publish flatpak package

.github/workflows/build-flatpak.yml

@@ -0,0 +1,79 @@
+name: Build Flatpak Bundle
+
+# Mirrors the Snap distribution model: builds on deliberate tags and on-demand.
+# On a tag push: the .flatpak bundle is attached to the GitHub Release.
+# On workflow_dispatch: the bundle is uploaded as a workflow artifact.
+on:
+  push:
+    tags:
+      - 'autopsy-*'
+  workflow_dispatch:
+
+jobs:
+  build:
+    name: Build Flatpak bundle
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout source
+        uses: actions/checkout@v5
+
+      # ubuntu-latest only ships ~14 GB free; the NetBeans platform download,
+      # Autopsy compilation, and flatpak overlay together need ≥20 GB.
+      - name: Free disk space
+        uses: jlumbroso/free-disk-space@main
+        with:
+          tool-cache: true
+          android: true
+          dotnet: true
+          haskell: true
+          large-packages: true
+          docker-images: true
+          swap-storage: true
+
+      - name: Install Flatpak and flatpak-builder
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y flatpak flatpak-builder
+
+      - name: Add Flathub remote (provides runtime and SDK)
+        run: |
+          flatpak remote-add --user --if-not-exists \
+            flathub https://dl.flathub.org/repo/flathub.flatpakrepo
+
+      - name: Install Flatpak runtime and SDK
+        run: |
+          flatpak install --user --noninteractive \
+            org.freedesktop.Platform//25.08 \
+            org.freedesktop.Sdk//25.08 \
+            org.freedesktop.Sdk.Extension.openjdk17//25.08
+
+      - name: Build Flatpak
+        run: |
+          flatpak-builder \
+            --user \
+            --force-clean \
+            --repo=repo \
+            build-dir \
+            org.sleuthkit.Autopsy.yaml
+
+      # --runtime-repo embeds the Flathub repo URL so first-time installs on
+      # clean systems can fetch the required org.freedesktop.Platform runtime.
+      - name: Create single-file bundle
+        run: |
+          flatpak build-bundle repo autopsy.flatpak org.sleuthkit.Autopsy \
+            --runtime-repo=https://flathub.org/repo/flathub.flatpakrepo
+
+      - name: Upload bundle as release asset
+        if: startsWith(github.ref, 'refs/tags/')
+        uses: softprops/action-gh-release@v2
+        with:
+          files: autopsy.flatpak
+
+      - name: Upload bundle as workflow artifact
+        if: github.event_name == 'workflow_dispatch'
+        uses: actions/upload-artifact@v5
+        with:
+          name: autopsy-flatpak
+          path: autopsy.flatpak
+          retention-days: 14

.gitignore

@@ -114,3 +114,8 @@ hs_err_pid*.log
 /Tools/autopsy-mcp-stdio/dist/
 
 .claude
+
+# Flatpak build artifacts
+build-dir/
+.flatpak-builder/
+*.flatpak

Running_Linux_OSX.md

@@ -1,5 +1,15 @@
 # Overview
-For Linux systems that [support snapd](https://snapcraft.io/docs/installing-snapd), there is currently the option to install Autopsy from the [snap package](#install-autopsy-snap).  Otherwise, when installing on Debian-based Linux or macOS systems, there are three general steps: [installing prerequisites](#installing-prerequisites), [installing The Sleuth Kit](#installing-the-sleuth-kit), and [installing Autopsy](#installing-autopsy) itself.  On macOS, you will want to [setup the JNA paths](#setup-macos-jna-paths).
+For Linux systems, Autopsy can be installed as a [Flatpak bundle](#install-autopsy-flatpak) or as a [Snap package](#install-autopsy-snap).  Flatpak is the recommended option for distributions that do not support snapd.  Otherwise, when installing on Debian-based Linux or macOS systems, there are three general steps: [installing prerequisites](#installing-prerequisites), [installing The Sleuth Kit](#installing-the-sleuth-kit), and [installing Autopsy](#installing-autopsy) itself.  On macOS, you will want to [setup the JNA paths](#setup-macos-jna-paths).
+
+# Install Autopsy Flatpak
+Autopsy is available as a self-contained [Flatpak](https://flatpak.org/) bundle.  Download the `autopsy.flatpak` file from the [release section](https://github.com/sleuthkit/autopsy/releases) and install it with:
+
+```sh
+flatpak install --user autopsy.flatpak
+flatpak run org.sleuthkit.Autopsy
+```
+
+See the [Flatpak README](./flatpak/README.md) for build instructions, known limitations, and permission notes.
 
 # Install Autopsy Snap
 Autopsy comes in a [Snap package](https://snapcraft.io/about).  See the [Snap README](./snap/README.md) for installation instructions and more information.

flatpak/README.md

@@ -0,0 +1,117 @@
+# Autopsy Flatpak
+
+Packages Autopsy as a distributable Flatpak bundle (`.flatpak` file) for direct installation on
+Linux systems. The bundle is self-contained and can be installed and run fully offline once built.
+
+## Distribution
+
+This package targets direct distribution (not Flathub). The `.flatpak` bundle is attached as a
+release asset to GitHub Releases, similar to how the Snap is distributed.
+
+## Prerequisites (build machine)
+
+- `flatpak` and `flatpak-builder` installed
+- Flathub remote added (provides the runtime and SDK):
+  ```sh
+  flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
+  ```
+- `org.freedesktop.Platform//25.08`, `org.freedesktop.Sdk//25.08`, and
+  `org.freedesktop.Sdk.Extension.openjdk17//25.08` installed:
+  ```sh
+  flatpak install flathub org.freedesktop.Platform//25.08 org.freedesktop.Sdk//25.08 \
+    org.freedesktop.Sdk.Extension.openjdk17//25.08
+  ```
+- Internet access during the build (needed for downloading the NetBeans platform and Autopsy
+  Maven dependencies; the resulting bundle installs and runs offline)
+- **≥ 20 GB of free disk space** on the build machine — the NetBeans platform download, the
+  Autopsy compilation, and the intermediate flatpak overlay together require significant space
+
+## Build
+
+From the repository root:
+
+```sh
+flatpak-builder --force-clean build-dir org.sleuthkit.Autopsy.yaml
+```
+
+Build time is typically 15–30 minutes (dominated by the NetBeans platform download and Autopsy
+compilation). All Sleuth Kit Maven dependencies are pre-declared in the manifest with verified
+SHA256 checksums and need no network access. The Autopsy `ant build-zip` step does require
+network to download the NetBeans platform (~100 MB) and Autopsy's own dependency tree.
+
+## Bundle and install
+
+```sh
+# Create a single-file distributable bundle
+flatpak build-bundle ~/.local/share/flatpak/repo autopsy.flatpak org.sleuthkit.Autopsy
+
+# Install from the bundle (no network needed)
+flatpak install --user autopsy.flatpak
+
+# Run
+flatpak run org.sleuthkit.Autopsy
+```
+
+## Updating versions for a new release
+
+When cutting a new Autopsy release, update the following locations in `org.sleuthkit.Autopsy.yaml`:
+
+1. **Sleuth Kit tag** — under the `sleuthkit` module's `sources`, change the `tag:` field (e.g.
+   `sleuthkit-4.15.0`) and update the `sleuthkit-*.jar` filenames referenced in `build-commands`.
+2. **Sleuth Kit Maven JARs** — if TSK's Java binding dependencies changed, update the `url`/`sha256`
+   entries under the `sleuthkit` module's `sources`. Checksums can be verified with
+   `sha256sum <downloaded-jar>`.
+3. **Metainfo release entry** — add a new `<release>` block at the top of the `<releases>` list in
+   `flatpak/org.sleuthkit.Autopsy.metainfo.xml` with the correct version and date.
+
+The CI workflow (`build-flatpak.yml`) builds and attaches `autopsy.flatpak` to the GitHub Release
+automatically when a tag matching `autopsy-*` is pushed.
+
+## CI / GitHub Actions
+
+`.github/workflows/build-flatpak.yml` builds the bundle automatically on tag pushes
+(`autopsy-*`) and on manual dispatch. The resulting `autopsy.flatpak` is attached to the
+GitHub Release when triggered by a tag.
+
+## Design decisions
+
+### Runtime
+`org.freedesktop.Platform//25.08` with `org.freedesktop.Sdk.Extension.openjdk17` — avoids
+bundling a full JRE by using the SDK extension mechanism. JDK 17 is required by Autopsy.
+
+### Network during build
+The manifest sets `build-args: [--share=network]` globally. This is necessary because:
+- Autopsy's `ant build-zip` downloads the Apache NetBeans platform at build time
+- Pre-bundling all NetBeans modules individually would be impractical (hundreds of JARs)
+
+All Sleuth Kit Maven dependencies (13 JARs) ARE pre-bundled in the manifest with SHA256
+checksums, so the Sleuth Kit module builds fully offline.
+
+### Permissions
+`--device=all` is required for forensics work (raw block device access). Users may additionally
+need to run Autopsy with appropriate OS group membership (e.g., `disk` group) to access local
+disks in the `/dev/` directory.
+
+### Hugepages (Solr)
+Flatpak cannot grant access to `/sys/kernel/mm/hugepages`. Solr runs without hugepages, which
+is a performance trade-off only (not a functional blocker).
+
+## Known limitations
+
+Inherited from Autopsy's Linux support:
+- LEAPP processors are non-functional
+- HEIF image processing is unavailable
+- Video thumbnails are unavailable
+
+## Module build order
+
+1. `openjdk` — installs JDK 17 from the SDK extension into `/app/jre`, then symlinks `/app/jdk → /app/jre` (Autopsy's launcher resolves `jdkhome` via this path)
+2. `ant` — installs Apache Ant 1.10.15 into `/app/ant`
+3. `libewf` (legacy) — E01 forensics image support
+4. `libafflib` — AFF forensics format support
+5. `libvmdk` — VMware disk image support
+6. `libvhdi` — VHD disk image support
+7. `libvslvm` — LVM volume support
+8. `testdisk` — provides `photorec` (required by `unix_setup.sh`)
+9. `sleuthkit` — native TSK libraries + Java bindings (offline Maven build)
+10. `autopsy` — Autopsy itself, built from local source via `ant build-zip`

flatpak/autopsywrapper.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+# Ensure Autopsy's tmp dir exists before launch (mirrors Snap wrapper behaviour).
+mkdir -p "${XDG_RUNTIME_DIR:-/tmp}/autopsy-tmp"
+exec /app/autopsy/bin/autopsy "$@"

flatpak/org.sleuthkit.Autopsy.desktop

@@ -0,0 +1,10 @@
+[Desktop Entry]
+Name=Autopsy
+Comment=A graphical interface to The Sleuth Kit and other digital forensics tools.
+GenericName=DFIR Tool
+Exec=autopsywrapper.sh
+Icon=org.sleuthkit.Autopsy
+Type=Application
+Categories=System;Security;
+Keywords=autopsy;sleuth;kit;dfir;forensics;
+StartupNotify=true

flatpak/org.sleuthkit.Autopsy.metainfo.xml

@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<component type="desktop-application">
+  <id>org.sleuthkit.Autopsy</id>
+  <metadata_license>CC0-1.0</metadata_license>
+  <project_license>Apache-2.0</project_license>
+  <name>Autopsy</name>
+  <summary>Extensible digital forensics platform</summary>
+  <description>
+    <p>
+      Autopsy® is the premier open source forensics platform which is fast,
+      easy-to-use, and capable of analyzing all types of mobile devices and
+      digital media. Its plug-in architecture enables extensibility from
+      community-developed or custom-built modules. Autopsy evolves to meet the
+      needs of hundreds of thousands of professionals in law enforcement,
+      national security, litigation support, and corporate investigation.
+    </p>
+    <p>
+      Note: Due to the system access necessary for Autopsy to perform forensics
+      work, this Flatpak uses --device=all to access block devices. Raw disk
+      access may additionally require running with appropriate OS permissions
+      (e.g., membership in the disk group).
+    </p>
+    <p>Known limitations on Linux compared to Windows:</p>
+    <ul>
+      <li>LEAPP processors are non-functional</li>
+      <li>HEIF image processing is unavailable</li>
+      <li>Video thumbnails are unavailable</li>
+    </ul>
+  </description>
+  <url type="homepage">https://www.autopsy.com/</url>
+  <url type="bugtracker">https://github.com/sleuthkit/autopsy/issues</url>
+  <url type="vcs-browser">https://github.com/sleuthkit/autopsy</url>
+  <categories>
+    <category>Science</category>
+    <category>Security</category>
+  </categories>
+  <keywords>
+    <keyword>forensics</keyword>
+    <keyword>dfir</keyword>
+    <keyword>sleuthkit</keyword>
+    <keyword>disk</keyword>
+  </keywords>
+  <releases>
+    <release version="4.23.0" date="2025-09-15">
+      <description>
+        <p>See the GitHub release page for full release notes.</p>
+      </description>
+      <url>https://github.com/sleuthkit/autopsy/releases/tag/autopsy-4.23.0</url>
+    </release>
+  </releases>
+  <content_rating type="oars-1.1"/>
+</component>