Re: [Tails-dev] An amusing tale of indeterminism

[anonym]

14/11/12 18:26, maioral wrote:
> i downloaded a new tails sign key from your site and size is different,
> as verification also is
> 
> sha256sum tails-signing*.key
> d94ca0efd92a60bce1015112b29b319250772c90e3172d3d9c99c7c0e88ac3c8 
> tails-signing14.key
> 79f1663dfb5609aaa5021221e01ff38c7d3d5bbd8126710ce385f6009cd501f7 
> tails-signing.key
> 
> the 14.key was downloaded today

A GnuPG key can change (with or without changing in size) for many
reasons: new signatures, new user-ids, new sub-keys, modified key
expiration dates etc. The only thing that matters is that the key
fingerprint remains the same.

Cheers!

___
tails-dev mailing list
tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev

[Tails-dev] Please review bugfix/handle_apt_sources_for_rc

[Ague Mill]

Hi!

The sources.list generator did not know how to handle release candidates
properly. I believe the issue fixed in bugfix/handle_apt_sources_for_rc.

-- 
Ague


pgp5i2lFQM6zN.pgp
Description: PGP signature
___
tails-dev mailing list
tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev

Re: [Tails-dev] An amusing tale of indeterminism

[intrigeri]

maioral wrote (14 Nov 2012 17:26:24 GMT) :
> i downloaded a new tails sign key from your site and size is
> different, as verification also is

Comparing key exports just does not work: even if only the version of
GnuPG used to export the keys changes, the result won't be the same.

So, I'm happy to teach you that your comparison process is flawed,
which is actually good news :)

You're comparing two different exports of the same key.
The first is expired, the second is not.
Which means that the second has updated self-signatures.
Which implies that exporting these two keys cannot possibly create two
files of same size, and is highly unlikely to produce files with the
same hashes.

An easy and useful way to compare OpenPGP keys is to import them,
and compare fingerprint(s).
___
tails-dev mailing list
tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev

[Tails-dev] Trying tails-create-iuk

[Ague Mill]

Hi!

I have tried to use tails-create-iuk under Tails itself.

First there is two missing dependencies: libdevice-cdio-perl and
squashfs-tools. If we don't want them on Tails, maybe tails-create-iuk
should be shipped in a second binary package.

Relative paths did not work as argument to --old-iso and --new-iso.
It said: `++WARN: could not retrieve file info for
'tails-i386-0.14.iso': No such file or directory`. I had to use
absolute path to make it run.

The --tempdir option seems broken. I originaly believed it could be used
to prepare the squashfs image in another directory than a tmpfs (when
memory is tight) but it looks like I'm mistaken.

When it was unable to find mksquashfs, it stopped and left all tmpfs and
loop mounts around.

I was not able to complete the process though. The further I have been
able to go is complete the squashfs creation (it outputs the summary).
Then I see: 

Use of uninitialized value $_[0] in join or string at (eval 496) line 126.
Internal error: open(, -|, bsdtar, -x, --no-same-permissions, --to-stdout, 
--fast-read, --file, /media/crypto/tails-i386-0.14.iso, live/initrd.img): Do 
not expect to get 10 arguments at (eval 496) line 126.
cannot remove path when cwd is /tmp/y0XQ7qssJb for /tmp/y0XQ7qssJb:  at 
/usr/share/perl/5.10/File/Temp.pm line 902

I have not been able to locate a verbose option, so I don't have any
more details.

-- 
Ague


pgpcm7K8pXIL4.pgp
Description: PGP signature
___
tails-dev mailing list
tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev

[Tails-dev] Please review and merge bugfix/gpgApplet_menu_in_bottom_panel

[anonym]

Hi,

Here's a small post-freeze bugfix for Tails 0.15 which fixes the
gpgApplet menu issue reported when using the Windows XP camouflage.

Branch: bugfix/gpgApplet_menu_in_bottom_panel
Ticket: https://tails.boum.org/todo/fix_gpgApplet_with_Windows_camouflage/

commit 77b7868e924c1a34e46890544116ccc6836760c4
Author: Tails developers 
Date:   Thu Nov 15 13:10:45 2012 +0100

Let GTK handle menu positioning.

Our custom menu positioning functions do not add anything of value,
and in fact make the menus unusable when the status icon is in a panel
located on the bottom of the screen. That made gpgApplet unusable when
Windows XP camouflage was activated. GTK seems to have logic for
handling this so dropping the functions instead of making them handle
this case seems like the ideal solution.

Cheers!

___
tails-dev mailing list
tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev

[Tails-dev] Please review and merge bugfix/gpgApplet_menu_in_bottom_panel

[anonym]

Hi,

Here's a small post-freeze bugfix for Tails 0.15 which fixes the issue
with bridge mode + tordate discovered by ague. It's merged into
experimental.

Branch: bugfix/bridge_mode_vs_tor_restarts
Ticket: https://tails.boum.org/todo/bridge_mode_vs_tor_restarts/

commit 3f876314055b83f1aacd5ed790d03bad411a8aae
Author: Tails developers 
Date:   Thu Nov 15 16:56:26 2012 +0100

Create wrappers for (re)starting Tor and Vidalia.

If Vidalia is running, and Tor is restarted, then we also want to
restart Vidalia. This is because Vidalia doesn't re-connect to Tor
automatically, so the user has to restart it to be able to control Tor
again. Also, any options set by Vidalia will be lost since they
weren't written to torrc, which causes Tor to reach an inactive state
if it's restarted in "bridge mode".

Cheers!

___
tails-dev mailing list
tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev

Re: [Tails-dev] Trying tails-create-iuk

[intrigeri]

Hi,

Ague Mill wrote (15 Nov 2012 11:44:52 GMT) :
> I have tried to use tails-create-iuk under Tails itself.

Thanks a lot for all this useful feedback.
I think it's the first time someone else than me tries it.
I'm going to look at this one of these days, hopefully shortly.

May I ask what kind of system you used as a testbed?
Debian stable or testing?

Did you run t-c-i as root, using sudo, or what?
(Honestly, I don't remember exactly what kind of credentials is
needed / supported.)

> The --tempdir option seems broken.

Oops, it is not meant to be used on the command line.
The fact it's advertised at all in --help is a bug.

IIRC, the standard TMPDIR should work.

> I have not been able to locate a verbose option,

There is none.
It might help to install libcarp-always-perl and run t-c-i this way:

$ perl -MCarp::Always path/to/tails-create-iuk

Cheers,
-- 
  intrigeri
  | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
  | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
___
tails-dev mailing list
tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev

Re: [Tails-dev] Trying tails-create-iuk

[Ague Mill]

intrigeri:
> Ague Mill wrote (15 Nov 2012 11:44:52 GMT) :
> > I have tried to use tails-create-iuk under Tails itself.
> 
> Thanks a lot for all this useful feedback.
> I think it's the first time someone else than me tries it.
> I'm going to look at this one of these days, hopefully shortly.
> 
> May I ask what kind of system you used as a testbed?
> Debian stable or testing?

I have tried to generate the IUK from a running Tails, version 0.15~rc1.
So that's probably closer to Debian stable. ;)
 
> Did you run t-c-i as root, using sudo, or what?
> (Honestly, I don't remember exactly what kind of credentials is
> needed / supported.)

Using `sudo`, as the suggested in the documentation.
 
> > I have not been able to locate a verbose option,
> 
> There is none.
> It might help to install libcarp-always-perl and run t-c-i this way:
> 
>   $ perl -MCarp::Always path/to/tails-create-iuk

What are the expected effects?

-- 
Ague


pgpg6ScSbFh53.pgp
Description: PGP signature
___
tails-dev mailing list
tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev

[Tails-dev] Please review and merge bugfix/bridge_mode_vs_tor_restarts [Was: Please review and merge bugfix/gpgApplet_menu_in_bottom_panel]

[anonym]

This (incorrect subject) is what happens when you use an old email as
template for a new one. The rest of the email is correct, though.

15/11/12 18:01, anonym wrote:
> Hi,
> 
> Here's a small post-freeze bugfix for Tails 0.15 which fixes the issue
> with bridge mode + tordate discovered by ague. It's merged into
> experimental.
> 
> Branch: bugfix/bridge_mode_vs_tor_restarts
> Ticket: https://tails.boum.org/todo/bridge_mode_vs_tor_restarts/
> 
> commit 3f876314055b83f1aacd5ed790d03bad411a8aae
> Author: Tails developers 
> Date:   Thu Nov 15 16:56:26 2012 +0100
> 
> Create wrappers for (re)starting Tor and Vidalia.
> 
> If Vidalia is running, and Tor is restarted, then we also want to
> restart Vidalia. This is because Vidalia doesn't re-connect to Tor
> automatically, so the user has to restart it to be able to control Tor
> again. Also, any options set by Vidalia will be lost since they
> weren't written to torrc, which causes Tor to reach an inactive state
> if it's restarted in "bridge mode".
> 
> Cheers!



___
tails-dev mailing list
tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev

Re: [Tails-dev] Trying tails-create-iuk

[intrigeri]

Hi,

Ague Mill wrote (15 Nov 2012 17:13:57 GMT) :
> I have tried to generate the IUK from a running Tails, version
> 0.15~rc1. So that's probably closer to Debian stable. ;)

OK. For the record, I didn't try anything but testing/sid previously.

Most of the Perl / CPAN environment is usually very much backward
compatible, but it's always possible to hit corner cases (e.g.
I remember File::Temp behaving in slightly different ways between
Lenny and Squeeze or something).

>> Did you run t-c-i as root, using sudo, or what?
>> (Honestly, I don't remember exactly what kind of credentials is
>> needed / supported.)

> Using `sudo`,

Thanks.

> as the suggested in the documentation.

May I ask which part of it? I did not find this easily.
(I'd like to improve this after gathering my thoughts, tests, time and
everything else needed.)

>> > I have not been able to locate a verbose option,
>> 
>> There is none.
>> It might help to install libcarp-always-perl and run t-c-i this way:
>> 
>>  $ perl -MCarp::Always path/to/tails-create-iuk

> What are the expected effects?

TL;DR -> Stacktraces from the perspective of the caller.

The Debian package description reads:

  Description: Perl module to make warns and dies noisy with stack backtraces
Carp::Always is meant as a debugging aid. It can be used to make
a script complain loudly with stack backtraces when warn()ing or
die()ing.

Feel free to ask specific questions if this is still unclear.

Cheers,
-- 
  intrigeri
  | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
  | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
___
tails-dev mailing list
tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev

Re: [Tails-dev] Trying tails-create-iuk

[Ague Mill]

intrigeri:
> > Using `sudo`,
> 
> Thanks.
> 
> > as the suggested in the documentation.
> 
> May I ask which part of it? I did not find this easily.
> (I'd like to improve this after gathering my thoughts, tests, time and
> everything else needed.)

The release process contains the following command line:

  Build the Incremental Update Kit

  Example:

  $ sudo tails-create-iuk --squashfs-diff-name 0.14.squashfs \
--old-iso tails-i386-0.14\~rc2.iso \
--new-iso tails-i386-0.14.iso  \
--outfile Tails_i386_0.14-rc2_to_0.14.iuk



That's more or less what I have tried to run (except for absolute paths
and version numbers).

-- 
Ague


pgpk35iTjCWYY.pgp
Description: PGP signature
___
tails-dev mailing list
tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev

[Tails-dev] Pushing "make the news translatable" online

[intrigeri]

Hi,

I'm pushing online the changes needed to make the news/* section
translatable. I've tested them locally, looks good.
Big site refresh going on, please be patient..

The various generated news RSS and Atom feeds were generated
per-language already (who knows why, BTW), so on that side, nothing
changes, no need for HTTP redirection, no need to deal with stupid RSS
readers that don't support it. Good. Too bad I had setup everything
locally to test precisely this, r2e included, before I realized it
wasn't needed at all... ah.

The canonical address of already published news (e.g.
https://tails.boum.org/news/version_0.14/) do not change, so I did not
feel it was needed to add rewrite rules to deal with existing URLs
that may have hardcoded the index.html part, that was not linked to by
our website anyway, as far as I can tell.

Next: add steps to the release process to ask for translations of the
new release announce (and of the security announce too, by the way).

And then, someone can implement
todo/set_iceweasel_homepage_to_Tails_news eventually.

Cheers,
-- 
  intrigeri
  | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
  | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
___
tails-dev mailing list
tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev

Re: [Tails-dev] forking Tails documentation pages credit

[adrelanos]

intrigeri:
> adrelanos wrote (13 Nov 2012 23:38:29 GMT) :
>> Is this solution satisfying? Open for suggestions. I just want to
>> get this done.
> 
> Looks good.

Thanks for solving this one!
___
tails-dev mailing list
tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev

[Tails-dev] forked Tails documentation

[adrelanos]

intrigeri:
> Hi,
> 
> adrelanos wrote (07 Nov 2012 16:24:39 GMT) :
>> I plan to fork a few Tails documentation pages.
>> For example the warning page:
>> https://tails.boum.org/doc/about/warning/index.en.html
> 
> Tails put aside, I'm interested in the result. Please keep me posted.

I just started:
https://sourceforge.net/p/whonix/wiki/TailsDocFork/

Updates coming over time.

Cheers!
___
tails-dev mailing list
tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev

Re: [Tails-dev] Pushing "make the news translatable" online

[intrigeri]

Hi,

intrigeri wrote (15 Nov 2012 18:10:22 GMT) :
> I'm pushing online the changes needed to make the news/* section
> translatable. [...] Big site refresh going on, please be patient..

Done. The French homepage has a weird display bug, that we see from
time to time, seemingly randomly, on the Security articles list too.
I've tried various hacks to fix it, to no avail. I'm under the
impression I have already researched, understood, and properly fixed
this kind of issues, but unfortunately, right now I seem to be unable
to remember :(

Anyhow, this is ugly for sure, but nothing really new since we had it
for security too, and I think the most important is to get translated
news articles, when one lands directly on a new article e.g. from the
(incoming / incremental) update frontend, or from the Tor blog, etc.

> Next: add steps to the release process to ask for translations of
> the new release announce (and of the security announce too, by the
> way).

I'll do it of these days. Tracking through my personal todo list.
No emergency, though, I think.

> And then, someone can implement
> todo/set_iceweasel_homepage_to_Tails_news eventually.

FTR, I'm not commiting myself to do it. Enjoy.

Cheers,
-- 
  intrigeri
  | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
  | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
___
tails-dev mailing list
tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev

Re: [Tails-dev] Block/unblock wireless devices?

[intrigeri]

Hi,

intrigeri wrote (12 Oct 2012 09:40:34 GMT) :
> Bluetooth is handled separately, and there was some confusion in this
> thread, so here's an updated proposal.

> At boot time:

>  * unblock Wi-Fi, WWAN and WiMAX
>  * ignore Bluetooth (see other proposal)
>  * soft-block all other kind of wireless devices (UWB, GPS, FM)

> + write a short documentation page about how to manually unblock
> a blocked device (e.g. GPS).

> Deadline: Friday, October 19th.

I created todo/set_wireless_devices_state with this information.

After discussing this with bertagaz and Ague who both seemed to think
it made sense, I took the liberty to add "and probably at hotplug time
too" after "at boot time".

Cheers,
-- 
  intrigeri
  | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
  | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
___
tails-dev mailing list
tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev

Re: [Tails-dev] Tails: pcmcia / firewire / etc.

[intrigeri]

hi,

intrigeri wrote (12 Oct 2012 09:27:35 GMT) :
> Hi,

> intrigeri wrote (28 Sep 2012 15:27:50 GMT) :
>>> * de-activate PCMCIA and ExpressCard on systems that don't have any
>>>   PCMCIA or ExpressCard devices after running for 5 minutes. This is
>>>   going to byte some users, but probably only the first time.

>> I am strongly inclined towards this one, for PCMCIA, ExpressCard
>> FireWire and even Bluetooth.

> That was two weeks ago, and the only other expressed opinion (Ague's)
> was in favor of the same. Looks like we've got a consensus, right?

> Deadline: Friday, October 19th.

I updated the many tickets involved (f11198b).

The issue about the exact delay that was raised (5 minutes starting
when, 1 minute starting at the same time as GDM, anything else?) is
still in need of a conclusion. That should not be the hardest part of
the implementation, though, so I don't think it's a blocker right now.

Cheers,
-- 
  intrigeri
  | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
  | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
___
tails-dev mailing list
tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev