Merge branch 'master' of https://git-tails.immerda.ch/tails into doc/14790-update-doc-new-greeter

Rakefile

@@ -369,8 +369,9 @@ task :setup_environment => ['validate_git_state'] do
   ENV['BASE_BRANCH_GIT_COMMIT'] = git_helper('git_base_branch_head')
   ['GIT_COMMIT', 'GIT_REF', 'BASE_BRANCH_GIT_COMMIT'].each do |var|
     if ENV[var].empty?
-      raise "Variable '#{var}' is empty, which should not be possible" +
-            "(validate_git_state must be buggy)"
+      raise "Variable '#{var}' is empty, which should not be possible: " +
+            "either validate_git_state is buggy or the 'origin' remote " +
+            "does not point to the official Tails Git repository."
     end
   end
 end

auto/config

@@ -185,8 +185,10 @@ cp debian/changelog config/chroot_local-includes/usr/share/doc/amnesia/Changelog
 # create readahead-list from squashfs.sort
 if [ -e config/binary_rootfs/squashfs.sort ]; then
     mkdir -p config/chroot_local-includes/usr/share/amnesia
-    sort -k2 -n -r config/binary_rootfs/squashfs.sort |
-        cut -d' ' -f1 > config/chroot_local-includes/usr/share/amnesia/readahead-list
+    sort -k2 -n -r config/binary_rootfs/squashfs.sort | \
+        cut -d' ' -f1 | \
+        grep --invert-match --extended-regexp "$READAHEAD_EXCLUDE_PATTERN" \
+        > config/chroot_local-includes/usr/share/amnesia/readahead-list
 fi
 
 # custom APT sources

auto/scripts/ikiwiki-supported-languages

@@ -21,7 +21,7 @@ Tails developers <amnesia@boum.org>
 
 =head1 LICENSE AND COPYRIGHT
 
-Copyright (C) 2011 Tails developers <amnesia@boum.org>
+Copyright (C) 2011 Tails developers <tails@boum.org>
 
 Licensed under the GNU GPL version 3 or any later version.
 

config/APT_snapshots.d/debian/serial

-2017110802
+2018010603

config/APT_snapshots.d/torproject/serial

-2017110802
+2017120803

config/amnesia

@@ -26,12 +26,16 @@ AMNESIA_ISOHYBRID_OPTS="-h 255 -s 63 --id 42 --verbose"
 REQUIRED_SYSLINUX_UTILS_UPSTREAM_VERSION="6.03~pre20"
 
 # Kernel version
-KERNEL_VERSION='4.13.0-1'
+KERNEL_VERSION='4.14.0-3'
 KERNEL_SOURCE_VERSION=$(
    echo "$KERNEL_VERSION" \
        | perl -p -E 's{\A (\d+ [.] \d+) [.] .*}{$1}xms'
 )
 
+# Files to exclude from the readahead list
+# (passed to `grep --extended-regexp`)
+READAHEAD_EXCLUDE_PATTERN='^lib/live/mount/medium/'
+
 ### You should not have to change anything below this line ####################
 
 # sanity checks

config/binary_rootfs/squashfs.sort

@@ -30,7 +30,6 @@ etc/amnesia/version                                                  32738
 bin/date                                                             32737
 usr/share/zoneinfo/UTC                                               32736
 lib/live/config/0010-debconf                                         32735
-lib/live/mount/medium/live/filesystem.squashfs                       32734
 lib/live/config/0020-hostname                                        32733
 etc/hostname                                                         32732
 usr/bin/mawk                                                         32731
@@ -606,7 +605,6 @@ lib/udev/hwclock-set                                                 31767
 lib/modules/4.13.0-1-amd64/kernel/arch/x86/events/intel/intel-rapl-perf.ko 31763
 usr/bin/dconf                                                        31762
 usr/lib/x86_64-linux-gnu/libdconf.so.1.0.0                           31761
-lib/live/mount/medium/live/initrd.img                                31760
 bin/dd                                                               31759
 sbin/ethtool                                                         31625
 lib/udev/cdrom_id                                                    31624

config/chroot_apt/preferences

@@ -57,6 +57,10 @@ Package: virtualbox*
 Pin: release o=Debian,n=sid
 Pin-Priority: 999
 
+Package: xul-ext-ublock-origin
+Pin: release o=Debian,n=sid
+Pin-Priority: 999
+
 Explanation: weirdness in chroot_apt install-binary
 Package: *
 Pin: release o=chroot_local-packages

config/chroot_local-hooks/01-check-for-outdated-AppArmor-feature-set

+#! /bin/sh
+
+set -e
+set -u
+set -x
+
+echo "Checking if we should stop shipping our own AppArmor feature set"
+
+if [ -f /usr/share/apparmor-features/features ]; then
+    if cmp -q /usr/share/apparmor-features/features.Tails \
+              /usr/share/apparmor-features/features; then
+        echo "Debian ships the same AppArmor feature set as ours. " \
+             "Likely we can now remove our own one." >&2
+    else
+        echo "Debian ships a different AppArmor feature set from ours. " \
+             "Likely our own one is outdated and can be removed:" >&2
+        diff -Naur \
+            /usr/share/apparmor-features/features.Tails \
+            /usr/share/apparmor-features/features \
+            >&2
+    fi
+    # In any case, we probably have to do something about it.
+    exit 1
+fi

config/chroot_local-hooks/50-dkms

@@ -2,31 +2,43 @@
 
 set -e
 set -u
+set -x
 
 echo "Building dkms modules"
 
 . /usr/share/amnesia/build/variables
 
-# the -dkms package must be installed *after* dkms to be properly registered
-apt-get install --yes build-essential dkms
+# Import install_fake_package
+. /usr/local/lib/tails-shell-library/build.sh
+
+# Install gcc-6 and fake linux-compiler-gcc-7-x86
+# (linux-headers-4.14+ depends on it, but Stretch hasn't GCC 7)
+# XXX:Buster: remove this hack.
+apt-get install --yes gcc-6
+NEWEST_INSTALLED_KERNEL_VERSION="$(
+    dpkg-query --showformat '${Version}\n' --show 'linux-image-*-amd64' \
+    | sort --version-sort | tail -n1
+)"
+install_fake_package \
+    linux-compiler-gcc-7-x86 \
+    "${NEWEST_INSTALLED_KERNEL_VERSION}~0tails1"
+ln -s /usr/bin/gcc-6 /usr/bin/gcc-7
+
+# Any -dkms package must be installed *after* dkms to be properly registered
+apt-get install --yes \
+    build-essential \
+    dkms \
+    libelf-dev
 
-# Installing the headers triggers the building of the modules for that kernel
 apt-get install --yes \
     "linux-headers-${KERNEL_VERSION}-amd64" \
     aufs-dkms \
     virtualbox-guest-dkms
 
-MODULES_VERSION="$(dpkg-query -W -f='${Version}\n' virtualbox-guest-dkms \
-		       | sed -E 's,-.*,,')"
-dkms build \
-    -a amd64 -k "${KERNEL_VERSION}-amd64" \
-    -m virtualbox-guest -v "$MODULES_VERSION"
-dkms install \
-    -a amd64 -k "${KERNEL_VERSION}-amd64" \
-    -m virtualbox-guest -v "$MODULES_VERSION"
-
-# clean the build directory
-# rm -r /var/lib/dkms/virtualbox-guest/
+for log in $(ls /var/lib/dkms/*/*/build/make.log); do
+   echo "---- $log"
+   cat "$log"
+done
 
 # Ensure the modules were actually built and installed: when
 # dkms.conf for a DKMS module includes a BUILD_EXCLUSIVE directive

config/chroot_local-hooks/98-remove_unwanted_packages

@@ -12,12 +12,15 @@ echo "Removing unwanted packages"
 #   - libgcc1 (apt depends on it)
 #   - cpp, cpp-* (big parts of GNOME depend on it)
 apt-get --yes purge  \
+   '^linux-compiler-*' \
    '^linux-kbuild-*' \
    '^linux-headers-*' \
    build-essential debhelper dkms dpkg-dev \
    gcc gcc-6 \
    intltool-debian \
-   libc6-dev linux-libc-dev \
+   libc6-dev \
+   libelf-dev \
+   linux-libc-dev \
    make \
    po-debconf \
    rsyslog \

config/chroot_local-includes/etc/apt/apt.conf.d/14keep-debs

-APT::Keep-Downloaded-Packages "true";
+Binary::apt::APT::Keep-Downloaded-Packages "true";

config/chroot_local-includes/etc/dconf/db/local.d/00_Tails_defaults

@@ -60,3 +60,7 @@ lid-close-battery-action = 'blank'
 [org/gnome/shell]
 enabled-extensions = ['apps-menu@gnome-shell-extensions.gcampax.github.com', 'places-menu@gnome-shell-extensions.gcampax.github.com', 'window-list@gnome-shell-extensions.gcampax.github.com', 'TopIcons@phocean.net', 'shutdown-helper@tails.boum.org', 'torstatus@tails.boum.org']
 favorite-apps=['tor-browser.desktop', 'thunderbird.desktop', 'pidgin.desktop', 'keepassx.desktop', 'gnome-terminal.desktop']
+
+[org/gnome/shell/extensions/topicons]
+tray-pos='right'
+tray-order=4

config/chroot_local-includes/etc/ssh/ssh_config

@@ -13,3 +13,6 @@ ForwardX11Trusted       no
 
 # Prevent fingerprinting when username was not specified
 User                    root
+
+# Avoid storing full remote IP / host name connection history in plaintext
+HashKnownHosts          yes

config/chroot_local-includes/usr/local/sbin/tails-additional-software

@@ -31,6 +31,7 @@ def _launch_apt_get(specific_args):
     # We will log the output and want it in English when included in bug
     # reports
     apt_get_env['LANG'] = "C"
+    apt_get_env['DEBIAN_PRIORITY'] = "critical"
     args = ["apt-get", "--quiet", "--yes"]
     args.extend(specific_args)
     apt_get = subprocess.Popen(

config/chroot_local-includes/usr/share/apparmor-features/features.Tails

+caps {mask {chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap mac_override mac_admin syslog wake_alarm block_suspend audit_read
+}
+}
+rlimit {mask {cpu fsize data stack core rss nproc nofile memlock as locks sigpending msgqueue nice rtprio rttime
+}
+}
+capability {0xffffff
+}
+file {mask {create read write exec append mmap_exec link lock
+}
+}
+domain {change_profile {yes
+}
+change_onexec {yes
+}
+change_hatv {yes
+}
+change_hat {yes
+}
+}
+policy {set_load {yes
+}
+}

config/chroot_local-includes/usr/share/doc/amnesia/README

 See the Tails website (https://tails.boum.org/), whose source lies
 in the "wiki" directory of this very Git repository.
+
+For copyright and licensing information, see `debian/copyright`.

config/chroot_local-includes/usr/share/live/config/xserver-xorg/intel.ids

@@ -6,3 +6,4 @@
 808627A2
 808629B2
 808629B3
+8086591B

config/chroot_local-patches/AppArmor-pin-feature-set.patch

+Description: pin the AppArmor feature set to the Stretch's kernel one
+ .
+ Let's smooth UX on kernel upgrades and allow ourselves to update the AppArmor
+ policy in a relaxed manner.
+Bug-Debian: https://bugs.debian.org/879585
+Forwarded: not-needed
+Author: intrigeri <intrigeri@debian.org>
+
+--- a/etc/apparmor/parser.conf
++++ b/etc/apparmor/parser.conf
+@@ -60,3 +60,7 @@
+ ## Adjust compression
+ #Optimize=compress-small
+ #Optimize=compress-fast
++
++## Pin feature set (avoid regressions when policy is lagging behind
++## the kernel)
++features-file=/usr/share/apparmor-features/features.Tails

config/chroot_local-patches/live-boot:_workaround_aufs_bug.patch

+--- a/lib/live/boot/9990-misc-helpers.sh.orig	2018-01-04 13:27:17.845454685 +0000
++++ b/lib/live/boot/9990-misc-helpers.sh	2018-01-04 14:40:06.852067492 +0000
+@@ -1337,6 +1337,8 @@
+ 	esac
+ 
+ 	mount -t ${UNIONTYPE} ${unionmountopts} ${UNIONTYPE} "${unionmountpoint}"
++	# Workaround aufs bug (Debian#886329)
++	ls "${unionmountpoint}" >/dev/null 2>&1 || true
+ }
+ 
+ get_custom_mounts ()

debian/changelog

+tails (3.4) unstable; urgency=medium
+
+  * Security fixes
+    - Install Linux 4.14.0-3 from sid (Closes: #14976). This enables
+      the kernel-side mitigations for Meltdown.
+    - Upgrade curl to 7.52.1-5+deb9u3.
+    - Upgrade enigmail to 2:1.9.9-1~deb9u1.
+    - Upgrade gimp to 2.8.18-1+deb9u1.
+    - Upgrade imagemagick to 8:6.9.7.4+dfsg-11+deb9u4.
+    - Upgrade libav (ffmpeg) to 7:3.2.9-1~deb9u1.
+    - Upgrade libxcursor to 1:1.1.14-1+deb9u1.
+    - Upgrade libxml-libxml-perl to 2.0128+dfsg-1+deb9u1.
+    - Upgrade poppler to 0.48.0-2+deb9u1.
+    - Upgrade rsync to 3.1.2-1 3.1.2-1+deb9u1.
+    - Upgrade samba to 2:4.5.12+dfsg-2+deb9u1.
+    - Upgrade sensible-utils to 0.0.9+deb9u1.
+    - Upgrade tor to 0.3.1.9-1~d90.stretch+1.
+
+  * Minor improvements
+    - Display TopIcons systray on the left of the system menu. This
+      fixes #14796 (on Buster, it is displayed in the middle of the
+      screen, on the left of the clock) and an annoying UX problem we
+      have on Stretch: OpenPGP applet is in the middle of icons that
+      share the exact same (modern, GNOME Shell-like) behaviour, which
+      is disturbing when opening one of the modern menus and moving
+      the mouse left/right to the others, because in the middle one
+      icon won't react as expected, and the nice blue bottom border
+      continuity is broken.
+    - Use the "intel" X.Org driver for integrated graphics in Intel
+      i5-7300HQ (Closes: #14990).
+    - Enable HashKnownHosts in the OpenSSH client (Closes: #14995).
+      Debian enables HashKnownHosts by default via /etc/ssh/ssh_config
+      for good reasons, let's not revert to the upstream default.
+    - Pin the AppArmor feature set to the Stretch's kernel one. Linux
+      4.14 brings new AppArmor mediation features and the policy
+      shipped in Stretch may not be ready for it. So let's disable
+      these new features to avoid breaking stuff: it's too hard to
+      check if all the policy for apps we ship (and that users install
+      themselves) has the right rules to cope with these new mediation
+      features.
+
+  * Bugfixes
+    - Don't delete downloaded debs after install (Closes: #10958).
+    - Install xul-ext-ublock-origin from sid to make the dashboard
+      work again(Closes: #14993). Thanks to cacahuatl
+      <cacahuatl@autistici.org> for the patch!
+    - Additional software feature: use debconf priority critical to
+      prevent failure when installing packages otherwise requiring
+      manual configuration (Closes: #6038)
+    - Don't include anything under /lib/live/mount/medium/ in the
+      readahead list (Closes: #14964). This fixes the boot time
+      regression introduced in Tails 3.3.
+
+  * Build system
+    - Display a more helpful error message when the 'origin' remote
+      does not point to the official Tails Git repository. This task
+      calls git_base_branch_head() which relies on the fact 'origin'
+      points to our official repo.
+    - Vagrant: never build the wiki early. This has caused several
+      issues throughout the years, the lastest instance being the
+      reopening of #14933. (Closes: #14933)
+    - Install libelf-dev during the time we need it for building DKMS modules.
+    - Make the DKMS build hook verbose, and display DKMS modules build
+      logs on failure. This hook is a recurring cause of headaches,
+      let's simplify debugging.
+    - Remove obsolete duplicate build of the virtualbox-guest DKMS
+      module.
+
+  * Test suite
+    - Log the list of systemd jobs when systemctl is-system-running
+      fails (Closes: #14772). Listing the units is not enough: in most
+      cases I've seen, is-system-running returns "starting" which
+      means the job queue is not empty, and to debug that we need the
+      list of jobs.
+    - Only support SikuliX; drop support for Sikuli.
+    - Disable SPICE clipboard sharing in the guest. It could only mess
+      things up, and in fact has confused me by suddenly setting my
+      *host's* clipboard to "ATTACK AT DAWN"... :)
+    - Decode Base64.decode64 return value appropriately; it returns
+      strings encoded in ASCII-8bit.
+    - Don't flood the debug logger with the journal contents.
+    - Handle case where $vm is undefined during an extremely early
+      scenario failure.
+    - Allow more time for 'systemctl is-system-running' to
+      succeed. (Refs: #14772)
+    - Make Sikuli attempt to find replacements on FindFailed by
+      employing fuzz, or "lowering the similarity factor". The
+      replacements (if found) are saved among the artifacts, and
+      serves as potential drop-in-replacements for outdated
+      images. The main use case for this is when the font
+      configuration in Tails changes, which normally invalidates a
+      large part of our images given that our default high similarity
+      factor. We also add the `--fuzzy-image-matching` where the
+      replacements are used in case of FindFailed, so the tests can
+      proceed beyond the first FindFailed. The idea is that a full
+      test suite run will produce replacements for potentially *all*
+      outdated images.
+    - Fix our findAny() vs findfailed_hook. For findAny() it might be
+      expected that some images won't be found, so we shouldn't use
+      our findfailed_hook, which is about dealing with the situation
+      where images need to be updated.
+    - Make sure Pidgin's D-Bus policy changes are applied (Closes:
+      #15007). Without the HUP there's a race that we sometimes lose.
+    - Nump the Unsafe Browser's start page image (Closes: #15006).
+    - Hot-plug a 'pcnet' network device instead of 'virtio' on Sid,
+      since the latter is not detected on Sid (Closes: #14819).
+
+ -- Tails developers <tails@boum.org>  Mon, 08 Jan 2018 16:57:07 +0100
+
 tails (3.3) unstable; urgency=medium
 
   * Major changes

debian/copyright

 Copyright:
 
-   Copyright (C) Amnesia <amnesia@boum.org>
+   Copyright (C) Tails developers <tails@boum.org>
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by

features/config/defaults.yml

@@ -3,6 +3,7 @@ CAPTURE_ALL: false
 INTERACTIVE_DEBUGGING: false
 MAX_NEW_TOR_CIRCUIT_RETRIES: 10
 SIKULI_RETRY_FINDFAILED: false
+SIKULI_FUZZY_IMAGE_MATCHING: false
 TMPDIR: "/tmp/TailsToaster"
 
 Unsafe_SSH_private_key: |

features/domains/default.xml

@@ -37,6 +37,7 @@
       <target type='virtio' name='com.redhat.spice.0'/>
     </channel>
     <graphics type='spice' port='-1' tlsPort='-1' autoport='yes'>
+      <clipboard copypaste='no'/>
       <mouse mode='client'/>
     </graphics>
     <sound model='ich6'/>

features/step_definitions/browser.rb

-Then /^the Unsafe Browser has started$/ do
-  @screen.wait("UnsafeBrowserHomepage.png", 360)
-end
-
 When /^I start the Unsafe Browser(?: through the GNOME menu)?$/ do
   step "I start \"Unsafe Browser\" via GNOME Activities Overview"
 end

features/step_definitions/checks.rb

@@ -100,7 +100,7 @@ Then /^the documentation viewer opens the "(Support|Getting started)" page$/ do
     if page == 'Support'
       expected_heading = 'Die Dokumentation durchsuchen'
     else
-      page = 'Einen Fehler gefunden?'
+      expected_heading = 'Einen Fehler gefunden?'
     end
   else
     expected_title = 'Tails documentation'

features/step_definitions/common_steps.rb

@@ -347,9 +347,12 @@ end
 Given /^Tor is ready$/ do
   step "Tor has built a circuit"
   step "the time has synced"
-  if $vm.execute('systemctl is-system-running').failure?
+  begin
+    try_for(30) { $vm.execute('systemctl is-system-running').success? }
+  rescue Timeout::Error
+    jobs = $vm.execute('systemctl list-jobs').stdout
     units_status = $vm.execute('systemctl').stdout
-    raise "At least one system service failed to start:\n#{units_status}"
+    raise "The system is not fully running yet:\n#{jobs}\n#{units_status}"
   end
 end
 
@@ -451,11 +454,10 @@ Given /^all notifications have disappeared$/ do
 end
 
 Then /^I (do not )?see "([^"]*)" after at most (\d+) seconds$/ do |negation, image, time|
-  begin
+  if negation
+    @screen.waitVanish(image, time.to_i)
+  else
     @screen.wait(image, time.to_i)
-    raise "found '#{image}' while expecting not to" if negation
-  rescue FindFailed => e
-    raise e if not(negation)
   end
 end
 

features/step_definitions/mac_spoofing.rb

@@ -101,18 +101,27 @@ end
 
 When /^I hotplug a network device( and wait for it to be initialized)?$/ do |wait|
   initial_nr_nics = wait ? all_ethernet_nics.size : nil
+  # XXX:Buster: when we stop supporting the test suite on Stretch
+  # hosts, let's remove this workaround related to #14819 and just
+  # settle on a device that works on all supported platforms.
+  if cmd_helper('lsb_release --short --codename').chomp == 'stretch'
+    device = 'virtio'
+  else
+    device = 'pcnet'
+  end
+  debug_log("Hotplugging a '#{device}' network device")
   xml = <<-EOF
     <interface type='network'>
       <alias name='net1'/>
       <mac address='52:54:00:11:22:33'/>
       <source network='TailsToasterNet'/>
-      <model type='virtio'/>
+      <model type='#{device}'/>
       <link state='up'/>
     </interface>
   EOF
   $vm.plug_device(xml)
   if wait
-    try_for(20) do
+    try_for(30) do
       all_ethernet_nics.size >= initial_nr_nics + 1
     end
   end

features/step_definitions/pidgin.rb

@@ -38,7 +38,6 @@ end
 # `return_shellcommand: true`) since we block Pidgin's D-Bus interface
 # (#14612) ...
 def pidgin_dbus_call(method, *args, **opts)
-  opts ||= {}
   opts[:user] = LIVE_USER
   dbus_send(
     'im.pidgin.purple.PurpleService',
@@ -49,12 +48,16 @@ def pidgin_dbus_call(method, *args, **opts)
 end
 
 # ... unless we re-enable it!
-def pidgin_force_allowed_dbus_call(*args)
+def pidgin_force_allowed_dbus_call(method, *args, **opts)
+  opts[:user] = LIVE_USER
   policy_file = '/etc/dbus-1/session.d/im.pidgin.purple.PurpleService.conf'
   $vm.execute_successfully("mv #{policy_file} #{policy_file}.disabled")
-  pidgin_dbus_call(*args)
+  # From dbus-daemon(1): "Policy changes should take effect with SIGHUP"
+  $vm.execute_successfully("pkill -HUP -u #{opts[:user]} 'dbus-daemon'")
+  pidgin_dbus_call(method, *args, **opts)
 ensure
   $vm.execute_successfully("mv #{policy_file}.disabled #{policy_file}")
+  $vm.execute_successfully("pkill -HUP -u #{opts[:user]} 'dbus-daemon'")
 end
 
 def pidgin_account_connected?(account, prpl_protocol)

features/step_definitions/thunderbird.rb

@@ -29,7 +29,7 @@ When /^I start Thunderbird$/ do
     'pref("mail.compose.attachment_reminder", false);'
   ]
   workaround_pref_lines.each do |line|
-    $vm.file_append('/etc/thunderbird/pref/thunderbird.js ', line)
+    $vm.file_append('/etc/thunderbird/pref/thunderbird.js', line)
   end
   step 'I start "Thunderbird" via GNOME Activities Overview'
   try_for(60) { thunderbird_main }

features/step_definitions/unsafe_browser.rb

@@ -102,7 +102,11 @@ Then /^the Unsafe Browser has a red theme$/ do
 end
 
 Then /^the Unsafe Browser shows a warning as its start page$/ do
-  @screen.wait("UnsafeBrowserStartPage.png", 10)
+  @screen.wait("UnsafeBrowserStartPage.png", 30)
+end
+
+Then /^the Unsafe Browser has started$/ do
+  step 'the Unsafe Browser shows a warning as its start page'
 end
 
 Then /^I see a warning about another instance already running$/ do

features/support/config.rb

@@ -59,6 +59,8 @@ loop do
     break
   end
 end
+SIKULI_CANDIDATES_DIR = "#{ARTIFACTS_DIR}/sikuli_candidates"
+SIKULI_IMAGE_PATH = "#{Dir.pwd}/features/images/"
 
 # Constants that are statically initialized.
 CONFIGURED_KEYSERVER_HOSTNAME = 'jirk5u4osbsr34t5.onion'

features/support/helpers/remote_shell.rb

@@ -157,7 +157,7 @@ module RemoteShell
     end
 
     def read()
-      Base64.decode64(self.class.open