Commit 0a1f6478 authored by anonym's avatar anonym
Browse files

Merge branch 'stable' into devel

parents cae496a7 0d2c5a7c
......@@ -134,10 +134,18 @@ Package: linux-kbuild-3.16
Pin: release o=Debian,n=jessie
Pin-Priority: 999
Package: monkeysphere
Pin: release o=Debian,n=stretch
Pin-Priority: 999
Package: obfs4proxy
Pin: release o=TorProject,n=obfs4proxy
Pin-Priority: 990
Package: pinentry-gtk2
Pin: release o=Debian Backports,n=jessie-backports
Pin-Priority: 999
Package: python-electrum
Pin: release o=Debian,n=stretch
Pin-Priority: 999
......
......@@ -36,7 +36,7 @@ EOF
equivs-build "libdvd-pkg-${LIBDVD_PKG_VERSION}.control"
dpkg -i "libdvd-pkg_${LIBDVD_PKG_VERSION}_all.deb"
)
rm -R "${tmp}"
rm -r "${tmp}" /usr/src/libdvd-pkg
# Remove dangling symlink -- note that we absolutely do not want the
# functionality (automatic checks and upgrades for new css sources)
......
......@@ -35,6 +35,16 @@ print_text "--------------------------------------------------------------------
# Note to translators: any text line must fit on a 80 characters wide screen
case "${LANG}" in
de_DE.UTF-8)
print_text " Sie können nun die Start-DVD oder den Start-USB-Stick entfernen"
print_empty_line
print_text " Der Systemspeicher wird in einigen Sekunden gelöscht..."
print_empty_line
print_text " Die Anzeige könnte anschließend fehlerhaft sein."
print_empty_line
print_text " Falls sich das System in einigen Sekunden nicht selbst ausschaltet,"
print_text " bedeutet dies, dass die Speicherlöschung fehlgeschlagen ist."
;;
es_ES.UTF-8)
print_text " Puede ahora retirar el DVD o el USB de arranque."
print_empty_line
......
......@@ -16,10 +16,17 @@ claws_mail_config_is_persistent() {
}
warn_about_claws_mail_persistence() {
local dialog_msg="<b><big>`gettext \"The <b>Claws Mail</b> persistence feature is activated.\"`</big></b>
`gettext \"If you have emails saved in <b>Claws Mail</b>, you should <a href='https://tails.boum.org/doc/anonymous_internet/claws_mail_to_icedove'>migrate your data</a> before starting <b>Icedove</b>.\"`"
if [ -f "${PROFILE}/prefs.js" ]; then
dialog_msg="${dialog_msg}
`gettext \"If you already migrated your emails to <b>Icedove</b>, you should <a href='https://tails.boum.org/doc/anonymous_internet/claws_mail_to_icedove#delete'>delete all your <b>Claws Mail</b> data</a> to remove this warning.\"`"
fi
local launch="`gettext \"_Launch\"`"
local exit="`gettext \"_Exit\"`"
# Since zenity can't set the default button to cancel, we switch the
......
......@@ -226,6 +226,11 @@ po_slave_languages:
- fr|Français
- pt|Português
# PageSpec controlling which pages are translatable
#
# On each release `n` of Tails 3.0, 4.0, etc. this list should be
# updated to disable translations of news/version_*, news/test_*, and
# security/Numerous_security_holes_in_* for release `n-2`.
# Also update ikiwiki.setup, news.mdwn, and security.mdwn.
po_translatable_pages: '!security/audits and !security/audits/* and !news/report_2* and !news/version_0* and !news/test_0* and !security/Numerous_security_holes_in_0* and (about or bugs or chat or contribute or contribute/how/donate or doc or doc/* or download or download.inline or getting_started or inc/stable_i386_release_notes or index or news or news/* or press or press/* or security or security/* or sidebar or support or support/* or todo or torrents or wishlist or misc or misc/* or install or install/* or upgrade or upgrade/*)'
# internal linking behavior (default/current/negotiated)
po_link_to: current
......
......@@ -203,6 +203,11 @@ po_slave_languages:
- fr|Français
- pt|Português
# PageSpec controlling which pages are translatable
#
# On each release `n` of Tails 3.0, 4.0, etc. this list should be
# updated to disable translations of news/version_*, news/test_*, and
# security/Numerous_security_holes_in_* for release `n-2`.
# Also update ikiwiki-cgi.setup, news.mdwn, and security.mdwn.
po_translatable_pages: '!security/audits and !security/audits/* and !news/report_2* and !news/version_0* and !news/test_0* and !security/Numerous_security_holes_in_0* and (about or bugs or chat or contribute or contribute/how/donate or doc or doc/* or download or download.inline or getting_started or inc/stable_i386_release_notes or index or news or news/* or press or press/* or security or security/* or sidebar or support or support/* or todo or torrents or wishlist or misc or misc/* or install or install/* or upgrade or upgrade/*)'
# internal linking behavior (default/current/negotiated)
po_link_to: current
......
......@@ -6,7 +6,7 @@
msgid ""
msgstr ""
"Project-Id-Version: Tails i10n Team\n"
"POT-Creation-Date: 2015-10-30 11:35+0100\n"
"POT-Creation-Date: 2016-03-21 18:14+0100\n"
"PO-Revision-Date: 2016-03-14 13:51-0000\n"
"Last-Translator: Tails translators <tails@boum.org>\n"
"Language-Team: Tails translators <tails-l10n@boum.org>\n"
......@@ -456,3 +456,12 @@ msgid ""
msgstr ""
"Sehen Sie die [[Danksagungen und ähnlichen Projekte|doc/about/"
"acknowledgments_and_similar_projects]]."
#. type: Title =
#, no-wrap
msgid "Contact\n"
msgstr ""
#. type: Plain text
msgid "See the [[contact page|about/contact]]."
msgstr ""
......@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: tails-l10n@boum.org\n"
"POT-Creation-Date: 2015-12-24 15:03+0100\n"
"POT-Creation-Date: 2016-03-21 18:14+0100\n"
"PO-Revision-Date: 2015-10-21 10:58+0000\n"
"Last-Translator: sprint5 <translation5@451f.org>\n"
"Language-Team: Persian <http://weblate.451f.org:8889/projects/tails/about/fa/"
......@@ -493,3 +493,12 @@ msgid ""
msgstr ""
"[[قدردانی‌ها و پروژه‌های مشابه|doc/about/"
"acknowledgments_and_similar_projects]] را ببینید."
#. type: Title =
#, no-wrap
msgid "Contact\n"
msgstr ""
#. type: Plain text
msgid "See the [[contact page|about/contact]]."
msgstr ""
......@@ -6,7 +6,7 @@
msgid ""
msgstr ""
"Project-Id-Version: tails-about-fr\n"
"POT-Creation-Date: 2015-10-30 11:35+0100\n"
"POT-Creation-Date: 2016-03-21 18:14+0100\n"
"PO-Revision-Date: 2013-10-13 17:08-0000\n"
"Last-Translator: \n"
"Language-Team: \n"
......@@ -507,3 +507,12 @@ msgid ""
msgstr ""
"Voir [[Remerciements et projets similaires|doc/about/"
"acknowledgments_and_similar_projects]]."
#. type: Title =
#, no-wrap
msgid "Contact\n"
msgstr ""
#. type: Plain text
msgid "See the [[contact page|about/contact]]."
msgstr ""
......@@ -152,3 +152,8 @@ Acknowledgments and similar projects
====================================
See [[Acknowledgments and similar projects|doc/about/acknowledgments_and_similar_projects]].
Contact
=======
See the [[contact page|about/contact]].
......@@ -6,7 +6,7 @@
msgid ""
msgstr ""
"Project-Id-Version: 1\n"
"POT-Creation-Date: 2015-10-30 11:35+0100\n"
"POT-Creation-Date: 2016-03-21 18:14+0100\n"
"PO-Revision-Date: 2014-04-30 20:00-0300\n"
"Last-Translator: Tails Developers <amnesia@boum.org>\n"
"Language-Team: Portuguese <LL@li.org>\n"
......@@ -509,3 +509,12 @@ msgid ""
"See [[Acknowledgments and similar projects|doc/about/"
"acknowledgments_and_similar_projects]]."
msgstr ""
#. type: Title =
#, no-wrap
msgid "Contact\n"
msgstr ""
#. type: Plain text
msgid "See the [[contact page|about/contact]]."
msgstr ""
[[!meta title="Contact"]]
There are many ways to contact us, depending on what you want
to talk about.
All mailing lists are in English unless specified otherwise.
[[!toc levels=2]]
Public mailing lists
====================
<div class="caution">
<p>These mailing lists are public: subscription is open to anyone. Don't
send compromising information. Please respect the
[[code of conduct|contribute/working_together/code_of_conduct/]].</p>
</div>
<a id="tails-support"></a>
tails-support
-------------
[[tails-support@boum.org|support/tails-support]] is the mailing list
dedicated to Tails user support.
[[!inline pages="support/tails-support" raw="yes"]]
<a id="amnesia-news"></a>
amnesia-news
------------
amnesia-news@boum.org is the mailing list where we send our [[news]] by
email. It has a low traffic and it is the right place to stay
up-to-date with the releases and security announcements.
Public archive of amnesia-news: <https://mailman.boum.org/pipermail/amnesia-news/>.
<form method="POST" action="https://mailman.boum.org/subscribe/amnesia-news">
<input class="text" name="email" value=""/>
<input class="button" type="submit" value="Subscribe"/>
</form>
<a id="tails-project"></a>
tails-project
-------------
tails-project@boum.org is the mailing list where we discuss upcoming
events, monthly reports, and other non-technical matters.
Public archive of tails-project: <https://mailman.boum.org/pipermail/tails-project/>.
<form method="POST" action="https://mailman.boum.org/subscribe/tails-project">
<input class="text" name="email" value=""/>
<input class="button" type="submit" value="Subscribe"/>
</form>
<a id="tails-dev"></a>
tails-dev
---------
tails-dev@boum.org is the mailing list where the development work is
coordinated and technical design questions are discussed. Subscribe if
you want to [[contribute code|contribute/how/code]].
Public archive of tails-dev: <https://mailman.boum.org/pipermail/tails-dev/>.
<form method="POST" action="https://mailman.boum.org/subscribe/tails-dev">
<input class="text" name="email" value=""/>
<input class="button" type="submit" value="Subscribe"/>
</form>
<a id="tails-testers"></a>
tails-testers
-------------
tails-testers@boum.org is the mailing list for people who want to help
[[test|contribute/how/testing]] new releases or features.
Public archive of tails-testers: <https://mailman.boum.org/pipermail/tails-testers/>.
<form method="POST" action="https://mailman.boum.org/subscribe/tails-testers">
<input class="text" name="email" value=""/>
<input class="button" type="submit" value="Subscribe"/>
</form>
<a id="tails-ux"></a>
tails-ux
--------
tails-ux@boum.org is the list for matters related to
[[user experience and user interface|contribute/how/user_interface]].
Public archive of tails-ux: <https://mailman.boum.org/pipermail/tails-ux/>.
<form method="POST" action="https://mailman.boum.org/subscribe/tails-ux">
<input class="text" name="email" value=""/>
<input class="button" type="submit" value="Subscribe"/>
</form>
<a id="tails-l10n"></a>
tails-l10n
----------
[[!inline pages="contribute/how/translate/tails-l10n.inline" raw="yes"]]
Private email addresses
=======================
<a id="tails-support-private"></a>
tails-support-private
---------------------
You can write encrypted emails to <tails-support-private@boum.org> if
you need help in private.
[[OpenPGP key|tails-bugs.key]]
([[details|doc/about/openpgp_keys#support]]).
[[!inline pages="support/talk/languages.inline" raw="yes"]]
<a id="tails-press"></a>
tails-press
-----------
If you are a journalist and want to write about Tails, or if you want to
send us links to [[press articles|press]] about Tails, write to
<tails-press@boum.org>.
[[OpenPGP key|tails-press.key]]
([[details|doc/about/openpgp_keys#press]]).
<a id="tails-accounting"></a>
tails-accounting
-----------------
If you want to fund Tails, write to <tails-accounting@boum.org>.
[[OpenPGP key|tails-accounting.key]]
([[details|doc/about/openpgp_keys#accounting]]).
<a id="tails-sysadmins"></a>
tails-sysadmins
---------------
To talk about our infrastructure (servers, test suite, repositories,
mirrors, etc.), write to <tails-sysadmins@boum.org>.
[[OpenPGP key|tails-sysadmins.key]]
([[details|doc/about/openpgp_keys#sysadmins]]).
<a id="tails"></a>
tails
-----
For matters that are listed in none of the above and for
vulnerabilities disclosures, you can write encrypted emails to
<tails@boum.org>.
[[OpenPGP key|tails-email.key]]
([[details|doc/about/openpgp_keys#private]]).
<a id="irc"></a>
IRC channels
============
You can join our [[users chat room|support/chat]] and
[[developers chat room|contribute/chat]]. Only a few Tails
developers hang out there, so email is preferred for anything that
might be of interest for the larger community.
......@@ -32,6 +32,10 @@ Everything in this report can be made public.
# B. Improve our quality assurance process
## B.4. Freezable APT repository
- B.4.2. Implement a mechanism to save the list of packages used at
ISO build time ([[!tails_ticket 10748]])
# C. Scale our infrastructure
......
......@@ -31,8 +31,7 @@ tickets on [[!tails_redmine desc="Redmine"]], meaning that patches are
welcome, but we do not feel committed, as a project, to make
it happen.
On the other hand, it appears that adding support for [[blueprint/UEFI
Secure boot]] will be necessary at some point. More and more
On the other hand, it appears that adding support for [[blueprint/UEFI_Secure_boot]] will be necessary at some point. More and more
off-the-shelf PC hardware is shipped with this functionality enabled.
Also, having to constantly disable and re-enable Secure boot in the
firmware configuration is not the best dual-boot user experience we
......@@ -140,7 +139,7 @@ More technical details:
OVMF
----
* The <edk2-devel@lists.sourceforge.net> mailing-list is the canonical
* The <edk2-devel@lists.sourceforge.net> mailing list is the canonical
place for discussions on this topic.
* Ubuntu's page about OVMF: <https://wiki.ubuntu.com/UEFI/OVMF>
* <http://www.linux-kvm.org/page/OVMF>
......
......@@ -18,7 +18,7 @@ Our buildbot's instance runs inside a KVM guest managed by libvirt.
work on this.
1. Custom notifications when a build fails: the one currently sent
lacks some useful information.
2. Request a mailing-list where buildbot would send its build
2. Request a mailing list where buildbot would send its build
failure reports.
3. Move to a "build in a throw-away VM" approach, so that a given
build cannot taint future ones.
......
......@@ -68,7 +68,7 @@ Mozilla and others:
* [tutorial](http://download.freedesktop.org/ldtp/doc/ldtp-tutorial.pdf)
* The main bindings are Python, but there also are a Ruby client and
Perl bindings in the [Git repo](http://cgit.freedesktop.org/ldtp/ldtp2/tree/ldtp)
* The LDTP dev mailing-list is very quiet, and it's unclear whether
* The LDTP dev mailing list is very quiet, and it's unclear whether
GNOME still uses it, or instead switched to dogtail.
## misc
......
......@@ -75,7 +75,7 @@ Next steps
* This is being discussed in the [Tracking derivatives delta:
explanations, history](https://lists.debian.org/85r41tx7k4.fsf@boum.org)
thread on the debian-derivatives mailing-list.
thread on the debian-derivatives mailing list.
* Action items: [[!tails_ticket 7607]] and subtasks
Misc. ideas
......
......@@ -28,10 +28,27 @@ little value.
- developer (including stable, testing, devel, and `$topic`)
* get the updated documentation + this design reviewed, including
security aspects [i]
* write tools that the doc calls for
- bump `Valid-Until`
- freeze
- unfreeze
* give RM's access to `reprepro-time-based-snapshots@apt.lizard` [i]
* document how to freeze time-based APT snapshots being used:
./auto/scripts/apt-snapshots-serials freeze && \
git commit \
-m 'Freeze APT snapshots to the current ones.' \
config/APT_snapshots.d/*/serial
* document how to thaw time-based APT snapshots being used:
./auto/scripts/apt-snapshots-serials thaw && \
git commit \
-m 'Thaw APT snapshots.' \
config/APT_snapshots.d/*/serial
* document how to bump `Valid-Until` [i], e.g.
ssh reprepro-time-based-snapshots@apt.lizard \
tails-bump-apt-snapshot-valid-until \
tails 2016031304 15
* move relevant content from this blueprint to the "final" design
doc + contributors doc
......@@ -47,26 +64,37 @@ little value.
snapshots)
e. **done** publish the snapshots' serial over HTTP
(e.g. <http://time-based.snapshots.deb.tails.boum.org/debian-security/project/trace/debian-security>)
e. **done** try using such snapshots for building an ISO:
done in `feature/5926-freezable-APT-repository`
e. Avoid re-downloading everything one has in their local
apt-cacher-ng, and filling its cache with files duplicated
many times. It's acceptable not to have optimal caching for `dists/`; what
matters is `pool`. We have a working PoC using the "merging" strategy (documented on
<file:///usr/share/doc/apt-cacher-ng/html/config-serv.html#repmap>),
that is `Remap-tails` with no `TargetURLs` list; it works if
we do that for the `pool/` directory only (we don't want to
merge the cache for the different `dists` directory):
$ echo 'Remap-tailspool: file:tails-time-based-snapshots-debian-pool.list' \
| sudo tee /etc/apt-cacher-ng/tails-time-based-snapshots-debian-pool.conf
$ for origin in $(cd config/APT_snapshots.d/ ; ls -d *) ; do for y in $(seq 2016 2026) ; do for m in $(seq 1 12); do for d in $(seq 1 31) ; do for t in $(seq 1 4) ; do printf 'http://time-based.snapshots.deb.tails.boum.org/%s/%04u%02u%02u%02u/pool/\n' $origin $y $m $d $t ; done ; done ; done ; done | sudo tee /etc/apt-cacher-ng/tails-time-based-snapshots-$origin-pool.list ; done
e. deny robots access to that data
e. manage symlinks or rewrite rules for URL → reprepro filesystem
layout (cf. "APT vs. reprepro: dist names" below)
e. try using such snapshots for building an ISO
- branch: `feature/build-from-snapshots`
- how to avoid re-downloading everything one has in their local
apt-cacher-ng, and filling its cache with files duplicated
many times? It seems that we can't merge caches between the
default `debrep` and our own snapshots: XXX.
But at least we should de-duplicate among our own snapshots,
e.g. using the "merging" strategy (documented on
<file:///usr/share/doc/apt-cacher-ng/html/config-serv.html#repmap>),
that is `Remap-tails` with no `TargetURLs` list.
d. implement list of sticky snapshots that must not be GC'ed,
including the tool to add to that list
e. implement GC of snapshots
f. implement GC of packages
e. implement GC of expired snapshots and packages (`tails-delete-expired-apt-snapshots`):
* allow running in verbose or silent mode, just like in
`tails-update-time-based-apt-snapshots` [k]
* delete expired snapshots' `dist` directories after
`deleteunreferenced` [k]
* review and test [i]
* deploy with Puppet, redirect output to a log file, logrotate snippet [i]
f. clean up old snapshots that the GC system can't clean up
automatically (e.g. those before 20160311, that have no
`Valid-Until`)
* debian
* debian-security
* tails
* torproject
g. have build system output the snapshots being used,
and have Jenkins publish this info if available
......@@ -89,30 +117,18 @@ little value.
b. **done** PoC of capturing the list of source packages used during the build
c. **done** initial reprepro setup for tagged snapshots
d. **done** debootstrap in jessie-backports
e. **WIP** how to create a partial snapshot from a manifest and
the origin time-based snapshots?
* `generate-build-manifest` (main Git repo), aka. [[!tails_ticket 10748]]
- cherry-pick the relevant bits and get them into Tails 2.3 [i]
e. **WIP** create a partial snapshot from a manifest and
the origin time-based snapshots:
* add comments for the most obscure aspects of
`tails-prepare-tagged-apt-snapshot-import` [k]
* `generate-build-manifest` (main Git repo), aka. get [[!tails_ticket 10748]]
done in Tails 2.3 [i]
- convert custom `data/debootstrap/tails-wheezy` into a patch,
or set up the process to update/replace it in the future,
or something (we're using Jessie now) [i]
* `tails-prepare-tagged-apt-snapshot-import`, aka.
[[!tails_ticket 10749]] (`puppet-tails` repo):
- review & test support for multiple architectures [i]:
* beware of differing versions due to binNMUs
* test with a complete set of data (including all
architectures we want, source packages, and a build
manifest that includes amd64 (e.g.
[[!tails_gitweb_branch feature/8415-overlayfs]]) and
source packages
g. **WIP** have the manifest → partial snapshot process include source
packages
=> review this [i], in particular:
- check the case when the binary package's version is different
from the corresponding source package's one
(`libdevmapper1.02.1` vs. `lvm2`)
- torproject provides no source packages; how does
`tails-prepare-tagged-apt-snapshot-import` deal with it?
- get rid of the last XXX in `data/wrappers/apt-get`
- move `data/wrappers/apt-get` to a better place
* deploy, update release process doc, grant RM's access
h. publish tagged snapshots over HTTP
h. for some Tails release: generate manifest, import packages into
tagged snapshots, try building *offline* with these tagged
......@@ -132,8 +148,7 @@ little value.
## Snapshots and branches
Several times a day (e.g. 4 times, to match runs of `dinstall` in the
Debian archive; XXX: start with once a day and then raise the
frequency if the infrastructure can hold it?) we update a local mirror
Debian archive, we update a local mirror
of the APT repositories we're
interested in, e.g. with `reprepro update`. Once this is successfully
done, we take a snapshot of the current state of our local mirror
......@@ -190,12 +205,6 @@ except:
* if a set of APT repository snapshots is encoded directly in that
branch: use them, even for security.debian.org.
XXX: add special handling of deb.tails.b.o, that we need since it's
the repo where we can sneak freeze exceptions in. In theory it's not
related to our great APT repository snapshots plans, since it has its
own snapshots mechanism already, but ideally we would integrate it
into the new system entirely?
## Different problems ⇒ different solutions
Note that:
......@@ -251,14 +260,26 @@ snapshots information.
So we'll use two independent `reprepro` instances to address these
two problems.
XXX: how exactly we'll import packages we need from time-based
snapshots to tagged ones is left to be defined (filtered `reprepro
update`? `cp` + `reprepro includeblah`?)
# Special cases and implementation
<a id="runtime-sources"></a>
## Custom APT repository
Our custom APT repository (<http://deb.tails.boum.org/>) is not part of
the first iteration of this system: it's not needed, since we already
have a process to manage it, including creating snapshots labeled with
the Git tag.
However, longer-term, ideally we would integrate it into the new
system. It will require quite some infrastructure and code, if we want
to avoid making the release process more painful (e.g. it would be nice
if this didn't require waiting up to 6 hours until the next time-based
snapshot of our custom APT repository is created, between the time we
upload a package to it, and when we can build an ISO with it; we could
solve this by automatically creating a new snapshot whenever an APT
suite corresponding to a release branch is updated).
## APT sources used inside Tails
A running Tails' APT must be pointed at the official, live Debian
......@@ -450,9 +471,13 @@ than N days will probably be compulsory.
To ensure that garbage collection doesn't delete a snapshot we still
need, e.g. the one currently referenced in the frozen `testing`
branch, we'll maintain a list of snapshots that need to be kept
around. The tool used by the RM to bump the archive snapshot serials
in Git should take care of it.
branch, we'll rely on `Valid-Until`: the way to express "I want to
keep a given snapshot around" would be to postpone its expiration
date; i.e. we don't differentiate "keep a given snapshot around" from
"keep a given snapshot usable".
See the section about `Valid-Until` below, for details about how we
can bump it.
### Tagged snapshots
......@@ -545,7 +570,7 @@ Conclusion: compared to the "snapshots as full-blown distributions +
is very appealing. The counterpart being that: