Commit a3873e14 authored by intrigeri's avatar intrigeri
Browse files

Merge branch 'devel' into feature/stretch

parents 07dfb622 9a5f5a35
<filesystem type='mount' accessmode='passthrough'>
<driver type='path' wrpolicy='immediate'/>
<source dir=''/>
<target dir=''/>
<readonly/>
</filesystem>
......@@ -3,11 +3,8 @@ Feature: Metadata Anonymization Toolkit
As a Tails user
I want to be able to remove leaky metadata from documents and media files
# In this feature we cannot restore from snapshots since it's
# incompatible with filesystem shares.
Scenario: MAT can clean a PNG file
Given a computer
And I setup a filesystem share containing a sample PNG
And I start Tails from DVD with network unplugged and I login
And I plug and mount a USB drive containing a sample PNG
Then MAT can clean some sample PNG file
......@@ -106,17 +106,6 @@ Then /^the VirtualBox guest modules are available$/ do
"The vboxguest module is not available.")
end
Given /^I setup a filesystem share containing a sample PNG$/ do
shared_png_dir_on_host = "#{$config["TMPDIR"]}/shared_png_dir"
@shared_png_dir_on_guest = "/tmp/shared_png_dir"
FileUtils.mkdir_p(shared_png_dir_on_host)
Dir.glob("#{MISC_FILES_DIR}/*.png") do |png_file|
FileUtils.cp(png_file, shared_png_dir_on_host)
end
add_after_scenario_hook { FileUtils.rm_r(shared_png_dir_on_host) }
$vm.add_share(shared_png_dir_on_host, @shared_png_dir_on_guest)
end
Then /^the support documentation page opens in Tor Browser$/ do
if @language == 'German'
expected_title = 'Tails - Hilfe & Support'
......@@ -134,11 +123,15 @@ Then /^the support documentation page opens in Tor Browser$/ do
)
end
Given /^I plug and mount a USB drive containing a sample PNG$/ do
@png_dir = share_host_files(Dir.glob("#{MISC_FILES_DIR}/*.png"))
end
Then /^MAT can clean some sample PNG file$/ do
for png_on_host in Dir.glob("#{MISC_FILES_DIR}/*.png") do
png_name = File.basename(png_on_host)
png_on_guest = "/home/#{LIVE_USER}/#{png_name}"
step "I copy \"#{@shared_png_dir_on_guest}/#{png_name}\" to \"#{png_on_guest}\" as user \"#{LIVE_USER}\""
step "I copy \"#{@png_dir}/#{png_name}\" to \"#{png_on_guest}\" as user \"#{LIVE_USER}\""
raw_check_cmd = "grep --quiet --fixed-strings --text " +
"'Created with GIMP' '#{png_on_guest}'"
assert($vm.execute(raw_check_cmd, user: LIVE_USER).success?,
......
......@@ -8,24 +8,6 @@ def post_vm_start_hook
@screen.click_point(@screen.w - 1, @screen.h/2)
end
def activate_filesystem_shares
# XXX-9p: First of all, filesystem shares cannot be mounted while we
# do a snapshot save+restore, so unmounting+remounting them seems
# like a good idea. However, the 9p modules get into a broken state
# during the save+restore, so we also would like to unload+reload
# them, but loading of 9pnet_virtio fails after a restore with
# "probe of virtio2 failed with error -2" (in dmesg) which makes the
# shares unavailable. Hence we leave this code commented for now.
#for mod in ["9pnet_virtio", "9p"] do
# $vm.execute("modprobe #{mod}")
#end
$vm.list_shares.each do |share|
$vm.execute("mkdir -p #{share}")
$vm.execute("mount -t 9p -o trans=virtio #{share} #{share}")
end
end
def context_menu_helper(top, bottom, menu_item)
try_for(60) do
t = @screen.wait(top, 10)
......@@ -41,24 +23,10 @@ def context_menu_helper(top, bottom, menu_item)
end
end
def deactivate_filesystem_shares
$vm.list_shares.each do |share|
$vm.execute("umount #{share}")
end
# XXX-9p: See XXX-9p above
#for mod in ["9p", "9pnet_virtio"] do
# $vm.execute("modprobe -r #{mod}")
#end
end
def post_snapshot_restore_hook
$vm.wait_until_remote_shell_is_up
post_vm_start_hook
# XXX-9p: See XXX-9p above
#activate_filesystem_shares
# The guest's Tor's circuits' states are likely to get out of sync
# with the other relays, so we ensure that we have fresh circuits.
# Time jumps and incorrect clocks also confuses Tor in many ways.
......@@ -97,7 +65,7 @@ Given /^the computer is set to boot from (.+?) drive "(.+?)"$/ do |type, name|
$vm.set_disk_boot(name, type.downcase)
end
Given /^I (temporarily )?create a (\d+) ([[:alpha:]]+) disk named "([^"]+)"$/ do |temporary, size, unit, name|
Given /^I (temporarily )?create an? (\d+) ([[:alpha:]]+) disk named "([^"]+)"$/ do |temporary, size, unit, name|
$vm.storage.create_new_disk(name, {:size => size, :unit => unit,
:type => "qcow2"})
add_after_scenario_hook { $vm.storage.delete_volume(name) } if temporary
......@@ -308,7 +276,6 @@ Given /^the computer (re)?boots Tails$/ do |reboot|
Sikuli::Key.ENTER)
@screen.wait('TailsGreeter.png', 5*60)
$vm.wait_until_remote_shell_is_up
activate_filesystem_shares
step 'I configure Tails to use a simulated Tor network'
end
......@@ -954,3 +921,27 @@ Then /^Tails is running version (.+)$/ do |version|
.scan(/TAILS_VERSION_ID="(#{version})"/).flatten.first
assert_equal(version, v2, "The version doesn't match /etc/os-release")
end
def share_host_files(files)
files = [files] if files.class == String
assert_equal(Array, files.class)
disk_size = files.map { |f| File.new(f).size } .inject(0, :+)
# Let's add some extra space for filesysten overhead etc.
disk_size += [convert_to_bytes(1, 'MiB'), (disk_size * 0.10).ceil].max
disk = random_alpha_string(10)
step "I temporarily create an #{disk_size} bytes disk named \"#{disk}\""
step "I create a gpt partition labeled \"#{disk}\" with an ext4 " +
"filesystem on disk \"#{disk}\""
$vm.storage.guestfs_disk_helper(disk) do |g, _|
partition = g.list_partitions().first
g.mount(partition, "/")
files.each { |f| g.upload(f, "/" + File.basename(f)) }
end
step "I plug USB drive \"#{disk}\""
mount_dir = $vm.execute_successfully('mktemp -d').stdout.chomp
dev = $vm.disk_dev(disk)
partition = dev + '1'
$vm.execute_successfully("mount #{partition} #{mount_dir}")
$vm.execute_successfully("chmod -R a+rX '#{mount_dir}'")
return mount_dir
end
Given /^I create sample videos$/ do
@shared_video_dir_on_host = "#{$config["TMPDIR"]}/shared_video_dir"
@shared_video_dir_on_guest = "/tmp/shared_video_dir"
FileUtils.mkdir_p(@shared_video_dir_on_host)
add_after_scenario_hook { FileUtils.rm_r(@shared_video_dir_on_host) }
@video_dir_on_host = "#{$config["TMPDIR"]}/video_dir"
FileUtils.mkdir_p(@video_dir_on_host)
add_after_scenario_hook { FileUtils.rm_r(@video_dir_on_host) }
fatal_system("avconv -loop 1 -t 30 -f image2 " +
"-i 'features/images/USBTailsLogo.png' " +
"-an -vcodec libx264 -y " +
'-filter:v "crop=in_w-mod(in_w\,2):in_h-mod(in_h\,2)" ' +
"'#{@shared_video_dir_on_host}/video.mp4' >/dev/null 2>&1")
"'#{@video_dir_on_host}/video.mp4' >/dev/null 2>&1")
end
Given /^I setup a filesystem share containing sample videos$/ do
$vm.add_share(@shared_video_dir_on_host, @shared_video_dir_on_guest)
Given /^I plug and mount a USB drive containing sample videos$/ do
@video_dir_on_guest = share_host_files(
Dir.glob("#{@video_dir_on_host}/*")
)
end
Given /^I copy the sample videos to "([^"]+)" as user "([^"]+)"$/ do |destination, user|
for video_on_host in Dir.glob("#{@shared_video_dir_on_host}/*.mp4") do
for video_on_host in Dir.glob("#{@video_dir_on_host}/*.mp4") do
video_name = File.basename(video_on_host)
src_on_guest = "#{@shared_video_dir_on_guest}/#{video_name}"
src_on_guest = "#{@video_dir_on_guest}/#{video_name}"
dst_on_guest = "#{destination}/#{video_name}"
step "I copy \"#{src_on_guest}\" to \"#{dst_on_guest}\" as user \"amnesia\""
end
......
......@@ -165,17 +165,7 @@ When /^I fail to "([^"]*)" Tails to USB drive "([^"]+)"$/ do |mode, name|
end
end
Given /^I setup a filesystem share containing the Tails ISO$/ do
shared_iso_dir_on_host = "#{$config["TMPDIR"]}/shared_iso_dir"
@shared_iso_dir_on_guest = "/tmp/shared_iso_dir"
FileUtils.mkdir_p(shared_iso_dir_on_host)
FileUtils.cp(TAILS_ISO, shared_iso_dir_on_host)
add_after_scenario_hook { FileUtils.rm_r(shared_iso_dir_on_host) }
$vm.add_share(shared_iso_dir_on_host, @shared_iso_dir_on_guest)
end
When /^I do a "Upgrade from ISO" on USB drive "([^"]+)"$/ do |name|
iso_path_on_guest = "#{@shared_iso_dir_on_guest}/#{File.basename(TAILS_ISO)}"
step 'I start Tails Installer in "Upgrade from ISO" mode'
@installer.child('Use existing Live system ISO:', roleName: 'label')
.parent.button('(None)').click
......@@ -183,7 +173,7 @@ When /^I do a "Upgrade from ISO" on USB drive "([^"]+)"$/ do |name|
file_chooser.wait(10)
@screen.type("l", Sikuli::KeyModifier.CTRL)
# The only visible text element will be the path entry
file_chooser.child(roleName: 'text').text = iso_path_on_guest
file_chooser.child(roleName: 'text').text = @iso_path
file_chooser.button('Open').click
usb_install_helper(name)
end
......@@ -287,10 +277,9 @@ Then /^the running Tails is installed on USB drive "([^"]+)"$/ do |target_name|
end
Then /^the ISO's Tails is installed on USB drive "([^"]+)"$/ do |target_name|
iso = "#{@shared_iso_dir_on_guest}/#{File.basename(TAILS_ISO)}"
iso_root = "/mnt/iso"
$vm.execute("mkdir -p #{iso_root}")
$vm.execute("mount -o loop #{iso} #{iso_root}")
$vm.execute("mount -o loop #{@iso_path} #{iso_root}")
tails_is_installed_helper(target_name, iso_root, "isolinux")
$vm.execute("umount #{iso_root}")
end
......
......@@ -144,13 +144,7 @@ class VMStorage
end
def disk_mklabel(name, parttype)
disk = {
:path => disk_path(name),
:opts => {
:format => disk_format(name)
}
}
guestfs_disk_helper(disk) do |g, disk_handle|
guestfs_disk_helper(name) do |g, disk_handle|
g.part_init(disk_handle, parttype)
end
end
......@@ -158,13 +152,7 @@ class VMStorage
def disk_mkpartfs(name, parttype, fstype, opts = {})
opts[:label] ||= nil
opts[:luks_password] ||= nil
disk = {
:path => disk_path(name),
:opts => {
:format => disk_format(name)
}
}
guestfs_disk_helper(disk) do |g, disk_handle|
guestfs_disk_helper(name) do |g, disk_handle|
g.part_disk(disk_handle, parttype)
g.part_set_name(disk_handle, 1, opts[:label]) if opts[:label]
primary_partition = g.list_partitions()[0]
......@@ -182,13 +170,7 @@ class VMStorage
end
def disk_mkswap(name, parttype)
disk = {
:path => disk_path(name),
:opts => {
:format => disk_format(name)
}
}
guestfs_disk_helper(disk) do |g, disk_handle|
guestfs_disk_helper(name) do |g, disk_handle|
g.part_disk(disk_handle, parttype)
primary_partition = g.list_partitions()[0]
g.mkswap(primary_partition)
......@@ -206,7 +188,13 @@ class VMStorage
Guestfs::EVENT_TRACE)
g.set_autosync(1)
disks.each do |disk|
g.add_drive_opts(disk[:path], disk[:opts])
if disk.class == String
g.add_drive_opts(disk_path(disk), format: disk_format(disk))
elsif disk.class == Hash
g.add_drive_opts(disk[:path], disk[:opts])
else
raise "cannot handle type '#{disk.class}'"
end
end
g.launch()
yield(g, *g.list_devices())
......
......@@ -9,9 +9,8 @@ Feature: Using Totem
Given I create sample videos
Scenario: Watching a MP4 video stored on the non-persistent filesystem
Given a computer
And I setup a filesystem share containing sample videos
And I start Tails from DVD with network unplugged and I login
Given I have started Tails from DVD without network and logged in
And I plug and mount a USB drive containing sample videos
And I copy the sample videos to "/home/amnesia" as user "amnesia"
And the file "/home/amnesia/video.mp4" exists
Given I start monitoring the AppArmor log of "/usr/bin/totem"
......@@ -52,22 +51,14 @@ Feature: Using Totem
Then I can watch a WebM video over HTTPs
Scenario: Watching MP4 videos stored on the persistent volume should work as expected given our AppArmor confinement
Given I have started Tails without network from a USB drive with a persistent partition and stopped at Tails Greeter's login screen
# Due to bug #5571 we have to reboot to be able to use
# filesystem shares.
And I shutdown Tails and wait for the computer to power off
And I setup a filesystem share containing sample videos
And I start Tails from USB drive "__internal" with network unplugged and I login with persistence enabled
Given I have started Tails without network from a USB drive with a persistent partition enabled and logged in
And I plug and mount a USB drive containing sample videos
And I copy the sample videos to "/home/amnesia/Persistent" as user "amnesia"
And I copy the sample videos to "/home/amnesia/.gnupg" as user "amnesia"
And I shutdown Tails and wait for the computer to power off
And I start Tails from USB drive "__internal" with network unplugged and I login with persistence enabled
And the file "/home/amnesia/Persistent/video.mp4" exists
When I open "/home/amnesia/Persistent/video.mp4" with Totem
Then I see "SampleLocalMp4VideoFrame.png" after at most 40 seconds
Given I close Totem
And the file "/home/amnesia/.gnupg/video.mp4" exists
And I start monitoring the AppArmor log of "/usr/bin/totem"
And I copy the sample videos to "/home/amnesia/.gnupg" as user "amnesia"
When I try to open "/home/amnesia/.gnupg/video.mp4" with Totem
Then I see "TotemUnableToOpen.png" after at most 10 seconds
And AppArmor has denied "/usr/bin/totem" from opening "/home/amnesia/.gnupg/video.mp4"
......@@ -11,9 +11,8 @@ Feature: Upgrading an old Tails USB installation
# dependencies (which are documented below).
Scenario: Try to "Upgrade from ISO" Tails to a pristine USB drive
Given a computer
And I setup a filesystem share containing the Tails ISO
And I start Tails from DVD with network unplugged and I login
Given I have started Tails from DVD without network and logged in
And I plug and mount a USB drive containing the Tails ISO
And I temporarily create a 4 GiB disk named "pristine"
And I plug USB drive "pristine"
When I start Tails Installer in "Upgrade from ISO" mode
......@@ -27,9 +26,8 @@ Feature: Upgrading an old Tails USB installation
Then I am told that the destination device cannot be upgraded
Scenario: Try to "Upgrade from ISO" Tails to a USB drive with GPT and a FAT partition
Given a computer
And I setup a filesystem share containing the Tails ISO
And I start Tails from DVD with network unplugged and I login
Given I have started Tails from DVD without network and logged in
And I plug and mount a USB drive containing the Tails ISO
And I temporarily create a 4 GiB disk named "gptfat"
And I create a gpt partition with a vfat filesystem on disk "gptfat"
And I plug USB drive "gptfat"
......@@ -128,8 +126,8 @@ Feature: Upgrading an old Tails USB installation
Scenario: Upgrading an old Tails USB installation from an ISO image, running on the old version
Given a computer
And I clone USB drive "old" to a new USB drive "to_upgrade"
And I setup a filesystem share containing the Tails ISO
When I start Tails from USB drive "old" with network unplugged and I login
And I plug and mount a USB drive containing the Tails ISO
And I plug USB drive "to_upgrade"
And I do a "Upgrade from ISO" on USB drive "to_upgrade"
Then the ISO's Tails is installed on USB drive "to_upgrade"
......@@ -137,10 +135,9 @@ Feature: Upgrading an old Tails USB installation
# Depends on scenario: Writing files to a read/write-enabled persistent partition with the old Tails USB installation
Scenario: Upgrading an old Tails USB installation from an ISO image, running on the new version
Given a computer
Given I have started Tails from DVD without network and logged in
And I plug and mount a USB drive containing the Tails ISO
And I clone USB drive "old" to a new USB drive "to_upgrade"
And I setup a filesystem share containing the Tails ISO
And I start Tails from DVD with network unplugged and I login
And I plug USB drive "to_upgrade"
And I do a "Upgrade from ISO" on USB drive "to_upgrade"
Then the ISO's Tails is installed on USB drive "to_upgrade"
......
......@@ -346,25 +346,6 @@ Although very rare, the remote shell can get into a state where it
stops responding, resulting in the test suite waiting for a response
forever.
## Host-to-guest filesystem shares are incompatibile with snapshots
Filesystem shares cannot (due to QEMU limitations) be added to an
active VM, and cannot (due to QEMU limitations) be active
(i.e. mounted) during a snapshot save. For this reason, don't use
filesystem shares in combination with snapshots. For more
information, see [[!tails_ticket 5571]].
On a more practical note, you *can* add a filesystem share if you
restore a snapshot and then power off the computer, which still is
worth it when there's a big setup cost, e.g. when Tails is running
from USB with persistence enabled. So something like this is valid,
for example:
Given Tails has booted without network from a USB drive with a persistent partition and stopped at Tails Greeter's login screen
And I shutdown Tails and wait for the computer to power off
And I setup some filesystem share ...
And I start Tails from USB drive "current" with network unplugged and I login with persistence enabled
## Plugging SATA drives
When creating a disk (at least when backed by a `raw` image) via the
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment