Bug 487067 - (autopsy) Review Request: autopsy - Graphical front end for The Sleuth Kit Forensics software
Review Request: autopsy - Graphical front end for The Sleuth Kit Forensics so...
Status: CLOSED CANTFIX
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Till Maas
Fedora Extras Quality Assurance
:
Depends On:
Blocks: FE-SECLAB
  Show dependency treegraph
 
Reported: 2009-02-23 18:19 EST by Adam Miller
Modified: 2010-03-21 15:53 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-04-13 09:41:45 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Adam Miller 2009-02-23 18:19:32 EST
Spec URL: http://maxamillion.fedorapeople.org/autopsy.spec
SRPM URL: http://maxamillion.fedorapeople.org/autopsy-2.21-1.fc10.src.rpm
Description:

The Autopsy Forensic Browser is a graphical interface to utilities
found in The Sleuth Kit (TSK).  TSK is a collection of command line
tools that allow you to investigate a Windows or Unix system by
examining the hard disk contents.  TSK and Autopsy will show you
the files, data units, and metadata of NTFS, FAT, EXTxFS, and UFS
file system images in a read-only environment.  Autopsy allows you
to search for specific types of evidence based on keywords, MAC
times, hash values, and file types.

Autopsy is HTML-based and uses a client-server model.  The Autopsy
server runs on many UNIX systems and the client can be any platform
with an HTML browser.  This enables one to create a flexible
environment with a central Autopsy server and several remote clients.
For incident response scenarios, a CD with The Sleuth Kit and Autopsy
can be created to allow the responder read-only remote access to a
live suspect system from an HTML-browser on a trusted system.  Refer
to the README-live.txt file for more details.

Autopsy will not modify the original images and the integrity of
the images can be verified in Autopsy using MD5 values.  There are
help pages for the main analysis modes and The Sleuth Kit Informer
is a newsletter that adds additional documentation.
Comment 1 Suravee Suthikulpanit 2009-03-02 16:00:28 EST
This is an unofficial review.

- rpmlint -iv /root/rpmbuild/RPMS/noarch/autopsy-2.21-1.fc10.noarch.rpm 
autopsy.noarch: I: checking
autopsy.noarch: W: log-files-without-logrotate /var/log/autopsy
This package contains files in /var/log/ without adding logrotate
configuration for them.

autopsy.noarch: E: file-in-usr-marked-as-conffile /usr/share/autopsy/conf.pl
A file in /usr is marked as being a configuration file. Store your conf files
in /etc/ instead.

autopsy.noarch: E: file-in-usr-marked-as-conffile /usr/share/autopsy/lib/define.pl
A file in /usr is marked as being a configuration file. Store your conf files
in /etc/ instead.

1 packages and 0 specfiles checked; 2 errors, 1 warnings.


- Source0 has typo.
Original
http://download.sourceforge.net/autopsy/%{name}-%{version}.tar.gz
Should be
http://downloads.sourceforge.net/autopsy/%{name}-%{version}.tar.gz

- Build has warning:
    warning: File listed twice: /usr/share/autopsy/conf.pl
    warning: File listed twice: /usr/share/autopsy/lib/define.pl

- Installation failed
rpm -Uvh ~/rpmbuild/RPMS/noarch/autopsy-2.21-1.fc10.noarch.rpm 
error: Failed dependencies:
        perl(Main) is needed by autopsy-2.21-1.fc10.noarch
        perl(conf.pl) is needed by autopsy-2.21-1.fc10.noarch
        perl(define.pl) is needed by autopsy-2.21-1.fc10.noarch
        perl(lib::define.pl) is needed by autopsy-2.21-1.fc10.noarch
        perl(search.pl) is needed by autopsy-2.21-1.fc10.noarch


RECOMMENDS:
- Please see http://fedoraproject.org/wiki/Packaging/Perl

- Typo at the end of %description ("documentatio.n")

- In %install, instead of 
    install -d %{buildroot}%{_sbindir}
    install -m0755 autopsy %{buildroot}%{_sbindir}/autopsy
uses
    install -D -m0755 autopsy %{buildroot}%{_sbindir}/autopsy

- In %files, may I suggest the following:
    %defattr(-,root,root,-)
    %doc CHANGES.txt COPYING docs/*.txt INSTALL.txt README-LIVE.txt README.txt TODO.txt
    %dir %{_datadir}/autopsy
    %{_datadir}/autopsy/*
    %{_sbindir}/autopsy
    %{_sbindir}/make-live-cd
    %dir /var/log/autopsy
    %dir %{_localstatedir}/lib/morgue
    %{_mandir}/man1/*


OKAYS:
- Match latest upstream code
835938086e4ebec628408faa624c48927f261b7df4eeb2b041a293867ba79f5f  autopsy-2.21.tar.gz
835938086e4ebec628408faa624c48927f261b7df4eeb2b041a293867ba79f5f  /root/rpmbuild/SOURCES/autopsy-2.21.tar.gz
Comment 2 manuel wolfshant 2009-03-02 17:39:35 EST
(In reply to comment #1)

> - Installation failed
> rpm -Uvh ~/rpmbuild/RPMS/noarch/autopsy-2.21-1.fc10.noarch.rpm 
> error: Failed dependencies:
>         perl(Main) is needed by autopsy-2.21-1.fc10.noarch
>         perl(conf.pl) is needed by autopsy-2.21-1.fc10.noarch
>         perl(define.pl) is needed by autopsy-2.21-1.fc10.noarch
>         perl(lib::define.pl) is needed by autopsy-2.21-1.fc10.noarch
>         perl(search.pl) is needed by autopsy-2.21-1.fc10.noarch

 Suravee, please use "yum install" when testing if packages can be installed. "rpm -Uvh"  might lead to false conclusions due to the fact that it does not try to pull in dependencies from the repositories.
Comment 3 Adam Miller 2009-03-18 17:11:07 EDT
Spec URL: http://maxamillion.fedorapeople.org/autopsy.spec
SRPM URL: http://maxamillion.fedorapeople.org/autopsy-2.21-2.fc10.src.rpm

I have fixed that which was commented on. Thank you for your review, looking forward to further critique.
Comment 4 Till Maas 2009-03-31 08:04:43 EDT
(In reply to comment #2)
> (In reply to comment #1)
> 
> > - Installation failed
> > rpm -Uvh ~/rpmbuild/RPMS/noarch/autopsy-2.21-1.fc10.noarch.rpm 
> > error: Failed dependencies:
> >         perl(Main) is needed by autopsy-2.21-1.fc10.noarch
> >         perl(conf.pl) is needed by autopsy-2.21-1.fc10.noarch
> >         perl(define.pl) is needed by autopsy-2.21-1.fc10.noarch
> >         perl(lib::define.pl) is needed by autopsy-2.21-1.fc10.noarch
> >         perl(search.pl) is needed by autopsy-2.21-1.fc10.noarch
> 
>  Suravee, please use "yum install" when testing if packages can be installed.
> "rpm -Uvh"  might lead to false conclusions due to the fact that it does not
> try to pull in dependencies from the repositories.  

In this case, these are false provides/requires of private perl files from autopsys, that should not be provided/required by rpm:

https://fedoraproject.org/wiki/Packaging/Perl#Filtering_Requires:_and_Provides

This needs to be fixed. Here is a list of problematic files and the requires/provides:
http://fpaste.org/paste/7441


Another issue is, that "-p" is not used with install to preserve timestamps.
Comment 5 Adam Miller 2009-04-07 15:52:26 EDT
Spec URL: http://maxamillion.fedorapeople.org/autopsy.spec
SRPM URL: http://maxamillion.fedorapeople.org/autopsy-2.21-3.fc10.src.rpm

I have fixed the -p and added the scripts to fix the requires/provides issue. Thank you for your comments, looking forward to more.
Comment 6 Till Maas 2009-04-13 08:31:22 EDT
You have to adjust the filter scripts to the autopsy package, i.e. instead of literally writing "sed -e '/perl(unwanted_require)/d'", you have to add one sed command for each unwanted provides/requires entry, e.g.

sed -e '/perl(Main)/d' -d '/perl(conf.pl)/d'

and so on.

Also it is better to prefix the filter scripts with the name of the package, i.e. autopsy:

Source98: autopsy-filter-provides.sh

Or you use the prefered way and create the filter scripts in %prep, as there is suggested in the Perl Packaging Guidelines.

Also is sleuthkit really required at buildtime? It seems to build without any problems if it is not present.
Comment 7 Adam Miller 2009-04-13 09:41:45 EDT
I have unfortunately hit the reality that I would do this package no justice as I have far too little experience with the source of the upstream project. I'm closing this package review as I would not be a good maintainer. I would like to thank the package reviewers for their time and apologize for having wasted it.

-Adam

Note You need to log in before you can comment on or make changes to this bug.