summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorintrigeri <intrigeri@boum.org>2019-10-24 07:47:15 +0000
committerintrigeri <intrigeri@boum.org>2019-10-24 07:47:15 +0000
commit176466af1eed42fdc23f475c88a41bfe9531cc93 (patch)
treef1b9f6175701aba4e4bc09f5e6761416c8ad56f7
parentee5bb3800ee7cdb95d3fe4435091ba67357181dc (diff)
parent82a68b7b9b897d80c028b5189fe730995fa5965f (diff)
Merge remote-tracking branch 'origin/stable' into test/17164-post_vm_start_hooktest/17164-post_vm_start_hook
-rwxr-xr-xauto/config20
-rw-r--r--data/debootstrap/scripts/debian-common.patch (renamed from data/debootstrap/scripts/jessie.patch)6
-rw-r--r--vagrant/definitions/tails-builder/config/APT_snapshots.d/tails/serial2
-rwxr-xr-xvagrant/definitions/tails-builder/customize.sh14
-rwxr-xr-xvagrant/definitions/tails-builder/postinstall.sh38
-rw-r--r--vagrant/lib/tails_build_settings.rb4
-rwxr-xr-xvagrant/provision/assets/build-tails15
-rwxr-xr-xvagrant/provision/setup-tails-builder2
-rw-r--r--wiki/src/contribute/APT_repository/tagged_snapshots.mdwn2
9 files changed, 52 insertions, 51 deletions
diff --git a/auto/config b/auto/config
index fd7f6c8..ef9eca7 100755
--- a/auto/config
+++ b/auto/config
@@ -139,7 +139,7 @@ $RUN_LB_CONFIG \
--checksums none \
--bootappend-live "${AMNESIA_APPEND}" \
--bootstrap debootstrap \
- --bootstrap-config tails-build-jessie \
+ --bootstrap-config buster \
--archive-areas "main contrib non-free" \
--includes none \
--iso-application="The Amnesic Incognito Live System" \
@@ -207,13 +207,19 @@ install -m 0755 \
rm -rf config/chroot_local-includes/usr/src/aufs-standalone
cp -a submodules/aufs-standalone config/chroot_local-includes/usr/src/
-# custom debootstrap script, setting some APT magic to log downloads:
+# save the original file, shipped by the debootstrap package,
+# so we can always apply our debian-common.patch to the original
+# version
+if ! [ -e /usr/share/debootstrap/scripts/debian-common.bak ]; then
+ cp -a /usr/share/debootstrap/scripts/debian-common \
+ /usr/share/debootstrap/scripts/debian-common.bak
+fi
+# customize debootstrap with some APT magic to log downloads
patch \
- --follow-symlinks \
- --output=/usr/share/debootstrap/scripts/tails-build-jessie \
- /usr/share/debootstrap/scripts/jessie \
- data/debootstrap/scripts/jessie.patch
-sed -i "s,%%topdir%%,$(pwd)," /usr/share/debootstrap/scripts/tails-build-jessie
+ --output=/usr/share/debootstrap/scripts/debian-common \
+ /usr/share/debootstrap/scripts/debian-common.bak \
+ data/debootstrap/scripts/debian-common.patch
+sed -i "s,%%topdir%%,$(pwd)," /usr/share/debootstrap/scripts/debian-common
# Make the python library available in Tails
install -d -m 2777 config/chroot_local-includes/tmp/
diff --git a/data/debootstrap/scripts/jessie.patch b/data/debootstrap/scripts/debian-common.patch
index 62c3975..bb194bc 100644
--- a/data/debootstrap/scripts/jessie.patch
+++ b/data/debootstrap/scripts/debian-common.patch
@@ -1,6 +1,6 @@
---- /usr/share/debootstrap/scripts/sid 2016-05-11 15:43:45.396062439 +0000
-+++ data/debootstrap/tails-wheezy 2016-05-11 15:38:08.949103098 +0000
-@@ -201,4 +201,8 @@
+--- /usr/share/debootstrap/scripts/debian-common 2019-07-06 13:22:30.000000000 +0200
++++ /usr/share/debootstrap/scripts/debian-common 2019-08-05 14:15:07.165451726 +0200
+@@ -217,4 +217,8 @@
progress $bases $bases CONFBASE "Configuring base system"
info BASESUCCESS "Base system installed successfully."
diff --git a/vagrant/definitions/tails-builder/config/APT_snapshots.d/tails/serial b/vagrant/definitions/tails-builder/config/APT_snapshots.d/tails/serial
index 67f21113..e626b97 100644
--- a/vagrant/definitions/tails-builder/config/APT_snapshots.d/tails/serial
+++ b/vagrant/definitions/tails-builder/config/APT_snapshots.d/tails/serial
@@ -1 +1 @@
-2019100904
+2019102001
diff --git a/vagrant/definitions/tails-builder/customize.sh b/vagrant/definitions/tails-builder/customize.sh
index b84b503..3d5116e 100755
--- a/vagrant/definitions/tails-builder/customize.sh
+++ b/vagrant/definitions/tails-builder/customize.sh
@@ -11,20 +11,12 @@ ROOT="$1"
mv "${ROOT}/etc/resolv.conf" "${ROOT}/etc/resolv.conf.orig"
cp --dereference /etc/resolv.conf "${ROOT}/etc/resolv.conf"
-cp "${CURDIR}/postinstall.sh" "${ROOT}/postinstall.sh"
+install --mode=0755 "${CURDIR}/postinstall.sh" "${ROOT}/postinstall.sh"
cp "${CURDIR}/../../../config/chroot_sources/tails.binary.gpg" "${ROOT}/tmp/"
-chmod +x "${ROOT}/postinstall.sh"
-
-# Disable daemon auto-start
-cat > "${ROOT}/usr/sbin/policy-rc.d" <<EOF
-#!/bin/sh
-exit 101
-EOF
-chmod a+x "${ROOT}/usr/sbin/policy-rc.d"
+trap "umount ${ROOT}/proc" EXIT HUP INT QUIT TERM
+chroot "${ROOT}" mount -t proc proc /proc
chroot "${ROOT}" "/postinstall.sh"
-rm "${ROOT}/usr/sbin/policy-rc.d"
-
rm -f "${ROOT}/postinstall.sh"
mv "${ROOT}/etc/resolv.conf.orig" "${ROOT}/etc/resolv.conf"
diff --git a/vagrant/definitions/tails-builder/postinstall.sh b/vagrant/definitions/tails-builder/postinstall.sh
index b8d0e4a..e77002b 100755
--- a/vagrant/definitions/tails-builder/postinstall.sh
+++ b/vagrant/definitions/tails-builder/postinstall.sh
@@ -38,17 +38,18 @@ APT::Periodic::Enable "0";
EOF
echo "I: Installing Tails APT repo signing key..."
+apt-get -y install gnupg
apt-key add /tmp/tails.binary.gpg
echo "I: Adding standard APT suites..."
cat "/etc/apt/sources.list" | \
- sed -e 's/stretch/stretch-updates/' \
- > "/etc/apt/sources.list.d/stretch-updates.list"
+ sed -e 's/buster/buster-updates/' \
+ > "/etc/apt/sources.list.d/buster-updates.list"
-echo "deb http://time-based.snapshots.deb.tails.boum.org/debian-security/${DEBIAN_SECURITY_SERIAL}/ stretch/updates main" \
- > "/etc/apt/sources.list.d/stretch-security.list"
+echo "deb http://time-based.snapshots.deb.tails.boum.org/debian-security/${DEBIAN_SECURITY_SERIAL}/ buster/updates main" \
+ > "/etc/apt/sources.list.d/buster-security.list"
-echo "I: Adding our builder-jessie suite with live-build and pinning it low..."
+echo "I: Adding our builder-jessie suite with live-build and po4a..."
echo "deb http://time-based.snapshots.deb.tails.boum.org/tails/${TAILS_SERIAL}/ builder-jessie main" > "/etc/apt/sources.list.d/tails.list"
sed -e 's/^[[:blank:]]*//' > /etc/apt/preferences.d/tails <<EOF
Package: *
@@ -60,28 +61,17 @@ sed -e 's/^[[:blank:]]*//' > /etc/apt/preferences.d/live-build <<EOF
Pin: release o=Tails,n=builder-jessie
Pin-Priority: 999
EOF
-
-sed -e 's/^[[:blank:]]*//' > /etc/apt/preferences.d/stretch-backports << EOF
- Package: *
- Pin: release n=stretch-backports
- Pin-Priority: 100
+# Install po4a 0.47 for now (#17005)
+sed -e 's/^[[:blank:]]*//' > /etc/apt/preferences.d/po4a <<EOF
+ Package: po4a
+ Pin: release o=Tails,n=builder-jessie
+ Pin-Priority: 999
EOF
-# XXX: remove once the Vagrant build VM has mtools >= 4.0.18-2.1 (Buster)
-echo "I: Adding Debian Buster APT suite..."
-echo " deb http://time-based.snapshots.deb.tails.boum.org/debian/${DEBIAN_SERIAL}/ buster main"\
- > "/etc/apt/sources.list.d/buster.list"
-echo "I: Adding APT pinning for Buster..."
-sed -e 's/^[[:blank:]]*//' > /etc/apt/preferences.d/buster << EOF
+sed -e 's/^[[:blank:]]*//' > /etc/apt/preferences.d/buster-backports << EOF
Package: *
- Pin: release n=buster
- Pin-Priority: -1
-EOF
-echo "I: Adding APT pinning for mtools..."
-sed -e 's/^[[:blank:]]*//' > /etc/apt/preferences.d/mtools << EOF
- Package: mtools
- Pin: release n=buster
- Pin-Priority: 999
+ Pin: release n=buster-backports
+ Pin-Priority: 100
EOF
apt-get update
diff --git a/vagrant/lib/tails_build_settings.rb b/vagrant/lib/tails_build_settings.rb
index 4c09ec5..cdc0812 100644
--- a/vagrant/lib/tails_build_settings.rb
+++ b/vagrant/lib/tails_build_settings.rb
@@ -3,7 +3,7 @@
# vi: set ft=ruby :
# Hostname of the virtual machine (must be in /etc/hosts)
-VIRTUAL_MACHINE_HOSTNAME = 'vagrant-stretch'
+VIRTUAL_MACHINE_HOSTNAME = 'vagrant-buster'
# Approximate amount of RAM needed to run the builder's base system
# and perform a build
@@ -20,7 +20,7 @@ VM_MEMORY_FOR_RAM_BUILDS = VM_MEMORY_BASE + BUILD_SPACE_REQUIREMENT
# The builder VM's platform
ARCHITECTURE = "amd64"
-DISTRIBUTION = "stretch"
+DISTRIBUTION = "buster"
# The name of the Vagrant box
def box_name
diff --git a/vagrant/provision/assets/build-tails b/vagrant/provision/assets/build-tails
index baef54d..10558af 100755
--- a/vagrant/provision/assets/build-tails
+++ b/vagrant/provision/assets/build-tails
@@ -48,8 +48,13 @@ old_build_dirs() {
perl -ni -E 'say $mountpoint if (($mountpoint) = ($_ =~ m{^(?:aufs|tmpfs|devpts-live|proc-live|sysfs-live) on (/tmp/tails-build(?:-tmpfs)?\.[/[:alnum:]]+)}))'
}
+ntp_enabled() {
+ timedatectl status | grep -qs -E '^\s*NTP\s+service:\s+active$'
+}
+
ntp_synchronized() {
- timedatectl status | grep -qs -E '^\s*NTP\s+synchronized:\s+yes$'
+ ntp_enabled && \
+ timedatectl status | grep -qs -E '^\s*System\s+clock\s+synchronized:\s+yes$'
}
if [ "${TAILS_BUILD_FAILURE_RESCUE}" != 1 ]; then
@@ -117,6 +122,14 @@ if [ "${TAILS_OFFLINE_MODE}" != 1 ]; then
fi
if [ -n "$TAILS_DATE_OFFSET" ]; then
as_root_do timedatectl set-ntp false
+
+ echo -n "Waiting for NTP to be disabled..."
+ while ntp_enabled; do
+ sleep 1
+ echo -n "."
+ done
+ echo " done."
+
DESIRED_DATE=$(date --utc --date="${TAILS_DATE_OFFSET} days" '+%F %T')
echo "Setting system time to ${DESIRED_DATE}"
as_root_do timedatectl set-time "$DESIRED_DATE"
diff --git a/vagrant/provision/setup-tails-builder b/vagrant/provision/setup-tails-builder
index b223266..f0e35d5 100755
--- a/vagrant/provision/setup-tails-builder
+++ b/vagrant/provision/setup-tails-builder
@@ -51,7 +51,7 @@ echo "I: Updating debian-security APT source..."
# Always set the latest serial for debian-security
stable_serial="$(grep -Po '\d{10}' /etc/apt/sources.list)"
security_serial="$(latest_serial debian-security)"
-sed -i -e "s/${stable_serial}/${security_serial}/g" /etc/apt/sources.list.d/stretch-security.list
+sed -i -e "s/${stable_serial}/${security_serial}/g" /etc/apt/sources.list.d/buster-security.list
echo "I: Current APT sources are:"
cat /etc/apt/sources.list /etc/apt/sources.list.d/*
diff --git a/wiki/src/contribute/APT_repository/tagged_snapshots.mdwn b/wiki/src/contribute/APT_repository/tagged_snapshots.mdwn
index 79cbf03..673ee74 100644
--- a/wiki/src/contribute/APT_repository/tagged_snapshots.mdwn
+++ b/wiki/src/contribute/APT_repository/tagged_snapshots.mdwn
@@ -35,7 +35,7 @@ in them. Therefore, we create a _build manifest_ at the end of an ISO
build. It is generated by
[[!tails_gitweb auto/scripts/generate-build-manifest]], thanks to
[[!tails_gitweb data/wrappers/apt-get]] and
-[[!tails_gitweb data/debootstrap/scripts/jessie.patch]].
+[[!tails_gitweb data/debootstrap/scripts/debian-common.patch]].
Output: