Project

General

Profile

Feature #6369

Feature #5663: Return to Icedove

Feature #6148: Torbirdy in Debian

Feature #6154: Secure the Icedove autoconfig wizard

Build Debian packages of Icedove 38 with our patches / create proper branch situation

Added by intrigeri over 5 years ago. Updated about 3 years ago.

Status:
Resolved
Priority:
Elevated
Assignee:
-
Category:
-
Target version:
Start date:
10/16/2013
Due date:
% Done:

100%

Feature Branch:
451f:icedove/tails/jessie
Type of work:
Code
Blueprint:
Starter:
No
Affected tool:
Email Client

Related issues

Related to Tails - Feature #6158: Fix secure Icedove autoconfig wizard in Tails Resolved
Related to Tails - Feature #6157: Fix re-test in secure Icedove autoconfig wizard Resolved
Blocked by Tails - Feature #7746: Rebase our patches on top of Icedove 38 Resolved 08/05/2014

History

#1 Updated by BitingBird about 5 years ago

  • Category set to 176

#2 Updated by intrigeri about 5 years ago

  • Category deleted (176)

Icedove is a mail client, not a browser.

#3 Updated by BitingBird about 5 years ago

  • Category set to 176

#4 Updated by BitingBird about 5 years ago

  • Category deleted (176)

#5 Updated by sajolida almost 5 years ago

  • Priority changed from High to Normal

#6 Updated by intrigeri almost 5 years ago

  • Blocked by Feature #7746: Rebase our patches on top of Icedove 38 added

#7 Updated by intrigeri almost 5 years ago

  • Subject changed from Build Debian packages of Icedove 24 with our patches to Build Debian packages of Icedove 31 with our patches

#8 Updated by intrigeri almost 5 years ago

  • Blocked by deleted (Feature #7746: Rebase our patches on top of Icedove 38)

#9 Updated by intrigeri almost 5 years ago

  • Blocked by Feature #7746: Rebase our patches on top of Icedove 38 added

#10 Updated by intrigeri almost 5 years ago

  • Category set to 212

#11 Updated by intrigeri about 4 years ago

  • Subject changed from Build Debian packages of Icedove 31 with our patches to Build Debian packages of Icedove 38 with our patches
  • Assignee set to u
  • Target version set to 246

#13 Updated by sajolida over 3 years ago

  • Target version changed from 246 to Tails_2.0

#14 Updated by u over 3 years ago

  • Related to Feature #6158: Fix secure Icedove autoconfig wizard in Tails added

#15 Updated by u over 3 years ago

  • Related to Feature #6157: Fix re-test in secure Icedove autoconfig wizard added

#16 Updated by u over 3 years ago

  • Feature Branch set to icedove:tails-secure_account_creation-38.5.0

#17 Updated by u over 3 years ago

  • Priority changed from Normal to Elevated
  • Target version changed from Tails_2.0 to Tails_2.2

#18 Updated by u over 3 years ago

  • Status changed from Confirmed to In Progress
  • % Done changed from 0 to 10

I've successfully built packages. Still need to upload my branch though.

#20 Updated by anonym over 3 years ago

Some initial PoC packages have now been built, see #6158#note-22.

#21 Updated by u over 3 years ago

  • Blocks deleted (Feature #6368: Test our rebased patches on Icedove 38)

#22 Updated by u over 3 years ago

  • Subject changed from Build Debian packages of Icedove 38 with our patches to Build Debian packages of Icedove 38 with our patches / create proper branch situation
  • Feature Branch changed from icedove:tails-secure_account_creation-38.5.0 to icedove:tails-secure_account_creation-38.6.0

We actually need to rebase the Debian patches on 2 branches,the unstable (master) branch and jessie-security, both with our patches. These branches have very diverged debian/ files (control & patches).

#23 Updated by u over 3 years ago

  • Target version changed from Tails_2.2 to Tails_2.3

#24 Updated by anonym about 3 years ago

  • Target version changed from Tails_2.3 to Tails_2.4

#25 Updated by u about 3 years ago

  • Assignee changed from u to anonym
  • % Done changed from 10 to 20

Hi,

I've created and pushed to my repo:

  • tails/38.7.2-1_secure_account_creation - that's currently in Debian unstable

Then we have your tag using the patches already, now pushed in this same repo:

  • tails/38.6.0-1_deb8u1+tails0_secure_account_creation - that's based on what is currently in Debian security.

Please check if that works for you.

#26 Updated by anonym about 3 years ago

  • Assignee changed from anonym to u
  • % Done changed from 20 to 30
  • QA Check set to Info Needed

u wrote:

  • tails/38.6.0-1_deb8u1+tails0_secure_account_creation - that's based on what is currently in Debian security.

I built packages from this branch, and now have 38.6.0-1~deb8u1+tails0 packages. But that is the version of packages already present in the feature-6154-secure-autoconfig-in-icedove APT suite, which are the packages I built two months ago from my tails_secure_account_creation-38.6.0-deb8u1 branch. I dupload:ed with --force, so I've now replaced the old packages with the new (despite the identical version), but haven't tested them yet.

So, what are the next steps for comparing our builds, which you wanted? TBH, I don't really care about that as I'm confident all is fine. :)

#27 Updated by intrigeri about 3 years ago

I built packages from this branch, and now have 38.6.0-1~deb8u1+tails0 packages.
But that is the version of packages already present in the
feature-6154-secure-autoconfig-in-icedove APT suite, which are the packages I built
two months ago from my tails_secure_account_creation-38.6.0-deb8u1 branch.
I dupload:ed with --force, so I've now replaced the old packages with the new
(despite the identical version), but haven't tested them yet.

It would be a bit nicer to bump the version number in such cases :)

#28 Updated by u about 3 years ago

  • Assignee changed from u to anonym
  • QA Check deleted (Info Needed)
  • Feature Branch changed from icedove:tails-secure_account_creation-38.6.0 to 451f:tails/38.8.0-1_deb8u1_secure_account_creation

Hi,

I've pushed tails/38.8.0-1_deb8u1_secure_account_creation and pristine-tar to my repository. This is the latest security update of Icedove in Debian, it came out yesterday.
I've modified a bit the naming of the tails branch, but did not dare to change it on the last version in the main repository.

Trying to build now from my side just to see if all is fine.
Reassigning to you in the meantime.

Cheers!

#29 Updated by anonym about 3 years ago

  • Assignee changed from anonym to u
  • QA Check set to Dev Needed

I just found a blocker for inclusion in Tails 2.4: it seems that you have imported the wrong patches! Notice how in your patches the new pref is called mailnews.auto_config_ssl_only but I changed the name quite some time ago to mailnews.auto_config.ssl_only (notice the dot instead of underscore!). Also, mailnews.auto_config.dns_mx_lookup.enabled is not present in the patches you imported.

Can you please import the patches from the new branch secure_account_creation-38.8.0-1 that I just pushed? Unfortunately the wrong patches were submitted to the upstream Mozilla ticket, so you need to push new ones there too and explain the situation. Just to be sure I have meticulously and painstakingly compared the two sets of patches to make sure nothing strange is going on and that nothing was lost, so you can make it clear that the only things that changed are:
  • mailnews.auto_config_ssl_only => mailnews.auto_config.ssl_only
  • The above pref has the default True
  • DNS MX lookup is controller by its own pref mailnews.auto_config.dns_mx_lookup.enabled
  • The above pref has the default True
  • Improved commit messages
When the new packages land in Tails, I have to do this in the feature/6154-secure-autoconfig-in-icedove branch:
  • I can drop setting mailnews.auto_config.ssl_only since Icedove now sets it by default.
  • But I must set mailnews.auto_config.dns_mx_lookup.enabled to False. We should alert the TorBirdy devs about this!

I cannot believe none of this was noticed by any of us! :)

Lastly, that branch now includes three additional commits that resolves the points made during the review of the upstream ticket. Oh, ans also note that the other upstream ticket is completely unaffected by all this.

#30 Updated by anonym about 3 years ago

Please make sure you import the patches from commit:fe31b32543fdef4bcde8e8f6a053c5937a9e1eef now. :)

#31 Updated by anonym about 3 years ago

anonym wrote:

Please make sure you import the patches from commit:fe31b32543fdef4bcde8e8f6a053c5937a9e1eef now. :)

Scratch that, had to force push so now it is commit:1bf4d0f322fea45f8e8f68352ed2c5b10f1d4bcf.

#32 Updated by u about 3 years ago

  • Assignee changed from u to anonym
  • QA Check changed from Dev Needed to Info Needed

anonym wrote:

I just found a blocker for inclusion in Tails 2.4: it seems that you have imported the wrong patches! Notice how in your patches the new pref is called mailnews.auto_config_ssl_only but I changed the name quite some time ago to mailnews.auto_config.ssl_only (notice the dot instead of underscore!). Also, mailnews.auto_config.dns_mx_lookup.enabled is not present in the patches you imported.

I'm very happy you saw that and I'm very sorry about this. I must have used an older export or branch for these patches.

Can you please import the patches from the new branch secure_account_creation-38.8.0-1 that I just pushed? Unfortunately the wrong patches were submitted to the "upstream Mozilla ticket": https://bugzilla.mozilla.org/show_bug.cgi?id=971347, so you need to push new ones there too and explain the situation. Just to be sure I have meticulously and painstakingly compared the two sets of patches to make sure nothing strange is going on and that nothing was lost, so you can make it clear that the only things that changed are:
  • mailnews.auto_config_ssl_only => mailnews.auto_config.ssl_only
  • The above pref has the default True
  • DNS MX lookup is controller by its own pref mailnews.auto_config.dns_mx_lookup.enabled
  • The above pref has the default True
  • Improved commit messages
When the new packages land in Tails, I have to do this in the feature/6154-secure-autoconfig-in-icedove branch:
  • I can drop setting mailnews.auto_config.ssl_only since Icedove now sets it by default.
  • But I must set mailnews.auto_config.dns_mx_lookup.enabled to False. We should alert the TorBirdy devs about this!

Should I prepare a TorBirdy patch? That might be easier to get this upstreamed.

I cannot believe none of this was noticed by any of us! :)

Well, it was. By you. Now :)

Lastly, that branch now includes three additional commits that resolves the points made during the review of the upstream ticket. Oh, ans also note that the other upstream ticket is completely unaffected by all this.

I've explained this on https://bugzilla.mozilla.org/show_bug.cgi?id=971347 and uploaded the new patch set.

Previously I had also imported this one: https://bugzilla.mozilla.org/attachment.cgi?id=8724400 but I think we decided that this is unlikely to get merged. And it's not present in the current patchset anymore. (That's patch 0007.) Can you please confirm this?

I will add these patches to the packaging branch now.

#33 Updated by u about 3 years ago

  • Feature Branch changed from 451f:tails/38.8.0-1_deb8u1_secure_account_creation to 451f:icedove/tails/38.8.0-1_deb8u1_sac

Pushed a debian branch to 451f:/icedove/tails/38.8.0-1_deb8u1_sac
But I've not tested building yet.

#34 Updated by anonym about 3 years ago

  • Assignee changed from anonym to u
  • QA Check changed from Info Needed to Dev Needed

u wrote:

anonym wrote:

I just found a blocker for inclusion in Tails 2.4: it seems that you have imported the wrong patches! Notice how in your patches the new pref is called mailnews.auto_config_ssl_only but I changed the name quite some time ago to mailnews.auto_config.ssl_only (notice the dot instead of underscore!). Also, mailnews.auto_config.dns_mx_lookup.enabled is not present in the patches you imported.

I'm very happy you saw that and I'm very sorry about this. I must have used an older export or branch for these patches.

Don't worry about this -- things like these happens. :) I'm equally much the cause for failing to communicate clearly which branch was the newest (and for not noticing this for months!).

Can you please import the patches from the new branch secure_account_creation-38.8.0-1 that I just pushed? Unfortunately the wrong patches were submitted to the "upstream Mozilla ticket": https://bugzilla.mozilla.org/show_bug.cgi?id=971347, so you need to push new ones there too and explain the situation. Just to be sure I have meticulously and painstakingly compared the two sets of patches to make sure nothing strange is going on and that nothing was lost, so you can make it clear that the only things that changed are:
  • mailnews.auto_config_ssl_only => mailnews.auto_config.ssl_only
  • The above pref has the default True
  • DNS MX lookup is controller by its own pref mailnews.auto_config.dns_mx_lookup.enabled
  • The above pref has the default True
  • Improved commit messages
When the new packages land in Tails, I have to do this in the feature/6154-secure-autoconfig-in-icedove branch:
  • I can drop setting mailnews.auto_config.ssl_only since Icedove now sets it by default.
  • But I must set mailnews.auto_config.dns_mx_lookup.enabled to False. We should alert the TorBirdy devs about this!

Should I prepare a TorBirdy patch? That might be easier to get this upstreamed.

Don't worry about this. This last part is not a blocker for you, and the upstreaming can wait until post-2.4.

I cannot believe none of this was noticed by any of us! :)

Well, it was. By you. Now :)

Can we please just forget about it! :P

Lastly, that branch now includes three additional commits that resolves the points made during the review of the upstream ticket. Oh, ans also note that the other upstream ticket is completely unaffected by all this.

I've explained this on https://bugzilla.mozilla.org/show_bug.cgi?id=971347 and uploaded the new patch set.

Great!

Previously I had also imported this one: https://bugzilla.mozilla.org/attachment.cgi?id=8724400 but I think we decided that this is unlikely to get merged. And it's not present in the current patchset anymore. (That's patch 0007.) Can you please confirm this?

Kill it with fire!

I will add these patches to the packaging branch now.

Excellent, but...

Pushed a debian branch to 451f:/icedove/tails/38.8.0-1_deb8u1_sac
But I've not tested building yet.

... it doesn't seem like you did it based on our previous Git branch, so the current release (38.8.0-1~deb8u1+tails0) and other history would be lost from debian/changelog. To not lose history, let's do this instead: take your previous branch (tails/38.8.0-1_deb8u1_secure_account_creation) rename it to tails/jessie and then refresh the old patches to the new/fixed ones (as new commits! no history rewriting!), and bump the tails* counter for a new release (38.8.0-1~deb8u1+tails1). From now on, let's base all our release work on this branch.

#35 Updated by u about 3 years ago

Tested that the patches apply correctly! I'll create a branch as suggested tomorrow.

#36 Updated by u about 3 years ago

  • Assignee changed from u to anonym
  • QA Check changed from Dev Needed to Ready for QA

Pushing there right now.

#37 Updated by u about 3 years ago

  • Feature Branch changed from 451f:icedove/tails/38.8.0-1_deb8u1_sac to 451f:icedove/tails/jessie

#38 Updated by anonym about 3 years ago

  • % Done changed from 30 to 40

I pushed your tails/jessie branch to Tails' icedove repo, and a fix on top of it: you had forgotten to remove the old patches (with their different names) from debian/patches/series. Debian packagin is fun! :)

Building 38.8.0-1~deb8u1+tails2...

#39 Updated by anonym about 3 years ago

  • % Done changed from 40 to 50

anonym wrote:

Building 38.8.0-1~deb8u1+tails2...

Finished, and uploaded to the feature-6154-secure-autoconfig-in-icedove APT suite.

Some testing would be excellent! Images will be available here: http://nightly.tails.boum.org/build_Tails_ISO_feature-6154-secure-autoconfig-in-icedove/lastSuccessful/archive/build-artifacts/

#40 Updated by u about 3 years ago

As talked about together, there is a locale issue to fix.

Also we must not forget this:

When the new packages land in Tails, I have to do this in the feature/6154-secure-autoconfig-in-icedove branch:

  • I can drop setting mailnews.auto_config.ssl_only since Icedove now sets it by default.
  • But I must set mailnews.auto_config.dns_mx_lookup.enabled to False. We should alert the TorBirdy devs about this!

After that we can close this ticket i think.

#41 Updated by anonym about 3 years ago

  • Status changed from In Progress to Resolved
  • Assignee deleted (anonym)
  • % Done changed from 50 to 100
  • QA Check changed from Ready for QA to Pass

I have uploaded 38.8.0-1~deb8u1+tails3 which deals with the locale issue, and the needed pref changes are in the feature/6154-secure-autoconfig-in-icedove branch.

Also available in: Atom PDF