Updates for Debian 13 (Trixie)

This issue lists small updates that we have to do every time we upgrade to the next version of Debian, but that don't each deserve a dedicated issue.

Every time

• git grep -i trixie
• git grep -i bookworm
• config/chroot_local-includes/usr/share/tails/apt/*.sources
• config/chroot_local-includes/lib/live/config/1500-reconfigure-APT
• config/ci/needed-package-updates.yml: distribution value
• Remove obsolete entries from config/ci/needed-package-updates.yml
• Python version for developer tools: git grep -E '(target-version|py3)'
• Ruby version for Rubocop: git grep TargetRubyVersion
• config/chroot_apt/preferences: remove obsolete APT pinning
• config/chroot_local-includes/etc/initramfs-tools/hooks/add_modules
  • Update comment
  • Update arguments passed to auto_add_modules
• config/chroot_local-packageslists/tails-000-standard.list
  • Refresh this list based on the output of tasksel --task-packages standard | sort, run in a clean Debian system running the new version of Debian (e.g. a debootstrap chroot)
    • 1 first time when starting the port to next Debian release
    • 1 last time once that Debian release is frozen or closed to being released
• config/chroot_local-includes/usr/share/tails/build/flatpak/org.boum.tails.Platform/metadata: check if it's worth syncing with the metadata for the freedesktop-sdk it was based on
• Custom GNOME Shell extensions: declare compatibility with new GNOME Shell
  • Update shell-version in config/chroot_local-includes/usr/share/gnome-shell/extensions/*@tails.boum.org/metadata.json
• Update GNOME Shell extensions imported straight from upstream into our Git tree
  • config/chroot_local-includes/usr/share/gnome-shell/extensions/
• config/chroot_local-includes/usr/share/gnome-shell/modes/gdm-tails.json
  • This file is a hybrid between classic.json (meant for a regular GNOME Classic user session) and the gdm mode in js/ui/sessionMode.js (from GNOME Shell’s source tree).
  • The goal here is to synchronize our file with upstream changes.
• Ensure Jenkins tests the branch for build reproducibility
  • tails/puppet-code!36
• Compare .packages with current stable
  • 1 first time once the branch builds
  • 1 last time once we're close to beta/RC state
• Review the Journal
  • 1 first time once the branch builds
  • 1 last time once we're close to beta/RC state
• Compare images size with current stable
  • 1 first time once the branch builds
    • → Trixie images are 12% bigger than 6.x (#21006 - closed)
  • 1 last time once we're close to beta/RC state
• Compare boot time of defaultcomp builds, after updating the SquashFS sort file, vs. current stable release
  • 1 first time once the branch builds
  • 1 last time once we're close to beta/RC state
• Check if the LUKS2 PBKDF used for Persistent Storage is still the best option
  • It's hard-coded since !1120 (diffs)
• Look for unsafe modifications of @INC in all the Perl code included in the built image:
  • sudo rg --word-regexp --glob='*.pm' INC from the root of the mounted SquashFS
• Schedule an iteration of Periodically strace programs run in privileged ... (#20819): set the X.0 milestone
• Create an issue to do the same when we upgrade to the next Debian

Specific to this iteration

• Check if we can remove these kludges:
  • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036691: config/chroot_local-includes/usr/share/applications/org.onionshare.OnionShare.desktop and config/chroot_local-includes/usr/share/icons/org.onionshare.OnionShare.svg
• /etc/default/locale → /etc/locale.conf (cf. systemd (253~rc2-1)'s NEWS.Debian)