Commit 698e6165 authored by Tails developers's avatar Tails developers

Merge branch 'feature/incremental-upgrades' into devel

parents c8a1249b 4d1ba5da
......@@ -111,6 +111,10 @@ Package: libunix-mknod-perl
Pin: origin backports.debian.org
Pin-Priority: 999
Package: libwww-curl-perl
Pin: origin backports.debian.org
Pin-Priority: 999
Package: live-boot
Pin: release o=Debian,a=unstable
Pin-Priority: 999
......
#!/bin/sh
set -e
# Create the tails-upgrade-frontend user.
#
# The tails-upgrade-frontend program may be run as this user.
# This avoids having to grant the desktop user the right to install
# any arbitrary IUK.
echo "creating the tails-upgrade-frontend user"
adduser --system --quiet --group --no-create-home tails-upgrade-frontend
......@@ -4,7 +4,7 @@ set -e
echo "Registering menus"
for app in liveusb-creator-launcher tails-persistence-delete tails-persistence-setup ; do
for app in liveusb-creator-launcher tails-persistence-delete tails-persistence-setup tails-upgrader ; do
xdg-desktop-menu install --novendor \
/usr/share/desktop-directories/Tails.directory \
"/usr/share/applications/${app}.desktop"
......
Cmnd_Alias INSTALL_IUK = /bin/chmod, /bin/cp, /bin/mkdir, /bin/mktemp, /bin/mount, /bin/rm, /bin/tar
Cmnd_Alias IUK_GET_TARGET_FILE = /usr/bin/tails-iuk-get-target-file
Defaults!IUK_GET_TARGET_FILE env_keep+="HARNESS_ACTIVE DISABLE_PROXY"
amnesia ALL = NOPASSWD: /usr/bin/tails-shutdown-network
amnesia ALL = (tails-install-iuk) NOPASSWD: /usr/bin/tails-install-iuk
amnesia ALL = (tails-iuk-get-target-file) NOPASSWD: IUK_GET_TARGET_FILE
amnesia ALL = (tails-iuk-get-target-file) NOPASSWD: /usr/bin/tails-iuk-mktemp-get-target-file
tails-install-iuk ALL = NOPASSWD: INSTALL_IUK
Cmnd_Alias INSTALL_IUK = /bin/chmod, /bin/cp, /bin/mkdir, /bin/mktemp, /bin/mount, /bin/rm, /bin/tar
Cmnd_Alias IUK_GET_TARGET_FILE = /usr/bin/tails-iuk-get-target-file
Cmnd_Alias UPGRADE_FRONTEND = /usr/bin/tails-upgrade-frontend
Defaults!IUK_GET_TARGET_FILE env_keep+="HARNESS_ACTIVE DISABLE_PROXY"
Defaults!UPGRADE_FRONTEND env_keep+="DISABLE_PROXY SSL_NO_VERIFY"
amnesia ALL = (tails-upgrade-frontend) NOPASSWD: UPGRADE_FRONTEND
tails-upgrade-frontend ALL = NOPASSWD: /usr/bin/tails-shutdown-network
tails-upgrade-frontend ALL = (tails-install-iuk) NOPASSWD: /usr/bin/tails-install-iuk
tails-upgrade-frontend ALL = (tails-iuk-get-target-file) NOPASSWD: IUK_GET_TARGET_FILE
tails-upgrade-frontend ALL = (tails-iuk-get-target-file) NOPASSWD: /usr/bin/tails-iuk-mktemp-get-target-file
tails-upgrade-frontend ALL = NOPASSWD: /sbin/reboot
tails-install-iuk ALL = NOPASSWD: INSTALL_IUK
#!/bin/sh
TORDATE_DIR=/var/run/tordate
TORDATE_DONE_FILE="${TORDATE_DIR}/done"
INOTIFY_TIMEOUT=60
# wait for the $TORDATE_DIR directory to appear
while [ ! -d "$TORDATE_DIR" ]; do
sleep 10
done
# wait for a guarantee that time is in Tor valid range
while ! [ -e "$TORDATE_DONE_FILE" ]; do
inotifywait -q -t "$INOTIFY_TIMEOUT" -e create --format %w%f "$TORDATE_DIR"
done
exec /usr/bin/tails-update-frontend
#!/bin/sh
CMD=$(basename ${0})
. gettext.sh
TEXTDOMAIN="tails"
export TEXTDOMAIN
TORDATE_DIR=/var/run/tordate
TORDATE_DONE_FILE="${TORDATE_DIR}/done"
INOTIFY_TIMEOUT=60
MIN_MEMFREE=$((200 * 1024))
MIN_TOTAL_MEMFREE=$((500 * 1024))
RUN_AS_USER=tails-upgrade-frontend
### Functions
error () {
local cli_text="${CMD}: `gettext \"error:\"` ${@}"
local dialog_text="<b><big>`gettext \"Error\"`</big></b>
${@}"
echo "${cli_text}" >&2
zenity --error --title "" --text "${dialog_text}"
exit 1
}
check_free_memory () {
local min_memfree min_total_memfree memfree buffers cached total_memfree
local errormsg
min_memfree="$1"
min_total_memfree="$2"
memfree=$(awk '/^MemFree:/{print $2}' /proc/meminfo)
buffers=$(awk '/^Buffers:/{print $2}' /proc/meminfo)
cached=$(awk '/^Cached:/{print $2}' /proc/meminfo)
total_memfree=$(($memfree + $buffers + $cached))
errormsg="`gettext \"Not enough memory to check if an upgrade is available.
Make sure this system satisfies the <a href='file:///usr/share/doc/tails/website/doc/about/requirements/index.en.html'>Tails requirements</a>, try to restart and run <b>Applications</b> -> <b>Tails</b> -> <b>Tails Upgrader</b>.\"`"
if [ "$memfree" -lt "$MIN_MEMFREE" ] ; then
echo "Only $memfree MemFree, while $MIN_MEMFREE is needed." >&2
error "$errormsg"
fi
if [ "$total_memfree" -lt "$MIN_TOTAL_MEMFREE" ] ; then
echo "Only $total_memfree MemFree + Buffers + Cached, while $MIN_TOTAL_MEMFREE is needed." >&2
error "$errormsg"
fi
}
### Main
# wait for the $TORDATE_DIR directory to appear
while [ ! -d "$TORDATE_DIR" ]; do
sleep 10
done
# wait for a guarantee that time is in Tor valid range
while ! [ -e "$TORDATE_DONE_FILE" ]; do
inotifywait -q -t "$INOTIFY_TIMEOUT" -e create --format %w%f "$TORDATE_DIR"
done
check_free_memory "$MIN_MEMFREE" "$MIN_TOTAL_MEMFREE"
xhost +SI:localuser:"$RUN_AS_USER"
gksudo -u "$RUN_AS_USER" "/usr/bin/tails-upgrade-frontend [email protected]"
xhost -SI:localuser:"$RUN_AS_USER"
[Desktop Entry]
Type=Application
Name=Tails Upgrader
Comment=Make sure Tails is up-to-date
Icon=system-software-update.png
Exec=tails-upgrade-frontend-wrapper
Terminal=false
Categories=System;Tails;
StartupNotify=false
......@@ -8,7 +8,8 @@ PERL_PROGS="/usr/local/bin/gpgApplet /usr/local/bin/tails-security-check \
/usr/local/bin/tails-virt-notify-user"
PYTHON_PROGS="/etc/whisperback/config.py /usr/local/bin/shutdown_helper_applet \
/usr/local/bin/tails-about /usr/local/sbin/tails-additional-software"
SHELL_PROGS="/usr/local/sbin/unsafe-browser /usr/share/tails/truecrypt-wrapper.disabled"
SHELL_PROGS="/usr/local/bin/tails-update-frontend-wrapper \
/usr/local/sbin/unsafe-browser /usr/share/tails/truecrypt-wrapper.disabled"
LANGUAGES=$(for po in po/*.po ; do rel="${po%.po}" ; echo "${rel#po/}"; done)
LOCALE_BASEDIR=config/chroot_local-includes/usr/share/locale
......
......@@ -500,6 +500,13 @@ Push the last commits to our Git repository:
... and ask <[email protected]> to refresh the ikiwiki wrappers for
our website.
Publish update-description files
--------------------------------
Upload the update description files and their detached OpenPGP
signature to the primary rsync mirror.
See [[blueprint/incremental_upgrades]] for details.
Bug tracker
-----------
......
......@@ -387,6 +387,30 @@ online one, e.g.:
DISABLE_PROXY=1 SSL_NO_VERIFY=1 \
tails-upgrade-frontend-wrapper --override-baseurl http://10.36.24.33/tails
# Incremental updates
Try every update path supported by the generated update-description
files:
* for every incremental update paths: make sure the resulting updated
system "works fine" (what does that mean? do we want to run the full
test suite on these? **FIXME**)
* for updates that only propose a non-incremental paths: make sure the
user is guided just fine (that is? **FIXME**)
Given these are not published yet, a local test setup is needed:
* a web server
* a replacement for the Tails website's `/update/` tree with
update-description files in there, e.g.
`/var/www/tails/update/v1/Tails/0.14~rc2/i386/stable/updates.yml`
* a replacement for the Tails HTTP mirrors' `iuk` directories,
e.g. `/var/www/tails/stable/iuk/Tails_i386_0.14-rc2_to_0.14.iuk`
Also, the updater must be called, from inside the system to update,
with every needed option to use that rather than the online published
stuff: **FIXME**.
# Persistence
* Activate persistence on a Tails USB install with all presets on
......
[[!map pages="doc/upgrade/error/*"]]
possible causes:
* network issues
possible causes:
* network issues
---
build-target: i386
channel: stable
product-name: Tails
product-version: 0.20.1
upgrades:
- details_url: https://tails.boum.org/news/version_/0.21/
type: major
upgrade_paths:
- target_files:
- sha256: 0af3e8ae97f6bcdd3932aa60324302ea80143a9f379fa216469bee42d39f8313
size: 934471680
url: http://dl.amnesia.boum.org/tails/stable/tails-i386-0.21/Tails-i386-0.21.iso
type: full
version: '0.21'
-----BEGIN PGP SIGNATURE-----
iQIcBAABCgAGBQJSl2r6AAoJEBICghy+LNnB8H4P/RKvqth6C33Vo4tO97uFwOn5
eLzaK4n2tYzDHZeDl+zLb4ALK6CyiTXwRQW6jGR6pCg9sSe1DgYqQzOUFFJ78MCy
VOqMSZOoi04GqOwlv0mEESk19fBAJ5sx2vRgkDimyt39MIun4w6SpQzAGLVPIqe0
PqMOhS/HJga4FKNo3Tkg9vL2t6BuXSkVU4NE19XhmUVSQuPgs74eSXGVTuHmeata
KjWoOIpbLwnjrmt27bIyJ55RSOG3gOZ3FJGf+qB/xFxQKr+3+GYHs8OmHbo9qm18
p9StB23TemOfZNUhGW/YeouUhAPSuWkxgzQPddCP7NT/aeJVX5hbY5GF8Unbwlk1
qDbkBx8OXyYwLaGnQKNNgnuwYnvfzfHeDThnFx9kDPLSbf66JXWJvYVolQ8VI4w+
6TGrUz6ALK3DVSLRzI2Ef1a6Y7ETFkNWI8nWxMa8ZkQL25WbEcB1/dGHb/29PYb2
O9NDzlPg6Whw3QJme2C4CRshpm+BvhdIjloZRgYE8sxYrtXUyxKS/SFddMr9NiQU
Itg7vdZPGm7HjwzlveuuiLIl6MNSU9V3IpkGK0eZrtFq/8WYzEACf4XFcAR7UTbO
3m/Bo/44EgGIGZlyLXuME4HnvgORuT5TySW25bK9/L8zhXkY684JVsMsWE04lPOk
xTKqxx2fJDQ5ACa7y0lG
=/5BA
-----END PGP SIGNATURE-----
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment