Goals and non-goals

  • Allow people to choose to:

    • Reinstall a package every time they start Tails.
    • Stop reinstalling a package every time.
  • Integrate this in:

    • The usual installation and removal process of a package (through Synaptic, another graphical tool, or APT on the command line).
    • The persistent storage configuration.
  • Provide a better replacement for Synaptic. #15262

  • We won't provide a way for people to specify which packages to install outside of the usual installation process of a package. We only ask people if they want to reinstall a package every time after it has been successfully installed a first time.

Flow chart

User interface

Notifications for addition and removal

When the user installs a package either through the APT command line or a graphical interface like Synaptic, a notification is displayed to let them add or remove it from their list of additional software.

These notifications are triggered by APT hooks. In the backend, we would set DEBIAN_PRIORITY=critical so that debconf does not ask questions (and instead uses default values as answers).

When a package is installed with a persistent storage unlocked

When a package is installed with no persistent storage

When a package is installed with a persistent storage locked

No notification.

This notification could have education purposes: to tell people about this feature. But:

  • People who have a persistent storage but don't unlock it, probably do this only sometimes and for a reason. They probably otherwise unlock their persistent storage most of the time.

  • If they install packages with their persistent storage locked, they probably do it with their persistent storage unlock as well and would learn about this feature when it's most relevant for them.

So let's not bother them when it's not worth it.

When a package is installed but it's impossible to have a persistent storage

When running from a DVD, virtual machine, or intermediary Tails.

To be displayed only once per session, not to bother people too much.

When a package is uninstalled

Notifications when starting Tails with additional software

If any additional software has been configured through the notifications from the previous sections, these packages are installed automatically from the persistent storage every time the user starts Tails.

When the installation starts

If the summary is too long (here 62 characters), use instead only:

Installing your additional software...

We added "from persistent storage" to inform better the mental model of users and clarify that these are not downloaded every time from the Internet. But we also made this clearer in the notification when installing.

When the installation succeeds

XXX: the configure button here is tricky to implement. Can we live without it?

People who see this notification already configured additional software. It's here as a reminder of where the configuration that triggers this notification is stored (and also as a shortcut).

So yes, we can live without it.

Notifications of failures

When the installation fails

When the upgrade fails

When the configuration fails (addition to/removal from the package list)

XXX: please define

I would need to understand better how and why it could fail... Is it something that people can fix by themselves or merely revealing a bug that we will have to fix in Tails?

If it's about helping people to report bugs that we will have to fix in Tails, then we could display:

**Adding Mumble to your additional software failed**

Please report an error to our help desk.
**Removing Mumble from your additional software failed**

Please report an error to our help desk.

When the Additional Software configuration GUI fails to do its work

  • started standalone (from the Applications menu or Overview)
  • started from the persistence wizard

Additional Software

The list of additional software can be open from:

  • Applications ▸ System Tools ▸ Additional Software
  • Applications ▸ Tails ▸ Additional Software

Why both? See #5521.

But also when click on the gear button next to the Additional Software feature in the persistent storage settings.

If there is no persistent storage

Before any package is added

When some packages are already added

XXX: please define what happens when clicking on the links "Synaptic Package Manager" or "APT on the command line".

Clicking "Synaptic Package Manager" opens Synaptic. Clicking "APT on the command line" opens Terminal.

When removing a package

By clicking on the delete cross.

Removing packages from the list doesn't require any validity check.

If the persistent storage is locked

It is impossible to have a persistent storage

For example, when running from a DVD or virtual machine.

Persistent storage configuration

  • MUST allow a feature to have a "Settings" button.

  • SHOULD modify the persistent storage configuration to replace the APT Packages and APT Lists features by a single Additional Software feature.

  • MAY replace the custom widgets of the persistent storage configuration by the following GTK3 pattern:


  • MUST allow programmatically activating the ASP persistence feature when a persistent volume is unlocked. For example, through the command line or a DBus method call.

  • MUST allow triggering persistence creation and then activate a feature (ASP) programmatically.

  • SHOULD allow ASP to setup the feature between persistence creation and persistence feature selection.

Implementation notes

Components interaction



IPC between tails-additional-software (root backend) and tails-additional-software-notify (user session notification frontend, think about notify-send with actions support cf. https://developer.gnome.org/notification-spec/#basic-design) is really basic: display this notification and tell me the answer. I think the easiest way to do that is just to fork as amnesia with sudo, then check the returncode.

IPC between tails-additional-software and tails-persistence-setup carries "Persistence-setup, please setup persistence with ASP" and "ASP, you can go on". It could be done the same way, but it may be worth having a persistence-setup DBus service on the system bus (which we already though when considering integrating it in the greeter).

  • allow programmatically activating the ASP persistence feature when a persistent volume is unlocked:

        /usr/bin/tails-persistence-setup --no-gui \
           --no-display-finished-message \
           --force-enable-preset AdditionalSoftware
  • allow triggering persistence creation and then activate a feature (ASP) programmatically:

        /usr/bin/tails-persistence-setup --step bootstrap \
           --no-display-finished-message \
           --force-enable-preset AdditionalSoftware

IPC between tails-additional-software-configuration (user session configuration interface) and tails-additional-software carries the list entries to remove from ASP. It may be done via sudo or via DBus system service, but I don't think it's worth it.