Hi, BS wrote (03 Jul 2014 16:25:09 GMT) : > I must admit, I'm pretty confused. I thought the docs stated that > wheezy was the only environment which > Tails would build in.
There are two different things here: a) the *host* operating system b) the system running in the VM that is *dedicated* to build Tails (a) can very well run Wheezy. (b) runs on (a). Our Vagrant basebox for (b) is still based on Squeeze, but work is in progress (and almost completed) to update it for Wheezy. > If that's not the case, how is Tails building Tails? I'm not aware of anyone doing this. >> intrigeri wrote (29 Jun 2014 11:01:19 GMT) : >> 1. Someone who maintains the package in Debian. > Is that an absolute requirement? Yes. > What about downloading from vagrant's 'legacy' page Quoting https://tails.boum.org/blueprint/replace_vagrant/ : "Vagrant's upstream provides a .deb, but no proper source package (they're using FPM). There's no strong cryptographic way to authenticate this package after downloading it. We don't want to rely on that package, nor to advertise it, for security reasons, and also due to our policy to do things with/in Debian." >> Any idea if there's a good alternative to Vagrant, that requires less >> work from us? Would e.g. Docker be an option? Can Gitian be used >> without Vagrant, e.g. thanks to its LXC backend? > Docker is available in jessie, but not as a back port. Indeed, we want to evaluate Docker: https://labs.riseup.net/code/issues/7530 > It's also limited to amd64 machines, because it uses go. I don't think it's a blocker to require a 64-bit machine to build Tails. > Also, FWIW, the docker team says you shouldn't use docker > in production. Good to know, thanks. > I assume Tails counts itself as "production"? Yes, and no. Our usage of Docker, as far as this discussion is concerned, would "only" be about developers machines and CI infrastructure, and would not run on end-user systems. > (also > http://blog.docker.com/2013/08/containers-docker-how-secure-are-they/) It's not a design goal of what we currently have with VirtualBox (Vagrant) to have the basebox guest VM isolation secure the host system against malicious code running as part of our build system. Note that our build system runs as root in the guest VM. So, this requirement doesn't really apply to Linux namespaces (Docker) either. > 1) Rebuild the squeeze.box with the version of vagrant available on wheezy > This may resolve current box add issues on wheezy and may buy some time. > It does > not seem like a permanent solution. Yes, that's the short-term plan, and WIP :) > 2) Move the vagrant related Rakefile code into the vagrant file or use the > vagrant > CLI, where appropriate > This should allow for easier upgrades, and the opportunity to explore > other > versions of vagrant Before investing more time into Vagrant, I think we'll want to investigate alternative solutions and decide if we want to go on (#7526). Cheers, -- intrigeri _______________________________________________ Tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to [email protected].
