Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 47096 - app-admin/sleuthkit-1.69 ebuild request
Summary: app-admin/sleuthkit-1.69 ebuild request
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All All
: High enhancement (vote)
Assignee: Daniel Black (RETIRED)
Keywords: EBUILD
: 50222 (view as bug list)
Depends on:
Blocks: 47097
  Show dependency tree
Reported: 2004-04-07 07:37 UTC by Daniel Webert
Modified: 2004-09-23 05:34 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

sleuthkit-1.69.ebuild (sleuthkit-1.69.ebuild,815 bytes, text/plain)
2004-04-27 17:39 UTC, Daniel Fullmer

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Webert 2004-04-07 07:37:18 UTC
app-admin/sleuthkit-1.68 ebuild request


The Sleuth Kit is a collection of command line digital forensic tools. The tools run on Linux, OS X, FreeBSD, OpenBSD, and Solaris and can analyze FAT, NTFS, UFS, EXT2FS, and EXT3FS.

Autopsy requires SleuthKit
Comment 1 Martin Holzer (RETIRED) gentoo-dev 2004-04-27 09:08:57 UTC
Daniel wanna try this ebuild too ?
Comment 2 Daniel Fullmer 2004-04-27 17:39:34 UTC
Created attachment 30200 [details]

ACK! Sleuthkit and Autopsy were obviously not made for distros. >.<
Comment 3 Daniel Black (RETIRED) gentoo-dev 2004-05-05 22:06:02 UTC
Committed to cvs.

Arch test requested - debian lists this package as unstable on all archs/
Comment 4 Ferris McCormick (RETIRED) gentoo-dev 2004-05-06 05:05:50 UTC
It builds on sparc, installs without disturbing anything, and the programs seem
to run, so I'll mark it ~sparc.  I'm not sure how to go about testing it, though.
Comment 5 Michael McCabe (RETIRED) gentoo-dev 2004-05-06 07:15:33 UTC
Installs on s390
Comment 6 Daniel Fullmer 2004-05-06 10:05:08 UTC
bump to 1.69, which is what i put my ebuild in as.
Comment 7 Daniel Black (RETIRED) gentoo-dev 2004-05-06 13:46:31 UTC
version bumped to 1.69. Thanks Daniel. Appoligies for the oversight - good ebuild btw.
Comment 8 Daniel Fullmer 2004-05-06 14:41:53 UTC
>good ebuild btw.
Thanks! I feel special now. =D
Comment 9 Daniel Webert 2004-05-06 18:22:35 UTC
*** Bug 50222 has been marked as a duplicate of this bug. ***
Comment 10 Daniel Webert 2004-05-06 18:41:58 UTC
can not connect w/ autopsy-2.0 to sleuthkit-1.69 ... 1.68 works fine (x86)

ERROR: Sleuth Kit file executable missing
Comment 11 Daniel Fullmer 2004-05-06 19:26:17 UTC
portion of sleuthkit-1.68 makefile:

        cd src/misc; make "CC=$(CC)" MAKELEVEL=
        cd src/hashtools; make "CC=$(CC)" MAKELEVEL=
        cd src/fstools; make "CC=$(CC)" MAKELEVEL=
        cd src/mmtools; make "CC=$(CC)" MAKELEVEL=
        cd src/file; CC="$(CC)" sh ./install

same portion of sleuthkit-1.69 makefile:

        cd src/misc; make "CC=$(CC)" MAKELEVEL=
        cd src/hashtools; make "CC=$(CC)" MAKELEVEL=
        cd src/fstools; make "CC=$(CC)" MAKELEVEL=
        cd src/mmtools; make "CC=$(CC)" MAKELEVEL=

The sleuthkit guys took 'file' out 'no-perl'.  My ebuild was made for 1.69 so it screwed up when using 1.68.

Add sys-apps/file to sleuthkit-1.69 and get everyone who emerge'd sleuthkit-1.68 to update and re-emerge sys-apps/file.
Comment 12 Daniel Black (RETIRED) gentoo-dev 2004-05-06 21:29:33 UTC
Ok - removed version 1.68.
I added sys-apps/file as a runtime dependancy of autopsy-2.00.

sys-apps/file isn't a depend on sleuthkit so I'm not going to put it there to fix the previous version. Looking at:

$ qpkg -f -v /usr/bin/file
app-arch/file-roller-2.4.4-r2 *
gnome-base/control-center- *
net-fs/coda-6.0.3 *
sys-apps/file-4.06 *

this isn't the only overwriter of "file".

NOTE to peoples here who installed verions 1.68 of sleuthkit - please remerge sys-apps/file.

Test plan for ARCHters:
Step 1:
ils /dev/discs/disc0/part1

This will list inodes of removed files on the partion /dev/discs/disc0/part1

Step 2: Create copy of disk image (suggest /boot or something small)

dd if=/dev/discs/disc0/part1 of=/tmp/image

Step 3: istat test
istat /tmp/image {inodenum from step 1 - first column}

will list metadata about that node.
Comment 13 Daniel Black (RETIRED) gentoo-dev 2004-05-06 22:35:09 UTC
Please ingore my comments about other packages overwriting /usr/bin/file. This is incorrect and a known qpkg bug #50157 that I based my information off.
Comment 14 Guy Martin (RETIRED) gentoo-dev 2004-05-12 09:29:38 UTC
Marked stable on hppa.