Tails

#1 Updated by intrigeri 2020-02-14 10:25:31

• blocks Feature #16209: Core work: Foundations Team added

#2 Updated by intrigeri 2020-02-14 10:29:17

• Status changed from Confirmed to In Progress
• Feature Branch set to bugfix/17458-buster-10.3+force-all-tests

#3 Updated by intrigeri 2020-02-15 15:02:28

• Description updated
• Status changed from In Progress to Needs Validation
• Assignee deleted (intrigeri)
• Feature Branch changed from bugfix/17458-buster-10.3+force-all-tests to feature/17477-linux-5.4.19+force-all-tests

Across 3 full test suite runs (2 × on https://jenkins.tails.boum.org/job/test_Tails_ISO_feature-17477-linux-5.4.19-force-all-tests/, 1 × local) I’ve seen all scenarios pass.

About the Debian changelog:

• It looks reasonable.
• As usual, the 5.4.13 → 5.4.19 bump brings in tons of bugfixes, including hardware support ones, that we probably want.
• Only 2 severe relevant CVEs, both in the Marvell Wi-Fi driver (likely remote code exec).

No regression reported in the Debian BTS but this new version has only been uploaded 2 days ago.

I feel it’s a bit early to decide whether we want this upgrade in Tails 4.4, so I did not do any bare metal testing yet, besides running it on my own sid main system.

Dear reviewer, please:

1. If happy, review and merge into devel.
2. Reassign to me for the next steps, that will be aimed to the stable branch, with a different timing.

#4 Updated by intrigeri 2020-02-16 10:17:57

• blocked by Bug #17481: Refresh our patches to apply on top of thunderbird 1:68.5.0-1~deb10u1 added

#6 Updated by segfault 2020-02-29 21:56:56

• Status changed from Needs Validation to In Progress
• Assignee set to intrigeri

intrigeri wrote:
> Hi @segfault,
>
> do you think you could look into this soonish?
>
> Not on this fixes the devel branch FTBFS (which causes alert fatigue on the RM mailing list), but it would unblock me for the next steps, i.e. apply this upgrade to the stable branch in time for our next release :)

Sure. Merged into devel.

#7 Updated by intrigeri 2020-03-01 06:53:01

• Priority changed from High to Elevated

#8 Updated by intrigeri 2020-03-01 08:10:55

• Feature Branch changed from feature/17477-linux-5.4.19+force-all-tests to feature/17477-linux-5.4.19-stable+force-all-tests

So, this version was uploaded on Feb 13 and migrated to testing on Feb 18. I think this gave enough time to spot the most important regressions so I looked at the Debian BTS, and found none.

I prepared a branch forked off stable. Next steps:

• check CI results
• test on bare metal
• compare .build-manifest and .packages diff vs. current stable

#9 Updated by intrigeri 2020-03-01 16:00:08

• Status changed from In Progress to Needs Validation
• Assignee deleted (intrigeri)

> * check CI results

Full test suite passed locally.

> * test on bare metal

My usual basic bare metal tests (boots from USB, Wi-Fi works, I can watch a video on YouTube with sound, unplugging the USB stick triggers emergency shutdown) pass on ThinkPad X200 and HP EliteBook 840 G1.

> * compare .build-manifest and .packages diff vs. current stable

Apart of the kernel upgrade:

• dogtail 0.9.11-5 → 0.9.11-6: patched so that its test suite passes with newer gedit, retaining compatibility with older one
• virtualbox 6.1.2-dfsg-1 → 6.1.4-dfsg-1

Sounds reasonable to me.

⇒ Checklist completed, please review and merge :)

#10 Updated by segfault 2020-03-01 18:46:34

• Status changed from Needs Validation to Resolved
• % Done changed from 0 to 100

Applied in changeset commit:tails|21a03310e4c8645812ea7a23fba644fd7bf44f70.