Until Tails is based on a Debian version which includes our patches We have to maintain our custom packages for the integration of VeraCrypt support in GNOME until they are available in Tails via the Debian repos. This means we need to check if new versions of the following source packages have hit Debian buster or buster-security:

  • gtk+3.0 (version in Tails: 3.24.5-1.0tails1)
  • gvfs (version in Tails: 1.38.1-5.0tails1)
  • gjs (version in Tails: 1.54.3-1.0tails1)
  • gnome-shell (version in Tails: 3.30.2-11~deb10u1.0tails1)

If any of these have a new version in buster or buster-security:

  1. Download our custom package and source package it is was forked off from:

    # Set these variables to the correct values for the package to update
    PACKAGE_NAME=udisks2
    # The version currently in Tails
    OLD_VERSION=2.1.8-1.0tails3
    # The version of the official Debian package it was forked off from
    ORIGINAL_VERSION=2.1.8-1
    # The new version in buster or buster-security
    NEW_VERSION=2.1.8-2
    # Release the updated package should go in (stable, testing or devel)
    RELEASE=stable
    # The topic branch for this update
    BRANCH=feature/update-udisks
    SUITE="$(echo "${BRANCH:?}" | sed -e 's,[^.a-z0-9-],-,ig'  | tr '[A-Z]' '[a-z]')"
    
    sudo tee /etc/apt/sources.list.d/tails.list <<EOF
    deb-src tor+http://jenw7xbd6tf7vfhp.onion/ ${RELEASE:?} main
    deb-src [check-valid-until=no] tor+http://snapshot.debian.org/archive/debian/20180904T000000Z/ buster main
    EOF
    sudo apt update
    apt source --download-only "${PACKAGE_NAME:?}=${OLD_VERSION:?}"
    apt source --download-only "${PACKAGE_NAME:?}=${ORIGINAL_VERSION:?}"
    
  2. Get the debdiff of our patches:

    debdiff "${PACKAGE_NAME:?}_${ORIGINAL_VERSION:?}.dsc" "${PACKAGE_NAME:?}_${OLD_VERSION:?}.dsc" > tails.diff
    
  3. Download the new source package:

    apt source "${PACKAGE_NAME:?}=${NEW_VERSION:?}"
    
  4. Apply the debdiff on the new version:

    debdiff-apply "${PACKAGE_NAME:?}_${NEW_VERSION:?}.dsc" tails.diff
    
  5. Add changelog entry and build a new version of the patched package in a Buster/amd64 chroot:

    cd "${PACKAGE_NAME:?}"*/
    debchange --newversion="${NEW_VERSION:?}.0tails1" --distribution="${SUITE:?}" --force-distribution
    pdebuild
    
  6. Install the newly built package in the build environment and rebuild all custom packages which depend on it. The dependencies are as follows (where X: Y means that X is dependency of Y):

    • gjs: gnome-shell
  7. Sign and upload updated packages

    debsign "${CHANGES_FILE:?}"
    dupload --to tails "${CHANGES_FILE:?}"
    
  8. Update the "version in Tails" in this document.