summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorintrigeri <intrigeri@boum.org>2019-05-06 07:31:03 +0000
committerintrigeri <intrigeri@boum.org>2019-05-06 07:31:03 +0000
commitc36f0684a85bcf7aca435110211c18709350487e (patch)
treef25ec2ed00231ddf8426dd9b45287ae172bbf098
parentedab79ce5c4e1c64eae41708e16d458cbc2c41d4 (diff)
Test suite: make tails-security-check's SOCKS port test work when there's a live security advisory (refs: #16701)
With a live security advisory, an instance of tails-security-check is already running, which breaks "I re-run tails-security-check" (timeout waiting for the process to exit). Let's instead re-run it via its systemd service, so that: 1. any already running tails-security-check is killed, which fixes this bug; 2. we test tails-security-check in an environment closer to how it's run in a real Tails: as we can see on #16603, running this kind of scripts via systemd or without it can yield subtly different behavior. But systemctl returns as soon as the process is started, while our previous implementation waited for tails-security-check to exit. So we need to wait a little bit before analysing the network trace.
-rw-r--r--features/step_definitions/tor.rb6
-rw-r--r--features/tor_stream_isolation.feature2
2 files changed, 5 insertions, 3 deletions
diff --git a/features/step_definitions/tor.rb b/features/step_definitions/tor.rb
index f9d2938..1e3a6b5 100644
--- a/features/step_definitions/tor.rb
+++ b/features/step_definitions/tor.rb
@@ -291,7 +291,8 @@ When /^I monitor the network connections of (.*)$/ do |application|
"done > #{@process_monitor_log}")
end
-Then /^I see that (.+) is properly stream isolated$/ do |application|
+Then /^I see that (.+) is properly stream isolated(?: after (\d+) seconds)?$/ do |application, delay|
+ sleep delay.to_i if delay
info = stream_isolation_info(application)
expected_ports = [info[:socksport]]
expected_ports << 9051 if info[:controller]
@@ -309,7 +310,8 @@ Then /^I see that (.+) is properly stream isolated$/ do |application|
end
And /^I re-run tails-security-check$/ do
- $vm.execute_successfully("tails-security-check", :user => LIVE_USER)
+ $vm.execute_successfully("systemctl --user restart tails-security-check.service",
+ :user => LIVE_USER)
end
And /^I re-run htpdate$/ do
diff --git a/features/tor_stream_isolation.feature b/features/tor_stream_isolation.feature
index 8f91218..5b5b667 100644
--- a/features/tor_stream_isolation.feature
+++ b/features/tor_stream_isolation.feature
@@ -9,7 +9,7 @@ Feature: Tor stream isolation is effective
Scenario: tails-security-check is using the Tails-specific SocksPort
When I monitor the network connections of tails-security-check
And I re-run tails-security-check
- Then I see that tails-security-check is properly stream isolated
+ Then I see that tails-security-check is properly stream isolated after 10 seconds
Scenario: htpdate is using the Tails-specific SocksPort
When I monitor the network connections of htpdate