This is about #9059: Additional software locks the opening of the desktop

We should investigate:

  • Installing packages once the session has started.
  • Starting reading packages lists and building cache on GDM PostLogin. For that we need an APT mechanism to do all this without installing or removing anything.
  • Using nice to not slow down the desktop too much in competition with tails-upgrade-frontend.

Install packages once the session has started

This is the preferred solution, as it is the best to speed up the desktop opening

What kind of packages would suffer from being installed after the session started?

Broken packages

There are things that wrap the X session (e.g. all kinds of agents such as monkeysphere-validation-agent, gpg-agent, ssh-agent, some input methods and accessibility stuff). Most of the files that land into /etc/X11/Xsession.d/ are affected: https://codesearch.debian.net/search?q=%2Fetc%2FXsession.d. These ones would be entirely broken if we install packages in a non-blocking way.

This list contains only 4 packages. The only one that looks really useful in Tails context is monkeysphere, which is already shipped in Tails.

Other affected packages

There are things that start automatically with the X session. They generally live in /etc/xdg/autostart/: https://codesearch.debian.net/search?q=etc%2Fxdg%2Fautostart. These ones will not be automatically started as they were designed to.

Proposed solution

  • Disable pre-login by default.
  • Keep live-additional-software.conf as the post-login list, so that most people don't have to change anything.
  • Try to document a workaround and ask people to complain.
  • See if people complain.
  • Then implement a special pre-login list if we really feel the need either by identifying useful packages that would be broken or by having people report on issues for them.

Implementation

Installation

User tails-additional-software-install.service

  • WantedBy=desktop.target
  • ExecStart=systemctl start tails-additional-software-install.service

A PolicyKit rule allows the amnesia user to start this specific service

tails-additional-software-install.service includes :

  • ExecStart=tails-additional-software install
  • ConditionFileNotEmpty=live-additional-software.conf
  • RemainAfterExit
  • OneShot

It remains to be decided whether the flag file that indicates success to tails-additional-software-packages-upgrade.service should be created in the tails-additional-software script itself, or via ExecStart=touch /var/run/tails-additional-software-install-started.

The user should then be notified that Additional Software Packages are installed.

Upgrade

A network-manager dispatcher hook starts systemctl start tails-additional-software-upgrade.service --no-block

tails-additional-software-packages-upgrade.service includes :

  • After=tails-additional-software-install.service
  • After=tor-has-bootstrapped.service
  • ExecStart=tails-additional-software upgrade
  • ConditionFileNotEmpty=live-additional-software.conf
  • RemainAfterExit
  • OneShot

ExecStart should wait for /run/live-additional-software/activated (created by tails-additional-software install. This could be done with inotifywait.