Commit b91a85e4 authored by Ulrike Uhlig's avatar Ulrike Uhlig
Browse files

Merge branch 'master' of d53ykjpeekuikgoq.onion:tails

parents bb2e2a25 fc2ac23e
......@@ -370,7 +370,7 @@ task :setup_environment => ['validate_git_state'] do
end
end
ENV['BASE_BRANCH_GIT_COMMIT'] = git_helper('git_base_branch_head')
ENV['BASE_BRANCH_GIT_COMMIT'] ||= git_helper('git_base_branch_head')
['GIT_COMMIT', 'GIT_REF', 'BASE_BRANCH_GIT_COMMIT'].each do |var|
if ENV[var].empty?
raise "Variable '#{var}' is empty, which should not be possible: " +
......
......@@ -11,21 +11,21 @@ set -x
umask 022
### functions
### Clone all output, from this point on, to the log file
syslinux_utils_upstream_version () {
dpkg-query -W -f='${Version}\n' syslinux-utils | \
# drop epoch
sed -e 's,.*:,,' | \
# drop +dfsg and everything that follows
sed -e 's,\+dfsg.*,,'
}
BUILD_LOG="${BUILD_BASENAME}.buildlog"
exec > >(tee -a "$BUILD_LOG")
trap "kill -9 $! 2>/dev/null" EXIT HUP INT QUIT TERM
exec 2> >(tee -a "$BUILD_LOG" >&2)
trap "kill -9 $! 2>/dev/null" EXIT HUP INT QUIT TERM
### functions
print_iso_size () {
local isofile="$1"
[ -f "$isofile" ] || return 23
size=$(stat --printf='%s' "$isofile")
echo "The ISO is ${size} bytes large."
echo "I: The ISO is ${size} bytes large."
}
### Main
......@@ -100,13 +100,9 @@ DEBOOTSTRAP_GNUPG_HOMEDIR=$(mktemp -d)
gpg --homedir "$DEBOOTSTRAP_GNUPG_HOMEDIR" \
--no-tty \
--import config/chroot_sources/tails.chroot.gpg
if [ -e "$DEBOOTSTRAP_GNUPG_HOMEDIR/pubring.gpg" ]; then
DEBOOTSTRAP_GNUPG_KEYRING="$DEBOOTSTRAP_GNUPG_HOMEDIR/pubring.gpg"
elif [ -e "$DEBOOTSTRAP_GNUPG_HOMEDIR/pubring.kbx" ]; then
DEBOOTSTRAP_GNUPG_KEYRING="$DEBOOTSTRAP_GNUPG_HOMEDIR/pubring.kbx"
else
fatal "No debootstrap GnuPG keyring was created."
fi
DEBOOTSTRAP_GNUPG_KEYRING="$DEBOOTSTRAP_GNUPG_HOMEDIR/pubring.kbx"
[ -e "$DEBOOTSTRAP_GNUPG_KEYRING" ] \
|| fatal "No debootstrap GnuPG keyring was created."
DEBOOTSTRAP_OPTIONS="$DEBOOTSTRAP_OPTIONS --keyring=$DEBOOTSTRAP_GNUPG_KEYRING"
export DEBOOTSTRAP_OPTIONS
......@@ -121,36 +117,12 @@ export MKSQUASHFS_OPTIONS
# refresh translations of our programs
./refresh-translations || fatal "refresh-translations failed ($?)."
case "$LB_BINARY_IMAGES" in
iso)
which isohybrid >/dev/null || fatal 'Cannot find isohybrid in $PATH'
installed_syslinux_utils_upstream_version="$(syslinux_utils_upstream_version)"
if dpkg --compare-versions \
"$installed_syslinux_utils_upstream_version" \
'lt' \
"$REQUIRED_SYSLINUX_UTILS_UPSTREAM_VERSION" ; then
fatal \
"syslinux-utils '${installed_syslinux_utils_upstream_version}' is installed, " \
"while we need at least '${REQUIRED_SYSLINUX_UTILS_UPSTREAM_VERSION}'."
fi
;;
*)
fatal "Image type ${LB_BINARY_IMAGES} is not supported."
;;
esac
BUILD_ISO_FILENAME="${BUILD_BASENAME}.iso"
BUILD_MANIFEST="${BUILD_BASENAME}.build-manifest"
BUILD_APT_SOURCES="${BUILD_BASENAME}.apt-sources"
BUILD_PACKAGES="${BUILD_BASENAME}.packages"
BUILD_LOG="${BUILD_BASENAME}.buildlog"
BUILD_USB_IMAGE_FILENAME="${BUILD_BASENAME}.img"
# Clone all output, from this point on, to the log file
exec > >(tee -a "$BUILD_LOG")
trap "kill -9 $! 2>/dev/null" EXIT HUP INT QUIT TERM
exec 2> >(tee -a "$BUILD_LOG" >&2)
trap "kill -9 $! 2>/dev/null" EXIT HUP INT QUIT TERM
(
echo "Mirrors:"
apt-mirror debian
......@@ -160,25 +132,25 @@ trap "kill -9 $! 2>/dev/null" EXIT HUP INT QUIT TERM
cat config/chroot_sources/*.chroot
) > "$BUILD_APT_SOURCES"
echo "Building ISO image ${BUILD_ISO_FILENAME}..."
echo "I: Building ISO image ${BUILD_ISO_FILENAME}..."
time lb build noauto ${@}
[ -e binary.iso ] || fatal "lb build failed ($?)."
echo "ISO image was successfully created"
echo "I: ISO image was successfully created"
print_iso_size binary.iso
echo "Hybriding it..."
echo "I: Hybriding it..."
isohybrid $AMNESIA_ISOHYBRID_OPTS binary.iso || fatal "isohybrid failed"
print_iso_size binary.iso
truncate -s %2048 binary.iso
print_iso_size binary.iso
echo "Renaming generated files..."
echo "I: Renaming generated files..."
mv -i binary.iso "${BUILD_ISO_FILENAME}"
mv -i binary.packages "${BUILD_PACKAGES}"
echo "Generating build manifest..."
echo "I: Generating build manifest..."
generate-build-manifest chroot/debootstrap "${BUILD_MANIFEST}"
echo "Creating USB image ${BUILD_USB_IMAGE_FILENAME}..."
echo "I: Creating USB image ${BUILD_USB_IMAGE_FILENAME}..."
create-usb-image-from-iso "${BUILD_ISO_FILENAME}"
......@@ -7,12 +7,6 @@ set -x
. "$(dirname $0)/scripts/utils.sh"
# we require building from git
if ! git rev-parse --is-inside-work-tree; then
echo "${PWD} is not a Git tree. Exiting."
exit 1
fi
. config/amnesia
if [ -e config/amnesia.local ] ; then
. config/amnesia.local
......@@ -21,12 +15,10 @@ fi
if [ -n "${SOURCE_DATE_EPOCH}" ]; then
CURRENT_EPOCH="$(date --utc +%s)"
if [ "${SOURCE_DATE_EPOCH}" -gt "${CURRENT_EPOCH}" ]; then
echo "SOURCE_DATE_EPOCH is set before the current time. Exiting."
exit 1
fatal "SOURCE_DATE_EPOCH is set before the current time. Exiting."
fi
else
echo "SOURCE_DATE_EPOCH is not set. Exiting."
exit 1
fatal "SOURCE_DATE_EPOCH is not set. Exiting."
fi
# get git branch or tag so we can set the basename appropriately, i.e.:
......@@ -53,20 +45,19 @@ GIT_BASE_BRANCH=$(base_branch) \
if [ "${TAILS_MERGE_BASE_BRANCH:-}" = 1 ] && \
! git_on_a_tag && [ "$GIT_BRANCH" != "$GIT_BASE_BRANCH" ] ; then
GIT_BASE_BRANCH_COMMIT=$(git_base_branch_head)
[ -n "${GIT_BASE_BRANCH_COMMIT}" ] \
|| fatal "Base branch's top commit could not be guessed."
[ -n "${BASE_BRANCH_GIT_COMMIT}" ] \
|| fatal "Base branch's top commit is not set."
echo "Merging base branch origin/${GIT_BASE_BRANCH}"
echo "(at commit ${GIT_BASE_BRANCH_COMMIT})..."
echo "I: Merging base branch ${GIT_BASE_BRANCH}" \
"(at commit ${BASE_BRANCH_GIT_COMMIT})..."
faketime -f "${SOURCE_DATE_FAKETIME}" \
git merge --no-edit "origin/${GIT_BASE_BRANCH}" \
git merge --no-edit "${BASE_BRANCH_GIT_COMMIT}" \
|| fatal "Failed to merge base branch."
git submodule update --init
# Adjust BUILD_BASENAME to embed the base branch name and its top commit
CLEAN_GIT_BASE_BRANCH=$(echo "$GIT_BASE_BRANCH" | sed 's,/,_,g')
GIT_BASE_BRANCH_SHORT_ID=$(git_base_branch_head --short)
GIT_BASE_BRANCH_SHORT_ID=$(git rev-parse --verify --short "${BASE_BRANCH_GIT_COMMIT}")
[ -n "${GIT_BASE_BRANCH_SHORT_ID}" ] \
|| fatal "Base branch's top commit short ID could not be guessed."
BUILD_BASENAME="${BUILD_BASENAME}+${CLEAN_GIT_BASE_BRANCH}"
......@@ -79,19 +70,16 @@ echo "BUILD_BASENAME='${BUILD_BASENAME}'" > tmp/build_environment
# sanity checks
if grep -qs -E '^Pin:\s+release\s+.*a=' config/chroot_apt/preferences ; then
echo "Found unsupported a= syntax in config/chroot_apt/preferences,"
echo "use n= instead. Exiting."
exit 1
fatal "Found unsupported a= syntax in config/chroot_apt/preferences," \
"use n= instead. Exiting."
fi
if grep -qs -E '^Pin:\s+release\s+.*o=Debian Backports' \
config/chroot_apt/preferences ; then
echo "Found unsupported 'o=Debian Backports' syntax,"
echo "in config/chroot_apt/preferences. Use o=Debian instead. Exiting."
exit 1
fatal "Found unsupported 'o=Debian Backports' syntax," \
"in config/chroot_apt/preferences. Use o=Debian instead. Exiting."
fi
if [ $(dpkg --print-architecture) != amd64 ] ; then
echo "Only amd64 build systems are supported"
exit 1
fatal "Only amd64 build systems are supported"
fi
# init variables
......@@ -102,7 +90,7 @@ $RUN_LB_CONFIG --distribution stretch ${@}
# set up everything for time-based snapshots:
if [ -n "${APT_SNAPSHOTS_SERIALS:-}" ]; then
echo "Fixing 'latest' APT snapshots serials to: '${APT_SNAPSHOTS_SERIALS}'."
echo "I: Fixing 'latest' APT snapshots serials to: '${APT_SNAPSHOTS_SERIALS}'."
apt-snapshots-serials prepare-build "${APT_SNAPSHOTS_SERIALS}"
else
apt-snapshots-serials prepare-build
......@@ -119,16 +107,16 @@ DEBIAN_MIRROR="$(apt-mirror debian)"
DEBIAN_SECURITY_MIRROR="$(apt-mirror debian-security)"
TORPROJECT_MIRROR="$(apt-mirror torproject)"
[ -n "$DEBIAN_MIRROR" ] || exit 1
[ -n "$DEBIAN_SECURITY_MIRROR" ] || exit 1
[ -n "$TORPROJECT_MIRROR" ] || exit 1
[ -n "$DEBIAN_MIRROR" ] || fatal "\$DEBIAN_MIRROR is empty"
[ -n "$DEBIAN_SECURITY_MIRROR" ] || fatal "\$DEBIAN_SECURITY_MIRROR is empty"
[ -n "$TORPROJECT_MIRROR" ] || fatal "\$TORPROJECT_MIRROR is empty"
perl -pi \
-E \
"s|^(deb(?:-src)?\s+)https?://ftp[.]us[.]debian[.]org/debian/?(\s+)|\$1$DEBIAN_MIRROR\$2| ; \
s|^(deb(?:-src)?\s+)https?://deb[.]torproject[.]org/torproject[.]org/?(\s+)|\$1$TORPROJECT_MIRROR\$2|" \
config/chroot_sources/*.chroot \
|| exit 1
|| fatal "APT mirror substitution failed with exit code $?"
# set Amnesia's general options
$RUN_LB_CONFIG \
......@@ -171,7 +159,8 @@ install -d config/chroot_local-includes/etc/amnesia/
# environment
TAILS_WIKI_SUPPORTED_LANGUAGES="$(ikiwiki-supported-languages ikiwiki.setup)"
[ -n "$TAILS_WIKI_SUPPORTED_LANGUAGES" ] || exit 16
[ -n "$TAILS_WIKI_SUPPORTED_LANGUAGES" ] \
|| fatal "\$TAILS_WIKI_SUPPORTED_LANGUAGES is empty"
echo "TAILS_WIKI_SUPPORTED_LANGUAGES='${TAILS_WIKI_SUPPORTED_LANGUAGES}'" \
>> config/chroot_local-includes/etc/amnesia/environment
......@@ -186,6 +175,7 @@ echo "live-build: `dpkg-query -W -f='${Version}\n' live-build`" \
cat >> config/chroot_local-includes/etc/os-release <<EOF
TAILS_PRODUCT_NAME="Tails"
TAILS_VERSION_ID="$AMNESIA_VERSION"
TAILS_DISTRIBUTION="$TAILS_DISTRIBUTION"
EOF
if echo "$AMNESIA_VERSION" | grep -qs -E '~(alpha|beta|rc)[0-9]*$' ; then
echo 'TAILS_CHANNEL="alpha"' >> config/chroot_local-includes/etc/os-release
......
......@@ -39,8 +39,12 @@ GET_UDISKS_OBJECT_TIMEOUT = 2
# the partition table, reserved sectors, and filesystem metadata.
SYSTEM_PARTITION_ADDITIONAL_SIZE = 10
SYSLINUX_COM32MODULES_DIR = '/usr/lib/syslinux/modules/bios'
# We use the syslinux from the chroot here, because it's the same one
# that will be available to Tails Installer in the running Tails. Using
# the same syslinux version here and in Tails Installer is important to
# prevent issues when upgrading a Tails device via Tails Installer.
CHROOT_SYSLINUX_COM32MODULES_DIR = 'chroot/usr/lib/syslinux/modules/bios'
CHROOT_SYSLINUX_BIN='chroot/usr/bin/syslinux'
class ImageCreationError(Exception):
pass
......@@ -252,7 +256,7 @@ class ImageCreator(object):
com32modules = [f for f in os.listdir(syslinux_dir) if f.endswith('.c32')]
for module in sorted(com32modules):
src_path = os.path.join(SYSLINUX_COM32MODULES_DIR, module)
src_path = os.path.join(CHROOT_SYSLINUX_COM32MODULES_DIR, module)
if not os.path.isfile(src_path):
raise ImageCreationError("Could not find the '%s' COM32 module" % module)
......@@ -269,7 +273,7 @@ class ImageCreator(object):
# device would cause this issue:
# https://bugs.chromium.org/p/chromium/issues/detail?id=508713#c8
execute([
'syslinux',
CHROOT_SYSLINUX_BIN,
'--offset', str(self.partition.props.partition.props.offset),
'--directory', '/syslinux/',
'--install', self.image
......
......@@ -97,7 +97,7 @@ branch_name_to_suite() {
}
fatal() {
echo "$*" >&2
echo "E: $*" >&2
exit 1
}
......
......@@ -22,9 +22,6 @@ AMNESIA_APPEND="live-media=removable nopersistence noprompt timezone=Etc/UTC blo
# Options passed to isohybrid
AMNESIA_ISOHYBRID_OPTS="-h 255 -s 63 --id 42 --verbose"
# Minimal upstream version of syslinux-utils we need
REQUIRED_SYSLINUX_UTILS_UPSTREAM_VERSION="6.03~pre20"
# Kernel version
KERNEL_VERSION='4.19.0-5'
KERNEL_SOURCE_VERSION=$(
......@@ -49,3 +46,6 @@ AMNESIA_FULL_VERSION="${AMNESIA_VERSION} - ${SOURCE_DATE_YYYYMMDD}"
AMNESIA_DEV_FULLNAME='Tails developers'
AMNESIA_DEV_EMAIL="tails@boum.org"
AMNESIA_DEV_KEYID="A490 D0F4 D311 A415 3E2B B7CA DBB8 02B2 58AC D84F"
# Used to set a custom home page if the distribution is UNRELEASED
TAILS_DISTRIBUTION="`dpkg-parsechangelog -SDistribution`"
......@@ -130,6 +130,10 @@ Package: tails-installer
Pin: origin deb.tails.boum.org
Pin-Priority: 999
Package: tor tor-geoipdb
Pin: release o=TorProject,n=tor-experimental-0.4.0.x-stretch
Pin-Priority: 999
Package: virtualbox*
Pin: release o=Debian,n=stretch-backports
Pin-Priority: 999
......
......@@ -119,6 +119,7 @@ Change_gid pulse-access 1200
Change_gid Debian-gdm 1210
Change_gid kvm 1500
Change_gid render 1510
Change_gid Debian-exim 1520
# Finally, give these users and groups the desired UID/GID
Change_uid debian-tor 107
......@@ -143,3 +144,4 @@ Change_gid pulse-access 120
Change_gid Debian-gdm 121
Change_gid kvm 150
Change_gid render 151
Change_gid Debian-exim 152
......@@ -81,6 +81,11 @@ while IFS=: read MOZILLA_LOCALE LOCATION; do
"\"${SPELLCHECKER_LOCALE}\"" \
"user_pref"
HOMEPAGE="https://tails.boum.org/home/"
. /etc/os-release # get $TAILS_CHANNEL and $TAILS_DISTRIBUTION
if [ "${TAILS_DISTRIBUTION}" = UNRELEASED ] \
|| [ "${TAILS_CHANNEL:-stable}" != stable ]; then
HOMEPAGE="${HOMEPAGE}testing/"
fi
if echo "${TAILS_WIKI_SUPPORTED_LANGUAGES}" | grep -qw "${LANG_CODE}"; then
HOMEPAGE="${HOMEPAGE}index.${LANG_CODE}.html"
fi
......
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.all.disable_ipv6 = 1
# Some programs expect the loopback interface to have IPv6 enabled
net.ipv6.conf.lo.disable_ipv6 = 0
......@@ -102,7 +102,7 @@ sgdisk \
log_end_msg
# Tell the kernel to reload the partition table
partprobe
partprobe "${PARENT_DEVICE}"
# fatresize overwrites the VBR, so we have to back it up to be able to
# restore the boot code later
......@@ -139,4 +139,4 @@ sgdisk \
"${PARENT_DEVICE}"
# Tell the kernel to reload the partition table
partprobe
partprobe "${PARENT_DEVICE}"
......@@ -46,6 +46,7 @@ crontab:x:107:
netdev:x:108:
kvm:x:150:
render:x:151:
Debian-exim:x:152:
messagebus:x:105:
ssh:x:109:
memlockd:x:110:
......
......@@ -20,8 +20,9 @@ systemd-timesync:x:100:102:systemd Time Synchronization,,,:/run/systemd:/bin/fal
systemd-network:x:101:103:systemd Network Management,,,:/run/systemd/netif:/bin/false
systemd-resolve:x:102:104:systemd Resolver,,,:/run/systemd/resolve:/bin/false
_apt:x:104:65534::/nonexistent:/bin/false
messagebus:x:103:105::/var/run/dbus:/bin/false
memlockd:x:105:110:memlockd system account,,,:/usr/lib/memlockd:/bin/false
Debian-exim:x:103:152::/var/spool/exim4:/bin/false
messagebus:x:105:105::/var/run/dbus:/bin/false
memlockd:x:106:110:memlockd system account,,,:/usr/lib/memlockd:/bin/false
debian-tor:x:107:114::/var/lib/tor:/bin/false
speech-dispatcher:x:108:29:Speech Dispatcher,,,:/var/run/speech-dispatcher:/bin/false
colord:x:109:117:colord colour management daemon,,,:/var/lib/colord:/bin/false
......
http://torbrowser-archive.tails.boum.org/8.5-build2/
http://torbrowser-archive.tails.boum.org/8.5.2-build1/
03efbeaca2a77f9e929b3c6b0074e206b8329fba0b9b231ad7966850c1953d22 tor-browser-linux64-8.5_ar.tar.xz
72910c38b3f262b00390bfb6771a3527c726b35d3d2d174d0c548ee1ad3f5698 tor-browser-linux64-8.5_ca.tar.xz
faae1c7023fe7b8915880cc00e5dd5fcdc7d576267aca63a65b882d2197df23c tor-browser-linux64-8.5_cs.tar.xz
f1dc34a9a0237b2a5cad4b624cecfee4163c5f1214cfd8320540e4cc1a13910f tor-browser-linux64-8.5_da.tar.xz
7feb208188ffd622f498496e00b894e3cbe105ca1abb3991d34fd8852edf6e70 tor-browser-linux64-8.5_de.tar.xz
b9998ee9f01cae8492e42be5881ae37bda3876d6b555010d40b299d1d78b116c tor-browser-linux64-8.5_el.tar.xz
5d3c80a8a24adc03a2ba9daacbb7f9d4b9648c1d55d5a7862b8e0562096e3d26 tor-browser-linux64-8.5_en-US.tar.xz
1aaf72e0ced8e407a88143a9b4c2d2cb480219cfa817f0d5a8bfd86fcc2a82e7 tor-browser-linux64-8.5_es-AR.tar.xz
3e83baad892d554b2defbf524484dc282116efb879d7ae192b7115618a1cd2f8 tor-browser-linux64-8.5_es-ES.tar.xz
b028401830ca38b620c85e5422e40d95819d4eae498a2230c2222a955fc6353c tor-browser-linux64-8.5_fa.tar.xz
778739f566b7faf55864ddf9737ede0643706fbd1a9f6c26f60df483bd8b431d tor-browser-linux64-8.5_fr.tar.xz
641e8435a12e0514805dc19c1acbb4193c952f538f2d9911eee4820d7c0ad94d tor-browser-linux64-8.5_ga-IE.tar.xz
a6fff7d903269699d127407ca85e946d77256402c89bbc6be3d679c6b34ac13b tor-browser-linux64-8.5_he.tar.xz
f00242a2ac94923c36f5c00495a7640e702fc23796231adc1a0663be5602943e tor-browser-linux64-8.5_hu.tar.xz
50f5d9c059386364a24daa1bc1805c8067c0da61115979f47d5df3ee5d059362 tor-browser-linux64-8.5_id.tar.xz
a1de497c415d42d3734154b05dd6495ac7f8c1513ab74b94401e829071b31e89 tor-browser-linux64-8.5_is.tar.xz
311cb255ba1251c9bc91f67c5fe75d4c7f6bc1a3d10463dea3555fcb7c564285 tor-browser-linux64-8.5_it.tar.xz
77d245fc1c76ee7cbca4f0eaa2dc72b7aa81e3f266cfba6b017731f8c3d0c52b tor-browser-linux64-8.5_ja.tar.xz
478e1900a6c45b82d81ba0a55f662582e37f53dfa5fb67de519b596a9d6e51b7 tor-browser-linux64-8.5_ka.tar.xz
97a8a3f46db86d715cf2d8e6fb9eadb2445ecc5f7879eecbe95d0144ce5b643e tor-browser-linux64-8.5_ko.tar.xz
80f303c602f76cd6aa79b0ca708f990b2f27ba4bebdbad5181ebe8f59811badc tor-browser-linux64-8.5_nb-NO.tar.xz
ddcd80ebbfd87fc52f04375d124cff6e209b1410a6de8feef7cb2809e714d598 tor-browser-linux64-8.5_nl.tar.xz
a961df29242a75cb2c01f7889840212a2d30b4b46f524f042f784736fcb40298 tor-browser-linux64-8.5_pl.tar.xz
092df86c46313d6b6e5c0e268cae83e711ee915668d17820061524e37ec98fe6 tor-browser-linux64-8.5_pt-BR.tar.xz
3813e2e39d43df46e876fe92670c2117aaf08c6181b0cd288240b7bf275dbba6 tor-browser-linux64-8.5_ru.tar.xz
f9ad375a3339914b513ca78a4a0769e4d71dca15103370cc3362fec22851cde1 tor-browser-linux64-8.5_sv-SE.tar.xz
9cbc4c693f939bf4a2cdcb5a20b1d2e9b0908b4e737add3711d9b8912c84daa4 tor-browser-linux64-8.5_tr.tar.xz
4ad7f7533e6e18fee8515856e405df8711295d198786e67cab8467464b8639c8 tor-browser-linux64-8.5_vi.tar.xz
aebc74b309c8b506ec2b378f023747e67c3259f6551f9fec9ee350c52eb8ab37 tor-browser-linux64-8.5_zh-CN.tar.xz
f87dd72b801e9b33b528e5132188b5e41daca2dd6c859d53e1c6466de165ed34 tor-browser-linux64-8.5_zh-TW.tar.xz
888c6020af840de81dbb9e91fbcd386c2c45962c5a924d720d08db4aa86773f4 tor-browser-linux64-8.5.2_ar.tar.xz
c6c44a139923bdcab0c8ef273b35e8b020cdc930581a34b4837e2bb9f3589c88 tor-browser-linux64-8.5.2_ca.tar.xz
f680de7cc8a5ca74f910700291e7ac0075d5bf335924722b2d45c0197a605bf6 tor-browser-linux64-8.5.2_cs.tar.xz
cea843936e017cb2e700f75193c27935c75e5d49f1e14d83c2af39c82b73b502 tor-browser-linux64-8.5.2_da.tar.xz
410e40d616675971e4a84820f0af24cebd6af1f38fd130889db6d56b6bdfc1f5 tor-browser-linux64-8.5.2_de.tar.xz
8e15ee6340bae02e9ea6260458855e567380573d61a16a9e30b6b128b3af268b tor-browser-linux64-8.5.2_el.tar.xz
7676b9fab921626b1b2e7fd3eb43854094c76ff9d93c8e727330020d842aa162 tor-browser-linux64-8.5.2_en-US.tar.xz
e1043b1a638f4d29a6ba27ede910caed82b4edf651d3f76eedefbc12888cf844 tor-browser-linux64-8.5.2_es-AR.tar.xz
3fbe93d3497b5fc9308bb403e1baeedefc2c6db9a2e284b848f1d824a9b36e5b tor-browser-linux64-8.5.2_es-ES.tar.xz
d4161a476579203dc51755d37313a99d11dbcb0545019ae343bb3947fc3571a4 tor-browser-linux64-8.5.2_fa.tar.xz
bb963423fd385bab56b7d0467c9b55a3be149e54dbcfbf72443bfc371385f17d tor-browser-linux64-8.5.2_fr.tar.xz
9fcbba32ad9323c8ac03262d0ad0ca08b066fff481ff61f102bb3963b3e855f0 tor-browser-linux64-8.5.2_ga-IE.tar.xz
4ec97e09e8ea156b7d07ca999707ae5ab0d447dfd6e5fa2b033770e828e534de tor-browser-linux64-8.5.2_he.tar.xz
aa7019094af35fb773c06694b0058a6204de82ac7897f8cbce690144ba30c9e4 tor-browser-linux64-8.5.2_hu.tar.xz
495a2fca48f09fc206c252957f528ff33cd3db303fa8d8e127fb680f6b6a522b tor-browser-linux64-8.5.2_id.tar.xz
26e23bd2e87896712a1c2ec2d64f7aefde5dbe10f70412e032a979ef272279f3 tor-browser-linux64-8.5.2_is.tar.xz
3eb4f5afcf32cfcbfdf18e10e1bbb064bf1bcb8e28f800fb1b76ab5fdccb2600 tor-browser-linux64-8.5.2_it.tar.xz
88d1991626d07ac5260524ef890bf2391bfdc298c6b2ad013a8b933173e6a1aa tor-browser-linux64-8.5.2_ja.tar.xz
efaf0aa9e282ec311a5e0a981a25dd2e77d86e348395fed1bbbc0062f30b8431 tor-browser-linux64-8.5.2_ka.tar.xz
d89456f18df06db1b691ed945956bfd218ee9963ae928c3c3a7fe51f2b5959ce tor-browser-linux64-8.5.2_ko.tar.xz
5f0c8b01844ae2cb86fd5d6b01bb7159e25fe6daaa8c447fb7dc62f4b3865f75 tor-browser-linux64-8.5.2_nb-NO.tar.xz
c511ef0654630cdaf014610c6b6115749fac74b321d98691d63d899168c5b61a tor-browser-linux64-8.5.2_nl.tar.xz
036e344c1d19c825ab9284d7cad845fc1289521583905486e6a4ce26dc865906 tor-browser-linux64-8.5.2_pl.tar.xz
53dfadad13888caf1ae70a50e8b015b7e11446ad3fb9cff10dcdad5d8896744f tor-browser-linux64-8.5.2_pt-BR.tar.xz
f11f0d274c0ade924828395f04d661c6e33605add6d4073c25fdf393a4b62e50 tor-browser-linux64-8.5.2_ru.tar.xz
f9dc70e7fcfe4c38226f5a78d6bff7a82164fd0f595a9bbf5b0754b67c4bc350 tor-browser-linux64-8.5.2_sv-SE.tar.xz
51d96572fe849ff11fc8ac701c4278100f7cd047d5a7440be35e532fd020efc3 tor-browser-linux64-8.5.2_tr.tar.xz
cedd93fc4abd720b1239a5f1d77fc2b311caed0995a0af55d2d6b3910070ef3d tor-browser-linux64-8.5.2_vi.tar.xz
80437d0915aa3cdd12f09457a1ba41b03623ea6dff191a540f06c20f4dd5cfc6 tor-browser-linux64-8.5.2_zh-CN.tar.xz
c8a138a83d67a8f728bf1364e6fa908de9c461741f680ad24dc3fd626d5d2e03 tor-browser-linux64-8.5.2_zh-TW.tar.xz
deb http://deb.torproject.org/torproject.org stretch main
deb http://deb.torproject.org/torproject.org tor-experimental-0.4.0.x-stretch main
tails (3.14.1) unstable; urgency=medium
* Security fixes
- Upgrade Tor Browser to 8.5.2-build1 (Closes: #16824).
- Upgrade Thunderbird to 60.7.0 (Closes: #16742).
- Upgraded Linux to 4.19.37-4 (Closes: #16823).
* Bugfixes
- Only probe for partitions on the boot device when setting up
TailsData. Without arguments partprobe will scan all devices,
and if it encounters a device it doesn't support (e.g. fake
raid-0 arrays) it will return non-zero, thus aborting Tails'
partitioning script, resulting in an unbootable install
(Details: #16389).
* Minor improvements and updates
- Upgrade tor to 0.4.0.5-1~d90.stretch+1, the first stable
candidate in the 0.4.0.x series (Closes: #16687).
- Completely disable IPv6 except for the loopback interface. We
attempt to completely block it on the netfilter level but we
have seen ICMPv6 "leaks" any way (related to Router
Solicitation, see: #16148) so let's just disable it. We keep
enabled on the loopback interface since some services depends on
::1 being up.
- create-usb-image-from-iso: Use syslinux from chroot. We used the
syslinux from the vagrant box before, which caused issues with
when building Tails/Buster with a Stretch vagrant box and then
cloning the image via Tails Installer with syslinux from Buster
(Closes: #16748).
- Set Tor Browser's homepage to https://tails.boum.org/home/testing/
if building anything but a stable release. This page explains the
dangers of using a non-stable release. (Closes: #12003)
* Build system
- auto/{build,config}:
* consistently use fatal() to error out, and prefix its message
with "E: " to help distinguish them from the noise produced by
tools we call etc.
* Similarly, also prefix informational message with "I: ".
* drop support for GnuPG 1.x.
* clone more build output to the log file.
* Drop obsolete check for syslinux version. This version
requirement is satisfied by Jessie and it is doubtful Tails
would build in anything older.
* auto/build: drop a few checks for conditions that are already
satisfied in the supported build environments.
- Revert "Build system: try to be smart again by fetching only the
refs we need." This optimization overrides the trick we have on
Jenkins (set_origin_base_branch_head in
https://git.tails.boum.org/jenkins-jobs/tree/macros/builders.yaml),
that ensures that a reproducibly_build_Tails_ISO_* job builds
from the commit used by the first build. (Closes: #16730)
* Test suite
- Fix mistake with execute() vs spawn() when starting the upgrader.
- Don't filter during pcap capture, instead let's just apply the
same filtering when we are inspecting the pcap files. This way
any pcap file saved on failure will include the full capture,
and not just the packets sent by the system under testing, which
sometimes makes it hard to understand what is going on.
- Also include the content of /var/log/tor/log in $scenario.tor
when tor failed to bootstrap (refs: #16793)
- Don't flood the debug logger with tor@default's journal
contents.
- Power off system under testing after scenario. Until now we have
relied on either one of the generated "snapshot restore" steps
or the "[Given] a computer" step to implicitly stop the old VM
when we move on to a new scenario. That meant the old VM was
still running during the new scenarios @Before@ hooks. If the
new scenario is tagged @check_tor_leaks that means we start its
sniffer while the old VM is still running, possibly sending
packets that then affect the new scenario. That would explain
some myserious "Unexpected connections were made" failures we
have seen (Closes: #11521).
- Only accept IP(v6)/ARP during DHCP check.
-- Tails developers <tails@boum.org> Wed, 19 Jun 2019 15:29:07 +0200
tails (3.14) unstable; urgency=medium
* Security fixes
......
......@@ -64,7 +64,7 @@ Feature: Additional software
And I refuse adding "cowsay" to Additional Software
Then "cowsay" is not in the list of Additional Software
# Depends on scenario: Packages I remove from Additional Software through the GUI are not in the Additional Software list anymore
# Depends on scenario: My Additional Software list is configurable through a GUI or through notifications when I install or remove packages with APT or Synaptic
# See https://tails.boum.org/blueprint/additional_software_packages/offline_mode/#incomplete-online-upgrade for high level logic
Scenario: Recovering in offline mode after Additional Software previously failed to upgrade and then succeed to upgrade when online
Given a computer
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment