Jammy support

[digitalsleuth]

This PR contains a LOT of changes to update compatibility for Jammy. Some of the issues encountered along the way:

• e2fslibs-dev
• exfat-utils
• libewf-python
• liblightgrep
• sleuthkit
• xmount
• imagemounter
• INDXParse
• knocker
• flasm

All of these packages either conflicted with the sleuthkit build due to package versioning from the APT repo as compared to the SIFT (since it was originally in the SIFT repo), or some packages are just not available on Jammy.

For INDXParse, the python3-wxgtk3 package is a Python 2 package and not available in Jammy (since INDXParse is a Python 2 script). If this is still desired, I have started converting it to Python3 and can finish it. Otherwise, I might make it a pet project down the road.

The terminal and theme states had to be modified to adjust the reading of the DBUS_SESSION_BUS_ADDRESS because dbus-x11 (which includes dbus-launch) is not available in Jammy by default. As such, the rendering of the Jinja in these states would try to render the {{ dbus_launch }}, but insert the error message instead. During runtime, the state would not run because the Jinja had been replaced by the error message and not the dbus-launch command which gets installed AFTER the rendering.

• Workaround: add a terminal.sh and background.sh script in the users .config directory which contained no Jinja, then execute those scripts, which required the dbus-x11 package to be installed first.

The python3-plaso state had to have some adjustments as well, and part of this is as a result of the sleuthkit / libewf issues mentioned above.

I've removed Bionic and Xenial completely from the build, and adjusted the repos to reflect this (ie: removed the unused and no longer necessary).

I've added the Dockerfile which I've used to generate the server mode tests, and ran the remaining tests for desktop in an Ubuntu 22.04 VM.

The final two changes which were newly added were:

• python3-debian re-install: since there seems to be an issue with it in both Focal and Jammy which causes an immediate crash on boot. The re-install of this fixes the crash
• python3-keyring - Both in Focal and Jammy, when python3 first starts installing packages using pip, the KDE Wallet window pops up every time a package gets installed. This state will prevent the popup, and only configures the environment and the keyring setup if a keyring config file does not exist (thus, no impact to the user who does have a config).

Configurations tested on both jammy and focal dockers, as well as jammy and focal VM's (with desktop environment).

[ekristen]

libewf-python is dead. py2 is dead, not sure if there's a py3 variant, not that I can see.

[ekristen]

liblightgrep and sleuthkit are now in the sift dev ppa repo.

[digitalsleuth]

Libewf-python has a Python3 variant, but its current build is for Python 3.9 (Focal ships with 3.8).

[ekristen]

Looks like libewf-python3 in https://launchpad.net/%7Egift/+archive/ubuntu/dev/+packages?field.name_filter=ewf&field.status_filter=published&field.series_filter=

[ekristen]

liblightgrep and sleuthkit are now in the sift dev ppa repo.

these are built with the latest libewf and more from the gift repository.

[digitalsleuth]

Since these are all in the dev PPA's, should we split out the sift and gift repos and add both stable and dev for each? So instead of the SIFT repo with a pillar-based IF, we can just have sift-stable and sift-dev. The same would go for GIFT. That way it would be more transparent.

[ekristen]

Can't add both, sift_version pillar controls stable vs dev for both sift and gift. Just use that pillar.

[ekristen]

@digitalsleuth I'm going to pull this branch into this main repo, I can then give you access to it or you can open Prs against it until we are ready to merge.

[digitalsleuth]

Sounds good!

[ekristen]

Superseded by #80