Commit fffcda36 authored by sajolida's avatar sajolida
Browse files

Merge remote-tracking branch 'origin/testing' into doc/8068-gnome

Conflicts:
	wiki/src/doc/first_steps/introduction_to_gnome_and_the_tails_desktop/nautilus.png
parents c6318461 ed47c0c6

Too many changes to show.

To preserve performance only 1000 of 1000+ files are displayed.
......@@ -63,6 +63,7 @@ chmod go+rX config/chroot_local-includes/home
chmod go+rX config/chroot_local-includes/lib
chmod go+rX config/chroot_local-includes/lib/live
chmod -R go+rx config/chroot_local-includes/lib/live/config
chmod go+rX config/chroot_local-includes/lib/live/mount
chmod -R go+rX config/chroot_local-includes/lib/systemd
chmod go+rX config/chroot_local-includes/live
chmod -R go+rX config/chroot_local-includes/usr
......@@ -80,18 +81,13 @@ MKSQUASHFS_OPTIONS="${MKSQUASHFS_OPTIONS} -wildcards -ef chroot/usr/share/amnesi
export MKSQUASHFS_OPTIONS
# get git branch or tag so we can set the basename appropriately, i.e.:
# * if we build from a tag: tails-$ARCH-$TAG.iso
# * if we build from a branch: tails-$ARCH-$BRANCH-$VERSION-$DATE.iso
# * if Jenkins builds from a branch: tails-$ARCH-$BRANCH-$VERSION-$TIME-$COMMIT.iso
# * if we build from a tag: tails-$ARCH-$TAG.iso
# * otherwise: tails-$ARCH-$BRANCH-$VERSION-$TIME-$COMMIT.iso
if GIT_REF="$(git symbolic-ref HEAD)"; then
GIT_BRANCH="${GIT_REF#refs/heads/}"
CLEAN_GIT_BRANCH=$(echo "$GIT_BRANCH" | sed 's,/,_,g')
if [ -n "$JENKINS_URL" ]; then
GIT_SHORT_ID="$(git rev-parse --short HEAD)"
BUILD_BASENAME="tails-${LB_ARCHITECTURE}-${CLEAN_GIT_BRANCH}-${AMNESIA_VERSION}-${AMNESIA_NOW}-${GIT_SHORT_ID}"
else
BUILD_BASENAME="tails-${LB_ARCHITECTURE}-${CLEAN_GIT_BRANCH}-${AMNESIA_VERSION}-${AMNESIA_TODAY}"
fi
GIT_SHORT_ID="$(git rev-parse --short HEAD)"
BUILD_BASENAME="tails-${LB_ARCHITECTURE}-${CLEAN_GIT_BRANCH}-${AMNESIA_VERSION}-${AMNESIA_NOW}-${GIT_SHORT_ID}"
else
GIT_CURRENT_COMMIT="$(git rev-parse HEAD)"
if GIT_TAG="$(git describe --tags --exact-match ${GIT_CURRENT_COMMIT})"; then
......
......@@ -13,7 +13,7 @@
# Base for the string that will be passed to "lb config --bootappend-live"
# FIXME: see [[bugs/sdmem_on_eject_broken_for_CD]] for explanation why we
# need to set block.events_dfl_poll_msecs
AMNESIA_APPEND="live-media=removable apparmor=1 security=apparmor nopersistent noprompt timezone=Etc/UTC block.events_dfl_poll_msecs=1000 splash noautologin module=Tails"
AMNESIA_APPEND="live-media=removable apparmor=1 security=apparmor nopersistence noprompt timezone=Etc/UTC block.events_dfl_poll_msecs=1000 splash noautologin module=Tails"
# Options passed to isohybrid
AMNESIA_ISOHYBRID_OPTS="-h 255 -s 63"
......
This diff is collapsed.
Package: apparmor-profiles-extra
Pin: release o=Debian Backports,n=jessie-backports
Pin-Priority: 999
Package: b43-fwcutter
Pin: release o=Debian,a=unstable
Pin-Priority: 999
Package: electrum
Pin: release o=Debian,n=stretch
Pin-Priority: 999
Package: firmware-amd-graphics
Pin: release o=Debian,a=unstable
Pin-Priority: 999
......@@ -126,64 +134,29 @@ Package: linux-kbuild-3.16
Pin: release o=Debian,n=jessie
Pin-Priority: 999
Explanation: override the Wheezy-specific package from the devel APT suite
Package: tor
Pin: release o=TorProject,n=tor-experimental-0.2.7.x-jessie
Pin-Priority: 1006
Package: obfs4proxy
Pin: release o=TorProject,n=obfs4proxy
Pin-Priority: 990
Explanation: override the Wheezy-specific package from the devel APT suite
Package: tor-geoipdb
Pin: release o=TorProject,n=tor-experimental-0.2.7.x-jessie
Pin-Priority: 1006
Package: python-electrum
Pin: release o=Debian,n=stretch
Pin-Priority: 999
Package: ttdnsd
Pin: release o=TorProject,a=unstable
Pin-Priority: 999
Explanation: override our Wheezy-specific package
Package: apparmor*
Pin: release o=Debian,n=jessie
Pin-Priority: 1006
Explanation: override our Wheezy-specific package
Package: libapparmor*
Pin: release o=Debian,n=jessie
Pin-Priority: 1006
Explanation: override our Wheezy-specific package
Package: hledger
Pin: release o=Debian,n=jessie
Pin-Priority: 1006
Explanation: override our Wheezy-specific package
Package: python-dbus
Pin: release o=Debian,n=jessie
Pin-Priority: 1006
Explanation: override our Wheezy-specific package
Package: python-dbus-dev
Pin: release o=Debian,n=jessie
Pin-Priority: 1006
Explanation: override the Wheezy-specific package from the devel APT suite
Package: tails-greeter
Pin: release o=Tails,n=feature-jessie
Pin-Priority: 1006
Explanation: override the Wheezy-specific package from the devel APT suite
Package: tails-perl5lib
Pin: release o=Tails,n=feature-jessie
Pin-Priority: 1006
Package: torsocks
Pin: release o=Debian Backports,n=jessie-backports
Pin-Priority: 999
Explanation: override the Wheezy-specific package from the devel APT suite
Package: tails-persistence-setup
Pin: release o=Tails,n=feature-jessie
Pin-Priority: 1006
Package: xserver-xorg-video-intel
Pin: release o=Debian Backports,n=jessie-backports
Pin-Priority: 999
Explanation: override our Wheezy-specific package
Package: xserver-xorg-input-evdev
Pin: release o=Debian,n=jessie
Pin-Priority: 1006
Package: xul-ext-torbirdy
Pin: release o=Debian Backports,n=jessie-backports
Pin-Priority: 999
Explanation: weirdness in chroot_apt install-binary
Package: *
......@@ -198,12 +171,16 @@ Package: *
Pin: release o=Debian,n=jessie-updates
Pin-Priority: 990
Package: *
Pin: release o=Debian,n=jessie-proposed-updates
Pin-Priority: 990
Package: *
Pin: release o=Debian,n=jessie
Pin-Priority: 990
Package: *
Pin: release o=TorProject,n=tor-experimental-0.2.7.x-jessie
Pin: release o=TorProject,n=jessie
Pin-Priority: 990
Package: *
......
......@@ -4,12 +4,13 @@ set -e
echo "Checking for .orig files"
DOT_ORIG_WHITELIST=<<EOF
DOT_ORIG_WHITELIST=$(cat <<EOF
/bin/hostname.orig
/etc/resolv.conf.orig
/lib/systemd/system/alsa-utils.service.orig
/sbin/start-stop-daemon.orig
EOF
)
DOT_ORIG_FILES=$(find / -type f -name *.orig | grep -v -F "$DOT_ORIG_WHITELIST" || :)
......
#!/bin/sh
set -e
echo "Disabling scanning of LVM devices at boot time"
# scanning for lvm devives takes time on boot
find /etc/rcS.d -name "S*lvm2" | xargs rm -f
......@@ -8,11 +8,15 @@ APPS="gobby-0.5 liferea seahorse"
DBUS_SERVICES="org.gnome.seahorse.Application"
for app in $APPS; do
sed -i'' --regexp-extended 's,Exec=(.*),Exec=torsocks \1,' \
sed -i'' --regexp-extended 's,^Exec=(.*),Exec=torsocks \1,' \
"/usr/share/applications/${app}.desktop"
done
for dbus_service in $DBUS_SERVICES; do
sed -i'' --regexp-extended 's,Exec=(.*),Exec=torsocks \1,' \
sed -i'' --regexp-extended 's,^Exec=(.*),Exec=torsocks \1,' \
"/usr/share/dbus-1/services/${dbus_service}.service"
done
# Redirect to existing wrapper
sed -i'' --regexp-extended 's,^Exec=/usr/bin/totem$,Exec=/usr/local/bin/totem,' \
"/usr/share/dbus-1/services/org.gnome.Totem.service"
......@@ -58,10 +58,8 @@ install_tor_browser() {
ln -s "${f}" "${prep}"/dictionaries/
done
# The libstdc++6 package in Wheezy is too old, so we need the
# bundled one. And even if it the one in Jessie isn't too old
# for the time being, better run Tor Browser with the library
# it's meant to work with.
# Let's use the libstdc++ that the Tor Browser is intended to be used with,
# instead of the system one.
cp "${prep}"/TorBrowser/Tor/libstdc++.so.6 "${prep}"
# We don't need the Tor binary, the shared libraries Tor needs
......
......@@ -22,7 +22,7 @@ BROWSER_LOCALIZATION_DIR="/usr/share/tails/browser-localization"
DESCRIPTIONS_FILE="${BROWSER_LOCALIZATION_DIR}/descriptions"
BRANDING_TEMPLATE_FILE="${BROWSER_LOCALIZATION_DIR}/amnesia.properties-template"
BRANDING_DIR="/usr/local/share/tor-browser-extensions/branding@amnesia.boum.org/"
NO_SPELLCHECKER_LOCALES="ko nl pl tr zh"
NO_SPELLCHECKER_LOCALES="ja ko nl pl tr zh"
apt-get --yes install imagemagick
......
......@@ -6,5 +6,5 @@ echo "Generating Tor Browser profile"
set -e
/usr/local/bin/generate-tor-browser-profile
/usr/local/lib/generate-tor-browser-profile
mv ~/.tor-browser /etc/skel
......@@ -52,6 +52,7 @@ sed -i 's|^.*\(wrapper\.java\.additional\.6=-Djava\.net\.preferIPv6Addresses=\).
# * In-I2P Network Updates: Disabled
# * Inbound connections: Disabled (setting is "i2cp.ntcp.autoip")
# * Disable I2P plugins
# * Disable NTP
cat > "$I2P/router.config" << EOF
# NOTE: This I2P config file must use UTF-8 encoding
i2cp.disableInterface=true
......@@ -61,6 +62,7 @@ i2np.udp.ipv6=false
router.isHidden=true
router.updateDisabled=true
router.enablePlugins=false
time.disabled=true
EOF
cat > "$I2P/susimail.config" << EOF
......
#!/bin/sh
set -e
echo "Adding cpufreq modules to /etc/modules"
for module in cpufreq_powersave dm-mod ; do
echo "${module}" >> /etc/modules
done
......@@ -8,5 +8,5 @@ CONFFILE='/etc/default/htpdate.user-agent'
install -o root -g root -m 0644 /dev/null "$CONFFILE"
echo "HTTP_USER_AGENT=\"$(/usr/local/bin/getTorBrowserUserAgent)\"" \
echo "HTTP_USER_AGENT=\"$(/usr/local/lib/getTorBrowserUserAgent)\"" \
> "$CONFFILE"
......@@ -55,25 +55,29 @@ systemctl --global enable tails-upgrade-frontend.service
systemctl --global enable tails-virt-notify-user.service
systemctl --global enable tails-wait-until-tor-has-bootstrapped.service
# Use socket activation only, to save a bit of memory and boot time
# Use socket activation only, to delay the startup of cupsd.
# In practice, on Jessie this means that cupsd is started during
# the initialization of the GNOME session, which is fine: by then,
# the persistent /etc/cups has been mounted.
# XXX: make sure it's the case on Stretch, adjust if not.
systemctl disable cups.service
systemctl enable cups.socket
# We're starting NetworkManager and Tor ourselves.
# We're starting NetworkManager, Tor and ttdnsd ourselves.
# We disable tor.service (as opposed to tor@default.service) because
# it's an important goal to never start Tor before the user has had
# a chance to choose to do so in an obfuscated way: if some other
# package enables tor@whatever.service someday, disabling tor.service
# will disable it as well, while disabling tor@default.service would not.
# will disable it as well, while disabling tor@default.service would not.
systemctl disable tor.service
systemctl disable NetworkManager.service
systemctl disable NetworkManager-wait-online.service
systemctl disable ttdnsd.service
# We don't run these services by default
systemctl disable gdomap.service
systemctl disable hdparm.service
systemctl disable i2p.service
systemctl disable ttdnsd.service
# Don't hide tails-kexec's shutdown messages with an empty splash screen
for suffix in halt kexec poweroff reboot shutdown ; do
......
#!/bin/sh
set -e
echo 'Updating icedove.desktop'
sed -i 's;^Exec=icedove;Exec=/usr/local/bin/icedove;' /usr/share/applications/icedove.desktop
#!/bin/sh
set -eu
echo "Configuring file associations"
defaults_file=/etc/gnome/defaults.list
if grep -E '^application/pgp-keys=' "$defaults_file"; then
echo "application/pgp-keys is already configured in $defaults_file" >&2
exit 1
else
# XXX: Stretch -- this fixes https://bugs.freedesktop.org/show_bug.cgi?id=93656
# (Tails#10889, Tails#10571)
echo 'application/pgp-keys=seahorse-pgp-keys.desktop' \
>> "$defaults_file"
echo 'application/x-iwork-keynote-sffkey=seahorse-pgp-keys.desktop' \
>> "$defaults_file"
fi
......@@ -8,8 +8,12 @@ if [ $1 = "lo" ]; then
exit 0
fi
# Run whenever an interface gets "up", not otherwise:
if [ $2 != "up" ]; then
if [ $2 = "up" ]; then
: # go on, that's what this script is for
elif [ "${2}" = "down" ]; then
systemctl --no-block stop tails-tor-has-bootstrapped.target
exit 0
else
exit 0
fi
......@@ -26,6 +30,10 @@ systemctl stop tor@default.service
# tordate/20-time.sh), so deleting it seems like a Good Thing(TM).
rm -f "${TOR_LOG}"
# Let the rest of the system know that Tor is not working at the moment.
# This matters e.g. if we have already bootstrapped.
systemctl --no-block restart tails-tor-has-bootstrapped.target
# The Tor syscall sandbox is not compatible with managed proxies.
# We could possibly detect whether the user has configured any such
# thing via Tor Launcher later (e.g. in 60-tor-ready.sh),
......
......@@ -10,6 +10,9 @@
# Get LIVE_USERNAME
. /etc/live/config.d/username.conf
# Import export_gnome_env().
. /usr/local/lib/tails-shell-library/gnome.sh
# Import tor_control_*(), tor_is_working(), TOR_LOG, TOR_DIR
. /usr/local/lib/tails-shell-library/tor.sh
......@@ -207,12 +210,8 @@ is_clock_way_off() {
}
start_notification_helper() {
export DISPLAY=':0.0'
export XAUTHORITY="$(echo /var/run/gdm3/auth-for-$LIVE_USERNAME-*/database)"
GNOME_SHELL_PID="$(pgrep --newest --euid ${LIVE_USERNAME} gnome-shell)"
export "$(tr '\0' '\n' < /proc/${GNOME_SHELL_PID}/environ | \
grep '^DBUS_SESSION_BUS_ADDRESS=')"
exec /bin/su -c /usr/local/bin/tails-htp-notify-user "$LIVE_USERNAME" &
export_gnome_env
exec /bin/su -c /usr/local/lib/tails-htp-notify-user "$LIVE_USERNAME" &
}
......@@ -247,5 +246,5 @@ fi
touch $TORDATE_DONE_FILE
log "Restarting htpdate"
systemctl --no-block restart htpdate.service
systemctl restart htpdate.service
log "htpdate service restarted with return code $?"
......@@ -35,7 +35,6 @@ show-desktop-icons = true
picture-uri='file:///usr/share/tails/desktop_wallpaper.png'
[org/gnome/desktop/interface]
clock-show-date=true
menus-have-icons=true
[org/gnome/libgnomekbd/keyboard]
......@@ -86,5 +85,5 @@ antialiasing = 'rgba'
hinting = 'slight'
[org/gnome/shell]
enabled-extensions = ['alternative-status-menu@gnome-shell-extensions.gcampax.github.com', 'topIcons@adel.gadllah@gmail.com', 'shutdown-helper@tails.boum.org']
favorite-apps=['tor-browser.desktop', 'claws-mail.desktop', 'pidgin.desktop', 'keepassx.desktop', 'gnome-terminal.desktop']
enabled-extensions = ['apps-menu@gnome-shell-extensions.gcampax.github.com', 'window-list@gnome-shell-extensions.gcampax.github.com', 'topIcons@adel.gadllah@gmail.com', 'shutdown-helper@tails.boum.org']
favorite-apps=['tor-browser.desktop', 'icedove.desktop', 'pidgin.desktop', 'keepassx.desktop', 'gnome-terminal.desktop']
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment