Commit 523e99df authored by sajolida's avatar sajolida
Browse files

Merge remote-tracking branch 'origin/master'

parents aa78268e 5b7afffc
......@@ -311,7 +311,11 @@ The IUK size is involved in at least four concerns:
`config/chroot_local-includes/usr/local/bin/tails-upgrade-frontend-wrapper`)
so the upgrade would fail. This is a regression for users with 2 GB
memory: for all of 2.x and 3.x, all IUKs have been under 400 MB,
which would work fine with 2 GB of memory.
which would work fine with 2 GB of memory. If that's a blocker, then
we have to solve it by changing the format of the IUKs
([[!tails_ticket 6876]]); we should coordinate this with other changes
that will break automated upgrades from Tails N to N+1, such as
Tails 4.0 and the migration to overlayfs ([[!tails_ticket 9373]]) .
* Bandwidth needs of the RM. Uploading 10 GB of IUKs can be a pain for
some of us, but that can easily be solved by making it possible to
generate IUKs on lizard (and then compare them with the ones you
......
......@@ -3,7 +3,9 @@ Also tracked by ticket: [[!tails_ticket 10181]]
What's the problem
------------------
some ideas/suggestions:
We want the Tails community to be diverse. In order to achieve this, our documentation should be the most welcoming possible, to all spectra of gender and provide the same openness in all translations. Also see [Debian's diversity statement](https://www.debian.org/intro/diversity).
Some ideas/suggestions:
* Can we measure how severe the problem is?
......
# /dev/random and /dev/urandom radomness seeding in Tails
/dev/random and /dev/urandom are special Linux devices that provide access from
user land to the Linux kernel Cryptographically Secure Pseudo Random Number
Generator (CSPRNG). This generator is used for almost every security protocol,
like TLS/SSL key generation, choosing TCP sequences, ASLR offsets, and GPG key
generation [1]. In order for this CSPRNG to be really cryptographically secure,
it's recommended to seed it with a 'good' entropy source, even though The Linux
kernel collects entropy from several sources, for example keyboard typing,
/dev/random and /dev/urandom are special Linux devices that provide
access from user land to the Linux kernel Cryptographically Secure
Pseudo Random Number Generator (CSPRNG). This generator is used for
almost every security protocol, like TLS/SSL key generation, choosing
TCP sequences, ASLR offsets, and
[https://eprint.iacr.org/2006/086.pdf](GPG key generation) . In order
for this CSPRNG to indeed be cryptographically secure, it's recommended
to seed it with a 'good' entropy source, even though The Linux kernel
collects entropy from several sources, for example keyboard typing,
mouse movement, among others.
Because of the Tails nature of being amnesic, and run from different type of
live devices (from DVDs to USB sticks), special care must be taken to ensure
the system still gets enough entropy and boots with enough randomness. This is
not easy in the Tails context, where the system is almost always booting the
same way. Even the squashfs file is ordered to optimize boot time.
Although these problem have been documented since a long time (see [7] and
[8]), there's not much done to tackle the problem. We looked at notes and
research from LiveCD OS's and supply them here for completements sake. Whonix
has a [wiki page](https://www.whonix.org/wiki/Dev/Entropy) with some notes, and
Qubes has tickets about this ([3],[4],[5] and [6]).
Because of Tails' feature of being amnesic, and run from different types
of live devices (from DVDs to USB sticks), special care must be taken to
ensure the system gets enough entropy and boots with enough randomness.
This proves to be hard within the Tails context, where the system is
almost always booting the same way. Even the squashfs file is ordered to
optimize boot time.
Although these problems have been documented since a long time (see
[https://www.av8n.com/computer/htm/secure-random.htm] and
[http://www.av8n.com/computer/htm/fixup-live-cd.htm]), there's not much
done to tackle the problem. We looked at notes and research from LiveCD
OS's and supply them here for completeness' sake. Whonix has a [wiki
page](https://www.whonix.org/wiki/Dev/Entropy) with some notes, and
Qubes has tickets about this
[http://wiki.qubes-os.org/trac/ticket/673](Qubes 673),
[https://github.com/QubesOS/qubes-issues/issues/1311](Qubes 1311),
[https://groups.google.com/forum/#!msg/qubes-devel/Q65boPAbqbE/9ZOZUInQCgAJ](Qubes devel),
[https://groups.google.com/forum/#!topic/qubes-devel/5wI8ygbaohk](Qubes devel).
## Current situation
See the related [[design document|contribute/design/random]]
Tails do not ship /var/lib/urandom/random-seed in the ISO, since it means
shipping a fixed known value for every Tails installation which means its
entropy contribution is zero, and breaks reproducibility of the ISO image.
Tails does not ship /var/lib/urandom/random-seed in the ISO, since it
means shipping a fixed known value for every Tails installation, which
in turn means that entropy contribution would zero. Furthermore, this
breaks reproducibility of the ISO image.
Without this random seed, systemd-random-seed won't write anything to
/dev/urandom, so we rely purely on the kernel CSPRNG and current system entropy
......@@ -39,8 +49,8 @@ Tails ships Haveged and rngd since a while. Still there are concerns about
Haveged's reliability to provide cryptographically secure randomness, and rngd
is only really useful when random generator devices are used.
Taking other measures to seed the Linux Kernel CSPRNG with good material is
something worst spending efforts on.
Taking other measures to seed the Linux Kernel CSPRNG with good material seems
worth spending efforts on.
## Use cases
......@@ -55,33 +65,33 @@ add one.
On the other hand, that's not the installation method we want to support the
most, and probably not the most used when people want to secure other
communication types than HTTPS (e.g persistence is very usefull for OpenPGP key
communication types than HTTPS (e.g persistence is very useful for OpenPGP key
storage and usage, chat account configuration, ...).
So we may eventually just document somewhere to users that they MUST NOT use
this type of installation if they want to rely on good cryptograpy for their
this type of installation if they want to rely on good cryptography for their
communications and key generation, or that they should wait after having
interacting a long (but hard to define) time with the system so that it had time
interacted a long (but hard to define) time with the system so that it had time
to collect entropy, and does not rely on the CSPRNG, Haveged and rngd only.
We could also add some kind of notification to users when entropy gets too low,
or just saying them that the way they use Tails is not compatible with strong
or just tell them that the way they use Tails is not compatible with strong
cryptography.
### Intermediary USB
This type of installation is supposed to be used when people are installing
Tails from another OS (except Debian and Ubuntu, where they can use the Tails
installer). In most case, this means having a bit by bit copy of the Tails ISO
installer). In most cases, this means having a bit-by-bit copy of the Tails ISO
on the USB stick, except for Windows where we ask to use the [Universal USB
Installer](http://www.pendrivelinux.com/universal-usb-installer-easy-as-1-2-3/)
In this case the situation is pretty much the same than with the DVD one. No
seed, and adding one is very difficult if not impossible (except with the
seed. And adding one is very difficult if not impossible (except with the
Windows installation where we may ask upstream to implement that in the
Universal USB Installer, but well...).
That's also not really the way we encourge users to use Tails, so as with DVD
That's also not really the way we encourage users to use Tails, so as with DVD
there's maybe no point to fix the situation here, and the same workaround could
be applied (document it).
......@@ -92,10 +102,11 @@ That's supposed to be the standard way to use Tails.
Note that in this case, there are two situations: booting this installation
with persistence enabled, and without.
It is worth noting too that the first time this Tails installation is booted,
most of the time the first step is to configure persistence, which means
creating an encrypted partition. At this step though, there is at the moment
probably very little entropy, so this may weaken the LUKS volume encryption.
It is worth noting that the first time this Tails installation is
booted, most of the time the first step is to configure persistence,
which means creating an encrypted partition. At this step though, there
is probably very little entropy at this moment, which may weaken the
LUKS volume encryption.
### Virtual Machines
......@@ -120,6 +131,9 @@ partition is created.
### Use the Tails installer to create a better seed [[!tails_ticket 11897]]
Note that we'll likely soon distribute a USB image and won't use Tails
installer anymore for creating Tails devices. [[!tails_ticket 15292]]
Tails installer can be used on Debian and Ubuntu, and is the tool people
running OSX or Windows are told to use to install their final Tails
USB stick with, by using an intermediary Tails to create the final USB.
......@@ -128,32 +142,34 @@ Tails installer could store a seed in the FAT filesystem of the system
partition. That would workaround this first boot problem not handled by the
persistence option.
We can't sadly update this seed while running Tails, as mounting RW the system
We sadly can't update this seed while running Tails, as read-write mounting the system
FAT partition during a Tails session does not work. So the question whether updating it
or not is open.
If we want to do so, we'll have to update it at the system shutdown. This will
mean remount this partition, write the new random seed, then unmount it and
start the shutdown of the system. Obviously we can do this only in normal
shutdown process, and will have to avoid it in emergency shutdown mode.
shutdown process, and we'll have to avoid it in emergency shutdown mode.
We may alternatively not update it, and use it only when the persistence is not
enabled. That would still be a unique source of entropy per Tails installation,
so that would be a better situation that the current one.
so that would be a better situation than the current one.
One drawback: this would break the ability to verify this system partition with
a simple shasum operation.
### Use stronger/more entropy collectors [[!tails_ticket 5650]]
As already stated, Tails run Haveged, and rngd (since 2.6 for the later).
As already stated, Tails runs Haveged, and rngd (since 2.6 for the later).
We may want to add other sources though, given there are concerns about Haveged,
and rngd starts only when a hardware RNG is detected, which is not so often the
case.
XXX: It would be nice to have a study (read: a survey of packages, etc) of all the
useful entropy gathering daemons that might be of use on a Tails system. (and have this tested on computers with/without intel rng or things like an entropykey)
XXX: It would be nice to have a study (read: a survey of packages, etc)
of all the useful entropy gathering daemons that might be of use on a
Tails system. (and have this tested on computers with/without intel rng
or things like an entropykey)
An evaluation of some of them [has been done
already](https://volumelabs.net/best-random-data-software/)
......@@ -167,43 +183,43 @@ Possible candidates:
* randomsound: probably a bad idea in the Tails context as we're discussing a
Greeter option to deactivate the microphone.
### Block booting till enough entropy has been gathered
### Block booting until enough entropy has been gathered
One way to ensure Tails is booting with enough entropy would be to block during
the boot if the system is lacking of it.
One way to ensure Tails is booting with enough entropy would be to block
the boot while the system is lacking it.
But this brings questions about how to interact correctly with the users,
as blocking without notifications would be terrible UX. Also Tails boot time is
a bit long already, and this may grow it quite a bit more again.
XXX: So before going on, we need a bit more data about the state of the entropy when
Tails boot, specially now that we have several entropy collector daemons. It may
very well be that this case do not happen anymore. And if it is, we need to know
on average how much time that blocking would last. [Sycamoreone] [[!tails_ticket
Tails boots, especially now that we have several entropy collector daemons. It may
very well be that this case does not happen anymore. And if it does, we need to know
on average how much time that blocking would last. [[!tails_ticket
11758]]
### Regulary check available entropy and notify if low
An idea that has been mentioned several time is to have a service that
check if the available entropy is high enough, and notify the user if
it's not the case. One downside, is that observing the entropy pool costs
An idea that has been mentioned several times is to have a service that
checks if the available entropy is high enough, and notifies the user if
it's not the case. One downside is, that observing the entropy pool costs
randomness, so this may have to be implemented with care or is worth
discussing/researching the costs/benefits.
## Also see
* [Schleuder thread about haveged](https://0xacab.org/schleuder/schleuder/issues/194)
* The
[federal office for IT security in Germany analysed the rng in linux kernel 4.9 and all changes made up to 4.17](https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/LinuxRNG/LinuxRNG_EN.pdf?__blob=publicationFile&v=10).
* [checking for available entropy](https://salsa.debian.org/tookmund-guest/pgpcr/issues/16)
## Related tickets
This is about [[!tails_ticket 7642]], [[!tails_ticket 7675]],
[[!tails_ticket 6116]], [[!tails_ticket 11897]] and friends.
## References
* [1] <https://eprint.iacr.org/2006/086.pdf>
* [2] <https://eprint.iacr.org/2013/338.pdf>
* [3] <http://wiki.qubes-os.org/trac/ticket/673>
* [4] <https://github.com/QubesOS/qubes-issues/issues/1311>
* [5] <https://groups.google.com/forum/#!msg/qubes-devel/Q65boPAbqbE/9ZOZUInQCgAJ>
* [6] <https://groups.google.com/forum/#!topic/qubes-devel/5wI8ygbaohk>
* [7] <https://www.av8n.com/computer/htm/secure-random.htm>
* [8] <http://www.av8n.com/computer/htm/fixup-live-cd.htm>
* [9] <https://www.python.org/dev/peps/pep-0506/>
* [10]<https://docs.python.org/2/library/os.html#os.urandom>
## More references
* <https://eprint.iacr.org/2013/338.pdf>
* <https://www.python.org/dev/peps/pep-0506/>
* <https://docs.python.org/2/library/os.html#os.urandom>
......@@ -328,11 +328,11 @@ just appeared:
After a new Tails release is out
--------------------------------
If you just put out a final release:
### If you just put out a final release
* [[merge `stable` or `testing` into
`devel`|APT_repository/custom#workflow-merge-main-branch]]
* increment the version number in devel's `debian/changelog` to match
* increment the version number in `devel`'s `debian/changelog` to match
the next major release, so that
next builds from the `devel` branch do not use the APT suite meant
for the last release:
......@@ -356,20 +356,6 @@ If you just put out a final release:
git commit debian/changelog \
-m "Add dummy changelog entry for ${NEXT_PLANNED_MINOR_VERSION:?}."
If you just released a RC (XXX: please automate these steps during the
3.2~rc1 release process, based on the above commands):
* add a dummy changelog entry (for the upcoming, non-RC version) in
the branch used for the release (`stable` or `testing`), so that the
next builds from it do not use the APT suite meant for the RC
* add a dummy changelog entry (for the release *after* the one you
released a RC for) in the branch used for the release (`stable` or
`testing`), so that the next builds from it do not use the APT suite
meant for the RC (XXX: I don't understand what this is about; is it
instead about adding an entry for that release on the `devel`
branch? -- intrigeri)
If the release was a major one, then:
1. [[Hard reset the stable APT suite to
......@@ -382,6 +368,30 @@ If the release was a major one, then:
git commit config/APT_overlays.d/ \
-m "Empty the list of APT overlays: they were merged"
### Else, if you just released a RC
* increment the version number in `debian/changelog` on the branch
used for the release, to match the upcoming non-RC release, so that
the next builds from it do not use the APT suite meant for the RC:
cd "${RELEASE_CHECKOUT}" && \
git checkout "${RELEASE_BRANCH:?}" && \
dch --newversion "${NEXT_PLANNED_MAJOR_VERSION:?}" \
"Dummy entry for next release." && \
git commit debian/changelog \
-m "Add dummy changelog entry for ${NEXT_PLANNED_MAJOR_VERSION:?}."
* increment the version number in `devel`'s `debian/changelog` to
match the second next major release, so that images built from there
have the right version number:
cd "${RELEASE_CHECKOUT}" && \
git checkout devel && \
dch --newversion "${SECOND_NEXT_PLANNED_MAJOR_VERSION:?}" \
"Dummy entry for next release." && \
git commit debian/changelog \
-m "Add dummy changelog entry for ${SECOND_NEXT_PLANNED_MAJOR_VERSION:?}."
Giving access to a core developer
---------------------------------
......
......@@ -4,10 +4,6 @@ All times are referenced to Berlin and Paris time.
## 2018Q3
* 2018-08-16: Build and upload tentative 3.9~rc1 ISO image — intrigeri
* 2018-08-17: Test and release 3.9~rc1 — intrigeri
* 2018-09-03, 19:00: [[Contributors meeting|contribute/meetings]]
* 2018-09-04: Build and upload tentative 3.9 ISO image — intrigeri
......@@ -19,17 +15,17 @@ All times are referenced to Berlin and Paris time.
* 2018-10-03, 19:00: [[Contributors meeting|contribute/meetings]]
* 2018-10-23: **Release 3.10** (Firefox 60.3, bugfix release) — anonym is the RM
* 2018-10-23: **Release 3.10** (Firefox 60.3, bugfix release)
* 2018-11-06, 19:00: [[Contributors meeting|contribute/meetings]]
* 2018-12-03, 19:00: [[Contributors meeting|contribute/meetings]]
* 2018-12-11: **Release 3.11** (Firefox 60.4, major release) — anonym is the RM
* 2018-12-11: **Release 3.11** (Firefox 60.4, bugfix release)
## 2019Q1
* 2019-01-29: **Release 3.12** (Firefox 60.5)
* 2019-01-29: **Release 3.12** (Firefox 60.5, major release)
* 2019-03-19: **Release 3.13** (Firefox 60.6)
......
......@@ -4,6 +4,10 @@
See the [[release_schedule]].
<div class="caution">
Read the remainder of this document from the branch used to prepare the release!
</div>
Requirements
============
......@@ -17,6 +21,8 @@ To release Tails you'll need some packages installed:
`debian/control` in the `debian` branch of its repo)
* `tails-perl5lib` dependencies (same trick as `tails-iuk` to get the
list)
* `po4a` _from Stretch_: the version in testing/sid extracts Markdown headings
in a different way, which makes tons of strings fuzzy.
Environment
===========
......@@ -34,7 +40,14 @@ the scripts snippets found on this page:
* `NEXT_PLANNED_VERSION`: set to the version number of the next Tails release
(e.g. 0.23 when releasing 0.22.1, and 1.3 when releasing 1.2)
* `NEXT_PLANNED_MAJOR_VERSION`: set to the version number of the next
*major* Tails release
*major* Tails release; if you're preparing a RC for a major release,
use that major release; otherwise, use whatever the next planned
major release is
* `SECOND_NEXT_PLANNED_MAJOR_VERSION`: set to the version number of
the second next *major* Tails release; e.g. if preparing the RC for
the 3.9 major release, then set this to 3.12 (3.9 is the next major
release, 3.10 and 3.11 are bugfix releases, 3.12 is a major
release).
* `NEXT_PLANNED_MINOR_VERSION`: set to the version number of the next
*minor* Tails release; if the next release is a point-release, use
that one; otherwise, use `${VERSION}.1`
......@@ -46,8 +59,7 @@ the scripts snippets found on this page:
the `.packages` file) land.
* `MASTER_CHECKOUT`: a checkout of the `master` branch of the main
Tails Git repository.
* `RELEASE_BRANCH`: the name of the branch of the main Tails Git
repository used to prepare the release (`stable` or `testing`).
* `RELEASE_BRANCH=$(if [ "$MAJOR_RELEASE" = 1 ]; then echo -n testing; else echo -n stable; fi)`
* `RELEASE_CHECKOUT`: a checkout of the branch of the main Tails Git
repository used to prepare the release (`stable` or `testing`).
* `TAILS_SIGNATURE_KEY=A490D0F4D311A4153E2BB7CADBB802B258ACD84F`
......@@ -71,16 +83,6 @@ Coordinate with Debian security updates
See [[release_process/Debian_security_updates]].
Select the right branch
=======================
What we refer to as the "release branch" (and `RELEASE_BRANCH`) should
be `testing` for major releases, and `stable` for point-releases.
<div class="caution">
Read the remainder of this document from the branch used to prepare the release!
</div>
Sanity check
============
......@@ -97,7 +99,7 @@ If we are at freeze time for a major release:
1. Merge the `master` Git branch into `devel`:
git checkout devel && git merge --no-ff origin/master
git checkout devel && git fetch origin && git merge --no-ff origin/master
2. [[Merge each APT overlay suite|APT_repository/custom#workflow-merge-overlays]]
listed in the `devel` branch's `config/APT_overlays.d/` into the `devel`
......@@ -180,36 +182,40 @@ The patterns+settings file is stored as a SQLite text dump in
config/chroot_local-includes/usr/share/tails/ublock-origin/ublock0.dump \
&& rm ublock0.sqlite
<a id="upgrade-custom-debs"></a>
Upgrade bundled binary Debian packages
--------------------------------------
Skip this section unless we are at freeze time for a major release
(i.e. we are about to prepare a release candidate).
Skip this section if you are preparing a point-release.
That is: make sure the bundled binary Debian packages contain
up-to-date localization files.
The goal here is to make sure the bundled binary Debian packages contain
up-to-date localization files, so:
- If you are preparing a release candidate, build at least the packages
that change user-visible strings, so that translators can use the RC
to check the status of their work and identify what's left to do.
- If you are preparing a major release, build at least the packages
that got translation updates since the RC: we've sent a call for
translation while releasing the RC so the least we can do is to
incorporate the work that ensued into our final release :)
For each bundled Debian package, `cd` into the package's root
directory (e.g. a checkout of the `whisperback` repository),
and then run the `import-translations` script that is in the
main Tails repository. For example:
import translations from Transifex and sanity-check them:
cd whisperback
"${RELEASE_CHECKOUT:?}"/import-translations
If the `import-translations` script fails to import translations for
the current package, manually copy updated PO files from the
Transifex branches of `git://git.torproject.org/translation.git` (e.g.
`whisperback_completed`) instead. In this case, skip PO files for
[[translation teams that use Git|contribute/how/translate#translate]].
Add and commit.
"${RELEASE_CHECKOUT:?}"/import-translations && \
"${RELEASE_CHECKOUT:?}"/submodules/jenkins-tools/slaves/check_po
Then check the PO files:
Then, `git rm` the PO files that have issues (alternatively, if you
feel like it you can fix them but your changes will be overwritten
next time we import translations from Transifex).
"${RELEASE_CHECKOUT:?}"/submodules/jenkins-tools/slaves/check_po
And finally, commit:
Correct any displayed error, then commit the changes if any.
git add po && git commit \
-m "Update POT and PO files, pull updated translations from Transifex."
Then see the relevant release processes, and upload the packages to
the release branch's custom APT suite:
......@@ -290,19 +296,22 @@ Update other base branches
1. Merge the release branch into `devel` following the instructions for
[[merging base branches|APT_repository/custom#workflow-merge-main-branch]].
2. Merge `devel` into `feature/buster`, *without* following the instructions for
2. [[Thaw|APT_repository/time-based snapshots#thaw]], on the devel
branch, the time-based APT repository snapshots that were used
during the freeze.
3. Merge `devel` into `feature/buster`, *without* following the instructions for
[[merging base branches|APT_repository/custom#workflow-merge-main-branch]].
(For now `feature/buster` is handled as any other topic branch
forked off `devel`: its base branch is set to `devel`.)
If the merge conflicts don't look like something you feel confident
resolving properly, abort this merge and let the Foundations
Team know.
3. Ensure that the release, `devel` and `feature/buster` branches
4. Ensure that the release, `devel` and `feature/buster` branches
have the expected content in `config/APT_overlays.d/`: e.g. it must
not list any overlay APT suite that has been merged already.
4. [[Thaw|APT_repository/time-based snapshots#thaw]], on the devel
branch, the time-based APT repository snapshots that were used
during the freeze.
5. Push the modified branches to Git:
git push origin \
......@@ -519,19 +528,18 @@ SquashFS file order
1. Start *Tor Browser*.
1. A few minutes later, once the `boot-profile` process has been
killed, retrieve the new sort file from `/var/log/boot-profile`.
1. Backup the old sort file: `cp config/binary_rootfs/squashfs.sort{,.old}`
1. Copy the new sort file to `config/binary_rootfs/squashfs.sort`.
1. Cleanup a bit:
- remove `var/log/live/config.pipe`: otherwise the boot is broken
or super-slow
- remove the bits about `kill-boot-profile` at the end: they're
only useful when profiling the boot
1. Inspect the Git diff (including diff stat), apply common sense.
The following command is also helpful but requires that you save a
copy of the old sort file into `/tmp/squashfs.sort.old`:
1. Inspect the Git diff (including diff stat), apply common sense:
diff -NaurB \
<( cut -d' ' -f1 /tmp/squashfs.sort.old | sort ) \
<( cut -d' ' -f1 config/binary_rootfs/squashfs.sort | sort ) \
<( cut -d' ' -f1 config/binary_rootfs/squashfs.sort.old | sort ) \
<( cut -d' ' -f1 config/binary_rootfs/squashfs.sort | sort ) \
| less
1. `git commit -m 'Updating SquashFS sort file' config/binary_rootfs/squashfs.sort`
......@@ -566,10 +574,16 @@ suite should be ready, so it is time to:
1. build the final image!
1. compare the new build manifest with the one from the previous,
almost final build; they should be identical, except that the
`debian-security` serial might be higher. To ensure we publish
the final build's `.build-manifest`, please run:
1. Compare the new build manifest with the one from the previous,
almost final build:
diff -Naur \
"${PACKAGES_MANIFEST:?}" \
"${ARTIFACTS:?}/tails-amd64-${VERSION:?}.iso.build-manifest"
They should be identical, except that the `debian-security` serial might be higher.
1. To ensure we publish the final build's `.build-manifest`, run:
export PACKAGES_MANIFEST="${ARTIFACTS:?}/tails-amd64-${VERSION:?}.iso.build-manifest"
......@@ -795,7 +809,7 @@ Prepare upgrade-description files
or RC), add `--channel alpha`
* If preparing anything but a final release (e.g. an alpha, beta
or RC), drop all `--next-version`
arguments, and instead pass (**untested!**)
arguments, and instead pass
`--next-version $(echo ${VERSION:?} | sed -e 's,~rc.*$,,')`
* Adjust `--next-version "${VERSION:?}.1"` so it matches the next
potential emergency release. E.g. when releasing 3.7.1,
......@@ -833,13 +847,30 @@ Prepare upgrade-description files
)
1. If preparing anything but a final release (e.g. an alpha, beta
or RC), copy the generated or updated files to
`${MASTER_CHECKOUT:?}`, replace `channel: alpha` with `channel:
test`, sign them, commit and push.
or RC), copy the generated UDFs for the previous releases
to the *test* channel in `$MASTER_CHECKOUT`, modify their content
accordingly, sign them, commit and push:
( \
cd ${MASTER_CHECKOUT:?} && \
git fetch && \
for old_version in ${IUK_SOURCE_VERSIONS:?}; do
alpha_udf="wiki/src/upgrade/v1/Tails/${old_version:?}/amd64/alpha/upgrades.yml" && \
test_udf="wiki/src/upgrade/v1/Tails/${old_version:?}/amd64/test/upgrades.yml" && \
mkdir -p "$(dirname "$test_udf")" && \
git show origin/${WEBSITE_RELEASE_BRANCH:?}:${alpha_udf:?} \
| sed -e 's/channel: alpha/channel: test/' > ${test_udf:?} && \
gpg -u "${TAILS_SIGNATURE_KEY:?}" --armor --detach-sign ${test_udf:?} && \
mv ${test_udf:?}.asc ${test_udf:?}.pgp && \
git add ${test_udf:?}* ; \
done && \
git commit -m "Add incremental upgrades on the test channel for Tails ${VERSION:?}" && \
git push origin master:master \
)
1. Else, if preparing a final release, copy the generated UDF for the previous
release to the *test* channel in `$MASTER_CHECKOUT`, modify its content
accordingly, sign it, commit and push:
1. Else, if preparing a final release, copy the generated UDFs for the previous
releases to the *test* channel in `$MASTER_CHECKOUT`, modify their content
accordingly, sign them, commit and push:
( \
cd ${MASTER_CHECKOUT:?} && \
......@@ -1043,7 +1074,7 @@ Testing
due time.
1. Triage test results, reproduce bugs as needed, decide what the next
step is and make sure it happens: add to known issues? file ticket?
release blocker?
release blocker? improve the test description (steps, expected outcome)?
Update the website and Git repository
=====================================
......@@ -1110,14 +1141,14 @@ If preparing a release candidate
Skip this part if preparing a final release.
Copy the `.iso.sig` file into the website repository:
Copy the signature and the Torrent into the website repository:
cp "${ISO_PATH:?}.sig" \
"${ISOS:?}/tails-amd64-${VERSION:?}.torrent" \
"${MASTER_CHECKOUT:?}/wiki/src/torrents/files/"
"${RELEASE_CHECKOUT:?}/wiki/src/torrents/files/"
Write the announcement for the release in
`${MASTER_CHECKOUT:?}/wiki/src/news/test_${TAG:?}.mdwn`, including:
`${RELEASE_CHECKOUT:?}/wiki/src/news/test_${TAG:?}.mdwn`, including: