summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorintrigeri <intrigeri@boum.org>2019-11-15 09:29:29 +0000
committerintrigeri <intrigeri@boum.org>2019-11-15 09:29:29 +0000
commita1116cc896bd65a853165d25101d78d1fe59a885 (patch)
tree49084d5949af0c1a939eba71214207ec5b9e28ff
parent33a827cc2e0cbddd1140e56771dc3ca36fdb7670 (diff)
parentf5d5e04d77c35cdf612e431ae7379370eab5cda9 (diff)
Merge remote-tracking branch 'origin/stable' into feature/16792-only-update-chutney+force-all-testsfeature/16792-only-update-chutney+force-all-tests
-rw-r--r--config/APT_overlays.d/bugfix-17124-17161-linux-5.3-from-sid-force-all-tests0
-rw-r--r--config/APT_snapshots.d/debian/serial2
-rw-r--r--config/amnesia2
-rw-r--r--config/chroot_apt/preferences4
-rwxr-xr-xconfig/chroot_local-hooks/42-wrap-gdm-x-session2
-rw-r--r--config/chroot_local-includes/etc/dconf/db/local.d/00_Tails_defaults2
-rw-r--r--config/chroot_local-includes/etc/skel/.gnupg/dirmngr.conf2
-rw-r--r--config/chroot_local-includes/etc/sysctl.d/unprivileged_userfaultfd.conf1
-rw-r--r--config/chroot_local-includes/lib/systemd/system/tails-additional-software-upgrade.path2
-rw-r--r--config/chroot_local-includes/lib/systemd/system/tails-additional-software-upgrade.service2
-rwxr-xr-xconfig/chroot_local-includes/usr/lib/gdm3/gdm-x-session.tails27
-rw-r--r--config/chroot_local-includes/usr/lib/python3/dist-packages/tailsgreeter/ui/main_window.py13
-rw-r--r--config/chroot_local-includes/usr/lib/python3/dist-packages/tailsgreeter/ui/persistent_storage.py39
-rw-r--r--config/chroot_local-includes/usr/lib/systemd/user/tails-add-GNOME-bookmarks.service4
-rw-r--r--config/chroot_local-includes/usr/share/tails/greeter/main.ui.in75
-rw-r--r--config/chroot_local-packageslists/tails-common.list1
l---------config/chroot_sources/experimental.binary1
-rw-r--r--config/chroot_sources/experimental.chroot1
-rw-r--r--features/images/GnomeCloseButton.pngbin1054 -> 814 bytes
-rw-r--r--features/images/SeahorseFoundKeyResult.pngbin2931 -> 3357 bytes
-rw-r--r--features/mac_spoofing.feature22
-rw-r--r--features/step_definitions/chutney.rb27
-rw-r--r--features/step_definitions/common_steps.rb11
-rw-r--r--features/step_definitions/torified_gnupg.rb155
-rw-r--r--features/support/config.rb3
-rw-r--r--features/support/env.rb4
-rw-r--r--features/support/helpers/sniffing_helper.rb6
-rw-r--r--features/torified_gnupg.feature43
-rwxr-xr-xrun_test_suite7
m---------submodules/aufs-standalone0
-rw-r--r--wiki/src/blueprint/additional_software_packages/dont_block_desktop_startup.mdwn2
-rw-r--r--wiki/src/contribute/design.mdwn3
-rw-r--r--wiki/src/contribute/design/additional_software_packages.mdwn2
33 files changed, 217 insertions, 248 deletions
diff --git a/config/APT_overlays.d/bugfix-17124-17161-linux-5.3-from-sid-force-all-tests b/config/APT_overlays.d/bugfix-17124-17161-linux-5.3-from-sid-force-all-tests
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/config/APT_overlays.d/bugfix-17124-17161-linux-5.3-from-sid-force-all-tests
diff --git a/config/APT_snapshots.d/debian/serial b/config/APT_snapshots.d/debian/serial
index 67f21113..042cb0d 100644
--- a/config/APT_snapshots.d/debian/serial
+++ b/config/APT_snapshots.d/debian/serial
@@ -1 +1 @@
-2019100904
+2019111003
diff --git a/config/amnesia b/config/amnesia
index 5cb1a7c..67414fe 100644
--- a/config/amnesia
+++ b/config/amnesia
@@ -23,7 +23,7 @@ AMNESIA_APPEND="live-media=removable nopersistence noprompt timezone=Etc/UTC blo
AMNESIA_ISOHYBRID_OPTS="-h 255 -s 63 --id 42 --verbose"
# Kernel version
-KERNEL_VERSION='5.3.0-trunk'
+KERNEL_VERSION='5.3.0-2'
KERNEL_SOURCE_VERSION=$(
echo "$KERNEL_VERSION" \
| perl -p -E 's{\A (\d+ [.] \d+) [.] .*}{$1}xms'
diff --git a/config/chroot_apt/preferences b/config/chroot_apt/preferences
index d153fdd..73ad928 100644
--- a/config/chroot_apt/preferences
+++ b/config/chroot_apt/preferences
@@ -41,7 +41,7 @@ Pin: release o=Debian,n=sid
Pin-Priority: 999
Package: linux-compiler-* linux-headers-* linux-image-* linux-kbuild-* linux-source-*
-Pin: release o=Debian,n=experimental
+Pin: release o=Debian,n=sid
Pin-Priority: 999
Explanation: src:live-boot (#15477)
@@ -71,7 +71,7 @@ Pin: origin deb.tails.boum.org
Pin-Priority: 999
Package: virtualbox*
-Pin: release o=Debian,n=sid
+Pin: origin deb.tails.boum.org
Pin-Priority: 999
Package: webext-ublock-origin
diff --git a/config/chroot_local-hooks/42-wrap-gdm-x-session b/config/chroot_local-hooks/42-wrap-gdm-x-session
index b11363d..9a4e071 100755
--- a/config/chroot_local-hooks/42-wrap-gdm-x-session
+++ b/config/chroot_local-hooks/42-wrap-gdm-x-session
@@ -2,7 +2,7 @@
set -eu
-echo "Wrapping gdm-x-session to limit the number of allowed failures"
+echo "Wrapping gdm-x-session to give feedback to the user when X.Org cannot start"
dpkg-divert --add --rename --divert \
/usr/lib/gdm3/gdm-x-session.real \
diff --git a/config/chroot_local-includes/etc/dconf/db/local.d/00_Tails_defaults b/config/chroot_local-includes/etc/dconf/db/local.d/00_Tails_defaults
index 43920d0..b1e8d84 100644
--- a/config/chroot_local-includes/etc/dconf/db/local.d/00_Tails_defaults
+++ b/config/chroot_local-includes/etc/dconf/db/local.d/00_Tails_defaults
@@ -3,7 +3,7 @@ item-filter=''
sidebar-visible=true
[desktop/gnome/crypto/pgp]
-keyservers = ['hkp://jirk5u4osbsr34t5.onion']
+keyservers = ['hkp://zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion']
[org/gnome/desktop/a11y]
always-show-universal-access-status=true
diff --git a/config/chroot_local-includes/etc/skel/.gnupg/dirmngr.conf b/config/chroot_local-includes/etc/skel/.gnupg/dirmngr.conf
index 44352fb..eb876dc 100644
--- a/config/chroot_local-includes/etc/skel/.gnupg/dirmngr.conf
+++ b/config/chroot_local-includes/etc/skel/.gnupg/dirmngr.conf
@@ -1,2 +1,2 @@
use-tor
-keyserver hkp://jirk5u4osbsr34t5.onion
+keyserver hkp://zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion
diff --git a/config/chroot_local-includes/etc/sysctl.d/unprivileged_userfaultfd.conf b/config/chroot_local-includes/etc/sysctl.d/unprivileged_userfaultfd.conf
new file mode 100644
index 0000000..ad067bd
--- /dev/null
+++ b/config/chroot_local-includes/etc/sysctl.d/unprivileged_userfaultfd.conf
@@ -0,0 +1 @@
+vm.unprivileged_userfaultfd=0
diff --git a/config/chroot_local-includes/lib/systemd/system/tails-additional-software-upgrade.path b/config/chroot_local-includes/lib/systemd/system/tails-additional-software-upgrade.path
index 27fa138..3f6e373 100644
--- a/config/chroot_local-includes/lib/systemd/system/tails-additional-software-upgrade.path
+++ b/config/chroot_local-includes/lib/systemd/system/tails-additional-software-upgrade.path
@@ -2,7 +2,7 @@
Description=Trigger upgrade of Additional Software Packages
Documentation=https://tails.boum.org/contribute/design/persistence/
After=tails-additional-software-install.service
-After=tor-has-bootstrapped.service
+After=tails-wait-until-tor-has-bootstrapped.service
ConditionFileNotEmpty=/live/persistence/TailsData_unlocked/live-additional-software.conf
[Path]
diff --git a/config/chroot_local-includes/lib/systemd/system/tails-additional-software-upgrade.service b/config/chroot_local-includes/lib/systemd/system/tails-additional-software-upgrade.service
index f9d235f..5ef28ab 100644
--- a/config/chroot_local-includes/lib/systemd/system/tails-additional-software-upgrade.service
+++ b/config/chroot_local-includes/lib/systemd/system/tails-additional-software-upgrade.service
@@ -2,7 +2,7 @@
Description=Upgrade Additional Software Packages
Documentation=https://tails.boum.org/contribute/design/persistence/
After=tails-additional-software-install.service
-After=tor-has-bootstrapped.service
+After=tails-wait-until-tor-has-bootstrapped.service
ConditionFileNotEmpty=/live/persistence/TailsData_unlocked/live-additional-software.conf
[Service]
diff --git a/config/chroot_local-includes/usr/lib/gdm3/gdm-x-session.tails b/config/chroot_local-includes/usr/lib/gdm3/gdm-x-session.tails
index 9441ab7..2788698 100755
--- a/config/chroot_local-includes/usr/lib/gdm3/gdm-x-session.tails
+++ b/config/chroot_local-includes/usr/lib/gdm3/gdm-x-session.tails
@@ -3,33 +3,18 @@
# No "set -e" because we need to capture the exit status of gdm-x-session.real
set -u
-FAILURES_COUNT_FILE=/var/lib/gdm3/gdm-x-session_failures
-MAX_FAILURES=5
-
-get_failures () {
- local failures=0
- if [ -f "$FAILURES_COUNT_FILE" ] ; then
- failures=$(cat "$FAILURES_COUNT_FILE")
- fi
- echo -n "$failures"
-}
-
-increment_failures () {
- failures=$(($(get_failures) + 1))
- echo -n "$failures" > "$FAILURES_COUNT_FILE"
-}
+# To test this functionality, pass xorg-driver=$DRIVER on the kernel
+# command line, with $DRIVER being a X.Org video driver that does not
+# support the hardware you're testing this on.
/usr/lib/gdm3/gdm-x-session.real "$@"
RET=$?
if [ $RET -ne 0 ] ; then
- increment_failures
- if [ $(get_failures) -ge "$MAX_FAILURES" ] ; then
- # Trigger OnFailure=tails-gdm-failed-to-start.service
- echo "gdm-x-session failed too many times, stopping GDM"
- sudo -n /bin/systemctl kill --signal=9 gdm
- fi
+ # Trigger OnFailure=tails-gdm-failed-to-start.service
+ echo "gdm-x-session failed, stopping GDM"
+ sudo -n /bin/systemctl kill --signal=9 gdm
fi
exit $RET
diff --git a/config/chroot_local-includes/usr/lib/python3/dist-packages/tailsgreeter/ui/main_window.py b/config/chroot_local-includes/usr/lib/python3/dist-packages/tailsgreeter/ui/main_window.py
index 321116b..99f8c25 100644
--- a/config/chroot_local-includes/usr/lib/python3/dist-packages/tailsgreeter/ui/main_window.py
+++ b/config/chroot_local-includes/usr/lib/python3/dist-packages/tailsgreeter/ui/main_window.py
@@ -104,7 +104,6 @@ class GreeterMainWindow(Gtk.Window, TranslatableWindow):
self.box_storage = builder.get_object('box_storage')
self.box_storage_unlock = builder.get_object('box_storage_unlock')
self.box_storage_unlocked = builder.get_object('box_storage_unlocked')
- self.button_storage_configure = builder.get_object('button_storage_configure')
self.entry_storage_passphrase = builder.get_object('entry_storage_passphrase')
self.frame_language = builder.get_object('frame_language')
self.infobar_network = builder.get_object('infobar_network')
@@ -189,10 +188,6 @@ class GreeterMainWindow(Gtk.Window, TranslatableWindow):
self.box_language.set_focus_chain([
self.frame_language,
self.box_language_header])
- self.box_storage.set_focus_chain([
- self.box_storage_unlock,
- self.box_storage_unlocked,
- self.button_storage_configure])
self.box_settings.set_focus_chain([
self.box_settings_values,
self.box_settings_header])
@@ -324,14 +319,6 @@ class GreeterMainWindow(Gtk.Window, TranslatableWindow):
self.check_and_login()
return False
- def cb_button_storage_configure_clicked(self, user_data=None):
- self.persistent_storage.configure()
- return False
-
- def cb_button_storage_lock_clicked(self, widget, user_data=None):
- self.persistent_storage.lock()
- return False
-
def cb_button_storage_unlock_clicked(self, widget, user_data=None):
self.persistent_storage.unlock()
return False
diff --git a/config/chroot_local-includes/usr/lib/python3/dist-packages/tailsgreeter/ui/persistent_storage.py b/config/chroot_local-includes/usr/lib/python3/dist-packages/tailsgreeter/ui/persistent_storage.py
index 7daddef..fc77c7f 100644
--- a/config/chroot_local-includes/usr/lib/python3/dist-packages/tailsgreeter/ui/persistent_storage.py
+++ b/config/chroot_local-includes/usr/lib/python3/dist-packages/tailsgreeter/ui/persistent_storage.py
@@ -20,18 +20,24 @@ class PersistentStorage(object):
self.box_storage = builder.get_object('box_storage')
self.box_storage_unlock = builder.get_object('box_storage_unlock')
self.box_storage_unlocked = builder.get_object('box_storage_unlocked')
- self.button_storage_configure = builder.get_object('button_storage_configure')
- self.button_storage_lock = builder.get_object('button_storage_lock')
self.button_storage_unlock = builder.get_object('button_storage_unlock')
+ self.checkbutton_storage_show_passphrase = builder.get_object('checkbutton_storage_show_passphrase')
self.entry_storage_passphrase = builder.get_object('entry_storage_passphrase')
self.image_storage_state = builder.get_object('image_storage_state')
self.infobar_persistence = builder.get_object('infobar_persistence')
self.label_infobar_persistence = builder.get_object('label_infobar_persistence')
self.spinner_storage_unlock = builder.get_object('spinner_storage_unlock')
+ self.checkbutton_storage_show_passphrase.connect('toggled', self.cb_checkbutton_storage_show_passphrase_toggled)
+
+ self.box_storage.set_focus_chain([
+ self.box_storage_unlock,
+ self.box_storage_unlocked,
+ self.checkbutton_storage_show_passphrase])
+
if self.persistence_setting.has_persistence():
- self.button_storage_configure.set_visible(False)
self.box_storage_unlock.set_visible(True)
+ self.checkbutton_storage_show_passphrase.set_visible(True)
self.image_storage_state.set_visible(True)
self.entry_storage_passphrase.set_visible(True)
self.spinner_storage_unlock.set_visible(False)
@@ -41,28 +47,6 @@ class PersistentStorage(object):
# hide the whole thing for now.
self.box_storage.set_visible(False)
- def configure(self):
- # XXX-future: this should launch the configuration of the persistence.
- logging.warning("User would be able to set up an encrypted storage.")
- raise NotImplementedError
-
- def lock(self):
- if self.persistence_setting.lock():
- self.button_storage_lock.set_visible(False)
- self.box_storage_unlock.set_visible(True)
- self.image_storage_state.set_visible(True)
- self.image_storage_state.set_from_icon_name(
- 'tails-locked', Gtk.IconSize.BUTTON)
- self.entry_storage_passphrase.set_visible(True)
- self.entry_storage_passphrase.set_sensitive(True)
- self.button_storage_unlock.set_visible(True)
- self.button_storage_unlock.set_sensitive(True)
- self.button_storage_unlock.set_label(_("Unlock"))
- else:
- self.label_infobar_persistence.set_label(
- _("Failed to relock persistent storage."))
- self.infobar_persistence.set_visible(True)
-
@staticmethod
def passphrase_changed(editable):
# Remove warning icon
@@ -77,6 +61,7 @@ class PersistentStorage(object):
self.entry_storage_passphrase.set_sensitive(False)
self.button_storage_unlock.set_sensitive(False)
self.button_storage_unlock.set_label(_("Unlocking…"))
+ self.checkbutton_storage_show_passphrase.set_visible(False)
self.image_storage_state.set_visible(False)
self.spinner_storage_unlock.set_visible(True)
@@ -105,6 +90,7 @@ class PersistentStorage(object):
self.entry_storage_passphrase.set_sensitive(True)
self.button_storage_unlock.set_sensitive(True)
self.button_storage_unlock.set_label(_("Unlock"))
+ self.checkbutton_storage_show_passphrase.set_visible(True)
self.image_storage_state.set_visible(True)
self.spinner_storage_unlock.set_visible(False)
self.label_infobar_persistence.set_label(
@@ -126,3 +112,6 @@ class PersistentStorage(object):
Gtk.IconSize.BUTTON)
self.image_storage_state.set_visible(True)
self.box_storage_unlocked.set_visible(True)
+
+ def cb_checkbutton_storage_show_passphrase_toggled(self, widget):
+ self.entry_storage_passphrase.set_visibility(widget.get_active())
diff --git a/config/chroot_local-includes/usr/lib/systemd/user/tails-add-GNOME-bookmarks.service b/config/chroot_local-includes/usr/lib/systemd/user/tails-add-GNOME-bookmarks.service
index 90fd61d..336fccb 100644
--- a/config/chroot_local-includes/usr/lib/systemd/user/tails-add-GNOME-bookmarks.service
+++ b/config/chroot_local-includes/usr/lib/systemd/user/tails-add-GNOME-bookmarks.service
@@ -2,8 +2,8 @@
Description=Add GTK bookmarks to some directories
Documentation=https://tails.boum.org/contribute/design/application_isolation/
ConditionUser=1000
-After=create-tor-browser-directories.service gvfs-metadata.service
-Requires=create-tor-browser-directories.service gvfs-metadata.service
+After=tails-create-tor-browser-directories.service gvfs-metadata.service
+Requires=tails-create-tor-browser-directories.service gvfs-metadata.service
[Service]
Type=oneshot
diff --git a/config/chroot_local-includes/usr/share/tails/greeter/main.ui.in b/config/chroot_local-includes/usr/share/tails/greeter/main.ui.in
index 2a058a2..a3b6884 100644
--- a/config/chroot_local-includes/usr/share/tails/greeter/main.ui.in
+++ b/config/chroot_local-includes/usr/share/tails/greeter/main.ui.in
@@ -322,6 +322,22 @@
</packing>
</child>
<child>
+ <object class="GtkCheckButton" id="checkbutton_storage_show_passphrase">
+ <property name="label" translatable="yes">Show Passphrase</property>
+ <property name="can_focus">True</property>
+ <property name="receives_default">False</property>
+ <property name="xalign">0</property>
+ <property name="draw_indicator">True</property>
+ <signal name="toggled" handler="cb_checkbutton_storage_show_passphrase_toggled" swapped="no"/>
+ </object>
+ <packing>
+ <property name="expand">False</property>
+ <property name="fill">True</property>
+ <property name="pack_type">end</property>
+ <property name="position">3</property>
+ </packing>
+ </child>
+ <child>
<object class="GtkLinkButton" id="linkbutton_storage_help">
<property name="visible">False</property>
<property name="can_focus">True</property>
@@ -354,52 +370,6 @@
</packing>
</child>
<child>
- <object class="GtkButton" id="button_storage_configure">
- <property name="visible">True</property>
- <property name="can_focus">True</property>
- <property name="receives_default">True</property>
- <property name="always_show_image">True</property>
- <signal name="clicked" handler="cb_button_storage_configure_clicked" swapped="no"/>
- <child>
- <object class="GtkBox" id="box2">
- <property name="visible">True</property>
- <property name="can_focus">False</property>
- <child>
- <object class="GtkImage" id="image_storage">
- <property name="can_focus">False</property>
- <property name="icon_name">tails-locked</property>
- </object>
- <packing>
- <property name="expand">False</property>
- <property name="fill">True</property>
- <property name="position">0</property>
- </packing>
- </child>
- <child>
- <object class="GtkLabel" id="label_storage_configure">
- <property name="visible">True</property>
- <property name="can_focus">False</property>
- <property name="label" translatable="yes">Configure Persistent Storage</property>
- </object>
- <packing>
- <property name="expand">True</property>
- <property name="fill">True</property>
- <property name="position">1</property>
- </packing>
- </child>
- </object>
- </child>
- <style>
- <class name="suggested-action"/>
- </style>
- </object>
- <packing>
- <property name="expand">False</property>
- <property name="fill">True</property>
- <property name="position">1</property>
- </packing>
- </child>
- <child>
<object class="GtkBox" id="box_storage_unlock">
<property name="can_focus">False</property>
<child>
@@ -452,19 +422,6 @@
<object class="GtkBox" id="box_storage_unlocked">
<property name="can_focus">False</property>
<child>
- <object class="GtkButton" id="button_storage_lock">
- <property name="label" translatable="yes">Relock Persistent Storage</property>
- <property name="can_focus">True</property>
- <property name="receives_default">True</property>
- <signal name="clicked" handler="cb_button_storage_lock_clicked" swapped="no"/>
- </object>
- <packing>
- <property name="expand">True</property>
- <property name="fill">True</property>
- <property name="position">0</property>
- </packing>
- </child>
- <child>
<object class="GtkLabel" id="label_storage_unlocked">
<property name="visible">True</property>
<property name="can_focus">False</property>
diff --git a/config/chroot_local-packageslists/tails-common.list b/config/chroot_local-packageslists/tails-common.list
index 337c321..f72977a 100644
--- a/config/chroot_local-packageslists/tails-common.list
+++ b/config/chroot_local-packageslists/tails-common.list
@@ -157,6 +157,7 @@ macchanger
mat2
mesa-utils
nautilus
+nautilus-extension-gnome-terminal
nautilus-wipe
nautilus-gtkhash
network-manager
diff --git a/config/chroot_sources/experimental.binary b/config/chroot_sources/experimental.binary
deleted file mode 120000
index 321bcca..0000000
--- a/config/chroot_sources/experimental.binary
+++ /dev/null
@@ -1 +0,0 @@
-experimental.chroot \ No newline at end of file
diff --git a/config/chroot_sources/experimental.chroot b/config/chroot_sources/experimental.chroot
deleted file mode 100644
index c30f178..0000000
--- a/config/chroot_sources/experimental.chroot
+++ /dev/null
@@ -1 +0,0 @@
-deb http://ftp.us.debian.org/debian/ experimental main contrib non-free
diff --git a/features/images/GnomeCloseButton.png b/features/images/GnomeCloseButton.png
index 7eff402..25e8dfb 100644
--- a/features/images/GnomeCloseButton.png
+++ b/features/images/GnomeCloseButton.png
Binary files differ
diff --git a/features/images/SeahorseFoundKeyResult.png b/features/images/SeahorseFoundKeyResult.png
index 7c668cb..d74bc7f 100644
--- a/features/images/SeahorseFoundKeyResult.png
+++ b/features/images/SeahorseFoundKeyResult.png
Binary files differ
diff --git a/features/mac_spoofing.feature b/features/mac_spoofing.feature
index c4ebdc9..61a3476 100644
--- a/features/mac_spoofing.feature
+++ b/features/mac_spoofing.feature
@@ -5,12 +5,10 @@ Feature: Spoofing MAC addresses
I want to be able to control whether my network devices MAC addresses should be spoofed
And I want this feature to fail safe
- Background:
+ Scenario: MAC address spoofing is disabled
Given I have started Tails from DVD without network and stopped at Tails Greeter's login screen
And I capture all network traffic
And the network is plugged
-
- Scenario: MAC address spoofing is disabled
When I disable MAC spoofing in Tails Greeter
And I log in to a new session
And Tor is ready
@@ -22,6 +20,9 @@ Feature: Spoofing MAC addresses
And some network device leaked the real MAC address
Scenario: MAC address spoofing is successful
+ Given I have started Tails from DVD without network and stopped at Tails Greeter's login screen
+ And I capture all network traffic
+ And the network is plugged
When I log in to a new session
And Tor is ready
Then 1 network interface is enabled
@@ -32,19 +33,28 @@ Feature: Spoofing MAC addresses
And no network device leaked the real MAC address
Scenario: MAC address spoofing fails and macchanger returns false
- Given macchanger will fail by not spoofing and always returns false
+ Given I have started Tails from DVD without network and stopped at Tails Greeter's login screen
+ And I capture all network traffic
+ And the network is plugged
+ And macchanger will fail by not spoofing and always returns false
When I log in to a new session
Then no network interfaces are enabled
And no network device leaked the real MAC address
Scenario: MAC address spoofing fails and macchanger returns true
- Given macchanger will fail by not spoofing and always returns true
+ Given I have started Tails from DVD without network and stopped at Tails Greeter's login screen
+ And I capture all network traffic
+ And the network is plugged
+ And macchanger will fail by not spoofing and always returns true
When I log in to a new session
Then no network interfaces are enabled
And no network device leaked the real MAC address
Scenario: MAC address spoofing fails and the module is not removed
- Given macchanger will fail by not spoofing and always returns true
+ Given I have started Tails from DVD without network and stopped at Tails Greeter's login screen
+ And I capture all network traffic
+ And the network is plugged
+ And macchanger will fail by not spoofing and always returns true
And no network interface modules can be unloaded
When I log in to a new session
Then 1 network interface is enabled
diff --git a/features/step_definitions/chutney.rb b/features/step_definitions/chutney.rb
index 6a3215c..e414dca 100644
--- a/features/step_definitions/chutney.rb
+++ b/features/step_definitions/chutney.rb
@@ -143,10 +143,6 @@ When /^I configure Tails to use a simulated Tor network$/ do
$vm.file_append('/etc/tor/torrc', client_torrc_lines)
end
-When /^Tails is using the real Tor network$/ do
- assert($vm.execute('grep "TestingTorNetwork 1" /etc/torrc').failure?)
-end
-
def chutney_onionservice_info
hs_hostname_file_path = Dir.glob(
"#{$config['TMPDIR']}/chutney-data/nodes/*hs/hidden_service/hostname"
@@ -165,21 +161,28 @@ def chutney_onionservice_info
end
def chutney_onionservice_redir(remote_address, remote_port)
+ redir_unit_name = 'tails-test-suite-redir.service'
kill_redir = Proc.new do
begin
- Process.kill("TERM", $chutney_onionservice_job.pid)
+ if system('/bin/systemctl', '--quiet', 'is-active', redir_unit_name)
+ system('/bin/systemctl', 'stop', redir_unit_name)
+ end
rescue
# noop
end
end
- if $chutney_onionservice_job
- kill_redir.call
- end
+ kill_redir.call
local_address, local_port, _ = chutney_onionservice_info
- $chutney_onionservice_job = IO.popen(
- ['/usr/bin/redir',
- "#{local_address}:#{local_port}",
- "#{remote_address}:#{remote_port}"]
+ $chutney_onionservice_job = fatal_system(
+ '/usr/bin/systemd-run',
+ "--unit=#{redir_unit_name}",
+ '--service-type=forking',
+ '--quiet',
+ # XXX: enable this once we require Buster or newer for running our test suite
+ # '--collect',
+ '/usr/bin/redir',
+ "#{local_address}:#{local_port}",
+ "#{remote_address}:#{remote_port}",
)
add_after_scenario_hook { kill_redir.call }
return $chutney_onionservice_job
diff --git a/features/step_definitions/common_steps.rb b/features/step_definitions/common_steps.rb
index eb36192..b26fc9f 100644
--- a/features/step_definitions/common_steps.rb
+++ b/features/step_definitions/common_steps.rb
@@ -7,6 +7,17 @@ def post_vm_start_hook
# having an important click lost. The point we click should be
# somewhere where no clickable elements generally reside.
@screen.click_point(@screen.w - 1, @screen.h/2)
+ # Increase the chances that by the time we leave this function, if
+ # the above click has opened the Applications menu (which sometimes
+ # happens, go figure), that menu was closed and the desktop is back
+ # to its normal state. Otherwise, all kinds of trouble may arise:
+ # for example, pressing SUPER to open the Activities Overview would
+ # fail (SUPER has no effect when the Applications menu is still
+ # opened). We sleep here, instead of in "I start […] via GNOME
+ # Activities Overview", because it's our responsibility to return to
+ # a normal desktop state that any following step can rely upon.
+ @screen.type(Sikuli::Key.ESC)
+ sleep 1
end
def post_snapshot_restore_hook
diff --git a/features/step_definitions/torified_gnupg.rb b/features/step_definitions/torified_gnupg.rb
index d44f8d0..cc5fd75 100644
--- a/features/step_definitions/torified_gnupg.rb
+++ b/features/step_definitions/torified_gnupg.rb
@@ -3,10 +3,10 @@ require 'resolv'
class OpenPGPKeyserverCommunicationError < StandardError
end
-def count_gpg_signatures(key)
- output = $vm.execute_successfully("gpg --batch --list-sigs #{key}",
+def count_gpg_subkeys(key)
+ output = $vm.execute_successfully("gpg --batch --list-keys #{key}",
:user => LIVE_USER).stdout
- output.scan(/^sig/).count
+ output.scan(/^sub/).count
end
def check_for_seahorse_error
@@ -17,6 +17,10 @@ def check_for_seahorse_error
end
end
+def dirmngr_conf
+ "/home/#{LIVE_USER}/.gnupg/dirmngr.conf"
+end
+
def start_or_restart_seahorse
assert_not_nil(@withgpgapplet)
if @withgpgapplet
@@ -27,13 +31,18 @@ def start_or_restart_seahorse
step 'Seahorse has opened'
end
-Then /^the key "([^"]+)" has (less|more) than (\d+) signatures$/ do |key, qualifier, num|
- count = count_gpg_signatures(key)
+Then /^the key "([^"]+)" has no subkeys?$/ do |key|
+ count = count_gpg_subkeys(key)
+ assert_equal(0, count, "Expected no subkey but found #{count}")
+end
+
+Then /^the key "([^"]+)" has (strictly less than|at least) (\d+) subkeys?$/ do |key, qualifier, num|
+ count = count_gpg_subkeys(key)
case qualifier
- when 'less'
- assert(count < num.to_i, "Expected less than #{num} signatures but found #{count}")
- when 'more'
- assert(count > num.to_i, "Expected more than #{num} signatures but found #{count}")
+ when 'strictly less than'
+ assert(count < num.to_i, "Expected strictly less than #{num} subkeys but found #{count}")
+ when 'at least'
+ assert(count >= num.to_i, "Expected at least #{num} subkeys but found #{count}")
else
raise "Unknown operator #{qualifier} passed"
end
@@ -47,7 +56,15 @@ end
def setup_onion_keyserver
resolver = Resolv::DNS.new
- keyservers = resolver.getaddresses('pool.sks-keyservers.net').select do |addr|
+ # Requirements for the target keyserver:
+ # - It must not redirect to HTTPS, as Seahorse does not support this.
+ # - It must respond to HKP queries regardless of the HTTP "Host" header
+ # sent by the client, as Seahorse will be configured to connect
+ # to an Onion service run by Chutney, and will send
+ # "Host: $onion_address" in the HTTP query.
+ # So we cannot use a web server whose default virtual host is not
+ # a keyserver, but for example, the default Apache homepage.
+ keyservers = resolver.getaddresses('keys.mayfirst.org').select do |addr|
addr.class == Resolv::IPv4
end
onion_keyserver_address = keyservers.sample
@@ -57,18 +74,13 @@ def setup_onion_keyserver
)
end
-When /^I fetch the "([^"]+)" OpenPGP key using the GnuPG CLI( without any signatures)?$/ do |keyid, without|
+When /^I fetch the "([^"]+)" OpenPGP key using the GnuPG CLI$/ do |keyid|
# Make keyid an instance variable so we can reference it in the Seahorse
# keysyncing step.
@fetched_openpgp_keyid = keyid
- if without
- importopts = '--keyserver-options import-clean'
- else
- importopts = ''
- end
- retry_tor(Proc.new { setup_onion_keyserver }) do
+ retry_tor do
@gnupg_recv_key_res = $vm.execute_successfully(
- "timeout 120 gpg --batch #{importopts} --recv-key '#{@fetched_openpgp_keyid}'",
+ "timeout 120 gpg --batch --recv-key '#{@fetched_openpgp_keyid}'",
:user => LIVE_USER)
if @gnupg_recv_key_res.failure?
raise "Fetching keys with the GnuPG CLI failed with:\n" +
@@ -96,6 +108,11 @@ When /^the "([^"]+)" key is in the live user's public keyring(?: after at most (
}
end
+Given /^I delete the "([^"]+)" subkey from the live user's public keyring$/ do |subkeyid|
+ $vm.execute("gpg --batch --delete-keys '#{subkeyid}!'",
+ :user => LIVE_USER).success?
+end
+
When /^I start Seahorse( via the OpenPGP Applet)?$/ do |withgpgapplet|
@withgpgapplet = !!withgpgapplet
start_or_restart_seahorse
@@ -118,14 +135,6 @@ end
Then /^I synchronize keys in Seahorse$/ do
recovery_proc = Proc.new do
setup_onion_keyserver
- # The version of Seahorse in Jessie will abort with a
- # segmentation fault whenever there's any sort of network error while
- # syncing keys. This will usually happens after clicking away the error
- # message. This does not appear to be a problem in Stretch.
- #
- # We'll kill the Seahorse process to avoid waiting for the inevitable
- # segfault. We'll also make sure the process is still running (= hasn't
- # yet segfaulted) before terminating it.
if @screen.exists('GnomeCloseButton.png') || !$vm.has_process?('seahorse')
step 'I kill the process "seahorse"' if $vm.has_process?('seahorse')
debug_log('Restarting Seahorse.')
@@ -137,7 +146,7 @@ Then /^I synchronize keys in Seahorse$/ do
# Due to a lack of visual feedback in Seahorse we'll break out of the
# try_for loop below by returning "true" when there's something we can act
# upon.
- if count_gpg_signatures(@fetched_openpgp_keyid) > 42 || \
+ if count_gpg_subkeys(@fetched_openpgp_keyid) >= 3 || \
@screen.exists('GnomeCloseButton.png') || \
!$vm.has_process?('seahorse')
true
@@ -211,55 +220,73 @@ When /^I fetch the "([^"]+)" OpenPGP key using Seahorse( via the OpenPGP Applet)
end
end
-Given /^(GnuPG|Seahorse) is configured to use Chutney's onion keyserver$/ do |app|
+def disable_IPv6_for_dirmngr
+ # When dirmngr connects to the Onion service run by Chutney, the
+ # isotester redirects the connection to keys.openpgp.org:11371 over
+ # IPv4 (see setup_onion_keyserver), and then keys.openpgp.org
+ # redirects us to https://keys.openpgp.org, that is resolved by
+ # dirmngr. By default we would get an IPv6 address here, which works
+ # just fine in a normal Tails, but here we exit from Chutney's Tor
+ # network that runs on our CI infrastructure, which is IPv4-only, so
+ # that would fail. Therefore, let's ensure dirmngr only picks IPv4
+ # addresses for keys.openpgp.org.
+ if $vm.execute("grep -F --line-regexp disable-ipv6 '#{dirmngr_conf}'").failure?
+ $vm.file_append(dirmngr_conf, "disable-ipv6\n")
+ end
+end
+
+def restart_dirmngr
+ $vm.execute_successfully("systemctl --user restart dirmngr.service",
+ :user => LIVE_USER)
+end
+
+Given /^GnuPG is configured to use a non-Onion keyserver$/ do
+ # Validate the shipped configuration ...
+ server = /keyserver\s+(\S+)$/.match($vm.file_content(dirmngr_conf))[1]
+ assert_equal(
+ "hkp://#{CONFIGURED_KEYSERVER_HOSTNAME}", server,
+ "GnuPG's dirmngr is not configured to use the correct keyserver"
+ )
+ # ... before replacing it
+ $vm.execute_successfully(
+ "sed -i 's|hkp://#{CONFIGURED_KEYSERVER_HOSTNAME}|hkps://#{TEST_SUITE_DIRMNGR_KEYSERVER_HOSTNAME}|' " +
+ "'#{dirmngr_conf}'"
+ )
+ disable_IPv6_for_dirmngr
+ # Ensure dirmngr picks up the changes we made to its configuration
+ restart_dirmngr
+end
+
+Given /^Seahorse is configured to use Chutney's onion keyserver$/ do
setup_onion_keyserver unless @onion_keyserver_job
_, _, onion_address, onion_port = chutney_onionservice_info
- case app
- when 'GnuPG'
- # Validate the shipped configuration ...
- server = /keyserver\s+(\S+)$/.match($vm.file_content("/home/#{LIVE_USER}/.gnupg/dirmngr.conf"))[1]
- assert_equal(
- "hkp://#{CONFIGURED_KEYSERVER_HOSTNAME}", server,
- "GnuPG's dirmngr does not use the correct keyserver"
- )
- # ... before replacing it
+ # Validate the shipped configuration ...
+ @gnome_keyservers = YAML.load(
$vm.execute_successfully(
- "sed -i 's/#{CONFIGURED_KEYSERVER_HOSTNAME}/#{onion_address}:#{onion_port}/' " +
- "'/home/#{LIVE_USER}/.gnupg/dirmngr.conf'"
- )
- when 'Seahorse'
- # Validate the shipped configuration ...
- @gnome_keyservers = YAML.load(
- $vm.execute_successfully(
- 'gsettings get org.gnome.crypto.pgp keyservers',
- user: LIVE_USER
- ).stdout
- )
- assert_equal(1, @gnome_keyservers.count,
- 'Seahorse should only have one keyserver configured.')
- assert_equal(
- 'hkp://' + CONFIGURED_KEYSERVER_HOSTNAME, @gnome_keyservers[0],
- "GnuPG's dirmngr does not use the correct keyserver"
- )
- # ... before replacing it
- $vm.execute_successfully(
- "gsettings set org.gnome.crypto.pgp keyservers \"['hkp://#{onion_address}:#{onion_port}']\"",
+ 'gsettings get org.gnome.crypto.pgp keyservers',
user: LIVE_USER
- )
- end
+ ).stdout
+ )
+ assert_equal(1, @gnome_keyservers.count,
+ 'Seahorse should only have one keyserver configured.')
+ assert_equal(
+ 'hkp://' + CONFIGURED_KEYSERVER_HOSTNAME, @gnome_keyservers[0],
+ "Seahorse is not configured to use the correct keyserver"
+ )
+ # ... before replacing it
+ $vm.execute_successfully(
+ "gsettings set org.gnome.crypto.pgp keyservers \"['hkp://#{onion_address}:#{onion_port}']\"",
+ user: LIVE_USER
+ )
end
Then /^GnuPG's dirmngr uses the configured keyserver$/ do
- _, _, onion_keyserver_address, _ = chutney_onionservice_info
dirmngr_request = $vm.execute_successfully(
'gpg-connect-agent --dirmngr "keyserver --hosttable" /bye', user: LIVE_USER
)
server = dirmngr_request.stdout.chomp.lines[1].split[4]
- server = /keyserver\s+(\S+)$/.match(
- $vm.file_content("/home/#{LIVE_USER}/.gnupg/dirmngr.conf")
- )[1]
assert_equal(
- "hkp://#{onion_keyserver_address}:5858", server,
+ TEST_SUITE_DIRMNGR_KEYSERVER_HOSTNAME, server,
"GnuPG's dirmngr does not use the correct keyserver"
)
end
diff --git a/features/support/config.rb b/features/support/config.rb
index f15bbf2..bba96ac 100644
--- a/features/support/config.rb
+++ b/features/support/config.rb
@@ -66,7 +66,8 @@ SIKULI_IMAGE_PATH = "#{Dir.pwd}/features/images/"
SIKULI_MIN_SIMILARITY = 0.9
# Constants that are statically initialized.
-CONFIGURED_KEYSERVER_HOSTNAME = 'jirk5u4osbsr34t5.onion'
+CONFIGURED_KEYSERVER_HOSTNAME = 'zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion'
+TEST_SUITE_DIRMNGR_KEYSERVER_HOSTNAME = 'keys.openpgp.org'
LIBVIRT_DOMAIN_NAME = "TailsToaster"
LIBVIRT_DOMAIN_UUID = "203552d5-819c-41f3-800e-2c8ef2545404"
LIBVIRT_NETWORK_NAME = "TailsToasterNet"
diff --git a/features/support/env.rb b/features/support/env.rb
index e3f039b..f4a7901 100644
--- a/features/support/env.rb
+++ b/features/support/env.rb
@@ -9,8 +9,8 @@ require 'rspec'
Encoding.default_external = Encoding::UTF_8
Encoding.default_internal = Encoding::UTF_8
-def fatal_system(str)
- unless system(str)
+def fatal_system(str, *args)
+ unless system(str, *args)
raise StandardError.new("Command exited with #{$?}")
end
end
diff --git a/features/support/helpers/sniffing_helper.rb b/features/support/helpers/sniffing_helper.rb
index 7ac763e..a1ac64b 100644
--- a/features/support/helpers/sniffing_helper.rb
+++ b/features/support/helpers/sniffing_helper.rb
@@ -1,11 +1,11 @@
#
-# Sniffer is a very dumb wrapper to start and stop tcpdumps instances, possibly
+# Sniffer is a very dumb wrapper to start and stop tcpdump instances, possibly
# with customized filters. Captured traffic is stored in files whose name
-# depends on the sniffer name. The resulting captured packets for each sniffers
+# depends on the sniffer name. The resulting captured packets for each sniffer
# can be accessed as an array through its `packets` method.
#
# Use of more rubyish internal ways to sniff a network like with pcap-able gems
-# is waaay to much resource consumming, notmuch reliable and soooo slow. Let's
+# is waaay to much resource consuming, not much reliable and soooo slow. Let's
# not bother too much with that. :)
#
# Should put all that in a Module.
diff --git a/features/torified_gnupg.feature b/features/torified_gnupg.feature
index bfd3c59..31f898c 100644
--- a/features/torified_gnupg.feature
+++ b/features/torified_gnupg.feature
@@ -1,5 +1,4 @@
-#14770
-@product @check_tor_leaks @fragile
+@product @check_tor_leaks
Feature: Keyserver interaction with GnuPG
As a Tails user
when I interact with keyservers using various GnuPG tools
@@ -8,46 +7,54 @@ Feature: Keyserver interaction with GnuPG
Background:
Given I have started Tails from DVD and logged in and the network is connected
- And the "0EE5BE979282D80B9F7540F1CCD2ED94D21739E9" OpenPGP key is not in the live user's public keyring
- And GnuPG is configured to use Chutney's onion keyserver
+ And the "DF841752B55CD97FDA4879B29E5B04F430F80A2C" OpenPGP key is not in the live user's public keyring
+ And GnuPG is configured to use a non-Onion keyserver
And Seahorse is configured to use Chutney's onion keyserver
Scenario: Fetching OpenPGP keys using GnuPG should work and be done over Tor.
- When I fetch the "0EE5BE979282D80B9F7540F1CCD2ED94D21739E9" OpenPGP key using the GnuPG CLI
+ When I fetch the "DF841752B55CD97FDA4879B29E5B04F430F80A2C" OpenPGP key using the GnuPG CLI
And the GnuPG fetch is successful
- Then the "0EE5BE979282D80B9F7540F1CCD2ED94D21739E9" key is in the live user's public keyring
+ Then the "DF841752B55CD97FDA4879B29E5B04F430F80A2C" key is in the live user's public keyring
And GnuPG's dirmngr uses the configured keyserver
Scenario: Fetching OpenPGP keys using Seahorse should work and be done over Tor.
- When I fetch the "D21739E9" OpenPGP key using Seahorse
+ When I fetch the "30F80A2C" OpenPGP key using Seahorse
And the Seahorse operation is successful
- Then the "0EE5BE979282D80B9F7540F1CCD2ED94D21739E9" key is in the live user's public keyring
+ Then the "DF841752B55CD97FDA4879B29E5B04F430F80A2C" key is in the live user's public keyring
Scenario: Fetching OpenPGP keys using Seahorse via the OpenPGP Applet should work and be done over Tor.
- When I fetch the "D21739E9" OpenPGP key using Seahorse via the OpenPGP Applet
+ When I fetch the "30F80A2C" OpenPGP key using Seahorse via the OpenPGP Applet
And the Seahorse operation is successful
- Then the "0EE5BE979282D80B9F7540F1CCD2ED94D21739E9" key is in the live user's public keyring
+ Then the "DF841752B55CD97FDA4879B29E5B04F430F80A2C" key is in the live user's public keyring
+ #14770, #17169
+ @fragile
Scenario: Syncing OpenPGP keys using Seahorse should work and be done over Tor.
- Given I fetch the "0EE5BE979282D80B9F7540F1CCD2ED94D21739E9" OpenPGP key using the GnuPG CLI without any signatures
+ Given I fetch the "DF841752B55CD97FDA4879B29E5B04F430F80A2C" OpenPGP key using the GnuPG CLI
And the GnuPG fetch is successful
- And the "0EE5BE979282D80B9F7540F1CCD2ED94D21739E9" key is in the live user's public keyring
- But the key "0EE5BE979282D80B9F7540F1CCD2ED94D21739E9" has less than 42 signatures
+ And the "DF841752B55CD97FDA4879B29E5B04F430F80A2C" key is in the live user's public keyring
+ And the key "DF841752B55CD97FDA4879B29E5B04F430F80A2C" has at least 1 subkey
+ And I delete the "85C7C1AAA3DFC34623B5516281119B9834AD5681" subkey from the live user's public keyring
+ And the key "DF841752B55CD97FDA4879B29E5B04F430F80A2C" has no subkey
When I start Seahorse
Then Seahorse has opened
And I enable key synchronization in Seahorse
And I synchronize keys in Seahorse
And the Seahorse operation is successful
- Then the key "0EE5BE979282D80B9F7540F1CCD2ED94D21739E9" has more than 42 signatures
+ Then the key "DF841752B55CD97FDA4879B29E5B04F430F80A2C" has at least 1 subkey
+ #14770, #17169
+ @fragile
Scenario: Syncing OpenPGP keys using Seahorse started from the OpenPGP Applet should work and be done over Tor.
- Given I fetch the "0EE5BE979282D80B9F7540F1CCD2ED94D21739E9" OpenPGP key using the GnuPG CLI without any signatures
+ Given I fetch the "DF841752B55CD97FDA4879B29E5B04F430F80A2C" OpenPGP key using the GnuPG CLI
And the GnuPG fetch is successful
- And the "0EE5BE979282D80B9F7540F1CCD2ED94D21739E9" key is in the live user's public keyring
- But the key "0EE5BE979282D80B9F7540F1CCD2ED94D21739E9" has less than 42 signatures
+ And the "DF841752B55CD97FDA4879B29E5B04F430F80A2C" key is in the live user's public keyring
+ And the key "DF841752B55CD97FDA4879B29E5B04F430F80A2C" has at least 1 subkey
+ And I delete the "85C7C1AAA3DFC34623B5516281119B9834AD5681" subkey from the live user's public keyring
+ And the key "DF841752B55CD97FDA4879B29E5B04F430F80A2C" has no subkey
When I start Seahorse via the OpenPGP Applet
Then Seahorse has opened
And I enable key synchronization in Seahorse
And I synchronize keys in Seahorse
And the Seahorse operation is successful
- Then the key "0EE5BE979282D80B9F7540F1CCD2ED94D21739E9" has more than 42 signatures
+ Then the key "DF841752B55CD97FDA4879B29E5B04F430F80A2C" has at least 1 subkey
diff --git a/run_test_suite b/run_test_suite
index 45a2d55..a471128 100755
--- a/run_test_suite
+++ b/run_test_suite
@@ -172,13 +172,6 @@ start_vnc_viewer() {
xtigervncviewer -nojpeg -viewonly localhost:${VNC_SERVER_PORT} 1>/dev/null 2>&1 &
}
-capture_session() {
- check_dependencies libvpx1
- echo "Capturing guest display into ${CAPTURE_FILE}"
- avconv -f x11grab -s 1024x768 -r 15 -i ${TARGET_DISPLAY}.0 -an \
- -vcodec libvpx -y "${CAPTURE_FILE}" >/dev/null 2>&1 &
-}
-
# main script
# Unset all environment variables used by this script to pass options
diff --git a/submodules/aufs-standalone b/submodules/aufs-standalone
-Subproject 6c15dd218970afc8c6fd51fea02aee401c5ace0
+Subproject 4f22cb90488fae027f8fbde26ac7ac80cc484f7
diff --git a/wiki/src/blueprint/additional_software_packages/dont_block_desktop_startup.mdwn b/wiki/src/blueprint/additional_software_packages/dont_block_desktop_startup.mdwn
index 5d77d0e..e4bd57a 100644
--- a/wiki/src/blueprint/additional_software_packages/dont_block_desktop_startup.mdwn
+++ b/wiki/src/blueprint/additional_software_packages/dont_block_desktop_startup.mdwn
@@ -67,7 +67,7 @@ A network-manager dispatcher hook starts `systemctl start tails-additional-softw
`tails-additional-software-packages-upgrade.service` includes :
* After=tails-additional-software-install.service
-* After=tor-has-bootstrapped.service
+* After=tails-wait-until-tor-has-bootstrapped.service
* ExecStart=tails-additional-software upgrade
* ConditionFileNotEmpty=live-additional-software.conf
* RemainAfterExit
diff --git a/wiki/src/contribute/design.mdwn b/wiki/src/contribute/design.mdwn
index c23f20f..7637414 100644
--- a/wiki/src/contribute/design.mdwn
+++ b/wiki/src/contribute/design.mdwn
@@ -1120,8 +1120,7 @@ possible.
### 3.6.16 GnuPG
GnuPG tools (namely: GPG itself and Seahorse) are configured to use
-the sks-keyservers pool since it's reliable, well-synchronized with
-the other HKP keyservers pools, and reachable over `hkps://`.
+<https://keys.opengpg.org> via its Onion service, since it's reliable.
GnuPG is configured accordingly to the [OpenPGP Best
Practices](https://help.riseup.net/en/security/message-security/openpgp/best-practices),
diff --git a/wiki/src/contribute/design/additional_software_packages.mdwn b/wiki/src/contribute/design/additional_software_packages.mdwn
index 5f68eea..5f9da9b 100644
--- a/wiki/src/contribute/design/additional_software_packages.mdwn
+++ b/wiki/src/contribute/design/additional_software_packages.mdwn
@@ -101,7 +101,7 @@ A network-manager dispatcher hook starts the systemd unit
[[!tails_gitweb config/chroot_local-includes/lib/systemd/system/tails-additional-software-upgrade.path]]
which waits for `/run/live-additional-software/installed` then starts the
oneshot service `/usr/local/sbin/tails-additional-software upgrade` after
-`tor-has-bootstrapped.service` and `tails-additional-software-install.service`
+`tails-wait-until-tor-has-bootstrapped.service` and `tails-additional-software-install.service`
if the configuration file
`/live/persistence/TailsData_unlocked/live-additional-software.conf` is not
empty.