Detect earlier in the dev process if we're breaking automatic upgrades (#15419) · Issues · tails / tails

Detect earlier in the dev process if we're breaking automatic upgrades

Originally created by @intrigeri on #15419 (Redmine)

At least twice we had to disable automatic upgrade paths because they would create a broken Tails system:

upgrading to 3.0.1 (#13426 (closed))
upgrading to 3.6

The first time this happened we added a manual test (eca3d100) to ensure we would detect that during our QA. But as 3.6 shows, this was not enough to avoid releasing something broken so let’s ensure we detect such matters as early as possible, before we’ve invested too much time into QA: this will increase the chances we have time to fix the problem and release something that can be upgraded to automatically.

My plan has three parts:

Implement something that checks the UID and GID of the debian-tor user at ISO build time and aborts the build if any of them has changed. This is what this ticket is about. I’ll do the same for the Upgrader’s users as I suspect they might be affected by the same problem.
Find out what’s going on with Exim: it’s been involved in this problem twice and I think we could do something cheap in order to decrease the chances such problems happen. That’s #15418 (closed) and the follow-up is #15690 (closed).
Implement a better solution in Tails 4.0, needed, depending on the timing of #8415 (closed) vs. #15281 (closed). See #15407 (closed) for details.

Feature Branch: bugfix/15419-detect-uid-and-gid-changes

Related issues

Related to #15407 (closed)
Related to #15418 (closed)
Related to #15424 (closed)
Blocks #15690 (closed)
Blocked by #15695 (closed)

_Originally created by @intrigeri on [#15419 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/15419)_

At least twice we had to disable automatic upgrade paths because they
would create a broken Tails system:

- upgrading to 3.0.1 (tails/tails#13426)
  - upgrading to 3.6

The first time this happened we added a manual test
(eca3d1001236570cc6a26fd2a961710a0e151ca2) to ensure we would
detect that during our QA. But as 3.6 shows, this was not enough to
avoid releasing something broken so let’s ensure we detect such matters
as early as possible, before we’ve invested too much time into QA: this
will increase the chances we have time to fix the problem and release
something that can be upgraded to automatically.

My plan has three parts:

1.  Implement something that checks the UID and GID of the `debian-tor`
    user at ISO build time and aborts the build if any of them has
    changed. This is what this ticket is about. I’ll do the same for the
    Upgrader’s users as I suspect they might be affected by the same
    problem.
2.  Find out what’s going on with Exim: it’s been involved in this
    problem twice and I think we could do something cheap in order to
    decrease the chances such problems happen. That’s tails/tails#15418 and the
    follow-up is tails/tails#15690.
3.  Implement a better solution in Tails 4.0, needed, depending on the
    timing of tails/tails#8415 vs. tails/tails#15281. See tails/tails#15407 for details.

Feature Branch: bugfix/15419-detect-uid-and-gid-changes

### Related issues

- **Related to** tails/tails#15407
  - **Related to** tails/tails#15418
  - **Related to** tails/tails#15424
  - **Blocks** tails/tails#15690
  - [x] **Blocked by** tails/tails#15695

Edited May 15, 2020 by intrigeri

Discussion
Designs

The one place for your designs

To enable design management, you'll need to meet the requirements. If you need help, reach out to our support team for assistance.