Accepting request 103438 from security

New library and apps for working with computer forensic images in EnCase format. Per previous decline, this has a LGPLv3+ license. Now reflected in specfile. Also, Sascha Peilicke SR'ed several specfile changes to the package- see changelog. ewftools are apps, but I only see LGPL as a license for the whole package. OBS-URL: https://build.opensuse.org/request/show/103438 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libewf?expand=0&rev=1
2012-02-16 15:17:45 +00:00
commit a93c19c8cf
7 changed files with 606 additions and 0 deletions
--- a/.gitattributes
+++ b/.gitattributes
@@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1 @@
+.osc
--- a/libewf-20100226-pyver.patch
+++ b/libewf-20100226-pyver.patch
@@ -0,0 +1,24 @@
+diff -up libewf-20100226/pyewf/Makefile.am.pyver libewf-20100226/pyewf/Makefile.am
+--- libewf-20100226/pyewf/Makefile.am.pyver	2009-04-02 20:06:28.000000000 +0200
+++ libewf-20100226/pyewf/Makefile.am	2010-03-08 21:57:07.336202089 +0100
+@@ -11,7 +11,7 @@ pyewf_la_SOURCES = \
+ 
+ pyewf_la_LIBADD   = ../libewf/libewf.la
+ pyewf_la_CPPFLAGS = $(PYTHON_CPPFLAGS)
+-pyewf_la_LDFLAGS  = -module $(PYTHON_LDFLAGS)
+pyewf_la_LDFLAGS  = -module -avoid-version $(PYTHON_LDFLAGS)
+ 
+ endif
+ 
+diff -up libewf-20100226/pyewf/Makefile.in.pyver libewf-20100226/pyewf/Makefile.in
+--- libewf-20100226/pyewf/Makefile.in.pyver	2010-02-26 18:50:52.000000000 +0100
+++ libewf-20100226/pyewf/Makefile.in	2010-03-08 21:56:34.855197908 +0100
+@@ -267,7 +267,7 @@ top_srcdir = @top_srcdir@
+ 
+ @HAVE_PYTHON_TRUE@pyewf_la_LIBADD = ../libewf/libewf.la
+ @HAVE_PYTHON_TRUE@pyewf_la_CPPFLAGS = $(PYTHON_CPPFLAGS)
+-@HAVE_PYTHON_TRUE@pyewf_la_LDFLAGS = -module $(PYTHON_LDFLAGS)
+@HAVE_PYTHON_TRUE@pyewf_la_LDFLAGS = -module -avoid-version $(PYTHON_LDFLAGS)
+ all: all-am
+ 
+ .SUFFIXES:
--- a/libewf-20100226.tar.gz
+++ b/libewf-20100226.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:aedd2a6b3df6525ff535ab95cd569ebb361a4022eb4163390f26257913c2941a
+size 801413
--- a/libewf.changes
+++ b/libewf.changes
@@ -0,0 +1,27 @@
+-------------------------------------------------------------------
+Wed Feb  8 09:39:32 UTC 2012 - saschpe@suse.de
+
+- Spec file cleanup:
+  * Provide sane versioning, this will break updates in the 'security'
+    project now, but this is better than breaking Factory updates later.
+  * Don't "rm -rf %buildroot" in the %install section
+  * Use upstream tarballs
+  * Cleanup BuildRequires
+
+-------------------------------------------------------------------
+Mon Feb  6 14:26:34 UTC 2012 - cfarrell@suse.com
+
+- license update: LGPL-3.0+
+  No indication that LGPL-3.0 is the license (i.e. only). Looks like
+  LGPL-3.0+
+
+-------------------------------------------------------------------
+Sun Sep  4 12:32:17 UTC 2011 - toganm@opensuse.org
+
+- Reworked spec based on fedora package
+- TODO
+  +enable disktype for requires 
+
+Tue Sep 14 2010 - toganm@opensuse.org
+- Initial opensuse build service checkin
+
--- a/libewf.spec
+++ b/libewf.spec
@@ -0,0 +1,126 @@
+#
+# spec file for package libewf
+#
+# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via http://bugs.opensuse.org/
+#
+
+
+Name:           libewf
+Version:        0.0.0+20100226
+Release:        0
+License:        LGPL-3.0+
+Summary:        Library for the Expert Witness Compression Format (EWF)
+Url:            http://sourceforge.net/projects/libewf/
+Group:          System/Libraries
+Source0:        http://sourceforge.net/projects/libewf/files/libewf/libewf-20100226/libewf-20100226.tar.gz
+Source1:        http://sourceforge.net/projects/libewf/files/mount_ewf/mount_ewf-20090113/mount_ewf-20090113.py
+Patch0:         libewf-20100226-pyver.patch
+BuildRequires:  e2fsprogs-devel
+BuildRequires:  libuuid-devel
+BuildRequires:  openssl-devel
+BuildRequires:  pkg-config
+#Needed for mount.ewf(.py) support
+BuildRequires:  python-devel
+BuildRequires:  zlib-devel
+BuildRoot:      %{_tmppath}/%{name}-%{version}-build
+%py_requires
+
+%description
+Libewf is a library for support of the Expert Witness Compression Format (EWF),
+it support both the SMART format (EWF-S01) and the EnCase format (EWF-E01).
+Libewf allows you to read and write media information within the EWF files.
+
+%package -n libewf1
+Summary:        Library to support the Expert Witness Compression Format
+Group:          System/Libraries
+
+%description -n libewf1
+libewf is a library for support of the Expert Witness Compression Format (EWF).
+libewf allows you to read media information of EWF files in the SMART (EWF-S01)
+format and the EnCase (EWF-E01) format. libewf allows to read files created by
+EnCase 1 to 6, linen and FTK Imager.
+
+%package -n     ewftools
+Summary:        Utilities for the Expert Witness Compression Format (EWF)
+Group:          System/Filesystems
+Requires:       %{name}1 = %{version}
+Requires:       python-fuse >= 0.2
+
+%description -n ewftools
+Several tools for reading and writing EWF files.
+It contains tools to acquire, verify and export EWF files.
+
+%package        devel
+Summary:        Development files for %{name}
+Group:          Development/Libraries/C and C++
+Requires:       %{name}1 = %{version}
+Requires:       pkg-config
+
+%description    devel
+The %{name}-devel package contains libraries and header files for
+developing applications that use %{name}.
+
+%prep
+%setup -q -n libewf-20100226
+%patch0 -p1 -b .pyver
+
+%build
+export CFLAGS="%{optflags} -fno-strict-aliasing "
+export CXXFLAGS="%{optflags}"
+%configure --disable-static \
+  --enable-wide-character-type \
+  --enable-python
+
+#Remove rpath from libtool
+sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
+sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
+
+# clean unused-direct-shlib-dependencies
+sed -i -e 's! -shared ! -Wl,--as-needed\0!g' libtool
+
+make %{?_smp_mflags}
+
+%install
+%make_install
+find %{buildroot} -name '*.la' -exec rm -f {} ';'
+
+mkdir -p %{buildroot}/sbin
+install -pm 0755 %{SOURCE1} %{buildroot}/sbin/mount.ewf
+ln -s mount.ewf %{buildroot}/sbin/umount.ewf
+
+%post -n libewf1 -p /sbin/ldconfig
+
+%postun -n libewf1 -p /sbin/ldconfig
+
+%files -n libewf1
+%defattr(-,root,root,-)
+%doc AUTHORS COPYING NEWS
+%{_libdir}/*.so.*
+
+%files -n ewftools
+%defattr(-,root,root,-)
+%{_bindir}/ewf*
+%{_mandir}/man1/*.gz
+/sbin/*.ewf
+%{python_sitearch}/pyewf.so
+
+%files devel
+%defattr(-,root,root,-)
+%{_includedir}/libewf.h
+%{_includedir}/libewf/
+%{_libdir}/*.so
+%{_libdir}/pkgconfig/libewf.pc
+%{_mandir}/man3/*.gz
+
+%changelog
--- a/mount_ewf-20090113.py
+++ b/mount_ewf-20090113.py
@@ -0,0 +1,402 @@
+#!/usr/bin/env python
+
+##    Copyright (c) 2006-2008, David Loveall
+##
+##    All rights reserved.
+##
+##    Redistribution and use in source and binary forms, with or without
+##    modification, are permitted provided that the following conditions are met:
+##
+##    Redistributions of source code must retain the above copyright notice, this
+##    list of conditions and the following disclaimer.
+##    Redistributions in binary form must reproduce the above copyright notice,
+##    this list of conditions and the following disclaimer in the documentation
+##    and/or other materials provided with the distribution.
+##    Neither the name of the creator nor the names of its contributors may be used
+##    to endorse or promote products derived from this software without specific
+##    prior written permission.
+##    THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+##    "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+##    LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+##    A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+##    CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+##    EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+##    PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+##    PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+##    LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+##    NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+##    SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+from __future__ import with_statement
+
+mount_ewf_version = "20090113"
+libewf_version = "20080501"
+
+import sys, string
+
+# The only part that depends on 2.5 is two instances of the with statement. However, 2.5
+# was also the first version to have ctypes bundled. If you've got all the dependencies
+# and fix the call to the lock, you're good. It may be easier to just install a current
+# release of Python. If you're reading this, it's your call.
+
+version = string.split(string.split(sys.version)[0], ".")
+
+# Some versions of Python have non numerical version number
+# E.g. Ubuntu 11.04 Python 2.7.1+
+# Therefore limited the version check to only look at the first 2 values
+if map(int, version[:2]) < [2,5]:
+	sys.stderr.write("This version of Python is too old. Python 2.5.x or 2.6.x is required.\n")
+	sys.stderr.write("Try running:\npython2.5 " + string.join(sys.argv) + "\nor:\npython2.6 " + string.join(sys.argv) + "\n")
+	sys.exit(8)
+
+if map(int, version[:2]) >= [3,0]:
+	sys.stderr.write("This version of Python is too new. Python 2.5.x or 2.6.x is required.\n")
+	sys.stderr.write("Try running:\npython2.5 " + string.join(sys.argv) + "\nor:\npython2.6 " + string.join(sys.argv) + "\n")
+	sys.exit(8)
+
+try:
+	import fuse
+except:
+	sys.stderr.write("Python FUSE bindings aren't installed.\n")
+	sys.exit(16)
+
+if not hasattr(fuse, '__version__'):
+	sys.stderr.write("fuse-py doesn't know of fuse.__version__, probably it's too old.\n")
+	sys.exit(16)
+fuse.fuse_python_api = (0, 2)
+
+import os, tempfile, ctypes, ctypes.util, stat, errno, time, re, threading, subprocess, binascii
+
+libewf_path = ctypes.util.find_library('ewf')
+if libewf_path:
+	libewf=ctypes.CDLL(libewf_path)
+else:
+	sys.stderr.write("Couldn't find libewf.\n")
+	sys.exit(2)
+
+def c_off_t(i):
+	return ctypes.c_int64(i)
+
+def c_array(ctype, l):
+	return (ctype * len(l))(*l)
+
+def c_max(ctype):
+	size = ctypes.sizeof(ctype)
+	signed = ctype(2 ** (8 * size - 1) - 1)
+	unsigned = ctype(2 ** (8 * size) - 1)
+	return max(signed.value, unsigned.value)
+
+def find_partitions(disktype):
+	partitions = {}
+	pattern = re.compile('\n *Partition (?P<number>\w+):[^\n]*\((?P<size>\d+)[^\n]* (?P<start>\d+\+?\d*)(?:, bootable)?\)\n(?: *Type (?P<type>0x[0-9A-F]{2}))?', re.DOTALL)
+	result = pattern.finditer(disktype)
+	for match in result:
+		if match.group('type') not in ["0x05", "0x0F", "0xEE"]:
+			partitions[match.group('number')] = {'offset': eval(match.group('start'))*512, 'size': eval(match.group('size'))}
+	return partitions
+
+class MyStat(fuse.Stat):
+	def __init__(self):
+		self.st_mode = 0
+		self.st_ino = 0
+		self.st_dev = 0
+		self.st_nlink = 0
+		self.st_uid = 0
+		self.st_gid = 0
+		self.st_size = 0
+		self.st_atime = 0
+		self.st_mtime = 0
+		self.st_ctime = 0
+
+class ewfFS(fuse.Fuse):
+	def __init__(self, *args, **kw):
+		fuse.Fuse.__init__(self, *args, **kw)
+		self.multithreaded = True
+		self.partitions = {}
+		self.files = {}
+		self.disktype = False
+		self.rw = False
+		self.delta = False
+		self.ewf_debug = False
+		self.mountpoint = ""
+		self.read_lock = threading.Lock()
+
+	def getattr(self, path):
+		if self.ewf_debug:
+			print "GETATTR:", path
+		st = MyStat()
+		if path == '/':
+			st.st_mode = stat.S_IFDIR | 0555
+			st.st_nlink = 2
+			return st
+		for name in self.files:
+			if path == name:
+				st.st_mode = stat.S_IFREG | 0444
+				st.st_nlink = 1
+				st.st_size = len(self.files[name])
+				return st
+		for name in self.partitions:
+			if path == name:
+				if self.rw:
+					st.st_mode = stat.S_IFREG | 0666
+				else:
+					st.st_mode = stat.S_IFREG | 0444
+				st.st_nlink = 1
+				st.st_size = self.partitions[name]['size']
+				return st
+		return -errno.ENOENT
+
+	def readdir(self, path, offset):
+		if self.ewf_debug:
+			print "READDIR:", path, "OFFSET:", offset
+		for r in  '.', '..':
+			yield fuse.Direntry(r)
+		for name in self.files:
+			yield fuse.Direntry(name[1:])
+		for name in self.partitions:
+			yield fuse.Direntry(name[1:])
+
+	def open(self, path, flags):
+		if self.ewf_debug:
+			print "OPEN:", path, "FLAGS:", flags
+		for name in self.files:
+			if path == name:
+				accmode = os.O_RDONLY | os.O_WRONLY | os.O_RDWR
+				if (flags & accmode) != os.O_RDONLY:
+					if self.ewf_debug:
+						print "Returning access error"
+					return -errno.EACCES
+				return 0
+		for name in self.partitions:
+			if path == name:
+				accmode = os.O_RDONLY | os.O_WRONLY | os.O_RDWR
+				if (not self.rw) and (flags & accmode) != os.O_RDONLY:
+					if self.ewf_debug:
+						print "Returning access error"
+					return -errno.EACCES
+				return 0
+		return -errno.ENOENT
+
+	def read(self, path, size, offset):
+		if self.ewf_debug:
+			print "READ FROM:", path, "OFFSET:", offset, "SIZE:", size
+		for name in self.files:
+			if path == name:
+				return self.files[name][offset:offset+size]
+		for name in self.partitions:
+			if path == name:
+				if offset > self.partitions[name]['size']:
+					size = 0
+				if offset+size > self.partitions[name]['size']:
+					size = self.partitions[name]['size'] - offset
+				buf = ctypes.create_string_buffer(size)
+				with self.read_lock:
+					libewf.libewf_read_random(self.partitions[name]['handle'], buf, ctypes.c_size_t(size), c_off_t(offset+self.partitions[name]['offset']))
+				if self.ewf_debug:
+					print "RETURNING LENGTH", len(buf.raw)
+				return buf.raw
+		return -errno.ENOENT
+
+	def write(self, path, buf, offset):
+		if self.ewf_debug:
+			print "WRITE TO:", path, "OFFSET:", offset, "SIZE:", len(buf)
+		if self.rw:
+			size = len(buf)
+			for name in self.partitions:
+				if path == name:
+					if offset > self.partitions[name]['size']:
+						size = 0
+					if offset+size > self.partitions[name]['size']:
+						size = self.partitions[name]['size'] - offset
+					if size <= 0:
+						if self.ewf_debug:
+							print "writing past end of file, returning too big"
+						return -errno.EFBIG
+					# fuse is expecting an int, not the long which is returned because a c_size_t is unsigned
+					#libewf.libewf_write_random.restype = ctypes.c_size_t
+					libewf.libewf_write_random.restype = ctypes.c_int
+					with self.read_lock:
+						result = libewf.libewf_write_random(self.partitions[name]['handle'], ctypes.create_string_buffer(buf[:size]), ctypes.c_size_t(size), c_off_t(offset+self.partitions[name]['offset']))
+					#if result == ctypes.c_size_t(-1).value:
+					if result == -1:
+						if self.ewf_debug:
+							print "ERROR on write, returning IO error"
+						return -errno.EIO
+					if self.ewf_debug:
+						#print "RETURNING", int(result)
+						print "RETURNING",  result
+					#return int(result)
+					return result
+		return -errno.ENOENT
+
+	def fsdestroy(self):
+		if self.ewf_debug:
+			print "FSDESTROY"
+		for name in self.partitions:
+			libewf.close(self.partitions[name]['handle'])
+
+	def truncate(self, path, size):
+		if self.ewf_debug:
+			print "TRUNCATE", path, size
+		return -errno.ENOSYS
+
+	def unlink(self, path):
+		if self.ewf_debug:
+			print "UNLINK", path
+		return -errno.ENOSYS
+
+def find_image_segments(filename, delta = False):
+	basename = os.path.basename(filename)
+	rootname, extname = os.path.splitext(basename)
+	dirname = os.path.dirname(filename)
+
+	contents = os.listdir(dirname)
+	filenames = []
+	deltanames = []
+	for item in contents:
+		itemroot, itemext = os.path.splitext(item)
+		if itemroot == rootname and libewf.libewf_check_file_signature(os.path.join(dirname, item)) == 1:
+			if itemext[:2] == extname[:2]:
+				filenames.append(os.path.join(dirname, item))
+			if delta and itemext.startswith(".d"):
+				deltanames.append(os.path.join(dirname, item))
+	filenames.sort()
+	deltanames.sort()
+	if delta == True:
+		filenames += deltanames
+	elif delta:
+		filenames.append(delta)
+	return filenames
+
+def get_header(handle, files, filename, type, name):
+	size = min(c_max(ctypes.c_size_t), 2**16) # Don't create a buffer larger than 64k
+	buf = ctypes.create_string_buffer(size)
+	if libewf.libewf_get_header_value(handle, type, buf, ctypes.c_size_t(size)) and buf.value:
+		files[filename] = files[filename] + "# " + name + ": " + buf.value + "\n"
+
+def main():
+	libewf.libewf_get_version.restype = ctypes.c_char_p
+	if not libewf.libewf_get_version() == libewf_version:
+		sys.stderr.write("Using libewf-" + libewf.libewf_get_version() + ". Tested with libewf-" + libewf_version + ".\n")
+
+	usage = """
+   %prog [options] <filename(s)> <mountpoint>
+  
+Note: This utility allows EWF files to be mounted as a filesystem containing a flat disk image. <filename> can be any segment of the EWF file. To be identified, all files need to be in the same directory, have the same root file name, and have the same first character of file extension. Alternatively, multiple filenames can be specified in different locations in the order to be reassembled.
+"""
+	server = ewfFS(version="%prog " + mount_ewf_version + " FUSE " + fuse.__version__, usage=usage, dash_s_do='undef')
+	server.parser.add_option(mountopt="disktype", dest="disktype", metavar="DISKTYPE_BINARY", help="disktype program")
+	server.parser.add_option(mountopt="rw", dest="rw", metavar=" ", help="read-write support")
+	server.parser.add_option(mountopt="delta", dest="delta", metavar=" ", help="use previously generated delta file")
+	server.parser.add_option(mountopt="ewf_debug", dest="ewf_debug", metavar=" ", help="print ewf debug messages")
+	server.parse(values=server, errex=1)
+	if server.disktype == None:
+		server.disktype = "disktype"
+	if server.rw == None:
+		server.rw = True
+		libewf.libewf_get_flags_read_write.restype = ctypes.c_uint8
+		flag = libewf.libewf_get_flags_read_write()
+	else:
+		server.rw = False
+		libewf.libewf_get_flags_read.restype = ctypes.c_uint8
+		flag = libewf.libewf_get_flags_read()
+	if server.delta == None:
+		server.delta = True
+	elif type(server.delta) == 'str':
+		if not (os.path.isfile(server.delta) and libewf.libewf_check_file_signature(server.delta) == 1):
+			server.delta = False
+	if server.ewf_debug == None:
+		server.ewf_debug = True
+		libewf.libewf_set_notify_values(ctypes.pythonapi.PyFile_AsFile(ctypes.py_object(sys.stdout)), ctypes.c_uint8(1))
+	elif server.ewf_debug == "mount":
+		server.ewf_debug = True
+		libewf.libewf_set_notify_values(ctypes.pythonapi.PyFile_AsFile(ctypes.py_object(sys.stdout)), ctypes.c_uint8(0))
+	elif server.ewf_debug == "lib":
+		server.ewf_debug = False
+		libewf.libewf_set_notify_values(ctypes.pythonapi.PyFile_AsFile(ctypes.py_object(sys.stdout)), ctypes.c_uint8(1))
+	else:
+		server.ewf_debug = False
+		libewf.libewf_set_notify_values(ctypes.pythonapi.PyFile_AsFile(ctypes.py_object(sys.stdout)), ctypes.c_uint8(0))
+	server.mountpoint = os.path.abspath(sys.argv[-1])
+
+	filenames = []
+	for arg in sys.argv[1:-1]:
+		if os.path.isfile(arg):
+			if libewf.libewf_check_file_signature(arg) == 1:
+				filenames.append(arg)
+	if len(filenames) == 1:
+		filenames = find_image_segments(os.path.abspath(filenames[0]), server.delta)
+	if len(filenames) == 0:
+		server.parser.print_usage()
+		sys.stderr.write("ewf segment filename(s) required.\n")
+		sys.exit(1)
+
+	if server.ewf_debug:
+		print "Filenames:", filenames
+
+	handle = libewf.libewf_open(c_array(ctypes.c_char_p, filenames), ctypes.c_ulong(len(filenames)), ctypes.c_uint8(flag))
+	if handle == 0:
+		server.parser.print_usage()
+		sys.stderr.write("Couldn't open EWF file.\n")
+		sys.exit(1)
+	libewf.libewf_parse_header_values(handle, 3)
+
+	size = min(c_max(ctypes.c_size_t), 2**16) # Don't create a buffer larger than 64k
+	buf = ctypes.create_string_buffer(size)
+	prefix = "/" + os.path.splitext(os.path.basename(filenames[0]))[0]
+	if os.uname()[0] == "Darwin":
+		partition_suffix = ".img"
+		drive_suffix = ".dmg"
+	else:
+		partition_suffix = ""
+		drive_suffix = ""
+
+	info_name = prefix + ".txt"
+	server.files[info_name] = ""
+	get_header(handle, server.files, info_name, "description", "Description")
+	get_header(handle, server.files, info_name, "case_number", "Case number")
+	get_header(handle, server.files, info_name, "examiner_name", "Examiner name")
+	get_header(handle, server.files, info_name, "evidence_number", "Evidence number")
+	get_header(handle, server.files, info_name, "notes", "Notes")
+	get_header(handle, server.files, info_name, "acquiry_date", "Acquiry date")
+	get_header(handle, server.files, info_name, "system_date", "System date")
+	get_header(handle, server.files, info_name, "acquiry_operating_system", "Operating system used")
+	get_header(handle, server.files, info_name, "acquiry_software_version", "Software version used")
+	get_header(handle, server.files, info_name, "password", "Password")
+	get_header(handle, server.files, info_name, "compression_type", "Compression type")
+	get_header(handle, server.files, info_name, "model", "Model")
+	get_header(handle, server.files, info_name, "serial_number", "Serial number")
+
+	media_size = ctypes.c_uint64()
+	if libewf.libewf_get_media_size(handle, ctypes.byref(media_size)) != 1:
+		sys.stderr.write("Unable to get media size.\n")
+		sys.exit(4)
+	if media_size.value == 0:
+		sys.stderr.write("Invalid media size.\n")
+		sys.exit(4)
+
+	server.partitions[prefix + drive_suffix] = {'handle': handle, 'offset': 0, 'size': media_size.value}
+	if server.disktype:
+		p = subprocess.Popen([server.disktype] + filenames, stdout=subprocess.PIPE)
+		server.files[prefix + ".disktype.txt"] = p.stdout.read()
+		p.wait()
+		partitions = find_partitions(server.files[prefix + ".disktype.txt"])
+		for partition in partitions:
+			server.partitions[prefix + "p" + partition + partition_suffix] = partitions[partition]
+			server.partitions[prefix + "p" + partition + partition_suffix]['handle'] = handle
+
+	size = 16
+	md5 = (ctypes.c_uint8 * size)()
+	libewf.libewf_get_md5_hash(handle, ctypes.byref(md5), ctypes.c_size_t(size))
+	md5_printable = binascii.hexlify(md5)
+
+	full_path = os.path.join(server.mountpoint, prefix[1:] + drive_suffix)
+	if os.uname()[0] == "Linux":
+		server.files[info_name] = server.files[info_name] + md5_printable + " *" + full_path + "\n"
+	else:
+		server.files[info_name] = server.files[info_name] + "MD5 (" + full_path + ") = " + md5_printable + "\n"
+
+	server.main()
+
+if __name__ == '__main__':
+	main()