Unverified Commit 3fc56973 authored by intrigeri's avatar intrigeri
Browse files

Merge remote-tracking branch 'origin/stable' into 18655-clean-up-squashfs-excludes

parents 49db531e 6175bbd7
......@@ -271,7 +271,7 @@ task :parse_build_options do
warn "Building a release ⇒ ignoring #{opt} build option"
ENV['MKSQUASHFS_OPTIONS'] = nil
else
ENV['MKSQUASHFS_OPTIONS'] = '-comp xz -no-exports'
ENV['MKSQUASHFS_OPTIONS'] = '-comp zstd -no-exports'
end
when 'defaultcomp'
ENV['MKSQUASHFS_OPTIONS'] = nil
......
......@@ -124,6 +124,7 @@ LEGIT_USERS = [
"usul",
"uzairfarooq",
"winterfairy",
"xin",
"xirzon",
"xmunoz",
"yawning",
......
This diff is collapsed.
......@@ -58,11 +58,6 @@ Package: firmware-linux firmware-linux-nonfree firmware-amd-graphics firmware-at
Pin: release o=Debian,n=sid
Pin-Priority: 990
Explanation: freeze exception (#18556)
Package: firmware-linux firmware-linux-nonfree firmware-amd-graphics firmware-atheros firmware-brcm80211 firmware-intel-sound firmware-ipw2x00 firmware-iwlwifi firmware-libertas firmware-misc-nonfree firmware-realtek firmware-ti-connectivity
Pin: origin deb.tails.boum.org
Pin-Priority: 999
Package: firmware-sof-signed
Pin: release o=Debian,n=sid
Pin-Priority: 999
......
http://dist.torproject.org/torbrowser/11.0a9/
http://people.torproject.org/~sysrqb/builds/11.0a10-build1/
cba4a2120b4f847d1ade637e41e69bd01b2e70b4a13e41fe8e69d0424fcf7ca7 tor-browser-linux64-11.0a9_en-US.tar.xz
ba2de7efaa24426eb3262f60d12b71ca9f6d1f4e9ed5ca600c51321451ac8d84 langpacks-tor-browser-linux64-11.0a9.tar.xz
5d3e2ebc4fb6a10f44624359bc2a5a151a57e8402cbd8563d15f9b2524374f1f tor-browser-linux64-11.0a10_en-US.tar.xz
f8148ba2be2df4ad981026d6c57a3b9c50dd10de4477a1e9f5d56076864cc458 langpacks-tor-browser-linux64-11.0a10.tar.xz
......@@ -76,7 +76,7 @@ Feature: create an IUK
Given an old ISO image whose filesystem.squashfs contains file "A" modified at 1333333333
And a new ISO image whose filesystem.squashfs contains file "A" modified at 1336666666
When I create an IUK
Then the saved IUK contains a SquashFS that contains file "A" modified at 1336666666
Then the saved IUK contains a SquashFS that contains file "A" modified at SOURCE_DATE_EPOCH
Scenario: create an IUK when the bootloader configuration was not upgraded
Given two ISO images that contain the same bootloader configuration
......
......@@ -19,6 +19,7 @@ use Types::Path::Tiny qw{Path};
use Tails::IUK;
use Tails::IUK::Read;
use Tails::IUK::Utils qw{run_as_root};
my $bindir = path(__FILE__)->parent->parent->parent->parent->child('bin')->absolute;
......@@ -53,7 +54,7 @@ fun geniso($srcdir, $outfile) {
my $squashfs_tempdir = Path::Tiny->tempdir;
# an empty SquashFS is invalid
path($squashfs_tempdir, '.placeholder')->touch;
capture("mksquashfs '$squashfs_tempdir' '$srcdir/live/filesystem.squashfs' -no-progress 2>/dev/null");
capture("gensquashfs --quiet --pack-dir '$squashfs_tempdir' '$srcdir/live/filesystem.squashfs' 2>/dev/null");
}
capture(EXIT_ANY,
"genisoimage --quiet -J -l -cache-inodes -allow-multidot -o '$outfile' '$srcdir' 2>/dev/null");
......@@ -174,7 +175,11 @@ Given qr{^(an old|a new) ISO image whose filesystem.squashfs( does not|) contain
run_as_root('chown', $owner, path($squashfs_tempdir, $file)) if defined($owner);
}
path($iso_tempdir, 'live')->mkpath();
capture("mksquashfs '$squashfs_tempdir' '$iso_tempdir/live/filesystem.squashfs' -no-progress 2>/dev/null");
systemx(
'gensquashfs', '--quiet', '--keep-time',
'--pack-dir', $squashfs_tempdir,
$iso_tempdir->child('live/filesystem.squashfs')
);
inject_new_bootloader_bits_into($iso_tempdir) if $generation eq 'new';
ok(geniso($iso_tempdir, $iso_filename));
};
......@@ -245,7 +250,7 @@ When qr{^I create an IUK$}, fun ($c) {
};
Then qr{^the created IUK is a SquashFS image$}, fun ($c) {
system('unsquashfs -l ' . $c->{stash}->{scenario}->{iuk_path} . '>/dev/null 2>&1');
system('rdsquashfs --list / ' . $c->{stash}->{scenario}->{iuk_path} . '>/dev/null 2>&1');
is(${^CHILD_ERROR_NATIVE}, 0, "The generated IUK is not a SquashFS image");
};
......@@ -259,15 +264,18 @@ fun squashfs_contains_only_files_owned_by ($squashfs_filename, $owner, $group) {
$_,
qr{
\A # at the beginning of the string
[-a-z]+ # permissions
(?:file|dir) # file type
[[:space:]]+
.+? # path
[[:space:]]+
[[:digit:]]+ # permissions
[[:space:]]+
$owner # owner
/
$group # group
$owner # UID
[[:space:]]+
$group # GID
}xms,
"line looks like a file description with owner $owner and group $group"
) } split(/\n/, `unsquashfs -q -lln '$squashfs_filename'`);
) } split(/\n/, `rdsquashfs --quiet --describe '$squashfs_filename'`);
}
Then qr{^all files in the saved IUK belong to owner 0 and group 0$}, fun ($c) {
......@@ -331,9 +339,10 @@ fun squashfs_in_iuk_contains(:$iuk_in, :$squashfs_name, :$expected_file,
# on overlayfs, deleted files are stored using character devices,
# that one needs to be root to create
'sudo',
"unsquashfs", '-no-progress',
'rdsquashfs', '--quiet', '--set-times',
'--unpack-root', $tempdir->child('squashfs-root'),
'--unpack-path', $expected_file,
$iuk_in->mountpoint->child($squashfs_path),
$expected_file
);
my $exists = $EXITVAL == 0 ? 1 : 0;
chdir $orig_cwd;
......@@ -349,6 +358,7 @@ fun squashfs_in_iuk_contains(:$iuk_in, :$squashfs_name, :$expected_file,
return unless $exists;
if (defined $expected_mtime) {
$expected_mtime = $ENV{SOURCE_DATE_EPOCH} if $expected_mtime eq 'SOURCE_DATE_EPOCH';
return unless $expected_mtime == $tempdir->child('squashfs-root', $expected_file)->stat->mtime
}
......@@ -375,7 +385,8 @@ fun squashfs_in_iuk_deletes($iuk_in, $squashfs_name, $deleted_file) {
# on overlayfs, deleted files are stored using character devices,
# that one needs to be root to create
'sudo',
"unsquashfs", '-no-progress', "-force", "-dest", $new_dir,
"rdsquashfs", '--quiet', "--unpack-root", $new_dir,
'--unpack-path', '.',
$iuk_in->mountpoint->child($squashfs_path),
);
chdir $orig_cwd;
......@@ -446,11 +457,11 @@ Then qr{^the delete_files list is empty$}, fun ($c) {
is($c->{stash}->{scenario}->{iuk_in}->delete_files_count, 0);
};
Then qr{^the saved IUK contains a SquashFS that contains file "([^"]+)"(?:| modified at ([0-9]+)| owned by ([a-z-]+))$}, fun ($c) {
Then qr{^the saved IUK contains a SquashFS that contains file "([^"]+)"(?:| modified at ([0-9]+|SOURCE_DATE_EPOCH)| owned by ([a-z-]+))$}, fun ($c) {
my $expected_file = $c->matches->[0];
my ($expected_mtime, $expected_owner);
if (defined $c->matches->[1]) {
if ($c->matches->[1] =~ m{\A[0-9]+\z}) {
if ($c->matches->[1] =~ m{\A(?:[0-9]+|SOURCE_DATE_EPOCH)\z}) {
$expected_mtime = $c->matches->[1];
} elsif ($c->matches->[1] =~ m{\A[a-z-]+\z}) {
$expected_owner = $c->matches->[1];
......
......@@ -419,6 +419,7 @@ method create_squashfs_diff () {
'--pack-dir', $union_upperdir,
$self->overlay_dir->child('live', $self->squashfs_diff_name),
);
assert(-e $self->overlay_dir->child('live', $self->squashfs_diff_name));
printf "TIME (main gensquashfs for %s): %d seconds\n",
$self->squashfs_diff_name,
(time - $t1);
......
......@@ -88,7 +88,7 @@ fun fatal (%args) {
}
fun directory_size (AbsDir $dir) {
my @du = split(/\s/, capturex(qw{/usr/bin/du --block-size=1 --summarize}, $dir));
my @du = split(/\s/, capturex(qw{/usr/bin/du --block-size=1 --summarize --apparent-size}, $dir));
return $du[0];
}
......
......@@ -177,11 +177,11 @@ fun make_iuk (AbsPath $iuk_filename,
path($src)->copy($overlay_dir->child($dst));
}
my $mksquashfs_output = capture(
my $gensquashfs_output = capture(
EXIT_ANY,
"mksquashfs '$tempdir' '$iuk_filename' -no-progress -noappend 2>&1"
"gensquashfs --quiet --force --pack-dir '$tempdir' '$iuk_filename' 2>&1"
);
$EXITVAL == 0 or croak "mksquashfs failed: $mksquashfs_output";
$EXITVAL == 0 or croak "gensquashfs failed: $gensquashfs_output";
}
1;
......@@ -43,7 +43,7 @@ describe 'An IUK object' => sub {
# an empty SquashFS is invalid
path($old_squashfs_tempdir, '.placeholder')->touch;
path($old_iso_tempdir, 'live')->mkpath;
`mksquashfs $old_squashfs_tempdir $old_iso_tempdir/live/filesystem.squashfs -no-progress 2>/dev/null`;
`gensquashfs --quiet --pack-dir $old_squashfs_tempdir $old_iso_tempdir/live/filesystem.squashfs 2>/dev/null`;
system(@genisoimage, "-o", $old_iso, $old_iso_tempdir);
my $new_iso = path($tempdir, 'new.iso');
......@@ -56,7 +56,7 @@ describe 'An IUK object' => sub {
path($new_iso_tempdir, 'EFI')->mkpath;
path($new_iso_tempdir, 'utils')->mkpath;
path($new_iso_tempdir, 'live')->mkpath;
`mksquashfs $new_squashfs_tempdir $new_iso_tempdir/live/filesystem.squashfs -no-progress 2>/dev/null`;
`gensquashfs --quiet --pack-dir $new_squashfs_tempdir $new_iso_tempdir/live/filesystem.squashfs 2>/dev/null`;
system(@genisoimage, "-o", $new_iso, $new_iso_tempdir);
$iuk = Tails::IUK->new(
......@@ -68,6 +68,7 @@ describe 'An IUK object' => sub {
it 'can be written out' => $ENV{SKIP_SUDO} ? () : sub {
# XXX:
my ($out_fh, $out_filename) = tempfile();
unlink($out_filename);
$iuk->saveas($out_filename);
ok(-e $out_filename);
};
......
......@@ -52,7 +52,7 @@ describe 'A read IUK object' => sub {
my $iuk_filename = Path::Tiny->tempfile;
$tempdir->child('FORMAT')->spew("2");
$tempdir->child('whatever.file')->touch;
systemx('mksquashfs', $tempdir, $iuk_filename, '-no-progress', '-noappend');
systemx('gensquashfs', '--quiet', '--force', '--pack-dir', $tempdir, $iuk_filename);
$iuk = Tails::IUK::Read->new_from_file($iuk_filename);
};
it 'should return true when called on "whatever.file"' => $ENV{SKIP_SUDO} ? () : sub {
......@@ -65,7 +65,7 @@ describe 'A read IUK object' => sub {
my $tempdir = Path::Tiny->tempdir;
my $iuk_filename = Path::Tiny->tempfile;
$tempdir->child('FORMAT')->spew("2");
systemx('mksquashfs', $tempdir, $iuk_filename, '-no-progress', '-noappend');
systemx('gensquashfs', '--quiet', '--force', '--pack-dir', $tempdir, $iuk_filename);
$iuk = Tails::IUK::Read->new_from_file($iuk_filename);
};
it 'should return false when called on "whatever.file"' => $ENV{SKIP_SUDO} ? () : sub {
......@@ -81,7 +81,7 @@ describe 'A read IUK object' => sub {
my $iuk_filename = Path::Tiny->tempfile;
$tempdir->child('FORMAT')->spew("2");
$tempdir->child('control.yml')->spew("delete_files:\n");
systemx('mksquashfs', $tempdir, $iuk_filename, '-no-progress', '-noappend');
systemx('gensquashfs', '--quiet', '--force', '--pack-dir', $tempdir, $iuk_filename);
$iuk = Tails::IUK::Read->new_from_file($iuk_filename);
};
it 'should return an empty list' => $ENV{SKIP_SUDO} ? () : sub {
......@@ -97,7 +97,7 @@ describe 'A read IUK object' => sub {
$tempdir->child('control.yml')->spew(
"delete_files:\n - file1\n - file2\n - whatever.file\n - file4\n"
);
systemx('mksquashfs', $tempdir, $iuk_filename, '-no-progress', '-noappend');
systemx('gensquashfs', '--quiet', '--force', '--pack-dir', $tempdir, $iuk_filename);
$iuk = Tails::IUK::Read->new_from_file($iuk_filename);
};
it 'should return a list that contains whatever.file' => $ENV{SKIP_SUDO} ? () : sub {
......@@ -112,8 +112,9 @@ describe 'A read IUK object' => sub {
make_iuk(my $iuk_filename = Path::Tiny->tempfile);
$iuk = Tails::IUK::Read->new_from_file($iuk_filename);
};
it 'should return 0' => $ENV{SKIP_SUDO} ? () : sub {
is($iuk->space_needed, 0);
it 'should return ~ 0' => $ENV{SKIP_SUDO} ? () : sub {
cmp_ok($iuk->space_needed, '>=', 0);
cmp_ok($iuk->space_needed, '<=', 10);
};
};
describe 'if called on an IUK whose overlay directory contains two 1MB files' => sub {
......@@ -126,8 +127,10 @@ describe 'A read IUK object' => sub {
);
$iuk = Tails::IUK::Read->new_from_file($iuk_filename);
};
it 'should return 2 * 2**10' => $ENV{SKIP_SUDO} ? () : sub {
is($iuk->space_needed, 2 * 2**20);
it 'should return ~ 2 * 2**10' => $ENV{SKIP_SUDO} ? () : sub {
my $expected_size = 2 * 2**20;
cmp_ok($iuk->space_needed, '>=', $expected_size);
cmp_ok($iuk->space_needed, '<=', $expected_size * 1.1);
};
};
};
......
tails (4.24) UNRELEASED; urgency=medium
tails (4.25) UNRELEASED; urgency=medium
 
* Dummy entry for next release.
 
-- boyska <boyska@riseup.net> Thu, 07 Oct 2021 09:38:13 +0200
-- anonym <anonym@riseup.net> Fri, 05 Nov 2021 16:20:06 +0100
tails (4.24) unstable; urgency=medium
* Upgrade to Tor Browser based on Firefox 91 ESR (tails/tails!639)
Closes issues:
- Upgrade to Tor Browser based on Firefox 91 ESR (tails/tails#18261)
Commits:
- Unsafe Browser: disable more "phone home" features
- Unsafe Browser: disable services.settings.server
- Test suite: search for element more widely.
- Test suite: Firefox' Print dialog is now a panel (refs #18261)
- Update the Tor Browser AppArmor policy for Tor Browser 11 (Firefox 91)
- Test suite: lint
- Test suite: make Gherkin test description more honest
- Rubocop: disable a pattern we use all over the place
- Test suite: update expected images and drop obsolete special-case for Chinese
- Test suite: account for different separator used in German
- Lint.
- Test suite: update comment
- Fix typo in comment
- Test suite: adjust to new Firefox print dialog
- Test suite: update expected windows titles
- Test suite: update expected images
- Upgrade Tor Browser to 11.0a9
* Test suite: make "Unsafe Browser has only Firefox's default bookmarks
configured" step more robust (tails/tails!646)
Closes issues:
- Fragile test since the upgrade to Tor Browser 11: "Unsafe Browser has only
Firefox's default bookmarks configured" (tails/tails#18658)
Commits:
- Test suite: wait for menu to really open before looking for menu entry
- Test suite: update expected picture
* APT sources: add Bullseye security (stable) (tails/tails!637)
Closes issues:
- APT sources: add Bullseye security (tails/tails#18492)
Commits:
- APT pinning: ensure we get security updates for the packages we pull from
Bullseye
- APT sources: add Bullseye security repo
* Move tca developer doc to more appropriate places (tails/tails!636)
Closes issues:
- Update "Tor network configuration" design doc (tails/tails#18360)
Commits:
- tips to develop Tor Connection are reachable
- tca doc behavior.md moved to Gherkin
- move tca/HACKING.md to website
* APT sources: add Bullseye security (tails/tails!626)
Commits:
- APT pinning: ensure we get security updates for the packages we pull from
Bullseye
- APT sources: add Bullseye security repo
* Upgrade kernel to 5.10.46-5 in stable (tails/tails!625)
Closes issues:
- Upgrade Linux to 5.10.46-5 (DSA 4978-1) (tails/tails#18613)
- Upgrade to Buster 10.11 (tails/tails#18608)
Commits:
- Pull libzstd1 from Bullseye: needed by updated squashfs-tools
- Install squashfs-tools from bullseye.
- FIX uBlock patch
- to get a new kernel in stable, bump debian/serial
- change pinning to get kernel from bullseye
- bump kernel to 5.10.46-5
* Upgrade kernel to 5.10.46-5 in devel (tails/tails!622)
Commits:
- Pull libzstd1 from Bullseye: needed by updated squashfs-tools
- change pinning to get kernel from bullseye
- bump kernel to 5.10.46-5
* update Tor network configuration design doc (tails/tails!606)
Commits:
- TCA is not a Tor Launcher wrapper.
- Apply intrigeri's proofreading suggestions.
- explain why tca-portal runs as root
- Document connect-drop security model
- update Tor network configuration design doc
* TCA: clean leftovers (tails/tails!604)
Closes issues:
- TCA clean leftovers (tails/tails#18273)
Commits:
- systemd-notify: move to better way
- we considered this implementation good enough
- remove dead code
- move XXX to #18610
- clarify comment after tails/tails!567
- remove code that was never used and never tested
- comment moved to #18609
* Upgrade Tor Browser to 11.0a10-build1 (tails/tails!655)
Commits:
- Upgrade Tor Browser to 11.0a10-build1
* Remove obsolete freeze exception (tails/tails!648)
Commits:
- Remove obsolete freeze exception
* Port the iuk test suite from squashfs-tools to squashfs-tools-ng
(tails/tails!644)
Closes issues:
- Port the iuk test suite from squashfs-tools to squashfs-tools-ng
(tails/tails#18653)
Commits:
- IUK test suite: support file names with spaces
- IUK test suite: take into account gensquashfs behavior wrt. SOURCE_DATE_EPOCH
- IUK test suite: add missing import
- IUK test suite: port from squashfs-tools to squashfs-tools-ng
- IUK generation: add assertion
- Upgrader: use apparent size to compute space needed to install an IUK
* Switch to zstd for SquashFS compression in development ISO/USB images
(tails/tails!643)
Commits:
- Switch to zstd for SquashFS compression in development ISO/USB images
* Switch to squashfs-tools-ng to build IUKs (tails/tails!640)
Closes issues:
- Switch to squashfs-tools-ng to fix IUKs build reproducibly (tails/tails#18577)
- Failure reproducing IUKs for 4.22~rc1 (tails/tails#18536)
- Failure reproducing IUKs for 4.23 (tails/tails#18627)
Commits:
- GitLab CI: avoid confusing error message
- Release process: use only the isobuilders that have squashfs-tools-ng
- Switch to squashfs-tools-ng to generate our IUKs
- Update release process requirements for building IUKs
* Resolve "Tor Connection bridge tests fail" (tails/tails!621)
Closes issues:
- Tor Connection bridge tests fail (tails/tails#18634)
Commits:
- FIX tests for 84e047ebd39e too
- fix tests after 68b0e77119e
* Upgrader: avoid high cpu usage when getting download progress info
(tails/tails!619)
Closes issues:
- tails-upgrade-frontend causes very high CPU load when downloading upgrade
(tails/tails#18632)
Commits:
- Upgrader: avoid high cpu usage when getting download progress info
* Explain better how to type a bridge (#18597) (tails/tails!617)
Closes issues:
- Explain better "type in a bridge" (tails/tails#18597)
Commits:
- Fix grammar
- Use singular as much as possible
- Use 'bridge' in singular as much as possible
- Fix broken link
- Explain better how to type a bridge (#18597)
- Style guide: not everybody types
* Don't mention local network in Unsafe Browser confirmation (tails/tails!615)
Closes issues:
- Don't mention local network in Unsafe Browser confirmation (tails/tails#18600)
Commits:
- Simplify
* Rephrase intro of Fix Clock dialog (tails/tails!614)
Closes issues:
- Rephrase intro of Fix Clock dialog (tails/tails#18572)
Commits:
- Be consistent with /doc/about/warnings/identity
- Simply
- Remove duplicate text
- Simplify and be more correct
* Improve time zone selection UX (tails/tails!595)
Closes issues:
- Improve time zone selection UX (tails/tails#18514)
Commits:
- the test suite correctly handles UTC/GMT
- UTC can be selected, too
- test suite enjoys better UX, too
- pressing enter selects topmost entry
- tca gtk errors are logged immediately
- test suite waits for filtering to be applied
- Test suite: replace usage of non-existing Screen.pressKey with Screen.press
- revamp the time selection dialog
- fix logging
- test suite updated for new timezone selection
- FIX matching (lets hope so)
- better UX for timezone selection
- proper logging in asyncutils
* Installer: make the confirmation dialog more scary (tails/tails!593)
Closes issues:
- Make the confirmation more scary when reinstalling a USB stick that has a
Persistent Storage (tails/tails#18301)
Commits:
- Test suite: adjust confirmation label when reinstalling over a usb with a
persistent volume
- Test suite: adjust confirmation dialog label in Installer (refs #18301)
- Installer: inform when there is no target available
- Installer: enforce Persistent Storage detection
- Installer: display if the target device has a Persistence Storage
- Make the confirmation more scary when reinstalling a USB stick that has a
Persistent Storage (refs: #18301)
* TCA: Fix "AttributeError: no attribute persistence_config_failed"
(tails/tails!590)
Commits:
- FIX condition
- make the diff smaller
- TCA: Fix "AttributeError: no attribute persistence_config_failed"
-- Tails developers <tails@boum.org> Thu, 04 Nov 2021 14:25:18 +0100
 
tails (4.23) unstable; urgency=medium
 
......
......@@ -63,6 +63,7 @@ Then /^the Unsafe Browser has only Firefox's default bookmarks configured$/ do
# "Show all bookmarks"
@screen.press('shift', 'ctrl', 'o')
@screen.wait('UnsafeBrowserExportBookmarksButton.png', 20).click
@screen.wait('UnsafeBrowserExportBookmarksButtonSelected.png', 20)
@screen.wait('UnsafeBrowserExportBookmarksMenuEntry.png', 20).click
@screen.wait('UnsafeBrowserExportBookmarksSavePrompt.png', 20)
path = "/home/#{info[:user]}/bookmarks"
......
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment