1. 22 Nov, 2015 1 commit
  2. 09 Aug, 2015 5 commits
  3. 08 Aug, 2015 2 commits
    • anonym's avatar
      Fix typo · 13018992
      anonym authored
      13018992
    • anonym's avatar
      Generate localized Wikipedia search engine plugins. · 392eb593
      anonym authored
      The new (ESR38) search bar only shows icons, which is problematic when
      we want to include several locales of some search engine at the same
      time, like Wikipedia (we want to include English in non-English
      locales). Now we also generate localized Wikipedia search engine
      plugin icons, which has an indicator of which language is used (by
      language code) which should mitigate this.
      
      Will-fix: #9955
      392eb593
  4. 29 Jul, 2015 1 commit
    • intrigeri's avatar
      Revert inclusion of syslinux:amd64 in the ISO. · ac29b779
      intrigeri authored
      It was introduced (#9381) for reasons that ended up being wrong (#9594).
      
      Here, we also remove amd64 APT sources and dpkg's support for amd64 as a foreign
      architecture. We'll need them again when we want to ship Linux 4.x, but once
      we're there we can perhaps enable amd64 sources only for selected APT
      repositories, to avoid re-introducing #9381.
      
      Reverts:
      e9d2e345
      181c6d26
      e1d331aa
      
      Will-fix: #9748
      ac29b779
  5. 19 Jul, 2015 1 commit
    • intrigeri's avatar
      Don't ship a bunch of AppArmor profiles we don't use. · 8c64a016
      intrigeri authored
      These profiles come from the apparmor-profiles package, and we don't ship the
      corresponding executables. The goal here is to avoid increasing boot time.
      Note that they are installed in complain mode by default anyway.
      
      Will-fix: #9757
      8c64a016
  6. 12 Jun, 2015 1 commit
  7. 28 May, 2015 1 commit
    • intrigeri's avatar
      Don't ship the snakeoil SSL key pair generated by ssl-cert in the ISO. · 6d899412
      intrigeri authored
      Not only this introduces needless variations between ISO images built from the
      same source (hence blocks deterministic builds), but there's a risk that some
      package (either one we already ship, or one that we ship some day, or one that
      users install themselves) actually use this pair of SSL keys on the Internet,
      which is wrong since the private key material is public.
      
      Note that:
      
       * We run update-ca-certificates after deleting the snakeoil SSL certificate,
         to ensure it's not included in /etc/ssl/certs/ca-certificates.crt.
       * We make sure we delete all symlinks pointing to the SSL snakeoil certificate
         or key, because it avoids having to understand what symlinks are created
         on current Debian, and to track any future changes in this area.
      
      Will-fix: #9416
      6d899412
  8. 16 May, 2015 1 commit
  9. 07 May, 2015 5 commits
    • anonym's avatar
      7bc41142
    • anonym's avatar
      Move variable to the top, for better exposure. · a4d9ff2a
      anonym authored
      a4d9ff2a
    • anonym's avatar
      Merge another script. · 73985ed0
      anonym authored
      73985ed0
    • anonym's avatar
      Merge script. · c0407019
      anonym authored
      c0407019
    • anonym's avatar
      Completely rework how we localize our browser. · 4a6fc859
      anonym authored
      Previously these parts have been spread out in several, heavily
      coupled hooks and static configurations, making it very hard to get an
      overview of how it all actually works. Now we instead do everything in
      one place, and generate things programatically as much as possible,
      which makes supporting another locale much simpler (just adding a
      single line with a few pieces of needed info!). Consequently this
      commit also adds better localization for every locale supported by the
      Tor Browser (added: ar, es, fa, ko, nl, pl, ru, tr, vi and zh_CN)
      instead of the euro-centric (w.r.t. actually adding localization) ones
      we had picked before. Also, we'll get build level errors for many
      types of errors, so they're caugt early.
      
      This commit may seem like a gigantic, non-atomic beast, but splitting
      it would be hard, and it actually mostly removes stuff. Its design is
      simple: We have a description file that, for each supported Tor
      Browser locale, has the extra pieces of info needed, like the
      localized name of the language, the parameters needed for certain
      search engines etc. Then we apply them to:
      
      * a templates for the amnesia branding locale file, and put in the
        relevant values there so the default search engine is selected, the
        correct spellchecker (if installed) is pre-selected, and our
        homepage is localized (if supported).
      
      * a template for each of the search engines we want to localize
        (currently Start Page and Disconnect.me -- we could do Google but
        most (all?) locales get a localized one from the Iceweasel
        localization packages) and generate localized ones.
      
      Also, following the Tor Browser's recent switch, we now use
      Disconnect.me as the default search engine, although we localize it
      for each supported locale.
      
      Will-fix: #9309
      4a6fc859
  10. 28 Apr, 2015 1 commit
  11. 01 Apr, 2015 1 commit
    • anonym's avatar
      Install Tor Browser's bundled Torbutton instead of custom .deb. · 402c5834
      anonym authored
      As of Torbutton 1.9.1.0 our extensions.torbutton.test_enabled pref is
      part of upstream, so we don't have to maintain our custom .deb any
      more! Note that we still patch our custom Torbutton with
      0001-restore-status-panel-on-ff4.patch (inherited from Debian's
      packaging) but it seems irrelevant for Tails.
      402c5834
  12. 24 Mar, 2015 1 commit
    • anonym's avatar
      Wrap syndaemon to always use -t (Will-fix: #9011). · 430709a8
      anonym authored
      Without the -t option, which makes syndaemon only disable tapping and
      scrolling and not mouse movements, florence is unusable when syndaemon
      is running. In Wheezy, GNOME invokes syndaemon without -t, and the
      option it passes are hardcoded, so we're forced to do this ugly
      workaround, which luckily can be removed once we're based on Jessie
      since -t is passed then. For details, see #9011.
      430709a8
  13. 17 Mar, 2015 1 commit
  14. 06 Mar, 2015 2 commits
  15. 02 Mar, 2015 2 commits
  16. 20 Feb, 2015 1 commit
  17. 15 Feb, 2015 1 commit
  18. 10 Feb, 2015 1 commit
    • Tails developers's avatar
      Run Tor Launcher in an unconfined Firefox. · 8adcfc21
      Tails developers authored
      Running Tor Launcher with the same AppArmor profile as Tor Browser would force
      us to open that profile too broadly. E.g. it requires the ability to run
      dbus-daemon, to give an idea.
      
      Given:
      
       * Tor Launcher runs as a dedicated user
       * Tor Launcher runs very early, at a time when the user likely isn't doing
         anything sensitive to X keystrokes sniffing etc., and closes immediately
         after Tor is ready
       * Tor Launcher offers a very limited set of functionality
      
      => it seems safe enough to run it unconfined, at least for now.
      8adcfc21
  19. 05 Feb, 2015 4 commits
  20. 19 Jan, 2015 1 commit
    • Tails developers's avatar
      Switch to tor+http:// APT sources at boot time instead of at build time (Will-Fix: #8715). · 716fd0b7
      Tails developers authored
      live-build expects to be the only one that manages APT sources.
      Since feature/8194-APT-socks was merged, we're breaking this assumption of its,
      by mangling APT sources under live-build's feet via chroot_local-hooks.
      
      More specifically, if:
      
       * $LB_MIRROR_CHROOT != $LB_MIRROR_BINARY or
         $LB_MIRROR_CHROOT_SECURITY != $LB_MIRROR_BINARY_SECURITY,
         as is the case when building with Vagrant or when following our manual
         build setup instructions accurately (live-build defaults to
         ftp.de.debian.org for some of its APT configuration),
      
      or:
      
       * one has dropped .deb's in config/chroot_local-packages, as contributors
         without write access to our APT repository may want to do,
      
      then after completing the chroot_local-hooks stage, lb_chroot_sources would
      rewrite APT sources to match what we have previously configured (see the check
      at lines 490-498 in live-build 2.x tree), and therefore the ISO image would have
      http:// URLs configured instead of the expected tor+http://.
      
      Therefore, let's mangle APT sources configuration at boot time instead.
      716fd0b7
  21. 04 Jan, 2015 3 commits
  22. 07 Dec, 2014 1 commit
  23. 30 Nov, 2014 1 commit
  24. 03 Nov, 2014 1 commit