Bug #15477
Consider upgrading to current live-boot
10%
Description
As of Tails 4.6, we’re using Stretch’s live-boot 1:20170112.
Upgrading is not trivial:
- The changes brought by https://bugs.debian.org/886328 (“use /run/live instead of /lib/live/mount”) affect all kinds of stuff such as memory erasure,
live-persist
, AppArmor, and more. - See the initial porting attempt, reverted in commit:f365b9bf941291384b623b0fddc3b8be8e3e6641
Subtasks
Related issues
Related to Tails - Feature #5691: Consider upgrading to current live-build | Confirmed | ||
Blocks Tails - Feature #16209: Core work: Foundations Team | Confirmed | ||
Blocked by Tails - |
Resolved | 2018-09-12 |
History
#1 Updated by intrigeri 2018-03-29 19:27:03
Next steps:
- check if this upgrade breaks anything in our automated test suite
git grep live/mount
and adjust/investigate each occurence
#2 Updated by intrigeri 2018-04-09 16:16:04
- Priority changed from Normal to High
This upgrade breaks the build of feature/buster because config/chroot_local-patches/live-boot:_dont_mount_live_overlay_twice.patch
does not apply cleanly anymore.
#3 Updated by intrigeri 2018-06-02 14:23:55
- related to
Bug #15146: Make memory erasure feature compatible with overlayfs added
#4 Updated by intrigeri 2018-06-02 14:24:07
- related to deleted (
)Bug #15146: Make memory erasure feature compatible with overlayfs
#5 Updated by intrigeri 2018-06-02 14:24:12
- blocks
Bug #15146: Make memory erasure feature compatible with overlayfs added
#6 Updated by intrigeri 2018-06-02 15:18:32
intrigeri wrote:
> This upgrade breaks the build of feature/buster because config/chroot_local-patches/live-boot:_dont_mount_live_overlay_twice.patch
does not apply cleanly anymore.
Fixed that part so now one can check what still works and what’s broken.
#7 Updated by intrigeri 2018-06-03 10:28:24
- Status changed from Confirmed to In Progress
- Assignee set to intrigeri
- % Done changed from 0 to 10
A nice side effect of the mountpoints not being under /lib
anymore is that overlapping rules should be less of an issue with our AppArmor aliases so we should adjust our AppArmor profiles patches and update wiki/src/contribute/design/application_isolation.mdwn
accordingly.
Next steps:
- Address the same kind of issues that will now appear in different places e.g.
/etc/apparmor.d/usr.sbin.cupsd: /{,var/}run/** rm,
but that pattern is way less common that the one we were suffering from previously. - Check if the kludges done in
apparmor-adjust-cupsd-profile.diff
forBug #9963are still needed. apparmor-adjust-thunderbird-profile.diff
: drop the kludges that were added due to conflicting rules.- update
wiki/src/contribute/design/application_isolation.mdwn
Besides, persistence is broken because live-boot expects stuff to be mounted on /run/live/persistence
while our live-persist script mounts it on /live/persistence
. Previously it worked thanks to a symlink, see commit:59573b6f7a91dc1f1f5dc9c123ba4f1e350388fb for details. Given the amount of stuff we have that relies on the /live/persitence
path, I think we should replace that old symlink (and the corresponding bits in auto/build
) with another one created with new file in config/chroot_local-includes/usr/lib/tmpfiles.d/
and see if it’s enough to fix things.
Also, config/chroot_local-patches/remount_persistence_filesystem_readonly_on_shutdown.patch
applies just fine for that’s merely because live-tools was not updated to the new paths yet, which can itself cause problems e.g. wrt. caching files before shutdown, ejecting the DVD, and the toram
feature (that we don’t support though).
#8 Updated by intrigeri 2018-06-04 06:44:47
intrigeri wrote:
> Besides, persistence is broken because live-boot expects stuff to be mounted on /run/live/persistence
while our live-persist script mounts it on /live/persistence
. Previously it worked thanks to a symlink, see commit:59573b6f7a91dc1f1f5dc9c123ba4f1e350388fb for details. Given the amount of stuff we have that relies on the /live/persitence
path, I think we should replace that old symlink (and the corresponding bits in auto/build
) with another one created with new file in config/chroot_local-includes/usr/lib/tmpfiles.d/
and see if it’s enough to fix things.
Adding such a symlink seems to break things even more: persistence cannot be unlocked anymore.
Also, automated tests for memory erasure on shutdown are broken: the message that tells memory wipe was completed is never displayed. I noticed these error messages (with plenty of SquashFS errors before and in between):
systemd-shutdown[1]: Failed to mount /sys to /run/initramfs/sys: No such file or directory
systemd-shutdown[1]: Failed to execute shutdown binary: Input/output error
systemd-shutdown[1]: Failed to finalize file systems, ignoring
Also, Evince manages to open /live/overlay/home/amnesia/.gnupg/default-testpage.pdf
(wrong), but I see "EvinceUnableToOpen.png" after at most 10 seconds
passes (wrong too) and then of course AppArmor has denied "/usr/bin/evince" from opening "/run/live/overlay/home/amnesia/.gnupg/default-testpage.pdf"
fails (correct in this case, but not what it should be). Same problem for Watching a MP4 video stored on the non-persistent filesystem
when opening stuff under /live/overlay/home/amnesia/.gnupg/
. I think that’s because we still ship a /live/overlay
symlink and live-boot manages a /lib/live/mount
bind-mount (mount --rbind /run/live ${rootmnt}/lib/live/mount
) which provides alternative paths to files we want to deny access from. Even if we dropped our /live/overlay
symlink, these files could still be accessed via /lib/live/mount/overlay/
. So either we get rid of that bind-mount (and then we have to adapt live-tools) or we re-add the AppArmor aliases that point to the old location (cost: potentially slower boot due to AppArmor profile compilation).
#9 Updated by intrigeri 2018-09-12 06:44:14
- Assignee changed from intrigeri to CyrilBrulebois
- Target version changed from Tails_4.0 to Tails_3.10.1
- Estimated time set to 4 h
I’m sorry I started this work on feature/buster and left it in a quite broken state. Please spend some — but not too much — time trying to complete this and if it proves to be harder than that, revert to Stretch’s live-boot and revert the commits I did for this ticket.
#10 Updated by intrigeri 2018-09-12 06:44:24
- blocks
Feature #15506: Core work 2018Q4: Foundations Team added
#11 Updated by intrigeri 2018-09-12 06:44:33
- blocks
Feature #15944: Port Tails to Buster added
#12 Updated by intrigeri 2018-10-24 17:03:46
- Target version changed from Tails_3.10.1 to Tails_3.11
#13 Updated by CyrilBrulebois 2018-12-03 15:25:31
- Target version changed from Tails_3.11 to Tails_3.12
Punting to version 3.12, as 3.11 is close and other topics have higher priority (USB image etc.).
#14 Updated by CyrilBrulebois 2018-12-30 15:00:02
- related to
Feature #15507: Core work 2019Q1: Foundations Team added
#15 Updated by CyrilBrulebois 2018-12-30 15:00:08
- blocked by deleted (
)Feature #15506: Core work 2018Q4: Foundations Team
#16 Updated by CyrilBrulebois 2018-12-30 15:05:35
- related to deleted (
)Feature #15507: Core work 2019Q1: Foundations Team
#17 Updated by CyrilBrulebois 2018-12-30 15:05:49
- blocks
Feature #15507: Core work 2019Q1: Foundations Team added
#18 Updated by CyrilBrulebois 2019-01-04 10:12:59
Refreshing my memory by reading this again, I’m reminded that we have these tests that fail regularly on the devel
branch already (seen in Jenkins):
Failing Scenarios:
cucumber features/erase_memory.feature:62 # Scenario: Erasure of the aufs read-write branch on shutdown
cucumber features/emergency_shutdown.feature:13 # Scenario: Tails erases memory on DVD boot medium removal: aufs read-write branch
cucumber features/emergency_shutdown.feature:22 # Scenario: Tails erases memory on DVD boot medium removal: vfat
cucumber features/emergency_shutdown.feature:33 # Scenario: Tails erases memory on DVD boot medium removal: LUKS-encrypted ext4
cucumber features/emergency_shutdown.feature:44 # Scenario: Tails erases memory and shuts down on USB boot medium removal: persistent data
Maybe we should investigate those at some point? From a quick search, some tests were mentioned in other bug reports already, like Bug #13462.
#19 Updated by intrigeri 2019-01-04 13:56:13
> Refreshing my memory by reading this again, I’m reminded that we have these tests that fail regularly on the devel
branch already (seen in Jenkins):
That’s Bug #16097, on my plate for 3.12, but I wanted to discuss it at the FT meeting today. Probably a blocker before we try to fix the other regression in these tests on feature/buster.
#20 Updated by intrigeri 2019-01-04 15:11:49
- Assignee changed from CyrilBrulebois to intrigeri
- Target version changed from Tails_3.12 to Tails_4.0
#21 Updated by intrigeri 2019-01-05 09:23:29
intrigeri wrote:
> I’m sorry I started this work on feature/buster and left it in a quite broken state. Please spend some — but not too much — time trying to complete this and if it proves to be harder than that, revert to Stretch’s live-boot and revert the commits I did for this ticket.
Four months later, since that’s not fixed I’ll do these reverts so this does not taint test suite results, which may hide other kinds of issues we’re trying to identify.
#22 Updated by intrigeri 2019-01-05 09:58:48
- blocked by deleted (
)Feature #15944: Port Tails to Buster
#23 Updated by intrigeri 2019-01-05 12:10:32
- Subject changed from Adjust for live-boot 1:20180328+ to Consider upgrading to live-boot 1:20180328+
- Assignee deleted (
intrigeri) - Priority changed from High to Low
Reverted to Stretch’s live-boot for now, so let’s make this ticket about possibly upgrading to Buster’s live-boot again. Not a blocker for the 4.0 release in itself.
#24 Updated by intrigeri 2019-02-06 14:14:33
- blocks Feature #16209: Core work: Foundations Team added
#25 Updated by intrigeri 2019-02-06 14:14:36
- blocked by deleted (
)Feature #15507: Core work 2019Q1: Foundations Team
#26 Updated by intrigeri 2019-04-02 15:45:51
- blocked by
Feature #15944: Port Tails to Buster added
#27 Updated by intrigeri 2019-04-02 15:46:02
- Priority changed from Low to Normal
- Target version deleted (
Tails_4.0)
#28 Updated by intrigeri 2019-11-24 08:38:18
- blocked by deleted (
)Bug #15146: Make memory erasure feature compatible with overlayfs
#29 Updated by intrigeri 2020-05-15 08:29:54
- Description updated
#30 Updated by intrigeri 2020-05-15 08:30:27
- related to Feature #5691: Consider upgrading to current live-build added
#31 Updated by intrigeri 2020-05-15 08:39:56
- Description updated
#32 Updated by intrigeri 2020-05-15 08:44:48
- Subject changed from Consider upgrading to live-boot 1:20180328+ to Consider upgrading to current live-boot