sysadmin issueshttps://gitlab.tails.boum.org/tails/sysadmin/-/issues2020-05-15T19:09:48Zhttps://gitlab.tails.boum.org/tails/sysadmin/-/issues/6696I2P 0.9.112020-05-15T19:09:48ZkytvI2P 0.9.11_Originally created by @kytv on [#6696 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/6696)_
Please pull the updated I2P packages (0.9.11) from the repository at
deb.i2p2.no into the the Tails repo for inclusion in..._Originally created by @kytv on [#6696 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/6696)_
Please pull the updated I2P packages (0.9.11) from the repository at
deb.i2p2.no into the the Tails repo for inclusion into Tails v0.23. No
changes are needed to the Tails source, just pulling the updated
packages.
Thanks\!Tails_0.23https://gitlab.tails.boum.org/tails/sysadmin/-/issues/5601Add feature/wheezy to the set of branches built by Jenkins2020-05-15T19:37:37Zimport-from-RedmineAdd feature/wheezy to the set of branches built by Jenkins_Originally created by Tails on [#5601 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/5601)_
Add `feature/wheezy` to the set of branches built by Jenkins.
### Related issues
- **Blocks** tails/tails..._Originally created by Tails on [#5601 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/5601)_
Add `feature/wheezy` to the set of branches built by Jenkins.
### Related issues
- **Blocks** tails/tails#6015Tails_1.1intrigeriintrigerihttps://gitlab.tails.boum.org/tails/sysadmin/-/issues/7215Cleanup Squeeze-specific bits from our infrastructure2020-05-15T18:56:59ZintrigeriCleanup Squeeze-specific bits from our infrastructure_Originally created by @intrigeri on [#7215 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/7215)_
Once Tails 1.1 is out, we can get rid of quite some Squeeze-specific
configs, chroots, etc. on our infrastructure:
..._Originally created by @intrigeri on [#7215 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/7215)_
Once Tails 1.1 is out, we can get rid of quite some Squeeze-specific
configs, chroots, etc. on our infrastructure:
- `debomatic-squeeze-backports-mozilla` APT suite
- `squeeze-backports-mozilla` debomatic chroot
- Git grep will tell you more
### Related issues
- [x] **Blocked by** tails/tails#6015Tails_1.2intrigeriintrigerihttps://gitlab.tails.boum.org/tails/sysadmin/-/issues/5633Enable serial console on every lizard guest2020-05-15T19:35:37Zimport-from-RedmineEnable serial console on every lizard guest_Originally created by Tails on [#5633 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/5633)_
Enable serial console in every guest, to be able to connect from the
host without setting up SSH authentication. While we..._Originally created by Tails on [#5633 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/5633)_
Enable serial console in every guest, to be able to connect from the
host without setting up SSH authentication. While we’re at it, enable it
for Grub and on the kernel cmdline + inittab to ease emergency
maintenance.Tails_1.2.3https://gitlab.tails.boum.org/tails/sysadmin/-/issues/8388Adjust Redmine/Git integration to better match our workflow2020-05-15T18:20:55ZintrigeriAdjust Redmine/Git integration to better match our workflow_Originally created by @intrigeri on [#8388 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/8388)_
See e.g. tails/tails#8288.
Feature Branch: doc/8388-redmine-git-integration_Originally created by @intrigeri on [#8388 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/8388)_
See e.g. tails/tails#8288.
Feature Branch: doc/8388-redmine-git-integrationTails_1.2.3https://gitlab.tails.boum.org/tails/sysadmin/-/issues/8484Disable ECDSA on *.lizard's sshd2020-05-15T18:18:22ZintrigeriDisable ECDSA on *.lizard's sshd_Originally created by @intrigeri on [#8484 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/8484)_
Depending on whether we judge EC as available currently as safe enough,
or not._Originally created by @intrigeri on [#8484 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/8484)_
Depending on whether we judge EC as available currently as safe enough,
or not.Tails_1.2.3intrigeriintrigerihttps://gitlab.tails.boum.org/tails/sysadmin/-/issues/8528Please add me as a contributor2020-05-15T18:17:47ZGhost UserPlease add me as a contributor_Originally created by @saint on [#8528 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/8528)_
Hello all,
After discussion with BitingBird, I am hereby requesting to be added as
a contributor to the Tails project. ..._Originally created by @saint on [#8528 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/8528)_
Hello all,
After discussion with BitingBird, I am hereby requesting to be added as
a contributor to the Tails project. =) I am working on documentation,
translation, and ISO verification.
\~saintTails_1.2.3intrigeriintrigerihttps://gitlab.tails.boum.org/tails/sysadmin/-/issues/8678Adjust vcpus configuration to take advantage of lizard v22020-05-15T18:09:27ZintrigeriAdjust vcpus configuration to take advantage of lizard v2_Originally created by @intrigeri on [#8678 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/8678)__Originally created by @intrigeri on [#8678 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/8678)_Tails_1.2.3intrigeriintrigerihttps://gitlab.tails.boum.org/tails/sysadmin/-/issues/8476Upgrade backup configuration wrt. builder -> isobuilder1 rename2020-05-15T18:29:17ZintrigeriUpgrade backup configuration wrt. builder -> isobuilder1 rename_Originally created by @intrigeri on [#8476 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/8476)__Originally created by @intrigeri on [#8476 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/8476)_Tails_1.2.3https://gitlab.tails.boum.org/tails/sysadmin/-/issues/8593Disable ioerror's temporary access to the full past ISO history2020-05-15T18:22:57ZintrigeriDisable ioerror's temporary access to the full past ISO history_Originally created by @intrigeri on [#8593 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/8593)__Originally created by @intrigeri on [#8593 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/8593)_Tails_1.2.3intrigeriintrigerihttps://gitlab.tails.boum.org/tails/sysadmin/-/issues/5747Firewall Jenkins on lizard2020-05-15T19:31:22Zimport-from-RedmineFirewall Jenkins on lizard_Originally created by Tails on [#5747 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/5747)_
Firewall the Jenkins port on `jenkins.lizard` against access from the
other VMs.
Parent Task: tails/sysadmin#5324_Originally created by Tails on [#5747 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/5747)_
Firewall the Jenkins port on `jenkins.lizard` against access from the
other VMs.
Parent Task: tails/sysadmin#5324Tails_1.3https://gitlab.tails.boum.org/tails/sysadmin/-/issues/5898Update Jenkins jobs on Git push2020-05-15T19:29:25Zimport-from-RedmineUpdate Jenkins jobs on Git push_Originally created by Tails on [#5898 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/5898)_
Run `jenkins-jobs update /etc/jenkins_jobs/jobs/` when the Jenkins jobs
repository gets an update.
Parent Task: ..._Originally created by Tails on [#5898 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/5898)_
Run `jenkins-jobs update /etc/jenkins_jobs/jobs/` when the Jenkins jobs
repository gets an update.
Parent Task: tails/sysadmin#5324Tails_1.3https://gitlab.tails.boum.org/tails/sysadmin/-/issues/6938Extract www.lizard's configuration into a public Puppet repository2020-05-15T19:05:33ZintrigeriExtract www.lizard's configuration into a public Puppet repository_Originally created by @intrigeri on [#6938 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/6938)_
www.lizard is partly configured with hard-coded manifest snippets and
files on the puppetmaster. We need to fix this..._Originally created by @intrigeri on [#6938 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/6938)_
www.lizard is partly configured with hard-coded manifest snippets and
files on the puppetmaster. We need to fix this.
The Jenkins side of things (jenkins.t.b.o, nightly.t.b.o) is covered by
tails/sysadmin#7107, so this ticket is about everything else.Tails_1.3intrigeriintrigerihttps://gitlab.tails.boum.org/tails/sysadmin/-/issues/7106Refactor Puppet code for the Jenkins slave on builder.lizard2020-05-15T19:00:40ZintrigeriRefactor Puppet code for the Jenkins slave on builder.lizard_Originally created by @intrigeri on [#7106 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/7106)_
See parent ticket for the rationale.
<https://github.com/boklm/puppet-sshkeys> will probably be needed.
Pa..._Originally created by @intrigeri on [#7106 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/7106)_
See parent ticket for the rationale.
<https://github.com/boklm/puppet-sshkeys> will probably be needed.
Parent Task: tails/sysadmin#6056Tails_1.3https://gitlab.tails.boum.org/tails/sysadmin/-/issues/8289Check if we still need repo.or.cz mirrors2020-05-15T18:23:11ZintrigeriCheck if we still need repo.or.cz mirrors_Originally created by @intrigeri on [#8289 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/8289)_
IIRC, we had set these up to get cia.vc notifications a while ago, but
it’s not used anymore, and leads to lots of n..._Originally created by @intrigeri on [#8289 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/8289)_
IIRC, we had set these up to get cia.vc notifications a while ago, but
it’s not used anymore, and leads to lots of notification email being
sent to tails@, which some of the subscribers are complaining about.
Let’s see if we still need that.Tails_1.3intrigeriintrigerihttps://gitlab.tails.boum.org/tails/sysadmin/-/issues/8125Self-host the Tor Browser tarballs we need2020-05-15T18:40:16ZanonymSelf-host the Tor Browser tarballs we need_Originally created by @anonym on [#8125 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/8125)_
When upgrading to new a TBB for an imminent Tails release, we often have
to fetch the TBB tarballs from e.g.
`http://pe..._Originally created by @anonym on [#8125 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/8125)_
When upgrading to new a TBB for an imminent Tails release, we often have
to fetch the TBB tarballs from e.g.
`http://people.torproject.org/~mikeperry/builds` or some other
**temporary** location. Hence, our release tags will only be buildable
for as long the tarballs stay in that temporary place, which at best is
a few months. If we fetch them from
`http://archive.torproject.org/tor-package-archive/torbrowser/` we do
not have this issue, but TBB releases are only put there when publicly
released, which generally is a day or three after we want to build our
release image.
To solve this, we probably will have to host the Tor Browser tarballs
ourselves, and point to this permanent location for anything that should
be tagged.
Alternatively, if we want to piggy-back on all the good stuff from our
freezable APT repo (tails/sysadmin#5926), we can adapt `10-tbb` into a standalone
script (and remove it from within Tails) that prepares a Tor Browser
.deb:s. We then use it to package Tor Browser and upload it to our APT
repo like we do for other packages. Another benefit from this is that we
don’t have to host **all** TBB tarballs, which will occupy much more
space.
Feature Branch: feature/8125-self-hosted-tor-browser-tarballs
### Related issues
- **Related to** tails/sysadmin#9020
- **Blocks** tails/tails#5630Tails_1.3https://gitlab.tails.boum.org/tails/sysadmin/-/issues/8741Install intel-microcode on lizard2020-05-15T18:07:41ZintrigeriInstall intel-microcode on lizard_Originally created by @intrigeri on [#8741 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/8741)_
Critical issues are fixed by that package._Originally created by @intrigeri on [#8741 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/8741)_
Critical issues are fixed by that package.Tails_1.3https://gitlab.tails.boum.org/tails/sysadmin/-/issues/8747The OpenPGP key for deb.tails.boum.org will expire soon2020-05-15T19:57:15ZkytvThe OpenPGP key for deb.tails.boum.org will expire soon_Originally created by @kytv on [#8747 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/8747)_
$ gpg --fingerprint 0xC7988EA7A358D82E
pub 4096R/0xC7988EA7A358D82E 2012-02-04 [expires: 2015-02-03]
..._Originally created by @kytv on [#8747 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/8747)_
$ gpg --fingerprint 0xC7988EA7A358D82E
pub 4096R/0xC7988EA7A358D82E 2012-02-04 [expires: 2015-02-03]
Key fingerprint = 221F 9A3C 6FA3 E09E 182E 060B C798 8EA7 A358 D82E
uid deb.tails.boum.org archive signing key
Feature Branch: bugfix/8747-update-tails-apt-repo-signing-key
### Related issues
- **Related to** tails/sysadmin#10419
- **Has duplicate** tails/sysadmin#8745Tails_1.3https://gitlab.tails.boum.org/tails/sysadmin/-/issues/8644Setup a Git repo for automated Git tests2020-05-15T18:20:46ZanonymSetup a Git repo for automated Git tests_Originally created by @anonym on [#8644 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/8644)_
For tails/tails#6307 we need a Git repo with read-only access for some SSH key.
This is the key whose public **and** pr..._Originally created by @anonym on [#8644 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/8644)_
For tails/tails#6307 we need a Git repo with read-only access for some SSH key.
This is the key whose public **and** private parts will be stored in the
clear in Tails’ Git.
### Related issues
- **Blocks** tails/tails#8670Tails_1.3intrigeriintrigerihttps://gitlab.tails.boum.org/tails/sysadmin/-/issues/6564Deploy a platform for automated testing2020-05-15T19:26:14ZintrigeriDeploy a platform for automated testing_Originally created by @intrigeri on [#6564 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/6564)_
Allow Tails core developers to run, on our infrastructure, the Tails
automated test suite on ISO images that are alr..._Originally created by @intrigeri on [#6564 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/6564)_
Allow Tails core developers to run, on our infrastructure, the Tails
automated test suite on ISO images that are already being automatically
built there.
Parent Task: tails/sysadmin#5288
### Related issues
- **Blocks** tails/sysadmin#6565
- [x] **Blocked by** tails/tails#7631Tails_1.3.1