summaryrefslogtreecommitdiffstats
path: root/wiki/src/contribute/release_process/test/setup.mdwn
blob: 4cc54ed55852de0833925fb2035a372e5189749b (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
[[!meta title="Test suite installation and setup"]]

Here's how to set up an environment to run our automated test suite.
Alternatively, you way want to use the `tails::tester` class from the
[[!tails_gitweb_repo puppet-tails]] Puppet module.

Once you have a working environment, see [[test/usage]].

[[!toc levels=2]]

Install dependencies
====================

First of all, one needs a Debian Jessie system with:

 * the `non-free` APT component enabled;
 * the official backports repository configured.

The following packages are necessary on Debian Jessie:

    echo -e "Package: *\nPin: release o=Debian,n=jessie\nPin-Priority: 990" \
        > /etc/apt/preferences.d/Debian_jessie && \
    apt update && \
    apt install \
        cucumber \
        devscripts \
        dnsmasq-base \
        gawk \
        git \
        i18nspector \
        libav-tools \
        libcap2-bin \
        libsikuli-script-java \
        libvirt-clients \
        libvirt-daemon-system \
        libvirt-dev \
        libvirt0 \
        libvpx1 \
        ntp \
        openssh-server \
        ovmf \
        python-jabberbot \
        python-potr/jessie-backports \
        qemu-kvm \
        qemu-system-x86 \
        ruby-guestfs \
        ruby-json \
        ruby-libvirt \
        ruby-net-irc \
        ruby-packetfu \
        ruby-rb-inotify \
        ruby-rjb \
        ruby-rspec \
        ruby-test-unit \
        seabios \
        tcpdump \
        tor/jessie-backports \
        unclutter \
        virt-viewer \
        x11vnc \
        xtightvncviewer \
        xvfb \
        && \
    service libvirtd restart
        
Other requirements
==================

Synchronized clock
------------------

The system running the test suite needs an accurate clock since we
sync the clock from the host to the Tails guest after a background
snapshot restore to appease Tor. This is why we installed ntp above,
but if you prefer you can use whatever time synchronization
tool instead.

File permissions
----------------

The user that runs QEMU (via libvirt) needs read-access at least to
the content of `features/misc_files/` in the Git checkout.

AppArmor tweaks
---------------

If libvirt has the `apparmor` security driver enabled:

* you may need to add the `/tmp/TailsToaster/TailsToasterStorage/*
  rw,` line to `/etc/apparmor.d/libvirt/TEMPLATE.qemu`, in the
  `profile LIBVIRT_TEMPLATE` section;
* you may hit various problems, such as denied access to
  `/usr/share/ovmf/OVMF.fd`; all such known problems are (as of
  2015-08-12) on their way for being fixed upstream in libvirt.
  Running a recent libvirt may help.

Special use cases
=================

Access the system under test with VNC
-------------------------------------

If you're running the test suite in a nested environnement, install
xtightvncviewer on the bare metal level-0 host. Then you can use vncviewer's
`-via` option so that it automatically setup a ssh tunnel to your first level
test suite domain for you and display the Tails VM. E.g.
where `$DISPLAY` is the display given to you by `run_test_suite` (often 0):

    vncviewer -viewonly -via user@level0 localhost:$DISPLAY

Running the test suite as a non-root user
-----------------------------------------

<div class="note">
This section may not be in tested and working shape.
</div>

This is entirely possible, but there's some additional configuration
required. Run the following as `root`:

    addgroup tcpdump
    dpkg-statoverride --update --add root tcpdump 754 /usr/sbin/tcpdump
    setcap CAP_NET_RAW+eip /usr/sbin/tcpdump
    adduser $USER tcpdump
    adduser $USER libvirt
    adduser $USER libvirt-qemu

It's important to run `setcap` after `dpkg-statoverride` since the
latter deletes all capabilities. Unfortunately the `setcap` command
has to be rerun for that reason everytime the `tcpdump` package is
updated until [[!debbug 662845]] is fixed.

Running these commands will add some interesting capabilities to
`$USER`, so you may want to do this for a dedicated user separate from
your normal user. In that case (and if you run the tests as root) the
`--view` option won't work unless you grant `$USER` access to your
display via `xhost +SI:localhost:$USER`. Alternatively you can use the
`--vnc-server-only` option and manually connect to the VNC server with
your normal user. Just make sure the VNC viewer is in view-only mode
(e.g. `xtightvncviewer --view-only ...`) in order to not interfere
with the testing session.