Commit e7a56abe authored by cbrownstein's avatar cbrownstein

Merge branch 'master' of into doc/14790-update-doc-new-greeter

parents 97f3bf7b e811bcdd
......@@ -369,8 +369,9 @@ task :setup_environment => ['validate_git_state'] do
ENV['BASE_BRANCH_GIT_COMMIT'] = git_helper('git_base_branch_head')
if ENV[var].empty?
raise "Variable '#{var}' is empty, which should not be possible" +
"(validate_git_state must be buggy)"
raise "Variable '#{var}' is empty, which should not be possible: " +
"either validate_git_state is buggy or the 'origin' remote " +
"does not point to the official Tails Git repository."
......@@ -185,8 +185,10 @@ cp debian/changelog config/chroot_local-includes/usr/share/doc/amnesia/Changelog
# create readahead-list from squashfs.sort
if [ -e config/binary_rootfs/squashfs.sort ]; then
mkdir -p config/chroot_local-includes/usr/share/amnesia
sort -k2 -n -r config/binary_rootfs/squashfs.sort |
cut -d' ' -f1 > config/chroot_local-includes/usr/share/amnesia/readahead-list
sort -k2 -n -r config/binary_rootfs/squashfs.sort | \
cut -d' ' -f1 | \
grep --invert-match --extended-regexp "$READAHEAD_EXCLUDE_PATTERN" \
> config/chroot_local-includes/usr/share/amnesia/readahead-list
# custom APT sources
......@@ -21,7 +21,7 @@ Tails developers <>
Copyright (C) 2011 Tails developers <>
Copyright (C) 2011 Tails developers <>
Licensed under the GNU GPL version 3 or any later version.
......@@ -26,12 +26,16 @@ AMNESIA_ISOHYBRID_OPTS="-h 255 -s 63 --id 42 --verbose"
# Kernel version
| perl -p -E 's{\A (\d+ [.] \d+) [.] .*}{$1}xms'
# Files to exclude from the readahead list
# (passed to `grep --extended-regexp`)
### You should not have to change anything below this line ####################
# sanity checks
......@@ -30,7 +30,6 @@ etc/amnesia/version 32738
bin/date 32737
usr/share/zoneinfo/UTC 32736
lib/live/config/0010-debconf 32735
lib/live/mount/medium/live/filesystem.squashfs 32734
lib/live/config/0020-hostname 32733
etc/hostname 32732
usr/bin/mawk 32731
......@@ -606,7 +605,6 @@ lib/udev/hwclock-set 31767
lib/modules/4.13.0-1-amd64/kernel/arch/x86/events/intel/intel-rapl-perf.ko 31763
usr/bin/dconf 31762
usr/lib/x86_64-linux-gnu/ 31761
lib/live/mount/medium/live/initrd.img 31760
bin/dd 31759
sbin/ethtool 31625
lib/udev/cdrom_id 31624
......@@ -57,6 +57,10 @@ Package: virtualbox*
Pin: release o=Debian,n=sid
Pin-Priority: 999
Package: xul-ext-ublock-origin
Pin: release o=Debian,n=sid
Pin-Priority: 999
Explanation: weirdness in chroot_apt install-binary
Package: *
Pin: release o=chroot_local-packages
#! /bin/sh
set -e
set -u
set -x
echo "Checking if we should stop shipping our own AppArmor feature set"
if [ -f /usr/share/apparmor-features/features ]; then
if cmp -q /usr/share/apparmor-features/features.Tails \
/usr/share/apparmor-features/features; then
echo "Debian ships the same AppArmor feature set as ours. " \
"Likely we can now remove our own one." >&2
echo "Debian ships a different AppArmor feature set from ours. " \
"Likely our own one is outdated and can be removed:" >&2
diff -Naur \
/usr/share/apparmor-features/features.Tails \
/usr/share/apparmor-features/features \
# In any case, we probably have to do something about it.
exit 1
......@@ -2,31 +2,43 @@
set -e
set -u
set -x
echo "Building dkms modules"
. /usr/share/amnesia/build/variables
# the -dkms package must be installed *after* dkms to be properly registered
apt-get install --yes build-essential dkms
# Import install_fake_package
. /usr/local/lib/tails-shell-library/
# Install gcc-6 and fake linux-compiler-gcc-7-x86
# (linux-headers-4.14+ depends on it, but Stretch hasn't GCC 7)
# XXX:Buster: remove this hack.
apt-get install --yes gcc-6
dpkg-query --showformat '${Version}\n' --show 'linux-image-*-amd64' \
| sort --version-sort | tail -n1
install_fake_package \
linux-compiler-gcc-7-x86 \
ln -s /usr/bin/gcc-6 /usr/bin/gcc-7
# Any -dkms package must be installed *after* dkms to be properly registered
apt-get install --yes \
build-essential \
dkms \
# Installing the headers triggers the building of the modules for that kernel
apt-get install --yes \
"linux-headers-${KERNEL_VERSION}-amd64" \
aufs-dkms \
MODULES_VERSION="$(dpkg-query -W -f='${Version}\n' virtualbox-guest-dkms \
| sed -E 's,-.*,,')"
dkms build \
-a amd64 -k "${KERNEL_VERSION}-amd64" \
-m virtualbox-guest -v "$MODULES_VERSION"
dkms install \
-a amd64 -k "${KERNEL_VERSION}-amd64" \
-m virtualbox-guest -v "$MODULES_VERSION"
# clean the build directory
# rm -r /var/lib/dkms/virtualbox-guest/
for log in $(ls /var/lib/dkms/*/*/build/make.log); do
echo "---- $log"
cat "$log"
# Ensure the modules were actually built and installed: when
# dkms.conf for a DKMS module includes a BUILD_EXCLUSIVE directive
......@@ -12,12 +12,15 @@ echo "Removing unwanted packages"
# - libgcc1 (apt depends on it)
# - cpp, cpp-* (big parts of GNOME depend on it)
apt-get --yes purge \
'^linux-compiler-*' \
'^linux-kbuild-*' \
'^linux-headers-*' \
build-essential debhelper dkms dpkg-dev \
gcc gcc-6 \
intltool-debian \
libc6-dev linux-libc-dev \
libc6-dev \
libelf-dev \
linux-libc-dev \
make \
po-debconf \
rsyslog \
APT::Keep-Downloaded-Packages "true";
Binary::apt::APT::Keep-Downloaded-Packages "true";
......@@ -60,3 +60,7 @@ lid-close-battery-action = 'blank'
enabled-extensions = ['', '', '', '', '', '']
favorite-apps=['tor-browser.desktop', 'thunderbird.desktop', 'pidgin.desktop', 'keepassx.desktop', 'gnome-terminal.desktop']
......@@ -13,3 +13,6 @@ ForwardX11Trusted no
# Prevent fingerprinting when username was not specified
User root
# Avoid storing full remote IP / host name connection history in plaintext
HashKnownHosts yes
......@@ -31,6 +31,7 @@ def _launch_apt_get(specific_args):
# We will log the output and want it in English when included in bug
# reports
apt_get_env['LANG'] = "C"
apt_get_env['DEBIAN_PRIORITY'] = "critical"
args = ["apt-get", "--quiet", "--yes"]
apt_get = subprocess.Popen(
caps {mask {chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap mac_override mac_admin syslog wake_alarm block_suspend audit_read
rlimit {mask {cpu fsize data stack core rss nproc nofile memlock as locks sigpending msgqueue nice rtprio rttime
capability {0xffffff
file {mask {create read write exec append mmap_exec link lock
domain {change_profile {yes
change_onexec {yes
change_hatv {yes
change_hat {yes
policy {set_load {yes
See the Tails website (, whose source lies
in the "wiki" directory of this very Git repository.
For copyright and licensing information, see `debian/copyright`.
Description: pin the AppArmor feature set to the Stretch's kernel one
Let's smooth UX on kernel upgrades and allow ourselves to update the AppArmor
policy in a relaxed manner.
Forwarded: not-needed
Author: intrigeri <>
--- a/etc/apparmor/parser.conf
+++ b/etc/apparmor/parser.conf
@@ -60,3 +60,7 @@
## Adjust compression
+## Pin feature set (avoid regressions when policy is lagging behind
+## the kernel)
--- a/lib/live/boot/ 2018-01-04 13:27:17.845454685 +0000
+++ b/lib/live/boot/ 2018-01-04 14:40:06.852067492 +0000
@@ -1337,6 +1337,8 @@
mount -t ${UNIONTYPE} ${unionmountopts} ${UNIONTYPE} "${unionmountpoint}"
+ # Workaround aufs bug (Debian#886329)
+ ls "${unionmountpoint}" >/dev/null 2>&1 || true
get_custom_mounts ()
tails (3.4) unstable; urgency=medium
* Security fixes
- Install Linux 4.14.0-3 from sid (Closes: #14976). This enables
the kernel-side mitigations for Meltdown.
- Upgrade curl to 7.52.1-5+deb9u3.
- Upgrade enigmail to 2:1.9.9-1~deb9u1.
- Upgrade gimp to 2.8.18-1+deb9u1.
- Upgrade imagemagick to 8:
- Upgrade libav (ffmpeg) to 7:3.2.9-1~deb9u1.
- Upgrade libxcursor to 1:1.1.14-1+deb9u1.
- Upgrade libxml-libxml-perl to 2.0128+dfsg-1+deb9u1.
- Upgrade poppler to 0.48.0-2+deb9u1.
- Upgrade rsync to 3.1.2-1 3.1.2-1+deb9u1.
- Upgrade samba to 2:4.5.12+dfsg-2+deb9u1.
- Upgrade sensible-utils to 0.0.9+deb9u1.
- Upgrade tor to
* Minor improvements
- Display TopIcons systray on the left of the system menu. This
fixes #14796 (on Buster, it is displayed in the middle of the
screen, on the left of the clock) and an annoying UX problem we
have on Stretch: OpenPGP applet is in the middle of icons that
share the exact same (modern, GNOME Shell-like) behaviour, which
is disturbing when opening one of the modern menus and moving
the mouse left/right to the others, because in the middle one
icon won't react as expected, and the nice blue bottom border
continuity is broken.
- Use the "intel" X.Org driver for integrated graphics in Intel
i5-7300HQ (Closes: #14990).
- Enable HashKnownHosts in the OpenSSH client (Closes: #14995).
Debian enables HashKnownHosts by default via /etc/ssh/ssh_config
for good reasons, let's not revert to the upstream default.
- Pin the AppArmor feature set to the Stretch's kernel one. Linux
4.14 brings new AppArmor mediation features and the policy
shipped in Stretch may not be ready for it. So let's disable
these new features to avoid breaking stuff: it's too hard to
check if all the policy for apps we ship (and that users install
themselves) has the right rules to cope with these new mediation
* Bugfixes
- Don't delete downloaded debs after install (Closes: #10958).
- Install xul-ext-ublock-origin from sid to make the dashboard
work again(Closes: #14993). Thanks to cacahuatl
<> for the patch!
- Additional software feature: use debconf priority critical to
prevent failure when installing packages otherwise requiring
manual configuration (Closes: #6038)
- Don't include anything under /lib/live/mount/medium/ in the
readahead list (Closes: #14964). This fixes the boot time
regression introduced in Tails 3.3.
* Build system
- Display a more helpful error message when the 'origin' remote
does not point to the official Tails Git repository. This task
calls git_base_branch_head() which relies on the fact 'origin'
points to our official repo.
- Vagrant: never build the wiki early. This has caused several
issues throughout the years, the lastest instance being the
reopening of #14933. (Closes: #14933)
- Install libelf-dev during the time we need it for building DKMS modules.
- Make the DKMS build hook verbose, and display DKMS modules build
logs on failure. This hook is a recurring cause of headaches,
let's simplify debugging.
- Remove obsolete duplicate build of the virtualbox-guest DKMS
* Test suite
- Log the list of systemd jobs when systemctl is-system-running
fails (Closes: #14772). Listing the units is not enough: in most
cases I've seen, is-system-running returns "starting" which
means the job queue is not empty, and to debug that we need the
list of jobs.
- Only support SikuliX; drop support for Sikuli.
- Disable SPICE clipboard sharing in the guest. It could only mess
things up, and in fact has confused me by suddenly setting my
*host's* clipboard to "ATTACK AT DAWN"... :)
- Decode Base64.decode64 return value appropriately; it returns
strings encoded in ASCII-8bit.
- Don't flood the debug logger with the journal contents.
- Handle case where $vm is undefined during an extremely early
scenario failure.
- Allow more time for 'systemctl is-system-running' to
succeed. (Refs: #14772)
- Make Sikuli attempt to find replacements on FindFailed by
employing fuzz, or "lowering the similarity factor". The
replacements (if found) are saved among the artifacts, and
serves as potential drop-in-replacements for outdated
images. The main use case for this is when the font
configuration in Tails changes, which normally invalidates a
large part of our images given that our default high similarity
factor. We also add the `--fuzzy-image-matching` where the
replacements are used in case of FindFailed, so the tests can
proceed beyond the first FindFailed. The idea is that a full
test suite run will produce replacements for potentially *all*
outdated images.
- Fix our findAny() vs findfailed_hook. For findAny() it might be
expected that some images won't be found, so we shouldn't use
our findfailed_hook, which is about dealing with the situation
where images need to be updated.
- Make sure Pidgin's D-Bus policy changes are applied (Closes:
#15007). Without the HUP there's a race that we sometimes lose.
- Nump the Unsafe Browser's start page image (Closes: #15006).
- Hot-plug a 'pcnet' network device instead of 'virtio' on Sid,
since the latter is not detected on Sid (Closes: #14819).
-- Tails developers <> Mon, 08 Jan 2018 16:57:07 +0100
tails (3.3) unstable; urgency=medium
* Major changes
Copyright (C) Amnesia <>
Copyright (C) Tails developers <>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
......@@ -3,6 +3,7 @@ CAPTURE_ALL: false
TMPDIR: "/tmp/TailsToaster"
Unsafe_SSH_private_key: |
......@@ -37,6 +37,7 @@
<target type='virtio' name='com.redhat.spice.0'/>
<graphics type='spice' port='-1' tlsPort='-1' autoport='yes'>
<clipboard copypaste='no'/>
<mouse mode='client'/>
<sound model='ich6'/>

3.59 KB | W: | H:


5.3 KB | W: | H:

  • 2-up
  • Swipe
  • Onion skin
Then /^the Unsafe Browser has started$/ do
@screen.wait("UnsafeBrowserHomepage.png", 360)
When /^I start the Unsafe Browser(?: through the GNOME menu)?$/ do
step "I start \"Unsafe Browser\" via GNOME Activities Overview"
......@@ -100,7 +100,7 @@ Then /^the documentation viewer opens the "(Support|Getting started)" page$/ do
if page == 'Support'
expected_heading = 'Die Dokumentation durchsuchen'
page = 'Einen Fehler gefunden?'
expected_heading = 'Einen Fehler gefunden?'
expected_title = 'Tails documentation'
......@@ -347,9 +347,12 @@ end
Given /^Tor is ready$/ do
step "Tor has built a circuit"
step "the time has synced"
if $vm.execute('systemctl is-system-running').failure?
try_for(30) { $vm.execute('systemctl is-system-running').success? }
rescue Timeout::Error
jobs = $vm.execute('systemctl list-jobs').stdout
units_status = $vm.execute('systemctl').stdout
raise "At least one system service failed to start:\n#{units_status}"
raise "The system is not fully running yet:\n#{jobs}\n#{units_status}"
......@@ -451,11 +454,10 @@ Given /^all notifications have disappeared$/ do
Then /^I (do not )?see "([^"]*)" after at most (\d+) seconds$/ do |negation, image, time|
if negation
@screen.waitVanish(image, time.to_i)
@screen.wait(image, time.to_i)
raise "found '#{image}' while expecting not to" if negation
rescue FindFailed => e
raise e if not(negation)
......@@ -101,18 +101,27 @@ end
When /^I hotplug a network device( and wait for it to be initialized)?$/ do |wait|
initial_nr_nics = wait ? all_ethernet_nics.size : nil
# XXX:Buster: when we stop supporting the test suite on Stretch
# hosts, let's remove this workaround related to #14819 and just
# settle on a device that works on all supported platforms.
if cmd_helper('lsb_release --short --codename').chomp == 'stretch'
device = 'virtio'
device = 'pcnet'
debug_log("Hotplugging a '#{device}' network device")
xml = <<-EOF
<interface type='network'>
<alias name='net1'/>
<mac address='52:54:00:11:22:33'/>
<source network='TailsToasterNet'/>
<model type='virtio'/>
<model type='#{device}'/>
<link state='up'/>
if wait
try_for(20) do
try_for(30) do
all_ethernet_nics.size >= initial_nr_nics + 1
......@@ -38,7 +38,6 @@ end
# `return_shellcommand: true`) since we block Pidgin's D-Bus interface
# (#14612) ...
def pidgin_dbus_call(method, *args, **opts)
opts ||= {}
opts[:user] = LIVE_USER
......@@ -49,12 +48,16 @@ def pidgin_dbus_call(method, *args, **opts)
# ... unless we re-enable it!
def pidgin_force_allowed_dbus_call(*args)
def pidgin_force_allowed_dbus_call(method, *args, **opts)
opts[:user] = LIVE_USER
policy_file = '/etc/dbus-1/session.d/im.pidgin.purple.PurpleService.conf'
$vm.execute_successfully("mv #{policy_file} #{policy_file}.disabled")
# From dbus-daemon(1): "Policy changes should take effect with SIGHUP"
$vm.execute_successfully("pkill -HUP -u #{opts[:user]} 'dbus-daemon'")
pidgin_dbus_call(method, *args, **opts)
$vm.execute_successfully("mv #{policy_file}.disabled #{policy_file}")
$vm.execute_successfully("pkill -HUP -u #{opts[:user]} 'dbus-daemon'")
def pidgin_account_connected?(account, prpl_protocol)
......@@ -29,7 +29,7 @@ When /^I start Thunderbird$/ do
'pref("mail.compose.attachment_reminder", false);'
workaround_pref_lines.each do |line|
$vm.file_append('/etc/thunderbird/pref/thunderbird.js ', line)
$vm.file_append('/etc/thunderbird/pref/thunderbird.js', line)
step 'I start "Thunderbird" via GNOME Activities Overview'
try_for(60) { thunderbird_main }
......@@ -102,7 +102,11 @@ Then /^the Unsafe Browser has a red theme$/ do
Then /^the Unsafe Browser shows a warning as its start page$/ do
@screen.wait("UnsafeBrowserStartPage.png", 10)
@screen.wait("UnsafeBrowserStartPage.png", 30)
Then /^the Unsafe Browser has started$/ do
step 'the Unsafe Browser shows a warning as its start page'
Then /^I see a warning about another instance already running$/ do
......@@ -59,6 +59,8 @@ loop do
SIKULI_IMAGE_PATH = "#{Dir.pwd}/features/images/"
# Constants that are statically initialized.
CONFIGURED_KEYSERVER_HOSTNAME = 'jirk5u4osbsr34t5.onion'
......@@ -157,7 +157,7 @@ module RemoteShell
def read()