Until Tails is based on a Debian version which includes our patches We have to maintain our custom packages for the integration of VeraCrypt support in GNOME until they are available in Tails via the Debian repos (for some that will be Buster, for some Bullseye). This means we need to check if new versions of the following source packages have hit Debian stretch or stretch-security:

If any of these have a new version in stretch or stretch-security:

  1. Download our custom package and source package it is was forked off from:

    # Set these variables to the correct values for the package to update
    # The version currently in Tails
    # The version of the official Debian package it was forked off from
    # The new version in stretch or stretch-security
    # Release the updated package should go in (stable, testing or devel)
    # The topic branch for this update
    SUITE="$(echo "${BRANCH:?}" | sed -e 's,[^.a-z0-9-],-,ig'  | tr '[A-Z]' '[a-z]')"
    sudo tee /etc/apt/sources.list.d/tails.list <<EOF
    deb-src tor+http://jenw7xbd6tf7vfhp.onion/ ${RELEASE:?} main
    deb-src [check-valid-until=no] tor+http://snapshot.debian.org/archive/debian/20180904T000000Z/ stretch main
    sudo apt update
    apt source --download-only "${PACKAGE_NAME:?}={OLD_VERSION:?}"
    apt source --download-only "${PACKAGE_NAME:?}={ORIGINAL_VERSION:?}"
  2. Get the debdiff of our patches:

    debdiff "${PACKAGE_NAME:?}_${ORIGINAL_VERSION:?}.dsc" "${PACKAGE_NAME:?}_${OLD_VERSION:?}.dsc" > tails.diff
  3. Download the new source package:

    apt source "${PACKAGE_NAME:?}=${NEW_VERSION:?}"
  4. Apply the debdiff on the new version: debdiff-apply "${PACKAGE_NAME:?}_${NEW_VERSION:?}.dsc" tails.diff

  5. Add changelog entry and build a new version of the patched package in a Stretch/amd64 chroot:

    cd "${PACKAGE_NAME:?}"*/
    debchange -i --distribution="${SUITE:?}" --force-distribution
  6. Install the newly built package in the build environment and rebuild all custom packages which depend on it. The dependencies are as follows (where X: Y means that X is dependency of Y):

    • udisks2: gnome-disk-utility
    • glib2.0: gtk+3.0, gvfs, gobject-introspection, gjs, gnome-shell
    • gobject-introspection: gjs
    • gjs: gnome-shell
  7. Sign and upload updated packages

    debsign "${CHANGES_FILE:?}"
    dupload --to tails "${CHANGES_FILE:?}"
  8. Update the "version in Tails" in this document.