summaryrefslogtreecommitdiffstats
path: root/config/chroot_local-includes/lib
diff options
context:
space:
mode:
authorsegfault <segfault@riseup.net>2018-02-21 22:28:11 +0100
committersegfault <segfault@riseup.net>2018-02-21 22:28:11 +0100
commit613bbd8c409915ac7d382361d3bbb2110b502492 (patch)
tree587b9c0deab26e0a2f16526146b151757f900d04 /config/chroot_local-includes/lib
parent2cb0c90c3472a761a3c3a65c83034367f8a40021 (diff)
parentc02640b43392d51d989decdedb1fd86db8991ee2 (diff)
Merge branch 'devel' into feature/5684-screen-locker
Diffstat (limited to 'config/chroot_local-includes/lib')
-rwxr-xr-xconfig/chroot_local-includes/lib/live/config/2000-import-gnupg-key2
-rw-r--r--config/chroot_local-includes/lib/systemd/system/gdm.service.d/failure.conf2
-rw-r--r--config/chroot_local-includes/lib/systemd/system/tails-autotest-broken-Xorg.service13
-rw-r--r--config/chroot_local-includes/lib/systemd/system/tails-gdm-failed-to-start.service38
-rw-r--r--config/chroot_local-includes/lib/systemd/system/update-ca-certificates.service21
5 files changed, 54 insertions, 22 deletions
diff --git a/config/chroot_local-includes/lib/live/config/2000-import-gnupg-key b/config/chroot_local-includes/lib/live/config/2000-import-gnupg-key
index 5ec48ff..b409e90 100755
--- a/config/chroot_local-includes/lib/live/config/2000-import-gnupg-key
+++ b/config/chroot_local-includes/lib/live/config/2000-import-gnupg-key
@@ -8,7 +8,7 @@ Import_GnuPG_key ()
echo "- importing Tails' GnuPG signing key into tails-iuk's trusted keyring"
gpg --batch --homedir /usr/share/tails-iuk/trusted_gnupg_homedir \
--import /usr/share/doc/tails/website/tails-signing.key
- chmod -R go+rX /usr/share/tails-iuk/trusted_gnupg_homedir/*
+ chmod -R go+rX /usr/share/tails-iuk
echo "- importing Tails help desk's GnuPG key into WhisperBack's keyring"
gpg --batch --no-default-keyring \
diff --git a/config/chroot_local-includes/lib/systemd/system/gdm.service.d/failure.conf b/config/chroot_local-includes/lib/systemd/system/gdm.service.d/failure.conf
new file mode 100644
index 0000000..f05a8d5
--- /dev/null
+++ b/config/chroot_local-includes/lib/systemd/system/gdm.service.d/failure.conf
@@ -0,0 +1,2 @@
+[Unit]
+OnFailure=tails-gdm-failed-to-start.service
diff --git a/config/chroot_local-includes/lib/systemd/system/tails-autotest-broken-Xorg.service b/config/chroot_local-includes/lib/systemd/system/tails-autotest-broken-Xorg.service
new file mode 100644
index 0000000..705fd08
--- /dev/null
+++ b/config/chroot_local-includes/lib/systemd/system/tails-autotest-broken-Xorg.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Break Xorg for Tails test suite
+Documentation=https://tails.boum.org/contribute/release_process/test/automated_tests/
+ConditionKernelCommandLine=autotest_broken_Xorg
+Before=gdm.service
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/bin/sh -c 'echo "#!/bin/sh\nexit 1" > /usr/bin/Xorg'
+
+[Install]
+WantedBy=multi-user.target
diff --git a/config/chroot_local-includes/lib/systemd/system/tails-gdm-failed-to-start.service b/config/chroot_local-includes/lib/systemd/system/tails-gdm-failed-to-start.service
new file mode 100644
index 0000000..ae598f8
--- /dev/null
+++ b/config/chroot_local-includes/lib/systemd/system/tails-gdm-failed-to-start.service
@@ -0,0 +1,38 @@
+[Unit]
+Description=Guide the user when GDM fails to start
+# GDM normally runs "plymouth --quit" when it fails to start the X server
+# (see on_display_status_changed that calls plymouth_quit_without_transition).
+# But when this happens we kill -9 GDM in our gdm-x-session wrapper, so it
+# might not have time to quit plymouth yet. Therefore we ensure plymouth
+# has quit before we start: we run after plymouth-quit.service (which is started
+# by gdm.service's default OnFailure=), we have plymouth-quit-wait.service start,
+# and we wait for it to complete.
+After=plymouth-quit.service
+Requires=plymouth-quit-wait.service
+After=plymouth-quit-wait.service
+
+[Service]
+Type=oneshot
+# We use VT5 that is clean of boot messages and does not get a getty started
+# when we switch there, thanks to our custom NAutoVTs=4 logind.conf setting
+#
+# There are queued udev events when we run plymouthd so on Stretch, so
+# watch_for_coldplug_completion will set up a watcher and return before
+# there's any place where plymouthd can create a seat to display its
+# splash and messages on. So we tell plymouthd to ignore udev which makes
+# it create a fallback seat.
+# XXX:Buster: check if plymouth.ignore-udev is still necessary (this code path
+# has changed in plymouth 0.9.3)
+ExecStart=/bin/sh -c \
+ '/sbin/plymouthd --mode=shutdown --tty=tty5 \
+ --kernel-command-line="plymouth.ignore-udev $(cat /proc/cmdline)"'
+ExecStart=/bin/chvt 5
+ExecStart=/bin/plymouth show-splash
+ExecStart=/bin/sh -c \
+ 'MAX_LENGTH=254 ; \
+ PREFIX="Error starting GDM with your graphics card: " ; \
+ SUFFIX=". Please take note of this error and visit https://tails.boum.org/gdm for troubleshooting." ; \
+ MAX_VIDEO_CARD_LENGTH=$(($MAX_LENGTH - $(echo -n "$PREFIX$SUFFIX" | wc -c))) ; \
+ VIDEO_CARD=$(lspci -d::0300 -nn | sed -E "s,.* VGA compatible controller \[0300\]:\s*,," | cut -c "1-$MAX_VIDEO_CARD_LENGTH") ; \
+ /bin/plymouth display-message --text="$PREFIX$VIDEO_CARD$SUFFIX" \
+ '
diff --git a/config/chroot_local-includes/lib/systemd/system/update-ca-certificates.service b/config/chroot_local-includes/lib/systemd/system/update-ca-certificates.service
deleted file mode 100644
index 90948da..0000000
--- a/config/chroot_local-includes/lib/systemd/system/update-ca-certificates.service
+++ /dev/null
@@ -1,21 +0,0 @@
-# We remove /etc/ssl/certs/java/cacert at build-time to ensure a
-# deterministic build, so we need to re-create it at boot time.
-
-[Unit]
-Description=Update /etc/ssl/certs and ca-certificates.crt
-After=local-fs.target systemd-tmpfiles-setup.service
-Before=systemd-user-sessions.service
-DefaultDependencies=no
-
-[Service]
-Type=oneshot
-ExecStart=/usr/sbin/update-ca-certificates --fresh
-RemainAfterExit=yes
-CapabilityBoundingSet=
-PrivateDevices=yes
-PrivateTmp=yes
-ProtectHome=yes
-ProtectSystem=yes
-
-[Install]
-WantedBy=multi-user.target