search

teamdfir / sift

SIFT
MIT License
484 stars 67 forks source link

[SALTSTACK] - libewf package is missing #637

Closed cah-sean-whalen closed 2 weeks ago

cah-sean-whalen commented 2 weeks ago

There were a number of install failures related to SleuthKit after running sudo cast install teamdfir/sift-saltstack.

  pkg_|-libewf-python_|-libewf-python3_|-installed:
    __id__: libewf-python
    __run_num__: 96
    __sls__: sift.packages.libewf-python3
    changes: {}
    comment: "Problem encountered installing package(s). Additional info follows:\n\nerrors:\n
      \   - Running scope as unit: run-r7e43bee1b8ef49d286a2405d84549b4e.scope\n      E:
      Unable to locate package libewf-python3"
    duration: 676.593
    name: libewf-python3
    result: false
    start_time: '22:37:49.743401'
  pkg_|-libewf-tools_|-libewf-tools_|-installed:
    __id__: libewf-tools
    __run_num__: 97
    __sls__: sift.packages.libewf-tools
    changes: {}
    comment: "Problem encountered installing package(s). Additional info follows:\n\nerrors:\n
      \   - Running scope as unit: run-r7949d95991384893a45fe511d2e2e78a.scope\n      E:
      Unable to locate package libewf-tools"
    duration: 684.878
    name: libewf-tools
    result: false
    start_time: '22:37:50.422037'
  pkg_|-libewf_|-libewf_|-installed:
    __id__: libewf
    __run_num__: 94
    __sls__: sift.packages.libewf
    changes: {}
    comment: "Problem encountered installing package(s). Additional info follows:\n\nerrors:\n
      \   - Running scope as unit: run-r824b123f60794410914aa99ddc49b689.scope\n      E:
      Package 'libewf' has no installation candidate"
    duration: 4197.882
    name: libewf
    result: false
    start_time: '22:37:45.526471'
  pkg_|-sift-package-libregf-python3_|-libregf-python3_|-installed:
    __id__: sift-package-libregf-python3
    __run_num__: 115
    __sls__: sift.packages.libregf-python3
    changes: {}
    comment: "Problem encountered installing package(s). Additional info follows:\n\nerrors:\n
      \   - Running scope as unit: run-rd22d80a2d5dc4193a5436f12ba388945.scope\n      E:
      Unable to locate package libregf-python3"
    duration: 695.808
    name: libregf-python3
    result: false
    start_time: '22:37:51.354113'
  pkg_|-sift-package-libvmdk_|-libvmdk_|-installed:
    __id__: sift-package-libvmdk
    __run_num__: 119
    __sls__: sift.packages.libvmdk
    changes: {}
    comment: "Problem encountered installing package(s). Additional info follows:\n\nerrors:\n
      \   - Running scope as unit: run-rf5cc84a996d640919d91d124b47127f4.scope\n      E:
      Unable to locate package libvmdk"
    duration: 713.414
    name: libvmdk
    result: false
    start_time: '22:37:52.095753'
  pkg_|-sift-package-libvshadow-python3_|-libvshadow-python3_|-installed:
    __id__: sift-package-libvshadow-python3
    __run_num__: 122
    __sls__: sift.packages.libvshadow-python3
    changes: {}
    comment: "Problem encountered installing package(s). Additional info follows:\n\nerrors:\n
      \   - Running scope as unit: run-rcccef6f2d1c9498881807a6d8cb9879a.scope\n      E:
      Unable to locate package libvshadow-python3"
    duration: 700.354
    name: libvshadow-python3
    result: false
    start_time: '22:37:52.842523'
  pkg_|-sift-package-plaso-tools_|-plaso-tools_|-latest:
    __id__: sift-package-plaso-tools
    __run_num__: 156
    __sls__: sift.packages.plaso-tools
    changes: {}
    comment: No information found for 'plaso-tools'.
    duration: 109.103
    name: plaso-tools
    result: false
    start_time: '22:37:54.255767'
  pkg_|-sift-package-python-pytsk3_|-python3-pytsk3_|-installed:
    __id__: sift-package-python-pytsk3
    __run_num__: 171
    __sls__: sift.packages.python3-pytsk3
    changes: {}
    comment: "Problem encountered installing package(s). Additional info follows:\n\nerrors:\n
      \   - Running scope as unit: run-r937c578bfcf748328ee09db505aafaa6.scope\n      E:
      Unable to locate package python3-pytsk3"
    duration: 713.954
    name: python3-pytsk3
    result: false
    start_time: '22:38:07.163878'
  pkg_|-sift-package-python3-dfvfs_|-python3-dfvfs_|-installed:
    __id__: sift-package-python3-dfvfs
    __run_num__: 165
    __sls__: sift.packages.python3-dfvfs
    changes: {}
    comment: "Problem encountered installing package(s). Additional info follows:\n\nerrors:\n
      \   - Running scope as unit: run-r467c0732f4cf4c3fad015e8e356cc05a.scope\n      E:
      Error, pkgProblemResolver::Resolve generated breaks, this may be caused by held
      packages."
    duration: 4374.604
    name: python3-dfvfs
    result: false
    start_time: '22:37:54.994887'
  pkg_|-sift-package-sleuthkit_|-sleuthkit_|-latest:
    __id__: sift-package-sleuthkit
    __run_num__: 190
    __sls__: sift.packages.sleuthkit
    changes: {}
    comment: "An error was encountered while installing package(s): Problem encountered
      installing package(s). Additional info follows:\n\nchanges:\n    ----------\nerrors:\n
      \   - Running scope as unit: run-r9717c0568fb2405c9b36747a7b0aff95.scope\n      E:
      Unable to correct problems, you have held broken packages."
    duration: 1168.586
    name: sleuthkit
    result: false
    start_time: '22:38:08.331422'
 pkg_|-sift-packages-xmount_|-xmount_|-latest:
    __id__: sift-packages-xmount
    __run_num__: 220
    __sls__: sift.packages.xmount
    changes: {}
    comment: "An error was encountered while installing package(s): Problem encountered
      installing package(s). Additional info follows:\n\nchanges:\n    ----------\nerrors:\n
      \   - Running scope as unit: run-r32b707f8d3b0439aab1adfb22cd35e0e.scope\n      E:
      Unable to correct problems, you have held broken packages."
    duration: 1086.752
    name: xmount
    result: false
    start_time: '22:38:10.022276'
  test_|-sift-desktop-version-file_|-install-complete_|-nop:
    __run_num__: 678
    __sls__: sift.desktop
    changes: {}
    comment: 'One or more requisite failed: sift.include-server.sift-server-include'
    duration: 0.005
    result: false
    start_time: '22:44:27.962219'
  test_|-sift-packages_|-sift-packages_|-nop:
    __run_num__: 223
    __sls__: sift.packages
    changes: {}
    comment: 'One or more requisite failed: sift.packages.libregf-python3.sift-package-libregf-python3,
      sift.packages.python3-pytsk3.sift-package-python-pytsk3, sift.packages.plaso-tools.sift-package-plaso-tools,
      sift.packages.libewf-python3.libewf-python, sift.packages.libewf-tools.libewf-tools,
      sift.packages.libvmdk.sift-package-libvmdk, sift.packages.libewf.libewf, sift.packages.sleuthkit.sift-package-sle>      sift.packages.libvshadow-python3.sift-package-libvshadow-python3, sift.packages.python3-dfvfs.sift-package-python>      sift.packages.xmount.sift-packages-xmount'
    duration: 0.01
    result: false
    start_time: '22:38:15.934602'
  test_|-sift-server-include_|-sift-server-include_|-nop:
    __run_num__: 573
    __sls__: sift.include-server
    changes: {}
    comment: 'One or more requisite failed: sift.packages.sift-packages'
    duration: 0.007
    result: false
    start_time: '22:44:11.651822'
  test_|-sift-server-version-file_|-install-complete_|-nop:
    __run_num__: 574
    __sls__: sift.server
    changes: {}
    comment: 'One or more requisite failed: sift.include-server.sift-server-include'
    duration: 0.005
    result: false
    start_time: '22:44:11.653752'

I noticed that the PPA wasn't added either, so I added that manually and tried again, but that didn't fix the issues when I tried running the install again.

sudo add-apt-repository ppa:sift/stable
sudo apt update

Even after adding the PPA, some dependencies could not be found when I tried to install the seluthkit pachage.

E: Unable to locate package seleuthkit
sansforensics@siftworkstation: ~
$ sudo apt install  sleuthkit
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 sleuthkit : Depends: libtsk19 (= 4.11.1+sift-1ppa3~jammy) but 4.11.1+dfsg-1 is to be installed
             Depends: libewf but it is not installable
E: Unable to correct problems, you have held broken packages.
cah-sean-whalen commented 2 weeks ago

Never mind. I found the problem. Ubuntu's do-release-upgrade commented out all third-party repos, but salt didn't notice until I deleted all the old files in /etc/apt/sources.list.d.