Bug #10130

Disable Debian non-free in APT in the ISO

Added by intrigeri 2015-08-31 15:00:21 . Updated 2016-09-20 16:47:17 .

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Persistence
Target version:
Tails_2.6
Start date:
2015-09-01
Due date:
% Done:

100%

Feature Branch:
doc/10543-dotfiles-for-apt
Type of work:
Code
Blueprint:

Starter:
Affected tool:
Additional Software Packages
Deliverable for:

Description

We need non-free for building (firmwares). But I don’t see a good reason to configure APT in a way that users may install non-free software without even noticing.

Except, perhaps, that if we disable non-free, users who actually want to install stuff, in a persistent manner, from non-free, may need to do crazy stuff (what exactly? would dotfiles work to drop stuff in sources.list.d? alternatively, can we configure APT to use another sources.list.d that users can make persistent?). Should this be blocking us from addressing the aforedescribed problem?

Subtasks

Bug #10143: Test whether Dotfile allow adding additional APT repositories Resolved

0
Feature #10543: Document how to add APT sources using Dotfiles Resolved

100

History

#1 Updated by sajolida 2015-09-01 07:17:17

Maybe it would make sense as well for possible Tails derivatives to have ways of adding more repos through the configuration of the persistent storage. Maybe we should test whether this is possible already with Dotfiles. If so, then I’m fine with disabling non-free repos, and document how to add custom repos. Creating Bug #10143 for that.

#2 Updated by sajolida 2015-09-01 07:17:33

  • blocked by Bug #10143: Test whether Dotfile allow adding additional APT repositories added

#3 Updated by intrigeri 2015-09-01 08:22:15

> If so, then I’m fine with disabling non-free repos, and document how to add custom repos. Creating Bug #10143 for that.

Thanks! (And hopefully it’ll work so that we don’t have to argue about what to do otherwise..)

#4 Updated by sajolida 2015-11-01 06:09:12

  • Category set to Persistence
  • Assignee set to sajolida
  • Type of work changed from Discuss to Test

I started tested this…

Another positive side-effect of this would be to speed up apt-get update and other cache operations which are desperately long and slow right now.

#5 Updated by sajolida 2015-11-13 13:23:41

  • blocks deleted (Bug #10143: Test whether Dotfile allow adding additional APT repositories)

#6 Updated by intrigeri 2016-07-18 05:45:29

  • Assignee deleted (sajolida)
  • Type of work changed from Test to Code

(Apparently the tests were done and we’re now implementing this, if I got Feature #10543#note-8 right.)

#7 Updated by sajolida 2016-07-18 12:40:53

So, just to be extra clear, my tests were about adding a sources.list entry through Dotfiles. I have:

  • /etc/apt/sources.list.d source=apt/sources,link in persistence.conf
  • /live/persistence/TailsData_unlocked/apt/sources/non-free.list
  • And now the file is linked and I can do sudo cat /etc/apt/sources.list.d/non-free.list and see the file. Still, I can read it with the amnesia user because /live/persistence/TailsData_unlocked/apt is not world readable. Would this be a problem?
  • If I remove all occurrences of non-free in the other sources.list and do apt update I’m downloading the non-free lists from my Dotfile.

#8 Updated by intrigeri 2016-07-18 14:49:38

> Still, I can read it with the amnesia user because /live/persistence/TailsData_unlocked/apt is not world readable. Would this be a problem?

I think I’ve concisely explained why it’s a (possibly minor) problem, on the doc subticket, earlier today.

#9 Updated by sajolida 2016-08-12 06:08:41

  • Target version set to Tails_2.6

I wrote to segfault and spriver to see if they are interested in taking this over. Otherwise intrigeri will try to do it for 2.6. So setting 2.6 as target version not to loose this too much from sight.

#10 Updated by sajolida 2016-08-12 06:11:16

  • related to Bug #11635: Include additional APT sources in WhisperBack reports added

#11 Updated by intrigeri 2016-08-27 02:30:43

  • Status changed from Confirmed to In Progress
  • Assignee set to intrigeri
  • Feature Branch set to doc/10543-dotfiles-for-apt

#12 Updated by intrigeri 2016-08-27 02:32:29

  • related to deleted (Bug #11635: Include additional APT sources in WhisperBack reports)

#13 Updated by intrigeri 2016-08-27 08:48:41

  • Assignee changed from intrigeri to anonym
  • QA Check set to Ready for QA

Passes apt.feature here, and I’ve checked that after booting non-free is not enabled.

#14 Updated by anonym 2016-08-28 11:37:22

  • Status changed from In Progress to Fix committed
  • Assignee deleted (anonym)
  • QA Check changed from Ready for QA to Pass

#15 Updated by anonym 2016-09-20 16:47:17

  • Status changed from Fix committed to Resolved