[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#931459: release-notes: Release notes: mention re-introduction of the standard live image

jonathan wrote:
> Debian Live Buster re-introduces the standard live image. This is a
> basic Debian image that contains a base Debian system without any
> graphical user interface. Because it installs from a squashfs image
> rather than installing the system files using dpkg, installation times
> are a lot faster than installing from a minimal Debian installation
> image.

So this is another text that should go in whats-new?  It seems as
though it should include the item about calamares, instead of just
being plonked down after it:

<section id="debian-live">
  <!-- stretch to buster -->
  <title>Debian Live</title>
  <para>
    Debian Live Buster re-introduces the standard live image. This is a
    basic Debian image that contains a base Debian system without any
    graphical user interface. Because it installs from a squashfs image
    rather than installing the system files using <command>dpkg</command>,
    installation times are a lot faster than installing from a minimal
    Debian installation image.
  </para>
  <para>
    The live images also ship an additional installer called Calamares.
    Calamares is a distribution-agnostic project that aims to create a
    universal installer, providing an easy-to-use graphical interface
    designed for typical laptop and desktop users. It doesn't yet support
    advanced partitioning options like RAID, but for advanced users,
    debian-installer is still available from the installation media boot menu.
  </para>
</section>

This would also imply a correction to the link from issues.dbk.
Revised versions of two patches (plus another copy of the bonus patch
for evolution) attached.
-- 
JBR	with qualifications in linguistics, experience as a Debian
	sysadmin, and probably no clue about this particular package

diff --git a/en/whats-new.dbk b/en/whats-new.dbk
index d5fcaa36..a8a7eaef 100644
--- a/en/whats-new.dbk
+++ b/en/whats-new.dbk
@@ -677,5 +677,26 @@ Among many others, this release also includes the following software updates:
   </para>
 </section>
 
+<section id="debian-live">
+  <!-- stretch to buster -->
+  <title>Debian Live</title>
+  <para>
+    Debian Live Buster re-introduces the standard live image. This is a
+    basic Debian image that contains a base Debian system without any
+    graphical user interface. Because it installs from a squashfs image
+    rather than installing the system files using <command>dpkg</command>,
+    installation times are a lot faster than installing from a minimal
+    Debian installation image.
+  </para>
+  <para>
+    The live images also ship an additional installer called Calamares.
+    Calamares is a distribution-agnostic project that aims to create a
+    universal installer, providing an easy-to-use graphical interface
+    designed for typical laptop and desktop users. It doesn't yet support
+    advanced partitioning options like RAID, but for advanced users,
+    debian-installer is still available from the installation media boot menu.
+  </para>
+</section>
+
 </section>
 </chapter>

diff --git a/en/issues.dbk b/en/issues.dbk
index b5c1d004..4f02beb4 100644
--- a/en/issues.dbk
+++ b/en/issues.dbk
@@ -692,6 +692,33 @@ $ sudo update-initramfs -u
     </para>
   </section>
 
+  <section id="calamares-creates-readable-key">
+    <!-- stretch to buster -->
+    <title>
+      Calamares installer leaves disk encryption keys readable
+    </title>
+    <para>
+      When installing Debian from live media using the Calamares installer
+      (<ulink url="&url-wiki;debian-live">new in buster</ulink>)
+      and selecting the full disk encryption feature, the disk's unlock key
+      is stored in the initramfs which is world readable. This allows users
+      with local filesystem access to read the private key and gain access
+      to the filesystem again in the future.
+    </para>
+    <para>
+      This can be worked around by adding <literal>UMASK=0077</literal> to
+      <filename>/etc/initramfs-tools/conf.d/initramfs-permissions</filename>
+      and running <command>update-initramfs -u</command>. This will recreate
+      the initramfs without world-readable permissions.
+    </para>
+    <para>
+      A fix for the installer is being planned (see <ulink
+      url="&url-bts;931373">bug #931373</ulink>) and will be uploaded to
+      debian-security. In the meantime users of full disk encryption should
+      apply the above workaround.
+    </para>
+  </section>
+
 </section>
 
 </chapter>

diff --git a/en/issues.dbk b/en/issues.dbk
index b5c1d004..720bdfc0 100644
--- a/en/issues.dbk
+++ b/en/issues.dbk
@@ -684,9 +684,9 @@ $ sudo update-initramfs -u
       Users using <systemitem role="package">evolution</systemitem> as their
       email client and connecting to a server running Exchange, Office365 or
       Outlook using the <systemitem role="package">evolution-ews</systemitem>
-      plugin should not upgrade to Buster without backing up data and finding an
+      plugin should not upgrade to buster without backing up data and finding an
       alternative solution beforehand, as evolution-ews has been dropped due to
-      <ulink url="&url-bts;926712">bug (#926712)</ulink> and their email
+      <ulink url="&url-bts;926712">bug #926712</ulink> and their email
       inboxes, calendar, contact lists and tasks will be removed and will no
       longer be usable.
     </para>
Reply to: