Bug #7037

Warning on boot: unsafe permissions on tails-iuk homedir

Added by mercedes508 2014-04-07 14:13:14 . Updated 2018-03-14 11:06:26 .

Status:
Resolved
Priority:
Low
Assignee:
Category:
Target version:
Start date:
2014-04-07
Due date:
% Done:

100%

Feature Branch:
bugfix/15318-update-sysadmins-key
Type of work:
Code
Blueprint:

Starter:
0
Affected tool:
Upgrader
Deliverable for:

Description

In the bug reports log I see this line, which may require fixing in Tails, or gpg:

gpg: WARNING: unsafe permissions on homedir `/usr/share/tails-iuk/trusted_gnupg_homedir’

Here’s the relevant part of the log file:

Configuring Tails

- importing GnuPG key
gpg: keyring `/home/amnesia/.gnupg/secring.gpg’ created
gpg: keyring `/home/amnesia/.gnupg/pubring.gpg’ created
gpg: /home/amnesia/.gnupg/trustdb.gpg: trustdb created
gpg: key F0C43132: public key “Tails bug squad <tails-bugs@boum.org>” imported
gpg: key F93E735F: public key “Tails developers (Schleuder mailing-list) <tails@boum.org>” imported
gpg: key BE2CD9C1: public key “Tails developers (signing key) <tails@boum.org>” imported
gpg: Total number processed: 3
gpg: imported: 3 (RSA: 3)
gpg: no ultimately trusted keys found
- importing GnuPG signing key into tails-iuk’s trusted keyring
gpg: WARNING: unsafe permissions on homedir `/usr/share/tails-iuk/trusted_gnupg_homedir’


Subtasks


History

#1 Updated by intrigeri 2014-04-07 16:00:20

  • Status changed from New to Confirmed

#2 Updated by intrigeri 2014-04-07 16:03:20

  • Subject changed from unsafe permissions on tails-iuk homedir to Unsafe permissions on tails-iuk homedir

#3 Updated by intrigeri 2014-05-14 01:44:09

  • Status changed from Confirmed to In Progress
  • % Done changed from 0 to 10
  • Feature Branch set to bugfix/7037-stricter-permissions-on-tails-upgrade-frontend-gnupg-homedir

Initial, untested “fix” pushed.

#4 Updated by intrigeri 2014-08-02 15:51:46

  • Target version set to Tails_1.2

I’d like to clean up this part of my plate for 1.2, as time permits. No blocker.

#5 Updated by intrigeri 2014-09-22 13:01:46

  • Target version deleted (Tails_1.2)

#6 Updated by intrigeri 2015-07-12 04:22:17

  • Subject changed from Unsafe permissions on tails-iuk homedir to Warning on boot: unsafe permissions on tails-iuk homedir
  • Assignee deleted (intrigeri)

Giving up. Note that the warning is hidden by the boot splash in most cases, so it’s not harming most users in practice. Next step is to test the draft branch (after merging current devel into it).

#7 Updated by Anonymous 2017-06-29 13:19:48

This is still the case in Tails 3.0.

As said: one would need to test the proposed branch. Anybody up for that?

#8 Updated by Anonymous 2018-01-15 13:11:48

  • Starter changed from No to Yes

I’m making this a Starter ticket. In order to work on this ticket, you will need to clone the Tails main repository. Merge the above mentioned Feature branch into devel. Build a Tails ISO image and then test. See https://tails.boum.org/contribute/how/code/ for more.

#9 Updated by intrigeri 2018-01-15 13:39:23

  • Starter changed from Yes to No

The criteria for starter code tasks includes “Write a patch that doesn’t need to rebuild Tails” and one cannot work on this without building an ISO.

#10 Updated by Anonymous 2018-01-15 13:49:15

Ack :)

#11 Updated by intrigeri 2018-02-17 17:43:54

  • Assignee set to intrigeri
  • Target version set to Tails_3.6
  • Feature Branch changed from bugfix/7037-stricter-permissions-on-tails-upgrade-frontend-gnupg-homedir to bugfix/15318-update-sysadmins-key

#12 Updated by intrigeri 2018-02-18 06:07:19

  • Assignee changed from intrigeri to bertagaz
  • % Done changed from 10 to 50
  • QA Check set to Ready for QA

At least this does not break incremental upgrades: https://jenkins.tails.boum.org/view/Tails_ISO/job/test_Tails_ISO_bugfix-15318-update-sysadmins-key/2/cucumberTestReport/upgrading-an-old-tails-usb-installation/upgrading-tails-with-tails-upgrader-through-an-incremental-upgrade/. I did not check if it does remove the warning on boot though, will do that now but this should not block the review’n’merge of the branch that’s shared with Bug #15318.

#13 Updated by intrigeri 2018-02-18 07:13:52

  • Assignee changed from bertagaz to intrigeri
  • QA Check changed from Ready for QA to Dev Needed

> I did not check if it does remove the warning on boot though, will do that now

It does not work. I think I know why and I’m testing a tentative fix.

#14 Updated by intrigeri 2018-02-18 08:21:45

  • Assignee changed from intrigeri to bertagaz
  • QA Check changed from Dev Needed to Ready for QA

Now works fine!

#15 Updated by bertagaz 2018-02-19 14:17:52

  • Status changed from In Progress to Fix committed
  • Assignee deleted (bertagaz)
  • % Done changed from 50 to 100
  • QA Check changed from Ready for QA to Pass

intrigeri wrote:
> Now works fine!

Indeed, nice debugging, merged into devel.

#16 Updated by bertagaz 2018-03-14 11:06:27

  • Status changed from Fix committed to Resolved