summaryrefslogtreecommitdiffstats
path: root/wiki/src/contribute/release_process/test/setup.mdwn
blob: d2dd800a9b8a550cd22a6296f82c74bb105b79c7 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
[[!meta title="Test suite installation and setup"]]

Here's how to set up an environment to run our automated test suite.
Alternatively, you way want to use the `tails::tester` class from the
[[!tails_gitweb_repo puppet-tails]] Puppet module.

Once you have a working environment, see [[test/usage]].

[[!toc levels=2]]

Operating system
================

<div class="note">
<p>
<b>For Wayland users:</b> at the moment the <tt>--view</tt> and
<tt>--vnc-server-only</tt> options only work on X11.
</p>
</div>

If you usually run another operating system than Debian Stretch,
Buster, Bullseye or Sid, then you need to:

1. Enable nested virtualization on your host system.

   For example, if the host system has an Intel CPU:

         if [ "$(cat /sys/module/kvm_intel/parameters/nested)" != Y ]; then
            echo "options kvm_intel nested=Y" | \
                 sudo tee /etc/modprobe.d/kvm.conf
         fi

2. Prepare a Debian virtual machine; we recommend the stable release,
   Debian Buster.

3. And then, every step below applies to this virtual machine, instead
   of to the host system.

Install dependencies
====================

To install the dependencies on our test suite:

1. Enable the `non-free` APT component.

2. Install the following packages:

        dist=$(lsb_release --short --codename)
        if [ "${dist}" != stretch -o "${dist}" != buster ]; then
            # For python-jabberbot and python-potr, that were removed after Buster
            echo 'deb http://ftp.us.debian.org/debian/ buster main' \
                | sudo tee /etc/apt/sources.list.d/buster.list
            # For unversioned python packages, needed by the above
            echo 'deb http://deb.tails.boum.org/ isotester-bullseye main' \
                | sudo tee /etc/apt/sources.list.d/isotester-bullseye.list
        fi
        if [ "${dist}" = buster ]; then
            echo 'deb http://ftp.us.debian.org/ buster-backports main' \
                | sudo tee /etc/apt/sources.list.d/buster-backports.list
            echo -e "Package: qemu*\nPin: release n=buster-backports, o=Debian Backports\nPin-Priority: 990" \
                | sudo tee /etc/apt/preferences.d/qemu
        fi
        sudo apt update && \
        sudo apt install \
            cucumber \
            devscripts \
            dnsmasq-base \
            gawk \
            git \
            i18nspector \
            imagemagick \
            libcap2-bin \
            libvirt-clients \
            libvirt-daemon-system \
            libvirt-dev \
            libvirt0 \
            obfs4proxy \
            openssh-server \
            ovmf \
            pry \
            python-jabberbot \
            python-potr \
            qemu-kvm \
            qemu-system-common \
            qemu-system-x86 \
            qemu-utils \
            redir \
            ruby-guestfs \
            ruby-json \
            ruby-libvirt \
            ruby-packetfu \
            ruby-rb-inotify \
            ruby-rspec \
            ruby-test-unit \
            seabios \
            tcpdump \
            tcplay \
            tor \
            unclutter \
            virt-viewer \
            x11vnc \
            tigervnc-viewer \
            x264 \
            xdotool \
            xvfb \
            $(
                if [ "${dist}" = stretch ]; then
                    echo "libav-tools
                          python-opencv
                          python-pil"
                else
                    echo "ffmpeg
                          python3-opencv
                          python3-pil"
                fi
            ) \
            && \
        sudo service libvirtd restart

Other requirements
==================

Synchronized clock
------------------

The system running the test suite needs an accurate clock since we
sync the clock from the host to the Tails guest after a background
snapshot restore to appease Tor.

You might want to enable `systemd-timesyncd.service` or your favorite
time synchronization tool for this.

File permissions
----------------

The user that runs QEMU (via libvirt) needs read-access at least to
the content of `features/misc_files/` in the Git checkout.

AppArmor tweaks
---------------

If you have AppArmor enabled:

* You need to add the `/tmp/TailsToaster/** rwk,` line
  to `/etc/apparmor.d/libvirt/TEMPLATE.qemu`, in the
  `profile LIBVIRT_TEMPLATE` section; then delete
  `/etc/apparmor.d/libvirt/libvirt-*` and restart the test suite.
  On Debian Stretch, if you use a custom `TMPDIR` to run the test suite,
  replace `/tmp/TailsToaster` with the value of that `$TMPDIR`.

Patched QEMU
------------

Due to [[!tails_ticket 12142]]
aka. [[!debbug 851694]], any test scenario that creates a persistent
volume will fail. To work around this problem, rebuild [[!debpts
qemu]] locally with the upstream fix applied. For example, the `qemu`
source package in this APT suite has the fix:

        deb-src http://deb.tails.boum.org/ isotester-stretch main

This problem does not affect host systems that run Debian Buster
or newer.

Special use cases
=================

Access the system under test with VNC
-------------------------------------

If you're running the test suite in a nested environnement, install
`tigervnc-viewer` on the bare metal level-0 host. Then you can use vncviewer's
`-via` option so that it automatically setup a ssh tunnel to your first level
test suite domain for you and display the Tails VM. E.g.
where `$DISPLAY` is the display given to you by `run_test_suite` (often 0):

    vncviewer -viewonly -via user@level0 localhost:$DISPLAY