Unverified Commit f33202a2 authored by intrigeri's avatar intrigeri
Browse files

Merge remote-tracking branch 'origin/web/release-4.18'

parents 35b0e892 1a10293f
......@@ -38,7 +38,6 @@ EXPORTED_VARIABLES = [
'TAILS_ACNG_PROXY',
'TAILS_BUILD_FAILURE_RESCUE',
'TAILS_DATE_OFFSET',
'TAILS_MERGE_BASE_BRANCH',
'TAILS_OFFLINE_MODE',
'TAILS_PROXY',
'TAILS_PROXY_TYPE',
......@@ -298,9 +297,16 @@ task :parse_build_options do
$keep_running = true
ENV['TAILS_BUILD_FAILURE_RESCUE'] = '1'
# Jenkins
when 'mergebasebranch'
ENV['TAILS_MERGE_BASE_BRANCH'] = '1'
when 'nomergebasebranch'
$skip_mergebasebranch = true
else
# Handle jenkins passing the now obsolete mergebasebranch.
# XXX: the commit adding this comment should be reverted
# once jenkins stops passing the mergebasebranch option.
if opt == 'mergebasebranch' && on_jenkins?
warn "The 'mergebasebranch' option is obsolete!"
next
end
raise "Unknown Tails build option '#{opt}'"
end
end
......@@ -409,6 +415,38 @@ task setup_environment: ['validate_git_state'] do
end
end
task merge_base_branch: ['parse_build_options', 'setup_environment'] do
next if $skip_mergebasebranch
branch = git_helper('git_current_branch')
base_branch = git_helper('base_branch')
source_date_faketime = `date --utc --date="$(dpkg-parsechangelog --show-field=Date)" '+%Y-%m-%d %H:%M:%S'`.chomp
next if releasing? || branch == base_branch
commit_before_merge = git_helper('git_current_commit')
warn "Merging base branch '#{base_branch}' (at commit " \
"#{ENV['BASE_BRANCH_GIT_COMMIT']}) ..."
begin
run_command('faketime', '-f', source_date_faketime, \
'git', 'merge', '--no-edit', ENV['BASE_BRANCH_GIT_COMMIT'])
rescue CommandError
run_command('git', 'merge', '--abort')
raise <<-END_OF_MESSAGE.gsub(/^ /, '')
There were conflicts when merging the base branch; either
merge it yourself and resolve conflicts, or skip this merge
by rebuilding with the 'nomergebasebranch' option.
END_OF_MESSAGE
end
run_command('git', 'submodule', 'update', '--init')
# If we actually merged anything we'll re-run rake in the new Git
# state in order to avoid subtle build errors due to mixed state.
next if commit_before_merge == git_helper('git_current_commit')
ENV['TAILS_BUILD_OPTIONS'] = (ENV['TAILS_BUILD_OPTIONS'] || '') + \
' nomergebasebranch'
Kernel.exec('rake', *ARGV)
end
task :maybe_clean_up_builder_vms do
clean_up_builder_vms if $force_cleanup
end
......@@ -447,6 +485,7 @@ task build: [
'maybe_clean_up_builder_vms',
'validate_git_state',
'setup_environment',
'merge_base_branch',
'validate_http_proxy',
'ensure_correct_permissions',
'vm:up',
......
......@@ -21,14 +21,18 @@ else
fatal "SOURCE_DATE_EPOCH is not set. Exiting."
fi
# get git branch or tag so we can set the basename appropriately, i.e.:
# * if we build from a tag: tails-$ARCH-$TAG.iso
# * otherwise: tails-$ARCH-$BRANCH-$VERSION-$TIME-$COMMIT.iso
# get git branch or tag so we can set the basename appropriately.
GIT_BRANCH="$(git_current_branch)"
if [ -n "${GIT_BRANCH}" ]; then
CLEAN_GIT_BRANCH=$(echo "$GIT_BRANCH" | sed 's,/,_,g')
GIT_SHORT_ID="$(git_current_commit --short)"
BUILD_BASENAME="tails-amd64-${CLEAN_GIT_BRANCH}-${AMNESIA_VERSION}-${AMNESIA_NOW}-${GIT_SHORT_ID}"
BASE_BRANCH_PART=''
if [ "${GIT_BRANCH}" != "$(base_branch)" ]; then
CLEAN_GIT_BASE_BRANCH=$(base_branch | sed 's,/,_,g')
GIT_BASE_BRANCH_SHORT_ID="$(git rev-parse --verify --short $(git_base_branch_head))"
BASE_BRANCH_PART="+${CLEAN_GIT_BASE_BRANCH}@${GIT_BASE_BRANCH_SHORT_ID}"
fi
BUILD_BASENAME="tails-amd64-${CLEAN_GIT_BRANCH}@${GIT_SHORT_ID}${BASE_BRANCH_PART}-${AMNESIA_NOW}"
else
if git_on_a_tag; then
CLEAN_GIT_TAG=$(git_current_tag | tr '/-' '_~')
......@@ -40,30 +44,6 @@ else
fi
fi
GIT_BASE_BRANCH=$(base_branch) \
|| fatal "GIT_BASE_BRANCH could not be guessed."
if [ "${TAILS_MERGE_BASE_BRANCH:-}" = 1 ] && \
! git_on_a_tag && [ "$GIT_BRANCH" != "$GIT_BASE_BRANCH" ] ; then
[ -n "${BASE_BRANCH_GIT_COMMIT}" ] \
|| fatal "Base branch's top commit is not set."
echo "I: Merging base branch ${GIT_BASE_BRANCH}" \
"(at commit ${BASE_BRANCH_GIT_COMMIT})..."
faketime -f "${SOURCE_DATE_FAKETIME}" \
git merge --no-edit "${BASE_BRANCH_GIT_COMMIT}" \
|| fatal "Failed to merge base branch."
git submodule update --init
# Adjust BUILD_BASENAME to embed the base branch name and its top commit
CLEAN_GIT_BASE_BRANCH=$(echo "$GIT_BASE_BRANCH" | sed 's,/,_,g')
GIT_BASE_BRANCH_SHORT_ID=$(git rev-parse --verify --short "${BASE_BRANCH_GIT_COMMIT}")
[ -n "${GIT_BASE_BRANCH_SHORT_ID}" ] \
|| fatal "Base branch's top commit short ID could not be guessed."
BUILD_BASENAME="${BUILD_BASENAME}+${CLEAN_GIT_BASE_BRANCH}"
BUILD_BASENAME="${BUILD_BASENAME}@${GIT_BASE_BRANCH_SHORT_ID}"
fi
# save variables that lb build needs
mkdir -p tmp
echo "BUILD_BASENAME='${BUILD_BASENAME}'" > tmp/build_environment
......
......@@ -22,6 +22,7 @@ perl -ni \
| \A(?:lib/live/mount/overlay/rw/)?etc/skel/[.]config/autostart/end-profile[.]desktop\s
| \Alib/modules/.*/kernel/drivers/(?:cpufreq|net|thermal)/
| \Alib/modules/.*/kernel/net/
| \Ausr/share/pulseaudio/alsa-mixer/
| \Arun/
| \Avar/lib/AccountsService/users/Debian-gdm\s
| \Avar/lib/gdm3/[#]\d+\s
......
......@@ -12,7 +12,6 @@
export SOURCE_DATE_EPOCH="$(date --utc --date="$(dpkg-parsechangelog --show-field=Date)" +%s)"
export SOURCE_DATE_YYYYMMDD="$(date --utc --date="$(dpkg-parsechangelog --show-field=Date)" +%Y%m%d)"
export SOURCE_DATE_FAKETIME="$(date --utc --date="$(dpkg-parsechangelog --show-field=Date)" '+%Y-%m-%d %H:%M:%S')"
# Base for the string that will be passed to "lb config --bootappend-live"
AMNESIA_APPEND="live-media=removable nopersistence noprompt timezone=Etc/UTC splash noautologin module=Tails slab_nomerge slub_debug=FZP mce=0 vsyscall=none page_poison=1 init_on_free=1 mds=full,nosmt"
......
This diff is collapsed.
......@@ -71,6 +71,11 @@ Package: linux-compiler-* linux-headers-* linux-image-* linux-kbuild-* linux-sou
Pin: release o=Debian,n=buster-backports
Pin-Priority: 999
Explanation: freeze exception (#18266)
Package: linux-compiler-* linux-kbuild-*
Pin: origin deb.tails.boum.org
Pin-Priority: 1000
Explanation: src:live-boot (#15477)
Package: live-boot live-boot-doc live-boot-initramfs-tools
Pin: origin deb.tails.boum.org
......
......@@ -23,7 +23,7 @@ s{
/[0-9]{10} # serial
/?
(\s+)
}{$1tor+http://vwakviie2ienjx6t.onion/debian/$2}xms;
}{$1tor+https://cdn-fastly.deb.debian.org/debian/$2}xms;
s{
^
......@@ -33,7 +33,7 @@ s{
/[0-9]{10} # serial
/?
(\s+)
}{$1tor+http://sgvtcaew4bxjd7ln.onion/$2}xms;
}{$1tor+https://cdn-fastly.deb.debian.org/debian-security/$2}xms;
s{
^
......@@ -55,7 +55,7 @@ s{
/debian
/?
(\s+)
}{$1tor+http://vwakviie2ienjx6t.onion/debian/$2}xms;
}{$1tor+https://cdn-fastly.deb.debian.org/debian/$2}xms;
s{
^
......@@ -65,7 +65,7 @@ s{
/debian-security
/?
(\s+)
}{$1tor+http://sgvtcaew4bxjd7ln.onion/$2}xms;
}{$1tor+https://cdn-fastly.deb.debian.org/debian-security/$2}xms;
s{
^
......
......@@ -48,29 +48,11 @@ my $notify = Desktop::Notify->new()
or die "Failed creating Desktop::Notify object.";
debug('$notify:' . "\n" . Dumper($notify));
my $summary = __("Synchronizing the system's clock");
my $body = __("Tor needs an accurate clock to work properly, especially for Onion Services. Please wait...");
my $notification = $notify->create(summary => $summary,
body => $body,
timeout => 0)
or die "Failed to create notification object";
debug('$notification:' . "\n" . Dumper($notification));
# Wait until notifications can be shown
until (system("pidof", "ibus-daemon") == 0) {
sleep 1
}
$notification->show() or warn "Failed showing notification.";
# Wait until htpdate is done
until ( -e $htp_done_file ) {
sleep 1;
}
$notification->close();
# in case htpdate failed, notify the user with the corresponding logs
unless (-e $htp_success_file) {
open(my $htp_log, '<', $htp_log_file)
......
From cad60b3a4d820826013b17134dd2405a1bfa5fe0 Mon Sep 17 00:00:00 2001
From 84d2d608aa46588034d2012d43ee283f66b0d8b8 Mon Sep 17 00:00:00 2001
From: anonym <anonym@riseup.net>
Date: Wed, 7 Oct 2020 15:50:23 +0200
Subject: [PATCH 2/4] Add pref for whether we accept OAuth2 during
Subject: [PATCH] Add pref for whether we accept OAuth2 during
autoconfiguration.
For many providers JavaScript is required for OAuth2 to work; with it
......@@ -16,7 +16,7 @@ that disables JavaScript (like TorBirdy) can provide a workaround.
3 files changed, 53 insertions(+), 34 deletions(-)
diff --git a/comm/mail/components/accountcreation/content/emailWizard.js b/comm/mail/components/accountcreation/content/emailWizard.js
index 1cafc978c8d..b677bb718cd 100644
index 18c2b514894..487f9aefae0 100644
--- a/comm/mail/components/accountcreation/content/emailWizard.js
+++ b/comm/mail/components/accountcreation/content/emailWizard.js
@@ -1467,23 +1467,25 @@ EmailConfigWizard.prototype = {
......@@ -157,5 +157,5 @@ index ddebe393a33..ff2ddf5284e 100644
pref("dom.xhr.standard_content_type_normalization", false);
--
2.28.0
2.31.0
From 2242be5b93fdf0634a6918dec07bcd406426753f Mon Sep 17 00:00:00 2001
From 27470b650c59ab70580a93c5a69f54e7761764c6 Mon Sep 17 00:00:00 2001
From: anonym <anonym@riseup.net>
Date: Tue, 3 Nov 2020 12:13:10 +0100
Subject: [PATCH] Don't reset encryption choice when disabling encryption
......@@ -11,23 +11,14 @@ no matter the desired default.
While we're at it, also kill two lines of code before a call to
enableEncryptionControl() that exactly replicates it.
---
comm/mail/extensions/am-e2e/am-e2e.js | 5 -----
1 file changed, 5 deletions(-)
comm/mail/extensions/am-e2e/am-e2e.js | 3 ---
1 file changed, 3 deletions(-)
diff --git a/comm/mail/extensions/am-e2e/am-e2e.js b/comm/mail/extensions/am-e2e/am-e2e.js
index 397864f8e23..3d73a959a13 100644
index d70bd5d415b..d01d05c9b96 100644
--- a/comm/mail/extensions/am-e2e/am-e2e.js
+++ b/comm/mail/extensions/am-e2e/am-e2e.js
@@ -182,8 +182,6 @@ function e2eInitializeFields() {
enableEnc = enableEnc || !!gKeyId;
}
- gRequireEncrypt.disabled = !enableEnc;
- gDoNotEncrypt.disabled = !enableEnc;
enableEncryptionControls(enableEnc);
gSignCertName.value = gIdentity.getUnicharAttribute("signing_cert_name");
@@ -474,9 +472,6 @@ function smimeSelectCert(smime_cert) {
@@ -442,9 +442,6 @@ function smimeSelectCert(smime_cert) {
function enableEncryptionControls(do_enable) {
gRequireEncrypt.disabled = !do_enable;
gDoNotEncrypt.disabled = !do_enable;
......@@ -38,5 +29,5 @@ index 397864f8e23..3d73a959a13 100644
function enableSigningControls(do_enable) {
--
2.28.0
2.31.0
From 633d8f976fc2975e56d0d2aca243806794a17951 Mon Sep 17 00:00:00 2001
From c03c3cce700017b11528c7dc6d06ecbb82d20314 Mon Sep 17 00:00:00 2001
From: anonym <anonym@riseup.net>
Date: Wed, 27 Feb 2019 09:45:04 +0100
Subject: [PATCH 1/4] Prefer fetched configurations using SSL over plaintext.
Subject: [PATCH] Prefer fetched configurations using SSL over plaintext.
---
.../components/accountcreation/content/readFromXML.js | 10 ++++++++--
......@@ -36,5 +36,5 @@ index 95019f97d45..d0fa70846c9 100644
exception = e;
}
--
2.28.0
2.31.0
http://people.torproject.org/~sysrqb/builds/10.0.14-build1/
http://torbrowser-archive.tails.boum.org/10.0.16-build1/
a273505efa1f62361a859183325cfc7f38defc3348c755c85c138ba5b76a928f tor-browser-linux64-10.0.14_en-US.tar.xz
d9c410c436b670123194fe9e4887306ea765988e500e110b6a0d8e3a4c39eb49 langpacks-tor-browser-linux64-10.0.14.tar.xz
fc0acea2d62767a67038296e0cc041dea2bc7b80ca5dc9333d0173ce4c7b021e tor-browser-linux64-10.0.16_en-US.tar.xz
f6580761e819581a8f2b8bd9dc470078bceefe58ef5d42413517e8f41022061e langpacks-tor-browser-linux64-10.0.16.tar.xz
......@@ -284,11 +284,27 @@ method checked_upgrades_file () {
}
method refresh_signing_key () {
my $new_key_content = Tails::Download::HTTPS->new(
max_download_size => 128 * 2**10,
)->get_url(
$self->running_system->baseurl . '/tails-signing-minimal.key'
);
my ($error_msg, $new_key_content);
$error_msg =
__(
q{<b>An error occured while updating the signing key.</b>\n\n}.
q{<b>This prevents determining whether an upgrade is available from our website.</b>\n\n}.
q{Check your network connection, and restart Tails to try upgrading again.\n\n}.
q{If the problem persists, go to file:///usr/share/doc/tails/website/doc/upgrade/error/check.en.html},
);
try {
$new_key_content = Tails::Download::HTTPS->new(
max_download_size => 128 * 2**10,
)->get_url(
$self->running_system->baseurl . '/tails-signing-minimal.key'
);
} catch {
$self->fatal(
$error_msg,
title => __(q{Error while downloading the signing key}),
debugging_info => $self->encoding->decode($_),
);
};
my ($stdout, $stderr, $exit_code);
my $success = 1;
IPC::Run::run ['gpg', '--import'],
......@@ -296,12 +312,7 @@ method refresh_signing_key () {
or $success = 0;
$exit_code = $?;
$success or $self->fatal(
__(
q{<b>An error occured while updating the signing key.</b>\n\n}.
q{<b>This prevents determining whether an upgrade is available from our website.</b>\n\n}.
q{Check your network connection, and restart Tails to try upgrading again.\n\n}.
q{If the problem persists, go to file:///usr/share/doc/tails/website/doc/upgrade/error/check.en.html},
),
$error_msg,
title => __(q{Error while updating the signing key}),
debugging_info => $self->encoding->decode(errf(
"exit code: %{exit_code}i\n\n".
......
......@@ -185,7 +185,6 @@ pidgin
pidgin-guifications
pidgin-otr
pinentry-gtk2
poedit
powermgmt-base
ppp
pppoe
......
tails (4.18) unstable; urgency=medium
* Upgrade Thunderbird to 78.9.0-1~deb10u1
* Upgrade Tor Browser to 10.0.16 (tails/tails!400)
Closes issues:
- Upgrade to Tor Browser based on Firefox 78.10 (tails/tails#18252)
Commits:
- Fetch Tor Browser from our own archive.
- Upgrade Tor Browser to 10.0.15.
* Upgrade Intel microcodes to 3.20210216.1~deb10u1
* Upgrade firmware-linux-nonfree to 20210315-2
* Remove Poedit (#18236) (tails/tails!395)
Commits:
- Remove Poedit (#18236)
* Display an error message when the Upgrader fails to download the signing key
(tails/tails!390)
Closes issues:
- Display an error message when the Upgrader fails to check for available
upgrades (tails/tails#18238)
Commits:
- Display an error message when the Upgrader fails to download the signing key
* Remove clock sync notification (tails/tails!389)
Closes issues:
- Remove the "clock synchronization" notification (tails/tails#7439)
Commits:
- tails-htp-notify-user only notifies if $problems
* Bump snapshots of the Debian APT archive to 2021033101 (tails/tails!388)
Commits:
- Bump snapshots of the Debian APT archive to 2021033101
* APT: use non-onion HTTPS sources for Debian repositories (tails/tails!383)
Closes issues:
- Fix failures with Debian's APT repository onion service (tails/tails#17993)
Commits:
- APT: use non-onion HTTPS sources for Debian repositories
* Merge base branch earlier (tails/tails!381)
Closes issues:
- The mergebasebranch option merges the base branch too late (tails/tails#12557)
Commits:
- Document that faketime is needed on the host to build Tails.
- Vagrant: don't install faketime any more.
- Drop useless version part from development build filenames.
- Build system: only add base branch info to image names when relevant.
- Build system: make development images' names more consistent.
- Build system: move around logic to reduce ENV state.
- Build system: re-run rake after merging base branch (#12557)
- Rakefile: handle jenkins passing the now obsolete mergebasebranch.
- Build system: by default, merge the base branch early when building (#12557)
-- Tails developers <tails@boum.org> Mon, 19 Apr 2021 14:19:38 +0000
tails (4.17) unstable; urgency=medium
 
* Upgrade Thunderbird to 78.8.0-1~deb10u1
......
......@@ -6,7 +6,7 @@ Feature: APT sources are correctly configured
Scenario: APT sources are configured correctly
Given a computer
And I start Tails from DVD with network unplugged and genuine APT sources
Then the only hosts in APT sources are "vwakviie2ienjx6t.onion,sgvtcaew4bxjd7ln.onion,umjqavufhoix3smyq6az2sx4istmuvsgmz4bq5u5x56rnayejoo6l2qd.onion,sdscoq7snqtznauu.onion"
Then the only hosts in APT sources are "cdn-fastly.deb.debian.org,umjqavufhoix3smyq6az2sx4istmuvsgmz4bq5u5x56rnayejoo6l2qd.onion,sdscoq7snqtznauu.onion"
And no proposed-updates APT suite is enabled
And no experimental APT suite is enabled for deb.torproject.org
And if releasing, no unversioned Tails APT source is enabled
......
UnsafeBrowserStartPage.png
\ No newline at end of file
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment