zerotracepen (5.1)

  • Upgrade to Thunderbird 91.9.0

    • Upgrade to Tor Browser 11.0.14 based on Firefox 91.10 (zerotracepen/zerotracepen!852)

    Closes issues:

    • Upgrade to Tor Browser 11.0.14 based on Firefox 91.10 (zerotracepen/zerotracepen#18979)

    Commits:

    • htpdate: replace tachanka.org with www.autistici.org
    • Mark security advisory against 5.0 as fixed
    • Fetch Tor Browser from our own archive
    • Upgrade Tor Browser to 11.0.14-build1
    • Resolve "displayed_time_str fails in test suite" (zerotracepen/zerotracepen!839)

    Closes issues:

    • displayed_time_str fails in test suite (zerotracepen/zerotracepen#18991)

    Commits:

    • Ignore advisories when looking for displayed time
    • help debug
    • FIX Clock disappearing when the user sets UTC as their local timezone
      (zerotracepen/zerotracepen!841)

    Closes issues:

    • Clock disappears from the GNOME top bar after "Fix the clock" and choosing UTC
      timezone (zerotracepen/zerotracepen#18993)

    Commits:

    • safety net for future problems
    • handle UTC special-case
    • Test suite: workaround lost and duplicate key presses by pasting long strings
      instead of typing them (zerotracepen/zerotracepen!821)

    Commits:

    • Test suite: merge step used only by another step into its caller
    • Test suite: paste long strings instead of typing them
    • Test suite: drop useless step
    • Test suite: refactor (extract code to method)
    • Test suite: Make opening GNOME menus more robust (zerotracepen/zerotracepen!816)

    Closes issues:

    • Opening GNOME menus in the test suite on Bullseye is very fragile
      (zerotracepen/zerotracepen#18930)

    Commits:

    • Test suite: try harder to open GNOME menus
    • Test suite: drop unnecessary delay
    • Test suite: use Dogtail to check presence of GNOME bookmarks
    • Test suite: use Dogtail to open the GNOME menus
    • Test suite: wait for the desktop to be visible before we interact with it after
      restoring a snapshot
    • Lint.
    • Upgrade to Linux 5.10.113-1 (DSA 5127-1) (zerotracepen/zerotracepen!813)

    Closes issues:

    • Upgrade Linux to 5.10.113-1 (DSA 5127-1) (zerotracepen/zerotracepen#18962)

    Commits:

    • Upgrade to Linux 5.10.113-1 (DSA 5127-1)
    • Make console-setup.service startup non-racy (zerotracepen/zerotracepen!811)

    Closes issues:

    • console-setup.service fails sometimes, which breaks "Tor is ready" in test
      suite (zerotracepen/zerotracepen#18636)

    Commits:

    • Make console-setup.service startup non-racy
    • Test suite: support running on Ruby 3.0 (zerotracepen/zerotracepen!810)

    Closes issues:

    • Test suite misbehaves on Ruby 3.0, e.g. "the Tor Connection Assistant connects
      to Tor" step always incorrectly fails (zerotracepen/zerotracepen#18904)

    Commits:

    • Test suite: ensure we don't try to click the "Restore Disk Image" button before
      it's visible
    • Test suite: support Bookworm host system's improved UEFI graphics
    • Test suite: enable Ruby deprecation warnings
    • Test suite: adjust to separation of positional and keyword arguments in Ruby
      3.0
    • Test suite: update button label for Bullseye
    • Remove duplicate word in comment
    • Test suite: drop workaround for Ruby < 2.7
    • Test suite: migrate from deprecated luks_open and luksclose to
      cryptsetup
      {open,close}
    • test https-get-expired with sid's Go (zerotracepen/zerotracepen!849)

    Commits:

    • GitLab CI: only run https-get-expired-sid job when relevant
    • GitLab CI: factorize
    • GitLab CI: test https-get-expired with sid's Go on a sid image
    • also test https-get-expired with sid's golang
    • Vagrant: install ikiwiki that fixes #18992 (zerotracepen/zerotracepen!847)

    Closes issues:

    • ikiwiki generates buggy PO files with po4a 0.62 (zerotracepen/zerotracepen#18992)

    Commits:

    • Vagrant: stop using the obsolete builder-jessie APT suite
    • Vagrant: install ikiwiki that fixes #18992
    • tca-portal: stricter validation (zerotracepen/zerotracepen!846)

    Commits:

    • test: right length, valid for date(1), but invalid format
    • drop test case for "minutes" timespec
    • be more explicit about the format we want
    • seconds always included
    • stricter validation for SetTimeCommand
    • ignore advisories + better debug (zerotracepen/zerotracepen!845)

    Commits:

    • ignore advisory
    • FIX error message
    • Test suite: fix regression when testing Tor Connection in non-English locale
      (zerotracepen/zerotracepen!843)

    Commits:

    • Test suite: fix regression when testing Tor Connection in non-English locale
    • FIX sharing via onionshare from nautilus (zerotracepen/zerotracepen!840)

    Closes issues:

    • "Share via OnionShare" does nothing (zerotracepen/zerotracepen#18990)

    Commits:

    • FIX sharing via onionshare from nautilus
    • lint_po: ignore unknown-message-flag errors (zerotracepen/zerotracepen!836)

    Commits:

    • lint_po: ignore unknown-message-flag errors
    • Don't enable "configure a bridge" just because the user looked at the hide mode
      (zerotracepen/zerotracepen!835)

    Closes issues:

    • “Configure a Bridge” is enabled when rolling back from hiding Tor
      (zerotracepen/zerotracepen#18546)

    Commits:

    • regression test for #18546
    • enable easymode-bridges only in easy mode
    • Vagrant build box: upgrade to po4a 0.62-1 (zerotracepen/zerotracepen!834)

    Commits:

    • Vagrant build box: drop APT configuration for Buster
    • Vagrant build box: upgrade to po4a 0.62-1
    • Installer: create system partition 2 MiB from the beginning of the drive
      (zerotracepen/zerotracepen!832)

    Commits:

    • Installer: create system partition 2 MiB from the beginning of the drive
    • Various Tor Connection UX improvements (zerotracepen/zerotracepen!831)

    Closes issues:

    • Tor Connection: Give the same instructions on both bridge screens
      (zerotracepen/zerotracepen#18596)
    • Always tell whether bridges are used in the success screen (zerotracepen/zerotracepen#18547)

    Commits:

    • Clarify docstring
    • Test suite: update expected images
    • Make phrasing consistent
    • Test suite: DRY
    • refactor: properties allow our code to be clearer
    • bridges: same instructions on both screens
    • Success message conditional to bridges
    • Rewrite the home pages of the Unsafe Browser + Have different homes for the
      Unsafe Browser depending on whether we're connected to Tor already
      (zerotracepen/zerotracepen!829)

    Closes issues:

    • Have different homes for the Unsafe Browser depending on whether we're
      connected to Tor already (zerotracepen/zerotracepen#18601)
    • Rewrite the home pages of the Unsafe Browser (zerotracepen/zerotracepen#18602)

    Commits:

    • Apply style guide
    • Improve sentence
    • Improve grammar
    • Improve grammar
    • Improve grammar
    • Be more clear
    • Add illustration by Andrés
    • Test suite: remove obsolete localized images
    • Test suite: update expected image
    • Test suite: add missing @doc tag
    • FIX wrong path was checked
    • Clarify that the image is an example
    • Clarify use of CSS (Take 2)
    • Unsafe browser: home page if non connected to Tor
    • Clarify use of CSS
    • Rework CSS
    • Improve structure
    • Write a dedicated page for captive portals
    • Improve instructions
    • Give examples of websites to use
    • Use our own image and remove the login and password
    • Shorten
    • Test suite: misc. robustness improvements (zerotracepen/zerotracepen!827)

    Closes issues:

    • Tests for backup are fragile (zerotracepen/zerotracepen#18727)

    Commits:

    • Test suite: add localized expected image for Unsafe Browser start page in pt_BR
    • Test suite: enable debug logging for Screen#wait
    • Test suite: Fix frequent "cannot find Zero Trace PenGreeterLoginButton.png" failures
    • Test suite: update expected image for Bullseye
    • Test suite: give the XMPP server some time to create the room
    • Test suite: update expected Pidgin images
    • Test suite: fix error message
    • Test suite: Improve error reporting
    • Test suite: Fix clock upper bound calculation
    • Test suite: refactoring (save value to variable)
    • Test suite: Drop most debugging info for issue that does not happen anymore
    • Test suite: Drop spurious verb in debug log
    • Revert "Mark test scenario as fragile"
    • Test suite (backup): Wait for Zenity to have filled its widgets with the
      expected text
    • Upgrade apt-cacher-ng to bullseye-backports - fixes issue #18931
      (zerotracepen/zerotracepen!825)

    Closes issues:

    • rake build fails - apt-get works erratically ( 502 connection closed
      [IP:127.0.0.1:3142] ) - No build artifacts were found! (zerotracepen/zerotracepen#18931)

    Commits:

    • Upgrade apt-cacher-ng to bullseye-backports.
    • Disable search providers in the Activities Overview: Calculator, Nautilus,
      Terminal (zerotracepen/zerotracepen!824)

    Closes issues:

    • Disable some GNOME Overview search providers (zerotracepen/zerotracepen#18952)

    Commits:

    • Disable search providers in the Activities Overview: Calculator, Contacts,
      Documents, Nautilus, Terminal
    • Test suite: ignore failures to destroy a stopped domain (zerotracepen/zerotracepen!822)

    Closes issues:

    • Scenario: "Upgrading an old Zero Trace Pen USB installation from another Zero Trace Pen USB
      drive" after-hook is racy (zerotracepen/zerotracepen#18972)

    Commits:

    • Test suite: ignore failures to destroy a stopped domain
    • Associate OpenPGP-encrypted files with Kleopatra (zerotracepen/zerotracepen!820)

    Closes issues:

    • Zero Trace Pen 5 does not decrypt .gpg files when double-clicking them
      (zerotracepen/zerotracepen#18967)

    Commits:

    • Associate OpenPGP-encrypted files with Kleopatra
    • safely get gnome_env_vars (zerotracepen/zerotracepen!819)

    Commits:

    • clarify about which environment is being dumped
    • Clarify comment
    • Fix typo in comment
    • comments clarify why we think we are safe
    • fix systemd path
    • gnome_env_vars look at the gnome-shell env dump
    • gnome-shell dumps its conf in a root-owned file
    • Avoid user confusion wrt. name of the default KeePassXC database
      (zerotracepen/zerotracepen!818)

    Closes issues:

    • KeePassXC offers to rename the default database on non-English locales
      (zerotracepen/zerotracepen#18966)

    Commits:

    • Silence false positive
    • Drop obsolete reason
    • Don't allow translating Passwords.kdbx
    • Use Bullseye debootstrap configuration (zerotracepen/zerotracepen!817)

    Commits:

    • Use Bullseye debootstrap configuration
    • FIX IUK verification when we have 2 series at the same time (zerotracepen/zerotracepen!815)

    Closes issues:

    • bin/copy-iuks-to-rsync-server-and-verify failing because of old releases
      (zerotracepen/zerotracepen#18959)

    Commits:

    • Apply 1 suggestion(s) to 1 file(s)
    • document how the RM should use this command
    • don't fail when 404s have been ignored
    • proper exit code on failure
    • refactor --ignore-404
    • refactor run()
    • fix leftover
    • 404s found -> non-zero exit code
    • --ignore-404 and --dry-run
    • Fix FTBFS with uBlock 1.42 (zerotracepen/zerotracepen!814)

    Commits:

    • Unfuzzy patch
    • Upgrade to tor 0.4.7.7 (zerotracepen/zerotracepen!812)

    Closes issues:

    • Upgrade to tor 0.4.7.x (zerotracepen/zerotracepen#18932)

    Commits:

    • Upgrade to tor 0.4.7.7
    • Add translation files for Qt5 (#18958) (zerotracepen/zerotracepen!808)

    Closes issues:

    • Translations of basic Qt5 strings are missing (zerotracepen/zerotracepen#18958)

    Commits:

    • Add translation files for Qt
    • Make news/version_3* non-translatable (#16758) (zerotracepen/zerotracepen!805)

    Commits:

    • Make news/version_3* non-translatable (#16758)
    • Add Kleopatra to the Favorites (zerotracepen/zerotracepen!802)

    Commits:

    • Test suite: make expected image a tiny bit smaller
    • Add Kleopatra to the Favorites submenu
    • Test suite: drop pre-Bullseye compatibility (zerotracepen/zerotracepen!789)

    Commits:

    • Test suite: drop workaround for Ruby < 2.7
    • Test suite: migrate from deprecated luks_open and luksclose to
      cryptsetup
      {open,close}
    • Add to confirm before restarting (#18912) (zerotracepen/zerotracepen!782)

    Closes issues:

    • New dialog when Unsafe Browser is not enabled makes it too easy to lose work
      (zerotracepen/zerotracepen#18912)

    Commits:

    • Make code more readable
    • Make function's responsibility tighter to simplify its code
    • Handle new code branch that was forgotten
    • Fix local variables declaration
    • Use 'Cancel' as default button (#18912)
    • 'Cancel' is more standard
    • Add to confirm before restarting (#18912)
    • Display time in the timezone that the user has chosen in Tor Connection
      (zerotracepen/zerotracepen!751)

    Closes issues:

    • Display time in the timezone that the user has chosen in Tor Connection
      (zerotracepen/zerotracepen#6284)

    Commits:

    • Design doc: Explain security trade-off
    • Test suite: Explain that Asia/Shanghai == +08:00
    • zerotracepen-get-date: use Python instead of date(1)
    • Fix typo in error message
    • Test suite: ensure the displayed clock is in the user's timezone
    • Test suite: remove workaround
    • Test suite: refactor (extract code do method)
    • Test suite: be more defensive to give better error output
    • Test suite: send debug info to the debug log
    • Test suite: make step name clearer
    • Design doc: mention timezone status and plans
    • Apply 1 suggestion(s) to 1 file(s)
    • Fix typo in comment
    • Improve grammar
    • Improve grammar
    • Remove unnecessary comma
    • try to fix the vertical misalignment
    • Update to #6284
    • Link back to main page
    • https://www.merriam-webster.com/dictionary/time%20zone
    • Move FAQ to a dedicated page
    • Shorten path
    • Don't potentially overwrite TZ key in dict with environment's value.
    • Cleanup dead code, fix formatting.
    • Consistently display GMT instead of UTC.
    • Use the same time format as GNOME's clock.
    • use date to format the date
    • date@ extension does The Right Thing
    • DRAFT: display time in local timezone
    • Follow-up on "Audit tca-portal" (zerotracepen/zerotracepen!723)

    Commits:

    • useless shellcheck directive
    • Apply 2 suggestion(s) to 2 file(s)
    • Fix typo in comment
    • clarify how we believe pgrep --ns 1 will help us
    • PersistenceSetupCommand: gnome_env_vars not needed
    • export_gnome_env hardening
    • some more validation when setting system time
    • gnome.py executes later; required for testing
    • add some doctests to tca-portal
    • more tuples, less lists
    • clarify: we are fine with the TOCTOU
    • --systemd-socket is exclusive with --listen
    • be more explicit about stdout/stderr handling
    • clarify handle_* comments
    • clarify what is the role of handle_line
    • anchor SetTimeCommand regexp
    • clarify comment about validate_args
    • use full path to commands whenever possible
    • Automatic time sync before connecting to Tor in automatic mode
      (zerotracepen/zerotracepen!681)

    Closes issues:

    • Mitigate attack by active network adversary on automated time sync + replayed
      Tor consensus (zerotracepen/zerotracepen#18830)
    • Automatic time sync before connecting to Tor in automatic mode
      (zerotracepen/zerotracepen#18717)

    Commits:

    • Test suite: rename step to make it closer to what a user would do
    • use the non-deprecated version of "Tor is ready"
    • Use less jargon
    • Add missing word in comment
    • Update comment: this now build reproducibly
    • Clarify comment
    • fix undefined local variable
    • zerotracepen-get-network-time better syslog
    • zerotracepen-get-network-time has timeout
    • refactor old test case based on new functions
    • new test: time sync times out
    • tor connection runs even if timesync fails
    • python style
    • some info is shown during network time sync
    • comments
    • wait for time to be retrieved before starting Tor
    • use APT preferences, not --target-release
    • gitlab tests run with the correct Go version
    • public key type check
    • Explain why these if statements don't apply to us
    • Fix typo
    • Design doc: 2 out of 3 is enough since we're using the median
    • ignore redirects
    • test all urls in htpdate.pools
    • https-get-expired gets more testing
    • https-get-expired: explain how this compares to Go implementation
    • Test suite: explain why scenarios pass in a somewhat surprisingly manner
    • Lint
    • Lint
    • Design doc: explain why we accept a risk
    • Design doc: improve phrasing
    • Design doc: drop conditional
    • Design doc: explain why we're protected
    • Design doc: clarify phrasing
    • Update design doc: this is not a problem anymore
    • reproducibility: clean cache after compiling
    • fix spelling
    • htpdate performs the median
    • design doc: explain https-get-expired
    • Lint: gofmt
    • Pick Go from buster-backports
    • try to make go build reproducible: -trimpath
    • Test suite: mark fragile scenario as such
    • https-get-expired: CI tests now
    • test https-get-expired building
    • https-get-expired gains -proxy option
    • port htpdate to https-get-expired
    • https-get-expired: more similar to htpdate's curl
    • https-get-expired output headers, not body
    • fix go compilation
    • add https-get-expired: will need for time sync
    • "date in past" check is more robust
    • sanity check: the new date cannot be in the past
    • unsafe browser is checked for tor leaks
    • UnsafeBrowser correctly detects if we're online
    • checking DisableNetowrk is #18293-aware
    • Merge the new scenario with the old one
    • FIX restore: some snapshot has network but no Tor
    • UnsafeBrowser tests don't need Tor; scenarios--
    • FIX we don't even need to check Tor
    • Test suite: clarify what we're actually testing
    • Improve grammar
    • Fix typo
    • Fix typo
    • Update doc to automatic time sync (#18717)
    • Improve structure of design doc
    • Avoid jargon
    • Design doc: copy more detailed explanation from the blueprint
    • Design doc: improve structure
    • Design doc: document new automatic time sync mechanism
    • Remove very old explanation
    • wording: we're looking for unneeded exceptions
    • Apply 5 suggestion(s) to 2 file(s)
    • FIX test case: allow it to use time sync
    • "flow through" supports fake connectivity check
    • FIX globally setting allowed DNS queries
    • refactor check for leaks
    • debugging leaks is easier
    • fix DNS query for easy mode
    • test suite self-correction warning
    • dns queries are allowed only when needed
    • +debug "traffic has only flowed through"
    • break the "Tor is ready" step in two
    • rubocop
    • easy-mode allowed_hosts are set in tca_configure
    • explicitly allow connectivity check in many tests
    • fix time sync error simulation
    • fix exception wording
    • use DNS inspection to check for leaks
    • the FirewallHelper is DNS-aware
    • one more check
    • test "traffic only flows through" supports timesync
    • Add tests for time sync before Tor connects
    • Improve TCA test suite code
    • add vm script to upload/download files
    • zerotracepen-get-network-time: don't assume anything about body encoding
    • Raise exception instance, not class
    • Clean up code
    • zerotracepen-get-network-time: emulate NetworkManager's behavior more closely
    • Move hard-coded string to constant
    • Blacken
    • zerotracepen-get-network-time: refactor
    • Add more typing
    • zerotracepen-get-network-time: migrate to pycurl, to make our fingerprint closer to
      NetworkManager's
    • Store the network time server in a configuration file
    • Move code to main() function
    • Test suite: adjust to new automatic time sync feature
    • Test suite: drop workaround
    • Tor Connection: in automatic mode, set the system time from the network
    • tca-portal: implement a new get-network-time command
    • tca-portal: include stdout in responses