Commit a253d7e3 authored by intrigeri's avatar intrigeri
Browse files

Merge branch 'stable' into bugfix/16708-linux-4.19.37+force-all-tests

parents c97b0f9c d99b74d3
......@@ -163,10 +163,6 @@ Package: xul-ext-torbirdy
Pin: release o=Debian,n=stretch-backports
Pin-Priority: 999
Package: pdf-redact-tools
Pin: release o=Debian,n=sid
Pin-Priority: 999
Explanation: weirdness in chroot_apt install-binary
Package: *
Pin: release o=chroot_local-packages
......
......@@ -95,13 +95,20 @@ Change_gid () {
fi
}
# Temporarily give these groups a GID that's out of the way, to avoid collisions
# Temporarily give these users and groups a UID/GID that's out of the way,
# to avoid collisions
Change_uid debian-tor 1070
Change_uid speech-dispatcher 1080
Change_uid colord 1090
Change_uid saned 1100
Change_uid pulse 1110
Change_uid hplip 1120
Change_uid Debian-gdm 1130
Change_gid messagebus 1050
Change_gid ssh 1090
Change_gid memlockd 1100
Change_gid ssl-cert 1110
Change_gid vboxsf 1120
Change_gid monkeysphere 1130
Change_gid debian-tor 1140
Change_gid lpadmin 1150
Change_gid scanner 1160
......@@ -113,13 +120,19 @@ Change_gid Debian-gdm 1210
Change_gid kvm 1500
Change_gid render 1510
# Finally, give these groups the desired GID
# Finally, give these users and groups the desired UID/GID
Change_uid debian-tor 107
Change_uid speech-dispatcher 108
Change_uid colord 109
Change_uid saned 110
Change_uid pulse 111
Change_uid hplip 112
Change_uid Debian-gdm 113
Change_gid messagebus 105
Change_gid ssh 109
Change_gid memlockd 110
Change_gid ssl-cert 111
Change_gid vboxsf 112
Change_gid monkeysphere 113
Change_gid debian-tor 114
Change_gid lpadmin 115
Change_gid scanner 116
......
......@@ -9,4 +9,5 @@ set -e
echo "Creating the clearnet user"
adduser --system --quiet --group clearnet
addgroup --system --quiet --gid 123 clearnet
adduser --system --quiet --uid 114 --gid 123 clearnet
......@@ -9,4 +9,5 @@ set -e
echo "Creating the htp user"
adduser --system --quiet --group --no-create-home htp
addgroup --system --quiet --gid 124 htp
adduser --system --quiet --uid 116 --gid 124 --no-create-home htp
......@@ -10,4 +10,5 @@ set -e
echo "Creating the tails-iuk-get-target-file user"
adduser --system --quiet --group --no-create-home tails-iuk-get-target-file
addgroup --system --quiet --gid 125 tails-iuk-get-target-file
adduser --system --quiet --uid 117 --gid 125 --no-create-home tails-iuk-get-target-file
......@@ -10,4 +10,5 @@ set -e
echo "Creating the tails-upgrade-frontend user"
adduser --system --quiet --group --no-create-home tails-upgrade-frontend
addgroup --system --quiet --gid 126 tails-upgrade-frontend
adduser --system --quiet --uid 118 --gid 126 --no-create-home tails-upgrade-frontend
......@@ -9,5 +9,6 @@ set -e
echo "creating the tor-launcher user"
adduser --system --quiet --group tor-launcher
addgroup --system --quiet --gid 127 tor-launcher
adduser --system --quiet --uid 119 --gid 127 tor-launcher
adduser tor-launcher debian-tor
......@@ -9,5 +9,6 @@ set -e
echo "Creating the tails-install-iuk user"
adduser --system --quiet --group --no-create-home tails-install-iuk
addgroup --system --quiet --gid 128 tails-install-iuk
adduser --system --quiet --uid 120 --gid 128 --no-create-home tails-install-iuk
adduser tails-install-iuk tails-iuk-get-target-file
......@@ -4,7 +4,7 @@ set -e
echo "Wrapping some applications with torsocks"
APPS="gobby-0.5 openpgp-applet seahorse"
APPS="openpgp-applet seahorse"
DBUS_SERVICES="org.gnome.seahorse.Application org.fedoraproject.Config.Printing"
WRAPPED_DBUS_SERVICES=""
......
......@@ -26,21 +26,6 @@ rm /etc/console-setup/cached_setup_keyboard.sh
rm /var/cache/ldconfig/aux-cache
rm /var/lib/systemd/catalog/database
# Delete non-deterministically generated files, that should not be shared among
# all Tails systems anyway. We don't ship SSHd, so we don't bother generating
# them at boot.
# We remove with -f due to a suspected race condition: it seems that
# .../authentication/sphere/S.gpg-agent can be removed (by gpg-agent?)
# *right after* `rm -r` has listed it, so that when `rm` tries to
# remove it, it doesn't exist any more and it fails.
if [ -d /var/lib/monkeysphere/authentication/ ]; then
rm -rf /var/lib/monkeysphere/authentication/
else
echo 'Cannot remove /var/lib/monkeysphere/authentication/:' \
'directory does not exist' >&2
exit 1
fi
# Empty non-deterministically generated file. If it exists and is empty, systemd
# will automatically set up a new unique ID. But if does not exist, systemd
# will populate /etc with preset unit settings, which will for example re-enable
......
......@@ -3,9 +3,6 @@ NODE_PATH=/usr/local/lib/nodejs
SOCKS_SERVER=127.0.0.1:9050
SOCKS5_SERVER=127.0.0.1:9050
# Port that the monkeysphere validation agent listens on
MSVA_PORT='6136'
# Have Qt applications use the Adwaita theme
QT_STYLE_OVERRIDE=adwaita
......
......@@ -80,11 +80,6 @@ domain ip {
mod owner uid-owner $amnesia_uid ACCEPT;
}
# White-list access to Monkeysphere
daddr 127.0.0.1 proto tcp syn dport 6136 {
mod owner uid-owner $amnesia_uid ACCEPT;
}
# White-list access to OnionShare
daddr 127.0.0.1 proto tcp syn dport 17600:17650 {
mod owner uid-owner $amnesia_uid ACCEPT;
......
#!/usr/bin/python
#!/usr/bin/python3
# NB: this program is subject to the system's per-process memory limits.
......
......@@ -50,7 +50,6 @@ messagebus:x:105:
ssh:x:109:
memlockd:x:110:
ssl-cert:x:111:
monkeysphere:x:113:
debian-tor:x:114:tor-launcher
lpadmin:x:115:
vboxsf:x:112:
......
......@@ -22,7 +22,6 @@ systemd-resolve:x:102:104:systemd Resolver,,,:/run/systemd/resolve:/bin/false
_apt:x:104:65534::/nonexistent:/bin/false
messagebus:x:103:105::/var/run/dbus:/bin/false
memlockd:x:105:110:memlockd system account,,,:/usr/lib/memlockd:/bin/false
monkeysphere:x:106:113:monkeysphere authentication user,,,:/var/lib/monkeysphere:/bin/bash
debian-tor:x:107:114::/var/lib/tor:/bin/false
speech-dispatcher:x:108:29:Speech Dispatcher,,,:/var/run/speech-dispatcher:/bin/false
colord:x:109:117:colord colour management daemon,,,:/var/lib/colord:/bin/false
......
......@@ -111,7 +111,6 @@ gnome-user-guide
gnupg-agent
gnupg2
gobi-loader
gobby
## breaks lb because of desktop-base.postinst (see Debian bug #467620)
#if ARCHITECTURE amd64
# grub
......@@ -126,19 +125,16 @@ hardlink
haveged
# needed by laptop-mode-tools to spin-down hard drives
hdparm
hopenpgp-tools
inkscape
iptables
# ships isolinux.bin in syslinux 6.x packaging
isolinux
ferm
keepassx
keyringer
memlockd
less
laptop-mode-tools
libgail-common
libgfshare-bin
libcaribou-gtk-module
libsane-hpaio
live-config
......@@ -147,11 +143,7 @@ live-tools
lvm2
macchanger
mat
pdf-redact-tools
mesa-utils
monkeysign
monkeysphere
msva-perl
nautilus
nautilus-wipe
nautilus-gtkhash
......@@ -182,20 +174,17 @@ libreoffice-l10n-zh-cn
onioncircuits
openpgp-applet
openssh-client
paperkey
parted
patch
pidgin
pidgin-guifications
pidgin-otr
pinentry-gtk2
pitivi
poedit
ppp
pppoe
pulseaudio
pulseaudio-utils
pwgen
p7zip-full
qt-at-spi
rng-tools
......@@ -219,7 +208,6 @@ system-config-printer-common
synaptic
torsocks
totem-plugins
traverso
ttf-dejavu
tcpdump
tcpflow
......@@ -237,7 +225,6 @@ thunderbird-l10n-zh-cn
tor
tor-geoipdb
sound-juicer
ssss
totem
unar
usbutils
......@@ -351,11 +338,6 @@ modemmanager
usb-modeswitch
usb-modeswitch-data
### Monkeysign dependencies for qrcodes scanning
python-qrencode
python-zbar
python-zbarpygtk
### Printing support
foomatic-db
foomatic-db-engine
......
......@@ -262,11 +262,6 @@ def stream_isolation_info(application)
:socksport => 9150,
:controller => true,
}
when "Gobby"
{
:grep_monitor_expr => 'users:(("gobby-0.5"',
:socksport => 9050
}
when "SSH"
{
:grep_monitor_expr => 'users:(("\(nc\|ssh\)"',
......@@ -325,25 +320,6 @@ And /^I re-run tails-upgrade-frontend-wrapper$/ do
$vm.execute_successfully("tails-upgrade-frontend-wrapper", :user => LIVE_USER)
end
When /^I connect Gobby to "([^"]+)"$/ do |host|
gobby = Dogtail::Application.new('gobby-0.5')
gobby.child('Welcome to Gobby', roleName: 'label')
gobby.button('Close').click
# This indicates that Gobby has finished initializing itself
# (generating DH parameters, etc.) -- before, the UI is not responsive
# and our CTRL-t is lost.
gobby.child('Failed to share documents', roleName: 'label')
gobby.menu('File').click
gobby.menuItem('Connect to Server...').click
@screen.type("t", Sikuli::KeyModifier.CTRL)
connect_dialog = gobby.dialog('Connect to Server')
connect_dialog.child('', roleName: 'text').typeText(host)
connect_dialog.button('Connect').click
# This looks for the live user's presence entry in the chat, which
# will only be shown if the connection succeeded.
try_for(60) { gobby.child(LIVE_USER, roleName: 'table cell'); true }
end
When /^the Tor Launcher autostarts$/ do
@screen.wait('TorLauncherWindow.png', 60)
end
......
......@@ -29,13 +29,6 @@ Feature: Tor stream isolation is effective
And the Tor Browser loads the startup page
Then I see that Tor Browser is properly stream isolated
@fragile
Scenario: Gobby is using the default SocksPort
When I monitor the network connections of Gobby
And I start "Gobby" via GNOME Activities Overview
And I connect Gobby to "gobby.debian.org"
Then I see that Gobby is properly stream isolated
Scenario: SSH is using the default SocksPort
When I monitor the network connections of SSH
And I run "ssh lizard.tails.boum.org" in GNOME Terminal
......@@ -47,17 +40,3 @@ Feature: Tor stream isolation is effective
And I query the whois directory service for "boum.org"
And the whois command is successful
Then I see that whois is properly stream isolated
@fragile
Scenario: Explicitly torify-wrapped applications are using the default SocksPort
When I monitor the network connections of Gobby
And I run "torify /usr/bin/gobby-0.5" in GNOME Terminal
And I connect Gobby to "gobby.debian.org"
Then I see that Gobby is properly stream isolated
@fragile
Scenario: Explicitly torsocks-wrapped applications are using the default SocksPort
When I monitor the network connections of Gobby
And I run "torsocks /usr/bin/gobby-0.5" in GNOME Terminal
And I connect Gobby to "gobby.debian.org"
Then I see that Gobby is properly stream isolated
......@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: The Tor Project\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2019-04-06 14:00+0200\n"
"POT-Creation-Date: 2019-05-18 08:53+0200\n"
"PO-Revision-Date: 2014-12-30 17:30+0000\n"
"Last-Translator: E <ehuseynzade@gmail.com>\n"
"Language-Team: Azerbaijani (http://www.transifex.com/projects/p/torproject/"
......@@ -751,8 +751,8 @@ msgstr "Tor-un yenidən başladılması alınmadı."
#: config/chroot_local-includes/usr/local/lib/python3/dist-packages/unlock_veracrypt_volumes/volume_manager.py:164
#, python-format
msgid ""
"Could not add file container %s: Timeout while waiting for loop setup.Please "
"try using the <i>Disks</i> application instead."
"Could not add file container %s: Timeout while waiting for loop setup.\n"
"Please try using the <i>Disks</i> application instead."
msgstr ""
#: config/chroot_local-includes/usr/local/lib/python3/dist-packages/unlock_veracrypt_volumes/volume_manager.py:209
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment