Commit e5540ad2 authored by Tails developers's avatar Tails developers
Browse files

Merge branch 'devel' into feature/unsafe-browser

parents e651960d 98f5a232
......@@ -28,3 +28,7 @@
/.lock
/.stage
/source
/vagrant/.vagrant
/vagrant/definitions/squeeze/preseed.cfg
/vagrant/iso
/vagrant/squeeze.box
# -*- mode: ruby -*-
# vi: set ft=ruby :
#
# Tails: The Amnesic Incognito Live System
# Copyright © 2012 Tails developers <tails@boum.org>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
require 'rbconfig'
require 'rubygems'
require 'vagrant'
require 'uri'
$:.unshift File.expand_path('../vagrant/lib', __FILE__)
require 'tails_build_settings'
# Path to the directory which holds our Vagrantfile
VAGRANT_PATH = File.expand_path('../vagrant', __FILE__)
# Branches that are considered 'stable' (used to select SquashFS compression)
STABLE_BRANCH_NAMES = ['stable', 'testing']
# Environment variables that will be exported to the build script
EXPORTED_VARIABLES = ['http_proxy', 'MKSQUASHFS_OPTIONS', 'TAILS_RAM_BUILD', 'TAILS_CLEAN_BUILD']
# Let's save the http_proxy set before playing with it
EXTERNAL_HTTP_PROXY = ENV['http_proxy']
# In-VM proxy URL
INTERNEL_HTTP_PROXY = "http://#{VIRTUAL_MACHINE_HOSTNAME}:3142"
def current_vm_memory
env = Vagrant::Environment.new(:cwd => VAGRANT_PATH, :ui_class => Vagrant::UI::Basic)
uuid = env.primary_vm.uuid
info = env.primary_vm.driver.execute 'showvminfo', uuid, '--machinereadable'
$1.to_i if info =~ /^memory=(\d+)/
end
def current_vm_cpus
env = Vagrant::Environment.new(:cwd => VAGRANT_PATH, :ui_class => Vagrant::UI::Basic)
uuid = env.primary_vm.uuid
info = env.primary_vm.driver.execute 'showvminfo', uuid, '--machinereadable'
$1.to_i if info =~ /^cpus=(\d+)/
end
def enough_free_memory?
return false unless RbConfig::CONFIG['host_os'] =~ /linux/i
begin
usable_free_mem = `free`.split[16].to_i
usable_free_mem > VM_MEMORY_FOR_RAM_BUILDS * 1024
rescue
false
end
end
def stable_branch?
branch_name = `git name-rev --name-only HEAD`
STABLE_BRANCH_NAMES.include? branch_name
end
def system_cpus
return nil unless RbConfig::CONFIG['host_os'] =~ /linux/i
begin
File.read('/proc/cpuinfo').scan(/^processor\s+:/).count
rescue
nil
end
end
task :parse_build_options do
options = ''
# Default to in-memory builds if there is enough RAM available
options += 'ram ' if enough_free_memory?
# Use in-VM proxy unless an external proxy is set
options += 'vmproxy ' unless EXTERNAL_HTTP_PROXY
# Default to fast compression on development branches
options += 'gzipcomp ' unless stable_branch?
# Default to the number of system CPUs when we can figure it out
cpus = system_cpus
options += "cpus=#{cpus} " if cpus
options += ENV['TAILS_BUILD_OPTIONS'] if ENV['TAILS_BUILD_OPTIONS']
options.split(' ').each do |opt|
case opt
# Memory build settings
when 'ram'
abort "Not enough free memory to do an in-memory build. Aborting." unless enough_free_memory?
ENV['TAILS_RAM_BUILD'] = '1'
when 'noram'
ENV['TAILS_RAM_BUILD'] = nil
# HTTP proxy settings
when 'extproxy'
abort "No HTTP proxy set, but one is required by TAILS_BUILD_OPTIONS. Aborting." unless EXTERNAL_HTTP_PROXY
ENV['http_proxy'] = EXTERNAL_HTTP_PROXY
when 'vmproxy'
ENV['http_proxy'] = INTERNEL_HTTP_PROXY
when 'noproxy'
ENV['http_proxy'] = nil
# SquashFS compression settings
when 'gzipcomp'
ENV['MKSQUASHFS_OPTIONS'] = '-comp gzip'
when 'defaultcomp'
ENV['MKSQUASHFS_OPTIONS'] = nil
# Clean-up settings
when 'cleanall'
ENV['TAILS_CLEAN_BUILD'] = '1'
# Virtual CPUs settings
when /cpus=(\d+)/
ENV['TAILS_BUILD_CPUS'] = $1
# Git settings
when 'ignorechanges'
ENV['TAILS_BUILD_IGNORE_CHANGES'] = '1'
end
end
end
task :ensure_clean_repository do
unless `git status --porcelain`.empty?
if ENV['TAILS_BUILD_IGNORE_CHANGES']
$stderr.puts <<-END_OF_MESSAGE.gsub(/^ /, '')
You have uncommited changes in the Git repository. They will
be ignored for the upcoming build.
END_OF_MESSAGE
else
$stderr.puts <<-END_OF_MESSAGE.gsub(/^ /, '')
You have uncommited changes in the Git repository. Due to limitations
of the build system, you need to commit them before building Tails.
If you don't care about those changes and want to build Tails nonetheless,
please add `ignorechanges` to the TAILS_BUILD_OPTIONS environment
variable.
END_OF_MESSAGE
abort 'Uncommited changes. Aborting.'
end
end
end
task :validate_http_proxy do
if ENV['http_proxy']
proxy_host = URI.parse(ENV['http_proxy']).host
if proxy_host.nil?
ENV['http_proxy'] = nil
$stderr.puts "Ignoring invalid HTTP proxy."
return
end
if ['localhost', '[::1]'].include?(proxy_host) || proxy_host.start_with?('127.0.0.')
abort 'Using an HTTP proxy listening on the loopback is doomed to fail. Aborting.'
end
$stderr.puts "Using HTTP proxy: #{ENV['http_proxy']}"
else
$stderr.puts "No HTTP proxy set."
end
end
desc 'Build Tails'
task :build => ['parse_build_options', 'ensure_clean_repository', 'validate_http_proxy', 'vm:up'] do
exported_env = EXPORTED_VARIABLES.select { |k| ENV[k] }.
collect { |k| "#{k}='#{ENV[k]}'" }.join(' ')
env = Vagrant::Environment.new(:cwd => VAGRANT_PATH)
status = env.primary_vm.channel.execute("#{exported_env} build-tails",
:error_check => false) do |fd, data|
(fd == :stdout ? $stdout : $stderr).write data
end
# Move build products to the current directory
FileUtils.mv Dir.glob("#{VAGRANT_PATH}/tails-*"),
File.expand_path('..', __FILE__), :force => true
exit status
end
namespace :vm do
desc 'Start the build virtual machine'
task :up => ['parse_build_options', 'validate_http_proxy'] do
env = Vagrant::Environment.new(:cwd => VAGRANT_PATH, :ui_class => Vagrant::UI::Basic)
case env.primary_vm.state
when :not_created
# Do not use non-existant in-VM proxy to download the basebox
if ENV['http_proxy'] == INTERNEL_HTTP_PROXY
ENV['http_proxy'] = nil
restore_internal_proxy = true
end
$stderr.puts <<-END_OF_MESSAGE.gsub(/^ /, '')
This is the first time that the Tails builder virtual machine is
started. The virtual machine template is about 300 MB to download,
so the process might take some time.
Please remember to shut the virtual machine down once your work on
Tails in done:
$ rake vm:halt
END_OF_MESSAGE
when :poweroff
$stderr.puts <<-END_OF_MESSAGE.gsub(/^ /, '')
Starting Tails builder virtual machine. This might take a short while.
Please remember to shut it down once your work on Tails in done:
$ rake vm:halt
END_OF_MESSAGE
when :running
if ENV['TAILS_RAM_BUILD'] && current_vm_memory < VM_MEMORY_FOR_RAM_BUILDS
$stderr.puts <<-END_OF_MESSAGE.gsub(/^ /, '')
The virtual machine is not currently set with enough memory to
perform an in-memory build. Either remove the `ram` option from
the TAILS_BUILD_OPTIONS environment variable, or shut the
virtual machine down using `rake vm:halt` before trying again.
END_OF_MESSAGE
abort 'Not enough memory for the virtual machine to run an in-memory build. Aborting.'
end
if ENV['TAILS_BUILD_CPUS'] && current_vm_cpus != ENV['TAILS_BUILD_CPUS'].to_i
$stderr.puts <<-END_OF_MESSAGE.gsub(/^ /, '')
The virtual machine is currently running with #{current_vm_cpus}
virtual CPU(s). In order to change that number, you need to
stop the VM first, using `rake vm:halt`. Otherwise, please
adjust the `cpus` options accordingly.
END_OF_MESSAGE
abort 'The virtual machine needs to be reloaded to change the number of CPUs. Aborting.'
end
end
result = env.cli('up')
abort "'vagrant up' failed" unless result
ENV['http_proxy'] = INTERNEL_HTTP_PROXY if restore_internal_proxy
end
desc 'Stop the build virtual machine'
task :halt do
env = Vagrant::Environment.new(:cwd => VAGRANT_PATH, :ui_class => Vagrant::UI::Basic)
result = env.cli('halt')
abort "'vagrant halt' failed" unless result
end
desc 'Re-run virtual machine setup'
task :provision => ['parse_build_options', 'validate_http_proxy'] do
env = Vagrant::Environment.new(:cwd => VAGRANT_PATH, :ui_class => Vagrant::UI::Basic)
result = env.cli('provision')
abort "'vagrant provision' failed" unless result
end
desc 'Destroy build virtual machine (clean up all files)'
task :destroy do
env = Vagrant::Environment.new(:cwd => VAGRANT_PATH, :ui_class => Vagrant::UI::Basic)
result = env.cli('destroy', '--force')
abort "'vagrant destroy' failed" unless result
end
end
namespace :basebox do
task :create_preseed_cfg => 'validate_http_proxy' do
require 'erb'
preseed_cfg_path = File.expand_path('../vagrant/definitions/squeeze/preseed.cfg', __FILE__)
template = ERB.new(File.read("#{preseed_cfg_path}.erb"))
File.open(preseed_cfg_path, 'w') do |f|
f.write template.result
end
end
desc 'Create virtual machine template (a.k.a. basebox)'
task :create_basebox => [:create_preseed_cfg] do
# veewee is pretty stupid regarding path handling
Dir.chdir(VAGRANT_PATH) do
require 'veewee'
# Veewee assumes a separate process for each task. So we mimic that.
env = Vagrant::Environment.new(:ui_class => Vagrant::UI::Basic)
Process.fork do
env.cli('basebox', 'build', 'squeeze')
end
Process.wait
abort "Building the basebox failed (exit code: #{$?.exitstatus})." if $?.exitstatus != 0
Process.fork do
env.cli('basebox', 'validate', 'squeeze')
end
Process.wait
abort "Validating the basebox failed (exit code: #{$?.exitstatus})." if $?.exitstatus != 0
Process.fork do
env.cli('basebox', 'export', 'squeeze')
end
Process.wait
abort "Exporting the basebox failed (exit code: #{$?.exitstatus})." if $?.exitstatus != 0
end
end
end
......@@ -17,8 +17,6 @@ then
exit 0
fi
Echo_message "removing buggy syslinux help"
# Setting boot method specific variables
case "${LB_BINARY_IMAGES}" in
iso|iso-hybrid)
......@@ -29,6 +27,27 @@ case "${LB_BINARY_IMAGES}" in
;;
esac
Echo_message "customize buggy syslinux help"
# Remove help menu entry from menu.cfg (and every line after)
CFG_FILE="${SYSLINUX_PATH}/menu.cfg"
perl -pni -E 'exit if m{^label[[:blank:]]+help$}' "${CFG_FILE}"
Echo_message "customize syslinux menu"
sed -i -e "s/Boot menu/Boot Tails/" "${CFG_FILE}"
cat > "${SYSLINUX_PATH}/tails.cfg" << EOF
menu color sel * #ffffffff #55555555 *
menu color hotsel 1;7;37;40 #ffffffff #22222222 *
menu vshift 12
menu rows 7
menu helpmsgrow 15
menu cmdlinerow 13
menu timeoutrow 16
menu tabmsgrow 18
EOF
sed -i -e '/^include stdmenu\.cfg/a include tails.cfg' "${CFG_FILE}"
......@@ -50,6 +50,10 @@ Package: libregexp-common-perl
Pin: release o=Debian,a=unstable
Pin-Priority: 999
Package: libsqlite3-0
Pin: origin mozilla.debian.net
Pin-Priority: 999
Package: libunix-mknod-perl
Pin: origin backports.debian.org
Pin-Priority: 999
......
// Proxy through Polipo to torify outgoing APT HTTP connections.
#!/bin/sh
echo > /etc/apt/apt.conf.d/0000runtime-proxy <<EOF
// Proxy through Polipo to torify outgoing APT HTTP connections.
// This setting must be overriden at build time by live-build's
// 00http-proxy configuration file. That's why this file is named
// in a way that makes it be sorted before 00http-proxy.
// 00http-proxy configuration file.
// That's why it is created in a chroot local hook.
Acquire::http::Proxy "http://127.0.0.1:8118/";
EOF
......@@ -82,7 +82,6 @@ gnome-system-log
gnupg-curl
gobby
gobby-infinote
gparted
## breaks lb because of desktop-base.postinst (see Debian bug #467620)
#if ARCHITECTURE i386 amd64
# grub
......
data/splash.png

16.8 KB | W: | H:

data/splash.png

20.5 KB | W: | H:

data/splash.png
data/splash.png
data/splash.png
data/splash.png
  • 2-up
  • Swipe
  • Onion skin
# -*- mode: ruby -*-
# vi: set ft=ruby :
#
# Tails: The Amnesic Incognito Live System
# Copyright © 2012 Tails developers <tails@boum.org>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# Monkey-patched Vagrant!
$:.unshift File.expand_path('../lib', __FILE__)
require 'vagrant_verified_download'
require 'tails_build_settings'
if ENV['TAILS_RAM_BUILD']
mem_size = VM_MEMORY_FOR_RAM_BUILDS
else
mem_size = VM_MEMORY_FOR_DISK_BUILDS
end
cpus = ENV['TAILS_BUILD_CPUS']
Vagrant::Config.run do |config|
config.vm.box = 'tails'
config.vm.box_url = 'http://dl.amnesia.boum.org/tails/project/vagrant/squeeze.box'
config.vm.box_checksum = 'ffb3f68f55a3458e007b9abed3eac057f71c518713fcdf982b78f8b59e28318e'
config.vm.provision :shell, :inline => "http_proxy='#{ENV['http_proxy']}' /vagrant/provision/setup-tails-builder"
config.vm.share_folder 'amnesia', '/amnesia.git', '../.git'
config.vm.customize ['modifyvm', :id, '--memory', mem_size]
config.vm.customize ['modifyvm', :id, '--cpus', cpus] unless cpus.nil?
end
$:.unshift File.expand_path('../../../lib', __FILE__)
require 'tails_build_settings'
Veewee::Session.declare({
:cpu_count => '1',
:memory_size=> VM_MEMORY_FOR_DISK_BUILDS,
:disk_size => '10000', :disk_format => 'VDI', :hostiocache => 'off',
:os_type_id => 'Debian_64',
:iso_file => "mini.iso",
:iso_src => "http://ftp.nl.debian.org/debian/dists/squeeze/main/installer-amd64/20110106+squeeze4/images/netboot/mini.iso",
:iso_md5 => "a439afbff15328d50103330c615c7dc4",
:iso_download_timeout => "1000",
:boot_wait => "10", :boot_cmd_sequence => [
'<Esc>',
'install ',
'preseed/url=http://%IP%:%PORT%/preseed.cfg ',
'debian-installer=en_US ',
'auto ',
'locale=en_US ',
'kbd-chooser/method=us ',
'netcfg/get_hostname=%NAME% ',
'netcfg/get_domain=vagrantup.com ',
'fb=false ',
'debconf/frontend=noninteractive ',
'console-setup/ask_detect=false ',
'console-keymaps-at/keymap=us ',
'<Enter>'
],
:kickstart_port => "7122",
:kickstart_timeout => "10000",
:kickstart_file => "preseed.cfg",
:ssh_login_timeout => "10000",
:ssh_user => "vagrant",
:ssh_password => "vagrant",
:ssh_key => "",
:ssh_host_port => "7222",
:ssh_guest_port => "22",
:sudo_cmd => "echo '%p'|sudo -S sh '%f'",
:shutdown_cmd => "halt -p",
:postinstall_files => [ "postinstall.sh" ],
:postinstall_timeout => "10000"
})
#!/bin/sh
date > /etc/vagrant_box_build_time
# Install Chef
gem install chef --no-ri --no-rdoc
# Set up sudo
cp /etc/sudoers /etc/sudoers.orig
sed -i -e 's/%sudo ALL=(ALL) ALL/%sudo ALL=NOPASSWD:ALL/g' /etc/sudoers
# Install vagrant keys
mkdir -p /home/vagrant/.ssh
chmod 700 /home/vagrant/.ssh
curl -Lo /home/vagrant/.ssh/authorized_keys \
'https://raw.github.com/mitchellh/vagrant/master/keys/vagrant.pub'
chmod 0600 /home/vagrant/.ssh/authorized_keys
chown -R vagrant:vagrant /home/vagrant/.ssh
# Tweak sshd to prevent DNS resolution (speed up logins)
echo 'UseDNS no' >> /etc/ssh/sshd_config
# Customize the message of the day
echo 'Welcome to your Vagrant-built virtual machine.' > /var/run/motd
# Removing leftover DHCP leases
rm /var/lib/dhcp/*.leases
# Deactivate name persistence for network interfaces
dpkg-divert --divert /lib/udev/write_net_rules \
--rename /lib/udev/write_net_rules.udev
cp /bin/true /lib/udev/write_net_rules
rm -f /etc/udev/rules.d/70-persistent-net.rules
# Adding a 2 sec delay to the interface up, to make the dhclient happy
echo "pre-up sleep 5" >> /etc/network/interfaces
# Clean downloaded APT packages
apt-get clean
# Remove HTTP proxy configuration
sed -e '/http::Proxy/d' -i /etc/apt/apt.conf
# Remove installation logs
rm -rf /var/log/installer
# Zero out the free space to save space in the final image:
dd if=/dev/zero of=/EMPTY bs=1M
rm -f /EMPTY
exit 0
# US locale and keyboard
d-i debian-installer/locale string en_US
d-i console-keymaps-at/keymap select us
# Network is configured through DHCP
d-i netcfg/choose_interface select auto
d-i netcfg/get_domain string vagrantup.com
# Use cdn.debian.net to select closest mirror
d-i mirror/country string manual
d-i mirror/http/hostname string cdn.debian.net
d-i mirror/http/directory string /debian
d-i mirror/http/proxy string <%= ENV['http_proxy'] %>
# Set clock to UTC
d-i clock-setup/utc boolean true
d-i time/zone string UTC
d-i clock-setup/ntp boolean true
# Use LVM and all available disk space
d-i partman-auto/disk string /dev/sda
d-i partman-auto/method string lvm
d-i partman-lvm/device_remove_lvm boolean true
d-i partman-md/device_remove_md boolean true
d-i partman-lvm/confirm boolean true
d-i partman-lvm/confirm_nooverwrite boolean true
d-i partman/choose_partition select finish
d-i partman-auto-lvm/guided_size string max
d-i partman-auto/choose_recipe select atomic
d-i partman/default_filesystem string ext4
d-i partman/confirm_write_new_label boolean true
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true
# Create a sudoer 'vagrant' account
d-i passwd/root-login boolean false
d-i passwd/user-fullname string Vagrant User
d-i passwd/username string vagrant
d-i passwd/user-password password vagrant
d-i passwd/user-password-again password vagrant
d-i user-setup/encrypt-home boolean false
d-i user-setup/allow-password-weak boolean true
# Add backports repository (for at least rubygems, puppet and virtualbox)
d-i apt-setup/local0/repository string \
http://backports.debian.org/debian-backports squeeze-backports main
d-i apt-setup/local0/source boolean false
# Do not select any tasks
tasksel tasksel/first multiselect
# Individual additional packages to install
d-i pkgsel/include string \
openssh-server \
curl \
rubygems/squeeze-backports \
puppet/squeeze-backports puppet-common/squeeze-backports \
virtualbox-guest-utils/squeeze-backports
# No need for an extra upgrade: it is a full net install
d-i pkgsel/upgrade select none
# No need to participate in popcon
popularity-contest popularity-contest/participate boolean false
# Install bootloader
d-i grub-installer/only_debian boolean true
d-i grub-installer/with_other_os boolean true
# Avoid that last message about the install being complete.
d-i finish-install/reboot_in_progress note
# -*- mode: ruby -*-
# vi: set ft=ruby :
#