summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xauto/build1
-rwxr-xr-xauto/config2
-rw-r--r--config/APT_overlays.d/feature-7756-reintroduce-whisperback0
-rw-r--r--config/base_branch2
-rwxr-xr-xconfig/binary_local-hooks/10-syslinux_customize2
-rw-r--r--config/chroot_apt/preferences194
-rwxr-xr-xconfig/chroot_local-hooks/04-change-gids-and-uids19
-rwxr-xr-xconfig/chroot_local-hooks/10-tbb4
-rwxr-xr-xconfig/chroot_local-hooks/21-gdm_background13
-rwxr-xr-xconfig/chroot_local-hooks/21-gdm_unit_file11
-rwxr-xr-xconfig/chroot_local-hooks/22-plymouth12
-rwxr-xr-xconfig/chroot_local-hooks/23-fake-gnome-backgrounds34
-rwxr-xr-xconfig/chroot_local-hooks/40-etc_modules2
-rwxr-xr-xconfig/chroot_local-hooks/44-configure_console-setup7
-rwxr-xr-xconfig/chroot_local-hooks/45-disable-unneeded-dbus-services15
-rwxr-xr-xconfig/chroot_local-hooks/46-configure-htpdate12
-rwxr-xr-xconfig/chroot_local-hooks/50-dkms50
-rwxr-xr-xconfig/chroot_local-hooks/50-fine-tune-syndaemon26
-rwxr-xr-xconfig/chroot_local-hooks/50-virtualbox75
-rwxr-xr-xconfig/chroot_local-hooks/52-udev-watchdog2
-rwxr-xr-xconfig/chroot_local-hooks/52-update-rc.d63
-rwxr-xr-xconfig/chroot_local-hooks/80-block-network9
-rwxr-xr-xconfig/chroot_local-hooks/98-remove_unwanted_files3
-rwxr-xr-xconfig/chroot_local-hooks/98-remove_unwanted_packages10
-rwxr-xr-xconfig/chroot_local-includes/etc/NetworkManager/dispatcher.d/01-wait-for-notification-recipient.sh (renamed from config/chroot_local-includes/etc/NetworkManager/dispatcher.d/01-wait-for-NM-applet.sh)4
-rwxr-xr-xconfig/chroot_local-includes/etc/NetworkManager/dispatcher.d/20-time.sh5
-rwxr-xr-xconfig/chroot_local-includes/etc/NetworkManager/dispatcher.d/60-tor-ready.sh8
-rw-r--r--config/chroot_local-includes/etc/X11/Xsession.d/56gnome-classic4
-rw-r--r--config/chroot_local-includes/etc/X11/Xsession.d/80im-starter57
-rw-r--r--config/chroot_local-includes/etc/X11/xorg.conf.d/disable-screen-blanking.conf6
-rw-r--r--config/chroot_local-includes/etc/dconf/db/local.d/00_Tails_defaults26
-rw-r--r--config/chroot_local-includes/etc/default/htpdate.pools (renamed from config/chroot_local-includes/etc/default/htpdate)1
-rw-r--r--config/chroot_local-includes/etc/default/kexec19
-rw-r--r--config/chroot_local-includes/etc/ferm/ferm.conf19
-rw-r--r--config/chroot_local-includes/etc/fonts/conf.avail/11-lcdfilter-default.conf10
-rw-r--r--config/chroot_local-includes/etc/fonts/conf.avail/12-hintstyle-hintslight.conf5
-rw-r--r--config/chroot_local-includes/etc/fonts/conf.avail/13-antialias.conf5
l---------config/chroot_local-includes/etc/fonts/conf.d/10-autohint.conf1
l---------config/chroot_local-includes/etc/fonts/conf.d/10-sub-pixel-rgb.conf1
l---------config/chroot_local-includes/etc/fonts/conf.d/11-lcdfilter-default.conf1
l---------config/chroot_local-includes/etc/fonts/conf.d/12-hintstyle-hintslight.conf1
l---------config/chroot_local-includes/etc/fonts/conf.d/13-antialias.conf1
-rw-r--r--config/chroot_local-includes/etc/fstab1
-rw-r--r--config/chroot_local-includes/etc/gdm3/greeter.gconf-defaults1
-rwxr-xr-xconfig/chroot_local-includes/etc/init.d/htpdate109
-rwxr-xr-xconfig/chroot_local-includes/etc/init.d/tails-autotest-remote-shell75
-rwxr-xr-xconfig/chroot_local-includes/etc/init.d/tails-detect-virtualization56
-rwxr-xr-xconfig/chroot_local-includes/etc/init.d/tails-kexec115
-rwxr-xr-xconfig/chroot_local-includes/etc/init.d/tails-reconfigure-kexec32
-rwxr-xr-xconfig/chroot_local-includes/etc/init.d/tails-reconfigure-memlockd35
-rwxr-xr-xconfig/chroot_local-includes/etc/init.d/tails-sdmem-on-media-removal61
-rwxr-xr-xconfig/chroot_local-includes/etc/init.d/tails-set-wireless-devices-state21
-rwxr-xr-xconfig/chroot_local-includes/etc/init.d/tor-controlport-filter27
-rw-r--r--config/chroot_local-includes/etc/live/config.d/user-default-groups.conf2
-rw-r--r--config/chroot_local-includes/etc/live/config.d/x-session-manager.conf1
-rw-r--r--config/chroot_local-includes/etc/memlockd.cfg4
-rw-r--r--config/chroot_local-includes/etc/polkit-1/localauthority/10-vendor.d/org.boum.tails.pkla8
-rw-r--r--config/chroot_local-includes/etc/skel/.config/gnome-panel/panel-default-layout.layout74
-rw-r--r--config/chroot_local-includes/etc/skel/.config/menus/gnome-applications.menu16
-rw-r--r--config/chroot_local-includes/etc/skel/.config/menus/gnome-settings.menu23
-rw-r--r--config/chroot_local-includes/etc/sudoers.d/zzz_halt2
-rw-r--r--config/chroot_local-includes/etc/sudoers.d/zzz_tor-has-bootstrapped1
-rw-r--r--config/chroot_local-includes/etc/sudoers.d/zzz_upgrade1
-rw-r--r--config/chroot_local-includes/etc/udev/rules.d/70-protect-boot-medium-for-udisks.rules2
-rw-r--r--config/chroot_local-includes/etc/udev/rules.d/99-hide-TailsData.rules2
-rw-r--r--config/chroot_local-includes/etc/udev/rules.d/99-make-removable-devices-user-writable.rules3
-rw-r--r--config/chroot_local-includes/etc/whisperback/config.py4
-rw-r--r--config/chroot_local-includes/etc/xdg/autostart/add-GNOME-bookmarks.desktop10
-rw-r--r--config/chroot_local-includes/etc/xdg/autostart/create-tor-browser-directories.desktop10
-rw-r--r--config/chroot_local-includes/etc/xdg/autostart/save-im-environment.desktop10
-rw-r--r--config/chroot_local-includes/etc/xdg/autostart/security-check.desktop10
-rw-r--r--config/chroot_local-includes/etc/xdg/autostart/systemd-desktop-target.desktop8
-rw-r--r--config/chroot_local-includes/etc/xdg/autostart/tails-configure-keyboard.desktop10
-rw-r--r--config/chroot_local-includes/etc/xdg/autostart/tails-upgrade-frontend.desktop10
-rw-r--r--config/chroot_local-includes/etc/xdg/autostart/tails-warn-about-disabled-persistence.desktop9
-rw-r--r--config/chroot_local-includes/etc/xdg/autostart/virt-notify.desktop10
-rwxr-xr-xconfig/chroot_local-includes/lib/systemd/system-shutdown/tails-kexec86
-rw-r--r--config/chroot_local-includes/lib/systemd/system/cups.service.d/after-AppArmor.conf2
-rw-r--r--config/chroot_local-includes/lib/systemd/system/htpdate.service36
l---------config/chroot_local-includes/lib/systemd/system/kexec.service1
-rw-r--r--config/chroot_local-includes/lib/systemd/system/memlockd.service.d/oom.conf2
-rw-r--r--config/chroot_local-includes/lib/systemd/system/tails-autotest-remote-shell.service12
-rw-r--r--config/chroot_local-includes/lib/systemd/system/tails-reconfigure-kexec.service17
-rw-r--r--config/chroot_local-includes/lib/systemd/system/tails-reconfigure-memlockd.service18
-rw-r--r--config/chroot_local-includes/lib/systemd/system/tails-restricted-network-detector.service21
-rw-r--r--config/chroot_local-includes/lib/systemd/system/tails-sdmem-on-media-removal.service16
-rw-r--r--config/chroot_local-includes/lib/systemd/system/tails-set-wireless-devices-state.service16
-rw-r--r--config/chroot_local-includes/lib/systemd/system/tails-unblock-network.service30
-rw-r--r--config/chroot_local-includes/lib/systemd/system/tails-wait-until-tor-has-bootstrapped.service24
-rw-r--r--config/chroot_local-includes/lib/systemd/system/tor-controlport-filter.service17
-rwxr-xr-xconfig/chroot_local-includes/usr/lib/apt/methods/tor+http8
-rw-r--r--config/chroot_local-includes/usr/lib/bonobo/servers/ShutdownHelper_Factory.server27
-rw-r--r--config/chroot_local-includes/usr/lib/systemd/user/desktop.target5
-rw-r--r--config/chroot_local-includes/usr/lib/systemd/user/tails-add-GNOME-bookmarks.service11
-rw-r--r--config/chroot_local-includes/usr/lib/systemd/user/tails-configure-keyboard.service11
-rw-r--r--config/chroot_local-includes/usr/lib/systemd/user/tails-create-tor-browser-directories.service11
-rw-r--r--config/chroot_local-includes/usr/lib/systemd/user/tails-security-check.service11
-rw-r--r--config/chroot_local-includes/usr/lib/systemd/user/tails-upgrade-frontend.service11
-rw-r--r--config/chroot_local-includes/usr/lib/systemd/user/tails-virt-notify-user.service11
-rw-r--r--config/chroot_local-includes/usr/lib/systemd/user/tails-wait-until-tor-has-bootstrapped.service14
-rw-r--r--config/chroot_local-includes/usr/lib/systemd/user/tails-warn-about-disabled-persistence.service11
-rw-r--r--config/chroot_local-includes/usr/lib/tmpfiles.d/tor-has-bootstrapped.conf2
-rwxr-xr-xconfig/chroot_local-includes/usr/local/bin/pidgin4
-rwxr-xr-xconfig/chroot_local-includes/usr/local/bin/tails-activate-win8-theme5
-rwxr-xr-xconfig/chroot_local-includes/usr/local/bin/tails-configure-keyboard62
-rwxr-xr-xconfig/chroot_local-includes/usr/local/bin/tails-delete-persistent-volume1
-rwxr-xr-xconfig/chroot_local-includes/usr/local/bin/tails-htp-notify-user2
-rwxr-xr-xconfig/chroot_local-includes/usr/local/bin/tails-persistence-setup1
-rwxr-xr-xconfig/chroot_local-includes/usr/local/bin/tails-save-im-environment4
-rwxr-xr-xconfig/chroot_local-includes/usr/local/bin/tails-security-check24
-rwxr-xr-xconfig/chroot_local-includes/usr/local/bin/tails-security-check-wrapper7
-rwxr-xr-xconfig/chroot_local-includes/usr/local/bin/tails-upgrade-frontend-wrapper6
-rwxr-xr-xconfig/chroot_local-includes/usr/local/bin/tails-virt-notify-user48
-rwxr-xr-xconfig/chroot_local-includes/usr/local/bin/tails-warn-about-disabled-persistence91
-rwxr-xr-xconfig/chroot_local-includes/usr/local/bin/tor-browser6
-rwxr-xr-xconfig/chroot_local-includes/usr/local/lib/add-GNOME-bookmarks3
-rwxr-xr-xconfig/chroot_local-includes/usr/local/lib/create-tor-browser-directories3
-rwxr-xr-xconfig/chroot_local-includes/usr/local/lib/shutdown-helper-applet80
-rwxr-xr-xconfig/chroot_local-includes/usr/local/lib/start-systemd-desktop-target20
-rwxr-xr-xconfig/chroot_local-includes/usr/local/lib/tails-autotest-remote-shell29
-rwxr-xr-xconfig/chroot_local-includes/usr/local/sbin/htpdate14
-rwxr-xr-xconfig/chroot_local-includes/usr/local/sbin/live-persist29
-rwxr-xr-xconfig/chroot_local-includes/usr/local/sbin/restart-vidalia2
-rwxr-xr-xconfig/chroot_local-includes/usr/local/sbin/tails-debugging-info6
-rwxr-xr-xconfig/chroot_local-includes/usr/local/sbin/tails-notify-user3
-rwxr-xr-xconfig/chroot_local-includes/usr/local/sbin/tails-reconfigure-kexec19
-rwxr-xr-xconfig/chroot_local-includes/usr/local/sbin/tails-reconfigure-memlockd10
-rwxr-xr-xconfig/chroot_local-includes/usr/local/sbin/tails-restricted-network-detector12
-rwxr-xr-xconfig/chroot_local-includes/usr/local/sbin/tails-spoof-mac18
-rwxr-xr-xconfig/chroot_local-includes/usr/local/sbin/tails-tor-launcher2
-rwxr-xr-xconfig/chroot_local-includes/usr/local/sbin/tails-unblock-network31
-rwxr-xr-xconfig/chroot_local-includes/usr/local/sbin/tor-has-bootstrapped13
-rwxr-xr-xconfig/chroot_local-includes/usr/local/sbin/udev-watchdog-wrapper13
-rw-r--r--config/chroot_local-includes/usr/share/dbus-1/services/org.gnome.panel.applet.ShutdownHelperFactory.service3
-rw-r--r--config/chroot_local-includes/usr/share/gdm/dconf/50-tails5
l---------config/chroot_local-includes/usr/share/gdm/greeter/autostart/spice-vdagent.desktop1
-rw-r--r--config/chroot_local-includes/usr/share/gnome-panel/4.0/applets/org.boum.tails.ShutdownHelper.panel-applet11
-rw-r--r--config/chroot_local-includes/usr/share/gnome-shell/extensions/shutdown-helper@tails.boum.org/extension.js139
-rw-r--r--config/chroot_local-includes/usr/share/gnome-shell/extensions/shutdown-helper@tails.boum.org/lib.js37
-rw-r--r--config/chroot_local-includes/usr/share/gnome-shell/extensions/shutdown-helper@tails.boum.org/metadata.json13
-rw-r--r--config/chroot_local-includes/usr/share/gnome-shell/extensions/topIcons@adel.gadllah@gmail.com/extension.js177
-rw-r--r--config/chroot_local-includes/usr/share/gnome-shell/extensions/topIcons@adel.gadllah@gmail.com/metadata.json17
-rwxr-xr-xconfig/chroot_local-includes/usr/share/initramfs-tools/hooks/kms22
-rw-r--r--config/chroot_local-includes/usr/share/tails/screensaver_background.pngbin0 -> 126 bytes
-rw-r--r--config/chroot_local-packageslists/tails-common.list49
-rw-r--r--config/chroot_local-patches/Desktop-Notify:_0001-support_notification_actions.patch122
-rw-r--r--config/chroot_local-patches/Desktop-Notify:_0002-support_hints.patch59
-rw-r--r--config/chroot_local-patches/apparmor-adjust-cupsd-profile.diff39
-rw-r--r--config/chroot_local-patches/cupsd-IPv4_only.patch8
-rw-r--r--config/chroot_local-patches/disable_kexec_initscript.diff8
-rw-r--r--config/chroot_local-patches/do_not_run_plymouth_on_shutdown.diff14
-rw-r--r--config/chroot_local-patches/do_not_run_pulseaudio_initscript.diff13
-rw-r--r--config/chroot_local-patches/do_not_save_mixer_levels_on_shutdown.diff7
-rw-r--r--config/chroot_local-patches/do_not_start_network-manager_on_boot.diff10
-rw-r--r--config/chroot_local-patches/gdm-background.diff13
-rw-r--r--config/chroot_local-patches/remount_persistence_filesystem_readonly_on_shutdown.patch6
-rw-r--r--config/chroot_local-patches/run_kexec-load_even_in_emergency_shutdown.diff17
-rw-r--r--config/chroot_local-patches/run_t-p-s_as_its_dedicated_user.diff18
-rw-r--r--config/chroot_local-patches/start_AppArmor_earlier.diff14
-rw-r--r--config/chroot_local-patches/torsocks_claws-mail.diff13
-rw-r--r--config/chroot_local-patches/torsocks_gobby-0.5.patch14
-rw-r--r--config/chroot_local-patches/torsocks_liferea.patch12
-rw-r--r--config/chroot_local-patches/torsocks_seahorse.patch9
-rw-r--r--config/chroot_local-patches/unmute_alsa_channels.patch13
-rw-r--r--config/chroot_local-patches/wrap_pidgin.patch9
-rw-r--r--config/chroot_local-patches/zenity-fix-whitespacing-box-sizes.diff199
l---------config/chroot_sources/jessie-backports.binary1
-rw-r--r--config/chroot_sources/jessie-backports.chroot1
l---------config/chroot_sources/jessie-updates.binary1
-rw-r--r--config/chroot_sources/jessie-updates.chroot1
l---------config/chroot_sources/jessie.binary1
-rw-r--r--config/chroot_sources/jessie.chroot1
-rw-r--r--config/chroot_sources/torproject.chroot2
l---------config/chroot_sources/wheezy-backports.binary1
-rw-r--r--config/chroot_sources/wheezy-backports.chroot1
-rw-r--r--features/apt.feature6
-rw-r--r--features/checks.feature11
-rw-r--r--features/domains/default.xml1
-rw-r--r--features/images/CupsTestPage.pngbin11564 -> 14411 bytes
-rw-r--r--features/images/EvincePrintButton.pngbin0 -> 1085 bytes
-rw-r--r--features/images/EvincePrintDialog.pngbin2038 -> 1788 bytes
-rw-r--r--features/images/EvincePrintFileDialog.pngbin0 -> 1579 bytes
-rw-r--r--features/images/EvincePrintOutputFile.pngbin1088 -> 0 bytes
-rw-r--r--features/images/EvincePrintOutputFileButton.pngbin0 -> 2682 bytes
-rw-r--r--features/images/EvincePrintOutputFileSelected.pngbin1218 -> 0 bytes
-rw-r--r--features/images/EvinceUnableToOpen.pngbin7171 -> 9813 bytes
-rw-r--r--features/images/GeditWindow.pngbin1077 -> 2006 bytes
-rw-r--r--features/images/GnomeApplicationsAccessories.pngbin2204 -> 1025 bytes
-rw-r--r--features/images/GnomeApplicationsConfigurePersistentVolume.pngbin2735 -> 3214 bytes
-rw-r--r--features/images/GnomeApplicationsDeletePersistentVolume.pngbin2318 -> 2803 bytes
-rw-r--r--features/images/GnomeApplicationsGedit.pngbin1828 -> 2210 bytes
-rw-r--r--features/images/GnomeApplicationsI2PBrowser.pngbin2070 -> 3654 bytes
-rw-r--r--features/images/GnomeApplicationsInternet.pngbin1825 -> 507 bytes
-rw-r--r--features/images/GnomeApplicationsMenu.pngbin1440 -> 1604 bytes
-rw-r--r--features/images/GnomeApplicationsPidgin.pngbin1910 -> 3213 bytes
-rw-r--r--features/images/GnomeApplicationsSeahorse.pngbin2332 -> 3422 bytes
-rw-r--r--features/images/GnomeApplicationsSoundVideo.pngbin2517 -> 1431 bytes
-rw-r--r--features/images/GnomeApplicationsSynaptic.pngbin2816 -> 4219 bytes
-rw-r--r--features/images/GnomeApplicationsSystem.pngbin2797 -> 1313 bytes
-rw-r--r--features/images/GnomeApplicationsTails.pngbin1739 -> 498 bytes
-rw-r--r--features/images/GnomeApplicationsTailsInstaller.pngbin2096 -> 2127 bytes
-rw-r--r--features/images/GnomeApplicationsTerminal.pngbin1670 -> 2220 bytes
-rw-r--r--features/images/GnomeApplicationsTorBrowser.pngbin2586 -> 3750 bytes
-rw-r--r--features/images/GnomeApplicationsTotem.pngbin2683 -> 2703 bytes
-rw-r--r--features/images/GnomeApplicationsUnsafeBrowser.pngbin2996 -> 2255 bytes
-rw-r--r--features/images/GnomeApplicationsUtilities.pngbin0 -> 669 bytes
-rw-r--r--features/images/GnomeFileDiagTypeFilename.pngbin905 -> 1259 bytes
-rw-r--r--features/images/GnomePlaces.pngbin1055 -> 1056 bytes
-rw-r--r--features/images/GnomePlacesWithoutTorBrowserPersistent.pngbin5558 -> 5785 bytes
-rw-r--r--features/images/GnomeSystrayFlorence.pngbin596 -> 277 bytes
-rw-r--r--features/images/GnomeTorIsReady.pngbin1682 -> 0 bytes
-rw-r--r--features/images/GnomeWindowTitleBarRightEdge.pngbin0 -> 342 bytes
-rw-r--r--features/images/GpgAppletChooseKeyWindow.pngbin1315 -> 1410 bytes
-rw-r--r--features/images/GpgAppletIconEncrypted.pngbin826 -> 873 bytes
-rw-r--r--features/images/GpgAppletIconNormal.pngbin610 -> 655 bytes
-rw-r--r--features/images/GpgAppletIconSigned.pngbin899 -> 948 bytes
-rw-r--r--features/images/GpgAppletManageKeys.pngbin1408 -> 1494 bytes
-rw-r--r--features/images/GpgAppletResults.pngbin1580 -> 1699 bytes
-rw-r--r--features/images/GtkFileChooserDesktopButton.pngbin1832 -> 1684 bytes
-rw-r--r--features/images/I2P_router_console.pngbin3821 -> 3123 bytes
-rw-r--r--features/images/MemoryWipeCompleted.pngbin4864 -> 2302 bytes
-rw-r--r--features/images/PersistenceWizardDeletionStart.pngbin2598 -> 2781 bytes
-rw-r--r--features/images/PersistenceWizardDone.pngbin2950 -> 3195 bytes
-rw-r--r--features/images/PersistenceWizardPresets.pngbin4131 -> 4835 bytes
-rw-r--r--features/images/PersistenceWizardStart.pngbin3526 -> 3156 bytes
-rw-r--r--features/images/PersistenceWizardWindow.pngbin2915 -> 0 bytes
-rw-r--r--features/images/PidginAccountManagerCloseButton.pngbin997 -> 892 bytes
-rw-r--r--features/images/PidginAccountWindow.pngbin1473 -> 1385 bytes
-rw-r--r--features/images/PidginAccount_irc.oftc.net.pngbin1730 -> 2229 bytes
-rw-r--r--features/images/PidginCertificateAddButton.pngbin612 -> 545 bytes
-rw-r--r--features/images/PidginCertificateAddHostnameDialog.pngbin2885 -> 2864 bytes
-rw-r--r--features/images/PidginCertificateImportFailed.pngbin3756 -> 3741 bytes
-rw-r--r--features/images/PidginCertificateManagerDialog.pngbin2450 -> 2472 bytes
-rw-r--r--features/images/PidginCertificateTestItem.pngbin871 -> 803 bytes
-rw-r--r--features/images/PidginCertificatesMenuItem.pngbin1255 -> 1254 bytes
-rw-r--r--features/images/PidginConnecting.pngbin1717 -> 1621 bytes
-rw-r--r--features/images/PidginTailsChannelEntry.pngbin1363 -> 1510 bytes
-rw-r--r--features/images/PidginTailsChannelWelcome.pngbin1358 -> 1355 bytes
-rw-r--r--features/images/PidginTailsConversationTab.pngbin934 -> 926 bytes
-rw-r--r--features/images/PidginToolsMenu.pngbin648 -> 567 bytes
-rw-r--r--features/images/PolicyKitAuthCompleteFailure.pngbin3445 -> 3753 bytes
-rw-r--r--features/images/PolicyKitAuthFailure.pngbin1665 -> 1973 bytes
-rw-r--r--features/images/PolicyKitAuthPrompt.pngbin1633 -> 3059 bytes
-rw-r--r--features/images/PrintToFile.pngbin1440 -> 1365 bytes
-rw-r--r--features/images/SampleLocalMp4VideoFrame.pngbin3760 -> 14887 bytes
-rw-r--r--features/images/SampleRemoteWebMVideoFrame.pngbin10738 -> 31488 bytes
-rw-r--r--features/images/SeahorseEditPreferences.pngbin840 -> 987 bytes
-rw-r--r--features/images/SeahorseFindKeysWindow.pngbin2345 -> 2389 bytes
-rw-r--r--features/images/SeahorseImport.pngbin1387 -> 1295 bytes
-rw-r--r--features/images/SeahorseKeyResultWindow.pngbin2258 -> 3019 bytes
-rw-r--r--features/images/SeahorseRemoteMenu.pngbin888 -> 884 bytes
-rw-r--r--features/images/SeahorseRemoteMenuFind.pngbin1090 -> 1815 bytes
-rw-r--r--features/images/SeahorseRemoteMenuSync.pngbin1355 -> 2124 bytes
-rw-r--r--features/images/SeahorseSyncKeys.pngbin1709 -> 1738 bytes
-rw-r--r--features/images/SeahorseWindow.pngbin2508 -> 2467 bytes
-rw-r--r--features/images/SynapticApplyButton.pngbin0 -> 1483 bytes
-rw-r--r--features/images/SynapticApplyPrompt.pngbin3367 -> 3656 bytes
-rw-r--r--features/images/SynapticChangesAppliedPrompt.pngbin1732 -> 2122 bytes
-rw-r--r--features/images/SynapticCowsaySearchResult.pngbin1989 -> 2018 bytes
-rw-r--r--features/images/SynapticPackageList.pngbin4611 -> 3994 bytes
-rw-r--r--features/images/SynapticPolicyKitAuthPrompt.pngbin2568 -> 0 bytes
-rw-r--r--features/images/SynapticReloadButton.pngbin0 -> 1957 bytes
-rw-r--r--features/images/SynapticReloadPrompt.pngbin2665 -> 3404 bytes
-rw-r--r--features/images/SynapticSearch.pngbin1299 -> 0 bytes
-rw-r--r--features/images/SynapticSearchButton.pngbin0 -> 2073 bytes
-rw-r--r--features/images/SynapticSearchWindow.pngbin0 -> 715 bytes
-rw-r--r--features/images/TailsEmergencyShutdownButton.pngbin475 -> 485 bytes
-rw-r--r--features/images/TailsEmergencyShutdownHalt.pngbin548 -> 1233 bytes
-rw-r--r--features/images/TailsEmergencyShutdownReboot.pngbin704 -> 1150 bytes
-rw-r--r--features/images/TailsGreeter.pngbin2203 -> 1896 bytes
-rw-r--r--features/images/TailsGreeterAdminPassword.pngbin2019 -> 1754 bytes
-rw-r--r--features/images/TailsGreeterForward.pngbin1157 -> 1053 bytes
-rw-r--r--features/images/TailsGreeterLoginButton.pngbin885 -> 748 bytes
-rw-r--r--features/images/TailsGreeterMoreOptions.pngbin1482 -> 1355 bytes
-rw-r--r--features/images/TailsGreeterPersistence.pngbin1473 -> 1312 bytes
-rw-r--r--features/images/TailsGreeterPersistenceReadOnly.pngbin1559 -> 1394 bytes
-rw-r--r--features/images/TorBrowserAddressBar.pngbin2067 -> 1603 bytes
-rw-r--r--features/images/TorBrowserNoPlugins.pngbin3997 -> 3339 bytes
-rw-r--r--features/images/TorBrowserWindow.pngbin1630 -> 1253 bytes
-rw-r--r--features/images/TotemUnableToOpen.pngbin5492 -> 4010 bytes
-rw-r--r--features/images/USBCloneAndInstall.pngbin2066 -> 2071 bytes
-rw-r--r--features/images/USBCreateLiveUSB.pngbin1635 -> 2136 bytes
-rw-r--r--features/images/USBCreateLiveUSBConfirmWindow.pngbin2584 -> 3346 bytes
-rw-r--r--features/images/USBCreateLiveUSBConfirmYes.pngbin592 -> 640 bytes
-rw-r--r--features/images/USBInstallationComplete.pngbin1809 -> 2038 bytes
-rw-r--r--features/images/UnsafeBrowserAdvancedSettings.pngbin3069 -> 3071 bytes
-rw-r--r--features/images/UnsafeBrowserEditPreferences.pngbin1408 -> 1023 bytes
-rw-r--r--features/images/UnsafeBrowserPreferencesWindow.pngbin2663 -> 2677 bytes
-rw-r--r--features/images/UnsafeBrowserProxyRefused.pngbin4221 -> 4124 bytes
-rw-r--r--features/images/UnsafeBrowserProxySettings.pngbin1866 -> 2793 bytes
-rw-r--r--features/images/UnsafeBrowserStartNotification.pngbin3194 -> 2475 bytes
-rw-r--r--features/images/UnsafeBrowserStopNotification.pngbin4145 -> 2693 bytes
-rw-r--r--features/images/UnsafeBrowserWarnAlreadyRunning.pngbin2890 -> 2959 bytes
-rw-r--r--features/images/UnsafeBrowserWindow.pngbin1530 -> 2179 bytes
-rw-r--r--features/pidgin.feature1
-rw-r--r--features/step_definitions/apt.rb36
-rw-r--r--features/step_definitions/checks.rb30
-rw-r--r--features/step_definitions/common_steps.rb26
-rw-r--r--features/step_definitions/erase_memory.rb2
-rw-r--r--features/step_definitions/evince.rb6
-rw-r--r--features/step_definitions/pidgin.rb1
-rw-r--r--features/step_definitions/root_access_control.rb4
-rw-r--r--features/step_definitions/torified_gnupg.rb2
-rw-r--r--features/step_definitions/unsafe_browser.rb14
-rw-r--r--features/step_definitions/usb.rb61
-rw-r--r--features/support/helpers/misc_helpers.rb3
-rw-r--r--features/support/helpers/sikuli_helper.rb22
-rw-r--r--po/POTFILES.in2
-rw-r--r--po/POTFILES.skip4
-rwxr-xr-xrefresh-translations15
-rw-r--r--vagrant/lib/tails_build_settings.rb2
-rw-r--r--wiki/src/contribute/design.mdwn43
-rw-r--r--wiki/src/contribute/design/MAC_address.mdwn11
-rw-r--r--wiki/src/contribute/design/Time_syncing.mdwn7
-rw-r--r--wiki/src/contribute/design/application_isolation.mdwn4
-rw-r--r--wiki/src/contribute/design/incremental_upgrades.mdwn6
-rw-r--r--wiki/src/contribute/design/memory_erasure.mdwn37
-rw-r--r--wiki/src/contribute/design/stream_isolation.mdwn2
-rw-r--r--wiki/src/contribute/design/virtualization_support.mdwn8
-rw-r--r--wiki/src/contribute/release_process/test.mdwn7
-rw-r--r--wiki/src/contribute/release_process/test/automated_tests.mdwn2
-rw-r--r--wiki/src/doc/about/features.mdwn4
-rw-r--r--wiki/src/support/known_issues.mdwn12
323 files changed, 1996 insertions, 2001 deletions
diff --git a/auto/build b/auto/build
index 390ef3c..db64615 100755
--- a/auto/build
+++ b/auto/build
@@ -63,6 +63,7 @@ chmod go+rX config/chroot_local-includes/home
chmod go+rX config/chroot_local-includes/lib
chmod go+rX config/chroot_local-includes/lib/live
chmod -R go+rx config/chroot_local-includes/lib/live/config
+chmod -R go+rX config/chroot_local-includes/lib/systemd
chmod go+rX config/chroot_local-includes/live
chmod -R go+rX config/chroot_local-includes/usr
chmod -R go+rx config/chroot_local-includes/usr/local/bin
diff --git a/auto/config b/auto/config
index 661e64d..5f603ad 100755
--- a/auto/config
+++ b/auto/config
@@ -20,7 +20,7 @@ export LB_BOOTSTRAP_INCLUDE='eatmydata'
RUN_LB_CONFIG="lb config noauto"
# init config/ with defaults for the target distribution
-$RUN_LB_CONFIG --distribution wheezy ${@}
+$RUN_LB_CONFIG --distribution jessie ${@}
# set Amnesia's general options
$RUN_LB_CONFIG \
diff --git a/config/APT_overlays.d/feature-7756-reintroduce-whisperback b/config/APT_overlays.d/feature-7756-reintroduce-whisperback
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/config/APT_overlays.d/feature-7756-reintroduce-whisperback
diff --git a/config/base_branch b/config/base_branch
index d64531f..0d639f2 100644
--- a/config/base_branch
+++ b/config/base_branch
@@ -1 +1 @@
-devel
+feature/jessie
diff --git a/config/binary_local-hooks/10-syslinux_customize b/config/binary_local-hooks/10-syslinux_customize
index 214c487..2e3ccdb 100755
--- a/config/binary_local-hooks/10-syslinux_customize
+++ b/config/binary_local-hooks/10-syslinux_customize
@@ -56,5 +56,5 @@ sed -i -e '/^include stdmenu\.cfg/a include tails.cfg' "${CFG_FILE}"
# no need to use absolute paths to find splash images
sed -e 's,/isolinux/,,' -i "${SYSLINUX_PATH}/stdmenu.cfg"
-# remove useless files that break incremental upgrades on Wheezy
+# remove useless files that break incremental upgrades
rm "${SYSLINUX_PATH}"/{exithelp,prompt}.cfg
diff --git a/config/chroot_apt/preferences b/config/chroot_apt/preferences
index 4d156e1..a7fb45d 100644
--- a/config/chroot_apt/preferences
+++ b/config/chroot_apt/preferences
@@ -1,71 +1,7 @@
-Package: aircrack-ng
-Pin: release o=Debian Backports,n=wheezy-backports
-Pin-Priority: 999
-
-Package: amd64-microcode
-Pin: release o=Debian Backports,n=wheezy-backports
-Pin-Priority: 999
-
Package: b43-fwcutter
Pin: release o=Debian,a=unstable
Pin-Priority: 999
-Package: bilibop-common
-Pin: release o=Debian Backports,n=wheezy-backports
-Pin-Priority: 999
-
-Package: bilibop-udev
-Pin: release o=Debian Backports,n=wheezy-backports
-Pin-Priority: 999
-
-Package: cryptsetup
-Pin: release o=Debian Backports,n=wheezy-backports
-Pin-Priority: 999
-
-Package: cryptsetup-bin
-Pin: release o=Debian Backports,n=wheezy-backports
-Pin-Priority: 999
-
-Package: eatmydata
-Pin: release o=Debian Backports,n=wheezy-backports
-Pin-Priority: 999
-
-Package: libeatmydata1
-Pin: release o=Debian Backports,n=wheezy-backports
-Pin-Priority: 999
-
-Package: electrum
-Pin: release o=Debian Backports,n=wheezy-backports
-Pin-Priority: 999
-
-Package: florence
-Pin: release o=Debian Backports,n=wheezy-backports
-Pin-Priority: 999
-
-Package: gnupg-agent
-Pin: release o=Debian Backports,n=wheezy-backports
-Pin-Priority: 999
-
-Package: gnupg2
-Pin: release o=Debian Backports,n=wheezy-backports
-Pin-Priority: 999
-
-Package: hopenpgp-tools
-Pin: release o=Debian,n=jessie
-Pin-Priority: 999
-
-Package: iproute2
-Pin: origin o=Debian Backports,n=wheezy-backports
-Pin-Priority: -1
-
-Package: libffi6
-Pin: release o=Debian,n=jessie
-Pin-Priority: 999
-
-Package: poedit
-Pin: release o=Debian Backports,n=wheezy-backports
-Pin-Priority: 999
-
Package: firmware-atheros
Pin: release o=Debian,a=unstable
Pin-Priority: 999
@@ -118,24 +54,8 @@ Package: firmware-zd1211
Pin: release o=Debian,a=unstable
Pin-Priority: 999
-Package: initramfs-tools
-Pin: release o=Debian Backports,n=wheezy-backports
-Pin-Priority: 999
-
-Package: intel-microcode
-Pin: release o=Debian Backports,n=wheezy-backports
-Pin-Priority: 999
-
-Package: iucode-tool
-Pin: release o=Debian Backports,n=wheezy-backports
-Pin-Priority: 999
-
-Package: keyringer
-Pin: release o=Debian,n=jessie
-Pin-Priority: 999
-
-Package: libcryptsetup4
-Pin: release o=Debian Backports,n=wheezy-backports
+Package: libnet-dbus-perl
+Pin: release o=Debian Backports,n=jessie-backports
Pin-Priority: 999
Package: linux-base
@@ -202,65 +122,69 @@ Package: linux-kbuild-3.16
Pin: release o=Debian,n=jessie
Pin-Priority: 999
-Package: mat
-Pin: release o=Debian Backports,n=wheezy-backports
-Pin-Priority: 999
+Explanation: override the Wheezy-specific package from the devel APT suite
+Package: tor
+Pin: release o=TorProject,n=jessie
+Pin-Priority: 1006
-Package: monkeysign
-Pin: release o=Debian Backports,n=wheezy-backports
-Pin-Priority: 999
+Explanation: override the Wheezy-specific package from the devel APT suite
+Package: tor-geoipdb
+Pin: release o=TorProject,n=jessie
+Pin-Priority: 1006
-Package: obfs4proxy
-Pin: release o=TorProject,n=obfs4proxy
-Pin-Priority: 990
-
-Package: python-six
-Pin: release o=Debian Backports,n=wheezy-backports
-Pin-Priority: 999
-
-Package: python-slowaes
-Pin: release o=Debian Backports,n=wheezy-backports
+Package: ttdnsd
+Pin: release o=TorProject,a=unstable
Pin-Priority: 999
-Package: python-ecdsa
-Pin: release o=Debian Backports,n=wheezy-backports
-Pin-Priority: 999
+Explanation: override our Wheezy-specific package
+Package: apparmor*
+Pin: release o=Debian,n=jessie
+Pin-Priority: 1006
-Package: python-electrum
-Pin: release o=Debian Backports,n=wheezy-backports
-Pin-Priority: 999
+Explanation: override our Wheezy-specific package
+Package: libapparmor*
+Pin: release o=Debian,n=jessie
+Pin-Priority: 1006
-Package: scdaemon
-Pin: release o=Debian Backports,n=wheezy-backports
-Pin-Priority: 999
+Explanation: override our Wheezy-specific package
+Package: hledger
+Pin: release o=Debian,n=jessie
+Pin-Priority: 1006
-Package: seahorse-nautilus
-Pin: release o=Debian Backports,n=wheezy-backports
-Pin-Priority: 999
+Explanation: override the Wheezy-specific package from the devel APT suite
+Package: liveusb-creator
+Pin: release o=Tails,n=feature-jessie
+Pin-Priority: 1006
-Package: shared-mime-info
-Pin: release o=Debian Backports,n=wheezy-backports
-Pin-Priority: 999
+Explanation: override our Wheezy-specific package
+Package: python-dbus
+Pin: release o=Debian,n=jessie
+Pin-Priority: 1006
-Package: torsocks
-Pin: release o=Debian Backports,n=wheezy-backports
-Pin-Priority: 999
+Explanation: override our Wheezy-specific package
+Package: python-dbus-dev
+Pin: release o=Debian,n=jessie
+Pin-Priority: 1006
-Package: virtualbox-guest-dkms
-Pin: release o=Debian Backports,n=wheezy-backports
-Pin-Priority: 999
+Explanation: override the Wheezy-specific package from the devel APT suite
+Package: tails-greeter
+Pin: release o=Tails,n=feature-jessie
+Pin-Priority: 1006
-Package: virtualbox-guest-utils
-Pin: release o=Debian Backports,n=wheezy-backports
-Pin-Priority: 999
+Explanation: override the Wheezy-specific package from the devel APT suite
+Package: tails-perl5lib
+Pin: release o=Tails,n=feature-jessie
+Pin-Priority: 1006
-Package: virtualbox-guest-x11
-Pin: release o=Debian Backports,n=wheezy-backports
-Pin-Priority: 999
+Explanation: override the Wheezy-specific package from the devel APT suite
+Package: tails-persistence-setup
+Pin: release o=Tails,n=feature-jessie
+Pin-Priority: 1006
-Package: ttdnsd
-Pin: release o=TorProject,a=unstable
-Pin-Priority: 999
+Explanation: override our Wheezy-specific package
+Package: xserver-xorg-input-evdev
+Pin: release o=Debian,n=jessie
+Pin-Priority: 1006
Explanation: weirdness in chroot_apt install-binary
Package: *
@@ -272,24 +196,16 @@ Pin: origin deb.tails.boum.org
Pin-Priority: 1005
Package: *
-Pin: release o=Debian,n=wheezy-updates
-Pin-Priority: 990
-
-Package: *
Pin: release o=Debian,n=jessie-updates
-Pin-Priority: 500
-
-Package: *
-Pin: release o=Debian,n=wheezy
Pin-Priority: 990
Package: *
-Pin: release o=TorProject,n=wheezy
+Pin: release o=Debian,n=jessie
Pin-Priority: 990
Package: *
-Pin: release o=Debian Backports,n=wheezy-backports
-Pin-Priority: 200
+Pin: release o=TorProject,n=jessie
+Pin-Priority: 990
Package: *
Pin: origin live.debian.net
diff --git a/config/chroot_local-hooks/04-change-gids-and-uids b/config/chroot_local-hooks/04-change-gids-and-uids
new file mode 100755
index 0000000..6fb78e4
--- /dev/null
+++ b/config/chroot_local-hooks/04-change-gids-and-uids
@@ -0,0 +1,19 @@
+#!/bin/sh
+
+set -e
+
+# Free the fixed GIDs and UIDs we're using.
+
+echo "Change GIDs and UIDs"
+
+TPS_GROUP_STEALER=$(getent group 122 | awk -F ':' '{print $1}')
+if [ -n "$TPS_GROUP_STEALER" ]; then
+ groupmod --gid 150 "$TPS_GROUP_STEALER"
+ find / -wholename /proc -prune -o \( \! -type l -a -gid 122 -exec chgrp 150 '{}' \; \)
+fi
+
+TPS_USER_STEALER=$(getent passwd 115 | awk -F ':' '{print $1}')
+if [ -n "$TPS_USER_STEALER" ]; then
+ usermod --uid 150 "$TPS_USER_STEALER"
+ find / -wholename /proc -prune -o \( \! -type l -a -gid 115 -exec chgrp 150 '{}' \; \)
+fi
diff --git a/config/chroot_local-hooks/10-tbb b/config/chroot_local-hooks/10-tbb
index 7626af3..3850567 100755
--- a/config/chroot_local-hooks/10-tbb
+++ b/config/chroot_local-hooks/10-tbb
@@ -59,7 +59,9 @@ install_tor_browser() {
done
# The libstdc++6 package in Wheezy is too old, so we need the
- # bundled one.
+ # bundled one. And even if it the one in Jessie isn't too old
+ # for the time being, better run Tor Browser with the library
+ # it's meant to work with.
cp "${prep}"/TorBrowser/Tor/libstdc++.so.6 "${prep}"
# We don't need the Tor binary, the shared libraries Tor needs
diff --git a/config/chroot_local-hooks/21-gdm_background b/config/chroot_local-hooks/21-gdm_background
deleted file mode 100755
index 5c03256..0000000
--- a/config/chroot_local-hooks/21-gdm_background
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/bin/sh
-
-set -e
-
-echo "Setting GDM background"
-
-# The gdm3 initscript updates /var/lib/gdm3/.gconf.mandatory/ at
-# runtime from files in /usr/share/gdm/greeter-config/ => let's remove
-# the file that deals with background pictures, so that tails-greeter
-# gets the less flashy default background that's already used in the
-# desktop session.
-
-rm /usr/share/gdm/dconf/10-desktop-base-settings
diff --git a/config/chroot_local-hooks/21-gdm_unit_file b/config/chroot_local-hooks/21-gdm_unit_file
new file mode 100755
index 0000000..f618a02
--- /dev/null
+++ b/config/chroot_local-hooks/21-gdm_unit_file
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+set -e
+
+echo "Making GDM *not* restart automatically"
+
+# The GDM unit file has a Restart=always directive, which is good in the
+# general case. However, it breaks our emergency shutdown on boot medium
+# removal feature. Let's disable it, then.
+
+perl -pi -E 's{^Restart=.*$}{Restart=no}' /lib/systemd/system/gdm.service
diff --git a/config/chroot_local-hooks/22-plymouth b/config/chroot_local-hooks/22-plymouth
new file mode 100755
index 0000000..83b14fe
--- /dev/null
+++ b/config/chroot_local-hooks/22-plymouth
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+set -e
+
+# Install Plymouth (in lb 2.x, the "standard" packages list pulls
+# console-common in, which plymouth conflicts with, so we have to deal
+# with that at this stage.)
+
+echo "Installing Plymouth"
+
+apt-get --yes purge console-common
+apt-get --yes install plymouth
diff --git a/config/chroot_local-hooks/23-fake-gnome-backgrounds b/config/chroot_local-hooks/23-fake-gnome-backgrounds
new file mode 100755
index 0000000..a54bd9b
--- /dev/null
+++ b/config/chroot_local-hooks/23-fake-gnome-backgrounds
@@ -0,0 +1,34 @@
+#!/bin/sh
+
+set -eu
+
+echo "Install a fake gnome-backgrounds package"
+
+tmp="$(mktemp -d)"
+
+apt-get install --yes equivs
+
+REAL_PKG_VERSION=$(dpkg-query -W -f='${Version}\n' gnome-backgrounds)
+FAKE_PKG_VERSION=${REAL_PKG_VERSION}+tails.fake1
+
+cat > "${tmp}"/gnome-backgrounds.control << EOF
+Section: gnome
+Priority: optional
+Homepage: https://tails.boum.org/
+Standards-Version: 3.9.6
+
+Package: gnome-backgrounds
+Version: ${FAKE_PKG_VERSION}
+Maintainer: Tails developers <amnesia@boum.org>
+Architecture: all
+Description: (Fake) gnome-backgrounds
+ Make it possible to install gnome-shell without having to
+ install a real gnome-backgrounds package.
+EOF
+
+(
+ cd "${tmp}"
+ equivs-build "${tmp}"/gnome-backgrounds.control
+ dpkg -i "${tmp}"/gnome-backgrounds_"${FAKE_PKG_VERSION}"_all.deb
+)
+rm -R "${tmp}"
diff --git a/config/chroot_local-hooks/40-etc_modules b/config/chroot_local-hooks/40-etc_modules
index 0990509..26f7fdf 100755
--- a/config/chroot_local-hooks/40-etc_modules
+++ b/config/chroot_local-hooks/40-etc_modules
@@ -4,6 +4,6 @@ set -e
echo "Adding cpufreq modules to /etc/modules"
-for module in acpi-cpufreq cpufreq_powersave dm-mod ; do
+for module in cpufreq_powersave dm-mod ; do
echo "${module}" >> /etc/modules
done
diff --git a/config/chroot_local-hooks/44-configure_console-setup b/config/chroot_local-hooks/44-configure_console-setup
new file mode 100755
index 0000000..932619e
--- /dev/null
+++ b/config/chroot_local-hooks/44-configure_console-setup
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+set -e
+
+echo "Configuring the console codeset to support more languages"
+
+sed -i -e 's,^CODESET=.*$,CODESET="Uni1",' /etc/default/console-setup
diff --git a/config/chroot_local-hooks/45-disable-unneeded-dbus-services b/config/chroot_local-hooks/45-disable-unneeded-dbus-services
new file mode 100755
index 0000000..c9b5c94
--- /dev/null
+++ b/config/chroot_local-hooks/45-disable-unneeded-dbus-services
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+set -e
+
+echo "Disabling unneeded D-Bus services"
+
+SERVICES_DIR=/usr/share/dbus-1/services
+
+[ -d "${SERVICES_DIR}" ] || exit 11
+
+sed -i'' 's,^Exec=.*$,Exec=/bin/false,' \
+ "${SERVICES_DIR}"/org.gnome.evolution.dataserver.*.service \
+ "${SERVICES_DIR}"/org.gnome.Shell.CalendarServer.service \
+ "${SERVICES_DIR}"/org.freedesktop.Telepathy.AccountManager.service \
+ "${SERVICES_DIR}"/org.freedesktop.Telepathy.MissionControl5.service
diff --git a/config/chroot_local-hooks/46-configure-htpdate b/config/chroot_local-hooks/46-configure-htpdate
new file mode 100755
index 0000000..ccc6040
--- /dev/null
+++ b/config/chroot_local-hooks/46-configure-htpdate
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+set -e
+
+echo "Configuring htpdate HTTP User-Agent"
+
+CONFFILE='/etc/default/htpdate.user-agent'
+
+install -o root -g root -m 0644 /dev/null "$CONFFILE"
+
+echo "HTTP_USER_AGENT=\"$(/usr/local/bin/getTorBrowserUserAgent)\"" \
+ > "$CONFFILE"
diff --git a/config/chroot_local-hooks/50-dkms b/config/chroot_local-hooks/50-dkms
new file mode 100755
index 0000000..4e928e2
--- /dev/null
+++ b/config/chroot_local-hooks/50-dkms
@@ -0,0 +1,50 @@
+#!/bin/sh
+
+set -e
+
+echo "Building DKMS modules"
+
+hw_arch="`dpkg --print-architecture`"
+if [ "$hw_arch" != i386 -a "$hw_arch" != amd64 ]; then
+ exit 0
+fi
+
+gcc_version=4.8
+
+# the -dkms package must be installed *after* dkms to be properly registered
+apt-get install --yes build-essential dkms dpatch
+apt-get install --yes gcc-${gcc_version}
+
+apt-get install --yes virtualbox-guest-utils virtualbox-guest-x11
+
+for MODULE in virtualbox-guest broadcom-sta ; do
+
+ apt-get install --yes $MODULE-dkms
+
+ # Have the modules built for every installed kernel
+ for KERNEL in /boot/vmlinuz-* ; do
+ KERNEL_VERSION="$(basename ${KERNEL} | sed -e 's|vmlinuz-||')"
+ MODULES_VERSION="$(dpkg-query -W -f='${Version\n}' virtualbox-guest-dkms)"
+
+ # Installing the headers should trigger the building of the modules for that kernel
+ apt-get install --yes linux-headers-$KERNEL_VERSION
+ # Only build and install if it was not done already
+ if [ ! "$(dkms status -k $KERNEL_VERSION -m $MODULE -v $MODULES_VERSION)" ]; then
+ dkms build -k $KERNEL_VERSION -m $MODULE -v $MODULES_VERSION
+ dkms install -k $KERNEL_VERSION -m $MODULE -v $MODULES_VERSION
+ fi
+
+ done
+
+ # clean the build directory
+ rm -r /var/lib/dkms/$MODULE/
+
+ # virtualbox-guest-dkms's postrm script deletes any previously
+ # built binary module; let's delete it before the package gets purged.
+ rm /var/lib/dpkg/info/$MODULE-dkms.prerm
+
+done
+
+# Also copy the udev rules installed by virtualbox-guest-dkms to enable guest
+# additions by default.
+cp -a /lib/udev/rules.d/60-virtualbox-guest-dkms.rules /etc/udev/rules.d/
diff --git a/config/chroot_local-hooks/50-fine-tune-syndaemon b/config/chroot_local-hooks/50-fine-tune-syndaemon
deleted file mode 100755
index 692b7c6..0000000
--- a/config/chroot_local-hooks/50-fine-tune-syndaemon
+++ /dev/null
@@ -1,26 +0,0 @@
-#!/bin/sh
-
-# XXX: This hook is only needed in Wheezy-based Tails to fix #9011 and
-# should be removed once Tails is based on Jessie.
-
-set -e
-
-echo "Fune-tuning syndaemon"
-
-SYNDAEMON_PATH="/usr/bin/syndaemon"
-SYNDAEMON_ORIG_PATH="${SYNDAEMON_PATH}.distrib"
-
-dpkg-divert --rename --add "${SYNDAEMON_PATH}"
-[ -x "${SYNDAEMON_ORIG_PATH}" ] || exit 1
-
-cat > "${SYNDAEMON_PATH}" <<EOF
-#!/bin/sh
-
-# Temporary workaround for #9011 while Tails is based on Wheezy.
-if ! echo "\${@}" | grep -qw -- "-t"; then
- set -- "\${@}" -t
-fi
-exec ${SYNDAEMON_ORIG_PATH} "\${@}"
-EOF
-
-chmod a+rx "${SYNDAEMON_PATH}"
diff --git a/config/chroot_local-hooks/50-virtualbox b/config/chroot_local-hooks/50-virtualbox
deleted file mode 100755
index 937c00c..0000000
--- a/config/chroot_local-hooks/50-virtualbox
+++ /dev/null
@@ -1,75 +0,0 @@
-#!/bin/sh
-
-set -e
-
-echo "Building VirtualBox guest modules"
-
-hw_arch="`dpkg --print-architecture`"
-if [ "$hw_arch" != i386 -a "$hw_arch" != amd64 ]; then
- exit 0
-fi
-
-available_gcc_version=4.7
-wanted_gcc_version=4.8
-
-# the -dkms package must be installed *after* dkms to be properly registered
-apt-get install --yes build-essential dkms dpatch
-
-# temporary workaround: pretend the "wanted" GCC is available, so that
-# the modules can build.
-# /usr/src/linux-headers-3.*-common/scripts/gcc-version.sh
-# is the one who says they should be run using that version.
-apt-get install --yes gcc-${available_gcc_version}
-
-# Create and install fake GCC package
-apt-get install --yes equivs
-cat > /root/gcc-${wanted_gcc_version}.control << EOF
-Section: devel
-Priority: optional
-Homepage: https://tails.boum.org/
-Standards-Version: 3.6.2
-
-Package: gcc-${wanted_gcc_version}
-Maintainer: Tails developers <amnesia@boum.org>
-Architecture: all
-Description: (Fake) GNU C compiler
- Work around the fact that our Linux headers depend on gcc-${wanted_gcc_version},
- which is unavailable on Wheezy.
-EOF
-cd /root ; equivs-build /root/gcc-${wanted_gcc_version}.control
-dpkg -i gcc-${wanted_gcc_version}_1.0_all.deb
-ln -sf /usr/bin/gcc-${available_gcc_version} /usr/bin/gcc-${wanted_gcc_version}
-rm /root/gcc-${wanted_gcc_version}.control /root/gcc-${wanted_gcc_version}_1.0_all.deb
-
-# Versions of the module prior to 4.2 do not built on 3.8 and later [Debian #704130].
-# Install version from Wheezy backports.
-apt-get install --yes virtualbox-guest-utils virtualbox-guest-dkms virtualbox-guest-x11
-
-# Have the modules built for every installed kernel
-for KERNEL in /boot/vmlinuz-* ; do
- KERNEL_VERSION="$(basename ${KERNEL} | sed -e 's|vmlinuz-||')"
- MODULES_VERSION="$(dpkg-query -W -f='${Version\n}' virtualbox-guest-dkms)"
-
- # Installing the headers should trigger the building of the modules for that kernel
- apt-get install --yes linux-headers-$KERNEL_VERSION
- # Only build and install if it was not done already
- if [ ! "$(dkms status -k $KERNEL_VERSION -m virtualbox-guest -v $MODULES_VERSION)" ]; then
- dkms build -k $KERNEL_VERSION -m virtualbox-guest -v $MODULES_VERSION
- dkms install -k $KERNEL_VERSION -m virtualbox-guest -v $MODULES_VERSION
- fi
-
-done
-
-# clean the build directory
-rm -r /var/lib/dkms/virtualbox-guest/
-
-# virtualbox-guest-dkms's postrm script deletes any previously
-# built binary module; let's delete it before the package gets purged.
-rm /var/lib/dpkg/info/virtualbox-guest-dkms.prerm
-
-# Also copy the udev rules installed by virtualbox-guest-dkms to enable guest
-# additions by default.
-cp -a /lib/udev/rules.d/60-virtualbox-guest-dkms.rules /etc/udev/rules.d/
-
-# remove temporary workaround
-rm /usr/bin/gcc-${wanted_gcc_version}
diff --git a/config/chroot_local-hooks/52-udev-watchdog b/config/chroot_local-hooks/52-udev-watchdog
index e003934..504013a 100755
--- a/config/chroot_local-hooks/52-udev-watchdog
+++ b/config/chroot_local-hooks/52-udev-watchdog
@@ -11,7 +11,7 @@ apt-get install --yes build-essential binutils libudev-dev
SRC="/usr/src/udev-watchdog.c"
DST="/usr/local/sbin/udev-watchdog"
-gcc -o "$DST" "$SRC" -static -Wall -ludev -lrt
+gcc -o "$DST" "$SRC" -Wall -ludev -lrt
strip --strip-all "$DST"
apt-get --yes purge libudev-dev
diff --git a/config/chroot_local-hooks/52-update-rc.d b/config/chroot_local-hooks/52-update-rc.d
index 47332f9..372994c 100755
--- a/config/chroot_local-hooks/52-update-rc.d
+++ b/config/chroot_local-hooks/52-update-rc.d
@@ -3,30 +3,17 @@
set -e
CUSTOM_INITSCRIPTS="
-tails-autotest-remote-shell
-tails-detect-virtualization
-tails-kexec
-tails-reconfigure-kexec
-tails-reconfigure-memlockd
-tails-sdmem-on-media-removal
-tails-set-wireless-devices-state
-tor-controlport-filter
"
PATCHED_INITSCRIPTS="
-alsa-utils
gdomap
haveged
hdparm
hwclock.sh
i2p
-kexec
kexec-load
laptop-mode
memlockd
-network-manager
-plymouth
-pulseaudio
resolvconf
saned
spice-vdagent
@@ -34,12 +21,6 @@ tor
ttdnsd
"
-# Ensure that we are using dependency based boot
-if ! dpkg -s insserv >/dev/null 2>&1 || [ -f /etc/init.d/.legacy-bootordering ]; then
- echo "Dependency based boot sequencing is not configured. Aborting." >&2
- exit 1
-fi
-
echo "Configuring boot sequence"
# The patches to adjust the runlevels are applied to the chroot
@@ -49,3 +30,47 @@ insserv -r $PATCHED_INITSCRIPTS
# Re-install overriden initscripts and install our custom ones.
insserv $PATCHED_INITSCRIPTS $CUSTOM_INITSCRIPTS
+
+### Tweak systemd unit files
+
+# Workaround for https://bugs.debian.org/714957
+systemctl enable memlockd.service
+
+# Enable our own systemd unit files
+systemctl enable tails-autotest-remote-shell.service
+systemctl enable tails-reconfigure-kexec.service
+systemctl enable tails-reconfigure-memlockd.service
+systemctl enable tails-sdmem-on-media-removal.service
+systemctl enable tails-set-wireless-devices-state.service
+systemctl enable tails-wait-until-tor-has-bootstrapped.service
+systemctl enable tor-controlport-filter.service
+
+# Enable our own systemd user unit files
+systemctl --global enable tails-add-GNOME-bookmarks.service
+systemctl --global enable tails-configure-keyboard.service
+systemctl --global enable tails-create-tor-browser-directories.service
+systemctl --global enable tails-security-check.service
+systemctl --global enable tails-upgrade-frontend.service
+systemctl --global enable tails-virt-notify-user.service
+systemctl --global enable tails-wait-until-tor-has-bootstrapped.service
+systemctl --global enable tails-warn-about-disabled-persistence.service
+
+# Use socket activation only, to save a bit of memory and boot time
+systemctl disable cups.service
+systemctl enable cups.socket
+
+# We're starting NetworkManager ourselves
+systemctl disable NetworkManager.service
+systemctl disable NetworkManager-wait-online.service
+
+# Don't hide tails-kexec's shutdown messages with an empty splash screen
+for suffix in halt kexec poweroff reboot shutdown ; do
+ systemctl mask "plymouth-${suffix}.service"
+done
+
+# systemd-networkd fallbacks to Google's nameservers when no other nameserver
+# is provided by the network configuration. In Jessie, this service is disabled
+# by default, but it feels safer to make this explicit. Besides, it might be
+# that systemd-networkd vs. firewall setup ordering is suboptimal in this respect,
+# so let's avoid any risk of DNS leaks here.
+systemctl mask systemd-networkd.service
diff --git a/config/chroot_local-hooks/80-block-network b/config/chroot_local-hooks/80-block-network
index f6b4dd0..fe1894e 100755
--- a/config/chroot_local-hooks/80-block-network
+++ b/config/chroot_local-hooks/80-block-network
@@ -4,7 +4,8 @@ set -e
echo "Generating blocklist for all network devices"
-find /lib/modules/*/kernel/drivers/net \
- -name "*.ko" -printf "blacklist %f\n" | \
- sed 's/\.ko$//' | \
- sort -u > /etc/modprobe.d/all-net-blacklist.conf
+( echo 'blacklist wl' ;
+ find /lib/modules/*/kernel/drivers/net \
+ -name "*.ko" -printf "blacklist %f\n" | \
+ sed 's/\.ko$//'
+) | sort -u > /etc/modprobe.d/all-net-blacklist.conf
diff --git a/config/chroot_local-hooks/98-remove_unwanted_files b/config/chroot_local-hooks/98-remove_unwanted_files
index d69dad6..030e03f 100755
--- a/config/chroot_local-hooks/98-remove_unwanted_files
+++ b/config/chroot_local-hooks/98-remove_unwanted_files
@@ -18,6 +18,9 @@ rm $POTFILES_DOT_IN
# (by the 10-tbb hook)
rm /usr/share/tails/tbb-*.txt
+# Prevent races between MAC spoofing and interface naming
+rm /lib/udev/rules.d/75-persistent-net-generator.rules
+
# Remove the snakeoil SSL key pair generated by ssl-cert
find /etc/ssl/certs /etc/ssl/private |
while read f; do
diff --git a/config/chroot_local-hooks/98-remove_unwanted_packages b/config/chroot_local-hooks/98-remove_unwanted_packages
index a417d41..4623ad5 100755
--- a/config/chroot_local-hooks/98-remove_unwanted_packages
+++ b/config/chroot_local-hooks/98-remove_unwanted_packages
@@ -8,20 +8,21 @@ echo "Removing unwanted packages"
# We use apt-get as aptitude doesn't know about globs.
# There are packages we could be tempted to remove but we can't:
-# - gcc-4.7-base (libstdc++6 depends on it)
+# - gcc-*-base (libstdc++6 depends on it)
# - libgcc1 (vidalia depends on it)
-# - cpp, cpp-4.4 (big parts of GNOME depend on it)
+# - cpp, cpp-* (big parts of GNOME depend on it)
apt-get --yes purge \
'^linux-kbuild-*' \
'^linux-headers-*' \
build-essential debhelper dkms dpatch dpkg-dev \
- gcc gcc-4.7 gcc-4.8 \
+ gcc gcc-4.8 gcc-4.8-base gcc-4.9 \
intltool-debian \
libc6-dev libgl1-mesa-dev libstdc++6-4.4-dev linux-libc-dev \
make \
module-assistant \
po-debconf \
- equivs virtualbox-guest-dkms
+ rsyslog \
+ equivs broadcom-sta-dkms virtualbox-guest-dkms
### Deinstall a few unwanted packages that were pulled by tasksel
### since they have Priority: standard.
@@ -34,6 +35,7 @@ apt-get --yes purge \
apt-get --yes purge \
'^aptitude*' \
db5.1-util \
+ '^geoclue*' \
krb5-locales \
live-build \
locales \
diff --git a/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/01-wait-for-NM-applet.sh b/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/01-wait-for-notification-recipient.sh
index 6f68e81..6f744d2 100755
--- a/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/01-wait-for-NM-applet.sh
+++ b/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/01-wait-for-notification-recipient.sh
@@ -1,6 +1,6 @@
#!/bin/sh
-# When a non-loopback interface comes up, wait for the Live user's nm-applet
+# When a non-loopback interface comes up, wait for the Live user's GNOME Shell
# to come up. Wait 120 times one second maximum.
[ "$1" != "lo" ] || exit 0
@@ -12,7 +12,7 @@ MAX_WAIT=120
. /etc/live/config.d/username.conf
for i in $(seq 1 ${MAX_WAIT}) ; do
- if pgrep -u "${LIVE_USERNAME}" nm-applet >/dev/null 2>&1 ; then
+ if pgrep -u "${LIVE_USERNAME}" '^ibus-daemon' >/dev/null 2>&1 ; then
break
fi
sleep 1
diff --git a/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/20-time.sh b/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/20-time.sh
index 368e70d..3cda6d5 100755
--- a/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/20-time.sh
+++ b/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/20-time.sh
@@ -213,6 +213,9 @@ is_clock_way_off() {
start_notification_helper() {
export DISPLAY=':0.0'
export XAUTHORITY="$(echo /var/run/gdm3/auth-for-$LIVE_USERNAME-*/database)"
+ GNOME_SHELL_PID="$(pgrep --newest --euid ${LIVE_USERNAME} gnome-shell)"
+ export "$(tr '\0' '\n' < /proc/${GNOME_SHELL_PID}/environ | \
+ grep '^DBUS_SESSION_BUS_ADDRESS=')"
exec /bin/su -c /usr/local/bin/tails-htp-notify-user "$LIVE_USERNAME" &
}
@@ -257,5 +260,5 @@ fi
touch $TORDATE_DONE_FILE
log "Restarting htpdate"
-service htpdate restart
+systemctl restart htpdate.service
log "htpdate service restarted with return code $?"
diff --git a/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/60-tor-ready.sh b/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/60-tor-ready.sh
index 7e1c22ed..9b748fd 100755
--- a/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/60-tor-ready.sh
+++ b/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/60-tor-ready.sh
@@ -19,12 +19,8 @@ export LANG
TEXTDOMAIN="tails"
export TEXTDOMAIN
-tor_has_bootstrapped() {
- sudo -n -u debian-tor /usr/local/sbin/tor-has-bootstrapped
-}
-
-while ! tor_has_bootstrapped; do
- sleep 10
+while ! /usr/local/sbin/tor-has-bootstrapped; do
+ sleep 1
done
# We now know that whatever Tor settings we are using works, so if Tor
diff --git a/config/chroot_local-includes/etc/X11/Xsession.d/56gnome-classic b/config/chroot_local-includes/etc/X11/Xsession.d/56gnome-classic
new file mode 100644
index 0000000..87054e1
--- /dev/null
+++ b/config/chroot_local-includes/etc/X11/Xsession.d/56gnome-classic
@@ -0,0 +1,4 @@
+if [ "$(whoami)" = amnesia ]; then
+ export GNOME_SHELL_SESSION_MODE=classic
+fi
+
diff --git a/config/chroot_local-includes/etc/X11/Xsession.d/80im-starter b/config/chroot_local-includes/etc/X11/Xsession.d/80im-starter
deleted file mode 100644
index 7a55c5a..0000000
--- a/config/chroot_local-includes/etc/X11/Xsession.d/80im-starter
+++ /dev/null
@@ -1,57 +0,0 @@
-#!/bin/sh
-
-# Configure IBus with sensible settings for use in Tails,
-# and with the correct default engine for the user's login locale.
-
-# The IBus engine is only started if required by the login locale,
-# as it is known to interfer with keyboard shortcuts in some locales.
-
-# The environment variables are exported however, so the user can
-# start IBus manually using the launcher "IBus Preferences"
-# in the System->Preferences menu.
-
-# XXX: This script may not be needed anymore when Tails
-# is based on GNOME 3.6 or newer (which is in Debian Jessie).
-# https://help.gnome.org/misc/release-notes/3.6/i18n-ibus.html
-
-
-# Deside order in which input methods are preferred
-# (chinese needs pinyin, japanese needs anthy, korean needs hangul,
-# vietnamese needs Unikey)
-# (bopomofo is an alternative input method for chinese)
-LANGPREFIX=`echo "$LANG" | sed 's/_.*//'`
-PREFLIST='[pinyin,anthy,hangul,Unikey,bopomofo]'
-NEEDIBUS='n'
-
-case "$LANGPREFIX" in
- ja)
- PREFLIST='[anthy,pinyin,hangul,Unikey,bopomofo]'
- NEEDIBUS='y'
- ;;
- ko)
- PREFLIST='[hangul,pinyin,anthy,Unikey,bopomofo]'
- NEEDIBUS='y'
- ;;
- vi)
- PREFLIST='[Unikey,pinyin,anthy,hangul,bopomofo]'
- NEEDIBUS='y'
- ;;
- zh)
- PREFLIST='[pinyin,bopomofo,anthy,hangul,Unikey]'
- NEEDIBUS='y'
- ;;
-esac
-
-# Configure enabled input methods and their preferred order
-gconftool-2 --type=list --list-type=string --set \
- /desktop/ibus/general/preload_engines "$PREFLIST"
-
-# Export environment variables to enable use of IBus
-export GTK_IM_MODULE='ibus'
-export QT_IM_MODULE='ibus'
-export XMODIFIERS='@im=ibus'
-
-# Start the IBus input method daemon, if required by locale
-if [ "$NEEDIBUS" = 'y' ]; then
- /usr/bin/ibus-daemon --daemonize --xim
-fi
diff --git a/config/chroot_local-includes/etc/X11/xorg.conf.d/disable-screen-blanking.conf b/config/chroot_local-includes/etc/X11/xorg.conf.d/disable-screen-blanking.conf
deleted file mode 100644
index ee5677a..0000000
--- a/config/chroot_local-includes/etc/X11/xorg.conf.d/disable-screen-blanking.conf
+++ /dev/null
@@ -1,6 +0,0 @@
-# XXX: Remove this file when rebasing Tails on Jessie.
-Section "ServerFlags"
- Option "BlankTime" "0"
- Option "StandbyTime" "0"
- Option "SuspendTime" "0"
-EndSection
diff --git a/config/chroot_local-includes/etc/dconf/db/local.d/00_Tails_defaults b/config/chroot_local-includes/etc/dconf/db/local.d/00_Tails_defaults
index 7b95592..7e186ae 100644
--- a/config/chroot_local-includes/etc/dconf/db/local.d/00_Tails_defaults
+++ b/config/chroot_local-includes/etc/dconf/db/local.d/00_Tails_defaults
@@ -2,6 +2,9 @@
hide-on-start=true
startup-notification=false
+[apps/florence/controller]
+floaticon=false
+
[apps/florence/layout]
style='/usr/share/florence/styles/hard'
@@ -21,14 +24,18 @@ sidebar-visible=true
[desktop/gnome/crypto/pgp]
keyservers = ['hkp://pool.sks-keyservers.net']
+[org/gnome/desktop/a11y]
+always-show-universal-access-status=true
+
[org/gnome/desktop/session]
-session-name='gnome-fallback'
+session-name='gnome-classic'
[org/gnome/desktop/background]
show-desktop-icons = true
picture-uri='file:///usr/share/tails/desktop_wallpaper.png'
[org/gnome/desktop/interface]
+clock-show-date=true
menus-have-icons=true
[org/gnome/libgnomekbd/keyboard]
@@ -36,11 +43,19 @@ options=['grp\tgrp:shifts_toggle', 'grp\tgrp:alt_shift_toggle']
[org/gnome/desktop/lockdown]
disable-lock-screen = true
+disable-log-out = true
disable-user-switching = true
[org/gnome/desktop/media-handling]
automount = false
automount-open = false
+autorun-x-content-start-app = @as []
+autorun-x-content-ignore = @as []
+
+[org/gnome/desktop/screensaver]
+lock-enabled = false
+picture-uri = 'file:///usr/share/tails/screensaver_background.png'
+user-switch-enabled = false
[org/gnome/desktop/sound]
event-sounds=false
@@ -66,5 +81,10 @@ critical-battery-action = 'shutdown'
lid-close-ac-action = 'blank'
lid-close-battery-action = 'blank'
-[org/gnome/gnome-screenshot]
-auto-save-directory = 'file:///home/amnesia'
+[org/gnome/settings-daemon/plugins/xsettings]
+antialiasing = 'rgba'
+hinting = 'slight'
+
+[org/gnome/shell]
+enabled-extensions = ['alternative-status-menu@gnome-shell-extensions.gcampax.github.com', 'topIcons@adel.gadllah@gmail.com', 'shutdown-helper@tails.boum.org']
+favorite-apps=['tor-browser.desktop', 'claws-mail.desktop', 'pidgin.desktop', 'keepassx.desktop', 'gnome-terminal.desktop']
diff --git a/config/chroot_local-includes/etc/default/htpdate b/config/chroot_local-includes/etc/default/htpdate.pools
index 9faf161..68b79b4 100644
--- a/config/chroot_local-includes/etc/default/htpdate
+++ b/config/chroot_local-includes/etc/default/htpdate.pools
@@ -1,4 +1,3 @@
HTP_POOL_PAL="boum.org,chavez.indymedia.org,db.debian.org,epic.org,mail.riseup.net,sarava.org,squat.net,tachanka.org,www.1984.is,www.eff.org,www.immerda.ch,www.privacyinternational.org,www.torproject.org"
HTP_POOL_NEUTRAL="cve.mitre.org,en.wikipedia.org,lkml.org,thepiratebay.org,www.apache.org,www.centos.org,www.democracynow.org,www.duckduckgo.com,www.gnu.org,www.kernel.org,www.mozilla.org,www.stackexchange.com,www.startpage.com,www.xkcd.com"
HTP_POOL_FOE="encrypted.google.com,github.com,login.live.com,login.yahoo.com,secure.flickr.com,tumblr.com,twitter.com,www.adobe.com,www.gandi.net,www.myspace.com,www.paypal.com,www.rsa.com,www.sony.com"
-HTTP_USER_AGENT="$(/usr/local/bin/getTorBrowserUserAgent)"
diff --git a/config/chroot_local-includes/etc/default/kexec b/config/chroot_local-includes/etc/default/kexec
index 06999bb..ab6cc02 100644
--- a/config/chroot_local-includes/etc/default/kexec
+++ b/config/chroot_local-includes/etc/default/kexec
@@ -10,13 +10,12 @@ LOAD_KEXEC=true
KERNEL_IMAGE=/vmlinux
INITRD=/initrd.img
-# If empty, use current /proc/cmdline
-APPEND=""
-case "$RUNLEVEL" in
- 6)
- APPEND="${APPEND} sdmem=reboot sdmemopts=vllf"
- ;;
- *)
- APPEND="${APPEND} sdmem=halt sdmemopts=vllf"
- ;;
-esac
+rebooting() {
+ systemctl list-jobs systemd-reboot.service | grep -qs systemd-reboot.service
+}
+
+if rebooting ; then
+ APPEND="${APPEND} sdmem=reboot sdmemopts=vllf"
+else
+ APPEND="${APPEND} sdmem=halt sdmemopts=vllf"
+fi
diff --git a/config/chroot_local-includes/etc/ferm/ferm.conf b/config/chroot_local-includes/etc/ferm/ferm.conf
index bf65343..a7f4a32 100644
--- a/config/chroot_local-includes/etc/ferm/ferm.conf
+++ b/config/chroot_local-includes/etc/ferm/ferm.conf
@@ -80,6 +80,11 @@ domain ip {
mod owner uid-owner amnesia ACCEPT;
}
+ # White-list access to the accessibility daemon
+ daddr 127.0.0.1 proto tcp syn dport 4101 {
+ mod owner uid-owner amnesia ACCEPT;
+ }
+
# White-list access to I2P services for the amnesia user (IRC, SAM, POP3, SMTP, and Monotone)
# For more information, see https://tails/boum.org/contribute/design/I2P and https://geti2p.net/ports
daddr 127.0.0.1 proto tcp syn mod multiport destination-ports (6668 7656 7659 7660 8998) {
@@ -179,6 +184,13 @@ domain ip6 {
table filter {
chain INPUT {
policy DROP;
+
+ # White-list access to the accessibility daemon
+ interface lo saddr ::1 daddr ::1 proto tcp {
+ dport 4101 ACCEPT;
+ sport 4101 mod state state (RELATED ESTABLISHED) ACCEPT;
+ }
+
}
chain FORWARD {
@@ -187,6 +199,13 @@ domain ip6 {
chain OUTPUT {
policy DROP;
+
+ # White-list access to the accessibility daemon
+ outerface lo saddr ::1 daddr ::1 proto tcp {
+ dport 4101 mod owner uid-owner amnesia ACCEPT;
+ sport 4101 mod state state (RELATED ESTABLISHED) ACCEPT;
+ }
+
# Everything else is logged and dropped.
LOG log-prefix "Dropped outbound packet: " log-level debug log-uid;
REJECT reject-with icmp6-port-unreachable;
diff --git a/config/chroot_local-includes/etc/fonts/conf.avail/11-lcdfilter-default.conf b/config/chroot_local-includes/etc/fonts/conf.avail/11-lcdfilter-default.conf
deleted file mode 100644
index 040a4ac..0000000
--- a/config/chroot_local-includes/etc/fonts/conf.avail/11-lcdfilter-default.conf
+++ /dev/null
@@ -1,10 +0,0 @@
-<?xml version="1.0"?>
-<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
-<fontconfig>
-<!-- Use lcddefault as default for LCD filter -->
- <match target="font">
- <edit mode="assign" name="lcdfilter">
- <const>lcddefault</const>
- </edit>
- </match>
-</fontconfig>
diff --git a/config/chroot_local-includes/etc/fonts/conf.avail/12-hintstyle-hintslight.conf b/config/chroot_local-includes/etc/fonts/conf.avail/12-hintstyle-hintslight.conf
deleted file mode 100644
index b009389..0000000
--- a/config/chroot_local-includes/etc/fonts/conf.avail/12-hintstyle-hintslight.conf
+++ /dev/null
@@ -1,5 +0,0 @@
-<match target="font">
- <edit mode="assign" name="hintstyle">
- <const>hintslight</const>
- </edit>
-</match>
diff --git a/config/chroot_local-includes/etc/fonts/conf.avail/13-antialias.conf b/config/chroot_local-includes/etc/fonts/conf.avail/13-antialias.conf
deleted file mode 100644
index 58551f0..0000000
--- a/config/chroot_local-includes/etc/fonts/conf.avail/13-antialias.conf
+++ /dev/null
@@ -1,5 +0,0 @@
-<match target="font">
- <edit mode="assign" name="antialias">
- <bool>true</bool>
- </edit>
-</match> \ No newline at end of file
diff --git a/config/chroot_local-includes/etc/fonts/conf.d/10-autohint.conf b/config/chroot_local-includes/etc/fonts/conf.d/10-autohint.conf
deleted file mode 120000
index 0d3eeb4..0000000
--- a/config/chroot_local-includes/etc/fonts/conf.d/10-autohint.conf
+++ /dev/null
@@ -1 +0,0 @@
-../conf.avail/10-autohint.conf \ No newline at end of file
diff --git a/config/chroot_local-includes/etc/fonts/conf.d/10-sub-pixel-rgb.conf b/config/chroot_local-includes/etc/fonts/conf.d/10-sub-pixel-rgb.conf
deleted file mode 120000
index 5993503..0000000
--- a/config/chroot_local-includes/etc/fonts/conf.d/10-sub-pixel-rgb.conf
+++ /dev/null
@@ -1 +0,0 @@
-../conf.avail/10-sub-pixel-rgb.conf \ No newline at end of file
diff --git a/config/chroot_local-includes/etc/fonts/conf.d/11-lcdfilter-default.conf b/config/chroot_local-includes/etc/fonts/conf.d/11-lcdfilter-default.conf
deleted file mode 120000
index 5269f93..0000000
--- a/config/chroot_local-includes/etc/fonts/conf.d/11-lcdfilter-default.conf
+++ /dev/null
@@ -1 +0,0 @@
-../conf.avail/11-lcdfilter-default.conf \ No newline at end of file
diff --git a/config/chroot_local-includes/etc/fonts/conf.d/12-hintstyle-hintslight.conf b/config/chroot_local-includes/etc/fonts/conf.d/12-hintstyle-hintslight.conf
deleted file mode 120000
index d00c36c..0000000
--- a/config/chroot_local-includes/etc/fonts/conf.d/12-hintstyle-hintslight.conf
+++ /dev/null
@@ -1 +0,0 @@
-../conf.avail/12-hintstyle-hintslight.conf \ No newline at end of file
diff --git a/config/chroot_local-includes/etc/fonts/conf.d/13-antialias.conf b/config/chroot_local-includes/etc/fonts/conf.d/13-antialias.conf
deleted file mode 120000
index ceafcef..0000000
--- a/config/chroot_local-includes/etc/fonts/conf.d/13-antialias.conf
+++ /dev/null
@@ -1 +0,0 @@
-../conf.avail/13-antialias.conf \ No newline at end of file
diff --git a/config/chroot_local-includes/etc/fstab b/config/chroot_local-includes/etc/fstab
deleted file mode 100644
index 94a0e9a..0000000
--- a/config/chroot_local-includes/etc/fstab
+++ /dev/null
@@ -1 +0,0 @@
-proc /proc proc defaults,hidepid=2 0 0
diff --git a/config/chroot_local-includes/etc/gdm3/greeter.gconf-defaults b/config/chroot_local-includes/etc/gdm3/greeter.gconf-defaults
deleted file mode 100644
index 349ab13..0000000
--- a/config/chroot_local-includes/etc/gdm3/greeter.gconf-defaults
+++ /dev/null
@@ -1 +0,0 @@
-/desktop/gnome/interface/buttons_have_icons true
diff --git a/config/chroot_local-includes/etc/init.d/htpdate b/config/chroot_local-includes/etc/init.d/htpdate
deleted file mode 100755
index d13cf21..0000000
--- a/config/chroot_local-includes/etc/init.d/htpdate
+++ /dev/null
@@ -1,109 +0,0 @@
-#! /bin/sh
-### BEGIN INIT INFO
-# Provides: htpdate
-# Default-Start:
-# Default-Stop:
-# Required-Start: mountkernfs $local_fs
-# Required-Stop:
-# Short-Description: Set time using HTP
-# Description: Set time using HTP
-### END INIT INFO
-
-DESC="Setting time using HTP"
-NAME=htpdate
-SCRIPTNAME=/etc/init.d/$NAME
-HTP_DIR=/var/run/$NAME
-PIDFILE=$HTP_DIR/pid
-HTP_DONE_FILE=$HTP_DIR/done
-HTP_SUCCESS_FILE=$HTP_DIR/success
-LOG=/var/log/$NAME.log
-
-# Load the VERBOSE setting and other rcS variables
-. /lib/init/vars.sh
-
-# Define LSB log_* functions.
-# Depend on lsb-base (>= 3.2-14) to ensure that this file is present
-# and status_of_proc is working.
-. /lib/lsb/init-functions
-
-# Create status directory and log file
-install -o root -g root -m 0755 -d ${HTP_DIR}
-install -o htp -g nogroup -m 0644 /dev/null ${LOG}
-
-# Source configuration
-. /etc/default/$NAME
-
-log() {
- echo "$@" >> "${LOG}"
-}
-
-# Sanity checks
-if [ -z "$HTTP_USER_AGENT" ]; then
- log "HTTP_USER_AGENT is not set."
- exit 2
-fi
-if [ -z "$HTP_POOL_PAL" ]; then
- log "HTP_POOL_PAL is not set"
- exit 3
-fi
-if [ -z "$HTP_POOL_NEUTRAL" ]; then
- log "HTP_POOL_NEUTRAL is not set"
- exit 3
-fi
-if [ -z "$HTP_POOL_FOE" ]; then
- log "HTP_POOL_FOE is not set"
- exit 3
-fi
-
-do_start() {
- if [ -e "$HTP_DONE_FILE" ]; then
- rm -f "$HTP_DONE_FILE"
- fi
-
- if [ -e "$HTP_SUCCESS_FILE" ]; then
- rm -f "$HTP_SUCCESS_FILE"
- fi
-
- start-stop-daemon -S -q -p ${PIDFILE} -bm -x /usr/local/sbin/htpdate -- \
- --debug \
- --log_file "$LOG" \
- --user_agent "$HTTP_USER_AGENT" \
- --allowed_per_pool_failure_ratio 0.34 \
- --user htp \
- --done_file "$HTP_DONE_FILE" \
- --success_file "$HTP_SUCCESS_FILE" \
- --pal_pool "$HTP_POOL_PAL" \
- --neutral_pool "$HTP_POOL_NEUTRAL" \
- --foe_pool "$HTP_POOL_FOE" \
- --proxy 127.0.0.1:9062
-
- return $?
-}
-
-do_stop() {
- start-stop-daemon -K -q -p ${PIDFILE}
-}
-
-case "$1" in
- start)
- [ "$VERBOSE" != no ] && log_daemon_msg "$DESC" "$NAME"
- do_start
- case "$?" in
- 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
- 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
- esac
- ;;
- stop)
- do_stop
- ;;
- restart)
- do_stop
- do_start
- ;;
- *)
- echo "Usage: $SCRIPTNAME (start|stop|restart)" >&2
- exit 3
- ;;
-esac
-
-:
diff --git a/config/chroot_local-includes/etc/init.d/tails-autotest-remote-shell b/config/chroot_local-includes/etc/init.d/tails-autotest-remote-shell
deleted file mode 100755
index d035f74..0000000
--- a/config/chroot_local-includes/etc/init.d/tails-autotest-remote-shell
+++ /dev/null
@@ -1,75 +0,0 @@
-#! /bin/sh
-### BEGIN INIT INFO
-# Provides: tails-autotest-remote-shell
-# Required-Start: mountkernfs $local_fs
-# Required-Stop:
-# Default-Start: 2 3 4 5
-# Default-Stop:
-# X-Start-Before: $x-display-manager gdm gdm3
-# Short-Description: Remote shell (over serial link) used in Tails test suite
-# Description: Remote shell (over serial link) used in Tails test suite
-### END INIT INFO
-
-# Author: Tails Developers <tails@boum.org>
-
-# PATH should only include /usr/* if it runs after the mountnfs.sh script
-PATH="/usr/sbin:/usr/bin:/sbin:/bin"
-DESC="Remote shell (over serial link) used in Tails test suite"
-NAME="tails-autotest-remote-shell"
-SCRIPTNAME="/etc/init.d/${NAME}"
-DAEMON="/usr/local/lib/${NAME}"
-DAEMON_ARGS="/dev/ttyS0"
-
-# Exit if not run by Tails automated test suite. The if-construction
-# below may seem silly but we really want to only continue running
-# this script this if the expected kernel command-line option is
-# present. Fail safe, not open, and all that.
-if grep -qw "autotest_never_use_this_option" /proc/cmdline
-then
- :
-else
- exit 0
-fi
-
-# Load the VERBOSE setting and other rcS variables
-. /lib/init/vars.sh
-
-# Define LSB log_* functions.
-# Depend on lsb-base (>= 3.2-14) to ensure that this file is present
-# and status_of_proc is working.
-. /lib/lsb/init-functions
-
-wait_until_remote_shell_is_listening()
-{
- REMOTE_SHELL_STATE_FILE=/var/lib/live/autotest-remote-shell-running
- until [ -e "${REMOTE_SHELL_STATE_FILE}" ]; do
- sleep 1
- done
-}
-
-do_start()
-{
- start-stop-daemon \
- --start \
- --quiet \
- --background \
- --exec ${DAEMON} -- ${DAEMON_ARGS}
- wait_until_remote_shell_is_listening
-}
-
-case "${1}" in
- start)
- [ "${VERBOSE}" != no ] && log_daemon_msg "${DESC}" "${NAME}"
- do_start
- [ "${VERBOSE}" != no ] && log_end_msg ${?}
- ;;
- restart|reload|stop|force-reload)
- :
- ;;
- *)
- echo "Usage: ${SCRIPTNAME} start" >&2
- exit 1
- ;;
-esac
-
-:
diff --git a/config/chroot_local-includes/etc/init.d/tails-detect-virtualization b/config/chroot_local-includes/etc/init.d/tails-detect-virtualization
deleted file mode 100755
index 314dd23..0000000
--- a/config/chroot_local-includes/etc/init.d/tails-detect-virtualization
+++ /dev/null
@@ -1,56 +0,0 @@
-#! /bin/sh
-### BEGIN INIT INFO
-# Provides: tails-detect-virtualization
-# Required-Start: mountkernfs $local_fs
-# Required-Stop: $local_fs
-# Default-Start: S
-# Default-Stop:
-# Short-Description: Detect if we are running in a virtual machine
-# Description: Detect if we are running in a virtual machine
-### END INIT INFO
-
-# Author: amnesia <amnesia@boum.org>
-
-# PATH should only include /usr/* if it runs after the mountnfs.sh script
-PATH=/usr/sbin:/usr/bin:/sbin:/bin
-DESC="Detecting if we are running in a virtual machine"
-NAME=tails-detect-virtualization
-VIRTWHAT=/usr/sbin/virt-what
-SCRIPTNAME=/etc/init.d/$NAME
-
-# Exit if virt-what is not installed
-[ -x "$VIRTWHAT" ] || exit 0
-
-# Load the VERBOSE setting and other rcS variables
-. /lib/init/vars.sh
-
-# Define LSB log_* functions.
-# Depend on lsb-base (>= 3.2-14) to ensure that this file is present
-# and status_of_proc is working.
-. /lib/lsb/init-functions
-
-do_start()
-{
- mkdir -p /var/lib/live
- /bin/bash "${VIRTWHAT}" > /var/lib/live/detected-virtual-machine
-}
-
-case "$1" in
- start)
- [ "$VERBOSE" != no ] && log_daemon_msg "$DESC" "$NAME"
- do_start
- case "$?" in
- 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
- 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
- esac
- ;;
- restart|reload|stop|force-reload)
- :
- ;;
- *)
- echo "Usage: $SCRIPTNAME start" >&2
- exit 3
- ;;
-esac
-
-:
diff --git a/config/chroot_local-includes/etc/init.d/tails-kexec b/config/chroot_local-includes/etc/init.d/tails-kexec
deleted file mode 100755
index 308f8d9..0000000
--- a/config/chroot_local-includes/etc/init.d/tails-kexec
+++ /dev/null
@@ -1,115 +0,0 @@
-#! /bin/sh
-### BEGIN INIT INFO
-# Provides: tails-kexec
-# Required-Start:
-# Required-Stop: halt reboot
-# X-Stop-After: umountroot live-boot
-# Default-Start:
-# Default-Stop: 0 6
-# X-Interactive: true
-# Short-Description: Execute the kexec -e command to reboot system
-# Description:
-### END INIT INFO
-
-# FIXME: this script should be translatable in a better way than the
-# ugly case..esac thing. Note that using gettext at this point -i.e.
-# after the DVD has been ejected- is probably too brittle. A possible
-# solution would be to turn this script into a .in file, with
-# placeholders for translatable string. Translatable strings and their
-# translations could be managed by ikiwiki+po, and the placeholders
-# could be replaced at boot time -depending on the chosen locale- by
-# the appropriate strings. Unfortunately po4a does not support shell
-# scripts.
-
-PATH=/sbin:/bin
-
-print_text () {
- echo "$1" > /dev/console
-}
-
-print_empty_line () {
- print_text ''
-}
-
-do_stop () {
- test "x`/bin/cat /sys/kernel/kexec_loaded`y" = "x1y" || exit 0
-
- /bin/stty sane < /dev/console
-
- print_empty_line
- print_empty_line
- print_text "--------------------------------------------------------------------------------"
-
- # $LANG was set there by the FIXME live-config upstream script
- . /etc/default/locale
-
- # Note to translators: any text line must fit on a 80 characters wide screen
- case "${LANG}" in
- es_ES.UTF-8)
- print_text " Puede ahora retirar el DVD o el USB de arranque."
- print_empty_line
- print_text " Se borrará dentro de pocos segundos la memoria RAM del sistema..."
- print_empty_line
- print_text "Pueden aparecer problemas de visualización en el monitor durante esta operación."
- print_empty_line
- print_text " If the system does not power off automatically in a few seconds,"
- print_text " it may mean the memory wiping has failed."
- ;;
- fr_FR.UTF-8)
- print_text " Vous pouvez maintenant retirer le DVD / clé USB de boot."
- print_empty_line
- print_text " La mémoire vive va être effacée dans quelques secondes..."
- print_empty_line
- print_text " Il est possible que l'affichage soit corrompu au cours de cette opération."
- print_empty_line
- print_text " Si l'ordinateur ne s'éteint pas automatiquement après quelques secondes,"
- print_text " il est possible que l'effacement de la mémoire ait échoué."
- ;;
- it*)
- print_text " Adesso puoi rimuovere il cd o la penna USB."
- print_empty_line
- print_text " La memoria del computer verra' cancellata tra pochi secondi..."
- print_empty_line
- print_text " Il display potra' essere corrotto durante questa operazione."
- print_empty_line
- print_text " Se vostro PC non si spegnera' automaticamente in pochi secondi"
- print_text " la cancellazione della memoria potrebbe essere incompleta."
-
- ;;
- *)
- print_text " You can now remove the boot DVD or USB stick."
- print_empty_line
- print_text " The system memory is going to be wiped in a few seconds..."
- print_empty_line
- print_text " Display might be corrupted during this operation."
- print_empty_line
- print_text " If the system does not power off automatically in a few seconds,"
- print_text " it may mean the memory wiping has failed."
- ;;
- esac
-
- print_text "--------------------------------------------------------------------------------"
- print_empty_line
- print_empty_line
-
- /bin/sleep 5
- /sbin/kexec -e --reset-vga
-}
-
-case "$1" in
- start)
- # No-op
- ;;
- restart|reload|force-reload)
- echo "Error: argument '$1' not supported" >&2
- exit 3
- ;;
- stop)
- do_stop
- ;;
- *)
- echo "Usage: $0 start|stop" >&2
- exit 3
- ;;
-esac
-exit 0
diff --git a/config/chroot_local-includes/etc/init.d/tails-reconfigure-kexec b/config/chroot_local-includes/etc/init.d/tails-reconfigure-kexec
deleted file mode 100755
index 669b16b..0000000
--- a/config/chroot_local-includes/etc/init.d/tails-reconfigure-kexec
+++ /dev/null
@@ -1,32 +0,0 @@
-#! /bin/sh
-### BEGIN INIT INFO
-# Provides: tails-reconfigure-kexec
-# Required-Start: $local_fs
-# Required-Stop:
-# Default-Start: 2 3 4 5
-# Default-Stop:
-# Short-Description: Reconfigure kexec depending on running kernel
-# Description: Reconfigure kexec depending on running kernel
-### END INIT INFO
-
-PATH="/usr/local/bin:${PATH}"
-KEXEC_CONF=/etc/default/kexec
-
-case "$1" in
- start)
- KERNEL_IMAGE=$(tails-boot-to-kexec kernel $(tails-get-bootinfo kernel))
- INITRD=$(tails-boot-to-kexec initrd $(tails-get-bootinfo initrd))
- echo "KERNEL_IMAGE=\"${KERNEL_IMAGE}\"" >> "$KEXEC_CONF"
- echo "INITRD=\"${INITRD}\"" >> "$KEXEC_CONF"
- if grep -qw debug=wipemem /proc/cmdline; then
- echo 'APPEND="${APPEND} sdmemdebug=1"' >> "$KEXEC_CONF"
- else
- echo 'APPEND="${APPEND} quiet"' >> "$KEXEC_CONF"
- fi
- ;;
- *)
- echo "Usage: $0 start" >&2
- exit 3
- ;;
-esac
-exit 0
diff --git a/config/chroot_local-includes/etc/init.d/tails-reconfigure-memlockd b/config/chroot_local-includes/etc/init.d/tails-reconfigure-memlockd
deleted file mode 100755
index 925bbf4..0000000
--- a/config/chroot_local-includes/etc/init.d/tails-reconfigure-memlockd
+++ /dev/null
@@ -1,35 +0,0 @@
-#! /bin/sh
-### BEGIN INIT INFO
-# Provides: tails-reconfigure-memlockd
-# Required-Start: $local_fs
-# Required-Stop:
-# Default-Start: 2 3 4 5
-# Default-Stop:
-# X-Start-Before: memlockd
-# Short-Description: Reconfigure memlockd depending on running kernel
-# Description: Reconfigure memlockd depending on running kernel
-### END INIT INFO
-
-PATH="/usr/local/bin:${PATH}"
-MEMLOCKD_CONF=/etc/memlockd.cfg
-
-case "$1" in
- start)
- tails-boot-to-kexec kernel $(tails-get-bootinfo kernel) \
- >> "$MEMLOCKD_CONF"
- tails-boot-to-kexec initrd $(tails-get-bootinfo initrd) \
- >> "$MEMLOCKD_CONF"
-
- # Tell sendsigs to forget about memlockd. Together with
- # not calling 'memlockd stop' on shutdown, we have a
- # strong chance that what tails-kexec needs will be available.
- mkdir -p /lib/init/rw/sendsigs.omit.d
- rm -f /lib/init/rw/sendsigs.omit.d/memlockd
- ln -s /var/run/memlockd.pid /lib/init/rw/sendsigs.omit.d/memlockd
- ;;
- *)
- echo "Usage: $0 start" >&2
- exit 3
- ;;
-esac
-exit 0
diff --git a/config/chroot_local-includes/etc/init.d/tails-sdmem-on-media-removal b/config/chroot_local-includes/etc/init.d/tails-sdmem-on-media-removal
deleted file mode 100755
index 15a563f..0000000
--- a/config/chroot_local-includes/etc/init.d/tails-sdmem-on-media-removal
+++ /dev/null
@@ -1,61 +0,0 @@
-#! /bin/sh
-### BEGIN INIT INFO
-# Provides: tails-sdmem-on-media-removal
-# Required-Start: udev $local_fs memlockd tails-reconfigure-memlockd tails-reconfigure-kexec
-# Required-Stop: $local_fs memlockd
-# Default-Start: 2 3 4 5
-# Default-Stop: 0 6
-# Short-Description: Wipe memory on live media removal.
-# Description: Tails-specific memory wiping script in case the live media is removed.
-### END INIT INFO
-
-# Author: Tails developers <amnesia@boum.org>
-
-PATH=/usr/local/sbin/:/sbin:/bin
-DESC="memory wiping on live media removal"
-NAME=tails-sdmem-on-media-removal
-WATCHDOG=/usr/local/sbin/udev-watchdog-wrapper
-SCRIPTNAME=/etc/init.d/$NAME
-PIDFILE=/var/run/udev-watchdog
-
-# Exit if the package is not installed
-[ -x "$WATCHDOG" ] || exit 0
-
-# Define LSB log_* functions.
-# Depend on lsb-base (>= 3.2-14) to ensure that this file is present
-# and status_of_proc is working.
-. /lib/lsb/init-functions
-
-case "$1" in
- start)
- log_daemon_msg "Setting up $DESC"
- $WATCHDOG &
- case "$?" in
- 0|1)
- sleep 5 && /bin/pidof /usr/local/sbin/udev-watchdog > $PIDFILE
- log_end_msg 0
- ;;
- 2) log_end_msg 1 ;;
- esac
- ;;
- stop)
- log_daemon_msg "Stopping $DESC"
- kill `cat $PIDFILE`
- case "$?" in
- 0|1)
- rm -f $PIDFILE
- log_end_msg 0
- ;;
- 2) log_end_msg 1 ;;
- esac
- ;;
- restart|reload|force-reload|status)
- # No-op
- ;;
- *)
-echo "Usage: $SCRIPTNAME start|stop" >&2
- exit 3
- ;;
-esac
-
-:
diff --git a/config/chroot_local-includes/etc/init.d/tails-set-wireless-devices-state b/config/chroot_local-includes/etc/init.d/tails-set-wireless-devices-state
deleted file mode 100755
index 89b3a02..0000000
--- a/config/chroot_local-includes/etc/init.d/tails-set-wireless-devices-state
+++ /dev/null
@@ -1,21 +0,0 @@
-#! /bin/sh
-### BEGIN INIT INFO
-# Provides: tails-set-wireless-devices-state
-# Required-Start: mountkernfs $local_fs udev
-# Required-Stop:
-# Default-Start: 2 3 4 5
-# Default-Stop:
-# Short-Description: Set proper default state on wireless devices
-# Description: Set proper default state on wireless devices
-### END INIT INFO
-
-case "$1" in
- start)
- /usr/local/sbin/tails-set-wireless-devices-state &
- ;;
- *)
- echo "Usage: $0 start" >&2
- exit 3
- ;;
-esac
-exit 0
diff --git a/config/chroot_local-includes/etc/init.d/tor-controlport-filter b/config/chroot_local-includes/etc/init.d/tor-controlport-filter
deleted file mode 100755
index 584d0ce..0000000
--- a/config/chroot_local-includes/etc/init.d/tor-controlport-filter
+++ /dev/null
@@ -1,27 +0,0 @@
-#! /bin/sh
-### BEGIN INIT INFO
-# Provides: tor-controlport-filter
-# Required-Start: $remote_fs
-# Required-Stop:
-# Default-Start: 2 3 4 5
-# Default-Stop:
-# Short-Description: Tor control port filter proxy
-# Description: Tor control port filter proxy
-### END INIT INFO
-
-case "$1" in
- start)
- start-stop-daemon \
- --start \
- --quiet \
- --background \
- --chuid tor-controlport-filter:tor-controlport-filter \
- --exec /usr/local/sbin/tor-controlport-filter
- ;;
- *)
- echo "Usage: $0 start" >&2
- exit 3
- ;;
-esac
-
-exit 0
diff --git a/config/chroot_local-includes/etc/live/config.d/user-default-groups.conf b/config/chroot_local-includes/etc/live/config.d/user-default-groups.conf
index 1b7eb0c..b8970bc 100644
--- a/config/chroot_local-includes/etc/live/config.d/user-default-groups.conf
+++ b/config/chroot_local-includes/etc/live/config.d/user-default-groups.conf
@@ -1 +1 @@
-LIVE_USER_DEFAULT_GROUPS="audio cdrom dialout floppy video plugdev netdev powerdev fuse scanner lp lpadmin vboxsf"
+LIVE_USER_DEFAULT_GROUPS="audio cdrom dialout floppy video plugdev netdev powerdev scanner lp lpadmin vboxsf"
diff --git a/config/chroot_local-includes/etc/live/config.d/x-session-manager.conf b/config/chroot_local-includes/etc/live/config.d/x-session-manager.conf
deleted file mode 100644
index 2b7b0ea..0000000
--- a/config/chroot_local-includes/etc/live/config.d/x-session-manager.conf
+++ /dev/null
@@ -1 +0,0 @@
-LIVE_X_SESSION_MANAGER=/usr/bin/gnome-session-fallback
diff --git a/config/chroot_local-includes/etc/memlockd.cfg b/config/chroot_local-includes/etc/memlockd.cfg
index f29847b..be992b3 100644
--- a/config/chroot_local-includes/etc/memlockd.cfg
+++ b/config/chroot_local-includes/etc/memlockd.cfg
@@ -1,12 +1,12 @@
+/bin/cat
-+/bin/chvt
+/bin/echo
+/bin/sh
+/bin/sleep
+/bin/stty
/etc/default/locale
/etc/init.d/kexec-load
-/etc/init.d/tails-kexec
+/lib/systemd/system-shutdown/tails-kexec
+/sbin/kexec
+/usr/bin/eject
+/usr/bin/pkill
++/usr/local/sbin/udev-watchdog
diff --git a/config/chroot_local-includes/etc/polkit-1/localauthority/10-vendor.d/org.boum.tails.pkla b/config/chroot_local-includes/etc/polkit-1/localauthority/10-vendor.d/org.boum.tails.pkla
index 672ad75..93e04cb 100644
--- a/config/chroot_local-includes/etc/polkit-1/localauthority/10-vendor.d/org.boum.tails.pkla
+++ b/config/chroot_local-includes/etc/polkit-1/localauthority/10-vendor.d/org.boum.tails.pkla
@@ -1,14 +1,16 @@
[Modify internal storage devices]
Identity=unix-user:tails-persistence-setup
-Action=org.freedesktop.udisks.change-system-internal
+Action=org.freedesktop.udisks2.modify-device-system
ResultAny=yes
+ResultActive=yes
+ResultInactive=yes
[Mount internal storage devices]
Identity=unix-user:tails-persistence-setup
-Action=org.freedesktop.udisks.filesystem-mount-system-internal
+Action=org.freedesktop.udisks2.filesystem-mount-system
ResultAny=yes
[Unlock encrypted storage devices]
Identity=unix-user:tails-persistence-setup
-Action=org.freedesktop.udisks.luks-unlock
+Action=org.freedesktop.udisks2.encrypted-unlock-system
ResultAny=yes
diff --git a/config/chroot_local-includes/etc/skel/.config/gnome-panel/panel-default-layout.layout b/config/chroot_local-includes/etc/skel/.config/gnome-panel/panel-default-layout.layout
deleted file mode 100644
index 5b6386f..0000000
--- a/config/chroot_local-includes/etc/skel/.config/gnome-panel/panel-default-layout.layout
+++ /dev/null
@@ -1,74 +0,0 @@
-[Toplevel top-panel]
-expand=true
-orientation=top
-size=24
-
-[Toplevel bottom-panel]
-expand=true
-orientation=bottom
-size=24
-y-bottom=0
-
-[Object menu-bar]
-object-iid=PanelInternalFactory::MenuBar
-toplevel-id=top-panel
-pack-index=0
-
-[Object tor-browser-launcher]
-object-iid=PanelInternalFactory::Launcher
-toplevel-id=top-panel
-pack-index=1
-@instance-config/location='/usr/share/applications/tor-browser.desktop'
-
-[Object claws-launcher]
-object-iid=PanelInternalFactory::Launcher
-toplevel-id=top-panel
-pack-index=2
-@instance-config/location='/usr/share/applications/claws-mail.desktop'
-
-[Object pidgin-launcher]
-object-iid=PanelInternalFactory::Launcher
-toplevel-id=top-panel
-pack-index=3
-@instance-config/location='/usr/share/applications/pidgin.desktop'
-
-[Object keepassx-launcher]
-object-iid=PanelInternalFactory::Launcher
-toplevel-id=top-panel
-pack-index=4
-@instance-config/location='/usr/share/applications/keepassx.desktop'
-
-[Object gnome-terminal-launcher]
-object-iid=PanelInternalFactory::Launcher
-toplevel-id=top-panel
-pack-index=5
-@instance-config/location='/usr/share/applications/gnome-terminal.desktop'
-
-[Object clock]
-object-iid=ClockAppletFactory::ClockApplet
-toplevel-id=top-panel
-pack-type=center
-pack-index=0
-
-[Object notification-area]
-object-iid=NotificationAreaAppletFactory::NotificationArea
-toplevel-id=top-panel
-pack-type=end
-pack-index=1
-
-[Object shutdown-helper]
-object-iid=ShutdownHelperFactory::ShutdownHelperApplet
-toplevel-id=top-panel
-pack-type=end
-pack-index=0
-
-[Object window-list]
-object-iid=WnckletFactory::WindowListApplet
-toplevel-id=bottom-panel
-pack-index=0
-
-[Object workspace-switcher]
-object-iid=WnckletFactory::WorkspaceSwitcherApplet
-toplevel-id=bottom-panel
-pack-type=end
-pack-index=0
diff --git a/config/chroot_local-includes/etc/skel/.config/menus/gnome-applications.menu b/config/chroot_local-includes/etc/skel/.config/menus/gnome-applications.menu
deleted file mode 100644
index a35e9db..0000000
--- a/config/chroot_local-includes/etc/skel/.config/menus/gnome-applications.menu
+++ /dev/null
@@ -1,16 +0,0 @@
-<!DOCTYPE Menu
- PUBLIC '-//freedesktop//DTD Menu 1.0//EN'
- 'http://standards.freedesktop.org/menu-spec/menu-1.0.dtd'>
-<Menu>
- <Name>Applications</Name>
- <MergeFile type="parent">/etc/xdg/menus/gnome-applications.menu</MergeFile>
- <Menu>
- <Name>System</Name>
- <Exclude>
- <Filename>gdmflexiserver-xnest.desktop</Filename>
- </Exclude>
- <Exclude>
- <Filename>gdmflexiserver.desktop</Filename>
- </Exclude>
- </Menu>
-</Menu>
diff --git a/config/chroot_local-includes/etc/skel/.config/menus/gnome-settings.menu b/config/chroot_local-includes/etc/skel/.config/menus/gnome-settings.menu
deleted file mode 100644
index d5a623b..0000000
--- a/config/chroot_local-includes/etc/skel/.config/menus/gnome-settings.menu
+++ /dev/null
@@ -1,23 +0,0 @@
-<!DOCTYPE Menu
- PUBLIC '-//freedesktop//DTD Menu 1.0//EN'
- 'http://standards.freedesktop.org/menu-spec/menu-1.0.dtd'>
-
-<Menu>
- <Name>Desktop</Name>
- <MergeFile type="parent">/etc/xdg/menus/gnome-settings.menu</MergeFile>
- <Menu>
- <Name>Preferences</Name>
- <Exclude>
- <Filename>gnome-about-me.desktop</Filename>
- </Exclude>
- <Exclude>
- <Filename>gnome-network-properties.desktop</Filename>
- </Exclude>
- </Menu>
- <Menu>
- <Name>Administration</Name>
- <Exclude>
- <Filename>gdmsetup.desktop</Filename>
- </Exclude>
- </Menu>
-</Menu>
diff --git a/config/chroot_local-includes/etc/sudoers.d/zzz_halt b/config/chroot_local-includes/etc/sudoers.d/zzz_halt
index 9524f91..d0d146f 100644
--- a/config/chroot_local-includes/etc/sudoers.d/zzz_halt
+++ b/config/chroot_local-includes/etc/sudoers.d/zzz_halt
@@ -1,2 +1,2 @@
-amnesia ALL = NOPASSWD: /sbin/halt
+amnesia ALL = NOPASSWD: /sbin/poweroff
amnesia ALL = NOPASSWD: /sbin/reboot
diff --git a/config/chroot_local-includes/etc/sudoers.d/zzz_tor-has-bootstrapped b/config/chroot_local-includes/etc/sudoers.d/zzz_tor-has-bootstrapped
deleted file mode 100644
index 4fe207d..0000000
--- a/config/chroot_local-includes/etc/sudoers.d/zzz_tor-has-bootstrapped
+++ /dev/null
@@ -1 +0,0 @@
-amnesia ALL = (debian-tor) NOPASSWD: /usr/local/sbin/tor-has-bootstrapped
diff --git a/config/chroot_local-includes/etc/sudoers.d/zzz_upgrade b/config/chroot_local-includes/etc/sudoers.d/zzz_upgrade
index aeb936f..ac29a44 100644
--- a/config/chroot_local-includes/etc/sudoers.d/zzz_upgrade
+++ b/config/chroot_local-includes/etc/sudoers.d/zzz_upgrade
@@ -11,6 +11,5 @@ tails-upgrade-frontend ALL = (tails-install-iuk) NOPASSWD: /usr/bin/tail
tails-upgrade-frontend ALL = (tails-iuk-get-target-file) NOPASSWD: IUK_GET_TARGET_FILE
tails-upgrade-frontend ALL = (tails-iuk-get-target-file) NOPASSWD: /usr/bin/tails-iuk-mktemp-get-target-file ""
tails-upgrade-frontend ALL = NOPASSWD: /sbin/reboot ""
-tails-upgrade-frontend ALL = (debian-tor) NOPASSWD: /usr/local/sbin/tor-has-bootstrapped ""
tails-install-iuk ALL = NOPASSWD: INSTALL_IUK
diff --git a/config/chroot_local-includes/etc/udev/rules.d/70-protect-boot-medium-for-udisks.rules b/config/chroot_local-includes/etc/udev/rules.d/70-protect-boot-medium-for-udisks.rules
index e429924..b4cdfbd 100644
--- a/config/chroot_local-includes/etc/udev/rules.d/70-protect-boot-medium-for-udisks.rules
+++ b/config/chroot_local-includes/etc/udev/rules.d/70-protect-boot-medium-for-udisks.rules
@@ -4,7 +4,7 @@ KERNEL!="sd?*|mmcblk?*|mspblk?*", GOTO="bilibop_end"
SUBSYSTEMS=="usb|firewire|memstick|mmc", \
PROGRAM=="/lib/bilibop/test $tempnode", \
- ENV{UDISKS_SYSTEM_INTERNAL}:="1", \
+ ENV{UDISKS_SYSTEM}:="1", \
GROUP:="disk", \
GOTO="bilibop_disk"
diff --git a/config/chroot_local-includes/etc/udev/rules.d/99-hide-TailsData.rules b/config/chroot_local-includes/etc/udev/rules.d/99-hide-TailsData.rules
index 60c8378..7027a5a 100644
--- a/config/chroot_local-includes/etc/udev/rules.d/99-hide-TailsData.rules
+++ b/config/chroot_local-includes/etc/udev/rules.d/99-hide-TailsData.rules
@@ -1 +1 @@
-ENV{UDISKS_PARTITION_LABEL}=="TailsData", ENV{UDISKS_PRESENTATION_HIDE}="1"
+ENV{UDISKS_PARTITION_LABEL}=="TailsData", ENV{UDISKS_IGNORE}="1"
diff --git a/config/chroot_local-includes/etc/udev/rules.d/99-make-removable-devices-user-writable.rules b/config/chroot_local-includes/etc/udev/rules.d/99-make-removable-devices-user-writable.rules
new file mode 100644
index 0000000..482f550
--- /dev/null
+++ b/config/chroot_local-includes/etc/udev/rules.d/99-make-removable-devices-user-writable.rules
@@ -0,0 +1,3 @@
+# This is essentially borrowed from /lib/udev/rules.d/91-permissions.rules
+# in order to workaround #8273.
+SUBSYSTEM=="block", ACTION=="add", SUBSYSTEMS=="usb|mmc", GROUP="floppy"
diff --git a/config/chroot_local-includes/etc/whisperback/config.py b/config/chroot_local-includes/etc/whisperback/config.py
index 5142b7f..30a7a54 100644
--- a/config/chroot_local-includes/etc/whisperback/config.py
+++ b/config/chroot_local-includes/etc/whisperback/config.py
@@ -138,7 +138,7 @@ def mail_prepended_info():
tails_version_process = subprocess.Popen ("tails-version",
stdout=subprocess.PIPE)
tails_version_process.wait()
- tails_version = tails_version_process.stdout.read()
+ tails_version = tails_version_process.stdout.read().decode('utf-8')
except OSError:
tails_version = "tails-version command not found"
except subprocess.CalledProcessError:
@@ -163,7 +163,7 @@ def mail_appended_info():
process = subprocess.Popen (["sudo", "/usr/local/sbin/tails-debugging-info"],
stdout=subprocess.PIPE)
for line in process.stdout:
- debugging_info += line
+ debugging_info += line.decode('utf-8')
process.wait()
except OSError:
debugging_info += "sudo command not found\n"
diff --git a/config/chroot_local-includes/etc/xdg/autostart/add-GNOME-bookmarks.desktop b/config/chroot_local-includes/etc/xdg/autostart/add-GNOME-bookmarks.desktop
deleted file mode 100644
index 2e83c5b..0000000
--- a/config/chroot_local-includes/etc/xdg/autostart/add-GNOME-bookmarks.desktop
+++ /dev/null
@@ -1,10 +0,0 @@
-[Desktop Entry]
-Name=add-GNOME-bookmarks
-GenericName=add GTK bookmarks to some directories
-Comment=display some directories in Places and GtkFileChooser
-Exec=/usr/local/lib/add-GNOME-bookmarks
-Terminal=false
-Type=Application
-Categories=GNOME;X-GNOME-PersonalSettings;
-NoDisplay=true
-MimeType=application/x-add-GNOME-bookmarks;
diff --git a/config/chroot_local-includes/etc/xdg/autostart/create-tor-browser-directories.desktop b/config/chroot_local-includes/etc/xdg/autostart/create-tor-browser-directories.desktop
deleted file mode 100644
index 349743e..0000000
--- a/config/chroot_local-includes/etc/xdg/autostart/create-tor-browser-directories.desktop
+++ /dev/null
@@ -1,10 +0,0 @@
-[Desktop Entry]
-Name=create-tor-browser-directories
-GenericName=Create the Tor Browser directories
-Comment=Create the Tor Browser amnesiac and persistent directories
-Exec=/usr/local/lib/create-tor-browser-directories
-Terminal=false
-Type=Application
-Categories=GNOME;X-GNOME-PersonalSettings;
-NoDisplay=true
-MimeType=application/x-create-tor-browser-directories;
diff --git a/config/chroot_local-includes/etc/xdg/autostart/save-im-environment.desktop b/config/chroot_local-includes/etc/xdg/autostart/save-im-environment.desktop
deleted file mode 100644
index ebe8d8b..0000000
--- a/config/chroot_local-includes/etc/xdg/autostart/save-im-environment.desktop
+++ /dev/null
@@ -1,10 +0,0 @@
-[Desktop Entry]
-Name=tails-save-im-environment
-GenericName=save Desktop IM environment
-Comment=save Desktop IM environment so that Tor Browser can use it
-Exec=/usr/local/bin/tails-save-im-environment
-Terminal=false
-Type=Application
-Categories=GNOME;X-GNOME-PersonalSettings;
-NoDisplay=true
-MimeType=application/x-tails-save-im-environment;
diff --git a/config/chroot_local-includes/etc/xdg/autostart/security-check.desktop b/config/chroot_local-includes/etc/xdg/autostart/security-check.desktop
deleted file mode 100644
index 27d2612..0000000
--- a/config/chroot_local-includes/etc/xdg/autostart/security-check.desktop
+++ /dev/null
@@ -1,10 +0,0 @@
-[Desktop Entry]
-Name=tails-security-check
-GenericName=check Tails known security issues
-Comment=check Tails known security issues
-Exec=/usr/local/bin/tails-security-check-wrapper
-Terminal=false
-Type=Application
-Categories=GNOME;X-GNOME-PersonalSettings;
-NoDisplay=true
-MimeType=application/x-tails-security-check;
diff --git a/config/chroot_local-includes/etc/xdg/autostart/systemd-desktop-target.desktop b/config/chroot_local-includes/etc/xdg/autostart/systemd-desktop-target.desktop
new file mode 100644
index 0000000..fd38823
--- /dev/null
+++ b/config/chroot_local-includes/etc/xdg/autostart/systemd-desktop-target.desktop
@@ -0,0 +1,8 @@
+[Desktop Entry]
+Name=systemd Desktop target
+GenericName=Start the Desktop target in the systemd user session
+Version=1.0
+Exec=/usr/local/lib/start-systemd-desktop-target
+Terminal=false
+Type=Application
+Categories=
diff --git a/config/chroot_local-includes/etc/xdg/autostart/tails-configure-keyboard.desktop b/config/chroot_local-includes/etc/xdg/autostart/tails-configure-keyboard.desktop
deleted file mode 100644
index 03618a2..0000000
--- a/config/chroot_local-includes/etc/xdg/autostart/tails-configure-keyboard.desktop
+++ /dev/null
@@ -1,10 +0,0 @@
-[Desktop Entry]
-Name=tails-configure-keyboard
-GenericName=configure the keyboard layout
-Comment=configure the keyboard layout according to settings chosen in Tails Greeter
-Exec=/usr/local/bin/tails-configure-keyboard
-Terminal=false
-Type=Application
-Categories=GNOME;X-GNOME-PersonalSettings;
-NoDisplay=true
-MimeType=application/x-tails-configure-keyboard;
diff --git a/config/chroot_local-includes/etc/xdg/autostart/tails-upgrade-frontend.desktop b/config/chroot_local-includes/etc/xdg/autostart/tails-upgrade-frontend.desktop
deleted file mode 100644
index 7a4fa01..0000000
--- a/config/chroot_local-includes/etc/xdg/autostart/tails-upgrade-frontend.desktop
+++ /dev/null
@@ -1,10 +0,0 @@
-[Desktop Entry]
-Name=tails-upgrade-frontend
-GenericName=check available Tails upgrades
-Comment=check available Tails upgrades
-Exec=/usr/local/bin/tails-upgrade-frontend-wrapper
-Terminal=false
-Type=Application
-Categories=GNOME;X-GNOME-PersonalSettings;
-NoDisplay=true
-MimeType=application/x-tails-upgrade-frontend;
diff --git a/config/chroot_local-includes/etc/xdg/autostart/tails-warn-about-disabled-persistence.desktop b/config/chroot_local-includes/etc/xdg/autostart/tails-warn-about-disabled-persistence.desktop
deleted file mode 100644
index 17745da..0000000
--- a/config/chroot_local-includes/etc/xdg/autostart/tails-warn-about-disabled-persistence.desktop
+++ /dev/null
@@ -1,9 +0,0 @@
-[Desktop Entry]
-Name=tails-warn-about-disabled-persistence
-GenericName=Warn when unmigrated or insecure persistence settings are found
-Version=1.0
-Exec=/usr/local/bin/tails-warn-about-disabled-persistence
-Terminal=false
-Type=Application
-NoDisplay=true
-Categories=Application;Utility
diff --git a/config/chroot_local-includes/etc/xdg/autostart/virt-notify.desktop b/config/chroot_local-includes/etc/xdg/autostart/virt-notify.desktop
deleted file mode 100644
index c0ba8a3..0000000
--- a/config/chroot_local-includes/etc/xdg/autostart/virt-notify.desktop
+++ /dev/null
@@ -1,10 +0,0 @@
-[Desktop Entry]
-Name=tails-virt-notify-user
-GenericName=warn the user if Tails is running inside a virtual machine
-Comment=warn the user if Tails is running inside a virtual machine
-Exec=/usr/local/bin/tails-virt-notify-user
-Terminal=false
-Type=Application
-Categories=GNOME;X-GNOME-PersonalSettings;
-NoDisplay=true
-MimeType=application/x-tails-virt-notify-user;
diff --git a/config/chroot_local-includes/lib/systemd/system-shutdown/tails-kexec b/config/chroot_local-includes/lib/systemd/system-shutdown/tails-kexec
new file mode 100755
index 0000000..2cb5b8c
--- /dev/null
+++ b/config/chroot_local-includes/lib/systemd/system-shutdown/tails-kexec
@@ -0,0 +1,86 @@
+#! /bin/sh
+
+# FIXME: this script should be translatable in a better way than the
+# ugly case..esac thing. Note that using gettext at this point -i.e.
+# after the DVD has been ejected- is probably too brittle. A possible
+# solution would be to turn this script into a .in file, with
+# placeholders for translatable string. Translatable strings and their
+# translations could be managed by ikiwiki+po, and the placeholders
+# could be replaced at boot time -depending on the chosen locale- by
+# the appropriate strings. Unfortunately po4a does not support shell
+# scripts.
+
+PATH=/sbin:/bin
+
+print_text () {
+ echo "$1" > /dev/console
+}
+
+print_empty_line () {
+ print_text ''
+}
+
+### Main
+
+test "x`/bin/cat /sys/kernel/kexec_loaded`y" = "x1y" || exit 0
+
+/bin/stty sane < /dev/console
+
+print_empty_line
+print_empty_line
+print_text "--------------------------------------------------------------------------------"
+
+# $LANG was set there by the FIXME live-config upstream script
+. /etc/default/locale
+
+# Note to translators: any text line must fit on a 80 characters wide screen
+case "${LANG}" in
+ es_ES.UTF-8)
+ print_text " Puede ahora retirar el DVD o el USB de arranque."
+ print_empty_line
+ print_text " Se borrará dentro de pocos segundos la memoria RAM del sistema..."
+ print_empty_line
+ print_text "Pueden aparecer problemas de visualización en el monitor durante esta operación."
+ print_empty_line
+ print_text " If the system does not power off automatically in a few seconds,"
+ print_text " it may mean the memory wiping has failed."
+ ;;
+ fr_FR.UTF-8)
+ print_text " Vous pouvez maintenant retirer le DVD / clé USB de boot."
+ print_empty_line
+ print_text " La mémoire vive va être effacée dans quelques secondes..."
+ print_empty_line
+ print_text " Il est possible que l'affichage soit corrompu au cours de cette opération."
+ print_empty_line
+ print_text " Si l'ordinateur ne s'éteint pas automatiquement après quelques secondes,"
+ print_text " il est possible que l'effacement de la mémoire ait échoué."
+ ;;
+ it*)
+ print_text " Adesso puoi rimuovere il cd o la penna USB."
+ print_empty_line
+ print_text " La memoria del computer verra' cancellata tra pochi secondi..."
+ print_empty_line
+ print_text " Il display potra' essere corrotto durante questa operazione."
+ print_empty_line
+ print_text " Se vostro PC non si spegnera' automaticamente in pochi secondi"
+ print_text " la cancellazione della memoria potrebbe essere incompleta."
+
+ ;;
+ *)
+ print_text " You can now remove the boot DVD or USB stick."
+ print_empty_line
+ print_text " The system memory is going to be wiped in a few seconds..."
+ print_empty_line
+ print_text " Display might be corrupted during this operation."
+ print_empty_line
+ print_text " If the system does not power off automatically in a few seconds,"
+ print_text " it may mean the memory wiping has failed."
+ ;;
+esac
+
+print_text "--------------------------------------------------------------------------------"
+print_empty_line
+print_empty_line
+
+/bin/sleep 5
+/sbin/kexec -e --reset-vga
diff --git a/config/chroot_local-includes/lib/systemd/system/cups.service.d/after-AppArmor.conf b/config/chroot_local-includes/lib/systemd/system/cups.service.d/after-AppArmor.conf
new file mode 100644
index 0000000..544fb7d
--- /dev/null
+++ b/config/chroot_local-includes/lib/systemd/system/cups.service.d/after-AppArmor.conf
@@ -0,0 +1,2 @@
+[Unit]
+After=apparmor.service
diff --git a/config/chroot_local-includes/lib/systemd/system/htpdate.service b/config/chroot_local-includes/lib/systemd/system/htpdate.service
new file mode 100644
index 0000000..e4d88af
--- /dev/null
+++ b/config/chroot_local-includes/lib/systemd/system/htpdate.service
@@ -0,0 +1,36 @@
+[Unit]
+Description=Setting time using HTP
+Documentation=https://tails.boum.org/contribute/design/Time_syncing/
+
+[Service]
+Type=simple
+Environment=DONE_FILE=/run/htpdate/done
+Environment=SUCCESS_FILE=/run/htpdate/success
+Environment=LOG=/var/log/htpdate.log
+EnvironmentFile=/etc/default/htpdate.*
+ExecStartPre=/bin/sh -c '[ -n "${HTTP_USER_AGENT}" ]'
+ExecStartPre=/bin/sh -c '[ -n "${HTP_POOL_PAL}" ]'
+ExecStartPre=/bin/sh -c '[ -n "${HTP_POOL_NEUTRAL}" ]'
+ExecStartPre=/bin/sh -c '[ -n "${HTP_POOL_FOE}" ]'
+ExecStartPre=/bin/rm -f "${DONE_FILE}"
+ExecStartPre=/bin/rm -f "${SUCCESS_FILE}"
+ExecStartPre=/usr/bin/install -o root -g root -m 0755 -d /run/htpdate
+ExecStartPre=/usr/bin/install -o htp -g nogroup -m 0644 /dev/null "${LOG}"
+ExecStart=/usr/local/sbin/htpdate \
+ --debug \
+ --log_file "${LOG}" \
+ --user_agent "${HTTP_USER_AGENT}" \
+ --allowed_per_pool_failure_ratio 0.34 \
+ --user htp \
+ --done_file "${DONE_FILE}" \
+ --success_file "${SUCCESS_FILE}" \
+ --pal_pool "${HTP_POOL_PAL}" \
+ --neutral_pool "${HTP_POOL_NEUTRAL}" \
+ --foe_pool "${HTP_POOL_FOE}" \
+ --proxy 127.0.0.1:9062
+RemainAfterExit=yes
+CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER CAP_SETUID CAP_SYS_TIME
+PrivateDevices=yes
+PrivateTmp=yes
+ProtectHome=yes
+ProtectSystem=full
diff --git a/config/chroot_local-includes/lib/systemd/system/kexec.service b/config/chroot_local-includes/lib/systemd/system/kexec.service
new file mode 120000
index 0000000..dc1dc0c
--- /dev/null
+++ b/config/chroot_local-includes/lib/systemd/system/kexec.service
@@ -0,0 +1 @@
+/dev/null \ No newline at end of file
diff --git a/config/chroot_local-includes/lib/systemd/system/memlockd.service.d/oom.conf b/config/chroot_local-includes/lib/systemd/system/memlockd.service.d/oom.conf
new file mode 100644
index 0000000..c00f85a
--- /dev/null
+++ b/config/chroot_local-includes/lib/systemd/system/memlockd.service.d/oom.conf
@@ -0,0 +1,2 @@
+[Service]
+OOMScoreAdjust=-17
diff --git a/config/chroot_local-includes/lib/systemd/system/tails-autotest-remote-shell.service b/config/chroot_local-includes/lib/systemd/system/tails-autotest-remote-shell.service
new file mode 100644
index 0000000..eec943a
--- /dev/null
+++ b/config/chroot_local-includes/lib/systemd/system/tails-autotest-remote-shell.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=Remote shell (over serial link) used in Tails test suite
+Documentation=https://tails.boum.org/contribute/release_process/test/automated_tests/
+ConditionKernelCommandLine=autotest_never_use_this_option
+Before=gdm.service
+
+[Service]
+Type=notify
+ExecStart=/usr/local/lib/tails-autotest-remote-shell /dev/ttyS0
+
+[Install]
+WantedBy=multi-user.target
diff --git a/config/chroot_local-includes/lib/systemd/system/tails-reconfigure-kexec.service b/config/chroot_local-includes/lib/systemd/system/tails-reconfigure-kexec.service
new file mode 100644
index 0000000..cd276ea
--- /dev/null
+++ b/config/chroot_local-includes/lib/systemd/system/tails-reconfigure-kexec.service
@@ -0,0 +1,17 @@
+[Unit]
+Description=Reconfigure kexec depending on running kernel
+Documentation=https://tails.boum.org/contribute/design/memory_erasure/
+
+[Service]
+Type=oneshot
+ExecStart=/usr/local/sbin/tails-reconfigure-kexec
+RemainAfterExit=yes
+CapabilityBoundingSet=
+PrivateDevices=yes
+PrivateNetwork=yes
+PrivateTmp=yes
+ProtectHome=yes
+ProtectSystem=yes
+
+[Install]
+WantedBy=multi-user.target
diff --git a/config/chroot_local-includes/lib/systemd/system/tails-reconfigure-memlockd.service b/config/chroot_local-includes/lib/systemd/system/tails-reconfigure-memlockd.service
new file mode 100644
index 0000000..1641835
--- /dev/null
+++ b/config/chroot_local-includes/lib/systemd/system/tails-reconfigure-memlockd.service
@@ -0,0 +1,18 @@
+[Unit]
+Description=Reconfigure memlockd depending on running kernel
+Documentation=https://tails.boum.org/contribute/design/memory_erasure/
+Before=memlockd.service
+
+[Service]
+Type=oneshot
+ExecStart=/usr/local/sbin/tails-reconfigure-memlockd
+RemainAfterExit=yes
+CapabilityBoundingSet=
+PrivateDevices=yes
+PrivateNetwork=yes
+PrivateTmp=yes
+ProtectHome=yes
+ProtectSystem=yes
+
+[Install]
+WantedBy=multi-user.target
diff --git a/config/chroot_local-includes/lib/systemd/system/tails-restricted-network-detector.service b/config/chroot_local-includes/lib/systemd/system/tails-restricted-network-detector.service
new file mode 100644
index 0000000..c2db484
--- /dev/null
+++ b/config/chroot_local-includes/lib/systemd/system/tails-restricted-network-detector.service
@@ -0,0 +1,21 @@
+[Unit]
+Description=Detect restricted networks that may block spoofed MAC addresses
+Documentation=https://tails.boum.org/contribute/design/MAC_address/
+
+[Service]
+Type=simple
+EnvironmentFile=/var/lib/gdm3/tails.physical_security
+ExecStartPre=/bin/sh -c '[ "${TAILS_MACSPOOF_ENABLED}" = true ]'
+ExecStart=/bin/sh -c 'journalctl \
+ --unit=NetworkManager.service \
+ --output=json-pretty --follow \
+ | jq \
+ --monochrome-output --unbuffered --raw-output \
+ .MESSAGE \
+ | /usr/local/sbin/tails-restricted-network-detector'
+CapabilityBoundingSet=~CAP_SYS_ADMIN
+PrivateDevices=yes
+PrivateNetwork=yes
+PrivateTmp=yes
+ProtectHome=yes
+ProtectSystem=full
diff --git a/config/chroot_local-includes/lib/systemd/system/tails-sdmem-on-media-removal.service b/config/chroot_local-includes/lib/systemd/system/tails-sdmem-on-media-removal.service
new file mode 100644
index 0000000..c82e0ab
--- /dev/null
+++ b/config/chroot_local-includes/lib/systemd/system/tails-sdmem-on-media-removal.service
@@ -0,0 +1,16 @@
+[Unit]
+Description=Wipe memory on live media removal
+Documentation=https://tails.boum.org/contribute/design/memory_erasure/
+After=memlockd.service tails-reconfigure-kexec.service tails-reconfigure-memlockd.service
+
+[Service]
+Type=simple
+ExecStart=/usr/local/sbin/udev-watchdog-wrapper
+CapabilityBoundingSet=~CAP_SYS_ADMIN
+PrivateNetwork=yes
+PrivateTmp=yes
+ProtectHome=yes
+ProtectSystem=full
+
+[Install]
+WantedBy=multi-user.target
diff --git a/config/chroot_local-includes/lib/systemd/system/tails-set-wireless-devices-state.service b/config/chroot_local-includes/lib/systemd/system/tails-set-wireless-devices-state.service
new file mode 100644
index 0000000..8078c57
--- /dev/null
+++ b/config/chroot_local-includes/lib/systemd/system/tails-set-wireless-devices-state.service
@@ -0,0 +1,16 @@
+[Unit]
+Description=Set proper default state on wireless devices
+Documentation=https://tails.boum.org/contribute/design/
+
+[Service]
+Type=oneshot
+ExecStart=/usr/local/sbin/tails-set-wireless-devices-state
+CapabilityBoundingSet=~CAP_SYS_ADMIN
+PrivateDevices=yes
+PrivateNetwork=yes
+PrivateTmp=yes
+ProtectHome=yes
+ProtectSystem=full
+
+[Install]
+WantedBy=multi-user.target
diff --git a/config/chroot_local-includes/lib/systemd/system/tails-unblock-network.service b/config/chroot_local-includes/lib/systemd/system/tails-unblock-network.service
new file mode 100644
index 0000000..98dee87
--- /dev/null
+++ b/config/chroot_local-includes/lib/systemd/system/tails-unblock-network.service
@@ -0,0 +1,30 @@
+[Unit]
+Description=Unblock network device drivers
+Documentation=https://tails.boum.org/contribute/design/MAC_address/
+# Note that we do *not* Requires=tails-restricted-network-detector.service,
+# since that service fails to start unless MAC address spoofing is enabled.
+After=tails-restricted-network-detector.service
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+EnvironmentFile=/var/lib/gdm3/tails.physical_security
+
+# It's important we "export" the settings from tails.physical_security
+# before unblocking the network; doing so will make the user-set MAC spoofing
+# option apply (via the custom udev rule) when loading the modules for the
+# previously blocked network devices.
+ExecStartPre=/usr/bin/install -m 0640 -o root -g root \
+ /var/lib/gdm3/tails.physical_security \
+ /var/lib/live/config/tails.physical_security
+ExecStartPre=/bin/sync
+ExecStartPre=/bin/sh -c 'if [ "${TAILS_NETCONF}" = "obstacle" ]; then \
+ . /usr/local/lib/tails-shell-library/tor.sh ; \
+ tor_set_in_torrc "DisableNetwork" "1" ; \
+ fi'
+
+# Let's remove the blacklist
+ExecStart=/bin/rm -f /etc/modprobe.d/all-net-blacklist.conf
+
+# Make sure the blacklist has disappeared from the filesystem
+ExecStart=/bin/sync
diff --git a/config/chroot_local-includes/lib/systemd/system/tails-wait-until-tor-has-bootstrapped.service b/config/chroot_local-includes/lib/systemd/system/tails-wait-until-tor-has-bootstrapped.service
new file mode 100644
index 0000000..1692cc6
--- /dev/null
+++ b/config/chroot_local-includes/lib/systemd/system/tails-wait-until-tor-has-bootstrapped.service
@@ -0,0 +1,24 @@
+[Unit]
+Description=Wait for Tor to Have Bootstrapped
+Documentation=https://tails.boum.org/contribute/design/
+After=tor.service
+
+[Service]
+Type=oneshot
+User=debian-tor
+ExecStartPre=/bin/sh -c 'rm -f /run/tor-has-bootstrapped/done'
+ExecStart=/bin/sh -c '. /usr/local/lib/tails-shell-library/tor.sh ; \
+ while ! tor_is_working ; do \
+ /bin/sleep 1 ; \
+ done'
+ExecStartPost=/bin/sh -c 'touch /run/tor-has-bootstrapped/done'
+TimeoutStartSec=0
+CapabilityBoundingSet=
+PrivateDevices=yes
+PrivateNetwork=yes
+PrivateTmp=yes
+ProtectHome=yes
+ProtectSystem=full
+
+[Install]
+WantedBy=multi-user.target
diff --git a/config/chroot_local-includes/lib/systemd/system/tor-controlport-filter.service b/config/chroot_local-includes/lib/systemd/system/tor-controlport-filter.service
new file mode 100644
index 0000000..70baa34
--- /dev/null
+++ b/config/chroot_local-includes/lib/systemd/system/tor-controlport-filter.service
@@ -0,0 +1,17 @@
+[Unit]
+Description=Tor control port filter proxy
+Documentation=https://tails.boum.org/contribute/design/
+
+[Service]
+Type=simple
+ExecStart=/usr/local/sbin/tor-controlport-filter
+User=tor-controlport-filter
+Group=tor-controlport-filter
+CapabilityBoundingSet=
+PrivateDevices=yes
+PrivateTmp=yes
+ProtectHome=yes
+ProtectSystem=full
+
+[Install]
+WantedBy=multi-user.target
diff --git a/config/chroot_local-includes/usr/lib/apt/methods/tor+http b/config/chroot_local-includes/usr/lib/apt/methods/tor+http
deleted file mode 100755
index b8fe6eb..0000000
--- a/config/chroot_local-includes/usr/lib/apt/methods/tor+http
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/sh
-
-unset http_proxy
-unset HTTP_PROXY
-unset https_proxy
-unset HTTPS_PROXY
-
-exec torsocks /usr/lib/apt/methods/http "$@"
diff --git a/config/chroot_local-includes/usr/lib/bonobo/servers/ShutdownHelper_Factory.server b/config/chroot_local-includes/usr/lib/bonobo/servers/ShutdownHelper_Factory.server
deleted file mode 100644
index 2c6d1a2..0000000
--- a/config/chroot_local-includes/usr/lib/bonobo/servers/ShutdownHelper_Factory.server
+++ /dev/null
@@ -1,27 +0,0 @@
-<oaf_info>
-<oaf_server iid="OAFIID:ShutdownHelper_Factory" type="exe"
- location="/usr/local/bin/shutdown_helper_applet">
- <oaf_attribute name="repo_ids" type="stringv">
- <item value="IDL:Bonobo/GenericFactory:1.0"/>
- <item value="IDL:Bonobo/Unknown:1.0"/>
- </oaf_attribute>
- <oaf_attribute name="name" type="string" value="Shutdown Helper Factory"/>
- <oaf_attribute name="description" type="string"
- value="Shutdown Helper's factory that launches the applet"/>
-</oaf_server>
-<oaf_server iid="OAFIID:ShutdownHelper" type="factory"
- location="OAFIID:ShutdownHelper_Factory">
- <oaf_attribute name="repo_ids" type="stringv">
- <item value="IDL:GNOME/Vertigo/PanelAppletShell:1.0"/>
- <item value="IDL:Bonobo/Control:1.0"/>
- <item value="IDL:Bonobo/Unknown:1.0"/>
- </oaf_attribute>
- <oaf_attribute name="name" type="string" value="Shutdown Helper"/>
- <oaf_attribute name="description" type="string"
- value="Lock screen, shutdown or reboot"/>
- <oaf_attribute name="panel:category" type="string"
- value="Utility"/>
- <oaf_attribute name="panel:icon" type="string"
- value="tails-system-shutdown.png"/>
-</oaf_server>
-</oaf_info>
diff --git a/config/chroot_local-includes/usr/lib/systemd/user/desktop.target b/config/chroot_local-includes/usr/lib/systemd/user/desktop.target
new file mode 100644
index 0000000..5f4ee0f
--- /dev/null
+++ b/config/chroot_local-includes/usr/lib/systemd/user/desktop.target
@@ -0,0 +1,5 @@
+[Unit]
+Description=Desktop
+Requires=default.target
+After=default.target
+AllowIsolate=yes
diff --git a/config/chroot_local-includes/usr/lib/systemd/user/tails-add-GNOME-bookmarks.service b/config/chroot_local-includes/usr/lib/systemd/user/tails-add-GNOME-bookmarks.service
new file mode 100644
index 0000000..834af27
--- /dev/null
+++ b/config/chroot_local-includes/usr/lib/systemd/user/tails-add-GNOME-bookmarks.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Add GTK bookmarks to some directories
+Documentation=https://tails.boum.org/contribute/design/application_isolation/
+
+[Service]
+Type=oneshot
+ExecStart=/usr/local/lib/add-GNOME-bookmarks
+RemainAfterExit=yes
+
+[Install]
+WantedBy=basic.target
diff --git a/config/chroot_local-includes/usr/lib/systemd/user/tails-configure-keyboard.service b/config/chroot_local-includes/usr/lib/systemd/user/tails-configure-keyboard.service
new file mode 100644
index 0000000..042ad55
--- /dev/null
+++ b/config/chroot_local-includes/usr/lib/systemd/user/tails-configure-keyboard.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Configure the keyboard layout according to settings chosen in Tails Greeter
+Documentation=https://tails.boum.org/contribute/design/
+
+[Service]
+Type=oneshot
+ExecStart=/usr/local/bin/tails-configure-keyboard
+RemainAfterExit=yes
+
+[Install]
+WantedBy=desktop.target
diff --git a/config/chroot_local-includes/usr/lib/systemd/user/tails-create-tor-browser-directories.service b/config/chroot_local-includes/usr/lib/systemd/user/tails-create-tor-browser-directories.service
new file mode 100644
index 0000000..bb02fd6
--- /dev/null
+++ b/config/chroot_local-includes/usr/lib/systemd/user/tails-create-tor-browser-directories.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Create the Tor Browser amnesiac and persistent directories
+Documentation=https://tails.boum.org/contribute/design/application_isolation/
+
+[Service]
+Type=oneshot
+ExecStart=/usr/local/lib/create-tor-browser-directories
+RemainAfterExit=yes
+
+[Install]
+WantedBy=basic.target
diff --git a/config/chroot_local-includes/usr/lib/systemd/user/tails-security-check.service b/config/chroot_local-includes/usr/lib/systemd/user/tails-security-check.service
new file mode 100644
index 0000000..01260af
--- /dev/null
+++ b/config/chroot_local-includes/usr/lib/systemd/user/tails-security-check.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Check Tails known, unfixed security issues
+Documentation=https://tails.boum.org/contribute/design/
+After=tails-wait-until-tor-has-bootstrapped.service
+
+[Service]
+ExecStart=/usr/local/bin/tails-security-check
+RemainAfterExit=yes
+
+[Install]
+WantedBy=desktop.target
diff --git a/config/chroot_local-includes/usr/lib/systemd/user/tails-upgrade-frontend.service b/config/chroot_local-includes/usr/lib/systemd/user/tails-upgrade-frontend.service
new file mode 100644
index 0000000..2b4c9e9
--- /dev/null
+++ b/config/chroot_local-includes/usr/lib/systemd/user/tails-upgrade-frontend.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Check available Tails upgrades
+Documentation=https://tails.boum.org/contribute/design/incremental_upgrades/
+After=tails-wait-until-tor-has-bootstrapped.service
+
+[Service]
+ExecStart=/usr/local/bin/tails-upgrade-frontend-wrapper
+RemainAfterExit=yes
+
+[Install]
+WantedBy=desktop.target
diff --git a/config/chroot_local-includes/usr/lib/systemd/user/tails-virt-notify-user.service b/config/chroot_local-includes/usr/lib/systemd/user/tails-virt-notify-user.service
new file mode 100644
index 0000000..4c9113b
--- /dev/null
+++ b/config/chroot_local-includes/usr/lib/systemd/user/tails-virt-notify-user.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Warn the user if Tails is running inside a virtual machine
+Documentation=https://tails.boum.org/contribute/design/virtualization_support/
+
+[Service]
+Type=oneshot
+ExecStart=/usr/local/bin/tails-virt-notify-user
+RemainAfterExit=yes
+
+[Install]
+WantedBy=desktop.target
diff --git a/config/chroot_local-includes/usr/lib/systemd/user/tails-wait-until-tor-has-bootstrapped.service b/config/chroot_local-includes/usr/lib/systemd/user/tails-wait-until-tor-has-bootstrapped.service
new file mode 100644
index 0000000..db7ec41
--- /dev/null
+++ b/config/chroot_local-includes/usr/lib/systemd/user/tails-wait-until-tor-has-bootstrapped.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=Wait for Tor to Have Bootstrapped
+Documentation=https://tails.boum.org/contribute/design/
+
+[Service]
+Type=oneshot
+ExecStart=/bin/sh -c '[ "$(/usr/bin/id -u)" = 1000 ] || exit 0 ; \
+ while ! [ -e /run/tor-has-bootstrapped/done ] ; do \
+ /bin/sleep 1 ; \
+ done'
+TimeoutStartSec=0
+
+[Install]
+WantedBy=desktop.target
diff --git a/config/chroot_local-includes/usr/lib/systemd/user/tails-warn-about-disabled-persistence.service b/config/chroot_local-includes/usr/lib/systemd/user/tails-warn-about-disabled-persistence.service
new file mode 100644
index 0000000..fd4cf29
--- /dev/null
+++ b/config/chroot_local-includes/usr/lib/systemd/user/tails-warn-about-disabled-persistence.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Warn the user if unmigrated or insecure persistence settings are found
+Documentation=https://tails.boum.org/contribute/design/persistence/
+
+[Service]
+Type=oneshot
+ExecStart=/usr/local/bin/tails-warn-about-disabled-persistence
+RemainAfterExit=yes
+
+[Install]
+WantedBy=desktop.target
diff --git a/config/chroot_local-includes/usr/lib/tmpfiles.d/tor-has-bootstrapped.conf b/config/chroot_local-includes/usr/lib/tmpfiles.d/tor-has-bootstrapped.conf
new file mode 100644
index 0000000..28b7456
--- /dev/null
+++ b/config/chroot_local-includes/usr/lib/tmpfiles.d/tor-has-bootstrapped.conf
@@ -0,0 +1,2 @@
+# Type Path Mode UID GID Age Argument
+d /run/tor-has-bootstrapped 00755 debian-tor debian-tor - -
diff --git a/config/chroot_local-includes/usr/local/bin/pidgin b/config/chroot_local-includes/usr/local/bin/pidgin
index 564377e..b238a3d 100755
--- a/config/chroot_local-includes/usr/local/bin/pidgin
+++ b/config/chroot_local-includes/usr/local/bin/pidgin
@@ -1,9 +1,5 @@
#!/bin/sh
-# Workaround for Tails#5672, that is Debian#578476.
-# Can probably be dropped once we use Jessie.
-python -c 'import gst'
-
# Start Pidgin with the GNOME integration disabled, so that the
# "Global proxy configuration" is used, which we set to use Tor
exec env GNOME_DESKTOP_SESSION_ID="" /usr/bin/pidgin
diff --git a/config/chroot_local-includes/usr/local/bin/tails-activate-win8-theme b/config/chroot_local-includes/usr/local/bin/tails-activate-win8-theme
index 35ea227..525560f 100755
--- a/config/chroot_local-includes/usr/local/bin/tails-activate-win8-theme
+++ b/config/chroot_local-includes/usr/local/bin/tails-activate-win8-theme
@@ -80,7 +80,7 @@ gsettings set org.gnome.desktop.background picture-options stretched
gsettings set org.gnome.desktop.wm.preferences num-workspaces 1
# Panel
-gsettings set org.gnome.gnome-panel.layout object-id-list "['menu-button', 'tor-browser-launcher', 'claws-launcher', 'pidgin-launcher', 'keepassx-launcher', 'gnome-terminal-launcher', 'window-list', 'notification-area', 'shutdown-helper', 'clock']"
+gsettings set org.gnome.gnome-panel.layout object-id-list "['menu-button', 'tor-browser-launcher', 'claws-launcher', 'pidgin-launcher', 'keepassx-launcher', 'gnome-terminal-launcher', 'window-list', 'notification-area', 'clock']"
gsettings set org.gnome.gnome-panel.layout toplevel-id-list "['bottom-panel']"
gsettings set org.gnome.desktop.lockdown disable-log-out true
@@ -99,9 +99,6 @@ dconf write /org/gnome/gnome-panel/layout/objects/window-list/toplevel-id '"bott
dconf write /org/gnome/gnome-panel/layout/objects/notification-area/pack-index '2'
dconf write /org/gnome/gnome-panel/layout/objects/notification-area/pack-type '"end"'
dconf write /org/gnome/gnome-panel/layout/objects/notification-area/toplevel-id '"bottom-panel"'
-dconf write /org/gnome/gnome-panel/layout/objects/shutdown-helper/pack-index '1'
-dconf write /org/gnome/gnome-panel/layout/objects/shutdown-helper/pack-type '"end"'
-dconf write /org/gnome/gnome-panel/layout/objects/shutdown-helper/toplevel-id '"bottom-panel"'
dconf write /org/gnome/gnome-panel/layout/objects/clock/pack-index '0'
dconf write /org/gnome/gnome-panel/layout/objects/clock/toplevel-id '"bottom-panel"'
dconf write /org/gnome/gnome-panel/layout/objects/clock/pack-type '"end"'
diff --git a/config/chroot_local-includes/usr/local/bin/tails-configure-keyboard b/config/chroot_local-includes/usr/local/bin/tails-configure-keyboard
index 9777217..c6481335 100755
--- a/config/chroot_local-includes/usr/local/bin/tails-configure-keyboard
+++ b/config/chroot_local-includes/usr/local/bin/tails-configure-keyboard
@@ -2,14 +2,60 @@
set -eu
-# Get $TAILS_XKBMODEL, $TAILS_XKBLAYOUT, $TAILS_XKBVARIANT and $TAILS_XKBOPTIONS
+# Get $XKBMODEL, $XKBLAYOUT, $XKBVARIANT and $XKBOPTIONS
. /var/lib/tails-user-session/keyboard
-dconf write /org/gnome/libgnomekbd/keyboard/model "'$XKBMODEL'"
-dconf write /org/gnome/libgnomekbd/keyboard/layouts "['$XKBLAYOUT\\t$XKBVARIANT']"
-if [ "$XKBLAYOUT" != "us" ]; then
- # Add 'us' switch. Note that it's important that we set the layout
- # on its own above, because otherwise the following will make 'us'
- # the default.
- dconf write /org/gnome/libgnomekbd/keyboard/layouts "['$XKBLAYOUT\\t$XKBVARIANT', 'us']"
+if [ -z "$XKBVARIANT" ] ; then
+ XKBCONF="$XKBLAYOUT"
+else
+ XKBCONF="$XKBLAYOUT+$XKBVARIANT"
fi
+
+# Choose the keyboard layout we'll use regardless of the IBus input methods
+if [ "$XKBLAYOUT" = 'us' ] ; then
+ SOURCES="('xkb', '$XKBCONF')"
+else
+ SOURCES="('xkb', '$XKBCONF'), ('xkb', 'us')"
+fi
+
+# Choose preferred IBus input methods
+LANGPREFIX=`echo "$LANG" | sed 's/_.*//'`
+case "$LANGPREFIX" in
+ ja)
+ PRELOAD="['anthy', 'pinyin', 'hangul', 'Unikey', 'bopomofo']"
+ SOURCES="[$SOURCES, ('ibus', 'anthy'), ('ibus', 'pinyin'), ('ibus', 'hangul'), ('ibus', 'Unikey'), ('ibus', 'bopomofo')]"
+ NEEDIBUS='y'
+ ;;
+ ko)
+ PRELOAD="['hangul', 'pinyin', 'anthy', 'Unikey', 'bopomofo']"
+ SOURCES="[$SOURCES, ('ibus', 'hangul'), ('ibus', 'pinyin'), ('ibus', 'anthy'), ('ibus', 'Unikey'), ('ibus', 'bopomofo')]"
+ NEEDIBUS='y'
+ ;;
+ vi)
+ PRELOAD="['Unikey', 'hangul', 'pinyin', 'anthy', 'bopomofo']"
+ SOURCES="[$SOURCES, ('ibus', 'Unikey'), ('ibus', 'hangul'), ('ibus', 'pinyin'), ('ibus', 'anthy'), ('ibus', 'bopomofo')]"
+ NEEDIBUS='y'
+ ;;
+ zh)
+ PRELOAD="['pinyin', 'bopomofo', 'anthy', 'hangul', 'Unikey']"
+ SOURCES="[$SOURCES, ('ibus', 'pinyin'), ('ibus', 'bopomofo'), ('ibus', 'anthy'), ('ibus', 'hangul'), ('ibus', 'Unikey')]"
+ NEEDIBUS='y'
+ ;;
+ *)
+ PRELOAD="['pinyin', 'anthy', 'hangul', 'Unikey', 'bopomofo']"
+ SOURCES="[$SOURCES, ('ibus', 'pinyin'), ('ibus', 'anthy'), ('ibus', 'hangul'), ('ibus', 'Unikey'), ('ibus', 'bopomofo')]"
+ NEEDIBUS='n'
+ ;;
+esac
+
+# Configure enabled input methods and their preferred order
+dconf write /desktop/ibus/general/preload-engines "$PRELOAD"
+dconf write /org/gnome/desktop/input-sources/sources "$SOURCES"
+if [ -n "$XKBOPTIONS" ] ; then
+ dconf write /org/gnome/desktop/input-sources/xkb-options "$XKBOPTIONS"
+fi
+
+# Export environment variables to enable use of IBus
+export GTK_IM_MODULE='ibus'
+export QT_IM_MODULE='ibus'
+export XMODIFIERS='@im=ibus'
diff --git a/config/chroot_local-includes/usr/local/bin/tails-delete-persistent-volume b/config/chroot_local-includes/usr/local/bin/tails-delete-persistent-volume
index 75b8944..1da2f59 100755
--- a/config/chroot_local-includes/usr/local/bin/tails-delete-persistent-volume
+++ b/config/chroot_local-includes/usr/local/bin/tails-delete-persistent-volume
@@ -4,6 +4,7 @@ set -e
RUN_AS_USER=tails-persistence-setup
+cd /
xhost +SI:localuser:"$RUN_AS_USER"
sudo -u "$RUN_AS_USER" /usr/bin/tails-persistence-setup --step delete $@
xhost -SI:localuser:"$RUN_AS_USER"
diff --git a/config/chroot_local-includes/usr/local/bin/tails-htp-notify-user b/config/chroot_local-includes/usr/local/bin/tails-htp-notify-user
index 256e3da..870a329 100755
--- a/config/chroot_local-includes/usr/local/bin/tails-htp-notify-user
+++ b/config/chroot_local-includes/usr/local/bin/tails-htp-notify-user
@@ -59,7 +59,7 @@ my $notification = $notify->create(summary => $summary,
debug('$notification:' . "\n" . Dumper($notification));
# Wait until notifications can be shown
-until (system("pidof", "nm-applet") == 0) {
+until (system("pidof", "ibus-daemon") == 0) {
sleep 1
}
diff --git a/config/chroot_local-includes/usr/local/bin/tails-persistence-setup b/config/chroot_local-includes/usr/local/bin/tails-persistence-setup
index 01f029a..22777ca 100755
--- a/config/chroot_local-includes/usr/local/bin/tails-persistence-setup
+++ b/config/chroot_local-includes/usr/local/bin/tails-persistence-setup
@@ -4,6 +4,7 @@ set -e
RUN_AS_USER=tails-persistence-setup
+cd /
xhost +SI:localuser:"$RUN_AS_USER"
sudo -u "$RUN_AS_USER" /usr/bin/tails-persistence-setup $@
xhost -SI:localuser:"$RUN_AS_USER"
diff --git a/config/chroot_local-includes/usr/local/bin/tails-save-im-environment b/config/chroot_local-includes/usr/local/bin/tails-save-im-environment
deleted file mode 100755
index 99dfc6b..0000000
--- a/config/chroot_local-includes/usr/local/bin/tails-save-im-environment
+++ /dev/null
@@ -1,4 +0,0 @@
-#!/bin/sh
-
-env | grep -E '^(XMODIFIERS|GTK_IM_MODULE|QT_IM_MODULE)=' \
- > "${HOME}/.im_environment"
diff --git a/config/chroot_local-includes/usr/local/bin/tails-security-check b/config/chroot_local-includes/usr/local/bin/tails-security-check
index 2d80e5e..28d3bcf 100755
--- a/config/chroot_local-includes/usr/local/bin/tails-security-check
+++ b/config/chroot_local-includes/usr/local/bin/tails-security-check
@@ -37,6 +37,7 @@ use Carp::Assert::More;
use Desktop::Notify;
use Fatal qw{open close};
use Locale::gettext;
+use Net::DBus::Reactor;
use POSIX;
use XML::Atom;
use XML::Atom::Feed;
@@ -146,20 +147,27 @@ Atom entries passed as arguments.
sub notify_user {
my @entries = @_;
+ my $reactor = Net::DBus::Reactor->main;
+
my $notify = Desktop::Notify->new();
+ $notify->action_callback(sub { notification_action_cb($reactor, @_) });
+ $notify->close_callback(sub { $reactor->shutdown; });
my $summary = gettext('This version of Tails has known security issues:');
my $body = '';
for (@entries) {
- $body .= '- ' . '<a href="' . $_->id . '">' . $_->title . '</a>' . "\n";
+ $body .= '- ' . $_->title . "\n";
}
say $body;
$notify->create(summary => $summary,
body => $body,
+ actions => { 'moreinfo' => gettext('Learn more') },
timeout => 0)->show();
+
+ $reactor->run;
}
=head2 categories
@@ -205,6 +213,20 @@ sub unfixed_entries {
grep { is_not_fixed($_) } @entries;
}
+=head2 notification_action_cb
+
+Called when the "Learn more" button on the notification is clicked.
+
+=cut
+sub notification_action_cb {
+ my $reactor = shift;
+ system(
+ '/usr/local/bin/tor-browser', 'https://tails.boum.org/security/'
+ );
+ $reactor->shutdown;
+}
+
+
=head1 MAIN
=head2 sanity checks
diff --git a/config/chroot_local-includes/usr/local/bin/tails-security-check-wrapper b/config/chroot_local-includes/usr/local/bin/tails-security-check-wrapper
deleted file mode 100755
index 9497652..0000000
--- a/config/chroot_local-includes/usr/local/bin/tails-security-check-wrapper
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/bin/sh
-
-while ! sudo -n -u debian-tor /usr/local/sbin/tor-has-bootstrapped ; do
- sleep 10
-done
-
-exec /usr/local/bin/tails-security-check
diff --git a/config/chroot_local-includes/usr/local/bin/tails-upgrade-frontend-wrapper b/config/chroot_local-includes/usr/local/bin/tails-upgrade-frontend-wrapper
index 1018bd0..c646b1a 100755
--- a/config/chroot_local-includes/usr/local/bin/tails-upgrade-frontend-wrapper
+++ b/config/chroot_local-includes/usr/local/bin/tails-upgrade-frontend-wrapper
@@ -9,7 +9,7 @@ export TEXTDOMAIN
TORDATE_DIR=/var/run/tordate
TORDATE_DONE_FILE="${TORDATE_DIR}/done"
INOTIFY_TIMEOUT=60
-MIN_MEMFREE=$((125 * 1024))
+MIN_MEMFREE=$((32 * 1024))
MIN_TOTAL_MEMFREE=$((500 * 1024))
RUN_AS_USER=tails-upgrade-frontend
@@ -60,10 +60,6 @@ See https://tails.boum.org/doc/first_steps/upgrade#manual\"`"
### Main
-while ! sudo -n -u debian-tor /usr/local/sbin/tor-has-bootstrapped ; do
- sleep 10
-done
-
sleep 30
check_free_memory "$MIN_MEMFREE" "$MIN_TOTAL_MEMFREE"
diff --git a/config/chroot_local-includes/usr/local/bin/tails-virt-notify-user b/config/chroot_local-includes/usr/local/bin/tails-virt-notify-user
index ef61683..837150f 100755
--- a/config/chroot_local-includes/usr/local/bin/tails-virt-notify-user
+++ b/config/chroot_local-includes/usr/local/bin/tails-virt-notify-user
@@ -22,41 +22,51 @@ See https://tails.boum.org/.
#}}}
-use Carp;
use Desktop::Notify;
-use Fatal qw( open close );
+use IPC::System::Simple qw{runx};
use Locale::gettext;
+use Net::DBus::Reactor;
use POSIX;
### initialization
setlocale(LC_MESSAGES, "");
textdomain("tails");
-my $detected_virt_file='/var/lib/live/detected-virtual-machine';
-### main
+### callbacks
+
+sub action_cb {
+ my $reactor = shift;
+ system(
+ '/usr/local/bin/tor-browser',
+ 'file:///usr/share/doc/tails/website/doc/advanced_topics/virtualization.en.html#security'
+ );
+ $reactor->shutdown;
+}
-exit 0 unless -e $detected_virt_file;
+### main
-my @detected_virt;
+# both 0 and 1 are acceptable exit values:
+# - 0 means that we're running in a virtualized environment
+# - 1 means that we're not running in a virtualized environment
+# - anything else means there is a problem, and runx will throw an exception
+my $exit_value = runx([0, 1], qw{/usr/bin/systemd-detect-virt});
-open my $detected_virt_file_h, '<', $detected_virt_file;
-while (my $detected_virt = <$detected_virt_file_h>) {
- chomp $detected_virt;
- push @detected_virt, $detected_virt;
-}
-close $detected_virt_file_h;
+exit 0 if $exit_value == 1;
-exit 0 unless @detected_virt;
+my $reactor = Net::DBus::Reactor->main;
-my $notify = Desktop::Notify->new();
+my $notify = Desktop::Notify->new();
+$notify->action_callback(sub { action_cb($reactor, @_) });
+$notify->close_callback(sub { $reactor->shutdown; });
my $summary = gettext("Warning: virtual machine detected!");
my $body =
- gettext("Both the host operating system and the virtualization software are able to monitor what you are doing in Tails.")
- . " "
- . gettext("<a href='file:///usr/share/doc/tails/website/doc/advanced_topics/virtualization.en.html#security'>Learn more...</a>")
- . " "; # Workaround: else the last line of the notification is not displayed
+ gettext("Both the host operating system and the virtualization software are able to monitor what you are doing in Tails.");
$notify->create(summary => $summary,
- body => $body,
+ body => $body,
+ actions => { 'moreinfo' => gettext('Learn more'), },
+ hints => { 'transient' => 1, },
timeout => 0)->show();
+
+$reactor->run;
diff --git a/config/chroot_local-includes/usr/local/bin/tails-warn-about-disabled-persistence b/config/chroot_local-includes/usr/local/bin/tails-warn-about-disabled-persistence
index 9d460ff..4eace55 100755
--- a/config/chroot_local-includes/usr/local/bin/tails-warn-about-disabled-persistence
+++ b/config/chroot_local-includes/usr/local/bin/tails-warn-about-disabled-persistence
@@ -6,6 +6,7 @@ use 5.10.1;
use autodie qw{:all};
use Desktop::Notify;
use Locale::gettext;
+use Net::DBus::Reactor;
use POSIX;
use Path::Class;
use String::Errf qw{errf};
@@ -48,16 +49,23 @@ sub doc_url {
return;
}
-sub notify {
- my $summary = shift;
- my $body = shift;
- my $notify = Desktop::Notify->new();
- $notify->create(
- summary => $summary,
- body => $body,
- timeout => 0
- )->show();
+=head1 Callbacks
+
+=cut
+
+sub action_cb {
+ my $reactor = shift;
+
+ my $website_root = '/usr/share/doc/tails/website';
+
+ my $doc_insecure_disabled_resource = 'doc/first_steps/persistence/recover_insecure';
+ my $doc_insecure_disabled_url = doc_url($website_root, $doc_insecure_disabled_resource)
+ or die "Could not find best URL for '$doc_insecure_disabled_resource' at '$website_root'";
+
+ system('/usr/local/bin/tor-browser', $doc_insecure_disabled_url);
+
+ $reactor->shutdown;
}
@@ -65,62 +73,35 @@ sub notify {
=cut
-my @files_disabled_by_0_21_upgrade = (
- glob('/live/persistence/*_unlocked/live-additional-software.conf.disabled'),
- glob('/live/persistence/*_unlocked/live-persistence.conf.old'),
-);
-
-my @files_never_migrated = (
- glob('/live/persistence/*_unlocked/live-persistence.conf'),
-);
-
my @files_disabled_for_wrong_access_rights = (
glob('/live/persistence/*_unlocked/persistence.conf.insecure_disabled'),
glob('/live/persistence/*_unlocked/live-additional-software.conf.insecure_disabled'),
);
-my $website_root = '/usr/share/doc/tails/website';
-
-my $doc_upgrade_resource = 'doc/first_steps/persistence/upgrade';
-my $doc_upgrade_url = doc_url($website_root, $doc_upgrade_resource)
- or die "Could not find best URL for '$doc_upgrade_resource' at '$website_root'";
+@files_disabled_for_wrong_access_rights || exit 0;
-my $doc_insecure_disabled_resource = 'doc/first_steps/persistence/recover_insecure';
-my $doc_insecure_disabled_url = doc_url($website_root, $doc_insecure_disabled_resource)
- or die "Could not find best URL for '$doc_insecure_disabled_resource' at '$website_root'";
+my $reactor = Net::DBus::Reactor->main;
-my @notifications;
+my $notify = Desktop::Notify->new();
+$notify->action_callback(sub { action_cb($reactor, @_) });
+$notify->close_callback(sub { $reactor->shutdown; });
-if (@files_disabled_by_0_21_upgrade + @files_never_migrated) {
- push @notifications, {
- disabled_conf_files => join(
- ', ',
- @files_disabled_by_0_21_upgrade,
- @files_never_migrated
- ),
- doc_url => $doc_upgrade_url,
- };
-}
-
-if (@files_disabled_for_wrong_access_rights) {
- push @notifications, {
+my $summary = gettext(q{Some persistence settings were temporarily disabled});
+my $body = errf(
+ gettext("%{disabled_conf_files}s\n"),
+ {
disabled_conf_files => join(
', ',
@files_disabled_for_wrong_access_rights
),
- doc_url => $doc_insecure_disabled_url,
- };
-}
+ }
+);
-foreach my $notification_params (@notifications) {
- notify(
- gettext(q{Some persistence settings were temporarily disabled}),
- errf(
- gettext(
- "%{disabled_conf_files}s\n"
- . "<a href='%{doc_url}s'>Learn how to enable them again.</a>"
- ),
- $notification_params,
- )
- );
-}
+$notify->create(
+ summary => $summary,
+ body => $body,
+ actions => { 'moreinfo' => gettext('Learn how to enable them again'), },
+ hints => { 'transient' => 1, },
+ timeout => 0)->show();
+
+$reactor->run;
diff --git a/config/chroot_local-includes/usr/local/bin/tor-browser b/config/chroot_local-includes/usr/local/bin/tor-browser
index 80200a3..29ead96 100755
--- a/config/chroot_local-includes/usr/local/bin/tor-browser
+++ b/config/chroot_local-includes/usr/local/bin/tor-browser
@@ -32,10 +32,6 @@ ask_for_confirmation() {
--cancel-label "$dialog_start" --ok-label "$dialog_cancel"
}
-tor_has_bootstrapped() {
- sudo -n -u debian-tor /usr/local/sbin/tor-has-bootstrapped
-}
-
# Workaround bug #8036 by copying any localized search plugins into
# the profile.
enable_localized_searchplugins() {
@@ -75,7 +71,7 @@ start_browser() {
}
-if tor_has_bootstrapped || ask_for_confirmation; then
+if /usr/local/sbin/tor-has-bootstrapped || ask_for_confirmation; then
# Torbutton 1.5.1+ uses those environment variables
export TOR_SOCKS_HOST='127.0.0.1'
export TOR_SOCKS_PORT='9150'
diff --git a/config/chroot_local-includes/usr/local/lib/add-GNOME-bookmarks b/config/chroot_local-includes/usr/local/lib/add-GNOME-bookmarks
index 77bf41f..6c5a13d 100755
--- a/config/chroot_local-includes/usr/local/lib/add-GNOME-bookmarks
+++ b/config/chroot_local-includes/usr/local/lib/add-GNOME-bookmarks
@@ -2,6 +2,9 @@
set -eu
+# We're a no-op unless running as the default desktop user
+[ "$(/usr/bin/id -u)" = 1000 ] || exit 0
+
. /usr/local/lib/tails-shell-library/tails-greeter.sh
add_gtk_bookmark_for() {
diff --git a/config/chroot_local-includes/usr/local/lib/create-tor-browser-directories b/config/chroot_local-includes/usr/local/lib/create-tor-browser-directories
index e1fe2c3..16ca4d3 100755
--- a/config/chroot_local-includes/usr/local/lib/create-tor-browser-directories
+++ b/config/chroot_local-includes/usr/local/lib/create-tor-browser-directories
@@ -2,6 +2,9 @@
set -eu
+# We're a no-op unless running as the default desktop user
+[ "$(/usr/bin/id -u)" = 1000 ] || exit 0
+
TOR_BROWSER_AMNESIAC_DIR='/home/amnesia/Tor Browser'
TOR_BROWSER_PERSISTENT_DIR='/home/amnesia/Persistent/Tor Browser'
diff --git a/config/chroot_local-includes/usr/local/lib/shutdown-helper-applet b/config/chroot_local-includes/usr/local/lib/shutdown-helper-applet
deleted file mode 100755
index 39fe58e..0000000
--- a/config/chroot_local-includes/usr/local/lib/shutdown-helper-applet
+++ /dev/null
@@ -1,80 +0,0 @@
-#!/usr/bin/env python
-
-import locale
-import os
-import subprocess
-import sys
-
-from gettext import gettext as _
-from gettext import bindtextdomain, textdomain
-
-from gi.repository import Gdk
-from gi.repository import Gtk
-from gi.repository import PanelApplet
-
-LOCALE_PREFIX = "%susr" % (os.sep)
-LOCALE_DIR = "%s%sshare%slocale" % ( LOCALE_PREFIX, os.sep, os.sep )
-PACKAGE = "shutdown_helper_applet"
-TEXT_DOMAIN = "tails"
-locale.setlocale(locale.LC_ALL, "")
-bindtextdomain(PACKAGE, LOCALE_DIR)
-textdomain(TEXT_DOMAIN)
-
-def applet_factory(applet, iid, data=None):
- image = Gtk.Image()
- image.set_from_file('/usr/share/icons/gnome/scalable/actions/system-shutdown-symbolic.svg')
- applet.add(image)
- applet.connect('button-press-event', show_action_menu)
- applet.show_all()
- return True
-
-def show_action_menu(applet, event):
- if event.button != Gdk.BUTTON_PRIMARY:
- return
-
- menu = Gtk.Menu()
- menu.attach_to_widget(applet, None)
- menu_entries = [
-# [_("Lock Screen"), 'gnome-lockscreen', lock_screen],
- [_("Shutdown Immediately"), 'gnome-shutdown', shutdown],
- [_("Reboot Immediately"), 'gtk-refresh', reboot]
- ]
- for [label, icon_name, action] in menu_entries:
- item = Gtk.ImageMenuItem.new_with_label(label)
- icon = Gtk.Image()
- icon.set_from_icon_name(icon_name, Gtk.IconSize.MENU)
- item.set_image(icon)
- item.connect("activate", action)
- item.show()
- menu.add(item)
- menu.popup(parent_menu_shell=None,
- parent_menu_item=None,
- func=None,
- data=None,
- button=event.button,
- activate_time=event.time)
-
-def lock_screen(widget):
- subprocess.call(["gnome-screensaver-command", "--lock"])
-
-def shutdown(widget):
- subprocess.call(["sudo", "-n", "halt"])
-
-def reboot(widget):
- subprocess.call(["sudo", "-n", "reboot"])
-
-# run it in a gtk window
-if len(sys.argv) > 1 and sys.argv[1] == "test":
- main_window = Gtk.Window(Gtk.WindowType.TOPLEVEL)
- main_window.set_title("Shutdown Helper")
- main_window.connect("destroy", Gtk.main_quit)
- applet_factory(main_window, None)
- main_window.show_all()
- Gtk.main()
- sys.exit()
-
-if __name__ == '__main__':
- PanelApplet.Applet.factory_main("ShutdownHelperFactory",
- PanelApplet.Applet.__gtype__,
- applet_factory,
- None)
diff --git a/config/chroot_local-includes/usr/local/lib/start-systemd-desktop-target b/config/chroot_local-includes/usr/local/lib/start-systemd-desktop-target
new file mode 100755
index 0000000..2d0138e
--- /dev/null
+++ b/config/chroot_local-includes/usr/local/lib/start-systemd-desktop-target
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+set -eu
+
+# Import (almost all) XDG_*, locale-related and DBUS_SESSION_BUS_ADDRESS variables
+# into the systemd user instance's environment. We're filtering some
+# XDG_* out in order not to pretend that processes run via `systemd --user`
+# are part of the desktop session.
+/usr/bin/env \
+ | /bin/grep '^XDG_' \
+ | /bin/grep -E -v '^XDG_(SEAT=|SESSION_)' \
+ | /usr/bin/xargs /bin/systemctl --user set-environment
+/usr/bin/locale | /usr/bin/xargs /bin/systemctl --user set-environment
+/bin/systemctl --user import-environment \
+ DBUS_SESSION_BUS_ADDRESS \
+ DISPLAY \
+ XAUTHORITY
+
+# Start desktop.target
+/bin/systemctl --user start desktop.target
diff --git a/config/chroot_local-includes/usr/local/lib/tails-autotest-remote-shell b/config/chroot_local-includes/usr/local/lib/tails-autotest-remote-shell
index 958d5bb..d197332 100755
--- a/config/chroot_local-includes/usr/local/lib/tails-autotest-remote-shell
+++ b/config/chroot_local-includes/usr/local/lib/tails-autotest-remote-shell
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/python3
# ATTENTION: Yes, this can be used as a backdoor, but only for an
# adversary with access to you *physical* serial port, which means
@@ -11,6 +11,7 @@ from pwd import getpwnam
from os import setgid, setuid, environ
from glob import glob
import serial
+from systemd.daemon import notify as sd_notify
def mk_switch_user_fn(uid, gid):
def switch_user():
@@ -26,7 +27,7 @@ def run_cmd_as_user(cmd, user):
# inside Tails for the user by logging in (via `su`) as the user and
# extracting the environment.
pipe = Popen('su -c env ' + user, stdout=PIPE, shell=True)
- env_data = pipe.communicate()[0]
+ env_data = pipe.communicate()[0].decode('utf-8')
env = dict((line.split('=', 1) for line in env_data.splitlines()))
env['DISPLAY'] = ':0.0'
try:
@@ -40,20 +41,20 @@ def run_cmd_as_user(cmd, user):
def main():
dev = argv[1]
port = serial.Serial(port = dev, baudrate = 4000000)
- port.open()
+ if not port.isOpen():
+ port.open()
- # Create a state file so other applications can know that the remote
- # shell is operational.
- state_file_path = "/var/lib/live/autotest-remote-shell-running"
- open(state_file_path, "w").close()
+ # Notify systemd that we're ready
+ sd_notify('READY=1')
+ sd_notify('STATUS=Processing requests...\n')
while True:
try:
- line = port.readline()
+ line = port.readline().decode('utf-8')
except Exception as e:
# port must be opened wrong, so we restart everything and pray
# that it works.
- print str(e)
+ print(str(e))
port.close()
return main()
try:
@@ -61,16 +62,18 @@ def main():
except Exception as e:
# We had a parse/pack error, so we just send a \0 as an ACK,
# releasing the client from blocking.
- print str(e)
- port.write("\0")
+ print(str(e))
+ port.write(b"\0")
continue
p = run_cmd_as_user(cmd, user)
if cmd_type == "spawn":
returncode, stdout, stderr = 0, "", ""
else:
- stdout, stderr = p.communicate()
+ stdout_b, stderr_b = p.communicate()
+ stdout = stdout_b.decode('utf-8')
+ stderr = stderr_b.decode('utf-8')
returncode = p.returncode
- port.write(dumps([returncode, stdout, stderr]) + "\0")
+ port.write(dumps([returncode, stdout, stderr]).encode('utf-8') + b"\0")
if __name__ == "__main__":
main()
diff --git a/config/chroot_local-includes/usr/local/sbin/htpdate b/config/chroot_local-includes/usr/local/sbin/htpdate
index 5c0b70b..41f2b2f 100755
--- a/config/chroot_local-includes/usr/local/sbin/htpdate
+++ b/config/chroot_local-includes/usr/local/sbin/htpdate
@@ -25,6 +25,7 @@ use File::Path qw(rmtree);
use File::Spec::Functions;
use File::Temp qw/tempdir/;
use Getopt::Long::Descriptive;
+use IPC::System::Simple qw(capturex);
use List::Util qw( shuffle );
use open qw{:utf8 :std};
use POSIX qw( WIFEXITED );
@@ -274,13 +275,12 @@ sub adjustDate {
message("Setting time to $newtime...");
if ($set_date) {
$> = 0 if $runas;
- open(my $fd, "-|", $datecommand, $dateparam, '@' . $newtime)
- or die "Cannot set run command $datecommand: $!";
- if ( $? != 0 ) {
- my @output = <$fd>;
- error "An error occured setting the time\n@output";
- }
- close($fd);
+ my $output;
+ try {
+ $output = capturex($datecommand, $dateparam, '@' . $newtime);
+ } catch {
+ error "An error occured setting the time\n$output";
+ };
$> = getpwnam($runas) if $runas;
}
}
diff --git a/config/chroot_local-includes/usr/local/sbin/live-persist b/config/chroot_local-includes/usr/local/sbin/live-persist
index b835ca9..1db4dac 100755
--- a/config/chroot_local-includes/usr/local/sbin/live-persist
+++ b/config/chroot_local-includes/usr/local/sbin/live-persist
@@ -69,35 +69,6 @@ warning ()
echo "warning: ${@}" >&2
}
-dbus_udisks_get_attribute ()
-{
- local dev="${1}"
- local attribute="${2}"
- local re='^[[:space:]]*variant[[:space:]]\+string[[:space:]]\+"\(.*\)"$'
- dbus-send --system --print-reply --dest=org.freedesktop.UDisks \
- /org/freedesktop/UDisks/devices/$(basename ${dev}) \
- org.freedesktop.DBus.Properties.Get \
- string:org.freedesktop.UDisks.Device \
- string:"${attribute}" 2>/dev/null | \
- grep -e "${re}" | sed "s|${re}|\1|"
-}
-
-# We override the following two functions from live-helpers since old
-# blkid (i.e. util-linux and libblkid1) doesn't support GPT. We use dbus
-# instead (which should be available in user-space).
-get_gpt_name ()
-{
- local dev="${1}"
- dbus_udisks_get_attribute ${dev} partition-label
-}
-
-is_gpt_device ()
-{
- local dev="${1}"
- [ "$(dbus_udisks_get_attribute ${dev} partition-scheme)" = "gpt" ]
-}
-
-
# We override live-boot's logging facilities to get more useful error messages
log_warning_msg ()
{
diff --git a/config/chroot_local-includes/usr/local/sbin/restart-vidalia b/config/chroot_local-includes/usr/local/sbin/restart-vidalia
index 3d79d4d..4a80e36 100755
--- a/config/chroot_local-includes/usr/local/sbin/restart-vidalia
+++ b/config/chroot_local-includes/usr/local/sbin/restart-vidalia
@@ -22,7 +22,7 @@ done
# We don't want to start Vidalia if Windows Camouflage is enabled (ticket #7400)
windows_camouflage_is_enabled && exit 0
-until pgrep -u "${LIVE_USERNAME}" "^nm-applet$" >/dev/null ; do
+until pgrep -u "${LIVE_USERNAME}" "^ibus-daemon" >/dev/null ; do
sleep 5
done
diff --git a/config/chroot_local-includes/usr/local/sbin/tails-debugging-info b/config/chroot_local-includes/usr/local/sbin/tails-debugging-info
index 9dd6f6a..2460864 100755
--- a/config/chroot_local-includes/usr/local/sbin/tails-debugging-info
+++ b/config/chroot_local-includes/usr/local/sbin/tails-debugging-info
@@ -15,20 +15,16 @@ debug_file() {
debug_command /usr/sbin/dmidecode -s system-manufacturer
debug_command /usr/sbin/dmidecode -s system-product-name
debug_command /usr/sbin/dmidecode -s system-version
-debug_command "/bin/dmesg"
debug_command "/bin/lsmod"
debug_command "/bin/mount"
debug_command "/usr/bin/lspci"
-debug_command grep spoof-mac: /var/log/messages
+debug_command /bin/journalctl --catalog --no-pager
debug_file "/etc/X11/xorg.conf"
debug_file "/home/amnesia/.xsession-errors"
debug_file "/proc/asound/cards"
debug_file "/proc/asound/devices"
debug_file "/proc/asound/modules"
-debug_file "/var/log/Xorg.0.log"
-debug_file "/var/log/gdm3/:0-slave.log"
-debug_file "/var/log/gdm3/:0-greeter.log"
debug_file "/var/log/gdm3/tails-greeter.errors"
debug_file "/var/log/live-persist"
debug_file "/var/log/live/boot.log"
diff --git a/config/chroot_local-includes/usr/local/sbin/tails-notify-user b/config/chroot_local-includes/usr/local/sbin/tails-notify-user
index 6b1c90b..595eead 100755
--- a/config/chroot_local-includes/usr/local/sbin/tails-notify-user
+++ b/config/chroot_local-includes/usr/local/sbin/tails-notify-user
@@ -20,6 +20,9 @@ fi
(
export DISPLAY=':0.0'
export XAUTHORITY="`echo /var/run/gdm3/auth-for-${LIVE_USERNAME}-*/database`"
+ GNOME_SHELL_PID="$(pgrep --newest --euid ${LIVE_USERNAME} gnome-shell)"
+ export "$(tr '\0' '\n' < /proc/${GNOME_SHELL_PID}/environ | \
+ grep '^DBUS_SESSION_BUS_ADDRESS=')"
exec /bin/su -c "notify-send ${timeout_args} \"${summary}\" \"${body}\"" "${LIVE_USERNAME}" &
)
diff --git a/config/chroot_local-includes/usr/local/sbin/tails-reconfigure-kexec b/config/chroot_local-includes/usr/local/sbin/tails-reconfigure-kexec
new file mode 100755
index 0000000..c3acb20
--- /dev/null
+++ b/config/chroot_local-includes/usr/local/sbin/tails-reconfigure-kexec
@@ -0,0 +1,19 @@
+#!/bin/sh
+
+set -e
+set -u
+
+PATH="/usr/local/bin:${PATH}"
+KEXEC_CONF=/etc/default/kexec
+
+KERNEL_IMAGE=$(tails-boot-to-kexec kernel $(tails-get-bootinfo kernel))
+INITRD=$(tails-boot-to-kexec initrd $(tails-get-bootinfo initrd))
+
+echo "KERNEL_IMAGE=\"${KERNEL_IMAGE}\"" >> "$KEXEC_CONF"
+echo "INITRD=\"${INITRD}\"" >> "$KEXEC_CONF"
+
+if grep -qw debug=wipemem /proc/cmdline; then
+ echo 'APPEND="${APPEND} sdmemdebug=1"' >> "$KEXEC_CONF"
+else
+ echo 'APPEND="${APPEND} quiet"' >> "$KEXEC_CONF"
+fi
diff --git a/config/chroot_local-includes/usr/local/sbin/tails-reconfigure-memlockd b/config/chroot_local-includes/usr/local/sbin/tails-reconfigure-memlockd
new file mode 100755
index 0000000..b584fce
--- /dev/null
+++ b/config/chroot_local-includes/usr/local/sbin/tails-reconfigure-memlockd
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+set -e
+set -u
+
+PATH="/usr/local/bin:${PATH}"
+MEMLOCKD_CONF=/etc/memlockd.cfg
+
+tails-boot-to-kexec kernel $(tails-get-bootinfo kernel) >> "$MEMLOCKD_CONF"
+tails-boot-to-kexec initrd $(tails-get-bootinfo initrd) >> "$MEMLOCKD_CONF"
diff --git a/config/chroot_local-includes/usr/local/sbin/tails-restricted-network-detector b/config/chroot_local-includes/usr/local/sbin/tails-restricted-network-detector
index 9dc0f18..cf1dd90 100755
--- a/config/chroot_local-includes/usr/local/sbin/tails-restricted-network-detector
+++ b/config/chroot_local-includes/usr/local/sbin/tails-restricted-network-detector
@@ -22,8 +22,6 @@ See https://tails.boum.org/.
#}}}
-use File::Tail;
-use Parse::Syslog;
use IPC::System::Simple qw(runx);
use Locale::gettext;
use I18N::Langinfo qw{langinfo CODESET};
@@ -42,6 +40,8 @@ sub notify_maybe_blocked {
'<a href=\"file:///usr/share/doc/tails/website/doc/first_steps/' .
'startup_options/mac_spoofing.en.html#blocked\">MAC spoofing ' .
'documentation</a>.'));
+ # XXX: this script could now be run as a dedicated user whose only special
+ # privilege would be to run tails-notify-user.
# We can't use Desktop::Notify since this script is supposed to be run
# as root (for access to syslog), started in an env without DESKTOP etc,
# which also causes issues with opening links in the text body.
@@ -50,13 +50,7 @@ sub notify_maybe_blocked {
}
my %state;
-my $syslog = File::Tail->new(name => "/var/log/syslog",
- maxinterval => 1,
- interval => 1);
-my $parser = Parse::Syslog->new($syslog, allow_future => 1);
-while(my $sl = $parser->next) {
- next if !($sl->{program} eq "NetworkManager");
- my $text = $sl->{text};
+while(my $text = <STDIN>) {
if ($text =~ /Activation \(([^)]+)\) starting connection/) {
# The beginning of *all* (not only wireless) new
# connections. We drop any previous state so it won't
diff --git a/config/chroot_local-includes/usr/local/sbin/tails-spoof-mac b/config/chroot_local-includes/usr/local/sbin/tails-spoof-mac
index 8f0f2b5..c9be678 100755
--- a/config/chroot_local-includes/usr/local/sbin/tails-spoof-mac
+++ b/config/chroot_local-includes/usr/local/sbin/tails-spoof-mac
@@ -10,10 +10,21 @@ set -e
. /usr/local/lib/tails-shell-library/log.sh
. /usr/local/lib/tails-shell-library/tails-greeter.sh
+# Get LIVE_USERNAME
+. /etc/live/config.d/username.conf
+
. /usr/bin/gettext.sh
TEXTDOMAIN="tails"
export TEXTDOMAIN
+stop_and_disable_NM() {
+ systemctl stop NetworkManager-wait-online.service
+ systemctl stop NetworkManager.service
+ systemctl stop NetworkManager-dispatcher.service
+ systemctl disable NetworkManager-wait-online.service
+ systemctl disable NetworkManager.service
+}
+
show_notification() {
# We must wait until all the facilities necessary for showing the
# notification to the Live user is available to prevent it from
@@ -22,8 +33,7 @@ show_notification() {
# otherwise pgrep will look at the process name, which seems to be
# cropped to 15 chars, i.e. "notification-da". Also, we probably
# do not want to get mixed up with "gdu-notification-daemon".
- until pgrep gnome-panel >/dev/null && \
- pgrep --full /usr/lib/notification-daemon/notification-daemon >/dev/null; do
+ until pgrep -u "${LIVE_USERNAME}" '^ibus-daemon' >/dev/null ; do
sleep 1
done
/usr/local/sbin/tails-notify-user "${1}" "${2}" 0
@@ -64,7 +74,7 @@ mac_spoof_panic() {
unload_module_and_rev_deps "${module}" || :
if nic_exists "${nic}"; then
log "Failed to unload module ${module} of NIC ${nic}. Stopping NetworkManager."
- service network-manager stop
+ stop_and_disable_NM
notify_panic_failure "${nic}" "${nic_name}" &
else
log "Successfully unloaded module ${module} of NIC ${nic}."
@@ -131,7 +141,7 @@ then
# NetworkManager without notification to do our best to
# prevent a MAC address leak.
log "Panic mode failed for NIC ${NIC}. Killing NetworkManager."
- service network-manager stop
+ stop_and_disable_NM
fi
exit 1
fi
diff --git a/config/chroot_local-includes/usr/local/sbin/tails-tor-launcher b/config/chroot_local-includes/usr/local/sbin/tails-tor-launcher
index 4c98639..6cb884d 100755
--- a/config/chroot_local-includes/usr/local/sbin/tails-tor-launcher
+++ b/config/chroot_local-includes/usr/local/sbin/tails-tor-launcher
@@ -24,7 +24,7 @@ fi
# Get LANG
. /etc/default/locale
-until pgrep -u "${LIVE_USERNAME}" nm-applet >/dev/null ; do
+until pgrep -u "${LIVE_USERNAME}" '^ibus-daemon' >/dev/null ; do
sleep 5
done
diff --git a/config/chroot_local-includes/usr/local/sbin/tails-unblock-network b/config/chroot_local-includes/usr/local/sbin/tails-unblock-network
index 03edfd0..7374985 100755
--- a/config/chroot_local-includes/usr/local/sbin/tails-unblock-network
+++ b/config/chroot_local-includes/usr/local/sbin/tails-unblock-network
@@ -1,22 +1,25 @@
#!/bin/sh
-set -e
+systemctl --no-block start tails-restricted-network-detector.service
-BLACKLIST=/etc/modprobe.d/all-net-blacklist.conf
-
-rm -f "${BLACKLIST}"
+systemctl start tails-unblock-network.service
# Now we'll load any present network device previously blocked by
-# BLACKLIST. In particular, the MAC spoofing udev rule should trigger
+# the blacklist. In particular, the MAC spoofing udev rule should trigger
# for each network device added.
-/sbin/udevadm trigger --action=add
+systemctl restart systemd-udev-trigger.service
-# Make this script block until all triggers have been run. We normally
-# start NetworkManager immediately after this script, and without the
-# blocking behaviour there's a race between NM and the MAC spoof udev
-# triggers. When NM takes control of some network device, some
-# operations are not possible on the device, like MAC spoofing. Hence,
-# if NM wins, the udev trigger's run of tails-spoof-mac will fail.
-/sbin/udevadm settle
+# Block until all triggers have been run. NetworkManager is started immediately
+# after, and without the blocking behaviour there's a race between NM
+# and the MAC spoof udev triggers. When NM takes control of some network device,
+# some operations are not possible on the device, like MAC spoofing. Hence,
+# if NM wins, the udev-triggered run of tails-spoof-mac will fail.
+systemctl restart systemd-udev-settle.service
-service network-manager start
+# Enable and start NetworkManager services
+# No need to manually enable NetworkManager-dispatcher.service,
+# as NetworkManager.service has "Also=NetworkManager-dispatcher.service"
+# in its [Install] section.
+systemctl enable NetworkManager.service NetworkManager-wait-online.service
+systemctl start NetworkManager.service NetworkManager-dispatcher.service
+systemctl --no-block start NetworkManager-wait-online.service
diff --git a/config/chroot_local-includes/usr/local/sbin/tor-has-bootstrapped b/config/chroot_local-includes/usr/local/sbin/tor-has-bootstrapped
index db36b20..bc3e08a 100755
--- a/config/chroot_local-includes/usr/local/sbin/tor-has-bootstrapped
+++ b/config/chroot_local-includes/usr/local/sbin/tor-has-bootstrapped
@@ -1,9 +1,8 @@
#!/bin/sh
-# This script is designed to be run as the debian-tor user.
-# The desktop user is allowed to do so with passwordless sudo.
-
-# Import tor_bootstrap_progress()
-. /usr/local/lib/tails-shell-library/tor.sh
-
-tor_is_working
+/bin/systemctl --quiet is-active tor.service || exit 1
+[ 'inactive' \
+ = \
+ $(/bin/systemctl is-active \
+ tails-wait-until-tor-has-bootstrapped.service || :) \
+]
diff --git a/config/chroot_local-includes/usr/local/sbin/udev-watchdog-wrapper b/config/chroot_local-includes/usr/local/sbin/udev-watchdog-wrapper
index ac9d108..1da9b2c 100755
--- a/config/chroot_local-includes/usr/local/sbin/udev-watchdog-wrapper
+++ b/config/chroot_local-includes/usr/local/sbin/udev-watchdog-wrapper
@@ -47,14 +47,13 @@ do_stop() {
# Really make sure that the CD is ejected
# FIXME: this might not be necessary with future kernel/udev
if [ "${DEV_TYPE}" = "cd" ]; then
- /usr/bin/eject -i off "${BOOT_DEVICE}" 2>&1 >/dev/null || true
- /usr/bin/eject -m "${BOOT_DEVICE}" 2>&1 >/dev/null || true
+ /usr/bin/eject -i off "${BOOT_DEVICE}" || true
+ /usr/bin/eject -m "${BOOT_DEVICE}" || true
fi
- /usr/bin/pkill gdm3 2>&1 >/dev/null || true
- /bin/chvt 1
- /etc/init.d/kexec-load stop 2>&1 >/dev/null || true
- /etc/init.d/tails-kexec stop 2>&1 >/dev/null || true
+ /usr/bin/pkill gdm3 || true
+ /etc/init.d/kexec-load stop || true
+ /lib/systemd/system-shutdown/tails-kexec || true
}
@@ -82,7 +81,7 @@ DEV_TYPE="${DEV_TYPE_LINE#*=}"
# event. See [[bugs/sdmem_on_eject_broken_for_CD]].
# FIXME: we might be able to do the more sane "-i off" with future kernel/udev
if [ "$DEV_TYPE" = "cd" ]; then
- eject -i on "${BOOT_DEVICE}" 2>&1 >/dev/null
+ eject -i on "${BOOT_DEVICE}" >/dev/null
fi
# Start udev-watchdog and stop on clean exit.
diff --git a/config/chroot_local-includes/usr/share/dbus-1/services/org.gnome.panel.applet.ShutdownHelperFactory.service b/config/chroot_local-includes/usr/share/dbus-1/services/org.gnome.panel.applet.ShutdownHelperFactory.service
deleted file mode 100644
index d51f5f3..0000000
--- a/config/chroot_local-includes/usr/share/dbus-1/services/org.gnome.panel.applet.ShutdownHelperFactory.service
+++ /dev/null
@@ -1,3 +0,0 @@
-[D-BUS Service]
-Name=org.gnome.panel.applet.ShutdownHelperFactory
-Exec=/usr/local/lib/shutdown-helper-applet
diff --git a/config/chroot_local-includes/usr/share/gdm/dconf/50-tails b/config/chroot_local-includes/usr/share/gdm/dconf/50-tails
new file mode 100644
index 0000000..926adda
--- /dev/null
+++ b/config/chroot_local-includes/usr/share/gdm/dconf/50-tails
@@ -0,0 +1,5 @@
+[org/gnome/desktop/session]
+session-name='gdm-tails'
+
+[org/gnome/desktop/background]
+picture-uri='file:///usr/share/tails/desktop_wallpaper.png'
diff --git a/config/chroot_local-includes/usr/share/gdm/greeter/autostart/spice-vdagent.desktop b/config/chroot_local-includes/usr/share/gdm/greeter/autostart/spice-vdagent.desktop
deleted file mode 120000
index c0d5caf..0000000
--- a/config/chroot_local-includes/usr/share/gdm/greeter/autostart/spice-vdagent.desktop
+++ /dev/null
@@ -1 +0,0 @@
-/etc/xdg/autostart/spice-vdagent.desktop \ No newline at end of file
diff --git a/config/chroot_local-includes/usr/share/gnome-panel/4.0/applets/org.boum.tails.ShutdownHelper.panel-applet b/config/chroot_local-includes/usr/share/gnome-panel/4.0/applets/org.boum.tails.ShutdownHelper.panel-applet
deleted file mode 100644
index e4b522f..0000000
--- a/config/chroot_local-includes/usr/share/gnome-panel/4.0/applets/org.boum.tails.ShutdownHelper.panel-applet
+++ /dev/null
@@ -1,11 +0,0 @@
-[Applet Factory]
-Id=ShutdownHelperFactory
-Location=/usr/local/lib/shutdown-helper-applet
-Name=Tails Shutdown Helper Factory
-
-[ShutdownHelperApplet]
-Name=Tails Shutdown Helper
-Description=Shutdown or restart Tails immediately
-Icon=system-shutdown-symbolic
-BonoboId=OAFIID:ShutdownHelperFactory
-
diff --git a/config/chroot_local-includes/usr/share/gnome-shell/extensions/shutdown-helper@tails.boum.org/extension.js b/config/chroot_local-includes/usr/share/gnome-shell/extensions/shutdown-helper@tails.boum.org/extension.js
new file mode 100644
index 0000000..a22b0d9
--- /dev/null
+++ b/config/chroot_local-includes/usr/share/gnome-shell/extensions/shutdown-helper@tails.boum.org/extension.js
@@ -0,0 +1,139 @@
+/**
+ Copyright (C) 2014 Raphael Freudiger <laser_b@gmx.ch>
+ Copyright (C) 2014 Jonatan Zeidler <jonatan_zeidler@gmx.de>
+ Copyright (C) 2014 Tails Developers <tails@boum.org>
+
+ This program is free software: you can redistribute it and/or
+ modify it under the terms of the GNU General Public License as
+ published by the Free Software Foundation, either version 2 of the
+ License, or (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+ shutdown-helper is based on gnome-shell-extension-suspend-button
+ (https://github.com/laserb/gnome-shell-extension-suspend-button) by
+ Raphael Freudiger <laser_b@gmx.ch>.
+**/
+const Lang = imports.lang;
+const Mainloop = imports.mainloop;
+
+const LoginManager = imports.misc.loginManager;
+const Main = imports.ui.main;
+const StatusSystem = imports.ui.status.system;
+const PopupMenu = imports.ui.popupMenu;
+const ExtensionSystem = imports.ui.extensionSystem;
+
+const Gettext = imports.gettext.domain('tails');
+const _ = Gettext.gettext;
+
+const Me = imports.misc.extensionUtils.getCurrentExtension();
+const Lib = Me.imports.lib;
+
+const Util = imports.misc.util;
+
+const Extension = new Lang.Class({
+ Name: 'ShutdownHelper.Extension',
+
+ enable: function() {
+ this._loginManager = LoginManager.getLoginManager();
+ this.systemMenu = Main.panel.statusArea['aggregateMenu']._system;
+
+ this._createActions();
+ this._removealtSwitcher();
+ this._addSeparateButtons();
+
+ this._menuOpenStateChangedId = this.systemMenu.menu.connect('open-state-changed', Lang.bind(this,
+ function(menu, open) {
+ if (!open)
+ return;
+ this._altrestartAction.visible = true;
+ this._altpowerOffAction.visible = true;
+ }));
+ },
+
+ disable: function() {
+ if (this._menuOpenStateChangedId) {
+ this.systemMenu.menu.disconnect(this._menuOpenStateChangedId);
+ this._menuOpenStateChangedId = 0;
+ }
+
+ this._destroyActions();
+ this._addDefaultButton();
+ },
+
+ _createActions: function() {
+ this._altrestartAction = this.systemMenu._createActionButton('view-refresh-symbolic', _("Restart"));
+ this._altrestartActionID = this._altrestartAction.connect('clicked', Lang.bind(this, this._onRestartClicked));
+
+ this._altpowerOffAction = this.systemMenu._createActionButton('system-shutdown-symbolic', _("Power Off"));
+ this._altpowerOffActionId = this._altpowerOffAction.connect('clicked', Lang.bind(this, this._onPowerOffClicked));
+ },
+
+ _destroyActions: function() {
+ if (this._altrestartActionId) {
+ this._altrestartAction.disconnect(this._altrestartActionId);
+ this._altrestartActionId = 0;
+ }
+
+ if (this._altpowerOffActionId) {
+ this._altpowerOffAction.disconnect(this._altpowerOffActionId);
+ this._altpowerOffActionId = 0;
+ }
+
+ if (this._altrestartAction) {
+ this._altrestartAction.destroy();
+ this._altrestartAction = 0;
+ }
+
+ if (this._altpowerOffAction) {
+ this._altpowerOffAction.destroy();
+ this._altpowerOffAction = 0;
+ }
+ },
+
+ _addDefaultButton: function() {
+ this.systemMenu._actionsItem.actor.add(this.systemMenu._altSwitcher.actor, { expand: true, x_fill: false });
+ },
+
+ _addSeparateButtons: function() {
+ this.systemMenu._actionsItem.actor.add(this._altrestartAction, { expand: true, x_fill: false });
+ this.systemMenu._actionsItem.actor.add(this._altpowerOffAction, { expand: true, x_fill: false });
+ },
+
+ _removealtSwitcher: function() {
+ this.systemMenu._actionsItem.actor.remove_child(this.systemMenu._altSwitcher.actor);
+ },
+
+ _createaltStatusSwitcher: function() {
+ this._altStatusSwitcher = new StatusSystem.AltSwitcher(this._altrestartAction,this._altpowerOffAction);
+ this.systemMenu._actionsItem.actor.add(this._altStatusSwitcher.actor, { expand: true, x_fill: false });
+ },
+
+ _removealtStatusSwitcher: function() {
+ if (this._altStatusSwitcher) {
+ this.systemMenu._actionsItem.actor.remove_child(this._altStatusSwitcher.actor);
+ this._altStatusSwitcher.actor.destroy();
+ this._altStatusSwitcher = 0;
+ }
+ },
+
+ _onPowerOffClicked: function() {
+ Util.spawn(['sudo', '-n', 'poweroff'])
+ },
+
+ _onRestartClicked: function() {
+ Util.spawn(['sudo', '-n', 'reboot'])
+ }
+});
+
+function init(metadata) {
+ Lib.initTranslations(Me);
+ return (extension = new Extension());
+}
+
diff --git a/config/chroot_local-includes/usr/share/gnome-shell/extensions/shutdown-helper@tails.boum.org/lib.js b/config/chroot_local-includes/usr/share/gnome-shell/extensions/shutdown-helper@tails.boum.org/lib.js
new file mode 100644
index 0000000..7e6492c
--- /dev/null
+++ b/config/chroot_local-includes/usr/share/gnome-shell/extensions/shutdown-helper@tails.boum.org/lib.js
@@ -0,0 +1,37 @@
+/* -*- mode: js2; js2-basic-offset: 4; indent-tabs-mode: nil -*- */
+/**
+ Copyright (C) 2014 Raphael Freudiger <laser_b@gmx.ch>
+ Copyright (C) 2014 Jonatan Zeidler <jonatan_zeidler@gmx.de>
+ Copyright (C) 2014 Tails Developers <tails@boum.org>
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+**/
+
+const GLib = imports.gi.GLib;
+const Gettext = imports.gettext;
+const Config = imports.misc.config;
+
+function initTranslations(extension) {
+ let localeDir = extension.dir.get_child('locale').get_path();
+
+ // Extension installed in .local
+ if (GLib.file_test(localeDir, GLib.FileTest.EXISTS)) {
+ Gettext.bindtextdomain('gnome-shell-extension-shutdown-helper', localeDir);
+ }
+ // Extension installed system-wide
+ else {
+ Gettext.bindtextdomain('gnome-shell-extension-shutdown-helper',
+ Config.LOCALEDIR);
+ }
+}
diff --git a/config/chroot_local-includes/usr/share/gnome-shell/extensions/shutdown-helper@tails.boum.org/metadata.json b/config/chroot_local-includes/usr/share/gnome-shell/extensions/shutdown-helper@tails.boum.org/metadata.json
new file mode 100644
index 0000000..892735a
--- /dev/null
+++ b/config/chroot_local-includes/usr/share/gnome-shell/extensions/shutdown-helper@tails.boum.org/metadata.json
@@ -0,0 +1,13 @@
+{
+ "description": "Adds separate buttons for 'Lock Screen', 'Restart' and 'Shutdown' to the GNOME user menu, and all actions are immediate without further user verification.",
+ "name": "Shutdown Helper",
+ "settings-schema": "org.gnome.shell.extensions.shutdown-helper",
+ "shell-version": [
+ "3.10",
+ "3.12",
+ "3.14"
+ ],
+ "url": "https://tails.boum.org",
+ "uuid": "shutdown-helper@tails.boum.org",
+ "version": 1
+}
diff --git a/config/chroot_local-includes/usr/share/gnome-shell/extensions/topIcons@adel.gadllah@gmail.com/extension.js b/config/chroot_local-includes/usr/share/gnome-shell/extensions/topIcons@adel.gadllah@gmail.com/extension.js
new file mode 100644
index 0000000..c605ba7
--- /dev/null
+++ b/config/chroot_local-includes/usr/share/gnome-shell/extensions/topIcons@adel.gadllah@gmail.com/extension.js
@@ -0,0 +1,177 @@
+// -*- mode: js; js-indent-level: 4; indent-tabs-mode: nil -*-
+
+const Clutter = imports.gi.Clutter;
+const Shell = imports.gi.Shell;
+const St = imports.gi.St;
+const Main = imports.ui.main;
+const GLib = imports.gi.GLib;
+const Lang = imports.lang;
+const Panel = imports.ui.panel;
+const PanelMenu = imports.ui.panelMenu;
+const Meta = imports.gi.Meta;
+const Mainloop = imports.mainloop;
+const NotificationDaemon = imports.ui.notificationDaemon;
+
+let trayAddedId = 0;
+let trayRemovedId = 0;
+let getSource = null;
+let icons = [];
+let notificationDaemon;
+
+function init() {
+ if (Main.notificationDaemon._fdoNotificationDaemon) {
+ notificationDaemon = Main.notificationDaemon._fdoNotificationDaemon;
+ getSource = Lang.bind(notificationDaemon, NotificationDaemon.FdoNotificationDaemon.prototype._getSource);
+ }
+ else {
+ notificationDaemon = Main.notificationDaemon;
+ getSource = Lang.bind(notificationDaemon, NotificationDaemon.NotificationDaemon.prototype._getSource);
+ }
+}
+
+function enable() {
+ GLib.idle_add(GLib.PRIORITY_LOW, moveToTop);
+}
+
+function createSource (title, pid, ndata, sender, trayIcon) {
+ if (trayIcon) {
+ onTrayIconAdded(this, trayIcon, title);
+ return null;
+ }
+
+ return getSource(title, pid, ndata, sender, trayIcon);
+};
+
+function onTrayIconAdded(o, icon, role) {
+ let wmClass = icon.wm_class ? icon.wm_class.toLowerCase() : '';
+ if (NotificationDaemon.STANDARD_TRAY_ICON_IMPLEMENTATIONS[wmClass] !== undefined)
+ return;
+
+ let buttonBox = new PanelMenu.ButtonBox();
+ let box = buttonBox.actor;
+ let parent = box.get_parent();
+
+ let scaleFactor = St.ThemeContext.get_for_stage(global.stage).scale_factor;
+ let iconSize = Panel.PANEL_ICON_SIZE * scaleFactor;
+
+ icon.set_size(iconSize, iconSize);
+ box.add_actor(icon);
+
+ icon.reactive = true;
+
+ if (parent)
+ parent.remove_actor(box);
+
+ icons.push(icon);
+ Main.panel._rightBox.insert_child_at_index(box, 0);
+
+ let clickProxy = new St.Bin({ width: iconSize, height: iconSize });
+ clickProxy.reactive = true;
+ Main.uiGroup.add_actor(clickProxy);
+
+ icon._proxyAlloc = Main.panel._rightBox.connect('allocation-changed', function() {
+ Meta.later_add(Meta.LaterType.BEFORE_REDRAW, function() {
+ let [x, y] = icon.get_transformed_position();
+ clickProxy.set_position(x, y);
+ });
+ });
+
+ icon.connect("destroy", function() {
+ Main.panel._rightBox.disconnect(icon._proxyAlloc);
+ clickProxy.destroy();
+ });
+
+ clickProxy.connect('button-release-event', function(actor, event) {
+ icon.click(event);
+ });
+
+ icon._clickProxy = clickProxy;
+
+ /* Fixme: HACK */
+ Meta.later_add(Meta.LaterType.BEFORE_REDRAW, function() {
+ let [x, y] = icon.get_transformed_position();
+ clickProxy.set_position(x, y);
+ return false;
+ });
+ let timerId = 0;
+ let i = 0;
+ timerId = Mainloop.timeout_add(500, function() {
+ icon.set_size(icon.width == iconSize ? iconSize - 1 : iconSize,
+ icon.width == iconSize ? iconSize - 1 : iconSize);
+ i++;
+ if (i == 2)
+ Mainloop.source_remove(timerId);
+ });
+}
+
+function onTrayIconRemoved(o, icon) {
+ let parent = icon.get_parent();
+ parent.destroy();
+ icon.destroy();
+ icons.splice(icons.indexOf(icon), 1);
+}
+
+function moveToTop() {
+ notificationDaemon._trayManager.disconnect(notificationDaemon._trayIconAddedId);
+ notificationDaemon._trayManager.disconnect(notificationDaemon._trayIconRemovedId);
+ trayAddedId = notificationDaemon._trayManager.connect('tray-icon-added', onTrayIconAdded);
+ trayRemovedId = notificationDaemon._trayManager.connect('tray-icon-removed', onTrayIconRemoved);
+
+ notificationDaemon._getSource = createSource;
+
+ let toDestroy = [];
+ for (let i = 0; i < notificationDaemon._sources.length; i++) {
+ let source = notificationDaemon._sources[i];
+ if (!source.trayIcon)
+ continue;
+ let parent = source.trayIcon.get_parent();
+ parent.remove_actor(source.trayIcon);
+ onTrayIconAdded(this, source.trayIcon, source.initialTitle);
+ toDestroy.push(source);
+ }
+
+ for (let i = 0; i < toDestroy.length; i++) {
+ toDestroy[i].destroy();
+ }
+}
+
+function moveToTray() {
+ if (trayAddedId != 0) {
+ notificationDaemon._trayManager.disconnect(trayAddedId);
+ trayAddedId = 0;
+ }
+
+ if (trayRemovedId != 0) {
+ notificationDaemon._trayManager.disconnect(trayRemovedId);
+ trayRemovedId = 0;
+ }
+
+ notificationDaemon._trayIconAddedId = notificationDaemon._trayManager.connect('tray-icon-added',
+ Lang.bind(notificationDaemon, notificationDaemon._onTrayIconAdded));
+ notificationDaemon._trayIconRemovedId = notificationDaemon._trayManager.connect('tray-icon-removed',
+ Lang.bind(notificationDaemon, notificationDaemon._onTrayIconRemoved));
+
+ notificationDaemon._getSource = getSource;
+
+ for (let i = 0; i < icons.length; i++) {
+ let icon = icons[i];
+ let parent = icon.get_parent();
+ if (icon._clicked) {
+ icon.disconnect(icon._clicked);
+ }
+ icon._clicked = undefined;
+ if (icon._proxyAlloc) {
+ Main.panel._rightBox.disconnect(icon._proxyAlloc);
+ }
+ icon._clickProxy.destroy();
+ parent.remove_actor(icon);
+ parent.destroy();
+ notificationDaemon._onTrayIconAdded(notificationDaemon, icon);
+ }
+
+ icons = [];
+}
+
+function disable() {
+ moveToTray();
+}
diff --git a/config/chroot_local-includes/usr/share/gnome-shell/extensions/topIcons@adel.gadllah@gmail.com/metadata.json b/config/chroot_local-includes/usr/share/gnome-shell/extensions/topIcons@adel.gadllah@gmail.com/metadata.json
new file mode 100644
index 0000000..fd517d4
--- /dev/null
+++ b/config/chroot_local-includes/usr/share/gnome-shell/extensions/topIcons@adel.gadllah@gmail.com/metadata.json
@@ -0,0 +1,17 @@
+{
+ "_generated": "Generated by SweetTooth, do not edit",
+ "description": "Shows legacy tray icons on top",
+ "name": "TopIcons",
+ "shell-version": [
+ "3.10",
+ "3.9.91",
+ "3.11.5",
+ "3.11.90",
+ "3.12",
+ "3.13.4",
+ "3.14"
+ ],
+ "url": "http://94.247.144.115/repo/topicons/",
+ "uuid": "topIcons@adel.gadllah@gmail.com",
+ "version": 25
+}
diff --git a/config/chroot_local-includes/usr/share/initramfs-tools/hooks/kms b/config/chroot_local-includes/usr/share/initramfs-tools/hooks/kms
new file mode 100755
index 0000000..27f8a58
--- /dev/null
+++ b/config/chroot_local-includes/usr/share/initramfs-tools/hooks/kms
@@ -0,0 +1,22 @@
+#!/bin/sh
+
+set -e
+
+PREREQ=""
+
+prereqs () {
+ echo "${PREREQ}"
+}
+
+case "${1}" in
+ prereqs)
+ prereqs
+ exit 0
+ ;;
+esac
+
+. /usr/share/initramfs-tools/hook-functions
+
+manual_add_modules bochs-drm cirrus i915 nouveau qxl radeon
+
+exit 0
diff --git a/config/chroot_local-includes/usr/share/tails/screensaver_background.png b/config/chroot_local-includes/usr/share/tails/screensaver_background.png
new file mode 100644
index 0000000..93f5849
--- /dev/null
+++ b/config/chroot_local-includes/usr/share/tails/screensaver_background.png
Binary files differ
diff --git a/config/chroot_local-packageslists/tails-common.list b/config/chroot_local-packageslists/tails-common.list
index 4d5b980..62453e1 100644
--- a/config/chroot_local-packageslists/tails-common.list
+++ b/config/chroot_local-packageslists/tails-common.list
@@ -22,8 +22,6 @@ liblwp-protocol-socks-perl
libnet-ssleay-perl
libwww-perl
libxml-atom-perl
-# needed by the virtualization environment warning
-virt-what
# needed by htpdate
curl
libdatetime-perl
@@ -37,22 +35,19 @@ live-build
# needed by tordate
inotify-tools
# needed by gpgApplet
+libany-moose-perl
libencode-perl
libglib-perl
libgnupg-interface-perl
libgtk2-perl
liblocale-gettext-perl
xclip
-# needed by shutdown-helper-applet
-gir1.2-panelapplet
# needed by 20-time.sh
libnotify-bin
-notification-daemon
# needed by tails-documentation
yelp
-# for /usr/local/sbin/tails-blocked-network-detector
-libfile-tail-perl
-libparse-syslog-perl
+# for tails-restricted-network-detector-wrapper
+jq
# needed by live-persist
acl
# needed by the Unsafe Browser
@@ -62,13 +57,11 @@ gksu
### Software
-#include <standard-x11>
-
aircrack-ng
apparmor
apparmor-profiles-extra
+apt-transport-tor
audacity
-barry-util
bilibop-udev
cups
cups-pk-helper
@@ -101,20 +94,23 @@ gdm3
gedit
gimp
git
+gkbd-capplet
gnome-control-center
gnome-disk-utility
+gnome-flashback
gnome-media
-gnome-menus
-gnome-panel
gnome-power-manager
gnome-search-tool
gnome-screenshot
-gnome-session-fallback
+gnome-session
+gnome-session-flashback
+gnome-shell-extensions
gnome-system-log
gnome-system-monitor
gnome-terminal
gnome-themes
gnome-themes-standard
+gnome-tweak-tool
gnome-user-guide
gnupg-agent
gnupg-curl
@@ -126,11 +122,11 @@ gobby-0.5
# grub
grub-efi-ia32
#endif
-gstreamer0.10-ffmpeg
gstreamer0.10-plugins-base
gstreamer0.10-plugins-good
gstreamer0.10-plugins-ugly
gstreamer0.10-pulseaudio
+gstreamer1.0-libav
gvfs-backends
hardlink
haveged
@@ -139,7 +135,6 @@ hdparm
hledger
hopenpgp-tools
inkscape
-ipheth-utils
iptables
# ships isolinux.bin in syslinux 6.x packaging
isolinux
@@ -156,7 +151,8 @@ libqt4-qt3support
libsane-hpaio
liferea
live-config
-live-config-sysvinit
+live-config-systemd
+live-tools
lvm2
macchanger
mat
@@ -168,9 +164,8 @@ msva-perl
nautilus
nautilus-wipe
nautilus-gtkhash
-network-manager-gnome
+network-manager
ntfs-3g
-ntfsprogs
obfs4proxy
libreoffice-calc
libreoffice-draw
@@ -195,7 +190,6 @@ pidgin
pidgin-otr
pinentry-gtk2
pitivi
-plymouth
poedit
ppp
pulseaudio
@@ -215,6 +209,7 @@ simple-scan
sshfs
# ships the *.c32 modules in syslinux 6.x packaging
syslinux-common
+# ships syslinux.efi in syslinux 6.x packaging
syslinux-efi
# ships isohybrid in syslinux 6.x packaging
syslinux-utils
@@ -235,7 +230,6 @@ tor-arm
totem
ttdnsd
unar
-unrar-free
usbutils
vidalia
vim-nox
@@ -266,6 +260,7 @@ firmware-b43-installer
firmware-b43legacy-installer
### Xorg
+xorg
xserver-xorg-input-all
#if ARCHITECTURE i386
xserver-xorg-video-geode
@@ -323,8 +318,6 @@ cdrdao
### Accessibility
## mouse accessibility enhancements
mousetweaks
-## screen magnifier
-gnome-mag
## text-to-speech
gnome-orca
at-spi2-core
@@ -363,11 +356,10 @@ python-zbarpygtk
### Printing support
foomatic-db
foomatic-db-engine
-foomatic-filters
hpijs-ppds
hplip
-hplip-cups
printer-driver-escpr
+printer-driver-hpcups
printer-driver-gutenprint
### Make the MAT more powerful
@@ -375,6 +367,7 @@ gir1.2-poppler-0.18
libimage-exiftool-perl
python-cairo
python-mutagen
+python-nautilus
python-pdfrw
python-poppler
@@ -385,6 +378,9 @@ window-picker-applet
### Needed by virtualbox-guest-utils
pciutils
+### Needed by live-config's autodetection of broadcom-sta
+broadcom-sta-common
+
### SmartCard
libccid
pcscd
@@ -398,7 +394,8 @@ crda
wireless-regdb
### Automated test suite
-python-serial
+python3-serial
+python3-systemd
xdotool
i2p
diff --git a/config/chroot_local-patches/Desktop-Notify:_0001-support_notification_actions.patch b/config/chroot_local-patches/Desktop-Notify:_0001-support_notification_actions.patch
new file mode 100644
index 0000000..7d41d92
--- /dev/null
+++ b/config/chroot_local-patches/Desktop-Notify:_0001-support_notification_actions.patch
@@ -0,0 +1,122 @@
+From e84e1f23168ebfb51fc73c272061c295ed9952d8 Mon Sep 17 00:00:00 2001
+From: intrigeri <intrigeri@boum.org>
+Date: Sun, 8 Mar 2015 23:22:02 +0000
+Subject: [PATCH] Add support for a user-defined function to be called whenever
+ an action is invoked.
+
+---
+ lib/Desktop/Notify.pm | 30 +++++++++++++++++++++++++++++-
+ lib/Desktop/Notify/Notification.pm | 18 +++++++++++-------
+ 2 files changed, 40 insertions(+), 8 deletions(-)
+
+diff --git a/lib/Desktop/Notify.pm b/lib/Desktop/Notify.pm
+index b8bb248..78f31d4 100644
+--- a/usr/share/perl5/Desktop/Notify.pm
++++ b/usr/share/perl5/Desktop/Notify.pm
+@@ -106,6 +106,8 @@ sub new {
+ $self->{app_name} = $opts{app_name} || basename($0);
+ $self->{notify}->connect_to_signal('NotificationClosed',
+ sub {$self->_close_cb(@_)});
++ $self->{notify}->connect_to_signal('ActionInvoked',
++ sub {$self->_action_cb(@_)});
+
+ bless $self, $class;
+ }
+@@ -140,6 +142,17 @@ sub _close_cb {
+ delete $self->{notes}->{$nid};
+ }
+
++sub _action_cb {
++ my ($self, $nid, $action_key) = @_;
++ print __PACKAGE__, ": action invoked\n";
++ if ($self->{action_callback})
++ {
++ print "invoking callback\n";
++ $self->{action_callback}->($self->{notes}->{$nid}, $action_key);
++ }
++ # delete $self->{notes}->{$nid};
++}
++
+ =head2 close_callback $coderef
+
+ Sets a user-specified function to be called whenever a notification is closed.
+@@ -151,10 +164,25 @@ just closed.
+ sub close_callback {
+ my ($self, $cb) = @_;
+
+- print "callback is $cb\n";
++ print "close callback is $cb\n";
+ $self->{close_callback} = $cb;
+ }
+
++=head2 action_callback $coderef
++
++Sets a user-specified function to be called whenever an action is invoked.
++It will be called with two arguments, which are the Notification object on which
++an action was invoked, and the key of the action invoked.
++
++=cut
++
++sub action_callback {
++ my ($self, $cb) = @_;
++
++ print "action callback is $cb\n";
++ $self->{action_callback} = $cb;
++}
++
+ =head1 AUTHOR
+
+ Stephen Cavilia, C<< <sac at atomicradi.us> >>
+diff --git a/lib/Desktop/Notify/Notification.pm b/lib/Desktop/Notify/Notification.pm
+index ee3fe4a..e7710e8 100644
+--- a/usr/share/perl5/Desktop/Notify/Notification.pm
++++ b/usr/share/perl5/Desktop/Notify/Notification.pm
+@@ -59,6 +59,7 @@ sub new {
+ my $self = \%params;
+ $self->{server} = $server;
+ $self->{id} = undef;
++ $self->{actions} ||= {};
+ bless $self, $class;
+ }
+
+@@ -81,7 +82,7 @@ sub show {
+ '',
+ $self->{summary},
+ $self->{body},
+- [],
++ [%{$self->{actions}}],
+ {},
+ $self->{timeout} || 0,
+ );
+@@ -125,6 +126,15 @@ The summary text briefly describing the notification.
+
+ The optional detailed body text. Can be empty.
+
++=item actions
++
++Actions are sent over as a list of pairs. Each even element in the list
++(starting at index 0) represents the identifier for the action. Each odd
++element in the list is the localized string that will be displayed to the user.
++
++A user-specified function to be called whenever an action is invoked can be
++specified with L<Desktop::Notify>'s L<action_callback> method.
++
+ =item timeout
+
+ The timeout time in milliseconds since the display of the notification at which
+@@ -145,12 +155,6 @@ supported by L<Desktop::Notify> at this time
+
+ The optional program icon of the calling application.
+
+-=item actions
+-
+-Actions are sent over as a list of pairs. Each even element in the list
+-(starting at index 0) represents the identifier for the action. Each odd
+-element in the list is the localized string that will be displayed to the user.
+-
+ =item hints
+
+ Optional hints that can be passed to the server from the client program.
+--
+2.1.4
+
diff --git a/config/chroot_local-patches/Desktop-Notify:_0002-support_hints.patch b/config/chroot_local-patches/Desktop-Notify:_0002-support_hints.patch
new file mode 100644
index 0000000..2c9eec1
--- /dev/null
+++ b/config/chroot_local-patches/Desktop-Notify:_0002-support_hints.patch
@@ -0,0 +1,59 @@
+From fc56108b83af0e4966ad615730d09e9bc11b865c Mon Sep 17 00:00:00 2001
+From: intrigeri <intrigeri@boum.org>
+Date: Mon, 9 Mar 2015 00:46:12 +0000
+Subject: [PATCH 2/2] Add support for passing hints to the notification server.
+
+---
+ lib/Desktop/Notify/Notification.pm | 15 ++++++++-------
+ 1 file changed, 8 insertions(+), 7 deletions(-)
+
+diff --git a/lib/Desktop/Notify/Notification.pm b/lib/Desktop/Notify/Notification.pm
+index e7710e8..0ac09cb 100644
+--- a/usr/share/perl5/Desktop/Notify/Notification.pm
++++ b/usr/share/perl5/Desktop/Notify/Notification.pm
+@@ -60,6 +60,7 @@ sub new {
+ $self->{server} = $server;
+ $self->{id} = undef;
+ $self->{actions} ||= {};
++ $self->{hints} ||= {};
+ bless $self, $class;
+ }
+
+@@ -83,7 +84,7 @@ sub show {
+ $self->{summary},
+ $self->{body},
+ [%{$self->{actions}}],
+- {},
++ $self->{hints},
+ $self->{timeout} || 0,
+ );
+ $self->{server}->_register_notification($self);
+@@ -135,6 +136,12 @@ element in the list is the localized string that will be displayed to the user.
+ A user-specified function to be called whenever an action is invoked can be
+ specified with L<Desktop::Notify>'s L<action_callback> method.
+
++=item hints
++
++Optional hints that can be passed to the server from the client program.
++
++=back
++
+ =item timeout
+
+ The timeout time in milliseconds since the display of the notification at which
+@@ -155,12 +162,6 @@ supported by L<Desktop::Notify> at this time
+
+ The optional program icon of the calling application.
+
+-=item hints
+-
+-Optional hints that can be passed to the server from the client program.
+-
+-=back
+-
+ =cut
+
+ 1; # End of Desktop::Notify::Notification
+--
+2.1.4
+
diff --git a/config/chroot_local-patches/apparmor-adjust-cupsd-profile.diff b/config/chroot_local-patches/apparmor-adjust-cupsd-profile.diff
new file mode 100644
index 0000000..9052983
--- /dev/null
+++ b/config/chroot_local-patches/apparmor-adjust-cupsd-profile.diff
@@ -0,0 +1,39 @@
+--- a/etc/apparmor.d/usr.sbin.cupsd 2014-11-16 20:48:15.320000000 +0000
++++ b/etc/apparmor.d/usr.sbin.cupsd 2014-11-16 21:13:34.248000000 +0000
+@@ -4,7 +4,7 @@
+
+ #include <tunables/global>
+
+-/usr/sbin/cupsd {
++/usr/sbin/cupsd flags=(attach_disconnected) {
+ #include <abstractions/base>
+ #include <abstractions/bash>
+ #include <abstractions/authentication>
+@@ -113,12 +113,12 @@
+ /var/{cache,lib}/samba/printing/printers.tdb r,
+ /{,var/}run/cups/ rw,
+ /{,var/}run/cups/** rw,
+- /var/cache/cups/ rw,
+- /var/cache/cups/** rwk,
+- /var/log/cups/ rw,
+- /var/log/cups/* rw,
+- /var/spool/cups/ rw,
+- /var/spool/cups/** rw,
++ /{,lib/live/mount/overlay/}var/cache/cups/ rw,
++ /{,lib/live/mount/overlay/}var/cache/cups/** rwk,
++ /{,lib/live/mount/overlay/}var/log/cups/ rw,
++ /{,lib/live/mount/overlay/}var/log/cups/* rw,
++ /{,lib/live/mount/overlay/}var/spool/cups/ rw,
++ /{,lib/live/mount/overlay/}var/spool/cups/** rw,
+
+ # third-party printer drivers; no known structure here
+ /opt/** rix,
+@@ -186,6 +186,6 @@
+ /usr/lib/ghostscript/** mr,
+ /usr/share/** r,
+ /var/log/cups/cups-pdf_log w,
+- /var/spool/cups/** r,
+- /var/spool/cups-pdf/** rw,
++ /{,lib/live/mount/overlay/}var/spool/cups/** r,
++ /{,lib/live/mount/overlay/}var/spool/cups-pdf/** rw,
+ }
diff --git a/config/chroot_local-patches/cupsd-IPv4_only.patch b/config/chroot_local-patches/cupsd-IPv4_only.patch
index 548f295..7a77dca 100644
--- a/config/chroot_local-patches/cupsd-IPv4_only.patch
+++ b/config/chroot_local-patches/cupsd-IPv4_only.patch
@@ -1,7 +1,7 @@
---- chroot.orig/etc/cups/cupsd.conf 2012-05-13 11:48:30.860005431 +0000
-+++ chroot/etc/cups/cupsd.conf 2012-05-13 11:48:38.600005570 +0000
-@@ -17,7 +17,7 @@
-
+--- a/etc/cups/cupsd.conf 2014-11-26 17:12:25.000000000 +0000
++++ b/etc/cups/cupsd.conf 2014-11-26 17:13:35.000000000 +0000
+@@ -13,7 +13,7 @@
+ MaxLogSize 0
# Only listen for connections from the local machine.
-Listen localhost:631
diff --git a/config/chroot_local-patches/disable_kexec_initscript.diff b/config/chroot_local-patches/disable_kexec_initscript.diff
deleted file mode 100644
index 6f84b6b..0000000
--- a/config/chroot_local-patches/disable_kexec_initscript.diff
+++ /dev/null
@@ -1,8 +0,0 @@
-Tails specific: we provide our own tails-kexec initscript
-(more friendly to ejected CD/USB).
-
---- chroot.orig/etc/init.d/kexec 2012-09-24 10:05:13.065048881 +0200
-+++ chroot/etc/init.d/kexec 2012-09-24 10:03:30.638108333 +0200
-@@ -8,1 +8,1 @@
--# Default-Stop: 6
-+# Default-Stop:
diff --git a/config/chroot_local-patches/do_not_run_plymouth_on_shutdown.diff b/config/chroot_local-patches/do_not_run_plymouth_on_shutdown.diff
deleted file mode 100644
index a64ad00..0000000
--- a/config/chroot_local-patches/do_not_run_plymouth_on_shutdown.diff
+++ /dev/null
@@ -1,14 +0,0 @@
---- chroot.orig/etc/init.d/plymouth 2012-06-30 10:31:21.000000000 +0000
-+++ chroot/etc/init.d/plymouth 2013-01-10 10:45:41.234167902 +0000
-@@ -5,9 +5,9 @@
- # Required-Start: udev $remote_fs $all
- # Required-Stop: $remote_fs
- # Should-Start: $x-display-manager
--# Should-Stop: $x-display-manager
-+# Should-Stop:
- # Default-Start: 2 3 4 5
--# Default-Stop: 0 6
-+# Default-Stop:
- # Short-Description: Stop plymouth during boot and start it on shutdown
- ### END INIT INFO
-
diff --git a/config/chroot_local-patches/do_not_run_pulseaudio_initscript.diff b/config/chroot_local-patches/do_not_run_pulseaudio_initscript.diff
deleted file mode 100644
index fa8a131..0000000
--- a/config/chroot_local-patches/do_not_run_pulseaudio_initscript.diff
+++ /dev/null
@@ -1,13 +0,0 @@
---- chroot.orig/etc/init.d/pulseaudio 2013-04-24 19:46:38.000000000 +0000
-+++ chroot/etc/init.d/pulseaudio 2014-10-12 19:24:46.242884000 +0000
-@@ -5,8 +5,8 @@
- # Required-Stop: $remote_fs $syslog
- # Should-Start: udev network-manager
- # Should-Stop: udev network-manager
--# Default-Start: 2 3 4 5
--# Default-Stop: 0 1 6
-+# Default-Start:
-+# Default-Stop:
- # Short-Description: Start the PulseAudio sound server
- # Description: System mode startup script for
- # the PulseAudio sound server.
diff --git a/config/chroot_local-patches/do_not_save_mixer_levels_on_shutdown.diff b/config/chroot_local-patches/do_not_save_mixer_levels_on_shutdown.diff
deleted file mode 100644
index ee279a3..0000000
--- a/config/chroot_local-patches/do_not_save_mixer_levels_on_shutdown.diff
+++ /dev/null
@@ -1,7 +0,0 @@
-Tails specific: we are amnesic, no need to save mixer levels on shutdown.
-
---- chroot.orig/etc/init.d/alsa-utils 2012-09-24 10:05:12.749039812 +0200
-+++ chroot/etc/init.d/alsa-utils 2012-09-24 10:47:23.717869294 +0200
-@@ -10,1 +10,1 @@
--# Default-Stop: 0 1 6
-+# Default-Stop:
diff --git a/config/chroot_local-patches/do_not_start_network-manager_on_boot.diff b/config/chroot_local-patches/do_not_start_network-manager_on_boot.diff
deleted file mode 100644
index d505320..0000000
--- a/config/chroot_local-patches/do_not_start_network-manager_on_boot.diff
+++ /dev/null
@@ -1,10 +0,0 @@
-Tails specific: we start NetworkManager ourselves, via tails-greeter, at
-PostLogin time.
-
---- chroot.orig/etc/init.d/network-manager 2012-09-24 10:05:13.157051525 +0200
-+++ chroot/etc/init.d/network-manager 2012-09-24 10:03:30.638108333 +0200
-@@ -8,2 +8,2 @@
--# Default-Start: 2 3 4 5
-+# Default-Start:
--# Default-Stop: 0 1 6
-+# Default-Stop: 0 1 6 2 3 4 5
diff --git a/config/chroot_local-patches/gdm-background.diff b/config/chroot_local-patches/gdm-background.diff
deleted file mode 100644
index e1d43a9..0000000
--- a/config/chroot_local-patches/gdm-background.diff
+++ /dev/null
@@ -1,13 +0,0 @@
---- chroot.orig/etc/gdm3/greeter.gsettings 2014-05-11 21:58:13.547765234 +0200
-+++ chroot/etc/gdm3/greeter.gsettings 2014-05-11 22:00:46.493721796 +0200
-@@ -17,6 +17,10 @@
- # picture-options='none'
- # primary-color='#000000'
-
-+[org.gnome.desktop.background]
-+picture-options='none'
-+primary-color='#204A87'
-+
- # Greeter session choice
- # ======================
- # Use 'gdm-shell' for the GNOME Shell version.
diff --git a/config/chroot_local-patches/remount_persistence_filesystem_readonly_on_shutdown.patch b/config/chroot_local-patches/remount_persistence_filesystem_readonly_on_shutdown.patch
index 6e3c12a..1d895de 100644
--- a/config/chroot_local-patches/remount_persistence_filesystem_readonly_on_shutdown.patch
+++ b/config/chroot_local-patches/remount_persistence_filesystem_readonly_on_shutdown.patch
@@ -1,7 +1,7 @@
-diff --git a/bin/boot-init.sh b/bin/boot-init.sh
+diff --git a/bin/live-medium-cache b/bin/live-medium-cache
index f85b2b2..fec1496 100755
---- a/lib/live/boot-init.sh
-+++ b/lib/live/boot-init.sh
+--- a/bin/live-medium-cache
++++ b/bin/live-medium-cache
@@ -161,7 +161,7 @@ done
mount -o remount,ro /lib/live/mount/overlay > /dev/null 2>&1
diff --git a/config/chroot_local-patches/run_kexec-load_even_in_emergency_shutdown.diff b/config/chroot_local-patches/run_kexec-load_even_in_emergency_shutdown.diff
new file mode 100644
index 0000000..2de8efb
--- /dev/null
+++ b/config/chroot_local-patches/run_kexec-load_even_in_emergency_shutdown.diff
@@ -0,0 +1,17 @@
+--- a/etc/init.d/kexec-load 2014-12-01 20:23:12.826065938 +0100
++++ b/etc/init.d/kexec-load 2014-12-01 20:23:31.389572352 +0100
+@@ -101,14 +101,6 @@
+ exit 3
+ ;;
+ stop)
+- # If running systemd, we want kexec reboot only if current
+- # command is reboot
+- if [ -d /run/systemd/system ]; then
+- systemctl list-jobs systemd-reboot.service | grep -q systemd-reboot.service
+- if [ $? -ne 0 ]; then
+- exit 0
+- fi
+- fi
+ do_stop
+ ;;
+ *)
diff --git a/config/chroot_local-patches/run_t-p-s_as_its_dedicated_user.diff b/config/chroot_local-patches/run_t-p-s_as_its_dedicated_user.diff
index 9071065..944e9b6 100644
--- a/config/chroot_local-patches/run_t-p-s_as_its_dedicated_user.diff
+++ b/config/chroot_local-patches/run_t-p-s_as_its_dedicated_user.diff
@@ -1,21 +1,19 @@
-diff -Naur chroot.orig/usr/share/applications/tails-persistence-delete.desktop chroot/usr/share/applications/tails-persistence-delete.desktop
---- chroot.orig/usr/share/applications/tails-persistence-delete.desktop 2013-06-10 14:31:23.092537529 +0200
-+++ chroot/usr/share/applications/tails-persistence-delete.desktop 2013-06-10 14:32:07.029151302 +0200
-@@ -5,7 +5,7 @@
- Comment=Delete the persistent volume and its content
+--- a/usr/share/applications/tails-persistence-delete.desktop 2014-10-15 15:26:55.000000000 +0000
++++ b/usr/share/applications/tails-persistence-delete.desktop 2014-11-26 17:13:35.000000000 +0000
+@@ -7,7 +7,7 @@
Comment[fr]=Supprimer le volume de stockage persistant et son contenu
+ Comment[sv]=Ta bort den bestående lagringen och allt sparat i den
Icon=tails-persistence-setup.png
-Exec=tails-persistence-setup --step delete
+Exec=/usr/local/bin/tails-delete-persistent-volume
Terminal=false
Categories=System;Tails;
StartupNotify=false
-diff -Naur chroot.orig/usr/share/applications/tails-persistence-setup.desktop chroot/usr/share/applications/tails-persistence-setup.desktop
---- chroot.orig/usr/share/applications/tails-persistence-setup.desktop 2013-06-10 14:30:53.880129123 +0200
-+++ chroot/usr/share/applications/tails-persistence-setup.desktop 2013-06-10 14:32:00.377058414 +0200
-@@ -5,7 +5,7 @@
- Comment=Configure which files and application configuration are saved between working sessions
+--- a/usr/share/applications/tails-persistence-setup.desktop 2014-10-15 15:26:55.000000000 +0000
++++ b/usr/share/applications/tails-persistence-setup.desktop 2014-11-26 17:13:35.000000000 +0000
+@@ -7,7 +7,7 @@
Comment[fr]=Configurer quelles données, et la configuration de quelles applications, sont conservées d'un démarrage à l'autre
+ Comment[sv]=Välj vilka filer och programinställningar som ska sparas mellan omstarter av systemet
Icon=tails-persistence-setup.png
-Exec=tails-persistence-setup
+Exec=/usr/local/bin/tails-persistence-setup
diff --git a/config/chroot_local-patches/start_AppArmor_earlier.diff b/config/chroot_local-patches/start_AppArmor_earlier.diff
new file mode 100644
index 0000000..147e53f
--- /dev/null
+++ b/config/chroot_local-patches/start_AppArmor_earlier.diff
@@ -0,0 +1,14 @@
+--- a/etc/init.d/apparmor 2014-11-26 13:28:03.932000000 +0000
++++ b/etc/init.d/apparmor 2014-11-26 13:28:41.776000000 +0000
+@@ -24,9 +24,9 @@
+ #
+ ### BEGIN INIT INFO
+ # Provides: apparmor
+-# Required-Start: $remote_fs
++# Required-Start:
+ # Required-Stop: umountfs
+-# Default-Start: S
++# Default-Start: 2 3 4 5
+ # Default-Stop:
+ # Short-Description: AppArmor initialization
+ # Description: AppArmor init script. This script loads all AppArmor profiles.
diff --git a/config/chroot_local-patches/torsocks_claws-mail.diff b/config/chroot_local-patches/torsocks_claws-mail.diff
index e5bb9ce..18d6cee 100644
--- a/config/chroot_local-patches/torsocks_claws-mail.diff
+++ b/config/chroot_local-patches/torsocks_claws-mail.diff
@@ -1,12 +1,11 @@
-diff -Naur chroot.orig/usr/share/applications/claws-mail.desktop chroot/usr/share/applications/claws-mail.desktop
---- chroot.orig/usr/share/applications/claws-mail.desktop 2012-04-29 17:10:07.545617045 +0200
-+++ chroot/usr/share/applications/claws-mail.desktop 2012-04-29 17:10:25.613908607 +0200
-@@ -15,7 +15,7 @@
- GenericName[pl]=Program poczty elektronicznej
+--- a/usr/share/applications/claws-mail.desktop 2014-10-28 00:50:16.000000000 +0000
++++ b/usr/share/applications/claws-mail.desktop 2014-11-26 17:13:35.000000000 +0000
+@@ -16,7 +16,7 @@
GenericName[pt-br]=Cliente de e-mail
GenericName[sk]=Poštový klient
+ GenericName[sv]=E-postklient
-Exec=claws-mail %u
+Exec=/usr/local/bin/torified-claws-mail
Icon=claws-mail
- Categories=GTK;Network;Email;
- Comment=Lightweight and Fast GTK+ based Mail Client
+ Categories=Network;Email;
+ Keywords=lightweight;fast;gui;extensible;plugin;pop;pop3;imap;imap4;nntp;news;
diff --git a/config/chroot_local-patches/torsocks_gobby-0.5.patch b/config/chroot_local-patches/torsocks_gobby-0.5.patch
index e801ec9..11dae6f 100644
--- a/config/chroot_local-patches/torsocks_gobby-0.5.patch
+++ b/config/chroot_local-patches/torsocks_gobby-0.5.patch
@@ -1,12 +1,12 @@
diff -Naur chroot.orig/usr/share/applications/gobby-0.5.desktop chroot/usr/share/applications/gobby-0.5.desktop
---- chroot.orig/usr/share/applications/gobby-0.5.desktop 2012-04-29 17:28:05.351879889 +0200
-+++ chroot/usr/share/applications/gobby-0.5.desktop 2012-04-29 17:28:19.656123299 +0200
-@@ -23,7 +23,7 @@
- Comment[en_GB]=Edit text files collaboratively
- Comment[fr]=Éditer des fichiers texte de manière collaborative
+--- chroot.orig/usr/share/applications/gobby-0.5.desktop 2014-09-08 13:21:27.923930066 +0000
++++ chroot/usr/share/applications/gobby-0.5.desktop 2014-09-08 13:21:41.183929665 +0000
+@@ -30,7 +30,7 @@
Comment[ja]=テキストを共同作業で編集する
--Exec=gobby-0.5
-+Exec=torsocks gobby-0.5
+ Comment[pt_BR]=Editar arquivos de texto de forma colaborativa
+ Comment[zh_TW]=共同編輯文字檔
+-Exec=gobby-0.5 %F
++Exec=torsocks gobby-0.5 %F
Terminal=false
Type=Application
Icon=gobby-0.5
diff --git a/config/chroot_local-patches/torsocks_liferea.patch b/config/chroot_local-patches/torsocks_liferea.patch
index 41921cc..0452115 100644
--- a/config/chroot_local-patches/torsocks_liferea.patch
+++ b/config/chroot_local-patches/torsocks_liferea.patch
@@ -1,9 +1,9 @@
---- a/usr/share/applications/liferea.desktop 2015-02-15 12:58:23.564000000 +0000
-+++ b/usr/share/applications/liferea.desktop 2015-02-15 12:58:40.708000000 +0000
-@@ -124,7 +124,7 @@
- Comment[tr]=Haber kaynaklarını indir ve görüntüle
- Comment[uk]=Звантаження і перегляд подач
- Comment[zh_CN]=下载并查看 Feed
+--- a/usr/share/applications/liferea.desktop.orig 2015-02-26 10:14:36.644624000 +0000
++++ b/usr/share/applications/liferea.desktop 2015-02-26 10:16:50.216626591 +0000
+@@ -118,7 +118,7 @@
+ Keywords=news;feed;aggregator;blog;podcast;
+ Keywords[ar]=أخبار;تلقيمات;مدونة;تدوين;
+ Keywords[he]=חדשות;ערוץ;הזנה;פיד;מאגד;בלוג;פודקסט;
-Exec=liferea
+Exec=torsocks liferea
Icon=liferea
diff --git a/config/chroot_local-patches/torsocks_seahorse.patch b/config/chroot_local-patches/torsocks_seahorse.patch
index 6fb7df3..34ccf6a 100644
--- a/config/chroot_local-patches/torsocks_seahorse.patch
+++ b/config/chroot_local-patches/torsocks_seahorse.patch
@@ -1,12 +1,11 @@
--- a/usr/share/applications/seahorse.desktop.orig 2013-06-29 22:38:31.433341106 +0000
+++ b/usr/share/applications/seahorse.desktop 2013-06-29 22:38:45.473340324 +0000
-@@ -114,7 +114,7 @@
- Comment[zh_CN]=管理您的密码和加密密钥
- Comment[zh_HK]=管理密碼及密碼匙
- Comment[zh_TW]=管理密碼及金鑰
+@@ -164,7 +164,7 @@
+ Keywords[zh_CN]=密钥环;加密;安全;签名;密码;keyring;encryption;security;sign;ssh;
+ Keywords[zh_HK]=keyring;encryption;security;sign;ssh;密碼匙;加密;安全;簽署;
+ Keywords[zh_TW]=keyring;encryption;security;sign;ssh;金鑰;加密;安全;簽署;
-Exec=/usr/bin/seahorse
+Exec=torsocks /usr/bin/seahorse
Terminal=false
Type=Application
Icon=seahorse
-
diff --git a/config/chroot_local-patches/unmute_alsa_channels.patch b/config/chroot_local-patches/unmute_alsa_channels.patch
deleted file mode 100644
index 9af1cf7..0000000
--- a/config/chroot_local-patches/unmute_alsa_channels.patch
+++ /dev/null
@@ -1,13 +0,0 @@
---- chroot.orig/etc/init.d/alsa-utils 2010-10-04 18:14:10.000000000 +0000
-+++ chroot/etc/init.d/alsa-utils 2012-03-12 13:49:11.815997232 +0000
-@@ -206,5 +206,10 @@
- # On MacBookPro5,3 and later models (See Bug#597791)
- unmute_and_set_level "Front Speaker" "80%"
-+ # On MacBook5,2 models (See Bug#602973)
-+ unmute_and_set_level "LFE" "80%"
-
-+ # On Intel 82801H (See Bug#603550)
-+ unmute_and_set_level "Speaker" "80%"
-+
- return 0
- }
diff --git a/config/chroot_local-patches/wrap_pidgin.patch b/config/chroot_local-patches/wrap_pidgin.patch
index 3b8c195..c4b800e 100644
--- a/config/chroot_local-patches/wrap_pidgin.patch
+++ b/config/chroot_local-patches/wrap_pidgin.patch
@@ -1,8 +1,7 @@
-diff -Naur chroot.orig/usr/share/applications/pidgin.desktop chroot/usr/share/applications/pidgin.desktop
---- chroot.orig/usr/share/applications/pidgin.desktop 2013-05-22 10:08:45.200957521 +0200
-+++ chroot/usr/share/applications/pidgin.desktop 2013-05-22 10:10:13.505870359 +0200
-@@ -159,7 +159,7 @@
- Comment[vi]=Trò chuyện qua mạng tin nhắn tức khắc: hỗ trợ AIM, Google Talk, Jabber/XMPP, MSN, Yahoo và nhiều mạng khác
+--- a/usr/share/applications/pidgin.desktop 2014-11-14 11:07:14.000000000 +0000
++++ b/usr/share/applications/pidgin.desktop 2014-11-26 17:13:35.000000000 +0000
+@@ -183,7 +183,7 @@
+ Comment[zh_CN]=互联网通讯程序。 支持 AIM、Google Talk、Jabber/XMPP、MSN、Yahoo 和更多
Comment[zh_HK]=讓你可以透過即時通訊與好友聊天,支援 AIM、Google Talk、Jabber/XMPP、MSN、Yahoo 等等
Comment[zh_TW]=讓您可以透過即時通訊與好友聊天,支援 AIM、Google Talk、Jabber/XMPP、MSN、Yahoo 等等
-Exec=pidgin
diff --git a/config/chroot_local-patches/zenity-fix-whitespacing-box-sizes.diff b/config/chroot_local-patches/zenity-fix-whitespacing-box-sizes.diff
deleted file mode 100644
index 4400421..0000000
--- a/config/chroot_local-patches/zenity-fix-whitespacing-box-sizes.diff
+++ /dev/null
@@ -1,199 +0,0 @@
---- a/usr/share/zenity/zenity.ui
-+++ b/usr/share/zenity/zenity.ui
-@@ -1,6 +1,6 @@
- <?xml version="1.0" encoding="UTF-8"?>
- <interface>
-- <!-- interface-requires gtk+ 2.6 -->
-+ <!-- interface-requires gtk+ 3.0 -->
- <object class="GtkAdjustment" id="adjustment1">
- <property name="upper">100</property>
- <property name="step_increment">1</property>
-@@ -27,6 +27,7 @@
- <child>
- <object class="GtkButton" id="zenity_calendar_cancel_button">
- <property name="label">gtk-cancel</property>
-+ <property name="use_action_appearance">False</property>
- <property name="visible">True</property>
- <property name="can_focus">True</property>
- <property name="can_default">True</property>
-@@ -43,6 +44,7 @@
- <child>
- <object class="GtkButton" id="zenity_calendar_ok_button">
- <property name="label">gtk-ok</property>
-+ <property name="use_action_appearance">False</property>
- <property name="visible">True</property>
- <property name="can_focus">True</property>
- <property name="has_focus">True</property>
-@@ -161,6 +163,7 @@
- <child>
- <object class="GtkButton" id="zenity_entry_cancel_button">
- <property name="label">gtk-cancel</property>
-+ <property name="use_action_appearance">False</property>
- <property name="visible">True</property>
- <property name="can_focus">True</property>
- <property name="can_default">True</property>
-@@ -177,6 +180,7 @@
- <child>
- <object class="GtkButton" id="zenity_entry_ok_button">
- <property name="label">gtk-ok</property>
-+ <property name="use_action_appearance">False</property>
- <property name="visible">True</property>
- <property name="can_focus">True</property>
- <property name="can_default">True</property>
-@@ -268,6 +272,7 @@
- <child>
- <object class="GtkButton" id="zenity_error_ok_button">
- <property name="label">gtk-ok</property>
-+ <property name="use_action_appearance">False</property>
- <property name="visible">True</property>
- <property name="can_focus">True</property>
- <property name="can_default">True</property>
-@@ -323,6 +328,7 @@
- <property name="use_markup">True</property>
- <property name="wrap">True</property>
- <property name="selectable">True</property>
-+ <property name="ellipsize">start</property>
- </object>
- <packing>
- <property name="expand">False</property>
-@@ -367,6 +373,7 @@
- <child>
- <object class="GtkButton" id="zenity_forms_cancel_button">
- <property name="label">gtk-cancel</property>
-+ <property name="use_action_appearance">False</property>
- <property name="visible">True</property>
- <property name="can_focus">True</property>
- <property name="receives_default">True</property>
-@@ -382,6 +389,7 @@
- <child>
- <object class="GtkButton" id="zenity_forms_ok_button">
- <property name="label">gtk-ok</property>
-+ <property name="use_action_appearance">False</property>
- <property name="visible">True</property>
- <property name="can_focus">True</property>
- <property name="receives_default">True</property>
-@@ -427,6 +435,12 @@
- <child>
- <placeholder/>
- </child>
-+ <child>
-+ <placeholder/>
-+ </child>
-+ <child>
-+ <placeholder/>
-+ </child>
- </object>
- </child>
- </object>
-@@ -473,6 +487,7 @@
- <child>
- <object class="GtkButton" id="zenity_info_ok_button">
- <property name="label">gtk-ok</property>
-+ <property name="use_action_appearance">False</property>
- <property name="visible">True</property>
- <property name="can_focus">True</property>
- <property name="can_default">True</property>
-@@ -523,6 +538,7 @@
- <property name="use_markup">True</property>
- <property name="wrap">True</property>
- <property name="selectable">True</property>
-+ <property name="ellipsize">start</property>
- </object>
- <packing>
- <property name="expand">False</property>
-@@ -563,6 +579,7 @@
- <child>
- <object class="GtkButton" id="zenity_progress_cancel_button">
- <property name="label">gtk-cancel</property>
-+ <property name="use_action_appearance">False</property>
- <property name="visible">True</property>
- <property name="can_focus">True</property>
- <property name="can_default">True</property>
-@@ -579,6 +596,7 @@
- <child>
- <object class="GtkButton" id="zenity_progress_ok_button">
- <property name="label">gtk-ok</property>
-+ <property name="use_action_appearance">False</property>
- <property name="visible">True</property>
- <property name="sensitive">False</property>
- <property name="can_focus">True</property>
-@@ -703,6 +721,7 @@
- <property name="use_markup">True</property>
- <property name="wrap">True</property>
- <property name="selectable">True</property>
-+ <property name="ellipsize">start</property>
- </object>
- <packing>
- <property name="expand">False</property>
-@@ -741,6 +760,7 @@
- <child>
- <object class="GtkButton" id="zenity_scale_cancel_button">
- <property name="label">gtk-cancel</property>
-+ <property name="use_action_appearance">False</property>
- <property name="visible">True</property>
- <property name="can_focus">True</property>
- <property name="can_default">True</property>
-@@ -757,6 +777,7 @@
- <child>
- <object class="GtkButton" id="zenity_scale_ok_button">
- <property name="label">gtk-ok</property>
-+ <property name="use_action_appearance">False</property>
- <property name="visible">True</property>
- <property name="can_focus">True</property>
- <property name="can_default">True</property>
-@@ -849,6 +870,7 @@
- <child>
- <object class="GtkButton" id="zenity_text_cancel_button">
- <property name="label">gtk-cancel</property>
-+ <property name="use_action_appearance">False</property>
- <property name="visible">True</property>
- <property name="can_focus">True</property>
- <property name="receives_default">False</property>
-@@ -864,6 +886,7 @@
- <child>
- <object class="GtkButton" id="zenity_text_close_button">
- <property name="label">gtk-ok</property>
-+ <property name="use_action_appearance">False</property>
- <property name="visible">True</property>
- <property name="can_focus">True</property>
- <property name="can_default">True</property>
-@@ -918,6 +941,7 @@
- </child>
- <child>
- <object class="GtkCheckButton" id="zenity_text_checkbox">
-+ <property name="use_action_appearance">False</property>
- <property name="can_focus">True</property>
- <property name="receives_default">False</property>
- <property name="use_action_appearance">False</property>
-@@ -965,6 +989,7 @@
- <child>
- <object class="GtkButton" id="zenity_tree_cancel_button">
- <property name="label">gtk-cancel</property>
-+ <property name="use_action_appearance">False</property>
- <property name="visible">True</property>
- <property name="can_focus">True</property>
- <property name="can_default">True</property>
-@@ -981,6 +1006,7 @@
- <child>
- <object class="GtkButton" id="zenity_tree_ok_button">
- <property name="label">gtk-ok</property>
-+ <property name="use_action_appearance">False</property>
- <property name="visible">True</property>
- <property name="can_focus">True</property>
- <property name="can_default">True</property>
-@@ -1078,6 +1104,7 @@
- <child>
- <object class="GtkButton" id="zenity_warning_ok_button">
- <property name="label">gtk-ok</property>
-+ <property name="use_action_appearance">False</property>
- <property name="visible">True</property>
- <property name="can_focus">True</property>
- <property name="has_focus">True</property>
-@@ -1130,6 +1157,7 @@
- <property name="use_markup">True</property>
- <property name="wrap">True</property>
- <property name="selectable">True</property>
-+ <property name="ellipsize">start</property>
- </object>
- <packing>
- <property name="expand">False</property>
diff --git a/config/chroot_sources/jessie-backports.binary b/config/chroot_sources/jessie-backports.binary
new file mode 120000
index 0000000..1df23c8
--- /dev/null
+++ b/config/chroot_sources/jessie-backports.binary
@@ -0,0 +1 @@
+jessie-backports.chroot \ No newline at end of file
diff --git a/config/chroot_sources/jessie-backports.chroot b/config/chroot_sources/jessie-backports.chroot
new file mode 100644
index 0000000..60015be
--- /dev/null
+++ b/config/chroot_sources/jessie-backports.chroot
@@ -0,0 +1 @@
+deb http://ftp.us.debian.org/debian/ jessie-backports main contrib non-free
diff --git a/config/chroot_sources/jessie-updates.binary b/config/chroot_sources/jessie-updates.binary
deleted file mode 120000
index 51a8e76..0000000
--- a/config/chroot_sources/jessie-updates.binary
+++ /dev/null
@@ -1 +0,0 @@
-jessie-updates.chroot \ No newline at end of file
diff --git a/config/chroot_sources/jessie-updates.chroot b/config/chroot_sources/jessie-updates.chroot
deleted file mode 100644
index 5ad1680..0000000
--- a/config/chroot_sources/jessie-updates.chroot
+++ /dev/null
@@ -1 +0,0 @@
-deb http://security.debian.org/ jessie/updates main contrib non-free
diff --git a/config/chroot_sources/jessie.binary b/config/chroot_sources/jessie.binary
deleted file mode 120000
index 945d62b..0000000
--- a/config/chroot_sources/jessie.binary
+++ /dev/null
@@ -1 +0,0 @@
-jessie.chroot \ No newline at end of file
diff --git a/config/chroot_sources/jessie.chroot b/config/chroot_sources/jessie.chroot
deleted file mode 100644
index b7f9385..0000000
--- a/config/chroot_sources/jessie.chroot
+++ /dev/null
@@ -1 +0,0 @@
-deb http://ftp.us.debian.org/debian/ jessie main contrib non-free
diff --git a/config/chroot_sources/torproject.chroot b/config/chroot_sources/torproject.chroot
index c1091e8..5354da0 100644
--- a/config/chroot_sources/torproject.chroot
+++ b/config/chroot_sources/torproject.chroot
@@ -1,2 +1,2 @@
-deb http://deb.torproject.org/torproject.org wheezy main
+deb http://deb.torproject.org/torproject.org jessie main
deb http://deb.torproject.org/torproject.org sid main
diff --git a/config/chroot_sources/wheezy-backports.binary b/config/chroot_sources/wheezy-backports.binary
deleted file mode 120000
index 37eb0a5..0000000
--- a/config/chroot_sources/wheezy-backports.binary
+++ /dev/null
@@ -1 +0,0 @@
-wheezy-backports.chroot \ No newline at end of file
diff --git a/config/chroot_sources/wheezy-backports.chroot b/config/chroot_sources/wheezy-backports.chroot
deleted file mode 100644
index 06d3ade..0000000
--- a/config/chroot_sources/wheezy-backports.chroot
+++ /dev/null
@@ -1 +0,0 @@
-deb http://ftp.us.debian.org/debian/ wheezy-backports main contrib non-free
diff --git a/features/apt.feature b/features/apt.feature
index 0aa70ed..bcd664b 100644
--- a/features/apt.feature
+++ b/features/apt.feature
@@ -22,9 +22,9 @@ Feature: Installing packages through APT
Then the only hosts in APT sources are "ftp.us.debian.org,security.debian.org,backports.debian.org,deb.tails.boum.org,deb.torproject.org,mozilla.debian.net"
@check_tor_leaks
- Scenario: Install packages using apt-get
- When I update APT using apt-get
- Then I should be able to install a package using apt-get
+ Scenario: Install packages using apt
+ When I update APT using apt
+ Then I should be able to install a package using apt
@check_tor_leaks
Scenario: Install packages using Synaptic
diff --git a/features/checks.feature b/features/checks.feature
index ce2938f..182c198 100644
--- a/features/checks.feature
+++ b/features/checks.feature
@@ -10,13 +10,10 @@ Feature: Various checks
Then AppArmor is enabled
And some AppArmor profiles are enforced
- Scenario: GNOME Screenshot has a sane default save directory
- Then GNOME Screenshot is configured to save files to the live user's home directory
-
- Scenario: GNOME Screenshot takes a screenshot when the PRINTSCREEN key is pressed
- Given there is no screenshot in the live user's home directory
+ Scenario: A screenshot is taken when the PRINTSCREEN key is pressed
+ Given there is no screenshot in the live user's Pictures directory
When I press the "PRINTSCREEN" key
- Then a screenshot is saved to the live user's home directory
+ Then a screenshot is saved to the live user's Pictures directory
Scenario: VirtualBox guest modules are available
When Tails has booted a 64-bit kernel
@@ -37,7 +34,7 @@ Feature: Various checks
Scenario: The live user is setup correctly
Then the live user has been setup by live-boot
- And the live user is a member of only its own group and "audio cdrom dialout floppy video plugdev netdev fuse scanner lp lpadmin vboxsf"
+ And the live user is a member of only its own group and "audio cdrom dialout floppy video plugdev netdev scanner lp lpadmin vboxsf"
And the live user owns its home dir and it has normal permissions
Scenario: No initial network
diff --git a/features/domains/default.xml b/features/domains/default.xml
index 50bb3c0..2201012 100644
--- a/features/domains/default.xml
+++ b/features/domains/default.xml
@@ -12,6 +12,7 @@
<apic/>
<pae/>
</features>
+ <cpu mode='host-model'/>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
diff --git a/features/images/CupsTestPage.png b/features/images/CupsTestPage.png
index 25b6087..294374b 100644
--- a/features/images/CupsTestPage.png
+++ b/features/images/CupsTestPage.png
Binary files differ
diff --git a/features/images/EvincePrintButton.png b/features/images/EvincePrintButton.png
new file mode 100644
index 0000000..1d6180b
--- /dev/null
+++ b/features/images/EvincePrintButton.png
Binary files differ
diff --git a/features/images/EvincePrintDialog.png b/features/images/EvincePrintDialog.png
index 89584a2..69ff470 100644
--- a/features/images/EvincePrintDialog.png
+++ b/features/images/EvincePrintDialog.png
Binary files differ
diff --git a/features/images/EvincePrintFileDialog.png b/features/images/EvincePrintFileDialog.png
new file mode 100644
index 0000000..e1628b6
--- /dev/null
+++ b/features/images/EvincePrintFileDialog.png
Binary files differ
diff --git a/features/images/EvincePrintOutputFile.png b/features/images/EvincePrintOutputFile.png
deleted file mode 100644
index 6b73d84..0000000
--- a/features/images/EvincePrintOutputFile.png
+++ /dev/null
Binary files differ
diff --git a/features/images/EvincePrintOutputFileButton.png b/features/images/EvincePrintOutputFileButton.png
new file mode 100644
index 0000000..0baad51
--- /dev/null
+++ b/features/images/EvincePrintOutputFileButton.png
Binary files differ
diff --git a/features/images/EvincePrintOutputFileSelected.png b/features/images/EvincePrintOutputFileSelected.png
deleted file mode 100644
index fc75318..0000000
--- a/features/images/EvincePrintOutputFileSelected.png
+++ /dev/null
Binary files differ
diff --git a/features/images/EvinceUnableToOpen.png b/features/images/EvinceUnableToOpen.png
index efdcff8..61c8c9b 100644
--- a/features/images/EvinceUnableToOpen.png
+++ b/features/images/EvinceUnableToOpen.png
Binary files differ
diff --git a/features/images/GeditWindow.png b/features/images/GeditWindow.png
index d09873d..2f4a1e2 100644
--- a/features/images/GeditWindow.png
+++ b/features/images/GeditWindow.png
Binary files differ
diff --git a/features/images/GnomeApplicationsAccessories.png b/features/images/GnomeApplicationsAccessories.png
index c7b1bd8..9c39fbe 100644
--- a/features/images/GnomeApplicationsAccessories.png
+++ b/features/images/GnomeApplicationsAccessories.png
Binary files differ
diff --git a/features/images/GnomeApplicationsConfigurePersistentVolume.png b/features/images/GnomeApplicationsConfigurePersistentVolume.png
index 25b4e06..2fc9a5c 100644
--- a/features/images/GnomeApplicationsConfigurePersistentVolume.png
+++ b/features/images/GnomeApplicationsConfigurePersistentVolume.png
Binary files differ
diff --git a/features/images/GnomeApplicationsDeletePersistentVolume.png b/features/images/GnomeApplicationsDeletePersistentVolume.png
index c76c20b..b65d8df 100644
--- a/features/images/GnomeApplicationsDeletePersistentVolume.png
+++ b/features/images/GnomeApplicationsDeletePersistentVolume.png
Binary files differ
diff --git a/features/images/GnomeApplicationsGedit.png b/features/images/GnomeApplicationsGedit.png
index 598a30f..cde0c8f 100644
--- a/features/images/GnomeApplicationsGedit.png
+++ b/features/images/GnomeApplicationsGedit.png
Binary files differ
diff --git a/features/images/GnomeApplicationsI2PBrowser.png b/features/images/GnomeApplicationsI2PBrowser.png
index 3b2a58e..4a2a8ea 100644
--- a/features/images/GnomeApplicationsI2PBrowser.png
+++ b/features/images/GnomeApplicationsI2PBrowser.png
Binary files differ
diff --git a/features/images/GnomeApplicationsInternet.png b/features/images/GnomeApplicationsInternet.png
index f38d8f9..61447c1 100644
--- a/features/images/GnomeApplicationsInternet.png
+++ b/features/images/GnomeApplicationsInternet.png
Binary files differ
diff --git a/features/images/GnomeApplicationsMenu.png b/features/images/GnomeApplicationsMenu.png
index 5a64c39..542a73f 100644
--- a/features/images/GnomeApplicationsMenu.png
+++ b/features/images/GnomeApplicationsMenu.png
Binary files differ
diff --git a/features/images/GnomeApplicationsPidgin.png b/features/images/GnomeApplicationsPidgin.png
index 72a88b5..b5a4d4c 100644
--- a/features/images/GnomeApplicationsPidgin.png
+++ b/features/images/GnomeApplicationsPidgin.png
Binary files differ
diff --git a/features/images/GnomeApplicationsSeahorse.png b/features/images/GnomeApplicationsSeahorse.png
index f1034f5..d740fe6 100644
--- a/features/images/GnomeApplicationsSeahorse.png
+++ b/features/images/GnomeApplicationsSeahorse.png
Binary files differ
diff --git a/features/images/GnomeApplicationsSoundVideo.png b/features/images/GnomeApplicationsSoundVideo.png
index 23328f0..1ddad6c 100644
--- a/features/images/GnomeApplicationsSoundVideo.png
+++ b/features/images/GnomeApplicationsSoundVideo.png
Binary files differ
diff --git a/features/images/GnomeApplicationsSynaptic.png b/features/images/GnomeApplicationsSynaptic.png
index 0d20711..7f46105 100644
--- a/features/images/GnomeApplicationsSynaptic.png
+++ b/features/images/GnomeApplicationsSynaptic.png
Binary files differ
diff --git a/features/images/GnomeApplicationsSystem.png b/features/images/GnomeApplicationsSystem.png
index 69b2daa..5037d5e 100644
--- a/features/images/GnomeApplicationsSystem.png
+++ b/features/images/GnomeApplicationsSystem.png
Binary files differ
diff --git a/features/images/GnomeApplicationsTails.png b/features/images/GnomeApplicationsTails.png
index 3653853..10c3101 100644
--- a/features/images/GnomeApplicationsTails.png
+++ b/features/images/GnomeApplicationsTails.png
Binary files differ
diff --git a/features/images/GnomeApplicationsTailsInstaller.png b/features/images/GnomeApplicationsTailsInstaller.png
index e377214..e41e070 100644
--- a/features/images/GnomeApplicationsTailsInstaller.png
+++ b/features/images/GnomeApplicationsTailsInstaller.png
Binary files differ
diff --git a/features/images/GnomeApplicationsTerminal.png b/features/images/GnomeApplicationsTerminal.png
index cc89a32..62dd716 100644
--- a/features/images/GnomeApplicationsTerminal.png
+++ b/features/images/GnomeApplicationsTerminal.png
Binary files differ
diff --git a/features/images/GnomeApplicationsTorBrowser.png b/features/images/GnomeApplicationsTorBrowser.png
index e7f0067..5fd4617 100644
--- a/features/images/GnomeApplicationsTorBrowser.png
+++ b/features/images/GnomeApplicationsTorBrowser.png
Binary files differ
diff --git a/features/images/GnomeApplicationsTotem.png b/features/images/GnomeApplicationsTotem.png
index 5382ce0..1a68646 100644
--- a/features/images/GnomeApplicationsTotem.png
+++ b/features/images/GnomeApplicationsTotem.png
Binary files differ
diff --git a/features/images/GnomeApplicationsUnsafeBrowser.png b/features/images/GnomeApplicationsUnsafeBrowser.png
index c8a2117..b93bdda 100644
--- a/features/images/GnomeApplicationsUnsafeBrowser.png
+++ b/features/images/GnomeApplicationsUnsafeBrowser.png
Binary files differ
diff --git a/features/images/GnomeApplicationsUtilities.png b/features/images/GnomeApplicationsUtilities.png
new file mode 100644
index 0000000..2fa5e0f
--- /dev/null
+++ b/features/images/GnomeApplicationsUtilities.png
Binary files differ
diff --git a/features/images/GnomeFileDiagTypeFilename.png b/features/images/GnomeFileDiagTypeFilename.png
index 2139695..85c3c59 100644
--- a/features/images/GnomeFileDiagTypeFilename.png
+++ b/features/images/GnomeFileDiagTypeFilename.png
Binary files differ
diff --git a/features/images/GnomePlaces.png b/features/images/GnomePlaces.png
index 98036cc..476bf23 100644
--- a/features/images/GnomePlaces.png
+++ b/features/images/GnomePlaces.png
Binary files differ
diff --git a/features/images/GnomePlacesWithoutTorBrowserPersistent.png b/features/images/GnomePlacesWithoutTorBrowserPersistent.png
index 710cb5d..2ab18a3 100644
--- a/features/images/GnomePlacesWithoutTorBrowserPersistent.png
+++ b/features/images/GnomePlacesWithoutTorBrowserPersistent.png
Binary files differ
diff --git a/features/images/GnomeSystrayFlorence.png b/features/images/GnomeSystrayFlorence.png
index d9f0e83..5c0abc7 100644
--- a/features/images/GnomeSystrayFlorence.png
+++ b/features/images/GnomeSystrayFlorence.png
Binary files differ
diff --git a/features/images/GnomeTorIsReady.png b/features/images/GnomeTorIsReady.png
deleted file mode 100644
index 121d909..0000000
--- a/features/images/GnomeTorIsReady.png
+++ /dev/null
Binary files differ
diff --git a/features/images/GnomeWindowTitleBarRightEdge.png b/features/images/GnomeWindowTitleBarRightEdge.png
new file mode 100644
index 0000000..894caab
--- /dev/null
+++ b/features/images/GnomeWindowTitleBarRightEdge.png
Binary files differ
diff --git a/features/images/GpgAppletChooseKeyWindow.png b/features/images/GpgAppletChooseKeyWindow.png
index 1137e9b..ebca7da 100644
--- a/features/images/GpgAppletChooseKeyWindow.png
+++ b/features/images/GpgAppletChooseKeyWindow.png
Binary files differ
diff --git a/features/images/GpgAppletIconEncrypted.png b/features/images/GpgAppletIconEncrypted.png
index 9325ad1..940772a 100644
--- a/features/images/GpgAppletIconEncrypted.png
+++ b/features/images/GpgAppletIconEncrypted.png
Binary files differ
diff --git a/features/images/GpgAppletIconNormal.png b/features/images/GpgAppletIconNormal.png
index 59bbb3a..0dac334 100644
--- a/features/images/GpgAppletIconNormal.png
+++ b/features/images/GpgAppletIconNormal.png
Binary files differ
diff --git a/features/images/GpgAppletIconSigned.png b/features/images/GpgAppletIconSigned.png
index cb4f144..44ec2e3 100644
--- a/features/images/GpgAppletIconSigned.png
+++ b/features/images/GpgAppletIconSigned.png
Binary files differ
diff --git a/features/images/GpgAppletManageKeys.png b/features/images/GpgAppletManageKeys.png
index df93bee..7636f31 100644
--- a/features/images/GpgAppletManageKeys.png
+++ b/features/images/GpgAppletManageKeys.png
Binary files differ
diff --git a/features/images/GpgAppletResults.png b/features/images/GpgAppletResults.png
index b299490..9270322 100644
--- a/features/images/GpgAppletResults.png
+++ b/features/images/GpgAppletResults.png
Binary files differ
diff --git a/features/images/GtkFileChooserDesktopButton.png b/features/images/GtkFileChooserDesktopButton.png
index 3499919..434a3e4 100644
--- a/features/images/GtkFileChooserDesktopButton.png
+++ b/features/images/GtkFileChooserDesktopButton.png
Binary files differ
diff --git a/features/images/I2P_router_console.png b/features/images/I2P_router_console.png
index 870ebe8..dfb67e9 100644
--- a/features/images/I2P_router_console.png
+++ b/features/images/I2P_router_console.png
Binary files differ
diff --git a/features/images/MemoryWipeCompleted.png b/features/images/MemoryWipeCompleted.png
index e7bf33d..fe17943 100644
--- a/features/images/MemoryWipeCompleted.png
+++ b/features/images/MemoryWipeCompleted.png
Binary files differ
diff --git a/features/images/PersistenceWizardDeletionStart.png b/features/images/PersistenceWizardDeletionStart.png
index a444057..a93fbb9 100644
--- a/features/images/PersistenceWizardDeletionStart.png
+++ b/features/images/PersistenceWizardDeletionStart.png
Binary files differ
diff --git a/features/images/PersistenceWizardDone.png b/features/images/PersistenceWizardDone.png
index 4a95bf1..baa6c35 100644
--- a/features/images/PersistenceWizardDone.png
+++ b/features/images/PersistenceWizardDone.png
Binary files differ
diff --git a/features/images/PersistenceWizardPresets.png b/features/images/PersistenceWizardPresets.png
index 9019836..f8349a9 100644
--- a/features/images/PersistenceWizardPresets.png
+++ b/features/images/PersistenceWizardPresets.png
Binary files differ
diff --git a/features/images/PersistenceWizardStart.png b/features/images/PersistenceWizardStart.png
index edd8187..c34668e 100644
--- a/features/images/PersistenceWizardStart.png
+++ b/features/images/PersistenceWizardStart.png
Binary files differ
diff --git a/features/images/PersistenceWizardWindow.png b/features/images/PersistenceWizardWindow.png
deleted file mode 100644
index b219cfe..0000000
--- a/features/images/PersistenceWizardWindow.png
+++ /dev/null
Binary files differ
diff --git a/features/images/PidginAccountManagerCloseButton.png b/features/images/PidginAccountManagerCloseButton.png
index 7e83488..f8fe293 100644
--- a/features/images/PidginAccountManagerCloseButton.png
+++ b/features/images/PidginAccountManagerCloseButton.png
Binary files differ
diff --git a/features/images/PidginAccountWindow.png b/features/images/PidginAccountWindow.png
index df15bf6..08a3c32 100644
--- a/features/images/PidginAccountWindow.png
+++ b/features/images/PidginAccountWindow.png
Binary files differ
diff --git a/features/images/PidginAccount_irc.oftc.net.png b/features/images/PidginAccount_irc.oftc.net.png
index 24095af..9596e55 100644
--- a/features/images/PidginAccount_irc.oftc.net.png
+++ b/features/images/PidginAccount_irc.oftc.net.png
Binary files differ
diff --git a/features/images/PidginCertificateAddButton.png b/features/images/PidginCertificateAddButton.png
index 8b6c7c2..9bce527 100644
--- a/features/images/PidginCertificateAddButton.png
+++ b/features/images/PidginCertificateAddButton.png
Binary files differ
diff --git a/features/images/PidginCertificateAddHostnameDialog.png b/features/images/PidginCertificateAddHostnameDialog.png
index f02b7b9..558f5ec 100644
--- a/features/images/PidginCertificateAddHostnameDialog.png
+++ b/features/images/PidginCertificateAddHostnameDialog.png
Binary files differ
diff --git a/features/images/PidginCertificateImportFailed.png b/features/images/PidginCertificateImportFailed.png
index 8a7b8f1..cff450c 100644
--- a/features/images/PidginCertificateImportFailed.png
+++ b/features/images/PidginCertificateImportFailed.png
Binary files differ
diff --git a/features/images/PidginCertificateManagerDialog.png b/features/images/PidginCertificateManagerDialog.png
index 72ae744..cbab380 100644
--- a/features/images/PidginCertificateManagerDialog.png
+++ b/features/images/PidginCertificateManagerDialog.png
Binary files differ
diff --git a/features/images/PidginCertificateTestItem.png b/features/images/PidginCertificateTestItem.png
index 51ceaa7..f0cf923 100644
--- a/features/images/PidginCertificateTestItem.png
+++ b/features/images/PidginCertificateTestItem.png
Binary files differ
diff --git a/features/images/PidginCertificatesMenuItem.png b/features/images/PidginCertificatesMenuItem.png
index 0bd972f..3a5d9c9 100644
--- a/features/images/PidginCertificatesMenuItem.png
+++ b/features/images/PidginCertificatesMenuItem.png
Binary files differ
diff --git a/features/images/PidginConnecting.png b/features/images/PidginConnecting.png
index e768d51..a7d954e 100644
--- a/features/images/PidginConnecting.png
+++ b/features/images/PidginConnecting.png
Binary files differ
diff --git a/features/images/PidginTailsChannelEntry.png b/features/images/PidginTailsChannelEntry.png
index 764f684..c055061 100644
--- a/features/images/PidginTailsChannelEntry.png
+++ b/features/images/PidginTailsChannelEntry.png
Binary files differ
diff --git a/features/images/PidginTailsChannelWelcome.png b/features/images/PidginTailsChannelWelcome.png
index 68cc71f..5673d0d 100644
--- a/features/images/PidginTailsChannelWelcome.png
+++ b/features/images/PidginTailsChannelWelcome.png
Binary files differ
diff --git a/features/images/PidginTailsConversationTab.png b/features/images/PidginTailsConversationTab.png
index 155fd34..947144a 100644
--- a/features/images/PidginTailsConversationTab.png
+++ b/features/images/PidginTailsConversationTab.png
Binary files differ
diff --git a/features/images/PidginToolsMenu.png b/features/images/PidginToolsMenu.png
index 55e1b3e..eced16b 100644
--- a/features/images/PidginToolsMenu.png
+++ b/features/images/PidginToolsMenu.png
Binary files differ
diff --git a/features/images/PolicyKitAuthCompleteFailure.png b/features/images/PolicyKitAuthCompleteFailure.png
index 271e95f..506059a 100644
--- a/features/images/PolicyKitAuthCompleteFailure.png
+++ b/features/images/PolicyKitAuthCompleteFailure.png
Binary files differ
diff --git a/features/images/PolicyKitAuthFailure.png b/features/images/PolicyKitAuthFailure.png
index 86ef39d..13acaae 100644
--- a/features/images/PolicyKitAuthFailure.png
+++ b/features/images/PolicyKitAuthFailure.png
Binary files differ
diff --git a/features/images/PolicyKitAuthPrompt.png b/features/images/PolicyKitAuthPrompt.png
index 25549a3..0f3ae97 100644
--- a/features/images/PolicyKitAuthPrompt.png
+++ b/features/images/PolicyKitAuthPrompt.png
Binary files differ
diff --git a/features/images/PrintToFile.png b/features/images/PrintToFile.png
index 2175d01..d0b5297 100644
--- a/features/images/PrintToFile.png
+++ b/features/images/PrintToFile.png
Binary files differ
diff --git a/features/images/SampleLocalMp4VideoFrame.png b/features/images/SampleLocalMp4VideoFrame.png
index 0ed3ee5..336c955 100644
--- a/features/images/SampleLocalMp4VideoFrame.png
+++ b/features/images/SampleLocalMp4VideoFrame.png
Binary files differ
diff --git a/features/images/SampleRemoteWebMVideoFrame.png b/features/images/SampleRemoteWebMVideoFrame.png
index 402dba6..b606bbe 100644
--- a/features/images/SampleRemoteWebMVideoFrame.png
+++ b/features/images/SampleRemoteWebMVideoFrame.png
Binary files differ
diff --git a/features/images/SeahorseEditPreferences.png b/features/images/SeahorseEditPreferences.png
index def8ac4..e516ad9 100644
--- a/features/images/SeahorseEditPreferences.png
+++ b/features/images/SeahorseEditPreferences.png
Binary files differ
diff --git a/features/images/SeahorseFindKeysWindow.png b/features/images/SeahorseFindKeysWindow.png
index 84854f4..32b2633 100644
--- a/features/images/SeahorseFindKeysWindow.png
+++ b/features/images/SeahorseFindKeysWindow.png
Binary files differ
diff --git a/features/images/SeahorseImport.png b/features/images/SeahorseImport.png
index 959c160..63c728a 100644
--- a/features/images/SeahorseImport.png
+++ b/features/images/SeahorseImport.png
Binary files differ
diff --git a/features/images/SeahorseKeyResultWindow.png b/features/images/SeahorseKeyResultWindow.png
index 43544b0..0ec7b60 100644
--- a/features/images/SeahorseKeyResultWindow.png
+++ b/features/images/SeahorseKeyResultWindow.png
Binary files differ
diff --git a/features/images/SeahorseRemoteMenu.png b/features/images/SeahorseRemoteMenu.png
index 7359a4f..e557f8b 100644
--- a/features/images/SeahorseRemoteMenu.png
+++ b/features/images/SeahorseRemoteMenu.png
Binary files differ
diff --git a/features/images/SeahorseRemoteMenuFind.png b/features/images/SeahorseRemoteMenuFind.png
index c70511f..2a064c8 100644
--- a/features/images/SeahorseRemoteMenuFind.png
+++ b/features/images/SeahorseRemoteMenuFind.png
Binary files differ
diff --git a/features/images/SeahorseRemoteMenuSync.png b/features/images/SeahorseRemoteMenuSync.png
index 6f83b32..5255e54 100644
--- a/features/images/SeahorseRemoteMenuSync.png
+++ b/features/images/SeahorseRemoteMenuSync.png
Binary files differ
diff --git a/features/images/SeahorseSyncKeys.png b/features/images/SeahorseSyncKeys.png
index e0ff372..dcd5bfd 100644
--- a/features/images/SeahorseSyncKeys.png
+++ b/features/images/SeahorseSyncKeys.png
Binary files differ
diff --git a/features/images/SeahorseWindow.png b/features/images/SeahorseWindow.png
index 6dcfcb9..a868798 100644
--- a/features/images/SeahorseWindow.png
+++ b/features/images/SeahorseWindow.png
Binary files differ
diff --git a/features/images/SynapticApplyButton.png b/features/images/SynapticApplyButton.png
new file mode 100644
index 0000000..92cefb1
--- /dev/null
+++ b/features/images/SynapticApplyButton.png
Binary files differ
diff --git a/features/images/SynapticApplyPrompt.png b/features/images/SynapticApplyPrompt.png
index 5adfe1a..a802fe9 100644
--- a/features/images/SynapticApplyPrompt.png
+++ b/features/images/SynapticApplyPrompt.png
Binary files differ
diff --git a/features/images/SynapticChangesAppliedPrompt.png b/features/images/SynapticChangesAppliedPrompt.png
index a8c90c0..bf75428 100644
--- a/features/images/SynapticChangesAppliedPrompt.png
+++ b/features/images/SynapticChangesAppliedPrompt.png
Binary files differ
diff --git a/features/images/SynapticCowsaySearchResult.png b/features/images/SynapticCowsaySearchResult.png
index 4ceab29..8a4aa0a 100644
--- a/features/images/SynapticCowsaySearchResult.png
+++ b/features/images/SynapticCowsaySearchResult.png
Binary files differ
diff --git a/features/images/SynapticPackageList.png b/features/images/SynapticPackageList.png
index cf0cbc7..21f07d0 100644
--- a/features/images/SynapticPackageList.png
+++ b/features/images/SynapticPackageList.png
Binary files differ
diff --git a/features/images/SynapticPolicyKitAuthPrompt.png b/features/images/SynapticPolicyKitAuthPrompt.png
deleted file mode 100644
index a4bc519..0000000
--- a/features/images/SynapticPolicyKitAuthPrompt.png
+++ /dev/null
Binary files differ
diff --git a/features/images/SynapticReloadButton.png b/features/images/SynapticReloadButton.png
new file mode 100644
index 0000000..1af3f1d
--- /dev/null
+++ b/features/images/SynapticReloadButton.png
Binary files differ
diff --git a/features/images/SynapticReloadPrompt.png b/features/images/SynapticReloadPrompt.png
index 178005b..2d476ac 100644
--- a/features/images/SynapticReloadPrompt.png
+++ b/features/images/SynapticReloadPrompt.png
Binary files differ
diff --git a/features/images/SynapticSearch.png b/features/images/SynapticSearch.png
deleted file mode 100644
index ec81adb..0000000
--- a/features/images/SynapticSearch.png
+++ /dev/null
Binary files differ
diff --git a/features/images/SynapticSearchButton.png b/features/images/SynapticSearchButton.png
new file mode 100644
index 0000000..641ad51
--- /dev/null
+++ b/features/images/SynapticSearchButton.png
Binary files differ
diff --git a/features/images/SynapticSearchWindow.png b/features/images/SynapticSearchWindow.png
new file mode 100644
index 0000000..98574cf
--- /dev/null
+++ b/features/images/SynapticSearchWindow.png
Binary files differ
diff --git a/features/images/TailsEmergencyShutdownButton.png b/features/images/TailsEmergencyShutdownButton.png
index dc2e239..df9ab88 100644
--- a/features/images/TailsEmergencyShutdownButton.png
+++ b/features/images/TailsEmergencyShutdownButton.png
Binary files differ
diff --git a/features/images/TailsEmergencyShutdownHalt.png b/features/images/TailsEmergencyShutdownHalt.png
index 7931794..92f2367 100644
--- a/features/images/TailsEmergencyShutdownHalt.png
+++ b/features/images/TailsEmergencyShutdownHalt.png
Binary files differ
diff --git a/features/images/TailsEmergencyShutdownReboot.png b/features/images/TailsEmergencyShutdownReboot.png
index 126f75b..08e09a1 100644
--- a/features/images/TailsEmergencyShutdownReboot.png
+++ b/features/images/TailsEmergencyShutdownReboot.png
Binary files differ
diff --git a/features/images/TailsGreeter.png b/features/images/TailsGreeter.png
index 2745652..2ec1f99 100644
--- a/features/images/TailsGreeter.png
+++ b/features/images/TailsGreeter.png
Binary files differ
diff --git a/features/images/TailsGreeterAdminPassword.png b/features/images/TailsGreeterAdminPassword.png
index 5ba1b0f..26eeaf3 100644
--- a/features/images/TailsGreeterAdminPassword.png
+++ b/features/images/TailsGreeterAdminPassword.png
Binary files differ
diff --git a/features/images/TailsGreeterForward.png b/features/images/TailsGreeterForward.png
index 0dfd482..8df52ad 100644
--- a/features/images/TailsGreeterForward.png
+++ b/features/images/TailsGreeterForward.png
Binary files differ
diff --git a/features/images/TailsGreeterLoginButton.png b/features/images/TailsGreeterLoginButton.png
index 633e2e0..0e7849d 100644
--- a/features/images/TailsGreeterLoginButton.png
+++ b/features/images/TailsGreeterLoginButton.png
Binary files differ
diff --git a/features/images/TailsGreeterMoreOptions.png b/features/images/TailsGreeterMoreOptions.png
index 039feec..496ae99 100644
--- a/features/images/TailsGreeterMoreOptions.png
+++ b/features/images/TailsGreeterMoreOptions.png
Binary files differ
diff --git a/features/images/TailsGreeterPersistence.png b/features/images/TailsGreeterPersistence.png
index 59679bf..201b5f1 100644
--- a/features/images/TailsGreeterPersistence.png
+++ b/features/images/TailsGreeterPersistence.png
Binary files differ
diff --git a/features/images/TailsGreeterPersistenceReadOnly.png b/features/images/TailsGreeterPersistenceReadOnly.png
index a93ab09..43ef556 100644
--- a/features/images/TailsGreeterPersistenceReadOnly.png
+++ b/features/images/TailsGreeterPersistenceReadOnly.png
Binary files differ
diff --git a/features/images/TorBrowserAddressBar.png b/features/images/TorBrowserAddressBar.png
index eb6da2e..cf94146 100644
--- a/features/images/TorBrowserAddressBar.png
+++ b/features/images/TorBrowserAddressBar.png
Binary files differ
diff --git a/features/images/TorBrowserNoPlugins.png b/features/images/TorBrowserNoPlugins.png
index 4bad5f9..287b234 100644
--- a/features/images/TorBrowserNoPlugins.png
+++ b/features/images/TorBrowserNoPlugins.png
Binary files differ
diff --git a/features/images/TorBrowserWindow.png b/features/images/TorBrowserWindow.png
index c1f4661..f79a7c2 100644
--- a/features/images/TorBrowserWindow.png
+++ b/features/images/TorBrowserWindow.png
Binary files differ
diff --git a/features/images/TotemUnableToOpen.png b/features/images/TotemUnableToOpen.png
index 8ec7fbf..09467f4 100644
--- a/features/images/TotemUnableToOpen.png
+++ b/features/images/TotemUnableToOpen.png
Binary files differ
diff --git a/features/images/USBCloneAndInstall.png b/features/images/USBCloneAndInstall.png
index 599aabe..665fa19 100644
--- a/features/images/USBCloneAndInstall.png
+++ b/features/images/USBCloneAndInstall.png
Binary files differ
diff --git a/features/images/USBCreateLiveUSB.png b/features/images/USBCreateLiveUSB.png
index 8620d61..ba9e8bf 100644
--- a/features/images/USBCreateLiveUSB.png
+++ b/features/images/USBCreateLiveUSB.png
Binary files differ
diff --git a/features/images/USBCreateLiveUSBConfirmWindow.png b/features/images/USBCreateLiveUSBConfirmWindow.png
index 825e049..720b213 100644
--- a/features/images/USBCreateLiveUSBConfirmWindow.png
+++ b/features/images/USBCreateLiveUSBConfirmWindow.png
Binary files differ
diff --git a/features/images/USBCreateLiveUSBConfirmYes.png b/features/images/USBCreateLiveUSBConfirmYes.png
index da7917a..4061b2e 100644
--- a/features/images/USBCreateLiveUSBConfirmYes.png
+++ b/features/images/USBCreateLiveUSBConfirmYes.png
Binary files differ
diff --git a/features/images/USBInstallationComplete.png b/features/images/USBInstallationComplete.png
index 54ed0c4..f181ef1 100644
--- a/features/images/USBInstallationComplete.png
+++ b/features/images/USBInstallationComplete.png
Binary files differ
diff --git a/features/images/UnsafeBrowserAdvancedSettings.png b/features/images/UnsafeBrowserAdvancedSettings.png
index ecf722c..6ce4b72 100644
--- a/features/images/UnsafeBrowserAdvancedSettings.png
+++ b/features/images/UnsafeBrowserAdvancedSettings.png
Binary files differ
diff --git a/features/images/UnsafeBrowserEditPreferences.png b/features/images/UnsafeBrowserEditPreferences.png
index 04f4e18..08c5ab3 100644
--- a/features/images/UnsafeBrowserEditPreferences.png
+++ b/features/images/UnsafeBrowserEditPreferences.png
Binary files differ
diff --git a/features/images/UnsafeBrowserPreferencesWindow.png b/features/images/UnsafeBrowserPreferencesWindow.png
index 2078ca9..6bfe866 100644
--- a/features/images/UnsafeBrowserPreferencesWindow.png
+++ b/features/images/UnsafeBrowserPreferencesWindow.png
Binary files differ
diff --git a/features/images/UnsafeBrowserProxyRefused.png b/features/images/UnsafeBrowserProxyRefused.png
index 775fad1..5963c67 100644
--- a/features/images/UnsafeBrowserProxyRefused.png
+++ b/features/images/UnsafeBrowserProxyRefused.png
Binary files differ
diff --git a/features/images/UnsafeBrowserProxySettings.png b/features/images/UnsafeBrowserProxySettings.png
index d3580e4..cda8689 100644
--- a/features/images/UnsafeBrowserProxySettings.png
+++ b/features/images/UnsafeBrowserProxySettings.png
Binary files differ
diff --git a/features/images/UnsafeBrowserStartNotification.png b/features/images/UnsafeBrowserStartNotification.png
index 40bc7ac..3dfc085 100644
--- a/features/images/UnsafeBrowserStartNotification.png
+++ b/features/images/UnsafeBrowserStartNotification.png
Binary files differ
diff --git a/features/images/UnsafeBrowserStopNotification.png b/features/images/UnsafeBrowserStopNotification.png
index 32c6145..2966ca3 100644
--- a/features/images/UnsafeBrowserStopNotification.png
+++ b/features/images/UnsafeBrowserStopNotification.png
Binary files differ
diff --git a/features/images/UnsafeBrowserWarnAlreadyRunning.png b/features/images/UnsafeBrowserWarnAlreadyRunning.png
index ce26f63..7a881f3 100644
--- a/features/images/UnsafeBrowserWarnAlreadyRunning.png
+++ b/features/images/UnsafeBrowserWarnAlreadyRunning.png
Binary files differ
diff --git a/features/images/UnsafeBrowserWindow.png b/features/images/UnsafeBrowserWindow.png
index 8a48800..77d7982 100644
--- a/features/images/UnsafeBrowserWindow.png
+++ b/features/images/UnsafeBrowserWindow.png
Binary files differ
diff --git a/features/pidgin.feature b/features/pidgin.feature
index 27a8034..61785eb 100644
--- a/features/pidgin.feature
+++ b/features/pidgin.feature
@@ -59,7 +59,6 @@ Feature: Chatting anonymously using Pidgin
When I start Pidgin through the GNOME menu
Then I see Pidgin's account manager window
When I activate the "irc.oftc.net" Pidgin account
- And I close Pidgin's account manager window
Then Pidgin successfully connects to the "irc.oftc.net" account
And I can join the "#tails" channel on "irc.oftc.net"
When I type "/topic"
diff --git a/features/step_definitions/apt.rb b/features/step_definitions/apt.rb
index 8be9e6d..e60e579 100644
--- a/features/step_definitions/apt.rb
+++ b/features/step_definitions/apt.rb
@@ -12,34 +12,28 @@ Given /^the only hosts in APT sources are "([^"]*)"$/ do |hosts_str|
}
end
-When /^I update APT using apt-get$/ do
+When /^I update APT using apt$/ do
next if @skip_steps_while_restoring_background
Timeout::timeout(30*60) do
@vm.execute_successfully("echo #{@sudo_password} | " +
- "sudo -S apt-get update", LIVE_USER)
+ "sudo -S apt update", LIVE_USER)
end
end
-Then /^I should be able to install a package using apt-get$/ do
+Then /^I should be able to install a package using apt$/ do
next if @skip_steps_while_restoring_background
package = "cowsay"
Timeout::timeout(120) do
@vm.execute_successfully("echo #{@sudo_password} | " +
- "sudo -S apt-get install #{package}", LIVE_USER)
+ "sudo -S apt install #{package}", LIVE_USER)
end
step "package \"#{package}\" is installed"
end
When /^I update APT using Synaptic$/ do
next if @skip_steps_while_restoring_background
- # Upon start the interface will be frozen while Synaptic loads the
- # package list. Since the frozen GUI is so similar to the unfrozen
- # one there's no easy way to reliably wait for the latter. Hence we
- # spam reload until it's performed, which is easier to detect.
- try_for(60, :msg => "Failed to reload the package list in Synaptic") {
- @screen.type("r", Sikuli::KeyModifier.CTRL)
- @screen.find('SynapticReloadPrompt.png')
- }
+ @screen.click('SynapticReloadButton.png')
+ @screen.wait('SynapticReloadPrompt.png', 20)
@screen.waitVanish('SynapticReloadPrompt.png', 30*60)
# After this next image is displayed, the GUI should be responsive.
@screen.wait('SynapticPackageList.png', 30)
@@ -48,22 +42,20 @@ end
Then /^I should be able to install a package using Synaptic$/ do
next if @skip_steps_while_restoring_background
package = "cowsay"
- @screen.type("f", Sikuli::KeyModifier.CTRL) # Find key
- @screen.wait_and_click('SynapticSearch.png', 10)
+ @screen.wait_and_click(Sikuli::Pattern.new('SynapticSearchButton.png').exact, 10)
+ @screen.wait('SynapticSearchWindow.png', 20)
@screen.type(package + Sikuli::Key.ENTER)
- @screen.wait_and_click('SynapticCowsaySearchResult.png', 20)
- @screen.wait('SynapticCowsaySearchResultSelected.png', 20)
- @screen.type("i", Sikuli::KeyModifier.CTRL) # Mark for installation
- @screen.wait('SynapticCowsayMarked.png', 10)
- @screen.wait_and_click('SynapticApply.png', 10)
+ @screen.wait_and_double_click('SynapticCowsaySearchResult.png', 20)
+ @screen.wait_and_click('SynapticApplyButton.png', 10)
@screen.wait('SynapticApplyPrompt.png', 60)
- @screen.type("a", Sikuli::KeyModifier.ALT) # Verify apply
+ @screen.type(package + Sikuli::Key.ENTER)
@screen.wait('SynapticChangesAppliedPrompt.png', 120)
step "package \"#{package}\" is installed"
end
When /^I start Synaptic$/ do
next if @skip_steps_while_restoring_background
- step 'I start "Synaptic" via the GNOME "System"/"Administration" applications menu'
- deal_with_polkit_prompt('SynapticPolicyKitAuthPrompt.png', @sudo_password)
+ step 'I start "Synaptic" via the GNOME "System" applications menu'
+ deal_with_polkit_prompt('PolicyKitAuthPrompt.png', @sudo_password)
+ @screen.wait('SynapticReloadButton.png', 30)
end
diff --git a/features/step_definitions/checks.rb b/features/step_definitions/checks.rb
index ea39705..ebcba13 100644
--- a/features/step_definitions/checks.rb
+++ b/features/step_definitions/checks.rb
@@ -116,28 +116,22 @@ When /^Tails has booted a 64-bit kernel$/ do
"Tails has not booted a 64-bit kernel.")
end
-Then /^GNOME Screenshot is configured to save files to the live user's home directory$/ do
+Then /^there is no screenshot in the live user's Pictures directory$/ do
next if @skip_steps_while_restoring_background
- home = "/home/#{LIVE_USER}"
- save_path = @vm.execute_successfully(
- "gsettings get org.gnome.gnome-screenshot auto-save-directory",
- LIVE_USER).stdout.chomp.tr("'","")
- assert_equal("file://#{home}", save_path,
- "The GNOME screenshot auto-save-directory is not set correctly.")
-end
-
-Then /^there is no screenshot in the live user's home directory$/ do
- next if @skip_steps_while_restoring_background
- home = "/home/#{LIVE_USER}"
- assert(@vm.execute("find '#{home}' -name 'Screenshot*.png' -maxdepth 1").stdout.empty?,
- "Existing screenshots were found in the live user's home directory.")
+ pictures_directory = "/home/#{LIVE_USER}/Pictures"
+ assert(@vm.execute(
+ "find '#{pictures_directory}' -name 'Screenshot*.png' -maxdepth 1"
+ ).stdout.empty?,
+ "Existing screenshots were found in the live user's Pictures directory.")
end
-Then /^a screenshot is saved to the live user's home directory$/ do
+Then /^a screenshot is saved to the live user's Pictures directory$/ do
next if @skip_steps_while_restoring_background
- home = "/home/#{LIVE_USER}"
- try_for(10, :msg=> "No screenshot was created in #{home}") {
- !@vm.execute("find '#{home}' -name 'Screenshot*.png' -maxdepth 1").stdout.empty?
+ pictures_directory = "/home/#{LIVE_USER}/Pictures"
+ try_for(10, :msg=> "No screenshot was created in #{pictures_directory}") {
+ !@vm.execute(
+ "find '#{pictures_directory}' -name 'Screenshot*.png' -maxdepth 1"
+ ).stdout.empty?
}
end
diff --git a/features/step_definitions/common_steps.rb b/features/step_definitions/common_steps.rb
index ecaf49a..68261d5 100644
--- a/features/step_definitions/common_steps.rb
+++ b/features/step_definitions/common_steps.rb
@@ -336,6 +336,8 @@ Given /^Tor is ready$/ do
next if @skip_steps_while_restoring_background
step "Tor has built a circuit"
step "the time has synced"
+ assert(@vm.execute('systemctl is-system-running').success?,
+ 'At least one system service failed to start.')
end
Given /^Tor has built a circuit$/ do
@@ -366,7 +368,7 @@ Given /^the Tor Browser has started$/ do
tor_browser_picture = "TorBrowserWindow.png"
end
- @screen.wait(tor_browser_picture, 60)
+ @screen.wait_for_gnome_window(tor_browser_picture, 60)
end
Given /^the Tor Browser (?:has started and )?load(?:ed|s) the (startup page|Tails roadmap)$/ do |page|
@@ -533,7 +535,7 @@ end
Given /^I shutdown Tails and wait for the computer to power off$/ do
next if @skip_steps_while_restoring_background
- @vm.execute("poweroff")
+ @vm.spawn("poweroff")
step 'Tails eventually shuts down'
end
@@ -547,7 +549,7 @@ end
When /^I warm reboot the computer$/ do
next if @skip_steps_while_restoring_background
- @vm.execute("reboot")
+ @vm.spawn("reboot")
end
When /^I request a reboot using the emergency shutdown applet$/ do
@@ -666,7 +668,7 @@ def xul_app_shared_lib_check(pid, chroot)
". /usr/local/lib/tails-shell-library/tor-browser.sh; " +
"ls -1 #{chroot}${TBB_INSTALL}/*.so"
).stdout.split
- firefox_pmap_info = @vm.execute("pmap #{pid}").stdout
+ firefox_pmap_info = @vm.execute("pmap --show-path #{pid}").stdout
for lib in tbb_libs do
lib_name = File.basename lib
if not /\W#{lib}$/.match firefox_pmap_info
@@ -738,25 +740,27 @@ EOF
con_content.split("\n").each do |line|
@vm.execute("echo '#{line}' >> /tmp/NM.#{con_name}")
end
- @vm.execute("install -m 0600 '/tmp/NM.#{con_name}' '/etc/NetworkManager/system-connections/#{con_name}'")
+ con_file = "/etc/NetworkManager/system-connections/#{con_name}"
+ @vm.execute("install -m 0600 '/tmp/NM.#{con_name}' '#{con_file}'")
+ @vm.execute_successfully("nmcli connection load '#{con_file}'")
try_for(10) {
- nm_con_list = @vm.execute("nmcli --terse --fields NAME con list").stdout
+ nm_con_list = @vm.execute("nmcli --terse --fields NAME connection show").stdout
nm_con_list.split("\n").include? "#{con_name}"
}
end
Given /^I switch to the "([^"]+)" NetworkManager connection$/ do |con_name|
next if @skip_steps_while_restoring_background
- @vm.execute("nmcli con up id #{con_name}")
+ @vm.execute("nmcli connection up id #{con_name}")
try_for(60) {
- @vm.execute("nmcli --terse --fields NAME,STATE con status").stdout.chomp == "#{con_name}:activated"
+ @vm.execute("nmcli --terse --fields NAME,STATE connection show").stdout.chomp.split("\n").include?("#{con_name}:activated")
}
end
When /^I start and focus GNOME Terminal$/ do
next if @skip_steps_while_restoring_background
- step 'I start "Terminal" via the GNOME "Accessories" applications menu'
- @screen.wait_and_click('GnomeTerminalWindow.png', 20)
+ step 'I start "Terminal" via the GNOME "Utilities" applications menu'
+ @screen.wait('GnomeTerminalWindow.png', 20)
end
When /^I run "([^"]+)" in GNOME Terminal$/ do |command|
@@ -833,7 +837,7 @@ end
def gnome_app_menu_click_helper(click_me, verify_me = nil)
try_for(60) do
- @screen.hide_cursor
+# @screen.hide_cursor
@screen.wait_and_click(click_me, 10)
@screen.wait(verify_me, 10) if verify_me
return
diff --git a/features/step_definitions/erase_memory.rb b/features/step_definitions/erase_memory.rb
index ddd5ede..13ebb3f 100644
--- a/features/step_definitions/erase_memory.rb
+++ b/features/step_definitions/erase_memory.rb
@@ -168,7 +168,7 @@ end
When /^I shutdown and wait for Tails to finish wiping the memory$/ do
next if @skip_steps_while_restoring_background
- @vm.execute_successfully("halt")
+ @vm.spawn("halt")
nr_gibs_of_ram = (@detected_ram_m.to_f/(2**10)).ceil
try_for(nr_gibs_of_ram*5*60, { :msg => "memory wipe didn't finish, probably the VM crashed" }) do
# We spam keypresses to prevent console blanking from hiding the
diff --git a/features/step_definitions/evince.rb b/features/step_definitions/evince.rb
index 1bb122d..10085de 100644
--- a/features/step_definitions/evince.rb
+++ b/features/step_definitions/evince.rb
@@ -8,12 +8,12 @@ Then /^I can print the current document to "([^"]+)"$/ do |output_file|
@screen.type("p", Sikuli::KeyModifier.CTRL)
@screen.wait("EvincePrintDialog.png", 10)
@screen.wait_and_click("PrintToFile.png", 10)
- @screen.wait_and_double_click("EvincePrintOutputFile.png", 10)
- @screen.hide_cursor
- @screen.wait("EvincePrintOutputFileSelected.png", 10)
+ @screen.wait_and_click("EvincePrintOutputFileButton.png", 10)
+ @screen.wait("EvincePrintFileDialog.png", 10)
# Only the file's basename is selected by double-clicking,
# so we type only the desired file's basename to replace it
@screen.type(output_file.sub(/[.]pdf$/, '') + Sikuli::Key.ENTER)
+ @screen.wait_and_click("EvincePrintButton.png", 10)
try_for(10, :msg => "The document was not printed to #{output_file}") {
@vm.file_exist?(output_file)
}
diff --git a/features/step_definitions/pidgin.rb b/features/step_definitions/pidgin.rb
index 7407d8c..7267400 100644
--- a/features/step_definitions/pidgin.rb
+++ b/features/step_definitions/pidgin.rb
@@ -287,6 +287,7 @@ When /^I activate the "([^"]+)" Pidgin account$/ do |account|
next if @skip_steps_while_restoring_background
@screen.click("PidginAccount_#{account}.png")
@screen.type(Sikuli::Key.LEFT + Sikuli::Key.SPACE)
+ step "I close Pidgin's account manager window"
# wait for the Pidgin to be connecting, otherwise sometimes the step
# that closes the account management dialog happens before the account
# is actually enabled
diff --git a/features/step_definitions/root_access_control.rb b/features/step_definitions/root_access_control.rb
index 026fa8e..e05f89f 100644
--- a/features/step_definitions/root_access_control.rb
+++ b/features/step_definitions/root_access_control.rb
@@ -36,10 +36,10 @@ end
Then /^I should not be able to run a command as root with pkexec and the standard passwords$/ do
next if @skip_steps_while_restoring_background
step "I run \"pkexec touch /root/pkexec-test\" in GNOME Terminal"
- ['', 'live'].each do |password|
+ ['', 'live', 'amnesia'].each do |password|
step "I enter the \"#{password}\" password in the pkexec prompt"
@screen.wait('PolicyKitAuthFailure.png', 20)
end
- step "I enter the \"amnesia\" password in the pkexec prompt"
+ @screen.type(Sikuli::Key.ESC)
@screen.wait('PolicyKitAuthCompleteFailure.png', 20)
end
diff --git a/features/step_definitions/torified_gnupg.rb b/features/step_definitions/torified_gnupg.rb
index fe27ebd..968a91b 100644
--- a/features/step_definitions/torified_gnupg.rb
+++ b/features/step_definitions/torified_gnupg.rb
@@ -90,7 +90,7 @@ When /^I start Seahorse( via the Tails OpenPGP Applet)?$/ do |withgpgapplet|
if withgpgapplet
seahorse_menu_click_helper('GpgAppletIconNormal.png', 'GpgAppletManageKeys.png')
else
- step 'I start "Seahorse" via the GNOME "System"/"Preferences" applications menu'
+ step 'I start "Seahorse" via the GNOME "Utilities" applications menu'
end
end
diff --git a/features/step_definitions/unsafe_browser.rb b/features/step_definitions/unsafe_browser.rb
index 3322330..9c1edf0 100644
--- a/features/step_definitions/unsafe_browser.rb
+++ b/features/step_definitions/unsafe_browser.rb
@@ -168,12 +168,12 @@ end
Then /^I cannot configure the Unsafe Browser to use any local proxies$/ do
next if @skip_steps_while_restoring_background
- @screen.wait_and_click("UnsafeBrowserWindow.png", 10)
+ @screen.wait_and_click_gnome_window("UnsafeBrowserWindow.png", 10)
# First we open the proxy settings page to prepare it with the
# correct open tabs for the loop below.
@screen.click('UnsafeBrowserMenuButton.png')
@screen.wait_and_click('UnsafeBrowserPreferencesButton.png', 10)
- @screen.wait('UnsafeBrowserPreferencesWindow.png', 10)
+ @screen.wait_for_gnome_window('UnsafeBrowserPreferencesWindow.png', 10)
@screen.wait_and_click('UnsafeBrowserAdvancedSettings.png', 10)
@screen.wait_and_click('UnsafeBrowserNetworkTab.png', 10)
sleep 0.5
@@ -199,7 +199,7 @@ Then /^I cannot configure the Unsafe Browser to use any local proxies$/ do
# Open proxy settings and select manual proxy configuration
@screen.click('UnsafeBrowserMenuButton.png')
@screen.wait_and_click('UnsafeBrowserPreferencesButton.png', 10)
- @screen.wait('UnsafeBrowserPreferencesWindow.png', 10)
+ @screen.wait_for_gnome_window('UnsafeBrowserPreferencesWindow.png', 10)
@screen.type("e", Sikuli::KeyModifier.ALT)
@screen.wait('UnsafeBrowserProxySettings.png', 10)
@screen.type("m", Sikuli::KeyModifier.ALT)
@@ -210,12 +210,10 @@ Then /^I cannot configure the Unsafe Browser to use any local proxies$/ do
# Close settings
@screen.type(Sikuli::Key.ENTER)
-# @screen.waitVanish('UnsafeBrowserProxySettings.png', 10)
- sleep 0.5
+ @screen.waitVanish('UnsafeBrowserProxySettings.png', 10)
+ @screen.wait_for_gnome_window('UnsafeBrowserPreferencesWindow.png', 10)
@screen.type(Sikuli::Key.ESC)
-# @screen.waitVanish('UnsafeBrowserPreferences.png', 10)
- sleep 0.5
-
+ @screen.waitVanish('UnsafeBrowserPreferencesWindow.png', 10)
# Test that the proxy settings work as they should
step "I open the address \"https://check.torproject.org\" in the Unsafe Browser"
if proxy_type == no_proxy
diff --git a/features/step_definitions/usb.rb b/features/step_definitions/usb.rb
index cfe58df..9385f27 100644
--- a/features/step_definitions/usb.rb
+++ b/features/step_definitions/usb.rb
@@ -202,35 +202,49 @@ end
Given /^I create a persistent partition with password "([^"]+)"$/ do |pwd|
next if @skip_steps_while_restoring_background
step 'I start "ConfigurePersistentVolume" via the GNOME "Tails" applications menu'
- @screen.wait('PersistenceWizardWindow.png', 40)
@screen.wait('PersistenceWizardStart.png', 20)
@screen.type(pwd + "\t" + pwd + Sikuli::Key.ENTER)
@screen.wait('PersistenceWizardPresets.png', 300)
step "I enable all persistence presets"
end
-def check_part_integrity(name, dev, usage, type, scheme, label)
- info = @vm.execute("udisks --show-info #{dev}").stdout
- info_split = info.split("\n partition:\n")
+def check_disk_integrity(name, dev, scheme)
+ info = @vm.execute("udisksctl info --block-device '#{dev}'").stdout
+ info_split = info.split("\n org\.freedesktop\.UDisks2\.PartitionTable:\n")
+ dev_info = info_split[0]
+ part_table_info = info_split[1]
+ assert(part_table_info.match("^ Type: +#{scheme}$"),
+ "Unexpected partition scheme on USB drive '#{name}', '#{dev}'")
+end
+
+def check_part_integrity(name, dev, usage, fs_type, part_label, part_type = nil)
+ info = @vm.execute("udisksctl info --block-device '#{dev}'").stdout
+ info_split = info.split("\n org\.freedesktop\.UDisks2\.Partition:\n")
dev_info = info_split[0]
part_info = info_split[1]
- assert(dev_info.match("^ usage: +#{usage}$"),
+ assert(dev_info.match("^ IdUsage: +#{usage}$"),
"Unexpected device field 'usage' on USB drive '#{name}', '#{dev}'")
- assert(dev_info.match("^ type: +#{type}$"),
- "Unexpected device field 'type' on USB drive '#{name}', '#{dev}'")
- assert(part_info.match("^ scheme: +#{scheme}$"),
- "Unexpected partition scheme on USB drive '#{name}', '#{dev}'")
- assert(part_info.match("^ label: +#{label}$"),
+ assert(dev_info.match("^ IdType: +#{fs_type}$"),
+ "Unexpected device field 'IdType' on USB drive '#{name}', '#{dev}'")
+ assert(part_info.match("^ Name: +#{part_label}$"),
"Unexpected partition label on USB drive '#{name}', '#{dev}'")
+ if part_type
+ assert(part_info.match("^ Type: +#{part_type}$"),
+ "Unexpected partition type on USB drive '#{name}', '#{dev}'")
+ end
end
def tails_is_installed_helper(name, tails_root, loader)
- dev = @vm.disk_dev(name) + "1"
- check_part_integrity(name, dev, "filesystem", "vfat", "gpt", "Tails")
+ disk_dev = @vm.disk_dev(name)
+ part_dev = disk_dev + "1"
+ check_disk_integrity(name, disk_dev, "gpt")
+ check_part_integrity(name, part_dev, "filesystem", "vfat", "Tails",
+ # EFI System Partition
+ 'c12a7328-f81f-11d2-ba4b-00a0c93ec93b')
target_root = "/mnt/new"
@vm.execute("mkdir -p #{target_root}")
- @vm.execute("mount #{dev} #{target_root}")
+ @vm.execute("mount #{part_dev} #{target_root}")
c = @vm.execute("diff -qr '#{tails_root}/live' '#{target_root}/live'")
assert(c.success?,
@@ -238,7 +252,7 @@ def tails_is_installed_helper(name, tails_root, loader)
syslinux_files = @vm.execute("ls -1 #{target_root}/syslinux").stdout.chomp.split
# We deal with these files separately
- ignores = ["syslinux.cfg", "exithelp.cfg", "ldlinux.sys"]
+ ignores = ["syslinux.cfg", "exithelp.cfg", "ldlinux.c32", "ldlinux.sys"]
for f in syslinux_files - ignores do
c = @vm.execute("diff -q '#{tails_root}/#{loader}/#{f}' " +
"'#{target_root}/syslinux/#{f}'")
@@ -282,7 +296,7 @@ end
Then /^a Tails persistence partition with password "([^"]+)" exists on USB drive "([^"]+)"$/ do |pwd, name|
next if @skip_steps_while_restoring_background
dev = @vm.disk_dev(name) + "2"
- check_part_integrity(name, dev, "crypto", "crypto_LUKS", "gpt", "TailsData")
+ check_part_integrity(name, dev, "crypto", "crypto_LUKS", "TailsData")
# The LUKS container may already be opened, e.g. by udisks after
# we've run tails-persistence-setup.
@@ -303,11 +317,11 @@ Then /^a Tails persistence partition with password "([^"]+)" exists on USB drive
end
# Adapting check_part_integrity() seems like a bad idea so here goes
- info = @vm.execute("udisks --show-info #{luks_dev}").stdout
- assert info.match("^ cleartext luks device:$")
- assert info.match("^ usage: +filesystem$")
- assert info.match("^ type: +ext[34]$")
- assert info.match("^ label: +TailsData$")
+ info = @vm.execute("udisksctl info --block-device '#{luks_dev}'").stdout
+ assert info.match("^ CryptoBackingDevice: +'/[a-zA-Z0-9_/]+'$")
+ assert info.match("^ IdUsage: +filesystem$")
+ assert info.match("^ IdType: +ext[34]$")
+ assert info.match("^ IdLabel: +TailsData$")
mount_dir = "/mnt/#{name}"
@vm.execute("mkdir -p #{mount_dir}")
@@ -425,7 +439,7 @@ Then /^the boot device has safe access rights$/ do
assert(dev_group == "disk" || dev_group == "root",
"Boot device '#{dev}' owned by group '#{dev_group}', expected " +
"'disk' or 'root'.")
- assert_equal("1660", dev_perms)
+ assert_equal("660", dev_perms)
for user, groups in all_users_with_groups do
next if user == "root"
assert(!(groups.include?(dev_group)),
@@ -434,8 +448,8 @@ Then /^the boot device has safe access rights$/ do
end
end
- info = @vm.execute("udisks --show-info #{super_boot_dev}").stdout
- assert(info.match("^ system internal: +1$"),
+ info = @vm.execute("udisksctl info --block-device '#{super_boot_dev}'").stdout
+ assert(info.match("^ HintSystem: +true$"),
"Boot device '#{super_boot_dev}' is not system internal for udisks")
end
@@ -591,7 +605,6 @@ end
When /^I delete the persistent partition$/ do
next if @skip_steps_while_restoring_background
step 'I start "DeletePersistentVolume" via the GNOME "Tails" applications menu'
- @screen.wait("PersistenceWizardWindow.png", 40)
@screen.wait("PersistenceWizardDeletionStart.png", 20)
@screen.type(" ")
@screen.wait("PersistenceWizardDone.png", 120)
diff --git a/features/support/helpers/misc_helpers.rb b/features/support/helpers/misc_helpers.rb
index a1ec6fc..b8df3b0 100644
--- a/features/support/helpers/misc_helpers.rb
+++ b/features/support/helpers/misc_helpers.rb
@@ -67,8 +67,7 @@ rescue unique_timeout_exception => e
end
def wait_until_tor_is_working
- try_for(270) { @vm.execute(
- '. /usr/local/lib/tails-shell-library/tor.sh; tor_is_working').success? }
+ try_for(270) { @vm.execute('/usr/local/sbin/tor-has-bootstrapped').success? }
end
def convert_bytes_mod(unit)
diff --git a/features/support/helpers/sikuli_helper.rb b/features/support/helpers/sikuli_helper.rb
index 8bc54b6..6f7ed4c 100644
--- a/features/support/helpers/sikuli_helper.rb
+++ b/features/support/helpers/sikuli_helper.rb
@@ -169,6 +169,28 @@ def sikuli_script_proxy.new(*args)
self.hover_point(self.w, self.h/2)
end
+ def wait_for_gnome_window(window_title_img, timeout)
+ try_for(timeout) do
+ m = self.find(window_title_img)
+ # Respective to the matched window title, this is the region
+ # from its right edge to the right edge of the screen, where we
+ # would expect the GNOME window's X button.
+ r = Sikuli::Region.new(m.x + m.w, m.y, self.w - m.x - m.w, m.h)
+ # Note that below we call Sikuli::Region's find, so we won't get
+ # any retry if $sikuli_retry_findfailed is set.
+ r.find("GnomeWindowTitleBarRightEdge.png")
+ return m
+ end
+ end
+
+ def wait_and_click_gnome_window(window_title_img, timeout)
+ self.click(self.wait_for_gnome_window(window_title_img, timeout))
+ end
+
+ def wait_and_double_click_gnome_window(window_title_img, timeout)
+ self.doubleClick(self.wait_for_gnome_window(window_title_img, timeout))
+ end
+
s
end
diff --git a/po/POTFILES.in b/po/POTFILES.in
index ad94e21..48764de 100644
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -3,7 +3,7 @@ tmp/pot/60-tor-ready.sh.pot
tmp/pot/config.py.pot
tmp/pot/electrum.pot
tmp/pot/gpgApplet.pot
-tmp/pot/shutdown-helper-applet.pot
+tmp/pot/shutdown-helper-extension.js.pot
tmp/pot/tails-about.pot
tmp/pot/tails-additional-software.pot
tmp/pot/tails-htp-notify-user.pot
diff --git a/po/POTFILES.skip b/po/POTFILES.skip
index bfacdba..ddd07d3 100644
--- a/po/POTFILES.skip
+++ b/po/POTFILES.skip
@@ -1,7 +1,3 @@
-config/chroot_local-includes/etc/xdg/autostart/add-bookmark-for-persistent-directory.desktop.in
config/chroot_local-includes/etc/xdg/autostart/gpgApplet.desktop.in
-config/chroot_local-includes/etc/xdg/autostart/save-im-environment.desktop.in
-config/chroot_local-includes/etc/xdg/autostart/security-check.desktop.in
-config/chroot_local-includes/etc/xdg/autostart/virt-notify.desktop.in
wiki/src/
diff --git a/refresh-translations b/refresh-translations
index 40ab45f..c58d1d0 100755
--- a/refresh-translations
+++ b/refresh-translations
@@ -7,7 +7,7 @@ PERL_PROGS="/usr/local/bin/gpgApplet /usr/local/bin/tails-security-check \
/usr/local/bin/tails-htp-notify-user \
/usr/local/bin/tails-virt-notify-user \
/usr/local/sbin/tails-restricted-network-detector"
-PYTHON_PROGS="/etc/whisperback/config.py /usr/local/lib/shutdown-helper-applet \
+PYTHON_PROGS="/etc/whisperback/config.py \
/usr/local/bin/tails-about /usr/local/sbin/tails-additional-software"
SHELL_PROGS="/etc/NetworkManager/dispatcher.d/60-tor-ready.sh \
/usr/local/bin/electrum \
@@ -17,6 +17,9 @@ SHELL_PROGS="/etc/NetworkManager/dispatcher.d/60-tor-ready.sh \
/usr/local/sbin/i2p-browser \
/usr/local/bin/tor-browser \
/usr/local/sbin/unsafe-browser"
+JAVASCRIPT_PROGS=" \
+ /usr/share/gnome-shell/extensions/shutdown-helper@tails.boum.org/extension.js \
+"
LOCALE_BASEDIR=config/chroot_local-includes/usr/share/locale
@@ -30,7 +33,14 @@ prog_potfile () {
prog=$1
progpath="config/chroot_local-includes$prog"
- domain=$(basename $prog)
+ case $prog in
+ /usr/share/gnome-shell/extensions/shutdown-helper@tails.boum.org/extension.js)
+ domain=shutdown-helper-extension.js
+ ;;
+ *)
+ domain=$(basename $prog)
+ ;;
+ esac
echo "tmp/pot/${domain}.pot"
}
@@ -103,6 +113,7 @@ mkdir -p tmp/pot
for prog in $PERL_PROGS ; do refresh_pot $prog Perl ; done
for prog in $PYTHON_PROGS ; do refresh_pot $prog Python ; done
for prog in $SHELL_PROGS ; do refresh_pot $prog Shell ; done
+for prog in $JAVASCRIPT_PROGS ; do refresh_pot $prog JavaScript ; done
intltool_update_pot
# If left out files are detected, intltool-update --maintain writes
diff --git a/vagrant/lib/tails_build_settings.rb b/vagrant/lib/tails_build_settings.rb
index 15ba7d1..256577d 100644
--- a/vagrant/lib/tails_build_settings.rb
+++ b/vagrant/lib/tails_build_settings.rb
@@ -6,7 +6,7 @@
VIRTUAL_MACHINE_HOSTNAME = 'tails-builder-20140709.vagrantup.com'
# Approximate amount of extra space needed for builds
-BUILD_SPACE_REQUIREMENT = 6656
+BUILD_SPACE_REQUIREMENT = 7*1024
# Virtual machine memory size for on-disk builds
VM_MEMORY_FOR_DISK_BUILDS = 512
diff --git a/wiki/src/contribute/design.mdwn b/wiki/src/contribute/design.mdwn
index c625df3..6297293 100644
--- a/wiki/src/contribute/design.mdwn
+++ b/wiki/src/contribute/design.mdwn
@@ -752,15 +752,17 @@ and Bopomofo for Chinese, and Hangul for Korean).
A login script prepares and configures IBus. When a Japanese,
Chinese or Korean locale is selected, this login script selects
-the right default input method, and then starts the IBus daemon.
+the right default input method. GNOME starts the IBus daemon itself.
-Since one may want to work on documents written in
+Still, since one may want to work on documents written in
Chinese, Japanese or Korean even when selecting English as their
-preferred language, IBus can also be manually started in other locales
-using the "IBus Preferences" launcher in the System->Preferences menu.
-IBus' environment variables is always exported on login to make this work.
+preferred language, IBus is also started in other locales, with all
+supported input engines pre-loaded.
-- [[!tails_gitweb config/chroot_local-includes/etc/X11/Xsession.d/80im-starter]]
+IBus' environment variables are always exported on login to make this work.
+
+- [[!tails_gitweb config/chroot_local-includes/usr/lib/systemd/user/tails-configure-keyboard.service]]
+- [[!tails_gitweb config/chroot_local-includes/usr/local/bin/tails-configure-keyboard]]
## 3.4 Notification of security issues and new Tails releases
@@ -778,8 +780,8 @@ environment variable.
This script is run after the user has logged-in and Tor is
in known-working state.
+- [[!tails_gitweb config/chroot_local-includes/usr/lib/systemd/user/tails-security-check.service]]
- [[!tails_gitweb config/chroot_local-includes/usr/local/bin/tails-security-check]]
-- [[!tails_gitweb config/chroot_local-includes/usr/local/bin/tails-security-check-wrapper]]
Security issues that were fixed in a newer version of Tails are taken
care of by [[Tails Upgrader|contribute/design/incremental_upgrades]]
@@ -854,6 +856,7 @@ to click through needlessly scary security warnings.
- [[!tails_gitweb chroot_local-hooks/06-adduser_vidalia]]
- [[!tails_gitweb chroot_local-includes/usr/local/sbin/restart-vidalia]]
+- [[!tails_gitweb config/chroot_local-includes/lib/systemd/system/tor-controlport-filter.service]]
- [[!tails_gitweb chroot_local-includes/usr/local/sbin/tor-controlport-filter]]
- [[!tails_gitweb chroot_local-includes/etc/tor/torrc]]
@@ -989,8 +992,10 @@ ready, they are informed it won't work, and asked whether to start the
browser anyway:
- [[!tails_gitweb config/chroot_local-includes/usr/local/bin/tor-browser]]
-- [[!tails_gitweb config/chroot_local-includes/usr/local/bin/generate-tor-browser-profile]]- [[!tails_gitweb config/chroot_local-includes/usr/local/sbin/tor-has-bootstrapped]]
-- [[!tails_gitweb config/chroot_local-includes/etc/sudoers.d/zzz_tor-has-bootstrapped]]
+- [[!tails_gitweb config/chroot_local-includes/usr/local/bin/generate-tor-browser-profile]]
+- [[!tails_gitweb config/chroot_local-includes/lib/systemd/system/tails-wait-until-tor-has-bootstrapped.service]]
+- [[!tails_gitweb config/chroot_local-includes/usr/lib/systemd/user/tails-wait-until-tor-has-bootstrapped.service]]
+- [[!tails_gitweb config/chroot_local-includes/usr/local/sbin/tor-has-bootstrapped]]
Once Tor is ready to be used, the user is informed they can now use
the Internet:
@@ -1098,7 +1103,7 @@ Bluetooth radio (so that it can be dealt another way:
[[todo/protect_against_external_bus_memory_forensics]]), and
soft-blocks all other kinds of wireless devices (e.g. UWB, GPS, FM).
-- [[!tails_gitweb config/chroot_local-includes/etc/init.d/tails-set-wireless-devices-state]]
+- [[!tails_gitweb config/chroot_local-includes/lib/systemd/system/tails-set-wireless-devices-state.service]]
- [[!tails_gitweb config/chroot_local-includes/usr/local/sbin/tails-set-wireless-devices-state]]
### 3.6.20 OpenSSH
@@ -1117,17 +1122,15 @@ releases). See [[contribute/design/incremental_upgrades]] for details.
To start with, this upgrade mechanism may be only available for
point-releases.
-### 3.6.22 Panel applets
+### 3.6.22 Panel applets and GNOME Shell extensions
-Tails ships a few custom applets in the GNOME panel.
+Tails ships a few custom GNOME panel applets and GNOME Shell
+extensions.
-The shutdown helper applet provides two-clicks shutdown and
-restart actions.
+The shutdown-helper GNOME Shell extension provides two-clicks shutdown and
+restart actions, as well as screen locking.
-- [[!tails_gitweb config/chroot_local-includes/etc/skel/.config/gnome-panel/panel-default-layout.layout]]
-- [[!tails_gitweb config/chroot_local-includes/usr/local/lib/shutdown-helper-applet]]
-- [[!tails_gitweb config/chroot_local-includes/usr/share/dbus-1/services/org.gnome.panel.applet.ShutdownHelperFactory.service]]
-- [[!tails_gitweb config/chroot_local-includes/usr/share/gnome-panel/4.0/applets/org.boum.tails.ShutdownHelper.panel-applet]]
+- [[!tails_gitweb_dir config/chroot_local-includes/usr/share/gnome-shell/extensions/shutdown-helper@tails.boum.org]]
The Tails OpenPGP applet allows to symmetrically and asymmetrically
encrypt and decrypt text, and to verify OpenPGP signatures.
@@ -1220,10 +1223,8 @@ through `live-build` (that is, usually a local `apt-cacher-ng`).
However, at boot time, a hook does (a more elaborate version of)
`s,http://,tor+http://` in APT sources. Then, APT will use the
-`tor+http` method, that is a simple torsocks wrapper for the good old
-`http` method.
+`tor+http` method, that is provided by [[!debpkg apt-transport-tor]].
-- [[!tails_gitweb config/chroot_local-includes/usr/lib/apt/methods/tor+http]]
- [[!tails_gitweb config/chroot_local-includes/lib/live/config/1500-reconfigure-APT]]
### 3.6.28 Electrum
diff --git a/wiki/src/contribute/design/MAC_address.mdwn b/wiki/src/contribute/design/MAC_address.mdwn
index 314bdac..39823fd 100644
--- a/wiki/src/contribute/design/MAC_address.mdwn
+++ b/wiki/src/contribute/design/MAC_address.mdwn
@@ -371,6 +371,8 @@ Scripts:
* [[!tails_gitweb config/chroot_local-includes/usr/local/sbin/tails-unblock-network]]
+* [[!tails_gitweb config/chroot_local-includes/lib/systemd/system/tails-unblock-network.service]]
+
* [[!greeter_gitweb PostLogin.default]] (where `tails-unblock-network`
is started)
@@ -409,6 +411,9 @@ leaks issue, in addition to other reasons for being discarded:
* ifupdown hook: A if-pre-up hook would probably work but since we use
NetworManager the exact behaviour is blurred and not particularly
well-documented. It doesn't feel robust for this reason.
+ Hence, we disable the macchanger package's built-in way to spoof
+ MAC addresses:
+ [[!tails_gitweb config/chroot_local-patches/disable_macchanger_spoofing.diff]]
* NetworkManager hook: NM doesn't trigger events equivalent to
if-pre-up, so this isn't possible. See the commented parts in:
@@ -514,8 +519,8 @@ notify the user when this happens.
Due to lack of hooks into NetworkManager's connection error handling
we currently use a simple monitoring script that's started when MAC
-spoofing is enabled. It scans syslog for the error message patterns
-from NetworkManager and `wpa_supplicant` expected when the connection
+spoofing is enabled. It scans the NetworkManager unit's journal for
+the error message patterns expected when the connection
fails due to MAC spoofing. When such a pattern is found, a
notification is shown to the user, stating that the connection problem
*may* be MAC spoofing related. Due to the uncertainty and lack of
@@ -531,5 +536,7 @@ Scripts:
* [[!tails_gitweb config/chroot_local-includes/usr/local/sbin/tails-restricted-network-detector]]
+* [[!tails_gitweb config/chroot_local-includes/lib/systemd/system/tails-restricted-network-detector.service]]
+
* [[!greeter_gitweb PostLogin.default]]
(`tails-restricted-network-detector` started from this script)
diff --git a/wiki/src/contribute/design/Time_syncing.mdwn b/wiki/src/contribute/design/Time_syncing.mdwn
index 7f1270d..4a9234b 100644
--- a/wiki/src/contribute/design/Time_syncing.mdwn
+++ b/wiki/src/contribute/design/Time_syncing.mdwn
@@ -162,7 +162,7 @@ the the other pools. The pools are as follows:
* The "neutral" pool members have a neutral raltionship to both the
"pal" and "foe" pool.
-The pools are listed in [[!tails_gitweb config/chroot_local-includes/etc/default/htpdate]].
+The pools are listed in [[!tails_gitweb config/chroot_local-includes/etc/default/htpdate.pools]].
Basically, Tails `htpdate` pick three random servers (one from each
pool), and then build the mediate of the three advertised dates.
@@ -196,3 +196,8 @@ hardware being used" design goal:
* [[!tails_gitweb config/chroot_local-patches/do-not-modify-hardware-clock.diff]]
* [[!tails_gitweb config/chroot_local-hooks/52-update-rc.d]]
+
+See also:
+
+* [[!tails_gitweb config/chroot_local-hooks/46-configure-htpdate]]
+* [[!tails_gitweb config/chroot_local-includes/lib/systemd/system/htpdate.service]]
diff --git a/wiki/src/contribute/design/application_isolation.mdwn b/wiki/src/contribute/design/application_isolation.mdwn
index fb43f23..b31d40d 100644
--- a/wiki/src/contribute/design/application_isolation.mdwn
+++ b/wiki/src/contribute/design/application_isolation.mdwn
@@ -110,9 +110,9 @@ between the Tor Browser, the file browser, and all non-confined
applications. That directory is called `~/Tor Browser/`, and a GTK
bookmark pointing to it is created at login time:
-* [[!tails_gitweb config/chroot_local-includes/etc/xdg/autostart/create-tor-browser-directories.desktop]]
+* [[!tails_gitweb config/chroot_local-includes/usr/lib/systemd/user/tails-create-tor-browser-directories.service]]
* [[!tails_gitweb config/chroot_local-includes/usr/local/lib/create-tor-browser-directories]]
-* [[!tails_gitweb config/chroot_local-includes/etc/xdg/autostart/add-GNOME-bookmarks.desktop]]
+* [[!tails_gitweb config/chroot_local-includes/usr/lib/systemd/user/tails-add-GNOME-bookmarks.service]]
* [[!tails_gitweb config/chroot_local-includes/usr/local/lib/add-GNOME-bookmarks]]
Then, we have a usability issue: the space available in that directory
diff --git a/wiki/src/contribute/design/incremental_upgrades.mdwn b/wiki/src/contribute/design/incremental_upgrades.mdwn
index fffffd4..4596d37 100644
--- a/wiki/src/contribute/design/incremental_upgrades.mdwn
+++ b/wiki/src/contribute/design/incremental_upgrades.mdwn
@@ -38,7 +38,7 @@ The rest lives in the main Tails [[contribute/Git]] repository:
* [[!tails_gitweb config/chroot_local-includes/usr/local/bin/tails-upgrade-frontend-wrapper]]
* [[!tails_gitweb config/chroot_local-includes/etc/sudoers.d/zzz_upgrade]]
-* [[!tails_gitweb config/chroot_local-includes/usr/share/applications/tails-upgrader.desktop]]
+* [[!tails_gitweb config/chroot_local-includes/usr/lib/systemd/user/tails-upgrade-frontend.service]]
# Scenarios
@@ -710,9 +710,7 @@ user, who itself:
argument, using passwordless sudo, as the
`tails-iuk-get-target-file` user;
* is allowed to run `tails-iuk-mktemp-get-target-file`, using
- passwordless sudo, as the `tails-iuk-get-target-file` user;
-* is allowed to run `tor-has-bootstrapped`, using passwordless sudo,
- as the `debian-tor` user.
+ passwordless sudo, as the `tails-iuk-get-target-file` user.
The `tails-install-iuk` user is allowed to run, using passwordless
sudo, every command required by its task (currently: `chmod`, `cp`,
diff --git a/wiki/src/contribute/design/memory_erasure.mdwn b/wiki/src/contribute/design/memory_erasure.mdwn
index 5e7bb85..6f74c21 100644
--- a/wiki/src/contribute/design/memory_erasure.mdwn
+++ b/wiki/src/contribute/design/memory_erasure.mdwn
@@ -37,11 +37,11 @@ fine tuning the options passed to the `sdmem` program.
These `sdmem` and `sdmemopts` are appended to the fresh kernel command
line parameters, when memory erasure is triggered, by the
-`tails-kexec` initscript that is itself parameterized by the usual,
+`tails-kexec` shutdown script that is itself parameterized by the usual,
slightly customized, kexec-tools configuration file.
- [[!tails_gitweb config/chroot_local-includes/etc/default/kexec]]
-- [[!tails_gitweb config/chroot_local-includes/etc/init.d/tails-kexec]]
+- [[!tails_gitweb config/chroot_local-includes/lib/systemd/system-shutdown/tails-kexec]]
#### Actual memory erasure process
@@ -57,25 +57,26 @@ protect against every memory forensics attack we know of.
#### Triggers
Different kinds of events trigger the memory erasure process. All lead
-to run the `tails-kexec` initscript.
+to run the `tails-kexec` shutdown script.
**First, the memory erasure process is triggered at the end of a normal
shutdown/reboot sequence.** This is implemented by slightly modifying
the System V initscripts shipped by the `kexec-tools` Debian package:
the `kexec-load` initscript, that normally only runs at reboot time,
is enabled to run at shutdown time as well. A custom `tails-kexec`
-initscript replaces the `kexec` one in order to support the case when
+shutdown script replaces the `kexec` initscript, in order to support the case when
the boot medium is not available anymore at the time this script runs;
it also provides an improved user interface more suitable for Tails
-target users needs. Finally, the standard Debian `halt` and `reboot`
-initscripts are taken over by having the `tails-kexec` initscript run
-before they have a chance to be run (implemented with `Required-Stop`
-in the LSB headers).
+target users needs. Finally, the standard systemd `halt`, `poweroff`,
+`reboot`, `kexec` and `shutdown`
+actions are taken over by having the `tails-kexec` script, that is run
+just before they have a chance to be triggered (thanks to systemd's
+`/lib/systemd/system-shutdown/` facility, documented in
+`systemd-kexec.service(8)`).
- [[!tails_gitweb config/chroot_local-patches/run_kexec-load_on_halt.diff]]
-- [[!tails_gitweb config/chroot_local-patches/disable_kexec_initscript.diff]]
-- [[!tails_gitweb config/chroot_local-includes/etc/init.d/tails-kexec]]
- [[!tails_gitweb config/chroot_local-hooks/52-update-rc.d]]
+- [[!tails_gitweb config/chroot_local-includes/lib/systemd/system-shutdown/tails-kexec]]
**Second, the memory erasure process is triggered when the boot medium
is physically removed during runtime (USB boot medium is unplugged or
@@ -88,8 +89,10 @@ physically removed.
- [[!tails_gitweb config/chroot_local-includes/usr/local/sbin/udev-watchdog-wrapper]]
- [[!tails_gitweb config/chroot_local-includes/usr/src/udev-watchdog.c]]
- [[!tails_gitweb config/chroot_local-hooks/52-udev-watchdog]]
-- [[!tails_gitweb config/chroot_local-includes/etc/init.d/tails-sdmem-on-media-removal]]
+- [[!tails_gitweb config/chroot_local-includes/lib/systemd/system/tails-sdmem-on-media-removal.service]]
- [[!tails_gitweb config/chroot_local-hooks/52-update-rc.d]]
+- [[!tails_gitweb config/chroot_local-patches/run_kexec-load_even_in_emergency_shutdown.diff]]
+- [[!tails_gitweb config/chroot_local-hooks/21-gdm_unit_file]]
#### Making sure needed files are available
@@ -106,7 +109,11 @@ to remaining processes).
- [[!debpts memlockd]]
- [[!tails_gitweb config/chroot_local-includes/etc/memlockd.cfg]]
- [[!tails_gitweb config/chroot_local-patches/keep_memlockd_on_shutdown.diff]]
-- [[!tails_gitweb config/chroot_local-includes/etc/init.d/tails-reconfigure-memlockd]]
+- [[!tails_gitweb config/chroot_local-includes/lib/systemd/system/memlockd.service.d/oom.conf]]
+- [[!tails_gitweb config/chroot_local-includes/lib/systemd/system/tails-reconfigure-kexec.service]]
+- [[!tails_gitweb config/chroot_local-includes/lib/systemd/system/tails-reconfigure-memlockd.service]]
+- [[!tails_gitweb config/chroot_local-includes/usr/local/sbin/tails-reconfigure-kexec]]
+- [[!tails_gitweb config/chroot_local-includes/usr/local/sbin/tails-reconfigure-memlockd]]
#### User interface
@@ -118,6 +125,8 @@ started, and if it was booted from a USB drive it can be removed as
soon as the memory wiping has been started.
A short but visible message, displayed for a few seconds, explains the
-user what is going to happen.
+user what is going to happen. To make this possible, we mask the
+`plymouth-{halt,kexec,poweroff,reboot,shutdown}` services.
-- [[!tails_gitweb config/chroot_local-includes/etc/init.d/tails-kexec]]
+- [[!tails_gitweb config/chroot_local-includes/lib/systemd/system-shutdown/tails-kexec]]
+- [[!tails_gitweb config/chroot_local-hooks/52-update-rc.d]]
diff --git a/wiki/src/contribute/design/stream_isolation.mdwn b/wiki/src/contribute/design/stream_isolation.mdwn
index 5190e6a..a7461fa 100644
--- a/wiki/src/contribute/design/stream_isolation.mdwn
+++ b/wiki/src/contribute/design/stream_isolation.mdwn
@@ -92,7 +92,7 @@ in [[!tails_gitweb config/chroot_local-includes/etc/tor/torrc]]:
Applications are configured to use the right SOCKS port:
- [[!tails_gitweb config/chroot_local-includes/etc/tor-browser/profile/preferences/0000tails.js]]
-- [[!tails_gitweb config/chroot_local-includes/etc/init.d/htpdate]]
+- [[!tails_gitweb config/chroot_local-includes/lib/systemd/system/htpdate.service]]
- [[!tails_gitweb config/chroot_local-includes/etc/tor/tor-tsocks-mua.conf]]
- [[!tails_gitweb config/chroot_local-includes/usr/local/bin/tails-security-check]]
- [[!tails_gitweb config/chroot_local-includes/usr/local/bin/torified-claws-mail]]
diff --git a/wiki/src/contribute/design/virtualization_support.mdwn b/wiki/src/contribute/design/virtualization_support.mdwn
index ce742d3..479285c 100644
--- a/wiki/src/contribute/design/virtualization_support.mdwn
+++ b/wiki/src/contribute/design/virtualization_support.mdwn
@@ -9,13 +9,9 @@ points to a [[dedicated documentation page|doc/advanced_topics/virtualization]].
This is needed to avoid creating a false sense of security, which is
often worse than no security and a clear sense of it.
-The detection is done at boot time with
-[virt-what](http://packages.qa.debian.org/v/virt-what.html). Detection
-results are stored in `/var/lib/live/detected-virtual-machine` and
-later used by a desktop notification system.
+The detection is done with `systemd-detect-virt`.
-- [[!tails_gitweb config/chroot_local-includes/etc/init.d/tails-detect-virtualization]]
-- [[!tails_gitweb config/chroot_local-includes/etc/xdg/autostart/virt-notify.desktop]]
+- [[!tails_gitweb config/chroot_local-includes/lib/systemd/user/tails-virt-notify-user.service]]
- [[!tails_gitweb config/chroot_local-includes/usr/local/bin/tails-virt-notify-user]]
A bit more work is [[!tails_todo virtualization_support desc="left to do"]].
diff --git a/wiki/src/contribute/release_process/test.mdwn b/wiki/src/contribute/release_process/test.mdwn
index d7e9d16..96a114c 100644
--- a/wiki/src/contribute/release_process/test.mdwn
+++ b/wiki/src/contribute/release_process/test.mdwn
@@ -354,5 +354,8 @@ language. You *really* have to reboot between each language.
* Check that Tails Greeter's "more options" screen displays properly
on a display with 600 px height, preferably in a language that's
more verbose than English (e.g. French).
-* Check that all seems well during init (mostly that all services
- start without errors), and that `/var/log/syslog` seems OK.
+* `sudo systemctl is-system-running` should print `running`
+ (automate: [[!tails_ticket 8262]])
+* Check that all seems well during init:
+ - `systemctl --failed --all` should say `0 loaded units listed`
+ - the output of `journalctl` should seem OK.
diff --git a/wiki/src/contribute/release_process/test/automated_tests.mdwn b/wiki/src/contribute/release_process/test/automated_tests.mdwn
index 423714b..01bcd4e 100644
--- a/wiki/src/contribute/release_process/test/automated_tests.mdwn
+++ b/wiki/src/contribute/release_process/test/automated_tests.mdwn
@@ -111,7 +111,7 @@ Requirements on the guest (the remote shell server):
Scripts:
* [[!tails_gitweb config/chroot_local-includes/usr/local/lib/tails-autotest-remote-shell]]
-* [[!tails_gitweb config/chroot_local-includes/etc/init.d/tails-autotest-remote-shell]]
+* [[!tails_gitweb config/chroot_local-includes/lib/systemd/system/tails-autotest-remote-shell.service]]
# The art of writing new product test cases
diff --git a/wiki/src/doc/about/features.mdwn b/wiki/src/doc/about/features.mdwn
index 38d4ad8..035f0af 100644
--- a/wiki/src/doc/about/features.mdwn
+++ b/wiki/src/doc/about/features.mdwn
@@ -2,9 +2,7 @@
[[!toc levels=2]]
-Tails is based on [[Debian|https://www.debian.org/]] 7 (Wheezy).
-It will switch to Debian 8 (Jessie) a few months
-after its release.
+Tails is based on [[Debian|https://www.debian.org/]] 8 (Jessie).
Included software
=================
diff --git a/wiki/src/support/known_issues.mdwn b/wiki/src/support/known_issues.mdwn
index b45eefc..73534cc 100644
--- a/wiki/src/support/known_issues.mdwn
+++ b/wiki/src/support/known_issues.mdwn
@@ -396,6 +396,18 @@ Tails fails to connect to certain Wi-Fi networks
This might be related to the introduction of wireless regulation support
in Tails 0.13.
+The desktop crashes when run with the default QEMU emulated processor
+---------------------------------------------------------------------
+
+Due to a [bug in llvmpipe](https://freedesktop.org/patch/34445/), when
+Tails runs in a QEMU virtual machine with the default emulated CPU,
+the GNOME desktop crashes after login.
+
+To workaround this problem, pass @-cpu host@ on the QEMU command-line.
+If you use <span class="application">libvirt</span>, choose <span
+class="guilabel">Copy host CPU configuration</span> in <span
+class="application">virt-manager</span>'s processor configuration screen.
+
Touchpad configurations
-----------------------