Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 230812 - Review Request: tcpxtract - tool for extracting files from network traffic based on file signatures
Summary: Review Request: tcpxtract - tool for extracting files from network traffic b...
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Mamoru TASAKA
QA Contact: Fedora Package Reviews List
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-03-03 00:55 UTC by manuel wolfshant
Modified: 2014-09-30 19:37 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-03-10 01:46:18 UTC
mtasaka: fedora-review+
gwync: fedora-cvs+


Attachments (Terms of Use)

Description manuel wolfshant 2007-03-03 00:55:07 UTC
Spec URL:http://wdl.lug.ro/linux/rpms/tcpxtract/tcpxtract.spec
SRPM URL: http://wdl.lug.ro/linux/rpms/tcpxtract/tcpxtract-1.0.1-2.src.rpm
Description:
tcpxtract is a tool for extracting files from network traffic based on
file signatures.
tcpxtract features the following:
 * Supports 26 popular file formats out-of-the-box. New formats can be
 added by simply editing its config file.
 * With a quick conversion, you can use your old Foremost config file
 with tcpxtract.
 * Custom written search algorithm is lightning fast and very scalable.
 * Search algorithm searches across packet boundries for total coverage
 and forensic quality.
 * Uses libpcap, a popular, portable and stable library for network data
 capture
 * Can be used against a live network or a tcpdump formatted capture file.

Comment 1 Mamoru TASAKA 2007-03-03 02:19:14 UTC
A comment (well, I am currently reviewing more than 10 bugs,
so I hope someone else will review this report).

* hardcoded path 
  - The path of DEFAULT_CONFIG_FILE is hardcoded, which should be
    avoided generally.
  * If it cannot be avoided to use hardcoded path, so don't use
    %{_sysconfdir} and use hardcoded path in spec file to make
    them consistent
  * Generally, the method like
----------------------------------------------------------
%{__sed} -i.path -e '/DEFAULT_CONFIG_FILE/s|/usr/local/etc|%{_sysconfdir}||'
tcpxtract.c
----------------------------------------------------------
     is used to pass macro correctly.

* Timestamps
  - Keep timestamps on man file and conf file. Perhaps
----------------------------------------------------------
make install DESTDIR=$RPM_BUILD_ROOT install="%{_install} -c -p"
----------------------------------------------------------
    will do the trick.

Comment 2 Mamoru TASAKA 2007-03-03 02:31:17 UTC
... correct one is 
-e '/DEFAULT_CONFIG_FILE/s|/usr/local/etc|%{_sysconfdir}|'

Comment 3 manuel wolfshant 2007-03-03 14:34:06 UTC
Thank you for your comments, Mamoru

I hope you have noticed that exactly because of the hard coded path of
DEFAULT_CONFIG_FILE I have included a patch (in release -2). However, because
your method seems cleaner (will work even if sometime in the future the
sysconfdir is modified), I have removed the patch and used your method (release -3)
Since the man page is compressed during build, the timestamp of the file which
is included in the binary rpm will be the time of the rpm build, not the one of
the original man page, so no real reason for using "install -p" for it. However
I have added "install -p" for the sake of compliance with the general accepted
usage and for the config file.

New versions are available at
http://wdl.lug.ro/linux/rpms/tcpxtract/tcpxtract.spec
http://wdl.lug.ro/linux/rpms/tcpxtract/tcpxtract-1.0.1-3.src.rpm

Comment 4 Ingvar Hagelund 2007-03-03 22:48:31 UTC
> Since the man page is compressed during build, the timestamp of the
> file which is included in the binary rpm will be the time of the rpm
> build, not the one of the original man page, so no real reason for
> using "install -p" for it

Just for the record, this is not right if gzip is used correctly.
gzip does by default not change the timestamp on a file after it
is compressed.

$ LANG=C date
Sat Mar  3 23:44:52 CET 2007

$ ls -l foo
-rw-rw-r-- 1 ingvar ingvar 860866 feb 20 20:51 foo

$ gzip foo; ls -l foo.gz 
-rw-rw-r-- 1 ingvar ingvar 146748 feb 20 20:51 foo.gz

Ingvar


Comment 5 manuel wolfshant 2007-03-04 03:48:40 UTC
New version of spec and src.rpm uploaded at
http://wdl.lug.ro/linux/rpms/tcpxtract/tcpxtract.spec
http://wdl.lug.ro/linux/rpms/tcpxtract/tcpxtract-1.0.1-4.src.rpm

This time it really keeps the timestamps. A couple of errors were present in the
timestamp preservation part of the spec.


Comment 6 Mamoru TASAKA 2007-03-07 17:57:10 UTC
Well, for -4:

(Well, %{_install} was my typo, it should actually be
 %{__install}... sorry)

* macro
--------------------------------------
%configure --sysconfdir=/etc --prefix=/
--------------------------------------
  Perhaps this "sysconfdir" is used to direct where tcpxtract.conf
  is installed (according to "install-sysconfDATA" of Makefile.in)
  So this should be %configure --sysconfdir=%{_sysconfdir}
  as you use
-------------------------------------
%{__sed} -i.path -e '/DEFAULT_CONFIG_FILE/s#/usr/local/etc#%{_sysconfdir}#'
tcpxtract.c
-------------------------------------

  After this fix I will approve this package.

Comment 7 manuel wolfshant 2007-03-08 03:25:19 UTC
Goos catch, thank you Mamoru. Those were leftovers since the struggle to
convince make to place the config file in /etc, but before patching Makefile.
Removed.

New version available at 
http://wdl.lug.ro/linux/rpms/tcpxtract/tcpxtract.spec
http://wdl.lug.ro/linux/rpms/tcpxtract/tcpxtract-1.0.1-5.src.rpm

Comment 8 Mamoru TASAKA 2007-03-08 14:08:37 UTC
Okay.

-----------------------------------------------
  This package (tcpxtract) is APPROVED by me.
-----------------------------------------------

Comment 9 manuel wolfshant 2007-03-08 15:31:37 UTC
I've modified a bit the spec to make it build in EPEL-4 (conditional BR: .el4->
libpcap, anything else -> libpcap.devel).

The new version is available at 
http://wdl.lug.ro/linux/rpms/tcpxtract/tcpxtract.spec
http://wdl.lug.ro/linux/rpms/tcpxtract/tcpxtract-1.0.1-6.src.rpm


Comment 10 manuel wolfshant 2007-03-08 15:39:10 UTC
 New Package CVS Request
=======================
Package Name: tcpxtract
Short Description: tcpxtract is a tool for extracting files from network traffic
based on file signatures
Owners: wolfy@nobugconsulting.ro
Branches: EPEL-4 FC-6
InitialCC: 

Comment 11 Dennis Gilmore 2007-03-09 01:51:46 UTC
Branched

Comment 12 manuel wolfshant 2007-03-10 01:46:18 UTC
built.

thanks to Mamoru for review, thl, Gianlu and Xavier for the help in doing "yum
install brain"

closing.

Comment 13 manuel wolfshant 2007-08-08 14:30:36 UTC
Package Change Request
======================
Package Name: tcpxtract
New Branches: EL-5

Comment 14 Kevin Fenzi 2007-08-08 20:52:44 UTC
cvs done.

Comment 15 manuel wolfshant 2014-09-30 17:31:40 UTC
Package Change Request
======================
Package Name: tcpxtract
New Branches: EPEL-7
Owners: wolfy
InitialCC: fab

Comment 16 Gwyn Ciesla 2014-09-30 19:37:00 UTC
Git done (by process-git-requests).

Corrected branch name.


Note You need to log in before you can comment on or make changes to this bug.