Commit 2fee5b53 authored by sajolida's avatar sajolida
Browse files

Merge remote-tracking branch 'origin/master' into doc/10649-boot-menu-animation

parents 26f1d051 3b2bc37e
......@@ -2,7 +2,10 @@
*.mo~
*.po~
*.pot~
*.pyc
*.swp
**/__pycache__
**/.mypy_cache
/*.apt-sources
/*.build-manifest
/*.buildlog
......
......@@ -370,7 +370,7 @@ task :setup_environment => ['validate_git_state'] do
end
end
ENV['BASE_BRANCH_GIT_COMMIT'] = git_helper('git_base_branch_head')
ENV['BASE_BRANCH_GIT_COMMIT'] ||= git_helper('git_base_branch_head')
['GIT_COMMIT', 'GIT_REF', 'BASE_BRANCH_GIT_COMMIT'].each do |var|
if ENV[var].empty?
raise "Variable '#{var}' is empty, which should not be possible: " +
......
......@@ -11,21 +11,21 @@ set -x
umask 022
### functions
### Clone all output, from this point on, to the log file
syslinux_utils_upstream_version () {
dpkg-query -W -f='${Version}\n' syslinux-utils | \
# drop epoch
sed -e 's,.*:,,' | \
# drop +dfsg and everything that follows
sed -e 's,\+dfsg.*,,'
}
BUILD_LOG="${BUILD_BASENAME}.buildlog"
exec > >(tee -a "$BUILD_LOG")
trap "kill -9 $! 2>/dev/null" EXIT HUP INT QUIT TERM
exec 2> >(tee -a "$BUILD_LOG" >&2)
trap "kill -9 $! 2>/dev/null" EXIT HUP INT QUIT TERM
### functions
print_iso_size () {
local isofile="$1"
[ -f "$isofile" ] || return 23
size=$(stat --printf='%s' "$isofile")
echo "The ISO is ${size} bytes large."
echo "I: The ISO is ${size} bytes large."
}
### Main
......@@ -100,13 +100,9 @@ DEBOOTSTRAP_GNUPG_HOMEDIR=$(mktemp -d)
gpg --homedir "$DEBOOTSTRAP_GNUPG_HOMEDIR" \
--no-tty \
--import config/chroot_sources/tails.chroot.gpg
if [ -e "$DEBOOTSTRAP_GNUPG_HOMEDIR/pubring.gpg" ]; then
DEBOOTSTRAP_GNUPG_KEYRING="$DEBOOTSTRAP_GNUPG_HOMEDIR/pubring.gpg"
elif [ -e "$DEBOOTSTRAP_GNUPG_HOMEDIR/pubring.kbx" ]; then
DEBOOTSTRAP_GNUPG_KEYRING="$DEBOOTSTRAP_GNUPG_HOMEDIR/pubring.kbx"
else
fatal "No debootstrap GnuPG keyring was created."
fi
DEBOOTSTRAP_GNUPG_KEYRING="$DEBOOTSTRAP_GNUPG_HOMEDIR/pubring.kbx"
[ -e "$DEBOOTSTRAP_GNUPG_KEYRING" ] \
|| fatal "No debootstrap GnuPG keyring was created."
DEBOOTSTRAP_OPTIONS="$DEBOOTSTRAP_OPTIONS --keyring=$DEBOOTSTRAP_GNUPG_KEYRING"
export DEBOOTSTRAP_OPTIONS
......@@ -121,36 +117,12 @@ export MKSQUASHFS_OPTIONS
# refresh translations of our programs
./refresh-translations || fatal "refresh-translations failed ($?)."
case "$LB_BINARY_IMAGES" in
iso)
which isohybrid >/dev/null || fatal 'Cannot find isohybrid in $PATH'
installed_syslinux_utils_upstream_version="$(syslinux_utils_upstream_version)"
if dpkg --compare-versions \
"$installed_syslinux_utils_upstream_version" \
'lt' \
"$REQUIRED_SYSLINUX_UTILS_UPSTREAM_VERSION" ; then
fatal \
"syslinux-utils '${installed_syslinux_utils_upstream_version}' is installed, " \
"while we need at least '${REQUIRED_SYSLINUX_UTILS_UPSTREAM_VERSION}'."
fi
;;
*)
fatal "Image type ${LB_BINARY_IMAGES} is not supported."
;;
esac
BUILD_ISO_FILENAME="${BUILD_BASENAME}.iso"
BUILD_MANIFEST="${BUILD_BASENAME}.build-manifest"
BUILD_APT_SOURCES="${BUILD_BASENAME}.apt-sources"
BUILD_PACKAGES="${BUILD_BASENAME}.packages"
BUILD_LOG="${BUILD_BASENAME}.buildlog"
BUILD_USB_IMAGE_FILENAME="${BUILD_BASENAME}.img"
# Clone all output, from this point on, to the log file
exec > >(tee -a "$BUILD_LOG")
trap "kill -9 $! 2>/dev/null" EXIT HUP INT QUIT TERM
exec 2> >(tee -a "$BUILD_LOG" >&2)
trap "kill -9 $! 2>/dev/null" EXIT HUP INT QUIT TERM
(
echo "Mirrors:"
apt-mirror debian
......@@ -160,25 +132,25 @@ trap "kill -9 $! 2>/dev/null" EXIT HUP INT QUIT TERM
cat config/chroot_sources/*.chroot
) > "$BUILD_APT_SOURCES"
echo "Building ISO image ${BUILD_ISO_FILENAME}..."
echo "I: Building ISO image ${BUILD_ISO_FILENAME}..."
time lb build noauto ${@}
[ -e binary.iso ] || fatal "lb build failed ($?)."
echo "ISO image was successfully created"
echo "I: ISO image was successfully created"
print_iso_size binary.iso
echo "Hybriding it..."
echo "I: Hybriding it..."
isohybrid $AMNESIA_ISOHYBRID_OPTS binary.iso || fatal "isohybrid failed"
print_iso_size binary.iso
truncate -s %2048 binary.iso
print_iso_size binary.iso
echo "Renaming generated files..."
echo "I: Renaming generated files..."
mv -i binary.iso "${BUILD_ISO_FILENAME}"
mv -i binary.packages "${BUILD_PACKAGES}"
echo "Generating build manifest..."
echo "I: Generating build manifest..."
generate-build-manifest chroot/debootstrap "${BUILD_MANIFEST}"
echo "Creating USB image ${BUILD_USB_IMAGE_FILENAME}..."
echo "I: Creating USB image ${BUILD_USB_IMAGE_FILENAME}..."
create-usb-image-from-iso "${BUILD_ISO_FILENAME}"
......@@ -7,12 +7,6 @@ set -x
. "$(dirname $0)/scripts/utils.sh"
# we require building from git
if ! git rev-parse --is-inside-work-tree; then
echo "${PWD} is not a Git tree. Exiting."
exit 1
fi
. config/amnesia
if [ -e config/amnesia.local ] ; then
. config/amnesia.local
......@@ -21,12 +15,10 @@ fi
if [ -n "${SOURCE_DATE_EPOCH}" ]; then
CURRENT_EPOCH="$(date --utc +%s)"
if [ "${SOURCE_DATE_EPOCH}" -gt "${CURRENT_EPOCH}" ]; then
echo "SOURCE_DATE_EPOCH is set before the current time. Exiting."
exit 1
fatal "SOURCE_DATE_EPOCH is set before the current time. Exiting."
fi
else
echo "SOURCE_DATE_EPOCH is not set. Exiting."
exit 1
fatal "SOURCE_DATE_EPOCH is not set. Exiting."
fi
# get git branch or tag so we can set the basename appropriately, i.e.:
......@@ -53,20 +45,19 @@ GIT_BASE_BRANCH=$(base_branch) \
if [ "${TAILS_MERGE_BASE_BRANCH:-}" = 1 ] && \
! git_on_a_tag && [ "$GIT_BRANCH" != "$GIT_BASE_BRANCH" ] ; then
GIT_BASE_BRANCH_COMMIT=$(git_base_branch_head)
[ -n "${GIT_BASE_BRANCH_COMMIT}" ] \
|| fatal "Base branch's top commit could not be guessed."
[ -n "${BASE_BRANCH_GIT_COMMIT}" ] \
|| fatal "Base branch's top commit is not set."
echo "Merging base branch origin/${GIT_BASE_BRANCH}"
echo "(at commit ${GIT_BASE_BRANCH_COMMIT})..."
echo "I: Merging base branch ${GIT_BASE_BRANCH}" \
"(at commit ${BASE_BRANCH_GIT_COMMIT})..."
faketime -f "${SOURCE_DATE_FAKETIME}" \
git merge --no-edit "origin/${GIT_BASE_BRANCH}" \
git merge --no-edit "${BASE_BRANCH_GIT_COMMIT}" \
|| fatal "Failed to merge base branch."
git submodule update --init
# Adjust BUILD_BASENAME to embed the base branch name and its top commit
CLEAN_GIT_BASE_BRANCH=$(echo "$GIT_BASE_BRANCH" | sed 's,/,_,g')
GIT_BASE_BRANCH_SHORT_ID=$(git_base_branch_head --short)
GIT_BASE_BRANCH_SHORT_ID=$(git rev-parse --verify --short "${BASE_BRANCH_GIT_COMMIT}")
[ -n "${GIT_BASE_BRANCH_SHORT_ID}" ] \
|| fatal "Base branch's top commit short ID could not be guessed."
BUILD_BASENAME="${BUILD_BASENAME}+${CLEAN_GIT_BASE_BRANCH}"
......@@ -79,19 +70,16 @@ echo "BUILD_BASENAME='${BUILD_BASENAME}'" > tmp/build_environment
# sanity checks
if grep -qs -E '^Pin:\s+release\s+.*a=' config/chroot_apt/preferences ; then
echo "Found unsupported a= syntax in config/chroot_apt/preferences,"
echo "use n= instead. Exiting."
exit 1
fatal "Found unsupported a= syntax in config/chroot_apt/preferences," \
"use n= instead. Exiting."
fi
if grep -qs -E '^Pin:\s+release\s+.*o=Debian Backports' \
config/chroot_apt/preferences ; then
echo "Found unsupported 'o=Debian Backports' syntax,"
echo "in config/chroot_apt/preferences. Use o=Debian instead. Exiting."
exit 1
fatal "Found unsupported 'o=Debian Backports' syntax," \
"in config/chroot_apt/preferences. Use o=Debian instead. Exiting."
fi
if [ $(dpkg --print-architecture) != amd64 ] ; then
echo "Only amd64 build systems are supported"
exit 1
fatal "Only amd64 build systems are supported"
fi
# init variables
......@@ -102,7 +90,7 @@ $RUN_LB_CONFIG --distribution stretch ${@}
# set up everything for time-based snapshots:
if [ -n "${APT_SNAPSHOTS_SERIALS:-}" ]; then
echo "Fixing 'latest' APT snapshots serials to: '${APT_SNAPSHOTS_SERIALS}'."
echo "I: Fixing 'latest' APT snapshots serials to: '${APT_SNAPSHOTS_SERIALS}'."
apt-snapshots-serials prepare-build "${APT_SNAPSHOTS_SERIALS}"
else
apt-snapshots-serials prepare-build
......@@ -119,16 +107,16 @@ DEBIAN_MIRROR="$(apt-mirror debian)"
DEBIAN_SECURITY_MIRROR="$(apt-mirror debian-security)"
TORPROJECT_MIRROR="$(apt-mirror torproject)"
[ -n "$DEBIAN_MIRROR" ] || exit 1
[ -n "$DEBIAN_SECURITY_MIRROR" ] || exit 1
[ -n "$TORPROJECT_MIRROR" ] || exit 1
[ -n "$DEBIAN_MIRROR" ] || fatal "\$DEBIAN_MIRROR is empty"
[ -n "$DEBIAN_SECURITY_MIRROR" ] || fatal "\$DEBIAN_SECURITY_MIRROR is empty"
[ -n "$TORPROJECT_MIRROR" ] || fatal "\$TORPROJECT_MIRROR is empty"
perl -pi \
-E \
"s|^(deb(?:-src)?\s+)https?://ftp[.]us[.]debian[.]org/debian/?(\s+)|\$1$DEBIAN_MIRROR\$2| ; \
s|^(deb(?:-src)?\s+)https?://deb[.]torproject[.]org/torproject[.]org/?(\s+)|\$1$TORPROJECT_MIRROR\$2|" \
config/chroot_sources/*.chroot \
|| exit 1
|| fatal "APT mirror substitution failed with exit code $?"
# set Amnesia's general options
$RUN_LB_CONFIG \
......@@ -171,7 +159,8 @@ install -d config/chroot_local-includes/etc/amnesia/
# environment
TAILS_WIKI_SUPPORTED_LANGUAGES="$(ikiwiki-supported-languages ikiwiki.setup)"
[ -n "$TAILS_WIKI_SUPPORTED_LANGUAGES" ] || exit 16
[ -n "$TAILS_WIKI_SUPPORTED_LANGUAGES" ] \
|| fatal "\$TAILS_WIKI_SUPPORTED_LANGUAGES is empty"
echo "TAILS_WIKI_SUPPORTED_LANGUAGES='${TAILS_WIKI_SUPPORTED_LANGUAGES}'" \
>> config/chroot_local-includes/etc/amnesia/environment
......@@ -186,6 +175,7 @@ echo "live-build: `dpkg-query -W -f='${Version}\n' live-build`" \
cat >> config/chroot_local-includes/etc/os-release <<EOF
TAILS_PRODUCT_NAME="Tails"
TAILS_VERSION_ID="$AMNESIA_VERSION"
TAILS_DISTRIBUTION="$TAILS_DISTRIBUTION"
EOF
if echo "$AMNESIA_VERSION" | grep -qs -E '~(alpha|beta|rc)[0-9]*$' ; then
echo 'TAILS_CHANNEL="alpha"' >> config/chroot_local-includes/etc/os-release
......
......@@ -39,8 +39,12 @@ GET_UDISKS_OBJECT_TIMEOUT = 2
# the partition table, reserved sectors, and filesystem metadata.
SYSTEM_PARTITION_ADDITIONAL_SIZE = 10
SYSLINUX_COM32MODULES_DIR = '/usr/lib/syslinux/modules/bios'
# We use the syslinux from the chroot here, because it's the same one
# that will be available to Tails Installer in the running Tails. Using
# the same syslinux version here and in Tails Installer is important to
# prevent issues when upgrading a Tails device via Tails Installer.
CHROOT_SYSLINUX_COM32MODULES_DIR = 'chroot/usr/lib/syslinux/modules/bios'
CHROOT_SYSLINUX_BIN='chroot/usr/bin/syslinux'
class ImageCreationError(Exception):
pass
......@@ -252,7 +256,7 @@ class ImageCreator(object):
com32modules = [f for f in os.listdir(syslinux_dir) if f.endswith('.c32')]
for module in sorted(com32modules):
src_path = os.path.join(SYSLINUX_COM32MODULES_DIR, module)
src_path = os.path.join(CHROOT_SYSLINUX_COM32MODULES_DIR, module)
if not os.path.isfile(src_path):
raise ImageCreationError("Could not find the '%s' COM32 module" % module)
......@@ -269,7 +273,7 @@ class ImageCreator(object):
# device would cause this issue:
# https://bugs.chromium.org/p/chromium/issues/detail?id=508713#c8
execute([
'syslinux',
CHROOT_SYSLINUX_BIN,
'--offset', str(self.partition.props.partition.props.offset),
'--directory', '/syslinux/',
'--install', self.image
......
......@@ -97,7 +97,7 @@ branch_name_to_suite() {
}
fatal() {
echo "$*" >&2
echo "E: $*" >&2
exit 1
}
......
#!/bin/sh
#
# Copy this hook to .git/hooks/pre-commit
# Called by "git commit" with no arguments. The hook should
# exit with non-zero status after issuing an appropriate message if
# it wants to stop the commit.
set -e
set -u
path=$(git rev-parse --show-toplevel)
# If we try to commit po files, check that they do not contain errors.
if ! "${path}/submodules/jenkins-tools/slaves/lint_po" --cached; then
echo
echo "The po files you're trying to commit contain errors. Please fix them and try again."
echo
exit 1
fi
......@@ -22,9 +22,6 @@ AMNESIA_APPEND="live-media=removable nopersistence noprompt timezone=Etc/UTC blo
# Options passed to isohybrid
AMNESIA_ISOHYBRID_OPTS="-h 255 -s 63 --id 42 --verbose"
# Minimal upstream version of syslinux-utils we need
REQUIRED_SYSLINUX_UTILS_UPSTREAM_VERSION="6.03~pre20"
# Kernel version
KERNEL_VERSION='4.19.0-5'
KERNEL_SOURCE_VERSION=$(
......@@ -49,3 +46,6 @@ AMNESIA_FULL_VERSION="${AMNESIA_VERSION} - ${SOURCE_DATE_YYYYMMDD}"
AMNESIA_DEV_FULLNAME='Tails developers'
AMNESIA_DEV_EMAIL="tails@boum.org"
AMNESIA_DEV_KEYID="A490 D0F4 D311 A415 3E2B B7CA DBB8 02B2 58AC D84F"
# Used to set a custom home page if the distribution is UNRELEASED
TAILS_DISTRIBUTION="`dpkg-parsechangelog -SDistribution`"
This diff is collapsed.
......@@ -76,11 +76,6 @@ Package: linux-compiler-* linux-headers-* linux-image-* linux-kbuild-* linux-sou
Pin: release o=Debian,n=sid
Pin-Priority: 999
Explanation: We ship our custom-built Thunderbird for now, see #6156
Package: thunderbird* calendar-google-provider
Pin: origin deb.tails.boum.org
Pin-Priority: 999
Explanation: src:libdrm
Package: libdrm*
Pin: release o=Debian,n=stretch-backports
......@@ -130,6 +125,10 @@ Package: tails-installer
Pin: origin deb.tails.boum.org
Pin-Priority: 999
Package: tor tor-geoipdb
Pin: release o=TorProject,n=tor-experimental-0.4.0.x-stretch
Pin-Priority: 999
Package: virtualbox*
Pin: release o=Debian,n=stretch-backports
Pin-Priority: 999
......
......@@ -119,6 +119,7 @@ Change_gid pulse-access 1200
Change_gid Debian-gdm 1210
Change_gid kvm 1500
Change_gid render 1510
Change_gid Debian-exim 1520
# Finally, give these users and groups the desired UID/GID
Change_uid debian-tor 107
......@@ -143,3 +144,4 @@ Change_gid pulse-access 120
Change_gid Debian-gdm 121
Change_gid kvm 150
Change_gid render 151
Change_gid Debian-exim 152
......@@ -13,7 +13,7 @@ echo "Install the Tor Browser"
# a new browser profile we can simply copy the profile directory
# without duplicating all extensions.
. /usr/local/lib/tails-shell-library/tor-browser.sh
# Import install_fake_package
# Import install_fake_package and strip_nondeterminism_wrapper
. /usr/local/lib/tails-shell-library/build.sh
download_and_verify_files() {
......
......@@ -11,14 +11,9 @@ echo "Localize each supported browser locale"
# Import language_code_from_locale()
. /usr/local/lib/tails-shell-library/localization.sh
# Import strip_nondeterminism_wrapper() and ensure_hook_dependency_is_installed()
. /usr/local/lib/tails-shell-library/build.sh
# Import TAILS_WIKI_SUPPORTED_LANGUAGES
. /etc/amnesia/environment
ensure_hook_dependency_is_installed p7zip imagemagick
BROWSER_LOCALIZATION_DIR="/usr/share/tails/browser-localization"
DESCRIPTIONS_FILE="${BROWSER_LOCALIZATION_DIR}/descriptions"
LOCALE_PROFILES_DIR="/etc/tor-browser/locale-profiles/"
......@@ -81,6 +76,11 @@ while IFS=: read MOZILLA_LOCALE LOCATION; do
"\"${SPELLCHECKER_LOCALE}\"" \
"user_pref"
HOMEPAGE="https://tails.boum.org/home/"
. /etc/os-release # get $TAILS_CHANNEL and $TAILS_DISTRIBUTION
if [ "${TAILS_DISTRIBUTION}" = UNRELEASED ] \
|| [ "${TAILS_CHANNEL:-stable}" != stable ]; then
HOMEPAGE="${HOMEPAGE}testing/"
fi
if echo "${TAILS_WIKI_SUPPORTED_LANGUAGES}" | grep -qw "${LANG_CODE}"; then
HOMEPAGE="${HOMEPAGE}index.${LANG_CODE}.html"
fi
......
#!/bin/sh
set -e
set -u
echo "Patching the Thunderbird account setup wizard"
# Import strip_nondeterminism_wrapper
. /usr/local/lib/tails-shell-library/build.sh
OMNI_JA=/usr/share/thunderbird/omni.ja
/usr/share/tails/build/patch-thunderbird \
"$OMNI_JA" \
/usr/share/tails/build/thunderbird-patches
strip_nondeterminism_wrapper \
--type zip \
--timestamp "$SOURCE_DATE_EPOCH" \
"$OMNI_JA" 2>/dev/null
......@@ -39,6 +39,8 @@ for modules_dir in /lib/modules/*/extra ; do
fi
done
strip --strip-debug /lib/modules/*/extra/aufs.ko
depmod "${KERNEL_VERSION}-${arch}"
rm -r /usr/src/aufs4-standalone
rm -r "/usr/src/linux-source-${KERNEL_SOURCE_VERSION}"
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.all.disable_ipv6 = 1
# Some programs expect the loopback interface to have IPv6 enabled
net.ipv6.conf.lo.disable_ipv6 = 0
......@@ -130,19 +130,6 @@ class PasswordDialog(object):
label_subtitle = Gtk.Label(
label=_("Set up a password to unlock the screen."),
)
label_subtitle.get_style_context().add_class("dim-label")
label1 = Gtk.Label(
label=_("Password"),
xalign=1
)
label1.get_style_context().add_class("dim-label")
label2 = Gtk.Label(
label=_("Confirm"),
xalign=1
)
label2.get_style_context().add_class("dim-label")
self.entry1 = Gtk.Entry(
can_focus=True,
......@@ -159,8 +146,8 @@ class PasswordDialog(object):
self.entry2.connect("changed", self.on_entry_changed)
grid = Gtk.Grid(row_spacing=2, column_spacing=10)
grid.attach(label1, 0, 0, 1, 1)
grid.attach(label2, 0, 1, 1, 1)
grid.attach(Gtk.Label(label=_("Password"), xalign=1), 0, 0, 1, 1)
grid.attach(Gtk.Label(label=_("Confirm"), xalign=1), 0, 1, 1, 1)
grid.attach(self.entry1, 1, 0, 1, 1)
grid.attach(self.entry2, 1, 1, 1, 1)
......
......@@ -270,9 +270,8 @@ class Volume(object):
None) # cancellable
unmounted_at_least_once = True
except GLib.Error as e:
if "org.freedesktop.UDisks2.Error.NotMounted" in e.message:
if not unmounted_at_least_once:
logger.warning("Failed to unmount volume %s: %s", self.device_file, e.message)
# Ignore "not mounted" error if the volume was already unmounted
if "org.freedesktop.UDisks2.Error.NotMounted" in e.message and unmounted_at_least_once:
return
raise
......@@ -322,8 +321,16 @@ class Volume(object):
loop.call_set_autoclear_sync(True,
GLib.Variant('a{sv}', {}), # options
None) # cancellable
self.unmount()
self.backing_volume.lock()
try:
self.unmount()
self.backing_volume.lock()
except GLib.Error as e:
# Translators: Don't translate {volume_name} or {error_message},
# they are placeholder and will be replaced.
body = _("Couldn't lock volume {volume_name}:\n{error_message}".format(volume_name=self.name,
error_message=e.message))
self.manager.show_warning(_("Error locking volume"), body)
return
def on_unlock_button_clicked(self, button):
logger.debug("in on_unlock_button_clicked")
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment