summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorintrigeri <intrigeri@boum.org>2017-07-06 07:07:27 +0000
committerintrigeri <intrigeri@boum.org>2017-07-06 07:07:27 +0000
commit76f75565423bd8c2b4b1936716e6255fedf629c0 (patch)
tree2e40810be886ad7106ae0224ac1d56a74f500ec0
parentdd4a33bcf3ef144a617efd0c76db27d726d06f9a (diff)
parent69c1263bbb40b3d92131a235ce18590e5a754dc9 (diff)
Merge remote-tracking branch 'origin/master' into stable
-rw-r--r--wiki/src/blueprint/monthly_report/report_2017_06.mdwn40
-rw-r--r--wiki/src/contribute/release_process.mdwn98
-rw-r--r--wiki/src/security/Numerous_security_holes_in_3.0.fr.po16
3 files changed, 102 insertions, 52 deletions
diff --git a/wiki/src/blueprint/monthly_report/report_2017_06.mdwn b/wiki/src/blueprint/monthly_report/report_2017_06.mdwn
index 300d988..8f1f5c6 100644
--- a/wiki/src/blueprint/monthly_report/report_2017_06.mdwn
+++ b/wiki/src/blueprint/monthly_report/report_2017_06.mdwn
@@ -19,7 +19,7 @@ improvements it brings here (see the
major changes:
- *Tails Greeter*, the application to configure Tails at startup, has
- been completely redesigned for ease of use:
+ been completely redesigned for ease of use.
- The shutdown experience has also been redesigned in order to be
more reliable and more discrete.
- Tails 3.0 works on <span
@@ -29,9 +29,6 @@ major changes:
Code
====
-We've made great progress on simplifying the Tails Installer user
-interface ([[!tails_ticket 8859]]).
-
Thanks to
[multiprocess](https://developer.mozilla.org/en-US/Firefox/Multiprocess_Firefox)
Firefox, we started working on
@@ -63,17 +60,27 @@ Furthermore, we are still working on documenting the new release process and
verification options for our users
([[!tails_ticket 12616]], [[!tails_ticket 12629]], [[!tails_ticket 12630]]).
-Documentation and website
-=========================
+User experience
+===============
-XXX: Explore the Git history:
+- We discussed strategies to [[porting our Download and Verify extension
+ for Firefox to *Web
+ Extensions*|https://mailman.boum.org/pipermail/tails-ux/2017-June/003394.html]],
+ a requirement for the upcoming Firefox 57 (November 14), as this will
+ affect the design of our download instructions.
- git log --patch --since='1 October' --until='1 November' origin/master -- "*.*m*"
+- We finished the redesign of *Tails Installer* to get rid of the
+ initial splash screen. ([[!tails_ticket 8859]]).
-User experience
-===============
+- We installed a [[prototype of
+ *Piwik*|https://mailman.boum.org/pipermail/tails-ux/2017-June/003398.html]],
+ a free web analytics platform, to evaluate how well it would work
+ against our privacy constraints and metrics needs.
-XXX: Check the archives of tails-ux: https://mailman.boum.org/pipermail/tails-ux/
+- We agreed on increasing the size of the system partition from 2.5 to 4
+ GiB minimum starting from Tails 3.2 (October 3) to allow for more
+ automatic upgrades before a manual upgrade is needed. ([[!tails_ticket
+ 12705]])
Infrastructure
==============
@@ -85,7 +92,7 @@ We have
some infrastructure bits so that all contributors have more visibility
and power over our core teams's priorities.
-## HTTP mirror pool
+## HTTPS mirror pool
We've switched our mirror pool to mirrors serving files over HTTPS
only ([[!tails_ticket 12837]]). Our round-robin fallback DNS
@@ -113,10 +120,15 @@ We deployed [[!tails_ticket 11523 desc="some"]]
[[!tails_ticket 5894 desc="work"]] done by groente, who is in the
process of joining our sysadmin team.
+## tails-support mailing list
+
+We closed the [[`tails-support@boum.org` mailing
+list|news/closing_tails-support]].
+
Funding
=======
-- We've created a page listing our partners, previous and current [[grants, private companies and individuals who help keep Tails alive|partners/]] by supporting us financially. [[Do you want to partner with us too?|partners/become/]]
+- We've created a page listing our partners, previous and current [[grants, private companies and individuals who help keep Tails alive|partners]] by supporting us financially. [[Do you want to partner with us too?|partners/become]]
- We are making good progress on our proposal with OTF, and we hope
we'll be able to share great news soon :)
@@ -237,4 +249,4 @@ Metrics
* Tails has been started more than 695 672 times this month.
This makes 23 189 boots a day on average.
* 15 508 downloads of the OpenPGP signature of the Tails ISO from our website.
-* XXX:sajolida WHISPERBACK bug reports were received through WhisperBack.
+* 215 bug reports were received through WhisperBack.
diff --git a/wiki/src/contribute/release_process.mdwn b/wiki/src/contribute/release_process.mdwn
index f1a9713..5193c31 100644
--- a/wiki/src/contribute/release_process.mdwn
+++ b/wiki/src/contribute/release_process.mdwn
@@ -555,7 +555,7 @@ suite should be ready, so it is time to:
Note: for Jenkins to build the release you must push the release
branch with its tip tagged. I.e. if you deviate from the above
- commands by e.g. committing a commit in between `gut tag` and the
+ commands by e.g. committing a commit in between `git tag` and the
first `git push` then Jenkins won't build from the tag -- please
avoid that!
@@ -819,43 +819,55 @@ Sanity check
Verify once more that the Tor Browser we ship is still the most recent (see
above).
-## Announce, seed and test the Torrents
+<a id="publish-iuk"></a>
-Announce and seed the Torrents.
+Publish the ISO and IUK over HTTP
+---------------------------------
-Test them with a BitTorrent client running in a different place.
+Upload the IUKs to the primary rsync mirror:
-## Download and seed image from lizard
+ for source_version in ${IUK_SOURCE_VERSIONS}; do
+ rsync --partial --inplace --progress -v \
+ "${ISOS:?}/Tails_amd64_${source_version:?}_to_${VERSION:?}.iuk" \
+ rsync.lizard:
+ done
- scp "${ISOS:?}/tails-amd64-${VERSION:?}.torrent" \
- bittorrent.lizard: && \
- ssh bittorrent.lizard \
- transmission-remote --add tails-amd64-${VERSION:?}.torrent \
- --find /var/lib/transmission-daemon/downloads/
+Upload the ISO signature to the primary rsync mirror:
-<a id="publish-iuk"></a>
+ scp \
+ "${ISOS:?}/tails-amd64-${VERSION:?}/tails-amd64-${VERSION:?}.iso.sig" \
+ rsync.lizard:
-Publish the ISO and IUK over HTTP
----------------------------------
+Pick a build from `$RELEASE_BRANCH` that produced an ISO identical to
+the one you've built locally (`XXX` must be the job ID, i.e.
+an integer):
+
+ MATCHING_JENKINS_BUILD_ID=XXX
-Upload the images to the primary rsync mirror. Best practice is to first
-let bittorrent.lizard download the image, and then copy it from there to
-rsync.lizard:
+Copy the ISO to the primary rsync mirror and verify the signature:
- ssh lizard.tails.boum.org \
- scp -3 -r \
- bittorrent.lizard:/var/lib/transmission-daemon/downloads/tails-amd64-${VERSION:?} \
- rsync.lizard:
+ cat "${RELEASE_CHECKOUT:?}/wiki/src/tails-signing.key" \
+ | ssh rsync.lizard gpg --import
ssh rsync.lizard << EOF
- sudo chown -R root:rsync_tails \
- tails-amd64-${VERSION:?} \
- Tails_amd64_${PREVIOUS_VERSION:?}_to_${VERSION:?}.iuk && \
- sudo chmod -R u=rwX,go=rX \
- tails-amd64-${VERSION:?} \
- Tails_amd64_${PREVIOUS_VERSION:?}_to_${VERSION:?}.iuk && \
- sudo mv tails-amd64-${VERSION:?} \
- /srv/rsync/tails/tails/${DIST:?}/ && \
- sudo mv Tails_amd64_${PREVIOUS_VERSION:?}_to_${VERSION:?}.iuk \
+ wget \
+ "https://nightly.tails.boum.org/build_Tails_ISO_${RELEASE_BRANCH:?}/builds/${MATCHING_JENKINS_BUILD_ID:?}/archive/build-artifacts/tails-amd64-${VERSION:?}.iso" && \
+ gpg --verify tails-amd64-${VERSION:?}.iso{.sig,}
+ EOF
+
+Move files in place with proper ownership and permissions:
+
+ ssh rsync.lizard << EOF
+ sudo install -o root -g rsync_tails -m 0755 -d \
+ /srv/rsync/tails/tails/${DIST:?}/tails-amd64-${VERSION:?} && \
+ sudo chown root:rsync_tails \
+ tails-amd64-${VERSION:?}.iso* \
+ Tails_amd64_*_to_${VERSION:?}.iuk && \
+ sudo chmod u=rwX,go=rX \
+ tails-amd64-${VERSION:?}.iso* \
+ Tails_amd64_*_to_${VERSION:?}.iuk && \
+ sudo mv tails-amd64-${VERSION:?}.iso* \
+ /srv/rsync/tails/tails/${DIST:?}/tails-amd64-${VERSION:?} && \
+ sudo mv Tails_amd64_*_to_${VERSION:?}.iuk \
/srv/rsync/tails/tails/${DIST:?}/iuk/
EOF
@@ -873,6 +885,34 @@ and on the live wiki (even for a release candidate):
git push origin master
)
+
+## Announce, seed and test the Torrents
+
+ cat "${RELEASE_CHECKOUT:?}/wiki/src/tails-signing.key" \
+ | ssh bittorrent.lizard gpg --import
+ scp \
+ "${ISOS:?}/tails-amd64-${VERSION:?}.torrent" \
+ "${ISOS:?}/tails-amd64-${VERSION:?}/tails-amd64-${VERSION:?}.iso.sig" \
+ bittorrent.lizard: && \
+ ssh bittorrent.lizard << EOF
+ mkdir --mode 0755 "tails-amd64-${VERSION:?}" && \
+ mv "tails-amd64-${VERSION:?}.iso.sig" \
+ "tails-amd64-${VERSION:?}/" && \
+ cd "tails-amd64-${VERSION:?}" && \
+ wget \
+ "https://nightly.tails.boum.org/build_Tails_ISO_${RELEASE_BRANCH:?}/builds/${MATCHING_JENKINS_BUILD_ID:?}/archive/build-artifacts/tails-amd64-${VERSION:?}.iso" && \
+ gpg --verify tails-amd64-${VERSION:?}.iso{.sig,} && \
+ cd && \
+ chmod -R go+rX "tails-amd64-${VERSION:?}" && \
+ sudo mv \
+ "tails-amd64-${VERSION:?}" \
+ /var/lib/transmission-daemon/downloads/ && \
+ transmission-remote --add tails-amd64-${VERSION:?}.torrent \
+ --find /var/lib/transmission-daemon/downloads/
+ EOF
+
+Test that you can start downloading the ISO with a BitTorrent client.
+
ISO history
-----------
diff --git a/wiki/src/security/Numerous_security_holes_in_3.0.fr.po b/wiki/src/security/Numerous_security_holes_in_3.0.fr.po
index d7616f9..2a55187 100644
--- a/wiki/src/security/Numerous_security_holes_in_3.0.fr.po
+++ b/wiki/src/security/Numerous_security_holes_in_3.0.fr.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: \n"
"POT-Creation-Date: 2017-07-05 21:21+0300\n"
-"PO-Revision-Date: 2017-07-05 11:58+0000\n"
+"PO-Revision-Date: 2017-07-05 21:32+0200\n"
"Last-Translator: \n"
"Language-Team: \n"
"Language: fr\n"
@@ -42,13 +42,11 @@ msgstr ""
msgid ""
"We **strongly** encourage you to [[upgrade to Tails 3.0.1|news/"
"version_3.0.1]] as soon as possible."
-msgstr ""
-"Nous vous encourageons **vivement** à [[mettre à jour vers Tails 3.0.1|news/"
-"version_3.0.1]] dès que possible."
+msgstr "Nous vous encourageons **vivement** à [[mettre à jour vers Tails 3.0.1|news/version_3.0.1]] dès que possible."
#. type: Bullet: '- '
msgid "tor: TROVE-2017-006 (aka. [[!tor_bug 22753]] and [[!cve 2017-0377]])"
-msgstr "tor : TROVE-2017-006 (alias [[!tor_bug 22753]] et [[!cve 2017-0377]])"
+msgstr "tor : TROVE-2017-006 (alias [[!tor_bug 22753]] et [[!cve 2017-0377]])"
#. type: Bullet: '- '
msgid ""
@@ -60,16 +58,16 @@ msgstr ""
#. type: Bullet: '- '
msgid "libc: [[!debsa2017 3887]] (aka. *Stack Clash*)"
-msgstr "libc : [[!debsa2017 3887]] (alias *Stack Clash*)"
+msgstr "libc : [[!debsa2017 3887]] (alias *Stack Clash*)"
#. type: Bullet: '- '
msgid "libexpat1: [[!debsa2017 3898]]"
-msgstr "libexpat1 : [[!debsa2017 3898]]"
+msgstr "libexpat1 : [[!debsa2017 3898]]"
#. type: Bullet: '- '
msgid "libgcrypt20: [[!debsa2017 3901]]"
-msgstr "libgcrypt20 : [[!debsa2017 3901]]"
+msgstr "libgcrypt20 : [[!debsa2017 3901]]"
#. type: Bullet: '- '
msgid "libgnutls30: [[!debsa2017 3884]]"
-msgstr "libgnutls30 : [[!debsa2017 3884]]"
+msgstr "libgnutls30 : [[!debsa2017 3884]]"