diff options
Diffstat (limited to 'features/step_definitions')
21 files changed, 2524 insertions, 0 deletions
diff --git a/features/step_definitions/apt.rb b/features/step_definitions/apt.rb new file mode 100644 index 00000000..a5492054 --- /dev/null +++ b/features/step_definitions/apt.rb @@ -0,0 +1,80 @@ +require 'uri' + +Given /^the only hosts in APT sources are "([^"]*)"$/ do |hosts_str| + next if @skip_steps_while_restoring_background + hosts = hosts_str.split(',') + @vm.file_content("/etc/apt/sources.list /etc/apt/sources.list.d/*").chomp.each_line { |line| + next if ! line.start_with? "deb" + source_host = URI(line.split[1]).host + if !hosts.include?(source_host) + raise "Bad APT source '#{line}'" + end + } +end + +When /^I update APT using apt-get$/ do + next if @skip_steps_while_restoring_background + Timeout::timeout(30*60) do + cmd = @vm.execute("echo #{@sudo_password} | " + + "sudo -S apt-get update", $live_user) + if !cmd.success? + STDERR.puts cmd.stderr + end + end +end + +Then /^I should be able to install a package using apt-get$/ do + next if @skip_steps_while_restoring_background + package = "cowsay" + Timeout::timeout(120) do + cmd = @vm.execute("echo #{@sudo_password} | " + + "sudo -S apt-get install #{package}", $live_user) + if !cmd.success? + STDERR.puts cmd.stderr + end + end + step "package \"#{package}\" is installed" +end + +When /^I update APT using Synaptic$/ do + next if @skip_steps_while_restoring_background + # Upon start the interface will be frozen while Synaptic loads the + # package list. Since the frozen GUI is so similar to the unfrozen + # one there's no easy way to reliably wait for the latter. Hence we + # spam reload until it's performed, which is easier to detect. + try_for(60, :msg => "Failed to reload the package list in Synaptic") { + @screen.type("r", Sikuli::KeyModifier.CTRL) + @screen.find('SynapticReloadPrompt.png') + } + @screen.waitVanish('SynapticReloadPrompt.png', 30*60) +end + +Then /^I should be able to install a package using Synaptic$/ do + next if @skip_steps_while_restoring_background + package = "cowsay" + # We do this after a Reload, so the interface will be frozen until + # the package list has been loaded + try_for(60, :msg => "Failed to open the Synaptic 'Find' window") { + @screen.type("f", Sikuli::KeyModifier.CTRL) # Find key + @screen.find('SynapticSearch.png') + } + @screen.type(package + Sikuli::Key.ENTER) + @screen.wait_and_click('SynapticCowsaySearchResult.png', 20) + sleep 5 + @screen.type("i", Sikuli::KeyModifier.CTRL) # Mark for installation + sleep 5 + @screen.type("p", Sikuli::KeyModifier.CTRL) # Apply + @screen.wait('SynapticApplyPrompt.png', 60) + @screen.type("a", Sikuli::KeyModifier.ALT) # Verify apply + @screen.wait('SynapticChangesAppliedPrompt.png', 120) + step "package \"#{package}\" is installed" +end + +When /^I start Synaptic$/ do + next if @skip_steps_while_restoring_background + @screen.wait_and_click("GnomeApplicationsMenu.png", 10) + @screen.wait_and_click("GnomeApplicationsSystem.png", 10) + @screen.wait_and_click("GnomeApplicationsAdministration.png", 10) + @screen.wait_and_click("GnomeApplicationsSynaptic.png", 20) + deal_with_polkit_prompt('SynapticPolicyKitAuthPrompt.png', @sudo_password) +end diff --git a/features/step_definitions/build.rb b/features/step_definitions/build.rb new file mode 100644 index 00000000..2e597a4d --- /dev/null +++ b/features/step_definitions/build.rb @@ -0,0 +1,71 @@ +Given /^Tails ([[:alnum:].]+) has been released$/ do |version| + create_git unless git_exists? + + fatal_system "git checkout --quiet stable" + old_entries = File.open('debian/changelog') { |f| f.read } + File.open('debian/changelog', 'w') do |changelog| + changelog.write(<<END_OF_CHANGELOG) +tails (#{version}) stable; urgency=low + + * New upstream release. + + -- Tails developers <tails@boum.org> Tue, 31 Jan 2012 15:12:57 +0100 + +#{old_entries} +END_OF_CHANGELOG + end + fatal_system "git commit --quiet debian/changelog -m 'Release #{version}'" + fatal_system "git tag '#{version}'" +end + +Given /^Tails ([[:alnum:].-]+) has been tagged$/ do |version| + fatal_system "git tag '#{version}'" +end + +Given /^Tails ([[:alnum:].]+) has not been released yet$/ do |version| + !File.exists? ".git/refs/tags/#{version}" +end + +Given /^last released version mentioned in debian\/changelog is ([[:alnum:]~.]+)$/ do |version| + last = `dpkg-parsechangelog | awk '/^Version: / { print $2 }'`.strip + raise StandardError.new('dpkg-parsechangelog failed.') if $? != 0 + + if last != version + fatal_system "debchange -v '#{version}' 'New upstream release'" + end +end + +Given %r{I am working on the ([[:alnum:]./_-]+) branch$} do |branch| + create_git unless git_exists? + + current_branch = `git branch | awk '/^\*/ { print $2 }'`.strip + raise StandardError.new('git-branch failed.') if $? != 0 + + if current_branch != branch + fatal_system "git checkout --quiet '#{branch}'" + end +end + +Given %r{I am working on the ([[:alnum:]./_-]+) branch based on ([[:alnum:]./_-]+)$} do |branch, base| + create_git unless git_exists? + + current_branch = `git branch | awk '/^\*/ { print $2 }'`.strip + raise StandardError.new('git-branch failed.') if $? != 0 + + if current_branch != branch + fatal_system "git checkout --quiet -b '#{branch}' '#{base}'" + end +end + +When /^I run ([[:alnum:]-]+)$/ do |command| + @output = `#{File.expand_path("../../../auto/scripts/#{command}", __FILE__)}` + raise StandardError.new("#{command} failed. Exit code: #{$?}") if $? != 0 +end + +Then /^I should see the ['"]?([[:alnum:].-]+)['"]? suite$/ do |suite| + @output.should have_suite(suite) +end + +Then /^I should not see the ['"]?([[:alnum:].-]+)['"]? suite$/ do |suite| + @output.should_not have_suite(suite) +end diff --git a/features/step_definitions/checks.rb b/features/step_definitions/checks.rb new file mode 100644 index 00000000..76cfe670 --- /dev/null +++ b/features/step_definitions/checks.rb @@ -0,0 +1,143 @@ +Then /^the shipped Tails signing key is not outdated$/ do + # "old" here is w.r.t. the one we fetch from Tails' website + next if @skip_steps_while_restoring_background + sig_key_fingerprint = "0D24B36AA9A2A651787876451202821CBE2CD9C1" + fresh_sig_key = "/tmp/tails-signing.key" + tmp_keyring = "/tmp/tmp-keyring.gpg" + key_url = "https://tails.boum.org/tails-signing.key" + @vm.execute("curl --silent --socks5-hostname localhost:9062 " + + "#{key_url} -o #{fresh_sig_key}", $live_user) + @vm.execute("gpg --batch --no-default-keyring --keyring #{tmp_keyring} " + + "--import #{fresh_sig_key}", $live_user) + fresh_sig_key_info = + @vm.execute("gpg --batch --no-default-keyring --keyring #{tmp_keyring} " + + "--list-key #{sig_key_fingerprint}", $live_user).stdout + shipped_sig_key_info = @vm.execute("gpg --batch --list-key #{sig_key_fingerprint}", + $live_user).stdout + assert_equal(fresh_sig_key_info, shipped_sig_key_info, + "The Tails signing key shipped inside Tails is outdated:\n" + + "Shipped key:\n" + + shipped_sig_key_info + + "Newly fetched key from #{key_url}:\n" + + fresh_sig_key_info) +end + +Then /^the live user has been setup by live\-boot$/ do + next if @skip_steps_while_restoring_background + assert(@vm.execute("test -e /var/lib/live/config/user-setup").success?, + "live-boot failed its user-setup") + actual_username = @vm.execute(". /etc/live/config/username.conf; " + + "echo $LIVE_USERNAME").stdout.chomp + assert_equal($live_user, actual_username) +end + +Then /^the live user is a member of only its own group and "(.*?)"$/ do |groups| + next if @skip_steps_while_restoring_background + expected_groups = groups.split(" ") << $live_user + actual_groups = @vm.execute("groups #{$live_user}").stdout.chomp.sub(/^#{$live_user} : /, "").split(" ") + unexpected = actual_groups - expected_groups + missing = expected_groups - actual_groups + assert_equal(0, unexpected.size, + "live user in unexpected groups #{unexpected}") + assert_equal(0, missing.size, + "live user not in expected groups #{missing}") +end + +Then /^the live user owns its home dir and it has normal permissions$/ do + next if @skip_steps_while_restoring_background + home = "/home/#{$live_user}" + assert(@vm.execute("test -d #{home}").success?, + "The live user's home doesn't exist or is not a directory") + owner = @vm.execute("stat -c %U:%G #{home}").stdout.chomp + perms = @vm.execute("stat -c %a #{home}").stdout.chomp + assert_equal("#{$live_user}:#{$live_user}", owner) + assert_equal("700", perms) +end + +Given /^I wait between (\d+) and (\d+) seconds$/ do |min, max| + next if @skip_steps_while_restoring_background + time = rand(max.to_i - min.to_i + 1) + min.to_i + puts "Slept for #{time} seconds" + sleep(time) +end + +Then /^no unexpected services are listening for network connections$/ do + next if @skip_steps_while_restoring_background + netstat_cmd = @vm.execute("netstat -ltupn") + assert netstat_cmd.success? + for line in netstat_cmd.stdout.chomp.split("\n") do + splitted = line.split(/[[:blank:]]+/) + proto = splitted[0] + if proto == "tcp" + proc_index = 6 + elsif proto == "udp" + proc_index = 5 + else + next + end + laddr, lport = splitted[3].split(":") + proc = splitted[proc_index].split("/")[1] + # Services listening on loopback is not a threat + if /127(\.[[:digit:]]{1,3}){3}/.match(laddr).nil? + if $services_expected_on_all_ifaces.include? [proc, laddr, lport] or + $services_expected_on_all_ifaces.include? [proc, laddr, "*"] + puts "Service '#{proc}' is listening on #{laddr}:#{lport} " + + "but has an exception" + else + raise "Unexpected service '#{proc}' listening on #{laddr}:#{lport}" + end + end + end +end + +When /^Tails has booted a 64-bit kernel$/ do + next if @skip_steps_while_restoring_background + assert(@vm.execute("uname -r | grep -qs 'amd64$'").success?, + "Tails has not booted a 64-bit kernel.") +end + +Then /^the VirtualBox guest modules are available$/ do + next if @skip_steps_while_restoring_background + assert(@vm.execute("modinfo vboxguest").success?, + "The vboxguest module is not available.") +end + +def shared_pdf_dir_on_guest + "/tmp/shared_pdf_dir" +end + +Given /^I setup a filesystem share containing a sample PDF$/ do + next if @skip_steps_while_restoring_background + @vm.add_share($misc_files_dir, shared_pdf_dir_on_guest) +end + +Then /^MAT can clean some sample PDF file$/ do + next if @skip_steps_while_restoring_background + for pdf_on_host in Dir.glob("#{$misc_files_dir}/*.pdf") do + pdf_name = File.basename(pdf_on_host) + pdf_on_guest = "/home/#{$live_user}/#{pdf_name}" + step "I copy \"#{shared_pdf_dir_on_guest}/#{pdf_name}\" to \"#{pdf_on_guest}\" as user \"#{$live_user}\"" + @vm.execute("mat --display '#{pdf_on_guest}'", + $live_user).stdout + check_before = @vm.execute("mat --check '#{pdf_on_guest}'", + $live_user).stdout + if check_before.include?("#{pdf_on_guest} is clean") + STDERR.puts "warning: '#{pdf_on_host}' is already clean so it is a " + + "bad candidate for testing MAT" + end + @vm.execute("mat '#{pdf_on_guest}'", $live_user) + check_after = @vm.execute("mat --check '#{pdf_on_guest}'", + $live_user).stdout + assert(check_after.include?("#{pdf_on_guest} is clean"), + "MAT failed to clean '#{pdf_on_host}'") + end +end + +Then /^AppArmor is enabled$/ do + assert(@vm.execute("aa-status").success?, "AppArmor is not enabled") +end + +Then /^some AppArmor profiles are enforced$/ do + assert(@vm.execute("aa-status --enforced").stdout.chomp.to_i > 0, + "No AppArmor profile is enforced") +end diff --git a/features/step_definitions/common_steps.rb b/features/step_definitions/common_steps.rb new file mode 100644 index 00000000..532aa4fd --- /dev/null +++ b/features/step_definitions/common_steps.rb @@ -0,0 +1,687 @@ +require 'fileutils' + +def post_vm_start_hook + # Sometimes the first click is lost (presumably it's used to give + # focus to virt-viewer or similar) so we do that now rather than + # having an important click lost. The point we click should be + # somewhere where no clickable elements generally reside. + @screen.click_point(@screen.w, @screen.h/2) +end + +def activate_filesystem_shares + # XXX-9p: First of all, filesystem shares cannot be mounted while we + # do a snapshot save+restore, so unmounting+remounting them seems + # like a good idea. However, the 9p modules get into a broken state + # during the save+restore, so we also would like to unload+reload + # them, but loading of 9pnet_virtio fails after a restore with + # "probe of virtio2 failed with error -2" (in dmesg) which makes the + # shares unavailable. Hence we leave this code commented for now. + #for mod in ["9pnet_virtio", "9p"] do + # @vm.execute("modprobe #{mod}") + #end + + @vm.list_shares.each do |share| + @vm.execute("mkdir -p #{share}") + @vm.execute("mount -t 9p -o trans=virtio #{share} #{share}") + end +end + +def deactivate_filesystem_shares + @vm.list_shares.each do |share| + @vm.execute("umount #{share}") + end + + # XXX-9p: See XXX-9p above + #for mod in ["9p", "9pnet_virtio"] do + # @vm.execute("modprobe -r #{mod}") + #end +end + +def restore_background + @vm.restore_snapshot($background_snapshot) + @vm.wait_until_remote_shell_is_up + post_vm_start_hook + + # XXX-9p: See XXX-9p above + #activate_filesystem_shares + + # The guest's Tor's circuits' states are likely to get out of sync + # with the other relays, so we ensure that we have fresh circuits. + # Time jumps and incorrect clocks also confuses Tor in many ways. + if @vm.has_network? + if @vm.execute("service tor status").success? + @vm.execute("service tor stop") + @vm.execute("rm -f /var/log/tor/log") + @vm.execute("killall vidalia") + @vm.host_to_guest_time_sync + @vm.execute("service tor start") + wait_until_tor_is_working + @vm.spawn("/usr/local/sbin/restart-vidalia") + end + end +end + +Given /^a computer$/ do + @vm.destroy if @vm + @vm = VM.new($vm_xml_path, $x_display) +end + +Given /^the computer has (\d+) ([[:alpha:]]+) of RAM$/ do |size, unit| + next if @skip_steps_while_restoring_background + @vm.set_ram_size(size, unit) +end + +Given /^the computer is set to boot from the Tails DVD$/ do + next if @skip_steps_while_restoring_background + @vm.set_cdrom_boot($tails_iso) +end + +Given /^the computer is set to boot from (.+?) drive "(.+?)"$/ do |type, name| + next if @skip_steps_while_restoring_background + @vm.set_disk_boot(name, type.downcase) +end + +Given /^I plug ([[:alpha:]]+) drive "([^"]+)"$/ do |bus, name| + next if @skip_steps_while_restoring_background + @vm.plug_drive(name, bus.downcase) + if @vm.is_running? + step "drive \"#{name}\" is detected by Tails" + end +end + +Then /^drive "([^"]+)" is detected by Tails$/ do |name| + next if @skip_steps_while_restoring_background + if @vm.is_running? + try_for(10, :msg => "Drive '#{name}' is not detected by Tails") { + @vm.disk_detected?(name) + } + else + STDERR.puts "Cannot tell if drive '#{name}' is detected by Tails: " + + "Tails is not running" + end +end + +Given /^the network is plugged$/ do + next if @skip_steps_while_restoring_background + @vm.plug_network +end + +Given /^the network is unplugged$/ do + next if @skip_steps_while_restoring_background + @vm.unplug_network +end + +Given /^I capture all network traffic$/ do + # Note: We don't want skip this particular stpe if + # @skip_steps_while_restoring_background is set since it starts + # something external to the VM state. + @sniffer = Sniffer.new("TestSniffer", @vm.net.bridge_name) + @sniffer.capture +end + +Given /^I set Tails to boot with options "([^"]*)"$/ do |options| + next if @skip_steps_while_restoring_background + @boot_options = options +end + +When /^I start the computer$/ do + next if @skip_steps_while_restoring_background + assert(!@vm.is_running?, + "Trying to start a VM that is already running") + @vm.start + post_vm_start_hook +end + +Given /^I start Tails from DVD(| with network unplugged) and I login$/ do |network_unplugged| + # we don't @skip_steps_while_restoring_background as we're only running + # other steps, that are taking care of it *if* they have to + step "the computer is set to boot from the Tails DVD" + if network_unplugged.empty? + step "the network is plugged" + else + step "the network is unplugged" + end + step "I start the computer" + step "the computer boots Tails" + step "I log in to a new session" + step "Tails seems to have booted normally" + if network_unplugged.empty? + step "Tor is ready" + step "all notifications have disappeared" + step "available upgrades have been checked" + else + step "all notifications have disappeared" + end +end + +Given /^I start Tails from (.+?) drive "(.+?)"(| with network unplugged) and I login(| with(| read-only) persistence password "([^"]+)")$/ do |drive_type, drive_name, network_unplugged, persistence_on, persistence_ro, persistence_pwd| + # we don't @skip_steps_while_restoring_background as we're only running + # other steps, that are taking care of it *if* they have to + step "the computer is set to boot from #{drive_type} drive \"#{drive_name}\"" + if network_unplugged.empty? + step "the network is plugged" + else + step "the network is unplugged" + end + step "I start the computer" + step "the computer boots Tails" + if ! persistence_on.empty? + assert(! persistence_pwd.empty?, "A password must be provided when enabling persistence") + if persistence_ro.empty? + step "I enable persistence with password \"#{persistence_pwd}\"" + else + step "I enable read-only persistence with password \"#{persistence_pwd}\"" + end + end + step "I log in to a new session" + step "Tails seems to have booted normally" + if network_unplugged.empty? + step "Tor is ready" + step "all notifications have disappeared" + step "available upgrades have been checked" + else + step "all notifications have disappeared" + end +end + +When /^I power off the computer$/ do + next if @skip_steps_while_restoring_background + assert(@vm.is_running?, + "Trying to power off an already powered off VM") + @vm.power_off +end + +When /^I cold reboot the computer$/ do + next if @skip_steps_while_restoring_background + step "I power off the computer" + step "I start the computer" +end + +When /^I destroy the computer$/ do + next if @skip_steps_while_restoring_background + @vm.destroy +end + +Given /^the computer (re)?boots Tails$/ do |reboot| + next if @skip_steps_while_restoring_background + + case @os_loader + when "UEFI" + assert(!reboot, "Testing of reboot with UEFI enabled is not implemented") + bootsplash = 'TailsBootSplashUEFI.png' + bootsplash_tab_msg = 'TailsBootSplashTabMsgUEFI.png' + boot_timeout = 30 + else + if reboot + bootsplash = 'TailsBootSplashPostReset.png' + bootsplash_tab_msg = 'TailsBootSplashTabMsgPostReset.png' + boot_timeout = 120 + else + bootsplash = 'TailsBootSplash.png' + bootsplash_tab_msg = 'TailsBootSplashTabMsg.png' + boot_timeout = 30 + end + end + + @screen.wait(bootsplash, boot_timeout) + @screen.wait(bootsplash_tab_msg, 10) + @screen.type(Sikuli::Key.TAB) + @screen.waitVanish(bootsplash_tab_msg, 1) + + @screen.type(" autotest_never_use_this_option #{@boot_options}" + + Sikuli::Key.ENTER) + @screen.wait('TailsGreeter.png', 30*60) + @vm.wait_until_remote_shell_is_up + activate_filesystem_shares +end + +Given /^I log in to a new session$/ do + next if @skip_steps_while_restoring_background + @screen.wait_and_click('TailsGreeterLoginButton.png', 10) +end + +Given /^I enable more Tails Greeter options$/ do + next if @skip_steps_while_restoring_background + match = @screen.find('TailsGreeterMoreOptions.png') + @screen.click(match.getCenter.offset(match.w/2, match.h*2)) + @screen.wait_and_click('TailsGreeterForward.png', 10) + @screen.wait('TailsGreeterLoginButton.png', 20) +end + +Given /^I set sudo password "([^"]*)"$/ do |password| + @sudo_password = password + next if @skip_steps_while_restoring_background + @screen.wait("TailsGreeterAdminPassword.png", 20) + @screen.type(@sudo_password) + @screen.type(Sikuli::Key.TAB) + @screen.type(@sudo_password) +end + +Given /^Tails Greeter has dealt with the sudo password$/ do + next if @skip_steps_while_restoring_background + f1 = "/etc/sudoers.d/tails-greeter" + f2 = "#{f1}-no-password-lecture" + try_for(20) { + @vm.execute("test -e '#{f1}' -o -e '#{f2}'").success? + } +end + +Given /^GNOME has started$/ do + next if @skip_steps_while_restoring_background + case @theme + when "windows" + desktop_started_picture = 'WindowsStartButton.png' + else + desktop_started_picture = 'GnomeApplicationsMenu.png' + end + @screen.wait(desktop_started_picture, 180) +end + +Then /^Tails seems to have booted normally$/ do + next if @skip_steps_while_restoring_background + step "GNOME has started" +end + +Given /^Tor is ready$/ do + next if @skip_steps_while_restoring_background + @screen.wait("GnomeTorIsReady.png", 300) + @screen.waitVanish("GnomeTorIsReady.png", 15) + + # Having seen the "Tor is ready" notification implies that Tor has + # built a circuit, but let's check it directly to be on the safe side. + step "Tor has built a circuit" + + step "the time has synced" +end + +Given /^Tor has built a circuit$/ do + next if @skip_steps_while_restoring_background + wait_until_tor_is_working +end + +Given /^the time has synced$/ do + next if @skip_steps_while_restoring_background + ["/var/run/tordate/done", "/var/run/htpdate/success"].each do |file| + try_for(300) { @vm.execute("test -e #{file}").success? } + end +end + +Given /^available upgrades have been checked$/ do + next if @skip_steps_while_restoring_background + try_for(300) { + @vm.execute("test -e '/var/run/tails-upgrader/checked_upgrades'").success? + } +end + +Given /^the Tor Browser has started$/ do + next if @skip_steps_while_restoring_background + case @theme + when "windows" + tor_browser_picture = "WindowsTorBrowserWindow.png" + else + tor_browser_picture = "TorBrowserWindow.png" + end + + @screen.wait(tor_browser_picture, 60) +end + +Given /^the Tor Browser has started and loaded the startup page$/ do + next if @skip_steps_while_restoring_background + step "the Tor Browser has started" + @screen.wait("TorBrowserStartupPage.png", 120) +end + +Given /^the Tor Browser has started in offline mode$/ do + next if @skip_steps_while_restoring_background + @screen.wait("TorBrowserOffline.png", 60) +end + +Given /^I add a bookmark to eff.org in the Tor Browser$/ do + next if @skip_steps_while_restoring_background + url = "https://www.eff.org" + step "I open the address \"#{url}\" in the Tor Browser" + @screen.wait("TorBrowserOffline.png", 5) + @screen.type("d", Sikuli::KeyModifier.CTRL) + @screen.wait("TorBrowserBookmarkPrompt.png", 10) + @screen.type(url + Sikuli::Key.ENTER) +end + +Given /^the Tor Browser has a bookmark to eff.org$/ do + next if @skip_steps_while_restoring_background + @screen.type("b", Sikuli::KeyModifier.ALT) + @screen.wait("TorBrowserEFFBookmark.png", 10) +end + +Given /^all notifications have disappeared$/ do + next if @skip_steps_while_restoring_background + case @theme + when "windows" + notification_picture = "WindowsNotificationX.png" + else + notification_picture = "GnomeNotificationX.png" + end + @screen.waitVanish(notification_picture, 60) +end + +Given /^I save the state so the background can be restored next scenario$/ do + if @skip_steps_while_restoring_background + assert(File.size?($background_snapshot), + "We have been skipping steps but there is no snapshot to restore") + else + # To be sure we run the feature from scratch we remove any + # leftover snapshot that wasn't removed. + if File.exist?($background_snapshot) + File.delete($background_snapshot) + end + # Workaround: when libvirt takes ownership of the snapshot it may + # become unwritable for the user running this script so it cannot + # be removed during clean up. + FileUtils.touch($background_snapshot) + FileUtils.chmod(0666, $background_snapshot) + + # Snapshots cannot be saved while filesystem shares are mounted + # XXX-9p: See XXX-9p above. + #deactivate_filesystem_shares + + @vm.save_snapshot($background_snapshot) + end + restore_background + # Now we stop skipping steps from the snapshot restore. + @skip_steps_while_restoring_background = false +end + +Then /^I see "([^"]*)" after at most (\d+) seconds$/ do |image, time| + next if @skip_steps_while_restoring_background + @screen.wait(image, time.to_i) +end + +Then /^all Internet traffic has only flowed through Tor$/ do + next if @skip_steps_while_restoring_background + leaks = FirewallLeakCheck.new(@sniffer.pcap_file, get_tor_relays) + if !leaks.empty? + if !leaks.ipv4_tcp_leaks.empty? + puts "The following IPv4 TCP non-Tor Internet hosts were contacted:" + puts leaks.ipv4_tcp_leaks.join("\n") + puts + end + if !leaks.ipv4_nontcp_leaks.empty? + puts "The following IPv4 non-TCP Internet hosts were contacted:" + puts leaks.ipv4_nontcp_leaks.join("\n") + puts + end + if !leaks.ipv6_leaks.empty? + puts "The following IPv6 Internet hosts were contacted:" + puts leaks.ipv6_leaks.join("\n") + puts + end + if !leaks.nonip_leaks.empty? + puts "Some non-IP packets were sent\n" + end + save_pcap_file + raise "There were network leaks!" + end +end + +Given /^I enter the sudo password in the gksu prompt$/ do + next if @skip_steps_while_restoring_background + @screen.wait('GksuAuthPrompt.png', 60) + sleep 1 # wait for weird fade-in to unblock the "Ok" button + @screen.type(@sudo_password) + @screen.type(Sikuli::Key.ENTER) + @screen.waitVanish('GksuAuthPrompt.png', 10) +end + +Given /^I enter the sudo password in the pkexec prompt$/ do + next if @skip_steps_while_restoring_background + step "I enter the \"#{@sudo_password}\" password in the pkexec prompt" +end + +def deal_with_polkit_prompt (image, password) + @screen.wait(image, 60) + sleep 1 # wait for weird fade-in to unblock the "Ok" button + @screen.type(password) + @screen.type(Sikuli::Key.ENTER) + @screen.waitVanish(image, 10) +end + +Given /^I enter the "([^"]*)" password in the pkexec prompt$/ do |password| + next if @skip_steps_while_restoring_background + deal_with_polkit_prompt('PolicyKitAuthPrompt.png', password) +end + +Given /^process "([^"]+)" is running$/ do |process| + next if @skip_steps_while_restoring_background + assert(@vm.has_process?(process), + "Process '#{process}' is not running") +end + +Given /^process "([^"]+)" is running within (\d+) seconds$/ do |process, time| + next if @skip_steps_while_restoring_background + try_for(time.to_i, :msg => "Process '#{process}' is not running after " + + "waiting for #{time} seconds") do + @vm.has_process?(process) + end +end + +Given /^process "([^"]+)" is not running$/ do |process| + next if @skip_steps_while_restoring_background + assert(!@vm.has_process?(process), + "Process '#{process}' is running") +end + +Given /^I kill the process "([^"]+)"$/ do |process| + next if @skip_steps_while_restoring_background + @vm.execute("killall #{process}") + try_for(10, :msg => "Process '#{process}' could not be killed") { + !@vm.has_process?(process) + } +end + +Then /^Tails eventually shuts down$/ do + next if @skip_steps_while_restoring_background + nr_gibs_of_ram = (detected_ram_in_MiB.to_f/(2**10)).ceil + timeout = nr_gibs_of_ram*5*60 + try_for(timeout, :msg => "VM is still running after #{timeout} seconds") do + ! @vm.is_running? + end +end + +Then /^Tails eventually restarts$/ do + next if @skip_steps_while_restoring_background + nr_gibs_of_ram = (detected_ram_in_MiB.to_f/(2**10)).ceil + @screen.wait('TailsBootSplashPostReset.png', nr_gibs_of_ram*5*60) +end + +Given /^I shutdown Tails and wait for the computer to power off$/ do + next if @skip_steps_while_restoring_background + @vm.execute("poweroff") + step 'Tails eventually shuts down' +end + +When /^I request a shutdown using the emergency shutdown applet$/ do + next if @skip_steps_while_restoring_background + @screen.hide_cursor + @screen.wait_and_click('TailsEmergencyShutdownButton.png', 10) + @screen.hide_cursor + @screen.wait_and_click('TailsEmergencyShutdownHalt.png', 10) +end + +When /^I warm reboot the computer$/ do + next if @skip_steps_while_restoring_background + @vm.execute("reboot") +end + +When /^I request a reboot using the emergency shutdown applet$/ do + next if @skip_steps_while_restoring_background + @screen.hide_cursor + @screen.wait_and_click('TailsEmergencyShutdownButton.png', 10) + @screen.hide_cursor + @screen.wait_and_click('TailsEmergencyShutdownReboot.png', 10) +end + +Given /^package "([^"]+)" is installed$/ do |package| + next if @skip_steps_while_restoring_background + assert(@vm.execute("dpkg -s '#{package}' 2>/dev/null | grep -qs '^Status:.*installed$'").success?, + "Package '#{package}' is not installed") +end + +When /^I start the Tor Browser$/ do + next if @skip_steps_while_restoring_background + case @theme + when "windows" + step 'I click the start menu' + @screen.wait_and_click("WindowsApplicationsInternet.png", 10) + @screen.wait_and_click("WindowsApplicationsTorBrowser.png", 10) + else + @screen.wait_and_click("GnomeApplicationsMenu.png", 10) + @screen.wait_and_click("GnomeApplicationsInternet.png", 10) + @screen.wait_and_click("GnomeApplicationsTorBrowser.png", 10) + end +end + +When /^I start the Tor Browser in offline mode$/ do + next if @skip_steps_while_restoring_background + step "I start the Tor Browser" + case @theme + when "windows" + @screen.wait_and_click("WindowsTorBrowserOfflinePrompt.png", 10) + @screen.click("WindowsTorBrowserOfflinePromptStart.png") + else + @screen.wait_and_click("TorBrowserOfflinePrompt.png", 10) + @screen.click("TorBrowserOfflinePromptStart.png") + end +end + +def xul_app_shared_lib_check(pid, chroot) + expected_absent_tbb_libs = ['libnssdbm3.so'] + absent_tbb_libs = [] + unwanted_native_libs = [] + tbb_libs = @vm.execute_successfully( + ". /usr/local/lib/tails-shell-library/tor-browser.sh; " + + "ls -1 #{chroot}${TBB_INSTALL}/Browser/*.so" + ).stdout.split + firefox_pmap_info = @vm.execute("pmap #{pid}").stdout + for lib in tbb_libs do + lib_name = File.basename lib + if not /\W#{lib}$/.match firefox_pmap_info + absent_tbb_libs << lib_name + end + native_libs = @vm.execute_successfully( + "find /usr/lib /lib -name \"#{lib_name}\"" + ).stdout.split + for native_lib in native_libs do + if /\W#{native_lib}$"/.match firefox_pmap_info + unwanted_native_libs << lib_name + end + end + end + absent_tbb_libs -= expected_absent_tbb_libs + assert(absent_tbb_libs.empty? && unwanted_native_libs.empty?, + "The loaded shared libraries for the firefox process are not the " + + "way we expect them.\n" + + "Expected TBB libs that are absent: #{absent_tbb_libs}\n" + + "Native libs that we don't want: #{unwanted_native_libs}") +end + +Then /^(.*) uses all expected TBB shared libraries$/ do |application| + next if @skip_steps_while_restoring_background + binary = @vm.execute_successfully( + '. /usr/local/lib/tails-shell-library/tor-browser.sh; ' + + 'echo ${TBB_INSTALL}/Browser/firefox' + ).stdout.chomp + case application + when "the Tor Browser" + user = $live_user + cmd_regex = "#{binary} .* -profile /home/#{user}/\.tor-browser/profile\.default" + chroot = "" + when "the Unsafe Browser" + user = "clearnet" + cmd_regex = "#{binary} .* -profile /home/#{user}/\.tor-browser/profile\.default" + chroot = "/var/lib/unsafe-browser/chroot" + when "Tor Launcher" + user = "tor-launcher" + cmd_regex = "#{binary} -app /home/#{user}/\.tor-launcher/tor-launcher-standalone/application\.ini" + chroot = "" + else + raise "Invalid browser or XUL application: #{application}" + end + pid = @vm.execute_successfully("pgrep --uid #{user} --full --exact '#{cmd_regex}'").stdout.chomp + assert(/\A\d+\z/.match(pid), "It seems like #{application} is not running") + xul_app_shared_lib_check(pid, chroot) +end + +Given /^I add a wired DHCP NetworkManager connection called "([^"]+)"$/ do |con_name| + next if @skip_steps_while_restoring_background + con_content = <<EOF +[802-3-ethernet] +duplex=full + +[connection] +id=#{con_name} +uuid=bbc60668-1be0-11e4-a9c6-2f1ce0e75bf1 +type=802-3-ethernet +timestamp=1395406011 + +[ipv6] +method=auto + +[ipv4] +method=auto +EOF + con_content.split("\n").each do |line| + @vm.execute("echo '#{line}' >> /tmp/NM.#{con_name}") + end + @vm.execute("install -m 0600 '/tmp/NM.#{con_name}' '/etc/NetworkManager/system-connections/#{con_name}'") + try_for(10) { + nm_con_list = @vm.execute("nmcli --terse --fields NAME con list").stdout + nm_con_list.split("\n").include? "#{con_name}" + } +end + +Given /^I switch to the "([^"]+)" NetworkManager connection$/ do |con_name| + next if @skip_steps_while_restoring_background + @vm.execute("nmcli con up id #{con_name}") + try_for(60) { + @vm.execute("nmcli --terse --fields NAME,STATE con status").stdout.chomp == "#{con_name}:activated" + } +end + +When /^I start and focus GNOME Terminal$/ do + next if @skip_steps_while_restoring_background + @screen.wait_and_click("GnomeApplicationsMenu.png", 10) + @screen.wait_and_click("GnomeApplicationsAccessories.png", 10) + @screen.wait_and_click("GnomeApplicationsTerminal.png", 20) + @screen.wait_and_click('GnomeTerminalWindow.png', 20) +end + +When /^I run "([^"]+)" in GNOME Terminal$/ do |command| + next if @skip_steps_while_restoring_background + step "I start and focus GNOME Terminal" + @screen.type(command + Sikuli::Key.ENTER) +end + +When /^the file "([^"]+)" exists$/ do |file| + next if @skip_steps_while_restoring_background + assert(@vm.file_exist?(file)) +end + +When /^I copy "([^"]+)" to "([^"]+)" as user "([^"]+)"$/ do |source, destination, user| + next if @skip_steps_while_restoring_background + c = @vm.execute("cp \"#{source}\" \"#{destination}\"", $live_user) + assert(c.success?, "Failed to copy file:\n#{c.stdout}\n#{c.stderr}") +end + +Given /^the USB drive "([^"]+)" contains Tails with persistence configured and password "([^"]+)"$/ do |drive, password| + step "a computer" + step "I start Tails from DVD with network unplugged and I login" + step "I create a new 4 GiB USB drive named \"#{drive}\"" + step "I plug USB drive \"#{drive}\"" + step "I \"Clone & Install\" Tails to USB drive \"#{drive}\"" + step "there is no persistence partition on USB drive \"#{drive}\"" + step "I shutdown Tails and wait for the computer to power off" + step "a computer" + step "I start Tails from USB drive \"#{drive}\" with network unplugged and I login" + step "I create a persistent partition with password \"#{password}\"" + step "a Tails persistence partition with password \"#{password}\" exists on USB drive \"#{drive}\"" + step "I shutdown Tails and wait for the computer to power off" +end diff --git a/features/step_definitions/dhcp.rb b/features/step_definitions/dhcp.rb new file mode 100644 index 00000000..78ee8f2d --- /dev/null +++ b/features/step_definitions/dhcp.rb @@ -0,0 +1,20 @@ +Then /^the hostname should not have been leaked on the network$/ do + next if @skip_steps_while_restoring_background + hostname = @vm.execute("hostname").stdout.chomp + packets = PacketFu::PcapFile.new.file_to_array(:filename => @sniffer.pcap_file) + packets.each do |p| + # if PacketFu::TCPPacket.can_parse?(p) + # ipv4_tcp_packets << PacketFu::TCPPacket.parse(p) + if PacketFu::IPPacket.can_parse?(p) + payload = PacketFu::IPPacket.parse(p).payload + elsif PacketFu::IPv6Packet.can_parse?(p) + payload = PacketFu::IPv6Packet.parse(p).payload + else + save_pcap_file + raise "Found something in the pcap file that either is non-IP, or cannot be parsed" + end + if payload.match(hostname) + raise "Hostname leak detected" + end + end +end diff --git a/features/step_definitions/encryption.rb b/features/step_definitions/encryption.rb new file mode 100644 index 00000000..404890ae --- /dev/null +++ b/features/step_definitions/encryption.rb @@ -0,0 +1,139 @@ +Given /^I generate an OpenPGP key named "([^"]+)" with password "([^"]+)"$/ do |name, pwd| + @passphrase = pwd + @key_name = name + next if @skip_steps_while_restoring_background + gpg_key_recipie = <<EOF + Key-Type: RSA + Key-Length: 4096 + Subkey-Type: RSA + Subkey-Length: 4096 + Name-Real: #{@key_name} + Name-Comment: Blah + Name-Email: #{@key_name}@test.org + Expire-Date: 0 + Passphrase: #{pwd} + %commit +EOF + gpg_key_recipie.split("\n").each do |line| + @vm.execute("echo '#{line}' >> /tmp/gpg_key_recipie", $live_user) + end + c = @vm.execute("gpg --batch --gen-key < /tmp/gpg_key_recipie", $live_user) + assert(c.success?, "Failed to generate OpenPGP key:\n#{c.stderr}") +end + +When /^I type a message into gedit$/ do + next if @skip_steps_while_restoring_background + @screen.wait_and_click("GnomeApplicationsMenu.png", 10) + @screen.wait_and_click("GnomeApplicationsAccessories.png", 10) + @screen.wait_and_click("GnomeApplicationsGedit.png", 20) + @screen.wait_and_click("GeditWindow.png", 10) + sleep 0.5 + @screen.type("ATTACK AT DAWN") +end + +def maybe_deal_with_pinentry + begin + @screen.wait_and_click("PinEntryPrompt.png", 3) + sleep 1 + @screen.type(@passphrase + Sikuli::Key.ENTER) + rescue FindFailed + # The passphrase was cached or we wasn't prompted at all (e.g. when + # only encrypting to a public key) + end +end + +def encrypt_sign_helper + @screen.wait_and_click("GeditWindow.png", 10) + @screen.type("a", Sikuli::KeyModifier.CTRL) + sleep 0.5 + @screen.click("GpgAppletIconNormal.png") + sleep 2 + @screen.type("k") + @screen.wait_and_click("GpgAppletChooseKeyWindow.png", 30) + sleep 0.5 + yield + maybe_deal_with_pinentry + @screen.wait_and_click("GeditWindow.png", 10) + sleep 0.5 + @screen.type("n", Sikuli::KeyModifier.CTRL) + sleep 0.5 + @screen.type("v", Sikuli::KeyModifier.CTRL) +end + +def decrypt_verify_helper(icon) + @screen.wait_and_click("GeditWindow.png", 10) + @screen.type("a", Sikuli::KeyModifier.CTRL) + sleep 0.5 + @screen.click(icon) + sleep 2 + @screen.type("d") + maybe_deal_with_pinentry + @screen.wait("GpgAppletResults.png", 10) + @screen.wait("GpgAppletResultsMsg.png", 10) +end + +When /^I encrypt the message using my OpenPGP key$/ do + next if @skip_steps_while_restoring_background + encrypt_sign_helper do + @screen.type(@key_name + Sikuli::Key.ENTER + Sikuli::Key.ENTER) + end +end + +Then /^I can decrypt the encrypted message$/ do + next if @skip_steps_while_restoring_background + decrypt_verify_helper("GpgAppletIconEncrypted.png") + @screen.wait("GpgAppletResultsEncrypted.png", 10) +end + +When /^I sign the message using my OpenPGP key$/ do + next if @skip_steps_while_restoring_background + encrypt_sign_helper do + @screen.type(Sikuli::Key.TAB + Sikuli::Key.DOWN + Sikuli::Key.ENTER) + @screen.wait("PinEntryPrompt.png", 10) + @screen.type(@passphrase + Sikuli::Key.ENTER) + end +end + +Then /^I can verify the message's signature$/ do + next if @skip_steps_while_restoring_background + decrypt_verify_helper("GpgAppletIconSigned.png") + @screen.wait("GpgAppletResultsSigned.png", 10) +end + +When /^I both encrypt and sign the message using my OpenPGP key$/ do + next if @skip_steps_while_restoring_background + encrypt_sign_helper do + @screen.type(@key_name + Sikuli::Key.ENTER) + @screen.type(Sikuli::Key.TAB + Sikuli::Key.DOWN + Sikuli::Key.ENTER) + @screen.wait("PinEntryPrompt.png", 10) + @screen.type(@passphrase + Sikuli::Key.ENTER) + end +end + +Then /^I can decrypt and verify the encrypted message$/ do + next if @skip_steps_while_restoring_background + decrypt_verify_helper("GpgAppletIconEncrypted.png") + @screen.wait("GpgAppletResultsEncrypted.png", 10) + @screen.wait("GpgAppletResultsSigned.png", 10) +end + +When /^I symmetrically encrypt the message with password "([^"]+)"$/ do |pwd| + @passphrase = pwd + next if @skip_steps_while_restoring_background + @screen.wait_and_click("GeditWindow.png", 10) + @screen.type("a", Sikuli::KeyModifier.CTRL) + sleep 0.5 + @screen.click("GpgAppletIconNormal.png") + sleep 2 + @screen.type("p") + @screen.wait("PinEntryPrompt.png", 10) + @screen.type(@passphrase + Sikuli::Key.ENTER) + sleep 1 + @screen.wait("PinEntryPrompt.png", 10) + @screen.type(@passphrase + Sikuli::Key.ENTER) + @screen.wait_and_click("GeditWindow.png", 10) + sleep 0.5 + @screen.type("n", Sikuli::KeyModifier.CTRL) + sleep 0.5 + @screen.type("v", Sikuli::KeyModifier.CTRL) +end diff --git a/features/step_definitions/erase_memory.rb b/features/step_definitions/erase_memory.rb new file mode 100644 index 00000000..171f997c --- /dev/null +++ b/features/step_definitions/erase_memory.rb @@ -0,0 +1,172 @@ +Given /^the computer is a modern 64-bit system$/ do + next if @skip_steps_while_restoring_background + @vm.set_arch("x86_64") + @vm.drop_hypervisor_feature("nonpae") + @vm.add_hypervisor_feature("pae") +end + +Given /^the computer is an old pentium without the PAE extension$/ do + next if @skip_steps_while_restoring_background + @vm.set_arch("i686") + @vm.drop_hypervisor_feature("pae") + # libvirt claim the following feature doesn't exit even though + # it's listed in the hvm i686 capabilities... +# @vm.add_hypervisor_feature("nonpae") + # ... so we use a workaround until we can figure this one out. + @vm.disable_pae_workaround +end + +def which_kernel + kernel_path = @vm.execute("/usr/local/bin/tails-get-bootinfo kernel").stdout.chomp + return File.basename(kernel_path) +end + +Given /^the PAE kernel is running$/ do + next if @skip_steps_while_restoring_background + kernel = which_kernel + assert_equal("vmlinuz2", kernel) +end + +Given /^the non-PAE kernel is running$/ do + next if @skip_steps_while_restoring_background + kernel = which_kernel + assert_equal("vmlinuz", kernel) +end + +def used_ram_in_MiB + return @vm.execute("free -m | awk '/^-\\/\\+ buffers\\/cache:/ { print $3 }'").stdout.chomp.to_i +end + +def detected_ram_in_MiB + return @vm.execute("free -m | awk '/^Mem:/ { print $2 }'").stdout.chomp.to_i +end + +Given /^at least (\d+) ([[:alpha:]]+) of RAM was detected$/ do |min_ram, unit| + @detected_ram_m = detected_ram_in_MiB + next if @skip_steps_while_restoring_background + puts "Detected #{@detected_ram_m} MiB of RAM" + min_ram_m = convert_to_MiB(min_ram.to_i, unit) + # All RAM will not be reported by `free`, so we allow a 196 MB gap + gap = convert_to_MiB(196, "MiB") + assert(@detected_ram_m + gap >= min_ram_m, "Didn't detect enough RAM") +end + +def pattern_coverage_in_guest_ram + dump = "#{$tmp_dir}/memdump" + # Workaround: when dumping the guest's memory via core_dump(), libvirt + # will create files that only root can read. We therefore pre-create + # them with more permissible permissions, which libvirt will preserve + # (although it will change ownership) so that the user running the + # script can grep the dump for the fillram pattern, and delete it. + if File.exist?(dump) + File.delete(dump) + end + FileUtils.touch(dump) + FileUtils.chmod(0666, dump) + @vm.domain.core_dump(dump) + patterns = IO.popen("grep -c 'wipe_didnt_work' #{dump}").gets.to_i + File.delete dump + # Pattern is 16 bytes long + patterns_b = patterns*16 + patterns_m = convert_to_MiB(patterns_b, 'b') + coverage = patterns_b.to_f/convert_to_bytes(@detected_ram_m.to_f, 'MiB') + puts "Pattern coverage: #{"%.3f" % (coverage*100)}% (#{patterns_m} MiB)" + return coverage +end + +Given /^I fill the guest's memory with a known pattern(| without verifying)$/ do |dont_verify| + verify = dont_verify.empty? + next if @skip_steps_while_restoring_background + + # Free some more memory by dropping the caches etc. + @vm.execute("echo 3 > /proc/sys/vm/drop_caches") + + # The (guest) kernel may freeze when approaching full memory without + # adjusting the OOM killer and memory overcommitment limitations. + [ + "echo 256 > /proc/sys/vm/min_free_kbytes", + "echo 2 > /proc/sys/vm/overcommit_memory", + "echo 97 > /proc/sys/vm/overcommit_ratio", + "echo 1 > /proc/sys/vm/oom_kill_allocating_task", + "echo 0 > /proc/sys/vm/oom_dump_tasks" + ].each { |c| @vm.execute(c) } + + # The remote shell is sometimes OOM killed when we fill the memory, + # and since we depend on it after the memory fill we try to prevent + # that from happening. + pid = @vm.pidof("autotest_remote_shell.py")[0] + @vm.execute("echo -17 > /proc/#{pid}/oom_adj") + + used_mem_before_fill = used_ram_in_MiB + + # To be sure that we fill all memory we run one fillram instance + # for each GiB of detected memory, rounded up. We also kill all instances + # after the first one has finished, i.e. when the memory is full, + # since the others otherwise may continue re-filling the same memory + # unnecessarily. + instances = (@detected_ram_m.to_f/(2**10)).ceil + instances.times { @vm.spawn('/usr/local/sbin/fillram; killall fillram') } + # We make sure that the filling has started... + try_for(10, { :msg => "fillram didn't start" }) { + @vm.has_process?("fillram") + } + STDERR.print "Memory fill progress: " + ram_usage = "" + remove_chars = 0 + # ... and that it finishes + try_for(instances*2*60, { :msg => "fillram didn't complete, probably the VM crashed" }) do + used_ram = used_ram_in_MiB + remove_chars = ram_usage.size + ram_usage = "%3d%% " % ((used_ram.to_f/@detected_ram_m)*100) + STDERR.print "\b"*remove_chars + ram_usage + ! @vm.has_process?("fillram") + end + STDERR.print "\b"*remove_chars + "finished.\n" + if verify + coverage = pattern_coverage_in_guest_ram() + # Let's aim for having the pattern cover at least 80% of the free RAM. + # More would be good, but it seems like OOM kill strikes around 90%, + # and we don't want this test to fail all the time. + min_coverage = ((@detected_ram_m - used_mem_before_fill).to_f / + @detected_ram_m.to_f)*0.75 + assert(coverage > min_coverage, + "#{"%.3f" % (coverage*100)}% of the memory is filled with the " + + "pattern, but more than #{"%.3f" % (min_coverage*100)}% was expected") + end +end + +Then /^I find very few patterns in the guest's memory$/ do + next if @skip_steps_while_restoring_background + coverage = pattern_coverage_in_guest_ram() + max_coverage = 0.005 + assert(coverage < max_coverage, + "#{"%.3f" % (coverage*100)}% of the memory is filled with the " + + "pattern, but less than #{"%.3f" % (max_coverage*100)}% was expected") +end + +Then /^I find many patterns in the guest's memory$/ do + next if @skip_steps_while_restoring_background + coverage = pattern_coverage_in_guest_ram() + min_coverage = 0.7 + assert(coverage > min_coverage, + "#{"%.3f" % (coverage*100)}% of the memory is filled with the " + + "pattern, but more than #{"%.3f" % (min_coverage*100)}% was expected") +end + +When /^I reboot without wiping the memory$/ do + next if @skip_steps_while_restoring_background + @vm.reset + @screen.wait('TailsBootSplashPostReset.png', 30) +end + +When /^I shutdown and wait for Tails to finish wiping the memory$/ do + next if @skip_steps_while_restoring_background + @vm.execute("halt") + nr_gibs_of_ram = (@detected_ram_m.to_f/(2**10)).ceil + try_for(nr_gibs_of_ram*5*60, { :msg => "memory wipe didn't finish, probably the VM crashed" }) do + # We spam keypresses to prevent console blanking from hiding the + # image we're waiting for + @screen.type(" ") + @screen.wait('MemoryWipeCompleted.png') + end +end diff --git a/features/step_definitions/evince.rb b/features/step_definitions/evince.rb new file mode 100644 index 00000000..d9bb42c1 --- /dev/null +++ b/features/step_definitions/evince.rb @@ -0,0 +1,20 @@ +When /^I(?:| try to) open "([^"]+)" with Evince$/ do |filename| + next if @skip_steps_while_restoring_background + step "I run \"evince #{filename}\" in GNOME Terminal" +end + +Then /^I can print the current document to "([^"]+)"$/ do |output_file| + next if @skip_steps_while_restoring_background + @screen.type("p", Sikuli::KeyModifier.CTRL) + @screen.wait("EvincePrintDialog.png", 10) + @screen.wait_and_click("EvincePrintToFile.png", 10) + @screen.wait_and_double_click("EvincePrintOutputFile.png", 10) + @screen.hide_cursor + @screen.wait("EvincePrintOutputFileSelected.png", 10) + # Only the file's basename is selected by double-clicking, + # so we type only the desired file's basename to replace it + @screen.type(output_file.sub(/[.]pdf$/, '') + Sikuli::Key.ENTER) + try_for(10, :msg => "The document was not printed to #{output_file}") { + @vm.file_exist?(output_file) + } +end diff --git a/features/step_definitions/firewall_leaks.rb b/features/step_definitions/firewall_leaks.rb new file mode 100644 index 00000000..79ae0de3 --- /dev/null +++ b/features/step_definitions/firewall_leaks.rb @@ -0,0 +1,60 @@ +Then(/^the firewall leak detector has detected (.*?) leaks$/) do |type| + next if @skip_steps_while_restoring_background + leaks = FirewallLeakCheck.new(@sniffer.pcap_file, get_tor_relays) + case type.downcase + when 'ipv4 tcp' + if leaks.ipv4_tcp_leaks.empty? + save_pcap_file + raise "Couldn't detect any IPv4 TCP leaks" + end + when 'ipv4 non-tcp' + if leaks.ipv4_nontcp_leaks.empty? + save_pcap_file + raise "Couldn't detect any IPv4 non-TCP leaks" + end + when 'ipv6' + if leaks.ipv6_leaks.empty? + save_pcap_file + raise "Couldn't detect any IPv6 leaks" + end + when 'non-ip' + if leaks.nonip_leaks.empty? + save_pcap_file + raise "Couldn't detect any non-IP leaks" + end + else + raise "Incorrect packet type '#{type}'" + end +end + +Given(/^I disable Tails' firewall$/) do + next if @skip_steps_while_restoring_background + @vm.execute("/usr/local/sbin/do_not_ever_run_me") + iptables = @vm.execute("iptables -L -n -v").stdout.chomp.split("\n") + for line in iptables do + if !line[/Chain (INPUT|OUTPUT|FORWARD) \(policy ACCEPT/] and + !line[/pkts[[:blank:]]+bytes[[:blank:]]+target/] and + !line.empty? + raise "The Tails firewall was not successfully disabled:\n#{iptables}" + end + end +end + +When(/^I do a TCP DNS lookup of "(.*?)"$/) do |host| + next if @skip_steps_while_restoring_background + lookup = @vm.execute("host -T #{host} #{$some_dns_server}", $live_user) + assert(lookup.success?, "Failed to resolve #{host}:\n#{lookup.stdout}") +end + +When(/^I do a UDP DNS lookup of "(.*?)"$/) do |host| + next if @skip_steps_while_restoring_background + lookup = @vm.execute("host #{host} #{$some_dns_server}", $live_user) + assert(lookup.success?, "Failed to resolve #{host}:\n#{lookup.stdout}") +end + +When(/^I send some ICMP pings$/) do + next if @skip_steps_while_restoring_background + # We ping an IP address to avoid a DNS lookup + ping = @vm.execute("ping -c 5 #{$some_dns_server}", $live_user) + assert(ping.success?, "Failed to ping #{$some_dns_server}:\n#{ping.stderr}") +end diff --git a/features/step_definitions/i2p.rb b/features/step_definitions/i2p.rb new file mode 100644 index 00000000..0b8a8d3c --- /dev/null +++ b/features/step_definitions/i2p.rb @@ -0,0 +1,60 @@ +Given /^I2P is running$/ do + next if @skip_steps_while_restoring_background + try_for(30) do + @vm.execute('service i2p status').success? + end +end + +Given /^the I2P router console is ready$/ do + next if @skip_steps_while_restoring_background + try_for(60) do + @vm.execute('. /usr/local/lib/tails-shell-library/i2p.sh; ' + + 'i2p_router_console_is_ready').success? + end +end + +When /^I start the I2P Browser through the GNOME menu$/ do + next if @skip_steps_while_restoring_background + @screen.wait_and_click("GnomeApplicationsMenu.png", 10) + @screen.wait_and_click("GnomeApplicationsInternet.png", 10) + @screen.wait_and_click("GnomeApplicationsI2PBrowser.png", 20) +end + +Then /^the I2P Browser desktop file is (|not )present$/ do |mode| + next if @skip_steps_while_restoring_background + file = '/usr/share/applications/i2p-browser.desktop' + if mode == '' + assert(@vm.execute("test -e #{file}").success?) + elsif mode == 'not ' + assert(@vm.execute("! test -e #{file}").success?) + else + raise "Unsupported mode passed: '#{mode}'" + end +end + +Then /^the I2P Browser sudo rules are (enabled|not present)$/ do |mode| + next if @skip_steps_while_restoring_background + file = '/etc/sudoers.d/zzz_i2pbrowser' + if mode == 'enabled' + assert(@vm.execute("test -e #{file}").success?) + elsif mode == 'not present' + assert(@vm.execute("! test -e #{file}").success?) + else + raise "Unsupported mode passed: '#{mode}'" + end +end + +Then /^the I2P firewall rules are (enabled|disabled)$/ do |mode| + next if @skip_steps_while_restoring_background + i2p_username = 'i2psvc' + i2p_uid = @vm.execute("getent passwd #{i2p_username} | awk -F ':' '{print $3}'").stdout.chomp + accept_rules = @vm.execute("iptables -L -n -v | grep -E '^\s+[0-9]+\s+[0-9]+\s+ACCEPT.*owner UID match #{i2p_uid}$'").stdout + accept_rules_count = accept_rules.lines.count + if mode == 'enabled' + assert_equal(13, accept_rules_count) + elsif mode == 'disabled' + assert_equal(0, accept_rules_count) + else + raise "Unsupported mode passed: '#{mode}'" + end +end diff --git a/features/step_definitions/pidgin.rb b/features/step_definitions/pidgin.rb new file mode 100644 index 00000000..23b48e26 --- /dev/null +++ b/features/step_definitions/pidgin.rb @@ -0,0 +1,188 @@ +def configured_pidgin_accounts + accounts = [] + xml = REXML::Document.new(@vm.file_content('$HOME/.purple/accounts.xml', + $live_user)) + xml.elements.each("account/account") do |e| + account = e.elements["name"].text + account_name, network = account.split("@") + protocol = e.elements["protocol"].text + port = e.elements["settings/setting[@name='port']"].text + nickname = e.elements["settings/setting[@name='username']"].text + real_name = e.elements["settings/setting[@name='realname']"].text + accounts.push({ + 'name' => account_name, + 'network' => network, + 'protocol' => protocol, + 'port' => port, + 'nickname' => nickname, + 'real_name' => real_name, + }) + end + + return accounts +end + +def chan_image (account, channel, image) + images = { + 'irc.oftc.net' => { + '#tails' => { + 'roaster' => 'PidginTailsChannelEntry', + 'conversation_tab' => 'PidginTailsConversationTab', + 'welcome' => 'PidginTailsChannelWelcome', + } + } + } + return images[account][channel][image] + ".png" +end + +def default_chan (account) + chans = { + 'irc.oftc.net' => '#tails', + } + return chans[account] +end + +def pidgin_otr_keys + return @vm.file_content('$HOME/.purple/otr.private_key', $live_user) +end + +Given /^Pidgin has the expected accounts configured with random nicknames$/ do + next if @skip_steps_while_restoring_background + expected = [ + ["irc.oftc.net", "prpl-irc", "6697"], + ["127.0.0.1", "prpl-irc", "6668"], + ] + configured_pidgin_accounts.each() do |account| + assert(account['nickname'] != "XXX_NICK_XXX", "Nickname was no randomised") + assert_equal(account['nickname'], account['real_name'], + "Nickname and real name are not identical: " + + account['nickname'] + " vs. " + account['real_name']) + assert_equal(account['name'], account['nickname'], + "Account name and nickname are not identical: " + + account['name'] + " vs. " + account['nickname']) + candidate = [account['network'], account['protocol'], account['port']] + assert(expected.include?(candidate), "Unexpected account: #{candidate}") + expected.delete(candidate) + end + assert(expected.empty?, "These Pidgin accounts are not configured: " + + "#{expected}") +end + +When /^I start Pidgin through the GNOME menu$/ do + next if @skip_steps_while_restoring_background + @screen.wait_and_click("GnomeApplicationsMenu.png", 10) + @screen.wait_and_click("GnomeApplicationsInternet.png", 10) + @screen.wait_and_click("GnomeApplicationsPidgin.png", 20) +end + +When /^I open Pidgin's account manager window$/ do + next if @skip_steps_while_restoring_background + @screen.type("a", Sikuli::KeyModifier.CTRL) # shortcut for "manage accounts" + step "I see Pidgin's account manager window" +end + +When /^I see Pidgin's account manager window$/ do + next if @skip_steps_while_restoring_background + @screen.wait("PidginAccountWindow.png", 20) +end + +When /^I close Pidgin's account manager window$/ do + next if @skip_steps_while_restoring_background + @screen.wait_and_click("PidginAccountManagerCloseButton.png", 10) +end + +When /^I activate the "([^"]+)" Pidgin account$/ do |account| + next if @skip_steps_while_restoring_background + @screen.click("PidginAccount_#{account}.png") + @screen.type(Sikuli::Key.LEFT + Sikuli::Key.SPACE) + # wait for the Pidgin to be connecting, otherwise sometimes the step + # that closes the account management dialog happens before the account + # is actually enabled + @screen.wait("PidginConnecting.png", 5) +end + +Then /^Pidgin successfully connects to the "([^"]+)" account$/ do |account| + next if @skip_steps_while_restoring_background + expected_channel_entry = chan_image(account, default_chan(account), 'roaster') + @screen.wait(expected_channel_entry, 60) +end + +Then /^I can join the "([^"]+)" channel on "([^"]+)"$/ do |channel, account| + next if @skip_steps_while_restoring_background + @screen.doubleClick( chan_image(account, channel, 'roaster')) + @screen.wait_and_click(chan_image(account, channel, 'conversation_tab'), 10) + @screen.wait( chan_image(account, channel, 'welcome'), 10) +end + +Then /^I take note of the configured Pidgin accounts$/ do + next if @skip_steps_while_restoring_background + @persistent_pidgin_accounts = configured_pidgin_accounts +end + +Then /^I take note of the OTR key for Pidgin's "([^"]+)" account$/ do |account_name| + next if @skip_steps_while_restoring_background + @persistent_pidgin_otr_keys = pidgin_otr_keys +end + +Then /^Pidgin has the expected persistent accounts configured$/ do + next if @skip_steps_while_restoring_background + current_accounts = configured_pidgin_accounts + assert(current_accounts <=> @persistent_pidgin_accounts, + "Currently configured Pidgin accounts do not match the persistent ones:\n" + + "Current:\n#{current_accounts}\n" + + "Persistent:\n#{@persistent_pidgin_accounts}" + ) +end + +Then /^Pidgin has the expected persistent OTR keys$/ do + next if @skip_steps_while_restoring_background + assert_equal(pidgin_otr_keys, @persistent_pidgin_otr_keys) +end + +def pidgin_add_certificate_from (cert_file) + # Here, we need a certificate that is not already in the NSS database + step "I copy \"/usr/share/ca-certificates/spi-inc.org/spi-cacert-2008.crt\" to \"#{cert_file}\" as user \"amnesia\"" + + @screen.wait_and_click('PidginToolsMenu.png', 10) + @screen.wait_and_click('PidginCertificatesMenuItem.png', 10) + @screen.wait('PidginCertificateManagerDialog.png', 10) + @screen.wait_and_click('PidginCertificateAddButton.png', 10) + begin + @screen.wait_and_click('GtkFileChooserDesktopButton.png', 10) + rescue FindFailed + # The first time we're run, the file chooser opens in the Recent + # view, so we have to browse a directory before we can use the + # "Type file name" button. But on subsequent runs, the file + # chooser is already in the Desktop directory, so we don't need to + # do anything. Hence, this noop exception handler. + end + @screen.wait_and_click('GtkFileTypeFileNameButton.png', 10) + @screen.type("l", Sikuli::KeyModifier.ALT) # "Location" field + @screen.type(cert_file + Sikuli::Key.ENTER) +end + +Then /^I can add a certificate from the "([^"]+)" directory to Pidgin$/ do |cert_dir| + next if @skip_steps_while_restoring_background + pidgin_add_certificate_from("#{cert_dir}/test.crt") + @screen.wait('PidginCertificateAddHostnameDialog.png', 10) + @screen.type("XXX test XXX" + Sikuli::Key.ENTER) + @screen.wait('PidginCertificateTestItem.png', 10) +end + +Then /^I cannot add a certificate from the "([^"]+)" directory to Pidgin$/ do |cert_dir| + next if @skip_steps_while_restoring_background + pidgin_add_certificate_from("#{cert_dir}/test.crt") + @screen.wait('PidginCertificateImportFailed.png', 10) +end + +When /^I close Pidgin's certificate manager$/ do + @screen.type(Sikuli::Key.ESC) + # @screen.wait_and_click('PidginCertificateManagerClose.png', 10) + @screen.waitVanish('PidginCertificateManagerDialog.png', 10) +end + +When /^I close Pidgin's certificate import failure dialog$/ do + @screen.type(Sikuli::Key.ESC) + # @screen.wait_and_click('PidginCertificateManagerClose.png', 10) + @screen.waitVanish('PidginCertificateImportFailed.png', 10) +end diff --git a/features/step_definitions/root_access_control.rb b/features/step_definitions/root_access_control.rb new file mode 100644 index 00000000..aaebb0df --- /dev/null +++ b/features/step_definitions/root_access_control.rb @@ -0,0 +1,45 @@ +Then /^I should be able to run administration commands as the live user$/ do + next if @skip_steps_while_restoring_background + stdout = @vm.execute("echo #{@sudo_password} | sudo -S whoami", $live_user).stdout + actual_user = stdout.sub(/^\[sudo\] password for #{$live_user}: /, "").chomp + assert_equal("root", actual_user, "Could not use sudo") +end + +Then /^I should not be able to run administration commands as the live user with the "([^"]*)" password$/ do |password| + next if @skip_steps_while_restoring_background + stderr = @vm.execute("echo #{password} | sudo -S whoami", $live_user).stderr + sudo_failed = stderr.include?("The administration password is disabled") || stderr.include?("is not allowed to execute") + assert(sudo_failed, "The administration password is not disabled:" + stderr) +end + +When /^running a command as root with pkexec requires PolicyKit administrator privileges$/ do + next if @skip_steps_while_restoring_background + action = 'org.freedesktop.policykit.exec' + action_details = @vm.execute("pkaction --verbose --action-id #{action}").stdout + assert(action_details[/\s+implicit any:\s+auth_admin$/], + "Expected 'auth_admin' for 'any':\n#{action_details}") + assert(action_details[/\s+implicit inactive:\s+auth_admin$/], + "Expected 'auth_admin' for 'inactive':\n#{action_details}") + assert(action_details[/\s+implicit active:\s+auth_admin$/], + "Expected 'auth_admin' for 'active':\n#{action_details}") +end + +Then /^I should be able to run a command as root with pkexec$/ do + next if @skip_steps_while_restoring_background + step "I run \"pkexec touch /root/pkexec-test\" in GNOME Terminal" + step 'I enter the sudo password in the pkexec prompt' + try_for(10, :msg => 'The /root/pkexec-test file was not created.') { + @vm.execute('ls /root/pkexec-test').success? + } +end + +Then /^I should not be able to run a command as root with pkexec and the standard passwords$/ do + next if @skip_steps_while_restoring_background + step "I run \"pkexec touch /root/pkexec-test\" in GNOME Terminal" + ['', 'live'].each do |password| + step "I enter the \"#{password}\" password in the pkexec prompt" + @screen.wait('PolicyKitAuthFailure.png', 20) + end + step "I enter the \"amnesia\" password in the pkexec prompt" + @screen.wait('PolicyKitAuthCompleteFailure.png', 20) +end diff --git a/features/step_definitions/time_syncing.rb b/features/step_definitions/time_syncing.rb new file mode 100644 index 00000000..161a4162 --- /dev/null +++ b/features/step_definitions/time_syncing.rb @@ -0,0 +1,20 @@ +When /^I set the system time to "([^"]+)"$/ do |time| + next if @skip_steps_while_restoring_background + @vm.execute("date -s '#{time}'") +end + +When /^I bump the system time with "([^"]+)"$/ do |timediff| + next if @skip_steps_while_restoring_background + @vm.execute("date -s 'now #{timediff}'") +end + +Then /^Tails clock is less than (\d+) minutes incorrect$/ do |max_diff_mins| + next if @skip_steps_while_restoring_background + guest_time_str = @vm.execute("date --rfc-2822").stdout.chomp + guest_time = Time.rfc2822(guest_time_str) + host_time = Time.now + diff = (host_time - guest_time).abs + assert(diff < max_diff_mins.to_i*60, + "The guest's clock is off by #{diff} seconds (#{guest_time})") + puts "Time was #{diff} seconds off" +end diff --git a/features/step_definitions/torified_browsing.rb b/features/step_definitions/torified_browsing.rb new file mode 100644 index 00000000..770fda52 --- /dev/null +++ b/features/step_definitions/torified_browsing.rb @@ -0,0 +1,12 @@ +When /^I open a new tab in the Tor Browser$/ do + next if @skip_steps_while_restoring_background + @screen.click("TorBrowserNewTabButton.png") +end + +When /^I open the address "([^"]*)" in the Tor Browser$/ do |address| + next if @skip_steps_while_restoring_background + step "I open a new tab in the Tor Browser" + @screen.click("TorBrowserAddressBar.png") + sleep 0.5 + @screen.type(address + Sikuli::Key.ENTER) +end diff --git a/features/step_definitions/torified_gnupg.rb b/features/step_definitions/torified_gnupg.rb new file mode 100644 index 00000000..5a1462ce --- /dev/null +++ b/features/step_definitions/torified_gnupg.rb @@ -0,0 +1,54 @@ +When /^the "([^"]*)" OpenPGP key is not in the live user's public keyring$/ do |keyid| + next if @skip_steps_while_restoring_background + assert(!@vm.execute("gpg --batch --list-keys '#{keyid}'", $live_user).success?, + "The '#{keyid}' key is in the live user's public keyring.") +end + +When /^I fetch the "([^"]*)" OpenPGP key using the GnuPG CLI$/ do |keyid| + next if @skip_steps_while_restoring_background + @gnupg_recv_key_res = @vm.execute( + "gpg --batch --recv-key '#{keyid}'", + $live_user) +end + +When /^the GnuPG fetch is successful$/ do + next if @skip_steps_while_restoring_background + assert(@gnupg_recv_key_res.success?, + "gpg keyserver fetch failed:\n#{@gnupg_recv_key_res.stderr}") +end + +When /^GnuPG uses the configured keyserver$/ do + next if @skip_steps_while_restoring_background + assert(@gnupg_recv_key_res.stderr[$configured_keyserver_hostname], + "GnuPG's stderr did not mention keyserver #{$configured_keyserver_hostname}") +end + +When /^the "([^"]*)" key is in the live user's public keyring after at most (\d+) seconds$/ do |keyid, delay| + next if @skip_steps_while_restoring_background + try_for(delay.to_f, :msg => "The '#{keyid}' key is not in the live user's public keyring") { + @vm.execute("gpg --batch --list-keys '#{keyid}'", $live_user).success? + } +end + +When /^I start Seahorse$/ do + next if @skip_steps_while_restoring_background + @screen.wait_and_click("GnomeApplicationsMenu.png", 10) + @screen.wait_and_click("GnomeApplicationsSystem.png", 10) + @screen.wait_and_click("GnomeApplicationsPreferences.png", 10) + @screen.wait_and_click("GnomeApplicationsSeahorse.png", 10) +end + +When /^I fetch the "([^"]*)" OpenPGP key using Seahorse$/ do |keyid| + next if @skip_steps_while_restoring_background + step "I start Seahorse" + @screen.wait("SeahorseWindow.png", 10) + @screen.type("r", Sikuli::KeyModifier.ALT) # Menu: "Remote" -> + @screen.type("f") # "Find Remote Keys...". + @screen.wait("SeahorseFindKeysWindow.png", 10) + # Seahorse doesn't seem to support searching for fingerprints + @screen.type(keyid + Sikuli::Key.ENTER) + @screen.wait("SeahorseFoundKeyResult.png", 5*60) + @screen.type(Sikuli::Key.DOWN) # Select first item in result menu + @screen.type("f", Sikuli::KeyModifier.ALT) # Menu: "File" -> + @screen.type("i") # "Import" +end diff --git a/features/step_definitions/totem.rb b/features/step_definitions/totem.rb new file mode 100644 index 00000000..d125f4ec --- /dev/null +++ b/features/step_definitions/totem.rb @@ -0,0 +1,50 @@ +def shared_video_dir_on_guest + "/tmp/shared_video_dir" +end + +Given /^I create sample videos$/ do + next if @skip_steps_while_restoring_background + fatal_system("ffmpeg -loop 1 -t 30 -f image2 " + + "-i 'features/images/TailsBootSplash.png' " + + "-an -vcodec libx264 -y " + + "'#{$misc_files_dir}/video.mp4' >/dev/null 2>&1") +end + +Given /^I setup a filesystem share containing sample videos$/ do + next if @skip_steps_while_restoring_background + @vm.add_share($misc_files_dir, shared_video_dir_on_guest) +end + +Given /^I copy the sample videos to "([^"]+)" as user "([^"]+)"$/ do |destination, user| + next if @skip_steps_while_restoring_background + for video_on_host in Dir.glob("#{$misc_files_dir}/*.mp4") do + video_name = File.basename(video_on_host) + src_on_guest = "#{shared_video_dir_on_guest}/#{video_name}" + dst_on_guest = "#{destination}/#{video_name}" + step "I copy \"#{src_on_guest}\" to \"#{dst_on_guest}\" as user \"amnesia\"" + end +end + +When /^I start Totem through the GNOME menu$/ do + next if @skip_steps_while_restoring_background + @screen.wait_and_click("GnomeApplicationsMenu.png", 10) + @screen.wait_and_click("GnomeApplicationsSoundVideo.png", 10) + @screen.wait_and_click("GnomeApplicationsTotem.png", 20) + @screen.wait_and_click("TotemMainWindow.png", 20) +end + +When /^I load the "([^"]+)" URL in Totem$/ do |url| + next if @skip_steps_while_restoring_background + @screen.type("l", Sikuli::KeyModifier.CTRL) + @screen.wait("TotemOpenUrlDialog.png", 10) + @screen.type(url + Sikuli::Key.ENTER) +end + +When /^I(?:| try to) open "([^"]+)" with Totem$/ do |filename| + next if @skip_steps_while_restoring_background + step "I run \"totem #{filename}\" in GNOME Terminal" +end + +When /^I close Totem$/ do + step 'I kill the process "totem"' +end diff --git a/features/step_definitions/truecrypt.rb b/features/step_definitions/truecrypt.rb new file mode 100644 index 00000000..bc8591bc --- /dev/null +++ b/features/step_definitions/truecrypt.rb @@ -0,0 +1,12 @@ +When /^I start TrueCrypt through the GNOME menu$/ do + next if @skip_steps_while_restoring_background + @screen.wait_and_click("GnomeApplicationsMenu.png", 10) + @screen.wait_and_click("GnomeApplicationsAccessories.png", 10) + @screen.wait_and_click("GnomeApplicationsTrueCrypt.png", 20) +end + +When /^I deal with the removal warning prompt$/ do + next if @skip_steps_while_restoring_background + @screen.wait("TrueCryptRemovalWarning.png", 60) + @screen.type(Sikuli::Key.ENTER) +end diff --git a/features/step_definitions/unsafe_browser.rb b/features/step_definitions/unsafe_browser.rb new file mode 100644 index 00000000..86f1c165 --- /dev/null +++ b/features/step_definitions/unsafe_browser.rb @@ -0,0 +1,154 @@ +When /^I see and accept the Unsafe Browser start verification$/ do + next if @skip_steps_while_restoring_background + @screen.wait("UnsafeBrowserStartVerification.png", 30) + @screen.type("l", Sikuli::KeyModifier.ALT) +end + +Then /^I see the Unsafe Browser start notification and wait for it to close$/ do + next if @skip_steps_while_restoring_background + @screen.wait("UnsafeBrowserStartNotification.png", 30) + @screen.waitVanish("UnsafeBrowserStartNotification.png", 10) +end + +Then /^the Unsafe Browser has started$/ do + next if @skip_steps_while_restoring_background + @screen.wait("UnsafeBrowserHomepage.png", 360) +end + +Then /^the Unsafe Browser has a red theme$/ do + next if @skip_steps_while_restoring_background + @screen.wait("UnsafeBrowserRedTheme.png", 10) +end + +Then /^the Unsafe Browser shows a warning as its start page$/ do + next if @skip_steps_while_restoring_background + @screen.wait("UnsafeBrowserStartPage.png", 10) +end + +When /^I start the Unsafe Browser$/ do + next if @skip_steps_while_restoring_background + @screen.wait_and_click("GnomeApplicationsMenu.png", 10) + @screen.wait_and_click("GnomeApplicationsInternet.png", 10) + @screen.wait_and_click("GnomeApplicationsUnsafeBrowser.png", 20) +end + +When /^I successfully start the Unsafe Browser$/ do + next if @skip_steps_while_restoring_background + step "I start the Unsafe Browser" + step "I see and accept the Unsafe Browser start verification" + step "I see the Unsafe Browser start notification and wait for it to close" + step "the Unsafe Browser has started" +end + +Then /^I see a warning about another instance already running$/ do + next if @skip_steps_while_restoring_background + @screen.wait('UnsafeBrowserWarnAlreadyRunning.png', 10) +end + +When /^I close the Unsafe Browser$/ do + next if @skip_steps_while_restoring_background + @screen.type("q", Sikuli::KeyModifier.CTRL) +end + +Then /^I see the Unsafe Browser stop notification$/ do + next if @skip_steps_while_restoring_background + @screen.wait('UnsafeBrowserStopNotification.png', 20) + @screen.waitVanish('UnsafeBrowserStopNotification.png', 10) +end + +Then /^I can start the Unsafe Browser again$/ do + next if @skip_steps_while_restoring_background + step "I start the Unsafe Browser" +end + +When /^I open a new tab in the Unsafe Browser$/ do + next if @skip_steps_while_restoring_background + @screen.wait_and_click("UnsafeBrowserWindow.png", 10) + @screen.type("t", Sikuli::KeyModifier.CTRL) +end + +When /^I open the address "([^"]*)" in the Unsafe Browser$/ do |address| + next if @skip_steps_while_restoring_background + step "I open a new tab in the Unsafe Browser" + @screen.type("l", Sikuli::KeyModifier.CTRL) + sleep 0.5 + @screen.type(address + Sikuli::Key.ENTER) +end + +# Workaround until the TBB shows the menu bar by default +# https://lists.torproject.org/pipermail/tor-qa/2014-October/000478.html +def show_unsafe_browser_menu_bar + try_for(15, :msg => "Failed to show the menu bar") do + @screen.type("h", Sikuli::KeyModifier.ALT) + @screen.find('UnsafeBrowserEditMenu.png') + end +end + +Then /^I cannot configure the Unsafe Browser to use any local proxies$/ do + next if @skip_steps_while_restoring_background + @screen.wait_and_click("UnsafeBrowserWindow.png", 10) + # First we open the proxy settings page to prepare it with the + # correct open tabs for the loop below. + show_unsafe_browser_menu_bar + @screen.hover('UnsafeBrowserEditMenu.png') + @screen.wait_and_click('UnsafeBrowserEditPreferences.png', 10) + @screen.wait('UnsafeBrowserPreferencesWindow.png', 10) + @screen.wait_and_click('UnsafeBrowserAdvancedSettings.png', 10) + @screen.wait_and_click('UnsafeBrowserNetworkTab.png', 10) + sleep 0.5 + @screen.type(Sikuli::Key.ESC) +# @screen.waitVanish('UnsafeBrowserPreferences.png', 10) + sleep 0.5 + + http_proxy = 'x' # Alt+x is the shortcut to select http proxy + socks_proxy = 'c' # Alt+c for socks proxy + no_proxy = 'y' # Alt+y for no proxy + + # Note: the loop below depends on that http_proxy is done after any + # other proxy types since it will set "Use this proxy server for all + # protocols", which will make the other proxy types unselectable. + proxies = [[socks_proxy, 9050], + [socks_proxy, 9061], + [socks_proxy, 9062], + [socks_proxy, 9150], + [http_proxy, 8118], + [no_proxy, 0]] + + proxies.each do |proxy| + proxy_type = proxy[0] + proxy_port = proxy[1] + + @screen.hide_cursor + + # Open proxy settings and select manual proxy configuration + show_unsafe_browser_menu_bar + @screen.hover('UnsafeBrowserEditMenu.png') + @screen.wait_and_click('UnsafeBrowserEditPreferences.png', 10) + @screen.wait('UnsafeBrowserPreferencesWindow.png', 10) + @screen.type("e", Sikuli::KeyModifier.ALT) + @screen.wait('UnsafeBrowserProxySettings.png', 10) + @screen.type("m", Sikuli::KeyModifier.ALT) + + # Configure the proxy + @screen.type(proxy_type, Sikuli::KeyModifier.ALT) # Select correct proxy type + @screen.type("127.0.0.1" + Sikuli::Key.TAB + "#{proxy_port}") if proxy_type != no_proxy + # For http proxy we set "Use this proxy server for all protocols" + @screen.type("s", Sikuli::KeyModifier.ALT) if proxy_type == http_proxy + + # Close settings + @screen.type(Sikuli::Key.ENTER) +# @screen.waitVanish('UnsafeBrowserProxySettings.png', 10) + sleep 0.5 + @screen.type(Sikuli::Key.ESC) +# @screen.waitVanish('UnsafeBrowserPreferences.png', 10) + sleep 0.5 + + # Test that the proxy settings work as they should + step "I open the address \"https://check.torproject.org\" in the Unsafe Browser" + if proxy_type == no_proxy + @screen.wait('UnsafeBrowserTorCheckFail.png', 60) + else + @screen.wait('UnsafeBrowserProxyRefused.png', 60) + end + end +end diff --git a/features/step_definitions/untrusted_partitions.rb b/features/step_definitions/untrusted_partitions.rb new file mode 100644 index 00000000..de2e0a70 --- /dev/null +++ b/features/step_definitions/untrusted_partitions.rb @@ -0,0 +1,35 @@ +Given /^I create a (\d+) ([[:alpha:]]+) disk named "([^"]+)"$/ do |size, unit, name| + next if @skip_steps_while_restoring_background + @vm.storage.create_new_disk(name, {:size => size, :unit => unit, + :type => "raw"}) +end + +Given /^I create a ([[:alpha:]]+) label on disk "([^"]+)"$/ do |type, name| + next if @skip_steps_while_restoring_background + @vm.storage.disk_mklabel(name, type) +end + +Given /^I create a ([[:alnum:]]+) filesystem on disk "([^"]+)"$/ do |type, name| + next if @skip_steps_while_restoring_background + @vm.storage.disk_mkpartfs(name, type) +end + +Given /^I cat an ISO hybrid of the Tails image to disk "([^"]+)"$/ do |name| + next if @skip_steps_while_restoring_background + disk_path = @vm.storage.disk_path(name) + tails_iso_hybrid = "#{$tmp_dir}/#{File.basename($tails_iso)}" + begin + cmd_helper("cp '#{$tails_iso}' '#{tails_iso_hybrid}'") + cmd_helper("isohybrid '#{tails_iso_hybrid}' --entry 4 --type 0x1c") + cmd_helper("dd if='#{tails_iso_hybrid}' of='#{disk_path}' conv=notrunc") + ensure + cmd_helper("rm -f '#{tails_iso_hybrid}'") + end +end + +Then /^drive "([^"]+)" is not mounted$/ do |name| + next if @skip_steps_while_restoring_background + dev = @vm.disk_dev(name) + assert(!@vm.execute("grep -qs '^#{dev}' /proc/mounts").success?, + "an untrusted partition from drive '#{name}' was automounted") +end diff --git a/features/step_definitions/usb.rb b/features/step_definitions/usb.rb new file mode 100644 index 00000000..f9f17ea2 --- /dev/null +++ b/features/step_definitions/usb.rb @@ -0,0 +1,492 @@ +def persistent_mounts + { + "cups-configuration" => "/etc/cups", + "nm-system-connections" => "/etc/NetworkManager/system-connections", + "claws-mail" => "/home/#{$live_user}/.claws-mail", + "gnome-keyrings" => "/home/#{$live_user}/.gnome2/keyrings", + "gnupg" => "/home/#{$live_user}/.gnupg", + "bookmarks" => "/home/#{$live_user}/.mozilla/firefox/bookmarks", + "pidgin" => "/home/#{$live_user}/.purple", + "openssh-client" => "/home/#{$live_user}/.ssh", + "Persistent" => "/home/#{$live_user}/Persistent", + "apt/cache" => "/var/cache/apt/archives", + "apt/lists" => "/var/lib/apt/lists", + } +end + +def persistent_volumes_mountpoints + @vm.execute("ls -1 -d /live/persistence/*_unlocked/").stdout.chomp.split +end + +Given /^I create a new (\d+) ([[:alpha:]]+) USB drive named "([^"]+)"$/ do |size, unit, name| + next if @skip_steps_while_restoring_background + @vm.storage.create_new_disk(name, {:size => size, :unit => unit}) +end + +Given /^I clone USB drive "([^"]+)" to a new USB drive "([^"]+)"$/ do |from, to| + next if @skip_steps_while_restoring_background + @vm.storage.clone_to_new_disk(from, to) +end + +Given /^I unplug USB drive "([^"]+)"$/ do |name| + next if @skip_steps_while_restoring_background + @vm.unplug_drive(name) +end + +Given /^the computer is set to boot from the old Tails DVD$/ do + next if @skip_steps_while_restoring_background + @vm.set_cdrom_boot($old_tails_iso) +end + +Given /^the computer is set to boot in UEFI mode$/ do + next if @skip_steps_while_restoring_background + @vm.set_os_loader('UEFI') + @os_loader = 'UEFI' +end + +class ISOHybridUpgradeNotSupported < StandardError +end + +def usb_install_helper(name) + @screen.wait('USBCreateLiveUSB.png', 10) + + # Here we'd like to select USB drive using #{name}, but Sikuli's + # OCR seems to be too unreliable. +# @screen.wait('USBTargetDevice.png', 10) +# match = @screen.find('USBTargetDevice.png') +# region_x = match.x +# region_y = match.y + match.h +# region_w = match.w*3 +# region_h = match.h*2 +# ocr = Sikuli::Region.new(region_x, region_y, region_w, region_h).text +# STDERR.puts ocr +# # Unfortunately this results in almost garbage, like "|]dev/sdm" +# # when it should be /dev/sda1 + + @screen.wait_and_click('USBCreateLiveUSB.png', 10) + if @screen.exists("USBSuggestsInstall.png") + raise ISOHybridUpgradeNotSupported + end + @screen.wait('USBCreateLiveUSBConfirmWindow.png', 10) + @screen.wait_and_click('USBCreateLiveUSBConfirmYes.png', 10) + @screen.wait('USBInstallationComplete.png', 60*60) +end + +When /^I start Tails Installer$/ do + next if @skip_steps_while_restoring_background + @screen.wait_and_click("GnomeApplicationsMenu.png", 10) + @screen.wait_and_click("GnomeApplicationsTails.png", 10) + @screen.wait_and_click("GnomeApplicationsTailsInstaller.png", 20) +end + +When /^I "Clone & Install" Tails to USB drive "([^"]+)"$/ do |name| + next if @skip_steps_while_restoring_background + step "I start Tails Installer" + @screen.wait_and_click('USBCloneAndInstall.png', 30) + usb_install_helper(name) +end + +When /^I "Clone & Upgrade" Tails to USB drive "([^"]+)"$/ do |name| + next if @skip_steps_while_restoring_background + step "I start Tails Installer" + @screen.wait_and_click('USBCloneAndUpgrade.png', 30) + usb_install_helper(name) +end + +When /^I try a "Clone & Upgrade" Tails to USB drive "([^"]+)"$/ do |name| + next if @skip_steps_while_restoring_background + begin + step "I \"Clone & Upgrade\" Tails to USB drive \"#{name}\"" + rescue ISOHybridUpgradeNotSupported + # this is what we expect + else + raise "The USB installer should not succeed" + end +end + +When /^I am suggested to do a "Clone & Install"$/ do + next if @skip_steps_while_restoring_background + @screen.find("USBSuggestsInstall.png") +end + +def shared_iso_dir_on_guest + "/tmp/shared_iso_dir" +end + +Given /^I setup a filesystem share containing the Tails ISO$/ do + next if @skip_steps_while_restoring_background + @vm.add_share(File.dirname($tails_iso), shared_iso_dir_on_guest) +end + +When /^I do a "Upgrade from ISO" on USB drive "([^"]+)"$/ do |name| + next if @skip_steps_while_restoring_background + step "I start Tails Installer" + @screen.wait_and_click('USBUpgradeFromISO.png', 10) + @screen.wait('USBUseLiveSystemISO.png', 10) + match = @screen.find('USBUseLiveSystemISO.png') + @screen.click(match.getCenter.offset(0, match.h*2)) + @screen.wait('USBSelectISO.png', 10) + @screen.wait_and_click('GnomeFileDiagTypeFilename.png', 10) + iso = "#{shared_iso_dir_on_guest}/#{File.basename($tails_iso)}" + @screen.type(iso + Sikuli::Key.ENTER) + usb_install_helper(name) +end + +Given /^I enable all persistence presets$/ do + next if @skip_steps_while_restoring_background + @screen.wait('PersistenceWizardPresets.png', 20) + # Mark first non-default persistence preset + @screen.type(Sikuli::Key.TAB*2) + # Check all non-default persistence presets + 12.times do + @screen.type(Sikuli::Key.SPACE + Sikuli::Key.TAB) + end + @screen.wait_and_click('PersistenceWizardSave.png', 10) + @screen.wait('PersistenceWizardDone.png', 20) + @screen.type(Sikuli::Key.F4, Sikuli::KeyModifier.ALT) +end + +Given /^I create a persistent partition with password "([^"]+)"$/ do |pwd| + next if @skip_steps_while_restoring_background + @screen.wait_and_click("GnomeApplicationsMenu.png", 10) + @screen.wait_and_click("GnomeApplicationsTails.png", 10) + @screen.wait_and_click("GnomeApplicationsConfigurePersistentVolume.png", 20) + @screen.wait('PersistenceWizardWindow.png', 40) + @screen.wait('PersistenceWizardStart.png', 20) + @screen.type(pwd + "\t" + pwd + Sikuli::Key.ENTER) + @screen.wait('PersistenceWizardPresets.png', 300) + step "I enable all persistence presets" +end + +def check_part_integrity(name, dev, usage, type, scheme, label) + info = @vm.execute("udisks --show-info #{dev}").stdout + info_split = info.split("\n partition:\n") + dev_info = info_split[0] + part_info = info_split[1] + assert(dev_info.match("^ usage: +#{usage}$"), + "Unexpected device field 'usage' on USB drive '#{name}', '#{dev}'") + assert(dev_info.match("^ type: +#{type}$"), + "Unexpected device field 'type' on USB drive '#{name}', '#{dev}'") + assert(part_info.match("^ scheme: +#{scheme}$"), + "Unexpected partition scheme on USB drive '#{name}', '#{dev}'") + assert(part_info.match("^ label: +#{label}$"), + "Unexpected partition label on USB drive '#{name}', '#{dev}'") +end + +def tails_is_installed_helper(name, tails_root, loader) + dev = @vm.disk_dev(name) + "1" + check_part_integrity(name, dev, "filesystem", "vfat", "gpt", "Tails") + + target_root = "/mnt/new" + @vm.execute("mkdir -p #{target_root}") + @vm.execute("mount #{dev} #{target_root}") + + c = @vm.execute("diff -qr '#{tails_root}/live' '#{target_root}/live'") + assert(c.success?, + "USB drive '#{name}' has differences in /live:\n#{c.stdout}") + + syslinux_files = @vm.execute("ls -1 #{target_root}/syslinux").stdout.chomp.split + # We deal with these files separately + ignores = ["syslinux.cfg", "exithelp.cfg", "ldlinux.sys"] + for f in syslinux_files - ignores do + c = @vm.execute("diff -q '#{tails_root}/#{loader}/#{f}' " + + "'#{target_root}/syslinux/#{f}'") + assert(c.success?, "USB drive '#{name}' has differences in " + + "'/syslinux/#{f}'") + end + + # The main .cfg is named differently vs isolinux + c = @vm.execute("diff -q '#{tails_root}/#{loader}/#{loader}.cfg' " + + "'#{target_root}/syslinux/syslinux.cfg'") + assert(c.success?, "USB drive '#{name}' has differences in " + + "'/syslinux/syslinux.cfg'") + + @vm.execute("umount #{target_root}") + @vm.execute("sync") +end + +Then /^the running Tails is installed on USB drive "([^"]+)"$/ do |target_name| + next if @skip_steps_while_restoring_background + loader = boot_device_type == "usb" ? "syslinux" : "isolinux" + tails_is_installed_helper(target_name, "/lib/live/mount/medium", loader) +end + +Then /^the ISO's Tails is installed on USB drive "([^"]+)"$/ do |target_name| + next if @skip_steps_while_restoring_background + iso = "#{shared_iso_dir_on_guest}/#{File.basename($tails_iso)}" + iso_root = "/mnt/iso" + @vm.execute("mkdir -p #{iso_root}") + @vm.execute("mount -o loop #{iso} #{iso_root}") + tails_is_installed_helper(target_name, iso_root, "isolinux") + @vm.execute("umount #{iso_root}") +end + +Then /^there is no persistence partition on USB drive "([^"]+)"$/ do |name| + next if @skip_steps_while_restoring_background + data_part_dev = @vm.disk_dev(name) + "2" + assert(!@vm.execute("test -b #{data_part_dev}").success?, + "USB drive #{name} has a partition '#{data_part_dev}'") +end + +Then /^a Tails persistence partition with password "([^"]+)" exists on USB drive "([^"]+)"$/ do |pwd, name| + next if @skip_steps_while_restoring_background + dev = @vm.disk_dev(name) + "2" + check_part_integrity(name, dev, "crypto", "crypto_LUKS", "gpt", "TailsData") + + # The LUKS container may already be opened, e.g. by udisks after + # we've run tails-persistence-setup. + c = @vm.execute("ls -1 /dev/mapper/") + if c.success? + for candidate in c.stdout.split("\n") + luks_info = @vm.execute("cryptsetup status #{candidate}") + if luks_info.success? and luks_info.stdout.match("^\s+device:\s+#{dev}$") + luks_dev = "/dev/mapper/#{candidate}" + break + end + end + end + if luks_dev.nil? + c = @vm.execute("echo #{pwd} | cryptsetup luksOpen #{dev} #{name}") + assert(c.success?, "Couldn't open LUKS device '#{dev}' on drive '#{name}'") + luks_dev = "/dev/mapper/#{name}" + end + + # Adapting check_part_integrity() seems like a bad idea so here goes + info = @vm.execute("udisks --show-info #{luks_dev}").stdout + assert info.match("^ cleartext luks device:$") + assert info.match("^ usage: +filesystem$") + assert info.match("^ type: +ext[34]$") + assert info.match("^ label: +TailsData$") + + mount_dir = "/mnt/#{name}" + @vm.execute("mkdir -p #{mount_dir}") + c = @vm.execute("mount #{luks_dev} #{mount_dir}") + assert(c.success?, + "Couldn't mount opened LUKS device '#{dev}' on drive '#{name}'") + + @vm.execute("umount #{mount_dir}") + @vm.execute("sync") + @vm.execute("cryptsetup luksClose #{name}") +end + +Given /^I enable persistence with password "([^"]+)"$/ do |pwd| + next if @skip_steps_while_restoring_background + @screen.wait('TailsGreeterPersistence.png', 10) + @screen.type(Sikuli::Key.SPACE) + @screen.wait('TailsGreeterPersistencePassphrase.png', 10) + match = @screen.find('TailsGreeterPersistencePassphrase.png') + @screen.click(match.getCenter.offset(match.w*2, match.h/2)) + @screen.type(pwd) +end + +def tails_persistence_enabled? + persistence_state_file = "/var/lib/live/config/tails.persistence" + return @vm.execute("test -e '#{persistence_state_file}'").success? && + @vm.execute('. #{persistence_state_file} && ' + + 'test "$TAILS_PERSISTENCE_ENABLED" = true').success? +end + +Given /^persistence is enabled$/ do + next if @skip_steps_while_restoring_background + try_for(120, :msg => "Persistence is disabled") do + tails_persistence_enabled? + end + # Check that all persistent directories are mounted + mount = @vm.execute("mount").stdout.chomp + for _, dir in persistent_mounts do + assert(mount.include?("on #{dir} "), + "Persistent directory '#{dir}' is not mounted") + end +end + +Given /^persistence is disabled$/ do + next if @skip_steps_while_restoring_background + assert(!tails_persistence_enabled?, "Persistence is enabled") +end + +Given /^I enable read-only persistence with password "([^"]+)"$/ do |pwd| + step "I enable persistence with password \"#{pwd}\"" + next if @skip_steps_while_restoring_background + @screen.wait_and_click('TailsGreeterPersistenceReadOnly.png', 10) +end + +def boot_device + # Approach borrowed from + # config/chroot_local_includes/lib/live/config/998-permissions + boot_dev_id = @vm.execute("udevadm info --device-id-of-file=/lib/live/mount/medium").stdout.chomp + boot_dev = @vm.execute("readlink -f /dev/block/'#{boot_dev_id}'").stdout.chomp + return boot_dev +end + +def boot_device_type + # Approach borrowed from + # config/chroot_local_includes/lib/live/config/998-permissions + boot_dev_info = @vm.execute("udevadm info --query=property --name='#{boot_device}'").stdout.chomp + boot_dev_type = (boot_dev_info.split("\n").select { |x| x.start_with? "ID_BUS=" })[0].split("=")[1] + return boot_dev_type +end + +Then /^Tails is running from USB drive "([^"]+)"$/ do |name| + next if @skip_steps_while_restoring_background + assert_equal("usb", boot_device_type) + actual_dev = boot_device + # The boot partition differs between a "normal" install using the + # USB installer and isohybrid installations + expected_dev_normal = @vm.disk_dev(name) + "1" + expected_dev_isohybrid = @vm.disk_dev(name) + "4" + assert(actual_dev == expected_dev_normal || + actual_dev == expected_dev_isohybrid, + "We are running from device #{actual_dev}, but for USB drive " + + "'#{name}' we expected to run from either device " + + "#{expected_dev_normal} (when installed via the USB installer) " + + "or #{expected_dev_normal} (when installed from an isohybrid)") +end + +Then /^the boot device has safe access rights$/ do + next if @skip_steps_while_restoring_background + + super_boot_dev = boot_device.sub(/[[:digit:]]+$/, "") + devs = @vm.execute("ls -1 #{super_boot_dev}*").stdout.chomp.split + assert(devs.size > 0, "Could not determine boot device") + all_users = @vm.execute("cut -d':' -f1 /etc/passwd").stdout.chomp.split + all_users_with_groups = all_users.collect do |user| + groups = @vm.execute("groups #{user}").stdout.chomp.sub(/^#{user} : /, "").split(" ") + [user, groups] + end + for dev in devs do + dev_owner = @vm.execute("stat -c %U #{dev}").stdout.chomp + dev_group = @vm.execute("stat -c %G #{dev}").stdout.chomp + dev_perms = @vm.execute("stat -c %a #{dev}").stdout.chomp + assert_equal("root", dev_owner) + assert(dev_group == "disk" || dev_group == "root", + "Boot device '#{dev}' owned by group '#{dev_group}', expected " + + "'disk' or 'root'.") + assert_equal("1660", dev_perms) + for user, groups in all_users_with_groups do + next if user == "root" + assert(!(groups.include?(dev_group)), + "Unprivileged user '#{user}' is in group '#{dev_group}' which " + + "owns boot device '#{dev}'") + end + end + + info = @vm.execute("udisks --show-info #{super_boot_dev}").stdout + assert(info.match("^ system internal: +1$"), + "Boot device '#{super_boot_dev}' is not system internal for udisks") +end + +Then /^persistent filesystems have safe access rights$/ do + persistent_volumes_mountpoints.each do |mountpoint| + fs_owner = @vm.execute("stat -c %U #{mountpoint}").stdout.chomp + fs_group = @vm.execute("stat -c %G #{mountpoint}").stdout.chomp + fs_perms = @vm.execute("stat -c %a #{mountpoint}").stdout.chomp + assert_equal("root", fs_owner) + assert_equal("root", fs_group) + assert_equal('775', fs_perms) + end +end + +Then /^persistence configuration files have safe access rights$/ do + persistent_volumes_mountpoints.each do |mountpoint| + assert(@vm.execute("test -e #{mountpoint}/persistence.conf").success?, + "#{mountpoint}/persistence.conf does not exist, while it should") + assert(@vm.execute("test ! -e #{mountpoint}/live-persistence.conf").success?, + "#{mountpoint}/live-persistence.conf does exist, while it should not") + @vm.execute( + "ls -1 #{mountpoint}/persistence.conf #{mountpoint}/live-*.conf" + ).stdout.chomp.split.each do |f| + file_owner = @vm.execute("stat -c %U '#{f}'").stdout.chomp + file_group = @vm.execute("stat -c %G '#{f}'").stdout.chomp + file_perms = @vm.execute("stat -c %a '#{f}'").stdout.chomp + assert_equal("tails-persistence-setup", file_owner) + assert_equal("tails-persistence-setup", file_group) + assert_equal("600", file_perms) + end + end +end + +Then /^persistent directories have safe access rights$/ do + next if @skip_steps_while_restoring_background + expected_perms = "700" + persistent_volumes_mountpoints.each do |mountpoint| + # We also want to check that dotfiles' source has safe permissions + all_persistent_dirs = persistent_mounts.clone + all_persistent_dirs["dotfiles"] = "/home/#{$live_user}/" + persistent_mounts.each do |src, dest| + next unless dest.start_with?("/home/#{$live_user}/") + f = "#{mountpoint}/#{src}" + next unless @vm.execute("test -d #{f}").success? + file_perms = @vm.execute("stat -c %a '#{f}'").stdout.chomp + assert_equal(expected_perms, file_perms) + end + end +end + +When /^I write some files expected to persist$/ do + next if @skip_steps_while_restoring_background + persistent_mounts.each do |_, dir| + owner = @vm.execute("stat -c %U #{dir}").stdout.chomp + assert(@vm.execute("touch #{dir}/XXX_persist", user=owner).success?, + "Could not create file in persistent directory #{dir}") + end +end + +When /^I remove some files expected to persist$/ do + next if @skip_steps_while_restoring_background + persistent_mounts.each do |_, dir| + owner = @vm.execute("stat -c %U #{dir}").stdout.chomp + assert(@vm.execute("rm #{dir}/XXX_persist", user=owner).success?, + "Could not remove file in persistent directory #{dir}") + end +end + +When /^I write some files not expected to persist$/ do + next if @skip_steps_while_restoring_background + persistent_mounts.each do |_, dir| + owner = @vm.execute("stat -c %U #{dir}").stdout.chomp + assert(@vm.execute("touch #{dir}/XXX_gone", user=owner).success?, + "Could not create file in persistent directory #{dir}") + end +end + +Then /^the expected persistent files are present in the filesystem$/ do + next if @skip_steps_while_restoring_background + persistent_mounts.each do |_, dir| + assert(@vm.execute("test -e #{dir}/XXX_persist").success?, + "Could not find expected file in persistent directory #{dir}") + assert(!@vm.execute("test -e #{dir}/XXX_gone").success?, + "Found file that should not have persisted in persistent directory #{dir}") + end +end + +Then /^only the expected files should persist on USB drive "([^"]+)"$/ do |name| + next if @skip_steps_while_restoring_background + step "a computer" + step "the computer is set to boot from USB drive \"#{name}\"" + step "the network is unplugged" + step "I start the computer" + step "the computer boots Tails" + step "I enable read-only persistence with password \"asdf\"" + step "I log in to a new session" + step "persistence is enabled" + step "GNOME has started" + step "all notifications have disappeared" + step "the expected persistent files are present in the filesystem" + step "I shutdown Tails and wait for the computer to power off" +end + +When /^I delete the persistent partition$/ do + next if @skip_steps_while_restoring_background + @screen.wait_and_click("GnomeApplicationsMenu.png", 10) + @screen.wait_and_click("GnomeApplicationsTails.png", 10) + @screen.wait_and_click("GnomeApplicationsDeletePersistentVolume.png", 20) + @screen.wait("PersistenceWizardWindow.png", 40) + @screen.wait("PersistenceWizardDeletionStart.png", 20) + @screen.type(" ") + @screen.wait("PersistenceWizardDone.png", 120) +end + +Then /^Tails has started in UEFI mode$/ do + assert(@vm.execute("test -d /sys/firmware/efi").success?, + "/sys/firmware/efi does not exist") + end diff --git a/features/step_definitions/windows_camouflage.rb b/features/step_definitions/windows_camouflage.rb new file mode 100644 index 00000000..82ccd8c8 --- /dev/null +++ b/features/step_definitions/windows_camouflage.rb @@ -0,0 +1,10 @@ +Given /^I enable Microsoft Windows camouflage$/ do + @theme = "windows" + next if @skip_steps_while_restoring_background + @screen.wait_and_click("TailsGreeterWindowsCamouflage.png", 10) +end + +When /^I click the start menu$/ do + next if @skip_steps_while_restoring_background + @screen.wait_and_click("WindowsStartButton.png", 10) +end |