ekristen
commented
7 years ago Most likely something else has the package update system locked such as the update manager.
Closed Lou511 closed 7 years ago
ekristen
commented
7 years ago Most likely something else has the package update system locked such as the update manager.
Lou511
commented
7 years ago Ok. How should I approach the update manager? Which options should I de-select from the update manager "updates" tab? Not sure if that's where I should start. I recall disabling updates, or something related to updates in the software/updates settings (when I used the previous version of SIFT for an academic course). The theory was disabling updates should be done, since manual updates via terminal were the routine for the course - and good for general practice. Please advise. Thank you!
ekristen
commented
7 years ago There is a sift-install.log in your home directory that would have more about the errors, but there are a few different things that could be blocking updates. I would make sure there are no software update windows open after that if it still doesn't work look at the sift-install.log.
If that still fails then I would google how to make sure nothing has a lock on apt.
Lou511
commented
7 years ago Ok thank you. I looked at the install log, and to be honest, I don't know what I'm looking at. I am unsure which part of the log reflects the errors I encountered today.
I did some poking around on google re: the update manager, and attempting to find the culprit process. Ultimately, a little more digging got me to an output from the terminal indicating a problem with unmet dependencies for python-dvfvs. In particular, python-pytsk3 is not installed. I tried to install, and got an error indicating the install can't overwrite a pre-existing file:
Preparing to unpack .../python-pytsk3_20160721-1ppa1~trusty_amd64.deb ... Unpacking python-pytsk3 (20160721-1ppa1~trusty) ... dpkg: error processing archive /var/cache/apt/archives/python-pytsk3_20160721-1ppa1~trusty_amd64.deb (--unpack): trying to overwrite '/usr/lib/python2.7/dist-packages/pytsk3.so', which is also in package pytsk3 4.2.0-20150406-1ppa1~trusty dpkg-deb: error: subprocess paste was killed by signal (Broken pipe) Errors were encountered while processing: /var/cache/apt/archives/python-pytsk3_20160721-1ppa1~trusty_amd64.deb E: Sub-process /usr/bin/dpkg returned an error code (1)
I'm not sure if I went to far and skipped a few steps in determining the root cause of my issue, and found another issue. Or, if this issue is linked to my errors with update-sift command.
Lou511
commented
7 years ago Erik, I looked at the log you referenced. I found the following section pertaining to my 'update-sift' command (or so it appears):
Fetching with LWP: http://www.perl.org/CPAN/modules/02packages.details.txt.gz Reading '/home/sansforensics/.cpan/sources/modules/02packages.details.txt.gz' Database was generated on Fri, 06 Jan 2017 20:29:03 GMT ............. New CPAN.pm version (v2.14) available. [Currently running version is v2.00] You might want to try install CPAN reload cpan to both upgrade CPAN.pm and run the new version without leaving the current session.
...............................................................DONE Fetching with LWP: http://www.perl.org/CPAN/modules/03modlist.data.gz Reading '/home/sansforensics/.cpan/sources/modules/03modlist.data.gz' DONE Writing /home/sansforensics/.cpan/Metadata Net::Wigle is up to date (0.07). Cloning into '/tmp/sift-files'... Submodule '4n6-scripts' (https://github.com/cheeky4n6monkey/4n6-scripts) registered for path '4n6-scripts' No submodule mapping found in .gitmodules for path 'Java_IDX_Parser' rm: cannot remove ‘/usr/lib/python2.7/dist-packages/volatility/plugins/editbox.py’: No such file or directory rm: cannot remove ‘/usr/lib/python2.7/dist-packages/volatility/plugins/editbox.pyc’: No such file or directory cp: cannot stat ‘pe_carver/.py’: No such file or directory cp: cannot stat ‘page_brute/.py’: No such file or directory cp: cannot stat ‘java_idx_parser/.py’: No such file or directory cp: cannot stat ‘4n6-scripts/’: No such file or directory All done. Enjoy your privacy. Reversed (or previously applied) patch detected! Skipping patch. 1 out of 1 hunk ignored -- saving rejects to file /etc/rc.local.rej patch: **** malformed patch at line 10: + if stat_object.bkup_time_nano is not None:
Reading package lists... Building dependency tree... Reading state information... Package 'binplist' is not installed, so not removed You might want to run 'apt-get -f install' to correct these: The following packages have unmet dependencies: python-dfvfs : Depends: python-pytsk3 (>= 4.1.2) but it is not going to be installed E: Unmet dependencies. Try 'apt-get -f install' with no packages (or specify a solution).
I'm omitting some of the logging after the portion above, but see the following for more errors
Fetched 72 B in 4s (15 B/s) Reading package lists... Reading package lists... Building dependency tree... Reading state information... software-properties-common is already the newest version. You might want to run 'apt-get -f install' to correct these: The following packages have unmet dependencies: python-dfvfs : Depends: python-pytsk3 (>= 4.1.2) but it is not going to be installed E: Unmet dependencies. Try 'apt-get -f install' with no packages (or specify a solution).
** Other than the error related to python-dfvfs, the error-100 messages relate to items that don't require updating (since they are the newest version or don't exist). I'm attaching the sift-install log, because I found other errors associated with package installs (that don't appear to be SIFT-tool related). I think they are associated with the OS? Not sure.
Thank you for your continued help and suggestions.
-Luis
On Sun, Jan 8, 2017 at 10:11 AM, Erik Kristensen notifications@github.com wrote:
There is a sift-install.log in your home directory that would have more about the errors, but there are a few different things that could be blocking updates. I would make sure there are no software update windows open after that if it still doesn't work look at the sift-install.log.
If that still fails then I would google how to make sure nothing has a lock on apt.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/sans-dfir/sift/issues/132#issuecomment-271156827, or mute the thread https://github.com/notifications/unsubscribe-auth/AMqG0xr3c4HSR-1f7Czri1IHdcdyRUVbks5rQPycgaJpZM4Ldsqr .
ekristen
commented
7 years ago Looks like you are running into a bunch of issues, most are known. We are in the process of building a new SIFT VM and that will most likely be the best path of action for you going forward.
However in the mean time try -- https://github.com/sans-dfir/sift/issues/106#issuecomment-251566412
Lou511
commented
7 years ago Erik,
Thank you very much for taking a look and providing guidance! I really appreciate it.
Have a great day.
On Mon, Jan 9, 2017 at 10:45 PM Erik Kristensen notifications@github.com wrote:
Looks like you are running into a bunch of issues, most are known. We are in the process of building a new SIFT VM and that will most likely be the best path of action for you going forward.
However in the mean time try -- #106 (comment) https://github.com/sans-dfir/sift/issues/106#issuecomment-251566412
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/sans-dfir/sift/issues/132#issuecomment-271479071, or mute the thread https://github.com/notifications/unsubscribe-auth/AMqG079N1BZWe3PwXxfuNc_DWaZ5G4Tgks5rQv7egaJpZM4Ldsqr .
I attempted to update my VM using sudo update-sift. I have attached the output. I reviewed some other issues related to updating sift - they are similar, but my error seems to involve a laundry list of items that cannot be installed/updated. As an aside, I think I should mention that I obtained my VM from SANS FOR 508 - as opposed to any other source.
Thank you in advance.
error log.pdf