Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 204228 - Review Request: sleuthkit - Open Source forensic toolkit
Summary: Review Request: sleuthkit - Open Source forensic toolkit
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody's working on this, feel free to take it
QA Contact: Fedora Package Reviews List
URL:
Whiteboard:
Depends On:
Blocks: FE-DEADREVIEW
TreeView+ depends on / blocked
 
Reported: 2006-08-27 10:04 UTC by Daniel Rindt
Modified: 2007-11-30 22:11 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-06-09 04:00:07 UTC


Attachments (Terms of Use)

Description Daniel Rindt 2006-08-27 10:04:55 UTC
Spec URL: http://rindt.name/fileadmin/download/fedora/SPECS/sleuthkit.spec
SRPM URL: http://rindt.name/fileadmin/download/fedora/SRPMS/sleuthkit-2.05-1.src.rpm
Description: The Sleuth Kit is a collection of UNIX-based command line file system
forensic tools that allow an investigator to examine NTFS, FAT, FFS,
EXT2FS, and EXT3FS file systems of a suspect computer in a non-intrusive
fashion.

The tools have a layer-based design and can extract data from internal
file system structures. Because the tools do not rely on the operating
system to process the file systems, deleted and hidden content is shown.

Comment 1 Till Maas 2006-08-27 11:04:58 UTC
NTFS support in sleuthkit may not be allowed, see:

http://fedoraproject.org/wiki/ForbiddenItems#head-e52c1870d4467fe40c9da546fe3328e4a2430834
https://bugzilla.redhat.com/65749

As well you should look at:
http://fedoraproject.org/wiki/Packaging/Guidelines
http://fedoraproject.org/wiki/Extras/Contributors

You seem not to be sponsored, so you need to block FE-NEEDSPONSOR.



Comment 2 Daniel Berrange 2006-09-02 17:00:48 UTC
* The Packager & Vendor tags should not be included, nor refer to the Dag Wieers
repository. Please remove them.

* The %setup macro is better invoked with the -q arg since there is no need to
pollute build output with a list of files being extracted from the tar.gz

* The build process in the package is not honouring the $RPM_OPTS_FLAGS compiler
settings. For example - its compiling with -O -g :

gcc -DLINUX2 -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -DVER=\"2.05\"
-I../auxtools -I../imgtools -O -Wall  -g   -c -o jcat.o jcat.c

While current Fedora build flags are:

 -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector
--param=ssp-buffer-size=4

It would be very desirable to have the build process honour these options since
they enable various security protection measures. A cursory look at the source
code suggests it would probably need a patch applied to the Makefiles since they
are hand-written instead of using AutoTools. IMHO, such a patch would be
worthwhile, unless there are specific problems compiling the tools with these flags.


Comment 3 Daniel Rindt 2006-09-04 09:10:44 UTC
(In reply to comment #1)
> NTFS support in sleuthkit may not be allowed, see:
> 
>
http://fedoraproject.org/wiki/ForbiddenItems#head-e52c1870d4467fe40c9da546fe3328e4a2430834
> https://bugzilla.redhat.com/65749
> 
> As well you should look at:
> http://fedoraproject.org/wiki/Packaging/Guidelines
> http://fedoraproject.org/wiki/Extras/Contributors
> 
> You seem not to be sponsored, so you need to block FE-NEEDSPONSOR.
> 
> 

No one until today want to sponsor me... So grant me to review bad packages from
me. The Guidelines i remmber me just in the moment that sleuthkit support ntfs.
But i don't know how to disable. Possibly that the package review ends here. :/

Comment 4 Daniel Rindt 2006-09-04 09:13:49 UTC
(In reply to comment #2)
> * The Packager & Vendor tags should not be included, nor refer to the Dag Wieers
> repository. Please remove them.
Yes i remove.
> 
> * The %setup macro is better invoked with the -q arg since there is no need to
> pollute build output with a list of files being extracted from the tar.gz
Ok, will fix it.
> 
> * The build process in the package is not honouring the $RPM_OPTS_FLAGS compiler
> settings. For example - its compiling with -O -g :
> 
> gcc -DLINUX2 -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -DVER=\"2.05\"
> -I../auxtools -I../imgtools -O -Wall  -g   -c -o jcat.o jcat.c
> 
> While current Fedora build flags are:
> 
>  -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector
> --param=ssp-buffer-size=4
> 
> It would be very desirable to have the build process honour these options since
> they enable various security protection measures. A cursory look at the source
> code suggests it would probably need a patch applied to the Makefiles since they
> are hand-written instead of using AutoTools. IMHO, such a patch would be
> worthwhile, unless there are specific problems compiling the tools with these
flags.
> 
I have tried with the standard flags but it seems that the -j3 is the problem.
How i can filter it out?

Comment 5 Kevin Fenzi 2006-10-03 00:33:59 UTC
Since you are looking for sponsorship, you should take a look at: 

http://fedoraproject.org/wiki/Extras/HowToGetSponsored

Adding FE-NEEDSPONSOR. 

In reply to comment #4, perhaps you could ask the upstream source if they 
could change the setup to honor flags passed in? 
Otherwise you will have to look at patching the Makefile(s) yourself. :( 

Comment 6 Kevin Fenzi 2007-06-02 04:01:02 UTC
Hey Daniel. Do you still wish to submit this package? 

If so, could you post an updated src.rpm and spec file? 
If I don't hear from you I will close this in 1 week. 

Comment 7 Kevin Fenzi 2007-06-09 04:00:07 UTC
I'm going to go ahead and close this submission now. 

If you decide you want to continue, feel free to re-open it, or submit a new
request. 


Note You need to log in before you can comment on or make changes to this bug.