| blob | af58c8a895c81421c0af0e195b0fb58ed2f6cbc3 |
1 Then /^the shipped Tails signing key is not outdated$/ do
2 # "old" here is w.r.t. the one we fetch from Tails' website
3 next if @skip_steps_while_restoring_background
4 sig_key_fingerprint = "0D24B36AA9A2A651787876451202821CBE2CD9C1"
5 fresh_sig_key = "/tmp/tails-signing.key"
6 tmp_keyring = "/tmp/tmp-keyring.gpg"
7 key_url = "https://tails.boum.org/tails-signing.key"
8 @vm.execute("curl --silent --socks5-hostname localhost:9062 " +
9 "#{key_url} -o #{fresh_sig_key}", $live_user)
10 @vm.execute("gpg --batch --no-default-keyring --keyring #{tmp_keyring} " +
11 "--import #{fresh_sig_key}", $live_user)
12 fresh_sig_key_info =
13 @vm.execute("gpg --batch --no-default-keyring --keyring #{tmp_keyring} " +
14 "--list-key #{sig_key_fingerprint}", $live_user).stdout
15 shipped_sig_key_info = @vm.execute("gpg --batch --list-key #{sig_key_fingerprint}",
16 $live_user).stdout
17 assert(shipped_sig_key_info == fresh_sig_key_info,
18 "The Tails signing key shipped inside Tails is outdated:\n" +
19 "Shipped key:\n" +
20 shipped_sig_key_info +
21 "Newly fetched key from #{key_url}:\n" +
22 fresh_sig_key_info)
23 end
25 Then /^the live user has been setup by live\-boot$/ do
26 next if @skip_steps_while_restoring_background
27 assert(@vm.execute("test -e /var/lib/live/config/user-setup").success?,
28 "live-boot failed its user-setup")
29 actual_username = @vm.execute(". /etc/live/config/username.conf; " +
30 "echo $LIVE_USERNAME").stdout.chomp
31 assert(actual_username == $live_user,
32 "The live username is '#{actual_username}', not '#{$live_user}'")
33 end
35 Then /^the live user is a member of only its own group and "(.*?)"$/ do |groups|
36 next if @skip_steps_while_restoring_background
37 expected_groups = groups.split(" ") << $live_user
38 actual_groups = @vm.execute("groups #{$live_user}").stdout.chomp.sub(/^#{$live_user} : /, "").split(" ")
39 unexpected = actual_groups - expected_groups
40 missing = expected_groups - actual_groups
41 assert(unexpected.size == 0,
42 "live user in unexpected groups #{unexpected}")
43 assert(missing.size == 0,
44 "live user not in expected groups #{missing}")
45 end
47 Then /^the live user owns its home dir and it has normal permissions$/ do
48 next if @skip_steps_while_restoring_background
49 home = "/home/#{$live_user}"
50 assert(@vm.execute("test -d #{home}").success?,
51 "The live user's home doesn't exist or is not a directory")
52 owner = @vm.execute("stat -c %U:%G #{home}").stdout.chomp
53 perms = @vm.execute("stat -c %a #{home}").stdout.chomp
54 assert(owner == "#{$live_user}:#{$live_user}",
55 "The live user's home has unexpected ownership '#{owner}'")
56 assert(perms == "755",
57 "The live user's home has unexpected permissions '#{perms}'")
58 end
60 Given /^I wait between (\d+) and (\d+) seconds$/ do |min, max|
61 next if @skip_steps_while_restoring_background
62 time = rand(max.to_i - min.to_i + 1) + min.to_i
63 puts "Slept for #{time} seconds"
64 sleep(time)
65 end
67 Then /^no unexpected services are listening for network connections$/ do
68 next if @skip_steps_while_restoring_background
69 netstat_cmd = @vm.execute("netstat -ltupn")
70 assert netstat_cmd.success?
71 for line in netstat_cmd.stdout.chomp.split("\n") do
72 splitted = line.split(/[[:blank:]]+/)
73 proto = splitted[0]
74 if proto == "tcp"
75 proc_index = 6
76 elsif proto == "udp"
77 proc_index = 5
78 else
79 next
80 end
81 laddr, lport = splitted[3].split(":")
82 proc = splitted[proc_index].split("/")[1]
83 # Services listening on loopback is not a threat
84 if /127(\.[[:digit:]]{1,3}){3}/.match(laddr).nil?
85 if $services_expected_on_all_ifaces.include? [proc, laddr, lport]
86 puts "Service '#{proc}' is listening on #{laddr}:#{lport} " +
87 "but has an exception"
88 else
89 raise "Unexpected service '#{proc}' listening on #{laddr}:#{lport}"
90 end
91 end
92 end
93 end
95 When /^Tails has booted a 686-pae kernel$/ do
96 next if @skip_steps_while_restoring_background
97 assert(@vm.execute("uname -r | grep -qs '686-pae$'").success?,
98 "Tails has not booted a 686-pae kernel.")
99 end
101 Then /^the VirtualBox guest modules are available$/ do
102 next if @skip_steps_while_restoring_background
103 assert(@vm.execute("modinfo vboxguest").success?,
104 "The vboxguest module is not available.")
105 end
107 def shared_pdf_dir_on_guest
108 "/tmp/shared_dir"
109 end
111 Given /^I setup a filesystem share containing a sample PDF$/ do
112 next if @skip_steps_while_restoring_background
113 @vm.add_share($misc_files_dir, shared_pdf_dir_on_guest)
114 end
116 Then /^MAT can clean some sample PDF file$/ do
117 next if @skip_steps_while_restoring_background
118 for pdf_on_host in Dir.glob("#{$misc_files_dir}/*.pdf") do
119 pdf_name = File.basename(pdf_on_host)
120 pdf_on_guest = "/home/#{$live_user}/#{pdf_name}"
121 @vm.execute("cp #{shared_pdf_dir_on_guest}/#{pdf_name} #{pdf_on_guest}",
122 $live_user)
123 @vm.execute("mat --display '#{pdf_on_guest}'",
124 $live_user).stdout
125 check_before = @vm.execute("mat --check '#{pdf_on_guest}'",
126 $live_user).stdout
127 if check_before.include?("#{pdf_on_guest} is clean")
128 STDERR.puts "warning: '#{pdf_on_host}' is already clean so it is a " +
129 "bad candidate for testing MAT"
130 end
131 @vm.execute("mat '#{pdf_on_guest}'", $live_user)
132 check_after = @vm.execute("mat --check '#{pdf_on_guest}'",
133 $live_user).stdout
134 assert(check_after.include?("#{pdf_on_guest} is clean"),
135 "MAT failed to clean '#{pdf_on_host}'")
136 end
137 end