summaryrefslogtreecommitdiffstats
path: root/wiki/src/contribute
diff options
context:
space:
mode:
Diffstat (limited to 'wiki/src/contribute')
-rw-r--r--wiki/src/contribute/APT_repository/custom.mdwn54
-rw-r--r--wiki/src/contribute/calendar.mdwn29
-rw-r--r--wiki/src/contribute/design.mdwn5
-rw-r--r--wiki/src/contribute/design/additional_software_packages.mdwn261
-rw-r--r--wiki/src/contribute/design/application_isolation.mdwn2
-rw-r--r--wiki/src/contribute/design/stream_isolation.mdwn2
-rw-r--r--wiki/src/contribute/how/documentation/guidelines.mdwn29
-rw-r--r--wiki/src/contribute/how/documentation/release_notes.mdwn7
-rw-r--r--wiki/src/contribute/how/documentation/release_notes/template.mdwn13
-rw-r--r--wiki/src/contribute/how/documentation/style_guide.mdwn64
-rw-r--r--wiki/src/contribute/meetings/201808.mdwn75
-rw-r--r--wiki/src/contribute/meetings/201808/logs.txt211
-rw-r--r--wiki/src/contribute/meetings/201809.mdwn36
-rw-r--r--wiki/src/contribute/meetings/201809/logs.txt95
-rw-r--r--wiki/src/contribute/release_process.mdwn289
-rw-r--r--wiki/src/contribute/release_process/Debian_security_updates.mdwn24
-rw-r--r--wiki/src/contribute/release_process/perl5lib.mdwn27
-rw-r--r--wiki/src/contribute/release_process/persistence-setup.mdwn38
-rw-r--r--wiki/src/contribute/release_process/tails-greeter.mdwn22
-rw-r--r--wiki/src/contribute/release_process/tails-iuk.mdwn41
-rw-r--r--wiki/src/contribute/release_process/test.mdwn55
-rw-r--r--wiki/src/contribute/release_process/test/setup.mdwn1
-rw-r--r--wiki/src/contribute/release_process/test/usage.mdwn6
-rw-r--r--wiki/src/contribute/release_process/thunderbird.mdwn12
-rw-r--r--wiki/src/contribute/release_process/tor-browser.mdwn22
-rw-r--r--wiki/src/contribute/reports/SponsorW/2018_07.mdwn60
-rw-r--r--wiki/src/contribute/roadmap.mdwn14
-rw-r--r--wiki/src/contribute/sponsorship_to_attend_events.mdwn53
-rw-r--r--wiki/src/contribute/working_together/roles/release_manager.mdwn31
-rw-r--r--wiki/src/contribute/working_together/roles/technical_writer.mdwn7
30 files changed, 1221 insertions, 364 deletions
diff --git a/wiki/src/contribute/APT_repository/custom.mdwn b/wiki/src/contribute/APT_repository/custom.mdwn
index c3767b1..f02a4bb 100644
--- a/wiki/src/contribute/APT_repository/custom.mdwn
+++ b/wiki/src/contribute/APT_repository/custom.mdwn
@@ -314,13 +314,15 @@ Tagging a new Tails release
Once the new release's Git tag is pushed, a cronjob creates
a new APT suite on the custom APT repository's side within a few minutes.
This new APT suite is called the same as the new release version.
-One may check it has appeared in `~reprepro/conf/distributions`.
-Then, the APT suite corresponding to the branch that was used to
-prepare the release must be copied to the new empty APT suite that
-just appeared:
+Wait for this new (empty) APT suite to be created and initialize it
+with the packages currently found in the APT suite corresponding to
+the branch that is used to prepare the release:
- $ ssh reprepro@incoming.deb.tails.boum.org \
+ while ! ssh reprepro@incoming.deb.tails.boum.org reprepro list "${TAG:?}" >/dev/null 2>&1; do
+ sleep 5
+ done && \
+ ssh reprepro@incoming.deb.tails.boum.org \
tails-merge-suite "$RELEASE_BRANCH" "$TAG"
<a id="workflow-post-release"></a>
@@ -328,11 +330,11 @@ just appeared:
After a new Tails release is out
--------------------------------
-If you just put out a final release:
+### If you just put out a final release
* [[merge `stable` or `testing` into
`devel`|APT_repository/custom#workflow-merge-main-branch]]
-* increment the version number in devel's `debian/changelog` to match
+* increment the version number in `devel`'s `debian/changelog` to match
the next major release, so that
next builds from the `devel` branch do not use the APT suite meant
for the last release:
@@ -356,20 +358,6 @@ If you just put out a final release:
git commit debian/changelog \
-m "Add dummy changelog entry for ${NEXT_PLANNED_MINOR_VERSION:?}."
-
-If you just released a RC (XXX: please automate these steps during the
-3.2~rc1 release process, based on the above commands):
-
-* add a dummy changelog entry (for the upcoming, non-RC version) in
- the branch used for the release (`stable` or `testing`), so that the
- next builds from it do not use the APT suite meant for the RC
-* add a dummy changelog entry (for the release *after* the one you
- released a RC for) in the branch used for the release (`stable` or
- `testing`), so that the next builds from it do not use the APT suite
- meant for the RC (XXX: I don't understand what this is about; is it
- instead about adding an entry for that release on the `devel`
- branch? -- intrigeri)
-
If the release was a major one, then:
1. [[Hard reset the stable APT suite to
@@ -382,6 +370,30 @@ If the release was a major one, then:
git commit config/APT_overlays.d/ \
-m "Empty the list of APT overlays: they were merged"
+### Else, if you just released a RC
+
+* increment the version number in `debian/changelog` on the branch
+ used for the release, to match the upcoming non-RC release, so that
+ the next builds from it do not use the APT suite meant for the RC:
+
+ cd "${RELEASE_CHECKOUT}" && \
+ git checkout "${RELEASE_BRANCH:?}" && \
+ dch --newversion "${NEXT_PLANNED_MAJOR_VERSION:?}" \
+ "Dummy entry for next release." && \
+ git commit debian/changelog \
+ -m "Add dummy changelog entry for ${NEXT_PLANNED_MAJOR_VERSION:?}."
+
+* increment the version number in `devel`'s `debian/changelog` to
+ match the second next major release, so that images built from there
+ have the right version number:
+
+ cd "${RELEASE_CHECKOUT}" && \
+ git checkout devel && \
+ dch --newversion "${SECOND_NEXT_PLANNED_MAJOR_VERSION:?}" \
+ "Dummy entry for next release." && \
+ git commit debian/changelog \
+ -m "Add dummy changelog entry for ${SECOND_NEXT_PLANNED_MAJOR_VERSION:?}."
+
Giving access to a core developer
---------------------------------
diff --git a/wiki/src/contribute/calendar.mdwn b/wiki/src/contribute/calendar.mdwn
index 48311f6..8646f9f 100644
--- a/wiki/src/contribute/calendar.mdwn
+++ b/wiki/src/contribute/calendar.mdwn
@@ -4,43 +4,28 @@ All times are referenced to Berlin and Paris time.
## 2018Q3
-* 2018-07-01: Beta release of VeraCrypt
+* 2018-09-04: Build and upload tentative 3.9 ISO image — intrigeri
-* 2018-07-03, 19:00: [[Contributors meeting|contribute/meetings]]
-
-* 2018-07-04, 14:00: Translation platform meeting
-
-* 2018-07-05, 14:00: Additional Software team meeting
-
-* 2018-08-08 to 2018-08-09: port Tails to Tor Browser based on Firefox
- 60ESR ([[!tails_ticket 15023]]) — intrigeri and segfault
-
-* 2018-08-06, 19:00: [[Contributors meeting|contribute/meetings]]
-
-* 2018-08-10: Build and upload tentative 3.9~rc1 ISO image — anonym
-
-* 2018-08-13: Release 3.9~rc1 — anonym
-
-* 2018-09-03, 19:00: [[Contributors meeting|contribute/meetings]]
-
-* 2018-09-05: **Release 3.9** (Firefox 60.2, major release) — anonym is the RM
+* 2018-09-05: Test and **release 3.9** (Firefox 60.2, major release) — intrigeri is the RM
- includes VeraCrypt support + major Additional Software Packages improvements
## 2018Q4
* 2018-10-03, 19:00: [[Contributors meeting|contribute/meetings]]
-* 2018-10-23: **Release 3.10** (Firefox 60.3, bugfix release) — anonym is the RM
+* 2018-10-15: 14:00: Additional Software meeting (wrap up)
+
+* 2018-10-23: **Release 3.10** (Firefox 60.3, bugfix release)
* 2018-11-06, 19:00: [[Contributors meeting|contribute/meetings]]
* 2018-12-03, 19:00: [[Contributors meeting|contribute/meetings]]
-* 2018-12-11: **Release 3.11** (Firefox 60.4, major release) — anonym is the RM
+* 2018-12-11: **Release 3.11** (Firefox 60.4, bugfix release)
## 2019Q1
-* 2019-01-29: **Release 3.12** (Firefox 60.5)
+* 2019-01-29: **Release 3.12** (Firefox 60.5, major release)
* 2019-03-19: **Release 3.13** (Firefox 60.6)
diff --git a/wiki/src/contribute/design.mdwn b/wiki/src/contribute/design.mdwn
index 273cb20..e8cfbfb 100644
--- a/wiki/src/contribute/design.mdwn
+++ b/wiki/src/contribute/design.mdwn
@@ -926,7 +926,7 @@ user. The Debian Live persistence feature is disabled by passing
Removable drives auto-mounting is disabled in Tails 0.7 and newer.
-- [[!tails_gitweb config/chroot_local-includes/usr/share/amnesia/gconf/apps_nautilus.xml]]
+- [[!tails_gitweb config/chroot_local-includes/etc/dconf/db/local.d/00_Tails_defaults]]
### 3.6.11 Secure erasure of files and free disk space
@@ -991,6 +991,7 @@ We only modify this Tor Browser installation slightly:
The default profile is split from the binaries and application data:
- [[!tails_gitweb_dir config/chroot_local-includes/etc/tor-browser]]
+- [[!tails_gitweb config/chroot_local-includes/usr/share/tails/tor-browser-prefs.js]]
As for extensions we have the following differences:
@@ -1032,7 +1033,7 @@ the Internet:
The remaining configuration differences can be found in:
-- [[!tails_gitweb_dir config/chroot_local-includes/etc/tor-browser/preferences/0000tails.js]]
+- [[!tails_gitweb_dir config/chroot_local-includes/usr/share/tails/tor-browser-prefs.js]]
- [[!tails_gitweb config/chroot_local-hooks/14-generate-tor-browser-profile]]
- [[!tails_gitweb config/chroot_local-hooks/15-symlink-places.sqlite]]
diff --git a/wiki/src/contribute/design/additional_software_packages.mdwn b/wiki/src/contribute/design/additional_software_packages.mdwn
new file mode 100644
index 0000000..c257e90
--- /dev/null
+++ b/wiki/src/contribute/design/additional_software_packages.mdwn
@@ -0,0 +1,261 @@
+[[!meta title="Additional software packages design documentation"]]
+
+[[!toc levels=2]]
+
+Rationale
+=========
+
+Tails includes a coherent but limited set of applications. As the system is
+amnesic, new software packages for Debian can be installed in a working
+session but they are not reinstalled at next reboot.
+
+Additional Software Packages is a feature to remember a set of Debian Packages
+to be installed automatically from [[persistent
+storage|contribute/design/persistence]] each time Tails is started.
+
+Use cases
+=========
+
+Alice is a geographer working for an NGO in an unstable country. They need
+to use Tails but needs the QGis SIG to work. It would make little sense
+to add such a specific software in Tails. But thanks to Additional
+Software Packages, Alice can have QGis installed every time when they boot
+Tails with persistent storage enabled.
+
+Bob is a journalist and wants to publish videos made by other
+colleagues. Bob needs to convert these videos and is used to the open
+source video transcoder HandBrake. With Additional Software Packages,
+Bob doesn't need to install it every time when they boot Tails.
+
+Specifications
+==============
+
+Goals
+-----
+
+- Allow people to choose to:
+ - Reinstall a package every time they start Tails.
+ - Stop reinstalling a package every time on boot.
+
+- Integrate this in:
+ - The usual installation and removal process of a package (through
+ Synaptic, another graphical tool, or APT on the command line).
+ - The persistent storage configuration.
+
+- Ensure packages are installed even offline.
+
+- Ensure packages are updated when the machine is connected to the Internet.
+
+Non-goals
+---------
+
+- We won't support installing software that is not in Debian's official
+ repositories.
+
+- We won't provide a way for people to specify which packages to install
+ outside of the usual installation process of a package. We only ask
+ people if they want to reinstall a package every time *after it has
+ been successfully installed a first time*.
+
+Implementation
+==============
+
+Software installation at startup
+--------------------------------
+
+The systemd user unit
+[[!tails_gitweb config/chroot_local-includes/usr/lib/systemd/user/tails-additional-software-install.service]]
+is `WantedBy=desktop.target`. It starts the system unit
+[[!tails_gitweb config/chroot_local-includes/lib/systemd/system/tails-additional-software-install.service]]
+with sudo (see
+[[!tails_gitweb config/chroot_local-includes/etc/sudoers.d/zzz_tails-additional-software]]).
+
+`tails-additional-software-install.service` starts if the configuration file
+`/live/persistence/TailsData_unlocked/live-additional-software.conf` is not
+empty. It is a oneshot service that executes
+[[!tails_gitweb config/chroot_local-includes/usr/local/sbin/tails-additional-software]]
+ `install` then creates `/run/live-additional-software/installed`.
+
+`tails-additional-software install` reads `live-additional-software.conf` which
+contains a package name per line and install these packages with `apt-get`
+(using `DEBIAN_PRIORITY=critical` and the command line options `--yes` and
+`--option DPkg::Options::=--force-confold`).
+
+In the beginning of the process, the user is notified through desktop
+notifications that additional software is being installed:
+
+<img src="https://git.tails.boum.org/ux/plain/additional software/png/notification - installing.png"/>
+
+In the end, they are informed of success of failure. In the latter case, they are
+offered to open a configuration window or to examine the logs in order to better
+understand the issue. The notifications with buttons displayed are as the desktop
+user and are implemented in
+[[!tails_gitweb config/chroot_local-includes/usr/local/lib/tails-additional-software-notify]].
+
+<img src="https://git.tails.boum.org/ux/plain/additional software/png/notification - installation failed.png"/>
+
+
+Software upgrade on Internet connection
+---------------------------------------
+
+A network-manager dispatcher hook starts the systemd unit
+[[!tails_gitweb config/chroot_local-includes/lib/systemd/system/tails-additional-software-upgrade.path]]
+which waits for `/run/live-additional-software/installed` then starts the
+oneshot service `/usr/local/sbin/tails-additional-software upgrade` after
+`tor-has-bootstrapped.service` and `tails-additional-software-install.service`
+if the configuration file
+`/live/persistence/TailsData_unlocked/live-additional-software.conf` is not
+empty.
+
+[[!tails_gitweb config/chroot_local-includes/usr/local/sbin.tails-additional-software]]
+`update` saves a copy of apt lists, then starts `apt-get update` and launches the
+installation process again, triggering an upgrade if necessary.
+
+If the upgrade is successful, the copy of old apt lists is deleted.
+Else, it would be restored by the installation process next time Tails
+is started, ensuring that a network disconnection or another unexpected
+issue doesn't make the Additional Software Packages unavailable.
+
+In the beginning of the process, the user is notified via desktop
+notifications that additional software is being upgraded.
+
+In the end, they are informed of success of failure. In the latter case,
+they are offered to open a configuration window or to examine the logs
+in order to better understand the issue.
+
+<img src="https://git.tails.boum.org/ux/plain/additional software/png/notification - upgrade failed.png"/>
+
+User interface for addition and removal of software
+---------------------------------------------------
+
+When the user installs a package either through the APT command line or
+a graphical interface like Synaptic, a notification is displayed to let
+them add or remove it from their list of additional software.
+
+Two APT hooks are configured in
+[[!tails_gitweb config/chroot_local-includes/etc/apt/apt.conf.d/80tails-additional-software.disabled]],
+which are enabled by
+[[!tails_gitweb config/chroot_local-hooks/99-zz-install-ASP-DPKG-hooks]] in the
+end of the build process.
+
+The first hook `DPkg::Pre-Install-Pkgs` runs before any actual
+installation happens and calls
+`/usr/local/sbin/tails-additional-software apt-pre` which saves a list
+of installed and removed packages as JSON in
+`/run/live-additional-software/packages`.
+
+The second hook `DPkg::Post-Invoke` runs in the end of the installation
+process and calls `/usr/local/sbin/tails-additional-software apt-post`.
+It double forks so that APT properly returns, then parses the JSON file
+written beforehand in order to check which packages were manually
+installed or removed.
+
+### When a package is installed
+
+<img src="https://labs.riseup.net/code/attachments/download/1925/asp-flow-installed.svg" height="auto" />
+
+#### With persistent storage unlocked:
+
+<img src="https://git.tails.boum.org/ux/plain/additional software/png/notification - add.png"/>
+
+When *Add To Persistent Storage* is clicked,
+`/usr/bin/tails-persistence-setup` is started as
+`tails-persistence-setup` without a GUI to enable the
+`AdditionalSoftware` preset. The new additional packages are then added
+atomically to the `live-additional-software.conf` configuration file
+(this logic is handled by
+[[!tails_gitweb submodules/pythonlib/tailslib/additionalsoftware/config.py]])
+
+#### Without persistent storage
+
+<img src="https://git.tails.boum.org/ux/plain/additional software/png/notification - add without persistent storage.png"/>
+
+When *Add To Persistent Storage* is clicked,
+`/usr/bin/tails-persistence-setup` is started as
+`tails-persistence-setup` with a GUI to lead the user through the process
+of creating a persistent storage. The `AdditionalSoftware` preset is
+automatically enabled. The new additional packages are then added to the
+`live-additional-software.conf` configuration file, which is in this
+case mounted to `/media/tails-persistence-setup/TailsData` instead of
+`/live/persistence/TailsData_unlocked` (this logic in handled by
+[[!tails_gitweb submodules/pythonlib/tailslib/persistence.py]]).
+
+The systemd service
+[[!tails_gitweb config/chroot_local-includes/lib/systemd/system/tails-synchronize-data-to-new-persistent-volume-on-shutdown.service]]
+is used to synchronize APT data (lists and cached packages) to the newly
+created persistent storage on Tails shutdown.
+
+#### With persistent storage locked
+
+No notification is displayed as people who have a persistent storage but
+don't unlock it, probably do this only sometimes and for a reason. They
+probably otherwise unlock their persistent storage most of the time. If
+they install packages with their persistent storage locked, they
+probably do it with their persistent storage unlock as well and would
+learn about this feature when it's most relevant for them.
+
+#### When it's impossible to have persistent storage
+
+This happens when running from a DVD, virtual machine, or intermediary
+Tails.
+
+<img src="https://git.tails.boum.org/ux/plain/additional software/png/notification - impossible persistent storage.png"/>
+
+The state file `/run/live-additional-software/installer-asked` ensures
+this notification is only shown once per session, not to bother people
+too much.
+
+### When a package is removed
+
+<img src="https://labs.riseup.net/code/attachments/download/1926/asp-flow-removed.svg" height="auto" />
+
+<img src="https://git.tails.boum.org/ux/plain/additional software/png/notification - remove.png"/>
+
+When *Remove* is clicked, the packages are removed atomically from the
+`live-additional-software.conf` configuration file (this logic is
+handled by
+[[!tails_gitweb submodules/pythonlib/tailslib/additionalsoftware/config.py]]).
+
+Additional Software configuration window
+----------------------------------------
+
+The list of additional software can be opened from:
+
+- **Applications**&nbsp;▸ **System Tools**&nbsp;▸ **Additional Software**
+- **Applications**&nbsp;▸ **Tails**&nbsp;▸ **Additional Software**
+- a click on the gear button next to the **Additional
+Software** feature in the persistent storage settings
+
+This application is implemented in the following files:
+
+- [[!tails_gitweb config/chroot_local-includes/usr/local/bin/tails-additional-software-config]]
+- [[!tails_gitweb config/chroot_local-includes/usr/share/applications/org.boum.tails.additional-software-config.desktop.in]]
+- [[!tails_gitweb config/chroot_local-includes/usr/share/tails/additional-software/configuration-window.ui]]
+
+If there is no persistent storage or before any package is added, if the
+persistent storage is locked, or if it is impossible to have a persistent
+storage (for example, when running from a DVD or a virtual machine) the window
+shows an explanation text with appropriate pointers:
+
+<img src="https://git.tails.boum.org/ux/plain/additional software/png/additional software - without persistent storage.png"/>
+
+<img src="https://git.tails.boum.org/ux/plain/additional software/png/additional software - empty.png"/>
+
+<img src="https://git.tails.boum.org/ux/plain/additional software/png/additional software - locked persistent storage.png"/>
+
+<img src="https://git.tails.boum.org/ux/plain/additional software/png/additional software - impossible persistent storage.png"/>
+
+When packages have already been added, the window displays a list of
+these Additional Software Packages:
+
+<img src="https://git.tails.boum.org/ux/plain/additional software/png/additional software.png"/>
+
+When clicking on the delete cross, a confirmation dialog is displayed:
+
+<img src="https://git.tails.boum.org/ux/plain/additional software/png/additional software - remove.png"/>
+
+The privileged helper
+[[!tails_gitweb config/chroot_config/chroot_local-includes/usr/local/sbin/tails-additional-software-remove]]
+is called through *pkexec* to remove the software from the
+`live-additional-software.conf` configuration file (see
+[[!tails_gitweb config/chroot_config/chroot_local-includes/usr/share/polkit-1/actions/org.boum.tails.additional-software.policy]]
diff --git a/wiki/src/contribute/design/application_isolation.mdwn b/wiki/src/contribute/design/application_isolation.mdwn
index 450c087..dc4b8d4 100644
--- a/wiki/src/contribute/design/application_isolation.mdwn
+++ b/wiki/src/contribute/design/application_isolation.mdwn
@@ -161,7 +161,7 @@ So, in a nutshell we give Tor Browser access to:
* `~/Tor Browser/`, which is amnesiac, as everything else in Tails by
default; this is set to be the default download directory
- ([[!tails_gitweb config/chroot_local-includes/etc/tor-browser/profile/preferences/0000tails.js]]);
+ ([[!tails_gitweb config/chroot_local-includes/usr/share/tails/tor-browser-prefs.js]]);
* `~/Persistent/Tor Browser/`, that is persistent, and only created
when `~/Persistent/` is itself persistent and read-write.
diff --git a/wiki/src/contribute/design/stream_isolation.mdwn b/wiki/src/contribute/design/stream_isolation.mdwn
index af42580..50b0764 100644
--- a/wiki/src/contribute/design/stream_isolation.mdwn
+++ b/wiki/src/contribute/design/stream_isolation.mdwn
@@ -79,7 +79,7 @@ in [[!tails_gitweb config/chroot_local-includes/etc/tor/torrc]]:
Applications are configured to use the right SOCKS port:
-- [[!tails_gitweb config/chroot_local-includes/etc/tor-browser/profile/preferences/0000tails.js]]
+- [[!tails_gitweb config/chroot_local-includes/usr/share/tails/tor-browser-prefs.js]]
- [[!tails_gitweb config/chroot_local-includes/lib/systemd/system/htpdate.service]]
- [[!tails_gitweb config/chroot_local-includes/usr/local/bin/tails-security-check]]
- [[!tails_gitweb config/chroot_local-includes/usr/local/bin/thunderbird]]
diff --git a/wiki/src/contribute/how/documentation/guidelines.mdwn b/wiki/src/contribute/how/documentation/guidelines.mdwn
index 79c5c5a..d5c8d0f 100644
--- a/wiki/src/contribute/how/documentation/guidelines.mdwn
+++ b/wiki/src/contribute/how/documentation/guidelines.mdwn
@@ -167,6 +167,35 @@ Bad:
[[!img screenshot-cut.png link="no"]]
+<a id="alt"></a>
+
+`alt` attributes for images
+===========================
+
+The `alt` attribute of an image is, for example, read by screen readers
+in place of images allowing the *content* and *function* of the image to
+be accessible to those with visual or certain cognitive disabilities.
+
+Every image must have an `alt` attribute but it can be empty (`alt=""`).
+
+In the case of our documentation:
+
+- Often screenshots require no additional information to clarify their
+ *content*. They often provide visual context that is useful for people
+ who see them but not necessary to people who don't see them.
+
+- For graphical buttons or icons, use as `alt` attribute the text that
+ is read by the GNOME Screen Reader (or that you think should be read
+ if none is read). For example:
+
+ <pre>1. Click on the &lt;span class="guimenu"&gt;
+ \[[!img lib/unlock.png alt="Unlock" class="symbolic" link="no"]]
+ &lt;/span&gt; button.</pre>
+
+For more guidelines and examples about writing good `alt` attributes,
+read the article on [alternative text by
+WebAIM](https://webaim.org/techniques/alttext/).
+
Ikiwiki shortcuts
=================
diff --git a/wiki/src/contribute/how/documentation/release_notes.mdwn b/wiki/src/contribute/how/documentation/release_notes.mdwn
index 24197d4..701eb5c 100644
--- a/wiki/src/contribute/how/documentation/release_notes.mdwn
+++ b/wiki/src/contribute/how/documentation/release_notes.mdwn
@@ -8,6 +8,10 @@
- Tails changelog
- <https://git-tails.immerda.ch/tails/tree/debian/changelog?h=stable>
- <https://git-tails.immerda.ch/tails/tree/debian/changelog?h=testing>
+ - If the changelog of the final release has not been written
+ yet, either book some time to update the release notes on the
+ day of the release or go through the tickets marked as "Ready
+ for QA" and "Fix committed" on Redmine.
- If a release candidate was announced, read the call for testing
- Analyze the changes already made on the website and link to them:
- in testing for a major release: `git diff origin/master...origin/testing wiki/src/**/*.{mdwn,html}`
@@ -26,6 +30,7 @@
- TorBirdy: <https://gitweb.torproject.org/torbirdy.git/tree/ChangeLog>
- obfs4proxy: <https://anonscm.debian.org/cgit/pkg-privacy/packages/obfs4proxy.git/tree/ChangeLog>
- Enigmail: <https://enigmail.net/index.php/en/download/changelog>
+ - VirtualBox: <https://www.virtualbox.org/wiki/Changelog>
- Add [[screenshots|contribute/how/documentation/guidelines#screenshot]] of
- Cool stuff, to show off!
- Known issues, if that makes them easier to understand.
@@ -54,7 +59,7 @@
documents.
- Technical items are less proheminent.
- *For example:* Harden our firewall by rejecting `RELATED` packets
- and restricting Tor to only send `NEW TCP` syn packets. ([[!tails_ticket #11391]])
+ and restricting Tor to only send `NEW TCP` syn packets. ([[!tails_ticket 11391]])
- Use full sentences for major changes ("*We installed*", "*You can*")
- Use present tense without subject for minor changes ("*Upgrade*", "*Fix*")
- Mention updates as "Update *Xyz* to [1.2.4]."
diff --git a/wiki/src/contribute/how/documentation/release_notes/template.mdwn b/wiki/src/contribute/how/documentation/release_notes/template.mdwn
index 3bb72bd..e91b81c 100644
--- a/wiki/src/contribute/how/documentation/release_notes/template.mdwn
+++ b/wiki/src/contribute/how/documentation/release_notes/template.mdwn
@@ -14,6 +14,17 @@ upgrade as soon as possible.
## Upgrades and changes
+<-- You can reuse the following subsections if the section gets too big:
+
+### Included software
+
+### Hardware support
+
+The following updates make Tails work better on recent hardware (graphics,
+Wi-Fi, etc.):
+
+-->
+
## Fixed problems
For more details, read our [[!tails_gitweb debian/changelog desc="changelog"]].
@@ -30,7 +41,7 @@ See the list of [[long-standing issues|support/known_issues]].
- To install, follow our [[installation instructions|install]].
-- To upgrade, automatic upgrades are available from $VERSION-2 and $VERSION-1 to $VERSION.
+- To upgrade, automatic upgrades are available from $VERSION-2, $VERSION-1, and $VERSION-1~rc1 to $VERSION.
XXX: Check which IUK will be available with:
diff --git a/wiki/src/contribute/how/documentation/style_guide.mdwn b/wiki/src/contribute/how/documentation/style_guide.mdwn
index d5c1e69..76954f1 100644
--- a/wiki/src/contribute/how/documentation/style_guide.mdwn
+++ b/wiki/src/contribute/how/documentation/style_guide.mdwn
@@ -27,27 +27,67 @@
See [[!wikipedia Decimal_separator#Digit_grouping]] and [[!wikipedia
ISO_31-0#Numbers]].
-- **<i>Files</i>**, **<i>Disks</i>**, etc.
+<a id="gnome_application"></a>
- To refer to GNOME applications:
+- **GNOME applications: <i>Files</i>, <i>Disks</i>, etc.**
- - Use their short name as it appears in the menus when giving
- instructions to be executed inside Tails.
+ GNOME applications that have a common noun as their name (like
+ <span class="application">Files</span> or
+ <span class="application">Disks</span>) can be confusing when referred
+ to in the documentation.
- *For example*:
+ Make sure to clarify that you are referring to an application (and
+ not, for example, a set of files or disks):
+
+ - *For example*:
+ - In the title of sections
+ - When first referring to the application in a section
+
+ - *Use*:
+ - The <span class="application">Files</span> browser
+ - The <span class="application">Disks</span> utility
+
+ Otherwise, use the short name of the application as it appears in the menus when giving
+ instructions to be executed inside Tails.
+
+ - *For example*:
- Open */live/persistence/TailsData_unlocked/dotfiles* in *Files*.
- - Prepend "*GNOME*" when giving instructions to be executed outside of
- Tails.
+ Prepend "*GNOME*" when giving instructions to be executed outside of
+ Tails.
- *For example*:
- - Install GNOME Disks in Debian.
+ - *For example*:
+ - Install <span class="application">GNOME Disks</span> in Debian.
- **graphics card**
And not *graphics adapters*, *graphics*, *graphical hardware*, or
*video card*.
+- **procedures** (a series of steps)
+
+ - Keep the number of steps low within a procedure (for example, below
+ 10, ideally 7). For longer procedures, split them and give each
+ section a title.
+
+ - Add a blank line between each step.
+
+ - Rely on the automatic numbered of Markdown and number all the steps
+ with `1.`
+
+ See also the *Microsoft Manual of Style: Procedures and technical
+ content*.
+
+ *For example*:
+
+<pre>
+1. Make sure that you are connected to the Internet.
+
+1. Start <span class="application">Software Sources</span>.
+
+1. Click on the <span class="guilabel">PPAs</span> button and then choose to <span class="button">Add a new PPA&hellip;</span>.
+</pre>
+
- **network interface**, **Wi-Fi interface**
And not *card*, *device*, or *adapter*.
@@ -57,10 +97,10 @@
- **persistence feature**
To refer to the features available in the configuration of the
- *persistent volume*.
+ *persistent storage*.
- - *For example*: when the <span class="guilabel">Additional
- Software</span> persistence feature is activated.
+ - *For example*: when the [[<span class="guilabel">Additional
+ Software</span> persistence feature|doc/first_steps/persistence/configure#additional_software]] is activated.
The word *persistence* can be omitted if it is redundant from the context
(for example on [[doc/first_steps/persistence/configure]]).
diff --git a/wiki/src/contribute/meetings/201808.mdwn b/wiki/src/contribute/meetings/201808.mdwn
new file mode 100644
index 0000000..5029af9
--- /dev/null
+++ b/wiki/src/contribute/meetings/201808.mdwn
@@ -0,0 +1,75 @@
+[[!meta title="August 2018 online meeting"]]
+
+[[!toc levels=2]]
+
+# Meta
+
+- Attendees: emmapeel, jvoisin, sajolida, segfault.
+
+- [[Logs|201808/logs.txt]]
+
+# Volunteers to handle "Hole in the roof" tickets this month
+
+None
+
+# Volunteers to handle important tickets flagged for next release, but without assignee
+
+None
+
+# Availability and plans
+
+- emmapeel: i want to finish the docs for additional software this week,
+ and then later on more frontdesk also working on the weblate server
+ that is a bit flaky since update
+- segfault: I still have quite some work to do for 3.9, and I also have
+ a new part time job, so I'm quite busy and won't be available for much
+ else that I didn't already sign up for
+- sajolida:
+ - Availability: Full until August 16, then I'll be travelling in
+ sprint and meetings.
+ - Plans: Finish VeraCrypt and Additional Software, prepare the work
+ with Simply Secure at the summit, finish a first version of the
+ personas (and their images) in time for the summit, hopefully some
+ doc writing.
+- jvoisin: I would like to add video support to MAT2 and to ship a 1.0
+ version soon™
+
+# Important missing bits in the next monthly report
+
+sajolida will shoot an email to u and hefee about their work on the
+translation platform.
+
+# Gather comments on our draft personas
+
+Chapter 4: [[Derya, the privacy advocate|blueprint/personas#derya]]
+
+- Doing stuff for (untrusted) others
+ - *emmapeel: i think derya would like to be able to format suspicious
+ USB stick people gives them*
+ - *sajolida: right, Derya is sometimes "doing stuff for people" during
+ training and such*
+
+- Refugee status
+ - *segfault: "Turkish refugee in Germany" is unrealistic - Germany
+ doesn't allow Turkish refugees*
+ - *segfault: Syria, Iraq and Afghanistan are countries from which
+ refugees are allowed to stay in Germany*
+ - *sajolida: i know people living in Germany who were born and raised
+ in Turkey and are living now in Germany to be safe (LGBT) but i
+ don't know if they have an official "refugee" status*
+ - *sajolida: i think we said Derya was Turkish because of the recent
+ crackdown on digital security trainers in Turkey and the big Turkish
+ community in Germany*
+ - *emmapeel: exile?*
+
+- Outreach material
+ - *emmapeel: maybe Derya wants to print and make posters, flyers, etc*
+ - *sajolida: yeap, i should add more details about his advocacy and
+ training work, but it definitely includes sharing printed material*
+ - *emmapeel: as an adult because of homphobia? cause it is difficult
+ to be gay there?*
+ - *segfault: just say that she is Turkish and lives in Germany*
+
+- Training and advocacy
+ - *sajolida: i'm realizing now that the training and advocacy of Derya
+ looks like the training and advocacy that we added to Riou in July.*
diff --git a/wiki/src/contribute/meetings/201808/logs.txt b/wiki/src/contribute/meetings/201808/logs.txt
new file mode 100644
index 0000000..b640c1f
--- /dev/null
+++ b/wiki/src/contribute/meetings/201808/logs.txt
@@ -0,0 +1,211 @@
+(05:00:58 PM) segfault: yo
+(05:01:03 PM) segfault: meeting time
+(05:01:07 PM) emmapeel: yep
+(05:01:22 PM) sajolida: hellooo
+(05:02:11 PM) segfault:
+https://tails.boum.org/blueprint/monthly_meeting/
+(05:02:22 PM) segfault: we still need a notetaker and a facilitator
+(05:02:28 PM) segfault: I can do one of those
+(05:03:25 PM) sajolida: i can take notes
+(05:03:46 PM) segfault: then I can be the facilitator, if no one else
+wants to do that
+(05:04:06 PM) segfault: who is here for the meeting? drwhax Casper
+emmapeel faccio goupille jvoisin kibi muri
+(05:04:18 PM) jvoisin: o/
+(05:04:22 PM) emmapeel: i am here for the meeting
+(05:04:36 PM) segfault: yeah sorry emmapeel, you already made that clear
+:)
+(05:04:59 PM) segfault: ok, shall we start with the first topic?
+(05:05:09 PM) segfault: Availability and plans for the next weeks
+(05:05:41 PM) emmapeel: i want to finish the docs for additional
+software this week, and then later on more frontdesk.
+(05:06:04 PM) emmapeel: also working on the weblate server that is a bit
+flaky since update
+(05:06:10 PM) emmapeel: that's it
+(05:06:44 PM) segfault: I still have quite some work to do for 3.9, and
+I also have a new part time job, so I'm quite busy and won't be
+available for much else that I didn't already sign up for
+(05:07:40 PM) segfault: sajolida, jvoisin?
+(05:07:47 PM) jvoisin: nope
+(05:07:55 PM) sajolida: - Availability: Full until August 16, then I'll
+be travelling in sprint and meetings.
+- Plans: Finish VeraCrypt and Additional Software, prepare the work with
+ Simply Secure at the summit, finish a first version of the personas
+(and their images) in time for the summit, hopefully some doc writing.
+(05:08:26 PM) jvoisin: (albeit I would like to add video support to MAT2
+and to ship a 1.0 version soon™)
+(05:08:35 PM) segfault: OK
+(05:08:43 PM) segfault: then next topic, if no one has anything else to
+add
+(05:08:47 PM) segfault: Volunteers to handle "Hole in the roof"
+tickets this month
+(05:09:21 PM) segfault: wow, that list became quite short
+(05:09:36 PM) sajolida: no Hole in the Roof for me
+(05:09:39 PM) segfault: same
+(05:10:19 PM) segfault: emmapeel, jvoisin?
+(05:10:19 PM) emmapeel: same
+(05:10:22 PM) jvoisin: nope
+(05:10:29 PM) segfault: OK, next topic
+(05:10:32 PM) segfault: Volunteers to handle important tickets flagged
+for next release, but without assignee
+(05:10:33 PM) ***jvoisin is mostly here to watch tbf
+(05:10:46 PM) segfault: do we have a link for that?
+(05:10:55 PM) sajolida: i'll prepare a link
+(05:11:02 PM) segfault: can't we just add one to the blueprint?
+(05:11:23 PM) emmapeel: it will have to be updated for each release
+though
+(05:11:44 PM) segfault: mmh yeah, would be a nice redmine feature to
+have a "next release" tag
+(05:12:20 PM) sajolida:
+https://labs.riseup.net/code/projects/tails/issues?utf8=%E2%9C%93&set_filter=1&f%5B%5D=status_id&op%5Bstatus_id%5D=%3D&v%5Bstatus_id%5D%5B%5D=1&v%5Bstatus_id%5D%5B%5D=9&v%5Bstatus_id%5D%5B%5D=7&f%5B%5D=fixed_version_id&op%5Bfixed_version_id%5D=%3D&v%5Bfixed_version_id%5D%5B%5D=304&f%5B%5D=assigned_to_id&op%5Bassigned_to_id%5D=%21*&f%5B%5D=&c%5B%5D=tracker&c%5B%5D=status&c%5B%5D=priority&c%5B%5D=subject&c%5B%5D=author&c%5B%5D=assigned_to&c%5B%5D=updated_on&c%5B%5D=cf_9&group_by=&t%5B%5D=
+(05:12:26 PM) sajolida: i think that would be the link
+(05:12:28 PM) segfault: thanks
+(05:12:49 PM) sajolida: and their is nothing relevant in there (i can
+fix the metadata of both tickets)
+(05:12:56 PM) segfault: great!
+(05:13:07 PM) segfault: next topic then
+(05:13:08 PM) segfault: Important missing bits in the next monthly
+report.
+(05:13:17 PM) emmapeel: yes, please add your bits
+(05:13:26 PM) emmapeel: pablonatalino and me are curating the report
+(05:13:36 PM) segfault: not sure I have anything interesting to add
+(05:13:39 PM) emmapeel: (well, i will help pablonatalino if he has
+troubles etc)
+(05:14:44 PM) segfault: I worked a lot on the VeraCrypt stuff, but I
+don't think it makes sense to write an update about that in every report
+(05:14:49 PM) sajolida: i don't think we've ever heard about the ongoing
+work on the translation platform in the monthly reports and i miss
+that...
+(05:14:58 PM) segfault: (we already have the SponsorW reports for that)
+(05:15:06 PM) segfault: the VeraCrypt stuff I mean
+(05:16:10 PM) segfault: did we already have something about the
+VeraCrypt beta in the June report or would that go in the July report?
+(05:16:33 PM) sajolida: i think you should check and add it if it's not
+there
+(05:16:38 PM) segfault: yes
+(05:16:50 PM) segfault: OK, anything else?
+(05:16:57 PM) emmapeel: sajolida: ack about the translation platform!
+(05:17:17 PM) sajolida: i'll shoot a mail to u and hefee about that
+(05:18:17 PM) segfault: OK, next topic?
+(05:18:39 PM) segfault: Strategic planning - We'll discuss "Oppressed
+people can safely use Tails (e.g. without being detected) [B, +5-3]".
+(05:18:50 PM) segfault: sajolida, is that yours?
+(05:19:03 PM) sajolida: nope, that's intrigeri
+(05:19:16 PM) segfault: ah, well then we will have to discuss that
+during the next meeting I guess
+(05:19:18 PM) faccio left the room (Disconnected: closed).
+(05:19:22 PM) sajolida: like last month he's not here and we should
+postpone it
+(05:19:23 PM) emmapeel: intrigeri said he will likely be in bad shape to
+attend the meeting
+(05:19:34 PM) emmapeel: because of a flight i think
+(05:19:34 PM) segfault: next topic then
+(05:19:43 PM) segfault: Gather comments on our draft personas
+(05:20:17 PM) segfault: sajolida, that is yours, right?
+(05:20:22 PM) faccio entered the room.
+(05:20:38 PM) sajolida: yeap
+(05:20:42 PM) segfault: I remember we already spent a few minutes on
+this 2 or 3 months ago
+(05:21:07 PM) sajolida: we already reviewed personas #1, #2, and #3 -
+this one is the last one!
+(05:21:22 PM) faccio left the room (Disconnected: closed).
+(05:21:38 PM) sajolida: so please take a few minutes to read:
+- the objectives of the discussion in
+ https://tails.boum.org/blueprint/monthly_meeting/
+(05:22:02 PM) sajolida: - the draft we have for Derya in
+https://tails.boum.org/blueprint/personas/#derya
+(05:22:15 PM) sajolida: and the you can start commenting
+(05:24:52 PM) segfault: do we comment on Derya or on Riou? because the
+agenda says "Chapter 3: Riou, the protest organizer"
+(05:25:09 PM) sajolida: sorry, i updated the agenda during the meeting
+:) we're commenting on Derya! :)
+(05:25:13 PM) segfault: ah ok
+(05:25:19 PM) sajolida: we did Riou in July
+(05:25:29 PM) segfault: damn, I missed Riou :/
+(05:25:41 PM) sajolida: segfault: you can still comment on it by emai!!!
+(05:25:46 PM) sajolida: (until August 9)
+(05:26:05 PM) sajolida: or after the meeting
+(05:26:17 PM) segfault: OK
+(05:26:42 PM) goupille left the room.
+(05:27:29 PM) emmapeel: hmm
+(05:27:56 PM) emmapeel: i think derya would like to be able to format
+suspicious USB stick people gives them
+(05:28:21 PM) sajolida: right, Derya is sometimes "doing stuff for
+people" during training and such
+(05:28:44 PM) segfault: "Turkish refugee in Germany" is unrealistic -
+Germany doesn't allow Turkish refugees
+(05:29:13 PM) segfault: Syria, Iraq and Afghanistan are countries from
+which refugees are allowed to stay in Germany
+(05:29:43 PM) sajolida: like for Chris, i might be using the term
+"refugee" a bit too broadly...
+(05:30:25 PM) sajolida: though i know people living in Germany who were
+born and raised in Turkee and are living now in Germany to be safe
+(LGBT) but i don't know if they have an official "refugee" status
+(05:31:15 PM) sajolida: oops! s/Turkee/Turkey/ sorry!
+(05:31:40 PM) sajolida: i think we said Derya was Turkish because of the
+recent crackdown on digital security trainers in Turkey
+(05:31:51 PM) sajolida: and the big Turkish community in Germany
+(05:31:53 PM) segfault: that makes sense
+(05:31:58 PM) sajolida: but that might need some fixing
+(05:32:13 PM) sajolida: segfault: what do you think would be a more
+likely scenario?
+(05:32:33 PM) emmapeel: maybe Derya wants to print and make posters,
+flyers, etc
+(05:33:04 PM) sajolida: emmapeel: yeap, i should add more details about
+his advocacy and training work, but it definitely includes sharing
+printed material
+(05:33:33 PM) sajolida: segfault: or a better word than "refugee"?
+(05:33:41 PM) emmapeel: exile?
+(05:33:42 PM) segfault: yeah, I don't think it's an unlikely scenario,
+it's just the term refugee
+(05:33:52 PM) segfault: I don't know
+(05:33:55 PM) sajolida: Derya's first language is not German though
+(05:34:22 PM) segfault: maybe just explain why she lives in Germany?
+(05:34:37 PM) sajolida: ok, maybe "Derya is from the Turkish diaspora
+living in Germany"?
+(05:34:55 PM) kibi left the room (Disconnected: Replaced by new
+connection).
+(05:34:55 PM) kibi entered the room.
+(05:35:05 PM) sajolida: ok, then why do you think they live in Germany?
+they came their on their own as an adult? with their parents as a child?
+(05:35:54 PM) emmapeel: as an adult because of homphobia?
+(05:36:08 PM) sajolida: looking for a better life? avoiding some
+concrete threat?
+(05:37:11 PM) emmapeel: cause it is difficult to be gay there?
+(05:37:28 PM) sajolida: homophobia would work as a reason why they are
+living in Germany but i would make it a big focus on their persona (we
+already have Kim for that)
+(05:37:56 PM) sajolida: ok, homophobia and we don't really have to
+explain how they got to German, if they are really a refugee or anything
+(05:37:59 PM) sajolida: next?
+(05:38:10 PM) sajolida: s/German/Germany/
+(05:38:25 PM) segfault: or just don't explain anything
+(05:38:42 PM) segfault: just say that she is Turkish and lives in
+Germany
+(05:38:44 PM) sajolida: segfault: right, they are just Turkish living in
+Germany → great
+(05:38:46 PM) segfault: without refugee
+(05:38:54 PM) segfault: OK
+(05:39:47 PM) sajolida: i'm realizing now that the training and advocacy
+of Derya looks like the training and advocacy that we added to Riou in
+July. i'm not sure what to do with that but we'll give it a second
+thought with u on Thursday (we have a session to do something with all
+these comments)
+(05:39:57 PM) jvoisin left the room.
+(05:41:28 PM) segfault: I'm bad at this, I can't think of anything to
+comment
+(05:41:37 PM) sajolida: that's ok!
+(05:41:40 PM) sajolida: emmapeel: anything else?
+(05:42:14 PM) emmapeel: hmmm nope sorry
+(05:42:21 PM) sajolida: then we're done!
+(05:42:32 PM) segfault: OK, that was last topic
+(05:42:35 PM) sajolida: segfault: tell me if you want to have a look at
+Riou right now and i'll stick around
+(05:42:39 PM) segfault: so the meeting is over
+(05:42:52 PM) segfault: sajolida: nah, I will look at it later and write
+you an email
+(05:42:56 PM) sajolida: ok!
+(05:42:57 PM) segfault: (if I find anything to comment)
+(05:43:02 PM) sajolida: :)
+(05:43:05 PM) sajolida: nice, see you around then!
+(05:43:08 PM) segfault: see you!
diff --git a/wiki/src/contribute/meetings/201809.mdwn b/wiki/src/contribute/meetings/201809.mdwn
new file mode 100644
index 0000000..b2b041d
--- /dev/null
+++ b/wiki/src/contribute/meetings/201809.mdwn
@@ -0,0 +1,36 @@
+[[!meta title="September 2018 online meeting"]]
+
+[[!toc levels=2]]
+
+# Meta
+
+- Attendees: u, emmapeel, intrigeri (facilitator), spriver, lamby, cbrownstein, kibi, muri
+
+- [[Logs|201809/logs.txt]]
+
+# Volunteers to handle "Hole in the roof" tickets this month
+
+- [[!tails_ticket 12146 desc="Tails installed using dd is not seen as a bootable device on MacBook Pro"]] will be done by segfault as part of the usb image project
+
+- [[!tails_ticket 7102 desc="Evaluate how safe haveged is in a virtualized environment"]] landed back on intris plate
+
+
+# Volunteers to handle important tickets flagged for next release, but without assignee
+
+- u will check with alan about [[!tails_ticket 15567 desc="Fix bugs and UX issues in the Additional Software beta"]]
+
+- [[!tails_ticket 15895 desc="Remove some of our predefined bookmarks"]] will be assigned to sajolida
+
+# Availability and plans until the next meeting
+
+- spriver: availability: quite yes, plans: not really atm
+- emmapeel: gill be travelling next month... not sure if i will be around much
+- intrigeri: plans: release 3.9 and deal with its fallout, write VeraCrypt auto tests for the OTF contract, deal with day-to-day stuff, process some of the summit output, have some week-end time, sysadmin team sprint, Tor meeting in MEX.
+- kibi: availability: I'll try to process anything getting assigned to me
+- u: availability: well... busy busy busy but i am here and will do some tails work this month
+- cbrownstein: availability: i'm available. plans: close the elevated tickets currently assigned to me
+- lamby: Availability: sketchy. Plans: The vmdebootstrap RM bug was finally filed, so I will prioritise migration a bit higher here
+
+# Important missing bits in the next monthly report
+
+- muri will add the summit
diff --git a/wiki/src/contribute/meetings/201809/logs.txt b/wiki/src/contribute/meetings/201809/logs.txt
new file mode 100644
index 0000000..35fe9e1
--- /dev/null
+++ b/wiki/src/contribute/meetings/201809/logs.txt
@@ -0,0 +1,95 @@
+(07:00:15 PM) intrigeri: meeting time!
+(07:00:31 PM) u: hey here spriver
+(07:00:33 PM) intrigeri: today I have the honor to facilitate.
+(07:00:39 PM) spriver: u: hi!
+(07:00:50 PM) intrigeri: who'll have the honor to take notes? (https://tails.boum.org/contribute/meetings/#index2h1)
+(07:01:34 PM) intrigeri: agenda is https://tails.boum.org/blueprint/monthly_meeting/
+(07:03:13 PM) intrigeri: this should be a short meeting since there's nothing except the recurring short topics on the agenda.
+(07:03:33 PM) carlosm2 entered the room.
+(07:03:50 PM) lamby: (My first general tails meeting, otherwise I would take notes)
+(07:03:53 PM) u: I dont want to take notes but if nobody else volunteers, I'll save the log and process notes when I have time.
+(07:03:57 PM) muri-pidgin: i can take notes, now that i have a more comfortable client running
+(07:04:03 PM) u: ahhh great!
+(07:04:07 PM) intrigeri: muri-pidgin: yeah!
+(07:04:19 PM) muri-pidgin: wow, it even makes sounds!
+(07:04:26 PM) intrigeri: let's go then!
+(07:04:31 PM) carlosm2: a quick hi compas, here cacu
+(07:04:39 PM) intrigeri: 1st topic is: "Volunteers to handle "Hole in the roof" tickets this month"
+(07:04:43 PM) intrigeri: https://labs.riseup.net/code/versions/198
+(07:05:14 PM) u: no hole in the roof for me.
+(07:05:29 PM) spriver: neither for me
+(07:05:30 PM) intrigeri: what, #7102 landed back onto my plate.
+(07:05:31 PM) Tailsbot: Tails ☺ Feature #7102: Evaluate how safe haveged is in a virtualized environment - Tails - RiseupLabs Code Repository https://labs.riseup.net/code/issues/7102
+(07:05:56 PM) muri-pidgin: me neither
+(07:05:59 PM) intrigeri: well. so much for not taking it initially. I'll do something.
+(07:06:30 PM) u: :)
+(07:06:38 PM) intrigeri: https://labs.riseup.net/code/issues/12146 will be done by segfault as part of the usb image project \o/
+(07:06:39 PM) Tailsbot: Tails ☺ Bug #12146: Tails installed using dd is not seen as a bootable device on MacBook Pro https://labs.riseup.net/code/issues/12146
+(07:07:39 PM) intrigeri: let's move on. as usual, if I'm going too fast and you need more time, shout and I'll rollback to previous topic.
+(07:07:44 PM) intrigeri: next topic is "Volunteers to handle important tickets flagged for next release, but without assignee"
+(07:08:10 PM) intrigeri: given the release is in 2 days I would hope there's none.
+(07:08:20 PM) muri-pidgin: hehe
+(07:08:40 PM) intrigeri: actually there's one https://labs.riseup.net/code/issues/15567
+(07:08:41 PM) Tailsbot: Tails ☺ Bug #15567: Fix bugs and UX issues in the Additional Software beta https://labs.riseup.net/code/issues/15567
+(07:09:01 PM) intrigeri: u: I guess it's for Alan, I'll let you handle it as the team lead.
+(07:09:23 PM) intrigeri: looking at 3.10 too while I'm at it.
+(07:09:33 PM) intrigeri: https://labs.riseup.net/code/issues/15895
+(07:09:33 PM) Tailsbot: Tails ☺ Bug #15895: Remove some of our predefined bookmarks https://labs.riseup.net/code/issues/15895
+(07:10:10 PM) intrigeri: I'll assign to sajolida.
+(07:10:36 PM) intrigeri: so next topic: "Availability and plans until the next meeting"
+(07:11:12 PM) intrigeri: availability: most of you have received mine over email a couple weeks ago. minor changes only so far.
+(07:11:51 PM) spriver: availability: quite yes, plans: not really atm
+(07:12:15 PM) emmapeel: gill be travelling next month... not sure if i will be around much
+(07:12:31 PM) emmapeel: *i'll
+(07:12:32 PM) intrigeri: plans: release 3.9 and deal with its fallout, write VeraCrypt auto tests for the OTF contract, deal with day-to-day stuff, process some of the summit output, have some week-end time, sysadmin team sprint, Tor meeting in MEX.
+(07:13:15 PM) muri-pidgin: availability: i'll be available; plans are mostly working on reviewing translations and a couple of small tasks
+(07:13:41 PM) u: intrigeri: #15567 → I'll check with Alan.
+(07:13:42 PM) Tailsbot: Tails ☺ Bug #15567: Fix bugs and UX issues in the Additional Software beta https://labs.riseup.net/code/issues/15567
+(07:13:54 PM) kibi: availability: I'll try to process anything getting assigned to me, even if I need to prepare for moving flats;
+(07:14:02 PM) u: availability: well... busy busy busy but i am here and will do some tails work this month.
+(07:14:12 PM) intrigeri: kibi: I hope the flats are not too heavy :]
+(07:14:45 PM) u: and they are not moving in space without your consent.. :)
+(07:15:13 PM) cbrownstein: availability: i'm available. plans: close the elevated tickets currently assigned to me.
+(07:15:54 PM) lamby: Availability: sketchy. Plans: The vmdebootstrap RM bug was finally filed, so I will prioritise migration a bit higher here.
+(07:16:42 PM) intrigeri: kibi, lamby: I owe you folks some post-summit emails / notes processing / meta blah and scheduling next team meeting.
+(07:17:13 PM) segfault entered the room.
+(07:18:32 PM) spriver: segfault: hI!
+(07:18:49 PM) segfault: hi everyone
+(07:18:58 PM) intrigeri: anyone else wants to share plans/availability until Oct 3?
+(07:19:16 PM) cbrownstein: segfault: hello!
+(07:19:28 PM) intrigeri: yo segfault, aka. the VeraCrypt-in-GNOME-3.30-released-today hero!
+(07:19:38 PM) segfault: :)
+(07:19:50 PM) u: hi segfault
+(07:19:51 PM) segfault: that I will work on now, so I won't have time for the meeting :/
+(07:20:03 PM) u: segfault: i need to talk to you after the meeting for two minutes
+(07:20:24 PM) segfault: u: of course, just ping me then
+(07:20:27 PM) u: segfault: i'll ask you in PM
+(07:20:38 PM) intrigeri: alright, next topic then: Important missing bits in the next monthly report.
+(07:20:51 PM) intrigeri: i.e. https://tails.boum.org/blueprint/monthly_report/report_2018_08/
+(07:21:16 PM) intrigeri: well, it's empty so far, so consider this as a gentle reminder to add your exciting stuff there :)
+(07:21:42 PM) intrigeri: anything you want *me* (as the report currator this month) to add myself?
+(07:22:44 PM) u: intrigeri: summit report?
+(07:22:57 PM) u: link to ^
+(07:23:10 PM) intrigeri: muri-pidgin: I guess you'll do that ^
+(07:24:09 PM) muri-pidgin: if it is published until the monthly report yes. otherwise i'll just add a short sentence that there was a summit and a report will come ;)
+(07:25:22 PM) intrigeri: sounds perfect!
+(07:25:29 PM) u: i have nothing to add to this report, i'm curating the report for Sponsor_W this month.
+(07:25:29 PM) lamby: re. report... Something something microcode something?
+(07:25:44 PM) u: if people here can add their bits that would be greatly appreciated.
+(07:26:27 PM) u: https://tails.boum.org/blueprint/SponsorW/report_2018_08
+(07:26:28 PM) intrigeri: lamby: do you mean like $last_joke_from_Intel?
+(07:26:43 PM) intrigeri: (s/Intel/modern CPU design/)
+(07:27:17 PM) lamby: Yes. Although more like explicitly reassuring "is Tails on top of this?" or "Does/will Tails have a release covering this" rather than it being in some release notes.
+(07:27:44 PM) intrigeri: lamby: OK, I'll check with sajolida.
+(07:27:54 PM) intrigeri: lamby: and FWIW I agree.
+(07:28:19 PM) intrigeri: lamby: 3.9 will have all the publicly available fixes btw.
+(07:28:43 PM) intrigeri: OK, this was the last topic.
+(07:28:54 PM) lamby: Neat. (Even if the answer is "no, not yet", still worth it..)
+(07:28:56 PM) intrigeri: Anything else to discuss? (that does not require any preparation)
+(07:29:08 PM) u: not from me
+(07:29:22 PM) muri-pidgin: nothing from me
+(07:30:54 PM) intrigeri: public service announcement from your (fallback, de facto) release manager who loves you all: please make sure your tickets with Target version = 3.9 have a realistic target version. We release 3.9 on Wednesday. So anything that you won't complete within 48h should be postponed.
+(07:30:56 PM) atomike left the room (Disconnected: closed).
+(07:31:03 PM) atomike entered the room.
+(07:31:34 PM) intrigeri: (it's always a good opportunity to wonder "hmmm, when exactly will I have time to do X" as opposed to me postponing everything blindly to 3.10)
+(07:31:59 PM) intrigeri: OK, meeting done then.
diff --git a/wiki/src/contribute/release_process.mdwn b/wiki/src/contribute/release_process.mdwn
index 7a22822..3dd6f29 100644
--- a/wiki/src/contribute/release_process.mdwn
+++ b/wiki/src/contribute/release_process.mdwn
@@ -4,6 +4,10 @@
See the [[release_schedule]].
+<div class="caution">
+Read the remainder of this document from the branch used to prepare the release!
+</div>
+
Requirements
============
@@ -17,6 +21,8 @@ To release Tails you'll need some packages installed:
`debian/control` in the `debian` branch of its repo)
* `tails-perl5lib` dependencies (same trick as `tails-iuk` to get the
list)
+* `po4a` _from Stretch_: the version in testing/sid extracts Markdown headings
+ in a different way, which makes tons of strings fuzzy.
Environment
===========
@@ -34,19 +40,26 @@ the scripts snippets found on this page:
* `NEXT_PLANNED_VERSION`: set to the version number of the next Tails release
(e.g. 0.23 when releasing 0.22.1, and 1.3 when releasing 1.2)
* `NEXT_PLANNED_MAJOR_VERSION`: set to the version number of the next
- *major* Tails release
+ *major* Tails release; if you're preparing a RC for a major release,
+ use that major release; otherwise, use whatever the next planned
+ major release is
+* `SECOND_NEXT_PLANNED_MAJOR_VERSION`: set to the version number of
+ the second next *major* Tails release; e.g. if preparing the RC for
+ the 3.9 major release, then set this to 3.12 (3.9 is the next major
+ release, 3.10 and 3.11 are bugfix releases, 3.12 is a major
+ release).
* `NEXT_PLANNED_MINOR_VERSION`: set to the version number of the next
*minor* Tails release; if the next release is a point-release, use
that one; otherwise, use `${VERSION}.1`
-* `MAJOR_RELEASE`: set to 1 if preparing a major release, to 0 else
+* `MAJOR_RELEASE`: set to 1 if preparing a major release or a release
+ candidate for a major release, to 0 otherwise
* `ISOS`: the directory where one stores `tails-amd64-*`
sub-directories like the ones downloaded with BitTorrent.
* `ARTIFACTS`: the directory where build artifacts (e.g.
the `.packages` file) land.
* `MASTER_CHECKOUT`: a checkout of the `master` branch of the main
Tails Git repository.
-* `RELEASE_BRANCH`: the name of the branch of the main Tails Git
- repository used to prepare the release (`stable` or `testing`).
+* `RELEASE_BRANCH=$(if [ "$MAJOR_RELEASE" = 1 ]; then echo -n testing; else echo -n stable; fi)`
* `RELEASE_CHECKOUT`: a checkout of the branch of the main Tails Git
repository used to prepare the release (`stable` or `testing`).
* `TAILS_SIGNATURE_KEY=A490D0F4D311A4153E2BB7CADBB802B258ACD84F`
@@ -55,9 +68,7 @@ the scripts snippets found on this page:
* `PERL5LIB_CHECKOUT`: a checkout of the relevant tag of the
`perl5lib` Git repository.
* `DIST`: either 'alpha' (for RC:s) or 'stable' (for actual releases)
-* `export DEBEMAIL='tails@boum.org'`
-* `export DEBFULLNAME='Tails developers'`
-* `export WEBSITE_RELEASE_BRANCH="web/release-${VERSION:?}"`
+* `export WEBSITE_RELEASE_BRANCH="web/release-${TAG:?}"`
Pre-freeze
==========
@@ -70,16 +81,6 @@ Coordinate with Debian security updates
See [[release_process/Debian_security_updates]].
-Select the right branch
-=======================
-
-What we refer to as the "release branch" (and `RELEASE_BRANCH`) should
-be `testing` for major releases, and `stable` for point-releases.
-
-<div class="caution">
-Read the remainder of this document from the branch used to prepare the release!
-</div>
-
Sanity check
============
@@ -96,7 +97,7 @@ If we are at freeze time for a major release:
1. Merge the `master` Git branch into `devel`:
- git checkout devel && git merge --no-ff origin/master
+ git checkout devel && git fetch origin && git merge --no-ff origin/master
2. [[Merge each APT overlay suite|APT_repository/custom#workflow-merge-overlays]]
listed in the `devel` branch's `config/APT_overlays.d/` into the `devel`
@@ -152,63 +153,45 @@ Bootstrap manual testing coordination:
into it.
3. Send the pad URL to the usual testers (see `manual_testers.mdwn` in
the `internal.git` repository).
+ XXX: move this document to a repo that all RMs have access to.
Update included files
=====================
-uBlock patterns and settings file
-----------------
-
-The patterns+settings file is stored as a SQLite text dump in
-`config/chroot_local-includes/usr/share/tails/ublock-origin/ublock0.dump`.
-
-1. Start Tails
-2. Start *Tor Browser*
-2. Click on the uBlock icon and then click on the gears icon to open
- the uBlock dashboard
-3. Open the *3rd-party filters* tab
-4. Click on the button *Update now* to update all filters
-5. Close *Tor Browser*
-7. Copy the `.tor-browser/profile.default/extension-data/ublock0.sqlite`
- from this Tor Browser instance into the root of Tails' Git repo and
- run the following command:
-
- ./bin/convert-ublock-settings ublock0.sqlite > \
- config/chroot_local-includes/usr/share/tails/ublock-origin/ublock0.dump \
- && git commit -m 'Update uBlock Origin patterns + settings file.' \
- config/chroot_local-includes/usr/share/tails/ublock-origin/ublock0.dump \
- && rm ublock0.sqlite
+<a id="upgrade-custom-debs"></a>
Upgrade bundled binary Debian packages
--------------------------------------
-Skip this section unless we are at freeze time for a major release
-(i.e. we are about to prepare a release candidate).
+Skip this section if you are preparing a point-release.
-That is: make sure the bundled binary Debian packages contain
-up-to-date localization files.
+The goal here is to make sure the bundled binary Debian packages contain
+up-to-date localization files, so:
+
+ - If you are preparing a release candidate, build at least the packages
+ that change user-visible strings, so that translators can use the RC
+ to check the status of their work and identify what's left to do.
+ - If you are preparing a major release, build at least the packages
+ that got translation updates since the RC: we've sent a call for
+ translation while releasing the RC so the least we can do is to
+ incorporate the work that ensued into our final release :)
For each bundled Debian package, `cd` into the package's root
directory (e.g. a checkout of the `whisperback` repository),
-and then run the `import-translations` script that is in the
-main Tails repository. For example:
+import translations from Transifex and sanity-check them:
cd whisperback
- "${RELEASE_CHECKOUT:?}"/import-translations
-
-If the `import-translations` script fails to import translations for
-the current package, manually copy updated PO files from the
-Transifex branches of `git://git.torproject.org/translation.git` (e.g.
-`whisperback_completed`) instead. In this case, skip PO files for
-[[translation teams that use Git|contribute/how/translate#translate]].
-
-Add and commit.
+ "${RELEASE_CHECKOUT:?}"/import-translations && \
+ "${RELEASE_CHECKOUT:?}"/submodules/jenkins-tools/slaves/check_po
-Then check the PO files:
+Then, `git rm` the PO files that have issues (alternatively, if you
+feel like it you can fix them but your changes will be overwritten
+next time we import translations from Transifex).
- "${RELEASE_CHECKOUT:?}"/submodules/jenkins-tools/slaves/check_po
+And finally, commit:
-Correct any displayed error, then commit the changes if any.
+ git add po && git commit \
+ -m "Update POT and PO files, pull updated translations from Transifex."
Then see the relevant release processes, and upload the packages to
the release branch's custom APT suite:
@@ -289,19 +272,22 @@ Update other base branches
1. Merge the release branch into `devel` following the instructions for
[[merging base branches|APT_repository/custom#workflow-merge-main-branch]].
-2. Merge `devel` into `feature/buster`, *without* following the instructions for
+2. [[Thaw|APT_repository/time-based snapshots#thaw]], on the devel
+ branch, the time-based APT repository snapshots that were used
+ during the freeze.
+
+3. Merge `devel` into `feature/buster`, *without* following the instructions for
[[merging base branches|APT_repository/custom#workflow-merge-main-branch]].
(For now `feature/buster` is handled as any other topic branch
forked off `devel`: its base branch is set to `devel`.)
+ If the merge conflicts don't look like something you feel confident
+ resolving properly, abort this merge and let the Foundations
+ Team know.
-3. Ensure that the release, `devel` and `feature/buster` branches
+4. Ensure that the release, `devel` and `feature/buster` branches
have the expected content in `config/APT_overlays.d/`: e.g. it must
not list any overlay APT suite that has been merged already.
-4. [[Thaw|APT_repository/time-based snapshots#thaw]], on the devel
- branch, the time-based APT repository snapshots that were used
- during the freeze.
-
5. Push the modified branches to Git:
git push origin \
@@ -319,6 +305,7 @@ Remove the placeholder entry for next release in `debian/changelog`,
and then:
git checkout "${RELEASE_BRANCH:?}" && \
+ DEBEMAIL='tails@boum.org' DEBFULLNAME='Tails developers' \
./release ${VERSION:?} ${PREVIOUS_TAG:?}
This populates the Changelog with the Git log entries.
@@ -371,7 +358,6 @@ matches the date of the future signature.
echo "${VERSION:?}" > wiki/src/inc/stable_amd64_version.html
echo -n "${RELEASE_DATE:?}" > wiki/src/inc/stable_amd64_date.html
- sed -ri "s%news/version_.*]]%news/version_${VERSION:?}]]%" wiki/src/inc/stable_amd64_release_notes.*
${EDITOR:?} wiki/src/inc/*.html
./build-website
git commit wiki/src/inc/ -m "Update version and date for ${VERSION:?}."
@@ -518,19 +504,18 @@ SquashFS file order
1. Start *Tor Browser*.
1. A few minutes later, once the `boot-profile` process has been
killed, retrieve the new sort file from `/var/log/boot-profile`.
+1. Backup the old sort file: `cp config/binary_rootfs/squashfs.sort{,.old}`
1. Copy the new sort file to `config/binary_rootfs/squashfs.sort`.
1. Cleanup a bit:
- remove `var/log/live/config.pipe`: otherwise the boot is broken
or super-slow
- remove the bits about `kill-boot-profile` at the end: they're
only useful when profiling the boot
-1. Inspect the Git diff (including diff stat), apply common sense.
- The following command is also helpful but requires that you save a
- copy of the old sort file into `/tmp/squashfs.sort.old`:
+1. Inspect the Git diff (including diff stat), apply common sense:
diff -NaurB \
- <( cut -d' ' -f1 /tmp/squashfs.sort.old | sort ) \
- <( cut -d' ' -f1 config/binary_rootfs/squashfs.sort | sort ) \
+ <( cut -d' ' -f1 config/binary_rootfs/squashfs.sort.old | sort ) \
+ <( cut -d' ' -f1 config/binary_rootfs/squashfs.sort | sort ) \
| less
1. `git commit -m 'Updating SquashFS sort file' config/binary_rootfs/squashfs.sort`
@@ -565,10 +550,16 @@ suite should be ready, so it is time to:
1. build the final image!
-1. compare the new build manifest with the one from the previous,
- almost final build; they should be identical, except that the
- `debian-security` serial might be higher. To ensure we publish
- the final build's `.build-manifest`, please run:
+1. Compare the new build manifest with the one from the previous,
+ almost final build:
+
+ diff -Naur \
+ "${PACKAGES_MANIFEST:?}" \
+ "${ARTIFACTS:?}/tails-amd64-${VERSION:?}.iso.build-manifest"
+
+ They should be identical, except that the `debian-security` serial might be higher.
+
+1. To ensure we publish the final build's `.build-manifest`, run:
export PACKAGES_MANIFEST="${ARTIFACTS:?}/tails-amd64-${VERSION:?}.iso.build-manifest"
@@ -713,7 +704,7 @@ Include each such version in a white-space separated list called
`IUK_SOURCE_VERSIONS`, (e.g. `IUK_SOURCE_VERSIONS="2.8 2.9 2.9.1 2.10~rc1"`)
and run the following:
- for source_version in ${IUK_SOURCE_VERSIONS}; do
+ for source_version in $(echo ${IUK_SOURCE_VERSIONS:?}); do
if [ "$(dpkg-query --showformat '${Version}\n' --show squashfs-tools)" != 1:4.3-3.0tails4 ]; then
echo 'ERROR! Your squashfs-tools probably does not honor SOURCE_DATE_EPOCH so any generated IUKs will *not* be reproducible!'
break
@@ -787,14 +778,15 @@ Prepare upgrade-description files
Note that multi-steps incremental upgrade paths are valid and
supported: e.g. when releasing 1.1.2, 1.1 users should still be
able to incrementally upgrade to 1.1.1, and in turn to 1.1.2; to
- make this work, one must _not_ pass `--previous-version 1.1`,
+ make this work, unless there's a IUK from 1.1 to 1.1.2,
+ one must _not_ pass `--previous-version 1.1`,
that would remove the existing incremental upgrade path from 1.1
to 1.1.1.
* If preparing anything but a final release (e.g. an alpha, beta
or RC), add `--channel alpha`
* If preparing anything but a final release (e.g. an alpha, beta
or RC), drop all `--next-version`
- arguments, and instead pass (**untested!**)
+ arguments, and instead pass
`--next-version $(echo ${VERSION:?} | sed -e 's,~rc.*$,,')`
* Adjust `--next-version "${VERSION:?}.1"` so it matches the next
potential emergency release. E.g. when releasing 3.7.1,
@@ -832,18 +824,35 @@ Prepare upgrade-description files
)
1. If preparing anything but a final release (e.g. an alpha, beta
- or RC), copy the generated or updated files to
- `${MASTER_CHECKOUT:?}`, replace `channel: alpha` with `channel:
- test`, sign them, commit and push.
+ or RC), copy the generated UDFs for the previous releases
+ to the *test* channel in `$MASTER_CHECKOUT`, modify their content
+ accordingly, sign them, commit and push:
-1. Else, if preparing a final release, copy the generated UDF for the previous
- release to the *test* channel in `$MASTER_CHECKOUT`, modify its content
- accordingly, sign it, commit and push:
+ ( \
+ cd ${MASTER_CHECKOUT:?} && \
+ git fetch && \
+ for old_version in $(echo ${IUK_SOURCE_VERSIONS:?}); do
+ alpha_udf="wiki/src/upgrade/v1/Tails/${old_version:?}/amd64/alpha/upgrades.yml" && \
+ test_udf="wiki/src/upgrade/v1/Tails/${old_version:?}/amd64/test/upgrades.yml" && \
+ mkdir -p "$(dirname "$test_udf")" && \
+ git show origin/${WEBSITE_RELEASE_BRANCH:?}:${alpha_udf:?} \
+ | sed -e 's/channel: alpha/channel: test/' > ${test_udf:?} && \
+ gpg -u "${TAILS_SIGNATURE_KEY:?}" --armor --detach-sign ${test_udf:?} && \
+ mv ${test_udf:?}.asc ${test_udf:?}.pgp && \
+ git add ${test_udf:?}* ; \
+ done && \
+ git commit -m "Add incremental upgrades on the test channel for Tails ${VERSION:?}" && \
+ git push origin master:master \
+ )
+
+1. Else, if preparing a final release, copy the generated UDFs for the previous
+ releases to the *test* channel in `$MASTER_CHECKOUT`, modify their content
+ accordingly, sign them, commit and push:
( \
cd ${MASTER_CHECKOUT:?} && \
git fetch && \
- for old_version in ${IUK_SOURCE_VERSIONS:?}; do
+ for old_version in $(echo ${IUK_SOURCE_VERSIONS:?}); do
stable_udf="wiki/src/upgrade/v1/Tails/${old_version:?}/amd64/stable/upgrades.yml" && \
test_udf="wiki/src/upgrade/v1/Tails/${old_version:?}/amd64/test/upgrades.yml" && \
mkdir -p "$(dirname "$test_udf")" && \
@@ -918,12 +927,14 @@ Publish the ISO and IUKs over HTTP
Upload the IUKs to our rsync server:
- for source_version in ${IUK_SOURCE_VERSIONS}; do
+ for source_version in $(echo ${IUK_SOURCE_VERSIONS:?}); do
rsync --partial --inplace --progress -v \
"${ISOS:?}/Tails_amd64_${source_version:?}_to_${VERSION:?}.iuk" \
rsync.lizard:
done
+While waiting for the IUKs to be uploaded, you can proceed with the next steps.
+
Upload the ISO signature to our rsync server:
scp "${ISO_PATH:?}.sig" rsync.lizard:
@@ -934,7 +945,10 @@ an integer):
MATCHING_JENKINS_BUILD_ID=XXX
-Copy the ISO to our rsync server and verify the signature:
+Copy the ISO to our rsync server, verify its signature,
+move them in place with proper ownership and permissions
+and update the time in `project/trace` file on our rsync server
+and on the live website (even for a release candidate):
cat "${RELEASE_CHECKOUT:?}/wiki/src/tails-signing.key" \
| ssh rsync.lizard gpg --import
@@ -944,26 +958,38 @@ Copy the ISO to our rsync server and verify the signature:
gpg --verify tails-amd64-${VERSION:?}.iso{.sig,}
EOF
-Move files in place with proper ownership and permissions:
-
ssh rsync.lizard << EOF
sudo install -o root -g rsync_tails -m 0755 -d \
/srv/rsync/tails/tails/${DIST:?}/tails-amd64-${VERSION:?} && \
- sudo chown root:rsync_tails \
- tails-amd64-${VERSION:?}.iso* \
- Tails_amd64_*_to_${VERSION:?}.iuk && \
- sudo chmod u=rwX,go=rX \
- tails-amd64-${VERSION:?}.iso* \
- Tails_amd64_*_to_${VERSION:?}.iuk && \
+ sudo chown root:rsync_tails tails-amd64-${VERSION:?}.iso* && \
+ sudo chmod u=rwX,go=rX tails-amd64-${VERSION:?}.iso* && \
sudo mv tails-amd64-${VERSION:?}.iso* \
- /srv/rsync/tails/tails/${DIST:?}/tails-amd64-${VERSION:?} && \
+ /srv/rsync/tails/tails/${DIST:?}/tails-amd64-${VERSION:?}
+ EOF
+
+ TRACE_TIME=$(date +%s) &&
+ echo ${TRACE_TIME:?} | ssh rsync.lizard "cat > /srv/rsync/tails/tails/project/trace" && \
+ [ -n "${MASTER_CHECKOUT:?}" ] && \
+ echo ${TRACE_TIME:?} > "${MASTER_CHECKOUT:?}/wiki/src/inc/trace" &&
+ (
+ cd "${MASTER_CHECKOUT:?}" && \
+ git commit wiki/src/inc/trace \
+ -m "Updating trace file after uploading the ISO for ${VERSION:?}." && \
+ git push origin master
+ )
+
+Once the IUKs are uploaded, move them IUKs in place with proper
+ownership and permissions and update the time in `project/trace` file
+on our rsync server and on the live website (even for a release
+candidate):
+
+ ssh rsync.lizard << EOF
+ sudo chown root:rsync_tails Tails_amd64_*_to_${VERSION:?}.iuk && \
+ sudo chmod u=rwX,go=rX Tails_amd64_*_to_${VERSION:?}.iuk && \
sudo mv Tails_amd64_*_to_${VERSION:?}.iuk \
/srv/rsync/tails/tails/${DIST:?}/iuk/
EOF
-Update the time in `project/trace` file on our rsync server
-and on the live wiki (even for a release candidate):
-
TRACE_TIME=$(date +%s) &&
echo ${TRACE_TIME:?} | ssh rsync.lizard "cat > /srv/rsync/tails/tails/project/trace" && \
[ -n "${MASTER_CHECKOUT:?}" ] && \
@@ -971,12 +997,30 @@ and on the live wiki (even for a release candidate):
(
cd "${MASTER_CHECKOUT:?}" && \
git commit wiki/src/inc/trace \
- -m "Updating trace file after uploading ${VERSION:?}." && \
+ -m "Updating trace file after uploading the IUKs for ${VERSION:?}." && \
git push origin master
)
+## Announce, seed and test the Torrent
+
+Check if there's enough space on our Bittorrent seed to import the new
+ISO:
+
+ ssh bittorrent.lizard df -h /var/lib/transmission-daemon/downloads
+
+If not, list already running Torrents:
+
+ ssh bittorrent.lizard transmission-remote --list
+
+… set `$ID` to the oldest one and delete it:
+
+ ssh bittorrent.lizard -t "${ID:?}" --remove-and-delete
+
+… and finally check disk space again:
-## Announce, seed and test the Torrents
+ ssh bittorrent.lizard df -h /var/lib/transmission-daemon/downloads
+
+Now you can announce and seed the Torrent for the release you're preparing:
cat "${RELEASE_CHECKOUT:?}/wiki/src/tails-signing.key" \
| ssh bittorrent.lizard gpg --import
@@ -1010,6 +1054,7 @@ ISO history
Push the released ISO to our Tails ISO history git-annex repo, so that
our isotesters can fetch it from there for their testing. How to do so
is described in our internal Git repo.
+XXX: move this document to a repo that all RMs have access to.
Testing
=======
@@ -1042,7 +1087,7 @@ Testing
due time.
1. Triage test results, reproduce bugs as needed, decide what the next
step is and make sure it happens: add to known issues? file ticket?
- release blocker?
+ release blocker? improve the test description (steps, expected outcome)?
Update the website and Git repository
=====================================
@@ -1109,14 +1154,14 @@ If preparing a release candidate
Skip this part if preparing a final release.
-Copy the `.iso.sig` file into the website repository:
+Copy the signature and the Torrent into the website repository:
cp "${ISO_PATH:?}.sig" \
"${ISOS:?}/tails-amd64-${VERSION:?}.torrent" \
- "${MASTER_CHECKOUT:?}/wiki/src/torrents/files/"
+ "${RELEASE_CHECKOUT:?}/wiki/src/torrents/files/"
Write the announcement for the release in
-`${MASTER_CHECKOUT:?}/wiki/src/news/test_${TAG:?}.mdwn`, including:
+`${RELEASE_CHECKOUT:?}/wiki/src/news/test_${TAG:?}.mdwn`, including:
- Update the `meta title` directive.
- Update the `meta date` directive.
@@ -1134,10 +1179,6 @@ Write the announcement for the release in
In any case
-----------
-If preparing a final release, what follows happens on the
-`$WEBSITE_RELEASE_BRANCH` in `$RELEASE_CHECKOUT`. Else, it happens in
-`$MASTER_CHECKOUT`.
-
Generate PO files for the announcements and record the last commit
before putting the release out for real:
@@ -1171,6 +1212,9 @@ Sanity checks
* Check the outcome of the "Testing" section above.
* Wait for the Mozilla security advisory
[to be published](https://www.mozilla.org/en-US/security/advisories/).
+* While waiting, if preparing a major release, you can drop the post for Tor blog:
+ see the "Tor blog" section below. If you do that, uncheck the *Publish*
+ checkbox and click *Save* to save the draft.
* Verify once more that the Tor Browser we ship is still the most recent (see
above).
@@ -1179,8 +1223,8 @@ Push
### Git
-If preparing an actual release, push the last commits to our Git
-repository and put `master` in the following state:
+Push the last commits to our Git repository and put `master` in the
+following state:
( cd "${RELEASE_CHECKOUT:?}" && \
git push origin \
@@ -1189,12 +1233,8 @@ repository and put `master` in the following state:
) && \
( cd "${MASTER_CHECKOUT:?}" && \
git fetch && \
- git merge "origin/${WEBSITE_RELEASE_BRANCH:?}" \
- )
-
-In any case, ensure that `master` has `stable` as its base branch:
-
- ( cd "${MASTER_CHECKOUT:?}" && \
+ git merge origin/master && \
+ git merge "origin/${WEBSITE_RELEASE_BRANCH:?}" && \
echo "stable" > config/base_branch && \
git commit config/base_branch \
-m "Restore master's base branch." \
@@ -1317,19 +1357,11 @@ We announce *major* releases on the Tor blog:
- choose *Filtered HTML* as the *Text format* in the blog post editor
- copy the text you have prepared into the *Post Body* textarea of the
blog post editor
-- open *Content Settings* and verify that comments are *Closed*
+- open *Comment Settings* and verify that comments are *Closed*
- open *Promotion Options* and check *Promoted to front page*
- click *Preview* and ensure everything is OK
- click *Save and publish*
-Tor weekly news
----------------
-
-Write a short announcement for the [Tor weekly
-news](https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews)'s
-next issue (follow the *Next steps* link), or find someone who's happy
-to do it.
-
Amnesia news
------------
@@ -1355,14 +1387,14 @@ this, and skip what does not make sense for a RC.
`ssh bittorrent.lizard transmission-remote -t "${PREVIOUS_VERSION_TRANSMISSION_ID:?}" --remove-and-delete`
1. Remove any remaining RC for the just-published release from
the mirrors.
-1. Remove IUKs that are more than 6 months old from
+1. Remove IUKs that are more than 9 months old from
`/{stable,alpha}/iuk` on the rsync server:
- first check that it's not going to remove anything we want to keep:
ssh rsync.lizard /bin/sh -c \
\"find /srv/rsync/tails/tails/alpha \
/srv/rsync/tails/tails/stable \
- -type f -name '*.iuk' -mtime '+183' \
+ -type f -name '*.iuk' -mtime '+270' \
-not -name '*~test_*~test.iuk' -ls \
\"
@@ -1371,7 +1403,7 @@ this, and skip what does not make sense for a RC.
ssh rsync.lizard /bin/sh -c \
\"find /srv/rsync/tails/tails/alpha \
/srv/rsync/tails/tails/stable \
- -type f -name '*.iuk' -mtime '+183' \
+ -type f -name '*.iuk' -mtime '+270' \
-not -name '*~test_*~test.iuk' -delete \
\"
@@ -1418,6 +1450,7 @@ this, and skip what does not make sense for a RC.
appropriately (they should expire after the major release _after_
the one you're preparing). Look carefully at the output of this command:
+ cd "${RELEASE_CHECKOUT:?}" && \
git checkout "${RELEASE_BRANCH:?}" && \
for dir in config/APT_snapshots.d vagrant/definitions/tails-builder/config/APT_snapshots.d; do
(
diff --git a/wiki/src/contribute/release_process/Debian_security_updates.mdwn b/wiki/src/contribute/release_process/Debian_security_updates.mdwn
index 5814ca2..db3aadb 100644
--- a/wiki/src/contribute/release_process/Debian_security_updates.mdwn
+++ b/wiki/src/contribute/release_process/Debian_security_updates.mdwn
@@ -8,22 +8,18 @@ by delaying a Tails release a bit to wait for a DSA to happen.
Debian security team
====================
-RequestTracker
---------------
-
-The Debian security team uses the [Debian RT](https://rt.debian.org/)
-to track some of their work. Looking at their RT queues might help us
-see if something is being prepared. We, as a Debian derivative, have a
-read-only access to these queues.
-
Security tracker
----------------
-The Debian [security tracker][web]'s [SVN repository][svn] is the main
-place where we can look at the Debian security team upcoming uploads
-and announces. There is also a [mailing list][] that broadcasts
-changes to this repository.
+The Debian [security tracker][web]'s [GIT repository][git] is the main
+place where Debian tracks the status of security issues.
+
+We can look at the [list of upcoming Debian Security Advisories (DSA)][DSA needed].
+
+There is also a [mailing list][] that broadcasts changes to
+this repository.
[web]: http://security-tracker.debian.org/tracker/
-[svn]: http://svn.debian.org/wsvn/secure-testing
-[mailing list]: http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
+[git]: https://salsa.debian.org/security-tracker-team/security-tracker
+[mailing list]: https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
+[DSA needed]: https://salsa.debian.org/security-tracker-team/security-tracker/blob/master/data/dsa-needed.txt
diff --git a/wiki/src/contribute/release_process/perl5lib.mdwn b/wiki/src/contribute/release_process/perl5lib.mdwn
index 5fe9c35..7e1edd4 100644
--- a/wiki/src/contribute/release_process/perl5lib.mdwn
+++ b/wiki/src/contribute/release_process/perl5lib.mdwn
@@ -5,21 +5,14 @@
Install build and test dependencies
===================================
-In a Stretch system, as a user that has sudo credentials:
-
- git checkout debian && \
- sudo apt install devscripts && \
- mk-build-deps -i -r --root-cmd sudo && \
+ git checkout master && \
sudo apt install \
- libdist-zilla-perl \
- libdist-zilla-plugins-cjm-perl \
- libdist-zilla-plugin-changelogfromgit-perl \
- libdist-zilla-plugin-installguide-perl \
- libdist-zilla-plugin-localemsgfmt-perl \
- libdist-zilla-plugin-test-perl-critic-perl \
- libdist-zilla-plugin-test-notabs-perl \
- libdist-zilla-plugin-git-perl \
- dh-make-perl
+ devscripts \
+ dh-make-perl \
+ libdist-zilla-app-command-authordebs-perl && \
+ dzil authordebs --install && \
+ git checkout debian && \
+ mk-build-deps -i -r --root-cmd sudo
Update POT and PO files
=======================
@@ -65,8 +58,7 @@ upstream tarball, update `debian/changelog`:
git checkout debian && \
gbp import-orig --upstream-vcs-tag=Tails-perl5lib_$VERSION \
../Tails-perl5lib-$VERSION.tar.gz && \
- gbp dch --auto && \
- dch -e
+ gbp dch --auto --spawn-editor=always
(Do not forget to set the appropriate release.)
@@ -81,7 +73,8 @@ Commit `debian/changelog`:
Git-Dch: Ignore
"
-Build a Debian package (use a Stretch/amd64 chroot):
+Build a Debian package (use a Stretch/amd64 chroot with `stretch-backports`
+enabled):
gbp buildpackage
diff --git a/wiki/src/contribute/release_process/persistence-setup.mdwn b/wiki/src/contribute/release_process/persistence-setup.mdwn
index 5603265..48c7c88 100644
--- a/wiki/src/contribute/release_process/persistence-setup.mdwn
+++ b/wiki/src/contribute/release_process/persistence-setup.mdwn
@@ -7,23 +7,19 @@ Pre-requisites
* a Debian Stretch (or newer) system
* Tails' `devel` APT suite enabled
-* the right version of the `tails-perl5lib` package installed
+* the latest version of the `tails-perl5lib` package installed
Install build and test dependencies
===================================
- git checkout debian && \
- sudo apt install devscripts && \
- mk-build-deps -i -r --root-cmd sudo && \
+ git checkout master && \
sudo apt install \
- libdist-zilla-perl \
- libdist-zilla-plugins-cjm-perl \
- libdist-zilla-plugin-installguide-perl \
- libdist-zilla-plugin-localemsgfmt-perl \
- libdist-zilla-plugin-test-perl-critic-perl \
- libdist-zilla-plugin-test-notabs-perl \
- libdist-zilla-plugin-git-perl \
- dh-make-perl
+ devscripts \
+ dh-make-perl \
+ libdist-zilla-app-command-authordebs-perl && \
+ dzil authordebs --install && \
+ git checkout debian && \
+ mk-build-deps -i -r --root-cmd sudo
Make an upstream release
========================
@@ -36,13 +32,11 @@ Export new upstream version number:
export VERSION=XXX
-Update version number in `bin/tails-persistence-setup`:
-
- perl -pi -E 's,^Version [0-9.]+,Version $ENV{VERSION},' bin/tails-persistence-setup
- perl -pi -E "s,^our \\\$VERSION = '[0-9.]+';\$,our \\\$VERSION = '$VERSION';," bin/tails-persistence-setup
-
-Commit all files that need to be:
+Update version number in `bin/tails-persistence-setup` and
+commit all files that need to be:
+ perl -pi -E 's,^Version [0-9.]+,Version $ENV{VERSION},' bin/tails-persistence-setup && \
+ perl -pi -E "s,^our \\\$VERSION = '[0-9.]+';\$,our \\\$VERSION = '$VERSION';," bin/tails-persistence-setup && \
git commit bin/tails-persistence-setup -m "tails-persistent-setup $VERSION"
Optionally, run the upstream test suite (it is run as part of the
@@ -74,7 +68,7 @@ Checkout the Debian packaging branch and import the new upstream tarball:
Update `debian/changelog`:
- gbp dch && dch -e
+ gbp dch --auto --spawn-editor=always
(Do not forget to set the appropriate release.)
@@ -86,9 +80,9 @@ Commit `debian/changelog`:
Git-Dch: Ignore
"
-Build a Debian package (use a Stretch/amd64 chroot, that
-has either tails-perl5lib installed, or the Tails APT repository
-configured):
+Build a Debian package (use a Stretch/amd64 chroot, that has
+`stretch-backports` enabled and on top of that: either tails-perl5lib
+installed or the Tails APT repository configured):
gbp buildpackage
diff --git a/wiki/src/contribute/release_process/tails-greeter.mdwn b/wiki/src/contribute/release_process/tails-greeter.mdwn
index 100caf6..e178b66 100644
--- a/wiki/src/contribute/release_process/tails-greeter.mdwn
+++ b/wiki/src/contribute/release_process/tails-greeter.mdwn
@@ -14,33 +14,17 @@ Update POT and PO files
) && \
git commit po -m 'Update POT and PO files.'
-
Prepare a release
=================
-Run `./scripts/release.sh` and follow the instructions.
+ git checkout master && ./scripts/release.sh
+… then follow the instructions, making sure you set the appropriate
+release on the first line of the new changelog entry.
Update the Debian package
=========================
-Checkout the correct branch:
-
- git checkout master
-
-Update `debian/changelog`:
-
- gbp dch
-
-(Do not forget to set the appropriate release.)
-
-Commit the changelog:
-
- git commit debian/changelog \
- -m "$(dpkg-parsechangelog -SSource) ($(dpkg-parsechangelog -SVersion))
- Git-Dch: Ignore
- "
-
Build a new Debian package (use a Stretch/amd64 chroot):
gbp buildpackage
diff --git a/wiki/src/contribute/release_process/tails-iuk.mdwn b/wiki/src/contribute/release_process/tails-iuk.mdwn
index 9b8313c..2077ae6 100644
--- a/wiki/src/contribute/release_process/tails-iuk.mdwn
+++ b/wiki/src/contribute/release_process/tails-iuk.mdwn
@@ -13,19 +13,14 @@ Pre-requisites
Install build and test dependencies
===================================
- git checkout debian && \
- sudo apt install devscripts && \
- mk-build-deps -i -r --root-cmd sudo && \
+ git checkout master && \
sudo apt install \
- libdist-zilla-perl \
- libdist-zilla-plugin-changelogfromgit-perl \
- libdist-zilla-plugins-cjm-perl \
- libdist-zilla-plugin-installguide-perl \
- libdist-zilla-plugin-localemsgfmt-perl \
- libdist-zilla-plugin-test-perl-critic-perl \
- libdist-zilla-plugin-test-notabs-perl \
- libdist-zilla-plugin-git-perl \
- dh-make-perl
+ devscripts \
+ dh-make-perl \
+ libdist-zilla-app-command-authordebs-perl && \
+ dzil authordebs --install && \
+ git checkout debian && \
+ mk-build-deps -i -r --root-cmd sudo
Update POT and PO files
=======================
@@ -49,16 +44,11 @@ Export new upstream version number:
Export location of a checkout of the branch of the main Tails Git
repository used to prepare the release (typically `stable` or `testing`):
- export TAILS_GIT_CHECKOUT=XXX
+ export TAILS_GIT_CHECKOUT="$RELEASE_CHECKOUT"
Export source date epoch:
- export SOURCE_DATE_EPOCH=$(date \
- --utc \
- --date="$(dpkg-parsechangelog \
- --file "$TAILS_GIT_CHECKOUT/debian/changelog" \
- --show-field=Date)" \
- +%s)
+ export SOURCE_DATE_EPOCH=$(date --utc +%s)
Update version number in `bin/tails-create-iuk`, commit all files that
need to be.
@@ -77,8 +67,8 @@ Run the upstream test suite:
umask 077
# Run the test suite
- NODE_PATH="/path/to/tails.git/submodules/mirror-pool-dispatcher/lib/js" \
- PATH="/path/to/tails.git/submodules/mirror-pool-dispatcher/bin:$PATH" \
+ NODE_PATH="${TAILS_GIT_CHECKOUT}/submodules/mirror-pool-dispatcher/lib/js" \
+ PATH="${TAILS_GIT_CHECKOUT}/submodules/mirror-pool-dispatcher/bin:$PATH" \
RELEASE_TESTING=1 \
LC_ALL=C \
dzil test
@@ -99,8 +89,7 @@ upstream tarball, update `debian/changelog`:
git checkout debian && \
gbp import-orig --upstream-vcs-tag=$VERSION \
../Tails-IUK-$VERSION.tar.gz && \
- gbp dch --auto && \
- dch -e
+ gbp dch --auto --spawn-editor=always
(Do not forget to set the appropriate release.)
@@ -115,9 +104,9 @@ Commit `debian/changelog`:
Git-Dch: Ignore
"
-Build a Debian package (use a Stretch chroot with the right version of
-`tails-perl5lib` installed), add a signed tag to the repository and
-push the changes:
+Build a Debian package (use a Stretch/amd64 chroot, that has
+`stretch-backports` enabled and on top of that: either tails-perl5lib
+installed or the Tails APT repository configured):
gbp buildpackage && \
gbp buildpackage --git-tag-only --git-sign-tags && \
diff --git a/wiki/src/contribute/release_process/test.mdwn b/wiki/src/contribute/release_process/test.mdwn
index af4e77d..5ee4589 100644
--- a/wiki/src/contribute/release_process/test.mdwn
+++ b/wiki/src/contribute/release_process/test.mdwn
@@ -107,11 +107,17 @@ tracked by tickets prefixed with `todo/test_suite:`.
## Security and fingerprinting
* Run the [tests the Tor Browser folks
- use](https://trac.torproject.org/projects/tor/wiki/doc/build/BuildSignoff#TestPagestoUse).
+ use](https://trac.torproject.org/projects/tor/wiki/doc/build/BuildSignoff#TestPagestoUse)
+ and compare to the last released version of Tails. Results should
+ not be worse.
(automate: [[!tails_ticket 10260]])
+ - For the "evercookie" test to work, you may have to disable
+ _uBlock_ on its web page.
* Compare the fingerprint Tor Browser in Tails with the fingerprint of
- the same version of Tor Browser (running outside of Tails), using at least
- <https://panopticlick.eff.org/> (automate: [[!tails_ticket 10262]])
+ the same version of Tor Browser (running on Linux outside of Tails), using at least
+ <https://panopticlick.eff.org/> (automate: [[!tails_ticket 10262]]).
+ Click "Show full results for fingerprinting" to see the details
+ we're interested in.
- The exposed User-Agent should match the latest Tor Browser's one.
- Ignore the result of the "blocking tracking ads" and "blocking
invisible trackers" tests, which seem unreliable (we've seen
@@ -129,14 +135,16 @@ tracked by tickets prefixed with `todo/test_suite:`.
* Running `/usr/local/lib/getTorBrowserUserAgent` should produce the User-Agent set by the
installed version of Torbutton, and used in the Tor Browser. (automate: [[!tails_ticket 10268]])
+<a id="Thunderbird"></a>
+
# Thunderbird
* Check mail over IMAP using:
- - a hidden service IMAP server (e.g. Riseup, zsolxunfmbfuq7wf.onion with SSL).
+ - a hidden service IMAP server (e.g. Riseup, zsolxunfmbfuq7wf.onion on port 993 with SSL).
* Check mail over POP using:
- - a hidden service POP server (e.g. Riseup, zsolxunfmbfuq7wf.onion with SSL).
+ - a hidden service POP server (see above, on port 995 with SSL).
* Send an email using:
- - a hidden service SMTP server (see above).
+ - a hidden service SMTP server (see above, on port 465 with SSL).
* Check that the profile works and is torified:
1. Send an email using Thunderbird and a non-anonymizing SMTP relay (a
@@ -225,16 +233,7 @@ tracked by tickets prefixed with `todo/test_suite:`.
then:
- # Set TAILS_CHANNEL accordingly:
-
- # For actual releases:
- TAILS_CHANNEL=test
-
- # For other (~rc, ~alpha...) releases:
- TAILS_CHANNEL=alpha
-
- # Run:
- echo "TAILS_CHANNEL=\"${TAILS_CHANNEL}\"" | sudo tee --append /etc/os-release && \
+ echo "TAILS_CHANNEL=\"test\" | sudo tee --append /etc/os-release && \
tails-upgrade-frontend-wrapper
Else, use a local test setup:
@@ -317,7 +316,7 @@ tracked by tickets prefixed with `todo/test_suite:`.
# Documentation
* The "Tails documentation" desktop launcher should open the
- [[getting started]] page (automate: [[!tails_ticket 8788]]):
+ [[doc]] page (automate: [[!tails_ticket 8788]]):
- in one language to which the website is translated
- in one language to which the website is not translated (=> English)
* Browse around in the documentation shipped in the image. Internal
@@ -351,28 +350,6 @@ You *really* have to reboot between each language.
Russian, Tiếng Việt).
* In the Tor Browser:
- DuckDuckGo must be the default, pre-selected search plugin. (automate: [[!tails_ticket 10265]])
- - the search plugins must be localized for the expected locales
- (automate: [[!tails_ticket 10267]]).
-
- StartPage should have localized *user interface* for (run this in
- a Tails Git checkout of the commit the release under testing was built
- from):
-
- grep --extended-regexp "[^:]*:[^:]*:[^:]*:[^:]*:[^:]+" \
- config/chroot_local-includes/usr/share/tails/browser-localization/descriptions | \
- sed -n --regexp-extended 's/^([^:]+):.*$/\1/p'
-
- StartPage should have localized *search results* for:
-
- grep --extended-regexp "[^:]*:[^:]*:[^:]*:[^:]+:[^:]*" \
- config/chroot_local-includes/usr/share/tails/browser-localization/descriptions | \
- sed -n --regexp-extended 's/^([^:]+):.*$/\1/p'
-
- DDG should have localized user interface *and* search results, and
- Wikipedia should have a localized plugin, for:
-
- sed -n --regexp-extended 's/^([^:]+):.*$/\1/p' \
- config/chroot_local-includes/usr/share/tails/browser-localization/descriptions
## Spellchecking
diff --git a/wiki/src/contribute/release_process/test/setup.mdwn b/wiki/src/contribute/release_process/test/setup.mdwn
index b51ee46..71c5aa8 100644
--- a/wiki/src/contribute/release_process/test/setup.mdwn
+++ b/wiki/src/contribute/release_process/test/setup.mdwn
@@ -60,6 +60,7 @@ The following packages are necessary on Debian Stretch:
virt-viewer \
x11vnc \
tigervnc-viewer \
+ x264 \
xvfb \
&& \
sudo service libvirtd restart
diff --git a/wiki/src/contribute/release_process/test/usage.mdwn b/wiki/src/contribute/release_process/test/usage.mdwn
index 6d06ecb..7d792e5 100644
--- a/wiki/src/contribute/release_process/test/usage.mdwn
+++ b/wiki/src/contribute/release_process/test/usage.mdwn
@@ -30,15 +30,15 @@ one of these types of features and not the other.
A typical example run of a few `@product` features could be:
- ./run_test_suite --view --capture test-0.17.webm \
+ ./run_test_suite --view --capture \
--iso path/to/tails.iso \
features/apt.feature features/erase_memory.feature
which will test only the `apt` and `erase_memory` features (if
no feature paths are given, all features in `features/cucumber` will
-be tested) of the given ISO image `tails.iso` while showing the test
+be tested) of the given ISO image `tails.iso` while showing each test
session in a VNC viewer (`--view`) and also capturing it into a video
-called `test-0.17.web` (`--capture`). Similarly, to test a `@source`
+(`--capture`). Similarly, to test a `@source`
feature, we'd simply run something like:
./run_test_suite features/build.feature
diff --git a/wiki/src/contribute/release_process/thunderbird.mdwn b/wiki/src/contribute/release_process/thunderbird.mdwn
index a8f4d86..4b530c8 100644
--- a/wiki/src/contribute/release_process/thunderbird.mdwn
+++ b/wiki/src/contribute/release_process/thunderbird.mdwn
@@ -76,7 +76,7 @@ released:
--force-bad-version \
--distribution "${DISTRIBUTION:?}" \
--force-distribution \
- "Rebuild Thunderbird with Tails' secure autoconfiguration patches." && \
+ "Rebuild with Tails' secure autoconfiguration patches." && \
git commit debian/changelog \
-m "document changes and release ${TAILS_VERSION:?}"
@@ -91,7 +91,10 @@ released:
gbp buildpackage --git-debian-branch=tails/stretch \
--git-sign-tags --git-tag-only
-1. Include all sources in the `.changes` file:
+1. If you've built a package based on an _upstream_ release (as in:
+ what's before the first `-` in the package version number)
+ whose `.orig.tar.xz` tarball was never uploaded to our custom
+ APT repository, include all sources in the `.changes` file:
cd path/to/build/artifacts/directory && \
cp path/to/build-area/*${UPSTREAM_VERSION:?}*.orig*.tar.xz . && \
@@ -103,18 +106,17 @@ released:
named tag:
GBP_TAG="debian/$(echo ${TAILS_VERSION:?} | tr '~:' '_%')"
- GBP_TAG_COMMIT="$(git rev-list -n 1 "${GBP_TAG}")"
NEW_GBP_TAG="$(echo ${GBP_TAG:?} | sed 's@/1%@/@')" && \
git tag -s "${NEW_GBP_TAG:?}" \
-m "thunderbird Debian release 1:${TAILS_VERSION:?}" \
- "${GBP_TAG_COMMIT:?}"
+ "${GBP_TAG:?}"
1. Git push and upload packages:
git push --follow-tags origin \
${NEW_GBP_TAG:?} \
tails/stretch \
- upstream-52.x \
+ upstream-60.x \
pristine-tar && \
(cd /path/to/build/artifacts && \
debsign "${CHANGES_FILE:?}" && \
diff --git a/wiki/src/contribute/release_process/tor-browser.mdwn b/wiki/src/contribute/release_process/tor-browser.mdwn
index 06798d3..f9f88e9 100644
--- a/wiki/src/contribute/release_process/tor-browser.mdwn
+++ b/wiki/src/contribute/release_process/tor-browser.mdwn
@@ -98,21 +98,27 @@ the corresponding tarballs ourselves, so read on the next section.
</p>
</div>
-Sync with the start-tor-browser script
+Sync with the upstream wrapper scripts
======================================
Adapt our `config/chroot_local-includes/usr/local/bin/tor-browser`
and/or
`config/chroot_local-includes/usr/local/lib/tails-shell-library/tor-browser.sh`
-for recent changes in `RelativeLink/start-tor-browser` in the
-[Tor Browser build Git repo](https://git.torproject.org/builders/tor-browser-build.git). Look
-in the Git history:
+for recent changes made in the
+[Tor Browser build Git repo](https://git.torproject.org/builders/tor-browser-build.git):
- git log -p projects/tor-browser/RelativeLink/start-tor-browser
+ git log -p \
+ projects/firefox/abicheck.cc \
+ projects/firefox/start-firefox \
+ projects/tor-browser/RelativeLink/start-tor-browser
-and take note of changes to environment variables (or newly added
-ones) and the commandline options passed to the `firefox` executable,
-etc.
+Then apply any relevant change, e.g. to:
+
+ - environment variables;
+ - commandline options passed to the `firefox` executable;
+ - required libstdc++6 version bumps; if there's been any change upstream,
+ look for `abicheck` in `config/chroot_local-hooks/10-tbb` and adjust
+ that hook as needed.
Self-hosted Tor Browser tarballs archive
========================================
diff --git a/wiki/src/contribute/reports/SponsorW/2018_07.mdwn b/wiki/src/contribute/reports/SponsorW/2018_07.mdwn
new file mode 100644
index 0000000..2f5e83e
--- /dev/null
+++ b/wiki/src/contribute/reports/SponsorW/2018_07.mdwn
@@ -0,0 +1,60 @@
+[[!meta title="Tails July 2018 report"]]
+
+[[!toc levels=2]]
+
+This report covers the activity of Tails in July 2018.
+
+Everything in this report is public.
+
+# A. VeraCrypt support in GNOME
+
+## A.6 Add VeraCrypt support to GNOME Files
+
+We continued working with GNOME upstream on our many merge requests related to unlocking VeraCrypt volumes in *GNOME Files*:
+
+* <https://gitlab.gnome.org/GNOME/gvfs/merge_requests/4> (merged)
+* <https://gitlab.gnome.org/GNOME/glib/merge_requests/120> (merged)
+* <https://gitlab.gnome.org/GNOME/gtk/merge_requests/220>
+* <https://gitlab.gnome.org/GNOME/gtk/merge_requests/245>
+* <https://gitlab.gnome.org/GNOME/gtk/merge_requests/261> (merged)
+* <https://gitlab.gnome.org/GNOME/gtk/merge_requests/263>
+* <https://gitlab.gnome.org/GNOME/gtk/merge_requests/267> (merged)
+
+## A.8 User testing & community feedback
+
+We released a beta version and called for testing on Twitter, on our
+blog and on our testers mailing list. Then we started collecting
+feedback. Based on this feedback, UX designers and developers will
+prioritize and fix as many issues as possible within the
+allocated budget.
+
+## A.9 Fix bugs and UX issues
+
+We made many improvements and fixed issues that were discovered during the user testing or were reported by testers of the beta, most notably:
+
+* Extend *VeraCrypt Mounter* and made it the default handler of VeraCrypt file containers ([[!tails_ticket 15664#note-16]])
+
+* Improve the *VeraCrypt Mounter* UI and icon ([[!tails_ticket 15043]] [[!tails_ticket 15680]])
+
+* Show a spinner in the places sidebar of GNOME Files during unlock operations ([[!tails_ticket 15664]])
+
+* Extend the GTK ask-password dialog to support VeraCrypt options ([[!tails_ticket 15667]])
+
+# B. Additional software
+
+## B.6 Write user documentation
+
+We've worked on the user documentation for the Additional Software
+feature and completed most of it ([[!tails_ticket 14589]]). There are some
+remaining subtasks needing work, we are confident that we'll be able to
+publish the documentation along with the Tails 3.9 release.
+
+## B.8 Fix bugs and UX issues
+
+We made progress on improving on many and fixing some of the bugs
+identified by our user testing ([[!tails_ticket 15567]]).
+
+# C. Deliver new features
+
+Our entire team kept coordinating their work in order to ensure we
+merge these new features in Tails 3.9~rc1 and deliver them in Tails 3.9.
diff --git a/wiki/src/contribute/roadmap.mdwn b/wiki/src/contribute/roadmap.mdwn
index 5defd54..f44c60c 100644
--- a/wiki/src/contribute/roadmap.mdwn
+++ b/wiki/src/contribute/roadmap.mdwn
@@ -40,14 +40,14 @@ Priorities for the next years
- **Create outreach material** ([[!tails_ticket 14523]])
- **Outreach to under-represented communities** ([[!tails_ticket 14560]])
-- **Recruit new core workers**: sysadmin, technical writer, and accountant
+- **Recruit new core workers**: <strike>sysadmin</strike>, <strike>technical writer</strike>, and accountant
- **Lower technical requirements** for new contributors ([[!tails_ticket 14516]])
### Applications and features
- <strike>**Screen locker**: allow users to lock their session with a password ([[!tails_ticket 5684]], [[Blueprint|blueprint/screen_locker]])</strike> [DONE]
- **Tails Server**: run onion services from Tails (VoIP chat rooms, collaboration tools, web servers, messaging servers, etc.) ([[!tails_ticket 5688]], [[Blueprint|blueprint/tails_server]])
-- **VeraCrypt support in GNOME**: graphical utilities to mount VeraCrypt volumes ([[!tails_ticket 11684]], [[!tails_ticket 6337]], [[Blueprint|blueprint/veracrypt]])
+- <strike>**VeraCrypt support in GNOME**: graphical utilities to mount VeraCrypt volumes ([[!tails_ticket 11684]], [[!tails_ticket 6337]], [[Blueprint|blueprint/veracrypt]])</strike> [DONE]
- **Graphical interface for the Additional Packages persistent feature**: allow users to customize which applications are available in their Tails ([[!tails_ticket 5996]] [[!tails_ticket 9059]], [[Blueprint|blueprint/additional_software_packages]])
- **Mobile messaging applications**: investigate if we could support Signal, Wire, Telegram, etc. in Tails ([[!tails_ticket 14504]])
- **Backups**: provide a graphical tool to backup the persistent volume ([[!tails_ticket 5301]], [[Blueprint|blueprint/backups]])
@@ -56,7 +56,7 @@ Priorities for the next years
- **Try basing Tails on rolling snapshots of Debian Testing** to bring upstream changes earlier to Tails and collaborate better with upstream ([[!tails_ticket 12615]], [[Blueprint|blueprint/Debian_testing]])
- **Have a budget for user-visible improvements** to our core applications ([[!tails_ticket 14544]])
-- **Port complex shell scripts to Python** ([[!tails_ticket 11189]], [[Blueprint|blueprint/Port_shell_scripts_to_Python]])
+- **Port complex shell scripts to Python** ([[!tails_ticket 11198]], [[Blueprint|blueprint/Port_shell_scripts_to_Python]])
- **Migrate from `aufs` to `overlayfs`** ([[!tails_ticket 8415]])
- **Have more robust time synchronization** when starting Tails ([[!tails_ticket 5774]], [[Blueprint|blueprint/robust_time_syncing]])
@@ -68,9 +68,9 @@ Priorities for the next years
### Funding from private partners
-- **Strenghten our relationships** with existing partners
+- **Strengthen our relationships** with existing partners
- **Contact proactively** more potential partners
-- **Document better benefits** for partners
+- <strike>**Document better benefits** for partners</strike>
### Infrastructure migrations
@@ -79,8 +79,8 @@ Priorities for the next years
- Jenkins 2
- <strike>Redmine 3.3</strike> [DONE]
- Gitolite 3
- - Puppet 4
-- **Have a better server infrastructure** to handle our growing needs on continuous integration and have a backup server ([[!tails_ticket 11680]])
+ - <strike>Puppet 4</strike> [DONE]
+- **Have a better server infrastructure** to handle our growing needs on continuous integration and have a backup server ([[!tails_ticket 11680]], [[!tails_ticket 15071]])
- **Self-host our website** as boum.org is stopping hosting websites ([[!tails_ticket 14588]])
### Robust automated tests
diff --git a/wiki/src/contribute/sponsorship_to_attend_events.mdwn b/wiki/src/contribute/sponsorship_to_attend_events.mdwn
index fe73272..7ad2621 100644
--- a/wiki/src/contribute/sponsorship_to_attend_events.mdwn
+++ b/wiki/src/contribute/sponsorship_to_attend_events.mdwn
@@ -5,7 +5,7 @@ relevant events such as conferences on behalf of Tails: in most cases
the project will reimburse the corresponding expenses. Here is how to
get such sponsorship.
-[[!toc levels=2]]
+[[!toc levels=3]]
# General rules
@@ -24,6 +24,19 @@ transportation, and conference tickets.
When spending Tails' money, keep in mind that the project is working
with a limited budget that is to be used with frugality.
+### Food budget
+
+We allocate a budget for food based on the travel cost rate of the German
+Federal Ministry of Finance.
+See the [[calculation below|sponsorship_to_attend_events#food]].
+
+#### Extra food budget
+
+If, for some reason, you go over your food budget, you can explain why
+the budget was insufficient when reporting your expenses to the
+accounting team. Most likely it won't be a problem. It will also help us
+adjust our estimates in the future.
+
## Is it OK to request sponsorship after the fact?
No, it's not OK. In order to avoid biasing the decision-making process,
@@ -36,8 +49,8 @@ See below for specific deadlines.
Sponsorship requests must include:
- - A detailed estimated budget of travel costs, hosting, food, and other
- expenses.
+ - A detailed estimated budget of travel costs, hosting, and other
+ expenses (like local transportation).
- A list of objectives for the event; in other words, what do you plan
to do there, and why will it be beneficial for Tails.
@@ -46,6 +59,40 @@ Sponsorship requests must include:
example, "getting to know many other Tails people in person" is
often a valid objective.
+ <a id="food"></a>
+
+ - The number of lunches and dinners that you will have to pay yourself,
+ including during travel.
+
+ We will calculate your food budget using the following formula:
+
+ ( number of lunches + dinners ) × factor × official German rate
+
+ - *factor* is:
+
+ - 0.3 outside of Germany
+ - 0.4 in Germany
+
+ - The *official German rate* can be found by searching online for
+ "*Steuerliche Behandlung von Reisekosten und Reisekos­tenvergütungen*" for
+ the current year.
+
+ For example: *[site:bundesfinanzministerium.de Steuerliche Behandlung von
+ Reisekosten und Reisekos­tenvergütungen
+ 2018](https://duckduckgo.com/?q=site%3Abundesfinanzministerium.de+Steuerliche+Behandlung+von+Reisekosten+und+Reisekos%C2%ADtenverg%C3%BCtungen+2018)*.
+
+ In the PDF, refer to the "*Pauschbeträge für Verpflegungsmehraufwendungen
+ bei einer Abwesenheitsdauer von mindestens 24 Stunden je Kalendertag*"
+ (first column).
+
+ For example, if you are traveling to London for 3 days and eat 2 meals
+ during your travel, your food budget will be:
+
+ ( ( 1 lunch + 1 dinner ) × 3 days + 2 meals ) × 0.3 × 62€ = 148.80€
+
+ Your food budget is the maximum that you should spend on food but you will have
+ to justify your *exact expenses* when reporting about your travel.
+
## Who should I write to?
Send your sponsorship request to the <tails@boum.org> private mailing
diff --git a/wiki/src/contribute/working_together/roles/release_manager.mdwn b/wiki/src/contribute/working_together/roles/release_manager.mdwn
index 3848c31..89701e9 100644
--- a/wiki/src/contribute/working_together/roles/release_manager.mdwn
+++ b/wiki/src/contribute/working_together/roles/release_manager.mdwn
@@ -5,7 +5,8 @@
## Continuously
Stay on top of email received on the Release Managers mailing list.
-This includes for example failure notifications for Jenkins jobs.
+This includes for example analyzing failure notifications for Jenkins jobs
+and filing tickets for the Foundations Team as needed.
## In the beginning of your shift
@@ -25,10 +26,24 @@ This includes for example failure notifications for Jenkins jobs.
- Update [[contribute/calendar]] accordingly.
- Update the due date on [[!tails_roadmap]] accordingly.
-- Ask to be added to the `rsync_tails` group on `rsync.lizard`,
- if needed.
+- Make sure you have hardware handy:
+ - DVD burner
+ - at least 2 spare DVD-R or DVD-RW
- Make sure you have access to the various systems used to do
- the release.
+ the release:
+ - being subscribed to the <tails-rm@boum.org> mailing list
+ - having your OpenPGP signing subkey hardware and passphrase handy
+ - commit access to the official [[contribute/Git]] repository
+ - upload access to our [[custom APT repository|APT_repository/custom]]
+ - having your GnuPG key in the list of uploaders for
+ our [[custom APT repository|APT_repository/custom]]
+ - <https://jenkins.tails.boum.org/>
+ - SSH access to `rsync.lizard` and being in the `rsync_tails` group there
+ - SSH access to `bittorrent.lizard` and being in the `debian-transmission` group there
+ - SSH access to `reprepro-time-based-snapshots@apt.lizard`
+ - look for `rsync|ssh` in [[APT_repository/custom]],
+ [[APT_repository/time-based_snapshots]] and this very document
+ - password for the `tails` user on the Tor blog
- Check when our OpenPGP signing key expires.
If that's before, or soon after, the scheduled date for the release
_after_ the one your shift is about, then shout.
@@ -54,10 +69,10 @@ or two earlier than Friday *in addition* won't hurt, too.
<div class="note">
-Note: Georg Koppen, a Tor Browser developer, has promised to try to Cc
-tails-dev@boum.org when sending QA requests to tor-qa@lists.torproject.org
-which should make this easier. We should also be notified of any last
-last-minute rebuilds that we otherwise probably would miss out on.
+Note: the Tor Browser team Cc's tails-dev@boum.org when sending QA
+requests to tor-qa@lists.torproject.org which makes this easier.
+We are also often notified of any last last-minute rebuilds, better
+ask explicitly the Tor Browser team what their plans are.
</div>
diff --git a/wiki/src/contribute/working_together/roles/technical_writer.mdwn b/wiki/src/contribute/working_together/roles/technical_writer.mdwn
index 42792af..6742267 100644
--- a/wiki/src/contribute/working_together/roles/technical_writer.mdwn
+++ b/wiki/src/contribute/working_together/roles/technical_writer.mdwn
@@ -12,11 +12,8 @@ as a fallback if no other contributor volunteers to do it.
- Redacting release notes based on the
Changelog excerpts provided by RM.
- Redacting exceptional publications on our
- blog (security advisory, call for donations, etc.) or reviewing
+ blog (security advisory, etc.) or reviewing
them against GDSG and the rest of our documentation.
- - Reviewing contributions of paid workers to our end-user
- documentation (/doc and /support) against GDSG and consistency
- with the rest of our documentation.
- Maintaining a style guide of Tails-related terms and usage to
summarizes the terminology decision taken elsewhere.
- Documenting new features, including [[doc/about/features]].
@@ -26,6 +23,8 @@ as a fallback if no other contributor volunteers to do it.
[[FAQ|support/faq]] or in the list
[[known issues|support/known_issues]]), based on information
provided by our Help Desk and triaged by the Foundations Team.
+ - Keeping our documentation and support pages efficient for the people
+ reading them (relevant and easy to navigate).
As technical writers have a limited amount of time to dedicate to these
tasks, Tails as a project should redefine priorities on a regular basis.