diff --git a/config/APT_overlays.d/feature-11501-install-verbs-instead-yes-no b/config/APT_overlays.d/feature-11501-install-verbs-instead-yes-no new file mode 100644 index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391 diff --git a/config/APT_snapshots.d/debian/serial b/config/APT_snapshots.d/debian/serial index 27e6cccafd498597e7f913c221cf36878165dd7c..b1f9fa5ca9f23d54e30169831cae88d94b57595d 100644 --- a/config/APT_snapshots.d/debian/serial +++ b/config/APT_snapshots.d/debian/serial @@ -1 +1 @@ -2018081901 +2018100901 diff --git a/config/amnesia b/config/amnesia index 1ef3ee5763fcc2015501b2549aeaf84703040670..6af60991dd2be938dd45ecb74c58871c0c2f97ff 100644 --- a/config/amnesia +++ b/config/amnesia @@ -26,7 +26,7 @@ AMNESIA_ISOHYBRID_OPTS="-h 255 -s 63 --id 42 --verbose" REQUIRED_SYSLINUX_UTILS_UPSTREAM_VERSION="6.03~pre20" # Kernel version -KERNEL_VERSION='4.17.0-3' +KERNEL_VERSION='4.18.0-2' KERNEL_SOURCE_VERSION=$( echo "$KERNEL_VERSION" \ | perl -p -E 's{\A (\d+ [.] \d+) [.] .*}{$1}xms' diff --git a/config/chroot_apt/preferences b/config/chroot_apt/preferences index 0556f67d0d01bcbab27f1d15e0147e8e836cf1af..95b9f6d95c75c4f12649b39026d3ecbf72756cc8 100644 --- a/config/chroot_apt/preferences +++ b/config/chroot_apt/preferences @@ -105,7 +105,8 @@ Package: vulcan* libvulkan* Pin: release o=Debian,n=stretch-backports Pin-Priority: 999 -Package: wayland-protocols +Explanation: src:wayland and src:wayland-protocols +Package: libwayland* wayland-protocols Pin: release o=Debian,n=stretch-backports Pin-Priority: 999 diff --git a/config/chroot_local-hooks/46-configure-htpdate b/config/chroot_local-hooks/46-configure-htpdate deleted file mode 100755 index 628ffabcb63f70d2826974c6a20e91eb2fc60409..0000000000000000000000000000000000000000 --- a/config/chroot_local-hooks/46-configure-htpdate +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/sh - -set -e - -echo "Configuring htpdate HTTP User-Agent" - -CONFFILE='/etc/default/htpdate.user-agent' - -install -o root -g root -m 0644 /dev/null "$CONFFILE" - -echo "HTTP_USER_AGENT=\"$(/usr/local/lib/getTorBrowserUserAgent)\"" \ - > "$CONFFILE" diff --git a/config/chroot_local-includes/etc/default/htpdate.user-agent b/config/chroot_local-includes/etc/default/htpdate.user-agent new file mode 100644 index 0000000000000000000000000000000000000000..e5aa63614e252e2b720d0ca70219cf5d90980e55 --- /dev/null +++ b/config/chroot_local-includes/etc/default/htpdate.user-agent @@ -0,0 +1 @@ +HTTP_USER_AGENT="Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0" diff --git a/config/chroot_local-includes/etc/whisperback/debugging-info.json b/config/chroot_local-includes/etc/whisperback/debugging-info.json index 586bf936bcadbc8c2951b1a023a5a3eb1ab89fdd..44f2d70fb9d05a21f95c01cb50077006187adcf7 100644 --- a/config/chroot_local-includes/etc/whisperback/debugging-info.json +++ b/config/chroot_local-includes/etc/whisperback/debugging-info.json @@ -6,6 +6,8 @@ ["command", {"args": ["/usr/bin/lspci", "-nn"]}], ["command", {"args": ["/bin/df", "--human-readable", "--print-type"]}], ["command", {"args": ["/bin/mount", "--show-labels"]}], +["command", {"args": ["/sbin/dmsetup", "ls", "--tree", "--options=blkdevname,uuid,active,open,rw,notrunc"]}], +["command", {"args": ["/sbin/losetup", "--list", "--output=NAME,BACK-FILE,AUTOCLEAR,RO,PARTSCAN,SIZELIMIT,OFFSET"]}], ["command", {"args": ["/bin/lsmod"]}], ["file", {"user": "root", "path": "/proc/asound/cards"}], ["file", {"user": "root", "path": "/proc/asound/devices"}], diff --git a/config/chroot_local-includes/usr/local/lib/getTorBrowserUserAgent b/config/chroot_local-includes/usr/local/lib/getTorBrowserUserAgent deleted file mode 100755 index 62e625d4c55a858b3fcdfa1d799326d0346eb963..0000000000000000000000000000000000000000 --- a/config/chroot_local-includes/usr/local/lib/getTorBrowserUserAgent +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh - -set -e -set -u - -echo 'Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0' diff --git a/config/chroot_local-includes/usr/local/lib/onion-grater b/config/chroot_local-includes/usr/local/lib/onion-grater index 4f0690d02bc4fc042f40d54c91e883e62afbb5f4..b8369b91bc20dd9abbd5ec48a24ca284402e0de9 100755 --- a/config/chroot_local-includes/usr/local/lib/onion-grater +++ b/config/chroot_local-includes/usr/local/lib/onion-grater @@ -134,6 +134,7 @@ import socket import socketserver import stem import stem.control +import stem.connection import struct import sys import textwrap @@ -565,12 +566,8 @@ class FilteredControlPortProxyHandler(socketserver.StreamRequestHandler): )) def connect_to_real_control_port(self): - with open(global_args.control_cookie_path, "rb") as f: - cookie = f.read() - controller = stem.control.Controller.from_socket_file( - global_args.control_socket_path - ) - controller.authenticate(cookie) + controller = stem.connection.connect(control_socket=global_args.control_socket_path) + stem.connection.authenticate_cookie(controller, cookie_path=global_args.control_cookie_path) return controller def handle(self): diff --git a/config/chroot_local-includes/usr/share/tails/torbrowser-AppArmor-profile.patch b/config/chroot_local-includes/usr/share/tails/torbrowser-AppArmor-profile.patch index f7f436c61bbcaed24de8d140ad6590625efae589..1ab78e0881682400eb5f0094a2b3df51d0acd2b6 100644 --- a/config/chroot_local-includes/usr/share/tails/torbrowser-AppArmor-profile.patch +++ b/config/chroot_local-includes/usr/share/tails/torbrowser-AppArmor-profile.patch @@ -1,12 +1,12 @@ diff --git a/etc/apparmor.d/torbrowser.Browser.firefox b/etc/apparmor.d/torbrowser.Browser.firefox -index d0aded9..e718ed5 100644 +index 9f269e1..8c7c830 100644 --- a/etc/apparmor.d/torbrowser.Browser.firefox +++ b/etc/apparmor.d/torbrowser.Browser.firefox @@ -1,10 +1,11 @@ #include #include --@{torbrowser_firefox_executable} = /home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox +-@{torbrowser_firefox_executable} = /home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox.real +@{torbrowser_firefox_executable} = /usr/local/lib/tor-browser/firefox.real profile torbrowser_firefox @{torbrowser_firefox_executable} { @@ -34,7 +34,7 @@ index d0aded9..e718ed5 100644 owner @{PROC}/@{pid}/fd/ r, owner @{PROC}/@{pid}/mountinfo r, owner @{PROC}/@{pid}/stat r, -@@ -39,30 +43,32 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} { +@@ -39,32 +43,34 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} { owner @{PROC}/@{pid}/task/*/stat r, @{PROC}/sys/kernel/random/uuid r, @@ -53,7 +53,6 @@ index d0aded9..e718ed5 100644 - owner @{torbrowser_home_dir}/components/*.so mr, - owner @{torbrowser_home_dir}/browser/components/*.so mr, - owner @{torbrowser_home_dir}/firefox rix, -- owner @{torbrowser_home_dir}/plugin-container px -> torbrowser_plugin_container, - owner @{torbrowser_home_dir}/{,TorBrowser/UpdateInfo/}updates/[0-9]*/updater ix, - owner @{torbrowser_home_dir}/{,TorBrowser/UpdateInfo/}updates/0/MozUpdater/bgupdate/updater ix, - owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profiles.ini r, @@ -64,7 +63,6 @@ index d0aded9..e718ed5 100644 - owner @{torbrowser_home_dir}/TorBrowser/Tor/*.so.* mr, + @{torbrowser_home_dir}/ r, + @{torbrowser_home_dir}/** mr, -+ @{torbrowser_home_dir}/plugin-container px -> torbrowser_plugin_container, + + owner "@{HOME}/Tor Browser/" rw, + owner "@{HOME}/Tor Browser/**" rwk, @@ -89,17 +87,13 @@ index d0aded9..e718ed5 100644 + /usr/share/doc/tails/website/ r, + /usr/share/doc/tails/website/** r, + # Web Content processes +- owner @{torbrowser_firefox_executable} px -> torbrowser_plugin_container, ++ @{torbrowser_firefox_executable} px -> torbrowser_plugin_container, + /etc/mailcap r, /etc/mime.types r, -@@ -70,6 +76,7 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} { - /usr/share/ r, - /usr/share/mime/ r, - /usr/share/themes/ r, -+ /usr/share/glib-2.0/schemas/gschemas.compiled r, - /usr/share/applications/** rk, - /usr/share/gnome/applications/ r, - /usr/share/gnome/applications/kde4/ r, -@@ -85,12 +92,6 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} { +@@ -88,12 +94,6 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} { /sys/devices/system/node/node[0-9]*/meminfo r, deny /sys/devices/virtual/block/*/uevent r, @@ -112,7 +106,7 @@ index d0aded9..e718ed5 100644 # Required for multiprocess Firefox (aka Electrolysis, i.e. e10s) owner /{dev,run}/shm/org.chromium.* rw, -@@ -104,6 +105,31 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} { +@@ -107,6 +107,29 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} { deny @{HOME}/.cache/fontconfig/** rw, deny @{HOME}/.config/gtk-2.0/ rw, deny @{HOME}/.config/gtk-2.0/** rw, @@ -122,8 +116,6 @@ index d0aded9..e718ed5 100644 + deny /sys/devices/system/cpu/*/cache/index[0-9]*/size r, + deny /usr/local/lib/tor-browser/update.test/ rw, + -+ @{torbrowser_firefox_executable} px -> torbrowser_plugin_container, -+ + # Grant access to assistive technologies + # (otherwise, Firefox crashes when Orca is enabled: + # https://labs.riseup.net/code/issues/9261) @@ -144,7 +136,7 @@ index d0aded9..e718ed5 100644 deny @{PROC}/@{pid}/net/route r, deny /sys/devices/system/cpu/cpufreq/policy[0-9]*/cpuinfo_max_freq r, deny /sys/devices/system/cpu/*/cache/index[0-9]*/size r, -@@ -119,5 +145,10 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} { +@@ -122,5 +145,10 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} { /etc/xfce4/defaults.list r, /usr/share/xfce4/applications/ r, @@ -157,10 +149,19 @@ index d0aded9..e718ed5 100644 + deny /tmp/ rwklx, } diff --git a/etc/apparmor.d/torbrowser.Browser.plugin-container b/etc/apparmor.d/torbrowser.Browser.plugin-container -index fe95fdb..32d0c38 100644 +index 7ec8a00..346f2ad 100644 --- a/etc/apparmor.d/torbrowser.Browser.plugin-container +++ b/etc/apparmor.d/torbrowser.Browser.plugin-container -@@ -10,9 +10,9 @@ profile torbrowser_plugin_container { +@@ -1,7 +1,7 @@ + #include + #include + +-@{torbrowser_firefox_executable} = /home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox.real ++@{torbrowser_firefox_executable} = /usr/local/lib/tor-browser/firefox.real + + profile torbrowser_plugin_container { + #include +@@ -12,9 +12,9 @@ profile torbrowser_plugin_container { # - the "deny" word in the machine-id lines # - the rules that deny reading /etc/pulse/client.conf # and executing /usr/bin/pulseaudio @@ -173,7 +174,7 @@ index fe95fdb..32d0c38 100644 signal (receive) set=("term") peer=torbrowser_firefox, -@@ -24,14 +24,15 @@ profile torbrowser_plugin_container { +@@ -26,8 +26,8 @@ profile torbrowser_plugin_container { deny /etc/group r, deny /etc/mailcap r, @@ -184,14 +185,7 @@ index fe95fdb..32d0c38 100644 /etc/mime.types r, /usr/share/applications/gnome-mimeapps.list r, - - /dev/shm/ r, - -+ owner @{PROC}/@{pid}/environ r, - owner @{PROC}/@{pid}/fd/ r, - owner @{PROC}/@{pid}/mountinfo r, - owner @{PROC}/@{pid}/stat r, -@@ -39,28 +40,28 @@ profile torbrowser_plugin_container { +@@ -42,31 +42,29 @@ profile torbrowser_plugin_container { owner @{PROC}/@{pid}/task/*/stat r, @{PROC}/sys/kernel/random/uuid r, @@ -205,11 +199,12 @@ index fe95fdb..32d0c38 100644 - owner @{torbrowser_home_dir}/browser/components/*.so mr, - owner @{torbrowser_home_dir}/defaults/pref/ r, - owner @{torbrowser_home_dir}/defaults/pref/*.js r, +- owner @{torbrowser_home_dir}/dependentlibs.list r, - owner @{torbrowser_home_dir}/fonts/ r, - owner @{torbrowser_home_dir}/fonts/** r, - owner @{torbrowser_home_dir}/omni.ja r, -- owner @{torbrowser_home_dir}/plugin-container ixmr, - owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/extensions/*.xpi r, +- owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/startupCache/* r, - owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/tmp/* rw, - owner @{torbrowser_home_dir}/TorBrowser/Data/fontconfig/fonts.conf r, - owner @{torbrowser_home_dir}/TorBrowser/Tor/ r, @@ -217,11 +212,12 @@ index fe95fdb..32d0c38 100644 - owner @{torbrowser_home_dir}/TorBrowser/Tor/*.so.* mr, - owner @{torbrowser_home_dir}/Downloads/ rwk, - owner @{torbrowser_home_dir}/Downloads/** rwk, +- +- owner @{torbrowser_firefox_executable} ixmr -> torbrowser_plugin_container, + @{torbrowser_home_dir}/ r, + @{torbrowser_home_dir}/** mr, -+ @{torbrowser_home_dir}/plugin-container ixmr, + -+ owner @{HOME}/.tor-browser/profile.default/startupCache/scriptCache-child-current.bin r, ++ owner @{HOME}/.tor-browser/profile.default/startupCache/* r, + owner @{HOME}/.tor-browser/profile.default/tmp/* rw, + + owner "@{HOME}/Tor Browser/" rw, @@ -239,10 +235,12 @@ index fe95fdb..32d0c38 100644 + + /usr/share/doc/tails/website/ r, + /usr/share/doc/tails/website/** r, ++ ++ @{torbrowser_firefox_executable} ixmr -> torbrowser_plugin_container, /sys/devices/system/cpu/ r, /sys/devices/system/cpu/present r, -@@ -86,10 +87,16 @@ profile torbrowser_plugin_container { +@@ -92,10 +90,16 @@ profile torbrowser_plugin_container { deny @{PROC}/@{pid}/net/route r, deny /sys/devices/system/cpu/cpufreq/policy[0-9]*/cpuinfo_max_freq r, deny /sys/devices/system/cpu/*/cache/index[0-9]*/size r, diff --git a/config/chroot_local-patches/apparmor-adjust-freedesktop-abstraction.diff b/config/chroot_local-patches/apparmor-adjust-freedesktop-abstraction.diff new file mode 100644 index 0000000000000000000000000000000000000000..2596d1f1cf99b85f150596a5c1fe04a4689d2a26 --- /dev/null +++ b/config/chroot_local-patches/apparmor-adjust-freedesktop-abstraction.diff @@ -0,0 +1,11 @@ +--- /etc/apparmor.d/abstractions/freedesktop.org 2018-10-07 19:38:49.308000000 +0000 ++++ /etc/apparmor.d/abstractions/freedesktop.org 2018-10-07 19:48:40.400000000 +0000 +@@ -24,7 +24,7 @@ + /usr/local/share/pixmaps/** r, + + # this should probably go elsewhere +- /usr/share/mime/** r, ++ /usr/{local/,}share/mime/** r, + + # per-user configurations + owner @{HOME}/.icons/ r, diff --git a/features/step_definitions/usb.rb b/features/step_definitions/usb.rb index 1b9df55ce9803489debf07f3a20648f0d10747d6..209db1120d056770ad09314d39c952003988f79a 100644 --- a/features/step_definitions/usb.rb +++ b/features/step_definitions/usb.rb @@ -194,7 +194,12 @@ When /^I (install|reinstall|upgrade) Tails (?:to|on) USB drive "([^"]+)" (by clo label = action.capitalize end @installer.button(label).click - @installer.child('Question', roleName: 'alert').button('Yes').click + if action == 'upgrade' + confirmation_label = 'Upgrade' + else + confirmation_label = 'Install' + end + @installer.child('Question', roleName: 'alert').button(confirmation_label).click try_for(15*60, { :delay => 10 }) do @installer .child('Information', roleName: 'alert') diff --git a/submodules/aufs4-standalone b/submodules/aufs4-standalone index 01543e47eae7653c7e9a35a7204301f8a0b3ca50..bdda97c749604bb9ea3f19e0c1ffac9042e79f77 160000 --- a/submodules/aufs4-standalone +++ b/submodules/aufs4-standalone @@ -1 +1 @@ -Subproject commit 01543e47eae7653c7e9a35a7204301f8a0b3ca50 +Subproject commit bdda97c749604bb9ea3f19e0c1ffac9042e79f77 diff --git a/wiki/src/contribute/release_process/tor-browser.mdwn b/wiki/src/contribute/release_process/tor-browser.mdwn index f9f88e996615ea1420c11a507704b34552b45f66..4f51bbb3a5aeec137c06881549f14e5bdc3cf9f7 100644 --- a/wiki/src/contribute/release_process/tor-browser.mdwn +++ b/wiki/src/contribute/release_process/tor-browser.mdwn @@ -136,7 +136,7 @@ Then, clone the metadata repository and initialize git-annex: git clone gitolite@git.puppet.tails.boum.org:torbrowser-archive.git && \ cd torbrowser-archive && \ - git annex init + git annex init You now have a lot of (dangling) symlinks in place of the files that are available in this git-annex repo. @@ -242,3 +242,21 @@ Clean up cd "$TBB_ARCHIVE" && \ git annex drop -- "${TBB_VERSION}" && \ rm -rf "$DL_DIR" + +Update the htpdate User Agent +============================= + +We want to use the same user agent in our htpdate script (see the +[[Time syncing design|contribute/design/Time_syncing]] +for more info on that) as in Tor Browser. + +To find out the User Agent of the new Tor Browser: + +1. Start Tor Browser (outside of Tails, if there is no ISO yet with the new + Tor Browser) +2. Open the _Network_ tab in the _Developer Tools_ (Ctrl+Shift+E) +3. Load a website (e.g. ) +4. Select one of the GET requests in the _Developer Tools_ +5. Scroll down to `User-Agent` in the _Request headers_ section + +Now replace the User Agent in `config/chroot_local-includes/etc/default/htpdate.user-agent` with the one you found above.