features/step_definitions/untrusted_partitions.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61

Given /^I create an? ([[:alnum:]]+) swap partition on disk "([^"]+)"$/ do |parttype, name|
  $vm.storage.disk_mkswap(name, parttype)
end

Then /^an? "([^"]+)" partition was detected by Tails on drive "([^"]+)"$/ do |type, name|
  part_info = $vm.execute_successfully(
      "blkid '#{$vm.disk_dev(name)}'").stdout.strip
  assert(part_info.split.grep(/^TYPE=\"#{Regexp.escape(type)}\"$/),
         "No #{type} partition was detected by Tails on disk '#{name}'")
end

Then /^Tails has no disk swap enabled$/ do
  # Skip first line which contain column headers
  swap_info = $vm.execute_successfully("tail -n+2 /proc/swaps").stdout
  assert(swap_info.empty?,
         "Disk swapping is enabled according to /proc/swaps:\n" + swap_info)
  mem_info = $vm.execute_successfully("grep '^Swap' /proc/meminfo").stdout
  assert(mem_info.match(/^SwapTotal:\s+0 kB$/),
             "Disk swapping is enabled according to /proc/meminfo:\n" +
             mem_info)
end

Given /^I create an? ([[:alnum:]]+) partition( labeled "([^"]+)")? with an? ([[:alnum:]]+) filesystem( encrypted with password "([^"]+)")? on disk "([^"]+)"$/ do |parttype, has_label, label, fstype, is_encrypted, luks_password, name|
  opts = {}
  opts.merge!(:label => label) if has_label
  opts.merge!(:luks_password => luks_password) if is_encrypted
  $vm.storage.disk_mkpartfs(name, parttype, fstype, opts)
end

Given /^I cat an ISO of the Tails image to disk "([^"]+)"$/ do |name|
  src_disk = {
    :path => TAILS_ISO,
    :opts => {
      :format => "raw",
      :readonly => true
    }
  }
  dest_disk = {
    :path => $vm.storage.disk_path(name),
    :opts => {
      :format => $vm.storage.disk_format(name)
    }
  }
  $vm.storage.guestfs_disk_helper(src_disk, dest_disk) do |g, src_disk_handle, dest_disk_handle|
    g.copy_device_to_device(src_disk_handle, dest_disk_handle, {})
  end
end

Then /^drive "([^"]+)" is not mounted$/ do |name|
  dev = $vm.disk_dev(name)
  assert(!$vm.execute("grep -qs '^#{dev}' /proc/mounts").success?,
         "an untrusted partition from drive '#{name}' was automounted")
end

Then /^Tails Greeter has( not)? detected a persistence partition$/ do |no_persistence|
  expecting_persistence = no_persistence.nil?
  @screen.find('TailsGreeter.png')
  found_persistence = ! @screen.exists('TailsGreeterPersistence.png').nil?
  assert_equal(expecting_persistence, found_persistence,
               "Persistence is unexpectedly#{no_persistence} enabled")
end