summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.gitmodules6
-rw-r--r--Rakefile2
-rwxr-xr-xauto/build2
-rwxr-xr-xauto/config41
-rwxr-xr-xauto/scripts/apt-mirror21
-rwxr-xr-xauto/scripts/tails-custom-apt-sources2
-rw-r--r--config/APT_snapshots.d/debian/serial2
-rw-r--r--config/APT_snapshots.d/torproject/serial2
-rw-r--r--config/amnesia4
-rw-r--r--config/base_branch2
-rw-r--r--config/binary_local-hooks/05-rename-kernels6
-rwxr-xr-xconfig/binary_local-hooks/20-syslinux_detect_cpu46
-rwxr-xr-xconfig/binary_local-hooks/30-syslinux_fixup2
-rwxr-xr-xconfig/binary_local-hooks/40-include_syslinux_in_ISO_filesystem42
-rwxr-xr-xconfig/binary_local-hooks/50-grub-efi-ia322
-rwxr-xr-xconfig/binary_local-hooks/99-syslinux_uefi2
-rw-r--r--config/binary_local-includes/isolinux/sorry32.txt12
-rw-r--r--config/build-manifest-extra-packages.yml2
-rw-r--r--config/chroot_apt/preferences162
-rw-r--r--config/chroot_local-hooks/03-dpkg-architectures7
-rwxr-xr-xconfig/chroot_local-hooks/04-apt-architectures10
-rwxr-xr-xconfig/chroot_local-hooks/09-torsocks-apps6
-rwxr-xr-xconfig/chroot_local-hooks/09-torsocks-configuration12
-rwxr-xr-xconfig/chroot_local-hooks/10-tbb9
-rwxr-xr-xconfig/chroot_local-hooks/11-enable-icedove-addons4
-rwxr-xr-x[-rw-r--r--]config/chroot_local-hooks/11-localize_browser4
-rwxr-xr-xconfig/chroot_local-hooks/12-initramfs-compress13
-rw-r--r--config/chroot_local-hooks/12-linux-amd649
-rwxr-xr-xconfig/chroot_local-hooks/13-aufs49
-rwxr-xr-xconfig/chroot_local-hooks/20-fix-root-terminal-xauthority16
-rwxr-xr-xconfig/chroot_local-hooks/30-disable-wayland-in-gdm9
-rwxr-xr-xconfig/chroot_local-hooks/31-lower-DefaultTimeoutStopSec9
-rwxr-xr-xconfig/chroot_local-hooks/40-pinentry9
-rwxr-xr-xconfig/chroot_local-hooks/42-remove_tsocks_binary9
-rwxr-xr-xconfig/chroot_local-hooks/43-adjust_path_to_ibus-unikey_binaries18
-rwxr-xr-xconfig/chroot_local-hooks/44-remove-unused-AppArmor-profiles2
-rwxr-xr-xconfig/chroot_local-hooks/45-disable-unneeded-dbus-services13
-rwxr-xr-xconfig/chroot_local-hooks/47-tweak_laptop-mode-tools3
-rwxr-xr-xconfig/chroot_local-hooks/50-dkms22
-rwxr-xr-xconfig/chroot_local-hooks/52-update-rc.d52
-rwxr-xr-xconfig/chroot_local-hooks/54-menu3
-rwxr-xr-xconfig/chroot_local-hooks/57-disable-gnome-keyring-gpg-functionality8
-rwxr-xr-xconfig/chroot_local-hooks/57-disable-system-config-printer-applet8
-rwxr-xr-xconfig/chroot_local-hooks/58-create-tails-website-CA-bundle2
-rwxr-xr-xconfig/chroot_local-hooks/62-haveged3
-rwxr-xr-xconfig/chroot_local-hooks/98-remove_unwanted_files3
-rwxr-xr-xconfig/chroot_local-hooks/98-remove_unwanted_packages24
-rwxr-xr-xconfig/chroot_local-hooks/99-disable-multiarch11
-rwxr-xr-xconfig/chroot_local-hooks/99-initramfs-compress20
-rw-r--r--config/chroot_local-includes/etc/NetworkManager/conf.d/dhcp-hostname.conf2
-rw-r--r--config/chroot_local-includes/etc/NetworkManager/conf.d/plugins.conf2
-rw-r--r--config/chroot_local-includes/etc/NetworkManager/conf.d/spoof-mac.conf3
-rwxr-xr-xconfig/chroot_local-includes/etc/NetworkManager/dispatcher.d/00-save-env4
-rwxr-xr-xconfig/chroot_local-includes/etc/NetworkManager/dispatcher.d/01-wait-for-notification-recipient.sh1
-rwxr-xr-xconfig/chroot_local-includes/etc/NetworkManager/dispatcher.d/10-tor.sh4
-rwxr-xr-xconfig/chroot_local-includes/etc/NetworkManager/dispatcher.d/20-time.sh8
-rwxr-xr-xconfig/chroot_local-includes/etc/NetworkManager/dispatcher.d/60-tor-ready.sh4
-rwxr-xr-xconfig/chroot_local-includes/etc/NetworkManager/dispatcher.d/60-ttdnsd.sh14
-rwxr-xr-xconfig/chroot_local-includes/etc/NetworkManager/dispatcher.d/70-upgrade-additional-software.sh2
-rw-r--r--config/chroot_local-includes/etc/X11/Xsession.d/56gnome-classic4
-rw-r--r--config/chroot_local-includes/etc/apparmor.d/tunables/alias.d/tails3
-rw-r--r--config/chroot_local-includes/etc/apt/apt.conf.d/14keep-debs1
-rw-r--r--config/chroot_local-includes/etc/dconf/db/local.d/00_Tails_defaults30
-rwxr-xr-xconfig/chroot_local-includes/etc/default/ttdnsd17
-rw-r--r--config/chroot_local-includes/etc/environment3
-rw-r--r--config/chroot_local-includes/etc/ferm/ferm.conf15
l---------config/chroot_local-includes/etc/live/config.conf.d1
-rw-r--r--config/chroot_local-includes/etc/mailname1
-rw-r--r--config/chroot_local-includes/etc/modprobe.d/qxl.conf1
-rw-r--r--config/chroot_local-includes/etc/skel/.config/Trolltech.conf2
-rw-r--r--config/chroot_local-includes/etc/skel/.config/keepassx/config.ini9
-rw-r--r--config/chroot_local-includes/etc/skel/.config/keepassx/keepassx2.ini5
-rw-r--r--config/chroot_local-includes/etc/skel/.gnupg/dirmngr.conf2
-rw-r--r--config/chroot_local-includes/etc/skel/.gnupg/gpg.conf22
-rw-r--r--config/chroot_local-includes/etc/skel/.icedove/profile.default/preferences/0000tails.js2
-rw-r--r--config/chroot_local-includes/etc/skel/.purple/prefs.xml47
-rwxr-xr-x[-rw-r--r--]config/chroot_local-includes/etc/skel/Desktop/Report_an_error.desktop.in0
-rwxr-xr-x[-rw-r--r--]config/chroot_local-includes/etc/skel/Desktop/tails-documentation.desktop.in0
-rw-r--r--config/chroot_local-includes/etc/ssh/ssh_config2
-rw-r--r--config/chroot_local-includes/etc/ssl/certs/sks-keyservers.netCA.pem32
-rw-r--r--config/chroot_local-includes/etc/tor/tor-tsocks-git.conf19
l---------config/chroot_local-includes/etc/udev/rules.d/80-net-setup-link.rules1
l---------config/chroot_local-includes/etc/xdg/autostart/florence.desktop1
-rw-r--r--config/chroot_local-includes/etc/xul-ext/torbirdy.js2
-rwxr-xr-xconfig/chroot_local-includes/lib/live/config/0000-readahead2
-rwxr-xr-xconfig/chroot_local-includes/lib/live/config/2000-import-gnupg-key1
-rwxr-xr-xconfig/chroot_local-includes/lib/live/config/2060-create-upgrader-run-directory3
-rw-r--r--config/chroot_local-includes/lib/live/config/9000-hosts-file15
-rwxr-xr-xconfig/chroot_local-includes/lib/live/config/9980-permissions30
-rw-r--r--config/chroot_local-includes/lib/systemd/system/alsa-restore.service.d/dont-store-state-on-shutdown.conf2
-rw-r--r--config/chroot_local-includes/lib/systemd/system/htpdate.service1
-rw-r--r--config/chroot_local-includes/lib/systemd/system/live-config.service.d/after-tmpfiles.conf2
-rw-r--r--config/chroot_local-includes/usr/lib/systemd/user/tails-32-bit-notify-user.service10
-rw-r--r--config/chroot_local-includes/usr/lib/tmpfiles.d/htpdate.conf2
-rw-r--r--config/chroot_local-includes/usr/lib/tmpfiles.d/tails-upgrader.conf3
-rw-r--r--config/chroot_local-includes/usr/lib/tmpfiles.d/tordate.conf2
-rwxr-xr-xconfig/chroot_local-includes/usr/local/bin/git2
-rwxr-xr-xconfig/chroot_local-includes/usr/local/bin/keepassx35
-rwxr-xr-xconfig/chroot_local-includes/usr/local/bin/tails-boot-to-kexec29
-rwxr-xr-xconfig/chroot_local-includes/usr/local/bin/tails-upgrade-frontend-wrapper2
-rwxr-xr-xconfig/chroot_local-includes/usr/local/bin/tor-launcher2
l---------config/chroot_local-includes/usr/local/etc/ssl/certs/hkps.pool.sks-keyservers.net.pem1
-rwxr-xr-xconfig/chroot_local-includes/usr/local/lib/connect-socks4
-rwxr-xr-xconfig/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user67
-rwxr-xr-xconfig/chroot_local-includes/usr/local/lib/tails-htp-notify-user4
-rwxr-xr-xconfig/chroot_local-includes/usr/local/lib/tor-controlport-filter4
-rwxr-xr-xconfig/chroot_local-includes/usr/local/sbin/live-persist34
-rwxr-xr-xconfig/chroot_local-includes/usr/local/sbin/tails-additional-software2
-rwxr-xr-xconfig/chroot_local-includes/usr/local/sbin/tails-reconfigure-kexec4
-rwxr-xr-xconfig/chroot_local-includes/usr/local/sbin/tails-reconfigure-memlockd4
-rw-r--r--config/chroot_local-includes/usr/share/gdm/dconf/50-tails5
-rw-r--r--config/chroot_local-includes/usr/share/gnome-shell/extensions/shutdown-helper@tails.boum.org/metadata.json3
-rw-r--r--config/chroot_local-includes/usr/share/gnome-shell/extensions/topIcons@adel.gadllah@gmail.com/extension.js194
-rw-r--r--config/chroot_local-includes/usr/share/gnome-shell/extensions/topIcons@adel.gadllah@gmail.com/metadata.json19
-rw-r--r--config/chroot_local-includes/usr/share/gnome-shell/extensions/torstatus@tails.boum.org/metadata.json2
-rwxr-xr-xconfig/chroot_local-includes/usr/share/initramfs-tools/hooks/kms2
-rwxr-xr-xconfig/chroot_local-includes/usr/share/initramfs-tools/scripts/init-top/memory_wipe12
-rw-r--r--config/chroot_local-includes/usr/share/live/config/xserver-xorg/intel.ids3
-rw-r--r--config/chroot_local-includes/usr/share/tails/tbb-sha256sums.txt32
-rw-r--r--config/chroot_local-packageslists/tails-common.list65
-rw-r--r--config/chroot_local-patches/0001-Use-the-Tor-OnionBalance-hidden-service-pool-as-the-.patch38
-rw-r--r--config/chroot_local-patches/0002-Allow-specifying-that-Enigmail-keyserver-communicati.patch97
-rw-r--r--config/chroot_local-patches/apparmor-adjust-cupsd-profile.diff46
-rw-r--r--config/chroot_local-patches/apparmor-adjust-gst_plugin_scanner-profile.diff10
-rw-r--r--config/chroot_local-patches/apparmor-adjust-haveged-profile.diff12
-rw-r--r--config/chroot_local-patches/apparmor-adjust-totem-profile.diff54
-rw-r--r--config/chroot_local-patches/apparmor-alias-dot-d.diff9
-rw-r--r--config/chroot_local-patches/apparmor-aliases.diff66
-rw-r--r--config/chroot_local-patches/dhcp-dont-send-hostname.diff11
-rw-r--r--config/chroot_local-patches/disable-laptop-mode-auto-modules.patch11
-rw-r--r--config/chroot_local-patches/do-not-modify-hardware-clock.diff9
-rw-r--r--config/chroot_local-patches/do_not_save_mixer_levels_on_shutdown.diff7
-rw-r--r--config/chroot_local-patches/improve-window-list-styling.diff71
-rw-r--r--config/chroot_local-patches/include-all-amd64-microcodes.diff10
-rw-r--r--config/chroot_local-patches/keep_haveged_on_shutdown.diff7
-rw-r--r--config/chroot_local-patches/keep_laptop-mode_on_shutdown.diff14
-rw-r--r--config/chroot_local-patches/keep_memlockd_on_shutdown.diff11
-rw-r--r--config/chroot_local-patches/keep_saned_on_shutdown.diff7
-rw-r--r--config/chroot_local-patches/keep_spice-vdagent_on_shutdown.diff7
-rw-r--r--config/chroot_local-patches/live-boot:_dont_mount_live_overlay_twice.patch2
-rw-r--r--config/chroot_local-patches/remount_persistence_filesystem_readonly_on_shutdown.patch2
-rw-r--r--config/chroot_local-patches/run_kexec-load_even_in_emergency_shutdown.diff12
-rw-r--r--config/chroot_local-patches/start_AppArmor_earlier.diff14
-rw-r--r--config/chroot_local-patches/unmute_alsa_channels.patch12
l---------config/chroot_sources/jessie-backports.binary1
-rw-r--r--config/chroot_sources/jessie-backports.chroot1
l---------config/chroot_sources/jessie-proposed-updates.binary1
-rw-r--r--config/chroot_sources/jessie-proposed-updates.chroot1
l---------config/chroot_sources/testing.binary1
-rw-r--r--config/chroot_sources/testing.chroot1
l---------config/chroot_sources/torproject-obfs4proxy.binary1
-rw-r--r--config/chroot_sources/torproject-obfs4proxy.chroot1
-rw-r--r--config/chroot_sources/torproject.chroot2
-rw-r--r--data/debootstrap/scripts/jessie.patch2
-rw-r--r--debian/changelog526
-rw-r--r--features/apt.feature12
-rw-r--r--features/chutney/test-network7
-rw-r--r--features/documentation.feature4
-rw-r--r--features/domains/default.xml2
-rw-r--r--features/erase_memory.feature106
-rw-r--r--features/gnome.feature5
-rw-r--r--features/icedove.feature9
-rw-r--r--features/images/BrowserDownloadDialogSaveAsButton.pngbin1467 -> 1395 bytes
-rw-r--r--features/images/BrowserDownloadFileToDialog.pngbin2663 -> 2086 bytes
-rw-r--r--features/images/CupsTestPage.pngbin1908 -> 1226 bytes
-rw-r--r--features/images/DesktopReportAnError.pngbin1798 -> 2221 bytes
-rw-r--r--features/images/DesktopTailsDocumentation.pngbin0 -> 4513 bytes
-rw-r--r--features/images/DesktopTailsDocumentationIcon.pngbin4509 -> 0 bytes
-rw-r--r--features/images/ElectrumCreateNewSeed.pngbin2496 -> 2217 bytes
-rw-r--r--features/images/ElectrumNextButton.pngbin727 -> 629 bytes
-rw-r--r--features/images/ElectrumNoWallet.pngbin3872 -> 1842 bytes
-rw-r--r--features/images/ElectrumSeedVerificationPrompt.pngbin2296 -> 1572 bytes
-rw-r--r--features/images/ElectrumStatus.pngbin997 -> 1005 bytes
-rw-r--r--features/images/ElectrumWalletGenerationSeed.pngbin2726 -> 2476 bytes
-rw-r--r--features/images/ElectrumWalletSeedTextbox.pngbin110 -> 111 bytes
-rw-r--r--features/images/EvincePrintButton.pngbin1085 -> 1075 bytes
-rw-r--r--features/images/EvincePrintDialog.pngbin1788 -> 1223 bytes
-rw-r--r--features/images/EvincePrintFileDialog.pngbin1579 -> 1510 bytes
-rw-r--r--features/images/EvincePrintOutputFileButton.pngbin2682 -> 1909 bytes
-rw-r--r--features/images/EvincePrintToFile.pngbin1365 -> 1199 bytes
-rw-r--r--features/images/EvinceUnableToOpen.pngbin2085 -> 1976 bytes
-rw-r--r--features/images/GeditCopy.pngbin837 -> 683 bytes
-rw-r--r--features/images/GeditNewTab.pngbin268 -> 409 bytes
-rw-r--r--features/images/GeditPaste.pngbin807 -> 661 bytes
-rw-r--r--features/images/GeditSelectAll.pngbin1045 -> 840 bytes
-rw-r--r--features/images/GeditStatusBar.pngbin1274 -> 945 bytes
-rw-r--r--features/images/GeditWindow.pngbin2006 -> 1211 bytes
-rw-r--r--features/images/GitCloneDone.pngbin2974 -> 0 bytes
-rw-r--r--features/images/GksuAuthPrompt.pngbin4047 -> 0 bytes
-rw-r--r--features/images/GnomeActivitiesOverview.pngbin0 -> 852 bytes
-rw-r--r--features/images/GnomeApplicationsMenu.pngbin1604 -> 572 bytes
-rw-r--r--features/images/GnomeApplicationsMenuGerman.pngbin1505 -> 521 bytes
-rw-r--r--features/images/GnomeCloseAllNotificationsButton.pngbin0 -> 456 bytes
-rw-r--r--features/images/GnomeCloseTopButton.pngbin399 -> 0 bytes
-rw-r--r--features/images/GnomeConnectToServerConnectButton.pngbin1236 -> 0 bytes
-rw-r--r--features/images/GnomeConnectToServerWindow.pngbin1713 -> 0 bytes
-rw-r--r--features/images/GnomeEditMenu.pngbin409 -> 393 bytes
-rw-r--r--features/images/GnomeFilesConnectToServer.pngbin1710 -> 0 bytes
-rw-r--r--features/images/GnomePlaces.pngbin1056 -> 963 bytes
-rw-r--r--features/images/GnomePlacesWithoutTorBrowserPersistent.pngbin5785 -> 7216 bytes
-rw-r--r--features/images/GnomeSSHSuccess.pngbin1082 -> 0 bytes
-rw-r--r--features/images/GnomeSSHVerificationConfirm.pngbin1602 -> 0 bytes
-rw-r--r--features/images/GnomeSystrayFlorence.pngbin277 -> 153 bytes
-rw-r--r--features/images/GobbyConnectPrompt.pngbin2052 -> 0 bytes
-rw-r--r--features/images/GobbyConnectionComplete.pngbin1055 -> 0 bytes
-rw-r--r--features/images/GobbyFailedToShareDocuments.pngbin1886 -> 0 bytes
-rw-r--r--features/images/GobbyWelcomePrompt.pngbin3379 -> 0 bytes
-rw-r--r--features/images/GobbyWindow.pngbin1235 -> 0 bytes
-rw-r--r--features/images/GpgAppletChooseKeyWindow.pngbin1410 -> 1030 bytes
-rw-r--r--features/images/GpgAppletDecryptVerify.pngbin2537 -> 1633 bytes
-rw-r--r--features/images/GpgAppletEncryptPassphrase.pngbin2773 -> 1748 bytes
-rw-r--r--features/images/GpgAppletEncryptionKey.pngbin1812 -> 620 bytes
-rw-r--r--features/images/GpgAppletIconEncrypted.pngbin875 -> 847 bytes
-rw-r--r--features/images/GpgAppletIconNormal.pngbin521 -> 668 bytes
-rw-r--r--features/images/GpgAppletIconSigned.pngbin1015 -> 926 bytes
-rw-r--r--features/images/GpgAppletKeySelected.pngbin1181 -> 933 bytes
-rw-r--r--features/images/GpgAppletManageKeys.pngbin1494 -> 1107 bytes
-rw-r--r--features/images/GpgAppletResults.pngbin1699 -> 1079 bytes
-rw-r--r--features/images/GpgAppletSignEncrypt.pngbin3514 -> 2128 bytes
-rw-r--r--features/images/GtkFileChooserDesktopButton.pngbin1684 -> 1337 bytes
-rw-r--r--features/images/PersistenceWizardDeletionStart.pngbin2781 -> 2641 bytes
-rw-r--r--features/images/PersistenceWizardDone.pngbin3195 -> 2776 bytes
-rw-r--r--features/images/PersistenceWizardPresets.pngbin4835 -> 4037 bytes
-rw-r--r--features/images/PersistenceWizardSave.pngbin818 -> 982 bytes
-rw-r--r--features/images/PersistenceWizardStart.pngbin3156 -> 1879 bytes
-rw-r--r--features/images/PidginAccountManagerAddButton.pngbin939 -> 808 bytes
-rw-r--r--features/images/PidginAccountManagerCloseButton.pngbin892 -> 854 bytes
-rw-r--r--features/images/PidginAccountWindow.pngbin1385 -> 898 bytes
-rw-r--r--features/images/PidginAddAccountProtocolLabel.pngbin2057 -> 1510 bytes
-rw-r--r--features/images/PidginAddAccountProtocolXMPP.pngbin1337 -> 1334 bytes
-rw-r--r--features/images/PidginAddAccountWindow.pngbin1534 -> 921 bytes
-rw-r--r--features/images/PidginAddAccountXMPPAddButton.pngbin911 -> 788 bytes
-rw-r--r--features/images/PidginAddAccountXMPPAdvancedTab.pngbin1539 -> 912 bytes
-rw-r--r--features/images/PidginAddAccountXMPPConnectServer.pngbin1639 -> 1154 bytes
-rw-r--r--features/images/PidginAddAccountXMPPDomain.pngbin1181 -> 889 bytes
-rw-r--r--features/images/PidginAddAccountXMPPPassword.pngbin1495 -> 1080 bytes
-rw-r--r--features/images/PidginAddAccountXMPPRememberPassword.pngbin2141 -> 1550 bytes
-rw-r--r--features/images/PidginAddAccountXMPPUsername.pngbin1282 -> 963 bytes
-rw-r--r--features/images/PidginAvailableStatus.pngbin1792 -> 1616 bytes
-rw-r--r--features/images/PidginBuddiesMenu.pngbin928 -> 731 bytes
-rw-r--r--features/images/PidginBuddiesMenuJoinChat.pngbin1045 -> 871 bytes
-rw-r--r--features/images/PidginCertificateAddButton.pngbin545 -> 546 bytes
-rw-r--r--features/images/PidginCertificateImportFailed.pngbin3741 -> 1953 bytes
-rw-r--r--features/images/PidginCertificateManagerDialog.pngbin2472 -> 1259 bytes
-rw-r--r--features/images/PidginCertificateTestItem.pngbin803 -> 384 bytes
-rw-r--r--features/images/PidginCertificatesMenuItem.pngbin1254 -> 934 bytes
-rw-r--r--features/images/PidginChat2UsersInRoom.pngbin1199 -> 1115 bytes
-rw-r--r--features/images/PidginConversationMenu.pngbin1407 -> 1449 bytes
-rw-r--r--features/images/PidginConversationMenuClearScrollback.pngbin1591 -> 1521 bytes
-rw-r--r--features/images/PidginConversationOTRMenu.pngbin1179 -> 971 bytes
-rw-r--r--features/images/PidginConversationWindowMenuBar.pngbin3145 -> 2346 bytes
-rw-r--r--features/images/PidginFriendExpectedAnswer.pngbin809 -> 690 bytes
-rw-r--r--features/images/PidginFriendOnline.pngbin1180 -> 1135 bytes
-rw-r--r--features/images/PidginJoinChatButton.pngbin616 -> 565 bytes
-rw-r--r--features/images/PidginJoinChatRoomLabel.pngbin862 -> 835 bytes
-rw-r--r--features/images/PidginJoinChatServerLabel.pngbin983 -> 900 bytes
-rw-r--r--features/images/PidginJoinChatWindow.pngbin1484 -> 1257 bytes
-rw-r--r--features/images/PidginOTRKeyGenPrompt.pngbin2084 -> 1439 bytes
-rw-r--r--features/images/PidginOTRKeyGenPromptDoneButton.pngbin993 -> 845 bytes
-rw-r--r--features/images/PidginOTRMenuStartSession.pngbin1891 -> 1317 bytes
-rw-r--r--features/images/PidginTailsChannelWelcome.pngbin2567 -> 2794 bytes
-rw-r--r--features/images/PidginTailsConversationTab.pngbin674 -> 544 bytes
-rw-r--r--features/images/PidginTailsRoadmapUrl.pngbin763 -> 968 bytes
-rw-r--r--features/images/PidginToolsMenu.pngbin567 -> 508 bytes
-rw-r--r--features/images/PolicyKitAuthFailure.pngbin1973 -> 2388 bytes
-rw-r--r--features/images/PolicyKitAuthPrompt.pngbin3059 -> 1173 bytes
-rw-r--r--features/images/SeahorseEditPreferences.pngbin987 -> 766 bytes
-rw-r--r--features/images/SeahorseFindKeysWindow.pngbin2389 -> 1266 bytes
-rw-r--r--features/images/SeahorseImport.pngbin1295 -> 1245 bytes
-rw-r--r--features/images/SeahorseKeyResultWindow.pngbin3019 -> 1541 bytes
-rw-r--r--features/images/SeahorsePreferences.pngbin1493 -> 1164 bytes
-rw-r--r--features/images/SeahorseRemoteMenu.pngbin884 -> 706 bytes
-rw-r--r--features/images/SeahorseRemoteMenuFind.pngbin1815 -> 1236 bytes
-rw-r--r--features/images/SeahorseRemoteMenuSync.pngbin2124 -> 1432 bytes
-rw-r--r--features/images/SeahorseSyncKeys.pngbin1738 -> 995 bytes
-rw-r--r--features/images/SeahorseWindow.pngbin2467 -> 1342 bytes
-rw-r--r--features/images/SynapticApply.pngbin1855 -> 0 bytes
-rw-r--r--features/images/SynapticApplyButton.pngbin1483 -> 0 bytes
-rw-r--r--features/images/SynapticApplyPrompt.pngbin3656 -> 0 bytes
-rw-r--r--features/images/SynapticChangesAppliedPrompt.pngbin2122 -> 0 bytes
-rw-r--r--features/images/SynapticCowsayMarked.pngbin2090 -> 0 bytes
-rw-r--r--features/images/SynapticCowsaySearchResult.pngbin2018 -> 0 bytes
-rw-r--r--features/images/SynapticCowsaySearchResultSelected.pngbin3687 -> 0 bytes
-rw-r--r--features/images/SynapticFailure.pngbin2449 -> 0 bytes
-rw-r--r--features/images/SynapticLoaded.pngbin1833 -> 0 bytes
-rw-r--r--features/images/SynapticPackageList.pngbin3994 -> 0 bytes
-rw-r--r--features/images/SynapticReloadPrompt.pngbin3404 -> 0 bytes
-rw-r--r--features/images/SynapticSearchButton.pngbin2073 -> 0 bytes
-rw-r--r--features/images/SynapticSearchWindow.pngbin671 -> 0 bytes
-rw-r--r--features/images/TailsBug11786a.pngbin1971 -> 209 bytes
-rw-r--r--features/images/TailsEmergencyShutdownButton.pngbin485 -> 222 bytes
-rw-r--r--features/images/TailsEmergencyShutdownHalt.pngbin1233 -> 903 bytes
-rw-r--r--features/images/TailsEmergencyShutdownReboot.pngbin1150 -> 792 bytes
-rw-r--r--features/images/TailsGreeter.pngbin1896 -> 1779 bytes
-rw-r--r--features/images/TailsGreeterAddMoreOptions.pngbin0 -> 220 bytes
-rw-r--r--features/images/TailsGreeterAdditionalSettingsAdd.pngbin0 -> 747 bytes
-rw-r--r--features/images/TailsGreeterAdditionalSettingsDialog.pngbin0 -> 1367 bytes
-rw-r--r--features/images/TailsGreeterAdminPassword.pngbin1754 -> 1280 bytes
-rw-r--r--features/images/TailsGreeterDisableAllNetworking.pngbin2099 -> 852 bytes
-rw-r--r--features/images/TailsGreeterDisableMACSpoofing.pngbin0 -> 939 bytes
-rw-r--r--features/images/TailsGreeterForward.pngbin1053 -> 0 bytes
-rw-r--r--features/images/TailsGreeterLanguage.pngbin1103 -> 1254 bytes
-rw-r--r--features/images/TailsGreeterLanguageGerman.pngbin985 -> 764 bytes
-rw-r--r--features/images/TailsGreeterLanguagePopover.pngbin0 -> 492 bytes
-rw-r--r--features/images/TailsGreeterLoginButton.pngbin748 -> 1360 bytes
l---------[-rw-r--r--]features/images/TailsGreeterLoginButtonGerman.pngbin1031 -> 27 bytes
-rw-r--r--features/images/TailsGreeterMACSpoofing.pngbin2385 -> 1723 bytes
-rw-r--r--features/images/TailsGreeterMoreOptions.pngbin1355 -> 0 bytes
-rw-r--r--features/images/TailsGreeterNetworkConnection.pngbin0 -> 1344 bytes
-rw-r--r--features/images/TailsGreeterPersistence.pngbin1312 -> 0 bytes
-rw-r--r--features/images/TailsGreeterPersistencePassphrase.pngbin1097 -> 1151 bytes
-rw-r--r--features/images/TailsGreeterPersistenceReadOnly.pngbin1394 -> 1573 bytes
-rw-r--r--features/images/TailsGreeterPersistenceUnlocked.pngbin0 -> 2294 bytes
-rw-r--r--features/images/TailsGreeterSpecificTorConfiguration.pngbin0 -> 792 bytes
-rw-r--r--features/images/TailsGreeterTorConf.pngbin6382 -> 0 bytes
-rw-r--r--features/images/TailsGreeterWindowsCamouflage.pngbin4150 -> 0 bytes
-rw-r--r--features/images/TailsInstallerNoQEMUHardDisk.pngbin1891 -> 0 bytes
-rw-r--r--features/images/TailsInstallerQEMUHardDisk.pngbin2594 -> 0 bytes
-rw-r--r--features/images/TailsInstallerTooSmallDevice.pngbin889 -> 0 bytes
-rw-r--r--features/images/TailsUpgraderDone.pngbin3215 -> 3063 bytes
-rw-r--r--features/images/TailsUpgraderFailure.pngbin2196 -> 2215 bytes
-rw-r--r--features/images/TailsUpgraderUpgradeNowButton.pngbin2232 -> 2266 bytes
-rw-r--r--features/images/TailsUpgraderUpgradeTo1.1~test.pngbin2512 -> 1659 bytes
-rw-r--r--features/images/TorBrowserAmnesicFilesBookmark.pngbin1373 -> 1349 bytes
-rw-r--r--features/images/TorBrowserOffline.pngbin3634 -> 0 bytes
-rw-r--r--features/images/TorBrowserOfflinePrompt.pngbin2735 -> 0 bytes
-rw-r--r--features/images/TorBrowserOfflinePromptStart.pngbin2425 -> 0 bytes
-rw-r--r--features/images/TorBrowserOkButton.pngbin1198 -> 1012 bytes
-rw-r--r--features/images/TorBrowserPersistentFilesBookmark.pngbin2105 -> 2116 bytes
-rw-r--r--features/images/TorBrowserPrintDialog.pngbin828 -> 622 bytes
-rw-r--r--features/images/TorBrowserSaveDialog.pngbin1424 -> 1343 bytes
-rw-r--r--features/images/TorBrowserSaveOutputFileSelected.pngbin1647 -> 817 bytes
-rw-r--r--features/images/TorBrowserSavedStartupPage.pngbin1250 -> 1701 bytes
-rw-r--r--features/images/TorLauncherConfigureButton.pngbin1679 -> 1480 bytes
-rw-r--r--features/images/TorLauncherFinishButton.pngbin1435 -> 1231 bytes
-rw-r--r--features/images/TorLauncherNextButton.pngbin1100 -> 706 bytes
-rw-r--r--features/images/TorLauncherWindow.pngbin2218 -> 1400 bytes
-rw-r--r--features/images/TorStatusNotUsable.pngbin320 -> 253 bytes
-rw-r--r--features/images/TorStatusUsable.pngbin297 -> 235 bytes
-rw-r--r--features/images/TotemUnableToOpen.pngbin4010 -> 2202 bytes
-rw-r--r--features/images/USBCannotUpgrade.pngbin2309 -> 0 bytes
-rw-r--r--features/images/USBCloneAndInstall.pngbin2077 -> 0 bytes
-rw-r--r--features/images/USBCloneAndUpgrade.pngbin2408 -> 0 bytes
-rw-r--r--features/images/USBCreateLiveUSB.pngbin969 -> 0 bytes
-rw-r--r--features/images/USBCreateLiveUSBConfirmWindow.pngbin3689 -> 0 bytes
-rw-r--r--features/images/USBCreateLiveUSBConfirmYes.pngbin773 -> 0 bytes
-rw-r--r--features/images/USBInstallationComplete.pngbin2466 -> 0 bytes
-rw-r--r--features/images/USBSelectISO.pngbin1441 -> 0 bytes
-rw-r--r--features/images/USBUpgradeFromISO.pngbin2630 -> 0 bytes
-rw-r--r--features/images/USBUseLiveSystemISO.pngbin2830 -> 0 bytes
-rw-r--r--features/images/UnsafeBrowserDNSError.pngbin4700 -> 0 bytes
-rw-r--r--features/images/UnsafeBrowserExportBookmarksSavePrompt.pngbin2986 -> 2315 bytes
-rw-r--r--features/images/UnsafeBrowserProxySettingsOkButton.pngbin1032 -> 677 bytes
-rw-r--r--features/images/UnsafeBrowserWarnAlreadyRunning.pngbin2959 -> 2892 bytes
-rw-r--r--features/localization.feature2
-rw-r--r--features/mac_spoofing.feature11
-rw-r--r--features/networking.feature7
-rw-r--r--features/persistence.feature40
-rw-r--r--features/pidgin.feature18
-rw-r--r--features/step_definitions/apt.rb66
-rw-r--r--features/step_definitions/browser.rb18
-rw-r--r--features/step_definitions/checks.rb58
-rw-r--r--features/step_definitions/chutney.rb57
-rw-r--r--features/step_definitions/common_steps.rb351
-rw-r--r--features/step_definitions/dhcp.rb34
-rw-r--r--features/step_definitions/erase_memory.rb132
-rw-r--r--features/step_definitions/git.rb4
-rw-r--r--features/step_definitions/gnome.rb24
-rw-r--r--features/step_definitions/icedove.rb44
-rw-r--r--features/step_definitions/mac_spoofing.rb32
-rw-r--r--features/step_definitions/pidgin.rb7
-rw-r--r--features/step_definitions/root_access_control.rb3
-rw-r--r--features/step_definitions/snapshots.rb4
-rw-r--r--features/step_definitions/ssh.rb31
-rw-r--r--features/step_definitions/tor.rb55
-rw-r--r--features/step_definitions/torified_gnupg.rb66
-rw-r--r--features/step_definitions/unsafe_browser.rb11
-rw-r--r--features/step_definitions/untrusted_partitions.rb4
-rw-r--r--features/step_definitions/usb.rb156
-rw-r--r--features/support/config.rb6
-rw-r--r--features/support/helpers/dogtail.rb11
-rw-r--r--features/support/helpers/firewall_helper.rb12
-rw-r--r--features/support/helpers/misc_helpers.rb6
-rw-r--r--features/support/helpers/storage_helper.rb4
-rw-r--r--features/support/helpers/vm_helper.rb48
-rw-r--r--features/support/hooks.rb7
-rw-r--r--features/tor_enforcement.feature7
-rw-r--r--features/tor_stream_isolation.feature2
-rw-r--r--features/torified_browsing.feature29
-rw-r--r--features/torified_gnupg.feature8
-rw-r--r--features/unsafe_browser.feature7
-rw-r--r--features/untrusted_partitions.feature4
-rw-r--r--features/usb_install.feature26
-rw-r--r--features/usb_upgrade.feature36
-rw-r--r--features/virtualization.feature4
-rw-r--r--po/POTFILES.in1
-rw-r--r--po/ar.po103
-rw-r--r--po/az.po107
-rw-r--r--po/bg.po62
-rw-r--r--po/ca.po19
-rw-r--r--po/cs.po107
-rw-r--r--po/cy.po74
-rw-r--r--po/da.po64
-rw-r--r--po/de.po68
-rw-r--r--po/el.po68
-rw-r--r--po/en_GB.po19
-rw-r--r--po/es.po67
-rw-r--r--po/fa.po19
-rw-r--r--po/fi.po19
-rw-r--r--po/fr.po70
-rw-r--r--po/fr_CA.po74
-rw-r--r--po/he.po101
-rw-r--r--po/hr_HR.po71
-rw-r--r--po/hu.po19
-rw-r--r--po/id.po19
-rw-r--r--po/is.po61
-rw-r--r--po/it.po72
-rw-r--r--po/ja.po64
-rw-r--r--po/km.po72
-rw-r--r--po/ko.po99
-rw-r--r--po/lv.po63
-rw-r--r--po/nb.po67
-rw-r--r--po/nl.po63
-rw-r--r--po/nn.po19
-rw-r--r--po/pl.po19
-rw-r--r--po/pt.po74
-rw-r--r--po/pt_BR.po63
-rw-r--r--po/ro.po19
-rw-r--r--po/ru.po19
-rw-r--r--po/sk.po103
-rw-r--r--po/sk_SK.po19
-rw-r--r--po/sl_SI.po103
-rw-r--r--po/sq.po101
-rw-r--r--po/sr.po105
-rw-r--r--po/sv.po83
-rw-r--r--po/tails.pot19
-rw-r--r--po/tr.po65
-rw-r--r--po/uk.po19
-rw-r--r--po/vi.po65
-rw-r--r--po/zh.po19
-rw-r--r--po/zh_CN.po65
-rw-r--r--po/zh_HK.po19
-rw-r--r--po/zh_TW.po65
-rwxr-xr-xrefresh-translations2
-rwxr-xr-xrun_test_suite11
m---------submodules/aufs4-standalone0
m---------submodules/gnome-shell-extension-florence-indicator0
m---------submodules/mirror-pool-dispatcher0
-rw-r--r--vagrant/lib/tails_build_settings.rb2
-rwxr-xr-xvagrant/provision/setup-tails-builder1
-rw-r--r--wiki/src/blueprint/persistent_Tor_state.mdwn2
-rw-r--r--wiki/src/contribute/build.mdwn1
-rw-r--r--wiki/src/contribute/design.mdwn46
-rw-r--r--wiki/src/contribute/design/MAC_address.mdwn11
-rw-r--r--wiki/src/contribute/design/Tor_enforcement/DNS.mdwn19
-rw-r--r--wiki/src/contribute/design/application_isolation.mdwn5
-rw-r--r--wiki/src/contribute/design/hybrid_ISO.mdwn2
-rw-r--r--wiki/src/contribute/design/incremental_upgrades.mdwn18
-rw-r--r--wiki/src/contribute/design/kernel_hardening.mdwn21
-rw-r--r--wiki/src/contribute/design/random.mdwn7
-rw-r--r--wiki/src/contribute/how/documentation.mdwn6
-rw-r--r--wiki/src/contribute/how/documentation/guidelines.mdwn32
-rw-r--r--wiki/src/contribute/how/documentation/screenshot-blue.pngbin0 -> 10135 bytes
-rw-r--r--wiki/src/contribute/how/documentation/screenshot-cut.pngbin0 -> 8473 bytes
-rw-r--r--wiki/src/contribute/how/documentation/screenshot-transparent.pngbin0 -> 10217 bytes
-rw-r--r--wiki/src/contribute/release_process.mdwn92
-rw-r--r--wiki/src/contribute/release_process/perl5lib.mdwn5
-rw-r--r--wiki/src/contribute/release_process/persistence-setup.mdwn2
-rw-r--r--wiki/src/contribute/release_process/tails-greeter.mdwn2
-rw-r--r--wiki/src/contribute/release_process/tails-installer.mdwn2
-rw-r--r--wiki/src/contribute/release_process/tails-iuk.mdwn14
-rw-r--r--wiki/src/contribute/release_process/test.mdwn2
-rw-r--r--wiki/src/contribute/release_process/test/automated_tests.mdwn4
-rw-r--r--wiki/src/contribute/release_process/test/setup.mdwn29
-rw-r--r--wiki/src/doc/about/features.de.po14
-rw-r--r--wiki/src/doc/about/features.fa.po14
-rw-r--r--wiki/src/doc/about/features.it.po15
-rw-r--r--wiki/src/doc/about/features.pt.po13
-rw-r--r--wiki/src/doc/about/requirements.de.po33
-rw-r--r--wiki/src/doc/about/requirements.fa.po34
-rw-r--r--wiki/src/doc/about/requirements.fr.po64
-rw-r--r--wiki/src/doc/about/requirements.it.po34
-rw-r--r--wiki/src/doc/about/requirements.mdwn7
-rw-r--r--wiki/src/doc/about/requirements.pt.po42
-rw-r--r--wiki/src/doc/advanced_topics/virtualization/virtualbox.de.po16
-rw-r--r--wiki/src/doc/advanced_topics/virtualization/virtualbox.fa.po4
-rw-r--r--wiki/src/doc/advanced_topics/virtualization/virtualbox.fr.po16
-rw-r--r--wiki/src/doc/advanced_topics/virtualization/virtualbox.it.po4
-rw-r--r--wiki/src/doc/advanced_topics/virtualization/virtualbox.mdwn2
-rw-r--r--wiki/src/doc/advanced_topics/virtualization/virtualbox.pt.po4
-rw-r--r--wiki/src/doc/anonymous_internet/Tor_Browser/riseup.pngbin124650 -> 133800 bytes
-rw-r--r--wiki/src/doc/anonymous_internet/Tor_Browser/security_slider.pngbin14173 -> 9855 bytes
-rw-r--r--wiki/src/doc/anonymous_internet/icedove/assistant.pngbin21229 -> 17654 bytes
-rw-r--r--wiki/src/doc/anonymous_internet/tor_status/onion-circuits.pngbin26387 -> 35690 bytes
-rw-r--r--wiki/src/doc/encryption_and_privacy/checksums/gtkhash.pngbin23936 -> 26511 bytes
-rw-r--r--wiki/src/doc/encryption_and_privacy/encrypted_volumes.de.po8
-rw-r--r--wiki/src/doc/encryption_and_privacy/encrypted_volumes.fa.po71
-rw-r--r--wiki/src/doc/encryption_and_privacy/encrypted_volumes.fr.po14
-rw-r--r--wiki/src/doc/encryption_and_privacy/encrypted_volumes.it.po8
-rw-r--r--wiki/src/doc/encryption_and_privacy/encrypted_volumes.mdwn4
-rw-r--r--wiki/src/doc/encryption_and_privacy/encrypted_volumes.pt.po8
-rw-r--r--wiki/src/doc/encryption_and_privacy/encrypted_volumes/empty_device.pngbin13030 -> 14024 bytes
-rw-r--r--wiki/src/doc/encryption_and_privacy/encrypted_volumes/encrypted_partition.pngbin16840 -> 15887 bytes
-rw-r--r--wiki/src/doc/encryption_and_privacy/encrypted_volumes/nautilus_encrypted.pngbin52094 -> 30417 bytes
-rw-r--r--wiki/src/doc/encryption_and_privacy/gpgapplet/browser_paste.pngbin42992 -> 84977 bytes
-rw-r--r--wiki/src/doc/encryption_and_privacy/secure_deletion.de.po21
-rw-r--r--wiki/src/doc/encryption_and_privacy/secure_deletion.fa.po20
-rw-r--r--wiki/src/doc/encryption_and_privacy/secure_deletion.fr.po21
-rw-r--r--wiki/src/doc/encryption_and_privacy/secure_deletion.it.po10
-rw-r--r--wiki/src/doc/encryption_and_privacy/secure_deletion.mdwn8
-rw-r--r--wiki/src/doc/encryption_and_privacy/secure_deletion.pt.po10
-rw-r--r--wiki/src/doc/encryption_and_privacy/secure_deletion/wipe_available_diskspace.pngbin25848 -> 26664 bytes
-rw-r--r--wiki/src/doc/encryption_and_privacy/secure_deletion/wipe_files.pngbin50053 -> 49395 bytes
-rw-r--r--wiki/src/doc/first_steps/introduction_to_gnome_and_the_tails_desktop.de.po47
-rw-r--r--wiki/src/doc/first_steps/introduction_to_gnome_and_the_tails_desktop.fa.po39
-rw-r--r--wiki/src/doc/first_steps/introduction_to_gnome_and_the_tails_desktop.fr.po45
-rw-r--r--wiki/src/doc/first_steps/introduction_to_gnome_and_the_tails_desktop.it.po39
-rw-r--r--wiki/src/doc/first_steps/introduction_to_gnome_and_the_tails_desktop.mdwn15
-rw-r--r--wiki/src/doc/first_steps/introduction_to_gnome_and_the_tails_desktop.pt.po41
-rw-r--r--wiki/src/doc/first_steps/introduction_to_gnome_and_the_tails_desktop/accessibility.pngbin25106 -> 20423 bytes
-rw-r--r--wiki/src/doc/first_steps/introduction_to_gnome_and_the_tails_desktop/applications.pngbin27052 -> 28276 bytes
-rw-r--r--wiki/src/doc/first_steps/introduction_to_gnome_and_the_tails_desktop/florence.pngbin4777 -> 3294 bytes
-rw-r--r--wiki/src/doc/first_steps/introduction_to_gnome_and_the_tails_desktop/keyboard.pngbin17272 -> 15188 bytes
-rw-r--r--wiki/src/doc/first_steps/introduction_to_gnome_and_the_tails_desktop/nautilus.pngbin38294 -> 27985 bytes
-rw-r--r--wiki/src/doc/first_steps/introduction_to_gnome_and_the_tails_desktop/openpgp_applet.pngbin4741 -> 3235 bytes
-rw-r--r--wiki/src/doc/first_steps/introduction_to_gnome_and_the_tails_desktop/places.pngbin32236 -> 30087 bytes
-rw-r--r--wiki/src/doc/first_steps/introduction_to_gnome_and_the_tails_desktop/system.pngbin14535 -> 11271 bytes
-rw-r--r--wiki/src/doc/first_steps/introduction_to_gnome_and_the_tails_desktop/tor-status.pngbin5952 -> 4744 bytes
-rw-r--r--wiki/src/doc/first_steps/reset/linux.de.po15
-rw-r--r--wiki/src/doc/first_steps/reset/linux.fa.po11
-rw-r--r--wiki/src/doc/first_steps/reset/linux.fr.po15
-rw-r--r--wiki/src/doc/first_steps/reset/linux.it.po13
-rw-r--r--wiki/src/doc/first_steps/reset/linux.mdwn4
-rw-r--r--wiki/src/doc/first_steps/reset/linux.pt.po15
-rw-r--r--wiki/src/doc/first_steps/startup_options/boot-menu-with-options.pngbin4753 -> 4789 bytes
-rw-r--r--wiki/src/doc/first_steps/startup_options/tails-greeter-welcome-to-tails.pngbin17179 -> 26225 bytes
-rw-r--r--wiki/src/install/inc/screenshots/desktop.pngbin30054 -> 32170 bytes
-rw-r--r--wiki/src/install/inc/screenshots/gnome_disks_drive.pngbin31084 -> 21470 bytes
-rw-r--r--wiki/src/install/inc/screenshots/gnome_disks_menu.pngbin0 -> 21620 bytes
-rw-r--r--wiki/src/install/inc/screenshots/greeter_with_persistence.pngbin23843 -> 37793 bytes
-rw-r--r--wiki/src/install/inc/screenshots/notification_in_tails.pngbin28739 -> 8791 bytes
-rw-r--r--wiki/src/install/inc/screenshots/verifying_in_tails.pngbin6829 -> 6339 bytes
-rw-r--r--wiki/src/install/linux/usb.de.po48
-rw-r--r--wiki/src/install/linux/usb.fa.po26
-rw-r--r--wiki/src/install/linux/usb.fr.po60
-rw-r--r--wiki/src/install/linux/usb.it.po48
-rw-r--r--wiki/src/install/linux/usb.mdwn15
-rw-r--r--wiki/src/install/linux/usb.pt.po26
-rw-r--r--wiki/src/news/version_3.0.de.po28
-rw-r--r--wiki/src/news/version_3.0.fa.po28
-rw-r--r--wiki/src/news/version_3.0.fr.po28
-rw-r--r--wiki/src/news/version_3.0.it.po28
-rw-r--r--wiki/src/news/version_3.0.mdwn4
-rw-r--r--wiki/src/news/version_3.0.pt.po28
-rw-r--r--wiki/src/support/faq.de.po18
-rw-r--r--wiki/src/support/faq.fa.po33
-rw-r--r--wiki/src/support/faq.it.po18
-rw-r--r--wiki/src/support/faq.mdwn8
-rw-r--r--wiki/src/support/faq.pt.po33
-rw-r--r--wiki/src/support/known_issues.de.po22
-rw-r--r--wiki/src/support/known_issues.fa.po28
-rw-r--r--wiki/src/support/known_issues.fr.po37
-rw-r--r--wiki/src/support/known_issues.it.po22
-rw-r--r--wiki/src/support/known_issues.mdwn16
-rw-r--r--wiki/src/support/known_issues.pt.po22
565 files changed, 4791 insertions, 4035 deletions
diff --git a/.gitmodules b/.gitmodules
index a5302b2..e1d5e1f 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -11,6 +11,6 @@
[submodule "submodules/mirror-pool-dispatcher"]
path = submodules/mirror-pool-dispatcher
url = https://git-tails.immerda.ch/mirror-pool-dispatcher
-[submodule "submodules/aufs4-standalone"]
- path = submodules/aufs4-standalone
- url = https://github.com/sfjro/aufs4-standalone.git
+[submodule "submodules/gnome-shell-extension-florence-indicator"]
+ path = submodules/gnome-shell-extension-florence-indicator
+ url = https://github.com/UshakovVasilii/gnome-shell-extension-florence-indicator.git
diff --git a/Rakefile b/Rakefile
index 390d3b2..0eeae13 100644
--- a/Rakefile
+++ b/Rakefile
@@ -179,7 +179,7 @@ task :parse_build_options do
ENV['TAILS_OFFLINE_MODE'] = '1'
# SquashFS compression settings
when 'gzipcomp'
- ENV['MKSQUASHFS_OPTIONS'] = '-comp gzip'
+ ENV['MKSQUASHFS_OPTIONS'] = '-comp gzip -Xcompression-level 1'
when 'defaultcomp'
ENV['MKSQUASHFS_OPTIONS'] = nil
# Clean-up settings
diff --git a/auto/build b/auto/build
index 8b5ab4f..260ad37 100755
--- a/auto/build
+++ b/auto/build
@@ -213,7 +213,7 @@ trap "kill -9 $! 2>/dev/null" EXIT HUP INT QUIT TERM
echo "Building $LB_BINARY_IMAGES image ${BUILD_BASENAME}..."
set -o pipefail
[ -z "$JENKINS_URL" ] || date --utc '+%s' > "$BUILD_START_FILENAME"
-time eatmydata lb build noauto ${@}
+time lb build noauto ${@}
RET=$?
if [ -e "${BUILD_FILENAME}.${BUILD_FILENAME_EXT}" ]; then
echo "Image was successfully created"
diff --git a/auto/config b/auto/config
index 668dd85..236ac0f 100755
--- a/auto/config
+++ b/auto/config
@@ -14,8 +14,6 @@ if [ -e config/amnesia.local ] ; then
. config/amnesia.local
fi
-export LB_BOOTSTRAP_INCLUDE='eatmydata'
-
# sanity checks
if grep -qs -E '^Pin:\s+release\s+.*a=' config/chroot_apt/preferences ; then
echo "Found unsupported a= syntax in config/chroot_apt/preferences,"
@@ -28,12 +26,16 @@ if grep -qs -E '^Pin:\s+release\s+.*o=Debian Backports' \
echo "in config/chroot_apt/preferences. Use o=Debian instead. Exiting."
exit 1
fi
+if [ $(dpkg --print-architecture) != amd64 ] ; then
+ echo "Only amd64 build systems are supported"
+ exit 1
+fi
# init variables
RUN_LB_CONFIG="lb config noauto"
# init config/ with defaults for the target distribution
-$RUN_LB_CONFIG --distribution jessie ${@}
+$RUN_LB_CONFIG --distribution stretch ${@}
# set up everything for time-based snapshots:
apt-snapshots-serials prepare-build
@@ -57,9 +59,14 @@ perl -pi \
$RUN_LB_CONFIG \
--verbose \
--apt-recommends false \
+ --architecture amd64 \
--backports false \
--binary-images iso \
--binary-indices false \
+ --cache false \
+ --cache-indices false \
+ --cache-packages false \
+ --cache-stages false \
--checksums none \
--bootappend-live "${AMNESIA_APPEND}" \
--bootstrap debootstrap \
@@ -69,6 +76,7 @@ $RUN_LB_CONFIG \
--iso-application="The Amnesic Incognito Live System" \
--iso-publisher="https://tails.boum.org/" \
--iso-volume="TAILS ${AMNESIA_FULL_VERSION}" \
+ --linux-flavours amd64-unsigned \
--memtest none \
--mirror-binary "$DEBIAN_MIRROR" \
--mirror-bootstrap "$DEBIAN_MIRROR" \
@@ -78,27 +86,13 @@ $RUN_LB_CONFIG \
--packages-lists="standard" \
--tasks="standard" \
--linux-packages="linux-image-${KERNEL_VERSION}" \
+ --security false \
--syslinux-menu vesamenu \
--syslinux-splash data/splash.png \
--syslinux-timeout 4 \
--initramfs=live-boot \
${@}
-# build i386 images on amd64 as well, include a bunch of kernels
-hw_arch="`dpkg --print-architecture`"
-if [ "$hw_arch" = i386 -o "$hw_arch" = amd64 ]; then
- $RUN_LB_CONFIG \
- --architecture i386 \
- --linux-flavours "686-unsigned" \
- ${@}
-# build powerpc images on powerpc64 as well, include only powerpc kernel
-elif [ "$hw_arch" = powerpc -o "$hw_arch" = powerpc64 ]; then
- $RUN_LB_CONFIG \
- --architecture powerpc \
- --linux-flavours powerpc \
- ${@}
-fi
-
install -d config/chroot_local-includes/etc/amnesia/
# environment
@@ -119,6 +113,9 @@ cat >> config/chroot_local-includes/etc/os-release <<EOF
TAILS_PRODUCT_NAME="Tails"
TAILS_VERSION_ID="$AMNESIA_VERSION"
EOF
+if echo "$AMNESIA_VERSION" | grep -qs -E '~(alpha|beta|rc)[0-9]*$' ; then
+ echo 'TAILS_CHANNEL="alpha"' >> config/chroot_local-includes/etc/os-release
+fi
# changelog
cp debian/changelog config/chroot_local-includes/usr/share/doc/amnesia/Changelog
@@ -142,9 +139,11 @@ install -m 0755 \
submodules/mirror-pool-dispatcher/lib/js/mirror-dispatcher.js \
config/chroot_local-includes/usr/local/lib/nodejs/
-# aufs4-standalone
-rm -rf config/chroot_local-includes/usr/src/aufs4-standalone
-cp -a submodules/aufs4-standalone config/chroot_local-includes/usr/src/
+# gnome-shell-extension-florence-indicator
+rm -rf \
+ config/chroot_local-includes/usr/share/gnome-shell/extensions/florenceIndicator@UshakovVasilii_Github.yahoo.com
+cp -a submodules/gnome-shell-extension-florence-indicator/florenceIndicator@UshakovVasilii_Github.yahoo.com/ \
+ config/chroot_local-includes/usr/share/gnome-shell/extensions/
# custom debootstrap script, setting some APT magic to log downloads:
patch \
diff --git a/auto/scripts/apt-mirror b/auto/scripts/apt-mirror
index 7d19526..78fc088 100755
--- a/auto/scripts/apt-mirror
+++ b/auto/scripts/apt-mirror
@@ -29,18 +29,25 @@ output_time_based_snapshot() {
SERIAL=$(cat "config/APT_snapshots.d/$ARCHIVE/serial")
RESOLVED_SERIAL=$(cat "tmp/APT_snapshots.d/$ARCHIVE/serial")
BASE_BRANCH=$(base_branch)
+CURRENT_BRANCH=$(current_branch)
-if [ "$BASE_BRANCH" = stable ] || [ "$BASE_BRANCH" = testing ] ; then
+if [ "$BASE_BRANCH" = stable ] \
+ || [ "$BASE_BRANCH" = testing ] \
+ || [ "$CURRENT_BRANCH" = feature/stretch ] \
+ || ( on_a_tag && [ "$BASE_BRANCH" = feature/stretch ] ) \
+then
case "$ARCHIVE" in
debian-security)
[ "$SERIAL" = latest ] \
|| fatal "APT snapshots are frozen for the debian-security archive," \
- "which should not happen on a branch based on $BASE_BRANCH"
+ "which should happen neither on feature/stretch nor on" \
+ "a branch based on $BASE_BRANCH"
;;
*)
[ "$SERIAL" != latest ] \
|| fatal "APT snapshots are not frozen for the $ARCHIVE archive," \
- "which should not happen on a branch based on $BASE_BRANCH"
+ "which should happen neither on feature/stretch nor on" \
+ "a branch based on $BASE_BRANCH"
esac
if version_was_released "$(version_in_changelog)"; then
on_a_tag \
@@ -55,9 +62,11 @@ if [ "$BASE_BRANCH" = stable ] || [ "$BASE_BRANCH" = testing ] ; then
output_time_based_snapshot "$ARCHIVE" "$RESOLVED_SERIAL"
fi
else
- if [ "$(base_branch)" = devel ] && [ "$SERIAL" != latest ]; then
- fatal "APT snapshots are frozen, which should not happen on a branch" \
- "based on the devel one"
+ if [ "$BASE_BRANCH" = devel ] || [ "$CURRENT_BRANCH" = feature/stretch ]; then
+ if [ "$SERIAL" != latest ]; then
+ fatal "APT snapshots are frozen, which should happen neither on" \
+ "feature/stretch nor on a branch based on the devel one"
+ fi
fi
output_time_based_snapshot "$ARCHIVE" "$RESOLVED_SERIAL"
fi
diff --git a/auto/scripts/tails-custom-apt-sources b/auto/scripts/tails-custom-apt-sources
index 4face16..9c7bf7e 100755
--- a/auto/scripts/tails-custom-apt-sources
+++ b/auto/scripts/tails-custom-apt-sources
@@ -7,7 +7,7 @@ set -u
APT_MIRROR_URL="http://deb.tails.boum.org/"
DEFAULT_COMPONENTS="main contrib non-free"
-BASE_BRANCHES="stable testing devel feature/jessie"
+BASE_BRANCHES="stable testing devel feature/stretch"
output_apt_binary_source() {
local suite="$1"
diff --git a/config/APT_snapshots.d/debian/serial b/config/APT_snapshots.d/debian/serial
index a0f9a4b..46309c0 100644
--- a/config/APT_snapshots.d/debian/serial
+++ b/config/APT_snapshots.d/debian/serial
@@ -1 +1 @@
-latest
+2017041704
diff --git a/config/APT_snapshots.d/torproject/serial b/config/APT_snapshots.d/torproject/serial
index a0f9a4b..46309c0 100644
--- a/config/APT_snapshots.d/torproject/serial
+++ b/config/APT_snapshots.d/torproject/serial
@@ -1 +1 @@
-latest
+2017041704
diff --git a/config/amnesia b/config/amnesia
index d4aac96..97e0115 100644
--- a/config/amnesia
+++ b/config/amnesia
@@ -13,7 +13,7 @@
# Base for the string that will be passed to "lb config --bootappend-live"
# FIXME: see [[bugs/sdmem_on_eject_broken_for_CD]] for explanation why we
# need to set block.events_dfl_poll_msecs
-AMNESIA_APPEND="live-media=removable apparmor=1 security=apparmor nopersistence noprompt timezone=Etc/UTC block.events_dfl_poll_msecs=1000 splash noautologin module=Tails kaslr slab_nomerge slub_debug=FZ mce=0 vsyscall=none"
+AMNESIA_APPEND="live-media=removable apparmor=1 security=apparmor nopersistence noprompt timezone=Etc/UTC block.events_dfl_poll_msecs=1000 splash noautologin module=Tails kaslr slab_nomerge slub_debug=FZP mce=0 vsyscall=none page_poison=1 union=aufs"
# Options passed to isohybrid
AMNESIA_ISOHYBRID_OPTS="-h 255 -s 63"
@@ -22,7 +22,7 @@ AMNESIA_ISOHYBRID_OPTS="-h 255 -s 63"
REQUIRED_SYSLINUX_UTILS_UPSTREAM_VERSION="6.03~pre20"
# Kernel version
-KERNEL_VERSION='4.9.0-0.bpo.2'
+KERNEL_VERSION='4.9.0-2'
KERNEL_SOURCE_VERSION=$(
echo "$KERNEL_VERSION" \
| perl -p -E 's{\A (\d+ [.] \d+) [.] .*}{$1}xms'
diff --git a/config/base_branch b/config/base_branch
index d64531f..4f795ee 100644
--- a/config/base_branch
+++ b/config/base_branch
@@ -1 +1 @@
-devel
+feature/stretch
diff --git a/config/binary_local-hooks/05-rename-kernels b/config/binary_local-hooks/05-rename-kernels
index 09f8357..c29f8d9 100644
--- a/config/binary_local-hooks/05-rename-kernels
+++ b/config/binary_local-hooks/05-rename-kernels
@@ -16,7 +16,5 @@ Set_defaults
Echo_message "Renaming kernels"
-mv binary/live/vmlinuz-*-686 binary/live/vmlinuz
-mv binary/live/initrd.img-*-686 binary/live/initrd.img
-mv binary/live/vmlinuz-*-amd64 binary/live/vmlinuz2
-mv binary/live/initrd.img-*-amd64 binary/live/initrd2.img
+mv binary/live/vmlinuz-*-amd64 binary/live/vmlinuz
+mv binary/live/initrd.img-*-amd64 binary/live/initrd.img
diff --git a/config/binary_local-hooks/20-syslinux_detect_cpu b/config/binary_local-hooks/20-syslinux_detect_cpu
index 3e0f703..0aa98e6 100755
--- a/config/binary_local-hooks/20-syslinux_detect_cpu
+++ b/config/binary_local-hooks/20-syslinux_detect_cpu
@@ -15,14 +15,8 @@ Read_conffiles config/all config/bootstrap config/common config/binary
Set_defaults
# Safeguards
-if [ "${LB_BOOTLOADER}" != "syslinux" ]
-then
- exit 0
-fi
-if [ "${LB_ARCHITECTURE}" != "i386" ]
-then
- exit 0
-fi
+[ "${LB_BOOTLOADER}" = "syslinux" ] || exit 0
+[ "${LB_ARCHITECTURE}" = "amd64" ] || exit 0
# Seems like we'll have work to do
Echo_message "adding CPU autodetection to the syslinux menu"
@@ -53,9 +47,9 @@ Restore_cache cache/packages_binary
Install_package
# Copy necessary syslinux modules
-for module in ifcpu64.c32
+for module in cat.c32 ifcpu64.c32
do
- cp "chroot/usr/lib/syslinux/${module}" "${SYSLINUX_PATH}/"
+ cp "chroot/usr/lib/syslinux/modules/bios/${module}" "${SYSLINUX_PATH}/"
done
# Saving cache
@@ -68,13 +62,13 @@ Remove_package
cat > "${SYSLINUX_CFG}" <<EOF
label select_menu
com32 ifcpu64.c32
- append menu_amd64 -- menu_486 -- menu_486
-label menu_amd64
+ append menu_64 -- menu_32 -- menu_32
+label menu_64
kernel vesamenu.c32
- append liveamd64.cfg
-label menu_486
- kernel vesamenu.c32
- append live486.cfg
+ append live64.cfg
+label menu_32
+ com32 cat.c32
+ append sorry32.txt
default select_menu
prompt 0
EOF
@@ -83,21 +77,11 @@ EOF
# state to the defaults
sed -i -e "1i prompt 0\ntimeout 40\n" "${SYSLINUX_MENU_CFG}"
-# Copy and adapt live.cfg for each kernel
-for arch in 486 amd64
-do
- (
- echo "include menu.cfg"
-
- if [ $arch = 486 ]; then
- append=""
- else
- append=2
- fi
- sed -e "s,/vmlinuz$,/vmlinuz${append}, ; s,initrd\.img,initrd${append}.img," "${SYSLINUX_LIVE_CFG}"
- ) | sed -n -e '/^label live-amd64.*/ { q } ; p' \
- > "${SYSLINUX_PATH}/live${arch}.cfg"
-done
+# Generate a live$arch.cfg for each architecture
+(
+ echo "include menu.cfg"
+ sed -n -e '/^label live-amd64.*/ { q } ; p' "${SYSLINUX_LIVE_CFG}"
+) > "${SYSLINUX_PATH}/live64.cfg"
# Don't load live.cfg from menu.cfg:
# syslinux_cfg automatically loads arch-specific menus
diff --git a/config/binary_local-hooks/30-syslinux_fixup b/config/binary_local-hooks/30-syslinux_fixup
index c71bc88..e545ca3 100755
--- a/config/binary_local-hooks/30-syslinux_fixup
+++ b/config/binary_local-hooks/30-syslinux_fixup
@@ -16,7 +16,7 @@ Set_defaults
# Safeguards
[ "${LB_BOOTLOADER}" = "syslinux" ] || exit 0
-[ "${LB_ARCHITECTURE}" = "i386" ] || exit 0
+[ "${LB_ARCHITECTURE}" = "amd64" ] || exit 0
# Seems like we'll have work to do
Echo_message "fixing syslinux installation"
diff --git a/config/binary_local-hooks/40-include_syslinux_in_ISO_filesystem b/config/binary_local-hooks/40-include_syslinux_in_ISO_filesystem
index 4a4d5d2..0c3b06c 100755
--- a/config/binary_local-hooks/40-include_syslinux_in_ISO_filesystem
+++ b/config/binary_local-hooks/40-include_syslinux_in_ISO_filesystem
@@ -16,28 +16,52 @@ Set_defaults
# Safeguards
[ "${LB_BOOTLOADER}" = "syslinux" ] || exit 0
-[ "${LB_ARCHITECTURE}" = "i386" ] || exit 0
+[ "${LB_ARCHITECTURE}" = "amd64" ] || exit 0
# Seems like we'll have work to do
Echo_message 'including syslinux in the ISO filesystem'
+### Functions
+
+syslinux_deb_version_in_chroot () {
+ chroot chroot dpkg-query -W -f='${Version}\n' syslinux
+}
+
### Variables
LINUX_BINARY_UTILS_DIR='binary/utils/linux'
WIN32_BINARY_UTILS_DIR='binary/utils/win32'
BINARY_MBR_DIR='binary/utils/mbr'
-CHROOT_SYSLINUX_BIN='chroot/usr/bin/syslinux'
CHROOT_SYSLINUX_MBR='chroot/usr/lib/SYSLINUX/gptmbr.bin'
CHROOT_TEMP_APT_SOURCES='chroot/etc/apt/sources.list.d/tmp-deb-src.list'
-
-### Functions
-
-syslinux_deb_version_in_chroot () {
- chroot chroot dpkg-query -W -f='${Version}\n' syslinux
-}
+SYSLINUX_DEB_VERSION_IN_CHROOT=$(syslinux_deb_version_in_chroot)
### Main
mkdir -p "$LINUX_BINARY_UTILS_DIR" "$WIN32_BINARY_UTILS_DIR" "$BINARY_MBR_DIR"
-cp "$CHROOT_SYSLINUX_BIN" "$LINUX_BINARY_UTILS_DIR/"
+# We need the 32-bit binary until most of the users have upgraded to 64-bit.
+# Copy 32-bit syslinux binary
+(
+ olddir=$(pwd)
+ workdir=$(mktemp -d)
+ cd "$workdir"
+ chroot="$olddir/chroot"
+ echo "Configuring APT architectures for the installation of syslinux"
+ Chroot "$chroot" \
+ echo 'APT::Architectures {"i386"; "amd64";};' \
+ > /etc/apt/apt.conf.d/13architectures
+ Chroot "$chroot" dpkg --add-architecture i386
+ Chroot "$chroot" apt-get update
+ echo "Downloading syslinux:i386 version ${SYSLINUX_DEB_VERSION_IN_CHROOT}"
+ Chroot "$chroot" \
+ apt-get --yes download \
+ syslinux:i386="${SYSLINUX_DEB_VERSION_IN_CHROOT}"
+ echo "Extracting syslinux:i386"
+ dpkg-deb --extract "$chroot"/syslinux_*.deb .
+ rm "$chroot"/syslinux_*.deb
+ cp ./usr/bin/syslinux "$olddir/$LINUX_BINARY_UTILS_DIR/"
+ cd "$olddir"
+ rm -r "$workdir"
+)
+# Copy syslinux MBR
cp "$CHROOT_SYSLINUX_MBR" "$BINARY_MBR_DIR/mbr.bin"
cat chroot/etc/apt/sources.list chroot/etc/apt/sources.list.d/*.list \
diff --git a/config/binary_local-hooks/50-grub-efi-ia32 b/config/binary_local-hooks/50-grub-efi-ia32
index 23c32cc..f2077b3 100755
--- a/config/binary_local-hooks/50-grub-efi-ia32
+++ b/config/binary_local-hooks/50-grub-efi-ia32
@@ -71,7 +71,7 @@ Read_conffiles config/all config/bootstrap config/common config/binary
Set_defaults
# Safeguards
-[ "${LB_ARCHITECTURE}" = "i386" ] || exit 0
+[ "${LB_ARCHITECTURE}" = "amd64" ] || exit 0
# Seems like we'll have work to do
Echo_message 'including GRUB EFI for ia32 in the ISO filesystem'
diff --git a/config/binary_local-hooks/99-syslinux_uefi b/config/binary_local-hooks/99-syslinux_uefi
index d67c69f..12309b3 100755
--- a/config/binary_local-hooks/99-syslinux_uefi
+++ b/config/binary_local-hooks/99-syslinux_uefi
@@ -16,7 +16,7 @@ Set_defaults
# Safeguards
[ "${LB_BOOTLOADER}" = "syslinux" ] || exit 0
-[ "${LB_ARCHITECTURE}" = "i386" ] || exit 0
+[ "${LB_ARCHITECTURE}" = "amd64" ] || exit 0
# Seems like we'll have work to do
Echo_message "installing syslinux UEFI bootloader"
diff --git a/config/binary_local-includes/isolinux/sorry32.txt b/config/binary_local-includes/isolinux/sorry32.txt
new file mode 100644
index 0000000..8941a28
--- /dev/null
+++ b/config/binary_local-includes/isolinux/sorry32.txt
@@ -0,0 +1,12 @@
+
+
+
+We are sorry!
+
+Tails can not work on this computer:
+Tails now requires a 64-bit computer.
+
+For more information, see:
+https://tails.boum.org/doc/about/requirements/
+
+
diff --git a/config/build-manifest-extra-packages.yml b/config/build-manifest-extra-packages.yml
index 7c48e7a..7b25694 100644
--- a/config/build-manifest-extra-packages.yml
+++ b/config/build-manifest-extra-packages.yml
@@ -6,6 +6,6 @@
packages:
binary:
- package: squashfs-tools
- arch: i386
+ arch: amd64
version: 1:4.2+20130409-2
explanation: pulled by lb_binary_rootfs, outside of the reach of our apt-get wrapper
diff --git a/config/chroot_apt/preferences b/config/chroot_apt/preferences
index 01d1d8e..6e2d9f2 100644
--- a/config/chroot_apt/preferences
+++ b/config/chroot_apt/preferences
@@ -1,15 +1,7 @@
-Package: apparmor-profiles-extra
-Pin: release o=Debian,n=jessie-backports
-Pin-Priority: 999
-
Package: b43-fwcutter
Pin: release o=Debian,n=sid
Pin-Priority: 999
-Package: electrum
-Pin: release o=Debian,n=stretch
-Pin-Priority: 999
-
Package: firmware-b43-installer
Pin: release o=Debian,n=sid
Pin-Priority: 999
@@ -18,43 +10,17 @@ Package: firmware-b43legacy-installer
Pin: release o=Debian,n=sid
Pin-Priority: 999
-Explanation: src:firmware-nonfree
-Package: firmware-linux firmware-linux-nonfree firmware-amd-graphics firmware-atheros firmware-brcm80211 firmware-intel-sound firmware-ipw2x00 firmware-iwlwifi firmware-libertas firmware-misc-nonfree firmware-realtek firmware-ti-connectivity
-Pin: release o=Debian,n=jessie-backports
-Pin-Priority: 999
-
Package: firmware-linux-free
Pin: release o=Debian,n=sid
Pin-Priority: 999
-Package: firmware-zd1211
+Explanation: src:firmware-nonfree
+Package: firmware-linux firmware-linux-nonfree firmware-amd-graphics firmware-atheros firmware-brcm80211 firmware-intel-sound firmware-ipw2x00 firmware-iwlwifi firmware-libertas firmware-misc-nonfree firmware-realtek firmware-ti-connectivity
Pin: release o=Debian,n=sid
Pin-Priority: 999
-Package: grub-common
-Pin: origin deb.tails.boum.org
-Pin-Priority: 999
-
-Package: grub-efi-ia32
-Pin: origin deb.tails.boum.org
-Pin-Priority: 999
-
-Package: grub-efi-ia32-bin
-Pin: origin deb.tails.boum.org
-Pin-Priority: 999
-
-Package: grub2-common
-Pin: origin deb.tails.boum.org
-Pin-Priority: 999
-
-Explanation: required by openpgp-applet
-Package: libgtk3-simplelist-perl
-Pin: release o=Debian,n=jessie-backports
-Pin-Priority: 999
-
-Explanation: src:hplip
-Package: hplip* hpijs-ppds libhpmud* libsane-hpaio printer-driver-hpcups printer-driver-hpijs printer-driver-postscript-hp
-Pin: release o=Debian,n=jessie-backports
+Package: firmware-zd1211
+Pin: release o=Debian,n=sid
Pin-Priority: 999
Explanation: We ship our custom-built Icedove for now, see #6156
@@ -62,120 +28,16 @@ Package: icedove* iceowl* calendar-google-provider
Pin: origin deb.tails.boum.org
Pin-Priority: 999
-Explanation: src:mesa
-Package: lib*-mesa* libgbm* libxatracker*
-Pin: release o=Debian,n=jessie-backports
-Pin-Priority: 1006
-
-Package: libdrm*
-Pin: release o=Debian,n=jessie-backports
-Pin-Priority: 999
-
-Package: libdvd-pkg
-Pin: release o=Debian,n=jessie-backports
-Pin-Priority: 999
-
-Explanation: src:llvm-toolchain-3.8
-Package: clang* llvm* libclang* libfuzzer* libllvm* liblldb* lldb* python-clang* python-lldb*
-Pin: release o=Debian,n=jessie-backports
-Pin-Priority: 999
-
-Package: libnet-dbus-perl
-Pin: release o=Debian,n=jessie-backports
-Pin-Priority: 999
-
-Package: linux-base
-Pin: release o=Debian,n=sid
-Pin-Priority: 999
-
-Package: linux-compiler-gcc-*
-Pin: release o=Debian,n=jessie-backports
-Pin-Priority: 999
-
-Package: linux-compiler-gcc-*:amd64
-Pin: release o=Debian,n=jessie-backports
-Pin-Priority: 999
-
-Package: linux-headers-* linux-headers-*:amd64
-Pin: release o=Debian,n=jessie-backports
-Pin-Priority: 999
-
-Package: linux-image-*-unsigned linux-image-*-unsigned:amd64
-Pin: release o=Debian,n=jessie-backports
-Pin-Priority: 999
-
-Package: linux-kbuild-* linux-source-*
-Pin: release o=Debian,n=jessie-backports
-Pin-Priority: 999
-
-Package: monkeysphere
-Pin: release o=Debian,n=stretch
-Pin-Priority: 999
-
Package: obfs4proxy
Pin: release o=TorProject,n=obfs4proxy
Pin-Priority: 990
-Package: onioncircuits
-Pin: release o=Debian,n=jessie-backports
-Pin-Priority: 999
-
-Package: onionshare
-Pin: release o=Debian,n=jessie-backports
-Pin-Priority: 999
-
-Package: openpgp-applet
-Pin: release o=Debian,n=jessie-backports
-Pin-Priority: 999
-
-Package: pinentry-gtk2
-Pin: release o=Debian,n=jessie-backports
-Pin-Priority: 999
-
-Explanation: We need Dogtail >=0.9.1 (https://bugzilla.redhat.com/show_bug.cgi?id=972257)
-Package: python-dogtail
-Pin: release o=Debian,n=stretch
-Pin-Priority: 999
-
-Package: python-electrum
-Pin: release o=Debian,n=stretch
-Pin-Priority: 999
-
-Explanation: version >= 1.4 required for ADD_ONION support in onionshare
-Package: python3-stem
-Pin: release o=Debian,n=jessie-backports
-Pin-Priority: 999
-
Package: tails-installer
Pin: origin deb.tails.boum.org
Pin-Priority: 999
-Package: ttdnsd
-Pin: origin deb.tails.boum.org
-Pin-Priority: 999
-
-Package: torsocks
-Pin: release o=Debian,n=jessie-backports
-Pin-Priority: 999
-
-Package: virtualbox-guest-utils virtualbox-guest-dkms virtualbox-guest-x11
-Pin: origin deb.tails.boum.org
-Pin-Priority: 999
-
-Package: xserver-xorg-video-amdgpu
-Pin: release o=Debian,n=jessie-backports
-Pin-Priority: 999
-
-Package: xserver-xorg-video-intel
-Pin: release o=Debian,n=jessie-backports
-Pin-Priority: 999
-
-Package: xul-ext-torbirdy
-Pin: release o=Debian,n=jessie-backports
-Pin-Priority: 999
-
-Package: xul-ext-ublock-origin
-Pin: release o=Debian,n=jessie-backports
+Package: virtualbox*
+Pin: release o=Debian,n=sid
Pin-Priority: 999
Explanation: weirdness in chroot_apt install-binary
@@ -188,23 +50,19 @@ Pin: origin deb.tails.boum.org
Pin-Priority: 990
Package: *
-Pin: release o=Debian,n=jessie-updates
+Pin: release o=Debian,n=stretch-updates
Pin-Priority: 990
Package: *
-Pin: release l=Debian-Security,n=jessie/updates
+Pin: release l=Debian-Security,n=stretch/updates
Pin-Priority: 990
Package: *
-Pin: release o=Debian,n=jessie-proposed-updates
-Pin-Priority: 990
-
-Package: *
-Pin: release o=Debian,n=jessie
+Pin: release o=Debian,n=stretch
Pin-Priority: 990
Package: *
-Pin: release o=TorProject,n=jessie
+Pin: release o=TorProject,n=stretch
Pin-Priority: 990
Package: *
diff --git a/config/chroot_local-hooks/03-dpkg-architectures b/config/chroot_local-hooks/03-dpkg-architectures
deleted file mode 100644
index 654a8ac..0000000
--- a/config/chroot_local-hooks/03-dpkg-architectures
+++ /dev/null
@@ -1,7 +0,0 @@
-#! /bin/sh
-
-set -e
-
-echo "Configuring dpkg architectures"
-
-dpkg --add-architecture amd64
diff --git a/config/chroot_local-hooks/04-apt-architectures b/config/chroot_local-hooks/04-apt-architectures
deleted file mode 100755
index 572f5c0..0000000
--- a/config/chroot_local-hooks/04-apt-architectures
+++ /dev/null
@@ -1,10 +0,0 @@
-#! /bin/sh
-
-set -e
-
-echo "Configuring APT architectures for the duration of chroot_local-hooks"
-
-echo 'APT::Architectures {"i386"; "amd64";};' \
- > /etc/apt/apt.conf.d/13architectures
-
-apt-get update
diff --git a/config/chroot_local-hooks/09-torsocks-apps b/config/chroot_local-hooks/09-torsocks-apps
index 00f9152..66dc745 100755
--- a/config/chroot_local-hooks/09-torsocks-apps
+++ b/config/chroot_local-hooks/09-torsocks-apps
@@ -4,8 +4,8 @@ set -e
echo "Wrapping some applications with torsocks"
-APPS="gobby-0.5 liferea openpgp-applet seahorse"
-DBUS_SERVICES="org.gnome.seahorse.Application org.fedoraproject.Config.Printing"
+APPS="gobby-0.5 net.sourceforge.liferea openpgp-applet seahorse"
+DBUS_SERVICES="net.sourceforge.liferea org.gnome.seahorse.Application org.fedoraproject.Config.Printing"
for app in $APPS; do
sed -i'' --regexp-extended 's,^Exec=(.*),Exec=torsocks \1,' \
@@ -18,5 +18,7 @@ for dbus_service in $DBUS_SERVICES; do
done
# Redirect to existing wrapper
+sed -i'' --regexp-extended 's,^Exec=pidgin$,Exec=/usr/local/bin/pidgin,' \
+ "/usr/share/applications/pidgin.desktop"
sed -i'' --regexp-extended 's,^Exec=/usr/bin/totem$,Exec=/usr/local/bin/totem,' \
"/usr/share/dbus-1/services/org.gnome.Totem.service"
diff --git a/config/chroot_local-hooks/09-torsocks-configuration b/config/chroot_local-hooks/09-torsocks-configuration
new file mode 100755
index 0000000..6614aea
--- /dev/null
+++ b/config/chroot_local-hooks/09-torsocks-configuration
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+set -e
+
+echo "Configure torsocks"
+
+# Allow TCP and UDP outbound connections to the loopback interface, so
+# that we can wrap git with torsocks without breaking Git-over-SSH
+# (SSH is torified via ProxyCommand already).
+sed -i'' \
+ --regexp-extended 's,^#?AllowOutboundLocalhost\s+.*,AllowOutboundLocalhost 2,' \
+ /etc/tor/torsocks.conf
diff --git a/config/chroot_local-hooks/10-tbb b/config/chroot_local-hooks/10-tbb
index f95724b..8bf5d5c 100755
--- a/config/chroot_local-hooks/10-tbb
+++ b/config/chroot_local-hooks/10-tbb
@@ -160,11 +160,11 @@ create_default_profile() {
}
TBB_SHA256SUMS_FILE=/usr/share/tails/tbb-sha256sums.txt
-TBB_TARBALLS="$(grep "\<tor-browser-linux32-.*\.tar.xz$" "${TBB_SHA256SUMS_FILE}")"
+TBB_TARBALLS="$(grep "\<tor-browser-linux64-.*\.tar.xz$" "${TBB_SHA256SUMS_FILE}")"
# We'll use the en-US bundle as our basis; only langpacks will be
# installed from the other bundles.
-MAIN_TARBALL="$(echo "${TBB_TARBALLS}" | grep -o "tor-browser-linux32-.*_en-US.tar.xz")"
+MAIN_TARBALL="$(echo "${TBB_TARBALLS}" | grep -o "tor-browser-linux64-.*_en-US.tar.xz")"
TBB_DIST_URL_FILE=/usr/share/tails/tbb-dist-url.txt
TBB_TARBALLS_BASE_URL="$(cat "${TBB_DIST_URL_FILE}")"
@@ -207,4 +207,7 @@ chmod -R a+rX "${TBB_INSTALL}" "${TBB_PROFILE}" "${TBB_EXT}"
# Make the Tor Browser into the system's default web browser
update-alternatives --install /usr/bin/x-www-browser x-www-browser /usr/local/bin/tor-browser 99
update-alternatives --install /usr/bin/gnome-www-browser gnome-www-browser /usr/local/bin/tor-browser 99
-sed -i 's/\<iceweasel\.desktop\>/tor-browser.desktop/' /etc/gnome/defaults.list
+sed 's/\<firefox-esr\.desktop\>/tor-browser.desktop/' \
+ /usr/share/applications/gnome-mimeapps.list \
+ > /etc/xdg/gnome-mimeapps.list
+chmod 644 /etc/xdg/gnome-mimeapps.list
diff --git a/config/chroot_local-hooks/11-enable-icedove-addons b/config/chroot_local-hooks/11-enable-icedove-addons
index a9f14b1..cae947b 100755
--- a/config/chroot_local-hooks/11-enable-icedove-addons
+++ b/config/chroot_local-hooks/11-enable-icedove-addons
@@ -8,5 +8,5 @@ EXT="/usr/lib/icedove/extensions"
[ -d "$EXT" ] || exit 1
echo "Enabling Torbirdy and Enigmail in Icedove"
-ln -s /usr/share/xul-ext/torbirdy "$EXT"/castironthunderbirdclub@torproject.org
-ln -s /usr/lib/xul-ext/enigmail "$EXT"/\{847b3a00-7ab1-11d4-8f02-006008948af5\}
+ln -s /usr/share/xul-ext/torbirdy "${EXT}/castironthunderbirdclub@torproject.org"
+ln -s /usr/share/xul-ext/enigmail "${EXT}/{847b3a00-7ab1-11d4-8f02-006008948af5}"
diff --git a/config/chroot_local-hooks/11-localize_browser b/config/chroot_local-hooks/11-localize_browser
index 3597fef..419dc81 100644..100755
--- a/config/chroot_local-hooks/11-localize_browser
+++ b/config/chroot_local-hooks/11-localize_browser
@@ -24,8 +24,6 @@ BRANDING_TEMPLATE_FILE="${BROWSER_LOCALIZATION_DIR}/amnesia.properties-template"
BRANDING_DIR="/usr/local/share/tor-browser-extensions/branding@amnesia.boum.org/"
NO_SPELLCHECKER_LOCALES="ja ko nl pl tr zh"
-apt-get --yes install imagemagick
-
# Sanity check that each supported Tor Browser locale has a
# description for how to localize it further.
BROKEN_LOCALES=""
@@ -195,5 +193,3 @@ done
chmod -R a+rX "${TBB_LOCALIZED_SEARCHPLUGINS_DIR}" \
"${BRANDING_DIR}" \
"${TBB_EXT}"
-
-apt-get --yes purge imagemagick
diff --git a/config/chroot_local-hooks/12-initramfs-compress b/config/chroot_local-hooks/12-initramfs-compress
deleted file mode 100755
index 8fd5beb..0000000
--- a/config/chroot_local-hooks/12-initramfs-compress
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/bin/sh
-
-set -e
-
-echo "Configuring compression of the initramfs"
-
-# Compress the initramfs using a more size-wise efficient algorithm.
-
-OPTS_FILE='/etc/initramfs-tools/initramfs.conf'
-
-[ -f "${OPTS_FILE}" ] || exit 11
-
-sed -i'' 's,^COMPRESS=.*,COMPRESS=xz,' "${OPTS_FILE}"
diff --git a/config/chroot_local-hooks/12-linux-amd64 b/config/chroot_local-hooks/12-linux-amd64
deleted file mode 100644
index cc7764d..0000000
--- a/config/chroot_local-hooks/12-linux-amd64
+++ /dev/null
@@ -1,9 +0,0 @@
-#!/bin/sh
-
-set -e
-
-echo "Installing amd64 Linux kernel"
-
-. /usr/share/amnesia/build/variables
-
-apt-get --yes install "linux-image-${KERNEL_VERSION}-amd64-unsigned:amd64"
diff --git a/config/chroot_local-hooks/13-aufs b/config/chroot_local-hooks/13-aufs
deleted file mode 100755
index 4890fbf..0000000
--- a/config/chroot_local-hooks/13-aufs
+++ /dev/null
@@ -1,49 +0,0 @@
-#! /bin/sh
-
-set -e
-set -u
-
-echo "Building the aufs module"
-
-. /usr/share/amnesia/build/variables
-
-apt-get install --yes \
- build-essential \
- "linux-source-${KERNEL_SOURCE_VERSION}"
-
-# aufs build needs fs/mount.h, which is in linux-source-* but not
-# in linux-headers-*, so we'll symlink it.
-tar --directory=/usr/src \
- -xf "/usr/src/linux-source-${KERNEL_SOURCE_VERSION}.tar."*
-
-for arch in 686 amd64 ; do
- case "$arch" in
- 686)
- linux_headers_arch_pkg="linux-headers-${KERNEL_VERSION}-686"
- linux_headers_common_pkg="linux-headers-${KERNEL_VERSION}-common"
- ;;
- amd64)
- linux_headers_arch_pkg="linux-headers-${KERNEL_VERSION}-amd64:amd64"
- linux_headers_common_pkg="linux-headers-${KERNEL_VERSION}-common:amd64"
- ;;
- *)
- exit 1
- esac
- apt-get install --yes "$linux_headers_arch_pkg" "$linux_headers_common_pkg"
- ln -s \
- "/usr/src/linux-source-${KERNEL_SOURCE_VERSION}/fs" \
- "/usr/src/linux-headers-${KERNEL_VERSION}-${arch}/fs"
- (
- cd /usr/src/aufs4-standalone
- perl -pi -E \
- 's{\A CONFIG_AUFS_DEBUG \s* = \s* y $}{CONFIG_AUFS_DEBUG =}xms' \
- config.mk
- KDIR="/usr/src/linux-headers-${KERNEL_VERSION}-${arch}"
- make clean KDIR="$KDIR"
- make install KDIR="$KDIR"
- )
- depmod "${KERNEL_VERSION}-${arch}"
- apt-get remove --yes "$linux_headers_arch_pkg" "$linux_headers_common_pkg"
-done
-rm -r /usr/src/aufs4-standalone
-rm -r "/usr/src/linux-source-${KERNEL_SOURCE_VERSION}"
diff --git a/config/chroot_local-hooks/20-fix-root-terminal-xauthority b/config/chroot_local-hooks/20-fix-root-terminal-xauthority
new file mode 100755
index 0000000..23a7a5f
--- /dev/null
+++ b/config/chroot_local-hooks/20-fix-root-terminal-xauthority
@@ -0,0 +1,16 @@
+#! /bin/sh
+
+set -e
+
+echo "Work around a gksu bug to make it possible to start graphical applications in the Root Terminal"
+
+echo '
+# Workaround a gksu bug making X11 application not start in
+# the Root Terminal
+if echo "${XAUTHORITY}" | grep -q "^/tmp/libgksu-"; then
+ mkdir -p "$(dirname "${XAUTHORITY}")"
+ . /etc/live/config.d/username.conf
+ cp "/run/user/$(id -u ${LIVE_USERNAME})/gdm/Xauthority" "${XAUTHORITY}"
+ unset LIVE_USERNAME
+fi
+' >> /root/.bashrc
diff --git a/config/chroot_local-hooks/30-disable-wayland-in-gdm b/config/chroot_local-hooks/30-disable-wayland-in-gdm
new file mode 100755
index 0000000..6c6464d
--- /dev/null
+++ b/config/chroot_local-hooks/30-disable-wayland-in-gdm
@@ -0,0 +1,9 @@
+#!/bin/sh
+set -e
+set -u
+echo "Explicitly disable Wayland in GDM, and adjust permissions accordingly"
+sed --in-place --regexp-extended \
+ 's/^#WaylandEnable=false$/WaylandEnable=false/' /etc/gdm3/daemon.conf
+
+# rootless X.Org may require access to /dev/fb0, that's owned by root:video
+adduser Debian-gdm video
diff --git a/config/chroot_local-hooks/31-lower-DefaultTimeoutStopSec b/config/chroot_local-hooks/31-lower-DefaultTimeoutStopSec
new file mode 100755
index 0000000..56b9ee6
--- /dev/null
+++ b/config/chroot_local-hooks/31-lower-DefaultTimeoutStopSec
@@ -0,0 +1,9 @@
+#!/bin/sh
+set -e
+set -u
+
+echo "Lower systemd's DefaultTimeoutStopSec"
+
+sed --in-place --regexp-extended \
+ 's/^#DefaultTimeoutStopSec=.*$/DefaultTimeoutStopSec=5s/' \
+ /etc/systemd/system.conf
diff --git a/config/chroot_local-hooks/40-pinentry b/config/chroot_local-hooks/40-pinentry
new file mode 100755
index 0000000..373213e
--- /dev/null
+++ b/config/chroot_local-hooks/40-pinentry
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+set -eu
+
+echo "Selecting our preferred pinentry"
+
+for alternative in pinentry pinentry-x11 ; do
+ update-alternatives --set "$alternative" /usr/bin/pinentry-gtk-2
+done
diff --git a/config/chroot_local-hooks/42-remove_tsocks_binary b/config/chroot_local-hooks/42-remove_tsocks_binary
deleted file mode 100755
index 3cfde2a..0000000
--- a/config/chroot_local-hooks/42-remove_tsocks_binary
+++ /dev/null
@@ -1,9 +0,0 @@
-#!/bin/sh
-
-set -e
-
-echo "Removing tsocks"
-
-# Move any /usr/bin/tsocks installed by any package out of the way,
-# now (--rename) as well for any future one (hint: apt-get upgrade...).
-dpkg-divert --rename --add /usr/bin/tsocks
diff --git a/config/chroot_local-hooks/43-adjust_path_to_ibus-unikey_binaries b/config/chroot_local-hooks/43-adjust_path_to_ibus-unikey_binaries
deleted file mode 100755
index d690708..0000000
--- a/config/chroot_local-hooks/43-adjust_path_to_ibus-unikey_binaries
+++ /dev/null
@@ -1,18 +0,0 @@
-#!/bin/sh
-
-set -e
-
-echo "Moving IBus Unikey binaries to /usr/lib/ibus/"
-
-# Workaround Debian bug #714932 -- we can't just dpkg-divert it, since
-# the original path is hardcoded in these binaries.
-for infix in engine setup ; do
- orig="/usr/lib/ibus-unikey/ibus-$infix-unikey"
- dest="/usr/lib/ibus/ibus-$infix-unikey"
- ln -s "$orig" "$dest"
-done
-
-# Adjust path to the binary in unikey.xml
-sed -i -e \
- 's,/usr/lib/ibus-unikey/ibus-engine-unikey,/usr/lib/ibus/ibus-engine-unikey,' \
- /usr/share/ibus/component/unikey.xml
diff --git a/config/chroot_local-hooks/44-remove-unused-AppArmor-profiles b/config/chroot_local-hooks/44-remove-unused-AppArmor-profiles
index dd7688e..b2c113d 100755
--- a/config/chroot_local-hooks/44-remove-unused-AppArmor-profiles
+++ b/config/chroot_local-hooks/44-remove-unused-AppArmor-profiles
@@ -11,14 +11,12 @@ echo "Deleting unused AppArmor profiles"
sbin.klogd \
sbin.syslogd \
sbin.syslog-ng \
- usr.bin.chromium-browser \
usr.lib.dovecot.* \
usr.sbin.dnsmasq \
usr.sbin.dovecot \
usr.sbin.identd \
usr.sbin.mdnsd \
usr.sbin.nmbd \
- usr.sbin.ntpd \
usr.sbin.nscd \
usr.sbin.smb*
)
diff --git a/config/chroot_local-hooks/45-disable-unneeded-dbus-services b/config/chroot_local-hooks/45-disable-unneeded-dbus-services
index c9b5c94..8fb64b0 100755
--- a/config/chroot_local-hooks/45-disable-unneeded-dbus-services
+++ b/config/chroot_local-hooks/45-disable-unneeded-dbus-services
@@ -10,6 +10,13 @@ SERVICES_DIR=/usr/share/dbus-1/services
sed -i'' 's,^Exec=.*$,Exec=/bin/false,' \
"${SERVICES_DIR}"/org.gnome.evolution.dataserver.*.service \
- "${SERVICES_DIR}"/org.gnome.Shell.CalendarServer.service \
- "${SERVICES_DIR}"/org.freedesktop.Telepathy.AccountManager.service \
- "${SERVICES_DIR}"/org.freedesktop.Telepathy.MissionControl5.service
+ "${SERVICES_DIR}"/org.gnome.Shell.CalendarServer.service
+
+for service in \
+ "${SERVICES_DIR}"/org.freedesktop.Telepathy.AccountManager.service \
+ "${SERVICES_DIR}"/org.freedesktop.Telepathy.MissionControl5.service ; do
+ if [ -f "$service" ]; then
+ echo "$service is back: consider disabling it" >&2
+ exit 1
+ fi
+done
diff --git a/config/chroot_local-hooks/47-tweak_laptop-mode-tools b/config/chroot_local-hooks/47-tweak_laptop-mode-tools
index 339c6e2..ded180d 100755
--- a/config/chroot_local-hooks/47-tweak_laptop-mode-tools
+++ b/config/chroot_local-hooks/47-tweak_laptop-mode-tools
@@ -4,5 +4,8 @@ set -e
echo "Tweaking laptop-mode-tools"
+sed -i 's,^ENABLE_AUTO_MODULES=1$,ENABLE_AUTO_MODULES=0,' \
+ /etc/laptop-mode/laptop-mode.conf
+
sed -i 's,^CONTROL_RUNTIME_AUTOSUSPEND=1$,CONTROL_RUNTIME_AUTOSUSPEND=0,' \
/etc/laptop-mode/conf.d/runtime-pm.conf
diff --git a/config/chroot_local-hooks/50-dkms b/config/chroot_local-hooks/50-dkms
index bbf243f..1757e2b 100755
--- a/config/chroot_local-hooks/50-dkms
+++ b/config/chroot_local-hooks/50-dkms
@@ -3,42 +3,34 @@
set -e
set -u
-echo "Building VirtualBox guest modules"
-
-hw_arch="`dpkg --print-architecture`"
-if [ "$hw_arch" != i386 -a "$hw_arch" != amd64 ]; then
- exit 0
-fi
+echo "Building dkms modules"
. /usr/share/amnesia/build/variables
# the -dkms package must be installed *after* dkms to be properly registered
apt-get install --yes build-essential dkms
-# Note: we only build for the 32-bit kernel, since building for 64-bit is too painful
-# with multiarch; and anyway, the 64-bit kernel module doesn't play well with
-# a 32-bit userspace (https://www.virtualbox.org/ticket/8336), which is why
-# we instruct users to set up a 32-bit VM.
-
# Installing the headers triggers the building of the modules for that kernel
apt-get install --yes \
- "linux-headers-${KERNEL_VERSION}-686" \
+ "linux-headers-${KERNEL_VERSION}-amd64" \
+ aufs-dkms \
virtualbox-guest-dkms
MODULES_VERSION="$(dpkg-query -W -f='${Version}\n' virtualbox-guest-dkms \
| sed -E 's,-.*,,')"
dkms build \
- -a i386 -k "${KERNEL_VERSION}-686" \
+ -a amd64 -k "${KERNEL_VERSION}-amd64" \
-m virtualbox-guest -v "$MODULES_VERSION"
dkms install \
- -a i386 -k "${KERNEL_VERSION}-686" \
+ -a amd64 -k "${KERNEL_VERSION}-amd64" \
-m virtualbox-guest -v "$MODULES_VERSION"
# clean the build directory
-rm -r /var/lib/dkms/virtualbox-guest/
+# rm -r /var/lib/dkms/virtualbox-guest/
# virtualbox-guest-dkms's postrm script deletes any previously
# built binary module; let's delete it before the package gets purged.
+rm /var/lib/dpkg/info/aufs-dkms.prerm
rm /var/lib/dpkg/info/virtualbox-guest-dkms.prerm
# Also copy the udev rules installed by virtualbox-guest-dkms to enable guest
diff --git a/config/chroot_local-hooks/52-update-rc.d b/config/chroot_local-hooks/52-update-rc.d
index ab1648a..ada5c6e 100755
--- a/config/chroot_local-hooks/52-update-rc.d
+++ b/config/chroot_local-hooks/52-update-rc.d
@@ -2,34 +2,6 @@
set -e
-CUSTOM_INITSCRIPTS="
-"
-
-PATCHED_INITSCRIPTS="
-alsa-utils
-gdomap
-haveged
-hdparm
-hwclock.sh
-kexec-load
-laptop-mode
-memlockd
-saned
-spice-vdagent
-tor
-ttdnsd
-"
-
-echo "Configuring boot sequence"
-
-# The patches to adjust the runlevels are applied to the chroot
-# after the packages have been installed. So we need to remove them first,
-# to re-install them with our settings.
-insserv -r $PATCHED_INITSCRIPTS
-
-# Re-install overriden initscripts and install our custom ones.
-insserv $PATCHED_INITSCRIPTS $CUSTOM_INITSCRIPTS
-
### Tweak systemd unit files
# Workaround for https://bugs.debian.org/714957
@@ -48,7 +20,6 @@ systemctl enable tor-controlport-filter.service
systemctl enable var-tmp.mount
# Enable our own systemd user unit files
-systemctl --global enable tails-32-bit-notify-user.service
systemctl --global enable tails-add-GNOME-bookmarks.service
systemctl --global enable tails-configure-keyboard.service
systemctl --global enable tails-create-tor-browser-directories.service
@@ -65,7 +36,7 @@ systemctl --global enable tails-wait-until-tor-has-bootstrapped.service
systemctl disable cups.service
systemctl enable cups.socket
-# We're starting NetworkManager, Tor and ttdnsd ourselves.
+# We're starting NetworkManager and Tor ourselves.
# We disable tor.service (as opposed to tor@default.service) because
# it's an important goal to never start Tor before the user has had
# a chance to choose to do so in an obfuscated way: if some other
@@ -74,11 +45,6 @@ systemctl enable cups.socket
systemctl disable tor.service
systemctl disable NetworkManager.service
systemctl disable NetworkManager-wait-online.service
-systemctl disable ttdnsd.service
-
-# We don't run these services by default
-systemctl disable gdomap.service
-systemctl disable hdparm.service
# Don't hide tails-kexec's shutdown messages with an empty splash screen
for suffix in halt kexec poweroff reboot shutdown ; do
@@ -98,14 +64,8 @@ systemctl mask hwclock-save.service
# Do not run timesyncd: we have our own time synchronization mechanism
systemctl mask systemd-timesyncd.service
-# Unmute and sanitize mixer levels at boot time
-# (`systemctl unmask` does not support initscripts on Jessie,
-# hence the manual unmasking)
-dpkg-divert --add --rename --divert \
- /lib/systemd/system/alsa-utils.service.orig \
- /lib/systemd/system/alsa-utils.service
-# Disable the ALSA state store/restore systemd services (that lack mixer
-# levels unmuting/sanitizing), we use the legacy initscript instead
-systemctl mask alsa-restore.service
-systemctl mask alsa-state.service
-systemctl mask alsa-store.service
+# apt-daily.service can only cause problems in our context (#12390)
+systemctl mask apt-daily.timer
+
+# Do not let pppd-dns manage /etc/resolv.conf
+systemctl mask pppd-dns.service
diff --git a/config/chroot_local-hooks/54-menu b/config/chroot_local-hooks/54-menu
index 029ea1e..c95052c 100755
--- a/config/chroot_local-hooks/54-menu
+++ b/config/chroot_local-hooks/54-menu
@@ -13,8 +13,7 @@ done
rm \
/usr/share/applications/gnome-online-accounts-panel.desktop \
/usr/share/applications/laptop-mode-tools.desktop \
- /usr/share/applications/sniff.desktop \
- /usr/share/applications/system-config-printer.desktop
+ /usr/share/applications/sniff.desktop
sed -i'' --regexp-extended 's,^Exec=pidgin$,Exec=/usr/local/bin/pidgin,' \
/usr/share/applications/pidgin.desktop
diff --git a/config/chroot_local-hooks/57-disable-gnome-keyring-gpg-functionality b/config/chroot_local-hooks/57-disable-gnome-keyring-gpg-functionality
deleted file mode 100755
index fc3b22e..0000000
--- a/config/chroot_local-hooks/57-disable-gnome-keyring-gpg-functionality
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/sh
-
-set -e
-
-echo "Disabling GNOME keyring's GnuPG functionality"
-
-echo "X-GNOME-Autostart-enabled=false" \
- >> /etc/xdg/autostart/gnome-keyring-gpg.desktop
diff --git a/config/chroot_local-hooks/57-disable-system-config-printer-applet b/config/chroot_local-hooks/57-disable-system-config-printer-applet
deleted file mode 100755
index c8e69ba..0000000
--- a/config/chroot_local-hooks/57-disable-system-config-printer-applet
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/sh
-
-set -e
-
-echo "Disabling system-config-printer applet"
-
-echo "X-GNOME-Autostart-enabled=false" \
- >> /etc/xdg/autostart/print-applet.desktop
diff --git a/config/chroot_local-hooks/58-create-tails-website-CA-bundle b/config/chroot_local-hooks/58-create-tails-website-CA-bundle
index 50aff4f..1bfb243 100755
--- a/config/chroot_local-hooks/58-create-tails-website-CA-bundle
+++ b/config/chroot_local-hooks/58-create-tails-website-CA-bundle
@@ -6,6 +6,8 @@ echo "Creating CA bundle for authenticating https://tails.boum.org/"
BUNDLE=/usr/local/etc/ssl/certs/tails.boum.org-CA.pem
+mkdir -p $(dirname "${BUNDLE}")
+
cat /etc/ssl/certs/AddTrust_External_Root.pem \
/etc/ssl/certs/Lets-Encrypt-Authority-X3.pem \
> "$BUNDLE"
diff --git a/config/chroot_local-hooks/62-haveged b/config/chroot_local-hooks/62-haveged
index 3852875..8b97768 100755
--- a/config/chroot_local-hooks/62-haveged
+++ b/config/chroot_local-hooks/62-haveged
@@ -4,5 +4,4 @@ set -e
echo "Configuring haveged"
-perl -pi -E 's,^(ExecStart=.*)--write=\d+$,$1--write=2048",' \
- /lib/systemd/system/haveged.service
+echo 'DAEMON_ARGS="-w 2048"' >> /etc/default/haveged
diff --git a/config/chroot_local-hooks/98-remove_unwanted_files b/config/chroot_local-hooks/98-remove_unwanted_files
index 637ac28..b6cf6c9 100755
--- a/config/chroot_local-hooks/98-remove_unwanted_files
+++ b/config/chroot_local-hooks/98-remove_unwanted_files
@@ -21,9 +21,6 @@ rm /usr/share/tails/tbb-*.txt
# This shell library is only used during build
rm /usr/local/lib/tails-shell-library/build.sh
-# Prevent races between MAC spoofing and interface naming
-rm /lib/udev/rules.d/75-persistent-net-generator.rules
-
# Remove the snakeoil SSL key pair generated by ssl-cert
find /etc/ssl/certs /etc/ssl/private |
while read f; do
diff --git a/config/chroot_local-hooks/98-remove_unwanted_packages b/config/chroot_local-hooks/98-remove_unwanted_packages
index 2deaa2c..227e14e 100755
--- a/config/chroot_local-hooks/98-remove_unwanted_packages
+++ b/config/chroot_local-hooks/98-remove_unwanted_packages
@@ -14,12 +14,10 @@ echo "Removing unwanted packages"
apt-get --yes purge \
'^linux-kbuild-*' \
'^linux-headers-*' \
- '^linux-headers-*:amd64' \
- '^linux-source-*' \
build-essential debhelper dkms dpkg-dev \
- gcc gcc-4.8 gcc-4.8-base gcc-4.9 \
+ gcc gcc-6 \
intltool-debian \
- libc6-dev libgl1-mesa-dev linux-libc-dev \
+ libc6-dev linux-libc-dev \
make \
po-debconf \
rsyslog \
@@ -29,15 +27,27 @@ apt-get --yes purge \
### Deinstall a few unwanted packages that were pulled by tasksel
### since they have Priority: standard.
apt-get --yes purge \
- apt-listchanges at bsd-mailx dc debian-faq doc-debian \
- '^exim4*' ftp m4 mlocate mutt ncurses-term nfs-common portmap procmail \
- python-reportbug reportbug telnet texinfo time w3m wamerican
+ apt-listchanges \
+ debian-faq \
+ doc-debian \
+ '^exim4*' \
+ m4 \
+ mlocate \
+ ncurses-term \
+ nfs-common \
+ procmail \
+ python3-reportbug \
+ reportbug \
+ telnet \
+ texinfo \
+ wamerican
### Deinstall some other unwanted packages.
apt-get --yes purge \
'^aptitude*' \
'^geoclue*' \
krb5-locales \
+ libdvdcss2-dbgsym \
live-build \
locales \
rpcbind \
diff --git a/config/chroot_local-hooks/99-disable-multiarch b/config/chroot_local-hooks/99-disable-multiarch
deleted file mode 100755
index bc2ca00..0000000
--- a/config/chroot_local-hooks/99-disable-multiarch
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/bin/sh
-
-set -e
-
-echo "Disabling multiarch in APT"
-
-# Note that we cannot do "dpkg --remove-architecture amd64"
-# as we have amd64 packages installed, that we want to keep.
-
-echo 'APT::Architectures {"i386";};' \
- > /etc/apt/apt.conf.d/13architectures
diff --git a/config/chroot_local-hooks/99-initramfs-compress b/config/chroot_local-hooks/99-initramfs-compress
new file mode 100755
index 0000000..32d5677
--- /dev/null
+++ b/config/chroot_local-hooks/99-initramfs-compress
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+set -e
+
+echo "Configuring compression of the initramfs"
+
+# Compress the initramfs using a more size-wise efficient algorithm.
+
+OPTS_FILE='/etc/initramfs-tools/initramfs.conf'
+
+[ -f "${OPTS_FILE}" ] || exit 11
+
+sed -i'' 's,^COMPRESS=.*,COMPRESS=xz,' "${OPTS_FILE}"
+
+# Force an initramfs update to apply our new compression settings.
+# We're relying on the fact that 1 XZ compression takes less time than
+# 6 * (XZ compression time - default compression time), so that making
+# faster the 6 initramfs updates that we currently go through during
+# the build is worth updating the initramfs a 7th time.
+update-initramfs -u
diff --git a/config/chroot_local-includes/etc/NetworkManager/conf.d/dhcp-hostname.conf b/config/chroot_local-includes/etc/NetworkManager/conf.d/dhcp-hostname.conf
deleted file mode 100644
index 784ff8d..0000000
--- a/config/chroot_local-includes/etc/NetworkManager/conf.d/dhcp-hostname.conf
+++ /dev/null
@@ -1,2 +0,0 @@
-[ipv4]
-dhcp-send-hostname=false
diff --git a/config/chroot_local-includes/etc/NetworkManager/conf.d/plugins.conf b/config/chroot_local-includes/etc/NetworkManager/conf.d/plugins.conf
deleted file mode 100644
index c37b596..0000000
--- a/config/chroot_local-includes/etc/NetworkManager/conf.d/plugins.conf
+++ /dev/null
@@ -1,2 +0,0 @@
-[main]
-plugins=keyfile
diff --git a/config/chroot_local-includes/etc/NetworkManager/conf.d/spoof-mac.conf b/config/chroot_local-includes/etc/NetworkManager/conf.d/spoof-mac.conf
new file mode 100644
index 0000000..369abce
--- /dev/null
+++ b/config/chroot_local-includes/etc/NetworkManager/conf.d/spoof-mac.conf
@@ -0,0 +1,3 @@
+[connection]
+ethernet.cloned-mac-address=preserve
+wifi.cloned-mac-address=preserve
diff --git a/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/00-save-env b/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/00-save-env
index 268bcdb..0cad002 100755
--- a/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/00-save-env
+++ b/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/00-save-env
@@ -3,12 +3,12 @@
# This information is needed by the Unsafe Browser.
# Run only when the interface is not "lo":
-if [ $1 = "lo" ]; then
+if [ -z "$1" ] || [ "$1" = "lo" ]; then
exit 0
fi
# Run whenever an interface gets "up", not otherwise:
-if [ $2 != "up" ]; then
+if [ "$2" != "up" ]; then
exit 0
fi
diff --git a/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/01-wait-for-notification-recipient.sh b/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/01-wait-for-notification-recipient.sh
index 6f744d2..ca9dea4 100755
--- a/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/01-wait-for-notification-recipient.sh
+++ b/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/01-wait-for-notification-recipient.sh
@@ -3,6 +3,7 @@
# When a non-loopback interface comes up, wait for the Live user's GNOME Shell
# to come up. Wait 120 times one second maximum.
+[ -n "$1" ] || exit 0
[ "$1" != "lo" ] || exit 0
[ "$2" = "up" ] || exit 0
diff --git a/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/10-tor.sh b/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/10-tor.sh
index e7bbfdf..adfca27 100755
--- a/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/10-tor.sh
+++ b/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/10-tor.sh
@@ -4,11 +4,11 @@
# when it is supposed to start.
# Run only when the interface is not "lo":
-if [ $1 = "lo" ]; then
+if [ -z "$1" ] || [ "$1" = "lo" ]; then
exit 0
fi
-if [ $2 = "up" ]; then
+if [ "$2" = "up" ]; then
: # go on, that's what this script is for
elif [ "${2}" = "down" ]; then
systemctl --no-block stop tails-tor-has-bootstrapped.target
diff --git a/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/20-time.sh b/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/20-time.sh
index 0144b6f..0f15019 100755
--- a/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/20-time.sh
+++ b/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/20-time.sh
@@ -21,7 +21,7 @@
### Init variables
-TORDATE_DIR=/var/run/tordate
+TORDATE_DIR=/run/tordate
TORDATE_DONE_FILE=${TORDATE_DIR}/done
TOR_CONSENSUS=${TOR_DIR}/cached-microdesc-consensus
TOR_UNVERIFIED_CONSENSUS=${TOR_DIR}/unverified-microdesc-consensus
@@ -33,7 +33,7 @@ VERSION_FILE=/etc/amnesia/version
### Exit conditions
# Run only when the interface is not "lo":
-if [ "$1" = "lo" ]; then
+if [ -z "$1" ] || [ "$1" = "lo" ]; then
exit 0
fi
@@ -48,10 +48,6 @@ if [ -e "$TORDATE_DONE_FILE" ]; then
fi
-### Create status directory
-install -o root -g root -m 0755 -d ${TORDATE_DIR}
-
-
### Functions
log() {
diff --git a/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/60-tor-ready.sh b/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/60-tor-ready.sh
index 9b748fd..afe9aff 100755
--- a/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/60-tor-ready.sh
+++ b/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/60-tor-ready.sh
@@ -1,12 +1,12 @@
#! /bin/sh
# Run only when the interface is not "lo":
-if [ $1 = "lo" ]; then
+if [ -z "$1" ] || [ "$1" = "lo" ]; then
exit 0
fi
# Run whenever an interface gets "up", not otherwise:
-if [ $2 != "up" ]; then
+if [ "$2" != "up" ]; then
exit 0
fi
diff --git a/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/60-ttdnsd.sh b/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/60-ttdnsd.sh
deleted file mode 100755
index f4676fd..0000000
--- a/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/60-ttdnsd.sh
+++ /dev/null
@@ -1,14 +0,0 @@
-#! /bin/sh
-
-# Run only when the interface is not "lo":
-if [ $1 = "lo" ]; then
- exit 0
-fi
-
-# Run whenever an interface gets "up", not otherwise:
-if [ $2 != "up" ]; then
- exit 0
-fi
-
-# Restart ttdnsd
-service ttdnsd restart
diff --git a/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/70-upgrade-additional-software.sh b/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/70-upgrade-additional-software.sh
index 892d660..f41670b 100755
--- a/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/70-upgrade-additional-software.sh
+++ b/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/70-upgrade-additional-software.sh
@@ -3,7 +3,7 @@
set -e
# Run only when the interface is not "lo":
-if [ "$1" = "lo" ]; then
+if [ -z "$1" ] || [ "$1" = "lo" ]; then
exit 0
fi
diff --git a/config/chroot_local-includes/etc/X11/Xsession.d/56gnome-classic b/config/chroot_local-includes/etc/X11/Xsession.d/56gnome-classic
deleted file mode 100644
index 87054e1..0000000
--- a/config/chroot_local-includes/etc/X11/Xsession.d/56gnome-classic
+++ /dev/null
@@ -1,4 +0,0 @@
-if [ "$(whoami)" = amnesia ]; then
- export GNOME_SHELL_SESSION_MODE=classic
-fi
-
diff --git a/config/chroot_local-includes/etc/apparmor.d/tunables/alias.d/tails b/config/chroot_local-includes/etc/apparmor.d/tunables/alias.d/tails
new file mode 100644
index 0000000..69c0d89
--- /dev/null
+++ b/config/chroot_local-includes/etc/apparmor.d/tunables/alias.d/tails
@@ -0,0 +1,3 @@
+alias / -> /lib/live/mount/overlay/,
+alias / -> /lib/live/mount/rootfs/*.squashfs/,
+
diff --git a/config/chroot_local-includes/etc/apt/apt.conf.d/14keep-debs b/config/chroot_local-includes/etc/apt/apt.conf.d/14keep-debs
new file mode 100644
index 0000000..6d27ecf
--- /dev/null
+++ b/config/chroot_local-includes/etc/apt/apt.conf.d/14keep-debs
@@ -0,0 +1 @@
+APT::Keep-Downloaded-Packages "true";
diff --git a/config/chroot_local-includes/etc/dconf/db/local.d/00_Tails_defaults b/config/chroot_local-includes/etc/dconf/db/local.d/00_Tails_defaults
index e5945f1..1be621e 100644
--- a/config/chroot_local-includes/etc/dconf/db/local.d/00_Tails_defaults
+++ b/config/chroot_local-includes/etc/dconf/db/local.d/00_Tails_defaults
@@ -1,9 +1,9 @@
[apps/florence/behaviour]
-hide-on-start=true
startup-notification=false
[apps/florence/controller]
floaticon=false
+trayicon=false
[apps/florence/layout]
style='/usr/share/florence/styles/hard'
@@ -22,19 +22,17 @@ item-filter=''
sidebar-visible=true
[desktop/gnome/crypto/pgp]
-keyservers = ['hkp://pool.sks-keyservers.net']
+keyservers = ['hkp://jirk5u4osbsr34t5.onion']
[org/gnome/desktop/a11y]
always-show-universal-access-status=true
-[org/gnome/desktop/session]
-session-name='gnome-classic'
-
[org/gnome/desktop/background]
show-desktop-icons = true
picture-uri='file:///usr/share/tails/desktop_wallpaper.png'
[org/gnome/desktop/interface]
+clock-show-date=true
menus-have-icons=true
[org/gnome/desktop/lockdown]
@@ -65,25 +63,19 @@ create-backup-copy = false
[org/gnome/nautilus/desktop]
volumes-visible = false
-[org/gnome/settings-daemon/peripherals/touchpad]
-disable-while-typing = true
-horiz-scroll-enabled = false
-scroll-method = 'two-finger-scrolling'
+[org/gnome/nautilus/icon-view]
+default-zoom-level = 'small'
+
+[org/gnome/desktop/peripherals/touchpad]
+natural-scroll = true
tap-to-click = true
+two-finger-scrolling-enabled = true
[org/gnome/settings-daemon/plugins/power]
-button-hibernate = 'shutdown'
-button-power = 'shutdown'
-button-sleep = 'shutdown'
-button-suspend = 'shutdown'
-critical-battery-action = 'shutdown'
+power-button-action = 'nothing'
lid-close-ac-action = 'blank'
lid-close-battery-action = 'blank'
-[org/gnome/settings-daemon/plugins/xsettings]
-antialiasing = 'rgba'
-hinting = 'slight'
-
[org/gnome/shell]
-enabled-extensions = ['apps-menu@gnome-shell-extensions.gcampax.github.com', 'window-list@gnome-shell-extensions.gcampax.github.com', 'topIcons@adel.gadllah@gmail.com', 'shutdown-helper@tails.boum.org', 'torstatus@tails.boum.org']
+enabled-extensions = ['apps-menu@gnome-shell-extensions.gcampax.github.com', 'places-menu@gnome-shell-extensions.gcampax.github.com', 'window-list@gnome-shell-extensions.gcampax.github.com', 'florenceIndicator@UshakovVasilii_Github.yahoo.com', 'TopIcons@phocean.net', 'shutdown-helper@tails.boum.org', 'torstatus@tails.boum.org']
favorite-apps=['tor-browser.desktop', 'icedove.desktop', 'pidgin.desktop', 'keepassx.desktop', 'gnome-terminal.desktop']
diff --git a/config/chroot_local-includes/etc/default/ttdnsd b/config/chroot_local-includes/etc/default/ttdnsd
deleted file mode 100755
index f13505d..0000000
--- a/config/chroot_local-includes/etc/default/ttdnsd
+++ /dev/null
@@ -1,17 +0,0 @@
-# /etc/default/ttdnsd
-
-# Address to bind to - usually this should be 127.0.0.1
-# unless a copy of ttdnsd runs on 127.0.0.n
-ADDR_ARG="-b 127.0.0.2"
-
-# Port to listen on - almost always this should be port 53
-# unless an additional local DNS cache (like unbound, dnscache, pdnsd)
-# listen on port 53 as system resolver and is used in front of ttdnsd
-# for caching purposes.
-PORT_ARG="-p 53"
-
-# Debug logging
-# DEBUG_LOGGING="-l"
-
-# Glue all of it together below
-DEFAULTS="$ADDR_ARG $PORT_ARG"
diff --git a/config/chroot_local-includes/etc/environment b/config/chroot_local-includes/etc/environment
index a4efa9c..3782cc7 100644
--- a/config/chroot_local-includes/etc/environment
+++ b/config/chroot_local-includes/etc/environment
@@ -5,3 +5,6 @@ SOCKS5_SERVER=127.0.0.1:9050
# Port that the monkeysphere validation agent listens on
MSVA_PORT='6136'
+
+# Have Qt applications use the Adwaita theme
+QT_STYLE_OVERRIDE=adwaita
diff --git a/config/chroot_local-includes/etc/ferm/ferm.conf b/config/chroot_local-includes/etc/ferm/ferm.conf
index 4b3f0b7..3673c77 100644
--- a/config/chroot_local-includes/etc/ferm/ferm.conf
+++ b/config/chroot_local-includes/etc/ferm/ferm.conf
@@ -33,7 +33,7 @@ domain ip {
# White-list access to Tor's SOCKSPort's
daddr 127.0.0.1 proto tcp syn dport 9050 {
- mod owner uid-owner root ACCEPT;
+ mod owner uid-owner _apt ACCEPT;
mod owner uid-owner proxy ACCEPT;
mod owner uid-owner nobody ACCEPT;
}
@@ -66,19 +66,13 @@ domain ip {
# White-list access to system DNS and Tor's DNSPort
daddr 127.0.0.1 proto udp dport (53 5353) {
mod owner uid-owner $amnesia_uid ACCEPT;
- }
-
- # White-list access to ttdnsd
- daddr 127.0.0.2 proto udp dport 53 {
- mod owner uid-owner $amnesia_uid ACCEPT;
- }
- daddr 127.0.0.2 proto tcp syn dport 53 {
- mod owner uid-owner $amnesia_uid ACCEPT;
+ mod owner uid-owner _apt DROP;
}
# White-list access to the accessibility daemon
daddr 127.0.0.1 proto tcp syn dport 4101 {
mod owner uid-owner $amnesia_uid ACCEPT;
+ mod owner uid-owner Debian-gdm ACCEPT;
}
# White-list access to CUPS
@@ -112,6 +106,8 @@ domain ip {
daddr (10.0.0.0/8 172.16.0.0/12 192.168.0.0/16) @subchain "lan" {
proto tcp dport domain REJECT;
proto udp dport domain REJECT;
+ proto tcp dport netbios-ns REJECT;
+ proto udp dport netbios-ns REJECT;
ACCEPT;
}
@@ -175,6 +171,7 @@ domain ip6 {
# White-list access to the accessibility daemon
outerface lo saddr ::1 daddr ::1 proto tcp {
dport 4101 mod owner uid-owner $amnesia_uid ACCEPT;
+ dport 4101 mod owner uid-owner Debian-gdm ACCEPT;
sport 4101 mod state state (ESTABLISHED) ACCEPT;
}
diff --git a/config/chroot_local-includes/etc/live/config.conf.d b/config/chroot_local-includes/etc/live/config.conf.d
new file mode 120000
index 0000000..881bd52
--- /dev/null
+++ b/config/chroot_local-includes/etc/live/config.conf.d
@@ -0,0 +1 @@
+config.d \ No newline at end of file
diff --git a/config/chroot_local-includes/etc/mailname b/config/chroot_local-includes/etc/mailname
new file mode 100644
index 0000000..2fbb50c
--- /dev/null
+++ b/config/chroot_local-includes/etc/mailname
@@ -0,0 +1 @@
+localhost
diff --git a/config/chroot_local-includes/etc/modprobe.d/qxl.conf b/config/chroot_local-includes/etc/modprobe.d/qxl.conf
deleted file mode 100644
index b9e3aaa..0000000
--- a/config/chroot_local-includes/etc/modprobe.d/qxl.conf
+++ /dev/null
@@ -1 +0,0 @@
-options qxl modeset=0
diff --git a/config/chroot_local-includes/etc/skel/.config/Trolltech.conf b/config/chroot_local-includes/etc/skel/.config/Trolltech.conf
new file mode 100644
index 0000000..07637ef
--- /dev/null
+++ b/config/chroot_local-includes/etc/skel/.config/Trolltech.conf
@@ -0,0 +1,2 @@
+[Qt]
+style=adwaita
diff --git a/config/chroot_local-includes/etc/skel/.config/keepassx/config.ini b/config/chroot_local-includes/etc/skel/.config/keepassx/config.ini
deleted file mode 100644
index db332f1..0000000
--- a/config/chroot_local-includes/etc/skel/.config/keepassx/config.ini
+++ /dev/null
@@ -1,9 +0,0 @@
-[Options]
-ShowSysTrayIcon=true
-MinimizeTray=true
-MinimizeToTray=false
-AutoSaveChange=true
-LastFile=/home/amnesia/Persistent/keepassx.kdb
-
-[FileDlgHistory]
-ENTRY0=MainWindow_FileSave, /home/amnesia/Persistent/, 0
diff --git a/config/chroot_local-includes/etc/skel/.config/keepassx/keepassx2.ini b/config/chroot_local-includes/etc/skel/.config/keepassx/keepassx2.ini
new file mode 100644
index 0000000..eebc543
--- /dev/null
+++ b/config/chroot_local-includes/etc/skel/.config/keepassx/keepassx2.ini
@@ -0,0 +1,5 @@
+[General]
+ShowToolbar=true
+LastOpenedDatabases=/home/amnesia/Persistent/keepassx.kdbx
+LastDatabases=/home/amnesia/Persistent/keepassx.kdbx
+LastDir=/home/amnesia/Persistent/ \ No newline at end of file
diff --git a/config/chroot_local-includes/etc/skel/.gnupg/dirmngr.conf b/config/chroot_local-includes/etc/skel/.gnupg/dirmngr.conf
new file mode 100644
index 0000000..44352fb
--- /dev/null
+++ b/config/chroot_local-includes/etc/skel/.gnupg/dirmngr.conf
@@ -0,0 +1,2 @@
+use-tor
+keyserver hkp://jirk5u4osbsr34t5.onion
diff --git a/config/chroot_local-includes/etc/skel/.gnupg/gpg.conf b/config/chroot_local-includes/etc/skel/.gnupg/gpg.conf
index 33a8399..c3ab7e5 100644
--- a/config/chroot_local-includes/etc/skel/.gnupg/gpg.conf
+++ b/config/chroot_local-includes/etc/skel/.gnupg/gpg.conf
@@ -43,28 +43,6 @@ use-agent
# keyserver
#-----------------------------
-# This is the server that --recv-keys, --send-keys, and --search-keys will
-# communicate with to receive keys from, send keys to, and search for keys on
-keyserver hkps://hkps.pool.sks-keyservers.net
-
-# Provide a certificate store to override the system default
-# Get this from https://sks-keyservers.net/sks-keyservers.netCA.pem
-keyserver-options ca-cert-file=/usr/local/etc/ssl/certs/hkps.pool.sks-keyservers.net.pem
-
-# Set the proxy to use for HTTP and HKP keyservers - default to the standard
-# local Tor socks proxy
-# It is encouraged to use Tor for improved anonymity. Preferrably use either a
-# dedicated SOCKSPort for GnuPG and/or enable IsolateDestPort and
-# IsolateDestAddr
-keyserver-options http-proxy=socks5-hostname://127.0.0.1:9050
-
-# Don't leak DNS, see https://trac.torproject.org/projects/tor/ticket/2846
-keyserver-options no-try-dns-srv
-
-# When using --refresh-keys, if the key in question has a preferred keyserver
-# URL, then disable use of that preferred keyserver to refresh the key from
-keyserver-options no-honor-keyserver-url
-
# When searching for a key with --search-keys, include keys that are marked on
# the keyserver as revoked
keyserver-options include-revoked
diff --git a/config/chroot_local-includes/etc/skel/.icedove/profile.default/preferences/0000tails.js b/config/chroot_local-includes/etc/skel/.icedove/profile.default/preferences/0000tails.js
index f6f3e1d..e817a81 100644
--- a/config/chroot_local-includes/etc/skel/.icedove/profile.default/preferences/0000tails.js
+++ b/config/chroot_local-includes/etc/skel/.icedove/profile.default/preferences/0000tails.js
@@ -1 +1 @@
-user_pref("extensions.enigmail.configuredVersion", "1.8.2");
+user_pref("extensions.enigmail.configuredVersion", "1.9.6");
diff --git a/config/chroot_local-includes/etc/skel/.purple/prefs.xml b/config/chroot_local-includes/etc/skel/.purple/prefs.xml
index 94fa8df..5bad646 100644
--- a/config/chroot_local-includes/etc/skel/.purple/prefs.xml
+++ b/config/chroot_local-includes/etc/skel/.purple/prefs.xml
@@ -141,6 +141,8 @@
<pref name='notify_type' type='bool' value='1'/>
<pref name='notify_send' type='bool' value='1'/>
<pref name='notify_switch' type='bool' value='1'/>
+ <pref name='type_im_sys' type='bool' value='0'/>
+ <pref name='type_chat_sys' type='bool' value='0'/>
</pref>
</pref>
<pref name='extplacement'>
@@ -227,6 +229,45 @@
<pref name='enabled' type='bool' value='1'/>
</pref>
</pref>
+ <pref name='amc_grim'>
+ <pref name='guifications2'>
+ <pref name='behavior'>
+ <pref name='display_time' type='int' value='6'/>
+ <pref name='throttle' type='int' value='6'/>
+ <pref name='show_while_away' type='bool' value='1'/>
+ <pref name='notifications' type='stringlist'>
+ <item value='im-message'/>
+ <item value='nick-highlight'/>
+ <item value='chat-invite'/>
+ <item value='topic-changed'/>
+ <item value='new-email'/>
+ <item value='!master'/>
+ <item value='file-remote-cancel'/>
+ <item value='file-recv-complete'/>
+ <item value='file-send-complete'/>
+ </pref>
+ </pref>
+ <pref name='appearance'>
+ <pref name='position' type='int' value='3'/>
+ <pref name='vertical' type='bool' value='1'/>
+ <pref name='animate' type='bool' value='1'/>
+ </pref>
+ <pref name='mouse'>
+ <pref name='left' type='string' value='open'/>
+ <pref name='middle' type='string' value='close'/>
+ <pref name='right' type='string' value='context'/>
+ </pref>
+ <pref name='themes' type='stringlist'>
+ <item value='/usr/share/pixmaps/pidgin/guifications/themes/default/theme.xml'/>
+ </pref>
+ <pref name='advanced'>
+ <pref name='release_notification' type='bool' value='0'/>
+ <pref name='release_last_check' type='int' value='0'/>
+ <pref name='screen' type='int' value='0'/>
+ <pref name='monitor' type='int' value='0'/>
+ </pref>
+ </pref>
+ </pref>
</pref>
</pref>
<pref name='pidgin'>
@@ -237,6 +278,7 @@
</pref>
<pref name='plugins'>
<pref name='loaded' type='pathlist'>
+ <item value='/usr/lib/pidgin/guifications.so'/>
<item value='/usr/lib/purple-2/ssl-nss.so'/>
<item value='/usr/lib/pidgin/pidgin-otr.so'/>
<item value='/usr/lib/purple-2/ssl.so'/>
@@ -388,10 +430,13 @@
</pref>
<pref name='docklet'>
<pref name='blink' type='bool' value='0'/>
- <pref name='show' type='string' value='always'/>
+ <pref name='show' type='string' value='never'/>
<pref name='x11'>
<pref name='embedded' type='bool' value='0'/>
</pref>
+ <pref name='gtk'>
+ <pref name='embedded' type='bool' value='0'/>
+ </pref>
</pref>
</pref>
<pref name='OTR'>
diff --git a/config/chroot_local-includes/etc/skel/Desktop/Report_an_error.desktop.in b/config/chroot_local-includes/etc/skel/Desktop/Report_an_error.desktop.in
index 02311a7..02311a7 100644..100755
--- a/config/chroot_local-includes/etc/skel/Desktop/Report_an_error.desktop.in
+++ b/config/chroot_local-includes/etc/skel/Desktop/Report_an_error.desktop.in
diff --git a/config/chroot_local-includes/etc/skel/Desktop/tails-documentation.desktop.in b/config/chroot_local-includes/etc/skel/Desktop/tails-documentation.desktop.in
index 0699565..0699565 100644..100755
--- a/config/chroot_local-includes/etc/skel/Desktop/tails-documentation.desktop.in
+++ b/config/chroot_local-includes/etc/skel/Desktop/tails-documentation.desktop.in
diff --git a/config/chroot_local-includes/etc/ssh/ssh_config b/config/chroot_local-includes/etc/ssh/ssh_config
index e71fa6a..ef66b8a 100644
--- a/config/chroot_local-includes/etc/ssh/ssh_config
+++ b/config/chroot_local-includes/etc/ssh/ssh_config
@@ -3,7 +3,7 @@ ProxyCommand none
Host *
-ProxyCommand /usr/local/lib/connect-socks %h %p
+ProxyCommand /bin/nc -X 5 -x 127.0.0.1:9050 %h %p
Compression yes
CompressionLevel 9
diff --git a/config/chroot_local-includes/etc/ssl/certs/sks-keyservers.netCA.pem b/config/chroot_local-includes/etc/ssl/certs/sks-keyservers.netCA.pem
deleted file mode 100644
index 24a2ad2..0000000
--- a/config/chroot_local-includes/etc/ssl/certs/sks-keyservers.netCA.pem
+++ /dev/null
@@ -1,32 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFizCCA3OgAwIBAgIJAK9zyLTPn4CPMA0GCSqGSIb3DQEBBQUAMFwxCzAJBgNV
-BAYTAk5PMQ0wCwYDVQQIDARPc2xvMR4wHAYDVQQKDBVza3Mta2V5c2VydmVycy5u
-ZXQgQ0ExHjAcBgNVBAMMFXNrcy1rZXlzZXJ2ZXJzLm5ldCBDQTAeFw0xMjEwMDkw
-MDMzMzdaFw0yMjEwMDcwMDMzMzdaMFwxCzAJBgNVBAYTAk5PMQ0wCwYDVQQIDARP
-c2xvMR4wHAYDVQQKDBVza3Mta2V5c2VydmVycy5uZXQgQ0ExHjAcBgNVBAMMFXNr
-cy1rZXlzZXJ2ZXJzLm5ldCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
-ggIBANdsWy4PXWNUCkS3L//nrd0GqN3dVwoBGZ6w94Tw2jPDPifegwxQozFXkG6I
-6A4TK1CJLXPvfz0UP0aBYyPmTNadDinaB9T4jIwd4rnxl+59GiEmqkN3IfPsv5Jj
-MkKUmJnvOT0DEVlEaO1UZIwx5WpfprB3mR81/qm4XkAgmYrmgnLXd/pJDAMk7y1F
-45b5zWofiD5l677lplcIPRbFhpJ6kDTODXh/XEdtF71EAeaOdEGOvyGDmCO0GWqS
-FDkMMPTlieLA/0rgFTcz4xwUYj/cD5e0ZBuSkYsYFAU3hd1cGfBue0cPZaQH2HYx
-Qk4zXD8S3F4690fRhr+tki5gyG6JDR67aKp3BIGLqm7f45WkX1hYp+YXywmEziM4
-aSbGYhx8hoFGfq9UcfPEvp2aoc8u5sdqjDslhyUzM1v3m3ZGbhwEOnVjljY6JJLx
-MxagxnZZSAY424ZZ3t71E/Mn27dm2w+xFRuoy8JEjv1d+BT3eChM5KaNwrj0IO/y
-u8kFIgWYA1vZ/15qMT+tyJTfyrNVV/7Df7TNeWyNqjJ5rBmt0M6NpHG7CrUSkBy9
-p8JhimgjP5r0FlEkgg+lyD+V79H98gQfVgP3pbJICz0SpBQf2F/2tyS4rLm+49rP
-fcOajiXEuyhpcmzgusAj/1FjrtlynH1r9mnNaX4e+rLWzvU5AgMBAAGjUDBOMB0G
-A1UdDgQWBBTkwyoJFGfYTVISTpM8E+igjdq28zAfBgNVHSMEGDAWgBTkwyoJFGfY
-TVISTpM8E+igjdq28zAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4ICAQAR
-OXnYwu3g1ZjHyley3fZI5aLPsaE17cOImVTehC8DcIphm2HOMR/hYTTL+V0G4P+u
-gH+6xeRLKSHMHZTtSBIa6GDL03434y9CBuwGvAFCMU2GV8w92/Z7apkAhdLToZA/
-X/iWP2jeaVJhxgEcH8uPrnSlqoPBcKC9PrgUzQYfSZJkLmB+3jEa3HKruy1abJP5
-gAdQvwvcPpvYRnIzUc9fZODsVmlHVFBCl2dlu/iHh2h4GmL4Da2rRkUMlbVTdioB
-UYIvMycdOkpH5wJftzw7cpjsudGas0PARDXCFfGyKhwBRFY7Xp7lbjtU5Rz0Gc04
-lPrhDf0pFE98Aw4jJRpFeWMjpXUEaG1cq7D641RpgcMfPFvOHY47rvDTS7XJOaUT
-BwRjmDt896s6vMDcaG/uXJbQjuzmmx3W2Idyh3s5SI0GTHb0IwMKYb4eBUIpQOnB
-cE77VnCYqKvN1NVYAqhWjXbY7XasZvszCRcOG+W3FqNaHOK/n/0ueb0uijdLan+U
-f4p1bjbAox8eAOQS/8a3bzkJzdyBNUKGx1BIK2IBL9bn/HravSDOiNRSnZ/R3l9G
-ZauX0tu7IIDlRCILXSyeazu0aj/vdT3YFQXPcvt5Fkf5wiNTo53f72/jYEJd6qph
-WrpoKqrwGwTpRUCMhYIUt65hsTxCiJJ5nKe39h46sg==
------END CERTIFICATE-----
diff --git a/config/chroot_local-includes/etc/tor/tor-tsocks-git.conf b/config/chroot_local-includes/etc/tor/tor-tsocks-git.conf
deleted file mode 100644
index 8bc623c..0000000
--- a/config/chroot_local-includes/etc/tor/tor-tsocks-git.conf
+++ /dev/null
@@ -1,19 +0,0 @@
-# This is the configuration for libtsocks (transparent socks) for use
-# with Git: /usr/local/bin/git
-#
-# See tsocks.conf(5) and torify(1) manpages.
-
-server = 127.0.0.1
-server_port = 9050
-
-# We specify local as 127.0.0.0 - 127.191.255.255 because the
-# Tor MAPADDRESS virtual IP range is the rest of net 127.
-local = 127.0.0.0/255.128.0.0
-local = 127.128.0.0/255.192.0.0
-
-
-# My local networks
-local = 10.0.0.0/255.0.0.0
-local = 172.16.0.0/255.240.0.0
-local = 192.168.0.0/255.255.0.0
-
diff --git a/config/chroot_local-includes/etc/udev/rules.d/80-net-setup-link.rules b/config/chroot_local-includes/etc/udev/rules.d/80-net-setup-link.rules
new file mode 120000
index 0000000..dc1dc0c
--- /dev/null
+++ b/config/chroot_local-includes/etc/udev/rules.d/80-net-setup-link.rules
@@ -0,0 +1 @@
+/dev/null \ No newline at end of file
diff --git a/config/chroot_local-includes/etc/xdg/autostart/florence.desktop b/config/chroot_local-includes/etc/xdg/autostart/florence.desktop
deleted file mode 120000
index c3ff6e1..0000000
--- a/config/chroot_local-includes/etc/xdg/autostart/florence.desktop
+++ /dev/null
@@ -1 +0,0 @@
-/usr/share/applications/florence.desktop \ No newline at end of file
diff --git a/config/chroot_local-includes/etc/xul-ext/torbirdy.js b/config/chroot_local-includes/etc/xul-ext/torbirdy.js
index 3cd97cb..b1c3297 100644
--- a/config/chroot_local-includes/etc/xul-ext/torbirdy.js
+++ b/config/chroot_local-includes/etc/xul-ext/torbirdy.js
@@ -1,3 +1,3 @@
pref("extensions.torbirdy.custom.network.proxy.socks_port", 9061);
-pref("extensions.torbirdy.custom.extensions.enigmail.keyserver", "hkps://hkps.pool.sks-keyservers.net");
pref("extensions.torbirdy.emailwizard", true);
+pref("extensions.torbirdy.gpg_already_torified", true);
diff --git a/config/chroot_local-includes/lib/live/config/0000-readahead b/config/chroot_local-includes/lib/live/config/0000-readahead
index 3b2e353..d8b3537 100755
--- a/config/chroot_local-includes/lib/live/config/0000-readahead
+++ b/config/chroot_local-includes/lib/live/config/0000-readahead
@@ -41,7 +41,7 @@ Start_readahead ()
(cd /
start-stop-daemon \
--start --background --make-pidfile --startas /bin/sh \
- --pidfile /var/run/background-readahead.pid -- \
+ --pidfile /run/background-readahead.pid -- \
-c "$BG_FILES | xargs cat >/dev/null 2>&1")
# Creating state file
diff --git a/config/chroot_local-includes/lib/live/config/2000-import-gnupg-key b/config/chroot_local-includes/lib/live/config/2000-import-gnupg-key
index ebfcb41..69b31ef 100755
--- a/config/chroot_local-includes/lib/live/config/2000-import-gnupg-key
+++ b/config/chroot_local-includes/lib/live/config/2000-import-gnupg-key
@@ -6,7 +6,6 @@ Import_GnuPG_key ()
sudo -H -u "${LIVE_USERNAME}" gpg --batch --import /usr/share/doc/tails/website/*.key
echo "- importing GnuPG signing key into tails-iuk's trusted keyring"
- mkdir -p /usr/share/tails-iuk/trusted_gnupg_homedir
gpg --batch --homedir /usr/share/tails-iuk/trusted_gnupg_homedir \
--import /usr/share/doc/tails/website/tails-signing.key
chmod -R go+rX /usr/share/tails-iuk/trusted_gnupg_homedir/*
diff --git a/config/chroot_local-includes/lib/live/config/2060-create-upgrader-run-directory b/config/chroot_local-includes/lib/live/config/2060-create-upgrader-run-directory
deleted file mode 100755
index 84d28c3..0000000
--- a/config/chroot_local-includes/lib/live/config/2060-create-upgrader-run-directory
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/sh
-
-install -m 0775 -o root -g tails-upgrade-frontend -d /var/run/tails-upgrader
diff --git a/config/chroot_local-includes/lib/live/config/9000-hosts-file b/config/chroot_local-includes/lib/live/config/9000-hosts-file
new file mode 100644
index 0000000..b5aaec1
--- /dev/null
+++ b/config/chroot_local-includes/lib/live/config/9000-hosts-file
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+# Note: must run after /lib/live/config/0020-hostname since it
+# otherwise will overwrite any hosts file generated at build time with
+# a bloated one that also include the IPv6 host `::1 localhost`, which
+# can lead to IPv6 traffic, which we block, which may lead to stuff
+# breaking (for instance APT's tor+http transport).
+
+echo "- setting up hosts file"
+
+. /etc/live/config.d/hostname.conf
+
+cat > /etc/hosts << EOF
+127.0.0.1 localhost ${LIVE_HOSTNAME}
+EOF
diff --git a/config/chroot_local-includes/lib/live/config/9980-permissions b/config/chroot_local-includes/lib/live/config/9980-permissions
index cdc7a25..adc07a2 100755
--- a/config/chroot_local-includes/lib/live/config/9980-permissions
+++ b/config/chroot_local-includes/lib/live/config/9980-permissions
@@ -1,40 +1,10 @@
#!/bin/sh
-Fix_debian_bug_645466 ()
-{
- # Fix bugs/writable_system_disk:_belongs_to_floppy_group (Debian
- # bug #645466). Short story: udev sets a USB boot device's group
- # ownership to 'floppy' making it writable by the live user. To
- # prevent this we set it to 'disk'.
-
- boot_dev_id=$(udevadm info --device-id-of-file=/lib/live/mount/medium)
- boot_dev=$(readlink -f /dev/block/"${boot_dev_id}")
- boot_dev_type=$(udevadm info --query=property --name="${boot_dev}" | \
- awk -F'=' '/ID_BUS/ { print $2 }')
- if [ "${boot_dev_type}" != usb ]; then
- return
- fi
- boot_dev_group=$(stat -c %G "${boot_dev}")
- if [ "${boot_dev_group}" != disk ]; then
- chgrp disk "${boot_dev}"
- parent_path=$(udevadm info --query=property --name="${boot_dev}" | \
- awk -F'=' '/UDISKS_PARTITION_SLAVE/ { print $2 }')
- if [ -n "${parent_path}" ]; then
- parent_name=$(udevadm info --query=name --path="${parent_path}")
- if [ -n "${parent_name}" ]; then
- parent_dev=/dev/${parent_name}
- chgrp disk "${parent_dev}"*
- fi
- fi
- fi
-}
-
Fix_permissions ()
{
echo "- fixing permissions"
chown -R "${LIVE_USERNAME}":"${LIVE_USERNAME}" "/home/${LIVE_USERNAME}"
chmod go= "/home/${LIVE_USERNAME}"
- Fix_debian_bug_645466
# Creating state file
touch /var/lib/live/config/permissions
diff --git a/config/chroot_local-includes/lib/systemd/system/alsa-restore.service.d/dont-store-state-on-shutdown.conf b/config/chroot_local-includes/lib/systemd/system/alsa-restore.service.d/dont-store-state-on-shutdown.conf
new file mode 100644
index 0000000..f178f07
--- /dev/null
+++ b/config/chroot_local-includes/lib/systemd/system/alsa-restore.service.d/dont-store-state-on-shutdown.conf
@@ -0,0 +1,2 @@
+[Service]
+ExecStop=
diff --git a/config/chroot_local-includes/lib/systemd/system/htpdate.service b/config/chroot_local-includes/lib/systemd/system/htpdate.service
index 0a843b3..6d956c6 100644
--- a/config/chroot_local-includes/lib/systemd/system/htpdate.service
+++ b/config/chroot_local-includes/lib/systemd/system/htpdate.service
@@ -17,7 +17,6 @@ ExecStartPre=/bin/sh -c \
[ -n "${HTP_POOL_FOE}" ]'
ExecStartPre=/bin/rm -f "${DONE_FILE}"
ExecStartPre=/bin/rm -f "${SUCCESS_FILE}"
-ExecStartPre=/usr/bin/install -o root -g root -m 0755 -d /run/htpdate
ExecStartPre=/usr/bin/install -o htp -g nogroup -m 0644 /dev/null "${LOG}"
ExecStart=/usr/local/sbin/htpdate \
--debug \
diff --git a/config/chroot_local-includes/lib/systemd/system/live-config.service.d/after-tmpfiles.conf b/config/chroot_local-includes/lib/systemd/system/live-config.service.d/after-tmpfiles.conf
new file mode 100644
index 0000000..5ec278c
--- /dev/null
+++ b/config/chroot_local-includes/lib/systemd/system/live-config.service.d/after-tmpfiles.conf
@@ -0,0 +1,2 @@
+[Unit]
+After=systemd-tmpfiles-setup.service
diff --git a/config/chroot_local-includes/usr/lib/systemd/user/tails-32-bit-notify-user.service b/config/chroot_local-includes/usr/lib/systemd/user/tails-32-bit-notify-user.service
deleted file mode 100644
index ab8091d..0000000
--- a/config/chroot_local-includes/usr/lib/systemd/user/tails-32-bit-notify-user.service
+++ /dev/null
@@ -1,10 +0,0 @@
-[Unit]
-Description=Warn the user if Tails is running on a 32-bit processor
-
-[Service]
-Type=oneshot
-ExecStart=/usr/local/lib/tails-32-bit-notify-user
-RemainAfterExit=yes
-
-[Install]
-WantedBy=desktop.target
diff --git a/config/chroot_local-includes/usr/lib/tmpfiles.d/htpdate.conf b/config/chroot_local-includes/usr/lib/tmpfiles.d/htpdate.conf
new file mode 100644
index 0000000..2604bc1
--- /dev/null
+++ b/config/chroot_local-includes/usr/lib/tmpfiles.d/htpdate.conf
@@ -0,0 +1,2 @@
+# Type Path Mode UID GID Age Argument
+d /run/htpdate 00755 root root - -
diff --git a/config/chroot_local-includes/usr/lib/tmpfiles.d/tails-upgrader.conf b/config/chroot_local-includes/usr/lib/tmpfiles.d/tails-upgrader.conf
new file mode 100644
index 0000000..5234b1e
--- /dev/null
+++ b/config/chroot_local-includes/usr/lib/tmpfiles.d/tails-upgrader.conf
@@ -0,0 +1,3 @@
+# Type Path Mode UID GID Age Argument
+d /run/tails-upgrader 00775 root tails-upgrade-frontend - -
+d /usr/share/tails-iuk/trusted_gnupg_homedir 00755 root root - -
diff --git a/config/chroot_local-includes/usr/lib/tmpfiles.d/tordate.conf b/config/chroot_local-includes/usr/lib/tmpfiles.d/tordate.conf
new file mode 100644
index 0000000..6af8297
--- /dev/null
+++ b/config/chroot_local-includes/usr/lib/tmpfiles.d/tordate.conf
@@ -0,0 +1,2 @@
+# Type Path Mode UID GID Age Argument
+d /run/tordate 00755 root root - -
diff --git a/config/chroot_local-includes/usr/local/bin/git b/config/chroot_local-includes/usr/local/bin/git
index 3e8a790..4872362 100755
--- a/config/chroot_local-includes/usr/local/bin/git
+++ b/config/chroot_local-includes/usr/local/bin/git
@@ -1,2 +1,2 @@
#!/bin/sh
-TSOCKS_CONF_FILE=/etc/tor/tor-tsocks-git.conf exec /usr/bin/tsocks.distrib /usr/bin/git "$@"
+exec /usr/bin/torsocks /usr/bin/git "$@"
diff --git a/config/chroot_local-includes/usr/local/bin/keepassx b/config/chroot_local-includes/usr/local/bin/keepassx
new file mode 100755
index 0000000..bcfeb25
--- /dev/null
+++ b/config/chroot_local-includes/usr/local/bin/keepassx
@@ -0,0 +1,35 @@
+#!/bin/sh
+
+set -e
+set -u
+
+PERSISTENT_DATA_DIR="${HOME}/Persistent"
+OLD_DB="${PERSISTENT_DATA_DIR}/keepassx.kdb"
+MIGRATED_DB="${PERSISTENT_DATA_DIR}/New database.kdbx"
+NEW_DB="${PERSISTENT_DATA_DIR}/keepassx.kdbx"
+
+# There's a migrated but badly named DB => rename it before opening it:
+if [ -e "$MIGRATED_DB" ] && ! [ -e "$NEW_DB" ]; then
+ mv "$MIGRATED_DB" "$NEW_DB"
+ /usr/bin/keepassx "$NEW_DB"
+
+# There's an old DB but no new one => import the old DB:
+elif mountpoint -q "$PERSISTENT_DATA_DIR" \
+ && ! [ -e "$NEW_DB" ] \
+ && [ -e "$OLD_DB" ]; then
+
+ # Ensure $PERSISTENT_DATA_DIR is pre-selected for saving
+ # the migrated database
+ cd "$PERSISTENT_DATA_DIR"
+
+ # Trigger the migration from the old KeePassX database to the new format
+ # used in KeePassX 2.0.x.
+ /usr/bin/keepassx "$OLD_DB"
+
+ # Avoid the user being prompted to open the old DB on next run.
+ mv "$OLD_DB" "${OLD_DB}.bak"
+
+# Default case:
+else
+ /usr/bin/keepassx "$@"
+fi
diff --git a/config/chroot_local-includes/usr/local/bin/tails-boot-to-kexec b/config/chroot_local-includes/usr/local/bin/tails-boot-to-kexec
deleted file mode 100755
index ef8ac21..0000000
--- a/config/chroot_local-includes/usr/local/bin/tails-boot-to-kexec
+++ /dev/null
@@ -1,29 +0,0 @@
-#!/bin/sh
-
-running_amd64_kernel() {
- uname -r | grep -qs 'amd64$'
-}
-
-case "$1" in
- kernel)
- boot_kernel="$2"
- if running_amd64_kernel ; then
- echo "$boot_kernel" | sed -e 's,/vmlinuz$,/vmlinuz2,'
- else
- echo "$boot_kernel"
- fi
- ;;
- initrd)
- boot_initrd="$2"
- if running_amd64_kernel ; then
- echo "$boot_initrd" | sed -e 's,/initrd\.img$,/initrd2.img,'
- else
- echo "$boot_initrd"
- fi
- ;;
- *)
- echo "Usage: $0 kernel|initrd" >&2
- exit 3
-esac
-
-exit 0
diff --git a/config/chroot_local-includes/usr/local/bin/tails-upgrade-frontend-wrapper b/config/chroot_local-includes/usr/local/bin/tails-upgrade-frontend-wrapper
index b952d37..6e9830b 100755
--- a/config/chroot_local-includes/usr/local/bin/tails-upgrade-frontend-wrapper
+++ b/config/chroot_local-includes/usr/local/bin/tails-upgrade-frontend-wrapper
@@ -12,7 +12,7 @@ export TEXTDOMAIN
# Import no_abort()
. /usr/local/lib/tails-shell-library/common.sh
-TORDATE_DIR=/var/run/tordate
+TORDATE_DIR=/run/tordate
TORDATE_DONE_FILE="${TORDATE_DIR}/done"
INOTIFY_TIMEOUT=60
MIN_REAL_MEMFREE=$((300 * 1024))
diff --git a/config/chroot_local-includes/usr/local/bin/tor-launcher b/config/chroot_local-includes/usr/local/bin/tor-launcher
index fb4a8a9..e610166 100755
--- a/config/chroot_local-includes/usr/local/bin/tor-launcher
+++ b/config/chroot_local-includes/usr/local/bin/tor-launcher
@@ -10,7 +10,7 @@ unset TOR_CONTROL_PASSWD
unset TOR_FORCE_NET_CONFIG
export TOR_CONFIGURE_ONLY=1
export TOR_CONTROL_PORT=9051
-export TOR_CONTROL_COOKIE_AUTH_FILE=/var/run/tor/control.authcookie
+export TOR_CONTROL_COOKIE_AUTH_FILE=/run/tor/control.authcookie
export TOR_HIDE_BROWSER_LOGO=1
if echo "$@" | grep -qw -- --force-net-config; then
export TOR_FORCE_NET_CONFIG=1
diff --git a/config/chroot_local-includes/usr/local/etc/ssl/certs/hkps.pool.sks-keyservers.net.pem b/config/chroot_local-includes/usr/local/etc/ssl/certs/hkps.pool.sks-keyservers.net.pem
deleted file mode 120000
index 0baa49c..0000000
--- a/config/chroot_local-includes/usr/local/etc/ssl/certs/hkps.pool.sks-keyservers.net.pem
+++ /dev/null
@@ -1 +0,0 @@
-/etc/ssl/certs/sks-keyservers.netCA.pem \ No newline at end of file
diff --git a/config/chroot_local-includes/usr/local/lib/connect-socks b/config/chroot_local-includes/usr/local/lib/connect-socks
deleted file mode 100755
index 663e8fa..0000000
--- a/config/chroot_local-includes/usr/local/lib/connect-socks
+++ /dev/null
@@ -1,4 +0,0 @@
-#!/bin/sh
-SOCKS5_USER="${SOCKS5_USER:-}" \
- SOCKS5_PASSWORD="${SOCKS5_PASSWORD:-}" \
- connect-proxy -s "$@"
diff --git a/config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user b/config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user
deleted file mode 100755
index 20aaf19..0000000
--- a/config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user
+++ /dev/null
@@ -1,67 +0,0 @@
-#!/usr/bin/perl
-
-use strict;
-use warnings;
-
-#man{{{
-
-=head1 NAME
-
-tails-32-bit-notify-user
-
-=head1 VERSION
-
-Version X.XX
-
-=head1 AUTHOR
-
-Tails dev team <amnesia@boum.org>
-See https://tails.boum.org/.
-
-=cut
-
-#}}}
-
-use Desktop::Notify;
-use English '-no_match_vars';
-use Locale::gettext;
-use Net::DBus::Reactor;
-use Path::Tiny;
-use POSIX;
-
-### initialization
-setlocale(LC_MESSAGES, "");
-textdomain("tails");
-
-### callbacks
-
-sub action_cb {
- my $reactor = shift;
- unless (fork) {
- exec(
- '/usr/local/bin/tails-documentation',
- 'news/Tails_3.0_will_require_a_64-bit_processor'
- );
- }
- $reactor->shutdown;
-}
-
-### main
-
-exit 0 if grep {/^flags\s+:.*\s[l][m]\s/xms} path('/proc/cpuinfo')->lines_utf8;
-
-my $reactor = Net::DBus::Reactor->main;
-
-my $notify = Desktop::Notify->new();
-$notify->action_callback(sub { action_cb($reactor, @_) });
-$notify->close_callback(sub { $reactor->shutdown; });
-
-my $summary = gettext("Warning: Tails 3.0 won't work on this computer!");
-my $body = gettext("Tails 3.0 will require a 64-bit processor.");
-$notify->create(summary => $summary,
- body => $body,
- actions => { "moreinfo_$PID" => gettext('Learn more'), },
- hints => { 'transient' => 1, },
- timeout => 0)->show();
-
-$reactor->run;
diff --git a/config/chroot_local-includes/usr/local/lib/tails-htp-notify-user b/config/chroot_local-includes/usr/local/lib/tails-htp-notify-user
index 870a329..afa90d6 100755
--- a/config/chroot_local-includes/usr/local/lib/tails-htp-notify-user
+++ b/config/chroot_local-includes/usr/local/lib/tails-htp-notify-user
@@ -32,8 +32,8 @@ use POSIX;
### initialization
setlocale(LC_MESSAGES, "");
textdomain("tails");
-my $htp_done_file = '/var/run/htpdate/done';
-my $htp_success_file = '/var/run/htpdate/success';
+my $htp_done_file = '/run/htpdate/done';
+my $htp_success_file = '/run/htpdate/success';
my $htp_log_file = '/var/log/htpdate.log';
my $debug;
diff --git a/config/chroot_local-includes/usr/local/lib/tor-controlport-filter b/config/chroot_local-includes/usr/local/lib/tor-controlport-filter
index 6d3f0f1..ca4f9b2 100755
--- a/config/chroot_local-includes/usr/local/lib/tor-controlport-filter
+++ b/config/chroot_local-includes/usr/local/lib/tor-controlport-filter
@@ -136,8 +136,8 @@ import yaml
DEFAULT_LISTEN_ADDRESS = 'localhost'
DEFAULT_LISTEN_PORT = 9051
-DEFAULT_COOKIE_PATH = '/var/run/tor/control.authcookie'
-DEFAULT_CONTROL_SOCKET_PATH = '/var/run/tor/control'
+DEFAULT_COOKIE_PATH = '/run/tor/control.authcookie'
+DEFAULT_CONTROL_SOCKET_PATH = '/run/tor/control'
class NoRewriteMatch(RuntimeError):
diff --git a/config/chroot_local-includes/usr/local/sbin/live-persist b/config/chroot_local-includes/usr/local/sbin/live-persist
index cce3394..3182beb 100755
--- a/config/chroot_local-includes/usr/local/sbin/live-persist
+++ b/config/chroot_local-includes/usr/local/sbin/live-persist
@@ -325,16 +325,9 @@ activate_volumes ()
fi
done
+ # Migrate persistence settings
for conf in $(ls /live/persistence/*_unlocked/persistence.conf || true)
do
- # Migrate Squeeze-era NetworkManager persistence setting to Wheezy.
- migrate_persistence_preset '/home/amnesia/.gconf/system/networking/connections' 'nm-connections' \
- '/etc/NetworkManager/system-connections' 'nm-system-connections' "$conf"
- # disable pre-Wheezy NM persistence setting
- sed -r -i \
- -e 's,^(/home/amnesia/\.gconf/system/networking/connections\s+source=nm-connections)$,#\1,' \
- "$conf"
-
# Migrate Claws-mail persistence setting to Icedove
migrate_persistence_preset '/home/amnesia/.claws-mail' 'claws-mail' \
'/home/amnesia/.icedove' 'icedove' "$conf"
@@ -383,6 +376,31 @@ activate_volumes ()
fi
rm -f ${custom_mounts} 2> /dev/null
+ # Update persistent GnuPG configuration for Stretch
+ if mountpoint --quiet /home/amnesia/.gnupg ; then
+ # Install current dirmngr.conf if there is no persistent one
+ if [ ! -e /home/amnesia/.gnupg/dirmngr.conf ]
+ then
+ install --owner amnesia --group amnesia --mode 0600 \
+ /etc/skel/.gnupg/dirmngr.conf \
+ /home/amnesia/.gnupg/dirmngr.conf \
+ || warning "Could not install dirmngr.conf"
+ fi
+ # Disable gpg.conf settings that either are obsolete,
+ # or would break communication with keyservers
+ if [ -e /home/amnesia/.gnupg/gpg.conf ]
+ then
+ obsolete_keyserver_options_str='http-proxy|ca-cert-file'
+ obsolete_keyserver_options_bool='no-try-dns-srv|no-honor-keyserver-url'
+ sed -i --regexp-extended \
+ "s/^(keyserver\s+)/#\1/ ; \
+ s/^(keyserver-options\s+($obsolete_keyserver_options_str)=)/\#\\1/ ; \
+ s/^(keyserver-options\s+($obsolete_keyserver_options_bool))\$/\#\\1/" \
+ /home/amnesia/.gnupg/gpg.conf \
+ || warning "Could not update gpg.conf"
+ fi
+ fi
+
for vol in ${open_volumes}
do
if grep -qe "^${vol}\>" /proc/mounts
diff --git a/config/chroot_local-includes/usr/local/sbin/tails-additional-software b/config/chroot_local-includes/usr/local/sbin/tails-additional-software
index 3b7614db..a0a1489 100755
--- a/config/chroot_local-includes/usr/local/sbin/tails-additional-software
+++ b/config/chroot_local-includes/usr/local/sbin/tails-additional-software
@@ -9,7 +9,7 @@ import syslog
PERSISTENCE_DIR = "/live/persistence/TailsData_unlocked"
PACKAGES_LIST_FILE = PERSISTENCE_DIR + "/live-additional-software.conf"
-ACTIVATION_FILE = "/var/run/live-additional-software/activated"
+ACTIVATION_FILE = "/run/live-additional-software/activated"
def _launch_apt_get(specific_args):
"""Launch apt-get with given args
diff --git a/config/chroot_local-includes/usr/local/sbin/tails-reconfigure-kexec b/config/chroot_local-includes/usr/local/sbin/tails-reconfigure-kexec
index c3acb20..5c1c9ff 100755
--- a/config/chroot_local-includes/usr/local/sbin/tails-reconfigure-kexec
+++ b/config/chroot_local-includes/usr/local/sbin/tails-reconfigure-kexec
@@ -6,8 +6,8 @@ set -u
PATH="/usr/local/bin:${PATH}"
KEXEC_CONF=/etc/default/kexec
-KERNEL_IMAGE=$(tails-boot-to-kexec kernel $(tails-get-bootinfo kernel))
-INITRD=$(tails-boot-to-kexec initrd $(tails-get-bootinfo initrd))
+KERNEL_IMAGE=$(tails-get-bootinfo kernel)
+INITRD=$(tails-get-bootinfo initrd)
echo "KERNEL_IMAGE=\"${KERNEL_IMAGE}\"" >> "$KEXEC_CONF"
echo "INITRD=\"${INITRD}\"" >> "$KEXEC_CONF"
diff --git a/config/chroot_local-includes/usr/local/sbin/tails-reconfigure-memlockd b/config/chroot_local-includes/usr/local/sbin/tails-reconfigure-memlockd
index b584fce..328d304 100755
--- a/config/chroot_local-includes/usr/local/sbin/tails-reconfigure-memlockd
+++ b/config/chroot_local-includes/usr/local/sbin/tails-reconfigure-memlockd
@@ -6,5 +6,5 @@ set -u
PATH="/usr/local/bin:${PATH}"
MEMLOCKD_CONF=/etc/memlockd.cfg
-tails-boot-to-kexec kernel $(tails-get-bootinfo kernel) >> "$MEMLOCKD_CONF"
-tails-boot-to-kexec initrd $(tails-get-bootinfo initrd) >> "$MEMLOCKD_CONF"
+tails-get-bootinfo kernel >> "$MEMLOCKD_CONF"
+tails-get-bootinfo initrd >> "$MEMLOCKD_CONF"
diff --git a/config/chroot_local-includes/usr/share/gdm/dconf/50-tails b/config/chroot_local-includes/usr/share/gdm/dconf/50-tails
index 8e0ea4d..b384c3c 100644
--- a/config/chroot_local-includes/usr/share/gdm/dconf/50-tails
+++ b/config/chroot_local-includes/usr/share/gdm/dconf/50-tails
@@ -4,5 +4,10 @@ session-name='gdm-tails'
[org/gnome/desktop/background]
picture-uri='file:///usr/share/tails/desktop_wallpaper.png'
+[org/gnome/desktop/peripherals/touchpad]
+natural-scroll = true
+tap-to-click = true
+two-finger-scrolling-enabled = true
+
[org/gnome/settings-daemon/plugins/cursor]
active = false
diff --git a/config/chroot_local-includes/usr/share/gnome-shell/extensions/shutdown-helper@tails.boum.org/metadata.json b/config/chroot_local-includes/usr/share/gnome-shell/extensions/shutdown-helper@tails.boum.org/metadata.json
index 409a843..d54f91c 100644
--- a/config/chroot_local-includes/usr/share/gnome-shell/extensions/shutdown-helper@tails.boum.org/metadata.json
+++ b/config/chroot_local-includes/usr/share/gnome-shell/extensions/shutdown-helper@tails.boum.org/metadata.json
@@ -5,7 +5,8 @@
"shell-version": [
"3.10",
"3.12",
- "3.14"
+ "3.14",
+ "3.20"
],
"url": "https://tails.boum.org",
"uuid": "shutdown-helper@tails.boum.org",
diff --git a/config/chroot_local-includes/usr/share/gnome-shell/extensions/topIcons@adel.gadllah@gmail.com/extension.js b/config/chroot_local-includes/usr/share/gnome-shell/extensions/topIcons@adel.gadllah@gmail.com/extension.js
deleted file mode 100644
index bcd7639..0000000
--- a/config/chroot_local-includes/usr/share/gnome-shell/extensions/topIcons@adel.gadllah@gmail.com/extension.js
+++ /dev/null
@@ -1,194 +0,0 @@
-// -*- mode: js; js-indent-level: 4; indent-tabs-mode: nil -*-
-
-const Clutter = imports.gi.Clutter;
-const Shell = imports.gi.Shell;
-const St = imports.gi.St;
-const Main = imports.ui.main;
-const GLib = imports.gi.GLib;
-const Lang = imports.lang;
-const Panel = imports.ui.panel;
-const PanelMenu = imports.ui.panelMenu;
-const Meta = imports.gi.Meta;
-const Mainloop = imports.mainloop;
-const NotificationDaemon = imports.ui.notificationDaemon;
-
-let trayAddedId = 0;
-let trayRemovedId = 0;
-let getSource = null;
-let icons = [];
-let notificationDaemon;
-
-const PANEL_ICON_SIZE = 24;
-
-function init() {
- if (Main.legacyTray) {
- notificationDaemon = Main.legacyTray;
- NotificationDaemon.STANDARD_TRAY_ICON_IMPLEMENTATIONS = imports.ui.legacyTray.STANDARD_TRAY_ICON_IMPLEMENTATIONS;
- }
- else if (Main.notificationDaemon._fdoNotificationDaemon) {
- notificationDaemon = Main.notificationDaemon._fdoNotificationDaemon;
- getSource = Lang.bind(notificationDaemon, NotificationDaemon.FdoNotificationDaemon.prototype._getSource);
- }
- else {
- notificationDaemon = Main.notificationDaemon;
- getSource = Lang.bind(notificationDaemon, NotificationDaemon.NotificationDaemon.prototype._getSource);
- }
-}
-
-function enable() {
- GLib.idle_add(GLib.PRIORITY_LOW, moveToTop);
-}
-
-function createSource (title, pid, ndata, sender, trayIcon) {
- if (trayIcon) {
- onTrayIconAdded(this, trayIcon, title);
- return null;
- }
-
- return getSource(title, pid, ndata, sender, trayIcon);
-};
-
-function onTrayIconAdded(o, icon, role) {
- let wmClass = icon.wm_class ? icon.wm_class.toLowerCase() : '';
- if (NotificationDaemon.STANDARD_TRAY_ICON_IMPLEMENTATIONS[wmClass] !== undefined)
- return;
-
- let buttonBox = new PanelMenu.ButtonBox();
- let box = buttonBox.actor;
- let parent = box.get_parent();
-
- let scaleFactor = St.ThemeContext.get_for_stage(global.stage).scale_factor;
- let iconSize = PANEL_ICON_SIZE * scaleFactor;
-
- icon.set_size(iconSize, iconSize);
- box.add_actor(icon);
-
- icon.reactive = true;
-
- if (parent)
- parent.remove_actor(box);
-
- icons.push(icon);
- Main.panel._rightBox.insert_child_at_index(box, 0);
-
- let clickProxy = new St.Bin({ width: iconSize, height: iconSize });
- clickProxy.reactive = true;
- Main.uiGroup.add_actor(clickProxy);
-
- icon._proxyAlloc = Main.panel._rightBox.connect('allocation-changed', function() {
- Meta.later_add(Meta.LaterType.BEFORE_REDRAW, function() {
- let [x, y] = icon.get_transformed_position();
- clickProxy.set_position(x, y);
- });
- });
-
- icon.connect("destroy", function() {
- Main.panel._rightBox.disconnect(icon._proxyAlloc);
- clickProxy.destroy();
- });
-
- clickProxy.connect('button-release-event', function(actor, event) {
- icon.click(event);
- });
-
- icon._clickProxy = clickProxy;
-
- /* Fixme: HACK */
- Meta.later_add(Meta.LaterType.BEFORE_REDRAW, function() {
- let [x, y] = icon.get_transformed_position();
- clickProxy.set_position(x, y);
- return false;
- });
- let timerId = 0;
- let i = 0;
- timerId = Mainloop.timeout_add(500, function() {
- icon.set_size(icon.width == iconSize ? iconSize - 1 : iconSize,
- icon.width == iconSize ? iconSize - 1 : iconSize);
- i++;
- if (i == 2)
- Mainloop.source_remove(timerId);
- });
-}
-
-function onTrayIconRemoved(o, icon) {
- let parent = icon.get_parent();
- parent.destroy();
- icon.destroy();
- icons.splice(icons.indexOf(icon), 1);
-}
-
-function moveToTop() {
- notificationDaemon._trayManager.disconnect(notificationDaemon._trayIconAddedId);
- notificationDaemon._trayManager.disconnect(notificationDaemon._trayIconRemovedId);
- trayAddedId = notificationDaemon._trayManager.connect('tray-icon-added', onTrayIconAdded);
- trayRemovedId = notificationDaemon._trayManager.connect('tray-icon-removed', onTrayIconRemoved);
-
- notificationDaemon._getSource = createSource;
-
- let toDestroy = [];
- if (notificationDaemon._sources) {
- for (let i = 0; i < notificationDaemon._sources.length; i++) {
- let source = notificationDaemon._sources[i];
- if (!source.trayIcon)
- continue;
- let parent = source.trayIcon.get_parent();
- parent.remove_actor(source.trayIcon);
- onTrayIconAdded(this, source.trayIcon, source.initialTitle);
- toDestroy.push(source);
- }
- }
- else {
- for (let i = 0; i < notificationDaemon._iconBox.get_n_children(); i++) {
- let button = notificationDaemon._iconBox.get_child_at_index(i);
- let icon = button.child;
- button.remove_actor(icon);
- onTrayIconAdded(this, icon, '');
- toDestroy.push(button);
- }
- }
-
- for (let i = 0; i < toDestroy.length; i++) {
- toDestroy[i].destroy();
- }
-}
-
-function moveToTray() {
- if (trayAddedId != 0) {
- notificationDaemon._trayManager.disconnect(trayAddedId);
- trayAddedId = 0;
- }
-
- if (trayRemovedId != 0) {
- notificationDaemon._trayManager.disconnect(trayRemovedId);
- trayRemovedId = 0;
- }
-
- notificationDaemon._trayIconAddedId = notificationDaemon._trayManager.connect('tray-icon-added',
- Lang.bind(notificationDaemon, notificationDaemon._onTrayIconAdded));
- notificationDaemon._trayIconRemovedId = notificationDaemon._trayManager.connect('tray-icon-removed',
- Lang.bind(notificationDaemon, notificationDaemon._onTrayIconRemoved));
-
- notificationDaemon._getSource = getSource;
-
- for (let i = 0; i < icons.length; i++) {
- let icon = icons[i];
- let parent = icon.get_parent();
- if (icon._clicked) {
- icon.disconnect(icon._clicked);
- }
- icon._clicked = undefined;
- if (icon._proxyAlloc) {
- Main.panel._rightBox.disconnect(icon._proxyAlloc);
- }
- icon._clickProxy.destroy();
- parent.remove_actor(icon);
- parent.destroy();
- notificationDaemon._onTrayIconAdded(notificationDaemon, icon);
- }
-
- icons = [];
-}
-
-function disable() {
- moveToTray();
-}
diff --git a/config/chroot_local-includes/usr/share/gnome-shell/extensions/topIcons@adel.gadllah@gmail.com/metadata.json b/config/chroot_local-includes/usr/share/gnome-shell/extensions/topIcons@adel.gadllah@gmail.com/metadata.json
deleted file mode 100644
index ddd1d5f..0000000
--- a/config/chroot_local-includes/usr/share/gnome-shell/extensions/topIcons@adel.gadllah@gmail.com/metadata.json
+++ /dev/null
@@ -1,19 +0,0 @@
-{
- "_generated": "Generated by SweetTooth, do not edit",
- "description": "Shows legacy tray icons on top",
- "name": "TopIcons",
- "shell-version": [
- "3.10",
- "3.9.91",
- "3.12",
- "3.11.5",
- "3.11.90",
- "3.14",
- "3.13.4",
- "3.16",
- "3.18"
- ],
- "url": "http://94.247.144.115/repo/topicons/",
- "uuid": "topIcons@adel.gadllah@gmail.com",
- "version": 28
-} \ No newline at end of file
diff --git a/config/chroot_local-includes/usr/share/gnome-shell/extensions/torstatus@tails.boum.org/metadata.json b/config/chroot_local-includes/usr/share/gnome-shell/extensions/torstatus@tails.boum.org/metadata.json
index a66f032..297824a 100644
--- a/config/chroot_local-includes/usr/share/gnome-shell/extensions/torstatus@tails.boum.org/metadata.json
+++ b/config/chroot_local-includes/usr/share/gnome-shell/extensions/torstatus@tails.boum.org/metadata.json
@@ -1,5 +1,5 @@
{
- "shell-version": ["3.14"],
+ "shell-version": ["3.20"],
"uuid": "torstatus@tails.boum.org",
"name": "Tor Daemon Status",
"description": "Show the status of the Tor daemon"
diff --git a/config/chroot_local-includes/usr/share/initramfs-tools/hooks/kms b/config/chroot_local-includes/usr/share/initramfs-tools/hooks/kms
index 27f8a58..c42d053 100755
--- a/config/chroot_local-includes/usr/share/initramfs-tools/hooks/kms
+++ b/config/chroot_local-includes/usr/share/initramfs-tools/hooks/kms
@@ -17,6 +17,6 @@ esac
. /usr/share/initramfs-tools/hook-functions
-manual_add_modules bochs-drm cirrus i915 nouveau qxl radeon
+manual_add_modules amdgpu bochs-drm cirrus i915 nouveau qxl radeon
exit 0
diff --git a/config/chroot_local-includes/usr/share/initramfs-tools/scripts/init-top/memory_wipe b/config/chroot_local-includes/usr/share/initramfs-tools/scripts/init-top/memory_wipe
index bc429d9..e4fc5f6 100755
--- a/config/chroot_local-includes/usr/share/initramfs-tools/scripts/init-top/memory_wipe
+++ b/config/chroot_local-includes/usr/share/initramfs-tools/scripts/init-top/memory_wipe
@@ -39,22 +39,14 @@ if [ -n "${sdmem}" ] ; then
if [ -z "${sdmemopts}" ] ; then
sdmemopts="v"
fi
- # We run one instance of sdmem per 2 GiB of RAM to deal with the
- # x86 per-process memory limitation.
- mem=$(free | awk '/Mem:/ { print $2 }')
- instances=$((${mem}/(2*1024*1024)+1))
- for i in $(seq 1 "${instances}") ; do
- ( /usr/bin/sdmem "-${sdmemopts}" ; killall sdmem >/dev/null 2>&1 ) &
- done
- # Wait for sdmem jobs to finish.
- wait
+ /usr/bin/sdmem "-${sdmemopts}"
echo "Memory has been wiped!"
fi
if [ "${sdmemdebug}" = 1 ] ; then
clear
echo "Going to sleep 10 minutes. Happy dumping!"
- sleep 600
+ sleep 1200
fi
case "${sdmem}" in
diff --git a/config/chroot_local-includes/usr/share/live/config/xserver-xorg/intel.ids b/config/chroot_local-includes/usr/share/live/config/xserver-xorg/intel.ids
new file mode 100644
index 0000000..409bbd1
--- /dev/null
+++ b/config/chroot_local-includes/usr/share/live/config/xserver-xorg/intel.ids
@@ -0,0 +1,3 @@
+80860046
+80862582
+808627A2
diff --git a/config/chroot_local-includes/usr/share/tails/tbb-sha256sums.txt b/config/chroot_local-includes/usr/share/tails/tbb-sha256sums.txt
index b039ada..2d7fe6d 100644
--- a/config/chroot_local-includes/usr/share/tails/tbb-sha256sums.txt
+++ b/config/chroot_local-includes/usr/share/tails/tbb-sha256sums.txt
@@ -1,16 +1,16 @@
-e2c21f14c1db183d5ef0441d9080f9159bdda5cf24bd51e1205f3176ca97d14f tor-browser-linux32-6.5.2_ar.tar.xz
-fbcf5042bcb84b16cc6af804450897f1fa8dbe7be7bfb6d3ab609cadd1966dbf tor-browser-linux32-6.5.2_de.tar.xz
-48be7b06a9709efb4ee85783d9120b867656c03f5adbc4333b1cb13ad5155ef4 tor-browser-linux32-6.5.2_en-US.tar.xz
-9ee117e55334d9a9b24fb9145d2f4f1bfd38c6d86a70781deb6f1e0f63968a96 tor-browser-linux32-6.5.2_es-ES.tar.xz
-b8993fbabdec50fe5c6e905c613680328dcef14ae86f583f176cedd1f0ff4d8d tor-browser-linux32-6.5.2_fa.tar.xz
-81cbd25908b5037a56be8b789e987d86aa8a4067092d357ca91ba7af8502f702 tor-browser-linux32-6.5.2_fr.tar.xz
-7b9a52b44a13b7726e768e20ccc27d91b027f90442780bd4d1bad502844096a1 tor-browser-linux32-6.5.2_it.tar.xz
-74fa492cda33efe9304364d0a62d84e7d1de0b335aff802c9bc299f295bf36ee tor-browser-linux32-6.5.2_ja.tar.xz
-a26486edda8951ffcec8fa5d5d183ab2d04843ad75e49ac1422cf49985ef034a tor-browser-linux32-6.5.2_ko.tar.xz
-bf2f61f7200979ce59e40c4266c12b871ee42e239dc15292de74335cb9e2cedd tor-browser-linux32-6.5.2_nl.tar.xz
-ac2647e29d4a903524fa4b46f0674918a2284cd2152255f8a47ddb981c2347bb tor-browser-linux32-6.5.2_pl.tar.xz
-27059068ea938e79be4f006ffe8dcf67b37ef11da8d8d969460745d84939c515 tor-browser-linux32-6.5.2_pt-BR.tar.xz
-5d82e37cd2a8e90c36c865e5604c31ccc0c8b89fee71630af45b98bb43c3b348 tor-browser-linux32-6.5.2_ru.tar.xz
-6e716eae5a9364248cf2da1dbb3abafef9a31c9b00991999f1a557d1985f4e63 tor-browser-linux32-6.5.2_tr.tar.xz
-3d87410395460a65cce222bd7445656e3fc57c718265189d97e0413e5a41a518 tor-browser-linux32-6.5.2_vi.tar.xz
-c854a68af9c59db502b312a0879f78d34c1e285dd22199c56759b4189a3f5e8d tor-browser-linux32-6.5.2_zh-CN.tar.xz
+5dfbd6ca77ba7c9a2d8ec536dc58ef669831abb6e3e7f72c184e18aea19eff8a tor-browser-linux64-6.5.2_ar.tar.xz
+2c7d1092a55620b992a05c424641d4842fa8c2b3c4702140cb1399164ae24a6b tor-browser-linux64-6.5.2_de.tar.xz
+38ed559d86f2a8cb97224b2852f1e566eb54143325a1ad592267d77f9382dc6b tor-browser-linux64-6.5.2_en-US.tar.xz
+4cb8ca35375aeb470202e470274a6b654a7646a94e966e205d76432cc46432de tor-browser-linux64-6.5.2_es-ES.tar.xz
+000764cb21dac4abd42322bb1ad5576191315da7a1b99ba04a8598653ae743a4 tor-browser-linux64-6.5.2_fa.tar.xz
+84a04f19931c71aa0720df63b4099cf41ae46c3d8c0cf48e76642b8073e2a786 tor-browser-linux64-6.5.2_fr.tar.xz
+549365e5ba725e806b2a0e287cf0984cc33acac4c11793bcd23a83579c51ab38 tor-browser-linux64-6.5.2_it.tar.xz
+cd75e031ffe5115bd72e25b1b26b9f8d9f32ac006528b9e293387fe1b996acc9 tor-browser-linux64-6.5.2_ja.tar.xz
+85f7a495c134ba84bc55bdbbf869dd278e65e6f691fbddadbf9c289d2a6de84c tor-browser-linux64-6.5.2_ko.tar.xz
+f5c5a1d7a8abe19aa528378ecc8a5803f5f27ac8b591f16f6d773c70f509178d tor-browser-linux64-6.5.2_nl.tar.xz
+4ec68f03287e845244f01a2f65d9e55dd12d494fc547f031e367f27db3381c97 tor-browser-linux64-6.5.2_pl.tar.xz
+acd6e6f915bef28fe9bf95eed3a9dc89eb56643ab776297f08e3cda3f739892e tor-browser-linux64-6.5.2_pt-BR.tar.xz
+ceb78839379c6398d00a92f3ebdbb89120b317ac8c77d354b20233578d76826b tor-browser-linux64-6.5.2_ru.tar.xz
+3f07a4bdfc324d01ce676d4985130651c720006c88bb5620b874972c675c9142 tor-browser-linux64-6.5.2_tr.tar.xz
+b202e460bb9f807aa611a3cdc10a0c85ad0f6027fc3e1a8f892258f422163089 tor-browser-linux64-6.5.2_vi.tar.xz
+dc357c08730444f25404a4cf75fea76f3313152e34fdf24f9177e5827d9c7b46 tor-browser-linux64-6.5.2_zh-CN.tar.xz
diff --git a/config/chroot_local-packageslists/tails-common.list b/config/chroot_local-packageslists/tails-common.list
index e84a797..479a2f4 100644
--- a/config/chroot_local-packageslists/tails-common.list
+++ b/config/chroot_local-packageslists/tails-common.list
@@ -46,13 +46,19 @@ zenity
gksu
# Needed by tails-htp-notify-user and others
libdesktop-notify-perl
+# Needed by /lib/live/config/2010-pidgin
+bc
# Needed by tails-transform-mirror-url
nodejs
-# Needed by tails-32-bit-notify-user
-libpath-tiny-perl
+# Needed by SSH's ProxyCommand
+netcat-openbsd
+# Needed by Tails Installer when running on Tails
+libc6-i386
### Software
+adwaita-qt
+adwaita-qt4
aircrack-ng
alsa-utils
apparmor
@@ -66,14 +72,11 @@ cups-pk-helper
cryptsetup
rsync
bash-completion
-bookletimposer
-connect-proxy
cracklib-runtime
+dbus-user-session
desktop-base
dmz-cursor-theme
dosfstools
-eatmydata
-ekeyd
electrum
enigmail
eog
@@ -86,49 +89,42 @@ florence
fonts-cantarell
fonts-liberation
fonts-linuxlibertine
-gcalctool
gdm3
gedit
gimp
git
gkbd-capplet
+gnome-calculator
gnome-control-center
gnome-disk-utility
-gnome-flashback
-gnome-media
+gnome-menus
gnome-power-manager
gnome-search-tool
gnome-screenshot
gnome-session
-gnome-session-flashback
+gnome-shell-extension-top-icons-plus
gnome-shell-extensions
gnome-sound-recorder
# Jessie's gnome-sound-recorder is missing the dependency on gstreamer1.0-pulseaudio (Debian bug #852870)
# This can be removed once gnome-sound-recorder is >=3.21.92-2
gstreamer1.0-pulseaudio
-gnome-system-log
gnome-system-monitor
gnome-terminal
-gnome-themes
gnome-themes-standard
gnome-user-guide
gnupg-agent
-gnupg-curl
gnupg2
gobi-loader
-gobby-0.5
+gobby
## breaks lb because of desktop-base.postinst (see Debian bug #467620)
-#if ARCHITECTURE i386 amd64
+#if ARCHITECTURE amd64
# grub
grub-efi-ia32
#endif
-gstreamer0.10-plugins-base
-gstreamer0.10-plugins-good
-gstreamer0.10-plugins-ugly
-gstreamer0.10-pulseaudio
gstreamer1.0-libav
# Needed for audio in DVD playback
gstreamer1.0-plugins-ugly
+gtk2-engines-pixbuf
gvfs-backends
hardlink
haveged
@@ -158,6 +154,7 @@ live-tools
lvm2
macchanger
mat
+mesa-utils
monkeysign
monkeysphere
msva-perl
@@ -172,6 +169,7 @@ onionshare
libreoffice-calc
libreoffice-draw
libreoffice-gnome
+libreoffice-gtk3
libreoffice-impress
libreoffice-math
libreoffice-writer
@@ -191,6 +189,7 @@ openssh-client
paperkey
parted
pidgin
+pidgin-guifications
pidgin-otr
pinentry-gtk2
pitivi
@@ -217,7 +216,7 @@ syslinux-common
syslinux-efi
# ships isohybrid in syslinux 6.x packaging
syslinux-utils
-system-config-printer
+system-config-printer-common
synaptic
torsocks
totem-plugins
@@ -230,21 +229,20 @@ tor-geoipdb
sound-juicer
ssss
totem
-ttdnsd
unar
usbutils
vim-nox
virtualbox-guest-utils
virtualbox-guest-x11
wireless-tools
+xdg-user-dirs-gtk
xsel
xul-ext-torbirdy
# needed for initramfs-tools' COMPRESS=xz
xz-utils
-#if ARCHITECTURE i386 amd64
+#if ARCHITECTURE amd64
open-vm-tools
-xserver-xorg-input-vmmouse
#endif
### Firmwares
@@ -269,10 +267,10 @@ firmware-b43legacy-installer
### Xorg
xorg
xserver-xorg-input-all
-#if ARCHITECTURE i386
-xserver-xorg-video-geode
-#endif
xserver-xorg-video-all
+xserver-xorg-video-cirrus
+xserver-xorg-video-intel
+xserver-xorg-video-modesetting
xserver-xorg-video-amdgpu
### Input methods
@@ -298,7 +296,8 @@ fonts-farsiweb
xfonts-intl-chinese
fonts-arphic-ukai
fonts-arphic-uming
-xfonts-wqy
+fonts-wqy-microhei
+fonts-wqy-zenhei
## Hebrew support
culmus
libfribidi0
@@ -329,6 +328,7 @@ mousetweaks
## text-to-speech
gnome-orca
at-spi2-core
+speech-dispatcher-espeak-ng
## high-contrast theme
gnome-accessibility-themes
## graphical predictive text input system
@@ -342,12 +342,12 @@ intel-microcode
hunspell-ar
hunspell-de-de
hunspell-en-us
-myspell-es
+hunspell-es
myspell-fa
hunspell-fr
-myspell-it
-myspell-pt
-myspell-ru
+hunspell-it
+hunspell-pt-br
+hunspell-ru
hunspell-vi
### Mobile broadband devices support (GSM, 3G...)
@@ -402,8 +402,9 @@ python3-systemd
xclip
xdotool
-# Enable Electrum's Qt GUI
+# Enable Electrum's Qt GUI & TREZOR support
python-qt4
+python-trezor
# Provide gnome-open (used to open e.g. URLs in KeePassX, Icedove, Electrum...)
libgnome2-bin
diff --git a/config/chroot_local-patches/0001-Use-the-Tor-OnionBalance-hidden-service-pool-as-the-.patch b/config/chroot_local-patches/0001-Use-the-Tor-OnionBalance-hidden-service-pool-as-the-.patch
new file mode 100644
index 0000000..20fcb24
--- /dev/null
+++ b/config/chroot_local-patches/0001-Use-the-Tor-OnionBalance-hidden-service-pool-as-the-.patch
@@ -0,0 +1,38 @@
+From: intrigeri <intrigeri@boum.org>
+Date: Tue, 31 Jan 2017 15:54:01 +0000
+Subject: Use the Tor OnionBalance hidden service pool as the default
+ keyserver.
+
+---
+ chrome/content/preferences.js | 2 +-
+ components/torbirdy.js | 4 ++--
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/chrome/content/preferences.js b/chrome/content/preferences.js
+index 3f1b9a1..87f46aa 100644
+--- a/usr/share/xul-ext/torbirdy/chrome/content/preferences.js
++++ b/usr/share/xul-ext/torbirdy/chrome/content/preferences.js
+@@ -7,7 +7,7 @@ if (!org.torbirdy.prefs) org.torbirdy.prefs = new function() {
+ pub.prefBranch = "extensions.torbirdy.";
+ pub.customBranch = "extensions.torbirdy.custom.";
+
+- pub.torKeyserver = "hkp://qdigse2yzvuglcix.onion";
++ pub.torKeyserver = "hkp://jirk5u4osbsr34t5.onion";
+ pub.jondoKeyserver = "hkp://pool.sks-keyservers.net";
+
+ pub.prefs = Components.classes["@mozilla.org/preferences-service;1"]
+diff --git a/components/torbirdy.js b/components/torbirdy.js
+index f9acf0b..01c1c7a 100644
+--- a/usr/share/xul-ext/torbirdy/components/torbirdy.js
++++ b/usr/share/xul-ext/torbirdy/components/torbirdy.js
+@@ -274,8 +274,8 @@ var TorBirdyPrefs = {
+ // We want to ensure that Enigmail is proxy aware even when it runs gpg in a shell
+ "--keyserver-options http-proxy=socks5h://127.0.0.1:9050 ",
+
+- // The default key server should be a hidden service and this is the only known one (it's part of the normal SKS network)
+- "extensions.enigmail.keyserver": "hkp://qdigse2yzvuglcix.onion",
++ // The default key server should be a hidden service; use the Tor OnionBalance hidden service pool (https://sks-keyservers.net/overview-of-pools.php#pool_tor)
++ "extensions.enigmail.keyserver": "hkp://jirk5u4osbsr34t5.onion",
+ // Force GnuPG to use SHA512.
+ "extensions.enigmail.mimeHashAlgorithm": 5,
+
diff --git a/config/chroot_local-patches/0002-Allow-specifying-that-Enigmail-keyserver-communicati.patch b/config/chroot_local-patches/0002-Allow-specifying-that-Enigmail-keyserver-communicati.patch
new file mode 100644
index 0000000..0a19508
--- /dev/null
+++ b/config/chroot_local-patches/0002-Allow-specifying-that-Enigmail-keyserver-communicati.patch
@@ -0,0 +1,97 @@
+From: intrigeri <intrigeri@boum.org>
+Date: Tue, 31 Jan 2017 16:04:33 +0000
+Subject: Allow specifying that Enigmail keyserver communication is torified
+ already.
+
+This can be done by setting extensions.torbirdy.enigmail.already_torified
+to true.
+
+It is needed e.g. when using GnuPG 2.1+, in which case these keyserver options
+break dirmngr:
+
+ no-try-dns-srv,http-proxy=socks5h://127.0.0.1:9150
+
+... as reported e.g. on https://trac.torproject.org/projects/tor/ticket/19971
+and https://labs.riseup.net/code/issues/11948.
+
+The correct way to torify keyserver communication with Modern GnuPG is to set
+"use-tor" in ~/.gnupg/dirmngr.conf. Let's not break things for users who have
+configured this properly, e.g. Tails.
+
+Note that the Enigmail master branch has code to use Tor for keyserver
+operations. My understanding of the code is that it supports GnuPG 2 nicely, and
+detects whether dirmngr is already configured to use Tor. Once that's released
+and ready for production use, the parts of the Torbirdy code that are about
+torifying Enigmail communication with keyservers can go away:
+
+ https://sourceforge.net/p/enigmail/source/ci/74e19771ec18cd5e7b542c32a9b34d47697f50ed/
+
+... which is why I didn't bother investing time into a nicer solution on
+Torbirdy's side.
+---
+ chrome/content/overlay.js | 1 +
+ chrome/content/preferences.js | 13 ++++++++-----
+ defaults/preferences/prefs.js | 1 +
+ 3 files changed, 10 insertions(+), 5 deletions(-)
+
+diff --git a/chrome/content/overlay.js b/chrome/content/overlay.js
+index 1f72c9d..f0c0304 100644
+--- a/usr/share/xul-ext/torbirdy/chrome/content/overlay.js
++++ b/usr/share/xul-ext/torbirdy/chrome/content/overlay.js
+@@ -40,6 +40,7 @@
+ // Tor.
+ if (type === 0) {
+ myPanel.label = strbundle.getString("torbirdy.enabled.tor");
++ org.torbirdy.prefs.setProxyTor();
+ }
+ // JonDo/Whonix.
+ if (type === 1) {
+diff --git a/chrome/content/preferences.js b/chrome/content/preferences.js
+index 87f46aa..73ef18f 100644
+--- a/usr/share/xul-ext/torbirdy/chrome/content/preferences.js
++++ b/usr/share/xul-ext/torbirdy/chrome/content/preferences.js
+@@ -41,17 +41,19 @@ if (!org.torbirdy.prefs) org.torbirdy.prefs = new function() {
+ if (pub.prefs.getBoolPref("extensions.torbirdy.enigmail.throwkeyid")) {
+ opts += "--throw-keyids ";
+ }
+- var proxy = "socks5h://127.0.0.1:9050";
+- if (anonService === "jondo") {
+- proxy = "http://127.0.0.1:4001";
++ if (! pub.prefs.getBoolPref("extensions.torbirdy.gpg_already_torified")) {
++ var proxy = "socks5h://127.0.0.1:9050";
++ if (anonService === "jondo") {
++ proxy = "http://127.0.0.1:4001";
++ }
++ opts += "--keyserver-options=no-try-dns-srv,http-proxy=" + proxy + " ";
+ }
+
+ return opts +
+ "--no-emit-version " +
+ "--no-comments " +
+ "--display-charset utf-8 " +
+- "--keyserver-options no-auto-key-retrieve,no-try-dns-srv,http-proxy=" +
+- proxy;
++ "--keyserver-options no-auto-key-retrieve";
+ };
+
+ pub.updateKeyserver = function(anonService) {
+@@ -201,6 +203,7 @@ if (!org.torbirdy.prefs) org.torbirdy.prefs = new function() {
+
+ pub.setPanelSettings(pub.strBundle.GetStringFromName("torbirdy.enabled.tor"), "green");
+ pub.prefs.setIntPref(pub.prefBranch + 'proxy', 0);
++ pub.setPreferences("extensions.enigmail.agentAdditionalParam", pub.setEnigmailPrefs("tor"));
+ };
+
+ pub.setProxyJonDo = function() {
+diff --git a/defaults/preferences/prefs.js b/defaults/preferences/prefs.js
+index 8b43562..ea316d3 100644
+--- a/usr/share/xul-ext/torbirdy/defaults/preferences/prefs.js
++++ b/usr/share/xul-ext/torbirdy/defaults/preferences/prefs.js
+@@ -5,6 +5,7 @@ pref("extensions.torbirdy.warn", true);
+ pref("extensions.torbirdy.startup_folder", false);
+ pref("extensions.torbirdy.enigmail.throwkeyid", false);
+ pref("extensions.torbirdy.enigmail.confirmemail", false);
++pref("extensions.torbirdy.gpg_already_torified", false);
+ pref("extensions.torbirdy.timezone", true);
+ pref("extensions.torbirdy.whonix_run", true);
+ pref("extensions.torbirdy.info_run", false);
diff --git a/config/chroot_local-patches/apparmor-adjust-cupsd-profile.diff b/config/chroot_local-patches/apparmor-adjust-cupsd-profile.diff
index 53e4455..9d46be8 100644
--- a/config/chroot_local-patches/apparmor-adjust-cupsd-profile.diff
+++ b/config/chroot_local-patches/apparmor-adjust-cupsd-profile.diff
@@ -1,16 +1,14 @@
---- a/etc/apparmor.d/usr.sbin.cupsd 2015-11-20 09:41:01.408000000 +0000
-+++ b/etc/apparmor.d/usr.sbin.cupsd 2015-11-20 09:47:01.728000000 +0000
-@@ -4,7 +4,9 @@
+--- a/etc/apparmor.d/usr.sbin.cupsd 2017-01-18 13:06:44.000000000 +0000
++++ b/etc/apparmor.d/usr.sbin.cupsd 2017-01-30 12:21:27.499144568 +0000
+@@ -4,6 +4,8 @@
#include <tunables/global>
--/usr/sbin/cupsd {
+@{etccups}=/{etc/cups,live/persistence/TailsData_unlocked/cups-configuration}
+
-+/usr/sbin/cupsd flags=(attach_disconnected) {
+ /usr/sbin/cupsd flags=(attach_disconnected) {
#include <abstractions/base>
#include <abstractions/bash>
- #include <abstractions/authentication>
@@ -53,9 +55,10 @@
/dev/bus/usb/ r,
/dev/bus/usb/** rw,
@@ -25,15 +23,18 @@
/etc/foomatic/* r,
/etc/gai.conf r,
/etc/papersize r,
-@@ -70,7 +73,7 @@
+@@ -70,9 +73,9 @@
@{PROC}/*/auxv r,
@{PROC}/sys/crypto/** r,
/sys/** r,
- /usr/bin/* ixr,
+ /usr/bin/{[^h],h[^p],hp[^i],hpi[^j],hpij[^s]}* ixr,
/usr/sbin/* ixr,
- /bin/* ixr,
- /sbin/* ixr,
+- /{usr/,}bin/* ixr,
++ /{usr/,}bin/{[^h],h[^p],hp[^i],hpi[^j],hpij[^s]}* ixr,
+ /{usr/,}sbin/* ixr,
+ /usr/lib/** rm,
+
@@ -80,7 +83,10 @@
/usr/lib/cups/backend/bluetooth ixr,
/usr/lib/cups/backend/dnssd ixr,
@@ -45,13 +46,14 @@
/usr/lib/cups/backend/lpd ixr,
/usr/lib/cups/backend/parallel ixr,
/usr/lib/cups/backend/serial ixr,
-@@ -92,7 +98,12 @@
+@@ -92,7 +98,13 @@
/usr/lib/cups/backend/cups-pdf Px,
# third party backends get no restrictions as they often need high
# privileges and this is beyond our control
- /usr/lib/cups/backend/* Cx -> third_party,
+ # Due to Tails#9963 we hard-code the third-party backends we ship:
+ # /usr/lib/cups/backend/* Cx -> third_party,
++ /usr/lib/cups/backend/beh Cx -> third_party,
+ /usr/lib/cups/backend/gutenprint52+usb Cx -> third_party,
+ /usr/lib/cups/backend/hp Cx -> third_party,
+ /usr/lib/cups/backend/hpfax Cx -> third_party,
@@ -59,17 +61,21 @@
/usr/lib/cups/cgi-bin/* ixr,
/usr/lib/cups/daemon/* ixr,
-@@ -119,6 +130,9 @@
+@@ -117,8 +129,13 @@
+ /var/cache/cups/** rwk,
+ /var/log/cups/ rw,
/var/log/cups/* rw,
++ /var/spool/ rwk,
/var/spool/cups/ rw,
/var/spool/cups/** rw,
+ /var/cache/.wh..wh.cups.*/ rw,
+ /var/log/.wh..wh.cups.*/ rw,
+ /var/spool/.wh..wh.cups.*/ rw,
++ /var/.wh..wh.spool.*/ rw,
# third-party printer drivers; no known structure here
/opt/** rix,
-@@ -131,7 +145,7 @@
+@@ -131,7 +148,7 @@
/etc/krb5.conf r,
deny /etc/krb5.conf w,
/etc/krb5.keytab rk,
@@ -78,22 +84,12 @@
/tmp/krb5cc* k,
# likewise authentication
-@@ -141,7 +155,7 @@
- # silence noise
- deny /etc/udev/udev.conf r,
-
-- profile third_party {
-+ profile third_party flags=(attach_disconnected) {
- # third party backends, filters, and drivers get relatively no restrictions
- # as they often need high privileges, are unpredictable or otherwise beyond
- # our control
-@@ -178,7 +192,7 @@
- /bin/bash ixr,
- /bin/cp ixr,
+@@ -184,7 +201,7 @@
+ /{usr/,}bin/bash ixr,
+ /{usr/,}bin/cp ixr,
/etc/papersize r,
- /etc/cups/cups-pdf.conf r,
+ @{etccups}/cups-pdf.conf r,
@{HOME}/PDF/ rw,
@{HOME}/PDF/* rw,
/usr/bin/gs ixr,
-
diff --git a/config/chroot_local-patches/apparmor-adjust-gst_plugin_scanner-profile.diff b/config/chroot_local-patches/apparmor-adjust-gst_plugin_scanner-profile.diff
new file mode 100644
index 0000000..0522123
--- /dev/null
+++ b/config/chroot_local-patches/apparmor-adjust-gst_plugin_scanner-profile.diff
@@ -0,0 +1,10 @@
+--- a/etc/apparmor.d/gst_plugin_scanner
++++ b/etc/apparmor.d/gst_plugin_scanner
+@@ -18,6 +18,7 @@ profile gst_plugin_scanner {
+
+ /usr/lib/frei0r-[0-9]/*.so m,
+ # /usr/lib/@{multiarch}/dri/** mr,
++ /usr/lib/@{multiarch}/gstreamer[0-9].[0-9]/gstreamer-[0-9].[0-9]/gst-plugin-scanner mr,
+ /usr/lib/@{multiarch}/libproxy/*/modules/*.so mr,
+ /usr/lib/@{multiarch}/libvisual-[0-9].[0-9]/*/*.so m,
+ }
diff --git a/config/chroot_local-patches/apparmor-adjust-haveged-profile.diff b/config/chroot_local-patches/apparmor-adjust-haveged-profile.diff
new file mode 100644
index 0000000..b67501c
--- /dev/null
+++ b/config/chroot_local-patches/apparmor-adjust-haveged-profile.diff
@@ -0,0 +1,12 @@
+--- a/etc/apparmor.d/usr.sbin.haveged 2016-06-30 08:01:05.000000000 +0000
++++ b/etc/apparmor.d/usr.sbin.haveged 2016-08-23 10:34:08.688000000 +0000
+@@ -1,7 +1,7 @@
+ # Last Modified: Fri Aug 21 15:23:17 2015
+ #include <tunables/global>
+
+-/usr/sbin/haveged {
++/usr/sbin/haveged flags=(attach_disconnected) {
+ #include <abstractions/base>
+
+ # Required for ioctl RNDADDENTROPY
+
diff --git a/config/chroot_local-patches/apparmor-adjust-totem-profile.diff b/config/chroot_local-patches/apparmor-adjust-totem-profile.diff
index f7d177f..c3bd4c4 100644
--- a/config/chroot_local-patches/apparmor-adjust-totem-profile.diff
+++ b/config/chroot_local-patches/apparmor-adjust-totem-profile.diff
@@ -1,12 +1,13 @@
---- a/etc/apparmor.d.orig/abstractions/totem 2014-08-28 15:51:48.000000000 +0000
-+++ b/etc/apparmor.d/abstractions/totem 2016-12-04 16:46:57.160470997 +0000
-@@ -30,6 +30,19 @@
+diff -Naur a/etc/apparmor.d/abstractions/totem b/etc/apparmor.d/abstractions/totem
+--- a/etc/apparmor.d/abstractions/totem 2016-07-29 08:50:17.000000000 +0000
++++ b/etc/apparmor.d/abstractions/totem 2016-11-18 10:42:07.902658411 +0000
+@@ -30,13 +30,26 @@
- /usr/lib/@{multiarch}/gstreamer[0-9].[0-9]/gstreamer-[0-9].[0-9]/gst-plugin-scanner Cix -> gst_plugin_scanner,
+ /usr/lib/@{multiarch}/gstreamer[0-9]*.[0-9]*/gstreamer-[0-9]*.[0-9]*/gst-plugin-scanner Cix -> gst_plugin_scanner,
- owner @{HOME}/.cache/tracker/meta.db k,
- owner @{HOME}/.cache/tracker/meta.db-shm k,
-- owner @{HOME}/.local/share/grilo-plugins/*.db k,
+- owner @{HOME}/.local/share/grilo-plugins/*.db{,-shm} k,
+ owner @{HOME}/.cache/gstreamer-[0-9]*.[0-9]*/ rw,
+ owner @{HOME}/.cache/gstreamer-[0-9]*.[0-9]*/registry.*.bin rw,
+ owner @{HOME}/.cache/gstreamer-[0-9]*.[0-9]*/registry.*.bin.tmp* rw,
@@ -22,11 +23,18 @@
+ owner @{HOME}/.local/share/grilo-plugins/*.db{,-shm,-journal,-wal} rwk,
+ owner @{HOME}/.local/share/gvfs-metadata/** r,
+ owner @{HOME}/.local/share/totem/ rwk,
-+
-diff -Naur etc/apparmor.d.orig/usr.bin.totem etc/apparmor.d/usr.bin.totem
---- a/etc/apparmor.d.orig/usr.bin.totem 2015-11-14 13:39:59.000000000 +0000
-+++ b/etc/apparmor.d/usr.bin.totem 2016-12-04 16:52:51.944799445 +0000
-@@ -6,19 +6,24 @@
+
+ owner @{PROC}/@{pid}/status r,
+
+ /run/udev/data/c* r,
+ /run/udev/data/+drm:card* r,
++ /run/udev/data/+usb* r,
+
+ /sys/devices/system/node/*/meminfo r,
+diff -Naur a/etc/apparmor.d/usr.bin.totem b/etc/apparmor.d/usr.bin.totem
+--- a/etc/apparmor.d/usr.bin.totem 2016-07-29 08:50:17.000000000 +0000
++++ b/etc/apparmor.d/usr.bin.totem 2016-11-18 10:42:07.902658411 +0000
+@@ -6,6 +6,7 @@
/usr/bin/totem {
#include <abstractions/audio>
#include <abstractions/dconf>
@@ -34,13 +42,11 @@ diff -Naur etc/apparmor.d.orig/usr.bin.totem etc/apparmor.d/usr.bin.totem
#include <abstractions/python>
#include <abstractions/totem>
-+ # We wrap Totem to run it with torsocks
-+ /etc/tor/torsocks.conf r,
-+
- # Maybe in an abstraction?
- /usr/include/**/pyconfig.h r,
+@@ -14,12 +15,14 @@
/usr/bin/totem r,
+ /usr/bin/totem-video-thumbnailer Pix,
++ /usr/lib/@{multiarch}/libtotem-plparser[0-9]*/totem-pl-parser/* ix,
/dev/sr* r,
- # Allow read and write on anything in @{HOME}. Lenient, but
@@ -53,10 +59,10 @@ diff -Naur etc/apparmor.d.orig/usr.bin.totem etc/apparmor.d/usr.bin.totem
owner /{,var/}run/user/*/dconf/user w,
owner /{,var/}run/user/*/at-spi2-*/ rw,
-diff -Naur etc/apparmor.d.orig/usr.bin.totem-previewers etc/apparmor.d/usr.bin.totem-previewers
---- a/etc/apparmor.d.orig/usr.bin.totem-previewers 2014-10-14 23:22:57.000000000 +0000
-+++ b/etc/apparmor.d/usr.bin.totem-previewers 2016-12-04 16:50:31.818740913 +0000
-@@ -6,10 +6,11 @@
+diff -Naur a/etc/apparmor.d/usr.bin.totem-previewers b/etc/apparmor.d/usr.bin.totem-previewers
+--- a/etc/apparmor.d/usr.bin.totem-previewers 2016-07-29 08:50:17.000000000 +0000
++++ b/etc/apparmor.d/usr.bin.totem-previewers 2016-11-18 10:43:59.736805950 +0000
+@@ -6,16 +6,17 @@
/usr/bin/totem-video-thumbnailer {
#include <abstractions/totem>
@@ -70,7 +76,14 @@ diff -Naur etc/apparmor.d.orig/usr.bin.totem-previewers etc/apparmor.d/usr.bin.t
# Not needed by nautilus, but maybe other applications
owner /**.[pP][nN][gG] w,
-@@ -26,7 +27,8 @@
+ owner /**.[jJ][pP]{,[eE]}[gG] w,
+
+- /usr/bin/totem-video-thumbnailer r,
++ /usr/bin/totem-video-thumbnailer rm,
+
+ # Site-specific additions and overrides. See local/README for details.
+ #include <local/usr.bin.totem-previewers>
+@@ -28,7 +29,8 @@
# Allow read on anything in @{HOME}. Lenient, but private-files-strict is in
# effect.
#include <abstractions/private-files-strict>
@@ -80,4 +93,3 @@ diff -Naur etc/apparmor.d.orig/usr.bin.totem-previewers etc/apparmor.d/usr.bin.t
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.bin.totem-previewers>
-
diff --git a/config/chroot_local-patches/apparmor-alias-dot-d.diff b/config/chroot_local-patches/apparmor-alias-dot-d.diff
new file mode 100644
index 0000000..7648ae2
--- /dev/null
+++ b/config/chroot_local-patches/apparmor-alias-dot-d.diff
@@ -0,0 +1,9 @@
+--- a/etc/apparmor.d.orig/tunables/alias 2016-12-17 11:25:27.000000000 +0000
++++ b/etc/apparmor.d/tunables/alias 2017-01-02 20:47:35.987919057 +0000
+@@ -14,3 +14,5 @@
+ #
+ # Or if mysql databases are stored in /home:
+ # alias /var/lib/mysql/ -> /home/mysql/,
++
++#include <tunables/alias.d>
+
diff --git a/config/chroot_local-patches/apparmor-aliases.diff b/config/chroot_local-patches/apparmor-aliases.diff
index 2d0cef0..4ec08e7 100644
--- a/config/chroot_local-patches/apparmor-aliases.diff
+++ b/config/chroot_local-patches/apparmor-aliases.diff
@@ -1,33 +1,35 @@
---- a/etc/apparmor.d.orig/abstractions/base 2013-07-10 22:05:57.000000000 +0000
-+++ b/etc/apparmor.d/abstractions/base 2015-06-03 18:11:08.402380000 +0000
-@@ -47,17 +47,19 @@
- # available everywhere
- /etc/ld.so.cache mr,
- /lib{,32,64}/ld{,32,64}-*.so mrix,
-- /lib{,32,64}/**/ld{,32,64}-*.so mrix,
-+ /lib{32,64}/**/ld{,32,64}-*.so mrix,
-+ /lib/{[^l],l[^i],li[^v],liv[^e],live[^/]}**/ld{,32,64}-*.so mrix,
- /lib/@{multiarch}/ld{,32,64}-*.so mrix,
- /lib/tls/i686/{cmov,nosegneg}/ld-*.so mrix,
- /lib/i386-linux-gnu/tls/i686/{cmov,nosegneg}/ld-*.so mrix,
- /opt/*-linux-uclibc/lib/ld-uClibc*so* mrix,
+diff -Naur etc/apparmor.d.orig/abstractions/base etc/apparmor.d/abstractions/base
+--- a/etc/apparmor.d.orig/abstractions/base 2016-12-02 11:00:00.000000000 +0000
++++ b/etc/apparmor.d/abstractions/base 2016-12-08 09:09:12.588982953 +0000
+@@ -26,6 +26,7 @@
+ /etc/locale/** r,
+ /etc/locale.alias r,
+ /etc/localtime r,
++ /etc/tor/torsocks.conf r,
+ /etc/writable/localtime r,
+ /usr/share/locale-bundle/** r,
+ /usr/share/locale-langpack/** r,
+@@ -56,10 +57,12 @@
+ /opt/*-linux-uclibc/lib/ld-uClibc*so* mr,
# we might as well allow everything to use common libraries
-- /lib{,32,64}/** r,
-+ /lib{32,64}/** r,
-+ /lib/{[^l],l[^i],li[^v],liv[^e],live[^/]}** r,
- /lib{,32,64}/lib*.so* mr,
-- /lib{,32,64}/**/lib*.so* mr,
-- /lib/@{multiarch}/** r,
-+ /lib/{[^l],l[^i],li[^v],liv[^e],live[^/]}**/lib*.so* mr,
-+ /lib/@{multiarch}/{[^l],l[^i],li[^v],liv[^e],live[^/]}** r,
- /lib/@{multiarch}/lib*.so* mr,
- /lib/@{multiarch}/**/lib*.so* mr,
- /usr/lib{,32,64}/** r,
+- /{usr/,}lib{,32,64}/** r,
+- /{usr/,}lib{,32,64}/lib*.so* mr,
+- /{usr/,}lib{,32,64}/**/lib*.so* mr,
+- /{usr/,}lib/@{multiarch}/** r,
++ /{usr/,}lib{32,64}/** r,
++ /{usr/,}lib/{[^l],l[^i],li[^v],liv[^e],live[^/]}** r,
++ /{usr/,}lib{,32,64}/lib*.so* mr,
++ /{usr/,}lib{32,64}/**/lib*.so* mr,
++ /{usr/,}lib/{[^l],l[^i],li[^v],liv[^e],live[^/]}**/lib*.so* mr,
++ /{usr/,}lib/@{multiarch}/{[^l],l[^i],li[^v],liv[^e],live[^/]}** r,
+ /{usr/,}lib/@{multiarch}/lib*.so* mr,
+ /{usr/,}lib/@{multiarch}/**/lib*.so* mr,
+ /{usr/,}lib/tls/i686/{cmov,nosegneg}/lib*.so* mr,
diff -Naur '--exclude=cache' /etc/apparmor.d.orig/abstractions/ubuntu-helpers /etc/apparmor.d/abstractions/ubuntu-helpers
--- a/etc/apparmor.d.orig/abstractions/ubuntu-helpers 2013-07-10 22:05:57.000000000 +0000
+++ b/etc/apparmor.d/abstractions/ubuntu-helpers 2015-06-03 18:16:42.022380000 +0000
-@@ -63,8 +63,8 @@
+@@ -64,8 +64,8 @@
# in limited libraries so glibc's secure execution should be enough to not
# require the santized_helper (ie, LD_PRELOAD will only use standard system
# paths (man ld.so)).
@@ -38,7 +40,7 @@ diff -Naur '--exclude=cache' /etc/apparmor.d.orig/abstractions/ubuntu-helpers /e
/opt/google/chrome/chrome-sandbox PUxr,
/opt/google/chrome/google-chrome Pixr,
/opt/google/chrome/chrome Pixr,
-@@ -73,7 +73,8 @@
+@@ -74,7 +74,8 @@
# Full access
/ r,
/** rwkl,
@@ -48,15 +50,3 @@ diff -Naur '--exclude=cache' /etc/apparmor.d.orig/abstractions/ubuntu-helpers /e
# Dangerous files
audit deny owner /**/* m, # compiled libraries
-diff -Naur '--exclude=cache' /etc/apparmor.d.orig/tunables/alias /etc/apparmor.d/tunables/alias
---- a/etc/apparmor.d.orig/tunables/alias 2013-07-10 22:05:57.000000000 +0000
-+++ b/etc/apparmor.d/tunables/alias 2015-06-03 18:12:46.426380000 +0000
-@@ -14,3 +14,7 @@
- #
- # Or if mysql databases are stored in /home:
- # alias /var/lib/mysql/ -> /home/mysql/,
-+
-+alias / -> /lib/live/mount/overlay/,
-+alias / -> /lib/live/mount/rootfs/*.squashfs/,
-+
-
diff --git a/config/chroot_local-patches/dhcp-dont-send-hostname.diff b/config/chroot_local-patches/dhcp-dont-send-hostname.diff
index b1b0514..c1360dc 100644
--- a/config/chroot_local-patches/dhcp-dont-send-hostname.diff
+++ b/config/chroot_local-patches/dhcp-dont-send-hostname.diff
@@ -1,13 +1,14 @@
diff -Naur orig/etc/dhcp/dhclient.conf new/etc/dhcp/dhclient.conf
--- orig/etc/dhcp/dhclient.conf 2014-07-31 22:31:11.363605131 +0200
+++ new/etc/dhcp/dhclient.conf 2014-07-31 22:31:43.535349519 +0200
-@@ -14,7 +14,8 @@
+@@ -12,7 +12,8 @@
+
option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;
- #send host-name "andare.fugue.com";
-send host-name = gethostname();
+#send host-name = gethostname();
+supersede host-name "amnesia";
- #send dhcp-client-identifier 1:0:a0:24:ab:fb:9c;
- #send dhcp-lease-time 3600;
- #supersede domain-name "fugue.com home.vix.com";
+ request subnet-mask, broadcast-address, time-offset, routers,
+ domain-name, domain-name-servers, domain-search, host-name,
+ dhcp6.name-servers, dhcp6.domain-search, dhcp6.fqdn, dhcp6.sntp-servers,
+
diff --git a/config/chroot_local-patches/disable-laptop-mode-auto-modules.patch b/config/chroot_local-patches/disable-laptop-mode-auto-modules.patch
deleted file mode 100644
index 35cd560..0000000
--- a/config/chroot_local-patches/disable-laptop-mode-auto-modules.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- chroot.orig/etc/laptop-mode/laptop-mode.conf 2011-11-05 08:32:48.000000000 +0000
-+++ chroot/etc/laptop-mode/laptop-mode.conf 2012-04-04 15:02:15.440000039 +0000
-@@ -131,7 +131,7 @@
- # NOTE: You can explicitly enable/disable any of the above modules by changing their
- # values in the individual settings file
- #
--ENABLE_AUTO_MODULES=1
-+ENABLE_AUTO_MODULES=0
-
-
-
diff --git a/config/chroot_local-patches/do-not-modify-hardware-clock.diff b/config/chroot_local-patches/do-not-modify-hardware-clock.diff
index 588fffa..0b03d4d 100644
--- a/config/chroot_local-patches/do-not-modify-hardware-clock.diff
+++ b/config/chroot_local-patches/do-not-modify-hardware-clock.diff
@@ -1,12 +1,11 @@
---- a/etc/init.d/hwclock.sh 2015-05-16 10:47:58.445109125 +0000
-+++ b/etc/init.d/hwclock.sh 2015-05-16 10:48:20.140450601 +0000
-@@ -26,7 +26,7 @@
+--- a/etc/init.d/hwclock.sh 2016-02-05 23:48:03.195563001 +0000
++++ b/etc/init.d/hwclock.sh 2016-02-06 12:52:03.307563701 +0000
+@@ -22,7 +22,7 @@
# Should-Stop: umountfs
# Default-Start: S
# X-Start-Before: checkroot
-# Default-Stop: 0 6
+# Default-Stop:
+ # Short-Description: Sync hardware and system clock time.
### END INIT INFO
- # These defaults are user-overridable in /etc/default/hwclock
-
diff --git a/config/chroot_local-patches/do_not_save_mixer_levels_on_shutdown.diff b/config/chroot_local-patches/do_not_save_mixer_levels_on_shutdown.diff
deleted file mode 100644
index ee279a3..0000000
--- a/config/chroot_local-patches/do_not_save_mixer_levels_on_shutdown.diff
+++ /dev/null
@@ -1,7 +0,0 @@
-Tails specific: we are amnesic, no need to save mixer levels on shutdown.
-
---- chroot.orig/etc/init.d/alsa-utils 2012-09-24 10:05:12.749039812 +0200
-+++ chroot/etc/init.d/alsa-utils 2012-09-24 10:47:23.717869294 +0200
-@@ -10,1 +10,1 @@
--# Default-Stop: 0 1 6
-+# Default-Stop:
diff --git a/config/chroot_local-patches/improve-window-list-styling.diff b/config/chroot_local-patches/improve-window-list-styling.diff
new file mode 100644
index 0000000..ceeaf11
--- /dev/null
+++ b/config/chroot_local-patches/improve-window-list-styling.diff
@@ -0,0 +1,71 @@
+From 0bdd6c7b9b8163a9f861416b9c3d0f1f210f150c Mon Sep 17 00:00:00 2001
+From: Alan T <alan@boum.org>
+Date: Tue, 14 Feb 2017 20:09:55 +0000
+Subject: [PATCH 2/3] Adapt window-list theme to match recent gnome-shell
+Forwarded: https://bugzilla.gnome.org/show_bug.cgi?id=778629
+
+---
+ extensions/window-list/stylesheet.css | 27 +++++----------------------
+ 1 file changed, 5 insertions(+), 22 deletions(-)
+
+diff --git a/extensions/window-list/stylesheet.css b/extensions/window-list/stylesheet.css
+index f5285cb..6406aa9 100644
+--- a/usr/share/gnome-shell/extensions/window-list@gnome-shell-extensions.gcampax.github.com/stylesheet.css
++++ b/usr/share/gnome-shell/extensions/window-list@gnome-shell-extensions.gcampax.github.com/stylesheet.css
+@@ -11,7 +11,8 @@
+ }
+
+ .window-button {
+- padding: 1px;
++ padding: 0;
++ color: #CCC;
+ }
+
+ .window-button:first-child:ltr {
+@@ -29,40 +30,22 @@
+ .window-button > StWidget {
+ -st-natural-width: 18.75em;
+ max-width: 18.75em;
+- color: #bbb;
+- background-color: black;
+- border-radius: 4px;
+ padding: 3px 6px 1px;
+- box-shadow: inset 1px 1px 4px rgba(255,255,255,0.5);
+- text-shadow: 1px 1px 4px rgba(0,0,0,0.8);
+ }
+
+ .window-button:hover > StWidget {
+ color: white;
+- background-color: #1f1f1f;
+-}
+-
+-.window-button:active > StWidget,
+-.window-button:focus > StWidget {
+- box-shadow: inset 2px 2px 4px rgba(255,255,255,0.5);
+ }
+
+ .window-button.focused > StWidget {
+ color: white;
+- box-shadow: inset 1px 1px 4px rgba(255,255,255,0.7);
+-}
+-
+-.window-button.focused:active > StWidget {
+- box-shadow: inset 2px 2px 4px rgba(255,255,255,0.7);
++ background-color: rgba(0, 0, 0, 0.01);
++ box-shadow: inset 0 2px 0px #256ab1;
+ }
+
+ .window-button.minimized > StWidget {
+ color: #666;
+- box-shadow: inset -1px -1px 4px rgba(255,255,255,0.5);
+-}
+-
+-.window-button.minimized:active > StWidget {
+- box-shadow: inset -2px -2px 4px rgba(255,255,255,0.5);
++ font-weight: bold;
+ }
+
+ .window-button-icon {
+--
+2.11.0
+
diff --git a/config/chroot_local-patches/include-all-amd64-microcodes.diff b/config/chroot_local-patches/include-all-amd64-microcodes.diff
index 863dbf8..e8e9408 100644
--- a/config/chroot_local-patches/include-all-amd64-microcodes.diff
+++ b/config/chroot_local-patches/include-all-amd64-microcodes.diff
@@ -1,8 +1,8 @@
---- a/etc/default/amd64-microcode 2016-03-19 17:35:05.000000000 +0000
-+++ b/etc/default/amd64-microcode 2016-11-26 13:49:29.407916760 +0000
-@@ -12,5 +12,5 @@
- # It will be implemented in version 3, at which point "yes" will alias
- # to "early", and only "early microcode updates" will be supported.
+--- a/etc/default/amd64-microcode.orig 2016-11-21 17:10:46.318154305 +0100
++++ b/etc/default/amd64-microcode 2016-11-21 17:10:59.514253779 +0100
+@@ -9,5 +9,5 @@
+ # Set this to "early" to always install microcode updates to the early initramfs
+ # Set this to "auto" to autodetect mode for current system (default);
#
-#AMD64UCODE_INITRAMFS=auto
+AMD64UCODE_INITRAMFS=early
diff --git a/config/chroot_local-patches/keep_haveged_on_shutdown.diff b/config/chroot_local-patches/keep_haveged_on_shutdown.diff
deleted file mode 100644
index aa15ff7..0000000
--- a/config/chroot_local-patches/keep_haveged_on_shutdown.diff
+++ /dev/null
@@ -1,7 +0,0 @@
-Tails specific: no need to stop properly on shutdown.
-
---- chroot.orig/etc/init.d/haveged 2012-09-24 10:05:12.829042105 +0200
-+++ chroot/etc/init.d/haveged 2012-09-24 10:47:23.717869294 +0200
-@@ -9,1 +9,1 @@
--# Default-Stop: 0 1 6
-+# Default-Stop:
diff --git a/config/chroot_local-patches/keep_laptop-mode_on_shutdown.diff b/config/chroot_local-patches/keep_laptop-mode_on_shutdown.diff
deleted file mode 100644
index e3e7047..0000000
--- a/config/chroot_local-patches/keep_laptop-mode_on_shutdown.diff
+++ /dev/null
@@ -1,14 +0,0 @@
-Tails specific: no need to stop properly on shutdown: we are amnesic.
-
---- chroot.orig/etc/init.d/laptop-mode 2012-09-24 10:05:13.073049110 +0200
-+++ chroot/etc/init.d/laptop-mode 2012-09-24 10:47:23.717869294 +0200
-@@ -11,7 +11,7 @@
- # Required-Start: $remote_fs
- # Required-Stop: $remote_fs
- # Default-Start: 2 3 4 5
--# Default-Stop: 0 1 6
-+# Default-Stop:
- # Short-Description: Enable laptop-mode-tools power management functions
- # Description: Enable laptop-mode-tools power management functions
- ### END INIT INFO
-
diff --git a/config/chroot_local-patches/keep_memlockd_on_shutdown.diff b/config/chroot_local-patches/keep_memlockd_on_shutdown.diff
deleted file mode 100644
index fcf6fc0..0000000
--- a/config/chroot_local-patches/keep_memlockd_on_shutdown.diff
+++ /dev/null
@@ -1,11 +0,0 @@
-Tails specific: do not stop memlockd on shutdown to keep files needed
-by tails-kexec properly loaded in memory.
-
---- chroot.orig/etc/init.d/memlockd 2012-09-24 10:05:13.085049457 +0200
-+++ chroot/etc/init.d/memlockd 2012-09-24 10:03:30.638108333 +0200
-@@ -5,3 +5,3 @@
--# Required-Stop: $remote_fs $syslog
-+# Required-Stop:
- # Default-Start: 2 3 4 5
--# Default-Stop: 0 1 6
-+# Default-Stop:
diff --git a/config/chroot_local-patches/keep_saned_on_shutdown.diff b/config/chroot_local-patches/keep_saned_on_shutdown.diff
deleted file mode 100644
index b279643..0000000
--- a/config/chroot_local-patches/keep_saned_on_shutdown.diff
+++ /dev/null
@@ -1,7 +0,0 @@
-Tails specific: no need to stop properly on shutdown, we are amnesic.
-
---- chroot.orig/etc/init.d/saned 2012-09-24 10:05:13.297055555 +0200
-+++ chroot/etc/init.d/saned 2012-09-24 10:47:23.717869294 +0200
-@@ -10,1 +10,1 @@
--# Default-Stop: 0 1 6
-+# Default-Stop:
diff --git a/config/chroot_local-patches/keep_spice-vdagent_on_shutdown.diff b/config/chroot_local-patches/keep_spice-vdagent_on_shutdown.diff
deleted file mode 100644
index 605e1e9..0000000
--- a/config/chroot_local-patches/keep_spice-vdagent_on_shutdown.diff
+++ /dev/null
@@ -1,7 +0,0 @@
-Tails specific: no need to stop properly on shutdown.
-
---- chroot.orig/etc/init.d/spice-vdagent 2012-09-24 10:05:13.305055765 +0200
-+++ chroot/etc/init.d/spice-vdagent 2012-09-24 10:47:23.717869294 +0200
-@@ -17,1 +17,1 @@
--# Default-Stop: 0 1 6
-+# Default-Stop:
diff --git a/config/chroot_local-patches/live-boot:_dont_mount_live_overlay_twice.patch b/config/chroot_local-patches/live-boot:_dont_mount_live_overlay_twice.patch
index 88a9e12..82c3d1c 100644
--- a/config/chroot_local-patches/live-boot:_dont_mount_live_overlay_twice.patch
+++ b/config/chroot_local-patches/live-boot:_dont_mount_live_overlay_twice.patch
@@ -2,7 +2,7 @@ diff --git a/scripts/boot/9990-overlay.sh b/scripts/boot/9990-overlay.sh
index 098111c..e1cfd15 100755
--- a/lib/live/boot/9990-overlay.sh
+++ b/lib/live/boot/9990-overlay.sh
-@@ -156,7 +156,7 @@ setup_unionfs ()
+@@ -136,7 +136,7 @@
# tmpfs file systems
touch /etc/fstab
mkdir -p /live/overlay
diff --git a/config/chroot_local-patches/remount_persistence_filesystem_readonly_on_shutdown.patch b/config/chroot_local-patches/remount_persistence_filesystem_readonly_on_shutdown.patch
index 6fcffef..c13de5a 100644
--- a/config/chroot_local-patches/remount_persistence_filesystem_readonly_on_shutdown.patch
+++ b/config/chroot_local-patches/remount_persistence_filesystem_readonly_on_shutdown.patch
@@ -2,7 +2,7 @@ diff --git a/bin/live-medium-cache b/bin/live-medium-cache
index f85b2b2..fec1496 100755
--- a/bin/live-medium-cache
+++ b/bin/live-medium-cache
-@@ -75,7 +75,7 @@
+@@ -74,7 +74,7 @@
mount -o remount,ro /lib/live/mount/overlay > /dev/null 2>&1
# Remounting any persistence devices read-only
diff --git a/config/chroot_local-patches/run_kexec-load_even_in_emergency_shutdown.diff b/config/chroot_local-patches/run_kexec-load_even_in_emergency_shutdown.diff
index 2de8efb..83e8114 100644
--- a/config/chroot_local-patches/run_kexec-load_even_in_emergency_shutdown.diff
+++ b/config/chroot_local-patches/run_kexec-load_even_in_emergency_shutdown.diff
@@ -1,17 +1,23 @@
--- a/etc/init.d/kexec-load 2014-12-01 20:23:12.826065938 +0100
+++ b/etc/init.d/kexec-load 2014-12-01 20:23:31.389572352 +0100
-@@ -101,14 +101,6 @@
+@@ -106,19 +106,6 @@
exit 3
;;
stop)
- # If running systemd, we want kexec reboot only if current
-- # command is reboot
+- # command is reboot. If not running systemd, check if
+- # runlevel has been changed to 6 which indicates we are
+- # rebooting
- if [ -d /run/systemd/system ]; then
-- systemctl list-jobs systemd-reboot.service | grep -q systemd-reboot.service
+- systemctl list-jobs systemd-kexec.service | grep -q systemd-kexec.service
- if [ $? -ne 0 ]; then
- exit 0
- fi
+- else if [ -x /sbin/runlevel -a "$(runlevel | awk '{ print $2 }')" != "6" ]; then
+- exit 0
+- fi
- fi
do_stop
;;
*)
+
diff --git a/config/chroot_local-patches/start_AppArmor_earlier.diff b/config/chroot_local-patches/start_AppArmor_earlier.diff
deleted file mode 100644
index 147e53f..0000000
--- a/config/chroot_local-patches/start_AppArmor_earlier.diff
+++ /dev/null
@@ -1,14 +0,0 @@
---- a/etc/init.d/apparmor 2014-11-26 13:28:03.932000000 +0000
-+++ b/etc/init.d/apparmor 2014-11-26 13:28:41.776000000 +0000
-@@ -24,9 +24,9 @@
- #
- ### BEGIN INIT INFO
- # Provides: apparmor
--# Required-Start: $remote_fs
-+# Required-Start:
- # Required-Stop: umountfs
--# Default-Start: S
-+# Default-Start: 2 3 4 5
- # Default-Stop:
- # Short-Description: AppArmor initialization
- # Description: AppArmor init script. This script loads all AppArmor profiles.
diff --git a/config/chroot_local-patches/unmute_alsa_channels.patch b/config/chroot_local-patches/unmute_alsa_channels.patch
deleted file mode 100644
index 11bcac3..0000000
--- a/config/chroot_local-patches/unmute_alsa_channels.patch
+++ /dev/null
@@ -1,12 +0,0 @@
---- chroot.orig/etc/init.d/alsa-utils 2010-10-04 18:14:10.000000000 +0000
-+++ chroot/etc/init.d/alsa-utils 2012-03-12 13:49:11.815997232 +0000
-@@ -206,4 +206,9 @@
- exit 3
- ;;
- esac
-+ # On MacBook5,2 models (See Bug#602973)
-+ unmute_and_set_level "LFE" "80%"
-+
-+ # On Intel 82801H (See Bug#603550)
-+ unmute_and_set_level "Speaker" "80%"
-
diff --git a/config/chroot_sources/jessie-backports.binary b/config/chroot_sources/jessie-backports.binary
deleted file mode 120000
index 1df23c8..0000000
--- a/config/chroot_sources/jessie-backports.binary
+++ /dev/null
@@ -1 +0,0 @@
-jessie-backports.chroot \ No newline at end of file
diff --git a/config/chroot_sources/jessie-backports.chroot b/config/chroot_sources/jessie-backports.chroot
deleted file mode 100644
index 60015be..0000000
--- a/config/chroot_sources/jessie-backports.chroot
+++ /dev/null
@@ -1 +0,0 @@
-deb http://ftp.us.debian.org/debian/ jessie-backports main contrib non-free
diff --git a/config/chroot_sources/jessie-proposed-updates.binary b/config/chroot_sources/jessie-proposed-updates.binary
deleted file mode 120000
index 0c471f4..0000000
--- a/config/chroot_sources/jessie-proposed-updates.binary
+++ /dev/null
@@ -1 +0,0 @@
-jessie-proposed-updates.chroot \ No newline at end of file
diff --git a/config/chroot_sources/jessie-proposed-updates.chroot b/config/chroot_sources/jessie-proposed-updates.chroot
deleted file mode 100644
index 009c96f..0000000
--- a/config/chroot_sources/jessie-proposed-updates.chroot
+++ /dev/null
@@ -1 +0,0 @@
-deb http://ftp.us.debian.org/debian/ jessie-proposed-updates main contrib non-free
diff --git a/config/chroot_sources/testing.binary b/config/chroot_sources/testing.binary
deleted file mode 120000
index dbddf7d..0000000
--- a/config/chroot_sources/testing.binary
+++ /dev/null
@@ -1 +0,0 @@
-testing.chroot \ No newline at end of file
diff --git a/config/chroot_sources/testing.chroot b/config/chroot_sources/testing.chroot
deleted file mode 100644
index 715bb6e..0000000
--- a/config/chroot_sources/testing.chroot
+++ /dev/null
@@ -1 +0,0 @@
-deb http://ftp.us.debian.org/debian/ stretch main contrib non-free
diff --git a/config/chroot_sources/torproject-obfs4proxy.binary b/config/chroot_sources/torproject-obfs4proxy.binary
deleted file mode 120000
index aba0273..0000000
--- a/config/chroot_sources/torproject-obfs4proxy.binary
+++ /dev/null
@@ -1 +0,0 @@
-torproject-obfs4proxy.chroot \ No newline at end of file
diff --git a/config/chroot_sources/torproject-obfs4proxy.chroot b/config/chroot_sources/torproject-obfs4proxy.chroot
deleted file mode 100644
index 59e3364..0000000
--- a/config/chroot_sources/torproject-obfs4proxy.chroot
+++ /dev/null
@@ -1 +0,0 @@
-deb http://deb.torproject.org/torproject.org obfs4proxy main
diff --git a/config/chroot_sources/torproject.chroot b/config/chroot_sources/torproject.chroot
index 5354da0..db47cbd 100644
--- a/config/chroot_sources/torproject.chroot
+++ b/config/chroot_sources/torproject.chroot
@@ -1,2 +1,2 @@
-deb http://deb.torproject.org/torproject.org jessie main
+deb http://deb.torproject.org/torproject.org stretch main
deb http://deb.torproject.org/torproject.org sid main
diff --git a/data/debootstrap/scripts/jessie.patch b/data/debootstrap/scripts/jessie.patch
index e4c9e4c..62c3975 100644
--- a/data/debootstrap/scripts/jessie.patch
+++ b/data/debootstrap/scripts/jessie.patch
@@ -6,6 +6,6 @@
info BASESUCCESS "Base system installed successfully."
+
+ # Tails-specific part:
-+ chroot $TARGET /usr/sbin/dpkg-divert --divert /usr/bin/apt-get.real --rename /usr/bin/apt-get
++ chroot $TARGET /usr/bin/dpkg-divert --divert /usr/bin/apt-get.real --rename /usr/bin/apt-get
+ cp -f %%topdir%%/data/wrappers/apt-get $TARGET/usr/bin/apt-get
}
diff --git a/debian/changelog b/debian/changelog
index 39c4e6f..7eda84b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,8 +1,72 @@
-tails (3.0) UNRELEASED; urgency=medium
+tails (3.0~rc1) UNRELEASED; urgency=medium
- * Dummy entry.
+ * Dummy entry for next release.
+
+ -- Tails developers <tails@boum.org> Wed, 19 Apr 2017 14:44:23 +0000
+
+tails (3.0~beta4) unstable; urgency=medium
+
+ * Major changes
+ - All changes brought by Tails 2.12.
+ - Upgrade to a new snapshot of the Debian and Torproject
+ APT repositories (2017041704).
+
+ * Security improvements
+ - Enable the buddy page allocator free poisoning (Closes: #12089).
+ - Enable slub/slab allocator free poisoning (Closes: #12090).
+ - Create IUKs (automatic upgrades) in a reproducible manner
+ (Closes: #11974).
- -- Tails developers <tails@boum.org> Fri, 07 Apr 2017 16:11:09 +0200
+ * Minor improvements
+ - Firewall: forbid the _apt user to talk to DNS ports. APT works very well
+ without DNS access since we only have Onion APT sources, so let's silence
+ the logs.
+ - Replace Pidgin's "systray" icon with the guifications plugin
+ (Closes: #11741). We're trying to remove as much as we can from
+ the set of icons managed by TopIcons extension flavours, in the hope
+ it's enough to cancel the problems we've seen with them (#10576, #11737).
+ - Disable apt-daily.timer, that can only cause problems in our context
+ (Closes: #12390).
+ - Do not let pppd-dns manage /etc/resolv.conf (Closes: #12401).
+ - Ensure rootless X.Org can access /dev/fb0 when started by GDM.
+ - Include the amdgpu module in the initramfs (refs: #12218).
+ - Tails Greeter: don't mention 'firewall' anymore (#12382).
+ - Tails Greeter: avoid the popover menu for Formats being cut,
+ in most cases (Closes: #12249).
+ - Tails Greeter: disable the screensaver (Closes: #12370).
+ - Tails Greeter: fix behavior when pressing Enter in the language selection
+ menu (Closes: #12359).
+
+ * Bugfixes
+ - Install speech-dispatcher-espeak-ng to fix the Orca screen reader
+ (Closes: #12389).
+ - Install xserver-xorg-video-intel and use it on a few graphics adapters
+ that are not supported correctly by the modesetting driver (refs: #12219).
+ More PCI IDs will be added as new affected hardware is reported.
+
+ * Test suite
+ - Run on a Q35 2.8 machine (Closes: #11605).
+ - Deprecate xtightvncviewer in favor of tigervnc-viewer.
+ - Test the Unsafe Browser in 3 random supported languages, not all.
+ This should be enough to identify most future regressions in this area,
+ and will be much faster than testing them all.
+ - Pidgin tests: switch to an image that doesn't depend on the
+ topic of tails@conference.riseup.net.
+ - Fix a problematic use of try_for.
+ - Fix VM.select_virtual_desktop() and VM.do_focus().
+ - Random Gherkin improvements.
+ - Fix a focus issue for GNOME Terminal vs. Tails Installer.
+ - Adjust to kernel memory poisoning being enabled, which breaks the way
+ we used to test memory erasure (refs: #12354):
+ · Drop "no memory erasure" and "memory erasure" tests, that can't work
+ anymore.
+ · Test erasure of memory freed by a killed userspace process.
+ · Test that memory poisoning applies to unmounted tmpfs.
+ · Test that memory poisoning applies to read and write cache
+ for unmounted vfat and LUKS-encrypted ext4.
+ · Run erase_memory a bit later, it requires less disk space nowadays.
+
+ -- Tails developers <tails@boum.org> Tue, 18 Apr 2017 13:01:25 +0000
tails (2.12.1) UNRELEASED; urgency=medium
@@ -107,6 +171,112 @@ tails (2.12) unstable; urgency=medium
-- Tails developers <tails@boum.org> Tue, 18 Apr 2017 17:41:46 +0200
+tails (3.0~beta3) unstable; urgency=medium
+
+ * Major new features and changes
+ - Make the "Formats" settings in Tails Greeter take effect (Closes: #12079,
+ new feature that was broken since it was introduced in 3.0~alpha1).
+ - Upgrade to a new snapshot of the Debian and Torproject
+ APT repositories (2017031702).
+
+ * Removed features
+ - Stop including I2P: we decided (#11276) to remove I2P, due to our failure
+ at finding someone to maintain it in Tails (Closes: #12263).
+
+ * Security fixes
+ - Upgrade MAT to 0.6.1-4: fixes silent failure of the Nautilus
+ contextual menu extension.
+ - Ensure /etc/resolv.conf is owned by root:root in the SquashFS
+ (Closes: #12343).
+ - Protect against CVE-2017-2636 by disabling the n-hdlc kernel module
+ (Closes: #12315).
+
+ * Minor improvements
+ - Reintroduce the X11 guest utilities for VirtualBox (regression
+ introduced in 3.0~beta2).
+ - Upgrade X.Org server and the modesetting driver (hopefully helps
+ fixing #12219).
+ - Automate the migration from KeePassX databases generated on Tails 2.x
+ to the format required by KeePassX 2.0.x (Closes: #10956, #12369).
+ - Add keyboard shortcuts in Tails Greeter (Closes: #12186, #12063).
+ - Install dbus-user-session (regression introduced in 3.0~beta2).
+ - Manage temporary directories in a declarative way (tmpfiles.d).
+ - Replace references to the /var/run compatibility symlink
+ with the canonical /run.
+ - Update our Torbirdy patchset to the latest one sent upstream.
+ - Install mesa-utils, so that Qt 5 can detect whether software based
+ rendering is needed.
+ - Have Tails Greeter honor the "debug" kernel command-line option,
+ for easier debugging (Closes: #12373).
+ - Refactor Tails Greeter to reduce code duplication (Closes: #12247).
+
+ * Bugfixes
+ - Fix sizing of zenity dialogs (Closes: #12313, regression introduced
+ in 3.0~alpha1).
+ - Fix confusing, spurious error messages in command-line applications
+ wrapped with torsocks:
+ · Ship a /etc/mailname file with content "localhost".
+ Otherwise something (Git? libc6?) tries to resolve the "amnesia" host
+ name, which fails, and a confusing error message is displayed
+ (Closes: #12205, regression introduced in 3.0~alpha1).
+ · Have torsocks allow UDP connections to the loopback interface,
+ with AllowOutboundLocalhost 2 (Closes: #11736).
+
+ * Test suite
+ - Improve debugging info logging for PacketFu parsing issues,
+ and implement a plausible fix (refs: #11508).
+ - Try to make "double-click on desktop launcher" more reliable.
+ - Fix selection of ISO in Tails Installer.
+ - Re-enable the GnuPG tests that require a keyserver, pointing them
+ to an Onion service we run on Chutney, that redirects all TCP traffic
+ to a real, clearnet keyserver (Closes: #12211).
+ - Implement a workaround for checking the configured keyserver in GnuPG,
+ until a better fix is implemented (refs: #12371).
+ - Fix the "Report an Error launcher" scenario in German.
+
+ * Build system
+ - Retry curl and APT operations up to 20 times to make the ISO build
+ more robust wrt. unreliable Internet connectivity.
+ Thanks to Arnaud <arnaud@preev.io> for the patch!
+ - Install ikiwiki from jessie-backports, instead of our patched one
+ (Closes: #12051).
+ - Clean up libdvd-pkg build files, again (Closes: #11273).
+ - Rakefile: fix TAILS_OFFLINE_BUILD exported variable name.
+ - Adjust apt-mirror to support branches based on feature/stretch
+ that don't use frozen APT snapshots.
+
+ -- Tails developers <tails@boum.org> Sun, 19 Mar 2017 15:10:28 +0100
+
+tails (3.0~beta2) unstable; urgency=medium
+
+ * All changes brought by Tails 2.11, except:
+ - the test suite changes, that are not all compatible with this branch;
+ - the "Tails 3.0 will require a 64-bit processor" notification:
+ this advance warning is not useful on a release series
+ that's 64-bit only.
+
+ * Major new features and changes
+ - Upgrade to a new snapshot of the Debian APT repositories (2017030802),
+ and of the Torproject ones (2017030801).
+ - Upgrade Linux to 4.9.0-2 (version 4.9.13-1).
+
+ * Minor improvements
+ - Improve GNOME Shell Window List styling. (Closes: #12233)
+
+ * Bugfixes
+ - Make it possible to start graphical applications in the Root Terminal.
+ (part of #12000)
+
+ * Test suite
+ - Improve robustness when dealing with notifications. (Closes: #11464)
+ - Bump timeout when waiting for 'Tor is ready' notification.
+ - Fix the incremental upgrade test.
+ - Drop a few obsolete test cases, update a number of images.
+ - Adapt firewall leak test to new DHCP source IP address.
+ - Adjust Seahorse and Enigmail tests to the keyserver that is now used.
+
+ -- Tails developers <tails@boum.org> Wed, 08 Mar 2017 16:29:44 +0000
+
tails (2.11) unstable; urgency=medium
* Security fixes
@@ -228,6 +398,119 @@ tails (2.11) unstable; urgency=medium
-- Tails developers <tails@boum.org> Mon, 06 Mar 2017 17:14:52 +0100
+tails (3.0~beta1) experimental; urgency=medium
+
+ * All changes brought by Tails 2.7.1, 2.9.1 and 2.10.
+
+ * Major new features and changes
+ - Redesigned Tails Greeter.
+ - Upgrade to a new snapshot (2017013002) of the Debian and Torproject
+ APT repositories.
+ - Upgrade Linux to 4.9.0-1.
+
+ * Security fixes
+ - Reject packets sent on the LAN to the NetBIOS name service
+ (Closes: #11944).
+ - Seahorse: use the Tor OnionBalance hidden service pool,
+ which provides transport encryption and authentication of the keyserver.
+
+ * Minor improvements
+ - Include adwaita-qt* and enable it by default, so that Qt applications
+ integrate nicely into a GNOME environment (Closes: #11790).
+ - Add support for the TREZOR hardware wallet in Electrum (Closes: #10964).
+ - AppArmor: allow all programs to read /etc/tor/torsocks.conf via
+ abstractions/base, to ease maintenance.
+ - Don't (try to) bind the Power button to the shutdown action
+ (Closes: #12004).
+ - Enable natural scrolling (Closes: #11969).
+ - Update uBlock Origin patterns + settings file.
+ - live-persist: remove Squeeze → Wheezy migration code.
+ - Update pre-existing persistent GnuPG configuration on login
+ (Closes: #12201).
+ - Upgrader: use the alpha channel when the next version will be an
+ alpha, beta, or RC. This will allow users of 3.0~betaN to upgrade to
+ the next beta or RC, without having to type any command-line
+ (Closes: #12206).
+
+ * Bugfixes
+ - Fix "upgrade from ISO" when run from a 32-bit system,
+ such as Tails 2.x (Closes: #11873).
+ - Fix ability to read videos over HTTPS with Totem (Closes: #11963).
+ - Re-introduce default directories in $HOME, which fixes
+ Spice file transfers (Closes: #11968).
+ - Re-enable tap-to-click (Closes: #11993).
+ - Lower systemd's DefaultTimeoutStopSec, to get rid of a long delay
+ before memory wiping starts. This also prevents shutdown from ever
+ being blocked by any buggy service that takes a while to stop
+ (Closes: #12061).
+ - Drop Jessie APT sources.
+ - Re-add VirtualBox DKMS modules.
+ - Fix GnuPG communication with keyservers, by using the Tor OnionBalance
+ hidden service pool (Closes: #12202).
+ - Fix Enigmail communication with keyservers, by teaching Torbirdy
+ not to break it (Closes: #11948):
+ · Patch Torbirdy to allow not breaking keyserver communication when
+ using GnuPG v2.1+, and to use a better default keyserver.
+ · Torbirdy: enable the new behaviour made possible by the aforementioned
+ patch (extensions.enigmail.already_torified).
+ · Torbirdy: drop our custom keyserver configuration, since the
+ aforementioned patch makes it the default.
+
+ * Removed features
+ - Don't install gnome-system-log anymore (Closes: #12133).
+ It's deprecated in GNOME, and mostly useless anyway as it's not
+ Journal-aware. It's replacement (gnome-logs) is not usable
+ enough in the context of Tails, and most users who can read logs
+ should manage to do it with journalctl, so don't install it either.
+ - Drop multiarch handling: Tails 3.0 will be amd64-only (Closes: #11961).
+
+ * Build system
+ - Disable eatmydata usage and caching: in current Stretch, debootstrap fails
+ if we use eatmydata + the operation mode picked by live-build when caching
+ is enabled (Closes: #12052).
+ - Bump disk space (and memory for in-RAM builds) requirements.
+ - Follow replacement of python-reportbug with python3-reportbug.
+ - Don't try to deinstall packages that are unknown on Stretch.
+ - Move AppArmor aliases to a dedicated file, and include it.
+ This will avoid maintaining these settings as a patch.
+ - Don't attempt to remove the usr.bin.chromium-browser AppArmor profile:
+ it's not shipped in Debian anymore.
+
+ * Test suite
+ - Add optional pause() notification (Closes: #12175).
+ - Make the remote shell's file operations robust (Closes: #11887).
+ - Update a number of test cases for Stretch, sometimes by converting
+ them to Dogtail.
+ - Drop usage and tests of read-only persistence.
+ We won't have this option anymore, and it's not even sure we'll
+ reintroduce it (Refs: #12093, Closes: #12055).
+ - Adjust CONFIGURED_KEYSERVER_HOSTNAME to match current settings.
+ - Test suite: clean up disks between features.
+
+ * Adjustments for Debian 9 (Stretch) with no or very little user-visible impact
+ - Adjust dpkg-divert path: it has moved.
+ - Replace xfonts-wqy with fonts-wqy-microhei + fonts-wqy-zenhei.
+ The former was removed from Debian testing, and the latter are recommended
+ by task-chinese-s-desktop and task-chinese-t-desktop.
+ - Install virtualbox* from sid.
+ It was removed from testing due to https://bugs.debian.org/794466.
+ - Drop deprecated settings from org/gnome/settings-daemon/plugins/power.
+ - Update settings name in org/gnome/desktop/peripherals/touchpad, and drop
+ deprecated ones.
+ - Adjust to changed Liferea's .desktop filename.
+ - Also torify Liferea when started via its (new) D-Bus service.
+ - Install hunspell-pt-br instead of hunspell-pt-pt.
+ Tor Browser 6.5 moved from pt-PT to pt-BR, which is fine vs
+ spellcheckers in Jessie since its hunspell-pt provides both -pt and
+ -br, but in Stretch they are separate packages.
+ - AppArmor: adjust usr.sbin.cupsd profile so it loads successfully
+ (Closes: #12116).
+ - Migrate from netstat to ss.
+ - Update extensions.enigmail.configuredVersion.
+ - Remove the jessie-proposed-updates APT sources.
+
+ -- Tails developers <tails@boum.org> Wed, 01 Feb 2017 19:23:03 +0000
+
tails (2.10) unstable; urgency=medium
* Major new features and changes
@@ -504,6 +787,243 @@ tails (2.7.1) unstable; urgency=medium
-- Tails developers <tails@boum.org> Wed, 30 Nov 2016 17:27:37 +0100
+tails (3.0~alpha1) experimental; urgency=medium
+
+ * Major new features and changes
+ - Upgrade to a snapshot of Debian 9 (Stretch) from 2016-11-15.
+ - Switch userpace from 32-bit to 64-bit (Closes: #8183), and accordingly:
+ · Memory erasure: drop the "one instance of sdmem per 2 GiB of RAM" tweak,
+ that is not needed on x86-64.
+ · Display a "sorry!" message when trying to boot on a 32-bit BIOS system
+ (refs: #11638).
+ - Switch GNOME Shell to its default black theme (Closes: #11789).
+
+ * Minor improvements
+ - Install the cirrus and modesetting X.Org drivers (Closes: #10962).
+ - Install the 'amdgpu' driver for the AMD Radeon cards (refs: #11850).
+ - Stop disabling kernel modesetting for QXL (refs: #11518).
+ - Replace TopIcons with gnome-shell-extension-top-icons-plus.
+ The former causes plenty of trouble and is apparently abandoned
+ upstream. The latter is actively maintained upstream, and packaged
+ in Debian. (refs: #10576)
+ - Use torsocks to torify Git, and drop tsocks entirely. tsocks has been
+ unmaintained for years in Debian, and was removed from testing
+ for a while (Closes: #10955).
+ - Replace Florence's "systray" icon with the Florence Indicator GNOME Shell
+ extension (refs: #8312). And then, don't automatically start Florence:
+ the Florence Indicator GNOME Shell extension will start it the first time
+ one tries to display it. This should save a tiny bit of RAM.
+ - Harden AppArmor Totem profiles.
+ - Switch to the Debian-packaged aufs kernel module (Closes: #11829).
+ - Configure the firewall to not allow root to connect to Tor at all,
+ which is possible now that APT uses a dedicated user for network
+ operations.
+ - Fix firewall startup during early boot, by referring to the "amnesia"
+ user via its UID (refs: #7018).
+ - Install hunspell dictionaries instead of myspell ones, for a few more
+ languages: Spanish, Italian, Portuguese and Russian. Only Farsi keeps
+ using a myspell dictionary for now.
+
+ * Removed features
+ - Stop installing BookletImposer PDF imposition toolkit.
+ It's unmaintained upstream and thus won't be part of Debian Stretch.
+ - Stop installing ekeyd: it's unmaintained, very rarely used, poorly
+ designed (dedicated daemon), and security sensitive (Closes: #7687).
+ - Stop shipping ttdnsd. It was only useful for developers and power-users
+ who can install it themselves as needed. It's been unmaintained upstream
+ for many years. It's very buggy so we had to remove it from the DNS
+ resolution loop years ago. It's not in Debian. And it's one of the only
+ two bits of Tails that still relied on tsocks, that is RC-buggy,
+ unmaintained in Debian, and not in Stretch at the moment. So it has
+ become clear that the cost of keeping ttdnsd now outweighs the benefits
+ it brought (refs: #10959).
+
+ * Build system
+ - Bump disk space (and memory for in-RAM builds) requirements.
+ - Support new live-config configuration directory naming, again and again.
+ - Use the lowest compression level for the SquashFS when compressing it
+ with gzip. This makes our development builds faster, and the resulting
+ ISO image only a little bit bigger (Closes: #9788).
+ - Configure initramfs compression later, to make the build faster.
+
+ * Test suite
+ - Various refactoring while we were at it.
+ - Port tests to Dogtail: installation, upgrade, notification detection,
+ Synaptic, Gobby, and some of Tor Browser.
+ - Workaround GNOME Shell being buggy for Dogtail (refs: #11718).
+ - Update a bunch of test suite images for Stretch.
+ - Mark created disk as temporary when we don't need to keep it around.
+ - Simplify adding NetworkManager connections, and rely more on the defaults.
+ Not providing the complete configuration file makes us test something
+ closer to what happens when a user adds a Wi-Fi connection themselves.
+ - Adjust the minimum allowed memory pattern coverage before wiping.
+ - Always sync the time from the host when restoring from a snapshot.
+ Previously we wouldn't do it when the network was plugged but Tor wasn't
+ running, which can cause issues if we *then* start Tor since the time
+ may be off.
+ - Adjust to the fact that we now support running as a 64-bit guest
+ in VirtualBox, and simplify code since we now include a 64-bit userland.
+ - Improve how we restart Tor/I2P after restoring from a snapshot.
+ - Adjust PolicyKit tests for Stretch.
+ - Work around Tails stopping on shut down due to #11730.
+ This should be reverted once #11730 is fixed properly.
+ - Update the screenshot scenario.
+ - Fix pcap file saving on MAC spoofing failure (Closes: #11698).
+ - Test that notifications are actually shown.
+ - Drop obsolete workaround for Florence sometimes not being hidden
+ on startup (#11398).
+ - Avoid remote shell deadlock.
+ - Install at-spi2-core from Debian Sid.
+ With the current version in Stretch, at-spi-bus-launcher crashes on
+ start, breaking parts of GNOME's accessibility, and Dogtail.
+ For details, see https://bugs.debian.org/840618.
+ - Check that the MAC address is spoofed for manually added persistent
+ NetworkManager connections created on Jessie and Stretch (refs: #11931).
+ - Use nc.traditional in tests that rely on its behaviour.
+ - Adjust expected notification text to cope with #11941.
+
+ * Adjustments for Debian 9 (Stretch) with no or very little user-visible impact
+ - Adjust APT sources and pinning for Stretch.
+ - Don't install gnome-media, which is not part of testing/sid anymore.
+ We already install the only bits it was providing or depending on.
+ - Don't install gnome-themes: it's gone in Stretch.
+ - Stop installing GStreamer 0.10 explicitly: it won't be in Stretch,
+ and some bits are gone already.
+ - Refresh and unfuzzy patches for Stretch. Replace some of them with
+ programmatic patching, as patches break the build whenever
+ they become fuzzy.
+ - Drop start_AppArmor_earlier.diff: on Stretch, AppArmor starts much earlier
+ already.
+ - Accept iceweasel-l10n-* that don't provide any search engine:
+ on Stretch, at least iceweasel-l10n-ar_1%3a43.0.4-1_all.deb doesn't.
+ - Stop deleting 75-persistent-net-generator.rules: obsolete in Stretch.
+ It was removed in systemd (220-7).
+ - Tell live-boot we're still using aufs: recent live-boot defaults
+ to overlayfs, which we don't use yet.
+ - Don't remove imagemagick in 11-localize_browser: cups-filters depends on it
+ (Closes: #10960).
+ - Explicitly install bc: needed by our 2010-pidgin live-config hook.
+ - Remove gcc-4.9-base and gcc-5 via a chroot hook, taking into account
+ that GCC 5 is the default on Stretch.
+ - Switch to openjdk-8-jre: openjdk-7-jre is not in Stretch anymore.
+ - gcalctool was renamed to gnome-calculator.
+ - Don't try to delete non-existing AppArmor profile for ntpd: it was moved
+ to the ntp package in Stretch.
+ - Build DKMS modules with GCC 5: Stretch hasn't 4.8 anymore.
+ - Don't try to reload or disable an initscript that we don't patch,
+ and that doesn't exist anymore.
+ - Support the case when /usr/src/libdvd-pkg does not exist.
+ Apparently this can happen on Stretch.
+ - Adjust to the move of /etc/gnome/defaults.list in Stretch
+ (Closes: #11440).
+ - Stop installing xserver-xorg-input-vmmouse. It's obsolete and conflicts
+ with recent kernels: https://bugs.debian.org/831420
+ - Install open-vm-tools from sid: it's been removed from testing.
+ - Install the gobby package, instead of the (now gone) transitional
+ gobby-0.5 one.
+ - apparmor-adjust-tor-profile.diff: drop bits that are useless, and
+ prevent Tor from starting, on Stretch.
+ - Tor Daemon Status: declare compatibility with GNOME Shell 3.20.
+ - Shutdown helper: declare compatibility with GNOME Shell 3.20.
+ - Drop 43-adjust_path_to_ibus-unikey_binaries hook: it was a workaround
+ for a bug (Debian#714932) that was fixed.
+ - Use netcat-openbsd instead of connect-proxy for torifying SSH.
+ connect-proxy seems barely maintained in Debian and was removed from
+ testing due to https://bugs.debian.org/830423.
+ - Don't disable gdomap service: we don't include it anymore.
+ unar in Jessie depended on gnustep-base-runtime (that ships gdomap),
+ but this is not the case in Stretch anymore.
+ - Install system-config-printer-common instead of system-config-printer,
+ and drop customization that were needed only for the latter:
+ system-config-printer (1.5.7-2) extracts into a new -common package
+ the bits needed by gnome-control-center (Closes: #11505).
+ - Adjust haveged AppArmor profile to work with Linux 4.x on Stretch.
+ - cupsd AppArmor profile: update list of backends, and add aufs-specific
+ tweak that Stretch needs (refs: #11699).
+ - Revert to GNOME's default font antialiasing/hinting.
+ We fixed on rgba/slight when converting some manual fontconfig stuff
+ to GNOME's layer on top of it, but at least from a fresh Stretch
+ install (2016-08-24) we got grayscale/slight. It could be that some
+ auto-detection is involved, so the values would be different depending
+ on the actual hardware. Any way, let's try to decrease our delta here.
+ - Adjust haveged arguments customization for Stretch (Closes: 11522).
+ - Display the date in the desktop top bar, as we did in Jessie and older.
+ (Closes: #11696)
+ - Drop patch to keep haveged, saned, spice-vdagent and laptop-mode running
+ on shutdown. These patches are no-ops on Stretch, where these services
+ have native systemd unit files. It's not worth porting these patches:
+ saned is socket-activated so in most cases it does not have to be shut
+ down, and we expect that the other ones can be stopped pretty quickly.
+ Let's bring back this kind of optimization if, and only if, we identify
+ an actual problem to fix in this area :)
+ - Don't delete downloaded debs after install: apt(8) >= 1.2~exp1 deletes
+ them by default, which is not nice for users who use it to preseed
+ their persistent APT cache. (Closes: #10958)
+ - Hide "OpenJDK Java 8 Policy Tool" from the Applications menu.
+ - Don't ship GCC 6: we don't ship compilers in Tails usually.
+ - Don't ship gcc-5-base: on Stretch we ship gcc-6-base instead.
+ - Don't start shipping libdvdcss2-dbgsym nor paxctld.
+ - Adjust default web browser customization: GNOME in Debian now defaults
+ to Firefox ESR (refs: #11440).
+ - Install libreoffice-gtk3: on Stretch this is needed to have Gtk+ 3 widgets
+ and a Gtk/GNOMEish print dialog.
+ - Explicitly install gtk2-engines-pixbuf, as it's not pulled automatically
+ on Stretch, and it's needed to theme GTK+ 2 applications in a nice way
+ (Closes: #11715).
+ - AppArmor gnome abstraction: allow reading /etc/xdg/*-mimeapps.list
+ (refs: #11440).
+ - Drop obsolete disabling of GNOME Keyring's GnuPG agent feature.
+ That feature was removed upstream.
+ - Explicitly select pinentry-gtk2 as our preferred pinentry program.
+ On Stretch, gnome-keyring depends on pinentry-gnome3, and then that one
+ is selected by default. It does not feel worth it to introduce a hackish
+ solution such as a fake pinentry-gnome3 package, so let's ignore it and
+ just make sure we are using the pinentry program we prefer
+ (Closes: #11713).
+ - Drop keep_memlockd_on_shutdown.diff: it's been a no-op since Tails 2.0
+ (Closes: #11708).
+ - Drop custom NetworkManager plugin configuration: these tweaks are not
+ needed on Stretch anymore.
+ - Disable new style network interface naming scheme.
+ It has little value for a live system, so let's stick to what we are
+ used to, and avoid having to adjust code/config/test suite
+ (Closes: #11721).
+ - Drop obsolete NM configuration wrt. sending hostname in DHCP requests
+ (Closes: #11720).
+ - Update APT pinning to cover all binary packages built from src:mesa
+ (refs: #11853).
+ - Don't try to install gnupg-curl: it doesn't exist anymore in Stretch.
+ - Install seahorse-nautilus from sid. It's been removed from testing.
+ - Drop workaround for Debian bug #645466, that was fixed in 2014
+ (Closes: #11534).
+ - Allow the "_apt" user to use Tor: in Stretch, APT network operations
+ are performed with the "_apt" user and not root.
+ - Make sure that 'localhost' points to the IPv4 loopback address.
+ - Make desktop launchers executable (Closes: #11927).
+ - Disable Wayland usage in GDM (Closes: #11923).
+ - Fix AppArmor profile for gst-plugin-scanner (Closes: #11928).
+ - Change Nautilus' default zoom level to 'small' (Closes: #11716).
+ The icons in GNOME Files and on the desktop are too huge otherwise. With
+ this new setting, they are similar in size to what we had in Jessie.
+ - Fix broken symlink preventing Enigmail from being enabled.
+ - Configure NetworkManager to not touch MAC addresses (refs: #11931).
+ Its default behaviour on Debian Stretch is to reset the MAC address to the
+ permanent one, and we did not make up our mind yet wrt. replacing
+ our custom MAC spoofing system with NM's own one (refs: #11293).
+ - Patch NetworkManager so that it does not leak the hostname in DHCP
+ requests (Closes: #11720).
+ - Deal with the fact that the NetworkManager dispatcher scripts are now
+ sometimes called with an empty first argument (Closes: #11938).
+ - Upgrade to GnuPG 2.1.15-9, and accordingly:
+ · Remove the CA certificate for sks-keyservers.net, that we installed
+ in the system-wide CAs directory: it is now included in the dirmngr
+ package. Stop trusting it for non-GnuPG operations.
+ · Make dirmngr use the sks-keyservers.net CA certificate from Debian.
+ · Move keyserver proxy configuration to dirmngr.conf, and drop the
+ keyserver-options that are obsolete or now the default.
+
+ -- intrigeri <intrigeri@boum.org> Thu, 17 Nov 2016 16:19:21 +0000
+
tails (2.7) unstable; urgency=medium
* Security fixes
diff --git a/features/apt.feature b/features/apt.feature
index 70c2413..ce5e2d8 100644
--- a/features/apt.feature
+++ b/features/apt.feature
@@ -5,22 +5,24 @@ Feature: Installing packages through APT
I should be able to install packages using APT and Synaptic
and all Internet traffic should flow only through Tor.
- Background:
- Given I have started Tails from DVD and logged in with an administration password and the network is connected
-
Scenario: APT sources are configured correctly
+ Given I have started Tails from DVD without network and logged in
Then the only hosts in APT sources are "vwakviie2ienjx6t.onion,sgvtcaew4bxjd7ln.onion,jenw7xbd6tf7vfhp.onion,sdscoq7snqtznauu.onion"
And no proposed-updates APT suite is enabled
@check_tor_leaks
Scenario: Install packages using apt
+ Given I have started Tails from DVD and logged in with an administration password and the network is connected
When I configure APT to use non-onion sources
And I update APT using apt
- Then I should be able to install a package using apt
+ And I install "cowsay" using apt
+ Then the package "cowsay" is installed
@check_tor_leaks
Scenario: Install packages using Synaptic
+ Given I have started Tails from DVD and logged in with an administration password and the network is connected
When I configure APT to use non-onion sources
And I start Synaptic
And I update APT using Synaptic
- Then I should be able to install a package using Synaptic
+ When I install "cowsay" using Synaptic
+ Then the package "cowsay" is installed
diff --git a/features/chutney/test-network b/features/chutney/test-network
index adb8ee5..c54fc79 100644
--- a/features/chutney/test-network
+++ b/features/chutney/test-network
@@ -45,12 +45,19 @@ BridgeObfs4 = Node(
torrc="bridge-obfs4.tmpl"
)
+OnionService = Node(
+ tag="hs",
+ hs=1,
+ torrc="hs.tmpl"
+)
+
NODES = Authority.getN(4) + \
BridgeAuthority.getN(1) + \
NonExitRelay.getN(20) + \
ExitRelay.getN(10) + \
Bridge.getN(3) + \
BridgeObfs4.getN(3) + \
+ OnionService.getN(1) + \
Client.getN(1)
ConfigureNodes(NODES)
diff --git a/features/documentation.feature b/features/documentation.feature
index f6be5ef..8778c3c 100644
--- a/features/documentation.feature
+++ b/features/documentation.feature
@@ -1,7 +1,7 @@
@product @doc
Feature: Tails documentation
- Scenario: The "Report an Error" launcher will open the support documentation
+ Scenario: The Report an Error launcher will open the support documentation
Given I have started Tails from DVD without network and logged in
- When I double-click the Report an Error launcher on the desktop
+ When I double-click on the Report an Error launcher on the desktop
Then the support documentation page opens in Tor Browser
diff --git a/features/domains/default.xml b/features/domains/default.xml
index 431dcde..f3d6204 100644
--- a/features/domains/default.xml
+++ b/features/domains/default.xml
@@ -3,7 +3,7 @@
<currentMemory unit='KiB'>2097152</currentMemory>
<vcpu>2</vcpu>
<os>
- <type arch='x86_64' machine='pc-i440fx-2.5'>hvm</type>
+ <type arch='x86_64' machine='pc-q35-2.8'>hvm</type>
<boot dev='cdrom'/>
</os>
<features>
diff --git a/features/erase_memory.feature b/features/erase_memory.feature
index 28779f6..7be0eeb 100644
--- a/features/erase_memory.feature
+++ b/features/erase_memory.feature
@@ -4,64 +4,58 @@ Feature: System memory erasure on shutdown
when I shutdown Tails
I want the system memory to be free from sensitive data.
- Scenario: Anti-test: no memory erasure on a modern computer
- Given a computer
- And the computer is a modern 64-bit system
- And the computer has 8 GiB of RAM
- And I set Tails to boot with options "debug=wipemem"
- And I start Tails from DVD with network unplugged and I login
- Then the PAE kernel is running
- And at least 8 GiB of RAM was detected
- And process "memlockd" is running
- And process "udev-watchdog" is running
- And udev-watchdog is monitoring the correct device
- When I fill the guest's memory with a known pattern without verifying
- And I reboot without wiping the memory
- And I stop the boot at the bootloader menu
- Then I find many patterns in the guest's memory
+# These tests rely on the Linux kernel's memory poisoning features.
+# The feature is called "on shutdown" as this is the security guarantee
+# we document, but in practice we have no good way to test behavior on shutdown
+# per-se (known patterns allocated in memory will be erased _before_ shutdown
+# by the kernel). So we test that some important bits of memory are erased
+# _before_ shutdown.
- Scenario: Memory erasure on a modern computer
- Given a computer
- And the computer is a modern 64-bit system
- And the computer has 8 GiB of RAM
- And I set Tails to boot with options "debug=wipemem"
- And I start Tails from DVD with network unplugged and I login
- Then the PAE kernel is running
- And at least 8 GiB of RAM was detected
- And process "memlockd" is running
- And process "udev-watchdog" is running
- And udev-watchdog is monitoring the correct device
- When I fill the guest's memory with a known pattern
- And I shutdown and wait for Tails to finish wiping the memory
+ Scenario: Erasure of memory freed by killed userspace processes
+ Given I have started Tails from DVD without network and logged in
+ And I prepare Tails for memory erasure tests
+ When I fill the guest's memory with a known pattern and the allocating processes get killed
Then I find very few patterns in the guest's memory
- Scenario: Anti-test: no memory erasure on an old computer
- Given a computer
- And the computer is an old pentium without the PAE extension
- And the computer has 8 GiB of RAM
- And I set Tails to boot with options "debug=wipemem"
- And I start Tails from DVD with network unplugged and I login
- Then the non-PAE kernel is running
- And at least 3 GiB of RAM was detected
- And process "memlockd" is running
- And process "udev-watchdog" is running
- And udev-watchdog is monitoring the correct device
- When I fill the guest's memory with a known pattern without verifying
- And I reboot without wiping the memory
- And I stop the boot at the bootloader menu
- Then I find many patterns in the guest's memory
+ Scenario: Erasure of tmpfs data on unmount
+ Given I have started Tails from DVD without network and logged in
+ And I prepare Tails for memory erasure tests
+ And I find very few patterns in the guest's memory
+ When I mount a 128 MiB tmpfs on "/mnt" and fill it with a known pattern
+ Then patterns cover at least 99% of the test FS size in the guest's memory
+ When I umount "/mnt"
+ Then I find very few patterns in the guest's memory
- Scenario: Memory erasure on an old computer
- Given a computer
- And the computer is an old pentium without the PAE extension
- And the computer has 8 GiB of RAM
- And I set Tails to boot with options "debug=wipemem"
- And I start Tails from DVD with network unplugged and I login
- And the non-PAE kernel is running
- And at least 3 GiB of RAM was detected
- And process "memlockd" is running
- And process "udev-watchdog" is running
- And udev-watchdog is monitoring the correct device
- When I fill the guest's memory with a known pattern
- And I shutdown and wait for Tails to finish wiping the memory
+ Scenario: Erasure of read and write disk caches on unmount: vfat
+ Given I have started Tails from DVD without network and logged in
+ And I prepare Tails for memory erasure tests
+ When I plug and mount a 128 MiB USB drive with a vfat filesystem
+ Then I find very few patterns in the guest's memory
+ # write cache
+ When I fill the USB drive with a known pattern
+ Then patterns cover at least 99% of the test FS size in the guest's memory
+ When I umount the USB drive
+ Then I find very few patterns in the guest's memory
+ # read cache
+ When I mount the USB drive again
+ And I read the content of the test FS
+ Then patterns cover at least 99% of the test FS size in the guest's memory
+ When I umount the USB drive
+ Then I find very few patterns in the guest's memory
+
+ Scenario: Erasure of read and write disk caches on unmount: LUKS-encrypted ext4
+ Given I have started Tails from DVD without network and logged in
+ And I prepare Tails for memory erasure tests
+ When I plug and mount a 128 MiB USB drive with an ext4 filesystem encrypted with password "asdf"
+ Then I find very few patterns in the guest's memory
+ # write cache
+ When I fill the USB drive with a known pattern
+ Then patterns cover at least 99% of the test FS size in the guest's memory
+ When I umount the USB drive
+ Then I find very few patterns in the guest's memory
+ # read cache
+ When I mount the USB drive again
+ And I read the content of the test FS
+ Then patterns cover at least 99% of the test FS size in the guest's memory
+ When I umount the USB drive
Then I find very few patterns in the guest's memory
diff --git a/features/gnome.feature b/features/gnome.feature
index 21b2672..61cbaae 100644
--- a/features/gnome.feature
+++ b/features/gnome.feature
@@ -6,3 +6,8 @@ Feature: GNOME is well-integrated into Tails
And there is no screenshot in the live user's Pictures directory
When I press the "PRINTSCREEN" key
Then a screenshot is saved to the live user's Pictures directory
+
+ Scenario: GNOME notifications are shown to the user
+ Given I have started Tails from DVD without network and logged in
+ When the "Dogtail rules!" notification is sent
+ Then the "Dogtail rules!" notification is shown to the user
diff --git a/features/icedove.feature b/features/icedove.feature
index 298be78..90dc654 100644
--- a/features/icedove.feature
+++ b/features/icedove.feature
@@ -16,15 +16,6 @@ Feature: Icedove email client
And I click the extensions tab
Then I see that only the Enigmail and TorBirdy addons are enabled in Icedove
- Scenario: Enigmail is configured to use the correct keyserver
- Given I cancel setting up an email account
- And I go into Enigmail's preferences
- And I enable Enigmail's expert settings
- When I click Enigmail's Keyserver tab
- Then I see that Enigmail is configured to use the correct keyserver
- When I click Enigmail's Advanced tab
- Then I see that Enigmail is configured to use the correct SOCKS proxy
-
Scenario: Torbirdy is configured to use Tor
Given I cancel setting up an email account
Then I see that Torbirdy is configured to use Tor
diff --git a/features/images/BrowserDownloadDialogSaveAsButton.png b/features/images/BrowserDownloadDialogSaveAsButton.png
index bd3e1c0..6512cb9 100644
--- a/features/images/BrowserDownloadDialogSaveAsButton.png
+++ b/features/images/BrowserDownloadDialogSaveAsButton.png
Binary files differ
diff --git a/features/images/BrowserDownloadFileToDialog.png b/features/images/BrowserDownloadFileToDialog.png
index 8f94ec2..a1a861a 100644
--- a/features/images/BrowserDownloadFileToDialog.png
+++ b/features/images/BrowserDownloadFileToDialog.png
Binary files differ
diff --git a/features/images/CupsTestPage.png b/features/images/CupsTestPage.png
index 916486e..6b5b33e 100644
--- a/features/images/CupsTestPage.png
+++ b/features/images/CupsTestPage.png
Binary files differ
diff --git a/features/images/DesktopReportAnError.png b/features/images/DesktopReportAnError.png
index f0991c5..a0d5770 100644
--- a/features/images/DesktopReportAnError.png
+++ b/features/images/DesktopReportAnError.png
Binary files differ
diff --git a/features/images/DesktopTailsDocumentation.png b/features/images/DesktopTailsDocumentation.png
new file mode 100644
index 0000000..49f8c61
--- /dev/null
+++ b/features/images/DesktopTailsDocumentation.png
Binary files differ
diff --git a/features/images/DesktopTailsDocumentationIcon.png b/features/images/DesktopTailsDocumentationIcon.png
deleted file mode 100644
index 39a0dfe..0000000
--- a/features/images/DesktopTailsDocumentationIcon.png
+++ /dev/null
Binary files differ
diff --git a/features/images/ElectrumCreateNewSeed.png b/features/images/ElectrumCreateNewSeed.png
index 9d56724..e0382c1 100644
--- a/features/images/ElectrumCreateNewSeed.png
+++ b/features/images/ElectrumCreateNewSeed.png
Binary files differ
diff --git a/features/images/ElectrumNextButton.png b/features/images/ElectrumNextButton.png
index b1db141..c7f960d 100644
--- a/features/images/ElectrumNextButton.png
+++ b/features/images/ElectrumNextButton.png
Binary files differ
diff --git a/features/images/ElectrumNoWallet.png b/features/images/ElectrumNoWallet.png
index 784ec0d..13b9d16 100644
--- a/features/images/ElectrumNoWallet.png
+++ b/features/images/ElectrumNoWallet.png
Binary files differ
diff --git a/features/images/ElectrumSeedVerificationPrompt.png b/features/images/ElectrumSeedVerificationPrompt.png
index 6257755..829091b 100644
--- a/features/images/ElectrumSeedVerificationPrompt.png
+++ b/features/images/ElectrumSeedVerificationPrompt.png
Binary files differ
diff --git a/features/images/ElectrumStatus.png b/features/images/ElectrumStatus.png
index 78a0ce0..4774b70 100644
--- a/features/images/ElectrumStatus.png
+++ b/features/images/ElectrumStatus.png
Binary files differ
diff --git a/features/images/ElectrumWalletGenerationSeed.png b/features/images/ElectrumWalletGenerationSeed.png
index c15c0e5..7cbcde5 100644
--- a/features/images/ElectrumWalletGenerationSeed.png
+++ b/features/images/ElectrumWalletGenerationSeed.png
Binary files differ
diff --git a/features/images/ElectrumWalletSeedTextbox.png b/features/images/ElectrumWalletSeedTextbox.png
index 481ce8d..b337f41 100644
--- a/features/images/ElectrumWalletSeedTextbox.png
+++ b/features/images/ElectrumWalletSeedTextbox.png
Binary files differ
diff --git a/features/images/EvincePrintButton.png b/features/images/EvincePrintButton.png
index 1d6180b..442c463 100644
--- a/features/images/EvincePrintButton.png
+++ b/features/images/EvincePrintButton.png
Binary files differ
diff --git a/features/images/EvincePrintDialog.png b/features/images/EvincePrintDialog.png
index 69ff470..e160602 100644
--- a/features/images/EvincePrintDialog.png
+++ b/features/images/EvincePrintDialog.png
Binary files differ
diff --git a/features/images/EvincePrintFileDialog.png b/features/images/EvincePrintFileDialog.png
index e1628b6..d9692d0 100644
--- a/features/images/EvincePrintFileDialog.png
+++ b/features/images/EvincePrintFileDialog.png
Binary files differ
diff --git a/features/images/EvincePrintOutputFileButton.png b/features/images/EvincePrintOutputFileButton.png
index 0baad51..650815f 100644
--- a/features/images/EvincePrintOutputFileButton.png
+++ b/features/images/EvincePrintOutputFileButton.png
Binary files differ
diff --git a/features/images/EvincePrintToFile.png b/features/images/EvincePrintToFile.png
index d0b5297..f345efc 100644
--- a/features/images/EvincePrintToFile.png
+++ b/features/images/EvincePrintToFile.png
Binary files differ
diff --git a/features/images/EvinceUnableToOpen.png b/features/images/EvinceUnableToOpen.png
index ca241f9..5e0c47a 100644
--- a/features/images/EvinceUnableToOpen.png
+++ b/features/images/EvinceUnableToOpen.png
Binary files differ
diff --git a/features/images/GeditCopy.png b/features/images/GeditCopy.png
index bf58f62..ec2f8f3 100644
--- a/features/images/GeditCopy.png
+++ b/features/images/GeditCopy.png
Binary files differ
diff --git a/features/images/GeditNewTab.png b/features/images/GeditNewTab.png
index 88537b8..0e9788c 100644
--- a/features/images/GeditNewTab.png
+++ b/features/images/GeditNewTab.png
Binary files differ
diff --git a/features/images/GeditPaste.png b/features/images/GeditPaste.png
index 43091fa..573ace7 100644
--- a/features/images/GeditPaste.png
+++ b/features/images/GeditPaste.png
Binary files differ
diff --git a/features/images/GeditSelectAll.png b/features/images/GeditSelectAll.png
index 1cb1e90..d0ed857 100644
--- a/features/images/GeditSelectAll.png
+++ b/features/images/GeditSelectAll.png
Binary files differ
diff --git a/features/images/GeditStatusBar.png b/features/images/GeditStatusBar.png
index 4bf594d..96d348f 100644
--- a/features/images/GeditStatusBar.png
+++ b/features/images/GeditStatusBar.png
Binary files differ
diff --git a/features/images/GeditWindow.png b/features/images/GeditWindow.png
index 2f4a1e2..ffb77a8 100644
--- a/features/images/GeditWindow.png
+++ b/features/images/GeditWindow.png
Binary files differ
diff --git a/features/images/GitCloneDone.png b/features/images/GitCloneDone.png
deleted file mode 100644
index f81dd59..0000000
--- a/features/images/GitCloneDone.png
+++ /dev/null
Binary files differ
diff --git a/features/images/GksuAuthPrompt.png b/features/images/GksuAuthPrompt.png
deleted file mode 100644
index dc8736f..0000000
--- a/features/images/GksuAuthPrompt.png
+++ /dev/null
Binary files differ
diff --git a/features/images/GnomeActivitiesOverview.png b/features/images/GnomeActivitiesOverview.png
new file mode 100644
index 0000000..d973576
--- /dev/null
+++ b/features/images/GnomeActivitiesOverview.png
Binary files differ
diff --git a/features/images/GnomeApplicationsMenu.png b/features/images/GnomeApplicationsMenu.png
index 542a73f..dc34bac 100644
--- a/features/images/GnomeApplicationsMenu.png
+++ b/features/images/GnomeApplicationsMenu.png
Binary files differ
diff --git a/features/images/GnomeApplicationsMenuGerman.png b/features/images/GnomeApplicationsMenuGerman.png
index 16e641b..ccada3e 100644
--- a/features/images/GnomeApplicationsMenuGerman.png
+++ b/features/images/GnomeApplicationsMenuGerman.png
Binary files differ
diff --git a/features/images/GnomeCloseAllNotificationsButton.png b/features/images/GnomeCloseAllNotificationsButton.png
new file mode 100644
index 0000000..4297a9c
--- /dev/null
+++ b/features/images/GnomeCloseAllNotificationsButton.png
Binary files differ
diff --git a/features/images/GnomeCloseTopButton.png b/features/images/GnomeCloseTopButton.png
deleted file mode 100644
index b5a2f7f..0000000
--- a/features/images/GnomeCloseTopButton.png
+++ /dev/null
Binary files differ
diff --git a/features/images/GnomeConnectToServerConnectButton.png b/features/images/GnomeConnectToServerConnectButton.png
deleted file mode 100644
index 5c59f10..0000000
--- a/features/images/GnomeConnectToServerConnectButton.png
+++ /dev/null
Binary files differ
diff --git a/features/images/GnomeConnectToServerWindow.png b/features/images/GnomeConnectToServerWindow.png
deleted file mode 100644
index ccdd8f3..0000000
--- a/features/images/GnomeConnectToServerWindow.png
+++ /dev/null
Binary files differ
diff --git a/features/images/GnomeEditMenu.png b/features/images/GnomeEditMenu.png
index 5b42d64..0a870f9 100644
--- a/features/images/GnomeEditMenu.png
+++ b/features/images/GnomeEditMenu.png
Binary files differ
diff --git a/features/images/GnomeFilesConnectToServer.png b/features/images/GnomeFilesConnectToServer.png
deleted file mode 100644
index b5b6864..0000000
--- a/features/images/GnomeFilesConnectToServer.png
+++ /dev/null
Binary files differ
diff --git a/features/images/GnomePlaces.png b/features/images/GnomePlaces.png
index 476bf23..4fc4c1f 100644
--- a/features/images/GnomePlaces.png
+++ b/features/images/GnomePlaces.png
Binary files differ
diff --git a/features/images/GnomePlacesWithoutTorBrowserPersistent.png b/features/images/GnomePlacesWithoutTorBrowserPersistent.png
index 2ab18a3..99834fd 100644
--- a/features/images/GnomePlacesWithoutTorBrowserPersistent.png
+++ b/features/images/GnomePlacesWithoutTorBrowserPersistent.png
Binary files differ
diff --git a/features/images/GnomeSSHSuccess.png b/features/images/GnomeSSHSuccess.png
deleted file mode 100644
index c939c68..0000000
--- a/features/images/GnomeSSHSuccess.png
+++ /dev/null
Binary files differ
diff --git a/features/images/GnomeSSHVerificationConfirm.png b/features/images/GnomeSSHVerificationConfirm.png
deleted file mode 100644
index 1fafa6b..0000000
--- a/features/images/GnomeSSHVerificationConfirm.png
+++ /dev/null
Binary files differ
diff --git a/features/images/GnomeSystrayFlorence.png b/features/images/GnomeSystrayFlorence.png
index 5c0abc7..8f016bd 100644
--- a/features/images/GnomeSystrayFlorence.png
+++ b/features/images/GnomeSystrayFlorence.png
Binary files differ
diff --git a/features/images/GobbyConnectPrompt.png b/features/images/GobbyConnectPrompt.png
deleted file mode 100644
index 6dbed9a..0000000
--- a/features/images/GobbyConnectPrompt.png
+++ /dev/null
Binary files differ
diff --git a/features/images/GobbyConnectionComplete.png b/features/images/GobbyConnectionComplete.png
deleted file mode 100644
index 81e5b7b..0000000
--- a/features/images/GobbyConnectionComplete.png
+++ /dev/null
Binary files differ
diff --git a/features/images/GobbyFailedToShareDocuments.png b/features/images/GobbyFailedToShareDocuments.png
deleted file mode 100644
index e86111d..0000000
--- a/features/images/GobbyFailedToShareDocuments.png
+++ /dev/null
Binary files differ
diff --git a/features/images/GobbyWelcomePrompt.png b/features/images/GobbyWelcomePrompt.png
deleted file mode 100644
index 07f7ccd..0000000
--- a/features/images/GobbyWelcomePrompt.png
+++ /dev/null
Binary files differ
diff --git a/features/images/GobbyWindow.png b/features/images/GobbyWindow.png
deleted file mode 100644
index d702922..0000000
--- a/features/images/GobbyWindow.png
+++ /dev/null
Binary files differ
diff --git a/features/images/GpgAppletChooseKeyWindow.png b/features/images/GpgAppletChooseKeyWindow.png
index ebca7da..6be3027 100644
--- a/features/images/GpgAppletChooseKeyWindow.png
+++ b/features/images/GpgAppletChooseKeyWindow.png
Binary files differ
diff --git a/features/images/GpgAppletDecryptVerify.png b/features/images/GpgAppletDecryptVerify.png
index c584792..167b273 100644
--- a/features/images/GpgAppletDecryptVerify.png
+++ b/features/images/GpgAppletDecryptVerify.png
Binary files differ
diff --git a/features/images/GpgAppletEncryptPassphrase.png b/features/images/GpgAppletEncryptPassphrase.png
index 6f07a29..3e73bfe 100644
--- a/features/images/GpgAppletEncryptPassphrase.png
+++ b/features/images/GpgAppletEncryptPassphrase.png
Binary files differ
diff --git a/features/images/GpgAppletEncryptionKey.png b/features/images/GpgAppletEncryptionKey.png
index f8252d7..5b42ad6 100644
--- a/features/images/GpgAppletEncryptionKey.png
+++ b/features/images/GpgAppletEncryptionKey.png
Binary files differ
diff --git a/features/images/GpgAppletIconEncrypted.png b/features/images/GpgAppletIconEncrypted.png
index 479438e..856fc07 100644
--- a/features/images/GpgAppletIconEncrypted.png
+++ b/features/images/GpgAppletIconEncrypted.png
Binary files differ
diff --git a/features/images/GpgAppletIconNormal.png b/features/images/GpgAppletIconNormal.png
index 102b903..7a02ff5 100644
--- a/features/images/GpgAppletIconNormal.png
+++ b/features/images/GpgAppletIconNormal.png
Binary files differ
diff --git a/features/images/GpgAppletIconSigned.png b/features/images/GpgAppletIconSigned.png
index 44978e6..4587e74 100644
--- a/features/images/GpgAppletIconSigned.png
+++ b/features/images/GpgAppletIconSigned.png
Binary files differ
diff --git a/features/images/GpgAppletKeySelected.png b/features/images/GpgAppletKeySelected.png
index 761a832..6e953ce 100644
--- a/features/images/GpgAppletKeySelected.png
+++ b/features/images/GpgAppletKeySelected.png
Binary files differ
diff --git a/features/images/GpgAppletManageKeys.png b/features/images/GpgAppletManageKeys.png
index 7636f31..974b8da 100644
--- a/features/images/GpgAppletManageKeys.png
+++ b/features/images/GpgAppletManageKeys.png
Binary files differ
diff --git a/features/images/GpgAppletResults.png b/features/images/GpgAppletResults.png
index 9270322..4792c0a 100644
--- a/features/images/GpgAppletResults.png
+++ b/features/images/GpgAppletResults.png
Binary files differ
diff --git a/features/images/GpgAppletSignEncrypt.png b/features/images/GpgAppletSignEncrypt.png
index 5ee59bc..d1809b1 100644
--- a/features/images/GpgAppletSignEncrypt.png
+++ b/features/images/GpgAppletSignEncrypt.png
Binary files differ
diff --git a/features/images/GtkFileChooserDesktopButton.png b/features/images/GtkFileChooserDesktopButton.png
index 434a3e4..3d9dae3 100644
--- a/features/images/GtkFileChooserDesktopButton.png
+++ b/features/images/GtkFileChooserDesktopButton.png
Binary files differ
diff --git a/features/images/PersistenceWizardDeletionStart.png b/features/images/PersistenceWizardDeletionStart.png
index a93fbb9..83e1445 100644
--- a/features/images/PersistenceWizardDeletionStart.png
+++ b/features/images/PersistenceWizardDeletionStart.png
Binary files differ
diff --git a/features/images/PersistenceWizardDone.png b/features/images/PersistenceWizardDone.png
index baa6c35..87aad3f 100644
--- a/features/images/PersistenceWizardDone.png
+++ b/features/images/PersistenceWizardDone.png
Binary files differ
diff --git a/features/images/PersistenceWizardPresets.png b/features/images/PersistenceWizardPresets.png
index f8349a9..8b7113a 100644
--- a/features/images/PersistenceWizardPresets.png
+++ b/features/images/PersistenceWizardPresets.png
Binary files differ
diff --git a/features/images/PersistenceWizardSave.png b/features/images/PersistenceWizardSave.png
index 1beb8c2..c0b8dcd 100644
--- a/features/images/PersistenceWizardSave.png
+++ b/features/images/PersistenceWizardSave.png
Binary files differ
diff --git a/features/images/PersistenceWizardStart.png b/features/images/PersistenceWizardStart.png
index c34668e..ea32b97 100644
--- a/features/images/PersistenceWizardStart.png
+++ b/features/images/PersistenceWizardStart.png
Binary files differ
diff --git a/features/images/PidginAccountManagerAddButton.png b/features/images/PidginAccountManagerAddButton.png
index 446b9ce..8853561 100644
--- a/features/images/PidginAccountManagerAddButton.png
+++ b/features/images/PidginAccountManagerAddButton.png
Binary files differ
diff --git a/features/images/PidginAccountManagerCloseButton.png b/features/images/PidginAccountManagerCloseButton.png
index f8fe293..c62b91e 100644
--- a/features/images/PidginAccountManagerCloseButton.png
+++ b/features/images/PidginAccountManagerCloseButton.png
Binary files differ
diff --git a/features/images/PidginAccountWindow.png b/features/images/PidginAccountWindow.png
index 08a3c32..1cc518c 100644
--- a/features/images/PidginAccountWindow.png
+++ b/features/images/PidginAccountWindow.png
Binary files differ
diff --git a/features/images/PidginAddAccountProtocolLabel.png b/features/images/PidginAddAccountProtocolLabel.png
index 5917371..c2add1e 100644
--- a/features/images/PidginAddAccountProtocolLabel.png
+++ b/features/images/PidginAddAccountProtocolLabel.png
Binary files differ
diff --git a/features/images/PidginAddAccountProtocolXMPP.png b/features/images/PidginAddAccountProtocolXMPP.png
index 6cb5035..31632a3 100644
--- a/features/images/PidginAddAccountProtocolXMPP.png
+++ b/features/images/PidginAddAccountProtocolXMPP.png
Binary files differ
diff --git a/features/images/PidginAddAccountWindow.png b/features/images/PidginAddAccountWindow.png
index 39a15b1..b87dbda0 100644
--- a/features/images/PidginAddAccountWindow.png
+++ b/features/images/PidginAddAccountWindow.png
Binary files differ
diff --git a/features/images/PidginAddAccountXMPPAddButton.png b/features/images/PidginAddAccountXMPPAddButton.png
index 76c4455..fea0c43 100644
--- a/features/images/PidginAddAccountXMPPAddButton.png
+++ b/features/images/PidginAddAccountXMPPAddButton.png
Binary files differ
diff --git a/features/images/PidginAddAccountXMPPAdvancedTab.png b/features/images/PidginAddAccountXMPPAdvancedTab.png
index 5cbdd7a..2d6983f 100644
--- a/features/images/PidginAddAccountXMPPAdvancedTab.png
+++ b/features/images/PidginAddAccountXMPPAdvancedTab.png
Binary files differ
diff --git a/features/images/PidginAddAccountXMPPConnectServer.png b/features/images/PidginAddAccountXMPPConnectServer.png
index 99ebdde..9752718 100644
--- a/features/images/PidginAddAccountXMPPConnectServer.png
+++ b/features/images/PidginAddAccountXMPPConnectServer.png
Binary files differ
diff --git a/features/images/PidginAddAccountXMPPDomain.png b/features/images/PidginAddAccountXMPPDomain.png
index 6209e81..87cbcdf 100644
--- a/features/images/PidginAddAccountXMPPDomain.png
+++ b/features/images/PidginAddAccountXMPPDomain.png
Binary files differ
diff --git a/features/images/PidginAddAccountXMPPPassword.png b/features/images/PidginAddAccountXMPPPassword.png
index 89be45a..44ef03f 100644
--- a/features/images/PidginAddAccountXMPPPassword.png
+++ b/features/images/PidginAddAccountXMPPPassword.png
Binary files differ
diff --git a/features/images/PidginAddAccountXMPPRememberPassword.png b/features/images/PidginAddAccountXMPPRememberPassword.png
index 2b39a05..2923277 100644
--- a/features/images/PidginAddAccountXMPPRememberPassword.png
+++ b/features/images/PidginAddAccountXMPPRememberPassword.png
Binary files differ
diff --git a/features/images/PidginAddAccountXMPPUsername.png b/features/images/PidginAddAccountXMPPUsername.png
index a087dac..1ee30d7 100644
--- a/features/images/PidginAddAccountXMPPUsername.png
+++ b/features/images/PidginAddAccountXMPPUsername.png
Binary files differ
diff --git a/features/images/PidginAvailableStatus.png b/features/images/PidginAvailableStatus.png
index 21e4377..ad219d8 100644
--- a/features/images/PidginAvailableStatus.png
+++ b/features/images/PidginAvailableStatus.png
Binary files differ
diff --git a/features/images/PidginBuddiesMenu.png b/features/images/PidginBuddiesMenu.png
index 45c936e..d29ba07 100644
--- a/features/images/PidginBuddiesMenu.png
+++ b/features/images/PidginBuddiesMenu.png
Binary files differ
diff --git a/features/images/PidginBuddiesMenuJoinChat.png b/features/images/PidginBuddiesMenuJoinChat.png
index 65f9354..d0228ed 100644
--- a/features/images/PidginBuddiesMenuJoinChat.png
+++ b/features/images/PidginBuddiesMenuJoinChat.png
Binary files differ
diff --git a/features/images/PidginCertificateAddButton.png b/features/images/PidginCertificateAddButton.png
index 9bce527..4c69ba6 100644
--- a/features/images/PidginCertificateAddButton.png
+++ b/features/images/PidginCertificateAddButton.png
Binary files differ
diff --git a/features/images/PidginCertificateImportFailed.png b/features/images/PidginCertificateImportFailed.png
index cff450c..403ab5f 100644
--- a/features/images/PidginCertificateImportFailed.png
+++ b/features/images/PidginCertificateImportFailed.png
Binary files differ
diff --git a/features/images/PidginCertificateManagerDialog.png b/features/images/PidginCertificateManagerDialog.png
index cbab380..204f73d 100644
--- a/features/images/PidginCertificateManagerDialog.png
+++ b/features/images/PidginCertificateManagerDialog.png
Binary files differ
diff --git a/features/images/PidginCertificateTestItem.png b/features/images/PidginCertificateTestItem.png
index f0cf923..1ad8795 100644
--- a/features/images/PidginCertificateTestItem.png
+++ b/features/images/PidginCertificateTestItem.png
Binary files differ
diff --git a/features/images/PidginCertificatesMenuItem.png b/features/images/PidginCertificatesMenuItem.png
index 3a5d9c9..3d07c03 100644
--- a/features/images/PidginCertificatesMenuItem.png
+++ b/features/images/PidginCertificatesMenuItem.png
Binary files differ
diff --git a/features/images/PidginChat2UsersInRoom.png b/features/images/PidginChat2UsersInRoom.png
index e1e48aa..cd850e1 100644
--- a/features/images/PidginChat2UsersInRoom.png
+++ b/features/images/PidginChat2UsersInRoom.png
Binary files differ
diff --git a/features/images/PidginConversationMenu.png b/features/images/PidginConversationMenu.png
index c1360bf..b28ebfd 100644
--- a/features/images/PidginConversationMenu.png
+++ b/features/images/PidginConversationMenu.png
Binary files differ
diff --git a/features/images/PidginConversationMenuClearScrollback.png b/features/images/PidginConversationMenuClearScrollback.png
index efe21a9..588c829 100644
--- a/features/images/PidginConversationMenuClearScrollback.png
+++ b/features/images/PidginConversationMenuClearScrollback.png
Binary files differ
diff --git a/features/images/PidginConversationOTRMenu.png b/features/images/PidginConversationOTRMenu.png
index dc66e26..98c4c48 100644
--- a/features/images/PidginConversationOTRMenu.png
+++ b/features/images/PidginConversationOTRMenu.png
Binary files differ
diff --git a/features/images/PidginConversationWindowMenuBar.png b/features/images/PidginConversationWindowMenuBar.png
index 10fb6b8..a9e7c79 100644
--- a/features/images/PidginConversationWindowMenuBar.png
+++ b/features/images/PidginConversationWindowMenuBar.png
Binary files differ
diff --git a/features/images/PidginFriendExpectedAnswer.png b/features/images/PidginFriendExpectedAnswer.png
index 535c252..11b9f91 100644
--- a/features/images/PidginFriendExpectedAnswer.png
+++ b/features/images/PidginFriendExpectedAnswer.png
Binary files differ
diff --git a/features/images/PidginFriendOnline.png b/features/images/PidginFriendOnline.png
index 20a4fb0..f8736a0 100644
--- a/features/images/PidginFriendOnline.png
+++ b/features/images/PidginFriendOnline.png
Binary files differ
diff --git a/features/images/PidginJoinChatButton.png b/features/images/PidginJoinChatButton.png
index e7eb6bd..02d259a 100644
--- a/features/images/PidginJoinChatButton.png
+++ b/features/images/PidginJoinChatButton.png
Binary files differ
diff --git a/features/images/PidginJoinChatRoomLabel.png b/features/images/PidginJoinChatRoomLabel.png
index 1d3c9d3..86b5e8f 100644
--- a/features/images/PidginJoinChatRoomLabel.png
+++ b/features/images/PidginJoinChatRoomLabel.png
Binary files differ
diff --git a/features/images/PidginJoinChatServerLabel.png b/features/images/PidginJoinChatServerLabel.png
index eb8d97c..2c1e3a9 100644
--- a/features/images/PidginJoinChatServerLabel.png
+++ b/features/images/PidginJoinChatServerLabel.png
Binary files differ
diff --git a/features/images/PidginJoinChatWindow.png b/features/images/PidginJoinChatWindow.png
index 7f007c7..716ee96 100644
--- a/features/images/PidginJoinChatWindow.png
+++ b/features/images/PidginJoinChatWindow.png
Binary files differ
diff --git a/features/images/PidginOTRKeyGenPrompt.png b/features/images/PidginOTRKeyGenPrompt.png
index 194e044..f020236 100644
--- a/features/images/PidginOTRKeyGenPrompt.png
+++ b/features/images/PidginOTRKeyGenPrompt.png
Binary files differ
diff --git a/features/images/PidginOTRKeyGenPromptDoneButton.png b/features/images/PidginOTRKeyGenPromptDoneButton.png
index 8fb885a..a739d7d 100644
--- a/features/images/PidginOTRKeyGenPromptDoneButton.png
+++ b/features/images/PidginOTRKeyGenPromptDoneButton.png
Binary files differ
diff --git a/features/images/PidginOTRMenuStartSession.png b/features/images/PidginOTRMenuStartSession.png
index 9f686a5..116de72 100644
--- a/features/images/PidginOTRMenuStartSession.png
+++ b/features/images/PidginOTRMenuStartSession.png
Binary files differ
diff --git a/features/images/PidginTailsChannelWelcome.png b/features/images/PidginTailsChannelWelcome.png
index 39d18ed..f055aec 100644
--- a/features/images/PidginTailsChannelWelcome.png
+++ b/features/images/PidginTailsChannelWelcome.png
Binary files differ
diff --git a/features/images/PidginTailsConversationTab.png b/features/images/PidginTailsConversationTab.png
index f641112..d7d4646 100644
--- a/features/images/PidginTailsConversationTab.png
+++ b/features/images/PidginTailsConversationTab.png
Binary files differ
diff --git a/features/images/PidginTailsRoadmapUrl.png b/features/images/PidginTailsRoadmapUrl.png
index 8457e12..d2eb939 100644
--- a/features/images/PidginTailsRoadmapUrl.png
+++ b/features/images/PidginTailsRoadmapUrl.png
Binary files differ
diff --git a/features/images/PidginToolsMenu.png b/features/images/PidginToolsMenu.png
index eced16b..e9c5623 100644
--- a/features/images/PidginToolsMenu.png
+++ b/features/images/PidginToolsMenu.png
Binary files differ
diff --git a/features/images/PolicyKitAuthFailure.png b/features/images/PolicyKitAuthFailure.png
index 13acaae..e39c5fb 100644
--- a/features/images/PolicyKitAuthFailure.png
+++ b/features/images/PolicyKitAuthFailure.png
Binary files differ
diff --git a/features/images/PolicyKitAuthPrompt.png b/features/images/PolicyKitAuthPrompt.png
index 0f3ae97..afedfd2 100644
--- a/features/images/PolicyKitAuthPrompt.png
+++ b/features/images/PolicyKitAuthPrompt.png
Binary files differ
diff --git a/features/images/SeahorseEditPreferences.png b/features/images/SeahorseEditPreferences.png
index e516ad9..bd9cf38 100644
--- a/features/images/SeahorseEditPreferences.png
+++ b/features/images/SeahorseEditPreferences.png
Binary files differ
diff --git a/features/images/SeahorseFindKeysWindow.png b/features/images/SeahorseFindKeysWindow.png
index 32b2633..c86a84c 100644
--- a/features/images/SeahorseFindKeysWindow.png
+++ b/features/images/SeahorseFindKeysWindow.png
Binary files differ
diff --git a/features/images/SeahorseImport.png b/features/images/SeahorseImport.png
index 63c728a..bc3c1f8 100644
--- a/features/images/SeahorseImport.png
+++ b/features/images/SeahorseImport.png
Binary files differ
diff --git a/features/images/SeahorseKeyResultWindow.png b/features/images/SeahorseKeyResultWindow.png
index 0ec7b60..36addbb 100644
--- a/features/images/SeahorseKeyResultWindow.png
+++ b/features/images/SeahorseKeyResultWindow.png
Binary files differ
diff --git a/features/images/SeahorsePreferences.png b/features/images/SeahorsePreferences.png
index 76a64b4..4b00f1a 100644
--- a/features/images/SeahorsePreferences.png
+++ b/features/images/SeahorsePreferences.png
Binary files differ
diff --git a/features/images/SeahorseRemoteMenu.png b/features/images/SeahorseRemoteMenu.png
index e557f8b..834c449 100644
--- a/features/images/SeahorseRemoteMenu.png
+++ b/features/images/SeahorseRemoteMenu.png
Binary files differ
diff --git a/features/images/SeahorseRemoteMenuFind.png b/features/images/SeahorseRemoteMenuFind.png
index 2a064c8..d9432b2 100644
--- a/features/images/SeahorseRemoteMenuFind.png
+++ b/features/images/SeahorseRemoteMenuFind.png
Binary files differ
diff --git a/features/images/SeahorseRemoteMenuSync.png b/features/images/SeahorseRemoteMenuSync.png
index 5255e54..3699b7d 100644
--- a/features/images/SeahorseRemoteMenuSync.png
+++ b/features/images/SeahorseRemoteMenuSync.png
Binary files differ
diff --git a/features/images/SeahorseSyncKeys.png b/features/images/SeahorseSyncKeys.png
index dcd5bfd..7fe26e0 100644
--- a/features/images/SeahorseSyncKeys.png
+++ b/features/images/SeahorseSyncKeys.png
Binary files differ
diff --git a/features/images/SeahorseWindow.png b/features/images/SeahorseWindow.png
index a868798..e8228d6 100644
--- a/features/images/SeahorseWindow.png
+++ b/features/images/SeahorseWindow.png
Binary files differ
diff --git a/features/images/SynapticApply.png b/features/images/SynapticApply.png
deleted file mode 100644
index 8140848..0000000
--- a/features/images/SynapticApply.png
+++ /dev/null
Binary files differ
diff --git a/features/images/SynapticApplyButton.png b/features/images/SynapticApplyButton.png
deleted file mode 100644
index 92cefb1..0000000
--- a/features/images/SynapticApplyButton.png
+++ /dev/null
Binary files differ
diff --git a/features/images/SynapticApplyPrompt.png b/features/images/SynapticApplyPrompt.png
deleted file mode 100644
index a802fe9..0000000
--- a/features/images/SynapticApplyPrompt.png
+++ /dev/null
Binary files differ
diff --git a/features/images/SynapticChangesAppliedPrompt.png b/features/images/SynapticChangesAppliedPrompt.png
deleted file mode 100644
index bf75428..0000000
--- a/features/images/SynapticChangesAppliedPrompt.png
+++ /dev/null
Binary files differ
diff --git a/features/images/SynapticCowsayMarked.png b/features/images/SynapticCowsayMarked.png
deleted file mode 100644
index b6d1a30..0000000
--- a/features/images/SynapticCowsayMarked.png
+++ /dev/null
Binary files differ
diff --git a/features/images/SynapticCowsaySearchResult.png b/features/images/SynapticCowsaySearchResult.png
deleted file mode 100644
index 8a4aa0a..0000000
--- a/features/images/SynapticCowsaySearchResult.png
+++ /dev/null
Binary files differ
diff --git a/features/images/SynapticCowsaySearchResultSelected.png b/features/images/SynapticCowsaySearchResultSelected.png
deleted file mode 100644
index 65156bf..0000000
--- a/features/images/SynapticCowsaySearchResultSelected.png
+++ /dev/null
Binary files differ
diff --git a/features/images/SynapticFailure.png b/features/images/SynapticFailure.png
deleted file mode 100644
index a0a702b..0000000
--- a/features/images/SynapticFailure.png
+++ /dev/null
Binary files differ
diff --git a/features/images/SynapticLoaded.png b/features/images/SynapticLoaded.png
deleted file mode 100644
index 91b9062..0000000
--- a/features/images/SynapticLoaded.png
+++ /dev/null
Binary files differ
diff --git a/features/images/SynapticPackageList.png b/features/images/SynapticPackageList.png
deleted file mode 100644
index 21f07d0..0000000
--- a/features/images/SynapticPackageList.png
+++ /dev/null
Binary files differ
diff --git a/features/images/SynapticReloadPrompt.png b/features/images/SynapticReloadPrompt.png
deleted file mode 100644
index 2d476ac..0000000
--- a/features/images/SynapticReloadPrompt.png
+++ /dev/null
Binary files differ
diff --git a/features/images/SynapticSearchButton.png b/features/images/SynapticSearchButton.png
deleted file mode 100644
index 641ad51..0000000
--- a/features/images/SynapticSearchButton.png
+++ /dev/null
Binary files differ
diff --git a/features/images/SynapticSearchWindow.png b/features/images/SynapticSearchWindow.png
deleted file mode 100644
index 2077789..0000000
--- a/features/images/SynapticSearchWindow.png
+++ /dev/null
Binary files differ
diff --git a/features/images/TailsBug11786a.png b/features/images/TailsBug11786a.png
index 2e6428b..c1ea95b 100644
--- a/features/images/TailsBug11786a.png
+++ b/features/images/TailsBug11786a.png
Binary files differ
diff --git a/features/images/TailsEmergencyShutdownButton.png b/features/images/TailsEmergencyShutdownButton.png
index df9ab88..0b7ca77 100644
--- a/features/images/TailsEmergencyShutdownButton.png
+++ b/features/images/TailsEmergencyShutdownButton.png
Binary files differ
diff --git a/features/images/TailsEmergencyShutdownHalt.png b/features/images/TailsEmergencyShutdownHalt.png
index 92f2367..55875b2 100644
--- a/features/images/TailsEmergencyShutdownHalt.png
+++ b/features/images/TailsEmergencyShutdownHalt.png
Binary files differ
diff --git a/features/images/TailsEmergencyShutdownReboot.png b/features/images/TailsEmergencyShutdownReboot.png
index 08e09a1..4d77c34 100644
--- a/features/images/TailsEmergencyShutdownReboot.png
+++ b/features/images/TailsEmergencyShutdownReboot.png
Binary files differ
diff --git a/features/images/TailsGreeter.png b/features/images/TailsGreeter.png
index 2ec1f99..80629c6 100644
--- a/features/images/TailsGreeter.png
+++ b/features/images/TailsGreeter.png
Binary files differ
diff --git a/features/images/TailsGreeterAddMoreOptions.png b/features/images/TailsGreeterAddMoreOptions.png
new file mode 100644
index 0000000..9c19635
--- /dev/null
+++ b/features/images/TailsGreeterAddMoreOptions.png
Binary files differ
diff --git a/features/images/TailsGreeterAdditionalSettingsAdd.png b/features/images/TailsGreeterAdditionalSettingsAdd.png
new file mode 100644
index 0000000..b944152
--- /dev/null
+++ b/features/images/TailsGreeterAdditionalSettingsAdd.png
Binary files differ
diff --git a/features/images/TailsGreeterAdditionalSettingsDialog.png b/features/images/TailsGreeterAdditionalSettingsDialog.png
new file mode 100644
index 0000000..292846b
--- /dev/null
+++ b/features/images/TailsGreeterAdditionalSettingsDialog.png
Binary files differ
diff --git a/features/images/TailsGreeterAdminPassword.png b/features/images/TailsGreeterAdminPassword.png
index 26eeaf3..db53075 100644
--- a/features/images/TailsGreeterAdminPassword.png
+++ b/features/images/TailsGreeterAdminPassword.png
Binary files differ
diff --git a/features/images/TailsGreeterDisableAllNetworking.png b/features/images/TailsGreeterDisableAllNetworking.png
index 066598d..4ad898d 100644
--- a/features/images/TailsGreeterDisableAllNetworking.png
+++ b/features/images/TailsGreeterDisableAllNetworking.png
Binary files differ
diff --git a/features/images/TailsGreeterDisableMACSpoofing.png b/features/images/TailsGreeterDisableMACSpoofing.png
new file mode 100644
index 0000000..2cc56be
--- /dev/null
+++ b/features/images/TailsGreeterDisableMACSpoofing.png
Binary files differ
diff --git a/features/images/TailsGreeterForward.png b/features/images/TailsGreeterForward.png
deleted file mode 100644
index 8df52ad..0000000
--- a/features/images/TailsGreeterForward.png
+++ /dev/null
Binary files differ
diff --git a/features/images/TailsGreeterLanguage.png b/features/images/TailsGreeterLanguage.png
index 145373d..f0afb95 100644
--- a/features/images/TailsGreeterLanguage.png
+++ b/features/images/TailsGreeterLanguage.png
Binary files differ
diff --git a/features/images/TailsGreeterLanguageGerman.png b/features/images/TailsGreeterLanguageGerman.png
index 29f1fe3..b25ab64 100644
--- a/features/images/TailsGreeterLanguageGerman.png
+++ b/features/images/TailsGreeterLanguageGerman.png
Binary files differ
diff --git a/features/images/TailsGreeterLanguagePopover.png b/features/images/TailsGreeterLanguagePopover.png
new file mode 100644
index 0000000..abad6f4
--- /dev/null
+++ b/features/images/TailsGreeterLanguagePopover.png
Binary files differ
diff --git a/features/images/TailsGreeterLoginButton.png b/features/images/TailsGreeterLoginButton.png
index 0e7849d..8b55428 100644
--- a/features/images/TailsGreeterLoginButton.png
+++ b/features/images/TailsGreeterLoginButton.png
Binary files differ
diff --git a/features/images/TailsGreeterLoginButtonGerman.png b/features/images/TailsGreeterLoginButtonGerman.png
index 52083bc..ddb5423 100644..120000
--- a/features/images/TailsGreeterLoginButtonGerman.png
+++ b/features/images/TailsGreeterLoginButtonGerman.png
Binary files differ
diff --git a/features/images/TailsGreeterMACSpoofing.png b/features/images/TailsGreeterMACSpoofing.png
index 9a1372a..58fa3b7 100644
--- a/features/images/TailsGreeterMACSpoofing.png
+++ b/features/images/TailsGreeterMACSpoofing.png
Binary files differ
diff --git a/features/images/TailsGreeterMoreOptions.png b/features/images/TailsGreeterMoreOptions.png
deleted file mode 100644
index 496ae99..0000000
--- a/features/images/TailsGreeterMoreOptions.png
+++ /dev/null
Binary files differ
diff --git a/features/images/TailsGreeterNetworkConnection.png b/features/images/TailsGreeterNetworkConnection.png
new file mode 100644
index 0000000..2e23af5
--- /dev/null
+++ b/features/images/TailsGreeterNetworkConnection.png
Binary files differ
diff --git a/features/images/TailsGreeterPersistence.png b/features/images/TailsGreeterPersistence.png
deleted file mode 100644
index 201b5f1..0000000
--- a/features/images/TailsGreeterPersistence.png
+++ /dev/null
Binary files differ
diff --git a/features/images/TailsGreeterPersistencePassphrase.png b/features/images/TailsGreeterPersistencePassphrase.png
index 93e2283..6ed1b50 100644
--- a/features/images/TailsGreeterPersistencePassphrase.png
+++ b/features/images/TailsGreeterPersistencePassphrase.png
Binary files differ
diff --git a/features/images/TailsGreeterPersistenceReadOnly.png b/features/images/TailsGreeterPersistenceReadOnly.png
index 43ef556..b9e232e 100644
--- a/features/images/TailsGreeterPersistenceReadOnly.png
+++ b/features/images/TailsGreeterPersistenceReadOnly.png
Binary files differ
diff --git a/features/images/TailsGreeterPersistenceUnlocked.png b/features/images/TailsGreeterPersistenceUnlocked.png
new file mode 100644
index 0000000..f1ff3a4
--- /dev/null
+++ b/features/images/TailsGreeterPersistenceUnlocked.png
Binary files differ
diff --git a/features/images/TailsGreeterSpecificTorConfiguration.png b/features/images/TailsGreeterSpecificTorConfiguration.png
new file mode 100644
index 0000000..408e059
--- /dev/null
+++ b/features/images/TailsGreeterSpecificTorConfiguration.png
Binary files differ
diff --git a/features/images/TailsGreeterTorConf.png b/features/images/TailsGreeterTorConf.png
deleted file mode 100644
index 98eb100..0000000
--- a/features/images/TailsGreeterTorConf.png
+++ /dev/null
Binary files differ
diff --git a/features/images/TailsGreeterWindowsCamouflage.png b/features/images/TailsGreeterWindowsCamouflage.png
deleted file mode 100644
index 08fdb83..0000000
--- a/features/images/TailsGreeterWindowsCamouflage.png
+++ /dev/null
Binary files differ
diff --git a/features/images/TailsInstallerNoQEMUHardDisk.png b/features/images/TailsInstallerNoQEMUHardDisk.png
deleted file mode 100644
index a92e43b..0000000
--- a/features/images/TailsInstallerNoQEMUHardDisk.png
+++ /dev/null
Binary files differ
diff --git a/features/images/TailsInstallerQEMUHardDisk.png b/features/images/TailsInstallerQEMUHardDisk.png
deleted file mode 100644
index c8dded0..0000000
--- a/features/images/TailsInstallerQEMUHardDisk.png
+++ /dev/null
Binary files differ
diff --git a/features/images/TailsInstallerTooSmallDevice.png b/features/images/TailsInstallerTooSmallDevice.png
deleted file mode 100644
index 51ec3cd..0000000
--- a/features/images/TailsInstallerTooSmallDevice.png
+++ /dev/null
Binary files differ
diff --git a/features/images/TailsUpgraderDone.png b/features/images/TailsUpgraderDone.png
index 4bbb10c..6e431f5 100644
--- a/features/images/TailsUpgraderDone.png
+++ b/features/images/TailsUpgraderDone.png
Binary files differ
diff --git a/features/images/TailsUpgraderFailure.png b/features/images/TailsUpgraderFailure.png
index 34cdf9f..e2809f7 100644
--- a/features/images/TailsUpgraderFailure.png
+++ b/features/images/TailsUpgraderFailure.png
Binary files differ
diff --git a/features/images/TailsUpgraderUpgradeNowButton.png b/features/images/TailsUpgraderUpgradeNowButton.png
index 8cf0cc9..a8f6f1f 100644
--- a/features/images/TailsUpgraderUpgradeNowButton.png
+++ b/features/images/TailsUpgraderUpgradeNowButton.png
Binary files differ
diff --git a/features/images/TailsUpgraderUpgradeTo1.1~test.png b/features/images/TailsUpgraderUpgradeTo1.1~test.png
index 2790588..fc23628 100644
--- a/features/images/TailsUpgraderUpgradeTo1.1~test.png
+++ b/features/images/TailsUpgraderUpgradeTo1.1~test.png
Binary files differ
diff --git a/features/images/TorBrowserAmnesicFilesBookmark.png b/features/images/TorBrowserAmnesicFilesBookmark.png
index 4930152..c7b053d 100644
--- a/features/images/TorBrowserAmnesicFilesBookmark.png
+++ b/features/images/TorBrowserAmnesicFilesBookmark.png
Binary files differ
diff --git a/features/images/TorBrowserOffline.png b/features/images/TorBrowserOffline.png
deleted file mode 100644
index 872dabd..0000000
--- a/features/images/TorBrowserOffline.png
+++ /dev/null
Binary files differ
diff --git a/features/images/TorBrowserOfflinePrompt.png b/features/images/TorBrowserOfflinePrompt.png
deleted file mode 100644
index 6d7ca8d..0000000
--- a/features/images/TorBrowserOfflinePrompt.png
+++ /dev/null
Binary files differ
diff --git a/features/images/TorBrowserOfflinePromptStart.png b/features/images/TorBrowserOfflinePromptStart.png
deleted file mode 100644
index 299aaed..0000000
--- a/features/images/TorBrowserOfflinePromptStart.png
+++ /dev/null
Binary files differ
diff --git a/features/images/TorBrowserOkButton.png b/features/images/TorBrowserOkButton.png
index 1d536f6..8cd4aae 100644
--- a/features/images/TorBrowserOkButton.png
+++ b/features/images/TorBrowserOkButton.png
Binary files differ
diff --git a/features/images/TorBrowserPersistentFilesBookmark.png b/features/images/TorBrowserPersistentFilesBookmark.png
index b99f44a..dcef887 100644
--- a/features/images/TorBrowserPersistentFilesBookmark.png
+++ b/features/images/TorBrowserPersistentFilesBookmark.png
Binary files differ
diff --git a/features/images/TorBrowserPrintDialog.png b/features/images/TorBrowserPrintDialog.png
index 8e9aa93..e460c7d 100644
--- a/features/images/TorBrowserPrintDialog.png
+++ b/features/images/TorBrowserPrintDialog.png
Binary files differ
diff --git a/features/images/TorBrowserSaveDialog.png b/features/images/TorBrowserSaveDialog.png
index 01de213..0daa4aa 100644
--- a/features/images/TorBrowserSaveDialog.png
+++ b/features/images/TorBrowserSaveDialog.png
Binary files differ
diff --git a/features/images/TorBrowserSaveOutputFileSelected.png b/features/images/TorBrowserSaveOutputFileSelected.png
index 8de38a9..fe436fd 100644
--- a/features/images/TorBrowserSaveOutputFileSelected.png
+++ b/features/images/TorBrowserSaveOutputFileSelected.png
Binary files differ
diff --git a/features/images/TorBrowserSavedStartupPage.png b/features/images/TorBrowserSavedStartupPage.png
index 0d43813..8e5f8fa 100644
--- a/features/images/TorBrowserSavedStartupPage.png
+++ b/features/images/TorBrowserSavedStartupPage.png
Binary files differ
diff --git a/features/images/TorLauncherConfigureButton.png b/features/images/TorLauncherConfigureButton.png
index 1acdcff..824ef8f 100644
--- a/features/images/TorLauncherConfigureButton.png
+++ b/features/images/TorLauncherConfigureButton.png
Binary files differ
diff --git a/features/images/TorLauncherFinishButton.png b/features/images/TorLauncherFinishButton.png
index cee5b53..b1e6b40 100644
--- a/features/images/TorLauncherFinishButton.png
+++ b/features/images/TorLauncherFinishButton.png
Binary files differ
diff --git a/features/images/TorLauncherNextButton.png b/features/images/TorLauncherNextButton.png
index a6c4aac..a2bf88a 100644
--- a/features/images/TorLauncherNextButton.png
+++ b/features/images/TorLauncherNextButton.png
Binary files differ
diff --git a/features/images/TorLauncherWindow.png b/features/images/TorLauncherWindow.png
index e381dbf..78eef6d 100644
--- a/features/images/TorLauncherWindow.png
+++ b/features/images/TorLauncherWindow.png
Binary files differ
diff --git a/features/images/TorStatusNotUsable.png b/features/images/TorStatusNotUsable.png
index 9aa534f..256badc 100644
--- a/features/images/TorStatusNotUsable.png
+++ b/features/images/TorStatusNotUsable.png
Binary files differ
diff --git a/features/images/TorStatusUsable.png b/features/images/TorStatusUsable.png
index 92f575a..56a82af 100644
--- a/features/images/TorStatusUsable.png
+++ b/features/images/TorStatusUsable.png
Binary files differ
diff --git a/features/images/TotemUnableToOpen.png b/features/images/TotemUnableToOpen.png
index 09467f4..665b3e2 100644
--- a/features/images/TotemUnableToOpen.png
+++ b/features/images/TotemUnableToOpen.png
Binary files differ
diff --git a/features/images/USBCannotUpgrade.png b/features/images/USBCannotUpgrade.png
deleted file mode 100644
index 6098a82..0000000
--- a/features/images/USBCannotUpgrade.png
+++ /dev/null
Binary files differ
diff --git a/features/images/USBCloneAndInstall.png b/features/images/USBCloneAndInstall.png
deleted file mode 100644
index 2e52866..0000000
--- a/features/images/USBCloneAndInstall.png
+++ /dev/null
Binary files differ
diff --git a/features/images/USBCloneAndUpgrade.png b/features/images/USBCloneAndUpgrade.png
deleted file mode 100644
index 14f01c6..0000000
--- a/features/images/USBCloneAndUpgrade.png
+++ /dev/null
Binary files differ
diff --git a/features/images/USBCreateLiveUSB.png b/features/images/USBCreateLiveUSB.png
deleted file mode 100644
index d9ca22b..0000000
--- a/features/images/USBCreateLiveUSB.png
+++ /dev/null
Binary files differ
diff --git a/features/images/USBCreateLiveUSBConfirmWindow.png b/features/images/USBCreateLiveUSBConfirmWindow.png
deleted file mode 100644
index 8a9cb6d..0000000
--- a/features/images/USBCreateLiveUSBConfirmWindow.png
+++ /dev/null
Binary files differ
diff --git a/features/images/USBCreateLiveUSBConfirmYes.png b/features/images/USBCreateLiveUSBConfirmYes.png
deleted file mode 100644
index ee68691..0000000
--- a/features/images/USBCreateLiveUSBConfirmYes.png
+++ /dev/null
Binary files differ
diff --git a/features/images/USBInstallationComplete.png b/features/images/USBInstallationComplete.png
deleted file mode 100644
index 4b4b44a..0000000
--- a/features/images/USBInstallationComplete.png
+++ /dev/null
Binary files differ
diff --git a/features/images/USBSelectISO.png b/features/images/USBSelectISO.png
deleted file mode 100644
index f5df2c6..0000000
--- a/features/images/USBSelectISO.png
+++ /dev/null
Binary files differ
diff --git a/features/images/USBUpgradeFromISO.png b/features/images/USBUpgradeFromISO.png
deleted file mode 100644
index c3ff256..0000000
--- a/features/images/USBUpgradeFromISO.png
+++ /dev/null
Binary files differ
diff --git a/features/images/USBUseLiveSystemISO.png b/features/images/USBUseLiveSystemISO.png
deleted file mode 100644
index 150c801..0000000
--- a/features/images/USBUseLiveSystemISO.png
+++ /dev/null
Binary files differ
diff --git a/features/images/UnsafeBrowserDNSError.png b/features/images/UnsafeBrowserDNSError.png
deleted file mode 100644
index 6e8f900..0000000
--- a/features/images/UnsafeBrowserDNSError.png
+++ /dev/null
Binary files differ
diff --git a/features/images/UnsafeBrowserExportBookmarksSavePrompt.png b/features/images/UnsafeBrowserExportBookmarksSavePrompt.png
index c801531..f6fbaea 100644
--- a/features/images/UnsafeBrowserExportBookmarksSavePrompt.png
+++ b/features/images/UnsafeBrowserExportBookmarksSavePrompt.png
Binary files differ
diff --git a/features/images/UnsafeBrowserProxySettingsOkButton.png b/features/images/UnsafeBrowserProxySettingsOkButton.png
index 251ceb8..93840ce 100644
--- a/features/images/UnsafeBrowserProxySettingsOkButton.png
+++ b/features/images/UnsafeBrowserProxySettingsOkButton.png
Binary files differ
diff --git a/features/images/UnsafeBrowserWarnAlreadyRunning.png b/features/images/UnsafeBrowserWarnAlreadyRunning.png
index 7a881f3..96a4214 100644
--- a/features/images/UnsafeBrowserWarnAlreadyRunning.png
+++ b/features/images/UnsafeBrowserWarnAlreadyRunning.png
Binary files differ
diff --git a/features/localization.feature b/features/localization.feature
index 2697ff8..f5c683d 100644
--- a/features/localization.feature
+++ b/features/localization.feature
@@ -8,7 +8,7 @@ Feature: Localization
Scenario: The Report an Error launcher will open the support documentation in supported non-English locales
Given I have started Tails from DVD without network and stopped at Tails Greeter's login screen
And I log in to a new session in German
- When I double-click the Report an Error launcher on the desktop
+ When I double-click on the Report an Error launcher on the desktop
Then the support documentation page opens in Tor Browser
#11711
diff --git a/features/mac_spoofing.feature b/features/mac_spoofing.feature
index c775841..c6bdb27 100644
--- a/features/mac_spoofing.feature
+++ b/features/mac_spoofing.feature
@@ -11,8 +11,7 @@ Feature: Spoofing MAC addresses
And the network is plugged
Scenario: MAC address spoofing is disabled
- When I enable more Tails Greeter options
- And I disable MAC spoofing in Tails Greeter
+ When I disable MAC spoofing in Tails Greeter
And I log in to a new session
And Tor is ready
Then 1 network interface is enabled
@@ -31,7 +30,8 @@ Feature: Spoofing MAC addresses
Scenario: MAC address spoofing fails and macchanger returns false
Given macchanger will fail by not spoofing and always returns false
When I log in to a new session
- And see the "Network card disabled" notification
+ # XXX: workaround for #11941
+ And I see the "Network card disabled" notification after at most 60 seconds
Then no network interfaces are enabled
And the real MAC address was not leaked
@@ -40,7 +40,8 @@ Feature: Spoofing MAC addresses
Scenario: MAC address spoofing fails and macchanger returns true
Given macchanger will fail by not spoofing and always returns true
When I log in to a new session
- And see the "Network card disabled" notification
+ # XXX: workaround for #11941
+ And I see the "Network card disabled" notification after at most 60 seconds
Then no network interfaces are enabled
And the real MAC address was not leaked
@@ -50,7 +51,7 @@ Feature: Spoofing MAC addresses
Given macchanger will fail by not spoofing and always returns true
And no network interface modules can be unloaded
When I log in to a new session
- And see the "All networking disabled" notification
+ And I see the "All networking disabled" notification after at most 60 seconds
Then 1 network interface is enabled
But the MAC spoofing panic mode disabled networking
And the real MAC address was not leaked
diff --git a/features/networking.feature b/features/networking.feature
index a5e15b2..ca80657 100644
--- a/features/networking.feature
+++ b/features/networking.feature
@@ -13,15 +13,14 @@ Feature: Networking
Scenario: The Tails Greeter "disable all networking" option disables networking within Tails
Given I have started Tails from DVD without network and stopped at Tails Greeter's login screen
- And I enable more Tails Greeter options
And I disable all networking in the Tails Greeter
And I log in to a new session
Then no network interfaces are enabled
#11463
@fragile
- Scenario: The 'Tor is ready' notification is shown when Tor has bootstrapped
+ Scenario: The "Tor is ready" notification is shown when Tor has bootstrapped
Given I have started Tails from DVD without network and logged in
And the network is plugged
- When I see the 'Tor is ready' notification
- Then Tor is ready
+ When Tor is ready
+ Then I see the "Tor is ready" notification after at most 30 seconds
diff --git a/features/persistence.feature b/features/persistence.feature
index c7416e4..7d37a4a 100644
--- a/features/persistence.feature
+++ b/features/persistence.feature
@@ -17,32 +17,46 @@ Feature: Tails persistence
And all persistent directories have safe access rights
When I disable the first persistence preset
And I shutdown Tails and wait for the computer to power off
- And I start Tails from USB drive "__internal" with network unplugged and I login with read-only persistence enabled
+ And I start Tails from USB drive "__internal" with network unplugged and I login with persistence enabled
Then all persistence presets but the first one are enabled
- Scenario: Writing files first to a read/write-enabled persistent partition, and then to a read-only-enabled persistent partition
+ Scenario: Writing files to a read/write-enabled persistent partition
Given I have started Tails without network from a USB drive with a persistent partition enabled and logged in
And the network is plugged
And Tor is ready
And I take note of which persistence presets are available
When I write some files expected to persist
- And I add a wired DHCP NetworkManager connection called "persistent-con"
And I shutdown Tails and wait for the computer to power off
# XXX: The next step succeeds (and the --debug output confirms that it's actually looking for the files) but will fail in a subsequent scenario restoring the same snapshot. This exactly what we want, but why does it work? What is guestfs's behaviour when qcow2 internal snapshots are involved?
Then only the expected files are present on the persistence partition on USB drive "__internal"
- Given I start Tails from USB drive "__internal" with network unplugged and I login with read-only persistence enabled
+
+ Scenario: Creating and using a persistent NetworkManager connection
+ Given I have started Tails without network from a USB drive with a persistent partition enabled and logged in
And the network is plugged
And Tor is ready
- Then Tails is running from USB drive "__internal"
- And the boot device has safe access rights
- And all persistence presets are enabled
- And I switch to the "persistent-con" NetworkManager connection
- And there is no GNOME bookmark for the persistent Tor Browser directory
- And I write some files not expected to persist
- And I remove some files expected to persist
- And I take note of which persistence presets are available
+ And I add a current wired DHCP NetworkManager connection called "persistent-con-current"
And I shutdown Tails and wait for the computer to power off
- Then only the expected files are present on the persistence partition on USB drive "__internal"
+ Given I start Tails from USB drive "__internal" with network unplugged and I login with persistence enabled
+ And I capture all network traffic
+ And the network is plugged
+ And Tor is ready
+ And I switch to the "persistent-con-current" NetworkManager connection
+ And the network device has a spoofed MAC address configured
+ And the real MAC address was not leaked
+
+ Scenario: Creating and using a Jessie-area persistent NetworkManager connection
+ Given I have started Tails without network from a USB drive with a persistent partition enabled and logged in
+ And the network is plugged
+ And Tor is ready
+ And I add a 2.x wired DHCP NetworkManager connection called "persistent-con-2.x"
+ And I shutdown Tails and wait for the computer to power off
+ Given I start Tails from USB drive "__internal" with network unplugged and I login with persistence enabled
+ And I capture all network traffic
+ And the network is plugged
+ And Tor is ready
+ And I switch to the "persistent-con-2.x" NetworkManager connection
+ And the network device has a spoofed MAC address configured
+ And the real MAC address was not leaked
Scenario: Deleting a Tails persistent partition
Given I have started Tails without network from a USB drive with a persistent partition and stopped at Tails Greeter's login screen
diff --git a/features/pidgin.feature b/features/pidgin.feature
index 84ec5dd..0ccbb0c 100644
--- a/features/pidgin.feature
+++ b/features/pidgin.feature
@@ -11,7 +11,7 @@ Feature: Chatting anonymously using Pidgin
@check_tor_leaks @fragile
Scenario: Chatting with some friend over XMPP
Given I have started Tails from DVD and logged in and the network is connected
- When I start Pidgin through the GNOME menu
+ When I start "Pidgin Internet Messenger" via the GNOME "Internet" applications menu
Then I see Pidgin's account manager window
When I create my XMPP account
And I close Pidgin's account manager window
@@ -25,7 +25,7 @@ Feature: Chatting anonymously using Pidgin
@check_tor_leaks @fragile
Scenario: Chatting with some friend over XMPP in a multi-user chat
Given I have started Tails from DVD and logged in and the network is connected
- When I start Pidgin through the GNOME menu
+ When I start "Pidgin Internet Messenger" via the GNOME "Internet" applications menu
Then I see Pidgin's account manager window
When I create my XMPP account
And I close Pidgin's account manager window
@@ -40,13 +40,13 @@ Feature: Chatting anonymously using Pidgin
Then I see the Tails roadmap URL
When I wait 10 seconds
And I click on the Tails roadmap URL
- Then the Tor Browser has started and loaded the Tails roadmap
+ Then the Tor Browser loads the Tails roadmap
#11453
@check_tor_leaks @fragile
Scenario: Chatting with some friend over XMPP and with OTR
Given I have started Tails from DVD and logged in and the network is connected
- When I start Pidgin through the GNOME menu
+ When I start "Pidgin Internet Messenger" via the GNOME "Internet" applications menu
Then I see Pidgin's account manager window
When I create my XMPP account
And I close Pidgin's account manager window
@@ -64,7 +64,7 @@ Feature: Chatting anonymously using Pidgin
Scenario: Connecting to the tails multi-user chat with my XMPP account
Given I have started Tails from DVD and logged in and the network is connected
And Pidgin has the expected accounts configured with random nicknames
- When I start Pidgin through the GNOME menu
+ When I start "Pidgin Internet Messenger" via the GNOME "Internet" applications menu
Then I see Pidgin's account manager window
And I create my XMPP account
And I close Pidgin's account manager window
@@ -73,14 +73,14 @@ Feature: Chatting anonymously using Pidgin
Scenario: Adding a certificate to Pidgin
Given I have started Tails from DVD and logged in and the network is connected
- And I start Pidgin through the GNOME menu
+ And I start "Pidgin Internet Messenger" via the GNOME "Internet" applications menu
And I see Pidgin's account manager window
And I close Pidgin's account manager window
Then I can add a certificate from the "/home/amnesia" directory to Pidgin
Scenario: Failing to add a certificate to Pidgin
Given I have started Tails from DVD and logged in and the network is connected
- When I start Pidgin through the GNOME menu
+ When I start "Pidgin Internet Messenger" via the GNOME "Internet" applications menu
And I see Pidgin's account manager window
And I close Pidgin's account manager window
Then I cannot add a certificate from the "/home/amnesia/.gnupg" directory to Pidgin
@@ -100,7 +100,7 @@ Feature: Chatting anonymously using Pidgin
And Tor is ready
And available upgrades have been checked
And all notifications have disappeared
- When I start Pidgin through the GNOME menu
+ When I start "Pidgin Internet Messenger" via the GNOME "Internet" applications menu
Then I see Pidgin's account manager window
When I create my XMPP account
And I close Pidgin's account manager window
@@ -114,7 +114,7 @@ Feature: Chatting anonymously using Pidgin
And I start Tails from USB drive "__internal" and I login with persistence enabled
And Pidgin has the expected persistent accounts configured
# And Pidgin has the expected persistent OTR keys
- When I start Pidgin through the GNOME menu
+ When I start "Pidgin Internet Messenger" via the GNOME "Internet" applications menu
Then Pidgin automatically enables my XMPP account
And I join some empty multi-user chat
# Exercise Pidgin AppArmor profile with persistence enabled.
diff --git a/features/step_definitions/apt.rb b/features/step_definitions/apt.rb
index 0af7703..9aec34f 100644
--- a/features/step_definitions/apt.rb
+++ b/features/step_definitions/apt.rb
@@ -51,20 +51,29 @@ When /^I update APT using apt$/ do
end
end
-Then /^I should be able to install a package using apt$/ do
- package = "cowsay"
+Then /^I install "(.+)" using apt$/ do |package_name|
recovery_proc = Proc.new do
step 'I kill the process "apt"'
- $vm.execute("apt purge #{package}")
+ $vm.execute("apt purge #{package_name}")
end
retry_tor(recovery_proc) do
Timeout::timeout(2*60) do
$vm.execute_successfully("echo #{@sudo_password} | " +
- "sudo -S apt install #{package}",
+ "sudo -S apt install #{package_name}",
:user => LIVE_USER)
end
end
- step "package \"#{package}\" is installed"
+end
+
+When /^I start Synaptic$/ do
+ step 'I start "Synaptic Package Manager" via the GNOME "System Tools" applications menu'
+ deal_with_polkit_prompt(@sudo_password)
+ @synaptic = Dogtail::Application.new('synaptic')
+ # The seemingly spurious space is needed because that is how this
+ # frame is named...
+ @synaptic.child(
+ 'Synaptic Package Manager ', roleName: 'frame', recursive: false
+ )
end
When /^I update APT using Synaptic$/ do
@@ -73,16 +82,13 @@ When /^I update APT using Synaptic$/ do
step "I start Synaptic"
end
retry_tor(recovery_proc) do
- try_for(60, :msg => "Failed to trigger the reload of the package list") {
- # here using the Synaptic keyboard shortcut is more effective on retries.
- @screen.type("r", Sikuli::KeyModifier.CTRL)
- @screen.wait('SynapticReloadPrompt.png', 10)
- }
+ @synaptic.button('Reload').click
try_for(15*60, :msg => "Took too much time to download the APT data") {
!$vm.has_process?("/usr/lib/apt/methods/tor+http")
}
- if @screen.exists('SynapticFailure.png')
- raise "Updating APT with Synaptic failed."
+ assert_raise(RuntimeError) do
+ @synaptic.child(roleName: 'dialog', recursive: false)
+ .child('Error', roleName: 'icon', retry: false)
end
if !$vm.has_process?("synaptic")
raise "Synaptic process vanished, did it segfault again?"
@@ -90,30 +96,28 @@ When /^I update APT using Synaptic$/ do
end
end
-Then /^I should be able to install a package using Synaptic$/ do
- package = "cowsay"
+Then /^I install "(.+)" using Synaptic$/ do |package_name|
recovery_proc = Proc.new do
step 'I kill the process "synaptic"'
- $vm.execute("apt -y purge #{package}")
+ $vm.execute("apt -y purge #{package_name}")
step "I start Synaptic"
end
retry_tor(recovery_proc) do
- try_for(60) do
- @screen.wait_and_click('SynapticSearchButton.png', 10)
- @screen.wait_and_click('SynapticSearchWindow.png', 10)
+ @synaptic.button('Search').click
+ find_dialog = @synaptic.dialog('Find')
+ find_dialog.child(roleName: 'text').typeText(package_name)
+ find_dialog.button('Search').click
+ package_list = @synaptic.child('Installed Version',
+ roleName: 'table column header').parent
+ package_entry = package_list.child(package_name, roleName: 'table cell')
+ package_entry.doubleClick
+ @synaptic.button('Apply').click
+ apply_prompt = nil
+ try_for(60) { apply_prompt = @synaptic.dialog('Summary'); true }
+ apply_prompt.button('Apply').click
+ try_for(4*60) do
+ @synaptic.child('Changes applied', roleName: 'frame', recursive: false)
+ true
end
- @screen.type(package + Sikuli::Key.ENTER)
- @screen.wait_and_double_click('SynapticCowsaySearchResult.png', 20)
- @screen.wait_and_click('SynapticApplyButton.png', 10)
- @screen.wait('SynapticApplyPrompt.png', 60)
- @screen.type(Sikuli::Key.ENTER)
- @screen.wait('SynapticChangesAppliedPrompt.png', 4*60)
- step "package \"#{package}\" is installed"
end
end
-
-When /^I start Synaptic$/ do
- step 'I start "Synaptic Package Manager" via the GNOME "System Tools" applications menu'
- deal_with_polkit_prompt('PolicyKitAuthPrompt.png', @sudo_password)
- @screen.wait('SynapticLoaded.png', 30)
-end
diff --git a/features/step_definitions/browser.rb b/features/step_definitions/browser.rb
index fe7560e..8146253 100644
--- a/features/step_definitions/browser.rb
+++ b/features/step_definitions/browser.rb
@@ -1,7 +1,3 @@
-Then /^I see the Unsafe Browser start notification and wait for it to close$/ do
- robust_notification_wait("UnsafeBrowserStartNotification.png", 60)
-end
-
Then /^the Unsafe Browser has started$/ do
@screen.wait("UnsafeBrowserHomepage.png", 360)
end
@@ -13,7 +9,7 @@ end
When /^I successfully start the Unsafe Browser$/ do
step "I start the Unsafe Browser"
step "I see and accept the Unsafe Browser start verification"
- step "I see the Unsafe Browser start notification and wait for it to close"
+ step "I see the \"Starting the Unsafe Browser...\" notification after at most 60 seconds"
step "the Unsafe Browser has started"
end
@@ -21,10 +17,6 @@ When /^I close the Unsafe Browser$/ do
@screen.type("q", Sikuli::KeyModifier.CTRL)
end
-Then /^I see the Unsafe Browser stop notification$/ do
- robust_notification_wait("UnsafeBrowserStopNotification.png", 60)
-end
-
def xul_application_info(application)
binary = $vm.execute_successfully(
'echo ${TBB_INSTALL}/firefox', :libs => 'tor-browser'
@@ -117,13 +109,12 @@ Then /^"([^"]+)" has loaded in the Tor Browser$/ do |title|
reload_action = 'Reload current page'
end
expected_title = "#{title} - #{browser_name}"
- app = Dogtail::Application.new('Firefox')
- try_for(60) { app.child(expected_title, roleName: 'frame') }
+ try_for(60) { @torbrowser.child(expected_title, roleName: 'frame') }
# The 'Reload current page' button (graphically shown as a looping
# arrow) is only shown when a page has loaded, so once we see the
# expected title *and* this button has appeared, then we can be sure
# that the page has fully loaded.
- try_for(60) { app.child(reload_action, roleName: 'push button') }
+ try_for(60) { @torbrowser.child(reload_action, roleName: 'push button') }
end
Then /^the (.*) has no plugins installed$/ do |browser|
@@ -221,8 +212,7 @@ Then /^Tails homepage loads in the Unsafe Browser$/ do
end
Then /^the Tor Browser shows the "([^"]+)" error$/ do |error|
- firefox = Dogtail::Application.new('Firefox')
- page = firefox.child("Problem loading page", roleName: "document frame")
+ page = @torbrowser.child("Problem loading page", roleName: "document frame")
headers = page.children(roleName: "heading")
found = headers.any? { |heading| heading.text == error }
raise "Could not find the '#{error}' error in the Tor Browser" unless found
diff --git a/features/step_definitions/checks.rb b/features/step_definitions/checks.rb
index dda5af5..142141a 100644
--- a/features/step_definitions/checks.rb
+++ b/features/step_definitions/checks.rb
@@ -35,14 +35,6 @@ Then /^the shipped (?:Debian repository key|OpenPGP key ([A-Z0-9]+)) will be val
end
end
-Then /^I double-click the Report an Error launcher on the desktop$/ do
- # Sometimes the double-click is lost (#12131).
- retry_action(10) do
- @screen.wait_and_double_click('DesktopReportAnError.png', 30)
- step 'the Tor Browser has started'
- end
-end
-
Then /^the live user has been setup by live\-boot$/ do
assert($vm.execute("test -e /var/lib/live/config/user-setup").success?,
"live-boot failed its user-setup")
@@ -73,20 +65,12 @@ Then /^the live user owns its home dir and it has normal permissions$/ do
end
Then /^no unexpected services are listening for network connections$/ do
- netstat_cmd = $vm.execute("netstat -ltupn")
- assert netstat_cmd.success?
- for line in netstat_cmd.stdout.chomp.split("\n") do
+ for line in $vm.execute_successfully("ss -ltupn").stdout.chomp.split("\n") do
splitted = line.split(/[[:blank:]]+/)
proto = splitted[0]
- if proto == "tcp"
- proc_index = 6
- elsif proto == "udp"
- proc_index = 5
- else
- next
- end
- laddr, lport = splitted[3].split(":")
- proc = splitted[proc_index].split("/")[1]
+ next unless ['tcp', 'udp'].include?(proto)
+ laddr, lport = splitted[4].split(":")
+ proc = /users:\(\("([^"]+)"/.match(splitted[6])[1]
# Services listening on loopback is not a threat
if /127(\.[[:digit:]]{1,3}){3}/.match(laddr).nil?
if SERVICES_EXPECTED_ON_ALL_IFACES.include? [proc, laddr, lport] or
@@ -100,33 +84,11 @@ Then /^no unexpected services are listening for network connections$/ do
end
end
-When /^Tails has booted a 32-bit kernel$/ do
- assert(! $vm.execute("uname -r | grep -qs 'amd64$'").success?,
- "Tails has not booted a 32-bit kernel.")
-end
-
When /^Tails has booted a 64-bit kernel$/ do
assert($vm.execute("uname -r | grep -qs 'amd64$'").success?,
"Tails has not booted a 64-bit kernel.")
end
-Then /^there is no screenshot in the live user's Pictures directory$/ do
- pictures_directory = "/home/#{LIVE_USER}/Pictures"
- assert($vm.execute(
- "find '#{pictures_directory}' -name 'Screenshot*.png' -maxdepth 1"
- ).stdout.empty?,
- "Existing screenshots were found in the live user's Pictures directory.")
-end
-
-Then /^a screenshot is saved to the live user's Pictures directory$/ do
- pictures_directory = "/home/#{LIVE_USER}/Pictures"
- try_for(10, :msg=> "No screenshot was created in #{pictures_directory}") do
- !$vm.execute(
- "find '#{pictures_directory}' -name 'Screenshot*.png' -maxdepth 1"
- ).stdout.empty?
- end
-end
-
Then /^the VirtualBox guest modules are available$/ do
assert($vm.execute("modinfo vboxguest").success?,
"The vboxguest module is not available.")
@@ -141,7 +103,7 @@ Then /^the support documentation page opens in Tor Browser$/ do
expected_heading = 'Search the documentation'
end
step "\"#{expected_title}\" has loaded in the Tor Browser"
- headings = Dogtail::Application.new('Firefox')
+ headings = @torbrowser
.child(expected_title, roleName: 'document frame')
.children(roleName: 'heading')
assert(
@@ -256,12 +218,10 @@ Then /^tails-debugging-info is not susceptible to symlink attacks$/ do
end
When /^I disable all networking in the Tails Greeter$/ do
- begin
- @screen.click('TailsGreeterDisableAllNetworking.png')
- rescue FindFailed
- @screen.type(Sikuli::Key.PAGE_DOWN)
- @screen.click('TailsGreeterDisableAllNetworking.png')
- end
+ open_greeter_additional_settings()
+ @screen.wait_and_click('TailsGreeterNetworkConnection.png', 30)
+ @screen.wait_and_click('TailsGreeterDisableAllNetworking.png', 10)
+ @screen.wait_and_click("TailsGreeterAdditionalSettingsAdd.png", 10)
end
Then /^the Tor Status icon tells me that Tor is( not)? usable$/ do |not_usable|
diff --git a/features/step_definitions/chutney.rb b/features/step_definitions/chutney.rb
index 0b24b31..8587077 100644
--- a/features/step_definitions/chutney.rb
+++ b/features/step_definitions/chutney.rb
@@ -1,9 +1,12 @@
+def chutney_src_dir
+ "#{GIT_DIR}/submodules/chutney"
+end
+
def ensure_chutney_is_running
# Ensure that a fresh chutney instance is running, and that it will
# be cleaned upon exit. We only do it once, though, since the same
# setup can be used throughout the same test suite run.
if not($chutney_initialized)
- chutney_src_dir = "#{GIT_DIR}/submodules/chutney"
chutney_listen_address = $vmnet.bridge_ip_addr
chutney_script = "#{chutney_src_dir}/chutney"
assert(
@@ -112,7 +115,6 @@ When /^I configure Tails to use a simulated Tor network$/ do
]
# We run one client in chutney so we easily can grep the generated
# DirAuthority lines and use them.
- chutney_src_dir = "#{GIT_DIR}/submodules/chutney"
client_torrcs = Dir.glob(
"#{$config['TMPDIR']}/chutney-data/nodes/*client/torrc"
)
@@ -126,3 +128,54 @@ end
When /^Tails is using the real Tor network$/ do
assert($vm.execute('grep "TestingTorNetwork 1" /etc/torrc').failure?)
end
+
+def chutney_onionservice_info
+ hs_hostname_file_path = Dir.glob(
+ "#{$config['TMPDIR']}/chutney-data/nodes/*hs/hidden_service/hostname"
+ ).first
+ hs_hostname = open(hs_hostname_file_path, 'r') do |f|
+ f.read.chomp
+ end
+ hs_torrc_path = Dir.glob(
+ "#{$config['TMPDIR']}/chutney-data/nodes/*hs/torrc"
+ ).first
+ _, hs_port, local_address_port = open(hs_torrc_path, 'r') do |f|
+ f.grep(/^HiddenServicePort/).first.split
+ end
+ local_address, local_port = local_address_port.split(':')
+ [local_address, local_port, hs_hostname, hs_port]
+end
+
+def chutney_onionservice_redir(remote_address, remote_port)
+ kill_redir = Proc.new do
+ begin
+ Process.kill("TERM", $chutney_onionservice_job.pid)
+ rescue
+ # noop
+ end
+ end
+ if $chutney_onionservice_job
+ kill_redir.call
+ end
+ local_address, local_port, _ = chutney_onionservice_info
+ # XXX:Stretch: revert the commit introducing this command once we
+ # stop supporting the test suite on Debian Jessie.
+ redir_cmd = ['/usr/bin/redir']
+ redir_version = Gem::Version.new(cmd_helper(redir_cmd + ['--version']))
+ if redir_version < Gem::Version.new('3.0')
+ redir_cmd += [
+ "--laddr", local_address,
+ "--lport", local_port,
+ "--caddr", remote_address,
+ "--cport", remote_port,
+ ]
+ else
+ redir_cmd += [
+ "#{local_address}:#{local_port}",
+ "#{remote_address}:#{remote_port}",
+ ]
+ end
+ $chutney_onionservice_job = IO.popen(redir_cmd)
+ add_after_scenario_hook { kill_redir.call }
+ return $chutney_onionservice_job
+end
diff --git a/features/step_definitions/common_steps.rb b/features/step_definitions/common_steps.rb
index ff0e33d..214f00b 100644
--- a/features/step_definitions/common_steps.rb
+++ b/features/step_definitions/common_steps.rb
@@ -23,43 +23,6 @@ def context_menu_helper(top, bottom, menu_item)
end
end
-# This helper requires that the notification image is the one shown in
-# the notification applet's list, not the notification pop-up.
-def robust_notification_wait(notification_image, time_to_wait)
- error_msg = "Didn't not manage to open the notification applet"
- wait_start = Time.now
- try_for(time_to_wait, :delay => 0, :msg => error_msg) do
- @screen.hide_cursor
- @screen.click("GnomeNotificationApplet.png")
- @screen.wait("GnomeNotificationAppletOpened.png", 10)
- end
-
- error_msg = "Didn't not see notification '#{notification_image}'"
- time_to_wait -= (Time.now - wait_start).ceil
- try_for(time_to_wait, :delay => 0, :msg => error_msg) do
- found = false
- entries = @screen.findAll("GnomeNotificationEntry.png")
- while(entries.hasNext) do
- entry = entries.next
- @screen.hide_cursor
- @screen.click(entry)
- close_entry = @screen.wait("GnomeNotificationEntryClose.png", 10)
- if @screen.exists(notification_image)
- found = true
- @screen.click(close_entry)
- break
- else
- @screen.click(entry)
- end
- end
- found
- end
-
- # Close the notification applet
- @screen.type(Sikuli::Key.ESC)
- @screen.waitVanish('GnomeNotificationAppletOpened.png', 10)
-end
-
def post_snapshot_restore_hook
$vm.wait_until_remote_shell_is_up
post_vm_start_hook
@@ -156,49 +119,43 @@ end
Given /^I start Tails( from DVD)?( with network unplugged)?( and I login)?$/ do |dvd_boot, network_unplugged, do_login|
step "the computer is set to boot from the Tails DVD" if dvd_boot
- if network_unplugged.nil?
- step "the network is plugged"
- else
+ if network_unplugged
step "the network is unplugged"
+ else
+ step "the network is plugged"
end
step "I start the computer"
step "the computer boots Tails"
if do_login
step "I log in to a new session"
- if network_unplugged.nil?
- step "Tor is ready"
+ if network_unplugged
step "all notifications have disappeared"
- step "available upgrades have been checked"
else
+ step "Tor is ready"
step "all notifications have disappeared"
+ step "available upgrades have been checked"
end
end
end
-Given /^I start Tails from (.+?) drive "(.+?)"(| with network unplugged)( and I login(| with(| read-only) persistence enabled))?$/ do |drive_type, drive_name, network_unplugged, do_login, persistence_on, persistence_ro|
+Given /^I start Tails from (.+?) drive "(.+?)"( with network unplugged)?( and I login( with persistence enabled)?)?$/ do |drive_type, drive_name, network_unplugged, do_login, persistence_on|
step "the computer is set to boot from #{drive_type} drive \"#{drive_name}\""
- if network_unplugged.empty?
- step "the network is plugged"
- else
+ if network_unplugged
step "the network is unplugged"
+ else
+ step "the network is plugged"
end
step "I start the computer"
step "the computer boots Tails"
if do_login
- if ! persistence_on.empty?
- if persistence_ro.empty?
- step "I enable persistence"
- else
- step "I enable read-only persistence"
- end
- end
+ step "I enable persistence" if persistence_on
step "I log in to a new session"
- if network_unplugged.empty?
- step "Tor is ready"
+ if network_unplugged
step "all notifications have disappeared"
- step "available upgrades have been checked"
else
+ step "Tor is ready"
step "all notifications have disappeared"
+ step "available upgrades have been checked"
end
end
end
@@ -290,11 +247,12 @@ Given /^Tails is at the boot menu's cmdline( after rebooting)?$/ do |reboot|
'resetting...')
dealt_with_uefi_setup = false
$vm.reset
- retry
+ raise e
ensure
Process.kill("TERM", tab_spammer.pid)
tab_spammer.close
end
+ true
end
end
@@ -312,7 +270,10 @@ Given /^I log in to a new session(?: in )?(|German)$/ do |lang|
when 'German'
@language = "German"
@screen.wait_and_click('TailsGreeterLanguage.png', 10)
- @screen.wait_and_click("TailsGreeterLanguage#{@language}.png", 10)
+ @screen.wait('TailsGreeterLanguagePopover.png', 10)
+ @screen.type(@language)
+ sleep(2) # Gtk needs some time to filter the results
+ @screen.type(Sikuli::Key.ENTER)
@screen.wait_and_click("TailsGreeterLoginButton#{@language}.png", 10)
when ''
@screen.wait_and_click('TailsGreeterLoginButton.png', 10)
@@ -323,22 +284,29 @@ Given /^I log in to a new session(?: in )?(|German)$/ do |lang|
step 'the Tails desktop is ready'
end
-Given /^I enable more Tails Greeter options$/ do
- match = @screen.find('TailsGreeterMoreOptions.png')
- @screen.click(match.getCenter.offset(match.w/2, match.h*2))
- @screen.wait_and_click('TailsGreeterForward.png', 20)
- @screen.wait('TailsGreeterLoginButton.png', 20)
+def open_greeter_additional_settings
+ @screen.click('TailsGreeterAddMoreOptions.png')
+ @screen.wait('TailsGreeterAdditionalSettingsDialog.png', 10)
+end
+
+Given /^I open Tails Greeter additional settings dialog$/ do
+ open_greeter_additional_settings()
end
Given /^I enable the specific Tor configuration option$/ do
- @screen.click('TailsGreeterTorConf.png')
+ open_greeter_additional_settings()
+ @screen.wait_and_click('TailsGreeterNetworkConnection.png', 30)
+ @screen.wait_and_click("TailsGreeterSpecificTorConfiguration.png", 10)
+ @screen.wait_and_click("TailsGreeterAdditionalSettingsAdd.png", 10)
end
Given /^I set an administration password$/ do
- @screen.wait("TailsGreeterAdminPassword.png", 20)
+ open_greeter_additional_settings()
+ @screen.wait_and_click("TailsGreeterAdminPassword.png", 20)
@screen.type(@sudo_password)
@screen.type(Sikuli::Key.TAB)
@screen.type(@sudo_password)
+ @screen.type(Sikuli::Key.ENTER)
end
Given /^Tails Greeter has applied all settings$/ do
@@ -346,22 +314,15 @@ Given /^Tails Greeter has applied all settings$/ do
# a logind session is opened for LIVE_USER.
try_for(120) {
$vm.execute_successfully("loginctl").stdout
- .match(/^\s*\S+\s+\d+\s+#{LIVE_USER}\s+seat\d+\s*$/) != nil
+ .match(/^\s*\S+\s+\d+\s+#{LIVE_USER}\s+seat\d+\s+\S+\s*$/) != nil
}
end
-def florence_keyboard_is_visible
- $vm.execute(
- "xdotool search --all --onlyvisible --maxdepth 1 --classname 'Florence'",
- :user => LIVE_USER,
- ).success?
-end
-
Given /^the Tails desktop is ready$/ do
desktop_started_picture = "GnomeApplicationsMenu#{@language}.png"
- # We wait for the Florence icon to be displayed to ensure reliable systray icon clicking.
- @screen.wait("GnomeSystrayFlorence.png", 180)
@screen.wait(desktop_started_picture, 180)
+ # We wait for the Florence icon to be displayed to ensure reliable systray icon clicking.
+ @screen.wait("GnomeSystrayFlorence.png", 30)
# Disable screen blanking since we sometimes need to wait long
# enough for it to activate, which can mess with Sikuli wait():ing
# for some image.
@@ -374,19 +335,17 @@ Given /^the Tails desktop is ready$/ do
'gsettings set org.gnome.desktop.interface toolkit-accessibility true',
:user => LIVE_USER,
)
- # Sometimes the Florence window is not hidden on startup (#11398).
- # Whenever that's the case, hide it ourselves and verify that it vanishes.
- # I could not find that window using Accerciser, so I'm not using dogtail;
- # and it doesn't feel worth it to add an image and use Sikuli, since we can
- # instead do this programmatically with xdotool.
- if florence_keyboard_is_visible
- @screen.click("GnomeSystrayFlorence.png")
- try_for(5, delay: 0.1) { ! florence_keyboard_is_visible }
- end
end
-When /^I see the 'Tor is ready' notification$/ do
- robust_notification_wait('TorIsReadyNotification.png', 300)
+When /^I see the "(.+)" notification(?: after at most (\d+) seconds)?$/ do |title, timeout|
+ timeout = timeout ? timeout.to_i : nil
+ gnome_shell = Dogtail::Application.new('gnome-shell')
+ notification_list = gnome_shell.child(
+ 'No Notifications', roleName: 'label', showingOnly: false
+ ).parent.parent
+ try_for(timeout) do
+ notification_list.child?(title, roleName: 'label', showingOnly: false)
+ end
end
Given /^Tor is ready$/ do
@@ -403,26 +362,38 @@ Given /^Tor has built a circuit$/ do
end
Given /^the time has synced$/ do
- ["/var/run/tordate/done", "/var/run/htpdate/success"].each do |file|
+ ["/run/tordate/done", "/run/htpdate/success"].each do |file|
try_for(300) { $vm.execute("test -e #{file}").success? }
end
end
Given /^available upgrades have been checked$/ do
try_for(300) {
- $vm.execute("test -e '/var/run/tails-upgrader/checked_upgrades'").success?
+ $vm.execute("test -e '/run/tails-upgrader/checked_upgrades'").success?
}
end
-Given /^the Tor Browser has started$/ do
+When /^I start the Tor Browser( in offline mode)?$/ do |offline|
+ step 'I start "Tor Browser" via the GNOME "Internet" applications menu'
+ if offline
+ offline_prompt = Dogtail::Application.new('zenity')
+ .dialog('Tor is not ready')
+ offline_prompt.button('Start Tor Browser').click
+ end
+ step "the Tor Browser has started#{offline}"
+ if offline
+ step 'the Tor Browser shows the "The proxy server is refusing connections" error'
+ end
+end
+
+Given /^the Tor Browser has started( in offline mode)?$/ do |offline|
try_for(60) do
- Dogtail::Application.new('Firefox')
- .child(roleName: 'frame', recursive: false)
- .exist?
+ @torbrowser = Dogtail::Application.new('Firefox')
+ @torbrowser.child?(roleName: 'frame', recursive: false)
end
end
-Given /^the Tor Browser (?:has started and )?load(?:ed|s) the (startup page|Tails roadmap)$/ do |page|
+Given /^the Tor Browser loads the (startup page|Tails roadmap)$/ do |page|
case page
when "startup page"
title = 'Tails - News'
@@ -431,18 +402,23 @@ Given /^the Tor Browser (?:has started and )?load(?:ed|s) the (startup page|Tail
else
raise "Unsupported page: #{page}"
end
- step "the Tor Browser has started"
step "\"#{title}\" has loaded in the Tor Browser"
end
-Given /^the Tor Browser has started in offline mode$/ do
- @screen.wait("TorBrowserOffline.png", 60)
+When /^I request a new identity using Torbutton$/ do
+ @screen.wait_and_click('TorButtonIcon.png', 30)
+ @screen.wait_and_click('TorButtonNewIdentity.png', 30)
+end
+
+When /^I acknowledge Torbutton's New Identity confirmation prompt$/ do
+ @screen.wait('GnomeQuestionDialogIcon.png', 30)
+ step 'I type "y"'
end
Given /^I add a bookmark to eff.org in the Tor Browser$/ do
url = "https://www.eff.org"
step "I open the address \"#{url}\" in the Tor Browser"
- @screen.wait("TorBrowserOffline.png", 5)
+ step 'the Tor Browser shows the "The proxy server is refusing connections" error'
@screen.type("d", Sikuli::KeyModifier.CTRL)
@screen.wait("TorBrowserBookmarkPrompt.png", 10)
@screen.type(url + Sikuli::Key.ENTER)
@@ -454,28 +430,18 @@ Given /^the Tor Browser has a bookmark to eff.org$/ do
end
Given /^all notifications have disappeared$/ do
- begin
- @screen.click("GnomeNotificationApplet.png")
- rescue FindFailed
- # No notifications, so we're done here.
- next
- end
- @screen.wait("GnomeNotificationAppletOpened.png", 10)
- begin
- entries = @screen.findAll("GnomeNotificationEntry.png")
- while(entries.hasNext) do
- entry = entries.next
- @screen.hide_cursor
- @screen.click(entry)
- @screen.wait_and_click("GnomeNotificationEntryClose.png", 10)
+ # These magic coordinates always locates GNOME's clock in the top
+ # bar, which when clicked opens the calendar.
+ x, y = 512, 10
+ gnome_shell = Dogtail::Application.new('gnome-shell')
+ retry_action(10, recovery_proc: Proc.new { @screen.type(Sikuli::Key.ESC) }) do
+ @screen.click_point(x, y)
+ unless gnome_shell.child?('No Notifications', roleName: 'label')
+ @screen.click('GnomeCloseAllNotificationsButton.png')
end
- rescue FindFailed
- # No notifications, so we're good to go.
+ gnome_shell.child?('No Notifications', roleName: 'label')
end
- @screen.hide_cursor
- # Click anywhere to close the notification applet
- @screen.click("GnomeApplicationsMenu.png")
- @screen.hide_cursor
+ @screen.type(Sikuli::Key.ESC)
end
Then /^I (do not )?see "([^"]*)" after at most (\d+) seconds$/ do |negation, image, time|
@@ -498,15 +464,21 @@ Given /^I enter the sudo password in the pkexec prompt$/ do
step "I enter the \"#{@sudo_password}\" password in the pkexec prompt"
end
-def deal_with_polkit_prompt (image, password)
+def deal_with_polkit_prompt(password, opts = {})
+ opts[:expect_success] ||= true
+ image = 'PolicyKitAuthPrompt.png'
@screen.wait(image, 60)
@screen.type(password)
@screen.type(Sikuli::Key.ENTER)
- @screen.waitVanish(image, 10)
+ if opts[:expect_success]
+ @screen.waitVanish(image, 20)
+ else
+ @screen.wait('PolicyKitAuthFailure.png', 20)
+ end
end
Given /^I enter the "([^"]*)" password in the pkexec prompt$/ do |password|
- deal_with_polkit_prompt('PolicyKitAuthPrompt.png', password)
+ deal_with_polkit_prompt(password)
end
Given /^process "([^"]+)" is (not )?running$/ do |process, not_running|
@@ -592,53 +564,32 @@ When /^I request a reboot using the emergency shutdown applet$/ do
@screen.wait_and_click('TailsEmergencyShutdownReboot.png', 10)
end
-Given /^package "([^"]+)" is installed$/ do |package|
+Given /^the package "([^"]+)" is installed$/ do |package|
assert($vm.execute("dpkg -s '#{package}' 2>/dev/null | grep -qs '^Status:.*installed$'").success?,
"Package '#{package}' is not installed")
end
-When /^I start the Tor Browser$/ do
- step 'I start "Tor Browser" via the GNOME "Internet" applications menu'
-end
-
-When /^I request a new identity using Torbutton$/ do
- @screen.wait_and_click('TorButtonIcon.png', 30)
- @screen.wait_and_click('TorButtonNewIdentity.png', 30)
-end
-
-When /^I acknowledge Torbutton's New Identity confirmation prompt$/ do
- @screen.wait('GnomeQuestionDialogIcon.png', 30)
- step 'I type "y"'
-end
-
-When /^I start the Tor Browser in offline mode$/ do
- step "I start the Tor Browser"
- @screen.wait_and_click("TorBrowserOfflinePrompt.png", 10)
- @screen.click("TorBrowserOfflinePromptStart.png")
-end
-
-Given /^I add a wired DHCP NetworkManager connection called "([^"]+)"$/ do |con_name|
- con_content = <<EOF
-[802-3-ethernet]
-duplex=full
-
+Given /^I add a ([a-z0-9.]+ |)wired DHCP NetworkManager connection called "([^"]+)"$/ do |version, con_name|
+ if version and version == '2.x'
+ con_content = <<EOF
[connection]
id=#{con_name}
-uuid=bbc60668-1be0-11e4-a9c6-2f1ce0e75bf1
-type=802-3-ethernet
-timestamp=1395406011
-
-[ipv6]
-method=auto
-
-[ipv4]
-method=auto
+uuid=b04afa94-c3a1-41bf-aa12-1a743d964162
+interface-name=eth0
+type=ethernet
EOF
- tmp_path = "/tmp/NM.#{con_name}"
- $vm.file_overwrite(tmp_path, con_content)
- con_file = "/etc/NetworkManager/system-connections/#{con_name}"
- $vm.execute("install -m 0600 '#{tmp_path}' '#{con_file}'")
- $vm.execute_successfully("nmcli connection load '#{con_file}'")
+ con_file = "/etc/NetworkManager/system-connections/#{con_name}"
+ $vm.file_overwrite(con_file, con_content)
+ $vm.execute_successfully("chmod 600 '#{con_file}'")
+ $vm.execute_successfully("nmcli connection load '#{con_file}'")
+ elsif version and version == '3.x'
+ raise "Unsupported version '#{version}'"
+ else
+ $vm.execute_successfully(
+ "nmcli connection add con-name #{con_name} " + \
+ "type ethernet autoconnect yes ifname eth0"
+ )
+ end
try_for(10) {
nm_con_list = $vm.execute("nmcli --terse --fields NAME connection show").stdout
nm_con_list.split("\n").include? "#{con_name}"
@@ -653,7 +604,7 @@ Given /^I switch to the "([^"]+)" NetworkManager connection$/ do |con_name|
end
When /^I start and focus GNOME Terminal$/ do
- step 'I start "Terminal" via the GNOME "Utilities" applications menu'
+ step 'I start "GNOME Terminal" via the GNOME "Utilities" applications menu'
@screen.wait('GnomeTerminalWindow.png', 40)
end
@@ -710,10 +661,13 @@ Then /^persistence for "([^"]+)" is (|not )enabled$/ do |app, enabled|
end
Given /^I start "([^"]+)" via the GNOME "([^"]+)" applications menu$/ do |app_name, submenu|
- app = Dogtail::Application.new('gnome-shell')
- for element in ['Applications', submenu, app_name] do
- app.child(element, roleName: 'label', showingOnly: true).click
- end
+ # XXX: Dogtail is buggy when interacting with the Applications menu
+ # (see #11718) so we use the GNOME Applications Overview instead.
+ @screen.wait('GnomeApplicationsMenu.png', 10)
+ $vm.execute_successfully('xdotool key Super', user: LIVE_USER)
+ @screen.wait('GnomeActivitiesOverview.png', 10)
+ @screen.type(app_name)
+ @screen.type(Sikuli::Key.ENTER, Sikuli::KeyModifier.CTRL)
end
When /^I type "([^"]+)"$/ do |string|
@@ -770,8 +724,14 @@ When /^(no|\d+) application(?:s?) (?:is|are) playing audio(?:| after (\d+) secon
assert_equal(nb.to_i, pulseaudio_sink_inputs)
end
-When /^I double-click on the "Tails documentation" link on the Desktop$/ do
- @screen.wait_and_double_click("DesktopTailsDocumentationIcon.png", 10)
+When /^I double-click on the (Tails documentation|Report an Error) launcher on the desktop$/ do |launcher|
+ image = 'Desktop' + launcher.split.map { |s| s.capitalize } .join + '.png'
+ info = xul_application_info('Tor Browser')
+ # Sometimes the double-click is lost (#12131).
+ retry_action(10) do
+ @screen.wait_and_double_click(image, 10) if $vm.execute("pgrep --uid #{info[:user]} --full --exact '#{info[:cmd_regex]}'").failure?
+ step 'the Tor Browser has started'
+ end
end
When /^I click the blocked video icon$/ do
@@ -994,3 +954,58 @@ def share_host_files(files)
$vm.execute_successfully("chmod -R a+rX '#{mount_dir}'")
return mount_dir
end
+
+def mount_USB_drive(disk, fs)
+ @tmp_usb_drive_mount_dir = $vm.execute_successfully('mktemp -d').stdout.chomp
+ dev = $vm.disk_dev(disk)
+ partition = dev + '1'
+ if /\bencrypted with password\b/.match(fs)
+ password = /encrypted with password "([^"]+)"/.match(fs)[1]
+ assert_not_nil(password)
+ luks_mapping = "#{disk}_unlocked"
+ $vm.execute_successfully(
+ "echo #{password} | " +
+ "cryptsetup luksOpen #{partition} #{luks_mapping}"
+ )
+ $vm.execute_successfully(
+ "mount /dev/mapper/#{luks_mapping} #{@tmp_usb_drive_mount_dir}"
+ )
+ @tmp_filesystem_is_encrypted = true
+ else
+ $vm.execute_successfully("mount #{partition} #{@tmp_usb_drive_mount_dir}")
+ @tmp_filesystem_is_encrypted = false
+ end
+ @tmp_filesystem_disk = disk
+ @tmp_filesystem_fs = fs
+ @tmp_filesystem_partition = partition
+ return @tmp_usb_drive_mount_dir
+end
+
+When(/^I plug and mount a (\d+) MiB USB drive with an? (.*)$/) do |size_MiB, fs|
+ disk_size = convert_to_bytes(size_MiB.to_i, 'MiB')
+ disk = random_alpha_string(10)
+ step "I temporarily create an #{disk_size} bytes disk named \"#{disk}\""
+ step "I create a gpt partition labeled \"#{disk}\" with " +
+ "an #{fs} on disk \"#{disk}\""
+ step "I plug USB drive \"#{disk}\""
+ mount_dir = mount_USB_drive(disk, fs)
+ @tmp_filesystem_size_b = convert_to_bytes(
+ avail_space_in_mountpoint_kB(mount_dir),
+ 'KB'
+ )
+end
+
+When(/^I mount the USB drive again$/) do
+ mount_USB_drive(@tmp_filesystem_disk, @tmp_filesystem_fs)
+end
+
+When(/^I umount the USB drive$/) do
+ $vm.execute_successfully("umount #{@tmp_usb_drive_mount_dir}")
+ if @tmp_filesystem_is_encrypted
+ $vm.execute_successfully("cryptsetup luksClose #{@tmp_filesystem_disk}_unlocked")
+ end
+end
+
+When /^Tails system time is magically synchronized$/ do
+ $vm.host_to_guest_time_sync
+end
diff --git a/features/step_definitions/dhcp.rb b/features/step_definitions/dhcp.rb
index ef4d9e1..3c83422 100644
--- a/features/step_definitions/dhcp.rb
+++ b/features/step_definitions/dhcp.rb
@@ -1,19 +1,23 @@
Then /^the hostname should not have been leaked on the network$/ do
- hostname = $vm.execute("hostname").stdout.chomp
- packets = PacketFu::PcapFile.new.file_to_array(:filename => @sniffer.pcap_file)
- packets.each do |p|
- # if PacketFu::TCPPacket.can_parse?(p)
- # ipv4_tcp_packets << PacketFu::TCPPacket.parse(p)
- if PacketFu::IPPacket.can_parse?(p)
- payload = PacketFu::IPPacket.parse(p).payload
- elsif PacketFu::IPv6Packet.can_parse?(p)
- payload = PacketFu::IPv6Packet.parse(p).payload
- else
- @sniffer.save_pcap_file
- raise "Found something in the pcap file that either is non-IP, or cannot be parsed"
- end
- if payload.match(hostname)
- raise "Hostname leak detected"
+ begin
+ hostname = $vm.execute("hostname").stdout.chomp
+ packets = PacketFu::PcapFile.new.file_to_array(filename: @sniffer.pcap_file)
+ packets.each do |p|
+ # if PacketFu::TCPPacket.can_parse?(p)
+ # ipv4_tcp_packets << PacketFu::TCPPacket.parse(p)
+ if PacketFu::IPPacket.can_parse?(p)
+ payload = PacketFu::IPPacket.parse(p).payload
+ elsif PacketFu::IPv6Packet.can_parse?(p)
+ payload = PacketFu::IPv6Packet.parse(p).payload
+ else
+ raise "Found something in the pcap file that either is non-IP, or cannot be parsed"
+ end
+ if payload.match(hostname)
+ raise "Hostname leak detected"
+ end
end
+ rescue Exception => e
+ save_failure_artifact("Network capture", @sniffer.pcap_file)
+ raise e
end
end
diff --git a/features/step_definitions/erase_memory.rb b/features/step_definitions/erase_memory.rb
index 3625360..e070cd0 100644
--- a/features/step_definitions/erase_memory.rb
+++ b/features/step_definitions/erase_memory.rb
@@ -8,7 +8,7 @@ def udev_watchdog_monitored_device
ps_output_scan = ps_output.scan(/^#{Regexp.escape(udev_watchdog_cmd)}\s(\S+)\s(?:cd|disk)$/)
assert_equal(ps_output_scan.count, 1, "There should be one udev-watchdog running.")
monitored_out = ps_output_scan.flatten[0]
- assert(!monitored_out.nil?)
+ assert_not_nil(monitored_out)
monitored_device_id = $vm.file_content('/sys' + monitored_out + '/dev').chomp
monitored_device =
$vm.execute_successfully(
@@ -20,37 +20,6 @@ Given /^udev-watchdog is monitoring the correct device$/ do
assert_equal(udev_watchdog_monitored_device, boot_device)
end
-Given /^the computer is a modern 64-bit system$/ do
- $vm.set_arch("x86_64")
- $vm.drop_hypervisor_feature("nonpae")
- $vm.add_hypervisor_feature("pae")
-end
-
-Given /^the computer is an old pentium without the PAE extension$/ do
- $vm.set_arch("i686")
- $vm.drop_hypervisor_feature("pae")
- # libvirt claim the following feature doesn't exit even though
- # it's listed in the hvm i686 capabilities...
-# $vm.add_hypervisor_feature("nonpae")
- # ... so we use a workaround until we can figure this one out.
- $vm.disable_pae_workaround
-end
-
-def which_kernel
- kernel_path = $vm.execute_successfully("tails-get-bootinfo kernel").stdout.chomp
- return File.basename(kernel_path)
-end
-
-Given /^the PAE kernel is running$/ do
- kernel = which_kernel
- assert_equal("vmlinuz2", kernel)
-end
-
-Given /^the non-PAE kernel is running$/ do
- kernel = which_kernel
- assert_equal("vmlinuz", kernel)
-end
-
def used_ram_in_MiB
return $vm.execute_successfully("free -m | awk '/^Mem:/ { print $3 }'").stdout.chomp.to_i
end
@@ -59,21 +28,9 @@ def detected_ram_in_MiB
return $vm.execute_successfully("free -m | awk '/^Mem:/ { print $2 }'").stdout.chomp.to_i
end
-Given /^at least (\d+) ([[:alpha:]]+) of RAM was detected$/ do |min_ram, unit|
- @detected_ram_m = detected_ram_in_MiB
- puts "Detected #{@detected_ram_m} MiB of RAM"
- min_ram_m = convert_to_MiB(min_ram.to_i, unit)
- # All RAM will not be reported by `free`, so we allow a 196 MB gap
- gap = convert_to_MiB(256, "MiB")
- assert(@detected_ram_m + gap >= min_ram_m, "Didn't detect enough RAM")
-end
-
-def pattern_coverage_in_guest_ram
- assert_not_nil(
- @free_mem_before_fill_b,
- "@free_mem_before_fill_b is not set, probably the required 'I fill the " +
- "guest's memory ...' step was not run")
- free_mem_before_fill_m = convert_to_MiB(@free_mem_before_fill_b, 'b')
+def pattern_coverage_in_guest_ram(reference_memory_b)
+ assert_not_nil(reference_memory_b)
+ reference_memory_m = convert_to_MiB(reference_memory_b, 'b')
dump = "#{$config["TMPDIR"]}/memdump"
# Workaround: when dumping the guest's memory via core_dump(), libvirt
# will create files that only root can read. We therefore pre-create
@@ -91,14 +48,14 @@ def pattern_coverage_in_guest_ram
# Pattern is 16 bytes long
patterns_b = patterns*16
patterns_m = convert_to_MiB(patterns_b, 'b')
- coverage = patterns_b.to_f/@free_mem_before_fill_b
+ coverage = patterns_b.to_f/reference_memory_b
puts "Pattern coverage: #{"%.3f" % (coverage*100)}% (#{patterns_m} MiB " +
- "out of #{free_mem_before_fill_m} MiB initial free memory)"
+ "out of #{reference_memory_m} MiB reference memory)"
return coverage
end
-Given /^I fill the guest's memory with a known pattern(| without verifying)$/ do |dont_verify|
- verify = dont_verify.empty?
+Given /^I prepare Tails for memory erasure tests$/ do
+ @detected_ram_m = detected_ram_in_MiB
# Free some more memory by dropping the caches etc.
$vm.execute_successfully("echo 3 > /proc/sys/vm/drop_caches")
@@ -135,7 +92,9 @@ Given /^I fill the guest's memory with a known pattern(| without verifying)$/ do
free_mem_before_fill_m = @detected_ram_m - used_mem_before_fill_m -
kernel_mem_reserved_m - admin_mem_reserved_m
@free_mem_before_fill_b = convert_to_bytes(free_mem_before_fill_m, 'MiB')
+end
+Given /^I fill the guest's memory with a known pattern and the allocating processes get killed$/ do
# To be sure that we fill all memory we run one fillram instance for
# each GiB of detected memory, rounded up. To maintain stability we
# prioritize the fillram instances to be OOM killed. We also kill
@@ -169,32 +128,69 @@ Given /^I fill the guest's memory with a known pattern(| without verifying)$/ do
! $vm.has_process?("fillram")
end
debug_log("Memory fill progress: finished")
- if verify
- coverage = pattern_coverage_in_guest_ram()
- min_coverage = 0.90
- assert(coverage > min_coverage,
- "#{"%.3f" % (coverage*100)}% of the free memory was filled with " +
- "the pattern, but more than #{"%.3f" % (min_coverage*100)}% was " +
- "expected")
- end
+end
+
+def avail_space_in_mountpoint_kB(mountpoint)
+ return $vm.execute_successfully(
+ "df --output=avail '#{mountpoint}'"
+ ).stdout.split("\n")[1].to_i
+end
+
+def assert_filesystem_is_full(mountpoint)
+ avail_space = avail_space_in_mountpoint_kB(mountpoint)
+ assert_equal(
+ 0, avail_space,
+ "#{avail_space} kB is still free on #{mountpoint}," +
+ "while this filesystem was expected to be full"
+ )
+end
+
+When /^I mount a (\d+) MiB tmpfs on "([^"]+)" and fill it with a known pattern$/ do |size_MiB, mountpoint|
+ size_MiB = size_MiB.to_i
+ @tmp_filesystem_size_b = convert_to_bytes(size_MiB, 'MiB')
+ $vm.execute_successfully(
+ "mount -t tmpfs -o 'size=#{size_MiB}M' tmpfs '#{mountpoint}'"
+ )
+ $vm.execute_successfully(
+ "while echo wipe_didnt_work >> '#{mountpoint}/file'; do true ; done"
+ )
+ assert_filesystem_is_full(mountpoint)
+end
+
+When(/^I fill the USB drive with a known pattern$/) do
+ $vm.execute_successfully(
+ "while echo wipe_didnt_work >> '#{@tmp_usb_drive_mount_dir}/file'; do true ; done"
+ )
+ assert_filesystem_is_full(@tmp_usb_drive_mount_dir)
+end
+
+When(/^I read the content of the test FS$/) do
+ $vm.execute_successfully("cat #{@tmp_usb_drive_mount_dir}/file >/dev/null")
+end
+
+Then /^patterns cover at least (\d+)% of the test FS size in the guest's memory$/ do |expected_coverage|
+ reference_memory_b = @tmp_filesystem_size_b
+ tmp_filesystem_size_MiB = convert_from_bytes(@tmp_filesystem_size_b, 'MiB')
+ coverage = pattern_coverage_in_guest_ram(reference_memory_b)
+ min_coverage = expected_coverage.to_f / 100
+ assert(coverage > min_coverage,
+ "#{"%.3f" % (coverage*100)}% of the test FS size (#{tmp_filesystem_size_MiB} MiB) " +
+ "has the pattern, but more than #{"%.3f" % (min_coverage*100)}% " +
+ "was expected")
+end
+
+When(/^I umount "([^"]*)"$/) do |mount_arg|
+ $vm.execute_successfully("umount '#{mount_arg}'")
end
Then /^I find very few patterns in the guest's memory$/ do
- coverage = pattern_coverage_in_guest_ram()
+ coverage = pattern_coverage_in_guest_ram(@free_mem_before_fill_b)
max_coverage = 0.008
assert(coverage < max_coverage,
"#{"%.3f" % (coverage*100)}% of the free memory still has the " +
"pattern, but less than #{"%.3f" % (max_coverage*100)}% was expected")
end
-Then /^I find many patterns in the guest's memory$/ do
- coverage = pattern_coverage_in_guest_ram()
- min_coverage = 0.9
- assert(coverage > min_coverage,
- "#{"%.3f" % (coverage*100)}% of the free memory still has the " +
- "pattern, but more than #{"%.3f" % (min_coverage*100)}% was expected")
-end
-
When /^I reboot without wiping the memory$/ do
$vm.reset
end
diff --git a/features/step_definitions/git.rb b/features/step_definitions/git.rb
index 579c5c7..bd8fcf7 100644
--- a/features/step_definitions/git.rb
+++ b/features/step_definitions/git.rb
@@ -18,7 +18,9 @@ When /^I clone the Git repository "([\S]+)" in GNOME Terminal$/ do |repo|
try_for(180, :msg => 'Git process took too long') {
!$vm.has_process?('/usr/bin/git')
}
- @screen.wait('GitCloneDone.png', 10)
+ Dogtail::Application.new('gnome-terminal-server')
+ .child('Terminal', roleName: 'terminal')
+ .text['Unpacking objects: 100%']
end
end
diff --git a/features/step_definitions/gnome.rb b/features/step_definitions/gnome.rb
new file mode 100644
index 0000000..40e84e9
--- /dev/null
+++ b/features/step_definitions/gnome.rb
@@ -0,0 +1,24 @@
+Then /^there is no screenshot in the live user's Pictures directory$/ do
+ pictures_directory = "/home/#{LIVE_USER}/Pictures"
+ assert($vm.execute(
+ "find '#{pictures_directory}' -name 'Screenshot*.png' -maxdepth 1"
+ ).stdout.empty?,
+ "Existing screenshots were found in the live user's Pictures directory.")
+end
+
+Then /^a screenshot is saved to the live user's Pictures directory$/ do
+ pictures_directory = "/home/#{LIVE_USER}/Pictures"
+ try_for(10, :msg=> "No screenshot was created in #{pictures_directory}") do
+ !$vm.execute(
+ "find '#{pictures_directory}' -name 'Screenshot*.png' -maxdepth 1"
+ ).stdout.empty?
+ end
+end
+
+When /^the "(.+)" notification is sent$/ do |title|
+ $vm.execute_successfully("notify-send '#{title}'", user: LIVE_USER)
+end
+
+Then /^the "(.+)" notification is shown to the user$/ do |title|
+ Dogtail::Application.new('gnome-shell').child(title)
+end
diff --git a/features/step_definitions/icedove.rb b/features/step_definitions/icedove.rb
index f5b3fb3..18523a8 100644
--- a/features/step_definitions/icedove.rb
+++ b/features/step_definitions/icedove.rb
@@ -77,44 +77,6 @@ Then /^I see that only the (.+) addons are enabled in Icedove$/ do |addons|
assert_equal(0, actual_addons.size)
end
-When /^I go into Enigmail's preferences$/ do
- $vm.focus_window('Icedove')
- @screen.type("a", Sikuli::KeyModifier.ALT)
- icedove_main.child('Preferences', roleName: 'menu item').click
- @enigmail_prefs = icedove_app.dialog('Enigmail Preferences')
-end
-
-When /^I enable Enigmail's expert settings$/ do
- # Clicking the "Display..." button sometimes fails, presumably
- # because the GUI hasn't loaded completely (or perhaps the button
- # gets its action connected *after* the button is displayed?), so we
- # have to verify that the click actually happened.
- retry_action(5) do
- @enigmail_prefs.button('Display Expert Settings and Menus').click
- @enigmail_prefs.button('Hide Expert Settings and Menus')
- end
-end
-
-Then /^I click Enigmail's (.+) tab$/ do |tab_name|
- @enigmail_prefs.child(tab_name, roleName: 'page tab').click
-end
-
-Then /^I see that Enigmail is configured to use the correct keyserver$/ do
- keyservers = @enigmail_prefs.child(
- 'Specify your keyserver(s):', roleName: 'entry'
- ).text
- assert_equal('hkps://hkps.pool.sks-keyservers.net', keyservers)
-end
-
-Then /^I see that Enigmail is configured to use the correct SOCKS proxy$/ do
- gnupg_parameters = @enigmail_prefs.child(
- 'Additional parameters for GnuPG', roleName: 'entry'
- ).text
- assert_not_nil(
- gnupg_parameters['--keyserver-options http-proxy=socks5h://127.0.0.1:9050']
- )
-end
-
Then /^I see that Torbirdy is configured to use Tor$/ do
icedove_main.child(roleName: 'status bar')
.child('TorBirdy Enabled: Tor', roleName: 'label')
@@ -237,11 +199,7 @@ Then /^I can find the email I sent to myself in my inbox$/ do
hit_counter = icedove_main.child('1 message')
inbox_view = hit_counter.parent
message_list = inbox_view.child(roleName: 'table')
- the_message = message_list.children(roleName: 'table row').find do |message|
- # The message will be cropped in the list, so we cannot search
- # for the full message.
- message.name.start_with?("Automated test suite:")
- end
+ the_message = message_list.child(@subject, roleName: 'table cell')
assert_not_nil(the_message)
# Let's clean up
the_message.click
diff --git a/features/step_definitions/mac_spoofing.rb b/features/step_definitions/mac_spoofing.rb
index 0c10fb0..d094568 100644
--- a/features/step_definitions/mac_spoofing.rb
+++ b/features/step_definitions/mac_spoofing.rb
@@ -5,7 +5,10 @@ def all_ethernet_nics
end
When /^I disable MAC spoofing in Tails Greeter$/ do
+ open_greeter_additional_settings()
@screen.wait_and_click("TailsGreeterMACSpoofing.png", 30)
+ @screen.wait_and_click("TailsGreeterDisableMACSpoofing.png", 10)
+ @screen.wait_and_click("TailsGreeterAdditionalSettingsAdd.png", 10)
end
Then /^the network device has (its default|a spoofed) MAC address configured$/ do |mode|
@@ -18,16 +21,19 @@ Then /^the network device has (its default|a spoofed) MAC address configured$/ d
nic_current_mac = $vm.execute_successfully(
"get_current_mac_of_nic #{nic}", :libs => 'hardware'
).stdout.chomp
- if is_spoofed
- if nic_real_mac == nic_current_mac
- save_pcap_file
- raise "The MAC address was expected to be spoofed but wasn't"
- end
- else
- if nic_real_mac != nic_current_mac
- save_pcap_file
- raise "The MAC address is spoofed but was expected to not be"
+ begin
+ if is_spoofed
+ if nic_real_mac == nic_current_mac
+ raise "The MAC address was expected to be spoofed but wasn't"
+ end
+ else
+ if nic_real_mac != nic_current_mac
+ raise "The MAC address is spoofed but was expected to not be"
+ end
end
+ rescue Exception => e
+ save_failure_artifact("Network capture", @sniffer.pcap_file)
+ raise e
end
end
@@ -64,14 +70,6 @@ EOF
$vm.execute_successfully("chmod a+rx /sbin/modprobe")
end
-When /^see the "Network card disabled" notification$/ do
- robust_notification_wait("MACSpoofNetworkCardDisabled.png", 60)
-end
-
-When /^see the "All networking disabled" notification$/ do
- robust_notification_wait("MACSpoofNetworkingDisabled.png", 60)
-end
-
Then /^(\d+|no) network interface(?:s)? (?:is|are) enabled$/ do |expected_nr_nics|
# note that "no".to_i => 0 in Ruby.
expected_nr_nics = expected_nr_nics.to_i
diff --git a/features/step_definitions/pidgin.rb b/features/step_definitions/pidgin.rb
index 8300848..754b034 100644
--- a/features/step_definitions/pidgin.rb
+++ b/features/step_definitions/pidgin.rb
@@ -267,10 +267,6 @@ Given /^Pidgin has the expected accounts configured with random nicknames$/ do
"#{expected}")
end
-When /^I start Pidgin through the GNOME menu$/ do
- step 'I start "Pidgin Internet Messenger" via the GNOME "Internet" applications menu'
-end
-
When /^I open Pidgin's account manager window$/ do
@screen.wait_and_click('PidginMenuAccounts.png', 20)
@screen.wait_and_click('PidginMenuManageAccounts.png', 20)
@@ -411,7 +407,7 @@ end
def pidgin_add_certificate_from (cert_file)
# Here, we need a certificate that is not already in the NSS database
- step "I copy \"/usr/share/ca-certificates/spi-inc.org/spi-cacert-2008.crt\" to \"#{cert_file}\" as user \"amnesia\""
+ step "I copy \"/usr/share/ca-certificates/mozilla/CNNIC_ROOT.crt\" to \"#{cert_file}\" as user \"amnesia\""
$vm.focus_window('Buddy List')
@screen.wait_and_click('PidginToolsMenu.png', 10)
@@ -470,4 +466,5 @@ end
When /^I click on the Tails roadmap URL$/ do
@screen.click('PidginTailsRoadmapUrl.png')
+ try_for(60) { @torbrowser = Dogtail::Application.new('Firefox') }
end
diff --git a/features/step_definitions/root_access_control.rb b/features/step_definitions/root_access_control.rb
index ff1bdfc..8362342 100644
--- a/features/step_definitions/root_access_control.rb
+++ b/features/step_definitions/root_access_control.rb
@@ -34,8 +34,7 @@ end
Then /^I should not be able to run a command as root with pkexec and the standard passwords$/ do
step "I run \"pkexec touch /root/pkexec-test\" in GNOME Terminal"
['', 'live', 'amnesia'].each do |password|
- step "I enter the \"#{password}\" password in the pkexec prompt"
- @screen.wait('PolicyKitAuthFailure.png', 20)
+ deal_with_polkit_prompt(password, expect_success: false)
end
@screen.type(Sikuli::Key.ESC)
@screen.wait('PolicyKitAuthCompleteFailure.png', 20)
diff --git a/features/step_definitions/snapshots.rb b/features/step_definitions/snapshots.rb
index 3604661..bbe6f93 100644
--- a/features/step_definitions/snapshots.rb
+++ b/features/step_definitions/snapshots.rb
@@ -34,7 +34,6 @@ def checkpoints
:description => "I have started Tails from DVD without network and logged in with bridge mode enabled",
:parent_checkpoint => "tails-greeter",
:steps => [
- 'I enable more Tails Greeter options',
'I enable the specific Tor configuration option',
'I log in to a new session',
'all notifications have disappeared',
@@ -46,7 +45,6 @@ def checkpoints
:description => "I have started Tails from DVD without network and logged in with an administration password",
:parent_checkpoint => "tails-greeter",
:steps => [
- 'I enable more Tails Greeter options',
'I set an administration password',
'I log in to a new session',
],
@@ -70,7 +68,7 @@ def checkpoints
:steps => [
'I create a 4 GiB disk named "__internal"',
'I plug USB drive "__internal"',
- 'I "Clone & Install" Tails to USB drive "__internal"',
+ 'I "Install by cloning" Tails to USB drive "__internal"',
'the running Tails is installed on USB drive "__internal"',
'there is no persistence partition on USB drive "__internal"',
'I shutdown Tails and wait for the computer to power off',
diff --git a/features/step_definitions/ssh.rb b/features/step_definitions/ssh.rb
index e998101..98905c6 100644
--- a/features/step_definitions/ssh.rb
+++ b/features/step_definitions/ssh.rb
@@ -121,25 +121,36 @@ Then /^I connect to an SFTP server on the Internet$/ do
recovery_proc = Proc.new do
step 'I kill the process "ssh"'
- @screen.type(Sikuli::Key.ESC)
- @screen.click("GnomeCloseTopButton.png")
- @screen.waitVanish("GnomeCloseTopButton.png", 10)
+ step 'I kill the process "nautilus"'
end
retry_tor(recovery_proc) do
- step 'I start "Files" via the GNOME "Accessories" applications menu'
- @screen.wait_and_click("GnomeFilesConnectToServer.png", 10)
- @screen.wait("GnomeConnectToServerWindow.png", 10)
- @screen.type("sftp://" + @sftp_username + "@" + @sftp_host + ":" + @sftp_port)
- @screen.wait_and_click("GnomeConnectToServerConnectButton.png", 10)
+ step 'I start "Nautilus" via the GNOME "Accessories" applications menu'
+ nautilus = Dogtail::Application.new('nautilus')
+ nautilus.child(roleName: 'frame')
+ nautilus.child('Other Locations', roleName: 'label').click
+ connect_bar = nautilus.child('Connect to Server', roleName: 'label').parent
+ connect_bar
+ .child(roleName: 'filler', recursive: false)
+ .child(roleName: 'text', recursive: false)
+ .text = "sftp://" + @sftp_username + "@" + @sftp_host + ":" + @sftp_port
+ connect_bar.button('Connect', recursive: false).click
step "I verify the SSH fingerprint for the SFTP server"
end
end
Then /^I verify the SSH fingerprint for the SFTP server$/ do
- @screen.wait_and_click("GnomeSSHVerificationConfirm.png", 2*60)
+ try_for(30) do
+ Dogtail::Application.new('gnome-shell').child?('Log In Anyway')
+ end
+ # Here we'd like to click on the button using Dogtail, but something
+ # is buggy so let's just use the keyboard.
+ @screen.type(Sikuli::Key.ENTER)
end
Then /^I successfully connect to the SFTP server$/ do
- @screen.wait("GnomeSSHSuccess.png", 60)
+ try_for(60) do
+ Dogtail::Application.new('nautilus')
+ .child?("#{@sftp_username} on #{@sftp_host}")
+ end
end
diff --git a/features/step_definitions/tor.rb b/features/step_definitions/tor.rb
index 73b3abb..04852f7 100644
--- a/features/step_definitions/tor.rb
+++ b/features/step_definitions/tor.rb
@@ -184,7 +184,7 @@ def firewall_has_dropped_packet_to?(proto, host, port)
$vm.execute("journalctl --dmesg --output=cat | grep -qP '#{regex}'").success?
end
-When /^I open an untorified (TCP|UDP|ICMP) connections to (\S*)(?: on port (\d+))? that is expected to fail$/ do |proto, host, port|
+When /^I open an untorified (TCP|UDP|ICMP) connection to (\S*)(?: on port (\d+))?$/ do |proto, host, port|
assert(!firewall_has_dropped_packet_to?(proto, host, port),
"A #{proto} packet to #{host}" +
(port.nil? ? "" : ":#{port}") +
@@ -195,11 +195,11 @@ When /^I open an untorified (TCP|UDP|ICMP) connections to (\S*)(?: on port (\d+)
case proto
when "TCP"
assert_not_nil(port)
- cmd = "echo | netcat #{host} #{port}"
+ cmd = "echo | nc.traditional #{host} #{port}"
user = LIVE_USER
when "UDP"
assert_not_nil(port)
- cmd = "echo | netcat -u #{host} #{port}"
+ cmd = "echo | nc.traditional -u #{host} #{port}"
user = LIVE_USER
when "ICMP"
cmd = "ping -c 5 #{host}"
@@ -243,35 +243,38 @@ def stream_isolation_info(application)
case application
when "htpdate"
{
- :grep_monitor_expr => '/curl\>',
+ :grep_monitor_expr => 'users:(("curl"',
:socksport => 9062
}
- when "tails-security-check", "tails-upgrade-frontend-wrapper"
- # We only grep connections with ESTABLISHED state since `perl`
- # is also used by monkeysphere's validation agent, which LISTENs
+ when "tails-security-check"
{
- :grep_monitor_expr => '\<ESTABLISHED\>.\+/perl\>',
+ :grep_monitor_expr => 'users:(("tails-security-"',
+ :socksport => 9062
+ }
+ when "tails-upgrade-frontend-wrapper"
+ {
+ :grep_monitor_expr => 'users:(("tails-iuk-get-u"',
:socksport => 9062
}
when "Tor Browser"
{
- :grep_monitor_expr => '/firefox\>',
+ :grep_monitor_expr => 'users:(("firefox"',
:socksport => 9150,
:controller => true,
}
when "Gobby"
{
- :grep_monitor_expr => '/gobby\>',
+ :grep_monitor_expr => 'users:(("gobby-0.5"',
:socksport => 9050
}
when "SSH"
{
- :grep_monitor_expr => '/\(connect-proxy\|ssh\)\>',
+ :grep_monitor_expr => 'users:(("\(nc\|ssh\)"',
:socksport => 9050
}
when "whois"
{
- :grep_monitor_expr => '/whois\>',
+ :grep_monitor_expr => 'users:(("whois"',
:socksport => 9050
}
else
@@ -280,10 +283,10 @@ def stream_isolation_info(application)
end
When /^I monitor the network connections of (.*)$/ do |application|
- @process_monitor_log = "/tmp/netstat.log"
+ @process_monitor_log = "/tmp/ss.log"
info = stream_isolation_info(application)
$vm.spawn("while true; do " +
- " netstat -taupen | grep \"#{info[:grep_monitor_expr]}\"; " +
+ " ss -taupen | grep '#{info[:grep_monitor_expr]}'; " +
" sleep 0.1; " +
"done > #{@process_monitor_log}")
end
@@ -298,7 +301,7 @@ Then /^I see that (.+) is properly stream isolated$/ do |application|
"Couldn't see any connection made by #{application} so " \
"something is wrong")
log_lines.each do |line|
- ip_port = line.split(/\s+/)[4]
+ ip_port = line.split(/\s+/)[5]
assert(expected_ports.map { |port| "127.0.0.1:#{port}" }.include?(ip_port),
"#{application} should only connect to #{expected_ports} but " \
"was seen connecting to #{ip_port}")
@@ -311,7 +314,7 @@ end
And /^I re-run htpdate$/ do
$vm.execute_successfully("service htpdate stop && " \
- "rm -f /var/run/htpdate/* && " \
+ "rm -f /run/htpdate/* && " \
"systemctl --no-block start htpdate.service")
step "the time has synced"
end
@@ -321,18 +324,22 @@ And /^I re-run tails-upgrade-frontend-wrapper$/ do
end
When /^I connect Gobby to "([^"]+)"$/ do |host|
- @screen.wait("GobbyWindow.png", 30)
- @screen.wait("GobbyWelcomePrompt.png", 10)
- @screen.click("GnomeCloseButton.png")
- @screen.wait("GobbyWindow.png", 10)
+ gobby = Dogtail::Application.new('gobby-0.5')
+ gobby.child('Welcome to Gobby', roleName: 'label')
+ gobby.button('Close').click
# This indicates that Gobby has finished initializing itself
# (generating DH parameters, etc.) -- before, the UI is not responsive
# and our CTRL-t is lost.
- @screen.wait("GobbyFailedToShareDocuments.png", 30)
+ gobby.child('Failed to share documents', roleName: 'label')
+ gobby.menu('File').click
+ gobby.menuItem('Connect to Server...').click
@screen.type("t", Sikuli::KeyModifier.CTRL)
- @screen.wait("GobbyConnectPrompt.png", 10)
- @screen.type(host + Sikuli::Key.ENTER)
- @screen.wait("GobbyConnectionComplete.png", 60)
+ connect_dialog = gobby.dialog('Connect to Server')
+ connect_dialog.child('', roleName: 'text').typeText(host)
+ connect_dialog.button('Connect').click
+ # This looks for the live user's presence entry in the chat, which
+ # will only be shown if the connection succeeded.
+ try_for(60) { gobby.child(LIVE_USER, roleName: 'table cell'); true }
end
When /^the Tor Launcher autostarts$/ do
diff --git a/features/step_definitions/torified_gnupg.rb b/features/step_definitions/torified_gnupg.rb
index cb0a9db..74bd3a4 100644
--- a/features/step_definitions/torified_gnupg.rb
+++ b/features/step_definitions/torified_gnupg.rb
@@ -1,3 +1,5 @@
+require 'resolv'
+
class OpenPGPKeyserverCommunicationError < StandardError
end
@@ -43,6 +45,18 @@ When /^the "([^"]+)" OpenPGP key is not in the live user's public keyring$/ do |
"The '#{keyid}' key is in the live user's public keyring.")
end
+def setup_onion_keyserver
+ resolver = Resolv::DNS.new
+ keyservers = resolver.getaddresses('pool.sks-keyservers.net').select do |addr|
+ addr.class == Resolv::IPv4
+ end
+ onion_keyserver_address = keyservers.sample
+ hkp_port = 11371
+ @onion_keyserver_job = chutney_onionservice_redir(
+ onion_keyserver_address, hkp_port
+ )
+end
+
When /^I fetch the "([^"]+)" OpenPGP key using the GnuPG CLI( without any signatures)?$/ do |keyid, without|
# Make keyid an instance variable so we can reference it in the Seahorse
# keysyncing step.
@@ -52,7 +66,7 @@ When /^I fetch the "([^"]+)" OpenPGP key using the GnuPG CLI( without any signat
else
importopts = ''
end
- retry_tor do
+ retry_tor(Proc.new { setup_onion_keyserver }) do
@gnupg_recv_key_res = $vm.execute_successfully(
"timeout 120 gpg --batch #{importopts} --recv-key '#{@fetched_openpgp_keyid}'",
:user => LIVE_USER)
@@ -74,11 +88,6 @@ When /^the Seahorse operation is successful$/ do
$vm.has_process?('seahorse')
end
-When /^GnuPG uses the configured keyserver$/ do
- assert(@gnupg_recv_key_res.stderr[CONFIGURED_KEYSERVER_HOSTNAME],
- "GnuPG's stderr did not mention keyserver #{CONFIGURED_KEYSERVER_HOSTNAME}")
-end
-
When /^the "([^"]+)" key is in the live user's public keyring(?: after at most (\d) seconds)?$/ do |keyid, delay|
delay = 10 unless delay
try_for(delay.to_i, :msg => "The '#{keyid}' key is not in the live user's public keyring") {
@@ -108,6 +117,7 @@ end
Then /^I synchronize keys in Seahorse$/ do
recovery_proc = Proc.new do
+ setup_onion_keyserver
# The version of Seahorse in Jessie will abort with a
# segmentation fault whenever there's any sort of network error while
# syncing keys. This will usually happens after clicking away the error
@@ -166,6 +176,7 @@ When /^I fetch the "([^"]+)" OpenPGP key using Seahorse( via the OpenPGP Applet)
end
recovery_proc = Proc.new do
+ setup_onion_keyserver
@screen.click('GnomeCloseButton.png') if @screen.exists('GnomeCloseButton.png')
@screen.type("w", Sikuli::KeyModifier.CTRL)
end
@@ -198,11 +209,40 @@ When /^I fetch the "([^"]+)" OpenPGP key using Seahorse( via the OpenPGP Applet)
end
end
-Then /^Seahorse is configured to use the correct keyserver$/ do
- @gnome_keyservers = YAML.load($vm.execute_successfully('gsettings get org.gnome.crypto.pgp keyservers',
- :user => LIVE_USER).stdout)
- assert_equal(1, @gnome_keyservers.count, 'Seahorse should only have one keyserver configured.')
- # Seahorse doesn't support hkps so that part of the domain is stripped out.
- # We also insert hkp:// to the beginning of the domain.
- assert_equal(CONFIGURED_KEYSERVER_HOSTNAME.sub('hkps.', 'hkp://'), @gnome_keyservers[0])
+Given /^(GnuPG|Seahorse) is configured to use Chutney's onion keyserver$/ do |app|
+ setup_onion_keyserver unless @onion_keyserver_job
+ _, _, onion_address, onion_port = chutney_onionservice_info
+ case app
+ when 'GnuPG'
+ # Validate the shipped configuration ...
+ server = /keyserver\s+(\S+)$/.match($vm.file_content("/home/#{LIVE_USER}/.gnupg/dirmngr.conf"))[1]
+ assert_equal(
+ "hkp://#{CONFIGURED_KEYSERVER_HOSTNAME}", server,
+ "GnuPG's dirmngr does not use the correct keyserver"
+ )
+ # ... before replacing it
+ $vm.execute_successfully(
+ "sed -i 's/#{CONFIGURED_KEYSERVER_HOSTNAME}/#{onion_address}:#{onion_port}/' " +
+ "'/home/#{LIVE_USER}/.gnupg/dirmngr.conf'"
+ )
+ when 'Seahorse'
+ # Validate the shipped configuration ...
+ @gnome_keyservers = YAML.load(
+ $vm.execute_successfully(
+ 'gsettings get org.gnome.crypto.pgp keyservers',
+ user: LIVE_USER
+ ).stdout
+ )
+ assert_equal(1, @gnome_keyservers.count,
+ 'Seahorse should only have one keyserver configured.')
+ assert_equal(
+ 'hkp://' + CONFIGURED_KEYSERVER_HOSTNAME, @gnome_keyservers[0],
+ "GnuPG's dirmngr does not use the correct keyserver"
+ )
+ # ... before replacing it
+ $vm.execute_successfully(
+ "gsettings set org.gnome.crypto.pgp keyservers \"['hkp://#{onion_address}:#{onion_port}']\"",
+ user: LIVE_USER
+ )
+ end
end
diff --git a/features/step_definitions/unsafe_browser.rb b/features/step_definitions/unsafe_browser.rb
index f168e83..de69a16 100644
--- a/features/step_definitions/unsafe_browser.rb
+++ b/features/step_definitions/unsafe_browser.rb
@@ -13,7 +13,8 @@ def supported_torbrowser_languages
File.read(localization_descriptions).split("\n").map do |line|
# The line will be of the form "xx:YY:..." or "xx-YY:YY:..."
first, second = line.sub('-', '_').split(':')
- candidates = ["#{first}_#{second}.utf8", "#{first}.utf8",
+ candidates = ["#{first}_#{second}.UTF-8", "#{first}_#{second}.utf8",
+ "#{first}.UTF-8", "#{first}.utf8",
"#{first}_#{second}", first]
when_not_found = Proc.new { raise "Could not find a locale for '#{line}'" }
candidates.find(when_not_found) do |candidate|
@@ -29,7 +30,7 @@ end
Then /^the Unsafe Browser works in all supported languages$/ do
failed = Array.new
- supported_torbrowser_languages.each do |lang|
+ supported_torbrowser_languages.sample(3).each do |lang|
step "I start the Unsafe Browser in the \"#{lang}\" locale"
begin
step "the Unsafe Browser has started"
@@ -167,7 +168,11 @@ Then /^the Unsafe Browser has no proxy configured$/ do
end
Then /^the Unsafe Browser complains that no DNS server is configured$/ do
- @screen.wait("UnsafeBrowserDNSError.png", 30)
+ assert_not_nil(
+ Dogtail::Application.new('zenity')
+ .child(roleName: 'label')
+ .text['No DNS server was obtained']
+ )
end
Then /^I configure the Unsafe Browser to check for updates more frequently$/ do
diff --git a/features/step_definitions/untrusted_partitions.rb b/features/step_definitions/untrusted_partitions.rb
index 43453b2..603c8b4 100644
--- a/features/step_definitions/untrusted_partitions.rb
+++ b/features/step_definitions/untrusted_partitions.rb
@@ -27,7 +27,7 @@ Given /^I create an? ([[:alnum:]]+) partition( labeled "([^"]+)")? with an? ([[:
$vm.storage.disk_mkpartfs(name, parttype, fstype, opts)
end
-Given /^I cat an ISO of the Tails image to disk "([^"]+)"$/ do |name|
+Given /^I write the Tails ISO image to disk "([^"]+)"$/ do |name|
src_disk = {
:path => TAILS_ISO,
:opts => {
@@ -55,7 +55,7 @@ end
Then /^Tails Greeter has( not)? detected a persistence partition$/ do |no_persistence|
expecting_persistence = no_persistence.nil?
@screen.find('TailsGreeter.png')
- found_persistence = ! @screen.exists('TailsGreeterPersistence.png').nil?
+ found_persistence = ! @screen.exists('TailsGreeterPersistencePassphrase.png').nil?
assert_equal(expecting_persistence, found_persistence,
"Persistence is unexpectedly#{no_persistence} enabled")
end
diff --git a/features/step_definitions/usb.rb b/features/step_definitions/usb.rb
index 55e2df8..ec531f1 100644
--- a/features/step_definitions/usb.rb
+++ b/features/step_definitions/usb.rb
@@ -73,22 +73,37 @@ Given /^the computer is set to boot in UEFI mode$/ do
@os_loader = 'UEFI'
end
+def tails_installer_selected_device
+ @installer.child('Target Device:', roleName: 'label').parent
+ .child('', roleName: 'combo box', recursive: false).name
+end
+
+def tails_installer_is_device_selected?(name)
+ device = $vm.disk_dev(name)
+ tails_installer_selected_device[/#{device}\d*$/]
+end
+
+def tails_installer_match_status(pattern)
+ @installer.child('', roleName: 'text').text[pattern]
+end
+
class UpgradeNotSupported < StandardError
end
def usb_install_helper(name)
- @screen.wait('USBTailsLogo.png', 10)
- text = Dogtail::Application.new('tails-installer')
- .child('', roleName: 'text').text
- dev = $vm.disk_dev(name)
- if text.match(/It is impossible to upgrade the device .+ #{dev}\d* /)
+ if tails_installer_match_status(/It is impossible to upgrade the device .+ #{$vm.disk_dev(name)}\d* /)
raise UpgradeNotSupported
end
+ assert(tails_installer_is_device_selected?(name))
begin
- @screen.wait_and_click('USBCreateLiveUSB.png', 10)
- @screen.wait('USBCreateLiveUSBConfirmWindow.png', 10)
- @screen.wait_and_click('USBCreateLiveUSBConfirmYes.png', 10)
- @screen.wait('USBInstallationComplete.png', 30*60)
+ @installer.button('Install Tails').click
+ @installer.child('Question', roleName: 'alert').button('Yes').click
+ try_for(30*60) do
+ @installer
+ .child('Information', roleName: 'alert')
+ .child('Installation complete!', roleName: 'label')
+ true
+ end
rescue FindFailed => e
path = $vm.execute_successfully('ls -1 /tmp/tails-installer-*').stdout.chomp
debug_log("Tails Installer debug log:\n" + $vm.file_content(path))
@@ -96,52 +111,67 @@ def usb_install_helper(name)
end
end
-When /^I start Tails Installer$/ do
+When /^I start Tails Installer in "([^"]+)" mode$/ do |mode|
step 'I run "export DEBUG=1 ; tails-installer-launcher" in GNOME Terminal'
- @screen.wait('USBCloneAndInstall.png', 30)
+ installer_launcher = Dogtail::Application.new('tails-installer-launcher')
+ .child('Tails Installer', roleName: 'frame')
+ # Sometimes Dogtail will find the button and click it before it is
+ # shown (searchShowingOnly is not perfect) which generally means
+ # clicking somewhere on the Terminal => the click is lost *and* the
+ # installer does no go to the foreground. So let's wait a bit extra.
+ sleep 3
+ installer_launcher.button(mode).click
+ @installer = Dogtail::Application.new('tails-installer')
+ @installer.child('Tails Installer', roleName: 'frame')
+ # ... and something similar (for consecutive steps) again.
+ sleep 3
+ $vm.focus_window('Tails Installer')
end
-When /^I start Tails Installer in "([^"]+)" mode$/ do |mode|
- step 'I start Tails Installer'
- case mode
- when 'Clone & Install'
- @screen.wait_and_click('USBCloneAndInstall.png', 10)
- when 'Clone & Upgrade'
- @screen.wait_and_click('USBCloneAndUpgrade.png', 10)
- when 'Upgrade from ISO'
- @screen.wait_and_click('USBUpgradeFromISO.png', 10)
- else
- raise "Unsupported mode '#{mode}'"
+Then /^Tails Installer detects that a device is too small$/ do
+ try_for(10) do
+ tails_installer_match_status(/^The device .* is too small to install Tails/)
end
end
-Then /^Tails Installer detects that a device is too small$/ do
- @screen.wait('TailsInstallerTooSmallDevice.png', 10)
+When /^I am told that the destination device cannot be upgraded$/ do
+ try_for(10) do
+ tails_installer_match_status(/^It is impossible to upgrade the device/)
+ end
end
-When /^I "Clone & Install" Tails to USB drive "([^"]+)"$/ do |name|
- step 'I start Tails Installer in "Clone & Install" mode'
- usb_install_helper(name)
+When /^I am suggested to do a "Install by cloning"$/ do
+ try_for(10) do
+ tails_installer_match_status(
+ /You should instead use "Install by cloning" to upgrade Tails/
+ )
+ end
end
-When /^I "Clone & Upgrade" Tails to USB drive "([^"]+)"$/ do |name|
- step 'I start Tails Installer in "Clone & Upgrade" mode'
- usb_install_helper(name)
+Then /^a suitable USB device is (?:still )?not found$/ do
+ @installer.child(
+ 'No device suitable to install Tails could be found', roleName: 'label'
+ )
end
-When /^I try a "Clone & Upgrade" Tails to USB drive "([^"]+)"$/ do |name|
- begin
- step "I \"Clone & Upgrade\" Tails to USB drive \"#{name}\""
- rescue UpgradeNotSupported
- # this is what we expect
- else
- raise "The USB installer should not succeed"
+Then /^(no|the "([^"]+)") USB drive is selected$/ do |mode, name|
+ try_for(30) do
+ if mode == 'no'
+ tails_installer_selected_device == ''
+ else
+ tails_installer_is_device_selected?(name)
+ end
end
end
-When /^I try to "Upgrade from ISO" USB drive "([^"]+)"$/ do |name|
+When /^I "([^"]*)" Tails to USB drive "([^"]+)"$/ do |mode, name|
+ step "I start Tails Installer in \"#{mode}\" mode"
+ usb_install_helper(name)
+end
+
+When /^I fail to "([^"]*)" Tails to USB drive "([^"]+)"$/ do |mode, name|
begin
- step "I do a \"Upgrade from ISO\" on USB drive \"#{name}\""
+ step "I \"#{mode}\" Tails to USB drive \"#{name}\""
rescue UpgradeNotSupported
# this is what we expect
else
@@ -149,14 +179,6 @@ When /^I try to "Upgrade from ISO" USB drive "([^"]+)"$/ do |name|
end
end
-When /^I am suggested to do a "Clone & Install"$/ do
- @screen.find("USBCannotUpgrade.png")
-end
-
-When /^I am told that the destination device cannot be upgraded$/ do
- @screen.find("USBCannotUpgrade.png")
-end
-
Given /^I plug and mount a USB drive containing the Tails ISO$/ do
iso_dir = share_host_files(TAILS_ISO)
@iso_path = "#{iso_dir}/#{File.basename(TAILS_ISO)}"
@@ -164,15 +186,13 @@ end
When /^I do a "Upgrade from ISO" on USB drive "([^"]+)"$/ do |name|
step 'I start Tails Installer in "Upgrade from ISO" mode'
- @screen.wait('USBUseLiveSystemISO.png', 10)
- match = @screen.find('USBUseLiveSystemISO.png')
- @screen.click(match.getCenter.offset(0, match.h*2))
- @screen.wait('USBSelectISO.png', 10)
- @screen.wait_and_click('GnomeFileDiagHome.png', 10)
+ @installer.child('Use existing Live system ISO:', roleName: 'label')
+ .parent.button('(None)').click
+ file_chooser = @installer.child('Select a File', roleName: 'file chooser')
@screen.type("l", Sikuli::KeyModifier.CTRL)
- @screen.wait('GnomeFileDiagTypeFilename.png', 10)
- @screen.type(@iso_path)
- @screen.wait_and_click('GnomeFileDiagOpenButton.png', 10)
+ # The only visible text element will be the path entry
+ file_chooser.child(roleName: 'text').typeText(@iso_path + '\n')
+ file_chooser.button('Open').click
usb_install_helper(name)
end
@@ -330,12 +350,9 @@ Then /^a Tails persistence partition exists on USB drive "([^"]+)"$/ do |name|
end
Given /^I enable persistence$/ do
- @screen.wait('TailsGreeterPersistence.png', 10)
- @screen.type(Sikuli::Key.SPACE)
- @screen.wait('TailsGreeterPersistencePassphrase.png', 10)
- match = @screen.find('TailsGreeterPersistencePassphrase.png')
- @screen.click(match.getCenter.offset(match.w*2, match.h/2))
- @screen.type(@persistence_password)
+ @screen.wait_and_click('TailsGreeterPersistencePassphrase.png', 10)
+ @screen.type(@persistence_password + Sikuli::Key.ENTER)
+ @screen.wait('TailsGreeterPersistenceUnlocked.png', 30)
end
def tails_persistence_enabled?
@@ -379,11 +396,6 @@ Given /^persistence is disabled$/ do
assert(!tails_persistence_enabled?, "Persistence is enabled")
end
-Given /^I enable read-only persistence$/ do
- step "I enable persistence"
- @screen.wait_and_click('TailsGreeterPersistenceReadOnly.png', 10)
-end
-
def boot_device
# Approach borrowed from
# config/chroot_local_includes/lib/live/config/998-permissions
@@ -627,18 +639,6 @@ Given /^I create a ([[:alpha:]]+) label on disk "([^"]+)"$/ do |type, name|
$vm.storage.disk_mklabel(name, type)
end
-Then /^a suitable USB device is (?:still )?not found$/ do
- @screen.wait("TailsInstallerNoQEMUHardDisk.png", 30)
-end
-
-Then /^the "(?:[^"]+)" USB drive is selected$/ do
- @screen.wait("TailsInstallerQEMUHardDisk.png", 30)
-end
-
-Then /^no USB drive is selected$/ do
- @screen.wait("TailsInstallerNoQEMUHardDisk.png", 30)
-end
-
Given /^the file system changes introduced in version (.+) are (not )?present(?: in the (\S+) Browser's chroot)?$/ do |version, not_present, chroot_browser|
assert_equal('1.1~test', version)
upgrade_applied = not_present.nil?
diff --git a/features/support/config.rb b/features/support/config.rb
index 89fa1ba..79c1b30 100644
--- a/features/support/config.rb
+++ b/features/support/config.rb
@@ -61,7 +61,7 @@ loop do
end
# Constants that are statically initialized.
-CONFIGURED_KEYSERVER_HOSTNAME = 'hkps.pool.sks-keyservers.net'
+CONFIGURED_KEYSERVER_HOSTNAME = 'jirk5u4osbsr34t5.onion'
LIBVIRT_DOMAIN_NAME = "TailsToaster"
LIBVIRT_DOMAIN_UUID = "203552d5-819c-41f3-800e-2c8ef2545404"
LIBVIRT_NETWORK_NAME = "TailsToasterNet"
@@ -69,8 +69,8 @@ LIBVIRT_NETWORK_UUID = "f2305af3-2a64-4f16-afe6-b9dbf02a597e"
MISC_FILES_DIR = "#{Dir.pwd}/features/misc_files"
SERVICES_EXPECTED_ON_ALL_IFACES =
[
- ["cupsd", "0.0.0.0", "631"],
- ["dhclient", "0.0.0.0", "*"]
+ ["cupsd", "*", "631"],
+ ["dhclient", "*", "68"]
]
# OpenDNS
SOME_DNS_SERVER = "208.67.222.222"
diff --git a/features/support/helpers/dogtail.rb b/features/support/helpers/dogtail.rb
index 21ddcf2..2a92649 100644
--- a/features/support/helpers/dogtail.rb
+++ b/features/support/helpers/dogtail.rb
@@ -10,6 +10,7 @@ module Dogtail
:child,
:childLabelled,
:childNamed,
+ :dialog,
:menu,
:menuItem,
:tab,
@@ -82,6 +83,12 @@ module Dogtail
return c
end
+ def child?(*args)
+ !!child(*args)
+ rescue
+ false
+ end
+
def exist?
run("dogtail.config.searchCutoffCount = 0")
run(@find_code)
@@ -175,6 +182,10 @@ module Dogtail
get_field('name')
end
+ def roleName
+ get_field('roleName')
+ end
+
TREE_API_APP_SEARCHES.each do |method|
define_method(method) do |*args|
args_str = self.class.args_to_s(args)
diff --git a/features/support/helpers/firewall_helper.rb b/features/support/helpers/firewall_helper.rb
index b608f7d..f88091d 100644
--- a/features/support/helpers/firewall_helper.rb
+++ b/features/support/helpers/firewall_helper.rb
@@ -1,8 +1,9 @@
require 'packetfu'
-def looks_like_dhcp_packet?(protocol, sport, dport, ip_packet)
- protocol == "udp" && sport == 68 && dport == 67 && ip_packet &&
- ip_packet.ip_saddr == '0.0.0.0' && ip_packet.ip_daddr == "255.255.255.255"
+def looks_like_dhcp_packet?(eth_packet, protocol, sport, dport, ip_packet)
+ protocol == "udp" && sport == 68 && dport == 67 &&
+ eth_packet.eth_daddr == "ff:ff:ff:ff:ff:ff" &&
+ ip_packet && ip_packet.ip_daddr == "255.255.255.255"
end
# Returns the unique edges (based on protocol, source/destination
@@ -42,8 +43,9 @@ def pcap_connections_helper(pcap_file, opts = {})
raise "Found something that cannot be parsed"
end
- next if looks_like_dhcp_packet?(protocol, sport, dport, ip_packet) &&
- opts[:ignore_dhcp]
+ next if opts[:ignore_dhcp] &&
+ looks_like_dhcp_packet?(eth_packet, protocol,
+ sport, dport, ip_packet)
packet_info = {
mac_saddr: eth_packet.eth_saddr,
diff --git a/features/support/helpers/misc_helpers.rb b/features/support/helpers/misc_helpers.rb
index 7fdc5bf..275c6ca 100644
--- a/features/support/helpers/misc_helpers.rb
+++ b/features/support/helpers/misc_helpers.rb
@@ -135,6 +135,10 @@ def retry_action(max_retries, options = {}, &block)
begin
block.call
return
+ rescue NameError => e
+ # NameError most likely means typos, and hiding that is rarely
+ # (never?) a good idea, so we rethrow them.
+ raise e
rescue Exception => e
if retries <= max_retries
debug_log("#{options[:operation_name]} failed (Try #{retries} of " +
@@ -151,6 +155,8 @@ def retry_action(max_retries, options = {}, &block)
end
end
+alias :retry_times :retry_action
+
class TorBootstrapFailure < StandardError
end
diff --git a/features/support/helpers/storage_helper.rb b/features/support/helpers/storage_helper.rb
index 9cf0db2..5ed5b55 100644
--- a/features/support/helpers/storage_helper.rb
+++ b/features/support/helpers/storage_helper.rb
@@ -79,6 +79,10 @@ class VMStorage
VMStorage.clear_storage_pool_volumes(@pool)
end
+ def list_volumes
+ @pool.list_volumes
+ end
+
def delete_volume(name)
@pool.lookup_volume_by_name(name).delete
end
diff --git a/features/support/helpers/vm_helper.rb b/features/support/helpers/vm_helper.rb
index bbfdfa6..c2e9379 100644
--- a/features/support/helpers/vm_helper.rb
+++ b/features/support/helpers/vm_helper.rb
@@ -391,42 +391,6 @@ class VM
return convert_to_bytes(size, unit)
end
- def set_arch(arch)
- raise "System architecture can only be set to inactive vms" if is_running?
- domain_xml = REXML::Document.new(@domain.xml_desc)
- domain_xml.elements['domain/os/type'].attributes['arch'] = arch
- update(domain_xml.to_s)
- end
-
- def add_hypervisor_feature(feature)
- raise "Hypervisor features can only be added to inactive vms" if is_running?
- domain_xml = REXML::Document.new(@domain.xml_desc)
- domain_xml.elements['domain/features'].add_element(feature)
- update(domain_xml.to_s)
- end
-
- def drop_hypervisor_feature(feature)
- raise "Hypervisor features can only be fropped from inactive vms" if is_running?
- domain_xml = REXML::Document.new(@domain.xml_desc)
- domain_xml.elements['domain/features'].delete_element(feature)
- update(domain_xml.to_s)
- end
-
- def disable_pae_workaround
- # add_hypervisor_feature("nonpae") results in a libvirt error, and
- # drop_hypervisor_feature("pae") alone won't disable pae. Hence we
- # use this workaround.
- xml = <<EOF
- <qemu:commandline xmlns:qemu='http://libvirt.org/schemas/domain/qemu/1.0'>
- <qemu:arg value='-cpu'/>
- <qemu:arg value='qemu32,-pae'/>
- </qemu:commandline>
-EOF
- domain_xml = REXML::Document.new(@domain.xml_desc)
- domain_xml.elements['domain'].add_element(REXML::Document.new(xml))
- update(domain_xml.to_s)
- end
-
def set_os_loader(type)
if is_running?
raise "boot settings can only be set for inactive vms"
@@ -509,7 +473,7 @@ EOF
def select_virtual_desktop(desktop_number, user = LIVE_USER)
assert(desktop_number >= 0 && desktop_number <=3,
- "Only values between 0 and 3 are valid virtual desktop numbers")
+ "Only values between 0 and 1 are valid virtual desktop numbers")
execute_successfully(
"xdotool set_desktop '#{desktop_number}'",
:user => user
@@ -530,11 +494,17 @@ EOF
# Often when xdotool fails to focus a window it'll work when retried
# after redrawing the screen. Switching to a new virtual desktop then
# back seems to be a reliable way to handle this.
- select_virtual_desktop(3)
+ # Sadly we have to rely on a lot of sleep() here since there's
+ # little on the screen etc that we truly can rely on.
+ sleep 5
+ select_virtual_desktop(1)
+ sleep 5
select_virtual_desktop(0)
- sleep 5 # there aren't any visual indicators which can be used here
+ sleep 5
do_focus(window_title, user)
end
+ rescue
+ # noop
end
def file_exist?(file)
diff --git a/features/support/hooks.rb b/features/support/hooks.rb
index c2e9c5e..6a7891d 100644
--- a/features/support/hooks.rb
+++ b/features/support/hooks.rb
@@ -14,13 +14,14 @@ AfterConfiguration do |config|
prioritized_features = [
# Features not using snapshots but using large amounts of scratch
# space for other reasons:
- 'features/erase_memory.feature',
'features/untrusted_partitions.feature',
# Features using temporary snapshots:
'features/apt.feature',
'features/root_access_control.feature',
'features/time_syncing.feature',
'features/tor_bridges.feature',
+ # Features using large amounts of scratch space for other reasons:
+ 'features/erase_memory.feature',
# This feature needs the almost biggest snapshot (USB install,
# excluding persistence) and will create yet another disk and
# install Tails on it. This should be the peak of disk usage.
@@ -186,6 +187,10 @@ AfterFeature('@product') do
end
end
end
+ $vmstorage.list_volumes.each do |vol_name|
+ next if vol_name == '__internal'
+ $vmstorage.delete_volume(vol_name)
+ end
end
# Cucumber Before hooks are executed in the order they are listed, and
diff --git a/features/tor_enforcement.feature b/features/tor_enforcement.feature
index 0095f77..0edd4ba 100644
--- a/features/tor_enforcement.feature
+++ b/features/tor_enforcement.feature
@@ -44,21 +44,20 @@ Feature: The Tor enforcement is effective
@check_tor_leaks
Scenario: The Tor enforcement is effective at blocking untorified TCP connection attempts
Given I have started Tails from DVD and logged in and the network is connected
- When I open an untorified TCP connections to 1.2.3.4 on port 42 that is expected to fail
+ When I open an untorified TCP connection to 1.2.3.4 on port 42
Then the untorified connection fails
And the untorified connection is logged as dropped by the firewall
@check_tor_leaks
Scenario: The Tor enforcement is effective at blocking untorified UDP connection attempts
Given I have started Tails from DVD and logged in and the network is connected
- When I open an untorified UDP connections to 1.2.3.4 on port 42 that is expected to fail
- Then the untorified connection fails
+ When I open an untorified UDP connection to 1.2.3.4 on port 42
And the untorified connection is logged as dropped by the firewall
@check_tor_leaks @fragile
Scenario: The Tor enforcement is effective at blocking untorified ICMP connection attempts
Given I have started Tails from DVD and logged in and the network is connected
- When I open an untorified ICMP connections to 1.2.3.4 that is expected to fail
+ When I open an untorified ICMP connection to 1.2.3.4
Then the untorified connection fails
And the untorified connection is logged as dropped by the firewall
diff --git a/features/tor_stream_isolation.feature b/features/tor_stream_isolation.feature
index 129707e..2358b79 100644
--- a/features/tor_stream_isolation.feature
+++ b/features/tor_stream_isolation.feature
@@ -26,7 +26,7 @@ Feature: Tor stream isolation is effective
Scenario: The Tor Browser is using the web browser-specific SocksPort
When I monitor the network connections of Tor Browser
And I start the Tor Browser
- And the Tor Browser has started and loaded the startup page
+ And the Tor Browser loads the startup page
Then I see that Tor Browser is properly stream isolated
@fragile
diff --git a/features/torified_browsing.feature b/features/torified_browsing.feature
index 7de383d..083b71d 100644
--- a/features/torified_browsing.feature
+++ b/features/torified_browsing.feature
@@ -11,7 +11,7 @@ Feature: Browsing the web using the Tor Browser
And a web server is running on the LAN
And I capture all network traffic
When I start the Tor Browser
- And the Tor Browser has started and loaded the startup page
+ And the Tor Browser loads the startup page
And I open a page on the LAN web server in the Tor Browser
Then the Tor Browser shows the "Unable to connect" error
And no traffic was sent to the web server on the LAN
@@ -24,7 +24,7 @@ Feature: Browsing the web using the Tor Browser
And there is a GNOME bookmark for the amnesiac Tor Browser directory
And the persistent Tor Browser directory does not exist
When I start the Tor Browser
- And the Tor Browser has started and loaded the startup page
+ And the Tor Browser loads the startup page
Then I can save the current page as "index.html" to the default downloads directory
And I can print the current page as "output.pdf" to the default downloads directory
@@ -33,7 +33,7 @@ Feature: Browsing the web using the Tor Browser
Scenario: Downloading files with the Tor Browser
Given I have started Tails from DVD and logged in and the network is connected
When I start the Tor Browser
- Then the Tor Browser has started and loaded the startup page
+ Then the Tor Browser loads the startup page
When I download some file in the Tor Browser
Then I get the browser download dialog
When I save the file to the default Tor Browser download directory
@@ -44,7 +44,7 @@ Feature: Browsing the web using the Tor Browser
Scenario: Playing HTML5 audio
Given I have started Tails from DVD and logged in and the network is connected
When I start the Tor Browser
- And the Tor Browser has started and loaded the startup page
+ And the Tor Browser loads the startup page
And no application is playing audio
And I open the address "http://www.terrillthompson.com/tests/html5-audio.html" in the Tor Browser
And I click the HTML5 play button
@@ -54,7 +54,7 @@ Feature: Browsing the web using the Tor Browser
Scenario: Watching a WebM video
Given I have started Tails from DVD and logged in and the network is connected
When I start the Tor Browser
- And the Tor Browser has started and loaded the startup page
+ And the Tor Browser loads the startup page
And I open the address "https://tails.boum.org/lib/test_suite/test.webm" in the Tor Browser
And I click the blocked video icon
And I see "TorBrowserNoScriptTemporarilyAllowDialog.png" after at most 30 seconds
@@ -74,7 +74,7 @@ Feature: Browsing the web using the Tor Browser
And the file "/tmp/synaptic.html" exists
Given I start monitoring the AppArmor log of "/usr/local/lib/tor-browser/firefox"
When I start the Tor Browser
- And the Tor Browser has started and loaded the startup page
+ And the Tor Browser loads the startup page
And I open the address "file:///home/amnesia/Tor Browser/synaptic.html" in the Tor Browser
Then I see "TorBrowserSynapticManual.png" after at most 5 seconds
And AppArmor has not denied "/usr/local/lib/tor-browser/firefox" from opening "/home/amnesia/Tor Browser/synaptic.html"
@@ -102,16 +102,15 @@ Feature: Browsing the web using the Tor Browser
Then I do not see "TorBrowserSynapticManual.png" after at most 5 seconds
@doc
- Scenario: The "Tails documentation" link on the Desktop works
+ Scenario: The Tails documentation launcher on the desktop works
Given I have started Tails from DVD and logged in and the network is connected
- When I double-click on the "Tails documentation" link on the Desktop
+ When I double-click on the Tails documentation launcher on the desktop
Then the Tor Browser has started
And "Tails - Getting started..." has loaded in the Tor Browser
Scenario: The Tor Browser uses TBB's shared libraries
Given I have started Tails from DVD and logged in and the network is connected
When I start the Tor Browser
- And the Tor Browser has started
Then the Tor Browser uses all expected TBB shared libraries
#11592
@@ -119,7 +118,7 @@ Feature: Browsing the web using the Tor Browser
Scenario: The Tor Browser's "New identity" feature works as expected
Given I have started Tails from DVD and logged in and the network is connected
When I start the Tor Browser
- And the Tor Browser has started and loaded the startup page
+ And the Tor Browser loads the startup page
And I open Tails homepage in the Tor Browser
Then Tails homepage loads in the Tor Browser
When I request a new identity using Torbutton
@@ -131,7 +130,7 @@ Feature: Browsing the web using the Tor Browser
Scenario: The Tor Browser should not have any plugins enabled
Given I have started Tails from DVD and logged in and the network is connected
When I start the Tor Browser
- And the Tor Browser has started and loaded the startup page
+ And the Tor Browser loads the startup page
Then the Tor Browser has no plugins installed
#11592
@@ -145,7 +144,7 @@ Feature: Browsing the web using the Tor Browser
Then the persistent Tor Browser directory exists
And there is a GNOME bookmark for the persistent Tor Browser directory
When I start the Tor Browser
- And the Tor Browser has started and loaded the startup page
+ And the Tor Browser loads the startup page
And I can save the current page as "index.html" to the persistent Tor Browser directory
When I open the address "file:///home/amnesia/Persistent/Tor Browser/index.html" in the Tor Browser
Then I see "TorBrowserSavedStartupPage.png" after at most 10 seconds
@@ -159,13 +158,11 @@ Feature: Browsing the web using the Tor Browser
And all persistent filesystems have safe access rights
And all persistence configuration files have safe access rights
And all persistent directories have safe access rights
- And I start the Tor Browser in offline mode
- And the Tor Browser has started in offline mode
+ When I start the Tor Browser in offline mode
And I add a bookmark to eff.org in the Tor Browser
And I warm reboot the computer
And the computer reboots Tails
- And I enable read-only persistence
+ And I enable persistence
And I log in to a new session
And I start the Tor Browser in offline mode
- And the Tor Browser has started in offline mode
Then the Tor Browser has a bookmark to eff.org
diff --git a/features/torified_gnupg.feature b/features/torified_gnupg.feature
index bba2744..fedb503 100644
--- a/features/torified_gnupg.feature
+++ b/features/torified_gnupg.feature
@@ -8,15 +8,13 @@ Feature: Keyserver interaction with GnuPG
Background:
Given I have started Tails from DVD and logged in and the network is connected
And the "10CC5BC7" OpenPGP key is not in the live user's public keyring
-
- Scenario: Seahorse is configured to use the correct keyserver
- Then Seahorse is configured to use the correct keyserver
+ And GnuPG is configured to use Chutney's onion keyserver
+ And Seahorse is configured to use Chutney's onion keyserver
Scenario: Fetching OpenPGP keys using GnuPG should work and be done over Tor.
When I fetch the "10CC5BC7" OpenPGP key using the GnuPG CLI
- Then GnuPG uses the configured keyserver
And the GnuPG fetch is successful
- And the "10CC5BC7" key is in the live user's public keyring
+ Then the "10CC5BC7" key is in the live user's public keyring
Scenario: Fetching OpenPGP keys using Seahorse should work and be done over Tor.
When I fetch the "10CC5BC7" OpenPGP key using Seahorse
diff --git a/features/unsafe_browser.feature b/features/unsafe_browser.feature
index a0a26fa..7b2dc54 100644
--- a/features/unsafe_browser.feature
+++ b/features/unsafe_browser.feature
@@ -33,7 +33,7 @@ Feature: Browsing the web using the Unsafe Browser
Given I have started Tails from DVD and logged in and the network is connected
When I successfully start the Unsafe Browser
And I close the Unsafe Browser
- Then I see the Unsafe Browser stop notification
+ Then I see the "Shutting down the Unsafe Browser..." notification after at most 60 seconds
And the Unsafe Browser chroot is torn down
#11458
@@ -41,6 +41,11 @@ Feature: Browsing the web using the Unsafe Browser
Scenario: Starting a second instance of the Unsafe Browser results in an error message being shown.
Given I have started Tails from DVD and logged in and the network is connected
When I successfully start the Unsafe Browser
+ # Wait for whatever facility the GNOME Activities Overview uses to
+ # learn about which applications are running to "settle". Without
+ # this sleep, it is confused and it's impossible to start a new
+ # instance (it will just switch to the one we already started).
+ And I wait 10 seconds
And I start the Unsafe Browser
Then I see a warning about another instance already running
diff --git a/features/untrusted_partitions.feature b/features/untrusted_partitions.feature
index ff94cd5..2c57bfe 100644
--- a/features/untrusted_partitions.feature
+++ b/features/untrusted_partitions.feature
@@ -45,7 +45,7 @@ Feature: Untrusted partitions
Scenario: Tails can boot from live systems stored on hard drives
Given a computer
And I temporarily create a 2 GiB disk named "live_hd"
- And I cat an ISO of the Tails image to disk "live_hd"
+ And I write the Tails ISO image to disk "live_hd"
And the computer is set to boot from sata drive "live_hd"
And I set Tails to boot with options "live-media="
When I start Tails with network unplugged and I login
@@ -54,7 +54,7 @@ Feature: Untrusted partitions
Scenario: Tails booting from a DVD does not use live systems stored on hard drives
Given a computer
And I temporarily create a 2 GiB disk named "live_hd"
- And I cat an ISO of the Tails image to disk "live_hd"
+ And I write the Tails ISO image to disk "live_hd"
And I plug sata drive "live_hd"
And I start Tails from DVD with network unplugged and I login
Then drive "live_hd" is detected by Tails
diff --git a/features/usb_install.feature b/features/usb_install.feature
index 64da8ee..2c61296 100644
--- a/features/usb_install.feature
+++ b/features/usb_install.feature
@@ -6,32 +6,32 @@ Feature: Installing Tails to a USB drive
Scenario: Try installing Tails to a too small USB drive
Given I have started Tails from DVD without network and logged in
And I temporarily create a 2 GiB disk named "too-small-device"
- And I start Tails Installer in "Clone & Install" mode
+ And I start Tails Installer in "Install by cloning" mode
But a suitable USB device is not found
+ And no USB drive is selected
When I plug USB drive "too-small-device"
Then Tails Installer detects that a device is too small
- And a suitable USB device is not found
+ And no USB drive is selected
When I unplug USB drive "too-small-device"
- And I create a 4 GiB disk named "big-enough"
+ And I temporarily create a 4 GiB disk named "big-enough"
And I plug USB drive "big-enough"
Then the "big-enough" USB drive is selected
Scenario: Detecting when a target USB drive is inserted or removed
Given I have started Tails from DVD without network and logged in
And I temporarily create a 4 GiB disk named "temp"
- And I start Tails Installer in "Clone & Install" mode
+ And I start Tails Installer in "Install by cloning" mode
But a suitable USB device is not found
When I plug USB drive "temp"
Then the "temp" USB drive is selected
When I unplug USB drive "temp"
- Then no USB drive is selected
- And a suitable USB device is not found
+ Then a suitable USB device is not found
Scenario: Installing Tails to a pristine USB drive
Given I have started Tails from DVD without network and logged in
And I temporarily create a 4 GiB disk named "install"
And I plug USB drive "install"
- And I "Clone & Install" Tails to USB drive "install"
+ And I "Install by cloning" Tails to USB drive "install"
Then the running Tails is installed on USB drive "install"
But there is no persistence partition on USB drive "install"
@@ -65,7 +65,7 @@ Feature: Installing Tails to a USB drive
And I temporarily create a 4 GiB disk named "mbr"
And I create a msdos label on disk "mbr"
And I plug USB drive "mbr"
- And I "Clone & Install" Tails to USB drive "mbr"
+ And I "Install by cloning" Tails to USB drive "mbr"
Then the running Tails is installed on USB drive "mbr"
But there is no persistence partition on USB drive "mbr"
When I shutdown Tails and wait for the computer to power off
@@ -74,18 +74,18 @@ Feature: Installing Tails to a USB drive
And the boot device has safe access rights
And there is no persistence partition on USB drive "mbr"
- Scenario: Cat:ing a Tails isohybrid to a USB drive and booting it, then trying to upgrading it but ending up having to do a fresh installation, which boots
+ Scenario: Writing a Tails isohybrid to a USB drive and booting it, then trying to upgrading it but ending up having to do a fresh installation, which boots
Given a computer
And I temporarily create a 4 GiB disk named "isohybrid"
- And I cat an ISO of the Tails image to disk "isohybrid"
+ And I write the Tails ISO image to disk "isohybrid"
And I start Tails from USB drive "isohybrid" with network unplugged and I login
Then Tails is running from USB drive "isohybrid"
When I shutdown Tails and wait for the computer to power off
And I start Tails from DVD with network unplugged and I login
- And I try a "Clone & Upgrade" Tails to USB drive "isohybrid"
- Then I am suggested to do a "Clone & Install"
+ And I fail to "Upgrade by cloning" Tails to USB drive "isohybrid"
+ Then I am suggested to do a "Install by cloning"
When I kill the process "tails-installer"
- And I "Clone & Install" Tails to USB drive "isohybrid"
+ And I "Install by cloning" Tails to USB drive "isohybrid"
Then the running Tails is installed on USB drive "isohybrid"
But there is no persistence partition on USB drive "isohybrid"
When I shutdown Tails and wait for the computer to power off
diff --git a/features/usb_upgrade.feature b/features/usb_upgrade.feature
index 33cc0da..fb2e3c7 100644
--- a/features/usb_upgrade.feature
+++ b/features/usb_upgrade.feature
@@ -15,17 +15,15 @@ Feature: Upgrading an old Tails USB installation
And I plug and mount a USB drive containing the Tails ISO
And I temporarily create a 4 GiB disk named "pristine"
And I plug USB drive "pristine"
- And I start Tails Installer in "Upgrade from ISO" mode
- Then a suitable USB device is not found
- And I am told that the destination device cannot be upgraded
+ When I start Tails Installer in "Upgrade from ISO" mode
+ Then I am told that the destination device cannot be upgraded
- Scenario: Try to "Clone & Upgrade" Tails to a pristine USB drive
+ Scenario: Try to "Upgrade by cloning" Tails to a pristine USB drive
Given I have started Tails from DVD without network and logged in
And I temporarily create a 4 GiB disk named "pristine"
And I plug USB drive "pristine"
- And I start Tails Installer in "Clone & Upgrade" mode
- Then a suitable USB device is not found
- And I am told that the destination device cannot be upgraded
+ When I start Tails Installer in "Upgrade by cloning" mode
+ Then I am told that the destination device cannot be upgraded
Scenario: Try to "Upgrade from ISO" Tails to a USB drive with GPT and a FAT partition
Given I have started Tails from DVD without network and logged in
@@ -33,18 +31,16 @@ Feature: Upgrading an old Tails USB installation
And I temporarily create a 4 GiB disk named "gptfat"
And I create a gpt partition with a vfat filesystem on disk "gptfat"
And I plug USB drive "gptfat"
- And I start Tails Installer in "Upgrade from ISO" mode
- Then a suitable USB device is not found
- And I am told that the destination device cannot be upgraded
+ When I start Tails Installer in "Upgrade from ISO" mode
+ Then I am told that the destination device cannot be upgraded
- Scenario: Try to "Clone & Upgrade" Tails to a USB drive with GPT and a FAT partition
+ Scenario: Try to "Upgrade by cloning" Tails to a USB drive with GPT and a FAT partition
Given I have started Tails from DVD without network and logged in
And I temporarily create a 4 GiB disk named "gptfat"
And I create a gpt partition with a vfat filesystem on disk "gptfat"
And I plug USB drive "gptfat"
- And I start Tails Installer in "Clone & Upgrade" mode
- Then a suitable USB device is not found
- And I am told that the destination device cannot be upgraded
+ When I start Tails Installer in "Upgrade by cloning" mode
+ Then I am told that the destination device cannot be upgraded
Scenario: Installing an old version of Tails to a pristine USB drive
Given a computer
@@ -56,7 +52,7 @@ Feature: Upgrading an old Tails USB installation
And all notifications have disappeared
And I create a 4 GiB disk named "old"
And I plug USB drive "old"
- And I "Clone & Install" Tails to USB drive "old"
+ When I "Install by cloning" Tails to USB drive "old"
Then the running Tails is installed on USB drive "old"
But there is no persistence partition on USB drive "old"
And I unplug USB drive "old"
@@ -77,7 +73,7 @@ Feature: Upgrading an old Tails USB installation
And I start Tails from USB drive "old" with network unplugged and I login with persistence enabled
Then Tails is running from USB drive "old"
And all persistence presets are enabled
- And I write some files expected to persist
+ When I write some files expected to persist
And all persistent filesystems have safe access rights
And all persistence configuration files have safe access rights
And all persistent directories from the old Tails version have safe access rights
@@ -91,7 +87,7 @@ Feature: Upgrading an old Tails USB installation
Given I have started Tails from DVD without network and logged in
And I clone USB drive "old" to a new USB drive "to_upgrade"
And I plug USB drive "to_upgrade"
- When I "Clone & Upgrade" Tails to USB drive "to_upgrade"
+ When I "Upgrade by cloning" Tails to USB drive "to_upgrade"
Then the running Tails is installed on USB drive "to_upgrade"
And I unplug USB drive "to_upgrade"
@@ -111,7 +107,7 @@ Feature: Upgrading an old Tails USB installation
And I log in to a new session
And I clone USB drive "old" to a new USB drive "to_upgrade"
And I plug USB drive "to_upgrade"
- When I "Clone & Upgrade" Tails to USB drive "to_upgrade"
+ When I "Upgrade by cloning" Tails to USB drive "to_upgrade"
Then the running Tails is installed on USB drive "to_upgrade"
And I unplug USB drive "to_upgrade"
And I unplug USB drive "__internal"
@@ -171,8 +167,10 @@ Feature: Upgrading an old Tails USB installation
Then Tails is running version 1.1~test
And all persistence presets are enabled
And the file system changes introduced in version 1.1~test are present
+ # Our IUK sets a release date that can make Tor bootstrapping impossible
+ Given Tails system time is magically synchronized
When the network is plugged
- And the network connection is ready within 30 seconds
+ And Tor is ready
And all notifications have disappeared
# Regression test on #8158 (i.e. the IUK's filesystem is not part of the Unsafe Browser's chroot)
And I successfully start the Unsafe Browser
diff --git a/features/virtualization.feature b/features/virtualization.feature
index 38a4e80..28b8a33 100644
--- a/features/virtualization.feature
+++ b/features/virtualization.feature
@@ -3,7 +3,5 @@ Feature: Virtualization support
Scenario: VirtualBox guest modules are available
Given a computer
- And the computer is an old pentium without the PAE extension
- And I start Tails from DVD with network unplugged and I login
- When Tails has booted a 32-bit kernel
+ When I start Tails from DVD with network unplugged and I login
Then the VirtualBox guest modules are available
diff --git a/po/POTFILES.in b/po/POTFILES.in
index e26adaa..7df5420 100644
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -4,7 +4,6 @@ tmp/pot/config.py.pot
tmp/pot/electrum.pot
tmp/pot/icedove.pot
tmp/pot/shutdown-helper-extension.js.pot
-tmp/pot/tails-32-bit-notify-user.pot
tmp/pot/tails-about.pot
tmp/pot/tails-additional-software.pot
tmp/pot/tails-htp-notify-user.pot
diff --git a/po/ar.po b/po/ar.po
index ebdf819..2bdfffb 100644
--- a/po/ar.po
+++ b/po/ar.po
@@ -19,7 +19,7 @@ msgid ""
msgstr ""
"Project-Id-Version: The Tor Project\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2017-04-06 21:07+0200\n"
+"POT-Creation-Date: 2017-03-19 12:16+0100\n"
"PO-Revision-Date: 2014-12-05 17:21+0000\n"
"Last-Translator: Osama M. Mneina <o.mneina@gmail.com>\n"
"Language-Team: Arabic (http://www.transifex.com/projects/p/torproject/"
@@ -121,20 +121,6 @@ msgstr ""
msgid "Power Off"
msgstr "إيقاف التشغيل"
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:59
-msgid "Warning: Tails 3.0 won't work on this computer!"
-msgstr ""
-
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:60
-msgid "Tails 3.0 will require a 64-bit processor."
-msgstr ""
-
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:63
-#: config/chroot_local-includes/usr/local/lib/tails-virt-notify-user:83
-#, fuzzy
-msgid "Learn more"
-msgstr "إطلع أكثر حول Tails"
-
#: config/chroot_local-includes/usr/local/bin/tails-about:22
#: ../config/chroot_local-includes/usr/share/desktop-directories/Tails.directory.in.h:1
msgid "Tails"
@@ -300,6 +286,11 @@ msgstr ""
"كلا من نظام التشغيل المستضيف وبرنامج تشغيل البيئة الافتراضية قادرين على "
"معرفة ما تفعله في تايلز."
+#: config/chroot_local-includes/usr/local/lib/tails-virt-notify-user:83
+#, fuzzy
+msgid "Learn more"
+msgstr "إطلع أكثر حول Tails"
+
#: config/chroot_local-includes/usr/local/bin/tor-browser:43
msgid "Tor is not ready"
msgstr "تور غير جاهز"
@@ -432,6 +423,48 @@ msgstr "متصفح غير آمن"
msgid "Tails specific tools"
msgstr "ادوات خاصة بتيلز"
+#~ msgid "I2P failed to start"
+#~ msgstr "I2P فشل في بدء التشغيل"
+
+#~ msgid ""
+#~ "Something went wrong when I2P was starting. Check the logs in /var/log/"
+#~ "i2p for more information."
+#~ msgstr ""
+#~ "حدث خطأ ما خلال تشغيل I2P. افحص السجلات الموجودة في /var/log/i2p للمزيد "
+#~ "من المعلومات."
+
+#~ msgid "I2P's router console is ready"
+#~ msgstr "إن طرفية موجِّه I2P جاهزة"
+
+#, fuzzy
+#~ msgid "You can now access I2P's router console in the I2P Browser."
+#~ msgstr "يمكنك الوصول إلى طرفية موِّجه I2P عبر http://127.0.0.1:7657"
+
+#~ msgid "I2P is not ready"
+#~ msgstr "I2P غير جاهز"
+
+#, fuzzy
+#~ msgid ""
+#~ "Eepsite tunnel not built within six minutes. Check the router console in "
+#~ "the I2P Browser or the logs in /var/log/i2p for more information. "
+#~ "Reconnect to the network to try again."
+#~ msgstr ""
+#~ "ايبسايت Eepsite لم يُبنى خلال ستّة دقائق. للمزيد من المعلومات, الرجاء "
+#~ "التحقق من نافذة الموجّه على http://127.0.0.1:7657/logs أو من خلال اللوائح "
+#~ "في /var/log/i2p. الرجاء معاودة الاتصال بالشبكة للمحاولة مرة أخرى."
+
+#~ msgid "I2P is ready"
+#~ msgstr "I2P جاهز"
+
+#~ msgid "You can now access services on I2P."
+#~ msgstr "يمكن الوصول إلى الخدمات عبر I2P."
+
+#~ msgid "Anonymous overlay network browser"
+#~ msgstr "متصفح مخفي لشبكة طبقية "
+
+#~ msgid "I2P Browser"
+#~ msgstr "متصفح I2P"
+
#~ msgid "OpenPGP encryption applet"
#~ msgstr "إضافة OpenPGP للتشفير"
@@ -594,46 +627,6 @@ msgstr "ادوات خاصة بتيلز"
#~ "<a href='file:///usr/share/doc/tails/website/doc/advanced_topics/"
#~ "virtualization.en.html'> لمعرفة المزيد...</a>"
-#~ msgid "I2P failed to start"
-#~ msgstr "I2P فشل في بدء التشغيل"
-
-#~ msgid ""
-#~ "Something went wrong when I2P was starting. Check the logs in /var/log/"
-#~ "i2p for more information."
-#~ msgstr ""
-#~ "حدث خطأ ما خلال تشغيل I2P. افحص السجلات الموجودة في /var/log/i2p للمزيد "
-#~ "من المعلومات."
-
-#~ msgid "I2P's router console is ready"
-#~ msgstr "إن طرفية موجِّه I2P جاهزة"
-
-#~ msgid "You can now access I2P's router console on http://127.0.0.1:7657."
-#~ msgstr "يمكنك الوصول إلى طرفية موِّجه I2P عبر http://127.0.0.1:7657"
-
-#~ msgid "I2P is not ready"
-#~ msgstr "I2P غير جاهز"
-
-#~ msgid ""
-#~ "Eepsite tunnel not built within six minutes. Check the router console at "
-#~ "http://127.0.0.1:7657/logs or the logs in /var/log/i2p for more "
-#~ "information. Reconnect to the network to try again."
-#~ msgstr ""
-#~ "ايبسايت Eepsite لم يُبنى خلال ستّة دقائق. للمزيد من المعلومات, الرجاء "
-#~ "التحقق من نافذة الموجّه على http://127.0.0.1:7657/logs أو من خلال اللوائح "
-#~ "في /var/log/i2p. الرجاء معاودة الاتصال بالشبكة للمحاولة مرة أخرى."
-
-#~ msgid "I2P is ready"
-#~ msgstr "I2P جاهز"
-
-#~ msgid "You can now access services on I2P."
-#~ msgstr "يمكن الوصول إلى الخدمات عبر I2P."
-
-#~ msgid "Anonymous overlay network browser"
-#~ msgstr "متصفح مخفي لشبكة طبقية "
-
-#~ msgid "I2P Browser"
-#~ msgstr "متصفح I2P"
-
#~ msgid "Reboot"
#~ msgstr "إعادة التشغيل"
diff --git a/po/az.po b/po/az.po
index 2b0956d..ac7e394 100644
--- a/po/az.po
+++ b/po/az.po
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: The Tor Project\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2017-04-06 21:07+0200\n"
+"POT-Creation-Date: 2017-03-19 12:16+0100\n"
"PO-Revision-Date: 2014-12-30 17:30+0000\n"
"Last-Translator: E <ehuseynzade@gmail.com>\n"
"Language-Team: Azerbaijani (http://www.transifex.com/projects/p/torproject/"
@@ -114,20 +114,6 @@ msgstr ""
msgid "Power Off"
msgstr "Söndür"
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:59
-msgid "Warning: Tails 3.0 won't work on this computer!"
-msgstr ""
-
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:60
-msgid "Tails 3.0 will require a 64-bit processor."
-msgstr ""
-
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:63
-#: config/chroot_local-includes/usr/local/lib/tails-virt-notify-user:83
-#, fuzzy
-msgid "Learn more"
-msgstr "Tails haqqında daha ətraflı öyrən"
-
#: config/chroot_local-includes/usr/local/bin/tails-about:22
#: ../config/chroot_local-includes/usr/share/desktop-directories/Tails.directory.in.h:1
msgid "Tails"
@@ -295,6 +281,11 @@ msgstr ""
"Tails-də nə etdiyini host əməliyyatlar sistemi və virtualizasiya proqramı "
"görə bilir."
+#: config/chroot_local-includes/usr/local/lib/tails-virt-notify-user:83
+#, fuzzy
+msgid "Learn more"
+msgstr "Tails haqqında daha ətraflı öyrən"
+
#: config/chroot_local-includes/usr/local/bin/tor-browser:43
msgid "Tor is not ready"
msgstr "Tor hazır deyil"
@@ -428,6 +419,50 @@ msgstr "Təhlükəli Veb Brauzer"
msgid "Tails specific tools"
msgstr "Tails-in xüsusi quraşdırmaları"
+#~ msgid "I2P failed to start"
+#~ msgstr "I2P başlaya bilmədi"
+
+#~ msgid ""
+#~ "Something went wrong when I2P was starting. Check the logs in /var/log/"
+#~ "i2p for more information."
+#~ msgstr ""
+#~ "I2P başlayan zaman nə isə səhv oldu. Daha çox məlumat üçün /var/log/i2p "
+#~ "yazılarını oxu."
+
+#~ msgid "I2P's router console is ready"
+#~ msgstr "I2P istiqamətləndirici konsol hazırdır"
+
+#, fuzzy
+#~ msgid "You can now access I2P's router console in the I2P Browser."
+#~ msgstr ""
+#~ "İndi I2O istiqamətləndirici konsoluna burada baxa bilərsən: "
+#~ "http://127.0.0.1:7657"
+
+#~ msgid "I2P is not ready"
+#~ msgstr "I2P hazır deyil"
+
+#, fuzzy
+#~ msgid ""
+#~ "Eepsite tunnel not built within six minutes. Check the router console in "
+#~ "the I2P Browser or the logs in /var/log/i2p for more information. "
+#~ "Reconnect to the network to try again."
+#~ msgstr ""
+#~ "Eepsite tuneli altı dəqiqədə qurulmur. İstiqamətləndirici konsola "
+#~ "http://127.0.0.1:7657/logs linkində, daha ətraflı məlumata isə /var/log/"
+#~ "i2p girişində baxa bilərsən. Şəbəkəyə yenidən qoşul və yenidən sına."
+
+#~ msgid "I2P is ready"
+#~ msgstr "I2P hazırdır"
+
+#~ msgid "You can now access services on I2P."
+#~ msgstr "İndi I2P xidmətlərinə daxil ola bilərsən."
+
+#~ msgid "Anonymous overlay network browser"
+#~ msgstr "Anonim şəbəkə brauzer örtüyü"
+
+#~ msgid "I2P Browser"
+#~ msgstr "I2P Brauzeri"
+
#~ msgid "OpenPGP encryption applet"
#~ msgstr "OpenPGP şifrələnmə apleti"
@@ -581,48 +616,6 @@ msgstr "Tails-in xüsusi quraşdırmaları"
#~ "<a href='file:///usr/share/doc/tails/website/doc/advanced_topics/"
#~ "virtualization.en.html'>Daha ətraflı...</a>"
-#~ msgid "I2P failed to start"
-#~ msgstr "I2P başlaya bilmədi"
-
-#~ msgid ""
-#~ "Something went wrong when I2P was starting. Check the logs in /var/log/"
-#~ "i2p for more information."
-#~ msgstr ""
-#~ "I2P başlayan zaman nə isə səhv oldu. Daha çox məlumat üçün /var/log/i2p "
-#~ "yazılarını oxu."
-
-#~ msgid "I2P's router console is ready"
-#~ msgstr "I2P istiqamətləndirici konsol hazırdır"
-
-#~ msgid "You can now access I2P's router console on http://127.0.0.1:7657."
-#~ msgstr ""
-#~ "İndi I2O istiqamətləndirici konsoluna burada baxa bilərsən: "
-#~ "http://127.0.0.1:7657"
-
-#~ msgid "I2P is not ready"
-#~ msgstr "I2P hazır deyil"
-
-#~ msgid ""
-#~ "Eepsite tunnel not built within six minutes. Check the router console at "
-#~ "http://127.0.0.1:7657/logs or the logs in /var/log/i2p for more "
-#~ "information. Reconnect to the network to try again."
-#~ msgstr ""
-#~ "Eepsite tuneli altı dəqiqədə qurulmur. İstiqamətləndirici konsola "
-#~ "http://127.0.0.1:7657/logs linkində, daha ətraflı məlumata isə /var/log/"
-#~ "i2p girişində baxa bilərsən. Şəbəkəyə yenidən qoşul və yenidən sına."
-
-#~ msgid "I2P is ready"
-#~ msgstr "I2P hazırdır"
-
-#~ msgid "You can now access services on I2P."
-#~ msgstr "İndi I2P xidmətlərinə daxil ola bilərsən."
-
-#~ msgid "Anonymous overlay network browser"
-#~ msgstr "Anonim şəbəkə brauzer örtüyü"
-
-#~ msgid "I2P Browser"
-#~ msgstr "I2P Brauzeri"
-
#~ msgid "Reboot"
#~ msgstr "Yenidən başlat"
diff --git a/po/bg.po b/po/bg.po
index 8ccf245..89fc582 100644
--- a/po/bg.po
+++ b/po/bg.po
@@ -7,7 +7,6 @@
# Gabriel Radev <gabosss@gmail.com>, 2015
# iliev.mb <iliev.mb@gmail.com>, 2015
# Ivaylo Markov <ivaylo.markov@openmailbox.org>, 2015
-# Ivo, 2017
# Kaloyan Nikolov <kotipuka01@gmail.com>, 2016
# 4Joy <kiril.banialiev@gmail.com>, 2015
# alexdimitrov <kvikmen@gmail.com>, 2013
@@ -18,8 +17,8 @@ msgid ""
msgstr ""
"Project-Id-Version: The Tor Project\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2017-04-06 21:07+0200\n"
-"PO-Revision-Date: 2017-04-07 10:06+0000\n"
+"POT-Creation-Date: 2017-03-19 12:16+0100\n"
+"PO-Revision-Date: 2016-09-03 08:57+0000\n"
"Last-Translator: carolyn <carolyn@anhalt.org>\n"
"Language-Team: Bulgarian (http://www.transifex.com/otf/torproject/language/"
"bg/)\n"
@@ -135,19 +134,6 @@ msgstr "Рестарт"
msgid "Power Off"
msgstr "Изключване"
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:59
-msgid "Warning: Tails 3.0 won't work on this computer!"
-msgstr "Предупреждение: Tails 3.0 няма да работи на този компютър!"
-
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:60
-msgid "Tails 3.0 will require a 64-bit processor."
-msgstr "Tails 3.0 ще изисква 64-битов процесор."
-
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:63
-#: config/chroot_local-includes/usr/local/lib/tails-virt-notify-user:83
-msgid "Learn more"
-msgstr "Научете повече"
-
#: config/chroot_local-includes/usr/local/bin/tails-about:22
#: ../config/chroot_local-includes/usr/share/desktop-directories/Tails.directory.in.h:1
msgid "Tails"
@@ -312,6 +298,10 @@ msgstr ""
"надежден, както за операционната система домакин така и за софтуера за "
"виртуализация."
+#: config/chroot_local-includes/usr/local/lib/tails-virt-notify-user:83
+msgid "Learn more"
+msgstr "Научете повече"
+
#: config/chroot_local-includes/usr/local/bin/tor-browser:43
msgid "Tor is not ready"
msgstr "Tor не е готов"
@@ -442,3 +432,43 @@ msgstr "Несигурен Уеб Браузър"
#: ../config/chroot_local-includes/usr/share/desktop-directories/Tails.directory.in.h:2
msgid "Tails specific tools"
msgstr "Специфични за Tails инструменти"
+
+#~ msgid "I2P failed to start"
+#~ msgstr "I2P не можа да се стартира"
+
+#~ msgid ""
+#~ "Something went wrong when I2P was starting. Check the logs in /var/log/"
+#~ "i2p for more information."
+#~ msgstr ""
+#~ "Нещо се обърка, докато I2P стартираше. Проверете логовете в /var/log/i2p "
+#~ "за повече информация."
+
+#~ msgid "I2P's router console is ready"
+#~ msgstr "Терминалът на I2P рутера е готов"
+
+#~ msgid "You can now access I2P's router console in the I2P Browser."
+#~ msgstr "Вече имате достъп до I2P рутера на I2P браузера."
+
+#~ msgid "I2P is not ready"
+#~ msgstr "I2P не е готово"
+
+#~ msgid ""
+#~ "Eepsite tunnel not built within six minutes. Check the router console in "
+#~ "the I2P Browser or the logs in /var/log/i2p for more information. "
+#~ "Reconnect to the network to try again."
+#~ msgstr ""
+#~ "Ееп-тунела на сайта ще е готов за повече от 6 минути. Проверете конзолата "
+#~ "на рутера в I2P браузъра или влезте в /var/log/i2p за повече информация. "
+#~ "Свържете се наново с мрежата и опитайте отново."
+
+#~ msgid "I2P is ready"
+#~ msgstr "I2P е готово"
+
+#~ msgid "You can now access services on I2P."
+#~ msgstr "Сега може да използвате услуги през I2P"
+
+#~ msgid "Anonymous overlay network browser"
+#~ msgstr "Aнонимно наслагване на мрежовия браузър"
+
+#~ msgid "I2P Browser"
+#~ msgstr "I2P браузър"
diff --git a/po/ca.po b/po/ca.po
index 6bcb139..65f247f 100644
--- a/po/ca.po
+++ b/po/ca.po
@@ -13,7 +13,7 @@ msgid ""
msgstr ""
"Project-Id-Version: The Tor Project\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2017-04-06 21:07+0200\n"
+"POT-Creation-Date: 2017-03-19 12:16+0100\n"
"PO-Revision-Date: 2016-09-03 08:57+0000\n"
"Last-Translator: carolyn <carolyn@anhalt.org>\n"
"Language-Team: Catalan (http://www.transifex.com/otf/torproject/language/"
@@ -131,19 +131,6 @@ msgstr "Reinicia"
msgid "Power Off"
msgstr "Apaga"
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:59
-msgid "Warning: Tails 3.0 won't work on this computer!"
-msgstr ""
-
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:60
-msgid "Tails 3.0 will require a 64-bit processor."
-msgstr ""
-
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:63
-#: config/chroot_local-includes/usr/local/lib/tails-virt-notify-user:83
-msgid "Learn more"
-msgstr "Apreneu-ne més"
-
#: config/chroot_local-includes/usr/local/bin/tails-about:22
#: ../config/chroot_local-includes/usr/share/desktop-directories/Tails.directory.in.h:1
msgid "Tails"
@@ -311,6 +298,10 @@ msgstr ""
"considerat de confiança, tant pel sistema operatiu com per al programari de "
"virtualització."
+#: config/chroot_local-includes/usr/local/lib/tails-virt-notify-user:83
+msgid "Learn more"
+msgstr "Apreneu-ne més"
+
#: config/chroot_local-includes/usr/local/bin/tor-browser:43
msgid "Tor is not ready"
msgstr "El Tor no està preparat"
diff --git a/po/cs.po b/po/cs.po
index 4a3c049..5cf32f3 100644
--- a/po/cs.po
+++ b/po/cs.po
@@ -15,7 +15,7 @@ msgid ""
msgstr ""
"Project-Id-Version: The Tor Project\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2017-04-06 21:07+0200\n"
+"POT-Creation-Date: 2017-03-19 12:16+0100\n"
"PO-Revision-Date: 2015-08-28 07:47+0000\n"
"Last-Translator: Vlastimil Burián <burian.vlastimil2@gmail.com>\n"
"Language-Team: Czech (http://www.transifex.com/otf/torproject/language/cs/)\n"
@@ -122,20 +122,6 @@ msgstr ""
msgid "Power Off"
msgstr "Vypnout"
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:59
-msgid "Warning: Tails 3.0 won't work on this computer!"
-msgstr ""
-
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:60
-msgid "Tails 3.0 will require a 64-bit processor."
-msgstr ""
-
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:63
-#: config/chroot_local-includes/usr/local/lib/tails-virt-notify-user:83
-#, fuzzy
-msgid "Learn more"
-msgstr "Zjistěte více o Tails"
-
#: config/chroot_local-includes/usr/local/bin/tails-about:22
#: ../config/chroot_local-includes/usr/share/desktop-directories/Tails.directory.in.h:1
msgid "Tails"
@@ -304,6 +290,11 @@ msgstr ""
"Jak hostitelský operační systém tak virtualizační software je schopen "
"sledovat, co děláte v Tails."
+#: config/chroot_local-includes/usr/local/lib/tails-virt-notify-user:83
+#, fuzzy
+msgid "Learn more"
+msgstr "Zjistěte více o Tails"
+
#: config/chroot_local-includes/usr/local/bin/tor-browser:43
msgid "Tor is not ready"
msgstr "Tor není připraven"
@@ -437,6 +428,50 @@ msgstr "Nebezpečný webový prohlížeč"
msgid "Tails specific tools"
msgstr "Specifické nástroje Tails"
+#~ msgid "I2P failed to start"
+#~ msgstr "I2P se nepodařilo spustit"
+
+#~ msgid ""
+#~ "Something went wrong when I2P was starting. Check the logs in /var/log/"
+#~ "i2p for more information."
+#~ msgstr ""
+#~ "Něco se pokazilo při startu I2P. Zkontrolujte záznamy ve /var/log/i2p pro "
+#~ "více informací."
+
+#~ msgid "I2P's router console is ready"
+#~ msgstr "I2P konzole routeru je připravena."
+
+#, fuzzy
+#~ msgid "You can now access I2P's router console in the I2P Browser."
+#~ msgstr ""
+#~ "Nyní se můžete připojit k I2P konzoli routeru na http://127.0.0.1:7657."
+
+#~ msgid "I2P is not ready"
+#~ msgstr "I2P není připraveno."
+
+#, fuzzy
+#~ msgid ""
+#~ "Eepsite tunnel not built within six minutes. Check the router console in "
+#~ "the I2P Browser or the logs in /var/log/i2p for more information. "
+#~ "Reconnect to the network to try again."
+#~ msgstr ""
+#~ "Eepsite tunel nebyl vybudován během šesti minut. Zkontrolujte konzoli "
+#~ "routeru na http://127.0.0.1:7657/logs nebo zkontrolujte záznamy ve /var/"
+#~ "log/i2p pro více informací. Znovu se připojte k síti a zkuste to prosím "
+#~ "znovu."
+
+#~ msgid "I2P is ready"
+#~ msgstr "I2P je připraveno"
+
+#~ msgid "You can now access services on I2P."
+#~ msgstr "Nyní se můžete připojit ke službám na I2P."
+
+#~ msgid "Anonymous overlay network browser"
+#~ msgstr "Anonymní překrytí síťového prohlížeče"
+
+#~ msgid "I2P Browser"
+#~ msgstr "I2P Prohlížeč"
+
#~ msgid "OpenPGP encryption applet"
#~ msgstr "OpenPGP šifrovací applet"
@@ -593,48 +628,6 @@ msgstr "Specifické nástroje Tails"
#~ "<a href='file:///usr/share/doc/tails/website/doc/advanced_topics/"
#~ "virtualization.en.html#security'>Více zde...</a>"
-#~ msgid "I2P failed to start"
-#~ msgstr "I2P se nepodařilo spustit"
-
-#~ msgid ""
-#~ "Something went wrong when I2P was starting. Check the logs in /var/log/"
-#~ "i2p for more information."
-#~ msgstr ""
-#~ "Něco se pokazilo při startu I2P. Zkontrolujte záznamy ve /var/log/i2p pro "
-#~ "více informací."
-
-#~ msgid "I2P's router console is ready"
-#~ msgstr "I2P konzole routeru je připravena."
-
-#~ msgid "You can now access I2P's router console on http://127.0.0.1:7657."
-#~ msgstr ""
-#~ "Nyní se můžete připojit k I2P konzoli routeru na http://127.0.0.1:7657."
-
-#~ msgid "I2P is not ready"
-#~ msgstr "I2P není připraveno."
-
-#~ msgid ""
-#~ "Eepsite tunnel not built within six minutes. Check the router console at "
-#~ "http://127.0.0.1:7657/logs or the logs in /var/log/i2p for more "
-#~ "information. Reconnect to the network to try again."
-#~ msgstr ""
-#~ "Eepsite tunel nebyl vybudován během šesti minut. Zkontrolujte konzoli "
-#~ "routeru na http://127.0.0.1:7657/logs nebo zkontrolujte záznamy ve /var/"
-#~ "log/i2p pro více informací. Znovu se připojte k síti a zkuste to prosím "
-#~ "znovu."
-
-#~ msgid "I2P is ready"
-#~ msgstr "I2P je připraveno"
-
-#~ msgid "You can now access services on I2P."
-#~ msgstr "Nyní se můžete připojit ke službám na I2P."
-
-#~ msgid "Anonymous overlay network browser"
-#~ msgstr "Anonymní překrytí síťového prohlížeče"
-
-#~ msgid "I2P Browser"
-#~ msgstr "I2P Prohlížeč"
-
#~ msgid "Reboot"
#~ msgstr "Restartovat"
diff --git a/po/cy.po b/po/cy.po
index 1df140c..fbf49fd 100644
--- a/po/cy.po
+++ b/po/cy.po
@@ -9,7 +9,7 @@ msgid ""
msgstr ""
"Project-Id-Version: The Tor Project\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2017-04-06 21:07+0200\n"
+"POT-Creation-Date: 2017-03-19 12:16+0100\n"
"PO-Revision-Date: 2014-04-30 09:10+0000\n"
"Last-Translator: runasand <runa.sandvik@gmail.com>\n"
"Language-Team: Welsh (http://www.transifex.com/projects/p/torproject/"
@@ -115,19 +115,6 @@ msgstr ""
msgid "Power Off"
msgstr "Pŵer bant"
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:59
-msgid "Warning: Tails 3.0 won't work on this computer!"
-msgstr ""
-
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:60
-msgid "Tails 3.0 will require a 64-bit processor."
-msgstr ""
-
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:63
-#: config/chroot_local-includes/usr/local/lib/tails-virt-notify-user:83
-msgid "Learn more"
-msgstr ""
-
#: config/chroot_local-includes/usr/local/bin/tails-about:22
#: ../config/chroot_local-includes/usr/share/desktop-directories/Tails.directory.in.h:1
msgid "Tails"
@@ -296,6 +283,10 @@ msgstr ""
"Gall y system weithredu a'r meddalwedd rhithwir gallu monitro beth yr ydych "
"yn gwneud yn Tails."
+#: config/chroot_local-includes/usr/local/lib/tails-virt-notify-user:83
+msgid "Learn more"
+msgstr ""
+
#: config/chroot_local-includes/usr/local/bin/tor-browser:43
msgid "Tor is not ready"
msgstr "Nid yw Tor yn barod"
@@ -435,6 +426,45 @@ msgstr "Porwr We anniogel"
msgid "Tails specific tools"
msgstr "Teclynau penodol Tails"
+#~ msgid "I2P failed to start"
+#~ msgstr "Methu dechrau I2P"
+
+#, fuzzy
+#~ msgid ""
+#~ "Something went wrong when I2P was starting. Check the logs in /var/log/"
+#~ "i2p for more information."
+#~ msgstr ""
+#~ "Wnaeth rhywbeth mynd yn anghywir pan roedd I2P yn llwytho. Am fwy o "
+#~ "wybodaeth, edrychwch yn y cofnodau yn yr gyfeiriadur hon:"
+
+#, fuzzy
+#~ msgid "I2P's router console is ready"
+#~ msgstr "Bydd consol llwybrydd I2P yn agor wrth llwythi."
+
+#, fuzzy
+#~ msgid "You can now access I2P's router console in the I2P Browser."
+#~ msgstr "Yn awr, gallwch cysylltu a'r We."
+
+#, fuzzy
+#~ msgid "I2P is not ready"
+#~ msgstr "Nid yw Tor yn barod"
+
+#, fuzzy
+#~ msgid "I2P is ready"
+#~ msgstr "Mae Tor yn barod"
+
+#, fuzzy
+#~ msgid "You can now access services on I2P."
+#~ msgstr "Yn awr, gallwch cysylltu a'r We."
+
+#, fuzzy
+#~ msgid "Anonymous overlay network browser"
+#~ msgstr "Rhwydwaith troshaen anhysbys"
+
+#, fuzzy
+#~ msgid "I2P Browser"
+#~ msgstr "Porwr anniogel"
+
#~ msgid "OpenPGP encryption applet"
#~ msgstr "Rhaglennig amgryptio OpenPGP"
@@ -590,12 +620,6 @@ msgstr "Teclynau penodol Tails"
#~ msgid "Starting I2P..."
#~ msgstr "Yn dechrau I2P..."
-#~ msgid "The I2P router console will be opened on start."
-#~ msgstr "Bydd consol llwybrydd I2P yn agor wrth llwythi."
-
-#~ msgid "I2P failed to start"
-#~ msgstr "Methu dechrau I2P"
-
#~ msgid ""
#~ "Make sure that you have a working Internet connection, then try to start "
#~ "I2P again."
@@ -604,13 +628,6 @@ msgstr "Teclynau penodol Tails"
#~ "triwch dechrau I2P eto."
#~ msgid ""
-#~ "Something went wrong when I2P was starting. Look in the logs in the "
-#~ "following directory for more information:"
-#~ msgstr ""
-#~ "Wnaeth rhywbeth mynd yn anghywir pan roedd I2P yn llwytho. Am fwy o "
-#~ "wybodaeth, edrychwch yn y cofnodau yn yr gyfeiriadur hon:"
-
-#~ msgid ""
#~ "<a href='file:///usr/share/doc/tails/website/doc/advanced_topics/"
#~ "virtualization.en.html'>Learn more...</a>"
#~ msgstr ""
@@ -627,9 +644,6 @@ msgstr "Teclynau penodol Tails"
#~ "Bydd Tails yn cael gwared o TrueCrypt yn fuan oherwydd pryderon "
#~ "datblygiadwy ac trwydded."
-#~ msgid "Anonymous overlay network "
-#~ msgstr "Rhwydwaith troshaen anhysbys"
-
#~ msgid "i2p"
#~ msgstr "i2p"
diff --git a/po/da.po b/po/da.po
index ed479d9..0762243 100644
--- a/po/da.po
+++ b/po/da.po
@@ -20,9 +20,9 @@ msgid ""
msgstr ""
"Project-Id-Version: The Tor Project\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2017-04-06 21:07+0200\n"
-"PO-Revision-Date: 2017-04-07 10:06+0000\n"
-"Last-Translator: carolyn <carolyn@anhalt.org>\n"
+"POT-Creation-Date: 2017-03-19 12:16+0100\n"
+"PO-Revision-Date: 2017-01-19 09:25+0000\n"
+"Last-Translator: scootergrisen\n"
"Language-Team: Danish (http://www.transifex.com/otf/torproject/language/"
"da/)\n"
"Language: da\n"
@@ -137,19 +137,6 @@ msgstr "Genstart"
msgid "Power Off"
msgstr "Luk ned"
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:59
-msgid "Warning: Tails 3.0 won't work on this computer!"
-msgstr "Advarsel: Tails 3.0 virker ikke på denne computer!"
-
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:60
-msgid "Tails 3.0 will require a 64-bit processor."
-msgstr "Tails 3.0 kræver en 64-bit processer."
-
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:63
-#: config/chroot_local-includes/usr/local/lib/tails-virt-notify-user:83
-msgid "Learn more"
-msgstr "Lær mere"
-
#: config/chroot_local-includes/usr/local/bin/tails-about:22
#: ../config/chroot_local-includes/usr/share/desktop-directories/Tails.directory.in.h:1
msgid "Tails"
@@ -314,6 +301,10 @@ msgstr ""
"værende troværdigt, både for værtsoperativsystemet og "
"virtualiseringssoftwaren."
+#: config/chroot_local-includes/usr/local/lib/tails-virt-notify-user:83
+msgid "Learn more"
+msgstr "Lær mere"
+
#: config/chroot_local-includes/usr/local/bin/tor-browser:43
msgid "Tor is not ready"
msgstr "Tor er ikke klar"
@@ -445,3 +436,44 @@ msgstr "Usikker webbrowser"
#: ../config/chroot_local-includes/usr/share/desktop-directories/Tails.directory.in.h:2
msgid "Tails specific tools"
msgstr "Tailsspecifikke værktøjer"
+
+#~ msgid "I2P failed to start"
+#~ msgstr "I2P kunne ikke starte"
+
+#~ msgid ""
+#~ "Something went wrong when I2P was starting. Check the logs in /var/log/"
+#~ "i2p for more information."
+#~ msgstr ""
+#~ "Noget gik galt mens I2P startede. Se logfilerne i /var/log/i2p for flere "
+#~ "detaljer."
+
+#~ msgid "I2P's router console is ready"
+#~ msgstr "I2Ps routerkonsol er klar"
+
+#~ msgid "You can now access I2P's router console in the I2P Browser."
+#~ msgstr "Du kan nu tilgå I2P's router konsol i I2P browseren."
+
+#~ msgid "I2P is not ready"
+#~ msgstr "I2P er ikke klar"
+
+#~ msgid ""
+#~ "Eepsite tunnel not built within six minutes. Check the router console in "
+#~ "the I2P Browser or the logs in /var/log/i2p for more information. "
+#~ "Reconnect to the network to try again."
+#~ msgstr ""
+#~ "Eepsite tunnellen kunne ikke etableres inden for seks minutter. "
+#~ "Kontroller router konsollen i I2P browsereneller logfilerne i /var/log/"
+#~ "i2p for yderligere information. Genetabler forbindelse til netværket for "
+#~ "at prøve igen."
+
+#~ msgid "I2P is ready"
+#~ msgstr "I2P er klar"
+
+#~ msgid "You can now access services on I2P."
+#~ msgstr "Du kan nu tilgå tjenester på I2P."
+
+#~ msgid "Anonymous overlay network browser"
+#~ msgstr "Anonym webbrowser"
+
+#~ msgid "I2P Browser"
+#~ msgstr "I2P-browser"
diff --git a/po/de.po b/po/de.po
index 5b6736c..bbc9c5e 100644
--- a/po/de.po
+++ b/po/de.po
@@ -4,19 +4,19 @@
#
# Translators:
# Andreas Demmelbauer, 2014
-# Christian Spaan, 2016
+# Christian Spaan <gyges@gmx.net>, 2016
# Claudia <claudianied@web.de>, 2015
# trantor <clucko3@gmail.com>, 2014
# DoKnGH26" 21 <dokngh2621@gmail.com>, 2015
# D P, 2015
# Ettore Atalan <atalanttore@googlemail.com>, 2014-2016
# gerhard <listmember@rinnberger.de>, 2013
-# Konstantin BB, 2015
+# konstibae, 2015
# Larson März <larson@protonmail.ch>, 2013
# Mario Baier <mario.baier26@gmx.de>, 2013
# Mart3000, 2015
# malexmave <inactive+malexmave@transifex.com>, 2014
-# max weber, 2015,2017
+# max weber, 2015
# Sandra R <drahtseilakt@live.com>, 2014
# Sebastian <sebix+transifex@sebix.at>, 2015
# spriver <spriver@autistici.org>, 2015
@@ -28,8 +28,8 @@ msgid ""
msgstr ""
"Project-Id-Version: The Tor Project\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2017-04-06 21:07+0200\n"
-"PO-Revision-Date: 2017-04-07 10:06+0000\n"
+"POT-Creation-Date: 2017-03-19 12:16+0100\n"
+"PO-Revision-Date: 2016-09-03 08:57+0000\n"
"Last-Translator: carolyn <carolyn@anhalt.org>\n"
"Language-Team: German (http://www.transifex.com/otf/torproject/language/"
"de/)\n"
@@ -145,19 +145,6 @@ msgstr "Neustart"
msgid "Power Off"
msgstr "Ausschalten"
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:59
-msgid "Warning: Tails 3.0 won't work on this computer!"
-msgstr "Warnung: Tails 3.0 wird auf diesem Computer nicht laufen!"
-
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:60
-msgid "Tails 3.0 will require a 64-bit processor."
-msgstr "Tails 3.0 benötigt einen 64-bit-Prozessor."
-
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:63
-#: config/chroot_local-includes/usr/local/lib/tails-virt-notify-user:83
-msgid "Learn more"
-msgstr "Mehr erfahren"
-
#: config/chroot_local-includes/usr/local/bin/tails-about:22
#: ../config/chroot_local-includes/usr/share/desktop-directories/Tails.directory.in.h:1
msgid "Tails"
@@ -328,6 +315,10 @@ msgstr ""
"für das Wirts-Betriebssystem als auch für die Virtualisierungs-Anwendung als "
"vertrauenswürdig gelten."
+#: config/chroot_local-includes/usr/local/lib/tails-virt-notify-user:83
+msgid "Learn more"
+msgstr "Mehr erfahren"
+
#: config/chroot_local-includes/usr/local/bin/tor-browser:43
msgid "Tor is not ready"
msgstr "Tor ist nicht bereit"
@@ -459,3 +450,44 @@ msgstr "Unsicherer Internet-Browser"
#: ../config/chroot_local-includes/usr/share/desktop-directories/Tails.directory.in.h:2
msgid "Tails specific tools"
msgstr "Tails-spezifische Werkzeuge"
+
+#~ msgid "I2P failed to start"
+#~ msgstr "I2P konnte nicht gestartet werden."
+
+#~ msgid ""
+#~ "Something went wrong when I2P was starting. Check the logs in /var/log/"
+#~ "i2p for more information."
+#~ msgstr ""
+#~ "Etwas ist beim Start von I2P schief gegangen. Überprüfen Sie die "
+#~ "Protokolle in var/log/i2p für weitere Informationen."
+
+#~ msgid "I2P's router console is ready"
+#~ msgstr "I2P-Routerkonsole ist bereit"
+
+#~ msgid "You can now access I2P's router console in the I2P Browser."
+#~ msgstr "Sie können nun auf die I2P-Routerkonsole im I2P-Browser zugreifen."
+
+#~ msgid "I2P is not ready"
+#~ msgstr "I2P ist nicht bereit"
+
+#~ msgid ""
+#~ "Eepsite tunnel not built within six minutes. Check the router console in "
+#~ "the I2P Browser or the logs in /var/log/i2p for more information. "
+#~ "Reconnect to the network to try again."
+#~ msgstr ""
+#~ "Der Eepsite-Tunnel wurde nicht innerhalb von sechs Minuten aufgebaut. "
+#~ "Überprüfen Sie die Routerkonsole im I2P-Browser oder die Protokolle in /"
+#~ "var/log/i2p für mehr Informationen. Verbinden Sie sich wieder mit dem "
+#~ "Netzwerk, um es erneut zu versuchen."
+
+#~ msgid "I2P is ready"
+#~ msgstr "I2P ist bereit"
+
+#~ msgid "You can now access services on I2P."
+#~ msgstr "Sie können nun auf I2P-Dienste zugreifen."
+
+#~ msgid "Anonymous overlay network browser"
+#~ msgstr "Anonymer, überlagernder Netzwerkbrowser"
+
+#~ msgid "I2P Browser"
+#~ msgstr "I2P-Browser"
diff --git a/po/el.po b/po/el.po
index ae0d838..e7bd6f0 100644
--- a/po/el.po
+++ b/po/el.po
@@ -3,7 +3,7 @@
# This file is distributed under the same license as the PACKAGE package.
#
# Translators:
-# Adrian Pappas <pappasadrian@gmail.com>, 2013,2015,2017
+# Adrian Pappas <pappasadrian@gmail.com>, 2013,2015
# Aikaterini Katmada, 2015
# Alex Calpos <alepro2015@outlook.com>, 2016
# Alex <hestia@riseup.net>, 2013
@@ -24,8 +24,8 @@ msgid ""
msgstr ""
"Project-Id-Version: The Tor Project\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2017-04-06 21:07+0200\n"
-"PO-Revision-Date: 2017-04-07 10:06+0000\n"
+"POT-Creation-Date: 2017-03-19 12:16+0100\n"
+"PO-Revision-Date: 2016-09-03 08:57+0000\n"
"Last-Translator: carolyn <carolyn@anhalt.org>\n"
"Language-Team: Greek (http://www.transifex.com/otf/torproject/language/el/)\n"
"Language: el\n"
@@ -143,21 +143,6 @@ msgstr "Επανεκκίνηση "
msgid "Power Off"
msgstr "Απενεργοποίηση"
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:59
-msgid "Warning: Tails 3.0 won't work on this computer!"
-msgstr ""
-"Προσοχή: Το Tails 3.0 δεν θα μπορέσει να λειτουργήσει σε αυτόν τον "
-"υπολογιστή!"
-
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:60
-msgid "Tails 3.0 will require a 64-bit processor."
-msgstr "Το Tails 3.0 χρειάζεται επεξεργαστή 64 μπιτ."
-
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:63
-#: config/chroot_local-includes/usr/local/lib/tails-virt-notify-user:83
-msgid "Learn more"
-msgstr "Μάθε περισσότερα"
-
#: config/chroot_local-includes/usr/local/bin/tails-about:22
#: ../config/chroot_local-includes/usr/share/desktop-directories/Tails.directory.in.h:1
msgid "Tails"
@@ -328,6 +313,10 @@ msgstr ""
"Tails. Έμπιστο πρέπει να θεωρείται μόνο το ελεύθερο λογισμικό, τόσο για το "
"λογισμικό εικονοποίησης όσο και για το λειτουργικό σύστημα."
+#: config/chroot_local-includes/usr/local/lib/tails-virt-notify-user:83
+msgid "Learn more"
+msgstr "Μάθε περισσότερα"
+
#: config/chroot_local-includes/usr/local/bin/tor-browser:43
msgid "Tor is not ready"
msgstr "Το Tor δεν είναι έτοιμο"
@@ -460,3 +449,46 @@ msgstr "Μη ασφαλής Browser"
#: ../config/chroot_local-includes/usr/share/desktop-directories/Tails.directory.in.h:2
msgid "Tails specific tools"
msgstr "Εργαλεία ειδικά για το Tails"
+
+#~ msgid "I2P failed to start"
+#~ msgstr "Το I2P απέτυχε να ξεκινήσει"
+
+#~ msgid ""
+#~ "Something went wrong when I2P was starting. Check the logs in /var/log/"
+#~ "i2p for more information."
+#~ msgstr ""
+#~ "Κάτι δεν πήγε καλά όταν ξεκινούσε το I2P. Για περισσότερες πληροφορίες "
+#~ "ελέγξτε τα αρχεία καταγραφής στο /var/log/i2p."
+
+#~ msgid "I2P's router console is ready"
+#~ msgstr "Η κονσόλα του δρομολογητή I2P είναι έτοιμη"
+
+#~ msgid "You can now access I2P's router console in the I2P Browser."
+#~ msgstr ""
+#~ "Μπορείτε τώρα να έχετε πρόσβαση στην κονσόλα του ρούτερ I2P μέσω του I2P "
+#~ "Browser."
+
+#~ msgid "I2P is not ready"
+#~ msgstr "Ο I2P δεν είναι έτοιμος"
+
+#~ msgid ""
+#~ "Eepsite tunnel not built within six minutes. Check the router console in "
+#~ "the I2P Browser or the logs in /var/log/i2p for more information. "
+#~ "Reconnect to the network to try again."
+#~ msgstr ""
+#~ "Eepsite σήραγγα δεν χτίστηκε μέσα σε έξι λεπτά. Ελέγξτε την κονσόλα "
+#~ "router στο http://127.0.0.1:7657/logs ή τα αρχεία καταγραφής στο φάκελο / "
+#~ "var / log / i2p για περισσότερες πληροφορίες. Επανασύνδεση με το δίκτυο "
+#~ "για να προσπαθήσετε ξανά."
+
+#~ msgid "I2P is ready"
+#~ msgstr "Ο I2P είναι έτοιμος"
+
+#~ msgid "You can now access services on I2P."
+#~ msgstr "Μπορείτε τώρα να έχετε πρόσβαση στις υπηρεσίες I2P"
+
+#~ msgid "Anonymous overlay network browser"
+#~ msgstr "Δίκτυο ανώνυμης περιήγησης"
+
+#~ msgid "I2P Browser"
+#~ msgstr "I2P πρόγραμμα περιήγησης"
diff --git a/po/en_GB.po b/po/en_GB.po
index 451aecc..55e0a85 100644
--- a/po/en_GB.po
+++ b/po/en_GB.po
@@ -11,7 +11,7 @@ msgid ""
msgstr ""
"Project-Id-Version: The Tor Project\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2017-04-06 21:07+0200\n"
+"POT-Creation-Date: 2017-03-19 12:16+0100\n"
"PO-Revision-Date: 2016-09-03 08:57+0000\n"
"Last-Translator: carolyn <carolyn@anhalt.org>\n"
"Language-Team: English (United Kingdom) (http://www.transifex.com/otf/"
@@ -127,19 +127,6 @@ msgstr "Restart"
msgid "Power Off"
msgstr "Power Off"
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:59
-msgid "Warning: Tails 3.0 won't work on this computer!"
-msgstr ""
-
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:60
-msgid "Tails 3.0 will require a 64-bit processor."
-msgstr ""
-
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:63
-#: config/chroot_local-includes/usr/local/lib/tails-virt-notify-user:83
-msgid "Learn more"
-msgstr "Learn more"
-
#: config/chroot_local-includes/usr/local/bin/tails-about:22
#: ../config/chroot_local-includes/usr/share/desktop-directories/Tails.directory.in.h:1
msgid "Tails"
@@ -303,6 +290,10 @@ msgstr ""
"trustworthy, for both the host operating system and the virtualisation "
"software."
+#: config/chroot_local-includes/usr/local/lib/tails-virt-notify-user:83
+msgid "Learn more"
+msgstr "Learn more"
+
#: config/chroot_local-includes/usr/local/bin/tor-browser:43
msgid "Tor is not ready"
msgstr "Tor is not ready"
diff --git a/po/es.po b/po/es.po
index df4de78..5a51a4a 100644
--- a/po/es.po
+++ b/po/es.po
@@ -7,15 +7,15 @@
# Edward Navarro, 2015
# el buve, 2015
# Emma Peel, 2015,2017
-# Jose Luis Tirado <joseluis.tirado@gmail.com>, 2014-2015
+# Jose Luis <joseluis.tirado@gmail.com>, 2014-2015
# Manuel Herrera <ma_herrer@yahoo.com.mx>, 2013
-# strel, 2013-2017
+# strel, 2013-2016
msgid ""
msgstr ""
"Project-Id-Version: The Tor Project\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2017-04-06 21:07+0200\n"
-"PO-Revision-Date: 2017-04-18 10:42+0000\n"
+"POT-Creation-Date: 2017-03-19 12:16+0100\n"
+"PO-Revision-Date: 2017-02-09 08:20+0000\n"
"Last-Translator: Emma Peel\n"
"Language-Team: Spanish (http://www.transifex.com/otf/torproject/language/"
"es/)\n"
@@ -132,19 +132,6 @@ msgstr "Reiniciar"
msgid "Power Off"
msgstr "Apagar"
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:59
-msgid "Warning: Tails 3.0 won't work on this computer!"
-msgstr "Advertencia: ¡Tails 3.0 no funcionará en esta computadora!"
-
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:60
-msgid "Tails 3.0 will require a 64-bit processor."
-msgstr "Tails 3.0 requerirá un procesador de 64-bits"
-
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:63
-#: config/chroot_local-includes/usr/local/lib/tails-virt-notify-user:83
-msgid "Learn more"
-msgstr "Leer más"
-
#: config/chroot_local-includes/usr/local/bin/tails-about:22
#: ../config/chroot_local-includes/usr/share/desktop-directories/Tails.directory.in.h:1
msgid "Tails"
@@ -312,6 +299,10 @@ msgstr ""
"software libre puede ser considerado confiable para ambos el sistema "
"operativo anfitrión y el software de virtualización."
+#: config/chroot_local-includes/usr/local/lib/tails-virt-notify-user:83
+msgid "Learn more"
+msgstr "Leer más"
+
#: config/chroot_local-includes/usr/local/bin/tor-browser:43
msgid "Tor is not ready"
msgstr "Tor no está listo"
@@ -443,3 +434,45 @@ msgstr "Navegador No Seguro"
#: ../config/chroot_local-includes/usr/share/desktop-directories/Tails.directory.in.h:2
msgid "Tails specific tools"
msgstr "Herramientas específicas de Tails"
+
+#~ msgid "I2P failed to start"
+#~ msgstr "I2P falló al iniciarse"
+
+#~ msgid ""
+#~ "Something went wrong when I2P was starting. Check the logs in /var/log/"
+#~ "i2p for more information."
+#~ msgstr ""
+#~ "Algo salió mal cuando se estaba iniciando I2P. Revisa los registros en /"
+#~ "var/log/i2p para más información."
+
+#~ msgid "I2P's router console is ready"
+#~ msgstr "La consola de router I2P está lista"
+
+#~ msgid "You can now access I2P's router console in the I2P Browser."
+#~ msgstr ""
+#~ "Ahora puedes acceder a la consola del router I2P en el Navegador I2P."
+
+#~ msgid "I2P is not ready"
+#~ msgstr "I2P no esta listo"
+
+#~ msgid ""
+#~ "Eepsite tunnel not built within six minutes. Check the router console in "
+#~ "the I2P Browser or the logs in /var/log/i2p for more information. "
+#~ "Reconnect to the network to try again."
+#~ msgstr ""
+#~ "El túnel del eepsite (sitio web en I2P) no se estableció en seis minutos. "
+#~ "Revisa la consola del router I2P en el Navegador I2P o los registros en /"
+#~ "var/log/i2p para más información. Reconecta a la red para intentarlo de "
+#~ "nuevo."
+
+#~ msgid "I2P is ready"
+#~ msgstr "I2P esta listo"
+
+#~ msgid "You can now access services on I2P."
+#~ msgstr "Ahora puedes acceder a los servicios en I2P."
+
+#~ msgid "Anonymous overlay network browser"
+#~ msgstr "Superposición anónima de navegador de red"
+
+#~ msgid "I2P Browser"
+#~ msgstr "Navegador I2P"
diff --git a/po/fa.po b/po/fa.po
index f4ab275..a5cc4d3 100644
--- a/po/fa.po
+++ b/po/fa.po
@@ -20,7 +20,7 @@ msgid ""
msgstr ""
"Project-Id-Version: The Tor Project\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2017-04-06 21:07+0200\n"
+"POT-Creation-Date: 2017-03-19 12:16+0100\n"
"PO-Revision-Date: 2016-09-03 08:57+0000\n"
"Last-Translator: carolyn <carolyn@anhalt.org>\n"
"Language-Team: Persian (http://www.transifex.com/otf/torproject/language/"
@@ -148,19 +148,6 @@ msgstr "شروع دوباره"
msgid "Power Off"
msgstr "خاموش کردن رایانه"
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:59
-msgid "Warning: Tails 3.0 won't work on this computer!"
-msgstr ""
-
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:60
-msgid "Tails 3.0 will require a 64-bit processor."
-msgstr ""
-
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:63
-#: config/chroot_local-includes/usr/local/lib/tails-virt-notify-user:83
-msgid "Learn more"
-msgstr "بیشتر بدانید"
-
#: config/chroot_local-includes/usr/local/bin/tails-about:22
#: ../config/chroot_local-includes/usr/share/desktop-directories/Tails.directory.in.h:1
msgid "Tails"
@@ -325,6 +312,10 @@ msgstr ""
"دهید را مشاهده کنند. تنها نرم افزارهای آزاد می توانند برای سیستم عامل میزبان "
"و نرم افزار مجازی ساز قابل اعتماد باشند."
+#: config/chroot_local-includes/usr/local/lib/tails-virt-notify-user:83
+msgid "Learn more"
+msgstr "بیشتر بدانید"
+
#: config/chroot_local-includes/usr/local/bin/tor-browser:43
msgid "Tor is not ready"
msgstr "تور آماده نیست"
diff --git a/po/fi.po b/po/fi.po
index ef517ec..02a3997 100644
--- a/po/fi.po
+++ b/po/fi.po
@@ -15,7 +15,7 @@ msgid ""
msgstr ""
"Project-Id-Version: The Tor Project\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2017-04-06 21:07+0200\n"
+"POT-Creation-Date: 2017-03-19 12:16+0100\n"
"PO-Revision-Date: 2016-09-03 08:57+0000\n"
"Last-Translator: carolyn <carolyn@anhalt.org>\n"
"Language-Team: Finnish (http://www.transifex.com/otf/torproject/language/"
@@ -131,19 +131,6 @@ msgstr "Käynnistä uudelleen"
msgid "Power Off"
msgstr "Sammuta"
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:59
-msgid "Warning: Tails 3.0 won't work on this computer!"
-msgstr ""
-
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:60
-msgid "Tails 3.0 will require a 64-bit processor."
-msgstr ""
-
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:63
-#: config/chroot_local-includes/usr/local/lib/tails-virt-notify-user:83
-msgid "Learn more"
-msgstr "Opi lisää"
-
#: config/chroot_local-includes/usr/local/bin/tails-about:22
#: ../config/chroot_local-includes/usr/share/desktop-directories/Tails.directory.in.h:1
msgid "Tails"
@@ -311,6 +298,10 @@ msgstr ""
"pitää luotettavana sekä isäntäkäyttöjärjestelmän että "
"virtualisointiohjelmiston osalta."
+#: config/chroot_local-includes/usr/local/lib/tails-virt-notify-user:83
+msgid "Learn more"
+msgstr "Opi lisää"
+
#: config/chroot_local-includes/usr/local/bin/tor-browser:43
msgid "Tor is not ready"
msgstr "Tor ei ole valmis"
diff --git a/po/fr.po b/po/fr.po
index ae89e94..21f1fbd 100644
--- a/po/fr.po
+++ b/po/fr.po
@@ -9,7 +9,7 @@
# apaddlingduck, 2014
# Athorcis, 2015
# Emmanuel Simond <emmanuel.simond@gmail.com>, 2014
-# French language coordinator <french.coordinator@rbox.me>, 2016-2017
+# French language coordinator <french.translation@rbox.me>, 2016
# Gwennole Hangard <gwennole.hangard@gmail.com>, 2015
# Jean-Yves Toumit <saiolar-c@yahoo.fr>, 2013
# Lidija <llazic.bgd@gmail.com>, 2015
@@ -18,14 +18,14 @@
# Sabrina Cater <sabcat@gmx.fr>, 2015
# Thomas Chauchefoin <thomas@chauchefoin.fr>, 2016
# Towinet, 2013-2016
-# French language coordinator <french.coordinator@rbox.me>, 2015
+# French language coordinator <french.translation@rbox.me>, 2015
msgid ""
msgstr ""
"Project-Id-Version: The Tor Project\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2017-04-06 21:07+0200\n"
-"PO-Revision-Date: 2017-04-07 10:06+0000\n"
-"Last-Translator: carolyn <carolyn@anhalt.org>\n"
+"POT-Creation-Date: 2017-03-19 12:16+0100\n"
+"PO-Revision-Date: 2016-12-22 17:02+0000\n"
+"Last-Translator: French language coordinator <french.translation@rbox.me>\n"
"Language-Team: French (http://www.transifex.com/otf/torproject/language/"
"fr/)\n"
"Language: fr\n"
@@ -139,19 +139,6 @@ msgstr "Redémarrer"
msgid "Power Off"
msgstr "Éteindre"
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:59
-msgid "Warning: Tails 3.0 won't work on this computer!"
-msgstr "Avertissement : Tails 3.0 ne fonctionnera pas sur cet ordinateur !"
-
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:60
-msgid "Tails 3.0 will require a 64-bit processor."
-msgstr "Tails 3.0 exigera un processeur 64 bits."
-
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:63
-#: config/chroot_local-includes/usr/local/lib/tails-virt-notify-user:83
-msgid "Learn more"
-msgstr "En apprendre davantage"
-
#: config/chroot_local-includes/usr/local/bin/tails-about:22
#: ../config/chroot_local-includes/usr/share/desktop-directories/Tails.directory.in.h:1
msgid "Tails"
@@ -318,6 +305,10 @@ msgstr ""
"peuvent être considérés de confiance, à la fois pour le système "
"d'exploitation hôte et le logiciel de virtualisation."
+#: config/chroot_local-includes/usr/local/lib/tails-virt-notify-user:83
+msgid "Learn more"
+msgstr "En apprendre davantage"
+
#: config/chroot_local-includes/usr/local/bin/tor-browser:43
msgid "Tor is not ready"
msgstr "Tor n'est pas prêt"
@@ -450,3 +441,46 @@ msgstr "Navigateur Web non-sécurisé"
#: ../config/chroot_local-includes/usr/share/desktop-directories/Tails.directory.in.h:2
msgid "Tails specific tools"
msgstr "Outils spécifiques à Tails"
+
+#~ msgid "I2P failed to start"
+#~ msgstr "Échec de démarrage d'I2P"
+
+#~ msgid ""
+#~ "Something went wrong when I2P was starting. Check the logs in /var/log/"
+#~ "i2p for more information."
+#~ msgstr ""
+#~ "Quelque chose a mal tourné lors du lancement d'I2P. Vérifiez les journaux "
+#~ "dans /var/log/i2p pour plus d'informations."
+
+#~ msgid "I2P's router console is ready"
+#~ msgstr "La console du routeur I2P est prête"
+
+#~ msgid "You can now access I2P's router console in the I2P Browser."
+#~ msgstr ""
+#~ "Vous pouvez maintenant accéder à la console du routeur dans le navigateur "
+#~ "I2P."
+
+#~ msgid "I2P is not ready"
+#~ msgstr "I2P n'est pas prêt"
+
+#~ msgid ""
+#~ "Eepsite tunnel not built within six minutes. Check the router console in "
+#~ "the I2P Browser or the logs in /var/log/i2p for more information. "
+#~ "Reconnect to the network to try again."
+#~ msgstr ""
+#~ "Le tunnel Eepsite n'a pas été construit en moins de six minutes. Vérifiez "
+#~ "la console du routeur dans le navigateur I2P ou les journaux dans /var/"
+#~ "log/i2p pour plus d'informations. Reconnectez-vous au réseau pour "
+#~ "ressayer."
+
+#~ msgid "I2P is ready"
+#~ msgstr "I2P est prêt"
+
+#~ msgid "You can now access services on I2P."
+#~ msgstr "Vous pouvez maintenant accéder aux services sur I2P."
+
+#~ msgid "Anonymous overlay network browser"
+#~ msgstr "Navigateur de réseau anonyme en surcouche"
+
+#~ msgid "I2P Browser"
+#~ msgstr "Navigateur I2P"
diff --git a/po/fr_CA.po b/po/fr_CA.po
index 9b38e51..a1013bc 100644
--- a/po/fr_CA.po
+++ b/po/fr_CA.po
@@ -4,20 +4,20 @@
#
# Translators:
# Carley Wilson <carley.wilson@me.com>, 2014
-# French language coordinator <french.coordinator@rbox.me>, 2016-2017
-# French language coordinator <french.coordinator@rbox.me>, 2016
+# French language coordinator <french.translation@rbox.me>, 2016
+# French language coordinator <french.translation@rbox.me>, 2016
# Jean-Yves Toumit <saiolar-c@yahoo.fr>, 2013
# Onizuka, 2013
# Towatowa441, 2013
-# French language coordinator <french.coordinator@rbox.me>, 2015-2016
-# French language coordinator <french.coordinator@rbox.me>, 2014-2015
+# French language coordinator <french.translation@rbox.me>, 2015-2016
+# French language coordinator <french.translation@rbox.me>, 2014-2015
msgid ""
msgstr ""
"Project-Id-Version: The Tor Project\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2017-04-06 21:07+0200\n"
-"PO-Revision-Date: 2017-04-07 10:06+0000\n"
-"Last-Translator: carolyn <carolyn@anhalt.org>\n"
+"POT-Creation-Date: 2017-03-19 12:16+0100\n"
+"PO-Revision-Date: 2016-12-16 15:35+0000\n"
+"Last-Translator: French language coordinator <french.translation@rbox.me>\n"
"Language-Team: French (Canada) (http://www.transifex.com/otf/torproject/"
"language/fr_CA/)\n"
"Language: fr_CA\n"
@@ -130,19 +130,6 @@ msgstr "Redémarrer"
msgid "Power Off"
msgstr "Éteindre"
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:59
-msgid "Warning: Tails 3.0 won't work on this computer!"
-msgstr "Avertissement : Tails 3.0 ne fonctionnera pas sur cet ordinateur !"
-
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:60
-msgid "Tails 3.0 will require a 64-bit processor."
-msgstr "Tails 3.0 exigera un processeur 64 bits."
-
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:63
-#: config/chroot_local-includes/usr/local/lib/tails-virt-notify-user:83
-msgid "Learn more"
-msgstr "En apprendre davantage"
-
#: config/chroot_local-includes/usr/local/bin/tails-about:22
#: ../config/chroot_local-includes/usr/share/desktop-directories/Tails.directory.in.h:1
msgid "Tails"
@@ -309,6 +296,10 @@ msgstr ""
"peuvent être considérés de confiance, à la fois pour le système "
"d'exploitation hôte et le logiciel de virtualisation."
+#: config/chroot_local-includes/usr/local/lib/tails-virt-notify-user:83
+msgid "Learn more"
+msgstr "En apprendre davantage"
+
#: config/chroot_local-includes/usr/local/bin/tor-browser:43
msgid "Tor is not ready"
msgstr "Tor n'est pas prêt"
@@ -441,3 +432,46 @@ msgstr "Navigateur Web non-sécurisé"
#: ../config/chroot_local-includes/usr/share/desktop-directories/Tails.directory.in.h:2
msgid "Tails specific tools"
msgstr "Outils spécifiques à Tails"
+
+#~ msgid "I2P failed to start"
+#~ msgstr "Échec de démarrage d'I2P"
+
+#~ msgid ""
+#~ "Something went wrong when I2P was starting. Check the logs in /var/log/"
+#~ "i2p for more information."
+#~ msgstr ""
+#~ "Quelque chose a mal tourné lors du lancement d'I2P. Vérifiez les journaux "
+#~ "dans /var/log/i2p pour plus d'informations."
+
+#~ msgid "I2P's router console is ready"
+#~ msgstr "La console du routeur d'I2P est prête"
+
+#~ msgid "You can now access I2P's router console in the I2P Browser."
+#~ msgstr ""
+#~ "Vous pouvez maintenant accéder à la console du routeur I2P dans le "
+#~ "navigateur I2P."
+
+#~ msgid "I2P is not ready"
+#~ msgstr "I2P n'est pas prêt"
+
+#~ msgid ""
+#~ "Eepsite tunnel not built within six minutes. Check the router console in "
+#~ "the I2P Browser or the logs in /var/log/i2p for more information. "
+#~ "Reconnect to the network to try again."
+#~ msgstr ""
+#~ "Le tunnel Eepsite n'a pas été construit en moins de six minutes. Vérifiez "
+#~ "la console du routeur dans le navigateur I2P ou les journaux dans /var/"
+#~ "log/i2p pour plus d'informations. Reconnectez-vous au réseau pour "
+#~ "ressayer."
+
+#~ msgid "I2P is ready"
+#~ msgstr "I2P est prêt"
+
+#~ msgid "You can now access services on I2P."
+#~ msgstr "Vous pouvez maintenant accéder aux services sur i2P."
+
+#~ msgid "Anonymous overlay network browser"
+#~ msgstr "Navigateur de réseau anonyme en surcouche"
+
+#~ msgid "I2P Browser"
+#~ msgstr "Navigateur I2P"
diff --git a/po/he.po b/po/he.po
index 708b0ae..7ece9c3 100644
--- a/po/he.po
+++ b/po/he.po
@@ -12,7 +12,7 @@ msgid ""
msgstr ""
"Project-Id-Version: The Tor Project\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2017-04-06 21:07+0200\n"
+"POT-Creation-Date: 2017-03-19 12:16+0100\n"
"PO-Revision-Date: 2015-10-09 11:44+0000\n"
"Last-Translator: Johnny Diralenzo\n"
"Language-Team: Hebrew (http://www.transifex.com/otf/torproject/language/"
@@ -113,20 +113,6 @@ msgstr ""
msgid "Power Off"
msgstr "כיבוי"
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:59
-msgid "Warning: Tails 3.0 won't work on this computer!"
-msgstr ""
-
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:60
-msgid "Tails 3.0 will require a 64-bit processor."
-msgstr ""
-
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:63
-#: config/chroot_local-includes/usr/local/lib/tails-virt-notify-user:83
-#, fuzzy
-msgid "Learn more"
-msgstr "למד עוד על Tails"
-
#: config/chroot_local-includes/usr/local/bin/tails-about:22
#: ../config/chroot_local-includes/usr/share/desktop-directories/Tails.directory.in.h:1
msgid "Tails"
@@ -289,6 +275,11 @@ msgstr ""
"גם מערכת ההפעלה המארחת וגם תוכנת הווירטואליזציה יכולות לבלוש אחר מעשיך ב-"
"Tails."
+#: config/chroot_local-includes/usr/local/lib/tails-virt-notify-user:83
+#, fuzzy
+msgid "Learn more"
+msgstr "למד עוד על Tails"
+
#: config/chroot_local-includes/usr/local/bin/tor-browser:43
msgid "Tor is not ready"
msgstr "Tor עוד לא מוכן"
@@ -419,6 +410,46 @@ msgstr "דפדפן רשת לא בטוח"
msgid "Tails specific tools"
msgstr "כלים ספציפיים של Tails"
+#~ msgid "I2P failed to start"
+#~ msgstr "‏I2P נכשל להתחיל"
+
+#~ msgid ""
+#~ "Something went wrong when I2P was starting. Check the logs in /var/log/"
+#~ "i2p for more information."
+#~ msgstr ""
+#~ "משהו השתבש בהפעלת I2P. בדוק את יומני הרישום בתוך /var/log/i2p לפרטים "
+#~ "נוספים."
+
+#~ msgid "I2P's router console is ready"
+#~ msgstr "קונסולת נתב ה-I2P מוכנה לשימוש"
+
+#~ msgid "You can now access I2P's router console in the I2P Browser."
+#~ msgstr "באפשרותך לגשת כעת לקונסולת נתב ה-I2P דרך דפדפן I2P."
+
+#~ msgid "I2P is not ready"
+#~ msgstr "I2P אינו מוכן"
+
+#~ msgid ""
+#~ "Eepsite tunnel not built within six minutes. Check the router console in "
+#~ "the I2P Browser or the logs in /var/log/i2p for more information. "
+#~ "Reconnect to the network to try again."
+#~ msgstr ""
+#~ "עברו שש דקות אך מנהרת ה-Eepsite לא הוקמה. בדוק את קונסולת נתב בדפדפן I2P "
+#~ "או את יומני הרישום בתוך /var/log/i2p לפרטים נוספים. התחבר שוב לרשת כדי "
+#~ "לנסות שוב."
+
+#~ msgid "I2P is ready"
+#~ msgstr "I2P מוכן"
+
+#~ msgid "You can now access services on I2P."
+#~ msgstr "אתה יכול עכשיו לקבל שירותים ב-I2P"
+
+#~ msgid "Anonymous overlay network browser"
+#~ msgstr "דפדפן רשת אנונימי"
+
+#~ msgid "I2P Browser"
+#~ msgstr "דפדפן I2P"
+
#~ msgid "OpenPGP encryption applet"
#~ msgstr "יישומון הצפנת OpenPGP"
@@ -571,46 +602,6 @@ msgstr "כלים ספציפיים של Tails"
#~ "<a href='file:///usr/share/doc/tails/website/doc/advanced_topics/"
#~ "virtualization.en.html#security'>למד עוד...</a>"
-#~ msgid "I2P failed to start"
-#~ msgstr "‏I2P נכשל להתחיל"
-
-#~ msgid ""
-#~ "Something went wrong when I2P was starting. Check the logs in /var/log/"
-#~ "i2p for more information."
-#~ msgstr ""
-#~ "משהו השתבש בהפעלת I2P. בדוק את יומני הרישום בתוך /var/log/i2p לפרטים "
-#~ "נוספים."
-
-#~ msgid "I2P's router console is ready"
-#~ msgstr "קונסולת נתב ה-I2P מוכנה לשימוש"
-
-#~ msgid "You can now access I2P's router console in the I2P Browser."
-#~ msgstr "באפשרותך לגשת כעת לקונסולת נתב ה-I2P דרך דפדפן I2P."
-
-#~ msgid "I2P is not ready"
-#~ msgstr "I2P אינו מוכן"
-
-#~ msgid ""
-#~ "Eepsite tunnel not built within six minutes. Check the router console in "
-#~ "the I2P Browser or the logs in /var/log/i2p for more information. "
-#~ "Reconnect to the network to try again."
-#~ msgstr ""
-#~ "עברו שש דקות אך מנהרת ה-Eepsite לא הוקמה. בדוק את קונסולת נתב בדפדפן I2P "
-#~ "או את יומני הרישום בתוך /var/log/i2p לפרטים נוספים. התחבר שוב לרשת כדי "
-#~ "לנסות שוב."
-
-#~ msgid "I2P is ready"
-#~ msgstr "I2P מוכן"
-
-#~ msgid "You can now access services on I2P."
-#~ msgstr "אתה יכול עכשיו לקבל שירותים ב-I2P"
-
-#~ msgid "Anonymous overlay network browser"
-#~ msgstr "דפדפן רשת אנונימי"
-
-#~ msgid "I2P Browser"
-#~ msgstr "דפדפן I2P"
-
#~ msgid "Reboot"
#~ msgstr "לאתחל"
diff --git a/po/hr_HR.po b/po/hr_HR.po
index 2a17767..141348d 100644
--- a/po/hr_HR.po
+++ b/po/hr_HR.po
@@ -5,16 +5,16 @@
# Translators:
# Ana B, 2014
# Miskha <edinaaa.b@gmail.com>, 2014
-# Igor <lyricaltumor@gmail.com>, 2016-2017
+# Igor <lyricaltumor@gmail.com>, 2016
# Igor <lyricaltumor@gmail.com>, 2015
# Neven Lovrić <neven@lovric.net>, 2014
msgid ""
msgstr ""
"Project-Id-Version: The Tor Project\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2017-04-06 21:07+0200\n"
-"PO-Revision-Date: 2017-04-07 10:06+0000\n"
-"Last-Translator: carolyn <carolyn@anhalt.org>\n"
+"POT-Creation-Date: 2017-03-19 12:16+0100\n"
+"PO-Revision-Date: 2016-09-15 06:05+0000\n"
+"Last-Translator: Igor <lyricaltumor@gmail.com>\n"
"Language-Team: Croatian (Croatia) (http://www.transifex.com/otf/torproject/"
"language/hr_HR/)\n"
"Language: hr_HR\n"
@@ -75,8 +75,8 @@ msgid ""
"Bitcoin wallet. It is strongly recommended to only run Electrum when its "
"persistence feature is activated."
msgstr ""
-"Kad ponovno pokrenet Tails, svi Electrumovi podatci će biti izgubljeni, "
-"uključujući i Vaš Bitcoin novčanik. Snažno je preporučeno da se Electrum "
+"Kad ponovno pokrenet Tails, svi Electrum-ovi podatci će biti izgubljeni, "
+"uključujući i Vaš Bitcoin novčanik. Snažno je preporučeno da se Electrum "
"pokreće jedino kad je mogućnost trajnosti aktivirina."
#: config/chroot_local-includes/usr/local/bin/electrum:21
@@ -117,7 +117,7 @@ msgid ""
"claws_mail_to_icedove#delete'>delete all your <b>Claws Mail</b> data</a> to "
"remove this warning."
msgstr ""
-"Ako ste već migrirali svoje emailove na <b>Icedove</b> trebali bi <a "
+"Ako ste već migrirali svoje email-ove na <b>Icedove</b> trebali bi <a "
"href='https://tails.boum.org/doc/anonymous_internet/"
"claws_mail_to_icedove#delete'> izbrisati sve <b>Claws Mail</b> podatke</a> "
"kako bi uklonili ovo upozorenje."
@@ -130,19 +130,6 @@ msgstr "Ponovno pokreni"
msgid "Power Off"
msgstr "Isključi"
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:59
-msgid "Warning: Tails 3.0 won't work on this computer!"
-msgstr "Upozorenje: Tails 3.0 neće raditi na ovom računalu!"
-
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:60
-msgid "Tails 3.0 will require a 64-bit processor."
-msgstr "Tails 3.0 zahtjeva 64-bitni procesor."
-
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:63
-#: config/chroot_local-includes/usr/local/lib/tails-virt-notify-user:83
-msgid "Learn more"
-msgstr "Naučite više"
-
#: config/chroot_local-includes/usr/local/bin/tails-about:22
#: ../config/chroot_local-includes/usr/share/desktop-directories/Tails.directory.in.h:1
msgid "Tails"
@@ -307,6 +294,10 @@ msgstr ""
"Tailsu. Samo se slobodan software može smatrati vjerodostojnim, kako za "
"operativni sustav tako i za virtualizacijski software."
+#: config/chroot_local-includes/usr/local/lib/tails-virt-notify-user:83
+msgid "Learn more"
+msgstr "Naučite više"
+
#: config/chroot_local-includes/usr/local/bin/tor-browser:43
msgid "Tor is not ready"
msgstr "Tor nije spreman"
@@ -439,3 +430,43 @@ msgstr "Nesiguran Web preglednik"
#: ../config/chroot_local-includes/usr/share/desktop-directories/Tails.directory.in.h:2
msgid "Tails specific tools"
msgstr "Tails specifični alati"
+
+#~ msgid "I2P failed to start"
+#~ msgstr "I2P se nije uspio pokrenuti"
+
+#~ msgid ""
+#~ "Something went wrong when I2P was starting. Check the logs in /var/log/"
+#~ "i2p for more information."
+#~ msgstr ""
+#~ "Nešto je pošlo po krivu prilikom pokretanja I2P. Provjerite zapisnike u /"
+#~ "var/log/i2p za više informacija."
+
+#~ msgid "I2P's router console is ready"
+#~ msgstr "I2P konzola rutera je spremna"
+
+#~ msgid "You can now access I2P's router console in the I2P Browser."
+#~ msgstr "Sad možete pristupiti I2P konzoli rutera u I2P pregledniku."
+
+#~ msgid "I2P is not ready"
+#~ msgstr "I2P nije spreman"
+
+#~ msgid ""
+#~ "Eepsite tunnel not built within six minutes. Check the router console in "
+#~ "the I2P Browser or the logs in /var/log/i2p for more information. "
+#~ "Reconnect to the network to try again."
+#~ msgstr ""
+#~ "Eepsite tunel nije napravljen unutar šest minuta. Provjerite konzolu "
+#~ "rutera u I2P pregledniku ili zapise u /var/log/i2p za više informacija. "
+#~ "Ponovno se spojite s mrežom kako bi pokušali opet."
+
+#~ msgid "I2P is ready"
+#~ msgstr "I2P je spreman"
+
+#~ msgid "You can now access services on I2P."
+#~ msgstr "Sad možete pristupiti uslugama na I2P."
+
+#~ msgid "Anonymous overlay network browser"
+#~ msgstr "Mrežni preglednik anonimnog preklopa"
+
+#~ msgid "I2P Browser"
+#~ msgstr "I2P preglednik"
diff --git a/po/hu.po b/po/hu.po
index 635c545..9636319 100644
--- a/po/hu.po
+++ b/po/hu.po
@@ -15,7 +15,7 @@ msgid ""
msgstr ""
"Project-Id-Version: The Tor Project\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2017-04-06 21:07+0200\n"
+"POT-Creation-Date: 2017-03-19 12:16+0100\n"
"PO-Revision-Date: 2016-09-03 08:57+0000\n"
"Last-Translator: carolyn <carolyn@anhalt.org>\n"
"Language-Team: Hungarian (http://www.transifex.com/otf/torproject/language/"
@@ -134,19 +134,6 @@ msgstr "Újraindítás"
msgid "Power Off"
msgstr "Leállítás"
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:59
-msgid "Warning: Tails 3.0 won't work on this computer!"
-msgstr ""
-
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:60
-msgid "Tails 3.0 will require a 64-bit processor."
-msgstr ""
-
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:63
-#: config/chroot_local-includes/usr/local/lib/tails-virt-notify-user:83
-msgid "Learn more"
-msgstr "További információ"
-
#: config/chroot_local-includes/usr/local/bin/tails-about:22
#: ../config/chroot_local-includes/usr/share/desktop-directories/Tails.directory.in.h:1
msgid "Tails"
@@ -313,6 +300,10 @@ msgstr ""
"ezért ajánljuk hogy használjon ingyenes operációs rendszert és "
"virtualizációs szoftvert."
+#: config/chroot_local-includes/usr/local/lib/tails-virt-notify-user:83
+msgid "Learn more"
+msgstr "További információ"
+
#: config/chroot_local-includes/usr/local/bin/tor-browser:43
msgid "Tor is not ready"
msgstr "A Tor még nem áll készen a működésre"
diff --git a/po/id.po b/po/id.po
index 1af0bf0..a58c266 100644
--- a/po/id.po
+++ b/po/id.po
@@ -16,7 +16,7 @@ msgid ""
msgstr ""
"Project-Id-Version: The Tor Project\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2017-04-06 21:07+0200\n"
+"POT-Creation-Date: 2017-03-19 12:16+0100\n"
"PO-Revision-Date: 2016-11-09 22:14+0000\n"
"Last-Translator: Frengky Sinaga <frengkys5@gmail.com>\n"
"Language-Team: Indonesian (http://www.transifex.com/otf/torproject/language/"
@@ -135,19 +135,6 @@ msgstr "Mulai ulang"
msgid "Power Off"
msgstr "Matikan"
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:59
-msgid "Warning: Tails 3.0 won't work on this computer!"
-msgstr ""
-
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:60
-msgid "Tails 3.0 will require a 64-bit processor."
-msgstr ""
-
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:63
-#: config/chroot_local-includes/usr/local/lib/tails-virt-notify-user:83
-msgid "Learn more"
-msgstr "Pelajari lebih lanjut"
-
#: config/chroot_local-includes/usr/local/bin/tails-about:22
#: ../config/chroot_local-includes/usr/share/desktop-directories/Tails.directory.in.h:1
msgid "Tails"
@@ -313,6 +300,10 @@ msgstr ""
"dipandang terpercaya, untuk kedua sistem operasi host dan perangkat lunak "
"virtualisasi."
+#: config/chroot_local-includes/usr/local/lib/tails-virt-notify-user:83
+msgid "Learn more"
+msgstr "Pelajari lebih lanjut"
+
#: config/chroot_local-includes/usr/local/bin/tor-browser:43
msgid "Tor is not ready"
msgstr "Tor belum siap"
diff --git a/po/is.po b/po/is.po
index d0bc14b..b15d7e4 100644
--- a/po/is.po
+++ b/po/is.po
@@ -8,8 +8,8 @@ msgid ""
msgstr ""
"Project-Id-Version: The Tor Project\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2017-04-06 21:07+0200\n"
-"PO-Revision-Date: 2017-04-10 22:08+0000\n"
+"POT-Creation-Date: 2017-03-19 12:16+0100\n"
+"PO-Revision-Date: 2017-02-13 08:41+0000\n"
"Last-Translator: Sveinn í Felli <sv1@fellsnet.is>\n"
"Language-Team: Icelandic (http://www.transifex.com/otf/torproject/language/"
"is/)\n"
@@ -127,19 +127,6 @@ msgstr "Endurræsa"
msgid "Power Off"
msgstr "Slökkva"
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:59
-msgid "Warning: Tails 3.0 won't work on this computer!"
-msgstr "Aðvörun: Tails 3.0 mun ekki virka á þessari tölvu!"
-
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:60
-msgid "Tails 3.0 will require a 64-bit processor."
-msgstr "Tails 3.0 krefst 64-bita örgjörva."
-
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:63
-#: config/chroot_local-includes/usr/local/lib/tails-virt-notify-user:83
-msgid "Learn more"
-msgstr "Fræðast frekar"
-
#: config/chroot_local-includes/usr/local/bin/tails-about:22
#: ../config/chroot_local-includes/usr/share/desktop-directories/Tails.directory.in.h:1
msgid "Tails"
@@ -304,6 +291,10 @@ msgstr ""
"treysta frjálsum og opnum hugbúnaði, bæði hvað varðar hýsilstýrikerfið og "
"sýndarvélarhugbúnaðinn."
+#: config/chroot_local-includes/usr/local/lib/tails-virt-notify-user:83
+msgid "Learn more"
+msgstr "Fræðast frekar"
+
#: config/chroot_local-includes/usr/local/bin/tor-browser:43
msgid "Tor is not ready"
msgstr "Tor er ekki tilbúið"
@@ -435,3 +426,43 @@ msgstr "Óöruggur netvafri"
#: ../config/chroot_local-includes/usr/share/desktop-directories/Tails.directory.in.h:2
msgid "Tails specific tools"
msgstr "Sértæk Tails-verkfæri"
+
+#~ msgid "I2P failed to start"
+#~ msgstr "I2P ræstist ekki"
+
+#~ msgid ""
+#~ "Something went wrong when I2P was starting. Check the logs in /var/log/"
+#~ "i2p for more information."
+#~ msgstr ""
+#~ "Eitthvað fór úrskeiðis þegar I2P var að ræsast. Athugaðu annálana í /var/"
+#~ "log/i2p til að sjá frekari upplýsingar."
+
+#~ msgid "I2P's router console is ready"
+#~ msgstr "Stjórnborð I2P-beinis er tilbúið"
+
+#~ msgid "You can now access I2P's router console in the I2P Browser."
+#~ msgstr "Þú getur núna tengst við stjórnborð I2P-beinisins í I2P-vafranum."
+
+#~ msgid "I2P is not ready"
+#~ msgstr "I2P er ekki tilbúið"
+
+#~ msgid ""
+#~ "Eepsite tunnel not built within six minutes. Check the router console in "
+#~ "the I2P Browser or the logs in /var/log/i2p for more information. "
+#~ "Reconnect to the network to try again."
+#~ msgstr ""
+#~ "Ekki náðist að útbúa Eepsite-göng (tunnel) innan sex mínútna. Athugaðu "
+#~ "stjórnborð beinis í I2P-vafranum, eða skoðaðu annálana í /var/log/i2p til "
+#~ "að sjá nánari upplýsingar. Endurtengstu netinu til að reyna aftur."
+
+#~ msgid "I2P is ready"
+#~ msgstr "I2P er tilbúið"
+
+#~ msgid "You can now access services on I2P."
+#~ msgstr "Þú getur núna tengst við þjónustur á I2P."
+
+#~ msgid "Anonymous overlay network browser"
+#~ msgstr "Nafnlaus yfirlags-netvafri"
+
+#~ msgid "I2P Browser"
+#~ msgstr "I2P-vafri"
diff --git a/po/it.po b/po/it.po
index 59cbd1b..24192df 100644
--- a/po/it.po
+++ b/po/it.po
@@ -3,14 +3,13 @@
# This file is distributed under the same license as the PACKAGE package.
#
# Translators:
-# André, 2017
# Emanuele Trotta <etrotta@grupposintesi.it>, 2015
-# il_doc, 2014
+# il_doc <filippo.giomi@gmail.com>, 2014
# Francesca Ciceri <madamezou@zouish.org>, 2014
# Francesco Tombolini <tombo@adamantio.net>, 2015
-# Giuseppe Pignataro (Fasbyte01) <rogepix@gmail.com>, 2015-2016
+# Giuseppe Pignataro <rogepix@gmail.com>, 2015-2016
# HostFat <hostfat@gmail.com>, 2015
-# il_doc, 2014
+# il_doc <filippo.giomi@gmail.com>, 2014
# jan <jan.reister@unimi.it>, 2013
# jan <jan.reister@unimi.it>, 2013
# Leunam X1 <leunam.x1@gmail.com>, 2016
@@ -19,17 +18,17 @@
# Monica <momocat19@gmail.com>, 2014
# Monica <momocat19@gmail.com>, 2014
# Random_R, 2013
-# Random_R, 2013-2015,2017
+# Random_R, 2013-2015
# Riccardo Masutti <riccardomasu@gmail.com>, 2015
-# Rosario <oirasor@inventati.org>, 2014
+# Rosario Antoci <oirasor@inventati.org>, 2014
# Rossano Praderi <dshortway@gmail.com>, 2013
# Stefano Avezzù <Opusprimo@gmail.com>, 2015
msgid ""
msgstr ""
"Project-Id-Version: The Tor Project\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2017-04-06 21:07+0200\n"
-"PO-Revision-Date: 2017-04-07 10:06+0000\n"
+"POT-Creation-Date: 2017-03-19 12:16+0100\n"
+"PO-Revision-Date: 2016-09-03 08:57+0000\n"
"Last-Translator: carolyn <carolyn@anhalt.org>\n"
"Language-Team: Italian (http://www.transifex.com/otf/torproject/language/"
"it/)\n"
@@ -144,19 +143,6 @@ msgstr "Riavvia"
msgid "Power Off"
msgstr "Spegni"
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:59
-msgid "Warning: Tails 3.0 won't work on this computer!"
-msgstr "Attenzione: Tails 3.0 non funziona su questo computer!"
-
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:60
-msgid "Tails 3.0 will require a 64-bit processor."
-msgstr "Tails 3.0 richiederà processori 64-bit."
-
-#: config/chroot_local-includes/usr/local/lib/tails-32-bit-notify-user:63
-#: config/chroot_local-includes/usr/local/lib/tails-virt-notify-user:83
-msgid "Learn more"
-msgstr "Leggi di più"
-
#: config/chroot_local-includes/usr/local/bin/tails-about:22
#: ../config/chroot_local-includes/usr/share/desktop-directories/Tails.directory.in.h:1
msgid "Tails"
@@ -320,6 +306,10 @@ msgstr ""
"considerato affidabile, sia per il sistema operativo host sia per il "
"software di virtualizzazione."
+#: config/chroot_local-includes/usr/local/lib/tails-virt-notify-user:83
+msgid "Learn more"
+msgstr "Leggi di più"
+
#: config/chroot_local-includes/usr/local/bin/tor-browser:43
msgid "Tor is not ready"
msgstr "Tor non è pronto"
@@ -451,3 +441,43 @@ msgstr "Browser Web non sicuro"
#: ../config/chroot_local-includes/usr/share/desktop-directories/Tails.directory.in.h:2
msgid "Tails specific tools"
msgstr "Strumenti specifici di Tails"
+
+#~ msgid "I2P failed to start"
+#~ msgstr "Avvio di I2P fallito"
+
+#~ msgid ""
+#~ "Something went wrong when I2P was starting. Check the logs in /var/log/"
+#~ "i2p for more information."
+#~ msgstr ""
+#~ "Qualcosa è andata male quandoI2P è stato avviato. Controlla i log in /var/"
+#~ "log/i2p per maggiori informazioni."
+
+#~ msgid "I2P's router console is ready"
+#~ msgstr "La console del router I2P è pronta"
+
+#~ msgid "You can now access I2P's router console in the I2P Browser."
+#~ msgstr "Adesso puoi accedere alla console router di I2P nel Browser I2P."
+
+#~ msgid "I2P is not ready"
+#~ msgstr "I2P non è pronto"
+
+#~ msgid ""
+#~ "Eepsite tunnel not built within six min