Merge branch 'test/5571-no-more-filesystem-shares' into stable (Fix-committed: #5571)

05e8bebc · intrigeri · be9b18da · aecf387e · be9b18da · 05e8bebc
Commit 05e8bebc authored Dec 28, 2016 by intrigeri
--- a/features/domains/fs_share.xml
+++ b/features/domains/fs_share.xml
-<filesystem type='mount' accessmode='passthrough'>
-  <driver type='path' wrpolicy='immediate'/>
-  <source dir=''/>
-  <target dir=''/>
-  <readonly/>
-</filesystem>
--- a/features/mat.feature
+++ b/features/mat.feature
@@ -3,11 +3,8 @@ Feature: Metadata Anonymization Toolkit
  As a Tails user
  I want to be able to remove leaky metadata from documents and media files

-  # In this feature we cannot restore from snapshots since it's
-  # incompatible with filesystem shares.
-
  Scenario: MAT can clean a PNG file
    Given a computer
-    And I setup a filesystem share containing a sample PNG
    And I start Tails from DVD with network unplugged and I login
+    And I plug and mount a USB drive containing a sample PNG
    Then MAT can clean some sample PNG file
--- a/features/step_definitions/checks.rb
+++ b/features/step_definitions/checks.rb
@@ -128,17 +128,6 @@ Then /^the VirtualBox guest modules are available$/ do
         "The vboxguest module is not available.")
 end

-Given /^I setup a filesystem share containing a sample PNG$/ do
-  shared_png_dir_on_host = "#{$config["TMPDIR"]}/shared_png_dir"
-  @shared_png_dir_on_guest = "/tmp/shared_png_dir"
-  FileUtils.mkdir_p(shared_png_dir_on_host)
-  Dir.glob("#{MISC_FILES_DIR}/*.png") do |png_file|
-    FileUtils.cp(png_file, shared_png_dir_on_host)
-  end
-  add_after_scenario_hook { FileUtils.rm_r(shared_png_dir_on_host) }
-  $vm.add_share(shared_png_dir_on_host, @shared_png_dir_on_guest)
-end
-
 Then /^the support documentation page opens in Tor Browser$/ do
  if @language == 'German'
    expected_title = 'Tails - Hilfe & Support'
@@ -156,11 +145,15 @@ Then /^the support documentation page opens in Tor Browser$/ do
  )
 end

+Given /^I plug and mount a USB drive containing a sample PNG$/ do
+  @png_dir = share_host_files(Dir.glob("#{MISC_FILES_DIR}/*.png"))
+end
+
 Then /^MAT can clean some sample PNG file$/ do
  for png_on_host in Dir.glob("#{MISC_FILES_DIR}/*.png") do
    png_name = File.basename(png_on_host)
    png_on_guest = "/home/#{LIVE_USER}/#{png_name}"
-    step "I copy \"#{@shared_png_dir_on_guest}/#{png_name}\" to \"#{png_on_guest}\" as user \"#{LIVE_USER}\""
+    step "I copy \"#{@png_dir}/#{png_name}\" to \"#{png_on_guest}\" as user \"#{LIVE_USER}\""
    raw_check_cmd = "grep --quiet --fixed-strings --text " +
                    "'Created with GIMP' '#{png_on_guest}'"
    assert($vm.execute(raw_check_cmd, user: LIVE_USER).success?,

--- a/features/step_definitions/common_steps.rb
+++ b/features/step_definitions/common_steps.rb
@@ -8,24 +8,6 @@ def post_vm_start_hook
  @screen.click_point(@screen.w - 1, @screen.h/2)
 end

-def activate_filesystem_shares
-  # XXX-9p: First of all, filesystem shares cannot be mounted while we
-  # do a snapshot save+restore, so unmounting+remounting them seems
-  # like a good idea. However, the 9p modules get into a broken state
-  # during the save+restore, so we also would like to unload+reload
-  # them, but loading of 9pnet_virtio fails after a restore with
-  # "probe of virtio2 failed with error -2" (in dmesg) which makes the
-  # shares unavailable. Hence we leave this code commented for now.
-  #for mod in ["9pnet_virtio", "9p"] do
-  #  $vm.execute("modprobe #{mod}")
-  #end
-
-  $vm.list_shares.each do |share|
-    $vm.execute("mkdir -p #{share}")
-    $vm.execute("mount -t 9p -o trans=virtio #{share} #{share}")
-  end
-end
-
 def context_menu_helper(top, bottom, menu_item)
  try_for(60) do
    t = @screen.wait(top, 10)
@@ -41,17 +23,6 @@ def context_menu_helper(top, bottom, menu_item)
  end
 end

-def deactivate_filesystem_shares
-  $vm.list_shares.each do |share|
-    $vm.execute("umount #{share}")
-  end
-
-  # XXX-9p: See XXX-9p above
-  #for mod in ["9p", "9pnet_virtio"] do
-  #  $vm.execute("modprobe -r #{mod}")
-  #end
-end
-
 # This helper requires that the notification image is the one shown in
 # the notification applet's list, not the notification pop-up.
 def robust_notification_wait(notification_image, time_to_wait)
@@ -92,9 +63,6 @@ def post_snapshot_restore_hook
  $vm.wait_until_remote_shell_is_up
  post_vm_start_hook

-  # XXX-9p: See XXX-9p above
-  #activate_filesystem_shares
-
  # The guest's Tor's circuits' states are likely to get out of sync
  # with the other relays, so we ensure that we have fresh circuits.
  # Time jumps and incorrect clocks also confuses Tor in many ways.
@@ -136,7 +104,7 @@ Given /^the computer is set to boot from (.+?) drive "(.+?)"$/ do |type, name|
  $vm.set_disk_boot(name, type.downcase)
 end

-Given /^I (temporarily )?create a (\d+) ([[:alpha:]]+) disk named "([^"]+)"$/ do |temporary, size, unit, name|
+Given /^I (temporarily )?create an? (\d+) ([[:alpha:]]+) disk named "([^"]+)"$/ do |temporary, size, unit, name|
  $vm.storage.create_new_disk(name, {:size => size, :unit => unit,
                                     :type => "qcow2"})
  add_after_scenario_hook { $vm.storage.delete_volume(name) } if temporary
@@ -343,7 +311,6 @@ Given /^the computer (re)?boots Tails$/ do |reboot|
               Sikuli::Key.ENTER)
  @screen.wait('TailsGreeter.png', 5*60)
  $vm.wait_until_remote_shell_is_up
-  activate_filesystem_shares
  step 'I configure Tails to use a simulated Tor network'
 end

@@ -993,3 +960,27 @@ Then /^Tails is running version (.+)$/ do |version|
       .scan(/TAILS_VERSION_ID="(#{version})"/).flatten.first
  assert_equal(version, v2, "The version doesn't match /etc/os-release")
 end
+
+def share_host_files(files)
+  files = [files] if files.class == String
+  assert_equal(Array, files.class)
+  disk_size = files.map { |f| File.new(f).size } .inject(0, :+)
+  # Let's add some extra space for filesysten overhead etc.
+  disk_size += [convert_to_bytes(1, 'MiB'), (disk_size * 0.10).ceil].max
+  disk = random_alpha_string(10)
+  step "I temporarily create an #{disk_size} bytes disk named \"#{disk}\""
+  step "I create a gpt partition labeled \"#{disk}\" with an ext4 " +
+       "filesystem on disk \"#{disk}\""
+  $vm.storage.guestfs_disk_helper(disk) do |g, _|
+    partition = g.list_partitions().first
+    g.mount(partition, "/")
+    files.each { |f| g.upload(f, "/" + File.basename(f)) }
+  end
+  step "I plug USB drive \"#{disk}\""
+  mount_dir = $vm.execute_successfully('mktemp -d').stdout.chomp
+  dev = $vm.disk_dev(disk)
+  partition = dev + '1'
+  $vm.execute_successfully("mount #{partition} #{mount_dir}")
+  $vm.execute_successfully("chmod -R a+rX '#{mount_dir}'")
+  return mount_dir
+end
--- a/features/step_definitions/totem.rb
+++ b/features/step_definitions/totem.rb
 Given /^I create sample videos$/ do
-  @shared_video_dir_on_host = "#{$config["TMPDIR"]}/shared_video_dir"
-  @shared_video_dir_on_guest = "/tmp/shared_video_dir"
-  FileUtils.mkdir_p(@shared_video_dir_on_host)
-  add_after_scenario_hook { FileUtils.rm_r(@shared_video_dir_on_host) }
+  @video_dir_on_host = "#{$config["TMPDIR"]}/video_dir"
+  FileUtils.mkdir_p(@video_dir_on_host)
+  add_after_scenario_hook { FileUtils.rm_r(@video_dir_on_host) }
  fatal_system("avconv -loop 1 -t 30 -f image2 " +
               "-i 'features/images/USBTailsLogo.png' " +
               "-an -vcodec libx264 -y " +
               '-filter:v "crop=in_w-mod(in_w\,2):in_h-mod(in_h\,2)" ' +
-               "'#{@shared_video_dir_on_host}/video.mp4' >/dev/null 2>&1")
+               "'#{@video_dir_on_host}/video.mp4' >/dev/null 2>&1")
 end

-Given /^I setup a filesystem share containing sample videos$/ do
-  $vm.add_share(@shared_video_dir_on_host, @shared_video_dir_on_guest)
+Given /^I plug and mount a USB drive containing sample videos$/ do
+  @video_dir_on_guest = share_host_files(
+    Dir.glob("#{@video_dir_on_host}/*")
+  )
 end

 Given /^I copy the sample videos to "([^"]+)" as user "([^"]+)"$/ do |destination, user|
-  for video_on_host in Dir.glob("#{@shared_video_dir_on_host}/*.mp4") do
+  for video_on_host in Dir.glob("#{@video_dir_on_host}/*.mp4") do
    video_name = File.basename(video_on_host)
-    src_on_guest = "#{@shared_video_dir_on_guest}/#{video_name}"
+    src_on_guest = "#{@video_dir_on_guest}/#{video_name}"
    dst_on_guest = "#{destination}/#{video_name}"
    step "I copy \"#{src_on_guest}\" to \"#{dst_on_guest}\" as user \"amnesia\""
  end

--- a/features/step_definitions/usb.rb
+++ b/features/step_definitions/usb.rb
@@ -78,7 +78,10 @@ end

 def usb_install_helper(name)
  @screen.wait('USBTailsLogo.png', 10)
-  if @screen.exists("USBCannotUpgrade.png")
+  text = Dogtail::Application.new('tails-installer')
+         .child('', roleName: 'text').text
+  dev = $vm.disk_dev(name)
+  if text.match(/It is impossible to upgrade the device .+ #{dev}\d* /)
    raise UpgradeNotSupported
  end
  begin
@@ -153,13 +156,9 @@ When /^I am told that the destination device cannot be upgraded$/ do
  @screen.find("USBCannotUpgrade.png")
 end

-Given /^I setup a filesystem share containing the Tails ISO$/ do
-  shared_iso_dir_on_host = "#{$config["TMPDIR"]}/shared_iso_dir"
-  @shared_iso_dir_on_guest = "/tmp/shared_iso_dir"
-  FileUtils.mkdir_p(shared_iso_dir_on_host)
-  FileUtils.cp(TAILS_ISO, shared_iso_dir_on_host)
-  add_after_scenario_hook { FileUtils.rm_r(shared_iso_dir_on_host) }
-  $vm.add_share(shared_iso_dir_on_host, @shared_iso_dir_on_guest)
+Given /^I plug and mount a USB drive containing the Tails ISO$/ do
+  iso_dir = share_host_files(TAILS_ISO)
+  @iso_path = "#{iso_dir}/#{File.basename(TAILS_ISO)}"
 end

 When /^I do a "Upgrade from ISO" on USB drive "([^"]+)"$/ do |name|
@@ -171,8 +170,7 @@ When /^I do a "Upgrade from ISO" on USB drive "([^"]+)"$/ do |name|
  @screen.wait_and_click('GnomeFileDiagHome.png', 10)
  @screen.type("l", Sikuli::KeyModifier.CTRL)
  @screen.wait('GnomeFileDiagTypeFilename.png', 10)
-  iso = "#{@shared_iso_dir_on_guest}/#{File.basename(TAILS_ISO)}"
-  @screen.type(iso)
+  @screen.type(@iso_path)
  @screen.wait_and_click('GnomeFileDiagOpenButton.png', 10)
  usb_install_helper(name)
 end
@@ -276,10 +274,9 @@ Then /^the running Tails is installed on USB drive "([^"]+)"$/ do |target_name|
 end

 Then /^the ISO's Tails is installed on USB drive "([^"]+)"$/ do |target_name|
-  iso = "#{@shared_iso_dir_on_guest}/#{File.basename(TAILS_ISO)}"
  iso_root = "/mnt/iso"
  $vm.execute("mkdir -p #{iso_root}")
-  $vm.execute("mount -o loop #{iso} #{iso_root}")
+  $vm.execute("mount -o loop #{@iso_path} #{iso_root}")
  tails_is_installed_helper(target_name, iso_root, "isolinux")
  $vm.execute("umount #{iso_root}")
 end

--- a/features/support/helpers/storage_helper.rb
+++ b/features/support/helpers/storage_helper.rb
@@ -144,13 +144,7 @@ class VMStorage
  end

  def disk_mklabel(name, parttype)
-    disk = {
-      :path => disk_path(name),
-      :opts => {
-        :format => disk_format(name)
-      }
-    }
-    guestfs_disk_helper(disk) do |g, disk_handle|
+    guestfs_disk_helper(name) do |g, disk_handle|
      g.part_init(disk_handle, parttype)
    end
  end
@@ -158,13 +152,7 @@ class VMStorage
  def disk_mkpartfs(name, parttype, fstype, opts = {})
    opts[:label] ||= nil
    opts[:luks_password] ||= nil
-    disk = {
-      :path => disk_path(name),
-      :opts => {
-        :format => disk_format(name)
-      }
-    }
-    guestfs_disk_helper(disk) do |g, disk_handle|
+    guestfs_disk_helper(name) do |g, disk_handle|
      g.part_disk(disk_handle, parttype)
      g.part_set_name(disk_handle, 1, opts[:label]) if opts[:label]
      primary_partition = g.list_partitions()[0]
@@ -182,13 +170,7 @@ class VMStorage
  end

  def disk_mkswap(name, parttype)
-    disk = {
-      :path => disk_path(name),
-      :opts => {
-        :format => disk_format(name)
-      }
-    }
-    guestfs_disk_helper(disk) do |g, disk_handle|
+    guestfs_disk_helper(name) do |g, disk_handle|
      g.part_disk(disk_handle, parttype)
      primary_partition = g.list_partitions()[0]
      g.mkswap(primary_partition)
@@ -206,7 +188,13 @@ class VMStorage
                         Guestfs::EVENT_TRACE)
    g.set_autosync(1)
    disks.each do |disk|
-      g.add_drive_opts(disk[:path], disk[:opts])
+      if disk.class == String
+        g.add_drive_opts(disk_path(disk), format: disk_format(disk))
+      elsif disk.class == Hash
+        g.add_drive_opts(disk[:path], disk[:opts])
+      else
+        raise "cannot handle type '#{disk.class}'"
+      end
    end
    g.launch()
    yield(g, *g.list_devices())

--- a/features/totem.feature
+++ b/features/totem.feature
@@ -9,9 +9,8 @@ Feature: Using Totem
    Given I create sample videos

  Scenario: Watching a MP4 video stored on the non-persistent filesystem
-    Given a computer
-    And I setup a filesystem share containing sample videos
-    And I start Tails from DVD with network unplugged and I login
+    Given I have started Tails from DVD without network and logged in
+    And I plug and mount a USB drive containing sample videos
    And I copy the sample videos to "/home/amnesia" as user "amnesia"
    And the file "/home/amnesia/video.mp4" exists
    Given I start monitoring the AppArmor log of "/usr/bin/totem"
@@ -52,22 +51,14 @@ Feature: Using Totem
    Then I can watch a WebM video over HTTPs

  Scenario: Watching MP4 videos stored on the persistent volume should work as expected given our AppArmor confinement
-    Given I have started Tails without network from a USB drive with a persistent partition and stopped at Tails Greeter's login screen
-    # Due to bug #5571 we have to reboot to be able to use
-    # filesystem shares.
-    And I shutdown Tails and wait for the computer to power off
-    And I setup a filesystem share containing sample videos
-    And I start Tails from USB drive "__internal" with network unplugged and I login with persistence enabled
+    Given I have started Tails without network from a USB drive with a persistent partition enabled and logged in
+    And I plug and mount a USB drive containing sample videos
    And I copy the sample videos to "/home/amnesia/Persistent" as user "amnesia"
-    And I copy the sample videos to "/home/amnesia/.gnupg" as user "amnesia"
-    And I shutdown Tails and wait for the computer to power off
-    And I start Tails from USB drive "__internal" with network unplugged and I login with persistence enabled
-    And the file "/home/amnesia/Persistent/video.mp4" exists
    When I open "/home/amnesia/Persistent/video.mp4" with Totem
    Then I see "SampleLocalMp4VideoFrame.png" after at most 40 seconds
    Given I close Totem
-    And the file "/home/amnesia/.gnupg/video.mp4" exists
    And I start monitoring the AppArmor log of "/usr/bin/totem"
+    And I copy the sample videos to "/home/amnesia/.gnupg" as user "amnesia"
    When I try to open "/home/amnesia/.gnupg/video.mp4" with Totem
    Then I see "TotemUnableToOpen.png" after at most 10 seconds
    And AppArmor has denied "/usr/bin/totem" from opening "/home/amnesia/.gnupg/video.mp4"
--- a/features/usb_upgrade.feature
+++ b/features/usb_upgrade.feature
@@ -11,9 +11,8 @@ Feature: Upgrading an old Tails USB installation
  # dependencies (which are documented below).

  Scenario: Try to "Upgrade from ISO" Tails to a pristine USB drive
-    Given a computer
-    And I setup a filesystem share containing the Tails ISO
-    And I start Tails from DVD with network unplugged and I login
+    Given I have started Tails from DVD without network and logged in
+    And I plug and mount a USB drive containing the Tails ISO
    And I temporarily create a 4 GiB disk named "pristine"
    And I plug USB drive "pristine"
    And I start Tails Installer in "Upgrade from ISO" mode
@@ -29,9 +28,8 @@ Feature: Upgrading an old Tails USB installation
    And I am told that the destination device cannot be upgraded

  Scenario: Try to "Upgrade from ISO" Tails to a USB drive with GPT and a FAT partition
-    Given a computer
-    And I setup a filesystem share containing the Tails ISO
-    And I start Tails from DVD with network unplugged and I login
+    Given I have started Tails from DVD without network and logged in
+    And I plug and mount a USB drive containing the Tails ISO
    And I temporarily create a 4 GiB disk named "gptfat"
    And I create a gpt partition with a vfat filesystem on disk "gptfat"
    And I plug USB drive "gptfat"
@@ -132,8 +130,8 @@ Feature: Upgrading an old Tails USB installation
  Scenario: Upgrading an old Tails USB installation from an ISO image, running on the old version
    Given a computer
    And I clone USB drive "old" to a new USB drive "to_upgrade"
-    And I setup a filesystem share containing the Tails ISO
    When I start Tails from USB drive "old" with network unplugged and I login
+    And I plug and mount a USB drive containing the Tails ISO
    And I plug USB drive "to_upgrade"
    And I do a "Upgrade from ISO" on USB drive "to_upgrade"
    Then the ISO's Tails is installed on USB drive "to_upgrade"
@@ -141,10 +139,9 @@ Feature: Upgrading an old Tails USB installation

  # Depends on scenario: Writing files to a read/write-enabled persistent partition with the old Tails USB installation
  Scenario: Upgrading an old Tails USB installation from an ISO image, running on the new version
-    Given a computer
+    Given I have started Tails from DVD without network and logged in
+    And I plug and mount a USB drive containing the Tails ISO
    And I clone USB drive "old" to a new USB drive "to_upgrade"
-    And I setup a filesystem share containing the Tails ISO
-    And I start Tails from DVD with network unplugged and I login
    And I plug USB drive "to_upgrade"
    And I do a "Upgrade from ISO" on USB drive "to_upgrade"
    Then the ISO's Tails is installed on USB drive "to_upgrade"