Make it possible to make Tails use a simulated Tor network.

... provided by Chutney (https://gitweb.torproject.org/chutney.git). This is enabled iff the local configuration contains something like: Chutney: src_dir: "/path/to/chutney-src-tree" otherwise we'll use the real Tor network as we done previously. The main motivation here is improved robustness -- since the "Tor network" we now use will exit from the host running the automated test suite, we won't have to deal with Tor network blocking. Performance should also be improved. Will-fix: #9521

Make it possible to make Tails use a simulated Tor network.
... provided by Chutney (https://gitweb.torproject.org/chutney.git). This is enabled iff the local configuration contains something like: Chutney: src_dir: "/path/to/chutney-src-tree" otherwise we'll use the real Tor network as we done previously. The main motivation here is improved robustness -- since the "Tor network" we now use will exit from the host running the automated test suite, we won't have to deal with Tor network blocking. Performance should also be improved. Will-fix: #9521
139c3ace · anonym · 0a1f6478 · 139c3ace · 139c3ace · 139c3ace
Commit 139c3ace authored Apr 14, 2016 by anonym
--- a/features/chutney.feature
+++ b/features/chutney.feature
+@product @check_tor_leaks
+Feature: Simulate the Tor network with chutney
+
+  Scenario: We're not using the real Tor network
+    Given I have started Tails from DVD and logged in and the network is connected
+    When I start the Tor Browser
+    And the Tor Browser has started and loaded the startup page
+    And I open the address "https://check.torproject.org" in the Tor Browser
+    Then I see "UnsafeBrowserTorCheckFail.png" after at most 30 seconds
--- a/features/chutney/test-network
+++ b/features/chutney/test-network
+Authority = Node(tag="a", authority=1, relay=1, torrc="authority.tmpl")
+NonExitRelay = Node(tag="m", relay=1, torrc="relay-non-exit.tmpl")
+ExitRelay = Node(tag="r", relay=1, exit=1, torrc="relay.tmpl")
+Client = Node(tag="c", torrc="client.tmpl")
+NODES = Authority.getN(5) + \
+        NonExitRelay.getN(20) + \
+        ExitRelay.getN(10) + \
+        Client.getN(1)
+ConfigureNodes(NODES)
--- a/features/step_definitions/chutney.rb
+++ b/features/step_definitions/chutney.rb
+def ensure_chutney_is_running
+  # Ensure that a fresh chutney instance is running, and that it will
+  # be cleaned upon exit. We only do it once, though, since the same
+  # setup can be used throughout the same test suite run.
+  if not($chutney_initialized)
+    chutney_src_dir = $config["Chutney"]["src_dir"]
+    assert_not_nil(
+      chutney_src_dir,
+      "You must set 'src_dir' in the Chutney configuration section"
+    )
+    chutney_listen_address = $vmnet.bridge_ip_addr
+    chutney_script = "#{chutney_src_dir}/chutney"
+    assert(
+      File.executable?(chutney_script),
+      "It does not look like '#{chutney_src_dir}' is the Chutney source tree"
+    )
+    network_definition = "#{GIT_DIR}/features/chutney/test-network"
+    env = {
+      'CHUTNEY_LISTEN_ADDRESS' => chutney_listen_address,
+      'CHUTNEY_DATA_DIR' => "#{$config['TMPDIR']}/chutney-data/"
+    }
+    chutney_cleanup_hook = Proc.new do
+      Dir.chdir(chutney_src_dir) do
+        cmd_helper([chutney_script, "stop", network_definition], env)
+        if File.directory?(env['CHUTNEY_DATA_DIR']) and not KEEP_SNAPSHOTS
+          FileUtils.rm_r(env['CHUTNEY_DATA_DIR'])
+        end
+      end
+    end
+    # Let's make sure we're initializing a fresh Chutney instance
+    chutney_cleanup_hook.call
+    at_exit { chutney_cleanup_hook.call }
+    Dir.chdir(chutney_src_dir) do
+      begin
+        cmd_helper([chutney_script, "start", network_definition], env)
+      rescue Test::Unit::AssertionFailedError
+        # Chutney will only fail on "start" if it is not configured
+        cmd_helper([chutney_script, "configure", network_definition], env)
+        cmd_helper([chutney_script, "start", network_definition], env)
+      end
+    end
+    $chutney_initialized = true
+  end
+end
+
+When /^I configure Tails to use a simulated Tor network$/ do
+  # At the moment this step essentially assumes that we boot with 'the
+  # network is unplugged', run this step, and then 'the network is
+  # plugged'. I believe we can make this pretty transparent without
+  # the need of a dedicated step by using tags (e.g. @fake_tor or
+  # whatever -- possibly we want the opposite, @real_tor,
+  # instead).
+  #
+  # There are two time points where we for a scenario must ensure that
+  # the client configuration below is enabled if and only if the
+  # scenario is tagged, and that is:
+  #
+  # 1. During a proper boot, as soon as the remote shell is up in the
+  #    'the computer boots Tails' step.
+  #
+  # 2. When restoring a snapshot, in restore_background().
+  #
+  # If we do this, it doesn't even matter if a snapshot is made of an
+  # untagged scenario (without the conf), and we later restore it with
+  # a tagged scenario.
+  #
+  # Note: We probably have to clear the /var/lib/tor data dir when we
+  # switch mode. Possibly there are other such problems that make this
+  # abstraction impractical and it's better that we avoid it an go
+  # with the more explicit, step-based approach.
+
+  assert(not($vm.execute('service tor status').success?),
+         "Running this step when Tor is running is probably not intentional")
+  ensure_chutney_is_running
+  # Most of these lines are taken from chutney's client template.
+  client_torrc_lines = [
+    'TestingTorNetwork 1',
+    'AssumeReachable 1',
+    'PathsNeededToBuildCircuits 0.25',
+    'TestingClientConsensusDownloadSchedule 0, 5',
+    'TestingClientDownloadSchedule 0, 5',
+    'TestingDirAuthVoteExit *',
+    'TestingDirAuthVoteGuard *',
+    'TestingDirAuthVoteHSDir *',
+    'TestingMinExitFlagThreshold 0',
+    'V3AuthNIntervalsValid 2',
+  ]
+  # We run one client in chutney so we easily can grep the generated
+  # DirAuthority lines and use them.
+  chutney_src_dir = $config["Chutney"]["src_dir"]
+  dir_auth_lines = open("#{$config['TMPDIR']}/chutney-data/nodes/035c/torrc") do |f|
+    f.grep(/^DirAuthority\s/)
+  end
+  client_torrc_lines.concat(dir_auth_lines)
+  $vm.file_append('/etc/tor/torrc', client_torrc_lines)
+  $vm.execute_successfully('sed "s/Sandbox 1/Sandbox 0/" ' +
+                           '/etc/NetworkManager/dispatcher.d/10-tor.sh')
+end
+
+When /^Tails is using the real Tor network$/ do
+  assert($vm.execute('grep "TestingTorNetwork 1" /etc/torrc').failure?)
+end
--- a/features/step_definitions/common_steps.rb
+++ b/features/step_definitions/common_steps.rb
@@ -106,6 +106,9 @@ def post_snapshot_restore_hook
      $vm.execute("rm -f /var/log/tor/log")
      $vm.execute("systemctl --no-block restart tails-tor-has-bootstrapped.target")
      $vm.host_to_guest_time_sync
+      if $config["Chutney"]
+        ensure_chutney_is_running
+      end
      $vm.spawn("restart-tor")
      wait_until_tor_is_working
      if $vm.file_content('/proc/cmdline').include?(' i2p')
@@ -290,6 +293,10 @@ Given /^the computer (re)?boots Tails$/ do |reboot|
  @screen.wait('TailsGreeter.png', 30*60)
  $vm.wait_until_remote_shell_is_up
  activate_filesystem_shares
+
+  if $config["Chutney"]
+    step 'I configure Tails to use a simulated Tor network'
+  end
 end

 Given /^I log in to a new session(?: in )?(|German)$/ do |lang|

--- a/features/support/helpers/misc_helpers.rb
+++ b/features/support/helpers/misc_helpers.rb
@@ -177,13 +177,14 @@ def convert_from_bytes(size, unit)
  return size.to_f/convert_bytes_mod(unit).to_f
 end

-def cmd_helper(cmd)
+def cmd_helper(cmd, env = {})
  if cmd.instance_of?(Array)
    cmd << {:err => [:child, :out]}
  elsif cmd.instance_of?(String)
    cmd += " 2>&1"
  end
-  IO.popen(cmd) do |p|
+  env = ENV.to_h.merge(env)
+  IO.popen(env, cmd) do |p|
    out = p.readlines.join("\n")
    p.close
    ret = $?