Commit 0d5b2b62 authored by u451f's avatar u451f

Merge branch 'master' of webmasters.boum.org:wiki

parents 370f0093 5e10d154
......@@ -49,6 +49,7 @@
/config/chroot_local-includes/usr/share/applications/tor-browser.desktop
/config/chroot_local-includes/usr/share/applications/tails-about.desktop
/config/chroot_local-includes/usr/share/desktop-directories/Tails.directory
/config/chroot_local-includes/usr/share/polkit-1/actions/org.boum.tails.root-terminal.policy
/tmp/
# The test suite's local configuration files
......
......@@ -11,6 +11,3 @@
[submodule "submodules/mirror-pool-dispatcher"]
path = submodules/mirror-pool-dispatcher
url = https://git-tails.immerda.ch/mirror-pool-dispatcher
[submodule "submodules/gnome-shell-extension-florence-indicator"]
path = submodules/gnome-shell-extension-florence-indicator
url = https://github.com/UshakovVasilii/gnome-shell-extension-florence-indicator.git
This diff is collapsed.
wiki/src/contribute/how/code/HACKING.mdwn
\ No newline at end of file
......@@ -16,6 +16,17 @@ if [ -e config/amnesia.local ] ; then
. config/amnesia.local
fi
if [ -n "${SOURCE_DATE_EPOCH}" ]; then
CURRENT_EPOCH="$(date --utc +%s)"
if [ "${SOURCE_DATE_EPOCH}" -gt "${CURRENT_EPOCH}" ]; then
echo "SOURCE_DATE_EPOCH is set before the current time. Exiting."
exit 1
fi
else
echo "SOURCE_DATE_EPOCH is not set. Exiting."
exit 1
fi
# get git branch or tag so we can set the basename appropriately, i.e.:
# * if we build from a tag: tails-$ARCH-$TAG.iso
# * otherwise: tails-$ARCH-$BRANCH-$VERSION-$TIME-$COMMIT.iso
......@@ -187,12 +198,6 @@ install -m 0755 \
submodules/mirror-pool-dispatcher/lib/js/mirror-dispatcher.js \
config/chroot_local-includes/usr/local/lib/nodejs/
# gnome-shell-extension-florence-indicator
rm -rf \
config/chroot_local-includes/usr/share/gnome-shell/extensions/florenceIndicator@UshakovVasilii_Github.yahoo.com
cp -a submodules/gnome-shell-extension-florence-indicator/florenceIndicator@UshakovVasilii_Github.yahoo.com/ \
config/chroot_local-includes/usr/share/gnome-shell/extensions/
# custom debootstrap script, setting some APT magic to log downloads:
patch \
--follow-symlinks \
......
......@@ -16,7 +16,7 @@ export SOURCE_DATE_YYYYMMDD="$(date --utc --date="$(dpkg-parsechangelog --show-f
# Base for the string that will be passed to "lb config --bootappend-live"
# FIXME: see [[bugs/sdmem_on_eject_broken_for_CD]] for explanation why we
# need to set block.events_dfl_poll_msecs
AMNESIA_APPEND="live-media=removable apparmor=1 security=apparmor nopersistence noprompt timezone=Etc/UTC block.events_dfl_poll_msecs=1000 splash noautologin module=Tails kaslr slab_nomerge slub_debug=FZP mce=0 vsyscall=none page_poison=1 union=aufs"
AMNESIA_APPEND="live-media=removable apparmor=1 security=apparmor nopersistence noprompt timezone=Etc/UTC block.events_dfl_poll_msecs=1000 splash noautologin module=Tails slab_nomerge slub_debug=FZP mce=0 vsyscall=none page_poison=1 union=aufs"
# Options passed to isohybrid
AMNESIA_ISOHYBRID_OPTS="-h 255 -s 63 --id 42 --verbose"
......@@ -25,7 +25,7 @@ AMNESIA_ISOHYBRID_OPTS="-h 255 -s 63 --id 42 --verbose"
REQUIRED_SYSLINUX_UTILS_UPSTREAM_VERSION="6.03~pre20"
# Kernel version
KERNEL_VERSION='4.9.0-3'
KERNEL_VERSION='4.12.0-2'
KERNEL_SOURCE_VERSION=$(
echo "$KERNEL_VERSION" \
| perl -p -E 's{\A (\d+ [.] \d+) [.] .*}{$1}xms'
......
......@@ -31,37 +31,13 @@ syslinux_deb_version_in_chroot () {
LINUX_BINARY_UTILS_DIR='binary/utils/linux'
WIN32_BINARY_UTILS_DIR='binary/utils/win32'
BINARY_MBR_DIR='binary/utils/mbr'
CHROOT_SYSLINUX_BIN='chroot/usr/bin/syslinux'
CHROOT_SYSLINUX_MBR='chroot/usr/lib/SYSLINUX/gptmbr.bin'
CHROOT_TEMP_APT_SOURCES='chroot/etc/apt/sources.list.d/tmp-deb-src.list'
SYSLINUX_DEB_VERSION_IN_CHROOT=$(syslinux_deb_version_in_chroot)
### Main
mkdir -p "$LINUX_BINARY_UTILS_DIR" "$WIN32_BINARY_UTILS_DIR" "$BINARY_MBR_DIR"
# We need the 32-bit binary until most of the users have upgraded to 64-bit.
# Copy 32-bit syslinux binary
(
olddir=$(pwd)
workdir=$(mktemp -d)
cd "$workdir"
chroot="$olddir/chroot"
echo "Configuring APT architectures for the installation of syslinux"
Chroot "$chroot" \
echo 'APT::Architectures {"i386"; "amd64";};' \
> /etc/apt/apt.conf.d/13architectures
Chroot "$chroot" dpkg --add-architecture i386
Chroot "$chroot" apt-get update
echo "Downloading syslinux:i386 version ${SYSLINUX_DEB_VERSION_IN_CHROOT}"
Chroot "$chroot" \
apt-get --yes download \
syslinux:i386="${SYSLINUX_DEB_VERSION_IN_CHROOT}"
echo "Extracting syslinux:i386"
dpkg-deb --extract "$chroot"/syslinux_*.deb .
rm "$chroot"/syslinux_*.deb
cp ./usr/bin/syslinux "$olddir/$LINUX_BINARY_UTILS_DIR/"
cd "$olddir"
rm -r "$workdir"
)
# Copy syslinux MBR
cp "$CHROOT_SYSLINUX_BIN" "$LINUX_BINARY_UTILS_DIR/"
cp "$CHROOT_SYSLINUX_MBR" "$BINARY_MBR_DIR/mbr.bin"
cat chroot/etc/apt/sources.list chroot/etc/apt/sources.list.d/*.list \
......
This diff is collapsed.
......@@ -5,7 +5,8 @@
#
packages:
binary:
- package: squashfs-tools
arch: amd64
version: 1:4.2+20130409-2
explanation: pulled by lb_binary_rootfs, outside of the reach of our apt-get wrapper
### Example:
# - package: squashfs-tools
# arch: amd64
# version: 1:4.2+20130409-2
# explanation: pulled by lb_binary_rootfs, outside of the reach of our apt-get wrapper
Package: b43-fwcutter
Package: aufs-dkms
Pin: release o=Debian,n=sid
Pin-Priority: 999
Explanation: freeze exception (install version compatible with Thunderbird 45.x: #13530)
Package: enigmail
Pin: origin deb.tails.boum.org
Package: b43-fwcutter
Pin: release o=Debian,n=sid
Pin-Priority: 999
Package: firmware-b43-installer
......@@ -28,6 +27,10 @@ Package: firmware-zd1211
Pin: release o=Debian,n=sid
Pin-Priority: 999
Package: linux-compiler-* linux-headers-* linux-image-* linux-kbuild-* linux-source-*
Pin: release o=Debian,n=sid
Pin-Priority: 999
Explanation: We ship our custom-built Thunderbird for now, see #6156
Package: thunderbird* calendar-google-provider
Pin: origin deb.tails.boum.org
......
#! /bin/sh
set -e
set -u
echo "Configure Enigmail's version"
# Import set_mozilla_pref()
. /usr/local/lib/tails-shell-library/tor-browser.sh
# Rationale: the only way to suppress Enigmail's "first run" wizard is
# to have *some* version configured. But too old versions might
# trigger work-around code to run unnecessarily.
version="$(dpkg-query --show \
--showformat='${source:Upstream-Version}' \
enigmail)"
set_mozilla_pref /etc/xul-ext/enigmail.js \
extensions.enigmail.configuredVersion \
"\"${version}\""
#! /bin/sh
set -e
echo "Work around a gksu bug to make it possible to start graphical applications in the Root Terminal"
echo '
# Workaround a gksu bug making X11 application not start in
# the Root Terminal
if echo "${XAUTHORITY}" | grep -q "^/tmp/libgksu-"; then
mkdir -p "$(dirname "${XAUTHORITY}")"
. /etc/live/config.d/username.conf
cp "/run/user/$(id -u ${LIVE_USERNAME})/gdm/Xauthority" "${XAUTHORITY}"
unset LIVE_USERNAME
fi
' >> /root/.bashrc
#!/bin/sh
set -e
# Load GConf settings.
echo "Loading GConf settings"
gct() {
gconftool-2 \
--direct \
--config-source xml:readwrite:/etc/gconf/gconf.xml.defaults \
"${@}"
}
for file in /usr/share/amnesia/gconf/*.xml ; do
gct --load "${file}"
done
#!/bin/sh
set -e
echo "Setting the root's bash environment"
# ... so we have the expected environment in the Root Terminal
echo '
for dir in /usr/local/sbin /usr/local/bin; do
if ! echo "${PATH}" | grep -q --extended-regexp "(^|:)${dir}($|:)"; then
PATH="${dir}:${PATH}"
fi
done
' >> /root/.bashrc
#!/bin/sh
set -e
echo "Creating the Root Terminal .desktop file"
TMP="$(mktemp -d)"
cd "${TMP}"
apt-get download gksu
dpkg-deb --extract gksu_*.deb .
mv ./usr/share/pixmaps/gksu-root-terminal.png /usr/share/pixmaps/
sed 's@^Exec=.*$@Exec=/usr/local/bin/gnome-terminal-pkexec@' \
./usr/share/applications/gksu.desktop \
> /usr/share/applications/root-terminal.desktop
cd /
rm -r "${TMP}"
#!/bin/sh
set -e
echo "Creating vim symlink"
if [ -e /usr/bin/vim.tiny ]; then
update-alternatives --install /usr/bin/vim vim /usr/bin/vim.tiny 15
else
echo "/usr/bin/vim.tiny doesn't exist; either that is a problem," \
"or this hook should be removed" >&2
exit 1
fi
......@@ -7,3 +7,17 @@ echo "Selecting our preferred pinentry"
for alternative in pinentry pinentry-x11 ; do
update-alternatives --set "$alternative" /usr/bin/pinentry-gtk-2
done
# XXX:Buster remove once Debian bug #869416 is fixed
mkdir -p /usr/lib/pinentry
dpkg-divert --add --rename --divert \
/usr/lib/pinentry/pinentry-gtk-2 \
/usr/bin/pinentry-gtk-2
cat > /usr/bin/pinentry-gtk-2 << 'EOF'
#!/bin/sh
. /usr/local/lib/tails-shell-library/gnome.sh
export_gnome_env
exec /usr/lib/pinentry/pinentry-gtk-2 "$@"
EOF
chmod 755 /usr/bin/pinentry-gtk-2
......@@ -4,7 +4,7 @@ set -e
echo "Registering and tweaking menus"
for app in tails-installer-launcher tails-persistence-delete tails-persistence-setup tails-about tails-documentation; do
for app in tails-installer tails-persistence-delete tails-persistence-setup tails-about tails-documentation; do
xdg-desktop-menu install --novendor \
/usr/share/desktop-directories/Tails.directory \
"/usr/share/applications/${app}.desktop"
......
......@@ -40,11 +40,6 @@ rm -r /var/lib/monkeysphere/authentication/
# Remove logs.
rm -r /var/lib/dkms/*/*/*/*/log
# Set various timestamps according to SOURCE_DATE_EPOCH.
find / -name '%gconf-tree.xml' -print0 | \
xargs -0r \
sed -i -e 's@\bmtime="[0-9][0-9]*"@mtime="'${SOURCE_DATE_EPOCH}'"@g'
# Post-process /etc/shadow by setting the sp_lstchg field to the number of days
# since SOURCE_DATE_EPOCH instead of 1st Jan 1970. (#12339)
# XXX:Buster: drop this if https://bugs.debian.org/857803 is fixed.
......@@ -52,3 +47,7 @@ cut -d: -f1 /etc/shadow | \
xargs -L1 \
chage --lastday \
"$(($(date --utc --date "@${SOURCE_DATE_EPOCH}" "+%s") / 86400))"
# A user reported all executable bits of /etc/hostname being set when
# trying to reproduce Tails 3.1. See #13623 for details.
chmod u=rw,go=r /etc/hostname
<!DOCTYPE busconfig PUBLIC
"-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
<policy context="default">
<deny send_destination="im.pidgin.purple.PurpleService"/>
</policy>
</busconfig>
[apps/florence/behaviour]
startup-notification=false
[apps/florence/controller]
floaticon=false
trayicon=false
[apps/florence/layout]
style='/usr/share/florence/styles/hard'
[apps/florence/style]
sounds=false
system-font=false
[apps/florence/window]
decorated=false
xpos=384
ypos=27
[apps/seahorse/listing]
item-filter=''
sidebar-visible=true
......@@ -77,5 +58,5 @@ lid-close-ac-action = 'blank'
lid-close-battery-action = 'blank'
[org/gnome/shell]
enabled-extensions = ['apps-menu@gnome-shell-extensions.gcampax.github.com', 'places-menu@gnome-shell-extensions.gcampax.github.com', 'window-list@gnome-shell-extensions.gcampax.github.com', 'florenceIndicator@UshakovVasilii_Github.yahoo.com', 'TopIcons@phocean.net', 'shutdown-helper@tails.boum.org', 'torstatus@tails.boum.org']
enabled-extensions = ['apps-menu@gnome-shell-extensions.gcampax.github.com', 'places-menu@gnome-shell-extensions.gcampax.github.com', 'window-list@gnome-shell-extensions.gcampax.github.com', 'TopIcons@phocean.net', 'shutdown-helper@tails.boum.org', 'torstatus@tails.boum.org']
favorite-apps=['tor-browser.desktop', 'thunderbird.desktop', 'pidgin.desktop', 'keepassx.desktop', 'gnome-terminal.desktop']
install bluetooth /bin/true
install bnep /bin/true
install btusb /bin/true
vm.mmap_rnd_bits=32
vm.mmap_rnd_compat_bits=16
......@@ -60,6 +60,7 @@ pref("noscript.untrusted", "google-analytics.com");
// Other non-Torbutton, Tails-specific prefs
pref("browser.download.dir", "/home/amnesia/Tor Browser");
pref("dom.input.fallbackUploadDir", "/home/amnesia/Tor Browser");
pref("browser.download.folderList", 2);
pref("browser.download.manager.closeWhenDone", true);
pref("extensions.update.enabled", false);
......
......@@ -5,11 +5,15 @@
# a bloated one that also include the IPv6 host `::1 localhost`, which
# can lead to IPv6 traffic, which we block, which may lead to stuff
# breaking (for instance APT's tor+http transport).
#
# localhost.localdomain added to prevent loopback leaks to Tor circuits
# for applications that use the FQDN (fully qualified domain name) model
#
echo "- setting up hosts file"
. /etc/live/config.d/hostname.conf
cat > /etc/hosts << EOF
127.0.0.1 localhost ${LIVE_HOSTNAME}
127.0.0.1 localhost localhost.localdomain ${LIVE_HOSTNAME}
EOF
#!/bin/sh
pkexec /usr/bin/gnome-terminal "${@}"
......@@ -22,6 +22,7 @@ configure_default_incoming_protocol() {
else
default_protocol=1
fi
mkdir -p "${PROFILE}/preferences"
set_mozilla_pref "${PROFILE}/preferences/0000tails.js" \
"extensions.torbirdy.defaultprotocol" \
"${default_protocol}"
......
......@@ -6,6 +6,6 @@ set -e
rfkill block all
for devtype in bluetooth wifi wwan wimax ; do
for devtype in wifi wwan wimax ; do
rfkill unblock "$devtype"
done
......@@ -3,20 +3,6 @@
# Import is_package_installed
. /usr/local/lib/tails-shell-library/common.sh
faketime_wrapper() {
apt-get --yes install faketime
faketime "${@}"
apt-get --yes purge faketime '^libfaketime*'
}
faketime_sde_wrapper() {
if [ -z "${SOURCE_DATE_EPOCH}" ]; then
echo "SOURCE_DATE_EPOCH was not set!" >&2
exit 1
fi
faketime_wrapper "$(date -d '@${SOURCE_DATE_EPOCH}')" "${@}"
}
strip_nondeterminism_wrapper() {
apt-get --yes install strip-nondeterminism
strip-nondeterminism "${@}"
......
......@@ -36,30 +36,6 @@ try_for() {
wait_until "${@}"
}
# Sets the `value` of a `key` in a simple configuration `file`. With
# "simple" you should think something like a the shell environment as
# output by the `env` command. Hence this is only useful for
# configuration files that have no structure (e.g. sections with
# semantic meaning, like the namespace secions in .gitconfig), allow
# only one assignment per line, and a fixed/static assignment operator
# (`op`, which defaults to '=', but other examples would be " = " or
# torrc's " "). If the key already exists its value is updated in
# place, otherwise it's added at the end.
set_simple_config_key() {
local file="${1}"
local key="${2}"
local value="${3}"
local op="${4:-=}"
if grep -q "^${key}${op}" "${file}"; then
# Escape / in input so it can be used as the sed separator
key="$(echo "${key}" | sed 's,/,\\/,g')"
value="$(echo "${value}" | sed 's,/,\\/,g')"
sed -i "s/^${key}${op}.*$/${key}${op}${value}/" "${file}"
else
echo "${key}${op}${value}" >> "${file}"
fi
}
# Runs the wrapped command while temporarily disabling `set -e`, if
# enabled. It will always return 0 to not make scripts with `set -e`
# enabled abort but will instead store the wrapped command's return
......@@ -88,3 +64,14 @@ is_package_installed() {
2>/dev/null)"
[ "${package_status}" = "installed" ]
}
extract_from_file_between_markers () {
local file start stop
file="${1}"
start="${2}"
stop="${3}"
awk "/${start}/ { between=1; next; }
/${stop}/ { between=0; }
{ if (between) { print; } }" \
"${file}"
}
# This shell library is meant to be used with `set -e` and `set -u`.
po_languages () {
for po in po/*.po ; do
rel="${po%.po}"
echo "${rel#po/}"
done
for po in po/*.po ; do
rel="${po%.po}"
echo "${rel#po/}"
done
}
diff_without_pot_creation_date () {
old="$1"
new="$2"
diff --ignore-matching-lines '^"POT-Creation-Date:' "${@}"
}
[ $(diff "$old" "$new" | grep -Ec '^>') -eq 1 -a \
$(diff "$old" "$new" | grep -Ec '^<') -eq 1 -a \
$(diff "$old" "$new" | grep -Ec '^[<>] "POT-Creation-Date:') -eq 2 ]
diff_without_pot_creation_date_and_comments () {
diff --ignore-matching-lines '^"POT-Creation-Date:' \
--ignore-matching-lines '^#: .*:[0-9]\+$' "${@}"
}
intltool_update_po () {
(
(
cd po
for locale in "$@" ; do
intltool-update --dist --gettext-package=tails $locale -o ${locale}.po.new
......@@ -25,11 +25,14 @@ intltool_update_po () {
[ -f ${locale}.po ] || continue
[ -f ${locale}.po.new ] || continue
if diff_without_pot_creation_date "${locale}.po" "${locale}.po.new"; then
echo "${locale}: Only header changes in potfile, delete new PO file."
rm ${locale}.po.new
if [ "${FORCE:-}" = yes ]; then
echo "Force-updating '${locale}.po'."
mv ${locale}.po.new ${locale}.po
elif diff_without_pot_creation_date -q "${locale}.po" "${locale}.po.new"; then
echo "${locale}: Only header changes in PO file: keeping the old one"
rm ${locale}.po.new
else
echo "${locale}: Real changes in potfile: substitute old PO file."
echo "${locale}: Real changes in PO file: switching to the updated one"
mv ${locale}.po.new ${locale}.po
fi
done
......
......@@ -146,7 +146,7 @@ sub newestDateHeader {
chomp $line;
# empty line == we leave the headers to go into the content
last if $line eq '';
last if ($date) = ($line =~ m/^\s*Date:\s+(.*)$/m);
last if ($date) = ($line =~ m/^\s*[Dd]ate:\s+(.*)$/m);
}
close $file_h;