[Tails-dev] APT upgrades [Was: Icedove security updates / Ta…

Delete this message

Reply to this message
Autore: intrigeri
Data:  
To: The Tails public development discussion list
Vecchi argomenti: Re: [Tails-dev] Icedove security updates / Tails release schedule
Oggetto: [Tails-dev] APT upgrades [Was: Icedove security updates / Tails release schedule]
Hi,

u wrote (05 Jan 2016 11:50:16 GMT) :
> Dean Pierce:
>> Would it be blasphemous to run some sort of software update at boot?
>> Ideally some sort of very visible indicator displaying the date of the
>> most recent security update would be nice too. I feel like these
>> vulnerability gaps are inevitable, and trying to avoid them with
>> tricky scheduling would just make release schedules overly complex,
>> and even then it doesn't really help much against an adversary who
>> isn't bound to such schedules.


> Tails contains a mechanism that, at boot time, executes a check for
> upgrades. This could be used to display warnings if there is indeed a
> security issue, and has been used for this in the past.


Yes, indeed.

I wonder if Dean was maybe referring to updating software with APT.
If it's the case, then the answer for non-technical users is:
https://tails.boum.org/support/faq/#upgrade ... but surely it won't
convince anyone here. The technical answer is rather longer.

First of all, we have never worked on the Tails source code with this
(APT upgrade) use case in mind. We sometimes do things in a way that
would not survive an upgrade, or would add stumbling blocks to the
upgrade process where the user would have to choose the right option
among several hard to understand ones, and the set of options may
include a dangerous one. We could adjust the way we build the ISO and
configure stuff, so that this kind of problems disappears. It raises
a bit the bar for contributing "code" (rather: system glue) to Tails,
and it's yet another thing one has to be careful not to mess up.
It's a hard decision to make for a project like Tails. And the initial
conversion process would require quite some work.

Secondly, we currently have no good way to validate that a given
Debian security update works fine in Tails (as in: doesn't break
functionality, and doesn't remove safety belts we've put in place)
before it is made available to Tails users. The picture will be
entirely different on this side once we have what we call a freezable
APT repository, which we should have in a few months:
https://tails.boum.org/blueprint/freezable_APT_repository/

So, yay, there's no fundamental obstactle that prevents us from ever
supporting APT upgrades. It's "just" quite some work to do initially
to get there, and then some constraints added on any further work done
on Tails' system glue.


To make things funnier, some food for thought:

There are kinds of updates that are much harder to support properly,
e.g. anything that would need to modify the kernel or the initramfs.
The way Freepto does it (essentially, they have a blacklist of
packages that can't be updated, iirc) is not acceptable for Tails,
I guess.

This whole thing would eat lots of bandwiths for people who don't use
persistence; and quite a few software updates need to be done very
early to be effective, while we don't configure the network before
GNOME has started (hence the "restart to apply updates" trick some
operating systems use).

Cheers,
--
intrigeri