Merge branch 'devel' into feature/tor-nightly-master

auto/build

@@ -155,7 +155,7 @@ if [ -d "$WORKAROUNDS_SRC" ]; then
 fi
 
 echo "I: Building ISO image ${BUILD_ISO_FILENAME}..."
-time lb build noauto ${@}
+time lb build noauto "${@}"
 [ -e binary.iso ] || fatal "lb build failed ($?)."
 
 echo "I: ISO image was successfully created"

auto/clean

@@ -10,7 +10,7 @@ for dir in chroot/{dev/pts,proc,sys,var/lib/dpkg} ; do
    fi
 done
 
-lb clean noauto ${@}
+lb clean noauto "${@}"
 
 # rm -f build-*.log
 

auto/config

@@ -91,7 +91,7 @@ export LB_BOOTSTRAP_INCLUDE="gnupg"
 RUN_LB_CONFIG="lb config noauto"
 
 # init config/ with defaults for the target distribution
-$RUN_LB_CONFIG --distribution buster ${@}
+$RUN_LB_CONFIG --distribution buster "${@}"
 
 # set up everything for time-based snapshots:
 if [ -n "${APT_SNAPSHOTS_SERIALS:-}" ]; then
@@ -159,7 +159,7 @@ $RUN_LB_CONFIG \
    --syslinux-splash data/splash.png \
    --syslinux-timeout 4 \
    --initramfs=live-boot \
-   ${@}
+   "${@}"
 
 install -d config/chroot_local-includes/etc/amnesia/
 

auto/scripts/tails-custom-apt-sources

@@ -16,9 +16,14 @@ output_apt_binary_source() {
 }
 
 output_overlay_apt_binary_sources() {
-	for suite in $(ls config/APT_overlays.d) ; do
+	cd config/APT_overlays.d/
+	for suite in * ; do
+		# handle the case when no APT overlay is enabled
+		[[ -e "$suite" ]] || break
+
 		output_apt_binary_source "$suite"
 	done
+	cd ../../
 }
 
 ### Sanity checks

auto/scripts/utils.sh

+# shellcheck shell=bash
 # This library is meant to be used in bash, with "set -e" and "set -u".
 
 BASE_BRANCHES="stable testing devel"

config/amnesia

@@ -23,7 +23,7 @@ AMNESIA_APPEND="live-media=removable nopersistence noprompt timezone=Etc/UTC blo
 AMNESIA_ISOHYBRID_OPTS="-h 255 -s 63 --id 42 --verbose"
 
 # Kernel version
-KERNEL_VERSION='5.6.0-2'
+KERNEL_VERSION='5.7.0-1'
 KERNEL_SOURCE_VERSION=$(
    echo "$KERNEL_VERSION" \
        | perl -p -E 's{\A (\d+ [.] \d+) [.] .*}{$1}xms'

config/chroot_local-hooks/01-check-pam-uses-sha512

+#!/bin/sh
+
+set -e
+
+echo "Checking if PAM uses SHA512 to hash passwords"
+
+if ! grep -q -E "^password\s.*\ssha512" /etc/pam.d/common-password; then
+    echo "PAM does not seem to use SHA512 anymore. Please adjust the
+    Tails Greeter code which hashes the admin password."
+    exit 1
+fi

config/chroot_local-hooks/49-fix-missing-rtw88-firmware

-#!/bin/sh
-
-set -e
-set -u
-
-echo "Checking for possibly missing rtw88 firmware (#17323)"
-
-# Decide where to copy from, and what:
-WORKAROUNDS_FW_DIR='/tmp/tails-workarounds/linux-firmware'
-DIR='rtw88'
-FILES='rtw8822b_fw.bin rtw8822c_fw.bin'
-
-# Sanity check:
-orig_dir="$WORKAROUNDS_FW_DIR/$DIR"
-if [ ! -d "$orig_dir" ]; then
-  echo "=> ERROR: Missing origin directory ($orig_dir)"
-  exit 1
-fi
-
-firmware_dir="/lib/firmware/$DIR"
-if [ ! -d "$firmware_dir" ]; then
-  echo "=> Missing parent directory ($firmware_dir), creating"
-  mkdir -p "$firmware_dir"
-fi
-
-
-for file in $FILES; do
-  path="$firmware_dir/$file"
-  if [ ! -f "$path" ]; then
-    echo "=> Missing firmware ($file), copying"
-    cp "$orig_dir/$file" "$path"
-  else
-    echo "=> ERROR: Firmware for $file found, maybe this hook could be dropped"
-    exit 1
-  fi
-done

config/chroot_local-hooks/50-dkms

@@ -18,7 +18,8 @@ ensure_hook_dependency_is_installed dkms
 ensure_hook_dependency_is_installed \
    virtualbox-guest-dkms
 
-for log in $(ls /var/lib/dkms/*/*/build/make.log); do
+for log in /var/lib/dkms/*/*/build/make.log; do
+   [ -e "$log" ] || break  # handle the case when no file matched the glob
    echo "---- $log"
    cat "$log"
 done

config/chroot_local-hooks/70-seahorse-tool

+#!/bin/sh
+set -e
+
+echo 'Configuring seahorse-tool'
+
+mkdir -p /usr/lib/seahorse
+dpkg-divert --add --rename --divert /usr/lib/seahorse/seahorse-tool \
+                                    /usr/bin/seahorse-tool
+ln -s /usr/local/lib/seahorse-tool-wrapper /usr/bin/seahorse-tool

config/chroot_local-includes/etc/gdm3/PostLogin/Default

@@ -7,9 +7,11 @@
 # =====
 #
 # * /etc/live/config.d/username.conf : $LIVE_USERNAME
-# * /var/lib/gdm3/tails.locale : $TAILS_LOCALE_NAME, $TAILS_XKBMODEL,
-#   $TAILS_XKBLAYOUT, $TAILS_XKBVARIANT, $TAILS_XKBOPTIONS, $CODESET
-# * /var/lib/gdm3/tails.password : $TAILS_USER_PASSWORD
+# * /var/lib/gdm3/settings/tails.language: $TAILS_LOCALE_NAME
+# * /var/lib/gdm3/settings/tails.formats: $TAILS_FORMATS
+# * /var/lib/gdm3/settings/tails.keyboard: $TAILS_XKBMODEL,
+#   $TAILS_XKBLAYOUT, $TAILS_XKBVARIANT, $TAILS_XKBOPTIONS
+# * /var/lib/gdm3/settings/tails.password : $TAILS_USER_PASSWORD
 
 # For whatever reason, /usr/sbin (needed by at least chpasswd)
 # is not in our PATH
@@ -22,6 +24,7 @@ KBDSET=/etc/default/keyboard
 CONSET=/etc/default/console-setup
 LOCALE_CFG=/etc/default/locale
 CODSET="Uni1" # universal codeset to properly display glyphs in localized console
+GREETER_EXPORTED_SETTINGS="tails.macspoof tails.network tails.unsafe-browser"
 
 log() {
     echo "$1" >&2
@@ -60,6 +63,17 @@ grep_n_set() {
 
 log "Entering PostLogin"
 
+### Export the Greeter settings
+# It's important we export the settings from tails.macspoof before
+# unblocking the network below; doing so will make the user-set MAC
+# spoofing option apply (via the custom udev rule) when loading the
+# modules for the previously blocked network devices.
+for setting in ${GREETER_EXPORTED_SETTINGS}; do
+    /usr/bin/install -m 0640 -o root -g root \
+        "/var/lib/gdm3/settings/$setting" \
+        "/var/lib/live/config/$setting"
+done
+
 ### Gather general configuration
 
 # Import the name of the live user
@@ -68,15 +82,12 @@ if [ -z "${LIVE_USERNAME}" ] ; then
     log_n_exit "Username variable not found."
 fi
 
-### Physical security
-log "Running /usr/local/lib/tails-unblock-network..."
-/usr/local/lib/tails-unblock-network
-log "tails-unblock-network has exited (status=$?)."
-
 ### Localization
 
-# Import locale name
-. /var/lib/gdm3/tails.locale || log_n_exit "Locale file not found."
+# Import locale settings
+. /var/lib/gdm3/settings/tails.language || log_n_exit "Language settings file not found."
+. /var/lib/gdm3/settings/tails.formats || log_n_exit "Formats settings file not found."
+. /var/lib/gdm3/settings/tails.keyboard || log_n_exit "Keyboard settings file not found."
 if [ -z "${TAILS_LOCALE_NAME}" ] ; then
     log_n_exit "Locale variable not found."
 fi
@@ -109,16 +120,18 @@ XKBVARIANT="$TAILS_XKBVARIANT"
 XKBOPTIONS="$TAILS_XKBOPTIONS"
 EOF
 
+### Physical security
+log "Running /usr/local/lib/tails-unblock-network..."
+/usr/local/lib/tails-unblock-network
+log "tails-unblock-network has exited (status=$?)."
+
 ### Password
 
 # Import password for superuser access
-if [ -e /var/lib/gdm3/tails.password ] ; then
-    . /var/lib/gdm3/tails.password
+if [ -e /var/lib/gdm3/settings/tails.password ] ; then
+    . /var/lib/gdm3/settings/tails.password
 fi
 
-# Remove password file
-rm --interactive=never -f /var/lib/gdm3/tails.password
-
 # Check if password is actually set
 if [ -z "${TAILS_USER_PASSWORD}" ] ; then
     rm -f "${POLKIT}" "${SUDOERS}"
@@ -132,7 +145,7 @@ if [ -z "${TAILS_USER_PASSWORD}" ] ; then
 fi
 
 # Sets the password
-echo "${LIVE_USERNAME}:${TAILS_USER_PASSWORD}" | chpasswd
+echo "${LIVE_USERNAME}:${TAILS_USER_PASSWORD}" | chpasswd -e
 
 # Add sudoers entry
 echo "${LIVE_USERNAME} ALL = (ALL) ALL" >> "${SUDOERS}"

config/chroot_local-includes/etc/thunderbird/pref/thunderbird.js

@@ -51,6 +51,11 @@ pref("mailnews.auto_config.fetchFromISP.sslOnly", true);
 pref("mailnews.auto_config.sslOnly", true);
 pref("mailnews.auto_config.guess.sslOnly", true);
 
+// Disable automatic configuration methods that could be serving
+// configurations without authentication.
+pref("mailnews.auto_config.fetchFromExchange.enabled", false);
+pref("mailnews.auto_config.mx.enabled", false);
+
 // Drop auto-fetched configurations using Oauth2 -- they do not work
 // since we disable needed functionality (like JavaScript and cookies)
 // in the embedded browser.
@@ -359,8 +364,8 @@ pref("media.cache_size", 0);
 // Disable CSS :visited selector.
 pref("layout.css.visited_links_enabled", false);
 
-// Disable downloadable fonts.
-pref("gfx.downloadable_fonts.enabled", false);
+// downloadable fonts are NOT disabled: disabling them cause bug #17328: "Find in Message" stops working
+//pref("gfx.downloadable_fonts.enabled", false);
 
 // Disable third-party images.
 pref("permissions.default.image", 3);

config/chroot_local-includes/etc/whisperback/debugging-info.json

@@ -19,6 +19,7 @@
 ["file", {"user": "root", "path": "/var/lib/live/config/tails.macspoof"}],
 ["file", {"user": "root", "path": "/var/lib/live/config/tails.network"}],
 ["file", {"user": "root", "path": "/var/lib/live/config/tails.persistence"}],
+["file", {"user": "root", "path": "/var/lib/live/config/tails.unsafe-browser"}],
 ["file", {"user": "tails-persistence-setup", "path": "/live/persistence/TailsData_unlocked/persistence.conf"}],
 ["file", {"user": "tails-persistence-setup", "path": "/live/persistence/TailsData_unlocked/live-additional-software.conf"}],
 ["directory", {"user": "root", "path": "/live/persistence/TailsData_unlocked/apt-sources.list.d"}],

config/chroot_local-includes/lib/systemd/system/tails-gdm-failed-to-start.service

@@ -11,6 +11,8 @@ After=plymouth-quit.service
 Requires=plymouth-quit-wait.service
 After=plymouth-quit-wait.service
 
+# for instructions on how to test this unit, see config/chroot_local-includes/usr/lib/gdm3/gdm-x-session.tails
+
 [Service]
 Type=oneshot
 # We use VT5 that is clean of boot messages and does not get a getty started
@@ -26,11 +28,4 @@ ExecStart=/bin/sh -c \
         --kernel-command-line="plymouth.ignore-udev $(cat /proc/cmdline)"'
 ExecStart=/bin/chvt 5
 ExecStart=/bin/plymouth show-splash
-ExecStart=/bin/sh -c \
-    'MAX_LENGTH=254 ; \
-     PREFIX="Error starting GDM with your graphics card: " ; \
-     SUFFIX=". Please take note of this error and visit https://tails.boum.org/gdm for troubleshooting." ; \
-     MAX_VIDEO_CARD_LENGTH=$(($MAX_LENGTH - $(echo -n "$PREFIX$SUFFIX" | wc -c))) ; \
-     VIDEO_CARD=$(lspci -d::0300 -nn | sed -E "s,.* VGA compatible controller \\[0300\\]:\s*,," | cut -c "1-$MAX_VIDEO_CARD_LENGTH") ; \
-     /bin/plymouth display-message --text="$PREFIX$VIDEO_CARD$SUFFIX" \
-    '
+ExecStart=/usr/local/lib/tails-gdm-error-message

config/chroot_local-includes/lib/systemd/system/tails-shutdown-on-media-removal.service

@@ -2,6 +2,7 @@
 Description=Wipe memory on live media removal
 Documentation=https://tails.boum.org/contribute/design/memory_erasure/
 After=memlockd.service initramfs-shutdown.service
+ConditionKernelCommandLine=!toram
 
 [Service]
 Type=simple

config/chroot_local-includes/lib/systemd/system/tails-unblock-network.service

@@ -5,19 +5,8 @@ Documentation=https://tails.boum.org/contribute/design/MAC_address/
 [Service]
 Type=oneshot
 RemainAfterExit=yes
-EnvironmentFile=/var/lib/gdm3/tails.network
+EnvironmentFile=/var/lib/gdm3/settings/tails.network
 
-# It's important we "export" the settings from tails.macspoof before
-# unblocking the network; doing so will make the user-set MAC spoofing
-# option apply (via the custom udev rule) when loading the modules for the
-# previously blocked network devices.
-ExecStartPre=/bin/sh -c \
-    'for setting in macspoof network; do \
-         /usr/bin/install -m 0640 -o root -g root \
-         "/var/lib/gdm3/tails.$setting" \
-         "/var/lib/live/config/tails.$setting" ; \
-     done'
-ExecStartPre=/bin/sync
 ExecStartPre=/bin/sh -c \
     'if [ "${TAILS_NETCONF}" = "obstacle" ] ; then \
          . /usr/local/lib/tails-shell-library/tor.sh ; \

config/chroot_local-includes/usr/lib/python3/dist-packages/tailsgreeter/config.py

@@ -32,17 +32,33 @@ supported_locales_path = os.path.join(data_path, 'supported_locales')
 # System locales directory
 system_locale_dir = '/usr/share/locale/'
 
-# File where session locale settings are stored
-locale_output_path = '/var/lib/gdm3/tails.locale'
+# Directory where the Greeter settings are stored
+settings_dir = '/var/lib/gdm3/settings'
 
-# File where the session sudo password is stored
-admin_password_output_path = '/var/lib/gdm3/tails.password'
+# Directory where the persistent Greeter settings are stored
+persistent_settings_dir = '/var/lib/gdm3/settings/persistent'
 
-# World-readable file where Tails persistence status is stored
-persistence_state_file = '/var/lib/live/config/tails.persistence'
+# File where the session language setting is stored
+language_setting_path = os.path.join(settings_dir, 'tails.language')
+
+# File where the session formats setting is stored
+formats_setting_path = os.path.join(settings_dir, 'tails.formats')
+
+# File where the session keyboard setting is stored
+keyboard_setting_path = os.path.join(settings_dir, 'tails.keyboard')
+
+# File where the session sudo password is stored
+admin_password_path = os.path.join(settings_dir, 'tails.password')
 
 # File where the network setting is stored
-network_setting = '/var/lib/gdm3/tails.network'
+network_setting_path = os.path.join(settings_dir, 'tails.network')
 
 # File where the MAC address spoofing setting is stored
-macspoof_setting = '/var/lib/gdm3/tails.macspoof'
+macspoof_setting_path = os.path.join(settings_dir, 'tails.macspoof')
+
+# File where the unsafe browser setting is stored
+unsafe_browser_setting_filename = 'tails.unsafe-browser'
+unsafe_browser_setting_path = os.path.join(settings_dir, unsafe_browser_setting_filename)
+
+# World-readable file where Tails persistence status is stored
+persistence_state_file = '/var/lib/live/config/tails.persistence'

config/chroot_local-includes/usr/lib/python3/dist-packages/tailsgreeter/greeter.py

@@ -20,7 +20,9 @@
 
 import gi
 import logging
+import os
 
+from tailsgreeter.config import settings_dir, persistent_settings_dir
 from tailsgreeter.gdmclient import GdmClient
 from tailsgreeter.settings import localization
 from tailsgreeter.settings.admin import AdminSetting
@@ -28,8 +30,9 @@ from tailsgreeter.settings.localization_settings import LocalisationSettings
 from tailsgreeter.settings.macspoof import MacSpoofSetting
 from tailsgreeter.settings.network import NetworkSetting
 from tailsgreeter.settings.persistence import PersistenceSettings
+from tailsgreeter.settings.unsafe_browser import UnsafeBrowserSetting
 from tailsgreeter.translatable_window import TranslatableWindow
-from tailsgreeter.ui.additional_settings import AdminSettingUI, MACSpoofSettingUI, NetworkSettingUI
+from tailsgreeter.ui.additional_settings import AdminSettingUI, MACSpoofSettingUI, NetworkSettingUI, UnsafeBrowserSettingUI
 from tailsgreeter.ui.main_window import GreeterMainWindow
 from tailsgreeter.ui.region_settings import LanguageSettingUI, KeyboardSettingUI, FormatsSettingUI
 from tailsgreeter.ui.settings_collection import GreeterSettingsCollection
@@ -60,30 +63,41 @@ class GreeterApplication(object):
                 "/org/gnome/SessionManager",
                 "org.gnome.SessionManager")
 
+        # Create the settings directory
+        os.makedirs(settings_dir, mode=0o700, exist_ok=True)
+
+        # Create the persistent settings directory
+        os.makedirs(persistent_settings_dir, mode=0o700, exist_ok=True)
+
         # Load models
         self.gdmclient = GdmClient(session_opened_cb=self.close_app)
 
         persistence = PersistenceSettings()
         self.localisationsettings = LocalisationSettings(
             usermanager_loaded_cb=self.usermanager_loaded,
-            locale_selected_cb=self.on_language_changed
         )
         self.admin_setting = AdminSetting()
-        self.network_setting = NetworkSetting()
         self.macspoof_setting = MacSpoofSetting()
+        self.network_setting = NetworkSetting()
+        self.unsafe_browser_setting = UnsafeBrowserSetting()
 
         # Initialize the settings
-        settings = GreeterSettingsCollection(
-            LanguageSettingUI(self.localisationsettings.language),
+        self.settings = GreeterSettingsCollection(
+            LanguageSettingUI(self.localisationsettings.language, self.on_language_changed),
             KeyboardSettingUI(self.localisationsettings.keyboard),
             FormatsSettingUI(self.localisationsettings.formats),
             AdminSettingUI(self.admin_setting),
             MACSpoofSettingUI(self.macspoof_setting),
             NetworkSettingUI(self.network_setting),
+            UnsafeBrowserSettingUI(self.unsafe_browser_setting),
         )
 
         # Initialize main window
-        self.mainwindow = GreeterMainWindow(self, persistence, settings)
+        self.mainwindow = GreeterMainWindow(self, persistence, self.settings)
+
+        # Apply the default settings
+        for setting in self.settings:
+            setting.apply()
 
         # Inhibit the session being marked as idle
         self.inhibit_idle()
@@ -95,13 +109,6 @@ class GreeterApplication(object):
     def login(self):
         """Login GDM to the server"""
         logging.debug("login called")
-
-        # Apply settings
-        self.localisationsettings.apply_to_upcoming_session()
-        self.admin_setting.apply_to_upcoming_session()
-        self.macspoof_setting.apply_to_upcoming_session()
-        self.network_setting.apply_to_upcoming_session()
-
         self.mainwindow.hide()
         self.gdmclient.do_login()
 
@@ -114,8 +121,9 @@ class GreeterApplication(object):
 
     def on_language_changed(self, locale_code: str):
         """Translate to the given locale"""
-        self.localisationsettings.formats.on_language_changed(locale_code)  # XXX: notify
-        self.localisationsettings.keyboard.on_language_changed(locale_code)  # XXX: notify
+        for setting in self.settings.region_settings:
+            setting.on_language_changed(locale_code)
+
         self.translate_to(locale_code)
         self.mainwindow.current_language = localization.language_from_locale(locale_code)
 

config/chroot_local-includes/usr/lib/python3/dist-packages/tailsgreeter/settings/__init__.py

+class SettingNotFoundError(Exception):
+    pass