diff --git a/.github/workflows/build-flatpak.yml b/.github/workflows/build-flatpak.yml new file mode 100644 index 00000000000..e0d8d6073e6 --- /dev/null +++ b/.github/workflows/build-flatpak.yml @@ -0,0 +1,79 @@ +name: Build Flatpak Bundle + +# Mirrors the Snap distribution model: builds on deliberate tags and on-demand. +# On a tag push: the .flatpak bundle is attached to the GitHub Release. +# On workflow_dispatch: the bundle is uploaded as a workflow artifact. +on: + push: + tags: + - 'autopsy-*' + workflow_dispatch: + +jobs: + build: + name: Build Flatpak bundle + runs-on: ubuntu-latest + + steps: + - name: Checkout source + uses: actions/checkout@v5 + + # ubuntu-latest only ships ~14 GB free; the NetBeans platform download, + # Autopsy compilation, and flatpak overlay together need ≥20 GB. + - name: Free disk space + uses: jlumbroso/free-disk-space@main + with: + tool-cache: true + android: true + dotnet: true + haskell: true + large-packages: true + docker-images: true + swap-storage: true + + - name: Install Flatpak and flatpak-builder + run: | + sudo apt-get update + sudo apt-get install -y flatpak flatpak-builder + + - name: Add Flathub remote (provides runtime and SDK) + run: | + flatpak remote-add --user --if-not-exists \ + flathub https://dl.flathub.org/repo/flathub.flatpakrepo + + - name: Install Flatpak runtime and SDK + run: | + flatpak install --user --noninteractive \ + org.freedesktop.Platform//25.08 \ + org.freedesktop.Sdk//25.08 \ + org.freedesktop.Sdk.Extension.openjdk17//25.08 + + - name: Build Flatpak + run: | + flatpak-builder \ + --user \ + --force-clean \ + --repo=repo \ + build-dir \ + org.sleuthkit.Autopsy.yaml + + # --runtime-repo embeds the Flathub repo URL so first-time installs on + # clean systems can fetch the required org.freedesktop.Platform runtime. + - name: Create single-file bundle + run: | + flatpak build-bundle repo autopsy.flatpak org.sleuthkit.Autopsy \ + --runtime-repo=https://flathub.org/repo/flathub.flatpakrepo + + - name: Upload bundle as release asset + if: startsWith(github.ref, 'refs/tags/') + uses: softprops/action-gh-release@v2 + with: + files: autopsy.flatpak + + - name: Upload bundle as workflow artifact + if: github.event_name == 'workflow_dispatch' + uses: actions/upload-artifact@v5 + with: + name: autopsy-flatpak + path: autopsy.flatpak + retention-days: 14 diff --git a/.gitignore b/.gitignore index 65e308fc6d4..75acf2253e3 100755 --- a/.gitignore +++ b/.gitignore @@ -114,3 +114,8 @@ hs_err_pid*.log /Tools/autopsy-mcp-stdio/dist/ .claude + +# Flatpak build artifacts +build-dir/ +.flatpak-builder/ +*.flatpak diff --git a/Running_Linux_OSX.md b/Running_Linux_OSX.md index ada637d2cb6..853fece24fb 100644 --- a/Running_Linux_OSX.md +++ b/Running_Linux_OSX.md @@ -1,5 +1,15 @@ # Overview -For Linux systems that [support snapd](https://snapcraft.io/docs/installing-snapd), there is currently the option to install Autopsy from the [snap package](#install-autopsy-snap). Otherwise, when installing on Debian-based Linux or macOS systems, there are three general steps: [installing prerequisites](#installing-prerequisites), [installing The Sleuth Kit](#installing-the-sleuth-kit), and [installing Autopsy](#installing-autopsy) itself. On macOS, you will want to [setup the JNA paths](#setup-macos-jna-paths). +For Linux systems, Autopsy can be installed as a [Flatpak bundle](#install-autopsy-flatpak) or as a [Snap package](#install-autopsy-snap). Flatpak is the recommended option for distributions that do not support snapd. Otherwise, when installing on Debian-based Linux or macOS systems, there are three general steps: [installing prerequisites](#installing-prerequisites), [installing The Sleuth Kit](#installing-the-sleuth-kit), and [installing Autopsy](#installing-autopsy) itself. On macOS, you will want to [setup the JNA paths](#setup-macos-jna-paths). + +# Install Autopsy Flatpak +Autopsy is available as a self-contained [Flatpak](https://flatpak.org/) bundle. Download the `autopsy.flatpak` file from the [release section](https://github.com/sleuthkit/autopsy/releases) and install it with: + +```sh +flatpak install --user autopsy.flatpak +flatpak run org.sleuthkit.Autopsy +``` + +See the [Flatpak README](./flatpak/README.md) for build instructions, known limitations, and permission notes. # Install Autopsy Snap Autopsy comes in a [Snap package](https://snapcraft.io/about). See the [Snap README](./snap/README.md) for installation instructions and more information. diff --git a/flatpak/README.md b/flatpak/README.md new file mode 100644 index 00000000000..cfbf77cb23b --- /dev/null +++ b/flatpak/README.md @@ -0,0 +1,117 @@ +# Autopsy Flatpak + +Packages Autopsy as a distributable Flatpak bundle (`.flatpak` file) for direct installation on +Linux systems. The bundle is self-contained and can be installed and run fully offline once built. + +## Distribution + +This package targets direct distribution (not Flathub). The `.flatpak` bundle is attached as a +release asset to GitHub Releases, similar to how the Snap is distributed. + +## Prerequisites (build machine) + +- `flatpak` and `flatpak-builder` installed +- Flathub remote added (provides the runtime and SDK): + ```sh + flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo + ``` +- `org.freedesktop.Platform//25.08`, `org.freedesktop.Sdk//25.08`, and + `org.freedesktop.Sdk.Extension.openjdk17//25.08` installed: + ```sh + flatpak install flathub org.freedesktop.Platform//25.08 org.freedesktop.Sdk//25.08 \ + org.freedesktop.Sdk.Extension.openjdk17//25.08 + ``` +- Internet access during the build (needed for downloading the NetBeans platform and Autopsy + Maven dependencies; the resulting bundle installs and runs offline) +- **≥ 20 GB of free disk space** on the build machine — the NetBeans platform download, the + Autopsy compilation, and the intermediate flatpak overlay together require significant space + +## Build + +From the repository root: + +```sh +flatpak-builder --force-clean build-dir org.sleuthkit.Autopsy.yaml +``` + +Build time is typically 15–30 minutes (dominated by the NetBeans platform download and Autopsy +compilation). All Sleuth Kit Maven dependencies are pre-declared in the manifest with verified +SHA256 checksums and need no network access. The Autopsy `ant build-zip` step does require +network to download the NetBeans platform (~100 MB) and Autopsy's own dependency tree. + +## Bundle and install + +```sh +# Create a single-file distributable bundle +flatpak build-bundle ~/.local/share/flatpak/repo autopsy.flatpak org.sleuthkit.Autopsy + +# Install from the bundle (no network needed) +flatpak install --user autopsy.flatpak + +# Run +flatpak run org.sleuthkit.Autopsy +``` + +## Updating versions for a new release + +When cutting a new Autopsy release, update the following locations in `org.sleuthkit.Autopsy.yaml`: + +1. **Sleuth Kit tag** — under the `sleuthkit` module's `sources`, change the `tag:` field (e.g. + `sleuthkit-4.15.0`) and update the `sleuthkit-*.jar` filenames referenced in `build-commands`. +2. **Sleuth Kit Maven JARs** — if TSK's Java binding dependencies changed, update the `url`/`sha256` + entries under the `sleuthkit` module's `sources`. Checksums can be verified with + `sha256sum `. +3. **Metainfo release entry** — add a new `` block at the top of the `` list in + `flatpak/org.sleuthkit.Autopsy.metainfo.xml` with the correct version and date. + +The CI workflow (`build-flatpak.yml`) builds and attaches `autopsy.flatpak` to the GitHub Release +automatically when a tag matching `autopsy-*` is pushed. + +## CI / GitHub Actions + +`.github/workflows/build-flatpak.yml` builds the bundle automatically on tag pushes +(`autopsy-*`) and on manual dispatch. The resulting `autopsy.flatpak` is attached to the +GitHub Release when triggered by a tag. + +## Design decisions + +### Runtime +`org.freedesktop.Platform//25.08` with `org.freedesktop.Sdk.Extension.openjdk17` — avoids +bundling a full JRE by using the SDK extension mechanism. JDK 17 is required by Autopsy. + +### Network during build +The manifest sets `build-args: [--share=network]` globally. This is necessary because: +- Autopsy's `ant build-zip` downloads the Apache NetBeans platform at build time +- Pre-bundling all NetBeans modules individually would be impractical (hundreds of JARs) + +All Sleuth Kit Maven dependencies (13 JARs) ARE pre-bundled in the manifest with SHA256 +checksums, so the Sleuth Kit module builds fully offline. + +### Permissions +`--device=all` is required for forensics work (raw block device access). Users may additionally +need to run Autopsy with appropriate OS group membership (e.g., `disk` group) to access local +disks in the `/dev/` directory. + +### Hugepages (Solr) +Flatpak cannot grant access to `/sys/kernel/mm/hugepages`. Solr runs without hugepages, which +is a performance trade-off only (not a functional blocker). + +## Known limitations + +Inherited from Autopsy's Linux support: +- LEAPP processors are non-functional +- HEIF image processing is unavailable +- Video thumbnails are unavailable + +## Module build order + +1. `openjdk` — installs JDK 17 from the SDK extension into `/app/jre`, then symlinks `/app/jdk → /app/jre` (Autopsy's launcher resolves `jdkhome` via this path) +2. `ant` — installs Apache Ant 1.10.15 into `/app/ant` +3. `libewf` (legacy) — E01 forensics image support +4. `libafflib` — AFF forensics format support +5. `libvmdk` — VMware disk image support +6. `libvhdi` — VHD disk image support +7. `libvslvm` — LVM volume support +8. `testdisk` — provides `photorec` (required by `unix_setup.sh`) +9. `sleuthkit` — native TSK libraries + Java bindings (offline Maven build) +10. `autopsy` — Autopsy itself, built from local source via `ant build-zip` diff --git a/flatpak/autopsywrapper.sh b/flatpak/autopsywrapper.sh new file mode 100644 index 00000000000..9227671f0a2 --- /dev/null +++ b/flatpak/autopsywrapper.sh @@ -0,0 +1,4 @@ +#!/bin/bash +# Ensure Autopsy's tmp dir exists before launch (mirrors Snap wrapper behaviour). +mkdir -p "${XDG_RUNTIME_DIR:-/tmp}/autopsy-tmp" +exec /app/autopsy/bin/autopsy "$@" diff --git a/flatpak/org.sleuthkit.Autopsy.desktop b/flatpak/org.sleuthkit.Autopsy.desktop new file mode 100644 index 00000000000..ff97df2d4e5 --- /dev/null +++ b/flatpak/org.sleuthkit.Autopsy.desktop @@ -0,0 +1,10 @@ +[Desktop Entry] +Name=Autopsy +Comment=A graphical interface to The Sleuth Kit and other digital forensics tools. +GenericName=DFIR Tool +Exec=autopsywrapper.sh +Icon=org.sleuthkit.Autopsy +Type=Application +Categories=System;Security; +Keywords=autopsy;sleuth;kit;dfir;forensics; +StartupNotify=true diff --git a/flatpak/org.sleuthkit.Autopsy.metainfo.xml b/flatpak/org.sleuthkit.Autopsy.metainfo.xml new file mode 100644 index 00000000000..e71d78610a4 --- /dev/null +++ b/flatpak/org.sleuthkit.Autopsy.metainfo.xml @@ -0,0 +1,52 @@ + + + org.sleuthkit.Autopsy + CC0-1.0 + Apache-2.0 + Autopsy + Extensible digital forensics platform + +

+ Autopsy® is the premier open source forensics platform which is fast, + easy-to-use, and capable of analyzing all types of mobile devices and + digital media. Its plug-in architecture enables extensibility from + community-developed or custom-built modules. Autopsy evolves to meet the + needs of hundreds of thousands of professionals in law enforcement, + national security, litigation support, and corporate investigation. +

+

+ Note: Due to the system access necessary for Autopsy to perform forensics + work, this Flatpak uses --device=all to access block devices. Raw disk + access may additionally require running with appropriate OS permissions + (e.g., membership in the disk group). +

+

Known limitations on Linux compared to Windows:

+
    +
  • LEAPP processors are non-functional
    • +
  • HEIF image processing is unavailable
    • +
  • Video thumbnails are unavailable
    • +
+ + https://www.autopsy.com/ + https://github.com/sleuthkit/autopsy/issues + https://github.com/sleuthkit/autopsy + + Science + Security + + + forensics + dfir + sleuthkit + disk + + + + +

See the GitHub release page for full release notes.

+ + https://github.com/sleuthkit/autopsy/releases/tag/autopsy-4.23.0 + + + + diff --git a/org.sleuthkit.Autopsy.yaml b/org.sleuthkit.Autopsy.yaml new file mode 100644 index 00000000000..b18a7398e24 --- /dev/null +++ b/org.sleuthkit.Autopsy.yaml @@ -0,0 +1,319 @@ +# Flatpak manifest for Autopsy digital forensics platform. +# Build with: flatpak-builder --force-clean build-dir org.sleuthkit.Autopsy.yaml +# Bundle with: flatpak build-bundle ~/.local/share/flatpak/repo autopsy.flatpak org.sleuthkit.Autopsy +# Install with: flatpak install --user autopsy.flatpak +# Run with: flatpak run org.sleuthkit.Autopsy +# +# Note: Hugepages for Solr (/sys/kernel/mm/hugepages) are not accessible in Flatpak's +# sandbox. Solr runs without hugepages, which is a performance trade-off, not a blocker. +# Users needing raw block-device access should run: flatpak run --device=all org.sleuthkit.Autopsy + +id: org.sleuthkit.Autopsy +runtime: org.freedesktop.Platform +runtime-version: '25.08' +sdk: org.freedesktop.Sdk +sdk-extensions: + - org.freedesktop.Sdk.Extension.openjdk17 +command: autopsywrapper.sh + +build-options: + # --share=network allows the autopsy module's ant build-zip to download the NetBeans + # platform and Maven deps at build time. Acceptable since this is a non-Flathub package. + build-args: + - --share=network + env: + JAVA_HOME: /usr/lib/sdk/openjdk17/jvm/openjdk-17 + PATH: /usr/lib/sdk/openjdk17/bin:/app/ant/bin:/app/bin:/usr/bin:/bin + +finish-args: + - --device=all + - --filesystem=home + - --filesystem=/media:ro + - --filesystem=/mnt:ro + - --filesystem=/run/media:ro + - --share=network + - --share=ipc + - --socket=x11 + - --socket=pulseaudio + - --env=jdkhome=/app/jdk + - --env=JAVA_HOME=/app/jdk + - --env=SOLR_JAVA_HOME=/app/jdk + - --env=LD_LIBRARY_PATH=/app/lib + - --env=PERL5LIB=/app/lib/perl5/5.42/x86_64-linux-gnu:/app/lib/perl5/5.42:/app/lib/perl5/vendor_perl/5.42/x86_64-linux-gnu:/app/lib/perl5/vendor_perl/5.42 + - --env=SOLR_LOGS_DIR=/var/data/autopsy/solr/logs + - --env=SOLR_PID_DIR=/var/data/autopsy/solr/logs + +modules: + + - name: openjdk + buildsystem: simple + build-commands: + # install.sh places the JDK at /app/jre; symlink /app/jdk so that the + # jdkhome env var and Autopsy's launcher both resolve correctly. + - /usr/lib/sdk/openjdk17/install.sh + - ln -s /app/jre /app/jdk + sources: [] + + - name: ant + buildsystem: simple + sources: + - type: archive + url: https://archive.apache.org/dist/ant/binaries/apache-ant-1.10.15-bin.tar.gz + sha256: 71334d7e5d98cfe53d6c429a648a5021137a967378667306c5f613dff5180506 + build-commands: + - mkdir -p /app/ant + - cp -rp . /app/ant/ + + # libewf-legacy provides the API (libewf_handle_read_random) expected by both + # sleuthkit 4.15.0 and testdisk 7.2. The newer experimental libewf removed that API. + - name: libewf + buildsystem: autotools + config-opts: + - --enable-python=no + - --enable-static=no + sources: + - type: archive + url: https://github.com/libyal/libewf-legacy/releases/download/20140816/libewf-20140816.tar.gz + sha256: 6b2d078fb3861679ba83942fea51e9e6029c37ec2ea0c37f5744256d6f7025a9 + + - name: libafflib + buildsystem: simple + sources: + - type: archive + url: https://github.com/sshock/AFFLIBv3/archive/refs/tags/v3.7.22.tar.gz + sha256: 67481fc520ff927bf61aea0bf2d660feb73e24cc329335bebb064f8f12115dcb + build-commands: + - autoreconf -i + - ./configure --prefix=/app --enable-static=no + - make -j$(nproc) + - make install + + - name: libvmdk + buildsystem: autotools + config-opts: + - --enable-static=no + sources: + - type: archive + url: https://github.com/libyal/libvmdk/releases/download/20240510/libvmdk-alpha-20240510.tar.gz + sha256: 985966c252cb9cf252e594830f0889f7b74250604b1d5705c799b120e66b9b9c + + - name: libvhdi + buildsystem: autotools + config-opts: + - --enable-static=no + sources: + - type: archive + url: https://github.com/libyal/libvhdi/releases/download/20251119/libvhdi-alpha-20251119.tar.gz + sha256: 026cc41e506bef433999090a777519a3cb471510dc352fa44d6867cf6a0e7990 + + - name: libvslvm + buildsystem: autotools + config-opts: + - --enable-static=no + sources: + - type: archive + url: https://github.com/libyal/libvslvm/releases/download/20240504/libvslvm-experimental-20240504.tar.gz + sha256: 7217676f74ba145f9c2ba6b1c6296d7fa041c2ab2673d34dc06b53511aa65833 + + - name: testdisk + buildsystem: autotools + sources: + - type: archive + url: https://www.cgsecurity.org/testdisk-7.2.tar.bz2 + sha256: f8343be20cb4001c5d91a2e3bcd918398f00ae6d8310894a5a9f2feb813c283f + + - name: sleuthkit + buildsystem: simple + sources: + - type: git + url: https://github.com/sleuthkit/sleuthkit.git + tag: sleuthkit-4.15.0 + # ivy bootstrap JAR — placed in ANT_HOME/lib so init-ivy can load it without downloading + - type: file + url: https://repo1.maven.org/maven2/org/apache/ivy/ivy/2.5.0/ivy-2.5.0.jar + sha256: 2f4c835b52311df922f8a8eb057843de5485088b234ccd03e478b9066b5e6bfc + dest-filename: ivy-2.5.0.jar + # Maven dependencies pre-placed in bindings/java/lib/ for offline Ant build (-Doffline=true) + - type: file + url: https://repo1.maven.org/maven2/joda-time/joda-time/2.13.1/joda-time-2.13.1.jar + sha256: a9be47b46390f7a6dabacc7c055b4feb6fb8f2225477a7270a8233b296e26677 + dest: bindings/java/lib + dest-filename: joda-time-2.13.1.jar + - type: file + url: https://repo1.maven.org/maven2/com/google/guava/guava/33.4.0-jre/guava-33.4.0-jre.jar + sha256: b918c98a7e44dbe94ebd9fe3e40cddaadb5a93e6a78eb6008b42df237241e538 + dest: bindings/java/lib + dest-filename: guava-33.4.0-jre.jar + - type: file + url: https://repo1.maven.org/maven2/com/google/guava/failureaccess/1.0.2/failureaccess-1.0.2.jar + sha256: 8a8f81cf9b359e3f6dfa691a1e776985c061ef2f223c9b2c80753e1b458e8064 + dest: bindings/java/lib + dest-filename: failureaccess-1.0.2.jar + - type: file + url: https://repo1.maven.org/maven2/org/apache/commons/commons-lang3/3.17.0/commons-lang3-3.17.0.jar + sha256: 6ee731df5c8e5a2976a1ca023b6bb320ea8d3539fbe64c8a1d5cb765127c33b4 + dest: bindings/java/lib + dest-filename: commons-lang3-3.17.0.jar + - type: file + url: https://repo1.maven.org/maven2/commons-validator/commons-validator/1.9.0/commons-validator-1.9.0.jar + sha256: c3c14748e2d78db58df88808740711bd643b32c45ffa7b8a739f00fb467cd7d7 + dest: bindings/java/lib + dest-filename: commons-validator-1.9.0.jar + - type: file + url: https://repo1.maven.org/maven2/com/google/code/gson/gson/2.12.1/gson-2.12.1.jar + sha256: ebee13d5fb7477cd7f1cc010e0c356df8ca80709715248da97f79e35ccb4fbec + dest: bindings/java/lib + dest-filename: gson-2.12.1.jar + - type: file + url: https://repo1.maven.org/maven2/junit/junit/4.13.2/junit-4.13.2.jar + sha256: 8e495b634469d64fb8acfa3495a065cbacc8a0fff55ce1e31007be4c16dc57d3 + dest: bindings/java/lib + dest-filename: junit-4.13.2.jar + - type: file + url: https://repo1.maven.org/maven2/io/github/java-diff-utils/java-diff-utils/4.12/java-diff-utils-4.12.jar + sha256: 9990a2039778f6b4cc94790141c2868864eacee0620c6c459451121a901cd5b5 + dest: bindings/java/lib + dest-filename: java-diff-utils-4.12.jar + - type: file + url: https://repo1.maven.org/maven2/org/xerial/sqlite-jdbc/3.49.1.0/sqlite-jdbc-3.49.1.0.jar + sha256: 5c8609d2ca341deb8c6f71778974b5ba4995c7d32d7c7c89d9392a3e72c39291 + dest: bindings/java/lib + dest-filename: sqlite-jdbc-3.49.1.0.jar + - type: file + url: https://repo1.maven.org/maven2/org/postgresql/postgresql/42.7.5/postgresql-42.7.5.jar + sha256: 69020b3bd20984543e817393f2e6c01a890ef2e37a77dd11d6d8508181d079ab + dest: bindings/java/lib + dest-filename: postgresql-42.7.5.jar + - type: file + url: https://repo1.maven.org/maven2/com/mchange/c3p0/0.12.0/c3p0-0.12.0.jar + sha256: 4d85a7d4643a22df7e9e21a159e022de462530727443ec83d190321eb305851d + dest: bindings/java/lib + dest-filename: c3p0-0.12.0.jar + - type: file + url: https://repo1.maven.org/maven2/com/mchange/mchange-commons-java/0.4.0/mchange-commons-java-0.4.0.jar + sha256: fd88e385a38df7701177b076e35048a841dc5df1118c6b2d860bba08c41bc0b6 + dest: bindings/java/lib + dest-filename: mchange-commons-java-0.4.0.jar + - type: file + url: https://repo1.maven.org/maven2/com/zaxxer/SparseBitSet/1.3/SparseBitSet-1.3.jar + sha256: f76b85adb0c00721ae267b7cfde4da7f71d3121cc2160c9fc00c0c89f8c53c8a + dest: bindings/java/lib + dest-filename: SparseBitSet-1.3.jar + # case-uco sub-module uses older gson 2.8.5 and junit 4.12 with their own lib/ dir + - type: file + url: https://repo1.maven.org/maven2/com/google/code/gson/gson/2.8.5/gson-2.8.5.jar + sha256: 233a0149fc365c9f6edbd683cfe266b19bdc773be98eabdaf6b3c924b48e7d81 + dest: case-uco/java/lib + dest-filename: gson-2.8.5.jar + - type: file + url: https://repo1.maven.org/maven2/junit/junit/4.12/junit-4.12.jar + sha256: 59721f0805e223d84b90677887d9ff567dc534d7c502ca903c0c2b17f05c116a + dest: case-uco/java/lib + dest-filename: junit-4.12.jar + - type: file + url: https://repo1.maven.org/maven2/org/hamcrest/hamcrest-core/1.3/hamcrest-core-1.3.jar + sha256: 66fdef91e9739348df7a096aa384a5685f4e875584cce89386a7a47251c4d8e9 + dest: case-uco/java/lib + dest-filename: hamcrest-core-1.3.jar + build-options: + env: + JAVA_HOME: /usr/lib/sdk/openjdk17/jvm/openjdk-17 + # Points ivy.home to /app/ant so init-ivy finds ivy.jar in /app/ant/lib/ + IVY_HOME: /app/ant + build-commands: + - cp ivy-2.5.0.jar /app/ant/lib/ivy.jar + - ./bootstrap + # --enable-offline makes the Makefile pass -Doffline=true to Ant, skipping Maven downloads. + # JARs pre-placed in bindings/java/lib/ (via sources above) are used instead. + - ./configure --prefix=/app --enable-java --enable-offline + # Redirect default-jar-location away from /usr/share/java (read-only in SDK) to the + # same lib/ dir that already contains all pre-placed Maven JARs. + - sed -i "s|location=\"/usr/share/java\"|location=\"$(pwd)/bindings/java/lib\"|" bindings/java/build.xml + - make -j$(nproc) + - make install + # Create TSK_HOME stub: Autopsy's build.xml (getTSKJars target) expects the source-tree + # layout of sleuthkit (bindings/java/dist/, case-uco/java/dist/, bindings/java/lib/). + # Since the build dir is gone after this module, we persist these artifacts to /app/tsk-build/. + - mkdir -p /app/tsk-build/bindings/java/dist /app/tsk-build/bindings/java/lib /app/tsk-build/case-uco/java/dist + - cp bindings/java/dist/sleuthkit-4.15.0.jar /app/tsk-build/bindings/java/dist/ + - cp case-uco/java/dist/sleuthkit-caseuco-4.15.0.jar /app/tsk-build/case-uco/java/dist/ + - cp bindings/java/lib/sqlite-jdbc-3.49.1.0.jar /app/tsk-build/bindings/java/lib/ + - cp bindings/java/lib/postgresql-42.7.5.jar /app/tsk-build/bindings/java/lib/ + - cp bindings/java/lib/c3p0-0.12.0.jar /app/tsk-build/bindings/java/lib/ + - cp bindings/java/lib/mchange-commons-java-0.4.0.jar /app/tsk-build/bindings/java/lib/ + - cp bindings/java/lib/SparseBitSet-1.3.jar /app/tsk-build/bindings/java/lib/ + + # perl is in the SDK but not the Platform runtime. Copy the binary, libperl.so, + # and stdlib modules so that the Recent Activity module's regripper scripts work. + - name: perl + buildsystem: simple + build-commands: + - install -Dm755 /usr/bin/perl /app/bin/perl + - install -Dm755 /usr/lib/perl5/5.42/x86_64-linux-gnu/CORE/libperl.so /app/lib/libperl.so + - cp -a /usr/lib/perl5/ /app/lib/perl5/ + sources: [] + + - name: autopsy + buildsystem: simple + sources: + - type: dir + path: . + build-options: + env: + JAVA_HOME: /usr/lib/sdk/openjdk17/jvm/openjdk-17 + TSK_JAVA_LIB_PATH: /app/share/java + # TSK_HOME must point to the sleuthkit source/build tree layout that Autopsy's + # Core/build.xml (getTSKJars target) expects. We persist it from the sleuthkit + # module to /app/tsk-build/. + TSK_HOME: /app/tsk-build + build-commands: + # Patch ExtractRegistry to find perl at /app/bin/perl (Flatpak bundles perl there; + # the Platform runtime does not include perl, only the SDK does). + - | + python3 -c " + path = 'RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java' + with open(path) as f: + s = f.read() + old = ' } else {\n throw new IngestModuleException(\"perl not found in your system\");\n }' + new = (' } else if (new File(\"/app/bin/perl\").canExecute()) {\n' + ' perl = \"/app/bin/perl\";\n' + ' } else {\n' + ' throw new IngestModuleException(\"perl not found in your system\");\n' + ' }') + assert old in s, 'Pattern not found — check ExtractRegistry.java for upstream changes' + with open(path, 'w') as f: + f.write(s.replace(old, new, 1)) + print('Patched ExtractRegistry.java: added /app/bin/perl fallback') + " + # Build Autopsy ZIP (NetBeans platform is downloaded if missing) + - | + NETBEANS_PLAT_VER=$(grep "netbeans-plat-version=" nbproject/platform.properties | cut -d'=' -f2) + AUTOPSY_PLATFORM_PATH="$(pwd)/netbeans-plat/$NETBEANS_PLAT_VER" + AUTOPSY_HARNESS_PATH="$AUTOPSY_PLATFORM_PATH/harness" + ant -Dnbplatform.active.dir="$AUTOPSY_PLATFORM_PATH" \ + -Dnbplatform.default.harness.dir="$AUTOPSY_HARNESS_PATH" \ + build-zip + + # Move the built directory into /app/autopsy. + # ant build-zip produces dist/autopsy-${version}/ (a directory, not a zip). + - | + set -e + AUTOPSY_DIR=$(find dist -maxdepth 1 -name "autopsy-*" -type d | head -1) + echo "Autopsy dir: $AUTOPSY_DIR" + test -n "$AUTOPSY_DIR" && test -d "$AUTOPSY_DIR" || { echo "ERROR: autopsy directory not found in dist/"; exit 1; } + mv "$AUTOPSY_DIR" /app/autopsy + + # Run unix_setup.sh to copy TSK JAR and set permissions + - | + cd /app/autopsy + chmod +x unix_setup.sh + TSK_JAVA_LIB_PATH=/app/share/java JAVA_HOME=/app/jdk ./unix_setup.sh + + # Install wrapper and desktop integration + - install -Dm755 flatpak/autopsywrapper.sh /app/autopsy/bin/autopsywrapper.sh + # Symlink into /app/bin so the .desktop Exec line resolves at runtime + # (the runtime PATH only includes /app/bin, not /app/autopsy/bin). + - ln -sf /app/autopsy/bin/autopsywrapper.sh /app/bin/autopsywrapper.sh + - install -Dm644 flatpak/org.sleuthkit.Autopsy.desktop /app/share/applications/org.sleuthkit.Autopsy.desktop + - install -Dm644 flatpak/org.sleuthkit.Autopsy.metainfo.xml /app/share/metainfo/org.sleuthkit.Autopsy.metainfo.xml + - install -Dm644 snap/gui/autopsy.png /app/share/icons/hicolor/256x256/apps/org.sleuthkit.Autopsy.png