subject:"\[ITP\] sleuthkit 4.12.1"

Re: [ITP] sleuthkit 4.12.1

2024-03-02 Thread Christian Franke via Cygwin-apps


Hi Marco,

Marco Atzeri via Cygwin-apps wrote:

On 02/03/2024 13:05, Christian Franke via Cygwin-apps wrote:
I would like to contribute sleuthkit. Also present in Debian, Fedora, 
Ubuntu, ...


SUMMARY="Tools for analysis of volume and filesystem data"

DESCRIPTION="The Sleuth Kit (TSK) is a collection of command line tools
for disk images.  It allows to analyze volume and filesystem data,
examine disk layout, recover deleted files, etc.  Many partition and
filesystem formats are supported."

libtsk_SUMMARY="${SUMMARY} (runtime)"

libtsk_devel_SUMMARY="${SUMMARY} (development)"


I'm not sure about the LICENSE string:

LICENSE="CPL-1.0 AND GPL-2.0-or-later"

The license/README.md file mentions a bunch of licenses, see comment 
in cygport file. CPL-1.0 is the main license, one separate tool uses 
GPL-2.0-or-later.



The source package supports reproducible builds except for 
libtsk-devel (timestamps in *.a files).


Hi Christian,

usually we do no distribute static library


Didn't know, sorry. Makes plenty of sense, at least to prevent that 
other packages accidentally link to the static lib.





Any reason here ?


No, static lib removed.



except that GTG

$ git diff |grep "^+"
+++ b/cygwin-pkg-maint
+sleuthkit    Christian Franke



Thanks,
Christian

Re: [ITP] sleuthkit 4.12.1

2024-03-02 Thread Marco Atzeri via Cygwin-apps


On 02/03/2024 13:05, Christian Franke via Cygwin-apps wrote:
I would like to contribute sleuthkit. Also present in Debian, Fedora, 
Ubuntu, ...


SUMMARY="Tools for analysis of volume and filesystem data"

DESCRIPTION="The Sleuth Kit (TSK) is a collection of command line tools
for disk images.  It allows to analyze volume and filesystem data,
examine disk layout, recover deleted files, etc.  Many partition and
filesystem formats are supported."

libtsk_SUMMARY="${SUMMARY} (runtime)"

libtsk_devel_SUMMARY="${SUMMARY} (development)"


I'm not sure about the LICENSE string:

LICENSE="CPL-1.0 AND GPL-2.0-or-later"

The license/README.md file mentions a bunch of licenses, see comment in 
cygport file. CPL-1.0 is the main license, one separate tool uses 
GPL-2.0-or-later.



The source package supports reproducible builds except for libtsk-devel 
(timestamps in *.a files).


Hi Christian,

usually we do no distribute static library

Any reason here ?

except that GTG

$ git diff |grep "^+"
+++ b/cygwin-pkg-maint
+sleuthkitChristian Franke

Regards
Marco

[ITP] sleuthkit 4.12.1

2024-03-02 Thread Christian Franke via Cygwin-apps

I would like to contribute sleuthkit. Also present in Debian, Fedora, 
Ubuntu, ...


SUMMARY="Tools for analysis of volume and filesystem data"

DESCRIPTION="The Sleuth Kit (TSK) is a collection of command line tools
for disk images.  It allows to analyze volume and filesystem data,
examine disk layout, recover deleted files, etc.  Many partition and
filesystem formats are supported."

libtsk_SUMMARY="${SUMMARY} (runtime)"

libtsk_devel_SUMMARY="${SUMMARY} (development)"


I'm not sure about the LICENSE string:

LICENSE="CPL-1.0 AND GPL-2.0-or-later"

The license/README.md file mentions a bunch of licenses, see comment in 
cygport file. CPL-1.0 is the main license, one separate tool uses 
GPL-2.0-or-later.



The source package supports reproducible builds except for libtsk-devel 
(timestamps in *.a files).


Abbreviated list of files:

sleuthkit-4.12.1-1.tar.xz:
usr/bin/blkcalc.exe
usr/bin/blkcat.exe
usr/bin/blkls.exe
usr/bin/blkstat.exe
usr/bin/fcat.exe
usr/bin/ffind.exe
usr/bin/fiwalk.exe
usr/bin/fls.exe
usr/bin/fsstat.exe
usr/bin/hfind.exe
usr/bin/icat.exe
usr/bin/ifind.exe
usr/bin/ils.exe
usr/bin/img_cat.exe
usr/bin/img_stat.exe
usr/bin/istat.exe
usr/bin/jcat.exe
usr/bin/jls.exe
usr/bin/jpeg_extract.exe
usr/bin/mactime
usr/bin/mmcat.exe
usr/bin/mmls.exe
usr/bin/mmstat.exe
usr/bin/pstat.exe
usr/bin/sigfind.exe
usr/bin/sorter
usr/bin/srch_strings.exe
usr/bin/tsk_comparedir.exe
usr/bin/tsk_gettimes.exe
usr/bin/tsk_imageinfo.exe
usr/bin/tsk_loaddb.exe
usr/bin/tsk_recover.exe
usr/bin/usnjls.exe
usr/share/doc/sleuthkit/*
usr/share/man/man1/*
usr/share/tsk/sorter/*.sort

libtsk-4.12.1-1.tar.xz:
usr/bin/cygtsk-19.dll

libtsk-devel-4.12.1-1.tar.xz:
usr/include/tsk/*
usr/lib/libtsk.a
usr/lib/libtsk.dll.a
usr/lib/pkgconfig/tsk.pc
usr/share/doc/sleuthkit/samples/*.cpp



Real world use case: Check whether the SSD TRIM command actually works:

$ # Create a test file (> ~3*256B to prevent resident file)
$ printf 'Line %s\n' {0001..0100} > trim_check

$ # Get full path of file
$ cygpath -am trim_check
D:/tmp/trim_check

$ # Find raw device of partition
$ grep D: /proc/partitions # or: ls -l /dev/disk/by-drive/d
    8    20 629145944 sdb4   D:\

$ # Find inode (here: $MFT index) of file
$ ifind -n /tmp/trim_check /dev/sdb4
339065

$ # Find cluster(s) used by inode
$ istat /dev/sdb4 339065
...
Name: TRIM_C~1
...
Name: trim_check
...
Type: $DATA (128-4)   Name: N/A   Non-Resident size: 1000  init_size: 1000
7876740

$ # Read cluster (assumes 4KiB cluster size, could be checked with fsstat)
$ dd if=/dev/sdb4 bs=4096 count=1 skip=7876740 iflag=direct status=none 
| cat -A

Line 0001$
Line 0002$
...

$ # Remove file, flush buffers and wait
$ rm trim_check; sync; sleep 10

$ # Re-read cluster
$ dd if=/dev/sdb4 bs=4096 count=1 skip=7876740 iflag=direct status=none | od
000 00 00 00 00 00 00 00 00
*
001

$ echo "TRIM works!"
TRIM works!


--
Regards,
Christian




# cygport script for sleuthkit
NAME=sleuthkit
VERSION=4.12.1
RELEASE=1
SOURCE_DATE="2024-03-02 11:00:00 UTC"

SUMMARY="Tools for analysis of volume and filesystem data"

DESCRIPTION="The Sleuth Kit (TSK) is a collection of command line tools
for disk images.  It allows to analyze volume and filesystem data,
examine disk layout, recover deleted files, etc.  Many partition and
filesystem formats are supported."

LICENSE="CPL-1.0 AND GPL-2.0-or-later"
# Licenses mentioned in licenses/README.md:
# Apache-2.0 # case-uco/*, win32/rejistry++/* (code not used)
# BSD-3-Clause   # samples/*, tsk/fs/lzvn.c
# CPL-1.0# The Sleuth Kit (TSK) license
# GPL-2.0-or-later   # tools/srchtools/srch_strings.c
# GPL-3.0-or-later   # m4/ax_pthread.m4 (... WITH Autoconf-exception-3.0)
# IPL-1.0# The Coroner's Toolkit (TCT) license
# ISC# tools/fiwalk/src/base64.*
# "public domain"# tools/fiwalk/*, tsk/base/sha1.c
# MIT# tsk/auto/guid.cpp
# RSA-MD # tsk/base/md5c.c
# "Unicode"  # tsk/base/tsk_unicode.*

CATEGORY="Utils"
PKG_NAMES="sleuthkit libtsk libtsk-devel"

REQUIRES="" # libgcc1 libstdc++6 libtsk perl-DateTime-TimeZone perl_base
libtsk_REQUIRES="" # libgcc1 libsqlite3_0 libstdc++6 zlib0
libtsk_devel_REQUIRES="" # libtsk pkg-config
BUILD_REQUIRES="
  binutils cygwin-devel gcc-g++ gzip libsqlite3-devel perl_base zlib-devel
" # make

HOMEPAGE="https://www.sleuthkit.org/sleuthkit/;
SRC_URI="https://github.com/sleuthkit/sleuthkit/releases/download/${P}/${P}.tar.gz;

libtsk_SUMMARY="${SUMMARY} (runtime)"
libtsk_DESCRIPTION="${DESCRIPTION}  
This package contains the runtime library for sleuthkit."

libtsk_devel_SUMMARY="${SUMMARY} (development)"
libtsk_devel_DESCRIPTION="${DESCRIPTION}  
This package contains the development files for libtsk."

sleuthkit_CONTENTS="
--exclude=usr/bin/cygtsk-*.dll
--exclude=usr/share/doc/${PN}/samples
usr/bin
usr/share
"
libtsk_CONTENTS="

Re: [ITP] sleuthkit 4.12.1

Re: [ITP] sleuthkit 4.12.1

[ITP] sleuthkit 4.12.1

3 matches

Site Navigation

Mail list logo

Footer information