-
intrigeri authored
I've seen it fail with: And I accept adding "cowsay" to Additional Software # features/step_definitions/additional_software_packages.rb:68 02:10:40.714306961: Remote shell: calling as root: test -e '/live/persistence/TailsData_unlocked/live-additional-software.conf' 02:10:41.534017376: call returned: [0, "", ""] 02:10:41.534315412: Remote shell: calling as root: ls -1 -d /live/persistence/*_unlocked/ 02:10:41.870330265: call returned: [0, "/live/persistence/TailsData_unlocked/\n", ""] 02:10:41.870622831: Remote shell: calling as root: test -e /live/persistence/TailsData_unlocked//persistence.conf 02:10:42.061890291: call returned: [0, "", ""] 02:10:42.062127576: Remote shell: calling as root: tails-version 02:10:42.559974366: call returned: [0, "4.0~beta2 - 20190812\nf13ea3fd\nlive-build: 3.0.5+really+is+2.0.12-0.tails5\nlive-boot: 1:20170112\nlive-config: 5.20190519\n", ""] 02:10:42.560209029: Remote shell: calling as root: test -e /live/persistence/TailsData_unlocked//persistence.conf.bak 02:10:42.836461995: call returned: [0, "", ""] 02:10:42.836740590: Remote shell: calling as root: test ! -e /live/persistence/TailsData_unlocked//live-persistence.conf 02:10:43.115766459: call returned: [0, "", ""] 02:10:43.115995641: Remote shell: calling as root: ls -1 /live/persistence/TailsData_unlocked//persistence.conf* /live/persistence/TailsData_unlocked//live-*.conf 02:10:43.417454108: call returned: [0, "/live/persistence/TailsData_unlocked//live-additional-software.conf\n/live/persistence/TailsData_unlocked//persistence.conf\n/live/persistence/TailsData_unlocked//persistence.conf.bak\n", ""] 02:10:43.417665018: Remote shell: calling as root: stat -c %U '/live/persistence/TailsData_unlocked//live-additional-software.conf' 02:10:43.626864841: call returned: [0, "tails-persistence-setup\n", ""] 02:10:43.627060549: Remote shell: calling as root: stat -c %G '/live/persistence/TailsData_unlocked//live-additional-software.conf' 02:10:43.864667214: call returned: [0, "tails-persistence-setup\n", ""] 02:10:43.864916743: Remote shell: calling as root: stat -c %a '/live/persistence/TailsData_unlocked//live-additional-software.conf' 02:10:44.143865252: call returned: [0, "644\n", ""] 02:10:44.144191068: Remote shell: calling as root: stat -c %U '/live/persistence/TailsData_unlocked//persistence.conf' 02:10:44.571728279: call returned: [0, "tails-persistence-setup\n", ""] 02:10:44.572001142: Remote shell: calling as root: stat -c %G '/live/persistence/TailsData_unlocked//persistence.conf' 02:10:44.849157870: call returned: [0, "tails-persistence-setup\n", ""] 02:10:44.849391246: Remote shell: calling as root: stat -c %a '/live/persistence/TailsData_unlocked//persistence.conf' 02:10:45.330177056: call returned: [0, "644\n", ""] And Additional Software is correctly configured for package "cowsay" # features/step_definitions/additional_software_packages.rb:50 <"600"> expected but was <"644">. (Test::Unit::AssertionFailedError) ./features/step_definitions/usb.rb:558:in `block (3 levels) in <top (required)>' ./features/step_definitions/usb.rb:548:in `each' ./features/step_definitions/usb.rb:548:in `block (2 levels) in <top (required)>' ./features/step_definitions/usb.rb:537:in `/^all persistence configuration files have safe access rights$/' features/additional_software_packages.feature:75:in `And Additional Software is correctly configured for package "cowsay"' That's not surprising because: 1. The previous step is: I accept adding "cowsay" to Additional Software … and all it does is clicking on the "Install Every Time" button, which triggers tails-persistence-setup, but does not wait for it to finish its job. 2. The "save" method in Tails::Persistence::Configuration::ConfigFile does this: $self->config_file_path->spew($self->output); $self->config_file_path->chmod(0600); … so there's a short window, while (re)configuring a persistent volume, during which which persistence.conf has permissions 0644 instead of 0600. The documentation for the "spew" method in Path::Tiny explains that this surprising behaviour is actually a security feature: NOTE: because the file is written to a temporary file and then renamed, the new file will wind up with permissions based on your current umask. This is a feature to protect you from a race condition that would otherwise give different permissions than you might expect. If you really want to keep the original mode flags, use "append" with the "truncate" option. So, this step is racing against the very thing it's validating. Let's retry the checks to give tails-persistence-setup some more time to do its job, before we verify it has done so properly.
f80cf475