Commit d37cb04e authored by anonym's avatar anonym
Browse files

Merge remote-tracking branch 'origin/master' into testing

parents fb4f2292 1271ee13
......@@ -236,7 +236,7 @@ po_slave_languages:
#
# When updating this list, refer to the checklist in
# https://tails.boum.org/contribute/how/website/po_translatable_pages/
po_translatable_pages: '!security/audits and !security/audits/* and !news/report_2* and !news/version_0* and !news/version_1* and !news/test_0* and !news/test_1* and !news/test_*alpha? and !news/test_*-beta? and !news/test_*-rc? and !security/Numerous_security_holes_in_0* and !security/Numerous_security_holes_in_1* and (about or about/* or bugs or chat or contribute or doc or doc/* or donate or donate/* or download or download.inline or getting_started or home or index or news or news/* or press or security or security/* or sidebar or support or support/* or torrents or misc or misc/* or install or install/* or upgrade or upgrade/*)'
po_translatable_pages: '!security/audits and !security/audits/* and !news/report_2* and !news/version_0* and !news/version_1* and !news/test_0* and !news/test_1* and !news/test_*alpha? and !news/test_*-beta? and !news/test_*-rc? and !security/Numerous_security_holes_in_0* and !security/Numerous_security_holes_in_1* and (about or about/* or bugs or chat or contribute or doc or doc/* or donate or donate/* or download or download.inline or getting_started or home or index or news or news/* or partners or press or security or security/* or sidebar or support or support/* or torrents or misc or misc/* or install or install/* or upgrade or upgrade/*)'
# internal linking behavior (default/current/negotiated)
po_link_to: current
......
......@@ -213,7 +213,7 @@ po_slave_languages:
#
# When updating this list, refer to the checklist in
# https://tails.boum.org/contribute/how/website/po_translatable_pages/
po_translatable_pages: '!security/audits and !security/audits/* and !news/report_2* and !news/version_0* and !news/version_1* and !news/test_0* and !news/test_1* and !news/test_*alpha? and !news/test_*-beta? and !news/test_*-rc? and !security/Numerous_security_holes_in_0* and !security/Numerous_security_holes_in_1* and (about or about/* or bugs or chat or contribute or doc or doc/* or donate or donate/* or download or download.inline or getting_started or home or index or news or news/* or press or security or security/* or sidebar or support or support/* or torrents or misc or misc/* or install or install/* or upgrade or upgrade/*)'
po_translatable_pages: '!security/audits and !security/audits/* and !news/report_2* and !news/version_0* and !news/version_1* and !news/test_0* and !news/test_1* and !news/test_*alpha? and !news/test_*-beta? and !news/test_*-rc? and !security/Numerous_security_holes_in_0* and !security/Numerous_security_holes_in_1* and (about or about/* or bugs or chat or contribute or doc or doc/* or donate or donate/* or download or download.inline or getting_started or home or index or news or news/* or partners or press or security or security/* or sidebar or support or support/* or torrents or misc or misc/* or install or install/* or upgrade or upgrade/*)'
# internal linking behavior (default/current/negotiated)
po_link_to: current
......
......@@ -20,7 +20,7 @@ with a CB5-312T K2L7.
# Current status
**Update**: see "Kernel approach 4: Arch Linux' ChromeOS-based kernel" for the most
**Update**: see [[Kernel approach 4: Arch Linux' ChromeOS-based kernel|Acer_Chromebook_R_13_CB5-312T#arch-chromeos-based-kernel]] for the most
promising status update so far.
Both with the Chrome OS kernel and the Debian kernel approaches I end
......@@ -66,39 +66,44 @@ See "Kernel approach 5: custom Debian kernel" below for a try at it.
Set some variables:
DEV=/dev/sdb
MNT=/mnt/debian
DATA_PART_SIZE=15292383
sudo mkdir -p ${MNT}
DEBIAN_CODENAME=stretch
If using a USB drive:
If using a 8 GiB USB drive:
DEV=$(readlink -f /dev/disk/by-id/usb-XXX)
KERNEL_PART=${DEV}1
ROOT_PART=${DEV}2
DATA_PART_SIZE=15292383
Else, if using a micro-SD card:
Else, if using a 64 GiB micro-SD card:
DEV=$(readlink -f /dev/disk/by-id/mmc-XXX)
KERNEL_PART=${DEV}p1
ROOT_PART=${DEV}p2
DATA_PART_SIZE=XXX
Partitioning the device:
sudo parted --script ${DEV} mklabel gpt
sudo cgpt create ${DEV}
Below is for a 8 GiB device, adjust if needed.
XXX: the kernel partition is (still) too small for a Stretch kernel +
the gzip-compressed initrd generated from a running Debian desktop
system. Compressing it with xz (as instructed below) fixes that, but it
would be nice to be a bit more generous during the partitioning stage :)
sudo cgpt add -t kernel -l kernel -b 34 -s 65536 ${DEV}
sudo cgpt add -t data -l / -b 65570 -s ${DATA_PART_SIZE} ${DEV}
sudo cgpt add -i 1 -S 1 -T 5 -P 12 -t kernel -l kernel -b 8192 -s 262144 ${DEV}
sudo cgpt add -t data -l / -b 270336 -s ${DATA_PART_SIZE} ${DEV}
sudo blockdev --rereadpt ${DEV}
sudo mkfs.ext4 ${ROOT_PART}
sudo mount ${ROOT_PART} ${MNT}
sudo debootstrap --arch=arm64 --foreign stretch ${MNT} http://ftp.de.debian.org/debian
sudo debootstrap --arch=arm64 --foreign "${DEBIAN_CODENAME:?}" \
"${MNT:?}" \
http://ftp.de.debian.org/debian
Unmount the filesystems
Unmount the root filesystem:
sudo umount ${MNT}
......@@ -115,7 +120,7 @@ Enable booting a self-signed kernel from USB/micro-SD:
enable_dev_usb_boot
Set some variables:
Set some variables (adjust as above if using a micro-SD card):
DEV=/dev/sda
ROOT_PART=${DEV}2
......@@ -136,7 +141,8 @@ Complete the bootstrap:
chroot ${MNT} /debootstrap/debootstrap --second-stage
Configure the system:
Configure the system and install what you'll need to make Wi-Fi
and hardware work once you reboot on Debian:
cat > ${MNT}/etc/fstab <<EOF
${ROOT_PART} / ext4 errors=remount-ro 0 1
......@@ -144,8 +150,13 @@ Configure the system:
echo "chromian" > ${MNT}/etc/hostname
cp /etc/resolv.conf ${MNT}/etc/resolv.conf
chroot ${MNT} apt-get update
chroot ${MNT} apt-get install -y cgpt vboot-utils \
vboot-kernel-utils
chroot ${MNT} apt-get install -y \
alsa-utils \
cgpt \
network-manager \
vboot-utils \
vboot-kernel-utils \
wireless-tools
chroot ${MNT} passwd -d root
......@@ -202,11 +213,6 @@ Umount the filesystems:
umount ${MNT}
Mark the newly written kernel partition as good and set the
priority:
cgpt add -i 1 -S 1 -T 5 -P 12 ${DEV}
### Debugging
I (intrigeri) have also tried:
......@@ -249,6 +255,8 @@ a Debian userspace needs.
## Kernel approach 2 - Debian's kernel
XXX: retry with a more recent Debian kernel.
From inside ChromeOS:
chroot "${MNT:?}" apt install initramfs-tools
......@@ -548,8 +556,14 @@ Whatever: if we're ready to build a kernel based on the ChromeOS one,
we'd better start from the Arch Linux kernel config + included firmware
(see below).
<a id="arch-chromeos-based-kernel"></a>
## Kernel approach 4: Arch Linux' ChromeOS-based kernel
The results below are about `ArchLinuxARM-2017.09-oak-rootfs.tar.gz`,
that's available at the time of writing in
<http://os.archlinuxarm.org/os/mediatek/>.
I've followed
<https://archlinuxarm.org/platforms/armv8/mediatek/acer-chromebook-r13>
to install Arch Linux on a USB stick, and it booted flawlessly.
......@@ -574,7 +588,7 @@ the partitioning and debootstrap steps have been done already.
-exec gunzip '{}' \;
sudo dd bs=1M if="${MNT:?}/boot/vmlinux.kpart" of="${KERNEL_PART:?}"
sync
sudo depmod --basedir "${MNT:?}" 3.18.0-6-ARCH
sudo depmod --basedir "${MNT:?}" 3.18.0-9-ARCH
sudo umount "${MNT:?}"
### Status
......@@ -587,14 +601,23 @@ the partitioning and debootstrap steps have been done already.
* Wi-Fi works.
* Display backlight brightness can be adjusted with the GNOME Shell
UI (in the top-right menu).
* The GNOME sound preferences show no sound device, and I see error
messages in the Journal about `mtk-rt5650 sound`.
* Sound works after unmuting a bunch of channels with `alsamixer` as
documented on the *Wiki* tab of
<https://archlinuxarm.org/platforms/armv8/mediatek/acer-chromebook-r13>
* The GNOME UI doesn't notice when AC power is disconnected.
* Accelerometer and automatic screen rotation: mostly works, not as
clever as I hoped.
* Touchscreen: basically works, but I didn't try to exercise it much.
It seems that some parts of the GNOME UI don't work with touch but
_only_ when the display is rotated (e.g. flipped to tablet mode).
* GNOME Shell does not get any hardware acceleration (glamor, dri3,
EGL) so it's "falling back to sw". And then both with Wayland and
X.Org, full-screen video playback eats tons of CPU to the point it
is totally unusable with Totem and VLC, and pretty bad even with
mpv. That's probably due to the lack of a `mediatek_dri.so` DRI
module for Mesa or VA-API support (the latter because
[[!debpts gstreamer1.0-vaapi]] is not installable on sid today);
I'll retry when the latter is fixed, that might help.
## Kernel approach 5: custom Debian kernel
......
<?xml version="1.0" encoding="UTF-8"?>
<model:Screen xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:model="http://wireframesketcher.com/1.0/model.ecore">
<widgets xsi:type="model:Panel" id="99" x="12" y="48" width="800" height="600" measuredWidth="800" measuredHeight="600"/>
<widgets xsi:type="model:Text" id="100" x="42" y="152" width="605" height="105" text="If you know OpenPGP, you can also use it to verify your download instead, or in addition to, verifying using Firefox or BitTorrent.&#xA;&#xA;1. Download the [Tails signing key] (last updated on 2017-08-30).&#xA;&#xA;2. Download the [Tails 3.1 OpenPGP signature] and save it to the same folder where you saved the ISO image." measuredWidth="605" measuredHeight="105">
<font/>
<items x="89" y="48" width="87" height="16" text="Tails signing key"/>
<items x="89" y="80" width="149" height="16" text="Tails 3.1 OpenPGP signature"/>
</widgets>
<widgets xsi:type="model:Label" id="101" x="40" y="292" text="Basic OpenPGP verification" measuredWidth="289" measuredHeight="40">
<font size="24px"/>
</widgets>
<widgets xsi:type="model:Label" id="102" x="40" y="466" text="Authenticate the signing key through the OpenPGP Web of Trust" measuredWidth="688" measuredHeight="40">
<font size="24px"/>
</widgets>
<widgets xsi:type="model:Text" id="103" x="42" y="514" width="589" height="61" text="Authenticating our signing key through the OpenPGP Web of Trust is the only verification technique that can protect you in case our website is compromised. It is also the most complicated technique and might not be possible for everyone to perform because it relies on trust relationships between individuals." measuredWidth="589" measuredHeight="61">
<font/>
</widgets>
<widgets xsi:type="model:Text" id="104" x="42" y="340" width="605" height="59" text="Verifying using OpenPGP but without authenticating our signing key through the OpenPGP Web of Trust is equivalent in terms of security to verifying using Firefox or BitTorrent because it relies on downloading a genuine signing key from our website." measuredWidth="605" measuredHeight="59">
<font/>
</widgets>
<widgets xsi:type="model:Link" id="105" x="42" y="571" text="Read more about authenticating the signing key through the OpenPGP Web of Trust." measuredWidth="439" measuredHeight="24">
<font/>
</widgets>
<widgets xsi:type="model:Label" id="106" x="40" y="100" text="Verify using OpenPGP (optional)" measuredWidth="401" measuredHeight="44">
<font size="28px"/>
</widgets>
<widgets xsi:type="model:Link" id="107" x="41" y="398" text="See instructions for basic OpenPGP verification." measuredWidth="252" measuredHeight="24">
<font/>
</widgets>
<widgets xsi:type="model:Note" id="108" x="12" y="7" width="800" height="32" text="This screen appears below the fold." measuredWidth="800" measuredHeight="32" textAlignment="Left">
<font/>
</widgets>
<hRuler/>
<vRuler>
<guides position="2305"/>
</vRuler>
<font size="12px"/>
</model:Screen>
<?xml version="1.0" encoding="UTF-8"?>
<model:Screen xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:model="http://wireframesketcher.com/1.0/model.ecore">
<widgets xsi:type="model:Panel" id="125" x="12" y="8" width="721" height="1017" measuredWidth="721" measuredHeight="1017"/>
<widgets xsi:type="model:Text" id="106" x="44" y="736" width="657" height="271" text="Then the ISO image is still correct according to the signing key that you downloaded. To remove this warning you need to authenticate the signing key through the OpenPGP Web of Trust.&#xA;&#xA;IN MACOS USING GPGTOOLS&#xA;&#xA; 1. Open Finder and navigate to the folder where you saved the ISO image and the signature.&#xA;&#xA; 2. Right-click on the ISO image and choose Services ▸ OpenPGP: Verify Signature of File.&#xA;&#xA;IN TAILS&#xA;&#xA; 1. Open the file browser and navigate to the folder where you saved the ISO image and the signature.&#xA;&#xA; 2. Right-click on the signature and choose Open With Verify Signature.&#xA;&#xA; 3. The verification of the ISO image starts automatically:" measuredWidth="657" measuredHeight="271">
<font size="12px" bold="false"/>
</widgets>
<widgets xsi:type="model:Text" id="117" x="43" y="100" width="657" height="41" text=" 4. After the verification finishes, click on the notification counter in the bottom-right corner and on the notification with a &#xA; transparent background on the right of the notification area:" measuredWidth="657" measuredHeight="41">
<font size="12px" bold="false"/>
</widgets>
<widgets xsi:type="model:Text" id="118" x="43" y="264" width="657" height="111" text=" Verify the date of the signature to make sure that you downloaded the latest version.&#xA;&#xA;USING THE COMMAND LINE&#xA;&#xA; 1. Open a terminal and navigate to the folder where you saved the ISO image and the signature.&#xA;&#xA; 2. Execute:" measuredWidth="657" measuredHeight="111">
<font size="12px" bold="false"/>
</widgets>
<widgets xsi:type="model:Image" id="119" x="87" y="153" width="447" height="82" measuredWidth="447" measuredHeight="82" src="assets/notification_in_tails.png"/>
<widgets xsi:type="model:Text" id="120" x="57" y="452" width="657" height="20" text=" The output of this command should be the following:" measuredWidth="657" measuredHeight="20">
<font size="12px" bold="false"/>
</widgets>
<widgets xsi:type="model:Image" id="121" x="69" y="400" width="641" height="28" measuredWidth="641" measuredHeight="28" src="assets/2.png"/>
<widgets xsi:type="model:Text" id="122" x="59" y="614" width="657" height="54" text=" Verify the date of the signature to make sure that you downloaded the latest version.&#xA;&#xA; If the output also includes:" measuredWidth="657" measuredHeight="54">
<font size="12px" bold="false"/>
</widgets>
<widgets xsi:type="model:Image" id="123" x="70" y="490" width="640" height="105" measuredWidth="640" measuredHeight="105" src="assets/3.png"/>
<widgets xsi:type="model:Image" id="124" x="70" y="680" width="644" height="37" measuredWidth="644" measuredHeight="37" src="assets/4.png"/>
<hRuler/>
<vRuler>
<guides position="2305"/>
</vRuler>
<font size="12px"/>
</model:Screen>
<?xml version="1.0" encoding="UTF-8"?>
<model:Screen xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:model="http://wireframesketcher.com/1.0/model.ecore">
<widgets xsi:type="model:Panel" id="131" x="12" y="8" width="721" height="1017" measuredWidth="721" measuredHeight="1017"/>
<widgets xsi:type="model:Text" id="112" x="60" y="89" width="657" height="38" text=" Then the ISO image is still correct according to the signing key that you downloaded. To remove this warning you need to &#xA; authenticate the signing key through the OpenPGP Web of Trust." measuredWidth="657" measuredHeight="38">
<widgets xsi:type="model:Panel" id="131" x="12" y="48" width="800" height="600" measuredWidth="800" measuredHeight="600"/>
<widgets xsi:type="model:Text" id="116" x="42" y="102" width="657" height="535" text="The verification techniques presented until now (Firefox extension, BitTorrent, or OpenPGP verification) all rely on some information being securely downloaded using HTTPS from our website:&#xA;&#xA;- The checksum for the Firefox extension&#xA;- The Torrent file for BitTorrent&#xA;- The Tails signing key for the OpenPGP verification&#xA;&#xA;But, while doing so, you could download malicious information if our website is compromised or if you are victim of a man-in-the-middle attack.&#xA;&#xA;The OpenPGP verification is the only technique that allows you to verify the ISO image even better by also authenticating the Tails signing key through the OpenPGP Web of Trust. Relying on the OpenPGP Web of Trust is the only way to completely protect you from malicious downloads.&#xA;&#xA;If you are verifying an ISO image from inside Tails already, for example to do a manual upgrade, then the Tails signing key is already included in Tails. You can trust this signing key as much as you are trusting your Tails installation already because you are not downloading it.&#xA;&#xA;One of the inherent problems of standard HTTPS is that the trust we usually put in a website is defined by certificate authorities: a hierarchical and closed set of companies and governmental institutions approved by your web browser vendor. This model of trust has long been criticized and proved several times to be vulnerable to attacks as explained on our warning page." measuredWidth="657" measuredHeight="535">
<font size="12px" bold="false"/>
</widgets>
<widgets xsi:type="model:Label" id="114" x="42" y="151" text="Authenticate the signing key through the OpenPGP Web of Trust" measuredWidth="688" measuredHeight="40">
<font size="24px"/>
</widgets>
<widgets xsi:type="model:Text" id="116" x="42" y="202" width="657" height="761" text="The verification techniques presented until now (Firefox extension, BitTorrent, or OpenPGP verification) all rely on some information being securely downloaded using HTTPS from our website:&#xA;&#xA;- The checksum for the Firefox extension&#xA;- The Torrent file for BitTorrent&#xA;- The Tails signing key for the OpenPGP verification&#xA;&#xA;But, while doing so, you could download malicious information if our website is compromised or if you are victim of a man-in-the-middle attack.&#xA;&#xA;The OpenPGP verification is the only technique that allows you to verify the ISO image even better by also authenticating the Tails signing key through the OpenPGP Web of Trust. Relying on the OpenPGP Web of Trust is the only way to completely protect you from malicious downloads.&#xA;&#xA;If you are verifying an ISO image from inside Tails already, for example to do a manual upgrade, then the Tails signing key is already included in Tails. You can trust this signing key as much as you are trusting your Tails installation already because you are not downloading it.&#xA;&#xA;One of the inherent problems of standard HTTPS is that the trust we usually put in a website is defined by certificate authorities: a hierarchical and closed set of companies and governmental institutions approved by your web browser vendor. This model of trust has long been criticized and proved several times to be vulnerable to attacks as explained on our warning page.&#xA;&#xA;We believe that, instead, users should be given the final say when trusting a website, and that designation of trust should be done on the basis of human interactions.&#xA;&#xA;The OpenPGP Web of Trust is a decentralized trust model based on OpenPGP keys that can help solving this problem. Let's see this with an example:&#xA;&#xA;1. You are friend with Alice and really trust her way of managing OpenPGP keys. So you are trusting Alice's key.&#xA;&#xA;2. Furthermore, Alice met Bob, a Tails developer, in a conference and certified Bob's key. So Alice is trusting Bob's key.&#xA;&#xA;3. Bob is a Tails developer who directly owns the Tails signing key. So Bob fully trusts the Tails signing key.&#xA;&#xA;In this scenario, Alice found a path to trust the Tails signing key without the need to rely on certificate authorities.&#xA;&#xA;If you are on Debian, Ubuntu, or Linux Mint, you can install the debian-keyring package which contains the OpenPGP keys of all Debian developers. Some Debian developers have certified the Tails signing key and you can use these certifications to build a trust path. This technique is explained in detail in our instructions on [installing Tails from Debian, Ubuntu, or Linux Mint using the command line].&#xA;&#xA;Relying on the Web of Trust requires both caution and intelligent supervision by the users. The technical details are outside of the scope of this document.&#xA;&#xA;Since the Web of Trust is actually based on human relationships and real-life interactions, the best is to get in touch with people knowledgeable about OpenPGP and build trust relationships in order to find your own trust path to the Tails signing key.&#xA;&#xA;For example, you can start by contacting a local [Linux User Group], [an organization offering Tails training], or other Tails enthusiasts near you and exchange about their OpenPGP practices.&#xA;&#xA;After you built a trust path, you can certify the Tails signing key by signing it with your own key to get rid of some warnings during the verification process." measuredWidth="657" measuredHeight="761">
<font size="12px" bold="false"/>
<items x="0" y="608" width="652" height="32" text="installing Tails from Debian, Ubuntu, or Linux Mint using the command line"/>
<items x="251" y="768" width="89" height="16" text="Linux User Group"/>
<items x="346" y="768" width="194" height="16" text="an organization offering Tails training"/>
<widgets xsi:type="model:Note" id="132" x="12" y="7" width="800" height="32" text="These instructions appears when the user clicks on &quot;Read more about authenticating...&quot;." measuredWidth="800" measuredHeight="32" textAlignment="Left">
<font/>
</widgets>
<hRuler/>
<vRuler>
......
<?xml version="1.0" encoding="UTF-8"?>
<model:Screen xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:model="http://wireframesketcher.com/1.0/model.ecore">
<widgets xsi:type="model:Panel" id="131" x="12" y="48" width="800" height="600" measuredWidth="800" measuredHeight="600"/>
<widgets xsi:type="model:Text" id="116" x="42" y="102" width="657" height="529" text="We believe that, instead, users should be given the final say when trusting a website, and that designation of trust should be done on the basis of human interactions.&#xA;&#xA;The OpenPGP Web of Trust is a decentralized trust model based on OpenPGP keys that can help solving this problem. Let's see this with an example:&#xA;&#xA;1. You are friend with Alice and really trust her way of managing OpenPGP keys. So you are trusting Alice's key.&#xA;&#xA;2. Furthermore, Alice met Bob, a Tails developer, in a conference and certified Bob's key. So Alice is trusting Bob's key.&#xA;&#xA;3. Bob is a Tails developer who directly owns the Tails signing key. So Bob fully trusts the Tails signing key.&#xA;&#xA;In this scenario, Alice found a path to trust the Tails signing key without the need to rely on certificate authorities.&#xA;&#xA;If you are on Debian, Ubuntu, or Linux Mint, you can install the debian-keyring package which contains the OpenPGP keys of all Debian developers. Some Debian developers have certified the Tails signing key and you can use these certifications to build a trust path. This technique is explained in detail in our instructions on [installing Tails from Debian, Ubuntu, or Linux Mint using the command line].&#xA;&#xA;Relying on the Web of Trust requires both caution and intelligent supervision by the users. The technical details are outside of the scope of this document.&#xA;&#xA;Since the Web of Trust is actually based on human relationships and real-life interactions, the best is to get in touch with people knowledgeable about OpenPGP and build trust relationships in order to find your own trust path to the Tails signing key.&#xA;&#xA;For example, you can start by contacting a local [Linux User Group], [an organization offering Tails training], or other Tails enthusiasts near you and exchange about their OpenPGP practices.&#xA;&#xA;After you built a trust path, you can certify the Tails signing key by signing it with your own key to get rid of some warnings during the verification process." measuredWidth="657" measuredHeight="529">
<font size="12px" bold="false"/>
<items x="0" y="256" width="652" height="32" text="installing Tails from Debian, Ubuntu, or Linux Mint using the command line"/>
<items x="251" y="416" width="89" height="16" text="Linux User Group"/>
<items x="346" y="416" width="194" height="16" text="an organization offering Tails training"/>
</widgets>
<widgets xsi:type="model:Note" id="132" x="12" y="7" width="800" height="32" text="These instructions appears when the user clicks on &quot;Read more about authenticating...&quot;." measuredWidth="800" measuredHeight="32" textAlignment="Left">
<font/>
</widgets>
<hRuler/>
<vRuler>
<guides position="2305"/>
</vRuler>
<font size="12px"/>
</model:Screen>
<?xml version="1.0" encoding="UTF-8"?>
<model:Screen xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:model="http://wireframesketcher.com/1.0/model.ecore">
<widgets xsi:type="model:Panel" id="99" x="12" y="8" width="721" height="1017" measuredWidth="721" measuredHeight="1017"/>
<widgets xsi:type="model:Text" id="68" x="44" y="930" width="657" height="41" text=" 4. After the verification finishes, click on the notification counter in the bottom-right corner and on the notification with a &#xA; transparent background on the right of the notification area:" measuredWidth="657" measuredHeight="41">
<font size="12px" bold="false"/>
</widgets>
<widgets xsi:type="model:Label" id="69" x="42" y="113" text="Basic OpenPGP verification" measuredWidth="289" measuredHeight="40">
<font size="24px"/>
</widgets>
<widgets xsi:type="model:Text" id="70" x="44" y="159" width="657" height="266" text="This section provides simplified instructions:&#xA;&#xA;- [In Windows with Gpg4win]&#xA;- [In macOS with GPGTools]&#xA;- [In Tails]&#xA;- [Using the command line]&#xA;&#xA;This basic OpenPGP verification provides a level of verification equivalent to HTTPS, like the Firefox and Chrome extension or BitTorrent, unless you also authenticate the signing key through the OpenPGP Web of Trust.&#xA;&#xA;IN WINDOWS WITH GPG4WIN&#xA;&#xA;See the [Gpg4win documentation on verifying signatures].&#xA;&#xA;Verify the date of the signature to make sure that you downloaded the latest version.&#xA;&#xA;If the following warning appears:" measuredWidth="657" measuredHeight="266">
<widgets xsi:type="model:Panel" id="99" x="12" y="48" width="800" height="600" measuredWidth="800" measuredHeight="600"/>
<widgets xsi:type="model:Text" id="70" x="44" y="79" width="657" height="266" text="This section provides simplified instructions:&#xA;&#xA;- [In Windows with Gpg4win]&#xA;- [In macOS with GPGTools]&#xA;- [In Tails]&#xA;- [Using the command line]&#xA;&#xA;This basic OpenPGP verification provides a level of verification equivalent to HTTPS, like the Firefox and Chrome extension or BitTorrent, unless you also authenticate the signing key through the OpenPGP Web of Trust.&#xA;&#xA;IN WINDOWS WITH GPG4WIN&#xA;&#xA;See the [Gpg4win documentation on verifying signatures].&#xA;&#xA;Verify the date of the signature to make sure that you downloaded the latest version.&#xA;&#xA;If the following warning appears:" measuredWidth="657" measuredHeight="266">
<font size="12px" bold="false"/>
<items x="20" y="16" width="137" height="16" text="In Windows with Gpg4win"/>
<items x="20" y="32" width="131" height="16" text="In macOS with GPGTools"/>
......@@ -15,11 +9,13 @@
<items x="20" y="64" width="125" height="16" text="Using the command line"/>
<items x="41" y="176" width="249" height="16" text="Gpg4win documentation on verifying signatures"/>
</widgets>
<widgets xsi:type="model:Image" id="71" x="86" y="784" width="315" height="124" measuredWidth="315" measuredHeight="124" src="assets/verifying_in_tails.png"/>
<widgets xsi:type="model:Text" id="74" x="44" y="506" width="657" height="271" text="Then the ISO image is still correct according to the signing key that you downloaded. To remove this warning you need to authenticate the signing key through the OpenPGP Web of Trust.&#xA;&#xA;IN MACOS USING GPGTOOLS&#xA;&#xA; 1. Open Finder and navigate to the folder where you saved the ISO image and the signature.&#xA;&#xA; 2. Right-click on the ISO image and choose Services ▸ OpenPGP: Verify Signature of File.&#xA;&#xA;IN TAILS&#xA;&#xA; 1. Open the file browser and navigate to the folder where you saved the ISO image and the signature.&#xA;&#xA; 2. Right-click on the signature and choose Open With Verify Signature.&#xA;&#xA; 3. The verification of the ISO image starts automatically:" measuredWidth="657" measuredHeight="271">
<widgets xsi:type="model:Text" id="74" x="44" y="426" width="657" height="271" text="Then the ISO image is still correct according to the signing key that you downloaded. To remove this warning you need to authenticate the signing key through the OpenPGP Web of Trust.&#xA;&#xA;IN MACOS USING GPGTOOLS&#xA;&#xA; 1. Open Finder and navigate to the folder where you saved the ISO image and the signature.&#xA;&#xA; 2. Right-click on the ISO image and choose Services ▸ OpenPGP: Verify Signature of File." measuredWidth="657" measuredHeight="271">
<font size="12px" bold="false"/>
</widgets>
<widgets xsi:type="model:Image" id="75" x="59" y="430" width="655" height="59" measuredWidth="655" measuredHeight="59" src="assets/1.png"/>
<widgets xsi:type="model:Image" id="75" x="59" y="350" width="655" height="59" measuredWidth="655" measuredHeight="59" src="assets/1.png"/>
<widgets xsi:type="model:Note" id="101" x="12" y="7" width="800" height="32" text="These instructions appears when the user clicks on &quot;See instructions for basic OpenPGP verification...&quot;." measuredWidth="800" measuredHeight="32" textAlignment="Left">
<font/>
</widgets>
<hRuler/>
<vRuler>
<guides position="2305"/>
......
<?xml version="1.0" encoding="UTF-8"?>
<model:Screen xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:model="http://wireframesketcher.com/1.0/model.ecore">
<widgets xsi:type="model:Panel" id="128" x="12" y="8" width="721" height="1017" measuredWidth="721" measuredHeight="1017"/>
<widgets xsi:type="model:Text" id="100" x="44" y="260" width="657" height="41" text=" 4. After the verification finishes, click on the notification counter in the bottom-right corner and on the notification with a &#xA; transparent background on the right of the notification area:" measuredWidth="657" measuredHeight="41">
<widgets xsi:type="model:Panel" id="125" x="12" y="48" width="800" height="600" measuredWidth="800" measuredHeight="600"/>
<widgets xsi:type="model:Text" id="118" x="43" y="529" width="657" height="111" text=" Verify the date of the signature to make sure that you downloaded the latest version.&#xA;&#xA;USING THE COMMAND LINE&#xA;&#xA; 1. Open a terminal and navigate to the folder where you saved the ISO image and the signature.&#xA;&#xA; 2. Execute:" measuredWidth="657" measuredHeight="111">
<font size="12px" bold="false"/>
</widgets>
<widgets xsi:type="model:Image" id="103" x="86" y="114" width="315" height="124" measuredWidth="315" measuredHeight="124" src="assets/verifying_in_tails.png"/>
<widgets xsi:type="model:Text" id="104" x="44" y="424" width="657" height="111" text=" Verify the date of the signature to make sure that you downloaded the latest version.&#xA;&#xA;USING THE COMMAND LINE&#xA;&#xA; 1. Open a terminal and navigate to the folder where you saved the ISO image and the signature.&#xA;&#xA; 2. Execute:" measuredWidth="657" measuredHeight="111">
<font size="12px" bold="false"/>
</widgets>
<widgets xsi:type="model:Image" id="105" x="88" y="313" width="447" height="82" measuredWidth="447" measuredHeight="82" src="assets/notification_in_tails.png"/>
<widgets xsi:type="model:Text" id="108" x="58" y="608" width="657" height="20" text=" The output of this command should be the following:" measuredWidth="657" measuredHeight="20">
<font size="12px" bold="false"/>
<widgets xsi:type="model:Image" id="119" x="87" y="418" width="447" height="82" measuredWidth="447" measuredHeight="82" src="assets/notification_in_tails.png"/>
<widgets xsi:type="model:Note" id="126" x="12" y="7" width="800" height="32" text="These instructions appears when the user clicks on &quot;See instructions for basic OpenPGP verification...&quot;." measuredWidth="800" measuredHeight="32" textAlignment="Left">
<font/>
</widgets>
<widgets xsi:type="model:Image" id="109" x="70" y="556" width="641" height="28" measuredWidth="641" measuredHeight="28" src="assets/2.png"/>
<widgets xsi:type="model:Image" id="111" x="71" y="646" width="640" height="105" measuredWidth="640" measuredHeight="105" src="assets/3.png"/>
<widgets xsi:type="model:Text" id="125" x="60" y="774" width="657" height="54" text=" Verify the date of the signature to make sure that you downloaded the latest version.&#xA;&#xA; If the output also includes:" measuredWidth="657" measuredHeight="54">
<widgets xsi:type="model:Text" id="127" x="44" y="355" width="657" height="41" text=" 4. After the verification finishes, click on the notification counter in the bottom-right corner and on the notification with a &#xA; transparent background on the right of the notification area:" measuredWidth="657" measuredHeight="41">
<font size="12px" bold="false"/>
</widgets>
<widgets xsi:type="model:Text" id="126" x="60" y="899" width="657" height="38" text=" Then the ISO image is still correct according to the signing key that you downloaded. To remove this warning you need to &#xA; authenticate the signing key through the OpenPGP Web of Trust." measuredWidth="657" measuredHeight="38">
<font size="12px" bold="false"/>
<widgets xsi:type="model:Image" id="128" x="86" y="209" width="315" height="124" measuredWidth="315" measuredHeight="124" src="assets/verifying_in_tails.png"/>
<widgets xsi:type="model:Text" id="129" x="44" y="79" width="660" height="120" text="IN TAILS&#xA;&#xA; 1. Open the file browser and navigate to the folder where you saved the ISO image and the signature.&#xA;&#xA; 2. Right-click on the signature and choose Open With Verify Signature.&#xA;&#xA; 3. The verification of the ISO image starts automatically:" measuredWidth="660" measuredHeight="120">
<font/>
</widgets>
<widgets xsi:type="model:Image" id="127" x="71" y="840" width="644" height="37" measuredWidth="644" measuredHeight="37" src="assets/4.png"/>
<hRuler/>
<vRuler>
<guides position="2305"/>
......
<?xml version="1.0" encoding="UTF-8"?>
<model:Screen xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:model="http://wireframesketcher.com/1.0/model.ecore">
<widgets xsi:type="model:Panel" id="128" x="12" y="48" width="800" height="600" measuredWidth="800" measuredHeight="600"/>
<widgets xsi:type="model:Text" id="108" x="58" y="138" width="657" height="20" text=" The output of this command should be the following:" measuredWidth="657" measuredHeight="20">
<font size="12px" bold="false"/>
</widgets>
<widgets xsi:type="model:Image" id="109" x="70" y="86" width="641" height="28" measuredWidth="641" measuredHeight="28" src="assets/2.png"/>
<widgets xsi:type="model:Image" id="111" x="71" y="176" width="640" height="105" measuredWidth="640" measuredHeight="105" src="assets/3.png"/>
<widgets xsi:type="model:Text" id="125" x="60" y="304" width="657" height="54" text=" Verify the date of the signature to make sure that you downloaded the latest version.&#xA;&#xA; If the output also includes:" measuredWidth="657" measuredHeight="54">
<font size="12px" bold="false"/>
</widgets>
<widgets xsi:type="model:Text" id="126" x="60" y="429" width="657" height="38" text=" Then the ISO image is still correct according to the signing key that you downloaded. To remove this warning you need to &#xA; authenticate the signing key through the OpenPGP Web of Trust." measuredWidth="657" measuredHeight="38">
<font size="12px" bold="false"/>
</widgets>
<widgets xsi:type="model:Image" id="127" x="71" y="370" width="644" height="37" measuredWidth="644" measuredHeight="37" src="assets/4.png"/>
<widgets xsi:type="model:Note" id="129" x="12" y="7" width="800" height="32" text="These instructions appears when the user clicks on &quot;See instructions for basic OpenPGP verification...&quot;." measuredWidth="800" measuredHeight="32" textAlignment="Left">
<font/>
</widgets>
<hRuler/>
<vRuler>
<guides position="2305"/>
</vRuler>
<font size="12px"/>
</model:Screen>
<?xml version="1.0" encoding="UTF-8"?>
<model:Screen xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:model="http://wireframesketcher.com/1.0/model.ecore">
<widgets xsi:type="model:Panel" id="96" x="12" y="8" width="721" height="1017" measuredWidth="721" measuredHeight="1017"/>
<widgets xsi:type="model:WidgetGroup" id="18" x="116" y="340" measuredWidth="225" measuredHeight="24">
<widgets xsi:type="model:Label" id="16" x="29" text="Install add-on for Firefox (no restart)" measuredWidth="196" measuredHeight="24">
<font/>
</widgets>
<widgets xsi:type="model:Image" id="17" width="25" height="21" measuredWidth="25" measuredHeight="21" src="assets/check.png"/>
</widgets>
<widgets xsi:type="model:Button" id="19" x="134" y="384" width="209" text="Verify download..." measuredWidth="209" measuredHeight="26" textAlignment="Left">
<font/>
</widgets>
<widgets xsi:type="model:WidgetGroup" id="22" x="134" y="252" measuredWidth="129" measuredHeight="25">
<widgets xsi:type="model:Link" id="20" x="32" y="1" text="Skip verification →" measuredWidth="97" measuredHeight="24">
<font/>
</widgets>
<widgets xsi:type="model:SVGImage" id="21" width="24" height="25" measuredWidth="24" measuredHeight="25" src="assets/warning.svg"/>
</widgets>
<widgets xsi:type="model:Button" id="23" x="134" y="924" text="Next →" measuredWidth="55" measuredHeight="26">
<font/>
</widgets>
<widgets xsi:type="model:Note" id="29" x="432" y="232" width="182" height="65" text="This is displayed instead of &quot;Skip download&quot; after the user starts a direct download." measuredWidth="182" measuredHeight="65" textAlignment="Left">
<font/>
</widgets>
<widgets xsi:type="model:Note" id="30" x="432" y="904" width="182" height="97" text="This is displayed instead of &quot;Skip download&quot; after the verification is successful or the OpenPGP signature is downloaded." measuredWidth="182" measuredHeight="97" textAlignment="Left">
<font/>
</widgets>
<widgets xsi:type="model:Note" id="31" x="432" y="321" width="273" height="107" text="This is displayed instead of &quot;Install add-on&quot;:&#xA;- After the add-on is installed.&#xA;- If the add-on is already installed and up-to-date.&#xA;- If the first verification failed and the user starts a new download." measuredWidth="273" measuredHeight="107" textAlignment="Left">
<font/>
</widgets>
<widgets xsi:type="model:Label" id="34" x="143" y="835" text="Verification successful!" measuredWidth="126" measuredHeight="24">
<font/>
</widgets>
<widgets xsi:type="model:Image" id="35" x="114" y="835" width="25" height="21" measuredWidth="25" measuredHeight="21" src="assets/check.png"/>
<widgets xsi:type="model:Note" id="37" x="432" y="816" width="182" height="61" text="This is displayed instead of &quot;Verify download...&quot; if the verification is successful." measuredWidth="182" measuredHeight="61" textAlignment="Left">
<font/>
</widgets>
<widgets xsi:type="model:Label" id="53" x="143" y="755" text="Verifying download...." measuredWidth="119" measuredHeight="24">
<font/>
</widgets>
<widgets xsi:type="model:Note" id="55" x="432" y="736" width="182" height="61" text="This is displayed instead of &quot;Verify download...&quot; during the verification." measuredWidth="182" measuredHeight="61" textAlignment="Left">
<font/>
</widgets>
<widgets xsi:type="model:WidgetGroup" id="89" x="134" y="34" measuredWidth="274" measuredHeight="180">
<widgets xsi:type="model:Panel" id="96" x="12" y="48" width="800" height="600" measuredWidth="800" measuredHeight="600"/>
<widgets xsi:type="model:WidgetGroup" id="89" x="134" y="69" measuredWidth="274" measuredHeight="180">
<widgets xsi:type="model:Window" id="85" width="273" height="180" measuredWidth="273" measuredHeight="180"/>
<widgets xsi:type="model:Text" id="87" x="11" y="27" width="263" height="144" text="BitTorrent is a peer-to-peer technology for file sharing that makes your download faster and easier to resume.&#xA;&#xA;You need to install a BitTorrent client on your computer, like [Transmission] (Windows, macOS, and Linux).&#xA;&#xA;BitTorrent doesn't work on Tails." measuredWidth="263" measuredHeight="144">
<font/>
<items x="77" y="80" width="70" height="16" text="Transmission"/>
</widgets>
</widgets>
<widgets xsi:type="model:Note" id="90" x="432" y="34" width="182" height="180" text="This is displayed when the user clicks on &quot;What is BitTorrent?&quot;." measuredWidth="182" measuredHeight="180" textAlignment="Left">
<widgets xsi:type="model:Note" id="90" x="432" y="69" width="352" height="28" text="This is displayed when the user clicks on &quot;What is BitTorrent?&quot;." measuredWidth="352" measuredHeight="28" textAlignment="Left">
<font/>
</widgets>
<widgets xsi:type="model:WidgetGroup" id="104" x="49" y="446" measuredWidth="360" measuredHeight="209">
<widgets xsi:type="model:WidgetGroup" id="104" x="49" y="266" measuredWidth="360" measuredHeight="209">
<widgets xsi:type="model:Window" id="97" width="360" height="209" text="Enter name of file to save to..." measuredWidth="360" measuredHeight="209"/>
<widgets xsi:type="model:Tree" id="98" x="10" y="64" width="90" height="105" text="Desktop&#xA;Downloads&#xA;Music&#xA;Videos" measuredWidth="90" measuredHeight="105">
<items x="0" y="5" width="90" height="22" text="Desktop"/>
<items x="0" y="27" width="90" height="22" text="Downloads"/>
<items x="0" y="49" width="90" height="22" text="Music"/>
<items x="0" y="71" width="90" height="22" text="Videos"/>
<widgets xsi:type="model:Tree" id="98" x="10" y="64" width="94" height="105" text="Desktop&#xA;Downloads&#xA;Music&#xA;Videos" measuredWidth="94" measuredHeight="105">
<items x="0" y="5" width="94" height="22" text="Desktop"/>
<items x="0" y="27" width="94" height="22" text="Downloads"/>
<items x="0" y="49" width="94" height="22" text="Music"/>
<items x="0" y="71" width="94" height="22" text="Videos"/>
<font/>
</widgets>
<widgets xsi:type="model:TextField" id="99" x="57" y="29" width="293" text="tails-amd64-3.1.iso" measuredWidth="293" measuredHeight="24">
<widgets xsi:type="model:TextField" id="99" x="57" y="29" width="293" text="tails-amd64-3.2.iso" measuredWidth="293" measuredHeight="24">
<font/>
</widgets>
<widgets xsi:type="model:Label" id="100" x="11" y="31" text="Name:" measuredWidth="40" measuredHeight="24">
<font/>
</widgets>
<widgets xsi:type="model:Panel" id="101" x="107" y="64" width="246" height="105" measuredWidth="246" measuredHeight="105"/>
<widgets xsi:type="model:Panel" id="101" x="111" y="64" width="242" height="105" measuredWidth="242" measuredHeight="105"/>
<widgets xsi:type="model:Button" id="102" x="299" y="173" width="54" text="Save" measuredWidth="54" measuredHeight="26">
<font/>
</widgets>
......@@ -74,16 +34,28 @@
<font/>
</widgets>
</widgets>
<widgets xsi:type="model:Note" id="105" x="432" y="446" width="182" height="209" text="File chooser displayed after clicking &quot;Verify download...&quot;" measuredWidth="182" measuredHeight="209" textAlignment="Left">
<widgets xsi:type="model:Note" id="105" x="432" y="266" width="352" height="27" text="File chooser after clicking a download button or link." measuredWidth="352" measuredHeight="27" textAlignment="Left">
<font/>
</widgets>
<widgets xsi:type="model:TextField" id="109" x="116" y="548" width="293" text="tails-amd64-3.2.iso.sig" measuredWidth="293" measuredHeight="24">
<font/>
</widgets>
<widgets xsi:type="model:Note" id="114" x="432" y="539" width="352" height="33" text="Default file name when downloading the OpenPGP signature." measuredWidth="352" measuredHeight="33" textAlignment="Left">
<font/>
</widgets>
<widgets xsi:type="model:Note" id="115" x="12" y="7" width="800" height="32" text="These are moving parts that are meant to be cut out on paper and used to simulate interaction during testing." measuredWidth="800" measuredHeight="32" textAlignment="Left">
<font/>
</widgets>
<widgets xsi:type="model:TextField" id="116" x="116" y="598" width="293" text="tails-signing.key" measuredWidth="293" measuredHeight="24">
<font/>
</widgets>
<widgets xsi:type="model:TextField" id="109" x="116" y="678" width="293" text="tails-amd64-3.1.iso.sig" measuredWidth="293" measuredHeight="24">
<widgets xsi:type="model:Note" id="117" x="432" y="589" width="352" height="33" text="Default file name when downloading the signing key." measuredWidth="352" measuredHeight="33" textAlignment="Left">
<font/>
</widgets>
<widgets xsi:type="model:Label" id="110" x="279" y="535" text="Name:" measuredWidth="40" measuredHeight="24">
<widgets xsi:type="model:TextField" id="118" x="116" y="498" width="293" text="tails-amd64-3.1.torrent" measuredWidth="293" measuredHeight="24">
<font/>
</widgets>
<widgets xsi:type="model:Note" id="114" x="432" y="669" width="182" height="41" text="Default file name when download OpenPGP signature." measuredWidth="182" measuredHeight="41" textAlignment="Left">
<widgets xsi:type="model:Note" id="119" x="432" y="489" width="352" height="33" text="Default file name when downloading the signing key." measuredWidth="352" measuredHeight="33" textAlignment="Left">
<font/>
</widgets>
<hRuler/>
......
<?xml version="1.0" encoding="UTF-8"?>
<model:Screen xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:model="http://wireframesketcher.com/1.0/model.ecore">
<widgets xsi:type="model:Panel" id="98" x="12" y="8" width="721" height="1017" measuredWidth="721" measuredHeight="1017"/>
<widgets xsi:type="model:WidgetGroup" id="18" x="114" y="450" measuredWidth="232" measuredHeight="24">
<widgets xsi:type="model:Label" id="16" x="29" text="Update add-on for Firefox (no restart)" measuredWidth="203" measuredHeight="24">
<font/>
</widgets>
<widgets xsi:type="model:Image" id="17" width="25" height="21" measuredWidth="25" measuredHeight="21" src="assets/check.png"/>
<widgets xsi:type="model:Panel" id="98" x="12" y="48" width="800" height="600" measuredWidth="800" measuredHeight="600"/>
<widgets xsi:type="model:Label" id="99" x="141" y="82" text="Verification failed!" measuredWidth="106" measuredHeight="24">
<font bold="true"/>
</widgets>
<widgets xsi:type="model:Button" id="19" x="134" y="494" width="209" text="Verify download..." measuredWidth="209" measuredHeight="26" textAlignment="Left">
<widgets xsi:type="model:Note" id="100" x="429" y="73" width="355" height="61" text="This is displayed instead of &quot;Verify download...&quot; if the verification failed once." measuredWidth="355" measuredHeight="61" textAlignment="Left">
<font/>
</widgets>
<widgets xsi:type="model:Note" id="31" x="432" y="431" width="182" height="107" text="This is displayed instead of &quot;Install add-on&quot; after the add-on is updated." measuredWidth="182" measuredHeight="107" textAlignment="Left">
<widgets xsi:type="model:Image" id="101" x="110" y="78" width="27" height="29" measuredWidth="27" measuredHeight="29" src="assets/failed.png"/>
<widgets xsi:type="model:Label" id="102" x="141" y="102" text="Please [try to download again...]" measuredWidth="166" measuredHeight="24">
<font/>
<items x="37" y="3" width="123" height="16" text="try to download again..."/>
</widgets>
<widgets xsi:type="model:Button" id="96" x="134" y="348" text="Update add-on for Firefox (no restart)" measuredWidth="217" measuredHeight="26">
<widgets xsi:type="model:Label" id="103" x="141" y="379" text="Verification failed again!" measuredWidth="138" measuredHeight="24">
<font bold="true"/>
</widgets>
<widgets xsi:type="model:Note" id="104" x="429" y="360" width="355" height="44" text="This is displayed instead of &quot;Verify download...&quot; if the verification failed more than once." measuredWidth="355" measuredHeight="44" textAlignment="Left">
<font/>
</widgets>