Commit 1bf11478 authored by intrigeri's avatar intrigeri

Merge remote-tracking branch 'origin/master' into stable

parents 3e887ff9 eeb9502d
......@@ -224,6 +224,7 @@ po_master_language: en|English
# slave languages (translated via PO files) format: ll|Langname
po_slave_languages:
- de|Deutsch
- es|Español
- fa|Farsi
- fr|Français
- it|Italiano
......
......@@ -201,6 +201,7 @@ po_master_language: en|English
# slave languages (translated via PO files) format: ll|Langname
po_slave_languages:
- de|Deutsch
- es|Español
- fa|Farsi
- fr|Français
- it|Italiano
......
This diff is collapsed.
This diff is collapsed.
......@@ -212,7 +212,11 @@ from the ISO (bootloader code and configuration), but indeed that
manifest could be in the ISO itself, and thus its authenticity and
integrity would be signed/verified at the same time as the ISO.
# Temporary stop gap: IUKs on steroids
<a id="iuks-on-steroids"</a>
<a id="single-squashfs-diff"></a>
# Temporary stop gap: stack one single SquashFS diff when upgrading
(This idea was originally conceived in the comments of [[!tails_ticket
11131]].)
......@@ -323,3 +327,67 @@ can take long breaks from Tails", let's guarantee our current
"you can at most skip one *planned* release" promise, and
optimistically support older versions whose key and Tails Upgrader are
still ok.
## Download requirements
tl;dr: for 2.x the new scheme would have required downloading 50% more
data than the original scheme.
### 2.x stats for original IUK scheme
Assumptions:
* a 4 GB Tails system partition.
It would look like this:
1082M tails-i386-2.0.iso
153M Tails_i386_2.0_to_2.0.1.iuk
315M Tails_i386_2.0.1_to_2.2.iuk
104M Tails_i386_2.2_to_2.2.1.iuk
258M Tails_i386_2.2.1_to_2.3.iuk
207M Tails_i386_2.3_to_2.4.iuk
324M Tails_i386_2.4_to_2.5.iuk
363M Tails_i386_2.5_to_2.6.iuk
328M Tails_i386_2.6_to_2.7.iuk
197M Tails_i386_2.7_to_2.7.1.iuk
176M Tails_i386_2.7.1_to_2.9.1.iuk
1153M tails-i386-2.10.iso
300M Tails_i386_2.10_to_2.11.iuk
296M Tails_i386_2.11_to_2.12.iuk
Total: 5256 MB
### 2.x stats for 1BigIUK scheme
Assumptions:
* a 4 GB Tails system partition.
* original installing 2.0 creates the largest IUKs.
It would look like this:
1082M tails-i386-2.0.iso
153M Tails_i386_2.0_to_2.0.1.iuk
388M Tails_i386_2.0_to_2.2.iuk
395M Tails_i386_2.0_to_2.2.1.iuk
434M Tails_i386_2.0_to_2.3.iuk
462M Tails_i386_2.0_to_2.4.iuk
515M Tails_i386_2.0_to_2.5.iuk
590M Tails_i386_2.0_to_2.6.iuk
597M Tails_i386_2.0_to_2.7.iuk
621M Tails_i386_2.0_to_2.7.1.iuk
622M Tails_i386_2.0_to_2.9.1.iuk
678M Tails_i386_2.0_to_2.10.iuk
682M Tails_i386_2.0_to_2.11.iuk
634M Tails_i386_2.0_to_2.12.iuk
Total: 7853 MB
### FWIW, IUK sizes for 3.x
200M Tails_amd64_3.0_to_3.1.iuk
278M Tails_amd64_3.1_to_3.2.iuk
260M Tails_amd64_3.2_to_3.3.iuk
177M Tails_amd64_3.3_to_3.4.iuk
213M Tails_amd64_3.4_to_3.5.iuk
......@@ -162,7 +162,7 @@ See [[HTTP_mirror_pool/archive]].
We've already switched all our mirrors in the Javascript mirror-pool, handled
by mirror-pool-dispatcher to HTTPS, but not all of our fallback mirrors
([!tails_ticket #12833]).
([[!tails_ticket 12833]]).
## Current problem space
......
......@@ -13,7 +13,7 @@ We should investigate:
# Install packages once the session has started
This is the preffered solution, as it is the best to speed up the desktop opening
This is the preferred solution, as it is the best to speed up the desktop opening
## What kind of packages would suffer from being installed after the session started?
......@@ -33,7 +33,7 @@ There are things that start automatically with the X session. They generally liv
* Keep `live-additional-software.conf` as the post-login list, so that most people don't have to change anything.
* Try to document a workaround and ask people to complain.
* See if people complain.
* Then implement a special pre-login list if we really feel the need either by identificating useful packages that would be broken or by having people report on issues for them.
* Then implement a special pre-login list if we really feel the need either by identifying useful packages that would be broken or by having people report on issues for them.
## Implementation
......@@ -44,7 +44,7 @@ User `tails-additional-software-install.service`
* WantedBy=desktop.target
* ExecStart=systemctl start tails-additional-software-install.service
A PolicyKit rule allows the `amnesia` user to start this secific service
A PolicyKit rule allows the `amnesia` user to start this specific service
`tails-additional-software-install.service` includes :
......
......@@ -25,9 +25,9 @@ Goals and non-goals
Flow chart
==========
<img src="https://labs.riseup.net/code/attachments/download/1886/asp-chart-installed.svg" width="150%" height="auto" />
<img src="https://labs.riseup.net/code/attachments/download/1886/asp-chart-installed.svg" height="auto" />
<img src="https://labs.riseup.net/code/attachments/download/1887/asp-chart-removed.svg" width="150%" height="auto" />
<img src="https://labs.riseup.net/code/attachments/download/1887/asp-chart-removed.svg" height="auto" />
User interface
==============
......
......@@ -301,12 +301,6 @@ hard disks.
- Tails became easier to setup and configure. For example, now you can
install Tails from Ubuntu and Debian.
- The verification to check that the ISO is genuine is still quite
complicated. Orlando managed to do it from the command line but without
really understanding. He also did it from the website and there it was
more automatic. He likes the command line instructions as it makes him
feel safer even if he only copies from the tutorial.
- They really like MAT and use it a lot. Metadata and MAT are also a
good example to explain why you need to protect your data, your files,
and communications. A big limitation is that MAT cannot clean PDF
......@@ -323,13 +317,21 @@ hard disks.
with them. Now they can start Tails and access it anywhere, even on
holidays!
- They like the manuals on the website, what is Tails, how it works,
etc. It's good to empower people who are new to Tails.
### What they dislike
- The verification to check that the ISO is genuine is still quite
complicated. Orlando managed to do it from the command line but without
really understanding. He also did it from the website and there it was
more automatic. He likes the command line instructions as it makes him
feel safer even if he only copies from the tutorial.
- Tails is complicated to start on newer computer which are much more
locked down by companies. One time, after trying Tails on the computer
of a colleague, it couldn't boot Windows anymore.
- They like the manuals on the website, what is Tails, how it works,
etc. It's good to empower people who are new to Tails.
- Joana once had problems with upgrade on a USB stick. She could do the
first two upgrade but then it was not possible to do the third one.
......@@ -337,6 +339,40 @@ hard disks.
thought that the other browser (*Unsafe Browser*?) was added to Tails
to make this possible.
<a id="Mathias"></a>
Mathias, December 2017
----------------------
Mathias is a 25 years old video technician living in the north of france. He is also a punk hardcore singer, and is involved in several struggles
against the capitalist world.
He first used Tor, and didn't really get interested in Tails,
but he went to a discussion about Tails and then downloaded it
just to see how it was. He then realized that Tor was not enough
for his needs, that he needed an amnesic operating system.
He doesn't have much expertise with Tails, at first he had a
hard time understanding that it started from a usb stick and was
independant from the hard drive.
He has been using it to anonymously upload videos on youtube.
The videos were showing a group of skateboarders riding in the
city, wearing masks and sometimes spray painting on the walls.
They wanted their messages to be publicly viewable, while not
risking to be discovered by the police.
Tails also makes him want to do more illegal things :)
He likes that Tails is nomade, simple, and has a persistence support. But
at first he likes the facts that he can feel the presence of human beings
behind the project.
And he doesn't have bad things to say about Tails, because he is not doing
crazy things with it and doesn't know it enough.
<a id="Daan"></a>
Daan, December 2017
......
......@@ -12,6 +12,15 @@ Si quiero traducir al español cómo puedo empezar
2. Puedes traducir con git (un poco más complicado), o hacer una cuenta en la plataforma de traducción en pruebas (Ver abajo)
Estilo y decisiones anteriores
------------------------------
* La traducción se realiza en *segunda persona informal*, es decir, tratamos a los usuarios de 'tú'.
* Intentamos escribir con sencillez y en un español neutro para que nos entiendan en todos los países hispanoparlantes.
* Los nombres de los programas *no se traducen*.
* Somos respetuosos con la ortografía: acentos, mayúsculas...
* Los espacios y saltos de línea deben ser mantenidos para que la página se componga bien.
Plataforma de traducción
------------------------
......@@ -39,7 +48,7 @@ Se puede clonar con:
Se pueden seguir las instrucciones de
<https://tails.boum.org/contribute/how/translate/with_Git/>
<https://tails.boum.org/contribute/how/translate/with_Git/>
Traducir la interfaz como aparece
---------------------------------
......
......@@ -34,7 +34,7 @@ designate themselves beforehand.
| Month | Notetaker | Facilitator |
| ------------- | -------------- | ------------ |
| January 2018 | intrigeri | mercedes508 |
| February 2018 | | |
| February 2018 | anonym | sajolida |
| March 2018 | | intrigeri |
| April 2018 | | |
| May 2018 | | |
......
[[!meta title="Translation platform"]]
[[!toc levels=2]]
Our (website) translation infrastructure has a pretty high barrier for
new translators, especially those who are not familiar with Git and/or
......@@ -56,9 +57,14 @@ MAY
Weblate setup
=============
We are testing a [weblate instance](https://translate.tails.boum.org/) to see if it fits our requirements. Read [[!tails_ticket 11759]] for more information.
There are several languages enabled and users can suggest translations in several languages:
<a href="http://translate.tails.boum.org/engage/tails/?utm_source=widget">
<img src="http://translate.tails.boum.org/widgets/tails/-/multi-red.svg" alt="Translation status" />
</a>
What we plan to do is:
[Schematics of the different Git repos, ikiwiki instances, and their relationships.](https://labs.riseup.net/code/attachments/download/1551/weblate.svg)
......@@ -76,15 +82,35 @@ You can check out weblate-generated Tails repo with:
This Tails repository has two main differences with other repos:
- The ikiwiki.setup file has been changed to build more language files
- The ikiwiki.setup file has been changed to build more languages
- There is a .gitlab.yml file to trigger tests when pushed to gitlab CI enabled repositories
- There are lots of new language files
Reviewing translation platform output
-------------------------------------
For languages like fr, fa, de, or it that are part of tails master repo, you can get the files to review and submit to tails-l10n:
git remote add translations https://translate.tails.boum.org/git/tails/index/
git checkout tails/master
find . -name '*.fa.po' -exec git checkout translations/master -- {} \;
git reset *
And you will have all the changes to farsi (*.fa.po) to review. The same goes for the other languages.
Staging version
---------------
From this repository, a version of the website with more languages will be built [[!tails_ticket 12311]] so users can see how the file they are translating looks.
Updating the repo
-----------------
PO files for enabled languages are built from the mdwn files when [[building the wiki|contribute/build/]].
This process is currently done outside of the weblate instance, and merged onto weblate repo by hand. As translate.lizard has so many languages, if there are many changes this process can take a while.
The machine currently doing this work can also provide a staging website, as it is the result of the building of the wiki anyway.
The changes generated [[while building the wiki|contribute/build/]]
can be fed back to weblate by cherry picking.
[[!meta title="USB install and upgrade"]]
We [[!tails_ticket 11679 desc="started a process"]] of rethinking
Tails installation and upgrade process, identifying changes we can do
relatively quickly and that have a good cost/benefit ratio, and
thinking about long-term solutions.
[[!toc levels=3]]
<a id="problems"></a>
Problems identified in Tails installation & upgrade process
===========================================================
Tags
----
Problems below are tagged this way:
* `[fixed-by-disk-image]`: would be solved by distributing
a [[USB image|usb_install_and_upgrade/bootable USB disk image]]
([[!tails_ticket 15292]])
* `[fixed-by-1-big-iuk]`: would solved by a smallish change to our
upgrade system that would allow users to automatically upgrade
through a whole Tails series such as 3.x (this idea is also known as
"IUKs on steroids", "1 big IUK", "endless upgrades"), i.e.
[[!tails_ticket 15281]] and
[[Endless_upgrades#single-squashfs-diff]]
Installation process
--------------------
* Installation on macOS, Windows and non-Debian Linux is complicated
and time intensive. [fixed-by-disk-image]
* When creating an intermediary Tails, the resulting USB fails to boot
on many (U)EFI systems ([[!tails_ticket 12146]]). [fixed-by-disk-image]
* Users have to follow different processes on different
operating systems. [fixed-by-disk-image]
* Relying on 3rd party software for the initial USB installation
is painful. [fixed-by-disk-image]
* Users have to first understand a complex mental model in which they
download an ISO image, have to use an installation program and create
some kind of "magic USB" key.
* Users need to turn off [[UEFI Secure Boot]] to start Tails.
* Supporting Tails Installer in Debian (code, doc, etc.) is costly.
* There's a mess around what device is considered "removable":
we have slightly different definitions in various places.
Upgrade process
---------------
* Regular Tails users need to go through manual upgrades twice a year.
[fixed-by-1-big-iuk]
* It's currently not possible to autoupgrade from an older Tails
version, i.e. It's impossible to autoupgrade from Tails 3.1 to Tails
3.5. [fixed-by-1-big-iuk]
* IUK size is not efficient. Users have to download a big blob of data
which can be very long over Tor.
* On upgrade failure our recovery handling is poor.
* Upon upgrades our user experience is poor.
* Manual upgrades are very complicated.
* Sometimes manual upgrades are required.
* Our upgrade system has never been audited yet.
* Because we instruct people not to use `apt upgrade` they have to wait
for us to release bugfixes, and these are often made too late after
the release.
Envisioned solutions to the problems that are not `fixed-by-1-big-iuk`:
[[!tails_ticket 15279]], [[!tails_ticket 15282]],
[[!tails_ticket 7499]].
<a id="roadmap"></a>
Roadmap
=======
None at the moment, see:
* as a starting point: [[!tails_ticket 11679]]
* regarding improving upgrades: [[!tails_ticket 11131]],
[[!tails_ticket 15277]] and their blueprint
* regarding shipping a disk image that can be dd'ed to a USB stick and
produce a _final Tails_, see
[[usb_install_and_upgrade/usb_bootable_disk_image]]
* improving upgrade UX: [[!tails_ticket 15281]] and
[[Endless_upgrades#single-squashfs-diff]]
* improve installation UX, by shipping a disk image that can
be dd'ed to a USB stick and produce a _final Tails_:
[[USB image|usb_install_and_upgrade/usb_bootable_disk_image]]
([[!tails_ticket 15292]])
* come back to the upgrade topic later ([[!tails_ticket 15277]])
Resources
=========
......
[[!meta title="Bootable USB disk image"]]
[[!meta title="USB image"]]
Corresponding ticket: [[!tails_ticket 15292]]
[[!toc levels=2]]
# Motivation
This is about generating, distributing and installing Tails as a disk
image that, once copied bit-by-bit to a USB stick, produces a _final
Tails_ (GPT, UEFI-bootable, ready to get a persistent volume).
This would:
- avoid the need for a second USB stick and an intermediary Tails
during the initial installation and full manual upgrade; as
a consequence:
- big UX win
- avoid the
[[!tails_ticket 12146 desc="intermediary Tails not being bootable on many UEFI systems"]]
problem
- removes a blocker for
[[!tails_ticket 6560 desc="Secure Boot support"]] (a non-GPT
intermediary Tails would never work with Secure Boot enabled)
- allow us to use simpler, more reliable installers at least on
Windows and macOS and then:
- avoids user confusion that results in creating a non-bootable
device e.g. [[!tails_ticket 13206]]
- relying on third-party tools becomes less painful
- pave the way to a self-extracting file offered for download,
that would bundle the disk image, the program used to copy it to
the target device, and some wrapper that would run that program
with the right arguments
# Generating
A number of the
[[problems we've identified with the installation process|blueprint/usb_install_and_upgrade#problems]]
will be fixed by generating, distributing and installing Tails as
a disk image that, once copied bit-by-bit to a USB stick, produces
a _final Tails_ (GPT, UEFI-bootable, ready to get a persistent
volume).
# The plan
The list of tasks is being worked on in `fundraising.git`.
It should be converted into subtasks of [[!tails_ticket 15292]] at
some point.
# Specific problems
## Generating
`live-build` can generate `hdd` images. Alternatively, we can
post-process our ISO image to create a USB-bootable disk image.
......@@ -45,21 +36,28 @@ Open questions:
- What about DVD support? Can we stop distributing an ISO image
some day?
# Distributing
## Distributing
XXX: impact on mirrors' storage space?
# Installing
## Installing
### Common bits
* Self-installable executable download:
- We need to investigate if we can Cross-compile a 3rd party dd GUI
tool such as Etcher and distribute it from our website.
- Ask Etcher about self installable bundle.
## from Windows
### from Windows
### Etcher
#### Etcher
See below "from macOS".
<a id="rufus"></a>
### Rufus
#### Rufus
- [homepage](https://rufus.akeo.ie)
- CLI mode: [in progress](https://github.com/pbatard/rufus/issues/111) but not on priority list of the developer
......@@ -79,7 +77,7 @@ See below "from macOS".
<a id="win32-disk-imager"></a>
### Win32 Disk Imager
#### Win32 Disk Imager
[[!tails_ticket 14447]]
......@@ -97,11 +95,11 @@ See below "from macOS".
<img src="https://labs.riseup.net/code/attachments/download/1885/Win32%20Disk%20Imager.png"/>
## from macOS
### from macOS
<a id="etcher"></a>
### Etcher
#### Etcher
- Tested version: 1.3.1 from 2018-01-23
- [homepage](https://etcher.io)
......@@ -122,7 +120,7 @@ See below "from macOS".
<a id="macos-disk-utility"></a>
### macOS Disk Utility
#### macOS Disk Utility
- Tested version: Mac OS X Lion
- I get an error ("invalid source") when I try to either:
......@@ -130,13 +128,14 @@ See below "from macOS".
- Restore the disk image of a full USB stick installed using @[email protected]
- Restart the disk image of the system partition of a USB stick installed using @[email protected]
## from Linux
### from Linux
_GNOME Disks_ has a _Restore Disk Image_ feature that basically does
`dd` with a nice progress bar.
* _GNOME Disks_ has a _Restore Disk Image_ feature that basically does
`dd` with a nice progress bar.
* Investigate if we can get Etcher into Debian, which would allow all
users to follow the same process.
# Upgrading
## Upgrading
This approach does not make full, manual upgrades any simpler. For the
ideas we have to fix that other problem, see [[!tails_ticket 11131]]
and [[blueprint/Endless_upgrades]].
ideas we have to fix that other problem, see [[!tails_ticket 15281]].
......@@ -283,6 +283,8 @@ were rewritten to prevent stylometry.
- **85% of Tails+VeraCrypt users mostly don't use the .TC or .HC file extension.**
<a id="technical"></a>
### How technical are Tails users? Tails+VeraCrypt users?
*Q: Which operating system other than Tails do you use the most?*
......
# SOME DESCRIPTIVE TITLE
# Copyright (C) YEAR Free Software Foundation, Inc.
# This file is distributed under the same license as the PACKAGE package.
# FIRST AUTHOR <