Re: Need help for libtsk/sleuthkit
On Tue, Mar 17 2020, Jeremie Courreges-Anglas wrote: > +cc sleuthkit maintainer > > On Tue, Mar 17 2020, Remi Pointel wrote: >> On 2020-03-16 10:25, Remi Pointel wrote: >>> Hi, >>> >>> I need to update sleuthkit for the new version of plaso. >>> >>> Attached is the updated version of sleuthkit. It builds fine, but if >>> I run the regress tests of the py-tsk port it segfaults on the libtsk. >>> >>> If I add LDFLAGS="-lstdc++", it works fine but it's not the good way >>> to fix it. >>> >>> Any idea? >>> >>> To test: build & install the sleuthkit port attached, and make test in >>> the py-tsk port attached. > > So the issue is that libtsk.so isn't linked against c++ support > libraries. The problem already happens in -current, > patches/patch-configure_ac tried to fix archs that don't have libstdc++ > but it breaks loading libtsk.so from non-c++ programs. > > Here's an updated diff that uses the appropriate libtool magic to force > linking with a c++ library. It also refreshes SHARED_LIBS (the major > bump appears warranted, says check_sym). Note the AUTORECONF line, > I did not uncomment it since the default worked fine. > > With this updated diff and your py-tsk update, the py-tsk tests succeed > on amd64. [...] > Index: patches/patch-tsk_Makefile_am > === > RCS file: patches/patch-tsk_Makefile_am > diff -N patches/patch-tsk_Makefile_am > --- /dev/null 1 Jan 1970 00:00:00 - > +++ patches/patch-tsk_Makefile_am 17 Mar 2020 13:13:31 - > @@ -0,0 +1,17 @@ > +$OpenBSD$ > + > +Tell libtool to link libtsk as a C++ library. > + > +Index: tsk/Makefile.am > +--- tsk/Makefile.am.orig > tsk/Makefile.am > +@@ -4,6 +4,9 @@ SUBDIRS = base img vs fs hashdb auto pool util > + # Merge the libraries into one > + lib_LTLIBRARIES = libtsk.la > + libtsk_la_SOURCES = > ++# hack to force linkage with a c++ compiler > ++# > https://www.gnu.org/software/automake/manual/html_node/Libtool-Convenience-Libraries.html > ++nodist_EXTRA_libtsk_la_SOURCES = dummy.cc Upstream may prefer dummy.cpp, that's the extension used for C++ files in the rest of the tarball. -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
Re: Need help for libtsk/sleuthkit
+cc sleuthkit maintainer
On Tue, Mar 17 2020, Remi Pointel wrote:
> On 2020-03-16 10:25, Remi Pointel wrote:
>> Hi,
>>
>> I need to update sleuthkit for the new version of plaso.
>>
>> Attached is the updated version of sleuthkit. It builds fine, but if
>> I run the regress tests of the py-tsk port it segfaults on the libtsk.
>>
>> If I add LDFLAGS="-lstdc++", it works fine but it's not the good way
>> to fix it.
>>
>> Any idea?
>>
>> To test: build & install the sleuthkit port attached, and make test in
>> the py-tsk port attached.
So the issue is that libtsk.so isn't linked against c++ support
libraries. The problem already happens in -current,
patches/patch-configure_ac tried to fix archs that don't have libstdc++
but it breaks loading libtsk.so from non-c++ programs.
Here's an updated diff that uses the appropriate libtool magic to force
linking with a c++ library. It also refreshes SHARED_LIBS (the major
bump appears warranted, says check_sym). Note the AUTORECONF line,
I did not uncomment it since the default worked fine.
With this updated diff and your py-tsk update, the py-tsk tests succeed
on amd64.
? sleuthkit-4.8.0.log
Index: Makefile
===
RCS file: /cvs/ports/sysutils/sleuthkit/Makefile,v
retrieving revision 1.27
diff -u -p -r1.27 Makefile
--- Makefile14 Jul 2019 00:39:40 - 1.27
+++ Makefile17 Mar 2020 13:13:31 -
@@ -2,11 +2,10 @@
COMMENT= forensic toolkit based on TCT
-DISTNAME= sleuthkit-4.6.0
+DISTNAME= sleuthkit-4.8.0
CATEGORIES=sysutils security
-REVISION= 2
-SHARED_LIBS += tsk 1.0 # 17.0
+SHARED_LIBS += tsk 2.0 # 20.0
HOMEPAGE= http://www.sleuthkit.org/
@@ -17,25 +16,34 @@ PERMIT_PACKAGE= Yes
MASTER_SITES =
https://github.com/sleuthkit/sleuthkit/releases/download/${DISTNAME}/
-WANTLIB += c m pthread ${COMPILER_LIBCXX} sqlite3 z
+WANTLIB += bfio c m pthread ${COMPILER_LIBCXX} sqlite3 vhdi vmdk z
COMPILER = base-clang ports-gcc
AUTOCONF_VERSION = 2.69
-CONFIGURE_STYLE = autoconf
+AUTOMAKE_VERSION = 1.15
+CONFIGURE_STYLE = autoreconf
+#AUTORECONF = ${WRKSRC}/framework/bootstrap
CONFIGURE_ARGS += --mandir='${PREFIX}/man' \
--disable-java \
--without-afflib \
--without-libewf
-CONFIGURE_ENV =ac_cv_path_CPPUNIT_CONFIG=no
+CONFIGURE_ENV =ac_cv_path_CPPUNIT_CONFIG=no \
+ ac_cv_header_postgresql_libpq_fe_h=no
RUN_DEPENDS = converters/p5-DateManip
-LIB_DEPENDS = databases/sqlite3
+LIB_DEPENDS = databases/sqlite3 \
+ devel/libbfio \
+ sysutils/libvhdi \
+ sysutils/libvmdk
NO_TEST = Yes
pre-configure:
@sed -i 's:%%PREFIX%%:${PREFIX}:' ${WRKSRC}/man/sorter.1
+
+post-install:
+ mv ${PREFIX}/bin/pstat ${PREFIX}/bin/pstat.sleuthkit
.include
Index: distinfo
===
RCS file: /cvs/ports/sysutils/sleuthkit/distinfo,v
retrieving revision 1.13
diff -u -p -r1.13 distinfo
--- distinfo14 Mar 2018 12:39:17 - 1.13
+++ distinfo17 Mar 2020 13:13:31 -
@@ -1,2 +1,2 @@
-SHA256 (sleuthkit-4.6.0.tar.gz) = 9SoIqw3geBgsDy0Z0+GzQUJKngwWM6YcO4kvs4+ay5c=
-SIZE (sleuthkit-4.6.0.tar.gz) = 8634432
+SHA256 (sleuthkit-4.8.0.tar.gz) = 9YS0bIgmk7y9gZ+1j3XpvkWsir2/YFwZD4fvESLyj2w=
+SIZE (sleuthkit-4.8.0.tar.gz) = 8784392
Index: patches/patch-configure_ac
===
RCS file: /cvs/ports/sysutils/sleuthkit/patches/patch-configure_ac,v
retrieving revision 1.1
diff -u -p -r1.1 patch-configure_ac
--- patches/patch-configure_ac 23 May 2019 11:01:14 - 1.1
+++ patches/patch-configure_ac 17 Mar 2020 13:13:31 -
@@ -3,7 +3,7 @@ $OpenBSD: patch-configure_ac,v 1.1 2019/
Index: configure.ac
--- configure.ac.orig
+++ configure.ac
-@@ -111,7 +111,7 @@ dnl Checks for libraries.
+@@ -113,7 +113,7 @@ dnl Checks for libraries.
dnl Some platforms will complain about missing included functions if
libstdc++ is not included.
Index: patches/patch-tools_srchtools_sigfind_cpp
===
RCS file: patches/patch-tools_srchtools_sigfind_cpp
diff -N patches/patch-tools_srchtools_sigfind_cpp
--- patches/patch-tools_srchtools_sigfind_cpp 7 Apr 2018 23:15:28 -
1.4
+++ /dev/null 1 Jan 1970 00:00:00 -
@@ -1,26 +0,0 @@
-$OpenBSD: patch-tools_srchtools_sigfind_cpp,v 1.4 2018/04/07 23:15:28 nigel
Exp $
-
-Index: tools/srchtools/sigfind.cpp
tools/srchtools/sigfind.cpp.orig
-+++ tools/srchtools/sigfind.cpp
-@@ -302,7 +302,7 @@ main(int argc, char **argv)
- break;
-
Re: Need help for libtsk/sleuthkit
On 2020-03-16 10:25, Remi Pointel wrote: Hi, I need to update sleuthkit for the new version of plaso. Attached is the updated version of sleuthkit. It builds fine, but if I run the regress tests of the py-tsk port it segfaults on the libtsk. If I add LDFLAGS="-lstdc++", it works fine but it's not the good way to fix it. Any idea? To test: build & install the sleuthkit port attached, and make test in the py-tsk port attached. Thanks for helping, With the logs it will be easier... Thanks in advance, Remi. cd /usr/ports/pobj/py-tsk-20200117-python3/pytsk3-20200117 && /usr/local/bin/python3.7 run_tests.py python3.7:/usr/local/lib/libtsk.so.2.0: undefined symbol '__gxx_personality_v0' python3.7:/usr/local/lib/libtsk.so.2.0: undefined symbol '_ZNSt13runtime_errorD1Ev' python3.7:/usr/local/lib/libtsk.so.2.0: undefined symbol '_ZTISt13runtime_error' python3.7:/usr/local/lib/libtsk.so.2.0: undefined symbol '_ZTISt13runtime_error' python3.7:/usr/local/lib/libtsk.so.2.0: undefined symbol '_ZNSt8ios_base4InitD1Ev' python3.7:/usr/local/lib/libtsk.so.2.0: undefined symbol '_ZTVN10__cxxabiv117__class_type_infoE' python3.7:/usr/local/lib/libtsk.so.2.0: undefined symbol '_ZTVN10__cxxabiv117__class_type_infoE' python3.7:/usr/local/lib/libtsk.so.2.0: undefined symbol '_ZTVN10__cxxabiv117__class_type_infoE' python3.7:/usr/local/lib/libtsk.so.2.0: undefined symbol '_ZTVN10__cxxabiv117__class_type_infoE' python3.7:/usr/local/lib/libtsk.so.2.0: undefined symbol '_ZTVN10__cxxabiv117__class_type_infoE' python3.7:/usr/local/lib/libtsk.so.2.0: undefined symbol '_ZTVN10__cxxabiv117__class_type_infoE' python3.7:/usr/local/lib/libtsk.so.2.0: undefined symbol '_ZTVN10__cxxabiv117__class_type_infoE' python3.7:/usr/local/lib/libtsk.so.2.0: undefined symbol '_ZTVN10__cxxabiv117__class_type_infoE' python3.7:/usr/local/lib/libtsk.so.2.0: undefined symbol '_ZTVN10__cxxabiv120__si_class_type_infoE' python3.7:/usr/local/lib/libtsk.so.2.0: undefined symbol '_ZTVN10__cxxabiv120__si_class_type_infoE' python3.7:/usr/local/lib/libtsk.so.2.0: undefined symbol '_ZTVN10__cxxabiv120__si_class_type_infoE' python3.7:/usr/local/lib/libtsk.so.2.0: undefined symbol '_ZTVN10__cxxabiv120__si_class_type_infoE' python3.7:/usr/local/lib/libtsk.so.2.0: undefined symbol '_ZTVN10__cxxabiv120__si_class_type_infoE' python3.7:/usr/local/lib/libtsk.so.2.0: undefined symbol '_ZTVN10__cxxabiv120__si_class_type_infoE' python3.7:/usr/local/lib/libtsk.so.2.0: undefined symbol '_ZTVN10__cxxabiv120__si_class_type_infoE' python3.7:/usr/local/lib/libtsk.so.2.0: undefined symbol '_ZTVN10__cxxabiv120__si_class_type_infoE' python3.7:/usr/local/lib/libtsk.so.2.0: undefined symbol '_ZTVN10__cxxabiv120__si_class_type_infoE' python3.7:/usr/local/lib/libtsk.so.2.0: undefined symbol '_ZTVN10__cxxabiv120__si_class_type_infoE' python3.7:/usr/local/lib/libtsk.so.2.0: undefined symbol '_ZTVN10__cxxabiv120__si_class_type_infoE' python3.7:/usr/local/lib/libtsk.so.2.0: undefined symbol '_ZTVN10__cxxabiv120__si_class_type_infoE' python3.7:/usr/local/lib/libtsk.so.2.0: undefined symbol '_ZTVN10__cxxabiv120__si_class_type_infoE' python3.7:/usr/local/lib/libtsk.so.2.0: undefined symbol '_ZTVN10__cxxabiv120__si_class_type_infoE' python3.7:/usr/local/lib/libtsk.so.2.0: undefined symbol '_ZTVN10__cxxabiv120__si_class_type_infoE' python3.7:/usr/local/lib/libtsk.so.2.0: undefined symbol '_ZTVN10__cxxabiv120__si_class_type_infoE' python3.7:/usr/local/lib/libtsk.so.2.0: undefined symbol '_ZTVN10__cxxabiv120__si_class_type_infoE' python3.7:/usr/local/lib/libtsk.so.2.0: undefined symbol '_ZTVN10__cxxabiv120__si_class_type_infoE' python3.7:/usr/local/lib/libtsk.so.2.0: undefined symbol '_ZTVN10__cxxabiv120__si_class_type_infoE' python3.7:/usr/local/lib/libtsk.so.2.0: undefined symbol '_ZTVN10__cxxabiv120__si_class_type_infoE' python3.7:/usr/local/lib/libtsk.so.2.0: undefined symbol '_ZTVN10__cxxabiv120__si_class_type_infoE' python3.7:/usr/local/lib/libtsk.so.2.0: undefined symbol '_ZTVN10__cxxabiv120__si_class_type_infoE' python3.7:/usr/local/lib/libtsk.so.2.0: undefined symbol '_ZTVN10__cxxabiv121__vmi_class_type_infoE' python3.7:/usr/local/lib/libtsk.so.2.0: undefined symbol '_ZTVN10__cxxabiv121__vmi_class_type_infoE' python3.7:/usr/local/lib/libtsk.so.2.0: undefined symbol '_ZTISt9exception' python3.7:/usr/local/lib/libtsk.so.2.0: undefined symbol '__cxa_pure_virtual' python3.7:/usr/local/lib/libtsk.so.2.0: undefined symbol '__cxa_pure_virtual' python3.7:/usr/local/lib/libtsk.so.2.0: undefined symbol '__cxa_pure_virtual' python3.7:/usr/local/lib/libtsk.so.2.0: undefined symbol '__cxa_pure_virtual' python3.7:/usr/local/lib/libtsk.so.2.0: undefined symbol '__cxa_pure_virtual' python3.7:/usr/local/lib/libtsk.so.2.0: undefined symbol '__cxa_pure_virtual' python3.7:/usr/local/lib/libtsk.so.2.0: undefined symbol '__cxa_pure_virtual' python3.7:/usr/local/lib/libtsk.so.2.0: undefined symbol '__cxa_pure_virtual' python3.7:/usr/local/lib/libtsk.so.2.0: undefined symbol '__cxa_pure_virtual'
Need help for libtsk/sleuthkit
Hi,
I need to update sleuthkit for the new version of plaso.
Attached is the updated version of sleuthkit. It builds fine, but if I
run the regress tests of the py-tsk port it segfaults on the libtsk.
If I add LDFLAGS="-lstdc++", it works fine but it's not the good way to
fix it.
Any idea?
To test: build & install the sleuthkit port attached, and make test in
the py-tsk port attached.
Thanks for helping,
Remi.
Index: Makefile
===
RCS file: /cvs/ports/sysutils/sleuthkit/Makefile,v
retrieving revision 1.27
diff -u -p -u -p -r1.27 Makefile
--- Makefile 14 Jul 2019 00:39:40 - 1.27
+++ Makefile 11 Mar 2020 06:36:22 -
@@ -2,11 +2,10 @@
COMMENT= forensic toolkit based on TCT
-DISTNAME= sleuthkit-4.6.0
+DISTNAME= sleuthkit-4.8.0
CATEGORIES= sysutils security
-REVISION= 2
-SHARED_LIBS += tsk 1.0 # 17.0
+SHARED_LIBS += tsk 2.0 # 17.0
HOMEPAGE= http://www.sleuthkit.org/
@@ -17,7 +16,7 @@ PERMIT_PACKAGE= Yes
MASTER_SITES = https://github.com/sleuthkit/sleuthkit/releases/download/${DISTNAME}/
-WANTLIB += c m pthread ${COMPILER_LIBCXX} sqlite3 z
+WANTLIB += bfio c m pthread ${COMPILER_LIBCXX} sqlite3 vhdi vmdk z
COMPILER = base-clang ports-gcc
@@ -29,13 +28,21 @@ CONFIGURE_ARGS += --mandir='${PREFIX}/m
--without-afflib \
--without-libewf
-CONFIGURE_ENV = ac_cv_path_CPPUNIT_CONFIG=no
+CONFIGURE_ENV = ac_cv_path_CPPUNIT_CONFIG=no \
+ ac_cv_header_postgresql_libpq_fe_h=no
+# LDFLAGS="-lstdc++"
RUN_DEPENDS = converters/p5-DateManip
-LIB_DEPENDS = databases/sqlite3
+LIB_DEPENDS = databases/sqlite3 \
+ devel/libbfio \
+ sysutils/libvhdi \
+ sysutils/libvmdk
NO_TEST = Yes
pre-configure:
@sed -i 's:%%PREFIX%%:${PREFIX}:' ${WRKSRC}/man/sorter.1
+
+post-install:
+ mv ${PREFIX}/bin/pstat ${PREFIX}/bin/pstat.sleuthkit
.include
Index: distinfo
===
RCS file: /cvs/ports/sysutils/sleuthkit/distinfo,v
retrieving revision 1.13
diff -u -p -u -p -r1.13 distinfo
--- distinfo 14 Mar 2018 12:39:17 - 1.13
+++ distinfo 11 Mar 2020 06:36:22 -
@@ -1,2 +1,2 @@
-SHA256 (sleuthkit-4.6.0.tar.gz) = 9SoIqw3geBgsDy0Z0+GzQUJKngwWM6YcO4kvs4+ay5c=
-SIZE (sleuthkit-4.6.0.tar.gz) = 8634432
+SHA256 (sleuthkit-4.8.0.tar.gz) = 9YS0bIgmk7y9gZ+1j3XpvkWsir2/YFwZD4fvESLyj2w=
+SIZE (sleuthkit-4.8.0.tar.gz) = 8784392
Index: patches/patch-tools_srchtools_sigfind_cpp
===
RCS file: patches/patch-tools_srchtools_sigfind_cpp
diff -N patches/patch-tools_srchtools_sigfind_cpp
--- patches/patch-tools_srchtools_sigfind_cpp 7 Apr 2018 23:15:28 - 1.4
+++ /dev/null 1 Jan 1970 00:00:00 -
@@ -1,26 +0,0 @@
-$OpenBSD: patch-tools_srchtools_sigfind_cpp,v 1.4 2018/04/07 23:15:28 nigel Exp $
-
-Index: tools/srchtools/sigfind.cpp
tools/srchtools/sigfind.cpp.orig
-+++ tools/srchtools/sigfind.cpp
-@@ -302,7 +302,7 @@ main(int argc, char **argv)
- break;
- }
- else if (retval == -1) {
--fprintf(stderr, "error reading bytes %"PRIuOFF"\n", i);
-+fprintf(stderr, "error reading bytes %" PRIuOFF "\n", i);
- exit(1);
- }
-
-@@ -312,9 +312,9 @@ main(int argc, char **argv)
- ((sig_size < 3) || (block[rel_offset + 2] == sig[2])) &&
- ((sig_size < 4) || (block[rel_offset + 3] == sig[3]))) {
- if (prev_hit == -1)
--printf("Block: %"PRIuOFF" (-)\n", i);
-+printf("Block: %" PRIuOFF " (-)\n", i);
- else
--printf("Block: %"PRIuOFF" (+%"PRIuOFF")\n", i,
-+printf("Block: %" PRIuOFF " (+%" PRIuOFF ")\n", i,
-(i - prev_hit));
-
- prev_hit = i;
Index: pkg/PLIST
===
RCS file: /cvs/ports/sysutils/sleuthkit/pkg/PLIST,v
retrieving revision 1.9
diff -u -p -u -p -r1.9 PLIST
--- pkg/PLIST 31 Oct 2017 21:38:28 - 1.9
+++ pkg/PLIST 11 Mar 2020 06:36:22 -
@@ -26,6 +26,7 @@ bin/mactime
@bin bin/mmcat
@bin bin/mmls
@bin bin/mmstat
+@bin bin/pstat.sleuthkit
@bin bin/sigfind
bin/sorter
@bin bin/srch_strings
@@ -36,12 +37,19 @@ bin/sorter
@bin bin/usnjls
include/tsk/
include/tsk/auto/
+include/tsk/auto/guid.h
include/tsk/auto/tsk_auto.h
include/tsk/auto/tsk_is_image_supported.h
include/tsk/base/
include/tsk/base/tsk_base.h
include/tsk/base/tsk_os.h
include/tsk/fs/
+include/tsk/fs/apfs_compat.hpp
+include/tsk/fs/apfs_fs.h
+include/tsk/fs/apfs_fs.hpp
+include/tsk/fs/decmpfs.h
+include/tsk/fs/tsk_apfs.h
+include/tsk/fs/tsk_apfs.hpp
include/tsk/fs/tsk_exfatfs.h
include/tsk/fs/tsk_ext2fs.h
include/tsk/fs/tsk_fatfs.h
@@ -55,9 +63,21 @@ include/tsk/fs/tsk_yaffs.h
include/tsk/hashdb/
include/tsk/hashdb/tsk_hashdb.h
include/tsk/img/
+include/tsk/img/pool.hpp
include/tsk/img/tsk_img.h
include/tsk/libtsk.h
