Commit d9bbefb9 authored by Tails developers's avatar Tails developers
Browse files

Merge remote-tracking branch 'origin/devel' into test/6559-adapt-test-suite-for-Wheezy

Conflicts:
	config/chroot_local-hooks/98-remove_unwanted_packages
parents 17204df5 5f77fae8
......@@ -60,6 +60,15 @@ def primary_vm_state
end
end
def primary_vm_chan
if vagrant_old
return primary_vm.channel
else
return primary_vm.communicate
end
end
def vm_id
if vagrant_old
primary_vm.uuid
......@@ -76,11 +85,6 @@ def vm_driver
end
end
def current_vm_memory
info = vm_driver.execute 'showvminfo', vm_id, '--machinereadable'
$1.to_i if info =~ /^memory=(\d+)/
end
def current_vm_cpus
info = vm_driver.execute 'showvminfo', vm_id, '--machinereadable'
$1.to_i if info =~ /^cpus=(\d+)/
......@@ -90,7 +94,7 @@ def vm_running?
primary_vm_state == :running
end
def enough_free_memory?
def enough_free_host_memory_for_ram_build?
return false unless RbConfig::CONFIG['host_os'] =~ /linux/i
begin
......@@ -101,6 +105,24 @@ def enough_free_memory?
end
end
def free_vm_memory
primary_vm_chan.execute("free", :error_check => false) do |fd, data|
return data.split[16].to_i
end
end
def enough_free_vm_memory_for_ram_build?
free_vm_memory > BUILD_SPACE_REQUIREMENT * 1024
end
def enough_free_memory_for_ram_build?
if vm_running?
enough_free_vm_memory_for_ram_build?
else
enough_free_host_memory_for_ram_build?
end
end
def is_release?
branch_name = `git name-rev --name-only HEAD`
tag_name = `git describe --exact-match HEAD 2> /dev/null`
......@@ -121,7 +143,7 @@ task :parse_build_options do
options = ''
# Default to in-memory builds if there is enough RAM available
options += 'ram ' if enough_free_memory?
options += 'ram ' if enough_free_memory_for_ram_build?
# Use in-VM proxy unless an external proxy is set
options += 'vmproxy ' unless EXTERNAL_HTTP_PROXY
......@@ -141,9 +163,6 @@ task :parse_build_options do
case opt
# Memory build settings
when 'ram'
unless vm_running? || enough_free_memory?
abort "Not enough free memory to do an in-memory build. Aborting."
end
ENV['TAILS_RAM_BUILD'] = '1'
when 'noram'
ENV['TAILS_RAM_BUILD'] = nil
......@@ -226,7 +245,7 @@ end
desc 'Build Tails'
task :build => ['parse_build_options', 'ensure_clean_repository', 'validate_http_proxy', 'vm:up'] do
if ENV['TAILS_RAM_BUILD'] && current_vm_memory < VM_MEMORY_FOR_RAM_BUILDS
if ENV['TAILS_RAM_BUILD'] && not(enough_free_memory_for_ram_build?)
$stderr.puts <<-END_OF_MESSAGE.gsub(/^ /, '')
The virtual machine is not currently set with enough memory to
......@@ -252,13 +271,8 @@ task :build => ['parse_build_options', 'ensure_clean_repository', 'validate_http
exported_env = EXPORTED_VARIABLES.select { |k| ENV[k] }.
collect { |k| "#{k}='#{ENV[k]}'" }.join(' ')
if vagrant_old
chan = primary_vm.channel
else
chan = primary_vm.communicate
end
status = chan.execute("#{exported_env} build-tails",
:error_check => false) do |fd, data|
status = primary_vm_chan.execute("#{exported_env} build-tails",
:error_check => false) do |fd, data|
(fd == :stdout ? $stdout : $stderr).write data
end
......
......@@ -59,6 +59,7 @@ chmod -R go+rX config/chroot_local-includes/usr
chmod -R go+rx config/chroot_local-includes/usr/local/bin
chmod -R go+rx config/chroot_local-includes/usr/local/sbin
chmod -R go+rX config/chroot_local-includes/usr/share/doc/tails
chmod -R go+rX config/chroot_local-includes/var
chmod -R go+rX config/chroot_apt
chmod -R go+rX config/chroot_sources
......
#!/bin/bash
set -e
# Including common functions
. "${LB_BASE:-/usr/share/live/build}"/scripts/build.sh
......
#!/bin/bash
set -e
# Including common functions
. "${LB_BASE:-/usr/share/live/build}"/scripts/build.sh
# Setting static variables
DESCRIPTION="$(Echo 'fixing syslinux installation')"
HELP=""
USAGE="${PROGRAM}"
# Reading configuration files
Read_conffiles config/all config/bootstrap config/common config/binary
Set_defaults
# Safeguards
[ "${LB_BOOTLOADER}" = "syslinux" ] || exit 0
[ "${LB_ARCHITECTURE}" = "i386" ] || exit 0
# Seems like we'll have work to do
Echo_message "fixing syslinux installation"
# Setting boot method specific variables
case "${LB_BINARY_IMAGES}" in
iso|iso-hybrid)
SYSLINUX_PATH="binary/isolinux"
;;
usb-hdd)
SYSLINUX_PATH="binary/syslinux"
;;
esac
# Main
for module in ldlinux libcom32 libutil
do
cp chroot/usr/lib/syslinux/modules/bios/"${module}.c32" "$SYSLINUX_PATH"
done
#!/bin/bash
set -e
# Including common functions
. "${LB_BASE:-/usr/share/live/build}"/scripts/build.sh
# Setting static variables
DESCRIPTION="$(Echo 'installing syslinux UEFI bootloader')"
HELP=""
USAGE="${PROGRAM}"
# Reading configuration files
Read_conffiles config/all config/bootstrap config/common config/binary
Set_defaults
# Safeguards
[ "${LB_BOOTLOADER}" = "syslinux" ] || exit 0
[ "${LB_ARCHITECTURE}" = "i386" ] || exit 0
# Seems like we'll have work to do
Echo_message "installing syslinux UEFI bootloader"
# Setting boot method specific variables
case "${LB_BINARY_IMAGES}" in
iso|iso-hybrid)
SYSLINUX_PATH="binary/isolinux"
;;
usb-hdd)
SYSLINUX_PATH="binary/syslinux"
;;
esac
# Main
mkdir -p binary/EFI/BOOT
cp chroot/usr/lib/SYSLINUX/efi64/syslinux.efi binary/EFI/BOOT/bootx64.efi
cp chroot/usr/share/tails/bootx64.png binary/EFI/BOOT/
cp "$SYSLINUX_PATH"/* binary/EFI/BOOT/
cp -f chroot/usr/lib/syslinux/modules/efi64/* binary/EFI/BOOT/
sed -r -i -e 's,^(menu background splash\.png)$,\#\1,' binary/EFI/BOOT/stdmenu.cfg
......@@ -166,10 +166,26 @@ Package: seahorse-nautilus
Pin: release o=Debian Backports,n=wheezy-backports
Pin-Priority: 999
Package: shared-mime-info
Pin: release o=Debian Backports,n=wheezy-backports
Pin-Priority: 999
Package: tor
Pin: release o=TorProject,n=wheezy
Pin-Priority: 999
Package: virtualbox-guest-dkms
Pin: release o=Debian Backports,n=wheezy-backports
Pin-Priority: 999
Package: virtualbox-guest-utils
Pin: release o=Debian Backports,n=wheezy-backports
Pin-Priority: 999
Package: virtualbox-guest-x11
Pin: release o=Debian Backports,n=wheezy-backports
Pin-Priority: 999
Package: tor-geoipdb
Pin: release o=TorProject,n=wheezy
Pin-Priority: 999
......
#!/bin/sh
set -e
echo "Building VirtualBox guest modules"
hw_arch="`dpkg --print-architecture`"
if [ "$hw_arch" != i386 -a "$hw_arch" != amd64 ]; then
exit 0
fi
available_gcc_version=4.7
wanted_gcc_version=4.8
# the -dkms package must be installed *after* dkms to be properly registered
apt-get install --yes build-essential dkms dpatch
# temporary workaround: pretend the "wanted" GCC is available, so that
# the modules can build.
# /usr/src/linux-headers-3.*-common/scripts/gcc-version.sh
# is the one who says they should be run using that version.
apt-get install --yes gcc-${available_gcc_version}
# Create and install fake GCC package
apt-get install --yes equivs
cat > /root/gcc-${wanted_gcc_version}.control << EOF
Section: devel
Priority: optional
Homepage: https://tails.boum.org/
Standards-Version: 3.6.2
Package: gcc-${wanted_gcc_version}
Maintainer: Tails developers <amnesia@boum.org>
Architecture: all
Description: (Fake) GNU C compiler
Work around the fact that our Linux headers depend on gcc-${wanted_gcc_version},
which is unavailable on Wheezy.
EOF
cd /root ; equivs-build /root/gcc-${wanted_gcc_version}.control
dpkg -i gcc-${wanted_gcc_version}_1.0_all.deb
ln -sf /usr/bin/gcc-${available_gcc_version} /usr/bin/gcc-${wanted_gcc_version}
rm /root/gcc-${wanted_gcc_version}.control /root/gcc-${wanted_gcc_version}_1.0_all.deb
# Versions of the module prior to 4.2 do not built on 3.8 and later [Debian #704130].
# Install version from Wheezy backports.
apt-get install --yes virtualbox-guest-utils virtualbox-guest-dkms virtualbox-guest-x11
# Have the modules built for every installed kernel
for KERNEL in /boot/vmlinuz-* ; do
KERNEL_VERSION="$(basename ${KERNEL} | sed -e 's|vmlinuz-||')"
MODULES_VERSION="$(dpkg-query -W -f='${Version\n}' virtualbox-guest-dkms)"
# Installing the headers should trigger the building of the modules for that kernel
apt-get install --yes linux-headers-$KERNEL_VERSION
# Only build and install if it was not done already
if [ ! "$(dkms status -k $KERNEL_VERSION -m virtualbox-guest -v $MODULES_VERSION)" ]; then
dkms build -k $KERNEL_VERSION -m virtualbox-guest -v $MODULES_VERSION
dkms install -k $KERNEL_VERSION -m virtualbox-guest -v $MODULES_VERSION
fi
done
# clean the build directory
rm -r /var/lib/dkms/virtualbox-guest/
# virtualbox-guest-dkms's postrm script deletes any previously
# built binary module; let's delete it before the package gets purged.
rm /var/lib/dpkg/info/virtualbox-guest-dkms.prerm
# remove temporary workaround
rm /usr/bin/gcc-${wanted_gcc_version}
#!/bin/sh
set -e
# Make syslinux 6.x packaging play well with live-build 2.x
cp -a /usr/lib/syslinux/modules/bios/ifcpu64.c32 \
/usr/lib/syslinux/modules/bios/vesamenu.c32 \
/usr/lib/ISOLINUX/isolinux.bin \
/usr/lib/syslinux/
......@@ -15,13 +15,13 @@ apt-get --yes purge \
'^linux-kbuild-*' \
'^linux-headers-*' \
build-essential debhelper dkms dpatch dpkg-dev \
gcc gcc-4.7 \
gcc gcc-4.7 gcc-4.8 \
intltool-debian \
libc6-dev libgl1-mesa-dev libstdc++6-4.4-dev linux-libc-dev \
make \
module-assistant \
po-debconf \
virtualbox-guest-dkms
equivs virtualbox-guest-dkms
### Deinstall a few unwanted packages that were pulled by tasksel
### since they have Priority: standard.
......@@ -38,6 +38,8 @@ apt-get --yes purge \
live-build \
locales \
'^openssh-blacklist*' \
python2.6 \
python2.6-minimal \
rpcbind \
tasksel \
tasksel-data \
......
......@@ -7,6 +7,7 @@ style='/usr/share/florence/styles/hard'
[apps/florence/style]
sounds=false
system-font=false
[apps/florence/window]
decorated=false
......@@ -25,10 +26,7 @@ session-name='gnome-fallback'
[org/gnome/desktop/background]
show-desktop-icons = true
picture-uri=''
picture-options='none'
primary-color='#0064BA'
secondary-color='#66BA00'
picture-uri='file:///usr/share/tails/desktop_wallpaper.png'
[org/gnome/desktop/interface]
menus-have-icons=true
......
......@@ -49,6 +49,7 @@ pref("browser.syncPromoViewsLeftMap", "{\"addons\":0, \"passwords\":0, \"bookmar
pref("services.sync.engine.prefs", false); // Never sync prefs, addons, or tabs with other browsers
pref("services.sync.engine.addons", false);
pref("services.sync.engine.tabs", false);
pref("extensions.getAddons.cache.enabled", false); // https://blog.mozilla.org/addons/how-to-opt-out-of-add-on-metadata-updates/
// Fingerprinting
pref("webgl.min_capability_mode", true);
......@@ -140,5 +141,13 @@ pref("keyword.URL", "https://startpage.com/do/search?q=");
pref("gfx.direct2d.disabled", true);
pref("layers.acceleration.disabled", true);
// Security enhancements
// https://trac.torproject.org/projects/tor/ticket/9387#comment:17
pref("javascript.options.ion.content", false);
pref("javascript.options.baselinejit.content", false);
pref("javascript.options.asmjs", false);
pref("javascript.options.typeinference", false);
// Version placeholder
pref("torbrowser.version", "UNKNOWN");
......@@ -63,6 +63,11 @@ user_pref("extensions.torbutton.saved.socks_remote_dns", true);
user_pref("extensions.torbutton.saved.socks_version", 5);
user_pref("extensions.torbutton.saved.type", 1);
// These must be set to the same value to prevent Torbutton from
// flashing its upgrade notification.
user_pref("extensions.torbutton.lastBrowserVersion", "Tails");
user_pref("torbrowser.version", "Tails");
// Proxy and proxy security
user_pref("network.proxy.socks_port", 9151);
......@@ -120,4 +125,3 @@ user_pref("layout.spellcheckDefault", 0);
user_pref("media.peerconnection.enabled", false);
user_pref("network.dns.disableIPv6", true);
user_pref("security.warn_submit_insecure", true);
user_pref("torbrowser.version", "Tails");
[Desktop Entry]
Name=tails-configure-keyboard
GenericName=configure the keyboard layout
Comment=configure the keyboard layout according to settings chosen in Tails Greeter
Exec=/usr/local/bin/tails-configure-keyboard
Terminal=false
Type=Application
Categories=GNOME;X-GNOME-PersonalSettings;
NoDisplay=true
MimeType=application/x-tails-configure-keyboard;
#!/bin/sh
set -eu
# Get $TAILS_XKBMODEL, $TAILS_XKBLAYOUT, $TAILS_XKBVARIANT and $TAILS_XKBOPTIONS
. /var/lib/tails-user-session/keyboard
dconf write /org/gnome/libgnomekbd/keyboard/model "'$XKBMODEL'"
dconf write /org/gnome/libgnomekbd/keyboard/layouts "['$XKBLAYOUT\\t$XKBVARIANT']"
if [ "$XKBLAYOUT" != "us" ]; then
# Add 'us' switch. Note that it's important that we set the layout
# on its own above, because otherwise the following will make 'us'
# the default.
dconf write /org/gnome/libgnomekbd/keyboard/layouts "['$XKBLAYOUT\\t$XKBVARIANT', 'us']"
fi
......@@ -9,7 +9,7 @@ export TEXTDOMAIN
TORDATE_DIR=/var/run/tordate
TORDATE_DONE_FILE="${TORDATE_DIR}/done"
INOTIFY_TIMEOUT=60
MIN_MEMFREE=$((200 * 1024))
MIN_MEMFREE=$((125 * 1024))
MIN_TOTAL_MEMFREE=$((500 * 1024))
RUN_AS_USER=tails-upgrade-frontend
......
......@@ -141,6 +141,8 @@ iceweasel-l10n-all
inkscape
ipheth-utils
iptables
# ships isolinux.bin in syslinux 6.x packaging
isolinux
ferm
keepassx
kexec-tools
......@@ -166,6 +168,7 @@ msva-perl
mutt
nautilus
nautilus-wipe
nautilus-gtkhash
network-manager-gnome
ntfs-3g
ntfsprogs
......@@ -209,6 +212,8 @@ seahorse-nautilus
secure-delete
simple-scan
sshfs
# ships the *.c32 modules in syslinux 6.x packaging
syslinux-common
system-config-printer
systemd
synaptic
......@@ -319,6 +324,7 @@ mousetweaks
gnome-mag
## text-to-speech
gnome-orca
at-spi2-core
## high-contrast theme
gnome-accessibility-themes
## graphical predictive text input system
......
--- chroot.orig/etc/gdm3/greeter.gsettings 2014-05-11 21:58:13.547765234 +0200
+++ chroot/etc/gdm3/greeter.gsettings 2014-05-11 22:00:46.493721796 +0200
@@ -17,6 +17,10 @@
# picture-options='none'
# primary-color='#000000'
+[org.gnome.desktop.background]
+picture-options='none'
+primary-color='#0064BA'
+
# Greeter session choice
# ======================
# Use 'gdm-shell' for the GNOME Shell version.
--- a/usr/share/zenity/zenity.ui
+++ b/usr/share/zenity/zenity.ui
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<interface>
- <!-- interface-requires gtk+ 2.6 -->
+ <!-- interface-requires gtk+ 3.0 -->
<object class="GtkAdjustment" id="adjustment1">
<property name="upper">100</property>
<property name="step_increment">1</property>
@@ -27,6 +27,7 @@
<child>
<object class="GtkButton" id="zenity_calendar_cancel_button">
<property name="label">gtk-cancel</property>
+ <property name="use_action_appearance">False</property>
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="can_default">True</property>
@@ -43,6 +44,7 @@
<child>
<object class="GtkButton" id="zenity_calendar_ok_button">
<property name="label">gtk-ok</property>
+ <property name="use_action_appearance">False</property>
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="has_focus">True</property>
@@ -161,6 +163,7 @@
<child>
<object class="GtkButton" id="zenity_entry_cancel_button">
<property name="label">gtk-cancel</property>
+ <property name="use_action_appearance">False</property>
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="can_default">True</property>
@@ -177,6 +180,7 @@
<child>
<object class="GtkButton" id="zenity_entry_ok_button">
<property name="label">gtk-ok</property>
+ <property name="use_action_appearance">False</property>
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="can_default">True</property>
@@ -268,6 +272,7 @@
<child>
<object class="GtkButton" id="zenity_error_ok_button">
<property name="label">gtk-ok</property>
+ <property name="use_action_appearance">False</property>
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="can_default">True</property>
@@ -323,6 +328,7 @@
<property name="use_markup">True</property>
<property name="wrap">True</property>
<property name="selectable">True</property>
+ <property name="ellipsize">start</property>
</object>
<packing>
<property name="expand">False</property>
@@ -367,6 +373,7 @@
<child>
<object class="GtkButton" id="zenity_forms_cancel_button">
<property name="label">gtk-cancel</property>
+ <property name="use_action_appearance">False</property>
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="receives_default">True</property>
@@ -382,6 +389,7 @@
<child>
<object class="GtkButton" id="zenity_forms_ok_button">
<property name="label">gtk-ok</property>
+ <property name="use_action_appearance">False</property>
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="receives_default">True</property>
@@ -427,6 +435,12 @@
<child>
<placeholder/>
</child>
+ <child>
+ <placeholder/>
+ </child>
+ <child>
+ <placeholder/>
+ </child>
</object>
</child>
</object>
@@ -473,6 +487,7 @@
<child>
<object class="GtkButton" id="zenity_info_ok_button">
<property name="label">gtk-ok</property>
+ <property name="use_action_appearance">False</property>
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="can_default">True</property>
@@ -523,6 +538,7 @@
<property name="use_markup">True</property>
<property name="wrap">True</property>
<property name="selectable">True</property>
+ <property name="ellipsize">start</property>
</object>
<packing>
<property name="expand">False</property>