Project

General

Profile

Feature #17332

Upgrade Linux to 5.3.15+

Added by intrigeri 4 months ago. Updated 3 months ago.

Status:
Resolved
Priority:
Elevated
Assignee:
-
Category:
-
Target version:
Start date:
Due date:
% Done:

100%

Feature Branch:
feature/17332-linux-5.3.15-for-stable+force-all-tests
Type of work:
Code
Blueprint:
Starter:
Affected tool:


Related issues

Blocked by Tails - Bug #17265: devel branch FTBFS since torbrowser-launcher 0.3.2-4 was uploaded to sid Resolved
Blocks Tails - Feature #16209: Core work: Foundations Team Confirmed

Associated revisions

Revision edbab89c (diff)
Added by anonym 4 months ago

Upgrade Linux to 5.3.15-1 (will-fix: #17332)

Revision 3776f912
Added by intrigeri 4 months ago

Merge remote-tracking branch 'origin/feature/17332-linux-5.3.15+17265-tor-browser-aa-profile-refresh+force-all-tests' into devel

Closes: #17265
Refs: #17332

I'm not closing #17332 as it is about Tails 4.2, while the branch I'm merging
targets our devel branch and thus a later Tails release.

Revision 62715225 (diff)
Added by anonym 3 months ago

Upgrade Linux to 5.3.15-1 (will-fix: #17332)

Revision 615aad07 (diff)
Added by intrigeri 3 months ago

Bump snapshot of the Debian archive to 2019122802 (refs: #17332)

Revision 30b7297f (diff)
Added by intrigeri 3 months ago

Update the aufs module to 5.3-20191223 (refs: #17332)

Revision 751f169b
Added by segfault 3 months ago

Merge branch 'feature/17332-linux-5.3.15-for-stable+force-all-tests' into stable (Closes: #17332)

History

#1 Updated by intrigeri 4 months ago

  • Blocked by Bug #17265: devel branch FTBFS since torbrowser-launcher 0.3.2-4 was uploaded to sid added

#2 Updated by intrigeri 4 months ago

#3 Updated by anonym 4 months ago

  • Status changed from Confirmed to Needs Validation
  • Assignee set to anonym
  • % Done changed from 0 to 40
  • Feature Branch set to feature/17332-linux-5.3.15+17265-tor-browser-aa-profile-refresh

devel is FTBFS because linux 5.3.0-2 is not available any more, and doing this upgrade is the fix. See also #17215#note-6.

#4 Updated by anonym 4 months ago

  • Status changed from Needs Validation to In Progress

#5 Updated by anonym 4 months ago

  • Status changed from In Progress to Needs Validation
  • Feature Branch changed from feature/17332-linux-5.3.15+17265-tor-browser-aa-profile-refresh to feature/17332-linux-5.3.15+17265-tor-browser-aa-profile-refresh+force-all-tests

I've tested that the image boots on a Thinkpad T430, otherwise I'm just waiting for Jenkins results. (Which made me realize I should re-push this branch as +force-all-tests.)

#6 Updated by intrigeri 4 months ago

Hi @anonym, I'm glad you're working on this!

Could you please clarify which part of our checklist (see link in the ticket description) you went through?

#7 Updated by anonym 4 months ago

intrigeri wrote:

Could you please clarify which part of our checklist (see link in the ticket description) you went through?

I just skimmed it, but the whole "decision" part didn't make sense to me in this situation: devel is completely broken without this kernel bump so I consider it a no-brainer.

I admit I didn't really do any of this work with 4.2 in mind, only to get devel to build.

#8 Updated by intrigeri 4 months ago

I just skimmed it, but the whole "decision" part didn't make sense to me in this situation: devel is completely broken without this kernel bump so I consider it a no-brainer.

I admit I didn't really do any of this work with 4.2 in mind, only to get devel to build.

Thanks for the clarification! Once you're happy with test results, please reassign to me, and I'll review this branch as such. I will then leave this ticket open with a scope refocused on 4.2.

#9 Updated by anonym 4 months ago

  • Assignee changed from anonym to intrigeri
  • % Done changed from 40 to 50

Jenkins' results look good: the only two failures are because of #17169.

Please merge!

#10 Updated by intrigeri 4 months ago

  • Status changed from Needs Validation to In Progress
  • Assignee changed from intrigeri to anonym

I can't find the corresponding changes in torbrowser-launcher.git.
Could you please push them?

#11 Updated by anonym 4 months ago

  • Assignee changed from anonym to intrigeri

intrigeri wrote:

I can't find the corresponding changes in torbrowser-launcher.git.

Pushed to the feature/17265-tor-browser-aa-profile branch!

Sorry about this! I had strange issues while following the instructions, but I cannot reproduce them any more, so yay!

#12 Updated by intrigeri 4 months ago

  • Status changed from In Progress to Needs Validation

#13 Updated by intrigeri 4 months ago

  • Status changed from Needs Validation to In Progress

#14 Updated by intrigeri 4 months ago

  • Assignee deleted (intrigeri)
  • Feature Branch deleted (feature/17332-linux-5.3.15+17265-tor-browser-aa-profile-refresh+force-all-tests)

Next steps for 4.2:

  1. follow https://tails.boum.org/contribute/Linux_kernel/ to decide whether to upgrade
  2. if we decide to upgrade:
    1. prepare a branch forked off stable that bumps the 'debian' APT snapshot and cherry-picks the relevant commits from feature/17332-linux-5.3.15+17265-tor-browser-aa-profile-refresh+force-all-tests
    2. check what the APT snapshot bump changes apart of the kernel upgrade
    3. go through the rest of https://tails.boum.org/contribute/Linux_kernel/

#15 Updated by intrigeri 3 months ago

  • Assignee set to intrigeri

#16 Updated by intrigeri 3 months ago

intrigeri wrote:

Next steps for 4.2:

  1. follow https://tails.boum.org/contribute/Linux_kernel/ to decide whether to upgrade

First, let's note that 5.4.6 is ready in Vcs-Git, but:

So I'll focus on 5.3.15-1:

  • It has migrated to testing 2 weeks ago so it got plenty of exposure to real-world testing.
  • We're using it on our devel branch already.
  • The Debian BTS points to no significant regressions. I'm only slightly concerned about https://bugs.debian.org/946524 but the reporter of that bug saw it only once.
  • Among the CVEs it fixes, one seems relevant: https://security-tracker.debian.org/tracker/CVE-2019-15099.
  • Tons of bug fixes and hardware support fixes.

⇒ To me it's a no brainer: unless our CI reveals an important regression, I think we should upgrade.

#17 Updated by intrigeri 3 months ago

  • Feature Branch set to feature/17332-linux-5.3.15-for-stable+force-all-tests

#18 Updated by intrigeri 3 months ago

  • Status changed from In Progress to Needs Validation
  • Assignee deleted (intrigeri)

CI looks OK (not worse than devel on lizard; and on the more powerful hardware I have locally, I've seen all scenarios pass once, except the Seahorse sync' keys ones that currently just reproduce a known Tails bug).

Boots fine on the 2 spare laptops I have here (1 UEFI, 1 legacy BIOS), up to connecting to Wi-Fi and to Tor. Emergency shutdown is triggered as expected when unplugging the USB stick.

Finally, the diff of the .packages files between a build from stable and a build from this branch only has the kernel upgrade and amd64-microcode (3.20191021.1 → 3.20191218.1, which does nothing but remove some microcode updates that are "known to cause issues").

#19 Updated by intrigeri 3 months ago

  • Priority changed from Normal to Elevated

#20 Updated by segfault 3 months ago

  • Status changed from Needs Validation to Resolved
  • % Done changed from 50 to 100

Also available in: Atom PDF