Tails linux source code

Related documents

Tails Installer can perform a full upgrade of an already installed USB stick. During this process, nothing is modified on the target drive but the Tails system partition and the Master boot record.

At the end of the upgrade process, we upgrade syslinux with the binary found in utils/linux/syslinux on the Tails system partition. Likewise, upgrade the boot device’s MBR with the one found in utils/mbr/mbr.bin on the Tails system partition. This ensures that the installed version of syslinux matches the version of the COM32 modules that are shipped by the version of Tails the target drive was just upgraded to.

Security discussion: with this mechanism in place, anyone who can feed an arbitrary ISO into Tails Installer can run arbitrary code (stored in the ISO filesystem as utils/linux/syslinux ) as the user running Tails Installer. We have no mechanism to run Tails Installer with elevated privileges currently, so this should not be a problem: being able to run tails-installer with arbitrary arguments is equivalent to being able to run arbitrary code already.

Mode of operation and booting methods

In order to be able to have non-destructive upgrades, blind overwrites (using dd or similar raw copy methods) of the boot media is not possible (even when Tails ships hybrid ISO images).

Two alternatives booting methods have been investigated:

Boot ISO file: Set up a bootloader on the USB stick that is able to boot an ISO image dropped into the right directory of it. Even early boot files (kernel, initramfs) are loaded from inside the ISO file.

Copy ISO’s content: Copy needed files (mainly the kernel, initramfs and SquashFS image that live in the live/ directory) from the ISO filesystem to the destination partition, then set up a bootloader that uses files in that directory. The end result is more or less equivalent to dd’ing the ISO image to the USB stick, but achieved with a non-destructive process.

We have settled on the copy ISO’s content way, mostly because it is overall simpler, more robust, and allows implementing incremental upgrades relatively easily.

Partitioning

The storage device is partitioned using GPT. Using GPT has several desirable properties:

• The system partition is hidden from Windows using the hidden flag of GPT. Hopefully this should prevent some misuse of Tails system partition, even if we explicitly discourage users to plug their Tails USB stick to a running system (Windows among other OS).
• sgdisk can run on Windows whereas no other free partitioning tools are available under Windows for other partioning method.
• Partitions can be labeled. The persistence setup tools can easily detect the right partitions without blind tries.

The Tails system partition uses a FAT32 filesystem, mainly because it is the one supported by SYSLINUX we may easily create, in a programmatic manner, from Windows systems. This choice has consequences that are barely related to the USB installation task: the restrictions on filenames imposed by the FAT32 filesystem limits what can be shipped on the system parition (e.g. Tails documentation is only available inside Tails).

The rest of the device is left unpartitionned for an encrypted storage partition that can be used for the persistence feature.

Launchers

We need to pass the -u and -n switches in any case; specific modes of operation need other switches:

• Initial installation needs -P and -m , upgrade does not.
• Cloning needs —clone , installing from ISO does not.

We have .desktop files for the following usecases:

• Clone the currently running Tails onto a shiny new USB stick: —clone -P -m
• Upgrade a (non-running) Tails system using a ISO file: no additional switch required.
• Upgrade a (non-running) Tails system using another, fresher, running Tails: no additional switch required.

Why a fork of liveusb-creator?

After an initial roundup of existing tools, we decided to use Fedora’s liveusb-creator as a basis, for reasons that are now obsolete due to more recent design choices. While we did most of our initial adaptation work on liveusb-creator with future upstreaming of our changes in mind, it proved to be hard, and future extension seems now out of question. Our future plans include moving to another piece of software as a basis, and hopefully working more closely with this future upstream of ours.

Source code

The Tails Installer source code lives in the installer Git repository.

Источник

Foreword

Every Free Software project is a bit different from the others. This page is meant to help you understand some basics of the Tails project, so that you can more efficiently and joyfully contribute to Tails.

Focus on low-effort maintainability

Many, many Live system projects — including a few ones that aimed at enhancing their users’ privacy — have lived fast and died young. We explain this by their being one wo/man efforts, as well as design decisions that made their maintenance much too costly timewise and energywise.

We want Tails to live as long as it is needed: Tails is not meant to be solely a pet project.

Since the early days of this project (i.e. early 2009), ease of maintenance in the long run has been a major factor in every decision we have made. Nowadays Tails is more alive and kicking than it has ever been, and we feel this would have been impossible without this mindset.

Our focus on low-effort maintainability has practical consequences.

First of all, we tend to carry the smallest possible delta with our upstreams (i.e. upstream software and Debian). For details about this, read our relationship with upstream statement. Moreover, we encourage you to improve Tails by working on Debian or by working on GNOME.

Second, we try not to reinvent the wheel, and we flee the Not invented here syndrome like the plague. Very little code is actually written specifically for Tails: most of what we call code work on Tails is more similar to system administration than it is to programming. We glue existing pieces together. When we need a feature that no software provides yet, we tend to pick the best existing tool, and do whatever is needed to get the needed feature upstream. which sometimes implies to write a patch ourselves.

How to get started

Pick up a task

We use GitLab to track our lists of tasks and bugs, as well as our roadmap. If you already know which one of the listed tasks you want to tackle and it has the T:Code label, then you can probably safely skip to the next section.

So you want to contribute code to Tails but do not know where to start? Our coding TODO list is huge and frightening, but.

Let’s see how we can help you picking up a task. A few tips:

• Choose something that matters for you, such as fixing that bug that annoys you so much or implementing this feature you are missing so much.
• Choose something where your singular skills and knowledge are put to work. For example:
  • Python:
    • Onion Circuits
    • Welcome Screen
    • Tails Installer
    • WhisperBack
  • Perl:
    • OpenPGP Applet
    • Persistent Storage
    • Tails Upgrader
  • Ruby:
    • Test suite
• Have a look to the list of Starter tasks: there is something, in each of these tasks, that one can do right away since it does not require deep knowledge of the Tails internals.

On the one hand, you may want to start doing practical stuff immediately. In this case, see the list of tasks that have the T:Code label. You probably want to start looking at the few ones that are also in the list of Starter tasks first so that you can gain confidence and we can smoothly learn to work together.

On the other hand, you may prefer picking up a task that requires some initial thought and discussion before rushing to your $EDITOR . In this case, you probably want to look at the guidelines for providing needed input.

Get in touch with our past, present and future

So you know what bug you want to fix, what feature you want to implement. At this point, we advise you to:

1. Gather results of previous research and discussions on the topic you are interested in. Search this website, issues on GitLab and the tails-dev@boum.org mailing list archive.
2. Tell us on tails-dev@boum.org about your plans to make sure your idea fits nicely into the big picture, and nobody is currently working on the same task.

Tails is developed using a set of Git repositories. If unsure, base your work on the devel branch, or ask.

Every commit shall implement one change and be labeled with a commit message that clearly expresses the rationale of your changes. This is needed so that your work can be easily reviewed: explain every proposed change to us in the same way you would explain it to someone who would not get the background.

Submit your work

Before diving into technical details, please read our merge policy.

You can submit small, easy changes as Git patches (prepared with the git format-patch command) over email to tails-dev@boum.org.

For larger changes that will certainly require a few review/fix cycles before being merged, it’s better if you:

1. Fork us on our GitLab
2. Push your work to a dedicated Git topic branch
3. Ask us to review it.

Want more?

Still here? Good, please read on.

Read about Tails design

The specification and design document will help you understand better how Tails works.

Follow Tails development

You should subscribe to the tails-dev mailing list.

Build a Tails image

You should test your changes before contributing them back. Most often, this requires you to build Tails USB and ISO images.

Talk to us

You can subscribe to tails-dev@boum.org, our development mailing list.

If you need input and don’t know who to ask, mention @anonym on the corresponding GitLab issue. If he cannot outright help you directly, he most likely can find someone who is better suited to help.

Источник

Source code

Most of the software included in Tails is taken directly from upstream Debian packages and is neither modified nor recompiled by Tails.

The source code of software that is specific to Tails is available in our Git repositories.

The source code of the Debian packages included in Tails is available in the APT snapshot that we created for that version of Tails.

The red theme used by Tails’ Unsafe Browser was downloaded from Mozilla add-ons website (https://addons.mozilla.org/en-US/firefox/addon/simplyred/):

Website

This website uses several images with distinct copyright, licenses, trademarks and distribution terms:

The Tails logo is based on USB by Ilsur Aptukov from the Noun Project.

Debian logo: Copyright (c) 1999 Software in the Public Interest.

Onion logo: registered trademark of The Tor Project, Inc.; the Tails project is authorized to use it under certain conditions; licensed under Creative Commons Attribution 3.0 United States License.

Forge, copyright Digital Bazaar, Inc.

Announcement: Creative Commons — Attribution, by Olivier Guin.

Code: Creative Commons — Attribution, by Azis.

Pen: Creative Commons — Attribution, by factor[e] design initiative.

Loan: Public Domain, by Rohith M S.

User: Creative Commons — Attribution, by Edward Boatman.

Translation: Creative Commons — Attribution, by Joe Mortell.

Gears: Creative Commons — Attribution, by Cris Dobbins.

Graphic Design: Creative Commons — Attribution, by Cornelius Danger.

Check Mark: Public Domain, by Julian Norton.

Delete: Creative Commons — Attribution, by Kervin Markle.

Play: Creative Commons — Attribution, by Zech Nelson.

Pause: Creative Commons — Attribution, by Zech Nelson.

USB: Creative Commons — Attribution, by Wilson Joseph.

Time: Creative Commons — Attribution, by Richard de Vos.

Printer: Creative Commons — Attribution, by Diego Naive.

Smart Phones: Creative Commons — Attribution, by Pham Thi Dieu Linh.

Laptop: Public Domain, by Jean Yashu.

Love: Creative Commons — Attribution, by Thomas Helbig.

Survey: Creative Commons — Attribution, by unlimicon.

Info: Creative Commons — Attribution, by icongeek.

Источник

Leave no trace on the computer

Like a tent, you can carry Tails with you and use it anywhere.

Your secure computer anywhere

To use Tails, shut down the computer and start on your Tails USB stick instead of starting on Windows, macOS, or Linux.

You can temporarily turn your own computer into a secure machine. You can also stay safe while using the computer of somebody else.

Tails is a 1.1 GB download and takes ½ hour to install. Tails can be installed on any USB stick of 8 GB minimum. Tails works on most computers less than 10 years old. You can start again on the other operating system after you shut down Tails.

You don’t have to worry about the computer having viruses because Tails runs independently from the other operating system and never uses the hard disk. But, Tails cannot always protect you if you install it from a computer with viruses or if you use it on a computer with malicious hardware, like keyloggers.

Amnesia

Tails always starts from the same clean state and everything you do disappears automatically when you shut down Tails.

Without Tails, almost everything you do can leave traces on the computer:

• Websites that you visited, even in private mode
• Files that you opened, even if you deleted them
• Passwords, even if you use a password manager
• All the devices and Wi-Fi networks that you used

On the contrary, Tails never writes anything to the hard disk and only runs from the memory of the computer. The memory is entirely deleted when you shutdown Tails, erasing all possible traces.

Encrypted Persistent Storage

You can save some of your files and configuration in an encrypted Persistent Storage on the USB stick: your documents, your browser bookmarks, your emails, and even some additional software.

The Persistent Storage is optional and you always decide what is persistent. Everything else is amnesic.

Digital security toolbox

Tails includes a selection of applications to work on sensitive documents and communicate securely.

All the applications are ready-to-use and are configured with safe defaults to prevent mistakes.

• Tor Browser with uBlock, a secure browser and an ad-blocker
• Thunderbird, for encrypted emails
• KeePassXC, to create and store strong passwords
• LibreOffice, an office suite
• OnionShare, to share files over Tor
• and many more!

To prevent mistakes:

• Applications are blocked automatically if they try to connect to the Internet without Tor.
• Everything in the Persistent Storage is encrypted automatically.
• Tails does not write anything to the hard disk. All the memory is deleted when shutting down.

Leave no trace on the Internet

Tor for everything

Everything you do on the Internet from Tails goes through the Tor network. Tor encrypts and anonymizes your connection by passing it through 3 relays. Relays are servers operated by different people and organizations around the world.

A single relay never knows both where the encrypted connection is coming from and where it is going to:

• The 1st relay only knows where you are coming from but not where you are going to.
• This 3rd relay only knows where you are going to but not where you are coming from.
• The connection to the final destination is encrypted whenever possible to prevent the 3rd relay from reading its content.

This way, Tor is secure by design even if a few relays are malicious.

Tor has more than 6 000 relays. Organizations running Tor relays include universities like the MIT, activist groups like Riseup, nonprofits like Derechos Digitales, Internet hosting companies like Private Internet Access, etc. The huge diversity of people and organizations running Tor relays makes it more secure and more sustainable.

Avoid online surveillance and censorship

Tor prevents someone watching your Internet connection from learning what you are doing on the Internet.

You can avoid censorship because it is impossible for a censor to know which websites you are visiting.

If connecting to Tor is blocked or dangerous to use from where you are, for example in some countries with heavy censorship, you can use bridges to hide that you are connected to the Tor network.

Avoid tracking and change identity

Tor also prevents the websites that you are visiting from learning where and who you are, unless you tell them. You can visit websites anonymously or change your identity.

Online trackers and advertisers won’t be able to follow you around from one website to another anymore.

You can publish a blog or manage a social media account entirely from Tails. If you only access it from Tails, it cannot be related to you. You can store documents and images related to this different identity in your Persistent Storage, keep your passwords in KeePassXC, have a dedicated email account in Thunderbird, etc.

Software for freedom

Transparency to build trust

All the code of our software is public to allow independent security researchers to verify that Tails really works the way it should.

Top security for free

Nobody should have to pay to be safe while using a computer. That is why we are giving out Tails for free and try to make it easy to use by anybody.

We are a nonprofit and an open community.

Our work is funded by donations from people like you and organizations that support Internet freedom: Mozilla, Tor, DuckDuckGo, Freedom of the Press Foundation, AccessNow, etc.

Sharing to be stronger

Tails is built on solid foundations: the Tor network, the Debian operating system, the GNOME desktop environment, and all the tools included in Tails.

We share back our improvements with these projects so that many more people can benefit from our work.

Источник