Skip to content
GitLab
Commit e7a56abe authored by cbrownstein's avatar cbrownstein
Browse files

Merge branch 'master' of https://git-tails.immerda.ch/tails into doc/14790-update-doc-new-greeter

parents 97f3bf7b e811bcdd
Expand all Hide whitespace changes
Inline Side-by-side
Rakefile
View file @ e7a56abe
......@@ -369,8 +369,9 @@ task :setup_environment => ['validate_git_state'] do
ENV['BASE_BRANCH_GIT_COMMIT'] = git_helper('git_base_branch_head')
['GIT_COMMIT', 'GIT_REF', 'BASE_BRANCH_GIT_COMMIT'].each do |var|
if ENV[var].empty?
raise "Variable '#{var}' is empty, which should not be possible" +
"(validate_git_state must be buggy)"
raise "Variable '#{var}' is empty, which should not be possible: " +
"either validate_git_state is buggy or the 'origin' remote " +
"does not point to the official Tails Git repository."
end
end
end
......
auto/config
View file @ e7a56abe
......@@ -185,8 +185,10 @@ cp debian/changelog config/chroot_local-includes/usr/share/doc/amnesia/Changelog
# create readahead-list from squashfs.sort
if [ -e config/binary_rootfs/squashfs.sort ]; then
mkdir -p config/chroot_local-includes/usr/share/amnesia
sort -k2 -n -r config/binary_rootfs/squashfs.sort |
cut -d' ' -f1 > config/chroot_local-includes/usr/share/amnesia/readahead-list
sort -k2 -n -r config/binary_rootfs/squashfs.sort | \
cut -d' ' -f1 | \
grep --invert-match --extended-regexp "$READAHEAD_EXCLUDE_PATTERN" \
> config/chroot_local-includes/usr/share/amnesia/readahead-list
fi
# custom APT sources
......
auto/scripts/ikiwiki-supported-languages
View file @ e7a56abe
......@@ -21,7 +21,7 @@ Tails developers <amnesia@boum.org>
=head1 LICENSE AND COPYRIGHT
Copyright (C) 2011 Tails developers <amnesia@boum.org>
Copyright (C) 2011 Tails developers <tails@boum.org>
Licensed under the GNU GPL version 3 or any later version.
......
config/amnesia
View file @ e7a56abe
......@@ -26,12 +26,16 @@ AMNESIA_ISOHYBRID_OPTS="-h 255 -s 63 --id 42 --verbose"
REQUIRED_SYSLINUX_UTILS_UPSTREAM_VERSION="6.03~pre20"
# Kernel version
KERNEL_VERSION='4.13.0-1'
KERNEL_VERSION='4.14.0-3'
KERNEL_SOURCE_VERSION=$(
echo "$KERNEL_VERSION" \
| perl -p -E 's{\A (\d+ [.] \d+) [.] .*}{$1}xms'
)
# Files to exclude from the readahead list
# (passed to `grep --extended-regexp`)
READAHEAD_EXCLUDE_PATTERN='^lib/live/mount/medium/'
### You should not have to change anything below this line ####################
# sanity checks
......
config/binary_rootfs/squashfs.sort
View file @ e7a56abe
......@@ -30,7 +30,6 @@ etc/amnesia/version 32738
bin/date 32737
usr/share/zoneinfo/UTC 32736
lib/live/config/0010-debconf 32735
lib/live/mount/medium/live/filesystem.squashfs 32734
lib/live/config/0020-hostname 32733
etc/hostname 32732
usr/bin/mawk 32731
......@@ -606,7 +605,6 @@ lib/udev/hwclock-set 31767
lib/modules/4.13.0-1-amd64/kernel/arch/x86/events/intel/intel-rapl-perf.ko 31763
usr/bin/dconf 31762
usr/lib/x86_64-linux-gnu/libdconf.so.1.0.0 31761
lib/live/mount/medium/live/initrd.img 31760
bin/dd 31759
sbin/ethtool 31625
lib/udev/cdrom_id 31624
......
config/chroot_apt/preferences
View file @ e7a56abe
......@@ -57,6 +57,10 @@ Package: virtualbox*
Pin: release o=Debian,n=sid
Pin-Priority: 999
Package: xul-ext-ublock-origin
Pin: release o=Debian,n=sid
Pin-Priority: 999
Explanation: weirdness in chroot_apt install-binary
Package: *
Pin: release o=chroot_local-packages
......
config/chroot_local-hooks/01-check-for-outdated-AppArmor-feature-set 0 → 100755
View file @ e7a56abe
#! /bin/sh
set -e
set -u
set -x
echo "Checking if we should stop shipping our own AppArmor feature set"
if [ -f /usr/share/apparmor-features/features ]; then
if cmp -q /usr/share/apparmor-features/features.Tails \
/usr/share/apparmor-features/features; then
echo "Debian ships the same AppArmor feature set as ours. " \
"Likely we can now remove our own one." >&2
else
echo "Debian ships a different AppArmor feature set from ours. " \
"Likely our own one is outdated and can be removed:" >&2
diff -Naur \
/usr/share/apparmor-features/features.Tails \
/usr/share/apparmor-features/features \
>&2
fi
# In any case, we probably have to do something about it.
exit 1
fi
config/chroot_local-hooks/50-dkms
View file @ e7a56abe
......@@ -2,31 +2,43 @@
set -e
set -u
set -x
echo "Building dkms modules"
. /usr/share/amnesia/build/variables
# the -dkms package must be installed *after* dkms to be properly registered
apt-get install --yes build-essential dkms
# Import install_fake_package
. /usr/local/lib/tails-shell-library/build.sh
# Install gcc-6 and fake linux-compiler-gcc-7-x86
# (linux-headers-4.14+ depends on it, but Stretch hasn't GCC 7)
# XXX:Buster: remove this hack.
apt-get install --yes gcc-6
NEWEST_INSTALLED_KERNEL_VERSION="$(
dpkg-query --showformat '${Version}\n' --show 'linux-image-*-amd64' \
| sort --version-sort | tail -n1
)"
install_fake_package \
linux-compiler-gcc-7-x86 \
"${NEWEST_INSTALLED_KERNEL_VERSION}~0tails1"
ln -s /usr/bin/gcc-6 /usr/bin/gcc-7
# Any -dkms package must be installed *after* dkms to be properly registered
apt-get install --yes \
build-essential \
dkms \
libelf-dev
# Installing the headers triggers the building of the modules for that kernel
apt-get install --yes \
"linux-headers-${KERNEL_VERSION}-amd64" \
aufs-dkms \
virtualbox-guest-dkms
MODULES_VERSION="$(dpkg-query -W -f='${Version}\n' virtualbox-guest-dkms \
| sed -E 's,-.*,,')"
dkms build \
-a amd64 -k "${KERNEL_VERSION}-amd64" \
-m virtualbox-guest -v "$MODULES_VERSION"
dkms install \
-a amd64 -k "${KERNEL_VERSION}-amd64" \
-m virtualbox-guest -v "$MODULES_VERSION"
# clean the build directory
# rm -r /var/lib/dkms/virtualbox-guest/
for log in $(ls /var/lib/dkms/*/*/build/make.log); do
echo "---- $log"
cat "$log"
done
# Ensure the modules were actually built and installed: when
# dkms.conf for a DKMS module includes a BUILD_EXCLUSIVE directive
......
config/chroot_local-hooks/98-remove_unwanted_packages
View file @ e7a56abe
......@@ -12,12 +12,15 @@ echo "Removing unwanted packages"
# - libgcc1 (apt depends on it)
# - cpp, cpp-* (big parts of GNOME depend on it)
apt-get --yes purge \
'^linux-compiler-*' \
'^linux-kbuild-*' \
'^linux-headers-*' \
build-essential debhelper dkms dpkg-dev \
gcc gcc-6 \
intltool-debian \
libc6-dev linux-libc-dev \
libc6-dev \
libelf-dev \
linux-libc-dev \
make \
po-debconf \
rsyslog \
......
config/chroot_local-includes/etc/apt/apt.conf.d/14keep-debs
View file @ e7a56abe
APT::Keep-Downloaded-Packages "true";
Binary::apt::APT::Keep-Downloaded-Packages "true";
config/chroot_local-includes/etc/dconf/db/local.d/00_Tails_defaults
View file @ e7a56abe
......@@ -60,3 +60,7 @@ lid-close-battery-action = 'blank'
[org/gnome/shell]
enabled-extensions = ['apps-menu@gnome-shell-extensions.gcampax.github.com', 'places-menu@gnome-shell-extensions.gcampax.github.com', 'window-list@gnome-shell-extensions.gcampax.github.com', 'TopIcons@phocean.net', 'shutdown-helper@tails.boum.org', 'torstatus@tails.boum.org']
favorite-apps=['tor-browser.desktop', 'thunderbird.desktop', 'pidgin.desktop', 'keepassx.desktop', 'gnome-terminal.desktop']
[org/gnome/shell/extensions/topicons]
tray-pos='right'
tray-order=4
config/chroot_local-includes/etc/ssh/ssh_config
View file @ e7a56abe
......@@ -13,3 +13,6 @@ ForwardX11Trusted no
# Prevent fingerprinting when username was not specified
User root
# Avoid storing full remote IP / host name connection history in plaintext
HashKnownHosts yes
config/chroot_local-includes/usr/local/sbin/tails-additional-software
View file @ e7a56abe
......@@ -31,6 +31,7 @@ def _launch_apt_get(specific_args):
# We will log the output and want it in English when included in bug
# reports
apt_get_env['LANG'] = "C"
apt_get_env['DEBIAN_PRIORITY'] = "critical"
args = ["apt-get", "--quiet", "--yes"]
args.extend(specific_args)
apt_get = subprocess.Popen(
......
config/chroot_local-includes/usr/share/apparmor-features/features.Tails 0 → 100644
View file @ e7a56abe
caps {mask {chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap mac_override mac_admin syslog wake_alarm block_suspend audit_read
}
}
rlimit {mask {cpu fsize data stack core rss nproc nofile memlock as locks sigpending msgqueue nice rtprio rttime
}
}
capability {0xffffff
}
file {mask {create read write exec append mmap_exec link lock
}
}
domain {change_profile {yes
}
change_onexec {yes
}
change_hatv {yes
}
change_hat {yes
}
}
policy {set_load {yes
}
}
config/chroot_local-includes/usr/share/doc/amnesia/README
View file @ e7a56abe
See the Tails website (https://tails.boum.org/), whose source lies
in the "wiki" directory of this very Git repository.
For copyright and licensing information, see `debian/copyright`.
config/chroot_local-patches/AppArmor-pin-feature-set.patch 0 → 100644
View file @ e7a56abe
Description: pin the AppArmor feature set to the Stretch's kernel one
.
Let's smooth UX on kernel upgrades and allow ourselves to update the AppArmor
policy in a relaxed manner.
Bug-Debian: https://bugs.debian.org/879585
Forwarded: not-needed
Author: intrigeri <intrigeri@debian.org>
--- a/etc/apparmor/parser.conf
+++ b/etc/apparmor/parser.conf
@@ -60,3 +60,7 @@
## Adjust compression
#Optimize=compress-small
#Optimize=compress-fast
+
+## Pin feature set (avoid regressions when policy is lagging behind
+## the kernel)
+features-file=/usr/share/apparmor-features/features.Tails
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment