This report covers the activity of Tails in June 2016.

Everything in this report is public.

A. Replace Claws Mail with Icedove

A.1.1. Secure the Icedove autoconfig wizard

Despite having thouroughly tested our work on reenabling the autoconfiguration wizard in Icedove, we received reports, that in some cases where the ISP uses OAuth, as for example Gmail, people were unable to set up an email account. One of these issues, the spurious inability to set up accounts, has been resolved and will be available in the next Tails release ( #11550). The OAuth issue has been identified and is currently being worked on (#11536). A third issue concerning intermittently failing TLS connections needs more testing (#10933).

A.1.2. Make our improvements maintainable for future versions of Icedove

The second iteration of our patches for Icedove has been reviewed and integration with upstream's testing suite has been asked for in reply. We've been working on writing tests for our patches, but another iteration of those is necessary. See the upstream bug for details.

The Tor project has released Torbirdy 0.2.0 on June 27th 2016. This release contains patches we wrote, as well as patches by Arthur Edelstein, that fix the privacy leaks identified initially by taqnaq. An updated Debian package is currently being uploaded.

B. Improve our quality assurance process

B.3. Extend the coverage of our test suite

B.3.10. Write automated tests for features added in 2016Q1

We added a new test for the Tails Greeter "Disable all networking" option (#10340).

Since we dropped Vidalia as it was not maintained anymore, and replaced it with Tor Status and Onion Circuits, we adapted our test suite accordingly (#6841).

We had to update some test suite scenarios after having enabled Tor Browser's font fingerprinting protection in Tails, as most of its related screenshots didn't work anymore (#11097).

B.3.11. Fix newly identified issues to make our test suite more robust and faster

We've identified the reason why sometimes our test suite is not able to add the necessary kernel command line options to the Tails system it tests. The fix is not that easy to implement, and solutions are being worked on. A patch is under test and we intend to fix this issue in July (#10777).

We've investigated why our test suite sometimes fails because of time synchronization errors. Auditing our htpdate script showed that it may not have the best defaults for it to work correctly on sloppy network connections. A patch has been proposed and is being tested (#10494).

A patch implementing a way to retry Synaptic related tests on network transient errors or if Synaptic segfaults is under test and will be proposed to be merged soon (#10441 and #10412).

We also implemented a similar solution on the Git scenarios, which have proven to be fragile because of network errors. A patch has been widely tested, and will likely be merged soon (#10444).

Thanks to Dogtail (#10721), whose integration was worked on in the past few months, we could make a robust fix for:

  • The "the Tor Browser loads the (startup page|Tails roadmap) step is fragile (#10376)

and also make the implementation simpler and more future proof for:

  • Adjust test suite after upgrading Tor Browser to the 6.0.x series, based on Firefox 45.2 (#11403)

B.3.13. Reorganize the "various checks" feature (#5707)

A branch that splits this feature's scenarios into more relevant thematic features has been proposed for review. It should be merged soon.

B.3.14. Write tests for incremental upgrades (#6309)

A branch testing the Tails incremental upgrades have been pushed and proposed to review. Issues with it were raised and a fix promptly pushed. It's receiving the last round of review and will likely be merged soon.

B.3.15. Write automated tests for features added in 2016Q2

A test was proposed to review, that covers a regression we have identified and fixed a few months ago, in one of Tails' persistence features (#10840).

We added a test for reconfiguring an existing persistence partition — we only tested its initial creation so far (#10834).

After forbidding the Tor Browser to start any external application (for improved security, see #9285) a test that previously did just that was converted to a test for downloading files.

While upgrading the Tor Browser to the 6.0.x series, based on a new major Firefox release (45.2, see #11403) tests were adjusted to new application behavior and appearance of the browser's graphical user interface.

B.4. Freezable APT repository

The system has been working fine in production for a while now, and as reported last month all parts of this deliverable have now been completed.

In June, we have polished a bit the design documentation for the entire setup (#11447).

And, in July we want to do various polishing tasks:

  • If needed, write helper tools for freeze exceptions (#11448).

  • Investigate a weird issue we have identified, when a package is not removed from our time-based APT snapshots, while it should be (#11496).

  • Deal with the consequences that our new APT snapshots system has on our server's apt-cacher-ng cache size (#11532).

C. Scale our infrastructure

C.1. Change in depth the infrastructure of our pool of mirrors

We now have 39 active mirrors.

The work that remains to be done in July is:

  • C.1.2. Write & audit the code that makes the redirection decision from our website (#8639, #8640, #11109)

    • mirror-dispatcher.js: we are still waiting for the auditor to do a final security review.

    • Download And Verification Extension (DAVE) for Firefox: the code needs to be reviewed by the original author of the extension and the code for resuming downloads still needs to be improved and tested.

  • C.1.8. Clean up the remainders of the old mirror pool setup (#8643, #11284)

    This is now only blocked by the work that is in progress on DAVE (C.1.2).

C.4. Maintain our already existing services

  • C.4.6. Administer our services up to milestone VI

    We kept on answering the requests from the community and taking care of security updates.

    We refactored the Puppet bits that configure our servers' firewall.

    We debugged and fixed a nasty problem that prevented the testing Git branch from being automatically tested on our infrastructure (#11499).

    One of us participated in a Puppet sprint at DebCamp, where a team did improved the puppet and apt modules we are using on our infrastructure.

E. Release management

Tails 2.4 was released on June 7.