summaryrefslogtreecommitdiffstats
path: root/features
diff options
context:
space:
mode:
authorintrigeri <intrigeri@boum.org>2016-06-01 12:41:43 +0000
committerintrigeri <intrigeri@boum.org>2016-06-01 12:41:43 +0000
commit93afa480789853f21179fd56bc9e00cab97f40c3 (patch)
tree90ad393187bdd39c972c6589c36cac7e2ddf743a /features
parent388355bd18c7ce29d7fd13a903168af9e3639e68 (diff)
parent9cb183436bf20708a358a2676ffcf7126713e60f (diff)
Merge remote-tracking branch 'origin/stable' into test/9707-power-off-after-memory-erasure
Diffstat (limited to 'features')
-rw-r--r--features/build.feature9
-rw-r--r--features/checks.feature25
-rw-r--r--features/electrum.feature3
-rw-r--r--features/encryption.feature17
-rw-r--r--features/evince.feature5
-rw-r--r--features/i2p.feature6
-rw-r--r--features/images/BrowserAddressBar.pngbin1611 -> 1760 bytes
-rw-r--r--features/images/BrowserDownloadDialog.pngbin0 -> 2442 bytes
-rw-r--r--features/images/BrowserDownloadDialogSaveAsButton.pngbin0 -> 1467 bytes
-rw-r--r--features/images/BrowserDownloadFileToDialog.pngbin0 -> 2663 bytes
-rw-r--r--features/images/BrowserPrintToFile.pngbin0 -> 1394 bytes
-rw-r--r--features/images/ElectrumConnectServer.pngbin3441 -> 3929 bytes
-rw-r--r--features/images/ElectrumSeedVerificationPrompt.pngbin0 -> 2296 bytes
-rw-r--r--features/images/ElectrumWalletSeedTextbox.pngbin230 -> 110 bytes
-rw-r--r--features/images/EvincePrintToFile.png (renamed from features/images/PrintToFile.png)bin1365 -> 1365 bytes
-rw-r--r--features/images/GnomeApplicationsElectrum.pngbin3958 -> 2927 bytes
-rw-r--r--features/images/GpgAppletIconNormal.pngbin655 -> 585 bytes
-rw-r--r--features/images/GtkTorBrowserPersistentBookmark.pngbin2022 -> 2180 bytes
-rw-r--r--features/images/GtkTorBrowserPersistentBookmarkSelected.pngbin1906 -> 2042 bytes
-rw-r--r--features/images/I2PNetworkHidden.pngbin1067 -> 1216 bytes
-rw-r--r--features/images/I2PRouterConsole.pngbin3123 -> 2890 bytes
-rw-r--r--features/images/I2PSharedClientTunnels.pngbin0 -> 2484 bytes
-rw-r--r--features/images/KeyImportedNotification.pngbin2423 -> 0 bytes
-rw-r--r--features/images/OpenWithImportKey.pngbin2254 -> 0 bytes
-rw-r--r--features/images/SupportDocumentation.pngbin2314 -> 2099 bytes
-rw-r--r--features/images/SupportDocumentationGerman.pngbin2927 -> 2629 bytes
-rw-r--r--features/images/TailsGreeterDisableAllNetworking.pngbin0 -> 2099 bytes
-rw-r--r--features/images/TorBrowserBookmarkPrompt.pngbin2273 -> 2402 bytes
-rw-r--r--features/images/TorBrowserEFFBookmark.pngbin2074 -> 1918 bytes
-rw-r--r--features/images/TorBrowserNoPlugins.pngbin3339 -> 3299 bytes
-rw-r--r--features/images/TorBrowserNoScriptTemporarilyAllowDialog.pngbin1637 -> 1619 bytes
-rw-r--r--features/images/TorBrowserOkButton.pngbin598 -> 1198 bytes
-rw-r--r--features/images/TorBrowserPrintDialog.pngbin3230 -> 828 bytes
-rw-r--r--features/images/TorBrowserPrintOutputFile.pngbin1225 -> 1298 bytes
-rw-r--r--features/images/TorBrowserPrintOutputFileSelected.pngbin1185 -> 1277 bytes
-rw-r--r--features/images/TorBrowserSaveOutputFileSelected.pngbin1558 -> 1647 bytes
-rw-r--r--features/images/TorBrowserSavedStartupPage.pngbin2121 -> 1700 bytes
-rw-r--r--features/images/TorBrowserSynapticManual.pngbin6018 -> 3010 bytes
-rw-r--r--features/images/TorBrowserTailsRoadmap.pngbin2012 -> 1078 bytes
-rw-r--r--features/images/TorBrowserUnableToConnect.pngbin3964 -> 3855 bytes
-rw-r--r--features/images/TorButtonNewIdentity.pngbin1277 -> 1244 bytes
-rw-r--r--features/images/TorLauncherBridgeList.pngbin1502 -> 1568 bytes
-rw-r--r--features/images/TorLauncherBridgePrompt.pngbin6534 -> 5163 bytes
-rw-r--r--features/images/TorLauncherConfigureButton.pngbin1615 -> 1679 bytes
-rw-r--r--features/images/TorLauncherConnectingWindow.pngbin2593 -> 2572 bytes
-rw-r--r--features/images/TorLauncherFinishButton.pngbin1003 -> 1435 bytes
-rw-r--r--features/images/TorLauncherNextButton.pngbin816 -> 1100 bytes
-rw-r--r--features/images/TorLauncherYesRadioOption.pngbin1008 -> 1069 bytes
-rw-r--r--features/images/TorStatusNotUsable.pngbin0 -> 320 bytes
-rw-r--r--features/images/TorStatusUsable.pngbin0 -> 297 bytes
-rw-r--r--features/images/UnsafeBrowserExportBookmarksButton.pngbin1844 -> 1906 bytes
-rw-r--r--features/images/UnsafeBrowserExportBookmarksMenuEntry.pngbin1006 -> 1074 bytes
-rw-r--r--features/images/UnsafeBrowserNetworkTab.pngbin1594 -> 1563 bytes
-rw-r--r--features/images/UnsafeBrowserNetworkTabAlreadySelected.pngbin1608 -> 1570 bytes
-rw-r--r--features/images/UnsafeBrowserNetworkTabSettingsButton.pngbin1571 -> 1527 bytes
-rw-r--r--features/images/UnsafeBrowserNoAddons.pngbin1976 -> 1974 bytes
-rw-r--r--features/images/UnsafeBrowserNoProxySelected.pngbin1611 -> 1550 bytes
-rw-r--r--features/images/UnsafeBrowserProxyRefused.pngbin3314 -> 3260 bytes
-rw-r--r--features/images/UnsafeBrowserProxySettingsOkButton.pngbin1005 -> 1032 bytes
-rw-r--r--features/images/UnsafeBrowserProxySettingsWindow.pngbin2793 -> 2851 bytes
-rw-r--r--features/images/UnsafeBrowserStartPage.pngbin2978 -> 2461 bytes
-rw-r--r--features/images/VidaliaMenuNewIdentity.pngbin1615 -> 0 bytes
-rw-r--r--features/images/VidaliaNewIdentityNotification.pngbin2059 -> 0 bytes
-rw-r--r--features/images/VidaliaSystrayReady.pngbin593 -> 0 bytes
-rw-r--r--features/mac_spoofing.feature2
-rw-r--r--features/persistence.feature20
-rw-r--r--features/pidgin.feature5
-rw-r--r--features/root_access_control.feature2
-rwxr-xr-xfeatures/scripts/otr-bot.py10
-rw-r--r--features/ssh.feature7
-rw-r--r--features/step_definitions/apt.rb2
-rw-r--r--features/step_definitions/browser.rb44
-rw-r--r--features/step_definitions/checks.rb16
-rw-r--r--features/step_definitions/common_steps.rb79
-rw-r--r--features/step_definitions/electrum.rb8
-rw-r--r--features/step_definitions/encryption.rb14
-rw-r--r--features/step_definitions/evince.rb8
-rw-r--r--features/step_definitions/i2p.rb25
-rw-r--r--features/step_definitions/snapshots.rb33
-rw-r--r--features/step_definitions/ssh.rb49
-rw-r--r--features/step_definitions/time_syncing.rb2
-rw-r--r--features/step_definitions/tor.rb12
-rw-r--r--features/step_definitions/torified_gnupg.rb16
-rw-r--r--features/step_definitions/unsafe_browser.rb15
-rw-r--r--features/step_definitions/usb.rb15
-rw-r--r--features/support/helpers/exec_helper.rb6
-rw-r--r--features/support/helpers/firewall_helper.rb15
-rw-r--r--features/support/helpers/sshd_helper.rb67
-rw-r--r--features/support/helpers/vm_helper.rb68
-rw-r--r--features/support/hooks.rb32
-rw-r--r--features/tor_bridges.feature1
-rw-r--r--features/torified_browsing.feature12
-rw-r--r--features/torified_gnupg.feature8
-rw-r--r--features/totem.feature4
-rw-r--r--features/usb_install.feature16
-rw-r--r--features/usb_upgrade.feature2
96 files changed, 449 insertions, 231 deletions
diff --git a/features/build.feature b/features/build.feature
index 74d314d..583a214 100644
--- a/features/build.feature
+++ b/features/build.feature
@@ -147,15 +147,6 @@ Feature: custom APT sources to build branches
Then I should see the 'feature-jessie' suite
And I should see the 'feature-7756-reintroduce-whisperback' suite
- Scenario: build from the experimental branch
- Given I am working on the experimental branch based on devel
- And config/APT_overlays.d contains 'feature-foo'
- And config/APT_overlays.d contains 'bugfix-bar'
- When I successfully run tails-custom-apt-sources
- Then I should see the 'devel' suite
- And I should see the 'feature-foo' suite
- And I should see the 'bugfix-bar' suite
-
Scenario: build from a feature branch with overlays based on devel
Given I am working on the feature/icedove branch based on devel
And config/APT_overlays.d contains 'feature-icedove'
diff --git a/features/checks.feature b/features/checks.feature
index cac1a1b..24d3594 100644
--- a/features/checks.feature
+++ b/features/checks.feature
@@ -44,11 +44,12 @@ Feature: Various checks
Scenario: No initial network
Given I have started Tails from DVD without network and logged in
And I wait between 30 and 60 seconds
+ Then the Tor Status icon tells me that Tor is not usable
When the network is plugged
- And Tor is ready
+ Then Tor is ready
+ And the Tor Status icon tells me that Tor is usable
And all notifications have disappeared
And the time has synced
- And process "vidalia" is running within 30 seconds
@fragile
Scenario: The 'Tor is ready' notification is shown when Tor has bootstrapped
@@ -84,3 +85,23 @@ Feature: Various checks
Scenario: tails-debugging-info does not leak information
Given I have started Tails from DVD without network and logged in
Then tails-debugging-info is not susceptible to symlink attacks
+
+ Scenario: Tails shuts down on DVD boot medium removal
+ Given I have started Tails from DVD without network and logged in
+ When I eject the boot medium
+ Then Tails eventually shuts down
+
+ #10720
+ @fragile
+ Scenario: Tails shuts down on USB boot medium removal
+ Given I have started Tails without network from a USB drive without a persistent partition and logged in
+ When I eject the boot medium
+ Then Tails eventually shuts down
+
+ Scenario: The Tails Greeter "disable all networking" option disables networking within Tails
+ Given I have started Tails from DVD without network and stopped at Tails Greeter's login screen
+ And I enable more Tails Greeter options
+ And I disable all networking in the Tails Greeter
+ And I log in to a new session
+ And the Tails desktop is ready
+ Then no network interfaces are enabled
diff --git a/features/electrum.feature b/features/electrum.feature
index 6810191..e4e8d74 100644
--- a/features/electrum.feature
+++ b/features/electrum.feature
@@ -25,8 +25,9 @@ Feature: Electrum Bitcoin client
When I create a new bitcoin wallet
Then a bitcoin wallet is present
And I see the main Electrum client window
+ And Electrum successfully connects to the network
And I shutdown Tails and wait for the computer to power off
- Given I start Tails from USB drive "current" and I login with persistence enabled
+ Given I start Tails from USB drive "__internal" and I login with persistence enabled
When I start Electrum through the GNOME menu
And a bitcoin wallet is present
And I see the main Electrum client window
diff --git a/features/encryption.feature b/features/encryption.feature
index 03b6d73..608af8f 100644
--- a/features/encryption.feature
+++ b/features/encryption.feature
@@ -8,22 +8,31 @@ Feature: Encryption and verification using GnuPG
Given I have started Tails from DVD without network and logged in
And I generate an OpenPGP key named "test" with password "asdf"
- Scenario: Encryption and decryption using Tails OpenPGP Applet
+ #10992
+ @fragile
+ Scenario: Encryption and decryption using OpenPGP Applet
When I type a message into gedit
And I encrypt the message using my OpenPGP key
Then I can decrypt the encrypted message
- Scenario: Signing and verification using Tails OpenPGP Applet
+ #10992
+ @fragile
+ Scenario: Signing and verification using OpenPGP Applet
When I type a message into gedit
And I sign the message using my OpenPGP key
Then I can verify the message's signature
- Scenario: Encryption/signing and decryption/verification using Tails OpenPGP Applet
+ #10991
+ @fragile
+ Scenario: Encryption/signing and decryption/verification using OpenPGP Applet
When I type a message into gedit
And I both encrypt and sign the message using my OpenPGP key
Then I can decrypt and verify the encrypted message
- Scenario: Symmetric encryption and decryption using Tails OpenPGP Applet
+ #11394
+ #11398
+ @fragile
+ Scenario: Symmetric encryption and decryption using OpenPGP Applet
When I type a message into gedit
And I symmetrically encrypt the message with password "asdf"
Then I can decrypt the encrypted message
diff --git a/features/evince.feature b/features/evince.feature
index 492c044..b413add 100644
--- a/features/evince.feature
+++ b/features/evince.feature
@@ -4,6 +4,7 @@ Feature: Using Evince
I want to view and print PDF files in Evince
And AppArmor should prevent Evince from doing dangerous things
+ #10994
@fragile
Scenario: I can view and print a PDF file stored in /usr/share
Given I have started Tails from DVD without network and logged in
@@ -11,6 +12,8 @@ Feature: Using Evince
Then I see "CupsTestPage.png" after at most 20 seconds
And I can print the current document to "/home/amnesia/output.pdf"
+ #10994
+ @fragile
Scenario: I can view and print a PDF file stored in non-persistent /home/amnesia
Given I have started Tails from DVD without network and logged in
And I copy "/usr/share/cups/data/default-testpage.pdf" to "/home/amnesia" as user "amnesia"
@@ -18,6 +21,8 @@ Feature: Using Evince
Then I see "CupsTestPage.png" after at most 20 seconds
And I can print the current document to "/home/amnesia/output.pdf"
+ #11398
+ @fragile
Scenario: I cannot view a PDF file stored in non-persistent /home/amnesia/.gnupg
Given I have started Tails from DVD without network and logged in
And I copy "/usr/share/cups/data/default-testpage.pdf" to "/home/amnesia/.gnupg" as user "amnesia"
diff --git a/features/i2p.feature b/features/i2p.feature
index bfb3eec..c899d7c 100644
--- a/features/i2p.feature
+++ b/features/i2p.feature
@@ -44,7 +44,7 @@ Feature: I2P
And the I2P router console is ready
When I start the I2P Browser through the GNOME menu
Then the I2P router console is displayed in I2P Browser
- And I2P successfully built a tunnel
+ And I see shared client tunnels in the I2P router console
When I open the address "http://i2p-projekt.i2p" in the I2P Browser
Then the I2P homepage loads in I2P Browser
@@ -60,7 +60,9 @@ Feature: I2P
Scenario: Connecting to the #i2p IRC channel with the pre-configured account
Given I have started Tails from DVD with I2P enabled and logged in and the network is connected
And the I2P router console is ready
- And I2P successfully built a tunnel
+ And I start the I2P Browser through the GNOME menu
+ And the I2P router console is displayed in I2P Browser
+ And I see shared client tunnels in the I2P router console
When I start Pidgin through the GNOME menu
Then I see Pidgin's account manager window
When I activate the "I2P" Pidgin account
diff --git a/features/images/BrowserAddressBar.png b/features/images/BrowserAddressBar.png
index 8da3af9..1b7571f 100644
--- a/features/images/BrowserAddressBar.png
+++ b/features/images/BrowserAddressBar.png
Binary files differ
diff --git a/features/images/BrowserDownloadDialog.png b/features/images/BrowserDownloadDialog.png
new file mode 100644
index 0000000..469efe5
--- /dev/null
+++ b/features/images/BrowserDownloadDialog.png
Binary files differ
diff --git a/features/images/BrowserDownloadDialogSaveAsButton.png b/features/images/BrowserDownloadDialogSaveAsButton.png
new file mode 100644
index 0000000..bd3e1c0
--- /dev/null
+++ b/features/images/BrowserDownloadDialogSaveAsButton.png
Binary files differ
diff --git a/features/images/BrowserDownloadFileToDialog.png b/features/images/BrowserDownloadFileToDialog.png
new file mode 100644
index 0000000..8f94ec2
--- /dev/null
+++ b/features/images/BrowserDownloadFileToDialog.png
Binary files differ
diff --git a/features/images/BrowserPrintToFile.png b/features/images/BrowserPrintToFile.png
new file mode 100644
index 0000000..568c315
--- /dev/null
+++ b/features/images/BrowserPrintToFile.png
Binary files differ
diff --git a/features/images/ElectrumConnectServer.png b/features/images/ElectrumConnectServer.png
index fa639be..9e587ed 100644
--- a/features/images/ElectrumConnectServer.png
+++ b/features/images/ElectrumConnectServer.png
Binary files differ
diff --git a/features/images/ElectrumSeedVerificationPrompt.png b/features/images/ElectrumSeedVerificationPrompt.png
new file mode 100644
index 0000000..6257755
--- /dev/null
+++ b/features/images/ElectrumSeedVerificationPrompt.png
Binary files differ
diff --git a/features/images/ElectrumWalletSeedTextbox.png b/features/images/ElectrumWalletSeedTextbox.png
index b04a9bb..481ce8d 100644
--- a/features/images/ElectrumWalletSeedTextbox.png
+++ b/features/images/ElectrumWalletSeedTextbox.png
Binary files differ
diff --git a/features/images/PrintToFile.png b/features/images/EvincePrintToFile.png
index d0b5297..d0b5297 100644
--- a/features/images/PrintToFile.png
+++ b/features/images/EvincePrintToFile.png
Binary files differ
diff --git a/features/images/GnomeApplicationsElectrum.png b/features/images/GnomeApplicationsElectrum.png
index fb00bb9..be497c4 100644
--- a/features/images/GnomeApplicationsElectrum.png
+++ b/features/images/GnomeApplicationsElectrum.png
Binary files differ
diff --git a/features/images/GpgAppletIconNormal.png b/features/images/GpgAppletIconNormal.png
index 0dac334..5775c4f 100644
--- a/features/images/GpgAppletIconNormal.png
+++ b/features/images/GpgAppletIconNormal.png
Binary files differ
diff --git a/features/images/GtkTorBrowserPersistentBookmark.png b/features/images/GtkTorBrowserPersistentBookmark.png
index a487495..3e3e6b7 100644
--- a/features/images/GtkTorBrowserPersistentBookmark.png
+++ b/features/images/GtkTorBrowserPersistentBookmark.png
Binary files differ
diff --git a/features/images/GtkTorBrowserPersistentBookmarkSelected.png b/features/images/GtkTorBrowserPersistentBookmarkSelected.png
index 6ad7516..ee6384c 100644
--- a/features/images/GtkTorBrowserPersistentBookmarkSelected.png
+++ b/features/images/GtkTorBrowserPersistentBookmarkSelected.png
Binary files differ
diff --git a/features/images/I2PNetworkHidden.png b/features/images/I2PNetworkHidden.png
index 99ebd45..07c8da6 100644
--- a/features/images/I2PNetworkHidden.png
+++ b/features/images/I2PNetworkHidden.png
Binary files differ
diff --git a/features/images/I2PRouterConsole.png b/features/images/I2PRouterConsole.png
index dfb67e9..32a8084 100644
--- a/features/images/I2PRouterConsole.png
+++ b/features/images/I2PRouterConsole.png
Binary files differ
diff --git a/features/images/I2PSharedClientTunnels.png b/features/images/I2PSharedClientTunnels.png
new file mode 100644
index 0000000..22b1754
--- /dev/null
+++ b/features/images/I2PSharedClientTunnels.png
Binary files differ
diff --git a/features/images/KeyImportedNotification.png b/features/images/KeyImportedNotification.png
deleted file mode 100644
index 9c54e1d..0000000
--- a/features/images/KeyImportedNotification.png
+++ /dev/null
Binary files differ
diff --git a/features/images/OpenWithImportKey.png b/features/images/OpenWithImportKey.png
deleted file mode 100644
index 27e0aa3..0000000
--- a/features/images/OpenWithImportKey.png
+++ /dev/null
Binary files differ
diff --git a/features/images/SupportDocumentation.png b/features/images/SupportDocumentation.png
index 6275f01..bccfb80 100644
--- a/features/images/SupportDocumentation.png
+++ b/features/images/SupportDocumentation.png
Binary files differ
diff --git a/features/images/SupportDocumentationGerman.png b/features/images/SupportDocumentationGerman.png
index 1cede63..24c7708 100644
--- a/features/images/SupportDocumentationGerman.png
+++ b/features/images/SupportDocumentationGerman.png
Binary files differ
diff --git a/features/images/TailsGreeterDisableAllNetworking.png b/features/images/TailsGreeterDisableAllNetworking.png
new file mode 100644
index 0000000..066598d
--- /dev/null
+++ b/features/images/TailsGreeterDisableAllNetworking.png
Binary files differ
diff --git a/features/images/TorBrowserBookmarkPrompt.png b/features/images/TorBrowserBookmarkPrompt.png
index 24cde85..9cce24f 100644
--- a/features/images/TorBrowserBookmarkPrompt.png
+++ b/features/images/TorBrowserBookmarkPrompt.png
Binary files differ
diff --git a/features/images/TorBrowserEFFBookmark.png b/features/images/TorBrowserEFFBookmark.png
index ff4a68a..e6bf815 100644
--- a/features/images/TorBrowserEFFBookmark.png
+++ b/features/images/TorBrowserEFFBookmark.png
Binary files differ
diff --git a/features/images/TorBrowserNoPlugins.png b/features/images/TorBrowserNoPlugins.png
index 287b234..597101e 100644
--- a/features/images/TorBrowserNoPlugins.png
+++ b/features/images/TorBrowserNoPlugins.png
Binary files differ
diff --git a/features/images/TorBrowserNoScriptTemporarilyAllowDialog.png b/features/images/TorBrowserNoScriptTemporarilyAllowDialog.png
index 8de70ff..b9e8448 100644
--- a/features/images/TorBrowserNoScriptTemporarilyAllowDialog.png
+++ b/features/images/TorBrowserNoScriptTemporarilyAllowDialog.png
Binary files differ
diff --git a/features/images/TorBrowserOkButton.png b/features/images/TorBrowserOkButton.png
index a9ee1d0..1d536f6 100644
--- a/features/images/TorBrowserOkButton.png
+++ b/features/images/TorBrowserOkButton.png
Binary files differ
diff --git a/features/images/TorBrowserPrintDialog.png b/features/images/TorBrowserPrintDialog.png
index f13edce..8e9aa93 100644
--- a/features/images/TorBrowserPrintDialog.png
+++ b/features/images/TorBrowserPrintDialog.png
Binary files differ
diff --git a/features/images/TorBrowserPrintOutputFile.png b/features/images/TorBrowserPrintOutputFile.png
index 4b8a142..d6aa5cf 100644
--- a/features/images/TorBrowserPrintOutputFile.png
+++ b/features/images/TorBrowserPrintOutputFile.png
Binary files differ
diff --git a/features/images/TorBrowserPrintOutputFileSelected.png b/features/images/TorBrowserPrintOutputFileSelected.png
index 158ada3..41e9599 100644
--- a/features/images/TorBrowserPrintOutputFileSelected.png
+++ b/features/images/TorBrowserPrintOutputFileSelected.png
Binary files differ
diff --git a/features/images/TorBrowserSaveOutputFileSelected.png b/features/images/TorBrowserSaveOutputFileSelected.png
index ca26b77..8de38a9 100644
--- a/features/images/TorBrowserSaveOutputFileSelected.png
+++ b/features/images/TorBrowserSaveOutputFileSelected.png
Binary files differ
diff --git a/features/images/TorBrowserSavedStartupPage.png b/features/images/TorBrowserSavedStartupPage.png
index 17cbd88..f32a0f9 100644
--- a/features/images/TorBrowserSavedStartupPage.png
+++ b/features/images/TorBrowserSavedStartupPage.png
Binary files differ
diff --git a/features/images/TorBrowserSynapticManual.png b/features/images/TorBrowserSynapticManual.png
index f8ffa3e..c25daa7 100644
--- a/features/images/TorBrowserSynapticManual.png
+++ b/features/images/TorBrowserSynapticManual.png
Binary files differ
diff --git a/features/images/TorBrowserTailsRoadmap.png b/features/images/TorBrowserTailsRoadmap.png
index 80d8976..d6c9321 100644
--- a/features/images/TorBrowserTailsRoadmap.png
+++ b/features/images/TorBrowserTailsRoadmap.png
Binary files differ
diff --git a/features/images/TorBrowserUnableToConnect.png b/features/images/TorBrowserUnableToConnect.png
index 943357d..bd6d251 100644
--- a/features/images/TorBrowserUnableToConnect.png
+++ b/features/images/TorBrowserUnableToConnect.png
Binary files differ
diff --git a/features/images/TorButtonNewIdentity.png b/features/images/TorButtonNewIdentity.png
index 143d400..ee533ee 100644
--- a/features/images/TorButtonNewIdentity.png
+++ b/features/images/TorButtonNewIdentity.png
Binary files differ
diff --git a/features/images/TorLauncherBridgeList.png b/features/images/TorLauncherBridgeList.png
index bad0810..c4981ea 100644
--- a/features/images/TorLauncherBridgeList.png
+++ b/features/images/TorLauncherBridgeList.png
Binary files differ
diff --git a/features/images/TorLauncherBridgePrompt.png b/features/images/TorLauncherBridgePrompt.png
index c224ed8..9fc5ebb 100644
--- a/features/images/TorLauncherBridgePrompt.png
+++ b/features/images/TorLauncherBridgePrompt.png
Binary files differ
diff --git a/features/images/TorLauncherConfigureButton.png b/features/images/TorLauncherConfigureButton.png
index b96a742..1acdcff 100644
--- a/features/images/TorLauncherConfigureButton.png
+++ b/features/images/TorLauncherConfigureButton.png
Binary files differ
diff --git a/features/images/TorLauncherConnectingWindow.png b/features/images/TorLauncherConnectingWindow.png
index 98d34aa..3a6af8f 100644
--- a/features/images/TorLauncherConnectingWindow.png
+++ b/features/images/TorLauncherConnectingWindow.png
Binary files differ
diff --git a/features/images/TorLauncherFinishButton.png b/features/images/TorLauncherFinishButton.png
index 6d763b5..cee5b53 100644
--- a/features/images/TorLauncherFinishButton.png
+++ b/features/images/TorLauncherFinishButton.png
Binary files differ
diff --git a/features/images/TorLauncherNextButton.png b/features/images/TorLauncherNextButton.png
index d8bc684..a6c4aac 100644
--- a/features/images/TorLauncherNextButton.png
+++ b/features/images/TorLauncherNextButton.png
Binary files differ
diff --git a/features/images/TorLauncherYesRadioOption.png b/features/images/TorLauncherYesRadioOption.png
index 1c2a772..6d3df76 100644
--- a/features/images/TorLauncherYesRadioOption.png
+++ b/features/images/TorLauncherYesRadioOption.png
Binary files differ
diff --git a/features/images/TorStatusNotUsable.png b/features/images/TorStatusNotUsable.png
new file mode 100644
index 0000000..9aa534f
--- /dev/null
+++ b/features/images/TorStatusNotUsable.png
Binary files differ
diff --git a/features/images/TorStatusUsable.png b/features/images/TorStatusUsable.png
new file mode 100644
index 0000000..92f575a
--- /dev/null
+++ b/features/images/TorStatusUsable.png
Binary files differ
diff --git a/features/images/UnsafeBrowserExportBookmarksButton.png b/features/images/UnsafeBrowserExportBookmarksButton.png
index b568dc3..964e339 100644
--- a/features/images/UnsafeBrowserExportBookmarksButton.png
+++ b/features/images/UnsafeBrowserExportBookmarksButton.png
Binary files differ
diff --git a/features/images/UnsafeBrowserExportBookmarksMenuEntry.png b/features/images/UnsafeBrowserExportBookmarksMenuEntry.png
index fdea806..a996e1f 100644
--- a/features/images/UnsafeBrowserExportBookmarksMenuEntry.png
+++ b/features/images/UnsafeBrowserExportBookmarksMenuEntry.png
Binary files differ
diff --git a/features/images/UnsafeBrowserNetworkTab.png b/features/images/UnsafeBrowserNetworkTab.png
index 743982c..2c6c0ef 100644
--- a/features/images/UnsafeBrowserNetworkTab.png
+++ b/features/images/UnsafeBrowserNetworkTab.png
Binary files differ
diff --git a/features/images/UnsafeBrowserNetworkTabAlreadySelected.png b/features/images/UnsafeBrowserNetworkTabAlreadySelected.png
index 92139b7..6ad4531 100644
--- a/features/images/UnsafeBrowserNetworkTabAlreadySelected.png
+++ b/features/images/UnsafeBrowserNetworkTabAlreadySelected.png
Binary files differ
diff --git a/features/images/UnsafeBrowserNetworkTabSettingsButton.png b/features/images/UnsafeBrowserNetworkTabSettingsButton.png
index 414cf7a..ba25ea8 100644
--- a/features/images/UnsafeBrowserNetworkTabSettingsButton.png
+++ b/features/images/UnsafeBrowserNetworkTabSettingsButton.png
Binary files differ
diff --git a/features/images/UnsafeBrowserNoAddons.png b/features/images/UnsafeBrowserNoAddons.png
index 24e1baa..75c426d 100644
--- a/features/images/UnsafeBrowserNoAddons.png
+++ b/features/images/UnsafeBrowserNoAddons.png
Binary files differ
diff --git a/features/images/UnsafeBrowserNoProxySelected.png b/features/images/UnsafeBrowserNoProxySelected.png
index d28dae1..19a6415 100644
--- a/features/images/UnsafeBrowserNoProxySelected.png
+++ b/features/images/UnsafeBrowserNoProxySelected.png
Binary files differ
diff --git a/features/images/UnsafeBrowserProxyRefused.png b/features/images/UnsafeBrowserProxyRefused.png
index c0d84d4..f8233a0 100644
--- a/features/images/UnsafeBrowserProxyRefused.png
+++ b/features/images/UnsafeBrowserProxyRefused.png
Binary files differ
diff --git a/features/images/UnsafeBrowserProxySettingsOkButton.png b/features/images/UnsafeBrowserProxySettingsOkButton.png
index 84b23b4..251ceb8 100644
--- a/features/images/UnsafeBrowserProxySettingsOkButton.png
+++ b/features/images/UnsafeBrowserProxySettingsOkButton.png
Binary files differ
diff --git a/features/images/UnsafeBrowserProxySettingsWindow.png b/features/images/UnsafeBrowserProxySettingsWindow.png
index cda8689..9013ccf 100644
--- a/features/images/UnsafeBrowserProxySettingsWindow.png
+++ b/features/images/UnsafeBrowserProxySettingsWindow.png
Binary files differ
diff --git a/features/images/UnsafeBrowserStartPage.png b/features/images/UnsafeBrowserStartPage.png
index 67a9923..5ec183f 100644
--- a/features/images/UnsafeBrowserStartPage.png
+++ b/features/images/UnsafeBrowserStartPage.png
Binary files differ
diff --git a/features/images/VidaliaMenuNewIdentity.png b/features/images/VidaliaMenuNewIdentity.png
deleted file mode 100644
index 30b253b..0000000
--- a/features/images/VidaliaMenuNewIdentity.png
+++ /dev/null
Binary files differ
diff --git a/features/images/VidaliaNewIdentityNotification.png b/features/images/VidaliaNewIdentityNotification.png
deleted file mode 100644
index 6b43da6..0000000
--- a/features/images/VidaliaNewIdentityNotification.png
+++ /dev/null
Binary files differ
diff --git a/features/images/VidaliaSystrayReady.png b/features/images/VidaliaSystrayReady.png
deleted file mode 100644
index 73d251f..0000000
--- a/features/images/VidaliaSystrayReady.png
+++ /dev/null
Binary files differ
diff --git a/features/mac_spoofing.feature b/features/mac_spoofing.feature
index cdd1ca1..5777372 100644
--- a/features/mac_spoofing.feature
+++ b/features/mac_spoofing.feature
@@ -50,6 +50,8 @@ Feature: Spoofing MAC addresses
Then no network interfaces are enabled
And the real MAC address was not leaked
+ #10774
+ @fragile
Scenario: MAC address spoofing fails and the module is not removed
Given macchanger will fail by not spoofing and always returns true
And no network interface modules can be unloaded
diff --git a/features/persistence.feature b/features/persistence.feature
index d16ee29..13f0af7 100644
--- a/features/persistence.feature
+++ b/features/persistence.feature
@@ -8,13 +8,13 @@ Feature: Tails persistence
Given I have started Tails without network from a USB drive with a persistent partition and stopped at Tails Greeter's login screen
When I log in to a new session
Then Tails seems to have booted normally
- And Tails is running from USB drive "current"
+ And Tails is running from USB drive "__internal"
And persistence is disabled
- But a Tails persistence partition exists on USB drive "current"
+ But a Tails persistence partition exists on USB drive "__internal"
Scenario: Booting Tails from a USB drive with an enabled persistent partition
Given I have started Tails without network from a USB drive with a persistent partition enabled and logged in
- Then Tails is running from USB drive "current"
+ Then Tails is running from USB drive "__internal"
And all persistence presets are enabled
And all persistent directories have safe access rights
@@ -28,11 +28,11 @@ Feature: Tails persistence
And I add a wired DHCP NetworkManager connection called "persistent-con"
And I shutdown Tails and wait for the computer to power off
# XXX: The next step succeeds (and the --debug output confirms that it's actually looking for the files) but will fail in a subsequent scenario restoring the same snapshot. This exactly what we want, but why does it work? What is guestfs's behaviour when qcow2 internal snapshots are involved?
- Then only the expected files are present on the persistence partition on USB drive "current"
- Given I start Tails from USB drive "current" with network unplugged and I login with read-only persistence enabled
+ Then only the expected files are present on the persistence partition on USB drive "__internal"
+ Given I start Tails from USB drive "__internal" with network unplugged and I login with read-only persistence enabled
And the network is plugged
And Tor is ready
- Then Tails is running from USB drive "current"
+ Then Tails is running from USB drive "__internal"
And the boot device has safe access rights
And all persistence presets are enabled
And I switch to the "persistent-con" NetworkManager connection
@@ -41,15 +41,15 @@ Feature: Tails persistence
And I remove some files expected to persist
And I take note of which persistence presets are available
And I shutdown Tails and wait for the computer to power off
- Then only the expected files are present on the persistence partition on USB drive "current"
+ Then only the expected files are present on the persistence partition on USB drive "__internal"
Scenario: Deleting a Tails persistent partition
Given I have started Tails without network from a USB drive with a persistent partition and stopped at Tails Greeter's login screen
And I log in to a new session
- Then Tails is running from USB drive "current"
+ Then Tails is running from USB drive "__internal"
And the boot device has safe access rights
And persistence is disabled
- But a Tails persistence partition exists on USB drive "current"
+ But a Tails persistence partition exists on USB drive "__internal"
And all notifications have disappeared
When I delete the persistent partition
- Then there is no persistence partition on USB drive "current"
+ Then there is no persistence partition on USB drive "__internal"
diff --git a/features/pidgin.feature b/features/pidgin.feature
index ff12ab1..cbfddbe 100644
--- a/features/pidgin.feature
+++ b/features/pidgin.feature
@@ -67,7 +67,8 @@ Feature: Chatting anonymously using Pidgin
When I type "/topic"
And I press the "ENTER" key
Then I see the Tails roadmap URL
- When I click on the Tails roadmap URL
+ When I wait 10 seconds
+ And I click on the Tails roadmap URL
Then the Tor Browser has started and loaded the Tails roadmap
And the "irc.oftc.net" account only responds to PING and VERSION CTCP requests
@@ -108,7 +109,7 @@ Feature: Chatting anonymously using Pidgin
# And I take note of the OTR key for Pidgin's "irc.oftc.net" account
And I shutdown Tails and wait for the computer to power off
Given a computer
- And I start Tails from USB drive "current" and I login with persistence enabled
+ And I start Tails from USB drive "__internal" and I login with persistence enabled
And Pidgin has the expected persistent accounts configured
# And Pidgin has the expected persistent OTR keys
When I start Pidgin through the GNOME menu
diff --git a/features/root_access_control.feature b/features/root_access_control.feature
index 3fbd9e5..8ceb816 100644
--- a/features/root_access_control.feature
+++ b/features/root_access_control.feature
@@ -22,6 +22,8 @@ Feature: Root access control enforcement
And running a command as root with pkexec requires PolicyKit administrator privileges
Then I should be able to run a command as root with pkexec
+ #11398
+ @fragile
Scenario: If no administrative password is set in Tails Greeter the live user should not be able to get administrative privileges through PolicyKit with the standard passwords.
Given I have started Tails from DVD without network and logged in
And running a command as root with pkexec requires PolicyKit administrator privileges
diff --git a/features/scripts/otr-bot.py b/features/scripts/otr-bot.py
index 0afd15a..1880797 100755
--- a/features/scripts/otr-bot.py
+++ b/features/scripts/otr-bot.py
@@ -102,8 +102,8 @@ class OtrBot(jabberbot.JabberBot):
# Wrap OTR encryption around Jabberbot's most low-level method for
# sending messages.
def send_message(self, mess):
- body = str(mess.getBody())
- user = str(mess.getTo().getStripped())
+ body = mess.getBody().encode('utf-8')
+ user = mess.getTo().getStripped().encode('utf-8')
otrctx = self.__otr_manager.get_context_for_user(user)
if otrctx.state == potr.context.STATE_ENCRYPTED:
otrctx.sendMessage(potr.context.FRAGMENT_SEND_ALL, body,
@@ -113,8 +113,8 @@ class OtrBot(jabberbot.JabberBot):
# Wrap OTR decryption around Jabberbot's callback mechanism.
def callback_message(self, conn, mess):
- body = str(mess.getBody())
- user = str(mess.getFrom().getStripped())
+ body = mess.getBody().encode('utf-8')
+ user = mess.getFrom().getStripped().encode('utf-8')
otrctx = self.__otr_manager.get_context_for_user(user)
if mess.getType() == "chat":
try:
@@ -172,7 +172,7 @@ class OtrBot(jabberbot.JabberBot):
"""Make me gracefully end the OTR session if there is one"""
if mess.getType() == "groupchat":
return
- user = str(mess.getFrom().getStripped())
+ user = mess.getFrom().getStripped().encode('utf-8')
self.__otr_manager.get_context_for_user(user).disconnect(appdata =
self.__otr_appdata_for_mess(mess.buildReply()))
return ""
diff --git a/features/ssh.feature b/features/ssh.feature
index 76ffaf2..8528999 100644
--- a/features/ssh.feature
+++ b/features/ssh.feature
@@ -17,6 +17,13 @@ Feature: Logging in via SSH
Then I have sucessfully logged into the SSH server
@check_tor_leaks
+ Scenario: Connecting to an SSH server on the LAN
+ Given I have the SSH key pair for an SSH server
+ And an SSH server is running on the LAN
+ When I connect to an SSH server on the LAN
+ Then I am prompted to verify the SSH fingerprint for the SSH server
+
+ @check_tor_leaks
Scenario: Connecting to an SFTP server on the Internet using the GNOME "Connect to Server" feature
Given I have the SSH key pair for an SFTP server
When I connect to an SFTP server on the Internet
diff --git a/features/step_definitions/apt.rb b/features/step_definitions/apt.rb
index e8805f5..c69d259 100644
--- a/features/step_definitions/apt.rb
+++ b/features/step_definitions/apt.rb
@@ -45,7 +45,7 @@ Then /^I should be able to install a package using Synaptic$/ do
@screen.wait_and_click('SynapticApplyButton.png', 10)
@screen.wait('SynapticApplyPrompt.png', 60)
@screen.type(Sikuli::Key.ENTER)
- @screen.wait('SynapticChangesAppliedPrompt.png', 120)
+ @screen.wait('SynapticChangesAppliedPrompt.png', 240)
step "package \"#{package}\" is installed"
end
diff --git a/features/step_definitions/browser.rb b/features/step_definitions/browser.rb
index 4359423..84ef1d3 100644
--- a/features/step_definitions/browser.rb
+++ b/features/step_definitions/browser.rb
@@ -35,6 +35,7 @@ def xul_application_info(application)
'echo ${TBB_INSTALL}/firefox', :libs => 'tor-browser'
).stdout.chomp
address_bar_image = "BrowserAddressBar.png"
+ unused_tbb_libs = ['libnssdbm3.so']
case application
when "Tor Browser"
user = LIVE_USER
@@ -53,10 +54,18 @@ def xul_application_info(application)
new_tab_button_image = "I2PBrowserNewTabButton.png"
when "Tor Launcher"
user = "tor-launcher"
- cmd_regex = "#{binary} -app /home/#{user}/\.tor-launcher/tor-launcher-standalone/application\.ini"
+ # We do not enable AppArmor confinement for the Tor Launcher.
+ binary = "#{binary}-unconfined"
+ tor_launcher_install = $vm.execute_successfully(
+ 'echo ${TOR_LAUNCHER_INSTALL}', :libs => 'tor-browser'
+ ).stdout.chomp
+ cmd_regex = "#{binary}\s+-app #{tor_launcher_install}/application\.ini.*"
chroot = ""
new_tab_button_image = nil
address_bar_image = nil
+ # The standalone Tor Launcher uses fewer libs than the full
+ # browser.
+ unused_tbb_libs.concat(["libfreebl3.so", "libnssckbi.so", "libsoftokn3.so"])
else
raise "Invalid browser or XUL application: #{application}"
end
@@ -66,6 +75,7 @@ def xul_application_info(application)
:chroot => chroot,
:new_tab_button_image => new_tab_button_image,
:address_bar_image => address_bar_image,
+ :unused_tbb_libs => unused_tbb_libs,
}
end
@@ -80,7 +90,9 @@ When /^I open the address "([^"]*)" in the (.*)$/ do |address, browser|
info = xul_application_info(browser)
open_address = Proc.new do
@screen.click(info[:address_bar_image])
- sleep 0.5
+ # This static here since we have no reliable visual indicators
+ # that we can watch to know when typing is "safe".
+ sleep 5
# The browser sometimes loses keypresses when suggestions are
# shown, which we work around by pasting the address from the
# clipboard, in one go.
@@ -106,8 +118,7 @@ Then /^the (.*) has no plugins installed$/ do |browser|
step "I see \"TorBrowserNoPlugins.png\" after at most 30 seconds"
end
-def xul_app_shared_lib_check(pid, chroot)
- expected_absent_tbb_libs = ['libnssdbm3.so']
+def xul_app_shared_lib_check(pid, chroot, expected_absent_tbb_libs = [])
absent_tbb_libs = []
unwanted_native_libs = []
tbb_libs = $vm.execute_successfully("ls -1 #{chroot}${TBB_INSTALL}/*.so",
@@ -139,7 +150,7 @@ Then /^the (.*) uses all expected TBB shared libraries$/ do |application|
info = xul_application_info(application)
pid = $vm.execute_successfully("pgrep --uid #{info[:user]} --full --exact '#{info[:cmd_regex]}'").stdout.chomp
assert(/\A\d+\z/.match(pid), "It seems like #{application} is not running")
- xul_app_shared_lib_check(pid, info[:chroot])
+ xul_app_shared_lib_check(pid, info[:chroot], info[:unused_tbb_libs])
end
Then /^the (.*) chroot is torn down$/ do |browser|
@@ -159,3 +170,26 @@ Then /^the (.*) runs as the expected user$/ do |browser|
"pgrep --uid #{info[:user]} --full --exact '#{info[:cmd_regex]}'"),
"The #{browser} is not running as the #{info[:user]} user")
end
+
+When /^I download some file in the Tor Browser$/ do
+ @some_file = 'tails-signing.key'
+ some_url = "https://tails.boum.org/#{@some_file}"
+ step "I open the address \"#{some_url}\" in the Tor Browser"
+end
+
+Then /^I get the browser download dialog$/ do
+ @screen.wait('BrowserDownloadDialog.png', 60)
+ @screen.wait('BrowserDownloadDialogSaveAsButton.png', 10)
+end
+
+When /^I save the file to the default Tor Browser download directory$/ do
+ @screen.click('BrowserDownloadDialogSaveAsButton.png')
+ @screen.wait('BrowserDownloadFileToDialog.png', 10)
+ @screen.type(Sikuli::Key.ENTER)
+end
+
+Then /^the file is saved to the default Tor Browser download directory$/ do
+ assert_not_nil(@some_file)
+ expected_path = "/home/#{LIVE_USER}/Tor Browser/#{@some_file}"
+ try_for(10) { $vm.file_exist?(expected_path) }
+end
diff --git a/features/step_definitions/checks.rb b/features/step_definitions/checks.rb
index 2a973ad..423b839 100644
--- a/features/step_definitions/checks.rb
+++ b/features/step_definitions/checks.rb
@@ -191,7 +191,7 @@ Then /^the running process "(.+)" is confined with AppArmor in (complain|enforce
assert($vm.has_process?(process), "Process #{process} not running.")
pid = $vm.pidof(process)[0]
end
- assert(mode, get_apparmor_status(pid))
+ assert_equal(mode, get_apparmor_status(pid))
end
Then /^the running process "(.+)" is confined with Seccomp in (filter|strict) mode$/ do |process,mode|
@@ -236,3 +236,17 @@ Then /^tails-debugging-info is not susceptible to symlink attacks$/ do
$vm.execute_successfully("echo > #{debug_file}")
end
end
+
+When /^I disable all networking in the Tails Greeter$/ do
+ begin
+ @screen.click('TailsGreeterDisableAllNetworking.png')
+ rescue FindFailed
+ @screen.type(Sikuli::Key.PAGE_DOWN)
+ @screen.click('TailsGreeterDisableAllNetworking.png')
+ end
+end
+
+Then /^the Tor Status icon tells me that Tor is( not)? usable$/ do |not_usable|
+ picture = not_usable ? 'TorStatusNotUsable' : 'TorStatusUsable'
+ @screen.find("#{picture}.png")
+end
diff --git a/features/step_definitions/common_steps.rb b/features/step_definitions/common_steps.rb
index bb09f70..b17ff5b 100644
--- a/features/step_definitions/common_steps.rb
+++ b/features/step_definitions/common_steps.rb
@@ -335,8 +335,6 @@ end
Given /^the Tails desktop is ready$/ do
desktop_started_picture = "GnomeApplicationsMenu#{@language}.png"
# We wait for the Florence icon to be displayed to ensure reliable systray icon clicking.
- # By this point the only icon left is Vidalia and it will not cause the other systray
- # icons to shift positions.
@screen.wait("GnomeSystrayFlorence.png", 180)
@screen.wait(desktop_started_picture, 180)
# Disable screen blanking since we sometimes need to wait long
@@ -468,9 +466,12 @@ Given /^I enter the "([^"]*)" password in the pkexec prompt$/ do |password|
deal_with_polkit_prompt('PolicyKitAuthPrompt.png', password)
end
-Given /^process "([^"]+)" is running$/ do |process|
- assert($vm.has_process?(process),
- "Process '#{process}' is not running")
+Given /^process "([^"]+)" is (not )?running$/ do |process, not_running|
+ if not_running
+ assert(!$vm.has_process?(process), "Process '#{process}' is running")
+ else
+ assert($vm.has_process?(process), "Process '#{process}' is not running")
+ end
end
Given /^process "([^"]+)" is running within (\d+) seconds$/ do |process, time|
@@ -487,11 +488,6 @@ Given /^process "([^"]+)" has stopped running after at most (\d+) seconds$/ do |
end
end
-Given /^process "([^"]+)" is not running$/ do |process|
- assert(!$vm.has_process?(process),
- "Process '#{process}' is running")
-end
-
Given /^I kill the process "([^"]+)"$/ do |process|
$vm.execute("killall #{process}")
try_for(10, :msg => "Process '#{process}' could not be killed") {
@@ -600,7 +596,7 @@ When /^I start and focus GNOME Terminal$/ do
end
When /^I run "([^"]+)" in GNOME Terminal$/ do |command|
- if !$vm.has_process?("gnome-terminal")
+ if !$vm.has_process?("gnome-terminal-server")
step "I start and focus GNOME Terminal"
else
@screen.wait_and_click('GnomeTerminalWindow.png', 20)
@@ -811,23 +807,19 @@ When /^I can print the current page as "([^"]+[.]pdf)" to the (default downloads
output_dir = "/home/#{LIVE_USER}/Tor Browser"
end
@screen.type("p", Sikuli::KeyModifier.CTRL)
- @screen.wait("TorBrowserPrintDialog.png", 10)
- @screen.wait_and_click("PrintToFile.png", 10)
+ @screen.wait("TorBrowserPrintDialog.png", 20)
+ @screen.wait_and_click("BrowserPrintToFile.png", 10)
@screen.wait_and_double_click("TorBrowserPrintOutputFile.png", 10)
@screen.hide_cursor
@screen.wait("TorBrowserPrintOutputFileSelected.png", 10)
# Only the file's basename is selected by double-clicking,
# so we type only the desired file's basename to replace it
@screen.type(output_dir + '/' + output_file.sub(/[.]pdf$/, '') + Sikuli::Key.ENTER)
- try_for(120, :msg => "The page was not printed to #{output_dir}/#{output_file}") {
+ try_for(30, :msg => "The page was not printed to #{output_dir}/#{output_file}") {
$vm.file_exist?("#{output_dir}/#{output_file}")
}
end
-When /^I accept to import the key with Seahorse$/ do
- @screen.wait_and_click("TorBrowserOkButton.png", 10)
-end
-
Given /^a web server is running on the LAN$/ do
web_server_ip_addr = $vmnet.bridge_ip_addr
web_server_port = 8000
@@ -880,38 +872,6 @@ When /^I open a page on the LAN web server in the (.*)$/ do |browser|
step "I open the address \"#{@web_server_url}\" in the #{browser}"
end
-def force_new_tor_circuit(with_vidalia=nil)
- debug_log("Forcing new Tor circuit...")
- if with_vidalia
- begin
- step 'process "vidalia" is running'
- rescue Test::Unit::AssertionFailedError
- debug_log("Vidalia was not running. Attempting to start Vidalia...")
- $vm.spawn('restart-vidalia')
- step 'process "vidalia" is running within 15 seconds'
- end
- # Sometimes Sikuli gets confused and recognizes the yellow-colored vidalia systray
- # icon as the green one. This has been seen when Vidalia needed to be
- # restarted in the above 'begin' block.
- #
- # try_for is used here for that reason, otherwise this step may fail
- # because sikuli presumaturely right-clicked the Vidalia icon and the 'New
- # Identity' option isn't clickable yet..
- try_for(3 * 60) do
- # Let's be *sure* that vidalia is still running. I'd hate to spend up to
- # three minutes waiting for an icon that isn't there because Vidalia, for
- # whatever reason, is no longer running...
- step 'process "vidalia" is running'
- @screen.wait_and_right_click('VidaliaSystrayReady.png', 10)
- @screen.wait_and_click('VidaliaMenuNewIdentity.png', 10)
- end
- @screen.wait('VidaliaNewIdentityNotification.png', 20)
- @screen.waitVanish('VidaliaNewIdentityNotification.png', 60)
- else
- $vm.execute_successfully('tor_control_send "signal NEWNYM"', :libs => 'tor')
- end
-end
-
Given /^I wait (?:between (\d+) and )?(\d+) seconds$/ do |min, max|
if min
time = rand(max.to_i - min.to_i + 1) + min.to_i
@@ -960,6 +920,21 @@ When /^AppArmor has (not )?denied "([^"]+)" from opening "([^"]+)"(?: after at m
end
end
-Then /^I force Tor to use a new circuit( in Vidalia)?$/ do |with_vidalia|
- force_new_tor_circuit(with_vidalia)
+Then /^I force Tor to use a new circuit$/ do
+ debug_log("Forcing new Tor circuit...")
+ $vm.execute_successfully('tor_control_send "signal NEWNYM"', :libs => 'tor')
+end
+
+When /^I eject the boot medium$/ do
+ dev = boot_device
+ dev_type = device_info(dev)['ID_TYPE']
+ case dev_type
+ when 'cd'
+ $vm.remove_cdrom
+ when 'disk'
+ boot_disk_name = $vm.disk_name(dev)
+ $vm.unplug_drive(boot_disk_name)
+ else
+ raise "Unsupported medium type '#{dev_type}' for boot device '#{dev}'"
+ end
end
diff --git a/features/step_definitions/electrum.rb b/features/step_definitions/electrum.rb
index f52d978..f18e838 100644
--- a/features/step_definitions/electrum.rb
+++ b/features/step_definitions/electrum.rb
@@ -21,9 +21,11 @@ When /^I create a new bitcoin wallet$/ do
@screen.wait_and_click("ElectrumWalletSeedTextbox.png", 15)
@screen.type('a', Sikuli::KeyModifier.CTRL) # select wallet seed
@screen.type('c', Sikuli::KeyModifier.CTRL) # copy seed to clipboard
+ seed = $vm.get_clipboard
@screen.wait_and_click("ElectrumNextButton.png", 15)
- @screen.wait("ElectrumWalletSeedTextbox.png", 15)
- @screen.type('v', Sikuli::KeyModifier.CTRL) # Confirm seed
+ @screen.wait("ElectrumSeedVerificationPrompt.png", 15)
+ @screen.click("ElectrumWalletSeedTextbox.png", 15)
+ @screen.type(seed) # Confirm seed
@screen.wait_and_click("ElectrumNextButton.png", 10)
@screen.wait_and_click("ElectrumEncryptWallet.png", 10)
@screen.type("asdf" + Sikuli::Key.TAB) # set password
@@ -47,5 +49,5 @@ Then /^I see the main Electrum client window$/ do
end
Then /^Electrum successfully connects to the network$/ do
- @screen.wait('ElectrumStatus.png', 180)
+ @screen.wait('ElectrumStatus.png', 180)
end
diff --git a/features/step_definitions/encryption.rb b/features/step_definitions/encryption.rb
index 2b49e03..9f7f1b9 100644
--- a/features/step_definitions/encryption.rb
+++ b/features/step_definitions/encryption.rb
@@ -34,14 +34,20 @@ end
When /^I type a message into gedit$/ do
step 'I start "Gedit" via the GNOME "Accessories" applications menu'
@screen.wait_and_click("GeditWindow.png", 20)
- sleep 0.5
+ # We don't have a good visual indicator for when we can continue. Without the
+ # sleep we may start typing in the gedit window far too soon, causing
+ # keystrokes to go missing.
+ sleep 5
@screen.type("ATTACK AT DAWN")
end
def maybe_deal_with_pinentry
begin
@screen.wait_and_click("PinEntryPrompt.png", 10)
- sleep 1
+ # Without this sleep here (and reliable visual indicators) we can sometimes
+ # miss keystrokes by typing too soon. This sleep prevents this problem from
+ # coming up.
+ sleep 5
@screen.type(@passphrase + Sikuli::Key.ENTER)
rescue FindFailed
# The passphrase was cached or we wasn't prompted at all (e.g. when
@@ -63,7 +69,9 @@ def encrypt_sign_helper
gedit_copy_all_text
seahorse_menu_click_helper('GpgAppletIconNormal.png', 'GpgAppletSignEncrypt.png')
@screen.wait_and_click("GpgAppletChooseKeyWindow.png", 30)
- sleep 0.5
+ # We don't have a good visual indicator for when we can continue without
+ # keystrokes being lost.
+ sleep 5
yield
maybe_deal_with_pinentry
paste_into_a_new_tab
diff --git a/features/step_definitions/evince.rb b/features/step_definitions/evince.rb
index 5ee73fe..9411ac4 100644
--- a/features/step_definitions/evince.rb
+++ b/features/step_definitions/evince.rb
@@ -5,12 +5,14 @@ end
Then /^I can print the current document to "([^"]+)"$/ do |output_file|
@screen.type("p", Sikuli::KeyModifier.CTRL)
@screen.wait("EvincePrintDialog.png", 10)
- @screen.wait_and_click("PrintToFile.png", 10)
+ @screen.wait_and_click("EvincePrintToFile.png", 10)
@screen.wait_and_click("EvincePrintOutputFileButton.png", 10)
@screen.wait("EvincePrintFileDialog.png", 10)
# Only the file's basename is selected by double-clicking,
# so we type only the desired file's basename to replace it
- @screen.type(output_file.sub(/[.]pdf$/, '') + Sikuli::Key.ENTER)
+ $vm.set_clipboard(output_file.sub(/[.]pdf$/, ''))
+ @screen.type('v', Sikuli::KeyModifier.CTRL)
+ @screen.type(Sikuli::Key.ENTER)
@screen.wait_and_click("EvincePrintButton.png", 10)
try_for(10, :msg => "The document was not printed to #{output_file}") {
$vm.file_exist?(output_file)
@@ -19,5 +21,5 @@ end
When /^I close Evince$/ do
@screen.type("w", Sikuli::KeyModifier.CTRL)
- step 'process "evince" has stopped running after at most 10 seconds'
+ step 'process "evince" has stopped running after at most 20 seconds'
end
diff --git a/features/step_definitions/i2p.rb b/features/step_definitions/i2p.rb
index a17cac3..21ddac2 100644
--- a/features/step_definitions/i2p.rb
+++ b/features/step_definitions/i2p.rb
@@ -1,9 +1,9 @@
Given /^I2P is (?:still )?(not )?running$/ do |notrunning|
if notrunning
- !$vm.execute('service i2p status').success?
+ !$vm.execute('systemctl --quiet is-active i2p').success?
else
- try_for(30) do
- $vm.execute('service i2p status').success?
+ try_for(60) do
+ $vm.execute('systemctl --quiet is-active i2p').success?
end
end
end
@@ -61,12 +61,19 @@ end
Then /^the I2P homepage loads in I2P Browser$/ do
recovery_on_failure = Proc.new do
$vm.focus_window('I2P Browser')
- @screen.type(Sikuli::Key.ESC)
- @screen.click('BrowserReloadButton.png')
+ begin
+ @screen.click('BrowserReloadButton.png')
+ rescue FindFailed
+ @screen.type(Sikuli::Key.ESC)
+ @screen.click('BrowserReloadButton.png')
+ end
end
retry_i2p(recovery_on_failure) do
$vm.focus_window('I2P Browser')
- @screen.wait('I2PBrowserProjectHomepage.png', 80)
+ visible, _ = @screen.waitAny(['I2PBrowserProjectHomepage.png', 'BrowserReloadButton.png'], 120)
+ unless visible == 'I2PBrowserProjectHomepage.png'
+ raise "Did not find 'I2PBrowserProjectHomepage.png'"
+ end
end
end
@@ -74,10 +81,8 @@ Then /^I see a notification that I2P failed to start$/ do
robust_notification_wait('I2PFailedToStart.png', 2 * 60)
end
-Then /^I2P successfully built a tunnel$/ do
- try_for(7 * 60) do
- $vm.execute('i2p_built_a_tunnel', :libs => 'i2p').success?
- end
+Then /^I see shared client tunnels in the I2P router console$/ do
+ @screen.wait('I2PSharedClientTunnels.png', 15 * 60)
end
Then /^I see a notification that I2P is not ready$/ do
diff --git a/features/step_definitions/snapshots.rb b/features/step_definitions/snapshots.rb
index e757d34..0e9ae3b 100644
--- a/features/step_definitions/snapshots.rb
+++ b/features/step_definitions/snapshots.rb
@@ -101,33 +101,40 @@ def checkpoints
:description => "I have started Tails without network from a USB drive without a persistent partition and stopped at Tails Greeter's login screen",
:parent_checkpoint => 'no-network-logged-in',
:steps => [
- 'I create a 4 GiB disk named "current"',
- 'I plug USB drive "current"',
- 'I "Clone & Install" Tails to USB drive "current"',
- 'the running Tails is installed on USB drive "current"',
- 'there is no persistence partition on USB drive "current"',
+ 'I create a 4 GiB disk named "__internal"',
+ 'I plug USB drive "__internal"',
+ 'I "Clone & Install" Tails to USB drive "__internal"',
+ 'the running Tails is installed on USB drive "__internal"',
+ 'there is no persistence partition on USB drive "__internal"',
'I shutdown Tails and wait for the computer to power off',
- 'I start Tails from USB drive "current" with network unplugged',
+ 'I start Tails from USB drive "__internal" with network unplugged',
'the boot device has safe access rights',
- 'Tails is running from USB drive "current"',
- 'there is no persistence partition on USB drive "current"',
+ 'Tails is running from USB drive "__internal"',
+ 'there is no persistence partition on USB drive "__internal"',
'process "udev-watchdog" is running',
'udev-watchdog is monitoring the correct device',
],
},
- 'usb-install-with-persistence-tails-greeter' => {
- :description => "I have started Tails without network from a USB drive with a persistent partition and stopped at Tails Greeter's login screen",
+ 'usb-install-logged-in' => {
+ :description => "I have started Tails without network from a USB drive without a persistent partition and logged in",
:parent_checkpoint => 'usb-install-tails-greeter',
:steps => [
'I log in to a new session',
'the Tails desktop is ready',
+ ],
+ },
+
+ 'usb-install-with-persistence-tails-greeter' => {
+ :description => "I have started Tails without network from a USB drive with a persistent partition and stopped at Tails Greeter's login screen",
+ :parent_checkpoint => 'usb-install-logged-in',
+ :steps => [
'I create a persistent partition',
- 'a Tails persistence partition exists on USB drive "current"',
+ 'a Tails persistence partition exists on USB drive "__internal"',
'I shutdown Tails and wait for the computer to power off',
- 'I start Tails from USB drive "current" with network unplugged',
+ 'I start Tails from USB drive "__internal" with network unplugged',
'the boot device has safe access rights',
- 'Tails is running from USB drive "current"',
+ 'Tails is running from USB drive "__internal"',
'process "udev-watchdog" is running',
'udev-watchdog is monitoring the correct device',
],
diff --git a/features/step_definitions/ssh.rb b/features/step_definitions/ssh.rb
index 2ff4861..038b297 100644
--- a/features/step_definitions/ssh.rb
+++ b/features/step_definitions/ssh.rb
@@ -1,3 +1,12 @@
+require 'socket'
+
+def assert_not_ipaddr(s)
+ err_msg = "'#{s}' looks like a LAN IP address."
+ assert_raise(IPAddr::InvalidAddressError, err_msg) do
+ IPAddr.new(s)
+ end
+end
+
def read_and_validate_ssh_config srv_type
conf = $config[srv_type]
begin
@@ -20,23 +29,19 @@ EOF
@ssh_host = conf["hostname"]
@ssh_port = conf["port"].to_i if conf["port"]
@ssh_username = conf["username"]
- assert(!@ssh_host.match(/^(10|192\.168|172\.(1[6-9]|2[0-9]|3[01]))/), "#{@ssh_host} " +
- "looks like a LAN IP address.")
-
+ assert_not_ipaddr(@ssh_host)
when 'SFTP'
@sftp_host = conf["hostname"]
@sftp_port = conf["port"].to_i if conf["port"]
@sftp_username = conf["username"]
-
- assert(!@sftp_host.match(/^(10|192\.168|172\.(1[6-9]|2[0-9]|3[01]))/), "#{@sftp_host} " +
- "looks like a LAN IP address.")
+ assert_not_ipaddr(@sftp_host)
end
end
-Given /^I have the SSH key pair for an? (Git|SSH|SFTP) (?:repository|server)$/ do |server_type|
+Given /^I have the SSH key pair for an? (Git|SSH|SFTP) (?:repository|server)( on the LAN)?$/ do |server_type, lan|
$vm.execute_successfully("install -m 0700 -d '/home/#{LIVE_USER}/.ssh/'",
:user => LIVE_USER)
- unless server_type == 'Git'
+ unless server_type == 'Git' || lan
read_and_validate_ssh_config server_type
secret_key = $config[server_type]["private_key"]
public_key = $config[server_type]["public_key"]
@@ -53,14 +58,36 @@ Given /^I have the SSH key pair for an? (Git|SSH|SFTP) (?:repository|server)$/ d
:user => LIVE_USER)
end
-Given /^I verify the SSH fingerprint for the (?:Git|SSH) (?:repository|server)$/ do
+Given /^I (?:am prompted to )?verify the SSH fingerprint for the (?:Git|SSH) (?:repository|server)$/ do
@screen.wait("SSHFingerprint.png", 60)
@screen.type('yes' + Sikuli::Key.ENTER)
end
-When /^I connect to an SSH server on the Internet$/ do
+def get_free_tcp_port
+ server = TCPServer.new('127.0.0.1', 0)
+ return server.addr[1]
+ensure
+ server.close
+end
+
+Given /^an SSH server is running on the LAN$/ do
+ @sshd_server_port = get_free_tcp_port
+ @sshd_server_host = $vmnet.bridge_ip_addr
+ sshd = SSHServer.new(@sshd_server_host, @sshd_server_port)
+ sshd.start
+ add_after_scenario_hook { sshd.stop }
+end
- read_and_validate_ssh_config "SSH"
+When /^I connect to an SSH server on the (Internet|LAN)$/ do |location|
+
+ case location
+ when 'Internet'
+ read_and_validate_ssh_config "SSH"
+ when 'LAN'
+ @ssh_port = @sshd_server_port
+ @ssh_username = 'user'
+ @ssh_host = @sshd_server_host
+ end
ssh_port_suffix = "-p #{@ssh_port}" if @ssh_port
diff --git a/features/step_definitions/time_syncing.rb b/features/step_definitions/time_syncing.rb
index 1cd8c1a..319fb52 100644
--- a/features/step_definitions/time_syncing.rb
+++ b/features/step_definitions/time_syncing.rb
@@ -3,7 +3,7 @@
# command over the remote shell and get the answer back, parsing and
# post-processing of the result, etc.
def max_time_drift
- 5
+ 10
end
When /^I set the system time to "([^"]+)"$/ do |time|
diff --git a/features/step_definitions/tor.rb b/features/step_definitions/tor.rb
index 9a6aba7..ac12fd4 100644
--- a/features/step_definitions/tor.rb
+++ b/features/step_definitions/tor.rb
@@ -35,6 +35,18 @@ def ip6tables_rules(chain, table = "filter")
iptables_rules_parse("ip6tables", chain, table)
end
+def ip4tables_packet_counter_sum(filters = {})
+ pkts = 0
+ ip4tables_chains do |name, _, rules|
+ next if filters[:tables] && not(filters[:tables].include?(name))
+ rules.each do |rule|
+ next if filters[:uid] && not(rule.elements["conditions/owner/uid-owner[text()=#{filters[:uid]}]"])
+ pkts += rule.attribute('packet-count').to_s.to_i
+ end
+ end
+ return pkts
+end
+
def try_xml_element_text(element, xpath, default = nil)
node = element.elements[xpath]
(node.nil? or not(node.has_text?)) ? default : node.text
diff --git a/features/step_definitions/torified_gnupg.rb b/features/step_definitions/torified_gnupg.rb
index b83c7a6..d4982f2 100644
--- a/features/step_definitions/torified_gnupg.rb
+++ b/features/step_definitions/torified_gnupg.rb
@@ -15,8 +15,9 @@ def check_for_seahorse_error
end
end
-def start_or_restart_seahorse(withapplet = false)
- if withapplet
+def start_or_restart_seahorse
+ assert_not_nil(@withgpgapplet)
+ if @withgpgapplet
seahorse_menu_click_helper('GpgAppletIconNormal.png', 'GpgAppletManageKeys.png')
else
step 'I start "Seahorse" via the GNOME "Utilities" applications menu'
@@ -86,8 +87,9 @@ When /^the "([^"]+)" key is in the live user's public keyring(?: after at most (
}
end
-When /^I start Seahorse( via the Tails OpenPGP Applet)?$/ do |withgpgapplet|
- start_or_restart_seahorse(withgpgapplet)
+When /^I start Seahorse( via the OpenPGP Applet)?$/ do |withgpgapplet|
+ @withgpgapplet = !!withgpgapplet
+ start_or_restart_seahorse
end
Then /^Seahorse has opened$/ do
@@ -117,7 +119,7 @@ Then /^I synchronize keys in Seahorse$/ do
if @screen.exists('GnomeCloseButton.png') || !$vm.has_process?('seahorse')
step 'I kill the process "seahorse"' if $vm.has_process?('seahorse')
debug_log('Restarting Seahorse.')
- start_or_restart_seahorse(withgpgapplet)
+ start_or_restart_seahorse
end
end
@@ -149,8 +151,8 @@ Then /^I synchronize keys in Seahorse$/ do
end
end
-When /^I fetch the "([^"]+)" OpenPGP key using Seahorse( via the Tails OpenPGP Applet)?$/ do |keyid, withgpgapplet|
- start_or_restart_seahorse(withgpgapplet)
+When /^I fetch the "([^"]+)" OpenPGP key using Seahorse( via the OpenPGP Applet)?$/ do |keyid, withgpgapplet|
+ step "I start Seahorse#{withgpgapplet}"
def change_of_status?(keyid)
# Due to a lack of visual feedback in Seahorse we'll break out of the
diff --git a/features/step_definitions/unsafe_browser.rb b/features/step_definitions/unsafe_browser.rb
index feddc6c..b8c0498 100644
--- a/features/step_definitions/unsafe_browser.rb
+++ b/features/step_definitions/unsafe_browser.rb
@@ -166,29 +166,20 @@ Then /^the Unsafe Browser complains that no DNS server is configured$/ do
end
Then /^I configure the Unsafe Browser to check for updates more frequently$/ do
- prefs = '/usr/share/tails/unsafe-browser/prefs.js'
+ prefs = '/usr/share/tails/chroot-browsers/unsafe-browser/prefs.js'
$vm.file_append(prefs, 'pref("app.update.idletime", 1);')
$vm.file_append(prefs, 'pref("app.update.promptWaitTime", 1);')
$vm.file_append(prefs, 'pref("app.update.interval", 5);')
end
But /^checking for updates is disabled in the Unsafe Browser's configuration$/ do
- prefs = '/usr/share/tails/unsafe-browser/prefs.js'
+ prefs = '/usr/share/tails/chroot-browsers/common/prefs.js'
assert($vm.file_content(prefs).include?('pref("app.update.enabled", false)'))
end
Then /^the clearnet user has (|not )sent packets out to the Internet$/ do |sent|
- pkts = 0
uid = $vm.execute_successfully("id -u clearnet").stdout.chomp.to_i
- ip4tables_chains do |name, _, rules|
- next unless name == "OUTPUT"
- rules.each do |rule|
- if rule.elements["conditions/owner/uid-owner[text()=#{uid}]"]
- pkts += rule.attribute('packet-count').to_s.to_i
- end
- end
- end
-
+ pkts = ip4tables_packet_counter_sum(:tables => ['OUTPUT'], :uid => uid)
case sent
when ''
assert(pkts > 0, "Packets have not gone out to the internet.")
diff --git a/features/step_definitions/usb.rb b/features/step_definitions/usb.rb
index fed718e..76f94d2 100644
--- a/features/step_definitions/usb.rb
+++ b/features/step_definitions/usb.rb
@@ -174,7 +174,7 @@ Given /^I enable all persistence presets$/ do
@screen.type(Sikuli::Key.TAB + Sikuli::Key.SPACE)
end
@screen.wait_and_click('PersistenceWizardSave.png', 10)
- @screen.wait('PersistenceWizardDone.png', 20)
+ @screen.wait('PersistenceWizardDone.png', 30)
@screen.type(Sikuli::Key.F4, Sikuli::KeyModifier.ALT)
end
@@ -360,12 +360,15 @@ def boot_device
return boot_dev
end
-def boot_device_type
+def device_info(dev)
# Approach borrowed from
# config/chroot_local_includes/lib/live/config/998-permissions
- boot_dev_info = $vm.execute("udevadm info --query=property --name='#{boot_device}'").stdout.chomp
- boot_dev_type = (boot_dev_info.split("\n").select { |x| x.start_with? "ID_BUS=" })[0].split("=")[1]
- return boot_dev_type
+ info = $vm.execute("udevadm info --query=property --name='#{dev}'").stdout.chomp
+ info.split("\n").map { |e| e.split('=') } .to_h
+end
+
+def boot_device_type
+ device_info(boot_device)['ID_BUS']
end
Then /^Tails is running from (.*) drive "([^"]+)"$/ do |bus, name|
@@ -584,7 +587,7 @@ Then /^a suitable USB device is (?:still )?not found$/ do
@screen.wait("TailsInstallerNoQEMUHardDisk.png", 30)
end
-Then /^the "(?:[[:alpha:]]+)" USB drive is selected$/ do
+Then /^the "(?:[^"]+)" USB drive is selected$/ do
@screen.wait("TailsInstallerQEMUHardDisk.png", 30)
end
diff --git a/features/support/helpers/exec_helper.rb b/features/support/helpers/exec_helper.rb
index c93b653..42f6532 100644
--- a/features/support/helpers/exec_helper.rb
+++ b/features/support/helpers/exec_helper.rb
@@ -10,7 +10,7 @@ class VMCommand
@returncode, @stdout, @stderr = VMCommand.execute(vm, cmd, options)
end
- def VMCommand.wait_until_remote_shell_is_up(vm, timeout = 30)
+ def VMCommand.wait_until_remote_shell_is_up(vm, timeout = 90)
try_for(timeout, :msg => "Remote shell seems to be down") do
Timeout::timeout(3) do
VMCommand.execute(vm, "echo 'hello?'")
@@ -25,8 +25,8 @@ class VMCommand
# response will always be [0, "", ""] (only used as an
# ACK). execute() will always block until a response is received,
# though. Spawning is useful when starting processes in the
- # background (or running scripts that does the same) like the
- # vidalia-wrapper, or any application we want to interact with.
+ # background (or running scripts that does the same) like our
+ # onioncircuits wrapper, or any application we want to interact with.
def VMCommand.execute(vm, cmd, options = {})
options[:user] ||= "root"
options[:spawn] ||= false
diff --git a/features/support/helpers/firewall_helper.rb b/features/support/helpers/firewall_helper.rb
index 2bf0dd1..fce363c 100644
--- a/features/support/helpers/firewall_helper.rb
+++ b/features/support/helpers/firewall_helper.rb
@@ -11,21 +11,12 @@ class IPAddr
]
PrivateIPv6Ranges = [
- IPAddr.new("fc00::/7"), # private
+ IPAddr.new("fc00::/7")
]
def private?
- if self.ipv4?
- PrivateIPv4Ranges.each do |ipr|
- return true if ipr.include?(self)
- end
- return false
- else
- PrivateIPv6Ranges.each do |ipr|
- return true if ipr.include?(self)
- end
- return false
- end
+ private_ranges = self.ipv4? ? PrivateIPv4Ranges : PrivateIPv6Ranges
+ private_ranges.any? { |range| range.include?(self) }
end
def public?
diff --git a/features/support/helpers/sshd_helper.rb b/features/support/helpers/sshd_helper.rb
new file mode 100644
index 0000000..2e0069c
--- /dev/null
+++ b/features/support/helpers/sshd_helper.rb
@@ -0,0 +1,67 @@
+require 'tempfile'
+
+class SSHServer
+ def initialize(sshd_host, sshd_port, authorized_keys = nil)
+ @sshd_host = sshd_host
+ @sshd_port = sshd_port
+ @authorized_keys = authorized_keys
+ @pid = nil
+ end
+
+ def start
+ @sshd_key_file = Tempfile.new("ssh_host_rsa_key", $config["TMPDIR"])
+ # 'hack' to prevent ssh-keygen from prompting to overwrite the file
+ File.delete(@sshd_key_file.path)
+ cmd_helper(['ssh-keygen', '-t', 'rsa', '-N', "", '-f', "#{@sshd_key_file.path}"])
+ @sshd_key_file.close
+
+ sshd_config =<<EOF
+Port #{@sshd_port}
+ListenAddress #{@sshd_host}
+UsePrivilegeSeparation no
+HostKey #{@sshd_key_file.path}
+Pidfile #{$config['TMPDIR']}/ssh.pid
+EOF
+
+ @sshd_config_file = Tempfile.new("sshd_config", $config["TMPDIR"])
+ @sshd_config_file.write(sshd_config)
+
+ if @authorized_keys
+ @authorized_keys_file = Tempfile.new("authorized_keys", $config['TMPDIR'])
+ @authorized_keys_file.write(@authorized_keys)
+ @authorized_keys_file.close
+ @sshd_config_file.write("AuthorizedKeysFile #{@authorized_keys_file.path}")
+ end
+
+ @sshd_config_file.close
+
+ cmd = ["/usr/sbin/sshd", "-4", "-f", @sshd_config_file.path, "-D"]
+
+ job = IO.popen(cmd)
+ @pid = job.pid
+ end
+
+ def stop
+ File.delete("#{@sshd_key_file.path}.pub")
+ File.delete("#{$config['TMPDIR']}/ssh.pid")
+ begin
+ Process.kill("TERM", @pid)
+ rescue
+ # noop
+ end
+ end
+
+ def active?
+ begin
+ ret = Process.kill(0, @pid)
+ rescue Errno::ESRCH => e
+ if e.message == "No such process"
+ return false
+ else
+ raise e
+ end
+ end
+ assert_equal(1, ret, "This shouldn't happen")
+ return true
+ end
+end
diff --git a/features/support/helpers/vm_helper.rb b/features/support/helpers/vm_helper.rb
index 5fc8163..6d7204d 100644
--- a/features/support/helpers/vm_helper.rb
+++ b/features/support/helpers/vm_helper.rb
@@ -46,7 +46,7 @@ class VMNet
def bridge_ip_addr
net_xml = REXML::Document.new(@net.xml_desc)
- net_xml.elements['network/ip'].attributes['address']
+ IPAddr.new(net_xml.elements['network/ip'].attributes['address']).to_s
end
def guest_real_mac
@@ -57,7 +57,6 @@ class VMNet
def bridge_mac
File.open("/sys/class/net/#{bridge_name}/address", "rb").read.chomp
end
-
end
@@ -138,28 +137,6 @@ class VM
set_network_link_state('down')
end
- def set_cdrom_tray_state(state)
- domain_xml = REXML::Document.new(@domain.xml_desc)
- domain_xml.elements.each('domain/devices/disk') do |e|
- if e.attribute('device').to_s == "cdrom"
- e.elements['target'].attributes['tray'] = state
- if is_running?
- @domain.update_device(e.to_s)
- else
- update(domain_xml.to_s)
- end
- end
- end
- end
-
- def eject_cdrom
- set_cdrom_tray_state('open')
- end
-
- def close_cdrom
- set_cdrom_tray_state('closed')
- end
-
def set_boot_device(dev)
if is_running?
raise "boot settings can only be set for inactive vms"
@@ -170,15 +147,20 @@ class VM
end
def set_cdrom_image(image)
+ image = nil if image == ''
domain_xml = REXML::Document.new(@domain.xml_desc)
domain_xml.elements.each('domain/devices/disk') do |e|
if e.attribute('device').to_s == "cdrom"
- if ! e.elements['source']
- e.add_element('source')
+ if image.nil?
+ e.elements.delete('source')
+ else
+ if ! e.elements['source']
+ e.add_element('source')
+ end
+ e.elements['source'].attributes['file'] = image
end
- e.elements['source'].attributes['file'] = image
if is_running?
- @domain.update_device(e.to_s, Libvirt::Domain::DEVICE_MODIFY_FORCE)
+ @domain.update_device(e.to_s)
else
update(domain_xml.to_s)
end
@@ -187,7 +169,15 @@ class VM
end
def remove_cdrom
- set_cdrom_image('')
+ set_cdrom_image(nil)
+ rescue Libvirt::Error => e
+ # While the CD-ROM is removed successfully we still get this
+ # error, so let's ignore it.
+ acceptable_error =
+ "Call to virDomainUpdateDeviceFlags failed: internal error: unable to " +
+ "execute QEMU command 'eject': (Tray of device '.*' is not open|" +
+ "Device '.*' is locked)"
+ raise e if not(Regexp.new(acceptable_error).match(e.to_s))
end
def set_cdrom_boot(image)
@@ -196,7 +186,6 @@ class VM
end
set_boot_device('cdrom')
set_cdrom_image(image)
- close_cdrom
end
def list_disk_devs
@@ -289,6 +278,17 @@ class VM
return "/dev/" + rexml.elements['disk/target'].attribute('dev').to_s
end
+ def disk_name(dev)
+ dev = File.basename(dev)
+ domain_xml = REXML::Document.new(@domain.xml_desc)
+ domain_xml.elements.each('domain/devices/disk') do |e|
+ if /^#{e.elements['target'].attribute('dev').to_s}/.match(dev)
+ return File.basename(e.elements['source'].attribute('file').to_s)
+ end
+ end
+ raise "No such disk device '#{dev}'"
+ end
+
def udisks_disk_dev(name)
return disk_dev(name).gsub('/dev/', '/org/freedesktop/UDisks/devices/')
end
@@ -448,7 +448,7 @@ EOF
return execute(cmd, options)
end
- def wait_until_remote_shell_is_up(timeout = 30)
+ def wait_until_remote_shell_is_up(timeout = 90)
VMCommand.wait_until_remote_shell_is_up(self, timeout)
end
@@ -494,7 +494,7 @@ EOF
# back seems to be a reliable way to handle this.
select_virtual_desktop(3)
select_virtual_desktop(0)
- sleep 1
+ sleep 5 # there aren't any visual indicators which can be used here
do_focus(window_title, user)
end
end
@@ -530,6 +530,10 @@ EOF
:user => LIVE_USER)
end
+ def get_clipboard
+ execute_successfully("xsel --output --clipboard", :user => LIVE_USER).stdout
+ end
+
def internal_snapshot_xml(name)
disk_devs = list_disk_devs
disks_xml = " <disks>\n"
diff --git a/features/support/hooks.rb b/features/support/hooks.rb
index 892a918..be8a023 100644
--- a/features/support/hooks.rb
+++ b/features/support/hooks.rb
@@ -5,6 +5,38 @@ require 'tmpdir'
# Run once, before any feature
AfterConfiguration do |config|
+ # Reorder the execution of some features. As we progress through a
+ # run we accumulate more and more snapshots and hence use more and
+ # more disk space, but some features will leave nothing behind
+ # and/or possibly use large amounts of disk space temporarily for
+ # various reasons. By running these first we minimize the amount of
+ # disk space needed.
+ prioritized_features = [
+ # Features not using snapshots but using large amounts of scratch
+ # space for other reasons:
+ 'features/erase_memory.feature',
+ 'features/untrusted_partitions.feature',
+ # Features using temporary snapshots:
+ 'features/apt.feature',
+ 'features/i2p.feature',
+ 'features/root_access_control.feature',
+ 'features/time_syncing.feature',
+ 'features/tor_bridges.feature',
+ # This feature needs the almost biggest snapshot (USB install,
+ # excluding persistence) and will create yet another disk and
+ # install Tails on it. This should be the peak of disk usage.
+ 'features/usb_install.feature',
+ ]
+ feature_files = config.feature_files
+ # The &-intersection is specified to keep the element ordering of
+ # the *left* operand.
+ intersection = prioritized_features & feature_files
+ if not intersection.empty?
+ feature_files -= intersection
+ feature_files = intersection + feature_files
+ config.define_singleton_method(:feature_files) { feature_files }
+ end
+
# Used to keep track of when we start our first @product feature, when
# we'll do some special things.
$started_first_product_feature = false
diff --git a/features/tor_bridges.feature b/features/tor_bridges.feature
index cab4e39..b5277ca 100644
--- a/features/tor_bridges.feature
+++ b/features/tor_bridges.feature
@@ -9,6 +9,7 @@ Feature: Using Tails with Tor pluggable transports
And I capture all network traffic
When the network is plugged
Then the Tor Launcher autostarts
+ And the Tor Launcher uses all expected TBB shared libraries
Scenario: Using bridges
When I configure some Bridge pluggable transports in Tor Launcher
diff --git a/features/torified_browsing.feature b/features/torified_browsing.feature
index 1f1ca7e..78a4013 100644
--- a/features/torified_browsing.feature
+++ b/features/torified_browsing.feature
@@ -28,14 +28,14 @@ Feature: Browsing the web using the Tor Browser
And I can print the current page as "output.pdf" to the default downloads directory
@check_tor_leaks @fragile
- Scenario: Importing an OpenPGP key from a website
+ Scenario: Downloading files with the Tor Browser
Given I have started Tails from DVD and logged in and the network is connected
When I start the Tor Browser
- And the Tor Browser has started and loaded the startup page
- And I open the address "https://tails.boum.org/tails-signing.key" in the Tor Browser
- Then I see "OpenWithImportKey.png" after at most 20 seconds
- When I accept to import the key with Seahorse
- Then I see "KeyImportedNotification.png" after at most 10 seconds
+ Then the Tor Browser has started and loaded the startup page
+ When I download some file in the Tor Browser
+ Then I get the browser download dialog
+ When I save the file to the default Tor Browser download directory
+ Then the file is saved to the default Tor Browser download directory
@check_tor_leaks @fragile
Scenario: Playing HTML5 audio
diff --git a/features/torified_gnupg.feature b/features/torified_gnupg.feature
index 374c7ba..cbdab7f 100644
--- a/features/torified_gnupg.feature
+++ b/features/torified_gnupg.feature
@@ -23,8 +23,8 @@ Feature: Keyserver interaction with GnuPG
And the Seahorse operation is successful
Then the "10CC5BC7" key is in the live user's public keyring
- Scenario: Fetching OpenPGP keys using Seahorse via the Tails OpenPGP Applet should work and be done over Tor.
- When I fetch the "10CC5BC7" OpenPGP key using Seahorse via the Tails OpenPGP Applet
+ Scenario: Fetching OpenPGP keys using Seahorse via the OpenPGP Applet should work and be done over Tor.
+ When I fetch the "10CC5BC7" OpenPGP key using Seahorse via the OpenPGP Applet
And the Seahorse operation is successful
Then the "10CC5BC7" key is in the live user's public keyring
@@ -40,12 +40,12 @@ Feature: Keyserver interaction with GnuPG
And the Seahorse operation is successful
Then the key "10CC5BC7" has more than 2 signatures
- Scenario: Syncing OpenPGP keys using Seahorse started from the Tails OpenPGP Applet should work and be done over Tor.
+ Scenario: Syncing OpenPGP keys using Seahorse started from the OpenPGP Applet should work and be done over Tor.
Given I fetch the "10CC5BC7" OpenPGP key using the GnuPG CLI without any signatures
And the GnuPG fetch is successful
And the "10CC5BC7" key is in the live user's public keyring
But the key "10CC5BC7" has only 2 signatures
- When I start Seahorse via the Tails OpenPGP Applet
+ When I start Seahorse via the OpenPGP Applet
Then Seahorse has opened
And I enable key synchronization in Seahorse
And I synchronize keys in Seahorse
diff --git a/features/totem.feature b/features/totem.feature
index 31fe3a5..0e6fa05 100644
--- a/features/totem.feature
+++ b/features/totem.feature
@@ -54,11 +54,11 @@ Feature: Using Totem
# filesystem shares.
And I shutdown Tails and wait for the computer to power off
And I setup a filesystem share containing sample videos
- And I start Tails from USB drive "current" with network unplugged and I login with persistence enabled
+ And I start Tails from USB drive "__internal" with network unplugged and I login with persistence enabled
And I copy the sample videos to "/home/amnesia/Persistent" as user "amnesia"
And I copy the sample videos to "/home/amnesia/.gnupg" as user "amnesia"
And I shutdown Tails and wait for the computer to power off
- And I start Tails from USB drive "current" with network unplugged and I login with persistence enabled
+ And I start Tails from USB drive "__internal" with network unplugged and I login with persistence enabled
And the file "/home/amnesia/Persistent/video.mp4" exists
When I open "/home/amnesia/Persistent/video.mp4" with Totem
Then I see "SampleLocalMp4VideoFrame.png" after at most 10 seconds
diff --git a/features/usb_install.feature b/features/usb_install.feature
index b5ea41d..750df7a 100644
--- a/features/usb_install.feature
+++ b/features/usb_install.feature
@@ -12,9 +12,9 @@ Feature: Installing Tails to a USB drive
Then Tails Installer detects that a device is too small
And a suitable USB device is not found
When I unplug USB drive "too-small-device"
- And I create a 4 GiB disk named "current"
- And I plug USB drive "current"
- Then the "current" USB drive is selected
+ And I create a 4 GiB disk named "big-enough"
+ And I plug USB drive "big-enough"
+ Then the "big-enough" USB drive is selected
Scenario: Detecting when a target USB drive is inserted or removed
Given I have started Tails from DVD without network and logged in
@@ -44,7 +44,7 @@ Feature: Installing Tails to a USB drive
And I log in to a new session
Then Tails seems to have booted normally
When I create a persistent partition
- Then a Tails persistence partition exists on USB drive "current"
+ Then a Tails persistence partition exists on USB drive "__internal"
#10720: Tails Installer freezes on Jenkins
@fragile
@@ -52,9 +52,9 @@ Feature: Installing Tails to a USB drive
Given I have started Tails without network from a USB drive without a persistent partition and stopped at Tails Greeter's login screen
When I log in to a new session
Then Tails seems to have booted normally
- And Tails is running from USB drive "current"
+ And Tails is running from USB drive "__internal"
And the persistent Tor Browser directory does not exist
- And there is no persistence partition on USB drive "current"
+ And there is no persistence partition on USB drive "__internal"
#10720: Tails Installer freezes on Jenkins
@fragile
@@ -62,9 +62,9 @@ Feature: Installing Tails to a USB drive
Given I have started Tails without network from a USB drive without a persistent partition and stopped at Tails Greeter's login screen
Then I power off the computer
Given the computer is set to boot in UEFI mode
- When I start Tails from USB drive "current" with network unplugged and I login
+ When I start Tails from USB drive "__internal" with network unplugged and I login
Then the boot device has safe access rights
- And Tails is running from USB drive "current"
+ And Tails is running from USB drive "__internal"
And the boot device has safe access rights
And Tails has started in UEFI mode
diff --git a/features/usb_upgrade.feature b/features/usb_upgrade.feature
index 4193624..7462489 100644
--- a/features/usb_upgrade.feature
+++ b/features/usb_upgrade.feature
@@ -119,7 +119,7 @@ Feature: Upgrading an old Tails USB installation
When I "Clone & Upgrade" Tails to USB drive "to_upgrade"
Then the running Tails is installed on USB drive "to_upgrade"
And I unplug USB drive "to_upgrade"
- And I unplug USB drive "current"
+ And I unplug USB drive "__internal"
# Depends on scenario: Upgrading an old Tails USB installation from another Tails USB drive
Scenario: Booting Tails from a USB drive upgraded from USB with persistence enabled