summaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
authoranonym <anonym@riseup.net>2016-05-22 18:24:44 +0200
committeranonym <anonym@riseup.net>2016-05-22 18:24:44 +0200
commitee76430acfa8a1dd0468af1c98ee5475c22e1540 (patch)
treedefb71537b567cb077a7dd75d4f034343a693d55 /config
parent0c8829709c5fe644ce9cc954a7e47502da4d9160 (diff)
parentb7af5093f2a433ac52b79f3096dd1c0fd9b00270 (diff)
Merge remote-tracking branch 'origin/feature/5926-freezable-APT-repository' into devel
Diffstat (limited to 'config')
-rw-r--r--config/APT_snapshots.d/.placeholder0
-rw-r--r--config/APT_snapshots.d/tails/serial1
-rwxr-xr-xconfig/binary_local-hooks/40-include_syslinux_in_ISO_filesystem4
-rw-r--r--config/chroot_apt/preferences124
-rwxr-xr-xconfig/chroot_local-hooks/19-install-tor-browser-AppArmor-profile6
-rwxr-xr-xconfig/chroot_local-hooks/51-module-assistant40
-rwxr-xr-xconfig/chroot_local-hooks/98-remove_unwanted_packages9
-rwxr-xr-xconfig/chroot_local-includes/lib/live/config/1500-reconfigure-APT68
l---------config/chroot_sources/experimental.binary1
-rw-r--r--config/chroot_sources/experimental.chroot1
-rw-r--r--config/chroot_sources/sid.chroot2
-rw-r--r--config/chroot_sources/testing.chroot2
12 files changed, 129 insertions, 129 deletions
diff --git a/config/APT_snapshots.d/.placeholder b/config/APT_snapshots.d/.placeholder
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/config/APT_snapshots.d/.placeholder
diff --git a/config/APT_snapshots.d/tails/serial b/config/APT_snapshots.d/tails/serial
deleted file mode 100644
index a0f9a4b..0000000
--- a/config/APT_snapshots.d/tails/serial
+++ /dev/null
@@ -1 +0,0 @@
-latest
diff --git a/config/binary_local-hooks/40-include_syslinux_in_ISO_filesystem b/config/binary_local-hooks/40-include_syslinux_in_ISO_filesystem
index 37ec461..b33f22c 100755
--- a/config/binary_local-hooks/40-include_syslinux_in_ISO_filesystem
+++ b/config/binary_local-hooks/40-include_syslinux_in_ISO_filesystem
@@ -43,6 +43,10 @@ cp "$CHROOT_SYSLINUX_MBR" "$BINARY_MBR_DIR/mbr.bin"
cat chroot/etc/apt/sources.list chroot/etc/apt/sources.list.d/*.list \
| grep --extended-regexp --line-regexp --invert-match \
'deb\s+file:/root/local-packages\s+\./' \
+ | grep --extended-regexp --invert-match \
+ '^deb\s+http://tagged\.snapshots\.deb\.tails\.boum.org/[^/]+/torproject/' \
+ | grep --extended-regexp --invert-match \
+ '^deb\s+http://time-based\.snapshots\.deb\.tails\.boum.org/torproject/' \
| sed --regexp-extended -e 's,^deb(\s+),deb-src\1,' \
> "$CHROOT_TEMP_APT_SOURCES"
Chroot chroot apt-get --yes update
diff --git a/config/chroot_apt/preferences b/config/chroot_apt/preferences
index d460291..9eeca85 100644
--- a/config/chroot_apt/preferences
+++ b/config/chroot_apt/preferences
@@ -1,9 +1,9 @@
Package: apparmor-profiles-extra
-Pin: release o=Debian Backports,n=jessie-backports
+Pin: release o=Debian,n=jessie-backports
Pin-Priority: 999
Package: b43-fwcutter
-Pin: release o=Debian,a=unstable
+Pin: release o=Debian,n=sid
Pin-Priority: 999
Package: electrum
@@ -11,127 +11,87 @@ Pin: release o=Debian,n=stretch
Pin-Priority: 999
Package: firmware-amd-graphics
-Pin: release o=Debian,a=unstable
+Pin: release o=Debian,n=sid
Pin-Priority: 999
Package: firmware-atheros
-Pin: release o=Debian,a=unstable
+Pin: release o=Debian,n=sid
Pin-Priority: 999
Package: firmware-b43-installer
-Pin: release o=Debian,a=unstable
+Pin: release o=Debian,n=sid
Pin-Priority: 999
Package: firmware-b43legacy-installer
-Pin: release o=Debian,a=unstable
+Pin: release o=Debian,n=sid
Pin-Priority: 999
Package: firmware-brcm80211
-Pin: release o=Debian,a=unstable
+Pin: release o=Debian,n=sid
Pin-Priority: 999
Package: firmware-ipw2x00
-Pin: release o=Debian,a=unstable
+Pin: release o=Debian,n=sid
Pin-Priority: 999
Package: firmware-iwlwifi
-Pin: release o=Debian,a=unstable
+Pin: release o=Debian,n=sid
Pin-Priority: 999
Package: firmware-libertas
-Pin: release o=Debian,a=unstable
+Pin: release o=Debian,n=sid
Pin-Priority: 999
Package: firmware-linux
-Pin: release o=Debian,a=unstable
+Pin: release o=Debian,n=sid
Pin-Priority: 999
Package: firmware-linux-free
-Pin: release o=Debian,a=unstable
+Pin: release o=Debian,n=sid
Pin-Priority: 999
Package: firmware-linux-nonfree
-Pin: release o=Debian,a=unstable
+Pin: release o=Debian,n=sid
Pin-Priority: 999
Package: firmware-misc-nonfree
-Pin: release o=Debian,a=unstable
+Pin: release o=Debian,n=sid
Pin-Priority: 999
Package: firmware-realtek
-Pin: release o=Debian,a=unstable
+Pin: release o=Debian,n=sid
Pin-Priority: 999
Package: firmware-zd1211
-Pin: release o=Debian,a=unstable
+Pin: release o=Debian,n=sid
Pin-Priority: 999
-Package: libnet-dbus-perl
-Pin: release o=Debian Backports,n=jessie-backports
-Pin-Priority: 999
-
-Package: linux-base
-Pin: release o=Debian,n=jessie
-Pin-Priority: 999
-
-Package: linux-compiler-gcc-4.8-x86
-Pin: release o=Debian,n=jessie
-Pin-Priority: 999
-
-Package: linux-headers-586
-Pin: release o=Debian,n=jessie
-Pin-Priority: 999
-
-Package: linux-headers-686-pae
-Pin: release o=Debian,n=jessie
-Pin-Priority: 999
-
-Package: linux-headers-amd64
-Pin: release o=Debian,n=jessie
-Pin-Priority: 999
-
-Package: linux-headers-3.16.0-4-common
-Pin: release o=Debian,n=jessie
-Pin-Priority: 999
-
-Package: linux-headers-3.16.0-4-586
-Pin: release o=Debian,n=jessie
-Pin-Priority: 999
-
-Package: linux-headers-3.16.0-4-686-pae
-Pin: release o=Debian,n=jessie
-Pin-Priority: 999
-
-Package: linux-headers-3.16.0-4-amd64
-Pin: release o=Debian,n=jessie
-Pin-Priority: 999
-
-Package: linux-image-586
-Pin: release o=Debian,n=jessie
+Package: grub-common
+Pin: origin deb.tails.boum.org
Pin-Priority: 999
-Package: linux-image-686-pae
-Pin: release o=Debian,n=jessie
+Package: grub-efi-ia32
+Pin: origin deb.tails.boum.org
Pin-Priority: 999
-Package: linux-image-amd64
-Pin: release o=Debian,n=jessie
+Package: grub-efi-ia32-bin
+Pin: origin deb.tails.boum.org
Pin-Priority: 999
-Package: linux-image-3.16.0-4-586
-Pin: release o=Debian,n=jessie
+Package: grub2-common
+Pin: origin deb.tails.boum.org
Pin-Priority: 999
-Package: linux-image-3.16.0-4-686-pae
-Pin: release o=Debian,n=jessie
+Package: libdvd-pkg
+Pin: release o=Debian,n=jessie-backports
Pin-Priority: 999
-Package: linux-image-3.16.0-4-amd64
-Pin: release o=Debian,n=jessie
+Package: libnet-dbus-perl
+Pin: release o=Debian,n=jessie-backports
Pin-Priority: 999
-Package: linux-kbuild-3.16
-Pin: release o=Debian,n=jessie
+Package: monkeysphere
+Pin: release o=Debian,n=stretch
Pin-Priority: 999
Package: monkeysphere
@@ -142,28 +102,36 @@ Package: obfs4proxy
Pin: release o=TorProject,n=obfs4proxy
Pin-Priority: 990
+Package: onioncircuits
+Pin: origin deb.tails.boum.org
+Pin-Priority: 999
+
Package: pinentry-gtk2
-Pin: release o=Debian Backports,n=jessie-backports
+Pin: release o=Debian,n=jessie-backports
Pin-Priority: 999
Package: python-electrum
Pin: release o=Debian,n=stretch
Pin-Priority: 999
+Package: tails-installer
+Pin: origin deb.tails.boum.org
+Pin-Priority: 999
+
Package: ttdnsd
-Pin: release o=TorProject,a=unstable
+Pin: release o=TorProject,n=sid
Pin-Priority: 999
Package: torsocks
-Pin: release o=Debian Backports,n=jessie-backports
+Pin: release o=Debian,n=jessie-backports
Pin-Priority: 999
Package: xserver-xorg-video-intel
-Pin: release o=Debian Backports,n=jessie-backports
+Pin: release o=Debian,n=jessie-backports
Pin-Priority: 999
Package: xul-ext-torbirdy
-Pin: release o=Debian Backports,n=jessie-backports
+Pin: release o=Debian,n=jessie-backports
Pin-Priority: 999
Explanation: weirdness in chroot_apt install-binary
@@ -173,13 +141,17 @@ Pin-Priority: 1010
Package: *
Pin: origin deb.tails.boum.org
-Pin-Priority: 1005
+Pin-Priority: 990
Package: *
Pin: release o=Debian,n=jessie-updates
Pin-Priority: 990
Package: *
+Pin: release l=Debian-Security,n=jessie/updates
+Pin-Priority: 990
+
+Package: *
Pin: release o=Debian,n=jessie
Pin-Priority: 990
diff --git a/config/chroot_local-hooks/19-install-tor-browser-AppArmor-profile b/config/chroot_local-hooks/19-install-tor-browser-AppArmor-profile
index 4472f2f..ae39247 100755
--- a/config/chroot_local-hooks/19-install-tor-browser-AppArmor-profile
+++ b/config/chroot_local-hooks/19-install-tor-browser-AppArmor-profile
@@ -18,6 +18,10 @@ toggle_src_APT_sources() {
cat /etc/apt/sources.list /etc/apt/sources.list.d/*.list \
| grep --extended-regexp --line-regexp --invert-match \
'deb\s+file:/root/local-packages\s+\./' \
+ | grep --extended-regexp --invert-match \
+ '^deb\s+http://tagged\.snapshots\.deb\.tails\.boum.org/[^/]+/torproject/' \
+ | grep --extended-regexp --invert-match \
+ '^deb\s+http://time-based\.snapshots\.deb\.tails\.boum.org/torproject/' \
| sed --regexp-extended -e 's,^deb(\s+),deb-src\1,' \
> "$TEMP_APT_SOURCES"
;;
@@ -33,7 +37,7 @@ install_torbrowser_AppArmor_profile() {
tmpdir="$(mktemp -d)"
(
cd "$tmpdir"
- apt-get source torbrowser-launcher/testing
+ apt-get source torbrowser-launcher/stretch
install -m 0644 \
torbrowser-launcher-*/apparmor/torbrowser.Browser.firefox \
"$PROFILE"
diff --git a/config/chroot_local-hooks/51-module-assistant b/config/chroot_local-hooks/51-module-assistant
deleted file mode 100755
index 8967a0f..0000000
--- a/config/chroot_local-hooks/51-module-assistant
+++ /dev/null
@@ -1,40 +0,0 @@
-#!/bin/sh
-
-set -e
-
-# Install modules managed by module-assistant
-
-echo "Installing modules managed by module-assistant"
-MODULES=""
-MA="module-assistant --text-mode --non-inter"
-
-ma_install_tools ()
-{
- apt-get install --yes build-essential module-assistant debhelper
- $MA update
-}
-
-ma_install_modules ()
-{
- for MODULE in $@ ; do
- for KERNEL in /boot/vmlinuz-* ; do
- VERSION="$(basename ${KERNEL} | sed -e 's|vmlinuz-||')"
- echo "module-assistant: installing module ${MODULE} for kernel ${VERSION}"
- $MA --quiet auto-install ${MODULE} -l ${VERSION}
- done
- $MA clean ${MODULE}
- apt-get --yes purge ${MODULE}
- done
-}
-
-ma_cleanup ()
-{
- rm -f /usr/src/*.deb
-}
-
-if [ -n "${MODULES}" ] ; then
- ma_install_tools
- ma_install_modules ${MODULES}
- ma_cleanup
-fi
-
diff --git a/config/chroot_local-hooks/98-remove_unwanted_packages b/config/chroot_local-hooks/98-remove_unwanted_packages
index 93d1b40..db48f49 100755
--- a/config/chroot_local-hooks/98-remove_unwanted_packages
+++ b/config/chroot_local-hooks/98-remove_unwanted_packages
@@ -17,9 +17,8 @@ apt-get --yes purge \
build-essential debhelper dkms dpatch dpkg-dev \
gcc gcc-4.8 gcc-4.8-base gcc-4.9 \
intltool-debian \
- libc6-dev libgl1-mesa-dev libstdc++6-4.4-dev linux-libc-dev \
+ libc6-dev libgl1-mesa-dev linux-libc-dev \
make \
- module-assistant \
po-debconf \
rsyslog \
libdvdcss-dev \
@@ -28,21 +27,17 @@ apt-get --yes purge \
### Deinstall a few unwanted packages that were pulled by tasksel
### since they have Priority: standard.
apt-get --yes purge \
- apt-listchanges at bsd-mailx dc debian-faq doc-debian dselect \
+ apt-listchanges at bsd-mailx dc debian-faq doc-debian \
'^exim4*' ftp m4 mlocate mutt ncurses-term nfs-common portmap procmail \
python-reportbug reportbug telnet texinfo time w3m wamerican
### Deinstall some other unwanted packages.
apt-get --yes purge \
'^aptitude*' \
- db5.1-util \
'^geoclue*' \
krb5-locales \
live-build \
locales \
- '^openssh-blacklist*' \
- python2.6 \
- python2.6-minimal \
rpcbind \
tasksel \
tasksel-data \
diff --git a/config/chroot_local-includes/lib/live/config/1500-reconfigure-APT b/config/chroot_local-includes/lib/live/config/1500-reconfigure-APT
index 98c7492..1d92b8c 100755
--- a/config/chroot_local-includes/lib/live/config/1500-reconfigure-APT
+++ b/config/chroot_local-includes/lib/live/config/1500-reconfigure-APT
@@ -4,3 +4,71 @@ echo "- configuring APT sources"
sed -i 's,^\(\#\?\s*deb\(-src\)\?\s\+\)http://,\1tor+http://,' \
/etc/apt/sources.list /etc/apt/sources.list.d/*.list
+
+echo '
+
+### Time-based snapshots
+
+s{
+ ^
+ (deb(?:-src)?\s+)
+ tor[+]https?://time-based[.]snapshots[.]deb[.]tails[.]boum[.]org
+ /debian
+ /[0-9]{10} # serial
+ /?
+ (\s+)
+}{$1tor+http://ftp.us.debian.org/debian/$2}xms;
+
+s{
+ ^
+ (deb(?:-src)?\s+)
+ tor[+]https?://time-based[.]snapshots[.]deb[.]tails[.]boum[.]org
+ /debian-security
+ /[0-9]{10} # serial
+ /?
+ (\s+)
+}{$1tor+http://security.debian.org/$2}xms;
+
+s{
+ ^
+ (deb(?:-src)?\s+)
+ tor[+]https?://time-based[.]snapshots[.]deb[.]tails[.]boum[.]org
+ /torproject
+ /[0-9]{10} # serial
+ /?
+ (\s+)
+}{$1tor+http://deb.torproject.org/torproject.org/$2}xms;
+
+### Tagged snapshots
+
+s{
+ ^
+ (deb(?:-src)?\s+)
+ tor[+]https?://tagged[.]snapshots[.]deb[.]tails[.]boum[.]org
+ /[0-9a-z.-]+ # tag
+ /debian
+ /?
+ (\s+)
+}{$1tor+http://ftp.us.debian.org/debian/$2}xms;
+
+s{
+ ^
+ (deb(?:-src)?\s+)
+ tor[+]https?://tagged[.]snapshots[.]deb[.]tails[.]boum[.]org
+ /[0-9a-z.-]+ # tag
+ /debian-security
+ /?
+ (\s+)
+}{$1tor+http://security.debian.org/$2}xms;
+
+s{
+ ^
+ (deb(?:-src)?\s+)
+ tor[+]https?://tagged[.]snapshots[.]deb[.]tails[.]boum[.]org
+ /[0-9a-z.-]+ # tag
+ /torproject
+ /?
+ (\s+)
+}{$1tor+http://deb.torproject.org/torproject.org/$2}xms;
+
+' | perl -pi - /etc/apt/sources.list /etc/apt/sources.list.d/*.list
diff --git a/config/chroot_sources/experimental.binary b/config/chroot_sources/experimental.binary
deleted file mode 120000
index 321bcca..0000000
--- a/config/chroot_sources/experimental.binary
+++ /dev/null
@@ -1 +0,0 @@
-experimental.chroot \ No newline at end of file
diff --git a/config/chroot_sources/experimental.chroot b/config/chroot_sources/experimental.chroot
deleted file mode 100644
index 67f84e4..0000000
--- a/config/chroot_sources/experimental.chroot
+++ /dev/null
@@ -1 +0,0 @@
-deb http://ftp.us.debian.org/debian/ experimental main
diff --git a/config/chroot_sources/sid.chroot b/config/chroot_sources/sid.chroot
index c91091e..c8eea4f 100644
--- a/config/chroot_sources/sid.chroot
+++ b/config/chroot_sources/sid.chroot
@@ -1 +1 @@
-deb http://ftp.us.debian.org/debian/ unstable main contrib non-free
+deb http://ftp.us.debian.org/debian/ sid main contrib non-free
diff --git a/config/chroot_sources/testing.chroot b/config/chroot_sources/testing.chroot
index deb426b..715bb6e 100644
--- a/config/chroot_sources/testing.chroot
+++ b/config/chroot_sources/testing.chroot
@@ -1 +1 @@
-deb http://ftp.us.debian.org/debian/ testing main contrib non-free
+deb http://ftp.us.debian.org/debian/ stretch main contrib non-free