Bug 230812 - Review Request: tcpxtract - tool for extracting files from network traffic based on file signatures
Review Request: tcpxtract - tool for extracting files from network traffic b...
Status: CLOSED NEXTRELEASE
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Mamoru TASAKA
Fedora Package Reviews List
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-03-02 19:55 EST by manuel wolfshant
Modified: 2014-09-30 15:37 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-03-09 20:46:18 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
mtasaka: fedora‑review+
limburgher: fedora‑cvs+


Attachments (Terms of Use)

  None (edit)
Description manuel wolfshant 2007-03-02 19:55:07 EST
Spec URL:http://wdl.lug.ro/linux/rpms/tcpxtract/tcpxtract.spec
SRPM URL: http://wdl.lug.ro/linux/rpms/tcpxtract/tcpxtract-1.0.1-2.src.rpm
Description:
tcpxtract is a tool for extracting files from network traffic based on
file signatures.
tcpxtract features the following:
 * Supports 26 popular file formats out-of-the-box. New formats can be
 added by simply editing its config file.
 * With a quick conversion, you can use your old Foremost config file
 with tcpxtract.
 * Custom written search algorithm is lightning fast and very scalable.
 * Search algorithm searches across packet boundries for total coverage
 and forensic quality.
 * Uses libpcap, a popular, portable and stable library for network data
 capture
 * Can be used against a live network or a tcpdump formatted capture file.
Comment 1 Mamoru TASAKA 2007-03-02 21:19:14 EST
A comment (well, I am currently reviewing more than 10 bugs,
so I hope someone else will review this report).

* hardcoded path 
  - The path of DEFAULT_CONFIG_FILE is hardcoded, which should be
    avoided generally.
  * If it cannot be avoided to use hardcoded path, so don't use
    %{_sysconfdir} and use hardcoded path in spec file to make
    them consistent
  * Generally, the method like
----------------------------------------------------------
%{__sed} -i.path -e '/DEFAULT_CONFIG_FILE/s|/usr/local/etc|%{_sysconfdir}||'
tcpxtract.c
----------------------------------------------------------
     is used to pass macro correctly.

* Timestamps
  - Keep timestamps on man file and conf file. Perhaps
----------------------------------------------------------
make install DESTDIR=$RPM_BUILD_ROOT install="%{_install} -c -p"
----------------------------------------------------------
    will do the trick.
Comment 2 Mamoru TASAKA 2007-03-02 21:31:17 EST
... correct one is 
-e '/DEFAULT_CONFIG_FILE/s|/usr/local/etc|%{_sysconfdir}|'
Comment 3 manuel wolfshant 2007-03-03 09:34:06 EST
Thank you for your comments, Mamoru

I hope you have noticed that exactly because of the hard coded path of
DEFAULT_CONFIG_FILE I have included a patch (in release -2). However, because
your method seems cleaner (will work even if sometime in the future the
sysconfdir is modified), I have removed the patch and used your method (release -3)
Since the man page is compressed during build, the timestamp of the file which
is included in the binary rpm will be the time of the rpm build, not the one of
the original man page, so no real reason for using "install -p" for it. However
I have added "install -p" for the sake of compliance with the general accepted
usage and for the config file.

New versions are available at
http://wdl.lug.ro/linux/rpms/tcpxtract/tcpxtract.spec
http://wdl.lug.ro/linux/rpms/tcpxtract/tcpxtract-1.0.1-3.src.rpm
Comment 4 Ingvar Hagelund 2007-03-03 17:48:31 EST
> Since the man page is compressed during build, the timestamp of the
> file which is included in the binary rpm will be the time of the rpm
> build, not the one of the original man page, so no real reason for
> using "install -p" for it

Just for the record, this is not right if gzip is used correctly.
gzip does by default not change the timestamp on a file after it
is compressed.

$ LANG=C date
Sat Mar  3 23:44:52 CET 2007

$ ls -l foo
-rw-rw-r-- 1 ingvar ingvar 860866 feb 20 20:51 foo

$ gzip foo; ls -l foo.gz 
-rw-rw-r-- 1 ingvar ingvar 146748 feb 20 20:51 foo.gz

Ingvar
Comment 5 manuel wolfshant 2007-03-03 22:48:40 EST
New version of spec and src.rpm uploaded at
http://wdl.lug.ro/linux/rpms/tcpxtract/tcpxtract.spec
http://wdl.lug.ro/linux/rpms/tcpxtract/tcpxtract-1.0.1-4.src.rpm

This time it really keeps the timestamps. A couple of errors were present in the
timestamp preservation part of the spec.
Comment 6 Mamoru TASAKA 2007-03-07 12:57:10 EST
Well, for -4:

(Well, %{_install} was my typo, it should actually be
 %{__install}... sorry)

* macro
--------------------------------------
%configure --sysconfdir=/etc --prefix=/
--------------------------------------
  Perhaps this "sysconfdir" is used to direct where tcpxtract.conf
  is installed (according to "install-sysconfDATA" of Makefile.in)
  So this should be %configure --sysconfdir=%{_sysconfdir}
  as you use
-------------------------------------
%{__sed} -i.path -e '/DEFAULT_CONFIG_FILE/s#/usr/local/etc#%{_sysconfdir}#'
tcpxtract.c
-------------------------------------

  After this fix I will approve this package.
Comment 7 manuel wolfshant 2007-03-07 22:25:19 EST
Goos catch, thank you Mamoru. Those were leftovers since the struggle to
convince make to place the config file in /etc, but before patching Makefile.
Removed.

New version available at 
http://wdl.lug.ro/linux/rpms/tcpxtract/tcpxtract.spec
http://wdl.lug.ro/linux/rpms/tcpxtract/tcpxtract-1.0.1-5.src.rpm
Comment 8 Mamoru TASAKA 2007-03-08 09:08:37 EST
Okay.

-----------------------------------------------
  This package (tcpxtract) is APPROVED by me.
-----------------------------------------------
Comment 9 manuel wolfshant 2007-03-08 10:31:37 EST
I've modified a bit the spec to make it build in EPEL-4 (conditional BR: .el4->
libpcap, anything else -> libpcap.devel).

The new version is available at 
http://wdl.lug.ro/linux/rpms/tcpxtract/tcpxtract.spec
http://wdl.lug.ro/linux/rpms/tcpxtract/tcpxtract-1.0.1-6.src.rpm
Comment 10 manuel wolfshant 2007-03-08 10:39:10 EST
 New Package CVS Request
=======================
Package Name: tcpxtract
Short Description: tcpxtract is a tool for extracting files from network traffic
based on file signatures
Owners: wolfy@nobugconsulting.ro
Branches: EPEL-4 FC-6
InitialCC: 
Comment 11 Dennis Gilmore 2007-03-08 20:51:46 EST
Branched
Comment 12 manuel wolfshant 2007-03-09 20:46:18 EST
built.

thanks to Mamoru for review, thl, Gianlu and Xavier for the help in doing "yum
install brain"

closing.
Comment 13 manuel wolfshant 2007-08-08 10:30:36 EDT
Package Change Request
======================
Package Name: tcpxtract
New Branches: EL-5
Comment 14 Kevin Fenzi 2007-08-08 16:52:44 EDT
cvs done.
Comment 15 manuel wolfshant 2014-09-30 13:31:40 EDT
Package Change Request
======================
Package Name: tcpxtract
New Branches: EPEL-7
Owners: wolfy
InitialCC: fab
Comment 16 Gwyn Ciesla 2014-09-30 15:37:00 EDT
Git done (by process-git-requests).

Corrected branch name.

Note You need to log in before you can comment on or make changes to this bug.