Tails

#1 Updated by intrigeri 2019-12-12 07:57:05

• Target version set to Tails_4.3

> […] which should expire after the next major release. Right now, it’s schedule in early April, but I don’t think we’re that certain of Mozilla’s calendar and our own. So maybe we should bump those by a month or two just to be on the safe side?

I appreciate that you have such failure modes in mind.

I propose we come back to it in a couple months. By then, we’ll have more info about:

• Whether we’ve already bumped these snapshots, e.g. to get a Buster point release or a kernel upgrade.
• Whether we’ll put out a major release earlier than April (e.g. with overlayfs).

#2 Updated by intrigeri 2020-01-28 09:41:10

• Subject changed from Checking snapshot expiration for 4.1 vs. 4.5 to Check if APT snapshots expiration date (post-4.5) is still far away enough
• Target version changed from Tails_4.3 to Tails_4.4

I’ll have more info about this once 4.3 is out (Feature #17443) and later in February (once segfault and I have resumed work on overlayfs & friends).

#3 Updated by intrigeri 2020-02-23 07:38:16

• Status changed from Confirmed to Needs Validation
• Assignee changed from intrigeri to CyrilBrulebois

FTR, on our stable branch we currently use:

config/APT_snapshots.d:
debian/  debian-security/  .placeholder  torproject/
* Archive 'debian' uses snapshot '2020020902' which expires on: Mon, 08 Jun 2020 15:51:21 +0000
* Archive 'debian-security' uses snapshot 'latest' which expires on: never
* Archive 'torproject' uses snapshot '2020020402' which expires on: Thu, 04 Jun 2020 07:05:54 +0000
---
vagrant/definitions/tails-builder/config/APT_snapshots.d:
debian/  debian-security/  .placeholder  tails/
* Archive 'debian' uses snapshot '2019100904' which expires on: Sun, 19 Apr 2020 13:57:44 +0000
* Archive 'debian-security' uses snapshot '2019100904' which expires on: Sun, 19 Apr 2020 13:57:50 +0000
* Archive 'tails' uses snapshot '2019102001' which expires on: Fri, 17 Apr 2020 08:06:53 +0000

That is:

• snapshots used for the Vagrant box expire 10 days after the 4.5 planned release date; according to the current plan, they’ll be bumped at 4.5 code freeze time late March; but if for whatever reason we change our mind and decide that 4.5 is not a major release, then these snapshots will expire before the next time we would bump them (likely: 4.6~rc1); this gives us very little margin to cope with change so I’ve bumped the expiration date for these snapshots to June 7, i.e. post-4.7.
• snapshots used for the rest of the build expire 2 days after the 4.7 planned release date; that’s a pretty comfortable margin already, and most likely they’ll be updated again in the meantime (Bug #17477 and upcoming similar changes), so I’m not concerned.

So we now have this:

config/APT_snapshots.d:
debian/  debian-security/  .placeholder  torproject/
* Archive 'debian' uses snapshot '2020020902' which expires on: Mon, 08 Jun 2020 15:51:21 +0000
* Archive 'debian-security' uses snapshot 'latest' which expires on: never
* Archive 'torproject' uses snapshot '2020020402' which expires on: Thu, 04 Jun 2020 07:05:54 +0000
---
vagrant/definitions/tails-builder/config/APT_snapshots.d:
debian/  debian-security/  .placeholder  tails/
* Archive 'debian' uses snapshot '2019100904' which expires on: Sun, 07 Jun 2020 07:34:56 +0000
* Archive 'debian-security' uses snapshot '2019100904' which expires on: Sun, 07 Jun 2020 07:35:11 +0000
* Archive 'tails' uses snapshot '2019102001' which expires on: Sun, 07 Jun 2020 07:35:22 +0000

To me, this now looks like a good trade-off between “our code & release process are resilient vs. unplanned release schedule changes” and “disk space usage”. What do you think?

#6 Updated by CyrilBrulebois 2020-02-24 09:10:37

• Status changed from Needs Validation to Resolved

OK, thanks.

Switching to `Resolved` then; I might open other such tickets if unsure during the next few release processes.