Commit 963de5e6 authored by anonym's avatar anonym
Browse files

Merge remote-tracking branch 'origin/web/release-4.10' into master

parents f4e6ff9e 5870bca0
......@@ -9,9 +9,7 @@ AllCops:
# Let's ignore this script until we start using it and maintaining
# the corresponding doc-source-relationships.yml
- 'bin/doc-impacted-by'
# XXX:Buster: bump to 2.5 once we require Buster to build Tails and to run our
# test suite
TargetRubyVersion: 2.3
TargetRubyVersion: 2.5
EnforcedHashRocketStyle: table
......@@ -23,7 +23,7 @@ AMNESIA_APPEND="live-media=removable nopersistence noprompt timezone=Etc/UTC blo
AMNESIA_ISOHYBRID_OPTS="-h 255 -s 63 --id 42 --verbose"
# Kernel version
| perl -p -E 's{\A (\d+ [.] \d+) [.] .*}{$1}xms'
This diff is collapsed.
......@@ -7,8 +7,23 @@ Pin: release o=Debian,n=sid
Pin-Priority: 999
Explanation: unavailable in Buster
Package: electrum python3-electrum python3-aiohttp-socks python3-aiorpcx
Pin: release o=Debian,n=sid
Package: electrum python3-electrum python3-aiohttp-socks python3-aiorpcx python3-ecdsa
Pin: release o=Debian,n=bullseye
Pin-Priority: 999
Explanation: Electrum needs a version newer than the one in Buster
Package: python3-attr python3-protobuf libprotobuf23
Pin: release o=Debian,n=buster-backports
Pin-Priority: 990
Explanation: Electrum 4.0.2 and recent TREZOR firmware need 0.12
Package: python3-trezor trezor
Pin: release o=Debian,n=bullseye
Pin-Priority: 999
Explanation: python3-trezor needs a version newer than the one in Buster
Package: python3-usb1
Pin: release o=Debian,n=bullseye
Pin-Priority: 999
Package: firmware-b43-installer
# Note: ATTR{type}=="1" means ethernet (ARPHDR_ETHER, see Linux'
# sources, beginning of include/linux/if_arp.h)
# Disable MAC spoofing for the following devices
# iPhone tethering ethernet over USB
SUBSYSTEM=="net", ACTION=="add", ATTR{type}=="1", DRIVERS=="ipheth", GOTO="mac_spoof_ignore"
# Perform MAC spoofing otherwise
SUBSYSTEM=="net", ACTION=="add", ATTR{type}=="1", RUN+="/usr/local/lib/tails-spoof-mac $name"
SUBSYSTEM=="net", ACTION=="add", ATTR{type}=="1", GOTO="mac_spoof_end"
SUBSYSTEM=="net", ACTION=="add", ATTR{type}=="1", RUN+="/usr/bin/logger -t spoof-mac \"MAC spoofing discarded by udev rule for $name ($driver)\""
......@@ -104,3 +104,6 @@ pref("extensions.enigmail.agentAdditionalParam", "--no-emit-version --no-comment
// Force GnuPG to use SHA512.
pref("extensions.enigmail.mimeHashAlgorithm", 5);
// Hide welcome message, which is not relevant in the context of Tails
pref("mailnews.start_page.enabled", false);
......@@ -35,7 +35,7 @@ def main(*args):
# Disable update checking for all users (even those who made their config
# persistent before we changed this value in the default config), because
# users can't easily update to a new version anyway if it's not in Debian.['/usr/bin/electrum', 'setconfig', 'check_updates', 'false'], check=True, stdout=subprocess.DEVNULL)['/usr/bin/electrum', '--offline', 'setconfig', 'check_updates', 'false'], check=True, stdout=subprocess.DEVNULL)
os.execv('/usr/bin/electrum', ['/usr/bin/electrum'] + list(args))
......@@ -10,10 +10,6 @@ set -x
thunderbird_config_is_persistent() {
[ "$(findmnt --noheadings --output SOURCE --target "${THUNDERBIRD_CONFIG_DIR}")" = "/dev/mapper/TailsData_unlocked[/thunderbird]" ]
configure_locale() {
# Thunderbird will set the locale based on the environment when
# this pref is empty, but will then save the result to this pref
......@@ -33,25 +29,10 @@ disable_autocrypt() {
configure_default_incoming_protocol() {
# For extensions.torbirdy.defaultprotocol, POP = 0, IMAP = 1
local default_protocol
if thunderbird_config_is_persistent; then
set_mozilla_pref "${PROFILE}/prefs.js" \
"extensions.torbirdy.defaultprotocol" \
"${default_protocol}" \
reconfigure_profile() {
mkdir -p "${PROFILE}"
# Suppress Enigmail's configuration wizard by pretending that the current
# version was already configured. Only do this on first run though:
648931503b886d687828df9730aa284b7c18303682cc82f06c9da4a734c81bcf tor-browser-linux64-9.5.3_en-US.tar.xz
537063d595009efee225a9dce43b1625f2dc055cc650eef5bfedff75ca154e22 langpacks-tor-browser-linux64-9.5.3.tar.xz
5d6d81db04e0a8c536c3d5e13c935c52318bac7ca44089e031c1bf7c54d66f4e tor-browser-linux64-9.5.4_en-US.tar.xz
1f9634a27f2c18cbe3e7a354713e201df2e558bdfef4a5ed028552b075cd87b7 langpacks-tor-browser-linux64-9.5.4.tar.xz
--- a/usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/ 2019-07-07 21:57:21.000000000 +0000
+++ b/usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/ 2019-07-08 10:21:49.658415914 +0000
@@ -69,7 +69,7 @@
@@ -84,7 +84,7 @@
userSettings: {
advancedUserEnabled: false,
alwaysDetachLogger: true,
......@@ -384,6 +384,9 @@ xdotool
# Electrum 4.0.2-0.1 needs one of pycryptodomex and cryptography
# onion-grater
\ No newline at end of file
deb buster-backports main contrib non-free
tails (4.10) unstable; urgency=medium
* Security fixes
- Upgrade Tor Browser to 9.5.4-build1 (Closes: #17885).
- Upgrade Linux kernel to 5.7.0-2 at 5.7.10-1 (Closes: #17841,
* Bugfixes
- Make iPhone Tethering work by adding udev rule to disable MAC
spoofing for it (Closes: #17820).
- Remove broken Thunderbird protocol selection. This code has been
a no-op in practice since at least Tails 4.0. We've decided to
reject #17276 and investigate what the biggest problems are for
email in Tails with slow/shitty Internet connections:
default'ing to IMAP may, or may not, be part of these
problems (Closes #17276).
* Minor improvements and updates
- Upgrade to Tor (Closes: #17835).
- Upgrade to Electrum 4.0.2 (Closes: #17828).
- Hide Thunderbird welcome message: it is not relevant in the
context of Tails. For example, it feels weird that we would
encourage users to donate to Thunderbird about as loudly as we
encourage them to donate to Tails. Besides, the default message
is retrieved from the web when Thunderbird starts. We don't
need this extra network activity.
- import-translations: use *_release branches instead of
*_completed branches. The new *_release branches contain exactly
what we want, i.e. all reviewed translations from
Transifex. While the *_completed branches only contain PO files
for languages that are fully translated (Closes: #16774).
* Build system
- Upgrade snapshot of the Debian archive to 2020081601, including
the 10.5 point release of Debian Buster (Closes: #17790).
- On Bullseye and newer: use custom, fake, unversioned python
packages. The unversioned python packages are not shipped in
Bullseye/sid anymore, and even old versions are not installable
anymore (Closes: #17858).
- Import vagrant-libvirt's script. It's not included
in vagrant-libvirt 0.1.2-1 anymore (Closes: #17872).
* Test suite
- Improve robustness for scenario "The Additional Software dpkg
hook notices when persistence is locked down while installing a
- Improve robustness for scenario "Use GNOME Disks to unlock a USB
drive that has a basic VeraCrypt volume with a keyfile".
- Improve robustness of cloning a Git repository.
- Don't hammer resources of the system under test while
installing/removing packages. I see every such dpkg|grep call
takes about 0.3 seconds on lizard, i.e. 30% of the 1 second
default delay between checks, which I suspect is enough to slow
down the package installation/removal we're exercising.
- Update expected title of the GitLab page we use
- Rubocop: target Ruby 2.5 (Buster).
-- Tails developers <> Mon, 24 Aug 2020 13:28:43 +0200
tails (4.9) unstable; urgency=medium
* Security fixes
......@@ -148,7 +148,7 @@ end
Then /^the Additional Software dpkg hook has been run for package "([^"]*)" and notices the persistence is locked$/ do |package|
asp_logs = "#{ASP_STATE_DIR}/log"
try_for(120) do
try_for(180, delay: 2) do
"grep -E '^.*New\spackages\smanually\sinstalled:\s.*#{package}.*$' " \
......@@ -56,7 +56,7 @@ When /^I update APT using apt$/ do
def wait_for_package_installation(package)
try_for(2 * 60) do
try_for(2 * 60, delay: 3) do
$vm.execute_successfully("dpkg -s '#{package}' 2>/dev/null " \
"| grep -qs '^Status:.*installed$'")
......@@ -81,7 +81,7 @@ Then /^I install "(.+)" using apt$/ do |package|
def wait_for_package_removal(package)
try_for(3 * 60) do
try_for(3 * 60, delay: 3) do
# Once purged, a package is removed from the installed package status
# database and "dpkg -s" returns a non-zero exit code
!$vm.execute("dpkg -s #{package}").success?
......@@ -491,7 +491,7 @@ Given /^the Tor Browser loads the (startup page|Tails homepage|Tails GitLab)$/ d
when 'Tails homepage'
titles = ['Tails']
when 'Tails GitLab'
titles = ['tails · GitLab']
titles = ['Groups · tails · GitLab']
raise "Unsupported page: #{page}"
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment