Commit e8eea96b authored by sajolida's avatar sajolida
Browse files

Merge remote-tracking branch 'origin/master' into web/10623-css-improvements

Conflicts:
	wiki/src/install/debian.it.po
	wiki/src/install/inc/overview.it.po
parents 2601f5de 33dd2201
......@@ -11,3 +11,6 @@
[submodule "submodules/mirror-pool-dispatcher"]
path = submodules/mirror-pool-dispatcher
url = https://git-tails.immerda.ch/mirror-pool-dispatcher
[submodule "submodules/aufs4-standalone"]
path = submodules/aufs4-standalone
url = https://github.com/sfjro/aufs4-standalone.git
......@@ -47,6 +47,10 @@ rm -rf cache/stages_rootfs
. config/bootstrap
# save variables that are needed by chroot_local-hooks
echo "KERNEL_VERSION=${KERNEL_VERSION}" \
>> config/chroot_local-includes/usr/share/amnesia/build/variables
echo "KERNEL_SOURCE_VERSION=${KERNEL_SOURCE_VERSION}" \
>> config/chroot_local-includes/usr/share/amnesia/build/variables
echo "LB_DISTRIBUTION=${LB_DISTRIBUTION}" >> config/chroot_local-includes/usr/share/amnesia/build/variables
echo "POTFILES_DOT_IN='$(
/bin/grep -E --no-filename '[^ #]*\.in$' po/POTFILES.in \
......
......@@ -77,7 +77,7 @@ $RUN_LB_CONFIG \
--mirror-chroot-security "$DEBIAN_SECURITY_MIRROR" \
--packages-lists="standard" \
--tasks="standard" \
--linux-packages="linux-image-3.16.0-4" \
--linux-packages="linux-image-${KERNEL_VERSION}" \
--syslinux-menu vesamenu \
--syslinux-splash data/splash.png \
--syslinux-timeout 4 \
......@@ -89,7 +89,7 @@ hw_arch="`dpkg --print-architecture`"
if [ "$hw_arch" = i386 -o "$hw_arch" = amd64 ]; then
$RUN_LB_CONFIG \
--architecture i386 \
--linux-flavours "586 amd64" \
--linux-flavours "686" \
${@}
# build powerpc images on powerpc64 as well, include only powerpc kernel
elif [ "$hw_arch" = powerpc -o "$hw_arch" = powerpc64 ]; then
......@@ -142,6 +142,10 @@ install -m 0755 \
submodules/mirror-pool-dispatcher/lib/js/mirror-dispatcher.js \
config/chroot_local-includes/usr/local/lib/nodejs/
# aufs4-standalone
rm -rf config/chroot_local-includes/usr/src/aufs4-standalone
cp -a submodules/aufs4-standalone config/chroot_local-includes/usr/src/
# custom debootstrap script, setting some APT magic to log downloads:
patch \
--follow-symlinks \
......
......@@ -28,44 +28,31 @@ output_time_based_snapshot() {
SERIAL=$(cat "config/APT_snapshots.d/$ARCHIVE/serial")
RESOLVED_SERIAL=$(cat "tmp/APT_snapshots.d/$ARCHIVE/serial")
if [ "$(base_branch)" = stable ]; then
if version_was_released "$(version_in_changelog)"; then
on_a_tag \
|| fatal "Not building from stable, but last version in changelog" \
"was released"
output_tagged_snapshot "$ARCHIVE" "$(version_in_changelog)"
else
version_was_released "$(previous_version_in_changelog)" \
|| fatal "None of the two last version in changelog were released"
case "$ARCHIVE" in
debian-security)
[ "$SERIAL" = latest ] \
|| fatal "APT snapshots are frozen for debian-security, which" \
"should not happen on a branch based on stable"
output_time_based_snapshot "$ARCHIVE" "$RESOLVED_SERIAL"
;;
*)
if [ "$SERIAL" = latest ]; then
# In this case, "latest" means "do what I mean", that is stick
# to previous release's tagged snapshot
output_tagged_snapshot "$ARCHIVE" "$(previous_version_in_changelog)"
else
output_time_based_snapshot "$ARCHIVE" "$SERIAL"
fi
esac
fi
elif [ "$(base_branch)" = testing ]; then
BASE_BRANCH=$(base_branch)
if [ "$BASE_BRANCH" = stable ] || [ "$BASE_BRANCH" = testing ] ; then
case "$ARCHIVE" in
debian-security)
[ "$SERIAL" = latest ] \
|| fatal "APT snapshots are frozen for the debian-security archive," \
"which should not happen on a branch based on $BASE_BRANCH"
;;
*)
[ "$SERIAL" != latest ] \
|| fatal "APT snapshots are not frozen for the $ARCHIVE archive," \
"which should not happen on a branch based on $BASE_BRANCH"
esac
if version_was_released "$(version_in_changelog)"; then
on_a_tag \
|| fatal "Not building from a tag, but last version in changelog" \
"was released"
[ "$ARCHIVE" = debian-security ] || [ "$SERIAL" != latest ] \
|| fatal "APT snapshots for $ARCHIVE are not frozen, which should" \
"not happen on a tagged testing branch"
output_tagged_snapshot "$ARCHIVE" "$(version_in_changelog)"
else
output_time_based_snapshot "$ARCHIVE" "$RESOLVED_SERIAL"
if [ "$BASE_BRANCH" = stable ] ; then
version_was_released "$(previous_version_in_changelog)" \
|| fatal "None of the two last version in changelog were released"
fi
output_time_based_snapshot "$ARCHIVE" "$RESOLVED_SERIAL"
fi
else
if [ "$(base_branch)" = devel ] && [ "$SERIAL" != latest ]; then
......
......@@ -14,8 +14,14 @@ get_latest_serial() {
| awk -F': ' '/^Archive serial: / {print $2}'
}
action="$1"
action="${1:-cat}"
case "$action" in
cat)
for origin in $ORIGINS; do
echo -n "$origin: "
cat "$CONFIG/$origin/serial"
done
;;
get-latest)
for origin in $ORIGINS; do
online=$(get_latest_serial $origin)
......@@ -61,7 +67,7 @@ case "$action" in
done
;;
*)
printf "unknown action ($action), use either 'get-latest', 'prepare-build', 'freeze' or 'thaw'\n" >&2
printf "unknown action ($action), use either 'cat', 'get-latest', 'prepare-build', 'freeze' or 'thaw'\n" >&2
exit 1
;;
esac
# for each upstream APT repository:
# tell time-based snapshots infra to keep last snapshot
# -> returns us the corresponding serial
# write serial of the last snapshot > config/APT_snapshots.d/$origin/serial
#!/bin/sh
# Usage: ./bin/import-package SOURCE_PACKAGE
#
# This script automates a part of the process to grant a freeze exception
# to a Debian package:
# https://tails.boum.org/contribute/APT_repository/time-based_snapshots/#freeze-exception
#
# It imports the specified source package, and all binary packages built
# from it, into the Tails custom APT repository's $TARGET_DIST suite.
#
# Packages are downloaded with APT in a pbuilder chroot environment.
# To choose the Debian distribution packages must be pulled from
# (or whatever other options you want to pass to pbuilder),
# use $PBUILDER_OPTIONS: its value will be passed to the pbuilder command-line.
#
# If $TARGET_DIST is unset, packages are added to the APT suite
# corresponding to the current Git branch.
#
# Example:
#
# PBUILDER_OPTIONS='--basetgz /var/cache/pbuilder/base-jessie-i386.tgz' \
# TARGET_DIST='testing' \
# ./bin/import-package libgsecuredelete
set -e
set -u
SRC_PKG="$1"
GIT_TOPLEVEL_DIR=$(git rev-parse --show-toplevel)
. "$GIT_TOPLEVEL_DIR"/auto/scripts/utils.sh
PBUILDER_OPTIONS="${PBUILDER_OPTIONS:-}"
TARGET_DIST="${TARGET_DIST:-$(branch_name_to_suite $(current_branch))}"
REMOTE_USER_AT_HOST='reprepro@incoming.deb.tails.boum.org'
umask 0022
WORKDIR=$(mktemp -d)
trap "rm -r $WORKDIR" EXIT HUP INT QUIT TERM
(
cd "$WORKDIR"
# download source and binary packages
cat > script <<EOF
#!/bin/sh
set -e
set -u
umask 0022
sed --regexp-extended -e 's,^deb(\s+),deb-src\1,' /etc/apt/sources.list \
> /etc/apt/sources.list.d/tmp-deb-src.list
apt-get update
apt-get install dctrl-tools
cd '$WORKDIR'
ORIG_OWNER=\$(stat --format='%u:%g' '$WORKDIR')
# allow APT 1.1+ to drop privileges
if getent passwd _apt >/dev/null 2>&1 ; then
chown _apt '$WORKDIR'
fi
apt-get --download-only source '$SRC_PKG'
apt-get download \
\$(grep-aptavail -S '$SRC_PKG' --exact-match -s Package --no-field-names)
chown "\$ORIG_OWNER" '$WORKDIR'
EOF
chmod 755 script
sudo pbuilder execute --bindmounts "$WORKDIR" $PBUILDER_OPTIONS -- script
rm script
REMOTE_WORKDIR=$(ssh "$REMOTE_USER_AT_HOST" mktemp -d)
scp -r * "$REMOTE_USER_AT_HOST":"$REMOTE_WORKDIR"/
ssh "$REMOTE_USER_AT_HOST" \
"reprepro includedsc '$TARGET_DIST' '$REMOTE_WORKDIR'/*.dsc && \
reprepro includedeb '$TARGET_DIST' '$REMOTE_WORKDIR'/*.deb && \
rm -r '$REMOTE_WORKDIR'"
)
......@@ -13,7 +13,7 @@
# Base for the string that will be passed to "lb config --bootappend-live"
# FIXME: see [[bugs/sdmem_on_eject_broken_for_CD]] for explanation why we
# need to set block.events_dfl_poll_msecs
AMNESIA_APPEND="live-media=removable apparmor=1 security=apparmor nopersistence noprompt timezone=Etc/UTC block.events_dfl_poll_msecs=1000 splash noautologin module=Tails slab_nomerge slub_debug=FZ mce=0 vsyscall=none"
AMNESIA_APPEND="live-media=removable apparmor=1 security=apparmor nopersistence noprompt timezone=Etc/UTC block.events_dfl_poll_msecs=1000 splash noautologin module=Tails kaslr slab_nomerge slub_debug=FZ mce=0 vsyscall=none"
# Options passed to isohybrid
AMNESIA_ISOHYBRID_OPTS="-h 255 -s 63"
......@@ -21,6 +21,13 @@ AMNESIA_ISOHYBRID_OPTS="-h 255 -s 63"
# Minimal upstream version of syslinux-utils we need
REQUIRED_SYSLINUX_UTILS_UPSTREAM_VERSION="6.03~pre20"
# Kernel version
KERNEL_VERSION='4.6.0-0.bpo.1'
KERNEL_SOURCE_VERSION=$(
echo "$KERNEL_VERSION" \
| perl -p -E 's{\A (\d+ [.] \d+) [.] .*}{$1}xms'
)
### You should not have to change anything below this line ####################
# sanity checks
......
#!/bin/bash
set -e
# Including common functions
. "${LB_BASE:-/usr/share/live/build}"/scripts/build.sh
# Setting static variables
DESCRIPTION="$(Echo 'renaming amd64 kernel')"
HELP=""
USAGE="${PROGRAM}"
# Reading configuration files
Read_conffiles config/all config/common config/binary
Set_defaults
Echo_message "Renaming amd64 kernel"
mv binary/live/vmlinuz-*-amd64 binary/live/vmlinuz2
mv binary/live/initrd.img-*-amd64 binary/live/initrd2.img
This diff is collapsed.
APT::Architectures {"i386"; "amd64";};
......@@ -10,14 +10,6 @@ Package: electrum
Pin: release o=Debian,n=stretch
Pin-Priority: 999
Package: firmware-amd-graphics
Pin: release o=Debian,n=sid
Pin-Priority: 999
Package: firmware-atheros
Pin: release o=Debian,n=sid
Pin-Priority: 999
Package: firmware-b43-installer
Pin: release o=Debian,n=sid
Pin-Priority: 999
......@@ -26,42 +18,15 @@ Package: firmware-b43legacy-installer
Pin: release o=Debian,n=sid
Pin-Priority: 999
Package: firmware-brcm80211
Pin: release o=Debian,n=sid
Pin-Priority: 999
Package: firmware-ipw2x00
Pin: release o=Debian,n=sid
Pin-Priority: 999
Package: firmware-iwlwifi
Pin: release o=Debian,n=sid
Pin-Priority: 999
Package: firmware-libertas
Pin: release o=Debian,n=sid
Pin-Priority: 999
Package: firmware-linux
Pin: release o=Debian,n=sid
Explanation: src:firmware-nonfree
Package: firmware-linux firmware-linux-nonfree firmware-amd-graphics firmware-atheros firmware-brcm80211 firmware-intel-sound firmware-ipw2x00 firmware-iwlwifi firmware-libertas firmware-misc-nonfree firmware-realtek firmware-ti-connectivity
Pin: release o=Debian,n=jessie-backports
Pin-Priority: 999
Package: firmware-linux-free
Pin: release o=Debian,n=sid
Pin-Priority: 999
Package: firmware-linux-nonfree
Pin: release o=Debian,n=sid
Pin-Priority: 999
Package: firmware-misc-nonfree
Pin: release o=Debian,n=sid
Pin-Priority: 999
Package: firmware-realtek
Pin: release o=Debian,n=sid
Pin-Priority: 999
Package: firmware-zd1211
Pin: release o=Debian,n=sid
Pin-Priority: 999
......@@ -87,6 +52,19 @@ Package: hplip* hpijs-ppds libhpmud* libsane-hpaio printer-driver-hpcups printer
Pin: release o=Debian,n=jessie-backports
Pin-Priority: 999
Explanation: We ship our custom-built Icedove for now, see #6156
Package: icedove* iceowl* calendar-google-provider
Pin: origin deb.tails.boum.org
Pin-Priority: 999
Package: lib*-mesa*
Pin: release o=Debian,n=jessie-backports
Pin-Priority: 1006
Package: libdrm*
Pin: release o=Debian,n=jessie-backports
Pin-Priority: 999
Package: libdvd-pkg
Pin: release o=Debian,n=jessie-backports
Pin-Priority: 999
......@@ -95,15 +73,27 @@ Package: libnet-dbus-perl
Pin: release o=Debian,n=jessie-backports
Pin-Priority: 999
Package: monkeysphere
Pin: release o=Debian,n=stretch
Package: linux-base
Pin: release o=Debian,n=sid
Pin-Priority: 999
Package: lib*-mesa*
Package: linux-compiler-gcc-4.9-x86
Pin: version 4.6.4-1~bpo8+1
Pin-Priority: 999
Package: linux-compiler-gcc-4.9-x86:amd64
Pin: version 4.6.4-1~bpo8+1
Pin-Priority: 999
Package: linux-headers-* linux-headers-*:amd64
Pin: release o=Debian,n=jessie-backports
Pin-Priority: 1006
Pin-Priority: 999
Package: libdrm*
Package: linux-image-* linux-image-*:amd64
Pin: release o=Debian,n=jessie-backports
Pin-Priority: 999
Package: linux-kbuild-* linux-source-*
Pin: release o=Debian,n=jessie-backports
Pin-Priority: 999
......@@ -119,6 +109,10 @@ Package: onioncircuits
Pin: release o=Debian,n=jessie-backports
Pin-Priority: 999
Package: openpgp-applet
Pin: release o=Debian,n=stretch
Pin-Priority: 999
Package: pinentry-gtk2
Pin: release o=Debian,n=jessie-backports
Pin-Priority: 999
......@@ -139,6 +133,10 @@ Package: torsocks
Pin: release o=Debian,n=jessie-backports
Pin-Priority: 999
Package: virtualbox-guest-utils virtualbox-guest-dkms virtualbox-guest-x11
Pin: release o=Debian,n=jessie-backports
Pin-Priority: 999
Package: xserver-xorg-video-intel
Pin: release o=Debian,n=jessie-backports
Pin-Priority: 999
......
#! /bin/sh
set -e
echo "Configuring dpkg architectures"
dpkg --add-architecture amd64
......@@ -4,7 +4,7 @@ set -e
echo "Wrapping some applications with torsocks"
APPS="gobby-0.5 liferea seahorse"
APPS="gobby-0.5 liferea openpgp-applet seahorse"
DBUS_SERVICES="org.gnome.seahorse.Application org.fedoraproject.Config.Printing"
for app in $APPS; do
......
......@@ -136,7 +136,7 @@ while IFS=: read MOZILLA_LOCALE LOCATION LOCALIZED_LANG STARTPAGE_LANG STARTPAGE
set_simple_config_key "${TARGET_BRANDING_FILE}" \
"spellchecker.dictionary" \
"${SPELLCHECKER_LOCALE}"
HOMEPAGE="https://tails.boum.org/news/"
HOMEPAGE="https://tails.boum.org/home/"
if echo "${TAILS_WIKI_SUPPORTED_LANGUAGES}" | grep -qw "${LANG_CODE}"; then
HOMEPAGE="${HOMEPAGE}index.${LANG_CODE}.html"
fi
......
#!/bin/sh
set -e
echo "Installing amd64 Linux kernel"
apt-get --yes install linux-image-amd64:amd64
#! /bin/sh
set -e
set -u
echo "Building the aufs module"
. /usr/share/amnesia/build/variables
apt-get install --yes \
build-essential \
"linux-source-${KERNEL_SOURCE_VERSION}"
# aufs build needs fs/mount.h, which is in linux-source-* but not
# in linux-headers-*, so we'll symlink it.
tar --directory=/usr/src \
-xf "/usr/src/linux-source-${KERNEL_SOURCE_VERSION}.tar."*
for arch in 686 amd64 ; do
case "$arch" in
686)
linux_headers_arch_pkg="linux-headers-${KERNEL_VERSION}-686"
linux_headers_common_pkg="linux-headers-${KERNEL_VERSION}-common"
;;
amd64)
linux_headers_arch_pkg="linux-headers-${KERNEL_VERSION}-amd64:amd64"
linux_headers_common_pkg="linux-headers-${KERNEL_VERSION}-common:amd64"
;;
*)
exit 1
esac
apt-get install --yes "$linux_headers_arch_pkg" "$linux_headers_common_pkg"
ln -s \
"/usr/src/linux-source-${KERNEL_SOURCE_VERSION}/fs" \
"/usr/src/linux-headers-${KERNEL_VERSION}-${arch}/fs"
(
cd /usr/src/aufs4-standalone
perl -pi -E \
's{\A CONFIG_AUFS_DEBUG \s* = \s* y $}{CONFIG_AUFS_DEBUG =}xms' \
config.mk
KDIR="/usr/src/linux-headers-${KERNEL_VERSION}-${arch}"
make clean KDIR="$KDIR"
make install KDIR="$KDIR"
)
depmod "${KERNEL_VERSION}-${arch}"
apt-get remove --yes "$linux_headers_arch_pkg" "$linux_headers_common_pkg"
done
rm -r /usr/src/aufs4-standalone
rm -r "/usr/src/linux-source-${KERNEL_SOURCE_VERSION}"
#!/bin/sh
set -e
set -u
echo "Building VirtualBox guest modules"
......@@ -9,27 +10,20 @@ if [ "$hw_arch" != i386 -a "$hw_arch" != amd64 ]; then
exit 0
fi
gcc_version=4.8
. /usr/share/amnesia/build/variables
# the -dkms package must be installed *after* dkms to be properly registered
apt-get install --yes build-essential dkms dpatch
apt-get install --yes gcc-${gcc_version}
apt-get install --yes virtualbox-guest-utils virtualbox-guest-dkms virtualbox-guest-x11
# Have the modules built for every installed kernel
for KERNEL in /boot/vmlinuz-* ; do
KERNEL_VERSION="$(basename ${KERNEL} | sed -e 's|vmlinuz-||')"
MODULES_VERSION="$(dpkg-query -W -f='${Version\n}' virtualbox-guest-dkms)"
# Installing the headers should trigger the building of the modules for that kernel
apt-get install --yes linux-headers-$KERNEL_VERSION
# Only build and install if it was not done already
if [ ! "$(dkms status -k $KERNEL_VERSION -m virtualbox-guest -v $MODULES_VERSION)" ]; then
dkms build -k $KERNEL_VERSION -m virtualbox-guest -v $MODULES_VERSION
dkms install -k $KERNEL_VERSION -m virtualbox-guest -v $MODULES_VERSION
fi
done
apt-get install --yes build-essential dkms
# Note: we only build for the 32-bit kernel, since building for 64-bit is too painful
# with multiarch; and anyway, the 64-bit kernel module doesn't play well with
# a 32-bit userspace (https://www.virtualbox.org/ticket/8336), which is why
# we instruct users to set up a 32-bit VM.
# Installing the headers triggers the building of the modules for that kernel
apt-get install --yes \
"linux-headers-${KERNEL_VERSION}-686" \
virtualbox-guest-dkms
# clean the build directory
rm -r /var/lib/dkms/virtualbox-guest/
......
......@@ -19,4 +19,9 @@ rm \
sed -i'' --regexp-extended 's,^Exec=pidgin$,Exec=/usr/local/bin/pidgin,' \
/usr/share/applications/pidgin.desktop
# Run OpenPGP Applet automatically, but do not show it in the Applications menu
rm /etc/xdg/autostart/openpgp-applet.desktop
mv /usr/share/applications/openpgp-applet.desktop \
/etc/xdg/autostart/
xdg-desktop-menu forceupdate
#!/bin/sh
set -e
echo "Configuring haveged"
perl -pi -E 's,^(ExecStart=.*)--write=\d+$,$1--write=2048",' \
/lib/systemd/system/haveged.service
#!/bin/sh
set -e
echo "Adding memory_wipe to the prereqs of all other init-top initramfs scripts"
(
cd /usr/share/initramfs-tools/scripts/init-top
for script in * ; do
[ "$script" != memory_wipe ] || continue
sed --regexp-extended -i \
-e 's/^(PREREQS?)="(.*)"/\1="memory_wipe \2"/' \
"$script"
done
)
......@@ -14,7 +14,9 @@ echo "Removing unwanted packages"
apt-get --yes purge \
'^linux-kbuild-*' \
'^linux-headers-*' \
build-essential debhelper dkms dpatch dpkg-dev \
'^linux-headers-*:amd64' \
'^linux-source-*' \
build-essential debhelper dkms dpkg-dev \
gcc gcc-4.8 gcc-4.8-base gcc-4.9 \
intltool-debian \
libc6-dev libgl1-mesa-dev linux-libc-dev \
......