Merge branch 'devel' into wheezy

Conflicts:
	config/chroot_apt/preferences
	config/chroot_local-hooks/10-install_backported_xorg
	config/chroot_local-hooks/10-install_iceweasel_localization
	config/chroot_local-hooks/16-i2p_config
	config/chroot_local-hooks/50-virtualbox
	config/chroot_local-packages/liveusb-creator_3.11.6-2_all.deb
	config/chroot_local-packageslists/tails-common.list

Rakefile

+# -*- coding: utf-8 -*-
 # -*- mode: ruby -*-
 # vi: set ft=ruby :
 #
@@ -32,7 +33,7 @@ VAGRANT_PATH = File.expand_path('../vagrant', __FILE__)
 STABLE_BRANCH_NAMES = ['stable', 'testing']
 
 # Environment variables that will be exported to the build script
-EXPORTED_VARIABLES = ['http_proxy', 'MKSQUASHFS_OPTIONS', 'TAILS_RAM_BUILD', 'TAILS_CLEAN_BUILD']
+EXPORTED_VARIABLES = ['http_proxy', 'MKSQUASHFS_OPTIONS', 'TAILS_RAM_BUILD', 'TAILS_CLEAN_BUILD', 'TAILS_BOOTSTRAP_CACHE']
 
 # Let's save the http_proxy set before playing with it
 EXTERNAL_HTTP_PROXY = ENV['http_proxy']
@@ -54,6 +55,11 @@ def current_vm_cpus
   $1.to_i if info =~ /^cpus=(\d+)/
 end
 
+def vm_running?
+  env = Vagrant::Environment.new(:cwd => VAGRANT_PATH, :ui_class => Vagrant::UI::Basic)
+  env.primary_vm.state == :running
+end
+
 def enough_free_memory?
   return false unless RbConfig::CONFIG['host_os'] =~ /linux/i
 
@@ -65,9 +71,10 @@ def enough_free_memory?
   end
 end
 
-def stable_branch?
+def is_release?
   branch_name = `git name-rev --name-only HEAD`
-  STABLE_BRANCH_NAMES.include? branch_name
+  tag_name = `git describe --exact-match HEAD 2> /dev/null`
+  STABLE_BRANCH_NAMES.include? branch_name.chomp or tag_name.chomp.length > 0
 end
 
 def system_cpus
@@ -90,7 +97,10 @@ task :parse_build_options do
   options += 'vmproxy ' unless EXTERNAL_HTTP_PROXY
 
   # Default to fast compression on development branches
-  options += 'gzipcomp ' unless stable_branch?
+  options += 'gzipcomp ' unless is_release?
+
+  # Make sure release builds are clean
+  options += 'cleanall ' if is_release?
 
   # Default to the number of system CPUs when we can figure it out
   cpus = system_cpus
@@ -101,10 +111,17 @@ task :parse_build_options do
     case opt
     # Memory build settings
     when 'ram'
-      abort "Not enough free memory to do an in-memory build. Aborting." unless enough_free_memory?
+      unless vm_running? || enough_free_memory?
+        abort "Not enough free memory to do an in-memory build. Aborting."
+      end
       ENV['TAILS_RAM_BUILD'] = '1'
     when 'noram'
       ENV['TAILS_RAM_BUILD'] = nil
+    # Bootstrap cache settings
+    when 'cache'
+      ENV['TAILS_BOOTSTRAP_CACHE'] = '1'
+    when 'nocache'
+      ENV['TAILS_BOOTSTRAP_CACHE'] = nil
     # HTTP proxy settings
     when 'extproxy'
       abort "No HTTP proxy set, but one is required by TAILS_BUILD_OPTIONS. Aborting." unless EXTERNAL_HTTP_PROXY
@@ -213,7 +230,7 @@ namespace :vm do
         so the process might take some time.
 
         Please remember to shut the virtual machine down once your work on
-        Tails in done:
+        Tails is done:
 
             $ rake vm:halt
 
@@ -222,7 +239,7 @@ namespace :vm do
       $stderr.puts <<-END_OF_MESSAGE.gsub(/^      /, '')
 
         Starting Tails builder virtual machine. This might take a short while.
-        Please remember to shut it down once your work on Tails in done:
+        Please remember to shut it down once your work on Tails is done:
 
             $ rake vm:halt
 

auto/config

@@ -34,18 +34,20 @@ $RUN_LB_CONFIG \
    --iso-volume="TAILS ${AMNESIA_FULL_VERSION}" \
    --memtest none \
    --packages-lists="standard" \
+   --tasks="standard" \
+   --linux-packages="linux-image-3.2.0-4" \
    --syslinux-menu vesamenu \
    --syslinux-splash data/splash.png \
    --syslinux-timeout 4 \
    --initramfs=live-boot \
    ${@}
 
-# build i386 images on amd64 as well, include only 686 kernel
+# build i386 images on amd64 as well, include a bunch of kernels
 hw_arch="`dpkg --print-architecture`"
 if [ "$hw_arch" = i386 -o "$hw_arch" = amd64 ]; then
    $RUN_LB_CONFIG \
       --architecture i386 \
-      --linux-flavours 486 \
+      --linux-flavours "486 686-pae" \
       ${@}
 # build powerpc images on powerpc64 as well, include only powerpc kernel
 elif [ "$hw_arch" = powerpc -o "$hw_arch" = powerpc64 ]; then
@@ -70,6 +72,11 @@ if git rev-list HEAD 2>&1 >/dev/null; then
 fi
 echo "live-build: `dpkg-query -W -f='${Version}\n' live-build`" \
    >> config/chroot_local-includes/etc/amnesia/version
+# os-release
+cat >> config/chroot_local-includes/etc/os-release <<EOF
+TAILS_PRODUCT_NAME="Tails"
+TAILS_VERSION_ID="$AMNESIA_VERSION"
+EOF
 
 # changelog
 cp debian/changelog config/chroot_local-includes/usr/share/doc/amnesia/Changelog
@@ -80,3 +87,6 @@ if [ -e config/binary_rootfs/squashfs.sort ]; then
     sort -k2 -n -r config/binary_rootfs/squashfs.sort |
         cut -d' ' -f1 > config/chroot_local-includes/usr/share/amnesia/readahead-list
 fi
+
+# custom APT sources
+tails-custom-apt-sources > config/chroot_sources/tails.chroot

auto/scripts/tails-custom-apt-sources

+#!/bin/sh
+
+set -e
+
+APT_MIRROR_URL="http://deb.tails.boum.org/"
+DEFAULT_COMPONENTS="main"
+
+git_tag_exists() {
+	local tag="$1"
+
+	test -f ".git/refs/tags/$tag"
+}
+
+version_was_released() {
+	local version="$1"
+
+	version="$(echo "$version" | tr '~' '-')"
+	git_tag_exists "$version"
+}
+
+version_in_changelog() {
+	dpkg-parsechangelog | awk '/^Version: / { print $2 }'
+}
+
+output_apt_binary_source() {
+	local suite="$1"
+	local components="${2:-$DEFAULT_COMPONENTS}"
+
+	echo "deb $APT_MIRROR_URL $suite $components"
+}
+
+current_branch() {
+	git branch | awk '/^\* / { print $2 }'
+}
+
+on_topic_branch() {
+	current_branch | grep -qE '^(feature|bug|bugfix)/'
+}
+
+branch_name_to_suite() {
+	local branch="$1"
+
+	echo "$branch" | sed -e 's,[^.a-z0-9-],-,ig'  | tr '[A-Z]' '[a-z]'
+}
+
+
+if version_was_released "$(version_in_changelog)"; then
+	output_apt_binary_source "$(branch_name_to_suite "$(version_in_changelog)")"
+elif [ "$(current_branch)" = "testing" ]; then
+	output_apt_binary_source testing
+elif [ "$(current_branch)" = "experimental" ]; then
+	output_apt_binary_source experimental
+else
+	output_apt_binary_source devel
+fi
+
+if on_topic_branch; then
+	output_apt_binary_source "$(branch_name_to_suite $(current_branch))"
+fi

config/amnesia

@@ -13,7 +13,7 @@
 # Base for the string that will be passed to "lb config --bootappend-live"
 # FIXME: see [[bugs/sdmem_on_eject_broken_for_CD]] for explanation why we
 # need to set block.events_dfl_poll_msecs
-AMNESIA_APPEND="live-media=removable nopersistent noprompt quiet timezone=Etc/UTC block.events_dfl_poll_msecs=1000 splash nox11autologin"
+AMNESIA_APPEND="live-media=removable nopersistent noprompt quiet timezone=Etc/UTC block.events_dfl_poll_msecs=1000 splash nox11autologin module=Tails"
 
 ### You should not have to change anything bellow this line ####################
 

config/binary_local-hooks/10-syslinux_customize

 #!/bin/bash
 
+set -e
+
 # Including common functions
 . "${LB_BASE:-/usr/share/live/build}"/scripts/build.sh
 
@@ -51,3 +53,5 @@ EOF
 
 sed -i -e '/^include stdmenu\.cfg/a include tails.cfg' "${CFG_FILE}"
 
+# no need to use absolute paths to find splash images
+sed -e 's,/isolinux/,,' -i "${SYSLINUX_PATH}/stdmenu.cfg"

config/binary_local-hooks/20-syslinux_detect_cpu

+#!/bin/bash
+
+# Including common functions
+. "${LB_BASE:-/usr/share/live/build}"/scripts/build.sh
+
+# Setting static variables
+DESCRIPTION="$(Echo 'adding CPU autodetection to the syslinux menu')"
+HELP=""
+USAGE="${PROGRAM}"
+
+# Reading configuration files
+Read_conffiles config/all config/bootstrap config/common config/binary
+Set_defaults
+
+# Safeguards
+if [ "${LB_BOOTLOADER}" != "syslinux" ]
+then
+	exit 0
+fi
+if [ "${LB_ARCHITECTURE}" != "i386" ]
+then
+	exit 0
+fi
+
+# Seems like we'll have work to do
+Echo_message "adding CPU autodetection to the syslinux menu"
+
+# Setting boot method specific variables
+case "${LB_BINARY_IMAGES}" in
+	iso|iso-hybrid)
+		SYSLINUX_PATH="binary/isolinux"
+		SYSLINUX_CFG="${SYSLINUX_PATH}/isolinux.cfg"
+		;;
+	usb-hdd)
+		SYSLINUX_PATH="binary/syslinux"
+		SYSLINUX_CFG="${SYSLINUX_PATH}/syslinux.cfg"
+		;;
+esac
+
+# Setting variables
+SYSLINUX_LIVE_CFG="${SYSLINUX_PATH}/live.cfg"
+SYSLINUX_MENU_CFG="${SYSLINUX_PATH}/menu.cfg"
+
+# Checking depends
+Check_package chroot/usr/bin/syslinux syslinux
+
+# Restoring cache
+Restore_cache cache/packages_binary
+
+# Installing depends
+Install_package
+
+# Copy necessary syslinux modules
+for module in ifcpu64.c32
+do
+	cp "chroot/usr/lib/syslinux/${module}" "${SYSLINUX_PATH}/"
+done
+
+# Saving cache
+Save_cache cache/packages_binary
+
+# Removing depends
+Remove_package
+
+# Replace syslinux.cfg with autodetection "code"
+cat > "${SYSLINUX_CFG}" <<EOF
+label select_menu
+       com32 ifcpu64.c32
+       append menu_686-pae -- menu_686-pae -- menu_486
+label menu_686-pae
+       kernel vesamenu.c32
+       append live686.cfg
+label menu_486
+       kernel vesamenu.c32
+       append live486.cfg
+default select_menu
+prompt 0
+EOF
+
+# Set a few variables in menu.cfg as loading vesamenu.c32 resets its
+# state to the defaults
+sed -i -e "1i prompt 0\ntimeout 40\n" "${SYSLINUX_MENU_CFG}"
+
+# Copy and adapt live.cfg for each kernel
+for arch in 486 686
+do
+	(
+		echo "include menu.cfg"
+
+		if [ $arch = 486 ]; then
+		   append=""
+		else
+		   append=2
+		fi
+		sed -e "s,/vmlinuz$,/vmlinuz${append}, ; s,initrd\.img,initrd${append}.img," "${SYSLINUX_LIVE_CFG}"
+	) | sed -n -e '/^label live-686-pae.*/ { q } ; p' \
+	  > "${SYSLINUX_PATH}/live${arch}.cfg"
+done
+
+# Don't load live.cfg from menu.cfg:
+# syslinux_cfg automatically loads arch-specific menus
+sed -i -e '/^include live\.cfg/d' "${SYSLINUX_MENU_CFG}"

config/chroot_apt/preferences

@@ -6,166 +6,158 @@ Package: live-config-sysvinit
 Pin: release o=Debian,a=unstable
 Pin-Priority: 999
 
-Package: firmware-atheros
-Pin: release o=Debian,a=unstable
-Pin-Priority: 999
-
-Package: firmware-b43-installer
-Pin: release o=Debian,a=unstable
-Pin-Priority: 999
-
-Package: firmware-b43legacy-installer
-Pin: release o=Debian,a=unstable
-Pin-Priority: 999
-
-Package: firmware-brcm80211
-Pin: release o=Debian,a=unstable
-Pin-Priority: 999
-
-Package: firmware-ipw2x00
-Pin: release o=Debian,a=unstable
-Pin-Priority: 999
-
-Package: firmware-iwlwifi
-Pin: release o=Debian,a=unstable
-Pin-Priority: 999
-
-Package: firmware-libertas
-Pin: release o=Debian,a=unstable
-Pin-Priority: 999
-
-Package: firmware-linux
-Pin: release o=Debian,a=unstable
-Pin-Priority: 999
-
-Package: firmware-linux-free
-Pin: release o=Debian,a=unstable
-Pin-Priority: 999
-
-Package: firmware-linux-nonfree
-Pin: release o=Debian,a=unstable
-Pin-Priority: 999
-
-Package: firmware-ralink
+Package: aircrack-ng
 Pin: release o=Debian,a=unstable
 Pin-Priority: 999
 
-Package: firmware-realtek
-Pin: release o=Debian,a=unstable
-Pin-Priority: 999
+Explanation: Unwanted package that tasksel would pull since they have Priority: standard.
+Package: apt-listchanges
+Pin: release o=Debian
+Pin-Priority: -1
 
-Package: zd1211-firmware
-Pin: release o=Debian,a=unstable
-Pin-Priority: 999
+Explanation: Unwanted package that tasksel would pull since they have Priority: standard.
+Package: at
+Pin: release o=Debian
+Pin-Priority: -1
 
-Package: initramfs-tools
-Pin: release o=Debian,a=unstable
-Pin-Priority: 999
+Explanation: Unwanted package that tasksel would pull since they have Priority: standard.
+Package: bsd-mailx
+Pin: release o=Debian
+Pin-Priority: -1
 
-Package: klibc-utils
-Pin: release o=Debian,a=unstable
-Pin-Priority: 999
+Explanation: Unwanted package that tasksel would pull since they have Priority: standard.
+Package: dc
+Pin: release o=Debian
+Pin-Priority: -1
 
-Package: libklibc
-Pin: release o=Debian,a=unstable
-Pin-Priority: 999
+Explanation: Unwanted package that tasksel would pull since they have Priority: standard.
+Package: debian-faq
+Pin: release o=Debian
+Pin-Priority: -1
 
-Package: linux-base
-Pin: release o=Debian,a=unstable
-Pin-Priority: 999
+Explanation: Unwanted package that tasksel would pull since they have Priority: standard.
+Package: doc-debian
+Pin: release o=Debian
+Pin-Priority: -1
 
-Package: linux-headers-486
-Pin: release o=Debian,a=unstable
-Pin-Priority: 999
+Explanation: Unwanted package that tasksel would pull since they have Priority: standard.
+Package: doc-linux-text
+Pin: release o=Debian
+Pin-Priority: -1
 
-Package: linux-headers-686-pae
-Pin: release o=Debian,a=unstable
-Pin-Priority: 999
+Explanation: Unwanted package that tasksel would pull since they have Priority: standard.
+Package: exim4
+Pin: release o=Debian
+Pin-Priority: -1
 
-Package: linux-headers-amd64
-Pin: release o=Debian,a=unstable
-Pin-Priority: 999
+Explanation: Unwanted package that tasksel would pull since they have Priority: standard.
+Package: exim4-base
+Pin: release o=Debian
+Pin-Priority: -1
 
-Package: linux-headers-2.6-common
-Pin: release o=Debian,a=unstable
-Pin-Priority: 999
+Explanation: Unwanted package that tasksel would pull since they have Priority: standard.
+Package: exim4-config
+Pin: release o=Debian
+Pin-Priority: -1
 
-Package: linux-headers-2.6-486
-Pin: release o=Debian,a=unstable
-Pin-Priority: 999
+Explanation: Unwanted package that tasksel would pull since they have Priority: standard.
+Package: exim4-daemon-light
+Pin: release o=Debian
+Pin-Priority: -1
 
-Package: linux-headers-2.6-686-pae
-Pin: release o=Debian,a=unstable
-Pin-Priority: 999
+Explanation: Unwanted package that tasksel would pull since they have Priority: standard.
+Package: ftp
+Pin: release o=Debian
+Pin-Priority: -1
 
-Package: linux-headers-2.6-amd64
-Pin: release o=Debian,a=unstable
-Pin-Priority: 999
+Explanation: Unwanted package that tasksel would pull since they have Priority: standard.
+Package: locales
+Pin: release o=Debian
+Pin-Priority: -1
 
-Package: linux-headers-3.2.0-3-common
-Pin: release o=Debian,a=unstable
-Pin-Priority: 999
+Explanation: Unwanted package that tasksel would pull since they have Priority: standard.
+Package: m4
+Pin: release o=Debian
+Pin-Priority: -1
 
-Package: linux-headers-3.2.0-3-486
-Pin: release o=Debian,a=unstable
-Pin-Priority: 999
+Explanation: Unwanted package that tasksel would pull since they have Priority: standard.
+Package: mlocate
+Pin: release o=Debian
+Pin-Priority: -1
 
-Package: linux-headers-3.2.0-3-686-pae
-Pin: release o=Debian,a=unstable
-Pin-Priority: 999
+Explanation: Unwanted package that tasksel would pull since they have Priority: standard.
+Package: ncurses-term
+Pin: release o=Debian
+Pin-Priority: -1
 
-Package: linux-headers-3.2.0-3-amd64
-Pin: release o=Debian,a=unstable
-Pin-Priority: 999
+Explanation: Unwanted package that tasksel would pull since they have Priority: standard.
+Package: nfs-common
+Pin: release o=Debian
+Pin-Priority: -1
 
-Package: linux-image-486
-Pin: release o=Debian,a=unstable
-Pin-Priority: 999
+Explanation: Unwanted package that tasksel would pull since they have Priority: standard.
+Package: portmap
+Pin: release o=Debian
+Pin-Priority: -1
 
-Package: linux-image-686-pae
-Pin: release o=Debian,a=unstable
-Pin-Priority: 999
+Explanation: Unwanted package that tasksel would pull since they have Priority: standard.
+Package: procmail
+Pin: release o=Debian
+Pin-Priority: -1
 
-Package: linux-image-amd64
-Pin: release o=Debian,a=unstable
-Pin-Priority: 999
+Explanation: Unwanted package that tasksel would pull since they have Priority: standard.
+Package: python-apt
+Pin: release o=Debian
+Pin-Priority: -1
 
-Package: linux-image-2.6-486
-Pin: release o=Debian,a=unstable
-Pin-Priority: 999
+Explanation: Unwanted package that tasksel would pull since they have Priority: standard.
+Package: python-reportbug
+Pin: release o=Debian
+Pin-Priority: -1
 
-Package: linux-image-2.6-686-pae
-Pin: release o=Debian,a=unstable
-Pin-Priority: 999
+Explanation: Unwanted package that tasksel would pull since they have Priority: standard.
+Package: reportbug
+Pin: release o=Debian
+Pin-Priority: -1
 
-Package: linux-image-2.6-amd64
-Pin: release o=Debian,a=unstable
-Pin-Priority: 999
+Explanation: Unwanted package that tasksel would pull since they have Priority: standard.
+Package: rpcbind
+Pin: release o=Debian
+Pin-Priority: -1
 
-Package: linux-image-3.2.0-3-486
-Pin: release o=Debian,a=unstable
-Pin-Priority: 999
+Explanation: Unwanted package that tasksel would pull since they have Priority: standard.
+Package: telnet
+Pin: release o=Debian
+Pin-Priority: -1
 
-Package: linux-image-3.2.0-3-686-pae
-Pin: release o=Debian,a=unstable
-Pin-Priority: 999
+Explanation: Unwanted package that tasksel would pull since they have Priority: standard.
+Package: texinfo
+Pin: release o=Debian
+Pin-Priority: -1
 
-Package: linux-image-3.2.0-3-amd64
-Pin: release o=Debian,a=unstable
-Pin-Priority: 999
+Explanation: Unwanted package that tasksel would pull since they have Priority: standard.
+Package: time
+Pin: release o=Debian
+Pin-Priority: -1
 
-Package: linux-kbuild-3.2
-Pin: release o=Debian,a=unstable
-Pin-Priority: 999
+Explanation: Unwanted package that tasksel would pull since they have Priority: standard.
+Package: w3m
+Pin: release o=Debian
+Pin-Priority: -1
 
-Package: aircrack-ng
-Pin: release o=Debian,a=unstable
-Pin-Priority: 999
+Explanation: Unwanted package that tasksel would pull since they have Priority: standard.
+Package: wamerican
+Pin: release o=Debian
+Pin-Priority: -1
 
 Explanation: weirdness in chroot_apt install-binary
 Package: *
 Pin: release o=chroot_local-packages
-Pin-Priority: 1001
+Pin-Priority: 1010
+
+Package: *
+Pin: origin deb.tails.boum.org
+Pin-Priority: 1005
 
 Package: *
 Pin: release o=Debian,n=wheezy-updates

config/chroot_local-hooks/02-loopback

 #! /bin/sh
 
+set -e
+
 echo "
 iface lo inet loopback" >>/etc/network/interfaces

config/chroot_local-hooks/04-nolvm

 #!/bin/sh
 
+set -e
+
 # scanning for lvm devives takes time on boot
 find /etc/rcS.d -name "S*lvm2" | xargs rm -f

config/chroot_local-hooks/05-disable_swapon

 #!/bin/sh
 
+set -e
+
 # Disable swapon to avoid initscripts to setup swap space.
 # Rationale: security-in-depth model.
 
-set -e
-
 SWAPON=/sbin/swapon
 
 # Move any /sbin/swapon installed by any package out of the way,

config/chroot_local-hooks/06-adduser_clearnet

 #!/bin/sh
 
+set -e
+
 # Create the clear user.
 #