1. 10 Feb, 2015 1 commit
    • Tails developers's avatar
      Run Tor Launcher in an unconfined Firefox. · 8adcfc21
      Tails developers authored
      Running Tor Launcher with the same AppArmor profile as Tor Browser would force
      us to open that profile too broadly. E.g. it requires the ability to run
      dbus-daemon, to give an idea.
      
      Given:
      
       * Tor Launcher runs as a dedicated user
       * Tor Launcher runs very early, at a time when the user likely isn't doing
         anything sensitive to X keystrokes sniffing etc., and closes immediately
         after Tor is ready
       * Tor Launcher offers a very limited set of functionality
      
      => it seems safe enough to run it unconfined, at least for now.
      8adcfc21
  2. 09 Feb, 2015 1 commit
  3. 06 Feb, 2015 4 commits
  4. 05 Feb, 2015 18 commits
  5. 02 Feb, 2015 1 commit
  6. 22 Jan, 2015 2 commits
  7. 19 Jan, 2015 2 commits
    • Tails developers's avatar
    • Tails developers's avatar
      Switch to tor+http:// APT sources at boot time instead of at build time (Will-Fix: #8715). · 716fd0b7
      Tails developers authored
      live-build expects to be the only one that manages APT sources.
      Since feature/8194-APT-socks was merged, we're breaking this assumption of its,
      by mangling APT sources under live-build's feet via chroot_local-hooks.
      
      More specifically, if:
      
       * $LB_MIRROR_CHROOT != $LB_MIRROR_BINARY or
         $LB_MIRROR_CHROOT_SECURITY != $LB_MIRROR_BINARY_SECURITY,
         as is the case when building with Vagrant or when following our manual
         build setup instructions accurately (live-build defaults to
         ftp.de.debian.org for some of its APT configuration),
      
      or:
      
       * one has dropped .deb's in config/chroot_local-packages, as contributors
         without write access to our APT repository may want to do,
      
      then after completing the chroot_local-hooks stage, lb_chroot_sources would
      rewrite APT sources to match what we have previously configured (see the check
      at lines 490-498 in live-build 2.x tree), and therefore the ISO image would have
      http:// URLs configured instead of the expected tor+http://.
      
      Therefore, let's mangle APT sources configuration at boot time instead.
      716fd0b7
  8. 18 Jan, 2015 1 commit
  9. 16 Jan, 2015 4 commits
  10. 14 Jan, 2015 5 commits
  11. 13 Jan, 2015 1 commit