Commit 02beb054 authored by Cyril 'kibi' Brulebois's avatar Cyril 'kibi' Brulebois
Browse files

Merge branch 'web/release-4.9' (Closes: #17833)

Conflicts:
	wiki/src/contribute/how/documentation/release_notes/template.mdwn
parents 1738cc3e 66fd7dfe
...@@ -155,7 +155,7 @@ if [ -d "$WORKAROUNDS_SRC" ]; then ...@@ -155,7 +155,7 @@ if [ -d "$WORKAROUNDS_SRC" ]; then
fi fi
echo "I: Building ISO image ${BUILD_ISO_FILENAME}..." echo "I: Building ISO image ${BUILD_ISO_FILENAME}..."
time lb build noauto ${@} time lb build noauto "${@}"
[ -e binary.iso ] || fatal "lb build failed ($?)." [ -e binary.iso ] || fatal "lb build failed ($?)."
echo "I: ISO image was successfully created" echo "I: ISO image was successfully created"
......
...@@ -10,7 +10,7 @@ for dir in chroot/{dev/pts,proc,sys,var/lib/dpkg} ; do ...@@ -10,7 +10,7 @@ for dir in chroot/{dev/pts,proc,sys,var/lib/dpkg} ; do
fi fi
done done
lb clean noauto ${@} lb clean noauto "${@}"
# rm -f build-*.log # rm -f build-*.log
......
...@@ -91,7 +91,7 @@ export LB_BOOTSTRAP_INCLUDE="gnupg" ...@@ -91,7 +91,7 @@ export LB_BOOTSTRAP_INCLUDE="gnupg"
RUN_LB_CONFIG="lb config noauto" RUN_LB_CONFIG="lb config noauto"
# init config/ with defaults for the target distribution # init config/ with defaults for the target distribution
$RUN_LB_CONFIG --distribution buster ${@} $RUN_LB_CONFIG --distribution buster "${@}"
# set up everything for time-based snapshots: # set up everything for time-based snapshots:
if [ -n "${APT_SNAPSHOTS_SERIALS:-}" ]; then if [ -n "${APT_SNAPSHOTS_SERIALS:-}" ]; then
...@@ -159,7 +159,7 @@ $RUN_LB_CONFIG \ ...@@ -159,7 +159,7 @@ $RUN_LB_CONFIG \
--syslinux-splash data/splash.png \ --syslinux-splash data/splash.png \
--syslinux-timeout 4 \ --syslinux-timeout 4 \
--initramfs=live-boot \ --initramfs=live-boot \
${@} "${@}"
install -d config/chroot_local-includes/etc/amnesia/ install -d config/chroot_local-includes/etc/amnesia/
......
...@@ -16,9 +16,14 @@ output_apt_binary_source() { ...@@ -16,9 +16,14 @@ output_apt_binary_source() {
} }
output_overlay_apt_binary_sources() { output_overlay_apt_binary_sources() {
for suite in $(ls config/APT_overlays.d) ; do cd config/APT_overlays.d/
for suite in * ; do
# handle the case when no APT overlay is enabled
[[ -e "$suite" ]] || break
output_apt_binary_source "$suite" output_apt_binary_source "$suite"
done done
cd ../../
} }
### Sanity checks ### Sanity checks
......
# shellcheck shell=bash
# This library is meant to be used in bash, with "set -e" and "set -u". # This library is meant to be used in bash, with "set -e" and "set -u".
BASE_BRANCHES="stable testing devel" BASE_BRANCHES="stable testing devel"
......
2020061003 2020071801
\ No newline at end of file
...@@ -23,7 +23,7 @@ AMNESIA_APPEND="live-media=removable nopersistence noprompt timezone=Etc/UTC blo ...@@ -23,7 +23,7 @@ AMNESIA_APPEND="live-media=removable nopersistence noprompt timezone=Etc/UTC blo
AMNESIA_ISOHYBRID_OPTS="-h 255 -s 63 --id 42 --verbose" AMNESIA_ISOHYBRID_OPTS="-h 255 -s 63 --id 42 --verbose"
# Kernel version # Kernel version
KERNEL_VERSION='5.6.0-2' KERNEL_VERSION='5.7.0-1'
KERNEL_SOURCE_VERSION=$( KERNEL_SOURCE_VERSION=$(
echo "$KERNEL_VERSION" \ echo "$KERNEL_VERSION" \
| perl -p -E 's{\A (\d+ [.] \d+) [.] .*}{$1}xms' | perl -p -E 's{\A (\d+ [.] \d+) [.] .*}{$1}xms'
......
This diff is collapsed.
#!/bin/sh
set -e
set -u
echo "Checking for possibly missing rtw88 firmware (#17323)"
# Decide where to copy from, and what:
WORKAROUNDS_FW_DIR='/tmp/tails-workarounds/linux-firmware'
DIR='rtw88'
FILES='rtw8822b_fw.bin rtw8822c_fw.bin'
# Sanity check:
orig_dir="$WORKAROUNDS_FW_DIR/$DIR"
if [ ! -d "$orig_dir" ]; then
echo "=> ERROR: Missing origin directory ($orig_dir)"
exit 1
fi
firmware_dir="/lib/firmware/$DIR"
if [ ! -d "$firmware_dir" ]; then
echo "=> Missing parent directory ($firmware_dir), creating"
mkdir -p "$firmware_dir"
fi
for file in $FILES; do
path="$firmware_dir/$file"
if [ ! -f "$path" ]; then
echo "=> Missing firmware ($file), copying"
cp "$orig_dir/$file" "$path"
else
echo "=> ERROR: Firmware for $file found, maybe this hook could be dropped"
exit 1
fi
done
...@@ -18,7 +18,8 @@ ensure_hook_dependency_is_installed dkms ...@@ -18,7 +18,8 @@ ensure_hook_dependency_is_installed dkms
ensure_hook_dependency_is_installed \ ensure_hook_dependency_is_installed \
virtualbox-guest-dkms virtualbox-guest-dkms
for log in $(ls /var/lib/dkms/*/*/build/make.log); do for log in /var/lib/dkms/*/*/build/make.log; do
[ -e "$log" ] || break # handle the case when no file matched the glob
echo "---- $log" echo "---- $log"
cat "$log" cat "$log"
done done
......
...@@ -82,11 +82,6 @@ if [ -z "${LIVE_USERNAME}" ] ; then ...@@ -82,11 +82,6 @@ if [ -z "${LIVE_USERNAME}" ] ; then
log_n_exit "Username variable not found." log_n_exit "Username variable not found."
fi fi
### Physical security
log "Running /usr/local/lib/tails-unblock-network..."
/usr/local/lib/tails-unblock-network
log "tails-unblock-network has exited (status=$?)."
### Localization ### Localization
# Import locale settings # Import locale settings
...@@ -125,6 +120,11 @@ XKBVARIANT="$TAILS_XKBVARIANT" ...@@ -125,6 +120,11 @@ XKBVARIANT="$TAILS_XKBVARIANT"
XKBOPTIONS="$TAILS_XKBOPTIONS" XKBOPTIONS="$TAILS_XKBOPTIONS"
EOF EOF
### Physical security
log "Running /usr/local/lib/tails-unblock-network..."
/usr/local/lib/tails-unblock-network
log "tails-unblock-network has exited (status=$?)."
### Password ### Password
# Import password for superuser access # Import password for superuser access
......
...@@ -11,6 +11,8 @@ After=plymouth-quit.service ...@@ -11,6 +11,8 @@ After=plymouth-quit.service
Requires=plymouth-quit-wait.service Requires=plymouth-quit-wait.service
After=plymouth-quit-wait.service After=plymouth-quit-wait.service
# for instructions on how to test this unit, see config/chroot_local-includes/usr/lib/gdm3/gdm-x-session.tails
[Service] [Service]
Type=oneshot Type=oneshot
# We use VT5 that is clean of boot messages and does not get a getty started # We use VT5 that is clean of boot messages and does not get a getty started
...@@ -26,11 +28,4 @@ ExecStart=/bin/sh -c \ ...@@ -26,11 +28,4 @@ ExecStart=/bin/sh -c \
--kernel-command-line="plymouth.ignore-udev $(cat /proc/cmdline)"' --kernel-command-line="plymouth.ignore-udev $(cat /proc/cmdline)"'
ExecStart=/bin/chvt 5 ExecStart=/bin/chvt 5
ExecStart=/bin/plymouth show-splash ExecStart=/bin/plymouth show-splash
ExecStart=/bin/sh -c \ ExecStart=/usr/local/lib/tails-gdm-error-message
'MAX_LENGTH=254 ; \
PREFIX="Error starting GDM with your graphics card: " ; \
SUFFIX=". Please take note of this error and visit https://tails.boum.org/gdm for troubleshooting." ; \
MAX_VIDEO_CARD_LENGTH=$(($MAX_LENGTH - $(echo -n "$PREFIX$SUFFIX" | wc -c))) ; \
VIDEO_CARD=$(lspci -d::0300 -nn | sed -E "s,.* VGA compatible controller \\[0300\\]:\s*,," | cut -c "1-$MAX_VIDEO_CARD_LENGTH") ; \
/bin/plymouth display-message --text="$PREFIX$VIDEO_CARD$SUFFIX" \
'
...@@ -2,6 +2,7 @@ ...@@ -2,6 +2,7 @@
Description=Wipe memory on live media removal Description=Wipe memory on live media removal
Documentation=https://tails.boum.org/contribute/design/memory_erasure/ Documentation=https://tails.boum.org/contribute/design/memory_erasure/
After=memlockd.service initramfs-shutdown.service After=memlockd.service initramfs-shutdown.service
ConditionKernelCommandLine=!toram
[Service] [Service]
Type=simple Type=simple
......
...@@ -19,7 +19,7 @@ class AdminSetting(object): ...@@ -19,7 +19,7 @@ class AdminSetting(object):
# mkpasswd generates a salt if none is provided (even though the # mkpasswd generates a salt if none is provided (even though the
# man page doesn't explicitly state this). # man page doesn't explicitly state this).
["mkpasswd", "--stdin", "--method=sha512crypt"], ["mkpasswd", "--stdin", "--method=sha512crypt"],
input=shlex.quote(password).encode(), input=password.encode(),
capture_output=True, capture_output=True,
check=True, check=True,
) )
......
...@@ -273,3 +273,4 @@ class KeyboardSettingUI(LocalizationSettingUI): ...@@ -273,3 +273,4 @@ class KeyboardSettingUI(LocalizationSettingUI):
self.value = layout self.value = layout
self.update_value_label() self.update_value_label()
self._setting.save(layout, is_default=True) self._setting.save(layout, is_default=True)
self._setting.apply_layout_to_current_screen(self.value)
...@@ -6,5 +6,5 @@ RUN_AS_USER=tails-persistence-setup ...@@ -6,5 +6,5 @@ RUN_AS_USER=tails-persistence-setup
cd / cd /
xhost +SI:localuser:"$RUN_AS_USER" xhost +SI:localuser:"$RUN_AS_USER"
sudo -u "$RUN_AS_USER" /usr/bin/tails-persistence-setup --step delete $@ sudo -u "$RUN_AS_USER" /usr/bin/tails-persistence-setup --step delete "$@"
xhost -SI:localuser:"$RUN_AS_USER" xhost -SI:localuser:"$RUN_AS_USER"
...@@ -6,5 +6,5 @@ RUN_AS_USER=tails-persistence-setup ...@@ -6,5 +6,5 @@ RUN_AS_USER=tails-persistence-setup
cd / cd /
xhost +SI:localuser:"$RUN_AS_USER" xhost +SI:localuser:"$RUN_AS_USER"
sudo -u "$RUN_AS_USER" /usr/bin/tails-persistence-setup $@ sudo -u "$RUN_AS_USER" /usr/bin/tails-persistence-setup "$@"
xhost -SI:localuser:"$RUN_AS_USER" xhost -SI:localuser:"$RUN_AS_USER"
#!/usr/bin/env python3
import re
import os.path
from argparse import ArgumentParser
from subprocess import check_call, check_output
MAX_LENGTH = 254 # this depends on a limit of plymouth
def run_lspci(lspci_args: list) -> str:
"""
get lspci output
"""
s = check_output(["lspci", "-vmm"] + lspci_args, encoding="utf8")
return s
def parse_lspci(text: str) -> list:
"""
parse lspci output
"""
ret = []
blocks = text.split("\n\n")
for block in blocks:
parsed_block = parse_block(block)
if parsed_block:
ret.append(parsed_block)
return ret
DEVCODE_RE = re.compile(r"""(.*)\[([0-9a-f]{4})\]([^[]*)$""")
def parse_block(text: str) -> dict:
"""
sub-parser for parse_lspci. Don't use it standalone
>>> parse_block("")
{}
>>> parse_block("foo:bar")
{'foo': 'bar'}
>>> parse_block("foo:bar:zap")
{'foo': 'bar:zap'}
>>> parse_block("foo:bar\\nasd:xyz")
{'foo': 'bar', 'asd': 'xyz'}
Device codes are understood
>>> parse_block("Device:bar")
{'Device-code': 'NO', 'Device': 'bar'}
>>> parse_block("Device:bar [123a]")
{'Device-code': '123a', 'Device': 'bar'}
If anything follows the device codes, the parsing is still valid
>>> parse_block("Device:bar [123a] (rev v2)")
{'Device-code': '123a', 'Device': 'bar (rev v2)'}
And the last square parenthesis is taken]
>>> parse_block("Device:bar [1234] [123a] (rev v2)")
{'Device-code': '123a', 'Device': 'bar [1234] (rev v2)'}
"""
text = text.strip()
ret = {}
for line in text.split("\n"):
if ":" not in line:
continue
key, value = line.strip().split(":", 1)
key = key.strip()
value = value.strip()
if key in ("Vendor", "Device"):
m = DEVCODE_RE.match(value)
if m is not None:
value = m.group(1).strip()
if m.group(2).strip():
value += " " + m.group(3).strip()
ret[key + "-code"] = m.group(2)
else:
ret[key + "-code"] = "NO"
ret[key] = value.strip()
return ret
def sort_gpus(gpus: list) -> list:
"""
Sort GPUs putting the most probable at top.
Specifically, this means putting Intel last.
>>> gpus = [{"Vendor": "Intel Corporation [8086]"}, {"Vendor": "Anyone"}]
>>> sort_gpus(gpus)[0]["Vendor"]
'Anyone'
>>> gpus.reverse()
>>> sort_gpus(gpus)[0]["Vendor"]
'Anyone'
"""
return sorted(gpus, key=lambda g: g["Vendor"].endswith("[8086]"))
def format_gpus(gpus: list) -> str:
"""
>>> 'No GPU' in format_gpus([])
True
>>> gpu = {"Vendor": "X", "Device": "Y", 'Vendor-code': 'NO','Device-code': 'NO'}
>>> len(format_gpus([gpu]))
144
The output is cropped to 254 chars
>>> len(format_gpus([gpu] * 100))
254
Pluralization
>>> 'your 100 graphics card' in format_gpus([gpu] * 100)
True
"""
if gpus:
msg = "\n".join(
"{Vendor} [{Vendor-code}:{Device-code}] {Device}".format(**dev)
for dev in gpus
)
else:
msg = "No GPUs detected"
if len(gpus) <= 1:
header = "Error starting GDM with your graphics card:\n"
else:
header = "Error starting GDM with your %d graphics cards:\n" % len(gpus)
footer = "\nPlease take note of this error and visit https://tails.boum.org/gdm for troubleshooting."
msg = msg[: MAX_LENGTH - len(header) - len(footer)]
msg = header + msg + footer
return msg
def main():
p = ArgumentParser()
p.add_argument(
"--dry-run",
help="Don't actually run plymouth, just show the command",
action="store_true",
default=False,
)
args = p.parse_args()
output = run_lspci(["-d::0300", "-nn"])
gpus = parse_lspci(output)
gpus = sort_gpus(gpus)
msg = format_gpus(gpus)
cmd = ["/bin/plymouth", "display-message", "--text", msg]
if not args.dry_run:
check_call(cmd)
else:
print("would run `%s`, but --dry-run is selected" % " ".join(cmd))
if __name__ == "__main__":
import sys
if len(sys.argv) > 1 and sys.argv[1] == "doctest":
p = ArgumentParser(sys.argv[0].split(os.path.sep)[-1] + " doctest")
p.add_argument("--verbose", action="store_true", default=False)
args = p.parse_args(sys.argv[2:])
import doctest
results = doctest.testmod(verbose=args.verbose)
if results.failed > 0:
sys.exit(1)
else:
sys.exit(0)
main()
# shellcheck shell=sh
GNOME_ENV_VARS=" GNOME_ENV_VARS="
DBUS_SESSION_BUS_ADDRESS DBUS_SESSION_BUS_ADDRESS
DISPLAY DISPLAY
......
...@@ -43,9 +43,9 @@ get_module_used_by_nic() { ...@@ -43,9 +43,9 @@ get_module_used_by_nic() {
} }
get_name_of_nic() { get_name_of_nic() {
vendor=$(sed 's/^0x\(.*\)$/\1/' "/sys/class/net/${1}/device/vendor") vendor=$(udevadm info -x --query=property /sys/class/net/${1} | sed -n "s/ID_VENDOR_FROM_DATABASE='\(.*\)'/\\1/p" || : )
device=$(sed 's/^0x\(.*\)$/\1/' "/sys/class/net/${1}/device/device") device=$(udevadm info -x --query=property /sys/class/net/${1} | sed -n "s/ID_MODEL_FROM_DATABASE='\(.*\)'/\\1/p" || : )
lspci -nn | sed -n "s/^\S\+\s\+[^:]\+:\s\+\(.*\)\s\+\[$vendor:$device\].*$/\1/p" echo "${vendor} ${device}"
} }
# Auxillary function for mod_rev_dep(). It recurses over the graph of # Auxillary function for mod_rev_dep(). It recurses over the graph of
...@@ -56,7 +56,7 @@ get_name_of_nic() { ...@@ -56,7 +56,7 @@ get_name_of_nic() {
mod_rev_dep_aux() { mod_rev_dep_aux() {
local mod local mod
local rev_deps local rev_deps
for mod in ${@}; do for mod in "${@}"; do
if echo ${MOD_REV_DEP_VISITED} | grep -qw ${mod}; then if echo ${MOD_REV_DEP_VISITED} | grep -qw ${mod}; then
continue continue
fi fi
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment