summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorintrigeri <intrigeri@boum.org>2017-03-18 19:10:54 +0000
committerintrigeri <intrigeri@boum.org>2017-03-18 19:10:54 +0000
commit9973eda1c69f80f6c717a28329d00f8199442502 (patch)
tree91358c4c329d8633e4248733ff451d656784fd16
parent38fbc29e70f2cc46c6a4d9b8061627e7b8492f80 (diff)
parente3119bbff3d24c3f0035ff27466cdfacd5688b55 (diff)
Merge branch 'feature/stretch' into bugfix/12219-xorg-server-1.19.3-1
-rw-r--r--config/APT_overlays.d/bugfix-12079-formats0
-rw-r--r--features/chutney/test-network7
l---------[-rw-r--r--]features/images/TailsGreeterLoginButtonGerman.pngbin1362 -> 27 bytes
-rw-r--r--features/localization.feature2
-rw-r--r--features/step_definitions/chutney.rb44
-rw-r--r--features/step_definitions/torified_gnupg.rb70
-rw-r--r--features/torified_gnupg.feature16
7 files changed, 105 insertions, 34 deletions
diff --git a/config/APT_overlays.d/bugfix-12079-formats b/config/APT_overlays.d/bugfix-12079-formats
deleted file mode 100644
index e69de29..0000000
--- a/config/APT_overlays.d/bugfix-12079-formats
+++ /dev/null
diff --git a/features/chutney/test-network b/features/chutney/test-network
index adb8ee5..c54fc79 100644
--- a/features/chutney/test-network
+++ b/features/chutney/test-network
@@ -45,12 +45,19 @@ BridgeObfs4 = Node(
torrc="bridge-obfs4.tmpl"
)
+OnionService = Node(
+ tag="hs",
+ hs=1,
+ torrc="hs.tmpl"
+)
+
NODES = Authority.getN(4) + \
BridgeAuthority.getN(1) + \
NonExitRelay.getN(20) + \
ExitRelay.getN(10) + \
Bridge.getN(3) + \
BridgeObfs4.getN(3) + \
+ OnionService.getN(1) + \
Client.getN(1)
ConfigureNodes(NODES)
diff --git a/features/images/TailsGreeterLoginButtonGerman.png b/features/images/TailsGreeterLoginButtonGerman.png
index 097d165..ddb5423 100644..120000
--- a/features/images/TailsGreeterLoginButtonGerman.png
+++ b/features/images/TailsGreeterLoginButtonGerman.png
Binary files differ
diff --git a/features/localization.feature b/features/localization.feature
index 2697ff8..f5c683d 100644
--- a/features/localization.feature
+++ b/features/localization.feature
@@ -8,7 +8,7 @@ Feature: Localization
Scenario: The Report an Error launcher will open the support documentation in supported non-English locales
Given I have started Tails from DVD without network and stopped at Tails Greeter's login screen
And I log in to a new session in German
- When I double-click the Report an Error launcher on the desktop
+ When I double-click on the Report an Error launcher on the desktop
Then the support documentation page opens in Tor Browser
#11711
diff --git a/features/step_definitions/chutney.rb b/features/step_definitions/chutney.rb
index 0b24b31..d362d65 100644
--- a/features/step_definitions/chutney.rb
+++ b/features/step_definitions/chutney.rb
@@ -1,9 +1,12 @@
+def chutney_src_dir
+ "#{GIT_DIR}/submodules/chutney"
+end
+
def ensure_chutney_is_running
# Ensure that a fresh chutney instance is running, and that it will
# be cleaned upon exit. We only do it once, though, since the same
# setup can be used throughout the same test suite run.
if not($chutney_initialized)
- chutney_src_dir = "#{GIT_DIR}/submodules/chutney"
chutney_listen_address = $vmnet.bridge_ip_addr
chutney_script = "#{chutney_src_dir}/chutney"
assert(
@@ -112,7 +115,6 @@ When /^I configure Tails to use a simulated Tor network$/ do
]
# We run one client in chutney so we easily can grep the generated
# DirAuthority lines and use them.
- chutney_src_dir = "#{GIT_DIR}/submodules/chutney"
client_torrcs = Dir.glob(
"#{$config['TMPDIR']}/chutney-data/nodes/*client/torrc"
)
@@ -126,3 +128,41 @@ end
When /^Tails is using the real Tor network$/ do
assert($vm.execute('grep "TestingTorNetwork 1" /etc/torrc').failure?)
end
+
+def chutney_onionservice_info
+ hs_hostname_file_path = Dir.glob(
+ "#{$config['TMPDIR']}/chutney-data/nodes/*hs/hidden_service/hostname"
+ ).first
+ hs_hostname = open(hs_hostname_file_path, 'r') do |f|
+ f.read.chomp
+ end
+ hs_torrc_path = Dir.glob(
+ "#{$config['TMPDIR']}/chutney-data/nodes/*hs/torrc"
+ ).first
+ _, hs_port, local_address_port = open(hs_torrc_path, 'r') do |f|
+ f.grep(/^HiddenServicePort/).first.split
+ end
+ local_address, local_port = local_address_port.split(':')
+ [local_address, local_port, hs_hostname, hs_port]
+end
+
+def chutney_onionservice_redir(remote_address, remote_port)
+ kill_redir = Proc.new do
+ begin
+ Process.kill("TERM", $chutney_onionservice_job.pid)
+ rescue
+ # noop
+ end
+ end
+ if $chutney_onionservice_job
+ kill_redir.call
+ end
+ local_address, local_port, _ = chutney_onionservice_info
+ $chutney_onionservice_job = IO.popen(
+ ['/usr/bin/redir',
+ "#{local_address}:#{local_port}",
+ "#{remote_address}:#{remote_port}"]
+ )
+ add_after_scenario_hook { kill_redir.call }
+ return $chutney_onionservice_job
+end
diff --git a/features/step_definitions/torified_gnupg.rb b/features/step_definitions/torified_gnupg.rb
index be280ef..74bd3a4 100644
--- a/features/step_definitions/torified_gnupg.rb
+++ b/features/step_definitions/torified_gnupg.rb
@@ -1,3 +1,5 @@
+require 'resolv'
+
class OpenPGPKeyserverCommunicationError < StandardError
end
@@ -43,6 +45,18 @@ When /^the "([^"]+)" OpenPGP key is not in the live user's public keyring$/ do |
"The '#{keyid}' key is in the live user's public keyring.")
end
+def setup_onion_keyserver
+ resolver = Resolv::DNS.new
+ keyservers = resolver.getaddresses('pool.sks-keyservers.net').select do |addr|
+ addr.class == Resolv::IPv4
+ end
+ onion_keyserver_address = keyservers.sample
+ hkp_port = 11371
+ @onion_keyserver_job = chutney_onionservice_redir(
+ onion_keyserver_address, hkp_port
+ )
+end
+
When /^I fetch the "([^"]+)" OpenPGP key using the GnuPG CLI( without any signatures)?$/ do |keyid, without|
# Make keyid an instance variable so we can reference it in the Seahorse
# keysyncing step.
@@ -52,7 +66,7 @@ When /^I fetch the "([^"]+)" OpenPGP key using the GnuPG CLI( without any signat
else
importopts = ''
end
- retry_tor do
+ retry_tor(Proc.new { setup_onion_keyserver }) do
@gnupg_recv_key_res = $vm.execute_successfully(
"timeout 120 gpg --batch #{importopts} --recv-key '#{@fetched_openpgp_keyid}'",
:user => LIVE_USER)
@@ -74,17 +88,6 @@ When /^the Seahorse operation is successful$/ do
$vm.has_process?('seahorse')
end
-When /^GnuPG uses the configured keyserver$/ do
- dirmngr_request = $vm.execute_successfully(
- 'gpg-connect-agent --dirmngr "keyserver --hosttable" /bye'
- )
- server = dirmngr_request.stdout.chomp.lines[1].split[4]
- assert_equal(
- CONFIGURED_KEYSERVER_HOSTNAME, server,
- "GnuPG's dirmngr does not use the correct keyserver"
- )
-end
-
When /^the "([^"]+)" key is in the live user's public keyring(?: after at most (\d) seconds)?$/ do |keyid, delay|
delay = 10 unless delay
try_for(delay.to_i, :msg => "The '#{keyid}' key is not in the live user's public keyring") {
@@ -114,6 +117,7 @@ end
Then /^I synchronize keys in Seahorse$/ do
recovery_proc = Proc.new do
+ setup_onion_keyserver
# The version of Seahorse in Jessie will abort with a
# segmentation fault whenever there's any sort of network error while
# syncing keys. This will usually happens after clicking away the error
@@ -172,6 +176,7 @@ When /^I fetch the "([^"]+)" OpenPGP key using Seahorse( via the OpenPGP Applet)
end
recovery_proc = Proc.new do
+ setup_onion_keyserver
@screen.click('GnomeCloseButton.png') if @screen.exists('GnomeCloseButton.png')
@screen.type("w", Sikuli::KeyModifier.CTRL)
end
@@ -204,9 +209,40 @@ When /^I fetch the "([^"]+)" OpenPGP key using Seahorse( via the OpenPGP Applet)
end
end
-Then /^Seahorse is configured to use the correct keyserver$/ do
- @gnome_keyservers = YAML.load($vm.execute_successfully('gsettings get org.gnome.crypto.pgp keyservers',
- :user => LIVE_USER).stdout)
- assert_equal(1, @gnome_keyservers.count, 'Seahorse should only have one keyserver configured.')
- assert_equal('hkp://' + CONFIGURED_KEYSERVER_HOSTNAME, @gnome_keyservers[0])
+Given /^(GnuPG|Seahorse) is configured to use Chutney's onion keyserver$/ do |app|
+ setup_onion_keyserver unless @onion_keyserver_job
+ _, _, onion_address, onion_port = chutney_onionservice_info
+ case app
+ when 'GnuPG'
+ # Validate the shipped configuration ...
+ server = /keyserver\s+(\S+)$/.match($vm.file_content("/home/#{LIVE_USER}/.gnupg/dirmngr.conf"))[1]
+ assert_equal(
+ "hkp://#{CONFIGURED_KEYSERVER_HOSTNAME}", server,
+ "GnuPG's dirmngr does not use the correct keyserver"
+ )
+ # ... before replacing it
+ $vm.execute_successfully(
+ "sed -i 's/#{CONFIGURED_KEYSERVER_HOSTNAME}/#{onion_address}:#{onion_port}/' " +
+ "'/home/#{LIVE_USER}/.gnupg/dirmngr.conf'"
+ )
+ when 'Seahorse'
+ # Validate the shipped configuration ...
+ @gnome_keyservers = YAML.load(
+ $vm.execute_successfully(
+ 'gsettings get org.gnome.crypto.pgp keyservers',
+ user: LIVE_USER
+ ).stdout
+ )
+ assert_equal(1, @gnome_keyservers.count,
+ 'Seahorse should only have one keyserver configured.')
+ assert_equal(
+ 'hkp://' + CONFIGURED_KEYSERVER_HOSTNAME, @gnome_keyservers[0],
+ "GnuPG's dirmngr does not use the correct keyserver"
+ )
+ # ... before replacing it
+ $vm.execute_successfully(
+ "gsettings set org.gnome.crypto.pgp keyservers \"['hkp://#{onion_address}:#{onion_port}']\"",
+ user: LIVE_USER
+ )
+ end
end
diff --git a/features/torified_gnupg.feature b/features/torified_gnupg.feature
index 97ba265..fedb503 100644
--- a/features/torified_gnupg.feature
+++ b/features/torified_gnupg.feature
@@ -8,34 +8,24 @@ Feature: Keyserver interaction with GnuPG
Background:
Given I have started Tails from DVD and logged in and the network is connected
And the "10CC5BC7" OpenPGP key is not in the live user's public keyring
+ And GnuPG is configured to use Chutney's onion keyserver
+ And Seahorse is configured to use Chutney's onion keyserver
- Scenario: Seahorse is configured to use the correct keyserver
- Then Seahorse is configured to use the correct keyserver
-
- #12211
- @fragile
Scenario: Fetching OpenPGP keys using GnuPG should work and be done over Tor.
- Given GnuPG uses the configured keyserver
When I fetch the "10CC5BC7" OpenPGP key using the GnuPG CLI
And the GnuPG fetch is successful
Then the "10CC5BC7" key is in the live user's public keyring
- #12211
- @fragile
Scenario: Fetching OpenPGP keys using Seahorse should work and be done over Tor.
When I fetch the "10CC5BC7" OpenPGP key using Seahorse
And the Seahorse operation is successful
Then the "10CC5BC7" key is in the live user's public keyring
- #12211
- @fragile
Scenario: Fetching OpenPGP keys using Seahorse via the OpenPGP Applet should work and be done over Tor.
When I fetch the "10CC5BC7" OpenPGP key using Seahorse via the OpenPGP Applet
And the Seahorse operation is successful
Then the "10CC5BC7" key is in the live user's public keyring
- #12211
- @fragile
Scenario: Syncing OpenPGP keys using Seahorse should work and be done over Tor.
Given I fetch the "10CC5BC7" OpenPGP key using the GnuPG CLI without any signatures
And the GnuPG fetch is successful
@@ -48,8 +38,6 @@ Feature: Keyserver interaction with GnuPG
And the Seahorse operation is successful
Then the key "10CC5BC7" has more than 2 signatures
- #12211
- @fragile
Scenario: Syncing OpenPGP keys using Seahorse started from the OpenPGP Applet should work and be done over Tor.
Given I fetch the "10CC5BC7" OpenPGP key using the GnuPG CLI without any signatures
And the GnuPG fetch is successful