From da080c472fc415b0ce918f4dd4a1ab143bb1bca4 Mon Sep 17 00:00:00 2001 From: Philip Hands Date: Mon, 14 Mar 2016 15:36:16 +0100 Subject: rough attempt to grab the good cucumber bits from recent tails --- bin/lvc/run_test_suite | 174 ++-- features/apt.feature | 15 +- features/build.feature | 209 ++++- features/checks.feature | 92 ++- features/config/defaults.yml | 36 + features/dhcp.feature | 24 +- features/domains/default.xml | 31 +- features/domains/volume.xml | 2 +- features/electrum.feature | 34 + features/encryption.feature | 10 +- features/evince.feature | 67 +- features/firewall_leaks.feature | 37 - features/icedove.feature | 39 + features/localization.feature | 19 + features/mac_spoofing.feature | 71 ++ features/mat.feature | 13 + features/persistence.feature | 55 ++ features/pidgin.feature | 98 ++- features/po.feature | 9 + features/root_access_control.feature | 13 +- features/scripts/otr-bot.py | 206 +++++ features/scripts/vm-execute | 52 ++ features/ssh.feature | 31 + features/step_definitions/apt.rb | 68 +- features/step_definitions/browser.rb | 195 +++++ features/step_definitions/build.rb | 62 +- features/step_definitions/checks.rb | 253 ++++-- features/step_definitions/common_steps.rb | 953 ++++++++++++++-------- features/step_definitions/dhcp.rb | 5 +- features/step_definitions/electrum.rb | 52 ++ features/step_definitions/encryption.rb | 120 ++- features/step_definitions/evince.rb | 19 +- features/step_definitions/firewall_leaks.rb | 28 +- features/step_definitions/git.rb | 6 + features/step_definitions/icedove.rb | 94 +++ features/step_definitions/mac_spoofing.rb | 108 +++ features/step_definitions/pidgin.rb | 369 ++++++++- features/step_definitions/po.rb | 8 + features/step_definitions/root_access_control.rb | 21 +- features/step_definitions/snapshots.rb | 211 +++++ features/step_definitions/ssh.rb | 122 +++ features/step_definitions/time_syncing.rb | 80 +- features/step_definitions/tor.rb | 402 +++++++++ features/step_definitions/torified_browsing.rb | 15 +- features/step_definitions/torified_gnupg.rb | 228 +++++- features/step_definitions/torified_misc.rb | 41 + features/step_definitions/totem.rb | 49 +- features/step_definitions/unsafe_browser.rb | 251 +++--- features/step_definitions/untrusted_partitions.rb | 72 +- features/step_definitions/usb.rb | 552 ++++++++----- features/support/config.rb | 96 ++- features/support/env.rb | 39 +- features/support/extra_hooks.rb | 144 +++- features/support/helpers/chatbot_helper.rb | 59 ++ features/support/helpers/ctcp_helper.rb | 126 +++ features/support/helpers/display_helper.rb | 51 +- features/support/helpers/exec_helper.rb | 30 +- features/support/helpers/firewall_helper.rb | 87 +- features/support/helpers/misc_helpers.rb | 228 ++++-- features/support/helpers/net_helper.rb | 42 - features/support/helpers/sikuli_helper.rb | 91 ++- features/support/helpers/sniffing_helper.rb | 43 + features/support/helpers/sshd_helper.rb | 67 ++ features/support/helpers/storage_helper.rb | 135 ++- features/support/helpers/vm_helper.rb | 532 ++++++++---- features/support/hooks.rb | 306 ++++--- features/time_syncing.feature | 106 ++- features/tor_bridges.feature | 36 + features/tor_enforcement.feature | 76 ++ features/tor_stream_isolation.feature | 62 ++ features/torified_browsing.feature | 165 +++- features/torified_git.feature | 31 + features/torified_gnupg.feature | 52 +- features/torified_misc.feature | 24 + features/totem.feature | 63 +- features/unsafe_browser.feature | 62 +- features/untrusted_partitions.feature | 61 +- features/usb_install.feature | 323 ++------ features/usb_upgrade.feature | 164 ++++ job-cfg/lvc.yaml | 4 +- update_jdn.sh | 4 +- 81 files changed, 6930 insertions(+), 2100 deletions(-) create mode 100644 features/config/defaults.yml create mode 100644 features/electrum.feature delete mode 100644 features/firewall_leaks.feature create mode 100644 features/icedove.feature create mode 100644 features/localization.feature create mode 100644 features/mac_spoofing.feature create mode 100644 features/mat.feature create mode 100644 features/persistence.feature create mode 100644 features/po.feature create mode 100755 features/scripts/otr-bot.py create mode 100755 features/scripts/vm-execute create mode 100644 features/ssh.feature create mode 100644 features/step_definitions/browser.rb create mode 100644 features/step_definitions/electrum.rb create mode 100644 features/step_definitions/git.rb create mode 100644 features/step_definitions/icedove.rb create mode 100644 features/step_definitions/mac_spoofing.rb create mode 100644 features/step_definitions/po.rb create mode 100644 features/step_definitions/snapshots.rb create mode 100644 features/step_definitions/ssh.rb create mode 100644 features/step_definitions/tor.rb create mode 100644 features/step_definitions/torified_misc.rb create mode 100644 features/support/helpers/chatbot_helper.rb create mode 100644 features/support/helpers/ctcp_helper.rb delete mode 100644 features/support/helpers/net_helper.rb create mode 100644 features/support/helpers/sniffing_helper.rb create mode 100644 features/support/helpers/sshd_helper.rb create mode 100644 features/tor_bridges.feature create mode 100644 features/tor_enforcement.feature create mode 100644 features/tor_stream_isolation.feature create mode 100644 features/torified_git.feature create mode 100644 features/torified_misc.feature create mode 100644 features/usb_upgrade.feature diff --git a/bin/lvc/run_test_suite b/bin/lvc/run_test_suite index 9939abca..154a4a6c 100755 --- a/bin/lvc/run_test_suite +++ b/bin/lvc/run_test_suite @@ -1,44 +1,97 @@ -#!/bin/sh +#!/bin/bash set -e set -u +set -o pipefail NAME=$(basename ${0}) +GENERAL_DEPENDENCIES=" +cucumber +devscripts +dnsmasq-base +gawk +git +i18nspector +libav-tools +libcap2-bin +libsikuli-script-java +libvirt-clients +libvirt-daemon-system +libvirt-dev +libvirt0 +openjdk-7-jre +openssh-server +ovmf +python-jabberbot +python-potr +qemu-kvm +qemu-system-x86 +ruby-guestfs +ruby-json +ruby-libvirt +ruby-net-irc +ruby-packetfu +ruby-rb-inotify +ruby-rjb +ruby-rspec +ruby-test-unit +seabios +tcpdump +unclutter +virt-viewer +xvfb +" + usage() { - echo "Usage: $NAME [OPTION]... [FEATURE]... -Sets up an appropriate environment and tests FEATUREs (all by default). Note -that this script must be run from the Tails source directory root. + echo "Usage: $NAME [OPTION]... [--] [CUCUMBER_ARGS]... +Sets up an appropriate environment and invokes cucumber. Note that this script +must be run from the Tails source directory root. Options for '@product' features: - --capture FILE Captures the test session into FILE using VP8 encoding. - Requires ffmpeg and libvpx1. - --debug Display various debugging information while running the - test suite. + --artifacts-base-uri URI + Pretend that the artifact is located at URI when printing + its location during a scenario failure. This is useful if + you intend to serve the artifacts via the web, for + instance. + --capture Captures failed scenarios into videos stored in the + temporary directory (see --tmpdir below) using x264 + encoding. Requires x264. + --capture-all Keep videos for all scenarios, including those that + succeed (implies --capture). --pause-on-fail On failure, pause test suite until pressing Enter. This is useful for investigating the state of the VM guest to see exactly why a test failed. - --keep-snapshots Don't ever delete the background snapshots. This can a big - time saver when debugging new features. + --keep-snapshots Don't ever delete any snapshots (including ones marked as + temporary). This can be a big time saver when debugging new + features. --retry-find Print a warning whenever Sikuli fails to find an image and allow *one* retry after pressing ENTER. This is useful for updating outdated images. - --temp-dir Directory where various temporary files are written + --tmpdir Directory where various temporary files are written during a test, e.g. VM snapshots and memory dumps, failure screenshots, pcap files and disk images - (default is /tmp/DebianToaster). + (default is TMPDIR in the environment, and if unset, + /tmp/DebianToaster). --view Shows the test session in a windows. Requires x11vnc and xtightvncviewer. --vnc-server-only Starts a VNC server for the test session. Requires x11vnc. - --iso IMAGE Test '@product' features using IMAGE. If none is given, - the ISO with most recent creation date (according to the - ISO's label) in the current directory will be used. + --iso IMAGE Test '@product' features using IMAGE. --old-iso IMAGE For some '@product' features (e.g. usb_install) we need an older version of Tails, which this options sets to - IMAGE. If none is given, the ISO with the least recent - creation date will be used. + IMAGE. If none is given, it defaults to the same IMAGE + given by --iso, which will be good enough for most testing + purposes. Note that '@source' features has no relevant options. + +CUCUMBER_ARGS can be used to specify which features to be run, but also any +cucumber option, although then you must pass \`--\` first to let this wrapper +script know that we're done with *its* options. For debugging purposes, a +'debug' formatter has been added so pretty debugging can be enabled with +\`--format debug\`. You could even combine the default (pretty) formatter with +pretty debugging printed to a file with \`--format pretty --format debug +--out debug.log\`. " } @@ -48,11 +101,25 @@ error() { exit 1 } -check_dependency() { - if ! which "${1}" >/dev/null && \ - ! dpkg -s "${1}" 2>/dev/null | grep -q "^Status:.*installed"; then - error "'${1}' is missing, please install it and run again. Aborting..." +package_installed() { + local ret + set +o pipefail + if dpkg -s "${1}" 2>/dev/null | grep -q "^Status:.*installed"; then + ret=0 + else + ret=1 fi + set -o pipefail + return ${ret} +} + +check_dependencies() { + while [ -n "${1:-}" ]; do + if ! which "${1}" >/dev/null && ! package_installed "${1}" ; then + error "'${1}' is missing, please install it and run again." + fi + shift + done } display_in_use() { @@ -67,11 +134,13 @@ next_free_display() { echo ":${display_nr}" } +test_suite_cleanup() { + (kill -0 ${XVFB_PID} 2>/dev/null && kill ${XVFB_PID}) || /bin/true +} + start_xvfb() { Xvfb $TARGET_DISPLAY -screen 0 1024x768x24+32 >/dev/null 2>&1 & XVFB_PID=$! - trap "kill -0 ${XVFB_PID} 2>/dev/null && kill -9 ${XVFB_PID}; \ - rm -f /tmp/.X${TARGET_DISPLAY#:}-lock" EXIT # Wait for Xvfb to run on TARGET_DISPLAY until display_in_use $TARGET_DISPLAY; do sleep 1 @@ -82,42 +151,51 @@ start_xvfb() { } start_vnc_server() { - check_dependency x11vnc + check_dependencies x11vnc VNC_SERVER_PORT="$(x11vnc -listen localhost -display ${TARGET_DISPLAY} \ - -bg -nopw 2>&1 | \ + -bg -nopw -forever 2>&1 | \ grep -m 1 "^PORT=[0-9]\+" | sed 's/^PORT=//')" echo "VNC server running on: localhost:${VNC_SERVER_PORT}" } start_vnc_viewer() { - check_dependency xtightvncviewer + check_dependencies xtightvncviewer xtightvncviewer -viewonly localhost:${VNC_SERVER_PORT} 1>/dev/null 2>&1 & } capture_session() { + check_dependencies libvpx1 echo "Capturing guest display into ${CAPTURE_FILE}" - ffmpeg -f x11grab -s 1024x768 -r 15 -i ${TARGET_DISPLAY}.0 -an \ + avconv -f x11grab -s 1024x768 -r 15 -i ${TARGET_DISPLAY}.0 -an \ -vcodec libvpx -y "${CAPTURE_FILE}" >/dev/null 2>&1 & } # main script -CAPTURE_FILE= +# Unset all environment variables used by this script to pass options +# to cucumber, except TMPDIR since we explicitly want to support +# setting it that way. +ARTIFACTS_BASE_URI= +CAPTURE= +CAPTURE_ALL= +LOG_FILE= VNC_VIEWER= VNC_SERVER= -DEBUG= PAUSE_ON_FAIL= KEEP_SNAPSHOTS= SIKULI_RETRY_FINDFAILED= -TEMP_DIR= ISO= OLD_ISO= -LONGOPTS="view,vnc-server-only,capture:,help,temp-dir:,keep-snapshots,retry-find,iso:,old-iso:,debug,pause-on-fail" +LONGOPTS="artifacts-base-uri:,view,vnc-server-only,capture,capture-all,help,tmpdir:,keep-snapshots,retry-find,iso:,old-iso:,pause-on-fail" OPTS=$(getopt -o "" --longoptions $LONGOPTS -n "${NAME}" -- "$@") eval set -- "$OPTS" while [ $# -gt 0 ]; do case $1 in + --artifacts-base-uri) + shift + export ARTIFACTS_BASE_URI="${1}" + ;; --view) VNC_VIEWER=yes VNC_SERVER=yes @@ -127,11 +205,13 @@ while [ $# -gt 0 ]; do VNC_SERVER=yes ;; --capture) - shift - CAPTURE_FILE="$1" + check_dependencies x264 + export CAPTURE="yes" ;; - --debug) - export DEBUG="yes" + --capture-all) + check_dependencies x264 + export CAPTURE="yes" + export CAPTURE_ALL="yes" ;; --pause-on-fail) export PAUSE_ON_FAIL="yes" @@ -142,9 +222,9 @@ while [ $# -gt 0 ]; do --retry-find) export SIKULI_RETRY_FINDFAILED="yes" ;; - --temp-dir) + --tmpdir) shift - export TEMP_DIR="$(readlink -f $1)" + export TMPDIR="$(readlink -f $1)" ;; --iso) shift @@ -166,26 +246,21 @@ while [ $# -gt 0 ]; do shift done -for dep in ffmpeg git libvirt-bin libvirt-dev libavcodec-extra-53 libvpx1 \ - virt-viewer libsikuli-script-java ovmf tcpdump xvfb; do - check_dependency "${dep}" -done +trap "test_suite_cleanup" EXIT HUP INT QUIT TERM + +check_dependencies ${GENERAL_DEPENDENCIES} TARGET_DISPLAY=$(next_free_display) start_xvfb -if [ -n "${CAPTURE_FILE}" ]; then - capture_session -fi -if [ -n "${VNC_SERVER}" ]; then +if [ -n "${VNC_SERVER:-}" ]; then start_vnc_server fi -if [ -n "${VNC_VIEWER}" ]; then +if [ -n "${VNC_VIEWER:-}" ]; then start_vnc_viewer fi -export JAVA_HOME="/usr/lib/jvm/java-7-openjdk-amd64" export SIKULI_HOME="/usr/share/java" export SIKULI_IMAGE_PATH="/srv/jenkins/features/images/" export RUBYLIB="/srv/jenkins" @@ -193,7 +268,10 @@ export FEATURE_PATH="/srv/jenkins/features" export VM_XML_PATH="/srv/jenkins/features/domains" export DISPLAY=${TARGET_DISPLAY} CUCUMBEROPTS="--verbose --backtrace --expand" -check_dependency cucumber +check_dependencies cucumber + +set -x + if [ -z "${*}" ]; then cucumber $CUCUMBEROPTS --format ExtraHooks::Pretty $FEATURE_PATH else diff --git a/features/apt.feature b/features/apt.feature index 126f6ecf..ac778c26 100644 --- a/features/apt.feature +++ b/features/apt.feature @@ -1,4 +1,5 @@ -@product +#10497: wait_until_tor_is_working +@product @fragile Feature: Installing packages through APT As a Tails user when I set an administration password in Tails Greeter @@ -21,13 +22,15 @@ Feature: Installing packages through APT Scenario: APT sources are configured correctly Then the only hosts in APT sources are "ftp.us.debian.org,http.debian.net,ftp.debian.org,security.debian.org" - Scenario: Install packages using apt-get - When I update APT using apt-get - Then I should be able to install a package using apt-get - And all Internet traffic has only flowed through Tor + #10496: apt-get scenarios are fragile + @check_tor_leaks @fragile + Scenario: Install packages using apt + When I update APT using apt + Then I should be able to install a package using apt + #10441: Synaptic test is fragile + @check_tor_leaks @fragile Scenario: Install packages using Synaptic When I start Synaptic And I update APT using Synaptic Then I should be able to install a package using Synaptic - And all Internet traffic has only flowed through Tor diff --git a/features/build.feature b/features/build.feature index 4cc0b650..74d314de 100644 --- a/features/build.feature +++ b/features/build.feature @@ -4,72 +4,209 @@ Feature: custom APT sources to build branches the proper APT sources were automatically picked depending on which Git branch I am working on. - Scenario: build from an untagged stable branch - Given I am working on the stable branch - And last released version mentioned in debian/changelog is 1.0 + Scenario: build from an untagged stable branch where the config/APT_overlays.d directory is empty + Given I am working on the stable base branch + And the last version mentioned in debian/changelog is 1.0 And Tails 1.0 has not been released yet - When I run tails-custom-apt-sources + And the config/APT_overlays.d directory is empty + When I successfully run tails-custom-apt-sources + Then I should see only the 'stable' suite + + Scenario: build from an untagged stable branch where config/APT_overlays.d is not empty + Given I am working on the stable base branch + And the last version mentioned in debian/changelog is 1.0 + And Tails 1.0 has not been released yet + And config/APT_overlays.d contains 'feature-foo' + And config/APT_overlays.d contains 'bugfix-bar' + When I successfully run tails-custom-apt-sources Then I should see the 'stable' suite - Then I should not see the '1.0' suite + And I should see the 'feature-foo' suite + And I should see the 'bugfix-bar' suite + But I should not see the '1.0' suite - Scenario: build from a tagged stable branch + Scenario: build from a tagged stable branch where the config/APT_overlays.d directory is empty Given Tails 0.10 has been released - And last released version mentioned in debian/changelog is 0.10 - And I am working on the stable branch - When I run tails-custom-apt-sources - Then I should see the '0.10' suite + And the last version mentioned in debian/changelog is 0.10 + And I am working on the stable base branch + And the config/APT_overlays.d directory is empty + When I successfully run tails-custom-apt-sources + Then I should see only the '0.10' suite - Scenario: build from a bugfix branch for a stable release + Scenario: build from a tagged stable branch where config/APT_overlays.d is not empty Given Tails 0.10 has been released - And last released version mentioned in debian/changelog is 0.10 - And I am working on the bugfix/disable_gdomap branch based on 0.10 + And the last version mentioned in debian/changelog is 0.10 + And I am working on the stable base branch + And config/APT_overlays.d contains 'feature-foo' When I run tails-custom-apt-sources - Then I should see the '0.10' suite + Then it should fail + + Scenario: build from a bugfix branch without overlays for a stable release + Given Tails 0.10 has been released + And the last version mentioned in debian/changelog is 0.10.1 + And Tails 0.10.1 has not been released yet + And I am working on the bugfix/disable_gdomap branch based on stable + And the config/APT_overlays.d directory is empty + When I successfully run tails-custom-apt-sources + Then I should see only the 'stable' suite + + Scenario: build from a bugfix branch with overlays for a stable release + Given Tails 0.10 has been released + And the last version mentioned in debian/changelog is 0.10.1 + And Tails 0.10.1 has not been released yet + And I am working on the bugfix/disable_gdomap branch based on stable + And config/APT_overlays.d contains 'bugfix-disable-gdomap' + And config/APT_overlays.d contains 'bugfix-bar' + When I successfully run tails-custom-apt-sources + Then I should see the 'stable' suite And I should see the 'bugfix-disable-gdomap' suite + And I should see the 'bugfix-bar' suite + But I should not see the '0.10' suite - Scenario: build from an untagged testing branch - Given I am working on the testing branch - And last released version mentioned in debian/changelog is 0.11 + Scenario: build from an untagged testing branch where the config/APT_overlays.d directory is empty + Given I am working on the testing base branch + And the last version mentioned in debian/changelog is 0.11 And Tails 0.11 has not been released yet - When I run tails-custom-apt-sources + And the config/APT_overlays.d directory is empty + When I successfully run tails-custom-apt-sources Then I should see the 'testing' suite And I should not see the '0.11' suite + And I should not see the 'feature-foo' suite + And I should not see the 'bugfix-bar' suite - Scenario: build from a tagged testing branch - Given I am working on the testing branch - And last released version mentioned in debian/changelog is 0.11 + Scenario: build from an untagged testing branch where config/APT_overlays.d is not empty + Given I am working on the testing base branch + And the last version mentioned in debian/changelog is 0.11 + And Tails 0.11 has not been released yet + And config/APT_overlays.d contains 'feature-foo' + And config/APT_overlays.d contains 'bugfix-bar' + When I successfully run tails-custom-apt-sources + Then I should see the 'testing' suite + And I should see the 'feature-foo' suite + And I should see the 'bugfix-bar' suite + But I should not see the '0.11' suite + + Scenario: build from a tagged testing branch where the config/APT_overlays.d directory is empty + Given I am working on the testing base branch + And the last version mentioned in debian/changelog is 0.11 And Tails 0.11 has been released + And the config/APT_overlays.d directory is empty + When I successfully run tails-custom-apt-sources + Then I should see only the '0.11' suite + + Scenario: build from a tagged testing branch where config/APT_overlays.d is not empty + Given I am working on the testing base branch + And the last version mentioned in debian/changelog is 0.11 + And Tails 0.11 has been released + And config/APT_overlays.d contains 'feature-foo' When I run tails-custom-apt-sources - Then I should see the '0.11' suite - And I should not see the 'testing' suite + Then it should fail Scenario: build a release candidate from a tagged testing branch - Given I am working on the testing branch + Given I am working on the testing base branch And Tails 0.11 has been released - And last released version mentioned in debian/changelog is 0.12~rc1 + And the last version mentioned in debian/changelog is 0.12~rc1 And Tails 0.12-rc1 has been tagged - When I run tails-custom-apt-sources - Then I should see the '0.12-rc1' suite - And I should not see the 'testing' suite + And the config/APT_overlays.d directory is empty + When I successfully run tails-custom-apt-sources + Then I should see only the '0.12-rc1' suite - Scenario: build from the devel branch - Given I am working on the devel branch + Scenario: build a release candidate from a tagged testing branch where config/APT_overlays.d is not empty + Given I am working on the testing base branch + And Tails 0.11 has been released + And the last version mentioned in debian/changelog is 0.12~rc1 + And Tails 0.12-rc1 has been tagged + And config/APT_overlays.d contains 'bugfix-bar' When I run tails-custom-apt-sources + Then it should fail + + Scenario: build from the devel branch without overlays + Given I am working on the devel base branch + And the config/APT_overlays.d directory is empty + When I successfully run tails-custom-apt-sources + Then I should see only the 'devel' suite + + Scenario: build from the devel branch with overlays + Given I am working on the devel base branch + And config/APT_overlays.d contains 'feature-foo' + And config/APT_overlays.d contains 'bugfix-bar' + When I successfully run tails-custom-apt-sources Then I should see the 'devel' suite + And I should see the 'feature-foo' suite + And I should see the 'bugfix-bar' suite + + Scenario: build from the feature/jessie branch without overlays + Given I am working on the feature/jessie base branch + And the config/APT_overlays.d directory is empty + When I successfully run tails-custom-apt-sources + Then I should see only the 'feature-jessie' suite + + Scenario: build from the feature/jessie branch with overlays + Given I am working on the feature/jessie base branch + And config/APT_overlays.d contains 'feature-7756-reintroduce-whisperback' + When I successfully run tails-custom-apt-sources + Then I should see the 'feature-jessie' suite + And I should see the 'feature-7756-reintroduce-whisperback' suite Scenario: build from the experimental branch - Given I am working on the experimental branch - When I run tails-custom-apt-sources - Then I should see the 'experimental' suite + Given I am working on the experimental branch based on devel + And config/APT_overlays.d contains 'feature-foo' + And config/APT_overlays.d contains 'bugfix-bar' + When I successfully run tails-custom-apt-sources + Then I should see the 'devel' suite + And I should see the 'feature-foo' suite + And I should see the 'bugfix-bar' suite - Scenario: build from a feature branch based on devel + Scenario: build from a feature branch with overlays based on devel Given I am working on the feature/icedove branch based on devel - When I run tails-custom-apt-sources + And config/APT_overlays.d contains 'feature-icedove' + And config/APT_overlays.d contains 'bugfix-bar' + When I successfully run tails-custom-apt-sources Then I should see the 'devel' suite And I should see the 'feature-icedove' suite + And I should see the 'bugfix-bar' suite + + Scenario: build from a feature branch without overlays based on devel + Given I am working on the feature/icedove branch based on devel + And the config/APT_overlays.d directory is empty + When I successfully run tails-custom-apt-sources + Then I should see only the 'devel' suite + + Scenario: build from a feature branch with overlays based on feature/jessie + Given I am working on the feature/7756-reintroduce-whisperback branch based on feature/jessie + And config/APT_overlays.d contains 'feature-7756-reintroduce-whisperback' + And config/APT_overlays.d contains 'bugfix-bar' + When I successfully run tails-custom-apt-sources + Then I should see the 'feature-jessie' suite + And I should see the 'feature-7756-reintroduce-whisperback' suite + And I should see the 'bugfix-bar' suite + + Scenario: build from a feature branch without overlays based on feature/jessie + Given I am working on the feature/icedove branch based on feature/jessie + And the config/APT_overlays.d directory is empty + When I successfully run tails-custom-apt-sources + Then I should see only the 'feature-jessie' suite Scenario: build from a feature branch based on devel with dots in its name Given I am working on the feature/live-boot-3.x branch based on devel - When I run tails-custom-apt-sources + And config/APT_overlays.d contains 'feature-live-boot-3.x' + When I successfully run tails-custom-apt-sources Then I should see the 'devel' suite And I should see the 'feature-live-boot-3.x' suite + + Scenario: build from a branch that has no config/APT_overlays.d directory + Given I am working on the stable base branch + And the config/APT_overlays.d directory does not exist + When I run tails-custom-apt-sources + Then it should fail + + Scenario: build from a branch that has no config/base_branch file + Given I am working on the stable base branch + And the config/base_branch file does not exist + When I run tails-custom-apt-sources + Then it should fail + + Scenario: build from a branch where config/base_branch is empty + Given I am working on the stable base branch + And the config/base_branch file is empty + When I run tails-custom-apt-sources + Then it should fail diff --git a/features/checks.feature b/features/checks.feature index 277bdb99..24d35943 100644 --- a/features/checks.feature +++ b/features/checks.feature @@ -1,57 +1,107 @@ @product Feature: Various checks - Background: - Given a computer - And I start Tails from DVD with network unplugged and I login - And I save the state so the background can be restored next scenario - Scenario: AppArmor is enabled and has enforced profiles + Given I have started Tails from DVD without network and logged in Then AppArmor is enabled And some AppArmor profiles are enforced + Scenario: A screenshot is taken when the PRINTSCREEN key is pressed + Given I have started Tails from DVD without network and logged in + And there is no screenshot in the live user's Pictures directory + When I press the "PRINTSCREEN" key + Then a screenshot is saved to the live user's Pictures directory + Scenario: VirtualBox guest modules are available + Given I have started Tails from DVD without network and logged in When Tails has booted a 64-bit kernel Then the VirtualBox guest modules are available - Scenario: The shipped Tails signing key is up-to-date - Given the network is plugged + Scenario: The shipped Tails OpenPGP keys are up-to-date + Given I have started Tails from DVD without network and logged in + Then the OpenPGP keys shipped with Tails will be valid for the next 3 months + + Scenario: The Tails Debian repository key is up-to-date + Given I have started Tails from DVD without network and logged in + Then the shipped Debian repository key will be valid for the next 3 months + + @doc @fragile + Scenario: The "Report an Error" launcher will open the support documentation + Given I have started Tails from DVD without network and logged in + And the network is plugged And Tor is ready And all notifications have disappeared - Then the shipped Tails signing key is not outdated + When I double-click the Report an Error launcher on the desktop + Then the support documentation page opens in Tor Browser Scenario: The live user is setup correctly + Given I have started Tails from DVD without network and logged in Then the live user has been setup by live-boot - And the live user is a member of only its own group and "audio cdrom dialout floppy video plugdev netdev fuse scanner lp lpadmin vboxsf" + And the live user is a member of only its own group and "audio cdrom dialout floppy video plugdev netdev scanner lp lpadmin vboxsf" And the live user owns its home dir and it has normal permissions + @fragile Scenario: No initial network - Given I wait between 30 and 60 seconds + Given I have started Tails from DVD without network and logged in + And I wait between 30 and 60 seconds + Then the Tor Status icon tells me that Tor is not usable When the network is plugged - And Tor is ready + Then Tor is ready + And the Tor Status icon tells me that Tor is usable And all notifications have disappeared And the time has synced - And process "vidalia" is running within 30 seconds + @fragile + Scenario: The 'Tor is ready' notification is shown when Tor has bootstrapped + Given I have started Tails from DVD without network and logged in + And the network is plugged + When I see the 'Tor is ready' notification + Then Tor is ready + + @fragile + Scenario: The tor process should be confined with Seccomp + Given I have started Tails from DVD without network and logged in + And the network is plugged + And Tor is ready + Then the running process "tor" is confined with Seccomp in filter mode + + @fragile Scenario: No unexpected network services + Given I have started Tails from DVD without network and logged in When the network is plugged And Tor is ready Then no unexpected services are listening for network connections Scenario: The emergency shutdown applet can shutdown Tails + Given I have started Tails from DVD without network and logged in When I request a shutdown using the emergency shutdown applet Then Tails eventually shuts down Scenario: The emergency shutdown applet can reboot Tails + Given I have started Tails from DVD without network and logged in When I request a reboot using the emergency shutdown applet Then Tails eventually restarts - # We ditch the background snapshot for this scenario since we cannot - # add a filesystem share to a live VM so it would have to be in the - # background above. However, there's a bug that seems to make shares - # impossible to have after a snapshot restore. - Scenario: MAT can clean a PDF file - Given a computer - And I setup a filesystem share containing a sample PDF - And I start Tails from DVD with network unplugged and I login - Then MAT can clean some sample PDF file + Scenario: tails-debugging-info does not leak information + Given I have started Tails from DVD without network and logged in + Then tails-debugging-info is not susceptible to symlink attacks + + Scenario: Tails shuts down on DVD boot medium removal + Given I have started Tails from DVD without network and logged in + When I eject the boot medium + Then Tails eventually shuts down + + #10720 + @fragile + Scenario: Tails shuts down on USB boot medium removal + Given I have started Tails without network from a USB drive without a persistent partition and logged in + When I eject the boot medium + Then Tails eventually shuts down + + Scenario: The Tails Greeter "disable all networking" option disables networking within Tails + Given I have started Tails from DVD without network and stopped at Tails Greeter's login screen + And I enable more Tails Greeter options + And I disable all networking in the Tails Greeter + And I log in to a new session + And the Tails desktop is ready + Then no network interfaces are enabled diff --git a/features/config/defaults.yml b/features/config/defaults.yml new file mode 100644 index 00000000..9c312146 --- /dev/null +++ b/features/config/defaults.yml @@ -0,0 +1,36 @@ +CAPTURE: false +CAPTURE_ALL: false +MAX_NEW_TOR_CIRCUIT_RETRIES: 10 +PAUSE_ON_FAIL: false +SIKULI_RETRY_FINDFAILED: false +TMPDIR: "/tmp/DebianToaster" + +Unsafe_SSH_private_key: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEAvMUNgUUM/kyuo26m+Xw7igG6zgGFMFbS3u8m5StGsJOn7zLi + J8P5Mml/R+4tdOS6owVU4RaZTPsNZZK/ClYmOPhmNvJ04pVChk2DZ8AARg/TANj3 + qjKs3D+MeKbk1bt6EsA55kgGsTUky5Ti8cc2Wna25jqjagIiyM822PGG9mmI6/zL + YR6QLUizNaciXrRM3Q4R4sQkEreVlHeonPEiGUs9zx0swCpLtPM5UIYte1PVHgkw + ePsU6vM8UqVTK/VwtLLgLanXnsMFuzq7DTAXPq49+XSFNq4JlxbEF6+PQXZvYZ5N + eW00Gq7NSpPP8uoHr6f1J+mMxxnM85jzYtRx+QIDAQABAoIBAA8Bs1MlhCTrP67q + awfGYo1UGd+qq0XugREL/hGV4SbEdkNDzkrO/46MaHv1aVOzo0q2b8r9Gu7NvoDm + q51Mv/kjdizEFZq1tvYqT1n+H4dyVpnopbe4E5nmy2oECokbQFchRPkTnMSVrvko + OupxpdaHPX8MBlW1GcLRBlE00j/gfK1SXX5rcxkF5EHVND1b6iHddTPearDbU8yr + wga1XO6WeohAYzqmGtMD0zk6lOk0LmnTNG6WvHiFTAc/0yTiKub6rNOIEMS/82+V + l437H0hKcIN/7/mf6FpqRNPJTuhOVFf+L4G/ZQ8zHoMGVIbhuTiIPqZ/KMu3NaUF + R634jckCgYEA+jJ31hom/d65LfxWPkmiSkNTEOTfjbfcgpfc7sS3enPsYnfnmn5L + O3JJzAKShSVP8NVuPN5Mg5FGp9QLKrN3kV6QWQ3EnqeW748DXMU6zKGJQ5wo7ZVm + w2DhJ/3PAuBTL/5X4mjPQL+dr86Aq2JBDC7LHJs40I8O7UbhnsdMxKcCgYEAwSXc + 3znAkAX8o2g37RiAl36HdONgxr2eaGK7OExp03pbKmoISw6bFbVpicBy6eTytn0A + 2PuFcBKJRfKrViHyiE8UfAJ31JbUaxpg4bFF6UEszN4CmgKS8fnwEe1aX0qSjvkE + NQSuhN5AfykXY/1WVIaWuC500uB7Ow6M16RDyF8CgYEAqFTeNYlg5Hs+Acd9SukF + rItBTuN92P5z+NUtyuNFQrjNuK5Nf68q9LL/Hag5ZiVldHZUddVmizpp3C6Y2MDo + WEDUQ2Y0/D1rGoAQ1hDIb7bbAEcHblmPSzJaKirkZV4B+g9Yl7bGghypfggkn6o6 + c3TkKLnybrdhZpjC4a3bY48CgYBnWRYdD27c4Ycz/GDoaZLs/NQIFF5FGVL4cdPR + pPl/IdpEEKZNWwxaik5lWedjBZFlWe+pKrRUqmZvWhCZruJyUzYXwM5Tnz0b7epm + +Q76Z1hMaoKj27q65UyymvkfQey3ucCpic7D45RJNjiA1R5rbfSZqqnx6BGoIPn1 + rLxkKwKBgDXiWeUKJCydj0NfHryGBkQvaDahDE3Yigcma63b8vMZPBrJSC4SGAHJ + NWema+bArbaF0rKVJpwvpkZWGcr6qRn94Ts0kJAzR+VIVTOjB9sVwdxjadwWHRs5 + kKnpY0tnSF7hyVRwN7GOsNDJEaFjCW7k4+55D2ZNBy2iN3beW8CZ + -----END RSA PRIVATE KEY----- +Unsafe_SSH_public_key: = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8xQ2BRQz+TK6jbqb5fDuKAbrOAYUwVtLe7yblK0awk6fvMuInw/kyaX9H7i105LqjBVThFplM+w1lkr8KViY4+GY28nTilUKGTYNnwABGD9MA2PeqMqzcP4x4puTVu3oSwDnmSAaxNSTLlOLxxzZadrbmOqNqAiLIzzbY8Yb2aYjr/MthHpAtSLM1pyJetEzdDhHixCQSt5WUd6ic8SIZSz3PHSzAKku08zlQhi17U9UeCTB4+xTq8zxSpVMr9XC0suAtqdeewwW7OrsNMBc+rj35dIU2rgmXFsQXr49Bdm9hnk15bTQars1Kk8/y6gevp/Un6YzHGczzmPNi1HH5 amnesia@amnesia" diff --git a/features/dhcp.feature b/features/dhcp.feature index c15ae0c1..18874dbf 100644 --- a/features/dhcp.feature +++ b/features/dhcp.feature @@ -1,32 +1,22 @@ -@product +@product @fragile Feature: Getting a DHCP lease without leaking too much information As a Tails user when I connect to a network with a DHCP server I should be able to connect to the Internet and the hostname should not have been leaked on the network. - Scenario: Getting a DHCP lease with the default NetworkManager connection - Given a computer + Background: + Given I have started Tails from DVD without network and logged in And I capture all network traffic - And I start the computer - And the computer boots Tails - And I log in to a new session - And GNOME has started + And the network is plugged And Tor is ready And all notifications have disappeared And available upgrades have been checked + + Scenario: Getting a DHCP lease with the default NetworkManager connection Then the hostname should not have been leaked on the network Scenario: Getting a DHCP lease with a manually configured NetworkManager connection - Given a computer - And I capture all network traffic - And I start the computer - And the computer boots Tails - And I log in to a new session - And GNOME has started - And Tor is ready - And all notifications have disappeared - And available upgrades have been checked - And I add a wired DHCP NetworkManager connection called "manually-added-con" + When I add a wired DHCP NetworkManager connection called "manually-added-con" And I switch to the "manually-added-con" NetworkManager connection Then the hostname should not have been leaked on the network diff --git a/features/domains/default.xml b/features/domains/default.xml index 6050d6b3..f1004dcf 100644 --- a/features/domains/default.xml +++ b/features/domains/default.xml @@ -12,6 +12,7 @@ + destroy restart @@ -23,23 +24,17 @@ -
- -
- + -
- - -
+ + -
@@ -47,18 +42,18 @@ - - - -
- + + + + + + +