From: Christian Franke <Christian.Franke@t-online.de>
To: cygwin-apps@cygwin.com
Subject: [ITP] sleuthkit 4.12.1
Date: Sat, 2 Mar 2024 13:05:16 +0100 [thread overview]
Message-ID: <70a09fa1-4912-0503-2ee6-4438afd683bd@t-online.de> (raw)
[-- Attachment #1: Type: text/plain, Size: 2991 bytes --]
I would like to contribute sleuthkit. Also present in Debian, Fedora,
Ubuntu, ...
SUMMARY="Tools for analysis of volume and filesystem data"
DESCRIPTION="The Sleuth Kit (TSK) is a collection of command line tools
for disk images. It allows to analyze volume and filesystem data,
examine disk layout, recover deleted files, etc. Many partition and
filesystem formats are supported."
libtsk_SUMMARY="${SUMMARY} (runtime)"
libtsk_devel_SUMMARY="${SUMMARY} (development)"
I'm not sure about the LICENSE string:
LICENSE="CPL-1.0 AND GPL-2.0-or-later"
The license/README.md file mentions a bunch of licenses, see comment in
cygport file. CPL-1.0 is the main license, one separate tool uses
GPL-2.0-or-later.
The source package supports reproducible builds except for libtsk-devel
(timestamps in *.a files).
Abbreviated list of files:
sleuthkit-4.12.1-1.tar.xz:
usr/bin/blkcalc.exe
usr/bin/blkcat.exe
usr/bin/blkls.exe
usr/bin/blkstat.exe
usr/bin/fcat.exe
usr/bin/ffind.exe
usr/bin/fiwalk.exe
usr/bin/fls.exe
usr/bin/fsstat.exe
usr/bin/hfind.exe
usr/bin/icat.exe
usr/bin/ifind.exe
usr/bin/ils.exe
usr/bin/img_cat.exe
usr/bin/img_stat.exe
usr/bin/istat.exe
usr/bin/jcat.exe
usr/bin/jls.exe
usr/bin/jpeg_extract.exe
usr/bin/mactime
usr/bin/mmcat.exe
usr/bin/mmls.exe
usr/bin/mmstat.exe
usr/bin/pstat.exe
usr/bin/sigfind.exe
usr/bin/sorter
usr/bin/srch_strings.exe
usr/bin/tsk_comparedir.exe
usr/bin/tsk_gettimes.exe
usr/bin/tsk_imageinfo.exe
usr/bin/tsk_loaddb.exe
usr/bin/tsk_recover.exe
usr/bin/usnjls.exe
usr/share/doc/sleuthkit/*
usr/share/man/man1/*
usr/share/tsk/sorter/*.sort
libtsk-4.12.1-1.tar.xz:
usr/bin/cygtsk-19.dll
libtsk-devel-4.12.1-1.tar.xz:
usr/include/tsk/*
usr/lib/libtsk.a
usr/lib/libtsk.dll.a
usr/lib/pkgconfig/tsk.pc
usr/share/doc/sleuthkit/samples/*.cpp
====================
Real world use case: Check whether the SSD TRIM command actually works:
$ # Create a test file (> ~3*256B to prevent resident file)
$ printf 'Line %s\n' {0001..0100} > trim_check
$ # Get full path of file
$ cygpath -am trim_check
D:/tmp/trim_check
$ # Find raw device of partition
$ grep D: /proc/partitions # or: ls -l /dev/disk/by-drive/d
8 20 629145944 sdb4 D:\
$ # Find inode (here: $MFT index) of file
$ ifind -n /tmp/trim_check /dev/sdb4
339065
$ # Find cluster(s) used by inode
$ istat /dev/sdb4 339065
...
Name: TRIM_C~1
...
Name: trim_check
...
Type: $DATA (128-4) Name: N/A Non-Resident size: 1000 init_size: 1000
7876740
$ # Read cluster (assumes 4KiB cluster size, could be checked with fsstat)
$ dd if=/dev/sdb4 bs=4096 count=1 skip=7876740 iflag=direct status=none
| cat -A
Line 0001$
Line 0002$
...
$ # Remove file, flush buffers and wait
$ rm trim_check; sync; sleep 10
$ # Re-read cluster
$ dd if=/dev/sdb4 bs=4096 count=1 skip=7876740 iflag=direct status=none | od
0000000 000000 000000 000000 000000 000000 000000 000000 000000
*
0010000
$ echo "TRIM works!"
TRIM works!
====================
--
Regards,
Christian
[-- Attachment #2: sleuthkit.cygport --]
[-- Type: text/plain, Size: 3218 bytes --]
# cygport script for sleuthkit
NAME=sleuthkit
VERSION=4.12.1
RELEASE=1
SOURCE_DATE="2024-03-02 11:00:00 UTC"
SUMMARY="Tools for analysis of volume and filesystem data"
DESCRIPTION="The Sleuth Kit (TSK) is a collection of command line tools
for disk images. It allows to analyze volume and filesystem data,
examine disk layout, recover deleted files, etc. Many partition and
filesystem formats are supported."
LICENSE="CPL-1.0 AND GPL-2.0-or-later"
# Licenses mentioned in licenses/README.md:
# Apache-2.0 # case-uco/*, win32/rejistry++/* (code not used)
# BSD-3-Clause # samples/*, tsk/fs/lzvn.c
# CPL-1.0 # The Sleuth Kit (TSK) license
# GPL-2.0-or-later # tools/srchtools/srch_strings.c
# GPL-3.0-or-later # m4/ax_pthread.m4 (... WITH Autoconf-exception-3.0)
# IPL-1.0 # The Coroner's Toolkit (TCT) license
# ISC # tools/fiwalk/src/base64.*
# "public domain" # tools/fiwalk/*, tsk/base/sha1.c
# MIT # tsk/auto/guid.cpp
# RSA-MD # tsk/base/md5c.c
# "Unicode" # tsk/base/tsk_unicode.*
CATEGORY="Utils"
PKG_NAMES="sleuthkit libtsk libtsk-devel"
REQUIRES="" # libgcc1 libstdc++6 libtsk perl-DateTime-TimeZone perl_base
libtsk_REQUIRES="" # libgcc1 libsqlite3_0 libstdc++6 zlib0
libtsk_devel_REQUIRES="" # libtsk pkg-config
BUILD_REQUIRES="
binutils cygwin-devel gcc-g++ gzip libsqlite3-devel perl_base zlib-devel
" # make
HOMEPAGE="https://www.sleuthkit.org/sleuthkit/"
SRC_URI="https://github.com/sleuthkit/sleuthkit/releases/download/${P}/${P}.tar.gz"
libtsk_SUMMARY="${SUMMARY} (runtime)"
libtsk_DESCRIPTION="${DESCRIPTION}
This package contains the runtime library for sleuthkit."
libtsk_devel_SUMMARY="${SUMMARY} (development)"
libtsk_devel_DESCRIPTION="${DESCRIPTION}
This package contains the development files for libtsk."
sleuthkit_CONTENTS="
--exclude=usr/bin/cygtsk-*.dll
--exclude=usr/share/doc/${PN}/samples
usr/bin
usr/share
"
libtsk_CONTENTS="
usr/bin/cygtsk-*.dll
"
libtsk_devel_CONTENTS="
usr/include/tsk
usr/lib
usr/share/doc/${PN}/samples
"
export SOURCE_DATE_EPOCH=$(date -d "$SOURCE_DATE" +%s)
src_compile() {
cd ${B}
# Some include paths are not correct for builds outside of srcdir
lndirs
# Prevent fallback to libsqlite3 from source distribution
test -f /usr/lib/libsqlite3.dll.a || error "Package libsqlite-devel is required"
# _GNU_SOURCE is required for strcasecmp(), vasprintf(), ...
# configure sets LIBTSK_LDFLAGS="-no-undefined" only for MinGW
cygconf --enable-shared --enable-static \
--with-gnu-ld --with-zlib \
--disable-cppunit --disable-java \
--without-afflib --without-libbfio --without-libewf \
--without-libvhdi --without-libvmdk --without-libvslvm \
CPPFLAGS=-D_GNU_SOURCE \
LIBTSK_LDFLAGS="-no-undefined"
# 'LDFLAGS = @LDFLAGS@ -static' is predefined in all Makefile.am
# Set to empty as '-shared' would suppress the build of the static lib
cygmake LDFLAGS="${LDFLAGS}"
}
src_install() {
cd ${B}
cyginstall
cd ${S}
dodoc docs licenses
docinto samples
dodoc samples/*.cpp
cd ${D}/usr/share/doc/${PN}/licenses
rm -fv Apache-LICENSE-2.0.txt GNUv3-COPYING # unused
gzip -9nv *
}
next reply other threads:[~2024-03-02 12:05 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-02 12:05 Christian Franke [this message]
2024-03-02 16:43 ` Marco Atzeri
2024-03-02 19:12 ` Christian Franke
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=70a09fa1-4912-0503-2ee6-4438afd683bd@t-online.de \
--to=christian.franke@t-online.de \
--cc=cygwin-apps@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).