Project

General

Profile

Bug #11082

Replace Liferea

Added by sajolida over 2 years ago. Updated 4 days ago.

Status:
In Progress
Priority:
Normal
Assignee:
Category:
-
Target version:
Start date:
07/20/2014
Due date:
% Done:

50%

Estimated time:
1.00 h
QA Check:
Ready for QA
Feature Branch:
feature/11082-deprecate-liferea
Type of work:
Code
Blueprint:
Starter:
Affected tool:
Feed Reader

Description

It has many problems and we could use Icedove instead.

Let's use this one as meta ticket.


Subtasks

Feature #7625: Persistence preset: RSS feedsConfirmed

Feature #7626: Investigate using Thunderbird & TorBirdy as the RSS readerConfirmed


Related issues

Blocked by Tails - Feature #15091: Get ready for Thunderbird 60+ Confirmed 12/21/2017 07/21/2018
Blocks Tails - Feature #15334: Core work 2018Q3: Foundations Team Confirmed 02/20/2018

Associated revisions

Revision 2bf9ab76 (diff)
Added by intrigeri 10 days ago

Integrate Liferea deprecation wrapper into our translation system (refs: #11082)

Revision 40b9dddd (diff)
Added by intrigeri 10 days ago

Improve GUI string for the Liferea deprecation wrapper (refs: #11082)

That's the string sajolida and I came up with on XMPP today.

Revision 61e9cb09 (diff)
Added by lamby 10 days ago

Wrap the Liferea dbus service too. (refs: #11082)

History

#1 Updated by sajolida over 2 years ago

  • Subject changed from Remove Liferea to Replace Liferea

#2 Updated by sajolida about 2 years ago

  • Affected tool set to Feed Reader

#3 Updated by intrigeri about 1 year ago

  • Assignee set to anonym
  • Target version set to Tails_3.0

We're seeing issues in 3.0~betaN with Liferea, and we prefer spending our time moving to Thunderbird instead of debugging Liferea.

#4 Updated by anonym about 1 year ago

  • Target version changed from Tails_3.0 to Tails_3.2

#5 Updated by intrigeri about 1 year ago

#6 Updated by intrigeri 11 months ago

Looking at your 3.2 plate, I suggest you postpone this to another major release.

#7 Updated by intrigeri 11 months ago

  • Target version changed from Tails_3.2 to Tails_3.5

#8 Updated by intrigeri 10 months ago

#9 Updated by intrigeri 10 months ago

#10 Updated by intrigeri 7 months ago

  • Assignee changed from anonym to intrigeri

I'll propose something.

#11 Updated by intrigeri 7 months ago

  • Type of work changed from Code to Discuss

I'll first describe what's the current status of feed reading support in Tails, so we can take this baseline into account when we discuss the next steps, and we can avoid demanding than the replacement solution replaces things that we never had, or does perfectly something the old solution did poorly:

  • We don't document Liferea usage anywhere. It's only mentioned on our doc/about/features page.
  • We have no persistence setting for Liferea, so if anyone uses it seriously, they have to add a custom persistence setting. But we have a persistence setting for Thunderbird.
  • We have had concerns for years about the safety of Liferea because it's essentially another browser we ship, with JS enabled by default (#9429) and merely running it with torsocks is not enough to make a web browser anonymous. On Thunderbird with Torbirdy, by default only text (not HTML) is rendered which is safer. Users can enable full HTML rendering in Thunderbird too, but at least the default configuration is safe.
  • I've not heard anything about Liferea from our help desk for many years. I seriously doubt anyone is using it in Tails currently. The only person I know who uses Liferea on Debian Stretch, wrapped with torsocks just like we do, sees it crashing (segfault) every 15 minutes or so. Likely there's something Liferea dislikes about being run in a torsocks environment. I suspect Tails is affected just the same but nobody noticed.
  • A few of us are using Thunderbird (in Tails and outside) for their feed reading. AFAIK they're all happy with it.
  • Years ago we decided to focus on this very ticket instead so we've left numerous Liferea issues open, e.g. #8793 and #9989. Thunderbird does not suffer from these bugs.
  • Most of the research we wanted to do on #7626 has been done, and https://trac.torproject.org/projects/tor/wiki/torbirdy#IsitsafetosubscribetoRSSfeedswithThunderbirdandTorBirdy now says "Is it safe to subscribe to RSS feeds with Thunderbird and TorBirdy? → Yes, RSS support was added in TorBirdy 0.2.0."

To sum up, it seems that Liferea support in Tails is poorly integrated, unmaintained, buggy, unsafe by default and probably unused. The current state of Thunderbird support for feed reading in Tails is already better than that on all these counts.

So I propose:

  1. in Tails 3.5 (January 23) we wrap Liferea to display a "Liferea is going away, please migrate your feeds to Thunderbird"; not sure it's worth documenting how to migrate feeds (export + import OPML)
  2. in Tails 3.6 (March 13) we stop shipping Liferea, drop it from the list of features, add feed reading to the list of Thunderbird features on doc/about/features, and close #7626.

Then #7625 can be repurposed into "Modify the description of the Thunderbird persistence setting to mention feeds" (not a blocker IMO).

#12 Updated by intrigeri 7 months ago

  • Target version changed from Tails_3.5 to Tails_3.6

Added to the monthly meeting agenda. If we reach an agreement I'll implement this for our next major release.

#13 Updated by intrigeri 7 months ago

#14 Updated by intrigeri 7 months ago

#15 Updated by muri 7 months ago

hi,

for the record: there was a security audit published by cure53 on thunderbird and enigmail a few weeks ago, commissioned by mozilla and posteo (a german email provider). the final result will be published when all the vulns are fixed, but a press release by posteo states:

Im Audit wurden auch schwerwiegende Sicherheitsprobleme in Verbindung mit RSS-Feeds nachgewiesen, die voraussichtlich erst in Thunderbird Version 59 vollständig behoben sein werden. Die Angriffswege werden in diesem Beitrag aus Sicherheitsgründen nicht weiter beschrieben. Das Verwenden von RSS-Feeds in Thunderbird kann Ihre vertrauliche Kommunikation in Thunderbird sowie andere sensible Daten offenlegen und gefährden.

which (approximatly, sorry for the broken english) says: "In the audit security problems in connection with RSS-Feeds have been detected, which likely only will be fully fixed in thunderbird 59. the attack vector won't be described in details because of security concerns. The usage of RSS-Feeds in thunderbird can reveal and endanger your confident communication in thunderbird as well as other sensitive information"

the press release also recommends:

Nutzen Sie bis auf Weiteres keine RSS-Feeds in Thunderbird. Es liegen schwerwiegende Sicherheitsprobleme vor, die die Vertraulichkeit Ihrer (Ende-zu-Ende-verschlüsselten) Kommunikation gefährden.

which translates to: "Don't use RSS-Feeds in thunderbird for now. There are serious security problems, which could endanger the confidentiality of your (end to end encrypted) communication."

this is the link to the press release (in german, parts are translated): https://posteo.de/blog/sicherheits-warnung-f%C3%BCr-thunderbird-und-enigmail-nutzer-schwachstellen-gef%C3%A4hrden-vertraulichkeit-der-kommunikation

#16 Updated by intrigeri 7 months ago

The "Kalender, RSS und andere Funktionen mit Rich-Text" wording suggests that the problems come with rich-text, so with the default Torbirdy settings (only the plaintext of RSS feeds is fetched and displayed) we should be safe. But there may be other, critical security problems with RSS feeds, so let's be careful: even though it's likely that Liferea is affected by similar problems (see e.g. #9429), we're not in a big hurry.

Let's keep this topic on the monthly meeting agenda. I'm hereby amending my proposal that becomes:

  1. in Tails 3.5 (January 23) we wrap Liferea to display a "Liferea is going away, please migrate your feeds to Thunderbird"; not sure it's worth documenting how to migrate feeds (export + import OPML)
  2. in the first Tails release that switches to the next Thunderbird ESR (likely 60), that will have the fixes this article mentions: we stop shipping Liferea, drop it from the list of features, add feed reading to the list of Thunderbird features on doc/about/features, and close #7626.

#17 Updated by intrigeri 7 months ago

  • Target version changed from Tails_3.6 to Tails_3.7
  • Type of work changed from Discuss to Code

During the 2018-01 meeting we decided:

  1. In the first Tails release that switches to the next Thunderbird ESR (likely 60), that will have the fixes the Posteo article mentions: we wrap Liferea to display "Liferea is going away, please migrate your feeds to Thunderbird"
  2. In the following (N+1) release or N+2, we remove Liferea, drop it from the list of features, add feed reading to the list of Thunderbird features on doc/about/features, and close #7626.

#18 Updated by intrigeri 7 months ago

#19 Updated by intrigeri 7 months ago

#20 Updated by intrigeri 5 months ago

#21 Updated by intrigeri 4 months ago

  • Target version changed from Tails_3.7 to Tails_3.8

I don't think we'll have Thunderbird ESR60 in Tails 3.7: #15091#note-18.

#22 Updated by lamby about 2 months ago

  • Assignee changed from intrigeri to lamby
  • Estimated time set to 1.00 h

Self-assigning ticket during meeting on tails-meeting with nod from intrigeri. Adding 1 hour to estimate/max-time. See the prior art in unsafe-browser and electrum.

#23 Updated by intrigeri 23 days ago

  • Target version changed from Tails_3.8 to Tails_3.9

#24 Updated by intrigeri 21 days ago

#25 Updated by intrigeri 21 days ago

#26 Updated by lamby 11 days ago

Patch attached. Can also be found using the 11082-deprecate-liferea branch on https://github.com/lamby/tails.

#27 Updated by intrigeri 10 days ago

  • Status changed from Confirmed to In Progress
  • Feature Branch set to feature/11082-deprecate-liferea

Thank you!

I've:

  1. merged current devel into the topic branch (https://tails.boum.org/contribute/git/#branches)
  2. integrated the new wrapper into our translation system (2bf9ab76848ec0e45f6afc0f2d3573d9a60ec6b1)

Code looks good. My only concerns are:

  • The wrapper does not apply to Liferea started via D-Bus activation: /usr/share/dbus-1/services/net.sourceforge.liferea.service has Exec=/usr/bin/torsocks /usr/bin/liferea --gapplication-service. If we don't expose ways to trigger that to users, fine. If not, it'll be a tiny bit more involved since we already patch the .service file in config/chroot_local-hooks/09-torsocks-apps. I'll quickly check it.
  • The "Due to security concerns the Liferea RSS reader from a future […]" sentence is broken. I'll ask our in-house GUI designer to tell us what the string should be.

#28 Updated by intrigeri 10 days ago

  • Assignee changed from intrigeri to lamby
  • QA Check deleted (Ready for QA)

intrigeri wrote:

  • The wrapper does not apply to Liferea started via D-Bus activation: /usr/share/dbus-1/services/net.sourceforge.liferea.service has Exec=/usr/bin/torsocks /usr/bin/liferea --gapplication-service. If we don't expose ways to trigger that to users, fine. If not, it'll be a tiny bit more involved since we already patch the .service file in config/chroot_local-hooks/09-torsocks-apps. I'll quickly check it.

Indeed, starting Liferea from the Applications menu or from the Activities Overview does not display the warning and the list of processes says /usr/bin/liferea --gapplication-service, so GNOME starts Liferea via the D-Bus service. I suspect you've tested your branch only by starting Liferea from a terminal and not in the way most users would start it :)

lamby, do you have budgetted time left to fix this? I think I would use a config/chroot_local-patches/ to s|/usr/bin/liferea|/usr/local/bin/liferea| and then let the unmodified config/chroot_local-hooks/09-torsocks-apps code handle the torsocks wrapping. It won't be pretty but that's a temporary wrapper anyway, it'll get removed in Tails 3.11, so whatever works.

  • The "Due to security concerns the Liferea RSS reader from a future […]" sentence is broken. I'll ask our in-house GUI designer to tell us what the string should be.

sajolida and I came up with a good string and I updated my branch to use it => case closed.

#29 Updated by lamby 10 days ago

  • Assignee changed from lamby to intrigeri
  • QA Check set to Ready for QA

#30 Updated by intrigeri 10 days ago

  • Assignee changed from intrigeri to lamby
  • QA Check changed from Ready for QA to Dev Needed

Fixed by cherry-picking https://github.com/lamby/tails/commit/61e9cb092377f174d57836523f68dceab948a539.diff

I've merged your updated branch (that has this commit) into mine, built an ISO, started it, clicked Liferea in the applications menu, and nothing shows up except the "waiting" cursor. Looking closer:

$ /usr/bin/torsocks /usr/local/bin/liferea --gapplication-service
1531157610 WARNING torsocks[7735]: [syscall] Unsupported syscall number 217. Denying the call (in tsocks_syscall() at syscall.c:488)
Traceback (most recent call last):
File "/usr/local/bin/liferea", line 53, in <module>
sys.exit(main(*sys.argv[1:]))
TypeError: main() takes 0 positional arguments but 1 was given

Sorry I did not make the expectations clear previously, I'll do it now: for such tasks, whose outcome is a specific user-visible change in a running Tails, I expect submitted branches have been tested as in "built an ISO, booted it, tested by acting as closely as possible to how a non-tech-savvy user would, and works as intended". Unless of course we have an automatic test case precisely about the expected outcome, in which case passing the automated test can be sufficient. Let's take this part of the work into account when we do time estimates in the future (usually, for such small things, the build+test part would add 5-30 minutes of focused work depending on how many iterations are needed, but for larger projects it may be much bigger). Deal? :)

#31 Updated by lamby 10 days ago

  • Assignee changed from lamby to intrigeri
  • QA Check changed from Dev Needed to Ready for QA

Ick, urgh, blarghg, I'm really sorry for screwing up twice in one week and wasting your time here. This is pretty unprofessional of me and I can only apologise. I feel pretty crappy about this now... I had been "half" testing these changes on the command-line in a booted Tails instance and then copy-pasting scripts back and forth, rather than generating a new ISO and testing everything from scratch. Naturally, this can lead to errors, omissions or missed changes, as I have discovered when hacking on d-i..

I now plan on testing this properly (as you describe...) but I cannot this evening as I am about to head out. However, I do believe (and again, half-tested!) the fix is https://github.com/lamby/tails/commit/9d97257028f0bdecbcd33ab0a01eeefc10d27a5d.patch, or at least that is what I plan on testing first.

[Marking as "needing QA" but taking ticket back]

#32 Updated by lamby 10 days ago

  • Assignee changed from intrigeri to lamby

#33 Updated by intrigeri 10 days ago

I feel pretty crappy about this now...

No worries! Shit happens and I totally trust your ability to learn from this small mistake :)

I had been "half" testing these changes on the command-line in a booted Tails instance and then copy-pasting scripts back and forth, rather than generating a new ISO and testing everything from scratch.

Actually, many (most?) of us do that, it's totally fine and I don't see how we would survive otherwise: clearly the feedback loop is too long for such small changes when one has to build an ISO between every single hack/test iteration. And as you've discovered, one final ISO build + manual test of the branch is key to validating that what one is requesting a merge for is indeed what one has validated earlier by taking shortcuts. But I know for a fact that it's very hard to self-enforce this discipline for things that look very simple like this, because what can possibly go wrong? :)

I now plan on testing this properly (as you describe...) but I cannot this evening as I am about to head out. However, I do believe (and again, half-tested!) the fix is https://github.com/lamby/tails/commit/9d97257028f0bdecbcd33ab0a01eeefc10d27a5d.patch, or at least that is what I plan on testing first.

Great :)

#34 Updated by lamby 9 days ago

(I won't be able to do this today due to not having my charger and the image building will chew into my battery)

#35 Updated by intrigeri 9 days ago

(I won't be able to do this today due to not having my charger and the image building will chew into my battery)

No worries, it can as well happen later as long as we can merge it by August 13 :)

#36 Updated by lamby 4 days ago

Sorry for the delay but I had some fun getting my local Tails build environment up and running.

I've now tested this with my aforementioned patch:

Loading from the launcher:

Loading from the command-line:

Liferea loads successfully in all cases:

This was tails-amd64-11082-deprecate-liferea-3.9-20180715T0939Z-5b460c1796.iso.

Build log attached

Also available in: Atom PDF