Commits · e8c754d54c3c845c349c44ec707a1f32dc8e903c · jawlensky / tails

Mar 15, 2023
- dump-user-env: Don't set $EUID · e8c754d5
  segfault authored Mar 06, 2023
  
  The script is now a bash script, so $EUID is always set by the shell.
  e8c754d5
- userenv.py: Log invalid environment variables · 90f481e2
  segfault authored Mar 06, 2023
  
  Makes debugging easier
  90f481e2
- dump-user-env: Only dump specific environment variables · c6d132cd
  segfault authored Mar 06, 2023
  
  Dumping all environment variables caused failure in the test suite where we use the environment dumped by amnesia in a root process. That caused the PATH variable to not include /sbin anymore. The environment variables we dump here are the same that were dumped in the old implementation in gnome.sh.
  c6d132cd
- Remote shell: Remove unused imports · 17c20e77
  segfault authored Mar 06, 2023
  
  17c20e77
- Test Suite: Use "systemctl poweroff" instead of "poweroff" · f6ec5d13
  segfault authored Mar 03, 2023
  
  I had a case where "poweroff" did not cause the system to shut down but "systemctl poweroff" worked.
  f6ec5d13
- Remote shell: Don't fail if user env is not found · 40aa5063
  segfault authored Mar 03, 2023
  
  There are cases where we execute commands as a user when the user env file is not expected to be there, for example when we create files in persistent directories as the owner of the directory, which in case of the persistent greeter settings happens as the Debian-gdm but after login, so systemd already cleaned up the user env file for Debian-gdm.
  40aa5063
- Remote shell: Use user env in commands executed as root · 9ce011c5
  segfault authored Mar 03, 2023
  
  9ce011c5
- refactor: Rename loadenv-exec -> exec-with-env · cf12c510
  segfault authored Mar 03, 2023
  
  cf12c510
- Run tails-additional-software-notify as amnesia with user env · 402a1ad2
  segfault authored Mar 03, 2023
  
  The script doesn't need privileges, so we should run it unprivileged.
  402a1ad2
- exec-with-user-env: Fix comment and add usage message · 4435b30f
  segfault authored Mar 03, 2023
  
  4435b30f
- refactor: Rename launch_x_application -> run_with_user_env · 87e9109a
  segfault authored Mar 03, 2023
  
  87e9109a
- refactor: Rename gnome-env -> user-env · 669acb74
  segfault authored Mar 03, 2023
  
  The environment we're dumping doesn't actually have anything to do with GNOME or GNOME Shell, it's the default environment of a user unit started by systemd plus some display related variables set by us in dump-user-env. The name user-env therefore better reflects its content. Also use the name exec-with-user-env instead of exec-in-user-env to make it more clear that we're not replacing the current environment.
  669acb74
- dump-user-env: Print error message when required variables could not be set · b87facde
  segfault authored Mar 03, 2023
  
  b87facde
- tps-frontend-wrapper: Pass current user environment · 9f1c5e19
  segfault authored Mar 02, 2023
  
  The current user environment already contains all the needed variables, so we pass that instead of /run/user/1000/user-env.
  9f1c5e19
- Reimplement loadenv-exec in Python · f64f2195
  segfault authored Mar 02, 2023
  
  f64f2195
- Replace most usages of gnome_env in Python scripts · 2cabfcd1
  segfault authored Mar 01, 2023
  
  The remaining usages are safe because they are used in unprivileged processes.
  2cabfcd1
- netnsdrop.py: Remove unused argument user · a814b0fa
  segfault authored Mar 01, 2023
  
  a814b0fa
- tails-additional-software-notify: Fix error when printing usage message · 210d50ad
  segfault authored Mar 01, 2023
  
  210d50ad
- tails-additional-software-notify: Fix unresolved reference '_' · 98cb9aeb
  segfault authored Mar 01, 2023
  
  98cb9aeb
- Replace systemctl-user with exec-in-gnome-env · aa060554
  segfault authored Mar 01, 2023
  
  aa060554
- Avoid exporting gnome environment file in privileged processes · 9c180a27
  segfault authored Mar 01, 2023
  
  This removes all usages of the gnome.sh shell library in shell scripts to ensure that the gnome environment file is not exported in privileged processes. A new script, exec-in-gnome-env, is called instead, which exports the gnome environment in an unprivileged amnesia process and then executes some command.
  9c180a27
- Dump gnome-shell env as amnesia · 79a35488
  segfault authored Mar 01, 2023
  
  There are scenarios in which amnesia can control the gnome-shell environment which is dumped at boot, so we have to ensure that only processes running as amnesia (or a less privileged user) export it in their environment. Since we have to do that, we can just store the env file as amnesia and drop the part where we copy the file as root.
  79a35488
- tails-notify-user: Use consistent indentation · 25d9500e
  segfault authored Feb 28, 2023
  
  25d9500e
- 20-time.sh: Don't export amnesia-controlled gnome env · 37ee2adf
  segfault authored Feb 28, 2023
  
  That can lead to privilege escalation. Instead, we use /usr/local/lib/systemctl-user to start a systemd user service which has the required environment variables set.
  37ee2adf
- tailslib: Don't export gnome env · 195bb1cb
  segfault authored Feb 28, 2023
  
  The gnome_env function of the Python module is called in privileged processes, exporting the amnesia-controlled environment in those can lead to privilege escalation. refs #19464
  195bb1cb
- Test suite: Fix unset environment variables evaluating to true · 8f946c3e
  segfault authored Mar 10, 2023
  
  8f946c3e
- tca-portal: Support setting debug log level via environment and kernel cmdline · b381b774
  segfault authored Mar 15, 2023
  
  b381b774
- Merge branch '19370-update-test-clearnet-no-packages-sent' into 'stable' · 5081a058
  boyska authored Mar 15, 2023
  
  Test suite: Fix step "the clearnet user has not sent packets out to the Internet" Closes #19370 See merge request tails/tails!1074
  5081a058
- Merge branch 'all-tests-option' into 'stable' · 33282264
  boyska authored Mar 15, 2023
  
  run_test_suite: Add --all-tests See merge request tails/tails!1076
  33282264
- Merge branch '19450-tor-browser-12.0.4-force-all-tests' into 'stable' · 3e60cee2
  boyska authored Mar 15, 2023
  
  Upgrade Tor Browser to 12.0.4-build1 Closes #19450 See merge request tails/tails!1078
  3e60cee2
- workaround failure · f7065ff2
  boyska authored Mar 15, 2023
  
  refs #19450
  f7065ff2
Mar 14, 2023
- run_test_suite: Add --all-tests · b8640589
  segfault authored Mar 14, 2023
  
  b8640589
- Fetch Tor Browser from our own archive · e9c72628
  boyska authored Mar 14, 2023
  
  e9c72628
- fix step name · 20a690d1
  boyska authored Mar 14, 2023
  
  20a690d1
- Upgrade Tor Browser to 12.0.4-build1 · 00147ebe
  boyska authored Mar 14, 2023
  
  00147ebe
- Merge branch 'sysadmin-11869-retry-getting-source' into 'stable' · 8865022b
  boyska authored Mar 14, 2023
  
  Try again when GitLab CI fails to fetch source See merge request tails/tails!1075
  8865022b
- Merge remote-tracking branch 'boyska/stable' into stable · 5ea331f7
  boyska authored Mar 14, 2023
  
  5ea331f7
Mar 13, 2023
- Try again when GitLab CI fails to fetch source · 0a333ac1
  Zen Fu authored Mar 13, 2023
  
  As discussed during a Sysadmin/FT sunc, this is a low-hanging-fruit attempt to deal with errors when cloning the source repository. refs sysadmin#11869
  0a333ac1
- Merge remote-tracking branch 'origin/master' into stable · 10300c19
  intrigeri authored Mar 13, 2023
  
  10300c19
- Merge branch '19489-remove-window-center-extension' into 'stable' · 0a01a14d
  intrigeri authored Mar 13, 2023
  
  Remove custom window-center extension Closes #19489 See merge request tails/tails!1072
  0a01a14d