Main ticket: #7526

Goals of our Vagrant thing

  1. Make it easy to new contributors to build a Tails ISO.
  2. Improve consistency between our various ways of building Tails ISOs (Tails developers currently use at least 3 different build setups, and our auto-builder yet another one).
  3. Our "easy build" instructions must work at least on:
    • Debian stable + backports
    • Debian testing
  4. Ideally, our "easy build" instructions should also work at least on:
    • latest Ubuntu LTS
    • latest Ubuntu non-LTS

What we have

  • A Vagrant setup that works on a Wheezy host, and presumably on a sid one too. No idea about Ubuntu 14.04 LTS and upcoming 14.10, let alone other distros or non-Linux OS.

  • Our Vagrant setup has many problems: #7527.

  • What our Vagrant thing does:

    • downloads and checks a build basebox as needed
    • creates and configures a build VM as needed
    • fires up a build VM as needed
    • makes the Git tree available in the build VM (with VirtualBox shared folders)
    • run the build scripts inside the build VM, taking into account various options (passed as environment variables) to accomodate local needs
    • retrieve the build artifacts from the build VM onto the host system
  • Vagrant hasn't been actively maintained in Debian for a while. It is part of Jessie, but that was by a very short margin. OTOH it looks like its maintainer now cares much more about it.

  • VirtualBox vs. QEMU/KVM:

    • One can't run both VirtualBox and QEMU/KVM on the same system.
    • Vagrant use VirtualBox by default.
    • Some of us use VirtualBox, some of us use QEMU/KVM.
    • Our infrastructure (e.g. auto-builder) uses QEMU/KVM.
    • It seems easier to convert VirtualBox users among us to QEMU/KVM, than the contrary, thanks to the larger feature set (e.g. USB removable devices emulation). GNOME Boxes may make it less painful for some.
    • There's a vagrant-libvirt plugin available, not in Debian yet, see the corresponding blueprint for packaging and backporting challenges. That's irrelevant, though, if the vagrant package itself is not very well maintained in Debian.
    • There's a libvirt driver for VirtualBox too.
  • Vagrant's upstream provides a .deb, but no proper source package (they're using FPM). There's no strong cryptographic way to authenticate this package after downloading it. We don't want to rely on that package, nor to advertise it, for security reasons, and also due to our policy to do things with/in Debian.

  • Docker is seeing a lot of traction lately. It might be a better bet than Vagrant on the long-term.

What others use

  • Ubuntu cloud images are built with vmbuilder, which works basically at the same level as live-build. It might be useful to create and maintain a builder basebox, but it doesn't provide the same glue as Vagrant for downloading, managing, booting and file sharing.
  • Same for other building cloud images for other operating systems, apparently:
  • Vortex is similar to Vagrant. Only supports VirtualBox (and the Amazon cloud) as of 20141130.


  • Short-term: fix the Vagrant situation for the most important usecases (#7527)
  • Mid-term: fix the situation for real, starting with evaluating vagrant-lxc (in Stretch, #10232) and vagrant-libvirt (see blueprint). If none of those is good enough, then let's give another look to Docker (#7530, evaluate Docker).