Comment 1 Martin Holzer (RETIRED) 2004-04-27 09:08:57 UTC

Daniel wanna try this ebuild too ?

Created attachment 30200 [details]
sleuthkit-1.69.ebuild

ACK! Sleuthkit and Autopsy were obviously not made for distros. >.<

Comment 3 Daniel Black (RETIRED) 2004-05-05 22:06:02 UTC

Committed to cvs.

Arch test requested - debian lists this package as unstable on all archs/

http://packages.debian.org/unstable/admin/sleuthkit

Comment 4 Ferris McCormick (RETIRED) 2004-05-06 05:05:50 UTC

It builds on sparc, installs without disturbing anything, and the programs seem
to run, so I'll mark it ~sparc.  I'm not sure how to go about testing it, though.

Comment 5 Michael McCabe (RETIRED) 2004-05-06 07:15:33 UTC

Installs on s390

bump to 1.69, which is what i put my ebuild in as.

Comment 7 Daniel Black (RETIRED) 2004-05-06 13:46:31 UTC

version bumped to 1.69. Thanks Daniel. Appoligies for the oversight - good ebuild btw.

>good ebuild btw.
Thanks! I feel special now. =D

*** Bug 50222 has been marked as a duplicate of this bug. ***

can not connect w/ autopsy-2.0 to sleuthkit-1.69 ... 1.68 works fine (x86)

<snip>
ERROR: Sleuth Kit file executable missing
</snap>

portion of sleuthkit-1.68 makefile:

no-perl:
        cd src/misc; make "CC=$(CC)" MAKELEVEL=
        cd src/hashtools; make "CC=$(CC)" MAKELEVEL=
        cd src/fstools; make "CC=$(CC)" MAKELEVEL=
        cd src/mmtools; make "CC=$(CC)" MAKELEVEL=
        cd src/file; CC="$(CC)" sh ./install


same portion of sleuthkit-1.69 makefile:

no-perl:
        cd src/misc; make "CC=$(CC)" MAKELEVEL=
        cd src/hashtools; make "CC=$(CC)" MAKELEVEL=
        cd src/fstools; make "CC=$(CC)" MAKELEVEL=
        cd src/mmtools; make "CC=$(CC)" MAKELEVEL=

The sleuthkit guys took 'file' out 'no-perl'.  My ebuild was made for 1.69 so it screwed up when using 1.68.

Add sys-apps/file to sleuthkit-1.69 and get everyone who emerge'd sleuthkit-1.68 to update and re-emerge sys-apps/file.

Comment 12 Daniel Black (RETIRED) 2004-05-06 21:29:33 UTC

Ok - removed version 1.68.
I added sys-apps/file as a runtime dependancy of autopsy-2.00.

sys-apps/file isn't a depend on sleuthkit so I'm not going to put it there to fix the previous version. Looking at:

$ qpkg -f -v /usr/bin/file
app-arch/file-roller-2.4.4-r2 *
gnome-base/control-center-1.4.0.5-r1 *
net-fs/coda-6.0.3 *
sys-apps/file-4.06 *

this isn't the only overwriter of "file".

NOTE to peoples here who installed verions 1.68 of sleuthkit - please remerge sys-apps/file.

Test plan for ARCHters:
Step 1:
ils /dev/discs/disc0/part1

This will list inodes of removed files on the partion /dev/discs/disc0/part1

Step 2: Create copy of disk image (suggest /boot or something small)

dd if=/dev/discs/disc0/part1 of=/tmp/image

Step 3: istat test
istat /tmp/image {inodenum from step 1 - first column}

will list metadata about that node.

Comment 13 Daniel Black (RETIRED) 2004-05-06 22:35:09 UTC

Please ingore my comments about other packages overwriting /usr/bin/file. This is incorrect and a known qpkg bug #50157 that I based my information off.

Comment 14 Guy Martin (RETIRED) 2004-05-12 09:29:38 UTC

Marked stable on hppa.