I would like to contribute sleuthkit. Also present in Debian, Fedora,
Ubuntu, ...
SUMMARY="Tools for analysis of volume and filesystem data"
DESCRIPTION="The Sleuth Kit (TSK) is a collection of command line tools
for disk images. It allows to analyze volume and filesystem data,
examine disk layout, recover deleted files, etc. Many partition and
filesystem formats are supported."
libtsk_SUMMARY="${SUMMARY} (runtime)"
libtsk_devel_SUMMARY="${SUMMARY} (development)"
I'm not sure about the LICENSE string:
LICENSE="CPL-1.0 AND GPL-2.0-or-later"
The license/README.md file mentions a bunch of licenses, see comment in
cygport file. CPL-1.0 is the main license, one separate tool uses
GPL-2.0-or-later.
The source package supports reproducible builds except for libtsk-devel
(timestamps in *.a files).
Abbreviated list of files:
sleuthkit-4.12.1-1.tar.xz:
usr/bin/blkcalc.exe
usr/bin/blkcat.exe
usr/bin/blkls.exe
usr/bin/blkstat.exe
usr/bin/fcat.exe
usr/bin/ffind.exe
usr/bin/fiwalk.exe
usr/bin/fls.exe
usr/bin/fsstat.exe
usr/bin/hfind.exe
usr/bin/icat.exe
usr/bin/ifind.exe
usr/bin/ils.exe
usr/bin/img_cat.exe
usr/bin/img_stat.exe
usr/bin/istat.exe
usr/bin/jcat.exe
usr/bin/jls.exe
usr/bin/jpeg_extract.exe
usr/bin/mactime
usr/bin/mmcat.exe
usr/bin/mmls.exe
usr/bin/mmstat.exe
usr/bin/pstat.exe
usr/bin/sigfind.exe
usr/bin/sorter
usr/bin/srch_strings.exe
usr/bin/tsk_comparedir.exe
usr/bin/tsk_gettimes.exe
usr/bin/tsk_imageinfo.exe
usr/bin/tsk_loaddb.exe
usr/bin/tsk_recover.exe
usr/bin/usnjls.exe
usr/share/doc/sleuthkit/*
usr/share/man/man1/*
usr/share/tsk/sorter/*.sort
libtsk-4.12.1-1.tar.xz:
usr/bin/cygtsk-19.dll
libtsk-devel-4.12.1-1.tar.xz:
usr/include/tsk/*
usr/lib/libtsk.a
usr/lib/libtsk.dll.a
usr/lib/pkgconfig/tsk.pc
usr/share/doc/sleuthkit/samples/*.cpp
====================
Real world use case: Check whether the SSD TRIM command actually works:
$ # Create a test file (> ~3*256B to prevent resident file)
$ printf 'Line %s\n' {0001..0100} > trim_check
$ # Get full path of file
$ cygpath -am trim_check
D:/tmp/trim_check
$ # Find raw device of partition
$ grep D: /proc/partitions # or: ls -l /dev/disk/by-drive/d
8 20 629145944 sdb4 D:\
$ # Find inode (here: $MFT index) of file
$ ifind -n /tmp/trim_check /dev/sdb4
339065
$ # Find cluster(s) used by inode
$ istat /dev/sdb4 339065
...
Name: TRIM_C~1
...
Name: trim_check
...
Type: $DATA (128-4) Name: N/A Non-Resident size: 1000 init_size: 1000
7876740
$ # Read cluster (assumes 4KiB cluster size, could be checked with fsstat)
$ dd if=/dev/sdb4 bs=4096 count=1 skip=7876740 iflag=direct status=none
| cat -A
Line 0001$
Line 0002$
...
$ # Remove file, flush buffers and wait
$ rm trim_check; sync; sleep 10
$ # Re-read cluster
$ dd if=/dev/sdb4 bs=4096 count=1 skip=7876740 iflag=direct status=none | od
0000000 000000 000000 000000 000000 000000 000000 000000 000000
*
0010000
$ echo "TRIM works!"
TRIM works!
====================
--
Regards,
Christian
# cygport script for sleuthkit
NAME=sleuthkit
VERSION=4.12.1
RELEASE=1
SOURCE_DATE="2024-03-02 11:00:00 UTC"
SUMMARY="Tools for analysis of volume and filesystem data"
DESCRIPTION="The Sleuth Kit (TSK) is a collection of command line tools
for disk images. It allows to analyze volume and filesystem data,
examine disk layout, recover deleted files, etc. Many partition and
filesystem formats are supported."
LICENSE="CPL-1.0 AND GPL-2.0-or-later"
# Licenses mentioned in licenses/README.md:
# Apache-2.0 # case-uco/*, win32/rejistry++/* (code not used)
# BSD-3-Clause # samples/*, tsk/fs/lzvn.c
# CPL-1.0 # The Sleuth Kit (TSK) license
# GPL-2.0-or-later # tools/srchtools/srch_strings.c
# GPL-3.0-or-later # m4/ax_pthread.m4 (... WITH Autoconf-exception-3.0)
# IPL-1.0 # The Coroner's Toolkit (TCT) license
# ISC # tools/fiwalk/src/base64.*
# "public domain" # tools/fiwalk/*, tsk/base/sha1.c
# MIT # tsk/auto/guid.cpp
# RSA-MD # tsk/base/md5c.c
# "Unicode" # tsk/base/tsk_unicode.*
CATEGORY="Utils"
PKG_NAMES="sleuthkit libtsk libtsk-devel"
REQUIRES="" # libgcc1 libstdc++6 libtsk perl-DateTime-TimeZone perl_base
libtsk_REQUIRES="" # libgcc1 libsqlite3_0 libstdc++6 zlib0
libtsk_devel_REQUIRES="" # libtsk pkg-config
BUILD_REQUIRES="
binutils cygwin-devel gcc-g++ gzip libsqlite3-devel perl_base zlib-devel
" # make
HOMEPAGE="https://www.sleuthkit.org/sleuthkit/";
SRC_URI="https://github.com/sleuthkit/sleuthkit/releases/download/${P}/${P}.tar.gz";
libtsk_SUMMARY="${SUMMARY} (runtime)"
libtsk_DESCRIPTION="${DESCRIPTION}
This package contains the runtime library for sleuthkit."
libtsk_devel_SUMMARY="${SUMMARY} (development)"
libtsk_devel_DESCRIPTION="${DESCRIPTION}
This package contains the development files for libtsk."
sleuthkit_CONTENTS="
--exclude=usr/bin/cygtsk-*.dll
--exclude=usr/share/doc/${PN}/samples
usr/bin
usr/share
"
libtsk_CONTENTS="
usr/bin/cygtsk-*.dll
"
libtsk_devel_CONTENTS="
usr/include/tsk
usr/lib
usr/share/doc/${PN}/samples
"
export SOURCE_DATE_EPOCH=$(date -d "$SOURCE_DATE" +%s)
src_compile() {
cd ${B}
# Some include paths are not correct for builds outside of srcdir
lndirs
# Prevent fallback to libsqlite3 from source distribution
test -f /usr/lib/libsqlite3.dll.a || error "Package libsqlite-devel is
required"
# _GNU_SOURCE is required for strcasecmp(), vasprintf(), ...
# configure sets LIBTSK_LDFLAGS="-no-undefined" only for MinGW
cygconf --enable-shared --enable-static \
--with-gnu-ld --with-zlib \
--disable-cppunit --disable-java \
--without-afflib --without-libbfio --without-libewf \
--without-libvhdi --without-libvmdk --without-libvslvm \
CPPFLAGS=-D_GNU_SOURCE \
LIBTSK_LDFLAGS="-no-undefined"
# 'LDFLAGS = @LDFLAGS@ -static' is predefined in all Makefile.am
# Set to empty as '-shared' would suppress the build of the static lib
cygmake LDFLAGS="${LDFLAGS}"
}
src_install() {
cd ${B}
cyginstall
cd ${S}
dodoc docs licenses
docinto samples
dodoc samples/*.cpp
cd ${D}/usr/share/doc/${PN}/licenses
rm -fv Apache-LICENSE-2.0.txt GNUv3-COPYING # unused
gzip -9nv *
}
