summaryrefslogtreecommitdiffstats
path: root/features
diff options
context:
space:
mode:
authorTails developers <amnesia@boum.org>2014-12-03 13:01:52 +0100
committerTails developers <amnesia@boum.org>2014-12-03 13:01:52 +0100
commit1138ffbed4936969f0068ad29aeefb7b1bcb7697 (patch)
tree0c5e2a39fb2863125984321a8f4e0c717e3d1644 /features
parent56c42191c0620c45c7659cce16b564467bb80759 (diff)
parent7999371f600097af34fe489d80a8eb253fe5778c (diff)
Merge https://git-tails.immerda.ch/tails into doc/projectdoc/projectdoc/7536-project
Diffstat (limited to 'features')
-rw-r--r--features/apt.feature3
-rw-r--r--features/checks.feature18
-rw-r--r--features/dhcp.feature32
-rw-r--r--features/encryption.feature7
-rw-r--r--features/erase_memory.feature26
-rw-r--r--features/evince.feature53
-rw-r--r--features/firewall_leaks.feature3
-rw-r--r--features/i2p.feature33
-rw-r--r--features/images/CupsTestPage.pngbin0 -> 11564 bytes
-rw-r--r--features/images/EvincePrintDialog.pngbin0 -> 2038 bytes
-rw-r--r--features/images/EvincePrintOutputFile.pngbin0 -> 1088 bytes
-rw-r--r--features/images/EvincePrintOutputFileSelected.pngbin0 -> 1218 bytes
-rw-r--r--features/images/EvincePrintToFile.pngbin0 -> 1440 bytes
-rw-r--r--features/images/EvinceUnableToOpen.pngbin0 -> 7171 bytes
-rw-r--r--features/images/GnomeApplicationsAdministration.pngbin0 -> 2667 bytes
-rw-r--r--features/images/GnomeApplicationsConfigurePersistentVolume.pngbin0 -> 2735 bytes
-rw-r--r--features/images/GnomeApplicationsDeletePersistentVolume.pngbin0 -> 2318 bytes
-rw-r--r--features/images/GnomeApplicationsGedit.pngbin0 -> 1828 bytes
-rw-r--r--features/images/GnomeApplicationsI2PBrowser.pngbin0 -> 2070 bytes
-rw-r--r--features/images/GnomeApplicationsInternet.pngbin0 -> 1825 bytes
-rw-r--r--features/images/GnomeApplicationsPidgin.pngbin0 -> 1910 bytes
-rw-r--r--features/images/GnomeApplicationsPreferences.pngbin0 -> 1705 bytes
-rw-r--r--features/images/GnomeApplicationsSeahorse.pngbin0 -> 2332 bytes
-rw-r--r--features/images/GnomeApplicationsSoundVideo.pngbin0 -> 2517 bytes
-rw-r--r--features/images/GnomeApplicationsSynaptic.pngbin0 -> 2816 bytes
-rw-r--r--features/images/GnomeApplicationsSystem.pngbin0 -> 2797 bytes
-rw-r--r--features/images/GnomeApplicationsTails.pngbin0 -> 1739 bytes
-rw-r--r--features/images/GnomeApplicationsTailsInstaller.pngbin0 -> 2096 bytes
-rw-r--r--features/images/GnomeApplicationsTerminal.pngbin0 -> 1670 bytes
-rw-r--r--features/images/GnomeApplicationsTorBrowser.pngbin0 -> 2586 bytes
-rw-r--r--features/images/GnomeApplicationsTotem.pngbin0 -> 2683 bytes
-rw-r--r--features/images/GnomeApplicationsUnsafeBrowser.pngbin0 -> 2996 bytes
-rw-r--r--features/images/GtkFileChooserDesktopButton.pngbin0 -> 1832 bytes
-rw-r--r--features/images/GtkFileTypeFileNameButton.pngbin0 -> 949 bytes
-rw-r--r--features/images/I2P_router_console.pngbin0 -> 3821 bytes
-rw-r--r--features/images/I2P_starting_notification.pngbin0 -> 1946 bytes
-rw-r--r--features/images/PidginAccountManagerCloseButton.pngbin0 -> 997 bytes
-rw-r--r--features/images/PidginAccountWindow.pngbin0 -> 1473 bytes
-rw-r--r--features/images/PidginAccount_irc.oftc.net.pngbin0 -> 1730 bytes
-rw-r--r--features/images/PidginCertificateAddButton.pngbin0 -> 612 bytes
-rw-r--r--features/images/PidginCertificateAddHostnameDialog.pngbin0 -> 2885 bytes
-rw-r--r--features/images/PidginCertificateImportFailed.pngbin0 -> 3756 bytes
-rw-r--r--features/images/PidginCertificateManagerDialog.pngbin0 -> 2450 bytes
-rw-r--r--features/images/PidginCertificateTestItem.pngbin0 -> 871 bytes
-rw-r--r--features/images/PidginCertificatesMenuItem.pngbin0 -> 1255 bytes
-rw-r--r--features/images/PidginConnecting.pngbin0 -> 1717 bytes
-rw-r--r--features/images/PidginTailsChannelEntry.pngbin0 -> 1363 bytes
-rw-r--r--features/images/PidginTailsChannelWelcome.pngbin0 -> 1358 bytes
-rw-r--r--features/images/PidginTailsConversationTab.pngbin0 -> 934 bytes
-rw-r--r--features/images/PidginToolsMenu.pngbin0 -> 648 bytes
-rw-r--r--features/images/SampleLocalMp4VideoFrame.pngbin0 -> 3760 bytes
-rw-r--r--features/images/SampleRemoteWebMVideoFrame.pngbin0 -> 10738 bytes
-rw-r--r--features/images/SynapticPolicyKitAuthPrompt.pngbin0 -> 2568 bytes
-rw-r--r--features/images/TailsBootSplashTabMsgPostReset.pngbin0 -> 4729 bytes
-rw-r--r--features/images/TailsBootSplashTabMsgUEFI.pngbin0 -> 8091 bytes
-rw-r--r--features/images/TailsBootSplashUEFI.pngbin0 -> 7000 bytes
-rw-r--r--features/images/TorBrowserAddressBar.pngbin0 -> 2067 bytes
-rw-r--r--features/images/TorBrowserBookmarkPrompt.pngbin0 -> 2242 bytes
-rw-r--r--features/images/TorBrowserEFFBookmark.pngbin0 -> 1952 bytes
-rw-r--r--features/images/TorBrowserNewTabButton.pngbin0 -> 397 bytes
-rw-r--r--features/images/TorBrowserNoPlugins.png (renamed from features/images/IceweaselNoPlugins.png)bin3997 -> 3997 bytes
-rw-r--r--features/images/TorBrowserOffline.pngbin0 -> 3511 bytes
-rw-r--r--features/images/TorBrowserOfflinePrompt.pngbin0 -> 1998 bytes
-rw-r--r--features/images/TorBrowserOfflinePromptStart.pngbin0 -> 2048 bytes
-rw-r--r--features/images/TorBrowserStartupPage.pngbin0 -> 12537 bytes
-rw-r--r--features/images/TorBrowserTorCheck.png (renamed from features/images/IceweaselTorCheck.png)bin5226 -> 5226 bytes
-rw-r--r--features/images/TorBrowserWindow.png (renamed from features/images/IceweaselWindow.png)bin1630 -> 1630 bytes
-rw-r--r--features/images/TotemMainWindow.pngbin0 -> 25968 bytes
-rw-r--r--features/images/TotemOpenUrlDialog.pngbin0 -> 1850 bytes
-rw-r--r--features/images/TotemUnableToOpen.pngbin0 -> 5492 bytes
-rw-r--r--features/images/TrueCryptRemovalWarning.pngbin3910 -> 4456 bytes
-rw-r--r--features/images/UnsafeBrowserEditMenu.pngbin0 -> 871 bytes
-rw-r--r--features/images/UnsafeBrowserEditPreferences.pngbin0 -> 1408 bytes
-rw-r--r--features/images/UnsafeBrowserPreferencesMenuItem.pngbin0 -> 1405 bytes
-rw-r--r--features/images/UnsafeBrowserPreferencesWindow.png (renamed from features/images/UnsafeBrowserPreferences.png)bin2663 -> 2663 bytes
-rw-r--r--features/images/UnsafeBrowserRedTheme.pngbin5616 -> 1499 bytes
-rw-r--r--features/images/WindowsApplicationsInternet.pngbin0 -> 2077 bytes
-rw-r--r--features/images/WindowsApplicationsTorBrowser.pngbin0 -> 2256 bytes
-rw-r--r--features/images/WindowsTorBrowserTaskBar.png (renamed from features/images/WindowsIceweaselTaskBar.png)bin1978 -> 1978 bytes
-rw-r--r--features/images/WindowsTorBrowserWindow.png (renamed from features/images/WindowsIceweaselWindow.png)bin1393 -> 1393 bytes
-rw-r--r--features/pidgin.feature71
-rw-r--r--features/step_definitions/apt.rb11
-rw-r--r--features/step_definitions/checks.rb29
-rw-r--r--features/step_definitions/common_steps.rb326
-rw-r--r--features/step_definitions/dhcp.rb20
-rw-r--r--features/step_definitions/encryption.rb4
-rw-r--r--features/step_definitions/erase_memory.rb6
-rw-r--r--features/step_definitions/evince.rb20
-rw-r--r--features/step_definitions/i2p.rb60
-rw-r--r--features/step_definitions/pidgin.rb188
-rw-r--r--features/step_definitions/root_access_control.rb18
-rw-r--r--features/step_definitions/torified_browsing.rb11
-rw-r--r--features/step_definitions/torified_gnupg.rb10
-rw-r--r--features/step_definitions/totem.rb50
-rw-r--r--features/step_definitions/unsafe_browser.rb44
-rw-r--r--features/step_definitions/usb.rb77
-rw-r--r--features/support/config.rb1
-rw-r--r--features/support/helpers/exec_helper.rb3
-rw-r--r--features/support/helpers/misc_helpers.rb16
-rw-r--r--features/support/helpers/sikuli_helper.rb4
-rw-r--r--features/support/helpers/storage_helper.rb4
-rw-r--r--features/support/helpers/vm_helper.rb34
-rw-r--r--features/support/hooks.rb6
-rw-r--r--features/time_syncing.feature6
-rw-r--r--features/torified_browsing.feature29
-rw-r--r--features/totem.feature59
-rw-r--r--features/truecrypt.feature7
-rw-r--r--features/unsafe_browser.feature25
-rw-r--r--features/untrusted_partitions.feature24
-rw-r--r--features/usb_install.feature210
-rw-r--r--features/windows_camouflage.feature6
111 files changed, 1167 insertions, 387 deletions
diff --git a/features/apt.feature b/features/apt.feature
index 200303b..e86d3c6 100644
--- a/features/apt.feature
+++ b/features/apt.feature
@@ -28,8 +28,7 @@ Feature: Installing packages through APT
And all Internet traffic has only flowed through Tor
Scenario: Install packages using Synaptic
- When I run "gksu synaptic"
- And I enter the sudo password in the gksu prompt
+ When I start Synaptic
And I update APT using Synaptic
Then I should be able to install a package using Synaptic
And all Internet traffic has only flowed through Tor
diff --git a/features/checks.feature b/features/checks.feature
index 083d877..277bdb9 100644
--- a/features/checks.feature
+++ b/features/checks.feature
@@ -3,14 +3,13 @@ Feature: Various checks
Background:
Given a computer
- And the network is unplugged
- And I start the computer
- And the computer boots Tails
- And I log in to a new session
- And GNOME has started
- And all notifications have disappeared
+ And I start Tails from DVD with network unplugged and I login
And I save the state so the background can be restored next scenario
+ Scenario: AppArmor is enabled and has enforced profiles
+ Then AppArmor is enabled
+ And some AppArmor profiles are enforced
+
Scenario: VirtualBox guest modules are available
When Tails has booted a 64-bit kernel
Then the VirtualBox guest modules are available
@@ -53,11 +52,6 @@ Feature: Various checks
# impossible to have after a snapshot restore.
Scenario: MAT can clean a PDF file
Given a computer
- And the network is unplugged
And I setup a filesystem share containing a sample PDF
- And I start the computer
- And the computer boots Tails
- And I log in to a new session
- And GNOME has started
- And all notifications have disappeared
+ And I start Tails from DVD with network unplugged and I login
Then MAT can clean some sample PDF file
diff --git a/features/dhcp.feature b/features/dhcp.feature
new file mode 100644
index 0000000..c15ae0c
--- /dev/null
+++ b/features/dhcp.feature
@@ -0,0 +1,32 @@
+@product
+Feature: Getting a DHCP lease without leaking too much information
+ As a Tails user
+ when I connect to a network with a DHCP server
+ I should be able to connect to the Internet
+ and the hostname should not have been leaked on the network.
+
+ Scenario: Getting a DHCP lease with the default NetworkManager connection
+ Given a computer
+ And I capture all network traffic
+ And I start the computer
+ And the computer boots Tails
+ And I log in to a new session
+ And GNOME has started
+ And Tor is ready
+ And all notifications have disappeared
+ And available upgrades have been checked
+ Then the hostname should not have been leaked on the network
+
+ Scenario: Getting a DHCP lease with a manually configured NetworkManager connection
+ Given a computer
+ And I capture all network traffic
+ And I start the computer
+ And the computer boots Tails
+ And I log in to a new session
+ And GNOME has started
+ And Tor is ready
+ And all notifications have disappeared
+ And available upgrades have been checked
+ And I add a wired DHCP NetworkManager connection called "manually-added-con"
+ And I switch to the "manually-added-con" NetworkManager connection
+ Then the hostname should not have been leaked on the network
diff --git a/features/encryption.feature b/features/encryption.feature
index 7e70ab3..2f30d2a 100644
--- a/features/encryption.feature
+++ b/features/encryption.feature
@@ -6,12 +6,7 @@ Feature: Encryption and verification using GnuPG
Background:
Given a computer
- And the network is unplugged
- And I start the computer
- And the computer boots Tails
- And I log in to a new session
- And GNOME has started
- And all notifications have disappeared
+ And I start Tails from DVD with network unplugged and I login
And I generate an OpenPGP key named "test" with password "asdf"
And I save the state so the background can be restored next scenario
diff --git a/features/erase_memory.feature b/features/erase_memory.feature
index 4add68c..56d3a40 100644
--- a/features/erase_memory.feature
+++ b/features/erase_memory.feature
@@ -9,10 +9,8 @@ Feature: System memory erasure on shutdown
And the computer is a modern 64-bit system
And the computer has 8 GiB of RAM
And I set Tails to boot with options "debug=wipemem"
- And the network is unplugged
- And I start the computer
- And the computer boots Tails
- And the PAE kernel is running
+ And I start Tails from DVD with network unplugged and I login
+ Then the PAE kernel is running
And at least 8 GiB of RAM was detected
And process "memlockd" is running
And process "udev-watchdog" is running
@@ -25,12 +23,8 @@ Feature: System memory erasure on shutdown
And the computer is a modern 64-bit system
And the computer has 8 GiB of RAM
And I set Tails to boot with options "debug=wipemem"
- And the network is unplugged
- And I start the computer
- And the computer boots Tails
- And I log in to a new session
- And GNOME has started
- And the PAE kernel is running
+ And I start Tails from DVD with network unplugged and I login
+ Then the PAE kernel is running
And at least 8 GiB of RAM was detected
And process "memlockd" is running
And process "udev-watchdog" is running
@@ -43,10 +37,8 @@ Feature: System memory erasure on shutdown
And the computer is an old pentium without the PAE extension
And the computer has 8 GiB of RAM
And I set Tails to boot with options "debug=wipemem"
- And the network is unplugged
- And I start the computer
- And the computer boots Tails
- And the non-PAE kernel is running
+ And I start Tails from DVD with network unplugged and I login
+ Then the non-PAE kernel is running
And at least 3500 MiB of RAM was detected
And process "memlockd" is running
And process "udev-watchdog" is running
@@ -59,11 +51,7 @@ Feature: System memory erasure on shutdown
And the computer is an old pentium without the PAE extension
And the computer has 8 GiB of RAM
And I set Tails to boot with options "debug=wipemem"
- And the network is unplugged
- And I start the computer
- And the computer boots Tails
- And I log in to a new session
- And GNOME has started
+ And I start Tails from DVD with network unplugged and I login
And the non-PAE kernel is running
And at least 3500 MiB of RAM was detected
And process "memlockd" is running
diff --git a/features/evince.feature b/features/evince.feature
new file mode 100644
index 0000000..fe687f3
--- /dev/null
+++ b/features/evince.feature
@@ -0,0 +1,53 @@
+@product
+Feature: Using Evince
+ As a Tails user
+ I want to view and print PDF files in Evince
+ And AppArmor should prevent Evince from doing dangerous things
+
+ Background:
+ Given a computer
+ And I start Tails from DVD with network unplugged and I login
+ And I save the state so the background can be restored next scenario
+
+ Scenario: I can view and print a PDF file stored in /usr/share
+ When I open "/usr/share/cups/data/default-testpage.pdf" with Evince
+ Then I see "CupsTestPage.png" after at most 10 seconds
+ And I can print the current document to "/home/amnesia/output.pdf"
+
+ Scenario: I can view and print a PDF file stored in non-persistent /home/amnesia
+ Given I copy "/usr/share/cups/data/default-testpage.pdf" to "/home/amnesia" as user "amnesia"
+ When I open "/home/amnesia/default-testpage.pdf" with Evince
+ Then I see "CupsTestPage.png" after at most 10 seconds
+ And I can print the current document to "/home/amnesia/output.pdf"
+
+ Scenario: I cannot view a PDF file stored in non-persistent /home/amnesia/.gnupg
+ Given I copy "/usr/share/cups/data/default-testpage.pdf" to "/home/amnesia/.gnupg" as user "amnesia"
+ When I try to open "/home/amnesia/.gnupg/default-testpage.pdf" with Evince
+ Then I see "EvinceUnableToOpen.png" after at most 10 seconds
+
+ @keep_volumes
+ Scenario: Installing Tails on a USB drive, creating a persistent partition, copying PDF files to it
+ Given the USB drive "current" contains Tails with persistence configured and password "asdf"
+ And a computer
+ And I start Tails from USB drive "current" with network unplugged and I login with persistence password "asdf"
+ And I copy "/usr/share/cups/data/default-testpage.pdf" to "/home/amnesia/Persistent" as user "amnesia"
+ Then the file "/home/amnesia/Persistent/default-testpage.pdf" exists
+ And I copy "/usr/share/cups/data/default-testpage.pdf" to "/home/amnesia/.gnupg" as user "amnesia"
+ Then the file "/home/amnesia/.gnupg/default-testpage.pdf" exists
+ And I shutdown Tails and wait for the computer to power off
+
+ @keep_volumes
+ Scenario: I can view and print a PDF file stored in persistent /home/amnesia/Persistent
+ Given a computer
+ And I start Tails from USB drive "current" with network unplugged and I login with persistence password "asdf"
+ When I open "/home/amnesia/Persistent/default-testpage.pdf" with Evince
+ Then I see "CupsTestPage.png" after at most 10 seconds
+ And I can print the current document to "/home/amnesia/Persistent/output.pdf"
+
+ @keep_volumes
+ Scenario: I cannot view a PDF file stored in persistent /home/amnesia/.gnupg
+ Given a computer
+ When I start Tails from USB drive "current" with network unplugged and I login with persistence password "asdf"
+ And I try to open "/home/amnesia/.gnupg/default-testpage.pdf" with Evince
+ Then I see "EvinceUnableToOpen.png" after at most 10 seconds
+
diff --git a/features/firewall_leaks.feature b/features/firewall_leaks.feature
index 093a0b2..775c6e1 100644
--- a/features/firewall_leaks.feature
+++ b/features/firewall_leaks.feature
@@ -16,8 +16,7 @@ Feature:
And I save the state so the background can be restored next scenario
Scenario: Detecting IPv4 TCP leaks from the Unsafe Browser
- When I start the Unsafe Browser
- And the Unsafe Browser has started
+ When I successfully start the Unsafe Browser
And I open the address "https://check.torproject.org" in the Unsafe Browser
And I see "UnsafeBrowserTorCheckFail.png" after at most 60 seconds
Then the firewall leak detector has detected IPv4 TCP leaks
diff --git a/features/i2p.feature b/features/i2p.feature
new file mode 100644
index 0000000..fc4cdf0
--- /dev/null
+++ b/features/i2p.feature
@@ -0,0 +1,33 @@
+@product
+Feature: I2P
+ As a Tails user
+ I *might* want to use I2P
+
+ Scenario: I2P is disabled by default
+ Given a computer
+ And I start the computer
+ And the computer boots Tails
+ And I log in to a new session
+ And GNOME has started
+ And Tor is ready
+ And all notifications have disappeared
+ Then the I2P Browser desktop file is not present
+ And the I2P Browser sudo rules are not present
+ And the I2P firewall rules are disabled
+
+ Scenario: I2P is enabled when the "i2p" boot parameter is added
+ Given a computer
+ And I set Tails to boot with options "i2p"
+ And I start the computer
+ And the computer boots Tails
+ And I log in to a new session
+ And GNOME has started
+ And Tor is ready
+ And I2P is running
+ And the I2P router console is ready
+ And all notifications have disappeared
+ Then the I2P Browser desktop file is present
+ And the I2P Browser sudo rules are enabled
+ And the I2P firewall rules are enabled
+ When I start the I2P Browser through the GNOME menu
+ Then I see "I2P_router_console.png" after at most 60 seconds
diff --git a/features/images/CupsTestPage.png b/features/images/CupsTestPage.png
new file mode 100644
index 0000000..25b6087
--- /dev/null
+++ b/features/images/CupsTestPage.png
Binary files differ
diff --git a/features/images/EvincePrintDialog.png b/features/images/EvincePrintDialog.png
new file mode 100644
index 0000000..89584a2
--- /dev/null
+++ b/features/images/EvincePrintDialog.png
Binary files differ
diff --git a/features/images/EvincePrintOutputFile.png b/features/images/EvincePrintOutputFile.png
new file mode 100644
index 0000000..6b73d84
--- /dev/null
+++ b/features/images/EvincePrintOutputFile.png
Binary files differ
diff --git a/features/images/EvincePrintOutputFileSelected.png b/features/images/EvincePrintOutputFileSelected.png
new file mode 100644
index 0000000..fc75318
--- /dev/null
+++ b/features/images/EvincePrintOutputFileSelected.png
Binary files differ
diff --git a/features/images/EvincePrintToFile.png b/features/images/EvincePrintToFile.png
new file mode 100644
index 0000000..2175d01
--- /dev/null
+++ b/features/images/EvincePrintToFile.png
Binary files differ
diff --git a/features/images/EvinceUnableToOpen.png b/features/images/EvinceUnableToOpen.png
new file mode 100644
index 0000000..efdcff8
--- /dev/null
+++ b/features/images/EvinceUnableToOpen.png
Binary files differ
diff --git a/features/images/GnomeApplicationsAdministration.png b/features/images/GnomeApplicationsAdministration.png
new file mode 100644
index 0000000..0c7ee53
--- /dev/null
+++ b/features/images/GnomeApplicationsAdministration.png
Binary files differ
diff --git a/features/images/GnomeApplicationsConfigurePersistentVolume.png b/features/images/GnomeApplicationsConfigurePersistentVolume.png
new file mode 100644
index 0000000..25b4e06
--- /dev/null
+++ b/features/images/GnomeApplicationsConfigurePersistentVolume.png
Binary files differ
diff --git a/features/images/GnomeApplicationsDeletePersistentVolume.png b/features/images/GnomeApplicationsDeletePersistentVolume.png
new file mode 100644
index 0000000..c76c20b
--- /dev/null
+++ b/features/images/GnomeApplicationsDeletePersistentVolume.png
Binary files differ
diff --git a/features/images/GnomeApplicationsGedit.png b/features/images/GnomeApplicationsGedit.png
new file mode 100644
index 0000000..598a30f
--- /dev/null
+++ b/features/images/GnomeApplicationsGedit.png
Binary files differ
diff --git a/features/images/GnomeApplicationsI2PBrowser.png b/features/images/GnomeApplicationsI2PBrowser.png
new file mode 100644
index 0000000..3b2a58e
--- /dev/null
+++ b/features/images/GnomeApplicationsI2PBrowser.png
Binary files differ
diff --git a/features/images/GnomeApplicationsInternet.png b/features/images/GnomeApplicationsInternet.png
new file mode 100644
index 0000000..f38d8f9
--- /dev/null
+++ b/features/images/GnomeApplicationsInternet.png
Binary files differ
diff --git a/features/images/GnomeApplicationsPidgin.png b/features/images/GnomeApplicationsPidgin.png
new file mode 100644
index 0000000..72a88b5
--- /dev/null
+++ b/features/images/GnomeApplicationsPidgin.png
Binary files differ
diff --git a/features/images/GnomeApplicationsPreferences.png b/features/images/GnomeApplicationsPreferences.png
new file mode 100644
index 0000000..9209ad4
--- /dev/null
+++ b/features/images/GnomeApplicationsPreferences.png
Binary files differ
diff --git a/features/images/GnomeApplicationsSeahorse.png b/features/images/GnomeApplicationsSeahorse.png
new file mode 100644
index 0000000..f1034f5
--- /dev/null
+++ b/features/images/GnomeApplicationsSeahorse.png
Binary files differ
diff --git a/features/images/GnomeApplicationsSoundVideo.png b/features/images/GnomeApplicationsSoundVideo.png
new file mode 100644
index 0000000..23328f0
--- /dev/null
+++ b/features/images/GnomeApplicationsSoundVideo.png
Binary files differ
diff --git a/features/images/GnomeApplicationsSynaptic.png b/features/images/GnomeApplicationsSynaptic.png
new file mode 100644
index 0000000..0d20711
--- /dev/null
+++ b/features/images/GnomeApplicationsSynaptic.png
Binary files differ
diff --git a/features/images/GnomeApplicationsSystem.png b/features/images/GnomeApplicationsSystem.png
new file mode 100644
index 0000000..69b2daa
--- /dev/null
+++ b/features/images/GnomeApplicationsSystem.png
Binary files differ
diff --git a/features/images/GnomeApplicationsTails.png b/features/images/GnomeApplicationsTails.png
new file mode 100644
index 0000000..3653853
--- /dev/null
+++ b/features/images/GnomeApplicationsTails.png
Binary files differ
diff --git a/features/images/GnomeApplicationsTailsInstaller.png b/features/images/GnomeApplicationsTailsInstaller.png
new file mode 100644
index 0000000..e377214
--- /dev/null
+++ b/features/images/GnomeApplicationsTailsInstaller.png
Binary files differ
diff --git a/features/images/GnomeApplicationsTerminal.png b/features/images/GnomeApplicationsTerminal.png
new file mode 100644
index 0000000..cc89a32
--- /dev/null
+++ b/features/images/GnomeApplicationsTerminal.png
Binary files differ
diff --git a/features/images/GnomeApplicationsTorBrowser.png b/features/images/GnomeApplicationsTorBrowser.png
new file mode 100644
index 0000000..e7f0067
--- /dev/null
+++ b/features/images/GnomeApplicationsTorBrowser.png
Binary files differ
diff --git a/features/images/GnomeApplicationsTotem.png b/features/images/GnomeApplicationsTotem.png
new file mode 100644
index 0000000..5382ce0
--- /dev/null
+++ b/features/images/GnomeApplicationsTotem.png
Binary files differ
diff --git a/features/images/GnomeApplicationsUnsafeBrowser.png b/features/images/GnomeApplicationsUnsafeBrowser.png
new file mode 100644
index 0000000..c8a2117
--- /dev/null
+++ b/features/images/GnomeApplicationsUnsafeBrowser.png
Binary files differ
diff --git a/features/images/GtkFileChooserDesktopButton.png b/features/images/GtkFileChooserDesktopButton.png
new file mode 100644
index 0000000..3499919
--- /dev/null
+++ b/features/images/GtkFileChooserDesktopButton.png
Binary files differ
diff --git a/features/images/GtkFileTypeFileNameButton.png b/features/images/GtkFileTypeFileNameButton.png
new file mode 100644
index 0000000..f27b2a0
--- /dev/null
+++ b/features/images/GtkFileTypeFileNameButton.png
Binary files differ
diff --git a/features/images/I2P_router_console.png b/features/images/I2P_router_console.png
new file mode 100644
index 0000000..870ebe8
--- /dev/null
+++ b/features/images/I2P_router_console.png
Binary files differ
diff --git a/features/images/I2P_starting_notification.png b/features/images/I2P_starting_notification.png
new file mode 100644
index 0000000..d7c6396
--- /dev/null
+++ b/features/images/I2P_starting_notification.png
Binary files differ
diff --git a/features/images/PidginAccountManagerCloseButton.png b/features/images/PidginAccountManagerCloseButton.png
new file mode 100644
index 0000000..7e83488
--- /dev/null
+++ b/features/images/PidginAccountManagerCloseButton.png
Binary files differ
diff --git a/features/images/PidginAccountWindow.png b/features/images/PidginAccountWindow.png
new file mode 100644
index 0000000..df15bf6
--- /dev/null
+++ b/features/images/PidginAccountWindow.png
Binary files differ
diff --git a/features/images/PidginAccount_irc.oftc.net.png b/features/images/PidginAccount_irc.oftc.net.png
new file mode 100644
index 0000000..24095af
--- /dev/null
+++ b/features/images/PidginAccount_irc.oftc.net.png
Binary files differ
diff --git a/features/images/PidginCertificateAddButton.png b/features/images/PidginCertificateAddButton.png
new file mode 100644
index 0000000..8b6c7c2
--- /dev/null
+++ b/features/images/PidginCertificateAddButton.png
Binary files differ
diff --git a/features/images/PidginCertificateAddHostnameDialog.png b/features/images/PidginCertificateAddHostnameDialog.png
new file mode 100644
index 0000000..f02b7b9
--- /dev/null
+++ b/features/images/PidginCertificateAddHostnameDialog.png
Binary files differ
diff --git a/features/images/PidginCertificateImportFailed.png b/features/images/PidginCertificateImportFailed.png
new file mode 100644
index 0000000..8a7b8f1
--- /dev/null
+++ b/features/images/PidginCertificateImportFailed.png
Binary files differ
diff --git a/features/images/PidginCertificateManagerDialog.png b/features/images/PidginCertificateManagerDialog.png
new file mode 100644
index 0000000..72ae744
--- /dev/null
+++ b/features/images/PidginCertificateManagerDialog.png
Binary files differ
diff --git a/features/images/PidginCertificateTestItem.png b/features/images/PidginCertificateTestItem.png
new file mode 100644
index 0000000..51ceaa7
--- /dev/null
+++ b/features/images/PidginCertificateTestItem.png
Binary files differ
diff --git a/features/images/PidginCertificatesMenuItem.png b/features/images/PidginCertificatesMenuItem.png
new file mode 100644
index 0000000..0bd972f
--- /dev/null
+++ b/features/images/PidginCertificatesMenuItem.png
Binary files differ
diff --git a/features/images/PidginConnecting.png b/features/images/PidginConnecting.png
new file mode 100644
index 0000000..e768d51
--- /dev/null
+++ b/features/images/PidginConnecting.png
Binary files differ
diff --git a/features/images/PidginTailsChannelEntry.png b/features/images/PidginTailsChannelEntry.png
new file mode 100644
index 0000000..764f684
--- /dev/null
+++ b/features/images/PidginTailsChannelEntry.png
Binary files differ
diff --git a/features/images/PidginTailsChannelWelcome.png b/features/images/PidginTailsChannelWelcome.png
new file mode 100644
index 0000000..68cc71f
--- /dev/null
+++ b/features/images/PidginTailsChannelWelcome.png
Binary files differ
diff --git a/features/images/PidginTailsConversationTab.png b/features/images/PidginTailsConversationTab.png
new file mode 100644
index 0000000..155fd34
--- /dev/null
+++ b/features/images/PidginTailsConversationTab.png
Binary files differ
diff --git a/features/images/PidginToolsMenu.png b/features/images/PidginToolsMenu.png
new file mode 100644
index 0000000..55e1b3e
--- /dev/null
+++ b/features/images/PidginToolsMenu.png
Binary files differ
diff --git a/features/images/SampleLocalMp4VideoFrame.png b/features/images/SampleLocalMp4VideoFrame.png
new file mode 100644
index 0000000..0ed3ee5
--- /dev/null
+++ b/features/images/SampleLocalMp4VideoFrame.png
Binary files differ
diff --git a/features/images/SampleRemoteWebMVideoFrame.png b/features/images/SampleRemoteWebMVideoFrame.png
new file mode 100644
index 0000000..402dba6
--- /dev/null
+++ b/features/images/SampleRemoteWebMVideoFrame.png
Binary files differ
diff --git a/features/images/SynapticPolicyKitAuthPrompt.png b/features/images/SynapticPolicyKitAuthPrompt.png
new file mode 100644
index 0000000..a4bc519
--- /dev/null
+++ b/features/images/SynapticPolicyKitAuthPrompt.png
Binary files differ
diff --git a/features/images/TailsBootSplashTabMsgPostReset.png b/features/images/TailsBootSplashTabMsgPostReset.png
new file mode 100644
index 0000000..cad57b3
--- /dev/null
+++ b/features/images/TailsBootSplashTabMsgPostReset.png
Binary files differ
diff --git a/features/images/TailsBootSplashTabMsgUEFI.png b/features/images/TailsBootSplashTabMsgUEFI.png
new file mode 100644
index 0000000..ee4e9da
--- /dev/null
+++ b/features/images/TailsBootSplashTabMsgUEFI.png
Binary files differ
diff --git a/features/images/TailsBootSplashUEFI.png b/features/images/TailsBootSplashUEFI.png
new file mode 100644
index 0000000..4c0015b
--- /dev/null
+++ b/features/images/TailsBootSplashUEFI.png
Binary files differ
diff --git a/features/images/TorBrowserAddressBar.png b/features/images/TorBrowserAddressBar.png
new file mode 100644
index 0000000..eb6da2e
--- /dev/null
+++ b/features/images/TorBrowserAddressBar.png
Binary files differ
diff --git a/features/images/TorBrowserBookmarkPrompt.png b/features/images/TorBrowserBookmarkPrompt.png
new file mode 100644
index 0000000..ea09887
--- /dev/null
+++ b/features/images/TorBrowserBookmarkPrompt.png
Binary files differ
diff --git a/features/images/TorBrowserEFFBookmark.png b/features/images/TorBrowserEFFBookmark.png
new file mode 100644
index 0000000..176c075
--- /dev/null
+++ b/features/images/TorBrowserEFFBookmark.png
Binary files differ
diff --git a/features/images/TorBrowserNewTabButton.png b/features/images/TorBrowserNewTabButton.png
new file mode 100644
index 0000000..f11cb2d
--- /dev/null
+++ b/features/images/TorBrowserNewTabButton.png
Binary files differ
diff --git a/features/images/IceweaselNoPlugins.png b/features/images/TorBrowserNoPlugins.png
index 4bad5f9..4bad5f9 100644
--- a/features/images/IceweaselNoPlugins.png
+++ b/features/images/TorBrowserNoPlugins.png
Binary files differ
diff --git a/features/images/TorBrowserOffline.png b/features/images/TorBrowserOffline.png
new file mode 100644
index 0000000..04b87dd
--- /dev/null
+++ b/features/images/TorBrowserOffline.png
Binary files differ
diff --git a/features/images/TorBrowserOfflinePrompt.png b/features/images/TorBrowserOfflinePrompt.png
new file mode 100644
index 0000000..2967492
--- /dev/null
+++ b/features/images/TorBrowserOfflinePrompt.png
Binary files differ
diff --git a/features/images/TorBrowserOfflinePromptStart.png b/features/images/TorBrowserOfflinePromptStart.png
new file mode 100644
index 0000000..1a6f4bd
--- /dev/null
+++ b/features/images/TorBrowserOfflinePromptStart.png
Binary files differ
diff --git a/features/images/TorBrowserStartupPage.png b/features/images/TorBrowserStartupPage.png
new file mode 100644
index 0000000..bd9b948
--- /dev/null
+++ b/features/images/TorBrowserStartupPage.png
Binary files differ
diff --git a/features/images/IceweaselTorCheck.png b/features/images/TorBrowserTorCheck.png
index 0ed51a8..0ed51a8 100644
--- a/features/images/IceweaselTorCheck.png
+++ b/features/images/TorBrowserTorCheck.png
Binary files differ
diff --git a/features/images/IceweaselWindow.png b/features/images/TorBrowserWindow.png
index c1f4661..c1f4661 100644
--- a/features/images/IceweaselWindow.png
+++ b/features/images/TorBrowserWindow.png
Binary files differ
diff --git a/features/images/TotemMainWindow.png b/features/images/TotemMainWindow.png
new file mode 100644
index 0000000..23af721
--- /dev/null
+++ b/features/images/TotemMainWindow.png
Binary files differ
diff --git a/features/images/TotemOpenUrlDialog.png b/features/images/TotemOpenUrlDialog.png
new file mode 100644
index 0000000..6d17866
--- /dev/null
+++ b/features/images/TotemOpenUrlDialog.png
Binary files differ
diff --git a/features/images/TotemUnableToOpen.png b/features/images/TotemUnableToOpen.png
new file mode 100644
index 0000000..8ec7fbf
--- /dev/null
+++ b/features/images/TotemUnableToOpen.png
Binary files differ
diff --git a/features/images/TrueCryptRemovalWarning.png b/features/images/TrueCryptRemovalWarning.png
index 6794f4d..838f846 100644
--- a/features/images/TrueCryptRemovalWarning.png
+++ b/features/images/TrueCryptRemovalWarning.png
Binary files differ
diff --git a/features/images/UnsafeBrowserEditMenu.png b/features/images/UnsafeBrowserEditMenu.png
new file mode 100644
index 0000000..0186481
--- /dev/null
+++ b/features/images/UnsafeBrowserEditMenu.png
Binary files differ
diff --git a/features/images/UnsafeBrowserEditPreferences.png b/features/images/UnsafeBrowserEditPreferences.png
new file mode 100644
index 0000000..04f4e18
--- /dev/null
+++ b/features/images/UnsafeBrowserEditPreferences.png
Binary files differ
diff --git a/features/images/UnsafeBrowserPreferencesMenuItem.png b/features/images/UnsafeBrowserPreferencesMenuItem.png
new file mode 100644
index 0000000..405351a
--- /dev/null
+++ b/features/images/UnsafeBrowserPreferencesMenuItem.png
Binary files differ
diff --git a/features/images/UnsafeBrowserPreferences.png b/features/images/UnsafeBrowserPreferencesWindow.png
index 2078ca9..2078ca9 100644
--- a/features/images/UnsafeBrowserPreferences.png
+++ b/features/images/UnsafeBrowserPreferencesWindow.png
Binary files differ
diff --git a/features/images/UnsafeBrowserRedTheme.png b/features/images/UnsafeBrowserRedTheme.png
index f2da1a0..d48e43b 100644
--- a/features/images/UnsafeBrowserRedTheme.png
+++ b/features/images/UnsafeBrowserRedTheme.png
Binary files differ
diff --git a/features/images/WindowsApplicationsInternet.png b/features/images/WindowsApplicationsInternet.png
new file mode 100644
index 0000000..55f0e0a
--- /dev/null
+++ b/features/images/WindowsApplicationsInternet.png
Binary files differ
diff --git a/features/images/WindowsApplicationsTorBrowser.png b/features/images/WindowsApplicationsTorBrowser.png
new file mode 100644
index 0000000..ffe485d
--- /dev/null
+++ b/features/images/WindowsApplicationsTorBrowser.png
Binary files differ
diff --git a/features/images/WindowsIceweaselTaskBar.png b/features/images/WindowsTorBrowserTaskBar.png
index aa93959..aa93959 100644
--- a/features/images/WindowsIceweaselTaskBar.png
+++ b/features/images/WindowsTorBrowserTaskBar.png
Binary files differ
diff --git a/features/images/WindowsIceweaselWindow.png b/features/images/WindowsTorBrowserWindow.png
index 51e1371..51e1371 100644
--- a/features/images/WindowsIceweaselWindow.png
+++ b/features/images/WindowsTorBrowserWindow.png
Binary files differ
diff --git a/features/pidgin.feature b/features/pidgin.feature
new file mode 100644
index 0000000..51d4a77
--- /dev/null
+++ b/features/pidgin.feature
@@ -0,0 +1,71 @@
+@product
+Feature: Chatting anonymously using Pidgin
+ As a Tails user
+ when I chat using Pidgin
+ I should be able to use OTR
+ And I should be able to persist my Pidgin configuration
+ And AppArmor should prevent Pidgin from doing dangerous things
+ And all Internet traffic should flow only through Tor
+
+ Background:
+ Given a computer
+ And I capture all network traffic
+ When I start Tails from DVD and I login
+ Then Pidgin has the expected accounts configured with random nicknames
+ And I save the state so the background can be restored next scenario
+
+ Scenario: Connecting to the #tails IRC channel with the pre-configured account
+ When I start Pidgin through the GNOME menu
+ Then I see Pidgin's account manager window
+ When I activate the "irc.oftc.net" Pidgin account
+ And I close Pidgin's account manager window
+ Then Pidgin successfully connects to the "irc.oftc.net" account
+ And I can join the "#tails" channel on "irc.oftc.net"
+ And all Internet traffic has only flowed through Tor
+
+ Scenario: Adding a certificate to Pidgin
+ And I start Pidgin through the GNOME menu
+ And I see Pidgin's account manager window
+ And I close Pidgin's account manager window
+ Then I can add a certificate from the "/home/amnesia" directory to Pidgin
+
+ Scenario: Failing to add a certificate to Pidgin
+ And I start Pidgin through the GNOME menu
+ And I see Pidgin's account manager window
+ And I close Pidgin's account manager window
+ Then I cannot add a certificate from the "/home/amnesia/.gnupg" directory to Pidgin
+
+ @keep_volumes
+ Scenario: Using a persistent Pidgin configuration
+ Given the USB drive "current" contains Tails with persistence configured and password "asdf"
+ And a computer
+ And I start Tails from USB drive "current" and I login with persistence password "asdf"
+ When I start Pidgin through the GNOME menu
+ Then I see Pidgin's account manager window
+ # And I generate an OTR key for the default Pidgin account
+ And I take note of the configured Pidgin accounts
+ # And I take note of the OTR key for Pidgin's "irc.oftc.net" account
+ And I shutdown Tails and wait for the computer to power off
+ Given a computer
+ And I capture all network traffic
+ And I start Tails from USB drive "current" and I login with persistence password "asdf"
+ And Pidgin has the expected persistent accounts configured
+ # And Pidgin has the expected persistent OTR keys
+ When I start Pidgin through the GNOME menu
+ Then I see Pidgin's account manager window
+ When I activate the "irc.oftc.net" Pidgin account
+ And I close Pidgin's account manager window
+ Then Pidgin successfully connects to the "irc.oftc.net" account
+ And I can join the "#tails" channel on "irc.oftc.net"
+ And all Internet traffic has only flowed through Tor
+ # Exercise Pidgin AppArmor profile with persistence enabled.
+ # This should really be in dedicated scenarios, but it would be
+ # too costly to set up the virtual USB drive with persistence more
+ # than once in this feature.
+ And I cannot add a certificate from the "/home/amnesia/.gnupg" directory to Pidgin
+ When I close Pidgin's certificate import failure dialog
+ And I close Pidgin's certificate manager
+ Then I cannot add a certificate from the "/live/persistence/TailsData_unlocked/gnupg" directory to Pidgin
+ When I close Pidgin's certificate import failure dialog
+ And I close Pidgin's certificate manager
+ Then I can add a certificate from the "/home/amnesia" directory to Pidgin
diff --git a/features/step_definitions/apt.rb b/features/step_definitions/apt.rb
index 1a5421e..a549205 100644
--- a/features/step_definitions/apt.rb
+++ b/features/step_definitions/apt.rb
@@ -3,7 +3,7 @@ require 'uri'
Given /^the only hosts in APT sources are "([^"]*)"$/ do |hosts_str|
next if @skip_steps_while_restoring_background
hosts = hosts_str.split(',')
- @vm.execute("cat /etc/apt/sources.list /etc/apt/sources.list.d/*").stdout.chomp.each_line { |line|
+ @vm.file_content("/etc/apt/sources.list /etc/apt/sources.list.d/*").chomp.each_line { |line|
next if ! line.start_with? "deb"
source_host = URI(line.split[1]).host
if !hosts.include?(source_host)
@@ -69,3 +69,12 @@ Then /^I should be able to install a package using Synaptic$/ do
@screen.wait('SynapticChangesAppliedPrompt.png', 120)
step "package \"#{package}\" is installed"
end
+
+When /^I start Synaptic$/ do
+ next if @skip_steps_while_restoring_background
+ @screen.wait_and_click("GnomeApplicationsMenu.png", 10)
+ @screen.wait_and_click("GnomeApplicationsSystem.png", 10)
+ @screen.wait_and_click("GnomeApplicationsAdministration.png", 10)
+ @screen.wait_and_click("GnomeApplicationsSynaptic.png", 20)
+ deal_with_polkit_prompt('SynapticPolicyKitAuthPrompt.png', @sudo_password)
+end
diff --git a/features/step_definitions/checks.rb b/features/step_definitions/checks.rb
index b05486d..76cfe67 100644
--- a/features/step_definitions/checks.rb
+++ b/features/step_definitions/checks.rb
@@ -14,7 +14,7 @@ Then /^the shipped Tails signing key is not outdated$/ do
"--list-key #{sig_key_fingerprint}", $live_user).stdout
shipped_sig_key_info = @vm.execute("gpg --batch --list-key #{sig_key_fingerprint}",
$live_user).stdout
- assert(shipped_sig_key_info == fresh_sig_key_info,
+ assert_equal(fresh_sig_key_info, shipped_sig_key_info,
"The Tails signing key shipped inside Tails is outdated:\n" +
"Shipped key:\n" +
shipped_sig_key_info +
@@ -28,8 +28,7 @@ Then /^the live user has been setup by live\-boot$/ do
"live-boot failed its user-setup")
actual_username = @vm.execute(". /etc/live/config/username.conf; " +
"echo $LIVE_USERNAME").stdout.chomp
- assert(actual_username == $live_user,
- "The live username is '#{actual_username}', not '#{$live_user}'")
+ assert_equal($live_user, actual_username)
end
Then /^the live user is a member of only its own group and "(.*?)"$/ do |groups|
@@ -38,9 +37,9 @@ Then /^the live user is a member of only its own group and "(.*?)"$/ do |groups|
actual_groups = @vm.execute("groups #{$live_user}").stdout.chomp.sub(/^#{$live_user} : /, "").split(" ")
unexpected = actual_groups - expected_groups
missing = expected_groups - actual_groups
- assert(unexpected.size == 0,
+ assert_equal(0, unexpected.size,
"live user in unexpected groups #{unexpected}")
- assert(missing.size == 0,
+ assert_equal(0, missing.size,
"live user not in expected groups #{missing}")
end
@@ -51,10 +50,8 @@ Then /^the live user owns its home dir and it has normal permissions$/ do
"The live user's home doesn't exist or is not a directory")
owner = @vm.execute("stat -c %U:%G #{home}").stdout.chomp
perms = @vm.execute("stat -c %a #{home}").stdout.chomp
- assert(owner == "#{$live_user}:#{$live_user}",
- "The live user's home has unexpected ownership '#{owner}'")
- assert(perms == "700",
- "The live user's home has unexpected permissions '#{perms}'")
+ assert_equal("#{$live_user}:#{$live_user}", owner)
+ assert_equal("700", perms)
end
Given /^I wait between (\d+) and (\d+) seconds$/ do |min, max|
@@ -106,7 +103,7 @@ Then /^the VirtualBox guest modules are available$/ do
end
def shared_pdf_dir_on_guest
- "/tmp/shared_dir"
+ "/tmp/shared_pdf_dir"
end
Given /^I setup a filesystem share containing a sample PDF$/ do
@@ -119,8 +116,7 @@ Then /^MAT can clean some sample PDF file$/ do
for pdf_on_host in Dir.glob("#{$misc_files_dir}/*.pdf") do
pdf_name = File.basename(pdf_on_host)
pdf_on_guest = "/home/#{$live_user}/#{pdf_name}"
- @vm.execute("cp #{shared_pdf_dir_on_guest}/#{pdf_name} #{pdf_on_guest}",
- $live_user)
+ step "I copy \"#{shared_pdf_dir_on_guest}/#{pdf_name}\" to \"#{pdf_on_guest}\" as user \"#{$live_user}\""
@vm.execute("mat --display '#{pdf_on_guest}'",
$live_user).stdout
check_before = @vm.execute("mat --check '#{pdf_on_guest}'",
@@ -136,3 +132,12 @@ Then /^MAT can clean some sample PDF file$/ do
"MAT failed to clean '#{pdf_on_host}'")
end
end
+
+Then /^AppArmor is enabled$/ do
+ assert(@vm.execute("aa-status").success?, "AppArmor is not enabled")
+end
+
+Then /^some AppArmor profiles are enforced$/ do
+ assert(@vm.execute("aa-status --enforced").stdout.chomp.to_i > 0,
+ "No AppArmor profile is enforced")
+end
diff --git a/features/step_definitions/common_steps.rb b/features/step_definitions/common_steps.rb
index 8843bbd..66ccd6d 100644
--- a/features/step_definitions/common_steps.rb
+++ b/features/step_definitions/common_steps.rb
@@ -51,6 +51,7 @@ def restore_background
if @vm.has_network?
if @vm.execute("service tor status").success?
@vm.execute("service tor stop")
+ @vm.execute("rm -f /var/log/tor/log")
@vm.execute("killall vidalia")
@vm.host_to_guest_time_sync
@vm.execute("service tor start")
@@ -60,15 +61,6 @@ def restore_background
end
end
-def run_dialog_picture
- case @theme
- when "windows"
- return 'WindowsRunDialog.png'
- else
- return 'GnomeRunDialog.png'
- end
-end
-
Given /^a computer$/ do
@vm.destroy if @vm
@vm = VM.new($vm_xml_path, $x_display)
@@ -140,6 +132,58 @@ When /^I start the computer$/ do
post_vm_start_hook
end
+Given /^I start Tails from DVD(| with network unplugged) and I login$/ do |network_unplugged|
+ # we don't @skip_steps_while_restoring_background as we're only running
+ # other steps, that are taking care of it *if* they have to
+ step "the computer is set to boot from the Tails DVD"
+ if network_unplugged.empty?
+ step "the network is plugged"
+ else
+ step "the network is unplugged"
+ end
+ step "I start the computer"
+ step "the computer boots Tails"
+ step "I log in to a new session"
+ step "Tails seems to have booted normally"
+ if network_unplugged.empty?
+ step "Tor is ready"
+ step "all notifications have disappeared"
+ step "available upgrades have been checked"
+ else
+ step "all notifications have disappeared"
+ end
+end
+
+Given /^I start Tails from (.+?) drive "(.+?)"(| with network unplugged) and I login(| with(| read-only) persistence password "([^"]+)")$/ do |drive_type, drive_name, network_unplugged, persistence_on, persistence_ro, persistence_pwd|
+ # we don't @skip_steps_while_restoring_background as we're only running
+ # other steps, that are taking care of it *if* they have to
+ step "the computer is set to boot from #{drive_type} drive \"#{drive_name}\""
+ if network_unplugged.empty?
+ step "the network is plugged"
+ else
+ step "the network is unplugged"
+ end
+ step "I start the computer"
+ step "the computer boots Tails"
+ if ! persistence_on.empty?
+ assert(! persistence_pwd.empty?, "A password must be provided when enabling persistence")
+ if persistence_ro.empty?
+ step "I enable persistence with password \"#{persistence_pwd}\""
+ else
+ step "I enable read-only persistence with password \"#{persistence_pwd}\""
+ end
+ end
+ step "I log in to a new session"
+ step "Tails seems to have booted normally"
+ if network_unplugged.empty?
+ step "Tor is ready"
+ step "all notifications have disappeared"
+ step "available upgrades have been checked"
+ else
+ step "all notifications have disappeared"
+ end
+end
+
When /^I power off the computer$/ do
next if @skip_steps_while_restoring_background
assert(@vm.is_running?,
@@ -158,12 +202,32 @@ When /^I destroy the computer$/ do
@vm.destroy
end
-Given /^the computer boots Tails$/ do
+Given /^the computer (re)?boots Tails$/ do |reboot|
next if @skip_steps_while_restoring_background
- @screen.wait('TailsBootSplash.png', 30)
- @screen.wait('TailsBootSplashTabMsg.png', 10)
+
+ case @os_loader
+ when "UEFI"
+ assert(!reboot, "Testing of reboot with UEFI enabled is not implemented")
+ bootsplash = 'TailsBootSplashUEFI.png'
+ bootsplash_tab_msg = 'TailsBootSplashTabMsgUEFI.png'
+ boot_timeout = 30
+ else
+ if reboot
+ bootsplash = 'TailsBootSplashPostReset.png'
+ bootsplash_tab_msg = 'TailsBootSplashTabMsgPostReset.png'
+ boot_timeout = 120
+ else
+ bootsplash = 'TailsBootSplash.png'
+ bootsplash_tab_msg = 'TailsBootSplashTabMsg.png'
+ boot_timeout = 30
+ end
+ end
+
+ @screen.wait(bootsplash, boot_timeout)
+ @screen.wait(bootsplash_tab_msg, 10)
@screen.type(Sikuli::Key.TAB)
- @screen.waitVanish('TailsBootSplashTabMsg.png', 1)
+ @screen.waitVanish(bootsplash_tab_msg, 1)
+
@screen.type(" autotest_never_use_this_option #{@boot_options}" +
Sikuli::Key.ENTER)
@screen.wait('TailsGreeter.png', 30*60)
@@ -249,21 +313,43 @@ Given /^available upgrades have been checked$/ do
}
end
-Given /^Iceweasel has started and is not loading a web page$/ do
+Given /^the Tor Browser has started$/ do
next if @skip_steps_while_restoring_background
case @theme
when "windows"
- iceweasel_picture = "WindowsIceweaselWindow.png"
+ tor_browser_picture = "WindowsTorBrowserWindow.png"
else
- iceweasel_picture = "IceweaselWindow.png"
+ tor_browser_picture = "TorBrowserWindow.png"
end
- # Stop iceweasel to load its home page. We do this to prevent Tor
- # from getting confused in case we save and restore a snapshot in
- # the middle of loading a page.
- @screen.wait_and_click(iceweasel_picture, 120)
- @screen.type("l", Sikuli::KeyModifier.CTRL)
- @screen.type("about:blank" + Sikuli::Key.ENTER)
+ @screen.wait(tor_browser_picture, 60)
+end
+
+Given /^the Tor Browser has started and loaded the startup page$/ do
+ next if @skip_steps_while_restoring_background
+ step "the Tor Browser has started"
+ @screen.wait("TorBrowserStartupPage.png", 120)
+end
+
+Given /^the Tor Browser has started in offline mode$/ do
+ next if @skip_steps_while_restoring_background
+ @screen.wait("TorBrowserOffline.png", 60)
+end
+
+Given /^I add a bookmark to eff.org in the Tor Browser$/ do
+ next if @skip_steps_while_restoring_background
+ url = "https://www.eff.org"
+ step "I open the address \"#{url}\" in the Tor Browser"
+ @screen.wait("TorBrowserOffline.png", 5)
+ @screen.type("d", Sikuli::KeyModifier.CTRL)
+ @screen.wait("TorBrowserBookmarkPrompt.png", 10)
+ @screen.type(url + Sikuli::Key.ENTER)
+end
+
+Given /^the Tor Browser has a bookmark to eff.org$/ do
+ next if @skip_steps_while_restoring_background
+ @screen.type("b", Sikuli::KeyModifier.ALT)
+ @screen.wait("TorBrowserEFFBookmark.png", 10)
end
Given /^all notifications have disappeared$/ do
@@ -336,20 +422,6 @@ Then /^all Internet traffic has only flowed through Tor$/ do
end
end
-When /^I open the GNOME run dialog$/ do
- next if @skip_steps_while_restoring_background
- @screen.type(Sikuli::Key.F2, Sikuli::KeyModifier.ALT)
- @screen.wait(run_dialog_picture, 10)
-end
-
-When /^I run "([^"]*)"$/ do |program|
- next if @skip_steps_while_restoring_background
- step "I open the GNOME run dialog"
- @screen.type(program)
- sleep 0.5
- @screen.type(Sikuli::Key.ENTER)
-end
-
Given /^I enter the sudo password in the gksu prompt$/ do
next if @skip_steps_while_restoring_background
@screen.wait('GksuAuthPrompt.png', 60)
@@ -359,18 +431,22 @@ Given /^I enter the sudo password in the gksu prompt$/ do
@screen.waitVanish('GksuAuthPrompt.png', 10)
end
-Given /^I enter the sudo password in the PolicyKit prompt$/ do
+Given /^I enter the sudo password in the pkexec prompt$/ do
next if @skip_steps_while_restoring_background
- step "I enter the \"#{@sudo_password}\" password in the PolicyKit prompt"
+ step "I enter the \"#{@sudo_password}\" password in the pkexec prompt"
end
-Given /^I enter the "([^"]*)" password in the PolicyKit prompt$/ do |password|
- next if @skip_steps_while_restoring_background
- @screen.wait('PolicyKitAuthPrompt.png', 60)
+def deal_with_polkit_prompt (image, password)
+ @screen.wait(image, 60)
sleep 1 # wait for weird fade-in to unblock the "Ok" button
@screen.type(password)
@screen.type(Sikuli::Key.ENTER)
- @screen.waitVanish('PolicyKitAuthPrompt.png', 10)
+ @screen.waitVanish(image, 10)
+end
+
+Given /^I enter the "([^"]*)" password in the pkexec prompt$/ do |password|
+ next if @skip_steps_while_restoring_background
+ deal_with_polkit_prompt('PolicyKitAuthPrompt.png', password)
end
Given /^process "([^"]+)" is running$/ do |process|
@@ -430,6 +506,11 @@ When /^I request a shutdown using the emergency shutdown applet$/ do
@screen.wait_and_click('TailsEmergencyShutdownHalt.png', 10)
end
+When /^I warm reboot the computer$/ do
+ next if @skip_steps_while_restoring_background
+ @vm.execute("reboot")
+end
+
When /^I request a reboot using the emergency shutdown applet$/ do
next if @skip_steps_while_restoring_background
@screen.hide_cursor
@@ -443,3 +524,164 @@ Given /^package "([^"]+)" is installed$/ do |package|
assert(@vm.execute("dpkg -s '#{package}' 2>/dev/null | grep -qs '^Status:.*installed$'").success?,
"Package '#{package}' is not installed")
end
+
+When /^I start the Tor Browser$/ do
+ next if @skip_steps_while_restoring_background
+ case @theme
+ when "windows"
+ step 'I click the start menu'
+ @screen.wait_and_click("WindowsApplicationsInternet.png", 10)
+ @screen.wait_and_click("WindowsApplicationsTorBrowser.png", 10)
+ else
+ @screen.wait_and_click("GnomeApplicationsMenu.png", 10)
+ @screen.wait_and_click("GnomeApplicationsInternet.png", 10)
+ @screen.wait_and_click("GnomeApplicationsTorBrowser.png", 10)
+ end
+end
+
+When /^I start the Tor Browser in offline mode$/ do
+ next if @skip_steps_while_restoring_background
+ step "I start the Tor Browser"
+ case @theme
+ when "windows"
+ @screen.wait_and_click("WindowsTorBrowserOfflinePrompt.png", 10)
+ @screen.click("WindowsTorBrowserOfflinePromptStart.png")
+ else
+ @screen.wait_and_click("TorBrowserOfflinePrompt.png", 10)
+ @screen.click("TorBrowserOfflinePromptStart.png")
+ end
+end
+
+def xul_app_shared_lib_check(pid, chroot)
+ expected_absent_tbb_libs = ['libnssdbm3.so']
+ absent_tbb_libs = []
+ unwanted_native_libs = []
+ tbb_libs = @vm.execute_successfully(
+ ". /usr/local/lib/tails-shell-library/tor-browser.sh; " +
+ "ls -1 #{chroot}${TBB_INSTALL}/*.so"
+ ).stdout.split
+ firefox_pmap_info = @vm.execute("pmap #{pid}").stdout
+ for lib in tbb_libs do
+ lib_name = File.basename lib
+ if not /\W#{lib}$/.match firefox_pmap_info
+ absent_tbb_libs << lib_name
+ end
+ native_libs = @vm.execute_successfully(
+ "find /usr/lib /lib -name \"#{lib_name}\""
+ ).stdout.split
+ for native_lib in native_libs do
+ if /\W#{native_lib}$"/.match firefox_pmap_info
+ unwanted_native_libs << lib_name
+ end
+ end
+ end
+ absent_tbb_libs -= expected_absent_tbb_libs
+ assert(absent_tbb_libs.empty? && unwanted_native_libs.empty?,
+ "The loaded shared libraries for the firefox process are not the " +
+ "way we expect them.\n" +
+ "Expected TBB libs that are absent: #{absent_tbb_libs}\n" +
+ "Native libs that we don't want: #{unwanted_native_libs}")
+end
+
+Then /^(.*) uses all expected TBB shared libraries$/ do |application|
+ next if @skip_steps_while_restoring_background
+ binary = @vm.execute_successfully(
+ '. /usr/local/lib/tails-shell-library/tor-browser.sh; ' +
+ 'echo ${TBB_INSTALL}/firefox'
+ ).stdout.chomp
+ case application
+ when "the Tor Browser"
+ user = $live_user
+ cmd_regex = "#{binary} .* -profile /home/#{user}/\.tor-browser/profile\.default"
+ chroot = ""
+ when "the Unsafe Browser"
+ user = "clearnet"
+ cmd_regex = "#{binary} .* -profile /home/#{user}/\.tor-browser/profile\.default"
+ chroot = "/var/lib/unsafe-browser/chroot"
+ when "Tor Launcher"
+ user = "tor-launcher"
+ cmd_regex = "#{binary} -app /home/#{user}/\.tor-launcher/tor-launcher-standalone/application\.ini"
+ chroot = ""
+ else
+ raise "Invalid browser or XUL application: #{application}"
+ end
+ pid = @vm.execute_successfully("pgrep --uid #{user} --full --exact '#{cmd_regex}'").stdout.chomp
+ assert(/\A\d+\z/.match(pid), "It seems like #{application} is not running")
+ xul_app_shared_lib_check(pid, chroot)
+end
+
+Given /^I add a wired DHCP NetworkManager connection called "([^"]+)"$/ do |con_name|
+ next if @skip_steps_while_restoring_background
+ con_content = <<EOF
+[802-3-ethernet]
+duplex=full
+
+[connection]
+id=#{con_name}
+uuid=bbc60668-1be0-11e4-a9c6-2f1ce0e75bf1
+type=802-3-ethernet
+timestamp=1395406011
+
+[ipv6]
+method=auto
+
+[ipv4]
+method=auto
+EOF
+ con_content.split("\n").each do |line|
+ @vm.execute("echo '#{line}' >> /tmp/NM.#{con_name}")
+ end
+ @vm.execute("install -m 0600 '/tmp/NM.#{con_name}' '/etc/NetworkManager/system-connections/#{con_name}'")
+ try_for(10) {
+ nm_con_list = @vm.execute("nmcli --terse --fields NAME con list").stdout
+ nm_con_list.split("\n").include? "#{con_name}"
+ }
+end
+
+Given /^I switch to the "([^"]+)" NetworkManager connection$/ do |con_name|
+ next if @skip_steps_while_restoring_background
+ @vm.execute("nmcli con up id #{con_name}")
+ try_for(60) {
+ @vm.execute("nmcli --terse --fields NAME,STATE con status").stdout.chomp == "#{con_name}:activated"
+ }
+end
+
+When /^I start and focus GNOME Terminal$/ do
+ next if @skip_steps_while_restoring_background
+ @screen.wait_and_click("GnomeApplicationsMenu.png", 10)
+ @screen.wait_and_click("GnomeApplicationsAccessories.png", 10)
+ @screen.wait_and_click("GnomeApplicationsTerminal.png", 20)
+ @screen.wait_and_click('GnomeTerminalWindow.png', 20)
+end
+
+When /^I run "([^"]+)" in GNOME Terminal$/ do |command|
+ next if @skip_steps_while_restoring_background
+ step "I start and focus GNOME Terminal"
+ @screen.type(command + Sikuli::Key.ENTER)
+end
+
+When /^the file "([^"]+)" exists$/ do |file|
+ next if @skip_steps_while_restoring_background
+ assert(@vm.file_exist?(file))
+end
+
+When /^I copy "([^"]+)" to "([^"]+)" as user "([^"]+)"$/ do |source, destination, user|
+ next if @skip_steps_while_restoring_background
+ c = @vm.execute("cp \"#{source}\" \"#{destination}\"", $live_user)
+ assert(c.success?, "Failed to copy file:\n#{c.stdout}\n#{c.stderr}")
+end
+
+Given /^the USB drive "([^"]+)" contains Tails with persistence configured and password "([^"]+)"$/ do |drive, password|
+ step "a computer"
+ step "I start Tails from DVD with network unplugged and I login"
+ step "I create a new 4 GiB USB drive named \"#{drive}\""
+ step "I plug USB drive \"#{drive}\""
+ step "I \"Clone & Install\" Tails to USB drive \"#{drive}\""
+ step "there is no persistence partition on USB drive \"#{drive}\""
+ step "I shutdown Tails and wait for the computer to power off"
+ step "a computer"
+ step "I start Tails from USB drive \"#{drive}\" with network unplugged and I login"
+ step "I create a persistent partition with password \"#{password}\""
+ step "a Tails persistence partition with password \"#{password}\" exists on USB drive \"#{drive}\""
+ step "I shutdown Tails and wait for the computer to power off"
+end
diff --git a/features/step_definitions/dhcp.rb b/features/step_definitions/dhcp.rb
new file mode 100644
index 0000000..78ee8f2
--- /dev/null
+++ b/features/step_definitions/dhcp.rb
@@ -0,0 +1,20 @@
+Then /^the hostname should not have been leaked on the network$/ do
+ next if @skip_steps_while_restoring_background
+ hostname = @vm.execute("hostname").stdout.chomp
+ packets = PacketFu::PcapFile.new.file_to_array(:filename => @sniffer.pcap_file)
+ packets.each do |p|
+ # if PacketFu::TCPPacket.can_parse?(p)
+ # ipv4_tcp_packets << PacketFu::TCPPacket.parse(p)
+ if PacketFu::IPPacket.can_parse?(p)
+ payload = PacketFu::IPPacket.parse(p).payload
+ elsif PacketFu::IPv6Packet.can_parse?(p)
+ payload = PacketFu::IPv6Packet.parse(p).payload
+ else
+ save_pcap_file
+ raise "Found something in the pcap file that either is non-IP, or cannot be parsed"
+ end
+ if payload.match(hostname)
+ raise "Hostname leak detected"
+ end
+ end
+end
diff --git a/features/step_definitions/encryption.rb b/features/step_definitions/encryption.rb
index d1310d9..404890a 100644
--- a/features/step_definitions/encryption.rb
+++ b/features/step_definitions/encryption.rb
@@ -23,7 +23,9 @@ end
When /^I type a message into gedit$/ do
next if @skip_steps_while_restoring_background
- step 'I run "gedit"'
+ @screen.wait_and_click("GnomeApplicationsMenu.png", 10)
+ @screen.wait_and_click("GnomeApplicationsAccessories.png", 10)
+ @screen.wait_and_click("GnomeApplicationsGedit.png", 20)
@screen.wait_and_click("GeditWindow.png", 10)
sleep 0.5
@screen.type("ATTACK AT DAWN")
diff --git a/features/step_definitions/erase_memory.rb b/features/step_definitions/erase_memory.rb
index 41666fb..171f997 100644
--- a/features/step_definitions/erase_memory.rb
+++ b/features/step_definitions/erase_memory.rb
@@ -24,15 +24,13 @@ end
Given /^the PAE kernel is running$/ do
next if @skip_steps_while_restoring_background
kernel = which_kernel
- assert(kernel == "vmlinuz2",
- "Kernel #{kernel} is running, expected 'vmlinuz2' (PAE)")
+ assert_equal("vmlinuz2", kernel)
end
Given /^the non-PAE kernel is running$/ do
next if @skip_steps_while_restoring_background
kernel = which_kernel
- assert(kernel == "vmlinuz",
- "Kernel #{kernel} is running, expected 'vmlinuz' (non-PAE)")
+ assert_equal("vmlinuz", kernel)
end
def used_ram_in_MiB
diff --git a/features/step_definitions/evince.rb b/features/step_definitions/evince.rb
new file mode 100644
index 0000000..d9bb42c
--- /dev/null
+++ b/features/step_definitions/evince.rb
@@ -0,0 +1,20 @@
+When /^I(?:| try to) open "([^"]+)" with Evince$/ do |filename|
+ next if @skip_steps_while_restoring_background
+ step "I run \"evince #{filename}\" in GNOME Terminal"
+end
+
+Then /^I can print the current document to "([^"]+)"$/ do |output_file|
+ next if @skip_steps_while_restoring_background
+ @screen.type("p", Sikuli::KeyModifier.CTRL)
+ @screen.wait("EvincePrintDialog.png", 10)
+ @screen.wait_and_click("EvincePrintToFile.png", 10)
+ @screen.wait_and_double_click("EvincePrintOutputFile.png", 10)
+ @screen.hide_cursor
+ @screen.wait("EvincePrintOutputFileSelected.png", 10)
+ # Only the file's basename is selected by double-clicking,
+ # so we type only the desired file's basename to replace it
+ @screen.type(output_file.sub(/[.]pdf$/, '') + Sikuli::Key.ENTER)
+ try_for(10, :msg => "The document was not printed to #{output_file}") {
+ @vm.file_exist?(output_file)
+ }
+end
diff --git a/features/step_definitions/i2p.rb b/features/step_definitions/i2p.rb
new file mode 100644
index 0000000..0b8a8d3
--- /dev/null
+++ b/features/step_definitions/i2p.rb
@@ -0,0 +1,60 @@
+Given /^I2P is running$/ do
+ next if @skip_steps_while_restoring_background
+ try_for(30) do
+ @vm.execute('service i2p status').success?
+ end
+end
+
+Given /^the I2P router console is ready$/ do
+ next if @skip_steps_while_restoring_background
+ try_for(60) do
+ @vm.execute('. /usr/local/lib/tails-shell-library/i2p.sh; ' +
+ 'i2p_router_console_is_ready').success?
+ end
+end
+
+When /^I start the I2P Browser through the GNOME menu$/ do
+ next if @skip_steps_while_restoring_background
+ @screen.wait_and_click("GnomeApplicationsMenu.png", 10)
+ @screen.wait_and_click("GnomeApplicationsInternet.png", 10)
+ @screen.wait_and_click("GnomeApplicationsI2PBrowser.png", 20)
+end
+
+Then /^the I2P Browser desktop file is (|not )present$/ do |mode|
+ next if @skip_steps_while_restoring_background
+ file = '/usr/share/applications/i2p-browser.desktop'
+ if mode == ''
+ assert(@vm.execute("test -e #{file}").success?)
+ elsif mode == 'not '
+ assert(@vm.execute("! test -e #{file}").success?)
+ else
+ raise "Unsupported mode passed: '#{mode}'"
+ end
+end
+
+Then /^the I2P Browser sudo rules are (enabled|not present)$/ do |mode|
+ next if @skip_steps_while_restoring_background
+ file = '/etc/sudoers.d/zzz_i2pbrowser'
+ if mode == 'enabled'
+ assert(@vm.execute("test -e #{file}").success?)
+ elsif mode == 'not present'
+ assert(@vm.execute("! test -e #{file}").success?)
+ else
+ raise "Unsupported mode passed: '#{mode}'"
+ end
+end
+
+Then /^the I2P firewall rules are (enabled|disabled)$/ do |mode|
+ next if @skip_steps_while_restoring_background
+ i2p_username = 'i2psvc'
+ i2p_uid = @vm.execute("getent passwd #{i2p_username} | awk -F ':' '{print $3}'").stdout.chomp
+ accept_rules = @vm.execute("iptables -L -n -v | grep -E '^\s+[0-9]+\s+[0-9]+\s+ACCEPT.*owner UID match #{i2p_uid}$'").stdout
+ accept_rules_count = accept_rules.lines.count
+ if mode == 'enabled'
+ assert_equal(13, accept_rules_count)
+ elsif mode == 'disabled'
+ assert_equal(0, accept_rules_count)
+ else
+ raise "Unsupported mode passed: '#{mode}'"
+ end
+end
diff --git a/features/step_definitions/pidgin.rb b/features/step_definitions/pidgin.rb
new file mode 100644
index 0000000..23b48e2
--- /dev/null
+++ b/features/step_definitions/pidgin.rb
@@ -0,0 +1,188 @@
+def configured_pidgin_accounts
+ accounts = []
+ xml = REXML::Document.new(@vm.file_content('$HOME/.purple/accounts.xml',
+ $live_user))
+ xml.elements.each("account/account") do |e|
+ account = e.elements["name"].text
+ account_name, network = account.split("@")
+ protocol = e.elements["protocol"].text
+ port = e.elements["settings/setting[@name='port']"].text
+ nickname = e.elements["settings/setting[@name='username']"].text
+ real_name = e.elements["settings/setting[@name='realname']"].text
+ accounts.push({
+ 'name' => account_name,
+ 'network' => network,
+ 'protocol' => protocol,
+ 'port' => port,
+ 'nickname' => nickname,
+ 'real_name' => real_name,
+ })
+ end
+
+ return accounts
+end
+
+def chan_image (account, channel, image)
+ images = {
+ 'irc.oftc.net' => {
+ '#tails' => {
+ 'roaster' => 'PidginTailsChannelEntry',
+ 'conversation_tab' => 'PidginTailsConversationTab',
+ 'welcome' => 'PidginTailsChannelWelcome',
+ }
+ }
+ }
+ return images[account][channel][image] + ".png"
+end
+
+def default_chan (account)
+ chans = {
+ 'irc.oftc.net' => '#tails',
+ }
+ return chans[account]
+end
+
+def pidgin_otr_keys
+ return @vm.file_content('$HOME/.purple/otr.private_key', $live_user)
+end
+
+Given /^Pidgin has the expected accounts configured with random nicknames$/ do
+ next if @skip_steps_while_restoring_background
+ expected = [
+ ["irc.oftc.net", "prpl-irc", "6697"],
+ ["127.0.0.1", "prpl-irc", "6668"],
+ ]
+ configured_pidgin_accounts.each() do |account|
+ assert(account['nickname'] != "XXX_NICK_XXX", "Nickname was no randomised")
+ assert_equal(account['nickname'], account['real_name'],
+ "Nickname and real name are not identical: " +
+ account['nickname'] + " vs. " + account['real_name'])
+ assert_equal(account['name'], account['nickname'],
+ "Account name and nickname are not identical: " +
+ account['name'] + " vs. " + account['nickname'])
+ candidate = [account['network'], account['protocol'], account['port']]
+ assert(expected.include?(candidate), "Unexpected account: #{candidate}")
+ expected.delete(candidate)
+ end
+ assert(expected.empty?, "These Pidgin accounts are not configured: " +
+ "#{expected}")
+end
+
+When /^I start Pidgin through the GNOME menu$/ do
+ next if @skip_steps_while_restoring_background
+ @screen.wait_and_click("GnomeApplicationsMenu.png", 10)
+ @screen.wait_and_click("GnomeApplicationsInternet.png", 10)
+ @screen.wait_and_click("GnomeApplicationsPidgin.png", 20)
+end
+
+When /^I open Pidgin's account manager window$/ do
+ next if @skip_steps_while_restoring_background
+ @screen.type("a", Sikuli::KeyModifier.CTRL) # shortcut for "manage accounts"
+ step "I see Pidgin's account manager window"
+end
+
+When /^I see Pidgin's account manager window$/ do
+ next if @skip_steps_while_restoring_background
+ @screen.wait("PidginAccountWindow.png", 20)
+end
+
+When /^I close Pidgin's account manager window$/ do
+ next if @skip_steps_while_restoring_background
+ @screen.wait_and_click("PidginAccountManagerCloseButton.png", 10)
+end
+
+When /^I activate the "([^"]+)" Pidgin account$/ do |account|
+ next if @skip_steps_while_restoring_background
+ @screen.click("PidginAccount_#{account}.png")
+ @screen.type(Sikuli::Key.LEFT + Sikuli::Key.SPACE)
+ # wait for the Pidgin to be connecting, otherwise sometimes the step
+ # that closes the account management dialog happens before the account
+ # is actually enabled
+ @screen.wait("PidginConnecting.png", 5)
+end
+
+Then /^Pidgin successfully connects to the "([^"]+)" account$/ do |account|
+ next if @skip_steps_while_restoring_background
+ expected_channel_entry = chan_image(account, default_chan(account), 'roaster')
+ @screen.wait(expected_channel_entry, 60)
+end
+
+Then /^I can join the "([^"]+)" channel on "([^"]+)"$/ do |channel, account|
+ next if @skip_steps_while_restoring_background
+ @screen.doubleClick( chan_image(account, channel, 'roaster'))
+ @screen.wait_and_click(chan_image(account, channel, 'conversation_tab'), 10)
+ @screen.wait( chan_image(account, channel, 'welcome'), 10)
+end
+
+Then /^I take note of the configured Pidgin accounts$/ do
+ next if @skip_steps_while_restoring_background
+ @persistent_pidgin_accounts = configured_pidgin_accounts
+end
+
+Then /^I take note of the OTR key for Pidgin's "([^"]+)" account$/ do |account_name|
+ next if @skip_steps_while_restoring_background
+ @persistent_pidgin_otr_keys = pidgin_otr_keys
+end
+
+Then /^Pidgin has the expected persistent accounts configured$/ do
+ next if @skip_steps_while_restoring_background
+ current_accounts = configured_pidgin_accounts
+ assert(current_accounts <=> @persistent_pidgin_accounts,
+ "Currently configured Pidgin accounts do not match the persistent ones:\n" +
+ "Current:\n#{current_accounts}\n" +
+ "Persistent:\n#{@persistent_pidgin_accounts}"
+ )
+end
+
+Then /^Pidgin has the expected persistent OTR keys$/ do
+ next if @skip_steps_while_restoring_background
+ assert_equal(pidgin_otr_keys, @persistent_pidgin_otr_keys)
+end
+
+def pidgin_add_certificate_from (cert_file)
+ # Here, we need a certificate that is not already in the NSS database
+ step "I copy \"/usr/share/ca-certificates/spi-inc.org/spi-cacert-2008.crt\" to \"#{cert_file}\" as user \"amnesia\""
+
+ @screen.wait_and_click('PidginToolsMenu.png', 10)
+ @screen.wait_and_click('PidginCertificatesMenuItem.png', 10)
+ @screen.wait('PidginCertificateManagerDialog.png', 10)
+ @screen.wait_and_click('PidginCertificateAddButton.png', 10)
+ begin
+ @screen.wait_and_click('GtkFileChooserDesktopButton.png', 10)
+ rescue FindFailed
+ # The first time we're run, the file chooser opens in the Recent
+ # view, so we have to browse a directory before we can use the
+ # "Type file name" button. But on subsequent runs, the file
+ # chooser is already in the Desktop directory, so we don't need to
+ # do anything. Hence, this noop exception handler.
+ end
+ @screen.wait_and_click('GtkFileTypeFileNameButton.png', 10)
+ @screen.type("l", Sikuli::KeyModifier.ALT) # "Location" field
+ @screen.type(cert_file + Sikuli::Key.ENTER)
+end
+
+Then /^I can add a certificate from the "([^"]+)" directory to Pidgin$/ do |cert_dir|
+ next if @skip_steps_while_restoring_background
+ pidgin_add_certificate_from("#{cert_dir}/test.crt")
+ @screen.wait('PidginCertificateAddHostnameDialog.png', 10)
+ @screen.type("XXX test XXX" + Sikuli::Key.ENTER)
+ @screen.wait('PidginCertificateTestItem.png', 10)
+end
+
+Then /^I cannot add a certificate from the "([^"]+)" directory to Pidgin$/ do |cert_dir|
+ next if @skip_steps_while_restoring_background
+ pidgin_add_certificate_from("#{cert_dir}/test.crt")
+ @screen.wait('PidginCertificateImportFailed.png', 10)
+end
+
+When /^I close Pidgin's certificate manager$/ do
+ @screen.type(Sikuli::Key.ESC)
+ # @screen.wait_and_click('PidginCertificateManagerClose.png', 10)
+ @screen.waitVanish('PidginCertificateManagerDialog.png', 10)
+end
+
+When /^I close Pidgin's certificate import failure dialog$/ do
+ @screen.type(Sikuli::Key.ESC)
+ # @screen.wait_and_click('PidginCertificateManagerClose.png', 10)
+ @screen.waitVanish('PidginCertificateImportFailed.png', 10)
+end
diff --git a/features/step_definitions/root_access_control.rb b/features/step_definitions/root_access_control.rb
index 0a4788c..aaebb0d 100644
--- a/features/step_definitions/root_access_control.rb
+++ b/features/step_definitions/root_access_control.rb
@@ -1,8 +1,8 @@
Then /^I should be able to run administration commands as the live user$/ do
next if @skip_steps_while_restoring_background
stdout = @vm.execute("echo #{@sudo_password} | sudo -S whoami", $live_user).stdout
- assert(stdout.sub(/^\[sudo\] password for #{$live_user}: /, "") == "root\n",
- "Could not use sudo")
+ actual_user = stdout.sub(/^\[sudo\] password for #{$live_user}: /, "").chomp
+ assert_equal("root", actual_user, "Could not use sudo")
end
Then /^I should not be able to run administration commands as the live user with the "([^"]*)" password$/ do |password|
@@ -26,10 +26,8 @@ end
Then /^I should be able to run a command as root with pkexec$/ do
next if @skip_steps_while_restoring_background
- step 'I run "gnome-terminal"'
- @screen.wait_and_click('GnomeTerminalWindow.png', 20)
- @screen.type('pkexec touch /root/pkexec-test' + Sikuli::Key.ENTER)
- step 'I enter the sudo password in the PolicyKit prompt'
+ step "I run \"pkexec touch /root/pkexec-test\" in GNOME Terminal"
+ step 'I enter the sudo password in the pkexec prompt'
try_for(10, :msg => 'The /root/pkexec-test file was not created.') {
@vm.execute('ls /root/pkexec-test').success?
}
@@ -37,13 +35,11 @@ end
Then /^I should not be able to run a command as root with pkexec and the standard passwords$/ do
next if @skip_steps_while_restoring_background
- step 'I run "gnome-terminal"'
- @screen.wait_and_click('GnomeTerminalWindow.png', 20)
- @screen.type('pkexec touch /root/pkexec-test' + Sikuli::Key.ENTER)
+ step "I run \"pkexec touch /root/pkexec-test\" in GNOME Terminal"
['', 'live'].each do |password|
- step "I enter the \"#{password}\" password in the PolicyKit prompt"
+ step "I enter the \"#{password}\" password in the pkexec prompt"
@screen.wait('PolicyKitAuthFailure.png', 20)
end
- step "I enter the \"amnesia\" password in the PolicyKit prompt"
+ step "I enter the \"amnesia\" password in the pkexec prompt"
@screen.wait('PolicyKitAuthCompleteFailure.png', 20)
end
diff --git a/features/step_definitions/torified_browsing.rb b/features/step_definitions/torified_browsing.rb
index afc4eaf..770fda5 100644
--- a/features/step_definitions/torified_browsing.rb
+++ b/features/step_definitions/torified_browsing.rb
@@ -1,13 +1,12 @@
-When /^I open a new tab in Iceweasel$/ do
+When /^I open a new tab in the Tor Browser$/ do
next if @skip_steps_while_restoring_background
- @screen.wait_and_click("IceweaselWindow.png", 10)
- @screen.type("t", Sikuli::KeyModifier.CTRL)
+ @screen.click("TorBrowserNewTabButton.png")
end
-When /^I open the address "([^"]*)" in Iceweasel$/ do |address|
+When /^I open the address "([^"]*)" in the Tor Browser$/ do |address|
next if @skip_steps_while_restoring_background
- step "I open a new tab in Iceweasel"
- @screen.type("l", Sikuli::KeyModifier.CTRL)
+ step "I open a new tab in the Tor Browser"
+ @screen.click("TorBrowserAddressBar.png")
sleep 0.5
@screen.type(address + Sikuli::Key.ENTER)
end
diff --git a/features/step_definitions/torified_gnupg.rb b/features/step_definitions/torified_gnupg.rb
index ba5d913..5a1462c 100644
--- a/features/step_definitions/torified_gnupg.rb
+++ b/features/step_definitions/torified_gnupg.rb
@@ -30,9 +30,17 @@ When /^the "([^"]*)" key is in the live user's public keyring after at most (\d+
}
end
+When /^I start Seahorse$/ do
+ next if @skip_steps_while_restoring_background
+ @screen.wait_and_click("GnomeApplicationsMenu.png", 10)
+ @screen.wait_and_click("GnomeApplicationsSystem.png", 10)
+ @screen.wait_and_click("GnomeApplicationsPreferences.png", 10)
+ @screen.wait_and_click("GnomeApplicationsSeahorse.png", 10)
+end
+
When /^I fetch the "([^"]*)" OpenPGP key using Seahorse$/ do |keyid|
next if @skip_steps_while_restoring_background
- step "I run \"torsocks seahorse\""
+ step "I start Seahorse"
@screen.wait("SeahorseWindow.png", 10)
@screen.type("r", Sikuli::KeyModifier.ALT) # Menu: "Remote" ->
@screen.type("f") # "Find Remote Keys...".
diff --git a/features/step_definitions/totem.rb b/features/step_definitions/totem.rb
new file mode 100644
index 0000000..d125f4e
--- /dev/null
+++ b/features/step_definitions/totem.rb
@@ -0,0 +1,50 @@
+def shared_video_dir_on_guest
+ "/tmp/shared_video_dir"
+end
+
+Given /^I create sample videos$/ do
+ next if @skip_steps_while_restoring_background
+ fatal_system("ffmpeg -loop 1 -t 30 -f image2 " +
+ "-i 'features/images/TailsBootSplash.png' " +
+ "-an -vcodec libx264 -y " +
+ "'#{$misc_files_dir}/video.mp4' >/dev/null 2>&1")
+end
+
+Given /^I setup a filesystem share containing sample videos$/ do
+ next if @skip_steps_while_restoring_background
+ @vm.add_share($misc_files_dir, shared_video_dir_on_guest)
+end
+
+Given /^I copy the sample videos to "([^"]+)" as user "([^"]+)"$/ do |destination, user|
+ next if @skip_steps_while_restoring_background
+ for video_on_host in Dir.glob("#{$misc_files_dir}/*.mp4") do
+ video_name = File.basename(video_on_host)
+ src_on_guest = "#{shared_video_dir_on_guest}/#{video_name}"
+ dst_on_guest = "#{destination}/#{video_name}"
+ step "I copy \"#{src_on_guest}\" to \"#{dst_on_guest}\" as user \"amnesia\""
+ end
+end
+
+When /^I start Totem through the GNOME menu$/ do
+ next if @skip_steps_while_restoring_background
+ @screen.wait_and_click("GnomeApplicationsMenu.png", 10)
+ @screen.wait_and_click("GnomeApplicationsSoundVideo.png", 10)
+ @screen.wait_and_click("GnomeApplicationsTotem.png", 20)
+ @screen.wait_and_click("TotemMainWindow.png", 20)
+end
+
+When /^I load the "([^"]+)" URL in Totem$/ do |url|
+ next if @skip_steps_while_restoring_background
+ @screen.type("l", Sikuli::KeyModifier.CTRL)
+ @screen.wait("TotemOpenUrlDialog.png", 10)
+ @screen.type(url + Sikuli::Key.ENTER)
+end
+
+When /^I(?:| try to) open "([^"]+)" with Totem$/ do |filename|
+ next if @skip_steps_while_restoring_background
+ step "I run \"totem #{filename}\" in GNOME Terminal"
+end
+
+When /^I close Totem$/ do
+ step 'I kill the process "totem"'
+end
diff --git a/features/step_definitions/unsafe_browser.rb b/features/step_definitions/unsafe_browser.rb
index a3cc222..86f1c16 100644
--- a/features/step_definitions/unsafe_browser.rb
+++ b/features/step_definitions/unsafe_browser.rb
@@ -27,15 +27,17 @@ end
When /^I start the Unsafe Browser$/ do
next if @skip_steps_while_restoring_background
- unsafe_browser_cmd = nil
- @vm.execute("cat /usr/share/applications/unsafe-browser.desktop").stdout.chomp.each_line { |line|
- next if ! line.start_with? "Exec="
- unsafe_browser_cmd = line[/^Exec=(.*)/,1]
- }
- assert(!unsafe_browser_cmd.nil?, "failed to extract the unsafe browser command")
- step "I run \"#{unsafe_browser_cmd}\""
+ @screen.wait_and_click("GnomeApplicationsMenu.png", 10)
+ @screen.wait_and_click("GnomeApplicationsInternet.png", 10)
+ @screen.wait_and_click("GnomeApplicationsUnsafeBrowser.png", 20)
+end
+
+When /^I successfully start the Unsafe Browser$/ do
+ next if @skip_steps_while_restoring_background
+ step "I start the Unsafe Browser"
step "I see and accept the Unsafe Browser start verification"
step "I see the Unsafe Browser start notification and wait for it to close"
+ step "the Unsafe Browser has started"
end
Then /^I see a warning about another instance already running$/ do
@@ -73,15 +75,24 @@ When /^I open the address "([^"]*)" in the Unsafe Browser$/ do |address|
@screen.type(address + Sikuli::Key.ENTER)
end
+# Workaround until the TBB shows the menu bar by default
+# https://lists.torproject.org/pipermail/tor-qa/2014-October/000478.html
+def show_unsafe_browser_menu_bar
+ try_for(15, :msg => "Failed to show the menu bar") do
+ @screen.type("h", Sikuli::KeyModifier.ALT)
+ @screen.find('UnsafeBrowserEditMenu.png')
+ end
+end
+
Then /^I cannot configure the Unsafe Browser to use any local proxies$/ do
next if @skip_steps_while_restoring_background
@screen.wait_and_click("UnsafeBrowserWindow.png", 10)
- sleep 0.5
# First we open the proxy settings page to prepare it with the
# correct open tabs for the loop below.
- @screen.type("e", Sikuli::KeyModifier.ALT)
- @screen.type("n")
- @screen.wait('UnsafeBrowserPreferences.png', 10)
+ show_unsafe_browser_menu_bar
+ @screen.hover('UnsafeBrowserEditMenu.png')
+ @screen.wait_and_click('UnsafeBrowserEditPreferences.png', 10)
+ @screen.wait('UnsafeBrowserPreferencesWindow.png', 10)
@screen.wait_and_click('UnsafeBrowserAdvancedSettings.png', 10)
@screen.wait_and_click('UnsafeBrowserNetworkTab.png', 10)
sleep 0.5
@@ -99,7 +110,7 @@ Then /^I cannot configure the Unsafe Browser to use any local proxies$/ do
proxies = [[socks_proxy, 9050],
[socks_proxy, 9061],
[socks_proxy, 9062],
- [socks_proxy, 9151],
+ [socks_proxy, 9150],
[http_proxy, 8118],
[no_proxy, 0]]
@@ -107,10 +118,13 @@ Then /^I cannot configure the Unsafe Browser to use any local proxies$/ do
proxy_type = proxy[0]
proxy_port = proxy[1]
+ @screen.hide_cursor
+
# Open proxy settings and select manual proxy configuration
- @screen.type("e", Sikuli::KeyModifier.ALT)
- @screen.type("n")
- @screen.wait('UnsafeBrowserPreferences.png', 10)
+ show_unsafe_browser_menu_bar
+ @screen.hover('UnsafeBrowserEditMenu.png')
+ @screen.wait_and_click('UnsafeBrowserEditPreferences.png', 10)
+ @screen.wait('UnsafeBrowserPreferencesWindow.png', 10)
@screen.type("e", Sikuli::KeyModifier.ALT)
@screen.wait('UnsafeBrowserProxySettings.png', 10)
@screen.type("m", Sikuli::KeyModifier.ALT)
diff --git a/features/step_definitions/usb.rb b/features/step_definitions/usb.rb
index e80c93d..f9f17ea 100644
--- a/features/step_definitions/usb.rb
+++ b/features/step_definitions/usb.rb
@@ -38,6 +38,12 @@ Given /^the computer is set to boot from the old Tails DVD$/ do
@vm.set_cdrom_boot($old_tails_iso)
end
+Given /^the computer is set to boot in UEFI mode$/ do
+ next if @skip_steps_while_restoring_background
+ @vm.set_os_loader('UEFI')
+ @os_loader = 'UEFI'
+end
+
class ISOHybridUpgradeNotSupported < StandardError
end
@@ -66,16 +72,23 @@ def usb_install_helper(name)
@screen.wait('USBInstallationComplete.png', 60*60)
end
+When /^I start Tails Installer$/ do
+ next if @skip_steps_while_restoring_background
+ @screen.wait_and_click("GnomeApplicationsMenu.png", 10)
+ @screen.wait_and_click("GnomeApplicationsTails.png", 10)
+ @screen.wait_and_click("GnomeApplicationsTailsInstaller.png", 20)
+end
+
When /^I "Clone & Install" Tails to USB drive "([^"]+)"$/ do |name|
next if @skip_steps_while_restoring_background
- step "I run \"liveusb-creator-launcher\""
+ step "I start Tails Installer"
@screen.wait_and_click('USBCloneAndInstall.png', 30)
usb_install_helper(name)
end
When /^I "Clone & Upgrade" Tails to USB drive "([^"]+)"$/ do |name|
next if @skip_steps_while_restoring_background
- step "I run \"liveusb-creator-launcher\""
+ step "I start Tails Installer"
@screen.wait_and_click('USBCloneAndUpgrade.png', 30)
usb_install_helper(name)
end
@@ -97,7 +110,7 @@ When /^I am suggested to do a "Clone & Install"$/ do
end
def shared_iso_dir_on_guest
- "/tmp/shared_dir"
+ "/tmp/shared_iso_dir"
end
Given /^I setup a filesystem share containing the Tails ISO$/ do
@@ -107,7 +120,7 @@ end
When /^I do a "Upgrade from ISO" on USB drive "([^"]+)"$/ do |name|
next if @skip_steps_while_restoring_background
- step "I run \"liveusb-creator-launcher\""
+ step "I start Tails Installer"
@screen.wait_and_click('USBUpgradeFromISO.png', 10)
@screen.wait('USBUseLiveSystemISO.png', 10)
match = @screen.find('USBUseLiveSystemISO.png')
@@ -135,9 +148,9 @@ end
Given /^I create a persistent partition with password "([^"]+)"$/ do |pwd|
next if @skip_steps_while_restoring_background
- step 'I run "gnome-terminal"'
- @screen.wait_and_click('GnomeTerminalWindow.png', 20)
- @screen.type('/usr/local/bin/tails-persistence-setup' + Sikuli::Key.ENTER)
+ @screen.wait_and_click("GnomeApplicationsMenu.png", 10)
+ @screen.wait_and_click("GnomeApplicationsTails.png", 10)
+ @screen.wait_and_click("GnomeApplicationsConfigurePersistentVolume.png", 20)
@screen.wait('PersistenceWizardWindow.png', 40)
@screen.wait('PersistenceWizardStart.png', 20)
@screen.type(pwd + "\t" + pwd + Sikuli::Key.ENTER)
@@ -188,15 +201,6 @@ def tails_is_installed_helper(name, tails_root, loader)
assert(c.success?, "USB drive '#{name}' has differences in " +
"'/syslinux/syslinux.cfg'")
- # We have to account for the different path vs isolinux
- old_exithelp = @vm.execute("cat '#{tails_root}/#{loader}/exithelp.cfg'").stdout
- new_exithelp = @vm.execute("cat '#{target_root}/syslinux/exithelp.cfg'").stdout
- new_exithelp_undiffed = new_exithelp.sub("kernel /syslinux/vesamenu.c32",
- "kernel /#{loader}/vesamenu.c32")
- assert(new_exithelp_undiffed == old_exithelp,
- "USB drive '#{name}' has unexpected differences in " +
- "'/syslinux/exithelp.cfg'")
-
@vm.execute("umount #{target_root}")
@vm.execute("sync")
end
@@ -324,8 +328,7 @@ end
Then /^Tails is running from USB drive "([^"]+)"$/ do |name|
next if @skip_steps_while_restoring_background
- assert(boot_device_type == "usb",
- "Got device type '#{boot_device_type}' while expecting 'usb'")
+ assert_equal("usb", boot_device_type)
actual_dev = boot_device
# The boot partition differs between a "normal" install using the
# USB installer and isohybrid installations
@@ -354,13 +357,11 @@ Then /^the boot device has safe access rights$/ do
dev_owner = @vm.execute("stat -c %U #{dev}").stdout.chomp
dev_group = @vm.execute("stat -c %G #{dev}").stdout.chomp
dev_perms = @vm.execute("stat -c %a #{dev}").stdout.chomp
- assert(dev_owner == "root",
- "Boot device '#{dev}' owned by user '#{dev_owner}', expected 'root'")
+ assert_equal("root", dev_owner)
assert(dev_group == "disk" || dev_group == "root",
"Boot device '#{dev}' owned by group '#{dev_group}', expected " +
"'disk' or 'root'.")
- assert(dev_perms == "1660",
- "Boot device '#{dev}' has permissions '#{dev_perms}', expected '660'")
+ assert_equal("1660", dev_perms)
for user, groups in all_users_with_groups do
next if user == "root"
assert(!(groups.include?(dev_group)),
@@ -379,12 +380,9 @@ Then /^persistent filesystems have safe access rights$/ do
fs_owner = @vm.execute("stat -c %U #{mountpoint}").stdout.chomp
fs_group = @vm.execute("stat -c %G #{mountpoint}").stdout.chomp
fs_perms = @vm.execute("stat -c %a #{mountpoint}").stdout.chomp
- assert(fs_owner == "root",
- "Persistent filesystem '#{mountpoint}' owned by user '#{fs_owner}', expected 'root'")
- assert(fs_group == "root",
- "Persistent filesystem '#{mountpoint}' owned by group '#{fs_group}', expected 'root'")
- assert(fs_perms == '775',
- "Persistent filesystem '#{mountpoint}' has permissions '#{fs_perms}', expected '775'")
+ assert_equal("root", fs_owner)
+ assert_equal("root", fs_group)
+ assert_equal('775', fs_perms)
end
end
@@ -400,12 +398,9 @@ Then /^persistence configuration files have safe access rights$/ do
file_owner = @vm.execute("stat -c %U '#{f}'").stdout.chomp
file_group = @vm.execute("stat -c %G '#{f}'").stdout.chomp
file_perms = @vm.execute("stat -c %a '#{f}'").stdout.chomp
- assert(file_owner == "tails-persistence-setup",
- "'#{f}' is owned by user '#{file_owner}', expected 'tails-persistence-setup'")
- assert(file_group == "tails-persistence-setup",
- "'#{f}' is owned by group '#{file_group}', expected 'tails-persistence-setup'")
- assert(file_perms == "600",
- "'#{f}' has permissions '#{file_perms}', expected '600'")
+ assert_equal("tails-persistence-setup", file_owner)
+ assert_equal("tails-persistence-setup", file_group)
+ assert_equal("600", file_perms)
end
end
end
@@ -422,8 +417,7 @@ Then /^persistent directories have safe access rights$/ do
f = "#{mountpoint}/#{src}"
next unless @vm.execute("test -d #{f}").success?
file_perms = @vm.execute("stat -c %a '#{f}'").stdout.chomp
- assert(file_perms == expected_perms,
- "'#{f}' has permissions '#{file_perms}', expected '#{expected_perms}'")
+ assert_equal(expected_perms, file_perms)
end
end
end
@@ -483,11 +477,16 @@ end
When /^I delete the persistent partition$/ do
next if @skip_steps_while_restoring_background
- step 'I run "gnome-terminal"'
- @screen.wait_and_click('GnomeTerminalWindow.png', 20)
- @screen.type('/usr/local/bin/tails-delete-persistent-volume' + Sikuli::Key.ENTER)
+ @screen.wait_and_click("GnomeApplicationsMenu.png", 10)
+ @screen.wait_and_click("GnomeApplicationsTails.png", 10)
+ @screen.wait_and_click("GnomeApplicationsDeletePersistentVolume.png", 20)
@screen.wait("PersistenceWizardWindow.png", 40)
@screen.wait("PersistenceWizardDeletionStart.png", 20)
@screen.type(" ")
@screen.wait("PersistenceWizardDone.png", 120)
end
+
+Then /^Tails has started in UEFI mode$/ do
+ assert(@vm.execute("test -d /sys/firmware/efi").success?,
+ "/sys/firmware/efi does not exist")
+ end
diff --git a/features/support/config.rb b/features/support/config.rb
index fa0f1d7..b5f6fcd 100644
--- a/features/support/config.rb
+++ b/features/support/config.rb
@@ -10,6 +10,7 @@ $misc_files_dir = "#{Dir.pwd}/features/misc_files"
$keep_snapshots = !ENV['KEEP_SNAPSHOTS'].nil?
$x_display = ENV['DISPLAY']
$debug = !ENV['DEBUG'].nil?
+$pause_on_fail = !ENV['PAUSE_ON_FAIL'].nil?
$time_at_start = Time.now
$live_user = cmd_helper(". config/chroot_local-includes/etc/live/config.d/username.conf; echo ${LIVE_USERNAME}").chomp
$sikuli_retry_findfailed = !ENV['SIKULI_RETRY_FINDFAILED'].nil?
diff --git a/features/support/helpers/exec_helper.rb b/features/support/helpers/exec_helper.rb
index 9a745a4..b0d3a9c 100644
--- a/features/support/helpers/exec_helper.rb
+++ b/features/support/helpers/exec_helper.rb
@@ -3,9 +3,10 @@ require 'socket'
class VMCommand
- attr_reader :returncode, :stdout, :stderr
+ attr_reader :cmd, :returncode, :stdout, :stderr
def initialize(vm, cmd, options = {})
+ @cmd = cmd
@returncode, @stdout, @stderr = VMCommand.execute(vm, cmd, options)
end
diff --git a/features/support/helpers/misc_helpers.rb b/features/support/helpers/misc_helpers.rb
index 533816f..caf64b8 100644
--- a/features/support/helpers/misc_helpers.rb
+++ b/features/support/helpers/misc_helpers.rb
@@ -1,8 +1,15 @@
require 'date'
require 'timeout'
+require 'test/unit'
-def assert(b, msg = "Assertion failed!")
- raise RuntimeError, msg, caller if ! b
+# Make all the assert_* methods easily accessible in any context.
+include Test::Unit::Assertions
+
+def assert_vmcommand_success(p, msg = nil)
+ assert(p.success?, msg.nil? ? "Command failed: #{p.cmd}\n" + \
+ "error code: #{p.returncode}\n" \
+ "stderr: #{p.stderr}" : \
+ msg)
end
# Call block (ignoring any exceptions it may throw) repeatedly with one
@@ -39,8 +46,7 @@ end
def wait_until_tor_is_working
try_for(240) { @vm.execute(
- '. /usr/local/lib/tails-shell-library/tor.sh; ' +
- 'tor_control_getinfo status/circuit-established').stdout == "1\n" }
+ '. /usr/local/lib/tails-shell-library/tor.sh; tor_is_working').success? }
end
def convert_bytes_mod(unit)
@@ -77,7 +83,7 @@ def cmd_helper(cmd)
out = p.readlines.join("\n")
p.close
ret = $?
- assert(ret == 0, "Command failed (returned #{ret}): #{cmd}:\n#{out}")
+ assert_equal(0, ret, "Command failed (returned #{ret}): #{cmd}:\n#{out}")
return out
end
end
diff --git a/features/support/helpers/sikuli_helper.rb b/features/support/helpers/sikuli_helper.rb
index 8a0154f..f6211be 100644
--- a/features/support/helpers/sikuli_helper.rb
+++ b/features/support/helpers/sikuli_helper.rb
@@ -108,6 +108,10 @@ def sikuli_script_proxy.new(*args)
self.click(self.wait(pic, time))
end
+ def s.wait_and_double_click(pic, time)
+ self.doubleClick(self.wait(pic, time))
+ end
+
def s.hover_point(x, y)
self.hover(Sikuli::Location.new(x, y))
end
diff --git a/features/support/helpers/storage_helper.rb b/features/support/helpers/storage_helper.rb
index d6fb9ae..80a1e1e 100644
--- a/features/support/helpers/storage_helper.rb
+++ b/features/support/helpers/storage_helper.rb
@@ -128,14 +128,14 @@ class VMStorage
# For type, see label-type for mklabel in parted(8)
def disk_mklabel(name, type)
- assert disk_format(name) == "raw"
+ assert_equal("raw", disk_format(name))
path = disk_path(name)
cmd_helper("/sbin/parted -s '#{path}' mklabel #{type}")
end
# For fstype, see fs-type for mkfs in parted(8)
def disk_mkpartfs(name, fstype)
- assert disk_format(name) == "raw"
+ assert(disk_format(name), "raw")
path = disk_path(name)
cmd_helper("/sbin/parted -s '#{path}' mkpartfs primary '#{fstype}' 0% 100%")
end
diff --git a/features/support/helpers/vm_helper.rb b/features/support/helpers/vm_helper.rb
index 9f1529f..2b5ad29 100644
--- a/features/support/helpers/vm_helper.rb
+++ b/features/support/helpers/vm_helper.rb
@@ -303,6 +303,21 @@ EOF
update_domain(domain_xml.to_s)
end
+ def set_os_loader(type)
+ if is_running?
+ raise "boot settings can only be set for inactice vms"
+ end
+ if type == 'UEFI'
+ domain_xml = REXML::Document.new(@domain.xml_desc)
+ domain_xml.elements['domain/os'].add_element(REXML::Document.new(
+ '<loader>/usr/share/ovmf/OVMF.fd</loader>'
+ ))
+ update_domain(domain_xml.to_s)
+ else
+ raise "unsupported OS loader type"
+ end
+ end
+
def is_running?
begin
return @domain.active?
@@ -315,6 +330,12 @@ EOF
return VMCommand.new(self, cmd, { :user => user, :spawn => false })
end
+ def execute_successfully(cmd, user = "root")
+ p = execute(cmd, user)
+ assert_vmcommand_success(p)
+ return p
+ end
+
def spawn(cmd, user = "root")
return VMCommand.new(self, cmd, { :user => user, :spawn => true })
end
@@ -340,6 +361,19 @@ EOF
return execute("pidof -x -o '%PPID' " + process).stdout.chomp.split
end
+ def file_exist?(file)
+ execute("test -e #{file}").success?
+ end
+
+ def file_content(file, user = 'root')
+ # We don't quote #{file} on purpose: we sometimes pass environment variables
+ # or globs that we want to be interpreted by the shell.
+ cmd = execute("cat #{file}", user)
+ assert(cmd.success?,
+ "Could not cat '#{file}':\n#{cmd.stdout}\n#{cmd.stderr}")
+ return cmd.stdout
+ end
+
def save_snapshot(path)
@domain.save(path)
@display.stop
diff --git a/features/support/hooks.rb b/features/support/hooks.rb
index a84af86..2f2f98c 100644
--- a/features/support/hooks.rb
+++ b/features/support/hooks.rb
@@ -92,6 +92,7 @@ Before('@product') do
@skip_steps_while_restoring_background = false
end
@theme = "gnome"
+ @os_loader = "MBR"
end
# AfterScenario
@@ -107,6 +108,11 @@ After('@product') do |scenario|
out = "#{$tmp_dir}/#{base}-#{DateTime.now}.png"
FileUtils.mv(tmp, out)
STDERR.puts("Took screenshot \"#{out}\"")
+ if $pause_on_fail
+ STDERR.puts ""
+ STDERR.puts "Press ENTER to continue running the test suite"
+ STDIN.gets
+ end
end
if @sniffer
@sniffer.stop
diff --git a/features/time_syncing.feature b/features/time_syncing.feature
index 64a2d75..a32d5a7 100644
--- a/features/time_syncing.feature
+++ b/features/time_syncing.feature
@@ -6,11 +6,7 @@ Feature: Time syncing
Background:
Given a computer
- And the network is unplugged
- And I start the computer
- And the computer boots Tails
- And I log in to a new session
- And GNOME has started
+ And I start Tails from DVD with network unplugged and I login
And I save the state so the background can be restored next scenario
Scenario: Clock with host's time
diff --git a/features/torified_browsing.feature b/features/torified_browsing.feature
index 7ad6ad1..cc9ddf1 100644
--- a/features/torified_browsing.feature
+++ b/features/torified_browsing.feature
@@ -1,7 +1,7 @@
@product
-Feature: Browsing the web using Iceweasel
+Feature: Browsing the web using the Tor Browser
As a Tails user
- when I browse the web using Iceweasel
+ when I browse the web using the Tor Browser
all Internet traffic should flow only through Tor
Background:
@@ -16,15 +16,20 @@ Feature: Browsing the web using Iceweasel
And all notifications have disappeared
And I save the state so the background can be restored next scenario
- Scenario: Opening check.torproject.org in Iceweasel shows the green onion and the congratulations message
- When I run "iceweasel"
- And Iceweasel has started and is not loading a web page
- And I open the address "https://check.torproject.org" in Iceweasel
- Then I see "IceweaselTorCheck.png" after at most 180 seconds
+ Scenario: The Tor Browser uses TBB's shared libraries
+ When I start the Tor Browser
+ And the Tor Browser has started
+ Then the Tor Browser uses all expected TBB shared libraries
+
+ Scenario: Opening check.torproject.org in the Tor Browser shows the green onion and the congratulations message
+ When I start the Tor Browser
+ And the Tor Browser has started and loaded the startup page
+ And I open the address "https://check.torproject.org" in the Tor Browser
+ Then I see "TorBrowserTorCheck.png" after at most 180 seconds
And all Internet traffic has only flowed through Tor
- Scenario: Iceweasel should not have any plugins enabled
- When I run "iceweasel"
- And Iceweasel has started and is not loading a web page
- And I open the address "about:plugins" in Iceweasel
- Then I see "IceweaselNoPlugins.png" after at most 60 seconds
+ Scenario: The Tor Browser should not have any plugins enabled
+ When I start the Tor Browser
+ And the Tor Browser has started and loaded the startup page
+ And I open the address "about:plugins" in the Tor Browser
+ Then I see "TorBrowserNoPlugins.png" after at most 60 seconds
diff --git a/features/totem.feature b/features/totem.feature
new file mode 100644
index 0000000..2729b27
--- /dev/null
+++ b/features/totem.feature
@@ -0,0 +1,59 @@
+@product
+Feature: Using Totem
+ As a Tails user
+ I want to watch local and remote videos in Totem
+ And AppArmor should prevent Totem from doing dangerous things
+ And all Internet traffic should flow only through Tor
+
+ # We cannot use Background to save a snapshot of an already booted
+ # Tails here, due to bugs with filesystem shares vs. snapshots, as
+ # explained in checks.feature.
+
+ Background:
+ Given I create sample videos
+
+ Scenario: Watching a MP4 video stored on the non-persistent filesystem
+ Given a computer
+ And I setup a filesystem share containing sample videos
+ And I start Tails from DVD with network unplugged and I login
+ And I copy the sample videos to "/home/amnesia" as user "amnesia"
+ When I open "/home/amnesia/video.mp4" with Totem
+ Then I see "SampleLocalMp4VideoFrame.png" after at most 10 seconds
+ Given I close Totem
+ And I copy the sample videos to "/home/amnesia/.gnupg" as user "amnesia"
+ When I try to open "/home/amnesia/.gnupg/video.mp4" with Totem
+ Then I see "TotemUnableToOpen.png" after at most 10 seconds
+
+ Scenario: Watching a WebM video over HTTPS, with and without the command-line
+ Given a computer
+ And I capture all network traffic
+ And I start Tails from DVD and I login
+ When I open "https://webm.html5.org/test.webm" with Totem
+ Then I see "SampleRemoteWebMVideoFrame.png" after at most 10 seconds
+ When I close Totem
+ And I start Totem through the GNOME menu
+ When I load the "https://webm.html5.org/test.webm" URL in Totem
+ Then I see "SampleRemoteWebMVideoFrame.png" after at most 10 seconds
+ And all Internet traffic has only flowed through Tor
+
+ @keep_volumes
+ Scenario: Installing Tails on a USB drive, creating a persistent partition, copying video files to it
+ Given the USB drive "current" contains Tails with persistence configured and password "asdf"
+ And a computer
+ And I setup a filesystem share containing sample videos
+ And I start Tails from USB drive "current" with network unplugged and I login with persistence password "asdf"
+ And I copy the sample videos to "/home/amnesia/Persistent" as user "amnesia"
+ And I copy the sample videos to "/home/amnesia/.gnupg" as user "amnesia"
+ And I shutdown Tails and wait for the computer to power off
+
+ @keep_volumes
+ Scenario: Watching a MP4 video stored on the persistent volume
+ Given a computer
+ And I start Tails from USB drive "current" with network unplugged and I login with persistence password "asdf"
+ And the file "/home/amnesia/Persistent/video.mp4" exists
+ When I open "/home/amnesia/Persistent/video.mp4" with Totem
+ Then I see "SampleLocalMp4VideoFrame.png" after at most 10 seconds
+ Given I close Totem
+ And the file "/home/amnesia/.gnupg/video.mp4" exists
+ When I try to open "/home/amnesia/.gnupg/video.mp4" with Totem
+ Then I see "TotemUnableToOpen.png" after at most 10 seconds
diff --git a/features/truecrypt.feature b/features/truecrypt.feature
index 8c884a0..db4cb5b 100644
--- a/features/truecrypt.feature
+++ b/features/truecrypt.feature
@@ -6,12 +6,7 @@ Feature: TrueCrypt
Scenario: TrueCrypt starts
Given a computer
And I set Tails to boot with options "truecrypt"
- And the network is unplugged
- And I start the computer
- And the computer boots Tails
- And I log in to a new session
- And GNOME has started
- And all notifications have disappeared
+ And I start Tails from DVD with network unplugged and I login
When I start TrueCrypt through the GNOME menu
And I deal with the removal warning prompt
Then I see "TrueCryptWindow.png" after at most 60 seconds
diff --git a/features/unsafe_browser.feature b/features/unsafe_browser.feature
index d503b8c..80d91af 100644
--- a/features/unsafe_browser.feature
+++ b/features/unsafe_browser.feature
@@ -16,37 +16,32 @@ Feature: Browsing the web using the Unsafe Browser
And I save the state so the background can be restored next scenario
Scenario: Starting the Unsafe Browser works as it should.
- When I start the Unsafe Browser
- Then the Unsafe Browser has started
- And the Unsafe Browser has a red theme
+ When I successfully start the Unsafe Browser
+ Then the Unsafe Browser has a red theme
And the Unsafe Browser shows a warning as its start page
+ And the Unsafe Browser uses all expected TBB shared libraries
Scenario: Closing the Unsafe Browser shows a stop notification.
- When I start the Unsafe Browser
- Then the Unsafe Browser has started
+ When I successfully start the Unsafe Browser
And I close the Unsafe Browser
Then I see the Unsafe Browser stop notification
Scenario: Starting a second instance of the Unsafe Browser results in an error message being shown.
- When I start the Unsafe Browser
- Then the Unsafe Browser has started
- And I run "sudo unsafe-browser"
+ When I successfully start the Unsafe Browser
+ And I start the Unsafe Browser
Then I see a warning about another instance already running
Scenario: The Unsafe Browser cannot be restarted before the previous instance has been cleaned up.
- When I start the Unsafe Browser
- Then the Unsafe Browser has started
+ When I successfully start the Unsafe Browser
And I close the Unsafe Browser
- And I run "sudo unsafe-browser"
+ And I start the Unsafe Browser
Then I see a warning about another instance already running
Scenario: Opening check.torproject.org in the Unsafe Browser shows the red onion and a warning message.
- When I start the Unsafe Browser
- Then the Unsafe Browser has started
+ When I successfully start the Unsafe Browser
And I open the address "https://check.torproject.org" in the Unsafe Browser
Then I see "UnsafeBrowserTorCheckFail.png" after at most 60 seconds
Scenario: The Unsafe Browser cannot be configured to use Tor and other local proxies.
- When I start the Unsafe Browser
- Then the Unsafe Browser has started
+ When I successfully start the Unsafe Browser
Then I cannot configure the Unsafe Browser to use any local proxies
diff --git a/features/untrusted_partitions.feature b/features/untrusted_partitions.feature
index 03ab2ad..816fbe7 100644
--- a/features/untrusted_partitions.feature
+++ b/features/untrusted_partitions.feature
@@ -10,21 +10,13 @@ Feature: Untrusted partitions
And I cat an ISO hybrid of the Tails image to disk "live_hd"
And the computer is set to boot from ide drive "live_hd"
And I set Tails to boot with options "live-media="
- And the network is unplugged
- When I start the computer
- And the computer boots Tails
- And I log in to a new session
+ And I start Tails from DVD with network unplugged and I login
Then Tails seems to have booted normally
Scenario: Tails booting from a DVD does not use live systems stored on hard drives
Given a computer
- And the computer is set to boot from the Tails DVD
And I plug ide drive "live_hd"
- And the network is unplugged
- When I start the computer
- And the computer boots Tails
- And I log in to a new session
- And GNOME has started
+ And I start Tails from DVD with network unplugged and I login
Then drive "live_hd" is detected by Tails
And drive "live_hd" is not mounted
@@ -34,11 +26,7 @@ Feature: Untrusted partitions
And I create a gpt label on disk "gpt_ext2"
And I create a ext2 filesystem on disk "gpt_ext2"
And I plug ide drive "gpt_ext2"
- And the network is unplugged
- When I start the computer
- And the computer boots Tails
- And I log in to a new session
- And GNOME has started
+ And I start Tails from DVD with network unplugged and I login
Then drive "gpt_ext2" is detected by Tails
And drive "gpt_ext2" is not mounted
@@ -48,10 +36,6 @@ Feature: Untrusted partitions
And I create a msdos label on disk "msdos_fat32"
And I create a fat32 filesystem on disk "msdos_fat32"
And I plug ide drive "msdos_fat32"
- And the network is unplugged
- When I start the computer
- And the computer boots Tails
- And I log in to a new session
- And GNOME has started
+ And I start Tails from DVD with network unplugged and I login
Then drive "msdos_fat32" is detected by Tails
And drive "msdos_fat32" is not mounted
diff --git a/features/usb_install.feature b/features/usb_install.feature
index 780c32a..b40ca93 100644
--- a/features/usb_install.feature
+++ b/features/usb_install.feature
@@ -8,13 +8,7 @@ Feature: Installing Tails to a USB drive, upgrading it, and using persistence
@keep_volumes
Scenario: Installing Tails to a pristine USB drive
Given a computer
- And the computer is set to boot from the Tails DVD
- And the network is unplugged
- And I start the computer
- When the computer boots Tails
- And I log in to a new session
- And GNOME has started
- And all notifications have disappeared
+ And I start Tails from DVD with network unplugged and I login
And I create a new 4 GiB USB drive named "current"
And I plug USB drive "current"
And I "Clone & Install" Tails to USB drive "current"
@@ -23,17 +17,20 @@ Feature: Installing Tails to a USB drive, upgrading it, and using persistence
And I unplug USB drive "current"
@keep_volumes
- Scenario: Booting Tails from a USB drive without a persistent partition and creating one
+ Scenario: Booting Tails from a USB drive in UEFI mode
Given a computer
- And the computer is set to boot from USB drive "current"
- And the network is unplugged
- When I start the computer
- And the computer boots Tails
+ And the computer is set to boot in UEFI mode
+ When I start Tails from USB drive "current" with network unplugged and I login
+ Then the boot device has safe access rights
+ And Tails is running from USB drive "current"
And the boot device has safe access rights
- And I log in to a new session
- And GNOME has started
- And all notifications have disappeared
- Then Tails seems to have booted normally
+ And Tails has started in UEFI mode
+
+ @keep_volumes
+ Scenario: Booting Tails from a USB drive without a persistent partition and creating one
+ Given a computer
+ And I start Tails from USB drive "current" with network unplugged and I login
+ Then the boot device has safe access rights
And Tails is running from USB drive "current"
And the boot device has safe access rights
And there is no persistence partition on USB drive "current"
@@ -44,19 +41,14 @@ Feature: Installing Tails to a USB drive, upgrading it, and using persistence
@keep_volumes
Scenario: Booting Tails from a USB drive with a disabled persistent partition
Given a computer
- And the computer is set to boot from USB drive "current"
- And the network is unplugged
- When I start the computer
- And the computer boots Tails
- And I log in to a new session
- Then Tails seems to have booted normally
- And Tails is running from USB drive "current"
+ And I start Tails from USB drive "current" with network unplugged and I login
+ Then Tails is running from USB drive "current"
And the boot device has safe access rights
And persistence is disabled
But a Tails persistence partition with password "asdf" exists on USB drive "current"
@keep_volumes
- Scenario: Writing files to a read/write-enabled persistent partition
+ Scenario: Persistent browser bookmarks
Given a computer
And the computer is set to boot from USB drive "current"
And the network is unplugged
@@ -69,6 +61,28 @@ Feature: Installing Tails to a USB drive, upgrading it, and using persistence
And GNOME has started
And all notifications have disappeared
And persistence is enabled
+ And persistent filesystems have safe access rights
+ And persistence configuration files have safe access rights
+ And persistent directories have safe access rights
+ And I start the Tor Browser in offline mode
+ And the Tor Browser has started in offline mode
+ And I add a bookmark to eff.org in the Tor Browser
+ And I warm reboot the computer
+ And the computer reboots Tails
+ And I enable read-only persistence with password "asdf"
+ And I log in to a new session
+ And GNOME has started
+ And I start the Tor Browser in offline mode
+ And the Tor Browser has started in offline mode
+ Then the Tor Browser has a bookmark to eff.org
+
+ @keep_volumes
+ Scenario: Writing files to a read/write-enabled persistent partition
+ Given a computer
+ And I start Tails from USB drive "current" with network unplugged and I login with persistence password "asdf"
+ Then Tails is running from USB drive "current"
+ And the boot device has safe access rights
+ And persistence is enabled
And I write some files expected to persist
And persistent filesystems have safe access rights
And persistence configuration files have safe access rights
@@ -79,16 +93,9 @@ Feature: Installing Tails to a USB drive, upgrading it, and using persistence
@keep_volumes
Scenario: Writing files to a read-only-enabled persistent partition
Given a computer
- And the computer is set to boot from USB drive "current"
- And the network is unplugged
- When I start the computer
- And the computer boots Tails
- And Tails is running from USB drive "current"
+ And I start Tails from USB drive "current" with network unplugged and I login with read-only persistence password "asdf"
+ Then Tails is running from USB drive "current"
And the boot device has safe access rights
- And I enable read-only persistence with password "asdf"
- And I log in to a new session
- And GNOME has started
- And all notifications have disappeared
And persistence is enabled
And I write some files not expected to persist
And I remove some files expected to persist
@@ -98,14 +105,9 @@ Feature: Installing Tails to a USB drive, upgrading it, and using persistence
@keep_volumes
Scenario: Deleting a Tails persistent partition
Given a computer
- And the computer is set to boot from USB drive "current"
- And the network is unplugged
- And I start the computer
- And the computer boots Tails
- And I log in to a new session
- And Tails is running from USB drive "current"
+ And I start Tails from USB drive "current" with network unplugged and I login
+ Then Tails is running from USB drive "current"
And the boot device has safe access rights
- And Tails seems to have booted normally
And persistence is disabled
But a Tails persistence partition with password "asdf" exists on USB drive "current"
And all notifications have disappeared
@@ -132,14 +134,8 @@ Feature: Installing Tails to a USB drive, upgrading it, and using persistence
@keep_volumes
Scenario: Creating a persistent partition with the old Tails USB installation
Given a computer
- And the computer is set to boot from USB drive "old"
- And the network is unplugged
- When I start the computer
- And the computer boots Tails
- And Tails is running from USB drive "old"
- And I log in to a new session
- And GNOME has started
- And all notifications have disappeared
+ And I start Tails from USB drive "old" with network unplugged and I login
+ Then Tails is running from USB drive "old"
And I create a persistent partition with password "asdf"
Then a Tails persistence partition with password "asdf" exists on USB drive "old"
And I shutdown Tails and wait for the computer to power off
@@ -147,15 +143,8 @@ Feature: Installing Tails to a USB drive, upgrading it, and using persistence
@keep_volumes
Scenario: Writing files to a read/write-enabled persistent partition with the old Tails USB installation
Given a computer
- And the computer is set to boot from USB drive "old"
- And the network is unplugged
- When I start the computer
- And the computer boots Tails
- And Tails is running from USB drive "old"
- And I enable persistence with password "asdf"
- And I log in to a new session
- And GNOME has started
- And all notifications have disappeared
+ And I start Tails from USB drive "old" with network unplugged and I login with persistence password "asdf"
+ Then Tails is running from USB drive "old"
And persistence is enabled
And I write some files expected to persist
And persistent filesystems have safe access rights
@@ -168,13 +157,7 @@ Feature: Installing Tails to a USB drive, upgrading it, and using persistence
Scenario: Upgrading an old Tails USB installation from a Tails DVD
Given a computer
And I clone USB drive "old" to a new USB drive "to_upgrade"
- And the computer is set to boot from the Tails DVD
- And the network is unplugged
- When I start the computer
- And the computer boots Tails
- And I log in to a new session
- And GNOME has started
- And all notifications have disappeared
+ And I start Tails from DVD with network unplugged and I login
And I plug USB drive "to_upgrade"
And I "Clone & Upgrade" Tails to USB drive "to_upgrade"
Then the running Tails is installed on USB drive "to_upgrade"
@@ -183,14 +166,8 @@ Feature: Installing Tails to a USB drive, upgrading it, and using persistence
@keep_volumes
Scenario: Booting Tails from a USB drive upgraded from DVD with persistence enabled
Given a computer
- And the computer is set to boot from USB drive "to_upgrade"
- And the network is unplugged
- When I start the computer
- And the computer boots Tails
- And I enable persistence with password "asdf"
- And I log in to a new session
- Then Tails seems to have booted normally
- And Tails is running from USB drive "to_upgrade"
+ And I start Tails from USB drive "to_upgrade" with network unplugged and I login with persistence password "asdf"
+ Then Tails is running from USB drive "to_upgrade"
And the boot device has safe access rights
And the expected persistent files are present in the filesystem
And persistent directories have safe access rights
@@ -199,15 +176,9 @@ Feature: Installing Tails to a USB drive, upgrading it, and using persistence
Scenario: Upgrading an old Tails USB installation from another Tails USB drive
Given a computer
And I clone USB drive "old" to a new USB drive "to_upgrade"
- And the computer is set to boot from USB drive "current"
- And the network is unplugged
- When I start the computer
- And the computer boots Tails
- And Tails is running from USB drive "current"
+ And I start Tails from USB drive "current" with network unplugged and I login
+ Then Tails is running from USB drive "current"
And the boot device has safe access rights
- And I log in to a new session
- And GNOME has started
- And all notifications have disappeared
And I plug USB drive "to_upgrade"
And I "Clone & Upgrade" Tails to USB drive "to_upgrade"
Then the running Tails is installed on USB drive "to_upgrade"
@@ -217,14 +188,8 @@ Feature: Installing Tails to a USB drive, upgrading it, and using persistence
@keep_volumes
Scenario: Booting Tails from a USB drive upgraded from USB with persistence enabled
Given a computer
- And the computer is set to boot from USB drive "to_upgrade"
- And the network is unplugged
- When I start the computer
- And the computer boots Tails
- And I enable persistence with password "asdf"
- And I log in to a new session
- Then Tails seems to have booted normally
- And persistence is enabled
+ And I start Tails from USB drive "to_upgrade" with network unplugged and I login with persistence password "asdf"
+ Then persistence is enabled
And Tails is running from USB drive "to_upgrade"
And the boot device has safe access rights
And the expected persistent files are present in the filesystem
@@ -234,14 +199,8 @@ Feature: Installing Tails to a USB drive, upgrading it, and using persistence
Scenario: Upgrading an old Tails USB installation from an ISO image, running on the old version
Given a computer
And I clone USB drive "old" to a new USB drive "to_upgrade"
- And the computer is set to boot from USB drive "old"
- And the network is unplugged
And I setup a filesystem share containing the Tails ISO
- When I start the computer
- And the computer boots Tails
- And I log in to a new session
- And GNOME has started
- And all notifications have disappeared
+ When I start Tails from USB drive "old" with network unplugged and I login
And I plug USB drive "to_upgrade"
And I do a "Upgrade from ISO" on USB drive "to_upgrade"
Then the ISO's Tails is installed on USB drive "to_upgrade"
@@ -251,14 +210,8 @@ Feature: Installing Tails to a USB drive, upgrading it, and using persistence
Scenario: Upgrading an old Tails USB installation from an ISO image, running on the new version
Given a computer
And I clone USB drive "old" to a new USB drive "to_upgrade"
- And the computer is set to boot from the Tails DVD
- And the network is unplugged
And I setup a filesystem share containing the Tails ISO
- When I start the computer
- And the computer boots Tails
- And I log in to a new session
- And GNOME has started
- And all notifications have disappeared
+ And I start Tails from DVD with network unplugged and I login
And I plug USB drive "to_upgrade"
And I do a "Upgrade from ISO" on USB drive "to_upgrade"
Then the ISO's Tails is installed on USB drive "to_upgrade"
@@ -266,14 +219,8 @@ Feature: Installing Tails to a USB drive, upgrading it, and using persistence
Scenario: Booting a USB drive upgraded from ISO with persistence enabled
Given a computer
- And the computer is set to boot from USB drive "to_upgrade"
- And the network is unplugged
- When I start the computer
- And the computer boots Tails
- And I enable persistence with password "asdf"
- And I log in to a new session
- Then Tails seems to have booted normally
- And persistence is enabled
+ And I start Tails from USB drive "to_upgrade" with network unplugged and I login with persistence password "asdf"
+ Then persistence is enabled
And Tails is running from USB drive "to_upgrade"
And the boot device has safe access rights
And the expected persistent files are present in the filesystem
@@ -284,13 +231,7 @@ Feature: Installing Tails to a USB drive, upgrading it, and using persistence
Given a computer
And I create a 4 GiB disk named "mbr"
And I create a msdos label on disk "mbr"
- And the computer is set to boot from the Tails DVD
- And the network is unplugged
- And I start the computer
- When the computer boots Tails
- And I log in to a new session
- And GNOME has started
- And all notifications have disappeared
+ And I start Tails from DVD with network unplugged and I login
And I plug USB drive "mbr"
And I "Clone & Install" Tails to USB drive "mbr"
Then the running Tails is installed on USB drive "mbr"
@@ -299,13 +240,8 @@ Feature: Installing Tails to a USB drive, upgrading it, and using persistence
Scenario: Booting a USB drive that originally had an empty MBR partition table
Given a computer
- And the computer is set to boot from USB drive "mbr"
- And the network is unplugged
- When I start the computer
- And the computer boots Tails
- And I log in to a new session
- Then Tails seems to have booted normally
- And Tails is running from USB drive "mbr"
+ And I start Tails from USB drive "mbr" with network unplugged and I login
+ Then Tails is running from USB drive "mbr"
And the boot device has safe access rights
And there is no persistence partition on USB drive "mbr"
@@ -314,24 +250,13 @@ Feature: Installing Tails to a USB drive, upgrading it, and using persistence
Given a computer
And I create a 4 GiB disk named "isohybrid"
And I cat an ISO hybrid of the Tails image to disk "isohybrid"
- And the computer is set to boot from USB drive "isohybrid"
- And the network is unplugged
- When I start the computer
- And the computer boots Tails
- And I log in to a new session
- Then Tails seems to have booted normally
- And Tails is running from USB drive "isohybrid"
+ And I start Tails from USB drive "isohybrid" with network unplugged and I login
+ Then Tails is running from USB drive "isohybrid"
@keep_volumes
Scenario: Try upgrading but end up installing Tails to a USB drive containing a Tails isohybrid installation
Given a computer
- And the computer is set to boot from the Tails DVD
- And the network is unplugged
- And I start the computer
- When the computer boots Tails
- And I log in to a new session
- And GNOME has started
- And all notifications have disappeared
+ And I start Tails from DVD with network unplugged and I login
And I plug USB drive "isohybrid"
And I try a "Clone & Upgrade" Tails to USB drive "isohybrid"
But I am suggested to do a "Clone & Install"
@@ -343,12 +268,7 @@ Feature: Installing Tails to a USB drive, upgrading it, and using persistence
Scenario: Booting a USB drive that originally had a isohybrid installation
Given a computer
- And the computer is set to boot from USB drive "isohybrid"
- And the network is unplugged
- When I start the computer
- And the computer boots Tails
- And I log in to a new session
- Then Tails seems to have booted normally
- And Tails is running from USB drive "isohybrid"
+ And I start Tails from USB drive "isohybrid" with network unplugged and I login
+ Then Tails is running from USB drive "isohybrid"
And the boot device has safe access rights
And there is no persistence partition on USB drive "isohybrid"
diff --git a/features/windows_camouflage.feature b/features/windows_camouflage.feature
index 9b6234b..1c2fa52 100644
--- a/features/windows_camouflage.feature
+++ b/features/windows_camouflage.feature
@@ -26,9 +26,9 @@ Feature: Microsoft Windows Camouflage
And Tor is ready
And all notifications have disappeared
And available upgrades have been checked
- And I run "iceweasel"
- Then I see "WindowsIceweaselWindow.png" after at most 120 seconds
- And I see "WindowsIceweaselTaskBar.png" after at most 10 seconds
+ And I start the Tor Browser
+ Then I see "WindowsTorBrowserWindow.png" after at most 120 seconds
+ And I see "WindowsTorBrowserTaskBar.png" after at most 10 seconds
And I see "WindowsWindowButtons.png" after at most 10 seconds
Scenario: The panel menu should look like Microsoft Windows's start menu