Feature #17332: Upgrade Linux to 5.3.15+

Feature #17332

Upgrade Linux to 5.3.15+

Added by intrigeri 2019-12-12 08:22:49 . Updated 2020-01-05 16:39:14 .

Status:

Resolved

Priority:

Elevated

Assignee:

Category:

Target version:

Tails_4.2

Start date:

Due date:

% Done:

100%

Feature Branch:

feature/17332-linux-5.3.15-for-stable+force-all-tests

Type of work:

Code

Blueprint:

Starter:

Affected tool:

Deliverable for:

Description

Subtasks

Related issues

Blocked by Tails - ~~Bug #17265~~: devel branch FTBFS since torbrowser-launcher 0.3.2-4 was uploaded to sid	Resolved
Blocks Tails - Feature #16209: Core work: Foundations Team	Confirmed

History

#1 Updated by intrigeri 2019-12-12 08:23:12

blocked by ~~Bug #17265~~: devel branch FTBFS since torbrowser-launcher 0.3.2-4 was uploaded to sid added

#2 Updated by intrigeri 2019-12-12 08:23:17

blocks Feature #16209: Core work: Foundations Team added

#3 Updated by anonym 2019-12-12 12:55:29

Status changed from Confirmed to Needs Validation
Assignee set to anonym
% Done changed from 0 to 40
Feature Branch set to feature/17332-linux-5.3.15+17265-tor-browser-aa-profile-refresh

devel is FTBFS because linux 5.3.0-2 is not available any more, and doing this upgrade is the fix. See also Bug #17215#note-6.

#4 Updated by anonym 2019-12-12 12:56:46

Status changed from Needs Validation to In Progress

Applied in changeset commit:tails|edbab89c44622193a8aa633febd1fb8d7d1d4e8d.

#5 Updated by anonym 2019-12-12 13:00:32

Status changed from In Progress to Needs Validation
Feature Branch changed from feature/17332-linux-5.3.15+17265-tor-browser-aa-profile-refresh to feature/17332-linux-5.3.15+17265-tor-browser-aa-profile-refresh+force-all-tests

I’ve tested that the image boots on a Thinkpad T430, otherwise I’m just waiting for Jenkins results. (Which made me realize I should re-push this branch as +force-all-tests.)

#6 Updated by intrigeri 2019-12-12 14:20:08

Hi @anonym, I’m glad you’re working on this!

Could you please clarify which part of our checklist (see link in the ticket description) you went through?

#7 Updated by anonym 2019-12-13 09:55:46

intrigeri wrote:
> Could you please clarify which part of our checklist (see link in the ticket description) you went through?

I just skimmed it, but the whole “decision” part didn’t make sense to me in this situation: devel is completely broken without this kernel bump so I consider it a no-brainer.

I admit I didn’t really do any of this work with 4.2 in mind, only to get devel to build.

#8 Updated by intrigeri 2019-12-13 10:02:34

> I just skimmed it, but the whole “decision” part didn’t make sense to me in this situation: devel is completely broken without this kernel bump so I consider it a no-brainer.

> I admit I didn’t really do any of this work with 4.2 in mind, only to get devel to build.

Thanks for the clarification! Once you’re happy with test results, please reassign to me, and I’ll review this branch as such. I will then leave this ticket open with a scope refocused on 4.2.

#9 Updated by anonym 2019-12-13 10:32:03

Assignee changed from anonym to intrigeri
% Done changed from 40 to 50

Jenkins’ results look good: the only two failures are because of Bug #17169.

Please merge!

#10 Updated by intrigeri 2019-12-13 11:33:01

Status changed from Needs Validation to In Progress
Assignee changed from intrigeri to anonym

I can’t find the corresponding changes in torbrowser-launcher.git.
Could you please push them?

#11 Updated by anonym 2019-12-13 12:03:15

Assignee changed from anonym to intrigeri

intrigeri wrote:
> I can’t find the corresponding changes in torbrowser-launcher.git.

Pushed to the feature/17265-tor-browser-aa-profile branch!

Sorry about this! I had strange issues while following the instructions, but I cannot reproduce them any more, so yay!

#12 Updated by intrigeri 2019-12-13 12:50:34

Status changed from In Progress to Needs Validation

#13 Updated by intrigeri 2019-12-14 09:52:46

Status changed from Needs Validation to In Progress

Applied in changeset commit:tails|3776f9121307dfb16afcf211d1480513737b88b9.

#14 Updated by intrigeri 2019-12-14 09:56:25

Assignee deleted (~~intrigeri~~)
Feature Branch deleted (~~feature/17332-linux-5.3.15+17265-tor-browser-aa-profile-refresh+force-all-tests~~)

Next steps for 4.2:

follow https://tails.boum.org/contribute/Linux_kernel/ to decide whether to upgrade
if we decide to upgrade:
1. prepare a branch forked off stable that bumps the ‘debian’ APT snapshot and cherry-picks the relevant commits from feature/17332-linux-5.3.15+17265-tor-browser-aa-profile-refresh+force-all-tests
2. check what the APT snapshot bump changes apart of the kernel upgrade
3. go through the rest of https://tails.boum.org/contribute/Linux_kernel/

#15 Updated by intrigeri 2019-12-28 12:11:21

Assignee set to intrigeri

#16 Updated by intrigeri 2019-12-28 12:34:35

intrigeri wrote:
> Next steps for 4.2:
>
> # follow https://tails.boum.org/contribute/Linux_kernel/ to decide whether to upgrade

First, let’s note that 5.4.6 is ready in Vcs-Git, but:

Even if it’s uploaded in time for Tails 4.2, it feels a bit scary to upgrade to a new major Linux version so late in our dev cycle.
Relevant CVE it fixes are not super worrying: https://security-tracker.debian.org/tracker/CVE-2019-19071, https://security-tracker.debian.org/tracker/CVE-2019-19062

So I’ll focus on 5.3.15-1:

It has migrated to testing 2 weeks ago so it got plenty of exposure to real-world testing.
We’re using it on our devel branch already.
The Debian BTS points to no significant regressions. I’m only slightly concerned about https://bugs.debian.org/946524 but the reporter of that bug saw it only once.
Among the CVEs it fixes, one seems relevant: https://security-tracker.debian.org/tracker/CVE-2019-15099.
Tons of bug fixes and hardware support fixes.

⇒ To me it’s a no brainer: unless our CI reveals an important regression, I think we should upgrade.

#17 Updated by intrigeri 2019-12-28 13:20:16

Feature Branch set to feature/17332-linux-5.3.15-for-stable+force-all-tests

#18 Updated by intrigeri 2019-12-29 08:14:33

Status changed from In Progress to Needs Validation
Assignee deleted (~~intrigeri~~)

CI looks OK (not worse than devel on lizard; and on the more powerful hardware I have locally, I’ve seen all scenarios pass once, except the Seahorse sync’ keys ones that currently just reproduce a known Tails bug).

Boots fine on the 2 spare laptops I have here (1 UEFI, 1 legacy BIOS), up to connecting to Wi-Fi and to Tor. Emergency shutdown is triggered as expected when unplugging the USB stick.

Finally, the diff of the .packages files between a build from stable and a build from this branch only has the kernel upgrade and amd64-microcode (3.20191021.1 → 3.20191218.1, which does nothing but remove some microcode updates that are “known to cause issues”).

#19 Updated by intrigeri 2020-01-02 07:22:19

Priority changed from Normal to Elevated

#20 Updated by segfault 2020-01-05 16:39:14

Status changed from Needs Validation to Resolved
% Done changed from 50 to 100

Applied in changeset commit:tails|751f169b54f15a8e68ac47f28a085c60ede7f3ae.