- contribute
- how
- promote
- material
- slides
- 31C3
- Infrastructure
- infrastructure
% Improving the infrastructure behind Tails % intrigeri % December, 2014
Current Tails' challenges
Cadence & popularity
- new release every 6 weeks
- about 10k boots a day, doubles every year
Limited resources and time
- mostly volunteer work
- 2800 commits, by ~15 persons, in the last 6 months
Energy-draining release process
- automated test suite, but:
- still huge manual test suite
- no way to freeze the APT repositories we are using
Roadmap
Tails 2.0
- sustainability and maintainability: lots of continuous integration and infrastructure work
- Greeter revamp
- Icedove (Thunderbird)
- support more download mirrors
- nicer initial download and installation process
Tails 3.0
- more hardening, more sandboxing
- multi-platform installer
More?
- port to Debian Jessie: WIP, must be finished in 2015
What we have
People
very few people involved in continuous integration and infrastructure work
Services
- Jenkins:
ISO images from major branches built after Git push
PO files sanity checks
thanks to jenkins.debian.net for the inspiration! - APT repository
- rsync, Bitcoin, BitTorrent, etc.
Needed infrastructure improvements
Release process
- building Debian packages
- building ISO images
- freezing for real
Quality assurance
- does our stuff stop building?
- does our stuff stop working?
- does new stuff break anything?
- notifications, integration with the review process
- some day, gatekeeping?
Security
- deterministic (reproducible) builds
- hardening build flags status
- same-day security updates
Internal communication
- commit notifications
- package upload notifications
Tails system administrators
Goals
The Tails system administrators set up and maintain the infrastructure that supports the development and operations of Tails, to:
- make the life of Tails contributors easier
- improve the quality of the Tails releases
Principles
- Infrastructure as code
- Free Software
- Relationships with upstream
Infrastructure as code
We want to treat system administration like a (free) software development project.
Infrastructure as code: why?
- enabling people to participate without accounts on our servers
- reviewing changes applied to our systems
- being able to reproduce our systems via automatic deployment
- sharing knowledge with other people
Infrastructure as code: how?
- publish as much as possible of our systems configuration
- manage our whole infrastructure with configuration management tools
Free Software
- Debian Free Software Guidelines
- exception: firmware needed by our hardware
Relationships with upstream
https://tails.boum.org/contribute/relationship_with_upstream/
Tools
How to help?
Entry points
- https://tails.boum.org/contribute/how/sysadmin/
- https://tails.boum.org/contribute/working_together/roles/sysadmins/
- "easy" tasks
Where to start?
- #6295: Evaluate consequences of importing large amounts of packages into reprepro
- #6891: Monitor broken links on our website
- #6918: Track hardening status of the binaries shipped in Tails
- #7427: Evaluate using aptly
- #7125: Write a Puppet class to manage a Tails mirror
- #5894: APT repository: notify incoming
Tell us about your skills and desires,
we'll help you get started :)
Contact
Talk to us
- A few of us are here.
- Sysadmins (private and encrypted) mailing-list: tails-sysadmins@boum.org
- Development mailing-list: tails-dev@boum.org
- Private and encrypted mailing-list: tails@boum.org
- IRC: see https://tails.boum.org/contribute/
- Web: https://tails.boum.org/