In T767#14406, @jonas.smedegaard wrote:

I agree that it seems the study gets installed onto the local machine - but not run: the fix was not applied.
My concern was if backdoor could be abused (i.e. I focused on the "and" in your original title).
You got a point that even if not succesfully executed there is a concern that Mozilla can push data onto the local machine at all.
Issue title adapted accordingly.

I agree that it seems the study gets installed onto the local machine - but not run: the fix was not applied.

In T767#14378, @jonas.smedegaard wrote:

I am still not convinced that anything more severe than cosmetic was "going on": Please clarify how you come to the conclusion that Firefox Shield studies was installed and run.

@Gnutella If it's just changes like a different slideshow, icon, colors and logo image then yes, that's possible - I already did that once.
That said, the GNOME flavor is currently the focus of development, the Plasma flavor is less well maintained (so focusing on GNOME as long as it doesn't completely break the Plasma installations would also be fair).

firefox-esr (a.k.a. PureBrowser) 60.6.2esr-1pureos1 was confirmed accepted 25 minuts ago.

The plot thickens

For the "pull in the latest firefox-esr from Debian" part, it was prepared earlier today¹ and uploading (but failing and failing) now².

I am still not convinced that anything more severe than cosmetic was "going on": Please clarify how you come to the conclusion that Firefox Shield studies was installed and run.

I've added support to debuerreotype for that https://github.com/debuerreotype/debuerreotype/pull/63 and put current images here: https://hub.docker.com/r/godiug/pureos/tags

In T767#14369, @jonas.smedegaard wrote:

Is PureBrowser the *only* Mozilla browser you run on that machine?

@mak I'm coming from source and turns out that what I had in mind is rather inconvenient to do because it would require 2 Cala packages. One for Gnome and one for Plasma. Dare I ask if it's feasible?

It is my understanding that PureBrowser is immune to the Normandy backdoor, because PureBrowser has removed the hidden system add-on "Application Update Service Helper" (along with all other hidden system add-ons).

Is PureBrowser the *only* Mozilla browser you run on that machine?

So if this is going to be PureOS specific then we need to discuss this with @francois because he'll have PureOS related material that I imagine we'll want to use. If it is not meant to be PureOS specific, just a generic installer, then I don't really have an opinion beyond respecting existing copyrights and trademarks. I do hope to limit any customizations to images and slides that clarify what is happening for the user. I think it should be abundantly clear that the user is installing PureOS if that is in fact what is happening.

First off, agreement should be reached on whether the installer should:

1. default to full screen, as it does in pureos-8.0-plasma-live_20190501

2. be as in pureos-8.0-plasma-live_20190126

Package is updated in landing and will soon migrate to green.

Fixed.

but if logout/login is needed, please add a note to the end of the instructions.

Can confirm it works on my end, thank you everyone.

You are right: An issue tracker is the wrong tool for writing or inquiring a how-to.

Thanks. Those two packages just became available and it works now.

I wondered about that as well, turns out the package priority changed from optional to important.
I adjusted the override now, so the package can be removed again and should no longer be present in default installations.

This is now a new issue, caused by a change in lsb-release which was switched to exclusively read /etc/os-release and started to capitalize the distribution-ID, which works for Debian, but not for PureOS.
I submitted a patch upstream: https://salsa.debian.org/debian/lsb/merge_requests/1

I just updated my system (PureOS - all updates on Librem 13v3), and "Software and Updates" does not work. From Tilex:

This has been fixed for a while now, can you try again with the latest PureOS Plasma image (>> 2019-05-04)?

There are in fact 2 long-standing wishes:

• move from PureBrowser to Gnome Web in the Gnome build
• move from PureBrowser to Falkon in the Plasma build

https://www.falkon.org/
https://community.kde.org/Incubator/Projects/Falkon/
https://phabricator.kde.org/project/board/245/

In T603#14252, @mak wrote:

Jup, reason being that the displaymanager isn't configured. This was once disabled on purpose, I just don't remember why, unfortunately.
I re-enabled the feature, the next live image should have it if there aren't any drawbacks to having it (I can't see any issues, the only potential clash would have been with the OEM installer, but we don't run the module there anyway).

This is fixed in gnome-control-center 3.30.3-1pureos1. After you installed this version, desktop-base can be removed (and ideally will be autoremoved).
Since PureOS *still* doesn't have any proper logo, I just reset the logo to the default GNOME one.

Jup, reason being that the displaymanager isn't configured. This was once disabled on purpose, I just don't remember why, unfortunately.
I re-enabled the feature, the next live image should have it if there aren't any drawbacks to having it (I can't see any issues, the only potential clash would have been with the OEM installer, but we don't run the module there anyway).

This is because gnome-control-center suddenly started to pull in desktop-base.
I'll look into this.

This is fixed in python-apt >= 1.8.4pureos1 - please verify that this works for you. The new version should reach the green channel in a few days.

Hmm... This is the last changelog entry for python-apt:

python-apt (1.8.1pureos1) green; urgency=medium

We have other requests to Mirror in Sweden and North America

A newer version of the GNOME Software application (gnome-software and gnome-software-common) still produces this bug. I think Matthias is pointing to the fact that the issue is in python-apt and that is independent from GNOME Software.

In T327#12891, @Jonathan wrote:

Hola si es difícil empaquetar opensnitch depende de librerías muy espesificas ,
Paquete debían
opensnitch_1.0.deb
https://sourceforge.net/projects/unknownos/files/opensnitch/
Es necesario instalar
apt-get install libnetfilter-queue1 libnetfilter-conntrack3 python3-slugify python-pyqt5 libc6 python3.7
Probado en debían Buster .

In T603#14022, @jeremiah.foster wrote:

There is a new version of Calamares out and I wonder if this is still an issue? @hayder could you let us know if this bug is still open?

It's a nice image, but likely ought to be replaced.

It looks like the patch was put in upstream python-apt https://metadata.ftp-master.debian.org/changelogs//main/p/python-apt/python-apt_1.8.4_changelog
It doesn't look like we bring it into PureOS however. It appears at the moment that python-apt is being rebuilt;

I can confirm that our version of GNOME-Software is about 1 year old. I'll discuss internally how we upgrade.

Thank you for the quick review & validation! :-)

This isn't actually a high priority issue, as it's only a visual/terminology thing. Will need input from the marketing team though, I think we canonically only call PureOS "PureOS" and not mention Linux (internally, GNU/Linux is used for PureOS though, so this may need to be changed).

It would be possible to alter the word Linux by GNU/Linux?

Hello @mak , Yes, the installation Finish all right =) I used iso 2019-05-01, its in my production notebook. Congratulations for your project. see...

This is resolved starting with the 2019-05-01 image builds.
Thanks for reporting this issue!
Since the installer changes are extensive this time, it would be awesome if you could test the new image and verify that the issue is gone. New images will become available on https://downloads.puri.sm/live/gnome/2019-05-01/ shortly.

To avoid packaging a third-party extension with PureOS, a solution I propose is to include the following about:config value string to PureBrowser:

Yes. That's the one I am following.

Are you following these instructions: https://tracker.pureos.net/w/installation_guide/live_system_installation/ ?

With support by email I was able to boot with a live cd and backup my files, although some of them in my home directory couldn't be backed up due to lacking permission. After doing that and panicking less a bit, I provided the content of the crypttab file to Mladen and he suggested to comment

My understanding is swap re-encryption enabled on reboot provides a higher level of security while losing the functionality you describe, namely resume after hibernate.

I too get "secure connection failed" in PureBrowser. I don't know why that happens. I downloaded the certificate but I see no apparent issues with the cert.

I think what is happening is that it is looking for the old key on your old drive and not finding it. (Hence the message: "No key available with this passphrase"). Is there anyway you can re-insert your old drive and then copy the contents over to the new disk? Alternatively, you may be able to inform cryptsetup about your new disk.

@jeremiah.foster Hello! I tested again (up-to-date libraries as in your comment) and still get the error.