Created attachment 462178 [details] app-forensics/sleuthkit-4.1.3-r4.ebuild This is ebuild which I have prepared for Avidata Odzyskiwanie Danych (my polish data recovery company). It is modified official gentoo repository ebuild version with patch from spike overlay (external_type). I added libewf new version requirement and proper patch. It was checked on x86 and amd64 architecture, but it is "keyworded" as it is only proposition of ebuild. It works with new version of libewf signed as 20160424. Ebuild for this version of libewf library is solution of bug: https://bugs.gentoo.org/show_bug.cgi?id=547418 I was planning to correct virtual-support patch, from spike overlay, to work with libewf-20160424 but sleuthkit 4.4.0 was released two weeks ago. So I am switching to this branch now.
Created attachment 462180 [details, diff] sleuthkit-4.1.3-external_type.patch Patch from spike overlay used by sleuthkit-4.1.3-r4.ebuild
Created attachment 462182 [details, diff] sleuthkit-4.1.3-libewf-2016.patch Patch used by sleuthkit-4.1.3-r4.ebuild
the version 4.4 is released maybe upgrade and check?
I've recently released 4.4.2. Is this bug still valid?
As I have tried to compile new ebuild (with libewf-20160424) and got error: ../../tsk/.libs/libtsk.so: undefined reference to `libewf_handle_read_random' So, for libewf-20160424 the same patch is needed. I know that libewf-20170703 ebuild is in pentoo overlay, but I have not tested this version and 4.4.2 sleuthkit.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cf8e9d3b0a683e46d6d26d529f4c03b2f748cced commit cf8e9d3b0a683e46d6d26d529f4c03b2f748cced Author: Göktürk Yüksek <gokturk@gentoo.org> AuthorDate: 2018-04-04 11:10:50 +0000 Commit: Göktürk Yüksek <gokturk@gentoo.org> CommitDate: 2018-04-04 11:22:44 +0000 app-forensics/sleuthkit: unmask ewf USE flag for >=4.6.0 Starting with 4.6.0, we statically link sleuthkit to a locally complied libewf since it is getting tree-cleaned (#547418). Mask the USE flag in prior versions. See the commit message for the sleuthkit 4.6.0 bump for more details. This partially reverts commit 37d9e41ab5c6fb2031aefdeb7af72a7354472031. The mask was put in place without it being communicated to the maintainer. Bug: https://bugs.gentoo.org/547418 Bug: https://bugs.gentoo.org/607968 profiles/base/package.use.mask | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3bf2cef453d6ee0d6aece0e8e91a049d556e2687 commit 3bf2cef453d6ee0d6aece0e8e91a049d556e2687 Author: Göktürk Yüksek <gokturk@gentoo.org> AuthorDate: 2018-04-04 11:01:32 +0000 Commit: Göktürk Yüksek <gokturk@gentoo.org> CommitDate: 2018-04-04 11:22:40 +0000 app-forensics/sleuthkit: bump to 4.6.0 This bump starts to bundle libewf since app-forensics/libewf is about to get treecleaned (see #547418). The upstream only supports libewf version 20130128[0], which is not available in the tree. Because they haven't clarified the supported libewf versions until recently, we have been depending on any version and it's been causing build failures (see #607968). Although there are compatibility patches to support later versions of libewf in tsk, they are not supported by upstream. There's little to no expactation of tsk updating its code to use the latest libewf since they've forked the version 20130128[1]. In terms of stability, 20130128 was marked stable in Gentoo at some point[2]. There are no known security vulnerabilities. If in the future the upstream fork diverges, we can add it to the tree as a new package and establish a proper dependency relationship. Note though that the ewf USE flag is masked by treecleanears[3], so this change currently has no visible impact on users. [0] https://github.com/sleuthkit/sleuthkit/blob/sleuthkit-4.6.0/INSTALL.txt#L44 [1] https://github.com/sleuthkit/libewf_64bit [2] https://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/app-forensics/libewf/libewf-20130128.ebuild?revision=1.6&view=markup [3] https://gitweb.gentoo.org/repo/gentoo.git/tree/profiles/base/package.use.mask?id=f103062521b15cddc67a822a7a25640d3fbab76a#n65 Bug: https://bugs.gentoo.org/547418 Bug: https://bugs.gentoo.org/607968 Package-Manager: Portage-2.3.27, Repoman-2.3.9 app-forensics/sleuthkit/Manifest | 2 + app-forensics/sleuthkit/sleuthkit-4.6.0.ebuild | 229 +++++++++++++++++++++++++ 2 files changed, 231 insertions(+)}
As mentioned in the commit message, upstream only supports libewf 20130128. I don't see the point of trying to remain compatible with the later versions of libewf given upstream's stance on the issue. Closing as WONTFIX.