Tails

#4 Updated by intrigeri 2017-06-05 18:00:43

Amazing! Will look into it when I’m back to work on Wednesday (triaging my own tickets and drawing my plans for the next 6 months doesn’t count as work, obviously ;)

Meanwhile, it would help if you told me which fragile tests you’re run by hand, if any.

#5 Updated by anonym 2017-06-06 12:52:43

intrigeri wrote:
> Meanwhile, it would help if you told me which fragile tests you’re run by hand, if any.

These:

features/documentation.feature:4
features/localization.feature
features/tor_enforcement.feature:15
features/tor_stream_isolation.feature:26
features/torified_browsing.feature
features/unsafe_browser.feature

#6 Updated by intrigeri 2017-06-07 12:29:22

I’m reviewing this (and will hopefully merge it :) but there are newer files there: https://people.torproject.org/~gk/builds/7.0/.

#8 Updated by intrigeri 2017-06-07 13:10:07

Also, what’s the status of upstreaming commit:f11ebadf6f5911d17a0ec0ffb7e78bd987689b60 ?

#9 Updated by anonym 2017-06-07 15:46:21

intrigeri wrote:
> Code review passes modulo:

Cheers!

> * typo is “with acces to the”

commit:8730fae20f

> * the design doc needs updating (e.g. it still references config/chroot_local-hooks/13-override-tbb-branding)

commit:4e9e5a62b5

> * can we now re-enable e10s for the Unsafe Browser?

The problem with Tor Browser was AppArmor-related, so it doesn’t affect chroot browsers. So: no. :/

> If my testing passes I’ll merge this anyway and will reassign to anonym so he can polish these>

Let’s see!

> + look into the possibly newer 7.0 tarballs I’ve linked above.

So I saw the rebuild but thought we could skip it since there will be a 7.0.1 (or yet another rebuild of 7.0 if they don’t release it today, as planned) before 3.0 any way that we’ll have to deal with before 3.0. While I suppose the single change it makes compared to what we have now could affect us (AFAICT it reverts a patch back to a state of 7.0a4, ie. what we shipped in Tails 3.0~rc1), I think we better take the risk of not testing it, and instead spend our time on our other priorities for 3.0. If there is a problem I have time to deal with it during the weekend.

> Also, what’s the status of upstreaming f11ebadf6f5911d17a0ec0ffb7e78bd987689b60 ?

My plan was to notify upstream in one go about all the changes we have done when 3.0 is out. This branch might not introduce the last change needed to that profile before 3.0, after all. Any way, it is indeed past time to create a ticket tracking this: Feature #12653

#10 Updated by intrigeri 2017-06-07 16:33:45

I see that:

juin 07 16:26:41 amnesia audit[10878]: AVC apparmor="DENIED" operation="mkdir" profile="/usr/local/lib/tor-browser/firefox" name="/usr/local/lib/tor-browser/TorBrowser/UpdateInfo/" pid=10878 comm="firefox" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
juin 07 16:26:41 amnesia audit[10878]: AVC apparmor="DENIED" operation="mkdir" profile="/usr/local/lib/tor-browser/firefox" name="/usr/local/lib/tor-browser/update.test/" pid=10878 comm="firefox" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
juin 07 16:26:41 amnesia kernel: audit: type=1400 audit(1496852801.976:43): apparmor="DENIED" operation="mkdir" profile="/usr/local/lib/tor-browser/firefox" name="/usr/local/lib/tor-browser/TorBrowser/UpdateInfo/" pid=10878 comm="firefox" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
juin 07 16:26:41 amnesia kernel: audit: type=1400 audit(1496852801.976:44): apparmor="DENIED" operation="mkdir" profile="/usr/local/lib/tor-browser/firefox" name="/usr/local/lib/tor-browser/update.test/" pid=10878 comm="firefox" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000

Might it be that we don’t have updates disabled anymore?

#11 Updated by intrigeri 2017-06-07 16:40:46

>> * the design doc needs updating (e.g. it still references config/chroot_local-hooks/13-override-tbb-branding)

> commit:4e9e5a62b5

Typo in “with out own”.

`[mozilla.cfg](https://developer.mozilla.org/en-US/Firefox/Enterprise_deployment)` doesn’t do what you think. I think you want [`mozilla.cfg`](https://developer.mozilla.org/en-US/Firefox/Enterprise_deployment). Please build locally before submitting this again for review :)

>> If my testing passes I’ll merge this anyway and will reassign to anonym so he can polish these>

> Let’s see!

Merged.

>> + look into the possibly newer 7.0 tarballs I’ve linked above.

> So I saw the rebuild but thought we could skip it since there will be a 7.0.1 (or yet another rebuild of 7.0 if they don’t release it today, as planned) before 3.0 any way that we’ll have to deal with before 3.0. While I suppose the single change it makes compared to what we have now could affect us (AFAICT it reverts a patch back to a state of 7.0a4, ie. what we shipped in Tails 3.0~rc1), I think we better take the risk of not testing it, and instead spend our time on our other priorities for 3.0.

OK, good plan.

> If there is a problem I have time to deal with it during the weekend.

OK. Note “2017-06-10: Build and upload the Tails 3.0 tentative ISO image” though.