Merge commit '70091e58' (Tails 3.0~beta3 release) into feature/5688-tails-server

.gitignore

@@ -48,7 +48,6 @@
 /config/chroot_local-includes/usr/share/applications/tails-reboot.desktop
 /config/chroot_local-includes/usr/share/applications/unsafe-browser.desktop
 /config/chroot_local-includes/usr/share/applications/tails-shutdown.desktop
-/config/chroot_local-includes/usr/share/applications/i2p-browser.desktop
 /config/chroot_local-includes/usr/share/applications/tor-browser.desktop
 /config/chroot_local-includes/usr/share/applications/tails-about.desktop
 /config/chroot_local-includes/usr/share/desktop-directories/Tails.directory

Rakefile

@@ -31,7 +31,7 @@ VAGRANT_PATH = File.expand_path('../vagrant', __FILE__)
 STABLE_BRANCH_NAMES = ['stable', 'testing']
 
 # Environment variables that will be exported to the build script
-EXPORTED_VARIABLES = ['http_proxy', 'MKSQUASHFS_OPTIONS', 'TAILS_RAM_BUILD', 'TAILS_CLEAN_BUILD']
+EXPORTED_VARIABLES = ['http_proxy', 'MKSQUASHFS_OPTIONS', 'TAILS_RAM_BUILD', 'TAILS_CLEAN_BUILD', 'TAILS_OFFLINE_MODE']
 
 # Let's save the http_proxy set before playing with it
 EXTERNAL_HTTP_PROXY = ENV['http_proxy']
@@ -175,6 +175,8 @@ task :parse_build_options do
       ENV['http_proxy'] = INTERNAL_HTTP_PROXY
     when 'noproxy'
       ENV['http_proxy'] = nil
+    when 'offline'
+      ENV['TAILS_OFFLINE_MODE'] = '1'
     # SquashFS compression settings
     when 'gzipcomp'
       ENV['MKSQUASHFS_OPTIONS'] = '-comp gzip -Xcompression-level 1'
@@ -195,6 +197,15 @@ task :parse_build_options do
       raise "Unknown Tails build option '#{opt}'"
     end
   end
+
+  if ENV['TAILS_OFFLINE_MODE'] == '1'
+    if ENV['http_proxy'].nil?
+      abort "You must use a caching proxy when building offline"
+    end
+    if ENV['TAILS_NO_AUTO_PROVISION'] == '1'
+      abort "Offline mode requires provisioning"
+    end
+  end
 end
 
 task :ensure_clean_repository do

auto/build

@@ -60,6 +60,7 @@ echo "POTFILES_DOT_IN='$(
 
 # fix permissions on some source files that will be copied as is to the chroot.
 # they may be wrong, e.g. if the Git repository was cloned with a strict umask.
+chown    0:0   config/chroot_local-includes/etc/resolv.conf
 chmod -R go+rX config/binary_local-includes/
 chmod -R go+rX config/chroot_local-includes/etc
 chmod    0440  config/chroot_local-includes/etc/sudoers.d/*

auto/config

@@ -86,6 +86,7 @@ $RUN_LB_CONFIG \
    --packages-lists="standard" \
    --tasks="standard" \
    --linux-packages="linux-image-${KERNEL_VERSION}" \
+   --security false \
    --syslinux-menu vesamenu \
    --syslinux-splash data/splash.png \
    --syslinux-timeout 4 \

auto/scripts/apt-mirror

@@ -29,18 +29,21 @@ output_time_based_snapshot() {
 SERIAL=$(cat "config/APT_snapshots.d/$ARCHIVE/serial")
 RESOLVED_SERIAL=$(cat "tmp/APT_snapshots.d/$ARCHIVE/serial")
 BASE_BRANCH=$(base_branch)
+CURRENT_BRANCH=$(current_branch)
 
-if [ "$BASE_BRANCH" = stable ] || [ "$BASE_BRANCH" = testing ] ; then
+if [ "$BASE_BRANCH" = stable ] || [ "$BASE_BRANCH" = testing ] || [ "$CURRENT_BRANCH" = feature/stretch ] ; then
     case "$ARCHIVE" in
        debian-security)
           [ "$SERIAL" = latest ] \
               || fatal "APT snapshots are frozen for the debian-security archive," \
-                       "which should not happen on a branch based on $BASE_BRANCH"
+                       "which should happen neither on feature/stretch nor on"     \
+                        "a branch based on $BASE_BRANCH"
           ;;
        *)
           [ "$SERIAL" != latest ] \
               || fatal "APT snapshots are not frozen for the $ARCHIVE archive," \
-                       "which should not happen on a branch based on $BASE_BRANCH"
+                       "which should happen neither on feature/stretch nor on"  \
+                        "a branch based on $BASE_BRANCH"
     esac
     if version_was_released "$(version_in_changelog)"; then
         on_a_tag \
@@ -55,9 +58,11 @@ if [ "$BASE_BRANCH" = stable ] || [ "$BASE_BRANCH" = testing ] ; then
        output_time_based_snapshot "$ARCHIVE" "$RESOLVED_SERIAL"
     fi
 else
-    if [ "$(base_branch)" = devel ] && [ "$SERIAL" != latest ]; then
-        fatal "APT snapshots are frozen, which should not happen on a branch" \
-              "based on the devel one"
+    if [ "$BASE_BRANCH" = devel ] || [ "$CURRENT_BRANCH" = feature/stretch ]; then
+        if [ "$SERIAL" != latest ]; then
+            fatal "APT snapshots are frozen, which should happen neither on" \
+                  "feature/stretch nor on a branch based on the devel one"
+        fi
     fi
     output_time_based_snapshot "$ARCHIVE" "$RESOLVED_SERIAL"
 fi

auto/scripts/tails-custom-apt-sources

@@ -7,7 +7,7 @@ set -u
 
 APT_MIRROR_URL="http://deb.tails.boum.org/"
 DEFAULT_COMPONENTS="main contrib non-free"
-BASE_BRANCHES="stable testing devel feature/jessie"
+BASE_BRANCHES="stable testing devel feature/stretch"
 
 output_apt_binary_source() {
 	local suite="$1"

config/APT_snapshots.d/debian/serial

-2017013002
+2017031702

config/APT_snapshots.d/torproject/serial

-2017013002
+2017031702

config/amnesia

@@ -22,7 +22,7 @@ AMNESIA_ISOHYBRID_OPTS="-h 255 -s 63"
 REQUIRED_SYSLINUX_UTILS_UPSTREAM_VERSION="6.03~pre20"
 
 # Kernel version
-KERNEL_VERSION='4.9.0-1'
+KERNEL_VERSION='4.9.0-2'
 KERNEL_SOURCE_VERSION=$(
    echo "$KERNEL_VERSION" \
        | perl -p -E 's{\A (\d+ [.] \d+) [.] .*}{$1}xms'

config/binary_rootfs/squashfs.sort

@@ -460,8 +460,6 @@ usr/bin/expr                                                         32082
 usr/bin/bc                                                           32081
 lib/live/config/2060-create-upgrader-run-directory                   32079
 usr/bin/install                                                      32078
-lib/live/config/2080-install-i2p                                     32077
-usr/local/lib/tails-shell-library/i2p.sh                             32076
 usr/local/lib/tails-shell-library/common.sh                          32075
 usr/local/lib/tails-shell-library/localization.sh                    32074
 lib/live/config/7000-debug                                           32073
@@ -2839,7 +2837,6 @@ usr/share/applications/mimeinfo.cache                                29205
 usr/share/gnome/applications/vim.desktop                             29204
 usr/share/gnome/applications/nm-connection-editor.desktop            29203
 usr/share/gnome/applications/gnome-power-statistics.desktop          29202
-usr/share/gnome/applications/openjdk-7-policytool.desktop            29201
 usr/share/gnome/applications/orca.desktop                            29200
 usr/share/applications/gnome-bluetooth-panel.desktop                 29199
 usr/lib/libreoffice/share/xdg/xsltfilter.desktop                     29198
@@ -3122,7 +3119,6 @@ etc/xdg/menus/applications-merged/Tails.menu                         28920
 usr/share/applications/gnome-power-statistics.desktop                28919
 usr/share/applications/nm-connection-editor.desktop                  28918
 usr/lib/i386-linux-gnu/tracker-1.0/libtracker-data.so.0.0.0          28917
-usr/share/applications/openjdk-7-policytool.desktop                  28916
 usr/share/applications/orca.desktop                                  28915
 usr/share/applications/vim.desktop                                   28914
 usr/share/desktop-directories/ActionGames.directory                  28913
@@ -4097,7 +4093,6 @@ usr/lib/i386-linux-gnu/libopencv_contrib.so.2.4.9                    27944
 usr/share/ca-certificates/mozilla/Verisign_Class_3_Public_Primary_Certification_Authority.crt 27943
 usr/lib/i386-linux-gnu/libopencv_core.so.2.4.9                       27942
 usr/lib/i386-linux-gnu/libopencv_highgui.so.2.4.9                    27941
-etc/NetworkManager/dispatcher.d/30-i2p.sh                            27940
 etc/NetworkManager/dispatcher.d/60-tor-ready.sh                      27939
 usr/local/sbin/tor-has-bootstrapped                                  27938
 usr/bin/gettext                                                      27937

config/chroot_local-hooks/06-adduser_i2pbrowser

-#!/bin/sh
-
-set -e
-
-# Create the i2pbrowser user.
-#
-# We run i2p-browser under this user
-
-echo "Creating the i2pbrowser user"
-
-adduser --system --quiet --group i2pbrowser

config/chroot_local-hooks/09-torsocks-configuration

@@ -4,9 +4,9 @@ set -e
 
 echo "Configure torsocks"
 
-# Allow TCP outbound connections to the loopback interface, so
+# Allow TCP and UDP outbound connections to the loopback interface, so
 # that we can wrap git with torsocks without breaking Git-over-SSH
 # (SSH is torified via ProxyCommand already).
 sed -i'' \
-    --regexp-extended 's,^#?AllowOutboundLocalhost\s+.*,AllowOutboundLocalhost 1,' \
+    --regexp-extended 's,^#?AllowOutboundLocalhost\s+.*,AllowOutboundLocalhost 2,' \
     /etc/tor/torsocks.conf

config/chroot_local-hooks/10-tbb

@@ -35,7 +35,7 @@ download_and_verify_files() {
         (
             cd "${destination}"
             echo "Fetching ${base_url}/${tarball} ..."
-            curl --remote-name "${base_url}/${tarball}"
+            curl --retry 20 --remote-name "${base_url}/${tarball}"
         )
         actual_sha256="$(sha256sum "${destination}/${tarball}" | cut -d' ' -f1)"
         if [ "${actual_sha256}" != "${expected_sha256}" ]; then

config/chroot_local-hooks/16-i2p_config

-#!/bin/sh
-
-set -e
-
-echo "Configuring I2P"
-
-I2P="/usr/share/i2p"
-I2PROUTER="/usr/bin/i2prouter"
-WRAPPER="/etc/i2p/wrapper.config"
-
-# This must be set in order for the i2p init script to work
-sed -i 's/^RUN_DAEMON=.*$/RUN_DAEMON="true"/' /etc/default/i2p
-
-# Remove the "i2prouter" script, its man page, and its apparmor profile
-# since these are not used by Tails:
-rm /etc/apparmor.d/usr.bin.i2prouter /usr/share/man/man1/i2prouter.1.gz
-
-# Install custom i2prouter stub scripts
-for script in ${I2PROUTER} ${I2PROUTER}-nowrapper; do
-    echo "Removing $script"
-    dpkg-divert --rename --add "${script}"
-    cat > "$script" << EOF
-#!/bin/sh
-echo "This script is not used by Tails."
-echo "See https://tails.boum.org/doc/anonymous_internet/i2p/ for more information."
-exit 0
-EOF
-    chmod 755 "$script"
-done
-
-# Remove the outproxy from the tunnel on port 4444
-# This will remove the following lines:
-#      tunnel.0.proxyList=false.i2p
-#      tunnel.0.option.i2ptunnel.httpclient.SSLOutproxies=false.i2p
-# The SSLOutproxies option was first set in I2P 0.9.15
-sed -i '/^.*tunnel\.0\.\(proxyList\|option\.i2ptunnel\.httpclient\.SSLOutproxies\)/d' "$I2P/i2ptunnel.config"
-
-# Disable the https outproxy (port 4445)
-sed -i 's|^.*\(tunnel\.6\.startOnLoad\).*|\1=false|' "$I2P/i2ptunnel.config"
-
-# Don't serve the router console on IPv6
-sed -i 's|^clientApp\.0\.args=7657\s\+::1,127\.0\.0\.1|clientApp.0.args=7657 127.0.0.1|' "$I2P/clients.config"
-
-# Disable IPv6 in the wrapper
-sed -i 's|^.*\(wrapper\.java\.additional\.5=-Djava\.net\.preferIPv4Stack=\).*|\1true|' "$WRAPPER"
-sed -i 's|^.*\(wrapper\.java\.additional\.6=-Djava\.net\.preferIPv6Addresses=\).*|\1false|' "$WRAPPER"
-
-# Tails specific router configs:
-# * i2cp: allows java clients to communicate with I2P outside of the JVM. Disabled.
-# * IPv6: Disabled
-# * HiddenMode: Enabled
-# * In-I2P Network Updates: Disabled
-# * Inbound connections: Disabled (setting is "i2cp.ntcp.autoip")
-# * Disable I2P plugins
-# * Disable NTP
-cat > "$I2P/router.config" << EOF
-# NOTE: This I2P config file must use UTF-8 encoding
-i2cp.disableInterface=true
-i2np.ntcp.ipv6=false
-i2np.ntcp.autoip=false
-i2np.udp.ipv6=false
-router.isHidden=true
-router.updateDisabled=true
-router.enablePlugins=false
-time.disabled=true
-EOF
-
-cat > "$I2P/susimail.config" << EOF
-susimail.pop3.leave.on.server=true
-EOF
-
-# enforce apparmor
-echo Setting the I2P apparmor profile to enforce mode
-sed  -i -re 's|flags=\(complain\)||' /etc/apparmor.d/system_i2p

config/chroot_local-hooks/45-disable-unneeded-dbus-services

@@ -10,6 +10,13 @@ SERVICES_DIR=/usr/share/dbus-1/services
 
 sed -i'' 's,^Exec=.*$,Exec=/bin/false,' \
     "${SERVICES_DIR}"/org.gnome.evolution.dataserver.*.service \
-    "${SERVICES_DIR}"/org.gnome.Shell.CalendarServer.service   \
-    "${SERVICES_DIR}"/org.freedesktop.Telepathy.AccountManager.service \
-    "${SERVICES_DIR}"/org.freedesktop.Telepathy.MissionControl5.service
+    "${SERVICES_DIR}"/org.gnome.Shell.CalendarServer.service
+
+for service in \
+   "${SERVICES_DIR}"/org.freedesktop.Telepathy.AccountManager.service \
+   "${SERVICES_DIR}"/org.freedesktop.Telepathy.MissionControl5.service ; do
+   if [ -f "$service" ]; then
+       echo "$service is back: consider disabling it" >&2
+       exit 1
+   fi
+done

config/chroot_local-hooks/52-update-rc.d

@@ -2,32 +2,6 @@
 
 set -e
 
-CUSTOM_INITSCRIPTS="
-"
-
-PATCHED_INITSCRIPTS="
-alsa-utils
-haveged
-hwclock.sh
-i2p
-kexec-load
-laptop-mode
-memlockd
-saned
-spice-vdagent
-tor
-"
-
-echo "Configuring boot sequence"
-
-# The patches to adjust the runlevels are applied to the chroot
-# after the packages have been installed. So we need to remove them first,
-# to re-install them with our settings.
-insserv -r $PATCHED_INITSCRIPTS
-
-# Re-install overriden initscripts and install our custom ones.
-insserv $PATCHED_INITSCRIPTS $CUSTOM_INITSCRIPTS
-
 ### Tweak systemd unit files
 
 # Workaround for https://bugs.debian.org/714957
@@ -71,9 +45,6 @@ systemctl disable tor.service
 systemctl disable NetworkManager.service
 systemctl disable NetworkManager-wait-online.service
 
-# We don't run these services by default
-systemctl disable i2p.service
-
 # Don't hide tails-kexec's shutdown messages with an empty splash screen
 for suffix in halt kexec poweroff reboot shutdown ; do
    systemctl mask "plymouth-${suffix}.service"
@@ -91,15 +62,3 @@ systemctl mask hwclock-save.service
 
 # Do not run timesyncd: we have our own time synchronization mechanism
 systemctl mask systemd-timesyncd.service
-
-# Unmute and sanitize mixer levels at boot time
-# (`systemctl unmask` does not support initscripts on Jessie,
-# hence the manual unmasking)
-dpkg-divert --add --rename --divert \
-	    /lib/systemd/system/alsa-utils.service.orig \
-	    /lib/systemd/system/alsa-utils.service
-# Disable the ALSA state store/restore systemd services (that lack mixer
-# levels unmuting/sanitizing), we use the legacy initscript instead
-systemctl mask alsa-restore.service
-systemctl mask alsa-state.service
-systemctl mask alsa-store.service

config/chroot_local-hooks/54-menu

@@ -13,7 +13,6 @@ done
 rm \
    /usr/share/applications/gnome-online-accounts-panel.desktop \
    /usr/share/applications/laptop-mode-tools.desktop \
-   /usr/share/applications/openjdk-8-policytool.desktop \
    /usr/share/applications/sniff.desktop
 
 sed -i'' --regexp-extended 's,^Exec=pidgin$,Exec=/usr/local/bin/pidgin,' \

config/chroot_local-hooks/59-libdvd-pkg

@@ -17,6 +17,7 @@ dpkg-reconfigure libdvd-pkg
 # without the build-essential dependency to satisfy libdvdcss2.
 LIBDVD_PKG_VERSION="$(dpkg-query -s libdvd-pkg | grep Version | cut -d ' ' -f2)+fake1"
 install_fake_package libdvd-pkg "${LIBDVD_PKG_VERSION}" multimedia
+rm -r /usr/src/libdvd-pkg
 
 # Verify installed packages:
 for x in libdvd-pkg

config/chroot_local-hooks/80-block-network

@@ -5,6 +5,6 @@ set -e
 echo "Generating blocklist for all network devices"
 
 find /lib/modules/*/kernel/drivers/net \
-     -name "*.ko" -printf "blacklist %f\n" | \
-  sed 's/\.ko$//' | \
+     -name "*.ko" -printf "install %f /bin/true\n" | \
+  sed 's/\.ko / /' | \
   sort -u > /etc/modprobe.d/all-net-blacklist.conf

config/chroot_local-hooks/97-remove_i2p

-#!/bin/sh
-
-set -u
-set -e
-
-# Everything moved by this hook script will be reversed in the event that
-# the string "i2p" is entered at a boot prompt
-
-DEST="/usr/share/tails/i2p-disabled"
-
-[ -d "/usr/share/i2p" ] || return 0
-
-mkdir "$DEST"
-mv -f /usr/share/i2p "$DEST"
-mv -f /usr/sbin/wrapper "$DEST"
-mv -f /usr/share/applications/i2p-browser.desktop "$DEST"