Home » Linux » Debian » intrigeri: Can you reproduce this Tails ISO image?

intrigeri: Can you reproduce this Tails ISO image?

Thanks to a Mozilla Open Source Software award, we have been working
on making the Tails ISO images
build reproducibly.

We have made huge progress: since a few months, ISO images built by
Tails core developers and our CI system have always been identical.
But we’re not done yet and we need your help!

Our first call for testing build reproducibility in August uncovered
a number of remaining issues. We think that we have fixed them all
since, and we now want to find out what other problems may prevent you
from building our ISO image reproducibly.

Please try to build an ISO image today, and tell us whether it
matches ours!

Build an ISO

These instructions have been tested on Debian Stretch and testing/sid.
If you’re using another distribution, you may need to adjust them.

If you get stuck at some point in the process, see our more detailed
build documentation
and don’t hesitate to contact us:

Setup the build environment

You need a system that supports KVM, 1 GiB of free memory, and about
20 GiB of disk space.

  1. Install the build dependencies:

    sudo apt install 
        git 
        rake 
        libvirt-daemon-system 
        dnsmasq-base 
        ebtables 
        qemu-system-x86 
        qemu-utils 
        vagrant 
        vagrant-libvirt 
        vmdebootstrap && 
    sudo systemctl restart libvirtd
    
  2. Ensure your user is in the relevant groups:

    for group in kvm libvirt libvirt-qemu ; do
       sudo adduser "$(whoami)" "$group"
    done
    
  3. Logout and log back in to apply the new group memberships.

Build Tails 3.2~alpha2

This should produce a Tails ISO image:

git clone https://git-tails.immerda.ch/tails && 
cd tails && 
git checkout 3.2-alpha2 && 
git submodule update --init && 
rake build

Send us feedback!

No matter how your build attempt turned out we are interested in your
feedback.

Gather system information

To gather the information we need about your system, run the following
commands in the terminal where you’ve run rake build:

sudo apt install apt-show-versions && 
(
  for f in /etc/issue /proc/cpuinfo
  do
    echo "--- File: ${f} ---"
    cat "${f}"
    echo
  done
  for c in free locale env 'uname -a' '/usr/sbin/libvirtd --version' 
            'qemu-system-x86_64 --version' 'vagrant --version'
  do
    echo "--- Command: ${c} ---"
    eval "${c}"
    echo
  done
  echo '--- APT package versions ---'
  apt-show-versions qemu:amd64 linux-image-amd64:amd64 vagrant 
                    libvirt0:amd64
) | bzip2 > system-info.txt.bz2

Then check that the generated file doesn’t contain any sensitive
information you do not want to leak:

bzless system-info.txt.bz2

Next, please follow the instructions below that match your situation!

If the build failed

Sorry about that. Please help us fix it by
opening a ticket:

  • set Category to Build system;
  • paste the output of rake build;
  • attach system-info.txt.bz2 (this will publish that file).

If the build succeeded

Compute the SHA-512 checksum of the resulting ISO image:

sha512sum tails-amd64-3.2~alpha2.iso

Compare your checksum with ours:

9b4e9e7ee7b2ab6a3fb959d4e4a2db346ae322f9db5409be4d5460156fa1101c23d834a1886c0ce6bef2ed6fe378a7e76f03394c7f651cc4c9a44ba608dda0bc

If the checksums match: success, congrats for reproducing Tails
3.2~alpha2! Please send an email to tails-dev@boum.org (public) or
tails@boum.org (private) with the subject “Reproduction of Tails
3.2~alpha2 successful” and system-info.txt.bz2 attached. Thanks in
advance! Then you can stop reading here.

Else, if the checksums differ: too bad, but really it’s good news as
the whole point of the exercise is precisely to identify such
problems 🙂 Now you are in a great position to help improve the
reproducibility of Tails ISO images by following these instructions:

  1. Install diffoscope version 83 or higher and all the packages it
    recommends. For example, if you’re using Debian Stretch:

    sudo apt remove diffoscope && 
    echo 'deb http://ftp.debian.org/debian stretch-backports main' 
      | sudo tee /etc/apt/sources.list.d/stretch-backports.list && 
    sudo apt update && 
    sudo apt -o APT::Install-Recommends="true" 
             install diffoscope/stretch-backports
    
  2. Download the
    official Tails 3.2~alpha2 ISO image.

  3. Compare the official Tails 3.2~alpha2 ISO image with yours:

    diffoscope 
           --text diffoscope.txt 
           --html diffoscope.html 
           --max-report-size 262144000 
           --max-diff-block-lines 10000 
           --max-diff-input-lines 10000000 
           path/to/official/tails-amd64-3.2~alpha2.iso 
           path/to/your/own/tails-amd64-3.2~alpha2.iso
    bzip2 diffoscope.{txt,html}
    
  4. Send an email to tails-dev@boum.org (public) or tails@boum.org
    (private) with the subject “Reproduction of Tails 3.2~alpha2
    failed”, attaching:

    • system-info.txt.bz2;
    • the smallest file among diffoscope.txt.bz2 and
      diffoscope.html.bz2, except if they are larger than 100 KiB, in
      which case better upload the file somewhere (e.g.
      share.riseup.net and share the link
      in your email.

Thanks a lot!

Credits

Thanks to Ulrike & anonym who authored a draft on which this blog post
is based.

Source: Debian Planet

Facebook Comments