Commit 6626c967 authored by intrigeri's avatar intrigeri

Merge branch 'devel' into feature/16073-linux-4.19+force-all-tests

parents d2652e75 01833d85
......@@ -27,7 +27,6 @@
/config/chroot_local-includes/usr/share/doc/amnesia/Changelog
/config/chroot_local-includes/usr/share/doc/tails/website
/config/chroot_local-includes/usr/share/tails/build/variables
/config/chroot_local-includes/usr/share/tails/readahead-list
/.lock
/.stage
/source
......
......@@ -182,15 +182,6 @@ fi
# changelog
cp debian/changelog config/chroot_local-includes/usr/share/doc/amnesia/Changelog
# create readahead-list from squashfs.sort
if [ -e config/binary_rootfs/squashfs.sort ]; then
mkdir -p config/chroot_local-includes/usr/share/tails
sort -k2 -n -r config/binary_rootfs/squashfs.sort | \
cut -d' ' -f1 | \
grep --invert-match --extended-regexp "$READAHEAD_EXCLUDE_PATTERN" \
> config/chroot_local-includes/usr/share/tails/readahead-list
fi
# custom APT sources
tails-custom-apt-sources > config/chroot_sources/tails.chroot \
|| fatal "tails-custom-apt-sources failed with exit code $?"
......
......@@ -32,10 +32,6 @@ KERNEL_SOURCE_VERSION=$(
| perl -p -E 's{\A (\d+ [.] \d+) [.] .*}{$1}xms'
)
# Files to exclude from the readahead list
# (passed to `grep --extended-regexp`)
READAHEAD_EXCLUDE_PATTERN='^lib/live/mount/medium/'
### You should not have to change anything below this line ####################
# sanity checks
......
HTP_POOL_PAL="boum.org,espiv.net,db.debian.org,epic.org,mail.riseup.net,leap.se,squat.net,tachanka.org,www.1984.is,www.eff.org,www.immerda.ch,www.privacyinternational.org,www.torproject.org"
HTP_POOL_NEUTRAL="cve.mitre.org,en.wikipedia.org,lkml.org,thepiratebay.org,www.apache.org,getfedora.org,www.democracynow.org,www.duckduckgo.com,www.gnu.org,www.kernel.org,www.mozilla.org,www.stackexchange.com,www.startpage.com,www.xkcd.com"
HTP_POOL_FOE="encrypted.google.com,github.com,login.live.com,login.yahoo.com,secure.flickr.com,tumblr.com,twitter.com,www.adobe.com,www.gandi.net,www.myspace.com,www.paypal.com,www.rackspace.com,www.sony.com"
HTP_POOL_1="boum.org,espiv.net,db.debian.org,epic.org,mail.riseup.net,leap.se,squat.net,tachanka.org,www.1984.is,www.eff.org,www.immerda.ch,www.privacyinternational.org,www.torproject.org"
HTP_POOL_2="cve.mitre.org,en.wikipedia.org,lkml.org,thepiratebay.org,www.apache.org,getfedora.org,www.democracynow.org,www.duckduckgo.com,www.gnu.org,www.kernel.org,www.mozilla.org,www.stackexchange.com,www.startpage.com,www.xkcd.com"
HTP_POOL_3="encrypted.google.com,github.com,login.live.com,login.yahoo.com,secure.flickr.com,tumblr.com,twitter.com,www.adobe.com,www.gandi.net,www.myspace.com,www.paypal.com,www.rackspace.com,www.sony.com"
......@@ -28,9 +28,6 @@ EOF
echo 32768 >/proc/sys/fs/inotify/max_user_watches
/usr/local/lib/boot-profile /var/log/boot-profile
# Put readahead list at the very begining
head -n 1 /usr/share/tails/readahead-list >/dev/null || true
# Creating state file
touch /var/lib/live/config/boot-profile
}
......
#!/bin/sh
READAHEAD_LIST="/usr/share/tails/readahead-list"
BACKGROUND_AT="^usr/bin/Xorg$"
Readahead ()
{
# Do not readahead when "profile" appears on kernel command line
if grep -qw "profile" /proc/cmdline
then
return 0
fi
if ! test -e "$READAHEAD_LIST"
then
echo "the readahead list (${READAHEAD}) does not exist."
return
fi
echo " readahead"
Start_readahead
}
Start_readahead ()
{
FG_FILES="sed -n -e \\:$BACKGROUND_AT:q;p $READAHEAD_LIST"
BG_FILES="sed -n -e \\:$BACKGROUND_AT:,\$p $READAHEAD_LIST"
FG_SIZE=$(
cd /
$FG_FILES |
xargs du -bc 2>/dev/null |
awk '$2 ~ /^total$/ { t = t + $1 } END { print t }')
(cd /
$BG_FILES |
xargs stat >/dev/null 2>/dev/null || :)
(cd /
$FG_FILES |
xargs cat 2>/dev/null |
pv -f -s ${FG_SIZE} >/dev/null || :)
(cd /
start-stop-daemon \
--start --background --make-pidfile --startas /bin/sh \
--pidfile /run/background-readahead.pid -- \
-c "$BG_FILES | xargs cat >/dev/null 2>&1")
# Creating state file
touch /var/lib/live/config/readahead
}
Readahead
......@@ -11,10 +11,10 @@ Environment=SUCCESS_FILE=/run/htpdate/success
Environment=LOG=/var/log/htpdate.log
EnvironmentFile=/etc/default/htpdate.*
ExecStartPre=/bin/sh -c \
'[ -n "${HTTP_USER_AGENT}" ] && \
[ -n "${HTP_POOL_PAL}" ] && \
[ -n "${HTP_POOL_NEUTRAL}" ] && \
[ -n "${HTP_POOL_FOE}" ]'
'[ -n "${HTTP_USER_AGENT}" ] && \
[ -n "${HTP_POOL_1}" ] && \
[ -n "${HTP_POOL_2}" ] && \
[ -n "${HTP_POOL_3}" ]'
ExecStartPre=/bin/rm -f "${DONE_FILE}"
ExecStartPre=/bin/rm -f "${SUCCESS_FILE}"
ExecStartPre=/usr/bin/install -o htp -g nogroup -m 0644 /dev/null "${LOG}"
......@@ -26,9 +26,9 @@ ExecStart=/usr/local/sbin/htpdate \
--user htp \
--done_file "${DONE_FILE}" \
--success_file "${SUCCESS_FILE}" \
--pal_pool "${HTP_POOL_PAL}" \
--neutral_pool "${HTP_POOL_NEUTRAL}" \
--foe_pool "${HTP_POOL_FOE}" \
--pool1 "${HTP_POOL_1}" \
--pool2 "${HTP_POOL_2}" \
--pool3 "${HTP_POOL_3}" \
--proxy 127.0.0.1:9062
RemainAfterExit=yes
CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER CAP_SETUID CAP_SYS_TIME
......
[Unit]
Description=Wipe memory on live media removal
Documentation=https://tails.boum.org/contribute/design/memory_erasure/
After=memlockd.service
After=memlockd.service initramfs-shutdown.service
[Service]
Type=simple
......
......@@ -95,15 +95,15 @@ sub parseCommandLine () {
[ 'log_file|l:s', "log to this file rather than to STDOUT" ],
[ 'done_file|D:s', "create this file after quitting in any way" ],
[ 'success_file|T:s', "create this file after setting time successfully" ],
[ 'pal_pool=s@', "distrusted hostnames" ],
[ 'neutral_pool=s@', "neutral hostnames" ],
[ 'foe_pool=s@', "distrusted hostnames" ],
[ 'pool1=s@', "first pool of hostnames" ],
[ 'pool2=s@', "second pool of hostnames" ],
[ 'pool3=s@', "third pool of hostnames" ],
[ 'allowed_per_pool_failure_ratio:f', "ratio (0.0-1.0) of allowed per-pool failure", { default => 1.0 } ],
[ 'proxy|p:s', "what to pass to curl's --socks5-hostname (if unset, environment variables may affect curl's behavior -- see curl(1) for details)" ],
);
usage() if $opt->help;
usage() unless $opt->pal_pool && $opt->neutral_pool && $opt->foe_pool;
usage() unless $opt->pool1 && $opt->pool2 && $opt->pool3;
$runas = $opt->user if $opt->user;
$> = getpwnam($runas) if $runas;
......@@ -122,7 +122,7 @@ sub parseCommandLine () {
$_ = 'https://'.$_ unless $_ =~ /^http/i;
} split(/,/, join(',', @{$_}))
]
} ($opt->pal_pool, $opt->neutral_pool, $opt->foe_pool);
} ($opt->pool1, $opt->pool2, $opt->pool3);
}
sub usage () {
......
......@@ -26,8 +26,6 @@ libdatetime-format-dateparse-perl
libgetopt-long-descriptive-perl
# needed by htpdate and tails-security-check
libtry-tiny-perl
# needed by readahead
pv
# needed by our chroot_local-hooks
live-build
# needed by tordate
......
......@@ -30,6 +30,12 @@ EOF
cat > /etc/apt/apt.conf.d/99retries << EOF
APT::Acquire::Retries "20";
EOF
# This effectively disables apt-daily*.{timer,service}, which might
# interfere with an ongoing build. We run apt-get
# {update,dist-upgrade,clean} ourselves in setup-tails-builder.
cat > /etc/apt/apt.conf.d/99periodic << EOF
APT::Periodic::Enable "0";
EOF
echo "I: Install Tails APT repo signing key."
apt-key add /tmp/tails.binary.gpg
......@@ -152,6 +158,12 @@ localepurge
apt-get -y remove localepurge
rm -f "${TEMPFILE}"
echo "I: Disabling irrelevant timers"
# By default we reboot the system between each build, which makes this
# timer useless. Besides, it is started 15 minutes after boot, which
# has potential to interfere with an ongoing build.
systemctl mask systemd-tmpfiles-clean.timer
echo "I: Cleaning up..."
apt-get -y autoremove
apt-get clean
......
......@@ -24,6 +24,7 @@ latest_serial(){
}
if [ "${TAILS_PROXY_TYPE}" = "vmproxy" ]; then
echo "I: Configuring HTTP proxy..."
# Ensure that the apt-cacher-ng cache disk is formated and mounted
if [ ! -b /dev/vdb1 ]; then
echo '1,,83' | sfdisk /dev/vdb
......@@ -43,20 +44,25 @@ if [ "${TAILS_PROXY_TYPE}" = "vmproxy" ]; then
systemctl restart apt-cacher-ng.service
fi
echo "I: Updating debian-security APT source..."
# Always set the latest serial for debian-security
stable_serial="$(grep -Po '\d{10}' /etc/apt/sources.list)"
security_serial="$(latest_serial debian-security)"
sed -i -e "s/${stable_serial}/${security_serial}/g" /etc/apt/sources.list.d/stretch-security.list
echo "I: Current APT sources are:"
cat /etc/apt/sources.list /etc/apt/sources.list.d/*
# Upgrade if needed
echo "I: Upgrading system..."
apt-key add /amnesia.git/config/chroot_sources/tails.binary.gpg
apt-get update
apt-get -y dist-upgrade
# Add build script
echo "I: Installing build script..."
install -o root -g root -m 755 /vagrant/provision/assets/build-tails /usr/local/bin
echo "I: Forcing live-build to use the mirrors configured in auto/config..."
disable_live_build_conf()
{
local var="$1"
......@@ -65,7 +71,6 @@ disable_live_build_conf()
sed -e "/^[[:space:]]*$var=/d" -i /etc/live/build.conf
}
# Force live-build to use the mirrors configured in auto/config
for prefix in MIRROR PARENT_MIRROR ; do
for target in BOOTSTRAP BINARY CHROOT ; do
for archive in '' BACKPORTS SECURITY UPDATES VOLATILE ; do
......@@ -80,10 +85,11 @@ for prefix in MIRROR PARENT_MIRROR ; do
done
done
# Clean up
echo "I: Cleaning up..."
apt-get -y autoremove
apt-get -y clean
echo "I: Configuring Git..."
# Necessary so that vagrant can merge the base branch
git config --global user.name vagrant
git config --global user.email vagrant@tailsbuilder
......@@ -154,13 +154,17 @@ into three different pools according to their members' relationship to
the members in the other pools; any member in a one pool should be
unlikely to share logs (or other identifying data), or to agree to
send fake time information, with a member from
the the other pools. The pools are as follows:
the other pools. The pools are as follows:
* The "pal" pool are run by groups that are likely to take great care
* The first pool lists websites run by groups that are likely to take great care
of their visitors' privacy.
* The "foe" pool are managed by adversaries of the "pal" pool.
* The "neutral" pool members have a neutral raltionship to both the
"pal" and "foe" pool.
* The second pool lists websites run by entities which have a neutral relationship
to both the members of the other pools.
* The third pool lists websites run by adversaries of the first pool members.
This design does not require that we particularly trust even members
of the first pool: what we need is to minimize the chance members of
different pools conspire together against Tails users.
The pools are listed in [[!tails_gitweb config/chroot_local-includes/etc/default/htpdate.pools]].
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment