1. 02 Sep, 2019 6 commits
  2. 31 Aug, 2019 8 commits
    • intrigeri's avatar
      Improve comments. · edc71c6f
      intrigeri authored
      I.e. integrate as code comments all the relevant explanations
      that were in commit messages, in the previous non-squashed branch
      for refs: #12092.
      edc71c6f
    • segfault's avatar
    • intrigeri's avatar
      Fix unlocking the screen. · 6c8cd784
      intrigeri authored
      6c8cd784
    • intrigeri's avatar
      Make Spice file transfer reliable. · 76b5e6e9
      intrigeri authored
      This fixes a race condition¹ that sometimes causes Spice file transfers to not
      be available; I've seen this problem happen in the Journal saved by some test
      suite runs.
      
      Here, we apply the upstream fix² which was included in the spice-vdagent 0.19.0
      release. Once we start building Tails based on Buster, this patch will fail to
      apply, because the changes it brings are already applied, which will hint us
      that we can remove it.
      
      [1] https://bugzilla.redhat.com/show_bug.cgi?id=1623947
      [2] https://lists.freedesktop.org/archives/spice-devel/2018-September/045511.html
      76b5e6e9
    • intrigeri's avatar
      Enable GDM debug logs (refs: #12092). · 0358ae20
      intrigeri authored
      In case the branch for #12092 introduces regressions, we'll need debug logs to
      understand when/why GDM switches VTs or $DISPLAY, and when it activates its own
      logind session.
      
      This will be reverted in refs: #17011.
      0358ae20
    • intrigeri's avatar
    • intrigeri's avatar
      Terminate GDM's GNOME session after the amnesia user logs in, in order to free... · 9e6df451
      intrigeri authored
      Terminate GDM's GNOME session after the amnesia user logs in, in order to free memory (refs: #12092)
      
      I've heard rumors that we can drop this hack when we switch to Wayland (#12213).
      We'll see :)
      
      We kill it as part of desktop.target, i.e. during the "Applications" phase of
      the initialization of the GNOME session. We cannot do this earlier reliably:
      
       - basic.target is started by "systemd --user" for almost every command run as
         the amnesia user and may thus be triggered too early, at a time when we still
         need GDM's processes.
      
       - If we do this as part of basic.target, it sometimes happens before amnesia's
         X.Org has started, and sometimes after that, which causes racy behaviour,
         weird bugs, and amnesia's $DISPLAY can be either :0 or :1, which breaks our
         code that relies on that value to be always the same.
      
      We're in no rush to kill GDM's GNOME session super early anyway.
      
      Note that we keep GDM running while we kill its GNOME session,
      otherwise, the amnesia user can't unlock the screen:
      
        Failed to open reauthentication channel: Gio:DBusError:
        GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name
        org.gnome.DisplayManager was not provided by any .service files
      
      Also, we ensure gdm-session-worker does not start new sessions once the amnesia
      user has logged in, which should hopefully prevent GDM from activating
      such a session while we want the amnesia's user session to remain active.
      9e6df451
    • segfault's avatar
      Update OnionShare AppArmor profile (refs: #16914) · c22e6fa5
      segfault authored
      OnionShare fails to open the URL providing more information about
      Stealth Onion Services. The added AppArmor rules allow executing
      xdg-open and dependencies to fix this.
      
      Edited by intrigeri:
      
       - Remove unnecessary permission to execute cut, head, awk, mawk, sed, tr, and
         xdg-mime.
       - Add missing permission to execute gio-launch-desktop.
      c22e6fa5
  3. 30 Aug, 2019 3 commits
  4. 28 Aug, 2019 1 commit
  5. 26 Aug, 2019 2 commits
  6. 25 Aug, 2019 7 commits
  7. 24 Aug, 2019 1 commit
  8. 23 Aug, 2019 2 commits
    • intrigeri's avatar
    • intrigeri's avatar
      tails-unblock-network: only sleep until all-net-blacklist.conf is gone (refs: #16805) · 1527d3c0
      intrigeri authored
      Sleeping 5 seconds unconditionally harms UX.
      
      The assumption here is that:
      
       - #9012 was caused by an aufs bug that somehow affects how udev (and the
         kernel?) monitor /etc/modprobe.d/, and make them need time until they notice
         that all-net-blacklist.conf was deleted.
      
       - The same bug would also affect the "-e" test done by the shell this script
         runs under. That is, it would affect essentially any process that accesses
         /etc/modprobe.d/.
      
       - So for example, this bug can't be "the inode number of /etc/modprobe.d
         changed between the time udev started monitoring it, and the time we trigger
         a replay of the kernel 'add' events". According to the aufs documentation,
         inode numbers can change when using the noxino mount option, which we do,
         and actually that's been one of my primary suspects when investigating
         #9012.
      1527d3c0
  9. 19 Aug, 2019 5 commits
  10. 16 Aug, 2019 4 commits
  11. 15 Aug, 2019 1 commit