summaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
authorintrigeri <intrigeri@boum.org>2016-05-14 12:34:29 +0000
committerintrigeri <intrigeri@boum.org>2016-05-14 12:34:29 +0000
commit0e27f7691c18ed2420feef43020c141c147287e3 (patch)
tree2db8b96f3751d889faccec071d62d3ab8f74716f /config
parent16a585e5ca5a3b975bb6a9a98ea3450bea7a7cd2 (diff)
parent9e2df21298d89f9373ccfc23cd44320962ba7530 (diff)
Merge remote-tracking branch 'origin/devel' into feature/7315-drop-custom-ssh-crypto-settings
Diffstat (limited to 'config')
-rw-r--r--config/APT_snapshots.d/debian-security/serial1
-rw-r--r--config/APT_snapshots.d/debian/serial1
-rw-r--r--config/APT_snapshots.d/tails/serial1
-rw-r--r--config/APT_snapshots.d/torproject/serial1
-rw-r--r--config/amnesia2
-rw-r--r--config/build-manifest-extra-packages.yml11
-rwxr-xr-xconfig/chroot_local-hooks/98-remove_unwanted_packages2
-rw-r--r--config/chroot_local-includes/etc/ferm/ferm.conf15
-rw-r--r--config/chroot_local-includes/etc/modprobe.d/no-conntrack-helper.conf1
-rw-r--r--config/chroot_local-includes/etc/skel/.purple/blist.xml3
-rw-r--r--config/chroot_local-includes/etc/sysctl.d/pmtud.conf1
-rwxr-xr-xconfig/chroot_local-includes/lib/live/config/1600-undivert-APT8
-rw-r--r--config/chroot_local-includes/usr/share/amnesia/build/mksquashfs-excludes1
-rw-r--r--config/chroot_local-packageslists/tails-common.list3
-rw-r--r--config/chroot_local-patches/python-dogtail_searchShowingOnly.diff294
15 files changed, 333 insertions, 12 deletions
diff --git a/config/APT_snapshots.d/debian-security/serial b/config/APT_snapshots.d/debian-security/serial
new file mode 100644
index 0000000..e95b32e
--- /dev/null
+++ b/config/APT_snapshots.d/debian-security/serial
@@ -0,0 +1 @@
+2015102601
diff --git a/config/APT_snapshots.d/debian/serial b/config/APT_snapshots.d/debian/serial
new file mode 100644
index 0000000..e95b32e
--- /dev/null
+++ b/config/APT_snapshots.d/debian/serial
@@ -0,0 +1 @@
+2015102601
diff --git a/config/APT_snapshots.d/tails/serial b/config/APT_snapshots.d/tails/serial
new file mode 100644
index 0000000..e95b32e
--- /dev/null
+++ b/config/APT_snapshots.d/tails/serial
@@ -0,0 +1 @@
+2015102601
diff --git a/config/APT_snapshots.d/torproject/serial b/config/APT_snapshots.d/torproject/serial
new file mode 100644
index 0000000..e95b32e
--- /dev/null
+++ b/config/APT_snapshots.d/torproject/serial
@@ -0,0 +1 @@
+2015102601
diff --git a/config/amnesia b/config/amnesia
index 7d8d521..5883876 100644
--- a/config/amnesia
+++ b/config/amnesia
@@ -13,7 +13,7 @@
# Base for the string that will be passed to "lb config --bootappend-live"
# FIXME: see [[bugs/sdmem_on_eject_broken_for_CD]] for explanation why we
# need to set block.events_dfl_poll_msecs
-AMNESIA_APPEND="live-media=removable apparmor=1 security=apparmor nopersistence noprompt timezone=Etc/UTC block.events_dfl_poll_msecs=1000 splash noautologin module=Tails"
+AMNESIA_APPEND="live-media=removable apparmor=1 security=apparmor nopersistence noprompt timezone=Etc/UTC block.events_dfl_poll_msecs=1000 splash noautologin module=Tails slab_nomerge slub_debug=FZ mce=0 vsyscall=none"
# Options passed to isohybrid
AMNESIA_ISOHYBRID_OPTS="-h 255 -s 63"
diff --git a/config/build-manifest-extra-packages.yml b/config/build-manifest-extra-packages.yml
new file mode 100644
index 0000000..7c48e7a
--- /dev/null
+++ b/config/build-manifest-extra-packages.yml
@@ -0,0 +1,11 @@
+# Extra packages that shall be added to the build manifest.
+#
+# Add here any package needed during the build, that is not identified by our
+# debootstrap + apt-get wrapper tricks, when there is no better solution.
+#
+packages:
+ binary:
+ - package: squashfs-tools
+ arch: i386
+ version: 1:4.2+20130409-2
+ explanation: pulled by lb_binary_rootfs, outside of the reach of our apt-get wrapper
diff --git a/config/chroot_local-hooks/98-remove_unwanted_packages b/config/chroot_local-hooks/98-remove_unwanted_packages
index 6a465c3..93d1b40 100755
--- a/config/chroot_local-hooks/98-remove_unwanted_packages
+++ b/config/chroot_local-hooks/98-remove_unwanted_packages
@@ -29,7 +29,7 @@ apt-get --yes purge \
### since they have Priority: standard.
apt-get --yes purge \
apt-listchanges at bsd-mailx dc debian-faq doc-debian dselect \
- '^exim4*' ftp m4 mlocate mutt ncurses-term nfs-common portmap procmail python-apt \
+ '^exim4*' ftp m4 mlocate mutt ncurses-term nfs-common portmap procmail \
python-reportbug reportbug telnet texinfo time w3m wamerican
### Deinstall some other unwanted packages.
diff --git a/config/chroot_local-includes/etc/ferm/ferm.conf b/config/chroot_local-includes/etc/ferm/ferm.conf
index a7f4a32..edd10d0 100644
--- a/config/chroot_local-includes/etc/ferm/ferm.conf
+++ b/config/chroot_local-includes/etc/ferm/ferm.conf
@@ -15,7 +15,7 @@ domain ip {
policy DROP;
# Established incoming connections are accepted.
- mod state state (RELATED ESTABLISHED) ACCEPT;
+ mod state state (ESTABLISHED) ACCEPT;
# Traffic on the loopback interface is accepted.
interface lo ACCEPT;
@@ -25,10 +25,13 @@ domain ip {
policy DROP;
# Established outgoing connections are accepted.
- mod state state (RELATED ESTABLISHED) ACCEPT;
+ mod state state (ESTABLISHED) ACCEPT;
# White-list access to local resources
outerface lo {
+ # Related outgoing ICMP packets are accepted.
+ mod state state (RELATED) proto icmp ACCEPT;
+
# White-list access to Tor's SOCKSPort's
daddr 127.0.0.1 proto tcp syn dport 9050 {
mod owner uid-owner root ACCEPT;
@@ -141,7 +144,9 @@ domain ip {
}
# Tor is allowed to do anything it wants to.
- mod owner uid-owner debian-tor ACCEPT;
+ mod owner uid-owner debian-tor {
+ proto tcp syn mod state state (NEW) ACCEPT;
+ }
# i2p is allowed to do anything it wants to on the internet.
outerface ! lo mod owner uid-owner i2psvc {
@@ -188,7 +193,7 @@ domain ip6 {
# White-list access to the accessibility daemon
interface lo saddr ::1 daddr ::1 proto tcp {
dport 4101 ACCEPT;
- sport 4101 mod state state (RELATED ESTABLISHED) ACCEPT;
+ sport 4101 mod state state (ESTABLISHED) ACCEPT;
}
}
@@ -203,7 +208,7 @@ domain ip6 {
# White-list access to the accessibility daemon
outerface lo saddr ::1 daddr ::1 proto tcp {
dport 4101 mod owner uid-owner amnesia ACCEPT;
- sport 4101 mod state state (RELATED ESTABLISHED) ACCEPT;
+ sport 4101 mod state state (ESTABLISHED) ACCEPT;
}
# Everything else is logged and dropped.
diff --git a/config/chroot_local-includes/etc/modprobe.d/no-conntrack-helper.conf b/config/chroot_local-includes/etc/modprobe.d/no-conntrack-helper.conf
new file mode 100644
index 0000000..9f4e2da
--- /dev/null
+++ b/config/chroot_local-includes/etc/modprobe.d/no-conntrack-helper.conf
@@ -0,0 +1 @@
+options nf_conntrack nf_conntrack_helper=0
diff --git a/config/chroot_local-includes/etc/skel/.purple/blist.xml b/config/chroot_local-includes/etc/skel/.purple/blist.xml
index 7f2d28d..64f2f0b 100644
--- a/config/chroot_local-includes/etc/skel/.purple/blist.xml
+++ b/config/chroot_local-includes/etc/skel/.purple/blist.xml
@@ -4,9 +4,6 @@
<blist>
<group name='Discussions'>
<setting name='collapsed' type='bool'>0</setting>
- <chat proto='prpl-irc' account='XXX_NICK_XXX@irc.oftc.net'>
- <component name='channel'>#tails</component>
- </chat>
<chat proto='prpl-irc' account='XXX_NICK_XXX@127.0.0.1'>
<component name='channel'>#i2p</component>
</chat>
diff --git a/config/chroot_local-includes/etc/sysctl.d/pmtud.conf b/config/chroot_local-includes/etc/sysctl.d/pmtud.conf
new file mode 100644
index 0000000..3e938cd
--- /dev/null
+++ b/config/chroot_local-includes/etc/sysctl.d/pmtud.conf
@@ -0,0 +1 @@
+net.ipv4.tcp_mtu_probing=1
diff --git a/config/chroot_local-includes/lib/live/config/1600-undivert-APT b/config/chroot_local-includes/lib/live/config/1600-undivert-APT
new file mode 100755
index 0000000..93f8b53
--- /dev/null
+++ b/config/chroot_local-includes/lib/live/config/1600-undivert-APT
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+echo "- undiverting APT"
+
+if [ -f /usr/bin/apt-get.real ]; then
+ rm -f usr/bin/apt-get
+ dpkg-divert --rename --remove /usr/bin/apt-get
+fi
diff --git a/config/chroot_local-includes/usr/share/amnesia/build/mksquashfs-excludes b/config/chroot_local-includes/usr/share/amnesia/build/mksquashfs-excludes
index 20eb37a..87b68e9 100644
--- a/config/chroot_local-includes/usr/share/amnesia/build/mksquashfs-excludes
+++ b/config/chroot_local-includes/usr/share/amnesia/build/mksquashfs-excludes
@@ -1,6 +1,7 @@
boot/initrd.img-*
boot/vmlinux-*
boot/vmlinuz-*
+debootstrap/*
tmp/*
usr/share/amnesia/packages/*
usr/share/doc/tails/website/blueprint/*
diff --git a/config/chroot_local-packageslists/tails-common.list b/config/chroot_local-packageslists/tails-common.list
index 77b3aad..549f46a 100644
--- a/config/chroot_local-packageslists/tails-common.list
+++ b/config/chroot_local-packageslists/tails-common.list
@@ -108,7 +108,6 @@ gnome-system-monitor
gnome-terminal
gnome-themes
gnome-themes-standard
-gnome-tweak-tool
gnome-user-guide
gnupg-agent
gnupg-curl
@@ -132,7 +131,6 @@ hardlink
haveged
# needed by laptop-mode-tools to spin-down hard drives
hdparm
-hledger
hopenpgp-tools
icedove
icedove-l10n-all
@@ -390,6 +388,7 @@ crda
wireless-regdb
### Automated test suite
+python-dogtail
python3-serial
python3-systemd
xdotool
diff --git a/config/chroot_local-patches/python-dogtail_searchShowingOnly.diff b/config/chroot_local-patches/python-dogtail_searchShowingOnly.diff
new file mode 100644
index 0000000..a579341
--- /dev/null
+++ b/config/chroot_local-patches/python-dogtail_searchShowingOnly.diff
@@ -0,0 +1,294 @@
+Author: anonym <anonym@riseup.net>
+Date: Mon Apr 4 18:04:52 2016 +0200
+
+ Add support for only searching among 'showing' nodes.
+
+ Here 'showing' refers to pyatspi.STATE_SHOWING, i.e. whether a node is
+ shown to the end-user or not. Quite often we are only interested in
+ such nodes, at least when dogtail is used to interact with an
+ application (e.g. clicking something that isn't there won't
+ work). Most importantly, this greatly simplifies situations where the
+ 'shown' element we are looking for is hard to exactly pinpoint since
+ it lacks properties to distinguish it from some not 'shown' element.
+
+ Therefore we add a `showingOnly` boolean flag to all search methods
+ where it makes sense (e.g. it doesn't make sense for Application:s
+ since they seem to always be considered not 'showing'). The default
+ will be to not do this, for backwards-compatibility, but the default
+ is configurable via a new `searchShowingOnly` config option.
+
+--- a/usr/share/pyshared/dogtail/config.py
++++ b/usr/share/pyshared/dogtail/config.py
+@@ -58,6 +58,9 @@ class _Config(object):
+ searchCutoffCount (int):
+ Number of times to retry when a search fails.
+
++ searchShowingOnly (boolean):
++ Whether to only search among nodes that are currently being shown.
++
+ defaultDelay (float):
+ Default time in seconds to sleep when delaying.
+
+@@ -134,6 +137,7 @@ class _Config(object):
+ 'searchBackoffDuration': 0.5,
+ 'searchWarningThreshold': 3,
+ 'searchCutoffCount': 20,
++ 'searchShowingOnly': False,
+ 'defaultDelay': 0.5,
+ 'childrenLimit': 100,
+
+--- a/usr/share/pyshared/dogtail/tree.py
++++ b/usr/share/pyshared/dogtail/tree.py
+@@ -819,12 +819,18 @@ class Node(object):
+ else:
+ return False
+
+- def _fastFindChild(self, pred, recursive=True):
++ def _fastFindChild(self, pred, recursive=True, showingOnly=None):
+ """
+ Searches for an Accessible using methods from pyatspi.utils
+ """
+ if isinstance(pred, predicate.Predicate):
+ pred = pred.satisfiedByNode
++ if showingOnly == None:
++ showingOnly = config.searchShowingOnly
++ if showingOnly:
++ orig_pred = pred
++ pred = lambda n: orig_pred(n) and \
++ n.getState().contains(pyatspi.STATE_SHOWING)
+ if not recursive:
+ cIter = iter(self)
+ while True:
+@@ -839,7 +845,7 @@ class Node(object):
+ return pyatspi.utils.findDescendant(self, pred)
+
+ def findChild(self, pred, recursive=True, debugName=None,
+- retry=True, requireResult=True):
++ retry=True, requireResult=True, showingOnly=None):
+ """
+ Search for a node satisyfing the predicate, returning a Node.
+
+@@ -871,7 +877,7 @@ class Node(object):
+ logger.log("searching for %s (attempt %i)" %
+ (describeSearch(self, pred, recursive, debugName), numAttempts))
+
+- result = self._fastFindChild(pred.satisfiedByNode, recursive)
++ result = self._fastFindChild(pred.satisfiedByNode, recursive, showingOnly=showingOnly)
+ if result:
+ assert isinstance(result, Node)
+ if debugName:
+@@ -891,12 +897,12 @@ class Node(object):
+ raise SearchError(describeSearch(self, pred, recursive, debugName))
+
+ # The canonical "search for multiple" method:
+- def findChildren(self, pred, recursive=True, isLambda=False):
++ def findChildren(self, pred, recursive=True, isLambda=False, showingOnly=None):
+ """
+ Find all children/descendents satisfying the predicate.
+ """
+ if isLambda is True:
+- nodes = self.findChildren(predicate.GenericPredicate(), recursive=recursive)
++ nodes = self.findChildren(predicate.GenericPredicate(), recursive=recursive, showingOnly=showingOnly)
+ result = []
+ for node in nodes:
+ try:
+@@ -907,6 +913,12 @@ class Node(object):
+ return result
+ if isinstance(pred, predicate.Predicate):
+ pred = pred.satisfiedByNode
++ if showingOnly == None:
++ showingOnly = config.searchShowingOnly
++ if showingOnly:
++ orig_pred = pred
++ pred = lambda n: orig_pred(n) and \
++ n.getState().contains(pyatspi.STATE_SHOWING)
+ if not recursive:
+ cIter = iter(self)
+ result = []
+@@ -929,7 +941,7 @@ class Node(object):
+ return descendants
+
+ # The canonical "search above this node" method:
+- def findAncestor(self, pred):
++ def findAncestor(self, pred, showingOnly=None):
+ """
+ Search up the ancestry of this node, returning the first Node
+ satisfying the predicate, or None.
+@@ -945,7 +957,7 @@ class Node(object):
+ return None
+
+ # Various wrapper/helper search methods:
+- def child(self, name='', roleName='', description='', label='', recursive=True, retry=True, debugName=None):
++ def child(self, name='', roleName='', description='', label='', recursive=True, retry=True, debugName=None, showingOnly=None):
+ """
+ Finds a child satisying the given criteria.
+
+@@ -953,9 +965,9 @@ class Node(object):
+ if no such child is found, and will eventually raise an exception. It
+ also logs the search.
+ """
+- return self.findChild(predicate.GenericPredicate(name=name, roleName=roleName, description=description, label=label), recursive=recursive, retry=retry, debugName=debugName)
++ return self.findChild(predicate.GenericPredicate(name=name, roleName=roleName, description=description, label=label), recursive=recursive, retry=retry, debugName=debugName, showingOnly=showingOnly)
+
+- def isChild(self, name='', roleName='', description='', label='', recursive=True, retry=False, debugName=None):
++ def isChild(self, name='', roleName='', description='', label='', recursive=True, retry=False, debugName=None, showingOnly=None):
+ """
+ Determines whether a child satisying the given criteria exists.
+
+@@ -970,12 +982,12 @@ class Node(object):
+ self.findChild(
+ predicate.GenericPredicate(
+ name=name, roleName=roleName, description=description, label=label),
+- recursive=recursive, retry=retry, debugName=debugName)
++ recursive=recursive, retry=retry, debugName=debugName, showingOnly=showingOnly)
+ except SearchError:
+ found = False
+ return found
+
+- def menu(self, menuName, recursive=True):
++ def menu(self, menuName, recursive=True, showingOnly=None):
+ """
+ Search below this node for a menu with the given name.
+
+@@ -983,9 +995,9 @@ class Node(object):
+ if no such child is found, and will eventually raise an exception. It
+ also logs the search.
+ """
+- return self.findChild(predicate.IsAMenuNamed(menuName=menuName), recursive)
++ return self.findChild(predicate.IsAMenuNamed(menuName=menuName), recursive, showingOnly=showingOnly)
+
+- def menuItem(self, menuItemName, recursive=True):
++ def menuItem(self, menuItemName, recursive=True, showingOnly=None):
+ """
+ Search below this node for a menu item with the given name.
+
+@@ -993,9 +1005,9 @@ class Node(object):
+ if no such child is found, and will eventually raise an exception. It
+ also logs the search.
+ """
+- return self.findChild(predicate.IsAMenuItemNamed(menuItemName=menuItemName), recursive)
++ return self.findChild(predicate.IsAMenuItemNamed(menuItemName=menuItemName), recursive, showingOnly=showingOnly)
+
+- def textentry(self, textEntryName, recursive=True):
++ def textentry(self, textEntryName, recursive=True, showingOnly=None):
+ """
+ Search below this node for a text entry with the given name.
+
+@@ -1003,9 +1015,9 @@ class Node(object):
+ if no such child is found, and will eventually raise an exception. It
+ also logs the search.
+ """
+- return self.findChild(predicate.IsATextEntryNamed(textEntryName=textEntryName), recursive)
++ return self.findChild(predicate.IsATextEntryNamed(textEntryName=textEntryName), recursive, showingOnly=showingOnly)
+
+- def button(self, buttonName, recursive=True):
++ def button(self, buttonName, recursive=True, showingOnly=None):
+ """
+ Search below this node for a button with the given name.
+
+@@ -1013,9 +1025,9 @@ class Node(object):
+ if no such child is found, and will eventually raise an exception. It
+ also logs the search.
+ """
+- return self.findChild(predicate.IsAButtonNamed(buttonName=buttonName), recursive)
++ return self.findChild(predicate.IsAButtonNamed(buttonName=buttonName), recursive, showingOnly=showingOnly)
+
+- def childLabelled(self, labelText, recursive=True):
++ def childLabelled(self, labelText, recursive=True, showingOnly=None):
+ """
+ Search below this node for a child labelled with the given text.
+
+@@ -1023,9 +1035,9 @@ class Node(object):
+ if no such child is found, and will eventually raise an exception. It
+ also logs the search.
+ """
+- return self.findChild(predicate.IsLabelledAs(labelText), recursive)
++ return self.findChild(predicate.IsLabelledAs(labelText), recursive, showingOnly=showingOnly)
+
+- def childNamed(self, childName, recursive=True):
++ def childNamed(self, childName, recursive=True, showingOnly=None):
+ """
+ Search below this node for a child with the given name.
+
+@@ -1033,9 +1045,9 @@ class Node(object):
+ if no such child is found, and will eventually raise an exception. It
+ also logs the search.
+ """
+- return self.findChild(predicate.IsNamed(childName), recursive)
++ return self.findChild(predicate.IsNamed(childName), recursive, showingOnly=showingOnly)
+
+- def tab(self, tabName, recursive=True):
++ def tab(self, tabName, recursive=True, showingOnly=None):
+ """
+ Search below this node for a tab with the given name.
+
+@@ -1043,7 +1055,7 @@ class Node(object):
+ if no such child is found, and will eventually raise an exception. It
+ also logs the search.
+ """
+- return self.findChild(predicate.IsATabNamed(tabName=tabName), recursive)
++ return self.findChild(predicate.IsATabNamed(tabName=tabName), recursive, showingOnly=showingOnly)
+
+ def getUserVisibleStrings(self):
+ """
+@@ -1109,7 +1121,7 @@ class Root (Node):
+ Get all applications.
+ """
+ return root.findChildren(predicate.GenericPredicate(
+- roleName="application"), recursive=False)
++ roleName="application"), recursive=False, showingOnly=False)
+
+ def application(self, appName, retry=True):
+ """
+@@ -1120,12 +1132,12 @@ class Root (Node):
+ if no such child is found, and will eventually raise an exception. It
+ also logs the search.
+ """
+- return root.findChild(predicate.IsAnApplicationNamed(appName), recursive=False, retry=retry)
++ return root.findChild(predicate.IsAnApplicationNamed(appName), recursive=False, retry=retry, showingOnly=False)
+
+
+ class Application (Node):
+
+- def dialog(self, dialogName, recursive=False):
++ def dialog(self, dialogName, recursive=False, showingOnly=None):
+ """
+ Search below this node for a dialog with the given name,
+ returning a Window instance.
+@@ -1136,9 +1148,9 @@ class Application (Node):
+
+ FIXME: should this method activate the dialog?
+ """
+- return self.findChild(predicate.IsADialogNamed(dialogName=dialogName), recursive)
++ return self.findChild(predicate.IsADialogNamed(dialogName=dialogName), recursive, showingOnly=showingOnly)
+
+- def window(self, windowName, recursive=False):
++ def window(self, windowName, recursive=False, showingOnly=None):
+ """
+ Search below this node for a window with the given name,
+ returning a Window instance.
+@@ -1152,13 +1164,13 @@ class Application (Node):
+ by the window manager) if wnck bindings are available.
+ """
+ result = self.findChild(
+- predicate.IsAWindowNamed(windowName=windowName), recursive)
++ predicate.IsAWindowNamed(windowName=windowName), recursive, showingOnly=showingOnly)
+ # FIXME: activate the WnckWindow ?
+ # if gotWnck:
+ # result.activate()
+ return result
+
+- def getWnckApplication(self): # pragma: no cover
++ def getWnckApplication(self, showingOnly=None): # pragma: no cover
+ """
+ Get the wnck.Application instance for this application, or None
+
+@@ -1169,7 +1181,7 @@ class Application (Node):
+
+ FIXME: untested
+ """
+- window = self.child(roleName='frame')
++ window = self.child(roleName='frame', showingOnly=showingOnly)
+ if window:
+ wnckWindow = window.getWnckWindow()
+ return wnckWindow.get_application()