Tails

#1 Updated by anonym 2018-03-13 15:00:54

• blocks Feature #13245: Core work 2018Q1: Foundations Team added

#2 Updated by anonym 2018-03-13 15:01:16

• related to Bug #13426: Tor does not start on Tails 3.0.1 automatically upgraded from 3.0 added

#4 Updated by anonym 2018-03-14 14:55:51

• File passwd-3.5 added
• File passwd-3.6 added
• File passwd-3.6-rc1 added

So in Tails 3.5 the debian-tor uid was 108 and in Tails 3.6 it is 107, which causes this new instance of Bug #13426. The reason is simple: in Tails 3.5 we have the systemd-bus-proxy user, but it is not present in Tails 3.6 due to the systemd upgrade.

(Now you might wonder why we didn’t catch this when testing Tails 3.6~rc1, since the systemd upgrade was in by then. Well, for some reason (I failed to find why) the Debian-exim user was added in Tails 3.6~rc1 only, which “took” systemd-bus-proxy’s place so the uid for debian-tor was the same as in Tails 3.5. Talk about bad luck! :/)

#5 Updated by intrigeri 2018-03-16 16:47:40

• related to Bug #15419: Detect earlier in the dev process if we're breaking automatic upgrades added

#6 Updated by intrigeri 2018-03-16 16:49:21

• Assignee deleted (intrigeri)
• Target version changed from Tails_3.7 to Tails_4.0

Sadly, there won’t be incremental upgrades to the first release that includes the proper fix suggested on this ticket (using fixed UID+GID for the debian-tor user and possibly a few others). So I think we should do this in 4.0. I’m thus postponing this ticket accordingly. In passing, another option would be to use systemd dynamic users but it’s much more involved.

See Bug #15419 and Bug #15418 for the shorter-term workarounds.

#7 Updated by intrigeri 2018-03-16 17:14:57

• Assignee set to segfault
• Target version changed from Tails_4.0 to Tails_3.6.1

Actually there’s an ugly way (config/chroot_local-hooks/04-change-gids-and-uids) to freeze UID:s/GID:s without breaking automatic upgrades. segfault is giving it a try.

#8 Updated by segfault 2018-03-16 20:02:07

• related to Bug #15424: Use fixed UID and GID for debian-tor added

#9 Updated by intrigeri 2018-03-16 20:51:44

• Assignee deleted (segfault)
• Target version changed from Tails_3.6.1 to Tails_4.0

What segfault has prepared (Bug #15424) is a small subset of what this ticket is about.

#10 Updated by intrigeri 2018-03-21 13:41:18

• Parent task set to Feature #15281

#11 Updated by intrigeri 2018-03-22 08:24:28

• Description updated

#12 Updated by intrigeri 2018-03-22 08:24:42

• blocked by deleted (Feature #13245: Core work 2018Q1: Foundations Team)

#13 Updated by intrigeri 2018-03-28 09:23:29

• Target version changed from Tails_4.0 to Tails_3.8

#14 Updated by intrigeri 2018-04-11 09:29:01

• Description updated

#15 Updated by intrigeri 2018-04-14 08:16:50

• Assignee set to intrigeri

See Bug #15424#note-12 for updates. During next cycle I want to make a decision wrt. the timing/relevance of this task (see ticket description) and then make sure the corresponding work is assigned to someone.

#16 Updated by intrigeri 2018-04-14 08:17:15

• blocks Feature #15139: Core work 2018Q2: Foundations Team added

#17 Updated by intrigeri 2018-06-19 16:28:48

• Target version changed from Tails_3.8 to Tails_3.9

#18 Updated by intrigeri 2018-06-28 13:59:03

• blocked by deleted (Feature #15139: Core work 2018Q2: Foundations Team)

#19 Updated by intrigeri 2018-06-28 13:59:04

• blocks Feature #15334: Core work 2018Q3: Foundations Team added

#20 Updated by intrigeri 2018-06-28 20:35:01

• Description updated

#21 Updated by intrigeri 2018-06-28 20:35:52

• related to Feature #8415: Migrate from aufs to overlayfs added

#22 Updated by intrigeri 2018-06-28 20:39:21

• blocked by Bug #15689: Test if overlayfs is affected by the DAC bug wrt. incremental upgrades changing UID/GID added

#23 Updated by intrigeri 2018-06-28 20:48:58

• blocks deleted (Bug #15689: Test if overlayfs is affected by the DAC bug wrt. incremental upgrades changing UID/GID)

#24 Updated by intrigeri 2018-06-28 20:49:32

• Assignee deleted (intrigeri)

#25 Updated by intrigeri 2018-06-28 20:49:40

• blocked by deleted (Feature #15334: Core work 2018Q3: Foundations Team)

#26 Updated by intrigeri 2018-06-28 20:55:52

• Target version deleted (Tails_3.9)

#27 Updated by intrigeri 2018-06-30 12:48:26

• related to Bug #15695: Avoid breaking automatic upgrades to Tails 3.9 added

#28 Updated by intrigeri 2018-08-14 14:59:29

• Status changed from Confirmed to In Progress
• Assignee set to segfault
• Target version set to Tails_3.9
• QA Check set to Ready for QA

The branch for Bug #15695 does this.

#29 Updated by intrigeri 2018-08-14 15:00:02

• Feature Branch set to bugfix/15695-avoid-breaking-automatic-upgrades-to-tails-3-9

#30 Updated by intrigeri 2018-08-14 15:49:31

• Assignee changed from segfault to CyrilBrulebois

#31 Updated by CyrilBrulebois 2018-08-14 16:30:38

• Assignee changed from CyrilBrulebois to intrigeri
• QA Check changed from Ready for QA to Pass
• Feature Branch changed from bugfix/15695-avoid-breaking-automatic-upgrades-to-tails-3-9 to kibi:bugfix/15695-avoid-breaking-automatic-upgrades-to-tails-3-9

The changes look good to me, even if there were quite a few merges and fixups needed.

I’ve pushed a branch with the same name to my repository, only with a few squashed commits. git diff against the branch on the main repository shows no differences.

We could probably compare sorted lists, but after discussion with intrigeri, that looks to be happening seldomly enough that it’s not worth the cost.

#32 Updated by intrigeri 2018-08-14 16:54:09

• Status changed from In Progress to Fix committed
• Assignee deleted (intrigeri)
• % Done changed from 0 to 100

#33 Updated by intrigeri 2018-09-05 16:21:29

• Status changed from Fix committed to Resolved