Commit 669d3c01 authored by anonym's avatar anonym
Browse files

Merge branch 'master' into stable

parents 3199e60d 74c82645

Too many changes to show.

To preserve performance only 1000 of 1000+ files are displayed.
......@@ -63,6 +63,8 @@ chmod go+rX config/chroot_local-includes/home
chmod go+rX config/chroot_local-includes/lib
chmod go+rX config/chroot_local-includes/lib/live
chmod -R go+rx config/chroot_local-includes/lib/live/config
chmod go+rX config/chroot_local-includes/lib/live/mount
chmod -R go+rX config/chroot_local-includes/lib/systemd
chmod go+rX config/chroot_local-includes/live
chmod -R go+rX config/chroot_local-includes/usr
chmod -R go+rx config/chroot_local-includes/usr/local/bin
......
......@@ -20,7 +20,7 @@ export LB_BOOTSTRAP_INCLUDE='eatmydata'
RUN_LB_CONFIG="lb config noauto"
# init config/ with defaults for the target distribution
$RUN_LB_CONFIG --distribution wheezy ${@}
$RUN_LB_CONFIG --distribution jessie ${@}
# set Amnesia's general options
$RUN_LB_CONFIG \
......
......@@ -13,7 +13,7 @@
# Base for the string that will be passed to "lb config --bootappend-live"
# FIXME: see [[bugs/sdmem_on_eject_broken_for_CD]] for explanation why we
# need to set block.events_dfl_poll_msecs
AMNESIA_APPEND="live-media=removable apparmor=1 security=apparmor nopersistent noprompt timezone=Etc/UTC block.events_dfl_poll_msecs=1000 splash noautologin module=Tails"
AMNESIA_APPEND="live-media=removable apparmor=1 security=apparmor nopersistence noprompt timezone=Etc/UTC block.events_dfl_poll_msecs=1000 splash noautologin module=Tails"
# Options passed to isohybrid
AMNESIA_ISOHYBRID_OPTS="-h 255 -s 63"
......
......@@ -56,5 +56,5 @@ sed -i -e '/^include stdmenu\.cfg/a include tails.cfg' "${CFG_FILE}"
# no need to use absolute paths to find splash images
sed -e 's,/isolinux/,,' -i "${SYSLINUX_PATH}/stdmenu.cfg"
# remove useless files that break incremental upgrades on Wheezy
# remove useless files that break incremental upgrades
rm "${SYSLINUX_PATH}"/{exithelp,prompt}.cfg
This diff is collapsed.
Package: aircrack-ng
Pin: release o=Debian Backports,n=wheezy-backports
Pin-Priority: 999
Package: amd64-microcode
Pin: release o=Debian Backports,n=wheezy-backports
Package: apparmor-profiles-extra
Pin: release o=Debian Backports,n=jessie-backports
Pin-Priority: 999
Package: b43-fwcutter
Pin: release o=Debian,a=unstable
Pin-Priority: 999
Package: bilibop-common
Pin: release o=Debian Backports,n=wheezy-backports
Pin-Priority: 999
Package: bilibop-udev
Pin: release o=Debian Backports,n=wheezy-backports
Pin-Priority: 999
Package: cryptsetup
Pin: release o=Debian Backports,n=wheezy-backports
Pin-Priority: 999
Package: cryptsetup-bin
Pin: release o=Debian Backports,n=wheezy-backports
Pin-Priority: 999
Package: eatmydata
Pin: release o=Debian Backports,n=wheezy-backports
Pin-Priority: 999
Package: libeatmydata1
Pin: release o=Debian Backports,n=wheezy-backports
Pin-Priority: 999
Package: florence
Pin: release o=Debian Backports,n=wheezy-backports
Pin-Priority: 999
Package: gnupg-agent
Pin: release o=Debian Backports,n=wheezy-backports
Pin-Priority: 999
Package: gnupg2
Pin: release o=Debian Backports,n=wheezy-backports
Pin-Priority: 999
Package: hopenpgp-tools
Pin: release o=Debian,n=jessie
Pin-Priority: 999
Package: iproute2
Pin: origin o=Debian Backports,n=wheezy-backports
Pin-Priority: -1
Package: libffi6
Pin: release o=Debian,n=jessie
Pin-Priority: 999
Package: poedit
Pin: release o=Debian Backports,n=wheezy-backports
Package: electrum
Pin: release o=Debian,n=stretch
Pin-Priority: 999
Package: firmware-amd-graphics
......@@ -118,32 +66,8 @@ Package: firmware-zd1211
Pin: release o=Debian,a=unstable
Pin-Priority: 999
Package: initramfs-tools
Pin: release o=Debian Backports,n=wheezy-backports
Pin-Priority: 999
Package: intel-microcode
Pin: release o=Debian Backports,n=wheezy-backports
Pin-Priority: 999
Package: iucode-tool
Pin: release o=Debian Backports,n=wheezy-backports
Pin-Priority: 999
Package: keyringer
Pin: release o=Debian,n=jessie
Pin-Priority: 999
Package: libcryptsetup4
Pin: release o=Debian Backports,n=wheezy-backports
Pin-Priority: 999
Package: libestr0
Pin: release o=Debian Backports,n=wheezy-backports
Pin-Priority: 999
Package: libotr5
Pin: release o=Debian Backports,n=wheezy-backports
Package: libnet-dbus-perl
Pin: release o=Debian Backports,n=jessie-backports
Pin-Priority: 999
Package: linux-base
......@@ -210,84 +134,28 @@ Package: linux-kbuild-3.16
Pin: release o=Debian,n=jessie
Pin-Priority: 999
Package: mat
Pin: release o=Debian Backports,n=wheezy-backports
Pin-Priority: 999
Package: monkeysign
Pin: release o=Debian Backports,n=wheezy-backports
Pin-Priority: 999
Package: obfs4proxy
Pin: release o=TorProject,n=obfs4proxy
Pin-Priority: 990
Package: pidgin-otr
Pin: release o=Debian Backports,n=wheezy-backports
Pin-Priority: 999
Package: python-six
Pin: release o=Debian Backports,n=wheezy-backports
Pin-Priority: 999
Package: python-slowaes
Pin: release o=Debian Backports,n=wheezy-backports
Pin-Priority: 999
Package: python-ecdsa
Pin: release o=Debian Backports,n=wheezy-backports
Pin-Priority: 999
Package: python-qrcode
Pin: release o=Debian Backports,n=wheezy-backports
Pin-Priority: 999
Package: python-requests
Pin: release o=Debian Backports,n=wheezy-backports
Pin-Priority: 999
Package: python-urllib3
Pin: release o=Debian Backports,n=wheezy-backports
Pin-Priority: 999
Package: python-pbkdf2
Pin: release o=Debian,n=jessie
Pin-Priority: 999
Package: rsyslog
Pin: release o=Debian Backports,n=wheezy-backports
Pin-Priority: 999
Package: scdaemon
Pin: release o=Debian Backports,n=wheezy-backports
Pin-Priority: 999
Package: seahorse-nautilus
Pin: release o=Debian Backports,n=wheezy-backports
Package: python-electrum
Pin: release o=Debian,n=stretch
Pin-Priority: 999
Package: shared-mime-info
Pin: release o=Debian Backports,n=wheezy-backports
Package: ttdnsd
Pin: release o=TorProject,a=unstable
Pin-Priority: 999
Package: torsocks
Pin: release o=Debian Backports,n=wheezy-backports
Pin-Priority: 999
Package: virtualbox-guest-dkms
Pin: release o=Debian Backports,n=wheezy-backports
Pin-Priority: 999
Package: virtualbox-guest-utils
Pin: release o=Debian Backports,n=wheezy-backports
Pin: release o=Debian Backports,n=jessie-backports
Pin-Priority: 999
Package: virtualbox-guest-x11
Pin: release o=Debian Backports,n=wheezy-backports
Package: xserver-xorg-video-intel
Pin: release o=Debian Backports,n=jessie-backports
Pin-Priority: 999
Package: ttdnsd
Pin: release o=TorProject,a=unstable
Package: xul-ext-torbirdy
Pin: release o=Debian Backports,n=jessie-backports
Pin-Priority: 999
Explanation: weirdness in chroot_apt install-binary
......@@ -299,25 +167,17 @@ Package: *
Pin: origin deb.tails.boum.org
Pin-Priority: 1005
Package: *
Pin: release o=Debian,n=wheezy-updates
Pin-Priority: 990
Package: *
Pin: release o=Debian,n=jessie-updates
Pin-Priority: 500
Package: *
Pin: release o=Debian,n=wheezy
Pin-Priority: 990
Package: *
Pin: release o=TorProject,n=wheezy
Pin: release o=Debian,n=jessie
Pin-Priority: 990
Package: *
Pin: release o=Debian Backports,n=wheezy-backports
Pin-Priority: 200
Pin: release o=TorProject,n=jessie
Pin-Priority: 990
Package: *
Pin: origin live.debian.net
......
#! /bin/sh
set -e
echo "Checking for .orig files"
DOT_ORIG_WHITELIST=$(cat <<EOF
/bin/hostname.orig
/etc/resolv.conf.orig
/lib/systemd/system/alsa-utils.service.orig
/sbin/start-stop-daemon.orig
EOF
)
DOT_ORIG_FILES=$(find / -type f -name *.orig | grep -v -F "$DOT_ORIG_WHITELIST" || :)
if [ -n "$DOT_ORIG_FILES" ]; then
echo "Some patches are fuzzy and leave .orig files around:" >&2
echo "$DOT_ORIG_FILES" >&2
exit 1
fi
#!/bin/sh
set -e
# Free the fixed GIDs and UIDs we're using.
echo "Change GIDs and UIDs"
TPS_GROUP_STEALER=$(getent group 122 | awk -F ':' '{print $1}')
if [ -n "$TPS_GROUP_STEALER" ]; then
groupmod --gid 150 "$TPS_GROUP_STEALER"
find / -wholename /proc -prune -o \( \! -type l -a -gid 122 -exec chgrp 150 '{}' \; \)
fi
TPS_USER_STEALER=$(getent passwd 115 | awk -F ':' '{print $1}')
if [ -n "$TPS_USER_STEALER" ]; then
usermod --uid 150 "$TPS_USER_STEALER"
find / -wholename /proc -prune -o \( \! -type l -a -gid 115 -exec chgrp 150 '{}' \; \)
fi
#!/bin/sh
set -e
echo "Disabling scanning of LVM devices at boot time"
# scanning for lvm devives takes time on boot
find /etc/rcS.d -name "S*lvm2" | xargs rm -f
#!/bin/sh
set -e
echo "Wrapping some applications with torsocks"
APPS="gobby-0.5 liferea seahorse"
DBUS_SERVICES="org.gnome.seahorse.Application"
for app in $APPS; do
sed -i'' --regexp-extended 's,^Exec=(.*),Exec=torsocks \1,' \
"/usr/share/applications/${app}.desktop"
done
for dbus_service in $DBUS_SERVICES; do
sed -i'' --regexp-extended 's,^Exec=(.*),Exec=torsocks \1,' \
"/usr/share/dbus-1/services/${dbus_service}.service"
done
# Redirect to existing wrapper
sed -i'' --regexp-extended 's,^Exec=/usr/bin/totem$,Exec=/usr/local/bin/totem,' \
"/usr/share/dbus-1/services/org.gnome.Totem.service"
......@@ -58,8 +58,8 @@ install_tor_browser() {
ln -s "${f}" "${prep}"/dictionaries/
done
# The libstdc++6 package in Wheezy is too old, so we need the
# bundled one.
# Let's use the libstdc++ that the Tor Browser is intended to be used with,
# instead of the system one.
cp "${prep}"/TorBrowser/Tor/libstdc++.so.6 "${prep}"
# We don't need the Tor binary, the shared libraries Tor needs
......
......@@ -22,9 +22,9 @@ BROWSER_LOCALIZATION_DIR="/usr/share/tails/browser-localization"
DESCRIPTIONS_FILE="${BROWSER_LOCALIZATION_DIR}/descriptions"
BRANDING_TEMPLATE_FILE="${BROWSER_LOCALIZATION_DIR}/amnesia.properties-template"
BRANDING_DIR="/usr/local/share/tor-browser-extensions/branding@amnesia.boum.org/"
NO_SPELLCHECKER_LOCALES="ko nl pl tr zh"
NO_SPELLCHECKER_LOCALES="ja ko nl pl tr zh"
apt-get install imagemagick
apt-get --yes install imagemagick
# Sanity check that each supported Tor Browser locale has a
# description for how to localize it further.
......
......@@ -6,5 +6,5 @@ echo "Generating Tor Browser profile"
set -e
/usr/local/bin/generate-tor-browser-profile
/usr/local/lib/generate-tor-browser-profile
mv ~/.tor-browser /etc/skel
......@@ -52,6 +52,7 @@ sed -i 's|^.*\(wrapper\.java\.additional\.6=-Djava\.net\.preferIPv6Addresses=\).
# * In-I2P Network Updates: Disabled
# * Inbound connections: Disabled (setting is "i2cp.ntcp.autoip")
# * Disable I2P plugins
# * Disable NTP
cat > "$I2P/router.config" << EOF
# NOTE: This I2P config file must use UTF-8 encoding
i2cp.disableInterface=true
......@@ -61,6 +62,7 @@ i2np.udp.ipv6=false
router.isHidden=true
router.updateDisabled=true
router.enablePlugins=false
time.disabled=true
EOF
cat > "$I2P/susimail.config" << EOF
......
#!/bin/sh
set -e
echo "Removing traces of the nameservers used when building"
rm /etc/resolvconf/resolv.conf.d/original
#!/bin/sh
set -e
echo "Setting GDM background"
# The gdm3 initscript updates /var/lib/gdm3/.gconf.mandatory/ at
# runtime from files in /usr/share/gdm/greeter-config/ => let's remove
# the file that deals with background pictures, so that tails-greeter
# gets the less flashy default background that's already used in the
# desktop session.
rm /usr/share/gdm/dconf/10-desktop-base-settings
#!/bin/sh
set -e
# Install Plymouth (in lb 2.x, the "standard" packages list pulls
# console-common in, which plymouth conflicts with, so we have to deal
# with that at this stage.)
echo "Installing Plymouth"
apt-get --yes purge console-common
apt-get --yes install plymouth
#!/bin/sh
set -eu
echo "Install a fake gnome-backgrounds package"
tmp="$(mktemp -d)"
apt-get install --yes equivs
REAL_PKG_VERSION=$(dpkg-query -W -f='${Version}\n' gnome-backgrounds)
FAKE_PKG_VERSION=${REAL_PKG_VERSION}+tails.fake1
cat > "${tmp}"/gnome-backgrounds.control << EOF
Section: gnome
Priority: optional
Homepage: https://tails.boum.org/
Standards-Version: 3.9.6
Package: gnome-backgrounds
Version: ${FAKE_PKG_VERSION}
Maintainer: Tails developers <amnesia@boum.org>
Architecture: all
Description: (Fake) gnome-backgrounds
Make it possible to install gnome-shell without having to
install a real gnome-backgrounds package.
EOF
(
cd "${tmp}"
equivs-build "${tmp}"/gnome-backgrounds.control
dpkg -i "${tmp}"/gnome-backgrounds_"${FAKE_PKG_VERSION}"_all.deb
)
rm -R "${tmp}"
#!/bin/sh
set -e
echo "Adding cpufreq modules to /etc/modules"
for module in acpi-cpufreq cpufreq_powersave dm-mod ; do
echo "${module}" >> /etc/modules
done
#!/bin/sh
set -e
echo "Configuring the console codeset to support more languages"
sed -i -e 's,^CODESET=.*$,CODESET="Uni1",' /etc/default/console-setup
#!/bin/sh
set -e
echo "Disabling unneeded D-Bus services"
SERVICES_DIR=/usr/share/dbus-1/services
[ -d "${SERVICES_DIR}" ] || exit 11
sed -i'' 's,^Exec=.*$,Exec=/bin/false,' \
"${SERVICES_DIR}"/org.gnome.evolution.dataserver.*.service \
"${SERVICES_DIR}"/org.gnome.Shell.CalendarServer.service \
"${SERVICES_DIR}"/org.freedesktop.Telepathy.AccountManager.service \
"${SERVICES_DIR}"/org.freedesktop.Telepathy.MissionControl5.service
#!/bin/sh
set -e
echo "Configuring htpdate HTTP User-Agent"
CONFFILE='/etc/default/htpdate.user-agent'
install -o root -g root -m 0644 /dev/null "$CONFFILE"
echo "HTTP_USER_AGENT=\"$(/usr/local/lib/getTorBrowserUserAgent)\"" \
> "$CONFFILE"
#!/bin/sh
set -e
echo "Tweaking laptop-mode-tools"
sed -i 's,^CONTROL_RUNTIME_AUTOSUSPEND=1$,CONTROL_RUNTIME_AUTOSUSPEND=0,' \
/etc/laptop-mode/conf.d/runtime-pm.conf
......@@ -9,40 +9,11 @@ if [ "$hw_arch" != i386 -a "$hw_arch" != amd64 ]; then
exit 0
fi
available_gcc_version=4.7
wanted_gcc_version=4.8
gcc_version=4.8
# the -dkms package must be installed *after* dkms to be properly registered
apt-get install --yes build-essential dkms dpatch
# temporary workaround: pretend the "wanted" GCC is available, so that
# the modules can build.
# /usr/src/linux-headers-3.*-common/scripts/gcc-version.sh
# is the one who says they should be run using that version.
apt-get install --yes gcc-${available_gcc_version}
# Create and install fake GCC package
apt-get install --yes equivs
cat > /root/gcc-${wanted_gcc_version}.control << EOF
Section: devel
Priority: optional
Homepage: https://tails.boum.org/
Standards-Version: 3.6.2
Package: gcc-${wanted_gcc_version}
Maintainer: Tails developers <amnesia@boum.org>
Architecture: all
Description: (Fake) GNU C compiler
Work around the fact that our Linux headers depend on gcc-${wanted_gcc_version},
which is unavailable on Wheezy.
EOF
cd /root ; equivs-build /root/gcc-${wanted_gcc_version}.control
dpkg -i gcc-${wanted_gcc_version}_1.0_all.deb
ln -sf /usr/bin/gcc-${available_gcc_version} /usr/bin/gcc-${wanted_gcc_version}
rm /root/gcc-${wanted_gcc_version}.control /root/gcc-${wanted_gcc_version}_1.0_all.deb
# Versions of the module prior to 4.2 do not built on 3.8 and later [Debian #704130].
# Install version from Wheezy backports.
apt-get install --yes gcc-${gcc_version}
apt-get install --yes virtualbox-guest-utils virtualbox-guest-dkms virtualbox-guest-x11
# Have the modules built for every installed kernel
......@@ -70,6 +41,3 @@ rm /var/lib/dpkg/info/virtualbox-guest-dkms.prerm
# Also copy the udev rules installed by virtualbox-guest-dkms to enable guest
# additions by default.
cp -a /lib/udev/rules.d/60-virtualbox-guest-dkms.rules /etc/udev/rules.d/
# remove temporary workaround
rm /usr/bin/gcc-${wanted_gcc_version}
#!/bin/sh
# XXX: This hook is only needed in Wheezy-based Tails to fix #9011 and
# should be removed once Tails is based on Jessie.
set -e
echo "Fune-tuning syndaemon"
SYNDAEMON_PATH="/usr/bin/syndaemon"
SYNDAEMON_ORIG_PATH="${SYNDAEMON_PATH}.distrib"
dpkg-divert --rename --add "${SYNDAEMON_PATH}"
[ -x "${SYNDAEMON_ORIG_PATH}" ] || exit 1
cat > "${SYNDAEMON_PATH}" <<EOF
#!/bin/sh
# Temporary workaround for #9011 while Tails is based on Wheezy.
if ! echo "\${@}" | grep -qw -- "-t"; then
set -- "\${@}" -t
fi