Commit 483e961f authored by Tails developers's avatar Tails developers

Merge branch 'master' into doc-rework

Conflicts:
	wiki/src/doc/about/features.mdwn
	wiki/src/download.de.po
	wiki/src/download.es.po
	wiki/src/todo/restructure_the_website_navigation.mdwn
parents d9a26d28 ffed3c6d
......@@ -49,6 +49,7 @@ chmod -R go+rX config/chroot_sources
# build the image
: ${MKSQUASHFS_OPTIONS:='-comp xz'}
MKSQUASHFS_OPTIONS="${MKSQUASHFS_OPTIONS} -wildcards -ef chroot/usr/share/amnesia/build/mksquashfs-excludes"
export MKSQUASHFS_OPTIONS
case "$LB_BINARY_IMAGES" in
......
......@@ -13,7 +13,7 @@
# Base for the string that will be passed to "lb config --bootappend-live"
# FIXME: see [[bugs/sdmem_on_eject_broken_for_CD]] for explanation why we
# need to set block.events_dfl_poll_msecs
AMNESIA_APPEND="noswap live-media=removable nopersistent noprompt quiet timezone=Etc/UTC block.events_dfl_poll_msecs=1000"
AMNESIA_APPEND="noswap live-media=removable nopersistent noprompt quiet timezone=Etc/UTC block.events_dfl_poll_msecs=1000 splash"
# Options passed to isohybrid
# Default: "-entry 4 -type 1c"
......
......@@ -29,11 +29,6 @@ case "${LB_BINARY_IMAGES}" in
;;
esac
# Remove help menu entry from menu.cfg
# Remove help menu entry from menu.cfg (and every line after)
CFG_FILE="${SYSLINUX_PATH}/menu.cfg"
ORIG_CFG_FILE="${CFG_FILE}.orig"
mv "${CFG_FILE}" "${ORIG_CFG_FILE}"
HELP_START="`grep --color=never --line-number --max-count=1 '^label help$' "${ORIG_CFG_FILE}" | awk -F':' '{print $1}'`"
KEEP_LINES="$(($HELP_START - 1))"
head -n "$KEEP_LINES" "${ORIG_CFG_FILE}" > "${CFG_FILE}"
rm -f "${ORIG_CFG_FILE}"
perl -pni -E 'exit if m{^label[[:blank:]]+help$}' "${CFG_FILE}"
......@@ -63,7 +63,7 @@ for LANG_CODE in ${AMNESIA_SUPPORTED_LANGUAGES}; do
case "${LANG_CODE}" in
ar)
LANG_NAME='^Arabic'
LANG_APPEND='locales=ar_EG.UTF-8'
LANG_APPEND='locales=ar_EG.UTF-8 keyboard-layouts=us,ara'
;;
de)
LANG_NAME='^German'
......@@ -91,7 +91,7 @@ for LANG_CODE in ${AMNESIA_SUPPORTED_LANGUAGES}; do
;;
ru)
LANG_NAME='^Russian'
LANG_APPEND='locales=ru'
LANG_APPEND='locales=ru keyboard-layouts=us,ru'
;;
zh)
LANG_NAME='^Chinese'
......
......@@ -34,6 +34,10 @@ Package: msva-perl
Pin: origin backports.debian.org
Pin-Priority: 999
Package: plymouth
Pin: release o=Debian,a=unstable
Pin-Priority: 999
Package: squashfs-tools
Pin: origin backports.debian.org
Pin-Priority: 999
......@@ -142,6 +146,10 @@ Package: laptop-mode-tools
Pin: release o=Debian,a=unstable
Pin-Priority: 999
Package: xul-ext-cookie-monster
Pin: release o=Debian,a=unstable
Pin-Priority: 999
Package: xul-ext-https-everywhere
Pin: release o=Debian,a=unstable
Pin-Priority: 999
......
......@@ -8,6 +8,8 @@ update-rc.d tails-kexec stop 85 0 6 .
update-rc.d tails-wifi start 17 S .
update-rc.d memlockd start 22 2 3 4 5 .
update-rc.d tails-sdmem-on-media-removal start 23 2 3 4 5 . stop 01 0 6
update-rc.d tails-reconfigure-kexec defaults
update-rc.d tails-reconfigure-memlockd defaults
# we run Tor ourselves after HTP via NetworkManager hooks
update-rc.d tor disable
......@@ -28,3 +30,11 @@ update-rc.d kexec-load stop 18 0 6 .
# the i2p script manually.
update-rc.d -f i2p remove
# we only want hdparm so that laptop-mode-tools can use it
update-rc.d hdparm disable
# don't use plymouth at shutdown/reboot
# (plymouth.postinst creates links using update-rc.d,
# so we cannot disable the links it creates by using LSB headers)
rm -f /etc/rc[06].d/*plymouth
......@@ -5,6 +5,8 @@ echo "Removing unwanted files"
# Get AMNESIA_SUPPORTED_LANGUAGES
. /usr/share/amnesia/build/variables
rm -f /usr/share/icons/gnome/icon-theme.cache
rm -rf \
/usr/share/inkscape/examples \
/usr/share/inkscape/tutorials
......@@ -20,6 +22,7 @@ find /usr/share/scribus-ng/translations \
-exec rm "{}" \;
rm -rf /tmp/*
find /usr -name "*.pyc" -print0 | xargs -0r rm -f
# truncate logs
for file in $(find /var/log/ -type f); do
......
#!/bin/sh
# We don't start Tor automatically so *this* is the time
# when it is supposed to start.
# Run only when the interface is not "lo":
if [ $1 = "lo" ]; then
exit 0
fi
# Run whenever an interface gets "up", not otherwise:
if [ $2 != "up" ]; then
exit 0
fi
# Workaround https://trac.torproject.org/projects/tor/ticket/2355
if grep -qw bridge /proc/cmdline; then
rm -f /var/lib/tor/*
fi
# A SIGHUP should be enough but there's a bug in Tor. Details:
# * https://trac.torproject.org/projects/tor/ticket/1247
# * https://tails.boum.org/bugs/tor_vs_networkmanager/
service tor restart
#!/bin/sh
# Rationale: Tor needs a somewhat accurate clock to work.
# If the clock is wrong enough to prevent it from opening circuits,
# we set the time to the middle of the valid time interval found
# in the Tor consensus, and we restart it.
# In any case, we use HTP to ask more accurate time information to
# a few authenticated HTTPS servers.
### Init variables
TORDATE_DIR=/var/run/tordate
TORDATE_DONE_FILE=${TORDATE_DIR}/done
TOR_DIR=/var/lib/tor
TOR_CONSENSUS=${TOR_DIR}/cached-consensus
TOR_UNVERIFIED_CONSENSUS=${TOR_DIR}/unverified-consensus
TOR_DESCRIPTORS=${TOR_DIR}/cached-descriptors
INOTIFY_TIMEOUT=60
DATE_RE='[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9]'
VERSION_FILE=/etc/amnesia/version
### Exit conditions
# Run only when the interface is not "lo":
if [ "$1" = "lo" ]; then
exit 0
fi
# Run whenever an interface gets "up", not otherwise:
if [ "$2" != "up" ]; then
exit 0
fi
# Do not run twice
if [ -e "$TORDATE_DONE_FILE" ]; then
exit 0
fi
### Create status directory
install -o root -g root -m 0755 -d ${TORDATE_DIR}
### Functions
log() {
logger -t time "$@"
}
tor_is_working() {
[ -e $TOR_DESCRIPTORS ]
}
has_consensus() {
grep -qs "^valid-until ${DATE_RE}"'$' ${TOR_CONSENSUS} \
${TOR_UNVERIFIED_CONSENSUS}
}
has_only_unverified_consensus() {
has_consensus && [ ! -e ${TOR_CONSENSUS} ]
}
wait_for_tor_consensus() {
log "Waiting for the Tor consensus file to contain a valid time interval"
while :; do
if has_consensus; then
break;
fi
inotifywait -q -t ${INOTIFY_TIMEOUT} -e close_write -e moved_to --format %w%f ${TOR_DIR} || :
done
}
wait_for_working_tor() {
log "Waiting for Tor to be working (i.e. cached descriptors exist)"
while :; do
if tor_is_working; then
break;
fi
inotifywait -q -t ${INOTIFY_TIMEOUT} -e close_write -e moved_to --format %w%f ${TOR_DIR} || :
done
}
date_points_are_sane() {
local vstart="$1"
local vend="$2"
vendchk=$(date -ud "${vstart} -0300" +'%F %T')
[ "${vend}" = "${vendchk}" ]
}
time_is_in_valid_tor_range() {
local curdate="$1"
local vstart="$2"
vendcons=$(date -ud "${vstart} -0230" +'%F %T')
order="${vstart}
${curdate}
${vendcons}"
ordersrt=$(echo "${order}" | sort)
[ "${order}" = "${ordersrt}" ]
}
restart_tor() {
if service tor status >/dev/null; then
log "Restarting Tor service"
service tor restart
fi
}
maybe_set_time_from_tor_consensus() {
if [ ! -e ${TOR_CONSENSUS} ]; then
log "We do not have a Tor consensus so we cannot set the system time according to it."
return
fi
# Get various date points in Tor's format, and do some sanity checks
vstart=$(sed -n "/^valid-after \(${DATE_RE}\)"'$/s//\1/p; t q; b n; :q q; :n' ${TOR_CONSENSUS})
vend=$(sed -n "/^valid-until \(${DATE_RE}\)"'$/s//\1/p; t q; b n; :q q; :n' ${TOR_CONSENSUS})
vmid=$(date -ud "${vstart} -0130" +'%F %T')
log "Tor: valid-after=${vstart} | valid-until=${vend}"
if ! date_points_are_sane "${vstart}" "${vend}"; then
log "Unexpected valid-until: [${vend}] is not [${vstart} + 3h]"
return
fi
curdate=$(date -u +'%F %T')
log "Current time is ${curdate}"
if time_is_in_valid_tor_range "${curdate}" "${vstart}"; then
log "Current time is in valid Tor range"
return
fi
log "Current time is not in valid Tor range, setting to middle of this range: [${vmid}]"
date -us "${vmid}" 1>/dev/null
# Tor is unreliable with picking a circuit after time change
restart_tor
}
release_date() {
# outputs something like 20111013
sed -n -e '1s/^.* - \([0-9]\+\)$/\1/p;q' "$VERSION_FILE"
}
is_clock_way_off() {
local release_date_secs="$(date -d "$(release_date)" '+%s')"
local current_date_secs="$(date '+%s')"
if [ "$current_date_secs" -lt "$release_date_secs" ]; then
log "Clock is before the release date"
return 0
fi
if [ "$(($release_date_secs + 15552000))" -lt "$current_date_secs" ]; then
log "Clock is more than 6 months after the release date"
return 0
fi
return 1
}
### Main
# Delegate time setting to other daemons if Tor connections work
if tor_is_working; then
log "Tor has already opened a circuit"
else
wait_for_tor_consensus
# If Tor cannot verify the consensus this is probably because all
# authority certificates are "expired" due to a clock far off into
# the future.seen as invalid. In that case let's set the clock to
# the release date.
if is_clock_way_off && has_only_unverified_consensus; then
log "It seems the clock is so badly off that Tor couldn't verify the consensus. Setting system time to the release date, restarting Tor and fetching a new consensus..."
date --set="$(release_date)" > /dev/null
service tor stop
rm -f "${TOR_UNVERIFIED_CONSENSUS}"
service tor start
wait_for_tor_consensus
fi
maybe_set_time_from_tor_consensus
fi
wait_for_working_tor
touch $TORDATE_DONE_FILE
log "Restarting htpdate"
service htpdate restart
log "htpdate service restarted with return code $?"
#!/bin/sh
# Rationale: Tor needs a somewhat accurate clock to work, and for that
# HTP is currently the only practically usable solution when one wants
# to authenticate the servers providing the time. We then need to get
# the IPs of a bunch of HTTPS servers.
# However, since all DNS lookups are normally made through the Tor
# network, which we are not connected to at this point, we use the
# local DNS servers obtained through DHCP, if possible, or the OpenDNS
# ones otherwise.
# To limit fingerprinting possibilities, we do not want to send HTTP
# requests aimed at an IP-based virtualhost such as https://IP/, but
# rather to the usual hostname (e.g. https://www.eff.org/) as any
# "normal" user would do. Once we have got the HTTPS servers IPs, we
# write these to /etc/hosts so the system resolver knows about them.
# htpdate is then run, and we eventually remove the added entries from
# /etc/hosts.
# Note that all network operations (host, htpdate) are done with the
# htp user, who has an exception in the firewall configuration
# granting it direct access to the needed network ports.
# That's why we tell the htpdate script to drops priviledges and run
# as the htp user all operations but the actual setting of time, which
# has to be done as root.
### Init variables
LOG=/var/log/htpdate.log
DONE_FILE=/var/lib/live/htp-done
SUCCESS_FILE=/var/lib/live/htp-success
VERSION_FILE=/etc/amnesia/version
HTP_POOL="
www.torproject.org
mail.riseup.net
encrypted.google.com
ssl.scroogle.org
"
BEGIN_MAGIC='### BEGIN HTP HOSTS'
END_MAGIC='### END HTP HOSTS'
if [ -n "$DHCP4_DOMAIN_NAME_SERVERS" ]; then
NAME_SERVERS="$DHCP4_DOMAIN_NAME_SERVERS"
else
NAME_SERVERS="208.67.222.222 208.67.220.220"
fi
### Exit conditions
# Run only when the interface is not "lo":
if [ "$1" = "lo" ]; then
exit 0
fi
# Run whenever an interface gets "up", not otherwise:
if [ "$2" != "up" ]; then
exit 0
fi
# Do not run if we already successed:
if [ -e "$SUCCESS_FILE" ]; then
exit 0
fi
### Delete previous state file
rm -f "$DONE_FILE"
### Create log file
# The htp user needs to write to this file.
# The $LIVE_USERNAME user needs to read this file.
touch "$LOG"
chown htp:nogroup "$LOG"
chmod 644 "$LOG"
### Run tails-htp-notify-user (the sooner, the better)
# Get LIVE_USERNAME
. /etc/live/config.d/username
export DISPLAY=':0.0'
export XAUTHORITY="$(echo /var/run/gdm3/auth-for-$LIVE_USERNAME-*/database)"
exec /bin/su -c /usr/local/bin/tails-htp-notify-user "$LIVE_USERNAME" &
### Functions
log() {
echo "$@" >> "${LOG}"
}
quit() {
local exit_code="$1"
shift
local message="$@"
echo "$exit_code" >> "$DONE_FILE"
if [ "$exit_code" -eq 0 ]; then
touch "$SUCCESS_FILE"
fi
log "$message"
exit $exit_code
}
cleanup_etc_hosts() {
log "Cleaning /etc/hosts"
# remove all lines between markers
sed -e "/$BEGIN_MAGIC/,/$END_MAGIC/d" -i /etc/hosts
}
dns_query_cmd() {
local host="$1"
local ns cmd
cmd=""
for ns in $NAME_SERVERS; do
cmd="${cmd:+$cmd || }host '$host' '$ns'"
done
echo "$cmd"
}
add_nameservers_to_etc_hosts() {
trap "cleanup_etc_hosts" EXIT
echo "$BEGIN_MAGIC" >> /etc/hosts
for HTP_HOST in $HTP_POOL; do
# ensure we only get the domain if given a true url
HTP_HOST=${HTP_HOST%%/*}
IP=$(sudo -u htp sh -c "$(dns_query_cmd "$HTP_HOST")" |
awk '/ has address / { print $4 ; quit }')
if [ -z "$IP" ]; then
echo "$END_MAGIC" >> /etc/hosts
quit 17 "Failed to resolve $HTP_HOST"
fi
echo "$IP $HTP_HOST" >> /etc/hosts
done
echo "$END_MAGIC" >> /etc/hosts
}
run_htpdate() {
/usr/local/sbin/htpdate \
-d \
-l "$LOG" \
-a "$HTTP_USER_AGENT" \
-f \
-p \
-u htp \
-t 1 \
$HTP_POOL
}
release_date() {
# outputs something like 20111013
sed -n -e '1s/^.* - \([0-9]\+\)$/\1/p;q' "$VERSION_FILE"
}
is_clock_way_off() {
local release_date_secs="$(date -d "$(release_date)" '+%s')"
local current_date_secs="$(date '+%s')"
if [ "$current_date_secs" -lt "$release_date_secs" ]; then
log "Clock is before the release date"
return 0
fi
if [ "$(($release_date_secs + 259200))" -lt "$current_date_secs" ]; then
log "Clock is approx. 6 months after the release date"
return 0
fi
return 1
}
### Main
HTTP_USER_AGENT="$(/usr/local/bin/getTorbuttonUserAgent)"
if [ -z "$HTTP_USER_AGENT" ]; then
quit 1 "getTorbuttonUserAgent failed."
fi
# Beware: this string is used and parsed in tails-htp-notify-user
log "HTP NetworkManager hook: here we go"
log "Will use these nameservers: $NAME_SERVERS"
add_nameservers_to_etc_hosts
run_htpdate
HTPDATE_RET=$?
# If the clock is already too badly off, htpdate might have fail because
# SSL certificates will not be verifiable. In that case let's set the clock to
# the release date and try again.
if [ "$HTPDATE_RET" -ne 0 ] && is_clock_way_off; then
date --set="$(release_date)" > /dev/null
run_htpdate
HTPDATE_RET=$?
fi
quit $HTPDATE_RET "htpdate exited with return code $HTPDATE_RET"
#! /bin/sh
# Run only when the interface is not "lo":
if [ $1 = "lo" ]; then
exit 0
fi
# Run whenever an interface gets "up", not otherwise:
if [ $2 != "up" ]; then
exit 0
fi
# Restart ttdnsd
service ttdnsd restart
......@@ -10,34 +10,9 @@ if [ $2 != "up" ]; then
exit 0
fi
PIDFILE=/var/run/tor/tor.pid
# Get LIVE_USERNAME
. /etc/live/config.d/username
# Workaround https://trac.torproject.org/projects/tor/ticket/2355
if grep -qw bridge /proc/cmdline; then
rm -f /var/lib/tor/*
fi
# We don't start Tor automatically anymore so *this* is the time when
# it is supposed to start.
# Note: as we disabled the initscript automatic startup, we cannot use
# invoke-rc.d: it would silently ignore our request. That's why we use
# the good old direct initscript invocation rather than any fancy
# frontend.
if [ -r "${PIDFILE}" ]; then
# A SIGHUP should be enough but there's a bug in Tor. Details:
# * https://bugs.torproject.org/flyspray/index.php?do=details&id=1247
# * https://tails.boum.org/bugs/tor_vs_networkmanager/
/etc/init.d/tor restart
else
/etc/init.d/tor start
fi
# Restart ttdnsd
service ttdnsd restart
# Restart Vidalia because it does not automatically reconnect to the new
# Tor instance. Use kill+start as:
# - X-GNOME-AutoRestart does not exist in Lenny's Gnome
......
HTP_POOL="www.torproject.org mail.riseup.net encrypted.google.com ssl.scroogle.org"
HTTP_USER_AGENT="$(/usr/local/bin/getTorbuttonUserAgent)"
# Defaults for kexec initscript
# sourced by /etc/init.d/kexec and /etc/init.d/kexec-load
# sourced by kexec-tools.config, /etc/init.d/kexec and /etc/init.d/kexec-load
# Load a kexec kernel (true/false)
LOAD_KEXEC=true
# Kernel and initrd image
KERNEL_IMAGE="/vmlinuz"
INITRD="/initrd.img"
# Unused: tails-reconfigure-kexec appends the correct values to this file
# at boot time.
KERNEL_IMAGE=/vmlinux
INITRD=/initrd.img
# If empty, use current /proc/cmdline
APPEND="quiet"
......
......@@ -2,3 +2,8 @@ http_proxy=http://127.0.0.1:8118
HTTP_PROXY=http://127.0.0.1:8118
SOCKS_SERVER=127.0.0.1:9050
SOCKS5_SERVER=127.0.0.1:9050
# Torbutton "New identity" feature uses those environment variables
TOR_CONTROL_COOKIE_AUTH_FILE='/var/run/tor/control.authcookie'
TOR_CONTROL_HOST='127.0.0.1'
TOR_CONTROL_PORT='9051'
......@@ -12,18 +12,11 @@
# Established outgoing connections are accepted.
[0:0] -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# Note: this must run before traffic is dispatched to the lan rule.
# The htp user is allowed to connect to services listening on the https port...
[0:0] -A OUTPUT -m owner --uid-owner htp -p TCP --dport https -j ACCEPT
# ... and to services listening on the domain port.
[0:0] -A OUTPUT -m owner --uid-owner htp -p TCP --dport domain -j ACCEPT