Commit 7993d383 authored by Tails developers's avatar Tails developers
Browse files

Completely rework how the VM guest instance is set up.

This makes setting up the "computer" running Tails much more modular
and straightforward. Also removes an ugly workaround. And auto-mounts
filesystem shares.

Sorry for the kinda non-atomic commit.
parent 7cbf3588
......@@ -5,8 +5,11 @@ Feature: Installing packages through APT
and all network traffic should flow only through Tor.
Background:
Given I restore the background snapshot if it exists
And a freshly started Tails
Given a computer
And I restore the background snapshot if it exists
And I capture all network traffic
And I start the computer
And the computer boots Tails
And I enable more Tails Greeter options
And I set sudo password "asdf"
And I log in to a new session
......
......@@ -4,8 +4,11 @@ Feature: System memory erasure on shutdown
I want the system memory to be free from sensitive data.
Background:
Given a freshly started Tails with boot options "debug=wipemem"
Given a computer
And I set Tails to boot with options "debug=wipemem"
And the network is unplugged
And I start the computer
And the computer boots Tails
And I log in to a new session
And GNOME has started
And process "memlockd" is running
......
......@@ -4,8 +4,11 @@ Feature: Keyserver interaction with GnuPG
all network traffic should flow only through Tor.
Background:
Given I restore the background snapshot if it exists
And a freshly started Tails
Given a computer
And I restore the background snapshot if it exists
And I capture all network traffic
And I start the computer
And the computer boots Tails
And I log in to a new session
And GNOME has started
And I have a network connection
......
......@@ -4,8 +4,11 @@ Feature: Browsing the web using Iceweasel
all network traffic should flow only through Tor
Background:
Given I restore the background snapshot if it exists
And a freshly started Tails
Given a computer
And I restore the background snapshot if it exists
And I capture all network traffic
And I start the computer
And the computer boots Tails
And I log in to a new session
And GNOME has started
And I have a network connection
......
......@@ -6,9 +6,11 @@ Feature: Root access control enforcement
I should not be able to attain administration privileges at all.
Background:
Given I restore the background snapshot if it exists
And a freshly started Tails
Given a computer
And I restore the background snapshot if it exists
And the network is unplugged
And I start the computer
And the computer boots Tails
And I save the background snapshot if it does not exist
Scenario: If an administrative password is set in Tails Greeter the amnesia user should be able to run arbitrary commands with administrative privileges.
......
......@@ -52,20 +52,72 @@ Given /^I restore the background snapshot if it exists$/ do
end
end
Given /^a freshly started Tails$/ do
Given /^a computer$/ do
next if @skip_steps_while_restoring_background
step "a freshly started Tails with boot options \"\""
@vm.destroy if @vm
@vm = VM.new
end
Given /^a freshly started Tails with boot options "([^"]*)"$/ do |options|
Given /^the computer is set to boot from the Tails DVD$/ do
next if @skip_steps_while_restoring_background
iso = ENV['ISO'] || @vm.get_last_iso
@vm.set_cdrom_boot(iso)
end
Given /^the network is plugged$/ do
next if @skip_steps_while_restoring_background
@vm.plug_network
end
Given /^the network is unplugged$/ do
next if @skip_steps_while_restoring_background
@vm.unplug_network
end
Given /^I capture all network traffic$/ do
# Note: We don't want skip this particular stpe if
# @skip_steps_while_restoring_background is set since it starts
# something external to the VM state.
@sniffer = Sniffer.new("TestSniffer", @vm.net.bridge_name, @vm.ip, @vm.ip6)
@sniffer.capture
end
Given /^I set Tails to boot with options "([^"]*)"$/ do |options|
next if @skip_steps_while_restoring_background
@boot_options = options
end
When /^I start the computer$/ do
next if @skip_steps_while_restoring_background
assert ! @vm.is_running?
@vm.start
post_vm_start_hook
end
When /^I power off the computer$/ do
next if @skip_steps_while_restoring_background
assert @vm.is_running?
@vm.power_off
end
When /^I cold reboot the computer$/ do
next if @skip_steps_while_restoring_background
step "I power off the computer"
step "I start the computer"
end
When /^I destroy the computer$/ do
next if @skip_steps_while_restoring_background
@vm.destroy
end
Given /^the computer boots Tails$/ do
next if @skip_steps_while_restoring_background
@screen.wait('TailsBootSplash.png', 30)
@screen.wait('TailsBootSplashTabMsg.png', 10)
@screen.type("\t")
# Start the VM remote shell
@screen.type(" autotest_never_use_this_option " + options +
@screen.waitVanish('TailsBootSplashTabMsg.png', 1)
@screen.type(" autotest_never_use_this_option #{@boot_options}" +
Sikuli::KEY_RETURN)
@screen.wait('TailsGreeter.png', 120)
# wait_until_remote_shell_is_up
......@@ -78,22 +130,14 @@ Given /^a freshly started Tails with boot options "([^"]*)"$/ do |options|
STDERR.puts "*************************************************"
STDERR.puts "Fresh Tails boot but no remote shell. Restarting."
STDERR.puts "*************************************************"
@vm.domain.destroy
@vm.display.stop
@vm.start
step "a freshly started Tails with boot options \"#{options}\""
step "I cold reboot the computer"
step "the computer boots Tails"
end
# End of workaround.
end
Given /^the network is plugged$/ do
next if @skip_steps_while_restoring_background
@vm.plug_network
end
Given /^the network is unplugged$/ do
next if @skip_steps_while_restoring_background
@vm.unplug_network
@vm.list_shares.each do |share|
@vm.execute("mkdir -p #{share}")
@vm.execute("mount -t 9p -o trans=virtio #{share} #{share}")
end
end
Given /^I log in to a new session$/ do
......
......@@ -2,10 +2,7 @@ require 'java'
require 'rubygems'
Before do |scenario|
new_tails_instance
@screen = Sikuli::Screen.new
@sniffer = Sniffer.new("TestSniffer", @vm.net.bridge_name, @vm.ip, @vm.ip6)
@sniffer.capture
@feature = File.basename(scenario.feature.file, ".feature").to_s
@background_snapshot = "#{Dir.pwd}/features/tmpfs/#{@feature}_background.state"
@skip_steps_while_restoring_background = false
......@@ -25,6 +22,6 @@ After do |scenario|
if (scenario.status != :passed)
@vm.take_screenshot("#{@feature}-#{DateTime.now}")
end
@sniffer.stop
@vm.stop
@sniffer.stop if @sniffer
@vm.destroy
end
......@@ -303,6 +303,15 @@ EOF
update_domain(domain_xml.to_s)
end
def list_shares
list = []
domain_xml = REXML::Document.new(@domain.xml_desc)
domain_xml.elements.each('domain/devices/filesystem') do |e|
list << e.elements['target'].attribute('dir').to_s
end
return list
end
def is_running?
begin
return @domain.active?
......@@ -341,13 +350,17 @@ EOF
@display.start
end
def stop
clean_up_domain
clean_up_net
def power_off
@domain.destroy if is_running?
@display.stop
end
def destroy
clean_up_domain
clean_up_net
power_off
end
def take_screenshot(description)
@display.take_screenshot(description)
end
......
......@@ -4,8 +4,10 @@ Feature: Browsing the web using the Unsafe Browser
I should have direct access to the web
Background:
Given I restore the background snapshot if it exists
And a freshly started Tails
Given a computer
And I restore the background snapshot if it exists
And I start the computer
And the computer boots Tails
And I log in to a new session
And GNOME has started
And I have a network connection
......
......@@ -76,6 +76,16 @@ When /^I "Clone & Upgrade" Tails to USB drive "([^"]+)"$/ do |name|
usb_install_helper(name)
end
def shared_iso_dir_on_guest
"/tmp/shared_dir"
end
Given /^I setup a filesystem share containing the Tails ISO$/ do
next if @skip_steps_while_restoring_background
iso = ENV['ISO'] || @vm.get_last_iso
@vm.add_share(File.dirname(iso), shared_iso_dir_on_guest)
end
When /^I do a "Upgrade from ISO" on USB drive "([^"]+)"$/ do |name|
next if @skip_steps_while_restoring_background
step "I run \"liveusb-creator-launcher\""
......@@ -88,28 +98,11 @@ When /^I do a "Upgrade from ISO" on USB drive "([^"]+)"$/ do |name|
@screen.click(pos_x, pos_y)
@screen.wait('USBSelectISO.png', 10)
@screen.click('GnomeFileDiagTypeFilename.png')
iso = "#{shared_dir_target}/#{File.basename(ENV['ISO'])}"
iso = "#{shared_iso_dir_on_guest}/#{File.basename(ENV['ISO'])}"
@screen.type(iso + Sikuli::KEY_RETURN)
usb_install_helper(name)
end
def shared_dir_target
"/tmp/shared_dir"
end
Given /^I boot Tails from DVD with a Tails ISO image available$/ do
next if @skip_steps_while_restoring_background
# @vm.stop if @vm
# @vm = VM.new
new_tails_instance
shared_dir_source = File.dirname(ENV['ISO'])
tag = "iso_dir"
@vm.add_share(shared_dir_source, tag)
step "a freshly started Tails"
@vm.execute("mkdir -p #{shared_dir_target}")
@vm.execute("mount -t 9p -o trans=virtio #{tag} #{shared_dir_target}")
end
Given /^I enable all persistence presets$/ do
next if @skip_steps_while_restoring_background
@screen.wait('PersistenceWizardPresets.png', 20)
......@@ -141,7 +134,12 @@ end
Then /^a Tails persistence partition exists on USB drive "([^"]+)"$/ do |name|
next if @skip_steps_while_restoring_background
step "a freshly started Tails"
step "a computer"
step "the computer is set to boot from the Tails DVD"
step "the network is unplugged"
step "I start the computer"
step "the computer boots Tails"
step "I plug USB drive \"#{name}\""
# FIXME: Instead of checking this from inside Tails we could kill
# the guest and inspect the qcow2 image by creating a block device
......@@ -159,16 +157,7 @@ Then /^a Tails persistence partition exists on USB drive "([^"]+)"$/ do |name|
# Then we close the block device:
# sudo qemu-nbd -disconnect /dev/nbd0
# BUG: We add the same device twice to the VM to workaround the "not
# removable USB disk" libvirt limitation. because of this dev below
# will not point to the correct device. usually dev=/dev/sda, but
# the boot device (and hence persistence device too) added through
# qemu passthrough is /dev/sdb.
# UGLY WORKAROUND
# dev = @vm.usb_drive_dev(name)
dev = "/dev/sdb"
dev = @vm.usb_drive_dev(name)
data_partition_dev = dev + "2"
info = @vm.execute("udisks --show-info #{data_partition_dev}").stdout
info_split = info.split("\n partition:\n")
......@@ -218,13 +207,9 @@ Given /^persistence has been enabled$/ do
}
end
When /^I boot Tails from USB drive "([^"]+)"$/ do |name|
Given /^the computer is setup up to boot from USB drive "([^"]+)"$/ do |name|
next if @skip_steps_while_restoring_background
# @vm.stop if @vm
# @vm = VM.new
new_tails_instance
@vm.set_usb_boot(name)
step "a freshly started Tails"
end
Then /^Tails seems to have booted normally$/ do
......@@ -269,8 +254,11 @@ end
Then /^only the expected files should persist on USB drive "([^"]+)"$/ do |name|
next if @skip_steps_while_restoring_background
step "I boot Tails from USB drive \"#{name}\""
step "a computer"
step "the computer is setup up to boot from USB drive \"#{name}\""
step "the network is unplugged"
step "I start the computer"
step "the computer boots Tails"
step "I enable persistence with password \"asdf\""
step "I log in to a new session"
step "persistence has been enabled"
......
......@@ -4,10 +4,12 @@ Feature: Installing Tails to a USB drive, upgrading it, and using persistence
and upgrade it to new Tails versions
and use persistence
Background:
Given I restore the background snapshot if it exists
And a freshly started Tails
Scenario: Install Tails to a USB drive
Given a computer
And the computer is set to boot from the Tails DVD
And the network is unplugged
And I start the computer
When the computer boots Tails
And I log in to a new session
And GNOME has started
And I have closed all annoying notifications
......@@ -15,18 +17,24 @@ Feature: Installing Tails to a USB drive, upgrading it, and using persistence
And I plug USB drive "A"
And I "Clone & Install" Tails to USB drive "A"
And I unplug USB drive "A"
And I save the background snapshot if it does not exist
# Should be some kind of check here
Scenario: Tails boot from USB drive without persistent partition
When I boot Tails from USB drive "A"
Given a computer
And the computer is setup up to boot from USB drive "A"
And the network is unplugged
When I start the computer
And the computer boots Tails
And I log in to a new session
Then Tails seems to have booted normally
And Tails is running from a USB drive
Scenario: Creating a persistent partition
When I boot Tails from USB drive "A"
Given a computer
And the computer is setup up to boot from USB drive "A"
And the network is unplugged
When I start the computer
And the computer boots Tails
And I log in to a new session
And GNOME has started
And I have closed all annoying notifications
......@@ -35,8 +43,11 @@ Feature: Installing Tails to a USB drive, upgrading it, and using persistence
Then a Tails persistence partition exists on USB drive "A"
Scenario: Writing files to read/write-enabled persistent partition
When I boot Tails from USB drive "A"
Given a computer
And the computer is setup up to boot from USB drive "A"
And the network is unplugged
When I start the computer
And the computer boots Tails
And I enable persistence with password "asdf"
And I log in to a new session
And persistence has been enabled
......@@ -45,8 +56,11 @@ Feature: Installing Tails to a USB drive, upgrading it, and using persistence
Then only the expected files should persist on USB drive "A"
Scenario: Writing files to read-only-enabled persistent partition
When I boot Tails from USB drive "A"
Given a computer
And the computer is setup up to boot from USB drive "A"
And the network is unplugged
When I start the computer
And the computer boots Tails
And I enable read-only persistence with password "asdf"
And I log in to a new session
And persistence has been enabled
......@@ -55,22 +69,42 @@ Feature: Installing Tails to a USB drive, upgrading it, and using persistence
And I shutdown Tails
Then only the expected files should persist on USB drive "A"
Scenario: Upgrading a Tails USB from a Tails DVD and booting it
When I plug USB drive "A"
Scenario: Upgrading a Tails USB from a Tails DVD
Given a computer
And the computer is set to boot from the Tails DVD
And the network is unplugged
When I start the computer
And the computer boots Tails
And I log in to a new session
And GNOME has started
And I have closed all annoying notifications
And I plug USB drive "A"
And I "Clone & Upgrade" Tails to USB drive "A"
And I unplug USB drive "A"
And I boot Tails from USB drive "A"
# Should be some kind of check here
# If above scenario failed before it upgraded the Tails on USB drive A
# this scenario will test the pre-upgrade Tails. While not completely
# bad, we probably want USB drive A to contain an old version of Tails
# (give OLD_ISO as env variable?) and then verify that an up-to-date
# version is booted in this step.
Scenario: Boot from USB drive upgraded from DVD with persistence enabled
Given a computer
And the computer is setup up to boot from USB drive "A"
And the network is unplugged
And I enable read-only persistence with password "asdf"
When I start the computer
And the computer boots Tails
And I log in to a new session
Then Tails seems to have booted normally
And persistence has been enabled
And Tails seems to have booted normally
And Tails is running from a USB drive
Scenario: Upgrading a Tails USB from another Tails USB and booting it
Given I clone USB drive "A" to a new USB drive "B"
When I boot Tails from USB drive "A"
Given a computer
And I clone USB drive "A" to a new USB drive "B"
And the computer is setup up to boot from USB drive "A"
And the network is unplugged
When I start the computer
And the computer boots Tails
And I log in to a new session
And GNOME has started
And I have closed all annoying notifications
......@@ -78,8 +112,15 @@ Feature: Installing Tails to a USB drive, upgrading it, and using persistence
And I "Clone & Upgrade" Tails to USB drive "B"
And I unplug USB drive "B"
And I unplug USB drive "A"
And I boot Tails from USB drive "B"
# Should be some kind of check here
# Same issue as with scenario "Boot from USB drive upgraded from DVD"
Scenario: Boot from USB drive upgraded from USB with persistence enabled
Given a computer
And the computer is setup up to boot from USB drive "B"
And the network is unplugged
When I start the computer
And the computer boots Tails
And I enable read-only persistence with password "asdf"
And I log in to a new session
Then Tails seems to have booted normally
......@@ -87,16 +128,27 @@ Feature: Installing Tails to a USB drive, upgrading it, and using persistence
And Tails is running from a USB drive
Scenario: Upgrading a Tails USB from an ISO image and booting it
Given I boot Tails from DVD with a Tails ISO image available
Given a computer
And the computer is set to boot from the Tails DVD
And the network is unplugged
And I setup a filesystem share containing the Tails ISO
When I start the computer
And the computer boots Tails
And I log in to a new session
And GNOME has started
And I have closed all annoying notifications
When I plug USB drive "A"
And I plug USB drive "A"
And I do a "Upgrade from ISO" on USB drive "A"
And I unplug USB drive "A"
And I boot Tails from USB drive "A"
# Should be some kind of check here
# Same issue as with scenario "Boot from USB drive upgraded from DVD"
Scenario: Boot from USB drive upgraded from ISO with persistence enabled
Given a computer
And the computer is setup up to boot from USB drive "A"
And the network is unplugged
When I start the computer
And the computer boots Tails
And I enable read-only persistence with password "asdf"
And I log in to a new session
Then Tails seems to have booted normally
......
......@@ -4,9 +4,11 @@ Feature: Microsoft Windows XP Camouflage
I should be presented with a Microsoft Windows XP like environment
Background:
Given I restore the background snapshot if it exists
And a freshly started Tails
Given a computer
And I restore the background snapshot if it exists
And the network is unplugged
And I start the computer
And the computer boots Tails
And I enable more Tails Greeter options
And I enable Microsoft Windows XP camouflage
And I log in to a new session
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment