Commit 5cd10404 authored by intrigeri's avatar intrigeri
Browse files

Merge remote-tracking branch 'origin/master'

parents 2a46ca76 6bc7104d
wiki/src/contribute/how/code/HACKING.mdwn
\ No newline at end of file
[[!meta title="Writing code for Tails"]]
Hi, prospective Tails contributor! This document is intended to
quickly (in 20 minutes!) get you up to speed on how to write code for
Tails by giving a brief overview the Tails source tree and Git branch
organization without referring to more detailed (and hence longer)
resources. As such it might not be enough for some specific things,
but it should cover 95% of use cases for aspiring code
contributors. Also, this document risks getting out of date, so don't
trust every single detail as the written word of `$DEITY`.
Note that this document will not teach you how to *contribute* code to
Tails; it will only introduce you how to *write* code for Tails. Once
you have something to contribute, please read our
[[extensive instructions for contributors|contribute/how/code]].
[[!toc levels=2]]
# Git branch organization
* `master`: as soon as something is pushed to this branch in Tails
main git repository, the live Tails' website is rebuilt. This branch
is *only* used for the website. Don't waste time trying to build it,
or basing new branches on it if you intend to build them!
* `devel`: This is the development branch, where new features end
up. In general you should base new branches on this one.
* `stable`: When a new major Tails release is out, we merge `devel`
into `stable` and use it to build minor releases (e.g. when there's
a new Tor Browser (= Firefox ESR) release) and emergency releases
from. We only merge security fixes and bugfixes into this branch, so
new such branches should be based on `stable`.
* `testing`: After a freeze for a new major release (e.g. when we
prepare release candidates), this is the branch were the continued
work for this release happens. At that point `devel` is used for the
*next* major release. Bugfixes on new features introduced in the
this upcoming Tails release should be based on this branch (as
should new translations).
* `feature/DEBIAN_NEXT`: The development branch for Tails based on the
next Debian major release.
* `feature/XXXX-*`, `bugfix/XXXX-*`, `test/XXXX-*`: We use this naming
scheme for the branches if new features, bugfixes and automated
tests, where `XXXX` refers to the Redmine ticket they fix.
We will sometimes talk about "base branches", which are `stable`,
`testing`, `devel` and `feature/DEBIAN_NEXT`. When developing a new
branch, this should be the branch you based it on. It will be used
during the build to determine which packages from Tails APT repo to
install (see some details about this below).
For detailed information see our
[[documentation about Git|contribute/git]].
# Important files and directories
Some of the more important files during build, and for running Tails
sessions, are listed below. In general, just look at the existing
files or content to understand the format -- we won't explain them
fully here most of the time.
## config/chroot_sources/
The files in here determine which APT repositories to use during
build, and in the resulting Tails image.
Note that while it is possible to add non-Debian repositories, and
that it is fine to do so for testing/development purposes, limitations
inherent in Tails' APT snapshot system (see below) prevents us from
using them in releases. In fact, in releases we can only use:
* Debian's APT repository
* `deb.torproject.org`
* `deb.tails.boum.org`
So, if you need a package from some other repository, feel free to add
through this mechanism it when developing your branch. When it's time
to merge we will figure out the best way to get the packages available
to us, usually by importing them to `deb.tails.boum.org`. The
preferred solution is always to have the packages available in
Debian.
## config/chroot_apt/preferences
The `/etc/apt/preferences` file that will be used during the build
process, and later copied in to the resulting Tails filesystem. We use
it *heavily*. If you want to install a package (or another version of
a package) that is not in the stable Debian release, you will have to
add a pinning rule in this file in order to make it install.
## config/chroot_local-packageslists/tails-common.list
The primary list of packages to install in Tails. Sometimes extra
magic has to be done when installing a package, and then we install it
with a build-time hook (see `config/chroot_local-hooks/` below). If
the package is to be installed from another source than Debian Stable,
make sure to add a pinning rule (see `config/chroot_apt/preferences`
above).
## config/chroot_local-packages/
If you put a `.deb` here, it will be installed with high priority
(disregarding the rules in `config/chroot_apt/preferences`). This is
useful for testing purposes only!
## config/base_branch
This encodes which base branch (see above) the current branch is based
on (the base branches themselves are "based" on themselves). In
practice this determines which APT suite from `deb.tails.boum.org` to
use (so if `config/base_branch` contains `devel`, then the `devel` APT
suite will be used). These APT suites are the place where we upload
all our custom Debian packages.
## config/APT_overlays.d/
Each file here corresponds to an APT suite on `deb.tails.boum.org` to
be used. E.g. if we have `config/APT_overlays.d/feature-1234-example`
then the `feature-1234-example` APT suite will be used. Each branch
that is pushed to Tails' main Git repo will automatically have such a
suite created (but with illegal charactes changed to `-`, so
`feature/1234-example` becomes `feature-1234-example`).
This is useful for importing specific package versions in between
Tails releases, and gives us very exact control of which branches gets
which packages.
## config/APT_snapshots.d/
The APT repositories used to install packages during the build process
are snapshotted several times per day. The files in here simply encode
which snapshot to use for each APT repository. In general, the `devel`
branch always uses the latest snapshots, while all other branches more
or less use the snapshot from the last feature freeze (when we prepare
the release candidate for the last Tails major release). This way only
`devel` is a bit crazy, and the build result depends on what happens
e.g. in Debian's APT repository from day to day. Other branches remain
pretty much the same until these snapshots are bumped, or something
changes in `deb.tails.boum.org` (but then you should just merge your
base branch, and all should be good again).
For detailed information see our
[[documentation about APT repositories|contribute/APT_repository]].
## config/binary_*
These files are about what will happen outside of Tails filesystem, on
the ISO9660 filesystem of the resulting `.iso` image.
## config/chroot_local-includes/
These files and directories will be copied into the Tails file system,
overwriting existing file. This is the main way to include e.g. static
configurations, custom scripts, and similar things not handled by
Debian packages.
## config/chroot_local-patches/
These patches will be applied on `/` of the Tails filesystem right
after `config/chroot_local-includes/` is copied in. Here we patch
various configuration files and similar installed by Debian packages,
but where we still want to keep any changes made upstream. Remember,
if we use `config/chroot_local-includes/` files are *overwritten*, so
any such upstream changes are lost. With a patch we'll get them as
well as our desired change (and we get build failures as a
"notification" when the upstream has changed in a conflicting way,
which is nice).
## config/chroot_local-hooks/
These scripts will run right after the patches in
`config/chroot_local-patches/` are applied. Here we can pretty much do
anything we want. We use it to reconfigure various things, install
packages that require extra magic, programatically generating various
files (images, configurations, even some scripts), cleaning up
unneeded files etc.
## config/chroot_local-includes/lib/live/config/
These scripts will be run early during Tails' boot process, in lexical
order. Quite a few of them are installed by the `live-config` package,
but we have some custom ones in there as well. Note that
`0030-user-setup` is when the Live user (`amnesia`) is created, so
prior to that any reference to it won't work (e.g. in the build-hooks
in `config/chroot_local-hooks/`).
## config/chroot_local-includes/etc/skel/
This is the seed for the Live user's (`amnesia` for now) home
directory. Put static application configuration files ("dot files" and
"dot dirs") here!
## config/chroot_local-includes/usr/share/tails/
A directory where we dump Tails-specific files with no obvious place
to live. Generally these are files needed during build (and then we
clean them up with a build hook) or during Tails operation (e.g. by
some script).
## config/chroot_local-includes/usr/local/
This is where we put most of the custom scripts shipped in Tails. Some
honorable mentions are:
* `config/chroot_local-includes/usr/local/sbin/` for scripts used by
root only.
* `config/chroot_local-includes/usr/local/bin/` for scripts used by
non-root users (and root too).
* `config/chroot_local-includes/usr/local/lib/` for scripts that we
don't want to expose to the user at all times (it's not in the
`$PATH`).
* `config/chroot_local-includes/usr/local/lib/tails-shell-library/`
for "libraries" often included in the above scripts.
# Overview of the build process
The order of how things are applied matters greatly. In terms of the
files and directories you have learned about above, this is how Tails
is built, in order:
1. A minimal Debian system is `debootstrap`:ed.
2. APT is set up according to `config/chroot_sources/` and
`config/chroot_apt/preferences` (and `config/APT_overlays.d/` and
`config/APT_snapshots.d/`).
3. Packages listed in
`config/chroot_local-packageslists/tails-common.list` are
installed.
4. Packages stored in `config/chroot_local-packages/` are installed.
5. Everyting in `config/chroot_local-includes/` is copied to `/`,
overwriting existing files.
6. All patches in `config/chroot_local-patches/` are applied on `/`.
7. All build-time hooks in `config/chroot_local-hooks/` are run.
8. Now the Tails filesystem is done!
9. The ISO9660 filesystem used in the resulting `.iso` image is
created according to `config/binary_*`.
# Building Tails
Just follow the "Using Vagrant" section in our
[[contribute/build#vagrant]] instruction. Copy-pasting the shell
commands should be enough. Then it's as simple as:
rake build
although you may want to look through the build options you can supply
via the `TAILS_BUILD_OPTIONS` environment variable.
Happy hacking!
......@@ -34,6 +34,7 @@ STABLE_BRANCH_NAMES = ['stable', 'testing']
EXPORTED_VARIABLES = [
'MKSQUASHFS_OPTIONS',
'TAILS_BUILD_FAILURE_RESCUE',
'TAILS_DATE_OFFSET',
'TAILS_MERGE_BASE_BRANCH',
'TAILS_OFFLINE_MODE',
......@@ -161,7 +162,7 @@ def enough_free_host_memory_for_ram_build?
return false unless RbConfig::CONFIG['host_os'] =~ /linux/i
begin
usable_free_mem = `free`.split[16].to_i
usable_free_mem = `free`.split[12].to_i
usable_free_mem > VM_MEMORY_FOR_RAM_BUILDS * 1024
rescue
false
......@@ -169,7 +170,7 @@ def enough_free_host_memory_for_ram_build?
end
def free_vm_memory
capture_vagrant_ssh('free').first.chomp.split[16].to_i
capture_vagrant_ssh('free').first.chomp.split[12].to_i
end
def enough_free_vm_memory_for_ram_build?
......
......@@ -2,6 +2,11 @@ Package: b43-fwcutter
Pin: release o=Debian,n=sid
Pin-Priority: 999
Explanation: freeze exception (install version compatible with Thunderbird 45.x: #13530)
Package: enigmail
Pin: origin deb.tails.boum.org
Pin-Priority: 999
Package: firmware-b43-installer
Pin: release o=Debian,n=sid
Pin-Priority: 999
......@@ -67,7 +72,7 @@ Pin-Priority: 990
Package: *
Pin: release o=TorProject,n=stretch
Pin-Priority: 989
Pin-Priority: 990
Package: *
Pin: origin live.debian.net
......
HTP_POOL_PAL="boum.org,espiv.net,db.debian.org,epic.org,mail.riseup.net,leap.se,squat.net,tachanka.org,www.1984.is,www.eff.org,www.immerda.ch,www.privacyinternational.org,www.torproject.org"
HTP_POOL_NEUTRAL="cve.mitre.org,en.wikipedia.org,lkml.org,thepiratebay.org,www.apache.org,www.centos.org,www.democracynow.org,www.duckduckgo.com,www.gnu.org,www.kernel.org,www.mozilla.org,www.stackexchange.com,www.startpage.com,www.xkcd.com"
HTP_POOL_NEUTRAL="cve.mitre.org,en.wikipedia.org,lkml.org,thepiratebay.org,www.apache.org,getfedora.org,www.democracynow.org,www.duckduckgo.com,www.gnu.org,www.kernel.org,www.mozilla.org,www.stackexchange.com,www.startpage.com,www.xkcd.com"
HTP_POOL_FOE="encrypted.google.com,github.com,login.live.com,login.yahoo.com,secure.flickr.com,tumblr.com,twitter.com,www.adobe.com,www.gandi.net,www.myspace.com,www.paypal.com,www.rackspace.com,www.sony.com"
......@@ -33,6 +33,11 @@ start_thunderbird() {
mkdir --mode=0700 -p "$TMPDIR"
export TMPDIR
# Clean the temporary directory: it's generally persistent, and then
# temporary files (including decrypted attachements) would otherwise
# be stored forever there (#13340).
rm -rf "${TMPDIR}"/*
unset SESSION_MANAGER
configure_default_incoming_protocol
......
http://torbrowser-archive.tails.boum.org/7.0.1-build1/
http://torbrowser-archive.tails.boum.org/7.0.4-build1/
35485eab1ece23e94de979e3a8f482d6c4ab5c1a4f4d249e317adac163559d32 tor-browser-linux64-7.0.1_ar.tar.xz
1a76ca4cc9c12eb5ff0137738513d03e07f7b741d9ba5874b299107c48d11c70 tor-browser-linux64-7.0.1_de.tar.xz
3aea998ea4aef7ead51bed9a9e9b767f447ce5eb0fd81f7b2009e974e3aca752 tor-browser-linux64-7.0.1_en-US.tar.xz
ce0f974c28b6131e2dfa51d3d669346fea575a65cde4a3245582d5cf686e7091 tor-browser-linux64-7.0.1_es-ES.tar.xz
da5e58f68d04b508a0867048eb239a659dcbcfd119a2bc17f8b2eac1165aea1c tor-browser-linux64-7.0.1_fa.tar.xz
f52a014e7f81597b59b37ff660b29679989c0b6fcb80f89403d6b495ec1e2621 tor-browser-linux64-7.0.1_fr.tar.xz
1c715ce4fb21979d33d520a31a697729e4a6028d2f29a5294569300819af92a4 tor-browser-linux64-7.0.1_it.tar.xz
a74174a4dbf986e5814ade67fd48e326bf27a5f56d9daee49d208b3a85069cb4 tor-browser-linux64-7.0.1_ja.tar.xz
5d04e1e043a57950728d78187f1ca658e87b744b603b4abb4378447420a508ee tor-browser-linux64-7.0.1_ko.tar.xz
b69bc518cb11dec13d3ea110896139316d4d40a4eebc379430819debf1d99c32 tor-browser-linux64-7.0.1_nl.tar.xz
fcc2100b1889d37d4e0c980aa2ab428cdb2b7709cd89445ef07dcba970b1e2ed tor-browser-linux64-7.0.1_pl.tar.xz
b738e6e3d92d86f5d3257032de3623815d361b769439e86c9c613f9932db9701 tor-browser-linux64-7.0.1_pt-BR.tar.xz
1a581dc787feaa438af867bda8351a1fcd25eb587e4718088120a150afd42e30 tor-browser-linux64-7.0.1_ru.tar.xz
6fce1fb085ec57ad87d6fc906a7983cb280c636f08811ed6178ea3ae317bc14c tor-browser-linux64-7.0.1_tr.tar.xz
2feb7cf3b0cd0126c52ef0dbbc542080ccec3937959cf89c43141be60797240a tor-browser-linux64-7.0.1_vi.tar.xz
7e7734296ae0cd36c3a9a42c55e9c037e7e9858431837b7a21c2e39e233e0101 tor-browser-linux64-7.0.1_zh-CN.tar.xz
5ea01a667f0c11e0dc94da77ee83e8c97589ac128f0204f086e37313f48f1f8f tor-browser-linux64-7.0.4_ar.tar.xz
befcdc8a1744844053bdc91a046eedcdfda94dd5abcc4457fc947cef171d38ed tor-browser-linux64-7.0.4_de.tar.xz
7d09fdf1dad4657de16556deecf497253f8564bdbe85a9e7fa00f97bb6351f9e tor-browser-linux64-7.0.4_en-US.tar.xz
78dd846f169b6c77ebdc14dd2ea651b7d48b8809eda99f5bc0d1ac93365e5747 tor-browser-linux64-7.0.4_es-ES.tar.xz
3e6ff11238cb55dd0288d8ab3e1d0c23dc292a002deee5d77f8e38d55858d1bd tor-browser-linux64-7.0.4_fa.tar.xz
96df00deb39ca005ab213b163bb1a7b3bea4250830efa2eeeafedde1d7d843fb tor-browser-linux64-7.0.4_fr.tar.xz
da35fb87b404bfcb0ba99c9dd946db66e2d74715bbf94d3acd66d678fad61191 tor-browser-linux64-7.0.4_it.tar.xz
f62e349ecd9d739ecf2f33418c3470e6e1e36cdc4290ee5a8231db3cffbf3092 tor-browser-linux64-7.0.4_ja.tar.xz
7b91f34f4390c60a91b23649769db40108cd8c93f20e6b61c5ace4419df5dda7 tor-browser-linux64-7.0.4_ko.tar.xz
a87cd08144d7ac49358e7c224e315728ef94b0b4643650965a6cca4d7344981f tor-browser-linux64-7.0.4_nl.tar.xz
8b78759c3da600aa194f01797df3cbed6c9bd273ccd01ea31f2655c76c164852 tor-browser-linux64-7.0.4_pl.tar.xz
ca372a192804284b893bd24311f157178cd1f1b4b5698bf1e6bbfe38274567c9 tor-browser-linux64-7.0.4_pt-BR.tar.xz
48a9091afc8419d1349035e741c56794a0aca781e396aae15f924252af0c4d14 tor-browser-linux64-7.0.4_ru.tar.xz
250d2ea1b24770a2729ecfa3f1750e49020a114bce7ceae5e8ccb8e40e9606d6 tor-browser-linux64-7.0.4_tr.tar.xz
80d2ac7fc9a6ea1cc21fe0276e36f901bcf3fd26ae45f39e8ff88e2ece6439bf tor-browser-linux64-7.0.4_vi.tar.xz
2633037a243bb02b14c7b8b28f145244f741fc4a87efe85edeb6a983cfc041bc tor-browser-linux64-7.0.4_zh-CN.tar.xz
tails (3.1) unstable; urgency=medium
* Security fixes
- Upgrade Tor Browser to 7.0.4-build1 (Closes: #13577).
- Upgrade Linux to 4.9.30-2+deb9u3.
- Upgrade libtiff to 4.0.8-2+deb9u1.
- Upgrade bind9 to 1:9.10.3.dfsg.P4-12.3+deb9u2.
- Upgrate evince to 3.22.1-3+deb9u1.
- Upgrade imagemagick 8:6.9.7.4+dfsg-11+deb9u1.
- Ensure Thunderbird cleans its temporary directory. (Closes: #13340).
* Minor improvements
- Patch gconf to produce reproducible XML output (refs: #12738). This is
the temporary solution for #12738 in Tails 3.1 which will be reverted
(and fixed permanently by removing gconf) in Tails 3.2.
- Apply Debian bts patch to cracklib to produce reproducible dictionnaries
(Closes: #12909).
- Upgrade to Debian 9.1 (Closes: #13178).
* Bugfixes
- Replace faulty URL in htpdate neutral pool (Closes: #13472).
- Keep installing a version of Enigmail compatible with Thunderbird 45.x
(Closes: #13530).
- Fix the time syncing and Tor notifications translations (Closes: #13437).
* Build system
- Upgrade the Vagrant basebox for building ISO images to Stretch
(Closes: #11738).
- Fix on-disk build by bumping Vagrant build VM memory to 768M
(Closes: #13480).
- Fix rescue build option by exporting TAILS_BUILD_FAILURE_RESCUE
(Closes: #13476).
* Test suite
- mark gnome screenshot scenario as fragile (refs: #13458)
- mark UEFI scenario as fragile (refs: #13459).
-- Tails developers <tails@boum.org> Sat, 05 Aug 2017 15:25:51 +0200
tails (3.0.1) unstable; urgency=medium
* Security fixes
......
@product
Feature: GNOME is well-integrated into Tails
#13458
@fragile
Scenario: A screenshot is taken when the PRINTSCREEN key is pressed
Given I have started Tails from DVD without network and logged in
And I wait 10 seconds
......
......@@ -48,6 +48,8 @@ Feature: Installing Tails to a USB drive
And the persistent Tor Browser directory does not exist
And there is no persistence partition on USB drive "__internal"
#13459
@fragile
Scenario: Booting Tails from a USB drive in UEFI mode
Given I have started Tails without network from a USB drive without a persistent partition and stopped at Tails Greeter's login screen
Then I power off the computer
......
......@@ -236,7 +236,7 @@ po_slave_languages:
#
# When updating this list, refer to the checklist in
# https://tails.boum.org/contribute/how/website/po_translatable_pages/
po_translatable_pages: '!security/audits and !security/audits/* and !news/report_2* and !news/version_0* and !news/version_1* and !news/test_0* and !news/test_1* and !news/test_*alpha? and !news/test_*-beta? and !news/test_*-rc? and !security/Numerous_security_holes_in_0* and !security/Numerous_security_holes_in_1* and (about or about/* or bugs or chat or contribute or doc or doc/* or donate or donate/* or download or download.inline or getting_started or home or inc/stable_amd64_release_notes or index or news or news/* or press or security or security/* or sidebar or support or support/* or torrents or misc or misc/* or install or install/* or upgrade or upgrade/*)'
po_translatable_pages: '!security/audits and !security/audits/* and !news/report_2* and !news/version_0* and !news/version_1* and !news/test_0* and !news/test_1* and !news/test_*alpha? and !news/test_*-beta? and !news/test_*-rc? and !security/Numerous_security_holes_in_0* and !security/Numerous_security_holes_in_1* and (about or about/* or bugs or chat or contribute or doc or doc/* or donate or donate/* or download or download.inline or getting_started or home or index or news or news/* or press or security or security/* or sidebar or support or support/* or torrents or misc or misc/* or install or install/* or upgrade or upgrade/*)'
# internal linking behavior (default/current/negotiated)
po_link_to: current
......
......@@ -213,7 +213,7 @@ po_slave_languages:
#
# When updating this list, refer to the checklist in
# https://tails.boum.org/contribute/how/website/po_translatable_pages/
po_translatable_pages: '!security/audits and !security/audits/* and !news/report_2* and !news/version_0* and !news/version_1* and !news/test_0* and !news/test_1* and !news/test_*alpha? and !news/test_*-beta? and !news/test_*-rc? and !security/Numerous_security_holes_in_0* and !security/Numerous_security_holes_in_1* and (about or about/* or bugs or chat or contribute or doc or doc/* or donate or donate/* or download or download.inline or getting_started or home or inc/stable_amd64_release_notes or index or news or news/* or press or security or security/* or sidebar or support or support/* or torrents or misc or misc/* or install or install/* or upgrade or upgrade/*)'
po_translatable_pages: '!security/audits and !security/audits/* and !news/report_2* and !news/version_0* and !news/version_1* and !news/test_0* and !news/test_1* and !news/test_*alpha? and !news/test_*-beta? and !news/test_*-rc? and !security/Numerous_security_holes_in_0* and !security/Numerous_security_holes_in_1* and (about or about/* or bugs or chat or contribute or doc or doc/* or donate or donate/* or download or download.inline or getting_started or home or index or news or news/* or press or security or security/* or sidebar or support or support/* or torrents or misc or misc/* or install or install/* or upgrade or upgrade/*)'
# internal linking behavior (default/current/negotiated)
po_link_to: current
......
......@@ -17,7 +17,7 @@ msgstr ""
"Project-Id-Version: The Tor Project\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2017-06-05 11:57+0200\n"
"PO-Revision-Date: 2017-05-26 14:47+0000\n"
"PO-Revision-Date: 2017-07-14 15:30+0000\n"
"Last-Translator: carolyn <carolyn@anhalt.org>\n"
"Language-Team: Indonesian (http://www.transifex.com/otf/torproject/language/"
"id/)\n"
......
......@@ -14,7 +14,7 @@ msgstr ""
"Project-Id-Version: The Tor Project\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2017-06-05 11:57+0200\n"
"PO-Revision-Date: 2017-05-26 14:47+0000\n"
"PO-Revision-Date: 2017-07-15 05:33+0000\n"
"Last-Translator: carolyn <carolyn@anhalt.org>\n"
"Language-Team: Korean (http://www.transifex.com/otf/torproject/language/"
"ko/)\n"
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment