From f532837046910ae6a2a6025a010ba67305787b77 Mon Sep 17 00:00:00 2001
From: "Ralf S. Engelschall" <rse@openpkg.org>
Date: Sun, 14 Dec 2003 10:02:26 +0000
Subject: [PATCH] new package: sleuthkit 1.66 (Forensic Analysis Toolkit)

---
 sleuthkit/sleuthkit.spec | 107 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 107 insertions(+)
 create mode 100644 sleuthkit/sleuthkit.spec

diff --git a/sleuthkit/sleuthkit.spec b/sleuthkit/sleuthkit.spec
new file mode 100644
index 0000000000..1c017b4627
--- /dev/null
+++ b/sleuthkit/sleuthkit.spec
@@ -0,0 +1,107 @@
+##
+##  sleuthkit.spec -- OpenPKG RPM Specification
+##  Copyright (c) 2000-2003 The OpenPKG Project <http://www.openpkg.org/>
+##  Copyright (c) 2000-2003 Ralf S. Engelschall <rse@engelschall.com>
+##  Copyright (c) 2000-2003 Cable & Wireless <http://www.cw.com/>
+##
+##  Permission to use, copy, modify, and distribute this software for
+##  any purpose with or without fee is hereby granted, provided that
+##  the above copyright notice and this permission notice appear in all
+##  copies.
+##
+##  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
+##  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+##  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+##  IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR
+##  CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+##  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+##  LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+##  USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+##  ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+##  OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+##  OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+##  SUCH DAMAGE.
+##
+
+#   package information
+Name:         sleuthkit
+Summary:      Forensic Analysis Toolkit
+URL:          http://www.sleuthkit.org/
+Vendor:       Brian Carrier et al.
+Packager:     The OpenPKG Project
+Distribution: OpenPKG [EVAL]
+Group:        System
+License:      GPL
+Version:      1.66
+Release:      20031214
+
+#   list of sources
+Source0:      http://osdn.dl.sourceforge.net/sleuthkit/sleuthkit-%{version}.tar.gz
+
+#   build information
+Prefix:       %{l_prefix}
+BuildRoot:    %{l_buildroot}
+BuildPreReq:  OpenPKG, openpkg >= 20030103, perl, perl-time
+PreReq:       OpenPKG, openpkg >= 20030103, perl, perl-time, file
+AutoReq:      no
+AutoReqProv:  no
+
+%description
+    The Sleuth Kit (previously known as TASK) is a collection of
+    UNIX-based command line file system and media management forensic
+    analysis tools. The file system tools allow you to examine NTFS,
+    FAT, FFS, EXT2FS, and EXT3FS file systems of a suspect computer in
+    a non-intrusive fashion. The tools have a layer-based design and
+    can extract data from the internal file system structures. Because
+    the tools do not rely on the operating system to process the file
+    systems, deleted and hidden content is shown. The media management
+    tools allow you to examine the layout of disks and other media. The
+    Sleuth Kit supports DOS partitions, BSD partitions (disk labels),
+    Mac partitions, and Sun slices (Volume Table of Contents). With
+    these tools, you can identify where partitions are located and
+    extract them so that they can be analyzed with file system analysis
+    tools.
+
+%prep
+    %setup -q
+
+%build
+    #   build programs
+    %{l_make} %{l_mflags} \
+        CC="%{l_cc} %{l_cflags -O}"
+
+    #   remove local file(1), because we use OpenPKG "file" package
+    rm -f bin/file
+    rm -f man/man1/file.1
+
+    #   adjust Perl scripts
+    %{l_shtool} subst \
+        -e 's;#!/usr/bin/perl;%!{l_prefix}/bin/perl;' \
+        -e 's;\(SK_DIR="\)[^"]*\("\);\1%{l_prefix}\2;' \
+        -e 's;/share/sorter;%{l_prefix}/share/sleuthkit/sorter;' \
+        bin/sorter
+    %{l_shtool} subst \
+        -e 's;#!/usr/bin/perl;%!{l_prefix}/bin/perl;' \
+        -e '/^use lib.*/d' \
+        bin/mactime
+
+%install
+    rm -rf $RPM_BUILD_ROOT
+    %{l_shtool} mkdir -f -p -m 755 \
+        $RPM_BUILD_ROOT%{l_prefix}/bin \
+        $RPM_BUILD_ROOT%{l_prefix}/man/man1 \
+        $RPM_BUILD_ROOT%{l_prefix}/share/sleuthkit/sorter
+    %{l_shtool} install -c -m 755 \
+        bin/* $RPM_BUILD_ROOT%{l_prefix}/bin/
+    %{l_shtool} install -c -m 644 \
+        man/man1/*.1 $RPM_BUILD_ROOT%{l_prefix}/man/man1/
+    %{l_shtool} install -c -m 644 \
+        share/sorter/* $RPM_BUILD_ROOT%{l_prefix}/share/sleuthkit/sorter/
+    strip $RPM_BUILD_ROOT%{l_prefix}/bin/* >/dev/null 2>&1 || true
+    %{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT %{l_files_std}
+
+%files -f files
+
+%clean
+    rm -rf $RPM_BUILD_ROOT
+