publish flatpak package#8014
Open
overcuriousity wants to merge 7 commits intosleuthkit:developfrom
Open
Conversation
Introduces org.sleuthkit.Autopsy.yaml (flatpak-builder manifest) and supporting files to produce a distributable .flatpak bundle without Flathub involvement, mirroring how the Snap is released as a GitHub Release asset. Key design choices: - Runtime: org.freedesktop.Platform//25.08 + openjdk17 SDK extension - All 5 forensics libs (libewf-legacy, libafflib, libvmdk, libvhdi, libvslvm) and testdisk built from source with release tarballs - Sleuth Kit built offline: all 13 Maven deps + case-uco deps declared as manifest sources with verified SHA256 checksums - Autopsy ant build-zip requires --share=network (NetBeans platform download is too large to pre-bundle); resulting bundle installs offline - TSK_HOME stub persisted to /app/tsk-build/ so the autopsy module can find the TSK JARs across module boundaries - Requires ≥20 GB free disk space on the build machine Remaining open issue: the Autopsy ZIP extraction step ran out of space in the previous test run; fixed by extracting to /app/ directly instead of /tmp/ (which has limited space in the flatpak overlay). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Fix CI runtime mismatch: workflow installed 24.08 but manifest requires 25.08 - Add /app/jdk symlink in openjdk module: install.sh puts JDK at /app/jre but jdkhome/JAVA_HOME env vars point to /app/jdk; without the symlink the app exits immediately with "Cannot find java" - Fix metainfo: remove placeholder <screenshots> block (no image URL); update release entry to 4.21.0 with a real GitHub release URL - Fix desktop file: use System;Security; categories to silence desktop-file-validate hint (Security is an XDG additional category that pairs with System/Settings) - Add Flatpak install section to Running_Linux_OSX.md alongside Snap entry - Add version-update instructions to flatpak/README.md for maintainers Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
unix_setup.sh checks for photorec via `command -v photorec`. The testdisk module installs photorec to /app/bin, but the global build PATH only included /usr/lib/sdk/openjdk17/bin, /app/ant/bin, /usr/bin, and /bin — so the check failed and the autopsy module exited with code 1. Adding /app/bin fixes it. Verified: clean flatpak-builder run completes successfully and the installed Flatpak launches the GUI without errors. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (3)
✅ Files skipped from review due to trivial changes (2)
🚧 Files skipped from review as they are similar to previous changes (1)
📝 WalkthroughWalkthroughAdds Flatpak packaging and distribution: a complete Flatpak manifest and modules to build native deps and Autopsy, runtime integration files (wrapper, desktop entry, AppStream metainfo, icon), CI workflow to build and upload a single-file ChangesFlatpak Packaging for Autopsy
Sequence Diagram(s)sequenceDiagram
participant Dev as Developer
participant GH as GitHub Actions
participant Runner as Runner (ubuntu-latest)
participant Flatpak as Flatpak tooling
participant Flathub as Flathub remote
participant Release as GitHub Releases / Artifact store
Dev->>GH: push tag autopsy-* or trigger workflow_dispatch
GH->>Runner: start build job
Runner->>Flatpak: apt-get install flatpak & flatpak-builder
Runner->>Flathub: add flathub remote (user scope)
Runner->>Flatpak: install Platform/SDK and openjdk17 extension
Runner->>Flatpak: flatpak-builder --user --force-clean --repo=repo build-dir org.sleuthkit.Autopsy.yaml
Flatpak-->>Runner: produce build-dir and repo
Runner->>Flatpak: flatpak build-bundle --runtime-repo=https://flathub.org/repo/flathub.flatpakrepo repo autopsy.flatpak
alt tag build
Runner->>Release: upload autopsy.flatpak to GitHub Release
else manual run
Runner->>Release: upload autopsy.flatpak as workflow artifact (14d)
end
Estimated code review effort🎯 4 (Complex) | ⏱️ ~45 minutes Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Tip 💬 Introducing Slack Agent: The best way for teams to turn conversations into code.Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.
Built for teams:
One agent for your entire SDLC. Right inside Slack. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Review rate limit: 6/8 reviews remaining, refill in 7 minutes and 58 seconds.Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
🧹 Nitpick comments (1)
flatpak/README.md (1)
31-46: ⚡ Quick winThe build and bundle commands don't produce/use the same repo.
flatpak-builderonly exports to a repository when you pass--repo(or installs locally with--install). As written, readers build intobuild-dirand then immediately try to bundle~/.local/share/flatpak/repo, which this sequence never populated. Mirror the workflow here and bundle the repo you just exported. (docs.flatpak.org)Suggested doc fix
- flatpak-builder --force-clean build-dir org.sleuthkit.Autopsy.yaml + flatpak-builder --force-clean --repo=repo build-dir org.sleuthkit.Autopsy.yaml- flatpak build-bundle ~/.local/share/flatpak/repo autopsy.flatpak org.sleuthkit.Autopsy + flatpak build-bundle repo autopsy.flatpak org.sleuthkit.Autopsy🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@flatpak/README.md` around lines 31 - 46, The README shows flatpak-builder writing to build-dir but build-bundle using ~/.local/share/flatpak/repo; update the workflow so the same repo is produced and consumed: run flatpak-builder with --repo <repo-path> (or use --install) when creating the build output (instead of only writing to build-dir), and then call build-bundle against that same <repo-path> (or document the --install alternative) so the build-bundle command (autopsy.flatpak, org.sleuthkit.Autopsy) points to the repository actually produced by flatpak-builder.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/workflows/build-flatpak.yml:
- Around line 13-15: The workflow job named "build" (name: Build Flatpak bundle)
currently uses runs-on: ubuntu-latest which only provides ~14GB and will exhaust
during the Flatpak build; either change the runs-on to a self-hosted runner with
≥20GB available or add explicit pre-build disk cleanup steps to free space
(e.g., remove apt cache, prune Docker images/containers, delete large temp
files) before the Flatpak download/compile steps so the NetBeans platform and
Autopsy compilation have ≥20GB free.
- Around line 47-48: The flatpak bundle created by the existing flatpak
build-bundle command (the "Create single-file bundle" step invoking flatpak
build-bundle repo autopsy.flatpak org.sleuthkit.Autopsy) won’t allow runtime
resolution on first install on a clean system; modify that invocation to include
the --runtime-repo option (pointing at the same repo) so Flatpak can fetch
missing runtimes during installation (e.g., add --runtime-repo=repo to the
flatpak build-bundle command that produces autopsy.flatpak).
---
Nitpick comments:
In `@flatpak/README.md`:
- Around line 31-46: The README shows flatpak-builder writing to build-dir but
build-bundle using ~/.local/share/flatpak/repo; update the workflow so the same
repo is produced and consumed: run flatpak-builder with --repo <repo-path> (or
use --install) when creating the build output (instead of only writing to
build-dir), and then call build-bundle against that same <repo-path> (or
document the --install alternative) so the build-bundle command
(autopsy.flatpak, org.sleuthkit.Autopsy) points to the repository actually
produced by flatpak-builder.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 92663d61-f27c-4a88-b697-0cbd12e0e451
📒 Files selected for processing (8)
.github/workflows/build-flatpak.yml.gitignoreRunning_Linux_OSX.mdflatpak/README.mdflatpak/autopsywrapper.shflatpak/org.sleuthkit.Autopsy.desktopflatpak/org.sleuthkit.Autopsy.metainfo.xmlorg.sleuthkit.Autopsy.yaml
The freedesktop Platform runtime 25.08 does not include perl; it is only in the SDK. ExtractRegistry.java checks /usr/bin/perl and /usr/local/bin/perl and throws "perl not found" if neither exists, aborting ingest. Fix: - Add a perl module that copies the binary, libperl.so, and stdlib from the SDK into /app/bin/ and /app/lib/ at build time - Add PERL5LIB finish-arg so perl finds its standard modules at runtime - Patch ExtractRegistry.java before the ant build to also check /app/bin/perl regripper's Parse::Win32Registry module is already bundled in the rr/ directory and loaded via -I, so no additional CPAN modules are needed. Removes "Recent Activity module is non-functional" from known limitations. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
There was a problem hiding this comment.
🧹 Nitpick comments (3)
org.sleuthkit.Autopsy.yaml (3)
125-145: 💤 Low valueConsider consolidating hardcoded version strings.
The Sleuth Kit version
4.15.0and dependency versions appear in multiple places throughout this module (tag on line 130, filenames on lines 238-244, etc.). When upgrading, each location must be updated manually, which is error-prone.Since YAML anchors aren't well-suited for string interpolation in Flatpak manifests, consider adding a version reference comment at the top of the sleuthkit module listing all versions that must stay synchronized, to ease future updates.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@org.sleuthkit.Autopsy.yaml` around lines 125 - 145, The sleuthkit module has multiple hardcoded version strings (e.g., tag: sleuthkit-4.15.0 and artifact filenames ivy-2.5.0.jar, joda-time-2.13.1.jar, guava-33.4.0-jre.jar); add a single, clearly labeled comment block at the top of the sleuthkit module listing each required version (SLEUTHKIT, IVY, JODA_TIME, GUAVA) so maintainers can update them in one place and cross-check updates against the tag and dest-filename entries (leave the code unchanged, just add the comment with the canonical version values).
42-42: 💤 Low valuePerl version hardcoded in PERL5LIB path.
The Perl version
5.42is hardcoded here and must match the SDK's Perl version. Iforg.freedesktop.Sdkupdates to a newer Perl version, this path will break silently at runtime (Perl won't find its standard modules).Consider extracting the version dynamically or documenting this dependency prominently in the README so future SDK updates don't cause hard-to-debug failures.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@org.sleuthkit.Autopsy.yaml` at line 42, The PERL5LIB entry currently hardcodes "5.42" which will break if org.freedesktop.Sdk's Perl changes; update the YAML so PERL5LIB is constructed dynamically (or omits the versioned directories) instead of embedding "5.42", e.g. derive the Perl version from the build environment/SDK or use an environment variable (e.g. PERL_VERSION) during image build, and update README to document the required SDK/Perl contract; locate the PERL5LIB string in the YAML and replace the hardcoded segments with a dynamic substitution or non-versioned paths and add a short note in the README about the Perl version requirement.
246-255: 💤 Low valuePerl version coupling with SDK.
The paths on lines 252-253 hardcode Perl version
5.42. This must stay synchronized with the PERL5LIB environment variable on line 42 and the SDK's actual Perl version.The comment on lines 246-247 is helpful context. Consider adding a note about the version coupling so future maintainers know to check all three locations (PERL5LIB, libperl.so path, perl5 stdlib path) when the SDK updates.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@org.sleuthkit.Autopsy.yaml` around lines 246 - 255, The YAML currently hardcodes Perl version "5.42" in the libperl.so and stdlib paths which will drift from the PERL5LIB env var; update the perl package block to avoid a hardcoded version by introducing and using a single PERL_VERSION variable (or template token) for the paths used in the install commands (so the lib path and the /usr/lib/perl5/ stdlib path both reference PERL_VERSION), ensure PERL5LIB is set from that same PERL_VERSION, and add a clear comment in the perl section noting the coupling between PERL5LIB, the libperl.so path, and the perl5 stdlib path so future maintainers update all three (PERL_VERSION, PERL5LIB, and the two install paths) when the SDK Perl version changes.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Nitpick comments:
In `@org.sleuthkit.Autopsy.yaml`:
- Around line 125-145: The sleuthkit module has multiple hardcoded version
strings (e.g., tag: sleuthkit-4.15.0 and artifact filenames ivy-2.5.0.jar,
joda-time-2.13.1.jar, guava-33.4.0-jre.jar); add a single, clearly labeled
comment block at the top of the sleuthkit module listing each required version
(SLEUTHKIT, IVY, JODA_TIME, GUAVA) so maintainers can update them in one place
and cross-check updates against the tag and dest-filename entries (leave the
code unchanged, just add the comment with the canonical version values).
- Line 42: The PERL5LIB entry currently hardcodes "5.42" which will break if
org.freedesktop.Sdk's Perl changes; update the YAML so PERL5LIB is constructed
dynamically (or omits the versioned directories) instead of embedding "5.42",
e.g. derive the Perl version from the build environment/SDK or use an
environment variable (e.g. PERL_VERSION) during image build, and update README
to document the required SDK/Perl contract; locate the PERL5LIB string in the
YAML and replace the hardcoded segments with a dynamic substitution or
non-versioned paths and add a short note in the README about the Perl version
requirement.
- Around line 246-255: The YAML currently hardcodes Perl version "5.42" in the
libperl.so and stdlib paths which will drift from the PERL5LIB env var; update
the perl package block to avoid a hardcoded version by introducing and using a
single PERL_VERSION variable (or template token) for the paths used in the
install commands (so the lib path and the /usr/lib/perl5/ stdlib path both
reference PERL_VERSION), ensure PERL5LIB is set from that same PERL_VERSION, and
add a clear comment in the perl section noting the coupling between PERL5LIB,
the libperl.so path, and the perl5 stdlib path so future maintainers update all
three (PERL_VERSION, PERL5LIB, and the two install paths) when the SDK Perl
version changes.
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 6d42225a-dc3b-4624-bec0-a4d303749a6d
📒 Files selected for processing (3)
flatpak/README.mdflatpak/org.sleuthkit.Autopsy.metainfo.xmlorg.sleuthkit.Autopsy.yaml
✅ Files skipped from review due to trivial changes (1)
- flatpak/org.sleuthkit.Autopsy.metainfo.xml
🚧 Files skipped from review as they are similar to previous changes (1)
- flatpak/README.md
Add jlumbroso/free-disk-space step so the NetBeans platform download and Autopsy compilation fit on ubuntu-latest's ~14 GB volume. Pass --runtime-repo=flathub to flatpak build-bundle so first-time installs on clean systems can fetch org.freedesktop.Platform//25.08. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Silences GitHub Actions Node.js 20 deprecation warnings ahead of the forced upgrade in June 2026. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Exec=org.sleuthkit.Autopsy is invalid: Flatpak rewrites the host-exported .desktop Exec to "flatpak run --command=<first-token> ... <app-id>", and there is no command literally named org.sleuthkit.Autopsy in the sandbox. Terminal "flatpak run" worked because it used the manifest's command: field directly. Set Exec to autopsywrapper.sh, symlink it into /app/bin so it resolves on the runtime PATH, and update command: to match. Also bump metainfo to 4.23.0 (matches app.version in nbproject). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR introduces a guthub action and yaml build files which allow the application to be built as a flatpak application, complementing the existing snap package. This provides an option to get a bundled easy install option for users who cannot use snap.
Building the flatpak bundle was tested on a machine running Fedora 43, produced a working flatpak application which could be installed with the KDE discover flatpak wrapper.
Summary by CodeRabbit
New Features
Documentation
Chores