Re: [Tails-dev] Help needed with branch bugfix/writable_boot…

This message is part of the following thread:
Mthe complete thread tree sorted by date
Mintrigeri at <-
Mintrigeri at ->
Delete this message

Reply to this message
Author: quidame
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] Help needed with branch bugfix/writable_boot_media
Hi,

On 10/06/2013 15:27, intrigeri wrote:
> Hi quidame,
>
>> After what, other bilibop packages perform more or less specific actions
>> to protect the content of this device from root or user mistakes.
>
> I'm interested in bilibop-rules too (more specifically, its ability to
> set the boot medium as 'system internal' for udisks). However,
> bilibop-rules depends on a newer initscripts package than what's in
> Squeeze. Unfortunately, this is still a blocker for us.
>
> Is this only because of the unconditional use of /run in some places,
> or are there other reasons for this dependency?

No other reason (as there is no initscript in my packages). This is only
for compliance with the Debian Policy 3.9.4

> How hard would it be to remove this dependency in a backport aimed at
> Squeeze?
>
> Would you be interested to do it in order to help Tails a bit?

Hmm... I think it is not the best way:

1. bilibop-rules provides other features that are absolutely not Tails
(Debian Live) related: helper scripts to manage grub device.map, or to
modify LVM config, or to make /etc/udev/rules.d/70-persistent*.rules
unpersistent... this is why bilibop-udev exists

2. the only one relevant file in bilibop-udev is 66-bilibop.rules; so it
is possible to modify it again (+2 lines), or even not install
bilibop-udev (but only bilibop-common), and add a specific rules file in
the amnesia git repository (I think in
config/chroot_local-includes/etc/udev/rules.d/). Additionally, you could
merge it with the existing 99-hide-TailsData.rules. In that case, this
could give:

============ BEGIN
# /etc/udev/rules.d/99-tails.rules

SUBSYSTEM!="block", GOTO="bilibop_end"
ACTION!="add|change", GOTO="bilibop_end"
KERNEL!="sd?*|mmcblk?*|mspblk?*", GOTO="bilibop_end" 

SUBSYSTEMS=="usb|firewire|memstick|mmc", \
    PROGRAM=="/lib/bilibop/test $tempnode", \
    ENV{UDISKS_SYSTEM_INTERNAL}:="1", \
    GROUP:="disk", \
    GOTO="bilibop_disk"


GOTO="bilibop_end"
LABEL="bilibop_disk" 

ENV{UDISKS_PARTITION_LABEL}=="TailsData", \
    ENV{UDISKS_PRESENTATION_HIDE}:="1"


KERNEL=="sd?|mmcblk?|mspblk?", \
    ENV{ID_DRIVE_DETACHABLE}:="0", \
    SYMLINK+="TailsBootDev"


LABEL="bilibop_end"
============ END

(...just for a first draft on the fly; also note that /lib/bilibop/test
is a part of bilibop-common)

What do you think about that ? If needed I can help to write what you need.

Another possibility could be to kill bilibop-udev and replace it by
bilibop-live, with live-specific additional stuff (but this is not done).

cheers,
quidame

This message was posted to the following mailing lists:
tails-dev
Mailing List Info | Nearby Messages		<-Re: [Tails-dev] Please review & merge feature/set-wireless-devices-stateRe: [Tails-dev] Help needed with branch bugfix/writable_boot_media->
lists.autistici.org administrated by postmasterLurker (version 2.3)