204228 – Review Request: sleuthkit - Open Source forensic toolkit

Bug 204228 - Review Request: sleuthkit - Open Source forensic toolkit

Summary: Review Request: sleuthkit - Open Source forensic toolkit

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	Package Review
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody's working on this, feel free to take it
QA Contact:	Fedora Package Reviews List
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	FE-DEADREVIEW
TreeView+	depends on / blocked

Reported:	2006-08-27 10:04 UTC by Daniel Rindt
Modified:	2007-11-30 22:11 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2007-06-09 04:00:07 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Daniel Rindt 2006-08-27 10:04:55 UTC

Spec URL: http://rindt.name/fileadmin/download/fedora/SPECS/sleuthkit.spec
SRPM URL: http://rindt.name/fileadmin/download/fedora/SRPMS/sleuthkit-2.05-1.src.rpm
Description: The Sleuth Kit is a collection of UNIX-based command line file system
forensic tools that allow an investigator to examine NTFS, FAT, FFS,
EXT2FS, and EXT3FS file systems of a suspect computer in a non-intrusive
fashion.

The tools have a layer-based design and can extract data from internal
file system structures. Because the tools do not rely on the operating
system to process the file systems, deleted and hidden content is shown.

Comment 1 Till Maas 2006-08-27 11:04:58 UTC

NTFS support in sleuthkit may not be allowed, see:

http://fedoraproject.org/wiki/ForbiddenItems#head-e52c1870d4467fe40c9da546fe3328e4a2430834
https://bugzilla.redhat.com/65749

As well you should look at:
http://fedoraproject.org/wiki/Packaging/Guidelines
http://fedoraproject.org/wiki/Extras/Contributors

You seem not to be sponsored, so you need to block FE-NEEDSPONSOR.

Comment 2 Daniel Berrangé 2006-09-02 17:00:48 UTC

* The Packager & Vendor tags should not be included, nor refer to the Dag Wieers
repository. Please remove them.

* The %setup macro is better invoked with the -q arg since there is no need to
pollute build output with a list of files being extracted from the tar.gz

* The build process in the package is not honouring the $RPM_OPTS_FLAGS compiler
settings. For example - its compiling with -O -g :

gcc -DLINUX2 -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -DVER=\"2.05\"
-I../auxtools -I../imgtools -O -Wall  -g   -c -o jcat.o jcat.c

While current Fedora build flags are:

 -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector
--param=ssp-buffer-size=4

It would be very desirable to have the build process honour these options since
they enable various security protection measures. A cursory look at the source
code suggests it would probably need a patch applied to the Makefiles since they
are hand-written instead of using AutoTools. IMHO, such a patch would be
worthwhile, unless there are specific problems compiling the tools with these flags.

Comment 3 Daniel Rindt 2006-09-04 09:10:44 UTC

(In reply to comment #1)
> NTFS support in sleuthkit may not be allowed, see:
> 
>
http://fedoraproject.org/wiki/ForbiddenItems#head-e52c1870d4467fe40c9da546fe3328e4a2430834
> https://bugzilla.redhat.com/65749
> 
> As well you should look at:
> http://fedoraproject.org/wiki/Packaging/Guidelines
> http://fedoraproject.org/wiki/Extras/Contributors
> 
> You seem not to be sponsored, so you need to block FE-NEEDSPONSOR.
> 
> 

No one until today want to sponsor me... So grant me to review bad packages from
me. The Guidelines i remmber me just in the moment that sleuthkit support ntfs.
But i don't know how to disable. Possibly that the package review ends here. :/

Comment 4 Daniel Rindt 2006-09-04 09:13:49 UTC

(In reply to comment #2)
> * The Packager & Vendor tags should not be included, nor refer to the Dag Wieers
> repository. Please remove them.
Yes i remove.
> 
> * The %setup macro is better invoked with the -q arg since there is no need to
> pollute build output with a list of files being extracted from the tar.gz
Ok, will fix it.
> 
> * The build process in the package is not honouring the $RPM_OPTS_FLAGS compiler
> settings. For example - its compiling with -O -g :
> 
> gcc -DLINUX2 -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -DVER=\"2.05\"
> -I../auxtools -I../imgtools -O -Wall  -g   -c -o jcat.o jcat.c
> 
> While current Fedora build flags are:
> 
>  -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector
> --param=ssp-buffer-size=4
> 
> It would be very desirable to have the build process honour these options since
> they enable various security protection measures. A cursory look at the source
> code suggests it would probably need a patch applied to the Makefiles since they
> are hand-written instead of using AutoTools. IMHO, such a patch would be
> worthwhile, unless there are specific problems compiling the tools with these
flags.
> 
I have tried with the standard flags but it seems that the -j3 is the problem.
How i can filter it out?

Comment 5 Kevin Fenzi 2006-10-03 00:33:59 UTC

Since you are looking for sponsorship, you should take a look at: 

http://fedoraproject.org/wiki/Extras/HowToGetSponsored

Adding FE-NEEDSPONSOR. 

In reply to comment #4, perhaps you could ask the upstream source if they 
could change the setup to honor flags passed in? 
Otherwise you will have to look at patching the Makefile(s) yourself. :(

Comment 6 Kevin Fenzi 2007-06-02 04:01:02 UTC

Hey Daniel. Do you still wish to submit this package? 

If so, could you post an updated src.rpm and spec file? 
If I don't hear from you I will close this in 1 week.

Comment 7 Kevin Fenzi 2007-06-09 04:00:07 UTC

I'm going to go ahead and close this submission now. 

If you decide you want to continue, feel free to re-open it, or submit a new
request.

Note You need to log in before you can comment on or make changes to this bug.