* [ITP] sleuthkit 4.12.1
@ 2024-03-02 12:05 Christian Franke
2024-03-02 16:43 ` Marco Atzeri
0 siblings, 1 reply; 3+ messages in thread
From: Christian Franke @ 2024-03-02 12:05 UTC (permalink / raw)
To: cygwin-apps
[-- Attachment #1: Type: text/plain, Size: 2991 bytes --]
I would like to contribute sleuthkit. Also present in Debian, Fedora,
Ubuntu, ...
SUMMARY="Tools for analysis of volume and filesystem data"
DESCRIPTION="The Sleuth Kit (TSK) is a collection of command line tools
for disk images. It allows to analyze volume and filesystem data,
examine disk layout, recover deleted files, etc. Many partition and
filesystem formats are supported."
libtsk_SUMMARY="${SUMMARY} (runtime)"
libtsk_devel_SUMMARY="${SUMMARY} (development)"
I'm not sure about the LICENSE string:
LICENSE="CPL-1.0 AND GPL-2.0-or-later"
The license/README.md file mentions a bunch of licenses, see comment in
cygport file. CPL-1.0 is the main license, one separate tool uses
GPL-2.0-or-later.
The source package supports reproducible builds except for libtsk-devel
(timestamps in *.a files).
Abbreviated list of files:
sleuthkit-4.12.1-1.tar.xz:
usr/bin/blkcalc.exe
usr/bin/blkcat.exe
usr/bin/blkls.exe
usr/bin/blkstat.exe
usr/bin/fcat.exe
usr/bin/ffind.exe
usr/bin/fiwalk.exe
usr/bin/fls.exe
usr/bin/fsstat.exe
usr/bin/hfind.exe
usr/bin/icat.exe
usr/bin/ifind.exe
usr/bin/ils.exe
usr/bin/img_cat.exe
usr/bin/img_stat.exe
usr/bin/istat.exe
usr/bin/jcat.exe
usr/bin/jls.exe
usr/bin/jpeg_extract.exe
usr/bin/mactime
usr/bin/mmcat.exe
usr/bin/mmls.exe
usr/bin/mmstat.exe
usr/bin/pstat.exe
usr/bin/sigfind.exe
usr/bin/sorter
usr/bin/srch_strings.exe
usr/bin/tsk_comparedir.exe
usr/bin/tsk_gettimes.exe
usr/bin/tsk_imageinfo.exe
usr/bin/tsk_loaddb.exe
usr/bin/tsk_recover.exe
usr/bin/usnjls.exe
usr/share/doc/sleuthkit/*
usr/share/man/man1/*
usr/share/tsk/sorter/*.sort
libtsk-4.12.1-1.tar.xz:
usr/bin/cygtsk-19.dll
libtsk-devel-4.12.1-1.tar.xz:
usr/include/tsk/*
usr/lib/libtsk.a
usr/lib/libtsk.dll.a
usr/lib/pkgconfig/tsk.pc
usr/share/doc/sleuthkit/samples/*.cpp
====================
Real world use case: Check whether the SSD TRIM command actually works:
$ # Create a test file (> ~3*256B to prevent resident file)
$ printf 'Line %s\n' {0001..0100} > trim_check
$ # Get full path of file
$ cygpath -am trim_check
D:/tmp/trim_check
$ # Find raw device of partition
$ grep D: /proc/partitions # or: ls -l /dev/disk/by-drive/d
8 20 629145944 sdb4 D:\
$ # Find inode (here: $MFT index) of file
$ ifind -n /tmp/trim_check /dev/sdb4
339065
$ # Find cluster(s) used by inode
$ istat /dev/sdb4 339065
...
Name: TRIM_C~1
...
Name: trim_check
...
Type: $DATA (128-4) Name: N/A Non-Resident size: 1000 init_size: 1000
7876740
$ # Read cluster (assumes 4KiB cluster size, could be checked with fsstat)
$ dd if=/dev/sdb4 bs=4096 count=1 skip=7876740 iflag=direct status=none
| cat -A
Line 0001$
Line 0002$
...
$ # Remove file, flush buffers and wait
$ rm trim_check; sync; sleep 10
$ # Re-read cluster
$ dd if=/dev/sdb4 bs=4096 count=1 skip=7876740 iflag=direct status=none | od
0000000 000000 000000 000000 000000 000000 000000 000000 000000
*
0010000
$ echo "TRIM works!"
TRIM works!
====================
--
Regards,
Christian
[-- Attachment #2: sleuthkit.cygport --]
[-- Type: text/plain, Size: 3218 bytes --]
# cygport script for sleuthkit
NAME=sleuthkit
VERSION=4.12.1
RELEASE=1
SOURCE_DATE="2024-03-02 11:00:00 UTC"
SUMMARY="Tools for analysis of volume and filesystem data"
DESCRIPTION="The Sleuth Kit (TSK) is a collection of command line tools
for disk images. It allows to analyze volume and filesystem data,
examine disk layout, recover deleted files, etc. Many partition and
filesystem formats are supported."
LICENSE="CPL-1.0 AND GPL-2.0-or-later"
# Licenses mentioned in licenses/README.md:
# Apache-2.0 # case-uco/*, win32/rejistry++/* (code not used)
# BSD-3-Clause # samples/*, tsk/fs/lzvn.c
# CPL-1.0 # The Sleuth Kit (TSK) license
# GPL-2.0-or-later # tools/srchtools/srch_strings.c
# GPL-3.0-or-later # m4/ax_pthread.m4 (... WITH Autoconf-exception-3.0)
# IPL-1.0 # The Coroner's Toolkit (TCT) license
# ISC # tools/fiwalk/src/base64.*
# "public domain" # tools/fiwalk/*, tsk/base/sha1.c
# MIT # tsk/auto/guid.cpp
# RSA-MD # tsk/base/md5c.c
# "Unicode" # tsk/base/tsk_unicode.*
CATEGORY="Utils"
PKG_NAMES="sleuthkit libtsk libtsk-devel"
REQUIRES="" # libgcc1 libstdc++6 libtsk perl-DateTime-TimeZone perl_base
libtsk_REQUIRES="" # libgcc1 libsqlite3_0 libstdc++6 zlib0
libtsk_devel_REQUIRES="" # libtsk pkg-config
BUILD_REQUIRES="
binutils cygwin-devel gcc-g++ gzip libsqlite3-devel perl_base zlib-devel
" # make
HOMEPAGE="https://www.sleuthkit.org/sleuthkit/"
SRC_URI="https://github.com/sleuthkit/sleuthkit/releases/download/${P}/${P}.tar.gz"
libtsk_SUMMARY="${SUMMARY} (runtime)"
libtsk_DESCRIPTION="${DESCRIPTION}
This package contains the runtime library for sleuthkit."
libtsk_devel_SUMMARY="${SUMMARY} (development)"
libtsk_devel_DESCRIPTION="${DESCRIPTION}
This package contains the development files for libtsk."
sleuthkit_CONTENTS="
--exclude=usr/bin/cygtsk-*.dll
--exclude=usr/share/doc/${PN}/samples
usr/bin
usr/share
"
libtsk_CONTENTS="
usr/bin/cygtsk-*.dll
"
libtsk_devel_CONTENTS="
usr/include/tsk
usr/lib
usr/share/doc/${PN}/samples
"
export SOURCE_DATE_EPOCH=$(date -d "$SOURCE_DATE" +%s)
src_compile() {
cd ${B}
# Some include paths are not correct for builds outside of srcdir
lndirs
# Prevent fallback to libsqlite3 from source distribution
test -f /usr/lib/libsqlite3.dll.a || error "Package libsqlite-devel is required"
# _GNU_SOURCE is required for strcasecmp(), vasprintf(), ...
# configure sets LIBTSK_LDFLAGS="-no-undefined" only for MinGW
cygconf --enable-shared --enable-static \
--with-gnu-ld --with-zlib \
--disable-cppunit --disable-java \
--without-afflib --without-libbfio --without-libewf \
--without-libvhdi --without-libvmdk --without-libvslvm \
CPPFLAGS=-D_GNU_SOURCE \
LIBTSK_LDFLAGS="-no-undefined"
# 'LDFLAGS = @LDFLAGS@ -static' is predefined in all Makefile.am
# Set to empty as '-shared' would suppress the build of the static lib
cygmake LDFLAGS="${LDFLAGS}"
}
src_install() {
cd ${B}
cyginstall
cd ${S}
dodoc docs licenses
docinto samples
dodoc samples/*.cpp
cd ${D}/usr/share/doc/${PN}/licenses
rm -fv Apache-LICENSE-2.0.txt GNUv3-COPYING # unused
gzip -9nv *
}
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [ITP] sleuthkit 4.12.1
2024-03-02 12:05 [ITP] sleuthkit 4.12.1 Christian Franke
@ 2024-03-02 16:43 ` Marco Atzeri
2024-03-02 19:12 ` Christian Franke
0 siblings, 1 reply; 3+ messages in thread
From: Marco Atzeri @ 2024-03-02 16:43 UTC (permalink / raw)
To: cygwin-apps
On 02/03/2024 13:05, Christian Franke via Cygwin-apps wrote:
> I would like to contribute sleuthkit. Also present in Debian, Fedora,
> Ubuntu, ...
>
> SUMMARY="Tools for analysis of volume and filesystem data"
>
> DESCRIPTION="The Sleuth Kit (TSK) is a collection of command line tools
> for disk images. It allows to analyze volume and filesystem data,
> examine disk layout, recover deleted files, etc. Many partition and
> filesystem formats are supported."
>
> libtsk_SUMMARY="${SUMMARY} (runtime)"
>
> libtsk_devel_SUMMARY="${SUMMARY} (development)"
>
>
> I'm not sure about the LICENSE string:
>
> LICENSE="CPL-1.0 AND GPL-2.0-or-later"
>
> The license/README.md file mentions a bunch of licenses, see comment in
> cygport file. CPL-1.0 is the main license, one separate tool uses
> GPL-2.0-or-later.
>
>
> The source package supports reproducible builds except for libtsk-devel
> (timestamps in *.a files).
Hi Christian,
usually we do no distribute static library
Any reason here ?
except that GTG
$ git diff |grep "^+"
+++ b/cygwin-pkg-maint
+sleuthkit Christian Franke
Regards
Marco
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [ITP] sleuthkit 4.12.1
2024-03-02 16:43 ` Marco Atzeri
@ 2024-03-02 19:12 ` Christian Franke
0 siblings, 0 replies; 3+ messages in thread
From: Christian Franke @ 2024-03-02 19:12 UTC (permalink / raw)
To: cygwin-apps
Hi Marco,
Marco Atzeri via Cygwin-apps wrote:
> On 02/03/2024 13:05, Christian Franke via Cygwin-apps wrote:
>> I would like to contribute sleuthkit. Also present in Debian, Fedora,
>> Ubuntu, ...
>>
>> SUMMARY="Tools for analysis of volume and filesystem data"
>>
>> DESCRIPTION="The Sleuth Kit (TSK) is a collection of command line tools
>> for disk images. It allows to analyze volume and filesystem data,
>> examine disk layout, recover deleted files, etc. Many partition and
>> filesystem formats are supported."
>>
>> libtsk_SUMMARY="${SUMMARY} (runtime)"
>>
>> libtsk_devel_SUMMARY="${SUMMARY} (development)"
>>
>>
>> I'm not sure about the LICENSE string:
>>
>> LICENSE="CPL-1.0 AND GPL-2.0-or-later"
>>
>> The license/README.md file mentions a bunch of licenses, see comment
>> in cygport file. CPL-1.0 is the main license, one separate tool uses
>> GPL-2.0-or-later.
>>
>>
>> The source package supports reproducible builds except for
>> libtsk-devel (timestamps in *.a files).
>
> Hi Christian,
>
> usually we do no distribute static library
Didn't know, sorry. Makes plenty of sense, at least to prevent that
other packages accidentally link to the static lib.
>
> Any reason here ?
No, static lib removed.
> except that GTG
>
> $ git diff |grep "^+"
> +++ b/cygwin-pkg-maint
> +sleuthkit Christian Franke
>
Thanks,
Christian
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2024-03-02 19:12 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-03-02 12:05 [ITP] sleuthkit 4.12.1 Christian Franke
2024-03-02 16:43 ` Marco Atzeri
2024-03-02 19:12 ` Christian Franke
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).