../lib', needed by `../../bin/dbtool'. 
Stop.
make: *** Waiting for unfinished jobs....
dbtool.c: In function 'print_inode':
dbtool.c:431: error: 'FS_FLAG_FILE_NOABORT' undeclared (first use in this
function)
dbtool.c:431: error: (Each undeclared identifier is reported only once
dbtool.c:431: error: for each function it appears in.)
dbtool.c: In function 'main':
dbtool.c:589: error: 'progname' undeclared (first use in this function)
dbtool.c:655: warning: passing argument 2 of 'img_open' makes integer from
pointer without a cast
dbtool.c:655: warning: passing argument 3 of 'img_open' makes pointer from
integer without a cast
dbtool.c:655: error: too many arguments to function 'img_open'
dbtool.c:659: warning: passing argument 2 of 'fs_open' makes integer from
pointer without a cast
dbtool.c:659: error: too few arguments to function 'fs_open'
dbtool.c:674: warning: passing argument 2 of 'fs_open' makes integer from
pointer without a cast
dbtool.c:674: error: too few arguments to function 'fs_open'
make: *** [dbtool.o] Error 1
make[1]: *** [defs] Error 2
make[1]: Leaving directory
`/var/tmp/portage/app-forensics/sleuthkit-2.07/work/sleuthkit-2.07/src/fstools'
make: *** [no-perl] Error 2

------- Comment #10 From Olivier Castan 2007-02-06 16:23:08 0000 ------- 
Have you tried the original patch (shipped with 2.03) or the one I provided to
replace it (dbtool is not part of sleuthkit it's an add-on included in the
patch) ?
FS_FLAG_FILE_NOABORT is not defined anymore, just remove it.
progname is no more a global variable since 2.06
img_open and fs_open prototypes have changed (offset added to fs_open as second
argument)

------- Comment #11 From Raphael Marichez 2007-04-11 16:49:05 0000 ------- 
Hi, here is a cleaned 2.08 ebuild with a "dbtool" USEflag, the dbtool patch,
the patch against Makefiles for make -j*, another patch against fscheck.c to
resolve trouble caused by -j8 :), updated src_install(), removed useless and
buggy src_test(), cleaned src_unpack(), and added !RDEP against dstat (see bug
131268)

Note that the Makefiles are not very compliant with a massively parallel
compilation.



Daniel, I can bump it into the tree if you are OK.

------- Comment #12 From Raphael Marichez 2007-04-11 16:50:48 0000 ------- 
Created an attachment (id=115977) [edit]
Ebuild for sleuthkit 2.08

------- Comment #13 From Raphael Marichez 2007-04-11 16:51:35 0000 ------- 
Created an attachment (id=115978) [edit]
Patch against makefiles for -j2 or more

------- Comment #14 From Raphael Marichez 2007-04-11 16:52:24 0000 ------- 
Created an attachment (id=115980) [edit]
Patch (optional) against fscheck.c which has not been upgraded to the new
definitions

------- Comment #15 From Raphael Marichez 2007-04-11 16:54:35 0000 ------- 
Created an attachment (id=115981) [edit]
Dbtool from PyFlag 0.84RC2 and ported to the new sleuthkit interfaces

------- Comment #16 From Raphael Marichez 2007-04-11 22:22:23 0000 ------- 
bumped, feel free to reopen if there is something wrong
First Last Prev Next    No search results available      Search page      Enter new bug