mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-06 21:00:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #7729 from gdicristofaro/8425-snap

Browse Source 
8425 snap
This commit is contained in:
Mark McKinnon 2023-08-09 14:16:22 -04:00 committed by GitHub
commit ef61a98701
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 356 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
snap/README.md Normal file
View File

@ -0,0 +1,27 @@
## Installing Snap
An Autopsy [snap package](https://snapcraft.io/) file can be installed by running `sudo snap install --dangerous autopsy.snap`. The `--dangerous` needs to be specified because the snap package isn't signed (see [install modes](https://snapcraft.io/docs/install-modes#heading--dangerous) for more information). By default, snap doesn't allow certain interactions with the operating system. These [Super-privileged connections](https://snapcraft.io/docs/super-privileged-interfaces) may need to be connected. This can be done manually by running `snap connections autopsy` to determine any missing connections, and then running `snap connect autopsy:home` replacing `home` with the name of the plug. Another option is to run this script, which will connect all missing plugs: `snap connections autopsy | sed -nE 's/^[^ ]* *([^ ]*) *- *- *$/\1/p' | xargs -I{} sudo snap connect {}`. One other possible option may be to install the application with `--devmode` instead of `--dangerous`. The `--devmode` flag is more permissive and will allow all connections to the operating system. More information on interface management can be found at the [snapcraft website](https://snapcraft.io/docs/interface-management).
## Running Autopsy
After installing Autopsy, you should be able to run with `autopsy`. Snap also typically installs a `.desktop` file for your launcher. If you want to perform an ingest on a local disk, you will need to run with permissions for disks in the `/dev` folder. On Ubuntu, that command will be `sudo -g disk autopsy` as `disk` group permissions will give access to that folder.
## Generating The Snap Package
A [snap package](https://snapcraft.io/) of Autopsy can be generated using the [`snapcraft.yml`](./snapcraft.yaml) file. You will need [snapcraft](https://snapcraft.io/) on your system and [lxd](https://snapcraft.io/lxd) works well for virtualization while building the snap package. Since snapcraft needs virtualization to create the snap package, your computer's hardware will need to support virtualization and any relevant settings will need to be enabled. From testing as of November 2022, VirtualBox and WSL are not good build environments. Once the development environment has been set up, a snap package can be built with this command: `snapcraft --use-lxd --debug` run from this directory. If you want to build async, but still get logs, you can run something like this: `nohup snapcraft --use-lxd --debug > ./output.log 2>&1 < /dev/null &`.
## Updating Versions for Snap
The version of Autopsy in the [`snapcraft.yml`](./snapcraft.yaml) can be updated by calling [`version_update.py`](./version_update/version_update.py) with a command like `python version_update.py -s sleuthkit_release_tag -a autopsy_release_tag -v snapcraft_version_name`. You will likely need to install the python dependencies in the [requirements.txt](./version_update/requirements.txt) with a command like: `pip install -r requirements.txt`.
The version of Autopsy can be updated manually by modifying fields relating to git repositories and commits in [`snapcraft.yml`](./snapcraft.yaml) under `parts.autopsy` and `parts.sleuthkit`. Specifically `source`, `source-branch`, and `source-tag`. More information can be found [here](https://snapcraft.io/docs/snapcraft-yaml-reference).
## Troubleshooting
### Solr won't run
An error like "Local Solr Server did not respond to status request" or something similar, may indicate that not all snap connections may have been connected. By default, snap doesn't allow certain interactions with the operating system. These [Super-privileged connections](https://snapcraft.io/docs/super-privileged-interfaces) may need to be connected. This can be done manually by running `snap connections autopsy` to determine any missing connections, and then running `snap connect autopsy:home` replacing `home` with the name of the plug. Another option is to run this script, which will connect all missing plugs: `snap connections autopsy | sed -nE 's/^[^ ]* *([^ ]*) *- *- *$/\1/p' | xargs -I{} sudo snap connect {}`. One other possible option may be to install the application with `--devmode` instead of `--dangerous`. The `--devmode` flag is more permissive and will allow all connections to the operating system. More information on interface management can be found at the [snapcraft website](https://snapcraft.io/docs/interface-management).
### There are no local disks for processing
Autopsy looks at the block devices in the `/dev` directory for local disks to process. If autopsy can't read block devices in that directory, it won't show the local disk. In most instances, starting autopsy with a command like `sudo -g disk autopsy` should give autopsy the right permissions to view local disks. This assumes that the `disk` group has read rights to local disks (i.e. `/dev/sda1`). Appropriate permissions can be determined by running something like `ls -l /dev` looking for the permissions required for the local disks. Then autopsy should be started in such a way that the `$USER` and `$HOME` are preserved (i.e. running as root may be problematic), but the user account and, consequently, autopsy, has sufficient permissions to access local disk block devices.

9
snap/gui/autopsy.desktop Normal file
View File

@ -0,0 +1,9 @@
[Desktop Entry]
Name=Autopsy
Comment=A graphical interface to The Sleuth Kit and other digital forensics tools.
GenericName=DFIR Tool.
Exec=autopsy
Icon=${SNAP}/meta/gui/autopsy.png
Type=Application
Categories=Forensics;DFIR
Keywords=autopsy;sleuth;kit;dfir;forensics

BIN
snap/gui/autopsy.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 47 KiB

241
snap/snapcraft.yaml Normal file
View File

@ -0,0 +1,241 @@
# OVERVIEW:
# Snap packages are an application and everything needed for that application bundled into a package: https://snapcraft.io/docs/snapcraft
# Snapd can be installed on the following systems: https://snapcraft.io/docs/installing-snapd
# Snap packages can be released to the store: https://snapcraft.io/docs/releasing-to-the-snap-store
# Classic confinement apps and Strict confinement apps using super-priveleged interfaces (https://snapcraft.io/docs/super-privileged-interfaces) will require special approval.
#
# DEVELOPMENT / DEBUG:
# snappy debug can be used to identify apparmor/confinement violations: https://snapcraft.io/docs/debug-snaps#heading--snappy-debug
# building snaps with lxd/multipass requires hardware assisted virtualization: https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.vm_admin.doc/GUID-2A98801C-68E8-47AF-99ED-00C63E4857F6.html, https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.vm_admin.doc/GUID-F920A3C7-3B42-4E78-8EA7-961E49AF479D.html
# build provider information can be found here: https://snapcraft.io/docs/build-providers, https://snapcraft.io/docs/build-options
# A command like the following will run snapcraft in the background to build a snap package and write output to log `nohup snapcraft --use-lxd --debug > ./output.log 2>&1 < /dev/null &``. This must be run from the directory above `snap`
# Information on debugging snaps can be found here (in particular `snap try` can mount a filesystem as a snap, `snap run --shell autopsy.autopsy` can show shell with env vars like snap ): https://snapcraft.io/docs/debug-snaps, https://snapcraft.io/docs/snap-try
#
# INSTALLATION:
# Some options for installation can be found here: https://snapcraft.io/docs/install-modes
# Snap uses assertions to digitally sign snaps (https://snapcraft.io/docs/assertions). Otherwise, snaps need to be installed with the `--dangerous` flag
# it would be best to install autopsy with `sudo snap install --dangerous autopsy` and then connect all super-priveleged interfaces or `sudo snap install --dangerous --devmode autopsy``
# yaml reference here: https://snapcraft.io/docs/snapcraft-yaml-reference
# sample yaml files here: https://github.com/videolan/vlc/blob/master/extras/package/snap/snapcraft.yaml, https://github.com/canonical/firefox-snap/blob/stable/snapcraft.yaml
name: autopsy
# more on base snaps here: https://snapcraft.io/docs/base-snaps
# core is based on corresponding ubuntu version. ubuntu version information can be found here: https://wiki.ubuntu.com/Releases
base: core22
version: 4.20.0
summary: A graphical interface to The Sleuth Kit and other digital forensics tools. # 79 char long summary
description: Autopsy is a graphical interface to The Sleuth Kit and other open source digital forensics tools.
source-code: https://github.com/sleuthkit/autopsy/
website: https://www.autopsy.com/
license: Apache-2.0
grade: stable # must be 'stable' to release into candidate/stable channels
# Options include 'strict' and 'classic'. 'Strict' is greatly preferred to 'classic'. More information here: https://snapcraft.io/docs/snap-confinement
# classic confinement does not chroot so elf records need to be patched to point to relative paths: https://snapcraft.io/blog/the-new-classic-confinement-in-snaps-even-the-classics-need-a-change, https://snapcraft.io/docs/linters-classic#heading--issues-auto, https://docs.oracle.com/cd/E19683-01/816-1386/chapter3-33/index.html, https://nehckl0.medium.com/creating-relocatable-linux-executables-by-setting-rpath-with-origin-45de573a2e98
confinement: strict
architectures: [amd64]
# information on lzo here: https://snapcraft.io/blog/why-lzo-was-chosen-as-the-new-compression-method
compression: lzo
icon: snap/gui/autopsy.png
plugs:
system-files-autopsy:
interface: system-files
read: [/dev]
system-files-hugepages:
interface: system-files
read: [/sys/kernel/mm/hugepages]
# may provide ability for online/offline help
browser-sandbox:
interface: browser-support
allow-sandbox: true
slots:
# taken from thunderbird snap: https://github.com/ubuntu/thunderbird/blob/stable/snapcraft.yaml
dbus-daemon:
interface: dbus
bus: session
name: org.sleuthkit.autopsy
apps:
autopsy:
# more on env vars here: https://snapcraft.io/docs/environment-variables
environment:
jdkhome: $SNAP/usr/lib/jvm/java-17-openjdk-amd64
HOME: "$SNAP_USER_COMMON"
SOLR_JAVA_HOME: $SNAP/usr/lib/jvm/java-17-openjdk-amd64
# provide means for java gstreamer to find gstreamer libs with jna.library.path
# set user home to new home value to avoid issues writing cache files to home
# can also specify '-Djdk.gtk.verbose=true' for gtk verbose logging: https://stackoverflow.com/a/22457177
jreflags: $jreflags '-Djdk.gtk.version=3' '-Duser.home=$SNAP_USER_COMMON' '-Djava.io.tmpdir=$SNAP_USER_COMMON/tmp' '-Djna.library.path=$SNAP_DESKTOP_RUNTIME/usr/lib/x86_64-linux-gnu:$SNAP/usr/local/lib'
# to load libtsk.so
LD_LIBRARY_PATH: $SNAP/usr/local/lib:$LD_LIBRARY_PATH
# make sure path is set up to ensure things like photorec are found
PATH: $SNAP/usr/bin:$SNAP/usr/local/bin:$PATH
# gstreamer scans for plugins (i.e. app integration plugins). this tells gstreamer where to look for the scanner and libraries
# more information here: https://forum.snapcraft.io/t/trouble-with-ros-and-gstreamer/5518/6
GST_PLUGIN_SYSTEM_PATH: $SNAP_DESKTOP_RUNTIME/usr/lib/x86_64-linux-gnu/gstreamer-1.0:$SNAP/usr/lib/x86_64-linux-gnu/gstreamer-1.0:$GST_PLUGIN_SYSTEM_PATH
GST_PLUGIN_SCANNER: $SNAP_DESKTOP_RUNTIME/usr/lib/x86_64-linux-gnu/gstreamer1.0/gstreamer-1.0/gst-plugin-scanner
SOLR_LOGS_DIR: $SNAP_USER_COMMON/.autopsy/dev/solr/logs
SOLR_PID_DIR: $SNAP_USER_COMMON/.autopsy/dev/solr/logs
# taken from thunderbird snap: https://github.com/ubuntu/thunderbird/blob/stable/snapcraft.yaml
DISABLE_WAYLAND: 1
GTK_USE_PORTAL: 1
command: autopsy/bin/autopsywrapper.sh
# More gnome info here: https://snapcraft.io/docs/gnome-extension
extensions: [gnome]
common-id: org.sleuthkit.autopsy
plugs:
# taken from https://snapcraft.io/docs/supported-interfaces
- audio-playback
- block-devices
- browser-sandbox
- desktop
- desktop-launch
- desktop-legacy
- dm-crypt
- fuse-support
- gsettings
- hardware-observe
- home
- hugepages-control
- kernel-crypto-api
- mount-observe
- network
- network-bind
- network-observe
- network-setup-observe
- network-status
- opengl
- optical-drive
- removable-media
- system-files-autopsy
- system-files-hugepages
- system-observe
slots:
- dbus-daemon
parts:
sleuthkit:
# more information on plugins here: https://snapcraft.io/docs/supported-plugins
plugin: autotools
source: https://github.com/sleuthkit/sleuthkit.git
source-branch: develop
#source-tag: sleuthkit-4.12.0
build-environment: [JAVA_HOME: /usr/lib/jvm/java-17-openjdk-amd64]
# information on packages here: https://snapcraft.io/docs/package-repositories
build-packages:
- build-essential
- autoconf
- libtool
- automake
- zip
- openjdk-17-jdk
- openjdk-17-jre
- ant
- ant-contrib
- ant-optional
- libpq-dev
- testdisk
- libafflib-dev
- libewf-dev
- libvhdi-dev
- libvmdk-dev
stage-packages:
- libpq-dev
- testdisk
- libafflib-dev
- libewf-dev
- libvhdi-dev
- libvmdk-dev
autopsy:
after: [sleuthkit]
# information on packages here: https://snapcraft.io/docs/package-repositories
build-packages:
- zip
- unzip
- openjdk-17-jdk
- openjdk-17-jre
- ant
- doxygen
stage-packages:
# lib heif reqs
- libheif-dev
- libde265-dev
# pg reqs
- libpq-dev
- testdisk
# libgstreamer additional plugin reqs that aren't in gnome package extension: https://snapcraft.io/docs/gnome-extension, https://github.com/ubuntu/gnome-sdk/blob/gnome-42-2204/snapcraft.yaml
- gstreamer1.0-plugins-bad
- gstreamer1.0-plugins-ugly
- gstreamer1.0-libav
# java req
- openjdk-17-jre
# needed by solr to determine locally running ports
- lsof
plugin: nil
source: https://github.com/sleuthkit/autopsy.git
source-branch: develop
build-environment:
- JAVA_HOME: /usr/lib/jvm/java-17-openjdk-amd64
- TSK_JAVA_LIB_PATH: $SNAPCRAFT_STAGE/usr/local/share/java
# information on parts environment variables here: https://snapcraft.io/docs/parts-environment-variables
override-build: |
# ----- BUILD ZIP -----
AUTOPSY_SRC_PATH=$(pwd)
NETBEANS_PLAT_VER=$(grep "netbeans-plat-version=" "$AUTOPSY_SRC_PATH/nbproject/platform.properties" | cut -d'=' -f2)
AUTOPSY_PLATFORM_PATH="$AUTOPSY_SRC_PATH/netbeans-plat/$NETBEANS_PLAT_VER"
AUTOPSY_HARNESS_PATH="$AUTOPSY_PLATFORM_PATH/harness"
export TSK_HOME="$HOME/parts/sleuthkit/build"
ant -Dnbplatform.active.dir="$AUTOPSY_PLATFORM_PATH" -Dnbplatform.default.harness.dir="$AUTOPSY_HARNESS_PATH" build build-zip
# ----- SETUP EXTRACT DIRECTORY -----
AUTOPSY_LOCATION="$SNAPCRAFT_PART_INSTALL/autopsy"
mkdir -p $AUTOPSY_LOCATION
AUTOPSY_ZIP=$(find ./dist -maxdepth 1 -name "autopsy-*.*.*.zip")
AUTOPSY_ZIP_TMP_LOC=./dist/autopsy_tmp_zip_loc
mkdir -p $AUTOPSY_ZIP_TMP_LOC
unzip $AUTOPSY_ZIP -d $AUTOPSY_ZIP_TMP_LOC
AUTOPSY_EXTRACTED_TMP_LOC=$(find $AUTOPSY_ZIP_TMP_LOC -maxdepth 1 -name "autopsy-*.*.*")
cp -r $AUTOPSY_EXTRACTED_TMP_LOC/* $AUTOPSY_LOCATION
# ----- RUN UNIX SETUP SCRIPT -----
UNIX_SETUP_SCRIPT="$AUTOPSY_LOCATION/unix_setup.sh"
chmod +x $UNIX_SETUP_SCRIPT
$UNIX_SETUP_SCRIPT
# snaps run applications with different permissions. This ensures applications can run.
chmod 755 "$AUTOPSY_LOCATION/bin/autopsy"
# wrapper to setup temp dir if not exists; also could be easily modified for debugging purposes with snap try: https://snapcraft.io/docs/snap-try
cat <<EOF > $AUTOPSY_LOCATION/bin/autopsywrapper.sh
#!/bin/bash
mkdir -p \$SNAP_USER_COMMON/tmp
echo Starting Autopsy...
\$SNAP/autopsy/bin/autopsy "\$@"
EOF
chmod 755 $AUTOPSY_LOCATION/bin/autopsywrapper.sh
# taken from https://github.com/ubuntu/gnome-recipes/blob/stable/snapcraft.yaml to clean out files present in core/extensions as well.
cleanup:
after: [autopsy]
plugin: nil
build-snaps: [core22, gtk-common-themes, gnome-42-2204]
override-prime: |
set -eux
for snap in "core22" "gtk-common-themes" "gnome-42-2204"; do
cd "/snap/$snap/current" && find . -type f,l -name *.so.* -exec rm -f "$CRAFT_PRIME/{}" \;
done
# remove cross-installed repeated libraries (in /usr/lib in the SDK, but in /usr/lib/TRIPLET
# here, and the opposite)
for snap in "core22" "gnome-42-2204"; do
cd "/snap/$snap/current/usr/lib"
for filename in [ *.so* ]; do
rm -f "$CRAFT_PRIME/usr/lib/$CRAFT_ARCH_TRIPLET/$filename"
done
cd "/snap/$snap/current/usr/lib/$CRAFT_ARCH_TRIPLET"
for filename in [ *.so* ]; do
rm -f "$CRAFT_PRIME/usr/lib/$filename"
done
done

2
snap/version_update/.gitignore vendored Normal file
View File

@ -0,0 +1,2 @@
/.idea
/venv

2
snap/version_update/requirements.txt Normal file
View File

@ -0,0 +1,2 @@
argparse==1.4.0
ruamel.yaml==0.17.21

75
snap/version_update/version_update.py Normal file
View File

@ -0,0 +1,75 @@
import sys
import argparse
import ruamel.yaml
from typing import Union
from os.path import join, dirname, abspath, realpath
SNAPCRAFT_YAML_PATH = join(dirname(dirname(abspath(realpath(__file__)))), 'snapcraft.yaml')
SLEUTHKIT_REPO = 'https://github.com/sleuthkit/sleuthkit.git'
AUTOPSY_REPO = 'https://github.com/sleuthkit/autopsy.git'
def update_versions(sleuthkit_version_tag: str,
autopsy_version_tag: str,
snapcraft_version: str,
snapcraft_yaml_path: Union[str, None],
sleuthkit_repo: Union[str, None],
autopsy_repo: Union[str, None]):
snapcraft_yaml_path = snapcraft_yaml_path if snapcraft_yaml_path is not None and len(
snapcraft_yaml_path.strip()) > 0 else SNAPCRAFT_YAML_PATH
sleuthkit_repo = sleuthkit_repo if sleuthkit_repo is not None and len(
sleuthkit_repo.strip()) > 0 else SLEUTHKIT_REPO
autopsy_repo = autopsy_repo if autopsy_repo is not None and len(
autopsy_repo.strip()) > 0 else AUTOPSY_REPO
yaml = ruamel.yaml.YAML()
with open(snapcraft_yaml_path) as snapcraft_file:
yaml_dict = yaml.load(snapcraft_file)
yaml_dict['version'] = snapcraft_version
yaml_dict['parts']['sleuthkit']['source'] = sleuthkit_repo
yaml_dict['parts']['sleuthkit']['source-tag'] = sleuthkit_version_tag
yaml_dict['parts']['sleuthkit'].pop('source-branch', None)
yaml_dict['parts']['autopsy']['source'] = autopsy_repo
yaml_dict['parts']['autopsy']['source-tag'] = autopsy_version_tag
yaml_dict['parts']['autopsy'].pop('source-branch', None)
with open(snapcraft_yaml_path, "w") as snapcraft_file:
yaml.dump(yaml_dict, snapcraft_file)
def main():
parser = argparse.ArgumentParser(
description="Updates snapcraft.yml file with current versions of autopsy and sleuthkit",
formatter_class=argparse.ArgumentDefaultsHelpFormatter)
parser.add_argument('-s', '--sleuthkit_tag', required=True, dest='sleuthkit_version_tag', type=str,
help='The git tag to use for sleuthkit.')
parser.add_argument('-a', '--autopsy_tag', required=True, dest='autopsy_version_tag', type=str,
help='The git tag to use for autopsy.')
parser.add_argument('-v', '--version', required=True, dest='snapcraft_version', type=str,
help='Version for snapcraft metadata.')
parser.add_argument('-p', '--snapcraft_path', dest='snapcraft_yaml_path', type=str, default=SNAPCRAFT_YAML_PATH,
help='Path to snapcraft.yaml.')
parser.add_argument('--sleuthkit_repo', dest='sleuthkit_repo', type=str, default=SLEUTHKIT_REPO,
help='Location of sleuthkit repo.')
parser.add_argument('--autopsy_repo', dest='autopsy_repo', type=str, default=AUTOPSY_REPO,
help='Location of sleuthkit repo.')
args = parser.parse_args()
update_versions(
sleuthkit_version_tag=args.sleuthkit_version_tag,
autopsy_version_tag=args.autopsy_version_tag,
snapcraft_version=args.snapcraft_version,
snapcraft_yaml_path=args.snapcraft_yaml_path,
sleuthkit_repo=args.sleuthkit_repo,
autopsy_repo=args.autopsy_repo
)
if __name__ == '__main__':
main()