From 51680b6ebb645d37ebdfcd122ca163b3a638aefa Mon Sep 17 00:00:00 2001 From: Tails developers Date: Fri, 19 Dec 2014 00:40:08 +0100 Subject: files copied from https://git-tails.immerda.ch/tails - many thanks to the tails developers for their nice work and documentation of it - these files have been released under the GNU General Public License version 3 or (at your option) any later version features/images has been omitted --- bin/run_test_suite | 196 ++++++ features/apt.feature | 34 ++ features/build.feature | 75 +++ features/checks.feature | 57 ++ features/dhcp.feature | 32 + features/domains/default.xml | 64 ++ features/domains/default_net.xml | 13 + features/domains/disk.xml | 5 + features/domains/fs_share.xml | 6 + features/domains/storage_pool.xml | 6 + features/domains/volume.xml | 14 + features/encryption.feature | 31 + features/erase_memory.feature | 61 ++ features/evince.feature | 53 ++ features/firewall_leaks.feature | 37 ++ features/i2p.feature | 33 ++ features/misc_files/sample.pdf | Bin 0 -> 22347 bytes features/misc_files/sample.tex | 8 + features/pidgin.feature | 71 +++ features/root_access_control.feature | 44 ++ features/step_definitions/apt.rb | 80 +++ features/step_definitions/build.rb | 71 +++ features/step_definitions/checks.rb | 143 +++++ features/step_definitions/common_steps.rb | 687 ++++++++++++++++++++++ features/step_definitions/dhcp.rb | 20 + features/step_definitions/encryption.rb | 139 +++++ features/step_definitions/erase_memory.rb | 172 ++++++ features/step_definitions/evince.rb | 20 + features/step_definitions/firewall_leaks.rb | 60 ++ features/step_definitions/i2p.rb | 60 ++ features/step_definitions/pidgin.rb | 188 ++++++ features/step_definitions/root_access_control.rb | 45 ++ features/step_definitions/time_syncing.rb | 20 + features/step_definitions/torified_browsing.rb | 12 + features/step_definitions/torified_gnupg.rb | 54 ++ features/step_definitions/totem.rb | 50 ++ features/step_definitions/truecrypt.rb | 12 + features/step_definitions/unsafe_browser.rb | 154 +++++ features/step_definitions/untrusted_partitions.rb | 35 ++ features/step_definitions/usb.rb | 492 ++++++++++++++++ features/step_definitions/windows_camouflage.rb | 10 + features/support/config.rb | 34 ++ features/support/env.rb | 53 ++ features/support/extra_hooks.rb | 45 ++ features/support/helpers/display_helper.rb | 51 ++ features/support/helpers/exec_helper.rb | 61 ++ features/support/helpers/firewall_helper.rb | 100 ++++ features/support/helpers/misc_helpers.rb | 121 ++++ features/support/helpers/net_helper.rb | 42 ++ features/support/helpers/sikuli_helper.rb | 145 +++++ features/support/helpers/storage_helper.rb | 143 +++++ features/support/helpers/vm_helper.rb | 426 ++++++++++++++ features/support/hooks.rb | 156 +++++ features/time_syncing.feature | 41 ++ features/torified_browsing.feature | 35 ++ features/torified_gnupg.feature | 31 + features/totem.feature | 59 ++ features/truecrypt.feature | 12 + features/unsafe_browser.feature | 47 ++ features/untrusted_partitions.feature | 41 ++ features/usb_install.feature | 274 +++++++++ features/windows_camouflage.feature | 36 ++ 62 files changed, 5317 insertions(+) create mode 100755 bin/run_test_suite create mode 100644 features/apt.feature create mode 100644 features/build.feature create mode 100644 features/checks.feature create mode 100644 features/dhcp.feature create mode 100644 features/domains/default.xml create mode 100644 features/domains/default_net.xml create mode 100644 features/domains/disk.xml create mode 100644 features/domains/fs_share.xml create mode 100644 features/domains/storage_pool.xml create mode 100644 features/domains/volume.xml create mode 100644 features/encryption.feature create mode 100644 features/erase_memory.feature create mode 100644 features/evince.feature create mode 100644 features/firewall_leaks.feature create mode 100644 features/i2p.feature create mode 100644 features/misc_files/sample.pdf create mode 100644 features/misc_files/sample.tex create mode 100644 features/pidgin.feature create mode 100644 features/root_access_control.feature create mode 100644 features/step_definitions/apt.rb create mode 100644 features/step_definitions/build.rb create mode 100644 features/step_definitions/checks.rb create mode 100644 features/step_definitions/common_steps.rb create mode 100644 features/step_definitions/dhcp.rb create mode 100644 features/step_definitions/encryption.rb create mode 100644 features/step_definitions/erase_memory.rb create mode 100644 features/step_definitions/evince.rb create mode 100644 features/step_definitions/firewall_leaks.rb create mode 100644 features/step_definitions/i2p.rb create mode 100644 features/step_definitions/pidgin.rb create mode 100644 features/step_definitions/root_access_control.rb create mode 100644 features/step_definitions/time_syncing.rb create mode 100644 features/step_definitions/torified_browsing.rb create mode 100644 features/step_definitions/torified_gnupg.rb create mode 100644 features/step_definitions/totem.rb create mode 100644 features/step_definitions/truecrypt.rb create mode 100644 features/step_definitions/unsafe_browser.rb create mode 100644 features/step_definitions/untrusted_partitions.rb create mode 100644 features/step_definitions/usb.rb create mode 100644 features/step_definitions/windows_camouflage.rb create mode 100644 features/support/config.rb create mode 100644 features/support/env.rb create mode 100644 features/support/extra_hooks.rb create mode 100644 features/support/helpers/display_helper.rb create mode 100644 features/support/helpers/exec_helper.rb create mode 100644 features/support/helpers/firewall_helper.rb create mode 100644 features/support/helpers/misc_helpers.rb create mode 100644 features/support/helpers/net_helper.rb create mode 100644 features/support/helpers/sikuli_helper.rb create mode 100644 features/support/helpers/storage_helper.rb create mode 100644 features/support/helpers/vm_helper.rb create mode 100644 features/support/hooks.rb create mode 100644 features/time_syncing.feature create mode 100644 features/torified_browsing.feature create mode 100644 features/torified_gnupg.feature create mode 100644 features/totem.feature create mode 100644 features/truecrypt.feature create mode 100644 features/unsafe_browser.feature create mode 100644 features/untrusted_partitions.feature create mode 100644 features/usb_install.feature create mode 100644 features/windows_camouflage.feature diff --git a/bin/run_test_suite b/bin/run_test_suite new file mode 100755 index 00000000..cf7abeb9 --- /dev/null +++ b/bin/run_test_suite @@ -0,0 +1,196 @@ +#!/bin/sh + +set -e +set -u + +NAME=$(basename ${0}) + +usage() { + echo "Usage: $NAME [OPTION]... [FEATURE]... +Sets up an appropriate environment and tests FEATUREs (all by default). Note +that this script must be run from the Tails source directory root. + +Options for '@product' features: + --capture FILE Captures the test session into FILE using VP8 encoding. + Requires ffmpeg and libvpx1. + --debug Display various debugging information while running the + test suite. + --pause-on-fail On failure, pause test suite until pressing Enter. This is + useful for investigating the state of the VM guest to see + exactly why a test failed. + --keep-snapshots Don't ever delete the background snapshots. This can a big + time saver when debugging new features. + --retry-find Print a warning whenever Sikuli fails to find an image + and allow *one* retry after pressing ENTER. This is useful + for updating outdated images. + --temp-dir Directory where various temporary files are written + during a test, e.g. VM snapshots and memory dumps, + failure screenshots, pcap files and disk images + (default is /tmp/TailsToaster). + --view Shows the test session in a windows. Requires x11vnc + and xtightvncviewer. + --vnc-server-only Starts a VNC server for the test session. Requires x11vnc. + --iso IMAGE Test '@product' features using IMAGE. If none is given, + the ISO with most recent creation date (according to the + ISO's label) in the current directory will be used. + --old-iso IMAGE For some '@product' features (e.g. usb_install) we need + an older version of Tails, which this options sets to + IMAGE. If none is given, the ISO with the least recent + creation date will be used. + +Note that '@source' features has no relevant options. +" +} + +error() { + echo "${NAME}: error: ${*}" >&2 + usage + exit 1 +} + +check_dependency() { + if ! which "${1}" >/dev/null && \ + ! dpkg -s "${1}" 2>/dev/null | grep -q "^Status:.*installed"; then + error "'${1}' is missing, please install it and run again. Aborting..." + fi +} + +display_in_use() { + [ -e "/tmp/.X${1#:}-lock" ] || [ -e "/tmp/.X11-unix/X${1#:}" ] +} + +next_free_display() { + display_nr=0 + while display_in_use ":${display_nr}"; do + display_nr=$((display_nr+1)) + done + echo ":${display_nr}" +} + +start_xvfb() { + Xvfb $TARGET_DISPLAY -screen 0 1024x768x24+32 >/dev/null 2>&1 & + XVFB_PID=$! + trap "kill -0 ${XVFB_PID} 2>/dev/null && kill -9 ${XVFB_PID}; \ + rm -f /tmp/.X${TARGET_DISPLAY#:}-lock" EXIT + # Wait for Xvfb to run on TARGET_DISPLAY + until display_in_use $TARGET_DISPLAY; do + sleep 1 + done + echo "Virtual X framebuffer started on display ${TARGET_DISPLAY}" + # Hide the mouse cursor so it won't mess up Sikuli's screen scanning + unclutter -display $TARGET_DISPLAY -root -idle 0 >/dev/null 2>&1 & +} + +start_vnc_server() { + check_dependency x11vnc + VNC_SERVER_PORT="$(x11vnc -listen localhost -display ${TARGET_DISPLAY} \ + -bg -nopw 2>&1 | \ + grep -m 1 "^PORT=[0-9]\+" | sed 's/^PORT=//')" + echo "VNC server running on: localhost:${VNC_SERVER_PORT}" +} + +start_vnc_viewer() { + check_dependency xtightvncviewer + xtightvncviewer -viewonly localhost:${VNC_SERVER_PORT} 1>/dev/null 2>&1 & +} + +capture_session() { + echo "Capturing guest display into ${CAPTURE_FILE}" + ffmpeg -f x11grab -s 1024x768 -r 15 -i ${TARGET_DISPLAY}.0 -an \ + -vcodec libvpx -y "${CAPTURE_FILE}" >/dev/null 2>&1 & +} + +# main script + +CAPTURE_FILE= +VNC_VIEWER= +VNC_SERVER= +DEBUG= +PAUSE_ON_FAIL= +KEEP_SNAPSHOTS= +SIKULI_RETRY_FINDFAILED= +TEMP_DIR= +ISO= +OLD_ISO= + +LONGOPTS="view,vnc-server-only,capture:,help,temp-dir:,keep-snapshots,retry-find,iso:,old-iso:,debug,pause-on-fail" +OPTS=$(getopt -o "" --longoptions $LONGOPTS -n "${NAME}" -- "$@") +eval set -- "$OPTS" +while [ $# -gt 0 ]; do + case $1 in + --view) + VNC_VIEWER=yes + VNC_SERVER=yes + ;; + --vnc-server-only) + VNC_VIEWER= + VNC_SERVER=yes + ;; + --capture) + shift + CAPTURE_FILE="$1" + ;; + --debug) + export DEBUG="yes" + ;; + --pause-on-fail) + export PAUSE_ON_FAIL="yes" + ;; + --keep-snapshots) + export KEEP_SNAPSHOTS="yes" + ;; + --retry-find) + export SIKULI_RETRY_FINDFAILED="yes" + ;; + --temp-dir) + shift + export TEMP_DIR="$(readlink -f $1)" + ;; + --iso) + shift + export ISO="$(readlink -f $1)" + ;; + --old-iso) + shift + export OLD_ISO="$(readlink -f $1)" + ;; + --help) + usage + exit 0 + ;; + --) + shift + break + ;; + esac + shift +done + +for dep in ffmpeg git libvirt-bin libvirt-dev libavcodec-extra-53 libvpx1 \ + virt-viewer libsikuli-script-java ovmf tcpdump xvfb; do + check_dependency "${dep}" +done + +TARGET_DISPLAY=$(next_free_display) + +start_xvfb + +if [ -n "${CAPTURE_FILE}" ]; then + capture_session +fi +if [ -n "${VNC_SERVER}" ]; then + start_vnc_server +fi +if [ -n "${VNC_VIEWER}" ]; then + start_vnc_viewer +fi + +export JAVA_HOME="/usr/lib/jvm/java-7-openjdk-amd64" +export SIKULI_HOME="/usr/share/java" +export DISPLAY=${TARGET_DISPLAY} +check_dependency cucumber +if [ -z "${*}" ]; then + cucumber --format ExtraHooks::Pretty features +else + cucumber --format ExtraHooks::Pretty features/step_definitions features/support ${*} +fi diff --git a/features/apt.feature b/features/apt.feature new file mode 100644 index 00000000..e86d3c60 --- /dev/null +++ b/features/apt.feature @@ -0,0 +1,34 @@ +@product +Feature: Installing packages through APT + As a Tails user + when I set an administration password in Tails Greeter + I should be able to install packages using APT and Synaptic + and all Internet traffic should flow only through Tor. + + Background: + Given a computer + And I capture all network traffic + And I start the computer + And the computer boots Tails + And I enable more Tails Greeter options + And I set sudo password "asdf" + And I log in to a new session + And GNOME has started + And Tor is ready + And all notifications have disappeared + And available upgrades have been checked + And I save the state so the background can be restored next scenario + + Scenario: APT sources are configured correctly + Then the only hosts in APT sources are "ftp.us.debian.org,security.debian.org,backports.debian.org,deb.tails.boum.org,deb.torproject.org,mozilla.debian.net" + + Scenario: Install packages using apt-get + When I update APT using apt-get + Then I should be able to install a package using apt-get + And all Internet traffic has only flowed through Tor + + Scenario: Install packages using Synaptic + When I start Synaptic + And I update APT using Synaptic + Then I should be able to install a package using Synaptic + And all Internet traffic has only flowed through Tor diff --git a/features/build.feature b/features/build.feature new file mode 100644 index 00000000..4cc0b650 --- /dev/null +++ b/features/build.feature @@ -0,0 +1,75 @@ +@source +Feature: custom APT sources to build branches + As a Tails developer, when I build Tails, I'd be happy if + the proper APT sources were automatically picked depending + on which Git branch I am working on. + + Scenario: build from an untagged stable branch + Given I am working on the stable branch + And last released version mentioned in debian/changelog is 1.0 + And Tails 1.0 has not been released yet + When I run tails-custom-apt-sources + Then I should see the 'stable' suite + Then I should not see the '1.0' suite + + Scenario: build from a tagged stable branch + Given Tails 0.10 has been released + And last released version mentioned in debian/changelog is 0.10 + And I am working on the stable branch + When I run tails-custom-apt-sources + Then I should see the '0.10' suite + + Scenario: build from a bugfix branch for a stable release + Given Tails 0.10 has been released + And last released version mentioned in debian/changelog is 0.10 + And I am working on the bugfix/disable_gdomap branch based on 0.10 + When I run tails-custom-apt-sources + Then I should see the '0.10' suite + And I should see the 'bugfix-disable-gdomap' suite + + Scenario: build from an untagged testing branch + Given I am working on the testing branch + And last released version mentioned in debian/changelog is 0.11 + And Tails 0.11 has not been released yet + When I run tails-custom-apt-sources + Then I should see the 'testing' suite + And I should not see the '0.11' suite + + Scenario: build from a tagged testing branch + Given I am working on the testing branch + And last released version mentioned in debian/changelog is 0.11 + And Tails 0.11 has been released + When I run tails-custom-apt-sources + Then I should see the '0.11' suite + And I should not see the 'testing' suite + + Scenario: build a release candidate from a tagged testing branch + Given I am working on the testing branch + And Tails 0.11 has been released + And last released version mentioned in debian/changelog is 0.12~rc1 + And Tails 0.12-rc1 has been tagged + When I run tails-custom-apt-sources + Then I should see the '0.12-rc1' suite + And I should not see the 'testing' suite + + Scenario: build from the devel branch + Given I am working on the devel branch + When I run tails-custom-apt-sources + Then I should see the 'devel' suite + + Scenario: build from the experimental branch + Given I am working on the experimental branch + When I run tails-custom-apt-sources + Then I should see the 'experimental' suite + + Scenario: build from a feature branch based on devel + Given I am working on the feature/icedove branch based on devel + When I run tails-custom-apt-sources + Then I should see the 'devel' suite + And I should see the 'feature-icedove' suite + + Scenario: build from a feature branch based on devel with dots in its name + Given I am working on the feature/live-boot-3.x branch based on devel + When I run tails-custom-apt-sources + Then I should see the 'devel' suite + And I should see the 'feature-live-boot-3.x' suite diff --git a/features/checks.feature b/features/checks.feature new file mode 100644 index 00000000..277bdb99 --- /dev/null +++ b/features/checks.feature @@ -0,0 +1,57 @@ +@product +Feature: Various checks + + Background: + Given a computer + And I start Tails from DVD with network unplugged and I login + And I save the state so the background can be restored next scenario + + Scenario: AppArmor is enabled and has enforced profiles + Then AppArmor is enabled + And some AppArmor profiles are enforced + + Scenario: VirtualBox guest modules are available + When Tails has booted a 64-bit kernel + Then the VirtualBox guest modules are available + + Scenario: The shipped Tails signing key is up-to-date + Given the network is plugged + And Tor is ready + And all notifications have disappeared + Then the shipped Tails signing key is not outdated + + Scenario: The live user is setup correctly + Then the live user has been setup by live-boot + And the live user is a member of only its own group and "audio cdrom dialout floppy video plugdev netdev fuse scanner lp lpadmin vboxsf" + And the live user owns its home dir and it has normal permissions + + Scenario: No initial network + Given I wait between 30 and 60 seconds + When the network is plugged + And Tor is ready + And all notifications have disappeared + And the time has synced + And process "vidalia" is running within 30 seconds + + Scenario: No unexpected network services + When the network is plugged + And Tor is ready + Then no unexpected services are listening for network connections + + Scenario: The emergency shutdown applet can shutdown Tails + When I request a shutdown using the emergency shutdown applet + Then Tails eventually shuts down + + Scenario: The emergency shutdown applet can reboot Tails + When I request a reboot using the emergency shutdown applet + Then Tails eventually restarts + + # We ditch the background snapshot for this scenario since we cannot + # add a filesystem share to a live VM so it would have to be in the + # background above. However, there's a bug that seems to make shares + # impossible to have after a snapshot restore. + Scenario: MAT can clean a PDF file + Given a computer + And I setup a filesystem share containing a sample PDF + And I start Tails from DVD with network unplugged and I login + Then MAT can clean some sample PDF file diff --git a/features/dhcp.feature b/features/dhcp.feature new file mode 100644 index 00000000..c15ae0c1 --- /dev/null +++ b/features/dhcp.feature @@ -0,0 +1,32 @@ +@product +Feature: Getting a DHCP lease without leaking too much information + As a Tails user + when I connect to a network with a DHCP server + I should be able to connect to the Internet + and the hostname should not have been leaked on the network. + + Scenario: Getting a DHCP lease with the default NetworkManager connection + Given a computer + And I capture all network traffic + And I start the computer + And the computer boots Tails + And I log in to a new session + And GNOME has started + And Tor is ready + And all notifications have disappeared + And available upgrades have been checked + Then the hostname should not have been leaked on the network + + Scenario: Getting a DHCP lease with a manually configured NetworkManager connection + Given a computer + And I capture all network traffic + And I start the computer + And the computer boots Tails + And I log in to a new session + And GNOME has started + And Tor is ready + And all notifications have disappeared + And available upgrades have been checked + And I add a wired DHCP NetworkManager connection called "manually-added-con" + And I switch to the "manually-added-con" NetworkManager connection + Then the hostname should not have been leaked on the network diff --git a/features/domains/default.xml b/features/domains/default.xml new file mode 100644 index 00000000..3d25576f --- /dev/null +++ b/features/domains/default.xml @@ -0,0 +1,64 @@ + + TailsToaster + 1310720 + 1310720 + 1 + + hvm + + + + + + + + + destroy + restart + restart + + /usr/bin/qemu-system-x86_64 + + + + + +
+ + +
+ + + +
+ + +
+ + + + + +
+ + + + + + + + + + +
+ +