summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorintrigeri <intrigeri@boum.org>2019-06-14 08:44:07 +0000
committerintrigeri <intrigeri@boum.org>2019-06-14 08:44:07 +0000
commit05d470be59883c64dab23785caee9b5e983822c8 (patch)
tree53e2620854d8ae6d23a77adec61c3827c67c71c9
parent26e01ff6e297d72a13c91865f71eeb90f3826b68 (diff)
parent7f080b04833a00c81dcc53fb044b85ddd1288950 (diff)
Merge remote-tracking branch 'origin/devel' into feature/tor-nightly-master
-rwxr-xr-xauto/config1
-rw-r--r--config/APT_overlays.d/bugfix-16742-thunderbird-60.7.0-force-all-tests0
-rw-r--r--config/amnesia3
-rwxr-xr-xconfig/chroot_local-hooks/04-change-gids-and-uids2
-rwxr-xr-xconfig/chroot_local-hooks/11-localize_browser5
-rw-r--r--config/chroot_local-includes/etc/sysctl.d/disable_ipv6.conf5
-rwxr-xr-xconfig/chroot_local-includes/usr/share/initramfs-tools/scripts/init-premount/partitioning4
-rw-r--r--config/chroot_local-includes/usr/share/tails/build/group1
-rw-r--r--config/chroot_local-includes/usr/share/tails/build/passwd5
-rw-r--r--features/additional_software_packages.feature2
-rw-r--r--features/support/helpers/firewall_helper.rb7
-rw-r--r--features/support/helpers/misc_helpers.rb6
-rw-r--r--features/support/helpers/sniffing_helper.rb3
13 files changed, 35 insertions, 9 deletions
diff --git a/auto/config b/auto/config
index 8628609..bb8f6e2 100755
--- a/auto/config
+++ b/auto/config
@@ -175,6 +175,7 @@ echo "live-build: `dpkg-query -W -f='${Version}\n' live-build`" \
cat >> config/chroot_local-includes/etc/os-release <<EOF
TAILS_PRODUCT_NAME="Tails"
TAILS_VERSION_ID="$AMNESIA_VERSION"
+TAILS_DISTRIBUTION="$TAILS_DISTRIBUTION"
EOF
if echo "$AMNESIA_VERSION" | grep -qs -E '~(alpha|beta|rc)[0-9]*$' ; then
echo 'TAILS_CHANNEL="alpha"' >> config/chroot_local-includes/etc/os-release
diff --git a/config/APT_overlays.d/bugfix-16742-thunderbird-60.7.0-force-all-tests b/config/APT_overlays.d/bugfix-16742-thunderbird-60.7.0-force-all-tests
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/config/APT_overlays.d/bugfix-16742-thunderbird-60.7.0-force-all-tests
diff --git a/config/amnesia b/config/amnesia
index 3adf186..03023eb 100644
--- a/config/amnesia
+++ b/config/amnesia
@@ -46,3 +46,6 @@ AMNESIA_FULL_VERSION="${AMNESIA_VERSION} - ${SOURCE_DATE_YYYYMMDD}"
AMNESIA_DEV_FULLNAME='Tails developers'
AMNESIA_DEV_EMAIL="tails@boum.org"
AMNESIA_DEV_KEYID="A490 D0F4 D311 A415 3E2B B7CA DBB8 02B2 58AC D84F"
+
+# Used to set a custom home page if the distribution is UNRELEASED
+TAILS_DISTRIBUTION="`dpkg-parsechangelog -SDistribution`"
diff --git a/config/chroot_local-hooks/04-change-gids-and-uids b/config/chroot_local-hooks/04-change-gids-and-uids
index 7320916..417b1fa 100755
--- a/config/chroot_local-hooks/04-change-gids-and-uids
+++ b/config/chroot_local-hooks/04-change-gids-and-uids
@@ -119,6 +119,7 @@ Change_gid pulse-access 1200
Change_gid Debian-gdm 1210
Change_gid kvm 1500
Change_gid render 1510
+Change_gid Debian-exim 1520
# Finally, give these users and groups the desired UID/GID
Change_uid debian-tor 107
@@ -143,3 +144,4 @@ Change_gid pulse-access 120
Change_gid Debian-gdm 121
Change_gid kvm 150
Change_gid render 151
+Change_gid Debian-exim 152
diff --git a/config/chroot_local-hooks/11-localize_browser b/config/chroot_local-hooks/11-localize_browser
index 55097fb..c9a2601 100755
--- a/config/chroot_local-hooks/11-localize_browser
+++ b/config/chroot_local-hooks/11-localize_browser
@@ -81,6 +81,11 @@ while IFS=: read MOZILLA_LOCALE LOCATION; do
"\"${SPELLCHECKER_LOCALE}\"" \
"user_pref"
HOMEPAGE="https://tails.boum.org/home/"
+ . /etc/os-release # get $TAILS_CHANNEL and $TAILS_DISTRIBUTION
+ if [ "${TAILS_DISTRIBUTION}" = UNRELEASED ] \
+ || [ "${TAILS_CHANNEL}" = alpha ]; then
+ HOMEPAGE="${HOMEPAGE}testing/"
+ fi
if echo "${TAILS_WIKI_SUPPORTED_LANGUAGES}" | grep -qw "${LANG_CODE}"; then
HOMEPAGE="${HOMEPAGE}index.${LANG_CODE}.html"
fi
diff --git a/config/chroot_local-includes/etc/sysctl.d/disable_ipv6.conf b/config/chroot_local-includes/etc/sysctl.d/disable_ipv6.conf
new file mode 100644
index 0000000..e1d7883
--- /dev/null
+++ b/config/chroot_local-includes/etc/sysctl.d/disable_ipv6.conf
@@ -0,0 +1,5 @@
+net.ipv6.conf.default.disable_ipv6 = 1
+net.ipv6.conf.all.disable_ipv6 = 1
+
+# Some programs expect the loopback interface to have IPv6 enabled
+net.ipv6.conf.lo.disable_ipv6 = 0
diff --git a/config/chroot_local-includes/usr/share/initramfs-tools/scripts/init-premount/partitioning b/config/chroot_local-includes/usr/share/initramfs-tools/scripts/init-premount/partitioning
index 1f64cd8..3cb8ace 100755
--- a/config/chroot_local-includes/usr/share/initramfs-tools/scripts/init-premount/partitioning
+++ b/config/chroot_local-includes/usr/share/initramfs-tools/scripts/init-premount/partitioning
@@ -102,7 +102,7 @@ sgdisk \
log_end_msg
# Tell the kernel to reload the partition table
-partprobe
+partprobe "${PARENT_DEVICE}"
# fatresize overwrites the VBR, so we have to back it up to be able to
# restore the boot code later
@@ -139,4 +139,4 @@ sgdisk \
"${PARENT_DEVICE}"
# Tell the kernel to reload the partition table
-partprobe
+partprobe "${PARENT_DEVICE}"
diff --git a/config/chroot_local-includes/usr/share/tails/build/group b/config/chroot_local-includes/usr/share/tails/build/group
index b7b283c..2c79c20 100644
--- a/config/chroot_local-includes/usr/share/tails/build/group
+++ b/config/chroot_local-includes/usr/share/tails/build/group
@@ -46,6 +46,7 @@ crontab:x:107:
netdev:x:108:
kvm:x:150:
render:x:151:
+Debian-exim:x:152:
messagebus:x:105:
ssh:x:109:
memlockd:x:110:
diff --git a/config/chroot_local-includes/usr/share/tails/build/passwd b/config/chroot_local-includes/usr/share/tails/build/passwd
index 3dc63f7..79bd76b 100644
--- a/config/chroot_local-includes/usr/share/tails/build/passwd
+++ b/config/chroot_local-includes/usr/share/tails/build/passwd
@@ -20,8 +20,9 @@ systemd-timesync:x:100:102:systemd Time Synchronization,,,:/run/systemd:/bin/fal
systemd-network:x:101:103:systemd Network Management,,,:/run/systemd/netif:/bin/false
systemd-resolve:x:102:104:systemd Resolver,,,:/run/systemd/resolve:/bin/false
_apt:x:104:65534::/nonexistent:/bin/false
-messagebus:x:103:105::/var/run/dbus:/bin/false
-memlockd:x:105:110:memlockd system account,,,:/usr/lib/memlockd:/bin/false
+Debian-exim:x:103:152::/var/spool/exim4:/bin/false
+messagebus:x:105:105::/var/run/dbus:/bin/false
+memlockd:x:106:110:memlockd system account,,,:/usr/lib/memlockd:/bin/false
debian-tor:x:107:114::/var/lib/tor:/bin/false
speech-dispatcher:x:108:29:Speech Dispatcher,,,:/var/run/speech-dispatcher:/bin/false
colord:x:109:117:colord colour management daemon,,,:/var/lib/colord:/bin/false
diff --git a/features/additional_software_packages.feature b/features/additional_software_packages.feature
index 28054c0..80db623 100644
--- a/features/additional_software_packages.feature
+++ b/features/additional_software_packages.feature
@@ -64,7 +64,7 @@ Feature: Additional software
And I refuse adding "cowsay" to Additional Software
Then "cowsay" is not in the list of Additional Software
- # Depends on scenario: Packages I remove from Additional Software through the GUI are not in the Additional Software list anymore
+ # Depends on scenario: My Additional Software list is configurable through a GUI or through notifications when I install or remove packages with APT or Synaptic
# See https://tails.boum.org/blueprint/additional_software_packages/offline_mode/#incomplete-online-upgrade for high level logic
Scenario: Recovering in offline mode after Additional Software previously failed to upgrade and then succeed to upgrade when online
Given a computer
diff --git a/features/support/helpers/firewall_helper.rb b/features/support/helpers/firewall_helper.rb
index f88091d..f2a0597 100644
--- a/features/support/helpers/firewall_helper.rb
+++ b/features/support/helpers/firewall_helper.rb
@@ -10,6 +10,8 @@ end
# address/port) in the graph of all network flows.
def pcap_connections_helper(pcap_file, opts = {})
opts[:ignore_dhcp] = true unless opts.has_key?(:ignore_dhcp)
+ opts[:ignore_arp] = true unless opts.has_key?(:ignore_arp)
+ opts[:ignore_sources] ||= [$vm.vmnet.bridge_mac]
connections = Array.new
packets = PacketFu::PcapFile.new.file_to_array(:filename => pcap_file)
packets.each do |p|
@@ -39,6 +41,9 @@ def pcap_connections_helper(pcap_file, opts = {})
elsif PacketFu::IPPacket.can_parse?(p)
ip_packet = PacketFu::IPPacket.parse(p)
protocol = 'ip'
+ elsif PacketFu::ARPPacket.can_parse?(p)
+ ip_packet = PacketFu::ARPPacket.parse(p)
+ protocol = 'arp'
else
raise "Found something that cannot be parsed"
end
@@ -46,6 +51,8 @@ def pcap_connections_helper(pcap_file, opts = {})
next if opts[:ignore_dhcp] &&
looks_like_dhcp_packet?(eth_packet, protocol,
sport, dport, ip_packet)
+ next if opts[:ignore_arp] && protocol == "arp"
+ next if opts[:ignore_sources].include?(eth_packet.eth_saddr)
packet_info = {
mac_saddr: eth_packet.eth_saddr,
diff --git a/features/support/helpers/misc_helpers.rb b/features/support/helpers/misc_helpers.rb
index b156978..e9e7309 100644
--- a/features/support/helpers/misc_helpers.rb
+++ b/features/support/helpers/misc_helpers.rb
@@ -164,8 +164,10 @@ def wait_until_tor_is_working
try_for(270) { $vm.execute('/usr/local/sbin/tor-has-bootstrapped').success? }
rescue Timeout::Error
# Save Tor logs before erroring out
- File.open("#{$config["TMPDIR"]}/log.tor", 'w') { |file|
- file.write("#{$vm.execute('journalctl --no-pager -u tor@default.service').stdout}")
+ File.open("#{$config["TMPDIR"]}/log.tor", 'w') { |file|
+ $vm.execute('journalctl --no-pager -u tor@default.service > /tmp/tor.journal')
+ file.write($vm.file_content('/tmp/tor.journal'))
+ file.write($vm.file_content('/var/log/tor/log'))
}
raise TorBootstrapFailure.new('Tor failed to bootstrap')
end
diff --git a/features/support/helpers/sniffing_helper.rb b/features/support/helpers/sniffing_helper.rb
index ca9fa27..7ac763e 100644
--- a/features/support/helpers/sniffing_helper.rb
+++ b/features/support/helpers/sniffing_helper.rb
@@ -21,7 +21,7 @@ class Sniffer
@pcap_file = "#{$config["TMPDIR"]}/#{pcap_name}"
end
- def capture(filter="not ether src host #{@vmnet.bridge_mac} and not ether proto \\arp and not ether proto \\rarp")
+ def capture
job = IO.popen(
[
"/usr/sbin/tcpdump",
@@ -30,7 +30,6 @@ class Sniffer
"--immediate-mode",
"-i", @vmnet.bridge_name,
"-w", @pcap_file,
- filter,
:err => ["/dev/null", "w"]
]
)