Project

General

Profile

Feature #14581

Install caff (signing-party) by default

Added by infinity0 almost 2 years ago. Updated 16 days ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
09/01/2017
Due date:
% Done:

50%

Feature Branch:
Type of work:
Test
Blueprint:
Starter:
Affected tool:

Description

It would be good if Tails bundled the signing-party package from Debian. At the moment I use caff(1) to do keysigning on a separate machine with TAILS, but I have to connect it to the internet every time in order to install that package. If Tails bundled it, I could keep the machine airgapped.

The package and its dependencies are about 800KB to download (on top of a fresh Tails boot) and about 23MB when installed.


Related issues

Related to Tails - Feature #8401: Improve monkeysign integration in Tails Rejected 12/06/2014
Related to Tails - Feature #6338: User-friendly keysigning that verifies that key belongs to the recipient Rejected 10/06/2013
Blocked by Tails - Feature #14570: Implement Offline Mode for Additional Software Packages Resolved 01/17/2016

History

#1 Updated by mercedes508 almost 2 years ago

  • Status changed from New to Confirmed
  • Type of work changed from Code to Discuss

let's discuss it at our next monthly meeting.

#2 Updated by intrigeri over 1 year ago

  • Subject changed from Add signing-party as a default bundeled package to Install caff (signing-party) by default
  • Estimated time deleted (1.00 h)

I have the exact same use case as infinity0. It's a great way to manage an offline master OpenPGP key, but indeed the lack of caff in the ISO makes it more burdensome than it could be: in order to keep the machine airgapped I download the needed .debs (signing-party + its recursive dependency chain) outside of Tails and copy them via a USB stick.

Additional info:

  • We already ship Monkeysign, but AFAICT it does not support offline usage (saving the email to files one can then send from an online machine) so it's not relevant for the use case we're discussing here.
  • This use case is clearly a corner case and I think the affected people are able to find workarounds.
  • Once the Additional Software Packages feature works well offline (#14570), one will have to connect Tails once during the initial setup in order to install signing-party, and then the system can be kept fully airgapped (modulo upgrades but they can be done without unlocking the persistent volume).

infinity0:

The package and its dependencies are about 800KB to download (on top of a fresh Tails boot)

On Tails 3.3 that's 891 kB.

mercedes508:

let's discuss it at our next monthly meeting.

Yes! But for this to really happen, one needs to add the topic they wish to discuss to the agenda. I've just done it :)

#3 Updated by intrigeri over 1 year ago

  • Blocked by Feature #14570: Implement Offline Mode for Additional Software Packages added

#4 Updated by intrigeri over 1 year ago

  • Assignee set to intrigeri
  • Target version set to Tails_3.6
  • Type of work changed from Discuss to Test

As per 2018-01 meeting:

There seems to be a general agreement that it's nice to support the
use cases of developers concerned about the security of their OpenPGP
secret key material… and the today's power-users may be tomorrow's
contributors, so everyone felt like including `caff` was a good idea.
Still, #14570 will be fixed soon so there was some
hesitation floating around.

We decided to wait for #14570 to be fixed in
a release, then intrigeri will try this use case himself without
having caff in the ISO, and if happy he'll ask infinity0 to try the
same. Then we'll see.

#5 Updated by infinity0 over 1 year ago

Thanks for looking into this issue. I can see that Additional Software Packages would be a good generic solution to this problem, and it would also be OK for me if it works.

However, I use Tails in a non-standard way - instead of using the installer, I use the loopback-iso feature of Grub, which is supported by debian-live, which is what Tails uses. This allows one to copy the tails.iso file directly onto a filesystem partition on the USB stick, and (using special grub script commands [1]) tell Grub to boot from this .iso file directly. The advantage is that I can have many different live-image .isos on the same USB stick. Unfortunately this prevents Tails Live Persistence from working.

If Tails Live Persistence could be made to work even when Tails is booted as a loopback-iso, that would allow me to use the Additional Software Packages feature to solve my airgapped caff use-case as well.

[1] https://github.com/infinity0/uberimg/blob/master/isodetect.cfg#L275

#6 Updated by intrigeri over 1 year ago

Thanks for looking into this issue. I can see that Additional Software Packages would be a good generic solution to this problem, and it would also be OK for me if it works.

Good. Let's look deeper into it then :)

However, I use Tails in a non-standard way - instead of using the installer, I use the loopback-iso feature of Grub, which is supported by debian-live, which is what Tails uses. This allows one to copy the tails.iso file directly onto a filesystem partition on the USB stick, and (using special grub script commands [1]) tell Grub to boot from this .iso file directly. The advantage is that I can have many different live-image .isos on the same USB stick.

FYI this unsupported setup conflicts with some assumptions we're implicitly making regularly when developing Tails (so implicit and internalized that I feel too lazy to list them) and may thus make Tails work differently than designed. So no warranty, use at your own risks, YMMV, etc. :)

Technically it would not be too hard to support this, but every such option we add increases complexity, makes the whole thing harder to reason about and increases the risk of bugs. So I don't think we'll support this specific corner case any time soon.

Unfortunately this prevents Tails Live Persistence from working. If Tails Live Persistence could be made to work even when Tails is booted as a loopback-iso, that would allow me to use the Additional Software Packages feature to solve my airgapped caff use-case as well.

I see. This setup indeed prevents you from setting up a Tails persistent volume, but it should not prevent you from using one. For example:

  1. Install Tails using Tails Installer on a USB stick (let's call it TI_stick).
  2. Boot from TI_stick.
  3. Set up a persistent volume (enabling the 2 APT-related persistence settings), reboot, apt install caff and add caff to your list of Additional Software Packages.
  4. Shutdown.
  5. Leave TI_stick plugged.
  6. Boot from your GRUB stick with loopack-iso etc.; you may have to pass a custom live-media= boot option to ensure the SquashFS from that ISO will be selected, instead of the one on TI_stick.
  7. You should see the "unlock your persistent volume" (or whatever it's called) in the Greeter.

#7 Updated by intrigeri over 1 year ago

  • Target version changed from Tails_3.6 to Tails_3.7

#14570 will be fixed in 3.6 so I can come back to it during the 3.7 cycle.

#8 Updated by intrigeri about 1 year ago

  • Target version changed from Tails_3.7 to Tails_3.8

#9 Updated by intrigeri 12 months ago

  • Target version changed from Tails_3.8 to Tails_3.9

#10 Updated by intrigeri 10 months ago

  • Target version changed from Tails_3.9 to Tails_3.10.1

#11 Updated by u 10 months ago

I'm unsure what to do about this ticket. Do we want caff to be installed by default or should this be handled by ASP now?

#12 Updated by u 10 months ago

  • QA Check set to Info Needed

#13 Updated by sajolida 10 months ago

Same here. I understand the concern about having an airgapped machine but we worked on offline additional software precisely for that, no?

#14 Updated by u 10 months ago

sajolida wrote:

Same here. I understand the concern about having an airgapped machine but we worked on offline additional software precisely for that, no?

But in order to install you need to connect the machine to the network once I guess?

#15 Updated by intrigeri 10 months ago

The next step is documented on #14581#note-4.

#16 Updated by u 10 months ago

  • Related to Feature #8401: Improve monkeysign integration in Tails added

#17 Updated by u 10 months ago

  • Related to Feature #6338: User-friendly keysigning that verifies that key belongs to the recipient added

#18 Updated by intrigeri 9 months ago

  • Status changed from Confirmed to In Progress
  • Assignee changed from intrigeri to infinity0
  • Target version deleted (Tails_3.10.1)
  • % Done changed from 0 to 50

I've converted to Additional Software the airgapped Tails I use for offline master key management. As expected I had to connect it to the network once in order to preseed the packages cache but then it works fine. infinity0, could you please do the same (see #14581#note-6 for how to do so in your special setup) and confirm that's good enough for you needs? Thanks in advance :)

#19 Updated by intrigeri 16 days ago

  • Status changed from In Progress to Rejected
  • Assignee deleted (infinity0)

Please reopen if you ever provide the requested input. Thanks!

Also available in: Atom PDF