mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-06 21:00:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

updates

Browse Source
This commit is contained in:
Greg DiCristofaro 2023-08-07 09:10:16 -04:00
commit 78396d10c4
2 changed files with 181 additions and 112 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
snap/README.md
View File

@ -1,15 +1,17 @@
## Installing Snap ## Installing Snap
An Autopsy [snap package](https://snapcraft.io/) file can be installed by running `sudo snap install autopsy.snap --classic --dangerous`. The `--classic` flag gives the snap package access to necessary system resources (see [confinement](https://snapcraft.io/docs/snap-confinement) for more information) and `--dangerous` needs to be specified because the snap package isn't signed (see [install modes](https://snapcraft.io/docs/install-modes#heading--dangerous) for more information). An Autopsy [snap package](https://snapcraft.io/) file can be installed by running `sudo snap install --dangerous autopsy.snap`. The `--dangerous` needs to be specified because the snap package isn't signed (see [install modes](https://snapcraft.io/docs/install-modes#heading--dangerous) for more information). Super-priveleged may need to be connected. This can be done manually by running `snap connections autopsy` to determine any missing connections, and then running `snap connect autopsy:home` replacing `home` with the name of the plug. Another option is to run this script, which will connect all missing plugs: `snap connections autopsy | sed -nE 's/^[^ ]* *([^ ]*) *- *- *$/\1/p' | xargs -I{} sudo snap connect {}`. One other possible option may be to install the application with `--devmode` instead of `--dangerous`.
## Running Autopsy
After installing Autopsy, you should be able to run with `autopsy`. Snap also typically installs a `.desktop` file for your launcher. If you want to perform an ingest on a local disk, you will need to run with permissions for disks in the `/dev` folder. On Ubuntu, that command will be `sudo -g disk autopsy` as `disk` group permissions will give access to that folder.
## Generating The Snap Package ## Generating The Snap Package
A [snap package](https://snapcraft.io/) of Autopsy can be generated using the [`snapcraft.yml`](./snapcraft.yaml) file. You will need [snapcraft](https://snapcraft.io/) on your system and [lxd](https://snapcraft.io/lxd) works well for virtualization while building the snap package. Since snapcraft needs virtualization to create the snap package, your computer's hardware will need to support virtualization and any relevant settings will need to be enabled. From testing as of November 2022, VirtualBox and WSL are not good build environments. Once the development environment has been set up, a snap package can be built with this command: `snapcraft --use-lxd --debug` run from this directory. A [snap package](https://snapcraft.io/) of Autopsy can be generated using the [`snapcraft.yml`](./snapcraft.yaml) file. You will need [snapcraft](https://snapcraft.io/) on your system and [lxd](https://snapcraft.io/lxd) works well for virtualization while building the snap package. Since snapcraft needs virtualization to create the snap package, your computer's hardware will need to support virtualization and any relevant settings will need to be enabled. From testing as of November 2022, VirtualBox and WSL are not good build environments. Once the development environment has been set up, a snap package can be built with this command: `snapcraft --use-lxd --debug` run from this directory. If you want to build async, but still get logs, you can run something like this: `nohup snapcraft --use-lxd --debug > ./output.log 2>&1 < /dev/null &`.
## Updating Versions for Snap ## Updating Versions for Snap
The version of Autopsy in the [`snapcraft.yml`](./snapcraft.yaml) can be updated by calling [`version_update.py`](./version_update/version_update.py) with a command like `python version_update.py -s sleuthkit_release_tag -a autopsy_release_tag -v snapcraft_version_name`. You will likely need to install the python dependencies in the [requirements.txt](./version_update/requirements.txt) with a command like: `pip install -r requirements.txt`. The version of Autopsy in the [`snapcraft.yml`](./snapcraft.yaml) can be updated by calling [`version_update.py`](./version_update/version_update.py) with a command like `python version_update.py -s sleuthkit_release_tag -a autopsy_release_tag -v snapcraft_version_name`. You will likely need to install the python dependencies in the [requirements.txt](./version_update/requirements.txt) with a command like: `pip install -r requirements.txt`.
The version of Autopsy can be updated manually by modifying fields relating to git repositories and commits in [`snapcraft.yml`](./snapcraft.yaml) under `parts.autopsy` and `parts.sleuthkit`. Specifically `source`, `source-branch`, and `source-tag`. More information can be found [here](https://snapcraft.io/docs/snapcraft-yaml-reference). The version of Autopsy can be updated manually by modifying fields relating to git repositories and commits in [`snapcraft.yml`](./snapcraft.yaml) under `parts.autopsy` and `parts.sleuthkit`. Specifically `source`, `source-branch`, and `source-tag`. More information can be found [here](https://snapcraft.io/docs/snapcraft-yaml-reference).
*There is more information in Jira 8425.*

165
snap/snapcraft.yaml
View File

@ -1,14 +1,39 @@
# OVERVIEW:
# Snap packages are an application and everything needed for that application bundled into a package: https://snapcraft.io/docs/snapcraft
# Snapd can be installed on the following systems: https://snapcraft.io/docs/installing-snapd
# Snap packages can be released to the store: https://snapcraft.io/docs/releasing-to-the-snap-store
# Classic confinement apps and Strict confinement apps using super-priveleged interfaces (https://snapcraft.io/docs/super-privileged-interfaces) will require special approval.
#
# DEVELOPMENT / DEBUG:
# snappy debug can be used to identify apparmor/confinement violations: https://snapcraft.io/docs/debug-snaps#heading--snappy-debug
# building snaps with lxd/multipass requires hardware assisted virtualization: https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.vm_admin.doc/GUID-2A98801C-68E8-47AF-99ED-00C63E4857F6.html, https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.vm_admin.doc/GUID-F920A3C7-3B42-4E78-8EA7-961E49AF479D.html
# build provider information can be found here: https://snapcraft.io/docs/build-providers, https://snapcraft.io/docs/build-options
# A command like the following will run snapcraft in the background to build a snap package and write output to log `nohup snapcraft --use-lxd --debug > ./output.log 2>&1 < /dev/null &``. This must be run from the directory above `snap`
# Information on debugging snaps can be found here (in particular `snap try` can mount a filesystem as a snap, `snap run --shell autopsy.autopsy` can show shell with env vars like snap ): https://snapcraft.io/docs/debug-snaps, https://snapcraft.io/docs/snap-try
#
# INSTALLATION:
# Some options for installation can be found here: https://snapcraft.io/docs/install-modes
# Snap uses assertions to digitally sign snaps (https://snapcraft.io/docs/assertions). Otherwise, snaps need to be installed with the `--dangerous` flag
# it would be best to install autopsy with `sudo snap install --dangerous autopsy` and then connect all super-priveleged interfaces or `sudo snap install --dangerous --devmode autopsy``
# yaml reference here: https://snapcraft.io/docs/snapcraft-yaml-reference
# sample yaml files here: https://github.com/videolan/vlc/blob/master/extras/package/snap/snapcraft.yaml, https://github.com/canonical/firefox-snap/blob/stable/snapcraft.yaml
name: autopsy name: autopsy
# core22 brings along linting for share object library paths as well as improvements to get java gstreamer working # more on base snaps here: https://snapcraft.io/docs/base-snaps
base: core20 # core is based on corresponding ubuntu version. ubuntu version information can be found here: https://wiki.ubuntu.com/Releases
base: core22
version: 4.20.0 version: 4.20.0
summary: A graphical interface to The Sleuth Kit and other digital forensics tools. # 79 char long summary summary: A graphical interface to The Sleuth Kit and other digital forensics tools. # 79 char long summary
description: Autopsy is a graphical interface to The Sleuth Kit and other open source description: Autopsy is a graphical interface to The Sleuth Kit and other open source digital forensics tools.
digital forensics tools. source-code: https://github.com/sleuthkit/autopsy/
website: https://www.autopsy.com/
license: Apache-2.0
grade: stable # must be 'stable' to release into candidate/stable channels grade: stable # must be 'stable' to release into candidate/stable channels
# TODO look into turning back to strict for easier store inclusion but more limited usage # Options include 'strict' and 'classic'. 'Strict' is greatly preferred to 'classic'. More information here: https://snapcraft.io/docs/snap-confinement
confinement: classic # use 'strict' once you have the right plugs and slots # classic confinement does not chroot so elf records need to be patched to point to relative paths: https://snapcraft.io/blog/the-new-classic-confinement-in-snaps-even-the-classics-need-a-change, https://snapcraft.io/docs/linters-classic#heading--issues-auto, https://docs.oracle.com/cd/E19683-01/816-1386/chapter3-33/index.html, https://nehckl0.medium.com/creating-relocatable-linux-executables-by-setting-rpath-with-origin-45de573a2e98
confinement: strict
architectures: [amd64] architectures: [amd64]
# information on lzo here: https://snapcraft.io/blog/why-lzo-was-chosen-as-the-new-compression-method
compression: lzo compression: lzo
icon: snap/gui/autopsy.png icon: snap/gui/autopsy.png
@ -16,69 +41,88 @@ plugs:
system-files-autopsy: system-files-autopsy:
interface: system-files interface: system-files
read: [/dev] read: [/dev]
system-files-hugepages:
interface: system-files
read: [/sys/kernel/mm/hugepages]
# may provide ability for online/offline help
browser-sandbox:
interface: browser-support
allow-sandbox: true
slots:
# taken from thunderbird snap: https://github.com/ubuntu/thunderbird/blob/stable/snapcraft.yaml
dbus-daemon:
interface: dbus
bus: session
name: org.sleuthkit.autopsy
apps: apps:
autopsy: autopsy:
# more on env vars here: https://snapcraft.io/docs/environment-variables
environment: environment:
jdkhome: $SNAP/usr/lib/jvm/java-17-openjdk-amd64 jdkhome: $SNAP/usr/lib/jvm/java-17-openjdk-amd64
# provide means for java gstreamer to find gstreamer libs HOME: "$SNAP_USER_COMMON"
jreflags: $jreflags "-Djna.library.path=$SNAP/usr/lib/x86_64-linux-gnu" SOLR_JAVA_HOME: $SNAP/usr/lib/jvm/java-17-openjdk-amd64
# provide means for java gstreamer to find gstreamer libs with jna.library.path
# set user home to new home value to avoid issues writing cache files to home
# can also specify '-Djdk.gtk.verbose=true' for gtk verbose logging: https://stackoverflow.com/a/22457177
jreflags: $jreflags '-Djdk.gtk.version=3' '-Duser.home=$SNAP_USER_COMMON' '-Djava.io.tmpdir=$SNAP_USER_COMMON/tmp' '-Djna.library.path=$SNAP_DESKTOP_RUNTIME/usr/lib/x86_64-linux-gnu:$SNAP/usr/local/lib'
# to load libtsk.so
LD_LIBRARY_PATH: $SNAP/usr/local/lib:$LD_LIBRARY_PATH LD_LIBRARY_PATH: $SNAP/usr/local/lib:$LD_LIBRARY_PATH
# make sure path is set up to ensure things like photorec are found # make sure path is set up to ensure things like photorec are found
PATH: $SNAP/usr/bin:$SNAP/usr/local/bin:$PATH PATH: $SNAP/usr/bin:$SNAP/usr/local/bin:$PATH
# gstreamer scans for plugins (i.e. app integration plugins). this tells gstreamer where to look for the scanner and libraries # gstreamer scans for plugins (i.e. app integration plugins). this tells gstreamer where to look for the scanner and libraries
GST_PLUGIN_SYSTEM_PATH: $SNAP/usr/lib/x86_64-linux-gnu/gstreamer-1.0 # more information here: https://forum.snapcraft.io/t/trouble-with-ros-and-gstreamer/5518/6
GST_PLUGIN_SCANNER: $SNAP/usr/lib/x86_64-linux-gnu/gstreamer1.0/gstreamer-1.0/gst-plugin-scanner GST_PLUGIN_SYSTEM_PATH: $SNAP_DESKTOP_RUNTIME/usr/lib/x86_64-linux-gnu/gstreamer-1.0:$SNAP/usr/lib/x86_64-linux-gnu/gstreamer-1.0:$GST_PLUGIN_SYSTEM_PATH
SOLR_LOGS_DIR: $HOME/.autopsy/dev/solr/logs GST_PLUGIN_SCANNER: $SNAP_DESKTOP_RUNTIME/usr/lib/x86_64-linux-gnu/gstreamer1.0/gstreamer-1.0/gst-plugin-scanner
SOLR_PID_DIR: $HOME/.autopsy/dev/solr/logs SOLR_LOGS_DIR: $SNAP_USER_COMMON/.autopsy/dev/solr/logs
command: autopsy/bin/autopsy SOLR_PID_DIR: $SNAP_USER_COMMON/.autopsy/dev/solr/logs
# taken from thunderbird snap: https://github.com/ubuntu/thunderbird/blob/stable/snapcraft.yaml
DISABLE_WAYLAND: 1
GTK_USE_PORTAL: 1
command: autopsy/bin/autopsywrapper.sh
# More gnome info here: https://snapcraft.io/docs/gnome-extension
extensions: [gnome]
common-id: org.sleuthkit.autopsy common-id: org.sleuthkit.autopsy
plugs: plugs:
# taken from https://snapcraft.io/docs/supported-interfaces # taken from https://snapcraft.io/docs/supported-interfaces
- audio-playback - audio-playback
- avahi-observe
- block-devices - block-devices
- cifs-mount - browser-sandbox
- daemon-notify
- desktop - desktop
- desktop-launch - desktop-launch
- desktop-legacy - desktop-legacy
- dm-crypt - dm-crypt
- firewall-control
- fuse-support - fuse-support
- gsettings
- hardware-observe - hardware-observe
- home - home
- hugepages-control
- kernel-crypto-api - kernel-crypto-api
- log-observe
- mount-observe - mount-observe
- network - network
- network-manager - network-bind
- network-observe - network-observe
- network-setup-observe - network-setup-observe
- network-status - network-status
- opengl - opengl
- optical-drive - optical-drive
- pulseaudio
- raw-input
- raw-usb
- removable-media - removable-media
- sd-control
- system-files-autopsy - system-files-autopsy
- system-files-hugepages
- system-observe - system-observe
- system-trace slots:
- udisks2 - dbus-daemon
- unity7
- unity8
- wayland
- x11
parts: parts:
sleuthkit: sleuthkit:
# more information on plugins here: https://snapcraft.io/docs/supported-plugins
plugin: autotools plugin: autotools
source: https://github.com/sleuthkit/sleuthkit.git source: https://github.com/sleuthkit/sleuthkit.git
source-branch: develop source-branch: develop
#source-tag: sleuthkit-4.12.0 #source-tag: sleuthkit-4.12.0
build-environment: [JAVA_HOME: /usr/lib/jvm/java-17-openjdk-amd64] build-environment: [JAVA_HOME: /usr/lib/jvm/java-17-openjdk-amd64]
# information on packages here: https://snapcraft.io/docs/package-repositories
build-packages: build-packages:
- build-essential - build-essential
- autoconf - autoconf
@ -97,7 +141,6 @@ parts:
- libvhdi-dev - libvhdi-dev
- libvmdk-dev - libvmdk-dev
stage-packages: stage-packages:
- build-essential
- libpq-dev - libpq-dev
- testdisk - testdisk
- libafflib-dev - libafflib-dev
@ -106,6 +149,7 @@ parts:
- libvmdk-dev - libvmdk-dev
autopsy: autopsy:
after: [sleuthkit] after: [sleuthkit]
# information on packages here: https://snapcraft.io/docs/package-repositories
build-packages: build-packages:
- zip - zip
- unzip - unzip
@ -114,34 +158,27 @@ parts:
- ant - ant
- doxygen - doxygen
stage-packages: stage-packages:
- libde265-dev # lib heif reqs
- libheif-dev - libheif-dev
- libde265-dev
# pg reqs
- libpq-dev - libpq-dev
- testdisk - testdisk
- libgstreamer1.0-0 # libgstreamer additional plugin reqs that aren't in gnome package extension: https://snapcraft.io/docs/gnome-extension, https://github.com/ubuntu/gnome-sdk/blob/gnome-42-2204/snapcraft.yaml
- gstreamer1.0-plugins-base
- gstreamer1.0-plugins-good
- gstreamer1.0-plugins-bad - gstreamer1.0-plugins-bad
- gstreamer1.0-plugins-ugly - gstreamer1.0-plugins-ugly
- gstreamer1.0-libav - gstreamer1.0-libav
- gstreamer1.0-tools # java req
- gstreamer1.0-x
- gstreamer1.0-alsa
- gstreamer1.0-gl
- gstreamer1.0-gtk3
- gstreamer1.0-qt5
- gstreamer1.0-pulseaudio
- openjdk-17-jdk
- openjdk-17-jre - openjdk-17-jre
- perl # needed by solr to determine locally running ports
- lsof
plugin: nil plugin: nil
# source: https://github.com/sleuthkit/autopsy.git source: https://github.com/sleuthkit/autopsy.git
source: https://github.com/gdicristofaro/autopsy.git source-branch: develop
# source-branch: develop
source-branch: 8425-snap
build-environment: build-environment:
- JAVA_HOME: /usr/lib/jvm/java-17-openjdk-amd64 - JAVA_HOME: /usr/lib/jvm/java-17-openjdk-amd64
- TSK_JAVA_LIB_PATH: $SNAPCRAFT_STAGE/usr/local/share/java - TSK_JAVA_LIB_PATH: $SNAPCRAFT_STAGE/usr/local/share/java
# information on parts environment variables here: https://snapcraft.io/docs/parts-environment-variables
override-build: | override-build: |
# ----- BUILD ZIP ----- # ----- BUILD ZIP -----
AUTOPSY_SRC_PATH=$(pwd) AUTOPSY_SRC_PATH=$(pwd)
@ -169,6 +206,36 @@ parts:
# snaps run applications with different permissions. This ensures applications can run. # snaps run applications with different permissions. This ensures applications can run.
chmod 755 "$AUTOPSY_LOCATION/bin/autopsy" chmod 755 "$AUTOPSY_LOCATION/bin/autopsy"
# include this line to print all set variables # wrapper to setup temp dir if not exists; also could be easily modified for debugging purposes with snap try: https://snapcraft.io/docs/snap-try
# sed -i '129 i set -o posix ; echo $(set) >&2 ; ls -l "${jdkhome}/bin/java"' "$AUTOPSY_LOCATION/platform/lib/nbexec" cat <<EOF > $AUTOPSY_LOCATION/bin/autopsywrapper.sh
#!/bin/bash
mkdir -p \$SNAP_USER_COMMON/tmp
echo Starting Autopsy...
\$SNAP/autopsy/bin/autopsy
EOF
chmod 755 $AUTOPSY_LOCATION/bin/autopsywrapper.sh
# taken from https://github.com/ubuntu/gnome-recipes/blob/stable/snapcraft.yaml to clean out files present in core/extensions as well.
cleanup:
after: [autopsy]
plugin: nil
build-snaps: [core22, gtk-common-themes, gnome-42-2204]
override-prime: |
set -eux
for snap in "core22" "gtk-common-themes" "gnome-42-2204"; do
cd "/snap/$snap/current" && find . -type f,l -name *.so.* -exec rm -f "$CRAFT_PRIME/{}" \;
done
# remove cross-installed repeated libraries (in /usr/lib in the SDK, but in /usr/lib/TRIPLET
# here, and the opposite)
for snap in "core22" "gnome-42-2204"; do
cd "/snap/$snap/current/usr/lib"
for filename in [ *.so* ]; do
rm -f "$CRAFT_PRIME/usr/lib/$CRAFT_ARCH_TRIPLET/$filename"
done
cd "/snap/$snap/current/usr/lib/$CRAFT_ARCH_TRIPLET"
for filename in [ *.so* ]; do
rm -f "$CRAFT_PRIME/usr/lib/$filename"
done
done