summaryrefslogtreecommitdiffstats
path: root/wiki/src/contribute
diff options
context:
space:
mode:
Diffstat (limited to 'wiki/src/contribute')
-rw-r--r--wiki/src/contribute/build.mdwn130
-rw-r--r--wiki/src/contribute/build/website.mdwn5
-rw-r--r--wiki/src/contribute/calendar.mdwn41
-rw-r--r--wiki/src/contribute/design.mdwn246
-rw-r--r--wiki/src/contribute/design/I2P.mdwn133
-rw-r--r--wiki/src/contribute/design/I2P_Browser.mdwn56
-rw-r--r--wiki/src/contribute/design/MAC_address.mdwn14
-rw-r--r--wiki/src/contribute/design/Tor_enforcement/Network_filter.mdwn18
-rw-r--r--wiki/src/contribute/design/Unsafe_Browser.mdwn8
-rw-r--r--wiki/src/contribute/design/application_isolation.mdwn266
-rw-r--r--wiki/src/contribute/design/persistence.mdwn4
-rw-r--r--wiki/src/contribute/design/stream_isolation.mdwn14
-rw-r--r--wiki/src/contribute/design/vagrant.mdwn95
-rw-r--r--wiki/src/contribute/git.mdwn6
-rw-r--r--wiki/src/contribute/how/documentation/guidelines.mdwn23
-rw-r--r--wiki/src/contribute/how/donate.de.po267
-rw-r--r--wiki/src/contribute/how/donate.fr.po381
-rw-r--r--wiki/src/contribute/how/donate.mdwn161
-rw-r--r--wiki/src/contribute/how/donate.pt.po383
-rw-r--r--wiki/src/contribute/how/mirror.mdwn12
-rw-r--r--wiki/src/contribute/how/translate.mdwn300
-rw-r--r--wiki/src/contribute/how/translate/team/de.mdwn12
-rw-r--r--wiki/src/contribute/how/translate/team/fr.mdwn65
-rw-r--r--wiki/src/contribute/how/translate/team/new.mdwn46
-rw-r--r--wiki/src/contribute/how/translate/team/pt.mdwn4
-rw-r--r--wiki/src/contribute/how/translate/translation_progress.mdwn19
-rw-r--r--wiki/src/contribute/how/translate/with_Git.mdwn196
-rw-r--r--wiki/src/contribute/how/translate/with_Transifex.mdwn25
-rw-r--r--wiki/src/contribute/l10n_tricks.mdwn17
-rwxr-xr-xwiki/src/contribute/l10n_tricks/check_po.sh29
-rwxr-xr-xwiki/src/contribute/l10n_tricks/language_statistics.sh10
-rwxr-xr-xwiki/src/contribute/l10n_tricks/transifex_translators.sh21
-rw-r--r--wiki/src/contribute/low-hanging_fruit_sessions.mdwn20
-rw-r--r--wiki/src/contribute/meetings.mdwn25
-rw-r--r--wiki/src/contribute/meetings/201408.mdwn75
-rw-r--r--wiki/src/contribute/meetings/201409.mdwn57
-rw-r--r--wiki/src/contribute/meetings/201411.mdwn62
-rw-r--r--wiki/src/contribute/merge_policy/review.mdwn3
-rw-r--r--wiki/src/contribute/relationship_with_upstream.mdwn4
-rw-r--r--wiki/src/contribute/release_process.mdwn118
-rw-r--r--wiki/src/contribute/release_process/Debian_security_updates.mdwn11
-rw-r--r--wiki/src/contribute/release_process/iceweasel.mdwn479
-rw-r--r--wiki/src/contribute/release_process/test.mdwn112
-rw-r--r--wiki/src/contribute/release_process/test/automated_tests.mdwn2
-rw-r--r--wiki/src/contribute/release_process/test/erase_memory_on_shutdown.mdwn12
-rw-r--r--wiki/src/contribute/release_process/test/erase_memory_on_shutdown/qemu_pmemsave.mdwn4
-rw-r--r--wiki/src/contribute/release_process/test/setup.mdwn26
-rw-r--r--wiki/src/contribute/release_process/test/usage.mdwn2
-rw-r--r--wiki/src/contribute/release_process/tor-browser.mdwn43
-rw-r--r--wiki/src/contribute/talk.html30
-rw-r--r--wiki/src/contribute/working_together/roles/front_desk.mdwn27
-rw-r--r--wiki/src/contribute/working_together/roles/release_manager.mdwn22
52 files changed, 2884 insertions, 1257 deletions
diff --git a/wiki/src/contribute/build.mdwn b/wiki/src/contribute/build.mdwn
index 5aa2005..b3affe8 100644
--- a/wiki/src/contribute/build.mdwn
+++ b/wiki/src/contribute/build.mdwn
@@ -11,22 +11,96 @@ Tails can be built easily in a virtual machine using [Rake], [Vagrant] and
[VirtualBox]. The process requires a minimum of 1 GB of free memory and a
maximum of 10 GB of free storage.
-Installing the needed tools on Debian Wheezy is a matter of:
-
- $ sudo apt-get install virtualbox vagrant rake
-
[Rake]: http://rake.rubyforge.org/
[Vagrant]: http://vagrantup.com/
[VirtualBox]: http://www.virtualbox.org/
-Then, please run:
+## Installing the dependencies in Debian
+
+### If you run Debian Jessie
+
+1. Add Debian unstable to your APT sources:
+
+ echo "deb http://ftp.us.debian.org/debian/ unstable main" | \
+ sudo tee /etc/apt/sources.list.d/unstable.list
+
+2. Pin all packages from Debian unstable at 500 (`apt_preferences(5)`):
+
+ sudo tee /etc/apt/preferences.d/unstable <<EOF
+ Package: *
+ Pin: release o=Debian,a=unstable
+ Pin-Priority: 500
+ EOF
+
+3. Install the needed tools:
+
+ sudo apt-get install git virtualbox rake ruby-childprocess \
+ ruby-erubis ruby-i18n ruby-log4r ruby-net-scp ruby bsdtar curl
+
+### If you run Debian Wheezy
+
+1. Add Debian Jessie, unstable and wheezy-backports to your APT sources:
+
+ echo "deb http://ftp.us.debian.org/debian/ jessie main" | \
+ sudo tee /etc/apt/sources.list.d/jessie.list
+ echo "deb http://ftp.us.debian.org/debian/ unstable main" | \
+ sudo tee /etc/apt/sources.list.d/unstable.list
+ echo "deb http://ftp.us.debian.org/debian/ wheezy-backports main" | \
+ sudo tee /etc/apt/sources.list.d/wheezy-backports.list
+
+2. Pin all packages from Debian Jessie and unstable at 500 (`apt_preferences(5)`):
+
+ sudo tee /etc/apt/preferences.d/jessie <<EOF
+ Package: *
+ Pin: release o=Debian,a=jessie
+ Pin-Priority: 500
+ EOF
+ sudo tee /etc/apt/preferences.d/unstable <<EOF
+ Package: *
+ Pin: release o=Debian,a=unstable
+ Pin-Priority: 500
+ EOF
+
+3. Install the needed tools:
- $ git clone git://git.tails.boum.org/tails
- $ cd tails
- $ git checkout devel
- $ export TAILS_BUILD_OPTIONS="noproxy"
- $ rake build
- $ unset TAILS_BUILD_OPTIONS
+ sudo apt-get install git virtualbox rake ruby-childprocess/jessie \
+ ruby-net-scp/jessie ruby-erubis ruby-i18n ruby-log4r bsdtar curl \
+ gettext/wheezy-backports
+
+### In both Debian Wheezy and Jessie
+
+At the moment Tails relies on a version of Vagrant (the 1.4.x series)
+that is not packaged in Debian any more. Here's a workaround for both
+Debian Wheezy and Jessie:
+
+ sudo tee /etc/apt/preferences.d/vagrant-1.4.3 <<EOF
+ Package: vagrant
+ Pin: version 1.4.3+dfsg1-3
+ Pin-Priority: 550
+
+ Package: ruby-net-ssh
+ Pin: version 1:2.6.8-2
+ Pin-Priority: 550
+ EOF
+ echo "deb http://snapshot.debian.org/archive/debian/20141010T042049Z/ unstable main" | \
+ sudo tee /etc/apt/sources.list.d/20141010T042049Z.list
+ sudo apt-get -o Acquire::Check-Valid-Until=false update
+ sudo apt-get install vagrant ruby-net-ssh
+ sudo rm /etc/apt/sources.list.d/20141010T042049Z.list
+ sudo apt-get update
+
+## Building Tails using Vagrant
+
+Once all dependencies are installed, get the Tails sources and
+checkout the development branch:
+
+ git clone git://git.tails.boum.org/tails
+ cd tails
+ git checkout devel
+
+Build Tails using Vagrant:
+
+ rake build
The first time, this can take a little while to download the base virtual
machine from Tails mirror (around 300 MB). It will then boot the machine,
@@ -36,7 +110,7 @@ should appear in the current directory.
After you are done working on Tails, do not forget to shut the virtual
machine down:
- $ rake vm:halt
+ rake vm:halt
One may also want to [[contribute/customize]] their image before building.
@@ -49,7 +123,7 @@ If you have a local HTTP proxy, the build system will use it as long as
you properly set the `http_proxy` environment variable. The easiest way to
do so is to run:
- $ export http_proxy=http://proxy.lan:3142
+ export http_proxy=http://proxy.lan:3142
This needs to be done before any other operations.
@@ -65,16 +139,16 @@ The following options are available:
### Memory build settings
Tails builds way faster when everything is done in memory. If your computer
-runs Linux and happens to have more than 6.5 GB of free memory before you
+runs Linux and happens to have more than 7 GB of free memory before you
start the virtual machine, it will automatically switch to 'build in RAM'
mode.
To force a specific behaviour please set:
- * **ram**: start the virtual machine with 6.5GB of memory, build Tails
+ * **ram**: start the virtual machine with 7 GB of memory, build Tails
inside a `tmpfs`. Build fails if the system is not in a proper state to
do so.
- * **noram**: start the virtual machine with 1GB of memory if not already
+ * **noram**: start the virtual machine with 512 MB of memory if not already
done, build Tails using the virtual machine hard disk.
### HTTP proxy settings
@@ -201,6 +275,7 @@ The following Debian packages need to be installed:
libyaml-syck-perl` so that the wiki builds smoothly.
* `dpkg-dev`
* `intltool`
+* `gettext` 0.18.3 or newer, available in wheezy-backports
Configure live-build
--------------------
@@ -216,9 +291,12 @@ Build process
Every build command must be run as `root`, at the root of a clone of the
[[`tails` repository|git]].
-In short, a build could be done using:
+In short, a build shall be done using:
- # lb clean --all && lb config && lb build
+ lb clean --all && lb config && lb build
+
+Running `lb config` or `lb build` in an environment that wasn't full
+cleaned first is not supported.
### Customize the build process if needed
@@ -233,23 +311,13 @@ The most common customizations are documented on this wiki:
build environment;
* [[using a custom Debian mirror to build Tails
images|build/custom_mirror]];
-* [[using squid-deb-proxy to build Tails images|build/squid-deb-proxy]].
+* [[using squid-deb-proxy to build Tails images|build/squid-deb-proxy]]
+ (**Note**: most Tails contributors using the manual build method
+ use [[!debpts apt-cacher-ng]] instead, nowadays.)
More documentation about this can be found in the [Debian Live
Manual](http://live.debian.net/manual-2.x/html/live-manual.en.html).
-### Initialize the Live system's configuration
-
-Initialize the Live system's configuration with `lb config` in a
-**clean** build tree. Most `lb config` options are supported, have a
-look to the `lb_config(1)` manpage for details.
-
-### Build the system
-
-You can then use the standard live-build commands as root to build
-the image (`lb build`) and to cleanup the build directory (`lb
-clean`).
-
More information
================
diff --git a/wiki/src/contribute/build/website.mdwn b/wiki/src/contribute/build/website.mdwn
index 5b8623b..e7d5d8b 100644
--- a/wiki/src/contribute/build/website.mdwn
+++ b/wiki/src/contribute/build/website.mdwn
@@ -4,7 +4,7 @@ Here is how to build the wiki offline.
First, install the dependencies:
- apt-get install libyaml-perl libyaml-libyaml-perl po4a \
+ sudo apt-get install libyaml-perl libyaml-libyaml-perl po4a \
perlmagick libyaml-syck-perl ikiwiki
Clone our main [[Git repository|git]]:
@@ -18,3 +18,6 @@ Then run the following command, at the root of the Git folder:
You can now browse the files in
./config/chroot_local-includes/usr/share/doc/tails/website/
+
+To accelerate the build, you can disable some languages by editing the
+parameter `po_slave_languages` in ikiwiki.setup.
diff --git a/wiki/src/contribute/calendar.mdwn b/wiki/src/contribute/calendar.mdwn
index 340afd9..95efa93 100644
--- a/wiki/src/contribute/calendar.mdwn
+++ b/wiki/src/contribute/calendar.mdwn
@@ -1,34 +1,35 @@
[[!meta title="Calendar"]]
-* 2014-07-01: Feature freeze for 1.1. Tag, build and upload 1.1~rc1
- ISO.
+* 2014-12-02:
+ - TBB 4.x TBB 4.x based on Firefox 31.3.0esr is *hopefully* out
+ (notice the [one week delay](https://groups.google.com/forum/#!topic/mozilla.dev.platform/1McXdXSurZQ)
+ for this Firefox release)
+ - Tag 1.2.1 in Git
+ - Build and upload 1.2.1 ISO and IUKs
-* 2014-07-02: Test Tails 1.1~rc1.
+* 2014-12-03:
+ - Test (early CEST) and release (late CEST) Tails 1.2.1
+ - [[Monthly meeting|contribute/meetings]]
-* 2014-07-03: Officially release Tails 1.1~rc1.
+* 2014-12-12: [[Low-hanging fruits session|contribute/low-hanging_fruit_sessions]]
-* 2014-07-05--2014-07-06 - Tails hackfest at
- [IRILL](http://www.irill.org/) (Paris, France)
+* 2015-01-03: [[Monthly meeting|contribute/meetings]]
-* 2014-07-08--2014-07-11 - Tails contributors meeting
+* 2015-01-12: [[Low-hanging fruits session|contribute/low-hanging_fruit_sessions]]
-* 2014-07-20: Package and upload Firefox 24.7.0 ESR. Tag, build and
- upload 1.1 ISO.
+* 2015-01-14: Release 1.2.2. anonym is RM.
-* 2014-07-21: Test Tails 1.1.
+* 2015-02-03: [[Monthly meeting|contribute/meetings]]
-* 2014-07-22: Officially release Tails 1.1.
+* 2015-03-12: [[Low-hanging fruits session|contribute/low-hanging_fruit_sessions]]
-* 2014-09-02: Release Tails 1.1.1. intrigeri does the first ~half of
- the RM duty, anonym takes over around 2014-08-20.
+* 2015-02-17: Release 1.3. Still undecided who will be RM, but anonym
+ probably can do it.
-* 2014-10-14: Release Tails 1.2. anonym is RM.
+* 2015-03-03: [[Monthly meeting|contribute/meetings]]
-* 2014-11-25: Release 1.2.1. anonym is RM.
+* 2015-03-12: [[Low-hanging fruits session|contribute/low-hanging_fruit_sessions]]
-* 2015-01-06: Release 1.2.2. anonym is RM. If Mozilla decides to send
- their employees on vacation, delaying the Firefox ESR release for a
- week or two, anonym can still be RM.
+* 2015-03-31: Release 1.3.1.
-* 2015-02-17: Release 1.3. Still undecided who will be RM, but anonym
- probably can do it.
+* 2015-05-15: Release 1.4.
diff --git a/wiki/src/contribute/design.mdwn b/wiki/src/contribute/design.mdwn
index f90681c..9396496 100644
--- a/wiki/src/contribute/design.mdwn
+++ b/wiki/src/contribute/design.mdwn
@@ -247,14 +247,11 @@ portable and able to run in as many environments as possible.
### 2.4.1 Platform
-XXX: update
-
The binaries MUST all be executable on the most common computer
-hardware architecture(s). As of 2011, the x86 computer architecture
+hardware architecture(s). As of 2014, the x86 computer architecture
seems to be the obvious choice as the vast majority of personal
-computers in use is compatible with it. Supporting the PowerPC
-architecture is a welcome bonus in order to support pre-Intel Apple
-computers. Supporting widespread hardware architectures used in mobile
+computers in use is compatible with it. The PELD SHOULD support UEFI.
+Supporting widespread hardware architectures used in mobile
computers, such as phones, is also welcome.
### 2.4.2 Media
@@ -682,7 +679,7 @@ fitness for a particular purpose, including total anonymity. Anonymity
depends not only on the software but also on the user understanding
the risks involved and how to manage those risks.
-Other Tails design documents:
+## 3.0 Other Tails design documents
[[!map pages="contribute/design/*"]]
@@ -745,9 +742,9 @@ See [[doc/about/features]].
## 3.3 Internationalization
Tails ships, as is, localization files provided by the installed
-Debian packages. All available iceweasel localization packages
+Debian packages. All available Tor Browser localization packages
are installed. Spell checking software and data is installed for the
-set of best supported languages; it is usable at least is Iceweasel,
+set of best supported languages; it is usable at least is Tor Browser,
LibreOffice and gedit.
### 3.3.1 Input methods
@@ -945,77 +942,52 @@ granting `sudo` privileges to the `amnesia` user by default.
Unless an administrator password is set in tails-greeter,
no root access is possible afterwards.
-### 3.6.13 Iceweasel
-
-(Note: Iceweasel is the name of the web browser, based on Mozilla
-Firefox, that is shipped by Debian and thus by Tails.)
-
-Tails ships custom Iceweasel ESR packages built with the Torbrowser
-patches to better blend in the Tor Browser Bundle's anonymity set.
-Some patches, that are not relevant for Tails, are not
-applied, though: see the Tails browser's
-[changelog](https://git-tails.immerda.ch/iceweasel/plain/debian/changelog?h=tails/master)
-for the current status.
-
-Iceweasel uses the Torbutton extension in order to prevent attacks
-using JavaScript, plugins and other non-HTTP features like web
-bugs. It is configured to always be enabled on Iceweasel start and
-uses Tor as SOCKS5 proxy. SOCKS is configured to perform name
-resolution through this proxy. Iceweasel is also configured to not
-cache to disk (mainly to reduce memory usage for DVD users as disk
-writes will be stored there), history is disabled (just in case) and
-many other things. It is also set up not to automatically check for
-updates of its installed extensions. Java support is disabled.
-
-Iceweasel is shipped with some extensions to help users manage their
-browsing experience. The Torbutton settings treat all cookies as
-session cookies by default. This prevents the
-known leak of browsing information cookies can lead to. The [Adblock
-plus](https://addons.mozilla.org/fr/firefox/addon/1865/) extension
-protects against many tracking possibilities by removing most ads.
-
-Tails ships the [HTTPS
-Everywhere](https://www.eff.org/https-everywhere) extension that
-forces HTTPS usage for requests to a number of major websites.
-
-Tails also ships the
-[FoxyProxy](https://addons.mozilla.org/fr/firefox/addon/2464/)
-extension that:
-
-- allows using I2P instead of Tor to visit eepsites (I2P's own hidden
- services look-alike); see [[the design document dedicated to Tails
- use of I2P|I2P]] for details;
-- could help [[!tails_todo FTP_in_Iceweasel desc="fixing Iceweasel's FTP support"]].
-
-Thanks to Torbutton, to the Tor Browser patches, and to us importing
-(most of) the TBB preferences, Iceweasel is configured so that Tor browser
-fingerprint appears uniformly among Torbutton users. Tails enables
-Torbutton's EN-US locale spoofing to avoid partitioning Tails
-users into per-language anonymity sets.
-
-Torbutton is also configured to spoof the timezone settings the same
-way as the Tor Browser Bundle does, i.e. to `UTC+00:00`.
-
-Thanks to the Tor Browser patches, the in-memory web cache is isolated
-to the url bar origin.
-
-The Iceweasel config is poorly commented but the commit messages in
-Git history explains it all. In a nutshell, Iceweasel preferences are
-set in various ways:
-
-* A Tor Browser patch called
- `0022-Tor-Browser-s-Firefox-preference-overrides.patch` bundles
- their prefs directly into `omni.ja`.
-* `/etc/iceweasel/*/*.js` contains:
- - Torbutton preferences that the TBB also sets;
- - some Tails-specific settings.
-
-Whenever the user tries to start Iceweasel before Tor is ready, they
-are informed it won't work, and asked whether to start the browser
-anyway:
-
-- [[!tails_gitweb config/chroot_local-includes/usr/local/bin/iceweasel]]
-- [[!tails_gitweb config/chroot_local-includes/usr/local/sbin/tor-has-bootstrapped]]
+### 3.6.13 Tor Browser
+
+Tails ships with the Tor Browser, which is based on Mozilla Firefox
+and patched by the Tor Project for improved anonymity by reducing
+information leaks, decreasing attack surface and similar. The actual
+binaries etc. used in Tails are those distributed by the Tor Project,
+but the configuration differs slightly, which is described below.
+
+In Tails we diverge from the TBB's one-profile-only design, and
+install the Tor Browser in a globally accessible directory used by all
+browser profiles (and other XUL applications).
+
+- [[!tails_gitweb config/chroot_local-hooks/10-tbb]]
+
+The default profile is split from the binaries and application data:
+
+- [[!tails_gitweb_dir config/chroot_local-includes/etc/tor-browser]]
+
+As for extensions we have the following differences:
+
+* Tails also installs the
+ [Adblock plus](https://addons.mozilla.org/fr/firefox/addon/1865/)
+ extension to protect against many tracking possibilities by removing
+ most ads.
+
+* Tails does not install the same Torbutton as in the TBB. We
+ installed a patched version.
+
+* Tails does not install the Tor Launcher extension as part of the
+ browser. A patched Tor Launcher is installed for use as a
+ stand-alone XUL application, though.
+
+In Tails we do not use the `start-tor-browser` script, since it does a
+lot of stuff not needed in Tails (error checking mainly) and isn't
+flexible since it looks for the browser profile in a specific
+place. Our custom script makes use of the global installation and also
+makes sure the default profile is used as a basis. Any shared libraries
+shipped inside the TBB are also used (via `LD_LIBRARY_PATH`) since
+Debian stable often has too old versions to start the browser.
+
+Whenever the user tries to start the Tor Browser before Tor is
+ready, they are informed it won't work, and asked whether to start the
+browser anyway:
+
+- [[!tails_gitweb config/chroot_local-includes/usr/local/bin/tor-browser]]
+- [[!tails_gitweb config/chroot_local-includes/usr/local/bin/generate-tor-browser-profile]]- [[!tails_gitweb config/chroot_local-includes/usr/local/sbin/tor-has-bootstrapped]]
- [[!tails_gitweb config/chroot_local-includes/etc/sudoers.d/zzz_tor-has-bootstrapped]]
Once Tor is ready to be used, the user is informed they can now use
@@ -1023,17 +995,21 @@ the Internet:
- [[!tails_gitweb config/chroot_local-includes/etc/NetworkManager/dispatcher.d/60-tor-ready-notification.sh]]
-Source code, scripts and configuration:
+The remaining configuration differences can be found in:
-- [[!tails_gitweb_dir config/chroot_local-includes/etc/iceweasel]]
-- Tails' Iceweasel source [[lives in Git|contribute/git]]
-- [[!tails_gitweb config/chroot_local-hooks/12-remove_unwanted_iceweasel_searchplugins]]
-- [[!tails_gitweb config/chroot_local-hooks/13-iceweasel_sqlite]]
+- [[!tails_gitweb_dir config/chroot_local-includes/etc/tor-browser/preferences/0000tails.js]]
+- [[!tails_gitweb config/chroot_local-hooks/12-install_browser_searchplugins]]
+- [[!tails_gitweb config/chroot_local-hooks/12-remove_unwanted_browser_searchplugins]]
- [[!tails_gitweb config/chroot_local-hooks/13-override-tbb-branding]]
-- [[!tails_gitweb config/chroot_local-hooks/14-add_localized_iceweasel_searchplugins]]
-- [[!tails_gitweb config/chroot_local-hooks/14-generate-iceweasel-profile]]
+- [[!tails_gitweb config/chroot_local-hooks/14-add_localized_browser_searchplugins]]
+- [[!tails_gitweb config/chroot_local-hooks/14-generate-tor-browser-profile]]
- [[!tails_gitweb config/chroot_local-hooks/15-symlink-places.sqlite]]
+It should also be noted that the global TBB installation is also used
+for the [[Unsafe Browser]] and [[I2P Browser]], although they are
+user-isolated and use separate profiles with very different
+configurations.
+
### 3.6.14 Claws Mail
Claws Mail generates `Message-ID` headers using the hostname part of
@@ -1154,6 +1130,77 @@ encrypt and decrypt text, and to verify OpenPGP signatures.
- [[!tails_gitweb config/chroot_local-includes/usr/local/bin/gpgApplet]]
+### 3.6.23 DHCP hostname leaks
+
+Tails prevents dhclient from sending the hostname over the network.
+
+First, only the `keyfile` NetworkManager plugin is used; that is, the
+`ifupdown` plugin is disabled:
+
+* this is needed, because the only the `keyfile` plugin supports
+ setting `dhcp-send-hostname` to false, while the `ifupdown` plugin
+ retrieves the hostname to send from `/etc/hostname`;
+* this is OK, because we actually don't use the functionality provided
+ by the `ifupdown` plugin (that is, reading from
+ `/etc/network/interfaces` -- that only configures the loopback
+ connection in Tails, which is itself ignored by NetworkManager
+ anyway).
+
+Second, the NetworkManager `keyfile` plugin is configured to *not*
+send the hostname over DHCP by default. Likely this can be overridden
+on a per-connection basis if one really needs to change this.
+
+Third, dhclient itself is told not to send the hostname. This is
+needed because on Wheezy, NetworkManager runs dhclient with the `-cf
+/var/run/nm-dhclient-eth0.conf` option, and generates that file by
+concatenating `/etc/dhcp/dhclient.conf` with its own settings.
+
+Fourth, dhclient is told to override any hostname provided by the DHCP
+server with `amnesia`. This is meant to prevent dhclient hooks,
+NetworkManager and others from setting the hostname to a value
+controlled by the DHCP server.
+
+* [[!tails_gitweb config/chroot_local-patches/dhcp-dont-send-hostname.diff]]
+
+### 3.6.24 TCP timestamps
+
+[[!rfc 1323 desc="TCP time stamps"]] allow for tracking clock
+information with millisecond resolution. This may or may not allow an
+attacker to learn information about the system clock at such
+a resolution, depending on various issues such as network lag.
+This information is available to anyone who monitors the network
+somewhere between the attacked Tails system and the Tor entry nodes
+being used. It may allow an attacker to find out how long a given
+Tails system has been running, and to distinguish several Tails
+systems running behind NAT and using the same IP address. It might
+also allow to look for clocks that match an expected value to find the
+public IP used by a user.
+
+Hence, Tails disables this feature.
+
+- [[!tails_gitweb config/chroot_local-includes/etc/sysctl.d/tcp_timestamps.conf]]
+
+Note that TCP time stamps normally have some usefulness. They are
+needed for:
+
+* the TCP protection against wrapped sequence numbers; however, to
+ trigger a wrap, one needs to send roughly 2^32 packets in one
+ minute: as said in [[!rfc 1700]], "The current recommended default
+ time to live (TTL) for the Internet Protocol (IP) [45,105] is 64".
+ So, we don't think this is a practical problem in the context
+ of Tails.
+
+* "Round-Trip Time Measurement", which is only useful when the user
+ manages to saturate their connection. When using Tails, we believe
+ that the limiting factor for transmission speed is rarely the
+ capacity of the user connection.
+
+### 3.6.25 Application isolation
+
+Tails has some minimal [[contribute/design/application_isolation]] to
+mitigate a bit the consequences of security issues in individual
+applications being exploited by attackers.
+
## 3.7 Running Tails in virtual machines
### 3.7.1 Current support
@@ -1199,20 +1246,22 @@ the [[contribute/build]] page and the [[contribute]] section on the wiki.
### 3.8.2 Testing process
-An automated build and test environment would be useful to avoid
+An automated build and test environment is useful to avoid
regressions in Tails, especially anonymity and security related
-ones. It would also make it easier to work on Tails for developers
-who do not own modern powerful hardware.
+ones. It also makes it easier for developers to work on Tails with
+more confidence, and at release time to cut down the time needed for
+quality assurance work.
-Research and practical work to set up such an environment [[!tails_todo
-automated_builds_and_tests desc="has slowly started"]]. In the meantime, a [[manual
-test suite|contribute/release_process/test]] is "run" against Tails
-release candidates images before they are officially published.
+Tails' [[manual test suite|contribute/release_process/test]] is "run"
+against Tails release candidates images before they are officially
+published. Automating this test suite is [[partly
+done|contribute/release_process/test/automated_tests]], and a work
+in progress.
### 3.8.3 Upgrades
Keeping Tor (stable releases only, unless the Tor core developers
-recommend otherwise) and Iceweasel up-to-date is a priority.
+recommend otherwise) and the Tor Browser up-to-date is a priority.
Remaining applications, including the base system, will be upgraded
using Debian standard upgrade process, and generally based on the
@@ -1249,7 +1298,8 @@ UDP and IPv6 are a problem. The Tor network does not support any of
those yet. Outgoing UDP and IPv6 packets are dropped altogether by
netfilter for this reason.
-Support of arbitrary DNS queries is only provided by ttdnsd listening
+Support of [[!tails_ticket 6070 desc="arbitrary DNS queries"]] is only
+provided by ttdnsd listening
on 127.0.0.2. ttdnsd has proved too be far too buggy to be inserted in
the default DNS resolution chain.
@@ -1267,11 +1317,11 @@ where Tails is heading to.
Tails tries to make it as difficult as possible to distinguish Tails
users from other Tor users.
-Iceweasel is configured to match the fingerprint of the Tor Browser
+The Tor Browser used in Tails is configured to match the fingerprint of the Tor Browser
Bundle and the known differences, if any, are listed in the [[known
issues|support/known_issues]] page.
-However the fact that different extensions are installed in Tails and in
+However the fact that different browser extensions are installed in Tails and in
the TBB surely allows more sophisticated attacks that usual fingerprint
as returned by tools such as <https://panopticlick.eff.org/> and
<http://ip-check.info/>. For example, the fact that Adblock is removing
diff --git a/wiki/src/contribute/design/I2P.mdwn b/wiki/src/contribute/design/I2P.mdwn
index 789d584..ac989ea 100644
--- a/wiki/src/contribute/design/I2P.mdwn
+++ b/wiki/src/contribute/design/I2P.mdwn
@@ -11,10 +11,17 @@ be able to access eepsites from Tails.
Versions
========
-[I2P](https:/geti2p.net) has been included since Tails v0.7 with Iceweasel
+[I2P](https:/geti2p.net) has been included since Tails 0.7 with Iceweasel
preconfigured using FoxyProxy so that eepsites (`.i2p` TLD) are directed to
I2P. All other traffic gets routed through Tor.
+Starting with Tails 1.1.1, I2P is not enabled by default when Tails starts.
+In order to use I2P, a user must add the <span class="command">i2p</span> boot option
+to the <span class="application">boot menu</span>.
+
+Starting with Tails 1.2, I2P sites are accessed with the [[I2P Browser]].
+FoxyProxy is no longer installed in the Tor Browser..
+
<a id="design"></a>
Design
@@ -35,9 +42,9 @@ started automatically. Some reasons behind this decision include:
3. some level of system compromise through 0-day exploits in the I2P
client
-Users that want to use I2P must start it manually from the `Applications` menu.
-In the future one may be able to start I2P during boot (see the [[!tails_todo
-boot_menu]] TODO page).
+Users that want to use I2P must enable it by addinng the <span class="command">i2p</span> boot option
+to the <span class="application">boot menu</span>. Once enabled, I2P will be started automatically by a NetworkManager hook
+(see [[!tails_gitweb config/chroot_local-includes/etc/NetworkManager/dispatcher.d/30-i2p.sh]]).
Implementation
==============
@@ -50,16 +57,16 @@ some years ago. This package includes an initscript which is configured by
default to start the I2P client as the `i2psvc` user.
The above package is installed but its init script is not automatically run
-during boot. Instead, an I2P shortcut has been added to the applications
-menu which the user can use to start the I2P init script manually. A
-side-effect of installing the actual I2P program into /usr is that
-automatic updates are disabled by the program since the installation
-directory is not writable by the `i2psvc` user.
+during boot. Instead, a NetworkManager hook will start I2P if the user
+specified "i2p" at the boot menu. A side-effect of installing the actual I2P
+program into /usr is that automatic updates are disabled by the program since
+the installation directory is not writable by the `i2psvc` user.
For better performance an exception has been made in the [[firewall
configuration|Tor_enforcement/Network_filter]] that grants direct access to the
network for the I2P user running the client so it can reach the I2P
-network directly, both through TCP and UDP.
+network directly, both through TCP and UDP. I2P is explicitly blocked from
+communicating with the LAN.
The I2P router is configured to run in hidden mode: killing I2P
ungracefully is bad for the I2P network, and this is most likely
@@ -73,70 +80,41 @@ this is a good reason to enable hidden mode, that is to disable
participating in I2P traffic:
[[!tails_gitweb config/chroot_local-hooks/16-i2p_config]].
-[[!tails_todo iceweasel_addon_-_FoxyProxy desc="FoxyProxy"]] has been installed
-system-wide, and the default iceweasel profile provides with a
-configuration handling the I2P integration. FoxyProxy's whitelist
-filter is used to make sure that the corresponding urls will be
-proxied appropriately.
-
-Below are the patterns that each url handeled by iceweasel will be
-matched against. These patterns will be tried in order, from top to
-bottom, until the first match is found:
-
-1. The I2P router console: urls matching the `http://127.0.0.1:7657/*` wildcard
- pattern will get a direct connection to the local host so the I2P
- router console can be reached.
+Starting with Tails 1.2, I2P *eepsites* are accessed via the [[I2P Browser]], a
+modification of the [[Unsafe Browser]]'s setup scripts. See [[its page|I2P Browser]]
+for more information.
-2. The local *eepsite*: urls matching the `http://127.0.0.1:7658/*` wildcard
- pattern will get a direct connection to the local host so the locally
- hosted eepsite can be reached.
-3. I2P eepsites: urls matching the
- `^https?://[-a-zA-Z0-9.]+\.i2p(:[0-9]{1,5})?(/.*)?$` regexp will be
- proxied through the local eepsite HTTP proxy run by the I2P client.
- Implementation note: FoxyProxy encloses the regexps between `^` and
- `$` itself since `isMultiLine="false"`, that's why the regexp in
- `foxyproxy.xml` lacks these chars.
+Disabling / Enabling I2P
+========================
-4. Tor HTTP(s): urls matching one of the `https://*` and `http://*`
- wildcard patterns will be proxied through polipo (and then its
- parent proxy, Tor).
+During the build process, [[!tails_gitweb config/chroot_local-hooks/97-remove_i2p]]
+moves I2P from its normal location at `/usr/share/i2p` to `/usr/share/tails/i2p-disabled`.
+The script [[!tails_gitweb config/chroot_local-includes/lib/live/config/2080-install-i2p]]
+checks for the string `i2p` in the kernel command line. If it is found, everything moved by
+[[!tails_gitweb config/chroot-local_hooks/97-remove_i2p]] is undone, making I2P available in the system.
-5. The rest: all remaining urls will be SOCKS5-proxied through Tor.
-
-Also, do note that Tails' [[netfilter-based
-blocking|Tor_enforcement/Network_filter]] ensures that no Internet
-traffic can be escape both Tor or I2P (and thus be non-anonymous) even
-if something is wrong in the above filters (or a future revision).
Ports allowed through the firewall
==================================
Services on I2P are accessed through tunnels built by I2P. Services that a user
hosts, such as an *eepsite* or *IRC Server* are accessed remotely via **Server Tunnels**.
-End users will access services using *client tunnels*. I2P is shipped with a
+End users will access services using **client tunnels**. I2P is shipped with a
few tunnels preconfigured and the ports that they use have exceptions added to
-ferm. These ports include:
-
-* 2727, BOB: [BOB](https://geti2p.net/bob) is an application bridge allowing
- non-Java clients to interact with I2P.
-* 4444, I2P HTTP Proxy: Used to access sites with the `.i2p` TLD
-* 4445, HTTPS Outproxy tunnel: Disabled in by default in Tails in
- [I2PTunnel](http://127.0.0.1:7657/i2ptunnel) since all HTTPS traffic in Tails
- gets routed through Tor.
+ferm. The ports accessible to the `amnesia` user include:
+
* 6668, Tunnel to Irc2P: Used to connect to the main I2P-only IRC network
* 7656, [SAM](https://geti2p.net/sam): SAM is an application bridge allowing
non-Java clients to use I2P. More information:
[SAMv1](https://geti2p.net/samv1), [SAMv2](https://geti2p.net/samv2),
-* 7657, I2P router console: The router console is accessible in the web browser at <http://127.0.0.1:7657>
-* 7658, local 'eepsite': Each I2P installation is configured out of the box
- with the possibility to host one's own website (or *eepsite*) on the I2P
- network. The eepsite will not be acessible remotely unless its
- [tunnel](http://127.0.0.1:7657/i2ptunnel#localServerTunnelList) is started.
* 7659, SMTP Proxy: Tunnel to `smtp.postman.i2p`. More information is available from within I2P at [Postman's HQ](http://hq.postman.i2p/?page_id=10)
* 7660, POP3 Proxy: Tunnel to `pop3.postman.i2p`. More information is available from within I2P at [Postman's HQ](http://hq.postman.i2p/?page_id=11)
* 8998, MTN Proxy: Tunnel to `mtn.i2p2.i2p`, a [Monotone](http://monotone.ca) server.
+Note: These ports will only be opened if the user explicitly requests I2P at the boot prompt.
+See [[!tails_gitweb config/chroot_local-includes/etc/ferm/ferm.conf]] for details.
+
Features that require an administration password
================================================
@@ -150,6 +128,18 @@ will not be an issue unless one wants to
In order to utilize these features users need to set an
[[doc/first_steps/startup_options/administration_password]].
+Changes from upstream
+=====================
+
+* i2cp, allowing java clients to communicate with I2P from outside of the JVM, is disabled
+* IPv6 is disabled
+* Outproxies are disabled
+* HiddenMode is set for all users
+* Updating I2P from within the I2P network is disabled; updates are done using the .debs
+* Inbound connections are disabled
+* I2P plugins are disabled
+* The webapp `susimail` will leave mail on the server
+
Package source and upgrading I2P
================================
@@ -157,9 +147,15 @@ Tails uses the I2P (and deps)
[Debian packages prepared by KillYourTV](http://deb.i2p2.no/), the official I2P
Linux package maintainer as listed on the [I2P Team page](https://geti2p.net/team).
The I2P source package and its binaries are imported into to our own
-[[APT repository|APT_repository]] into the devel or stable suite. The suite
+[[APT repository|APT_repository]] into the devel or stable suite. The suite
will depend on whether a major- or point-release is being prepared.
+## Prepare a Git topic branch
+
+Create a Git branch, forked off the branch into which the new packages
+shall eventually be imported into, and called e.g.
+`feature/i2p-0.n.m`. Push this branch.
+
## Check the binary packages
### Content
@@ -175,27 +171,26 @@ will depend on whether a major- or point-release is being prepared.
### Maintainer scripts
-Have a look at `*.{pre,post}{inst,rm}`.
+Have a look at `*.{pre,post}{inst,rm}` and `*.configure` maintainer
+scripts in each binary package.
## Import the packages
1. scp the source and binary packages to incoming.deb.tails.boum.org
1. move the uploaded files somewhere, and set permissions on it, so
that the `reprepro` user can read it
-1. use `reprepro includesrc` to import the source package(s)
-1. use `reprepro includedeb` to import the binary package(s)
+1. use `reprepro includedsc` to import the source package(s) into the
+ APT suite dedicated to the Git topic branch create above (e.g.
+ `feature-i2p-0.n.m`)
+1. use `reprepro includedeb` to import the binary package(s) into the
+ same dedicated APT suite
+1. build an ISO from the Git branch created above
+1. test this ISO
+1. merge the Git branch and APT suite as appropriate
Things to meditate upon
=======================
-* Pattern 4 will catch ftp://.* and redirect them to Tor through
- SOCKS5. This effectively breaks FTP completely, so there's room for
- adding a pattern above number 4 which matches ftp connections
- (i.e. `^ftp://.*`) and proxies them through some ftp proxy using Tor
- as its parent proxy. See [[!tails_todo FTP_in_Iceweasel]]. As an addition,
- at the moment (versions <=0.8) ftp does not work in I2P for
- technical reasons, so no pattern for that is needed.
-
* Do we want to enable the "Hidden mode" which completely disables
participating traffic?
@@ -216,7 +211,3 @@ Things to meditate upon
- there's no "cover-traffic", which may decrease the anonymity
somewhat.
-
-* Are the patterns used above correct for their intended purposes?
- Does the FoxyProxy setup in any way open up for attacks? See
- [[!tails_todo iceweasel_addon_-_FoxyProxy]].
diff --git a/wiki/src/contribute/design/I2P_Browser.mdwn b/wiki/src/contribute/design/I2P_Browser.mdwn
new file mode 100644
index 0000000..37e44ee
--- /dev/null
+++ b/wiki/src/contribute/design/I2P_Browser.mdwn
@@ -0,0 +1,56 @@
+
+Allowed Access
+==============
+
+The HTTP Proxy is set to 127.0.0.1 on port 4444 with an exception made for
+http://127.0.0.1 which does not go through the proxy. With this set-up, only eepsites (`.i2p`
+TLD), offline Tails documentation, and the router console are acessible from I2P Browser.
+
+Also, do note that Tails' [[netfilter-based
+blocking|Tor_enforcement/Network_filter]] ensures that no Internet
+traffic can escape I2P (and thus be non-anonymous), even if something is
+wrong in the above filters (or a future revision).
+
+Ports allowed through the firewall
+==================================
+
+I2P is shipped with several preconfigured tunnels, and the ports used have had
+exceptions added to ferm. The ports accessible by the i2pbrowser user include:
+
+* 4444, I2P HTTP Proxy: Used to access sites with the `.i2p` TLD
+* 7657, I2P router console: The router console is accessible in the web browser at <http://127.0.0.1:7657>
+* 7658, local 'eepsite': Each I2P installation is configured out of the box
+ with the possibility to host one's own website (or *eepsite*) on the I2P
+ network. The eepsite will not be acessible remotely unless its
+ [tunnel](http://127.0.0.1:7657/i2ptunnel#localServerTunnelList) is started.
+
+Note: These ports will only be opened if the user explicitly requests I2P at the boot prompt.
+See [[!tails_gitweb config/chroot_local-includes/etc/ferm/ferm.conf]] for details.
+
+Security
+========
+
+The I2P Browser is run by a separate `i2pbrowser` user, which is only allowed
+to make TCP connections to the ports explicitly mentioned above. DNS lookups
+are prohibited.
+
+The I2P Browser is run inside a chroot consisting of a throw away
+aufs union between a read-only version of the pre-boot Tails
+filesystem, and a tmpfs as the rw branch. Hence, the post-boot
+filesystem (which contains all user data) isn't available to the
+I2P Browser within the chroot. The chroot and aufs union is created
+upon I2P Browser start, and is torn down after it exits, forcefully
+killing any remaining processes run from inside it.
+
+It should be noted that chroots are pretty weak jails, so an exploit
+could easily escape it and have access to the complete filesystem (as
+restricted for the `i2pbrowser` user). Hence, the reason for using a
+chroot is not for that purpose, but for separating its configuration from the rest of the Tails system.
+
+Code
+----
+
+* [[!tails_gitweb config/chroot_local-includes/usr/local/sbin/i2p-browser]]
+* [[!tails_gitweb config/chroot_local-includes/usr/share/applications/i2p.desktop.in]]
+* [[!tails_gitweb chroot_local-includes/lib/live/config/2080-install-i2p]
+* [[!tails_gitweb config/chroot_local-includes/usr/local/bin/tails-activate-win8-theme]]
diff --git a/wiki/src/contribute/design/MAC_address.mdwn b/wiki/src/contribute/design/MAC_address.mdwn
index 938e06f..43733e6 100644
--- a/wiki/src/contribute/design/MAC_address.mdwn
+++ b/wiki/src/contribute/design/MAC_address.mdwn
@@ -376,15 +376,15 @@ Scripts:
### Potential for blocking the desktop
-The call of `udev settle` may block for up to 120 seconds (the default
+The call of `udevadm settle` may block for up to 120 seconds (the default
timeout) during Tails Greeter's PostLogin in case of some broken
hardware and/or crappy udev rules. In other words, the Tails desktop
may be blocked for this long, without any notification.
If this turns out to be a problem (currently it's only guesswork) we
-could make two `udev settle`:s, one with a short timeout (10 seconds)
+could make two `udevadm settle`:s, one with a short timeout (10 seconds)
and if it fails we show a notification and optimistically start
-another `udev settle` *in* *a* *sub-shell* so it doesn't block the
+another `udevadm settle` *in* *a* *sub-shell* so it doesn't block the
Tails desktop from starting any more.
For more, see this sub-thread on tails-dev:
@@ -412,7 +412,13 @@ leaks issue, in addition to other reasons for being discarded:
* NetworkManager hook: NM doesn't trigger events equivalent to
if-pre-up, so this isn't possible. See the commented parts in:
- /etc/NetworkManager/dispatcher.d/01ifupdown
+ `/etc/NetworkManager/dispatcher.d/01ifupdown`. Note that
+ NetworkManager 0.9.10 introduces pre-up hooks, *but* they're used to
+ "allow scripts to execute before NetworkManager announces
+ connectivity to applications" (according to a [blog
+ post](http://blogs.gnome.org/dcbw/2014/06/20/well-build-a-dream-house-of-net/)
+ by Dan William), that is, after network activity (e.g.
+ DHCP requests) has already occurred.
* systemd integration: We don't use this yet.
diff --git a/wiki/src/contribute/design/Tor_enforcement/Network_filter.mdwn b/wiki/src/contribute/design/Tor_enforcement/Network_filter.mdwn
index a7aeaff..33c4226 100644
--- a/wiki/src/contribute/design/Tor_enforcement/Network_filter.mdwn
+++ b/wiki/src/contribute/design/Tor_enforcement/Network_filter.mdwn
@@ -2,7 +2,7 @@ One serious security issue is that we don't know what software will
attempt to contact the network and whether their proxy settings are
set up to use the Tor SOCKS proxy or polipo HTTP(s) proxy correctly.
This is solved by blocking all outbound Internet traffic except Tor
-and I2P, and explicitly configure all applications to use either of
+(and I2P when enabled), and explicitly configure all applications to use either of
these.
- [[!tails_gitweb config/chroot_local-includes/etc/ferm/ferm.conf]]
@@ -20,16 +20,17 @@ connections originating from the `debian-tor` Unix user.
#### I2P
-[I2P](http://www.i2pproject.net/) (*Invisible Internet Project*) is
+[I2P](https://geti2p.net/) (*Invisible Internet Project*) is
yet another anonymizing network
(load-balanced unspoofable packet switching network) that provides
access to eepsites (.i2p tld); eepsites are a bit like Tor hidden
services. Some users would like to be able to access eepsites from
Tails.
-Like the `debian-tor` user, the `i2p` user is allowed to connect
-*directly* to the Internet. See [[the design document dedicated to
-Tails use of I2P|I2P]] for details.
+Like the `debian-tor` user, the `i2psvc` user is allowed to connect
+*directly* to the Internet. Any rules granting the `i2psvc`user access are only
+applied if the user explicitly enables I2P at the boot prompt. See
+[[the design document dedicated to Tails use of I2P|I2P]] for details.
#### Unsafe Browser and the `clearnet` user
@@ -37,6 +38,13 @@ The `clearnet` user used to run the
[[contribute/design/Unsafe_Browser]] is granted full network access
(but no loopback access) in order to deal with captive portals.
+#### I2P Browser and the `i2pbrowser` user
+
+The [[contribute/design/I2P_Browser]] is run by the `i2pbrowser` user. This
+account is granted access to ports 4444, 7657, and 7658 on the loopback device *if*
+I2P is enabled at the boot prompt. Sites outside of I2P cannot be reached by
+the `i2pbrowser` user.
+
#### Local Area Network (LAN)
Tails short description talks of sending through Tor *outgoing
diff --git a/wiki/src/contribute/design/Unsafe_Browser.mdwn b/wiki/src/contribute/design/Unsafe_Browser.mdwn
index b79ec39..6eae7d6 100644
--- a/wiki/src/contribute/design/Unsafe_Browser.mdwn
+++ b/wiki/src/contribute/design/Unsafe_Browser.mdwn
@@ -14,8 +14,8 @@ Internet access seem required for avoiding this problem.
Requirements
============
-* It must run a completely separate Iceweasel profile from the
- Torified browser's.
+* It must run a completely separate browser profile from the
+ Torified browser.
* It must be hard to start by mistake.
* It must be hard to mistake for the Torified browser.
* It must be configured to use the DNS provided by DHCP (which is required
@@ -42,8 +42,8 @@ when started:
0. Show a dialog asking the user for verification, while also briefly
explaining that the Unsafe Browser won't be anonymous.
0. "No" is the default answer, but if "Yes", we start a separate
- Iceweasel instance.
-0. Iceweasel is configured to use a theme with scary colors (red). To
+ browser instance.
+0. The browser is configured to use a theme with scary colors (red). To
not raise suspicion the scary theme is not used when Windows
camouflage is activated, but instead the normal Internet Explorer
theme is used.
diff --git a/wiki/src/contribute/design/application_isolation.mdwn b/wiki/src/contribute/design/application_isolation.mdwn
new file mode 100644
index 0000000..1c9b5b7
--- /dev/null
+++ b/wiki/src/contribute/design/application_isolation.mdwn
@@ -0,0 +1,266 @@
+[[!meta title="Application isolation"]]
+
+[[!toc levels=3]]
+
+Goals
+=====
+
+For now, we are only aiming at filesystem resources isolation: that
+is, making sure that e.g. Pidgin cannot read the GnuPG keyring.
+
+Other types of resources, such as signals, X, ptrace, sockets, D-Bus
+etc. are [[not part of the isolation goals
+yet|application_isolation#more-resources]].
+
+Tools and basic configuration
+=============================
+
+For now, we have decided to use AppArmor to isolate applications,
+mostly because:
+
+* it is simple: AppArmor policy is relatively easy to understand,
+ improve, and audit;
+* it is the best supported [[!wikipedia mandatory access control]]
+ framework in Debian; it wasn't too hard to reach this point, and
+ there is quite some room for improvement via collaboration with
+ other distributions, most notably Ubuntu.
+
+The [[!debpts apparmor]] package is installed, and AppArmor is
+[[!tails_gitweb config/amnesia desc="enabled on the kernel
+command-line"]].
+
+Confinement profiles
+====================
+
+The AppArmor confinement profiles included in Tails come from:
+
+* individual Debian packages that ship confinement profiles, e.g.
+ Tor and Vidalia;
+* the [[!debpts apparmor-profiles]] package;
+* the [[!debpts apparmor-profiles-extra]] package.
+
+To get the full and current list, run `aa-status` as `root`
+inside Tails.
+
+Hacks to support the Live system usecase
+========================================
+
+Most Live systems use a union filesystem to provide the operating
+system with a read-write filesystem, based on a read-only branch
+(typically, SquashFS) and a read-write one (most often, tmpfs).
+
+Unfortunately, AppArmor currently does not support union filesystems
+very well, because the LSM hooks do not allow it to distinguish
+between an access to the upper layer, and an access to the loop-backed
+underlying layer.
+
+So, we have to adjust profiles a bit to make them support the paths
+that are actually seen by AppArmor in the context of Tails:
+
+* [[!tails_gitweb config/chroot_local-patches/apparmor-adjust-home-tunable.diff]]
+* [[!tails_gitweb config/chroot_local-patches/apparmor-adjust-tor-profile.diff]]
+* [[!tails_gitweb config/chroot_local-patches/apparmor-adjust-user-tmp-abstraction.diff]]
+
+Below, we discuss various leads that might avoid the need for coming
+up with such adjustments, and maintaining it.
+
+Future work
+===========
+
+More confinement profiles
+-------------------------
+
+As part of the [[!debwiki AppArmor desc="Debian AppArmor Team"]], we
+are working to get more well-tested and maintained profiles integrated
+into the distribution, and to improve cross-distribution collaboration
+in this area.
+
+<a id="more-resources"></a>
+
+Isolating more types of resources
+---------------------------------
+
+Once AppArmor 2.9 is released and the corresponding kernel patches are
+merged into Linux mainline, we will get support for mediating many
+more types of resources: D-Bus calls, sockets, signals and so on.
+
+[[Linux containers|application_isolation#linux-containers]] may also
+be a good way to isolate more types of resources.
+
+Using alias rules to avoid modifying profiles
+---------------------------------------------
+
+The most obvious trick to workaround AppArmor's lack of support for
+union filesystems is to use [alias
+rules](http://wiki.apparmor.net/index.php/AppArmor_Core_Policy_Reference#Alias_and_rewrite_rules),
+such as:
+
+ echo 'alias / -> /lib/live/mount/rootfs/filesystem.squashfs/,' \
+ >> /etc/apparmor.d/tunables/alias
+
+However, a number of problems prevent this seemingly simple solution
+from just working in the context of Tails. The following discusses
+these complications, and a few possible solutions.
+
+### Bugs in alias rules implementation
+
+The implementation of alias rules is affected by severe bugs, such as
+<https://bugs.launchpad.net/apparmor/+bug/888077>.
+
+There's preliminary work to fix this at
+<https://code.launchpad.net/~jjohansen/+junk/parser-alias-fix>.
+Note that this code can still revert to the previous behaviour by
+passing the `-O old-alias` option to `apparmor_parser`.
+
+### Overlapping rules
+
+Alias rules can generate rules that overlap (and conflict) with
+existing ones, which can cause the policy to fail to compile.
+
+E.g. the `sanitized_helper` profile (sourced by the Evince
+profile and many others) contains this rule:
+
+ /lib{,32,64}/**/ld{,32,64}-*.so mrix,
+
+which, once combined with this alias:
+
+ alias / -> /lib/live/mount/rootfs/filesystem.squashfs/,
+
+will end up overlapping a lot of the rules generated for the alias.
+E.g.
+
+ /bin/* Pixr,
+
+results in a rule of:
+
+ /lib/live/mount/rootfs/filesystem.squashfs/bin/* Pixr,
+
+being generated, however since the alias command does not remove other
+rule sets, it only adds new rules. We end up with both:
+
+ /lib{,32,64}/**/ld{,32,64}-*.so mrix,
+ /lib/live/mount/rootfs/filesystem.squashfs/bin/* Pixr,
+
+which causes a conflict between `ix` and `Pix`.
+
+To workaround this problem, we would need to change the
+`/lib{,32,64}/**/ld{,32,64}-*.so mrix,` rule into:
+
+ /lib{32,64}/**/ld{,32,64}-*.so mrix,
+ /lib/{[^l],l[^i],li[^v],liv[^e],live[^/]}**/ld{,32,64}-*.so mrix,
+
+which allows the profile to compile, as the `x` conflict has
+been removed.
+
+Needless to say, this kind of regexp is painful to write, audit and
+maintain. Things could be nicer if AppArmor supported set operations;
+instead, we could do something like (syntax not finalized):
+
+ /lib/{^live**}/ld{,32,64}-*.so mrix,
+
+Other problematic overlaps include e.g. this rule from the
+`sanitized_helper` profile:
+
+ audit deny owner /**/* m,
+
+... that will take away the executable mmap permission from _all_
+applications under `/lib/live/` path, if the root user (who owns the
+file) tries to launch an application.
+
+This can possibly be fixed using [[rewrite
+rules|application_isolation#rewrite-rules]] instead of aliases, or by
+an update to the AppArmor permission merging logic that would give us
+a way to define that the alias rules should have priority in
+the union.
+
+Fixing such problems one after the other may be doable, but
+regardless: the way alias rules affect the policy as a whole,
+especially once combined with globing, would make our policy harder to
+understand, reason about, and audit.
+
+### Persistence
+
+It may be that more aliases are needed to support the bind-mounts set
+up by `live-boot` when using the [[contribute/design/persistence]]
+feature. It may even be that these aliases need to be dynamically
+added, in function of the persistence configuration... that is, at
+login time. If that was the case, then the entire policy would need to
+be recompiled at login time, which could make the user experience very
+painful, especially considering that alias rules vastly increase
+policy compilation time.
+
+### Increased policy compilation time
+
+Alias rules dramatically increase the policy compile time (e.g.
+100 seconds for the Evince profile, that can be brought down to
+8 seconds with the aforementioned rule change in the
+`sanitized_helper` profile).
+
+To mitigate that problem, we could:
+
+- either look at the rules and see if we can optimize it... which kind
+ of defeats the purpose of using alias rules in the first place to
+ avoid the need for modifying profiles;
+- or ship a cached pre-compiled policy. As long as the parser and
+ kernel are in sync, the policy can be pulled straight from the
+ cache, without any compilation. If the parser detects that the
+ policy is out of date, then the cache will be ignored and
+ compilation will happen. This is what is done for the Ubuntu phone.
+ Potential problems:
+ * if alias rules need to be added at login time, then the cache must
+ be invalidated, and the policy entirely recompiled;
+ * it remains to be researched how well this would work, once
+ combined with the [[additional software
+ packages|doc/first_steps/persistence/configure]] persistence
+ feature.
+
+<a id="rewrite-rules"></a>
+
+Using rewrite rules to avoid modifying profiles
+-----------------------------------------------
+
+Other than alias rules, another option to avoid modifying profiles
+would be to use [rewrite
+rules](http://wiki.apparmor.net/index.php/AppArmor_Core_Policy_Reference#Alias_and_rewrite_rules).
+They're basically the same as alias rules, except that it doesn't
+duplicate rules, so no conflicting rules are generated.
+
+It remains to be researched if rewrite rules would work in our use
+case: e.g. it might be that some files are seen as read from the
+SquashFS initially, and written to the overlay. If that would be the
+case, then we would need to duplicate some rules in profiles to add
+back some paths that were rewritten.
+
+overlayfs
+---------
+
+[overlayfs](https://git.kernel.org/cgit/linux/kernel/git/mszeredi/vfs.git/tree/Documentation/filesystems/overlayfs.txt?h=overlayfs.current)
+is another kind of union filesystem, that seems to have much greater
+chances than aufs to be merged into Linux mainline some day.
+overlayfs works differently from aufs, in ways that give hope that it
+might be easier for AppArmor to support it natively.
+
+Once it's merged in Linux mainline, Debian Live could be made to
+support overlayfs as an alternative to aufs. One thing that should be
+checked is whether overlayfs supports stacking up more than one
+read-only branch, which we do need for the Tails
+[[contribute/design/incremental upgrades]] feature.
+
+Some ongoing work on AppArmor (labeling, extended conditionals) will
+help support overlayfs. Time will tell whether the result meets
+our needs.
+
+<a id="linux-containers"></a>
+
+Linux containers
+----------------
+
+Using Linux containers for application isolation is being [[researched
+separately|blueprint/Linux_containers]].
+
+Credits
+=======
+
+We owe a lot of thanks to John Johansen (<john.johansen@canonical.com>)
+for his patience and support. Substantial parts of this document were
+adapted from explanations he provided to us.
diff --git a/wiki/src/contribute/design/persistence.mdwn b/wiki/src/contribute/design/persistence.mdwn
index d08588b..d3e521b 100644
--- a/wiki/src/contribute/design/persistence.mdwn
+++ b/wiki/src/contribute/design/persistence.mdwn
@@ -23,8 +23,8 @@ This is relevant for the following applications:
- GnuPG, SSH and OTR key pairs
- GnuPG configuration
- SSH client configuration
-- iceweasel certificate trust
-- iceweasel bookmarks
+- Tor Browser certificate trust
+- Tor Browser bookmarks
- Pidgin configuration
- MUA configuration
- printers configuration
diff --git a/wiki/src/contribute/design/stream_isolation.mdwn b/wiki/src/contribute/design/stream_isolation.mdwn
index a8b8edd..5190e6a 100644
--- a/wiki/src/contribute/design/stream_isolation.mdwn
+++ b/wiki/src/contribute/design/stream_isolation.mdwn
@@ -26,8 +26,8 @@ Tails:
Web Browser
-----------
-Until Torbrowser implements clever fine-grained stream isolation
-([[!tor_bug 3455]]), Iceweasel is merely directed to a dedicated SOCKS port.
+Until the Tor Browser implements clever fine-grained stream isolation
+([[!tor_bug 3455]]) it is merely directed to a dedicated SOCKS port.
Destination address/port -based circuit isolation
-------------------------------------------------
@@ -46,7 +46,7 @@ However:
before we ship it to the masses.
For performance reasons, we will start with *not* using
-`IsolateDestAddr`/`IsolateDestPort` for iceweasel we ship: nowadays,
+`IsolateDestAddr`/`IsolateDestPort` for the Tor Browser: nowadays,
loading a mere web page often requires fetching resources from a dozen
or more remote sources. (Also, it looks like the use of
`IsolateDestAddr` in a modern web browser may create very uncommon
@@ -77,7 +77,7 @@ Implementation
==============
A few SOCKS ports are configured
-in [[!tails_gitweb chroot_local-includes/etc/tor/torrc]]:
+in [[!tails_gitweb config/chroot_local-includes/etc/tor/torrc]]:
* default system-wide `SocksPort` (9050): `IsolateDestAddr` and
`IsolateDestPort` enabled
@@ -85,15 +85,13 @@ in [[!tails_gitweb chroot_local-includes/etc/tor/torrc]]:
enabled
* dedicated `SocksPort` for Tails-specific applications (9062):
`IsolateDestAddr` and `IsolateDestPort` enabled
-* dedicated `SocksPort` for web browser (9151): no stream
+* dedicated `SocksPort` for web browser (9150): no stream
isolation options
* no specific isolation options for the `TransPort` ([[!tails_ticket 6378]])
Applications are configured to use the right SOCKS port:
-- [[!tails_gitweb config/chroot_local-includes/etc/iceweasel/pref/iceweasel.js]]
-- [[!tails_gitweb config/chroot_local-includes/etc/iceweasel/profile/foxyproxy.xml]]
-- [[!tails_gitweb config/chroot_local-includes/etc/iceweasel/profile/user.js]]
+- [[!tails_gitweb config/chroot_local-includes/etc/tor-browser/profile/preferences/0000tails.js]]
- [[!tails_gitweb config/chroot_local-includes/etc/init.d/htpdate]]
- [[!tails_gitweb config/chroot_local-includes/etc/tor/tor-tsocks-mua.conf]]
- [[!tails_gitweb config/chroot_local-includes/usr/local/bin/tails-security-check]]
diff --git a/wiki/src/contribute/design/vagrant.mdwn b/wiki/src/contribute/design/vagrant.mdwn
index 62255b0..86a833b 100644
--- a/wiki/src/contribute/design/vagrant.mdwn
+++ b/wiki/src/contribute/design/vagrant.mdwn
@@ -46,67 +46,48 @@ called [Veewee].
Installing the requirements
---------------------------
-To build the *base box* from scratch using Veewee, you will need to get both
-Veewee and Vargant from Rubygems:
+Debian packages:
- # gem install --no-ri --no-rdoc vagrant
- # gem install --no-ri --no-rdoc veewee
+ sudo apt-get install ruby ruby-dev rubygems build-essential libxslt1-dev \
+ libxml2-dev virtualbox linux-headers-amd64
-*Note:* Unfortunately, using `gem --user` does not work. The `basebox`
-subcommands that is made available by Veewee never shows up in Vagrant.
-That needs to sorted out upstream.
+Veewee isn't packaged in Debian, so we install the Ruby Gem as the
+user that is gonna build the basebox:
-*Note:* Installing the Veewee gem will install the Vagrant gem, even
-if the Debian package is installed.
-
-Running Veewee
---------------
-
-Running Veewee has been automated using Rake. So creating the *base box* is
-just a matter of running:
-
- $ http_proxy="http://proxy.lan:3142" rake basebox:create_basebox
-
-Obivously, you can drop the `http_proxy` part if you don't have one.
-
-The rest should be fully automatic, and leave you with a `squeeze.box` file in
-the `vagrant` directory.
+ gem install --user --no-ri --no-rdoc veewee
Update the distributed *base box*
---------------------------------
-The *base box* on Tails mirrors is expected to lie at
-`project/vagrant/squeeze.box`.
-
-Do not forget to update the corresponding SHA256 sum in `vagrant/Vagrantfile`.
-
-In details
-----------
-
-To create the *basebox* from the `squeeze` template (in `definitions`
-directory), the command is the following:
-
- $ vagrant basebox build squeeze
-
-> *Note:* It looks like the current version of the `virtualbox` gem is not
-> compatible with VirtualBox 4.0.x that is in `squeeze-backports`. Using
-> a hand made backport of virtualbox 4.1.12-dfsg-2 worked fine.
-
-After issuing that command, Veewee will download the boot ISO image,
-drive the debian-installer using [preeseding] and run `postinstall.sh` that
-will take care of seting up the environment expected by Vagrant.
-
-[preseeding]: https://www.debian.org/releases/stable/i386/apbs02.html
-
-In order to support local HTTP proxy, the `preseed.cfg` is generated from an
-ERB template during the Rake task `create_preseed_cfg`.
-
-Once the initial setup is done, it is worthwhile to see if the *basebox*
-fits Vagrant requirements. Veewee ships with an automated test suite:
-
- $ vagrant basebox validate squeeze
-
-If everything goes well, then, great, we have our *basebox*. Let's export
-it to a `.box` file that Vagrant can use:
-
- $ vagrant basebox export squeeze
+After issuing the commands below, Veewee will download the boot ISO
+image, drive the debian-installer using
+[preeseding](https://www.debian.org/releases/stable/i386/apbs02.html)
+and run `postinstall.sh` to take care of seting up the environment
+expected by Vagrant.
+
+ ORIG_BOXNAME=tails-builder
+ DATE="$(date +%Y%m%d)"
+ BOXNAME="${ORIG_BOXNAME}-${DATE}"
+ sed -i "s/tails-builder-[0-9]\{8\}/${BOXNAME}/" vagrant/Vagrantfile
+ mkdir -p "${VEEWEE_SRC}"/definitions
+ cp -a vagrant/definitions/${ORIG_BOXNAME}" vagrant/definitions/${BOXNAME}"
+ veewee vbox build "${BOXNAME}"
+ vboxmanage controlvm "${BOXNAME}" acpipowerbutton
+
+Wait until VM shuts down, then:
+
+ veewee vbox export "${BOXNAME}"
+ vboxmanage unregistervm "${BOXNAME}" --delete
+ rm -rf definitions/"${BOXNAME}"
+ CHECKSUM="$(sha256sum ${BOXNAME}.box | grep -o '^\w\+')"
+ sed -i -e "s/^BOX_CHECKSUM = .*$/BOX_CHECKSUM = '${CHECKSUM}'/" \
+ vagrant/lib/tails_build_settings.rb
+ sed -i "s/tails-builder-[0-9]\{8\}/${BOXNAME}/" \
+ vagrant/lib/tails_build_settings.rb vagrant/Vagrantfile
+ git commit vagrant -m "Updated Vagrant basebox."
+
+Then `$BOXNAME.box` will be placed in tails source root,
+and all needed changes committed to the current checked out branch in
+Tails sources. The basebox should be uploaded to the Tails mirrors at
+`http://dl.amnesia.boum.org/tails/project/vagrant/$BOXNAME.box`, as
+define defined in `vagrant/Vagrantfile`.
diff --git a/wiki/src/contribute/git.mdwn b/wiki/src/contribute/git.mdwn
index c796228..c3f680f 100644
--- a/wiki/src/contribute/git.mdwn
+++ b/wiki/src/contribute/git.mdwn
@@ -23,9 +23,13 @@ href="http://git-scm.com/documentation">official documentation</a>.</p>
Here are a couple of links to get started with Git:
+- An [interactive introduction](https://try.github.io/) to Git
+- [Git basics](https://www.atlassian.com/git/tutorial/git-basics), by Atlassian
+- [Git immersion](http://gitimmersion.com/), a step-by-step introduction
- Pro Git: [online](http://git-scm.com/book),
[PDF](https://github.s3.amazonaws.com/media/progit.en.pdf), a book on Git from
- basic to advanced usage.
+ basic to advanced usage. This book is available in several languages. Among others:
+ [German](http://git-scm.com/book/de), [French](http://git-scm.com/book/fr), [Português](http://git-scm.com/book/pt-br) (Brasil)
- [OpenHatch Missions: Using Git](https://openhatch.org/missions/git), concrete
exercises to train yourself in using Git.
- [Git For Ages 4 And
diff --git a/wiki/src/contribute/how/documentation/guidelines.mdwn b/wiki/src/contribute/how/documentation/guidelines.mdwn
index 8a76014..77a563e 100644
--- a/wiki/src/contribute/how/documentation/guidelines.mdwn
+++ b/wiki/src/contribute/how/documentation/guidelines.mdwn
@@ -15,29 +15,29 @@ authors who want to contribute to the GNOME Documentation Project (GDP).
Try to follow those guidelines when writing documentation and GUI for
Tails.
- - [GNOME Documentation Style Guide](http://developer.gnome.org/gdp-style-guide/stable/),
+ - [GNOME Documentation Style Guide](http://developer.gnome.org/gdp-style-guide/2.32/),
- [GNOME Documentation Style Guide, single HTML
- file](http://developer.gnome.org/gdp-style-guide/stable/gdp-style-guide.html)
+ file](http://developer.gnome.org/gdp-style-guide/2.32/gdp-style-guide.html)
**Read at least [Section 1 ― Fundamental Concepts of Technical
-Documentation](http://developer.gnome.org/gdp-style-guide/stable/gdp-style-guide.html#fundamentals).**
+Documentation](http://developer.gnome.org/gdp-style-guide/2.32/gdp-style-guide.html#fundamentals).**
The following sections are also of particular interest or have been
debated within Tails before:
- [2.4.2.&nbsp;Guidelines for Using Screenshots in Online
- Help](http://developer.gnome.org/gdp-style-guide/stable/gdp-style-guide.html#infodesign-10)
+ Help](http://developer.gnome.org/gdp-style-guide/2.32/gdp-style-guide.html#infodesign-10)
explains how to decide to use screenshots.
- [4.&nbsp;Writing documentation for an International
- Audience](http://developer.gnome.org/gdp-style-guide/stable/gdp-style-guide.html#locale)
+ Audience](http://developer.gnome.org/gdp-style-guide/2.32/gdp-style-guide.html#locale)
includes specific rules about how to write documentation that is
easier to translate, with practical examples.
- [5.2.&nbsp;Checks You Can Do
- Yourself](http://developer.gnome.org/gdp-style-guide/stable/gdp-style-guide.html#improving-6)
+ Yourself](http://developer.gnome.org/gdp-style-guide/2.32/gdp-style-guide.html#improving-6)
lists the top ten topics that you need to watch out for when you
review your work.
- [A.&nbsp;Recommended
- Terminology](http://developer.gnome.org/gdp-style-guide/stable/gdp-style-guide.html#wordlist)
+ Terminology](http://developer.gnome.org/gdp-style-guide/2.32/gdp-style-guide.html#wordlist)
contains a glossary of terms for use when writing documentation.
Use title capitalization rules from Wikipedia
@@ -53,14 +53,13 @@ audience to read.
But use title capitalization, as described in GDSG section
[3.&nbsp;Grammar and Usage
-Guidelines](http://developer.gnome.org/gdp-style-guide/stable/gdp-style-guide.html#grammar)
+Guidelines](http://developer.gnome.org/gdp-style-guide/2.32/gdp-style-guide.html#grammar)
for the names of GUI items: buttons, dialogs, applications, menus, etc.
CSS formating for GUI documentation
===================================
-Use the equivalent of [DocBook
-tags](http://developer.gnome.org/gdp-handbook/stable/docbook.html.en#docbook-inline)
+Use the equivalent of DocBook tags
to style your documentation using CSS.
- <span class="code">span.application</span> for application names, for example:
@@ -107,7 +106,7 @@ Tips, notes, cautions, bugs, and next
Use tips, notes, and cautions to highlight important information, as
described in the GNOME Documentation Style Guide.
-<https://developer.gnome.org/gdp-style-guide/stable/infodesign-18.html.en>
+<https://developer.gnome.org/gdp-style-guide/2.32/infodesign-18.html.en>
Bugs
----
@@ -119,7 +118,7 @@ is described in its principal use cases. For example:
The screen reading functionality of <span class="application">GNOME
Orca</span> does not work neither with the <span
-class="application">Iceweasel Web Browser</span> nor with the <span
+class="application">Tor Browser</span> nor with the <span
class="application">Unsafe Web Browser</span>.
</div>
diff --git a/wiki/src/contribute/how/donate.de.po b/wiki/src/contribute/how/donate.de.po
new file mode 100644
index 0000000..a5e6d1a
--- /dev/null
+++ b/wiki/src/contribute/how/donate.de.po
@@ -0,0 +1,267 @@
+# SOME DESCRIPTIVE TITLE
+# Copyright (C) YEAR Free Software Foundation, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"POT-Creation-Date: 2014-09-22 12:27+0300\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!meta title=\"Make a donation\"]]\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"**Your support is critical to our success.** Consider making\n"
+"a donation to Tails.\n"
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"Note that Tails is a project mainly run by volunteers. There are [[many "
+"other ways to contribute|contribute]]!"
+msgstr ""
+
+#. type: Title =
+#, no-wrap
+msgid "Ways to donate\n"
+msgstr ""
+
+#. type: Bullet: ' * '
+msgid ""
+"Crowdfunding campaign run by the American organization [Freedom of the Press "
+"Foundation](https://pressfreedomfoundation.org/bundle/encryption-tools-"
+"journalists)."
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid " If you live in the US, your donation will be tax-deductible.\n"
+msgstr ""
+
+#. type: Bullet: ' * '
+msgid ""
+"[[Bank wire transfer|donate#swift]] or [[Paypal|donate#paypal]] through the "
+"German organization [Zwiebelfreunde e.V.](https://www.zwiebelfreunde.de/)."
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+" If you live in Europe, your donation might be tax-deductible. Check what are\n"
+" the precise conditions in your country, and [ask\n"
+" Zwiebelfreunde](https://www.torservers.net/contact.html) for a donation\n"
+" receipt if you need one.\n"
+msgstr ""
+
+#. type: Bullet: ' * '
+msgid "[[Bitcoin|donate#bitcoin]]"
+msgstr ""
+
+#. type: Bullet: ' * '
+msgid ""
+"If none of these methods suit you, consider [donating to the Tor Project]"
+"(https://www.torproject.org/donate/). They do great work, and also support "
+"us financially."
+msgstr ""
+
+#. type: Plain text
+msgid "Thank you for your donation!"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "<a id=\"bitcoin\"></a>\n"
+msgstr ""
+
+#. type: Title -
+#, no-wrap
+msgid "Bitcoin\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "You can send Bitcoins to **<a href=\"bitcoin:1BvBMSEYstWetqTFn5Au4m4GFg7xJaNVN2\">1BvBMSEYstWetqTFn5Au4m4GFg7xJaNVN2</a>**.\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "<div class=\"caution\">\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"<p>Bitcoin is <a href=\"https://bitcoin.org/en/faq#is-bitcoin-anonymous\">not\n"
+"anonymous</a>.</p>\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "</div>\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "<a id=\"swift\"></a>\n"
+msgstr ""
+
+#. type: Title -
+#, no-wrap
+msgid "Bank wire transfer\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+" Account holder: Zwiebelfreunde e.V.\n"
+" Name of bank: GLS Gemeinschaftsbank eG\n"
+" IBAN: DE25430609671126825603\n"
+" BIC: GENODEM1GLS\n"
+" Address of bank: Christstrasse 9, 44789 Bochum, Germany\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid "<a id=\"paypal\"></a>\n"
+msgstr ""
+
+#. type: Title -
+#, no-wrap
+msgid "Paypal\n"
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"Please, use the euro (EUR) as currency as this makes accounting easier. "
+"However, Paypal automatically converts it to your local currency."
+msgstr ""
+
+#. type: Title ###
+#, no-wrap
+msgid "Set up a recurring donation"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"<form action=\"https://www.paypal.com/cgi-bin/webscr\" method=\"post\" target='_blank' class='donation'>\n"
+"\t<input type=\"hidden\" name=\"cmd\" value=\"_xclick-subscriptions\"/>\n"
+"\t<input type=\"hidden\" name=\"business\" value=\"donate@torservers.net\"/>\n"
+"\t<input type=\"hidden\" name=\"item_name\" value=\"Tails recurring donation\"/>\n"
+"\t<input type=\"hidden\" name=\"no_note\" value=\"1\"/>\n"
+"\t<input type=\"hidden\" name=\"src\" value=\"1\"/>\n"
+"\t<input type=\"hidden\" name=\"modify\" value=\"1\"/>\n"
+"\t<input type=\"hidden\" name=\"t3\" value=\"M\"/>\n"
+"\t<input name=\"lc\" type=\"hidden\" value=\"US\" />\n"
+"\t<input type=\"radio\" name=\"a3\" value=\"5\" id=\"sub5\" checked=\"checked\" /><label for=\"sub5\">5</label>\n"
+"\t<input type=\"radio\" name=\"a3\" value=\"10\" id=\"sub10\"/><label for=\"sub10\">10</label>\n"
+"\t<input type=\"radio\" name=\"a3\" value=\"20\" id=\"sub20\"/><label for=\"sub20\">20</label>\n"
+"\t<input type=\"radio\" name=\"a3\" value=\"50\" id=\"sub50\"/><label for=\"sub50\">50</label>\n"
+"\t<input type=\"radio\" name=\"a3\" value=\"100\" id=\"sub100\"/><label for=\"sub100\">100</label>\n"
+"\t<input type=\"radio\" name=\"a3\" value=\"250\" id=\"sub250\"/><label for=\"sub250\">250</label>\n"
+"\t<input type=\"radio\" name=\"a3\" value=\"500\" id=\"sub500\"/><label for=\"sub500\">500</label>\n"
+"\t<select name=\"currency_code\">\n"
+"\t\t\t<option value='EUR'>EUR</option>\n"
+"\t\t\t<option value='USD'>USD</option>\n"
+"\t\t\t<option value='GBP'>GBP</option>\n"
+"\t\t\t<option value='CAD'>CAD</option>\n"
+"\t\t\t<option value='AUD'>AUD</option>\n"
+"\t\t\t<option value='NZD'>NZD</option>\n"
+"\t\t\t<option value='SEK'>SEK</option>\n"
+"\t\t\t<option value='CZK'>CZK</option>\n"
+"\t\t\t<option value='PLN'>PLN</option>\n"
+"\t\t\t<option value='DKK'>DKK</option>\n"
+"\t\t\t<option value='NOK'>NOK</option>\n"
+"\t\t\t<option value='MXN'>MXN</option>\n"
+"\t\t\t<option value='CHF'>CHF</option>\n"
+"\t\t\t<option value='HKD'>HKD</option>\n"
+"\t\t\t<option value='HUF'>HUF</option>\n"
+"\t\t\t<option value='ILS'>ILS</option>\n"
+"\t\t\t<option value='BRL'>BRL</option>\n"
+"\t\t\t<option value='JPY'>JPY</option>\n"
+"\t\t\t<option value='MYR'>MYR</option>\n"
+"\t\t\t<option value='PHP'>PHP</option>\n"
+"\t\t\t<option value='SGD'>SGD</option>\n"
+"\t\t\t<option value='TWD'>TWD</option>\n"
+"\t\t\t<option value='THB'>THB</option>\n"
+"\t</select>\n"
+"\t<br/>\n"
+"\t<input type=\"radio\" name=\"p3\" value=\"1\" id=\"sub_m\" checked=\"checked\" /><label for=\"sub_m\">monthly</label>\n"
+"\t<input type=\"radio\" name=\"p3\" value=\"3\" id=\"sub_q\"/><label for=\"sub_q\">quarterly</label>\n"
+"\t<input type=\"radio\" name=\"p3\" value=\"12\" id=\"sub_y\"/><label for=\"sub_y\">yearly</label>\n"
+"\t<br/>\n"
+"\t<input type=\"submit\" value=\"Subscribe\" class=\"button\" />\n"
+"</form>\n"
+msgstr ""
+
+#. type: Title ###
+#, no-wrap
+msgid "Make a one-time donation"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"<form action='https://www.paypal.com/cgi-bin/webscr' id='paypalForm' method='post' target='_blank' class='donation'>\n"
+"\t<input name='cmd' type='hidden' value='_donations' />\n"
+"\t<input name='business' type='hidden' value='donate@torservers.net' />\n"
+"\t<input name='item_name' type='hidden' value='Tails one-time donation' />\n"
+"\t<input type=\"hidden\" name=\"no_shipping\" value=\"1\"/>\n"
+"\t<input name=\"lc\" type=\"hidden\" value=\"US\" />\n"
+"\t<input type=\"radio\" name=\"amount\" value=\"5\" id=\"pp_5\" /><label for=\"pp_5\">5</label>\n"
+"\t<input type=\"radio\" name=\"amount\" value=\"10\" id=\"pp_10\"/><label for=\"pp_10\">10</label>\n"
+"\t<input type=\"radio\" name=\"amount\" value=\"20\" id=\"pp_20\"/><label for=\"pp_20\">20</label>\n"
+"\t<input type=\"radio\" name=\"amount\" value=\"50\" id=\"pp_50\"/><label for=\"pp_50\">50</label>\n"
+"\t<input type=\"radio\" name=\"amount\" value=\"100\" id=\"pp_100\"/><label for=\"pp_100\">100</label>\n"
+"\t<input type=\"radio\" name=\"amount\" value=\"\" id=\"pp_cust\" checked=\"checked\"/><label for=\"pp_cust\">custom amount</label>\n"
+"\t<select name=\"currency_code\">\n"
+"\t\t<option value='EUR'>EUR</option>\n"
+"\t\t<option value='USD'>USD</option>\n"
+"\t\t<option value='GBP'>GBP</option>\n"
+"\t\t<option value='CAD'>CAD</option>\n"
+"\t\t<option value='AUD'>AUD</option>\n"
+"\t\t<option value='NZD'>NZD</option>\n"
+"\t\t<option value='SEK'>SEK</option>\n"
+"\t\t<option value='CZK'>CZK</option>\n"
+"\t\t<option value='PLN'>PLN</option>\n"
+"\t\t<option value='DKK'>DKK</option>\n"
+"\t\t<option value='NOK'>NOK</option>\n"
+"\t\t<option value='MXN'>MXN</option>\n"
+"\t\t<option value='CHF'>CHF</option>\n"
+"\t\t<option value='HKD'>HKD</option>\n"
+"\t\t<option value='HUF'>HUF</option>\n"
+"\t\t<option value='ILS'>ILS</option>\n"
+"\t\t<option value='BRL'>BRL</option>\n"
+"\t\t<option value='JPY'>JPY</option>\n"
+"\t\t<option value='MYR'>MYR</option>\n"
+"\t\t<option value='PHP'>PHP</option>\n"
+"\t\t<option value='SGD'>SGD</option>\n"
+"\t\t<option value='TWD'>TWD</option>\n"
+"\t\t<option value='THB'>THB</option>\n"
+"\t</select>\n"
+"\t<br/>\n"
+"\t<input type=\"submit\" value=\"Donate\" class=\"button\" />\n"
+"</form>\n"
+msgstr ""
+
+#. type: Title =
+#, no-wrap
+msgid "How does Tails use this money?\n"
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"Our [[financial documents|doc/about/finances]] are available for your review."
+msgstr ""
diff --git a/wiki/src/contribute/how/donate.fr.po b/wiki/src/contribute/how/donate.fr.po
new file mode 100644
index 0000000..cf0bb24
--- /dev/null
+++ b/wiki/src/contribute/how/donate.fr.po
@@ -0,0 +1,381 @@
+# SOME DESCRIPTIVE TITLE
+# Copyright (C) YEAR Free Software Foundation, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"POT-Creation-Date: 2014-09-22 12:27+0300\n"
+"PO-Revision-Date: 2014-08-14 10:59+0200\n"
+"Last-Translator: Tails translators <tails@boum.org>\n"
+"Language-Team: Tails translators <tails@boum.org>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 1.5.4\n"
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!meta title=\"Make a donation\"]]\n"
+msgstr "[[!meta title=\"Faire un don\"]]\n"
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"**Your support is critical to our success.** Consider making\n"
+"a donation to Tails.\n"
+msgstr ""
+"**Votre soutien est essentiel.** Envisagez de faire\n"
+"un don à Tails.\n"
+
+#. type: Plain text
+msgid ""
+"Note that Tails is a project mainly run by volunteers. There are [[many "
+"other ways to contribute|contribute]]!"
+msgstr ""
+"Notez que le projet Tails est principalement maintenu par des bénévoles.\n"
+"Il y a [[de nombreuses autres façons de contribuer|contribute]] !"
+
+#. type: Title =
+#, no-wrap
+msgid "Ways to donate\n"
+msgstr "Comment faire un don\n"
+
+#. type: Bullet: ' * '
+msgid ""
+"Crowdfunding campaign run by the American organization [Freedom of the Press "
+"Foundation](https://pressfreedomfoundation.org/bundle/encryption-tools-"
+"journalists)."
+msgstr ""
+"Contribuer à la campagne de financement organisée par l'association états-"
+"unienne [Freedom of the Press Foundation](https://pressfreedomfoundation.org/"
+"bundle/encryption-tools-journalists)."
+
+#. type: Plain text
+#, no-wrap
+msgid " If you live in the US, your donation will be tax-deductible.\n"
+msgstr " Si vous habitez aux États-Unis, votre don sera déductible d'impôts.\n"
+
+#. type: Bullet: ' * '
+msgid ""
+"[[Bank wire transfer|donate#swift]] or [[Paypal|donate#paypal]] through the "
+"German organization [Zwiebelfreunde e.V.](https://www.zwiebelfreunde.de/)."
+msgstr ""
+"[[Virement bancaire|donate#swift]] ou [[Paypal|donate#paypal]] via "
+"l'association allemande [Zwiebelfreunde e.V.](https://www.zwiebelfreunde."
+"de/)."
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+" If you live in Europe, your donation might be tax-deductible. Check what are\n"
+" the precise conditions in your country, and [ask\n"
+" Zwiebelfreunde](https://www.torservers.net/contact.html) for a donation\n"
+" receipt if you need one.\n"
+msgstr ""
+" Si vous habitez en Europe, votre don peut être déductible d'impôts. Vérifiez les\n"
+" conditions en vigueur dans votre pays et, au besoin, [demandez un reçu à\n"
+" Zwiebelfreunde](https://www.torservers.net/contact.html).\n"
+
+#. type: Bullet: ' * '
+msgid "[[Bitcoin|donate#bitcoin]]"
+msgstr "[[Bitcoin|donate#bitcoin]]"
+
+#. type: Bullet: ' * '
+msgid ""
+"If none of these methods suit you, consider [donating to the Tor Project]"
+"(https://www.torproject.org/donate/). They do great work, and also support "
+"us financially."
+msgstr ""
+"Si aucun de ces moyens ne vous convient, vous pouvez [faire un don au projet "
+"Tor](https://www.torproject.org/donate/). Ils font un travail formidable et "
+"nous soutiennent financièrement."
+
+#. type: Plain text
+msgid "Thank you for your donation!"
+msgstr "Merci pour votre don !"
+
+#. type: Plain text
+#, no-wrap
+msgid "<a id=\"bitcoin\"></a>\n"
+msgstr "<a id=\"bitcoin\"></a>\n"
+
+#. type: Title -
+#, no-wrap
+msgid "Bitcoin\n"
+msgstr "Bitcoin\n"
+
+#. type: Plain text
+#, no-wrap
+msgid "You can send Bitcoins to **<a href=\"bitcoin:1BvBMSEYstWetqTFn5Au4m4GFg7xJaNVN2\">1BvBMSEYstWetqTFn5Au4m4GFg7xJaNVN2</a>**.\n"
+msgstr "Vous pouvez envoyer des Bitcoins à l'adresse **<a href=\"bitcoin:1BvBMSEYstWetqTFn5Au4m4GFg7xJaNVN2\">1BvBMSEYstWetqTFn5Au4m4GFg7xJaNVN2</a>**.\n"
+
+#. type: Plain text
+#, no-wrap
+msgid "<div class=\"caution\">\n"
+msgstr "<div class=\"caution\">\n"
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"<p>Bitcoin is <a href=\"https://bitcoin.org/en/faq#is-bitcoin-anonymous\">not\n"
+"anonymous</a>.</p>\n"
+msgstr ""
+"<p>Bitcoin n'est <a href=\"https://bitcoin.org/en/faq#is-bitcoin-anonymous\">pas\n"
+"anonyme</a>.</p>\n"
+
+#. type: Plain text
+#, no-wrap
+msgid "</div>\n"
+msgstr "</div>\n"
+
+#. type: Plain text
+#, no-wrap
+msgid "<a id=\"swift\"></a>\n"
+msgstr "<a id=\"swift\"></a>\n"
+
+#. type: Title -
+#, no-wrap
+msgid "Bank wire transfer\n"
+msgstr "Virement bancaire\n"
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+" Account holder: Zwiebelfreunde e.V.\n"
+" Name of bank: GLS Gemeinschaftsbank eG\n"
+" IBAN: DE25430609671126825603\n"
+" BIC: GENODEM1GLS\n"
+" Address of bank: Christstrasse 9, 44789 Bochum, Germany\n"
+msgstr ""
+" Titulaire du compte : Zwiebelfreunde e.V.\n"
+" Nom de la banque : GLS Gemeinschaftsbank eG\n"
+" IBAN : DE25430609671126825603\n"
+" BIC : GENODEM1GLS\n"
+" Adresse de la banque : Christstrasse 9, 44789 Bochum, Allemagne\n"
+
+#. type: Plain text
+#, no-wrap
+msgid "<a id=\"paypal\"></a>\n"
+msgstr "<a id=\"paypal\"></a>\n"
+
+#. type: Title -
+#, no-wrap
+msgid "Paypal\n"
+msgstr "Paypal\n"
+
+#. type: Plain text
+msgid ""
+"Please, use the euro (EUR) as currency as this makes accounting easier. "
+"However, Paypal automatically converts it to your local currency."
+msgstr ""
+"Merci d'utiliser l'euro (EUR) pour faciliter notre comptabilité. Paypal "
+"convertira automatiquement le don dans votre devise."
+
+#. type: Title ###
+#, no-wrap
+msgid "Set up a recurring donation"
+msgstr "Faire un don régulier"
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"<form action=\"https://www.paypal.com/cgi-bin/webscr\" method=\"post\" target='_blank' class='donation'>\n"
+"\t<input type=\"hidden\" name=\"cmd\" value=\"_xclick-subscriptions\"/>\n"
+"\t<input type=\"hidden\" name=\"business\" value=\"donate@torservers.net\"/>\n"
+"\t<input type=\"hidden\" name=\"item_name\" value=\"Tails recurring donation\"/>\n"
+"\t<input type=\"hidden\" name=\"no_note\" value=\"1\"/>\n"
+"\t<input type=\"hidden\" name=\"src\" value=\"1\"/>\n"
+"\t<input type=\"hidden\" name=\"modify\" value=\"1\"/>\n"
+"\t<input type=\"hidden\" name=\"t3\" value=\"M\"/>\n"
+"\t<input name=\"lc\" type=\"hidden\" value=\"US\" />\n"
+"\t<input type=\"radio\" name=\"a3\" value=\"5\" id=\"sub5\" checked=\"checked\" /><label for=\"sub5\">5</label>\n"
+"\t<input type=\"radio\" name=\"a3\" value=\"10\" id=\"sub10\"/><label for=\"sub10\">10</label>\n"
+"\t<input type=\"radio\" name=\"a3\" value=\"20\" id=\"sub20\"/><label for=\"sub20\">20</label>\n"
+"\t<input type=\"radio\" name=\"a3\" value=\"50\" id=\"sub50\"/><label for=\"sub50\">50</label>\n"
+"\t<input type=\"radio\" name=\"a3\" value=\"100\" id=\"sub100\"/><label for=\"sub100\">100</label>\n"
+"\t<input type=\"radio\" name=\"a3\" value=\"250\" id=\"sub250\"/><label for=\"sub250\">250</label>\n"
+"\t<input type=\"radio\" name=\"a3\" value=\"500\" id=\"sub500\"/><label for=\"sub500\">500</label>\n"
+"\t<select name=\"currency_code\">\n"
+"\t\t\t<option value='EUR'>EUR</option>\n"
+"\t\t\t<option value='USD'>USD</option>\n"
+"\t\t\t<option value='GBP'>GBP</option>\n"
+"\t\t\t<option value='CAD'>CAD</option>\n"
+"\t\t\t<option value='AUD'>AUD</option>\n"
+"\t\t\t<option value='NZD'>NZD</option>\n"
+"\t\t\t<option value='SEK'>SEK</option>\n"
+"\t\t\t<option value='CZK'>CZK</option>\n"
+"\t\t\t<option value='PLN'>PLN</option>\n"
+"\t\t\t<option value='DKK'>DKK</option>\n"
+"\t\t\t<option value='NOK'>NOK</option>\n"
+"\t\t\t<option value='MXN'>MXN</option>\n"
+"\t\t\t<option value='CHF'>CHF</option>\n"
+"\t\t\t<option value='HKD'>HKD</option>\n"
+"\t\t\t<option value='HUF'>HUF</option>\n"
+"\t\t\t<option value='ILS'>ILS</option>\n"
+"\t\t\t<option value='BRL'>BRL</option>\n"
+"\t\t\t<option value='JPY'>JPY</option>\n"
+"\t\t\t<option value='MYR'>MYR</option>\n"
+"\t\t\t<option value='PHP'>PHP</option>\n"
+"\t\t\t<option value='SGD'>SGD</option>\n"
+"\t\t\t<option value='TWD'>TWD</option>\n"
+"\t\t\t<option value='THB'>THB</option>\n"
+"\t</select>\n"
+"\t<br/>\n"
+"\t<input type=\"radio\" name=\"p3\" value=\"1\" id=\"sub_m\" checked=\"checked\" /><label for=\"sub_m\">monthly</label>\n"
+"\t<input type=\"radio\" name=\"p3\" value=\"3\" id=\"sub_q\"/><label for=\"sub_q\">quarterly</label>\n"
+"\t<input type=\"radio\" name=\"p3\" value=\"12\" id=\"sub_y\"/><label for=\"sub_y\">yearly</label>\n"
+"\t<br/>\n"
+"\t<input type=\"submit\" value=\"Subscribe\" class=\"button\" />\n"
+"</form>\n"
+msgstr ""
+"<form action=\"https://www.paypal.com/cgi-bin/webscr\" method=\"post\" target='_blank' class='donation'>\n"
+"\t<input type=\"hidden\" name=\"cmd\" value=\"_xclick-subscriptions\"/>\n"
+"\t<input type=\"hidden\" name=\"business\" value=\"donate@torservers.net\"/>\n"
+"\t<input type=\"hidden\" name=\"item_name\" value=\"Tails recurring donation\"/>\n"
+"\t<input type=\"hidden\" name=\"no_note\" value=\"1\"/>\n"
+"\t<input type=\"hidden\" name=\"src\" value=\"1\"/>\n"
+"\t<input type=\"hidden\" name=\"modify\" value=\"1\"/>\n"
+"\t<input type=\"hidden\" name=\"t3\" value=\"M\"/>\n"
+"\t<input name=\"lc\" type=\"hidden\" value=\"US\" />\n"
+"\t<input type=\"radio\" name=\"a3\" value=\"5\" id=\"sub5\" checked=\"checked\" /><label for=\"sub5\">5</label>\n"
+"\t<input type=\"radio\" name=\"a3\" value=\"10\" id=\"sub10\"/><label for=\"sub10\">10</label>\n"
+"\t<input type=\"radio\" name=\"a3\" value=\"20\" id=\"sub20\"/><label for=\"sub20\">20</label>\n"
+"\t<input type=\"radio\" name=\"a3\" value=\"50\" id=\"sub50\"/><label for=\"sub50\">50</label>\n"
+"\t<input type=\"radio\" name=\"a3\" value=\"100\" id=\"sub100\"/><label for=\"sub100\">100</label>\n"
+"\t<input type=\"radio\" name=\"a3\" value=\"250\" id=\"sub250\"/><label for=\"sub250\">250</label>\n"
+"\t<input type=\"radio\" name=\"a3\" value=\"500\" id=\"sub500\"/><label for=\"sub500\">500</label>\n"
+"\t<select name=\"currency_code\">\n"
+"\t\t\t<option value='EUR'>EUR</option>\n"
+"\t\t\t<option value='USD'>USD</option>\n"
+"\t\t\t<option value='GBP'>GBP</option>\n"
+"\t\t\t<option value='CAD'>CAD</option>\n"
+"\t\t\t<option value='AUD'>AUD</option>\n"
+"\t\t\t<option value='NZD'>NZD</option>\n"
+"\t\t\t<option value='SEK'>SEK</option>\n"
+"\t\t\t<option value='CZK'>CZK</option>\n"
+"\t\t\t<option value='PLN'>PLN</option>\n"
+"\t\t\t<option value='DKK'>DKK</option>\n"
+"\t\t\t<option value='NOK'>NOK</option>\n"
+"\t\t\t<option value='MXN'>MXN</option>\n"
+"\t\t\t<option value='CHF'>CHF</option>\n"
+"\t\t\t<option value='HKD'>HKD</option>\n"
+"\t\t\t<option value='HUF'>HUF</option>\n"
+"\t\t\t<option value='ILS'>ILS</option>\n"
+"\t\t\t<option value='BRL'>BRL</option>\n"
+"\t\t\t<option value='JPY'>JPY</option>\n"
+"\t\t\t<option value='MYR'>MYR</option>\n"
+"\t\t\t<option value='PHP'>PHP</option>\n"
+"\t\t\t<option value='SGD'>SGD</option>\n"
+"\t\t\t<option value='TWD'>TWD</option>\n"
+"\t\t\t<option value='THB'>THB</option>\n"
+"\t</select>\n"
+"\t<br/>\n"
+"\t<input type=\"radio\" name=\"p3\" value=\"1\" id=\"sub_m\" checked=\"checked\" /><label for=\"sub_m\">mensuel</label>\n"
+"\t<input type=\"radio\" name=\"p3\" value=\"3\" id=\"sub_q\"/><label for=\"sub_q\">trimestriel</label>\n"
+"\t<input type=\"radio\" name=\"p3\" value=\"12\" id=\"sub_y\"/><label for=\"sub_y\">annuel</label>\n"
+"\t<br/>\n"
+"\t<input type=\"submit\" value=\"S'inscrire\" class=\"button\" />\n"
+"</form>\n"
+
+#. type: Title ###
+#, no-wrap
+msgid "Make a one-time donation"
+msgstr "Faire un don ponctuel"
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"<form action='https://www.paypal.com/cgi-bin/webscr' id='paypalForm' method='post' target='_blank' class='donation'>\n"
+"\t<input name='cmd' type='hidden' value='_donations' />\n"
+"\t<input name='business' type='hidden' value='donate@torservers.net' />\n"
+"\t<input name='item_name' type='hidden' value='Tails one-time donation' />\n"
+"\t<input type=\"hidden\" name=\"no_shipping\" value=\"1\"/>\n"
+"\t<input name=\"lc\" type=\"hidden\" value=\"US\" />\n"
+"\t<input type=\"radio\" name=\"amount\" value=\"5\" id=\"pp_5\" /><label for=\"pp_5\">5</label>\n"
+"\t<input type=\"radio\" name=\"amount\" value=\"10\" id=\"pp_10\"/><label for=\"pp_10\">10</label>\n"
+"\t<input type=\"radio\" name=\"amount\" value=\"20\" id=\"pp_20\"/><label for=\"pp_20\">20</label>\n"
+"\t<input type=\"radio\" name=\"amount\" value=\"50\" id=\"pp_50\"/><label for=\"pp_50\">50</label>\n"
+"\t<input type=\"radio\" name=\"amount\" value=\"100\" id=\"pp_100\"/><label for=\"pp_100\">100</label>\n"
+"\t<input type=\"radio\" name=\"amount\" value=\"\" id=\"pp_cust\" checked=\"checked\"/><label for=\"pp_cust\">custom amount</label>\n"
+"\t<select name=\"currency_code\">\n"
+"\t\t<option value='EUR'>EUR</option>\n"
+"\t\t<option value='USD'>USD</option>\n"
+"\t\t<option value='GBP'>GBP</option>\n"
+"\t\t<option value='CAD'>CAD</option>\n"
+"\t\t<option value='AUD'>AUD</option>\n"
+"\t\t<option value='NZD'>NZD</option>\n"
+"\t\t<option value='SEK'>SEK</option>\n"
+"\t\t<option value='CZK'>CZK</option>\n"
+"\t\t<option value='PLN'>PLN</option>\n"
+"\t\t<option value='DKK'>DKK</option>\n"
+"\t\t<option value='NOK'>NOK</option>\n"
+"\t\t<option value='MXN'>MXN</option>\n"
+"\t\t<option value='CHF'>CHF</option>\n"
+"\t\t<option value='HKD'>HKD</option>\n"
+"\t\t<option value='HUF'>HUF</option>\n"
+"\t\t<option value='ILS'>ILS</option>\n"
+"\t\t<option value='BRL'>BRL</option>\n"
+"\t\t<option value='JPY'>JPY</option>\n"
+"\t\t<option value='MYR'>MYR</option>\n"
+"\t\t<option value='PHP'>PHP</option>\n"
+"\t\t<option value='SGD'>SGD</option>\n"
+"\t\t<option value='TWD'>TWD</option>\n"
+"\t\t<option value='THB'>THB</option>\n"
+"\t</select>\n"
+"\t<br/>\n"
+"\t<input type=\"submit\" value=\"Donate\" class=\"button\" />\n"
+"</form>\n"
+msgstr ""
+"<form action='https://www.paypal.com/cgi-bin/webscr' id='paypalForm' method='post' target='_blank' class='donation'>\n"
+"\t<input name='cmd' type='hidden' value='_donations' />\n"
+"\t<input name='business' type='hidden' value='donate@torservers.net' />\n"
+"\t<input name='item_name' type='hidden' value='Tails one-time donation' />\n"
+"\t<input type=\"hidden\" name=\"no_shipping\" value=\"1\"/>\n"
+"\t<input name=\"lc\" type=\"hidden\" value=\"US\" />\n"
+"\t<input type=\"radio\" name=\"amount\" value=\"5\" id=\"pp_5\" /><label for=\"pp_5\">5</label>\n"
+"\t<input type=\"radio\" name=\"amount\" value=\"10\" id=\"pp_10\"/><label for=\"pp_10\">10</label>\n"
+"\t<input type=\"radio\" name=\"amount\" value=\"20\" id=\"pp_20\"/><label for=\"pp_20\">20</label>\n"
+"\t<input type=\"radio\" name=\"amount\" value=\"50\" id=\"pp_50\"/><label for=\"pp_50\">50</label>\n"
+"\t<input type=\"radio\" name=\"amount\" value=\"100\" id=\"pp_100\"/><label for=\"pp_100\">100</label>\n"
+"\t<input type=\"radio\" name=\"amount\" value=\"\" id=\"pp_cust\" checked=\"checked\"/><label for=\"pp_cust\">autre montant</label>\n"
+"\t<select name=\"currency_code\">\n"
+"\t\t<option value='EUR'>EUR</option>\n"
+"\t\t<option value='USD'>USD</option>\n"
+"\t\t<option value='GBP'>GBP</option>\n"
+"\t\t<option value='CAD'>CAD</option>\n"
+"\t\t<option value='AUD'>AUD</option>\n"
+"\t\t<option value='NZD'>NZD</option>\n"
+"\t\t<option value='SEK'>SEK</option>\n"
+"\t\t<option value='CZK'>CZK</option>\n"
+"\t\t<option value='PLN'>PLN</option>\n"
+"\t\t<option value='DKK'>DKK</option>\n"
+"\t\t<option value='NOK'>NOK</option>\n"
+"\t\t<option value='MXN'>MXN</option>\n"
+"\t\t<option value='CHF'>CHF</option>\n"
+"\t\t<option value='HKD'>HKD</option>\n"
+"\t\t<option value='HUF'>HUF</option>\n"
+"\t\t<option value='ILS'>ILS</option>\n"
+"\t\t<option value='BRL'>BRL</option>\n"
+"\t\t<option value='JPY'>JPY</option>\n"
+"\t\t<option value='MYR'>MYR</option>\n"
+"\t\t<option value='PHP'>PHP</option>\n"
+"\t\t<option value='SGD'>SGD</option>\n"
+"\t\t<option value='TWD'>TWD</option>\n"
+"\t\t<option value='THB'>THB</option>\n"
+"\t</select>\n"
+"\t<br/>\n"
+"\t<input type=\"submit\" value=\"Donner\" class=\"button\" />\n"
+"</form>\n"
+
+#. type: Title =
+#, no-wrap
+msgid "How does Tails use this money?\n"
+msgstr "Comment Tails utilise cet argent ?\n"
+
+#. type: Plain text
+msgid ""
+"Our [[financial documents|doc/about/finances]] are available for your review."
+msgstr "Vous pouvez consulter nos [[rapports financiers|doc/about/finances]]."
diff --git a/wiki/src/contribute/how/donate.mdwn b/wiki/src/contribute/how/donate.mdwn
index d95d31f..f853de7 100644
--- a/wiki/src/contribute/how/donate.mdwn
+++ b/wiki/src/contribute/how/donate.mdwn
@@ -3,38 +3,161 @@
**Your support is critical to our success.** Consider making
a donation to Tails.
-(Note that Tails is a project mainly run by volunteers. There are
-[[many other ways to contribute|contribute]]!)
+Note that Tails is a project mainly run by volunteers. There are
+[[many other ways to contribute|contribute]]!
-[[!toc levels=2]]
+Ways to donate
+==============
-# Ways to donate
+ * Crowdfunding campaign run by the American organization [Freedom of the Press Foundation](https://pressfreedomfoundation.org/bundle/encryption-tools-journalists).
-We currently accept donations via:
+ If you live in the US, your donation will be tax-deductible.
+
+ * [[Bank wire transfer|donate#swift]] or [[Paypal|donate#paypal]] through the
+ German organization [Zwiebelfreunde e.V.](https://www.zwiebelfreunde.de/).
+
+ If you live in Europe, your donation might be tax-deductible. Check what are
+ the precise conditions in your country, and [ask
+ Zwiebelfreunde](https://www.torservers.net/contact.html) for a donation
+ receipt if you need one.
- * A crowdfunding campaign run by the [Freedom of the Press Foundation](https://pressfreedomfoundation.org/)
* [[Bitcoin|donate#bitcoin]]
- * In the future, we might be able to accept other kinds of
- donations: Paypal, wire or bank transfer... In the meantime, if
- you cannot donate through Bitcoin, please [direct your donations
- to the Tor Project](https://www.torproject.org/donate/) -- they do
- great work, and they support us financially.
+
+ * If none of these methods suit you, consider [donating
+ to the Tor Project](https://www.torproject.org/donate/). They do
+ great work, and also support us financially.
+
+Thank you for your donation!
<a id="bitcoin"></a>
-## Bitcoin
+Bitcoin
+-------
+
+You can send Bitcoins to **<a href="bitcoin:1BvBMSEYstWetqTFn5Au4m4GFg7xJaNVN2">1BvBMSEYstWetqTFn5Au4m4GFg7xJaNVN2</a>**.
+
+<div class="caution">
+
+<p>Bitcoin is <a href="https://bitcoin.org/en/faq#is-bitcoin-anonymous">not
+anonymous</a>.</p>
+
+</div>
+
+<a id="swift"></a>
+
+Bank wire transfer
+------------------
+
+ Account holder: Zwiebelfreunde e.V.
+ Name of bank: GLS Gemeinschaftsbank eG
+ IBAN: DE25430609671126825603
+ BIC: GENODEM1GLS
+ Address of bank: Christstrasse 9, 44789 Bochum, Germany
+
+<a id="paypal"></a>
+
+Paypal
+------
+
+Please, use the euro (EUR) as currency as this makes accounting easier. However, Paypal
+automatically converts it to your local currency.
-Send us Bitcoins to: **1BvBMSEYstWetqTFn5Au4m4GFg7xJaNVN2**
+### Set up a recurring donation
-Beware: Bitcoin does not provide strong anonymity.
+<form action="https://www.paypal.com/cgi-bin/webscr" method="post" target='_blank' class='donation'>
+ <input type="hidden" name="cmd" value="_xclick-subscriptions"/>
+ <input type="hidden" name="business" value="donate@torservers.net"/>
+ <input type="hidden" name="item_name" value="Tails recurring donation"/>
+ <input type="hidden" name="no_note" value="1"/>
+ <input type="hidden" name="src" value="1"/>
+ <input type="hidden" name="modify" value="1"/>
+ <input type="hidden" name="t3" value="M"/>
+ <input name="lc" type="hidden" value="US" />
+ <input type="radio" name="a3" value="5" id="sub5" checked="checked" /><label for="sub5">5</label>
+ <input type="radio" name="a3" value="10" id="sub10"/><label for="sub10">10</label>
+ <input type="radio" name="a3" value="20" id="sub20"/><label for="sub20">20</label>
+ <input type="radio" name="a3" value="50" id="sub50"/><label for="sub50">50</label>
+ <input type="radio" name="a3" value="100" id="sub100"/><label for="sub100">100</label>
+ <input type="radio" name="a3" value="250" id="sub250"/><label for="sub250">250</label>
+ <input type="radio" name="a3" value="500" id="sub500"/><label for="sub500">500</label>
+ <select name="currency_code">
+ <option value='EUR'>EUR</option>
+ <option value='USD'>USD</option>
+ <option value='GBP'>GBP</option>
+ <option value='CAD'>CAD</option>
+ <option value='AUD'>AUD</option>
+ <option value='NZD'>NZD</option>
+ <option value='SEK'>SEK</option>
+ <option value='CZK'>CZK</option>
+ <option value='PLN'>PLN</option>
+ <option value='DKK'>DKK</option>
+ <option value='NOK'>NOK</option>
+ <option value='MXN'>MXN</option>
+ <option value='CHF'>CHF</option>
+ <option value='HKD'>HKD</option>
+ <option value='HUF'>HUF</option>
+ <option value='ILS'>ILS</option>
+ <option value='BRL'>BRL</option>
+ <option value='JPY'>JPY</option>
+ <option value='MYR'>MYR</option>
+ <option value='PHP'>PHP</option>
+ <option value='SGD'>SGD</option>
+ <option value='TWD'>TWD</option>
+ <option value='THB'>THB</option>
+ </select>
+ <br/>
+ <input type="radio" name="p3" value="1" id="sub_m" checked="checked" /><label for="sub_m">monthly</label>
+ <input type="radio" name="p3" value="3" id="sub_q"/><label for="sub_q">quarterly</label>
+ <input type="radio" name="p3" value="12" id="sub_y"/><label for="sub_y">yearly</label>
+ <br/>
+ <input type="submit" value="Subscribe" class="button" />
+</form>
-# What happens to my donation?
+### Make a one-time donation
-If you've just donated, thank you for your donation. Your funds are
-deposited into our general fund.
+<form action='https://www.paypal.com/cgi-bin/webscr' id='paypalForm' method='post' target='_blank' class='donation'>
+ <input name='cmd' type='hidden' value='_donations' />
+ <input name='business' type='hidden' value='donate@torservers.net' />
+ <input name='item_name' type='hidden' value='Tails one-time donation' />
+ <input type="hidden" name="no_shipping" value="1"/>
+ <input name="lc" type="hidden" value="US" />
+ <input type="radio" name="amount" value="5" id="pp_5" /><label for="pp_5">5</label>
+ <input type="radio" name="amount" value="10" id="pp_10"/><label for="pp_10">10</label>
+ <input type="radio" name="amount" value="20" id="pp_20"/><label for="pp_20">20</label>
+ <input type="radio" name="amount" value="50" id="pp_50"/><label for="pp_50">50</label>
+ <input type="radio" name="amount" value="100" id="pp_100"/><label for="pp_100">100</label>
+ <input type="radio" name="amount" value="" id="pp_cust" checked="checked"/><label for="pp_cust">custom amount</label>
+ <select name="currency_code">
+ <option value='EUR'>EUR</option>
+ <option value='USD'>USD</option>
+ <option value='GBP'>GBP</option>
+ <option value='CAD'>CAD</option>
+ <option value='AUD'>AUD</option>
+ <option value='NZD'>NZD</option>
+ <option value='SEK'>SEK</option>
+ <option value='CZK'>CZK</option>
+ <option value='PLN'>PLN</option>
+ <option value='DKK'>DKK</option>
+ <option value='NOK'>NOK</option>
+ <option value='MXN'>MXN</option>
+ <option value='CHF'>CHF</option>
+ <option value='HKD'>HKD</option>
+ <option value='HUF'>HUF</option>
+ <option value='ILS'>ILS</option>
+ <option value='BRL'>BRL</option>
+ <option value='JPY'>JPY</option>
+ <option value='MYR'>MYR</option>
+ <option value='PHP'>PHP</option>
+ <option value='SGD'>SGD</option>
+ <option value='TWD'>TWD</option>
+ <option value='THB'>THB</option>
+ </select>
+ <br/>
+ <input type="submit" value="Donate" class="button" />
+</form>
-<!-- You joined many other individual -->
-<!-- sponsors in funding the future of Tails and online anonymity. -->
+How does Tails use this money?
+==============================
Our [[financial documents|doc/about/finances]] are available for
your review.
diff --git a/wiki/src/contribute/how/donate.pt.po b/wiki/src/contribute/how/donate.pt.po
new file mode 100644
index 0000000..642411b
--- /dev/null
+++ b/wiki/src/contribute/how/donate.pt.po
@@ -0,0 +1,383 @@
+# SOME DESCRIPTIVE TITLE
+# Copyright (C) YEAR Free Software Foundation, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"POT-Creation-Date: 2014-09-22 12:27+0300\n"
+"PO-Revision-Date: 2014-09-15 12:30-0300\n"
+"Last-Translator: Tails Developers <amnesia@boum.org>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. type: Plain text
+#, no-wrap
+msgid "[[!meta title=\"Make a donation\"]]\n"
+msgstr "[[!meta title=\"Faça uma doação\"]]\n"
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"**Your support is critical to our success.** Consider making\n"
+"a donation to Tails.\n"
+msgstr ""
+"**Seu apoio é crítico para nosso sucesso.** Considere fazer\n"
+"uma doação para o Tails.\n"
+
+#. type: Plain text
+msgid ""
+"Note that Tails is a project mainly run by volunteers. There are [[many "
+"other ways to contribute|contribute]]!"
+msgstr ""
+"Note que Tails é um projeto executado principalmente por voluntários/as. "
+"Existem [[muitas outras formas de contribuir|contribute]]!"
+
+#. type: Title =
+#, no-wrap
+msgid "Ways to donate\n"
+msgstr "Formas de doação\n"
+
+#. type: Bullet: ' * '
+msgid ""
+"Crowdfunding campaign run by the American organization [Freedom of the Press "
+"Foundation](https://pressfreedomfoundation.org/bundle/encryption-tools-"
+"journalists)."
+msgstr ""
+"Campanha de financiamento coletivo coordenada pela organização americana "
+"[Freedom of the Press Foundation](https://pressfreedomfoundation.org/bundle/"
+"encryption-tools-journalists)."
+
+#. type: Plain text
+#, no-wrap
+msgid " If you live in the US, your donation will be tax-deductible.\n"
+msgstr " Se você vive nos Estados Unidos da América, sua doação será dedutível de impostos.\n"
+
+#. type: Bullet: ' * '
+msgid ""
+"[[Bank wire transfer|donate#swift]] or [[Paypal|donate#paypal]] through the "
+"German organization [Zwiebelfreunde e.V.](https://www.zwiebelfreunde.de/)."
+msgstr ""
+"[[Transferência bancária|donate#swift]] ou [[Paypal|donate#paypal]] através "
+"da organização alemã [Zwiebelfreunde e.V.](https://www.zwiebelfreunde.de/)."
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+" If you live in Europe, your donation might be tax-deductible. Check what are\n"
+" the precise conditions in your country, and [ask\n"
+" Zwiebelfreunde](https://www.torservers.net/contact.html) for a donation\n"
+" receipt if you need one.\n"
+msgstr ""
+" Se você vive na Europa, é possível que sua doação seja dedutível de impostos. Verifique\n"
+" quais são exatamente as condições no seu país, e [peça à\n"
+" Zwiebelfreunde](https://www.torservers.net/contact.html) um recibo\n"
+" caso você precise de um.\n"
+
+#. type: Bullet: ' * '
+msgid "[[Bitcoin|donate#bitcoin]]"
+msgstr "[[Bitcoin|donate#bitcoin]]"
+
+#. type: Bullet: ' * '
+msgid ""
+"If none of these methods suit you, consider [donating to the Tor Project]"
+"(https://www.torproject.org/donate/). They do great work, and also support "
+"us financially."
+msgstr ""
+"Se nenhum destes métodos são bons pra você, considere [fazer uma doação para "
+"o Projeto Tor](https://www.torproject.org/donate/). Eles fazem um ótimo "
+"trabalho, e também nos apoiam financeiramente."
+
+#. type: Plain text
+msgid "Thank you for your donation!"
+msgstr "Obrigado por sua doação!"
+
+#. type: Plain text
+#, no-wrap
+msgid "<a id=\"bitcoin\"></a>\n"
+msgstr "<a id=\"bitcoin\"></a>\n"
+
+#. type: Title -
+#, no-wrap
+msgid "Bitcoin\n"
+msgstr "Bitcoin\n"
+
+#. type: Plain text
+#, no-wrap
+msgid "You can send Bitcoins to **<a href=\"bitcoin:1BvBMSEYstWetqTFn5Au4m4GFg7xJaNVN2\">1BvBMSEYstWetqTFn5Au4m4GFg7xJaNVN2</a>**.\n"
+msgstr "Você pode enviar Bitcoins para **<a href=\"bitcoin:1BvBMSEYstWetqTFn5Au4m4GFg7xJaNVN2\">1BvBMSEYstWetqTFn5Au4m4GFg7xJaNVN2</a>**.\n"
+
+#. type: Plain text
+#, no-wrap
+msgid "<div class=\"caution\">\n"
+msgstr "<div class=\"caution\">\n"
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"<p>Bitcoin is <a href=\"https://bitcoin.org/en/faq#is-bitcoin-anonymous\">not\n"
+"anonymous</a>.</p>\n"
+msgstr ""
+"<p>Bitcoin <a href=\"https://bitcoin.org/en/faq#is-bitcoin-anonymous\">não\n"
+"é anônimo</a>.</p>\n"
+
+#. type: Plain text
+#, no-wrap
+msgid "</div>\n"
+msgstr "</div>\n"
+
+#. type: Plain text
+#, no-wrap
+msgid "<a id=\"swift\"></a>\n"
+msgstr "<a id=\"swift\"></a>\n"
+
+#. type: Title -
+#, no-wrap
+msgid "Bank wire transfer\n"
+msgstr "Transferência bancária\n"
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+" Account holder: Zwiebelfreunde e.V.\n"
+" Name of bank: GLS Gemeinschaftsbank eG\n"
+" IBAN: DE25430609671126825603\n"
+" BIC: GENODEM1GLS\n"
+" Address of bank: Christstrasse 9, 44789 Bochum, Germany\n"
+msgstr ""
+" Titular da conta: Zwiebelfreunde e.V.\n"
+" Nome do banco: GLS Gemeinschaftsbank eG\n"
+" IBAN: DE25430609671126825603\n"
+" BIC: GENODEM1GLS\n"
+" Endereço do banco: Christstrasse 9, 44789 Bochum, Alemanha\n"
+
+#. type: Plain text
+#, no-wrap
+msgid "<a id=\"paypal\"></a>\n"
+msgstr "<a id=\"paypal\"></a>\n"
+
+#. type: Title -
+#, no-wrap
+msgid "Paypal\n"
+msgstr "Paypal\n"
+
+#. type: Plain text
+msgid ""
+"Please, use the euro (EUR) as currency as this makes accounting easier. "
+"However, Paypal automatically converts it to your local currency."
+msgstr ""
+"Por favor, use euros (EUR) como moeda pois isto facilita nossa "
+"contabilidade. De qualquer forma, o Paypal converte automaticamente para sua "
+"moeda local."
+
+#. type: Title ###
+#, no-wrap
+msgid "Set up a recurring donation"
+msgstr "Configure uma doação periódica"
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"<form action=\"https://www.paypal.com/cgi-bin/webscr\" method=\"post\" target='_blank' class='donation'>\n"
+"\t<input type=\"hidden\" name=\"cmd\" value=\"_xclick-subscriptions\"/>\n"
+"\t<input type=\"hidden\" name=\"business\" value=\"donate@torservers.net\"/>\n"
+"\t<input type=\"hidden\" name=\"item_name\" value=\"Tails recurring donation\"/>\n"
+"\t<input type=\"hidden\" name=\"no_note\" value=\"1\"/>\n"
+"\t<input type=\"hidden\" name=\"src\" value=\"1\"/>\n"
+"\t<input type=\"hidden\" name=\"modify\" value=\"1\"/>\n"
+"\t<input type=\"hidden\" name=\"t3\" value=\"M\"/>\n"
+"\t<input name=\"lc\" type=\"hidden\" value=\"US\" />\n"
+"\t<input type=\"radio\" name=\"a3\" value=\"5\" id=\"sub5\" checked=\"checked\" /><label for=\"sub5\">5</label>\n"
+"\t<input type=\"radio\" name=\"a3\" value=\"10\" id=\"sub10\"/><label for=\"sub10\">10</label>\n"
+"\t<input type=\"radio\" name=\"a3\" value=\"20\" id=\"sub20\"/><label for=\"sub20\">20</label>\n"
+"\t<input type=\"radio\" name=\"a3\" value=\"50\" id=\"sub50\"/><label for=\"sub50\">50</label>\n"
+"\t<input type=\"radio\" name=\"a3\" value=\"100\" id=\"sub100\"/><label for=\"sub100\">100</label>\n"
+"\t<input type=\"radio\" name=\"a3\" value=\"250\" id=\"sub250\"/><label for=\"sub250\">250</label>\n"
+"\t<input type=\"radio\" name=\"a3\" value=\"500\" id=\"sub500\"/><label for=\"sub500\">500</label>\n"
+"\t<select name=\"currency_code\">\n"
+"\t\t\t<option value='EUR'>EUR</option>\n"
+"\t\t\t<option value='USD'>USD</option>\n"
+"\t\t\t<option value='GBP'>GBP</option>\n"
+"\t\t\t<option value='CAD'>CAD</option>\n"
+"\t\t\t<option value='AUD'>AUD</option>\n"
+"\t\t\t<option value='NZD'>NZD</option>\n"
+"\t\t\t<option value='SEK'>SEK</option>\n"
+"\t\t\t<option value='CZK'>CZK</option>\n"
+"\t\t\t<option value='PLN'>PLN</option>\n"
+"\t\t\t<option value='DKK'>DKK</option>\n"
+"\t\t\t<option value='NOK'>NOK</option>\n"
+"\t\t\t<option value='MXN'>MXN</option>\n"
+"\t\t\t<option value='CHF'>CHF</option>\n"
+"\t\t\t<option value='HKD'>HKD</option>\n"
+"\t\t\t<option value='HUF'>HUF</option>\n"
+"\t\t\t<option value='ILS'>ILS</option>\n"
+"\t\t\t<option value='BRL'>BRL</option>\n"
+"\t\t\t<option value='JPY'>JPY</option>\n"
+"\t\t\t<option value='MYR'>MYR</option>\n"
+"\t\t\t<option value='PHP'>PHP</option>\n"
+"\t\t\t<option value='SGD'>SGD</option>\n"
+"\t\t\t<option value='TWD'>TWD</option>\n"
+"\t\t\t<option value='THB'>THB</option>\n"
+"\t</select>\n"
+"\t<br/>\n"
+"\t<input type=\"radio\" name=\"p3\" value=\"1\" id=\"sub_m\" checked=\"checked\" /><label for=\"sub_m\">monthly</label>\n"
+"\t<input type=\"radio\" name=\"p3\" value=\"3\" id=\"sub_q\"/><label for=\"sub_q\">quarterly</label>\n"
+"\t<input type=\"radio\" name=\"p3\" value=\"12\" id=\"sub_y\"/><label for=\"sub_y\">yearly</label>\n"
+"\t<br/>\n"
+"\t<input type=\"submit\" value=\"Subscribe\" class=\"button\" />\n"
+"</form>\n"
+msgstr ""
+"<form action=\"https://www.paypal.com/cgi-bin/webscr\" method=\"post\" target='_blank' class='donation'>\n"
+"\t<input type=\"hidden\" name=\"cmd\" value=\"_xclick-subscriptions\"/>\n"
+"\t<input type=\"hidden\" name=\"business\" value=\"donate@torservers.net\"/>\n"
+"\t<input type=\"hidden\" name=\"item_name\" value=\"Tails recurring donation\"/>\n"
+"\t<input type=\"hidden\" name=\"no_note\" value=\"1\"/>\n"
+"\t<input type=\"hidden\" name=\"src\" value=\"1\"/>\n"
+"\t<input type=\"hidden\" name=\"modify\" value=\"1\"/>\n"
+"\t<input type=\"hidden\" name=\"t3\" value=\"M\"/>\n"
+"\t<input name=\"lc\" type=\"hidden\" value=\"US\" />\n"
+"\t<input type=\"radio\" name=\"a3\" value=\"5\" id=\"sub5\" checked=\"checked\" /><label for=\"sub5\">5</label>\n"
+"\t<input type=\"radio\" name=\"a3\" value=\"10\" id=\"sub10\"/><label for=\"sub10\">10</label>\n"
+"\t<input type=\"radio\" name=\"a3\" value=\"20\" id=\"sub20\"/><label for=\"sub20\">20</label>\n"
+"\t<input type=\"radio\" name=\"a3\" value=\"50\" id=\"sub50\"/><label for=\"sub50\">50</label>\n"
+"\t<input type=\"radio\" name=\"a3\" value=\"100\" id=\"sub100\"/><label for=\"sub100\">100</label>\n"
+"\t<input type=\"radio\" name=\"a3\" value=\"250\" id=\"sub250\"/><label for=\"sub250\">250</label>\n"
+"\t<input type=\"radio\" name=\"a3\" value=\"500\" id=\"sub500\"/><label for=\"sub500\">500</label>\n"
+"\t<select name=\"currency_code\">\n"
+"\t\t\t<option value='EUR'>EUR</option>\n"
+"\t\t\t<option value='USD'>USD</option>\n"
+"\t\t\t<option value='GBP'>GBP</option>\n"
+"\t\t\t<option value='CAD'>CAD</option>\n"
+"\t\t\t<option value='AUD'>AUD</option>\n"
+"\t\t\t<option value='NZD'>NZD</option>\n"
+"\t\t\t<option value='SEK'>SEK</option>\n"
+"\t\t\t<option value='CZK'>CZK</option>\n"
+"\t\t\t<option value='PLN'>PLN</option>\n"
+"\t\t\t<option value='DKK'>DKK</option>\n"
+"\t\t\t<option value='NOK'>NOK</option>\n"
+"\t\t\t<option value='MXN'>MXN</option>\n"
+"\t\t\t<option value='CHF'>CHF</option>\n"
+"\t\t\t<option value='HKD'>HKD</option>\n"
+"\t\t\t<option value='HUF'>HUF</option>\n"
+"\t\t\t<option value='ILS'>ILS</option>\n"
+"\t\t\t<option value='BRL'>BRL</option>\n"
+"\t\t\t<option value='JPY'>JPY</option>\n"
+"\t\t\t<option value='MYR'>MYR</option>\n"
+"\t\t\t<option value='PHP'>PHP</option>\n"
+"\t\t\t<option value='SGD'>SGD</option>\n"
+"\t\t\t<option value='TWD'>TWD</option>\n"
+"\t\t\t<option value='THB'>THB</option>\n"
+"\t</select>\n"
+"\t<br/>\n"
+"\t<input type=\"radio\" name=\"p3\" value=\"1\" id=\"sub_m\" checked=\"checked\" /><label for=\"sub_m\">mensal</label>\n"
+"\t<input type=\"radio\" name=\"p3\" value=\"3\" id=\"sub_q\"/><label for=\"sub_q\">trimestral</label>\n"
+"\t<input type=\"radio\" name=\"p3\" value=\"12\" id=\"sub_y\"/><label for=\"sub_y\">anual</label>\n"
+"\t<br/>\n"
+"\t<input type=\"submit\" value=\"Inscrever\" class=\"button\" />\n"
+"</form>\n"
+
+#. type: Title ###
+#, no-wrap
+msgid "Make a one-time donation"
+msgstr "Faça uma única doação"
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"<form action='https://www.paypal.com/cgi-bin/webscr' id='paypalForm' method='post' target='_blank' class='donation'>\n"
+"\t<input name='cmd' type='hidden' value='_donations' />\n"
+"\t<input name='business' type='hidden' value='donate@torservers.net' />\n"
+"\t<input name='item_name' type='hidden' value='Tails one-time donation' />\n"
+"\t<input type=\"hidden\" name=\"no_shipping\" value=\"1\"/>\n"
+"\t<input name=\"lc\" type=\"hidden\" value=\"US\" />\n"
+"\t<input type=\"radio\" name=\"amount\" value=\"5\" id=\"pp_5\" /><label for=\"pp_5\">5</label>\n"
+"\t<input type=\"radio\" name=\"amount\" value=\"10\" id=\"pp_10\"/><label for=\"pp_10\">10</label>\n"
+"\t<input type=\"radio\" name=\"amount\" value=\"20\" id=\"pp_20\"/><label for=\"pp_20\">20</label>\n"
+"\t<input type=\"radio\" name=\"amount\" value=\"50\" id=\"pp_50\"/><label for=\"pp_50\">50</label>\n"
+"\t<input type=\"radio\" name=\"amount\" value=\"100\" id=\"pp_100\"/><label for=\"pp_100\">100</label>\n"
+"\t<input type=\"radio\" name=\"amount\" value=\"\" id=\"pp_cust\" checked=\"checked\"/><label for=\"pp_cust\">custom amount</label>\n"
+"\t<select name=\"currency_code\">\n"
+"\t\t<option value='EUR'>EUR</option>\n"
+"\t\t<option value='USD'>USD</option>\n"
+"\t\t<option value='GBP'>GBP</option>\n"
+"\t\t<option value='CAD'>CAD</option>\n"
+"\t\t<option value='AUD'>AUD</option>\n"
+"\t\t<option value='NZD'>NZD</option>\n"
+"\t\t<option value='SEK'>SEK</option>\n"
+"\t\t<option value='CZK'>CZK</option>\n"
+"\t\t<option value='PLN'>PLN</option>\n"
+"\t\t<option value='DKK'>DKK</option>\n"
+"\t\t<option value='NOK'>NOK</option>\n"
+"\t\t<option value='MXN'>MXN</option>\n"
+"\t\t<option value='CHF'>CHF</option>\n"
+"\t\t<option value='HKD'>HKD</option>\n"
+"\t\t<option value='HUF'>HUF</option>\n"
+"\t\t<option value='ILS'>ILS</option>\n"
+"\t\t<option value='BRL'>BRL</option>\n"
+"\t\t<option value='JPY'>JPY</option>\n"
+"\t\t<option value='MYR'>MYR</option>\n"
+"\t\t<option value='PHP'>PHP</option>\n"
+"\t\t<option value='SGD'>SGD</option>\n"
+"\t\t<option value='TWD'>TWD</option>\n"
+"\t\t<option value='THB'>THB</option>\n"
+"\t</select>\n"
+"\t<br/>\n"
+"\t<input type=\"submit\" value=\"Donate\" class=\"button\" />\n"
+"</form>\n"
+msgstr ""
+"<form action='https://www.paypal.com/cgi-bin/webscr' id='paypalForm' method='post' target='_blank' class='donation'>\n"
+"\t<input name='cmd' type='hidden' value='_donations' />\n"
+"\t<input name='business' type='hidden' value='donate@torservers.net' />\n"
+"\t<input name='item_name' type='hidden' value='Tails one-time donation' />\n"
+"\t<input type=\"hidden\" name=\"no_shipping\" value=\"1\"/>\n"
+"\t<input name=\"lc\" type=\"hidden\" value=\"US\" />\n"
+"\t<input type=\"radio\" name=\"amount\" value=\"5\" id=\"pp_5\" /><label for=\"pp_5\">5</label>\n"
+"\t<input type=\"radio\" name=\"amount\" value=\"10\" id=\"pp_10\"/><label for=\"pp_10\">10</label>\n"
+"\t<input type=\"radio\" name=\"amount\" value=\"20\" id=\"pp_20\"/><label for=\"pp_20\">20</label>\n"
+"\t<input type=\"radio\" name=\"amount\" value=\"50\" id=\"pp_50\"/><label for=\"pp_50\">50</label>\n"
+"\t<input type=\"radio\" name=\"amount\" value=\"100\" id=\"pp_100\"/><label for=\"pp_100\">100</label>\n"
+"\t<input type=\"radio\" name=\"amount\" value=\"\" id=\"pp_cust\" checked=\"checked\"/><label for=\"pp_cust\">valor personalizado</label>\n"
+"\t<select name=\"currency_code\">\n"
+"\t\t<option value='EUR'>EUR</option>\n"
+"\t\t<option value='USD'>USD</option>\n"
+"\t\t<option value='GBP'>GBP</option>\n"
+"\t\t<option value='CAD'>CAD</option>\n"
+"\t\t<option value='AUD'>AUD</option>\n"
+"\t\t<option value='NZD'>NZD</option>\n"
+"\t\t<option value='SEK'>SEK</option>\n"
+"\t\t<option value='CZK'>CZK</option>\n"
+"\t\t<option value='PLN'>PLN</option>\n"
+"\t\t<option value='DKK'>DKK</option>\n"
+"\t\t<option value='NOK'>NOK</option>\n"
+"\t\t<option value='MXN'>MXN</option>\n"
+"\t\t<option value='CHF'>CHF</option>\n"
+"\t\t<option value='HKD'>HKD</option>\n"
+"\t\t<option value='HUF'>HUF</option>\n"
+"\t\t<option value='ILS'>ILS</option>\n"
+"\t\t<option value='BRL'>BRL</option>\n"
+"\t\t<option value='JPY'>JPY</option>\n"
+"\t\t<option value='MYR'>MYR</option>\n"
+"\t\t<option value='PHP'>PHP</option>\n"
+"\t\t<option value='SGD'>SGD</option>\n"
+"\t\t<option value='TWD'>TWD</option>\n"
+"\t\t<option value='THB'>THB</option>\n"
+"\t</select>\n"
+"\t<br/>\n"
+"\t<input type=\"submit\" value=\"Doe\" class=\"button\" />\n"
+"</form>\n"
+
+#. type: Title =
+#, no-wrap
+msgid "How does Tails use this money?\n"
+msgstr "Como o Tails usa este dinheiro?\n"
+
+#. type: Plain text
+msgid ""
+"Our [[financial documents|doc/about/finances]] are available for your review."
+msgstr ""
+"Nossos [[documentos financeiros|doc/about/finances]] estão disponíveis para "
+"seu escrutínio."
diff --git a/wiki/src/contribute/how/mirror.mdwn b/wiki/src/contribute/how/mirror.mdwn
index 1d66721..26746df 100644
--- a/wiki/src/contribute/how/mirror.mdwn
+++ b/wiki/src/contribute/how/mirror.mdwn
@@ -56,6 +56,14 @@ Else, new versions are announced on:
HTTP
====
+<div class="note">
+
+<p>We cannot add more mirrors to our DNS pool at the moment because of a <a
+href="https://trac.torproject.org/projects/tor/ticket/11741">bug in the Tor
+resolver</a> that prevents us from having more than around 25 mirrors.</p>
+
+</div>
+
To efficiently help Tails users downloading it over HTTP, one needs to
have sufficiently privileged access to a web server with decent
bandwidth: a domestic DSL connection won't help; neither will a shared
@@ -67,11 +75,13 @@ a normal day, and twice as much for a short period after each release.
So, it is a must to be able to push at least 2 [[!wikipedia TiB]]
a month, and preferably 3 or 4 TiB.
+You will also need around 5-10 GiB of disk space.
+
If you satisfy these practical requirements, please read on!
Else, please consider seeding Tails images over BitTorrent instead.
Before starting doing any real work on this topic, please get in touch
-(<tails@boum.org>, [[OpenPGP key|doc/about/openpgp_keys]]) and send us
+(<tails@boum.org>, [[OpenPGP key|doc/about/openpgp_keys#private]]) and send us
your OpenPGP public key, so that any further communication between us
can be properly encrypted and authenticated.
diff --git a/wiki/src/contribute/how/translate.mdwn b/wiki/src/contribute/how/translate.mdwn
index 48608fd..5178c36 100644
--- a/wiki/src/contribute/how/translate.mdwn
+++ b/wiki/src/contribute/how/translate.mdwn
@@ -13,295 +13,67 @@ Welcome aboard!</p>
Most of Tails developers are not native English speakers so you're
more than welcome to correct or improve our English.
-For this, you can either follow the [[Git workflow|translate#git]] or
+For this, you can either follow the [[Git workflow|translate/with_Git]] or
[[propose|contribute/talk]] another way that suits you better to share
your improvements with us.
<a id="translate"></a>
-# Translate Tails
+# Translate Tails custom programs
You can help correct, improve, or complete the translations of Tails
-programs and documentation into your native language:
+programs into your native language:
-* **For French**, the existing translators
- team uses Git. So, read [[translating with Git|translate#git]].
+* **For French**, the translation team uses Git. Read its [[dedicated
+ documentation|translate/team/fr]] for translators.
* **For other languages**, read [[translating with
- Transifex|translate#transifex]].
-* However, this website is [[translated with Git|translate#git]]
- in **all languages**.
+ Transifex|translate/with_Transifex]].
+ Tails programs can be translated into more than 140 languages this way.
-<a id="transifex"></a>
+# Translate this website
-## With Transifex
+You can also translate this website, which includes the Tails
+[[documentation|doc]]. This is done [[translate/with_Git]].
-Most of Tails can be translated directly online after logging in with
-[Transifex](http://docs.transifex.com/):
+The translations are peer-reviewed and thus, you need to get into contact with
+a language team if you want to participate.
+In general, you can contact the translation teams via the
+[[mailing list for translators|translate#follow-up]].
-- [Tails
-Greeter](https://www.transifex.com/projects/p/torproject/resource/3-tails-tails-greeter-pot/)
-- [Tails Persistence
-Setup](https://www.transifex.com/projects/p/torproject/resource/3-tails-tails-persistence-setup-pot/)
-- [Tails Installer](https://www.transifex.com/projects/p/torproject/resource/3-tails-liveusb-creator-pot/)
-- [Tails Upgrader](https://www.transifex.com/projects/p/torproject/resource/tails-tails-iukpot/)
-- [Tails Perl library](https://www.transifex.com/projects/p/torproject/resource/tails-tails-perl5lib/)
-- [WhisperBack](https://www.transifex.com/projects/p/torproject/resource/3-whisperback-whisperback-pot/)
-- [A set of various translatable strings](https://www.transifex.com/projects/p/torproject/resource/tails-misc/)
+<a id="language-teams"></a>
-You are now doing translation work for Tails on Transifex. This is
-great, thanks!
+Currently, there are three active **language teams**:
-Beware, we don't host Transifex.com, they do have their own privacy policy.
+* [[French|translate/team/fr]]
+* [[German|translate/team/de]]
+* [[Portuguese|translate/team/pt]]
-Further:
+and three new language teams are being set up:
-- It would be awesome if you did [[follow-up on
- translation needs|translate#follow-up]].
-- You might want to [[translate the Tails
- website|translate#new-language]] too.
+* Italian
+* Spanish
+* Turkish
-<a id="git"></a>
-
-## Translation team using Git
-
-On the long run, translators team often decide to use [[Git]] to share and
-synchronize their work, and ask us to integrate it within the
-official repositories.
-
-### What can be translated
-
-Various bits of text can be translated:
-
-* **Custom programs** (Tails Greeter, Tails Persistence Setup, Tails
- Installer, Tails Upgrader, Tails Perl library and WhisperBack): each
- one has its own [[Git repository|contribute/git]], where PO files
- live in the `po` directory. Some have a `README.translators` at the
- root of their source tree: please read it.
-* **A set of various translatable strings** live in the `po`
- directory, in the `devel`
- branch of the [[main Tails Git repository|contribute/Git]].
-* **This website** must be translated in the `master` branch of the
- [[main Tails Git repository|contribute/Git]]. Please note [[there
- are requirements|translate#new-language]] to translate the website
- into a new language.
-
-### gettext
-
-The translation system used to translate Tails is called <span
-class="application">[[!wikipedia gettext]]</span>. Every sentence that
-needs to be translated is written in a [PO
-file](https://www.gnu.org/software/gettext/manual/gettext.html#PO-Files).
-
-To edit these PO files, we recommend that you use <span
-class="application">[Poedit](http://www.poedit.net/screenshots.php)</span>, a
-cross-platform editor for PO
-files. <span class="application">Poedit</span> is included in Tails.
-
-Please ensure that you use at least version 1.5 of Poedit, as this version
-handles line breaks of our files correctly.
-
-When setting up Poedit, you might want to ensure to use "Tails translators"
-or "Tails developers" as translator name and "tails@boum.org" as translator
-contact email address.
-
-If you do not use Poedit, but for example Vim or Emacs with the po-plugin, please
-verify for each translation that the syntax of the files is not broken. In order to do
-do so, please refer to the [[localization tricks page|contribute/l10n_tricks]].
-
-If there is no existing PO file for your language, you can copy the
-corresponding `.pot` file into a new `.po` file.
-
-When working on the website translation, it is highly recommended that you
-[[build the wiki locally|contribute/build/website/]] in order to verify
-your modifications or to review the translations of somebody else.
-
-### Workflow
-
-You can take advantage of Git to send us your work by asking us to
-pull from your Git branch. Here is the typical workflow used by Tails
-translators teams:
-
-1. Set up your personal [[Git repository|contribute/git]]: if you
- already know where to host it in a public place, this is great;
- else, [fork us on repo.or.cz](http://repo.or.cz/w/tails.git) or ask
- the Tails system administrators (<tails-sysadmins@boum.org>) to host
- your repository.
-
- On your computer, set up the repository. This example clones
- an empty repository into the "tails" folder:
-
- `git clone http://repo.or.cz/r/tails/yourrepo.git tails`
-
-2. Then setup the remote Tails main repository:
-
- `cd tails`
-
- `git remote add tails https://git-tails.immerda.ch/tails`
-
- Typing `git remote` should now show two entries:
-
- `origin
- tails`
-
- "origin" is your own repository, "tails" contains the files of the
- main repository once we fetch them. This operation requires some time
- at setup, as it requires to pull the whole repository.
-
- `git fetch tails master`
-
-3. Now to setup Git, type:
-
- `git config user.name "Tails developers"
- git config user.email "tails@boum.org"`
-
- Verify this configuration by typing:
-
- `git config --list`
-
-4. Create a branch for every translation you make, for example, if you want to
- translate the "contribute" page, create a branch named "translation-contribute":
-
- `git branch translation-contribute`
-
- `git checkout translation-contribute`
-
- Now typing `git branch` should show a star in front of the active branch.
-
-5. Translate whatever you can in your preferred PO file editor.
-
-6. Commit the changes you made to `.po` files:
-
- `git add <files>`
-
- `git commit <files>`
-
-7. Merge our main repository into yours.
- Regularly, pull from the master branch of the main repository to update
- your local files.
-
- `git fetch tails master` only fetches new files,
-
- `git pull tails master` fetches and merges the files.
-
-8. Push your changes to your online Git repository.
-
- `git push origin <name of branch>`
-
- `git push origin translation-contribute`
-
-9. Ask other members of your translation team to review your work by writing
- an email to [[the mailing list for
- translators|translate#follow-up]], containing in its subject
- "(Review)" and the short code for the translated language, for example "[fr]".
-
-10. The reviewer, once happy with the result, should ask on the
- [[mailing list for translators|translate#follow-up]] to pull from
- the branch that was worked on, writing an email with "(pull)" and the language
- short code in the subject. Ideally, such email would be OpenPGP-signed.
-
-You might want to consider using Git over Tor, for example, by using a Tails device when you translate.
-
-Read more about the Tails [[Git|contribute/git]] setup.
-
-### Let's get organized
-
-You are now doing translation work for Tails using Git. This is great,
-thanks! It would be awesome if you did [[follow-up on translation
-needs|translate#follow-up]].
-
-### Team duties
-
-Our custom programs can be translated [[using
-Transifex|translate#transifex]]. Work done there is not automatically
-synchronized with the translations your team does in Git.
-
-It is nice to minimize time wasted by unknown people who work, with
-Transifex, on the same thing as your translation team.
-
-So, a translation team using Git should regularly contact Transifex
-translators (listed in the `Last-translator` field of the PO files one
-can download from Transifex), either over email or using the Transifex
-interface, to:
-
-1. Thank them for translating Tails stuff.
-2. Make it clear their work is not imported (and is therefore, well,
- useless).
-3. Invite them to join the team and share the team's
- preferred workflow.
-4. Invite them to subscribe to [[the mailing list for
- translators|translate#follow-up]].
-
-<a id="new-language"></a>
-
-# Translate this website into a new language
-
-There are already some active website translation teams,
-coordinating via the [[mailing list for translators|translate#follow-up]].
-
-So, you want the Tails website to be available in a new language.
-Please keep in mind that it represents quite a lot of work.
-
-Therefore, here are a few things that would be required in order to start
-translating the Tails website to a new language:
-
-1. A team of translators, not just one person, is necessary. That also
- allows for peer reviews between the team, more flexibility for
- example when an important deadline arrives.
-
-2. At least part of the team should subscribe to the [[mailing list
- for translators|translate#follow-up]].
-
-3. Since the content of the website is sensitive in terms of privacy
- protection, Tails developers need to establish contacts with
- trusted people to review the work from time to time.
-
-4. For translations to be useful, they need to be maintained in the
- long run. This takes a few hours a month.
-
-Once those conditions are fulfilled, the new team can start working on a first
-batch of translations.
-
- - The Tails custom programs, as [[documented earlier|translate#translate]]
-
- - Important parts of our website:
-
- - [[/index]]
- - [[/about]] page
- - [[/getting_started]] page
- - [[/support]] page
- - [[/download]] page
- - [[/doc/about]] section
- - [[/doc/first_steps]] section
-
- See the exhaustive list of [[core pages|l10n_tricks/core_po_files.txt]].
-
-Do not hesitate to report the progress of your work on the [[mailing list for
-translators|translate#follow-up]].
+If your language is not listed here, read the documentation
+to [[add a new language|translate/team/new]].
<a id="follow-up"></a>
-# Follow-up on translation needs
+# Mailing list for translators
+
+Translators coordinate on the tails-l10n mailing
+list (*l10n* stands for [[!wikipedia Software_localization desc="localization"]]).
-Translators coordinate on the tails-l10n mailing list (*l10n* stands
-for [[!wikipedia Software_localization desc="localization"]]).
-Important changes to translatable strings are announced there.
+This is where important changes to translatable strings are announced.
+So, please subscribe to the list if you want to become a regular
+translator:
-Please <a href='https://mailman.boum.org/listinfo/tails-l10n/'>subscribe</a> to
-the list if you want to become a regular translator.
+<form method="POST" action="https://mailman.boum.org/subscribe/tails-l10n">
+ <input class="text" name="email" value=""/>
+ <input class="button" type="submit" value="Subscribe"/>
+</form>
Any message sent to this list is stored in a [public
archive](https://mailman.boum.org/pipermail/tails-l10n/), so beware of
what your email content and headers reveal about yourself: location,
IP address, email subject and content, etc.
-
-You can consult this
-[archive](https://mailman.boum.org/pipermail/tails-l10n/) to search
-for recent translation requests.
-
-See also the [translation
-tickets](https://labs.riseup.net/code/projects/tails/issues?query_id=144)
-on Redmine.
-
-# Resources
-
-- The [[localization tricks page|contribute/l10n_tricks]]
diff --git a/wiki/src/contribute/how/translate/team/de.mdwn b/wiki/src/contribute/how/translate/team/de.mdwn
new file mode 100644
index 0000000..61f7e68
--- /dev/null
+++ b/wiki/src/contribute/how/translate/team/de.mdwn
@@ -0,0 +1,12 @@
+[[!meta title="Translate Tails into German"]]
+
+# Glossaries used by the German translation team
+
+We try to follow the [GNOME Guidelines](https://wiki.gnome.org/de/Uebersetzung)
+and their glossaries:
+
+* <https://wiki.gnome.org/de/StandardUebersetzungen>
+* <https://wiki.gnome.org/de/Uebersetzung/Dokumentationen>
+
+For words not in these lists it is helpful to see
+how they are translated (or not translated) in Wikipedia.
diff --git a/wiki/src/contribute/how/translate/team/fr.mdwn b/wiki/src/contribute/how/translate/team/fr.mdwn
new file mode 100644
index 0000000..ea178b6
--- /dev/null
+++ b/wiki/src/contribute/how/translate/team/fr.mdwn
@@ -0,0 +1,65 @@
+[[!meta title="Translate Tails into French"]]
+
+**For French**, the existing translation team uses Git.
+Please read the documentation about [[translating with
+Git|translate/with_Git]] first.
+
+[[!toc levels=2]]
+
+# What can be translated
+
+For French, various bits of text can be translated via Git:
+
+* **Custom programs**: each one has its own Git repository, where PO files live in the `po` directory.
+ Some have a `README.translators` at the root of their source tree: please read it.
+
+ Here is a list of these repositories:
+ [Tails Greeter](https://git-tails.immerda.ch/greeter),
+ [Tails Persistence Setup](https://git-tails.immerda.ch/persistence-setup),
+ [Tails Installer](https://git-tails.immerda.ch/liveusb-creator),
+ [Tails Upgrader](https://git-tails.immerda.ch/iuk),
+ [Tails Perl library](https://git-tails.immerda.ch/perl5lib)
+ and [WhisperBack](https://git-tails.immerda.ch/whisperback).
+
+* **A set of various translatable strings** live in the `po`
+ directory, in [the `devel` branch of the main Tails Git
+ repository](https://git-tails.immerda.ch/tails/log/?h=devel).
+
+* **This website** must be translated in the `master` branch of the
+ [main Tails Git repository](https://git-tails.immerda.ch/tails/).
+
+# Contributors' repositories
+
+* matsa: [[http://repo.or.cz/w/tails/matsa.git]]
+* mercedes508: [[https://git-tails.immerda.ch/mercedes508]]
+* seb35: [[https://git-tails.immerda.ch/seb35]]
+
+# Glossaries
+
+A [French glossary](https://www.transifex.com/projects/p/torproject/glossary/l/fr/)
+is [hosted by the Tor Project on Transifex](https://blog.torproject.org/blog/introducing-tor-translation-glossary).
+
+See also [amaGama](https://amagama-live.translatehouse.org/),
+which aims to "gather FOSS translations together in one place".
+
+# Team duties
+
+Our custom programs can be translated [[using
+Transifex|translate/with_Transifex]]. Work done there is not automatically
+synchronized with the translations your team does in Git.
+
+It is nice to minimize time wasted by unknown people who work, with
+Transifex, on the same thing as your translation team.
+
+So, a translation team using Git should regularly contact Transifex
+translators (listed in the `Last-translator` field of the PO files one
+can download from Transifex), either over email or using the Transifex
+interface, to:
+
+1. Thank them for translating Tails stuff.
+2. Make it clear their work is not imported (and is therefore, well,
+ useless).
+3. Invite them to join the team and share the team's
+ preferred workflow.
+4. Invite them to subscribe to [[the mailing list for
+ translators|translate#follow-up]].
diff --git a/wiki/src/contribute/how/translate/team/new.mdwn b/wiki/src/contribute/how/translate/team/new.mdwn
new file mode 100644
index 0000000..2600106
--- /dev/null
+++ b/wiki/src/contribute/how/translate/team/new.mdwn
@@ -0,0 +1,46 @@
+[[!meta title="Translate Tails website into a new language"]]
+
+There are already some active website translation teams,
+coordinating via the [[mailing list for translators|translate#follow-up]].
+
+So, you want the Tails website to be available in a new language.
+Please keep in mind that it represents quite a lot of work.
+
+Therefore, here are a few things that would be required in order to start
+translating the Tails website to a new language:
+
+1. A team of translators, not just one person, is necessary.
+ This allows for peer reviews between team members. It also makes it
+ easier to handle both scheduled and unexpected deadlines.
+
+2. At least part of the team should subscribe to the [[mailing list
+ for translators|translate#follow-up]].
+
+3. For translations to be useful, they need to be maintained in the
+ long run. This takes a few hours a month.
+
+Once those conditions are fulfilled, the new team can start working on a first
+batch of translations:
+
+ - The Tails custom programs, as [[documented earlier|translate#translate]]
+
+ - Important parts of our website:
+
+ - [[/index]]
+ - [[/about]] page
+ - [[/getting_started]] page
+ - [[/support]] page
+ - [[/download]] page
+ - [[/doc/about]] section
+ - [[/doc/first_steps]] section
+
+ See the exhaustive list of [[core pages|l10n_tricks/core_po_files.txt]].
+
+This may take some time. Don't get discouraged! Along the way, do not
+hesitate to report about your progress, and to ask for help, on the
+[[mailing list for translators|translate#follow-up]] :)
+
+Finally, in order to ease collaboration and to make it easier to join
+you, the new team should document what glossaries it uses, and what
+Git repositories are used by its members (see e.g. the [[French
+translation team's documentation|translate/team/fr]]).
diff --git a/wiki/src/contribute/how/translate/team/pt.mdwn b/wiki/src/contribute/how/translate/team/pt.mdwn
new file mode 100644
index 0000000..a183f8c
--- /dev/null
+++ b/wiki/src/contribute/how/translate/team/pt.mdwn
@@ -0,0 +1,4 @@
+[[!meta title="Translate Tails into Portuguese"]]
+
+The Portuguese translation team uses its [[own mailing
+list|https://mailman.boum.org/listinfo/tails-l10n-pt-br/]].
diff --git a/wiki/src/contribute/how/translate/translation_progress.mdwn b/wiki/src/contribute/how/translate/translation_progress.mdwn
index 1ae71c4..f8e6844 100644
--- a/wiki/src/contribute/how/translate/translation_progress.mdwn
+++ b/wiki/src/contribute/how/translate/translation_progress.mdwn
@@ -1,23 +1,24 @@
[[!meta title="Translation progress"]]
This page lists pages that are not 100% translated into a language.
-To choose the language, select one of the "translation" links above.
-Note: This page itself does not need to be translated.
+Note: this page itself does not need to be translated.
-Note: The numbers count a page's incoming links, and thus, broadly, its importance.
+Note: the numbers count a page's incoming links, and thus, broadly, its importance.
-## Full list of all pages needing translation:
+[[!toc levels=1]]
-[[!pagestats style=table pages="(smiley/* or directives/* or basewiki/*) and !*/discussion and currentlang() and needstranslation()"]]
+## All pages needing translation
-## Pages that are more than 80%, but less than 100% translated:
+[[!pagestats style=table pages="needstranslation()"]]
+
+## Pages that are more than 80%, but less than 100% translated
(Good to work on if you want to maximise the number of fully translated pages.)
-[[!pagestats style=table pages="(smiley/* or directives/* or basewiki/*) and !*/discussion and currentlang() and needstranslation() and !needstranslation(80)"]]
+[[!pagestats style=table pages="needstranslation() and !needstranslation(80)"]]
-## Pages that are 80% or less translated:
+## Pages that are 80% or less translated
-[[!pagestats style=table pages="(smiley/* or directives/* or basewiki/*) and !*/discussion and currentlang() and needstranslation(80)"]]
+[[!pagestats style=table pages="needstranslation(80)"]]
diff --git a/wiki/src/contribute/how/translate/with_Git.mdwn b/wiki/src/contribute/how/translate/with_Git.mdwn
new file mode 100644
index 0000000..15bd8fd
--- /dev/null
+++ b/wiki/src/contribute/how/translate/with_Git.mdwn
@@ -0,0 +1,196 @@
+[[!meta title="Translate Tails and its website using Git"]]
+
+While it is possible to translate Tails custom programs using Transifex,
+this website, which includes the Tails [[documentation|doc]], can only
+be translated using Git.
+
+This page explains how to get it up and running.
+
+[[!toc levels=2]]
+
+# Set up your tools
+
+We recommend to use Tails to do your translations as it contains all the tools
+you need to set up a working environment.
+
+If you want to use another operating system, these tools are:
+
+* Git - manage source code
+* Poedit - translate files
+* OpenSSH client - publish your translations on the server
+* tools to [[build the wiki locally|contribute/build/website/]] in
+ order to check how it will look like
+
+If you do not use Tails, please ensure that you use at least version 1.5 of Poedit,
+as this version handles line breaks correctly.
+
+The following instructions assume that you are using Tails.
+
+# How and what to translate?
+
+Once you have [[downloaded the Tails source code using Git|translate/with_Git#workflow]],
+you can find the website source files in `wiki/src`.
+
+The original website files are written in English, either in [[!wikipedia HTML]] or in [[!wikipedia Markdown]]. They have either a
+`.html` or a `.mdwn` extension.
+
+These original files are not to be modified by translators. Instead, look for a file with the
+same name, but with the extension `.po`. Before this extension you will find the language code,
+for example `fr` for French.
+
+To edit these PO files, we recommend that you use <span
+class="application">[Poedit](http://www.poedit.net/screenshots.php)</span>, a
+cross-platform editor for PO files.
+
+When setting up Poedit, you might want to ensure to use "Tails translators"
+or "Tails developers" as translator name and "tails@boum.org" as translator
+contact email address.
+
+If you do not use Poedit, but for example Vim or Emacs with the po-plugin, please
+verify for each translation that the syntax of the files is not broken. In order to do
+do so, please refer to the [[localization tricks page|contribute/l10n_tricks]].
+
+If there is no existing PO file for your language, you can copy the
+corresponding `.pot` file into a new `.po` file.
+
+<a id="workflow"></a>
+
+# Workflow
+
+Git makes it possible to work together on the same files and to track each modification.
+If you don't know Git yet, you might want to [[learn it first|contribute/git#learn_Git]].
+
+Here is the typical workflow used by Tails translation teams.
+
+If there is any point which you don't understand, please do not hesitate to
+ask on the [[mailing list for translators|translate#follow-up]], we will be glad to help you.
+
+1. **Set up your own repository**
+
+ In order to set up your own repository, you need to host it on a publicly accessible
+ Git server. There are a lot of websites providing you with such a possibility.
+
+ If you already know where to host it in a public place, this is great;
+ else, [fork us on repo.or.cz](http://repo.or.cz/w/tails.git) or ask
+ the Tails system administrators (<tails-sysadmins@boum.org>) to host
+ your repository.
+
+ You first need to setup a [[persistent volume|doc/first_steps/persistence]]
+ to save the source code. Then navigate to the persistent folder, using the terminal:
+
+ cd ~/Persistent
+
+ This example clones an empty repository into the "tails" folder:
+
+ git clone http://repo.or.cz/r/tails/yourrepo.git tails
+
+2. **Copy the source code from the main repository**
+
+ Then setup the remote Tails main repository:
+
+ cd tails
+ git remote add tails https://git-tails.immerda.ch/tails
+
+ Typing `git remote` should now show two entries:
+
+ origin
+ tails
+
+ More specifically, if you type `git remote -v` and you'll see something like this:
+
+ origin ssh://yourrepo@repo.or.cz/srv/git/tails/yourrepo.git (fetch)
+ origin ssh://yourrepo@repo.or.cz/srv/git/tails/yourrepo.git (push)
+ tails https://git-tails.immerda.ch/tails (fetch)
+ tails https://git-tails.immerda.ch/tails (push)
+
+ "origin" is your own repository, "tails" contains the files of the
+ main repository once we fetch them. This operation requires some time
+ at setup, as it requires to pull the whole repository.
+
+ git fetch tails master
+
+3. **Configure your credentials**
+
+ Now to setup Git, type:
+
+ git config user.name "Tails developers"
+ git config user.email "tails@boum.org"
+
+ Verify this configuration by typing:
+
+ git config --list
+
+4. **Translate!**
+
+ Create a branch for every translation you make, for example, if you want to
+ translate the "contribute" page, create a branch named "translation-contribute":
+
+ git branch translation-contribute
+ git checkout translation-contribute
+
+ Now typing `git branch` should show a star in front of the active branch.
+
+5. Translate whatever you can in your preferred PO file editor, possibly Poedit.
+
+6. **Save your translations**
+
+ Commit the changes you made to `.po` files:
+
+ git add <files>
+ git commit <files>
+
+7. **Test your work**
+
+ [[Build the wiki locally|contribute/build/website/]] in order to verify
+ your modifications or to review the translations of somebody else.
+
+ If you need to rework something, go back to point 5, translate and test again.
+
+8. Merge our main repository into yours.
+ Regularly, pull from the master branch of the main repository to update
+ your local files.
+
+ `git fetch tails master` only fetches new files, while
+ `git pull tails master` fetches and merges the files.
+
+9. **Publish your modifications**
+
+ Push your changes to your online Git repository.
+
+ git push origin <name of branch>
+
+ For example,
+
+ git push origin translation-contribute
+
+10. Ask other members of your translation team to review your work by writing
+ an email to [[the mailing list for
+ translators|translate#follow-up]], containing in its subject
+ "(Review)" and the short code for the translated language, for example "[fr]".
+
+11. The reviewer, once happy with the result, should ask on the
+ [[mailing list for translators|translate#follow-up]] to pull from
+ the branch that was worked on, writing an email with "(pull)" and the language
+ short code in the subject. Ideally, such email would be OpenPGP-signed.
+
+Each [[language team|translate#language-teams]] keeps track of their contributors' repositories.
+To add one of these repositories as a `remote` in Git, use the following command line:
+
+ git remote add [name] git://git.tails.boum.org/[name].git
+
+For example:
+
+ git remote add matsa git://repo.or.cz/tails/matsa.git
+
+# More informations and resources
+
+The translation system used to translate Tails is called <span
+class="application">[[!wikipedia gettext]]</span>. Every sentence that
+needs to be translated is written in a [PO
+file](https://www.gnu.org/software/gettext/manual/gettext.html#PO-Files)
+by [ikiwiki](https://ikiwiki.info).
+
+The `\[[!wikipedia ..]]` strings you can find in some files are ikiwiki [[shortcuts]].
+You might also need to understand [[ikiwiki directives|ikiwiki/directive]].
+
+See also [[localization tricks page|contribute/l10n_tricks]].
diff --git a/wiki/src/contribute/how/translate/with_Transifex.mdwn b/wiki/src/contribute/how/translate/with_Transifex.mdwn
new file mode 100644
index 0000000..cb65620
--- /dev/null
+++ b/wiki/src/contribute/how/translate/with_Transifex.mdwn
@@ -0,0 +1,25 @@
+[[!meta title="Translate Tails using Transifex"]]
+
+Most of Tails can be translated directly online, through a simple web interface,
+after logging in with [Transifex](http://transifex.com/).
+
+- [Tails
+ Greeter](https://www.transifex.com/projects/p/torproject/resource/3-tails-tails-greeter-pot/)
+- [Tails Persistence
+ Setup](https://www.transifex.com/projects/p/torproject/resource/3-tails-tails-persistence-setup-pot/)
+- [Tails Installer](https://www.transifex.com/projects/p/torproject/resource/3-tails-liveusb-creator-pot/)
+- [Tails Upgrader](https://www.transifex.com/projects/p/torproject/resource/tails-tails-iukpot/)
+- [Tails Perl library](https://www.transifex.com/projects/p/torproject/resource/tails-tails-perl5libpot/)
+- [WhisperBack](https://www.transifex.com/projects/p/torproject/resource/3-whisperback-whisperback-pot/)
+- [A set of various translatable strings](https://www.transifex.com/projects/p/torproject/resource/tails-misc/)
+
+In order to get started with using Transifex, [you can watch their
+introductory video](https://www.youtube.com/watch?v=3y0x8q3Oj7Q).
+
+You are now doing translation work for Tails on Transifex. This is
+great, thanks!
+
+Beware, we don't host Transifex.com, they do have their own privacy policy.
+
+If you want to go further and [[translate the Tails website|translate]], please get in touch via our
+translation mailing list.
diff --git a/wiki/src/contribute/l10n_tricks.mdwn b/wiki/src/contribute/l10n_tricks.mdwn
index fe32c3b..462adbb 100644
--- a/wiki/src/contribute/l10n_tricks.mdwn
+++ b/wiki/src/contribute/l10n_tricks.mdwn
@@ -97,3 +97,20 @@ only on one language. This [[script|git-clean-po]] does a checkout on all of
the modified PO files in your working tree. **Make sure to do `git add` on the
files that you modified before running it**, otherwise your changes will be
lost.
+
+List Transifex translators
+==========================
+
+This script lists people who did translation work on Transifex. You first need
+to import those translation using the `./import-translations` script.
+
+This is useful for:
+
+ - a team using Git to get in touch regularly with the translators on Transifex
+ so that they don't waste their time without anyone telling them.
+ - a new team to recruit translator to work on the website.
+
+Execute from the root of the Git repository:
+
+ ./import-translations
+ ./wiki/src/contribute/l10n_tricks/transifex_translators.sh
diff --git a/wiki/src/contribute/l10n_tricks/check_po.sh b/wiki/src/contribute/l10n_tricks/check_po.sh
index 70e5986..24af675 100755
--- a/wiki/src/contribute/l10n_tricks/check_po.sh
+++ b/wiki/src/contribute/l10n_tricks/check_po.sh
@@ -4,13 +4,19 @@
# Usage: check_po.sh [LANGUAGE]
+set -u
+
if ! [ -x "`which i18nspector`" ] ; then
echo "i18nspector: command not found"
echo "You need to install i18nspector first. See /contribute/l10n_tricks."
exit 2
fi
-ONLY_LANG="$1"
+if [ $# -ge 1 ] ; then
+ FILE_GLOB="*.${1}.po"
+else
+ FILE_GLOB='*.po'
+fi
PATTERNS_FILE="$(mktemp -t XXXXXX.patterns)"
echo "
@@ -33,12 +39,19 @@ no-report-msgid-bugs-to-header-field
no-version-in-project-id-version
unable-to-determine-language
unknown-poedit-language
-" | grep -v '^$' > $PATTERNS_FILE
+" | grep -v '^$' > "$PATTERNS_FILE"
-if [ -n "$ONLY_LANG" ]; then
- FILE_GLOB="*.${ONLY_LANG}.po"
-else
- FILE_GLOB="*.po"
-fi
+CPUS=$(egrep '^processor[[:space:]]+:' /proc/cpuinfo | wc -l)
+OUTPUT=$(find -iname "$FILE_GLOB" -print0 \
+ | xargs -0 --max-procs="$CPUS" --max-args=64 i18nspector \
+ | grep -v --line-regexp '' \
+ | grep -v -f "$PATTERNS_FILE")
+
+### Output and exit code
+# Our automated testing jobs depend on it, beware!
+
+# Output the filtered i18nspector's output
+echo -n "$OUTPUT"
-find -iname "$FILE_GLOB" -exec i18nspector '{}' \; | grep -v -f $PATTERNS_FILE
+# Exit code: 0 iff. the filtered i18nspector's output was empty
+[ $(echo -n "$OUTPUT" | wc -l) -eq 0 ]
diff --git a/wiki/src/contribute/l10n_tricks/language_statistics.sh b/wiki/src/contribute/l10n_tricks/language_statistics.sh
index 31d29b3..d4d01ca 100755
--- a/wiki/src/contribute/l10n_tricks/language_statistics.sh
+++ b/wiki/src/contribute/l10n_tricks/language_statistics.sh
@@ -35,7 +35,7 @@ statistics () {
msgattrib --translated --no-fuzzy --no-obsolete --no-wrap $PO_MESSAGES \
| count_translated_words
)
- echo "$lang: $(($TRANSLATED*100/$TOTAL))% strings translated, $(($FUZZY*100/$TOTAL))% strings fuzzy, $(($TRANSLATED_WC*100/$TOTAL_WC))% words translated"
+ echo " - $lang: $(($TRANSLATED*100/$TOTAL))% ($TRANSLATED) strings translated, $(($FUZZY*100/$TOTAL))% strings fuzzy, $(($TRANSLATED_WC*100/$TOTAL_WC))% words translated"
rm -f $PO_FILES $PO_MESSAGES
}
@@ -52,8 +52,8 @@ else
fi
# all PO files
-echo "All PO files"
-echo "============"
+echo "All website PO files"
+echo "===================="
echo ""
for lang in $LANGUAGES ; do
@@ -65,8 +65,8 @@ done
# core PO files
echo ""
-echo "Core PO files"
-echo "============="
+echo "[[Core PO files|contribute/l10n_tricks/core_po_files.txt]]"
+echo "=========================================================="
echo ""
for lang in $LANGUAGES ; do
diff --git a/wiki/src/contribute/l10n_tricks/transifex_translators.sh b/wiki/src/contribute/l10n_tricks/transifex_translators.sh
new file mode 100755
index 0000000..9242a36
--- /dev/null
+++ b/wiki/src/contribute/l10n_tricks/transifex_translators.sh
@@ -0,0 +1,21 @@
+#!/bin/sh
+
+set -e
+set -u
+
+PROJECTS="liveusb-creator tails-greeter tails-iuk tails-misc tails-perl5lib tails-persistence-setup whisperback"
+GIT_TOPLEVEL_DIR=$(git rev-parse --show-toplevel)
+TOR_TRANSLATION_DIR="$GIT_TOPLEVEL_DIR/tmp/tor-translation"
+
+(
+ cd "$TOR_TRANSLATION_DIR"
+ for project in $PROJECTS; do
+ for branch in "$project" "${project}_completed"; do
+ git checkout --quiet "$branch"
+ git reset --quiet --hard "origin/$branch"
+ git grep -H 'Last-Translator' | grep -v '^templates/' \
+ | sed -e 's/^\([A-Za-z_]\+\)\/\1\.po:"Last-Translator: \(.\+\)\\n"$/\1 \2/' \
+ | grep -Ev '(FULL NAME|tor-assistants@torproject.org|colin@torproject.org|runa.sandvik@gmail.com|support-team-private@lists.torproject.org|<>)'
+ done
+ done | sort -u
+)
diff --git a/wiki/src/contribute/low-hanging_fruit_sessions.mdwn b/wiki/src/contribute/low-hanging_fruit_sessions.mdwn
new file mode 100644
index 0000000..465596a
--- /dev/null
+++ b/wiki/src/contribute/low-hanging_fruit_sessions.mdwn
@@ -0,0 +1,20 @@
+[[!meta title="Low-hanging fruits sessions"]]
+
+Each month a low-hanging fruits session is organized. During these
+sessions, we spend some time together working on many small tasks that take less
+than two hours each.
+
+It currently happens on **twelfth day** of the month on
+[[#tails-dev|contribute/chat]] at 9pm CEST or CET (7pm or 8pm UTC).
+Everybody is welcome to attend, existing contributors and those who
+want to become one.
+
+The goals are to:
+
+* Bypass the somewhat cumbersome paperwork of the usual email-based
+ [[review and merge process|contribute/merge_policy]]: during
+ low-hanging fruits sessions, we exceptionally allow ourselves to go
+ through it live on IRC.
+* Enjoy doing non-urgent things and have some fun together.
+* Get a lot of small improvements into the next Tails release.
+* Cleanup our todo list a bit.
diff --git a/wiki/src/contribute/meetings.mdwn b/wiki/src/contribute/meetings.mdwn
index 4910d18..d922083 100644
--- a/wiki/src/contribute/meetings.mdwn
+++ b/wiki/src/contribute/meetings.mdwn
@@ -1,22 +1,29 @@
[[!meta title="Contributors meetings"]]
Each month a contributors meeting is organized. It currently happens
-either on **the first or second, Thursday or Wednesday, of the month on [[#tails-dev|contribute/chat]] at
-8pm UTC (10pm CEST)**. Every Tails contributor is welcome to attend.
+on **third day** of the month on [[#tails-dev|contribute/chat]] at
+9pm CEST or CET (7pm or 8pm UTC). Everybody is welcome to attend, existing
+contributors and those who want to become one.
-A proposed agenda is sent in advance on <tails-dev@boum.org>.
-To propose and prepare other discussion topics, raise them as answers to
-this announcement on <tails-dev@boum.org>, so that others can help prepare the
-discussion as well.
+Feel free to propose and prepare discussion topics:
+
+ - Raise them in this thread so that others can ask details and prepare the
+ discussion too.
+
+ - Update the [[blueprint of the agenda|blueprint/monthly_meeting]].
+
+ - Make sure that the discussion tickets that you want to treat during the
+ meeting are well detailed on Redmine.
If you want to get involved but don't know yet how, please introduce
yourself during the meeting, and be sure to tell us what you are
interested in.
The meeting might not be the most adequate time and place to properly
-introduce newcomers to the development process, but at least it should
-be a fine place to know each others, and schedule a better
-suited event.
+introduce newcomers to the development process
+([[contribute/low-hanging_fruit_sessions]] are more appropriate), but
+at least it should be a fine place to know each others, and schedule
+a better suited event.
# Meeting minutes
diff --git a/wiki/src/contribute/meetings/201408.mdwn b/wiki/src/contribute/meetings/201408.mdwn
new file mode 100644
index 0000000..ace0e78
--- /dev/null
+++ b/wiki/src/contribute/meetings/201408.mdwn
@@ -0,0 +1,75 @@
+[[!tails_ticket 6972 desc="Create a 'Sponsors' page"]]
+======================================================
+
+ - We will add a contact info for sponsors on the "Donate" page:
+ [[!tails_ticket 7734]].
+ - Create a new page targeted at potential sponsors:
+ - Start with listing generic information that doesn't rely on our roadmap.
+ - Maybe include hints to our roadmap and priorities but then it has to be
+ maintained.
+ - DrWhax will give it a try.
+ - We didn't decide on whether listing past sponsors on that page.
+
+Press enquiries
+===============
+
+ - We have two press enquires in our queue:
+ - one from businessinsider.com and
+ - one from "Il Manifesto"
+ - sycamoreone will try to submit a draft for "Il Manifesto": [[!tails_ticket
+ 7738]].
+
+[[!tails_ticket 7521 desc="Export iCal calendar from ikiwiki"]]
+===============================================================
+
+ - Do this using ikiwiki would imply working on ikiwiki plugins.
+ - Nobody volunteered to do that.
+ - We will explore the calendar possibilities of Redmine first.
+ - Redmine has a calendar module:
+ <http://www.redmine.org/projects/redmine/wiki/RedmineCalendar>
+ - But custom query can be saved on the calendar view, apparently.
+ - There is also a iCal export plugin:
+ <http://www.redmine.org/projects/redmine/wiki/PluginICalendarExport>
+ - All this needs more research: [[!tails_ticket 7735]].
+
+[[!tails_ticket 7638 desc="Decide something about the proposed plan regarding TrueCrypt"]]
+==========================================================================================
+
+ - The current proposal is:
+ - Tails 1.2 (October 2014): update the wrapper to point to alternatives,
+ ship cryptsetup 1.6, have documentation to open TC volumes with
+ cryptsetup.
+ - Tails 1.3 (January 2015): drop TC entirely.
+ - People are free to work on that earlier if they want.
+ - People love the plausible deniability and will complain a lot if we remove
+ TC before the persistence is by default, but we'll have to live with it.
+ - intrigeri and sajolida will work together on updating the documentation.
+
+[[!tails_ticket 7697 desc="Create list and repo for tails-fundraising"]]
+========================================================================
+
+ - A few people feel the need to have tools to coordinate fundraising efforts.
+ - On the other hand, the accounting team is afraid about how to split the
+ communication between tails-accounting@ and tails-fundraising@, especially
+ regarding splitting the grant proposal, the budget, the communication with
+ the funder, etc.
+ - We decided to create a new Schleuder list tails-fundraising@boum.org, and a
+ git-remote-gcrypt repository.
+ - It will include all the information that is meant to be known by the funder:
+ grant information, application text, budget, etc. but all the rest would not
+ be there.
+ - Texts from past applications will be imported in that repository.
+ - MoC and DrWhax who are already working on this will nominate other candidate
+ members to tails@boum.org.
+ - This list tails-fundraising@boum.org will be the contact for sponsors on the
+ Donate page: [[!tails_ticket 7734]].
+
+[[!tails_ticket 7380 desc="Randomise MAC address when scanning for Wi-Fi networks even when MAC spoofing is disabled"]]
+=======================================================================================================================
+
+ - Three people (sajolida, jvoisin, and intrigeri) were convinced by anonym's
+ [comment #2](https://labs.riseup.net/code/issues/7380#note-2) and agreed
+ with rejecting.
+ - Furthermore as anonym said, we might not want to change how Tails behaves
+ when opting-out of MAC spoofing, so it would turn the MAC option into a
+ tri-state, which makes UI complicated.
diff --git a/wiki/src/contribute/meetings/201409.mdwn b/wiki/src/contribute/meetings/201409.mdwn
new file mode 100644
index 0000000..efd96a7
--- /dev/null
+++ b/wiki/src/contribute/meetings/201409.mdwn
@@ -0,0 +1,57 @@
+[[!meta title="September 2014 online meeting"]]
+
+[[!toc levels=1]]
+
+# Hole in the Roof
+
+We looked at the [[Hole in the Roof|https://labs.riseup.net/code/versions/198]]
+tickets.
+Many build environment related tasks.
+Maybe a friend of jvoisin wants to look on Docker issues.
+
+# Monthly low-hanging fruit sessions
+
+Next one is on Friday, September 12, on #tails-dev (indymedia.org) at 19:00 UTC (21:00 CEST)
+
+At least three people said they would attend.
+
+# [[Tails Code of Conduct|https://mailman.boum.org/pipermail/tails-project/2014-August/000013.html]]
+
+Everybody likes the way is shaping, although we need to cover more situations.
+Someone will write a blueprint, and send an email with the updated version.
+
+We agreed on the following:
+
+ - "This code of conduct applies to all spaces used by the Tails project. This
+ includes IRC, the mailing lists, the issue tracker, the website, events, and
+ any other forums which the community uses for communication."
+ - Use "tails@boum.org" as contact point.
+ - Integrate "don't publish private communication" and "if in doubt, ask us
+ first" in the part about recording.
+
+# [[!tails_ticket 7870 desc="Include OnionShare in Tails?"]]
+
+We will wait until it is included in Debian.
+Meanwhile someone will [[!tails_ticket 7873 desc="have a look at the code"]].
+
+# [[!tails_ticket 7540 desc="More darknets"]]
+
+Someone proposed on Redmine to include more darknets, for example freenet and Namecoin.
+
+We don't know Namecoin, and adding freenet seems a bad idea to someone. Also they are not in Debian.
+We will close the ticket and open another one in case some darknet packaged for Debian appears (freenet, namecoin or others)
+
+# [[!tails_ticket 7753 desc="Decide what to do regarding OFTC"]]
+
+We see Indymedia and OFTC as unstable services. We need something more stable to have preconfigured in Tails.
+We lack of time and resources to run our own IRC server.
+
+Maybe XMPP is a better solution but we raised the problem of having randomly
+generated account on the server. We would need to find a server that:
+
+ - Allows the creation of new accounts on the go.
+ - Erases unused accounts frequently.
+ - Supports Tor for real.
+ - Has a commercial SSL certificate or is available as a hidden service.
+
+Someone will investigate solutions for the situation on [[!tails_ticket 7874]].
diff --git a/wiki/src/contribute/meetings/201411.mdwn b/wiki/src/contribute/meetings/201411.mdwn
new file mode 100644
index 0000000..ad2cd5d
--- /dev/null
+++ b/wiki/src/contribute/meetings/201411.mdwn
@@ -0,0 +1,62 @@
+[[!meta title="November 2014 meeting"]]
+
+[[!toc levels=1]]
+
+# [[!tails_ticket 7976 desc="Disable LAN access in Tor Browser, delegate to Unsafe Browser?"]]
+
+We agreed on moving LAN browsing from outside Tor Browser. Now we need
+to decide whether we want it to be included in the Unsafe Browser or
+have a dedicated browser. We considered one of the following options:
+
+ - Unsafe Browser including LAN
+ - Unsafe Browser and separate LAN Browser
+
+That's a UX decision basically, so sajolida will raise the issue on
+tails-ux@boum.org.
+
+The proposed solution will help deciding something with respect to
+[[!tails_ticket 7774]] as well. Either maybe "Non-anonymous Browser" if
+the two features are combined in one browser, or "Captive Portal
+Browser" and "LAN Browser" if the two browsers are separate. But those
+names would have to be refined.
+
+# Roadmap amendments proposal
+
+<https://mailman.boum.org/pipermail/tails-dev/2014-August/006573.html>
+<https://mailman.boum.org/pipermail/tails-dev/2014-August/006693.html>
+<https://mailman.boum.org/pipermail/tails-dev/2014-August/006739.html>
+
+We added those tickets to our roadmap:
+
+ - [[!tails_ticket 6092]] → 2.0
+ - [[!tails_ticket 5472]] → 2.0
+ - [[!tails_ticket 7042]] → 2.0
+ - [[!tails_ticket 6918]] → 3.0
+ - [[!tails_ticket 7724]] → 3.0
+ - [[!tails_ticket 6185]] → 2.0
+
+# [[!tails_ticket 6051 desc="Migrate master Git repository to immerda"]]
+
+The only real advantage of moving our master Git repository to immerda
+would be to have more control on who has commit permissions. But we do
+that only on very rare occasions. We couldn't find any good reason to do
+this work so we rejected this ticket.
+
+# [[!tails_ticket 7778 desc="Have an easy way to use or discover Tails OpenPGP Applet from Iceweasel"]]
+
+We considered this as a low priority but interesting UX issue. People
+willing to design and propose a new UI for that should make sure that
+they understand the security implications as well as the amount of
+additional technical work of their solution.
+
+# [[!tails_ticket 7963 desc="Replace default desktop background with another"]]
+
+We agreed on trying to reduce the brightness and saturation of the
+current background to be less hurting to the eyes. While keeping the
+same blue color.
+
+# [[!tails_ticket 7376 desc="Use more discreet Pidgin tray icons in Windows camouflage mode"]] and [[!tails_ticket 7399 desc="Remove Pidgin systray icon in Windows 8 camouflage"]]
+
+We considered those as no real issues. The camouflage mode tries to
+avoid being spotted as Tails by someone passing by but it can't be a
+100% perfect imitation of Windows. So we decided to reject both tickets.
diff --git a/wiki/src/contribute/merge_policy/review.mdwn b/wiki/src/contribute/merge_policy/review.mdwn
index a605b76..6d81404 100644
--- a/wiki/src/contribute/merge_policy/review.mdwn
+++ b/wiki/src/contribute/merge_policy/review.mdwn
@@ -41,7 +41,4 @@ On the APT repository side,
committed*; else, ask the branch submitter to split the remaining tasks
into other tickets.
1. Push the updated branch to the master Git repository.
-1. If you merged into a branch that is built by [our
- Jenkins](https://jenkins.tails.boum.org/), also push it to the Git
- repository on lizard (`gitolite@git.puppet.tails.boum.org:tails`).
1. Reply to the email that requested the review.
diff --git a/wiki/src/contribute/relationship_with_upstream.mdwn b/wiki/src/contribute/relationship_with_upstream.mdwn
index 2f922c2b..61a1346 100644
--- a/wiki/src/contribute/relationship_with_upstream.mdwn
+++ b/wiki/src/contribute/relationship_with_upstream.mdwn
@@ -4,8 +4,8 @@
# Why this document?
-The Debian Derivatives Guidelines ([[!debwiki
-Derivatives/Guidelines]]) encourages "derivative distributions to
+The Debian Derivatives Guidelines ([[!debwiki Derivatives/Guidelines]])
+encourages "derivative distributions to
mention and define their relationship with Debian". Because this seems
like a great idea to us, we wrote this statement that not only covers
Tails' relationship with Debian, but also Tails' relationship with any
diff --git a/wiki/src/contribute/release_process.mdwn b/wiki/src/contribute/release_process.mdwn
index 3e99700..885a4cd 100644
--- a/wiki/src/contribute/release_process.mdwn
+++ b/wiki/src/contribute/release_process.mdwn
@@ -16,8 +16,8 @@ the scripts snippets found on this page:
export TAG=$(echo "$VERSION" | sed -e 's,~,-,')
export PREVIOUS_VERSION=$(dpkg-parsechangelog --offset 1 --count 1 -SVersion)
-* `NEXT_VERSION`: set to the version number of the next Tails release
- (e.g. 0.23 when releasing 0.22.1)
+* `NEXT_MAJOR_VERSION`: set to the version number of the next Tails release
+ (e.g. 0.23 when releasing 0.22.1, and 1.3 when releasing 1.2)
* `MAJOR_RELEASE`: set to 1 if preparing a major release, to 0 else
* `ISOS`: the directory where one stores `tails-i386-*`
sub-directories like the ones downloaded with BitTorrent.
@@ -41,11 +41,11 @@ Pre-freeze
The [[contribute/working_together/roles/release_manager]] role
documentation has more tasks that should be done early enough.
-Update Iceweasel preferences
-----------------------------
+Update Tor Browser preferences
+------------------------------
* update `extensions.adblockplus.currentVersion` in
- `config/chroot_local-includes/etc/iceweasel/profile/user.js`
+ `config/chroot_local-includes/etc/tor-browser/profile/preferences/0000tails.js`
Coordinate with Debian security updates
---------------------------------------
@@ -71,22 +71,22 @@ AdBlock patterns
----------------
Patterns are stored in
-`config/chroot_local-includes/etc/iceweasel/profile/adblockplus/`.
+`config/chroot_local-includes/etc/tor-browser/profile.default/adblockplus/`.
1. Boot Tails
-2. Open *Tools* → *Addons*
+2. Start the tor Browser and open *Tools* → *Addons*
3. Select *Adblock Plus* in extensions
4. Open *Preferences* → *Filter preferences…*
5. For each filters, click *Actions* → *Update filters*
-6. Close Iceweasel
-7. Copy the `.mozilla/firefox/default/adblockplus/patterns.ini` from
- this Iceweasel instance to the
- `config/chroot_local-includes/etc/iceweasel/profile/adblockplus`
+6. Close the Tor Browser
+7. Copy the `.tor-browser/profile.default/adblockplus/patterns.ini` from
+ this Tor Browser instance to the
+ `config/chroot_local-includes/etc/tor-browser/profile/adblockplus`
directory in the Tails Git checkout.
8. Commit:
git commit -m 'Update AdBlock Plus patterns.' \
- config/chroot_local-includes/etc/iceweasel/profile/adblockplus/patterns.ini
+ config/chroot_local-includes/etc/tor-browser/profile/adblockplus/patterns.ini
Upgrade bundled binary Debian packages
--------------------------------------
@@ -116,7 +116,6 @@ Correct all the errors that are not in the ignored list of
Then see the relevant release processes:
-* [[iceweasel]]
* [[liveusb-creator]]
* [[tails-greeter]]
* [[perl5lib]]
@@ -127,6 +126,11 @@ Then see the relevant release processes:
* build a Debian package
* upload it to our [[APT repository]]
+Upgrade the Tor Browser
+-----------------------
+
+See the dedicated page: [[tor-browser]]
+
Update PO files
---------------
@@ -151,6 +155,8 @@ If we are at freeze time for a major release:
* Merge the `devel` Git branch into `testing`.
* Reset the `testing` APT suite to the state of the `devel` one, as
documented on [[contribute/APT_repository#workflow-freeze]].
+* If there is no Jenkins job building ISO images from the `testing`
+ branch, ask <tails-sysadmins@boum.org> to re-activate it.
Else, if we are at freeze time for a point-release:
@@ -174,8 +180,8 @@ Then, gather other useful information from:
* every custom bundled package's own Changelog (Greeter, Persistent
Volume Assistant, etc.);
-* the "Fix committed" section on the [Release Manager
- View](https://labs.riseup.net/code/projects/tails/issues?query_id=130).
+* the "Fix committed" section on the *Release Manager View*
+ in Redmine.
Finally, commit:
@@ -204,6 +210,7 @@ matches the date of the future signature.
echo "$VERSION" > wiki/src/inc/stable_i386_version.html
echo "$RELEASE_DATE" > wiki/src/inc/stable_i386_date.html
+ sed -ri "s%news/version_.*]]%news/version_$VERSION]]%" wiki/src/inc/stable_i386_release_notes.*
$EDITOR wiki/src/inc/*.html
./build-wiki
git commit wiki/src/inc/ -m "Update version and date for $VERSION."
@@ -244,12 +251,16 @@ If at freeze time:
as detailed on the [[documentation for
translators|contribute/how/translate]].
+ To get a list of changes on the website:
+
+ git diff --stat 1.1.. -- *.{mdwn,html}
+
Import the signing key
======================
You should never import the Tails signing key into your own keyring,
-and a good practice is to import it to a tmpfs so no key material is
-written to disk:
+and a good practice is to import it to a tmpfs to limit the risks that
+the private key material is written to disk:
export GNUPGHOME=$(mktemp -d)
sudo mount -t tmpfs tmpfs "$GNUPGHOME"
@@ -295,10 +306,17 @@ SquashFS file order
1. Burn a DVD.
1. Boot this DVD **on bare metal**.
1. Add `profile` to the kernel command-line.
-1. Three minutes after `iceweasel` has been loaded, retrieve the new sort
- file from `/var/log/boot-profile`.
+1. Login.
+1. Wait for the "Tor is ready" notification.
+1. Start the web browser.
+1. A few minutes later, once the `boot-profile` process has been
+ killed, retrieve the new sort file from `/var/log/boot-profile`.
1. Copy the new sort file to `config/binary_rootfs/squashfs.sort`.
-1. Cleanup a bit.
+1. Cleanup a bit:
+ - remove `var/log/live/config.pipe`: otherwise the boot is broken
+ or super-slow
+ - remove the bits about `kill-boot-profile` at the end: they're
+ only useful when profiling the boot
1. Inspect the Git diff (including diff stat), apply common sense.
1. `git commit -m 'Updating SquashFS sort file' config/binary_rootfs/squashfs.sort`
@@ -364,7 +382,7 @@ Use `tails-create-iuk` to build the following IUKs:
1.0. This should be done even if there was no IUK generated from the
previous stable release since it is a good way to test the iuk code
that'll be used for the incremental upgrade paths to the
- `$NEXT_VERSION`.
+ next version.
Example (for RC, replace `$PREVIOUS_VERSION` with e.g. `$VERSION~rc1`
below):
@@ -404,8 +422,10 @@ Prepare upgrade-description files
( cd $IUK_CHECKOUT && \
./bin/tails-iuk-generate-upgrade-description-files \
--version "$VERSION" \
- --next-version "$NEXT_VERSION" \
- --next-version "${NEXT_VERSION}~rc1" \
+ --next-version "$NEXT_MAJOR_VERSION" \
+ --next-version "${NEXT_MAJOR_VERSION}~rc1" \
+ --next-version "${VERSION}.1" \
+ --next-version "${VERSION}.1~rc1" \
--iso "$ISOS/tails-i386-$VERSION/tails-i386-$VERSION.iso" \
--previous-version "$PREVIOUS_VERSION" \
--previous-version "${VERSION}~rc1" \
@@ -420,12 +440,22 @@ Prepare upgrade-description files
* At least the last stable release and the previous release
candidates for the version being released must be passed to
`--previous-version`.
- * A few (say, 2 or 3) older versions must be passed with
- `--previous-version`, so that users who skipped a release or two
- are directly informed of the new one.
+ * Older versions for which there is no incremental upgrade path to
+ the new release must be passed with `--previous-version`, so that
+ users who skipped a release or two are informed of the new one.
+ Note that multi-steps incremental upgrade paths are valid and
+ supported: e.g. when releasing 1.1.2, 1.1 users should still be
+ able to incrementally upgrade to 1.1.1, and in turn to 1.1.2; to
+ make this work, one must _not_ pass `--previous-version 1.1`,
+ that would remove the existing incremental upgrade path from 1.1
+ to 1.1.1.
* If preparing a release candidate, add `--channel alpha`
- * If preparing a release candidate, do not pass
- `--next-version "${NEXT_VERSION}~rc1"`
+ * If preparing a release candidate, drop all `--next-version`
+ arguments, and instead pass (**untested!**)
+ `--next-version $(echo $VERSION | sed -e 's,~rc*$,,')`
+ * If preparing a point-release, pass neither
+ `--next-version "${VERSION}.1"`,
+ nor `--next-version "${VERSION}.1~rc1"`
1. Create an armoured detached signature for each created or modified
upgrade-description file.
@@ -464,9 +494,14 @@ Upload images
Sanity check
------------
-Verify that the current source for Firefox is still the same we've
-used when preparing our custom Iceweasel package: e.g. FF17.0.8 got
-re-tagged and re-uploaded at the last minute, due to a test failure.
+Verify that the TBB release used in Tails still is the most
+recent. Also look if there's a new `-buildX` tag for the targetted TBB
+and Tor Browser versions in their respective Git repos:
+
+* <https://gitweb.torproject.org/builders/tor-browser-bundle.git>
+* <https://gitweb.torproject.org/tor-browser.git>
+
+A new tag may indicate that a new TBB release is imminent.
Better catch this before people spend time doing manual tests.
@@ -588,6 +623,8 @@ Write the announcement for the release in
[[!tails_gitweb_commit 9925321]] breaks all existing persistent
profiles).
- Document known issues.
+- Update the link(s) to these release notes in
+ `wiki/src/doc/first_steps/upgrade.mdwn`.
Write an announcement listing the security bugs affecting the previous
version in `security/` in order to let the users of the old versions
@@ -602,7 +639,7 @@ image to be released was *built*. Including:
- the list of BSA fixed in packages we ship since those that were in
the previous release of Tails:
<https://lists.debian.org/debian-backports-announce/>
-- the list of MFSA fixed by the iceweasel update:
+- the list of MFSA fixed by the Tor Browser update:
<https://www.mozilla.org/security/announce/>
If preparing a release candidate
@@ -662,8 +699,8 @@ Go wild!
Sanity check
------------
-Verify once more that the current source for Firefox is still the same
-we've used when preparing our custom Iceweasel packages.
+Verify once more that the TBB we ship is still the most recent (see
+above).
Push
----
@@ -782,19 +819,16 @@ this, and skip what does not make sense for a RC.
done
- `git push --force origin experimental`
-1. Push the release tag to lizard for Jenkins' consumption: `git push --tags lizard`
-1. Force-push all major branches to lizard:
-
- for branch in stable testing devel experimental ; do
- git push --force lizard $branch:$branch
- done
-
-1. Make sure Jenkins manages to build all major branches fine:
+1. Make sure Jenkins manages to build all updated major branches fine:
<https://jenkins.tails.boum.org/>.
1. Delete the _Release Manager View for $VERSION_ Redmine custom query.
1. Ensure the next few releases have their own _Release Manager View_.
1. On the [[!tails_roadmap]], update the *Due date* for the *Broken
windows* so that this section appears after the next release.
+* If the next release is a point-release, ask
+ <tails-sysadmins@boum.org> to disable the Jenkins job that's
+ building ISO images from the `testing` branch (since it basically
+ won't be used/maintained in the next 2.5 months).
Related pages
=============
diff --git a/wiki/src/contribute/release_process/Debian_security_updates.mdwn b/wiki/src/contribute/release_process/Debian_security_updates.mdwn
index f0d696c..06bdaf3 100644
--- a/wiki/src/contribute/release_process/Debian_security_updates.mdwn
+++ b/wiki/src/contribute/release_process/Debian_security_updates.mdwn
@@ -5,17 +5,6 @@ by delaying a Tails release a bit to wait for a DSA to happen.
[[!toc levels=2]]
-Iceweasel
-=========
-
-Mozilla updates are scheduled in advance. Searching the web for the
-next (point-)release number tells you when it will be released. Add
-2-3 days to this release date, and you know when a xulrunner/iceweasel
-Debian security update will be ready on the mirrors.
-
-See the [releases page](http://wiki.mozilla.org/Releases) on Mozilla
-wiki.
-
Debian security team
====================
diff --git a/wiki/src/contribute/release_process/iceweasel.mdwn b/wiki/src/contribute/release_process/iceweasel.mdwn
deleted file mode 100644
index 21abb5e..0000000
--- a/wiki/src/contribute/release_process/iceweasel.mdwn
+++ /dev/null
@@ -1,479 +0,0 @@
-[[!meta title="Releasing Iceweasel + Torbrowser patches"]]
-
-[[!toc levels=2]]
-
-1. Prepare environment
-======================
-
-* Clone the Tor browser
- [[Git repository|contribute/git#other-repositories]] if you do not
- have it handy yet.
-
-* Add (and fetch from) a Git remote for the Debian iceweasel packaging
- repository:
-
- git remote add -f debian git://git.debian.org/git/pkg-mozilla/iceweasel.git
-
-* Export the new upstream release to the environment of the one shell
- or three that will be used:
-
- export VERSION=17.0.9esr
-
-2. Was Iceweasel updated?
-=========================
-
-It might have been updated in one of these sources:
-
-* branch `esr/master` in `git://git.debian.org/git/pkg-mozilla/iceweasel.git`
-* <http://mozilla.debian.net/pool/iceweasel-esr/i/iceweasel/>
-
-**If** it was updated, then skip to [[New Iceweasel release|iceweasel#new-iceweasel-release]].
-**Else**, skip to [[New Firefox release|iceweasel#new-firefox-release]].
-
-<a id="new-firefox-release"></a>
-
-3. New Firefox release
-======================
-
-If Iceweasel was not updated to match the new Firefox release we want,
-a bit more work is needed.
-
-Note that usually, we're doing these steps (usually on Sunday or
-Monday) *before* the new ESR was officially released (which usually
-happens on Tuesday). Mozilla make the source available on previous
-Friday or Saturday, so that downstreams (such as us!) can get their
-stuff ready in time for the security announce.
-
-* Download the Firefox tarball and detached signature from
- <https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/VERSION/source/>
- (`VERSION` is the version we want to build, that is something like
- `17.0.7esr`).
- If it's not ready there yet, look at
- <https://ftp.mozilla.org/pub/mozilla.org/firefox/candidates/VERSION-candidates/>
- instead: Mozilla now only moves the tarballs to the `releases` directory after
- it has passed their internal QA.
-* Check the signature.
-* Put the tarball in the parent directory of your Iceweasel Git repository.
-* Extract the tarball.
-* `cd` into the extracted directory.
-* Copy the `debian/` directory from our previous package into the new
- upstream source directory.
-* Add a `debian/changelog` entry matching the new
- upstream version. Use 0 for the Debian packaging version, e.g.
- `17.0.5esr-0`, to leave room for the official packaging that we will
- want to merge when it's out:
-
- dch -v ${VERSION}-0 "New upstream release."
-
-* If you had to download a *candidate* version above, patch
- `debian/upstream.mk` so that it downloads stuff from the same place,
- e.g.:
-
- --- a/debian/upstream.mk
- +++ b/debian/upstream.mk
- @@ -89,12 +89,12 @@ ifndef L10N_CHANNEL
- L10N_CHANNEL := $(SOURCE_CHANNEL)
- endif
-
- -BASE_URL = ftp://ftp.mozilla.org/pub/mozilla.org/$(PRODUCT_NAME)/$(SOURCE_TYPE)
- +BASE_URL = ftp://ftp.mozilla.org/pub/mozilla.org/$(PRODUCT_NAME)/candidates
-
- L10N_FILTER = awk '(NF == 1 || /linux/) && $$1 != "en-US" { print $$1 }'
- $(call lazy,L10N_LANGS,$$(shell $$(L10N_FILTER) $(PRODUCT)/locales/shipped-locales))
- ifeq ($(SOURCE_TYPE),releases)
- -SOURCE_URL = $(BASE_URL)/$(SOURCE_VERSION)/source/$(PRODUCT_NAME)-$(SOURCE_VERSION).source.tar.bz2
- +SOURCE_URL = $(BASE_URL)/$(SOURCE_VERSION)-candidates/build1/source/$(PRODUCT_NAME)-$(SOURCE_VERSION).source.tar.bz2
- SOURCE_REV = $(call uc,$(PRODUCT_NAME))_$(subst .,_,$(SOURCE_VERSION))_RELEASE
- L10N_REV = $(SOURCE_REV)
- SOURCE_REPO = http://hg.mozilla.org/releases/$(SOURCE_CHANNEL)
-
- **Beware**: make sure to replace `build1` with the name of the
- directory you downloaded the upstream candidate tarball above.
-
-* Download and repack the other tarballs:
-
- make -f debian/rules download
-
-* `cd` into our Iceweasel Git directory.
-* Checkout the `tails/master` branch.
-* Unapply all quilt patches and commit:
-
- quilt pop -a && \
- git add . && git reset HEAD .pc && git commit -a -m 'Unapply all quilt patches.'
-
-* Get yourself a new upstream branch:
-
- git branch -D upstream && \
- git branch upstream tails/master
-
-* Trick the tarball importer to import the correct version:
-
- cp ../mozilla-esr24/browser/config/version.txt browser/config/ && \
- cp ../mozilla-esr24/debian/changelog debian/
-
-* Import the new upstream release into the `upstream` branch:
-
- make -f debian/rules import
-
-* Merge the import commit into `tails/master`:
-
- git reset --hard && git merge upstream
-
-* Get the `debian` directory back:
-
- git checkout HEAD^ -- debian && \
- git commit -m 'Get Debian packaging directory back.'
-
-* Don't ignore `.mozconfig`'s:
-
- grep -v -F '/.mozconfig*' .gitignore | sponge .gitignore && \
- git commit -m "Don't ignore .mozconfig's." .gitignore
-
-* Cleanup quilt status:
-
- rm -rf .pc
-
-* Apply all quilt patches:
-
- quilt push -a
-
- It might be that the last patch (`configure.patch`) fails. Ignore it
- for now.
-
-* Commit:
-
- git add . && git reset HEAD .pc && git commit -a -m 'Apply all quilt patches.'
-
-<a id="new-iceweasel-release"></a>
-
-4. New Iceweasel release
-=========================
-
-Skip this entire stage if you imported a new Firefox release.
-
-The way to proceed is different depending on whether Debian's
-iceweasel was pushed to it yet, or not.
-
-If Debian's iceweasel was pushed to Git already
------------------------------------------------
-
-* Retrieve the update from the iceweasel Git repository and verify the
- Git tag you want to import, e.g.
-
- git fetch debian && git tag -v debian/17.0.8esr-1
-
-* Checkout our `tails/master` branch.
-
-* Unapply all Torbrowser patches:
- - If quilt knows they are applied (`quilt applied` will tell you),
- then use `quilt pop` as many times as needed.
- - Else, some manual care is needed so that quilt internal state
- matches the actual state of the source tree. We need to manually
- unapply all quilt patches, then reapply them all:
-
- for p in $(tac debian/patches/series) ; do
- patch -p1 -R < "debian/patches/$p"
- done && quilt push -a
-
- ... and then use `quilt pop` as many times as needed to unapply
- all Torbrowser patches.
-
-* `git add` the new files and the modified ones
-
-* `git rm` the deleted files
-
-* Commit:
-
- git commit -m 'Remove Torbrowser patches.'
-
-* Merge the tag, e.g.
-
- git merge debian/17.0.8esr-1
-
-* Verify with that `tails/master` is in the same state as Debian's
- iceweasel, e.g.
-
- git diff --stat debian/17.0.8esr-1..tails/master
-
- All expected differences should be:
- * files modified: `.gitignore`,
- `debian/{changelog,rules,control,control.in}`,
- `debian/{browser.mozconfig,xulrunner.mozconfig.in}`
- * files added: `.mozconfig*`, `debian/tails.*.mozconfig`,
- `debian/patches/series`, and the Torbrowser patches.
-
-If Debian's iceweasel was not pushed to Git yet
------------------------------------------------
-
-Then, we have to import the source package into Git ourselves, and
-merge from Debian's Vcs-Git later.
-
-* Download, verify and extract the new iceweasel source package with dget.
-
-* Checkout our `tails/master` branch.
-
-* Unapply all quilt patches and commit:
-
- quilt pop -a
-
-* `git rm` the deleted files
-
-* `git add` the new files and the modified ones
-
-* Commit:
-
- git commit -m 'Remove all quilt patches.'
-
-* Overwrite the files in the Git checkout with the new ones.
- Assuming the new extracted iceweasel package is in
- `iceweasel-17.0.2esr`, and our iceweasel Git repository checkout is
- in `git`:
-
- rsync --stats -a --exclude=.git --delete iceweasel-17.0.2esr/ git/
-
-* `git rm` the deleted files
-
-* `git add *`
-
-* Add other added or modified files *but* `.pc`.
-
-* Commit:
-
- git commit -m "Import $(head -n 1 debian/changelog | sed -e 's,).*,),')"
-
-* Verify with `diff` that the current state of the `tails/master` is
- exactly the same as Debian's iceweasel source package one:
-
- diff -Naur --exclude=.git iceweasel-17.0.2esr/ git/
-
-* Bring our changes back:
- * files modified: `.gitignore`,
- `debian/{changelog,rules,control,control.in}`,
- `debian/{browser.mozconfig,xulrunner.mozconfig.in}`
- * files added: `.mozconfig*`, `debian/tails.*.mozconfig`,
- `debian/patches/series`, and the Torbrowser patches.
-
-5. Update Torbrowser patches
-============================
-
-First, check if the Torbrowser patches were updated since the last
-time we imported them (that's why we always record in
-`debian/changelog` the TorBrowser Git commit we are importing from).
-
-**If** the Torbrowser patches were not updated, then just apply them
-and commit:
-
- quilt push -a && git commit -a -m 'Apply Torbrowser patches.'
-
-... then skip this entire stage.
-
-**Else**, proceed with the following steps.
-
-* Make sure all quilt patches are applied.
-* Unapply all Torbrowser patches: use `quilt pop` as many times as
- needed.
-* Revert our changes (with `--no-commit`) to
- `debian/patches/configure.patch` if needed, and deapply it:
-
- cat debian/patches/configure.patch | patch -p1 --reverse
-
-* `quilt delete` the `configure.patch` if it exists.
-
-* Remove all Torbrowser patches from the series:
-
- quilt unapplied | grep --color=never '^torbrowser/' | xargs -n 1 quilt delete
-
-* Remove Torbrowser patches from Git:
-
- git rm -r debian/patches/torbrowser/
-
-* Commit:
-
- git commit -a -m 'Remove Torbrowser patches.'
-
-* Import the latest TorBrowser patches:
-
- - Ensure you have Mike Perry's latest stuff available:
-
- git remote add -f mikeperry https://git.torproject.org/user/mikeperry/tor-browser.git
- git remote add -f ttp https://git.torproject.org/tor-browser.git
-
- - Find the most recent commit in ttp/tor-browser-24.2.0esr-1
- that is an import from Mozilla (see e.g. 5175d069); save its ID:
-
- export LAST_MOZILLA_COMMIT=XXX
-
- - Export the Torbrowser patches:
-
- TORBROWSER_PATCHES_DIR=$(mktemp -d)
- git format-patch -o "$TORBROWSER_PATCHES_DIR" \
- "$LAST_MOZILLA_COMMIT..ttp/tor-browser-$VERSION-3.x-1"
-
- - Remove from $TORBROWSER_PATCHES_DIR the patches we don't want.
- See `debian/changelog` for the - list of patches skipped last
- time, see the TorBrowser Git log to make your opinion about new or
- updated patches, use common sense. Take note of your decisions and
- its rationale, you will need it later.
-
- - Import the Torbrowser patches:
-
- for patch in $(\ls --reverse ${TORBROWSER_PATCHES_DIR}/*.patch) ; do
- p=$(basename "$patch")
- quilt import -P "torbrowser/$p" "$patch"
- done
- git add debian/patches/torbrowser debian/patches/series && \
- TORBROWSER_COMMIT=$(git rev-parse ttp/tor-browser-$VERSION-3.x-1)
- git commit -m "Import Torbrowser patches at commit ${TORBROWSER_COMMIT}."
-
-* Apply Torbrowser patches:
-
- quilt push -a && git add . && git reset HEAD .pc && git commit -a -m 'Apply Torbrowser patches.'
-
-* Update `debian/tails.*.mozconfig`:
- - copy all `ac_add_options` lines from `.mozconfig` into the *Tor
- Browser's options* section in `debian/tails.common.mozconfig`,
- *but* the ones that break the xulrunner build, that go into *Tor
- Browser's options specific to the browser component* section in
- `debian/tails.browser.mozconfig` instead
- - review the changes to these settings
- - if needed, update the `debian/tails.common.mozconfig`'s *Override
- Tor Browser's options* section
-
-* Push to Git:
-
- git push origin tails/master && git push --tags
-
-6. Build packages
-=================
-
-Update debian/changelog
------------------------
-
-* set a version such as `17.0.5esr-0+tails1`, e.g.
-
- dch -v "${VERSION}-0+tails1"
-
-* list our changes, especially the TorBrowser commit at which the
- patches were imported, and the ones we skipped
-* set distribution to unstable
-* commit:
-
- git commit debian/changelog \
- -m "$(head -n 1 debian/changelog | sed -e 's,).*,),')"
-
-Tag the release
----------------
-
- DEB_VERSION=$(dpkg-parsechangelog -SVersion)
- git tag -s -m "$(head -n 1 debian/changelog | sed -e 's,).*,),')" "debian/${DEB_VERSION}"
-
-Clean up the source tree
-------------------------
-
- git clean -fdx -e /.pc/
-
-Build for unstable
-------------------
-
-If you have no available non-Tails setup to comfortably test these
-packages, then skip this step.
-
-* Build for unstable and the architecture you can test on (most likely
- amd64), e.g. using our [[contribute/Debian_package_builder]].
- **Note:** if building locally in a ramdisk, it needs to be at least
- 14GB large.
-* Copy `browser/app/profile/000-tor-browser.js` into
- `/etc/iceweasel/pref/` on the test system.
-* Install and test the resulting packages.
-
-Build for wheezy-backports
---------------------------
-
-* Checkout the `tails/wheezy` branch and merge the tag:
-
- git checkout tails/wheezy && git merge "debian/${DEB_VERSION}"
-
-* Add a wheezy-backport changelog entry:
-
- dch --bpo
-
- Adjust as needed.
-
-* Commit:
-
- git commit debian/changelog \
- -m "$(head -n 1 debian/changelog | sed -e 's,).*,),')"
-
-* Tag the backport:
-
- git tag -s -m "$(head -n 1 debian/changelog | sed -e 's,).*,),')" \
- "debian/$(dpkg-parsechangelog -SVersion | sed -e 's,~,_,')"
-
-* Build for wheezy-backports and i386, e.g. using our
- [[contribute/Debian_package_builder]]. You may also do it yourself
- using `pbuilder`. Note that this repo is *not* adapted to be built
- with `git-buildpackage` or `git-pbuilder`.
-* Integrate these debs into your apt-cacher cache. That's one cp to
- `/var/cache/apt-cacher-ng/_import/` away, + 1 click in the
- web interface.
-* Test the resulting packages in Tails.
-* Make sure the `.orig.*` tarballs are included in the `.changes`
- file. FIXME: check if that's needed, or done automatically by the
- above instructions.
-* Upload the resulting packages to the relevant suite of our
- [[contribute/APT repository]].
-* Merge this APT suite where you need it: generally, that's `devel`,
- `experimental`, one of `stable` or `testing`, and maybe
- a release tag.
-* Push to Git:
-
- git push origin tails/wheezy && git push --tags
-
-Import bundled preferences
---------------------------
-
-* Copy `browser/app/profile/000-tor-browser.js` from the tag the
- Wheezy backport was built from, into
- `config/chroot_local-includes/etc/iceweasel/pref/`.
-* Commit this to the branch that is being used to prepare the release:
- ideally, a topic branch that will be reviewed and merged; in
- practice, more likely this will be `stable` or `testing`.
-
-7. Potential problems (and solutions)
-=====================================
-
-Problems with ./configure
--------------------------
-
-E.g. `configure.patch` does not apply, or the build fails since
-`{js/src/,}configure.in` was modified but `{js/src/,}configure` was
-not refreshed.
-
-In a nutshell, the solution is to:
-
-1. Make sure the patches that modify `{js/src/,}configure.in` are
- applied (this is the case after a `quilt push -a`, that is during
- most of the steps documented above).
-
-1. Update `{js/src/,}configure`:
-
- sudo apt-get install autoconf2.13
- make -f client.mk configure
-
- The `make` command may fail due to missing dependencies. We don't
- care, as long as `{js/src/,}configure` have been refreshed.
-
-1. Replace `configure.patch` with the diff between the original and
- updated version of `{js/src/,}configure`:
-
- configure_diff=$(mktemp) && \
- git diff configure js/src/configure > "$configure_diff" && \
- git reset --hard && \
- git clean -fdx -e /.pc/ && \
- quilt import -f -P configure.patch "$configure_diff" && \
- git commit debian/patches -m "Refresh configure.patch." && \
- quilt push && \
- git commit -a -m 'Apply configure.patch.'
-
-Note that `configure.patch` must always be the *last* patch in the
-quilt series file, after the TorBrowser ones.
diff --git a/wiki/src/contribute/release_process/test.mdwn b/wiki/src/contribute/release_process/test.mdwn
index 4159c14..9f3c93d 100644
--- a/wiki/src/contribute/release_process/test.mdwn
+++ b/wiki/src/contribute/release_process/test.mdwn
@@ -73,7 +73,7 @@ implemented, but it either hasn't been reviewed, had a confirmed pass
by someone other than the test author, or has issues. The latter is
tracked by tickets prefixed with `todo/test_suite:`.
-# Iceweasel
+# Tor Browser
## Security and fingerprinting
@@ -94,7 +94,7 @@ tracked by tickets prefixed with `todo/test_suite:`.
`ifconfig | grep inet | grep -v inet6 | cut -d" " -f2 | tail -n1`
* One should be able to switch identities from the web browser.
* Running `getTorBrowserUserAgent` should produce the User-Agent set by the
- installed version of Torbutton, and used in Iceweasel.
+ installed version of Torbutton, and used in the Tor Browser.
## Functionality
@@ -103,13 +103,18 @@ tracked by tickets prefixed with `todo/test_suite:`.
# Pidgin
-* Check that an IRC session is really torified:
- - if you are running an IRC server: check there
- - else: see if the connection to the IRC server appears in Vidalia
- connections list
+(automate: [[!tails_ticket 7820]])
+
* Check that you can initiate an OTR conversation.
-* Check that IRC is working with the default OFTC profile.
* Check that XMPP is working with a new test profile.
+ For example using Riseup:
+ - Username: username
+ - Domain: riseup.net
+ - Connect server: 4cjw6cwpeaeppfqz.onion
+ - Then try to create and connect to a new room:
+ - Room: testing
+ - Server: conference.riseup.net
+ - Handle: username
* Check that Pidgin doesn't leak too much information when replying to
CTCP requests:
* Start Tails, launch Pidgin, and join #tails.
@@ -128,6 +133,8 @@ tracked by tickets prefixed with `todo/test_suite:`.
# Tor
+(automate: [[!tails_ticket 7821]])
+
* The version of Tor should be the latest stable one, which is the highest version number
before alpha releases on <http://deb.torproject.org/torproject.org/pool/main/t/tor/>.
* Check that the firewall-level Tor enforcement is effective:
@@ -253,11 +260,11 @@ the appropriate tcpdump or tshark filters.
sudo watch -n 0.1 'netstat -taupen | grep perl'
-* Make sure iceweasel uses its dedicated `SocksPort`: quit Iceweasel
+* Make sure the Tor Browser uses its dedicated `SocksPort`: quit the Tor Browser
then start it with the following command running in another
terminal:
- sudo watch -n 0.1 'netstat -taupen | grep iceweasel'
+ sudo watch -n 0.1 'netstat -taupen | grep firefox'
* Make sure other applications use the default system-wide
`SocksPort`:
@@ -307,6 +314,8 @@ the appropriate tcpdump or tshark filters.
# Use of untrusted partitions
+(automate: [[!tails_ticket 7822]])
+
* Is any local hard-disk swap partition used as swap?
boot on a (possibly virtual) machine that has a cleartext swap
partition not managed by LVM. To verify that a local GTP partition is swap,
@@ -357,6 +366,8 @@ the appropriate tcpdump or tshark filters.
# Time
+(automate: [[!tails_ticket 5836]])
+
1. Boot Tails without a network cable connected.
(e.g. `virsh domif-setlink tails-dev 52:54:00:05:17:62 down`.)
2. Set an administration password.
@@ -395,27 +406,56 @@ correctly.
# I2P
-* Make sure that I2P is up-to-date, at least if the
- [changelogs](https://geti2p.net/en/blog/) mention that
- security critical bugs were fixed.
-* Check that "Applications -> Internet -> I2P" works:
- - You get the "Starting I2P..." pop-up.
- - The router console opens in Iceweasel upon success.
- - You get the "I2P failed to start" pop-up on failure (e.g. no
- network so tordate failed).
-* Check that I2P connects to the network:
- - Go to <http://127.0.0.1:7657/i2ptunnelmgr>
- - You should get "Network: Hidden" in the "General" section.
- - The numbers in the "Peers" section of the sidebar should be non-zero.
-* Check that you can reach some eepsites within Iceweasel, like
- <http://i2p-projekt.i2p> and <http://forum.i2p>.
-* Check that you can connect to the I2P IRC server through Pidgin and
- the preconfigured IRC account on 127.0.0.1.
+Make sure that I2P is up-to-date, at least if the
+[changelogs](https://geti2p.net/en/blog/) mention that
+security critical bugs were fixed.
+
+Start I2P by appending `i2p` to the kernel command line.
+
+* Check that I2P starts when a network interface is up:
+ - Within 30 seconds you should get the "I2P router console is ready"
+ pop-up
+ - Start the I2P Browser via "Applications -> Internet -> I2P Browser":
+ * You get the "Starting I2P Browser..." pop-up.
+ * The router console (<http://127.0.0.1:7657>) opens successfully
+ upon success.
+ * On exiting I2P Browser, check that its chroot gets properly torn
+ down on exit (there should be nothing mounted inside
+ `/var/lib/i2p-browser`).
+ - After a few minutes you should get the "I2P is ready" pop-up
+ - Go to <http://127.0.0.1:7657/i2ptunnelmgr> in the I2P Browser:
+ * You should get "Network: Hidden" in the "General" section.
+ * The numbers in the "Peers" section of the sidebar should be
+ non-zero.
+ * Check that you can reach some eepsites within Iceweasel, like
+ <http://i2p-projekt.i2p> and <http://forum.i2p>.
+ - Check that you can connect to the I2P IRC server through Pidgin
+ and the preconfigured IRC account on 127.0.0.1.
+* Check I2P failure modes:
+ - Router console failure:
+ * Boot without network so I2P doesn't start automatically.
+ * Block the router console port: `nc -l -p 7657 -t 127.0.0.1`
+ * Plug the network
+ * You should get the "I2P failed to start" pop-up, and I2P should
+ not be running (check with `service i2p status`)
+ - Bootstrap failure:
+ * Detach the network immediately after getting the "I2P router
+ console is ready" pop-up
+ * Wait for up to six minutes
+ * You should get the "I2P is not ready" pop-up
+ * The I2P router console should still be accessible on
+ <http://127.0.0.1:7657>
# Git
* clone a repository over `git://`
+
+ git clone git://git.tails.boum.org/htp
+
* clone a repository over `https://`
+
+ git clone https://git-tails.immerda.ch/htp
+
* clone a repository over SSH
# SSH
@@ -464,14 +504,14 @@ correctly.
Else, use a local test setup:
* A web server on the LAN.
- * A copy of `wiki/src/update` from the `stable` or `testing` branch,
- for example in `/var/www/tails/update/v1/Tails/0.14~rc2/i386/stable/updates.yml`
+ * A copy of `wiki/src/upgrade` from the `stable` or `testing` branch,
+ for example in `/var/www/tails/upgrade/v1/Tails/0.14~rc2/i386/stable/updates.yml`
* A copy of the `iuk` directory of our HTTP mirrors,
for example in `/var/www/tails/stable/iuk/Tails_i386_0.14-rc2_to_0.14.iuk`.
To synchronize your local copy:
- torsocks rsync -rt --progress rsync.torproject.org::amnesia-archive/tails/stable/iuk/ /var/www/tails/stable/iuk/
+ torsocks rsync -rt --progress --delete rsync.torproject.org::amnesia-archive/tails/stable/iuk/ /var/www/tails/stable/iuk/
* Patch `/etc/hosts` in Tails to point to your web server:
@@ -497,18 +537,20 @@ correctly.
Enable Windows camouflage via the Tails Greeter checkbox and:
* Tails OpenPGP Applet's context menu should look readable
-* iceweasel should use a Internet Explorer theme
+* The Tor Browser should use a Internet Explorer theme
+* The Unsafe Browser has no scary red theme
# Unsafe Web Browser
+(automate: [[!tails_ticket 7823]])
+
* On start, if no DNS server was configured in NetworkManager
(e.g. if there's no network connection), there must be an error.
* Once started, check that:
- - it has no scary red theme when Windows Camouflage is activated.
- - the iceweasel instance runs as the `clearnet` user.
+ - the Tor Browser instance runs as the `clearnet` user.
- it has no proxy configured.
- no extensions are installed.
- - there are no bookmarks.
+ - there are no bookmarks except the default Firefox ones.
* On exit, check that:
- make sure that its chroot gets properly teared down on exit (there
should be nothing mounted inside `/var/lib/unsafe-browser`).
@@ -535,15 +577,15 @@ Enable Windows camouflage via the Tails Greeter checkbox and:
# Internationalization
Boot and check basic functionality is working for every supported
-language.
+language. You *really* have to reboot between each language.
* The chosen keyboard layout must be applied.
* The virtual keyboard must work and be auto-configured to use the same keyboard
layout as the X session.
* The Startpage search engine must be localized for the languages we ship a
- searchplug for:
+ search plugin for:
- find /usr/share/amnesia/iceweasel/searchplugins/locale/ -iname startpage-*.xml
+ find /usr/local/lib/tor-browser/distribution/searchplugins/locale -iname startpage-*.xml
* The Wikipedia search engine must be localized for all languages.
diff --git a/wiki/src/contribute/release_process/test/automated_tests.mdwn b/wiki/src/contribute/release_process/test/automated_tests.mdwn
index 3ee785c..22db600 100644
--- a/wiki/src/contribute/release_process/test/automated_tests.mdwn
+++ b/wiki/src/contribute/release_process/test/automated_tests.mdwn
@@ -1,3 +1,5 @@
+[[!meta title="Automated test suite"]]
+
[[!toc levels=2]]
# Introduction
diff --git a/wiki/src/contribute/release_process/test/erase_memory_on_shutdown.mdwn b/wiki/src/contribute/release_process/test/erase_memory_on_shutdown.mdwn
index 5b25a31..0a27803 100644
--- a/wiki/src/contribute/release_process/test/erase_memory_on_shutdown.mdwn
+++ b/wiki/src/contribute/release_process/test/erase_memory_on_shutdown.mdwn
@@ -35,12 +35,10 @@ Pick one of those:
# 2. Test that you can get the pattern after rebooting, if no memory wiping takes place
* Make sure your preferred memory scrapper toolkit is ready.
-* Reboot from Tails using `SysRq + b`; if testing in a VM, you'd
- better be careful not rebooting your host system and proceed like
- this:
-
- echo 1 > /proc/sys/kernel/sysrq ; echo b > /proc/sysrq-trigger
-
+* Kill fillram processes and reboot with `SysRq + 1` when free memory is under a threshold by running:
+
+ while [ $(free -m -o | grep Mem | sed -e 's/ */ /g' | cut -d ' ' -f 4) -ge 256 ] ; do sleep 0.1 ; done ; killall fillram ; echo 1 > /proc/sys/kernel/sysrq ; echo b > /proc/sysrq-trigger
+
* Dump memory and try to find the known pattern in it, e.g.:
grep -c wipe_didnt_work tails.dump
@@ -57,7 +55,7 @@ Pick one of those:
command-line if your memory scrapper toolkit needs it).
* Kill fillram processes and reboot Tails when free memory is under a threshold by running:
- while [ $(free -m -o | grep Mem | sed -e 's/ */ /g' | cut -d ' ' -f 4) -ge 128 ] ; do sleep 0.1 ; done ; killall fillram ; reboot
+ while [ $(free -m -o | grep Mem | sed -e 's/ */ /g' | cut -d ' ' -f 4) -ge 256 ] ; do sleep 0.1 ; done ; killall fillram ; reboot
This is especially important on 486 kernels. The threshold might be fine tuned.
diff --git a/wiki/src/contribute/release_process/test/erase_memory_on_shutdown/qemu_pmemsave.mdwn b/wiki/src/contribute/release_process/test/erase_memory_on_shutdown/qemu_pmemsave.mdwn
index 79bc765..eea80ed 100644
--- a/wiki/src/contribute/release_process/test/erase_memory_on_shutdown/qemu_pmemsave.mdwn
+++ b/wiki/src/contribute/release_process/test/erase_memory_on_shutdown/qemu_pmemsave.mdwn
@@ -4,11 +4,11 @@ Note that you need the qemu command, which is provided on wheezy by the `qemu-sy
- with a 64-bit CPU that supports PAE
- qemu -enable-kvm -cpu Nehalem -cdrom tails.iso -m 5120 -no-reboot -no-shutdown
+ qemu -enable-kvm -cpu Nehalem -cdrom tails.iso -m 5120
- with a 32-bit CPU that does not support PAE
- qemu -enable-kvm -cpu 486 -cdrom tails.iso -m 5120 -no-reboot -no-shutdown
+ qemu -enable-kvm -cpu 486 -cdrom tails.iso -m 5120
* Open the qemu console (CTRL-ALT-2).
* Save physical memory to the `tails.dump` file (length is an integer, max size for one dump is 4G = 0xF0000000):
diff --git a/wiki/src/contribute/release_process/test/setup.mdwn b/wiki/src/contribute/release_process/test/setup.mdwn
index 52cfe63..d9b35d4 100644
--- a/wiki/src/contribute/release_process/test/setup.mdwn
+++ b/wiki/src/contribute/release_process/test/setup.mdwn
@@ -13,11 +13,18 @@ Install dependencies
The following packages are necessary on Debian Wheezy, with
wheezy-backports sources added:
+ echo 'deb http://ftp.us.debian.org/debian/ testing main contrib non-free' \
+ > /etc/apt/sources.list.d/testing.list && \
+ echo -e "Package: *\nPin: release o=Debian,a=stable\nPin-Priority: 990" \
+ > /etc/apt/preferences.d/Debian_stable && \
+ echo -e "Package: *\nPin: release o=Debian,a=testing\nPin-Priority: 500" \
+ > /etc/apt/preferences.d/Debian_testing && \
+ apt-get update &&
apt-get install git xvfb virt-viewer libsikuli-script-java \
libxslt1-dev tcpdump unclutter radvd x11-apps syslinux \
- libcap2-bin devscripts libvirt-ruby ruby-rspec gawk ntp \
- ruby-json x11vnc xtightvncviewer ffmpeg libvpx1 dnsmasq-base \
- openjdk-7-jre && \
+ libcap2-bin devscripts libvirt-ruby ruby-rspec gawk ntp ovmf/testing \
+ ruby-json x11vnc xtightvncviewer ffmpeg libavcodec-extra-53 \
+ libvpx1 dnsmasq-base openjdk-7-jre && \
apt-get -t wheezy-backports install qemu-kvm qemu-system-x86 libvirt0 \
libvirt-dev libvirt-bin seabios ruby-rjb ruby-packetfu cucumber && \
service libvirt-bin restart
@@ -25,10 +32,19 @@ wheezy-backports sources added:
Other requirements
==================
+Synchronized clock
+------------------
+
The system running the test suite needs an accurate clock since we
sync the clock from the host to the Tails guest after a background
snapshot restore to appease Tor. This is why we installed ntp above.
+File permissions
+----------------
+
+The user that runs QEMU (via libvirt) needs read-access at least to
+the content of `features/misc_files/` in the Git checkout.
+
Special use cases
=================
@@ -46,6 +62,10 @@ where `$DISPLAY` is the display given to you by `run_test_suite` (often 0):
Running the test suite as a non-root user
-----------------------------------------
+<div class="note">
+This section may not be in tested and working shape.
+</div>
+
This is entirely possible, but there's some additional configuration
required. Run the following as `root`:
diff --git a/wiki/src/contribute/release_process/test/usage.mdwn b/wiki/src/contribute/release_process/test/usage.mdwn
index 14b3892..1535360 100644
--- a/wiki/src/contribute/release_process/test/usage.mdwn
+++ b/wiki/src/contribute/release_process/test/usage.mdwn
@@ -17,7 +17,7 @@ A typical example run of a few `@product` features could be:
--iso path/to/tails.iso \
features/apt.feature features/erase_memory.feature
-which will test only the `iceweasel` and `erase_memory` features (if
+which will test only the `apt` and `erase_memory` features (if
no feature paths are given, all features in `features/cucumber` will
be tested) of the given ISO image `tails.iso` while showing the test
session in a VNC viewer (`--view`) and also capturing it into a video
diff --git a/wiki/src/contribute/release_process/tor-browser.mdwn b/wiki/src/contribute/release_process/tor-browser.mdwn
new file mode 100644
index 0000000..3a02d1d
--- /dev/null
+++ b/wiki/src/contribute/release_process/tor-browser.mdwn
@@ -0,0 +1,43 @@
+[[!meta title="Releasing the Tor Browser"]]
+
+Have a look at
+
+* <https://archive.torproject.org/tor-package-archive/torbrowser/>
+* <https://www.torproject.org/dist/torbrowser/>
+* <https://people.torproject.org/~mikeperry/builds/>
+* <https://people.torproject.org/~linus/builds/>
+
+and see if the desired version is available. We prefer
+`archive.torproject.org` since the other sources periodically cleans
+up old releases. Set `DIST_URL` to the chosen url, and set `VERSION`
+to the desired TBB version, for example:
+
+ DIST_URL=https://people.torproject.org/~mikeperry/builds/
+ VERSION=4.0
+
+Fetch the version's `sha256sums.txt` and `sha256sums.txt.asc` and
+verify with `gpg`:
+
+ wget ${DIST_URL}/${VERSION}/sha256sums.txt{,.asc} && \
+ gpg --verify sha256sums.txt.asc
+
+Filter the tarballs we want and make them available at build time,
+when the tarballs are fetched:
+
+ grep "\<tor-browser-linux32-.*\.tar.xz$" sha256sums.txt > \
+ config/chroot_local-includes/usr/share/tails/tbb-sha256sums.txt
+
+Then update the url to the one chosen above:
+
+ echo "${DIST_URL}" | sed "s,^https://,http://," > \
+ config/chroot_local-includes/usr/share/tails/tbb-dist-url.txt
+
+NOTE: We must use http (not http**s**) due to limitations/bugs in
+`apt-cacher-ng`, which often is used in Tails build
+environments. However, it is of no consequence since we verify the
+checksum file.
+
+Lastly, commit:
+
+ git commit config/chroot_local-includes/usr/share/tails/tbb-*.txt \
+ -m "Upgrade TBB to ${VERSION}."
diff --git a/wiki/src/contribute/talk.html b/wiki/src/contribute/talk.html
index b54b94a..43678a6 100644
--- a/wiki/src/contribute/talk.html
+++ b/wiki/src/contribute/talk.html
@@ -4,24 +4,32 @@
<ul>
<li>
- you can <a href='https://mailman.boum.org/listinfo/tails-dev/'>subscribe</a> or write
- to the <a href='mailto:tails-dev@boum.org'>tails-dev@boum.org</a> mailing-list;
- any message sent to this
+ You can <a href='https://mailman.boum.org/listinfo/tails-dev/'>subscribe</a> or write
+ to the <a href='mailto:tails-dev@boum.org'>tails-dev@boum.org</a> mailing-list.
+ Any message sent to this
list is stored in a public archive, so beware of what your email content
- and headers reveal about yourself: location, IP address, etc.;
+ and headers reveal about yourself: location, IP address, etc.
</li>
<li>
- you can join our [[#tails|support/chat]] and
+ You can join our [[#tails|support/chat]] and
[[#tails-dev|contribute/chat]] chatrooms; note: only a few
Tails core developers hang out there, so email
is preferred for anything that might be of
- interest for the larger Tails development community;
+ interest for the larger Tails development community.
</li>
<li>
- for <emph>translation-related matters</emph>, you can
+ For <em>translation-related matters</em>, you can
<a href='https://mailman.boum.org/listinfo/tails-l10n/'>subscribe</a> or write
- to the <a href='mailto:tails-l10n@boum.org'>tails-l10n@boum.org</a> mailing-list;
- any message sent to this
+ to the <a href='mailto:tails-l10n@boum.org'>tails-l10n@boum.org</a> mailing-list.
+ Any message sent to this
+ list is stored in a public archive, so beware of what your email content
+ and headers reveal about yourself: location, IP address, etc.
+ </li>
+ <li>
+ For <em>user experience and user interface related matters</em>, you can
+ <a href='https://mailman.boum.org/listinfo/tails-ux/'>subscribe</a> or write
+ to the <a href='mailto:tails-ux@boum.org'>tails-ux@boum.org</a> mailing-list.
+ Any message sent to this
list is stored in a public archive, so beware of what your email content
and headers reveal about yourself: location, IP address, etc.
</li>
@@ -37,7 +45,7 @@
<p>
For matters that need to be hidden from the public eyes, email
- the private development mailing list: <a href='mailto:tails@boum.org'>tails@boum.org</a>;
- to achieve end-to-end encryption, encrypt such email with [[our OpenPGP key|doc/about/openpgp_keys]].
+ the private development mailing list: <a href='mailto:tails@boum.org'>tails@boum.org</a>.
+ To achieve end-to-end encryption, encrypt such email with [[our OpenPGP key|doc/about/openpgp_keys]].
</p>
diff --git a/wiki/src/contribute/working_together/roles/front_desk.mdwn b/wiki/src/contribute/working_together/roles/front_desk.mdwn
index 67f35a5..7a330e0 100644
--- a/wiki/src/contribute/working_together/roles/front_desk.mdwn
+++ b/wiki/src/contribute/working_together/roles/front_desk.mdwn
@@ -1,13 +1,15 @@
[[!meta title="Front Desk"]]
-# Tasks
+[[!toc]]
User support
-------------
+============
- Do user support by email:
- Reply to bug reports received on tails-bugs@boum.org (empty reports might
be silently ignored).
+ - Reply to private user support requests received on
+ tails-support-private@boum.org.
- Make sure everything is replied on tails-support@boum.org, while leaving
space for other people to participate.
- Improve the FAQ incrementally based on the work done by email, and do
@@ -15,9 +17,12 @@ User support
- Do user support on IRC if you feel like it.
General communication watchdog
-------------------------------
+==============================
- - Try to do something about the [new tickets](https://labs.riseup.net/code/projects/tails/issues?query_id=148) in Redmine.
+ - Try to do something about the
+ [new tickets](https://labs.riseup.net/code/projects/tails/issues?query_id=157)
+ that appear in Redmine. An Atom feed is available for easier
+ monitoring, see the link at the bottom of that page.
- Administer and moderate our general purpose public mailing lists:
- [tails-dev@boum.org](https://mailman.boum.org/admin/tails-dev)
- [tails-l10n@boum.org](https://mailman.boum.org/admin/tails-l10n)
@@ -25,19 +30,21 @@ General communication watchdog
- [tails-support@boum.org](https://mailman.boum.org/admin/tails-support)
- [tails-testers@boum.org](https://mailman.boum.org/admin/tails-testers)
- If also subscribed to tails@boum.org:
- - Forward user support emails received on tails@boum.org to tails-bugs@boum.org.
+ - Forward user support emails received on tails@boum.org to tails-support-private@boum.org.
- Forward press requests received on tails@boum.org to tails-press@boum.org.
- Reply other random incoming emails on tails@boum.org.
Meetings management
--------------------
+===================
- Announce public meetings and low-hanging fruits sessions on:
- * tails-dev@boum.org
- * tails-l10n@boum.org
- * tails-testers@boum.org
* Twitter
- * [TWN](https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews) (follow the *Next steps* link)
+ * [Tor Weekly News](https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews) (follow the *Next steps* link)
- Write report of low-hanging fruits sessions, and send it to tails-dev@ if attended.
- Write & publish the minutes of the public meeting if attended.
+ - Explain in details the decisions that were taken.
+ - Keep track of the brainstorming that we did if no decision was taken.
+ - Include names of people who took responsibilities.
+ - Update Redmine tickets accordingly and point them to the meeting notes
+ (unless someone else volunteers to do it on some tickets).
- Publish the monthly report.
diff --git a/wiki/src/contribute/working_together/roles/release_manager.mdwn b/wiki/src/contribute/working_together/roles/release_manager.mdwn
index 17178df..c532fe0 100644
--- a/wiki/src/contribute/working_together/roles/release_manager.mdwn
+++ b/wiki/src/contribute/working_together/roles/release_manager.mdwn
@@ -18,28 +18,6 @@
## Around two weeks before the freeze
-- Have a look at recent changes in:
- * the [TBB](https://gitweb.torproject.org/torbrowser.git)'s prefs
- (e.g. `git log -p build-scripts/config/*.js`)
- * the [Tor Browser](https://git.torproject.org/tor-browser.git)
- patch that creates `browser/app/profile/000-tor-browser.js`:
-
- git diff $LAST_IMPORT_COMMIT..$CURRENT_WIP_BRANCH \
- browser/app/profile/000-tor-browser.js
-
- - `$LAST_IMPORT_COMMIT` is the commit from which we imported the
- Tor Browser patches last time: see our iceweasel's
- `debian/changelog`
- - `$CURRENT_WIP_BRANCH` is the name of the branch the Tor Browser
- folks are working on these days, or the most recent one (for the
- relevant version of Firefox) that can be found in
- their repository, e.g. *tor-browser-24.3.0esr-2*
-
-- Import the relevant changes into our Iceweasel configuration,
- following the normal review'n'merge process.
-- In particular, make sure the `general.*` and
- `browser.startup.homepage_override.*` prefs are in sync', in our
- `/etc/iceweasel/pref/iceweasel.js`, with TBB's `pound_tor.js`.
- Have a look at recent changes
in [Torbutton](https://gitweb.torproject.org/torbutton.git), and
do whatever is needed to get the fixes we need in the release.