Bug #15477

Consider upgrading to current live-boot

Added by intrigeri 2018-03-29 19:26:09 . Updated 2020-05-15 08:44:48 .

Status:
In Progress
Priority:
Normal
Assignee:
Category:
Target version:
Start date:
2018-03-29
Due date:
% Done:

10%

Feature Branch:
Type of work:
Code
Blueprint:

Starter:
Affected tool:
Deliverable for:

Description

As of Tails 4.6, we’re using Stretch’s live-boot 1:20170112.

Upgrading is not trivial:

  • The changes brought by https://bugs.debian.org/886328 (“use /run/live instead of /lib/live/mount”) affect all kinds of stuff such as memory erasure, live-persist, AppArmor, and more.
  • See the initial porting attempt, reverted in commit:f365b9bf941291384b623b0fddc3b8be8e3e6641

Subtasks


Related issues

Related to Tails - Feature #5691: Consider upgrading to current live-build Confirmed
Blocks Tails - Feature #16209: Core work: Foundations Team Confirmed
Blocked by Tails - Feature #15944: Port Tails to Buster Resolved 2018-09-12

History

#1 Updated by intrigeri 2018-03-29 19:27:03

Next steps:

  • check if this upgrade breaks anything in our automated test suite
  • git grep live/mount and adjust/investigate each occurence

#2 Updated by intrigeri 2018-04-09 16:16:04

  • Priority changed from Normal to High

This upgrade breaks the build of feature/buster because config/chroot_local-patches/live-boot:_dont_mount_live_overlay_twice.patch does not apply cleanly anymore.

#3 Updated by intrigeri 2018-06-02 14:23:55

  • related to Bug #15146: Make memory erasure feature compatible with overlayfs added

#4 Updated by intrigeri 2018-06-02 14:24:07

  • related to deleted (Bug #15146: Make memory erasure feature compatible with overlayfs)

#5 Updated by intrigeri 2018-06-02 14:24:12

  • blocks Bug #15146: Make memory erasure feature compatible with overlayfs added

#6 Updated by intrigeri 2018-06-02 15:18:32

intrigeri wrote:
> This upgrade breaks the build of feature/buster because config/chroot_local-patches/live-boot:_dont_mount_live_overlay_twice.patch does not apply cleanly anymore.

Fixed that part so now one can check what still works and what’s broken.

#7 Updated by intrigeri 2018-06-03 10:28:24

  • Status changed from Confirmed to In Progress
  • Assignee set to intrigeri
  • % Done changed from 0 to 10

A nice side effect of the mountpoints not being under /lib anymore is that overlapping rules should be less of an issue with our AppArmor aliases so we should adjust our AppArmor profiles patches and update wiki/src/contribute/design/application_isolation.mdwn accordingly.

Next steps:

  • Address the same kind of issues that will now appear in different places e.g. /etc/apparmor.d/usr.sbin.cupsd: /{,var/}run/** rm, but that pattern is way less common that the one we were suffering from previously.
  • Check if the kludges done in apparmor-adjust-cupsd-profile.diff for Bug #9963 are still needed.
  • apparmor-adjust-thunderbird-profile.diff: drop the kludges that were added due to conflicting rules.
  • update wiki/src/contribute/design/application_isolation.mdwn

Besides, persistence is broken because live-boot expects stuff to be mounted on /run/live/persistence while our live-persist script mounts it on /live/persistence. Previously it worked thanks to a symlink, see commit:59573b6f7a91dc1f1f5dc9c123ba4f1e350388fb for details. Given the amount of stuff we have that relies on the /live/persitence path, I think we should replace that old symlink (and the corresponding bits in auto/build) with another one created with new file in config/chroot_local-includes/usr/lib/tmpfiles.d/ and see if it’s enough to fix things.

Also, config/chroot_local-patches/remount_persistence_filesystem_readonly_on_shutdown.patch applies just fine for that’s merely because live-tools was not updated to the new paths yet, which can itself cause problems e.g. wrt. caching files before shutdown, ejecting the DVD, and the toram feature (that we don’t support though).

#8 Updated by intrigeri 2018-06-04 06:44:47

intrigeri wrote:
> Besides, persistence is broken because live-boot expects stuff to be mounted on /run/live/persistence while our live-persist script mounts it on /live/persistence. Previously it worked thanks to a symlink, see commit:59573b6f7a91dc1f1f5dc9c123ba4f1e350388fb for details. Given the amount of stuff we have that relies on the /live/persitence path, I think we should replace that old symlink (and the corresponding bits in auto/build) with another one created with new file in config/chroot_local-includes/usr/lib/tmpfiles.d/ and see if it’s enough to fix things.

Adding such a symlink seems to break things even more: persistence cannot be unlocked anymore.

Also, automated tests for memory erasure on shutdown are broken: the message that tells memory wipe was completed is never displayed. I noticed these error messages (with plenty of SquashFS errors before and in between):

systemd-shutdown[1]: Failed to mount /sys to /run/initramfs/sys: No such file or directory
systemd-shutdown[1]: Failed to execute shutdown binary: Input/output error
systemd-shutdown[1]: Failed to finalize file systems, ignoring

Also, Evince manages to open /live/overlay/home/amnesia/.gnupg/default-testpage.pdf (wrong), but I see "EvinceUnableToOpen.png" after at most 10 seconds passes (wrong too) and then of course AppArmor has denied "/usr/bin/evince" from opening "/run/live/overlay/home/amnesia/.gnupg/default-testpage.pdf" fails (correct in this case, but not what it should be). Same problem for Watching a MP4 video stored on the non-persistent filesystem when opening stuff under /live/overlay/home/amnesia/.gnupg/. I think that’s because we still ship a /live/overlay symlink and live-boot manages a /lib/live/mount bind-mount (mount --rbind /run/live ${rootmnt}/lib/live/mount) which provides alternative paths to files we want to deny access from. Even if we dropped our /live/overlay symlink, these files could still be accessed via /lib/live/mount/overlay/. So either we get rid of that bind-mount (and then we have to adapt live-tools) or we re-add the AppArmor aliases that point to the old location (cost: potentially slower boot due to AppArmor profile compilation).

#9 Updated by intrigeri 2018-09-12 06:44:14

  • Assignee changed from intrigeri to CyrilBrulebois
  • Target version changed from Tails_4.0 to Tails_3.10.1
  • Estimated time set to 4 h

I’m sorry I started this work on feature/buster and left it in a quite broken state. Please spend some — but not too much — time trying to complete this and if it proves to be harder than that, revert to Stretch’s live-boot and revert the commits I did for this ticket.

#10 Updated by intrigeri 2018-09-12 06:44:24

#11 Updated by intrigeri 2018-09-12 06:44:33

#12 Updated by intrigeri 2018-10-24 17:03:46

  • Target version changed from Tails_3.10.1 to Tails_3.11

#13 Updated by CyrilBrulebois 2018-12-03 15:25:31

  • Target version changed from Tails_3.11 to Tails_3.12

Punting to version 3.12, as 3.11 is close and other topics have higher priority (USB image etc.).

#14 Updated by CyrilBrulebois 2018-12-30 15:00:02

#15 Updated by CyrilBrulebois 2018-12-30 15:00:08

  • blocked by deleted (Feature #15506: Core work 2018Q4: Foundations Team)

#16 Updated by CyrilBrulebois 2018-12-30 15:05:35

  • related to deleted (Feature #15507: Core work 2019Q1: Foundations Team)

#17 Updated by CyrilBrulebois 2018-12-30 15:05:49

#18 Updated by CyrilBrulebois 2019-01-04 10:12:59

Refreshing my memory by reading this again, I’m reminded that we have these tests that fail regularly on the devel branch already (seen in Jenkins):

Failing Scenarios:
cucumber features/erase_memory.feature:62 # Scenario: Erasure of the aufs read-write branch on shutdown
cucumber features/emergency_shutdown.feature:13 # Scenario: Tails erases memory on DVD boot medium removal: aufs read-write branch
cucumber features/emergency_shutdown.feature:22 # Scenario: Tails erases memory on DVD boot medium removal: vfat
cucumber features/emergency_shutdown.feature:33 # Scenario: Tails erases memory on DVD boot medium removal: LUKS-encrypted ext4
cucumber features/emergency_shutdown.feature:44 # Scenario: Tails erases memory and shuts down on USB boot medium removal: persistent data

Maybe we should investigate those at some point? From a quick search, some tests were mentioned in other bug reports already, like Bug #13462.

#19 Updated by intrigeri 2019-01-04 13:56:13

> Refreshing my memory by reading this again, I’m reminded that we have these tests that fail regularly on the devel branch already (seen in Jenkins):

That’s Bug #16097, on my plate for 3.12, but I wanted to discuss it at the FT meeting today. Probably a blocker before we try to fix the other regression in these tests on feature/buster.

#20 Updated by intrigeri 2019-01-04 15:11:49

  • Assignee changed from CyrilBrulebois to intrigeri
  • Target version changed from Tails_3.12 to Tails_4.0

#21 Updated by intrigeri 2019-01-05 09:23:29

intrigeri wrote:
> I’m sorry I started this work on feature/buster and left it in a quite broken state. Please spend some — but not too much — time trying to complete this and if it proves to be harder than that, revert to Stretch’s live-boot and revert the commits I did for this ticket.

Four months later, since that’s not fixed I’ll do these reverts so this does not taint test suite results, which may hide other kinds of issues we’re trying to identify.

#22 Updated by intrigeri 2019-01-05 09:58:48

#23 Updated by intrigeri 2019-01-05 12:10:32

  • Subject changed from Adjust for live-boot 1:20180328+ to Consider upgrading to live-boot 1:20180328+
  • Assignee deleted (intrigeri)
  • Priority changed from High to Low

Reverted to Stretch’s live-boot for now, so let’s make this ticket about possibly upgrading to Buster’s live-boot again. Not a blocker for the 4.0 release in itself.

#24 Updated by intrigeri 2019-02-06 14:14:33

#25 Updated by intrigeri 2019-02-06 14:14:36

  • blocked by deleted (Feature #15507: Core work 2019Q1: Foundations Team)

#26 Updated by intrigeri 2019-04-02 15:45:51

#27 Updated by intrigeri 2019-04-02 15:46:02

  • Priority changed from Low to Normal
  • Target version deleted (Tails_4.0)

#28 Updated by intrigeri 2019-11-24 08:38:18

  • blocked by deleted (Bug #15146: Make memory erasure feature compatible with overlayfs)

#29 Updated by intrigeri 2020-05-15 08:29:54

  • Description updated

#30 Updated by intrigeri 2020-05-15 08:30:27

  • related to Feature #5691: Consider upgrading to current live-build added

#31 Updated by intrigeri 2020-05-15 08:39:56

  • Description updated

#32 Updated by intrigeri 2020-05-15 08:44:48

  • Subject changed from Consider upgrading to live-boot 1:20180328+ to Consider upgrading to current live-boot