Design scenario and features for a Tails Installer package in Debian

It might simplify the installation workflow to have a Tails Installer package in Debian (eventually also Ubuntu) for downloading, verifying, and installing the ISO.

This could be a use scenario:

1. The user installs the tails-installer package.
2. The user starts Tails Installer.
3. Tails Installer downloads the latest ISO image.
4. Tails Installer verifies the ISO first with the signing key from the package.
5. Tails Installer also tries to verify the ISO using the user’s keyring.
6. Tails Installer compares both results and warn the user if they differ.
7. Tails Installer installs the ISO image onto a USB stick.
8. The user restarts on a fully operational Tails and is happy.

The user might, either before, either after using the Installer, do
stronger verification on the signing key in her own keyring. For example
you might have a personal trust path or a local signature in your
personal keyring. But we shouldn’t import automatically new keys in the user’s keyring. On the other hand, it might always be a good thing to verify the ISO with a key included in the package, probably using a dedicated keyring.

Blueprint: https://tails.boum.org/blueprint/bootstrapping/installer/

Parent Task: #8549 (closed)

Related issues

Blocks #8556 (closed)

Original created by @sajolida on 7046 (Redmine)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information