summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorintrigeri <intrigeri@boum.org>2019-08-28 07:17:51 +0000
committerintrigeri <intrigeri@boum.org>2019-08-28 07:17:51 +0000
commit7ea8ce79fd7415f8df47540f8ea698fb19fab49d (patch)
tree4d2712114c6082a4e88eda25dc894e4950bedc32
parent72870887d9ce7455f04d71ac39f41790e0dbf837 (diff)
parentb504ca5669a0ba0fe752c87140cf14128fc871c0 (diff)
Merge remote-tracking branch 'origin/devel' into test/16004-adapt-usb-scenarios-to-usb-images+force-all-teststest/16004-adapt-usb-scenarios-to-usb-images+force-all-tests
-rw-r--r--Rakefile2
-rwxr-xr-xauto/build2
-rwxr-xr-xauto/scripts/apt-mirror10
-rwxr-xr-xauto/scripts/create-usb-image-from-iso2
-rw-r--r--config/chroot_apt/preferences2
-rwxr-xr-xconfig/chroot_local-hooks/10-tbb2
-rwxr-xr-xconfig/chroot_local-hooks/12-kernel-modules-build-environment4
-rwxr-xr-xconfig/chroot_local-hooks/40-pinentry2
-rwxr-xr-xconfig/chroot_local-hooks/52-update-rc.d9
-rw-r--r--config/chroot_local-hooks/99-zzzzzz_reproducible-builds-post-processing2
-rw-r--r--config/chroot_local-includes/etc/skel/.local/share/applications/mimeapps.list5
-rw-r--r--config/chroot_local-includes/etc/sudoers.d/zzz_tails-additional-software2
-rwxr-xr-xconfig/chroot_local-includes/lib/live/config/1500-reconfigure-APT2
-rw-r--r--config/chroot_local-includes/lib/systemd/system/tails-gdm-failed-to-start.service4
-rw-r--r--config/chroot_local-includes/usr/lib/systemd/user/tails-additional-software-install.service2
-rwxr-xr-xconfig/chroot_local-includes/usr/local/lib/start-systemd-desktop-target2
-rwxr-xr-xconfig/chroot_local-includes/usr/local/sbin/live-persist25
-rw-r--r--config/chroot_local-includes/usr/share/applications/tails-documentation.desktop.in2
-rw-r--r--config/chroot_local-packageslists/tails-common.list7
-rw-r--r--features/images/SecretFileOnVeraCryptVolume.pngbin1353 -> 1285 bytes
-rw-r--r--features/misc_files/container_with_pim.hcbin0 -> 409600 bytes
-rw-r--r--features/step_definitions/browser.rb8
-rw-r--r--features/step_definitions/veracrypt.rb83
-rw-r--r--features/support/helpers/dogtail.rb1
-rw-r--r--features/veracrypt.feature12
-rw-r--r--wiki/src/contribute/release_process.mdwn8
26 files changed, 119 insertions, 81 deletions
diff --git a/Rakefile b/Rakefile
index 32c278a..416b03d 100644
--- a/Rakefile
+++ b/Rakefile
@@ -439,6 +439,8 @@ task :build => ['parse_build_options', 'ensure_clean_repository', 'maybe_clean_u
# command to modify the #{hostname} below.
'-o', 'StrictHostKeyChecking=no',
'-o', 'UserKnownHostsFile=/dev/null',
+ # Speed up the copy
+ '-o', 'Compression=no',
]
fetch_command += artifacts.map { |a| "#{user}@#{hostname}:#{a}" }
fetch_command << ENV['ARTIFACTS']
diff --git a/auto/build b/auto/build
index 7b2a351..bfed3a6 100755
--- a/auto/build
+++ b/auto/build
@@ -85,7 +85,7 @@ find \
config/binary_local-includes \
config/chroot_local-includes \
wiki/src \
- -exec touch --date="@$SOURCE_DATE_EPOCH" '{}' \;
+ -exec touch --no-dereference --date="@$SOURCE_DATE_EPOCH" '{}' \;
# build the image
diff --git a/auto/scripts/apt-mirror b/auto/scripts/apt-mirror
index b069aa8..e2e5b8a 100755
--- a/auto/scripts/apt-mirror
+++ b/auto/scripts/apt-mirror
@@ -33,19 +33,19 @@ CURRENT_BRANCH=$(git_current_branch)
if [ "$BASE_BRANCH" = stable ] \
|| [ "$BASE_BRANCH" = testing ] \
- || ( git_on_a_tag && [ "$CURRENT_BRANCH" = feature/buster ] ) \
+ || ( git_on_a_tag && [ "$CURRENT_BRANCH" = feature/bullseye ] ) \
then
case "$ARCHIVE" in
debian-security)
[ "$SERIAL" = latest ] \
|| fatal "APT snapshots are frozen for the debian-security archive," \
- "which should happen neither on feature/buster nor on" \
+ "which should happen neither on feature/bullseye nor on" \
"a branch based on $BASE_BRANCH"
;;
*)
[ "$SERIAL" != latest ] \
|| fatal "APT snapshots are not frozen for the $ARCHIVE archive," \
- "which should happen neither on feature/buster nor on" \
+ "which should happen neither on feature/bullseye nor on" \
"a branch based on $BASE_BRANCH"
esac
if version_was_released "$(version_in_changelog)"; then
@@ -61,10 +61,10 @@ then
output_time_based_snapshot "$ARCHIVE" "$RESOLVED_SERIAL"
fi
else
- if [ "$BASE_BRANCH" = devel ] || [ "$CURRENT_BRANCH" = feature/buster ]; then
+ if [ "$BASE_BRANCH" = devel ] || [ "$CURRENT_BRANCH" = feature/bullseye ]; then
if [ "$SERIAL" != latest ]; then
fatal "APT snapshots are frozen, which should happen neither on" \
- "feature/buster nor on a branch based on the devel one"
+ "feature/bullseye nor on a branch based on the devel one"
fi
fi
output_time_based_snapshot "$ARCHIVE" "$RESOLVED_SERIAL"
diff --git a/auto/scripts/create-usb-image-from-iso b/auto/scripts/create-usb-image-from-iso
index ebc78bf..d5d5186 100755
--- a/auto/scripts/create-usb-image-from-iso
+++ b/auto/scripts/create-usb-image-from-iso
@@ -106,7 +106,7 @@ class ImageCreator(object):
self.create_partition()
# udisks' create_partition function seems to ignore arg_type
# in Stretch, so we set it via sgdisk.
- # XXX:Buster: Remove set_partition_type
+ # XXX: Remove set_partition_type once our Vagrant box runs Buster (#16868)
self.set_partition_type()
self.set_partition_flags()
# XXX: Rescan?
diff --git a/config/chroot_apt/preferences b/config/chroot_apt/preferences
index 87b55ad..7ce052b 100644
--- a/config/chroot_apt/preferences
+++ b/config/chroot_apt/preferences
@@ -10,7 +10,7 @@ Package: b43-fwcutter
Pin: release o=Debian,n=sid
Pin-Priority: 999
-Explanation: unavailable in stretch and stretch-backports, version in sid is intentionally broken (Debian#928518)
+Explanation: unavailable in Buster, version in sid is intentionally broken (Debian#928518)
Package: electrum python3-electrum
Pin: origin deb.tails.boum.org
Pin-Priority: 999
diff --git a/config/chroot_local-hooks/10-tbb b/config/chroot_local-hooks/10-tbb
index a4cb125..7fa0bff 100755
--- a/config/chroot_local-hooks/10-tbb
+++ b/config/chroot_local-hooks/10-tbb
@@ -74,7 +74,7 @@ install_tor_browser() {
# instead of the system one, whenever ours is too old.
# For details see projects/firefox/abicheck.cc in
# https://git.torproject.org/builders/tor-browser-build.git
- # Tor Browser 8.0a10 requires GLIBCXX_3.4.22, which Stretch has
+ # Tor Browser 8.0a10 requires GLIBCXX_3.4.22, which Buster has
# so disable this for now.
# cp "${prep}"/TorBrowser/Tor/libstdc++.so.6 "${prep}"
diff --git a/config/chroot_local-hooks/12-kernel-modules-build-environment b/config/chroot_local-hooks/12-kernel-modules-build-environment
index e7549e3..a3bb017 100755
--- a/config/chroot_local-hooks/12-kernel-modules-build-environment
+++ b/config/chroot_local-hooks/12-kernel-modules-build-environment
@@ -11,9 +11,11 @@ echo "Setting up a build environment for kernel modules"
# Import ensure_hook_dependency_is_installed()
. /usr/local/lib/tails-shell-library/build.sh
+# This hack is not needed on Buster but let's keep the commented code around
+# for next time we need it.
+#
# # Install gcc-6 and fake linux-compiler-gcc-8-x86
# # (linux-headers-4.19+ depends on it, but Stretch hasn't GCC 8)
-# # XXX:Buster: remove this hack.
# ensure_hook_dependency_is_installed gcc-6
# NEWEST_INSTALLED_KERNEL_VERSION="$(
# dpkg-query --showformat '${Version}\n' --show 'linux-image-*-amd64' \
diff --git a/config/chroot_local-hooks/40-pinentry b/config/chroot_local-hooks/40-pinentry
index 0736147..4fbd6a9 100755
--- a/config/chroot_local-hooks/40-pinentry
+++ b/config/chroot_local-hooks/40-pinentry
@@ -8,7 +8,7 @@ for alternative in pinentry pinentry-x11 ; do
update-alternatives --set "$alternative" /usr/bin/pinentry-gtk-2
done
-# XXX:Buster remove once Debian bug #869416 is fixed
+# XXX:Bullseye remove once Debian bug #869416 is fixed
mkdir -p /usr/lib/pinentry
dpkg-divert --add --rename --divert \
/usr/lib/pinentry/pinentry-gtk-2 \
diff --git a/config/chroot_local-hooks/52-update-rc.d b/config/chroot_local-hooks/52-update-rc.d
index ec54037..fae1a00 100755
--- a/config/chroot_local-hooks/52-update-rc.d
+++ b/config/chroot_local-hooks/52-update-rc.d
@@ -1,10 +1,11 @@
#!/bin/sh
set -e
+set -u
### Tweak systemd unit files
-# Workaround for https://bugs.debian.org/714957
+# Workaround for https://bugs.debian.org/934389
systemctl enable memlockd.service
# Enable our own systemd unit files
@@ -32,10 +33,9 @@ systemctl --global enable tails-virt-notify-user.service
systemctl --global enable tails-wait-until-tor-has-bootstrapped.service
# Use socket activation only, to delay the startup of cupsd.
-# In practice, on Jessie this means that cupsd is started during
+# In practice, this means that cupsd is started during
# the initialization of the GNOME session, which is fine: by then,
# the persistent /etc/cups has been mounted.
-# XXX: make sure it's the case on Stretch, adjust if not.
systemctl disable cups.service
systemctl enable cups.socket
@@ -50,7 +50,8 @@ systemctl disable NetworkManager.service
systemctl disable NetworkManager-wait-online.service
# systemd-networkd fallbacks to Google's nameservers when no other nameserver
-# is provided by the network configuration. In Jessie, this service is disabled
+# is provided by the network configuration. As of Debian Buster,
+# this service is disabled
# by default, but it feels safer to make this explicit. Besides, it might be
# that systemd-networkd vs. firewall setup ordering is suboptimal in this respect,
# so let's avoid any risk of DNS leaks here.
diff --git a/config/chroot_local-hooks/99-zzzzzz_reproducible-builds-post-processing b/config/chroot_local-hooks/99-zzzzzz_reproducible-builds-post-processing
index 55e0a01..ef2056f 100644
--- a/config/chroot_local-hooks/99-zzzzzz_reproducible-builds-post-processing
+++ b/config/chroot_local-hooks/99-zzzzzz_reproducible-builds-post-processing
@@ -37,7 +37,7 @@ rm -r /var/lib/dkms/*/*/*/*/log
# Post-process /etc/shadow by setting the sp_lstchg field to the number of days
# since SOURCE_DATE_EPOCH instead of 1st Jan 1970. (#12339)
-# XXX:Buster: drop this if https://bugs.debian.org/857803 is fixed.
+# XXX:Bullseye: drop this as https://bugs.debian.org/917773 is fixed.
cut -d: -f1 /etc/shadow | \
xargs -L1 \
chage --lastday \
diff --git a/config/chroot_local-includes/etc/skel/.local/share/applications/mimeapps.list b/config/chroot_local-includes/etc/skel/.local/share/applications/mimeapps.list
index 301d35e..616dbda 100644
--- a/config/chroot_local-includes/etc/skel/.local/share/applications/mimeapps.list
+++ b/config/chroot_local-includes/etc/skel/.local/share/applications/mimeapps.list
@@ -1,5 +1,8 @@
-# XXX: Stretch -- the seahorse associations in here fix:
+# The seahorse associations in here fix:
# - https://bugs.freedesktop.org/show_bug.cgi?id=93656
+# aka. https://gitlab.freedesktop.org/xdg/shared-mime-info/issues/39
+# aka. https://bugs.freedesktop.org/show_bug.cgi?id=93656
+# aka. https://bugs.debian.org/913550
# - Tails#10889
# - Tails#10571
# - Tails#10943
diff --git a/config/chroot_local-includes/etc/sudoers.d/zzz_tails-additional-software b/config/chroot_local-includes/etc/sudoers.d/zzz_tails-additional-software
index 11baa48..3787816 100644
--- a/config/chroot_local-includes/etc/sudoers.d/zzz_tails-additional-software
+++ b/config/chroot_local-includes/etc/sudoers.d/zzz_tails-additional-software
@@ -1,4 +1,4 @@
-# XXX:Buster this sudo rule should be replaced by a polkit rule once we have
+# XXX:Bullseye this sudo rule should be replaced by a polkit rule once we have
# policykit >= 0.106. The rule is already in
# [[blueprint/additional_software_packages/org.boum.tails.additional-software.rules]]
# and should be installed in /usr/share/polkit-1/rules.d/
diff --git a/config/chroot_local-includes/lib/live/config/1500-reconfigure-APT b/config/chroot_local-includes/lib/live/config/1500-reconfigure-APT
index 60c6887..2212fec 100755
--- a/config/chroot_local-includes/lib/live/config/1500-reconfigure-APT
+++ b/config/chroot_local-includes/lib/live/config/1500-reconfigure-APT
@@ -107,7 +107,7 @@ s{
^
(Pin:\s+release\s+)
o=Debian
- (,[an]=stretch-backports)
+ (,[an]=buster-backports)
$
}{$1o=Debian Backports$2}xms;
' | perl -pi - /etc/apt/preferences
diff --git a/config/chroot_local-includes/lib/systemd/system/tails-gdm-failed-to-start.service b/config/chroot_local-includes/lib/systemd/system/tails-gdm-failed-to-start.service
index ae598f8..c7632de 100644
--- a/config/chroot_local-includes/lib/systemd/system/tails-gdm-failed-to-start.service
+++ b/config/chroot_local-includes/lib/systemd/system/tails-gdm-failed-to-start.service
@@ -20,9 +20,7 @@ Type=oneshot
# watch_for_coldplug_completion will set up a watcher and return before
# there's any place where plymouthd can create a seat to display its
# splash and messages on. So we tell plymouthd to ignore udev which makes
-# it create a fallback seat.
-# XXX:Buster: check if plymouth.ignore-udev is still necessary (this code path
-# has changed in plymouth 0.9.3)
+# it create a fallback seat. The removal of this hack is tracked on #16964.
ExecStart=/bin/sh -c \
'/sbin/plymouthd --mode=shutdown --tty=tty5 \
--kernel-command-line="plymouth.ignore-udev $(cat /proc/cmdline)"'
diff --git a/config/chroot_local-includes/usr/lib/systemd/user/tails-additional-software-install.service b/config/chroot_local-includes/usr/lib/systemd/user/tails-additional-software-install.service
index fff9413..ace956d 100644
--- a/config/chroot_local-includes/usr/lib/systemd/user/tails-additional-software-install.service
+++ b/config/chroot_local-includes/usr/lib/systemd/user/tails-additional-software-install.service
@@ -9,7 +9,7 @@ Documentation=https://tails.boum.org/contribute/design/persistence/
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/bin/sudo /bin/systemctl start tails-additional-software-install.service
-# XXX:Buster: when policykit-1 >= 0.106 is available in Tails, we should
+# XXX:Bullseye: when policykit-1 >= 0.106 is available in Tails, we should
# use the following, and remove sudoers.d configuration:
#ExecStart=/bin/systemctl start tails-additional-software-install.service
TimeoutStartSec=0
diff --git a/config/chroot_local-includes/usr/local/lib/start-systemd-desktop-target b/config/chroot_local-includes/usr/local/lib/start-systemd-desktop-target
index f4905b4..33331a0 100755
--- a/config/chroot_local-includes/usr/local/lib/start-systemd-desktop-target
+++ b/config/chroot_local-includes/usr/local/lib/start-systemd-desktop-target
@@ -3,8 +3,6 @@
set -e
set -u
-# XXX: check if we still need that in Stretch
-
# Import (almost all) XDG_*, locale-related and DBUS_SESSION_BUS_ADDRESS variables
# into the systemd user instance's environment. We're filtering some
# XDG_* out in order not to pretend that processes run via `systemd --user`
diff --git a/config/chroot_local-includes/usr/local/sbin/live-persist b/config/chroot_local-includes/usr/local/sbin/live-persist
index 8bdba4f..656a18c 100755
--- a/config/chroot_local-includes/usr/local/sbin/live-persist
+++ b/config/chroot_local-includes/usr/local/sbin/live-persist
@@ -434,31 +434,6 @@ activate_volumes ()
fi
rm -f ${custom_mounts} 2> /dev/null
- # Update persistent GnuPG configuration for Stretch
- if mountpoint --quiet /home/amnesia/.gnupg ; then
- # Install current dirmngr.conf if there is no persistent one
- if [ ! -e /home/amnesia/.gnupg/dirmngr.conf ]
- then
- install --owner amnesia --group amnesia --mode 0600 \
- /etc/skel/.gnupg/dirmngr.conf \
- /home/amnesia/.gnupg/dirmngr.conf \
- || warning "Could not install dirmngr.conf"
- fi
- # Disable gpg.conf settings that either are obsolete,
- # or would break communication with keyservers
- if [ -e /home/amnesia/.gnupg/gpg.conf ]
- then
- obsolete_keyserver_options_str='http-proxy|ca-cert-file'
- obsolete_keyserver_options_bool='no-try-dns-srv|no-honor-keyserver-url'
- sed -i --regexp-extended \
- "s/^(keyserver\s+)/#\1/ ; \
- s/^(keyserver-options\s+($obsolete_keyserver_options_str)=)/\#\\1/ ; \
- s/^(keyserver-options\s+($obsolete_keyserver_options_bool))\$/\#\\1/" \
- /home/amnesia/.gnupg/gpg.conf \
- || warning "Could not update gpg.conf"
- fi
- fi
-
# Get rid of any Enigmail configuredVersion that we previously used
# to set in a way that would persistently override the value maintained
# by Enigmail itself (#12680, #15693). We stopped writing this pref
diff --git a/config/chroot_local-includes/usr/share/applications/tails-documentation.desktop.in b/config/chroot_local-includes/usr/share/applications/tails-documentation.desktop.in
index d7bd773..fb3bef6 100644
--- a/config/chroot_local-includes/usr/share/applications/tails-documentation.desktop.in
+++ b/config/chroot_local-includes/usr/share/applications/tails-documentation.desktop.in
@@ -7,5 +7,5 @@ Categories=Documentation;Tails;
Type=Application
Terminal=false
Exec=/usr/local/bin/tails-documentation doc
-Icon=/usr/share/icons/gnome/48x48/categories/system-help.png
+Icon=tails-help
StartupNotify=true
diff --git a/config/chroot_local-packageslists/tails-common.list b/config/chroot_local-packageslists/tails-common.list
index e4e5a01..398280e 100644
--- a/config/chroot_local-packageslists/tails-common.list
+++ b/config/chroot_local-packageslists/tails-common.list
@@ -39,7 +39,7 @@ acl
zenity
# Needed by tails-htp-notify-user and others
libdesktop-notify-perl
-# Needed by tails-persistence-setup on Buster
+# Needed by tails-persistence-setup
libblockdev-crypto2
# Needed by tails-transform-mirror-url
nodejs
@@ -110,6 +110,7 @@ gnome-menus
gnome-power-manager
gnome-screenshot
gnome-session
+gnome-shell
gnome-shell-extension-desktop-icons
gnome-shell-extension-top-icons-plus
gnome-shell-extensions
@@ -356,9 +357,7 @@ printer-driver-hpcups
printer-driver-gutenprint
printer-driver-postscript-hp
-### Make the MAT more powerful
-libimage-exiftool-perl
-python-cairo
+### Enable MAT2's Nautilus extension
python-nautilus
### Needed by virtualbox-guest-utils
diff --git a/features/images/SecretFileOnVeraCryptVolume.png b/features/images/SecretFileOnVeraCryptVolume.png
index 718f412..6d28a93 100644
--- a/features/images/SecretFileOnVeraCryptVolume.png
+++ b/features/images/SecretFileOnVeraCryptVolume.png
Binary files differ
diff --git a/features/misc_files/container_with_pim.hc b/features/misc_files/container_with_pim.hc
new file mode 100644
index 0000000..a0e8113
--- /dev/null
+++ b/features/misc_files/container_with_pim.hc
Binary files differ
diff --git a/features/step_definitions/browser.rb b/features/step_definitions/browser.rb
index f2c2d49..d1a0f44 100644
--- a/features/step_definitions/browser.rb
+++ b/features/step_definitions/browser.rb
@@ -218,10 +218,10 @@ Then /^Tails homepage loads in the Unsafe Browser$/ do
end
Then /^the Tor Browser shows the "([^"]+)" error$/ do |error|
- page = @torbrowser.child("Problem loading page - Tor Browser", roleName: "frame")
- headers = page.children(roleName: "heading")
- found = headers.any? { |heading| heading.text == error }
- raise "Could not find the '#{error}' error in the Tor Browser" unless found
+ try_for(60) {
+ page = @torbrowser.child("Problem loading page - Tor Browser", roleName: "frame")
+ page.children(roleName: "heading").any? { |heading| heading.text == error }
+ }
end
Then /^I can listen to an Ogg audio track in Tor Browser$/ do
diff --git a/features/step_definitions/veracrypt.rb b/features/step_definitions/veracrypt.rb
index 073419e..9ea5d2e 100644
--- a/features/step_definitions/veracrypt.rb
+++ b/features/step_definitions/veracrypt.rb
@@ -3,16 +3,30 @@ require 'expect'
require 'pty'
require 'tempfile'
-$veracrypt_passphrase = 'asdf'
+$veracrypt_passphrase = 'test'
$veracrypt_hidden_passphrase = 'fdsa'
$veracrypt_volume_name = 'veracrypt'
+$veracrypt_pim = '1'
+$veracrypt_basic_container_with_pim = "#{MISC_FILES_DIR}/container_with_pim.hc"
-def veracrypt_volume_size_in_GNOME(is_hidden)
- is_hidden ? '52 MB' : '105 MB'
+def veracrypt_volume_size_in_Nautilus(options = {})
+ options[:isHidden] ?
+ '52 MB'
+ : (
+ options[:needsPim] ?
+ '147 KB'
+ : '105 MB'
+ )
+end
+
+def veracrypt_volume_size_in_GNOME_Disks(options = {})
+ options[:needsPim] ?
+ '410 KB'
+ : '105 MB'
end
def create_veracrypt_keyfile()
- keyfile = Tempfile.new('veracrypt-keyfile', $config["TMPDIR"])
+ keyfile = Tempfile.create('veracrypt-keyfile', $config["TMPDIR"])
keyfile << 'asdf'
keyfile.close
return keyfile.path
@@ -78,7 +92,7 @@ def create_veracrypt_volume(type, with_keyfile)
Dir.mktmpdir('veracrypt-mountpoint', $config["TMPDIR"]) { |mountpoint|
fatal_system "mount -t vfat '/dev/mapper/veracrypt' '#{mountpoint}'"
# must match SecretFileOnVeraCryptVolume.png when displayed in GNOME Files
- FileUtils.cp('/usr/share/common-licenses/GPL-3', "#{mountpoint}/SecretFile")
+ FileUtils.cp('/usr/share/common-licenses/GPL-3', "#{mountpoint}/GPL-3")
fatal_system "umount '#{mountpoint}'"
}
fatal_system "tcplay --unmap=veracrypt"
@@ -91,9 +105,28 @@ When /^I plug a USB drive containing a (.+) VeraCrypt volume( with a keyfile)?$/
step "I plug USB drive \"#{$veracrypt_volume_name}\""
end
-When /^I plug and mount a USB drive containing a (.+) VeraCrypt file container( with a keyfile)?$/ do |type, with_keyfile|
- create_veracrypt_volume(type, with_keyfile)
- @veracrypt_shared_dir_in_guest = share_host_files($vm.storage.disk_path($veracrypt_volume_name))
+When /^I plug and mount a USB drive containing a (.+) VeraCrypt file container( with a keyfile| with a PIM)?$/ do |type, with_options|
+ case with_options
+ when ' with a PIM'
+ assert_equal(type, 'basic',
+ "Only basic containers are supported with PIM.")
+ @veracrypt_needs_pim = true
+ # Instead of creating a container, we use the one we have in Git.
+ @veracrypt_shared_dir_in_guest = share_host_files(
+ $veracrypt_basic_container_with_pim
+ )
+ $vm.execute_successfully(
+ "mv " +
+ "'#{@veracrypt_shared_dir_in_guest}/#{File.basename($veracrypt_basic_container_with_pim)}' " +
+ "'#{@veracrypt_shared_dir_in_guest}/#{$veracrypt_volume_name}'"
+ )
+ else
+ @veracrypt_needs_pim = false
+ create_veracrypt_volume(type, with_options)
+ @veracrypt_shared_dir_in_guest = share_host_files(
+ $vm.storage.disk_path($veracrypt_volume_name)
+ )
+ end
$vm.execute_successfully(
"chown #{LIVE_USER}:#{LIVE_USER} '#{@veracrypt_shared_dir_in_guest}/#{$veracrypt_volume_name}'"
)
@@ -113,21 +146,31 @@ When /^I unlock and mount this VeraCrypt (volume|file container) with Unlock Ver
@screen.type(
@veracrypt_is_hidden ? $veracrypt_hidden_passphrase : $veracrypt_passphrase
)
+ if @veracrypt_needs_pim
+ # Go back to the PIM entry text field
+ @screen.type(Sikuli::Key.TAB, Sikuli::KeyModifier.SHIFT)
+ sleep 1 # Otherwise typing the PIM goes in the void
+ @screen.type($veracrypt_pim)
+ end
@screen.click('VeraCryptUnlockDialogHiddenVolumeLabel.png') if @veracrypt_is_hidden
@screen.type(Sikuli::Key.ENTER)
@screen.waitVanish('VeraCryptUnlockDialog.png', 10)
try_for(30) do
- $vm.execute_successfully('ls /media/amnesia/*/SecretFile')
+ $vm.execute_successfully("ls /media/amnesia/*/GPL-3")
end
end
When /^I unlock and mount this VeraCrypt (volume|file container) with GNOME Disks$/ do |support|
step 'I start "Disks" via GNOME Activities Overview'
disks = Dogtail::Application.new('gnome-disks')
+ size = veracrypt_volume_size_in_GNOME_Disks(
+ :isHidden => @veracrypt_is_hidden,
+ :needsPim => @veracrypt_needs_pim
+ )
case support
when 'volume'
disks.children(roleName: 'table cell').find { |row|
- /^105 MB Drive/.match(row.name)
+ /^#{size} Drive/.match(row.name)
}.grabFocus
when 'file container'
gnome_shell = Dogtail::Application.new('gnome-shell')
@@ -156,7 +199,7 @@ When /^I unlock and mount this VeraCrypt (volume|file container) with GNOME Disk
try_for(15) do
begin
disks.children(roleName: 'table cell').find { |row|
- /^105 MB Loop Device/.match(row.name)
+ /^#{size} Loop Device/.match(row.name)
}.grabFocus
true
rescue NoMethodError
@@ -171,6 +214,11 @@ When /^I unlock and mount this VeraCrypt (volume|file container) with GNOME Disk
passphrase_field.typeText(
@veracrypt_is_hidden ? $veracrypt_hidden_passphrase : $veracrypt_passphrase
)
+ if @veracrypt_needs_pim
+ pim_field = unlock_dialog.child('PIM', roleName: 'label').labelee
+ pim_field.grabFocus()
+ pim_field.typeText($veracrypt_pim)
+ end
if @veracrypt_needs_keyfile
# not accessible and unreachable with the keyboard (#15952)
@screen.click('GnomeDisksUnlockDialogKeyfileComboBox.png')
@@ -186,7 +234,7 @@ When /^I unlock and mount this VeraCrypt (volume|file container) with GNOME Disk
@screen.type('u', Sikuli::KeyModifier.ALT) # "Unlock" button
try_for(10, :msg => "Failed to mount the unlocked volume") do
begin
- unlocked_volume = disks.child('105 MB VeraCrypt/TrueCrypt', roleName: 'panel', showingOnly: true)
+ unlocked_volume = disks.child("#{size} VeraCrypt/TrueCrypt", roleName: 'panel', showingOnly: true)
unlocked_volume.click
# Move the focus down to the "Filesystem\n107 MB FAT" item (that Dogtail
# is not able to find) using the 'Down' arrow, in order to display
@@ -202,15 +250,18 @@ When /^I unlock and mount this VeraCrypt (volume|file container) with GNOME Disk
false
end
end
- try_for(10, :msg => "/media/amnesia/*/SecretFile does not exist") do
- $vm.execute_successfully('ls /media/amnesia/*/SecretFile')
+ try_for(10, :msg => "/media/amnesia/*/GPL-3 does not exist") do
+ $vm.execute_successfully("ls /media/amnesia/*/GPL-3")
end
end
When /^I open this VeraCrypt volume in GNOME Files$/ do
$vm.spawn('nautilus /media/amnesia/*', user: LIVE_USER)
Dogtail::Application.new('nautilus').window(
- veracrypt_volume_size_in_GNOME(@veracrypt_is_hidden) + ' Volume'
+ veracrypt_volume_size_in_Nautilus(
+ :isHidden => @veracrypt_is_hidden,
+ :needsPim => @veracrypt_needs_pim
+ ) + ' Volume'
)
end
@@ -227,6 +278,6 @@ When /^I lock the currently opened VeraCrypt (volume|file container)$/ do |suppo
end
Then /^the VeraCrypt (volume|file container) has been unmounted and locked$/ do |support|
- assert(! $vm.execute('ls /media/amnesia/*/SecretFile').success?)
+ assert(! $vm.execute("ls /media/amnesia/*/GPL-3").success?)
assert(! $vm.execute('ls /dev/mapper/tcrypt-*').success?)
end
diff --git a/features/support/helpers/dogtail.rb b/features/support/helpers/dogtail.rb
index 5973e9c..3fa618a 100644
--- a/features/support/helpers/dogtail.rb
+++ b/features/support/helpers/dogtail.rb
@@ -19,6 +19,7 @@ module Dogtail
]
TREE_API_NODE_SEARCH_FIELDS = [
+ :labelee,
:parent,
]
diff --git a/features/veracrypt.feature b/features/veracrypt.feature
index 23b7c14..ef29424 100644
--- a/features/veracrypt.feature
+++ b/features/veracrypt.feature
@@ -25,8 +25,8 @@ Feature: Using VeraCrypt encrypted volumes
When I lock the currently opened VeraCrypt volume
Then the VeraCrypt volume has been unmounted and locked
- Scenario: Use Unlock VeraCrypt Volumes to unlock a basic VeraCrypt file container
- When I plug and mount a USB drive containing a basic VeraCrypt file container
+ Scenario: Use Unlock VeraCrypt Volumes to unlock a basic VeraCrypt file container with a PIM
+ When I plug and mount a USB drive containing a basic VeraCrypt file container with a PIM
And I unlock and mount this VeraCrypt file container with Unlock VeraCrypt Volumes
And I open this VeraCrypt volume in GNOME Files
Then I see "SecretFileOnVeraCryptVolume.png" after at most 10 seconds
@@ -74,3 +74,11 @@ Feature: Using VeraCrypt encrypted volumes
Then I see "SecretFileOnVeraCryptVolume.png" after at most 10 seconds
When I lock the currently opened VeraCrypt file container
Then the VeraCrypt file container has been unmounted and locked
+
+ Scenario: Use GNOME Disks to unlock a basic VeraCrypt file container with a PIM
+ When I plug and mount a USB drive containing a basic VeraCrypt file container with a PIM
+ And I unlock and mount this VeraCrypt file container with GNOME Disks
+ And I open this VeraCrypt volume in GNOME Files
+ Then I see "SecretFileOnVeraCryptVolume.png" after at most 10 seconds
+ When I lock the currently opened VeraCrypt file container
+ Then the VeraCrypt file container has been unmounted and locked
diff --git a/wiki/src/contribute/release_process.mdwn b/wiki/src/contribute/release_process.mdwn
index 4eccabe..a422ad8 100644
--- a/wiki/src/contribute/release_process.mdwn
+++ b/wiki/src/contribute/release_process.mdwn
@@ -314,15 +314,15 @@ Update other base branches
during the freeze. It's fine if that results in a no-op
(it depends on how exactly previous operations were performed).
-3. Merge `devel` into `feature/buster`, *without* following the instructions for
+3. Merge `devel` into `feature/bullseye` (if it exists), *without* following the instructions for
[[merging base branches|APT_repository/custom#workflow-merge-main-branch]].
- (For now `feature/buster` is handled as any other topic branch
+ (For now `feature/bullseye` is handled as any other topic branch
forked off `devel`: its base branch is set to `devel`.)
If the merge conflicts don't look like something you feel confident
resolving properly, abort this merge and let the Foundations
Team know.
-4. Ensure that the release, `devel` and `feature/buster` branches
+4. Ensure that the release, `devel` and `feature/bullseye` (if it exists) branches
have the expected content in `config/APT_overlays.d/`: e.g. it must
not list any overlay APT suite that has been merged already.
@@ -330,7 +330,7 @@ Update other base branches
git push origin \
"${RELEASE_BRANCH:?}:${RELEASE_BRANCH:?}" \
- feature/buster:feature/buster \
+ $(if git describe feature/bullseye >/dev/null 2>&1; then echo feature/bullseye:feature/bullseye ; fi) \
devel:devel
Update more included files