usb.rb 22.5 KB
Newer Older
1
2
3
4
5
6
7
8
9
# Returns a hash that for each preset the running Tails is aware of
# maps the source to the destination.
def get_persistence_presets(skip_links = false)
  # Perl script that prints all persistence presets (one per line) on
  # the form: <mount_point>:<comma-separated-list-of-options>
  script = <<-EOF
  use strict;
  use warnings FATAL => "all";
  use Tails::Persistence::Configuration::Presets;
Tails developers's avatar
Tails developers committed
10
11
  foreach my $preset (Tails::Persistence::Configuration::Presets->new()->all) {
    say $preset->destination, ":", join(",", @{$preset->options});
12
  }
13
14
15
16
EOF
  # VMCommand:s cannot handle newlines, and they're irrelevant in the
  # above perl script any way
  script.delete!("\n")
17
  presets = $vm.execute_successfully("perl -E '#{script}'").stdout.chomp.split("\n")
18
19
20
21
22
23
24
25
26
  assert presets.size >= 10, "Got #{presets.size} persistence presets, " +
                             "which is too few"
  persistence_mapping = Hash.new
  for line in presets
    destination, options_str = line.split(":")
    options = options_str.split(",")
    is_link = options.include? "link"
    next if is_link and skip_links
    source_str = options.find { |option| /^source=/.match option }
27
28
29
30
31
32
33
    # If no source is given as an option, live-boot's persistence
    # feature defaults to the destination minus the initial "/".
    if source_str.nil?
      source = destination.partition("/").last
    else
      source = source_str.split("=")[1]
    end
34
35
36
37
38
39
40
41
42
43
44
    persistence_mapping[source] = destination
  end
  return persistence_mapping
end

def persistent_dirs
  get_persistence_presets
end

def persistent_mounts
  get_persistence_presets(true)
45
46
end

47
def persistent_volumes_mountpoints
48
  $vm.execute("ls -1 -d /live/persistence/*_unlocked/").stdout.chomp.split
49
50
end

51
Given /^I clone USB drive "([^"]+)" to a new USB drive "([^"]+)"$/ do |from, to|
52
  $vm.storage.clone_to_new_disk(from, to)
53
54
55
end

Given /^I unplug USB drive "([^"]+)"$/ do |name|
56
  $vm.unplug_drive(name)
57
58
end

59
Given /^the computer is set to boot from the old Tails DVD$/ do
60
  $vm.set_cdrom_boot(OLD_TAILS_ISO)
61
62
end

63
Given /^the computer is set to boot in UEFI mode$/ do
64
  $vm.set_os_loader('UEFI')
65
66
67
  @os_loader = 'UEFI'
end

68
class UpgradeNotSupported < StandardError
69
70
end

71
72
73
def usb_install_helper(name)
  @screen.wait('USBCreateLiveUSB.png', 10)

74
75
  # Here we'd like to select USB drive using #{name}, but Sikuli's
  # OCR seems to be too unreliable.
76
77
78
#  @screen.wait('USBTargetDevice.png', 10)
#  match = @screen.find('USBTargetDevice.png')
#  region_x = match.x
79
80
81
#  region_y = match.y + match.h
#  region_w = match.w*3
#  region_h = match.h*2
82
83
84
85
86
#  ocr = Sikuli::Region.new(region_x, region_y, region_w, region_h).text
#  STDERR.puts ocr
#  # Unfortunately this results in almost garbage, like "|]dev/sdm"
#  # when it should be /dev/sda1

87
  @screen.wait_and_click('USBCreateLiveUSB.png', 10)
88
89
  if @screen.exists("USBCannotUpgrade.png")
    raise UpgradeNotSupported
90
  end
91
  @screen.wait('USBCreateLiveUSBConfirmWindow.png', 10)
92
  @screen.wait_and_click('USBCreateLiveUSBConfirmYes.png', 10)
93
94
95
  @screen.wait('USBInstallationComplete.png', 60*60)
end

96
When /^I start Tails Installer$/ do
97
  step 'I start "TailsInstaller" via the GNOME "Tails" applications menu'
98
99
100
  @screen.wait('USBCloneAndInstall.png', 30)
end

101
102
When /^I start Tails Installer in "([^"]+)" mode$/ do |mode|
  step 'I start Tails Installer'
103
104
105
106
107
108
109
110
111
112
  case mode
  when 'Clone & Install'
    @screen.wait_and_click('USBCloneAndInstall.png', 10)
  when 'Clone & Upgrade'
    @screen.wait_and_click('USBCloneAndUpgrade.png', 10)
  when 'Upgrade from ISO'
    @screen.wait_and_click('USBUpgradeFromISO.png', 10)
  else
    raise "Unsupported mode '#{mode}'"
  end
113
114
end

115
116
Then /^Tails Installer detects that a device is too small$/ do
  @screen.wait('TailsInstallerTooSmallDevice.png', 10)
117
118
end

119
When /^I "Clone & Install" Tails to USB drive "([^"]+)"$/ do |name|
120
  step 'I start Tails Installer in "Clone & Install" mode'
121
122
123
124
  usb_install_helper(name)
end

When /^I "Clone & Upgrade" Tails to USB drive "([^"]+)"$/ do |name|
125
  step 'I start Tails Installer in "Clone & Upgrade" mode'
126
127
128
  usb_install_helper(name)
end

129
130
131
When /^I try a "Clone & Upgrade" Tails to USB drive "([^"]+)"$/ do |name|
  begin
    step "I \"Clone & Upgrade\" Tails to USB drive \"#{name}\""
132
  rescue UpgradeNotSupported
133
134
135
136
137
138
139
140
141
    # this is what we expect
  else
    raise "The USB installer should not succeed"
  end
end

When /^I try to "Upgrade from ISO" USB drive "([^"]+)"$/ do |name|
  begin
    step "I do a \"Upgrade from ISO\" on USB drive \"#{name}\""
142
  rescue UpgradeNotSupported
143
144
145
146
147
148
    # this is what we expect
  else
    raise "The USB installer should not succeed"
  end
end

Tails developers's avatar
Tails developers committed
149
When /^I am suggested to do a "Clone & Install"$/ do
150
  @screen.find("USBCannotUpgrade.png")
151
152
end

153
154
When /^I am told that the destination device cannot be upgraded$/ do
  @screen.find("USBCannotUpgrade.png")
155
156
end

157
Given /^I setup a filesystem share containing the Tails ISO$/ do
anonym's avatar
anonym committed
158
159
  shared_iso_dir_on_host = "#{$config["TMPDIR"]}/shared_iso_dir"
  @shared_iso_dir_on_guest = "/tmp/shared_iso_dir"
160
161
162
  FileUtils.mkdir_p(shared_iso_dir_on_host)
  FileUtils.cp(TAILS_ISO, shared_iso_dir_on_host)
  add_after_scenario_hook { FileUtils.rm_r(shared_iso_dir_on_host) }
163
  $vm.add_share(shared_iso_dir_on_host, @shared_iso_dir_on_guest)
164
165
end

166
When /^I do a "Upgrade from ISO" on USB drive "([^"]+)"$/ do |name|
167
  step 'I start Tails Installer in "Upgrade from ISO" mode'
168
169
  @screen.wait('USBUseLiveSystemISO.png', 10)
  match = @screen.find('USBUseLiveSystemISO.png')
170
  @screen.click(match.getCenter.offset(0, match.h*2))
171
  @screen.wait('USBSelectISO.png', 10)
172
  @screen.wait_and_click('GnomeFileDiagHome.png', 10)
173
174
  @screen.type("l", Sikuli::KeyModifier.CTRL)
  @screen.wait('GnomeFileDiagTypeFilename.png', 10)
175
  iso = "#{@shared_iso_dir_on_guest}/#{File.basename(TAILS_ISO)}"
176
177
  @screen.type(iso)
  @screen.wait_and_click('GnomeFileDiagOpenButton.png', 10)
178
179
180
181
182
  usb_install_helper(name)
end

Given /^I enable all persistence presets$/ do
  @screen.wait('PersistenceWizardPresets.png', 20)
183
184
185
186
187
188
  # Select the "Persistent" folder preset, which is checked by default.
  @screen.type(Sikuli::Key.TAB)
  # Check all non-default persistence presets, i.e. all *after* the
  # "Persistent" folder, which are unchecked by default.
  (persistent_dirs.size - 1).times do
    @screen.type(Sikuli::Key.TAB + Sikuli::Key.SPACE)
189
  end
190
  @screen.wait_and_click('PersistenceWizardSave.png', 10)
191
  @screen.wait('PersistenceWizardDone.png', 20)
192
  @screen.type(Sikuli::Key.F4, Sikuli::KeyModifier.ALT)
193
194
end

195
Given /^I create a persistent partition$/ do
196
  step 'I start "ConfigurePersistentVolume" via the GNOME "Tails" applications menu'
197
  @screen.wait('PersistenceWizardStart.png', 20)
198
  @screen.type(@persistence_password + "\t" + @persistence_password + Sikuli::Key.ENTER)
Tails developers's avatar
Tails developers committed
199
  @screen.wait('PersistenceWizardPresets.png', 300)
200
201
202
  step "I enable all persistence presets"
end

203
def check_disk_integrity(name, dev, scheme)
204
  info = $vm.execute("udisksctl info --block-device '#{dev}'").stdout
205
206
207
208
209
210
211
  info_split = info.split("\n  org\.freedesktop\.UDisks2\.PartitionTable:\n")
  dev_info = info_split[0]
  part_table_info = info_split[1]
  assert(part_table_info.match("^    Type: +#{scheme}$"),
         "Unexpected partition scheme on USB drive '#{name}', '#{dev}'")
end

212
def check_part_integrity(name, dev, usage, fs_type, part_label, part_type = nil)
213
  info = $vm.execute("udisksctl info --block-device '#{dev}'").stdout
214
  info_split = info.split("\n  org\.freedesktop\.UDisks2\.Partition:\n")
215
216
  dev_info = info_split[0]
  part_info = info_split[1]
217
  assert(dev_info.match("^    IdUsage: +#{usage}$"),
218
         "Unexpected device field 'usage' on USB drive '#{name}', '#{dev}'")
219
220
221
  assert(dev_info.match("^    IdType: +#{fs_type}$"),
         "Unexpected device field 'IdType' on USB drive '#{name}', '#{dev}'")
  assert(part_info.match("^    Name: +#{part_label}$"),
222
         "Unexpected partition label on USB drive '#{name}', '#{dev}'")
223
224
225
226
  if part_type
    assert(part_info.match("^    Type: +#{part_type}$"),
           "Unexpected partition type on USB drive '#{name}', '#{dev}'")
  end
227
228
end

229
def tails_is_installed_helper(name, tails_root, loader)
230
  disk_dev = $vm.disk_dev(name)
231
232
  part_dev = disk_dev + "1"
  check_disk_integrity(name, disk_dev, "gpt")
233
234
235
  check_part_integrity(name, part_dev, "filesystem", "vfat", "Tails",
                       # EFI System Partition
                       'c12a7328-f81f-11d2-ba4b-00a0c93ec93b')
236

237
  target_root = "/mnt/new"
238
  $vm.execute("mkdir -p #{target_root}")
239
  $vm.execute("mount #{part_dev} #{target_root}")
240

241
  c = $vm.execute("diff -qr '#{tails_root}/live' '#{target_root}/live'")
242
  assert(c.success?,
243
         "USB drive '#{name}' has differences in /live:\n#{c.stdout}\n#{c.stderr}")
244

245
  syslinux_files = $vm.execute("ls -1 #{target_root}/syslinux").stdout.chomp.split
246
  # We deal with these files separately
247
  ignores = ["syslinux.cfg", "exithelp.cfg", "ldlinux.c32", "ldlinux.sys"]
248
  for f in syslinux_files - ignores do
249
    c = $vm.execute("diff -q '#{tails_root}/#{loader}/#{f}' " +
250
                    "'#{target_root}/syslinux/#{f}'")
251
252
253
254
255
    assert(c.success?, "USB drive '#{name}' has differences in " +
           "'/syslinux/#{f}'")
  end

  # The main .cfg is named differently vs isolinux
256
  c = $vm.execute("diff -q '#{tails_root}/#{loader}/#{loader}.cfg' " +
257
                  "'#{target_root}/syslinux/syslinux.cfg'")
258
259
260
  assert(c.success?, "USB drive '#{name}' has differences in " +
         "'/syslinux/syslinux.cfg'")

261
262
  $vm.execute("umount #{target_root}")
  $vm.execute("sync")
263
264
end

265
266
267
268
269
270
Then /^the running Tails is installed on USB drive "([^"]+)"$/ do |target_name|
  loader = boot_device_type == "usb" ? "syslinux" : "isolinux"
  tails_is_installed_helper(target_name, "/lib/live/mount/medium", loader)
end

Then /^the ISO's Tails is installed on USB drive "([^"]+)"$/ do |target_name|
271
  iso = "#{@shared_iso_dir_on_guest}/#{File.basename(TAILS_ISO)}"
272
  iso_root = "/mnt/iso"
273
274
  $vm.execute("mkdir -p #{iso_root}")
  $vm.execute("mount -o loop #{iso} #{iso_root}")
Tails developers's avatar
Tails developers committed
275
  tails_is_installed_helper(target_name, iso_root, "isolinux")
276
  $vm.execute("umount #{iso_root}")
277
278
end

279
Then /^there is no persistence partition on USB drive "([^"]+)"$/ do |name|
280
281
  data_part_dev = $vm.disk_dev(name) + "2"
  assert(!$vm.execute("test -b #{data_part_dev}").success?,
282
283
284
         "USB drive #{name} has a partition '#{data_part_dev}'")
end

285
Then /^a Tails persistence partition exists on USB drive "([^"]+)"$/ do |name|
286
  dev = $vm.disk_dev(name) + "2"
287
  check_part_integrity(name, dev, "crypto", "crypto_LUKS", "TailsData")
288

289
290
  # The LUKS container may already be opened, e.g. by udisks after
  # we've run tails-persistence-setup.
291
  c = $vm.execute("ls -1 /dev/mapper/")
292
293
  if c.success?
    for candidate in c.stdout.split("\n")
294
      luks_info = $vm.execute("cryptsetup status #{candidate}")
295
296
297
298
299
300
301
      if luks_info.success? and luks_info.stdout.match("^\s+device:\s+#{dev}$")
        luks_dev = "/dev/mapper/#{candidate}"
        break
      end
    end
  end
  if luks_dev.nil?
302
303
    c = $vm.execute("echo #{@persistence_password} | " +
                    "cryptsetup luksOpen #{dev} #{name}")
304
305
306
    assert(c.success?, "Couldn't open LUKS device '#{dev}' on  drive '#{name}'")
    luks_dev = "/dev/mapper/#{name}"
  end
307
308

  # Adapting check_part_integrity() seems like a bad idea so here goes
309
  info = $vm.execute("udisksctl info --block-device '#{luks_dev}'").stdout
310
311
312
313
  assert info.match("^    CryptoBackingDevice: +'/[a-zA-Z0-9_/]+'$")
  assert info.match("^    IdUsage: +filesystem$")
  assert info.match("^    IdType: +ext[34]$")
  assert info.match("^    IdLabel: +TailsData$")
314
315

  mount_dir = "/mnt/#{name}"
316
317
  $vm.execute("mkdir -p #{mount_dir}")
  c = $vm.execute("mount #{luks_dev} #{mount_dir}")
318
  assert(c.success?,
Tails developers's avatar
Tails developers committed
319
         "Couldn't mount opened LUKS device '#{dev}' on drive '#{name}'")
320

321
322
323
  $vm.execute("umount #{mount_dir}")
  $vm.execute("sync")
  $vm.execute("cryptsetup luksClose #{name}")
324
325
end

326
Given /^I enable persistence$/ do
327
328
  @screen.wait('TailsGreeterPersistence.png', 10)
  @screen.type(Sikuli::Key.SPACE)
329
330
  @screen.wait('TailsGreeterPersistencePassphrase.png', 10)
  match = @screen.find('TailsGreeterPersistencePassphrase.png')
331
  @screen.click(match.getCenter.offset(match.w*2, match.h/2))
332
  @screen.type(@persistence_password)
333
334
end

335
336
def tails_persistence_enabled?
  persistence_state_file = "/var/lib/live/config/tails.persistence"
337
338
  return $vm.execute("test -e '#{persistence_state_file}'").success? &&
         $vm.execute(". '#{persistence_state_file}' && " +
339
                     'test "$TAILS_PERSISTENCE_ENABLED" = true').success?
340
341
end

342
Given /^all persistence presets(| from the old Tails version) are enabled$/ do |old_tails|
343
344
345
  try_for(120, :msg => "Persistence is disabled") do
    tails_persistence_enabled?
  end
346
  # Check that all persistent directories are mounted
347
348
349
  if old_tails.empty?
    expected_mounts = persistent_mounts
  else
350
    assert_not_nil($remembered_persistence_mounts)
351
    expected_mounts = $remembered_persistence_mounts
352
  end
353
  mount = $vm.execute("mount").stdout.chomp
354
  for _, dir in expected_mounts do
355
356
357
    assert(mount.include?("on #{dir} "),
           "Persistent directory '#{dir}' is not mounted")
  end
358
359
end

360
361
362
363
Given /^persistence is disabled$/ do
  assert(!tails_persistence_enabled?, "Persistence is enabled")
end

364
365
Given /^I enable read-only persistence$/ do
  step "I enable persistence"
366
  @screen.wait_and_click('TailsGreeterPersistenceReadOnly.png', 10)
367
368
end

369
def boot_device
370
371
  # Approach borrowed from
  # config/chroot_local_includes/lib/live/config/998-permissions
372
373
  boot_dev_id = $vm.execute("udevadm info --device-id-of-file=/lib/live/mount/medium").stdout.chomp
  boot_dev = $vm.execute("readlink -f /dev/block/'#{boot_dev_id}'").stdout.chomp
374
375
376
377
378
379
  return boot_dev
end

def boot_device_type
  # Approach borrowed from
  # config/chroot_local_includes/lib/live/config/998-permissions
380
  boot_dev_info = $vm.execute("udevadm info --query=property --name='#{boot_device}'").stdout.chomp
381
  boot_dev_type = (boot_dev_info.split("\n").select { |x| x.start_with? "ID_BUS=" })[0].split("=")[1]
382
383
384
  return boot_dev_type
end

385
386
387
388
389
390
391
392
393
Then /^Tails is running from (.*) drive "([^"]+)"$/ do |bus, name|
  bus = bus.downcase
  case bus
  when "ide"
    expected_bus = "ata"
  else
    expected_bus = bus
  end
  assert_equal(expected_bus, boot_device_type)
394
  actual_dev = boot_device
395
396
  # The boot partition differs between a "normal" install using the
  # USB installer and isohybrid installations
397
398
  expected_dev_normal = $vm.disk_dev(name) + "1"
  expected_dev_isohybrid = $vm.disk_dev(name) + "4"
399
400
  assert(actual_dev == expected_dev_normal ||
         actual_dev == expected_dev_isohybrid,
401
         "We are running from device #{actual_dev}, but for #{bus} drive " +
402
403
         "'#{name}' we expected to run from either device " +
         "#{expected_dev_normal} (when installed via the USB installer) " +
404
         "or #{expected_dev_isohybrid} (when installed from an isohybrid)")
405
406
407
408
409
end

Then /^the boot device has safe access rights$/ do

  super_boot_dev = boot_device.sub(/[[:digit:]]+$/, "")
410
  devs = $vm.execute("ls -1 #{super_boot_dev}*").stdout.chomp.split
411
  assert(devs.size > 0, "Could not determine boot device")
412
  all_users = $vm.execute("cut -d':' -f1 /etc/passwd").stdout.chomp.split
413
  all_users_with_groups = all_users.collect do |user|
414
    groups = $vm.execute("groups #{user}").stdout.chomp.sub(/^#{user} : /, "").split(" ")
415
416
417
    [user, groups]
  end
  for dev in devs do
418
419
420
    dev_owner = $vm.execute("stat -c %U #{dev}").stdout.chomp
    dev_group = $vm.execute("stat -c %G #{dev}").stdout.chomp
    dev_perms = $vm.execute("stat -c %a #{dev}").stdout.chomp
421
    assert_equal("root", dev_owner)
422
423
    assert(dev_group == "disk" || dev_group == "root",
           "Boot device '#{dev}' owned by group '#{dev_group}', expected " +
424
           "'disk' or 'root'.")
425
    assert_equal("660", dev_perms)
426
427
428
429
430
431
432
    for user, groups in all_users_with_groups do
      next if user == "root"
      assert(!(groups.include?(dev_group)),
             "Unprivileged user '#{user}' is in group '#{dev_group}' which " +
             "owns boot device '#{dev}'")
    end
  end
433

434
  info = $vm.execute("udisksctl info --block-device '#{super_boot_dev}'").stdout
intrigeri's avatar
intrigeri committed
435
  assert(info.match("^    HintSystem: +true$"),
436
         "Boot device '#{super_boot_dev}' is not system internal for udisks")
437
438
end

439
Then /^all persistent filesystems have safe access rights$/ do
440
  persistent_volumes_mountpoints.each do |mountpoint|
441
442
443
    fs_owner = $vm.execute("stat -c %U #{mountpoint}").stdout.chomp
    fs_group = $vm.execute("stat -c %G #{mountpoint}").stdout.chomp
    fs_perms = $vm.execute("stat -c %a #{mountpoint}").stdout.chomp
444
445
446
    assert_equal("root", fs_owner)
    assert_equal("root", fs_group)
    assert_equal('775', fs_perms)
447
448
449
  end
end

450
Then /^all persistence configuration files have safe access rights$/ do
451
  persistent_volumes_mountpoints.each do |mountpoint|
452
    assert($vm.execute("test -e #{mountpoint}/persistence.conf").success?,
453
           "#{mountpoint}/persistence.conf does not exist, while it should")
454
    assert($vm.execute("test ! -e #{mountpoint}/live-persistence.conf").success?,
455
           "#{mountpoint}/live-persistence.conf does exist, while it should not")
456
    $vm.execute(
457
458
      "ls -1 #{mountpoint}/persistence.conf #{mountpoint}/live-*.conf"
    ).stdout.chomp.split.each do |f|
459
460
461
      file_owner = $vm.execute("stat -c %U '#{f}'").stdout.chomp
      file_group = $vm.execute("stat -c %G '#{f}'").stdout.chomp
      file_perms = $vm.execute("stat -c %a '#{f}'").stdout.chomp
462
463
464
      assert_equal("tails-persistence-setup", file_owner)
      assert_equal("tails-persistence-setup", file_group)
      assert_equal("600", file_perms)
465
    end
Tails developers's avatar
Tails developers committed
466
  end
467
468
end

469
Then /^all persistent directories(| from the old Tails version) have safe access rights$/ do |old_tails|
470
471
472
  if old_tails.empty?
    expected_dirs = persistent_dirs
  else
473
    assert_not_nil($remembered_persistence_dirs)
474
    expected_dirs = $remembered_persistence_dirs
475
  end
476
  persistent_volumes_mountpoints.each do |mountpoint|
477
    expected_dirs.each do |src, dest|
Tails developers's avatar
Tails developers committed
478
      full_src = "#{mountpoint}/#{src}"
479
480
481
      assert_vmcommand_success $vm.execute("test -d #{full_src}")
      dir_perms = $vm.execute_successfully("stat -c %a '#{full_src}'").stdout.chomp
      dir_owner = $vm.execute_successfully("stat -c %U '#{full_src}'").stdout.chomp
482
      if dest.start_with?("/home/#{LIVE_USER}")
483
        expected_perms = "700"
484
        expected_owner = LIVE_USER
485
486
487
488
489
490
491
492
493
494
      else
        expected_perms = "755"
        expected_owner = "root"
      end
      assert_equal(expected_perms, dir_perms,
                   "Persistent source #{full_src} has permission " \
                   "#{dir_perms}, expected #{expected_perms}")
      assert_equal(expected_owner, dir_owner,
                   "Persistent source #{full_src} has owner " \
                   "#{dir_owner}, expected #{expected_owner}")
495
496
497
498
    end
  end
end

499
When /^I write some files expected to persist$/ do
500
  persistent_mounts.each do |_, dir|
501
    owner = $vm.execute("stat -c %U #{dir}").stdout.chomp
502
    assert($vm.execute("touch #{dir}/XXX_persist", :user => owner).success?,
503
           "Could not create file in persistent directory #{dir}")
504
505
506
507
  end
end

When /^I remove some files expected to persist$/ do
508
  persistent_mounts.each do |_, dir|
509
    owner = $vm.execute("stat -c %U #{dir}").stdout.chomp
510
    assert($vm.execute("rm #{dir}/XXX_persist", :user => owner).success?,
511
           "Could not remove file in persistent directory #{dir}")
512
513
514
515
  end
end

When /^I write some files not expected to persist$/ do
516
  persistent_mounts.each do |_, dir|
517
    owner = $vm.execute("stat -c %U #{dir}").stdout.chomp
518
    assert($vm.execute("touch #{dir}/XXX_gone", :user => owner).success?,
519
           "Could not create file in persistent directory #{dir}")
520
521
522
  end
end

523
When /^I take note of which persistence presets are available$/ do
524
525
  $remembered_persistence_mounts = persistent_mounts
  $remembered_persistence_dirs = persistent_dirs
526
527
528
529
530
531
end

Then /^the expected persistent files(| created with the old Tails version) are present in the filesystem$/ do |old_tails|
  if old_tails.empty?
    expected_mounts = persistent_mounts
  else
532
    assert_not_nil($remembered_persistence_mounts)
533
    expected_mounts = $remembered_persistence_mounts
534
535
  end
  expected_mounts.each do |_, dir|
536
    assert($vm.execute("test -e #{dir}/XXX_persist").success?,
537
           "Could not find expected file in persistent directory #{dir}")
538
    assert(!$vm.execute("test -e #{dir}/XXX_gone").success?,
539
540
541
542
           "Found file that should not have persisted in persistent directory #{dir}")
  end
end

543
Then /^only the expected files are present on the persistence partition on USB drive "([^"]+)"$/ do |name|
544
  assert(!$vm.is_running?)
545
  disk = {
546
    :path => $vm.storage.disk_path(name),
547
    :opts => {
548
      :format => $vm.storage.disk_format(name),
549
550
551
      :readonly => true
    }
  }
552
  $vm.storage.guestfs_disk_helper(disk) do |g, disk_handle|
553
554
555
556
557
558
559
560
561
    partitions = g.part_list(disk_handle).map do |part_desc|
      disk_handle + part_desc["part_num"].to_s
    end
    partition = partitions.find do |part|
      g.blkid(part)["PART_ENTRY_NAME"] == "TailsData"
    end
    assert_not_nil(partition, "Could not find the 'TailsData' partition " \
                              "on disk '#{disk_handle}'")
    luks_mapping = File.basename(partition) + "_unlocked"
562
    g.luks_open(partition, @persistence_password, luks_mapping)
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
    luks_dev = "/dev/mapper/#{luks_mapping}"
    mount_point = "/"
    g.mount(luks_dev, mount_point)
    assert_not_nil($remembered_persistence_mounts)
    $remembered_persistence_mounts.each do |dir, _|
      # Guestfs::exists may have a bug; if the file exists, 1 is
      # returned, but if it doesn't exist false is returned. It seems
      # the translation of C types into Ruby types is glitchy.
      assert(g.exists("/#{dir}/XXX_persist") == 1,
             "Could not find expected file in persistent directory #{dir}")
      assert(g.exists("/#{dir}/XXX_gone") != 1,
             "Found file that should not have persisted in persistent directory #{dir}")
    end
    g.umount(mount_point)
    g.luks_close(luks_dev)
  end
579
end
580
581

When /^I delete the persistent partition$/ do
582
  step 'I start "DeletePersistentVolume" via the GNOME "Tails" applications menu'
Tails developers's avatar
Tails developers committed
583
  @screen.wait("PersistenceWizardDeletionStart.png", 20)
584
585
586
  @screen.type(" ")
  @screen.wait("PersistenceWizardDone.png", 120)
end
587
588

Then /^Tails has started in UEFI mode$/ do
589
  assert($vm.execute("test -d /sys/firmware/efi").success?,
590
591
         "/sys/firmware/efi does not exist")
 end
592
593

Given /^I create a ([[:alpha:]]+) label on disk "([^"]+)"$/ do |type, name|
594
  $vm.storage.disk_mklabel(name, type)
595
end
596

597
Then /^a suitable USB device is (?:still )?not found$/ do
598
  @screen.wait("TailsInstallerNoQEMUHardDisk.png", 30)
599
600
601
602
603
604
605
606
607
end

Then /^the "(?:[[:alpha:]]+)" USB drive is selected$/ do
  @screen.wait("TailsInstallerQEMUHardDisk.png", 30)
end

Then /^no USB drive is selected$/ do
  @screen.wait("TailsInstallerNoQEMUHardDisk.png", 30)
end