Bug 47096 - app-admin/sleuthkit-1.69 ebuild request
|
Bug#:
47096
|
Product: Gentoo Linux
|
Version: unspecified
|
Platform: All
|
|
OS/Version: All
|
Status: CLOSED
|
Severity: enhancement
|
Priority: P2
|
|
Resolution: TEST-REQUEST
|
Assigned To: dragonheart@gentoo.org
|
Reported By: rockoo@gmail.com
|
|
Component: Ebuilds
|
|
|
URL:
http://packages.debian.org/unstable/admin/sleuthkit
|
|
Summary: app-admin/sleuthkit-1.69 ebuild request
|
|
Keywords: EBUILD
|
|
Status Whiteboard:
|
|
Opened: 2004-04-07 07:37 0000
|
app-admin/sleuthkit-1.68 ebuild request
homepage:
http://www.sleuthkit.org/sleuthkit/
desc:
The Sleuth Kit is a collection of command line digital forensic tools. The tools run on Linux, OS X, FreeBSD, OpenBSD, and Solaris and can analyze FAT, NTFS, UFS, EXT2FS, and EXT3FS.
Autopsy requires SleuthKit
Daniel wanna try this ebuild too ?
It builds on sparc, installs without disturbing anything, and the programs seem
to run, so I'll mark it ~sparc. I'm not sure how to go about testing it, though.
bump to 1.69, which is what i put my ebuild in as.
version bumped to 1.69. Thanks Daniel. Appoligies for the oversight - good
ebuild btw.
>good ebuild btw.
Thanks! I feel special now. =D
*** Bug 50222 has been marked as a duplicate of this bug. ***
can not connect w/ autopsy-2.0 to sleuthkit-1.69 ... 1.68 works fine (x86)
<snip>
ERROR: Sleuth Kit file executable missing
</snap>
portion of sleuthkit-1.68 makefile:
no-perl:
cd src/misc; make "CC=$(CC)" MAKELEVEL=
cd src/hashtools; make "CC=$(CC)" MAKELEVEL=
cd src/fstools; make "CC=$(CC)" MAKELEVEL=
cd src/mmtools; make "CC=$(CC)" MAKELEVEL=
cd src/file; CC="$(CC)" sh ./install
same portion of sleuthkit-1.69 makefile:
no-perl:
cd src/misc; make "CC=$(CC)" MAKELEVEL=
cd src/hashtools; make "CC=$(CC)" MAKELEVEL=
cd src/fstools; make "CC=$(CC)" MAKELEVEL=
cd src/mmtools; make "CC=$(CC)" MAKELEVEL=
The sleuthkit guys took 'file' out 'no-perl'. My ebuild was made for 1.69 so it screwed up when using 1.68.
Add sys-apps/file to sleuthkit-1.69 and get everyone who emerge'd sleuthkit-1.68 to update and re-emerge sys-apps/file.
Ok - removed version 1.68.
I added sys-apps/file as a runtime dependancy of autopsy-2.00.
sys-apps/file isn't a depend on sleuthkit so I'm not going to put it there to fix the previous version. Looking at:
$ qpkg -f -v /usr/bin/file
app-arch/file-roller-2.4.4-r2 *
gnome-base/control-center-1.4.0.5-r1 *
net-fs/coda-6.0.3 *
sys-apps/file-4.06 *
this isn't the only overwriter of "file".
NOTE to peoples here who installed verions 1.68 of sleuthkit - please remerge sys-apps/file.
Test plan for ARCHters:
Step 1:
ils /dev/discs/disc0/part1
This will list inodes of removed files on the partion /dev/discs/disc0/part1
Step 2: Create copy of disk image (suggest /boot or something small)
dd if=/dev/discs/disc0/part1 of=/tmp/image
Step 3: istat test
istat /tmp/image {inodenum from step 1 - first column}
will list metadata about that node.
Please ingore my comments about other packages overwriting /usr/bin/file. This
is incorrect and a known qpkg bug #50157 that I based my information off.
