Commit 3ec7305b authored by anonym's avatar anonym

Merge remote-tracking branch 'origin/test/10442-totem-watching-webm-over-https' into stable

Fix-committed: #10442
parents f092b0d6 453ecbfa
......@@ -243,7 +243,7 @@ Then /^I can listen to an Ogg audio track in Tor Browser$/ do
end
Then /^I can watch a WebM video in Tor Browser$/ do
test_url = 'https://tails.boum.org/lib/test_suite/test.webm'
test_url = WEBM_VIDEO_URL
info = xul_application_info('Tor Browser')
open_test_url = Proc.new do
step "I open the address \"#{test_url}\" in the Tor Browser"
......
......@@ -857,7 +857,7 @@ Given /^a web server is running on the LAN$/ do
end
server.start
EOF
add_lan_host(@web_server_ip_addr, @web_server_port)
add_extra_allowed_host(@web_server_ip_addr, @web_server_port)
proc = IO.popen(['ruby', '-e', code])
try_for(10, :msg => "It seems the LAN web server failed to start") do
Process.kill(0, proc.pid) == 1
......
......@@ -76,7 +76,7 @@ Given /^an SSH server is running on the LAN$/ do
@sshd_server_host = $vmnet.bridge_ip_addr
sshd = SSHServer.new(@sshd_server_host, @sshd_server_port)
sshd.start
add_lan_host(@sshd_server_host, @sshd_server_port)
add_extra_allowed_host(@sshd_server_host, @sshd_server_port)
add_after_scenario_hook { sshd.stop }
end
......
require 'resolv'
require 'uri'
Given /^I create sample videos$/ do
@video_dir_on_host = "#{$config["TMPDIR"]}/video_dir"
FileUtils.mkdir_p(@video_dir_on_host)
......@@ -32,8 +35,39 @@ When /^I close Totem$/ do
step 'I kill the process "totem"'
end
def disable_tor_reject_internal_addresses
client_torrc_lines = [
'ClientDNSRejectInternalAddresses 0',
'ClientRejectInternalAddresses 0',
]
$vm.file_append('/etc/tor/torrc', client_torrc_lines)
$vm.execute("systemctl stop tor@default.service")
$vm.execute("systemctl --no-block restart tails-tor-has-bootstrapped.target")
$vm.execute("systemctl start tor@default.service")
wait_until_tor_is_working
end
Then /^I can watch a WebM video over HTTPs$/ do
test_url = 'https://tails.boum.org/lib/test_suite/test.webm'
test_url = WEBM_VIDEO_URL
host = URI(test_url).host
# These tricks are needed because on Jenkins, tails.boum.org
# resolves to a RFC 1918 address (#10442), which tor would not allow
# connecting to, and the firewall leak checker would make a fuss
# out of it.
resolver = Resolv::DNS.new
rfc1918_ips = resolver.getaddresses(host).select do |addr|
# This crude "is it a RFC 1918 IP address?" check is just accurate enough
# for our current needs. We'll improve it if/as needed.
addr.class == Resolv::IPv4 && addr.to_s.start_with?('192.168.')
end
if rfc1918_ips.count > 0
disable_tor_reject_internal_addresses
end
rfc1918_ips.each do |ip|
add_extra_allowed_host(ip.to_s, 443)
end
recovery_on_failure = Proc.new do
step 'I close Totem'
end
......
......@@ -82,3 +82,4 @@ VM_XML_PATH = "#{Dir.pwd}/features/domains"
TAILS_SIGNING_KEY = cmd_helper(". #{Dir.pwd}/config/amnesia; echo ${AMNESIA_DEV_KEYID}").tr(' ', '').chomp
TAILS_DEBIAN_REPO_KEY = "221F9A3C6FA3E09E182E060BC7988EA7A358D82E"
WEBM_VIDEO_URL = 'https://tails.boum.org/lib/test_suite/test.webm'
......@@ -233,7 +233,7 @@ def all_tor_hosts
end
def allowed_hosts_under_tor_enforcement
all_tor_hosts + @lan_hosts
all_tor_hosts + @extra_allowed_hosts
end
def get_free_space(machine, path)
......
......@@ -146,18 +146,18 @@ rescue Exception => e
end
# Due to Tails' Tor enforcement, we only allow contacting hosts that
# are Tor nodes or located on the LAN. However, when we try
# to verify that only such hosts are contacted we have a problem --
# we run all Tor nodes (via Chutney) *and* LAN hosts (used on some
# tests) on the same host, the one running the test suite. Hence we
# need to always explicitly track which nodes are LAN or not.
# are Tor nodes, located on the LAN, or allowed for some operational reason.
# However, when we try to verify that only such hosts are contacted we have
# a problem -- we run all Tor nodes (via Chutney) *and* LAN hosts (used on
# some tests) on the same host, the one running the test suite. Hence we
# need to always explicitly track which nodes are allowed or not.
#
# Warning: when a host is added via this function, it is only added
# for the current scenario. As such, if this is done before saving a
# snapshot, it will not remain after the snapshot is loaded.
def add_lan_host(ipaddr, port)
@lan_hosts ||= []
@lan_hosts << { address: ipaddr, port: port }
def add_extra_allowed_host(ipaddr, port)
@extra_allowed_hosts ||= []
@extra_allowed_hosts << { address: ipaddr, port: port }
end
BeforeFeature('@product') do |feature|
......@@ -242,8 +242,8 @@ Before('@product') do |scenario|
@os_loader = "MBR"
@sudo_password = "asdf"
@persistence_password = "asdf"
# See comment for add_lan_host() above.
@lan_hosts ||= []
# See comment for add_extra_allowed_host() above.
@extra_allowed_hosts ||= []
end
# Cucumber After hooks are executed in the *reverse* order they are
......
......@@ -45,8 +45,7 @@ Feature: Using Totem
Then I see "TotemUnableToOpen.png" after at most 10 seconds
And AppArmor has denied "/usr/bin/totem" from opening "/home/amnesia/.purple/otr.private_key"
#10442
@check_tor_leaks @fragile
@check_tor_leaks
Scenario: Watching a WebM video over HTTPS
Given I have started Tails from DVD and logged in and the network is connected
Then I can watch a WebM video over HTTPs
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment