diff options
Diffstat (limited to 'testing/sleuthkit')
-rw-r--r-- | testing/sleuthkit/10_link-to-sqlite.patch | 36 | ||||
-rw-r--r-- | testing/sleuthkit/20_fix_spelling_errors.patch | 34 | ||||
-rw-r--r-- | testing/sleuthkit/30_fix-manpages.patch | 208 | ||||
-rw-r--r-- | testing/sleuthkit/40_no_static_ldflags.patch | 60 | ||||
-rw-r--r-- | testing/sleuthkit/50_disable_ant_clean.patch | 15 | ||||
-rw-r--r-- | testing/sleuthkit/APKBUILD | 68 |
6 files changed, 421 insertions, 0 deletions
diff --git a/testing/sleuthkit/10_link-to-sqlite.patch b/testing/sleuthkit/10_link-to-sqlite.patch new file mode 100644 index 0000000000..a4de9d4630 --- /dev/null +++ b/testing/sleuthkit/10_link-to-sqlite.patch @@ -0,0 +1,36 @@ +From https://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/app-forensics/sleuthkit/files/sleuthkit-4.1.0-system-sqlite.patch?revision=1.1 + +--- a/tsk/auto/db_sqlite.cpp ++++ b/tsk/auto/db_sqlite.cpp +@@ -14,7 +14,7 @@ + */ + + #include "tsk_db_sqlite.h" +-#include "sqlite3.h" ++#include <sqlite3.h> + + #include <string.h> + +--- a/tsk/auto/Makefile.am ++++ b/tsk/auto/Makefile.am +@@ -3,7 +3,8 @@ + + noinst_LTLIBRARIES = libtskauto.la + # Note that the .h files are in the top-level Makefile +-libtskauto_la_SOURCES = auto.cpp tsk_auto_i.h auto_db.cpp sqlite3.c sqlite3.h db_sqlite.cpp tsk_db_sqlite.h case_db.cpp tsk_case_db.h ++libtskauto_la_SOURCES = auto.cpp tsk_auto_i.h auto_db.cpp db_sqlite.cpp tsk_db_sqlite.h case_db.cpp tsk_case_db.h ++libtskauto_la_LIBADD = -lsqlite3 + + indent: + indent *.cpp *.h +--- a/tsk/auto/tsk_db_sqlite.h ++++ b/tsk/auto/tsk_db_sqlite.h +@@ -25,7 +25,7 @@ + #include <ostream> + + +-#include "sqlite3.h" ++#include <sqlite3.h> + #include "tsk_auto_i.h" + + using std::map; diff --git a/testing/sleuthkit/20_fix_spelling_errors.patch b/testing/sleuthkit/20_fix_spelling_errors.patch new file mode 100644 index 0000000000..ec788ea29d --- /dev/null +++ b/testing/sleuthkit/20_fix_spelling_errors.patch @@ -0,0 +1,34 @@ +Description: fix spelling errors. +Author: Joao Eriberto Mota Filho <eriberto@debian.org> +Last-Update: 2015-11-12 +Index: sleuthkit-4.2.0/tsk/auto/auto_db.cpp +=================================================================== +--- sleuthkit-4.2.0.orig/tsk/auto/auto_db.cpp ++++ sleuthkit-4.2.0/tsk/auto/auto_db.cpp +@@ -395,7 +395,7 @@ uint8_t + if (m_db->inTransaction()) { + tsk_error_reset(); + tsk_error_set_errno(TSK_ERR_AUTO_DB); +- tsk_error_set_errstr("TskAutoDb::startAddImage(): Already in a transaction, image might not be commited"); ++ tsk_error_set_errstr("TskAutoDb::startAddImage(): Already in a transaction, image might not be committed"); + registerError(); + return 1; + } +@@ -439,7 +439,7 @@ uint8_t + if (m_db->inTransaction()) { + tsk_error_reset(); + tsk_error_set_errno(TSK_ERR_AUTO_DB); +- tsk_error_set_errstr("TskAutoDb::startAddImage(): Already in a transaction, image might not be commited"); ++ tsk_error_set_errstr("TskAutoDb::startAddImage(): Already in a transaction, image might not be committed"); + registerError(); + return 1; + } +@@ -517,7 +517,7 @@ int64_t + TskAutoDb::commitAddImage() + { + if (tsk_verbose) +- tsk_fprintf(stderr, "TskAutoDb::commitAddImage: Commiting add image process\n"); ++ tsk_fprintf(stderr, "TskAutoDb::commitAddImage: Committing add image process\n"); + + if (m_imgTransactionOpen == false) { + tsk_error_reset(); diff --git a/testing/sleuthkit/30_fix-manpages.patch b/testing/sleuthkit/30_fix-manpages.patch new file mode 100644 index 0000000000..38ac84f755 --- /dev/null +++ b/testing/sleuthkit/30_fix-manpages.patch @@ -0,0 +1,208 @@ +Description: Fixes formatting errors in manpages +Author: Julien Valroff <julien@debian.org> +Reviewed-by: Joao Eriberto Mota Filho <eriberto@debian.org> +Last-Update: 2015-11-12 +Index: sleuthkit-4.2.0/man/hfind.1 +=================================================================== +--- sleuthkit-4.2.0.orig/man/hfind.1 ++++ sleuthkit-4.2.0/man/hfind.1 +@@ -72,64 +72,64 @@ The following input types are valid. Fo + sorted by. The 'md5sum' value can also be used to sort and index "home made" + databases. 'hfind' can take data in both common formats: + +- MD5 (test.txt) = 76b1f4de1522c20b67acc132937cf82e ++ MD5 (test.txt) = 76b1f4de1522c20b67acc132937cf82e + + and + +- 76b1f4de1522c20b67acc132937cf82e test.txt ++ 76b1f4de1522c20b67acc132937cf82e test.txt + + .SH EXAMPLES + To create an MD5 index file for NIST NSRL: + +- # hfind \-i nsrl-md5 /usr/local/hash/nsrl/NSRLFile.txt ++ # hfind \-i nsrl-md5 /usr/local/hash/nsrl/NSRLFile.txt + + To lookup a value in the NSRL: + +- # hfind /usr/local/hash/nsrl/NSRLFile.txt 76b1f4de1522c20b67acc132937cf82e ++ # hfind /usr/local/hash/nsrl/NSRLFile.txt 76b1f4de1522c20b67acc132937cf82e + +- 76b1f4de1522c20b67acc132937cf82e Hash Not Found ++ 76b1f4de1522c20b67acc132937cf82e Hash Not Found + + You can even do both SHA-1 and MD5 if you want: + +- # hfind \-i nsrl-sha1 /usr/local/hash/nsrl/NSRLFile.txt ++ # hfind \-i nsrl-sha1 /usr/local/hash/nsrl/NSRLFile.txt + +- # hfind /usr/local/hash/nsrl/NSRLFile.txt +- 76b1f4de1522c20b67acc132937cf82e +- 80001A80B3F1B80076B297CEE8805AAA04E1B5BA ++ # hfind /usr/local/hash/nsrl/NSRLFile.txt ++ 76b1f4de1522c20b67acc132937cf82e ++ 80001A80B3F1B80076B297CEE8805AAA04E1B5BA + +- 76b1f4de1522c20b67acc132937cf82e Hash Not Found ++ 76b1f4de1522c20b67acc132937cf82e Hash Not Found + +- 80001A80B3F1B80076B297CEE8805AAA04E1B5BA thrdcore.cpp ++ 80001A80B3F1B80076B297CEE8805AAA04E1B5BA thrdcore.cpp + + To make a database of critical binaries of a trusted system, use 'md5sum': + +- # md5sum /bin/* /sbin/* /usr/bin/* /usr/bin/* /usr/local/bin/* /usr/local/sbin/* > system.md5 ++ # md5sum /bin/* /sbin/* /usr/bin/* /usr/bin/* /usr/local/bin/* /usr/local/sbin/* > system.md5 + +- # hfind \-i md5sum system.md5 ++ # hfind \-i md5sum system.md5 + + To look entries up, the following will work: + +- # hfind system.md5 76b1f4de1522c20b67acc132937cf82e ++ # hfind system.md5 76b1f4de1522c20b67acc132937cf82e + +- 76b1f4de1522c20b67acc132937cf82e Hash Not Found ++ 76b1f4de1522c20b67acc132937cf82e Hash Not Found + + or + +- # md5sum \-q /bin/* | hfind system.md5 ++ # md5sum \-q /bin/* | hfind system.md5 + +- 928682269cd3edb1acdf9a7f7e606ff2 /bin/bash ++ 928682269cd3edb1acdf9a7f7e606ff2 /bin/bash + +- <...> ++ <...> + + or + +- # md5sum \-q /bin/* > bin.md5 ++ # md5sum \-q /bin/* > bin.md5 + +- # hfind \-f bin.md5 system.md5 ++ # hfind \-f bin.md5 system.md5 + +- 928682269cd3edb1acdf9a7f7e606ff2 /bin/bash ++ 928682269cd3edb1acdf9a7f7e606ff2 /bin/bash + +- <...> ++ <...> + + + .SH "SEE ALSO" +Index: sleuthkit-4.2.0/man/tsk_gettimes.1 +=================================================================== +--- sleuthkit-4.2.0.orig/man/tsk_gettimes.1 ++++ sleuthkit-4.2.0/man/tsk_gettimes.1 +@@ -16,7 +16,7 @@ tsk_gettimes - Collect MAC times from a + .I image [images] + .SH DESCRIPTION + .B tsk_gettimes +-examines each of the file systems in a disk image and returns the data about them in the MACtime body format (the same as running 'fls -m' on each file system). The output of this can be used as input to mactime to make a timeline of file activity. The data is printed to STDOUT, which can then be redirected to a file. ++examines each of the file systems in a disk image and returns the data about them in the MACtime body format (the same as running 'fls \-m' on each file system). The output of this can be used as input to mactime to make a timeline of file activity. The data is printed to STDOUT, which can then be redirected to a file. + + The arguments are as follows: + .IP -v +Index: sleuthkit-4.2.0/man/tsk_loaddb.1 +=================================================================== +--- sleuthkit-4.2.0.orig/man/tsk_loaddb.1 ++++ sleuthkit-4.2.0/man/tsk_loaddb.1 +@@ -16,11 +16,11 @@ tsk_loaddb - populate a SQLite database + .B tsk_loaddb + loads disk information from + .I image +-to a SQLite database. This database can then be used by tools in other languages for analysis. By default, the database is stored in the same directory as the image with ".db" appended to the name or the database name can be specified with '-d'. ++to a SQLite database. This database can then be used by tools in other languages for analysis. By default, the database is stored in the same directory as the image with ".db" appended to the name or the database name can be specified with '\-d'. + + The arguments are as follows: + .IP "-a" +-Adds image to an existing database instead of creating a new one. Requires that -d be also specified. ++Adds image to an existing database instead of creating a new one. Requires that \-d be also specified. + .IP "-d database" + Path for the database (default is the same directory as the image with name derived from image name + .IP -v +Index: sleuthkit-4.2.0/man/tsk_recover.1 +=================================================================== +--- sleuthkit-4.2.0.orig/man/tsk_recover.1 ++++ sleuthkit-4.2.0/man/tsk_recover.1 +@@ -47,7 +47,7 @@ Sector offset for a volume to recover (r + If not given, will attempt to recover all volumes in image and save them + to different folders. + .IP "-d dir_inum" +-Directory inum to recover from (must also specify a specific partition using -o or there must not be a volume system) ++Directory inum to recover from (must also specify a specific partition using \-o or there must not be a volume system) + .IP "image [images]" + The disk or partition image to read, whose format is given with '\-i'. + Multiple image file names can be given if the image is split into multiple segments. +Index: sleuthkit-4.2.0/man/mactime.1 +=================================================================== +--- sleuthkit-4.2.0.orig/man/mactime.1 ++++ sleuthkit-4.2.0/man/mactime.1 +@@ -1,8 +1,8 @@ +-.TH MACTIME 1 ++.TH MACTIME 1 + .SH NAME + mactime \- Create an ASCII time line of file activity + .SH SYNOPSIS +-.B mactime [-b ++.B mactime [-b + .I body + .B ] [-g + .I group file +@@ -17,7 +17,7 @@ mactime \- Create an ASCII time line of + .B mactime + creates an ASCII time line of file activity based on the body file + specified by '\-b' or from STDIN. The time line is written to STDOUT. +-The body file must be in the time machine format that is created ++The body file must be in the time machine format that is created + by 'ils \-m', 'fls \-m', or the mac-robber tool. + + .SH ARGUMENTS +@@ -29,13 +29,13 @@ tools can also be used to generate the f + Specify the location of the group file. mactime will display the group + name instead of the GID if this is given. + .IP "-p password file" +-Specify the location of the passwd file. mactime will display the +-user name instead of the UID of this is given. ++Specify the location of the passwd file. mactime will display the ++user name instead of the UID of this is given. + .IP "-i day|hour index file" +-Specify the location of an index file to write to. The first argument ++Specify the location of an index file to write to. The first argument + specifies the granularity, either an hourly summary or daily. If the + \'\-d\' flag is given, then the summary will be separated by a ',' to +-import into a spread sheet. ++import into a spread sheet. + .IP -d + Display timeline and index files in comma delimited format. This is used + to import the data into a spread sheet for presentations or graphs. +@@ -43,14 +43,14 @@ to import the data into a spread sheet f + Display header info about the session including time range, input source, + and passwd or group files. + .IP -V +-Display version to STDOUT. ++Display version to STDOUT. + .IP -m +-The month is given as a number instead of name (does not work with -y). ++The month is given as a number instead of name (does not work with \-y). + .IP -y + The date is displayed in ISO8601 format. + .IP "-z TIME_ZONE" + The timezone from where the data was collected. The name of this argument +-is system dependent (examples include EST5EDT, GMT+1). Does not work with -y. ++is system dependent (examples include EST5EDT, GMT+1). Does not work with \-y. + .IP "-z list" + List valid timezones. + .IP DATE_RANGE +@@ -61,7 +61,7 @@ Date can contain time, use format yyyy-m + ending date. + + .SH LICENSE +-The changes from mactime in TCT and mac-daddy are distributed under the Common Public License, found in the ++The changes from mactime in TCT and mac-daddy are distributed under the Common Public License, found in the + .I cpl1.0.txt + file in the The Sleuth Kit licenses directory. + diff --git a/testing/sleuthkit/40_no_static_ldflags.patch b/testing/sleuthkit/40_no_static_ldflags.patch new file mode 100644 index 0000000000..72bf711800 --- /dev/null +++ b/testing/sleuthkit/40_no_static_ldflags.patch @@ -0,0 +1,60 @@ +Description: Drop `-static` from LDFLAGS from tools/*/Makefile.am in order to + avoid sleuthkit tools to be statically linked against libtsk. +Author: Cristian Greco <cristian@regolo.cc> +Reviewed-by: Joao Eriberto Mota Filho +Last-Update: 2013-12-04 +--- a/tools/autotools/Makefile.am ++++ b/tools/autotools/Makefile.am +@@ -1,6 +1,5 @@ + AM_CPPFLAGS = -I../.. -I$(srcdir)/../.. -Wall + LDADD = ../../tsk/libtsk.la +-LDFLAGS += -static + EXTRA_DIST = .indent.pro + + bin_PROGRAMS = tsk_recover tsk_loaddb tsk_comparedir tsk_gettimes +--- a/tools/fstools/Makefile.am ++++ b/tools/fstools/Makefile.am +@@ -1,6 +1,5 @@ + AM_CPPFLAGS = -I../.. -I$(srcdir)/../.. -Wall + LDADD = ../../tsk/libtsk.la +-LDFLAGS += -static + EXTRA_DIST = .indent.pro fscheck.cpp + + bin_PROGRAMS = blkcalc blkcat blkls blkstat ffind fls fcat fsstat icat ifind ils \ +--- a/tools/hashtools/Makefile.am ++++ b/tools/hashtools/Makefile.am +@@ -1,6 +1,5 @@ + AM_CPPFLAGS = -I../.. -I$(srcdir)/../.. -Wall + LDADD = ../../tsk/libtsk.la +-LDFLAGS += -static + EXTRA_DIST = .indent.pro md5.c sha1.c + + bin_PROGRAMS = hfind +--- a/tools/imgtools/Makefile.am ++++ b/tools/imgtools/Makefile.am +@@ -1,6 +1,5 @@ + AM_CPPFLAGS = -I../.. -I$(srcdir)/../.. -Wall + LDADD = ../../tsk/libtsk.la +-LDFLAGS += -static + EXTRA_DIST = .indent.pro + + bin_PROGRAMS = img_cat img_stat +--- a/tools/srchtools/Makefile.am ++++ b/tools/srchtools/Makefile.am +@@ -6,7 +6,6 @@ + + sigfind_SOURCES = sigfind.cpp + sigfind_LDADD = ../../tsk/libtsk.la +-sigfind_LDFLAGS = -static + + indent: + indent *.c *.cpp +--- a/tools/vstools/Makefile.am ++++ b/tools/vstools/Makefile.am +@@ -1,6 +1,5 @@ + AM_CPPFLAGS = -I../.. -I$(srcdir)/../.. -Wall + LDADD = ../../tsk/libtsk.la +-LDFLAGS += -static + EXTRA_DIST = .indent.pro + + bin_PROGRAMS = mmls mmstat mmcat diff --git a/testing/sleuthkit/50_disable_ant_clean.patch b/testing/sleuthkit/50_disable_ant_clean.patch new file mode 100644 index 0000000000..fadc2e391b --- /dev/null +++ b/testing/sleuthkit/50_disable_ant_clean.patch @@ -0,0 +1,15 @@ +Description: cancel the 'ant clean' command. +Author: Joao Eriberto Mota Filho <eriberto@debian.org> +Last-Update: 2014-03-11 +Index: sleuthkit-4.1.3/bindings/java/Makefile.am +=================================================================== +--- sleuthkit-4.1.3.orig/bindings/java/Makefile.am 2014-01-27 01:27:02.000000000 -0200 ++++ sleuthkit-4.1.3/bindings/java/Makefile.am 2014-03-11 20:30:56.588842013 -0300 +@@ -12,5 +12,5 @@ + + CLEANFILES = $(tsk_jar) + +-clean-local: +- ant clean ++#clean-local: ++# ant clean diff --git a/testing/sleuthkit/APKBUILD b/testing/sleuthkit/APKBUILD new file mode 100644 index 0000000000..f873b32dd9 --- /dev/null +++ b/testing/sleuthkit/APKBUILD @@ -0,0 +1,68 @@ +# Contributor: Francesco Colista <fcolista@alpinelinux.org> +# Maintainer: Francesco Colista <fcolista@alpinelinux.org> +pkgname=sleuthkit +pkgver=4.2.0 +pkgrel=0 +pkgdesc="File system and media management forensic analysis tools" +arch="all" +license="custom" +depends="perl" +url="http://www.sleuthkit.org/sleuthkit" +depends_dev="libewf-dev sqlite-dev" +makedepends="$depends_dev autoconf automake libtool" +install="" +options="libtool" +subpackages="$pkgname-dev $pkgname-doc" +source="http://downloads.sourceforge.net/project/$pkgname/$pkgname/$pkgver/$pkgname-$pkgver.tar.gz + 10_link-to-sqlite.patch + 20_fix_spelling_errors.patch + 30_fix-manpages.patch + 40_no_static_ldflags.patch + 50_disable_ant_clean.patch" + +_builddir="$srcdir"/$pkgname-$pkgver + +prepare() { + local i + cd "$_builddir" + for i in $source; do + case $i in + *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;; + esac + done + sed -i 's/daddr_t/uint32_t/g' tools/srchtools/sigfind.cpp + autoreconf -fi +} + +build() { + cd "$_builddir" + ./configure --prefix=/usr + make || return 1 +} + +package() { + cd "$_builddir" + make DESTDIR="$pkgdir" install + install -d "$pkgdir"/usr/share/licenses/$pkgname + install -Dm0644 licenses/* "$pkgdir"/usr/share/licenses/$pkgname + +} + +md5sums="e281fd0976ac93df5123a0eb8b32cfc3 sleuthkit-4.2.0.tar.gz +a70eee22ee0e0c7e014104be80f300e6 10_link-to-sqlite.patch +d17615f539b4bc5bc57f2675c5921c1a 20_fix_spelling_errors.patch +637713ba62356c72962701e42e5132c1 30_fix-manpages.patch +dc6516d309f5719b01396b785e89c443 40_no_static_ldflags.patch +b2dcc6fba6e77cfd5f69d92e58480aab 50_disable_ant_clean.patch" +sha256sums="91b287f19798ae480083c15401686e4a041c15f7a92054a5c0320bcb65604723 sleuthkit-4.2.0.tar.gz +c714731280ad99a047db6157c78a14ae73d82f102a2fe545347f4578be685afe 10_link-to-sqlite.patch +c902b51f24f31085d908549764c727f72a17b1cfc84cfe2bf6f5d4418e401cb9 20_fix_spelling_errors.patch +a436650b9d8df1000c77cb760f0a4fd6ee4ce2fe31114cb7910cf12cd9bddfa1 30_fix-manpages.patch +b0be2897811ba1496f032d617c33e18d98be621b0db32844ea1168ff385b0817 40_no_static_ldflags.patch +53f5c92be2af8ff3af07bc8e773bbadf1879b4903a8c0bae87e06dfde42c9ef5 50_disable_ant_clean.patch" +sha512sums="977c16505848348ff9f0b838d2117fde64bc35c7ca2e8a9eecdeac25b19e9f82dc2e3ebbf28f672cd2a8be9ce692dc104ebae1c00320782f6fad8a34a3cabe99 sleuthkit-4.2.0.tar.gz +2e165e1020fbf5af7507dc19faa7f115617432a06239cba78bf991d2bfcb73823bc33b1b621c859df27c62675d1db58d197b997f7e47acf368d4bc59073fc849 10_link-to-sqlite.patch +392f0bff361a91fe3dbee99ce12bacb5f033cef8ef19255da47ef9a6fa4a6d73260231a7054962cd33a507b3613075f5528321d9569cbc1fbc34e6274397689f 20_fix_spelling_errors.patch +4b68367bff62c731c09ab9a95f810b11562f0942021825226ca8d5e846e54c64004f77ac587ea0377bcb5c50c9dcb33dba1caa8cffd717076cc13c9931dd2c9c 30_fix-manpages.patch +e0421b2fc4bb1d04d3bdb13805d060b386f700586d9e33728185eaff26eef14d5fdbf89979fb5d898dfeee7467f891b5d3c33441f9cb35af5f93d3d576e7cc26 40_no_static_ldflags.patch +cb0d17840f1b4570da1ee0d092f8716a7e073463658d4a7b1cddb74058c5eccf316fcbd2e7c5fba3af0f0adaaabe4e395bd5a41aa1438be615edacb8c6efd89d 50_disable_ant_clean.patch" |