Commit 3c5e223b authored by sajolida's avatar sajolida
Browse files

Merge remote-tracking branch 'origin/master' into stable

parents b9a791d8 c95e47a1
......@@ -111,6 +111,7 @@ Running GUI applications in containers
* [GNOME sandboxed
applications](https://wiki.gnome.org/Projects/SandboxedApps), aka.
`xdg-app`; their concept of "portals" is very interesting.
- [GNOME Developer Experience hackfest: xdg-app + Debian](http://smcv.pseudorandom.co.uk/2016/xdg-app/)
* <http://pleonasm.info/blog/2012/10/privilege-separation-with-xpra/>
* [docker-desktop](https://github.com/rogaha/docker-desktop)
* Stéphane Graber's [LXC 1.0 blog post
......
[[!toc levels=1]]
# Linux dependencies
The current Tails Installer version (<https://git-tails.immerda.ch/liveusb-creator/>)
has considerable changes when compared with the upstream Fedora liveusb-creator
(<https://git.fedorahosted.org/cgit/liveusb-creator.git>).
The current package dependencies for the Tails Installer in Linux are:
* dosfstools
* gdisk
* genisoimage
* gir1.2-glib-2.0
* gir1.2-gtk-3.0
* gir1.2-udisks-2.0
* mtools
* p7zip-full
* policykit-1
* python-configobj
* python-gi
* python-urlgrabber
* syslinux
If we list the set of requirements for each important source file then we have:
### \_\_init\_\_.py
import gettext
if sys.platform == 'win32':
import gettext_windows
gettext_windows.setup_env()
### creator.py
if 'linux' in sys.platform:
import gi
gi.require_version('UDisks', '2.0')
from gi.repository import UDisks, GLib
Commands:
* syslinux
* sgdisk
* dd
* dosfslabel
* e2label
* extlinux
* pkexec
* mkdiskimage
* sync
### gui.py
from gi.repository import Gdk, GLib, Gtk
urlgrabber
In general GTK3
### launcher.py
from gi.repository import Gtk
### utils.py
if 'linux' in sys.platform:
from gi.repository import GLib
# Alternatives for Windows:
If we make a diff of the Windows class section in the "creator.py" source file,
comparing the current Tails version and the upstream version like this:
git difftool remotes/origin/master:tails_installer/creator.py remotes/b/master:liveusb/creator.py
we can see that the changes are not so big, at least in the raw Windows tools used.
These tools are basically, the Python win32 interfaces:
import win32file, win32api, pywintypes
and set of third parties tools listed here:
<https://git-tails.immerda.ch/liveusb-creator/tree/tools>
There are other tools that would be possible to explore like:
<https://labs.riseup.net/code/issues/10984>
As a conclusion, the biggest difference in the current Tails version is the usage
of the Python interface for GTK3 (PyGI). The tools/libraries for Windows used in
the current upstream liveusb-creator version seem in principle like the same
used for Tails right now, except for the GUI parts.
In the next section a proposed solution for porting applications using this library
for Windows is described.
# PyGI windows executable
I managed to create a native windows executable for a test Python/GI program under Windows 8.1
......
......@@ -46,15 +46,83 @@ Everything in this report can be made public.
This is not a security problem in Tails since we drop non-Tor
traffic by default, but for this very reason in breaks the
functionality of the autoconfig wizard in the context of Tails.
We started to write a proof-of-concept patch to fix this bug.
We started to write a proof-of-concept patch to fix this bug which
will be submitted upstream in February.
In order to improve Icedove's security in Tails and avoid unforeseen exploits,
we started evaluating an AppArmor profile for Icedove ([[!tails_ticket 10750]]).
We've asked the author to submit it upstream where it's now waiting to be merged.
In the meantime, we will ship this profile in Tails on our own.
## A.1.6. Release Icedove in Tails
Icedove was made the default email client in Tails 1.8 (December 15)
and Claws Mail was removed from Tails in version 2.0 (January 26).
# B. Improve our quality assurance process
## B.1. Automatically build ISO images for all the branches of our source code that are under active development
In January, **757 ISO images** were automatically built by our Jenkins
instance.
We worked on designing and implementing a workaround for an issue in our
autobuild setup: it sometimes happens that a build fails and leaves its
temporary directories. The subsequent builds happening on the same
system then always fail as they lack room in the /tmp/ directory.
([[!tails_ticket 10772]])
## B.2. Continuously run our entire test suite on all those ISO images once they are built
In January, **757 ISO images** were tested by our Jenkins instance.
## B.3. Extend the coverage of our test suite
* B.3.11. Fix newly identified issues to make our test suite more robust and faster
- We've marked some more scenarios as fragile, as we noticed there
were still some false positives ([[!tails_ticket 10863]]):
Encrypting and signing a message using an OpenPGP key
([[!tails_ticket 10991]])
OpenPGP applet key selection window badly handled
([[!tails_ticket 10992]])
Viewing and printing a PDF file ([[!tails_ticket 10994]])
# C. Scale our infrastructure
## C.2. Be able to detect within hours failures and malfunction on our services
We're still working on the prototype and it now has a setup for all the
checks we ranked in the blueprint as critical. ([[!tails_ticket 8650]])
This helped us to check how the chosen software is corresponding to the
requirements we defined. An implementation has been proposed.
([[!tails_ticket 8645]])
## C.4. Maintain our already existing services
We kept on answering the requests from the community as well as taking
care of security updates as covered by "C.4.4. Administer our services
up to milestone IV" and "C.4.5. Administer our services up to milestone
V" until the end of January.
A design to administer our new monitoring machine with puppet has been
proposed. ([[!tails_ticket 10760]])
# D. Migration to Debian Jessie
## D.4.1. Document the changes implied by the move to Jessie on our website
Most of our documentation has been updated to Jessie. For example we
rewrote entirely the [[introduction to
GNOME|doc/first_steps/introduction_to_gnome_and_the_tails_desktop]].
While reworking these pages we also simplified and improved some of
the oldest parts of our documentation.
The update of our documentation to GNOME Disks 3.12 was drafted but
not merged yet. The good news is that this process involves new
contributors who wrote documentation for Tails for the first time.
# E. Release management
Welcome to the tails-greeter GSoC'2011 project's blog!
### Update:
Build takes ages, spits several errors like:
"ERROR: ld.so: object '/usr/lib/libeatmydata/libeatmydata.so' from LD_PRELOAD cannot be preloaded: ignored"
but successfully produce .iso
#### Current status:
back on track.
#### Near-future plans:
whine until I have access to build-server more powerful than my ancient laptop :-)
[[!meta date="Mon May 9 02:02:02 2011"]]
This is the 1st in a series of bi-weekly reports which will follow alongside the implementation of tails-greeter project.
#### Current progress:
- created design document as subpage for TailsGreeter on wiki
- tried building tails iso
#### Problems:
- build fails with various problems on different machines
- build requires root privileges (upstream problem with live-build, see http://live.debian.net/devel/live-build/todo/ entries for "core")
#### Near-future plans:
- investigate and fix abovementioned problems
- read on .deb packaging
- read on vala (development environment setup and code samples)
#### Additional notes:
This entry will serve as a small test for unicode support of ikiwiki as well - see the numbering in heading :)
[[!meta date="Fri Jul 29 02:02:02 2011"]]
## Current progress:
- verify that locale is correctly applied to gnome-session and fix if it isn't - DONE.
- fix layout widget loading - DONE.
- obtain list of kb layouts and variants available (via python-xklavier) - postponed.
- populate layout widget with kb variants - postponed.
- apply correct layout after it's been chosen (both to present and following greeter widgets and to actual session) - postponed.
- verify that layout switching works after login - postponed.
- Add option to skip all the greeter screens and immediately login with default settings - DONE.
- Convey necessary env. variables to gnome session.(echo "VARIABLE=value" >> /etc/amnesia/environment or via /etc/gdm3/PostLogin/)
- capitalize 1st letter of (latin) language names (e. g. English vs english) - DONE.
- version tag and update - DONE.
## Problems:
- ISP failure which caused lack of regular updates and report delay
- it's impossible to set env. vars via /etc/gdm3/PostLogin/ - it's writable by root only and greeter is running as 'gdm-user' account
- python-xklavier bindings are incomplete: the most needed function "search_by_pattern" is unavailable.
## Near-future plans:
- find a way to overcome python-xklavier limitations
- Next week plans.
## Additional notes:
- Right now layout widget is dummmy: only "next" button is working.
- The language choice is applied to session semi-correctly: if there are several country locales correspond to one language (for examle French is Belgium, France etc) than one of them is picked seemingly random. Once there is workaround for xklavier issue than it'll be user choice made based on layout widget.
[[!meta date="Fri Aug 5 02:02:02 2011"]]
## Current progress:
- obtain list of kb layouts and variants available (via python-xklavier) - DONE.
- populate layout widget with kb variants - DONE.
- merge feature/better_root_access_control branch - DONE.
- apply correct layout after it's been chosen (both to present and following greeter widgets and to actual session) - postponed.
- verify that layout switching works after login - postponed
- version tag and update - DONE.
## Problems:
- tails-greeter is run under gdm's account but altering gdm PostLogon files (to set env variables) or locale compilation via localedef require root privileges.
- xklavier set and check layout without errors but it doesn't affect greeter nor following session.
- better_root_access_control feature requires env. variable to be set which is not possible yet.
## Near-future plans:
- wait for answer from gdm and xklavier devs to figure out workarounds for current problems
- replace 2 widgets with 1 panel with same functionality
- test the result with tails
## Additional notes:
- right now there are 2 "screens" which user moves through by pressing "next" button. That's rather ugly and is planned to be replaced with one of the following:
1) single "screen" with requests for both at the same time
2) 2 "screens" with language and layout requests on first one and admin password request on second one
- Which do you think is better and why?
- Please feel free to discuss it on irc this Saturday during regular meeting time or whenever you'll see max-gsoc
## Current progress:
0. write password for config/chroot_local-includes/usr/local/sbin/set-user-password
to file - DONE.
0. alter set-user-password to use password from file - DONE.
0. merge language and layout widget to single panel - DONE.
0. write locale name for localedef to file - DONE.
0. add locale generator which uses data from file - DONE.
0. fix layout selection for greeter session - DONE.
0. add double password entry to prevent typos - DONE.
0. use SelectLayout in GDM - DONE.
0. add layout selection to panel - DONE.
0. use separate layouts for greeter and for user session - DONE.
0. display panel and password widget on the same screen - DONE.
0. add layout indicator to greeter - DONE.
0. properly generate list of available layouts - in progress
0. version tag and update - DONE.
## Problems:
Generation of layout list based on language or locale is incomplete - it works only
for some well-tested cases (e. g. Русский). More testing required for other languages
and general code refactoring needed as well.
## Near-future plans:
0. Finish layout generation code.
0. Update documentation.
0. Other plans from timeline.
## Additional notes:
Please test how it works for YOUR favorite language.
The GSoC is almost over - next week is the time for final wrap-ups.
## Current progress
0. refactor layout generation code - DONE.
0. disable admin rights for empty password - DONE.
0. add layout variant selection - DONE.
0. use selected variant for greeter and session layout - DONE.
0. add variant to layout indicator - DONE.
0. make session layout selection enforce greeter layout selection - DONE.
0. make session layout variant selection enforce greeter layout variant selection - DONE.
0. make sure panel width fits the screen - DONE.
0. pre-select locale based on language - DONE.
0. correct UI phrasing - DONE.
0. show country name instead of code (e. g. Russia vs. ru_RU) - DONE.
0. update translation instructions - DONE.
0. add ability to use any layout regardless of language\locale choice - postponed
0. fix entry field width - postponed
0. fix polkit & sudo configuration - testing required
0. test with TAILS VM - in progress
0. document latest design changes - in progress
0. version tag and update - DONE.
## Problems
0. Glade seems pretty counter-intuitive: it's unclear how to make gtk window (parent) auto-resize when it's content (gtk entry inside gtk table) have expanded.
0. Proposed addition to add selection of any layout will require list which is even bigger than language list (which is currently considered unusable due to its size) - it's unclear how to do it right in UI. Addition is justified by following use-case example: Italian speaking person running TAILS on computer with Norwegian kb layout and would like to have Italian locale but Norwegian layout to match hardware at hands.
0. Hardcoded username and password prevent using tails-greeter 2nd time. Switch to gdm's autologin functionality is required.
## Next week plans
0. Document all the known issues. Create pages according to bug-reporting guideline.
0. Try to fix some of them.
0. Consume questionable substances - celebrate GSoC completion.
[[!meta date="Mon May 23 02:02:02 2011"]]
## Current progress
- git repositories ready (or, frankly, I feel ready to use them :)
- tried debian packaging and it seems to work ("seems" because it's readily available packages, not my own code yet)
- found example dbus implementation of greeter interface in python:
<http://doctormo.org/2011/04/12/how-to-make-a-gnome-login-screen-in-python/>
- walked through vala code samples for dbus & GUI
## Problems
- university workload increased, will post corresponding changes to schedule soon
- GDM's interfaces are not so well documented
## Near-future plans
- official coding start
- pick build system (scons? cmake? autotools?), in a mean time will use plain old makefile
- iron-out workflow (code, test, commit, build, report sequence)
[[!meta date="Fri Jun 3 02:02:02 2011"]]
## Current progress
- project language switch vala -> python
- main reason: working example made in python dy doctormo
- big repo update: with 'upstream' branch for doctormo's code and 'master' branch for actual development
## Problems
- scm conversion with 'taylor' failed so dumb import of entire bzr tree is performed
- university workload spike started earlier than anticipated
## Near-future plans
- mange university workload
- make .deb for doctormo's code
- integrate .deb building with git
## Note:
Next week will be mostly dedicated to exam, presentation and other university activities - hence tiny plans for it.
[[!meta date="Mon Jun 13 02:02:02 2011"]]
## Current progress
- mostly work on university projects so minor fixes and updates only
- weekly meeting follow-up - multiple wiki updates
- review existing python code & glade interfaces
- gdm-community-greeter forked into tails-greeter
- filed RFP for gtkme [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629199]] - dependency for tails-greeter
- pbuilder fix: git-buildpackage successfully builds from 'master' granch
- run community-greeter in VM: partially done - see below
## Problems
- installation into debian-squeeze is fine but got runtime error due to old python-gobject package, no backports found so .deb changed to prevent installation with unsopported version
- check with debian-sid - installation is fine after dependency correction for gir1.0-gtk-2.0 -> gir1.2-gtk-2.0 but autostart failed for unknown reason
## Near-future plans
- complete VM testing
- play with d-feet dbus debugger
- alter python code with dummy 'admin password requestor'
- check if current localization handling is suitable for tails-greeter
- make plans for next week
[[!meta date="Mon Jun 20 02:02:02 2011"]]
## Current progress
- convert tails-greeter to old-style pygtk to remove pygi dependecy: [in progress]
- re-test converted version with squeeze: [done, test failed]
- check if current localization handling is suitable for tails-greeter: [postponed]
- make plans for next week: [done]
## Problems
- proper procedure for version increase
- errors with dbus after conversion: access-denied on dbus call
- dpkg-divert required for proper testing
- need easy way to run python syntax quick check on entire file
## Near-future plans
- add dpkg-divert functionality to .deb
- fix errors found after conversion
- run external (placeholder) program with adequate parameters on language change (locale generation for example)
- alter python code with dummy 'admin password requestor'
- add tails-greeter.deb into tails.git (main) repo
- add note that it's dangerous to install tails-greeter.deb :)
[[!meta date="Fri Jun 24 02:02:02 2011"]]
## Current progress
0. fix errors reported by pylint - DONE (some errors still there).
0. bump version properly (git push --tags; git-dch --git-author) - DONE.
0. add pylint conf to ignore dbus-related false positives - DONE (might hide real errors too).
0. fix language selector so it's shown and work properly - DONE (.po translations are incomplete).
0. check if current localization handling is suitable for tails-greeter - DONE (seems ok if locales are known at the time of package build).
0. run external (placeholder) program with adequate parameters on language change (locale generation for example) - POSTPONED.
0. wiki updates (testing instructions and overall status) - DONE.
0. lintian tails-greeter.deb (using .changes file too) - DONE (no errors reported).
0. make login possible - IN_PROGRESS.
0. add .deb into tails repo - BLOCKED by previous item.
0. make .iso build (if packages testing-ready) - BLOCKED by previous item.
## Problems
BeginAutoLogin works as expected but interfacing with existing GdmGreeter to send it at the right moment seems trick.
Documentation complete absent so will have to talk directly with the developer about it.
## Near-future plans
0. relocation to another country
0. fixes\updates\minor items which were postponed for whatever reason
[[!meta date="Tue Jun 28 02:02:02 2011"]]
## Current progress
0. change widget to fit many more languages: from flag icons to scrollable list - partially done (dummy widget only, no python code yet).
0. make .iso build - not done.
0. specify dbus interface to interact with external locale-gen script - not done (see 'Problems' below).
0. change widget exec order (parallel->sequential) to comply with "localization notes" part of [[todo/TailsGreeter/design]] - not done (see 'Problems' below).
## Problems
0. relocation to another country.
0. .iso build fails due to problems with underlying fs, fix testing is in progress.
0. the widget exec order is hardcoded into community-greeter.py so this change requires more time than it was anticipated during previous planning.
0. interaction with locale-gen script require rewrite of the d-bus code in services.py which cannot be completed during this week as well.
## Near-future plans
0. rewrite d-bus handling in service.py
0. change widget exec order (rewrite community-greeter.py)
0. substitute LanguageWindow widget with LangselectWindow
0. setup squid-deb-proxy to speed-up live-build
0. remainder of week #6 plans from [[todo/TailsGreeter/timeline]]
[[!meta date="Fri Jul 8 02:02:02 2011"]]
## Current progress
0. [Mon.] change widget exec order (parallel->sequential) to comply with "localization notes" part of [[todo/TailsGreeter/design]] - DONE.
0. [Mon.] setup squid-deb-proxy - DONE.
0. [Mon.] make .iso build - DONE.
0. [Tue.] change widget to fit many more languages: from flag icons to scrollable list - DONE.
0. [Wed.] (re)generate .po with (dummy) translations (to show that language change is actually working) - DONE.
0. [Wed.] populate the list of supported languages in the widget from gnome-desktop-data package languages or dpkg-reconfigure locales (see gdm_get_all_language_names function for example) - DONE (with external helper script).
0. [Thu.] 'subprocess': run external (locale-gen) program with adequate parameters on language change and wait for its completion before allowing logon - in progress.
0. update tails-greeter.deb package - in progress.
0. propose rough plans / estimates for all the remaining weeks - postponed.
## Problems
0. Current implementation uses gtk's ComboBox for the list of languages. Switching to scrollable list (similar to debian-installer) might require to scale better to bigger number of languages but it will take a bit more efforts to integrate it with gtkme wrapper.
0. Pygtk functions for window.show() and window.hide() do not work as expected - sometimes window which supposed to be hidden remain visible despite successful gtk property change. Right now the workaround is to call window.destroy() however this might not scale that well if we will have multiple windows with complex interactions in between in future. To summarize: worth investigating but not top priority at the moment.
0. Right now language list is presented to user based on the locales available in the system (e. g. those chosen via 'dpkg-reconfigure locales' for example). Those might be unsupported by available tails-greeter translations. And vice-versa: there might be tails-greeter translation which doesn't correspond to any system locale. Those situations got to be carefully tested and handled gracefully.
0. Current implementation uses subprocess' calls to run locale generation from autologin widget - it should be moved to upper layer - to the greeter itself: it will be easier to incorporate other widgets this way.
0. There are several ways to obtain list of supported locales in gdm/gui/simple-greeter/gdm-languages.c (including locale.alias file, gdm's locale-archive and system-wide locale-archive). Similar logic should be incorporated into tails-greeter. It's worth investigating if it's feasible to engage gdm code using ctypes for example.
## Near-future plans
0. Complete .iso build and tests, push new tails-greeter.deb if the tests are successful.
0. Investigate things listed in 'problems' section above
0. Implement plans for next week #7
## Additional notes
0. Right now language choice is applied only after user have pressed 'forward' button - it would look nicer if it's done immediately upon selection.
0. Language list should contain language's own name (e. g. 'Русский' for 'Russian') instead of current 2-letter code.
Those should be included into plans for some of the upcoming weeks.
[[!meta date="Fri Jul 15 02:02:02 2011"]]
## Current progress
0. populate language list using list of available locales in /usr/share/i18n/SUPPORTED - DONE.
0. supply parameter as 'en' (or smth else suitable for locale generation - investigate) to locale-gen - DONE.
0. Language list should contain language's own name (e. g. 'Русский' for 'Russian')
instead of current 2-letter code - DONE.
0. translate language widget too (move lang choice handler from button_clicked to list_choice)
0. Move locale-gen interaction to greeter from widget - DONE.
0. cleanup commented\old\dead code - DONE.
0. obtain list of kb layouts available (via python-xklavier)
0. use existing code/UI from d-i/anaconda/ubuntu installer/ for language chooser if possible - partially done (PyICU utilized).
0. apply correct layout after it's been chosen (both to present and following greeter widgets and to actual session)
## Problems
0. Some of the 'native' language names are not displayed correctly due to missing characters in the fonts (standard unicode squares shown instead). It's unclear how to filter them out because there are no actual errors shown in python.
0. The language list is fairly long: maybe some of the exotic languages could be filtered or black-listed before list population?
0. It's yet unclear how to pass information to the session initiated by gdm: especially how to set env. variable and apply language & layout settings - probably there are some dbus hooks available.
0. xklavier and ICU seems like the right way to work with language and layout data but there is no obvious way to reuse code from installers (anaconda, d-i) directly.
## Near-future plans
0. Make widget for layout choice and populate it with data obtained via xklavier.
0. Create version suitable for .iso build and test.
0. Next week plans.
## Additional notes