summaryrefslogtreecommitdiffstats
path: root/wiki/src/contribute/release_process/veracrypt.mdwn
blob: a70ce8cb4b5ec75e1a302ff56b033e1d1ae28957 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
[[!meta title="Upgrading custom packages for VeraCrypt support"]]

Until Tails is based on a Debian version which includes our patches
We have to maintain our custom packages for the integration of VeraCrypt
support in GNOME until they are available in Tails via the Debian repos
(for some that will be Buster, for some Bullseye). This means we need to
check if new versions of the following source packages have hit Debian
stretch or stretch-security:

* [gtk+3.0](https://packages.debian.org/source/stable/gtk+3.0) (version in Tails: 3.24.5-1.0tails1)
* [gvfs](https://packages.debian.org/source/stable/gvfs) (version in Tails: 1.38.1-5.0tails1)
* [gjs](https://packages.debian.org/source/stable/gjs) (version in Tails: 1.54.3-1.0tails1)
* [gnome-shell](https://packages.debian.org/source/stable/gnome-shell) (version in Tails: 3.30.2-9.0tails1)

If any of these have a new version in buster or buster-security:

1. Download our custom package and source package it is was forked off from:

       # Set these variables to the correct values for the package to update
       PACKAGE_NAME=udisks2
       # The version currently in Tails
       OLD_VERSION=2.1.8-1.0tails3
       # The version of the official Debian package it was forked off from
       ORIGINAL_VERSION=2.1.8-1
       # The new version in buster or buster-security
       NEW_VERSION=2.1.8-2
       # Release the updated package should go in (stable, testing or devel)
       RELEASE=stable
       # The topic branch for this update
       BRANCH=feature/update-udisks
       SUITE="$(echo "${BRANCH:?}" | sed -e 's,[^.a-z0-9-],-,ig'  | tr '[A-Z]' '[a-z]')"

       sudo tee /etc/apt/sources.list.d/tails.list <<EOF
       deb-src tor+http://jenw7xbd6tf7vfhp.onion/ ${RELEASE:?} main
       deb-src [check-valid-until=no] tor+http://snapshot.debian.org/archive/debian/20180904T000000Z/ buster main
       EOF
       sudo apt update
       apt source --download-only "${PACKAGE_NAME:?}=${OLD_VERSION:?}"
       apt source --download-only "${PACKAGE_NAME:?}=${ORIGINAL_VERSION:?}"

1. Get the debdiff of our patches:

       debdiff "${PACKAGE_NAME:?}_${ORIGINAL_VERSION:?}.dsc" "${PACKAGE_NAME:?}_${OLD_VERSION:?}.dsc" > tails.diff

1. Download the new source package:

       apt source "${PACKAGE_NAME:?}=${NEW_VERSION:?}"

1. Apply the debdiff on the new version:
       debdiff-apply "${PACKAGE_NAME:?}_${NEW_VERSION:?}.dsc" tails.diff

1. Add changelog entry and build a new version of the patched package
   in a Buster/amd64 chroot:

       cd "${PACKAGE_NAME:?}"*/
       debchange --newversion="${NEW_VERSION:?}.0tails1" --distribution="${SUITE:?}" --force-distribution
       pdebuild

1. Install the newly built package in the build environment and rebuild all
   custom packages which depend on it. The dependencies are as follows (where
   `X: Y` means that `X` is dependency of `Y`):

    * `udisks2`: `gnome-disk-utility`
    * `glib2.0`: `gtk+3.0`, `gvfs`, `gobject-introspection`, `gjs`, `gnome-shell`
    * `gobject-introspection`: `gjs`
    * `gjs`: `gnome-shell`

1. Sign and upload updated packages

       debsign "${CHANGES_FILE:?}"
       dupload --to tails "${CHANGES_FILE:?}"

1. Update the "version in Tails" in this document.