Re: [Tails-dev] incremental upgrades: phase one almost done, release plan

[sajolida]

On 24/07/12 04:38, intrigeri wrote:
> Hi,
> 
> the first phase of the incremental upgrades feature [0] development
> is nearing completion.
> 
> Today, inside a Tails system, I ran [1] the update frontend against
> a local web server that handed an update-description file along with
> a matching IUK. I was asked graphically if I wanted to upgrade my
> Tails system, which I gladly accepted. A few minutes later, I was told
> the update had been successfully applied, was prompted to reboot, and
> once started again, the system was indeed upgraded!
> 
> The actual IUK installation program was ready and quite well tested
> for a while. What is new is that we now have the network, upgrade
> logic, security and GUI bits all connected together.
> 
> The Tails-IUK suite (code: 80kB, test suite: 256kB) looks in good
> shape to me. The only part that still needs a bit of love is the
> frontend. See the "Bugs and Future Improvements" section [2] for
> details. I consider everything listed there with severity >= serious
> as a release blocker, and the rest as things that can be improved or
> fixed later. As of now, there are only two remaining release blockers,
> that I intend to tackle early in August, and then decide to call phase
> one a thing of the past and cleanup the roadmap [3].
> 
> On the release side of things, it does not seem wise to push all this
> directly out in the wild with all switches on: this piece of software
> being intrinsically bound to the infrastructure, testing the whole
> thing entirely can't really be done unless the software has been
> shipped in a Tails release, which is not the case yet.
> 
> So, I'm proposing the following plan to release this feature:
> 
>   1. As soon as possible, merge into devel the harmless part of the
>  feature/incremental-upgrades branch (users creation with sudo
>  credentials, dependencies installation), leaving aside the part
>  about running the update frontend automatically at startup.
>  => Tails 0.13 should be able to incrementally upgrade to 0.13.x
> 
>   2. When 0.13.x point-releases are out, write developers
>  documentation and tools, prepare IUK, update update-description
>  files, ask beta testers to try the incremental upgrade process.
>  Catch and fix most remaining bugs.
>  Write user documentation [4] and hand it to translators.
>  sajolida, do you want/plan to write the user documentation?

Yes! I would be happy to work on that. I haven't done much work on the
documentation since the persistence volume but that's sound like the
perfect opportunity to catch up.

>   3. Once we're happy with the whole thing, ship it, enabled by
>  default, in the next Tails major release (that is, presumably
>  0.14, unless 1.0 is due already -- who knows :)
> 
> Thoughts?

Sounds like a great plan. Regarding the documentation, and to have a bit
more loose schedule we could write a first documentation in time for
0.13.x but then ask for translations only after a first debugging of the
whole thing, so between 0.13 and 0.14, and after fixing the
documentation a bit.

We could also add something else to the process: coordinate better and
earlier the writing of the documentation and the UI, so we agree on the
vocabulary, try to apply the relevant parts of the documentation style
to the UI, etc.

> [0] https://tails.boum.org/todo/incremental_upgrades/
> [1] SSL_NO_VERIFY=1 DISABLE_PROXY=1 tails-update-frontend \
>   --override-baseurl https://10.0.0.1/tails
> [2] https://tails.boum.org/todo/incremental_upgrades/#index9h1
> [3] https://tails.boum.org/todo/incremental_upgrades/#index3h1
> [4] https://tails.boum.org/todo/incremental_upgrades/#index4h2
> 
> Cheers,

-- 
sajolida



signature.asc
Description: OpenPGP digital signature
___
tails-dev mailing list
tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev

Re: [Tails-dev] Can't achieve buildin tails Live CD

[Ague Mill]

On Tue, Jul 24, 2012 at 03:31:42PM +0100, Nicolas B wrote:
> Here is my message in a bottle.
> I would like to build a Live CD of tails 0.12.1 on my own.
> But I have followed instructions from https://tails.boum.org/contribute/build/
> without any result.

Glad to know that you have tried to build your own Tails. Unfortunately,
you did so at a time where two things where broken: multiarch plymouth
has migrated to testing, and the custom ikiwiki repository was
inacessible.

The issue is fixed in both devel and experimental branches. devel is
really close to 0.12.1, so I suggest you try to build it instead.
 
> Her is a sum up of my tries:
> 
> Where each time I used the most recent components without tweeking in apt 
> sources.
> And I used the 0.12.1 tag from the git repo to match the latest release 
> version.
> 
> - Debian 6.0.5 i386 VM -> I got a Live CD but stayed locked to greeter, can't 
> access the gnome desktop.
> It loops when I click on the "Login" button

This one is weird. The other issues (plymouth at least) should not have
left the build to finish.

> - Debian wheezy amd64 in a VM using manual build -> got broken package when 
> building dist

Fixed in devel and experimental.

>  Debian wheezy amd64 on a physical machine using valgrant -> need 
> tweaking to build ikiwiki

Fixed in devel and experimental.

Have fun,
-- 
Ague


pgpKcPCTxWXlJ.pgp
Description: PGP signature
___
tails-dev mailing list
tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev

Re: [Tails-dev] No need for a patched ikiwiki anymore

[Ague Mill]

On Sat, Jun 30, 2012 at 12:57:13AM +0200, intrigeri wrote:
> [master 0f79c1e] No need for a patched ikiwiki anymore:
> ikiwiki 3.20120629 has everything we need :)
> 
> I guess some Vagrant clevery should be updated accordingly.

Done in devel and experimental branches.

-- 
Ague


pgpGGDzvNCBzW.pgp
Description: PGP signature
___
tails-dev mailing list
tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev

[Tails-dev] Mandatory Access Control, SELinux and Tails

[Andreas Kuckartz]

Is anybody currently working on adding Mandatory Access Control to Tails?

Any strong opinions regarding possible solutions?

See
https://tails.boum.org/todo/Mandatory_Access_Control/

I would suggest to start with SELinux in "permissive" mode and
incrementally adapt the policy so that in a later stage - when no
"access denied" warnings occur while using Tails - "enforcing" mode can
be switched on.

The main effect of that change probably would be on the build process
because the initial file labeling takes some time and requires a reboot.

I have some experience with SELinux and Debian unstable which might
help, but installing the relevant SELinux packages and enabling
permissive mode is quite straightforward (at least in Debian unstable ;-).

Cheers,
Andreas
___
tails-dev mailing list
tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev

Re: [Tails-dev] Mandatory Access Control, SELinux and Tails

[Andreas Kuckartz]

> https://tails.boum.org/todo/Mandatory_Access_Control/

I just tried to update that page but got an error message as a result:
"Error: Sorry, but that looks like spam to blogspam: bayes, 13 links
found" :-/

Can someone tell me how I can edit that page?! I did not even add a link
but only wanted to change one...

This was the text I intended to put on the page:

SELinux
---

Developed initially by big brother (NSA).

It is pretty hard to write and maintain policies but such policies exist
and they can mostly be used by different Linux distributions. Support in
Debian has improved since the release of Squeeze.

- 
- selinux policies are part of Squeeze
- GNOME, policykit, etc. are supported by
  Debian-packaged policies

Cheers,
Andreas
___
tails-dev mailing list
tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev