Rationale

Tails includes a coherent but limited set of applications. As the system is amnesic, new software packages for Debian can be installed in a working session but they are not reinstalled at next reboot.

Additional Software Packages is a feature to remember a set of Debian Packages to be installed automatically from persistent storage each time Tails is started.

Use cases

Alice is a geographer working for an NGO in an unstable country. They need to use Tails but needs the QGis SIG to work. It would make little sense to add such a specific software in Tails. But thanks to Additional Software Packages, Alice can have QGis installed every time when they boot Tails with persistent storage enabled.

Bob is a journalist and wants to publish videos made by other colleagues. Bob needs to convert these videos and is used to the open source video transcoder HandBrake. With Additional Software Packages, Bob doesn't need to install it every time when they boot Tails.

Specifications

Goals

  • Allow people to choose to:

    • Reinstall a package every time they start Tails.
    • Stop reinstalling a package every time on boot.
  • Integrate this in:

    • The usual installation and removal process of a package (through Synaptic, another graphical tool, or APT on the command line).
    • The persistent storage configuration.
  • Ensure packages are installed even offline.

  • Ensure packages are updated when the machine is connected to the Internet.

Non-goals

  • We won't support installing software that is not in Debian's official repositories.

  • We won't provide a way for people to specify which packages to install outside of the usual installation process of a package. We only ask people if they want to reinstall a package every time after it has been successfully installed a first time.

Implementation

Software installation at startup

The systemd user unit config/chroot local-includes/usr/lib/systemd/user/tails-additional-software-install.service is triggered by desktop.target. It starts the system unit config/chroot local-includes/lib/systemd/system/tails-additional-software-install.service with sudo (see config/chroot local-includes/etc/sudoers.d/zzz tails-additional-software).

tails-additional-software-install.service starts if its configuration exists and executes config/chroot local-includes/usr/local/sbin/tails-additional-software install then creates /run/live-additional-software/installed.

tails-additional-software install reads live-additional-software.conf which contains a package name per line and install these packages with apt-get (using options that prevent questions being asked to the user, see install_additional_packages and _launch_apt_get in config/chroot local-includes/usr/local/sbin/tails-additional-software).

In the beginning of the process, the user is notified through desktop notifications that additional software is being installed:

In the end, they are informed of success of failure. In the latter case, they are offered to open a configuration window or to examine the logs in order to better understand the issue. The notifications with buttons displayed are as the desktop user and are implemented in config/chroot local-includes/usr/local/lib/tails-additional-software-notify.

Software upgrade on Internet connection

A network-manager dispatcher hook starts the systemd unit config/chroot local-includes/lib/systemd/system/tails-additional-software-upgrade.path which waits for /run/live-additional-software/installed then starts the oneshot service /usr/local/sbin/tails-additional-software upgrade after tor-has-bootstrapped.service and tails-additional-software-install.service if the configuration file /live/persistence/TailsData_unlocked/live-additional-software.conf is not empty.

config/chroot local-includes/usr/local/sbin/tails-additional-software update saves a copy of apt lists, then starts apt-get update and launches the installation process again, triggering an upgrade if necessary.

If the upgrade is successful, the copy of old apt lists is deleted. Else, it would be restored by the installation process next time Tails is started, ensuring that a network disconnection or another unexpected issue doesn't make the Additional Software Packages unavailable.

In the beginning of the process, the user is notified via desktop notifications that additional software is being upgraded.

In the end, they are informed of success of failure. In the latter case, they are offered to open a configuration window or to examine the logs in order to better understand the issue.

User interface for addition and removal of software

When the user installs a package either through the APT command line or a graphical interface like Synaptic, a notification is displayed to let them add or remove it from their list of additional software.

Two APT hooks are configured in config/chroot local-includes/etc/apt/apt.conf.d/80tails-additional-software.disabled, which are enabled by config/chroot local-hooks/99-zz-install-ASP-DPKG-hooks in the end of the build process.

The first hook DPkg::Pre-Install-Pkgs runs before any actual installation happens and calls /usr/local/sbin/tails-additional-software apt-pre which saves a list of installed and removed packages as JSON in /run/live-additional-software/packages.

The second hook DPkg::Post-Invoke runs in the end of the installation process and calls /usr/local/sbin/tails-additional-software apt-post. It double forks so that APT properly returns, then parses the JSON file written beforehand in order to check which packages were manually installed or removed.

When a package is installed

With persistent storage unlocked:

When Add To Persistent Storage is clicked, /usr/bin/tails-persistence-setup is started as tails-persistence-setup without a GUI to enable the AdditionalSoftware preset. The new additional packages are then added atomically to the live-additional-software.conf configuration file (this logic is handled by https://git-tails.immerda.ch/pythonlib/plain/tailslib/additionalsoftware.py)

Without persistent storage

When Add To Persistent Storage is clicked, /usr/bin/tails-persistence-setup is started as tails-persistence-setup with a GUI to lead the user through the process of creating a persistent storage. The AdditionalSoftware preset is automatically enabled. The new additional packages are then added to the live-additional-software.conf configuration file, which is in this case mounted to /media/tails-persistence-setup/TailsData instead of /live/persistence/TailsData_unlocked (this logic in handled by https://git-tails.immerda.ch/pythonlib/plain/tailslib/persistence.py).

The systemd service config/chroot local-includes/lib/systemd/system/tails-synchronize-data-to-new-persistent-volume-on-shutdown.service is used to synchronize APT data (lists and cached packages) to the newly created persistent storage on Tails shutdown.

With persistent storage locked

No notification is displayed as people who have a persistent storage but don't unlock it, probably do this only sometimes and for a reason. They probably otherwise unlock their persistent storage most of the time. If they install packages with their persistent storage locked, they probably do it with their persistent storage unlock as well and would learn about this feature when it's most relevant for them.

When it's impossible to have persistent storage

This happens when running from a DVD, virtual machine, or intermediary Tails.

The state file /run/live-additional-software/installer-asked ensures this notification is only shown once per session, not to bother people too much.

When a package is removed

When Remove is clicked, the packages are removed atomically from the live-additional-software.conf configuration file (this logic is handled by https://git-tails.immerda.ch/pythonlib/plain/tailslib/additionalsoftware/config.py).

Additional Software configuration window

The list of additional software can be opened from:

  • Applications ▸ System Tools ▸ Additional Software
  • Applications ▸ Tails ▸ Additional Software
  • a click on the gear button next to the Additional Software feature in the persistent storage settings

This application is implemented in the following files:

If there is no persistent storage or before any package is added, if the persistent storage is locked, or if it is impossible to have a persistent storage (for example, when running from a DVD or a virtual machine) the window shows an explanation text with appropriate pointers:

When packages have already been added, the window displays a list of these Additional Software Packages:

When clicking on the delete cross, a confirmation dialog is displayed:

The privileged helper config/chroot local-includes/usr/local/sbin/tails-additional-software-remove is called through pkexec to remove the software from the live-additional-software.conf configuration file (see config/chroot local-includes/usr/share/polkit-1/actions/org.boum.tails.additional-software.policy