version available with new goodies (features) and bug fixes. Also include compile system changes (hopefully) for the better
*** Bug 152574 has been marked as a duplicate of this bug. ***
Created attachment 108762 [details] Ebuild sleuthkit-2.07.ebuild Since mid-december version 2.07 is out. I think sleuthkit should be upgraded at least to 2.04, since AFF and Encase image files support is a great feature. I've modified the patch to add dbtool binary (I've add new options to dbtool.c to be more consistent with the other tools).
Created attachment 108763 [details, diff] Support for dbtool added to sleuthkit-2.07
thanks - will look at this soon
I ran the ebuild once more, and it failed because ranlib did not finished with libtsk.a before this library was used in linking. I've just added MAKEOPTS="${MAKEOPTS} -j1" to the ebuild to get rid of this.
successful install here: app-forensics/sleuthkit selected: 2.03 protected: 2.07 omitted: none
thanks. Added 2.08
Many thanks, but... it was about sleuthkit (the tools to do the job) rather than autopsy (the front-end) ;) By the way, can you do something for Afflib: http://bugs.gentoo.org/show_bug.cgi?id=123175 These are tools to compress (by block to remain usable) disk images. sleuthkit can read them since 2.04 but does not produce them.
opps - two web pages open and put the entry in the wrong bug report. I haven't added sleuthkit because it is failing for me: could be a parallel make issue as per comment #5. Haven't had time to look through it. i686-pc-linux-gnu-g++ -DLINUX2 -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -DVER=\"2.07\" -I../auxtools -I../imgtools -ggdb3 -g -o ../../bin/jcat jcat.o -L../../lib -ltsk -lz -lcrypto i686-pc-linux-gnu-gcc -DLINUX2 -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -DVER=\"2.07\" -I../auxtools -I../imgtools -ggdb3 -g -c -o dbtool.o dbtool.c make: *** No rule to make target `-L../../lib', needed by `../../bin/dbtool'. Stop. make: *** Waiting for unfinished jobs.... dbtool.c: In function 'print_inode': dbtool.c:431: error: 'FS_FLAG_FILE_NOABORT' undeclared (first use in this function) dbtool.c:431: error: (Each undeclared identifier is reported only once dbtool.c:431: error: for each function it appears in.) dbtool.c: In function 'main': dbtool.c:589: error: 'progname' undeclared (first use in this function) dbtool.c:655: warning: passing argument 2 of 'img_open' makes integer from pointer without a cast dbtool.c:655: warning: passing argument 3 of 'img_open' makes pointer from integer without a cast dbtool.c:655: error: too many arguments to function 'img_open' dbtool.c:659: warning: passing argument 2 of 'fs_open' makes integer from pointer without a cast dbtool.c:659: error: too few arguments to function 'fs_open' dbtool.c:674: warning: passing argument 2 of 'fs_open' makes integer from pointer without a cast dbtool.c:674: error: too few arguments to function 'fs_open' make: *** [dbtool.o] Error 1 make[1]: *** [defs] Error 2 make[1]: Leaving directory `/var/tmp/portage/app-forensics/sleuthkit-2.07/work/sleuthkit-2.07/src/fstools' make: *** [no-perl] Error 2
Have you tried the original patch (shipped with 2.03) or the one I provided to replace it (dbtool is not part of sleuthkit it's an add-on included in the patch) ? FS_FLAG_FILE_NOABORT is not defined anymore, just remove it. progname is no more a global variable since 2.06 img_open and fs_open prototypes have changed (offset added to fs_open as second argument)
Hi, here is a cleaned 2.08 ebuild with a "dbtool" USEflag, the dbtool patch, the patch against Makefiles for make -j*, another patch against fscheck.c to resolve trouble caused by -j8 :), updated src_install(), removed useless and buggy src_test(), cleaned src_unpack(), and added !RDEP against dstat (see bug 131268) Note that the Makefiles are not very compliant with a massively parallel compilation. Daniel, I can bump it into the tree if you are OK.
Created attachment 115977 [details] Ebuild for sleuthkit 2.08
Created attachment 115978 [details, diff] Patch against makefiles for -j2 or more
Created attachment 115980 [details, diff] Patch (optional) against fscheck.c which has not been upgraded to the new definitions
Created attachment 115981 [details] Dbtool from PyFlag 0.84RC2 and ported to the new sleuthkit interfaces
bumped, feel free to reopen if there is something wrong