summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authoranonym <anonym@riseup.net>2015-10-21 18:38:00 +0200
committeranonym <anonym@riseup.net>2015-10-21 18:38:00 +0200
commit3a5d100558f38b5382393e9e9d56a5d8f48c542c (patch)
tree0c64a99b2aa758a8abcc0774b6cfe939228e809b
parentedfd79ef88a1b3b25e6befe5c3ce00dc29f109d7 (diff)
parent4c64182b0bc75f876d83036a6d60731731f90bcd (diff)
Merge branch 'devel' into test/10345-run-vnc-server-forever
-rwxr-xr-xauto/build2
-rwxr-xr-xbuild-website (renamed from build-wiki)0
-rw-r--r--config/APT_overlays.d/feature-9672-rework-installer-wording-on-wheezy0
-rw-r--r--config/chroot_apt/preferences6
-rwxr-xr-xconfig/chroot_local-hooks/19-install-tor-browser-AppArmor-profile2
-rwxr-xr-xconfig/chroot_local-includes/etc/NetworkManager/dispatcher.d/10-tor.sh2
-rw-r--r--config/chroot_local-packageslists/tails-common.list3
-rw-r--r--features/apt.feature12
-rw-r--r--features/checks.feature51
-rw-r--r--features/config/defaults.yml2
-rw-r--r--features/dhcp.feature22
-rw-r--r--features/domains/default.xml26
-rw-r--r--features/domains/default_net.xml1
-rw-r--r--features/electrum.feature23
-rw-r--r--features/encryption.feature4
-rw-r--r--features/evince.feature32
-rw-r--r--features/images/USBCloneAndInstall.pngbin2066 -> 2231 bytes
-rw-r--r--features/images/USBCloneAndUpgrade.pngbin2390 -> 2417 bytes
-rw-r--r--features/images/USBUpgradeFromISO.pngbin2143 -> 2508 bytes
-rw-r--r--features/images/WindowsTorBrowserOfflinePrompt.pngbin0 -> 1534 bytes
-rw-r--r--features/images/WindowsTorBrowserOfflinePromptStart.pngbin0 -> 1778 bytes
-rw-r--r--features/localization.feature18
-rw-r--r--features/mat.feature13
-rw-r--r--features/persistence.feature47
-rw-r--r--features/pidgin.feature52
-rw-r--r--features/root_access_control.feature24
-rw-r--r--features/ssh.feature10
-rw-r--r--features/step_definitions/apt.rb12
-rw-r--r--features/step_definitions/checks.rb64
-rw-r--r--features/step_definitions/common_steps.rb395
-rw-r--r--features/step_definitions/dhcp.rb3
-rw-r--r--features/step_definitions/electrum.rb7
-rw-r--r--features/step_definitions/encryption.rb13
-rw-r--r--features/step_definitions/erase_memory.rb61
-rw-r--r--features/step_definitions/evince.rb5
-rw-r--r--features/step_definitions/firewall_leaks.rb15
-rw-r--r--features/step_definitions/git.rb7
-rw-r--r--features/step_definitions/i2p.rb22
-rw-r--r--features/step_definitions/pidgin.rb69
-rw-r--r--features/step_definitions/root_access_control.rb13
-rw-r--r--features/step_definitions/snapshots.rb177
-rw-r--r--features/step_definitions/ssh.rb15
-rw-r--r--features/step_definitions/time_syncing.rb31
-rw-r--r--features/step_definitions/tor.rb46
-rw-r--r--features/step_definitions/torified_browsing.rb1
-rw-r--r--features/step_definitions/torified_gnupg.rb24
-rw-r--r--features/step_definitions/torified_misc.rb8
-rw-r--r--features/step_definitions/totem.rb8
-rw-r--r--features/step_definitions/unsafe_browser.rb41
-rw-r--r--features/step_definitions/untrusted_partitions.rb29
-rw-r--r--features/step_definitions/usb.rb204
-rw-r--r--features/step_definitions/windows_camouflage.rb2
-rw-r--r--features/support/config.rb4
-rw-r--r--features/support/env.rb6
-rw-r--r--features/support/extra_hooks.rb9
-rw-r--r--features/support/helpers/display_helper.rb5
-rw-r--r--features/support/helpers/misc_helpers.rb31
-rw-r--r--features/support/helpers/storage_helper.rb22
-rw-r--r--features/support/helpers/vm_helper.rb185
-rw-r--r--features/support/hooks.rb67
-rw-r--r--features/time_syncing.feature91
-rw-r--r--features/tor_bridges.feature33
-rw-r--r--features/tor_enforcement.feature30
-rw-r--r--features/tor_stream_isolation.feature7
-rw-r--r--features/torified_browsing.feature71
-rw-r--r--features/torified_git.feature10
-rw-r--r--features/torified_gnupg.feature10
-rw-r--r--features/torified_misc.feature10
-rw-r--r--features/totem.feature27
-rw-r--r--features/unsafe_browser.feature29
-rw-r--r--features/untrusted_partitions.feature19
-rw-r--r--features/usb_install.feature335
-rw-r--r--features/usb_upgrade.feature125
-rw-r--r--features/windows_camouflage.feature13
-rwxr-xr-xrun_test_suite5
m---------submodules/pythonlib0
-rwxr-xr-xvagrant/provision/assets/build-tails2
-rw-r--r--wiki/src/blueprint/HTTP_mirror_pool.mdwn18
-rw-r--r--wiki/src/blueprint/SponsorS/reports/2015_09.mdwn296
-rw-r--r--wiki/src/blueprint/SponsorS/reports/2015_10.mdwn2
-rw-r--r--wiki/src/blueprint/SponsorS/reports/2015_11.mdwn2
-rw-r--r--wiki/src/blueprint/SponsorS/reports/2015_12.mdwn2
-rw-r--r--wiki/src/blueprint/SponsorS/reports/2016_01.mdwn2
-rw-r--r--wiki/src/blueprint/SponsorS/reports/2016_02.mdwn2
-rw-r--r--wiki/src/blueprint/SponsorS/reports/2016_03.mdwn2
-rw-r--r--wiki/src/blueprint/SponsorS/reports/2016_04.mdwn2
-rw-r--r--wiki/src/blueprint/SponsorS/reports/2016_05.mdwn2
-rw-r--r--wiki/src/blueprint/SponsorS/reports/2016_06.mdwn2
-rw-r--r--wiki/src/blueprint/SponsorS/reports/2016_07.mdwn2
-rw-r--r--wiki/src/blueprint/automated_builds_and_tests/automated_tests_specs.mdwn21
-rw-r--r--wiki/src/blueprint/automated_builds_and_tests/jenkins.mdwn271
-rw-r--r--wiki/src/blueprint/automated_builds_and_tests/resources.mdwn140
-rw-r--r--wiki/src/blueprint/l10n_Italian.mdwn58
-rw-r--r--wiki/src/blueprint/monthly_meeting.mdwn4
-rw-r--r--wiki/src/blueprint/report_2015_08.mdwn36
-rw-r--r--wiki/src/contribute.de.po18
-rw-r--r--wiki/src/contribute.fr.po4
-rw-r--r--wiki/src/contribute.mdwn2
-rw-r--r--wiki/src/contribute.pt.po18
-rw-r--r--wiki/src/contribute/build/website.mdwn86
-rw-r--r--wiki/src/contribute/build/website/languages.inline.mdwn5
-rw-r--r--wiki/src/contribute/build/website/src.inline.mdwn4
-rw-r--r--wiki/src/contribute/calendar.mdwn41
-rw-r--r--wiki/src/contribute/design.mdwn3
-rw-r--r--wiki/src/contribute/git.mdwn2
-rw-r--r--wiki/src/contribute/how/code.mdwn2
-rw-r--r--wiki/src/contribute/how/documentation.mdwn13
-rw-r--r--wiki/src/contribute/how/translate/team/fr.mdwn2
-rw-r--r--wiki/src/contribute/how/translate/with_Git.mdwn15
-rw-r--r--wiki/src/contribute/l10n_tricks.mdwn8
-rw-r--r--wiki/src/contribute/release_process.mdwn20
-rw-r--r--wiki/src/contribute/release_process/liveusb-creator.mdwn4
-rw-r--r--wiki/src/contribute/release_process/liveusb-creator/topic_branch.mdwn2
-rw-r--r--wiki/src/contribute/release_process/test.mdwn46
-rw-r--r--wiki/src/contribute/release_process/test/automated_tests.mdwn116
-rw-r--r--wiki/src/doc/about/features.de.po4
-rw-r--r--wiki/src/doc/about/features.fr.po4
-rw-r--r--wiki/src/doc/about/features.mdwn2
-rw-r--r--wiki/src/doc/about/features.pt.po4
-rw-r--r--wiki/src/doc/about/tor.fr.po27
-rw-r--r--wiki/src/doc/about/warning.de.po248
-rw-r--r--wiki/src/doc/about/warning.fr.po248
-rw-r--r--wiki/src/doc/about/warning.mdwn84
-rw-r--r--wiki/src/doc/about/warning.pt.po240
-rw-r--r--wiki/src/doc/anonymous_internet/electrum.fr.po10
-rw-r--r--wiki/src/doc/anonymous_internet/unsafe_browser.de.po59
-rw-r--r--wiki/src/doc/anonymous_internet/unsafe_browser/chroot.inline.de.po4
-rw-r--r--wiki/src/doc/first_steps/installation.mdwn4
-rw-r--r--wiki/src/doc/first_steps/introduction_to_gnome_and_the_tails_desktop.de.po271
-rw-r--r--wiki/src/doc/first_steps/persistence/configure.de.po17
-rw-r--r--wiki/src/doc/first_steps/persistence/configure.fr.po26
-rw-r--r--wiki/src/doc/first_steps/persistence/configure.mdwn11
-rw-r--r--wiki/src/doc/first_steps/persistence/configure.pt.po20
-rw-r--r--wiki/src/doc/first_steps/persistence/warnings.de.po75
-rw-r--r--wiki/src/doc/first_steps/reset/mac.de.po54
-rw-r--r--wiki/src/doc/first_steps/start_tails.de.po125
-rw-r--r--wiki/src/doc/first_steps/upgrade.mdwn6
-rw-r--r--wiki/src/news/version_0.2.fr.po23
-rw-r--r--wiki/src/news/version_0.3.fr.po25
-rw-r--r--wiki/src/news/version_0.4.1.fr.po60
-rw-r--r--wiki/src/news/version_1.6.fr.po47
-rw-r--r--wiki/src/press/media_appearances_2011.fr.po29
-rw-r--r--wiki/src/security/Numerous_security_holes_in_1.5.1.fr.po37
-rw-r--r--wiki/src/support/faq.fr.po7
-rw-r--r--wiki/src/support/known_issues.de.po4
-rw-r--r--wiki/src/support/known_issues.fr.po38
-rw-r--r--wiki/src/support/known_issues.mdwn2
-rw-r--r--wiki/src/support/known_issues.pt.po4
-rw-r--r--wiki/src/support/learn.fr.po53
-rw-r--r--wiki/src/support/learn/intro.inline.fr.po12
-rw-r--r--wiki/src/support/talk/languages.inline.fr.po20
151 files changed, 3499 insertions, 2450 deletions
diff --git a/auto/build b/auto/build
index 390ef3c..d464959 100755
--- a/auto/build
+++ b/auto/build
@@ -128,7 +128,7 @@ if [ -n "$JENKINS_URL" ] && [ -z "$GIT_TAG" ] \
fi
# build the doc wiki
-./build-wiki
+./build-website
# refresh translations of our programs
./refresh-translations || fatal "refresh-translations failed ($?)."
diff --git a/build-wiki b/build-website
index bb1590b..bb1590b 100755
--- a/build-wiki
+++ b/build-website
diff --git a/config/APT_overlays.d/feature-9672-rework-installer-wording-on-wheezy b/config/APT_overlays.d/feature-9672-rework-installer-wording-on-wheezy
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/config/APT_overlays.d/feature-9672-rework-installer-wording-on-wheezy
diff --git a/config/chroot_apt/preferences b/config/chroot_apt/preferences
index 5b04851..f9b0c05 100644
--- a/config/chroot_apt/preferences
+++ b/config/chroot_apt/preferences
@@ -66,6 +66,10 @@ Package: poedit
Pin: release o=Debian Backports,n=wheezy-backports
Pin-Priority: 999
+Package: firmware-amd-graphics
+Pin: release o=Debian,a=unstable
+Pin-Priority: 999
+
Package: firmware-atheros
Pin: release o=Debian,a=unstable
Pin-Priority: 999
@@ -106,7 +110,7 @@ Package: firmware-linux-nonfree
Pin: release o=Debian,a=unstable
Pin-Priority: 999
-Package: firmware-ralink
+Package: firmware-misc-nonfree
Pin: release o=Debian,a=unstable
Pin-Priority: 999
diff --git a/config/chroot_local-hooks/19-install-tor-browser-AppArmor-profile b/config/chroot_local-hooks/19-install-tor-browser-AppArmor-profile
index b106da6..4472f2f 100755
--- a/config/chroot_local-hooks/19-install-tor-browser-AppArmor-profile
+++ b/config/chroot_local-hooks/19-install-tor-browser-AppArmor-profile
@@ -33,7 +33,7 @@ install_torbrowser_AppArmor_profile() {
tmpdir="$(mktemp -d)"
(
cd "$tmpdir"
- apt-get source torbrowser-launcher/sid
+ apt-get source torbrowser-launcher/testing
install -m 0644 \
torbrowser-launcher-*/apparmor/torbrowser.Browser.firefox \
"$PROFILE"
diff --git a/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/10-tor.sh b/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/10-tor.sh
index 31ddef5..28c3ade 100755
--- a/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/10-tor.sh
+++ b/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/10-tor.sh
@@ -47,7 +47,7 @@ fi
# To work around this we restart Tor, in various ways, no matter the
# case below.
if [ "$(tails_netconf)" = "obstacle" ]; then
- # We do not use retart-tor since it validates that bootstraping
+ # We do not use restart-tor since it validates that bootstraping
# succeeds. That cannot happen until Tor Launcher has started
# (below) and the user is done configuring it.
service tor restart
diff --git a/config/chroot_local-packageslists/tails-common.list b/config/chroot_local-packageslists/tails-common.list
index 9cefd5e..558e2f1 100644
--- a/config/chroot_local-packageslists/tails-common.list
+++ b/config/chroot_local-packageslists/tails-common.list
@@ -250,6 +250,7 @@ xserver-xorg-input-vmmouse
#endif
### Firmwares
+firmware-amd-graphics
firmware-atheros
firmware-brcm80211
firmware-ipw2x00
@@ -258,7 +259,7 @@ firmware-libertas
firmware-linux
firmware-linux-free
firmware-linux-nonfree
-firmware-ralink
+firmware-misc-nonfree
firmware-realtek
firmware-zd1211
b43-fwcutter
diff --git a/features/apt.feature b/features/apt.feature
index 0aa70ed..40fc758 100644
--- a/features/apt.feature
+++ b/features/apt.feature
@@ -6,17 +6,7 @@ Feature: Installing packages through APT
and all Internet traffic should flow only through Tor.
Background:
- Given a computer
- And I start the computer
- And the computer boots Tails
- And I enable more Tails Greeter options
- And I set sudo password "asdf"
- And I log in to a new session
- And the Tails desktop is ready
- And Tor is ready
- And all notifications have disappeared
- And available upgrades have been checked
- And I save the state so the background can be restored next scenario
+ Given I have started Tails from DVD and logged in with an administration password and the network is connected
Scenario: APT sources are configured correctly
Then the only hosts in APT sources are "ftp.us.debian.org,security.debian.org,backports.debian.org,deb.tails.boum.org,deb.torproject.org,mozilla.debian.net"
diff --git a/features/checks.feature b/features/checks.feature
index ce2938f..b3e12f2 100644
--- a/features/checks.feature
+++ b/features/checks.feature
@@ -1,47 +1,52 @@
@product
Feature: Various checks
- Background:
- Given a computer
- And I start Tails from DVD with network unplugged and I login
- And I save the state so the background can be restored next scenario
-
Scenario: AppArmor is enabled and has enforced profiles
+ Given I have started Tails from DVD without network and logged in
Then AppArmor is enabled
And some AppArmor profiles are enforced
Scenario: GNOME Screenshot has a sane default save directory
+ Given I have started Tails from DVD without network and logged in
Then GNOME Screenshot is configured to save files to the live user's home directory
Scenario: GNOME Screenshot takes a screenshot when the PRINTSCREEN key is pressed
- Given there is no screenshot in the live user's home directory
+ Given I have started Tails from DVD without network and logged in
+ And there is no screenshot in the live user's home directory
When I press the "PRINTSCREEN" key
Then a screenshot is saved to the live user's home directory
Scenario: VirtualBox guest modules are available
+ Given I have started Tails from DVD without network and logged in
When Tails has booted a 64-bit kernel
Then the VirtualBox guest modules are available
+ @fragile
Scenario: The shipped Tails OpenPGP keys are up-to-date
+ Given I have started Tails from DVD without network and logged in
Then the OpenPGP keys shipped with Tails will be valid for the next 3 months
Scenario: The Tails Debian repository key is up-to-date
+ Given I have started Tails from DVD without network and logged in
Then the shipped Debian repository key will be valid for the next 3 months
Scenario: The "Report an Error" launcher will open the support documentation
- Given the network is plugged
+ Given I have started Tails from DVD without network and logged in
+ And the network is plugged
And Tor is ready
And all notifications have disappeared
When I double-click the Report an Error launcher on the desktop
Then the support documentation page opens in Tor Browser
Scenario: The live user is setup correctly
+ Given I have started Tails from DVD without network and logged in
Then the live user has been setup by live-boot
And the live user is a member of only its own group and "audio cdrom dialout floppy video plugdev netdev fuse scanner lp lpadmin vboxsf"
And the live user owns its home dir and it has normal permissions
Scenario: No initial network
- Given I wait between 30 and 60 seconds
+ Given I have started Tails from DVD without network and logged in
+ And I wait between 30 and 60 seconds
When the network is plugged
And Tor is ready
And all notifications have disappeared
@@ -49,45 +54,29 @@ Feature: Various checks
And process "vidalia" is running within 30 seconds
Scenario: The 'Tor is ready' notification is shown when Tor has bootstrapped
- Given the network is plugged
+ Given I have started Tails from DVD without network and logged in
+ And the network is plugged
When I see the 'Tor is ready' notification
Then Tor is ready
Scenario: The tor process should be confined with Seccomp
- Given the network is plugged
+ Given I have started Tails from DVD without network and logged in
+ And the network is plugged
And Tor is ready
Then the running process "tor" is confined with Seccomp in filter mode
Scenario: No unexpected network services
+ Given I have started Tails from DVD without network and logged in
When the network is plugged
And Tor is ready
Then no unexpected services are listening for network connections
Scenario: The emergency shutdown applet can shutdown Tails
+ Given I have started Tails from DVD without network and logged in
When I request a shutdown using the emergency shutdown applet
Then Tails eventually shuts down
Scenario: The emergency shutdown applet can reboot Tails
+ Given I have started Tails from DVD without network and logged in
When I request a reboot using the emergency shutdown applet
Then Tails eventually restarts
-
- # We ditch the background snapshot for this scenario since we cannot
- # add a filesystem share to a live VM so it would have to be in the
- # background above. However, there's a bug that seems to make shares
- # impossible to have after a snapshot restore.
- Scenario: MAT can clean a PDF file
- Given a computer
- And I setup a filesystem share containing a sample PDF
- And I start Tails from DVD with network unplugged and I login
- Then MAT can clean some sample PDF file
-
- Scenario: The Report an Error launcher will open the support documentation in supported non-English locales
- Given a computer
- And the network is plugged
- And I start the computer
- And the computer boots Tails
- And I log in to a new session in German
- And Tails seems to have booted normally
- And Tor is ready
- When I double-click the Report an Error launcher on the desktop
- Then the support documentation page opens in Tor Browser
diff --git a/features/config/defaults.yml b/features/config/defaults.yml
index dae00c5..443ad52 100644
--- a/features/config/defaults.yml
+++ b/features/config/defaults.yml
@@ -1,8 +1,8 @@
CAPTURE: false
CAPTURE_ALL: false
+MAX_NEW_TOR_CIRCUIT_RETRIES: 5
PAUSE_ON_FAIL: false
SIKULI_RETRY_FINDFAILED: false
-MAX_NEW_TOR_CIRCUIT_RETRIES: 5
TMPDIR: "/tmp/TailsToaster"
Unsafe_SSH_private_key: |
diff --git a/features/dhcp.feature b/features/dhcp.feature
index 82daa1d..0e17fce 100644
--- a/features/dhcp.feature
+++ b/features/dhcp.feature
@@ -5,28 +5,18 @@ Feature: Getting a DHCP lease without leaking too much information
I should be able to connect to the Internet
and the hostname should not have been leaked on the network.
- Scenario: Getting a DHCP lease with the default NetworkManager connection
- Given a computer
+ Background:
+ Given I have started Tails from DVD without network and logged in
And I capture all network traffic
- And I start the computer
- And the computer boots Tails
- And I log in to a new session
- And the Tails desktop is ready
+ And the network is plugged
And Tor is ready
And all notifications have disappeared
And available upgrades have been checked
+
+ Scenario: Getting a DHCP lease with the default NetworkManager connection
Then the hostname should not have been leaked on the network
Scenario: Getting a DHCP lease with a manually configured NetworkManager connection
- Given a computer
- And I capture all network traffic
- And I start the computer
- And the computer boots Tails
- And I log in to a new session
- And the Tails desktop is ready
- And Tor is ready
- And all notifications have disappeared
- And available upgrades have been checked
- And I add a wired DHCP NetworkManager connection called "manually-added-con"
+ When I add a wired DHCP NetworkManager connection called "manually-added-con"
And I switch to the "manually-added-con" NetworkManager connection
Then the hostname should not have been leaked on the network
diff --git a/features/domains/default.xml b/features/domains/default.xml
index c0b7a7f..05d7028 100644
--- a/features/domains/default.xml
+++ b/features/domains/default.xml
@@ -1,5 +1,4 @@
<domain type='kvm' xmlns:qemu='http://libvirt.org/schemas/domain/qemu/1.0'>
- <name>TailsToaster</name>
<memory unit='KiB'>2097152</memory>
<currentMemory unit='KiB'>2097152</currentMemory>
<vcpu>1</vcpu>
@@ -23,26 +22,17 @@
<source file=''/>
<target dev='hdc' bus='ide'/>
<readonly/>
- <address type='drive' controller='0' bus='1' target='0' unit='0'/>
</disk>
- <controller type='usb' index='0' model='ich9-ehci1'>
- <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x7'/>
- </controller>
+ <controller type='usb' index='0' model='ich9-ehci1'/>
<controller type='usb' index='0' model='ich9-uhci1'>
<master startport='0'/>
- <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0' multifunction='on'/>
- </controller>
- <controller type='ide' index='0'>
- <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
- </controller>
- <controller type='virtio-serial' index='0'>
- <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/>
</controller>
+ <controller type='ide' index='0'/>
+ <controller type='virtio-serial' index='0'/>
<interface type='network'>
<mac address='52:54:00:ac:dd:ee'/>
<source network='TailsToasterNet'/>
<model type='virtio'/>
- <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
<link state='up'/>
</interface>
<serial type='tcp'>
@@ -52,21 +42,15 @@
<input type='tablet' bus='usb'/>
<channel type='spicevmc'>
<target type='virtio' name='com.redhat.spice.0'/>
- <address type='virtio-serial' controller='0' bus='0' port='1'/>
</channel>
<graphics type='spice' port='-1' tlsPort='-1' autoport='yes'>
<mouse mode='client'/>
</graphics>
- <sound model='ich6'>
- <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
- </sound>
+ <sound model='ich6'/>
<video>
<model type='qxl' vram='9216' heads='1'/>
- <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
</video>
- <memballoon model='virtio'>
- <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
- </memballoon>
+ <memballoon model='virtio'/>
</devices>
</domain>
diff --git a/features/domains/default_net.xml b/features/domains/default_net.xml
index d37935b..0b19e89 100644
--- a/features/domains/default_net.xml
+++ b/features/domains/default_net.xml
@@ -1,5 +1,4 @@
<network>
- <name>TailsToasterNet</name>
<forward mode='nat'/>
<bridge name='virbr10' stp='on' delay='0' />
<ip address='10.2.1.1' netmask='255.255.255.0'>
diff --git a/features/electrum.feature b/features/electrum.feature
index 89de323..8de1dd0 100644
--- a/features/electrum.feature
+++ b/features/electrum.feature
@@ -5,24 +5,18 @@ Feature: Electrum Bitcoin client
And all Internet traffic should flow only through Tor
Scenario: A warning will be displayed if Electrum is not persistent
- Given a computer
- And I capture all network traffic
- And I start the computer
- And the computer boots Tails
- And I log in to a new session
- And the Tails desktop is ready
- And Tor is ready
- And available upgrades have been checked
- And all notifications have disappeared
+ Given I have started Tails from DVD and logged in and the network is connected
When I start Electrum through the GNOME menu
But persistence for "electrum" is not enabled
Then I see a warning that Electrum is not persistent
Scenario: Using a persistent Electrum configuration
- Given the USB drive "current" contains Tails with persistence configured and password "asdf"
- And a computer
- And I start Tails from USB drive "current" and I login with persistence password "asdf"
- And persistence for "electrum" is enabled
+ Given I have started Tails without network from a USB drive with a persistent partition enabled and logged in
+ And the network is plugged
+ And Tor is ready
+ And available upgrades have been checked
+ And all notifications have disappeared
+ Then persistence for "electrum" is enabled
When I start Electrum through the GNOME menu
But a bitcoin wallet is not present
Then I am prompted to create a new wallet
@@ -30,8 +24,7 @@ Feature: Electrum Bitcoin client
Then a bitcoin wallet is present
And I see the main Electrum client window
And I shutdown Tails and wait for the computer to power off
- Given a computer
- And I start Tails from USB drive "current" and I login with persistence password "asdf"
+ Given I start Tails from USB drive "current" and I login with persistence enabled
When I start Electrum through the GNOME menu
And a bitcoin wallet is present
And I see the main Electrum client window
diff --git a/features/encryption.feature b/features/encryption.feature
index 2f30d2a..03b6d73 100644
--- a/features/encryption.feature
+++ b/features/encryption.feature
@@ -5,10 +5,8 @@ Feature: Encryption and verification using GnuPG
And decrypt and verify GnuPG blocks
Background:
- Given a computer
- And I start Tails from DVD with network unplugged and I login
+ Given I have started Tails from DVD without network and logged in
And I generate an OpenPGP key named "test" with password "asdf"
- And I save the state so the background can be restored next scenario
Scenario: Encryption and decryption using Tails OpenPGP Applet
When I type a message into gedit
diff --git a/features/evince.feature b/features/evince.feature
index 0a13cb6..5493fc8 100644
--- a/features/evince.feature
+++ b/features/evince.feature
@@ -4,24 +4,22 @@ Feature: Using Evince
I want to view and print PDF files in Evince
And AppArmor should prevent Evince from doing dangerous things
- Background:
- Given a computer
- And I start Tails from DVD with network unplugged and I login
- And I save the state so the background can be restored next scenario
-
Scenario: I can view and print a PDF file stored in /usr/share
+ Given I have started Tails from DVD without network and logged in
When I open "/usr/share/cups/data/default-testpage.pdf" with Evince
Then I see "CupsTestPage.png" after at most 10 seconds
And I can print the current document to "/home/amnesia/output.pdf"
Scenario: I can view and print a PDF file stored in non-persistent /home/amnesia
- Given I copy "/usr/share/cups/data/default-testpage.pdf" to "/home/amnesia" as user "amnesia"
+ Given I have started Tails from DVD without network and logged in
+ And I copy "/usr/share/cups/data/default-testpage.pdf" to "/home/amnesia" as user "amnesia"
When I open "/home/amnesia/default-testpage.pdf" with Evince
Then I see "CupsTestPage.png" after at most 10 seconds
And I can print the current document to "/home/amnesia/output.pdf"
Scenario: I cannot view a PDF file stored in non-persistent /home/amnesia/.gnupg
- Given I copy "/usr/share/cups/data/default-testpage.pdf" to "/home/amnesia/.gnupg" as user "amnesia"
+ Given I have started Tails from DVD without network and logged in
+ And I copy "/usr/share/cups/data/default-testpage.pdf" to "/home/amnesia/.gnupg" as user "amnesia"
Then the file "/home/amnesia/.gnupg/default-testpage.pdf" exists
And the file "/lib/live/mount/overlay/home/amnesia/.gnupg/default-testpage.pdf" exists
And the file "/live/overlay/home/amnesia/.gnupg/default-testpage.pdf" exists
@@ -42,30 +40,22 @@ Feature: Using Evince
# as /lib/live/mount/overlay.
And AppArmor has denied "/usr/bin/evince" from opening "/lib/live/mount/overlay/home/amnesia/.gnupg/default-testpage.pdf"
- @keep_volumes
- Scenario: Installing Tails on a USB drive, creating a persistent partition, copying PDF files to it
- Given the USB drive "current" contains Tails with persistence configured and password "asdf"
- And a computer
- And I start Tails from USB drive "current" with network unplugged and I login with persistence password "asdf"
+ Scenario: I can view and print a PDF file stored in persistent /home/amnesia/Persistent but not /home/amnesia/.gnupg
+ Given I have started Tails without network from a USB drive with a persistent partition enabled and logged in
And I copy "/usr/share/cups/data/default-testpage.pdf" to "/home/amnesia/Persistent" as user "amnesia"
Then the file "/home/amnesia/Persistent/default-testpage.pdf" exists
And I copy "/usr/share/cups/data/default-testpage.pdf" to "/home/amnesia/.gnupg" as user "amnesia"
Then the file "/home/amnesia/.gnupg/default-testpage.pdf" exists
And I shutdown Tails and wait for the computer to power off
-
- @keep_volumes
- Scenario: I can view and print a PDF file stored in persistent /home/amnesia/Persistent
- Given a computer
- And I start Tails from USB drive "current" with network unplugged and I login with persistence password "asdf"
+ And I start Tails from USB drive "current" with network unplugged and I login with persistence enabled
When I open "/home/amnesia/Persistent/default-testpage.pdf" with Evince
Then I see "CupsTestPage.png" after at most 10 seconds
And I can print the current document to "/home/amnesia/Persistent/output.pdf"
- @keep_volumes
Scenario: I cannot view a PDF file stored in persistent /home/amnesia/.gnupg
- Given a computer
- When I start Tails from USB drive "current" with network unplugged and I login with persistence password "asdf"
- Then the file "/home/amnesia/Persistent/default-testpage.pdf" exists
+ Given I have started Tails without network from a USB drive with a persistent partition enabled and logged in
+ And I copy "/usr/share/cups/data/default-testpage.pdf" to "/home/amnesia/.gnupg" as user "amnesia"
+ Then the file "/home/amnesia/.gnupg/default-testpage.pdf" exists
Given I start monitoring the AppArmor log of "/usr/bin/evince"
And I try to open "/home/amnesia/.gnupg/default-testpage.pdf" with Evince
Then I see "EvinceUnableToOpen.png" after at most 10 seconds
diff --git a/features/images/USBCloneAndInstall.png b/features/images/USBCloneAndInstall.png
index 599aabe..d25160b 100644
--- a/features/images/USBCloneAndInstall.png
+++ b/features/images/USBCloneAndInstall.png
Binary files differ
diff --git a/features/images/USBCloneAndUpgrade.png b/features/images/USBCloneAndUpgrade.png
index 5cb9f52..ef4a555 100644
--- a/features/images/USBCloneAndUpgrade.png
+++ b/features/images/USBCloneAndUpgrade.png
Binary files differ
diff --git a/features/images/USBUpgradeFromISO.png b/features/images/USBUpgradeFromISO.png
index f860f2c..d67fd84 100644
--- a/features/images/USBUpgradeFromISO.png
+++ b/features/images/USBUpgradeFromISO.png
Binary files differ
diff --git a/features/images/WindowsTorBrowserOfflinePrompt.png b/features/images/WindowsTorBrowserOfflinePrompt.png
new file mode 100644
index 0000000..08dd394
--- /dev/null
+++ b/features/images/WindowsTorBrowserOfflinePrompt.png
Binary files differ
diff --git a/features/images/WindowsTorBrowserOfflinePromptStart.png b/features/images/WindowsTorBrowserOfflinePromptStart.png
new file mode 100644
index 0000000..80419b2
--- /dev/null
+++ b/features/images/WindowsTorBrowserOfflinePromptStart.png
Binary files differ
diff --git a/features/localization.feature b/features/localization.feature
new file mode 100644
index 0000000..fafd702
--- /dev/null
+++ b/features/localization.feature
@@ -0,0 +1,18 @@
+@product
+Feature: Localization
+ As a Tails user
+ I want Tails to be localized in my native language
+ And various Tails features should still work
+
+ Scenario: The Report an Error launcher will open the support documentation in supported non-English locales
+ Given I have started Tails from DVD without network and stopped at Tails Greeter's login screen
+ And the network is plugged
+ And I log in to a new session in German
+ And Tails seems to have booted normally
+ And Tor is ready
+ When I double-click the Report an Error launcher on the desktop
+ Then the support documentation page opens in Tor Browser
+
+ Scenario: The Unsafe Browser can be used in all languages supported in Tails
+ Given I have started Tails from DVD and logged in and the network is connected
+ Then the Unsafe Browser works in all supported languages
diff --git a/features/mat.feature b/features/mat.feature
new file mode 100644
index 0000000..e492b0f
--- /dev/null
+++ b/features/mat.feature
@@ -0,0 +1,13 @@
+@product
+Feature: Metadata Anonymization Toolkit
+ As a Tails user
+ I want to be able to remove leaky metadata from documents and media files
+
+ # In this feature we cannot restore from snapshots since it's
+ # incompatible with filesystem shares.
+
+ Scenario: MAT can clean a PDF file
+ Given a computer
+ And I setup a filesystem share containing a sample PDF
+ And I start Tails from DVD with network unplugged and I login
+ Then MAT can clean some sample PDF file
diff --git a/features/persistence.feature b/features/persistence.feature
new file mode 100644
index 0000000..3fb752a
--- /dev/null
+++ b/features/persistence.feature
@@ -0,0 +1,47 @@
+@product
+Feature: Tails persistence
+ As a Tails user
+ I want to use Tails persistence feature
+
+ Scenario: Booting Tails from a USB drive with a disabled persistent partition
+ Given I have started Tails without network from a USB drive with a persistent partition and stopped at Tails Greeter's login screen
+ When I log in to a new session
+ Then Tails seems to have booted normally
+ And Tails is running from USB drive "current"
+ And persistence is disabled
+ But a Tails persistence partition exists on USB drive "current"
+
+ Scenario: Booting Tails from a USB drive with an enabled persistent partition
+ Given I have started Tails without network from a USB drive with a persistent partition enabled and logged in
+ And Tails is running from USB drive "current"
+ And all persistence presets are enabled
+ And all persistent directories have safe access rights
+
+ Scenario: Writing files first to a read/write-enabled persistent partition, and then to a read-only-enabled persistent partition
+ Given I have started Tails without network from a USB drive with a persistent partition enabled and logged in
+ And I take note of which persistence presets are available
+ When I write some files expected to persist
+ And I shutdown Tails and wait for the computer to power off
+ # XXX: The next step succeeds (and the --debug output confirms that it's actually looking for the files) but will fail in a subsequent scenario restoring the same snapshot. This exactly what we want, but why does it work? What is guestfs's behaviour when qcow2 internal snapshots are involved?
+ Then only the expected files are present on the persistence partition on USB drive "current"
+ Given I start Tails from USB drive "current" with network unplugged and I login with read-only persistence enabled
+ Then Tails is running from USB drive "current"
+ And the boot device has safe access rights
+ And all persistence presets are enabled
+ And there is no GNOME bookmark for the persistent Tor Browser directory
+ And I write some files not expected to persist
+ And I remove some files expected to persist
+ And I take note of which persistence presets are available
+ And I shutdown Tails and wait for the computer to power off
+ Then only the expected files are present on the persistence partition on USB drive "current"
+
+ Scenario: Deleting a Tails persistent partition
+ Given I have started Tails without network from a USB drive with a persistent partition and stopped at Tails Greeter's login screen
+ And I log in to a new session
+ Then Tails is running from USB drive "current"
+ And the boot device has safe access rights
+ And persistence is disabled
+ But a Tails persistence partition exists on USB drive "current"
+ And all notifications have disappeared
+ When I delete the persistent partition
+ Then there is no persistence partition on USB drive "current"
diff --git a/features/pidgin.feature b/features/pidgin.feature
index df28da9..1b55acb 100644
--- a/features/pidgin.feature
+++ b/features/pidgin.feature
@@ -7,26 +7,22 @@ Feature: Chatting anonymously using Pidgin
And AppArmor should prevent Pidgin from doing dangerous things
And all Internet traffic should flow only through Tor
- Background:
- Given a computer
- When I start Tails from DVD and I login
- Then Pidgin has the expected accounts configured with random nicknames
- And I save the state so the background can be restored next scenario
-
- @check_tor_leaks
- Scenario: Chatting with some friend over XMPP
- When I start Pidgin through the GNOME menu
- Then I see Pidgin's account manager window
- When I create my XMPP account
- And I close Pidgin's account manager window
- Then Pidgin automatically enables my XMPP account
- Given my XMPP friend goes online
- When I start a conversation with my friend
- And I say something to my friend
- Then I receive a response from my friend
+ @check_tor_leaks
+ Scenario: Chatting with some friend over XMPP
+ Given I have started Tails from DVD and logged in and the network is connected
+ When I start Pidgin through the GNOME menu
+ Then I see Pidgin's account manager window
+ When I create my XMPP account
+ And I close Pidgin's account manager window
+ Then Pidgin automatically enables my XMPP account
+ Given my XMPP friend goes online
+ When I start a conversation with my friend
+ And I say something to my friend
+ Then I receive a response from my friend
@check_tor_leaks
Scenario: Chatting with some friend over XMPP in a multi-user chat
+ Given I have started Tails from DVD and logged in and the network is connected
When I start Pidgin through the GNOME menu
Then I see Pidgin's account manager window
When I create my XMPP account
@@ -41,6 +37,7 @@ Feature: Chatting anonymously using Pidgin
@check_tor_leaks
Scenario: Chatting with some friend over XMPP and with OTR
+ Given I have started Tails from DVD and logged in and the network is connected
When I start Pidgin through the GNOME menu
Then I see Pidgin's account manager window
When I create my XMPP account
@@ -54,8 +51,10 @@ Feature: Chatting anonymously using Pidgin
When I say something to my friend
Then I receive a response from my friend
- @check_tor_leaks
+ @check_tor_leaks @fragile
Scenario: Connecting to the #tails IRC channel with the pre-configured account
+ Given I have started Tails from DVD and logged in and the network is connected
+ And Pidgin has the expected accounts configured with random nicknames
When I start Pidgin through the GNOME menu
Then I see Pidgin's account manager window
When I activate the "irc.oftc.net" Pidgin account
@@ -70,13 +69,15 @@ Feature: Chatting anonymously using Pidgin
And the "irc.oftc.net" account only responds to PING and VERSION CTCP requests
Scenario: Adding a certificate to Pidgin
+ Given I have started Tails from DVD and logged in and the network is connected
And I start Pidgin through the GNOME menu
And I see Pidgin's account manager window
And I close Pidgin's account manager window
Then I can add a certificate from the "/home/amnesia" directory to Pidgin
Scenario: Failing to add a certificate to Pidgin
- And I start Pidgin through the GNOME menu
+ Given I have started Tails from DVD and logged in and the network is connected
+ When I start Pidgin through the GNOME menu
And I see Pidgin's account manager window
And I close Pidgin's account manager window
Then I cannot add a certificate from the "/home/amnesia/.gnupg" directory to Pidgin
@@ -87,11 +88,14 @@ Feature: Chatting anonymously using Pidgin
And I close Pidgin's certificate manager
Then I cannot add a certificate from the "/live/overlay/home/amnesia/.gnupg" directory to Pidgin
- @keep_volumes @check_tor_leaks
+ @check_tor_leaks
Scenario: Using a persistent Pidgin configuration
- Given the USB drive "current" contains Tails with persistence configured and password "asdf"
- And a computer
- And I start Tails from USB drive "current" and I login with persistence password "asdf"
+ Given I have started Tails without network from a USB drive with a persistent partition enabled and logged in
+ And Pidgin has the expected accounts configured with random nicknames
+ And the network is plugged
+ And Tor is ready
+ And available upgrades have been checked
+ And all notifications have disappeared
When I start Pidgin through the GNOME menu
Then I see Pidgin's account manager window
# And I generate an OTR key for the default Pidgin account
@@ -99,7 +103,7 @@ Feature: Chatting anonymously using Pidgin
# And I take note of the OTR key for Pidgin's "irc.oftc.net" account
And I shutdown Tails and wait for the computer to power off
Given a computer
- And I start Tails from USB drive "current" and I login with persistence password "asdf"
+ And I start Tails from USB drive "current" and I login with persistence enabled
And Pidgin has the expected persistent accounts configured
# And Pidgin has the expected persistent OTR keys
When I start Pidgin through the GNOME menu
diff --git a/features/root_access_control.feature b/features/root_access_control.feature
index d89b35a..3fbd9e5 100644
--- a/features/root_access_control.feature
+++ b/features/root_access_control.feature
@@ -6,39 +6,23 @@ Feature: Root access control enforcement
But when I do not set an administration password
I should not be able to attain administration privileges at all.
- Background:
- Given a computer
- And the network is unplugged
- And I start the computer
- And the computer boots Tails
- And I save the state so the background can be restored next scenario
-
Scenario: If an administrative password is set in Tails Greeter the live user should be able to run arbitrary commands with administrative privileges.
- Given I enable more Tails Greeter options
- And I set sudo password "asdf"
- And I log in to a new session
- And Tails Greeter has dealt with the sudo password
+ Given I have started Tails from DVD without network and logged in with an administration password
Then I should be able to run administration commands as the live user
Scenario: If no administrative password is set in Tails Greeter the live user should not be able to run arbitrary commands administrative privileges.
- Given I log in to a new session
+ Given I have started Tails from DVD without network and logged in
And Tails Greeter has dealt with the sudo password
Then I should not be able to run administration commands as the live user with the "" password
And I should not be able to run administration commands as the live user with the "amnesia" password
And I should not be able to run administration commands as the live user with the "live" password
Scenario: If an administrative password is set in Tails Greeter the live user should be able to get administrative privileges through PolicyKit
- Given I enable more Tails Greeter options
- And I set sudo password "asdf"
- And I log in to a new session
- And Tails Greeter has dealt with the sudo password
- And the Tails desktop is ready
+ Given I have started Tails from DVD without network and logged in with an administration password
And running a command as root with pkexec requires PolicyKit administrator privileges
Then I should be able to run a command as root with pkexec
Scenario: If no administrative password is set in Tails Greeter the live user should not be able to get administrative privileges through PolicyKit with the standard passwords.
- Given I log in to a new session
- And Tails Greeter has dealt with the sudo password
- And the Tails desktop is ready
+ Given I have started Tails from DVD without network and logged in
And running a command as root with pkexec requires PolicyKit administrator privileges
Then I should not be able to run a command as root with pkexec and the standard passwords
diff --git a/features/ssh.feature b/features/ssh.feature
index 2ebcc9f..08b63b5 100644
--- a/features/ssh.feature
+++ b/features/ssh.feature
@@ -5,15 +5,7 @@ Feature: Logging in via SSH
all Internet traffic should flow only through Tor
Background:
- Given a computer
- And I start the computer
- And the computer boots Tails
- And I log in to a new session
- And the Tails desktop is ready
- And Tor is ready
- And available upgrades have been checked
- And all notifications have disappeared
- And I save the state so the background can be restored next scenario
+ Given I have started Tails from DVD and logged in and the network is connected
@check_tor_leaks
Scenario: Connecting to an SSH server on the Internet
diff --git a/features/step_definitions/apt.rb b/features/step_definitions/apt.rb
index 8be9e6d..c3735fd 100644
--- a/features/step_definitions/apt.rb
+++ b/features/step_definitions/apt.rb
@@ -1,9 +1,8 @@
require 'uri'
Given /^the only hosts in APT sources are "([^"]*)"$/ do |hosts_str|
- next if @skip_steps_while_restoring_background
hosts = hosts_str.split(',')
- @vm.file_content("/etc/apt/sources.list /etc/apt/sources.list.d/*").chomp.each_line { |line|
+ $vm.file_content("/etc/apt/sources.list /etc/apt/sources.list.d/*").chomp.each_line { |line|
next if ! line.start_with? "deb"
source_host = URI(line.split[1]).host
if !hosts.include?(source_host)
@@ -13,25 +12,22 @@ Given /^the only hosts in APT sources are "([^"]*)"$/ do |hosts_str|
end
When /^I update APT using apt-get$/ do
- next if @skip_steps_while_restoring_background
Timeout::timeout(30*60) do
- @vm.execute_successfully("echo #{@sudo_password} | " +
+ $vm.execute_successfully("echo #{@sudo_password} | " +
"sudo -S apt-get update", LIVE_USER)
end
end
Then /^I should be able to install a package using apt-get$/ do
- next if @skip_steps_while_restoring_background
package = "cowsay"
Timeout::timeout(120) do
- @vm.execute_successfully("echo #{@sudo_password} | " +
+ $vm.execute_successfully("echo #{@sudo_password} | " +
"sudo -S apt-get install #{package}", LIVE_USER)
end
step "package \"#{package}\" is installed"
end
When /^I update APT using Synaptic$/ do
- next if @skip_steps_while_restoring_background
# Upon start the interface will be frozen while Synaptic loads the
# package list. Since the frozen GUI is so similar to the unfrozen
# one there's no easy way to reliably wait for the latter. Hence we
@@ -46,7 +42,6 @@ When /^I update APT using Synaptic$/ do
end
Then /^I should be able to install a package using Synaptic$/ do
- next if @skip_steps_while_restoring_background
package = "cowsay"
@screen.type("f", Sikuli::KeyModifier.CTRL) # Find key
@screen.wait_and_click('SynapticSearch.png', 10)
@@ -63,7 +58,6 @@ Then /^I should be able to install a package using Synaptic$/ do
end
When /^I start Synaptic$/ do
- next if @skip_steps_while_restoring_background
step 'I start "Synaptic" via the GNOME "System"/"Administration" applications menu'
deal_with_polkit_prompt('SynapticPolicyKitAuthPrompt.png', @sudo_password)
end
diff --git a/features/step_definitions/checks.rb b/features/step_definitions/checks.rb
index 7397f24..095bacd 100644
--- a/features/step_definitions/checks.rb
+++ b/features/step_definitions/checks.rb
@@ -1,11 +1,10 @@
def shipped_openpgp_keys
- shipped_gpg_keys = @vm.execute_successfully('gpg --batch --with-colons --fingerprint --list-key', LIVE_USER).stdout
+ shipped_gpg_keys = $vm.execute_successfully('gpg --batch --with-colons --fingerprint --list-key', LIVE_USER).stdout
openpgp_fingerprints = shipped_gpg_keys.scan(/^fpr:::::::::([A-Z0-9]+):$/).flatten
return openpgp_fingerprints
end
Then /^the OpenPGP keys shipped with Tails will be valid for the next (\d+) months$/ do |months|
- next if @skip_steps_while_restoring_background
invalid = Array.new
shipped_openpgp_keys.each do |key|
begin
@@ -19,7 +18,6 @@ Then /^the OpenPGP keys shipped with Tails will be valid for the next (\d+) mont
end
Then /^the shipped (?:Debian repository key|OpenPGP key ([A-Z0-9]+)) will be valid for the next (\d+) months$/ do |fingerprint, max_months|
- next if @skip_steps_while_restoring_background
if fingerprint
cmd = 'gpg'
user = LIVE_USER
@@ -28,7 +26,7 @@ Then /^the shipped (?:Debian repository key|OpenPGP key ([A-Z0-9]+)) will be val
cmd = 'apt-key adv'
user = 'root'
end
- shipped_sig_key_info = @vm.execute_successfully("#{cmd} --batch --list-key #{fingerprint}", user).stdout
+ shipped_sig_key_info = $vm.execute_successfully("#{cmd} --batch --list-key #{fingerprint}", user).stdout
m = /\[expire[ds]: ([0-9-]*)\]/.match(shipped_sig_key_info)
if m
expiration_date = Date.parse(m[1])
@@ -38,23 +36,20 @@ Then /^the shipped (?:Debian repository key|OpenPGP key ([A-Z0-9]+)) will be val
end
Then /^I double-click the Report an Error launcher on the desktop$/ do
- next if @skip_steps_while_restoring_background
@screen.wait_and_double_click('DesktopReportAnError.png', 30)
end
Then /^the live user has been setup by live\-boot$/ do
- next if @skip_steps_while_restoring_background
- assert(@vm.execute("test -e /var/lib/live/config/user-setup").success?,
+ assert($vm.execute("test -e /var/lib/live/config/user-setup").success?,
"live-boot failed its user-setup")
- actual_username = @vm.execute(". /etc/live/config/username.conf; " +
+ actual_username = $vm.execute(". /etc/live/config/username.conf; " +
"echo $LIVE_USERNAME").stdout.chomp
assert_equal(LIVE_USER, actual_username)
end
Then /^the live user is a member of only its own group and "(.*?)"$/ do |groups|
- next if @skip_steps_while_restoring_background
expected_groups = groups.split(" ") << LIVE_USER
- actual_groups = @vm.execute("groups #{LIVE_USER}").stdout.chomp.sub(/^#{LIVE_USER} : /, "").split(" ")
+ actual_groups = $vm.execute("groups #{LIVE_USER}").stdout.chomp.sub(/^#{LIVE_USER} : /, "").split(" ")
unexpected = actual_groups - expected_groups
missing = expected_groups - actual_groups
assert_equal(0, unexpected.size,
@@ -64,19 +59,17 @@ Then /^the live user is a member of only its own group and "(.*?)"$/ do |groups|
end
Then /^the live user owns its home dir and it has normal permissions$/ do
- next if @skip_steps_while_restoring_background
home = "/home/#{LIVE_USER}"
- assert(@vm.execute("test -d #{home}").success?,
+ assert($vm.execute("test -d #{home}").success?,
"The live user's home doesn't exist or is not a directory")
- owner = @vm.execute("stat -c %U:%G #{home}").stdout.chomp
- perms = @vm.execute("stat -c %a #{home}").stdout.chomp
+ owner = $vm.execute("stat -c %U:%G #{home}").stdout.chomp
+ perms = $vm.execute("stat -c %a #{home}").stdout.chomp
assert_equal("#{LIVE_USER}:#{LIVE_USER}", owner)
assert_equal("700", perms)
end
Then /^no unexpected services are listening for network connections$/ do
- next if @skip_steps_while_restoring_background
- netstat_cmd = @vm.execute("netstat -ltupn")
+ netstat_cmd = $vm.execute("netstat -ltupn")
assert netstat_cmd.success?
for line in netstat_cmd.stdout.chomp.split("\n") do
splitted = line.split(/[[:blank:]]+/)
@@ -104,15 +97,13 @@ Then /^no unexpected services are listening for network connections$/ do
end
When /^Tails has booted a 64-bit kernel$/ do
- next if @skip_steps_while_restoring_background
- assert(@vm.execute("uname -r | grep -qs 'amd64$'").success?,
+ assert($vm.execute("uname -r | grep -qs 'amd64$'").success?,
"Tails has not booted a 64-bit kernel.")
end
Then /^GNOME Screenshot is configured to save files to the live user's home directory$/ do
- next if @skip_steps_while_restoring_background
home = "/home/#{LIVE_USER}"
- save_path = @vm.execute_successfully(
+ save_path = $vm.execute_successfully(
"gsettings get org.gnome.gnome-screenshot auto-save-directory",
LIVE_USER).stdout.chomp.tr("'","")
assert_equal("file://#{home}", save_path,
@@ -120,28 +111,24 @@ Then /^GNOME Screenshot is configured to save files to the live user's home dire
end
Then /^there is no screenshot in the live user's home directory$/ do
- next if @skip_steps_while_restoring_background
home = "/home/#{LIVE_USER}"
- assert(@vm.execute("find '#{home}' -name 'Screenshot*.png' -maxdepth 1").stdout.empty?,
+ assert($vm.execute("find '#{home}' -name 'Screenshot*.png' -maxdepth 1").stdout.empty?,
"Existing screenshots were found in the live user's home directory.")
end
Then /^a screenshot is saved to the live user's home directory$/ do
- next if @skip_steps_while_restoring_background
home = "/home/#{LIVE_USER}"
try_for(10, :msg=> "No screenshot was created in #{home}") {
- !@vm.execute("find '#{home}' -name 'Screenshot*.png' -maxdepth 1").stdout.empty?
+ !$vm.execute("find '#{home}' -name 'Screenshot*.png' -maxdepth 1").stdout.empty?
}
end
Then /^the VirtualBox guest modules are available$/ do
- next if @skip_steps_while_restoring_background
- assert(@vm.execute("modinfo vboxguest").success?,
+ assert($vm.execute("modinfo vboxguest").success?,
"The vboxguest module is not available.")
end
Given /^I setup a filesystem share containing a sample PDF$/ do
- next if @skip_steps_while_restoring_background
shared_pdf_dir_on_host = "#{$config["TMPDIR"]}/shared_pdf_dir"
@shared_pdf_dir_on_guest = "/tmp/shared_pdf_dir"
FileUtils.mkdir_p(shared_pdf_dir_on_host)
@@ -149,51 +136,48 @@ Given /^I setup a filesystem share containing a sample PDF$/ do
FileUtils.cp(pdf_file, shared_pdf_dir_on_host)
end
add_after_scenario_hook { FileUtils.rm_r(shared_pdf_dir_on_host) }
- @vm.add_share(shared_pdf_dir_on_host, @shared_pdf_dir_on_guest)
+ $vm.add_share(shared_pdf_dir_on_host, @shared_pdf_dir_on_guest)
end
Then /^the support documentation page opens in Tor Browser$/ do
- next if @skip_steps_while_restoring_background
@screen.wait("SupportDocumentation#{@language}.png", 120)
end
Then /^MAT can clean some sample PDF file$/ do
- next if @skip_steps_while_restoring_background
for pdf_on_host in Dir.glob("#{MISC_FILES_DIR}/*.pdf") do
pdf_name = File.basename(pdf_on_host)
pdf_on_guest = "/home/#{LIVE_USER}/#{pdf_name}"
step "I copy \"#{@shared_pdf_dir_on_guest}/#{pdf_name}\" to \"#{pdf_on_guest}\" as user \"#{LIVE_USER}\""
- check_before = @vm.execute_successfully("mat --check '#{pdf_on_guest}'",
+ check_before = $vm.execute_successfully("mat --check '#{pdf_on_guest}'",
LIVE_USER).stdout
assert(check_before.include?("#{pdf_on_guest} is not clean"),
"MAT failed to see that '#{pdf_on_host}' is dirty")
- @vm.execute_successfully("mat '#{pdf_on_guest}'", LIVE_USER)
- check_after = @vm.execute_successfully("mat --check '#{pdf_on_guest}'",
+ $vm.execute_successfully("mat '#{pdf_on_guest}'", LIVE_USER)
+ check_after = $vm.execute_successfully("mat --check '#{pdf_on_guest}'",
LIVE_USER).stdout
assert(check_after.include?("#{pdf_on_guest} is clean"),
"MAT failed to clean '#{pdf_on_host}'")
- @vm.execute_successfully("rm '#{pdf_on_guest}'")
+ $vm.execute_successfully("rm '#{pdf_on_guest}'")
end
end
Then /^AppArmor is enabled$/ do
- assert(@vm.execute("aa-status").success?, "AppArmor is not enabled")
+ assert($vm.execute("aa-status").success?, "AppArmor is not enabled")
end
Then /^some AppArmor profiles are enforced$/ do
- assert(@vm.execute("aa-status --enforced").stdout.chomp.to_i > 0,
+ assert($vm.execute("aa-status --enforced").stdout.chomp.to_i > 0,
"No AppArmor profile is enforced")
end
def get_seccomp_status(process)
- assert(@vm.has_process?(process), "Process #{process} not running.")
- pid = @vm.pidof(process)[0]
- status = @vm.file_content("/proc/#{pid}/status")
+ assert($vm.has_process?(process), "Process #{process} not running.")
+ pid = $vm.pidof(process)[0]
+ status = $vm.file_content("/proc/#{pid}/status")
return status.match(/^Seccomp:\s+([0-9])/)[1].chomp.to_i
end
Then /^the running process "(.+)" is confined with Seccomp in (filter|strict) mode$/ do |process,mode|
- next if @skip_steps_while_restoring_background
status = get_seccomp_status(process)
if mode == 'strict'
assert_equal(1, status, "#{process} not confined with Seccomp in strict mode")
diff --git a/features/step_definitions/common_steps.rb b/features/step_definitions/common_steps.rb
index 2a4c285..ee1691d 100644
--- a/features/step_definitions/common_steps.rb
+++ b/features/step_definitions/common_steps.rb
@@ -17,23 +17,23 @@ def activate_filesystem_shares
# "probe of virtio2 failed with error -2" (in dmesg) which makes the
# shares unavailable. Hence we leave this code commented for now.
#for mod in ["9pnet_virtio", "9p"] do
- # @vm.execute("modprobe #{mod}")
+ # $vm.execute("modprobe #{mod}")
#end
- @vm.list_shares.each do |share|
- @vm.execute("mkdir -p #{share}")
- @vm.execute("mount -t 9p -o trans=virtio #{share} #{share}")
+ $vm.list_shares.each do |share|
+ $vm.execute("mkdir -p #{share}")
+ $vm.execute("mount -t 9p -o trans=virtio #{share} #{share}")
end
end
def deactivate_filesystem_shares
- @vm.list_shares.each do |share|
- @vm.execute("umount #{share}")
+ $vm.list_shares.each do |share|
+ $vm.execute("umount #{share}")
end
# XXX-9p: See XXX-9p above
#for mod in ["9p", "9pnet_virtio"] do
- # @vm.execute("modprobe -r #{mod}")
+ # $vm.execute("modprobe -r #{mod}")
#end
end
@@ -48,9 +48,8 @@ def notification_helper(notification_image, time_to_wait)
end
end
-def restore_background
- @vm.restore_snapshot($background_snapshot)
- @vm.wait_until_remote_shell_is_up
+def post_snapshot_restore_hook
+ $vm.wait_until_remote_shell_is_up
post_vm_start_hook
# XXX-9p: See XXX-9p above
@@ -59,82 +58,69 @@ def restore_background
# The guest's Tor's circuits' states are likely to get out of sync
# with the other relays, so we ensure that we have fresh circuits.
# Time jumps and incorrect clocks also confuses Tor in many ways.
- if @vm.has_network?
- if @vm.execute("service tor status").success?
- @vm.execute("service tor stop")
- @vm.execute("rm -f /var/log/tor/log")
- @vm.host_to_guest_time_sync
- @vm.spawn("restart-tor")
+ if $vm.has_network?
+ if $vm.execute("service tor status").success?
+ $vm.execute("service tor stop")
+ $vm.execute("rm -f /var/log/tor/log")
+ $vm.host_to_guest_time_sync
+ $vm.spawn("restart-tor")
wait_until_tor_is_working
end
else
- @vm.host_to_guest_time_sync
+ $vm.host_to_guest_time_sync
end
end
Given /^a computer$/ do
- @vm.destroy_and_undefine if @vm
- @vm = VM.new($virt, VM_XML_PATH, $vmnet, $vmstorage, DISPLAY)
+ $vm.destroy_and_undefine if $vm
+ $vm = VM.new($virt, VM_XML_PATH, $vmnet, $vmstorage, DISPLAY)
end
Given /^the computer has (\d+) ([[:alpha:]]+) of RAM$/ do |size, unit|
- next if @skip_steps_while_restoring_background
- @vm.set_ram_size(size, unit)
+ $vm.set_ram_size(size, unit)
end
Given /^the computer is set to boot from the Tails DVD$/ do
- next if @skip_steps_while_restoring_background
- @vm.set_cdrom_boot(TAILS_ISO)
+ $vm.set_cdrom_boot(TAILS_ISO)
end
Given /^the computer is set to boot from (.+?) drive "(.+?)"$/ do |type, name|
- next if @skip_steps_while_restoring_background
- @vm.set_disk_boot(name, type.downcase)
+ $vm.set_disk_boot(name, type.downcase)
end
-Given /^I create a (\d+) ([[:alpha:]]+) disk named "([^"]+)"$/ do |size, unit, name|
- next if @skip_steps_while_restoring_background
- @vm.storage.create_new_disk(name, {:size => size, :unit => unit,
+Given /^I (temporarily )?create a (\d+) ([[:alpha:]]+) disk named "([^"]+)"$/ do |temporary, size, unit, name|
+ $vm.storage.create_new_disk(name, {:size => size, :unit => unit,
:type => "qcow2"})
+ add_after_scenario_hook { $vm.storage.delete_volume(name) } if temporary
end
Given /^I plug (.+) drive "([^"]+)"$/ do |bus, name|
- next if @skip_steps_while_restoring_background
- @vm.plug_drive(name, bus.downcase)
- if @vm.is_running?
+ $vm.plug_drive(name, bus.downcase)
+ if $vm.is_running?
step "drive \"#{name}\" is detected by Tails"
end
end
Then /^drive "([^"]+)" is detected by Tails$/ do |name|
- next if @skip_steps_while_restoring_background
- raise "Tails is not running" unless @vm.is_running?
+ raise "Tails is not running" unless $vm.is_running?
try_for(10, :msg => "Drive '#{name}' is not detected by Tails") do
- @vm.disk_detected?(name)
+ $vm.disk_detected?(name)
end
end
Given /^the network is plugged$/ do
- # We don't skip this step when restoring the background to ensure
- # that the network state is actually the same after restoring as
- # when the snapshot was made.
- @vm.plug_network
+ $vm.plug_network
end
Given /^the network is unplugged$/ do
- # See comment in the step "the network is plugged".
- @vm.unplug_network
+ $vm.unplug_network
end
Given /^the hardware clock is set to "([^"]*)"$/ do |time|
- next if @skip_steps_while_restoring_background
- @vm.set_hardware_clock(DateTime.parse(time).to_time)
+ $vm.set_hardware_clock(DateTime.parse(time).to_time)
end
Given /^I capture all network traffic$/ do
- # Note: We don't want skip this particular stpe if
- # @skip_steps_while_restoring_background is set since it starts
- # something external to the VM state.
@sniffer = Sniffer.new("sniffer", $vmnet)
@sniffer.capture
add_after_scenario_hook do
@@ -144,21 +130,17 @@ Given /^I capture all network traffic$/ do
end
Given /^I set Tails to boot with options "([^"]*)"$/ do |options|
- next if @skip_steps_while_restoring_background
@boot_options = options
end
When /^I start the computer$/ do
- next if @skip_steps_while_restoring_background
- assert(!@vm.is_running?,
+ assert(!$vm.is_running?,
"Trying to start a VM that is already running")
- @vm.start
+ $vm.start
post_vm_start_hook
end
-Given /^I start Tails( from DVD)?( with network unplugged)? and I login$/ do |dvd_boot, network_unplugged|
- # we don't @skip_steps_while_restoring_background as we're only running
- # other steps, that are taking care of it *if* they have to
+Given /^I start Tails( from DVD)?( with network unplugged)?( and I login)?$/ do |dvd_boot, network_unplugged, do_login|
step "the computer is set to boot from the Tails DVD" if dvd_boot
if network_unplugged.nil?
step "the network is plugged"
@@ -167,20 +149,20 @@ Given /^I start Tails( from DVD)?( with network unplugged)? and I login$/ do |dv
end
step "I start the computer"
step "the computer boots Tails"
- step "I log in to a new session"
- step "Tails seems to have booted normally"
- if network_unplugged.nil?
- step "Tor is ready"
- step "all notifications have disappeared"
- step "available upgrades have been checked"
- else
- step "all notifications have disappeared"
+ if do_login
+ step "I log in to a new session"
+ step "Tails seems to have booted normally"
+ if network_unplugged.nil?
+ step "Tor is ready"
+ step "all notifications have disappeared"
+ step "available upgrades have been checked"
+ else
+ step "all notifications have disappeared"
+ end
end
end
-Given /^I start Tails from (.+?) drive "(.+?)"(| with network unplugged) and I login(| with(| read-only) persistence password "([^"]+)")$/ do |drive_type, drive_name, network_unplugged, persistence_on, persistence_ro, persistence_pwd|
- # we don't @skip_steps_while_restoring_background as we're only running
- # other steps, that are taking care of it *if* they have to
+Given /^I start Tails from (.+?) drive "(.+?)"(| with network unplugged)( and I login(| with(| read-only) persistence enabled))?$/ do |drive_type, drive_name, network_unplugged, do_login, persistence_on, persistence_ro|
step "the computer is set to boot from #{drive_type} drive \"#{drive_name}\""
if network_unplugged.empty?
step "the network is plugged"
@@ -189,45 +171,42 @@ Given /^I start Tails from (.+?) drive "(.+?)"(| with network unplugged) and I l
end
step "I start the computer"
step "the computer boots Tails"
- if ! persistence_on.empty?
- assert(! persistence_pwd.empty?, "A password must be provided when enabling persistence")
- if persistence_ro.empty?
- step "I enable persistence with password \"#{persistence_pwd}\""
+ if do_login
+ if ! persistence_on.empty?
+ if persistence_ro.empty?
+ step "I enable persistence"
+ else
+ step "I enable read-only persistence"
+ end
+ end
+ step "I log in to a new session"
+ step "Tails seems to have booted normally"
+ if network_unplugged.empty?
+ step "Tor is ready"
+ step "all notifications have disappeared"
+ step "available upgrades have been checked"
else
- step "I enable read-only persistence with password \"#{persistence_pwd}\""
+ step "all notifications have disappeared"
end
end
- step "I log in to a new session"
- step "Tails seems to have booted normally"
- if network_unplugged.empty?
- step "Tor is ready"
- step "all notifications have disappeared"
- step "available upgrades have been checked"
- else
- step "all notifications have disappeared"
- end
end
When /^I power off the computer$/ do
- next if @skip_steps_while_restoring_background
- assert(@vm.is_running?,
+ assert($vm.is_running?,
"Trying to power off an already powered off VM")
- @vm.power_off
+ $vm.power_off
end
When /^I cold reboot the computer$/ do
- next if @skip_steps_while_restoring_background
step "I power off the computer"
step "I start the computer"
end
When /^I destroy the computer$/ do
- next if @skip_steps_while_restoring_background
- @vm.destroy_and_undefine
+ $vm.destroy_and_undefine
end
Given /^the computer (re)?boots Tails$/ do |reboot|
- next if @skip_steps_while_restoring_background
boot_timeout = 30
# We need some extra time for memory wiping if rebooting
@@ -250,12 +229,11 @@ Given /^the computer (re)?boots Tails$/ do |reboot|
@screen.type(" autotest_never_use_this_option blacklist=psmouse #{@boot_options}" +
Sikuli::Key.ENTER)
@screen.wait('TailsGreeter.png', 30*60)
- @vm.wait_until_remote_shell_is_up
+ $vm.wait_until_remote_shell_is_up
activate_filesystem_shares
end
Given /^I log in to a new session(?: in )?(|German)$/ do |lang|
- next if @skip_steps_while_restoring_background
case lang
when 'German'
@language = "German"
@@ -270,7 +248,6 @@ Given /^I log in to a new session(?: in )?(|German)$/ do |lang|
end
Given /^I enable more Tails Greeter options$/ do
- next if @skip_steps_while_restoring_background
match = @screen.find('TailsGreeterMoreOptions.png')
@screen.click(match.getCenter.offset(match.w/2, match.h*2))
@screen.wait_and_click('TailsGreeterForward.png', 10)
@@ -278,13 +255,10 @@ Given /^I enable more Tails Greeter options$/ do
end
Given /^I enable the specific Tor configuration option$/ do
- next if @skip_steps_while_restoring_background
@screen.click('TailsGreeterTorConf.png')
end
-Given /^I set sudo password "([^"]*)"$/ do |password|
- @sudo_password = password
- next if @skip_steps_while_restoring_background
+Given /^I set an administration password$/ do
@screen.wait("TailsGreeterAdminPassword.png", 20)
@screen.type(@sudo_password)
@screen.type(Sikuli::Key.TAB)
@@ -292,16 +266,14 @@ Given /^I set sudo password "([^"]*)"$/ do |password|
end
Given /^Tails Greeter has dealt with the sudo password$/ do
- next if @skip_steps_while_restoring_background
f1 = "/etc/sudoers.d/tails-greeter"
f2 = "#{f1}-no-password-lecture"
try_for(20) {
- @vm.execute("test -e '#{f1}' -o -e '#{f2}'").success?
+ $vm.execute("test -e '#{f1}' -o -e '#{f2}'").success?
}
end
Given /^the Tails desktop is ready$/ do
- next if @skip_steps_while_restoring_background
case @theme
when "windows"
desktop_started_picture = 'WindowsStartButton.png'
@@ -316,43 +288,36 @@ Given /^the Tails desktop is ready$/ do
end
Then /^Tails seems to have booted normally$/ do
- next if @skip_steps_while_restoring_background
step "the Tails desktop is ready"
end
When /^I see the 'Tor is ready' notification$/ do
- next if @skip_steps_while_restoring_background
notification_helper('GnomeTorIsReady.png', 300)
@screen.waitVanish("GnomeTorIsReady.png", 15)
end
Given /^Tor is ready$/ do
- next if @skip_steps_while_restoring_background
step "Tor has built a circuit"
step "the time has synced"
end
Given /^Tor has built a circuit$/ do
- next if @skip_steps_while_restoring_background
wait_until_tor_is_working
end
Given /^the time has synced$/ do
- next if @skip_steps_while_restoring_background
["/var/run/tordate/done", "/var/run/htpdate/success"].each do |file|
- try_for(300) { @vm.execute("test -e #{file}").success? }
+ try_for(300) { $vm.execute("test -e #{file}").success? }
end
end
Given /^available upgrades have been checked$/ do
- next if @skip_steps_while_restoring_background
try_for(300) {
- @vm.execute("test -e '/var/run/tails-upgrader/checked_upgrades'").success?
+ $vm.execute("test -e '/var/run/tails-upgrader/checked_upgrades'").success?
}
end
Given /^the Tor Browser has started$/ do
- next if @skip_steps_while_restoring_background
case @theme
when "windows"
tor_browser_picture = "WindowsTorBrowserWindow.png"
@@ -364,7 +329,6 @@ Given /^the Tor Browser has started$/ do
end
Given /^the Tor Browser (?:has started and )?load(?:ed|s) the (startup page|Tails roadmap)$/ do |page|
- next if @skip_steps_while_restoring_background
case page
when "startup page"
picture = "TorBrowserStartupPage.png"
@@ -378,12 +342,10 @@ Given /^the Tor Browser (?:has started and )?load(?:ed|s) the (startup page|Tail
end
Given /^the Tor Browser has started in offline mode$/ do
- next if @skip_steps_while_restoring_background
@screen.wait("TorBrowserOffline.png", 60)
end
Given /^I add a bookmark to eff.org in the Tor Browser$/ do
- next if @skip_steps_while_restoring_background
url = "https://www.eff.org"
step "I open the address \"#{url}\" in the Tor Browser"
@screen.wait("TorBrowserOffline.png", 5)
@@ -393,13 +355,11 @@ Given /^I add a bookmark to eff.org in the Tor Browser$/ do
end
Given /^the Tor Browser has a bookmark to eff.org$/ do
- next if @skip_steps_while_restoring_background
@screen.type("b", Sikuli::KeyModifier.ALT)
@screen.wait("TorBrowserEFFBookmark.png", 10)
end
Given /^all notifications have disappeared$/ do
- next if @skip_steps_while_restoring_background
case @theme
when "windows"
notification_picture = "WindowsNotificationX.png"
@@ -409,35 +369,7 @@ Given /^all notifications have disappeared$/ do
@screen.waitVanish(notification_picture, 60)
end
-Given /^I save the state so the background can be restored next scenario$/ do
- if @skip_steps_while_restoring_background
- assert(File.size?($background_snapshot),
- "We have been skipping steps but there is no snapshot to restore")
- else
- # To be sure we run the feature from scratch we remove any
- # leftover snapshot that wasn't removed.
- if File.exist?($background_snapshot)
- File.delete($background_snapshot)
- end
- # Workaround: when libvirt takes ownership of the snapshot it may
- # become unwritable for the user running this script so it cannot
- # be removed during clean up.
- FileUtils.touch($background_snapshot)
- FileUtils.chmod(0666, $background_snapshot)
-
- # Snapshots cannot be saved while filesystem shares are mounted
- # XXX-9p: See XXX-9p above.
- #deactivate_filesystem_shares
-
- @vm.save_snapshot($background_snapshot)
- end
- restore_background
- # Now we stop skipping steps from the snapshot restore.
- @skip_steps_while_restoring_background = false
-end
-
Then /^I (do not )?see "([^"]*)" after at most (\d+) seconds$/ do |negation, image, time|
- next if @skip_steps_while_restoring_background
begin
@screen.wait(image, time.to_i)
raise "found '#{image}' while expecting not to" if negation
@@ -447,14 +379,12 @@ Then /^I (do not )?see "([^"]*)" after at most (\d+) seconds$/ do |negation, ima
end
Then /^all Internet traffic has only flowed through Tor$/ do
- next if @skip_steps_while_restoring_background
leaks = FirewallLeakCheck.new(@sniffer.pcap_file,
:accepted_hosts => get_all_tor_nodes)
leaks.assert_no_leaks
end
Given /^I enter the sudo password in the pkexec prompt$/ do
- next if @skip_steps_while_restoring_background
step "I enter the \"#{@sudo_password}\" password in the pkexec prompt"
end
@@ -466,69 +396,59 @@ def deal_with_polkit_prompt (image, password)
end
Given /^I enter the "([^"]*)" password in the pkexec prompt$/ do |password|
- next if @skip_steps_while_restoring_background
deal_with_polkit_prompt('PolicyKitAuthPrompt.png', password)
end
Given /^process "([^"]+)" is running$/ do |process|
- next if @skip_steps_while_restoring_background
- assert(@vm.has_process?(process),
+ assert($vm.has_process?(process),
"Process '#{process}' is not running")
end
Given /^process "([^"]+)" is running within (\d+) seconds$/ do |process, time|
- next if @skip_steps_while_restoring_background
try_for(time.to_i, :msg => "Process '#{process}' is not running after " +
"waiting for #{time} seconds") do
- @vm.has_process?(process)
+ $vm.has_process?(process)
end
end
Given /^process "([^"]+)" has stopped running after at most (\d+) seconds$/ do |process, time|
- next if @skip_steps_while_restoring_background
try_for(time.to_i, :msg => "Process '#{process}' is still running after " +
"waiting for #{time} seconds") do
- not @vm.has_process?(process)
+ not $vm.has_process?(process)
end
end
Given /^process "([^"]+)" is not running$/ do |process|
- next if @skip_steps_while_restoring_background
- assert(!@vm.has_process?(process),
+ assert(!$vm.has_process?(process),
"Process '#{process}' is running")
end
Given /^I kill the process "([^"]+)"$/ do |process|
- next if @skip_steps_while_restoring_background
- @vm.execute("killall #{process}")
+ $vm.execute("killall #{process}")
try_for(10, :msg => "Process '#{process}' could not be killed") {
- !@vm.has_process?(process)
+ !$vm.has_process?(process)
}
end
Then /^Tails eventually shuts down$/ do
- next if @skip_steps_while_restoring_background
nr_gibs_of_ram = (detected_ram_in_MiB.to_f/(2**10)).ceil
timeout = nr_gibs_of_ram*5*60
try_for(timeout, :msg => "VM is still running after #{timeout} seconds") do
- ! @vm.is_running?
+ ! $vm.is_running?
end
end
Then /^Tails eventually restarts$/ do
- next if @skip_steps_while_restoring_background
nr_gibs_of_ram = (detected_ram_in_MiB.to_f/(2**10)).ceil
@screen.wait('TailsBootSplash.png', nr_gibs_of_ram*5*60)
end
Given /^I shutdown Tails and wait for the computer to power off$/ do
- next if @skip_steps_while_restoring_background
- @vm.execute("poweroff")
+ $vm.execute("poweroff")
step 'Tails eventually shuts down'
end
When /^I request a shutdown using the emergency shutdown applet$/ do
- next if @skip_steps_while_restoring_background
@screen.hide_cursor
@screen.wait_and_click('TailsEmergencyShutdownButton.png', 10)
@screen.hide_cursor
@@ -536,12 +456,10 @@ When /^I request a shutdown using the emergency shutdown applet$/ do
end
When /^I warm reboot the computer$/ do
- next if @skip_steps_while_restoring_background
- @vm.execute("reboot")
+ $vm.execute("reboot")
end
When /^I request a reboot using the emergency shutdown applet$/ do
- next if @skip_steps_while_restoring_background
@screen.hide_cursor
@screen.wait_and_click('TailsEmergencyShutdownButton.png', 10)
@screen.hide_cursor
@@ -549,30 +467,25 @@ When /^I request a reboot using the emergency shutdown applet$/ do
end
Given /^package "([^"]+)" is installed$/ do |package|
- next if @skip_steps_while_restoring_background
- assert(@vm.execute("dpkg -s '#{package}' 2>/dev/null | grep -qs '^Status:.*installed$'").success?,
+ assert($vm.execute("dpkg -s '#{package}' 2>/dev/null | grep -qs '^Status:.*installed$'").success?,
"Package '#{package}' is not installed")
end
When /^I start the Tor Browser$/ do
- next if @skip_steps_while_restoring_background
step 'I start "TorBrowser" via the GNOME "Internet" applications menu'
end
When /^I request a new identity using Torbutton$/ do
- next if @skip_steps_while_restoring_background
@screen.wait_and_click('TorButtonIcon.png', 30)
@screen.wait_and_click('TorButtonNewIdentity.png', 30)
end
When /^I acknowledge Torbutton's New Identity confirmation prompt$/ do
- next if @skip_steps_while_restoring_background
@screen.wait('GnomeQuestionDialogIcon.png', 30)
step 'I type "y"'
end
When /^I start the Tor Browser in offline mode$/ do
- next if @skip_steps_while_restoring_background
step "I start the Tor Browser"
case @theme
when "windows"
@@ -585,7 +498,7 @@ When /^I start the Tor Browser in offline mode$/ do
end
def xul_application_info(application)
- binary = @vm.execute_successfully(
+ binary = $vm.execute_successfully(
'. /usr/local/lib/tails-shell-library/tor-browser.sh; ' +
'echo ${TBB_INSTALL}/firefox'
).stdout.chomp
@@ -627,14 +540,12 @@ def xul_application_info(application)
end
When /^I open a new tab in the (.*)$/ do |browser|
- next if @skip_steps_while_restoring_background
info = xul_application_info(browser)
@screen.click(info[:new_tab_button_image])
@screen.wait(info[:address_bar_image], 10)
end
When /^I open the address "([^"]*)" in the (.*)$/ do |address, browser|
- next if @skip_steps_while_restoring_background
step "I open a new tab in the #{browser}"
info = xul_application_info(browser)
open_address = Proc.new do
@@ -656,7 +567,6 @@ When /^I open the address "([^"]*)" in the (.*)$/ do |address, browser|
end
Then /^the (.*) has no plugins installed$/ do |browser|
- next if @skip_steps_while_restoring_background
step "I open the address \"about:plugins\" in the #{browser}"
step "I see \"TorBrowserNoPlugins.png\" after at most 30 seconds"
end
@@ -665,17 +575,17 @@ def xul_app_shared_lib_check(pid, chroot)
expected_absent_tbb_libs = ['libnssdbm3.so']
absent_tbb_libs = []
unwanted_native_libs = []
- tbb_libs = @vm.execute_successfully(
+ tbb_libs = $vm.execute_successfully(
". /usr/local/lib/tails-shell-library/tor-browser.sh; " +
"ls -1 #{chroot}${TBB_INSTALL}/*.so"
).stdout.split
- firefox_pmap_info = @vm.execute("pmap #{pid}").stdout
+ firefox_pmap_info = $vm.execute("pmap #{pid}").stdout
for lib in tbb_libs do
lib_name = File.basename lib
if not /\W#{lib}$/.match firefox_pmap_info
absent_tbb_libs << lib_name
end
- native_libs = @vm.execute_successfully(
+ native_libs = $vm.execute_successfully(
"find /usr/lib /lib -name \"#{lib_name}\""
).stdout.split
for native_lib in native_libs do
@@ -693,35 +603,31 @@ def xul_app_shared_lib_check(pid, chroot)
end
Then /^the (.*) uses all expected TBB shared libraries$/ do |application|
- next if @skip_steps_while_restoring_background
info = xul_application_info(application)
- pid = @vm.execute_successfully("pgrep --uid #{info[:user]} --full --exact '#{info[:cmd_regex]}'").stdout.chomp
+ pid = $vm.execute_successfully("pgrep --uid #{info[:user]} --full --exact '#{info[:cmd_regex]}'").stdout.chomp
assert(/\A\d+\z/.match(pid), "It seems like #{application} is not running")
xul_app_shared_lib_check(pid, info[:chroot])
end
Then /^the (.*) chroot is torn down$/ do |browser|
- next if @skip_steps_while_restoring_background
info = xul_application_info(browser)
try_for(30, :msg => "The #{browser} chroot '#{info[:chroot]}' was " \
"not removed") do
- !@vm.execute("test -d '#{info[:chroot]}'").success?
+ !$vm.execute("test -d '#{info[:chroot]}'").success?
end
end
Then /^the (.*) runs as the expected user$/ do |browser|
- next if @skip_steps_while_restoring_background
info = xul_application_info(browser)
- assert_vmcommand_success(@vm.execute(
+ assert_vmcommand_success($vm.execute(
"pgrep --full --exact '#{info[:cmd_regex]}'"),
"The #{browser} is not running")
- assert_vmcommand_success(@vm.execute(
+ assert_vmcommand_success($vm.execute(
"pgrep --uid #{info[:user]} --full --exact '#{info[:cmd_regex]}'"),
"The #{browser} is not running as the #{info[:user]} user")
end
Given /^I add a wired DHCP NetworkManager connection called "([^"]+)"$/ do |con_name|
- next if @skip_steps_while_restoring_background
con_content = <<EOF
[802-3-ethernet]
duplex=full
@@ -739,32 +645,29 @@ method=auto
method=auto
EOF
con_content.split("\n").each do |line|
- @vm.execute("echo '#{line}' >> /tmp/NM.#{con_name}")
+ $vm.execute("echo '#{line}' >> /tmp/NM.#{con_name}")
end
- @vm.execute("install -m 0600 '/tmp/NM.#{con_name}' '/etc/NetworkManager/system-connections/#{con_name}'")
+ $vm.execute("install -m 0600 '/tmp/NM.#{con_name}' '/etc/NetworkManager/system-connections/#{con_name}'")
try_for(10) {
- nm_con_list = @vm.execute("nmcli --terse --fields NAME con list").stdout
+ nm_con_list = $vm.execute("nmcli --terse --fields NAME con list").stdout
nm_con_list.split("\n").include? "#{con_name}"
}
end
Given /^I switch to the "([^"]+)" NetworkManager connection$/ do |con_name|
- next if @skip_steps_while_restoring_background
- @vm.execute("nmcli con up id #{con_name}")
+ $vm.execute("nmcli con up id #{con_name}")
try_for(60) {
- @vm.execute("nmcli --terse --fields NAME,STATE con status").stdout.chomp == "#{con_name}:activated"
+ $vm.execute("nmcli --terse --fields NAME,STATE con status").stdout.chomp == "#{con_name}:activated"
}
end
When /^I start and focus GNOME Terminal$/ do
- next if @skip_steps_while_restoring_background
step 'I start "Terminal" via the GNOME "Accessories" applications menu'
@screen.wait_and_click('GnomeTerminalWindow.png', 20)
end
When /^I run "([^"]+)" in GNOME Terminal$/ do |command|
- next if @skip_steps_while_restoring_background
- if !@vm.has_process?("gnome-terminal")
+ if !$vm.has_process?("gnome-terminal")
step "I start and focus GNOME Terminal"
else
@screen.wait_and_click('GnomeTerminalWindow.png', 20)
@@ -773,44 +676,38 @@ When /^I run "([^"]+)" in GNOME Terminal$/ do |command|
end
When /^the file "([^"]+)" exists(?:| after at most (\d+) seconds)$/ do |file, timeout|
- next if @skip_steps_while_restoring_background
timeout = 0 if timeout.nil?
try_for(
timeout.to_i,
:msg => "The file #{file} does not exist after #{timeout} seconds"
) {
- @vm.file_exist?(file)
+ $vm.file_exist?(file)
}
end
When /^the file "([^"]+)" does not exist$/ do |file|
- next if @skip_steps_while_restoring_background
- assert(! (@vm.file_exist?(file)))
+ assert(! ($vm.file_exist?(file)))
end
When /^the directory "([^"]+)" exists$/ do |directory|
- next if @skip_steps_while_restoring_background
- assert(@vm.directory_exist?(directory))
+ assert($vm.directory_exist?(directory))
end
When /^the directory "([^"]+)" does not exist$/ do |directory|
- next if @skip_steps_while_restoring_background
- assert(! (@vm.directory_exist?(directory)))
+ assert(! ($vm.directory_exist?(directory)))
end
When /^I copy "([^"]+)" to "([^"]+)" as user "([^"]+)"$/ do |source, destination, user|
- next if @skip_steps_while_restoring_background
- c = @vm.execute("cp \"#{source}\" \"#{destination}\"", LIVE_USER)
+ c = $vm.execute("cp \"#{source}\" \"#{destination}\"", LIVE_USER)
assert(c.success?, "Failed to copy file:\n#{c.stdout}\n#{c.stderr}")
end
def is_persistent?(app)
conf = get_persistence_presets(true)["#{app}"]
- @vm.execute("findmnt --noheadings --output SOURCE --target '#{conf}'").success?
+ $vm.execute("findmnt --noheadings --output SOURCE --target '#{conf}'").success?
end
Then /^persistence for "([^"]+)" is (|not )enabled$/ do |app, enabled|
- next if @skip_steps_while_restoring_background
case enabled
when ''
assert(is_persistent?(app), "Persistence should be enabled.")
@@ -819,23 +716,8 @@ Then /^persistence for "([^"]+)" is (|not )enabled$/ do |app, enabled|
end
end
-Given /^the USB drive "([^"]+)" contains Tails with persistence configured and password "([^"]+)"$/ do |drive, password|
- step "a computer"
- step "I start Tails from DVD with network unplugged and I login"
- step "I create a 4 GiB disk named \"#{drive}\""
- step "I plug USB drive \"#{drive}\""
- step "I \"Clone & Install\" Tails to USB drive \"#{drive}\""
- step "there is no persistence partition on USB drive \"#{drive}\""
- step "I shutdown Tails and wait for the computer to power off"
- step "a computer"
- step "I start Tails from USB drive \"#{drive}\" with network unplugged and I login"
- step "I create a persistent partition with password \"#{password}\""
- step "a Tails persistence partition with password \"#{password}\" exists on USB drive \"#{drive}\""
- step "I shutdown Tails and wait for the computer to power off"
-end
-
def gnome_app_menu_click_helper(click_me, verify_me = nil)
- try_for(60) do
+ try_for(30) do
@screen.hide_cursor
@screen.wait_and_click(click_me, 10)
@screen.wait(verify_me, 10) if verify_me
@@ -844,7 +726,6 @@ def gnome_app_menu_click_helper(click_me, verify_me = nil)
end
Given /^I start "([^"]+)" via the GNOME "([^"]+)" applications menu$/ do |app, submenu|
- next if @skip_steps_while_restoring_background
case @theme
when "windows"
prefix = 'Windows'
@@ -854,13 +735,21 @@ Given /^I start "([^"]+)" via the GNOME "([^"]+)" applications menu$/ do |app, s
menu_button = prefix + "ApplicationsMenu.png"
sub_menu_entry = prefix + "Applications" + submenu + ".png"
application_entry = prefix + "Applications" + app + ".png"
- gnome_app_menu_click_helper(menu_button, sub_menu_entry)
- gnome_app_menu_click_helper(sub_menu_entry, application_entry)
- gnome_app_menu_click_helper(application_entry)
+ try_for(120) do
+ begin
+ gnome_app_menu_click_helper(menu_button, sub_menu_entry)
+ gnome_app_menu_click_helper(sub_menu_entry, application_entry)
+ gnome_app_menu_click_helper(application_entry)
+ rescue Exception => e
+ # Close menu, if still open
+ @screen.type(Sikuli::Key.ESC)
+ raise e
+ end
+ true
+ end
end
Given /^I start "([^"]+)" via the GNOME "([^"]+)"\/"([^"]+)" applications menu$/ do |app, submenu, subsubmenu|
- next if @skip_steps_while_restoring_background
case @theme
when "windows"
prefix = 'Windows'
@@ -871,19 +760,26 @@ Given /^I start "([^"]+)" via the GNOME "([^"]+)"\/"([^"]+)" applications menu$/
sub_menu_entry = prefix + "Applications" + submenu + ".png"
sub_sub_menu_entry = prefix + "Applications" + subsubmenu + ".png"
application_entry = prefix + "Applications" + app + ".png"
- gnome_app_menu_click_helper(menu_button, sub_menu_entry)
- gnome_app_menu_click_helper(sub_menu_entry, sub_sub_menu_entry)
- gnome_app_menu_click_helper(sub_sub_menu_entry, application_entry)
- gnome_app_menu_click_helper(application_entry)
+ try_for(120) do
+ begin
+ gnome_app_menu_click_helper(menu_button, sub_menu_entry)
+ gnome_app_menu_click_helper(sub_menu_entry, sub_sub_menu_entry)
+ gnome_app_menu_click_helper(sub_sub_menu_entry, application_entry)
+ gnome_app_menu_click_helper(application_entry)
+ rescue Exception => e
+ # Close menu, if still open
+ @screen.type(Sikuli::Key.ESC)
+ raise e
+ end
+ true
+ end
end
When /^I type "([^"]+)"$/ do |string|
- next if @skip_steps_while_restoring_background
@screen.type(string)
end
When /^I press the "([^"]+)" key$/ do |key|
- next if @skip_steps_while_restoring_background
begin
@screen.type(eval("Sikuli::Key.#{key}"))
rescue RuntimeError
@@ -892,7 +788,6 @@ When /^I press the "([^"]+)" key$/ do |key|
end
Then /^the (amnesiac|persistent) Tor Browser directory (exists|does not exist)$/ do |persistent_or_not, mode|
- next if @skip_steps_while_restoring_background
case persistent_or_not
when "amnesiac"
dir = "/home/#{LIVE_USER}/Tor Browser"
@@ -903,7 +798,6 @@ Then /^the (amnesiac|persistent) Tor Browser directory (exists|does not exist)$/
end
Then /^there is a GNOME bookmark for the (amnesiac|persistent) Tor Browser directory$/ do |persistent_or_not|
- next if @skip_steps_while_restoring_background
case persistent_or_not
when "amnesiac"
bookmark_image = 'TorBrowserAmnesicFilesBookmark.png'
@@ -916,47 +810,42 @@ Then /^there is a GNOME bookmark for the (amnesiac|persistent) Tor Browser direc
end
Then /^there is no GNOME bookmark for the persistent Tor Browser directory$/ do
- next if @skip_steps_while_restoring_background
- @screen.wait_and_click('GnomePlaces.png', 10)
- @screen.wait("GnomePlacesWithoutTorBrowserPersistent.png", 40)
- @screen.type(Sikuli::Key.ESC)
+ try_for(65) do
+ @screen.wait_and_click('GnomePlaces.png', 10)
+ @screen.wait("GnomePlacesWithoutTorBrowserPersistent.png", 10)
+ @screen.type(Sikuli::Key.ESC)
+ end
end
def pulseaudio_sink_inputs
- pa_info = @vm.execute_successfully('pacmd info', LIVE_USER).stdout
+ pa_info = $vm.execute_successfully('pacmd info', LIVE_USER).stdout
sink_inputs_line = pa_info.match(/^\d+ sink input\(s\) available\.$/)[0]
return sink_inputs_line.match(/^\d+/)[0].to_i
end
When /^(no|\d+) application(?:s?) (?:is|are) playing audio(?:| after (\d+) seconds)$/ do |nb, wait_time|
- next if @skip_steps_while_restoring_background
nb = 0 if nb == "no"
sleep wait_time.to_i if ! wait_time.nil?
assert_equal(nb.to_i, pulseaudio_sink_inputs)
end
When /^I double-click on the "Tails documentation" link on the Desktop$/ do
- next if @skip_steps_while_restoring_background
@screen.wait_and_double_click("DesktopTailsDocumentationIcon.png", 10)
end
When /^I click the blocked video icon$/ do
- next if @skip_steps_while_restoring_background
@screen.wait_and_click("TorBrowserBlockedVideo.png", 30)
end
When /^I accept to temporarily allow playing this video$/ do
- next if @skip_steps_while_restoring_background
@screen.wait_and_click("TorBrowserOkButton.png", 10)
end
When /^I click the HTML5 play button$/ do
- next if @skip_steps_while_restoring_background
@screen.wait_and_click("TorBrowserHtml5PlayButton.png", 30)
end
When /^I (can|cannot) save the current page as "([^"]+[.]html)" to the (.*) directory$/ do |should_work, output_file, output_dir|
- next if @skip_steps_while_restoring_background
should_work = should_work == 'can' ? true : false
@screen.type("s", Sikuli::KeyModifier.CTRL)
@screen.wait("TorBrowserSaveDialog.png", 10)
@@ -979,7 +868,7 @@ When /^I (can|cannot) save the current page as "([^"]+[.]html)" to the (.*) dire
@screen.type(Sikuli::Key.ENTER)
if should_work
try_for(10, :msg => "The page was not saved to #{output_dir}/#{output_file}") {
- @vm.file_exist?("#{output_dir}/#{output_file}")
+ $vm.file_exist?("#{output_dir}/#{output_file}")
}
else
@screen.wait("TorBrowserCannotSavePage.png", 10)
@@ -987,7 +876,6 @@ When /^I (can|cannot) save the current page as "([^"]+[.]html)" to the (.*) dire
end
When /^I can print the current page as "([^"]+[.]pdf)" to the (default downloads|persistent Tor Browser) directory$/ do |output_file, output_dir|
- next if @skip_steps_while_restoring_background
if output_dir == "persistent Tor Browser"
output_dir = "/home/#{LIVE_USER}/Persistent/Tor Browser"
else
@@ -1008,17 +896,15 @@ When /^I can print the current page as "([^"]+[.]pdf)" to the (default downloads
# so we type only the desired file's basename to replace it
@screen.type(output_dir + '/' + output_file.sub(/[.]pdf$/, '') + Sikuli::Key.ENTER)
try_for(30, :msg => "The page was not printed to #{output_dir}/#{output_file}") {
- @vm.file_exist?("#{output_dir}/#{output_file}")
+ $vm.file_exist?("#{output_dir}/#{output_file}")
}
end
When /^I accept to import the key with Seahorse$/ do
- next if @skip_steps_while_restoring_background
@screen.wait_and_click("TorBrowserOkButton.png", 10)
end
Given /^a web server is running on the LAN$/ do
- next if @skip_steps_while_restoring_background
web_server_ip_addr = $vmnet.bridge_ip_addr
web_server_port = 8000
@web_server_url = "http://#{web_server_ip_addr}:#{web_server_port}"
@@ -1060,14 +946,13 @@ EOF
# this forces us to capture traffic *after* this step in case
# accessing this server matters, like when testing the Tor Browser..
try_for(30, :msg => "Something is wrong with the LAN web server") do
- msg = @vm.execute_successfully("curl #{@web_server_url}",
+ msg = $vm.execute_successfully("curl #{@web_server_url}",
LIVE_USER).stdout.chomp
web_server_hello_msg == msg
end
end
When /^I open a page on the LAN web server in the (.*)$/ do |browser|
- next if @skip_steps_while_restoring_background
step "I open the address \"#{@web_server_url}\" in the #{browser}"
end
@@ -1079,7 +964,7 @@ def force_new_tor_circuit(with_vidalia=nil)
step 'process "vidalia" is running'
rescue Test::Unit::AssertionFailedError
debug_log("Vidalia was not running. Attempting to start Vidalia...")
- @vm.spawn('restart-vidalia')
+ $vm.spawn('restart-vidalia')
step 'process "vidalia" is running within 15 seconds'
end
# Sometimes Sikuli gets confused and recognizes the yellow-colored vidalia systray
@@ -1100,12 +985,11 @@ def force_new_tor_circuit(with_vidalia=nil)
@screen.wait('VidaliaNewIdentityNotification.png', 20)
@screen.waitVanish('VidaliaNewIdentityNotification.png', 60)
else
- @vm.execute_successfully('. /usr/local/lib/tails-shell-library/tor.sh; tor_control_send "signal NEWNYM"')
+ $vm.execute_successfully('. /usr/local/lib/tails-shell-library/tor.sh; tor_control_send "signal NEWNYM"')
end
end
Given /^I wait (?:between (\d+) and )?(\d+) seconds$/ do |min, max|
- next if @skip_steps_while_restoring_background
if min
time = rand(max.to_i - min.to_i + 1) + min.to_i
else
@@ -1116,26 +1000,24 @@ Given /^I wait (?:between (\d+) and )?(\d+) seconds$/ do |min, max|
end
Given /^I (?:re)?start monitoring the AppArmor log of "([^"]+)"$/ do |profile|
- next if @skip_steps_while_restoring_background
# AppArmor log entries may be dropped if printk rate limiting is
# enabled.
- @vm.execute_successfully('sysctl -w kernel.printk_ratelimit=0')
+ $vm.execute_successfully('sysctl -w kernel.printk_ratelimit=0')
# We will only care about entries for this profile from this time
# and on.
- guest_time = DateTime.parse(@vm.execute_successfully('date').stdout)
+ guest_time = DateTime.parse($vm.execute_successfully('date').stdout)
@apparmor_profile_monitoring_start ||= Hash.new
@apparmor_profile_monitoring_start[profile] = guest_time
end
When /^AppArmor has (not )?denied "([^"]+)" from opening "([^"]+)"(?: after at most (\d+) seconds)?$/ do |anti_test, profile, file, time|
- next if @skip_steps_while_restoring_background
assert(@apparmor_profile_monitoring_start &&
@apparmor_profile_monitoring_start[profile],
"It seems the profile '#{profile}' isn't being monitored by the " +
"'I monitor the AppArmor log of ...' step")
audit_line_regex = 'apparmor="DENIED" operation="open" profile="%s" name="%s"' % [profile, file]
block = Proc.new do
- audit_lines = @vm.execute("grep -F '#{audit_line_regex}' /var/log/syslog").stdout.split("\n")
+ audit_lines = $vm.execute("grep -F '#{audit_line_regex}' /var/log/syslog").stdout.split("\n")
audit_lines.select! do |line|
DateTime.parse(line) >= @apparmor_profile_monitoring_start[profile]
end
@@ -1154,6 +1036,5 @@ When /^AppArmor has (not )?denied "([^"]+)" from opening "([^"]+)"(?: after at m
end
Then /^I force Tor to use a new circuit( in Vidalia)?$/ do |with_vidalia|
- next if @skip_steps_while_restoring_background
force_new_tor_circuit(with_vidalia)
end
diff --git a/features/step_definitions/dhcp.rb b/features/step_definitions/dhcp.rb
index 78ee8f2..741d9d1 100644
--- a/features/step_definitions/dhcp.rb
+++ b/features/step_definitions/dhcp.rb
@@ -1,6 +1,5 @@
Then /^the hostname should not have been leaked on the network$/ do
- next if @skip_steps_while_restoring_background
- hostname = @vm.execute("hostname").stdout.chomp
+ hostname = $vm.execute("hostname").stdout.chomp
packets = PacketFu::PcapFile.new.file_to_array(:filename => @sniffer.pcap_file)
packets.each do |p|
# if PacketFu::TCPPacket.can_parse?(p)
diff --git a/features/step_definitions/electrum.rb b/features/step_definitions/electrum.rb
index 658a4a9..f52d978 100644
--- a/features/step_definitions/electrum.rb
+++ b/features/step_definitions/electrum.rb
@@ -1,10 +1,8 @@
Then /^I start Electrum through the GNOME menu$/ do
- next if @skip_steps_while_restoring_background
step "I start \"Electrum\" via the GNOME \"Internet\" applications menu"
end
When /^a bitcoin wallet is (|not )present$/ do |existing|
- next if @skip_steps_while_restoring_background
wallet = "/home/#{LIVE_USER}/.electrum/wallets/default_wallet"
case existing
when ""
@@ -17,7 +15,6 @@ When /^a bitcoin wallet is (|not )present$/ do |existing|
end
When /^I create a new bitcoin wallet$/ do
- next if @skip_steps_while_restoring_background
@screen.wait("ElectrumNoWallet.png", 10)
@screen.wait_and_click("ElectrumNextButton.png", 10)
@screen.wait("ElectrumWalletGenerationSeed.png", 15)
@@ -38,21 +35,17 @@ When /^I create a new bitcoin wallet$/ do
end
Then /^I see a warning that Electrum is not persistent$/ do
- next if @skip_steps_while_restoring_background
@screen.wait('GnomeQuestionDialogIcon.png', 30)
end
Then /^I am prompted to create a new wallet$/ do
- next if @skip_steps_while_restoring_background
@screen.wait('ElectrumNoWallet.png', 60)
end
Then /^I see the main Electrum client window$/ do
- next if @skip_steps_while_restoring_background
@screen.wait('ElectrumPreferencesButton.png', 20)
end
Then /^Electrum successfully connects to the network$/ do
- next if @skip_steps_while_restoring_background
@screen.wait('ElectrumStatus.png', 180)
end
diff --git a/features/step_definitions/encryption.rb b/features/step_definitions/encryption.rb
index f84111e..18430b8 100644
--- a/features/step_definitions/encryption.rb
+++ b/features/step_definitions/encryption.rb
@@ -11,7 +11,6 @@ end
Given /^I generate an OpenPGP key named "([^"]+)" with password "([^"]+)"$/ do |name, pwd|
@passphrase = pwd
@key_name = name
- next if @skip_steps_while_restoring_background
gpg_key_recipie = <<EOF
Key-Type: RSA
Key-Length: 4096
@@ -25,14 +24,13 @@ Given /^I generate an OpenPGP key named "([^"]+)" with password "([^"]+)"$/ do |
%commit
EOF
gpg_key_recipie.split("\n").each do |line|
- @vm.execute("echo '#{line}' >> /tmp/gpg_key_recipie", LIVE_USER)
+ $vm.execute("echo '#{line}' >> /tmp/gpg_key_recipie", LIVE_USER)
end
- c = @vm.execute("gpg --batch --gen-key < /tmp/gpg_key_recipie", LIVE_USER)
+ c = $vm.execute("gpg --batch --gen-key < /tmp/gpg_key_recipie", LIVE_USER)
assert(c.success?, "Failed to generate OpenPGP key:\n#{c.stderr}")
end
When /^I type a message into gedit$/ do
- next if @skip_steps_while_restoring_background
step 'I start "Gedit" via the GNOME "Accessories" applications menu'
@screen.wait_and_click("GeditWindow.png", 10)
sleep 0.5
@@ -80,33 +78,28 @@ def decrypt_verify_helper(icon)
end
When /^I encrypt the message using my OpenPGP key$/ do
- next if @skip_steps_while_restoring_background
encrypt_sign_helper do
@screen.type(@key_name + Sikuli::Key.ENTER + Sikuli::Key.ENTER)
end
end
Then /^I can decrypt the encrypted message$/ do
- next if @skip_steps_while_restoring_background
decrypt_verify_helper("GpgAppletIconEncrypted.png")
@screen.wait("GpgAppletResultsEncrypted.png", 10)
end
When /^I sign the message using my OpenPGP key$/ do
- next if @skip_steps_while_restoring_background
encrypt_sign_helper do
@screen.type(Sikuli::Key.TAB + Sikuli::Key.DOWN + Sikuli::Key.ENTER)
end
end
Then /^I can verify the message's signature$/ do
- next if @skip_steps_while_restoring_background
decrypt_verify_helper("GpgAppletIconSigned.png")
@screen.wait("GpgAppletResultsSigned.png", 10)
end
When /^I both encrypt and sign the message using my OpenPGP key$/ do
- next if @skip_steps_while_restoring_background
encrypt_sign_helper do
@screen.type(@key_name + Sikuli::Key.ENTER)
@screen.type(Sikuli::Key.TAB + Sikuli::Key.DOWN + Sikuli::Key.ENTER)
@@ -114,7 +107,6 @@ When /^I both encrypt and sign the message using my OpenPGP key$/ do
end
Then /^I can decrypt and verify the encrypted message$/ do
- next if @skip_steps_while_restoring_background
decrypt_verify_helper("GpgAppletIconEncrypted.png")
@screen.wait("GpgAppletResultsEncrypted.png", 10)
@screen.wait("GpgAppletResultsSigned.png", 10)
@@ -122,7 +114,6 @@ end
When /^I symmetrically encrypt the message with password "([^"]+)"$/ do |pwd|
@passphrase = pwd
- next if @skip_steps_while_restoring_background
gedit_copy_all_text
seahorse_menu_click_helper('GpgAppletIconNormal.png', 'GpgAppletEncryptPassphrase.png')
maybe_deal_with_pinentry # enter password
diff --git a/features/step_definitions/erase_memory.rb b/features/step_definitions/erase_memory.rb
index fdc755b..1de93ae 100644
--- a/features/step_definitions/erase_memory.rb
+++ b/features/step_definitions/erase_memory.rb
@@ -1,5 +1,5 @@
def udev_watchdog_monitored_device
- ps_output = @vm.execute_successfully('ps -wweo cmd').stdout
+ ps_output = $vm.execute_successfully('ps -wweo cmd').stdout
udev_watchdog_cmd = '/usr/local/sbin/udev-watchdog'
# The regex below looks for a line like the following:
@@ -9,64 +9,58 @@ def udev_watchdog_monitored_device
assert_equal(ps_output_scan.count, 1, "There should be one udev-watchdog running.")
monitored_out = ps_output_scan.flatten[0]
assert(!monitored_out.nil?)
- monitored_device_id = @vm.file_content('/sys' + monitored_out + '/dev').chomp
+ monitored_device_id = $vm.file_content('/sys' + monitored_out + '/dev').chomp
monitored_device =
- @vm.execute_successfully(
+ $vm.execute_successfully(
"readlink -f /dev/block/'#{monitored_device_id}'").stdout.chomp
return monitored_device
end
Given /^udev-watchdog is monitoring the correct device$/ do
- next if @skip_steps_while_restoring_background
assert_equal(udev_watchdog_monitored_device, boot_device)
end
Given /^the computer is a modern 64-bit system$/ do
- next if @skip_steps_while_restoring_background
- @vm.set_arch("x86_64")
- @vm.drop_hypervisor_feature("nonpae")
- @vm.add_hypervisor_feature("pae")
+ $vm.set_arch("x86_64")
+ $vm.drop_hypervisor_feature("nonpae")
+ $vm.add_hypervisor_feature("pae")
end
Given /^the computer is an old pentium without the PAE extension$/ do
- next if @skip_steps_while_restoring_background
- @vm.set_arch("i686")
- @vm.drop_hypervisor_feature("pae")
+ $vm.set_arch("i686")
+ $vm.drop_hypervisor_feature("pae")
# libvirt claim the following feature doesn't exit even though
# it's listed in the hvm i686 capabilities...
-# @vm.add_hypervisor_feature("nonpae")
+# $vm.add_hypervisor_feature("nonpae")
# ... so we use a workaround until we can figure this one out.
- @vm.disable_pae_workaround
+ $vm.disable_pae_workaround
end
def which_kernel
- kernel_path = @vm.execute_successfully("tails-get-bootinfo kernel").stdout.chomp
+ kernel_path = $vm.execute_successfully("tails-get-bootinfo kernel").stdout.chomp
return File.basename(kernel_path)
end
Given /^the PAE kernel is running$/ do
- next if @skip_steps_while_restoring_background
kernel = which_kernel
assert_equal("vmlinuz2", kernel)
end
Given /^the non-PAE kernel is running$/ do
- next if @skip_steps_while_restoring_background
kernel = which_kernel
assert_equal("vmlinuz", kernel)
end
def used_ram_in_MiB
- return @vm.execute_successfully("free -m | awk '/^-\\/\\+ buffers\\/cache:/ { print $3 }'").stdout.chomp.to_i
+ return $vm.execute_successfully("free -m | awk '/^-\\/\\+ buffers\\/cache:/ { print $3 }'").stdout.chomp.to_i
end
def detected_ram_in_MiB
- return @vm.execute_successfully("free -m | awk '/^Mem:/ { print $2 }'").stdout.chomp.to_i
+ return $vm.execute_successfully("free -m | awk '/^Mem:/ { print $2 }'").stdout.chomp.to_i
end
Given /^at least (\d+) ([[:alpha:]]+) of RAM was detected$/ do |min_ram, unit|
@detected_ram_m = detected_ram_in_MiB
- next if @skip_steps_while_restoring_background
puts "Detected #{@detected_ram_m} MiB of RAM"
min_ram_m = convert_to_MiB(min_ram.to_i, unit)
# All RAM will not be reported by `free`, so we allow a 196 MB gap
@@ -86,7 +80,7 @@ def pattern_coverage_in_guest_ram
end
FileUtils.touch(dump)
FileUtils.chmod(0666, dump)
- @vm.domain.core_dump(dump)
+ $vm.domain.core_dump(dump)
patterns = IO.popen(['grep', '--text', '-c', 'wipe_didnt_work', dump]).gets.to_i
File.delete dump
# Pattern is 16 bytes long
@@ -99,10 +93,9 @@ end
Given /^I fill the guest's memory with a known pattern(| without verifying)$/ do |dont_verify|
verify = dont_verify.empty?
- next if @skip_steps_while_restoring_background
# Free some more memory by dropping the caches etc.
- @vm.execute_successfully("echo 3 > /proc/sys/vm/drop_caches")
+ $vm.execute_successfully("echo 3 > /proc/sys/vm/drop_caches")
# The (guest) kernel may freeze when approaching full memory without
# adjusting the OOM killer and memory overcommitment limitations.
@@ -112,13 +105,13 @@ Given /^I fill the guest's memory with a known pattern(| without verifying)$/ do
"echo 97 > /proc/sys/vm/overcommit_ratio",
"echo 0 > /proc/sys/vm/oom_kill_allocating_task",
"echo 0 > /proc/sys/vm/oom_dump_tasks"
- ].each { |c| @vm.execute_successfully(c) }
+ ].each { |c| $vm.execute_successfully(c) }
# The remote shell is sometimes OOM killed when we fill the memory,
# and since we depend on it after the memory fill we try to prevent
# that from happening.
- pid = @vm.pidof("tails-autotest-remote-shell")[0]
- @vm.execute_successfully("echo -17 > /proc/#{pid}/oom_adj")
+ pid = $vm.pidof("tails-autotest-remote-shell")[0]
+ $vm.execute_successfully("echo -17 > /proc/#{pid}/oom_adj")
used_mem_before_fill = used_ram_in_MiB
@@ -129,16 +122,16 @@ Given /^I fill the guest's memory with a known pattern(| without verifying)$/ do
# unnecessarily.
instances = (@detected_ram_m.to_f/(2**10)).ceil
instances.times do
- @vm.spawn('/usr/local/sbin/fillram; killall fillram', LIVE_USER)
+ $vm.spawn('/usr/local/sbin/fillram; killall fillram', LIVE_USER)
end
# We make sure that all fillram processes have started...
try_for(10, :msg => "all fillram processes didn't start", :delay => 0.1) do
- nr_fillram_procs = @vm.pidof("fillram").size
+ nr_fillram_procs = $vm.pidof("fillram").size
instances == nr_fillram_procs
end
# ... and prioritize OOM killing them.
- @vm.pidof("fillram").each do |pid|
- @vm.execute_successfully("echo 15 > /proc/#{pid}/oom_adj")
+ $vm.pidof("fillram").each do |pid|
+ $vm.execute_successfully("echo 15 > /proc/#{pid}/oom_adj")
end
prev_used_ram_ratio = -1
# ... and that it finishes
@@ -150,7 +143,7 @@ Given /^I fill the guest's memory with a known pattern(| without verifying)$/ do
debug_log("Memory fill progress: %3d%%" % used_ram_ratio)
prev_used_ram_ratio = used_ram_ratio
end
- ! @vm.has_process?("fillram")
+ ! $vm.has_process?("fillram")
end
debug_log("Memory fill progress: finished")
if verify
@@ -167,7 +160,6 @@ Given /^I fill the guest's memory with a known pattern(| without verifying)$/ do
end
Then /^I find very few patterns in the guest's memory$/ do
- next if @skip_steps_while_restoring_background
coverage = pattern_coverage_in_guest_ram()
max_coverage = 0.005
assert(coverage < max_coverage,
@@ -176,7 +168,6 @@ Then /^I find very few patterns in the guest's memory$/ do
end
Then /^I find many patterns in the guest's memory$/ do
- next if @skip_steps_while_restoring_background
coverage = pattern_coverage_in_guest_ram()
min_coverage = 0.7
assert(coverage > min_coverage,
@@ -185,14 +176,12 @@ Then /^I find many patterns in the guest's memory$/ do
end
When /^I reboot without wiping the memory$/ do
- next if @skip_steps_while_restoring_background
- @vm.reset
+ $vm.reset
@screen.wait('TailsBootSplash.png', 30)
end
When /^I shutdown and wait for Tails to finish wiping the memory$/ do
- next if @skip_steps_while_restoring_background
- @vm.execute_successfully("halt")
+ $vm.execute_successfully("halt")
nr_gibs_of_ram = (@detected_ram_m.to_f/(2**10)).ceil
try_for(nr_gibs_of_ram*5*60, { :msg => "memory wipe didn't finish, probably the VM crashed" }) do
# We spam keypresses to prevent console blanking from hiding the
diff --git a/features/step_definitions/evince.rb b/features/step_definitions/evince.rb
index 36bc554..5cca4f0 100644
--- a/features/step_definitions/evince.rb
+++ b/features/step_definitions/evince.rb
@@ -1,10 +1,8 @@
When /^I(?:| try to) open "([^"]+)" with Evince$/ do |filename|
- next if @skip_steps_while_restoring_background
step "I run \"evince #{filename}\" in GNOME Terminal"
end
Then /^I can print the current document to "([^"]+)"$/ do |output_file|
- next if @skip_steps_while_restoring_background
@screen.type("p", Sikuli::KeyModifier.CTRL)
@screen.wait("EvincePrintDialog.png", 10)
@screen.wait_and_click("PrintToFile.png", 10)
@@ -15,12 +13,11 @@ Then /^I can print the current document to "([^"]+)"$/ do |output_file|
# so we type only the desired file's basename to replace it
@screen.type(output_file.sub(/[.]pdf$/, '') + Sikuli::Key.ENTER)
try_for(10, :msg => "The document was not printed to #{output_file}") {
- @vm.file_exist?(output_file)
+ $vm.file_exist?(output_file)
}
end
When /^I close Evince$/ do
- next if @skip_steps_while_restoring_background
@screen.type("w", Sikuli::KeyModifier.CTRL)
step 'process "evince" has stopped running after at most 10 seconds'
end
diff --git a/features/step_definitions/firewall_leaks.rb b/features/step_definitions/firewall_leaks.rb
index 3af9268..1762c65 100644
--- a/features/step_definitions/firewall_leaks.rb
+++ b/features/step_definitions/firewall_leaks.rb
@@ -1,5 +1,4 @@
Then(/^the firewall leak detector has detected (.*?) leaks$/) do |type|
- next if @skip_steps_while_restoring_background
leaks = FirewallLeakCheck.new(@sniffer.pcap_file,
:accepted_hosts => get_all_tor_nodes)
case type.downcase
@@ -29,9 +28,8 @@ Then(/^the firewall leak detector has detected (.*?) leaks$/) do |type|
end
Given(/^I disable Tails' firewall$/) do
- next if @skip_steps_while_restoring_background
- @vm.execute("do_not_ever_run_me")
- iptables = @vm.execute("iptables -L -n -v").stdout.chomp.split("\n")
+ $vm.execute("do_not_ever_run_me")
+ iptables = $vm.execute("iptables -L -n -v").stdout.chomp.split("\n")
for line in iptables do
if !line[/Chain (INPUT|OUTPUT|FORWARD) \(policy ACCEPT/] and
!line[/pkts[[:blank:]]+bytes[[:blank:]]+target/] and
@@ -42,20 +40,17 @@ Given(/^I disable Tails' firewall$/) do
end
When(/^I do a TCP DNS lookup of "(.*?)"$/) do |host|
- next if @skip_steps_while_restoring_background
- lookup = @vm.execute("host -T #{host} #{SOME_DNS_SERVER}", LIVE_USER)
+ lookup = $vm.execute("host -T #{host} #{SOME_DNS_SERVER}", LIVE_USER)
assert(lookup.success?, "Failed to resolve #{host}:\n#{lookup.stdout}")
end
When(/^I do a UDP DNS lookup of "(.*?)"$/) do |host|
- next if @skip_steps_while_restoring_background
- lookup = @vm.execute("host #{host} #{SOME_DNS_SERVER}", LIVE_USER)
+ lookup = $vm.execute("host #{host} #{SOME_DNS_SERVER}", LIVE_USER)
assert(lookup.success?, "Failed to resolve #{host}:\n#{lookup.stdout}")
end
When(/^I send some ICMP pings$/) do
- next if @skip_steps_while_restoring_background
# We ping an IP address to avoid a DNS lookup
- ping = @vm.execute("ping -c 5 #{SOME_DNS_SERVER}", LIVE_USER)
+ ping = $vm.execute("ping -c 5 #{SOME_DNS_SERVER}", LIVE_USER)
assert(ping.success?, "Failed to ping #{SOME_DNS_SERVER}:\n#{ping.stderr}")
end
diff --git a/features/step_definitions/git.rb b/features/step_definitions/git.rb
index 10fc236..7513125 100644
--- a/features/step_definitions/git.rb
+++ b/features/step_definitions/git.rb
@@ -1,6 +1,5 @@
Then /^the Git repository "([\S]+)" has been cloned successfully$/ do |repo|
- next if @skip_steps_while_restoring_background
- assert(@vm.directory_exist?("/home/#{LIVE_USER}/#{repo}/.git"))
- assert(@vm.file_exist?("/home/#{LIVE_USER}/#{repo}/.git/config"))
- @vm.execute_successfully("cd '/home/#{LIVE_USER}/#{repo}/' && git status", LIVE_USER)
+ assert($vm.directory_exist?("/home/#{LIVE_USER}/#{repo}/.git"))
+ assert($vm.file_exist?("/home/#{LIVE_USER}/#{repo}/.git/config"))
+ $vm.execute_successfully("cd '/home/#{LIVE_USER}/#{repo}/' && git status", LIVE_USER)
end
diff --git a/features/step_definitions/i2p.rb b/features/step_definitions/i2p.rb
index 4a20afa..2cf42f6 100644
--- a/features/step_definitions/i2p.rb
+++ b/features/step_definitions/i2p.rb
@@ -1,52 +1,46 @@
Given /^I2P is running$/ do
- next if @skip_steps_while_restoring_background
try_for(30) do
- @vm.execute('service i2p status').success?
+ $vm.execute('service i2p status').success?
end
end
Given /^the I2P router console is ready$/ do
- next if @skip_steps_while_restoring_background
try_for(120) do
- @vm.execute('. /usr/local/lib/tails-shell-library/i2p.sh; ' +
+ $vm.execute('. /usr/local/lib/tails-shell-library/i2p.sh; ' +
'i2p_router_console_is_ready').success?
end
end
When /^I start the I2P Browser through the GNOME menu$/ do
- next if @skip_steps_while_restoring_background
step 'I start "I2PBrowser" via the GNOME "Internet" applications menu'
end
Then /^the I2P Browser desktop file is (|not )present$/ do |mode|
- next if @skip_steps_while_restoring_background
file = '/usr/share/applications/i2p-browser.desktop'
if mode == ''
- assert(@vm.execute("test -e #{file}").success?)
+ assert($vm.execute("test -e #{file}").success?)
elsif mode == 'not '
- assert(@vm.execute("! test -e #{file}").success?)
+ assert($vm.execute("! test -e #{file}").success?)
else
raise "Unsupported mode passed: '#{mode}'"
end
end
Then /^the I2P Browser sudo rules are (enabled|not present)$/ do |mode|
- next if @skip_steps_while_restoring_background
file = '/etc/sudoers.d/zzz_i2pbrowser'
if mode == 'enabled'
- assert(@vm.execute("test -e #{file}").success?)
+ assert($vm.execute("test -e #{file}").success?)
elsif mode == 'not present'
- assert(@vm.execute("! test -e #{file}").success?)
+ assert($vm.execute("! test -e #{file}").success?)
else
raise "Unsupported mode passed: '#{mode}'"
end
end
Then /^the I2P firewall rules are (enabled|disabled)$/ do |mode|
- next if @skip_steps_while_restoring_background
i2p_username = 'i2psvc'
- i2p_uid = @vm.execute("getent passwd #{i2p_username} | awk -F ':' '{print $3}'").stdout.chomp
- accept_rules = @vm.execute("iptables -L -n -v | grep -E '^\s+[0-9]+\s+[0-9]+\s+ACCEPT.*owner UID match #{i2p_uid}$'").stdout
+ i2p_uid = $vm.execute("getent passwd #{i2p_username} | awk -F ':' '{print $3}'").stdout.chomp
+ accept_rules = $vm.execute("iptables -L -n -v | grep -E '^\s+[0-9]+\s+[0-9]+\s+ACCEPT.*owner UID match #{i2p_uid}$'").stdout
accept_rules_count = accept_rules.lines.count
if mode == 'enabled'
assert_equal(13, accept_rules_count)
diff --git a/features/step_definitions/pidgin.rb b/features/step_definitions/pidgin.rb
index 7e29bfc..8e93ca8 100644
--- a/features/step_definitions/pidgin.rb
+++ b/features/step_definitions/pidgin.rb
@@ -22,18 +22,17 @@ def wait_and_focus(img, time = 10, window)
begin
@screen.wait(img, time)
rescue FindFailed
- @vm.focus_window(window)
+ $vm.focus_window(window)
@screen.wait(img, time)
end
end
def focus_pidgin_irc_conversation_window(account)
account = account.sub(/^irc\./, '')
- @vm.focus_window(".*#{Regexp.escape(account)}$")
+ $vm.focus_window(".*#{Regexp.escape(account)}$")
end
When /^I create my XMPP account$/ do
- next if @skip_steps_while_restoring_background
account = xmpp_account("Tails_account")
@screen.click("PidginAccountManagerAddButton.png")
@screen.wait("PidginAddAccountWindow.png", 20)
@@ -55,13 +54,11 @@ When /^I create my XMPP account$/ do
end
Then /^Pidgin automatically enables my XMPP account$/ do
- next if @skip_steps_while_restoring_background
- @vm.focus_window('Buddy List')
- @screen.wait("PidginAvailableStatus.png", 120)
+ $vm.focus_window('Buddy List')
+ @screen.wait("PidginAvailableStatus.png", 60*3)
end
Given /^my XMPP friend goes online( and joins the multi-user chat)?$/ do |join_chat|
- next if @skip_steps_while_restoring_background
account = xmpp_account("Friend_account", ["otr_key"])
bot_opts = account.select { |k, v| ["connect_server"].include?(k) }
if join_chat
@@ -72,13 +69,12 @@ Given /^my XMPP friend goes online( and joins the multi-user chat)?$/ do |join_c
account["password"], account["otr_key"], bot_opts)
@chatbot.start
add_after_scenario_hook { @chatbot.stop }
- @vm.focus_window('Buddy List')
+ $vm.focus_window('Buddy List')
@screen.wait("PidginFriendOnline.png", 60)
end
When /^I start a conversation with my friend$/ do
- next if @skip_steps_while_restoring_background
- @vm.focus_window('Buddy List')
+ $vm.focus_window('Buddy List')
# Clicking the middle, bottom of this image should query our
# friend, given it's the only subscribed user that's online, which
# we assume.
@@ -94,44 +90,39 @@ When /^I start a conversation with my friend$/ do
end
And /^I say something to my friend( in the multi-user chat)?$/ do |multi_chat|
- next if @skip_steps_while_restoring_background
msg = "ping" + Sikuli::Key.ENTER
if multi_chat
- @vm.focus_window(@chat_room_jid.split("@").first)
+ $vm.focus_window(@chat_room_jid.split("@").first)
msg = @friend_name + ": " + msg
else
- @vm.focus_window(@friend_name)
+ $vm.focus_window(@friend_name)
end
@screen.type(msg)
end
Then /^I receive a response from my friend( in the multi-user chat)?$/ do |multi_chat|
- next if @skip_steps_while_restoring_background
if multi_chat
- @vm.focus_window(@chat_room_jid.split("@").first)
+ $vm.focus_window(@chat_room_jid.split("@").first)
else
- @vm.focus_window(@friend_name)
+ $vm.focus_window(@friend_name)
end
@screen.wait("PidginFriendExpectedAnswer.png", 20)
end
When /^I start an OTR session with my friend$/ do
- next if @skip_steps_while_restoring_background
- @vm.focus_window(@friend_name)
+ $vm.focus_window(@friend_name)
@screen.click("PidginConversationOTRMenu.png")
@screen.hide_cursor
@screen.click("PidginOTRMenuStartSession.png")
end
Then /^Pidgin automatically generates an OTR key$/ do
- next if @skip_steps_while_restoring_background
@screen.wait("PidginOTRKeyGenPrompt.png", 30)
@screen.wait_and_click("PidginOTRKeyGenPromptDoneButton.png", 30)
end
Then /^an OTR session was successfully started with my friend$/ do
- next if @skip_steps_while_restoring_background
- @vm.focus_window(@friend_name)
+ $vm.focus_window(@friend_name)
@screen.wait("PidginConversationOTRUnverifiedSessionStarted.png", 10)
end
@@ -139,8 +130,7 @@ end
# up messages/events from other users with the ones we expect from the
# bot.
When /^I join some empty multi-user chat$/ do
- next if @skip_steps_while_restoring_background
- @vm.focus_window('Buddy List')
+ $vm.focus_window('Buddy List')
@screen.click("PidginBuddiesMenu.png")
@screen.wait_and_click("PidginBuddiesMenuJoinChat.png", 10)
@screen.wait_and_click("PidginJoinChatWindow.png", 10)
@@ -160,7 +150,7 @@ When /^I join some empty multi-user chat$/ do
@screen.type("a", Sikuli::KeyModifier.CTRL)
@screen.type("c", Sikuli::KeyModifier.CTRL)
conference_server =
- @vm.execute_successfully("xclip -o", LIVE_USER).stdout.chomp
+ $vm.execute_successfully("xclip -o", LIVE_USER).stdout.chomp
@chat_room_jid = chat_room + "@" + conference_server
@screen.click("PidginJoinChatButton.png")
@@ -173,7 +163,7 @@ When /^I join some empty multi-user chat$/ do
if image_found == "PidginCreateNewRoomPrompt.png"
@screen.click("PidginCreateNewRoomAcceptDefaultsButton.png")
end
- @vm.focus_window(@chat_room_jid)
+ $vm.focus_window(@chat_room_jid)
@screen.wait("PidginChat1UserInRoom.png", 10)
end
@@ -181,21 +171,19 @@ end
# it's safer to clear it so we do not get false positives from old
# messages when looking for a particular response, or similar.
When /^I clear the multi-user chat's scrollback$/ do
- next if @skip_steps_while_restoring_background
- @vm.focus_window(@chat_room_jid)
+ $vm.focus_window(@chat_room_jid)
@screen.click("PidginConversationMenu.png")
@screen.wait_and_click("PidginConversationMenuClearScrollback.png", 10)
end
Then /^I can see that my friend joined the multi-user chat$/ do
- next if @skip_steps_while_restoring_background
- @vm.focus_window(@chat_room_jid)
+ $vm.focus_window(@chat_room_jid)
@screen.wait("PidginChat2UsersInRoom.png", 60)
end
def configured_pidgin_accounts
accounts = Hash.new
- xml = REXML::Document.new(@vm.file_content('$HOME/.purple/accounts.xml',
+ xml = REXML::Document.new($vm.file_content('$HOME/.purple/accounts.xml',
LIVE_USER))
xml.elements.each("account/account") do |e|
account = e.elements["name"].text
@@ -238,11 +226,10 @@ def default_chan (account)
end
def pidgin_otr_keys
- return @vm.file_content('$HOME/.purple/otr.private_key', LIVE_USER)
+ return $vm.file_content('$HOME/.purple/otr.private_key', LIVE_USER)
end
Given /^Pidgin has the expected accounts configured with random nicknames$/ do
- next if @skip_steps_while_restoring_background
expected = [
["irc.oftc.net", "prpl-irc", "6697"],
["127.0.0.1", "prpl-irc", "6668"],
@@ -264,28 +251,23 @@ Given /^Pidgin has the expected accounts configured with random nicknames$/ do
end
When /^I start Pidgin through the GNOME menu$/ do
- next if @skip_steps_while_restoring_background
step 'I start "Pidgin" via the GNOME "Internet" applications menu'
end
When /^I open Pidgin's account manager window$/ do
- next if @skip_steps_while_restoring_background
@screen.type("a", Sikuli::KeyModifier.CTRL) # shortcut for "manage accounts"
step "I see Pidgin's account manager window"
end
When /^I see Pidgin's account manager window$/ do
- next if @skip_steps_while_restoring_background
@screen.wait("PidginAccountWindow.png", 40)
end
When /^I close Pidgin's account manager window$/ do
- next if @skip_steps_while_restoring_background
@screen.wait_and_click("PidginAccountManagerCloseButton.png", 10)
end
When /^I activate the "([^"]+)" Pidgin account$/ do |account|
- next if @skip_steps_while_restoring_background
@screen.click("PidginAccount_#{account}.png")
@screen.type(Sikuli::Key.LEFT + Sikuli::Key.SPACE)
# wait for the Pidgin to be connecting, otherwise sometimes the step
@@ -295,7 +277,6 @@ When /^I activate the "([^"]+)" Pidgin account$/ do |account|
end
Then /^Pidgin successfully connects to the "([^"]+)" account$/ do |account|
- next if @skip_steps_while_restoring_background
expected_channel_entry = chan_image(account, default_chan(account), 'roster')
reconnect_button = 'PidginReconnect.png'
recovery_on_failure = Proc.new do
@@ -303,7 +284,7 @@ Then /^Pidgin successfully connects to the "([^"]+)" account$/ do |account|
end
retry_tor(recovery_on_failure) do
begin
- @vm.focus_window('Buddy List')
+ $vm.focus_window('Buddy List')
rescue ExecutionFailedInVM
# Sometimes focusing the window with xdotool will fail with the
# conversation window right on top of it. We'll try to close the
@@ -318,7 +299,6 @@ Then /^Pidgin successfully connects to the "([^"]+)" account$/ do |account|
end
Then /^the "([^"]*)" account only responds to PING and VERSION CTCP requests$/ do |irc_server|
- next if @skip_steps_while_restoring_background
ctcp_cmds = [
"CLIENTINFO", "DATE", "ERRMSG", "FINGER", "PING", "SOURCE", "TIME",
"USERINFO", "VERSION"
@@ -334,7 +314,6 @@ Then /^the "([^"]*)" account only responds to PING and VERSION CTCP requests$/ d
end
Then /^I can join the "([^"]+)" channel on "([^"]+)"$/ do |channel, account|
- next if @skip_steps_while_restoring_background
@screen.doubleClick( chan_image(account, channel, 'roster'))
@screen.hide_cursor
focus_pidgin_irc_conversation_window(account)
@@ -354,17 +333,14 @@ Then /^I can join the "([^"]+)" channel on "([^"]+)"$/ do |channel, account|
end
Then /^I take note of the configured Pidgin accounts$/ do
- next if @skip_steps_while_restoring_background
@persistent_pidgin_accounts = configured_pidgin_accounts
end
Then /^I take note of the OTR key for Pidgin's "([^"]+)" account$/ do |account_name|
- next if @skip_steps_while_restoring_background
@persistent_pidgin_otr_keys = pidgin_otr_keys
end
Then /^Pidgin has the expected persistent accounts configured$/ do
- next if @skip_steps_while_restoring_background
current_accounts = configured_pidgin_accounts
assert(current_accounts <=> @persistent_pidgin_accounts,
"Currently configured Pidgin accounts do not match the persistent ones:\n" +
@@ -374,7 +350,6 @@ Then /^Pidgin has the expected persistent accounts configured$/ do
end
Then /^Pidgin has the expected persistent OTR keys$/ do
- next if @skip_steps_while_restoring_background
assert_equal(pidgin_otr_keys, @persistent_pidgin_otr_keys)
end
@@ -382,7 +357,7 @@ def pidgin_add_certificate_from (cert_file)
# Here, we need a certificate that is not already in the NSS database
step "I copy \"/usr/share/ca-certificates/spi-inc.org/spi-cacert-2008.crt\" to \"#{cert_file}\" as user \"amnesia\""
- @vm.focus_window('Buddy List')
+ $vm.focus_window('Buddy List')
@screen.wait_and_click('PidginToolsMenu.png', 10)
@screen.wait_and_click('PidginCertificatesMenuItem.png', 10)
@screen.wait('PidginCertificateManagerDialog.png', 10)
@@ -402,7 +377,6 @@ def pidgin_add_certificate_from (cert_file)
end
Then /^I can add a certificate from the "([^"]+)" directory to Pidgin$/ do |cert_dir|
- next if @skip_steps_while_restoring_background
pidgin_add_certificate_from("#{cert_dir}/test.crt")
wait_and_focus('PidginCertificateAddHostnameDialog.png', 10, 'Certificate Import')
@screen.type("XXX test XXX" + Sikuli::Key.ENTER)
@@ -410,7 +384,6 @@ Then /^I can add a certificate from the "([^"]+)" directory to Pidgin$/ do |cert
end
Then /^I cannot add a certificate from the "([^"]+)" directory to Pidgin$/ do |cert_dir|
- next if @skip_steps_while_restoring_background
pidgin_add_certificate_from("#{cert_dir}/test.crt")
wait_and_focus('PidginCertificateImportFailed.png', 10, 'Import Error')
end
diff --git a/features/step_definitions/root_access_control.rb b/features/step_definitions/root_access_control.rb
index 026fa8e..3cf0d36 100644
--- a/features/step_definitions/root_access_control.rb
+++ b/features/step_definitions/root_access_control.rb
@@ -1,21 +1,18 @@
Then /^I should be able to run administration commands as the live user$/ do
- next if @skip_steps_while_restoring_background
- stdout = @vm.execute("echo #{@sudo_password} | sudo -S whoami", LIVE_USER).stdout
+ stdout = $vm.execute("echo #{@sudo_password} | sudo -S whoami", LIVE_USER).stdout
actual_user = stdout.sub(/^\[sudo\] password for #{LIVE_USER}: /, "").chomp
assert_equal("root", actual_user, "Could not use sudo")
end
Then /^I should not be able to run administration commands as the live user with the "([^"]*)" password$/ do |password|
- next if @skip_steps_while_restoring_background
- stderr = @vm.execute("echo #{password} | sudo -S whoami", LIVE_USER).stderr
+ stderr = $vm.execute("echo #{password} | sudo -S whoami", LIVE_USER).stderr
sudo_failed = stderr.include?("The administration password is disabled") || stderr.include?("is not allowed to execute")
assert(sudo_failed, "The administration password is not disabled:" + stderr)
end
When /^running a command as root with pkexec requires PolicyKit administrator privileges$/ do
- next if @skip_steps_while_restoring_background
action = 'org.freedesktop.policykit.exec'
- action_details = @vm.execute("pkaction --verbose --action-id #{action}").stdout
+ action_details = $vm.execute("pkaction --verbose --action-id #{action}").stdout
assert(action_details[/\s+implicit any:\s+auth_admin$/],
"Expected 'auth_admin' for 'any':\n#{action_details}")
assert(action_details[/\s+implicit inactive:\s+auth_admin$/],
@@ -25,16 +22,14 @@ When /^running a command as root with pkexec requires PolicyKit administrator pr
end
Then /^I should be able to run a command as root with pkexec$/ do
- next if @skip_steps_while_restoring_background
step "I run \"pkexec touch /root/pkexec-test\" in GNOME Terminal"
step 'I enter the sudo password in the pkexec prompt'
try_for(10, :msg => 'The /root/pkexec-test file was not created.') {
- @vm.execute('ls /root/pkexec-test').success?
+ $vm.execute('ls /root/pkexec-test').success?
}
end
Then /^I should not be able to run a command as root with pkexec and the standard passwords$/ do
- next if @skip_steps_while_restoring_background
step "I run \"pkexec touch /root/pkexec-test\" in GNOME Terminal"
['', 'live'].each do |password|
step "I enter the \"#{password}\" password in the pkexec prompt"
diff --git a/features/step_definitions/snapshots.rb b/features/step_definitions/snapshots.rb
new file mode 100644
index 0000000..5e5de31
--- /dev/null
+++ b/features/step_definitions/snapshots.rb
@@ -0,0 +1,177 @@
+def checkpoints
+ {
+ 'tails-greeter' => {
+ :description => "I have started Tails from DVD without network and stopped at Tails Greeter's login screen",
+ :parent_checkpoint => nil,
+ :steps => [
+ 'the network is unplugged',
+ 'I start the computer',
+ 'the computer boots Tails'
+ ],
+ },
+
+ 'no-network-logged-in' => {
+ :description => "I have started Tails from DVD without network and logged in",
+ :parent_checkpoint => "tails-greeter",
+ :steps => [
+ 'I log in to a new session',
+ 'Tails Greeter has dealt with the sudo password',
+ 'the Tails desktop is ready',
+ ],
+ },
+
+ 'with-network-logged-in' => {
+ :description => "I have started Tails from DVD and logged in and the network is connected",
+ :parent_checkpoint => "no-network-logged-in",
+ :steps => [
+ 'the network is plugged',
+ 'Tor is ready',
+ 'all notifications have disappeared',
+ 'available upgrades have been checked',
+ ],
+ },
+
+ 'no-network-bridge-mode' => {
+ :temporary => true,
+ :description => "I have started Tails from DVD without network and logged in with bridge mode enabled",
+ :parent_checkpoint => "tails-greeter",
+ :steps => [
+ 'I enable more Tails Greeter options',
+ 'I enable the specific Tor configuration option',
+ 'I log in to a new session',
+ 'Tails Greeter has dealt with the sudo password',
+ 'the Tails desktop is ready',
+ 'all notifications have disappeared',
+ ],
+ },
+
+ 'no-network-logged-in-sudo-passwd' => {
+ :temporary => true,
+ :description => "I have started Tails from DVD without network and logged in with an administration password",
+ :parent_checkpoint => "tails-greeter",
+ :steps => [
+ 'I enable more Tails Greeter options',
+ 'I set an administration password',
+ 'I log in to a new session',
+ 'Tails Greeter has dealt with the sudo password',
+ 'the Tails desktop is ready',
+ ],
+ },
+
+ 'with-network-logged-in-sudo-passwd' => {
+ :temporary => true,
+ :description => "I have started Tails from DVD and logged in with an administration password and the network is connected",
+ :parent_checkpoint => "no-network-logged-in-sudo-passwd",
+ :steps => [
+ 'the network is plugged',
+ 'Tor is ready',
+ 'all notifications have disappeared',
+ 'available upgrades have been checked',
+ ],
+ },
+
+ 'usb-install-tails-greeter' => {
+ :description => "I have started Tails without network from a USB drive without a persistent partition and stopped at Tails Greeter's login screen",
+ :parent_checkpoint => 'no-network-logged-in',
+ :steps => [
+ 'I create a 4 GiB disk named "current"',
+ 'I plug USB drive "current"',
+ 'I "Clone & Install" Tails to USB drive "current"',
+ 'the running Tails is installed on USB drive "current"',
+ 'there is no persistence partition on USB drive "current"',
+ 'I shutdown Tails and wait for the computer to power off',
+ 'I start Tails from USB drive "current" with network unplugged',
+ 'the boot device has safe access rights',
+ 'Tails is running from USB drive "current"',
+ 'there is no persistence partition on USB drive "current"',
+ 'process "udev-watchdog" is running',
+ 'udev-watchdog is monitoring the correct device',
+ ],
+ },
+
+ 'usb-install-with-persistence-tails-greeter' => {
+ :description => "I have started Tails without network from a USB drive with a persistent partition and stopped at Tails Greeter's login screen",
+ :parent_checkpoint => 'usb-install-tails-greeter',
+ :steps => [
+ 'I log in to a new session',
+ 'the Tails desktop is ready',
+ 'I create a persistent partition',
+ 'a Tails persistence partition exists on USB drive "current"',
+ 'I shutdown Tails and wait for the computer to power off',
+ 'I start Tails from USB drive "current" with network unplugged',
+ 'the boot device has safe access rights',
+ 'Tails is running from USB drive "current"',
+ 'process "udev-watchdog" is running',
+ 'udev-watchdog is monitoring the correct device',
+ ],
+ },
+
+ 'usb-install-with-persistence-logged-in' => {
+ :description => "I have started Tails without network from a USB drive with a persistent partition enabled and logged in",
+ :parent_checkpoint => 'usb-install-with-persistence-tails-greeter',
+ :steps => [
+ 'I enable persistence',
+ 'I log in to a new session',
+ 'the Tails desktop is ready',
+ 'all persistence presets are enabled',
+ 'all persistent filesystems have safe access rights',
+ 'all persistence configuration files have safe access rights',
+ 'all persistent directories have safe access rights',
+ ],
+ },
+ }
+end
+
+def reach_checkpoint(name)
+ scenario_indent = " "*4
+ step_indent = " "*6
+
+ step "a computer"
+ if VM.snapshot_exists?(name)
+ $vm.restore_snapshot(name)
+ post_snapshot_restore_hook
+ else
+ checkpoint = checkpoints[name]
+ checkpoint_description = checkpoint[:description]
+ parent_checkpoint = checkpoint[:parent_checkpoint]
+ steps = checkpoint[:steps]
+ if parent_checkpoint
+ if VM.snapshot_exists?(parent_checkpoint)
+ $vm.restore_snapshot(parent_checkpoint)
+ else
+ reach_checkpoint(parent_checkpoint)
+ end
+ post_snapshot_restore_hook
+ end
+ debug_log(scenario_indent + "Checkpoint: #{checkpoint_description}",
+ :color => :white)
+ step_action = "Given"
+ if parent_checkpoint
+ parent_description = checkpoints[parent_checkpoint][:description]
+ debug_log(step_indent + "#{step_action} #{parent_description}",
+ :color => :green)
+ step_action = "And"
+ end
+ steps.each do |s|
+ begin
+ step(s)
+ rescue Exception => e
+ debug_log(scenario_indent +
+ "Step failed while creating checkpoint: #{s}",
+ :color => :red)
+ raise e
+ end
+ debug_log(step_indent + "#{step_action} #{s}", :color => :green)
+ step_action = "And"
+ end
+ $vm.save_snapshot(name)
+ end
+end
+
+# For each checkpoint we generate a step to reach it.
+checkpoints.each do |name, desc|
+ step_regex = Regexp.new("^#{Regexp.escape(desc[:description])}$")
+ Given step_regex do
+ reach_checkpoint(name)
+ end
+end
diff --git a/features/step_definitions/ssh.rb b/features/step_definitions/ssh.rb
index 7470a89..8900710 100644
--- a/features/step_definitions/ssh.rb
+++ b/features/step_definitions/ssh.rb
@@ -34,8 +34,7 @@ EOF
end
Given /^I have the SSH key pair for an? (Git|SSH|SFTP) (?:repository|server)$/ do |server_type|
- next if @skip_steps_while_restoring_background
- @vm.execute_successfully("install -m 0700 -d '/home/#{LIVE_USER}/.ssh/'", LIVE_USER)
+ $vm.execute_successfully("install -m 0700 -d '/home/#{LIVE_USER}/.ssh/'", LIVE_USER)
unless server_type == 'Git'
read_and_validate_ssh_config server_type
secret_key = $config[server_type]["private_key"]
@@ -45,19 +44,17 @@ Given /^I have the SSH key pair for an? (Git|SSH|SFTP) (?:repository|server)$/ d
public_key = $config["Unsafe_SSH_public_key"]
end
- @vm.execute_successfully("echo '#{secret_key}' > '/home/#{LIVE_USER}/.ssh/id_rsa'", LIVE_USER)
- @vm.execute_successfully("echo '#{public_key}' > '/home/#{LIVE_USER}/.ssh/id_rsa.pub'", LIVE_USER)
- @vm.execute_successfully("chmod 0600 '/home/#{LIVE_USER}/.ssh/'id*", LIVE_USER)
+ $vm.execute_successfully("echo '#{secret_key}' > '/home/#{LIVE_USER}/.ssh/id_rsa'", LIVE_USER)
+ $vm.execute_successfully("echo '#{public_key}' > '/home/#{LIVE_USER}/.ssh/id_rsa.pub'", LIVE_USER)
+ $vm.execute_successfully("chmod 0600 '/home/#{LIVE_USER}/.ssh/'id*", LIVE_USER)
end
Given /^I verify the SSH fingerprint for the (?:Git|SSH) (?:repository|server)$/ do
- next if @skip_steps_while_restoring_background
@screen.wait("SSHFingerprint.png", 60)
@screen.type('yes' + Sikuli::Key.ENTER)
end
When /^I connect to an SSH server on the Internet$/ do
- next if @skip_steps_while_restoring_background
read_and_validate_ssh_config "SSH"
@@ -71,12 +68,10 @@ When /^I connect to an SSH server on the Internet$/ do
end
Then /^I have sucessfully logged into the SSH server$/ do
- next if @skip_steps_while_restoring_background
@screen.wait('SSHLoggedInPrompt.png', 60)
end
Then /^I connect to an SFTP server on the Internet$/ do
- next if @skip_steps_while_restoring_background
read_and_validate_ssh_config "SFTP"
@@ -101,11 +96,9 @@ Then /^I connect to an SFTP server on the Internet$/ do
end
Then /^I verify the SSH fingerprint for the SFTP server$/ do
- next if @skip_steps_while_restoring_background
@screen.wait_and_click("GnomeSSHVerificationConfirm.png", 60)
end
Then /^I successfully connect to the SFTP server$/ do
- next if @skip_steps_while_restoring_background
@screen.wait("GnomeSSHSuccess.png", 60)
end
diff --git a/features/step_definitions/time_syncing.rb b/features/step_definitions/time_syncing.rb
index 43dc3af..1cd8c1a 100644
--- a/features/step_definitions/time_syncing.rb
+++ b/features/step_definitions/time_syncing.rb
@@ -7,9 +7,8 @@ def max_time_drift
end
When /^I set the system time to "([^"]+)"$/ do |time|
- next if @skip_steps_while_restoring_background
- @vm.execute_successfully("date -s '#{time}'")
- new_time = DateTime.parse(@vm.execute_successfully("date").stdout).to_time
+ $vm.execute_successfully("date -s '#{time}'")
+ new_time = DateTime.parse($vm.execute_successfully("date").stdout).to_time
expected_time_lower_bound = DateTime.parse(time).to_time
expected_time_upper_bound = expected_time_lower_bound + max_time_drift
assert(expected_time_lower_bound <= new_time &&
@@ -19,16 +18,15 @@ When /^I set the system time to "([^"]+)"$/ do |time|
end
When /^I bump the (hardware clock's|system) time with "([^"]+)"$/ do |clock_type, timediff|
- next if @skip_steps_while_restoring_background
case clock_type
when "hardware clock's"
- old_time = DateTime.parse(@vm.execute_successfully("hwclock -r").stdout).to_time
- @vm.execute_successfully("hwclock --set --date 'now #{timediff}'")
- new_time = DateTime.parse(@vm.execute_successfully("hwclock -r").stdout).to_time
+ old_time = DateTime.parse($vm.execute_successfully("hwclock -r").stdout).to_time
+ $vm.execute_successfully("hwclock --set --date 'now #{timediff}'")
+ new_time = DateTime.parse($vm.execute_successfully("hwclock -r").stdout).to_time
when 'system'
- old_time = DateTime.parse(@vm.execute_successfully("date").stdout).to_time
- @vm.execute_successfully("date -s 'now #{timediff}'")
- new_time = DateTime.parse(@vm.execute_successfully("date").stdout).to_time
+ old_time = DateTime.parse($vm.execute_successfully("date").stdout).to_time
+ $vm.execute_successfully("date -s 'now #{timediff}'")
+ new_time = DateTime.parse($vm.execute_successfully("date").stdout).to_time
end
expected_time_lower_bound = DateTime.parse(
cmd_helper(["date", "-d", "#{old_time} #{timediff}"])).to_time
@@ -40,8 +38,7 @@ When /^I bump the (hardware clock's|system) time with "([^"]+)"$/ do |clock_type
end
Then /^Tails clock is less than (\d+) minutes incorrect$/ do |max_diff_mins|
- next if @skip_steps_while_restoring_background
- guest_time_str = @vm.execute("date --rfc-2822").stdout.chomp
+ guest_time_str = $vm.execute("date --rfc-2822").stdout.chomp
guest_time = Time.rfc2822(guest_time_str)
host_time = Time.now
diff = (host_time - guest_time).abs
@@ -51,12 +48,11 @@ Then /^Tails clock is less than (\d+) minutes incorrect$/ do |max_diff_mins|
end
Then /^the system clock is just past Tails' build date$/ do
- next if @skip_steps_while_restoring_background
- system_time_str = @vm.execute_successfully('date').to_s
+ system_time_str = $vm.execute_successfully('date').to_s
system_time = DateTime.parse(system_time_str).to_time
build_time_cmd = 'sed -n -e "1s/^.* - \([0-9]\+\)$/\1/p;q" ' +
'/etc/amnesia/version'
- build_time_str = @vm.execute_successfully(build_time_cmd).to_s
+ build_time_str = $vm.execute_successfully(build_time_cmd).to_s
build_time = DateTime.parse(build_time_str).to_time
diff = system_time - build_time # => in seconds
# Half an hour should be enough to boot Tails on any reasonable
@@ -72,15 +68,14 @@ end
Then /^Tails' hardware clock is close to the host system's time$/ do
host_time = Time.now
- hwclock_time_str = @vm.execute('hwclock -r').stdout.chomp
+ hwclock_time_str = $vm.execute('hwclock -r').stdout.chomp
hwclock_time = DateTime.parse(hwclock_time_str).to_time
diff = (hwclock_time - host_time).abs
assert(diff <= max_time_drift)
end
Then /^the hardware clock is still off by "([^"]+)"$/ do |timediff|
- next if @skip_steps_while_restoring_background
- hwclock = DateTime.parse(@vm.execute_successfully("hwclock -r").stdout.chomp).to_time
+ hwclock = DateTime.parse($vm.execute_successfully("hwclock -r").stdout.chomp).to_time
expected_time_lower_bound = DateTime.parse(
cmd_helper(["date", "-d", "now #{timediff}"])).to_time - max_time_drift
expected_time_upper_bound = expected_time_lower_bound + max_time_drift
diff --git a/features/step_definitions/tor.rb b/features/step_definitions/tor.rb
index a5ce18e..47e6d4e 100644
--- a/features/step_definitions/tor.rb
+++ b/features/step_definitions/tor.rb
@@ -56,9 +56,8 @@ def iptables_parse(iptables_output)
end
Then /^the firewall's policy is to (.+) all IPv4 traffic$/ do |expected_policy|
- next if @skip_steps_while_restoring_background
expected_policy.upcase!
- iptables_output = @vm.execute_successfully("iptables -L -n -v").stdout
+ iptables_output = $vm.execute_successfully("iptables -L -n -v").stdout
chains = iptables_parse(iptables_output)
["INPUT", "FORWARD", "OUTPUT"].each do |chain_name|
policy = chains[chain_name]["policy"]
@@ -68,13 +67,12 @@ Then /^the firewall's policy is to (.+) all IPv4 traffic$/ do |expected_policy|
end
Then /^the firewall is configured to only allow the (.+) users? to connect directly to the Internet over IPv4$/ do |users_str|
- next if @skip_steps_while_restoring_background
users = users_str.split(/, | and /)
expected_uids = Set.new
users.each do |user|
- expected_uids << @vm.execute_successfully("id -u #{user}").stdout.to_i
+ expected_uids << $vm.execute_successfully("id -u #{user}").stdout.to_i
end
- iptables_output = @vm.execute_successfully("iptables -L -n -v").stdout
+ iptables_output = $vm.execute_successfully("iptables -L -n -v").stdout
chains = iptables_parse(iptables_output)
allowed_output = chains["OUTPUT"]["rules"].find_all do |rule|
!(["DROP", "REJECT", "LOG"].include? rule["target"]) &&
@@ -114,9 +112,8 @@ Then /^the firewall is configured to only allow the (.+) users? to connect direc
end
Then /^the firewall's NAT rules only redirect traffic for Tor's TransPort and DNSPort$/ do
- next if @skip_steps_while_restoring_background
tor_onion_addr_space = "127.192.0.0/10"
- iptables_nat_output = @vm.execute_successfully("iptables -t nat -L -n -v").stdout
+ iptables_nat_output = $vm.execute_successfully("iptables -t nat -L -n -v").stdout
chains = iptables_parse(iptables_nat_output)
chains.each_pair do |name, chain|
rules = chain["rules"]
@@ -144,9 +141,8 @@ Then /^the firewall's NAT rules only redirect traffic for Tor's TransPort and DN
end
Then /^the firewall is configured to block all IPv6 traffic$/ do
- next if @skip_steps_while_restoring_background
expected_policy = "DROP"
- ip6tables_output = @vm.execute_successfully("ip6tables -L -n -v").stdout
+ ip6tables_output = $vm.execute_successfully("ip6tables -L -n -v").stdout
chains = iptables_parse(ip6tables_output)
chains.each_pair do |name, chain|
policy = chain["policy"]
@@ -166,11 +162,10 @@ end
def firewall_has_dropped_packet_to?(proto, host, port)
regex = "Dropped outbound packet: .* DST=#{host} .* PROTO=#{proto} "
regex += ".* DPT=#{port} " if port
- @vm.execute("grep -q '#{regex}' /var/log/syslog").success?
+ $vm.execute("grep -q '#{regex}' /var/log/syslog").success?
end
When /^I open an untorified (TCP|UDP|ICMP) connections to (\S*)(?: on port (\d+))? that is expected to fail$/ do |proto, host, port|
- next if @skip_steps_while_restoring_background
assert(!firewall_has_dropped_packet_to?(proto, host, port),
"A #{proto} packet to #{host}" +
(port.nil? ? "" : ":#{port}") +
@@ -188,11 +183,10 @@ When /^I open an untorified (TCP|UDP|ICMP) connections to (\S*)(?: on port (\d+)
when "ICMP"
cmd = "ping -c 5 #{host}"
end
- @conn_res = @vm.execute(cmd, LIVE_USER)
+ @conn_res = $vm.execute(cmd, LIVE_USER)
end
Then /^the untorified connection fails$/ do
- next if @skip_steps_while_restoring_background
case @conn_proto
when "TCP"
expected_in_stderr = "Connection refused"
@@ -207,7 +201,6 @@ Then /^the untorified connection fails$/ do
end
Then /^the untorified connection is logged as dropped by the firewall$/ do
- next if @skip_steps_while_restoring_background
assert(firewall_has_dropped_packet_to?(@conn_proto, @conn_host, @conn_port),
"No #{@conn_proto} packet to #{@conn_host}" +
(@conn_port.nil? ? "" : ":#{@conn_port}") +
@@ -215,8 +208,7 @@ Then /^the untorified connection is logged as dropped by the firewall$/ do
end
When /^the system DNS is(?: still)? using the local DNS resolver$/ do
- next if @skip_steps_while_restoring_background
- resolvconf = @vm.file_content("/etc/resolv.conf")
+ resolvconf = $vm.file_content("/etc/resolv.conf")
bad_lines = resolvconf.split("\n").find_all do |line|
!line.start_with?("#") && !/^nameserver\s+127\.0\.0\.1$/.match(line)
end
@@ -265,20 +257,18 @@ def stream_isolation_info(application)
end
When /^I monitor the network connections of (.*)$/ do |application|
- next if @skip_steps_while_restoring_background
@process_monitor_log = "/tmp/netstat.log"
info = stream_isolation_info(application)
- @vm.spawn("while true; do " +
+ $vm.spawn("while true; do " +
" netstat -taupen | grep \"#{info[:grep_monitor_expr]}\"; " +
" sleep 0.1; " +
"done > #{@process_monitor_log}")
end
Then /^I see that (.+) is properly stream isolated$/ do |application|
- next if @skip_steps_while_restoring_background
expected_port = stream_isolation_info(application)[:socksport]
assert_not_nil(@process_monitor_log)
- log_lines = @vm.file_content(@process_monitor_log).split("\n")
+ log_lines = $vm.file_content(@process_monitor_log).split("\n")
assert(log_lines.size > 0,
"Couldn't see any connection made by #{application} so " \
"something is wrong")
@@ -291,25 +281,21 @@ Then /^I see that (.+) is properly stream isolated$/ do |application|
end
And /^I re-run tails-security-check$/ do
- next if @skip_steps_while_restoring_background
- @vm.execute_successfully("tails-security-check", LIVE_USER)
+ $vm.execute_successfully("tails-security-check", LIVE_USER)
end
And /^I re-run htpdate$/ do
- next if @skip_steps_while_restoring_background
- @vm.execute_successfully("service htpdate stop && " \
+ $vm.execute_successfully("service htpdate stop && " \
"rm -f /var/run/htpdate/* && " \
"service htpdate start")
step "the time has synced"
end
And /^I re-run tails-upgrade-frontend-wrapper$/ do
- next if @skip_steps_while_restoring_background
- @vm.execute_successfully("tails-upgrade-frontend-wrapper", LIVE_USER)
+ $vm.execute_successfully("tails-upgrade-frontend-wrapper", LIVE_USER)
end
When /^I connect Gobby to "([^"]+)"$/ do |host|
- next if @skip_steps_while_restoring_background
@screen.wait("GobbyWindow.png", 30)
@screen.wait("GobbyWelcomePrompt.png", 10)
@screen.click("GnomeCloseButton.png")
@@ -321,12 +307,10 @@ When /^I connect Gobby to "([^"]+)"$/ do |host|
end
When /^the Tor Launcher autostarts$/ do
- next if @skip_steps_while_restoring_background
@screen.wait('TorLauncherWindow.png', 60)
end
When /^I configure some (\w+) pluggable transports in Tor Launcher$/ do |bridge_type|
- next if @skip_steps_while_restoring_background
bridge_type.downcase!
bridge_type.capitalize!
begin
@@ -366,7 +350,6 @@ EOF
end
When /^all Internet traffic has only flowed through the configured pluggable transports$/ do
- next if @skip_steps_while_restoring_background
assert_not_nil(@bridge_hosts, "No bridges has been configured via the " +
"'I configure some ... bridges in Tor Launcher' step")
leaks = FirewallLeakCheck.new(@sniffer.pcap_file,
@@ -375,9 +358,8 @@ When /^all Internet traffic has only flowed through the configured pluggable tra
end
Then /^the Tor binary is configured to use the expected Tor authorities$/ do
- next if @skip_steps_while_restoring_background
tor_auths = Set.new
- tor_binary_orport_strings = @vm.execute_successfully(
+ tor_binary_orport_strings = $vm.execute_successfully(
"strings /usr/bin/tor | grep -E 'orport=[0-9]+'").stdout.chomp.split("\n")
tor_binary_orport_strings.each do |potential_auth_string|
auth_regex = /^\S+ orport=\d+( bridge)?( no-v2)?( v3ident=[A-Z0-9]{40})? ([0-9\.]+):\d+( [A-Z0-9]{4}){10}$/
diff --git a/features/step_definitions/torified_browsing.rb b/features/step_definitions/torified_browsing.rb
index 694e6ad..c8f3ff1 100644
--- a/features/step_definitions/torified_browsing.rb
+++ b/features/step_definitions/torified_browsing.rb
@@ -1,5 +1,4 @@
When /^no traffic has flowed to the LAN$/ do
- next if @skip_steps_while_restoring_background
leaks = FirewallLeakCheck.new(@sniffer.pcap_file, :ignore_lan => false)
assert(not(leaks.ipv4_tcp_leaks.include?(@lan_host)),
"Traffic was sent to LAN host #{@lan_host}")
diff --git a/features/step_definitions/torified_gnupg.rb b/features/step_definitions/torified_gnupg.rb
index 75ec14e..f57ab97 100644
--- a/features/step_definitions/torified_gnupg.rb
+++ b/features/step_definitions/torified_gnupg.rb
@@ -2,7 +2,7 @@ class OpenPGPKeyserverCommunicationError < StandardError
end
def count_gpg_signatures(key)
- output = @vm.execute_successfully("gpg --batch --list-sigs #{key}",
+ output = $vm.execute_successfully("gpg --batch --list-sigs #{key}",
LIVE_USER).stdout
return output.scan(/^sig/).count
end
@@ -16,7 +16,7 @@ def seahorse_wait_helper(img, time = 20)
"Could not find 'SeahorseKeyserverError.png'")
else
# Seahorse has been known to segfault during tests
- syslog = @vm.file_content('/var/log/syslog')
+ syslog = $vm.file_content('/var/log/syslog')
m = /seahorse\[[0-9]+\]: segfault/.match(syslog)
assert(!m, 'Seahorse aborted with a segmentation fault')
end
@@ -26,7 +26,6 @@ def seahorse_wait_helper(img, time = 20)
end
Then /^the key "([^"]+)" has (only|more than) (\d+) signatures$/ do |key, qualifier, num|
- next if @skip_steps_while_restoring_background
count = count_gpg_signatures(key)
case qualifier
when 'only'
@@ -39,20 +38,18 @@ Then /^the key "([^"]+)" has (only|more than) (\d+) signatures$/ do |key, qualif
end
When /^the "([^"]+)" OpenPGP key is not in the live user's public keyring$/ do |keyid|
- next if @skip_steps_while_restoring_background
- assert(!@vm.execute("gpg --batch --list-keys '#{keyid}'", LIVE_USER).success?,
+ assert(!$vm.execute("gpg --batch --list-keys '#{keyid}'", LIVE_USER).success?,
"The '#{keyid}' key is in the live user's public keyring.")
end
When /^I fetch the "([^"]+)" OpenPGP key using the GnuPG CLI( without any signatures)?$/ do |keyid, without|
- next if @skip_steps_while_restoring_background
if without
importopts = '--keyserver-options import-clean'
else
importopts = ''
end
retry_tor do
- @gnupg_recv_key_res = @vm.execute_successfully(
+ @gnupg_recv_key_res = $vm.execute_successfully(
"gpg --batch #{importopts} --recv-key '#{keyid}'",
LIVE_USER)
if @gnupg_recv_key_res.failure?
@@ -64,26 +61,22 @@ When /^I fetch the "([^"]+)" OpenPGP key using the GnuPG CLI( without any signat
end
When /^the GnuPG fetch is successful$/ do
- next if @skip_steps_while_restoring_background
assert(@gnupg_recv_key_res.success?,
"gpg keyserver fetch failed:\n#{@gnupg_recv_key_res.stderr}")
end
When /^GnuPG uses the configured keyserver$/ do
- next if @skip_steps_while_restoring_background
assert(@gnupg_recv_key_res.stderr[CONFIGURED_KEYSERVER_HOSTNAME],
"GnuPG's stderr did not mention keyserver #{CONFIGURED_KEYSERVER_HOSTNAME}")
end
When /^the "([^"]+)" key is in the live user's public keyring after at most (\d+) seconds$/ do |keyid, delay|
- next if @skip_steps_while_restoring_background
try_for(delay.to_f, :msg => "The '#{keyid}' key is not in the live user's public keyring") {
- @vm.execute("gpg --batch --list-keys '#{keyid}'", LIVE_USER).success?
+ $vm.execute("gpg --batch --list-keys '#{keyid}'", LIVE_USER).success?
}
end
When /^I start Seahorse( via the Tails OpenPGP Applet)?$/ do |withgpgapplet|
- next if @skip_steps_while_restoring_background
if withgpgapplet
seahorse_menu_click_helper('GpgAppletIconNormal.png', 'GpgAppletManageKeys.png')
else
@@ -92,12 +85,10 @@ When /^I start Seahorse( via the Tails OpenPGP Applet)?$/ do |withgpgapplet|
end
Then /^Seahorse has opened$/ do
- next if @skip_steps_while_restoring_background
seahorse_wait_helper('SeahorseWindow.png')
end
Then /^I enable key synchronization in Seahorse$/ do
- next if @skip_steps_while_restoring_background
step 'process "seahorse" is running'
@screen.wait_and_click("SeahorseWindow.png", 10)
seahorse_menu_click_helper('SeahorseEdit.png', 'SeahorseEditPreferences.png', 'seahorse')
@@ -108,7 +99,6 @@ Then /^I enable key synchronization in Seahorse$/ do
end
Then /^I synchronize keys in Seahorse$/ do
- next if @skip_steps_while_restoring_background
recovery_proc = Proc.new do
@screen.wait_and_click('GnomeCloseButton.png', 20)
if @screen.exists('SeahorseSynchronizing.png')
@@ -132,7 +122,6 @@ Then /^I synchronize keys in Seahorse$/ do
end
When /^I fetch the "([^"]+)" OpenPGP key using Seahorse( via the Tails OpenPGP Applet)?$/ do |keyid, withgpgapplet|
- next if @skip_steps_while_restoring_background
if withgpgapplet
step "I start Seahorse via the Tails OpenPGP Applet"
else
@@ -169,8 +158,7 @@ When /^I fetch the "([^"]+)" OpenPGP key using Seahorse( via the Tails OpenPGP A
end
Then /^Seahorse is configured to use the correct keyserver$/ do
- next if @skip_steps_while_restoring_background
- @gnome_keyservers = YAML.load(@vm.execute_successfully('gsettings get org.gnome.crypto.pgp keyservers',
+ @gnome_keyservers = YAML.load($vm.execute_successfully('gsettings get org.gnome.crypto.pgp keyservers',
LIVE_USER).stdout)
assert_equal(1, @gnome_keyservers.count, 'Seahorse should only have one keyserver configured.')
# Seahorse doesn't support hkps so that part of the domain is stripped out.
diff --git a/features/step_definitions/torified_misc.rb b/features/step_definitions/torified_misc.rb
index 5d28216..253c5ed 100644
--- a/features/step_definitions/torified_misc.rb
+++ b/features/step_definitions/torified_misc.rb
@@ -1,7 +1,6 @@
When /^I query the whois directory service for "([^"]+)"$/ do |domain|
- next if @skip_steps_while_restoring_background
retry_tor do
- @vm_execute_res = @vm.execute("whois '#{domain}'", LIVE_USER)
+ @vm_execute_res = $vm.execute("whois '#{domain}'", LIVE_USER)
if @vm_execute_res.failure?
raise "Looking up whois info for #{domain} failed with:\n" +
"#{@vm_execute_res.stdout}\n" +
@@ -11,11 +10,10 @@ When /^I query the whois directory service for "([^"]+)"$/ do |domain|
end
When /^I wget "([^"]+)" to stdout(?:| with the '([^']+)' options)$/ do |url, options|
- next if @skip_steps_while_restoring_background
arguments = "-O - '#{url}'"
arguments = "#{options} #{arguments}" if options
retry_tor do
- @vm_execute_res = @vm.execute("wget #{arguments}", LIVE_USER)
+ @vm_execute_res = $vm.execute("wget #{arguments}", LIVE_USER)
if @vm_execute_res.failure?
raise "wget:ing #{url} with options #{options} failed with:\n" +
"#{@vm_execute_res.stdout}\n" +
@@ -25,7 +23,6 @@ When /^I wget "([^"]+)" to stdout(?:| with the '([^']+)' options)$/ do |url, opt
end
Then /^the (wget|whois) command is successful$/ do |command|
- next if @skip_steps_while_restoring_background
assert(
@vm_execute_res.success?,
"#{command} failed:\n" +
@@ -35,7 +32,6 @@ Then /^the (wget|whois) command is successful$/ do |command|
end
Then /^the (wget|whois) standard output contains "([^"]+)"$/ do |command, text|
- next if @skip_steps_while_restoring_background
assert(
@vm_execute_res.stdout[text],
"The #{command} standard output does not contain #{text}:\n" +
diff --git a/features/step_definitions/totem.rb b/features/step_definitions/totem.rb
index d535c25..6e0bf58 100644
--- a/features/step_definitions/totem.rb
+++ b/features/step_definitions/totem.rb
@@ -1,5 +1,4 @@
Given /^I create sample videos$/ do
- next if @skip_steps_while_restoring_background
@shared_video_dir_on_host = "#{$config["TMPDIR"]}/shared_video_dir"
@shared_video_dir_on_guest = "/tmp/shared_video_dir"
FileUtils.mkdir_p(@shared_video_dir_on_host)
@@ -12,12 +11,10 @@ Given /^I create sample videos$/ do
end
Given /^I setup a filesystem share containing sample videos$/ do
- next if @skip_steps_while_restoring_background
- @vm.add_share(@shared_video_dir_on_host, @shared_video_dir_on_guest)
+ $vm.add_share(@shared_video_dir_on_host, @shared_video_dir_on_guest)
end
Given /^I copy the sample videos to "([^"]+)" as user "([^"]+)"$/ do |destination, user|
- next if @skip_steps_while_restoring_background
for video_on_host in Dir.glob("#{@shared_video_dir_on_host}/*.mp4") do
video_name = File.basename(video_on_host)
src_on_guest = "#{@shared_video_dir_on_guest}/#{video_name}"
@@ -27,20 +24,17 @@ Given /^I copy the sample videos to "([^"]+)" as user "([^"]+)"$/ do |destinatio
end
When /^I start Totem through the GNOME menu$/ do
- next if @skip_steps_while_restoring_background
step 'I start "Totem" via the GNOME "SoundVideo" applications menu'
@screen.wait_and_click("TotemMainWindow.png", 20)
end
When /^I load the "([^"]+)" URL in Totem$/ do |url|
- next if @skip_steps_while_restoring_background
@screen.type("l", Sikuli::KeyModifier.CTRL)
@screen.wait("TotemOpenUrlDialog.png", 10)
@screen.type(url + Sikuli::Key.ENTER)
end
When /^I(?:| try to) open "([^"]+)" with Totem$/ do |filename|
- next if @skip_steps_while_restoring_background
step "I run \"totem #{filename}\" in GNOME Terminal"
end
diff --git a/features/step_definitions/unsafe_browser.rb b/features/step_definitions/unsafe_browser.rb
index cc06f9e..9f81855 100644
--- a/features/step_definitions/unsafe_browser.rb
+++ b/features/step_definitions/unsafe_browser.rb
@@ -1,5 +1,4 @@
When /^I see and accept the Unsafe Browser start verification$/ do
- next if @skip_steps_while_restoring_background
@screen.wait('GnomeQuestionDialogIcon.png', 30)
@screen.type(Sikuli::Key.ESC)
end
@@ -13,19 +12,17 @@ def supported_torbrowser_languages
"#{first}_#{second}", first]
when_not_found = Proc.new { raise "Could not find a locale for '#{line}'" }
candidates.find(when_not_found) do |candidate|
- @vm.directory_exist?("/usr/lib/locale/#{candidate}")
+ $vm.directory_exist?("/usr/lib/locale/#{candidate}")
end
end
end
Then /^I start the Unsafe Browser in the "([^"]+)" locale$/ do |loc|
- next if @skip_steps_while_restoring_background
step "I run \"LANG=#{loc} LC_ALL=#{loc} sudo unsafe-browser\" in GNOME Terminal"
step "I see and accept the Unsafe Browser start verification"
end
Then /^the Unsafe Browser works in all supported languages$/ do
- next if @skip_steps_while_restoring_background
failed = Array.new
supported_torbrowser_languages.each do |lang|
step "I start the Unsafe Browser in the \"#{lang}\" locale"
@@ -42,24 +39,20 @@ Then /^the Unsafe Browser works in all supported languages$/ do
end
Then /^I see the Unsafe Browser start notification and wait for it to close$/ do
- next if @skip_steps_while_restoring_background
notification_helper('UnsafeBrowserStartNotification.png', 30)
@screen.waitVanish("UnsafeBrowserStartNotification.png", 10)
end
Then /^the Unsafe Browser has started$/ do
- next if @skip_steps_while_restoring_background
@screen.wait("UnsafeBrowserHomepage.png", 360)
end
Then /^the Unsafe Browser has no add-ons installed$/ do
- next if @skip_steps_while_restoring_background
step "I open the address \"about:addons\" in the Unsafe Browser"
step "I see \"UnsafeBrowserNoAddons.png\" after at most 30 seconds"
end
Then /^the Unsafe Browser has only Firefox's default bookmarks configured$/ do
- next if @skip_steps_while_restoring_background
info = xul_application_info("Unsafe Browser")
# "Show all bookmarks"
@screen.type("o", Sikuli::KeyModifier.SHIFT + Sikuli::KeyModifier.CTRL)
@@ -69,8 +62,8 @@ Then /^the Unsafe Browser has only Firefox's default bookmarks configured$/ do
path = "/home/#{info[:user]}/bookmarks"
@screen.type(path + Sikuli::Key.ENTER)
chroot_path = "#{info[:chroot]}/#{path}.json"
- try_for(10) { @vm.file_exist?(chroot_path) }
- dump = JSON.load(@vm.file_content(chroot_path))
+ try_for(10) { $vm.file_exist?(chroot_path) }
+ dump = JSON.load($vm.file_content(chroot_path))
def check_bookmarks_helper(a)
mozilla_uris_counter = 0
@@ -108,22 +101,18 @@ Then /^the Unsafe Browser has only Firefox's default bookmarks configured$/ do
end
Then /^the Unsafe Browser has a red theme$/ do
- next if @skip_steps_while_restoring_background
@screen.wait("UnsafeBrowserRedTheme.png", 10)
end
Then /^the Unsafe Browser shows a warning as its start page$/ do
- next if @skip_steps_while_restoring_background
@screen.wait("UnsafeBrowserStartPage.png", 10)
end
When /^I start the Unsafe Browser$/ do
- next if @skip_steps_while_restoring_background
step 'I start "UnsafeBrowser" via the GNOME "Internet" applications menu'
end
When /^I successfully start the Unsafe Browser$/ do
- next if @skip_steps_while_restoring_background
step "I start the Unsafe Browser"
step "I see and accept the Unsafe Browser start verification"
step "I see the Unsafe Browser start notification and wait for it to close"
@@ -131,33 +120,28 @@ When /^I successfully start the Unsafe Browser$/ do
end
Then /^I see a warning about another instance already running$/ do
- next if @skip_steps_while_restoring_background
@screen.wait('UnsafeBrowserWarnAlreadyRunning.png', 10)
end
When /^I close the Unsafe Browser$/ do
- next if @skip_steps_while_restoring_background
@screen.type("q", Sikuli::KeyModifier.CTRL)
end
Then /^I see the Unsafe Browser stop notification$/ do
- next if @skip_steps_while_restoring_background
notification_helper('UnsafeBrowserStopNotification.png', 20)
@screen.waitVanish('UnsafeBrowserStopNotification.png', 10)
end
Then /^I can start the Unsafe Browser again$/ do
- next if @skip_steps_while_restoring_background
step "I start the Unsafe Browser"
end
Then /^I cannot configure the Unsafe Browser to use any local proxies$/ do
- next if @skip_steps_while_restoring_background
socks_proxy = 'c' # Alt+c for socks proxy
no_proxy = 'y' # Alt+y for no proxy
proxies = [[no_proxy, nil, nil]]
socksport_lines =
- @vm.execute_successfully('grep -w "^SocksPort" /etc/tor/torrc').stdout
+ $vm.execute_successfully('grep -w "^SocksPort" /etc/tor/torrc').stdout
assert(socksport_lines.size >= 4, "We got fewer than four Tor SocksPorts")
socksports = socksport_lines.scan(/^SocksPort\s([^:]+):(\d+)/)
proxies += socksports.map { |host, port| [socks_proxy, host, port] }
@@ -195,7 +179,6 @@ Then /^I cannot configure the Unsafe Browser to use any local proxies$/ do
end
Then /^the Unsafe Browser has no proxy configured$/ do
- next if @skip_steps_while_restoring_background
@screen.click('UnsafeBrowserMenuButton.png')
@screen.wait_and_click('UnsafeBrowserPreferencesButton.png', 10)
@screen.wait_and_click('UnsafeBrowserAdvancedSettingsButton.png', 10)
@@ -208,29 +191,25 @@ Then /^the Unsafe Browser has no proxy configured$/ do
end
Then /^the Unsafe Browser complains that no DNS server is configured$/ do
- next if @skip_steps_while_restoring_background
@screen.wait("UnsafeBrowserDNSError.png", 30)
end
Then /^I configure the Unsafe Browser to check for updates more frequently$/ do
- next if @skip_steps_while_restoring_background
prefs = '/usr/share/tails/unsafe-browser/prefs.js'
- @vm.file_append(prefs, 'pref("app.update.idletime", 1);')
- @vm.file_append(prefs, 'pref("app.update.promptWaitTime", 1);')
- @vm.file_append(prefs, 'pref("app.update.interval", 5);')
+ $vm.file_append(prefs, 'pref("app.update.idletime", 1);')
+ $vm.file_append(prefs, 'pref("app.update.promptWaitTime", 1);')
+ $vm.file_append(prefs, 'pref("app.update.interval", 5);')
end
But /^checking for updates is disabled in the Unsafe Browser's configuration$/ do
- next if @skip_steps_while_restoring_background
prefs = '/usr/share/tails/unsafe-browser/prefs.js'
- assert(@vm.file_content(prefs).include?('pref("app.update.enabled", false)'))
+ assert($vm.file_content(prefs).include?('pref("app.update.enabled", false)'))
end
Then /^the clearnet user has (|not )sent packets out to the Internet$/ do |sent|
- next if @skip_steps_while_restoring_background
pkts = 0
- uid = @vm.execute_successfully("id -u clearnet").stdout.chomp.to_i
- iptables_output = @vm.execute_successfully("iptables -vnL").stdout.chomp
+ uid = $vm.execute_successfully("id -u clearnet").stdout.chomp.to_i
+ iptables_output = $vm.execute_successfully("iptables -vnL").stdout.chomp
output_chain = iptables_parse(iptables_output)["OUTPUT"]
output_chain["rules"].each do |rule|
if /owner UID match \b#{uid}\b/.match(rule["extra"])
diff --git a/features/step_definitions/untrusted_partitions.rb b/features/step_definitions/untrusted_partitions.rb
index 6965143..e183d8f 100644
--- a/features/step_definitions/untrusted_partitions.rb
+++ b/features/step_definitions/untrusted_partitions.rb
@@ -1,38 +1,33 @@
Given /^I create an? ([[:alnum:]]+) swap partition on disk "([^"]+)"$/ do |parttype, name|
- next if @skip_steps_while_restoring_background
- @vm.storage.disk_mkswap(name, parttype)
+ $vm.storage.disk_mkswap(name, parttype)
end
Then /^an? "([^"]+)" partition was detected by Tails on drive "([^"]+)"$/ do |type, name|
- next if @skip_steps_while_restoring_background
- part_info = @vm.execute_successfully(
- "parted -s '#{@vm.disk_dev(name)}' print 1").stdout.strip
+ part_info = $vm.execute_successfully(
+ "parted -s '#{$vm.disk_dev(name)}' print 1").stdout.strip
assert(part_info.match("^File System:\s*#{Regexp.escape(type)}$"),
"No #{type} partition was detected by Tails on disk '#{name}'")
end
Then /^Tails has no disk swap enabled$/ do
- next if @skip_steps_while_restoring_background
# Skip first line which contain column headers
- swap_info = @vm.execute_successfully("tail -n+2 /proc/swaps").stdout
+ swap_info = $vm.execute_successfully("tail -n+2 /proc/swaps").stdout
assert(swap_info.empty?,
"Disk swapping is enabled according to /proc/swaps:\n" + swap_info)
- mem_info = @vm.execute_successfully("grep '^Swap' /proc/meminfo").stdout
+ mem_info = $vm.execute_successfully("grep '^Swap' /proc/meminfo").stdout
assert(mem_info.match(/^SwapTotal:\s+0 kB$/),
"Disk swapping is enabled according to /proc/meminfo:\n" +
mem_info)
end
Given /^I create an? ([[:alnum:]]+) partition( labeled "([^"]+)")? with an? ([[:alnum:]]+) filesystem( encrypted with password "([^"]+)")? on disk "([^"]+)"$/ do |parttype, has_label, label, fstype, is_encrypted, luks_password, name|
- next if @skip_steps_while_restoring_background
opts = {}
opts.merge!(:label => label) if has_label
opts.merge!(:luks_password => luks_password) if is_encrypted
- @vm.storage.disk_mkpartfs(name, parttype, fstype, opts)
+ $vm.storage.disk_mkpartfs(name, parttype, fstype, opts)
end
Given /^I cat an ISO of the Tails image to disk "([^"]+)"$/ do |name|
- next if @skip_steps_while_restoring_background
src_disk = {
:path => TAILS_ISO,
:opts => {
@@ -41,25 +36,23 @@ Given /^I cat an ISO of the Tails image to disk "([^"]+)"$/ do |name|
}
}
dest_disk = {
- :path => @vm.storage.disk_path(name),
+ :path => $vm.storage.disk_path(name),
:opts => {
- :format => @vm.storage.disk_format(name)
+ :format => $vm.storage.disk_format(name)
}
}
- @vm.storage.guestfs_disk_helper(src_disk, dest_disk) do |g, src_disk_handle, dest_disk_handle|
+ $vm.storage.guestfs_disk_helper(src_disk, dest_disk) do |g, src_disk_handle, dest_disk_handle|
g.copy_device_to_device(src_disk_handle, dest_disk_handle, {})
end
end
Then /^drive "([^"]+)" is not mounted$/ do |name|
- next if @skip_steps_while_restoring_background
- dev = @vm.disk_dev(name)
- assert(!@vm.execute("grep -qs '^#{dev}' /proc/mounts").success?,
+ dev = $vm.disk_dev(name)
+ assert(!$vm.execute("grep -qs '^#{dev}' /proc/mounts").success?,
"an untrusted partition from drive '#{name}' was automounted")
end
Then /^Tails Greeter has( not)? detected a persistence partition$/ do |no_persistence|
- next if @skip_steps_while_restoring_background
expecting_persistence = no_persistence.nil?
@screen.find('TailsGreeter.png')
found_persistence = ! @screen.exists('TailsGreeterPersistence.png').nil?
diff --git a/features/step_definitions/usb.rb b/features/step_definitions/usb.rb
index 3c222fc..327e5fa 100644
--- a/features/step_definitions/usb.rb
+++ b/features/step_definitions/usb.rb
@@ -14,7 +14,7 @@ EOF
# VMCommand:s cannot handle newlines, and they're irrelevant in the
# above perl script any way
script.delete!("\n")
- presets = @vm.execute_successfully("perl -E '#{script}'").stdout.chomp.split("\n")
+ presets = $vm.execute_successfully("perl -E '#{script}'").stdout.chomp.split("\n")
assert presets.size >= 10, "Got #{presets.size} persistence presets, " +
"which is too few"
persistence_mapping = Hash.new
@@ -45,27 +45,23 @@ def persistent_mounts
end
def persistent_volumes_mountpoints
- @vm.execute("ls -1 -d /live/persistence/*_unlocked/").stdout.chomp.split
+ $vm.execute("ls -1 -d /live/persistence/*_unlocked/").stdout.chomp.split
end
Given /^I clone USB drive "([^"]+)" to a new USB drive "([^"]+)"$/ do |from, to|
- next if @skip_steps_while_restoring_background
- @vm.storage.clone_to_new_disk(from, to)
+ $vm.storage.clone_to_new_disk(from, to)
end
Given /^I unplug USB drive "([^"]+)"$/ do |name|
- next if @skip_steps_while_restoring_background
- @vm.unplug_drive(name)
+ $vm.unplug_drive(name)
end
Given /^the computer is set to boot from the old Tails DVD$/ do
- next if @skip_steps_while_restoring_background
- @vm.set_cdrom_boot(OLD_TAILS_ISO)
+ $vm.set_cdrom_boot(OLD_TAILS_ISO)
end
Given /^the computer is set to boot in UEFI mode$/ do
- next if @skip_steps_while_restoring_background
- @vm.set_os_loader('UEFI')
+ $vm.set_os_loader('UEFI')
@os_loader = 'UEFI'
end
@@ -98,13 +94,11 @@ def usb_install_helper(name)
end
When /^I start Tails Installer$/ do
- next if @skip_steps_while_restoring_background
step 'I start "TailsInstaller" via the GNOME "Tails" applications menu'
@screen.wait('USBCloneAndInstall.png', 30)
end
When /^I start Tails Installer in "([^"]+)" mode$/ do |mode|
- next if @skip_steps_while_restoring_background
step 'I start Tails Installer'
case mode
when 'Clone & Install'
@@ -119,24 +113,20 @@ When /^I start Tails Installer in "([^"]+)" mode$/ do |mode|
end
Then /^Tails Installer detects that a device is too small$/ do
- next if @skip_steps_while_restoring_background
@screen.wait('TailsInstallerTooSmallDevice.png', 10)
end
When /^I "Clone & Install" Tails to USB drive "([^"]+)"$/ do |name|
- next if @skip_steps_while_restoring_background
step 'I start Tails Installer in "Clone & Install" mode'
usb_install_helper(name)
end
When /^I "Clone & Upgrade" Tails to USB drive "([^"]+)"$/ do |name|
- next if @skip_steps_while_restoring_background
step 'I start Tails Installer in "Clone & Upgrade" mode'
usb_install_helper(name)
end
When /^I try a "Clone & Upgrade" Tails to USB drive "([^"]+)"$/ do |name|
- next if @skip_steps_while_restoring_background
begin
step "I \"Clone & Upgrade\" Tails to USB drive \"#{name}\""
rescue UpgradeNotSupported
@@ -147,7 +137,6 @@ When /^I try a "Clone & Upgrade" Tails to USB drive "([^"]+)"$/ do |name|
end
When /^I try to "Upgrade from ISO" USB drive "([^"]+)"$/ do |name|
- next if @skip_steps_while_restoring_background
begin
step "I do a \"Upgrade from ISO\" on USB drive \"#{name}\""
rescue UpgradeNotSupported
@@ -158,27 +147,23 @@ When /^I try to "Upgrade from ISO" USB drive "([^"]+)"$/ do |name|
end
When /^I am suggested to do a "Clone & Install"$/ do
- next if @skip_steps_while_restoring_background
@screen.find("USBCannotUpgrade.png")
end
When /^I am told that the destination device cannot be upgraded$/ do
- next if @skip_steps_while_restoring_background
@screen.find("USBCannotUpgrade.png")
end
Given /^I setup a filesystem share containing the Tails ISO$/ do
- next if @skip_steps_while_restoring_background
shared_iso_dir_on_host = "#{$config["TMPDIR"]}/shared_iso_dir"
@shared_iso_dir_on_guest = "/tmp/shared_iso_dir"
FileUtils.mkdir_p(shared_iso_dir_on_host)
FileUtils.cp(TAILS_ISO, shared_iso_dir_on_host)
add_after_scenario_hook { FileUtils.rm_r(shared_iso_dir_on_host) }
- @vm.add_share(shared_iso_dir_on_host, @shared_iso_dir_on_guest)
+ $vm.add_share(shared_iso_dir_on_host, @shared_iso_dir_on_guest)
end
When /^I do a "Upgrade from ISO" on USB drive "([^"]+)"$/ do |name|
- next if @skip_steps_while_restoring_background
step 'I start Tails Installer in "Upgrade from ISO" mode'
@screen.wait('USBUseLiveSystemISO.png', 10)
match = @screen.find('USBUseLiveSystemISO.png')
@@ -191,7 +176,6 @@ When /^I do a "Upgrade from ISO" on USB drive "([^"]+)"$/ do |name|
end
Given /^I enable all persistence presets$/ do
- next if @skip_steps_while_restoring_background
@screen.wait('PersistenceWizardPresets.png', 20)
# Select the "Persistent" folder preset, which is checked by default.
@screen.type(Sikuli::Key.TAB)
@@ -205,18 +189,17 @@ Given /^I enable all persistence presets$/ do
@screen.type(Sikuli::Key.F4, Sikuli::KeyModifier.ALT)
end
-Given /^I create a persistent partition with password "([^"]+)"$/ do |pwd|
- next if @skip_steps_while_restoring_background
+Given /^I create a persistent partition$/ do
step 'I start "ConfigurePersistentVolume" via the GNOME "Tails" applications menu'
@screen.wait('PersistenceWizardWindow.png', 40)
@screen.wait('PersistenceWizardStart.png', 20)
- @screen.type(pwd + "\t" + pwd + Sikuli::Key.ENTER)
+ @screen.type(@persistence_password + "\t" + @persistence_password + Sikuli::Key.ENTER)
@screen.wait('PersistenceWizardPresets.png', 300)
step "I enable all persistence presets"
end
def check_part_integrity(name, dev, usage, type, scheme, label)
- info = @vm.execute("udisks --show-info #{dev}").stdout
+ info = $vm.execute("udisks --show-info #{dev}").stdout
info_split = info.split("\n partition:\n")
dev_info = info_split[0]
part_info = info_split[1]
@@ -231,71 +214,67 @@ def check_part_integrity(name, dev, usage, type, scheme, label)
end
def tails_is_installed_helper(name, tails_root, loader)
- dev = @vm.disk_dev(name) + "1"
+ dev = $vm.disk_dev(name) + "1"
check_part_integrity(name, dev, "filesystem", "vfat", "gpt", "Tails")
target_root = "/mnt/new"
- @vm.execute("mkdir -p #{target_root}")
- @vm.execute("mount #{dev} #{target_root}")
+ $vm.execute("mkdir -p #{target_root}")
+ $vm.execute("mount #{dev} #{target_root}")
- c = @vm.execute("diff -qr '#{tails_root}/live' '#{target_root}/live'")
+ c = $vm.execute("diff -qr '#{tails_root}/live' '#{target_root}/live'")
assert(c.success?,
"USB drive '#{name}' has differences in /live:\n#{c.stdout}\n#{c.stderr}")
- syslinux_files = @vm.execute("ls -1 #{target_root}/syslinux").stdout.chomp.split
+ syslinux_files = $vm.execute("ls -1 #{target_root}/syslinux").stdout.chomp.split
# We deal with these files separately
ignores = ["syslinux.cfg", "exithelp.cfg", "ldlinux.sys"]
for f in syslinux_files - ignores do
- c = @vm.execute("diff -q '#{tails_root}/#{loader}/#{f}' " +
+ c = $vm.execute("diff -q '#{tails_root}/#{loader}/#{f}' " +
"'#{target_root}/syslinux/#{f}'")
assert(c.success?, "USB drive '#{name}' has differences in " +
"'/syslinux/#{f}'")
end
# The main .cfg is named differently vs isolinux
- c = @vm.execute("diff -q '#{tails_root}/#{loader}/#{loader}.cfg' " +
+ c = $vm.execute("diff -q '#{tails_root}/#{loader}/#{loader}.cfg' " +
"'#{target_root}/syslinux/syslinux.cfg'")
assert(c.success?, "USB drive '#{name}' has differences in " +
"'/syslinux/syslinux.cfg'")
- @vm.execute("umount #{target_root}")
- @vm.execute("sync")
+ $vm.execute("umount #{target_root}")
+ $vm.execute("sync")
end
Then /^the running Tails is installed on USB drive "([^"]+)"$/ do |target_name|
- next if @skip_steps_while_restoring_background
loader = boot_device_type == "usb" ? "syslinux" : "isolinux"
tails_is_installed_helper(target_name, "/lib/live/mount/medium", loader)
end
Then /^the ISO's Tails is installed on USB drive "([^"]+)"$/ do |target_name|
- next if @skip_steps_while_restoring_background
iso = "#{@shared_iso_dir_on_guest}/#{File.basename(TAILS_ISO)}"
iso_root = "/mnt/iso"
- @vm.execute("mkdir -p #{iso_root}")
- @vm.execute("mount -o loop #{iso} #{iso_root}")
+ $vm.execute("mkdir -p #{iso_root}")
+ $vm.execute("mount -o loop #{iso} #{iso_root}")
tails_is_installed_helper(target_name, iso_root, "isolinux")
- @vm.execute("umount #{iso_root}")
+ $vm.execute("umount #{iso_root}")
end
Then /^there is no persistence partition on USB drive "([^"]+)"$/ do |name|
- next if @skip_steps_while_restoring_background
- data_part_dev = @vm.disk_dev(name) + "2"
- assert(!@vm.execute("test -b #{data_part_dev}").success?,
+ data_part_dev = $vm.disk_dev(name) + "2"
+ assert(!$vm.execute("test -b #{data_part_dev}").success?,
"USB drive #{name} has a partition '#{data_part_dev}'")
end
-Then /^a Tails persistence partition with password "([^"]+)" exists on USB drive "([^"]+)"$/ do |pwd, name|
- next if @skip_steps_while_restoring_background
- dev = @vm.disk_dev(name) + "2"
+Then /^a Tails persistence partition exists on USB drive "([^"]+)"$/ do |name|
+ dev = $vm.disk_dev(name) + "2"
check_part_integrity(name, dev, "crypto", "crypto_LUKS", "gpt", "TailsData")
# The LUKS container may already be opened, e.g. by udisks after
# we've run tails-persistence-setup.
- c = @vm.execute("ls -1 /dev/mapper/")
+ c = $vm.execute("ls -1 /dev/mapper/")
if c.success?
for candidate in c.stdout.split("\n")
- luks_info = @vm.execute("cryptsetup status #{candidate}")
+ luks_info = $vm.execute("cryptsetup status #{candidate}")
if luks_info.success? and luks_info.stdout.match("^\s+device:\s+#{dev}$")
luks_dev = "/dev/mapper/#{candidate}"
break
@@ -303,48 +282,47 @@ Then /^a Tails persistence partition with password "([^"]+)" exists on USB drive
end
end
if luks_dev.nil?
- c = @vm.execute("echo #{pwd} | cryptsetup luksOpen #{dev} #{name}")
+ c = $vm.execute("echo #{@persistence_password} | " +
+ "cryptsetup luksOpen #{dev} #{name}")
assert(c.success?, "Couldn't open LUKS device '#{dev}' on drive '#{name}'")
luks_dev = "/dev/mapper/#{name}"
end
# Adapting check_part_integrity() seems like a bad idea so here goes
- info = @vm.execute("udisks --show-info #{luks_dev}").stdout
+ info = $vm.execute("udisks --show-info #{luks_dev}").stdout
assert info.match("^ cleartext luks device:$")
assert info.match("^ usage: +filesystem$")
assert info.match("^ type: +ext[34]$")
assert info.match("^ label: +TailsData$")
mount_dir = "/mnt/#{name}"
- @vm.execute("mkdir -p #{mount_dir}")
- c = @vm.execute("mount #{luks_dev} #{mount_dir}")
+ $vm.execute("mkdir -p #{mount_dir}")
+ c = $vm.execute("mount #{luks_dev} #{mount_dir}")
assert(c.success?,
"Couldn't mount opened LUKS device '#{dev}' on drive '#{name}'")
- @vm.execute("umount #{mount_dir}")
- @vm.execute("sync")
- @vm.execute("cryptsetup luksClose #{name}")
+ $vm.execute("umount #{mount_dir}")
+ $vm.execute("sync")
+ $vm.execute("cryptsetup luksClose #{name}")
end
-Given /^I enable persistence with password "([^"]+)"$/ do |pwd|
- next if @skip_steps_while_restoring_background
+Given /^I enable persistence$/ do
@screen.wait('TailsGreeterPersistence.png', 10)
@screen.type(Sikuli::Key.SPACE)
@screen.wait('TailsGreeterPersistencePassphrase.png', 10)
match = @screen.find('TailsGreeterPersistencePassphrase.png')
@screen.click(match.getCenter.offset(match.w*2, match.h/2))
- @screen.type(pwd)
+ @screen.type(@persistence_password)
end
def tails_persistence_enabled?
persistence_state_file = "/var/lib/live/config/tails.persistence"
- return @vm.execute("test -e '#{persistence_state_file}'").success? &&
- @vm.execute(". '#{persistence_state_file}' && " +
+ return $vm.execute("test -e '#{persistence_state_file}'").success? &&
+ $vm.execute(". '#{persistence_state_file}' && " +
'test "$TAILS_PERSISTENCE_ENABLED" = true').success?
end
Given /^all persistence presets(| from the old Tails version) are enabled$/ do |old_tails|
- next if @skip_steps_while_restoring_background
try_for(120, :msg => "Persistence is disabled") do
tails_persistence_enabled?
end
@@ -355,7 +333,7 @@ Given /^all persistence presets(| from the old Tails version) are enabled$/ do |
assert_not_nil($remembered_persistence_mounts)
expected_mounts = $remembered_persistence_mounts
end
- mount = @vm.execute("mount").stdout.chomp
+ mount = $vm.execute("mount").stdout.chomp
for _, dir in expected_mounts do
assert(mount.include?("on #{dir} "),
"Persistent directory '#{dir}' is not mounted")
@@ -363,34 +341,31 @@ Given /^all persistence presets(| from the old Tails version) are enabled$/ do |
end
Given /^persistence is disabled$/ do
- next if @skip_steps_while_restoring_background
assert(!tails_persistence_enabled?, "Persistence is enabled")
end
-Given /^I enable read-only persistence with password "([^"]+)"$/ do |pwd|
- step "I enable persistence with password \"#{pwd}\""
- next if @skip_steps_while_restoring_background
+Given /^I enable read-only persistence$/ do
+ step "I enable persistence"
@screen.wait_and_click('TailsGreeterPersistenceReadOnly.png', 10)
end
def boot_device
# Approach borrowed from
# config/chroot_local_includes/lib/live/config/998-permissions
- boot_dev_id = @vm.execute("udevadm info --device-id-of-file=/lib/live/mount/medium").stdout.chomp
- boot_dev = @vm.execute("readlink -f /dev/block/'#{boot_dev_id}'").stdout.chomp
+ boot_dev_id = $vm.execute("udevadm info --device-id-of-file=/lib/live/mount/medium").stdout.chomp
+ boot_dev = $vm.execute("readlink -f /dev/block/'#{boot_dev_id}'").stdout.chomp
return boot_dev
end
def boot_device_type
# Approach borrowed from
# config/chroot_local_includes/lib/live/config/998-permissions
- boot_dev_info = @vm.execute("udevadm info --query=property --name='#{boot_device}'").stdout.chomp
+ boot_dev_info = $vm.execute("udevadm info --query=property --name='#{boot_device}'").stdout.chomp
boot_dev_type = (boot_dev_info.split("\n").select { |x| x.start_with? "ID_BUS=" })[0].split("=")[1]
return boot_dev_type
end
Then /^Tails is running from (.*) drive "([^"]+)"$/ do |bus, name|
- next if @skip_steps_while_restoring_background
bus = bus.downcase
case bus
when "ide"
@@ -402,8 +377,8 @@ Then /^Tails is running from (.*) drive "([^"]+)"$/ do |bus, name|
actual_dev = boot_device
# The boot partition differs between a "normal" install using the
# USB installer and isohybrid installations
- expected_dev_normal = @vm.disk_dev(name) + "1"
- expected_dev_isohybrid = @vm.disk_dev(name) + "4"
+ expected_dev_normal = $vm.disk_dev(name) + "1"
+ expected_dev_isohybrid = $vm.disk_dev(name) + "4"
assert(actual_dev == expected_dev_normal ||
actual_dev == expected_dev_isohybrid,
"We are running from device #{actual_dev}, but for #{bus} drive " +
@@ -413,20 +388,19 @@ Then /^Tails is running from (.*) drive "([^"]+)"$/ do |bus, name|
end
Then /^the boot device has safe access rights$/ do
- next if @skip_steps_while_restoring_background
super_boot_dev = boot_device.sub(/[[:digit:]]+$/, "")
- devs = @vm.execute("ls -1 #{super_boot_dev}*").stdout.chomp.split
+ devs = $vm.execute("ls -1 #{super_boot_dev}*").stdout.chomp.split
assert(devs.size > 0, "Could not determine boot device")
- all_users = @vm.execute("cut -d':' -f1 /etc/passwd").stdout.chomp.split
+ all_users = $vm.execute("cut -d':' -f1 /etc/passwd").stdout.chomp.split
all_users_with_groups = all_users.collect do |user|
- groups = @vm.execute("groups #{user}").stdout.chomp.sub(/^#{user} : /, "").split(" ")
+ groups = $vm.execute("groups #{user}").stdout.chomp.sub(/^#{user} : /, "").split(" ")
[user, groups]
end
for dev in devs do
- dev_owner = @vm.execute("stat -c %U #{dev}").stdout.chomp
- dev_group = @vm.execute("stat -c %G #{dev}").stdout.chomp
- dev_perms = @vm.execute("stat -c %a #{dev}").stdout.chomp
+ dev_owner = $vm.execute("stat -c %U #{dev}").stdout.chomp
+ dev_group = $vm.execute("stat -c %G #{dev}").stdout.chomp
+ dev_perms = $vm.execute("stat -c %a #{dev}").stdout.chomp
assert_equal("root", dev_owner)
assert(dev_group == "disk" || dev_group == "root",
"Boot device '#{dev}' owned by group '#{dev_group}', expected " +
@@ -440,16 +414,16 @@ Then /^the boot device has safe access rights$/ do
end
end
- info = @vm.execute("udisks --show-info #{super_boot_dev}").stdout
+ info = $vm.execute("udisks --show-info #{super_boot_dev}").stdout
assert(info.match("^ system internal: +1$"),
"Boot device '#{super_boot_dev}' is not system internal for udisks")
end
Then /^all persistent filesystems have safe access rights$/ do
persistent_volumes_mountpoints.each do |mountpoint|
- fs_owner = @vm.execute("stat -c %U #{mountpoint}").stdout.chomp
- fs_group = @vm.execute("stat -c %G #{mountpoint}").stdout.chomp
- fs_perms = @vm.execute("stat -c %a #{mountpoint}").stdout.chomp
+ fs_owner = $vm.execute("stat -c %U #{mountpoint}").stdout.chomp
+ fs_group = $vm.execute("stat -c %G #{mountpoint}").stdout.chomp
+ fs_perms = $vm.execute("stat -c %a #{mountpoint}").stdout.chomp
assert_equal("root", fs_owner)
assert_equal("root", fs_group)
assert_equal('775', fs_perms)
@@ -458,16 +432,16 @@ end
Then /^all persistence configuration files have safe access rights$/ do
persistent_volumes_mountpoints.each do |mountpoint|
- assert(@vm.execute("test -e #{mountpoint}/persistence.conf").success?,
+ assert($vm.execute("test -e #{mountpoint}/persistence.conf").success?,
"#{mountpoint}/persistence.conf does not exist, while it should")
- assert(@vm.execute("test ! -e #{mountpoint}/live-persistence.conf").success?,
+ assert($vm.execute("test ! -e #{mountpoint}/live-persistence.conf").success?,
"#{mountpoint}/live-persistence.conf does exist, while it should not")
- @vm.execute(
+ $vm.execute(
"ls -1 #{mountpoint}/persistence.conf #{mountpoint}/live-*.conf"
).stdout.chomp.split.each do |f|
- file_owner = @vm.execute("stat -c %U '#{f}'").stdout.chomp
- file_group = @vm.execute("stat -c %G '#{f}'").stdout.chomp
- file_perms = @vm.execute("stat -c %a '#{f}'").stdout.chomp
+ file_owner = $vm.execute("stat -c %U '#{f}'").stdout.chomp
+ file_group = $vm.execute("stat -c %G '#{f}'").stdout.chomp
+ file_perms = $vm.execute("stat -c %a '#{f}'").stdout.chomp
assert_equal("tails-persistence-setup", file_owner)
assert_equal("tails-persistence-setup", file_group)
assert_equal("600", file_perms)
@@ -476,7 +450,6 @@ Then /^all persistence configuration files have safe access rights$/ do
end
Then /^all persistent directories(| from the old Tails version) have safe access rights$/ do |old_tails|
- next if @skip_steps_while_restoring_background
if old_tails.empty?
expected_dirs = persistent_dirs
else
@@ -486,9 +459,9 @@ Then /^all persistent directories(| from the old Tails version) have safe access
persistent_volumes_mountpoints.each do |mountpoint|
expected_dirs.each do |src, dest|
full_src = "#{mountpoint}/#{src}"
- assert_vmcommand_success @vm.execute("test -d #{full_src}")
- dir_perms = @vm.execute_successfully("stat -c %a '#{full_src}'").stdout.chomp
- dir_owner = @vm.execute_successfully("stat -c %U '#{full_src}'").stdout.chomp
+ assert_vmcommand_success $vm.execute("test -d #{full_src}")
+ dir_perms = $vm.execute_successfully("stat -c %a '#{full_src}'").stdout.chomp
+ dir_owner = $vm.execute_successfully("stat -c %U '#{full_src}'").stdout.chomp
if dest.start_with?("/home/#{LIVE_USER}")
expected_perms = "700"
expected_owner = LIVE_USER
@@ -507,40 +480,35 @@ Then /^all persistent directories(| from the old Tails version) have safe access
end
When /^I write some files expected to persist$/ do
- next if @skip_steps_while_restoring_background
persistent_mounts.each do |_, dir|
- owner = @vm.execute("stat -c %U #{dir}").stdout.chomp
- assert(@vm.execute("touch #{dir}/XXX_persist", user=owner).success?,
+ owner = $vm.execute("stat -c %U #{dir}").stdout.chomp
+ assert($vm.execute("touch #{dir}/XXX_persist", user=owner).success?,
"Could not create file in persistent directory #{dir}")
end
end
When /^I remove some files expected to persist$/ do
- next if @skip_steps_while_restoring_background
persistent_mounts.each do |_, dir|
- owner = @vm.execute("stat -c %U #{dir}").stdout.chomp
- assert(@vm.execute("rm #{dir}/XXX_persist", user=owner).success?,
+ owner = $vm.execute("stat -c %U #{dir}").stdout.chomp
+ assert($vm.execute("rm #{dir}/XXX_persist", user=owner).success?,
"Could not remove file in persistent directory #{dir}")
end
end
When /^I write some files not expected to persist$/ do
- next if @skip_steps_while_restoring_background
persistent_mounts.each do |_, dir|
- owner = @vm.execute("stat -c %U #{dir}").stdout.chomp
- assert(@vm.execute("touch #{dir}/XXX_gone", user=owner).success?,
+ owner = $vm.execute("stat -c %U #{dir}").stdout.chomp
+ assert($vm.execute("touch #{dir}/XXX_gone", user=owner).success?,
"Could not create file in persistent directory #{dir}")
end
end
When /^I take note of which persistence presets are available$/ do
- next if @skip_steps_while_restoring_background
$remembered_persistence_mounts = persistent_mounts
$remembered_persistence_dirs = persistent_dirs
end
Then /^the expected persistent files(| created with the old Tails version) are present in the filesystem$/ do |old_tails|
- next if @skip_steps_while_restoring_background
if old_tails.empty?
expected_mounts = persistent_mounts
else
@@ -548,24 +516,23 @@ Then /^the expected persistent files(| created with the old Tails version) are p
expected_mounts = $remembered_persistence_mounts
end
expected_mounts.each do |_, dir|
- assert(@vm.execute("test -e #{dir}/XXX_persist").success?,
+ assert($vm.execute("test -e #{dir}/XXX_persist").success?,
"Could not find expected file in persistent directory #{dir}")
- assert(!@vm.execute("test -e #{dir}/XXX_gone").success?,
+ assert(!$vm.execute("test -e #{dir}/XXX_gone").success?,
"Found file that should not have persisted in persistent directory #{dir}")
end
end
-Then /^only the expected files are present on the persistence partition encrypted with password "([^"]+)" on USB drive "([^"]+)"$/ do |password, name|
- next if @skip_steps_while_restoring_background
- assert(!@vm.is_running?)
+Then /^only the expected files are present on the persistence partition on USB drive "([^"]+)"$/ do |name|
+ assert(!$vm.is_running?)
disk = {
- :path => @vm.storage.disk_path(name),
+ :path => $vm.storage.disk_path(name),
:opts => {
- :format => @vm.storage.disk_format(name),
+ :format => $vm.storage.disk_format(name),
:readonly => true
}
}
- @vm.storage.guestfs_disk_helper(disk) do |g, disk_handle|
+ $vm.storage.guestfs_disk_helper(disk) do |g, disk_handle|
partitions = g.part_list(disk_handle).map do |part_desc|
disk_handle + part_desc["part_num"].to_s
end
@@ -575,7 +542,7 @@ Then /^only the expected files are present on the persistence partition encrypte
assert_not_nil(partition, "Could not find the 'TailsData' partition " \
"on disk '#{disk_handle}'")
luks_mapping = File.basename(partition) + "_unlocked"
- g.luks_open(partition, password, luks_mapping)
+ g.luks_open(partition, @persistence_password, luks_mapping)
luks_dev = "/dev/mapper/#{luks_mapping}"
mount_point = "/"
g.mount(luks_dev, mount_point)
@@ -595,7 +562,6 @@ Then /^only the expected files are present on the persistence partition encrypte
end
When /^I delete the persistent partition$/ do
- next if @skip_steps_while_restoring_background
step 'I start "DeletePersistentVolume" via the GNOME "Tails" applications menu'
@screen.wait("PersistenceWizardWindow.png", 40)
@screen.wait("PersistenceWizardDeletionStart.png", 20)
@@ -604,26 +570,22 @@ When /^I delete the persistent partition$/ do
end
Then /^Tails has started in UEFI mode$/ do
- assert(@vm.execute("test -d /sys/firmware/efi").success?,
+ assert($vm.execute("test -d /sys/firmware/efi").success?,
"/sys/firmware/efi does not exist")
end
Given /^I create a ([[:alpha:]]+) label on disk "([^"]+)"$/ do |type, name|
- next if @skip_steps_while_restoring_background
- @vm.storage.disk_mklabel(name, type)
+ $vm.storage.disk_mklabel(name, type)
end
Then /^a suitable USB device is (?:still )?not found$/ do
- next if @skip_steps_while_restoring_background
@screen.wait("TailsInstallerNoQEMUHardDisk.png", 30)
end
Then /^the "(?:[[:alpha:]]+)" USB drive is selected$/ do
- next if @skip_steps_while_restoring_background
@screen.wait("TailsInstallerQEMUHardDisk.png", 30)
end
Then /^no USB drive is selected$/ do
- next if @skip_steps_while_restoring_background
@screen.wait("TailsInstallerNoQEMUHardDisk.png", 30)
end
diff --git a/features/step_definitions/windows_camouflage.rb b/features/step_definitions/windows_camouflage.rb
index 82ccd8c..f32c8e6 100644
--- a/features/step_definitions/windows_camouflage.rb
+++ b/features/step_definitions/windows_camouflage.rb
@@ -1,10 +1,8 @@
Given /^I enable Microsoft Windows camouflage$/ do
@theme = "windows"
- next if @skip_steps_while_restoring_background
@screen.wait_and_click("TailsGreeterWindowsCamouflage.png", 10)
end
When /^I click the start menu$/ do
- next if @skip_steps_while_restoring_background
@screen.wait_and_click("WindowsStartButton.png", 10)
end
diff --git a/features/support/config.rb b/features/support/config.rb
index eeacd43..1b665cc 100644
--- a/features/support/config.rb
+++ b/features/support/config.rb
@@ -47,6 +47,10 @@ TIME_AT_START = Time.now
# Constants that are statically initialized.
CONFIGURED_KEYSERVER_HOSTNAME = 'hkps.pool.sks-keyservers.net'
+LIBVIRT_DOMAIN_NAME = "TailsToaster"
+LIBVIRT_DOMAIN_UUID = "203552d5-819c-41f3-800e-2c8ef2545404"
+LIBVIRT_NETWORK_NAME = "TailsToasterNet"
+LIBVIRT_NETWORK_UUID = "f2305af3-2a64-4f16-afe6-b9dbf02a597e"
MISC_FILES_DIR = "#{Dir.pwd}/features/misc_files"
SERVICES_EXPECTED_ON_ALL_IFACES =
[
diff --git a/features/support/env.rb b/features/support/env.rb
index 685d703..689172e 100644
--- a/features/support/env.rb
+++ b/features/support/env.rb
@@ -3,6 +3,12 @@ require "#{Dir.pwd}/features/support/extra_hooks.rb"
require 'time'
require 'rspec'
+# Force UTF-8. Ruby will default to the system locale, and if it is
+# non-UTF-8, String-methods will fail when operating on non-ASCII
+# strings.
+Encoding.default_external = Encoding::UTF_8
+Encoding.default_internal = Encoding::UTF_8
+
def fatal_system(str)
unless system(str)
raise StandardError.new("Command exited with #{$?}")
diff --git a/features/support/extra_hooks.rb b/features/support/extra_hooks.rb
index 4deccd1..f38c4bf 100644
--- a/features/support/extra_hooks.rb
+++ b/features/support/extra_hooks.rb
@@ -46,8 +46,8 @@ def AfterFeature(*tag_expressions, &block)
$after_feature_hooks << SimpleHook.new(tag_expressions, block)
end
-def debug_log(message)
- $debug_log_fns.each { |fn| fn.call(message) } if $debug_log_fns
+def debug_log(message, options = {})
+ $debug_log_fns.each { |fn| fn.call(message, options) } if $debug_log_fns
end
require 'cucumber/formatter/pretty'
@@ -85,8 +85,9 @@ module ExtraFormatters
$debug_log_fns << self.method(:debug_log)
end
- def debug_log(message)
- @io.puts(format_string(message, :blue))
+ def debug_log(message, options)
+ options[:color] ||= :blue
+ @io.puts(format_string(message, options[:color]))
@io.flush
end
end
diff --git a/features/support/helpers/display_helper.rb b/features/support/helpers/display_helper.rb
index f94d30e..0a66105 100644
--- a/features/support/helpers/display_helper.rb
+++ b/features/support/helpers/display_helper.rb
@@ -31,8 +31,13 @@ class Display
end
def stop
+ return if @virtviewer.nil?
Process.kill("TERM", @virtviewer.pid)
@virtviewer.close
+ rescue IOError
+ # IO.pid throws this if the process wasn't started yet. Possibly
+ # there's a race when doing a start() and then quickly running
+ # stop().
end
def restart
diff --git a/features/support/helpers/misc_helpers.rb b/features/support/helpers/misc_helpers.rb
index b6e4708..5b8b6f1 100644
--- a/features/support/helpers/misc_helpers.rb
+++ b/features/support/helpers/misc_helpers.rb
@@ -2,6 +2,15 @@ require 'date'
require 'timeout'
require 'test/unit'
+# Test::Unit adds an at_exit hook which, among other things, consumes
+# the command-line arguments that were intended for cucumber. If
+# e.g. `--format` was passed it will throw an error since it's not a
+# valid option for Test::Unit, and it throwing an error at this time
+# (at_exit) will make Cucumber think it failed and consequently exit
+# with an error. Fooling Test::Unit that this hook has already run
+# works around this craziness.
+Test::Unit.run = true
+
# Make all the assert_* methods easily accessible in any context.
include Test::Unit::Assertions
@@ -22,6 +31,7 @@ end
# passed when we throw a Timeout::Error exception.
def try_for(timeout, options = {})
options[:delay] ||= 1
+ last_exception = nil
# Create a unique exception used only for this particular try_for
# call's Timeout to allow nested try_for:s. If we used the same one,
# the innermost try_for would catch all outer ones', creating a
@@ -36,8 +46,11 @@ def try_for(timeout, options = {})
# (never?) a good idea, so we rethrow them. See below why we
# also rethrow *all* the unique exceptions.
raise e
- rescue Exception
- # All other exceptions are ignored while trying the block.
+ rescue Exception => e
+ # All other exceptions are ignored while trying the
+ # block. Well we save the last exception so we can print it in
+ # case of a timeout.
+ last_exception = e
end
sleep options[:delay]
end
@@ -63,6 +76,10 @@ def try_for(timeout, options = {})
# ends up there immediately.
rescue unique_timeout_exception => e
msg = options[:msg] || 'try_for() timeout expired'
+ if last_exception
+ msg += "\nLast ignored exception was: " +
+ "#{last_exception.class}: #{last_exception}"
+ end
raise Timeout::Error.new(msg)
end
@@ -101,10 +118,10 @@ def retry_tor(recovery_proc = nil, &block)
end
def wait_until_tor_is_working
- try_for(270) { @vm.execute(
+ try_for(270) { $vm.execute(
'. /usr/local/lib/tails-shell-library/tor.sh; tor_is_working').success? }
rescue Timeout::Error => e
- c = @vm.execute("grep restart-tor /var/log/syslog")
+ c = $vm.execute("grep restart-tor /var/log/syslog")
if c.success?
debug_log("From syslog:\n" + c.stdout.sub(/^/, " "))
else
@@ -161,7 +178,7 @@ end
# consensus in the VM + the hardcoded TOR_AUTHORITIES.
def get_all_tor_nodes
cmd = 'awk "/^r/ { print \$6 }" /var/lib/tor/cached-microdesc-consensus'
- @vm.execute(cmd).stdout.chomp.split("\n") + TOR_AUTHORITIES
+ $vm.execute(cmd).stdout.chomp.split("\n") + TOR_AUTHORITIES
end
def get_free_space(machine, path)
@@ -170,8 +187,8 @@ def get_free_space(machine, path)
assert(File.exists?(path), "Path '#{path}' not found on #{machine}.")
free = cmd_helper(["df", path])
when 'guest'
- assert(@vm.file_exist?(path), "Path '#{path}' not found on #{machine}.")
- free = @vm.execute_successfully("df '#{path}'")
+ assert($vm.file_exist?(path), "Path '#{path}' not found on #{machine}.")
+ free = $vm.execute_successfully("df '#{path}'")
else
raise 'Unsupported machine type #{machine} passed.'
end
diff --git a/features/support/helpers/storage_helper.rb b/features/support/helpers/storage_helper.rb
index ce4c65a..b4d8f1f 100644
--- a/features/support/helpers/storage_helper.rb
+++ b/features/support/helpers/storage_helper.rb
@@ -18,18 +18,22 @@ class VMStorage
@xml_path = xml_path
pool_xml = REXML::Document.new(File.read("#{@xml_path}/storage_pool.xml"))
pool_name = pool_xml.elements['pool/name'].text
+ @pool_path = "#{$config["TMPDIR"]}/#{pool_name}"
begin
@pool = @virt.lookup_storage_pool_by_name(pool_name)
rescue Libvirt::RetrieveError
- # There's no pool with that name, so we don't have to clear it
- else
+ @pool = nil
+ end
+ if @pool and not(KEEP_SNAPSHOTS)
VMStorage.clear_storage_pool(@pool)
+ @pool = nil
end
- @pool_path = "#{$config["TMPDIR"]}/#{pool_name}"
- pool_xml.elements['pool/target/path'].text = @pool_path
- @pool = @virt.define_storage_pool_xml(pool_xml.to_s)
- @pool.build unless Dir.exists?(@pool_path)
- @pool.create
+ unless @pool
+ pool_xml.elements['pool/target/path'].text = @pool_path
+ @pool = @virt.define_storage_pool_xml(pool_xml.to_s)
+ @pool.build unless Dir.exists?(@pool_path)
+ end
+ @pool.create unless @pool.active?
@pool.refresh
end
@@ -64,6 +68,10 @@ class VMStorage
VMStorage.clear_storage_pool_volumes(@pool)
end
+ def delete_volume(name)
+ @pool.lookup_volume_by_name(name).delete
+ end
+
def create_new_disk(name, options = {})
options[:size] ||= 2
options[:unit] ||= "GiB"
diff --git a/features/support/helpers/vm_helper.rb b/features/support/helpers/vm_helper.rb
index 2f76664..36bbbd5 100644
--- a/features/support/helpers/vm_helper.rb
+++ b/features/support/helpers/vm_helper.rb
@@ -10,8 +10,14 @@ class VMNet
def initialize(virt, xml_path)
@virt = virt
+ @net_name = LIBVIRT_NETWORK_NAME
net_xml = File.read("#{xml_path}/default_net.xml")
- update(net_xml)
+ rexml = REXML::Document.new(net_xml)
+ rexml.elements['network'].add_element('name')
+ rexml.elements['network/name'].text = @net_name
+ rexml.elements['network'].add_element('uuid')
+ rexml.elements['network/uuid'].text = LIBVIRT_NETWORK_UUID
+ update(rexml.to_s)
rescue Exception => e
destroy_and_undefine
raise e
@@ -29,8 +35,6 @@ class VMNet
end
def update(xml)
- net_xml = REXML::Document.new(xml)
- @net_name = net_xml.elements['network/name'].text
destroy_and_undefine
@net = @virt.define_network_xml(xml)
@net.create
@@ -61,8 +65,14 @@ class VM
@xml_path = xml_path
@vmnet = vmnet
@storage = storage
+ @domain_name = LIBVIRT_DOMAIN_NAME
default_domain_xml = File.read("#{@xml_path}/default.xml")
- update(default_domain_xml)
+ rexml = REXML::Document.new(default_domain_xml)
+ rexml.elements['domain'].add_element('name')
+ rexml.elements['domain/name'].text = @domain_name
+ rexml.elements['domain'].add_element('uuid')
+ rexml.elements['domain/uuid'].text = LIBVIRT_DOMAIN_UUID
+ update(rexml.to_s)
@display = Display.new(@domain_name, x_display)
set_cdrom_boot(TAILS_ISO)
plug_network
@@ -72,8 +82,6 @@ class VM
end
def update(xml)
- domain_xml = REXML::Document.new(xml)
- @domain_name = domain_xml.elements['domain/name'].text
destroy_and_undefine
@domain = @virt.define_domain_xml(xml)
end
@@ -182,7 +190,19 @@ class VM
close_cdrom
end
+ def list_disk_devs
+ ret = []
+ domain_xml = REXML::Document.new(@domain.xml_desc)
+ domain_xml.elements.each('domain/devices/disk') do |e|
+ ret << e.elements['target'].attribute('dev').to_s
+ end
+ return ret
+ end
+
def plug_drive(name, type)
+ if disk_plugged?(name)
+ raise "disk '#{name}' already plugged"
+ end
removable_usb = nil
case type
when "removable usb", "usb"
@@ -193,14 +213,9 @@ class VM
removable_usb = "off"
end
# Get the next free /dev/sdX on guest
- used_devs = []
- domain_xml = REXML::Document.new(@domain.xml_desc)
- domain_xml.elements.each('domain/devices/disk/target') do |e|
- used_devs <<= e.attribute('dev').to_s
- end
letter = 'a'
dev = "sd" + letter
- while used_devs.include? dev
+ while list_disk_devs.include?(dev)
letter = (letter[0].ord + 1).chr
dev = "sd" + letter
end
@@ -236,14 +251,33 @@ class VM
return nil
end
+ def disk_rexml_desc(name)
+ xml = disk_xml_desc(name)
+ if xml
+ return REXML::Document.new(xml)
+ else
+ return nil
+ end
+ end
+
def unplug_drive(name)
xml = disk_xml_desc(name)
@domain.detach_device(xml)
end
+ def disk_type(dev)
+ domain_xml = REXML::Document.new(@domain.xml_desc)
+ domain_xml.elements.each('domain/devices/disk') do |e|
+ if e.elements['target'].attribute('dev').to_s == dev
+ return e.elements['driver'].attribute('type').to_s
+ end
+ end
+ raise "No such disk device '#{dev}'"
+ end
+
def disk_dev(name)
- xml = REXML::Document.new(disk_xml_desc(name))
- return "/dev/" + xml.elements['disk/target'].attribute('dev').to_s
+ rexml = disk_rexml_desc(name) or return nil
+ return "/dev/" + rexml.elements['disk/target'].attribute('dev').to_s
end
def udisks_disk_dev(name)
@@ -251,14 +285,19 @@ class VM
end
def disk_detected?(name)
- return execute("test -b #{disk_dev(name)}").success?
+ dev = disk_dev(name) or return false
+ return execute("test -b #{dev}").success?
+ end
+
+ def disk_plugged?(name)
+ return not(disk_xml_desc(name).nil?)
end
def set_disk_boot(name, type)
if is_running?
raise "boot settings can only be set for inactive vms"
end
- plug_drive(name, type)
+ plug_drive(name, type) if not(disk_plugged?(name))
set_boot_device('hd')
# For some reason setting the boot device doesn't prevent cdrom
# boot unless it's empty
@@ -460,19 +499,117 @@ EOF
return cmd.stdout
end
- def save_snapshot(path)
- @domain.save(path)
- @display.stop
+ def internal_snapshot_xml(name)
+ disk_devs = list_disk_devs
+ disks_xml = " <disks>\n"
+ for dev in disk_devs
+ snapshot_type = disk_type(dev) == "qcow2" ? 'internal' : 'no'
+ disks_xml +=
+ " <disk name='#{dev}' snapshot='#{snapshot_type}'></disk>\n"
+ end
+ disks_xml += " </disks>"
+ return <<-EOF
+<domainsnapshot>
+ <name>#{name}</name>
+ <description>Snapshot for #{name}</description>
+#{disks_xml}
+ </domainsnapshot>
+EOF
end
- def restore_snapshot(path)
- # Clean up current domain so its snapshot can be restored
- destroy_and_undefine
- Libvirt::Domain::restore(@virt, path)
- @domain = @virt.lookup_domain_by_name(@domain_name)
+ def VM.ram_only_snapshot_path(name)
+ return "#{$config["TMPDIR"]}/#{name}-snapshot.memstate"
+ end
+
+ def save_snapshot(name)
+ # If we have no qcow2 disk device, we'll use "memory state"
+ # snapshots, and if we have at least one qcow2 disk device, we'll
+ # use internal "system checkpoint" (memory + disks) snapshots. We
+ # have to do this since internal snapshots don't work when no
+ # such disk is available. We can do this with external snapshots,
+ # which are better in many ways, but libvirt doesn't know how to
+ # restore (revert back to) them yet.
+ # WARNING: If only transient disks, i.e. disks that were plugged
+ # after starting the domain, are used then the memory state will
+ # be dropped. External snapshots would also fix this.
+ internal_snapshot = false
+ domain_xml = REXML::Document.new(@domain.xml_desc)
+ domain_xml.elements.each('domain/devices/disk') do |e|
+ if e.elements['driver'].attribute('type').to_s == "qcow2"
+ internal_snapshot = true
+ break
+ end
+ end
+
+ # Note: In this case the "opposite" of `internal_snapshot` is not
+ # anything relating to external snapshots, but actually "memory
+ # state"(-only) snapshots.
+ if internal_snapshot
+ xml = internal_snapshot_xml(name)
+ @domain.snapshot_create_xml(xml)
+ else
+ snapshot_path = VM.ram_only_snapshot_path(name)
+ @domain.save(snapshot_path)
+ # For consistency with the internal snapshot case (which is
+ # "live", so the domain doesn't go down) we immediately restore
+ # the snapshot.
+ # Assumption: that *immediate* save + restore doesn't mess up
+ # with network state and similar, and is fast enough to not make
+ # the clock drift too much.
+ restore_snapshot(name)
+ end
+ end
+
+ def restore_snapshot(name)
+ @domain.destroy if is_running?
+ @display.stop if @display and @display.active?
+ # See comment in save_snapshot() for details on why we use two
+ # different type of snapshots.
+ potential_ram_only_snapshot_path = VM.ram_only_snapshot_path(name)
+ if File.exist?(potential_ram_only_snapshot_path)
+ Libvirt::Domain::restore(@virt, potential_ram_only_snapshot_path)
+ @domain = @virt.lookup_domain_by_name(@domain_name)
+ else
+ begin
+ potential_internal_snapshot = @domain.lookup_snapshot_by_name(name)
+ @domain.revert_to_snapshot(potential_internal_snapshot)
+ rescue Libvirt::RetrieveError
+ raise "No such (internal nor external) snapshot #{name}"
+ end
+ end
@display.start
end
+ def VM.remove_snapshot(name)
+ old_domain = $virt.lookup_domain_by_name(LIBVIRT_DOMAIN_NAME)
+ potential_ram_only_snapshot_path = VM.ram_only_snapshot_path(name)
+ if File.exist?(potential_ram_only_snapshot_path)
+ File.delete(potential_ram_only_snapshot_path)
+ else
+ snapshot = old_domain.lookup_snapshot_by_name(name)
+ snapshot.delete
+ end
+ end
+
+ def VM.snapshot_exists?(name)
+ return true if File.exist?(VM.ram_only_snapshot_path(name))
+ old_domain = $virt.lookup_domain_by_name(LIBVIRT_DOMAIN_NAME)
+ snapshot = old_domain.lookup_snapshot_by_name(name)
+ return snapshot != nil
+ rescue Libvirt::RetrieveError
+ return false
+ end
+
+ def VM.remove_all_snapshots
+ Dir.glob("#{$config["TMPDIR"]}/*-snapshot.memstate").each do |file|
+ File.delete(file)
+ end
+ old_domain = $virt.lookup_domain_by_name(LIBVIRT_DOMAIN_NAME)
+ old_domain.list_all_snapshots.each { |snapshot| snapshot.delete }
+ rescue Libvirt::RetrieveError
+ # No such domain, so no snapshots either.
+ end
+
def start
return if is_running?
@domain.create
diff --git a/features/support/hooks.rb b/features/support/hooks.rb
index 3e4aa84..100f2a8 100644
--- a/features/support/hooks.rb
+++ b/features/support/hooks.rb
@@ -5,6 +5,10 @@ require 'tmpdir'
# Run once, before any feature
AfterConfiguration do |config|
+ # Used to keep track of when we start our first @product feature, when
+ # we'll do some special things.
+ $started_first_product_feature = false
+
if File.exist?($config["TMPDIR"])
if !File.directory?($config["TMPDIR"])
raise "Temporary directory '#{$config["TMPDIR"]}' exists but is not a " +
@@ -22,6 +26,7 @@ AfterConfiguration do |config|
raise "Cannot create temporary directory: #{e.to_s}"
end
end
+
# Start a thread that monitors a pseudo fifo file and debug_log():s
# anything written to it "immediately" (well, as fast as inotify
# detects it). We're forced to a convoluted solution like this
@@ -49,27 +54,12 @@ end
# For @product tests
####################
-def delete_snapshot(snapshot)
- if snapshot and File.exist?(snapshot)
- File.delete(snapshot)
- end
-rescue Errno::EACCES => e
- STDERR.puts "Couldn't delete background snapshot: #{e.to_s}"
-end
-
-def delete_all_snapshots
- Dir.glob("#{$config["TMPDIR"]}/*.state").each do |snapshot|
- delete_snapshot(snapshot)
- end
-end
-
def add_after_scenario_hook(&block)
@after_scenario_hooks ||= Array.new
@after_scenario_hooks << block
end
BeforeFeature('@product') do |feature|
- delete_all_snapshots if !KEEP_SNAPSHOTS
if TAILS_ISO.nil?
raise "No Tails ISO image specified, and none could be found in the " +
"current directory"
@@ -96,23 +86,27 @@ BeforeFeature('@product') do |feature|
raise "The specified old Tails ISO image '#{OLD_TAILS_ISO}' does not exist"
end
puts "Using old ISO image: #{File.basename(OLD_TAILS_ISO)}"
- base = File.basename(feature.file, ".feature").to_s
- $background_snapshot = "#{$config["TMPDIR"]}/#{base}_background.state"
- $virt = Libvirt::open("qemu:///system")
- $vmnet = VMNet.new($virt, VM_XML_PATH)
- $vmstorage = VMStorage.new($virt, VM_XML_PATH)
+ if not($started_first_product_feature)
+ $virt = Libvirt::open("qemu:///system")
+ VM.remove_all_snapshots if !KEEP_SNAPSHOTS
+ $vmnet = VMNet.new($virt, VM_XML_PATH)
+ $vmstorage = VMStorage.new($virt, VM_XML_PATH)
+ $started_first_product_feature = true
+ end
end
AfterFeature('@product') do
- delete_snapshot($background_snapshot) if !KEEP_SNAPSHOTS
- $vmstorage.clear_pool
- $vmnet.destroy_and_undefine
- $virt.close
+ unless KEEP_SNAPSHOTS
+ checkpoints.each do |name, vals|
+ if vals[:temporary] and VM.snapshot_exists?(name)
+ VM.remove_snapshot(name)
+ end
+ end
+ end
end
# BeforeScenario
Before('@product') do |scenario|
- @screen = Sikuli::Screen.new
if $config["CAPTURE"]
video_name = "capture-" + "#{scenario.name}-#{TIME_AT_START}.mkv"
# Sanitize the filename from unix-hostile filename characters
@@ -132,15 +126,13 @@ Before('@product') do |scenario|
])
@video_capture_pid = capture.pid
end
- if File.size?($background_snapshot)
- @skip_steps_while_restoring_background = true
- else
- @skip_steps_while_restoring_background = false
- end
+ @screen = Sikuli::Screen.new
@theme = "gnome"
# English will be assumed if this is not overridden
@language = ""
@os_loader = "MBR"
+ @sudo_password = "asdf"
+ @persistence_password = "asdf"
end
# AfterScenario
@@ -174,11 +166,6 @@ After('@product') do |scenario|
FileUtils.rm(@video_path)
end
end
- @vm.destroy_and_undefine if @vm
-end
-
-After('@product', '~@keep_volumes') do
- $vmstorage.clear_volumes
end
Before('@product', '@check_tor_leaks') do |scenario|
@@ -234,5 +221,13 @@ BeforeFeature('@product', '@source') do |feature|
end
at_exit do
- delete_all_snapshots if !KEEP_SNAPSHOTS
+ $vm.destroy_and_undefine if $vm
+ if $virt
+ unless KEEP_SNAPSHOTS
+ VM.remove_all_snapshots
+ $vmstorage.clear_pool
+ end
+ $vmnet.destroy_and_undefine
+ $virt.close
+ end
end
diff --git a/features/time_syncing.feature b/features/time_syncing.feature
index d8ef5c7..dc01279 100644
--- a/features/time_syncing.feature
+++ b/features/time_syncing.feature
@@ -4,75 +4,62 @@ Feature: Time syncing
I want Tor to work properly
And for that I need a reasonably accurate system clock
- Background:
- Given a computer
- And I start Tails from DVD with network unplugged and I login
- And I save the state so the background can be restored next scenario
-
Scenario: Clock with host's time
+ Given I have started Tails from DVD without network and logged in
When the network is plugged
And Tor is ready
Then Tails clock is less than 5 minutes incorrect
+ Scenario: Clock with host's time in bridge mode
+ Given I have started Tails from DVD without network and logged in with bridge mode enabled
+ When the network is plugged
+ And the Tor Launcher autostarts
+ And I configure some Bridge pluggable transports in Tor Launcher
+ And Tor is ready
+ Then Tails clock is less than 5 minutes incorrect
+
Scenario: Clock is one day in the past
+ Given I have started Tails from DVD without network and logged in
When I bump the system time with "-1 day"
And the network is plugged
And Tor is ready
Then Tails clock is less than 5 minutes incorrect
- Scenario: Clock is one day in the future
- When I bump the system time with "+1 day"
+ Scenario: Clock is one day in the past in bridge mode
+ Given I have started Tails from DVD without network and logged in with bridge mode enabled
+ When I bump the system time with "-1 day"
And the network is plugged
+ And the Tor Launcher autostarts
+ And I configure some Bridge pluggable transports in Tor Launcher
And Tor is ready
Then Tails clock is less than 5 minutes incorrect
- Scenario: Clock way in the future
- When I set the system time to "01 Jan 2020 12:34:56"
+ Scenario: Clock is way in the past
+ Given I have started Tails from DVD without network and logged in
+ # 13 weeks will span over two Tails release cycles.
+ When I bump the system time with "-13 weeks"
And the network is plugged
And Tor is ready
Then Tails clock is less than 5 minutes incorrect
- Scenario: The system time is not synced to the hardware clock
- When I bump the system time with "-15 days"
- And I warm reboot the computer
- And the computer reboots Tails
- Then Tails' hardware clock is close to the host system's time
-
- Scenario: Anti-test: Changes to the hardware clock are kept when rebooting
- When I bump the hardware clock's time with "-15 days"
- And I warm reboot the computer
- And the computer reboots Tails
- Then the hardware clock is still off by "-15 days"
-
-# Scenario: Clock vs Tor consensus' valid-{after,until} etc.
-
- Scenario: Create a new snapshot to the same state (w.r.t. Sikuli steps) as the Background except we're now in bridge mode
- Given a computer
- And the network is unplugged
- And I start the computer
- And the computer boots Tails
- And I enable more Tails Greeter options
- And I enable the specific Tor configuration option
- And I log in to a new session
- And the Tails desktop is ready
- And I save the state so the background can be restored next scenario
-
- Scenario: Clock with host's time in bridge mode
- When the network is plugged
+ Scenario: Clock way in the past in bridge mode
+ Given I have started Tails from DVD without network and logged in with bridge mode enabled
+ When I bump the system time with "-6 weeks"
+ And the network is plugged
And the Tor Launcher autostarts
And I configure some Bridge pluggable transports in Tor Launcher
And Tor is ready
Then Tails clock is less than 5 minutes incorrect
- Scenario: Clock is one day in the past in bridge mode
- When I bump the system time with "-1 day"
+ Scenario: Clock is one day in the future
+ Given I have started Tails from DVD without network and logged in
+ When I bump the system time with "+1 day"
And the network is plugged
- And the Tor Launcher autostarts
- And I configure some Bridge pluggable transports in Tor Launcher
And Tor is ready
Then Tails clock is less than 5 minutes incorrect
Scenario: Clock is one day in the future in bridge mode
+ Given I have started Tails from DVD without network and logged in with bridge mode enabled
When I bump the system time with "+1 day"
And the network is plugged
And the Tor Launcher autostarts
@@ -80,7 +67,15 @@ Feature: Time syncing
And Tor is ready
Then Tails clock is less than 5 minutes incorrect
+ Scenario: Clock way in the future
+ Given I have started Tails from DVD without network and logged in
+ When I set the system time to "01 Jan 2020 12:34:56"
+ And the network is plugged
+ And Tor is ready
+ Then Tails clock is less than 5 minutes incorrect
+
Scenario: Clock way in the future in bridge mode
+ Given I have started Tails from DVD without network and logged in with bridge mode enabled
When I set the system time to "01 Jan 2020 12:34:56"
And the network is plugged
And the Tor Launcher autostarts
@@ -88,7 +83,21 @@ Feature: Time syncing
And Tor is ready
Then Tails clock is less than 5 minutes incorrect
- Scenario: Skip the background snapshot, boot with a hardware clock set way in the past and make sure that Tails sets the clock to the build date
+Scenario: The system time is not synced to the hardware clock
+ Given I have started Tails from DVD without network and logged in
+ When I bump the system time with "-15 days"
+ And I warm reboot the computer
+ And the computer reboots Tails
+ Then Tails' hardware clock is close to the host system's time
+
+ Scenario: Anti-test: Changes to the hardware clock are kept when rebooting
+ Given I have started Tails from DVD without network and logged in
+ When I bump the hardware clock's time with "-15 days"
+ And I warm reboot the computer
+ And the computer reboots Tails
+ Then the hardware clock is still off by "-15 days"
+
+ Scenario: Boot with a hardware clock set way in the past and make sure that Tails sets the clock to the build date
Given a computer
And the network is unplugged
And the hardware clock is set to "01 Jan 2000 12:34:56"
diff --git a/features/tor_bridges.feature b/features/tor_bridges.feature
index c52b18c..256f17f 100644
--- a/features/tor_bridges.feature
+++ b/features/tor_bridges.feature
@@ -5,48 +5,31 @@ Feature: Using Tails with Tor pluggable transports
And avoid connecting directly to the Tor Network
Background:
- Given a computer
- And the network is unplugged
- And I start the computer
- And the computer boots Tails
- And I enable more Tails Greeter options
- And I enable the specific Tor configuration option
- And I log in to a new session
- And the Tails desktop is ready
- And I save the state so the background can be restored next scenario
+ Given I have started Tails from DVD without network and logged in with bridge mode enabled
+ And I capture all network traffic
+ When the network is plugged
+ Then the Tor Launcher autostarts
Scenario: Using bridges
- Given I capture all network traffic
- When the network is plugged
- And the Tor Launcher autostarts
- And I configure some Bridge pluggable transports in Tor Launcher
+ When I configure some Bridge pluggable transports in Tor Launcher
Then Tor is ready
And available upgrades have been checked
And all Internet traffic has only flowed through the configured pluggable transports
Scenario: Using obfs2 pluggable transports
- Given I capture all network traffic
- When the network is plugged
- And the Tor Launcher autostarts
- And I configure some obfs2 pluggable transports in Tor Launcher
+ When I configure some obfs2 pluggable transports in Tor Launcher
Then Tor is ready
And available upgrades have been checked
And all Internet traffic has only flowed through the configured pluggable transports
Scenario: Using obfs3 pluggable transports
- Given I capture all network traffic
- When the network is plugged
- And the Tor Launcher autostarts
- And I configure some obfs3 pluggable transports in Tor Launcher
+ When I configure some obfs3 pluggable transports in Tor Launcher
Then Tor is ready
And available upgrades have been checked
And all Internet traffic has only flowed through the configured pluggable transports
Scenario: Using obfs4 pluggable transports
- Given I capture all network traffic
- When the network is plugged
- And the Tor Launcher autostarts
- And I configure some obfs4 pluggable transports in Tor Launcher
+ When I configure some obfs4 pluggable transports in Tor Launcher
Then Tor is ready
And available upgrades have been checked
And all Internet traffic has only flowed through the configured pluggable transports
diff --git a/features/tor_enforcement.feature b/features/tor_enforcement.feature
index 810d8b3..517853c 100644
--- a/features/tor_enforcement.feature
+++ b/features/tor_enforcement.feature
@@ -5,70 +5,70 @@ Feature: The Tor enforcement is effective
And as a Tails developer
I want to ensure that the automated test suite detects firewall leaks reliably
- Background:
- Given a computer
- When I start Tails from DVD and I login
- And I save the state so the background can be restored next scenario
-
Scenario: Tails' Tor binary is configured to use the expected Tor authorities
+ Given I have started Tails from DVD and logged in and the network is connected
Then the Tor binary is configured to use the expected Tor authorities
Scenario: The firewall configuration is very restrictive
+ Given I have started Tails from DVD and logged in and the network is connected
Then the firewall's policy is to drop all IPv4 traffic
And the firewall is configured to only allow the clearnet and debian-tor users to connect directly to the Internet over IPv4
And the firewall's NAT rules only redirect traffic for Tor's TransPort and DNSPort
And the firewall is configured to block all IPv6 traffic
+ @fragile
Scenario: Anti test: Detecting IPv4 TCP leaks from the Unsafe Browser with the firewall leak detector
- Given I capture all network traffic
+ Given I have started Tails from DVD and logged in and the network is connected
+ And I capture all network traffic
When I successfully start the Unsafe Browser
And I open the address "https://check.torproject.org" in the Unsafe Browser
And I see "UnsafeBrowserTorCheckFail.png" after at most 60 seconds
Then the firewall leak detector has detected IPv4 TCP leaks
Scenario: Anti test: Detecting IPv4 TCP leaks of TCP DNS lookups with the firewall leak detector
- Given I capture all network traffic
+ Given I have started Tails from DVD and logged in and the network is connected
+ And I capture all network traffic
And I disable Tails' firewall
When I do a TCP DNS lookup of "torproject.org"
Then the firewall leak detector has detected IPv4 TCP leaks
Scenario: Anti test: Detecting IPv4 non-TCP leaks (UDP) of UDP DNS lookups with the firewall leak detector
- Given I capture all network traffic
+ Given I have started Tails from DVD and logged in and the network is connected
+ And I capture all network traffic
And I disable Tails' firewall
When I do a UDP DNS lookup of "torproject.org"
Then the firewall leak detector has detected IPv4 non-TCP leaks
Scenario: Anti test: Detecting IPv4 non-TCP (ICMP) leaks of ping with the firewall leak detector
- Given I capture all network traffic
+ Given I have started Tails from DVD and logged in and the network is connected
+ And I capture all network traffic
And I disable Tails' firewall
When I send some ICMP pings
Then the firewall leak detector has detected IPv4 non-TCP leaks
@check_tor_leaks
Scenario: The Tor enforcement is effective at blocking untorified TCP connection attempts
+ Given I have started Tails from DVD and logged in and the network is connected
When I open an untorified TCP connections to 1.2.3.4 on port 42 that is expected to fail
Then the untorified connection fails
And the untorified connection is logged as dropped by the firewall
@check_tor_leaks
Scenario: The Tor enforcement is effective at blocking untorified UDP connection attempts
+ Given I have started Tails from DVD and logged in and the network is connected
When I open an untorified UDP connections to 1.2.3.4 on port 42 that is expected to fail
Then the untorified connection fails
And the untorified connection is logged as dropped by the firewall
@check_tor_leaks
Scenario: The Tor enforcement is effective at blocking untorified ICMP connection attempts
+ Given I have started Tails from DVD and logged in and the network is connected
When I open an untorified ICMP connections to 1.2.3.4 that is expected to fail
Then the untorified connection fails
And the untorified connection is logged as dropped by the firewall
Scenario: The system DNS is always set up to use Tor's DNSPort
- Given a computer
- And the network is unplugged
- And I start the computer
- And the computer boots Tails
- And I log in to a new session
- And the Tails desktop is ready
+ Given I have started Tails from DVD without network and logged in
And the system DNS is using the local DNS resolver
And the network is plugged
And Tor is ready
diff --git a/features/tor_stream_isolation.feature b/features/tor_stream_isolation.feature
index 345888a..59aa34d 100644
--- a/features/tor_stream_isolation.feature
+++ b/features/tor_stream_isolation.feature
@@ -4,9 +4,7 @@ Feature: Tor stream isolation is effective
I want my Torified sessions to be sensibly isolated from each other to prevent identity correlation
Background:
- Given a computer
- When I start Tails from DVD and I login
- And I save the state so the background can be restored next scenario
+ Given I have started Tails from DVD and logged in and the network is connected
Scenario: tails-security-check is using the Tails-specific SocksPort
When I monitor the network connections of tails-security-check
@@ -29,6 +27,7 @@ Feature: Tor stream isolation is effective
And the Tor Browser has started and loaded the startup page
Then I see that Tor Browser is properly stream isolated
+ @fragile
Scenario: Gobby is using the default SocksPort
When I monitor the network connections of Gobby
And I start "Gobby" via the GNOME "Internet" applications menu
@@ -47,12 +46,14 @@ Feature: Tor stream isolation is effective
And the whois command is successful
Then I see that whois is properly stream isolated
+ @fragile
Scenario: Explicitly torify-wrapped applications are using the default SocksPort
When I monitor the network connections of Gobby
And I run "torify /usr/bin/gobby-0.5" in GNOME Terminal
And I connect Gobby to "gobby.debian.org"
Then I see that Gobby is properly stream isolated
+ @fragile
Scenario: Explicitly torsocks-wrapped applications are using the default SocksPort
When I monitor the network connections of Gobby
And I run "torsocks /usr/bin/gobby-0.5" in GNOME Terminal
diff --git a/features/torified_browsing.feature b/features/torified_browsing.feature
index 211d2a5..84093da 100644
--- a/features/torified_browsing.feature
+++ b/features/torified_browsing.feature
@@ -1,22 +1,12 @@
-@product
+@product @fragile
Feature: Browsing the web using the Tor Browser
As a Tails user
when I browse the web using the Tor Browser
all Internet traffic should flow only through Tor
- Background:
- Given a computer
- And I start the computer
- And the computer boots Tails
- And I log in to a new session
- And the Tails desktop is ready
- And Tor is ready
- And available upgrades have been checked
- And all notifications have disappeared
- And I save the state so the background can be restored next scenario
-
Scenario: The Tor Browser cannot access the LAN
- Given a web server is running on the LAN
+ Given I have started Tails from DVD and logged in and the network is connected
+ And a web server is running on the LAN
And I capture all network traffic
When I start the Tor Browser
And the Tor Browser has started and loaded the startup page
@@ -26,6 +16,7 @@ Feature: Browsing the web using the Tor Browser
@check_tor_leaks
Scenario: The Tor Browser directory is usable
+ Given I have started Tails from DVD and logged in and the network is connected
Then the amnesiac Tor Browser directory exists
And there is a GNOME bookmark for the amnesiac Tor Browser directory
And the persistent Tor Browser directory does not exist
@@ -34,8 +25,9 @@ Feature: Browsing the web using the Tor Browser
Then I can save the current page as "index.html" to the default downloads directory
And I can print the current page as "output.pdf" to the default downloads directory
- @check_tor_leaks
+ @check_tor_leaks @fragile
Scenario: Importing an OpenPGP key from a website
+ Given I have started Tails from DVD and logged in and the network is connected
When I start the Tor Browser
And the Tor Browser has started and loaded the startup page
And I open the address "https://tails.boum.org/tails-signing.key" in the Tor Browser
@@ -43,8 +35,9 @@ Feature: Browsing the web using the Tor Browser
When I accept to import the key with Seahorse
Then I see "KeyImportedNotification.png" after at most 10 seconds
- @check_tor_leaks
+ @check_tor_leaks @fragile
Scenario: Playing HTML5 audio
+ Given I have started Tails from DVD and logged in and the network is connected
When I start the Tor Browser
And the Tor Browser has started and loaded the startup page
And no application is playing audio
@@ -52,8 +45,9 @@ Feature: Browsing the web using the Tor Browser
And I click the HTML5 play button
And 1 application is playing audio after 10 seconds
- @check_tor_leaks
+ @check_tor_leaks @fragile
Scenario: Watching a WebM video
+ Given I have started Tails from DVD and logged in and the network is connected
When I start the Tor Browser
And the Tor Browser has started and loaded the startup page
And I open the address "https://webm.html5.org/test.webm" in the Tor Browser
@@ -63,7 +57,8 @@ Feature: Browsing the web using the Tor Browser
Then I see "TorBrowserSampleRemoteWebMVideoFrame.png" after at most 180 seconds
Scenario: I can view a file stored in "~/Tor Browser" but not in ~/.gnupg
- Given I copy "/usr/share/synaptic/html/index.html" to "/home/amnesia/Tor Browser/synaptic.html" as user "amnesia"
+ Given I have started Tails from DVD and logged in and the network is connected
+ And I copy "/usr/share/synaptic/html/index.html" to "/home/amnesia/Tor Browser/synaptic.html" as user "amnesia"
And I copy "/usr/share/synaptic/html/index.html" to "/home/amnesia/.gnupg/synaptic.html" as user "amnesia"
And I copy "/usr/share/synaptic/html/index.html" to "/tmp/synaptic.html" as user "amnesia"
Then the file "/home/amnesia/.gnupg/synaptic.html" exists
@@ -100,24 +95,28 @@ Feature: Browsing the web using the Tor Browser
Then I do not see "TorBrowserSynapticManual.png" after at most 5 seconds
Scenario: The "Tails documentation" link on the Desktop works
+ Given I have started Tails from DVD and logged in and the network is connected
When I double-click on the "Tails documentation" link on the Desktop
Then the Tor Browser has started
And I see "TailsOfflineDocHomepage.png" after at most 10 seconds
Scenario: The Tor Browser uses TBB's shared libraries
+ Given I have started Tails from DVD and logged in and the network is connected
When I start the Tor Browser
And the Tor Browser has started
Then the Tor Browser uses all expected TBB shared libraries
- @check_tor_leaks
+ @check_tor_leaks @fragile
Scenario: Opening check.torproject.org in the Tor Browser shows the green onion and the congratulations message
+ Given I have started Tails from DVD and logged in and the network is connected
When I start the Tor Browser
And the Tor Browser has started and loaded the startup page
And I open the address "https://check.torproject.org" in the Tor Browser
Then I see "TorBrowserTorCheck.png" after at most 180 seconds
- @check_tor_leaks
+ @check_tor_leaks @fragile
Scenario: The Tor Browser's "New identity" feature works as expected
+ Given I have started Tails from DVD and logged in and the network is connected
When I start the Tor Browser
And the Tor Browser has started and loaded the startup page
And I open the address "https://check.torproject.org" in the Tor Browser
@@ -127,6 +126,40 @@ Feature: Browsing the web using the Tor Browser
Then the Tor Browser loads the startup page
Scenario: The Tor Browser should not have any plugins enabled
+ Given I have started Tails from DVD and logged in and the network is connected
When I start the Tor Browser
And the Tor Browser has started and loaded the startup page
Then the Tor Browser has no plugins installed
+
+ Scenario: The persistent Tor Browser directory is usable
+ Given I have started Tails without network from a USB drive with a persistent partition enabled and logged in
+ And the network is plugged
+ And Tor is ready
+ And available upgrades have been checked
+ And all notifications have disappeared
+ Then the persistent Tor Browser directory exists
+ And there is a GNOME bookmark for the persistent Tor Browser directory
+ When I start the Tor Browser
+ And the Tor Browser has started and loaded the startup page
+ And I can save the current page as "index.html" to the persistent Tor Browser directory
+ When I open the address "file:///home/amnesia/Persistent/Tor Browser/index.html" in the Tor Browser
+ Then I see "TorBrowserSavedStartupPage.png" after at most 10 seconds
+ And I can print the current page as "output.pdf" to the persistent Tor Browser directory
+
+ Scenario: Persistent browser bookmarks
+ Given I have started Tails without network from a USB drive with a persistent partition enabled and logged in
+ And all persistence presets are enabled
+ And all persistent filesystems have safe access rights
+ And all persistence configuration files have safe access rights
+ And all persistent directories have safe access rights
+ And I start the Tor Browser in offline mode
+ And the Tor Browser has started in offline mode
+ And I add a bookmark to eff.org in the Tor Browser
+ And I warm reboot the computer
+ And the computer reboots Tails
+ And I enable read-only persistence
+ And I log in to a new session
+ And the Tails desktop is ready
+ And I start the Tor Browser in offline mode
+ And the Tor Browser has started in offline mode
+ Then the Tor Browser has a bookmark to eff.org
diff --git a/features/torified_git.feature b/features/torified_git.feature
index cdbecb1..526a9db 100644
--- a/features/torified_git.feature
+++ b/features/torified_git.feature
@@ -5,15 +5,7 @@ Feature: Cloning a Git repository
all Internet traffic should flow only through Tor
Background:
- Given a computer
- And I start the computer
- And the computer boots Tails
- And I log in to a new session
- And the Tails desktop is ready
- And Tor is ready
- And available upgrades have been checked
- And all notifications have disappeared
- And I save the state so the background can be restored next scenario
+ Given I have started Tails from DVD and logged in and the network is connected
Scenario: Cloning a Git repository anonymously over HTTPS
When I run "git clone https://git-tails.immerda.ch/myprivatekeyispublic/testing" in GNOME Terminal
diff --git a/features/torified_gnupg.feature b/features/torified_gnupg.feature
index d9c30ed..d04c5d1 100644
--- a/features/torified_gnupg.feature
+++ b/features/torified_gnupg.feature
@@ -6,16 +6,8 @@ Feature: Keyserver interaction with GnuPG
and all Internet traffic should flow only through Tor.
Background:
- Given a computer
- And I start the computer
- And the computer boots Tails
- And I log in to a new session
- And the Tails desktop is ready
- And Tor is ready
- And all notifications have disappeared
- And available upgrades have been checked
+ Given I have started Tails from DVD and logged in and the network is connected
And the "10CC5BC7" OpenPGP key is not in the live user's public keyring
- And I save the state so the background can be restored next scenario
Scenario: Seahorse is configured to use the correct keyserver
Then Seahorse is configured to use the correct keyserver
diff --git a/features/torified_misc.feature b/features/torified_misc.feature
index c635bd6..5bb83c8 100644
--- a/features/torified_misc.feature
+++ b/features/torified_misc.feature
@@ -2,15 +2,7 @@
Feature: Various checks for torified software
Background:
- Given a computer
- And I start the computer
- And the computer boots Tails
- And I log in to a new session
- And the Tails desktop is ready
- And Tor is ready
- And all notifications have disappeared
- And available upgrades have been checked
- And I save the state so the background can be restored next scenario
+ Given I have started Tails from DVD and logged in and the network is connected
Scenario: wget(1) should work for HTTP and go through Tor.
When I wget "http://example.com/" to stdout
diff --git a/features/totem.feature b/features/totem.feature
index 3d3253c..738bf4b 100644
--- a/features/totem.feature
+++ b/features/totem.feature
@@ -5,7 +5,7 @@ Feature: Using Totem
And AppArmor should prevent Totem from doing dangerous things
And all Internet traffic should flow only through Tor
- # We cannot use Background to save a snapshot of an already booted
+ # We cannot use snapshots of an already booted
# Tails here, due to bugs with filesystem shares vs. snapshots, as
# explained in checks.feature.
@@ -25,13 +25,13 @@ Feature: Using Totem
Given I close Totem
And I copy the sample videos to "/home/amnesia/.gnupg" as user "amnesia"
And the file "/home/amnesia/.gnupg/video.mp4" exists
- Given I restart monitoring the AppArmor log of "/usr/bin/totem"
+ And I restart monitoring the AppArmor log of "/usr/bin/totem"
When I try to open "/home/amnesia/.gnupg/video.mp4" with Totem
Then I see "TotemUnableToOpen.png" after at most 10 seconds
And AppArmor has denied "/usr/bin/totem" from opening "/home/amnesia/.gnupg/video.mp4"
Given I close Totem
And the file "/lib/live/mount/overlay/home/amnesia/.gnupg/video.mp4" exists
- Given I restart monitoring the AppArmor log of "/usr/bin/totem"
+ And I restart monitoring the AppArmor log of "/usr/bin/totem"
When I try to open "/lib/live/mount/overlay/home/amnesia/.gnupg/video.mp4" with Totem
Then I see "TotemUnableToOpen.png" after at most 10 seconds
And AppArmor has denied "/usr/bin/totem" from opening "/lib/live/mount/overlay/home/amnesia/.gnupg/video.mp4"
@@ -49,26 +49,23 @@ Feature: Using Totem
Given a computer
And I start Tails from DVD and I login
When I open "https://webm.html5.org/test.webm" with Totem
- Then I see "SampleRemoteWebMVideoFrame.png" after at most 30 seconds
+ Then I see "SampleRemoteWebMVideoFrame.png" after at most 60 seconds
When I close Totem
And I start Totem through the GNOME menu
When I load the "https://webm.html5.org/test.webm" URL in Totem
- Then I see "SampleRemoteWebMVideoFrame.png" after at most 30 seconds
+ Then I see "SampleRemoteWebMVideoFrame.png" after at most 60 seconds
- @keep_volumes
- Scenario: Installing Tails on a USB drive, creating a persistent partition, copying video files to it
- Given the USB drive "current" contains Tails with persistence configured and password "asdf"
- And a computer
+ Scenario: Watching MP4 videos stored on the persistent volume should work as expected given our AppArmor confinement
+ Given I have started Tails without network from a USB drive with a persistent partition and stopped at Tails Greeter's login screen
+ # Due to bug #5571 we have to reboot to be able to use
+ # filesystem shares.
+ And I shutdown Tails and wait for the computer to power off
And I setup a filesystem share containing sample videos
- And I start Tails from USB drive "current" with network unplugged and I login with persistence password "asdf"
+ And I start Tails from USB drive "current" with network unplugged and I login with persistence enabled
And I copy the sample videos to "/home/amnesia/Persistent" as user "amnesia"
And I copy the sample videos to "/home/amnesia/.gnupg" as user "amnesia"
And I shutdown Tails and wait for the computer to power off
-
- @keep_volumes
- Scenario: Watching a MP4 video stored on the persistent volume
- Given a computer
- And I start Tails from USB drive "current" with network unplugged and I login with persistence password "asdf"
+ And I start Tails from USB drive "current" with network unplugged and I login with persistence enabled
And the file "/home/amnesia/Persistent/video.mp4" exists
When I open "/home/amnesia/Persistent/video.mp4" with Totem
Then I see "SampleLocalMp4VideoFrame.png" after at most 10 seconds
diff --git a/features/unsafe_browser.feature b/features/unsafe_browser.feature
index 94d3a17..4015138 100644
--- a/features/unsafe_browser.feature
+++ b/features/unsafe_browser.feature
@@ -4,24 +4,15 @@ Feature: Browsing the web using the Unsafe Browser
when I browse the web using the Unsafe Browser
I should have direct access to the web
- Background:
- Given a computer
- And I start the computer
- And the computer boots Tails
- And I log in to a new session
- And the Tails desktop is ready
- And Tor is ready
- And all notifications have disappeared
- And available upgrades have been checked
- And I save the state so the background can be restored next scenario
-
Scenario: The Unsafe Browser can access the LAN
- Given a web server is running on the LAN
+ Given I have started Tails from DVD and logged in and the network is connected
+ And a web server is running on the LAN
When I successfully start the Unsafe Browser
And I open a page on the LAN web server in the Unsafe Browser
Then I see "UnsafeBrowserHelloLANWebServer.png" after at most 20 seconds
Scenario: Starting the Unsafe Browser works as it should.
+ Given I have started Tails from DVD and logged in and the network is connected
When I successfully start the Unsafe Browser
Then the Unsafe Browser runs as the expected user
And the Unsafe Browser has a red theme
@@ -32,32 +23,35 @@ Feature: Browsing the web using the Unsafe Browser
And the Unsafe Browser has no proxy configured
And the Unsafe Browser uses all expected TBB shared libraries
- Scenario: The Unsafe Browser can be used in all languages supported in Tails
- Then the Unsafe Browser works in all supported languages
-
Scenario: Closing the Unsafe Browser shows a stop notification and properly tears down the chroot.
+ Given I have started Tails from DVD and logged in and the network is connected
When I successfully start the Unsafe Browser
And I close the Unsafe Browser
Then I see the Unsafe Browser stop notification
And the Unsafe Browser chroot is torn down
Scenario: Starting a second instance of the Unsafe Browser results in an error message being shown.
+ Given I have started Tails from DVD and logged in and the network is connected
When I successfully start the Unsafe Browser
And I start the Unsafe Browser
Then I see a warning about another instance already running
+ @fragile
Scenario: Opening check.torproject.org in the Unsafe Browser shows the red onion and a warning message.
+ Given I have started Tails from DVD and logged in and the network is connected
When I successfully start the Unsafe Browser
And I open the address "https://check.torproject.org" in the Unsafe Browser
Then I see "UnsafeBrowserTorCheckFail.png" after at most 60 seconds
And the clearnet user has sent packets out to the Internet
Scenario: The Unsafe Browser cannot be configured to use Tor and other local proxies.
+ Given I have started Tails from DVD and logged in and the network is connected
When I successfully start the Unsafe Browser
Then I cannot configure the Unsafe Browser to use any local proxies
Scenario: The Unsafe Browser will not make any connections to the Internet which are not user initiated
- Given I capture all network traffic
+ Given I have started Tails from DVD and logged in and the network is connected
+ And I capture all network traffic
And Tor is ready
And I configure the Unsafe Browser to check for updates more frequently
But checking for updates is disabled in the Unsafe Browser's configuration
@@ -68,7 +62,6 @@ Feature: Browsing the web using the Unsafe Browser
And all Internet traffic has only flowed through Tor
Scenario: Starting the Unsafe Browser without a network connection results in a complaint about no DNS server being configured
- Given a computer
- And I start Tails from DVD with network unplugged and I login
+ Given I have started Tails from DVD without network and logged in
When I start the Unsafe Browser
Then the Unsafe Browser complains that no DNS server is configured
diff --git a/features/untrusted_partitions.feature b/features/untrusted_partitions.feature
index 1985896..55a41a5 100644
--- a/features/untrusted_partitions.feature
+++ b/features/untrusted_partitions.feature
@@ -5,17 +5,16 @@ Feature: Untrusted partitions
Scenario: Tails will not enable disk swap
Given a computer
- And I create a 100 MiB disk named "swap"
+ And I temporarily create a 100 MiB disk named "swap"
And I create a gpt swap partition on disk "swap"
And I plug ide drive "swap"
When I start Tails with network unplugged and I login
Then a "linux-swap(v1)" partition was detected by Tails on drive "swap"
But Tails has no disk swap enabled
- @keep_volumes
Scenario: Tails will detect LUKS-encrypted GPT partitions labeled "TailsData" stored on USB drives as persistence volumes when the removable flag is set
Given a computer
- And I create a 100 MiB disk named "fake_TailsData"
+ And I temporarily create a 100 MiB disk named "fake_TailsData"
And I create a gpt partition labeled "TailsData" with an ext4 filesystem encrypted with password "asdf" on disk "fake_TailsData"
And I plug removable usb drive "fake_TailsData"
When I start the computer
@@ -23,9 +22,10 @@ Feature: Untrusted partitions
Then drive "fake_TailsData" is detected by Tails
And Tails Greeter has detected a persistence partition
- @keep_volumes
Scenario: Tails will not detect LUKS-encrypted GPT partitions labeled "TailsData" stored on USB drives as persistence volumes when the removable flag is unset
Given a computer
+ And I temporarily create a 100 MiB disk named "fake_TailsData"
+ And I create a gpt partition labeled "TailsData" with an ext4 filesystem encrypted with password "asdf" on disk "fake_TailsData"
And I plug non-removable usb drive "fake_TailsData"
When I start the computer
And the computer boots Tails
@@ -34,16 +34,17 @@ Feature: Untrusted partitions
Scenario: Tails will not detect LUKS-encrypted GPT partitions labeled "TailsData" stored on local hard drives as persistence volumes
Given a computer
+ And I temporarily create a 100 MiB disk named "fake_TailsData"
+ And I create a gpt partition labeled "TailsData" with an ext4 filesystem encrypted with password "asdf" on disk "fake_TailsData"
And I plug ide drive "fake_TailsData"
When I start the computer
And the computer boots Tails
Then drive "fake_TailsData" is detected by Tails
And Tails Greeter has not detected a persistence partition
- @keep_volumes
Scenario: Tails can boot from live systems stored on hard drives
Given a computer
- And I create a 2 GiB disk named "live_hd"
+ And I temporarily create a 2 GiB disk named "live_hd"
And I cat an ISO of the Tails image to disk "live_hd"
And the computer is set to boot from ide drive "live_hd"
And I set Tails to boot with options "live-media="
@@ -53,6 +54,8 @@ Feature: Untrusted partitions
Scenario: Tails booting from a DVD does not use live systems stored on hard drives
Given a computer
+ And I temporarily create a 2 GiB disk named "live_hd"
+ And I cat an ISO of the Tails image to disk "live_hd"
And I plug ide drive "live_hd"
And I start Tails from DVD with network unplugged and I login
Then drive "live_hd" is detected by Tails
@@ -60,7 +63,7 @@ Feature: Untrusted partitions
Scenario: Booting Tails does not automount untrusted ext2 partitions
Given a computer
- And I create a 100 MiB disk named "gpt_ext2"
+ And I temporarily create a 100 MiB disk named "gpt_ext2"
And I create a gpt partition with an ext2 filesystem on disk "gpt_ext2"
And I plug ide drive "gpt_ext2"
And I start Tails from DVD with network unplugged and I login
@@ -69,7 +72,7 @@ Feature: Untrusted partitions
Scenario: Booting Tails does not automount untrusted fat32 partitions
Given a computer
- And I create a 100 MiB disk named "msdos_fat32"
+ And I temporarily create a 100 MiB disk named "msdos_fat32"
And I create an msdos partition with a vfat filesystem on disk "msdos_fat32"
And I plug ide drive "msdos_fat32"
And I start Tails from DVD with network unplugged and I login
diff --git a/features/usb_install.feature b/features/usb_install.feature
index cbe8b2e..8f295f65 100644
--- a/features/usb_install.feature
+++ b/features/usb_install.feature
@@ -1,24 +1,21 @@
@product
-Feature: Installing Tails to a USB drive, upgrading it, and using persistence
+Feature: Installing Tails to a USB drive
As a Tails user
- I may want to install Tails to a USB drive
- and upgrade it to new Tails versions
- and use persistence
+ I want to install Tails to a suitable USB drive
Scenario: Try to "Upgrade from ISO" Tails to a pristine USB drive
Given a computer
And I setup a filesystem share containing the Tails ISO
And I start Tails from DVD with network unplugged and I login
- And I create a 4 GiB disk named "pristine"
+ And I temporarily create a 4 GiB disk named "pristine"
And I plug USB drive "pristine"
And I start Tails Installer in "Upgrade from ISO" mode
Then a suitable USB device is not found
And I am told that the destination device cannot be upgraded
Scenario: Try to "Clone & Upgrade" Tails to a pristine USB drive
- Given a computer
- And I start Tails from DVD with network unplugged and I login
- And I create a 4 GiB disk named "pristine"
+ Given I have started Tails from DVD without network and logged in
+ And I temporarily create a 4 GiB disk named "pristine"
And I plug USB drive "pristine"
And I start Tails Installer in "Upgrade from ISO" mode
Then a suitable USB device is not found
@@ -28,7 +25,7 @@ Feature: Installing Tails to a USB drive, upgrading it, and using persistence
Given a computer
And I setup a filesystem share containing the Tails ISO
And I start Tails from DVD with network unplugged and I login
- And I create a 4 GiB disk named "gptfat"
+ And I temporarily create a 4 GiB disk named "gptfat"
And I create a gpt partition with a vfat filesystem on disk "gptfat"
And I plug USB drive "gptfat"
And I start Tails Installer in "Upgrade from ISO" mode
@@ -36,9 +33,8 @@ Feature: Installing Tails to a USB drive, upgrading it, and using persistence
And I am told that the destination device cannot be upgraded
Scenario: Try to "Clone & Upgrade" Tails to a USB drive with GPT and a FAT partition
- Given a computer
- And I start Tails from DVD with network unplugged and I login
- And I create a 4 GiB disk named "gptfat"
+ Given I have started Tails from DVD without network and logged in
+ And I temporarily create a 4 GiB disk named "gptfat"
And I create a gpt partition with a vfat filesystem on disk "gptfat"
And I plug USB drive "gptfat"
And I start Tails Installer in "Upgrade from ISO" mode
@@ -46,316 +42,87 @@ Feature: Installing Tails to a USB drive, upgrading it, and using persistence
And I am told that the destination device cannot be upgraded
Scenario: Try installing Tails to a too small USB drive
- Given a computer
- And I start Tails from DVD with network unplugged and I login
- And I create a 2 GiB disk named "current"
+ Given I have started Tails from DVD without network and logged in
+ And I temporarily create a 2 GiB disk named "too-small-device"
And I start Tails Installer in "Clone & Install" mode
But a suitable USB device is not found
- When I plug USB drive "current"
+ When I plug USB drive "too-small-device"
Then Tails Installer detects that a device is too small
And a suitable USB device is not found
- @keep_volumes
- Scenario: Installing Tails to a pristine USB drive
- Given a computer
- And I start Tails from DVD with network unplugged and I login
- And I create a 4 GiB disk named "current"
- And I plug USB drive "current"
- And I "Clone & Install" Tails to USB drive "current"
- Then the running Tails is installed on USB drive "current"
- But there is no persistence partition on USB drive "current"
- And I unplug USB drive "current"
-
- @keep_volumes
Scenario: Test that Tails installer can detect when a target USB drive is inserted or removed
- Given a computer
- And I start Tails from DVD with network unplugged and I login
+ Given I have started Tails from DVD without network and logged in
+ And I temporarily create a 4 GiB disk named "temp"
And I start Tails Installer in "Clone & Install" mode
But a suitable USB device is not found
- When I plug USB drive "current"
- Then the "current" USB drive is selected
- When I unplug USB drive "current"
+ When I plug USB drive "temp"
+ Then the "temp" USB drive is selected
+ When I unplug USB drive "temp"
Then no USB drive is selected
And a suitable USB device is not found
- @keep_volumes
- Scenario: Booting Tails from a USB drive in UEFI mode
- Given a computer
- And the computer is set to boot in UEFI mode
- When I start Tails from USB drive "current" with network unplugged and I login
- Then the boot device has safe access rights
- And Tails is running from USB drive "current"
- And the boot device has safe access rights
- And Tails has started in UEFI mode
+ Scenario: Installing Tails to a pristine USB drive
+ Given I have started Tails from DVD without network and logged in
+ And I temporarily create a 4 GiB disk named "install"
+ And I plug USB drive "install"
+ And I "Clone & Install" Tails to USB drive "install"
+ Then the running Tails is installed on USB drive "install"
+ But there is no persistence partition on USB drive "install"
- @keep_volumes
Scenario: Booting Tails from a USB drive without a persistent partition and creating one
- Given a computer
- And I start Tails from USB drive "current" with network unplugged and I login
- Then the boot device has safe access rights
- And process "udev-watchdog" is running
- And udev-watchdog is monitoring the correct device
+ Given I have started Tails without network from a USB drive without a persistent partition and stopped at Tails Greeter's login screen
+ And I log in to a new session
+ Then Tails seems to have booted normally
+ When I create a persistent partition
+ Then a Tails persistence partition exists on USB drive "current"
+
+ Scenario: Booting Tails from a USB drive without a persistent partition
+ Given I have started Tails without network from a USB drive without a persistent partition and stopped at Tails Greeter's login screen
+ When I log in to a new session
+ Then Tails seems to have booted normally
And Tails is running from USB drive "current"
- And the boot device has safe access rights
- And there is no persistence partition on USB drive "current"
And the persistent Tor Browser directory does not exist
- And I create a persistent partition with password "asdf"
- Then a Tails persistence partition with password "asdf" exists on USB drive "current"
- And I shutdown Tails and wait for the computer to power off
-
- @keep_volumes
- Scenario: Booting Tails from a USB drive with a disabled persistent partition
- Given a computer
- And I start Tails from USB drive "current" with network unplugged and I login
- Then Tails is running from USB drive "current"
- And the boot device has safe access rights
- And persistence is disabled
- But a Tails persistence partition with password "asdf" exists on USB drive "current"
-
- @keep_volumes
- Scenario: The persistent Tor Browser directory is usable
- Given a computer
- And I start Tails from USB drive "current" and I login with persistence password "asdf"
- And Tails is running from USB drive "current"
- And Tor is ready
- And available upgrades have been checked
- And all notifications have disappeared
- Then the persistent Tor Browser directory exists
- And there is a GNOME bookmark for the persistent Tor Browser directory
- When I start the Tor Browser
- And the Tor Browser has started and loaded the startup page
- And I can save the current page as "index.html" to the persistent Tor Browser directory
- When I open the address "file:///home/amnesia/Persistent/Tor Browser/index.html" in the Tor Browser
- Then I see "TorBrowserSavedStartupPage.png" after at most 10 seconds
- And I can print the current page as "output.pdf" to the persistent Tor Browser directory
+ And there is no persistence partition on USB drive "current"
- @keep_volumes
- Scenario: Persistent browser bookmarks
- Given a computer
- And the computer is set to boot from USB drive "current"
- And the network is unplugged
- When I start the computer
- And the computer boots Tails
+ Scenario: Booting Tails from a USB drive in UEFI mode
+ Given I have started Tails without network from a USB drive without a persistent partition and stopped at Tails Greeter's login screen
+ Then I power off the computer
+ Given the computer is set to boot in UEFI mode
+ When I start Tails from USB drive "current" with network unplugged and I login
+ Then the boot device has safe access rights
And Tails is running from USB drive "current"
And the boot device has safe access rights
- And I enable persistence with password "asdf"
- And I log in to a new session
- And the Tails desktop is ready
- And all notifications have disappeared
- And all persistence presets are enabled
- And all persistent filesystems have safe access rights
- And all persistence configuration files have safe access rights
- And all persistent directories have safe access rights
- And I start the Tor Browser in offline mode
- And the Tor Browser has started in offline mode
- And I add a bookmark to eff.org in the Tor Browser
- And I warm reboot the computer
- And the computer reboots Tails
- And I enable read-only persistence with password "asdf"
- And I log in to a new session
- And the Tails desktop is ready
- And I start the Tor Browser in offline mode
- And the Tor Browser has started in offline mode
- Then the Tor Browser has a bookmark to eff.org
-
- @keep_volumes
- Scenario: Writing files to a read/write-enabled persistent partition
- Given a computer
- And I start Tails from USB drive "current" with network unplugged and I login with persistence password "asdf"
- Then Tails is running from USB drive "current"
- And the boot device has safe access rights
- And all persistence presets are enabled
- And I write some files expected to persist
- And all persistent filesystems have safe access rights
- And all persistence configuration files have safe access rights
- And all persistent directories have safe access rights
- And I take note of which persistence presets are available
- And I shutdown Tails and wait for the computer to power off
- Then only the expected files are present on the persistence partition encrypted with password "asdf" on USB drive "current"
-
- @keep_volumes
- Scenario: Writing files to a read-only-enabled persistent partition
- Given a computer
- And I start Tails from USB drive "current" with network unplugged and I login with read-only persistence password "asdf"
- Then Tails is running from USB drive "current"
- And the boot device has safe access rights
- And all persistence presets are enabled
- And there is no GNOME bookmark for the persistent Tor Browser directory
- And I write some files not expected to persist
- And I remove some files expected to persist
- And I take note of which persistence presets are available
- And I shutdown Tails and wait for the computer to power off
- Then only the expected files are present on the persistence partition encrypted with password "asdf" on USB drive "current"
-
- @keep_volumes
- Scenario: Deleting a Tails persistent partition
- Given a computer
- And I start Tails from USB drive "current" with network unplugged and I login
- Then Tails is running from USB drive "current"
- And the boot device has safe access rights
- And persistence is disabled
- But a Tails persistence partition with password "asdf" exists on USB drive "current"
- And all notifications have disappeared
- When I delete the persistent partition
- Then there is no persistence partition on USB drive "current"
-
- @keep_volumes
- Scenario: Installing an old version of Tails to a pristine USB drive
- Given a computer
- And the computer is set to boot from the old Tails DVD
- And the network is unplugged
- And I start the computer
- When the computer boots Tails
- And I log in to a new session
- And the Tails desktop is ready
- And all notifications have disappeared
- And I create a 4 GiB disk named "old"
- And I plug USB drive "old"
- And I "Clone & Install" Tails to USB drive "old"
- Then the running Tails is installed on USB drive "old"
- But there is no persistence partition on USB drive "old"
- And I unplug USB drive "old"
-
- @keep_volumes
- Scenario: Creating a persistent partition with the old Tails USB installation
- Given a computer
- And I start Tails from USB drive "old" with network unplugged and I login
- Then Tails is running from USB drive "old"
- And I create a persistent partition with password "asdf"
- And I take note of which persistence presets are available
- Then a Tails persistence partition with password "asdf" exists on USB drive "old"
- And I shutdown Tails and wait for the computer to power off
-
- @keep_volumes
- Scenario: Writing files to a read/write-enabled persistent partition with the old Tails USB installation
- Given a computer
- And I start Tails from USB drive "old" with network unplugged and I login with persistence password "asdf"
- Then Tails is running from USB drive "old"
- And all persistence presets are enabled
- And I write some files expected to persist
- And all persistent filesystems have safe access rights
- And all persistence configuration files have safe access rights
- And all persistent directories from the old Tails version have safe access rights
- And I take note of which persistence presets are available
- And I shutdown Tails and wait for the computer to power off
- Then only the expected files are present on the persistence partition encrypted with password "asdf" on USB drive "old"
-
- @keep_volumes
- Scenario: Upgrading an old Tails USB installation from a Tails DVD
- Given a computer
- And I clone USB drive "old" to a new USB drive "to_upgrade"
- And I start Tails from DVD with network unplugged and I login
- And I plug USB drive "to_upgrade"
- And I "Clone & Upgrade" Tails to USB drive "to_upgrade"
- Then the running Tails is installed on USB drive "to_upgrade"
- And I unplug USB drive "to_upgrade"
-
- @keep_volumes
- Scenario: Booting Tails from a USB drive upgraded from DVD with persistence enabled
- Given a computer
- And I start Tails from USB drive "to_upgrade" with network unplugged and I login with persistence password "asdf"
- Then all persistence presets from the old Tails version are enabled
- Then Tails is running from USB drive "to_upgrade"
- And the boot device has safe access rights
- And the expected persistent files created with the old Tails version are present in the filesystem
- And all persistent directories from the old Tails version have safe access rights
-
- @keep_volumes
- Scenario: Upgrading an old Tails USB installation from another Tails USB drive
- Given a computer
- And I clone USB drive "old" to a new USB drive "to_upgrade"
- And I start Tails from USB drive "current" with network unplugged and I login
- Then Tails is running from USB drive "current"
- And the boot device has safe access rights
- And I plug USB drive "to_upgrade"
- And I "Clone & Upgrade" Tails to USB drive "to_upgrade"
- Then the running Tails is installed on USB drive "to_upgrade"
- And I unplug USB drive "to_upgrade"
- And I unplug USB drive "current"
-
- @keep_volumes
- Scenario: Booting Tails from a USB drive upgraded from USB with persistence enabled
- Given a computer
- And I start Tails from USB drive "to_upgrade" with network unplugged and I login with persistence password "asdf"
- Then all persistence presets from the old Tails version are enabled
- And Tails is running from USB drive "to_upgrade"
- And the boot device has safe access rights
- And the expected persistent files created with the old Tails version are present in the filesystem
- And all persistent directories from the old Tails version have safe access rights
-
- @keep_volumes
- Scenario: Upgrading an old Tails USB installation from an ISO image, running on the old version
- Given a computer
- And I clone USB drive "old" to a new USB drive "to_upgrade"
- And I setup a filesystem share containing the Tails ISO
- When I start Tails from USB drive "old" with network unplugged and I login
- And I plug USB drive "to_upgrade"
- And I do a "Upgrade from ISO" on USB drive "to_upgrade"
- Then the ISO's Tails is installed on USB drive "to_upgrade"
- And I unplug USB drive "to_upgrade"
-
- @keep_volumes
- Scenario: Upgrading an old Tails USB installation from an ISO image, running on the new version
- Given a computer
- And I clone USB drive "old" to a new USB drive "to_upgrade"
- And I setup a filesystem share containing the Tails ISO
- And I start Tails from DVD with network unplugged and I login
- And I plug USB drive "to_upgrade"
- And I do a "Upgrade from ISO" on USB drive "to_upgrade"
- Then the ISO's Tails is installed on USB drive "to_upgrade"
- And I unplug USB drive "to_upgrade"
-
- Scenario: Booting a USB drive upgraded from ISO with persistence enabled
- Given a computer
- And I start Tails from USB drive "to_upgrade" with network unplugged and I login with persistence password "asdf"
- Then all persistence presets from the old Tails version are enabled
- And Tails is running from USB drive "to_upgrade"
- And the boot device has safe access rights
- And the expected persistent files created with the old Tails version are present in the filesystem
- And all persistent directories from the old Tails version have safe access rights
+ And Tails has started in UEFI mode
- @keep_volumes
- Scenario: Installing Tails to a USB drive with an MBR partition table but no partitions
- Given a computer
- And I create a 4 GiB disk named "mbr"
+ Scenario: Installing Tails to a USB drive with an MBR partition table but no partitions, and making sure that it boots
+ Given I have started Tails from DVD without network and logged in
+ And I temporarily create a 4 GiB disk named "mbr"
And I create a msdos label on disk "mbr"
- And I start Tails from DVD with network unplugged and I login
And I plug USB drive "mbr"
And I "Clone & Install" Tails to USB drive "mbr"
Then the running Tails is installed on USB drive "mbr"
But there is no persistence partition on USB drive "mbr"
- And I unplug USB drive "mbr"
-
- Scenario: Booting a USB drive that originally had an empty MBR partition table
- Given a computer
+ When I shutdown Tails and wait for the computer to power off
And I start Tails from USB drive "mbr" with network unplugged and I login
Then Tails is running from USB drive "mbr"
And the boot device has safe access rights
And there is no persistence partition on USB drive "mbr"
- @keep_volumes
- Scenario: Cat:ing a Tails isohybrid to a USB drive and booting it
+ Scenario: Cat:ing a Tails isohybrid to a USB drive and booting it, then trying to upgrading it but ending up having to do a fresh installation, which boots
Given a computer
- And I create a 4 GiB disk named "isohybrid"
+ And I temporarily create a 4 GiB disk named "isohybrid"
And I cat an ISO of the Tails image to disk "isohybrid"
And I start Tails from USB drive "isohybrid" with network unplugged and I login
Then Tails is running from USB drive "isohybrid"
-
- @keep_volumes
- Scenario: Try upgrading but end up installing Tails to a USB drive containing a Tails isohybrid installation
- Given a computer
+ When I shutdown Tails and wait for the computer to power off
And I start Tails from DVD with network unplugged and I login
- And I plug USB drive "isohybrid"
And I try a "Clone & Upgrade" Tails to USB drive "isohybrid"
- But I am suggested to do a "Clone & Install"
- And I kill the process "liveusb-creator"
+ Then I am suggested to do a "Clone & Install"
+ When I kill the process "liveusb-creator"
And I "Clone & Install" Tails to USB drive "isohybrid"
Then the running Tails is installed on USB drive "isohybrid"
But there is no persistence partition on USB drive "isohybrid"
- And I unplug USB drive "isohybrid"
-
- Scenario: Booting a USB drive that originally had a isohybrid installation
- Given a computer
+ When I shutdown Tails and wait for the computer to power off
And I start Tails from USB drive "isohybrid" with network unplugged and I login
Then Tails is running from USB drive "isohybrid"
And the boot device has safe access rights
diff --git a/features/usb_upgrade.feature b/features/usb_upgrade.feature
new file mode 100644
index 0000000..4860f85
--- /dev/null
+++ b/features/usb_upgrade.feature
@@ -0,0 +1,125 @@
+@product
+Feature: Installing Tails to a USB drive
+ As a Tails user
+ If I have an old versoin of Tails installed on a USB device
+ and the USB device has a persistent partition
+ I want to upgrade Tails on it
+ and keep my persistent partition in the process
+
+ # An issue with this feature is that scenarios depend on each
+ # other. When editing this feature, make sure you understand these
+ # dependencies (which are documented below).
+
+ Scenario: Installing an old version of Tails to a pristine USB drive
+ Given a computer
+ And the computer is set to boot from the old Tails DVD
+ And the network is unplugged
+ And I start the computer
+ When the computer boots Tails
+ And I log in to a new session
+ And the Tails desktop is ready
+ And all notifications have disappeared
+ And I create a 4 GiB disk named "old"
+ And I plug USB drive "old"
+ And I "Clone & Install" Tails to USB drive "old"
+ Then the running Tails is installed on USB drive "old"
+ But there is no persistence partition on USB drive "old"
+ And I unplug USB drive "old"
+
+ # Depends on scenario: Installing an old version of Tails to a pristine USB drive
+ Scenario: Creating a persistent partition with the old Tails USB installation
+ Given a computer
+ And I start Tails from USB drive "old" with network unplugged and I login
+ Then Tails is running from USB drive "old"
+ And I create a persistent partition
+ And I take note of which persistence presets are available
+ Then a Tails persistence partition exists on USB drive "old"
+ And I shutdown Tails and wait for the computer to power off
+
+ # Depends on scenario: Creating a persistent partition with the old Tails USB installation
+ Scenario: Writing files to a read/write-enabled persistent partition with the old Tails USB installation
+ Given a computer
+ And I start Tails from USB drive "old" with network unplugged and I login with persistence enabled
+ Then Tails is running from USB drive "old"
+ And all persistence presets are enabled
+ And I write some files expected to persist
+ And all persistent filesystems have safe access rights
+ And all persistence configuration files have safe access rights
+ And all persistent directories from the old Tails version have safe access rights
+ And I take note of which persistence presets are available
+ And I shutdown Tails and wait for the computer to power off
+ # XXX: how does guestfs work vs snapshots?
+ Then only the expected files are present on the persistence partition on USB drive "old"
+
+ # Depends on scenario: Writing files to a read/write-enabled persistent partition with the old Tails USB installation
+ Scenario: Upgrading an old Tails USB installation from a Tails DVD
+ Given I have started Tails from DVD without network and logged in
+ And I clone USB drive "old" to a new USB drive "to_upgrade"
+ And I plug USB drive "to_upgrade"
+ When I "Clone & Upgrade" Tails to USB drive "to_upgrade"
+ Then the running Tails is installed on USB drive "to_upgrade"
+ And I unplug USB drive "to_upgrade"
+
+ # Depends on scenario: Upgrading an old Tails USB installation from a Tails DVD
+ Scenario: Booting Tails from a USB drive upgraded from DVD with persistence enabled
+ Given a computer
+ And I start Tails from USB drive "to_upgrade" with network unplugged and I login with persistence enabled
+ Then all persistence presets from the old Tails version are enabled
+ Then Tails is running from USB drive "to_upgrade"
+ And the boot device has safe access rights
+ And the expected persistent files created with the old Tails version are present in the filesystem
+ And all persistent directories from the old Tails version have safe access rights
+
+ # Depends on scenario: Writing files to a read/write-enabled persistent partition with the old Tails USB installation
+ Scenario: Upgrading an old Tails USB installation from another Tails USB drive
+ Given I have started Tails without network from a USB drive without a persistent partition and stopped at Tails Greeter's login screen
+ And I log in to a new session
+ And Tails seems to have booted normally
+ And I clone USB drive "old" to a new USB drive "to_upgrade"
+ And I plug USB drive "to_upgrade"
+ When I "Clone & Upgrade" Tails to USB drive "to_upgrade"
+ Then the running Tails is installed on USB drive "to_upgrade"
+ And I unplug USB drive "to_upgrade"
+ And I unplug USB drive "current"
+
+ # Depends on scenario: Upgrading an old Tails USB installation from another Tails USB drive
+ Scenario: Booting Tails from a USB drive upgraded from USB with persistence enabled
+ Given a computer
+ And I start Tails from USB drive "to_upgrade" with network unplugged and I login with persistence enabled
+ Then all persistence presets from the old Tails version are enabled
+ And Tails is running from USB drive "to_upgrade"
+ And the boot device has safe access rights
+ And the expected persistent files created with the old Tails version are present in the filesystem
+ And all persistent directories from the old Tails version have safe access rights
+
+ # Depends on scenario: Writing files to a read/write-enabled persistent partition with the old Tails USB installation
+ Scenario: Upgrading an old Tails USB installation from an ISO image, running on the old version
+ Given a computer
+ And I clone USB drive "old" to a new USB drive "to_upgrade"
+ And I setup a filesystem share containing the Tails ISO
+ When I start Tails from USB drive "old" with network unplugged and I login
+ And I plug USB drive "to_upgrade"
+ And I do a "Upgrade from ISO" on USB drive "to_upgrade"
+ Then the ISO's Tails is installed on USB drive "to_upgrade"
+ And I unplug USB drive "to_upgrade"
+
+ # Depends on scenario: Writing files to a read/write-enabled persistent partition with the old Tails USB installation
+ Scenario: Upgrading an old Tails USB installation from an ISO image, running on the new version
+ Given a computer
+ And I clone USB drive "old" to a new USB drive "to_upgrade"
+ And I setup a filesystem share containing the Tails ISO
+ And I start Tails from DVD with network unplugged and I login
+ And I plug USB drive "to_upgrade"
+ And I do a "Upgrade from ISO" on USB drive "to_upgrade"
+ Then the ISO's Tails is installed on USB drive "to_upgrade"
+ And I unplug USB drive "to_upgrade"
+
+ # Depends on scenario: Upgrading an old Tails USB installation from an ISO image, running on the new version
+ Scenario: Booting a USB drive upgraded from ISO with persistence enabled
+ Given a computer
+ And I start Tails from USB drive "to_upgrade" with network unplugged and I login with persistence enabled
+ Then all persistence presets from the old Tails version are enabled
+ And Tails is running from USB drive "to_upgrade"
+ And the boot device has safe access rights
+ And the expected persistent files created with the old Tails version are present in the filesystem
+ And all persistent directories from the old Tails version have safe access rights
diff --git a/features/windows_camouflage.feature b/features/windows_camouflage.feature
index a850f1d..0c0116e 100644
--- a/features/windows_camouflage.feature
+++ b/features/windows_camouflage.feature
@@ -5,16 +5,12 @@ Feature: Microsoft Windows Camouflage
I should be presented with a Microsoft Windows like environment
Background:
- Given a computer
- And the network is unplugged
- And I start the computer
- And the computer boots Tails
+ Given I have started Tails from DVD without network and stopped at Tails Greeter's login screen
And I enable more Tails Greeter options
And I enable Microsoft Windows camouflage
And I log in to a new session
And the Tails desktop is ready
And all notifications have disappeared
- And I save the state so the background can be restored next scenario
Scenario: I should be presented with a Microsoft Windows like desktop
Then I see "WindowsDesktop.png" after at most 10 seconds
@@ -24,11 +20,8 @@ Feature: Microsoft Windows Camouflage
And I see "WindowsSysTraySound.png" after at most 10 seconds
Scenario: Windows should appear like those in Microsoft Windows
- When the network is plugged
- And Tor is ready
- And all notifications have disappeared
- And available upgrades have been checked
- And I start the Tor Browser
+ When I start the Tor Browser in offline mode
+ And the Tor Browser has started in offline mode
Then I see "WindowsTorBrowserWindow.png" after at most 120 seconds
And I see "WindowsTorBrowserTaskBar.png" after at most 10 seconds
And I see "WindowsWindowButtons.png" after at most 10 seconds
diff --git a/run_test_suite b/run_test_suite
index e4b17af..be86c8ff 100755
--- a/run_test_suite
+++ b/run_test_suite
@@ -59,8 +59,9 @@ Options for '@product' features:
--pause-on-fail On failure, pause test suite until pressing Enter. This is
useful for investigating the state of the VM guest to see
exactly why a test failed.
- --keep-snapshots Don't ever delete the background snapshots. This can a big
- time saver when debugging new features.
+ --keep-snapshots Don't ever delete any snapshots (including ones marked as
+ temporary). This can a big time saver when debugging new
+ features.
--retry-find Print a warning whenever Sikuli fails to find an image
and allow *one* retry after pressing ENTER. This is useful
for updating outdated images.
diff --git a/submodules/pythonlib b/submodules/pythonlib
-Subproject 4cea598050b217267e1489413aaf1e416abc25e
+Subproject ee7d6a337ba6df1fa32c42766192525b3f37d36
diff --git a/vagrant/provision/assets/build-tails b/vagrant/provision/assets/build-tails
index cc1c37d..5ff9425 100755
--- a/vagrant/provision/assets/build-tails
+++ b/vagrant/provision/assets/build-tails
@@ -83,7 +83,7 @@ if [ "$TAILS_CLEAN_BUILD" ]; then
fi
if [ -z "$JENKINS_URL" ]; then
- ./build-wiki
+ ./build-website
fi
BUILD_DIR=$(mktemp -d /tmp/tails-build.XXXXXXXX)
diff --git a/wiki/src/blueprint/HTTP_mirror_pool.mdwn b/wiki/src/blueprint/HTTP_mirror_pool.mdwn
index 36d2516..6a5fafd 100644
--- a/wiki/src/blueprint/HTTP_mirror_pool.mdwn
+++ b/wiki/src/blueprint/HTTP_mirror_pool.mdwn
@@ -1,14 +1,5 @@
**Ticket**: [[!tails_ticket 7161]]
-The idea I had was to let the server(s) send a reduced list of hosts. Not
-only it would allow to work-around Tor DNS limitations, but also to have
-some weighted round robin, in order to prioritize some high bandwidth
-mirrors, if we choose to.
-
-If I had to mention the ideal design goals for such changes, I would say
-that the more straightforward would be the better for implementation and
-also for maintainability.
-
[[!toc levels=3]]
# The plan
@@ -42,6 +33,15 @@ We decided to implement a two-way strategy for this feature:
# Initial research
+The idea I had was to let the server(s) send a reduced list of hosts. Not
+only it would allow to work-around Tor DNS limitations, but also to have
+some weighted round robin, in order to prioritize some high bandwidth
+mirrors, if we choose to.
+
+If I had to mention the ideal design goals for such changes, I would say
+that the more straightforward would be the better for implementation and
+also for maintainability.
+
## Using DNS
Using DNS seems to be an easy way to do some round robin in low level. It
diff --git a/wiki/src/blueprint/SponsorS/reports/2015_09.mdwn b/wiki/src/blueprint/SponsorS/reports/2015_09.mdwn
index d47aecb..315503b 100644
--- a/wiki/src/blueprint/SponsorS/reports/2015_09.mdwn
+++ b/wiki/src/blueprint/SponsorS/reports/2015_09.mdwn
@@ -14,28 +14,308 @@ This reports covers the activity of Tails in September 2015.
Everything in this report can be made public.
Note: the numbers preceded with a `#` correspond to tickets in our bug
-tracker which contains more technical details and timeline. For example,
-ticket #6938 can been seed on https://labs.riseup.net/code/issues/6938.
+tracker which contain more technical details and timeline. For example,
+ticket #6938 can be seen on <https://labs.riseup.net/code/issues/6938>.
# A. Replace Claws Mail with Icedove
-## A.n. description of subsection
+- A.1.3. Integrate Icedove into Tails
-- A.n.m. description of deliverable: ticket numbers
+ We amended the strategy we had in mind initially and made it more
+ incremental. If time allows, a first stage will be to include
+ Icedove in Tails 1.7 (2015-11-03), but without the Icedove account
+ setup wizard. During this first stage, Torbirdy's own account setup
+ wizard will be used. And the second stage will be about securing
+ Icedove's wizard (#6154). If this works out as we hope, Tails users
+ will be able to start using Icedove two months earlier than what we
+ planned initially, and the transition period from Claws Mail will be
+ longer, and thus smoother, for users.
- status summary:
+ We started implementing this plan (#10285), set up team coordination
+ tools, and triaged what is a blocker for the first stage, from what is
+ not.
- * what was done
- * what is the outcome (how it makes Tails better)
- * what was not done, and why
+ Then we worked on the "Torbirdy uses Arabic as a default locale"
+ bug, submitted a pull request upstream, that was accepted (#9821).
+
+- A.1.4. Provide a migration path for our users from Claws Mail to Icedove
+
+ We decided how long to keep Claws Mails once we have Icedove
+ (#10010), and initiated work on the migration for users of Tails
+ persistence feature (#9498).
# B. Improve our quality assurance process
+## B.2. Continuously run our entire test suite on all those ISO images once they are built
+
+- B.2.1. Adjust our infrastructure to run tests in parallel
+
+ Great progress was made on this front, and more specifically on the
+ last remaining chunk of it: firing up a clean test runner virtual
+ machine before each test suite run. It was tricky to implement this in
+ a way that prevented race conditions, but we now have a working
+ prototype that we are confident fixes the issues we have seen earlier
+ (#9486, #10215). Along the way we encouraged a few Debian developers
+ to take care of a package we rely on (`jenkins-job-builder`), and one
+ of them promptly took it over and updated it to the version we need
+ (#9646).
+
+- B.2.2. Decide what kind of ISO images qualify for testing and when,
+ how to process, advertise, and store the results (#8667)
+
+ Early in September, we reached an agreement on all discussion topics
+ that were left pending in August, such as how to archive videos from
+ test suite runs. As can be seen in the "Help Jenkins integration"
+ section below, our test suite team promptly started adjusting their
+ code to match what we will need on the Jenkins deployment.
+
+ <https://tails.boum.org/blueprint/automated_builds_and_tests/automated_tests_specs/>
+
+- B.2.3. Research and design a solution to generate a set of Jenkins ISO test jobs
+
+ Some research and experiments were done for sending ISO images that
+ shall be tested to the test suite runner virtual machines (#9597), and
+ major blockers were removed in the underlying infrastructure. Some of
+ our Puppet code saw a nice refactoring in this process. On the same
+ topic, we reached a consensus regarding what "old" ISO image to use
+ for tests that require two images, such as upgrade tests (#10117). And
+ here as well, test suite developers promptly implemented what we
+ needed (#10147).
+
+ <https://tails.boum.org/blueprint/automated_builds_and_tests/jenkins/>
+
+## B.3 Extend the coverage of our test suite
+
+### General improvements
+
+- Filesystem shares are incompatible with QEMU snapshots: #5571
+
+ We have come up with a short-term strategy that will work well with
+ our current workflow. In addition we have our eyes on a long-term
+ technical solution that will require adding a small feature into
+ upstream QEMU. This is, however, out of the scope of this
+ deliverable.
+
+### Help Jenkins integration
+
+These changes, on the test suite side, were prompted by the ongoing
+work on "B.2. Continuously run our entire test suite on all those ISO
+images once they are built".
+
+It should be noted that many of the things mentioned here also greatly
+assist developers when debugging the automated test suite.
+
+- Leverage Cucumber's formatter system for debug logging: #9491
+
+ This makes it easier to have clean console logging while still
+ keeping the full debug log in a separate file. Consequently it will
+ be easier to get an overview of how a test is currently running.
+
+- Capture individual videos for failed scenarios only: #10148
+
+ This will both make these video artifacts more manageable and useful
+ for the developers (more focused, better granularity), and will save
+ a lot of disk space on our servers by excluding videos of tests that
+ succeeded and hence aren't very interesting.
+
+- Make the old Tails ISO default to the "new" ISO: #10147
+
+ This compromise will test 90% of what we want to test, and simplify
+ the Jenkins setup by eliminating the need to share multiple ISO
+ artifacts to the test suite context.
+
+### B.3.6. Fix newly identified issues to make our test suite more robust and faster
+
+#### Performance improvements
+
+- Snapshot improvements: #6094, #8008
+
+ The proof-of-concept that was written as part of B.3.4 has matured
+ into a reliable implementation and
+ it is basically done; only fine-tuning and style improvements
+ remain. It is expected to be ready for the Jenkins deployment in
+ Milestone III, and will allow us to run 33% more tests. It will add
+ less overhead for new tests using persistence in the future, and
+ thus complete "B.3.9. Optimize tests that need a persistent volume"
+ three months in advance.
+
+- Use the more efficient x264 encoding when capturing videos: #10001
+
+ This will reduce the CPU load on the host running the automated test
+ suite, as well as reduce its runtime with a few percent.
+
+- Optimize IRC test using waitAny: #9653
+
+ In case there are connection issues, this may save several minutes
+ per instance by waiting for both the failure and success condition
+ in parallel, instead of serially.
+
+#### Robustness improvements
+
+Some of what follows was part of a project we have with
+another sponsor.
+
+- Avoid nested FindFailed exceptions in waitAny()/findAny(): #9633
+
+ This works around a race condition due to a bug in Rjb that made
+ these helpers fail with some probability depending on the host
+ hardware.
+
+- Import logging module in otr-bot.py: #9375
+
+ Without this fix, the bot may occasionally fail due to it wanting to
+ use the logging facility when it is not in place.
+
+- Force new Tor circuit and reload web site on browser
+ timeouts: #10116
+
+ Given the inherent instability of Tor circuits, this will
+ drastically improve the robustness of all Tor Browser tests.
+
+- Pidgin's multi-window GUI sometimes causes unexpected behaviour
+ (e.g. one window covering the window we want to interact with):
+
+ * Focus Pidgin's buddy list before trying to access the tools
+ menu: #10217
+
+ * Wait for (and focus if necessary) Pidgin's Certificate windows: #10222
+
+- Develop a strategy for dealing with newly discovered fragile tests: #10288
+
+ By leveraging our Jenkins instance, following this strategy will
+ isolate individual robustness issues into individual branches while
+ keeping all other branches functional. Consequently it will be
+ easier to track and deal with future robustness issues.
+
+- Escape regexp used to match nick in CTCP replies: #10219
+
+ Due to how we randomize the nick name for the default Pidgin
+ accounts, there was a 10% chance to generate one with characters
+ that would have a special meaning when used inside regular
+ expressions, causing failures.
+
+### Writing more automated tests
+
+- B.3.8. Automatically test that udev-watchdog is monitoring the
+ right device: #9890.
+
+ This was completed and merged almost four months ahead of schedule.
# C. Scale our infrastructure
+## C.1. Change in depth the infrastructure of our pool of mirrors
+
+We started working on this project, and decided to handle the
+redirection on the client's side (for the record, the original plan
+was to do it server-side). We quickly put together a very rough
+proof-of-concept, and then moved on to update our plans for the next
+steps, accordingly to our new technological choice.
+
+The big picture is described on the corresponding blueprint:
+<https://tails.boum.org/blueprint/HTTP_mirror_pool/>
+
+- C.1.1. Specify a way of describing the pool of mirrors
+
+ We picked a serialization format (JSON) that matches our
+ implementation choices, and started researching what would be the
+ best naming scheme for mirrors, taking into account future HTTPS
+ hardening we have in mind, and support in various popular web
+ servers (#10294).
+
+- C.1.3. Design and implement the mirrors pool administration process and tools
+
+ We settled on ikiwiki overlays for integration into our website, and
+ on using Git and SSH to store and convey the configuration (#8637).
+
+- C.1.2. Write & audit the code that makes the redirection decision
+
+ We did some prototyping work (#8639), and then started refactoring
+ it so that the code can be reused by other components that will need
+ to implement the same redirection scheme client-side (#10284).
+
+## C.2. Be able to detect within hours failures and malfunction on our services
+
+This deliverable is technically due for January 15, but we kept on
+working on it.
+
+- C.2.1. Research and decide what monitoring solution to use: #8645
+
+ We completed experiments and comparisons between monitoring systems,
+ and settled on Icinga 2. We started looking for solutions regarding
+ the single requirement of ours that it does not satisfy.
+
+ <https://tails.boum.org/blueprint/monitor_servers/>
+
+- C.2.2. Set up the monitoring software and the underlying
+ infrastructure: #8646, #8647
+
+ We found hosting for our monitoring setup, got access to the
+ machine, and installed an operating system on it.
+
+## C.4. Maintain our already existing services
+
+This covers "C.4.3. Administer our services upto milestone III" until
+the end of September.
+
+Aside of the usual security updates and taking care of daily requests
+coming from the Tails development community, we did some resources
+planning, and updated the system requirements for the VM that will be
+used as a failover for our critical services (#10243) and looked for
+hosting that would meet our needs (#10244). We have an initial
+agreement with a hosting organization, and will follow-up on
+this shortly.
# D. Migration to Debian Jessie
+## D.1. Adjust to the change of desktop environment to GNOME Shell
+
+- D.1.1. Adjust to the change of desktop environment to GNOME Shell
+
+ We completed the work started on our "Shutdown helper" applet for
+ Jessie (#8302): visually impaired users can now use it, and we made
+ sure it is integrated with our translation system.
+
+ We cleaned up the desktop Applications menu (#8505).
+
+## D.6. Upgrade Tails-specific tools to Debian Jessie technologies
+
+- D.6.1. Port Tails-specific tools from udisks 1 to udisks 2
+
+ We followed up on the persistent volume assistant's porting to
+ udisks 2, and made sure it does not trigger spurious GNOME
+ notifications that could confuse users (#9280).
+
+- D.6.3. Port WhisperBack, our integrated bug reporting tool, to Python 3
+
+ Native SOCKS support was completed, which was the only missing piece
+ to make WhisperBack work great on Jessie and Python 3 (#9412).
+
+## Additional improvements that were not planned
+
+- When starting Tails in a virtual machine that runs with non-free
+ technology (and does not hide this fact), users are now warned about
+ the risks (#5315).
+
+- Simplify printers administration: it can now be done without having
+ to set an administration password, just like it was back when Tails
+ was based on Debian Squeeze (#8443). This removes a usability
+ pain-point, namely the need to restart Tails when one realizes too
+ late they need to print a document, and should have set an
+ administration password. In passing, we noticed that AppArmor
+ blocked adding a printer on Jessie, and fixed it (#10210).
# E. Release management
+
+- Tails 1.6 was released on 2015-09-22 [1]:
+
+ * Upgrade Tor Browser to version 5.0.3 (based on Firefox 38.3.0 ESR).
+ * Upgrade I2P to version 0.9.22 and enable its AppArmor profile.
+ * Fix several issues related to MAC address spoofing:
+ - If MAC address spoofing fails on a network interface and this
+ interface cannot be disabled, then all networking is now
+ completely disabled.
+ - A notification is displayed if MAC address spoofing causes
+ network issues, for example if a network only allows
+ connections from a list of authorized MAC addresses.
+
+ [1] <https://tails.boum.org/news/version_1.6/>
diff --git a/wiki/src/blueprint/SponsorS/reports/2015_10.mdwn b/wiki/src/blueprint/SponsorS/reports/2015_10.mdwn
index 00c9e5f..02e83cc 100644
--- a/wiki/src/blueprint/SponsorS/reports/2015_10.mdwn
+++ b/wiki/src/blueprint/SponsorS/reports/2015_10.mdwn
@@ -15,7 +15,7 @@ Everything in this report can be made public.
Note: the numbers preceded with a `#` correspond to tickets in our bug
tracker which contains more technical details and timeline. For example,
-ticket #6938 can been seed on https://labs.riseup.net/code/issues/6938.
+ticket #6938 can be seen on <https://labs.riseup.net/code/issues/6938>.
# A. Replace Claws Mail with Icedove
diff --git a/wiki/src/blueprint/SponsorS/reports/2015_11.mdwn b/wiki/src/blueprint/SponsorS/reports/2015_11.mdwn
index 0786212..641aea1 100644
--- a/wiki/src/blueprint/SponsorS/reports/2015_11.mdwn
+++ b/wiki/src/blueprint/SponsorS/reports/2015_11.mdwn
@@ -15,7 +15,7 @@ Everything in this report can be made public.
Note: the numbers preceded with a `#` correspond to tickets in our bug
tracker which contains more technical details and timeline. For example,
-ticket #6938 can been seed on https://labs.riseup.net/code/issues/6938.
+ticket #6938 can be seen on <https://labs.riseup.net/code/issues/6938>.
# A. Replace Claws Mail with Icedove
diff --git a/wiki/src/blueprint/SponsorS/reports/2015_12.mdwn b/wiki/src/blueprint/SponsorS/reports/2015_12.mdwn
index 78bc89a..2f0b005 100644
--- a/wiki/src/blueprint/SponsorS/reports/2015_12.mdwn
+++ b/wiki/src/blueprint/SponsorS/reports/2015_12.mdwn
@@ -15,7 +15,7 @@ Everything in this report can be made public.
Note: the numbers preceded with a `#` correspond to tickets in our bug
tracker which contains more technical details and timeline. For example,
-ticket #6938 can been seed on https://labs.riseup.net/code/issues/6938.
+ticket #6938 can be seen on <https://labs.riseup.net/code/issues/6938>.
# A. Replace Claws Mail with Icedove
diff --git a/wiki/src/blueprint/SponsorS/reports/2016_01.mdwn b/wiki/src/blueprint/SponsorS/reports/2016_01.mdwn
index 6f53f65..6ef80aa 100644
--- a/wiki/src/blueprint/SponsorS/reports/2016_01.mdwn
+++ b/wiki/src/blueprint/SponsorS/reports/2016_01.mdwn
@@ -15,7 +15,7 @@ Everything in this report can be made public.
Note: the numbers preceded with a `#` correspond to tickets in our bug
tracker which contains more technical details and timeline. For example,
-ticket #6938 can been seed on https://labs.riseup.net/code/issues/6938.
+ticket #6938 can be seen on <https://labs.riseup.net/code/issues/6938>.
# A. Replace Claws Mail with Icedove
diff --git a/wiki/src/blueprint/SponsorS/reports/2016_02.mdwn b/wiki/src/blueprint/SponsorS/reports/2016_02.mdwn
index 0f3a2f2..bae0400 100644
--- a/wiki/src/blueprint/SponsorS/reports/2016_02.mdwn
+++ b/wiki/src/blueprint/SponsorS/reports/2016_02.mdwn
@@ -15,7 +15,7 @@ Everything in this report can be made public.
Note: the numbers preceded with a `#` correspond to tickets in our bug
tracker which contains more technical details and timeline. For example,
-ticket #6938 can been seed on https://labs.riseup.net/code/issues/6938.
+ticket #6938 can be seen on <https://labs.riseup.net/code/issues/6938>.
# A. Replace Claws Mail with Icedove
diff --git a/wiki/src/blueprint/SponsorS/reports/2016_03.mdwn b/wiki/src/blueprint/SponsorS/reports/2016_03.mdwn
index 5ae6ea8..537075f 100644
--- a/wiki/src/blueprint/SponsorS/reports/2016_03.mdwn
+++ b/wiki/src/blueprint/SponsorS/reports/2016_03.mdwn
@@ -15,7 +15,7 @@ Everything in this report can be made public.
Note: the numbers preceded with a `#` correspond to tickets in our bug
tracker which contains more technical details and timeline. For example,
-ticket #6938 can been seed on https://labs.riseup.net/code/issues/6938.
+ticket #6938 can be seen on <https://labs.riseup.net/code/issues/6938>.
# A. Replace Claws Mail with Icedove
diff --git a/wiki/src/blueprint/SponsorS/reports/2016_04.mdwn b/wiki/src/blueprint/SponsorS/reports/2016_04.mdwn
index 6b576a0..cb781d7 100644
--- a/wiki/src/blueprint/SponsorS/reports/2016_04.mdwn
+++ b/wiki/src/blueprint/SponsorS/reports/2016_04.mdwn
@@ -15,7 +15,7 @@ Everything in this report can be made public.
Note: the numbers preceded with a `#` correspond to tickets in our bug
tracker which contains more technical details and timeline. For example,
-ticket #6938 can been seed on https://labs.riseup.net/code/issues/6938.
+ticket #6938 can be seen on <https://labs.riseup.net/code/issues/6938>.
# A. Replace Claws Mail with Icedove
diff --git a/wiki/src/blueprint/SponsorS/reports/2016_05.mdwn b/wiki/src/blueprint/SponsorS/reports/2016_05.mdwn
index a67279e..4b92d63 100644
--- a/wiki/src/blueprint/SponsorS/reports/2016_05.mdwn
+++ b/wiki/src/blueprint/SponsorS/reports/2016_05.mdwn
@@ -15,7 +15,7 @@ Everything in this report can be made public.
Note: the numbers preceded with a `#` correspond to tickets in our bug
tracker which contains more technical details and timeline. For example,
-ticket #6938 can been seed on https://labs.riseup.net/code/issues/6938.
+ticket #6938 can be seen on <https://labs.riseup.net/code/issues/6938>.
# A. Replace Claws Mail with Icedove
diff --git a/wiki/src/blueprint/SponsorS/reports/2016_06.mdwn b/wiki/src/blueprint/SponsorS/reports/2016_06.mdwn
index 3f90919..6ff6f7b 100644
--- a/wiki/src/blueprint/SponsorS/reports/2016_06.mdwn
+++ b/wiki/src/blueprint/SponsorS/reports/2016_06.mdwn
@@ -15,7 +15,7 @@ Everything in this report can be made public.
Note: the numbers preceded with a `#` correspond to tickets in our bug
tracker which contains more technical details and timeline. For example,
-ticket #6938 can been seed on https://labs.riseup.net/code/issues/6938.
+ticket #6938 can be seen on <https://labs.riseup.net/code/issues/6938>.
# A. Replace Claws Mail with Icedove
diff --git a/wiki/src/blueprint/SponsorS/reports/2016_07.mdwn b/wiki/src/blueprint/SponsorS/reports/2016_07.mdwn
index 8331a57..4f1bb0f 100644
--- a/wiki/src/blueprint/SponsorS/reports/2016_07.mdwn
+++ b/wiki/src/blueprint/SponsorS/reports/2016_07.mdwn
@@ -15,7 +15,7 @@ Everything in this report can be made public.
Note: the numbers preceded with a `#` correspond to tickets in our bug
tracker which contains more technical details and timeline. For example,
-ticket #6938 can been seed on https://labs.riseup.net/code/issues/6938.
+ticket #6938 can be seen on <https://labs.riseup.net/code/issues/6938>.
# A. Replace Claws Mail with Icedove
diff --git a/wiki/src/blueprint/automated_builds_and_tests/automated_tests_specs.mdwn b/wiki/src/blueprint/automated_builds_and_tests/automated_tests_specs.mdwn
index b694e6a..5df035b 100644
--- a/wiki/src/blueprint/automated_builds_and_tests/automated_tests_specs.mdwn
+++ b/wiki/src/blueprint/automated_builds_and_tests/automated_tests_specs.mdwn
@@ -128,26 +128,19 @@ The test suite produces different kind of artifacts: logfiles, screen
captures for failing steps, snapshots of the test VM, and also videos of
the running test session.
-Videos may be a bit too much to keep, given they slow down the test
-suite and might take quite a bit of disk space to store. If we want to
-keep them, we may want to do so only for failing test suite runs. If we
-decide to still use them, then we probably have to wait for
-[[!tails_ticket 10001]] too be resolved.
+We can keep the video captures in the build artifacts, now that
+[[!tails_ticket 10001]] is resolved.
-Proposal for a first iteration:
+Decision:
* For green test suite run: keep the test logs (Jenkins natively do
that).
- * For red test suite run: keep the screen and video captures, the
+ * For red test suite run: keep the screenshots and video captures, the
logs and the pcap files.
-On the second iteration, we will keep video capture only for the red
-tests.
-
-The retention strategy should be the same than for the automatically
-built ISOs. In particular, we will have to pay attention to the rotation
-of videos capture (given they'll quickly bloat our storage space).
-Keeping them only for 7 days sounds reasonnable.
+In [[!tails_ticket 10155]] we calculated that we can probably keep the
+video captures for a full release cycle. This will be refine is reality
+claims the contrary after an evaluation.
# Scenarios
diff --git a/wiki/src/blueprint/automated_builds_and_tests/jenkins.mdwn b/wiki/src/blueprint/automated_builds_and_tests/jenkins.mdwn
index 1d0eb88..0e9902c 100644
--- a/wiki/src/blueprint/automated_builds_and_tests/jenkins.mdwn
+++ b/wiki/src/blueprint/automated_builds_and_tests/jenkins.mdwn
@@ -1,152 +1,41 @@
-[[!meta title="Jenkins"]]
+[[!meta title="Automated tests implementation details"]]
+
+For Jenkins resources, see [[blueprint/automated_builds_and_tests/resources]].
[[!toc levels=2]]
-Resources
-=========
-
-Miscellaneous
--------------
-
-- [Jenkins Best
- Practices](https://wiki.jenkins-ci.org/display/JENKINS/Jenkins+Best+Practices)
-- [plugins](https://wiki.jenkins-ci.org/display/JENKINS/Plugins)
- * [Git plugin](https://wiki.jenkins-ci.org/display/JENKINS/Git+Plugin)
- * [Copy Artifact
- plugin](https://wiki.jenkins-ci.org/display/JENKINS/Copy+Artifact+Plugin)
- can be used to run a test job against the result of a build job,
- e.g. for Debian packages (think Lintian) or Tails ISO images; see
- [grml's setup
- documentation](http://jenkins-debian-glue.org/getting_started/manual/)
- that uses it.
-- the [jenkins](http://jujucharms.com/charms/precise/jenkins) and
- [jenkins-slave](http://jujucharms.com/charms/precise/jenkins-slave)
- JuJu charms may be good sources of inspiration for deployment
-- [[!cpan Net-Jenkins]] (not in Debian) allows to interact with
- a Jenkins server: create and start jobs, get information about
- builds etc.
-
-Jobs management
----------------
-
-- [Job builder](http://ci.openstack.org/jenkins-job-builder/) provides
- one-way (Git to Jenkins) jobs synchronization; it's in Debian sid.
- * [configuration documentation](http://ci.openstack.org/jenkins-job-builder/configuration.html)
- * Debian uses it in their `update_jdn.sh`: it runs `jenkins-jobs
- update $config` after importing updated YAML job config files
- from Git.
- * Tor [use
- it](https://gitweb.torproject.org/project/jenkins/jobs.git/tree) too.
-- jenkins.debian.net uses the [SCM
- Sync](https://wiki.jenkins-ci.org/display/JENKINS/SCM+Sync+configuration+plugin)
- plugin, that apparently handles committing to the VCS on
- configuration changes done in the web interface, and maybe more.
-- [jenkins-yaml](https://github.com/varnish/jenkins-yaml) might make
- it easy to generate a large number of similar Jenkins jobs, e.g.
- one per branch
-- [jenkins_jobs puppet module](http://tradeshift.com/blog/tstech-managing-jenkins-job-configurations-by-puppet/)
-
-Web setup
----------
-
-### Visible read-only on the web
-
-We'd like our Jenkins instance to be visible read-only on the web.
-We'd rather not rely on Jenkins authentication / authorization to
-enforce this read-only policy. We'd rather see the frontend reverse
-proxy take care of this.
-
-The
-[`getUnprotectedRootActions()`](http://javadoc.jenkins-ci.org/jenkins/model/Jenkins.html#getUnprotectedRootActions())
-method should return the list of URL prefixes that we want to allow.
-And we could forbid anything else.
-
-The [Reverse Proxy
-Auth](https://wiki.jenkins-ci.org/display/JENKINS/Reverse+Proxy+Auth+Plugin)
-Jenkins plugin can be useful to display [an example
-usage](https://github.com/jenkinsci/reverse-proxy-auth-plugin/commit/72567a974960be2363107614ba3f705ec6e9b695)
-of this method.
-
-### Miscellaneous
-
-- [sample nginx configuration](https://wiki.jenkins-ci.org/display/JENKINS/Installing+Jenkins+on+Ubuntu)
-
-Notifications
--------------
-
-- [IRC plugin](https://wiki.jenkins-ci.org/display/JENKINS/IRC+Plugin),
- but I'm told that the jenkins email notifications are way nicer
- than what this plugin can do, so see [a better way to do
- it](http://jenkins.debian.net/userContent/setup.html#_installing_kgb_client)
-- [[!cpan Jenkins-NotificationListener]] is a server that listens to
- messages from Jenkins [Notification
- plugin](https://wiki.jenkins-ci.org/display/JENKINS/Notification+Plugin).
-
-### Notifying different people depending on what triggered the build
-
-At least the obvious candidate (Email-ext plugin) doesn't seem able to
-email different recipients depending on what triggered the build
-out-of-the-box. But apparently, one can set up two 'Script - After
-Build' email triggers in the Email-ext configuration: one emails the
-culprit, the other emails the RM. And then, they do something or not
-depending on a variable we set during the build, based on what
-triggered the build. Likely the cleaner and simpler solution.
-
-Otherwise, we could have Jenkins email some pipe script that will
-forward to the right person depending on 1. whether it's a base
-branch; and 2. whether the build was triggered by a push or by
-something else. This should work if we can get the email notification
-to pass the needed info in it. E.g. the full console output currently
-has "Started by timer" or "Started by an SCM change", but this is not
-part of the email notification. Could work, but a bit hackish and all
-kinds of things can go wrong.
-
-Also, I've seen lots of people documenting crazy similar things with
-some of these plugins: "Run Condition", "Conditional BuildStep",
-"Flexible Publish" and "Any Build step". But then it gets too
-complicated for me to dive into it right now.
-
-How others use Jenkins
-----------------------
-
-- jenkins.debian.net's:
- * [setup documentation](http://jenkins.debian.net/userContent/setup.html)
- * configuration: `git://git.debian.org/git/users/holger/jenkins.debian.net.git`
-- [Tor's jobs](https://gitweb.torproject.org/project/jenkins/jobs.git/blob/HEAD:/jobs.yaml)
-- [Ubuntu QA Jenkins instance](https://jenkins.qa.ubuntu.com/)
-- grml's Michael Prokop talks about autotesting in KVM during his
- [talk at DebConf
- 10](http://penta.debconf.org/dc10_schedule/events/547.en.html);
- they use Jenkins:
- * [Jenkins instance](http://jenkins.grml.org/)
- * [unittests](https://github.com/grml/grml-unittests)
- * [debian-glue Jenkins plugin](https://github.com/mika/jenkins-debian-glue)
- * [kantan](https://github.com/mika/kantan): simple test suite for
- autotesting using Grml and KVM
- * [Jenkins server setup documentation](https://github.com/grml/grml-server-setup/blob/master/jenkins.asciidoc)
-- [jenkinstool](http://git.gitano.org.uk/personal/liw/jenkinstool.git/)
- has the tools Lars Wirzenius uses to manage his CI (Python projects
- test suite, Debian packages, importing into reprepro, VM setup of
- all needed stuff); the whole thing is very ad-hoc but many bits
- could be used as inspiration sources.
-
-Jenkins for Perl projects
--------------------------
-
-* [a collection of links](https://wiki.jenkins-ci.org/display/JENKINS/Perl+Projects)
- on the Jenkins wiki
-* an overview of the available tools: [[!cpan Task::Jenkins]]
-* [a tutorial](https://logiclab.jira.com/wiki/display/OPEN/Continuous+Integration)
-* [another tutorial](http://alexandre-masselot.blogspot.com/2011/12/perl-hudson-continuous-testing.html)
-* use [[!cpan TAP::Formatter::JUnit]] (in Wheezy) rather than the Jenkins TAP plugin
-* use `prove --timer` to know how long each test takes
+Generating jobs
+===============
+
+We use code that lay in three different Git repositories to generate
+automatically the list of Jenkins jobs for branches that are active in
+the Tails main Git repo.
+
+The first brick is the Tails
+[[!tails_gitweb_repo pythonlib]], which extracts the list of
+active branches and output the needed informations. This list is parsed
+by the `generate_tails_iso_jobs` script run by a cronjob and deployed by
+our [[!tails_gitweb_repo puppet-tails]]
+`tails::jenkins::iso_jobs_generator` manifest.
+
+This script output yaml files compatible with
+[jenkins-job-builder](http://docs.openstack.org/infra/jenkins-job-builder).
+It creates one `project` for each active branches, which in turn uses
+three JJB `job templates` to create the three jobs for each branch: the
+ISO build one, and wrapper job that is used to start the ISO test jobs.
+
+This changes are pushed to our [[!tails_gitweb_repo jenkins-jobs]] git
+repo by the cronjob, and thanks to their automatic deployment in our
+`tails::jenkins::master` and `tails::gitolite::hooks::jenkins_jobs`
+manifests in our [[!tails_gitweb_repo puppet-tails]] repo, this new
+changes are applied automatically to our Jenkins instance.
Restarting slave VMs between jobs
----------------------------------
+=================================
This question is tracked in [[!tails_ticket 9486]].
-When we tackle [[!tails_ticket 5288]], if the test suite doesn't
+For [[!tails_ticket 5288]] to be robust enough, if the test suite doesn't
_always_ clean between itself properly (e.g. when tests simply hang
and timeout), we might want to restart `isotesterN.lizard` between
each each ISO testing job.
@@ -164,44 +53,35 @@ This was discussed at least there:
* <http://jenkins-ci.361315.n4.nabble.com/How-to-reboot-a-slave-during-a-build-td4628820.html>
* <https://stackoverflow.com/questions/5543413/reconfigure-and-reboot-a-hudson-jenkins-slave-as-part-of-a-build>
-That would maybe be the way to go, with 3 chained jobs:
+We achieve this VM reboot by using 3 chained jobs:
* First one is a wrapper and trigger 2 other jobs. It is executed on the
isotester the test job is supposed to be assigned to. It puts the
isotester in offline mode and starts the second job, blocking while
waiting for it to complete. This way this isotester is left reserved
- for the second job, and the isotester name can be passed as a build
+ while the second job run, and the isotester name can be passed as a build
parameter to the second job. This job is low prio so it waits for
other second and third type of jobs to be completed before starting its
own.
-* The second job is executed on the master (which has two build
+* The second job is executed on the master (which has 4 build
executors). This job ssh into the said isotester and issue the
- reboot. It waits a bit and put the node back online again. This jobs
- is higher prio so that it is not lagging behind other wrapper jobs in
- the queue.
+ reboot. It needs to wait a reasonable amount of time for the Jenkins
+ slave to be stopped by the shutdown process so that no jobs gets assigned
+ to this isotester meanwhile. Stoping this Jenkins slave daemon usually
+ takes a few seconds. During testing, 5 seconds proved to be enough of
+ a delay for that, and more would mean unnecessary lagging time. It then
+ put the node back online again. This job is higher prio so that it is
+ not lagging behind other wrapper jobs in the queue.
* The third job is the test job, run on the freshly started isotester.
This one is high prio too to get executed before any other wrapper
- jobs.
-
-Using some kind of queue sorting is necessary. Unfortunately, the
-[PrioritySorter
-plugin](https://wiki.jenkins-ci.org/display/JENKINS/Priority+Sorter+Plugin)
-is not well supported by the current version of JJB in Debian. We'll
-have to push upstream a fix, and meanwhile use the `raw` option trick in
-the yaml files (which itself isn't supported by JJB in Debian yet,
-hopefully the new one will leave the NEW queue soon).
-
-Another tested but non-working option was to use the Jenkins [PostBuildScript
-plugin](https://wiki.jenkins-ci.org/display/JENKINS/PostBuildScript%20Plugin)
-to issue a `shutdown -r` command at the end of the job. There are
-indications that [people are using it like
-this](https://stackoverflow.com/questions/11160363/execute-shell-script-after-post-build-in-jenkins)
-already. It's supported by JJB.
+ jobs. These jobs are set to run concurrently, so that if a first one is
+ already running, a more recent one triggered by a new build will still
+ be able to run and not be blocked by the first running one.
<a id="chain"></a>
Chaining jobs
--------------
+=============
There are several plugins that allow to chain jobs that we might use to
run the test suite job following a build job of a branch.
@@ -228,33 +108,11 @@ run the test suite job following a build job of a branch.
These are all supported by JJB v0.9+.
-One solution that could work and won't require more additionnal plugins
-to manage could be to make an extensive use of the EnvInject plugin in
-the same way we already use it to configure the notification. Then we
-would be able to simply use Jenkins' native way of chaining jobs:
-
- * At the beginning of the build job, a script (in our jenkins-tools
- repo) is collecting every necessary parameters defined in the
- automated test blueprin and outputing them in a file in the
- /build-artifacts/ directory.
- * This file is the one used by the build job, to setup the variables it
- needs (currently only $NOTIFY_TO).
- * At the end of the build job, this file is archived with the other
- artifacts.
- * At the beginning of the chained test job, this file is imported in
- the workspace along with the build artifacts. The EnvInject pre-build
- step uses it to setup the necessary variables.
-
-Where I'm not sure is that the Jenkins's native way can collaborate
-smoothly with the EnvInject plugin. Maybe the different steps we are
-talking about don't happen in an order that would fit this scenario.
-Might be that we'll have to use the ParameterizedTrigger plugin. Might
-also be that we don't need the EnvInject plugin in the test job, but
-just import the variables in the environment in the test suite wrapper
-script.
+As we'll have to pass some parameters, the ParameterizedTrigger plugin
+is the best candidate for us.
Passing parameters through jobs
--------------------------------
+===============================
We already specified what kind of informations we want to pass from the
build job to the test job.
@@ -262,14 +120,23 @@ build job to the test job.
The ParameterizedTiggerPlugin is the one usually used for that kind of
work.
-An other way that seem to be possible/used with the Jenkins native job
-chaining ability is to put the wanted parameters in a file that is
-archived with the artifacts of the upstream job. Then the downstream job
-can be configured with then EnvInject plugin we already use to set the
-necessary variables in the job environment.
+We'll use it for some basic parameter passing through jobs, but given
+the test jobs will need to know a lot of them from the build job, we'll
+also use the EnvInject plugin we're already using:
+
+ * In the build job, a script will collect every necessary parameters
+ defined in the automated test blueprint and outputing them in a file
+ in the /build-artifacts/ directory.
+ * This file is the one used by the build job, to setup the variables it
+ needs (currently only $NOTIFY_TO).
+ * At the end of the build job, this file is archived with the other
+ artifacts.
+ * At the beginning of the chained test job, this file is imported in
+ the workspace along with the build artifacts. The EnvInject pre-build
+ step uses it to setup the necessary variables.
Define which $OLD_ISO to test against
--------------------------------------
+=====================================
It appeared in [[!tails_ticket 10117]] that this question is not so
obvious and easy to address.
@@ -296,19 +163,19 @@ we'll have to merge the base branch before we look at that config
setting (because for some reason the base branch might itself require
old ISO = same).
-As a first baby step, we will by default use the same ISO for both
-`--old-iso` and `--iso`, except for the branches used to prepare
-releases (`devel` and `stable`), so that we
-know if the upgrades are broken long before the next release.
-
Another option that could be considered, using existing code in the repo: use the
`OLD_TAILS_ISO` flag present in `config/default.yml`: when we release we
set its value to the released ISO, and for some branch that need it we
empty this variable so that the test use the same ISO for both
`--old-iso` and `--iso`.
+In the end, we will by default use the same ISO for both `--old-iso` and
+`--iso`, except for the branches used to prepare releases (`devel` and
+`stable`), so that we know if the upgrades are broken long before the
+next release.
+
Retrieving the ISOs for the test
---------------------------------
+================================
We'll need a way to retrieve the different ISO needed for the test.
@@ -323,4 +190,4 @@ For the last release ISO, we have several means:
vhost for the isotesters.
* Using the git-annex repo directly.
-The former is probably the most simple to use.
+We'll use the first one, as it's easier to implement.
diff --git a/wiki/src/blueprint/automated_builds_and_tests/resources.mdwn b/wiki/src/blueprint/automated_builds_and_tests/resources.mdwn
new file mode 100644
index 0000000..0368eb6
--- /dev/null
+++ b/wiki/src/blueprint/automated_builds_and_tests/resources.mdwn
@@ -0,0 +1,140 @@
+[[!meta title="Jenkins resources"]]
+
+[[!toc levels=2]]
+
+Miscellaneous
+=============
+
+- [Jenkins Best
+ Practices](https://wiki.jenkins-ci.org/display/JENKINS/Jenkins+Best+Practices)
+- [plugins](https://wiki.jenkins-ci.org/display/JENKINS/Plugins)
+ * [Git plugin](https://wiki.jenkins-ci.org/display/JENKINS/Git+Plugin)
+ * [Copy Artifact
+ plugin](https://wiki.jenkins-ci.org/display/JENKINS/Copy+Artifact+Plugin)
+ can be used to run a test job against the result of a build job,
+ e.g. for Debian packages (think Lintian) or Tails ISO images; see
+ [grml's setup
+ documentation](http://jenkins-debian-glue.org/getting_started/manual/)
+ that uses it.
+- the [jenkins](http://jujucharms.com/charms/precise/jenkins) and
+ [jenkins-slave](http://jujucharms.com/charms/precise/jenkins-slave)
+ JuJu charms may be good sources of inspiration for deployment
+- [[!cpan Net-Jenkins]] (not in Debian) allows to interact with
+ a Jenkins server: create and start jobs, get information about
+ builds etc.
+
+Jobs management
+===============
+
+- [Job builder](http://ci.openstack.org/jenkins-job-builder/) provides
+ one-way (Git to Jenkins) jobs synchronization; it's in Debian sid.
+ * [configuration documentation](http://ci.openstack.org/jenkins-job-builder/configuration.html)
+ * Debian uses it in their `update_jdn.sh`: it runs `jenkins-jobs
+ update $config` after importing updated YAML job config files
+ from Git.
+ * Tor [use
+ it](https://gitweb.torproject.org/project/jenkins/jobs.git/tree) too.
+- jenkins.debian.net uses the [SCM
+ Sync](https://wiki.jenkins-ci.org/display/JENKINS/SCM+Sync+configuration+plugin)
+ plugin, that apparently handles committing to the VCS on
+ configuration changes done in the web interface, and maybe more.
+- [jenkins-yaml](https://github.com/varnish/jenkins-yaml) might make
+ it easy to generate a large number of similar Jenkins jobs, e.g.
+ one per branch
+- [jenkins_jobs puppet module](http://tradeshift.com/blog/tstech-managing-jenkins-job-configurations-by-puppet/)
+
+Web setup
+=========
+
+### Visible read-only on the web
+
+We'd like our Jenkins instance to be visible read-only on the web.
+We'd rather not rely on Jenkins authentication / authorization to
+enforce this read-only policy. We'd rather see the frontend reverse
+proxy take care of this.
+
+The
+[`getUnprotectedRootActions()`](http://javadoc.jenkins-ci.org/jenkins/model/Jenkins.html#getUnprotectedRootActions())
+method should return the list of URL prefixes that we want to allow.
+And we could forbid anything else.
+
+The [Reverse Proxy
+Auth](https://wiki.jenkins-ci.org/display/JENKINS/Reverse+Proxy+Auth+Plugin)
+Jenkins plugin can be useful to display [an example
+usage](https://github.com/jenkinsci/reverse-proxy-auth-plugin/commit/72567a974960be2363107614ba3f705ec6e9b695)
+of this method.
+
+### Miscellaneous
+
+- [sample nginx configuration](https://wiki.jenkins-ci.org/display/JENKINS/Installing+Jenkins+on+Ubuntu)
+
+Notifications
+=============
+
+- [IRC plugin](https://wiki.jenkins-ci.org/display/JENKINS/IRC+Plugin),
+ but I'm told that the jenkins email notifications are way nicer
+ than what this plugin can do, so see [a better way to do
+ it](http://jenkins.debian.net/userContent/setup.html#_installing_kgb_client)
+- [[!cpan Jenkins-NotificationListener]] is a server that listens to
+ messages from Jenkins [Notification
+ plugin](https://wiki.jenkins-ci.org/display/JENKINS/Notification+Plugin).
+
+### Notifying different people depending on what triggered the build
+
+At least the obvious candidate (Email-ext plugin) doesn't seem able to
+email different recipients depending on what triggered the build
+out-of-the-box. But apparently, one can set up two 'Script - After
+Build' email triggers in the Email-ext configuration: one emails the
+culprit, the other emails the RM. And then, they do something or not
+depending on a variable we set during the build, based on what
+triggered the build. Likely the cleaner and simpler solution.
+
+Otherwise, we could have Jenkins email some pipe script that will
+forward to the right person depending on 1. whether it's a base
+branch; and 2. whether the build was triggered by a push or by
+something else. This should work if we can get the email notification
+to pass the needed info in it. E.g. the full console output currently
+has "Started by timer" or "Started by an SCM change", but this is not
+part of the email notification. Could work, but a bit hackish and all
+kinds of things can go wrong.
+
+Also, I've seen lots of people documenting crazy similar things with
+some of these plugins: "Run Condition", "Conditional BuildStep",
+"Flexible Publish" and "Any Build step". But then it gets too
+complicated for me to dive into it right now.
+
+How others use Jenkins
+======================
+
+- jenkins.debian.net's:
+ * [setup documentation](http://jenkins.debian.net/userContent/setup.html)
+ * configuration: `git://git.debian.org/git/users/holger/jenkins.debian.net.git`
+- [Tor's jobs](https://gitweb.torproject.org/project/jenkins/jobs.git/blob/HEAD:/jobs.yaml)
+- [Ubuntu QA Jenkins instance](https://jenkins.qa.ubuntu.com/)
+- grml's Michael Prokop talks about autotesting in KVM during his
+ [talk at DebConf
+ 10](http://penta.debconf.org/dc10_schedule/events/547.en.html);
+ they use Jenkins:
+ * [Jenkins instance](http://jenkins.grml.org/)
+ * [unittests](https://github.com/grml/grml-unittests)
+ * [debian-glue Jenkins plugin](https://github.com/mika/jenkins-debian-glue)
+ * [kantan](https://github.com/mika/kantan): simple test suite for
+ autotesting using Grml and KVM
+ * [Jenkins server setup documentation](https://github.com/grml/grml-server-setup/blob/master/jenkins.asciidoc)
+- [jenkinstool](http://git.gitano.org.uk/personal/liw/jenkinstool.git/)
+ has the tools Lars Wirzenius uses to manage his CI (Python projects
+ test suite, Debian packages, importing into reprepro, VM setup of
+ all needed stuff); the whole thing is very ad-hoc but many bits
+ could be used as inspiration sources.
+
+Jenkins for Perl projects
+=========================
+
+* [a collection of links](https://wiki.jenkins-ci.org/display/JENKINS/Perl+Projects)
+ on the Jenkins wiki
+* an overview of the available tools: [[!cpan Task::Jenkins]]
+* [a tutorial](https://logiclab.jira.com/wiki/display/OPEN/Continuous+Integration)
+* [another tutorial](http://alexandre-masselot.blogspot.com/2011/12/perl-hudson-continuous-testing.html)
+* use [[!cpan TAP::Formatter::JUnit]] (in Wheezy) rather than the Jenkins TAP plugin
+* use `prove --timer` to know how long each test takes
+
diff --git a/wiki/src/blueprint/l10n_Italian.mdwn b/wiki/src/blueprint/l10n_Italian.mdwn
index ea16bea..84e3721 100644
--- a/wiki/src/blueprint/l10n_Italian.mdwn
+++ b/wiki/src/blueprint/l10n_Italian.mdwn
@@ -40,24 +40,42 @@ to add it, run:
#Git comandi quotidiani
Sono tutti da mandare da terminale, una volta che si è dentro alla cartella che si usa per il progetto tails.
-Il pulsante TAB è vostro amico per completare tutti i percorsi dei file e soprattutto quando usate git add.
+Il pulsante TAB è vostro amico per completare tutti i percorsi dei file e soprattutto quando usate git add. Le frecce su e giù della tastiera vi danno gli ultimi comandi che avete lanciato, così andate velocissim*.
+
+Tutte le volte va configurata la chiave ssh che si usa, quindi:
+
+ $ ssh-add /home/utente/vostrachiaveprivata
+
+Fatto, ora possimo sincronizzarsi al repository remoto, prendendo i file che ci mancano:
$ git pull
-Per sincronizzarsi al repository remoto
+Per aggiungere allo stadio "stage" i file che poi si manderà al repository remoto.
+
$ git add NAMEFILE
-Per aggiungere allo stadio "stage" i file che poi si manderà al repository remoto
+Per avere una descrizione delle modifiche fatte localmente, ma che apparirà anche al repository remoto quando si aggiungeranno
+
$ git commit -m "DESCRIZIONE DELLE MODIFICHE FATTE"
-Per avere una descrizione delle modifiche fatte localmente, ma che apparirà anche al repository remoto quando si aggiungeranno
+Se siete sicuri che le modifiche che avete fatto vanno tutte sul repository remoto, potete condensare i due comandi sopra con uno solo, -a mette tutti i file nella zona "stage" e committate direttamente:
+
+ $ git commit -a -m "DESCRIZIONE MODIFICHE"
+
+Se non sapete l'identità con cui è configurato git, fate un controllo prima di mandare le cose in remoto:
+
+
+ $ git config -l
+
+Per aggiungere i commit fatti al repository remoto:
-
$ git push l10n-italian master
-Per aggiungere i commit fatti al repository remoto
+In caso di dubbi, vedete un po il vosro status:
+
+ $ git status
@@ -149,8 +167,11 @@ in fondo al comando):
11)Genero la chiave ssh, la invio agli sviluppatori TAILS(il file.pub) e l'associo per essere autenticato sul server:
ssh-keygen -t rsa -b 4096 -C "ignifugo@blablabla.net"
- $ eval "$(ssh-agent -s)"
- Agent pid 12534
+
+Ti chiederà il nome con cui genererà i due file della chiave, quello pubblico e quello segreto. QUindi ti cheide una passwor, due volte; i caratteri non si vedono quando li digiti.Finito
+
+Ora configuro la comunicazione ssh ad usare la mia chiave segreta ed invio quella pubblica agli sviluppatori di Tails per poter così scrivere nel repository condiviso.
+
$ ssh-add /home/cri/ignissh
Enter passphrase for /home/cri/ignissh:
Identity added: /home/cri/ignissh (/home/cri/ignissh)
@@ -196,34 +217,35 @@ Attingere nuove pagine da tradurre dando precedenza a queste:
./doc/about/requirements --DONE, pushed, daRev
-./doc/download
+./doc/download --DONE, pushed, daRev
-./doc/get.index
+./doc/get.index --DONE, pushed, daRev
-./doc/get/trusting_tails_signing_key
+./doc/get/trusting_tails_signing_key --DONE, pushed, daRev
-./doc/get/*
+./doc/get/*--DONE, pushed, daRev
___
bf
./doc/about.index --FINITO!
-./doc/about/openpgp_keys --80% DONE, a lot of issues... daRev ?
-
-./doc/about/features --DONE, pushed daRev ?
+./doc/about/features --DONE, pushed daRev
-./doc/about/fingerprint --DONE, pushed daRev ?
+./doc/about/fingerprint --DONE, pushed daRev
./doc/first_steps/persistence.caution --FINITO!
-./doc/first_steps/persistence/configure --DONE pushed daRev ?
+./doc/first_steps/persistence/configure --DONE pushed daRev
./doc/first_steps/persistence/delete --FINITO!
+./doc/first_steps/persistence/warnings --FINITO!
+
+***
./doc/first_steps/persistence/use
-./doc/first_steps/persistence/warnings --FINITO!
+./doc/about/openpgp_keys --80% DONE, a lot of issues... not pushed
___
./doc/about/tor --DONE, Pushed
diff --git a/wiki/src/blueprint/monthly_meeting.mdwn b/wiki/src/blueprint/monthly_meeting.mdwn
index 121ad06..7302c27 100644
--- a/wiki/src/blueprint/monthly_meeting.mdwn
+++ b/wiki/src/blueprint/monthly_meeting.mdwn
@@ -16,6 +16,4 @@ Availability and plans for the next weeks
Discussions
===========
- - [[!tails_ticket 10257 desc="Discuss & adopt a strategy to merge commits from Weblate"]]
- - [[!tails_ticket 10179 desc="Document mentors for new contributors"]]
- - [[!tails_ticket 10024 desc="Document issues behind having Tails derivatives"]]
+ - [[!tails_ticket 10188 desc="Draft text for the website about buying t-shirts"]]
diff --git a/wiki/src/blueprint/report_2015_08.mdwn b/wiki/src/blueprint/report_2015_08.mdwn
index 111e870..b679edd 100644
--- a/wiki/src/blueprint/report_2015_08.mdwn
+++ b/wiki/src/blueprint/report_2015_08.mdwn
@@ -18,16 +18,25 @@ Releases
Code
====
-FIXME
+## Upgrades and changes
-* Alan submitted for review a new version of
- [Tor Monitor](https://mailman.boum.org/pipermail/tails-dev/2015-August/009381.html)
- (to replace Vidalia) and Sascha Steinbiss proposed to
- [package it for Debian](https://mailman.boum.org/pipermail/tails-dev/2015-August/009397.html).
+- Install Tor Browser 5.0.2 (based on Firefox ESR 38.2.1).
+
+- Install a 32-bit GRUB EFI boot loader. Tails should now start on some tablets
+with Intel Bay Trail processors among others.
+
+- Let the user know when Tails Installer has rejected a device because it is too
+small.
+
+- Upgrade Tor to 0.2.6.10-1~d70.wheezy+1+tails1
+
+## Fixed problems
+
+- Our AppArmor setup has been audited and improved in various ways which should
+harden the system.
+
+- The network should now be properly disabled when MAC address spoofing fails.
-* We drafted a script to [[!tails_ticket 9993 desc="run a Mumble server"]] from
- Tails, verified that the Mumble client in Tails Jessie works well, and
- started using it for internal meetings.
Documentation and website
=========================
@@ -108,12 +117,19 @@ Upcoming events
On-going discussions
====================
-FIXME
+* Alan submitted for review a new version of
+ [Tor Monitor](https://mailman.boum.org/pipermail/tails-dev/2015-August/009381.html)
+ (to replace Vidalia) and Sascha Steinbiss proposed to
+ [package it for Debian](https://mailman.boum.org/pipermail/tails-dev/2015-August/009397.html).
+
+* We drafted a script to [[!tails_ticket 9993 desc="run a Mumble server"]] from
+ Tails, verified that the Mumble client in Tails Jessie works well, and
+ started using it for internal meetings.
Press and testimonials
======================
-FIXME
+* 2015-08-04: [Cinq systèmes d’exploitation pour snober Windows 10 (et Mac OS)](http://www.lemonde.fr/pixels/article/2015/08/04/cinq-systemes-d-exploitation-pour-snober-windows-10-et-mac-os_4710726_4408996.html) by Damien Leloup in Le Monde (in French).
Translation
===========
diff --git a/wiki/src/contribute.de.po b/wiki/src/contribute.de.po
index 08c5bec..054ae0d 100644
--- a/wiki/src/contribute.de.po
+++ b/wiki/src/contribute.de.po
@@ -6,7 +6,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2015-08-20 12:11+0300\n"
+"POT-Creation-Date: 2015-10-13 12:48+0300\n"
"PO-Revision-Date: 2014-04-18 23:25+0100\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -383,7 +383,19 @@ msgid "Source code: [[Git repositories|contribute/git]]"
msgstr "Quellcode: [[Git repositories|contribute/git]]"
#. type: Plain text
-#, no-wrap
+#, fuzzy, no-wrap
+#| msgid ""
+#| " - [[Redmine bug tracker|contribute/working_together/Redmine]]\n"
+#| " - [Roadmap](https://labs.riseup.net/code/projects/tails/roadmap)\n"
+#| " - [[Easy tasks|easy_tasks]] for new contributors\n"
+#| " - [Tasks](https://labs.riseup.net/code/projects/tails/issues)\n"
+#| " can be filtered by type of work (see links in the sidebar)\n"
+#| " - [[Building a Tails image|contribute/build]]\n"
+#| " - [[Build the website|contribute/build/website]]\n"
+#| " - [[Customize Tails|contribute/customize]]\n"
+#| " - [[Debian package builder|contribute/Debian_package_builder]], to automatically build our custom packages\n"
+#| " - [[APT repository|contribute/APT_repository]], to store our custom Debian packages\n"
+#| " - [[Glossary for contributors|contribute/glossary]]\n"
msgid ""
" - [[Redmine bug tracker|contribute/working_together/Redmine]]\n"
" - [Roadmap](https://labs.riseup.net/code/projects/tails/roadmap)\n"
@@ -391,7 +403,7 @@ msgid ""
" - [Tasks](https://labs.riseup.net/code/projects/tails/issues)\n"
" can be filtered by type of work (see links in the sidebar)\n"
" - [[Building a Tails image|contribute/build]]\n"
-" - [[Build the website|contribute/build/website]]\n"
+" - [[Build a local copy of the website|contribute/build/website]]\n"
" - [[Customize Tails|contribute/customize]]\n"
" - [[Debian package builder|contribute/Debian_package_builder]], to automatically build our custom packages\n"
" - [[APT repository|contribute/APT_repository]], to store our custom Debian packages\n"
diff --git a/wiki/src/contribute.fr.po b/wiki/src/contribute.fr.po
index 1a501eb..3c364f0 100644
--- a/wiki/src/contribute.fr.po
+++ b/wiki/src/contribute.fr.po
@@ -6,7 +6,7 @@
msgid ""
msgstr ""
"Project-Id-Version: \n"
-"POT-Creation-Date: 2015-08-20 12:11+0300\n"
+"POT-Creation-Date: 2015-10-13 12:48+0300\n"
"PO-Revision-Date: 2014-03-26 10:50+0100\n"
"Last-Translator: MR\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -382,7 +382,7 @@ msgid ""
" - [Tasks](https://labs.riseup.net/code/projects/tails/issues)\n"
" can be filtered by type of work (see links in the sidebar)\n"
" - [[Building a Tails image|contribute/build]]\n"
-" - [[Build the website|contribute/build/website]]\n"
+" - [[Build a local copy of the website|contribute/build/website]]\n"
" - [[Customize Tails|contribute/customize]]\n"
" - [[Debian package builder|contribute/Debian_package_builder]], to automatically build our custom packages\n"
" - [[APT repository|contribute/APT_repository]], to store our custom Debian packages\n"
diff --git a/wiki/src/contribute.mdwn b/wiki/src/contribute.mdwn
index 6b7b0e3..2c6a352 100644
--- a/wiki/src/contribute.mdwn
+++ b/wiki/src/contribute.mdwn
@@ -135,7 +135,7 @@ Tools for contributors
- [Tasks](https://labs.riseup.net/code/projects/tails/issues)
can be filtered by type of work (see links in the sidebar)
- [[Building a Tails image|contribute/build]]
- - [[Build the website|contribute/build/website]]
+ - [[Build a local copy of the website|contribute/build/website]]
- [[Customize Tails|contribute/customize]]
- [[Debian package builder|contribute/Debian_package_builder]], to automatically build our custom packages
- [[APT repository|contribute/APT_repository]], to store our custom Debian packages
diff --git a/wiki/src/contribute.pt.po b/wiki/src/contribute.pt.po
index 8430c8c..87321ec 100644
--- a/wiki/src/contribute.pt.po
+++ b/wiki/src/contribute.pt.po
@@ -6,7 +6,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2015-08-20 12:11+0300\n"
+"POT-Creation-Date: 2015-10-13 12:48+0300\n"
"PO-Revision-Date: 2014-05-23 14:56-0300\n"
"Last-Translator: Tails Developers <amnesia@boum.org>\n"
"Language-Team: Portuguese <LL@li.org>\n"
@@ -387,7 +387,19 @@ msgid "Source code: [[Git repositories|contribute/git]]"
msgstr "Código fonte: [[Repositórios git|contribute/git]]"
#. type: Plain text
-#, no-wrap
+#, fuzzy, no-wrap
+#| msgid ""
+#| " - [[Redmine bug tracker|contribute/working_together/Redmine]]\n"
+#| " - [Roadmap](https://labs.riseup.net/code/projects/tails/roadmap)\n"
+#| " - [[Easy tasks|easy_tasks]] for new contributors\n"
+#| " - [Tasks](https://labs.riseup.net/code/projects/tails/issues)\n"
+#| " can be filtered by type of work (see links in the sidebar)\n"
+#| " - [[Building a Tails image|contribute/build]]\n"
+#| " - [[Build the website|contribute/build/website]]\n"
+#| " - [[Customize Tails|contribute/customize]]\n"
+#| " - [[Debian package builder|contribute/Debian_package_builder]], to automatically build our custom packages\n"
+#| " - [[APT repository|contribute/APT_repository]], to store our custom Debian packages\n"
+#| " - [[Glossary for contributors|contribute/glossary]]\n"
msgid ""
" - [[Redmine bug tracker|contribute/working_together/Redmine]]\n"
" - [Roadmap](https://labs.riseup.net/code/projects/tails/roadmap)\n"
@@ -395,7 +407,7 @@ msgid ""
" - [Tasks](https://labs.riseup.net/code/projects/tails/issues)\n"
" can be filtered by type of work (see links in the sidebar)\n"
" - [[Building a Tails image|contribute/build]]\n"
-" - [[Build the website|contribute/build/website]]\n"
+" - [[Build a local copy of the website|contribute/build/website]]\n"
" - [[Customize Tails|contribute/customize]]\n"
" - [[Debian package builder|contribute/Debian_package_builder]], to automatically build our custom packages\n"
" - [[APT repository|contribute/APT_repository]], to store our custom Debian packages\n"
diff --git a/wiki/src/contribute/build/website.mdwn b/wiki/src/contribute/build/website.mdwn
index ad3d5f3..80eeba6 100644
--- a/wiki/src/contribute/build/website.mdwn
+++ b/wiki/src/contribute/build/website.mdwn
@@ -1,34 +1,82 @@
-[[!meta title="Build the wiki offline"]]
+[[!meta title="Build a local copy of the website"]]
-Here is how to build the wiki offline.
+The website [[https://tails.boum.org/]] is built using
+[Ikiwiki](https://ikiwiki.info) from source code that is available in
+our main Git repository, along with the rest of the Tails code.
-<div class="bug">
+You can build a local copy of the website on your computer. Building the
+website produces a set a HTML pages stored on your system that you can
+open in your usual web browser even while working offline. Doing so is
+useful for documentation writers and translators to see how their
+changes will apply on the website.
-<p>The following instructions don't work as such in Tails. See
-[[!tails_ticket 9018]] for a possible solution.</p>
+[[!toc]]
-</div>
+Build the website in Linux
+==========================
-If you have not done it before, update the list of packages known to Tails:
+1. Update the list of available packages:
- sudo apt-get update
+ sudo apt-get update
-Then install the dependencies:
+2. Install the required packages:
- sudo apt-get install libyaml-perl libyaml-libyaml-perl po4a \
- perlmagick libyaml-syck-perl ikiwiki
+ sudo apt-get install libyaml-perl libyaml-libyaml-perl po4a \
+ perlmagick libyaml-syck-perl ikiwiki
-Clone our main [[Git repository|git]]:
+3. Clone our main [[Git repository|git]]:
- git clone https://git-tails.immerda.ch/tails
+ git clone https://git-tails.immerda.ch/tails
-Then run the following command, at the root of the Git folder:
+[[!inline pages="contribute/build/website/src.inline" raw="yes"]]
- ./build-wiki
+4. Build the website:
-You can now browse the files in
+ cd tails
+ ./build-website
- ./config/chroot_local-includes/usr/share/doc/tails/website/
+[[!inline pages="contribute/build/website/languages.inline" raw="yes"]]
-To accelerate the build, you can disable some languages by editing the
-parameter `po_slave_languages` in ikiwiki.setup.
+5. You can now browse your local copy of the website in the following folder:
+
+ <span class="filename">config/chroot_local-includes/usr/share/doc/tails/website/</span>
+
+<a id="tails"></a>
+
+Build the website in Tails
+==========================
+
+1. [[Create and configure|doc/first_steps/persistence/configure]] a persistent volume and activate the following features:
+
+ - Personal Data
+ - APT Packages
+ - APT Lists
+
+2. Restart Tails, [[enable the persistence|doc/first_steps/persistence/use]], and [[set up an administration password|doc/first_steps/startup_options/administration_password]].
+
+3. Update the list of available packages:
+
+ sudo apt-get update
+
+4. Install the required packages:
+
+ sudo apt-get install libyaml-perl libyaml-libyaml-perl po4a \
+ perlmagick libyaml-syck-perl ikiwiki
+
+5. Clone our main [[Git repository|git]] in the <span class="filename">Persistent</span> folder:
+
+ cd ~/Persistent/
+ git clone https://git-tails.immerda.ch/tails
+
+[[!inline pages="contribute/build/website/src.inline" raw="yes"]]
+
+6. Build the website:
+
+ cd tails
+ ./build-website --set destdir="/home/amnesia/Persistent/Tor Browser/tails" "$@"
+
+[[!inline pages="contribute/build/website/languages.inline" raw="yes"]]
+
+7. You can now visit the following link in <span class="application">Tor Browser</span> to browse your local copy of the website:
+
+ [[file:///home/amnesia/Persistent/Tor Browser/tails/index.en.html]]
diff --git a/wiki/src/contribute/build/website/languages.inline.mdwn b/wiki/src/contribute/build/website/languages.inline.mdwn
new file mode 100644
index 0000000..4c410e2
--- /dev/null
+++ b/wiki/src/contribute/build/website/languages.inline.mdwn
@@ -0,0 +1,5 @@
+ <div class="tip">
+ <p>To accelerate the build, you can disable some languages by editing
+ the <span class="code">po_slave_languages</span> parameter in the file
+ <span class="filename">ikiwiki.setup</span>.</p>
+ </div>
diff --git a/wiki/src/contribute/build/website/src.inline.mdwn b/wiki/src/contribute/build/website/src.inline.mdwn
new file mode 100644
index 0000000..80981dd
--- /dev/null
+++ b/wiki/src/contribute/build/website/src.inline.mdwn
@@ -0,0 +1,4 @@
+ <div class="tip">
+ <p>The source code of the website is located in the
+ <span class="filename">wiki/src/</span> folder.</p>
+ </div>
diff --git a/wiki/src/contribute/calendar.mdwn b/wiki/src/contribute/calendar.mdwn
index 3c0e71e..4d6c12d 100644
--- a/wiki/src/contribute/calendar.mdwn
+++ b/wiki/src/contribute/calendar.mdwn
@@ -1,21 +1,34 @@
[[!meta title="Calendar"]]
-* 2015-09-03: [[Monthly meeting|contribute/meetings]]
-
-* 2015-09-12: [[Low-hanging fruits session|contribute/low-hanging_fruit_sessions]]
-
-* 2015-09-22: Release 1.6 (anonym is the RM)
-
-* 2015-09-22: [Tails - Computer nutzen und Privatsphäre schützen](http://pentabarf.linkemedienakademie.de/export/lima15_2/events/158.de.html)
- by Vera Henssler and Ulrich Overdieck in Berlin, Germany (in German)
-
-* 2015-09-27 to 2015-10-02: Tor developers meeting in Berlin
-
-* 2015-09-29 to 2015-10-02: Farsi localization sprint in Amsterdam
-
* 2015-10-06 to 08: OTF Annual Summit in Washington DC
-* 2015-11-03: Release 1.7 (anonym is the RM)
+* 2015-10-26:
+ - Freeze Tails 1.7: All feature branches targeting Tails 1.7 should
+ be merged into the `devel` branch by noon, CET. I'm open to make
+ exceptions if you can be online and responsive during that
+ afternoon.
+ - Build and upload Tails 1.7~rc1.
+ - Start testing Tails 1.7~rc1 during late CET if building the image
+ went smoothly.
+
+* 2015-10-27:
+ - Finish testing Tails 1.7~rc1 by the afternoon, CET.
+ - Release Tails 1.7~rc1.
+
+* 2015-11-02:
+ - All new branches targeting Tails 1.7 must be merged into the
+ `testing` branch by noon CET. I'm open to make exceptions if you
+ can be online and responsive during that afternoon.
+ - Tor Browser 4.5.x, based on Firefox 38esr, is hopefully out so
+ we can import it.
+ - Build and upload Tails 1.7 ISO image and IUKs.
+ - Start testing Tails 1.7 during late CET if building the image
+ went smoothly.
+
+* 2015-11-03:
+ - Finish testing Tails 1.7 by the afternoon, CET.
+ - Release Tails 1.7 during late CET, earliest when Mozilla
+ publishes their MFSAs.
* 2015-11-20 to 2015-11-22: User testing of the Installation Assistant
diff --git a/wiki/src/contribute/design.mdwn b/wiki/src/contribute/design.mdwn
index 395b756..51ed8d6 100644
--- a/wiki/src/contribute/design.mdwn
+++ b/wiki/src/contribute/design.mdwn
@@ -712,8 +712,7 @@ extension).
that the Debian distribution does not provide or endorse Tails.
- [Tor](http://www.torproject.org/): anonymizing overlay network for
TCP. Our intention is to always use the latest stable version.
-- [Vidalia](https://www.torproject.org/projects/vidalia) is used
- to control Tor's behavior.
+- Vidalia is used to control Tor's behavior.
Being based in Debian, Tails benefits from its great package
management tools, facilitating its build and the inclusion of new
diff --git a/wiki/src/contribute/git.mdwn b/wiki/src/contribute/git.mdwn
index fd1d39d..c5547aa 100644
--- a/wiki/src/contribute/git.mdwn
+++ b/wiki/src/contribute/git.mdwn
@@ -75,7 +75,7 @@ Repositories
Main repository
---------------
-This repository contains the Tails source code and the wiki source.
+This repository contains the Tails source code and the source of the website.
Anyone can check it out like this:
diff --git a/wiki/src/contribute/how/code.mdwn b/wiki/src/contribute/how/code.mdwn
index 3367a46..32f30a3 100644
--- a/wiki/src/contribute/how/code.mdwn
+++ b/wiki/src/contribute/how/code.mdwn
@@ -98,7 +98,7 @@ So you know what bug you want to fix, what feature you want to
implement. At this point, we advise you to:
1. **Gather results of previous research and discussions** on the
- topic you are interested in. Search this wiki, [[!tails_redmine ""
+ topic you are interested in. Search this website, [[!tails_redmine ""
desc="tickets on Redmine"]] and the [developers mailing-list
archive](https://mailman.boum.org/pipermail/tails-dev/).
2. **[[Tell us|contribute/talk]] about your plans** to make sure your
diff --git a/wiki/src/contribute/how/documentation.mdwn b/wiki/src/contribute/how/documentation.mdwn
index db2a55e..6bf40ae 100644
--- a/wiki/src/contribute/how/documentation.mdwn
+++ b/wiki/src/contribute/how/documentation.mdwn
@@ -28,10 +28,11 @@ But there are still many ways you can start contributing:
[[ask us for review|contribute/talk]].
- Small fixes and enhancements to the current documentation are
- greatly welcome. This can be done by [[sending us|contribute/talk]]
- Git patches, by publishing a [[Git]] branch, or simply by email on
- the public mailing list. In the general case, this work should be
- based on the `master` branch.
+ greatly welcome. This can be done by sending Git patches to [[the
+ tails-dev mailing list|contribute/talk]] or by publishing a
+ [[Git]] branch (for example to a fork on
+ [GitLab](https://gitlab.com/Tails/tails)). In general,
+ documentation changes should be based on the `master` branch.
Documentation writers coordinate themselves using our usual
[[development communication channels|contribute/talk]].
@@ -39,6 +40,10 @@ Documentation writers coordinate themselves using our usual
Documentation writers should also read our [[documentation
guidelines|guidelines]].
+New documentation should be wrapped to 80 characters; however, please
+do not submit patches that merely re-wrap existing text, as this makes
+it harder to read the git history.
+
We recommend you to [[build an offline version of the
documentation|contribute/build/website]] to test your contributions
before sharing them with us.
diff --git a/wiki/src/contribute/how/translate/team/fr.mdwn b/wiki/src/contribute/how/translate/team/fr.mdwn
index 90b4ef9..8516849 100644
--- a/wiki/src/contribute/how/translate/team/fr.mdwn
+++ b/wiki/src/contribute/how/translate/team/fr.mdwn
@@ -35,6 +35,8 @@ For French, various bits of text can be translated via Git:
* matsa: [[https://git-tails.immerda.ch/matsa/tails]]
* mercedes508: [[https://git-tails.immerda.ch/mercedes508]]
* seb35: [[https://git-tails.immerda.ch/seb35]]
+* elouann: [[http://git.tails.boum.org/elouann/tails/]]
+ * PGP fingerprint: `4C95 4E38 AC95 9C33 BD03 7A09 A29F 43F4 830F 0A36`
# Glossaries
diff --git a/wiki/src/contribute/how/translate/with_Git.mdwn b/wiki/src/contribute/how/translate/with_Git.mdwn
index d5e09e8..991c6bc 100644
--- a/wiki/src/contribute/how/translate/with_Git.mdwn
+++ b/wiki/src/contribute/how/translate/with_Git.mdwn
@@ -18,7 +18,7 @@ If you want to use another operating system, these tools are:
* Git - manage source code
* Poedit - translate files
* OpenSSH client - publish your translations on the server
-* tools to [[build the wiki locally|contribute/build/website/]] in
+* tools to [[build a local copy of the website|contribute/build/website/]] in
order to check how it will look like
If you do not use Tails, please ensure that you use at least version 1.5 of Poedit,
@@ -86,7 +86,7 @@ ask on the [[mailing list for translators|translate#follow-up]], we will be glad
git clone https://git-tails.immerda.ch/tails
- This operation requires some time at setup, as it requires to pull the whole repository.
+ This operation requires some time at setup, as it requires pulling the whole repository.
3. **Add your repository**
@@ -96,7 +96,9 @@ ask on the [[mailing list for translators|translate#follow-up]], we will be glad
To publish your translations, you need to add the repository set up previously.
The URL of your repository should look like `tails@git.tails.boum.org:elouann/tails`.
- If you cannot find the URL of your repository, get in touch with the sysadmins or send an email on the [[mailing list|translate#follow-up]]. Once you got it, add it to the repositories:
+ If you cannot find the URL of your repository, get in touch with the sysadmins or send
+ an email to the [[mailing list|translate#follow-up]]. Once you've got it, add it to
+ your local repository:
git remote add myrepo tails@git.tails.boum.org:elouann/tails
@@ -112,11 +114,12 @@ ask on the [[mailing list for translators|translate#follow-up]], we will be glad
origin https://git-tails.immerda.ch/tails (fetch)
origin https://git-tails.immerda.ch/tails (push)
- To check if the repository are correctly configured, run the following command:
+ To check if the repository is correctly configured, run the following command:
git fetch --all
- If you have problem with SSH keys or with the URL of your repository, get in touch with the sysadmins or send an email on the [[mailing list|translate#follow-up]].
+ If you have a problem with SSH keys or with the URL of your repository, get in touch
+ with the sysadmins or send an email to the [[mailing list|translate#follow-up]].
3. **Configure your credentials**
@@ -144,7 +147,7 @@ ask on the [[mailing list for translators|translate#follow-up]], we will be glad
5. **Translate!**
- You can use your preferred PO file editor, possibly *Poedit* which is included in Tails.
+ You can use your preferred PO file editor, for example, *Poedit* which is included in Tails.
6. **Save your translations**
diff --git a/wiki/src/contribute/l10n_tricks.mdwn b/wiki/src/contribute/l10n_tricks.mdwn
index 0571cd6..e646dd3 100644
--- a/wiki/src/contribute/l10n_tricks.mdwn
+++ b/wiki/src/contribute/l10n_tricks.mdwn
@@ -17,11 +17,11 @@ Calculate statistics on the translations
Run the [[language statistics.sh]] script.
-Build the wiki offline
-======================
+Build a local copy of the website
+=================================
-To check your translations before you send them, you may want to browse the
-wiki offline. See the [[corresponding documentation|contribute/build/website]].
+To check your translations before sending them, we recommend you [[build
+a local copy of the website|contribute/build/website]].
Search for fuzzy strings with Vim
=================================
diff --git a/wiki/src/contribute/release_process.mdwn b/wiki/src/contribute/release_process.mdwn
index 824abca..58c1d15 100644
--- a/wiki/src/contribute/release_process.mdwn
+++ b/wiki/src/contribute/release_process.mdwn
@@ -306,7 +306,7 @@ matches the date of the future signature.
echo "$RELEASE_DATE" > wiki/src/inc/stable_i386_date.html
sed -ri "s%news/version_.*]]%news/version_$VERSION]]%" wiki/src/inc/stable_i386_release_notes.*
$EDITOR wiki/src/inc/*.html
- ./build-wiki
+ ./build-website
git commit wiki/src/inc/ -m "Update version and date for $VERSION."
### features and design documentation
@@ -328,7 +328,7 @@ pages that were added or changed accordingly to changes coming with
the new release. This e.g. ensures that the RC call for translation
points translators to up-to-date PO files:
- ./build-wiki && git add wiki/src && git commit -m 'Update website PO files.'
+ ./build-website && git add wiki/src && git commit -m 'Update website PO files.'
Call for translation
====================
@@ -692,6 +692,13 @@ Make sure every webserver listed in the `dl.amnesia.boum.org` round
robin pool has the new version. Drop those that are lagging behind and
notify their administrators.
+ISO history
+-----------
+
+Push the released ISO to our Tails ISO history git-annex repo, so that
+our isotesters can fetch it from there for their testing. How to do so
+is described in our internal Git repo.
+
Update the website and Git repository
=====================================
@@ -809,7 +816,7 @@ Write the announcement for the release in
In any case
-----------
-Generate PO files for the announcements with `./build-wiki`.
+Generate PO files for the announcements with `./build-website`.
Then, send them to <tails-l10n@boum.org> so that they get translated
shortly, perhaps even soon enough to integrate them before pushing the
@@ -838,13 +845,6 @@ Testing
report their results in due time, and that they make it clear when
they're leaving for good.
-ISO history
-===========
-
-Push the released ISO to our Tails ISO history git-annex repo, so that
-our isotesters can fetch it from there and not fail to test because of
-it missing. How to do it is described in our internal Git repo.
-
Go wild!
========
diff --git a/wiki/src/contribute/release_process/liveusb-creator.mdwn b/wiki/src/contribute/release_process/liveusb-creator.mdwn
index 1f5c1f4..0ebafad 100644
--- a/wiki/src/contribute/release_process/liveusb-creator.mdwn
+++ b/wiki/src/contribute/release_process/liveusb-creator.mdwn
@@ -39,7 +39,7 @@ Packaging
We're using [DEP-14 conventions](http://dep.debian.net/deps/dep14/),
except for our `master` branch which is used for upstream development
-targetted at current Tails, as said above. More specifically:
+targeted at current Tails, as said above. More specifically:
* The `pristine-tar` branch contains the binary delta between DFSG-freed
tarballs and the corresponding tag. It's automatically maintained by
@@ -144,7 +144,7 @@ Extract the upstream and packaging branch from gbp.conf:
Create a DFSG-compatible tarball from the previously created Git
archive and reimport it into the source tree. This merges, into the
`debian-branch` specified in `gbp.conf`, not only the commit that
-imported the current DFSG free upstream tarball into the
+imported the current DFSG-free upstream tarball into the
`upstream-branch`, but also the corresponding upstream Git history:
mk-origtargz \
diff --git a/wiki/src/contribute/release_process/liveusb-creator/topic_branch.mdwn b/wiki/src/contribute/release_process/liveusb-creator/topic_branch.mdwn
index 190ee93..33ee944 100644
--- a/wiki/src/contribute/release_process/liveusb-creator/topic_branch.mdwn
+++ b/wiki/src/contribute/release_process/liveusb-creator/topic_branch.mdwn
@@ -7,7 +7,7 @@ Let's say you want to build a package for a topic branch called
If your topic branch has been forked off a different branch than
<code>master</code>, then you need to adjust the following
-instructions a bit: not only you need to replace occurrences of
+instructions a bit: not only do you need to replace occurrences of
<code>master</code>, but your <code>TARGET_DIST</code> will also
be different.
diff --git a/wiki/src/contribute/release_process/test.mdwn b/wiki/src/contribute/release_process/test.mdwn
index d145772..20fa49d 100644
--- a/wiki/src/contribute/release_process/test.mdwn
+++ b/wiki/src/contribute/release_process/test.mdwn
@@ -81,12 +81,13 @@ tracked by tickets prefixed with `todo/test_suite:`.
* Run the [tests the TBB folks
use](https://trac.torproject.org/projects/tor/wiki/doc/build/BuildSignoff#TestPagestoUse).
+ (automate: [[!tails_ticket 10260]])
* Compare the fingerprint of Tails and the latest TBB using at least
<https://panopticlick.eff.org/>
- The exposed User-Agent should match the latest TBB's one.
- Update the [[fingerprint section|support/known_issues#fingerprint]] of the
- known issues page if needed.
-* WebRTC should be disabled:
+ known issues page if needed. (automate: [[!tails_ticket 10262]])
+* WebRTC should be disabled: (automate: [[!tails_ticket 10264]])
- In `about:config` check that `media.peerconnection.enabled` is set to
`false`.
- <http://mozilla.github.io/webrtc-landing/>, especially the `getUserMedia`
@@ -96,12 +97,13 @@ tracked by tickets prefixed with `todo/test_suite:`.
`ifconfig | grep inet | grep -v inet6 | cut -d" " -f2 | tail -n1`
* One should be able to switch identities from the web browser.
* Running `getTorBrowserUserAgent` should produce the User-Agent set by the
- installed version of Torbutton, and used in the Tor Browser.
+ installed version of Torbutton, and used in the Tor Browser. (automate: [[!tails_ticket 10268]])
# Tor
* The version of Tor should be the latest stable one, which is the highest version number
- before alpha releases on <http://deb.torproject.org/torproject.org/pool/main/t/tor/>.
+ before alpha releases on <http://deb.torproject.org/torproject.org/pool/main/t/tor/>. (automate:
+ [[!tails_ticket 10259]])
# Claws
@@ -144,20 +146,20 @@ tracked by tickets prefixed with `todo/test_suite:`.
# Erase memory on shutdown
-- `memlockd` must be running
- After booting from DVD, remove Tails boot medium and check that the
memory erasure process is started (`Loading new kernel`, at least).
(automate: [[!tails_ticket 5472]])
- After booting from USB, remove Tails boot medium and check that the
memory erasure process is started (`Loading new kernel`, at least).
+ (automate: [[!tails_ticket 5472]])
# Root access control
* Check you can login as root with `su` neither with the `amnesia` password nor
- with the `live` one.
+ with the `live` one. (automate: [[!tails_ticket 10274]])
* Check that the `$TAILS_USER_PASSWORD` variable, if still existing in the system
environment after the boot has finished, does not contain the clear text
- password.
+ password. (automate: [[!tails_ticket 10275]])
# Virtualization support
@@ -286,16 +288,16 @@ Start I2P by appending `i2p` to the kernel command line.
Enable I2P in the boot loader menu, and enable Windows camouflage via
the Tails Greeter checkbox, and then:
-* Tails OpenPGP Applet's context menu should look readable
+* Tails OpenPGP Applet's context menu should look readable (automate: [[!tails_ticket 10255]])
* The Tor Browser, Unsafe Browser and I2P Browser should all use the
- Internet Explorer theme.
-* Vidalia should not start.
+ Internet Explorer theme. (automate: [[!tails_ticket 10258]])
+* Vidalia should not start. (automate: [[!tails_ticket 10256]])
# Unsafe Web Browser
-* Browsing (by IP) a FTP server on the LAN should be possible.
+* Browsing (by IP) a FTP server on the LAN should be possible. (automate: [[!tails_ticket 10252]])
-* Google must be the default, pre-selected search plugin.
+* Google must be the default, pre-selected search plugin. (automate: [[!tails_ticket 10253]])
# Real (non-VM) hardware
@@ -315,20 +317,20 @@ the Tails Greeter checkbox, and then:
- in one language to which the website is translated
- in one language to which the website is not translated (=> English)
* Browse around in the documentation shipped in the image. Internal
- links should be fine.
+ links should be fine. (automate: [[!tails_ticket 10254]])
# Internationalization
Boot and check basic functionality is working for every supported
language. You *really* have to reboot between each language.
-* The chosen keyboard layout must be applied.
+* The chosen keyboard layout must be applied. (automate: [[!tails_ticket 10261]])
* The virtual keyboard must work and be auto-configured to use the same keyboard
- layout as the X session.
+ layout as the X session. (automate: [[!tails_ticket 10263]])
* In the Tor Browser:
- - Disconnect.me must be the default, pre-selected search plugin.
+ - Disconnect.me must be the default, pre-selected search plugin. (automate: [[!tails_ticket 10265]])
- the Disconnect.me, Startpage and Wikipedia search plugins must be
- localized for the supported locales:
+ localized for the supported locales (automate: [[!tails_ticket 10267]]):
. /usr/local/lib/tails-shell-library/tor-browser.sh
supported_tor_browser_locales
@@ -336,21 +338,21 @@ language. You *really* have to reboot between each language.
## Spellchecking
* Check that every supported language is listed in the list of languages for
- spell checking.
+ spell checking. (automate: [[!tails_ticket 10269]])
- Visit <https://translate.google.com/>.
- Right-click and choose "Check spelling".
- Right-click and check the list of available languages.
* For a few languages, check the spell checking:
- Type something in the textarea.
- Right-click and select a language.
- - Verify that the spelling suggestion are from that language.
+ - Verify that the spelling suggestion are from that language. (automate: [[!tails_ticket 10271]])
* Once [[!tails_ticket 5962]] is fixed, the browser spelling dictionary must be
- localized (for languages that are supported by our branding extension).
+ localized (for languages that are supported by our branding extension). (automate: [[!tails_ticket 10272]])
# Misc
* Check that Tails Greeter's "more options" screen displays properly
on a display with 600 px height, preferably in a language that's
- more verbose than English (e.g. French).
+ more verbose than English (e.g. French). (automate: [[!tails_ticket 10276]])
* Check that all seems well during init (mostly that all services
- start without errors), and that `/var/log/syslog` seems OK.
+ start without errors), and that `/var/log/syslog` seems OK. (automate: [[!tails_ticket 10277]])
diff --git a/wiki/src/contribute/release_process/test/automated_tests.mdwn b/wiki/src/contribute/release_process/test/automated_tests.mdwn
index 423714b..485012e 100644
--- a/wiki/src/contribute/release_process/test/automated_tests.mdwn
+++ b/wiki/src/contribute/release_process/test/automated_tests.mdwn
@@ -1,6 +1,6 @@
[[!meta title="Automated test suite"]]
-[[!toc levels=2]]
+[[!toc levels=3]]
# Introduction
@@ -151,7 +151,7 @@ completely fresh one, with all defaults. The defaults are defined in
`features/domains/default.xml`, but some highlights are:
* One virtual `x86_64` CPU with one core
-* 1 GiB of RAM
+* A reasonable amount of RAM
* ACPI, APIC and PAE enabled
* UTC harware clock
* A DVD drive loaded with the Tails from the ISO
@@ -159,8 +159,19 @@ completely fresh one, with all defaults. The defaults are defined in
* USB 2.0 controller
* Ethernet interface, plugged into a network bridged with the host
-After this step there's a number of steps that reconfigures the
-above...
+However, most of the time we do not set up a computer from scratch
+using this step, but restore from a snapshot (also called checkpoint)
+using the one of the `Given Tails has booted ...` steps generated in
+`features/step_definitions/snapshots.rb`. An example of such a step,
+and indeed one of the most common ones, is:
+
+ Given Tails has booted from DVD and logged in and the network is connected
+
+These steps will actually run multiple steps, saving one or more
+snapshots along the way. See the next section for details about this.
+
+Returning back to what we'd do after the `Given a computer` step,
+there's a number of steps that reconfigures the computer...
And I create a 10 GiB disk named "some_disk"
@@ -234,21 +245,31 @@ has started` step.
Since Tor is working, the check for upgrades will be run. We have to
wait for it to complete because that generally will break later if we
-use a background snapshot.
+use snapshots.
+
+### Snapshots
+
+To speed up the test suite and get consistent results when setting up
+state, we make heavy use of virtual machine snapshots. We encourage
+contributors to read the snapshot definitions in
+`features/step_definitions/snapshots.rb` carefully. We generate steps
+from these descriptions, and they are created lazily on first use (and
+then reused in subsequent instances, across features). Some things to
+make note of:
- And I save the state so the background can be restored next scenario
+* Snapshots may have parents, which means that they start by running
+ the parent's step, generating its snapshot, recursively to a "root"
+ snapshot without parent.
-This is where the state of the VM is saved into the so called
-background snapshot the first time it is reached within a feature. For
-all subsequent scenarios, all steps before this one are skipped and
-the VM state is restored from the snapshot in this state. This step
-also makes sure that the remote shell is back up, and if Tor was
-running, that the time is resynced from the host and Tor is restarted
-and working again.
+* Snapshots can be made "temporary". If the snapshot description's
+ `:temporary` field is set to `true`, then the snapshot
+ will be cleared after the feature it was created in finishes. This
+ is a way to reduce the disk space needed for running the test suite,
+ and is encouraged to use for features where a very perticular state
+ is set up, that isn't reused in any other feature.
-It's called the background snapshot because generally we only want to
-do this if we define a background in a feature. We don't want to use
-the above step if scenarios that have different steps before this one.
+* Debugging snapshot creation is made a lot easier by enabling the
+ `debug` formatter, which will print the steps as they are run.
### Scenarios involving the Internet
@@ -290,26 +311,6 @@ The remote shell:
commands output. This is because of Sikuli's OCR capabilities are
poor, and cannot be depended on.
-### Background snapshot compatibility
-
-All steps that possibly could be in a feature's background (that can
-be quickly skipped through thanks to background snapshots) should in
-general contain the following in its absolute beginning:
-
- next if @skip_steps_while_restoring_background
-
-This is what makes it possible to pass the step without actually
-running it.
-
-Note the "in general" above, though. Sometimes there may be code in
-a step that we should let run before we skip the test. In general
-that's just assignment of input from a step into a global/class
-variable that is used in subsequent steps. For an instructive example
-of this, see the `I set sudo password ...` step in
-`features/step_definitions/common_steps.rb`, which saves the password
-into a class variable so it can be used by, among others, the `I enter
-the sudo password ...` step.
-
# Limitations and issues
These things are good to know when developing new features, scenarios
@@ -341,9 +342,20 @@ forever.
Filesystem shares cannot (due to QEMU limitations) be added to an
active VM, and cannot (due to QEMU limitations) be active
(i.e. mounted) during a snapshot save. For this reason, don't use
-filesystem shares in combination with background snapshots. For more
+filesystem shares in combination with snapshots. For more
information, see [[!tails_ticket 5571]].
+On a more practical note, you *can* add a filesystem share if you
+restore a snapshot and then power off the computer, which still is
+worth it when there's a big setup cost, e.g. when Tails is running
+from USB with persistence enabled. So something like this is valid,
+for example:
+
+ Given Tails has booted without network from a USB drive with a persistent partition and stopped at Tails Greeter's login screen
+ And I shutdown Tails and wait for the computer to power off
+ And I setup some filesystem share ...
+ And I start Tails from USB drive "current" with network unplugged and I login with persistence enabled
+
## Plugging SATA drives
When creating a disk (at least when backed by a `raw` image) via the
@@ -352,27 +364,11 @@ drive, GNOME will report that the drive is failing when inside Tails,
and indeed several SMART tests fail. For now, plug hard disks as IDE
only (or USB, of course).
-## Class variables assigned in skippable steps
-
-This is best explained with an example. Let's say we have this feature:
-
- Background:
- ...
- Given I assign @x with something we read from the VMs state and we know should be 100
- And I save the state so the background can be restored next scenario
-
- Scenario: 1
- Then @x == 100
-
- Scenario: 2
- Then @x == 100
-
-As expected, scenario 1 will succeed, but since class variables lie
-`@x` are cleared between scenarios, scenario 2 will fail if it is
-skippable (i.e. it has the `next if...` thing at the top), which it
-should besince it interacts with the VM. To avoid this, make sure to
-put *all* steps dealing with the class variable in the background, or
-all of them after the background. Alternatively, use global variables
-(e.g. `$x`) instead of class variables, since they are never cleared.
+## Passing state between steps in snapshots
-Also, see [[!tails_ticket 5847]].
+When creating snapshots, anything stored in a variable in any of those
+steps will only be available in subsequent steps in that scenario, not
+in other scenarios restoring from that snapshot. The exception is when
+global variables are used, which is an acceptable workaround, but it
+requires minute control to get right, and is hard to follow. Please
+try to avoid this until [[!tails_ticket 5847]] is solved.
diff --git a/wiki/src/doc/about/features.de.po b/wiki/src/doc/about/features.de.po
index 239dd95..a77c391 100644
--- a/wiki/src/doc/about/features.de.po
+++ b/wiki/src/doc/about/features.de.po
@@ -60,7 +60,7 @@ msgid ""
"* [Tor](https://www.torproject.org) with:\n"
" - [[stream isolation|contribute/design/stream_isolation]]\n"
" - regular, obfs2, obfs3, obfs4, and ScrambleSuit bridges support\n"
-" - the [Vidalia](https://www.torproject.org/projects/vidalia) graphical frontend ([[More...|doc/anonymous_internet/vidalia]])\n"
+" - the Vidalia graphical frontend ([[More...|doc/anonymous_internet/vidalia]])\n"
"* [NetworkManager](http://projects.gnome.org/NetworkManager/) for easy\n"
" network configuration ([[More...|doc/anonymous_internet/networkmanager]])\n"
"* [Tor Browser](https://www.torproject.org/projects/torbrowser.html.en) ([[More...|doc/anonymous_internet/Tor_Browser]]), a web\n"
@@ -87,7 +87,7 @@ msgstr ""
"* [Tor](https://www.torproject.org) mit:\n"
" - [[stream isolation|contribute/design/stream_isolation]]\n"
" - Unterstützung von normalen, obfs2, obfs3, obfs4 und ScrambleSuit Bridges\n"
-" - dem grafischen Front-End [Vidalia](https://www.torproject.org/projects/vidalia) ([[Mehr...|doc/anonymous_internet/vidalia]])\n"
+" - dem grafischen Front-End Vidalia ([[Mehr...|doc/anonymous_internet/vidalia]])\n"
"* [NetworkManager](http://projects.gnome.org/NetworkManager/) für einfache\n"
" Netzwerkkonfiguration ([[Mehr...|doc/anonymous_internet/networkmanager]])\n"
"* [Tor Browser](https://www.torproject.org/projects/torbrowser.html.de) ([[Mehr...|doc/anonymous_internet/Tor_Browser]]), ein Webbrowser\n"
diff --git a/wiki/src/doc/about/features.fr.po b/wiki/src/doc/about/features.fr.po
index c174dd3..226bc46 100644
--- a/wiki/src/doc/about/features.fr.po
+++ b/wiki/src/doc/about/features.fr.po
@@ -60,7 +60,7 @@ msgid ""
"* [Tor](https://www.torproject.org) with:\n"
" - [[stream isolation|contribute/design/stream_isolation]]\n"
" - regular, obfs2, obfs3, obfs4, and ScrambleSuit bridges support\n"
-" - the [Vidalia](https://www.torproject.org/projects/vidalia) graphical frontend ([[More...|doc/anonymous_internet/vidalia]])\n"
+" - the Vidalia graphical frontend ([[More...|doc/anonymous_internet/vidalia]])\n"
"* [NetworkManager](http://projects.gnome.org/NetworkManager/) for easy\n"
" network configuration ([[More...|doc/anonymous_internet/networkmanager]])\n"
"* [Tor Browser](https://www.torproject.org/projects/torbrowser.html.en) ([[More...|doc/anonymous_internet/Tor_Browser]]), a web\n"
@@ -87,7 +87,7 @@ msgstr ""
"* [Tor](https://www.torproject.org) avec :\n"
" - [[isolation de flux|contribute/design/stream_isolation]]\n"
" - prise en charge des bridges normaux, obfs2, obfs3, obfs4 et ScrambleSuit\n"
-" - l'interface graphique [Vidalia](https://www.torproject.org/projects/vidalia) ([[Plus d'information...|doc/anonymous_internet/vidalia]])\n"
+" - l'interface graphique Vidalia ([[Plus d'information...|doc/anonymous_internet/vidalia]])\n"
"* [NetworkManager](http://projects.gnome.org/NetworkManager/) pour une\n"
" configuration réseau simple ([[Plus d'information...|doc/anonymous_internet/networkmanager]])\n"
"* Le [navigateur Tor](https://www.torproject.org/projects/torbrowser.html.en) ([[Plus d'information...|doc/anonymous_internet/Tor_Browser]]), un navigateur\n"
diff --git a/wiki/src/doc/about/features.mdwn b/wiki/src/doc/about/features.mdwn
index 38d4ad8..b2ae50d 100644
--- a/wiki/src/doc/about/features.mdwn
+++ b/wiki/src/doc/about/features.mdwn
@@ -18,7 +18,7 @@ Networking
* [Tor](https://www.torproject.org) with:
- [[stream isolation|contribute/design/stream_isolation]]
- regular, obfs2, obfs3, obfs4, and ScrambleSuit bridges support
- - the [Vidalia](https://www.torproject.org/projects/vidalia) graphical frontend ([[More...|doc/anonymous_internet/vidalia]])
+ - the Vidalia graphical frontend ([[More...|doc/anonymous_internet/vidalia]])
* [NetworkManager](http://projects.gnome.org/NetworkManager/) for easy
network configuration ([[More...|doc/anonymous_internet/networkmanager]])
* [Tor Browser](https://www.torproject.org/projects/torbrowser.html.en) ([[More...|doc/anonymous_internet/Tor_Browser]]), a web
diff --git a/wiki/src/doc/about/features.pt.po b/wiki/src/doc/about/features.pt.po
index 694fb96..ca22d2c 100644
--- a/wiki/src/doc/about/features.pt.po
+++ b/wiki/src/doc/about/features.pt.po
@@ -6,7 +6,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2015-05-11 14:31+0000\n"
+"POT-Creation-Date: 2015-10-21 09:30+0200\n"
"PO-Revision-Date: 2014-08-14 15:59+0200\n"
"Last-Translator: Tails Developers <amnesia@boum.org>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -85,7 +85,7 @@ msgid ""
"* [Tor](https://www.torproject.org) with:\n"
" - [[stream isolation|contribute/design/stream_isolation]]\n"
" - regular, obfs2, obfs3, obfs4, and ScrambleSuit bridges support\n"
-" - the [Vidalia](https://www.torproject.org/projects/vidalia) graphical frontend ([[More...|doc/anonymous_internet/vidalia]])\n"
+" - the Vidalia graphical frontend ([[More...|doc/anonymous_internet/vidalia]])\n"
"* [NetworkManager](http://projects.gnome.org/NetworkManager/) for easy\n"
" network configuration ([[More...|doc/anonymous_internet/networkmanager]])\n"
"* [Tor Browser](https://www.torproject.org/projects/torbrowser.html.en) ([[More...|doc/anonymous_internet/Tor_Browser]]), a web\n"
diff --git a/wiki/src/doc/about/tor.fr.po b/wiki/src/doc/about/tor.fr.po
index 277e2cf..7c3d930 100644
--- a/wiki/src/doc/about/tor.fr.po
+++ b/wiki/src/doc/about/tor.fr.po
@@ -5,16 +5,16 @@
#
msgid ""
msgstr ""
-"Project-Id-Version: PACKAGE VERSION\n"
+"Project-Id-Version: \n"
"POT-Creation-Date: 2015-02-22 12:54+0100\n"
-"PO-Revision-Date: 2015-01-18 11:06-0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"PO-Revision-Date: 2015-10-12 21:56+0100\n"
+"Last-Translator: AtomiKe <tails@atomike.ninja>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
-"Language: \n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
-"X-Generator: Poedit 1.5.4\n"
+"X-Generator: Poedit 1.6.10\n"
+"Language: fr\n"
#. type: Plain text
#, no-wrap
@@ -23,7 +23,8 @@ msgstr "[[!meta title=\"Pourquoi Tails utilise Tor ?\"]]\n"
#. type: Plain text
msgid "Tails uses Tor because it is the best available anonymity network."
-msgstr "Tails utilise Tor car c'est le meilleur réseau d'anonymat disponible."
+msgstr ""
+"Tails utilise Tor car c'est le meilleur réseau d'anonymisation disponible."
#. type: Title =
#, no-wrap
@@ -38,7 +39,7 @@ msgid ""
msgstr ""
"Nous voulons renforcer une bonne sécurité par défaut à nos utilisateurs. "
"C'est pourquoi il est dans les conditions fondamentales de Tails de forcer "
-"tout le trafic sortant à passer dans des réseau d'anonymisation tel que Tor."
+"tout le trafic sortant à passer dans des réseaux d'anonymisation tel que Tor."
#. type: Plain text
msgid ""
@@ -57,8 +58,8 @@ msgid ""
"in the network to know both the origin and the destination of a connection."
msgstr ""
"Les Virtual Private Networks (VPNs) pourraient être plus rapide que Tor mais "
-"ne ils sont pas des réseaux d'anonimysation , car les administrateurs des "
-"VPN peuvent savoir à la fois d'où vous vous connectez et vers où vous vous "
+"ils ne sont pas des réseaux d'anonymisation, car les administrateurs des VPN "
+"peuvent savoir à la fois d'où vous vous connectez et vers où vous vous "
"connectez et ainsi briser votre anonymat. Tor fournit de l'anonymat en "
"rendant impossible pour un unique point du réseau de savoir à la fois "
"l'origine et la destination d'une connexion."
@@ -104,7 +105,7 @@ msgstr ""
"d'entreprises, des militaires, des victimes d'abus et des citoyens lambda "
"concernés par leur vie privée. En fait cette diversité permet un anonymat "
"plus fort à chacun en rendant plus difficile d'identifier ou de cibler un "
-"profile d'utilisateur de Tor spécifique. L'anonymat aime la compagnie."
+"profil d'utilisateur de Tor spécifique. L'anonymat aime la compagnie."
#. type: Title =
#, no-wrap
@@ -128,7 +129,7 @@ msgid ""
"Software Foundation](https://www.fsf.org/news/2010-free-software-awards-"
"announced) to name a few."
msgstr ""
-"Tor a reçu des récompenses d' institutions comme la [Electronic Frontier "
+"Tor a reçu des récompenses d'institutions comme la [Electronic Frontier "
"Foundation](https://www.eff.org/awards/pioneer/2012), et la [Free Software "
"Foundation](https://www.fsf.org/news/2010-free-software-awards-announced) "
"pour ne nommer qu'elles."
@@ -148,7 +149,7 @@ msgstr ""
#. type: Plain text
#, no-wrap
msgid "<a id=\"relationship\"></a>\n"
-msgstr ""
+msgstr "<a id=\"relationship\"></a>\n"
#. type: Title =
#, no-wrap
@@ -179,7 +180,7 @@ msgid ""
"class=\"application\">Tor Browser</span>).\n"
msgstr ""
"Tails est un système d'exploitation complet qui utilise Tor en tant qu'application\n"
-"réseau par défaut. The Tor Project recommande l'utilisation de Tails pour les cas\n"
+"réseau par défaut. Le projet Tor recommande l'utilisation de Tails pour les cas\n"
"d'usages non pris en compte par leurs propres projets (par exemple le\n"
"<span class=\"application\">navigateur Tor</span>).\n"
diff --git a/wiki/src/doc/about/warning.de.po b/wiki/src/doc/about/warning.de.po
index f94527f..46f3886 100644
--- a/wiki/src/doc/about/warning.de.po
+++ b/wiki/src/doc/about/warning.de.po
@@ -6,7 +6,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2015-08-03 11:42+0300\n"
+"POT-Creation-Date: 2015-10-11 18:23+0300\n"
"PO-Revision-Date: 2015-01-16 21:52-0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -231,12 +231,18 @@ msgstr ""
"die Tatsache, dass Sie Tor verwenden, zu verschleiern.\n"
#. type: Plain text
-#, no-wrap
+#, fuzzy, no-wrap
+#| msgid ""
+#| "**The destination server that you are contacting through Tor** can know whether your\n"
+#| "communication comes out from a Tor exit node by consulting the publicly\n"
+#| "available list of exit nodes that might contact it. For example using the [Tor\n"
+#| "Bulk Exit List tool](https://check.torproject.org/cgi-bin/TorBulkExitList.py) of\n"
+#| "the Tor Project.\n"
msgid ""
"**The destination server that you are contacting through Tor** can know whether your\n"
-"communication comes out from a Tor exit node by consulting the publicly\n"
+"communication comes from a Tor exit node by consulting the publicly\n"
"available list of exit nodes that might contact it. For example using the [Tor\n"
-"Bulk Exit List tool](https://check.torproject.org/cgi-bin/TorBulkExitList.py) of\n"
+"Bulk Exit List tool](https://check.torproject.org/cgi-bin/TorBulkExitList.py) from\n"
"the Tor Project.\n"
msgstr ""
"**Der Zielserver, den Sie über Tor kontaktieren**, kann durch Abfragen der öffentlichen Liste\n"
@@ -320,13 +326,21 @@ msgstr ""
"bei der Überprüfung der Authentizität der Server walten lassen sollten.\n"
#. type: Plain text
-#, no-wrap
+#, fuzzy, no-wrap
+#| msgid ""
+#| "Usually, this is automatically done throught SSL certificates checked by your\n"
+#| "browser against a given set of recognized [[!wikipedia\n"
+#| "Certificate_authority desc=\"certificate authorities\"]]).\n"
+#| "If you get a security exception message such as this one you might be victim of\n"
+#| "a man-in-the-middle attack and should not bypass it unless you have another\n"
+#| "trusted way of checking the certificate's fingerprint with the people running\n"
+#| "the service.\n"
msgid ""
"Usually, this is automatically done throught SSL certificates checked by your\n"
"browser against a given set of recognized [[!wikipedia\n"
"Certificate_authority desc=\"certificate authorities\"]]).\n"
-"If you get a security exception message such as this one you might be victim of\n"
-"a man-in-the-middle attack and should not bypass it unless you have another\n"
+"If you get a security exception message such as this one you might be the victim of\n"
+"a man-in-the-middle attack and should not bypass the warning unless you have another\n"
"trusted way of checking the certificate's fingerprint with the people running\n"
"the service.\n"
msgstr ""
@@ -344,18 +358,32 @@ msgid "[[!img ssl_warning.png link=no alt=\"This Connection is Untrusted\"]]\n"
msgstr "[[!img ssl_warning.png link=no alt=\"Dieser Verbindung wird nicht vertraut\"]]\n"
#. type: Plain text
+#, fuzzy
+#| msgid ""
+#| "But on top of that the certificate authorities model of trust on Internet "
+#| "is susceptible to various methods of compromise."
msgid ""
-"But on top of that the certificate authorities model of trust on Internet is "
-"susceptible to various methods of compromise."
+"But on top of that the certificate authorities model of trust on the "
+"Internet is susceptible to various methods of compromise."
msgstr ""
"Allerdings kommt noch hinzu, dass das Vertrauensmodell mit "
"Zertifizierungsstellen im Internet anfällig gegenüber zahlreicher Methoden "
"der Kompromittierung ist."
#. type: Plain text
+#, fuzzy
+#| msgid ""
+#| "For example, on March 15, 2011, Comodo, one of the major SSL certificates "
+#| "company, reported that a user account with an affiliate registration "
+#| "authority had been compromised. It was then used to create a new user "
+#| "account that issued nine certificate signing requests for seven domains: "
+#| "mail.google.com, login.live.com, www.google.com, login.yahoo.com (three "
+#| "certificates), login.skype.com, addons.mozilla.org, and global trustee. "
+#| "See [Comodo: The Recent RA Compromise](http://blogs.comodo.com/it-"
+#| "security/data-security/the-recent-ra-compromise/)."
msgid ""
"For example, on March 15, 2011, Comodo, one of the major SSL certificates "
-"company, reported that a user account with an affiliate registration "
+"authorities, reported that a user account with an affiliate registration "
"authority had been compromised. It was then used to create a new user "
"account that issued nine certificate signing requests for seven domains: "
"mail.google.com, login.live.com, www.google.com, login.yahoo.com (three "
@@ -374,15 +402,25 @@ msgstr ""
"security/the-recent-ra-compromise/)."
#. type: Plain text
+#, fuzzy
+#| msgid ""
+#| "Later in 2011, DigiNotar, a Dutch SSL certificate company, incorrectly "
+#| "issued certificates to a malicious party or parties. Later on, it came to "
+#| "light that they were apparently compromised months before or perhaps even "
+#| "in May of 2009 if not earlier. Rogue certificates were issued for domains "
+#| "such as google.com, mozilla.org, torproject.org, login.yahoo.com and many "
+#| "more. See, [The Tor Project: The DigiNotar Debacle, and what you should "
+#| "do about it](https://blog.torproject.org/blog/diginotar-debacle-and-what-"
+#| "you-should-do-about-it)."
msgid ""
"Later in 2011, DigiNotar, a Dutch SSL certificate company, incorrectly "
"issued certificates to a malicious party or parties. Later on, it came to "
-"light that they were apparently compromised months before or perhaps even in "
-"May of 2009 if not earlier. Rogue certificates were issued for domains such "
-"as google.com, mozilla.org, torproject.org, login.yahoo.com and many more. "
-"See, [The Tor Project: The DigiNotar Debacle, and what you should do about "
-"it](https://blog.torproject.org/blog/diginotar-debacle-and-what-you-should-"
-"do-about-it)."
+"light that they were apparently compromised months before, perhaps as far "
+"back as May of 2009, or even earlier. Rogue certificates were issued for "
+"domains such as google.com, mozilla.org, torproject.org, login.yahoo.com and "
+"many more. See [The Tor Project: The DigiNotar Debacle, and what you should "
+"do about it](https://blog.torproject.org/blog/diginotar-debacle-and-what-you-"
+"should-do-about-it)."
msgstr ""
"Später im Jahr 2011 stellte DigiNotar, ein dänisches Unternehmen für SSL-"
"Zertifikate, fehlerhafterweise Zertifikate für eine oder mehrere bösartige "
@@ -465,12 +503,19 @@ msgstr ""
"einem Angriff gegen Sie zusammenarbeiten."
#. type: Plain text
+#, fuzzy
+#| msgid ""
+#| "Tor tries to protect against traffic analysis, where an attacker tries to "
+#| "learn whom to investigate, but Tor can't protect against traffic "
+#| "confirmation (also known as end-to-end correlation), where an attacker "
+#| "tries to confirm an hypothesis by monitoring the right locations in the "
+#| "network and then doing the math."
msgid ""
"Tor tries to protect against traffic analysis, where an attacker tries to "
"learn whom to investigate, but Tor can't protect against traffic "
"confirmation (also known as end-to-end correlation), where an attacker tries "
-"to confirm an hypothesis by monitoring the right locations in the network "
-"and then doing the math."
+"to confirm a hypothesis by monitoring the right locations in the network and "
+"then doing the math."
msgstr ""
"Tor versucht dort vor Datenflussanalyse zu schützen, wo ein Angreifer "
"versucht zu lernen, wer zu untersuchen ist. Aber Tor kann nicht vor "
@@ -496,13 +541,19 @@ msgid "Tails doesn't encrypt your documents by default\n"
msgstr "Tails verschlüsselt Ihre Dokumente standardmäßig nicht\n"
#. type: Plain text
+#, fuzzy
+#| msgid ""
+#| "The documents that you might save on storage devices will not be "
+#| "encrypted by default, except in the [[encrypted persistent volume|doc/"
+#| "first_steps/persistence]]. But Tails provides you with tools to encrypt "
+#| "your documents, such as GnuPG, or encrypt your storage device, such as "
+#| "LUKS. It is likely that the files you may create will keep tracks that "
+#| "they were created using Tails."
msgid ""
"The documents that you might save on storage devices will not be encrypted "
"by default, except in the [[encrypted persistent volume|doc/first_steps/"
-"persistence]]. But Tails provides you with tools to encrypt your documents, "
-"such as GnuPG, or encrypt your storage device, such as LUKS. It is likely "
-"that the files you may create will keep tracks that they were created using "
-"Tails."
+"persistence]]. But Tails provides you with tools to encrypt your documents, "
+"such as GnuPG, or encrypt your storage devices, such as LUKS."
msgstr ""
"Standardmäßig werden Dokumente, die Sie möglicherweise auf einem Datenträger "
"speichern, nicht verschlüsselt, außer im [[verschlüsselten beständigen "
@@ -513,6 +564,12 @@ msgstr ""
"erstellt wurden."
#. type: Plain text
+msgid ""
+"It is also likely that the files you may create will contain evidence that "
+"they were created using Tails."
+msgstr ""
+
+#. type: Plain text
#, no-wrap
msgid ""
"**If you need to access the local hard-disks** of the computer you are using, be\n"
@@ -532,16 +589,32 @@ msgstr ""
#. type: Plain text
msgid ""
-"Numerous files format store hidden data or metadata inside of the files. "
-"Text processors or PDF files could store the name of the author, the date "
+"Numerous files formats store hidden data or metadata inside of the files. "
+"Word processing or PDF files could store the name of the author, the date "
"and time of creation of the file, and sometimes even parts of the editing "
-"history of the file… those hidden data depend on the file format and the "
-"software used. Please note also, that the Subject: as well as the rest of "
-"the header lines of your OpenPGP encrypted e-mail messages are not "
-"encrypted. This is not a bug of Tails or the [OpenPGP](http://www.mozilla-"
-"enigmail.org/forum/viewtopic.php?f=3&t=328) protocol; it's for backwards "
-"compatibility with the original SMTP protocol. Unfortunately no RFC standard "
-"exists yet for Subject encryption."
+"history of the file, depending on the file format and the software used."
+msgstr ""
+
+#. type: Plain text
+#, fuzzy
+#| msgid ""
+#| "Numerous files format store hidden data or metadata inside of the files. "
+#| "Text processors or PDF files could store the name of the author, the date "
+#| "and time of creation of the file, and sometimes even parts of the editing "
+#| "history of the file… those hidden data depend on the file format and the "
+#| "software used. Please note also, that the Subject: as well as the rest of "
+#| "the header lines of your OpenPGP encrypted e-mail messages are not "
+#| "encrypted. This is not a bug of Tails or the [OpenPGP](http://www.mozilla-"
+#| "enigmail.org/forum/viewtopic.php?f=3&t=328) protocol; it's for backwards "
+#| "compatibility with the original SMTP protocol. Unfortunately no RFC "
+#| "standard exists yet for Subject encryption."
+msgid ""
+"Please note also, that the Subject: as well as the rest of the header lines "
+"of your OpenPGP encrypted e-mail messages are not encrypted. This is not a "
+"bug of Tails or the [OpenPGP](http://www.mozilla-enigmail.org/forum/"
+"viewtopic.php?f=3&t=328) protocol; it's due to backwards compatibility with "
+"the original SMTP protocol. Unfortunately no RFC standard exists yet for "
+"Subject: line encryption."
msgstr ""
"Eine Vielzahl an Dateiformaten speichern versteckte Daten oder Metadaten in "
"den Dateien. Textverarbeitungsprogramme oder PDF Dateien könnten den Namen "
@@ -557,15 +630,25 @@ msgstr ""
"Betreffzeile gestatten."
#. type: Plain text
-msgid ""
-"Images file formats, like TIFF of JPEG, probably take the prize in this "
-"field. Those files, created by digital cameras or mobile phones, contain a "
-"metadata format called EXIF which can include the date, time and sometimes "
-"the GPS coordinates of the picture, the brand and serial number of the "
-"device which took it as well as a thumbnail of the original image. Image "
-"processing software tend to keep those data intact. Internet is full of "
-"cropped or blurred images for which the EXIF thumbnail still contains the "
-"full original picture."
+#, fuzzy
+#| msgid ""
+#| "Images file formats, like TIFF of JPEG, probably take the prize in this "
+#| "field. Those files, created by digital cameras or mobile phones, contain "
+#| "a metadata format called EXIF which can include the date, time and "
+#| "sometimes the GPS coordinates of the picture, the brand and serial number "
+#| "of the device which took it as well as a thumbnail of the original image. "
+#| "Image processing software tend to keep those data intact. Internet is "
+#| "full of cropped or blurred images for which the EXIF thumbnail still "
+#| "contains the full original picture."
+msgid ""
+"Image file formats, like TIFF of JPEG, probably take the prize for most "
+"hidden data. These files, created by digital cameras or mobile phones, "
+"contain a metadata format called EXIF which can include the date, time and "
+"sometimes the GPS coordinates when the picture was taken, the brand and "
+"serial number of the device which took it, as well as a thumbnail of the "
+"original image. Image processing software tends to keep this metadata "
+"intact. The internet is full of cropped or blurred images in which the "
+"included EXIF thumbnail still shows the original picture."
msgstr ""
"Bilddateiformate, wie TIFF oder JPEG, schießen hier möglicherweise den Vogel "
"ab. Diese Dateien, die von Digitalkameras oder Handys erstellt werden, "
@@ -594,12 +677,19 @@ msgid "Tor doesn't protect you from a global adversary\n"
msgstr "Tor schützt Sie nicht vor einem globalen Angreifer\n"
#. type: Plain text
+#, fuzzy
+#| msgid ""
+#| "A global passive adversary would be a person or an entity able to monitor "
+#| "at the same time the traffic between all the computers in a network. By "
+#| "studying, for example, the timing and volume patterns of the different "
+#| "communications across the network, it would be statistically possible to "
+#| "identify Tor circuits and thus matching Tor users and destination servers."
msgid ""
"A global passive adversary would be a person or an entity able to monitor at "
"the same time the traffic between all the computers in a network. By "
"studying, for example, the timing and volume patterns of the different "
"communications across the network, it would be statistically possible to "
-"identify Tor circuits and thus matching Tor users and destination servers."
+"identify Tor circuits and thus match Tor users and destination servers."
msgstr ""
"Ein globaler passiver Angreifer wäre die Person oder Institution mit der "
"Fähigkeit, gleichzeitig den gesamten Datenverkehr aller Computer in einem "
@@ -619,10 +709,16 @@ msgstr ""
"Webbrowsing, Internet-Chat oder SSH-Verbindungen zu schaffen."
#. type: Plain text
+#, fuzzy
+#| msgid ""
+#| "For more expert information see [Tor Project: The Second-Generation Onion "
+#| "Router](https://svn.torproject.org/svn/projects/design-paper/tor-design."
+#| "pdf), part 3. Design goals and assumptions."
msgid ""
-"For more expert information see [Tor Project: The Second-Generation Onion "
-"Router](https://svn.torproject.org/svn/projects/design-paper/tor-design."
-"pdf), part 3. Design goals and assumptions."
+"For more expert information see the Tor design paper, \"[Tor Project: The "
+"Second-Generation Onion Router](https://svn.torproject.org/svn/projects/"
+"design-paper/tor-design.pdf)\", specifically, \"Part 3. Design goals and "
+"assumptions.\""
msgstr ""
"Für weiterführende Information siehe [Tor Project: The Second-Generation "
"Onion Router](https://svn.torproject.org/svn/projects/design-paper/tor-"
@@ -639,11 +735,17 @@ msgid "Tails doesn't magically separate your different contextual identities\n"
msgstr "Tails besitzt keinen magischen Mechanismus, um Ihre Identitäten für verschiedene Kontexte zu trennen\n"
#. type: Plain text
+#, fuzzy
+#| msgid ""
+#| "It is usually not advisable to use the same Tails session to perform two "
+#| "tasks or endorse two contextual identities that you really want to keep "
+#| "separate from another. For example hiding your location to check your "
+#| "email and publishing anonymously a document."
msgid ""
"It is usually not advisable to use the same Tails session to perform two "
"tasks or endorse two contextual identities that you really want to keep "
-"separate from another. For example hiding your location to check your email "
-"and publishing anonymously a document."
+"separate from one another. For example hiding your location to check your "
+"email and anonymously publishing a document."
msgstr ""
"Im Allgemeinen sei davon abgeraten, die selbe Tails-Sitzung für zwei "
"verschiedene Aufgaben oder zwei kontextabhängige Identitäten zu verwenden, "
@@ -652,15 +754,25 @@ msgstr ""
"die anonyme Veröffentlichung eines Dokuments."
#. type: Plain text
-msgid ""
-"First, because Tor tends to reuse the same circuits, for example amongst a "
+#, fuzzy
+#| msgid ""
+#| "First, because Tor tends to reuse the same circuits, for example amongst "
+#| "a same browsing session. Since the exit node of a circuit knows both the "
+#| "destination server (and possibly the content of the communication if not "
+#| "encrypted) and the address of the previous relay it received the "
+#| "communication from, it makes it easier to correlate the several browsing "
+#| "requests as part of a same circuit and possibly made by a same user. If "
+#| "you are facing a global adversary as described above, it might then also "
+#| "be in position to do this correlation."
+msgid ""
+"First, because Tor tends to reuse the same circuits, for example, within the "
"same browsing session. Since the exit node of a circuit knows both the "
-"destination server (and possibly the content of the communication if not "
-"encrypted) and the address of the previous relay it received the "
-"communication from, it makes it easier to correlate the several browsing "
-"requests as part of a same circuit and possibly made by a same user. If you "
-"are facing a global adversary as described above, it might then also be in "
-"position to do this correlation."
+"destination server (and possibly the content of the communication if it's "
+"not encrypted) and the address of the previous relay it received the "
+"communication from, it makes it easier to correlate several browsing "
+"requests as part of a same circuit and possibly made by the same user. If "
+"you are facing a global adversary as described above, it might then also be "
+"in a position to do this correlation."
msgstr ""
"Erstens, da Tor dazu tendiert die selbe Verbindung zu verwenden, "
"beispielsweise innerhalb der selben Browser-Sitzung. Da das Ausgangsrelais "
@@ -673,9 +785,15 @@ msgstr ""
"Durchführung dieser Korrelation in der Lage sein."
#. type: Plain text
+#, fuzzy
+#| msgid ""
+#| "Second, in case of a security hole or a misuse in using Tails or one of "
+#| "its application, information about your session could be leaked. That "
+#| "could reveal that the same person was behind the various actions made "
+#| "during the session."
msgid ""
-"Second, in case of a security hole or a misuse in using Tails or one of its "
-"application, information about your session could be leaked. That could "
+"Second, in case of a security hole or an error in using Tails or one of its "
+"applications, information about your session could be leaked. That could "
"reveal that the same person was behind the various actions made during the "
"session."
msgstr ""
@@ -708,9 +826,14 @@ msgid "Tails doesn't make your crappy passwords stronger\n"
msgstr "Tails macht Ihre schlechten Passwörter nicht sicherer\n"
#. type: Plain text
+#, fuzzy
+#| msgid ""
+#| "Tor allows you to be anonymous online; Tails allows you to leave no trace "
+#| "on the computer you're using. But again, **neither of both are magic "
+#| "spells for computer security**."
msgid ""
"Tor allows you to be anonymous online; Tails allows you to leave no trace on "
-"the computer you're using. But again, **neither of both are magic spells for "
+"the computer you're using. But again, **neither or both are magic spells for "
"computer security**."
msgstr ""
"Tor ermöglicht Ihnen Anonymität im Internet; Tails ermöglicht Ihnen, keine "
@@ -736,10 +859,15 @@ msgid "Tails is a work in progress\n"
msgstr "Tails ist ständig in Bearbeitung\n"
#. type: Plain text
+#, fuzzy
+#| msgid ""
+#| "Tails, as well as all the software it includes, are on continuous "
+#| "development and might contain programming errors or security holes. "
+#| "[[Stay tuned|download#stay_tuned]] to Tails development."
msgid ""
-"Tails, as well as all the software it includes, are on continuous "
-"development and might contain programming errors or security holes. [[Stay "
-"tuned|download#stay_tuned]] to Tails development."
+"Tails, as well as all the software it includes, are continuously being "
+"developed and may contain programming errors or security holes. [[Stay tuned|"
+"download#stay_tuned]] to Tails development."
msgstr ""
"Tails und die gesamte mitgelieferte Software werden ständig weiterentwickelt "
"und können Programmierfehler oder Sicherheitslücken enthalten. [[Halten Sie "
diff --git a/wiki/src/doc/about/warning.fr.po b/wiki/src/doc/about/warning.fr.po
index 6fa6da8..5171fe1 100644
--- a/wiki/src/doc/about/warning.fr.po
+++ b/wiki/src/doc/about/warning.fr.po
@@ -6,7 +6,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2015-08-03 11:42+0300\n"
+"POT-Creation-Date: 2015-10-11 18:23+0300\n"
"PO-Revision-Date: 2015-07-01 19:16-0000\n"
"Last-Translator: amnesia <amnesia@boum.org>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -235,12 +235,18 @@ msgstr ""
"vous utilisez Tails.\n"
#. type: Plain text
-#, no-wrap
+#, fuzzy, no-wrap
+#| msgid ""
+#| "**The destination server that you are contacting through Tor** can know whether your\n"
+#| "communication comes out from a Tor exit node by consulting the publicly\n"
+#| "available list of exit nodes that might contact it. For example using the [Tor\n"
+#| "Bulk Exit List tool](https://check.torproject.org/cgi-bin/TorBulkExitList.py) of\n"
+#| "the Tor Project.\n"
msgid ""
"**The destination server that you are contacting through Tor** can know whether your\n"
-"communication comes out from a Tor exit node by consulting the publicly\n"
+"communication comes from a Tor exit node by consulting the publicly\n"
"available list of exit nodes that might contact it. For example using the [Tor\n"
-"Bulk Exit List tool](https://check.torproject.org/cgi-bin/TorBulkExitList.py) of\n"
+"Bulk Exit List tool](https://check.torproject.org/cgi-bin/TorBulkExitList.py) from\n"
"the Tor Project.\n"
msgstr ""
"**Le serveur de destination auquel vous vous connectez via Tor** peut savoir\n"
@@ -327,13 +333,21 @@ msgstr ""
"avec soin l'authenticité des serveurs.\n"
#. type: Plain text
-#, no-wrap
+#, fuzzy, no-wrap
+#| msgid ""
+#| "Usually, this is automatically done throught SSL certificates checked by your\n"
+#| "browser against a given set of recognized [[!wikipedia\n"
+#| "Certificate_authority desc=\"certificate authorities\"]]).\n"
+#| "If you get a security exception message such as this one you might be victim of\n"
+#| "a man-in-the-middle attack and should not bypass it unless you have another\n"
+#| "trusted way of checking the certificate's fingerprint with the people running\n"
+#| "the service.\n"
msgid ""
"Usually, this is automatically done throught SSL certificates checked by your\n"
"browser against a given set of recognized [[!wikipedia\n"
"Certificate_authority desc=\"certificate authorities\"]]).\n"
-"If you get a security exception message such as this one you might be victim of\n"
-"a man-in-the-middle attack and should not bypass it unless you have another\n"
+"If you get a security exception message such as this one you might be the victim of\n"
+"a man-in-the-middle attack and should not bypass the warning unless you have another\n"
"trusted way of checking the certificate's fingerprint with the people running\n"
"the service.\n"
msgstr ""
@@ -351,17 +365,31 @@ msgid "[[!img ssl_warning.png link=no alt=\"This Connection is Untrusted\"]]\n"
msgstr "[[!img ssl_warning.png link=no alt=\"Cette connexion n'est pas certifiée\"]]\n"
#. type: Plain text
+#, fuzzy
+#| msgid ""
+#| "But on top of that the certificate authorities model of trust on Internet "
+#| "is susceptible to various methods of compromise."
msgid ""
-"But on top of that the certificate authorities model of trust on Internet is "
-"susceptible to various methods of compromise."
+"But on top of that the certificate authorities model of trust on the "
+"Internet is susceptible to various methods of compromise."
msgstr ""
"Mais en plus, le modèle d'autorité de certification sur internet est "
"susceptible d'être compromis par des méthodes variées."
#. type: Plain text
+#, fuzzy
+#| msgid ""
+#| "For example, on March 15, 2011, Comodo, one of the major SSL certificates "
+#| "company, reported that a user account with an affiliate registration "
+#| "authority had been compromised. It was then used to create a new user "
+#| "account that issued nine certificate signing requests for seven domains: "
+#| "mail.google.com, login.live.com, www.google.com, login.yahoo.com (three "
+#| "certificates), login.skype.com, addons.mozilla.org, and global trustee. "
+#| "See [Comodo: The Recent RA Compromise](http://blogs.comodo.com/it-"
+#| "security/data-security/the-recent-ra-compromise/)."
msgid ""
"For example, on March 15, 2011, Comodo, one of the major SSL certificates "
-"company, reported that a user account with an affiliate registration "
+"authorities, reported that a user account with an affiliate registration "
"authority had been compromised. It was then used to create a new user "
"account that issued nine certificate signing requests for seven domains: "
"mail.google.com, login.live.com, www.google.com, login.yahoo.com (three "
@@ -379,15 +407,25 @@ msgstr ""
"recent-ra-compromise/)."
#. type: Plain text
+#, fuzzy
+#| msgid ""
+#| "Later in 2011, DigiNotar, a Dutch SSL certificate company, incorrectly "
+#| "issued certificates to a malicious party or parties. Later on, it came to "
+#| "light that they were apparently compromised months before or perhaps even "
+#| "in May of 2009 if not earlier. Rogue certificates were issued for domains "
+#| "such as google.com, mozilla.org, torproject.org, login.yahoo.com and many "
+#| "more. See, [The Tor Project: The DigiNotar Debacle, and what you should "
+#| "do about it](https://blog.torproject.org/blog/diginotar-debacle-and-what-"
+#| "you-should-do-about-it)."
msgid ""
"Later in 2011, DigiNotar, a Dutch SSL certificate company, incorrectly "
"issued certificates to a malicious party or parties. Later on, it came to "
-"light that they were apparently compromised months before or perhaps even in "
-"May of 2009 if not earlier. Rogue certificates were issued for domains such "
-"as google.com, mozilla.org, torproject.org, login.yahoo.com and many more. "
-"See, [The Tor Project: The DigiNotar Debacle, and what you should do about "
-"it](https://blog.torproject.org/blog/diginotar-debacle-and-what-you-should-"
-"do-about-it)."
+"light that they were apparently compromised months before, perhaps as far "
+"back as May of 2009, or even earlier. Rogue certificates were issued for "
+"domains such as google.com, mozilla.org, torproject.org, login.yahoo.com and "
+"many more. See [The Tor Project: The DigiNotar Debacle, and what you should "
+"do about it](https://blog.torproject.org/blog/diginotar-debacle-and-what-you-"
+"should-do-about-it)."
msgstr ""
"Plus tard en 2011, DigiNotar, une entreprise allemande qui délivre des "
"certificats SSL, à malencontreusement distribué des certificats à des gens "
@@ -468,12 +506,19 @@ msgstr ""
"destinataire lui-même) coopère pour vous pièger."
#. type: Plain text
+#, fuzzy
+#| msgid ""
+#| "Tor tries to protect against traffic analysis, where an attacker tries to "
+#| "learn whom to investigate, but Tor can't protect against traffic "
+#| "confirmation (also known as end-to-end correlation), where an attacker "
+#| "tries to confirm an hypothesis by monitoring the right locations in the "
+#| "network and then doing the math."
msgid ""
"Tor tries to protect against traffic analysis, where an attacker tries to "
"learn whom to investigate, but Tor can't protect against traffic "
"confirmation (also known as end-to-end correlation), where an attacker tries "
-"to confirm an hypothesis by monitoring the right locations in the network "
-"and then doing the math."
+"to confirm a hypothesis by monitoring the right locations in the network and "
+"then doing the math."
msgstr ""
"Tor essaye de protéger contre l'analyse de trafic, quand un attaquant essaye "
"de déterminer qui il doit écouter, mais Tor ne protège pas contre les "
@@ -498,13 +543,19 @@ msgid "Tails doesn't encrypt your documents by default\n"
msgstr "Tails ne chiffre pas vos documents par défaut\n"
#. type: Plain text
+#, fuzzy
+#| msgid ""
+#| "The documents that you might save on storage devices will not be "
+#| "encrypted by default, except in the [[encrypted persistent volume|doc/"
+#| "first_steps/persistence]]. But Tails provides you with tools to encrypt "
+#| "your documents, such as GnuPG, or encrypt your storage device, such as "
+#| "LUKS. It is likely that the files you may create will keep tracks that "
+#| "they were created using Tails."
msgid ""
"The documents that you might save on storage devices will not be encrypted "
"by default, except in the [[encrypted persistent volume|doc/first_steps/"
-"persistence]]. But Tails provides you with tools to encrypt your documents, "
-"such as GnuPG, or encrypt your storage device, such as LUKS. It is likely "
-"that the files you may create will keep tracks that they were created using "
-"Tails."
+"persistence]]. But Tails provides you with tools to encrypt your documents, "
+"such as GnuPG, or encrypt your storage devices, such as LUKS."
msgstr ""
"Les documents que vous pouvez sauvegarder sur des volumes de stockage, ne "
"seront pas chiffrés par défaut, sauf si vous utilisez la [[partition "
@@ -515,6 +566,12 @@ msgstr ""
"indiquant qu'ils furent créés en utilisant Tails."
#. type: Plain text
+msgid ""
+"It is also likely that the files you may create will contain evidence that "
+"they were created using Tails."
+msgstr ""
+
+#. type: Plain text
#, no-wrap
msgid ""
"**If you need to access the local hard-disks** of the computer you are using, be\n"
@@ -534,16 +591,32 @@ msgstr ""
#. type: Plain text
msgid ""
-"Numerous files format store hidden data or metadata inside of the files. "
-"Text processors or PDF files could store the name of the author, the date "
+"Numerous files formats store hidden data or metadata inside of the files. "
+"Word processing or PDF files could store the name of the author, the date "
"and time of creation of the file, and sometimes even parts of the editing "
-"history of the file… those hidden data depend on the file format and the "
-"software used. Please note also, that the Subject: as well as the rest of "
-"the header lines of your OpenPGP encrypted e-mail messages are not "
-"encrypted. This is not a bug of Tails or the [OpenPGP](http://www.mozilla-"
-"enigmail.org/forum/viewtopic.php?f=3&t=328) protocol; it's for backwards "
-"compatibility with the original SMTP protocol. Unfortunately no RFC standard "
-"exists yet for Subject encryption."
+"history of the file, depending on the file format and the software used."
+msgstr ""
+
+#. type: Plain text
+#, fuzzy
+#| msgid ""
+#| "Numerous files format store hidden data or metadata inside of the files. "
+#| "Text processors or PDF files could store the name of the author, the date "
+#| "and time of creation of the file, and sometimes even parts of the editing "
+#| "history of the file… those hidden data depend on the file format and the "
+#| "software used. Please note also, that the Subject: as well as the rest of "
+#| "the header lines of your OpenPGP encrypted e-mail messages are not "
+#| "encrypted. This is not a bug of Tails or the [OpenPGP](http://www.mozilla-"
+#| "enigmail.org/forum/viewtopic.php?f=3&t=328) protocol; it's for backwards "
+#| "compatibility with the original SMTP protocol. Unfortunately no RFC "
+#| "standard exists yet for Subject encryption."
+msgid ""
+"Please note also, that the Subject: as well as the rest of the header lines "
+"of your OpenPGP encrypted e-mail messages are not encrypted. This is not a "
+"bug of Tails or the [OpenPGP](http://www.mozilla-enigmail.org/forum/"
+"viewtopic.php?f=3&t=328) protocol; it's due to backwards compatibility with "
+"the original SMTP protocol. Unfortunately no RFC standard exists yet for "
+"Subject: line encryption."
msgstr ""
"De nombreux formats de fichiers contiennent des données cachées ou méta-"
"données en leur sein. Des traitements de textes ou des PDF peuvent contenir "
@@ -558,15 +631,25 @@ msgstr ""
"RFC n'existe à l'heure actuelle pour le chiffrement des sujets."
#. type: Plain text
-msgid ""
-"Images file formats, like TIFF of JPEG, probably take the prize in this "
-"field. Those files, created by digital cameras or mobile phones, contain a "
-"metadata format called EXIF which can include the date, time and sometimes "
-"the GPS coordinates of the picture, the brand and serial number of the "
-"device which took it as well as a thumbnail of the original image. Image "
-"processing software tend to keep those data intact. Internet is full of "
-"cropped or blurred images for which the EXIF thumbnail still contains the "
-"full original picture."
+#, fuzzy
+#| msgid ""
+#| "Images file formats, like TIFF of JPEG, probably take the prize in this "
+#| "field. Those files, created by digital cameras or mobile phones, contain "
+#| "a metadata format called EXIF which can include the date, time and "
+#| "sometimes the GPS coordinates of the picture, the brand and serial number "
+#| "of the device which took it as well as a thumbnail of the original image. "
+#| "Image processing software tend to keep those data intact. Internet is "
+#| "full of cropped or blurred images for which the EXIF thumbnail still "
+#| "contains the full original picture."
+msgid ""
+"Image file formats, like TIFF of JPEG, probably take the prize for most "
+"hidden data. These files, created by digital cameras or mobile phones, "
+"contain a metadata format called EXIF which can include the date, time and "
+"sometimes the GPS coordinates when the picture was taken, the brand and "
+"serial number of the device which took it, as well as a thumbnail of the "
+"original image. Image processing software tends to keep this metadata "
+"intact. The internet is full of cropped or blurred images in which the "
+"included EXIF thumbnail still shows the original picture."
msgstr ""
"Les formats d'images comme TIFF ou JPEG remporte sans doute la palme en la "
"matière. Ces fichiers, créés par des appareils photos numériques ou des "
@@ -595,12 +678,19 @@ msgid "Tor doesn't protect you from a global adversary\n"
msgstr "Tor ne vous protège pas face à un adversaire global\n"
#. type: Plain text
+#, fuzzy
+#| msgid ""
+#| "A global passive adversary would be a person or an entity able to monitor "
+#| "at the same time the traffic between all the computers in a network. By "
+#| "studying, for example, the timing and volume patterns of the different "
+#| "communications across the network, it would be statistically possible to "
+#| "identify Tor circuits and thus matching Tor users and destination servers."
msgid ""
"A global passive adversary would be a person or an entity able to monitor at "
"the same time the traffic between all the computers in a network. By "
"studying, for example, the timing and volume patterns of the different "
"communications across the network, it would be statistically possible to "
-"identify Tor circuits and thus matching Tor users and destination servers."
+"identify Tor circuits and thus match Tor users and destination servers."
msgstr ""
"Un adversaire global passif serait une personne ou une entité capable de "
"regarder et donc de comparer le trafic entre tous les ordinateurs d'un "
@@ -620,10 +710,16 @@ msgstr ""
"le web, le chat, ou les connexions SSH."
#. type: Plain text
+#, fuzzy
+#| msgid ""
+#| "For more expert information see [Tor Project: The Second-Generation Onion "
+#| "Router](https://svn.torproject.org/svn/projects/design-paper/tor-design."
+#| "pdf), part 3. Design goals and assumptions."
msgid ""
-"For more expert information see [Tor Project: The Second-Generation Onion "
-"Router](https://svn.torproject.org/svn/projects/design-paper/tor-design."
-"pdf), part 3. Design goals and assumptions."
+"For more expert information see the Tor design paper, \"[Tor Project: The "
+"Second-Generation Onion Router](https://svn.torproject.org/svn/projects/"
+"design-paper/tor-design.pdf)\", specifically, \"Part 3. Design goals and "
+"assumptions.\""
msgstr ""
"Pour des infos plus approfondies voir (en anglais) [Tor Project: The Second-"
"Generation Onion Router](https://svn.torproject.org/svn/projects/design-"
@@ -640,11 +736,17 @@ msgid "Tails doesn't magically separate your different contextual identities\n"
msgstr "Tails ne sépare pas de façon magique vos différentes identités contextuelles\n"
#. type: Plain text
+#, fuzzy
+#| msgid ""
+#| "It is usually not advisable to use the same Tails session to perform two "
+#| "tasks or endorse two contextual identities that you really want to keep "
+#| "separate from another. For example hiding your location to check your "
+#| "email and publishing anonymously a document."
msgid ""
"It is usually not advisable to use the same Tails session to perform two "
"tasks or endorse two contextual identities that you really want to keep "
-"separate from another. For example hiding your location to check your email "
-"and publishing anonymously a document."
+"separate from one another. For example hiding your location to check your "
+"email and anonymously publishing a document."
msgstr ""
"Il est généralement déconseillé d'utiliser la même session de Tails pour "
"effectuer deux tâches, ou pour endosser deux identités contextuelles, que "
@@ -653,15 +755,25 @@ msgstr ""
"sur le web."
#. type: Plain text
-msgid ""
-"First, because Tor tends to reuse the same circuits, for example amongst a "
+#, fuzzy
+#| msgid ""
+#| "First, because Tor tends to reuse the same circuits, for example amongst "
+#| "a same browsing session. Since the exit node of a circuit knows both the "
+#| "destination server (and possibly the content of the communication if not "
+#| "encrypted) and the address of the previous relay it received the "
+#| "communication from, it makes it easier to correlate the several browsing "
+#| "requests as part of a same circuit and possibly made by a same user. If "
+#| "you are facing a global adversary as described above, it might then also "
+#| "be in position to do this correlation."
+msgid ""
+"First, because Tor tends to reuse the same circuits, for example, within the "
"same browsing session. Since the exit node of a circuit knows both the "
-"destination server (and possibly the content of the communication if not "
-"encrypted) and the address of the previous relay it received the "
-"communication from, it makes it easier to correlate the several browsing "
-"requests as part of a same circuit and possibly made by a same user. If you "
-"are facing a global adversary as described above, it might then also be in "
-"position to do this correlation."
+"destination server (and possibly the content of the communication if it's "
+"not encrypted) and the address of the previous relay it received the "
+"communication from, it makes it easier to correlate several browsing "
+"requests as part of a same circuit and possibly made by the same user. If "
+"you are facing a global adversary as described above, it might then also be "
+"in a position to do this correlation."
msgstr ""
"Tout d'abord, parce que Tor tend à réutiliser le même circuit, pour une même "
"session de navigation par exemple. Comme le nœud de sortie \"connaît\" à la "
@@ -673,9 +785,15 @@ msgstr ""
"pourrait également être en mesure de faire cette corrélation."
#. type: Plain text
+#, fuzzy
+#| msgid ""
+#| "Second, in case of a security hole or a misuse in using Tails or one of "
+#| "its application, information about your session could be leaked. That "
+#| "could reveal that the same person was behind the various actions made "
+#| "during the session."
msgid ""
-"Second, in case of a security hole or a misuse in using Tails or one of its "
-"application, information about your session could be leaked. That could "
+"Second, in case of a security hole or an error in using Tails or one of its "
+"applications, information about your session could be leaked. That could "
"reveal that the same person was behind the various actions made during the "
"session."
msgstr ""
@@ -714,9 +832,14 @@ msgid "Tails doesn't make your crappy passwords stronger\n"
msgstr "Tails ne renforce aucunement la faiblesse de vos mots de passe\n"
#. type: Plain text
+#, fuzzy
+#| msgid ""
+#| "Tor allows you to be anonymous online; Tails allows you to leave no trace "
+#| "on the computer you're using. But again, **neither of both are magic "
+#| "spells for computer security**."
msgid ""
"Tor allows you to be anonymous online; Tails allows you to leave no trace on "
-"the computer you're using. But again, **neither of both are magic spells for "
+"the computer you're using. But again, **neither or both are magic spells for "
"computer security**."
msgstr ""
"Tor vous permet d'utiliser internet de manière anonyme; Tails vous permet de "
@@ -743,10 +866,15 @@ msgid "Tails is a work in progress\n"
msgstr "Tails est toujours en construction\n"
#. type: Plain text
+#, fuzzy
+#| msgid ""
+#| "Tails, as well as all the software it includes, are on continuous "
+#| "development and might contain programming errors or security holes. "
+#| "[[Stay tuned|download#stay_tuned]] to Tails development."
msgid ""
-"Tails, as well as all the software it includes, are on continuous "
-"development and might contain programming errors or security holes. [[Stay "
-"tuned|download#stay_tuned]] to Tails development."
+"Tails, as well as all the software it includes, are continuously being "
+"developed and may contain programming errors or security holes. [[Stay tuned|"
+"download#stay_tuned]] to Tails development."
msgstr ""
"Tails, de même que tous les logiciels qu'il contient, sont continuellement "
"en développement et peuvent contenir des erreurs de programmation ou des "
diff --git a/wiki/src/doc/about/warning.mdwn b/wiki/src/doc/about/warning.mdwn
index 8245024..38be935 100644
--- a/wiki/src/doc/about/warning.mdwn
+++ b/wiki/src/doc/about/warning.mdwn
@@ -93,9 +93,9 @@ conditions|first_steps/startup_options/bridge_mode]] can help you hide the fact
that you are using Tor.
**The destination server that you are contacting through Tor** can know whether your
-communication comes out from a Tor exit node by consulting the publicly
+communication comes from a Tor exit node by consulting the publicly
available list of exit nodes that might contact it. For example using the [Tor
-Bulk Exit List tool](https://check.torproject.org/cgi-bin/TorBulkExitList.py) of
+Bulk Exit List tool](https://check.torproject.org/cgi-bin/TorBulkExitList.py) from
the Tor Project.
**So using Tails doesn't make you look like any random Internet user.**
@@ -131,18 +131,18 @@ authenticity.
Usually, this is automatically done throught SSL certificates checked by your
browser against a given set of recognized [[!wikipedia
Certificate_authority desc="certificate authorities"]]).
-If you get a security exception message such as this one you might be victim of
-a man-in-the-middle attack and should not bypass it unless you have another
+If you get a security exception message such as this one you might be the victim of
+a man-in-the-middle attack and should not bypass the warning unless you have another
trusted way of checking the certificate's fingerprint with the people running
the service.
[[!img ssl_warning.png link=no alt="This Connection is Untrusted"]]
-But on top of that the certificate authorities model of trust on Internet is
+But on top of that the certificate authorities model of trust on the Internet is
susceptible to various methods of compromise.
For example, on March 15, 2011,
-Comodo, one of the major SSL certificates company, reported that a user account
+Comodo, one of the major SSL certificates authorities, reported that a user account
with an affiliate registration authority had been compromised. It was then used
to create a new user account that issued nine certificate signing requests for
seven domains: mail.google.com, login.live.com, www.google.com, login.yahoo.com
@@ -152,9 +152,9 @@ Compromise](http://blogs.comodo.com/it-security/data-security/the-recent-ra-comp
Later in 2011, DigiNotar, a Dutch SSL certificate company, incorrectly issued
certificates to a malicious party or parties. Later on, it came to light that
-they were apparently compromised months before or perhaps even in May of 2009 if
-not earlier. Rogue certificates were issued for domains such as google.com,
-mozilla.org, torproject.org, login.yahoo.com and many more. See, [The Tor
+they were apparently compromised months before, perhaps as far back as May of 2009,
+or even earlier. Rogue certificates were issued for domains such as google.com,
+mozilla.org, torproject.org, login.yahoo.com and many more. See [The Tor
Project: The DigiNotar Debacle, and what you should do about
it](https://blog.torproject.org/blog/diginotar-debacle-and-what-you-should-do-about-it).
@@ -189,7 +189,7 @@ cooperate to attack you.
Tor tries to protect against traffic analysis, where an attacker tries to learn
whom to investigate, but Tor can't protect against traffic confirmation (also
-known as end-to-end correlation), where an attacker tries to confirm an
+known as end-to-end correlation), where an attacker tries to confirm a
hypothesis by monitoring the right locations in the network and then doing the
math.
@@ -201,9 +201,11 @@ Tails doesn't encrypt your documents by default
===============================================
The documents that you might save on storage devices will not be encrypted by
-default, except in the [[encrypted persistent volume|doc/first_steps/persistence]]. But Tails provides you with tools to encrypt your documents, such as
-GnuPG, or encrypt your storage device, such as LUKS. It is likely that the files
-you may create will keep tracks that they were created using Tails.
+default, except in the [[encrypted persistent volume|doc/first_steps/persistence]].
+But Tails provides you with tools to encrypt your documents, such as
+GnuPG, or encrypt your storage devices, such as LUKS.
+
+It is also likely that the files you may create will contain evidence that they were created using Tails.
**If you need to access the local hard-disks** of the computer you are using, be
conscious that you might then leave trace of your activities with Tails on it.
@@ -211,18 +213,24 @@ conscious that you might then leave trace of your activities with Tails on it.
Tails doesn't clear the metadata of your documents for you and doesn't encrypt the Subject: and other headers of your encrypted e-mail messages
===========================================================================================
-Numerous files format store hidden data or metadata inside of the files. Text
-processors or PDF files could store the name of the author, the date and time of
+Numerous files formats store hidden data or metadata inside of the files. Word
+processing or PDF files could store the name of the author, the date and time of
creation of the file, and sometimes even parts of the editing history of the
-file… those hidden data depend on the file format and the software used. Please note also, that the Subject: as well as the rest of the header lines of your OpenPGP encrypted e-mail messages are not encrypted. This is not a bug of Tails or the [OpenPGP](http://www.mozilla-enigmail.org/forum/viewtopic.php?f=3&t=328) protocol; it's for backwards compatibility with the original SMTP protocol. Unfortunately no RFC standard exists yet for Subject encryption.
+file, depending on the file format and the software used.
+
+Please note also, that the Subject: as well as the rest of the header lines of your
+OpenPGP encrypted e-mail messages are not encrypted. This is not a bug of Tails or
+the [OpenPGP](http://www.mozilla-enigmail.org/forum/viewtopic.php?f=3&t=328) protocol;
+it's due to backwards compatibility with the original SMTP protocol. Unfortunately no
+RFC standard exists yet for Subject: line encryption.
-Images file formats, like TIFF of JPEG, probably take the prize in this field.
-Those files, created by digital cameras or mobile phones, contain a metadata
+Image file formats, like TIFF of JPEG, probably take the prize for most hidden data.
+These files, created by digital cameras or mobile phones, contain a metadata
format called EXIF which can include the date, time and sometimes the GPS
-coordinates of the picture, the brand and serial number of the device which took
-it as well as a thumbnail of the original image. Image processing software tend
-to keep those data intact. Internet is full of cropped or blurred images for
-which the EXIF thumbnail still contains the full original picture.
+coordinates when the picture was taken, the brand and serial number of the device which took
+it, as well as a thumbnail of the original image. Image processing software tends
+to keep this metadata intact. The internet is full of cropped or blurred images in
+which the included EXIF thumbnail still shows the original picture.
**Tails doesn't clear the metadata of your files for you**. Yet. Still it's in
Tails' design goal to help you do that. For example, Tails already comes with
@@ -235,15 +243,15 @@ A global passive adversary would be a person or an entity able to monitor at the
same time the traffic between all the computers in a network. By studying, for
example, the timing and volume patterns of the different communications across
the network, it would be statistically possible to identify Tor circuits and
-thus matching Tor users and destination servers.
+thus match Tor users and destination servers.
It is part of Tor's initial trade-off not to address such a threat in order to
create a low-latency communication service usable for web browsing, Internet
chat or SSH connections.
-For more expert information see [Tor Project: The Second-Generation Onion
-Router](https://svn.torproject.org/svn/projects/design-paper/tor-design.pdf),
-part 3. Design goals and assumptions.
+For more expert information see the Tor design paper, "[Tor Project: The Second-Generation Onion
+Router](https://svn.torproject.org/svn/projects/design-paper/tor-design.pdf)",
+specifically, "Part 3. Design goals and assumptions."
<a id="identities"></a>
@@ -252,19 +260,19 @@ Tails doesn't magically separate your different contextual identities
It is usually not advisable to use the same Tails session to perform two tasks
or endorse two contextual identities that you really want to keep separate
-from another. For example hiding your location to check your email and
-publishing anonymously a document.
+from one another. For example hiding your location to check your email and
+anonymously publishing a document.
-First, because Tor tends to reuse the same circuits, for example amongst a same
+First, because Tor tends to reuse the same circuits, for example, within the same
browsing session. Since the exit node of a circuit knows both the destination
-server (and possibly the content of the communication if not encrypted) and the
+server (and possibly the content of the communication if it's not encrypted) and the
address of the previous relay it received the communication from, it makes it
-easier to correlate the several browsing requests as part of a same circuit and
-possibly made by a same user. If you are facing a global adversary as described
-above, it might then also be in position to do this correlation.
+easier to correlate several browsing requests as part of a same circuit and
+possibly made by the same user. If you are facing a global adversary as described
+above, it might then also be in a position to do this correlation.
-Second, in case of a security hole or a misuse in using Tails or one of its
-application, information about your session could be leaked. That could reveal
+Second, in case of a security hole or an error in using Tails or one of its
+applications, information about your session could be leaked. That could reveal
that the same person was behind the various actions made during the session.
**The solution to both threats is to shutdown and restart Tails** every time
@@ -280,7 +288,7 @@ Tails doesn't make your crappy passwords stronger
=================================================
Tor allows you to be anonymous online; Tails allows you to leave no trace on the
-computer you're using. But again, **neither of both are magic spells for computer
+computer you're using. But again, **neither or both are magic spells for computer
security**.
If you use weak passwords, they can be guessed by brute-force attacks with or
@@ -291,6 +299,6 @@ Weak_password#Examples_of_weak_passwords desc="Wikipedia: Weak Passwords"]].
Tails is a work in progress
===========================
-Tails, as well as all the software it includes, are on continuous development
-and might contain programming errors or security holes. [[Stay
+Tails, as well as all the software it includes, are continuously being developed
+and may contain programming errors or security holes. [[Stay
tuned|download#stay_tuned]] to Tails development.
diff --git a/wiki/src/doc/about/warning.pt.po b/wiki/src/doc/about/warning.pt.po
index 929a468..2526fea 100644
--- a/wiki/src/doc/about/warning.pt.po
+++ b/wiki/src/doc/about/warning.pt.po
@@ -6,7 +6,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2015-08-03 11:42+0300\n"
+"POT-Creation-Date: 2015-10-11 18:23+0300\n"
"PO-Revision-Date: 2014-11-24 16:47+0100\n"
"Last-Translator: Tails Developers <amnesia@boum.org>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -231,12 +231,18 @@ msgstr ""
"o fato de que você está usando Tor.\n"
#. type: Plain text
-#, no-wrap
+#, fuzzy, no-wrap
+#| msgid ""
+#| "**The destination server that you are contacting through Tor** can know whether your\n"
+#| "communication comes out from a Tor exit node by consulting the publicly\n"
+#| "available list of exit nodes that might contact it. For example using the [Tor\n"
+#| "Bulk Exit List tool](https://check.torproject.org/cgi-bin/TorBulkExitList.py) of\n"
+#| "the Tor Project.\n"
msgid ""
"**The destination server that you are contacting through Tor** can know whether your\n"
-"communication comes out from a Tor exit node by consulting the publicly\n"
+"communication comes from a Tor exit node by consulting the publicly\n"
"available list of exit nodes that might contact it. For example using the [Tor\n"
-"Bulk Exit List tool](https://check.torproject.org/cgi-bin/TorBulkExitList.py) of\n"
+"Bulk Exit List tool](https://check.torproject.org/cgi-bin/TorBulkExitList.py) from\n"
"the Tor Project.\n"
msgstr ""
"**O servidor de destino ao qual você está conectando através do Tor** pode saber se\n"
@@ -319,13 +325,21 @@ msgstr ""
"a autenticidade do servidor.\n"
#. type: Plain text
-#, no-wrap
+#, fuzzy, no-wrap
+#| msgid ""
+#| "Usually, this is automatically done throught SSL certificates checked by your\n"
+#| "browser against a given set of recognized [[!wikipedia\n"
+#| "Certificate_authority desc=\"certificate authorities\"]]).\n"
+#| "If you get a security exception message such as this one you might be victim of\n"
+#| "a man-in-the-middle attack and should not bypass it unless you have another\n"
+#| "trusted way of checking the certificate's fingerprint with the people running\n"
+#| "the service.\n"
msgid ""
"Usually, this is automatically done throught SSL certificates checked by your\n"
"browser against a given set of recognized [[!wikipedia\n"
"Certificate_authority desc=\"certificate authorities\"]]).\n"
-"If you get a security exception message such as this one you might be victim of\n"
-"a man-in-the-middle attack and should not bypass it unless you have another\n"
+"If you get a security exception message such as this one you might be the victim of\n"
+"a man-in-the-middle attack and should not bypass the warning unless you have another\n"
"trusted way of checking the certificate's fingerprint with the people running\n"
"the service.\n"
msgstr ""
@@ -343,17 +357,31 @@ msgid "[[!img ssl_warning.png link=no alt=\"This Connection is Untrusted\"]]\n"
msgstr "[[!img ssl_warning.png link=no alt=\"Esta conexão não é confiável\"]]\n"
#. type: Plain text
+#, fuzzy
+#| msgid ""
+#| "But on top of that the certificate authorities model of trust on Internet "
+#| "is susceptible to various methods of compromise."
msgid ""
-"But on top of that the certificate authorities model of trust on Internet is "
-"susceptible to various methods of compromise."
+"But on top of that the certificate authorities model of trust on the "
+"Internet is susceptible to various methods of compromise."
msgstr ""
"Mas acima disto ainda está o fato de que o modelo de confiança baseado em "
"autoridades certificadoras é suscetível a vários métodos de comprometimento."
#. type: Plain text
+#, fuzzy
+#| msgid ""
+#| "For example, on March 15, 2011, Comodo, one of the major SSL certificates "
+#| "company, reported that a user account with an affiliate registration "
+#| "authority had been compromised. It was then used to create a new user "
+#| "account that issued nine certificate signing requests for seven domains: "
+#| "mail.google.com, login.live.com, www.google.com, login.yahoo.com (three "
+#| "certificates), login.skype.com, addons.mozilla.org, and global trustee. "
+#| "See [Comodo: The Recent RA Compromise](http://blogs.comodo.com/it-"
+#| "security/data-security/the-recent-ra-compromise/)."
msgid ""
"For example, on March 15, 2011, Comodo, one of the major SSL certificates "
-"company, reported that a user account with an affiliate registration "
+"authorities, reported that a user account with an affiliate registration "
"authority had been compromised. It was then used to create a new user "
"account that issued nine certificate signing requests for seven domains: "
"mail.google.com, login.live.com, www.google.com, login.yahoo.com (three "
@@ -371,15 +399,25 @@ msgstr ""
"security/data-security/the-recent-ra-compromise/) (em inglês)."
#. type: Plain text
+#, fuzzy
+#| msgid ""
+#| "Later in 2011, DigiNotar, a Dutch SSL certificate company, incorrectly "
+#| "issued certificates to a malicious party or parties. Later on, it came to "
+#| "light that they were apparently compromised months before or perhaps even "
+#| "in May of 2009 if not earlier. Rogue certificates were issued for domains "
+#| "such as google.com, mozilla.org, torproject.org, login.yahoo.com and many "
+#| "more. See, [The Tor Project: The DigiNotar Debacle, and what you should "
+#| "do about it](https://blog.torproject.org/blog/diginotar-debacle-and-what-"
+#| "you-should-do-about-it)."
msgid ""
"Later in 2011, DigiNotar, a Dutch SSL certificate company, incorrectly "
"issued certificates to a malicious party or parties. Later on, it came to "
-"light that they were apparently compromised months before or perhaps even in "
-"May of 2009 if not earlier. Rogue certificates were issued for domains such "
-"as google.com, mozilla.org, torproject.org, login.yahoo.com and many more. "
-"See, [The Tor Project: The DigiNotar Debacle, and what you should do about "
-"it](https://blog.torproject.org/blog/diginotar-debacle-and-what-you-should-"
-"do-about-it)."
+"light that they were apparently compromised months before, perhaps as far "
+"back as May of 2009, or even earlier. Rogue certificates were issued for "
+"domains such as google.com, mozilla.org, torproject.org, login.yahoo.com and "
+"many more. See [The Tor Project: The DigiNotar Debacle, and what you should "
+"do about it](https://blog.torproject.org/blog/diginotar-debacle-and-what-you-"
+"should-do-about-it)."
msgstr ""
"Ainda em 2011 a DigiNotar, uma companhia holandesa de certificação SSL, "
"emitiu incorretamente certificados para terceiros maliciosos. Mais tarde, "
@@ -460,12 +498,19 @@ msgstr ""
"para te atacar."
#. type: Plain text
+#, fuzzy
+#| msgid ""
+#| "Tor tries to protect against traffic analysis, where an attacker tries to "
+#| "learn whom to investigate, but Tor can't protect against traffic "
+#| "confirmation (also known as end-to-end correlation), where an attacker "
+#| "tries to confirm an hypothesis by monitoring the right locations in the "
+#| "network and then doing the math."
msgid ""
"Tor tries to protect against traffic analysis, where an attacker tries to "
"learn whom to investigate, but Tor can't protect against traffic "
"confirmation (also known as end-to-end correlation), where an attacker tries "
-"to confirm an hypothesis by monitoring the right locations in the network "
-"and then doing the math."
+"to confirm a hypothesis by monitoring the right locations in the network and "
+"then doing the math."
msgstr ""
"Tor tenta proteger contra análise de tráfego, na qual um atacante tenta "
"descobrir quem deve investigar, mas o Tor não pode protegê-lo/a contra "
@@ -500,10 +545,8 @@ msgstr "Tails não criptografa seus documentos por padrão\n"
msgid ""
"The documents that you might save on storage devices will not be encrypted "
"by default, except in the [[encrypted persistent volume|doc/first_steps/"
-"persistence]]. But Tails provides you with tools to encrypt your documents, "
-"such as GnuPG, or encrypt your storage device, such as LUKS. It is likely "
-"that the files you may create will keep tracks that they were created using "
-"Tails."
+"persistence]]. But Tails provides you with tools to encrypt your documents, "
+"such as GnuPG, or encrypt your storage devices, such as LUKS."
msgstr ""
"Os documentos que você pode salvar em dispositivos de armazenamento não "
"serão criptografados por padrão. No entanto, o Tails fornece a você "
@@ -513,6 +556,12 @@ msgstr ""
"Tails."
#. type: Plain text
+msgid ""
+"It is also likely that the files you may create will contain evidence that "
+"they were created using Tails."
+msgstr ""
+
+#. type: Plain text
#, no-wrap
msgid ""
"**If you need to access the local hard-disks** of the computer you are using, be\n"
@@ -532,16 +581,32 @@ msgstr ""
#. type: Plain text
msgid ""
-"Numerous files format store hidden data or metadata inside of the files. "
-"Text processors or PDF files could store the name of the author, the date "
+"Numerous files formats store hidden data or metadata inside of the files. "
+"Word processing or PDF files could store the name of the author, the date "
"and time of creation of the file, and sometimes even parts of the editing "
-"history of the file… those hidden data depend on the file format and the "
-"software used. Please note also, that the Subject: as well as the rest of "
-"the header lines of your OpenPGP encrypted e-mail messages are not "
-"encrypted. This is not a bug of Tails or the [OpenPGP](http://www.mozilla-"
-"enigmail.org/forum/viewtopic.php?f=3&t=328) protocol; it's for backwards "
-"compatibility with the original SMTP protocol. Unfortunately no RFC standard "
-"exists yet for Subject encryption."
+"history of the file, depending on the file format and the software used."
+msgstr ""
+
+#. type: Plain text
+#, fuzzy
+#| msgid ""
+#| "Numerous files format store hidden data or metadata inside of the files. "
+#| "Text processors or PDF files could store the name of the author, the date "
+#| "and time of creation of the file, and sometimes even parts of the editing "
+#| "history of the file… those hidden data depend on the file format and the "
+#| "software used. Please note also, that the Subject: as well as the rest of "
+#| "the header lines of your OpenPGP encrypted e-mail messages are not "
+#| "encrypted. This is not a bug of Tails or the [OpenPGP](http://www.mozilla-"
+#| "enigmail.org/forum/viewtopic.php?f=3&t=328) protocol; it's for backwards "
+#| "compatibility with the original SMTP protocol. Unfortunately no RFC "
+#| "standard exists yet for Subject encryption."
+msgid ""
+"Please note also, that the Subject: as well as the rest of the header lines "
+"of your OpenPGP encrypted e-mail messages are not encrypted. This is not a "
+"bug of Tails or the [OpenPGP](http://www.mozilla-enigmail.org/forum/"
+"viewtopic.php?f=3&t=328) protocol; it's due to backwards compatibility with "
+"the original SMTP protocol. Unfortunately no RFC standard exists yet for "
+"Subject: line encryption."
msgstr ""
"Vários formatos de arquivo armazenam dados ou metadados dentro dos arquivos. "
"Processadores de texto ou arquivos PDF podem armazenar o nome do autor/a, a "
@@ -555,15 +620,25 @@ msgstr ""
"Infelizmente ainda não existe padrão RFC para criptografia do campo Assunto."
#. type: Plain text
-msgid ""
-"Images file formats, like TIFF of JPEG, probably take the prize in this "
-"field. Those files, created by digital cameras or mobile phones, contain a "
-"metadata format called EXIF which can include the date, time and sometimes "
-"the GPS coordinates of the picture, the brand and serial number of the "
-"device which took it as well as a thumbnail of the original image. Image "
-"processing software tend to keep those data intact. Internet is full of "
-"cropped or blurred images for which the EXIF thumbnail still contains the "
-"full original picture."
+#, fuzzy
+#| msgid ""
+#| "Images file formats, like TIFF of JPEG, probably take the prize in this "
+#| "field. Those files, created by digital cameras or mobile phones, contain "
+#| "a metadata format called EXIF which can include the date, time and "
+#| "sometimes the GPS coordinates of the picture, the brand and serial number "
+#| "of the device which took it as well as a thumbnail of the original image. "
+#| "Image processing software tend to keep those data intact. Internet is "
+#| "full of cropped or blurred images for which the EXIF thumbnail still "
+#| "contains the full original picture."
+msgid ""
+"Image file formats, like TIFF of JPEG, probably take the prize for most "
+"hidden data. These files, created by digital cameras or mobile phones, "
+"contain a metadata format called EXIF which can include the date, time and "
+"sometimes the GPS coordinates when the picture was taken, the brand and "
+"serial number of the device which took it, as well as a thumbnail of the "
+"original image. Image processing software tends to keep this metadata "
+"intact. The internet is full of cropped or blurred images in which the "
+"included EXIF thumbnail still shows the original picture."
msgstr ""
"Formatos de arquivo de imagem, como o TIFF ou JPEG, provavelmente ganham o "
"prêmio nessa categoria. Tais arquivos, criados por câmeras digitais ou "
@@ -591,12 +666,19 @@ msgid "Tor doesn't protect you from a global adversary\n"
msgstr "Tor não te protege de um adversário global\n"
#. type: Plain text
+#, fuzzy
+#| msgid ""
+#| "A global passive adversary would be a person or an entity able to monitor "
+#| "at the same time the traffic between all the computers in a network. By "
+#| "studying, for example, the timing and volume patterns of the different "
+#| "communications across the network, it would be statistically possible to "
+#| "identify Tor circuits and thus matching Tor users and destination servers."
msgid ""
"A global passive adversary would be a person or an entity able to monitor at "
"the same time the traffic between all the computers in a network. By "
"studying, for example, the timing and volume patterns of the different "
"communications across the network, it would be statistically possible to "
-"identify Tor circuits and thus matching Tor users and destination servers."
+"identify Tor circuits and thus match Tor users and destination servers."
msgstr ""
"Um adversário global e passivo seria uma pessoa ou entidade capaz de "
"monitorar ao mesmo tempo o tráfego entre todos os computadores de uma rede. "
@@ -615,10 +697,16 @@ msgstr ""
"navegação na web, bate-papo via Internet e conexões SSH."
#. type: Plain text
+#, fuzzy
+#| msgid ""
+#| "For more expert information see [Tor Project: The Second-Generation Onion "
+#| "Router](https://svn.torproject.org/svn/projects/design-paper/tor-design."
+#| "pdf), part 3. Design goals and assumptions."
msgid ""
-"For more expert information see [Tor Project: The Second-Generation Onion "
-"Router](https://svn.torproject.org/svn/projects/design-paper/tor-design."
-"pdf), part 3. Design goals and assumptions."
+"For more expert information see the Tor design paper, \"[Tor Project: The "
+"Second-Generation Onion Router](https://svn.torproject.org/svn/projects/"
+"design-paper/tor-design.pdf)\", specifically, \"Part 3. Design goals and "
+"assumptions.\""
msgstr ""
"Para mais informações para especializadas, veja [Tor Project: The Second-"
"Generation Onion Router](https://svn.torproject.org/svn/projects/design-"
@@ -635,11 +723,17 @@ msgid "Tails doesn't magically separate your different contextual identities\n"
msgstr "Tails não separa magicamente suas diferentes identidades contextuais\n"
#. type: Plain text
+#, fuzzy
+#| msgid ""
+#| "It is usually not advisable to use the same Tails session to perform two "
+#| "tasks or endorse two contextual identities that you really want to keep "
+#| "separate from another. For example hiding your location to check your "
+#| "email and publishing anonymously a document."
msgid ""
"It is usually not advisable to use the same Tails session to perform two "
"tasks or endorse two contextual identities that you really want to keep "
-"separate from another. For example hiding your location to check your email "
-"and publishing anonymously a document."
+"separate from one another. For example hiding your location to check your "
+"email and anonymously publishing a document."
msgstr ""
"Usualmente não é recomendável usar a mesma sessão do Tails para realizar "
"duas tarefas ou aproximar duas identidades contextuais que você realmente "
@@ -647,15 +741,25 @@ msgstr ""
"localização para checar seu email e publicar um documento anonimamente."
#. type: Plain text
-msgid ""
-"First, because Tor tends to reuse the same circuits, for example amongst a "
+#, fuzzy
+#| msgid ""
+#| "First, because Tor tends to reuse the same circuits, for example amongst "
+#| "a same browsing session. Since the exit node of a circuit knows both the "
+#| "destination server (and possibly the content of the communication if not "
+#| "encrypted) and the address of the previous relay it received the "
+#| "communication from, it makes it easier to correlate the several browsing "
+#| "requests as part of a same circuit and possibly made by a same user. If "
+#| "you are facing a global adversary as described above, it might then also "
+#| "be in position to do this correlation."
+msgid ""
+"First, because Tor tends to reuse the same circuits, for example, within the "
"same browsing session. Since the exit node of a circuit knows both the "
-"destination server (and possibly the content of the communication if not "
-"encrypted) and the address of the previous relay it received the "
-"communication from, it makes it easier to correlate the several browsing "
-"requests as part of a same circuit and possibly made by a same user. If you "
-"are facing a global adversary as described above, it might then also be in "
-"position to do this correlation."
+"destination server (and possibly the content of the communication if it's "
+"not encrypted) and the address of the previous relay it received the "
+"communication from, it makes it easier to correlate several browsing "
+"requests as part of a same circuit and possibly made by the same user. If "
+"you are facing a global adversary as described above, it might then also be "
+"in a position to do this correlation."
msgstr ""
"Primeiramente, porque o Tor tende a reutilizar os mesmos circuitos, por "
"exemplo em uma mesma sessão de navegação. Uma vez que o nó de saída de um "
@@ -667,9 +771,15 @@ msgstr ""
"descrito acima, ele também pode estar em posição de realizar esta correlação."
#. type: Plain text
+#, fuzzy
+#| msgid ""
+#| "Second, in case of a security hole or a misuse in using Tails or one of "
+#| "its application, information about your session could be leaked. That "
+#| "could reveal that the same person was behind the various actions made "
+#| "during the session."
msgid ""
-"Second, in case of a security hole or a misuse in using Tails or one of its "
-"application, information about your session could be leaked. That could "
+"Second, in case of a security hole or an error in using Tails or one of its "
+"applications, information about your session could be leaked. That could "
"reveal that the same person was behind the various actions made during the "
"session."
msgstr ""
@@ -702,9 +812,14 @@ msgid "Tails doesn't make your crappy passwords stronger\n"
msgstr "Tails não transforma suas senhas fracas em fortes\n"
#. type: Plain text
+#, fuzzy
+#| msgid ""
+#| "Tor allows you to be anonymous online; Tails allows you to leave no trace "
+#| "on the computer you're using. But again, **neither of both are magic "
+#| "spells for computer security**."
msgid ""
"Tor allows you to be anonymous online; Tails allows you to leave no trace on "
-"the computer you're using. But again, **neither of both are magic spells for "
+"the computer you're using. But again, **neither or both are magic spells for "
"computer security**."
msgstr ""
"Tor permite que você seja anônimo online; Tails permite que você não deixe "
@@ -730,10 +845,15 @@ msgid "Tails is a work in progress\n"
msgstr "Tails é um trabalho em progresso\n"
#. type: Plain text
+#, fuzzy
+#| msgid ""
+#| "Tails, as well as all the software it includes, are on continuous "
+#| "development and might contain programming errors or security holes. "
+#| "[[Stay tuned|download#stay_tuned]] to Tails development."
msgid ""
-"Tails, as well as all the software it includes, are on continuous "
-"development and might contain programming errors or security holes. [[Stay "
-"tuned|download#stay_tuned]] to Tails development."
+"Tails, as well as all the software it includes, are continuously being "
+"developed and may contain programming errors or security holes. [[Stay tuned|"
+"download#stay_tuned]] to Tails development."
msgstr ""
"Tails, assim como todo software nele incluso, está em desenvolvimento "
"contínuo e pode conter erros de programação e brechas de segurança. [[Fique "
diff --git a/wiki/src/doc/anonymous_internet/electrum.fr.po b/wiki/src/doc/anonymous_internet/electrum.fr.po
index f5605a9..65953ab 100644
--- a/wiki/src/doc/anonymous_internet/electrum.fr.po
+++ b/wiki/src/doc/anonymous_internet/electrum.fr.po
@@ -7,10 +7,9 @@ msgid ""
msgstr ""
"Project-Id-Version: \n"
"POT-Creation-Date: 2015-10-04 16:24+0300\n"
-"PO-Revision-Date: 2015-04-21 23:23-0000\n"
+"PO-Revision-Date: 2015-10-12 19:57-0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
-"Language: \n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
@@ -38,7 +37,7 @@ msgid ""
msgstr ""
"Votre portefeuille peut être récupéré entièrement grâce à une phrase de "
"passe, appelée *graine*. Vous pouvez alors utiliser votre portefeuille "
-"depuis différent appareils et éviter de perdre des bitcoins à cause d'une "
+"depuis différents appareils et éviter de perdre des bitcoins à cause d'une "
"erreur de sauvegarde ou d'une défaillance de votre ordinateur."
#. type: Bullet: ' - '
@@ -64,7 +63,7 @@ msgid ""
"<p>Bitcoin is <a href=\"https://bitcoin.org/en/faq#is-bitcoin-anonymous\">not\n"
"anonymous</a>.</p>\n"
msgstr ""
-"<p>Le Bitcoin n'est <a href=\"https://bitcoin.org/fr/faq#is-bitcoin-anonymous\"> pas\n"
+"<p>Le Bitcoin n'est <a href=\"https://bitcoin.org/fr/faq#bitcoin-est-il-anonyme\"> pas\n"
"anonyme</a>.</p>\n"
#. type: Plain text
@@ -99,7 +98,6 @@ msgstr ""
"</span>.\n"
#. type: Plain text
-#, fuzzy
#| msgid ""
#| "To learn how to use *Electrum*, read the [documentation on the *Electrum* "
#| "wiki](http://electrum.orain.org/)."
@@ -108,7 +106,7 @@ msgid ""
"wiki](http://docs.electrum.org)."
msgstr ""
"Pour apprendre à utiliser *Electrum*, consultez la [documentation du wiki "
-"d'*Electrum*](https://electrum.org/fr/)."
+"d'*Electrum*](http://docs.electrum.org) (en anglais)."
#. type: Plain text
#, no-wrap
diff --git a/wiki/src/doc/anonymous_internet/unsafe_browser.de.po b/wiki/src/doc/anonymous_internet/unsafe_browser.de.po
index 5976456..e433ea1 100644
--- a/wiki/src/doc/anonymous_internet/unsafe_browser.de.po
+++ b/wiki/src/doc/anonymous_internet/unsafe_browser.de.po
@@ -3,23 +3,23 @@
# This file is distributed under the same license as the PACKAGE package.
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
#
-#, fuzzy
msgid ""
msgstr ""
-"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2015-07-10 08:22+0200\n"
-"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: LANGUAGE <LL@li.org>\n"
-"Language: \n"
+"Project-Id-Version: Tails\n"
+"POT-Creation-Date: 2014-11-04 22:26+0100\n"
+"PO-Revision-Date: 2015-10-07 18:39+0100\n"
+"Last-Translator: Tails translators <tails@boum.org>\n"
+"Language-Team: Tails translators <tails@boum.org>\n"
+"Language: de\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 1.6.10\n"
#. type: Plain text
#, no-wrap
msgid "[[!meta title=\"Logging in to captive portals\"]]\n"
-msgstr ""
+msgstr "[[!meta title=\"Anmelden bei Captive Portals\"]]\n"
#. type: Plain text
msgid ""
@@ -32,6 +32,16 @@ msgid ""
"page. None of that works when Tor is used, so a browser with unrestricted "
"network access is necessary."
msgstr ""
+"Viele öffentlich zugängliche Internetverbindungen (auf die üblicherweise "
+"über eine drahtlose Netzwerkverbindung zugegriffen werden kann) verlangen "
+"von ihren Nutzenden, sich zu registrieren und anzumelden, um Internetzugriff "
+"zu erhalten. Dies umfasst sowohl kostenlose als auch kostenpflichtige "
+"Dienste, die z. B. in Internetcafé's, Bibliotheken, Flughäfen, Hotels, "
+"Universtitäten usw. aufgefunden werden können. Normalerweise werden in "
+"solchen Situationen *Captive Portals* jegliche Anfragen zu Websites abfangen "
+"und den Webbrowser zu einer Loginseite weiterleiten. Nichts davon "
+"funktioniert, wenn Tor benutzt wird, somit ist ein Browser mit "
+"uneingeschränktem Internetzugriff nötig."
#. type: Plain text
#, no-wrap
@@ -43,6 +53,13 @@ msgid ""
" <span class=\"guisubmenu\">Internet</span>&nbsp;▸\n"
" <span class=\"guimenuitem\">Unsafe Web Browser</span></span>.\n"
msgstr ""
+"Tails enthält einen <span class=\"application\">Unsicheren Browser</span> für diesen\n"
+"Zweck, dieser kann über das Menü\n"
+"<span class=\"menuchoice\">\n"
+" <span class=\"guimenu\">Anwendungen</span>&nbsp;▸\n"
+" <span class=\"guisubmenu\">Internet</span>&nbsp;▸\n"
+" <span class=\"guimenuitem\">Unsicherer Web Browser</span></span> \n"
+"gestartet werden.\n"
#. type: Plain text
#, no-wrap
@@ -50,11 +67,13 @@ msgid ""
"The <span class=\"application\">Unsafe Browser</span> has a red and yellow theme\n"
"to differentiate it from [[<span class=\"application\">Tor Browser</span>|Tor_Browser]].\n"
msgstr ""
+"Der <span class=\"application\">Unsichere Browser</span> hat ein rotes und gelbes Farbschema\n"
+"um vom [[<span class=\"application\">Tor Browser</span>|Tor_Browser]] zu unterscheiden.\n"
#. type: Plain text
#, no-wrap
msgid "<div class=\"caution\">\n"
-msgstr ""
+msgstr "<div class=\"caution\">\n"
#. type: Plain text
#, no-wrap
@@ -63,25 +82,28 @@ msgid ""
"anonymous</strong>. Use it only to log in to captive portals or to\n"
"[[browse web pages on the local network|advanced_topics/lan#browser]].</p>\n"
msgstr ""
+"<p><strong>Der <span class=\"application\">Unsichere Browser</span> ist nicht\n"
+"anonym</strong>. Nutzen Sie ihn nur, um sich in Captive Portals einzuloggen oder um\n"
+"[[Webseiten im lokalen Netzwerk anzusehen|advanced_topics/lan#browser]].</p>\n"
#. type: Plain text
#, no-wrap
msgid "</div>\n"
-msgstr ""
+msgstr "</div>\n"
#. type: Plain text
#, no-wrap
msgid "<div class=\"note\">\n"
-msgstr ""
+msgstr "<div class=\"note\">\n"
#. type: Plain text
#, no-wrap
msgid "[[!inline pages=\"doc/anonymous_internet/unsafe_browser/chroot.inline\" raw=\"yes\"]]\n"
-msgstr ""
+msgstr "[[!inline pages=\"doc/anonymous_internet/unsafe_browser/chroot.inline.de\" raw=\"yes\"]]\n"
#. type: Plain text
msgid "Security recommendations:"
-msgstr ""
+msgstr "Sicherheitsempfehlungen:"
#. type: Bullet: '* '
msgid ""
@@ -90,6 +112,10 @@ msgid ""
"mistake one browser for the other, which could have catastrophic "
"consequences."
msgstr ""
+"Führen Sie diesen Browser nicht zur zeitgleich mit dem [[<span class="
+"\"application\">Tor Browser</span>|Tor_Browser]] aus. Dies macht es einfach, "
+"einen Browser nicht mit dem anderen zu verwechseln, was verheerende Folgen "
+"haben könnte."
#. type: Bullet: '* '
msgid ""
@@ -100,3 +126,10 @@ msgid ""
"navigation toolbar. The lack of the onion icon is another such visual "
"reminder."
msgstr ""
+"Wenn [[Windows Camouflage|doc/first_steps/startup_options/"
+"windows_camouflage]] benutzt wird, ist das rote Farbschema deaktiviert, um "
+"weniger Aufmerksamkeit zu erregen. Es ist dennoch möglich, den <span class="
+"\"application\">Unsicheren Browser</span> in Ruhe zu erkennen, da er die "
+"englische Wikipedia als voreingestellte (und einzige) Suchmaschine in der "
+"Adresszeile besitzt. Das Fehlen des Zwiebellogos ist ein weitere optische "
+"Erinnerung."
diff --git a/wiki/src/doc/anonymous_internet/unsafe_browser/chroot.inline.de.po b/wiki/src/doc/anonymous_internet/unsafe_browser/chroot.inline.de.po
index dceeaf3..5bdaf73 100644
--- a/wiki/src/doc/anonymous_internet/unsafe_browser/chroot.inline.de.po
+++ b/wiki/src/doc/anonymous_internet/unsafe_browser/chroot.inline.de.po
@@ -22,4 +22,6 @@ msgid ""
"<p>If you download files using the <span class=\"application\">Unsafe\n"
"Browser</span> it is not possible to access them outside of the <span\n"
"class=\"application\">Unsafe Browser</span> itself.</p>\n"
-msgstr ""
+msgstr "<p>Falls Sie Dateien mit dem <span class=\"application\">Unsicheren\n"
+"Browser</span> herunterladen, ist es nicht möglich auf diese außerhalb des\n"
+"<span class=\"application\">Unsicheren Browsers</span> zuzugreifen.</p>\n"
diff --git a/wiki/src/doc/first_steps/installation.mdwn b/wiki/src/doc/first_steps/installation.mdwn
index 9e68b2d..5d47cde 100644
--- a/wiki/src/doc/first_steps/installation.mdwn
+++ b/wiki/src/doc/first_steps/installation.mdwn
@@ -46,8 +46,8 @@ media, and later clone it onto the device of your choice, USB stick or SD card.
</span>
to start <span class="application">Tails Installer</span>.
-3. To install onto a new device, click on the <span class="button">Clone &
- Install</span> button.
+3. To install onto a new device, click on the <span class="button">Install by
+ cloning</span> button.
4. Plug the device onto which you want to install Tails.
diff --git a/wiki/src/doc/first_steps/introduction_to_gnome_and_the_tails_desktop.de.po b/wiki/src/doc/first_steps/introduction_to_gnome_and_the_tails_desktop.de.po
index 3c26ac3..8e9a6fe 100644
--- a/wiki/src/doc/first_steps/introduction_to_gnome_and_the_tails_desktop.de.po
+++ b/wiki/src/doc/first_steps/introduction_to_gnome_and_the_tails_desktop.de.po
@@ -3,23 +3,23 @@
# This file is distributed under the same license as the PACKAGE package.
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
#
-#, fuzzy
msgid ""
msgstr ""
-"Project-Id-Version: PACKAGE VERSION\n"
+"Project-Id-Version: Tails\n"
"POT-Creation-Date: 2015-09-01 10:05+0300\n"
-"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: LANGUAGE <LL@li.org>\n"
-"Language: \n"
+"PO-Revision-Date: 2015-10-11 10:58+0100\n"
+"Last-Translator: Tails translators <tails@boum.org>\n"
+"Language-Team: Tails translators <tails@boum.org>\n"
+"Language: de\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 1.6.10\n"
#. type: Plain text
#, no-wrap
msgid "[[!meta title=\"Introduction to GNOME and the Tails desktop\"]]\n"
-msgstr ""
+msgstr "[[!meta title=\"Einführung in GNOME und den Tails Desktop\"]]\n"
#. type: Plain text
msgid ""
@@ -27,39 +27,44 @@ msgid ""
"version 3.4 in [Fallback mode](https://help.gnome.org/users/gnome-help/3.4/"
"fallback-mode.html.en)."
msgstr ""
+"Tails verwendet als Desktopumgebung [GNOME](https://www.gnome.org) in "
+"Version 3.4 im [Ausweichmodus](https://help.gnome.org/users/gnome-help/3.4/"
+"fallback-mode.html.de)."
#. type: Plain text
msgid ""
"This page describes some important features of the desktop in the context of "
"Tails."
msgstr ""
+"Diese Seite beschreibt einige wichtige Funktionen des Desktops im Bezug auf "
+"Tails."
#. type: Plain text
#, no-wrap
msgid "[[!toc levels=2]]\n"
-msgstr ""
+msgstr "[[!toc levels=2]]\n"
#. type: Title =
#, no-wrap
msgid "Top navigation bar\n"
-msgstr ""
+msgstr "Obere Navigationsleiste\n"
#. type: Plain text
msgid "In the upper left corner of the screen there are two menus:"
-msgstr ""
+msgstr "In der linken oberen Ecke werden zwei Menüs angezeigt:"
#. type: Bullet: ' - '
msgid "the <span class=\"guimenu\">Applications</span> menu"
-msgstr ""
+msgstr "das <span class=\"guimenu\">Anwendungen</span>-Menü"
#. type: Bullet: ' - '
msgid "the <span class=\"guimenu\">Places</span> menu"
-msgstr ""
+msgstr "das <span class=\"guimenu\">Orte</span>-Menü"
#. type: Title -
#, no-wrap
msgid "Applications menu\n"
-msgstr ""
+msgstr "Anwendungsmenü\n"
#. type: Plain text
#, no-wrap
@@ -67,26 +72,28 @@ msgid ""
"The <span class=\"guimenu\">Applications</span> menu provides shortcuts to the\n"
"[[included software|about/features]] and to GNOME configuration utilities.\n"
msgstr ""
+"Das <span class=\"guimenu\">Anwendungen</span>-Menü bietet Ihnen Verknüpfungen zu der\n"
+"[[enthaltenen Software|about/features]] sowie zu den GNOME Konfigurationswerkzeugen.\n"
#. type: Plain text
#, no-wrap
msgid "[[!img applications.png link=no alt=\"Applications menu\"]]\n"
-msgstr ""
+msgstr "[[!img applications.png link=no alt=\"Anwendungsmenü\"]]\n"
#. type: Plain text
#, no-wrap
msgid "<a id=\"help\"></a>\n"
-msgstr ""
+msgstr "<a id=\"help\"></a>\n"
#. type: Plain text
#, no-wrap
msgid "<div class=\"icon\">\n"
-msgstr ""
+msgstr "<div class=\"icon\">\n"
#. type: Plain text
#, no-wrap
msgid "[[!img help-browser.png link=no]]\n"
-msgstr ""
+msgstr "[[!img help-browser.png link=no]]\n"
#. type: Plain text
#, no-wrap
@@ -99,11 +106,18 @@ msgid ""
" </div>\n"
"</div>\n"
msgstr ""
+"<div class=\"text\">\n"
+" <span class=\"guimenuitem\">Hilfe</span>: Um auf die GNOME Desktop Hilfe zuzugreifen, wählen Sie\n"
+" <span class=\"menuchoice\">\n"
+" <span class=\"guisubmenu\">Zubehör</span>&nbsp;▸\n"
+" <span class=\"guimenuitem\">Hilfe</span></span>\n"
+" </div>\n"
+"</div>\n"
#. type: Title ###
#, no-wrap
msgid "System Tools submenu"
-msgstr ""
+msgstr "Systemwerkzeuge-Untermenü"
#. type: Plain text
#, no-wrap
@@ -111,11 +125,13 @@ msgid ""
"The <span class=\"guisubmenu\">System Tools</span> submenu allows you to customize\n"
"the GNOME desktop or the system.\n"
msgstr ""
+"Das <span class=\"guisubmenu\">Systemwerkzeuge</span>-Untermenü erlaubt es Ihnen,\n"
+"den GNOME-Desktop oder das System anzupassen.\n"
#. type: Plain text
#, no-wrap
msgid "<div class=\"next\">\n"
-msgstr ""
+msgstr "<div class=\"next\">\n"
#. type: Plain text
msgid ""
@@ -123,20 +139,24 @@ msgid ""
"the documentation on [[persistence|persistence]] to learn which "
"configuration can be made persistent across separate working sessions."
msgstr ""
+"Standardmäßig werden alle diese Konfigurationen beim Herunterfahren von "
+"Tails zurückgesetzt. Lesen Sie die Dokumentation zum [[beständigen "
+"Speicherbereich|persistence]], um zu erfahren, welche Konfigurationen über "
+"mehrere Arbeitssitzungen hinweg dauerhaft gesichert werden können."
#. type: Plain text
#, no-wrap
msgid "</div>\n"
-msgstr ""
+msgstr "</div>\n"
#. type: Plain text
msgid "Among other utilities, it includes:"
-msgstr ""
+msgstr "Zusammen mit anderen Werkzeugen enthält es:"
#. type: Plain text
#, no-wrap
msgid "[[!img preferences-system.png link=no]]\n"
-msgstr ""
+msgstr "[[!img preferences-system.png link=no]]\n"
#. type: Plain text
#, no-wrap
@@ -152,11 +172,21 @@ msgid ""
" </div>\n"
"</div>\n"
msgstr ""
+"<div class=\"text\">\n"
+" <span class=\"guimenuitem\">Systemeinstellungen</span>:\n"
+" Um verschiedene Systemeinstellungen, zum Beispiel zu Tastatur, Maus und Touchpad oder\n"
+" Bildschirmen anzupassen, wählen Sie\n"
+" <span class=\"menuchoice\">\n"
+" <span class=\"guisubmenu\">Systemwerkzeuge</span>&nbsp;▸\n"
+" <span class=\"guisubmenu\">Einstellungen</span>&nbsp;▸\n"
+" <span class=\"guimenuitem\">Systemeinstellungen</span></span>\n"
+" </div>\n"
+"</div>\n"
#. type: Plain text
#, no-wrap
msgid "[[!img seahorse.png link=no]]\n"
-msgstr ""
+msgstr "[[!img seahorse.png link=no]]\n"
#. type: Plain text
#, no-wrap
@@ -171,11 +201,20 @@ msgid ""
" </div>\n"
"</div>\n"
msgstr ""
+"<div class=\"text\">\n"
+" <span class=\"guimenuitem\">Seahorse</span>:\n"
+" Um Ihre OpenPGP Schlüssel zu verwalten, wählen Sie\n"
+" <span class=\"menuchoice\">\n"
+" <span class=\"guisubmenu\">Systemwerkzeuge</span>&nbsp;▸\n"
+" <span class=\"guisubmenu\">Einstellungen</span>&nbsp;▸\n"
+" <span class=\"guimenuitem\">Passwörter und Verschlüsselung</span></span>\n"
+" </div>\n"
+"</div>\n"
#. type: Plain text
#, no-wrap
msgid "[[!img synaptic.png link=no]]\n"
-msgstr ""
+msgstr "[[!img synaptic.png link=no]]\n"
#. type: Plain text
#, no-wrap
@@ -190,11 +229,20 @@ msgid ""
" </div>\n"
"</div>\n"
msgstr ""
+"<div class=\"text\">\n"
+" <span class=\"guimenuitem\">Synaptic-Paketverwaltung</span>:\n"
+" um Softwarepakete zu installieren, entfernen oder zu aktualisieren, wählen Sie\n"
+" <span class=\"menuchoice\">\n"
+" <span class=\"guisubmenu\">Systemwerkzeuge</span>&nbsp;▸\n"
+" <span class=\"guisubmenu\">Systemverwaltung</span>&nbsp;▸\n"
+" <span class=\"guimenuitem\">Synaptic-Paketverwaltung</span></span>\n"
+" </div>\n"
+"</div>\n"
#. type: Title -
#, no-wrap
msgid "Places menu\n"
-msgstr ""
+msgstr "Orte-Menü\n"
#. type: Plain text
#, no-wrap
@@ -202,11 +250,13 @@ msgid ""
"The <span class=\"guimenu\">Places</span> menu provides direct access to different\n"
"storage media.\n"
msgstr ""
+"Das <span class=\"guimenu\">Orte</span>-Menü bietet Ihnen direkten Zugang zu verschiedenen\n"
+"Speichermedien.\n"
#. type: Plain text
#, no-wrap
msgid "[[!img places.png link=no alt=\"Places menu\"]]\n"
-msgstr ""
+msgstr "[[!img places.png link=no alt=\"Orte-Menü\"]]\n"
#. type: Plain text
#, no-wrap
@@ -216,27 +266,33 @@ msgid ""
" <span class=\"guimenu\">Places</span>&nbsp;▸\n"
" <span class=\"guimenuitem\">Connect to Server…</span></span>\n"
msgstr ""
+"Um sich mit einem FTP oder SFTP Server zu verbinden, wählen Sie\n"
+"<span class=\"menuchoice\">\n"
+" <span class=\"guimenu\">Orte</span>&nbsp;▸\n"
+" <span class=\"guimenuitem\">Verbindung zu Server…</span></span>\n"
#. type: Plain text
#, no-wrap
msgid "<a id=\"app_shortcuts\"></a>\n"
-msgstr ""
+msgstr "<a id=\"app_shortcuts\"></a>\n"
#. type: Title -
#, no-wrap
msgid "Applications shortcuts\n"
-msgstr ""
+msgstr "Anwendungsverknüpfungen\n"
#. type: Plain text
msgid ""
"On the right of these two menu entries, a few shortcuts allow to launch the "
"most frequently used applications."
msgstr ""
+"Auf der rechten Seite dieser beiden Menüeinträge ermöglichen Ihnen ein paar "
+"Verknüpfungen, die am meisten verwendeten Anwendungen zu starten."
#. type: Plain text
#, no-wrap
msgid "[[!img tor-browser.png link=no]]\n"
-msgstr ""
+msgstr "[[!img tor-browser.png link=no]]\n"
#. type: Plain text
#, no-wrap
@@ -247,16 +303,21 @@ msgid ""
"</div>\n"
"</div>\n"
msgstr ""
+"<div class=\"text\">\n"
+"<strong>Tor-Browser</strong>: Surfen Sie im World Wide Web<br/>\n"
+"[[Lesen Sie die entsprechende Dokumentation|anonymous_internet/Tor_Browser]]\n"
+"</div>\n"
+"</div>\n"
#. type: Plain text
#, no-wrap
msgid "<a id=\"claws_mail\"></a>\n"
-msgstr ""
+msgstr "<a id=\"claws_mail\"></a>\n"
#. type: Plain text
#, no-wrap
msgid "[[!img claws-mail.png link=no]]\n"
-msgstr ""
+msgstr "[[!img claws-mail.png link=no]]\n"
#. type: Plain text
#, no-wrap
@@ -266,11 +327,15 @@ msgid ""
"</div>\n"
"</div>\n"
msgstr ""
+"<div class=\"text\"><strong>Claws Mail</strong>: E-Mail-Programm<br />\n"
+"[[Lesen Sie die entsprechende Dokumentation|anonymous_internet/claws_mail]]\n"
+"</div>\n"
+"</div>\n"
#. type: Plain text
#, no-wrap
msgid "[[!img pidgin.png link=no]]\n"
-msgstr ""
+msgstr "[[!img pidgin.png link=no]]\n"
#. type: Plain text
#, no-wrap
@@ -281,11 +346,16 @@ msgid ""
"</div>\n"
"</div>\n"
msgstr ""
+"<div class=\"text\">\n"
+"<strong>Pidgin</strong>: Sofortnachrichtendienst-Client<br/>\n"
+"[[Lesen Sie die entsprechende Dokumentation|anonymous_internet/pidgin]]\n"
+"</div>\n"
+"</div>\n"
#. type: Plain text
#, no-wrap
msgid "[[!img keepassx.png link=no]]\n"
-msgstr ""
+msgstr "[[!img keepassx.png link=no]]\n"
#. type: Plain text
#, no-wrap
@@ -296,16 +366,21 @@ msgid ""
"</div>\n"
"</div>\n"
msgstr ""
+"<div class=\"text\">\n"
+"<strong>KeePassX</strong>: Passwortmanager<br/>\n"
+"[[Lesen Sie die entsprechende Dokumentation|encryption_and_privacy/manage_passwords]]\n"
+"</div>\n"
+"</div>\n"
#. type: Plain text
#, no-wrap
msgid "<a id=\"terminal\"></a>\n"
-msgstr ""
+msgstr "<a id=\"terminal\"></a>\n"
#. type: Plain text
#, no-wrap
msgid "[[!img gnome-terminal.png link=no]]\n"
-msgstr ""
+msgstr "[[!img gnome-terminal.png link=no]]\n"
#. type: Plain text
#, no-wrap
@@ -313,11 +388,13 @@ msgid ""
"<div class=\"text\"><strong>GNOME Terminal</strong>: use the command line</div>\n"
"</div>\n"
msgstr ""
+"<div class=\"text\"><strong>GNOME Terminal</strong>: Verwenden Sie die Befehlszeile</div>\n"
+"</div>\n"
#. type: Title -
#, no-wrap
msgid "Notification area\n"
-msgstr ""
+msgstr "Benachrichtigungsbereich\n"
#. type: Plain text
msgid ""
@@ -325,21 +402,25 @@ msgid ""
"offers an interface for some system feature or running application. You are "
"encouraged to check these icons out with the left and right mouse buttons."
msgstr ""
+"In der rechten oberen Ecke werden Sie einige Symbole finden, von denen jedes "
+"eine Bedienoberfläche für einige Systemfunktionen oder laufende Programme "
+"bietet. Wir ermutigen Sie, diese Symbole mit der linken und rechten "
+"Maustaste zu erkunden."
#. type: Plain text
#, no-wrap
msgid "[[!img tor-on.png link=no]]\n"
-msgstr ""
+msgstr "[[!img tor-on.png link=no]]\n"
#. type: Plain text
#, no-wrap
msgid "[[!img tor-starting.png link=no]]\n"
-msgstr ""
+msgstr "[[!img tor-starting.png link=no]]\n"
#. type: Plain text
#, no-wrap
msgid "[[!img tor-off.png link=no]]\n"
-msgstr ""
+msgstr "[[!img tor-off.png link=no]]\n"
#. type: Plain text
#, no-wrap
@@ -350,6 +431,11 @@ msgid ""
"</div>\n"
"</div>\n"
msgstr ""
+"<div class=\"text\">\n"
+"<strong>Vidalia</strong>: Grafische Steuerung für Tor<br/>\n"
+"[[Lesen Sie die entsprechende Dokumentation|anonymous_internet/vidalia]]\n"
+"</div>\n"
+"</div>\n"
#. type: Plain text
#, no-wrap
@@ -357,11 +443,13 @@ msgid ""
"<a id=\"florence\"></a>\n"
"<div class=\"icon\">\n"
msgstr ""
+"<a id=\"florence\"></a>\n"
+"<div class=\"icon\">\n"
#. type: Plain text
#, no-wrap
msgid "[[!img florence.png link=no]]\n"
-msgstr ""
+msgstr "[[!img florence.png link=no]]\n"
#. type: Plain text
#, no-wrap
@@ -372,21 +460,26 @@ msgid ""
"</div>\n"
"</div>\n"
msgstr ""
+"<div class=\"text\">\n"
+"<strong>Florence</strong>: Bildschirmstastatur<br/>\n"
+"[[Lesen Sie die entsprechende Dokumentation|encryption_and_privacy/virtual_keyboard]]\n"
+"</div>\n"
+"</div>\n"
#. type: Plain text
#, no-wrap
msgid "[[!img gpgApplet-text.png link=no]]\n"
-msgstr ""
+msgstr "[[!img gpgApplet-text.png link=no]]\n"
#. type: Plain text
#, no-wrap
msgid "[[!img gpgApplet.png link=no]]\n"
-msgstr ""
+msgstr "[[!img gpgApplet.png link=no]]\n"
#. type: Plain text
#, no-wrap
msgid "[[!img gpgApplet-seal.png link=no]]\n"
-msgstr ""
+msgstr "[[!img gpgApplet-seal.png link=no]]\n"
#. type: Plain text
#, no-wrap
@@ -396,6 +489,10 @@ msgid ""
"documentation|encryption_and_privacy/gpgapplet]]</div>\n"
"</div>\n"
msgstr ""
+"<div class=\"text\"><strong>Tails OpenPGP-Applet</strong>: Verschlüsseln und entschlüsseln\n"
+"Sie die Zwischenablage mit OpenPGP<br/> [[Lesen Sie die entsprechende\n"
+"Dokumentation|encryption_and_privacy/gpgapplet]]</div>\n"
+"</div>\n"
#. type: Plain text
#, no-wrap
@@ -403,11 +500,13 @@ msgid ""
"<a id=\"audio\"></a>\n"
"<div class=\"icon\">\n"
msgstr ""
+"<a id=\"audio\"></a>\n"
+"<div class=\"icon\">\n"
#. type: Plain text
#, no-wrap
msgid "[[!img sound.png link=no]]\n"
-msgstr ""
+msgstr "[[!img sound.png link=no]]\n"
#. type: Plain text
#, no-wrap
@@ -416,11 +515,14 @@ msgid ""
"volume</div>\n"
"</div>\n"
msgstr ""
+"<div class=\"text\"><strong>Tonlautstärke</strong>: Steuern Sie die\n"
+"Lautstärke vom Ton</div>\n"
+"</div>\n"
#. type: Plain text
#, no-wrap
msgid "[[!img power.png link=no]]\n"
-msgstr ""
+msgstr "[[!img power.png link=no]]\n"
#. type: Plain text
#, no-wrap
@@ -431,6 +533,11 @@ msgid ""
"</div>\n"
"</div>\n"
msgstr ""
+"<div class=\"text\">\n"
+"<strong>Energie-Manager</strong>: Informationen über Ihren Akku, wenn Sie einen Laptop\n"
+"benutzen<br/>\n"
+"</div>\n"
+"</div>\n"
#. type: Plain text
#, no-wrap
@@ -438,16 +545,18 @@ msgid ""
"<a id=\"keyboard_layout\"></a>\n"
"<div class=\"icon\">\n"
msgstr ""
+"<a id=\"keyboard_layout\"></a>\n"
+"<div class=\"icon\">\n"
#. type: Plain text
#, no-wrap
msgid "[[!img keyboard-en.png link=no]]\n"
-msgstr ""
+msgstr "[[!img keyboard-en.png link=no]]\n"
#. type: Plain text
#, no-wrap
msgid "[[!img keyboard-de.png link=no]]\n"
-msgstr ""
+msgstr "[[!img keyboard-de.png link=no]]\n"
#. type: Plain text
#, no-wrap
@@ -457,21 +566,25 @@ msgid ""
"Right-click to configure a different keyboard layout.</div>\n"
"</div>\n"
msgstr ""
+"<div class=\"text\">\n"
+"<strong>Tastaturlayout</strong>: Aktuelles Tastaturlayout<br/>\n"
+"Rechtsklicken Sie, um ein anderes Tastaturlayout einzustellen.</div>\n"
+"</div>\n"
#. type: Plain text
#, no-wrap
msgid "[[!img network-idle.png link=no]]\n"
-msgstr ""
+msgstr "[[!img network-idle.png link=no]]\n"
#. type: Plain text
#, no-wrap
msgid "[[!img network-wired.png link=no]]\n"
-msgstr ""
+msgstr "[[!img network-wired.png link=no]]\n"
#. type: Plain text
#, no-wrap
msgid "[[!img network-wireless.png link=no]]\n"
-msgstr ""
+msgstr "[[!img network-wireless.png link=no]]\n"
#. type: Plain text
#, no-wrap
@@ -483,6 +596,12 @@ msgid ""
"</div>\n"
"</div>\n"
msgstr ""
+"<div class=\"text\">\n"
+"<strong>Netzwerk-Manager</strong>: Verwalten Sie Ihre drahtlosen oder kabelgebundenen\n"
+"Netzwerkverbindungen<br/>\n"
+"[[Lesen Sie die entsprechende Dokumentation|anonymous_internet/networkmanager]]\n"
+"</div>\n"
+"</div>\n"
#. type: Plain text
#, no-wrap
@@ -490,11 +609,13 @@ msgid ""
"<a id=\"shutdown\"></a>\n"
"<div class=\"icon\">\n"
msgstr ""
+"<a id=\"shutdown\"></a>\n"
+"<div class=\"icon\">\n"
#. type: Plain text
#, no-wrap
msgid "[[!img shutdown.png link=no]]\n"
-msgstr ""
+msgstr "[[!img shutdown.png link=no]]\n"
#. type: Plain text
#, no-wrap
@@ -503,31 +624,39 @@ msgid ""
"system</div>\n"
"</div>\n"
msgstr ""
+"<div class=\"text\"><strong>System herunterfahren</strong>: Fahren Sie das System herunter oder starten Sie es\n"
+"neu</div>\n"
+"</div>\n"
#. type: Title =
#, no-wrap
msgid "Bottom panel\n"
-msgstr ""
+msgstr "Fußleiste\n"
#. type: Plain text
msgid "On the left of the bottom panel are displayed buttons for open windows."
msgstr ""
+"Im linken Bereich der Fußleiste werden Schaltflächen für geöffnete Fenster "
+"angezeigt."
#. type: Plain text
msgid ""
"On the right of the bottom panel, a set of four similar rectangle icons "
"gives access to four different workspaces."
msgstr ""
+"Im rechten Bereich der Fußleiste sehen Sie eine Anordnung vier gleicher, "
+"rechteckiger Symbole, die Zugriff zu vier verschiedenen Arbeitsbereichen "
+"bieten."
#. type: Title =
#, no-wrap
msgid "Desktop shortcuts\n"
-msgstr ""
+msgstr "Desktopverknüpfungen\n"
#. type: Plain text
#, no-wrap
msgid "[[!img computer.png link=no]]\n"
-msgstr ""
+msgstr "[[!img computer.png link=no]]\n"
#. type: Plain text
#, no-wrap
@@ -535,11 +664,13 @@ msgid ""
"<div class=\"text\"><strong>Computer</strong>: access storage media</div>\n"
"</div>\n"
msgstr ""
+"<div class=\"text\"><strong>Computer</strong>: Greifen Sie auf Speichermedien zu</div>\n"
+"</div>\n"
#. type: Plain text
#, no-wrap
msgid "[[!img user-home.png link=no]]\n"
-msgstr ""
+msgstr "[[!img user-home.png link=no]]\n"
#. type: Plain text
#, no-wrap
@@ -548,11 +679,14 @@ msgid ""
"user's folder</div>\n"
"</div>\n"
msgstr ""
+"<div class=\"text\"><strong>amnesia's Home</strong>: Verknüpfung zum Ordner\n"
+"des Standardkontos</div>\n"
+"</div>\n"
#. type: Plain text
#, no-wrap
msgid "[[!img emptytrash.png link=no]]\n"
-msgstr ""
+msgstr "[[!img emptytrash.png link=no]]\n"
#. type: Plain text
#, no-wrap
@@ -561,11 +695,14 @@ msgid ""
"moved</div>\n"
"</div>\n"
msgstr ""
+"<div class=\"text\"><strong>Trash</strong>: Wohin die \"gelöschten\" Dateien verschoben\n"
+"werden</div>\n"
+"</div>\n"
#. type: Plain text
#, no-wrap
msgid "[[!img system-help.png link=no]]\n"
-msgstr ""
+msgstr "[[!img system-help.png link=no]]\n"
#. type: Plain text
#, no-wrap
@@ -574,11 +711,14 @@ msgid ""
"Tails website and documentation</div>\n"
"</div>\n"
msgstr ""
+"<div class=\"text\"><strong>Tails-Dokumentation</strong>: Eine lokale Kopie der\n"
+"Tails Website und Dokumentation öffnen</div>\n"
+"</div>\n"
#. type: Plain text
#, no-wrap
msgid "[[!img whisperback.png link=no]]\n"
-msgstr ""
+msgstr "[[!img whisperback.png link=no]]\n"
#. type: Plain text
#, no-wrap
@@ -588,25 +728,30 @@ msgid ""
"</div>\n"
"</div>\n"
msgstr ""
+"<div class=\"text\">\n"
+"<strong>Einen Fehler melden</strong>: Helfen Sie mit, [[Probleme|/support]] in Tails zu lösen\n"
+"</div>\n"
+"</div>\n"
#. type: Plain text
#, no-wrap
msgid "<a id=\"nautilus\"></a>\n"
-msgstr ""
+msgstr "<a id=\"nautilus\"></a>\n"
#. type: Title =
#, no-wrap
msgid "Managing files with Nautilus\n"
-msgstr ""
+msgstr "Dateien mit Nautilus verwalten\n"
#. type: Plain text
msgid "Nautilus is GNOME's file manager, FTP, SFTP client and more."
msgstr ""
+"Nautilus ist die Dateiverwaltung, der FTP und SFTP Client usw. für GNOME"
#. type: Plain text
#, no-wrap
msgid "[[!img nautilus.png link=no]]\n"
-msgstr ""
+msgstr "[[!img nautilus.png link=no]]\n"
#. type: Plain text
msgid ""
@@ -614,3 +759,7 @@ msgid ""
"menu at top right corner of the screen. To move files or folders, you can "
"drag them from one window and drop them to another."
msgstr ""
+"Um lokale Dateien zu verwalten, folgen Sie den Verknüpfungen vom Desktop "
+"oder aus dem **Orte**-Menü im oberen, linken Eck des Fensterbereichs. Um "
+"Dateien oder Ordner zu verschieben, können Sie sie aus einem Fenster in das "
+"nächste ziehen und loslassen."
diff --git a/wiki/src/doc/first_steps/persistence/configure.de.po b/wiki/src/doc/first_steps/persistence/configure.de.po
index a5c473d..55d4495 100644
--- a/wiki/src/doc/first_steps/persistence/configure.de.po
+++ b/wiki/src/doc/first_steps/persistence/configure.de.po
@@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2015-04-24 17:32+0300\n"
+"POT-Creation-Date: 2015-10-13 12:48+0300\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -457,15 +457,22 @@ msgstr ""
msgid ""
"If you [[install additional programs|doc/advanced_topics/"
"additional_software]], this feature allows you to download them once and "
-"reinstall them during future working sessions, even offline. Note that those "
-"packages are not automatically installed when restarting Tails."
+"reinstall them during future working sessions, even offline."
msgstr ""
#. type: Plain text
#, no-wrap
msgid ""
-"If you activate this feature, it is recommended to activate the\n"
-"<span class=\"guilabel\">APT Lists</span> feature as well.\n"
+"To reinstall these packages automatically when restarting Tails, use the\n"
+"[[<span class=\"guilabel\">Additional software packages</span> persistence\n"
+"feature|configure#additional_software]].\n"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"If you activate the <span class=\"guilabel\">APT Packages</span> persistence feature,\n"
+"it is recommended to activate the <span class=\"guilabel\">APT Lists</span> feature as well.\n"
msgstr ""
#. type: Plain text
diff --git a/wiki/src/doc/first_steps/persistence/configure.fr.po b/wiki/src/doc/first_steps/persistence/configure.fr.po
index ff47d67..1c42e2b 100644
--- a/wiki/src/doc/first_steps/persistence/configure.fr.po
+++ b/wiki/src/doc/first_steps/persistence/configure.fr.po
@@ -6,7 +6,7 @@
msgid ""
msgstr ""
"Project-Id-Version: sPACKAGE VERSION\n"
-"POT-Creation-Date: 2015-09-20 20:57+0200\n"
+"POT-Creation-Date: 2015-10-13 12:48+0300\n"
"PO-Revision-Date: 2015-06-12 11:08-0000\n"
"Last-Translator: \n"
"Language-Team: \n"
@@ -564,11 +564,16 @@ msgstr ""
"sauvegardés sur le volume persistant.\n"
#. type: Plain text
+#, fuzzy
+#| msgid ""
+#| "If you [[install additional programs|doc/advanced_topics/"
+#| "additional_software]], this feature allows you to download them once and "
+#| "reinstall them during future working sessions, even offline. Note that "
+#| "those packages are not automatically installed when restarting Tails."
msgid ""
"If you [[install additional programs|doc/advanced_topics/"
"additional_software]], this feature allows you to download them once and "
-"reinstall them during future working sessions, even offline. Note that those "
-"packages are not automatically installed when restarting Tails."
+"reinstall them during future working sessions, even offline."
msgstr ""
"Si vous [[installez des logiciels additionnels|doc/advanced_topics/"
"additional_software]], cette option vous permet de n'avoir besoin de les "
@@ -579,8 +584,19 @@ msgstr ""
#. type: Plain text
#, no-wrap
msgid ""
-"If you activate this feature, it is recommended to activate the\n"
-"<span class=\"guilabel\">APT Lists</span> feature as well.\n"
+"To reinstall these packages automatically when restarting Tails, use the\n"
+"[[<span class=\"guilabel\">Additional software packages</span> persistence\n"
+"feature|configure#additional_software]].\n"
+msgstr ""
+
+#. type: Plain text
+#, fuzzy, no-wrap
+#| msgid ""
+#| "If you activate this feature, it is recommended to activate the\n"
+#| "<span class=\"guilabel\">APT Lists</span> feature as well.\n"
+msgid ""
+"If you activate the <span class=\"guilabel\">APT Packages</span> persistence feature,\n"
+"it is recommended to activate the <span class=\"guilabel\">APT Lists</span> feature as well.\n"
msgstr ""
"Si vous activez cette option, il est recommandé d'activer également l'option\n"
"<span class=\"guilabel\">Listes d'APT</span>.\n"
diff --git a/wiki/src/doc/first_steps/persistence/configure.mdwn b/wiki/src/doc/first_steps/persistence/configure.mdwn
index 092fe12..f65bc37 100644
--- a/wiki/src/doc/first_steps/persistence/configure.mdwn
+++ b/wiki/src/doc/first_steps/persistence/configure.mdwn
@@ -236,11 +236,14 @@ When this feature is activated, the packages that you install using the
If you
[[install additional programs|doc/advanced_topics/additional_software]],
this feature allows you to download them once and reinstall them
-during future working sessions, even offline. Note that those
-packages are not automatically installed when restarting Tails.
+during future working sessions, even offline.
-If you activate this feature, it is recommended to activate the
-<span class="guilabel">APT Lists</span> feature as well.
+To reinstall these packages automatically when restarting Tails, use the
+[[<span class="guilabel">Additional software packages</span> persistence
+feature|configure#additional_software]].
+
+If you activate the <span class="guilabel">APT Packages</span> persistence feature,
+it is recommended to activate the <span class="guilabel">APT Lists</span> feature as well.
<a id="apt_lists"></a>
diff --git a/wiki/src/doc/first_steps/persistence/configure.pt.po b/wiki/src/doc/first_steps/persistence/configure.pt.po
index 61be825..f3c6bdc 100644
--- a/wiki/src/doc/first_steps/persistence/configure.pt.po
+++ b/wiki/src/doc/first_steps/persistence/configure.pt.po
@@ -6,7 +6,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2015-04-24 17:32+0300\n"
+"POT-Creation-Date: 2015-10-13 12:48+0300\n"
"PO-Revision-Date: 2014-07-17 15:53-0300\n"
"Last-Translator: Tails Developers <amnesia@boum.org>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -568,8 +568,7 @@ msgstr ""
msgid ""
"If you [[install additional programs|doc/advanced_topics/"
"additional_software]], this feature allows you to download them once and "
-"reinstall them during future working sessions, even offline. Note that those "
-"packages are not automatically installed when restarting Tails."
+"reinstall them during future working sessions, even offline."
msgstr ""
"Se você instalar programas adicionais, esta funcionalidade permite que você "
"baixe-os somente uma vez e reinstale em sessões de trabalho futuras, mesmo "
@@ -579,8 +578,19 @@ msgstr ""
#. type: Plain text
#, no-wrap
msgid ""
-"If you activate this feature, it is recommended to activate the\n"
-"<span class=\"guilabel\">APT Lists</span> feature as well.\n"
+"To reinstall these packages automatically when restarting Tails, use the\n"
+"[[<span class=\"guilabel\">Additional software packages</span> persistence\n"
+"feature|configure#additional_software]].\n"
+msgstr ""
+
+#. type: Plain text
+#, fuzzy, no-wrap
+#| msgid ""
+#| "If you activate this feature, it is recommended to activate the\n"
+#| "<span class=\"guilabel\">APT Lists</span> feature as well.\n"
+msgid ""
+"If you activate the <span class=\"guilabel\">APT Packages</span> persistence feature,\n"
+"it is recommended to activate the <span class=\"guilabel\">APT Lists</span> feature as well.\n"
msgstr "Se você ativar esta funcionalidade, é recomendável que ative também a funcionalidade de <span class=\"guilabel\">Listas APT</span>.\n"
#. type: Plain text
diff --git a/wiki/src/doc/first_steps/persistence/warnings.de.po b/wiki/src/doc/first_steps/persistence/warnings.de.po
index 222b45d..fcaa25b 100644
--- a/wiki/src/doc/first_steps/persistence/warnings.de.po
+++ b/wiki/src/doc/first_steps/persistence/warnings.de.po
@@ -3,38 +3,38 @@
# This file is distributed under the same license as the PACKAGE package.
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
#
-#, fuzzy
msgid ""
msgstr ""
-"Project-Id-Version: PACKAGE VERSION\n"
+"Project-Id-Version: Tails\n"
"POT-Creation-Date: 2015-02-23 14:55+0100\n"
-"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: LANGUAGE <LL@li.org>\n"
-"Language: \n"
+"PO-Revision-Date: 2015-10-04 20:33+0100\n"
+"Last-Translator: Tails translators <tails@boum.org>\n"
+"Language-Team: Tails translators <tails@boum.org>\n"
+"Language: de\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 1.6.10\n"
#. type: Plain text
#, no-wrap
msgid "[[!meta title=\"Warnings about persistence\"]]\n"
-msgstr ""
+msgstr "[[!meta title=\"Warnungen zum verschlüsselten beständigen Speicherbereich\"]]\n"
#. type: Plain text
#, no-wrap
msgid "[[!toc levels=1]]\n"
-msgstr ""
+msgstr "[[!toc levels=1]]\n"
#. type: Plain text
#, no-wrap
msgid "<a id=\"sensitive_documents\"></a>\n"
-msgstr ""
+msgstr "<a id=\"sensitive_documents\"></a>\n"
#. type: Title =
#, no-wrap
msgid "Storing sensitive documents\n"
-msgstr ""
+msgstr "Speicherung sensibler Dokumente\n"
#. type: Plain text
#, no-wrap
@@ -43,22 +43,28 @@ msgid ""
"the device can know that there is a persistent volume on it. Take into consideration\n"
"that you can be forced or tricked to give out its passphrase.\n"
msgstr ""
+"**Der beständige Speicherbreich ist nicht versteckt.** Angreifende im Besitz\n"
+"des Geräts könnten wissen, dass ein beständiger Speicherbereich vorhanden ist.\n"
+"Bedenken Sie, dass Sie gezwungen oder durch einen Trick dazu gebracht werden\n"
+"könnten, das Passwort herauszugeben.\n"
#. type: Plain text
msgid ""
"Read also our instructions to [[securely delete the persistent volume|"
"delete]]."
msgstr ""
+"Lesen Sie auch unsere Anleitung zum [[sicheren Löschen des beständigen "
+"Speicherbereichs|delete]]."
#. type: Plain text
#, no-wrap
msgid "<a id=\"overwriting_configurations\"></a>\n"
-msgstr ""
+msgstr "<a id=\"overwriting_configurations\"></a>\n"
#. type: Title =
#, no-wrap
msgid "Overwriting configurations\n"
-msgstr ""
+msgstr "Überschreiben von Konfigurationen\n"
#. type: Plain text
msgid ""
@@ -67,12 +73,19 @@ msgid ""
"the programs included in Tails, it can break this security or render these "
"programs unusable."
msgstr ""
+"Die in Tails enthaltenen Programme sind im Bezug auf Sicherheit sorgfältig "
+"konfiguriert worden. Falls Sie den beständigen Speicherbereich nutzen, um "
+"die Konfigurationen der in Tails enthaltenen Programme zu überschreiben, "
+"könnte dies diese Sicherheit gefährden oder diese Programme unbenutzbar "
+"machen."
#. type: Plain text
msgid ""
"Be especially careful when using the [[Dotfiles|persistence/"
"configure#dotfiles]] feature."
msgstr ""
+"Seien Sie besonders vorsichtig, wenn Sie mit der [[Dotfiles|persistence/"
+"configure#dotfiles]]-Funktion arbeiten."
#. type: Plain text
#, no-wrap
@@ -81,16 +94,19 @@ msgid ""
"distinguish one Tails user from another. <strong>Changing the default\n"
"configurations can break your anonymity.</strong>\n"
msgstr ""
+"Hinzu kommt, dass die Anonymität von Tor und Tails darauf basiert,\n"
+"es schwieriger zu machen, die Nutzenden von Tails voneinander zu unterscheiden.\n"
+"<strong>Das Verändern der Standardkonfiguration kann Ihre Anonymität gefährden.</strong>\n"
#. type: Plain text
#, no-wrap
msgid "<a id=\"installing_programs\"></a>\n"
-msgstr ""
+msgstr "<a id=\"installing_programs\"></a>\n"
#. type: Title =
#, no-wrap
msgid "Installing additional programs\n"
-msgstr ""
+msgstr "Installation zusätzlicher Programme\n"
#. type: Plain text
msgid ""
@@ -100,16 +116,23 @@ msgid ""
"protections built-in Tails.** Tails developers may not want or may not be "
"capable of helping you to solve those problems."
msgstr ""
+"Um Ihre Anonymität zu schützen und keine Spuren zu hinterlassen, werden die "
+"Programme von den Tails Entwickelnden mit Sorgfalt ausgewählt und so "
+"konfiguriert, dass sie gut zusammen funktionieren. **Die Installation "
+"zusätzlicher Programme könnte zu unvorhersehbaren Problemen führen und die "
+"Vorsichtsmaßnahmen, die in Tails eingebaut wurden, zerstören.** Die "
+"Entwickelnden von Tails wollen oder können Ihnen möglicherweise nicht "
+"helfen, solche Probleme zu beheben."
#. type: Plain text
#, no-wrap
msgid "<a id=\"browser_plugins\"></a>\n"
-msgstr ""
+msgstr "<a id=\"browser_plugins\"></a>\n"
#. type: Title =
#, no-wrap
msgid "Browser plugins\n"
-msgstr ""
+msgstr "Browser-Erweiterungen\n"
#. type: Plain text
msgid ""
@@ -118,16 +141,20 @@ msgid ""
"mind. **If you install other plugins or change their configuration, you can "
"break your anonymity.**"
msgstr ""
+"In einem System wie Tails ist der Webbrowser ein zentraler Bestandteil. Die "
+"im Browser enthaltenen Plugins sind sorgfältig ausgewählt und im Bezug auf "
+"Sicherheit konfiguriert worden. **Falls Sie andere Plugins installieren oder "
+"die Konfiguration ändern, könnten Sie Ihre Anonymität verlieren.**"
#. type: Plain text
#, no-wrap
msgid "<a id=\"minimum\"></a>\n"
-msgstr ""
+msgstr "<a id=\"minimum\"></a>\n"
#. type: Title =
#, no-wrap
msgid "Use to the minimum\n"
-msgstr ""
+msgstr "Minimale Benutzung\n"
#. type: Plain text
#, no-wrap
@@ -137,16 +164,20 @@ msgid ""
"features of the persistent volume are optional and need to be explicitly\n"
"activated. Only the files and folders that you specify are saved.\n"
msgstr ""
+"**Benutzen Sie den beständigen Speicherbereich nur wenn es notwendig ist und in minimalen Ausmaßen.**\n"
+"Es ist immer möglich, Tails ohne die Aktivierung des beständigen Speicherbereichs zu starten.\n"
+"Alle Funktionen des beständigen Speicherbereichs sind optional und müssen explizit aktiviert werden.\n"
+"Nur die Ordner und Dateien, die von Ihnen angegeben sind, werden gespeichert.\n"
#. type: Plain text
#, no-wrap
msgid "<a id=\"open_other_systems\"></a>\n"
-msgstr ""
+msgstr "<a id=\"open_other_systems\"></a>\n"
#. type: Title =
#, no-wrap
msgid "Opening the persistent volume from other operating systems\n"
-msgstr ""
+msgstr "Öffnen des beständigen Speicherbereichs mit anderen Betriebssystemen\n"
#. type: Plain text
#, no-wrap
@@ -157,3 +188,7 @@ msgid ""
"Other operating systems should probably not be trusted to handle\n"
"sensitive information or leave no trace.\n"
msgstr ""
+"**Es ist möglich, den beständigen Speicherbereich\n"
+"von einem anderen Betriebssystem aus zu öffnen, dies könnte jedoch Ihre Sicherheit gefährden.**\n"
+"Anderen Betriebssystemen sollte nicht vertraut werden, mit sensiblen Informationen umzugehen\n"
+"oder keine Spuren zu hinterlassen.\n"
diff --git a/wiki/src/doc/first_steps/reset/mac.de.po b/wiki/src/doc/first_steps/reset/mac.de.po
index de3eb88..1c85c4f 100644
--- a/wiki/src/doc/first_steps/reset/mac.de.po
+++ b/wiki/src/doc/first_steps/reset/mac.de.po
@@ -3,90 +3,99 @@
# This file is distributed under the same license as the PACKAGE package.
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
#
-#, fuzzy
msgid ""
msgstr ""
-"Project-Id-Version: PACKAGE VERSION\n"
+"Project-Id-Version: Tails\n"
"POT-Creation-Date: 2015-07-07 16:38+0300\n"
-"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: LANGUAGE <LL@li.org>\n"
-"Language: \n"
+"PO-Revision-Date: 2015-10-11 20:17+0100\n"
+"Last-Translator: Tails translators <tails@boum.org>\n"
+"Language-Team: Tails translators <tails@boum.org>\n"
+"Language: de\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 1.6.10\n"
#. type: Plain text
#, no-wrap
msgid "[[!meta title=\"Resetting a USB stick or SD card using Mac OSX\"]]\n"
-msgstr ""
+msgstr "[[!meta title=\" Einen USB-Stick oder eine SD-Karte mit Mac OSX zurücksetzen\"]]\n"
#. type: Plain text
#, no-wrap
msgid "[[!inline pages=\"doc/first_steps/usb_reset.intro\" raw=\"yes\"]]\n"
-msgstr ""
+msgstr "[[!inline pages=\"doc/first_steps/usb_reset.intro.de\" raw=\"yes\"]]\n"
#. type: Plain text
#, no-wrap
msgid "<a id=\"disk_utility\"></a>\n"
-msgstr ""
+msgstr "<a id=\"disk_utility\"></a>\n"
#. type: Title =
#, no-wrap
msgid "Using <span class=\"application\">Disk Utility</span>\n"
-msgstr ""
+msgstr "Mit Hilfe des <span class=\"application\">Festplattendienstprogramms</span>\n"
#. type: Plain text
#, no-wrap
msgid "<div class=\"caution\">\n"
-msgstr ""
+msgstr "<div class=\"caution\">\n"
#. type: Plain text
#, no-wrap
msgid ""
-"<strong>You might overwrite any hard disk on the computer.</strong> If at "
-"some\n"
+"<strong>You might overwrite any hard disk on the computer.</strong> If at some\n"
"point you are not sure about which device to choose, stop proceeding.\n"
msgstr ""
+"<strong>Sie könnten jegliche Festplatten des Computers überschreiben.</strong> Falls Sie\n"
+"sich an irgendeinem Punkt unsicher darüber sind, welches Medium Sie wählen sollen, brechen Sie den Vorgang ab.\n"
#. type: Plain text
#, no-wrap
msgid "</div>\n"
-msgstr ""
+msgstr "</div>\n"
#. type: Bullet: '1. '
-msgid "Make sure that the USB stick or SD card that you want to reset is unplugged."
+msgid ""
+"Make sure that the USB stick or SD card that you want to reset is unplugged."
msgstr ""
+"Stellen Sie sicher, dass der USB-Stick bzw. die SD-Karte, die Sie "
+"zurücksetzen möchten, nicht angeschlossen ist."
#. type: Bullet: '2. '
msgid "Start <span class=\"application\">Disk Utility</span>."
msgstr ""
+"Starten Sie das <span class=\"application\">Festplattendienstprogramm</span>."
#. type: Plain text
#, no-wrap
msgid ""
-" A list of all the storage devices on the computer appears in the left "
-"pane\n"
+" A list of all the storage devices on the computer appears in the left pane\n"
" of the window.\n"
-msgstr ""
+msgstr " Eine Liste aller Speichermedien des Computers erscheint im linken Bereich des Fensters.\n"
#. type: Bullet: '3. '
msgid "Plug the USB stick or SD card that you want to reset."
msgstr ""
+"Schließen Sie den USB-Stick oder die SD-Karte an, die Sie zurücksetzen "
+"möchten."
#. type: Plain text
#, no-wrap
msgid ""
" A new device appears in the list of storage devices. This new device\n"
-" corresponds to the USB stick or SD card that you plugged in. Click on "
-"it.\n"
+" corresponds to the USB stick or SD card that you plugged in. Click on it.\n"
msgstr ""
+" Ein neues Medium erscheint in der Liste der Speichermedien. Dieses Medium\n"
+" entspricht dem USB-Stick oder der SD-Karte, die Sie angeschlossen haben. Wählen Sie es aus.\n"
#. type: Bullet: '4. '
msgid ""
"In the list of storage devices, verify that the device corresponds to the "
"device that you want to reset, its brand, its size, etc."
msgstr ""
+"Stellen Sie in der Liste der Speichermedien sicher, dass das Medium jenes "
+"ist, welches Sie zurücksetzen möchten, seinen Hersteller, seine Größe, usw."
#. type: Bullet: '5. '
msgid ""
@@ -94,9 +103,14 @@ msgid ""
"in the right pane and click on the <span class=\"button\">Erase</span> "
"button on the bottom right."
msgstr ""
+"Um das Medium zurückzusetzen, wählen Sie den Reiter <span class=\"guilabel"
+"\">Löschen</span> im rechten Fensterbereich aus und klicken Sie auf die "
+"<span class=\"button\">Löschen</span>-Schaltfläche unten links."
#. type: Bullet: '6. '
msgid ""
"In the confirmation dialog, click on the <span class=\"button\">Erase</span> "
"button to confirm."
msgstr ""
+"Wählen Sie im Bestätigungs-Dialogfenster die Schaltfläche <span class="
+"\"button\">Löschen</span> aus, um zu bestätigen."
diff --git a/wiki/src/doc/first_steps/start_tails.de.po b/wiki/src/doc/first_steps/start_tails.de.po
index 835b1d7..47ceb9f 100644
--- a/wiki/src/doc/first_steps/start_tails.de.po
+++ b/wiki/src/doc/first_steps/start_tails.de.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: Tails Translation\n"
"POT-Creation-Date: 2015-08-12 18:59+0300\n"
-"PO-Revision-Date: 2015-06-16 16:48+0100\n"
+"PO-Revision-Date: 2015-10-20 21:09+0100\n"
"Last-Translator: Tails translators <tails@boum.org>\n"
"Language-Team: LANGUAGE <tails-l10n@boum.org>\n"
"Language: de\n"
@@ -31,36 +31,31 @@ msgid ""
"Now that you have a Tails device, you can shutdown your computer and start "
"using Tails without altering your existing operating system."
msgstr ""
-"Jetzt, da Sie Tails auf ein Startmedium übertragen haben, können Sie Ihren "
-"Computer herunterfahren und mit der Verwendung von Tails beginnen, ohne Ihr "
-"existierendes Betriebssystem zu verändern."
+"Nun, da Sie ein Tails Medium haben, können Sie Ihren Computer herunterfahren "
+"und mit der Verwendung von Tails beginnen, ohne Ihr existierendes "
+"Betriebssystem zu verändern."
#. type: Plain text
msgid "If Tails starts successfully, the Tails boot menu appears:"
-msgstr ""
+msgstr "Wenn Tails erfolgreich startet, erscheint das Tails Startmenü:"
#. type: Plain text
#, no-wrap
msgid "[[!img tails_boot_menu.png]]\n"
-msgstr ""
+msgstr "[[!img tails_boot_menu.png]]\n"
#. type: Title =
#, no-wrap
msgid "If you are using a DVD\n"
-msgstr "Von einer DVD\n"
+msgstr "Wenn Sie eine DVD verwenden\n"
#. type: Plain text
-#, fuzzy
-#| msgid ""
-#| "Put the Tails DVD into the CD/DVD drive and restart the computer. You "
-#| "should see a welcome screen prompting you to choose your language."
msgid ""
"Put the Tails DVD into the CD/DVD drive and restart the computer. You should "
"the Tails boot menu."
msgstr ""
"Legen Sie die Tails DVD in das CD/DVD Laufwerk ein und starten Sie dann den "
-"Computer neu. Sie sollten einen Startbildschirm sehen, der Sie zur Wahl "
-"einer Sprache auffordert. "
+"Computer neu. Sie sollten das Tails Startmenü sehen."
#. type: Plain text
msgid ""
@@ -79,14 +74,14 @@ msgstr ""
#. type: Title =
#, no-wrap
msgid "If you are using a USB stick or SD card\n"
-msgstr "Von einem USB-Stick oder einer SD-Karte\n"
+msgstr "Wenn Sie einen USB-Stick oder eine SD-Karte verwenden\n"
#. type: Plain text
msgid ""
"According to your type of computer, read the instructions for either [[PC|"
"start_tails#usb-pc]] or [[Mac|start_tails#usb-mac]]."
msgstr ""
-"Je nachdem was für einen Computer Sie verwenden lesen Sie entweder die "
+"Je nachdem was für einen Computer Sie verwenden, lesen Sie entweder die "
"Anleitung zu [[PC|start_tails#usb-pc]] oder [[Mac|start_tails#usb-mac]]."
#. type: Plain text
@@ -100,31 +95,15 @@ msgid "PC"
msgstr "PC"
#. type: Plain text
-#, fuzzy
-#| msgid ""
-#| "Shutdown the computer, plug your device, and start the computer. You "
-#| "should see a welcome screen prompting you to choose your language."
msgid ""
"Shutdown the computer, plug your device, and start the computer. You should "
"see the Tails boot menu."
msgstr ""
-"Fahren Sie den Rechner herunter, schließen Sie Ihr Speichermedium an und "
-"starten Sie den Rechner. Sie sollten einen Startbildschirm sehen, der Sie "
-"zur Wahl einer Sprache auffordert."
+"Fahren Sie den Computer herunter, schließen Sie Ihr Speichermedium an und "
+"starten Sie den Computer. Sie sollten das Tails Startmenü sehen."
#. type: Plain text
-#, fuzzy, no-wrap
-#| msgid ""
-#| "If your computer does not automatically do so, you might need to edit the BIOS\n"
-#| "settings. Restart your computer, and watch for a message telling you which key\n"
-#| "to press to enter the BIOS setup. It will usually be one of <span\n"
-#| "class=\"keycap\">F1</span>, <span class=\"keycap\">F2</span>, <span\n"
-#| "class=\"keycap\">Del</span>, <span class=\"keycap\">Esc</span> or\n"
-#| "<span class=\"keycap\">F10</span>. Press this key while your computer is booting to edit your BIOS settings.\n"
-#| "You need to edit the <span class=\"guilabel\">Boot Order</span>. Depending on your computer you should see an\n"
-#| "entry for <span class=\"guilabel\">removable drive</span> or <span class=\"guilabel\">USB media</span>. Move this to the top of the list to\n"
-#| "force the computer to attempt to start from your device before starting from the\n"
-#| "internal hard disk. Save your changes and continue.\n"
+#, no-wrap
msgid ""
"If your computer does not automatically do so, you might need to edit the BIOS\n"
"settings. Restart your computer, and watch for a message telling you which key\n"
@@ -133,16 +112,12 @@ msgid ""
"class=\"keycap\">Del</span>, <span class=\"keycap\">Esc</span> or\n"
"<span class=\"keycap\">F10</span>. Press this key while your computer is booting to edit your BIOS settings.\n"
msgstr ""
-"Wenn Ihr Computer dies nicht automatisch macht, ist vielleicht eine Änderung der BIOS Einstellungen\n"
-"notwendig. Starten Sie den Computer neu und halten Sie nach einer Nachricht Ausschau, welche Taste\n"
+"Wenn Ihr Computer dies nicht automatisch macht, müssen Sie vielleicht die BIOS Einstellungen\n"
+"ändern. Starten Sie den Computer neu und halten Sie nach einem Hinweis Ausschau, welche Taste\n"
"Sie drücken müssen, um in das BIOS Setup zu gelangen. Normalerweise ist es eine der folgenden Tasten:\n"
"<span class=\"keycap\">F1</span>, <span class=\"keycap\">F2</span>, <span class=\"keycap\">Entf</span>,\n"
-"<span class=\"keycap\">ESC</span> oder <span class=\"keycap\">F10</span>. Halten Sie diese Taste gedrückt\n"
-"während der Computer startet, um die BIOS Einstellungen zu verändern. Sie müssen die <span class=\"guilabel\">\n"
-"Startreihenfolge</span> (Boot Order) ändern. Abhängig von Ihrem Computer sollten Sie einen Eintrag, wie <span\n"
-"class=\"guilabel\">removable drive</span> oder <span class=\"guilabel\">USB media</span>, sehen. Setzen Sie\n"
-"diesen an den Anfang der Liste, um den Computer anzuweisen, zu versuchen, zuerst von Ihrem Speichermedium zu starten,\n"
-"bevor von der internen Festplatte gestartet wird. Speichern Sie die Änderungen und fahren Sie fort.\n"
+"<span class=\"keycap\">ESC</span> oder <span class=\"keycap\">F10</span>. Halten Sie diese Taste gedrückt,\n"
+"während der Computer startet, um die BIOS Einstellungen zu ändern.\n"
#. type: Plain text
msgid ""
@@ -154,43 +129,28 @@ msgstr ""
"versuchen."
#. type: Plain text
-#, fuzzy, no-wrap
-#| msgid ""
-#| "If your computer does not automatically do so, you might need to edit the BIOS\n"
-#| "settings. Restart your computer, and watch for a message telling you which key\n"
-#| "to press to enter the BIOS setup. It will usually be one of <span\n"
-#| "class=\"keycap\">F1</span>, <span class=\"keycap\">F2</span>, <span\n"
-#| "class=\"keycap\">Del</span>, <span class=\"keycap\">Esc</span> or\n"
-#| "<span class=\"keycap\">F10</span>. Press this key while your computer is booting to edit your BIOS settings.\n"
-#| "You need to edit the <span class=\"guilabel\">Boot Order</span>. Depending on your computer you should see an\n"
-#| "entry for <span class=\"guilabel\">removable drive</span> or <span class=\"guilabel\">USB media</span>. Move this to the top of the list to\n"
-#| "force the computer to attempt to start from your device before starting from the\n"
-#| "internal hard disk. Save your changes and continue.\n"
+#, no-wrap
msgid ""
"1. You need to edit the <span class=\"guilabel\">Boot Order</span>. Depending on your computer you should see an\n"
"entry for <span class=\"guilabel\">removable drive</span> or <span class=\"guilabel\">USB media</span>. Move this to the top of the list to\n"
"force the computer to attempt to start from your device before starting from the\n"
"internal hard disk. Save your changes and continue.\n"
msgstr ""
-"Wenn Ihr Computer dies nicht automatisch macht, ist vielleicht eine Änderung der BIOS Einstellungen\n"
-"notwendig. Starten Sie den Computer neu und halten Sie nach einer Nachricht Ausschau, welche Taste\n"
-"Sie drücken müssen, um in das BIOS Setup zu gelangen. Normalerweise ist es eine der folgenden Tasten:\n"
-"<span class=\"keycap\">F1</span>, <span class=\"keycap\">F2</span>, <span class=\"keycap\">Entf</span>,\n"
-"<span class=\"keycap\">ESC</span> oder <span class=\"keycap\">F10</span>. Halten Sie diese Taste gedrückt\n"
-"während der Computer startet, um die BIOS Einstellungen zu verändern. Sie müssen die <span class=\"guilabel\">\n"
-"Startreihenfolge</span> (Boot Order) ändern. Abhängig von Ihrem Computer sollten Sie einen Eintrag, wie <span\n"
-"class=\"guilabel\">removable drive</span> oder <span class=\"guilabel\">USB media</span>, sehen. Setzen Sie\n"
-"diesen an den Anfang der Liste, um den Computer anzuweisen, zu versuchen, zuerst von Ihrem Speichermedium zu starten,\n"
+"1. Sie müssen die <span class=\"guilabel\">Startreihenfolge</span> (Boot Order) ändern. Abhängig von Ihrem Computer sollten Sie einen\n"
+"Eintrag wie <span class=\"guilabel\">removable drive</span> oder <span class=\"guilabel\">USB media</span> sehen. Setzen Sie\n"
+"diesen an den Anfang der Liste, um den Computer anzuweisen, zuerst zu versuchen, von Ihrem Speichermedium zu starten,\n"
"bevor von der internen Festplatte gestartet wird. Speichern Sie die Änderungen und fahren Sie fort.\n"
#. type: Plain text
-#, fuzzy, no-wrap
-#| msgid "For more detailed instruction on how to boot from USB you can read [About.com: How To Boot your Computer from a Bootable USB Device](http://pcsupport.about.com/od/tipstricks/ht/bootusbflash.htm)."
+#, no-wrap
msgid ""
" For more detailed instruction on how to boot from USB you can read [About.com:\n"
"How To Boot your Computer from a Bootable USB\n"
"Device](http://pcsupport.about.com/od/tipstricks/ht/bootusbflash.htm).\n"
-msgstr "Für genauere Anweisungen wie man von USB startet, lesen Sie [wiki.ubuntuusers.de: Live-USB](http://wiki.ubuntuusers.de/Live-USB)."
+msgstr ""
+" Für genauere Anweisungen wie man von USB startet, lesen Sie \n"
+"[wiki.ubuntuusers.de: Live-USB]\n"
+"(http://wiki.ubuntuusers.de/Live-USB).\n"
#. type: Plain text
#, no-wrap
@@ -199,10 +159,13 @@ msgid ""
"following BIOS configurations. Try restarting after each change, as\n"
"each one might solve your problem.\n"
msgstr ""
+" Falls das Ändern der Startreihenfolge nicht ausreicht, können Sie auch\n"
+"die folgenden BIOS Einstellungen probieren. Versuchen Sie nach jeder Änderung\n"
+"neu zu starten, da jede einzelne Ihr Problem möglicherweise lösen könnte.\n"
#. type: Bullet: '2. '
msgid "Disable Fast boot and Secure boot."
-msgstr ""
+msgstr "Deaktivieren Sie Fast Boot und Secure Boot."
#. type: Bullet: '3. '
msgid ""
@@ -211,18 +174,23 @@ msgid ""
"try to configure it to start with legacy BIOS. Try any of the following "
"options if available:"
msgstr ""
+"Wenn der Computer eingstellt ist, mit Legacy BIOS zu starten, versuchen Sie "
+"ihn zu konfigurieren, mit UEFI zu starten. Anderenfalls, wenn der Computer "
+"eingestellt ist, mit UEFI zu starten, versuchen Sie ihn zu konfigurieren, "
+"mit Legacy BIOS zu starten. Versuchen Sie, falls verfügbar, jede dieser "
+"Optionen:"
#. type: Bullet: ' - '
msgid "Enable Legacy mode"
-msgstr ""
+msgstr "Aktivieren Sie den Legacy Modus"
#. type: Bullet: ' - '
msgid "Enable CSM boot"
-msgstr ""
+msgstr "Aktivieren Sie CSM Boot"
#. type: Bullet: ' - '
msgid "Disable UEFI"
-msgstr ""
+msgstr "Deaktivieren Sie UEFI"
#. type: Plain text
#, no-wrap
@@ -230,12 +198,17 @@ msgid ""
" You might have to undo these changes to start your usual operating\n"
"system again after your Tails session.\n"
msgstr ""
+" Möglicherweise müssen Sie diese Änderungen rückgängig machen, um Ihr\n"
+"reguläres Betriebssystem nach Ihrer Tails Sitzung erneut zu starten.\n"
#. type: Bullet: '4. '
msgid ""
"You can also try to upgrade your BIOS version. Your computer vendor probably "
"has instructions on how to do that on their website."
msgstr ""
+"Sie können auch versuchen, Ihre BIOS Version zu aktualisieren. Ihr "
+"Computerhersteller hat möglicherweise Anweisungen auf der Website, wie dies "
+"erledigt wird."
#. type: Plain text
#, no-wrap
@@ -257,12 +230,12 @@ msgid ""
msgstr ""
"Fahren Sie den Computer herunter, schließen Sie Ihr Speichermedium an, starten\n"
"Sie den Computer neu und halten Sie sofort <span class=\"keycap\">Option</span> gedrückt\n"
-"bis ein Bootmenü erscheint. Wählen Sie in diesem Menü den Eintrag der \n"
+"bis ein Bootmenü erscheint. Wählen Sie in diesem Menü den Eintrag, der \n"
"<span class=\"guimenuitem\">Boot EFI</span> lautet und wie ein USB-Stick aussieht.\n"
#. type: Plain text
msgid "Then you should see the Tails boot menu."
-msgstr ""
+msgstr "Anschließend sollten Sie das Tails Startmenü sehen."
#. type: Plain text
msgid ""
@@ -286,9 +259,9 @@ msgid ""
"instructions</a>.\n"
msgstr ""
"Die Installation von rEFInd ersetzt Ihren ursprünglichen Bootloader.<br/>\n"
-"Dies kann zur Folge haben, dass Ihr Mac nicht mehr startet. Es wird empfohlen\n"
-"ein komplettes Backup zu erstellen und zu wissen, wie man es wiederherstellt.\n"
-"Lesen Sie hierzu <a href=\"https://support.apple.com/kb/HT1427\">die Anleitungen von Apple</a>.\n"
+"Dies kann zur Folge haben, dass Ihr Mac nicht mehr startet. Es wird empfohlen, ein komplettes Backup zu erstellen und zu wissen, wie \n"
+"es wiederhergestellt werden kann. Lesen Sie hierzu <a href=\"https://support.apple.com/kb/HT1427\">die Anleitungen von\n"
+"Apple</a>.\n"
#. type: Plain text
#, no-wrap
@@ -306,7 +279,7 @@ msgid ""
"first_steps/bug_reporting/tails_does_not_start]]."
msgstr ""
"Lesen Sie unsere [[Melderichtlinien, falls Tails nicht startet|doc/"
-"first_steps/bug_reporting/tails_does_not_start]]."
+"first_steps/bug_reporting/tails_does_not_start.de]]."
#. type: Title =
#, no-wrap
diff --git a/wiki/src/doc/first_steps/upgrade.mdwn b/wiki/src/doc/first_steps/upgrade.mdwn
index c6ab205..5f75924 100644
--- a/wiki/src/doc/first_steps/upgrade.mdwn
+++ b/wiki/src/doc/first_steps/upgrade.mdwn
@@ -168,8 +168,8 @@ To know the version of a running Tails, choose
<a id="clone"></a>
-Clone & Upgrade
----------------
+Upgrade by cloning
+------------------
1. Start Tails from the DVD, USB stick, or SD card, that you want to clone from.
@@ -181,7 +181,7 @@ Clone & Upgrade
</span>
to start <span class="application">Tails Installer</span>.
-3. Choose <span class="guilabel">Clone & Upgrade</span>.
+3. Choose <span class="guilabel">Upgrade by cloning</span>.
4. Plug the device that you want to upgrade.
diff --git a/wiki/src/news/version_0.2.fr.po b/wiki/src/news/version_0.2.fr.po
index aacda12..a7a690f 100644
--- a/wiki/src/news/version_0.2.fr.po
+++ b/wiki/src/news/version_0.2.fr.po
@@ -3,36 +3,37 @@
# This file is distributed under the same license as the PACKAGE package.
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
#
-#, fuzzy
msgid ""
msgstr ""
-"Project-Id-Version: PACKAGE VERSION\n"
+"Project-Id-Version: \n"
"POT-Creation-Date: 2012-11-15 19:06+0100\n"
-"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"PO-Revision-Date: 2015-10-07 22:18+0100\n"
+"Last-Translator: AtomiKe <tails@atomike.ninja>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
-"Language: \n"
+"Language: fr\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 1.6.10\n"
#. type: Plain text
#, no-wrap
msgid "[[!meta date=\"Tue Jun 23 14:43:24 2009\"]]\n"
-msgstr ""
+msgstr "[[!meta date=\"Tue Jun 23 14:43:24 2009\"]]\n"
#. type: Plain text
#, no-wrap
msgid "[[!tag announce]]\n"
-msgstr ""
+msgstr "[[!tag announce]]\n"
#. type: Plain text
msgid "Amnesia 0.2 released"
-msgstr ""
+msgstr "Amnesia version 0.2 est disponible"
#. type: Plain text
msgid ""
-"See the [online "
-"Changelog](http://git.immerda.ch/?p=amnesia.git;a=blob_plain;f=debian/changelog;hb=refs/tags/0.2) "
-"for details."
+"See the [online Changelog](http://git.immerda.ch/?p=amnesia.git;a=blob_plain;"
+"f=debian/changelog;hb=refs/tags/0.2) for details."
msgstr ""
+"Référez-vous au [journal des changements](http://git.immerda.ch/?p=amnesia."
+"git;a=blob_plain;f=debian/changelog;hb=refs/tags/0.2) pour plus de détails."
diff --git a/wiki/src/news/version_0.3.fr.po b/wiki/src/news/version_0.3.fr.po
index c9f1199..beefce1 100644
--- a/wiki/src/news/version_0.3.fr.po
+++ b/wiki/src/news/version_0.3.fr.po
@@ -3,40 +3,41 @@
# This file is distributed under the same license as the PACKAGE package.
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
#
-#, fuzzy
msgid ""
msgstr ""
-"Project-Id-Version: PACKAGE VERSION\n"
+"Project-Id-Version: \n"
"POT-Creation-Date: 2012-11-15 19:06+0100\n"
-"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"PO-Revision-Date: 2015-10-07 22:19+0100\n"
+"Last-Translator: AtomiKe <tails@atomike.ninja>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
-"Language: \n"
+"Language: fr\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 1.6.10\n"
#. type: Plain text
#, no-wrap
msgid "[[!meta date=\"Thu Nov 25 23:57:24 2009\"]]\n"
-msgstr ""
+msgstr "[[!meta date=\"Thu Nov 25 23:57:24 2009\"]]\n"
#. type: Plain text
#, no-wrap
msgid "[[!tag announce]]\n"
-msgstr ""
+msgstr "[[!tag announce]]\n"
#. type: Plain text
msgid "Amnesia 0.3 released"
-msgstr ""
+msgstr "Amnesia version 0.3 est disponible"
#. type: Plain text
msgid ""
-"See the [online "
-"Changelog](http://git.immerda.ch/?p=amnesia.git;a=blob_plain;f=debian/changelog;hb=refs/tags/0.3) "
-"for details."
+"See the [online Changelog](http://git.immerda.ch/?p=amnesia.git;a=blob_plain;"
+"f=debian/changelog;hb=refs/tags/0.3) for details."
msgstr ""
+"Référez-vous au [journal des changements](http://git.immerda.ch/?p=amnesia."
+"git;a=blob_plain;f=debian/changelog;hb=refs/tags/0.3) pour plus de détails. "
#. type: Plain text
msgid "[[Download it, seed it!|/download]]"
-msgstr ""
+msgstr "[[Télécharger le, partagez le !|/download]]"
diff --git a/wiki/src/news/version_0.4.1.fr.po b/wiki/src/news/version_0.4.1.fr.po
index 36e483a..3c6ad17 100644
--- a/wiki/src/news/version_0.4.1.fr.po
+++ b/wiki/src/news/version_0.4.1.fr.po
@@ -3,90 +3,106 @@
# This file is distributed under the same license as the PACKAGE package.
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
#
-#, fuzzy
msgid ""
msgstr ""
-"Project-Id-Version: PACKAGE VERSION\n"
+"Project-Id-Version: \n"
"POT-Creation-Date: 2012-11-15 19:06+0100\n"
-"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"PO-Revision-Date: 2015-10-08 21:30+0100\n"
+"Last-Translator: AtomiKe <tails@atomike.ninja>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
-"Language: \n"
+"Language: fr\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 1.5.4\n"
#. type: Plain text
#, no-wrap
msgid "[[!meta date=\"Sat Feb 06 17:00:00 2010\"]]\n"
-msgstr ""
+msgstr "[[!meta date=\"Sat Feb 06 17:00:00 2010\"]]\n"
#. type: Plain text
#, no-wrap
msgid "[[!tag announce]]\n"
-msgstr ""
+msgstr "[[!tag announce]]\n"
#. type: Plain text
msgid "Amnesia 0.4.1 released"
-msgstr ""
+msgstr "Amnesia version 0.4.1 disponible"
#. type: Plain text
msgid "Highlighted changes:"
-msgstr ""
+msgstr "Changements importants :"
#. type: Bullet: '* '
msgid ""
"We now ship \"Hybrid\" ISO images, which can be either burnt on CD-ROM or "
"dd'd to a USB stick or hard disk."
msgstr ""
+"Nous fournissons désormais des images ISO \"hybrides\", qui peuvent à la "
+"fois être gravées sur un CD-ROM ou copiées sur une clé USB ou un disque dur."
#. type: Bullet: '* '
msgid ""
-"We now ship multilingual ISO images; initially supported (or rather "
-"wanna-be-supported) languages are: ar, zh, de, en, fr, it, pt, es."
+"We now ship multilingual ISO images; initially supported (or rather wanna-be-"
+"supported) languages are: ar, zh, de, en, fr, it, pt, es."
msgstr ""
+"Nous fournissons désormais des images ISO multilingue ; les langages "
+"supportés (ou en cours de l'être) sont : ar, zh, de, en, fr, it, pt, es."
#. type: Bullet: '* '
msgid ""
-"Icedove was replaced with claws mail, in a bit rough way; see "
-"[[todo/replace_icedove_with_claws]] for best practices and configuration "
-"advices."
+"Icedove was replaced with claws mail, in a bit rough way; see [[todo/"
+"replace_icedove_with_claws]] for best practices and configuration advices."
msgstr ""
+"Icedove a brutalement été remplacé par Claws Mail ; pour en savoir plus "
+"référez-vous à [[todo/replace_icedove_with_claws]] pour des conseils sur la "
+"configuration et les meilleures pratiques."
#. type: Bullet: '* '
msgid "Virtual keyboard: kvkbd was replaced with onBoard."
-msgstr ""
+msgstr "Clavier virtuel : kvkbd remplacé par onBoard."
#. type: Bullet: '* '
msgid "Tor controller: TorK was replaced with Vidalia."
-msgstr ""
+msgstr "Contrôleur Tor : TorK remplacé par Vidalia."
#. type: Bullet: '* '
msgid ""
"Anonymous, GnuPG-encrypted bug reporting is now made easy, thanks to "
"[WhisperBack](http://git.immerda.ch/?p=whisperback.git)."
msgstr ""
+"Les rapports du bug anonymes et chiffrés avec GPG sont maintenant faciles "
+"grâce à [WhisperBack](http://git.immerda.ch/?p=whisperback.git)."
#. type: Bullet: '* '
msgid ""
"Users are now warned at runtime when the amnesia version they are running is "
"affected by security flaws, and which ones they are."
msgstr ""
+"Les utilisateurs sont maintenant informés pendant l'utilisation que la "
+"version d'Amnesia qu'ils exécutent est affectée par des failles de sécurité, "
+"et desquelles il s'agit."
#. type: Plain text
msgid ""
-"See the [online "
-"Changelog](http://git.immerda.ch/?p=amnesia.git;a=blob_plain;f=debian/changelog;hb=refs/tags/0.4.1) "
-"for details."
+"See the [online Changelog](http://git.immerda.ch/?p=amnesia.git;a=blob_plain;"
+"f=debian/changelog;hb=refs/tags/0.4.1) for details."
msgstr ""
+"Référez-vous au [journal des changements](http://git.immerda.ch/?p=amnesia."
+"git;a=blob_plain;f=debian/changelog;hb=refs/tags/0.4.1) pour plus de "
+"détails."
#. type: Plain text
msgid "[[Download it, seed it!|/download]]"
-msgstr ""
+msgstr "[[Télécharger le, partagez le !|/download]]"
#. type: Plain text
msgid ""
"If you want PowerPC, or other architectures, to be supported, feel free to "
-"write us: <amnesia@boum.org>, preferably encrypted with our [[OpenPGP "
-"key|doc/about/openpgp_keys]]."
+"write us: <amnesia@boum.org>, preferably encrypted with our [[OpenPGP key|"
+"doc/about/openpgp_keys]]."
msgstr ""
+"Si vous souhaitez le support de PowerPC, ou d'une autre architecture, "
+"n'hésitez pas à nous écrire : <amnesia@boum.org> de préférence en chiffrant "
+"vos messages avec notre [[clé OpenGPG|doc/about/openpgp_keys]]."
diff --git a/wiki/src/news/version_1.6.fr.po b/wiki/src/news/version_1.6.fr.po
index e4a3891..05271b9 100644
--- a/wiki/src/news/version_1.6.fr.po
+++ b/wiki/src/news/version_1.6.fr.po
@@ -3,37 +3,37 @@
# This file is distributed under the same license as the PACKAGE package.
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
#
-#, fuzzy
msgid ""
msgstr ""
-"Project-Id-Version: PACKAGE VERSION\n"
+"Project-Id-Version: \n"
"POT-Creation-Date: 2015-09-23 21:48+0200\n"
-"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"PO-Revision-Date: 2015-10-12 22:33+0100\n"
+"Last-Translator: AtomiKe <tails@atomike.ninja>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
-"Language: \n"
+"Language: fr\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 1.6.10\n"
#. type: Plain text
#, no-wrap
msgid "[[!meta date=\"Tue Sep 22 12:34:56 2015\"]]\n"
-msgstr ""
+msgstr "[[!meta date=\"Tue Sep 22 12:34:56 2015\"]]\n"
#. type: Plain text
#, no-wrap
msgid "[[!meta title=\"Tails 1.6 is out\"]]\n"
-msgstr ""
+msgstr "[[!meta title=\"Tails 1.6 est sorti\"]]\n"
#. type: Plain text
#, no-wrap
msgid "[[!tag announce]]\n"
-msgstr ""
+msgstr "[[!tag announce]]\n"
#. type: Plain text
msgid "Tails, The Amnesic Incognito Live System, version 1.6, is out."
-msgstr ""
+msgstr "Tails, le système live incognito et amnésique, version 1.6, est sorti"
#. type: Plain text
msgid ""
@@ -41,39 +41,44 @@ msgid ""
"Numerous_security_holes_in_1.5.1]] and all users must [[upgrade|doc/"
"first_steps/upgrade]] as soon as possible."
msgstr ""
+"Cette version corrige [[plusieurs problèmes de sécurité|security/"
+"Numerous_security_holes_in_1.5.1]] et tous les utilisateurs doivent [[mettre "
+"à jour|doc/first_steps/upgrade]] dès que possible."
#. type: Plain text
#, no-wrap
msgid "[[!toc levels=1]]\n"
-msgstr ""
+msgstr "[[!toc levels=1]]\n"
#. type: Title #
#, no-wrap
msgid "Changes"
-msgstr ""
+msgstr "Modifications"
#. type: Plain text
#, no-wrap
msgid "[[!inline pages=\"inc/release_notes/1.6\" raw=\"yes\"]]\n"
-msgstr ""
+msgstr "[[!inline pages=\"inc/release_notes/1.6\" raw=\"yes\"]]\n"
#. type: Title #
#, no-wrap
msgid "Known issues"
-msgstr ""
+msgstr "Problèmes connus"
#. type: Plain text
msgid "See the current list of [[known issues|support/known_issues]]."
-msgstr ""
+msgstr "Voir la liste des [[problèmes connus|support/known_issues]]."
#. type: Title #
#, no-wrap
msgid "Download or upgrade"
-msgstr ""
+msgstr "Télécharger ou mettre à jour"
#. type: Plain text
msgid "Go to the [[download]] or [[upgrade|doc/first_steps/upgrade/]] page."
msgstr ""
+"Aller à la page de [[téléchargement|upgrade] ou de [[mise à jour|doc/"
+"first_steps/upgrade/]]. "
#. type: Plain text
msgid ""
@@ -81,20 +86,27 @@ msgid ""
"boot after an automatic upgrade, you can [[update your Tails manually|doc/"
"first_steps/upgrade/#manual]]."
msgstr ""
+"Si vous n'avez pas fait de mise à jour automatique depuis longtemps et que "
+"votre Tails ne démarre après cette mise à jour automatique, vous pouvez "
+"mettre à jour Tails manuellement|doc/first_steps/upgrade/#manual]]. "
#. type: Title #
#, no-wrap
msgid "What's coming up?"
-msgstr ""
+msgstr "Et ensuite ?"
#. type: Plain text
msgid ""
"The next Tails release is [[scheduled|contribute/calendar]] for November 3."
msgstr ""
+"La prochaine version de Tails est [[prévue|contribute/calendar]] pour le 3 "
+"novembre."
#. type: Plain text
msgid "Have a look to our [[!tails_roadmap]] to see where we are heading to."
msgstr ""
+"Jetez un œil à notre [[!tails_roadmap]] pour savoir ce que nous avons en "
+"tête."
#. type: Plain text
msgid ""
@@ -102,3 +114,6 @@ msgid ""
"contribute]], for example by [[donating|contribute/how/donate]]. If you want "
"to help, come talk to us!"
msgstr ""
+"Vous voulez aider ? **Vous** pouvez contribuer à Tails de [[pleins de "
+"manières différentes|contribute]], par exemple en faisait une [[donation|"
+"contribute/how/donate]]. Si vous voulez aider, venez discuter avec nous !"
diff --git a/wiki/src/press/media_appearances_2011.fr.po b/wiki/src/press/media_appearances_2011.fr.po
index d47880e..7f0418e 100644
--- a/wiki/src/press/media_appearances_2011.fr.po
+++ b/wiki/src/press/media_appearances_2011.fr.po
@@ -3,23 +3,23 @@
# This file is distributed under the same license as the PACKAGE package.
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
#
-#, fuzzy
msgid ""
msgstr ""
-"Project-Id-Version: PACKAGE VERSION\n"
+"Project-Id-Version: \n"
"POT-Creation-Date: 2015-03-13 15:42+0100\n"
-"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"PO-Revision-Date: 2015-10-10 14:31+0100\n"
+"Last-Translator: AtomiKe <tails@atomike.ninja>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
-"Language: \n"
+"Language: fr\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 1.6.10\n"
#. type: Plain text
#, no-wrap
msgid "[[!meta title=\"Media appearances in 2011\"]]\n"
-msgstr ""
+msgstr "[[!meta title=\"Apparitions dans les médias en 2011\"]]\n"
#. type: Bullet: '* '
msgid ""
@@ -27,6 +27,9 @@ msgid ""
"h-online.com/open/news/item/Tails-the-incognito-live-system-gets-0-9-"
"release-1381623.html) on The H Open"
msgstr ""
+"18-11-2011 : [Tails, the incognito live system, gets 0.9 release](http://www."
+"h-online.com/open/news/item/Tails-the-incognito-live-system-gets-0-9-"
+"release-1381623.html) sur The H Open"
#. type: Bullet: '* '
msgid ""
@@ -35,33 +38,47 @@ msgid ""
"pratique-n°68-–-novembredecembre-2011-–-chez-votre-marchand-de-journaux) "
"magazine."
msgstr ""
+"28-10-2011 : (en français) Un CD de Tails 0.8 était livré avec le magazine "
+"[Linux Pratique, numéro 68](http://www.linux-pratique.com/index."
+"php/2011/10/28/linux-pratique-n°68-–-novembredecembre-2011-–-chez-votre-"
+"marchand-de-journaux)."
#. type: Bullet: '* '
msgid ""
"2011-08: Linux Journal: [Tails - You Can Never Be Too Paranoid](http://www."
"linuxjournal.com/content/linux-distro-tales-you-can-never-be-too-paranoid)"
msgstr ""
+"08-2011 : Linux Journal : [Tails - You Can Never Be Too Paranoid](http://www."
+"linuxjournal.com/content/linux-distro-tales-you-can-never-be-too-paranoid)"
#. type: Bullet: '* '
msgid ""
"2011-04-27: [The Amnesic Incognito Live System: A live CD for anonymity]"
"(https://lwn.net/Articles/440279/) on lwn.net"
msgstr ""
+"27-04-2011 : [The Amnesic Incognito Live System: A live CD for anonymity]"
+"(https://lwn.net/Articles/440279/) sur lwn.net"
#. type: Bullet: '* '
msgid ""
"2011-04-20: Release announcement for Tails 0.7 on [lwn.net](https://lwn.net/"
"Articles/439371/)"
msgstr ""
+"20-04-2011 : Annonce de la version 0.7 sur [lwn.net](https://lwn.net/"
+"Articles/439371/)"
#. type: Bullet: '* '
msgid ""
"2011-04-18: Incognito is mentionned in the [Distrowatch Weekly News](http://"
"distrowatch.com/weekly.php?issue=20110418#news)"
msgstr ""
+"18-04-2011 : Incognito est mentionné dans les [actualités hebdomadaires de "
+"DistroWatch](http://distrowatch.com/weekly.php?issue=20110418#news)"
#. type: Bullet: '* '
msgid ""
"2011-04-15: Release announcement on [Distrowatch](http://distrowatch.com/?"
"newsid=06629)"
msgstr ""
+"15-04-2011 : Annonce d'une nouvelle version sur [Distrowatch](http://"
+"distrowatch.com/?newsid=06629)"
diff --git a/wiki/src/security/Numerous_security_holes_in_1.5.1.fr.po b/wiki/src/security/Numerous_security_holes_in_1.5.1.fr.po
index eb57493..4548e28 100644
--- a/wiki/src/security/Numerous_security_holes_in_1.5.1.fr.po
+++ b/wiki/src/security/Numerous_security_holes_in_1.5.1.fr.po
@@ -3,49 +3,53 @@
# This file is distributed under the same license as the PACKAGE package.
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
#
-#, fuzzy
msgid ""
msgstr ""
-"Project-Id-Version: PACKAGE VERSION\n"
+"Project-Id-Version: \n"
"POT-Creation-Date: 2015-09-22 20:40+0200\n"
-"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"PO-Revision-Date: 2015-10-12 21:00+0100\n"
+"Last-Translator: AtomiKe <tails@atomike.ninja>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
-"Language: \n"
+"Language: fr\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 1.6.10\n"
#. type: Plain text
#, no-wrap
msgid "[[!meta date=\"Sun Sep 20 01:02:03 2015\"]]\n"
-msgstr ""
+msgstr "[[!meta date=\"Sun Sep 20 01:02:03 2015\"]]\n"
#. type: Plain text
#, no-wrap
msgid "[[!meta title=\"Numerous security holes in Tails 1.5.1\"]]\n"
-msgstr ""
+msgstr "[[!meta title=\"De nombreuses failles de sécurité dans Tails 1.5.1\"]]\n"
#. type: Plain text
#, no-wrap
msgid "[[!tag security/fixed]]\n"
-msgstr ""
+msgstr "[[!tag security/fixed]]\n"
#. type: Plain text
msgid ""
"Several security holes that affect Tails 1.5.1 are now fixed in Tails 1.6."
msgstr ""
+"Plusieurs failles de sécurité affectant Tails 1.5.1 sont maintenant comblées "
+"dans Tails 1.6."
#. type: Plain text
msgid ""
"We **strongly** encourage you to [[upgrade to Tails 1.6|news/version_1.6]] "
"as soon as possible."
msgstr ""
+"Nous vous encourageons **vivement** à faire la [[mise à jour vers Tails 1.6|"
+"news/version_1.6]] dès que possible."
#. type: Title =
#, no-wrap
msgid "Details\n"
-msgstr ""
+msgstr "Détails\n"
#. type: Bullet: ' - '
msgid ""
@@ -53,28 +57,31 @@ msgid ""
"mfsa2015 105]], [[!mfsa2015 106]], [[!mfsa2015 110]], [[!mfsa2015 111]], [[!"
"mfsa2015 112]],"
msgstr ""
+"Tor Browser: [[!mfsa2015 96]], [[!mfsa2015 100]], [[!mfsa2015 101]], [[!"
+"mfsa2015 105]], [[!mfsa2015 106]], [[!mfsa2015 110]], [[!mfsa2015 111]], [[!"
+"mfsa2015 112]],"
#. type: Plain text
#, no-wrap
msgid " [[!mfsa2015 113]]\n"
-msgstr ""
+msgstr " [[!mfsa2015 113]]\n"
#. type: Bullet: ' - '
msgid "bind9: [[!debsa2015 3350]]"
-msgstr ""
+msgstr "bind9: [[!debsa2015 3350]]"
#. type: Bullet: ' - '
msgid "liblcms1: [[!cve CVE-2013-4276]]"
-msgstr ""
+msgstr "liblcms1: [[!cve CVE-2013-4276]]"
#. type: Bullet: ' - '
msgid "libldap-2.4-2: [[!debsa2015 3356]]"
-msgstr ""
+msgstr "libldap-2.4-2: [[!debsa2015 3356]]"
#. type: Bullet: ' - '
msgid "libslp1: [[!debsa2015 3353]]"
-msgstr ""
+msgstr "libslp1: [[!debsa2015 3353]]"
#. type: Bullet: ' - '
msgid "ssl-cert: [[!debbug 773815]]"
-msgstr ""
+msgstr "ssl-cert: [[!debbug 773815]]"
diff --git a/wiki/src/support/faq.fr.po b/wiki/src/support/faq.fr.po
index 1e8bb50..94939a0 100644
--- a/wiki/src/support/faq.fr.po
+++ b/wiki/src/support/faq.fr.po
@@ -7,10 +7,9 @@ msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2015-09-23 10:54+0300\n"
-"PO-Revision-Date: 2015-09-14 20:56-0000\n"
+"PO-Revision-Date: 2015-10-10 10:45-0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
-"Language: \n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
@@ -1441,7 +1440,7 @@ msgstr ""
"slow>."
#. type: Plain text
-#, fuzzy, no-wrap
+#, no-wrap
#| msgid ""
#| "We have relatively vague [[!tails_ticket 5991 desc=\"plans to improve\n"
#| "on this situation\"]].\n"
@@ -1449,7 +1448,7 @@ msgid ""
"We had relatively vague [[!tails_ticket 5991 desc=\"plans to improve\n"
"on this situation\"]].\n"
msgstr ""
-"Nous avons de vagues [[!tails_ticket 5991 desc=\"plans pour améliorer\n"
+"Nous avions de vagues [[!tails_ticket 5991 desc=\"plans pour améliorer\n"
"cette situation\"]].\n"
#. type: Plain text
diff --git a/wiki/src/support/known_issues.de.po b/wiki/src/support/known_issues.de.po
index 8eb4790..7bbc40c 100644
--- a/wiki/src/support/known_issues.de.po
+++ b/wiki/src/support/known_issues.de.po
@@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2015-09-23 23:19+0200\n"
+"POT-Creation-Date: 2015-10-21 12:28+0300\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -771,6 +771,7 @@ msgid ""
" - MacBook Pro Retina 11,1 (late 2013)\n"
" - MacBook Pro Retina 13-inch (early 2015)\n"
" - Hewlett-Packard HP Pavilion dv6 Notebook PC\n"
+" - Hewlett-Packard HP ProBook 450 G0\n"
" - Lenovo ThinkPad X61, only on emergency shutdown when pulling out the\n"
" USB stick\n"
" - Lenovo ThinkPad X220\n"
@@ -781,6 +782,7 @@ msgid ""
" - Samsung N150P\n"
" - Acer Aspire e1-572\n"
" - Dell Latitude E6230\n"
+" - Microsoft Surface Pro 3\n"
msgstr ""
#. type: Plain text
diff --git a/wiki/src/support/known_issues.fr.po b/wiki/src/support/known_issues.fr.po
index 42fb867..4ef24e9 100644
--- a/wiki/src/support/known_issues.fr.po
+++ b/wiki/src/support/known_issues.fr.po
@@ -6,8 +6,8 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2015-09-23 23:19+0200\n"
-"PO-Revision-Date: 2015-09-16 13:52-0000\n"
+"POT-Creation-Date: 2015-10-21 12:28+0300\n"
+"PO-Revision-Date: 2015-10-10 10:53-0000\n"
"Last-Translator: \n"
"Language-Team: LANGUAGE <LL@li.org>\n"
"Language: \n"
@@ -775,10 +775,10 @@ msgid ""
"that other operating system can see what has been displayed on the screen "
"within Tails."
msgstr ""
-"Tails n'efface pas encore la [[!wikipedia VRAM desc=\"mémoire vidéo\"]]. "
-"Quand quelqu'un utilise Tails, puis redémarre l'ordinateur avec un autre "
-"système d'exploitation, cet autre système d'exploitation peut voir ce qui a "
-"été affiché sur l'écran dans Tails."
+"Tails n'efface pas encore la [[!wikipedia_fr Mémoire_vidéo desc=\"mémoire "
+"vidéo\"]]. Quand quelqu'un utilise Tails, puis redémarre l'ordinateur avec "
+"un autre système d'exploitation, cet autre système d'exploitation peut voir "
+"ce qui a été affiché sur l'écran dans Tails."
#. type: Plain text
msgid ""
@@ -892,7 +892,29 @@ msgid "This issue has been reported on the following hardware:"
msgstr "Ce problème a été rapporté sur les ordinateurs suivants :"
#. type: Plain text
-#, no-wrap
+#, fuzzy, no-wrap
+#| msgid ""
+#| " - Apple when booting from a USB stick:\n"
+#| " - MacBook Air 5,1\n"
+#| " - MacBook Air 5,2 (using a device installed with Tails Installer)\n"
+#| " - MacBook Air 6,2\n"
+#| " - MacBook Pro 7,1 13-inch (mid 2010)\n"
+#| " - MacBook Pro 9,2 13-inch (mid 2012)\n"
+#| " - MacBook Pro 8,1 13-inch (late 2011)\n"
+#| " - MacBook Pro 10,2\n"
+#| " - MacBook Pro Retina 11,1 (late 2013)\n"
+#| " - MacBook Pro Retina 13-inch (early 2015)\n"
+#| " - Hewlett-Packard HP Pavilion dv6 Notebook PC\n"
+#| " - Lenovo ThinkPad X61, only on emergency shutdown when pulling out the\n"
+#| " USB stick\n"
+#| " - Lenovo ThinkPad X220\n"
+#| " - Toshiba Satellite C855D\n"
+#| " - Dell Inc. Studio 1458\n"
+#| " - Fujitsu Lifebook AH531/GFO, only on regular shutdown, emergency\n"
+#| " shutdown works\n"
+#| " - Samsung N150P\n"
+#| " - Acer Aspire e1-572\n"
+#| " - Dell Latitude E6230\n"
msgid ""
" - Apple when booting from a USB stick:\n"
" - MacBook Air 5,1\n"
@@ -905,6 +927,7 @@ msgid ""
" - MacBook Pro Retina 11,1 (late 2013)\n"
" - MacBook Pro Retina 13-inch (early 2015)\n"
" - Hewlett-Packard HP Pavilion dv6 Notebook PC\n"
+" - Hewlett-Packard HP ProBook 450 G0\n"
" - Lenovo ThinkPad X61, only on emergency shutdown when pulling out the\n"
" USB stick\n"
" - Lenovo ThinkPad X220\n"
@@ -915,6 +938,7 @@ msgid ""
" - Samsung N150P\n"
" - Acer Aspire e1-572\n"
" - Dell Latitude E6230\n"
+" - Microsoft Surface Pro 3\n"
msgstr ""
" - Apple en démarrant depuis une clé USB :\n"
" - MacBook Air 5,1\n"
diff --git a/wiki/src/support/known_issues.mdwn b/wiki/src/support/known_issues.mdwn
index f32f63a..84e9133 100644
--- a/wiki/src/support/known_issues.mdwn
+++ b/wiki/src/support/known_issues.mdwn
@@ -401,6 +401,7 @@ This issue has been reported on the following hardware:
- MacBook Pro Retina 11,1 (late 2013)
- MacBook Pro Retina 13-inch (early 2015)
- Hewlett-Packard HP Pavilion dv6 Notebook PC
+ - Hewlett-Packard HP ProBook 450 G0
- Lenovo ThinkPad X61, only on emergency shutdown when pulling out the
USB stick
- Lenovo ThinkPad X220
@@ -411,6 +412,7 @@ This issue has been reported on the following hardware:
- Samsung N150P
- Acer Aspire e1-572
- Dell Latitude E6230
+ - Microsoft Surface Pro 3
<a id="fingerprint"></a>
diff --git a/wiki/src/support/known_issues.pt.po b/wiki/src/support/known_issues.pt.po
index 51ca5cd..b0a4707 100644
--- a/wiki/src/support/known_issues.pt.po
+++ b/wiki/src/support/known_issues.pt.po
@@ -6,7 +6,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2015-09-23 23:19+0200\n"
+"POT-Creation-Date: 2015-10-21 12:28+0300\n"
"PO-Revision-Date: 2014-06-30 15:38-0300\n"
"Last-Translator: Tails Developers <amnesia@boum.org>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -909,6 +909,7 @@ msgid ""
" - MacBook Pro Retina 11,1 (late 2013)\n"
" - MacBook Pro Retina 13-inch (early 2015)\n"
" - Hewlett-Packard HP Pavilion dv6 Notebook PC\n"
+" - Hewlett-Packard HP ProBook 450 G0\n"
" - Lenovo ThinkPad X61, only on emergency shutdown when pulling out the\n"
" USB stick\n"
" - Lenovo ThinkPad X220\n"
@@ -919,6 +920,7 @@ msgid ""
" - Samsung N150P\n"
" - Acer Aspire e1-572\n"
" - Dell Latitude E6230\n"
+" - Microsoft Surface Pro 3\n"
msgstr ""
#. type: Plain text
diff --git a/wiki/src/support/learn.fr.po b/wiki/src/support/learn.fr.po
index 155e24c..f5146ac 100644
--- a/wiki/src/support/learn.fr.po
+++ b/wiki/src/support/learn.fr.po
@@ -3,45 +3,50 @@
# This file is distributed under the same license as the PACKAGE package.
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
#
-#, fuzzy
msgid ""
msgstr ""
-"Project-Id-Version: PACKAGE VERSION\n"
+"Project-Id-Version: \n"
"POT-Creation-Date: 2015-08-20 09:48+0300\n"
-"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"PO-Revision-Date: 2015-10-10 14:56+0100\n"
+"Last-Translator: AtomiKe <tails@atomike.ninja>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
-"Language: \n"
+"Language: fr\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 1.6.10\n"
#. type: Plain text
#, no-wrap
msgid "[[!meta title=\"Learn how to use Tails\"]]\n"
-msgstr ""
+msgstr "[[!meta title=\"Apprendre à utiliser Tails\"]]\n"
#. type: Plain text
#, no-wrap
msgid "[[!inline pages=\"support/learn/intro.inline\" raw=\"yes\"]]\n"
-msgstr ""
+msgstr "[[!inline pages=\"support/learn/intro.inline\" raw=\"yes\"]]\n"
#. type: Title =
#, no-wrap
msgid "Training organizations\n"
-msgstr ""
+msgstr "Organisations proposant des formations\n"
#. type: Plain text
#, no-wrap
msgid ""
-"Here is a non-exhaustive list of organizations that provides Tails "
-"training.\n"
+"Here is a non-exhaustive list of organizations that provides Tails training.\n"
"We don't have any monetary or technical implications\n"
"in their Tails trainings, we just provide this list for the benefit of\n"
"users willing to learn how to us Tails. If you're an organization\n"
"providing Tails training, please write to <tails-press@boum.org> so we\n"
"can complete this list.\n"
msgstr ""
+"Voici une liste non exhaustive d'organisations qui dispensent des formations à Tails.\n"
+"Nous n'avons aucune implication technique ou monétaire\n"
+"avec ces formations, nous fournissons cette liste dans l'intérêt des\n"
+"utilisateurs voulant apprendre à utiliser Tails. Si vous dispensez des\n"
+"formations à propos de Tails, envoyez nous un mail à <tails-press@boum.org>\n"
+"afin que nous complétions la liste.\n"
#. type: Plain text
#, no-wrap
@@ -52,9 +57,15 @@ msgid ""
" are at-risk, or organizations that work with them.\n"
" - Email: <help@accessnow.org>\n"
" - [Contact page](https://www.accessnow.org/page/s/contact)\n"
-" - OpenPGP key fingerprint: 6CE6 221C 98EC F399 A04C 41B8 C46B ED33 32E8 "
-"A2BC\n"
+" - OpenPGP key fingerprint: 6CE6 221C 98EC F399 A04C 41B8 C46B ED33 32E8 A2BC\n"
msgstr ""
+"* [Access Now](https://www.accessnow.org)\n"
+" - Localisation : International\n"
+" - Fournit de l'aide et des formations aux communautés, groupes et individus\n"
+" à risque, ou aux organisations qui travaillent avec eux.\n"
+" - Email: <help@accessnow.org>\n"
+" - [Page de contact](https://www.accessnow.org/page/s/contact)\n"
+" - Empreinte de leur clé OpenPGP : 6CE6 221C 98EC F399 A04C 41B8 C46B ED33 32E8 A2BC\n"
#. type: Plain text
#, no-wrap
@@ -64,21 +75,28 @@ msgid ""
" - Provides digital security trainings (including Tails) for human\n"
" rights defenders.\n"
msgstr ""
+"* [Front Line Defenders](http://www.frontlinedefenders.org/)\n"
+" - Localisation : International\n"
+" - Founit des formations de sécurité numérique (dont Tails) pour\n"
+" les défenseurs des droits de l'homme.\n"
#. type: Plain text
#, no-wrap
msgid ""
-"* [Hermes Center for Transparency and Digital Human "
-"Rights](http://logioshermes.org/)\n"
+"* [Hermes Center for Transparency and Digital Human Rights](http://logioshermes.org/)\n"
" - Location: Italy (Florence, Milan, Rome)\n"
" - Email: <training@logioshermes.org>\n"
" - Referent: Marco Calamari\n"
msgstr ""
+"* [Hermes Center for Transparency and Digital Human Rights](http://logioshermes.org/)\n"
+" - Localisation : Italy (Florence, Milan, Rome)\n"
+" - Email: <training@logioshermes.org>\n"
+" - Référent: Marco Calamari\n"
#. type: Title =
#, no-wrap
msgid "Training material\n"
-msgstr ""
+msgstr "Support de formation\n"
#. type: Plain text
msgid ""
@@ -86,7 +104,10 @@ msgid ""
"that are available. You can also send us your slides and other teaching "
"material, so that others can benefit from them and improve them:"
msgstr ""
+"Si vous formez des utilisateurs à Tails, vous pourriez être intéressé par "
+"les diaporamas disponibles. Vous pouvez aussi nous envoyer vos supports de "
+"formations pour que d'autres puissent s'en servir et les améliorer :"
#. type: Bullet: '* '
msgid "[[Slides|contribute/how/promote/material/slides]]"
-msgstr ""
+msgstr "[[Slides|contribute/how/promote/material/slides]]"
diff --git a/wiki/src/support/learn/intro.inline.fr.po b/wiki/src/support/learn/intro.inline.fr.po
index 6c1dd75..63498c4 100644
--- a/wiki/src/support/learn/intro.inline.fr.po
+++ b/wiki/src/support/learn/intro.inline.fr.po
@@ -3,21 +3,23 @@
# This file is distributed under the same license as the PACKAGE package.
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
#
-#, fuzzy
msgid ""
msgstr ""
-"Project-Id-Version: PACKAGE VERSION\n"
+"Project-Id-Version: \n"
"POT-Creation-Date: 2015-08-20 09:48+0300\n"
-"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"PO-Revision-Date: 2015-10-09 23:32+0100\n"
+"Last-Translator: AtomiKe <tails@atomike.ninja>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
-"Language: \n"
+"Language: fr\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 1.6.10\n"
#. type: Plain text
msgid ""
"The Tails project itself lacks time and skills to provide training on how to "
"use Tails but [[other organizations do so|learn]]."
msgstr ""
+"Le projet Tails manque de temps et de compétences pour former à "
+"l'utilisation de Tails mais [[d'autres organisations le font|learn]]."
diff --git a/wiki/src/support/talk/languages.inline.fr.po b/wiki/src/support/talk/languages.inline.fr.po
index 9e24b6b..dbde25f 100644
--- a/wiki/src/support/talk/languages.inline.fr.po
+++ b/wiki/src/support/talk/languages.inline.fr.po
@@ -3,23 +3,23 @@
# This file is distributed under the same license as the PACKAGE package.
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
#
-#, fuzzy
msgid ""
msgstr ""
-"Project-Id-Version: PACKAGE VERSION\n"
+"Project-Id-Version: \n"
"POT-Creation-Date: 2015-08-12 19:32+0300\n"
-"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"PO-Revision-Date: 2015-10-09 23:31+0100\n"
+"Last-Translator: AtomiKe <tails@atomike.ninja>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
-"Language: \n"
+"Language: fr\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 1.6.10\n"
#. type: Plain text
#, no-wrap
msgid "<p>We answer requests in:</p>\n"
-msgstr ""
+msgstr "<p>Nous répondons aux questions en :</p>\n"
#. type: Plain text
#, no-wrap
@@ -31,6 +31,12 @@ msgid ""
" <li>Italian</li>\n"
"</ul>\n"
msgstr ""
+"<ul>\n"
+" <li>Anglais</li>\n"
+" <li>Français</li>\n"
+" <li>Espagnol</li>\n"
+" <li>Italien</li>\n"
+"</ul>\n"
#. type: Plain text
#, no-wrap
@@ -38,3 +44,5 @@ msgid ""
"<p>Requests not in English might take longer to answer.\n"
"Imperfect English is welcome :)</p>\n"
msgstr ""
+"<p>Les réponses aux requêtes non formulées en anglais peuvent être plus longues à arriver.\n"
+"Un anglais imparfait est le bienvenu :)</p>\n"