Tails

#1 Updated by intrigeri 2015-01-06 14:29:57

• Description updated
• Assignee set to ma1

#2 Updated by intrigeri 2015-01-06 14:30:15

• blocked by Feature #8566: Web prototype of "download and verify" page added

#3 Updated by intrigeri 2015-01-06 14:41:27

• blocks Feature #8568: Integrate the ISO verification extension in the web assistant's prototype added

#4 Updated by intrigeri 2015-01-06 14:49:50

• blocks #8538 added

#5 Updated by intrigeri 2015-01-06 14:51:03

• Target version set to Sustainability_M1

#6 Updated by sajolida 2015-06-05 18:35:33

• Target version changed from Sustainability_M1 to Tails_1.5

Maone said “end of July or beginning of August is more realistic”. That’s more or less Tails 1.5.

#7 Updated by ma1 2015-08-03 15:52:30

• Target version changed from Tails_1.5 to Tails_1.6
• % Done changed from 0 to 40

I’m postponing the target version because I’m currently working with Mozilla to their strategy for add-ons on Electrolysis (their new multi-process/sandboxed browser architecture), which involves a completely new API for extensions to be announced this or next week, released with Firefox 42, and eventually deprecate “old style” add-ons.
Therefore another couple of weeks at least are needed to figure out the best plan for this ISO extension to be compatible with current Firefox / Tor Browser versions but yet to prevent it from becoming obsolete in six months or so.

#8 Updated by ma1 2015-08-28 10:58:05

• Target version changed from Tails_1.6 to Tails_1.7

I’ve been blocked for one month on the public announcement of Mozilla’s strategy for migrating add-ons to Electrolysis (e10s) multi-process & sandboxing architecture.

This finally happened last week,
https://blog.mozilla.org/addons/2015/08/21/the-future-of-developing-firefox-add-ons/

but the situation is still unfolding:

https://wiki.mozilla.org/WebExtensions/
https://wiki.mozilla.org/WebExtensions/FAQ

To cut the story short, the WebExtensions API, which I had hoped to use for this project in order to improve its longevity and make a Chromium porting easier to maintain, will be unusable in the Tor Browser (based on Firefox ESR) for about one year, and anyway not powerful enough for our requirements until my native.js proposal gets actually implemented (https://bugzilla.mozilla.org/show_bug.cgi?id=1199718 filed by Mozilla’s lead WebExtensions developer just minutes ago, with no ETA yet).

Therefore the only currently available technological option is the Add-ons SDK (AKA “Jetpack”), ensuring longevity if its usage is limited to high level APIs. I had a meeting today with Mozilla’s e10s/add-ons team and I’ve been assured they’re gonna give us all the assistance needed for our extensions to be viable and supported in any foreseeable future Firefox version.

I’ve already set up a development environment and started hacking. I’m gonna commit something to the git repository next week, and a working prototype most likely by the end of September.

At any rate, we’re definitely going to be done and ready for extensive user testing by the end of October.

#9 Updated by sajolida 2015-11-02 15:17:36

• Target version changed from Tails_1.7 to Tails_1.8

Giorgio clarified that this is going to happen after 1.7 (ETA November 7).

#10 Updated by ma1 2015-11-07 20:24:44

• % Done changed from 40 to 80

Sorry for the cross posting, but the story is the same.

I’m currently having a bad time at updating the git repository, looks like my credentials are outdated.

The extension and the sniffing code work fine regarding:

1. certificate pinning
2. UI population from the safe data sources (e.g. download link and hash)
3. asynchronous sha256 verification of arbitrary local files (“I already have an ISO image” link)
4. revealing the verified file in the filesystem explorer (e.g. “Copy image to first USB stick”).

What is currently broken is the synchronization with the download manager, but I hope to have it fixed by Monday.

Until I do it and figure out how to update the repo, you can play with both the web page prototype and the extension at

https://maone.net/dev/tails/download.html

and download the sources from

https://maone.net/dev/tails/src/dave-0.0.5.zip

#11 Updated by sajolida 2015-11-09 03:44:47

• File use + verify checksum.png added

Thanks for the prototype. I’m very excited to finally have something to play with.

Here are some initial comments from what I could test so far:

• Once installed, the extension goes to “We detected that you are
  running Firefox or Tor Browser and already have our Firefox
  extension installed.” (wireframe page 4) while it should instead go to
  “Download Tails 1.3 ISO image” (wireframe page 9). Now I
  understand how page 8 of the wireframe is ambiguous as it doesn’t
  make it clear that the idea is to move to page 9 automatically.
• So after that, we’re on page 9 and the first label should be “Install
  Firefox extension” instead of currently “Use Firefox extension” as
  my previous step was to install the extension (it was not installed
  already). In HTML terms, we should display #supported-browser #install.
• When I go back to the beginning with the extension already installed I get to see “Verify ISO image” before downloading anything. See screenshot.

#13 Updated by ma1 2015-11-09 17:48:35

• % Done changed from 80 to 90

Pushed a few more commits to the ma1/download-and-verify-extension repo and the live https://maone.net/dev/tails environment.

We’re almost there: with download manager synchronization is working, including live progress bar and automatic verification on completion.

The control buttons (pause/resume/cancel/restart) are still not wired with the download manager, which however can be already controlled from Firefox’s own UI: the web page actually acts as a view on the download manager, and the verifier kicks in no matter how you started the download.

To be done also an overall polish of the UI states consistency, following up what observed by sajolida at comment 11 and other stuff I noticed myself.

#16 Updated by ma1 2015-11-12 08:05:50

• % Done changed from 90 to 100
• QA Check set to Ready for QA

UI buttons and download manager synchronization should be functional.
Please refer to latest git commit and live preview on https://maone.net/

Some HTML merging with tchou’s work probably needed.

Thanks for the patience :)

#17 Updated by sajolida 2015-11-12 08:43:01

• QA Check changed from Ready for QA to Dev Needed
• Affected tool set to ISO Verification Extension

Comments sent on tails-dev: https://mailman.boum.org/pipermail/tails-dev/2015-November/009744.html

Now I see that you were working on the code again as I was writing then. So I’ll check whether they are still relevant. Some of them most likely will, so I’m marking this as “Dev Needed”.

#19 Updated by sajolida 2015-11-19 09:06:16

• Status changed from Confirmed to Resolved
• Assignee deleted (ma1)

Let’s say this is done. We’ll open new tickets for future issues.