% Improving the infrastructure behind Tails % intrigeri % December, 2014

Current Tails' challenges

Cadence & popularity

  • new release every 6 weeks
  • about 10k boots a day, doubles every year

Limited resources and time

  • mostly volunteer work
  • 2800 commits, by ~15 persons, in the last 6 months

Energy-draining release process

  • automated test suite, but:
  • still huge manual test suite
  • no way to freeze the APT repositories we are using

Roadmap

Tails 2.0

  • sustainability and maintainability: lots of continuous integration and infrastructure work
  • Greeter revamp
  • Icedove (Thunderbird)
  • support more download mirrors
  • nicer initial download and installation process

Tails 3.0

  • more hardening, more sandboxing
  • multi-platform installer

More?

  • port to Debian Jessie: WIP, must be finished in 2015

What we have

People

very few people involved in continuous integration and infrastructure work

Services

  • Jenkins:
    ISO images from major branches built after Git push
    PO files sanity checks
    thanks to jenkins.debian.net for the inspiration!
  • APT repository
  • rsync, Bitcoin, BitTorrent, etc.

Needed infrastructure improvements

Release process

  • building Debian packages
  • building ISO images
  • freezing for real

Quality assurance

  • does our stuff stop building?
  • does our stuff stop working?
  • does new stuff break anything?
  • notifications, integration with the review process
  • some day, gatekeeping?

Security

  • deterministic (reproducible) builds
  • hardening build flags status
  • same-day security updates

Internal communication

  • commit notifications
  • package upload notifications

Tails system administrators

Goals

The Tails system administrators set up and maintain the infrastructure that supports the development and operations of Tails, to:

  • make the life of Tails contributors easier
  • improve the quality of the Tails releases

Principles

  • Infrastructure as code
  • Free Software
  • Relationships with upstream

Infrastructure as code

We want to treat system administration like a (free) software development project.

Infrastructure as code: why?

  • enabling people to participate without accounts on our servers
  • reviewing changes applied to our systems
  • being able to reproduce our systems via automatic deployment
  • sharing knowledge with other people

Infrastructure as code: how?

  • publish as much as possible of our systems configuration
  • manage our whole infrastructure with configuration management tools

Free Software

Relationships with upstream

https://tails.boum.org/contribute/relationship_with_upstream/

Tools

  • Debian GNU/Linux
  • Puppet
  • Git to host and deploy configuration, including our Puppet modules

How to help?

Entry points

Where to start?

  • #6295: Evaluate consequences of importing large amounts of packages into reprepro
  • #6891: Monitor broken links on our website
  • #6918: Track hardening status of the binaries shipped in Tails
  • #7427: Evaluate using aptly
  • #7125: Write a Puppet class to manage a Tails mirror
  • #5894: APT repository: notify incoming

Tell us about your skills and desires,

we'll help you get started :)

Contact

Talk to us