1. 18 Jun, 2019 1 commit
  2. 06 Jun, 2019 1 commit
  3. 24 May, 2019 1 commit
  4. 20 May, 2019 1 commit
    • Cyril 'kibi' Brulebois's avatar
      Fix FTBFS with tagged 3.14 snapshots, due to procmail. · 4843ce77
      Cyril 'kibi' Brulebois authored
      procmail is listed with packages said to be “Priority: standard” but
      it's only “Priority: optional” in stretch. With monkeysphere going away
      (in 2cee7949), this package is no longer
      pull and no longer visible in tagged snapshots, which leads to this
      FTBFS:
      
          E: Unable to locate package procmail
          E: config/chroot_local-hooks/98-remove_unwanted_packages failed (exit non-zero). You should check for errors.
      
      Hotfix for 3.14: switch to mutt-style removal, and trigger a purge for
      procmail only if it's (known and) installed.
      4843ce77
  5. 26 Apr, 2019 1 commit
  6. 20 Apr, 2019 1 commit
  7. 11 Apr, 2019 1 commit
  8. 10 Apr, 2019 1 commit
  9. 08 Apr, 2019 4 commits
  10. 04 Apr, 2019 1 commit
  11. 18 Mar, 2019 3 commits
    • intrigeri's avatar
      Don't install the standard X.Org fonts. · 6212b5cc
      intrigeri authored
      We probably don't use them anywhere.
      6212b5cc
    • intrigeri's avatar
      Don't fail the build if Tor Browser supports new locales that we don't ship a... · e015382a
      intrigeri authored
      Don't fail the build if Tor Browser supports new locales that we don't ship a spellchecking dictionary for (refs: #15807)
      
      We're not trying to ship spellcheckers for every language Tor Browser
      ships a language pack for: we only include spellchecking dictionaries
      for tier-1 supported languages. So let's drop the need to maintain
      $NO_SPELLCHECKER_LOCALES and the code that would encourage developers
      to install new spellchecking dictionaries.
      e015382a
    • intrigeri's avatar
      Install l10n support packages for all tier-1 supported languages, and only those (refs: #15807) · f5391c2b
      intrigeri authored
      I'm using the list of tier-1 supported languages proposed on #15807#note-22:
      
       - Arabic - AR
       - German - DE
       - English - EN
       - Spanish - ES
       - Farsi - FA
       - French - FR
       - Italian - IT
       - Portuguese - PT-BR
       - Russian - RU
       - Turkish - TR
       - Simplified Chinese - zh-CN
      
      … and applying to Thunderbird, LibreOffice, and spellchecker dictionaries.
      
      Exceptions:
      
       - I'm keeping hunspell-vi because we've been installing it so far, Vietnamese
         is one of our strong candidates, and even if one installs it manually, it's
         not available in Tor Browser (refs: #16571)
      
       - There's no Farsi l10n package for Thunderbird (thunderbird-l10n-fa).
      f5391c2b
  12. 16 Mar, 2019 1 commit
  13. 13 Mar, 2019 1 commit
  14. 28 Jan, 2019 1 commit
  15. 24 Jan, 2019 1 commit
    • intrigeri's avatar
      Preserve setuid & setgid bits when giving files back to their renumbered owner (refs: #16383) · 7dd2850e
      intrigeri authored
      chown(1) and chgrp(1) rely on the chown(2) system call, which clears setuid,
      setgid, and friends (capabilities, ACLs, etc.).
      
      So when commit:02da4779 started
      running chgrp on files owned by the messagebus group,
      /usr/lib/dbus-1.0/dbus-daemon-launch-helper lost its setuid bit,
      which broke setting up a printer in Tails 3.12~rc1.
      
      This commit fixes this, by ensuring we don't lose the setuid & setgid bits along
      the way anymore.
      
      Note that the storage stack that backs our root filesystem supports neither
      extended attributes (getfattr/setfattr), nor Linux filesystem
      attributes (lsattr/chattr), nor file capabilities (getcap/setcap), nor ACLs.
      On the one hand it's too bad, e.g. the lack of support for capabilities is the
      reason why /bin/ping is setuid root on Tails but not on the average Debian
      system. OTOH it makes it vastly easier to fix this bug: the only thing we need
      to restore here is basic Unix DAC permissions.
      7dd2850e
  16. 19 Jan, 2019 1 commit
    • anonym's avatar
      Don't reference packages that we _never_ install. · 02697edc
      anonym authored
      That fails when we use tagged snapshots, since such packages doesn't
      exist which makes apt-get bail out.
      
      I'd rather remove the affected apt-get call, but I wonder if that
      could have consequences, so I'll open a ticket about what to do
      instead.
      02697edc
  17. 12 Jan, 2019 2 commits
    • intrigeri's avatar
      Mount a dedicated tmpfs on /run/initramfs instead of trying to remount /run... · 290620df
      intrigeri authored
      Mount a dedicated tmpfs on /run/initramfs instead of trying to remount /run with the "exec" option (refs: #16097).
      
      My previous approach, i.e. "let's remount /run with the exec option via a unit
      file started as part of the shutdown procedure", worked just fine for clean
      shutdown. But it does not work for emergency shutdown, i.e. when the boot medium
      is physically removed: for some reason (possibly missing bits in the memlockd
      configuration), this service is not started, and then systemd-shutdown won't
      return to the initramfs because /run/initramfs/shutdown is not executable.
      
      So let's instead disregard /run and extract the initramfs into a dedicated
      tmpfs, that we mount on /run/initramfs (where systemd-shutdown will look for
      it), and that we mount without the "noexec" option.
      
      Also, remove manual calls to eject(1):
      
       - They increase chances that the shutdown process breaks due to missing
         files locked in memory by memlockd.
      
       - Their sole benefit is to ensure we physically eject the DVD. It's unclear if
         this code is still needed nowadays. Regardless, starting with Tails 3.12, the
         only supported use case for ISO and DVD is virtual machines, which are not
         targeted by the emergency shutdown feature, which is about removing the
         *physical* boot medium.
      290620df
    • intrigeri's avatar
      Really wrap Totem with torsocks when it's started as a D-Bus service. · 07e0cbed
      intrigeri authored
      The fix from 24f2ccd7 did not do anything (anymore?) as the Exec= line
      in this D-Bus service file passes the --gapplication-service option,
      so the regexp would not match. As a result, Totem started from the
      Applications menu was not torified, and could not open web URLs.
      This was not spotted earlier because our test suite runs Totem
      from a terminal, bypassing any .desktop of D-Bus .service file.
      07e0cbed
  18. 10 Jan, 2019 1 commit
    • intrigeri's avatar
      Fix memory erasure on shutdown with systemd v239 (refs: #16097). · 634e5a6d
      intrigeri authored
      Remounting /run with the "exec" option in /lib/systemd/system-shutdown/tails
      does not work anymore with systemd v239, while it worked at least until systemd
      v237. I could not find out why by reading systemd's NEWS file.
      
      So let's instead do this there:
      
       - For clean shutdown: in a new, dedicated service, started immediately before
         final.target, which itself is a synchronization point that ensures this
         service is started before the transition to systemd-shutdown and in turn to
         the initramfs, where we finish the unmounting and other clean ups needed to
         erase the memory.
      
       - For emergency shutdown: in the udev watchdog script, before calling the
         unclean shutdown code, which bypasses final.target and thus won't run
         tails-remount-run-exec.service. Too bad we have to duplicate this mount
         command but it seems that both instances will become unnecessary quickly
         enough, once systemd DTRT™. Another way would be to manually start
         tails-remount-run-exec.service from the udev watchdog script but I'm
         concerned it will be unreliable when the boot medium has been unplugged.
      634e5a6d
  19. 08 Jan, 2019 1 commit
    • m3hm00d's avatar
      Better separation of output, logic, and library functions · d4d5d8a5
      m3hm00d authored
      1. 51-update-bash.bashrc:
      - Add comment to '/etc/bashrc' ('The following code is added by XYZ
      script').
      - Removal of OPTS_FILE variable.
      
      2. replace-su-with-sudo.sh:
      - Updated comment to better describe the role of this script.
      - Moved output stuff to '/usr/local/bin/replace-su-with-sudo'.
      - Moved translation stuff to '/usr/local/bin/replace-su-with-sudo'.
      - 'su' function will now simply call the 'replace-su-with-sudo' script.
      
      3. replace-su-with-sudo:
      - Created new script
      - It handles the logic and output (with translation) of 'Please use sudo
      instead' message.
      
      4. tails_is_password_set.py
      - Moved from /usr/local/bin/ to /usr/local/lib/python3/dist-packages/
      - Removed main() function. This file is now just a library; not meant to
      be executed as a standalone script.
      
      5. 'POTFILES.in' and 'refresh-translations':
      - Modified to accommodate the changes made in 'replace-su-with-sudo.sh'
      and 'replace-su-with-sudo'.
      d4d5d8a5
  20. 06 Jan, 2019 1 commit
  21. 03 Jan, 2019 1 commit
  22. 23 Dec, 2018 1 commit
    • m3hm00d's avatar
      Update bash.bashrc at runtime to disable su. (refs: #15583) · baec650a
      m3hm00d authored
      1. '51-update-bash.bashrc' appends bash.bashrc to source additional
      settings/aliases from scripts in '/etc/bash.bashrc.d/'.
      
      2. 'replace-su-with-sudo.sh' adds a function named 'su' for users other
      than root. This function disables the usage of 'su'.
      baec650a
  23. 10 Dec, 2018 1 commit
    • m3hm00d's avatar
      A new helper script to determine if a user's password is set or not. · 9bf14fda
      m3hm00d authored
      1. Created a helper script 'tails_is_password_set.py'. It contains a
      single function at this time, 'is_password_set', which returns a boolean
      depending on whether the current user's password is set or not.
      
      2. Modified tails-screen-locker to use the new helper script.
      
      3. Deleted '51-replace_su_with_sudo' hook. An alternative solution was
      recommended by intrigeri to resolve bug#15583. The new solution will be
      implemented in future commits.
      9bf14fda
  24. 07 Dec, 2018 1 commit
    • Faisal Mehmood's avatar
      Disable usage of su and ask the user to use sudo instead (refs:15583) · a142f2e2
      Faisal Mehmood authored and intrigeri's avatar intrigeri committed
      This commit contains a new chroot hook file. The hook, upon execution by
      live-build, will add a function 'su' to '/etc/bash.bashrc'. The
      function 'su' is supposed to intercept calls to 'su' and take these
      steps:
      
      1. Ask the user to set the administration password, if not already
      set.
      2. Ask the user to use sudo instead of su.
      a142f2e2
  25. 27 Nov, 2018 1 commit
  26. 17 Nov, 2018 1 commit
  27. 06 Nov, 2018 1 commit
  28. 16 Oct, 2018 2 commits
  29. 10 Oct, 2018 5 commits
    • intrigeri's avatar
      Document how to fix t-p-s UID/GID being already in use. · 62696d67
      intrigeri authored
      … in case this happens again.
      62696d67
    • intrigeri's avatar
      Drop useless and buggy special-casing of the t-p-s user. · 85b3002b
      intrigeri authored
      Commit 3682fde3 got this wrong in two ways:
      
      1. The goal was to *free* the UID+GID that *will* be used by the t-p-s user
         once 05-adduser_tails-persistence-setup creates it; that commit
         instead attempts to change the UID+GID of that not-yet-existing user.
      
      2. typo ("tails-persistent-setup" instead of "tails-persistence-setup")
      
      So this code has been a no-op for a while, which shows we don't need it.
      If we ever need again to free t-p-s's UID (115) or GID (122), then we
      can do that with the generic mechanism we now use for every other user & group,
      i.e. by moving the "stealer" to some other UID/GID.
      85b3002b
    • intrigeri's avatar
      1b697397
    • intrigeri's avatar
      Fix more GIDs (refs: #16036). · 02da4779
      intrigeri authored
      The latest udev backport creates a kvm group, which shifts all following GIDs.
      02da4779
    • intrigeri's avatar
      Display more info when changing GIDs or UIDs fail, to ease debugging (refs: #16036). · df74f3b9
      intrigeri authored
      Previously we would only display something along the lines of:
      
        groupmod: GID '112' already exists
        E: config/chroot_local-hooks/04-change-gids-and-uids failed (exit non-zero). You should check for errors.
      
      … and then the only way to debug the build failure and to find out what to do to
      fix it was to retry the build in "rescue" mode. Let's save ourselves some time
      by directly providing the info developers will need to fix the problem.
      df74f3b9