New ASP code disables pre-existing live-additional-software.conf after upgrade (#15781) · Issues · tails / tails

New ASP code disables pre-existing live-additional-software.conf after upgrade

Originally created by @intrigeri on #15781 (Redmine)

I’ve tried upgrading a USB stick that already had a persistent volume, using an ISO built from from the topic branch. When rebooting after the upgrade:

my old (empty) live-additional-software.conf was disabled, because it has was created on Tails 3.8 with 600 permissions;
a new live-additional-software.conf file is created, also with 600 permissions, so the ASP config GUI won’t start and I believe that file will itself be disabled on next boot.

The only way to recover from this situation is to manually chmod 644 the file (as root, on the command line).

We can’t merge a branch aimed at improving ASP if it fully breaks the feature for everyone who already had a persistent volume (regardless of whether they were using ASP or not), hence the High priority.

I believe 636fde21 is the culprit. It’s kinda funny to disable a file with perms 600, stating that it “has unsafe access rights”, because we now expect — and need — more relaxed permissions :)

I recommend the following:

if the file has permissions 644 and the expected ownership and ACLs, fine, leave it alone
else, if the file has permissions 600 and the expected ownership and ACLs, then make it 644
else, disable the file

Feature Branch: bugfix/15781-asp-cofiguration-file-migration

Parent Task: #14568 (closed)

_Originally created by @intrigeri on [#15781 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/15781)_

I’ve tried upgrading a USB stick that already had a persistent volume,
using an ISO built from from the topic branch. When rebooting after the
upgrade:

1.  my old (empty) `live-additional-software.conf` was disabled, because
    it has was created on Tails 3.8 with 600 permissions;
2.  a new `live-additional-software.conf` file is created, also with 600
    permissions, so the ASP config GUI won’t start and I believe that
    file will itself be disabled on next boot.

The only way to recover from this situation is to manually chmod 644 the
file (as root, on the command line).

We can’t merge a branch aimed at improving ASP if it fully breaks the
feature for everyone who already had a persistent volume (regardless of
whether they were using ASP or not), hence the High priority.

I believe 636fde21d3920c15b977dfed68dcf76c1bcb1d85 is the
culprit. It’s kinda funny to disable a file with perms 600, stating that
it “has unsafe access rights”, because we now expect — and need — more
*relaxed* permissions :)

I recommend the following:

- if the file has permissions 644 and the expected ownership and ACLs,
    fine, leave it alone
  - else, if the file has permissions 600 and the expected ownership and
    ACLs, then make it 644
  - else, disable the file

Feature Branch: bugfix/15781-asp-cofiguration-file-migration

Parent Task: tails/tails#14568

Edited May 15, 2020 by intrigeri

Discussion
Designs

The one place for your designs

To enable design management, you'll need to meet the requirements. If you need help, reach out to our support team for assistance.