@product Feature: System memory erasure on shutdown As a Tails user when I shutdown Tails I want the system memory to be free from sensitive data. Scenario: Anti-test: no memory erasure on a modern computer # features/erase_memory.feature:7 Given a computer # features/step_definitions/common_steps.rb:122 And the computer is a modern 64-bit system # features/step_definitions/erase_memory.rb:23 And the computer has 8 GiB of RAM # features/step_definitions/common_steps.rb:127 And I set Tails to boot with options "debug=wipemem" # features/step_definitions/common_steps.rb:180 [log] CLICK on (1024,384) [log] TYPE " " [log] TYPE " autotest_never_use_this_option blacklist=psmouse debug=wipemem " calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] calling as root: service tor status call returned: [3, "\u25cf tor.service - Anonymizing overlay network for TCP (multi-instance-master)\n Loaded: loaded (/lib/systemd/system/tor.service; disabled)\n Active: inactive (dead)\n", ""] calling as root: echo 'TestingTorNetwork 1 AssumeReachable 1 PathsNeededToBuildCircuits 0.25 TestingBridgeDownloadSchedule 0, 5 TestingClientConsensusDownloadSchedule 0, 5 TestingClientDownloadSchedule 0, 5 TestingDirAuthVoteExit * TestingDirAuthVoteGuard * TestingDirAuthVoteHSDir * TestingMinExitFlagThreshold 0 V3AuthNIntervalsValid 2 ClientRejectInternalAddresses 1 AlternateDirAuthority test000auth orport=5000 no-v2 hs v3ident=F331DEF03340024E27063D865A4A0D11A21420ED 10.2.1.1:7000 AE0896F267595CC58A3F8432998765FCF1AD1A6D AlternateDirAuthority test001auth orport=5001 no-v2 hs v3ident=5228B82B1FA52163CD2938D9880D62F7FDAEC7BE 10.2.1.1:7001 A4B46490D9F3E18CB9FA4DE4973114C9CDFC972A AlternateDirAuthority test002auth orport=5002 no-v2 hs v3ident=4989A61D959085B49A9855C38A8F69EE6099914C 10.2.1.1:7002 90944BF1079C2A7D6A77C41D62D10D7CCA44E27F AlternateDirAuthority test003auth orport=5003 no-v2 hs v3ident=2C590C78CC3BE6311EEDBFC7A6DA9883F80C40B8 10.2.1.1:7003 780C6EFF7CF37F05149E318488BE30F8F5E908F7 AlternateBridgeAuthority test004brauth orport=5004 no-v2 bridge 10.2.1.1:7004 FE7BB8E09C53B7354A1A5ABCC8F64C311A6D696A ' >> '/etc/tor/torrc' call returned: [0, "", ""] [log] CLICK on (642,449) calling as root: test -e '/etc/sudoers.d/tails-greeter' -o -e '/etc/sudoers.d/tails-greeter-no-password-lecture' call returned: [1, "", ""] calling as root: test -e '/etc/sudoers.d/tails-greeter' -o -e '/etc/sudoers.d/tails-greeter-no-password-lecture' call returned: [0, "", ""] calling as amnesia: gsettings set org.gnome.desktop.session idle-delay 0 call returned: [0, "", ""] calling as amnesia: gsettings set org.gnome.desktop.interface toolkit-accessibility true call returned: [0, "", ""] calling as amnesia: xdotool search --all --onlyvisible --maxdepth 1 --classname 'Florence' call returned: [1, "", ""] [log] CLICK on (1007,762) [profile] Finder.findAll START [profile] Finder.findAll END: 251ms [profile] Finder.findAll START [profile] Finder.findAll END: 249ms [profile] Finder.findAll START [profile] Finder.findAll END: 239ms [profile] Finder.findAll START [profile] Finder.findAll END: 241ms [profile] Finder.findAll START [profile] Finder.findAll END: 241ms [profile] Finder.findAll START [profile] Finder.findAll END: 244ms [profile] Finder.findAll START [profile] Finder.findAll END: 243ms [profile] Finder.findAll START [profile] Finder.findAll END: 242ms [log] CLICK on (51,16) And I start Tails from DVD with network unplugged and I login # features/step_definitions/common_steps.rb:191 calling as root: tails-get-bootinfo kernel call returned: [0, "/lib/live/mount/medium/live/vmlinuz2\n", ""] Then the PAE kernel is running # features/step_definitions/erase_memory.rb:44 calling as root: free -m | awk '/^Mem:/ { print $2 }' call returned: [0, "8003\n", ""] And at least 8 GiB of RAM was detected # features/step_definitions/erase_memory.rb:62 Detected 8003 MiB of RAM calling as root: pidof -x -o '%PPID' memlockd call returned: [0, "1418\n", ""] And process "memlockd" is running # features/step_definitions/common_steps.rb:490 calling as root: pidof -x -o '%PPID' udev-watchdog call returned: [0, "1442\n", ""] And process "udev-watchdog" is running # features/step_definitions/common_steps.rb:490 calling as root: ps -wweo cmd call returned: [0, "CMD\n/sbin/init config nopersistence noprompt splash noautologin slab_nomerge autotest_never_use_this_option\n[kthreadd]\n[ksoftirqd/0]\n[kworker/0:0]\n[kworker/0:0H]\n[kworker/u2:0]\n[rcu_sched]\n[rcu_bh]\n[migration/0]\n[watchdog/0]\n[khelper]\n[kdevtmpfs]\n[netns]\n[khungtaskd]\n[writeback]\n[ksmd]\n[khugepaged]\n[crypto]\n[kintegrityd]\n[bioset]\n[kblockd]\n[kworker/0:1]\n[kswapd0]\n[vmstat]\n[fsnotify_mark]\n[kthrotld]\n[ipv6_addrconf]\n[deferwq]\n[kworker/u2:1]\n[ata_sff]\n[scsi_eh_0]\n[scsi_tmf_0]\n[scsi_eh_1]\n[scsi_tmf_1]\n[kworker/u2:2]\n[khubd]\n[kworker/u2:3]\n[kworker/0:2]\n[kworker/0:3]\n[kworker/0:1H]\n[loop0]\n/lib/systemd/systemd-journald\n[kauditd]\n/lib/systemd/systemd-udevd\n[vballoon]\n[kpsmoused]\n[hd-audio0]\n/usr/sbin/haveged --Foreground --verbose=1 --write=1024\n/usr/lib/accountsservice/accounts-daemon\n/bin/sh -c . /usr/local/lib/tails-shell-library/tor.sh ; while ! tor_is_working ; do /bin/sleep 1 ; done\n/usr/sbin/ModemManager\n/usr/sbin/cron -f\n/usr/bin/python3 /usr/local/lib/tails-autotest-remote-shell /dev/ttyS0\n/usr/bin/python /usr/local/lib/tor-controlport-filter\n/lib/systemd/systemd-logind\n/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation\n/usr/sbin/ekeyd\n/usr/sbin/spice-vdagentd\n/usr/lib/policykit-1/polkitd --no-debug\n/usr/sbin/memlockd -f -u memlockd\n/bin/sh /usr/local/lib/udev-watchdog-wrapper\n/usr/local/sbin/udev-watchdog /devices/pci0000:00/0000:00:01.1/ata2/host1/target1:0:0/1:0:0:0/block/sr0 cd\n/usr/sbin/gdm3\n/usr/bin/Xorg :0 -novtswitch -background none -noreset -verbose 3 -auth /var/run/gdm3/auth-for-Debian-gdm-QM1Eum/database -seat seat0 -nolisten tcp vt7\n/sbin/agetty --noclear tty1 linux\n/lib/systemd/systemd --user\n(sd-pam) \n/usr/bin/spice-vdagent\n/usr/lib/upower/upowerd\n/usr/lib/colord/colord\n/lib/systemd/systemd-localed\ngdm-session-worker [pam/gdm-autologin]\n/lib/systemd/systemd --user\n(sd-pam) \nx-session-manager\ndbus-launch --autolaunch=ac1a47fec32e73c20d0d14a2069ad59c --binary-syntax --close-stderr\n/usr/bin/dbus-daemon --fork --print-pid 5 --print-address 7 --session\n/usr/bin/gpg-agent --daemon --sh --write-env-file=/home/amnesia/.gnupg/gpg-agent-info-amnesia /usr/bin/dbus-launch --exit-with-session /usr/bin/monkeysphere-validation-agent x-session-manager\n/usr/bin/dbus-launch --exit-with-session /usr/bin/monkeysphere-validation-agent x-session-manager\n/usr/bin/dbus-daemon --fork --print-pid 4 --print-address 6 --session\n/usr/bin/perl -wT /usr/bin/monkeysphere-validation-agent x-session-manager\n/usr/lib/at-spi2-core/at-spi-bus-launcher\n/usr/bin/dbus-daemon --config-file=/etc/at-spi2/accessibility.conf --nofork --print-address 3\n/usr/lib/at-spi2-core/at-spi2-registryd --use-gnome-session\n/usr/lib/gvfs/gvfsd\n/usr/lib/gnome-settings-daemon/gnome-settings-daemon\n/usr/bin/pulseaudio --start\n/usr/bin/spice-vdagent\n/usr/bin/gnome-keyring-daemon --start --components=secrets\n/usr/lib/gvfs/gvfs-udisks2-volume-monitor\n/usr/lib/udisks2/udisksd --no-debug\n/usr/lib/gvfs/gvfs-mtp-volume-monitor\n/usr/lib/gvfs/gvfs-gphoto2-volume-monitor\n/usr/lib/gvfs/gvfs-goa-volume-monitor\n/usr/lib/gvfs/gvfs-afc-volume-monitor\n/usr/bin/gnome-shell\n/lib/systemd/systemd-hostnamed\n/usr/sbin/cupsd -f\n/usr/lib/gnome-settings-daemon/gsd-printer\n/usr/lib/dconf/dconf-service\n/usr/sbin/NetworkManager --no-daemon\n[cfg80211]\nibus-daemon --xim --panel disable\n/bin/sh /usr/local/lib/start-systemd-desktop-target\nnautilus -n\nflorence\n/usr/bin/perl /usr/local/bin/gpgApplet\nnm-applet\n/bin/systemctl --user start desktop.target\nflorence\n/usr/lib/i386-linux-gnu/gconf/gconfd-2\n/bin/sh -c [ \"$(/usr/bin/id -u)\" = 1000 ] || exit 0 ; while ! [ -e /run/tor-has-bootstrapped/done ] ; do /bin/sleep 1 ; done\n/usr/lib/ibus/ibus-dconf\n/usr/lib/ibus/ibus-x11 --kill-daemon\n/usr/lib/ibus/ibus-engine-simple\n/usr/lib/gvfs/gvfsd-trash --spawner :1.5 /org/gtk/gvfs/exec_spaw/0\n/usr/lib/gvfs/gvfsd-burn --spawner :1.5 /org/gtk/gvfs/exec_spaw/1\n/usr/lib/gvfs/gvfsd-metadata\n/bin/sleep 1\n/bin/sh -c ps -wweo cmd\nps -wweo cmd\n/bin/sleep 1\n", ""] calling as root: cat /sys/devices/pci0000:00/0000:00:01.1/ata2/host1/target1:0:0/1:0:0:0/block/sr0/dev call returned: [0, "11:0\n", ""] calling as root: readlink -f /dev/block/'11:0' call returned: [0, "/dev/sr0\n", ""] calling as root: udevadm info --device-id-of-file=/lib/live/mount/medium call returned: [0, "11:0\n", ""] calling as root: readlink -f /dev/block/'11:0' call returned: [0, "/dev/sr0\n", ""] And udev-watchdog is monitoring the correct device # features/step_definitions/erase_memory.rb:19 calling as root: echo 3 > /proc/sys/vm/drop_caches call returned: [0, "", ""] calling as root: sysctl vm.oom_kill_allocating_task=0 call returned: [0, "vm.oom_kill_allocating_task = 0\n", ""] calling as root: sysctl vm.oom_dump_tasks=0 call returned: [0, "vm.oom_dump_tasks = 0\n", ""] calling as root: sysctl vm.overcommit_memory=0 call returned: [0, "vm.overcommit_memory = 0\n", ""] calling as root: sysctl vm.min_free_kbytes=65536 call returned: [0, "vm.min_free_kbytes = 65536\n", ""] calling as root: sysctl vm.admin_reserve_kbytes=131072 call returned: [0, "vm.admin_reserve_kbytes = 131072\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "465\n", ""] spawning as amnesia: sh -c 'echo 1000 > /proc/$$/oom_score_adj && exec /usr/local/sbin/fillram'; killall fillram spawning as amnesia: sh -c 'echo 1000 > /proc/$$/oom_score_adj && exec /usr/local/sbin/fillram'; killall fillram spawning as amnesia: sh -c 'echo 1000 > /proc/$$/oom_score_adj && exec /usr/local/sbin/fillram'; killall fillram spawning as amnesia: sh -c 'echo 1000 > /proc/$$/oom_score_adj && exec /usr/local/sbin/fillram'; killall fillram spawning as amnesia: sh -c 'echo 1000 > /proc/$$/oom_score_adj && exec /usr/local/sbin/fillram'; killall fillram spawning as amnesia: sh -c 'echo 1000 > /proc/$$/oom_score_adj && exec /usr/local/sbin/fillram'; killall fillram spawning as amnesia: sh -c 'echo 1000 > /proc/$$/oom_score_adj && exec /usr/local/sbin/fillram'; killall fillram spawning as amnesia: sh -c 'echo 1000 > /proc/$$/oom_score_adj && exec /usr/local/sbin/fillram'; killall fillram calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3173 3158 3144 3129 3114 3100 3086 3071\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "586\n", ""] Memory fill progress: 10% calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3173 3158 3144 3129 3114 3100 3086 3071\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "691\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3173 3158 3144 3129 3114 3100 3086 3071\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "814\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3173 3158 3144 3129 3114 3100 3086 3071\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "935\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3173 3158 3144 3129 3114 3100 3086 3071\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "1050\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3173 3158 3144 3129 3114 3100 3086 3071\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "1155\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3173 3158 3144 3129 3114 3100 3086 3071\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "1265\n", ""] Memory fill progress: 20% calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3173 3158 3144 3129 3114 3100 3086 3071\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "1379\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3173 3158 3144 3129 3114 3100 3086 3071\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "1503\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3173 3158 3144 3129 3114 3100 3086 3071\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "1609\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3173 3158 3144 3129 3114 3100 3086 3071\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "1729\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3173 3158 3144 3129 3114 3100 3086 3071\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "1824\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3173 3158 3144 3129 3114 3100 3086 3071\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "1935\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3173 3158 3144 3129 3114 3100 3086 3071\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "2042\n", ""] Memory fill progress: 30% calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3173 3158 3144 3129 3114 3100 3086 3071\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "2164\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3173 3158 3144 3129 3114 3100 3086 3071\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "2278\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3173 3158 3144 3129 3114 3100 3086 3071\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "2405\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3173 3158 3144 3129 3114 3100 3086 3071\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "2519\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3173 3158 3144 3129 3114 3100 3086 3071\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "2644\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3173 3158 3144 3129 3114 3100 3086 3071\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "2770\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3173 3158 3144 3129 3114 3100 3086 3071\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "2899\n", ""] Memory fill progress: 40% calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3173 3158 3144 3129 3114 3100 3086 3071\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "3027\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3173 3158 3144 3129 3114 3100 3086 3071\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "3148\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3173 3158 3144 3129 3114 3100 3086 3071\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "3270\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3173 3158 3144 3129 3114 3100 3086 3071\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "3394\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3173 3158 3144 3129 3114 3100 3086 3071\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "3521\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3173 3158 3144 3129 3114 3100 3086 3071\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "3644\n", ""] Memory fill progress: 50% calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3173 3158 3144 3129 3114 3100 3086 3071\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "3763\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3173 3158 3144 3129 3114 3100 3086 3071\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "3883\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3173 3158 3144 3129 3114 3100 3086 3071\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "4011\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3173 3158 3144 3129 3114 3100 3086 3071\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "4131\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3173 3158 3144 3129 3114 3100 3086 3071\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "4255\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3173 3158 3144 3129 3114 3100 3086 3071\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "4374\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3173 3158 3144 3129 3114 3100 3086 3071\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "4496\n", ""] Memory fill progress: 60% calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3173 3158 3144 3129 3114 3100 3086 3071\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "4621\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3173 3158 3144 3129 3114 3100 3086 3071\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "4746\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3173 3158 3144 3129 3114 3100 3086 3071\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "4871\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3173 3158 3144 3129 3114 3100 3086 3071\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "4996\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3173 3158 3144 3129 3114 3100 3086 3071\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "5118\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3173 3158 3144 3129 3114 3100 3086 3071\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "5240\n", ""] Memory fill progress: 70% calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3173 3158 3144 3129 3114 3100 3086 3071\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "5364\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3173 3158 3144 3129 3114 3100 3086 3071\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "5488\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3173 3158 3144 3129 3114 3100 3086 3071\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "5613\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3173 3158 3144 3129 3114 3100 3086 3071\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "5729\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3173 3158 3144 3129 3114 3100 3086 3071\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "5854\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3173 3158 3144 3129 3114 3100 3086 3071\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "5975\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3173 3158 3144 3129 3114 3100 3086 3071\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "6100\n", ""] Memory fill progress: 80% calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3173 3158 3144 3129 3114 3100 3086 3071\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "6224\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3173 3158 3144 3129 3114 3100 3086 3071\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "6350\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3173 3158 3144 3129 3114 3100 3086 3071\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "6473\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3173 3158 3144 3129 3114 3100 3086 3071\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "6596\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3173 3158 3144 3129 3114 3100 3086 3071\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "6720\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3173 3158 3144 3129 3114 3100 3086 3071\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "6846\n", ""] Memory fill progress: 90% calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3173 3158 3144 3129 3114 3100 3086 3071\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "6969\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3173 3158 3144 3129 3114 3100 3086 3071\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "7095\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3173 3158 3144 3129 3114 3100 3086 3071\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "7219\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3173 3158 3144 3129 3114 3100 3086 3071\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "7342\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3173 3158 3144 3129 3114 3100 3086 3071\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "7466\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3173 3158 3144 3129 3114 3100 3086 3071\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "7589\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3173 3158 3144 3129 3114 3100 3086 3071\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "7714\n", ""] Memory fill progress: 100% calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3173 3158 3144 3129 3114 3100 3086 3071\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "7837\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3173 3158 3144 3129 3114 3100 3086 3071\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "457\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [1, "", ""] Memory fill progress: finished When I fill the guest's memory with a known pattern without verifying # features/step_definitions/erase_memory.rb:100 And I reboot without wiping the memory # features/step_definitions/erase_memory.rb:198 [log] TYPE " " And I stop the boot at the bootloader menu # features/step_definitions/erase_memory.rb:202 Then I find many patterns in the guest's memory # features/step_definitions/erase_memory.rb:190 Pattern coverage: 100.339% (7370 MiB out of 7346 MiB initial free memory) Scenario: Anti-test: no memory erasure on an old computer # features/erase_memory.feature:40 Given a computer # features/step_definitions/common_steps.rb:122 And the computer is an old pentium without the PAE extension # features/step_definitions/erase_memory.rb:29 And the computer has 8 GiB of RAM # features/step_definitions/common_steps.rb:127 And I set Tails to boot with options "debug=wipemem" # features/step_definitions/common_steps.rb:180 [log] CLICK on (1024,384) [log] TYPE " " [log] TYPE " autotest_never_use_this_option blacklist=psmouse debug=wipemem " calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] calling as root: service tor status call returned: [3, "\u25cf tor.service - Anonymizing overlay network for TCP (multi-instance-master)\n Loaded: loaded (/lib/systemd/system/tor.service; disabled)\n Active: inactive (dead)\n", ""] calling as root: echo 'TestingTorNetwork 1 AssumeReachable 1 PathsNeededToBuildCircuits 0.25 TestingBridgeDownloadSchedule 0, 5 TestingClientConsensusDownloadSchedule 0, 5 TestingClientDownloadSchedule 0, 5 TestingDirAuthVoteExit * TestingDirAuthVoteGuard * TestingDirAuthVoteHSDir * TestingMinExitFlagThreshold 0 V3AuthNIntervalsValid 2 ClientRejectInternalAddresses 1 AlternateDirAuthority test000auth orport=5000 no-v2 hs v3ident=F331DEF03340024E27063D865A4A0D11A21420ED 10.2.1.1:7000 AE0896F267595CC58A3F8432998765FCF1AD1A6D AlternateDirAuthority test001auth orport=5001 no-v2 hs v3ident=5228B82B1FA52163CD2938D9880D62F7FDAEC7BE 10.2.1.1:7001 A4B46490D9F3E18CB9FA4DE4973114C9CDFC972A AlternateDirAuthority test002auth orport=5002 no-v2 hs v3ident=4989A61D959085B49A9855C38A8F69EE6099914C 10.2.1.1:7002 90944BF1079C2A7D6A77C41D62D10D7CCA44E27F AlternateDirAuthority test003auth orport=5003 no-v2 hs v3ident=2C590C78CC3BE6311EEDBFC7A6DA9883F80C40B8 10.2.1.1:7003 780C6EFF7CF37F05149E318488BE30F8F5E908F7 AlternateBridgeAuthority test004brauth orport=5004 no-v2 bridge 10.2.1.1:7004 FE7BB8E09C53B7354A1A5ABCC8F64C311A6D696A ' >> '/etc/tor/torrc' call returned: [0, "", ""] [log] CLICK on (642,449) calling as root: test -e '/etc/sudoers.d/tails-greeter' -o -e '/etc/sudoers.d/tails-greeter-no-password-lecture' call returned: [1, "", ""] calling as root: test -e '/etc/sudoers.d/tails-greeter' -o -e '/etc/sudoers.d/tails-greeter-no-password-lecture' call returned: [0, "", ""] calling as amnesia: gsettings set org.gnome.desktop.session idle-delay 0 call returned: [0, "", ""] calling as amnesia: gsettings set org.gnome.desktop.interface toolkit-accessibility true call returned: [0, "", ""] calling as amnesia: xdotool search --all --onlyvisible --maxdepth 1 --classname 'Florence' call returned: [1, "", ""] [log] CLICK on (1007,762) [profile] Finder.findAll START [profile] Finder.findAll END: 295ms [profile] Finder.findAll START [profile] Finder.findAll END: 279ms [profile] Finder.findAll START [profile] Finder.findAll END: 276ms [profile] Finder.findAll START [profile] Finder.findAll END: 271ms [profile] Finder.findAll START [profile] Finder.findAll END: 319ms [profile] Finder.findAll START [profile] Finder.findAll END: 297ms [profile] Finder.findAll START [profile] Finder.findAll END: 274ms [log] CLICK on (51,16) And I start Tails from DVD with network unplugged and I login # features/step_definitions/common_steps.rb:191 calling as root: tails-get-bootinfo kernel call returned: [0, "/lib/live/mount/medium/live/vmlinuz\n", ""] Then the non-PAE kernel is running # features/step_definitions/erase_memory.rb:49 calling as root: free -m | awk '/^Mem:/ { print $2 }' call returned: [0, "3548\n", ""] And at least 3500 MiB of RAM was detected # features/step_definitions/erase_memory.rb:62 Detected 3548 MiB of RAM calling as root: pidof -x -o '%PPID' memlockd call returned: [0, "1349\n", ""] And process "memlockd" is running # features/step_definitions/common_steps.rb:490 calling as root: pidof -x -o '%PPID' udev-watchdog call returned: [0, "1381\n", ""] And process "udev-watchdog" is running # features/step_definitions/common_steps.rb:490 calling as root: ps -wweo cmd call returned: [0, "CMD\n/sbin/init config nopersistence noprompt splash noautologin slab_nomerge autotest_never_use_this_option\n[kthreadd]\n[ksoftirqd/0]\n[kworker/0:0]\n[kworker/0:0H]\n[kworker/u2:0]\n[watchdog/0]\n[khelper]\n[kdevtmpfs]\n[netns]\n[khungtaskd]\n[writeback]\n[ksmd]\n[crypto]\n[kintegrityd]\n[bioset]\n[kblockd]\n[kworker/0:1]\n[kswapd0]\n[fsnotify_mark]\n[kthrotld]\n[ipv6_addrconf]\n[deferwq]\n[kworker/u2:1]\n[khubd]\n[ata_sff]\n[scsi_eh_0]\n[scsi_tmf_0]\n[scsi_eh_1]\n[scsi_tmf_1]\n[kworker/u2:2]\n[kworker/u2:3]\n[kworker/0:2]\n[kworker/0:1H]\n[loop0]\n/lib/systemd/systemd-journald\n[kauditd]\n[kworker/0:3]\n/lib/systemd/systemd-udevd\n[kpsmoused]\n[vballoon]\n[hd-audio0]\n/usr/sbin/haveged --Foreground --verbose=1 --write=1024\n/usr/lib/accountsservice/accounts-daemon\n/bin/sh -c . /usr/local/lib/tails-shell-library/tor.sh ; while ! tor_is_working ; do /bin/sleep 1 ; done\n/usr/sbin/ModemManager\n/usr/sbin/cron -f\n/usr/bin/python3 /usr/local/lib/tails-autotest-remote-shell /dev/ttyS0\n/usr/bin/python /usr/local/lib/tor-controlport-filter\n/lib/systemd/systemd-logind\n/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation\n/usr/sbin/ekeyd\n/usr/lib/policykit-1/polkitd --no-debug\n/usr/sbin/memlockd -f -u memlockd\n/bin/sh /usr/local/lib/udev-watchdog-wrapper\n/usr/sbin/spice-vdagentd\n/usr/local/sbin/udev-watchdog /devices/pci0000:00/0000:00:01.1/ata2/host1/target1:0:0/1:0:0:0/block/sr0 cd\n/usr/sbin/gdm3\n/usr/bin/Xorg :0 -novtswitch -background none -noreset -verbose 3 -auth /var/run/gdm3/auth-for-Debian-gdm-2wCON1/database -seat seat0 -nolisten tcp vt7\n/sbin/agetty --noclear tty1 linux\n/lib/systemd/systemd --user\n(sd-pam) \n/usr/bin/spice-vdagent\n/usr/lib/upower/upowerd\n/usr/lib/colord/colord\n/lib/systemd/systemd-localed\ngdm-session-worker [pam/gdm-autologin]\n/lib/systemd/systemd --user\n(sd-pam) \nx-session-manager\ndbus-launch --autolaunch=ac1a47fec32e73c20d0d14a2069ad59c --binary-syntax --close-stderr\n/usr/bin/dbus-daemon --fork --print-pid 5 --print-address 7 --session\n/usr/bin/gpg-agent --daemon --sh --write-env-file=/home/amnesia/.gnupg/gpg-agent-info-amnesia /usr/bin/dbus-launch --exit-with-session /usr/bin/monkeysphere-validation-agent x-session-manager\n/usr/bin/dbus-launch --exit-with-session /usr/bin/monkeysphere-validation-agent x-session-manager\n/usr/bin/dbus-daemon --fork --print-pid 4 --print-address 6 --session\n/usr/bin/perl -wT /usr/bin/monkeysphere-validation-agent x-session-manager\n/usr/lib/at-spi2-core/at-spi-bus-launcher\n/usr/bin/dbus-daemon --config-file=/etc/at-spi2/accessibility.conf --nofork --print-address 3\n/usr/lib/at-spi2-core/at-spi2-registryd --use-gnome-session\n/usr/lib/gvfs/gvfsd\n/usr/lib/gnome-settings-daemon/gnome-settings-daemon\n/usr/bin/pulseaudio --start\n/usr/bin/gnome-keyring-daemon --start --components=secrets\n/usr/bin/spice-vdagent\n/usr/lib/gvfs/gvfs-udisks2-volume-monitor\n/usr/lib/udisks2/udisksd --no-debug\n/usr/lib/gvfs/gvfs-mtp-volume-monitor\n/usr/lib/gvfs/gvfs-gphoto2-volume-monitor\n/usr/lib/gvfs/gvfs-goa-volume-monitor\n/usr/lib/gvfs/gvfs-afc-volume-monitor\n/usr/bin/gnome-shell\n/lib/systemd/systemd-hostnamed\n/usr/sbin/cupsd -f\n/usr/lib/gnome-settings-daemon/gsd-printer\n/usr/lib/dconf/dconf-service\n/usr/sbin/NetworkManager --no-daemon\n[cfg80211]\nibus-daemon --xim --panel disable\n/bin/sh /usr/local/lib/start-systemd-desktop-target\nnautilus -n\n/bin/systemctl --user start desktop.target\n/bin/sh -c [ \"$(/usr/bin/id -u)\" = 1000 ] || exit 0 ; while ! [ -e /run/tor-has-bootstrapped/done ] ; do /bin/sleep 1 ; done\nflorence\n/usr/bin/perl /usr/local/bin/gpgApplet\nnm-applet\nflorence\n/usr/lib/i386-linux-gnu/gconf/gconfd-2\n/usr/lib/ibus/ibus-dconf\n/usr/lib/ibus/ibus-x11 --kill-daemon\n/usr/lib/ibus/ibus-engine-simple\n/usr/lib/gvfs/gvfsd-trash --spawner :1.5 /org/gtk/gvfs/exec_spaw/0\n/usr/lib/gvfs/gvfsd-burn --spawner :1.5 /org/gtk/gvfs/exec_spaw/1\n/usr/lib/gvfs/gvfsd-metadata\n/bin/sleep 1\n/bin/sleep 1\n/bin/sh -c ps -wweo cmd\nps -wweo cmd\n", ""] calling as root: cat /sys/devices/pci0000:00/0000:00:01.1/ata2/host1/target1:0:0/1:0:0:0/block/sr0/dev call returned: [0, "11:0\n", ""] calling as root: readlink -f /dev/block/'11:0' call returned: [0, "/dev/sr0\n", ""] calling as root: udevadm info --device-id-of-file=/lib/live/mount/medium call returned: [0, "11:0\n", ""] calling as root: readlink -f /dev/block/'11:0' call returned: [0, "/dev/sr0\n", ""] And udev-watchdog is monitoring the correct device # features/step_definitions/erase_memory.rb:19 calling as root: echo 3 > /proc/sys/vm/drop_caches call returned: [0, "", ""] calling as root: sysctl vm.oom_kill_allocating_task=0 call returned: [0, "vm.oom_kill_allocating_task = 0\n", ""] calling as root: sysctl vm.oom_dump_tasks=0 call returned: [0, "vm.oom_dump_tasks = 0\n", ""] calling as root: sysctl vm.overcommit_memory=0 call returned: [0, "vm.overcommit_memory = 0\n", ""] calling as root: sysctl vm.min_free_kbytes=65536 call returned: [0, "vm.min_free_kbytes = 65536\n", ""] calling as root: sysctl vm.admin_reserve_kbytes=131072 call returned: [0, "vm.admin_reserve_kbytes = 131072\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "428\n", ""] spawning as amnesia: sh -c 'echo 1000 > /proc/$$/oom_score_adj && exec /usr/local/sbin/fillram'; killall fillram spawning as amnesia: sh -c 'echo 1000 > /proc/$$/oom_score_adj && exec /usr/local/sbin/fillram'; killall fillram spawning as amnesia: sh -c 'echo 1000 > /proc/$$/oom_score_adj && exec /usr/local/sbin/fillram'; killall fillram spawning as amnesia: sh -c 'echo 1000 > /proc/$$/oom_score_adj && exec /usr/local/sbin/fillram'; killall fillram calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3019 3003 2990 2976\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "477\n", ""] Memory fill progress: 10% calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3019 3003 2990 2976\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "558\n", ""] Memory fill progress: 20% calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3019 3003 2990 2976\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "652\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3019 3003 2990 2976\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "740\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3019 3003 2990 2976\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "836\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3019 3003 2990 2976\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "915\n", ""] Memory fill progress: 30% calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3019 3003 2990 2976\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "1012\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3019 3003 2990 2976\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "1104\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3019 3003 2990 2976\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "1202\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3019 3003 2990 2976\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "1301\n", ""] Memory fill progress: 40% calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3019 3003 2990 2976\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "1403\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3019 3003 2990 2976\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "1504\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3019 3003 2990 2976\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "1601\n", ""] Memory fill progress: 50% calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3019 3003 2990 2976\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "1698\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3019 3003 2990 2976\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "1798\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3019 3003 2990 2976\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "1887\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3019 3003 2990 2976\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "1982\n", ""] Memory fill progress: 60% calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3019 3003 2990 2976\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "2067\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3019 3003 2990 2976\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "2145\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3019 3003 2990 2976\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "2242\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3019 3003 2990 2976\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "2329\n", ""] Memory fill progress: 70% calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3019 3003 2990 2976\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "2428\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3019 3003 2990 2976\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "2526\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3019 3003 2990 2976\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "2624\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3019 3003 2990 2976\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "2720\n", ""] Memory fill progress: 80% calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3019 3003 2990 2976\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "2798\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3019 3003 2990 2976\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "2878\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3019 3003 2990 2976\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "2981\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3019 3003 2990 2976\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "3081\n", ""] Memory fill progress: 90% calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3019 3003 2990 2976\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "3162\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3019 3003 2990 2976\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "3252\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [0, "3019 3003 2990 2976\n", ""] calling as root: free -m | awk '/^Mem:/ { print $3 }' call returned: [0, "432\n", ""] calling as root: pidof -x -o '%PPID' fillram call returned: [1, "", ""] Memory fill progress: finished When I fill the guest's memory with a known pattern without verifying # features/step_definitions/erase_memory.rb:100 And I reboot without wiping the memory # features/step_definitions/erase_memory.rb:198 [log] TYPE " " And I stop the boot at the bootloader menu # features/step_definitions/erase_memory.rb:202 Then I find many patterns in the guest's memory # features/step_definitions/erase_memory.rb:190 Pattern coverage: 97.376% (2851 MiB out of 2928 MiB initial free memory) @product Feature: Untrusted partitions As a Tails user I don't want to touch other media than the one Tails runs from Scenario: Tails will not enable disk swap # features/untrusted_partitions.feature:6 Given a computer # features/step_definitions/common_steps.rb:122 And I temporarily create a 100 MiB disk named "swap" # features/step_definitions/common_steps.rb:139 libguestfs: trace: set_autosync true libguestfs: trace: set_autosync = 0 libguestfs: trace: add_drive "/tmp/TailsToaster/TailsToasterStorage/swap" "format:qcow2" libguestfs: trace: add_drive = 0 libguestfs: trace: launch libguestfs: trace: get_tmpdir libguestfs: trace: get_tmpdir = "/tmp/TailsToaster" libguestfs: trace: get_backend_setting "force_tcg" libguestfs: trace: get_backend_setting = NULL (error) libguestfs: trace: get_cachedir libguestfs: trace: get_cachedir = "/tmp/TailsToaster" libguestfs: trace: get_backend_setting "gdb" libguestfs: trace: get_backend_setting = NULL (error) libguestfs: trace: launch = 0 libguestfs: trace: list_devices libguestfs: trace: list_devices = ["/dev/sda"] libguestfs: trace: part_disk "/dev/sda" "gpt" libguestfs: trace: part_disk = 0 libguestfs: trace: list_partitions libguestfs: trace: list_partitions = ["/dev/sda1"] libguestfs: trace: mkswap "/dev/sda1" libguestfs: trace: mkswap = 0 libguestfs: trace: close libguestfs: trace: internal_autosync libguestfs: trace: internal_autosync = 0 And I create a gpt swap partition on disk "swap" # features/step_definitions/untrusted_partitions.rb:1 And I plug ide drive "swap" # features/step_definitions/common_steps.rb:145 [log] CLICK on (1024,384) [log] TYPE " " [log] TYPE " autotest_never_use_this_option blacklist=psmouse " calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] calling as root: service tor status call returned: [3, "\u25cf tor.service - Anonymizing overlay network for TCP (multi-instance-master)\n Loaded: loaded (/lib/systemd/system/tor.service; disabled)\n Active: inactive (dead)\n", ""] calling as root: echo 'TestingTorNetwork 1 AssumeReachable 1 PathsNeededToBuildCircuits 0.25 TestingBridgeDownloadSchedule 0, 5 TestingClientConsensusDownloadSchedule 0, 5 TestingClientDownloadSchedule 0, 5 TestingDirAuthVoteExit * TestingDirAuthVoteGuard * TestingDirAuthVoteHSDir * TestingMinExitFlagThreshold 0 V3AuthNIntervalsValid 2 ClientRejectInternalAddresses 1 AlternateDirAuthority test000auth orport=5000 no-v2 hs v3ident=F331DEF03340024E27063D865A4A0D11A21420ED 10.2.1.1:7000 AE0896F267595CC58A3F8432998765FCF1AD1A6D AlternateDirAuthority test001auth orport=5001 no-v2 hs v3ident=5228B82B1FA52163CD2938D9880D62F7FDAEC7BE 10.2.1.1:7001 A4B46490D9F3E18CB9FA4DE4973114C9CDFC972A AlternateDirAuthority test002auth orport=5002 no-v2 hs v3ident=4989A61D959085B49A9855C38A8F69EE6099914C 10.2.1.1:7002 90944BF1079C2A7D6A77C41D62D10D7CCA44E27F AlternateDirAuthority test003auth orport=5003 no-v2 hs v3ident=2C590C78CC3BE6311EEDBFC7A6DA9883F80C40B8 10.2.1.1:7003 780C6EFF7CF37F05149E318488BE30F8F5E908F7 AlternateBridgeAuthority test004brauth orport=5004 no-v2 bridge 10.2.1.1:7004 FE7BB8E09C53B7354A1A5ABCC8F64C311A6D696A ' >> '/etc/tor/torrc' call returned: [0, "", ""] [log] CLICK on (642,449) calling as root: test -e '/etc/sudoers.d/tails-greeter' -o -e '/etc/sudoers.d/tails-greeter-no-password-lecture' call returned: [1, "", ""] calling as root: test -e '/etc/sudoers.d/tails-greeter' -o -e '/etc/sudoers.d/tails-greeter-no-password-lecture' call returned: [0, "", ""] calling as amnesia: gsettings set org.gnome.desktop.session idle-delay 0 call returned: [0, "", ""] calling as amnesia: gsettings set org.gnome.desktop.interface toolkit-accessibility true call returned: [0, "", ""] calling as amnesia: xdotool search --all --onlyvisible --maxdepth 1 --classname 'Florence' call returned: [1, "", ""] [log] CLICK on (1007,762) [profile] Finder.findAll START [profile] Finder.findAll END: 280ms [profile] Finder.findAll START [profile] Finder.findAll END: 280ms [profile] Finder.findAll START [profile] Finder.findAll END: 271ms [profile] Finder.findAll START [profile] Finder.findAll END: 302ms [profile] Finder.findAll START [profile] Finder.findAll END: 288ms [profile] Finder.findAll START [profile] Finder.findAll END: 241ms [profile] Finder.findAll START [profile] Finder.findAll END: 274ms [log] CLICK on (51,16) When I start Tails with network unplugged and I login # features/step_definitions/common_steps.rb:191 calling as root: blkid '/dev/sda' call returned: [0, "/dev/sda: PTUUID=\"a0b0a429-6ea2-47a6-ab7f-c3a8a9b0155d\" PTTYPE=\"gpt\"\n", ""] Then a "swap" partition was detected by Tails on drive "swap" # features/step_definitions/untrusted_partitions.rb:5 calling as root: tail -n+2 /proc/swaps call returned: [0, "", ""] calling as root: grep '^Swap' /proc/meminfo call returned: [0, "SwapCached: 0 kB\nSwapTotal: 0 kB\nSwapFree: 0 kB\n", ""] But Tails has no disk swap enabled # features/step_definitions/untrusted_partitions.rb:12 Scenario: Tails will detect LUKS-encrypted GPT partitions labeled "TailsData" stored on USB drives as persistence volumes when the removable flag is set # features/untrusted_partitions.feature:15 Given a computer # features/step_definitions/common_steps.rb:122 And I temporarily create a 100 MiB disk named "fake_TailsData" # features/step_definitions/common_steps.rb:139 libguestfs: trace: set_autosync true libguestfs: trace: set_autosync = 0 libguestfs: trace: add_drive "/tmp/TailsToaster/TailsToasterStorage/fake_TailsData" "format:qcow2" libguestfs: trace: add_drive = 0 libguestfs: trace: launch libguestfs: trace: get_tmpdir libguestfs: trace: get_tmpdir = "/tmp/TailsToaster" libguestfs: trace: get_backend_setting "force_tcg" libguestfs: trace: get_backend_setting = NULL (error) libguestfs: trace: get_cachedir libguestfs: trace: get_cachedir = "/tmp/TailsToaster" libguestfs: trace: get_backend_setting "gdb" libguestfs: trace: get_backend_setting = NULL (error) libguestfs: trace: launch = 0 libguestfs: trace: list_devices libguestfs: trace: list_devices = ["/dev/sda"] libguestfs: trace: part_disk "/dev/sda" "gpt" libguestfs: trace: part_disk = 0 libguestfs: trace: part_set_name "/dev/sda" 1 "TailsData" libguestfs: trace: part_set_name = 0 libguestfs: trace: list_partitions libguestfs: trace: list_partitions = ["/dev/sda1"] libguestfs: trace: luks_format "/dev/sda1" "***" 0 libguestfs: trace: luks_format = 0 libguestfs: trace: luks_open "/dev/sda1" "***" "sda1_unlocked" libguestfs: trace: luks_open = 0 libguestfs: trace: mkfs "ext4" "/dev/mapper/sda1_unlocked" libguestfs: trace: mkfs = 0 libguestfs: trace: luks_close "/dev/mapper/sda1_unlocked" libguestfs: trace: luks_close = 0 libguestfs: trace: close libguestfs: trace: internal_autosync libguestfs: trace: internal_autosync = 0 And I create a gpt partition labeled "TailsData" with an ext4 filesystem encrypted with password "asdf" on disk "fake_TailsData" # features/step_definitions/untrusted_partitions.rb:23 And I plug removable usb drive "fake_TailsData" # features/step_definitions/common_steps.rb:145 [log] CLICK on (1024,384) When I start the computer # features/step_definitions/common_steps.rb:184 [log] TYPE " " [log] TYPE " autotest_never_use_this_option blacklist=psmouse " calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] calling as root: service tor status call returned: [3, "\u25cf tor.service - Anonymizing overlay network for TCP (multi-instance-master)\n Loaded: loaded (/lib/systemd/system/tor.service; disabled)\n Active: inactive (dead)\n", ""] calling as root: echo 'TestingTorNetwork 1 AssumeReachable 1 PathsNeededToBuildCircuits 0.25 TestingBridgeDownloadSchedule 0, 5 TestingClientConsensusDownloadSchedule 0, 5 TestingClientDownloadSchedule 0, 5 TestingDirAuthVoteExit * TestingDirAuthVoteGuard * TestingDirAuthVoteHSDir * TestingMinExitFlagThreshold 0 V3AuthNIntervalsValid 2 ClientRejectInternalAddresses 1 AlternateDirAuthority test000auth orport=5000 no-v2 hs v3ident=F331DEF03340024E27063D865A4A0D11A21420ED 10.2.1.1:7000 AE0896F267595CC58A3F8432998765FCF1AD1A6D AlternateDirAuthority test001auth orport=5001 no-v2 hs v3ident=5228B82B1FA52163CD2938D9880D62F7FDAEC7BE 10.2.1.1:7001 A4B46490D9F3E18CB9FA4DE4973114C9CDFC972A AlternateDirAuthority test002auth orport=5002 no-v2 hs v3ident=4989A61D959085B49A9855C38A8F69EE6099914C 10.2.1.1:7002 90944BF1079C2A7D6A77C41D62D10D7CCA44E27F AlternateDirAuthority test003auth orport=5003 no-v2 hs v3ident=2C590C78CC3BE6311EEDBFC7A6DA9883F80C40B8 10.2.1.1:7003 780C6EFF7CF37F05149E318488BE30F8F5E908F7 AlternateBridgeAuthority test004brauth orport=5004 no-v2 bridge 10.2.1.1:7004 FE7BB8E09C53B7354A1A5ABCC8F64C311A6D696A ' >> '/etc/tor/torrc' call returned: [0, "", ""] And the computer boots Tails # features/step_definitions/common_steps.rb:273 calling as root: test -b /dev/sda call returned: [0, "", ""] Then drive "fake_TailsData" is detected by Tails # features/step_definitions/common_steps.rb:152 And Tails Greeter has detected a persistence partition # features/step_definitions/untrusted_partitions.rb:55 Scenario: Tails will not detect LUKS-encrypted GPT partitions labeled "TailsData" stored on USB drives as persistence volumes when the removable flag is unset # features/untrusted_partitions.feature:25 Given a computer # features/step_definitions/common_steps.rb:122 And I temporarily create a 100 MiB disk named "fake_TailsData" # features/step_definitions/common_steps.rb:139 libguestfs: trace: set_autosync true libguestfs: trace: set_autosync = 0 libguestfs: trace: add_drive "/tmp/TailsToaster/TailsToasterStorage/fake_TailsData" "format:qcow2" libguestfs: trace: add_drive = 0 libguestfs: trace: launch libguestfs: trace: get_tmpdir libguestfs: trace: get_tmpdir = "/tmp/TailsToaster" libguestfs: trace: get_backend_setting "force_tcg" libguestfs: trace: get_backend_setting = NULL (error) libguestfs: trace: get_cachedir libguestfs: trace: get_cachedir = "/tmp/TailsToaster" libguestfs: trace: get_backend_setting "gdb" libguestfs: trace: get_backend_setting = NULL (error) libguestfs: trace: launch = 0 libguestfs: trace: list_devices libguestfs: trace: list_devices = ["/dev/sda"] libguestfs: trace: part_disk "/dev/sda" "gpt" libguestfs: trace: part_disk = 0 libguestfs: trace: part_set_name "/dev/sda" 1 "TailsData" libguestfs: trace: part_set_name = 0 libguestfs: trace: list_partitions libguestfs: trace: list_partitions = ["/dev/sda1"] libguestfs: trace: luks_format "/dev/sda1" "***" 0 libguestfs: trace: luks_format = 0 libguestfs: trace: luks_open "/dev/sda1" "***" "sda1_unlocked" libguestfs: trace: luks_open = 0 libguestfs: trace: mkfs "ext4" "/dev/mapper/sda1_unlocked" libguestfs: trace: mkfs = 0 libguestfs: trace: luks_close "/dev/mapper/sda1_unlocked" libguestfs: trace: luks_close = 0 libguestfs: trace: close libguestfs: trace: internal_autosync libguestfs: trace: internal_autosync = 0 And I create a gpt partition labeled "TailsData" with an ext4 filesystem encrypted with password "asdf" on disk "fake_TailsData" # features/step_definitions/untrusted_partitions.rb:23 And I plug non-removable usb drive "fake_TailsData" # features/step_definitions/common_steps.rb:145 [log] CLICK on (1024,384) When I start the computer # features/step_definitions/common_steps.rb:184 [log] TYPE " " [log] TYPE " autotest_never_use_this_option blacklist=psmouse " calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] calling as root: service tor status call returned: [3, "\u25cf tor.service - Anonymizing overlay network for TCP (multi-instance-master)\n Loaded: loaded (/lib/systemd/system/tor.service; disabled)\n Active: inactive (dead)\n", ""] calling as root: echo 'TestingTorNetwork 1 AssumeReachable 1 PathsNeededToBuildCircuits 0.25 TestingBridgeDownloadSchedule 0, 5 TestingClientConsensusDownloadSchedule 0, 5 TestingClientDownloadSchedule 0, 5 TestingDirAuthVoteExit * TestingDirAuthVoteGuard * TestingDirAuthVoteHSDir * TestingMinExitFlagThreshold 0 V3AuthNIntervalsValid 2 ClientRejectInternalAddresses 1 AlternateDirAuthority test000auth orport=5000 no-v2 hs v3ident=F331DEF03340024E27063D865A4A0D11A21420ED 10.2.1.1:7000 AE0896F267595CC58A3F8432998765FCF1AD1A6D AlternateDirAuthority test001auth orport=5001 no-v2 hs v3ident=5228B82B1FA52163CD2938D9880D62F7FDAEC7BE 10.2.1.1:7001 A4B46490D9F3E18CB9FA4DE4973114C9CDFC972A AlternateDirAuthority test002auth orport=5002 no-v2 hs v3ident=4989A61D959085B49A9855C38A8F69EE6099914C 10.2.1.1:7002 90944BF1079C2A7D6A77C41D62D10D7CCA44E27F AlternateDirAuthority test003auth orport=5003 no-v2 hs v3ident=2C590C78CC3BE6311EEDBFC7A6DA9883F80C40B8 10.2.1.1:7003 780C6EFF7CF37F05149E318488BE30F8F5E908F7 AlternateBridgeAuthority test004brauth orport=5004 no-v2 bridge 10.2.1.1:7004 FE7BB8E09C53B7354A1A5ABCC8F64C311A6D696A ' >> '/etc/tor/torrc' call returned: [0, "", ""] And the computer boots Tails # features/step_definitions/common_steps.rb:273 calling as root: test -b /dev/sda call returned: [0, "", ""] Then drive "fake_TailsData" is detected by Tails # features/step_definitions/common_steps.rb:152 And Tails Greeter has not detected a persistence partition # features/step_definitions/untrusted_partitions.rb:55 Scenario: Tails will not detect LUKS-encrypted GPT partitions labeled "TailsData" stored on local hard drives as persistence volumes # features/untrusted_partitions.feature:35 Given a computer # features/step_definitions/common_steps.rb:122 And I temporarily create a 100 MiB disk named "fake_TailsData" # features/step_definitions/common_steps.rb:139 libguestfs: trace: set_autosync true libguestfs: trace: set_autosync = 0 libguestfs: trace: add_drive "/tmp/TailsToaster/TailsToasterStorage/fake_TailsData" "format:qcow2" libguestfs: trace: add_drive = 0 libguestfs: trace: launch libguestfs: trace: get_tmpdir libguestfs: trace: get_tmpdir = "/tmp/TailsToaster" libguestfs: trace: get_backend_setting "force_tcg" libguestfs: trace: get_backend_setting = NULL (error) libguestfs: trace: get_cachedir libguestfs: trace: get_cachedir = "/tmp/TailsToaster" libguestfs: trace: get_backend_setting "gdb" libguestfs: trace: get_backend_setting = NULL (error) libguestfs: trace: launch = 0 libguestfs: trace: list_devices libguestfs: trace: list_devices = ["/dev/sda"] libguestfs: trace: part_disk "/dev/sda" "gpt" libguestfs: trace: part_disk = 0 libguestfs: trace: part_set_name "/dev/sda" 1 "TailsData" libguestfs: trace: part_set_name = 0 libguestfs: trace: list_partitions libguestfs: trace: list_partitions = ["/dev/sda1"] libguestfs: trace: luks_format "/dev/sda1" "***" 0 libguestfs: trace: luks_format = 0 libguestfs: trace: luks_open "/dev/sda1" "***" "sda1_unlocked" libguestfs: trace: luks_open = 0 libguestfs: trace: mkfs "ext4" "/dev/mapper/sda1_unlocked" libguestfs: trace: mkfs = 0 libguestfs: trace: luks_close "/dev/mapper/sda1_unlocked" libguestfs: trace: luks_close = 0 libguestfs: trace: close libguestfs: trace: internal_autosync libguestfs: trace: internal_autosync = 0 And I create a gpt partition labeled "TailsData" with an ext4 filesystem encrypted with password "asdf" on disk "fake_TailsData" # features/step_definitions/untrusted_partitions.rb:23 And I plug ide drive "fake_TailsData" # features/step_definitions/common_steps.rb:145 When I start the computer # features/step_definitions/common_steps.rb:184 [log] CLICK on (1024,384) [log] TYPE " " [log] TYPE " autotest_never_use_this_option blacklist=psmouse " calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] calling as root: service tor status call returned: [3, "\u25cf tor.service - Anonymizing overlay network for TCP (multi-instance-master)\n Loaded: loaded (/lib/systemd/system/tor.service; disabled)\n Active: inactive (dead)\n", ""] calling as root: echo 'TestingTorNetwork 1 AssumeReachable 1 PathsNeededToBuildCircuits 0.25 TestingBridgeDownloadSchedule 0, 5 TestingClientConsensusDownloadSchedule 0, 5 TestingClientDownloadSchedule 0, 5 TestingDirAuthVoteExit * TestingDirAuthVoteGuard * TestingDirAuthVoteHSDir * TestingMinExitFlagThreshold 0 V3AuthNIntervalsValid 2 ClientRejectInternalAddresses 1 AlternateDirAuthority test000auth orport=5000 no-v2 hs v3ident=F331DEF03340024E27063D865A4A0D11A21420ED 10.2.1.1:7000 AE0896F267595CC58A3F8432998765FCF1AD1A6D AlternateDirAuthority test001auth orport=5001 no-v2 hs v3ident=5228B82B1FA52163CD2938D9880D62F7FDAEC7BE 10.2.1.1:7001 A4B46490D9F3E18CB9FA4DE4973114C9CDFC972A AlternateDirAuthority test002auth orport=5002 no-v2 hs v3ident=4989A61D959085B49A9855C38A8F69EE6099914C 10.2.1.1:7002 90944BF1079C2A7D6A77C41D62D10D7CCA44E27F AlternateDirAuthority test003auth orport=5003 no-v2 hs v3ident=2C590C78CC3BE6311EEDBFC7A6DA9883F80C40B8 10.2.1.1:7003 780C6EFF7CF37F05149E318488BE30F8F5E908F7 AlternateBridgeAuthority test004brauth orport=5004 no-v2 bridge 10.2.1.1:7004 FE7BB8E09C53B7354A1A5ABCC8F64C311A6D696A ' >> '/etc/tor/torrc' call returned: [0, "", ""] And the computer boots Tails # features/step_definitions/common_steps.rb:273 calling as root: test -b /dev/sda call returned: [0, "", ""] Then drive "fake_TailsData" is detected by Tails # features/step_definitions/common_steps.rb:152 And Tails Greeter has not detected a persistence partition # features/step_definitions/untrusted_partitions.rb:55 Scenario: Tails can boot from live systems stored on hard drives # features/untrusted_partitions.feature:45 Given a computer # features/step_definitions/common_steps.rb:122 And I temporarily create a 2 GiB disk named "live_hd" # features/step_definitions/common_steps.rb:139 libguestfs: trace: set_autosync true libguestfs: trace: set_autosync = 0 libguestfs: trace: add_drive "/var/lib/jenkins/workspace/test_Tails_ISO_test-11394-symmetric-encryption-with-openpgp-aplet-is-fragile/tmp/tails-i386-test_11394-symmetric-encryption-with-openpgp-aplet-is-fragile-2.4.1-20160613T0937Z-eba1538+stable@dadd01c.iso" "readonly:true" "format:raw" libguestfs: trace: get_tmpdir libguestfs: trace: get_tmpdir = "/tmp/TailsToaster" libguestfs: trace: disk_create "/tmp/TailsToaster/libguestfsjGL0Pt/overlay1" "qcow2" -1 "backingfile:/var/lib/jenkins/workspace/test_Tails_ISO_test-11394-symmetric-encryption-with-openpgp-aplet-is-fragile/tmp/tails-i386-test_11394-symmetric-encryption-with-openpgp-aplet-is-fragile-2.4.1-20160613T0937Z-eba1538+stable@dadd01c.iso" "backingformat:raw" libguestfs: trace: disk_create = 0 libguestfs: trace: add_drive = 0 libguestfs: trace: add_drive "/tmp/TailsToaster/TailsToasterStorage/live_hd" "format:qcow2" libguestfs: trace: add_drive = 0 libguestfs: trace: launch libguestfs: trace: get_backend_setting "force_tcg" libguestfs: trace: get_backend_setting = NULL (error) libguestfs: trace: get_cachedir libguestfs: trace: get_cachedir = "/tmp/TailsToaster" libguestfs: trace: get_backend_setting "gdb" libguestfs: trace: get_backend_setting = NULL (error) libguestfs: trace: launch = 0 libguestfs: trace: list_devices libguestfs: trace: list_devices = ["/dev/sda", "/dev/sdb"] libguestfs: trace: copy_device_to_device "/dev/sda" "/dev/sdb" libguestfs: trace: copy_device_to_device = 0 libguestfs: trace: close libguestfs: trace: internal_autosync libguestfs: trace: internal_autosync = 0 And I cat an ISO of the Tails image to disk "live_hd" # features/step_definitions/untrusted_partitions.rb:30 And the computer is set to boot from ide drive "live_hd" # features/step_definitions/common_steps.rb:135 And I set Tails to boot with options "live-media=" # features/step_definitions/common_steps.rb:180 [log] CLICK on (1024,384) [log] TYPE " " [log] TYPE " autotest_never_use_this_option blacklist=psmouse live-media= " calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] calling as root: service tor status call returned: [3, "\u25cf tor.service - Anonymizing overlay network for TCP (multi-instance-master)\n Loaded: loaded (/lib/systemd/system/tor.service; disabled)\n Active: inactive (dead)\n", ""] calling as root: echo 'TestingTorNetwork 1 AssumeReachable 1 PathsNeededToBuildCircuits 0.25 TestingBridgeDownloadSchedule 0, 5 TestingClientConsensusDownloadSchedule 0, 5 TestingClientDownloadSchedule 0, 5 TestingDirAuthVoteExit * TestingDirAuthVoteGuard * TestingDirAuthVoteHSDir * TestingMinExitFlagThreshold 0 V3AuthNIntervalsValid 2 ClientRejectInternalAddresses 1 AlternateDirAuthority test000auth orport=5000 no-v2 hs v3ident=F331DEF03340024E27063D865A4A0D11A21420ED 10.2.1.1:7000 AE0896F267595CC58A3F8432998765FCF1AD1A6D AlternateDirAuthority test001auth orport=5001 no-v2 hs v3ident=5228B82B1FA52163CD2938D9880D62F7FDAEC7BE 10.2.1.1:7001 A4B46490D9F3E18CB9FA4DE4973114C9CDFC972A AlternateDirAuthority test002auth orport=5002 no-v2 hs v3ident=4989A61D959085B49A9855C38A8F69EE6099914C 10.2.1.1:7002 90944BF1079C2A7D6A77C41D62D10D7CCA44E27F AlternateDirAuthority test003auth orport=5003 no-v2 hs v3ident=2C590C78CC3BE6311EEDBFC7A6DA9883F80C40B8 10.2.1.1:7003 780C6EFF7CF37F05149E318488BE30F8F5E908F7 AlternateBridgeAuthority test004brauth orport=5004 no-v2 bridge 10.2.1.1:7004 FE7BB8E09C53B7354A1A5ABCC8F64C311A6D696A ' >> '/etc/tor/torrc' call returned: [0, "", ""] [log] CLICK on (642,449) calling as root: test -e '/etc/sudoers.d/tails-greeter' -o -e '/etc/sudoers.d/tails-greeter-no-password-lecture' call returned: [1, "", ""] calling as root: test -e '/etc/sudoers.d/tails-greeter' -o -e '/etc/sudoers.d/tails-greeter-no-password-lecture' call returned: [0, "", ""] calling as amnesia: gsettings set org.gnome.desktop.session idle-delay 0 call returned: [0, "", ""] calling as amnesia: gsettings set org.gnome.desktop.interface toolkit-accessibility true call returned: [0, "", ""] calling as amnesia: xdotool search --all --onlyvisible --maxdepth 1 --classname 'Florence' call returned: [1, "", ""] [log] CLICK on (1007,762) [profile] Finder.findAll START [profile] Finder.findAll END: 280ms [profile] Finder.findAll START [profile] Finder.findAll END: 245ms [profile] Finder.findAll START [profile] Finder.findAll END: 269ms [profile] Finder.findAll START [profile] Finder.findAll END: 250ms [profile] Finder.findAll START [profile] Finder.findAll END: 286ms [profile] Finder.findAll START [profile] Finder.findAll END: 256ms [profile] Finder.findAll START [profile] Finder.findAll END: 272ms [log] CLICK on (51,16) When I start Tails with network unplugged and I login # features/step_definitions/common_steps.rb:191 calling as root: udevadm info --device-id-of-file=/lib/live/mount/medium call returned: [0, "8:1\n", ""] calling as root: readlink -f /dev/block/'8:1' call returned: [0, "/dev/sda1\n", ""] calling as root: udevadm info --query=property --name='/dev/sda1' call returned: [0, "DEVLINKS=/dev/disk/by-id/ata-QEMU_HARDDISK_QM00001-part1 /dev/disk/by-label/TAILS\\x202.4.1\\x20-\\x2020160613 /dev/disk/by-uuid/2016-06-13-10-26-46-00\nDEVNAME=/dev/sda1\nDEVPATH=/devices/pci0000:00/0000:00:01.1/ata1/host0/target0:0:0/0:0:0:0/block/sda/sda1\nDEVTYPE=partition\nID_ATA=1\nID_ATA_FEATURE_SET_SMART=1\nID_ATA_FEATURE_SET_SMART_ENABLED=1\nID_ATA_WRITE_CACHE=1\nID_ATA_WRITE_CACHE_ENABLED=1\nID_BUS=ata\nID_FS_APPLICATION_ID=The\\x20Amnesic\\x20Incognito\\x20Live\\x20System\nID_FS_BOOT_SYSTEM_ID=EL\\x20TORITO\\x20SPECIFICATION\nID_FS_LABEL=TAILS_2.4.1_-_20160613\nID_FS_LABEL_ENC=TAILS\\x202.4.1\\x20-\\x2020160613\nID_FS_PUBLISHER_ID=https:\\x2f\\x2ftails.boum.org\\x2f\nID_FS_SYSTEM_ID=LINUX\nID_FS_TYPE=iso9660\nID_FS_USAGE=filesystem\nID_FS_UUID=2016-06-13-10-26-46-00\nID_FS_UUID_ENC=2016-06-13-10-26-46-00\nID_FS_VERSION=Joliet Extension\nID_MODEL=QEMU_HARDDISK\nID_MODEL_ENC=QEMU\\x20HARDDISK\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\nID_PART_ENTRY_DISK=8:0\nID_PART_ENTRY_FLAGS=0x80\nID_PART_ENTRY_NUMBER=1\nID_PART_ENTRY_OFFSET=0\nID_PART_ENTRY_SCHEME=dos\nID_PART_ENTRY_SIZE=2233035\nID_PART_ENTRY_TYPE=0x17\nID_PART_ENTRY_UUID=6b8b4567-01\nID_PART_TABLE_TYPE=dos\nID_PART_TABLE_UUID=6b8b4567\nID_REVISION=0.15\nID_SERIAL=QEMU_HARDDISK_QM00001\nID_SERIAL_SHORT=QM00001\nID_TYPE=disk\nMAJOR=8\nMINOR=1\nSUBSYSTEM=block\nTAGS=:systemd:\nUDISKS_IGNORE=1\nUSEC_INITIALIZED=53497\n", ""] calling as root: udevadm info --device-id-of-file=/lib/live/mount/medium call returned: [0, "8:1\n", ""] calling as root: readlink -f /dev/block/'8:1' call returned: [0, "/dev/sda1\n", ""] Then Tails is running from ide drive "live_hd" # features/step_definitions/usb.rb:395 Scenario: Tails booting from a DVD does not use live systems stored on hard drives # features/untrusted_partitions.feature:54 Given a computer # features/step_definitions/common_steps.rb:122 And I temporarily create a 2 GiB disk named "live_hd" # features/step_definitions/common_steps.rb:139 libguestfs: trace: set_autosync true libguestfs: trace: set_autosync = 0 libguestfs: trace: add_drive "/var/lib/jenkins/workspace/test_Tails_ISO_test-11394-symmetric-encryption-with-openpgp-aplet-is-fragile/tmp/tails-i386-test_11394-symmetric-encryption-with-openpgp-aplet-is-fragile-2.4.1-20160613T0937Z-eba1538+stable@dadd01c.iso" "readonly:true" "format:raw" libguestfs: trace: get_tmpdir libguestfs: trace: get_tmpdir = "/tmp/TailsToaster" libguestfs: trace: disk_create "/tmp/TailsToaster/libguestfsl1p0KI/overlay1" "qcow2" -1 "backingfile:/var/lib/jenkins/workspace/test_Tails_ISO_test-11394-symmetric-encryption-with-openpgp-aplet-is-fragile/tmp/tails-i386-test_11394-symmetric-encryption-with-openpgp-aplet-is-fragile-2.4.1-20160613T0937Z-eba1538+stable@dadd01c.iso" "backingformat:raw" libguestfs: trace: disk_create = 0 libguestfs: trace: add_drive = 0 libguestfs: trace: add_drive "/tmp/TailsToaster/TailsToasterStorage/live_hd" "format:qcow2" libguestfs: trace: add_drive = 0 libguestfs: trace: launch libguestfs: trace: get_backend_setting "force_tcg" libguestfs: trace: get_backend_setting = NULL (error) libguestfs: trace: get_cachedir libguestfs: trace: get_cachedir = "/tmp/TailsToaster" libguestfs: trace: get_backend_setting "gdb" libguestfs: trace: get_backend_setting = NULL (error) libguestfs: trace: launch = 0 libguestfs: trace: list_devices libguestfs: trace: list_devices = ["/dev/sda", "/dev/sdb"] libguestfs: trace: copy_device_to_device "/dev/sda" "/dev/sdb" libguestfs: trace: copy_device_to_device = 0 libguestfs: trace: close libguestfs: trace: internal_autosync libguestfs: trace: internal_autosync = 0 And I cat an ISO of the Tails image to disk "live_hd" # features/step_definitions/untrusted_partitions.rb:30 And I plug ide drive "live_hd" # features/step_definitions/common_steps.rb:145 [log] CLICK on (1024,384) [log] TYPE " " [log] TYPE " autotest_never_use_this_option blacklist=psmouse " calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] calling as root: service tor status call returned: [3, "\u25cf tor.service - Anonymizing overlay network for TCP (multi-instance-master)\n Loaded: loaded (/lib/systemd/system/tor.service; disabled)\n Active: inactive (dead)\n", ""] calling as root: echo 'TestingTorNetwork 1 AssumeReachable 1 PathsNeededToBuildCircuits 0.25 TestingBridgeDownloadSchedule 0, 5 TestingClientConsensusDownloadSchedule 0, 5 TestingClientDownloadSchedule 0, 5 TestingDirAuthVoteExit * TestingDirAuthVoteGuard * TestingDirAuthVoteHSDir * TestingMinExitFlagThreshold 0 V3AuthNIntervalsValid 2 ClientRejectInternalAddresses 1 AlternateDirAuthority test000auth orport=5000 no-v2 hs v3ident=F331DEF03340024E27063D865A4A0D11A21420ED 10.2.1.1:7000 AE0896F267595CC58A3F8432998765FCF1AD1A6D AlternateDirAuthority test001auth orport=5001 no-v2 hs v3ident=5228B82B1FA52163CD2938D9880D62F7FDAEC7BE 10.2.1.1:7001 A4B46490D9F3E18CB9FA4DE4973114C9CDFC972A AlternateDirAuthority test002auth orport=5002 no-v2 hs v3ident=4989A61D959085B49A9855C38A8F69EE6099914C 10.2.1.1:7002 90944BF1079C2A7D6A77C41D62D10D7CCA44E27F AlternateDirAuthority test003auth orport=5003 no-v2 hs v3ident=2C590C78CC3BE6311EEDBFC7A6DA9883F80C40B8 10.2.1.1:7003 780C6EFF7CF37F05149E318488BE30F8F5E908F7 AlternateBridgeAuthority test004brauth orport=5004 no-v2 bridge 10.2.1.1:7004 FE7BB8E09C53B7354A1A5ABCC8F64C311A6D696A ' >> '/etc/tor/torrc' call returned: [0, "", ""] [log] CLICK on (642,449) calling as root: test -e '/etc/sudoers.d/tails-greeter' -o -e '/etc/sudoers.d/tails-greeter-no-password-lecture' call returned: [1, "", ""] calling as root: test -e '/etc/sudoers.d/tails-greeter' -o -e '/etc/sudoers.d/tails-greeter-no-password-lecture' call returned: [0, "", ""] calling as amnesia: gsettings set org.gnome.desktop.session idle-delay 0 call returned: [0, "", ""] calling as amnesia: gsettings set org.gnome.desktop.interface toolkit-accessibility true call returned: [0, "", ""] calling as amnesia: xdotool search --all --onlyvisible --maxdepth 1 --classname 'Florence' call returned: [1, "", ""] [log] CLICK on (1007,762) [profile] Finder.findAll START [profile] Finder.findAll END: 316ms [profile] Finder.findAll START [profile] Finder.findAll END: 251ms [profile] Finder.findAll START [profile] Finder.findAll END: 245ms [profile] Finder.findAll START [profile] Finder.findAll END: 239ms [profile] Finder.findAll START [profile] Finder.findAll END: 238ms [profile] Finder.findAll START [profile] Finder.findAll END: 283ms [profile] Finder.findAll START [profile] Finder.findAll END: 279ms [log] CLICK on (51,16) And I start Tails from DVD with network unplugged and I login # features/step_definitions/common_steps.rb:191 calling as root: test -b /dev/sda call returned: [0, "", ""] Then drive "live_hd" is detected by Tails # features/step_definitions/common_steps.rb:152 calling as root: grep -qs '^/dev/sda' /proc/mounts call returned: [1, "", ""] And drive "live_hd" is not mounted # features/step_definitions/untrusted_partitions.rb:49 Scenario: Booting Tails does not automount untrusted ext2 partitions # features/untrusted_partitions.feature:63 Given a computer # features/step_definitions/common_steps.rb:122 And I temporarily create a 100 MiB disk named "gpt_ext2" # features/step_definitions/common_steps.rb:139 libguestfs: trace: set_autosync true libguestfs: trace: set_autosync = 0 libguestfs: trace: add_drive "/tmp/TailsToaster/TailsToasterStorage/gpt_ext2" "format:qcow2" libguestfs: trace: add_drive = 0 libguestfs: trace: launch libguestfs: trace: get_tmpdir libguestfs: trace: get_tmpdir = "/tmp/TailsToaster" libguestfs: trace: get_backend_setting "force_tcg" libguestfs: trace: get_backend_setting = NULL (error) libguestfs: trace: get_cachedir libguestfs: trace: get_cachedir = "/tmp/TailsToaster" libguestfs: trace: get_backend_setting "gdb" libguestfs: trace: get_backend_setting = NULL (error) libguestfs: trace: launch = 0 libguestfs: trace: list_devices libguestfs: trace: list_devices = ["/dev/sda"] libguestfs: trace: part_disk "/dev/sda" "gpt" libguestfs: trace: part_disk = 0 libguestfs: trace: list_partitions libguestfs: trace: list_partitions = ["/dev/sda1"] libguestfs: trace: mkfs "ext2" "/dev/sda1" libguestfs: trace: mkfs = 0 libguestfs: trace: close libguestfs: trace: internal_autosync libguestfs: trace: internal_autosync = 0 And I create a gpt partition with an ext2 filesystem on disk "gpt_ext2" # features/step_definitions/untrusted_partitions.rb:23 And I plug ide drive "gpt_ext2" # features/step_definitions/common_steps.rb:145 [log] CLICK on (1024,384) [log] TYPE " " [log] TYPE " autotest_never_use_this_option blacklist=psmouse " calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] calling as root: service tor status call returned: [3, "\u25cf tor.service - Anonymizing overlay network for TCP (multi-instance-master)\n Loaded: loaded (/lib/systemd/system/tor.service; disabled)\n Active: inactive (dead)\n", ""] calling as root: echo 'TestingTorNetwork 1 AssumeReachable 1 PathsNeededToBuildCircuits 0.25 TestingBridgeDownloadSchedule 0, 5 TestingClientConsensusDownloadSchedule 0, 5 TestingClientDownloadSchedule 0, 5 TestingDirAuthVoteExit * TestingDirAuthVoteGuard * TestingDirAuthVoteHSDir * TestingMinExitFlagThreshold 0 V3AuthNIntervalsValid 2 ClientRejectInternalAddresses 1 AlternateDirAuthority test000auth orport=5000 no-v2 hs v3ident=F331DEF03340024E27063D865A4A0D11A21420ED 10.2.1.1:7000 AE0896F267595CC58A3F8432998765FCF1AD1A6D AlternateDirAuthority test001auth orport=5001 no-v2 hs v3ident=5228B82B1FA52163CD2938D9880D62F7FDAEC7BE 10.2.1.1:7001 A4B46490D9F3E18CB9FA4DE4973114C9CDFC972A AlternateDirAuthority test002auth orport=5002 no-v2 hs v3ident=4989A61D959085B49A9855C38A8F69EE6099914C 10.2.1.1:7002 90944BF1079C2A7D6A77C41D62D10D7CCA44E27F AlternateDirAuthority test003auth orport=5003 no-v2 hs v3ident=2C590C78CC3BE6311EEDBFC7A6DA9883F80C40B8 10.2.1.1:7003 780C6EFF7CF37F05149E318488BE30F8F5E908F7 AlternateBridgeAuthority test004brauth orport=5004 no-v2 bridge 10.2.1.1:7004 FE7BB8E09C53B7354A1A5ABCC8F64C311A6D696A ' >> '/etc/tor/torrc' call returned: [0, "", ""] [log] CLICK on (642,449) calling as root: test -e '/etc/sudoers.d/tails-greeter' -o -e '/etc/sudoers.d/tails-greeter-no-password-lecture' call returned: [1, "", ""] calling as root: test -e '/etc/sudoers.d/tails-greeter' -o -e '/etc/sudoers.d/tails-greeter-no-password-lecture' call returned: [0, "", ""] calling as amnesia: gsettings set org.gnome.desktop.session idle-delay 0 call returned: [0, "", ""] calling as amnesia: gsettings set org.gnome.desktop.interface toolkit-accessibility true call returned: [0, "", ""] calling as amnesia: xdotool search --all --onlyvisible --maxdepth 1 --classname 'Florence' call returned: [1, "", ""] [log] CLICK on (1007,762) [profile] Finder.findAll START [profile] Finder.findAll END: 267ms [profile] Finder.findAll START [profile] Finder.findAll END: 237ms [profile] Finder.findAll START [profile] Finder.findAll END: 231ms [profile] Finder.findAll START [profile] Finder.findAll END: 292ms [profile] Finder.findAll START [profile] Finder.findAll END: 299ms [profile] Finder.findAll START [profile] Finder.findAll END: 301ms [profile] Finder.findAll START [profile] Finder.findAll END: 283ms [log] CLICK on (51,16) And I start Tails from DVD with network unplugged and I login # features/step_definitions/common_steps.rb:191 calling as root: test -b /dev/sda call returned: [0, "", ""] Then drive "gpt_ext2" is detected by Tails # features/step_definitions/common_steps.rb:152 calling as root: grep -qs '^/dev/sda' /proc/mounts call returned: [1, "", ""] And drive "gpt_ext2" is not mounted # features/step_definitions/untrusted_partitions.rb:49 Scenario: Booting Tails does not automount untrusted fat32 partitions # features/untrusted_partitions.feature:72 Given a computer # features/step_definitions/common_steps.rb:122 And I temporarily create a 100 MiB disk named "msdos_fat32" # features/step_definitions/common_steps.rb:139 libguestfs: trace: set_autosync true libguestfs: trace: set_autosync = 0 libguestfs: trace: add_drive "/tmp/TailsToaster/TailsToasterStorage/msdos_fat32" "format:qcow2" libguestfs: trace: add_drive = 0 libguestfs: trace: launch libguestfs: trace: get_tmpdir libguestfs: trace: get_tmpdir = "/tmp/TailsToaster" libguestfs: trace: get_backend_setting "force_tcg" libguestfs: trace: get_backend_setting = NULL (error) libguestfs: trace: get_cachedir libguestfs: trace: get_cachedir = "/tmp/TailsToaster" libguestfs: trace: get_backend_setting "gdb" libguestfs: trace: get_backend_setting = NULL (error) libguestfs: trace: launch = 0 libguestfs: trace: list_devices libguestfs: trace: list_devices = ["/dev/sda"] libguestfs: trace: part_disk "/dev/sda" "msdos" libguestfs: trace: part_disk = 0 libguestfs: trace: list_partitions libguestfs: trace: list_partitions = ["/dev/sda1"] libguestfs: trace: mkfs "vfat" "/dev/sda1" libguestfs: trace: mkfs = 0 libguestfs: trace: close libguestfs: trace: internal_autosync libguestfs: trace: internal_autosync = 0 And I create an msdos partition with a vfat filesystem on disk "msdos_fat32" # features/step_definitions/untrusted_partitions.rb:23 And I plug ide drive "msdos_fat32" # features/step_definitions/common_steps.rb:145 [log] CLICK on (1024,384) [log] TYPE " " calling as root: echo 'hello?' [log] TYPE " autotest_never_use_this_option blacklist=psmouse " call returned: [0, "hello?\n", ""] calling as root: service tor status call returned: [3, "\u25cf tor.service - Anonymizing overlay network for TCP (multi-instance-master)\n Loaded: loaded (/lib/systemd/system/tor.service; disabled)\n Active: inactive (dead)\n", ""] calling as root: echo 'TestingTorNetwork 1 AssumeReachable 1 PathsNeededToBuildCircuits 0.25 TestingBridgeDownloadSchedule 0, 5 TestingClientConsensusDownloadSchedule 0, 5 TestingClientDownloadSchedule 0, 5 TestingDirAuthVoteExit * TestingDirAuthVoteGuard * TestingDirAuthVoteHSDir * TestingMinExitFlagThreshold 0 V3AuthNIntervalsValid 2 ClientRejectInternalAddresses 1 AlternateDirAuthority test000auth orport=5000 no-v2 hs v3ident=F331DEF03340024E27063D865A4A0D11A21420ED 10.2.1.1:7000 AE0896F267595CC58A3F8432998765FCF1AD1A6D AlternateDirAuthority test001auth orport=5001 no-v2 hs v3ident=5228B82B1FA52163CD2938D9880D62F7FDAEC7BE 10.2.1.1:7001 A4B46490D9F3E18CB9FA4DE4973114C9CDFC972A AlternateDirAuthority test002auth orport=5002 no-v2 hs v3ident=4989A61D959085B49A9855C38A8F69EE6099914C 10.2.1.1:7002 90944BF1079C2A7D6A77C41D62D10D7CCA44E27F AlternateDirAuthority test003auth orport=5003 no-v2 hs v3ident=2C590C78CC3BE6311EEDBFC7A6DA9883F80C40B8 10.2.1.1:7003 780C6EFF7CF37F05149E318488BE30F8F5E908F7 AlternateBridgeAuthority test004brauth orport=5004 no-v2 bridge 10.2.1.1:7004 FE7BB8E09C53B7354A1A5ABCC8F64C311A6D696A ' >> '/etc/tor/torrc' call returned: [0, "", ""] [log] CLICK on (642,449) calling as root: test -e '/etc/sudoers.d/tails-greeter' -o -e '/etc/sudoers.d/tails-greeter-no-password-lecture' call returned: [1, "", ""] calling as root: test -e '/etc/sudoers.d/tails-greeter' -o -e '/etc/sudoers.d/tails-greeter-no-password-lecture' call returned: [0, "", ""] calling as amnesia: gsettings set org.gnome.desktop.session idle-delay 0 call returned: [0, "", ""] calling as amnesia: gsettings set org.gnome.desktop.interface toolkit-accessibility true call returned: [0, "", ""] calling as amnesia: xdotool search --all --onlyvisible --maxdepth 1 --classname 'Florence' call returned: [1, "", ""] [log] CLICK on (1007,762) [profile] Finder.findAll START [profile] Finder.findAll END: 235ms [profile] Finder.findAll START [profile] Finder.findAll END: 292ms [profile] Finder.findAll START [profile] Finder.findAll END: 272ms [profile] Finder.findAll START [profile] Finder.findAll END: 254ms [profile] Finder.findAll START [profile] Finder.findAll END: 304ms [profile] Finder.findAll START [profile] Finder.findAll END: 298ms [profile] Finder.findAll START [profile] Finder.findAll END: 277ms [log] CLICK on (51,16) And I start Tails from DVD with network unplugged and I login # features/step_definitions/common_steps.rb:191 calling as root: test -b /dev/sda call returned: [0, "", ""] Then drive "msdos_fat32" is detected by Tails # features/step_definitions/common_steps.rb:152 calling as root: grep -qs '^/dev/sda' /proc/mounts call returned: [1, "", ""] And drive "msdos_fat32" is not mounted # features/step_definitions/untrusted_partitions.rb:49 @product Feature: Installing packages through APT As a Tails user when I set an administration password in Tails Greeter I should be able to install packages using APT and Synaptic and all Internet traffic should flow only through Tor. Background: # features/apt.feature:8 Checkpoint: I have started Tails from DVD without network and stopped at Tails Greeter's login screen Given the network is unplugged [log] CLICK on (1024,384) And I start the computer [log] TYPE " " [log] TYPE " autotest_never_use_this_option blacklist=psmouse " calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] calling as root: service tor status call returned: [3, "\u25cf tor.service - Anonymizing overlay network for TCP (multi-instance-master)\n Loaded: loaded (/lib/systemd/system/tor.service; disabled)\n Active: inactive (dead)\n", ""] calling as root: echo 'TestingTorNetwork 1 AssumeReachable 1 PathsNeededToBuildCircuits 0.25 TestingBridgeDownloadSchedule 0, 5 TestingClientConsensusDownloadSchedule 0, 5 TestingClientDownloadSchedule 0, 5 TestingDirAuthVoteExit * TestingDirAuthVoteGuard * TestingDirAuthVoteHSDir * TestingMinExitFlagThreshold 0 V3AuthNIntervalsValid 2 ClientRejectInternalAddresses 1 AlternateDirAuthority test000auth orport=5000 no-v2 hs v3ident=F331DEF03340024E27063D865A4A0D11A21420ED 10.2.1.1:7000 AE0896F267595CC58A3F8432998765FCF1AD1A6D AlternateDirAuthority test001auth orport=5001 no-v2 hs v3ident=5228B82B1FA52163CD2938D9880D62F7FDAEC7BE 10.2.1.1:7001 A4B46490D9F3E18CB9FA4DE4973114C9CDFC972A AlternateDirAuthority test002auth orport=5002 no-v2 hs v3ident=4989A61D959085B49A9855C38A8F69EE6099914C 10.2.1.1:7002 90944BF1079C2A7D6A77C41D62D10D7CCA44E27F AlternateDirAuthority test003auth orport=5003 no-v2 hs v3ident=2C590C78CC3BE6311EEDBFC7A6DA9883F80C40B8 10.2.1.1:7003 780C6EFF7CF37F05149E318488BE30F8F5E908F7 AlternateBridgeAuthority test004brauth orport=5004 no-v2 bridge 10.2.1.1:7004 FE7BB8E09C53B7354A1A5ABCC8F64C311A6D696A ' >> '/etc/tor/torrc' call returned: [0, "", ""] And the computer boots Tails calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [1, "", "eth0: error fetching interface information: Device not found\n"] calling as root: date -s '@1465815630' call returned: [0, "Mon Jun 13 11:00:30 UTC 2016\n", ""] Checkpoint: I have started Tails from DVD without network and logged in with an administration password Given I have started Tails from DVD without network and stopped at Tails Greeter's login screen [log] CLICK on (433,404) [log] CLICK on (643,447) And I enable more Tails Greeter options [log] TYPE "asdf" [log] TYPE " " [log] TYPE "asdf" And I set an administration password [log] CLICK on (812,712) calling as root: test -e '/etc/sudoers.d/tails-greeter' -o -e '/etc/sudoers.d/tails-greeter-no-password-lecture' call returned: [1, "", ""] calling as root: test -e '/etc/sudoers.d/tails-greeter' -o -e '/etc/sudoers.d/tails-greeter-no-password-lecture' call returned: [0, "", ""] calling as amnesia: gsettings set org.gnome.desktop.session idle-delay 0 call returned: [0, "", ""] calling as amnesia: gsettings set org.gnome.desktop.interface toolkit-accessibility true call returned: [0, "", ""] calling as amnesia: xdotool search --all --onlyvisible --maxdepth 1 --classname 'Florence' call returned: [1, "", ""] And I log in to a new session calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [1, "", ""] calling as root: date -s '@1465815671' call returned: [0, "Mon Jun 13 11:01:11 UTC 2016\n", ""] Checkpoint: I have started Tails from DVD and logged in with an administration password and the network is connected Given I have started Tails from DVD without network and logged in with an administration password And the network is plugged calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [0, "", ""] calling as root: test -e /var/run/tordate/done call returned: [0, "", ""] calling as root: test -e /var/run/htpdate/success call returned: [1, "", ""] calling as root: test -e /var/run/htpdate/success call returned: [1, "", ""] calling as root: test -e /var/run/htpdate/success call returned: [0, "", ""] calling as root: systemctl is-system-running call returned: [0, "running\n", ""] And Tor is ready [log] CLICK on (1007,762) [profile] Finder.findAll START [profile] Finder.findAll END: 76ms [log] CLICK on (991,697) [log] CLICK on (990,584) [log] CLICK on (51,16) And all notifications have disappeared calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [0, "", ""] And available upgrades have been checked Given I have started Tails from DVD and logged in with an administration password and the network is connected # features/step_definitions/snapshots.rb:199 Scenario: APT sources are configured correctly # features/apt.feature:11 calling as root: cat /etc/apt/sources.list /etc/apt/sources.list.d/* call returned: [0, "# /etc/apt/sources.list\n\ndeb tor+http://ftp.us.debian.org/debian/ jessie main contrib non-free\ndeb tor+http://security.debian.org/ jessie/updates main contrib non-free\ndeb tor+http://ftp.us.debian.org/debian/ jessie-backports main contrib non-free\ndeb tor+http://ftp.us.debian.org/debian/ sid main contrib non-free\ndeb tor+http://deb.tails.boum.org/ stable main\ndeb tor+http://ftp.us.debian.org/debian/ stretch main contrib non-free\ndeb tor+http://deb.torproject.org/torproject.org/ obfs4proxy main\ndeb tor+http://deb.torproject.org/torproject.org/ jessie main\ndeb tor+http://deb.torproject.org/torproject.org/ sid main\n", ""] Then the only hosts in APT sources are "ftp.us.debian.org,security.debian.org,deb.tails.boum.org,deb.torproject.org" # features/step_definitions/apt.rb:3 @product Feature: I2P As a Tails user I *might* want to use I2P Scenario: I2P is disabled by default # features/i2p.feature:6 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [1, "", "eth0: error fetching interface information: Device not found\n"] calling as root: date -s '@1465815726' call returned: [0, "Mon Jun 13 11:02:06 UTC 2016\n", ""] Checkpoint: I have started Tails from DVD without network and logged in Given I have started Tails from DVD without network and stopped at Tails Greeter's login screen [log] CLICK on (642,449) calling as root: test -e '/etc/sudoers.d/tails-greeter' -o -e '/etc/sudoers.d/tails-greeter-no-password-lecture' call returned: [1, "", ""] calling as root: test -e '/etc/sudoers.d/tails-greeter' -o -e '/etc/sudoers.d/tails-greeter-no-password-lecture' call returned: [0, "", ""] calling as amnesia: gsettings set org.gnome.desktop.session idle-delay 0 call returned: [0, "", ""] calling as amnesia: gsettings set org.gnome.desktop.interface toolkit-accessibility true call returned: [0, "", ""] calling as amnesia: xdotool search --all --onlyvisible --maxdepth 1 --classname 'Florence' call returned: [1, "", ""] And I log in to a new session Given I have started Tails from DVD without network and logged in # features/step_definitions/snapshots.rb:199 calling as root: test -e /usr/share/applications/i2p-browser.desktop call returned: [1, "", ""] Then the I2P Browser desktop file is not present # features/step_definitions/i2p.rb:27 calling as root: test -e /etc/sudoers.d/zzz_i2pbrowser call returned: [1, "", ""] And the I2P Browser sudo rules are not present # features/step_definitions/i2p.rb:32 calling as root: getent passwd i2psvc | awk -F ':' '{print $3}' call returned: [0, "116\n", ""] calling as root: iptables -L -n -v | grep -E '^ +[0-9]+ +[0-9]+ +ACCEPT.*owner UID match 116$' call returned: [1, "", ""] calling as root: id -u clearnet call returned: [0, "117\n", ""] calling as root: id -u debian-tor call returned: [0, "107\n", ""] calling as root: iptables-save -c -t filter | iptables-xml call returned: [0, "\n\n \n \n \n \n \n ESTABLISHED\n \n \n \n \n \n\n \n\n \n \n \n lo\n \n \n \n \n \n\n \n\n \n \n \n \n \n ESTABLISHED\n \n \n \n \n \n\n \n\n \n \n \n lo\n

icmp

\n
\n \n RELATED\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n 9050\n FIN,SYN,RST,ACK SYN\n \n \n 0\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n 9050\n FIN,SYN,RST,ACK SYN\n \n \n 13\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n 9050\n FIN,SYN,RST,ACK SYN\n \n \n 65534\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n FIN,SYN,RST,ACK SYN\n \n \n 9050,9061,9062,9150\n \n \n 1000\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n 9062\n FIN,SYN,RST,ACK SYN\n \n \n 118\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n 9062\n FIN,SYN,RST,ACK SYN\n \n \n 121\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n 9062\n FIN,SYN,RST,ACK SYN\n \n \n 122\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n 9051\n \n \n 124\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n 9051\n \n \n 0\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n 9052\n \n \n 1000\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n 9040\n \n \n 1000\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

udp

\n
\n \n 53\n \n \n 1000\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

udp

\n
\n \n 5353\n \n \n 1000\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.2/32\n lo\n

udp

\n
\n \n 53\n \n \n 1000\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.2/32\n lo\n

tcp

\n
\n \n 53\n FIN,SYN,RST,ACK SYN\n \n \n 1000\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n 4101\n FIN,SYN,RST,ACK SYN\n \n \n 1000\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n 631\n FIN,SYN,RST,ACK SYN\n \n \n 1000\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n 6136\n FIN,SYN,RST,ACK SYN\n \n \n 1000\n \n
\n \n \n \n\n
\n\n \n \n \n lo\n

tcp

\n
\n \n 117\n \n
\n \n \n \n\n
\n\n \n \n \n lo\n

udp

\n
\n \n 117\n \n \n 53\n \n
\n \n \n \n\n
\n\n \n \n \n 10.0.0.0/8\n \n \n \n \n \n \n \n\n \n\n \n \n \n 172.16.0.0/12\n \n \n \n \n \n \n \n\n \n\n \n \n \n 192.168.0.0/16\n \n \n \n \n \n \n \n\n \n\n \n \n \n

tcp

\n
\n \n 107\n \n \n FIN,SYN,RST,ACK SYN\n \n \n NEW\n \n
\n \n \n \n\n
\n\n \n \n \n "Dropped outbound packet: "\n 7\n \n \n \n\n \n\n \n \n \n icmp-port-unreachable\n \n \n\n \n\n
\n \n \n \n \n

tcp

\n
\n \n 53\n \n
\n \n \n icmp-port-unreachable\n \n \n\n
\n\n \n \n \n

udp

\n
\n \n 53\n \n
\n \n \n icmp-port-unreachable\n \n \n\n
\n\n \n \n \n 116\n \n \n \n \n icmp-port-unreachable\n \n \n\n \n\n \n \n \n \n\n \n\n
\n \n
\n\n
\n", ""] And the I2P firewall rules are disabled # features/step_definitions/i2p.rb:37 Scenario: I2P is enabled when the "i2p" boot parameter is added # features/i2p.feature:12 Checkpoint: I have started Tails from DVD with I2P enabled and logged in Given I set Tails to boot with options "i2p" And the network is unplugged [log] CLICK on (1024,384) And I start the computer [log] TYPE " " [log] TYPE " autotest_never_use_this_option blacklist=psmouse i2p " calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] calling as root: service tor status call returned: [3, "\u25cf tor.service - Anonymizing overlay network for TCP (multi-instance-master)\n Loaded: loaded (/lib/systemd/system/tor.service; disabled)\n Active: inactive (dead)\n", ""] calling as root: echo 'TestingTorNetwork 1 AssumeReachable 1 PathsNeededToBuildCircuits 0.25 TestingBridgeDownloadSchedule 0, 5 TestingClientConsensusDownloadSchedule 0, 5 TestingClientDownloadSchedule 0, 5 TestingDirAuthVoteExit * TestingDirAuthVoteGuard * TestingDirAuthVoteHSDir * TestingMinExitFlagThreshold 0 V3AuthNIntervalsValid 2 ClientRejectInternalAddresses 1 AlternateDirAuthority test000auth orport=5000 no-v2 hs v3ident=F331DEF03340024E27063D865A4A0D11A21420ED 10.2.1.1:7000 AE0896F267595CC58A3F8432998765FCF1AD1A6D AlternateDirAuthority test001auth orport=5001 no-v2 hs v3ident=5228B82B1FA52163CD2938D9880D62F7FDAEC7BE 10.2.1.1:7001 A4B46490D9F3E18CB9FA4DE4973114C9CDFC972A AlternateDirAuthority test002auth orport=5002 no-v2 hs v3ident=4989A61D959085B49A9855C38A8F69EE6099914C 10.2.1.1:7002 90944BF1079C2A7D6A77C41D62D10D7CCA44E27F AlternateDirAuthority test003auth orport=5003 no-v2 hs v3ident=2C590C78CC3BE6311EEDBFC7A6DA9883F80C40B8 10.2.1.1:7003 780C6EFF7CF37F05149E318488BE30F8F5E908F7 AlternateBridgeAuthority test004brauth orport=5004 no-v2 bridge 10.2.1.1:7004 FE7BB8E09C53B7354A1A5ABCC8F64C311A6D696A ' >> '/etc/tor/torrc' call returned: [0, "", ""] And the computer boots Tails [log] CLICK on (642,449) calling as root: test -e '/etc/sudoers.d/tails-greeter' -o -e '/etc/sudoers.d/tails-greeter-no-password-lecture' call returned: [1, "", ""] calling as root: test -e '/etc/sudoers.d/tails-greeter' -o -e '/etc/sudoers.d/tails-greeter-no-password-lecture' call returned: [0, "", ""] calling as amnesia: gsettings set org.gnome.desktop.session idle-delay 0 call returned: [0, "", ""] calling as amnesia: gsettings set org.gnome.desktop.interface toolkit-accessibility true call returned: [0, "", ""] calling as amnesia: xdotool search --all --onlyvisible --maxdepth 1 --classname 'Florence' call returned: [1, "", ""] And I log in to a new session Given I have started Tails from DVD with I2P enabled and logged in # features/step_definitions/snapshots.rb:199 calling as root: test -e /usr/share/applications/i2p-browser.desktop call returned: [0, "", ""] Then the I2P Browser desktop file is present # features/step_definitions/i2p.rb:27 calling as root: test -e /etc/sudoers.d/zzz_i2pbrowser call returned: [0, "", ""] And the I2P Browser sudo rules are present # features/step_definitions/i2p.rb:32 calling as root: getent passwd i2psvc | awk -F ':' '{print $3}' call returned: [0, "116\n", ""] calling as root: iptables -L -n -v | grep -E '^ +[0-9]+ +[0-9]+ +ACCEPT.*owner UID match 116$' call returned: [0, " 0 0 ACCEPT udp -- * lo 0.0.0.0/0 127.0.0.1 udp dpt:5353 owner UID match 116\n 0 0 ACCEPT tcp -- * lo 0.0.0.0/0 127.0.0.1 tcp flags:0x17/0x02 multiport dports 7658,7659,7660 owner UID match 116\n 0 0 ACCEPT tcp -- * lo 0.0.0.0/0 127.0.0.1 tcp spt:31000 dpt:32000 owner UID match 116\n 0 0 ACCEPT tcp -- * lo 0.0.0.0/0 127.0.0.1 tcp spt:31000 dpt:32001 owner UID match 116\n 0 0 ACCEPT tcp -- * lo 0.0.0.0/0 127.0.0.1 tcp spt:31000 dpt:32002 owner UID match 116\n 0 0 ACCEPT tcp -- * lo 0.0.0.0/0 127.0.0.1 tcp spt:31001 dpt:32000 owner UID match 116\n 0 0 ACCEPT tcp -- * lo 0.0.0.0/0 127.0.0.1 tcp spt:31001 dpt:32001 owner UID match 116\n 0 0 ACCEPT tcp -- * lo 0.0.0.0/0 127.0.0.1 tcp spt:31001 dpt:32002 owner UID match 116\n 0 0 ACCEPT tcp -- * lo 0.0.0.0/0 127.0.0.1 tcp spt:31002 dpt:32000 owner UID match 116\n 0 0 ACCEPT tcp -- * lo 0.0.0.0/0 127.0.0.1 tcp spt:31002 dpt:32001 owner UID match 116\n 0 0 ACCEPT tcp -- * lo 0.0.0.0/0 127.0.0.1 tcp spt:31002 dpt:32002 owner UID match 116\n 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 owner UID match 116\n 0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 owner UID match 116\n", ""] calling as root: id -u clearnet call returned: [0, "117\n", ""] calling as root: id -u i2psvc call returned: [0, "116\n", ""] calling as root: id -u debian-tor call returned: [0, "107\n", ""] calling as root: iptables-save -c -t filter | iptables-xml call returned: [0, "\n\n \n \n \n \n \n ESTABLISHED\n \n \n \n \n \n\n \n\n \n \n \n lo\n \n \n \n \n \n\n \n\n \n \n \n \n \n ESTABLISHED\n \n \n \n \n \n\n \n\n \n \n \n lo\n

icmp

\n
\n \n RELATED\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n 9050\n FIN,SYN,RST,ACK SYN\n \n \n 0\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n 9050\n FIN,SYN,RST,ACK SYN\n \n \n 13\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n 9050\n FIN,SYN,RST,ACK SYN\n \n \n 65534\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n FIN,SYN,RST,ACK SYN\n \n \n 9050,9061,9062,9150\n \n \n 1000\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n 9062\n FIN,SYN,RST,ACK SYN\n \n \n 118\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n 9062\n FIN,SYN,RST,ACK SYN\n \n \n 121\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n 9062\n FIN,SYN,RST,ACK SYN\n \n \n 122\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n 9051\n \n \n 124\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n 9051\n \n \n 0\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n 9052\n \n \n 1000\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n 9040\n \n \n 1000\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

udp

\n
\n \n 53\n \n \n 1000\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

udp

\n
\n \n 5353\n \n \n 1000\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

udp

\n
\n \n 5353\n \n \n 116\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.2/32\n lo\n

udp

\n
\n \n 53\n \n \n 1000\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.2/32\n lo\n

tcp

\n
\n \n 53\n FIN,SYN,RST,ACK SYN\n \n \n 1000\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n 4101\n FIN,SYN,RST,ACK SYN\n \n \n 1000\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n FIN,SYN,RST,ACK SYN\n \n \n 6668,7656,7659,7660,8998\n \n \n 1000\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n FIN,SYN,RST,ACK SYN\n \n \n 7658,7659,7660\n \n \n 116\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n FIN,SYN,RST,ACK SYN\n \n \n 4444,7657,7658\n \n \n 119\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n 31000\n 32000\n \n \n 116\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n 31000\n 32001\n \n \n 116\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n 31000\n 32002\n \n \n 116\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n 31001\n 32000\n \n \n 116\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n 31001\n 32001\n \n \n 116\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n 31001\n 32002\n \n \n 116\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n 31002\n 32000\n \n \n 116\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n 31002\n 32001\n \n \n 116\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n 31002\n 32002\n \n \n 116\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n 631\n FIN,SYN,RST,ACK SYN\n \n \n 1000\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n 6136\n FIN,SYN,RST,ACK SYN\n \n \n 1000\n \n
\n \n \n \n\n
\n\n \n \n \n lo\n

tcp

\n
\n \n 117\n \n
\n \n \n \n\n
\n\n \n \n \n lo\n

udp

\n
\n \n 117\n \n \n 53\n \n
\n \n \n \n\n
\n\n \n \n \n 10.0.0.0/8\n \n \n \n \n \n \n \n\n \n\n \n \n \n 172.16.0.0/12\n \n \n \n \n \n \n \n\n \n\n \n \n \n 192.168.0.0/16\n \n \n \n \n \n \n \n\n \n\n \n \n \n

tcp

\n
\n \n 107\n \n \n FIN,SYN,RST,ACK SYN\n \n \n NEW\n \n
\n \n \n \n\n
\n\n \n \n \n lo\n

tcp

\n
\n \n 116\n \n
\n \n \n \n\n
\n\n \n \n \n lo\n

udp

\n
\n \n 116\n \n
\n \n \n \n\n
\n\n \n \n \n "Dropped outbound packet: "\n 7\n \n \n \n\n \n\n \n \n \n icmp-port-unreachable\n \n \n\n \n\n
\n \n \n \n \n

tcp

\n
\n \n 53\n \n
\n \n \n icmp-port-unreachable\n \n \n\n
\n\n \n \n \n

udp

\n
\n \n 53\n \n
\n \n \n icmp-port-unreachable\n \n \n\n
\n\n \n \n \n 116\n \n \n \n \n icmp-port-unreachable\n \n \n\n \n\n \n \n \n \n\n \n\n
\n \n
\n\n
\n", ""] And the I2P firewall rules are enabled # features/step_definitions/i2p.rb:37 Scenario: I2P's AppArmor profile is in enforce mode # features/i2p.feature:18 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [1, "", ""] calling as root: date -s '@1465815902' call returned: [0, "Mon Jun 13 11:05:02 UTC 2016\n", ""] Checkpoint: I have started Tails from DVD with I2P enabled and logged in and the network is connected Given I have started Tails from DVD with I2P enabled and logged in And the network is plugged calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [0, "", ""] calling as root: test -e /var/run/tordate/done call returned: [0, "", ""] calling as root: test -e /var/run/htpdate/success call returned: [1, "", ""] calling as root: test -e /var/run/htpdate/success call returned: [1, "", ""] calling as root: test -e /var/run/htpdate/success call returned: [0, "", ""] calling as root: systemctl is-system-running call returned: [0, "running\n", ""] And Tor is ready calling as root: systemctl --quiet is-active i2p call returned: [3, "", ""] calling as root: systemctl --quiet is-active i2p call returned: [0, "", ""] And I2P is running [log] CLICK on (1007,762) [profile] Finder.findAll START [profile] Finder.findAll END: 100ms [log] CLICK on (991,697) [log] CLICK on (990,584) [log] CLICK on (51,16) And all notifications have disappeared calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [0, "", ""] And available upgrades have been checked calling as root: . /usr/local/lib/tails-shell-library/i2p.sh && i2p_reseed_completed call returned: [0, "", ""] And I2P's reseeding completed Given I have started Tails from DVD with I2P enabled and logged in and the network is connected # features/step_definitions/snapshots.rb:199 calling as root: systemctl --quiet is-active i2p call returned: [0, "", ""] When I2P is running # features/step_definitions/i2p.rb:1 calling as root: service i2p status call returned: [0, "\u25cf i2p.service - load-balanced unspoofable packet switching network\n Loaded: loaded (/lib/systemd/system/i2p.service; disabled)\n Drop-In: /lib/systemd/system/i2p.service.d\n \u2514\u2500AppArmor.conf\n Active: active (running) since Mon 2016-06-13 11:05:22 UTC; 33s ago\n Process: 3382 ExecStart=/usr/sbin/aa-exec --profile=system_i2p -- /usr/sbin/wrapper $I2P_ARGS (code=exited, status=0/SUCCESS)\n Process: 3378 ExecStartPre=/bin/chmod 750 /var/log/i2p (code=exited, status=0/SUCCESS)\n Process: 3375 ExecStartPre=/bin/chown -R ${I2PUSER}:${I2PUSER} /var/log/i2p /run/i2p /tmp/i2p-daemon (code=exited, status=0/SUCCESS)\n Process: 3373 ExecStartPre=/bin/mkdir -p /tmp/i2p-daemon (code=exited, status=0/SUCCESS)\n Main PID: 3447 (wrapper)\n CGroup: /system.slice/i2p.service\n \u251c\u25003447 /usr/sbin/wrapper /etc/i2p/wrapper.config wrapper.java.additional.1=-DloggerFilenameOverride=/var/log/i2p/log-router-@.txt wrapper.java.additional.10=-Dwrapper.logfile=/var/log/i2p/wrapper.log wrapper.java.additional.11=-Di2p.dir.pid=/run/i2p wrapper.java.additional.12=-Di2p.dir.temp=/tmp/i2p-daemon wrapper.logfile=/var/log/i2p/wrapper.log wrapper.pidfile=/run/i2p/i2p.pid wrapper.java.pidfile=/run/i2p/routerjvm.pid wrapper.daemonize=TRUE\n \u2514\u25003479 /usr/lib/jvm/java-7-openjdk-i386/jre/bin/java -DloggerFilenameOverride=/var/log/i2p/log-router-@.txt -Di2p.dir.base=/usr/share/i2p -Dwrapper.logfile=/var/log/i2p/wrapper.log -Di2p.dir.pid=/run/i2p -Di2p.dir.temp=/tmp/i2p-daemon -Xmx128m -Djava.library.path=/usr/lib/jni:/usr/share/java/lib -classpath /usr/share/i2p/lib/BOB.jar:/usr/share/i2p/lib/commons-el.jar:/usr/share/i2p/lib/commons-logging.jar:/usr/share/i2p/lib/desktopgui.jar:/usr/share/i2p/lib/eclipse-ecj.jar:/usr/share/i2p/lib/i2p.jar:/usr/share/i2p/lib/i2psnark.jar:/usr/share/i2p/lib/i2ptunnel.jar:/usr/share/i2p/lib/jasper-runtime.jar:/usr/share/i2p/lib/javax.servlet.jar:/usr/share/i2p/lib/jetty-continuation.jar:/usr/share/i2p/lib/jetty-deploy.jar:/usr/share/i2p/lib/jetty-http.jar:/usr/share/i2p/lib/jetty-i2p.jar:/usr/share/i2p/lib/jetty-io.jar:/usr/share/i2p/lib/jetty-rewrite-handler.jar:/usr/share/i2p/lib/jetty-security.jar:/usr/share/i2p/lib/jetty-servlet.jar:/usr/share/i2p/lib/jetty-servlets.jar:/usr/share/i2p/lib/jetty-start.jar:/usr/share/i2p/lib/jetty-util.jar:/usr/share/i2p/lib/jetty-webapp.jar:/usr/share/i2p/lib/jetty-xml.jar:/usr/share/i2p/lib/jrobin.jar:/usr/share/i2p/lib/jstl.jar:/usr/share/i2p/lib/mstreaming.jar:/usr/share/i2p/lib/org.mortbay.jetty.jar:/usr/share/i2p/lib/org.mortbay.jmx.jar:/usr/share/i2p/lib/router.jar:/usr/share/i2p/lib/routerconsole.jar:/usr/share/i2p/lib/sam.jar:/usr/share/i2p/lib/standard.jar:/usr/share/i2p/lib/streaming.jar:/usr/share/i2p/lib/systray4j.jar:/usr/share/i2p/lib/systray.jar:/usr/share/java/wrapper.jar -Dwrapper.key=k9EG3P08LbrC6Qb6 -Dwrapper.port=32000 -Dwrapper.jvm.port.min=31000 -Dwrapper.jvm.port.max=31999 -Dwrapper.disable_console_input=TRUE -Dwrapper.pid=3447 -Dwrapper.version=3.5.22 -Dwrapper.native_library=wrapper -Dwrapper.arch=x86 -Dwrapper.service=TRUE -Dwrapper.cpu.timeout=10 -Dwrapper.jvmid=1 org.tanukisoftware.wrapper.WrapperSimpleApp net.i2p.router.Router\n", ""] calling as root: cat /run/i2p/i2p.pid call returned: [0, "3447\n", ""] calling as root: cat /proc/3447/attr/current call returned: [0, "system_i2p (enforce)\n", ""] Then the running process "i2p" is confined with AppArmor in enforce mode # features/step_definitions/checks.rb:186 Scenario: The I2P Browser works as it should # features/i2p.feature:23 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [0, "", ""] calling as root: systemctl --quiet is-active tor@default.service call returned: [0, "", ""] calling as root: systemctl stop tor@default.service call returned: [0, "", ""] calling as root: rm -f /var/log/tor/log call returned: [0, "", ""] calling as root: systemctl --no-block restart tails-tor-has-bootstrapped.target call returned: [0, "", ""] calling as root: date -s '@1465815966' call returned: [0, "Mon Jun 13 11:06:06 UTC 2016\n", ""] spawning as root: restart-tor calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [0, "", ""] calling as root: cat /proc/cmdline call returned: [0, "BOOT_IMAGE=/live/vmlinuz2 initrd=/live/initrd2.img boot=live config live-media=removable apparmor=1 security=apparmor nopersistence noprompt timezone=Etc/UTC block.events_dfl_poll_msecs=1000 splash noautologin module=Tails slab_nomerge slub_debug=FZ mce=0 vsyscall=none quiet autotest_never_use_this_option blacklist=psmouse i2p\n", ""] calling as root: /usr/local/sbin/tails-i2p stop call returned: [0, "", ""] calling as root: killall tails-i2p call returned: [0, "", ""] spawning as root: /usr/local/sbin/tails-i2p start Given I have started Tails from DVD with I2P enabled and logged in and the network is connected # features/step_definitions/snapshots.rb:199 calling as root: . /usr/local/lib/tails-shell-library/i2p.sh && i2p_router_console_is_ready call returned: [1, "", ""] calling as root: . /usr/local/lib/tails-shell-library/i2p.sh && i2p_router_console_is_ready call returned: [1, "", ""] calling as root: . /usr/local/lib/tails-shell-library/i2p.sh && i2p_router_console_is_ready call returned: [1, "", ""] calling as root: . /usr/local/lib/tails-shell-library/i2p.sh && i2p_router_console_is_ready call returned: [0, "", ""] And the I2P router console is ready # features/step_definitions/i2p.rb:17 calling as amnesia: mktemp call returned: [0, "/tmp/tmp.NN4i0wacyg\n", ""] calling as root: rm -f '/tmp/tmp.NN4i0wacyg' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Applications'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.NN4i0wacyg' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.NN4i0wacyg' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.NN4i0wacyg_20160613-110620_debug ...\nClicking on [label | Applications]\nMouse button 1 click at (47,13)\n", ""] calling as root: rm -f '/tmp/tmp.NN4i0wacyg' call returned: [0, "", ""] calling as amnesia: mktemp call returned: [0, "/tmp/tmp.04RQfphOLd\n", ""] calling as root: rm -f '/tmp/tmp.04RQfphOLd' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Internet'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.04RQfphOLd' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.04RQfphOLd' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.04RQfphOLd_20160613-110624_debug ...\nClicking on [label | Internet]\nMouse button 1 click at (59,166)\n", ""] calling as root: rm -f '/tmp/tmp.04RQfphOLd' call returned: [0, "", ""] calling as amnesia: mktemp call returned: [0, "/tmp/tmp.Pnhq8D7cy5\n", ""] calling as root: rm -f '/tmp/tmp.Pnhq8D7cy5' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'I2P Browser'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.Pnhq8D7cy5' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.Pnhq8D7cy5' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.Pnhq8D7cy5_20160613-110628_debug ...\nClicking on [label | I2P Browser]\nMouse button 1 click at (298,160)\n", ""] calling as root: rm -f '/tmp/tmp.Pnhq8D7cy5' call returned: [0, "", ""] When I start the I2P Browser through the GNOME menu # features/step_definitions/browser.rb:14 Then the I2P router console is displayed in I2P Browser # features/step_definitions/i2p.rb:23 calling as root: . /usr/local/lib/tails-shell-library/tor-browser.sh && echo ${TBB_INSTALL}/firefox call returned: [0, "/usr/local/lib/tor-browser/firefox\n", ""] calling as root: pgrep --uid i2pbrowser --full --exact '/usr/local/lib/tor-browser/firefox .* -profile /home/i2pbrowser/.i2p-browser/profile.default' call returned: [0, "5641\n", ""] calling as root: . /usr/local/lib/tails-shell-library/tor-browser.sh && ls -1 /var/lib/i2p-browser/chroot${TBB_INSTALL}/*.so call returned: [0, "/var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/libfreebl3.so\n/var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/liblgpllibs.so\n/var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/libmozsqlite3.so\n/var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/libnspr4.so\n/var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/libnss3.so\n/var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/libnssckbi.so\n/var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/libnssdbm3.so\n/var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/libnssutil3.so\n/var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/libplc4.so\n/var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/libplds4.so\n/var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/libsmime3.so\n/var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/libsoftokn3.so\n/var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/libssl3.so\n/var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/libxul.so\n", ""] calling as root: pmap --show-path 5641 call returned: [0, "5641: /usr/local/lib/tor-browser/firefox -DISPLAY=:0 -profile /home/i2pbrowser/.i2p-browser/profile.default\nd8e80000 512K rw-s- [ shmid=0xb0006 ]\nd8f00000 1024K rw--- [ anon ]\nd9051000 576K r---- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/fonts/Arimo-Italic.ttf\nd90e1000 576K r---- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/fonts/Arimo-Italic.ttf\nd9171000 572K r---- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/fonts/Arimo-Bold.ttf\nd9200000 1024K rw--- [ anon ]\nd9351000 64K rwx-- [ anon ]\nd9361000 572K r---- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/fonts/Arimo-Bold.ttf\nd93f0000 4K ----- [ anon ]\nd93f1000 8252K rwx-- [ anon ]\nd9c00000 3072K rw--- [ anon ]\nd9f00000 4K ----- [ anon ]\nd9f01000 8188K rwx-- [ anon ]\nda700000 1024K rw--- [ anon ]\nda800000 4K ----- [ anon ]\nda801000 8188K rwx-- [ anon ]\ndb000000 5120K rw--- [ anon ]\ndb500000 4K ----- [ anon ]\ndb501000 8188K rwx-- [ anon ]\ndbd00000 3072K rw--- [ anon ]\ndc000000 4K ----- [ anon ]\ndc001000 8188K rwx-- [ anon ]\ndc800000 4K ----- [ anon ]\ndc801000 8188K rwx-- [ anon ]\ndd000000 3072K rw--- [ anon ]\ndd300000 256K rwx-- [ anon ]\ndd340000 4K ----- [ anon ]\ndd341000 764K rwx-- [ anon ]\ndd400000 22528K rw--- [ anon ]\ndea02000 568K r---- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/fonts/Arimo-Regular.ttf\ndea90000 448K rwx-- [ anon ]\ndeb00000 13312K rw--- [ anon ]\ndf800000 4K ----- [ anon ]\ndf801000 8188K rwx-- [ anon ]\ne0000000 1024K rw--- [ anon ]\ne0100000 4K ----- [ anon ]\ne0101000 1020K rwx-- [ anon ]\ne0200000 3072K rw--- [ anon ]\ne0502000 256K rwx-- [ anon ]\ne0542000 568K r---- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/fonts/Arimo-Regular.ttf\ne05d0000 192K rwx-- [ anon ]\ne0600000 3072K rw--- [ anon ]\ne0900000 4K ----- [ anon ]\ne0901000 8188K rwx-- [ anon ]\ne1100000 3072K rw--- [ anon ]\ne1400000 4K ----- [ anon ]\ne1401000 8188K rwx-- [ anon ]\ne1c00000 4K ----- [ anon ]\ne1c01000 8188K rwx-- [ anon ]\ne2400000 4K ----- [ anon ]\ne2401000 8188K rwx-- [ anon ]\ne2c00000 4K ----- [ anon ]\ne2c01000 8188K rwx-- [ anon ]\ne3400000 4K ----- [ anon ]\ne3401000 8188K rwx-- [ anon ]\ne3c00000 1024K rw--- [ anon ]\ne3d03000 32K rw-s- /var/lib/i2p-browser/chroot/home/i2pbrowser/.i2p-browser/profile.default/webappsstore.sqlite-shm\ne3d0b000 384K rw-s- [ shmid=0x90004 ]\ne3d6b000 152K r---- /var/lib/i2p-browser/chroot/usr/lib/locale/C.UTF-8/LC_CTYPE\ne3d91000 1468K r---- /var/lib/i2p-browser/chroot/usr/lib/locale/C.UTF-8/LC_COLLATE\ne3f00000 5120K rw--- [ anon ]\ne4400000 4K ----- [ anon ]\ne4401000 8188K rwx-- [ anon ]\ne4c00000 3072K rw--- [ anon ]\ne4f02000 120K r--s- /var/lib/i2p-browser/chroot/usr/share/mime/mime.cache\ne4f20000 208K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libgconf-2.so.4.1.5\ne4f54000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libgconf-2.so.4.1.5\ne4f55000 4K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libgconf-2.so.4.1.5\ne4f56000 552K r---- /var/lib/i2p-browser/chroot/usr/local/share/tor-browser-extensions/{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi\ne4fe0000 4K ----- [ anon ]\ne4fe1000 1020K rwx-- [ anon ]\ne50e0000 4K ----- [ anon ]\ne50e1000 8316K rwx-- [ anon ]\ne5900000 1024K rw--- [ anon ]\ne5a01000 20K r---- /var/lib/i2p-browser/chroot/usr/lib/locale/zu_ZA/LC_COLLATE\ne5a06000 84K r--s- /var/lib/i2p-browser/chroot/home/i2pbrowser/.cache/fontconfig/42f746296937150ee8e3c23c67344d6d-le32d4.cache-4\ne5a1b000 448K rwx-- [ anon ]\ne5a8b000 4K ----- [ anon ]\ne5a8c000 8188K rwx-- [ anon ]\ne628b000 4K ----- [ anon ]\ne628c000 8188K rwx-- [ anon ]\ne6a8b000 396K r-x-- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/libnssckbi.so\ne6aee000 48K r---- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/libnssckbi.so\ne6afa000 24K rw--- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/libnssckbi.so\ne6b00000 1024K rw--- [ anon ]\ne6c01000 32K rw-s- /var/lib/i2p-browser/chroot/home/i2pbrowser/.i2p-browser/profile.default/places.sqlite-shm\ne6c09000 192K rwx-- [ anon ]\ne6c39000 420K r-x-- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/libfreebl3.so\ne6ca2000 4K ----- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/libfreebl3.so\ne6ca3000 4K r---- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/libfreebl3.so\ne6ca4000 4K rw--- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/libfreebl3.so\ne6ca5000 16K rw--- [ anon ]\ne6ca9000 212K r-x-- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/libsoftokn3.so\ne6cde000 4K r---- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/libsoftokn3.so\ne6cdf000 4K rw--- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/libsoftokn3.so\ne6ce0000 4K ----- [ anon ]\ne6ce1000 8188K rwx-- [ anon ]\ne74e0000 4K ----- [ anon ]\ne74e1000 124K rwx-- [ anon ]\ne7500000 4K ----- [ anon ]\ne7501000 8188K rwx-- [ anon ]\ne7d00000 4K ----- [ anon ]\ne7d01000 8188K rwx-- [ anon ]\ne8500000 8192K rw--- [ anon ]\ne8d00000 4K ----- [ anon ]\ne8d01000 8188K rwx-- [ anon ]\ne9500000 6144K rw--- [ anon ]\ne9b00000 20K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-png.so\ne9b05000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-png.so\ne9b06000 4K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-png.so\ne9b07000 64K rwx-- [ anon ]\ne9b17000 172K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libvorbis.so.0.4.7\ne9b42000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libvorbis.so.0.4.7\ne9b43000 4K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libvorbis.so.0.4.7\ne9b44000 28K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libogg.so.0.8.2\ne9b4b000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libogg.so.0.8.2\ne9b4c000 4K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libogg.so.0.8.2\ne9b4d000 72K r-x-- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libgpg-error.so.0.13.0\ne9b5f000 4K r---- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libgpg-error.so.0.13.0\ne9b60000 4K rw--- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libgpg-error.so.0.13.0\ne9b61000 496K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libvorbisenc.so.2.0.10\ne9bdd000 72K r---- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libvorbisenc.so.2.0.10\ne9bef000 4K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libvorbisenc.so.2.0.10\ne9bf0000 212K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libFLAC.so.8.3.0\ne9c25000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libFLAC.so.8.3.0\ne9c26000 4K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libFLAC.so.8.3.0\ne9c27000 84K r-x-- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libnsl-2.19.so\ne9c3c000 4K r---- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libnsl-2.19.so\ne9c3d000 4K rw--- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libnsl-2.19.so\ne9c3e000 8K rw--- [ anon ]\ne9c40000 692K r-x-- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libgcrypt.so.20.0.3\ne9ced000 4K r---- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libgcrypt.so.20.0.3\ne9cee000 12K rw--- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libgcrypt.so.20.0.3\ne9cf1000 152K r-x-- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/liblzma.so.5.0.0\ne9d17000 8K r---- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/liblzma.so.5.0.0\ne9d19000 4K rw--- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/liblzma.so.5.0.0\ne9d1a000 16K r-x-- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libattr.so.1.1.0\ne9d1e000 4K r---- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libattr.so.1.1.0\ne9d1f000 4K rw--- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libattr.so.1.1.0\ne9d20000 456K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libsndfile.so.1.0.25\ne9d92000 8K r---- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libsndfile.so.1.0.25\ne9d94000 4K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libsndfile.so.1.0.25\ne9d95000 16K rw--- [ anon ]\ne9d99000 156K r-x-- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libsystemd.so.0.3.1\ne9dc0000 4K r---- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libsystemd.so.0.3.1\ne9dc1000 4K rw--- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libsystemd.so.0.3.1\ne9dc2000 512K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/pulseaudio/libpulsecommon-5.0.so\ne9e42000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/pulseaudio/libpulsecommon-5.0.so\ne9e43000 4K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/pulseaudio/libpulsecommon-5.0.so\ne9e44000 344K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libpulse.so.0.17.3\ne9e9a000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libpulse.so.0.17.3\ne9e9b000 4K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libpulse.so.0.17.3\ne9e9c000 388K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libibus-1.0.so.5.0.509\ne9efd000 8K r---- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libibus-1.0.so.5.0.509\ne9eff000 4K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libibus-1.0.so.5.0.509\ne9f00000 1024K rw--- [ anon ]\nea000000 4K ----- [ anon ]\nea001000 8188K rwx-- [ anon ]\nea800000 3072K rw--- [ anon ]\neab00000 4K ----- [ anon ]\neab01000 8188K rwx-- [ anon ]\neb300000 16384K rw--- [ anon ]\nec300000 4K ----- [ anon ]\nec301000 2044K rwx-- [ anon ]\nec500000 4K ----- [ anon ]\nec501000 2044K rwx-- [ anon ]\nec700000 4K ----- [ anon ]\nec701000 2044K rwx-- [ anon ]\nec900000 4K ----- [ anon ]\nec901000 2044K rwx-- [ anon ]\necb00000 4K ----- [ anon ]\necb01000 2044K rwx-- [ anon ]\necd00000 1024K rw--- [ anon ]\nece03000 20K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libasyncns.so.0.3.1\nece08000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libasyncns.so.0.3.1\nece09000 4K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libasyncns.so.0.3.1\nece0a000 32K r-x-- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libwrap.so.0.7.6\nece12000 4K r---- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libwrap.so.0.7.6\nece13000 4K rw--- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libwrap.so.0.7.6\nece14000 24K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libXtst.so.6.1.0\nece1a000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libXtst.so.6.1.0\nece1b000 4K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libXtst.so.6.1.0\nece1c000 16K r-x-- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libcap.so.2.24\nece20000 4K r---- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libcap.so.2.24\nece21000 4K rw--- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libcap.so.2.24\nece22000 40K r-x-- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libjson-c.so.2.0.0\nece2c000 4K r---- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libjson-c.so.2.0.0\nece2d000 4K rw--- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libjson-c.so.2.0.0\nece2e000 8K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libXss.so.1.0.0\nece30000 4K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libXss.so.1.0.0\nece31000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/locale/C.UTF-8/LC_NUMERIC\nece32000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/locale/C.UTF-8/LC_TIME\nece33000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/locale/C.UTF-8/LC_MONETARY\nece34000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/locale/C.UTF-8/LC_MESSAGES/SYS_LC_MESSAGES\nece35000 64K rwx-- [ anon ]\nece45000 568K r---- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/fonts/Arimo-Regular.ttf\neced3000 4K ----- [ anon ]\neced4000 8188K rwx-- [ anon ]\ned6d3000 4K ----- [ anon ]\ned6d4000 8188K rwx-- [ anon ]\neded3000 12136K r---- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/browser/omni.ja\neeaad000 9548K r---- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/omni.ja\nef400000 1024K rw--- [ anon ]\nef500000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/locale/C.UTF-8/LC_PAPER\nef501000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/locale/C.UTF-8/LC_NAME\nef502000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/locale/C.UTF-8/LC_ADDRESS\nef503000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/locale/C.UTF-8/LC_TELEPHONE\nef504000 64K rwx-- [ anon ]\nef514000 128K r-x-- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/browser/components/libbrowsercomps.so\nef534000 4K ----- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/browser/components/libbrowsercomps.so\nef535000 4K r---- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/browser/components/libbrowsercomps.so\nef536000 4K rw--- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/browser/components/libbrowsercomps.so\nef537000 196K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libatk-bridge-2.0.so.0.0.0\nef568000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libatk-bridge-2.0.so.0.0.0\nef569000 4K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libatk-bridge-2.0.so.0.0.0\nef56a000 4K rw--- [ anon ]\nef56b000 188K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libatspi.so.0.0.1\nef59a000 12K r---- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libatspi.so.0.0.1\nef59d000 4K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libatspi.so.0.0.1\nef59e000 32K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libgailutil.so.18.0.1\nef5a6000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libgailutil.so.18.0.1\nef5a7000 4K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libgailutil.so.18.0.1\nef5a8000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/locale/C.UTF-8/LC_MEASUREMENT\nef5a9000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/locale/C.UTF-8/LC_IDENTIFICATION\nef5aa000 4K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libX11-xcb.so.1.0.0\nef5ab000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libX11-xcb.so.1.0.0\nef5ac000 4K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libX11-xcb.so.1.0.0\nef5ad000 28K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/gtk-2.0/2.10.0/immodules/im-ibus.so\nef5b4000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/gtk-2.0/2.10.0/immodules/im-ibus.so\nef5b5000 4K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/gtk-2.0/2.10.0/immodules/im-ibus.so\nef5b6000 4K ----- [ anon ]\nef5b7000 28K rwx-- [ anon ]\nef5be000 4K ----- [ anon ]\nef5bf000 360K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/gtk-2.0/modules/libgail.so\nef619000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/gtk-2.0/modules/libgail.so\nef61a000 4K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/gtk-2.0/modules/libgail.so\nef61b000 40K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/gtk-2.0/2.10.0/engines/libpixmap.so\nef625000 8K r---- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/gtk-2.0/2.10.0/engines/libpixmap.so\nef627000 4K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/gtk-2.0/2.10.0/engines/libpixmap.so\nef628000 1216K r---- /var/lib/i2p-browser/chroot/usr/lib/locale/zu_ZA.utf8/LC_COLLATE\nef758000 4K ----- [ anon ]\nef759000 8188K rwx-- [ anon ]\neff58000 252K r---- /var/lib/i2p-browser/chroot/usr/lib/locale/zu_ZA.utf8/LC_CTYPE\neff97000 16K r-x-- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libuuid.so.1.3.0\neff9b000 4K r---- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libuuid.so.1.3.0\neff9c000 4K rw--- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libuuid.so.1.3.0\neff9d000 20K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libXdmcp.so.6.0.0\neffa2000 4K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libXdmcp.so.6.0.0\neffa3000 8K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libXau.so.6.0.0\neffa5000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libXau.so.6.0.0\neffa6000 4K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libXau.so.6.0.0\neffa7000 28K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libdatrie.so.1.3.1\neffae000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libdatrie.so.1.3.1\neffaf000 4K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libdatrie.so.1.3.1\neffb0000 148K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libgraphite2.so.3.0.1\neffd5000 8K r---- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libgraphite2.so.3.0.1\neffd7000 4K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libgraphite2.so.3.0.1\neffd8000 100K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libICE.so.6.3.0\nefff1000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libICE.so.6.3.0\nefff2000 4K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libICE.so.6.3.0\nefff3000 8K rw--- [ anon ]\nefff5000 32K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libSM.so.6.0.1\nefffd000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libSM.so.6.0.1\nefffe000 4K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libSM.so.6.0.1\neffff000 144K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libxcb.so.1.1.0\nf0023000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libxcb.so.1.1.0\nf0024000 4K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libxcb.so.1.1.0\nf0025000 36K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libxcb-render.so.0.0.0\nf002e000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libxcb-render.so.0.0.0\nf002f000 4K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libxcb-render.so.0.0.0\nf0030000 8K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libxcb-shm.so.0.0.0\nf0032000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libxcb-shm.so.0.0.0\nf0033000 4K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libxcb-shm.so.0.0.0\nf0034000 712K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libpixman-1.so.0.32.6\nf00e6000 24K r---- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libpixman-1.so.0.32.6\nf00ec000 4K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libpixman-1.so.0.32.6\nf00ed000 32K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libthai.so.0.2.0\nf00f5000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libthai.so.0.2.0\nf00f6000 4K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libthai.so.0.2.0\nf00f7000 40K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libXcursor.so.1.0.2\nf0101000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libXcursor.so.1.0.2\nf0102000 4K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libXcursor.so.1.0.2\nf0103000 40K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libXrandr.so.2.2.0\nf010d000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libXrandr.so.2.2.0\nf010e000 4K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libXrandr.so.2.2.0\nf010f000 68K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libXi.so.6.1.0\nf0120000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libXi.so.6.1.0\nf0121000 4K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libXi.so.6.1.0\nf0122000 8K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libXinerama.so.1.0.0\nf0124000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libXinerama.so.1.0.0\nf0125000 4K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libXinerama.so.1.0.0\nf0126000 364K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libharfbuzz.so.0.935.0\nf0181000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libharfbuzz.so.0.935.0\nf0182000 4K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libharfbuzz.so.0.935.0\nf0183000 76K r-x-- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libresolv-2.19.so\nf0196000 8K r---- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libresolv-2.19.so\nf0198000 4K rw--- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libresolv-2.19.so\nf0199000 8K rw--- [ anon ]\nf019b000 148K r-x-- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libselinux.so.1\nf01c0000 4K r---- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libselinux.so.1\nf01c1000 4K rw--- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libselinux.so.1\nf01c2000 4K rw--- [ anon ]\nf01c3000 20K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libXfixes.so.3.1.0\nf01c8000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libXfixes.so.3.1.0\nf01c9000 4K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libXfixes.so.3.1.0\nf01ca000 8K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libXdamage.so.1.1.0\nf01cc000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libXdamage.so.1.1.0\nf01cd000 4K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libXdamage.so.1.1.0\nf01ce000 448K r-x-- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libpcre.so.3.13.1\nf023e000 8K r---- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libpcre.so.3.13.1\nf0240000 4K rw--- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libpcre.so.3.13.1\nf0241000 24K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libffi.so.6.0.2\nf0247000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libffi.so.6.0.2\nf0248000 4K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libffi.so.6.0.2\nf0249000 152K r-x-- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libexpat.so.1.6.0\nf026f000 8K r---- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libexpat.so.1.6.0\nf0271000 4K rw--- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libexpat.so.1.6.0\nf0272000 172K r-x-- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libpng12.so.0.50.0\nf029d000 4K r---- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libpng12.so.0.50.0\nf029e000 4K rw--- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libpng12.so.0.50.0\nf029f000 104K r-x-- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libz.so.1.2.8\nf02b9000 8K r---- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libz.so.1.2.8\nf02bb000 4K rw--- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libz.so.1.2.8\nf02bc000 392K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libXt.so.6.0.0\nf031e000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libXt.so.6.0.0\nf031f000 12K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libXt.so.6.0.0\nf0322000 4K rw--- [ anon ]\nf0323000 76K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libXext.so.6.4.0\nf0336000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libXext.so.6.4.0\nf0337000 4K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libXext.so.6.4.0\nf0338000 1332K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libX11.so.6.3.0\nf0485000 8K r---- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libX11.so.6.3.0\nf0487000 12K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libX11.so.6.3.0\nf048a000 1300K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libcairo.so.2.11400.0\nf05cf000 8K r---- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libcairo.so.2.11400.0\nf05d1000 4K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libcairo.so.2.11400.0\nf05d2000 4K rw--- [ anon ]\nf05d3000 320K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libpango-1.0.so.0.3600.8\nf0623000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libpango-1.0.so.0.3600.8\nf0624000 4K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libpango-1.0.so.0.3600.8\nf0625000 156K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libgdk_pixbuf-2.0.so.0.3100.1\nf064c000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libgdk_pixbuf-2.0.so.0.3100.1\nf064d000 4K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libgdk_pixbuf-2.0.so.0.3100.1\nf064e000 48K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libpangocairo-1.0.so.0.3600.8\nf065a000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libpangocairo-1.0.so.0.3600.8\nf065b000 4K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libpangocairo-1.0.so.0.3600.8\nf065c000 756K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libgdk-x11-2.0.so.0.2400.25\nf0719000 12K r---- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libgdk-x11-2.0.so.0.2400.25\nf071c000 4K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libgdk-x11-2.0.so.0.2400.25\nf071d000 88K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libpangoft2-1.0.so.0.3600.8\nf0733000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libpangoft2-1.0.so.0.3600.8\nf0734000 4K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libpangoft2-1.0.so.0.3600.8\nf0735000 1732K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libgio-2.0.so.0.4200.1\nf08e6000 12K r---- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libgio-2.0.so.0.4200.1\nf08e9000 4K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libgio-2.0.so.0.4200.1\nf08ea000 4K rw--- [ anon ]\nf08eb000 148K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libatk-1.0.so.0.21409.1\nf0910000 8K r---- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libatk-1.0.so.0.21409.1\nf0912000 4K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libatk-1.0.so.0.21409.1\nf0913000 5056K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libgtk-x11-2.0.so.0.2400.25\nf0e03000 16K r---- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libgtk-x11-2.0.so.0.2400.25\nf0e07000 8K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libgtk-x11-2.0.so.0.2400.25\nf0e09000 8K rw--- [ anon ]\nf0e0b000 1176K r-x-- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libglib-2.0.so.0.4200.1\nf0f31000 4K r---- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libglib-2.0.so.0.4200.1\nf0f32000 4K rw--- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libglib-2.0.so.0.4200.1\nf0f33000 368K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libgobject-2.0.so.0.4200.1\nf0f8f000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libgobject-2.0.so.0.4200.1\nf0f90000 4K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libgobject-2.0.so.0.4200.1\nf0f91000 336K r-x-- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libdbus-1.so.3.8.13\nf0fe5000 8K r---- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libdbus-1.so.3.8.13\nf0fe7000 4K rw--- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libdbus-1.so.3.8.13\nf0fe8000 148K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libdbus-glib-1.so.2.2.2\nf100d000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libdbus-glib-1.so.2.2.2\nf100e000 4K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libdbus-glib-1.so.2.2.2\nf100f000 1036K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libasound.so.2.0.0\nf1112000 16K r---- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libasound.so.2.0.0\nf1116000 4K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libasound.so.2.0.0\nf1117000 40K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libXrender.so.1.3.0\nf1121000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libXrender.so.1.3.0\nf1122000 4K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libXrender.so.1.3.0\nf1123000 256K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libfontconfig.so.1.8.0\nf1163000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libfontconfig.so.1.8.0\nf1164000 4K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libfontconfig.so.1.8.0\nf1165000 692K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libfreetype.so.6.11.1\nf1212000 16K r---- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libfreetype.so.6.11.1\nf1216000 4K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libfreetype.so.6.11.1\nf1217000 4K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/gtk-2.0/modules/libatk-bridge.so\nf1218000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/gtk-2.0/modules/libatk-bridge.so\nf1219000 4K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/gtk-2.0/modules/libatk-bridge.so\nf121a000 8K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/gtk-2.0/2.10.0/engines/libadwaita.so\nf121c000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/gtk-2.0/2.10.0/engines/libadwaita.so\nf121d000 4K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/gtk-2.0/2.10.0/engines/libadwaita.so\nf121e000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/locale/zu_ZA.utf8/LC_NUMERIC\nf121f000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/locale/en_US.utf8/LC_TIME\nf1220000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/locale/en_US.utf8/LC_MONETARY\nf1221000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/locale/ug_CN/LC_MESSAGES/SYS_LC_MESSAGES\nf1222000 12K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/gconv/UTF-16.so\nf1225000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/gconv/UTF-16.so\nf1226000 4K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/gconv/UTF-16.so\nf1227000 28K r--s- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/gconv/gconv-modules.cache\nf122e000 91548K r-x-- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/libxul.so\nf6b95000 2612K r---- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/libxul.so\nf6e22000 348K rw--- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/libxul.so\nf6e79000 196K rw--- [ anon ]\nf6eaa000 40K r-x-- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/liblgpllibs.so\nf6eb4000 4K r---- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/liblgpllibs.so\nf6eb5000 4K rw--- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/liblgpllibs.so\nf6eb6000 748K r-x-- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/libmozsqlite3.so\nf6f71000 8K r---- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/libmozsqlite3.so\nf6f73000 8K rw--- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/libmozsqlite3.so\nf6f75000 204K r-x-- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/libssl3.so\nf6fa8000 4K ----- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/libssl3.so\nf6fa9000 8K r---- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/libssl3.so\nf6fab000 4K rw--- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/libssl3.so\nf6fac000 116K r-x-- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/libsmime3.so\nf6fc9000 4K ----- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/libsmime3.so\nf6fca000 8K r---- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/libsmime3.so\nf6fcc000 4K rw--- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/libsmime3.so\nf6fcd000 880K r-x-- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/libnss3.so\nf70a9000 4K ----- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/libnss3.so\nf70aa000 12K r---- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/libnss3.so\nf70ad000 4K rw--- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/libnss3.so\nf70ae000 4K rw--- [ anon ]\nf70af000 304K r-x-- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/libnspr4.so\nf70fb000 4K ----- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/libnspr4.so\nf70fc000 4K r---- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/libnspr4.so\nf70fd000 4K rw--- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/libnspr4.so\nf70fe000 2056K rw--- [ anon ]\nf7300000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/locale/yi_US.utf8/LC_PAPER\nf7301000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/locale/yi_US.utf8/LC_NAME\nf7302000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/locale/en_US.utf8/LC_ADDRESS\nf7303000 8K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libXcomposite.so.1.0.0\nf7305000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libXcomposite.so.1.0.0\nf7306000 4K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libXcomposite.so.1.0.0\nf7307000 120K r-x-- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/libnssutil3.so\nf7325000 4K ----- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/libnssutil3.so\nf7326000 12K r---- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/libnssutil3.so\nf7329000 4K rw--- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/libnssutil3.so\nf732a000 12K rw--- [ anon ]\nf732d000 1464K r-x-- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libc-2.19.so\nf749b000 8K r---- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libc-2.19.so\nf749d000 4K rw--- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libc-2.19.so\nf749e000 12K rw--- [ anon ]\nf74a1000 112K r-x-- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libgcc_s.so.1\nf74bd000 4K rw--- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libgcc_s.so.1\nf74be000 268K r-x-- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libm-2.19.so\nf7501000 4K r---- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libm-2.19.so\nf7502000 4K rw--- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libm-2.19.so\nf7503000 1600K r-x-- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/libstdc++.so.6\nf7693000 24K r---- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/libstdc++.so.6\nf7699000 4K rw--- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/libstdc++.so.6\nf769a000 8K rw--- [ anon ]\nf769c000 28K r-x-- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/librt-2.19.so\nf76a3000 4K r---- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/librt-2.19.so\nf76a4000 4K rw--- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/librt-2.19.so\nf76a5000 12K r-x-- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libdl-2.19.so\nf76a8000 4K r---- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libdl-2.19.so\nf76a9000 4K rw--- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libdl-2.19.so\nf76aa000 92K r-x-- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libpthread-2.19.so\nf76c1000 4K r---- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libpthread-2.19.so\nf76c2000 4K rw--- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/libpthread-2.19.so\nf76c3000 8K rw--- [ anon ]\nf76c5000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/locale/yi_US.utf8/LC_TELEPHONE\nf76c6000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/locale/yi_US.utf8/LC_MEASUREMENT\nf76c7000 12K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libgmodule-2.0.so.0.4200.1\nf76ca000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libgmodule-2.0.so.0.4200.1\nf76cb000 4K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libgmodule-2.0.so.0.4200.1\nf76cc000 4K r-x-- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libgthread-2.0.so.0.4200.1\nf76cd000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libgthread-2.0.so.0.4200.1\nf76ce000 4K rw--- /var/lib/i2p-browser/chroot/usr/lib/i386-linux-gnu/libgthread-2.0.so.0.4200.1\nf76cf000 12K r-x-- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/libplds4.so\nf76d2000 4K r---- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/libplds4.so\nf76d3000 4K rw--- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/libplds4.so\nf76d4000 20K r-x-- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/libplc4.so\nf76d9000 4K r---- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/libplc4.so\nf76da000 4K rw--- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/libplc4.so\nf76db000 4K r---- /var/lib/i2p-browser/chroot/usr/lib/locale/en_US.utf8/LC_IDENTIFICATION\nf76dc000 8K rw--- [ anon ]\nf76de000 4K r-x-- [ anon ]\nf76df000 8K r---- [ anon ]\nf76e1000 124K r-x-- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/ld-2.19.so\nf7700000 4K r---- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/ld-2.19.so\nf7701000 4K rw--- /var/lib/i2p-browser/chroot/lib/i386-linux-gnu/ld-2.19.so\nf7702000 148K r-x-- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/firefox\nf7727000 4K rw--- [ anon ]\nf7728000 4K r---- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/firefox\nf7729000 4K rw--- /var/lib/i2p-browser/chroot/usr/local/lib/tor-browser/firefox\nff9b0000 132K rwx-- [ stack ]\n total 499820K\n", ""] calling as root: find /usr/lib /lib -name "libfreebl3.so" call returned: [0, "/usr/lib/i386-linux-gnu/nss/libfreebl3.so\n/usr/lib/icedove/libfreebl3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/i386-linux-gnu/nss/libfreebl3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/icedove/libfreebl3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/local/lib/tor-browser/libfreebl3.so\n", ""] calling as root: find /usr/lib /lib -name "liblgpllibs.so" call returned: [0, "/lib/live/mount/rootfs/filesystem.squashfs/usr/local/lib/tor-browser/liblgpllibs.so\n", ""] calling as root: find /usr/lib /lib -name "libmozsqlite3.so" call returned: [0, "/lib/live/mount/rootfs/filesystem.squashfs/usr/local/lib/tor-browser/libmozsqlite3.so\n", ""] calling as root: find /usr/lib /lib -name "libnspr4.so" call returned: [0, "/usr/lib/i386-linux-gnu/libnspr4.so\n/usr/lib/icedove/libnspr4.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/i386-linux-gnu/libnspr4.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/icedove/libnspr4.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/local/lib/tor-browser/libnspr4.so\n", ""] calling as root: find /usr/lib /lib -name "libnss3.so" call returned: [0, "/usr/lib/i386-linux-gnu/libnss3.so\n/usr/lib/icedove/libnss3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/i386-linux-gnu/libnss3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/icedove/libnss3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/local/lib/tor-browser/libnss3.so\n", ""] calling as root: find /usr/lib /lib -name "libnssckbi.so" call returned: [0, "/usr/lib/i386-linux-gnu/nss/libnssckbi.so\n/usr/lib/icedove/libnssckbi.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/i386-linux-gnu/nss/libnssckbi.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/icedove/libnssckbi.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/local/lib/tor-browser/libnssckbi.so\n", ""] calling as root: find /usr/lib /lib -name "libnssdbm3.so" call returned: [0, "/usr/lib/i386-linux-gnu/nss/libnssdbm3.so\n/usr/lib/icedove/libnssdbm3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/i386-linux-gnu/nss/libnssdbm3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/icedove/libnssdbm3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/local/lib/tor-browser/libnssdbm3.so\n", ""] calling as root: find /usr/lib /lib -name "libnssutil3.so" call returned: [0, "/usr/lib/i386-linux-gnu/libnssutil3.so\n/usr/lib/icedove/libnssutil3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/i386-linux-gnu/libnssutil3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/icedove/libnssutil3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/local/lib/tor-browser/libnssutil3.so\n", ""] calling as root: find /usr/lib /lib -name "libplc4.so" call returned: [0, "/usr/lib/i386-linux-gnu/libplc4.so\n/usr/lib/icedove/libplc4.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/i386-linux-gnu/libplc4.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/icedove/libplc4.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/local/lib/tor-browser/libplc4.so\n", ""] calling as root: find /usr/lib /lib -name "libplds4.so" call returned: [0, "/usr/lib/i386-linux-gnu/libplds4.so\n/usr/lib/icedove/libplds4.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/i386-linux-gnu/libplds4.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/icedove/libplds4.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/local/lib/tor-browser/libplds4.so\n", ""] calling as root: find /usr/lib /lib -name "libsmime3.so" call returned: [0, "/usr/lib/i386-linux-gnu/libsmime3.so\n/usr/lib/icedove/libsmime3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/i386-linux-gnu/libsmime3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/icedove/libsmime3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/local/lib/tor-browser/libsmime3.so\n", ""] calling as root: find /usr/lib /lib -name "libsoftokn3.so" call returned: [0, "/usr/lib/i386-linux-gnu/nss/libsoftokn3.so\n/usr/lib/icedove/libsoftokn3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/i386-linux-gnu/nss/libsoftokn3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/icedove/libsoftokn3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/local/lib/tor-browser/libsoftokn3.so\n", ""] calling as root: find /usr/lib /lib -name "libssl3.so" call returned: [0, "/usr/lib/i386-linux-gnu/libssl3.so\n/usr/lib/icedove/libssl3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/i386-linux-gnu/libssl3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/icedove/libssl3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/local/lib/tor-browser/libssl3.so\n", ""] calling as root: find /usr/lib /lib -name "libxul.so" call returned: [0, "/usr/lib/icedove/libxul.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/icedove/libxul.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/local/lib/tor-browser/libxul.so\n", ""] And the I2P Browser uses all expected TBB shared libraries # features/step_definitions/browser.rb:162 Scenario: I2P is configured to run in Hidden mode # features/i2p.feature:51 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' [log] CLICK on (1024,384) call returned: [0, "", ""] calling as root: systemctl --quiet is-active tor@default.service call returned: [0, "", ""] calling as root: systemctl stop tor@default.service call returned: [0, "", ""] calling as root: rm -f /var/log/tor/log call returned: [0, "", ""] calling as root: systemctl --no-block restart tails-tor-has-bootstrapped.target call returned: [0, "", ""] calling as root: date -s '@1465816033' call returned: [0, "Mon Jun 13 11:07:13 UTC 2016\n", ""] spawning as root: restart-tor calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [0, "", ""] calling as root: cat /proc/cmdline call returned: [0, "BOOT_IMAGE=/live/vmlinuz2 initrd=/live/initrd2.img boot=live config live-media=removable apparmor=1 security=apparmor nopersistence noprompt timezone=Etc/UTC block.events_dfl_poll_msecs=1000 splash noautologin module=Tails slab_nomerge slub_debug=FZ mce=0 vsyscall=none quiet autotest_never_use_this_option blacklist=psmouse i2p\n", ""] calling as root: /usr/local/sbin/tails-i2p stop call returned: [0, "", ""] calling as root: killall tails-i2p call returned: [0, "", ""] spawning as root: /usr/local/sbin/tails-i2p start Given I have started Tails from DVD with I2P enabled and logged in and the network is connected # features/step_definitions/snapshots.rb:199 calling as root: . /usr/local/lib/tails-shell-library/i2p.sh && i2p_router_console_is_ready call returned: [1, "", ""] calling as root: . /usr/local/lib/tails-shell-library/i2p.sh && i2p_router_console_is_ready call returned: [1, "", ""] calling as root: . /usr/local/lib/tails-shell-library/i2p.sh && i2p_router_console_is_ready call returned: [1, "", ""] calling as root: . /usr/local/lib/tails-shell-library/i2p.sh && i2p_router_console_is_ready call returned: [0, "", ""] And the I2P router console is ready # features/step_definitions/i2p.rb:17 calling as amnesia: mktemp call returned: [0, "/tmp/tmp.yGt7MdUBtA\n", ""] calling as root: rm -f '/tmp/tmp.yGt7MdUBtA' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Applications'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.yGt7MdUBtA' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.yGt7MdUBtA' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.yGt7MdUBtA_20160613-110727_debug ...\nClicking on [label | Applications]\nMouse button 1 click at (47,13)\n", ""] calling as root: rm -f '/tmp/tmp.yGt7MdUBtA' call returned: [0, "", ""] calling as amnesia: mktemp call returned: [0, "/tmp/tmp.wIpdzaXSZs\n", ""] calling as root: rm -f '/tmp/tmp.wIpdzaXSZs' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Internet'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.wIpdzaXSZs' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.wIpdzaXSZs' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.wIpdzaXSZs_20160613-110731_debug ...\nClicking on [label | Internet]\nMouse button 1 click at (59,166)\n", ""] calling as root: rm -f '/tmp/tmp.wIpdzaXSZs' call returned: [0, "", ""] calling as amnesia: mktemp call returned: [0, "/tmp/tmp.AIMWLlP5Nm\n", ""] calling as root: rm -f '/tmp/tmp.AIMWLlP5Nm' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'I2P Browser'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.AIMWLlP5Nm' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.AIMWLlP5Nm' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.AIMWLlP5Nm_20160613-110735_debug ...\nClicking on [label | I2P Browser]\nMouse button 1 click at (298,160)\n", ""] calling as root: rm -f '/tmp/tmp.AIMWLlP5Nm' call returned: [0, "", ""] When I start the I2P Browser through the GNOME menu # features/step_definitions/browser.rb:14 Then the I2P router console is displayed in I2P Browser # features/step_definitions/i2p.rb:23 And I2P is running in hidden mode # features/step_definitions/i2p.rb:51 @product Feature: Root access control enforcement As a Tails user when I set an administration password in Tails Greeter I can use the password for attaining administrative privileges. But when I do not set an administration password I should not be able to attain administration privileges at all. Scenario: If an administrative password is set in Tails Greeter the live user should be able to run arbitrary commands with administrative privileges. # features/root_access_control.feature:9 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [1, "", "eth0: error fetching interface information: Device not found\n"] calling as root: date -s '@1465816079' call returned: [0, "Mon Jun 13 11:07:59 UTC 2016\n", ""] Checkpoint: I have started Tails from DVD without network and logged in with an administration password Given I have started Tails from DVD without network and stopped at Tails Greeter's login screen [log] CLICK on (433,404) And I enable more Tails Greeter options [log] CLICK on (643,447) [log] TYPE "asdf" [log] TYPE " " [log] TYPE "asdf" And I set an administration password [log] CLICK on (812,712) calling as root: test -e '/etc/sudoers.d/tails-greeter' -o -e '/etc/sudoers.d/tails-greeter-no-password-lecture' call returned: [1, "", ""] calling as root: test -e '/etc/sudoers.d/tails-greeter' -o -e '/etc/sudoers.d/tails-greeter-no-password-lecture' call returned: [0, "", ""] calling as amnesia: gsettings set org.gnome.desktop.session idle-delay 0 call returned: [0, "", ""] calling as amnesia: gsettings set org.gnome.desktop.interface toolkit-accessibility true call returned: [0, "", ""] calling as amnesia: xdotool search --all --onlyvisible --maxdepth 1 --classname 'Florence' call returned: [1, "", ""] And I log in to a new session Given I have started Tails from DVD without network and logged in with an administration password # features/step_definitions/snapshots.rb:199 calling as amnesia: echo asdf | sudo -S whoami call returned: [0, "root\n", "\nWe trust you have received the usual lecture from the local System\nAdministrator. It usually boils down to these three things:\n\n #1) Respect the privacy of others.\n #2) Think before you type.\n #3) With great power comes great responsibility.\n\n[sudo] password for amnesia: "] Then I should be able to run administration commands as the live user # features/step_definitions/root_access_control.rb:1 Scenario: If no administrative password is set in Tails Greeter the live user should not be able to run arbitrary commands administrative privileges. # features/root_access_control.feature:13 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [1, "", ""] calling as root: date -s '@1465816121' call returned: [0, "Mon Jun 13 11:08:41 UTC 2016\n", ""] Given I have started Tails from DVD without network and logged in # features/step_definitions/snapshots.rb:199 calling as amnesia: echo | sudo -S whoami call returned: [1, "", "By default, the administration password is disabled for better security.\n\nIn order to perform administration tasks, you need to setup an administration\npassword when starting Tails.\n\nSee the corresponding documentation:\nfile:///usr/share/doc/tails/website/doc/first_steps/startup_options/administration_password.en.html\nSorry, user amnesia is not allowed to execute '/usr/bin/whoami' as root on localhost.\n"] Then I should not be able to run administration commands as the live user with the "" password # features/step_definitions/root_access_control.rb:8 calling as amnesia: echo amnesia | sudo -S whoami call returned: [1, "", "By default, the administration password is disabled for better security.\n\nIn order to perform administration tasks, you need to setup an administration\npassword when starting Tails.\n\nSee the corresponding documentation:\nfile:///usr/share/doc/tails/website/doc/first_steps/startup_options/administration_password.en.html\nSorry, user amnesia is not allowed to execute '/usr/bin/whoami' as root on localhost.\n"] And I should not be able to run administration commands as the live user with the "amnesia" password # features/step_definitions/root_access_control.rb:8 calling as amnesia: echo live | sudo -S whoami call returned: [1, "", "By default, the administration password is disabled for better security.\n\nIn order to perform administration tasks, you need to setup an administration\npassword when starting Tails.\n\nSee the corresponding documentation:\nfile:///usr/share/doc/tails/website/doc/first_steps/startup_options/administration_password.en.html\nSorry, user amnesia is not allowed to execute '/usr/bin/whoami' as root on localhost.\n"] And I should not be able to run administration commands as the live user with the "live" password # features/step_definitions/root_access_control.rb:8 Scenario: If an administrative password is set in Tails Greeter the live user should be able to get administrative privileges through PolicyKit # features/root_access_control.feature:19 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [1, "", ""] calling as root: date -s '@1465816125' call returned: [0, "Mon Jun 13 11:08:45 UTC 2016\n", ""] Given I have started Tails from DVD without network and logged in with an administration password # features/step_definitions/snapshots.rb:199 calling as root: pkaction --verbose --action-id org.freedesktop.policykit.exec call returned: [1, "org.freedesktop.policykit.exec:\n description: Run programs as another user\n message: Authentication is required to run a program as another user\n vendor: The PolicyKit Project\n vendor_url: http://hal.freedesktop.org/docs/PolicyKit/\n icon: \n implicit any: auth_admin\n implicit inactive: auth_admin\n implicit active: auth_admin\n\n", ""] And running a command as root with pkexec requires PolicyKit administrator privileges # features/step_definitions/root_access_control.rb:15 calling as root: pidof -x -o '%PPID' gnome-terminal-server call returned: [1, "", ""] calling as amnesia: mktemp call returned: [0, "/tmp/tmp.RzHBkTA2hS\n", ""] calling as root: rm -f '/tmp/tmp.RzHBkTA2hS' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Applications'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.RzHBkTA2hS' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.RzHBkTA2hS' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.RzHBkTA2hS_20160613-110846_debug ...\nClicking on [label | Applications]\nMouse button 1 click at (47,13)\n", ""] calling as root: rm -f '/tmp/tmp.RzHBkTA2hS' call returned: [0, "", ""] calling as amnesia: mktemp call returned: [0, "/tmp/tmp.Z6HprviPH8\n", ""] calling as root: rm -f '/tmp/tmp.Z6HprviPH8' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Utilities'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.Z6HprviPH8' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.Z6HprviPH8' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.Z6HprviPH8_20160613-110850_debug ...\nClicking on [label | Utilities]\nMouse button 1 click at (58,430)\n", ""] calling as root: rm -f '/tmp/tmp.Z6HprviPH8' call returned: [0, "", ""] calling as amnesia: mktemp call returned: [0, "/tmp/tmp.auPhiUuIs8\n", ""] calling as root: rm -f '/tmp/tmp.auPhiUuIs8' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Terminal'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.auPhiUuIs8' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.auPhiUuIs8' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.auPhiUuIs8_20160613-110854_debug ...\nClicking on [label | Terminal]\nMouse button 1 click at (286,468)\n", ""] calling as root: rm -f '/tmp/tmp.auPhiUuIs8' call returned: [0, "", ""] [log] TYPE "pkexec touch /root/pkexec-test " [log] TYPE "asdf" [log] TYPE " " calling as root: ls /root/pkexec-test call returned: [0, "/root/pkexec-test\n", ""] Then I should be able to run a command as root with pkexec # features/step_definitions/root_access_control.rb:26 Scenario: If no administrative password is set in Tails Greeter the live user should not be able to get administrative privileges through PolicyKit with the standard passwords. # features/root_access_control.feature:24 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [1, "", ""] calling as root: date -s '@1465816148' call returned: [0, "Mon Jun 13 11:09:08 UTC 2016\n", ""] Given I have started Tails from DVD without network and logged in # features/step_definitions/snapshots.rb:199 calling as root: pkaction --verbose --action-id org.freedesktop.policykit.exec call returned: [1, "org.freedesktop.policykit.exec:\n description: Run programs as another user\n message: Authentication is required to run a program as another user\n vendor: The PolicyKit Project\n vendor_url: http://hal.freedesktop.org/docs/PolicyKit/\n icon: \n implicit any: auth_admin\n implicit inactive: auth_admin\n implicit active: auth_admin\n\n", ""] And running a command as root with pkexec requires PolicyKit administrator privileges # features/step_definitions/root_access_control.rb:15 calling as root: pidof -x -o '%PPID' gnome-terminal-server call returned: [1, "", ""] calling as amnesia: mktemp call returned: [0, "/tmp/tmp.MaIJHOqfPm\n", ""] calling as root: rm -f '/tmp/tmp.MaIJHOqfPm' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Applications'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.MaIJHOqfPm' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.MaIJHOqfPm' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.MaIJHOqfPm_20160613-110909_debug ...\nClicking on [label | Applications]\nMouse button 1 click at (47,13)\n", ""] calling as root: rm -f '/tmp/tmp.MaIJHOqfPm' call returned: [0, "", ""] calling as amnesia: mktemp call returned: [0, "/tmp/tmp.Vt3PoXQAB3\n", ""] calling as root: rm -f '/tmp/tmp.Vt3PoXQAB3' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Utilities'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.Vt3PoXQAB3' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.Vt3PoXQAB3' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.Vt3PoXQAB3_20160613-110913_debug ...\nClicking on [label | Utilities]\nMouse button 1 click at (58,430)\n", ""] calling as root: rm -f '/tmp/tmp.Vt3PoXQAB3' call returned: [0, "", ""] calling as amnesia: mktemp call returned: [0, "/tmp/tmp.lpV2wcdxYf\n", ""] calling as root: rm -f '/tmp/tmp.lpV2wcdxYf' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Terminal'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.lpV2wcdxYf' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.lpV2wcdxYf' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.lpV2wcdxYf_20160613-110917_debug ...\nClicking on [label | Terminal]\nMouse button 1 click at (286,468)\n", ""] calling as root: rm -f '/tmp/tmp.lpV2wcdxYf' call returned: [0, "", ""] [log] TYPE "pkexec touch /root/pkexec-test " [log] TYPE "" [log] TYPE " " [log] TYPE "live" [log] TYPE " " [log] TYPE "amnesia" [log] TYPE " " [log] TYPE "" Then I should not be able to run a command as root with pkexec and the standard passwords # features/step_definitions/root_access_control.rb:34 @product @check_tor_leaks Feature: Time syncing As a Tails user I want Tor to work properly And for that I need a reasonably accurate system clock Scenario: Clock with host's time # features/time_syncing.feature:7 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [1, "", ""] calling as root: date -s '@1465816203' call returned: [0, "Mon Jun 13 11:10:03 UTC 2016\n", ""] Given I have started Tails from DVD without network and logged in # features/step_definitions/snapshots.rb:199 When the network is plugged # features/step_definitions/common_steps.rb:159 calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [0, "", ""] calling as root: test -e /var/run/tordate/done call returned: [1, "", ""] calling as root: test -e /var/run/tordate/done call returned: [0, "", ""] calling as root: test -e /var/run/htpdate/success call returned: [1, "", ""] calling as root: test -e /var/run/htpdate/success call returned: [0, "", ""] calling as root: systemctl is-system-running call returned: [0, "running\n", ""] And Tor is ready # features/step_definitions/common_steps.rb:373 calling as root: date --rfc-2822 call returned: [0, "Mon, 13 Jun 2016 11:10:19 +0000\n", ""] Then Tails clock is less than 5 minutes incorrect # features/step_definitions/time_syncing.rb:40 Time was 1.319465806 seconds off Scenario: Clock with host's time in bridge mode # features/time_syncing.feature:13 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [1, "", "eth0: error fetching interface information: Device not found\n"] calling as root: date -s '@1465816223' call returned: [0, "Mon Jun 13 11:10:23 UTC 2016\n", ""] Checkpoint: I have started Tails from DVD without network and logged in with bridge mode enabled Given I have started Tails from DVD without network and stopped at Tails Greeter's login screen [log] CLICK on (433,404) [log] CLICK on (643,447) And I enable more Tails Greeter options [log] CLICK on (511,609) And I enable the specific Tor configuration option [log] CLICK on (812,712) calling as root: test -e '/etc/sudoers.d/tails-greeter' -o -e '/etc/sudoers.d/tails-greeter-no-password-lecture' call returned: [1, "", ""] calling as root: test -e '/etc/sudoers.d/tails-greeter' -o -e '/etc/sudoers.d/tails-greeter-no-password-lecture' call returned: [0, "", ""] calling as amnesia: gsettings set org.gnome.desktop.session idle-delay 0 call returned: [0, "", ""] calling as amnesia: gsettings set org.gnome.desktop.interface toolkit-accessibility true call returned: [0, "", ""] calling as amnesia: xdotool search --all --onlyvisible --maxdepth 1 --classname 'Florence' call returned: [1, "", ""] And I log in to a new session [log] CLICK on (1007,762) [profile] Finder.findAll START [profile] Finder.findAll END: 229ms [profile] Finder.findAll START [profile] Finder.findAll END: 237ms [profile] Finder.findAll START [profile] Finder.findAll END: 238ms [profile] Finder.findAll START [profile] Finder.findAll END: 236ms [profile] Finder.findAll START [profile] Finder.findAll END: 249ms [profile] Finder.findAll START [profile] Finder.findAll END: 305ms [profile] Finder.findAll START [profile] Finder.findAll END: 300ms [log] CLICK on (51,16) And all notifications have disappeared Given I have started Tails from DVD without network and logged in with bridge mode enabled # features/step_definitions/snapshots.rb:199 When the network is plugged # features/step_definitions/common_steps.rb:159 And the Tor Launcher autostarts # features/step_definitions/tor.rb:335 [log] CLICK on (239,455) [log] CLICK on (243,305) [log] CLICK on (791,624) [log] CLICK on (301,326) [log] TYPE "bridge 10.2.1.1:5037 E39C54F534D4F7D7EEC4BD3D0CC3DEAE367AD8F0 " [log] TYPE "bridge 10.2.1.1:5036 C0358A7C33A1B3BBE329D8BAAD1B44531E668B8F " [log] TYPE "bridge 10.2.1.1:5035 4FE053E2EADDA7EAF5A97B7D31C41D7733F16693 " [log] CLICK on (791,624) [log] CLICK on (791,624) And I configure some bridge pluggable transports in Tor Launcher # features/step_definitions/tor.rb:339 calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [0, "", ""] calling as root: test -e /var/run/tordate/done call returned: [0, "", ""] calling as root: test -e /var/run/htpdate/success call returned: [1, "", ""] calling as root: test -e /var/run/htpdate/success call returned: [1, "", ""] calling as root: test -e /var/run/htpdate/success call returned: [0, "", ""] calling as root: systemctl is-system-running call returned: [0, "running\n", ""] And Tor is ready # features/step_definitions/common_steps.rb:373 calling as root: date --rfc-2822 call returned: [0, "Mon, 13 Jun 2016 11:11:59 +0000\n", ""] Then Tails clock is less than 5 minutes incorrect # features/step_definitions/time_syncing.rb:40 Time was 0.611407398 seconds off Scenario: The system time is not synced to the hardware clock # features/time_syncing.feature:21 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [1, "", ""] calling as root: date -s '@1465816322' call returned: [0, "Mon Jun 13 11:12:02 UTC 2016\n", ""] Given I have started Tails from DVD without network and logged in # features/step_definitions/snapshots.rb:199 calling as root: date call returned: [0, "Mon Jun 13 11:12:02 UTC 2016\n", ""] calling as root: date -s 'now -15 days' call returned: [0, "Sun May 29 11:12:02 UTC 2016\n", ""] calling as root: date call returned: [0, "Sun May 29 11:12:03 UTC 2016\n", ""] When I bump the system time with "-15 days" # features/step_definitions/time_syncing.rb:20 spawning as root: reboot And I warm reboot the computer # features/step_definitions/common_steps.rb:543 [log] TYPE " " [log] TYPE " autotest_never_use_this_option blacklist=psmouse " calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] calling as root: service tor status call returned: [3, "\u25cf tor.service - Anonymizing overlay network for TCP (multi-instance-master)\n Loaded: loaded (/lib/systemd/system/tor.service; disabled)\n Active: inactive (dead)\n", ""] calling as root: echo 'TestingTorNetwork 1 AssumeReachable 1 PathsNeededToBuildCircuits 0.25 TestingBridgeDownloadSchedule 0, 5 TestingClientConsensusDownloadSchedule 0, 5 TestingClientDownloadSchedule 0, 5 TestingDirAuthVoteExit * TestingDirAuthVoteGuard * TestingDirAuthVoteHSDir * TestingMinExitFlagThreshold 0 V3AuthNIntervalsValid 2 ClientRejectInternalAddresses 1 AlternateDirAuthority test000auth orport=5000 no-v2 hs v3ident=F331DEF03340024E27063D865A4A0D11A21420ED 10.2.1.1:7000 AE0896F267595CC58A3F8432998765FCF1AD1A6D AlternateDirAuthority test001auth orport=5001 no-v2 hs v3ident=5228B82B1FA52163CD2938D9880D62F7FDAEC7BE 10.2.1.1:7001 A4B46490D9F3E18CB9FA4DE4973114C9CDFC972A AlternateDirAuthority test002auth orport=5002 no-v2 hs v3ident=4989A61D959085B49A9855C38A8F69EE6099914C 10.2.1.1:7002 90944BF1079C2A7D6A77C41D62D10D7CCA44E27F AlternateDirAuthority test003auth orport=5003 no-v2 hs v3ident=2C590C78CC3BE6311EEDBFC7A6DA9883F80C40B8 10.2.1.1:7003 780C6EFF7CF37F05149E318488BE30F8F5E908F7 AlternateBridgeAuthority test004brauth orport=5004 no-v2 bridge 10.2.1.1:7004 FE7BB8E09C53B7354A1A5ABCC8F64C311A6D696A ' >> '/etc/tor/torrc' call returned: [0, "", ""] And the computer reboots Tails # features/step_definitions/common_steps.rb:273 calling as root: hwclock -r call returned: [0, "Mon 13 Jun 2016 11:14:03 AM UTC -0.806360 seconds\n", ""] Then Tails' hardware clock is close to the host system's time # features/step_definitions/time_syncing.rb:69 Scenario: Anti-test: Changes to the hardware clock are kept when rebooting # features/time_syncing.feature:28 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [1, "", ""] calling as root: date -s '@1465816446' call returned: [0, "Mon Jun 13 11:14:06 UTC 2016\n", ""] Given I have started Tails from DVD without network and logged in # features/step_definitions/snapshots.rb:199 calling as root: hwclock -r call returned: [0, "Mon 13 Jun 2016 11:14:08 AM UTC -0.961582 seconds\n", ""] calling as root: hwclock --set --date 'now -15 days' call returned: [0, "", ""] calling as root: hwclock -r call returned: [0, "Sun 29 May 2016 11:14:09 AM UTC -0.240922 seconds\n", ""] When I bump the hardware clock's time with "-15 days" # features/step_definitions/time_syncing.rb:20 spawning as root: reboot And I warm reboot the computer # features/step_definitions/common_steps.rb:543 [log] TYPE " " [log] TYPE " autotest_never_use_this_option blacklist=psmouse " calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] calling as root: service tor status call returned: [3, "\u25cf tor.service - Anonymizing overlay network for TCP (multi-instance-master)\n Loaded: loaded (/lib/systemd/system/tor.service; disabled)\n Active: inactive (dead)\n", ""] calling as root: echo 'TestingTorNetwork 1 AssumeReachable 1 PathsNeededToBuildCircuits 0.25 TestingBridgeDownloadSchedule 0, 5 TestingClientConsensusDownloadSchedule 0, 5 TestingClientDownloadSchedule 0, 5 TestingDirAuthVoteExit * TestingDirAuthVoteGuard * TestingDirAuthVoteHSDir * TestingMinExitFlagThreshold 0 V3AuthNIntervalsValid 2 ClientRejectInternalAddresses 1 AlternateDirAuthority test000auth orport=5000 no-v2 hs v3ident=F331DEF03340024E27063D865A4A0D11A21420ED 10.2.1.1:7000 AE0896F267595CC58A3F8432998765FCF1AD1A6D AlternateDirAuthority test001auth orport=5001 no-v2 hs v3ident=5228B82B1FA52163CD2938D9880D62F7FDAEC7BE 10.2.1.1:7001 A4B46490D9F3E18CB9FA4DE4973114C9CDFC972A AlternateDirAuthority test002auth orport=5002 no-v2 hs v3ident=4989A61D959085B49A9855C38A8F69EE6099914C 10.2.1.1:7002 90944BF1079C2A7D6A77C41D62D10D7CCA44E27F AlternateDirAuthority test003auth orport=5003 no-v2 hs v3ident=2C590C78CC3BE6311EEDBFC7A6DA9883F80C40B8 10.2.1.1:7003 780C6EFF7CF37F05149E318488BE30F8F5E908F7 AlternateBridgeAuthority test004brauth orport=5004 no-v2 bridge 10.2.1.1:7004 FE7BB8E09C53B7354A1A5ABCC8F64C311A6D696A ' >> '/etc/tor/torrc' call returned: [0, "", ""] And the computer reboots Tails # features/step_definitions/common_steps.rb:273 calling as root: hwclock -r call returned: [0, "Sun 29 May 2016 11:16:11 AM UTC -0.039176 seconds\n", ""] Then the hardware clock is still off by "-15 days" # features/step_definitions/time_syncing.rb:77 Scenario: Boot with a hardware clock set way in the past and make sure that Tails sets the clock to the build date # features/time_syncing.feature:35 Given a computer # features/step_definitions/common_steps.rb:122 And the network is unplugged # features/step_definitions/common_steps.rb:163 And the hardware clock is set to "01 Jan 2000 12:34:56" # features/step_definitions/common_steps.rb:167 And I start the computer # features/step_definitions/common_steps.rb:184 [log] CLICK on (1024,384) [log] TYPE " " [log] TYPE " autotest_never_use_this_option blacklist=psmouse " calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] calling as root: service tor status call returned: [3, "\u25cf tor.service - Anonymizing overlay network for TCP (multi-instance-master)\n Loaded: loaded (/lib/systemd/system/tor.service; disabled)\n Active: inactive (dead)\n", ""] calling as root: echo 'TestingTorNetwork 1 AssumeReachable 1 PathsNeededToBuildCircuits 0.25 TestingBridgeDownloadSchedule 0, 5 TestingClientConsensusDownloadSchedule 0, 5 TestingClientDownloadSchedule 0, 5 TestingDirAuthVoteExit * TestingDirAuthVoteGuard * TestingDirAuthVoteHSDir * TestingMinExitFlagThreshold 0 V3AuthNIntervalsValid 2 ClientRejectInternalAddresses 1 AlternateDirAuthority test000auth orport=5000 no-v2 hs v3ident=F331DEF03340024E27063D865A4A0D11A21420ED 10.2.1.1:7000 AE0896F267595CC58A3F8432998765FCF1AD1A6D AlternateDirAuthority test001auth orport=5001 no-v2 hs v3ident=5228B82B1FA52163CD2938D9880D62F7FDAEC7BE 10.2.1.1:7001 A4B46490D9F3E18CB9FA4DE4973114C9CDFC972A AlternateDirAuthority test002auth orport=5002 no-v2 hs v3ident=4989A61D959085B49A9855C38A8F69EE6099914C 10.2.1.1:7002 90944BF1079C2A7D6A77C41D62D10D7CCA44E27F AlternateDirAuthority test003auth orport=5003 no-v2 hs v3ident=2C590C78CC3BE6311EEDBFC7A6DA9883F80C40B8 10.2.1.1:7003 780C6EFF7CF37F05149E318488BE30F8F5E908F7 AlternateBridgeAuthority test004brauth orport=5004 no-v2 bridge 10.2.1.1:7004 FE7BB8E09C53B7354A1A5ABCC8F64C311A6D696A ' >> '/etc/tor/torrc' call returned: [0, "", ""] And the computer boots Tails # features/step_definitions/common_steps.rb:273 calling as root: date call returned: [0, "Mon Jun 13 00:01:05 UTC 2016\n", ""] calling as root: sed -n -e "1s/^.* - \([0-9]\+\)$/\1/p;q" /etc/amnesia/version call returned: [0, "20160613\n", ""] Then the system clock is just past Tails' build date # features/step_definitions/time_syncing.rb:50 @product Feature: Using Tails with Tor pluggable transports As a Tails user I want to circumvent censorship of Tor by using Tor pluggable transports And avoid connecting directly to the Tor Network Background: # features/tor_bridges.feature:7 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [1, "", "eth0: error fetching interface information: Device not found\n"] calling as root: date -s '@1465816672' call returned: [0, "Mon Jun 13 11:17:52 UTC 2016\n", ""] Checkpoint: I have started Tails from DVD without network and logged in with bridge mode enabled Given I have started Tails from DVD without network and stopped at Tails Greeter's login screen [log] CLICK on (433,404) [log] CLICK on (643,447) And I enable more Tails Greeter options [log] CLICK on (511,609) And I enable the specific Tor configuration option [log] CLICK on (812,712) calling as root: test -e '/etc/sudoers.d/tails-greeter' -o -e '/etc/sudoers.d/tails-greeter-no-password-lecture' call returned: [1, "", ""] calling as root: test -e '/etc/sudoers.d/tails-greeter' -o -e '/etc/sudoers.d/tails-greeter-no-password-lecture' call returned: [0, "", ""] calling as amnesia: gsettings set org.gnome.desktop.session idle-delay 0 call returned: [0, "", ""] calling as amnesia: gsettings set org.gnome.desktop.interface toolkit-accessibility true call returned: [0, "", ""] calling as amnesia: xdotool search --all --onlyvisible --maxdepth 1 --classname 'Florence' call returned: [1, "", ""] And I log in to a new session [log] CLICK on (1007,762) [profile] Finder.findAll START [profile] Finder.findAll END: 258ms [profile] Finder.findAll START [profile] Finder.findAll END: 277ms [profile] Finder.findAll START [profile] Finder.findAll END: 275ms [profile] Finder.findAll START [profile] Finder.findAll END: 262ms [profile] Finder.findAll START [profile] Finder.findAll END: 255ms [profile] Finder.findAll START [profile] Finder.findAll END: 267ms [profile] Finder.findAll START [profile] Finder.findAll END: 267ms And all notifications have disappeared [log] CLICK on (51,16) Given I have started Tails from DVD without network and logged in with bridge mode enabled # features/step_definitions/snapshots.rb:199 And I capture all network traffic # features/step_definitions/common_steps.rb:171 When the network is plugged # features/step_definitions/common_steps.rb:159 Then the Tor Launcher autostarts # features/step_definitions/tor.rb:335 calling as root: . /usr/local/lib/tails-shell-library/tor-browser.sh && echo ${TBB_INSTALL}/firefox call returned: [0, "/usr/local/lib/tor-browser/firefox\n", ""] calling as root: . /usr/local/lib/tails-shell-library/tor-browser.sh && echo ${TOR_LAUNCHER_INSTALL} call returned: [0, "/usr/local/lib/tor-launcher-standalone\n", ""] calling as root: pgrep --uid tor-launcher --full --exact '/usr/local/lib/tor-browser/firefox-unconfined +-app /usr/local/lib/tor-launcher-standalone/application.ini.*' call returned: [0, "2859\n", ""] calling as root: . /usr/local/lib/tails-shell-library/tor-browser.sh && ls -1 ${TBB_INSTALL}/*.so call returned: [0, "/usr/local/lib/tor-browser/libfreebl3.so\n/usr/local/lib/tor-browser/liblgpllibs.so\n/usr/local/lib/tor-browser/libmozsqlite3.so\n/usr/local/lib/tor-browser/libnspr4.so\n/usr/local/lib/tor-browser/libnss3.so\n/usr/local/lib/tor-browser/libnssckbi.so\n/usr/local/lib/tor-browser/libnssdbm3.so\n/usr/local/lib/tor-browser/libnssutil3.so\n/usr/local/lib/tor-browser/libplc4.so\n/usr/local/lib/tor-browser/libplds4.so\n/usr/local/lib/tor-browser/libsmime3.so\n/usr/local/lib/tor-browser/libsoftokn3.so\n/usr/local/lib/tor-browser/libssl3.so\n/usr/local/lib/tor-browser/libxul.so\n", ""] calling as root: pmap --show-path 2859 call returned: [0, "2859: /usr/local/lib/tor-browser/firefox-unconfined -app /usr/local/lib/tor-launcher-standalone/application.ini -profile /home/tor-launcher/.tor-launcher/profile.default\ne1f00000 1024K rw--- [ anon ]\ne20e0000 128K rwx-- [ anon ]\ne2100000 2048K rw--- [ anon ]\ne2307000 208K r-x-- /usr/lib/i386-linux-gnu/libgconf-2.so.4.1.5\ne233b000 4K r---- /usr/lib/i386-linux-gnu/libgconf-2.so.4.1.5\ne233c000 4K rw--- /usr/lib/i386-linux-gnu/libgconf-2.so.4.1.5\ne2344000 64K rwx-- [ anon ]\ne2354000 572K r---- /usr/local/lib/tor-browser/fonts/Arimo-Bold.ttf\ne23e3000 572K r---- /usr/local/lib/tor-browser/fonts/Arimo-Bold.ttf\ne2472000 568K r---- /usr/local/lib/tor-browser/fonts/Arimo-Regular.ttf\ne2500000 4K ----- [ anon ]\ne2501000 1020K rwx-- [ anon ]\ne2600000 1024K rw--- [ anon ]\ne270f000 568K r---- /usr/local/lib/tor-browser/fonts/Arimo-Regular.ttf\ne279d000 64K rwx-- [ anon ]\ne27ad000 120K r--s- /usr/share/mime/mime.cache\ne27cb000 4K ----- [ anon ]\ne27cc000 8252K rwx-- [ anon ]\ne2fdb000 4K ----- [ anon ]\ne2fdc000 8188K rwx-- [ anon ]\ne37db000 4K ----- [ anon ]\ne37dc000 8188K rwx-- [ anon ]\ne3fdb000 4K ----- [ anon ]\ne3fdc000 8188K rwx-- [ anon ]\ne47db000 4K ----- [ anon ]\ne47dc000 8188K rwx-- [ anon ]\ne4fdb000 84K r--s- /home/tor-launcher/.cache/fontconfig/42f746296937150ee8e3c23c67344d6d-le32d4.cache-4\ne4ff0000 4K ----- [ anon ]\ne4ff1000 8188K rwx-- [ anon ]\ne57f0000 4K ----- [ anon ]\ne57f1000 8252K rwx-- [ anon ]\ne6000000 1024K rw--- [ anon ]\ne6104000 4K ----- [ anon ]\ne6105000 8188K rwx-- [ anon ]\ne6904000 172K r-x-- /usr/lib/i386-linux-gnu/libvorbis.so.0.4.7\ne692f000 4K r---- /usr/lib/i386-linux-gnu/libvorbis.so.0.4.7\ne6930000 4K rw--- /usr/lib/i386-linux-gnu/libvorbis.so.0.4.7\ne6931000 28K r-x-- /usr/lib/i386-linux-gnu/libogg.so.0.8.2\ne6938000 4K r---- /usr/lib/i386-linux-gnu/libogg.so.0.8.2\ne6939000 4K rw--- /usr/lib/i386-linux-gnu/libogg.so.0.8.2\ne693a000 496K r-x-- /usr/lib/i386-linux-gnu/libvorbisenc.so.2.0.10\ne69b6000 72K r---- /usr/lib/i386-linux-gnu/libvorbisenc.so.2.0.10\ne69c8000 4K rw--- /usr/lib/i386-linux-gnu/libvorbisenc.so.2.0.10\ne69c9000 212K r-x-- /usr/lib/i386-linux-gnu/libFLAC.so.8.3.0\ne69fe000 4K r---- /usr/lib/i386-linux-gnu/libFLAC.so.8.3.0\ne69ff000 4K rw--- /usr/lib/i386-linux-gnu/libFLAC.so.8.3.0\ne6a00000 4K ----- [ anon ]\ne6a01000 8188K rwx-- [ anon ]\ne7200000 4K ----- [ anon ]\ne7201000 8188K rwx-- [ anon ]\ne7a00000 4K ----- [ anon ]\ne7a01000 8188K rwx-- [ anon ]\ne8200000 4K ----- [ anon ]\ne8201000 8188K rwx-- [ anon ]\ne8a00000 4K ----- [ anon ]\ne8a01000 8188K rwx-- [ anon ]\ne9200000 8192K rw--- [ anon ]\ne9a00000 4K ----- [ anon ]\ne9a01000 8188K rwx-- [ anon ]\nea200000 5120K rw--- [ anon ]\nea708000 72K r-x-- /lib/i386-linux-gnu/libgpg-error.so.0.13.0\nea71a000 4K r---- /lib/i386-linux-gnu/libgpg-error.so.0.13.0\nea71b000 4K rw--- /lib/i386-linux-gnu/libgpg-error.so.0.13.0\nea71c000 84K r-x-- /lib/i386-linux-gnu/libnsl-2.19.so\nea731000 4K r---- /lib/i386-linux-gnu/libnsl-2.19.so\nea732000 4K rw--- /lib/i386-linux-gnu/libnsl-2.19.so\nea733000 8K rw--- [ anon ]\nea735000 692K r-x-- /lib/i386-linux-gnu/libgcrypt.so.20.0.3\nea7e2000 4K r---- /lib/i386-linux-gnu/libgcrypt.so.20.0.3\nea7e3000 12K rw--- /lib/i386-linux-gnu/libgcrypt.so.20.0.3\nea7e6000 152K r-x-- /lib/i386-linux-gnu/liblzma.so.5.0.0\nea80c000 8K r---- /lib/i386-linux-gnu/liblzma.so.5.0.0\nea80e000 4K rw--- /lib/i386-linux-gnu/liblzma.so.5.0.0\nea80f000 456K r-x-- /usr/lib/i386-linux-gnu/libsndfile.so.1.0.25\nea881000 8K r---- /usr/lib/i386-linux-gnu/libsndfile.so.1.0.25\nea883000 4K rw--- /usr/lib/i386-linux-gnu/libsndfile.so.1.0.25\nea884000 16K rw--- [ anon ]\nea888000 156K r-x-- /lib/i386-linux-gnu/libsystemd.so.0.3.1\nea8af000 4K r---- /lib/i386-linux-gnu/libsystemd.so.0.3.1\nea8b0000 4K rw--- /lib/i386-linux-gnu/libsystemd.so.0.3.1\nea8b1000 512K r-x-- /usr/lib/i386-linux-gnu/pulseaudio/libpulsecommon-5.0.so\nea931000 4K r---- /usr/lib/i386-linux-gnu/pulseaudio/libpulsecommon-5.0.so\nea932000 4K rw--- /usr/lib/i386-linux-gnu/pulseaudio/libpulsecommon-5.0.so\nea933000 344K r-x-- /usr/lib/i386-linux-gnu/libpulse.so.0.17.3\nea989000 4K r---- /usr/lib/i386-linux-gnu/libpulse.so.0.17.3\nea98a000 4K rw--- /usr/lib/i386-linux-gnu/libpulse.so.0.17.3\nea98b000 396K r-x-- /usr/local/lib/tor-browser/libnssckbi.so\nea9ee000 48K r---- /usr/local/lib/tor-browser/libnssckbi.so\nea9fa000 24K rw--- /usr/local/lib/tor-browser/libnssckbi.so\neaa00000 1024K rw--- [ anon ]\neab03000 16K r-x-- /lib/i386-linux-gnu/libattr.so.1.1.0\neab07000 4K r---- /lib/i386-linux-gnu/libattr.so.1.1.0\neab08000 4K rw--- /lib/i386-linux-gnu/libattr.so.1.1.0\neab09000 20K r-x-- /usr/lib/i386-linux-gnu/libasyncns.so.0.3.1\neab0e000 4K r---- /usr/lib/i386-linux-gnu/libasyncns.so.0.3.1\neab0f000 4K rw--- /usr/lib/i386-linux-gnu/libasyncns.so.0.3.1\neab10000 32K r-x-- /lib/i386-linux-gnu/libwrap.so.0.7.6\neab18000 4K r---- /lib/i386-linux-gnu/libwrap.so.0.7.6\neab19000 4K rw--- /lib/i386-linux-gnu/libwrap.so.0.7.6\neab1a000 24K r-x-- /usr/lib/i386-linux-gnu/libXtst.so.6.1.0\neab20000 4K r---- /usr/lib/i386-linux-gnu/libXtst.so.6.1.0\neab21000 4K rw--- /usr/lib/i386-linux-gnu/libXtst.so.6.1.0\neab22000 20K r-x-- /usr/lib/i386-linux-gnu/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-png.so\neab27000 4K r---- /usr/lib/i386-linux-gnu/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-png.so\neab28000 4K rw--- /usr/lib/i386-linux-gnu/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-png.so\neab29000 64K rwx-- [ anon ]\neab39000 420K r-x-- /usr/local/lib/tor-browser/libfreebl3.so\neaba2000 4K ----- /usr/local/lib/tor-browser/libfreebl3.so\neaba3000 4K r---- /usr/local/lib/tor-browser/libfreebl3.so\neaba4000 4K rw--- /usr/local/lib/tor-browser/libfreebl3.so\neaba5000 16K rw--- [ anon ]\neaba9000 212K r-x-- /usr/local/lib/tor-browser/libsoftokn3.so\neabde000 4K r---- /usr/local/lib/tor-browser/libsoftokn3.so\neabdf000 4K rw--- /usr/local/lib/tor-browser/libsoftokn3.so\neabe0000 4K ----- [ anon ]\neabe1000 124K rwx-- [ anon ]\neac00000 4K ----- [ anon ]\neac01000 8188K rwx-- [ anon ]\neb400000 3072K rw--- [ anon ]\neb700000 4K ----- [ anon ]\neb701000 8188K rwx-- [ anon ]\nebf00000 16384K rw--- [ anon ]\necf00000 4K ----- [ anon ]\necf01000 2044K rwx-- [ anon ]\ned100000 4K ----- [ anon ]\ned101000 2044K rwx-- [ anon ]\ned300000 4K ----- [ anon ]\ned301000 2044K rwx-- [ anon ]\ned500000 4K ----- [ anon ]\ned501000 2044K rwx-- [ anon ]\ned700000 4K ----- [ anon ]\ned701000 2044K rwx-- [ anon ]\ned900000 1024K rw--- [ anon ]\neda00000 112K r-x-- /usr/local/lib/tor-browser/libnssdbm3.so\neda1c000 4K ----- /usr/local/lib/tor-browser/libnssdbm3.so\neda1d000 4K r---- /usr/local/lib/tor-browser/libnssdbm3.so\neda1e000 4K rw--- /usr/local/lib/tor-browser/libnssdbm3.so\neda1f000 568K r---- /usr/local/lib/tor-browser/fonts/Arimo-Regular.ttf\nedaad000 4K ----- [ anon ]\nedaae000 8188K rwx-- [ anon ]\nee2ad000 4K ----- [ anon ]\nee2ae000 8188K rwx-- [ anon ]\neeaad000 9548K r---- /usr/local/lib/tor-browser/omni.ja\nef400000 1024K rw--- [ anon ]\nef501000 40K r-x-- /lib/i386-linux-gnu/libjson-c.so.2.0.0\nef50b000 4K r---- /lib/i386-linux-gnu/libjson-c.so.2.0.0\nef50c000 4K rw--- /lib/i386-linux-gnu/libjson-c.so.2.0.0\nef50d000 388K r-x-- /usr/lib/i386-linux-gnu/libibus-1.0.so.5.0.509\nef56e000 8K r---- /usr/lib/i386-linux-gnu/libibus-1.0.so.5.0.509\nef570000 4K rw--- /usr/lib/i386-linux-gnu/libibus-1.0.so.5.0.509\nef572000 16K r-x-- /lib/i386-linux-gnu/libcap.so.2.24\nef576000 4K r---- /lib/i386-linux-gnu/libcap.so.2.24\nef577000 4K rw--- /lib/i386-linux-gnu/libcap.so.2.24\nef578000 128K rwx-- [ anon ]\nef598000 196K r-x-- /usr/lib/i386-linux-gnu/libatk-bridge-2.0.so.0.0.0\nef5c9000 4K r---- /usr/lib/i386-linux-gnu/libatk-bridge-2.0.so.0.0.0\nef5ca000 4K rw--- /usr/lib/i386-linux-gnu/libatk-bridge-2.0.so.0.0.0\nef5cb000 4K rw--- [ anon ]\nef5cc000 188K r-x-- /usr/lib/i386-linux-gnu/libatspi.so.0.0.1\nef5fb000 12K r---- /usr/lib/i386-linux-gnu/libatspi.so.0.0.1\nef5fe000 4K rw--- /usr/lib/i386-linux-gnu/libatspi.so.0.0.1\nef5ff000 32K r-x-- /usr/lib/i386-linux-gnu/libgailutil.so.18.0.1\nef607000 4K r---- /usr/lib/i386-linux-gnu/libgailutil.so.18.0.1\nef608000 4K rw--- /usr/lib/i386-linux-gnu/libgailutil.so.18.0.1\nef60a000 28K r-x-- /usr/lib/i386-linux-gnu/gtk-2.0/2.10.0/immodules/im-ibus.so\nef611000 4K r---- /usr/lib/i386-linux-gnu/gtk-2.0/2.10.0/immodules/im-ibus.so\nef612000 4K rw--- /usr/lib/i386-linux-gnu/gtk-2.0/2.10.0/immodules/im-ibus.so\nef613000 4K ----- [ anon ]\nef614000 28K rwx-- [ anon ]\nef61b000 12K r-x-- /usr/lib/i386-linux-gnu/gconv/UTF-16.so\nef61e000 4K r---- /usr/lib/i386-linux-gnu/gconv/UTF-16.so\nef61f000 4K rw--- /usr/lib/i386-linux-gnu/gconv/UTF-16.so\nef620000 360K r-x-- /usr/lib/i386-linux-gnu/gtk-2.0/modules/libgail.so\nef67a000 4K r---- /usr/lib/i386-linux-gnu/gtk-2.0/modules/libgail.so\nef67b000 4K rw--- /usr/lib/i386-linux-gnu/gtk-2.0/modules/libgail.so\nef67c000 40K r-x-- /usr/lib/i386-linux-gnu/gtk-2.0/2.10.0/engines/libpixmap.so\nef686000 8K r---- /usr/lib/i386-linux-gnu/gtk-2.0/2.10.0/engines/libpixmap.so\nef688000 4K rw--- /usr/lib/i386-linux-gnu/gtk-2.0/2.10.0/engines/libpixmap.so\nef689000 252K r---- /usr/lib/locale/zu_ZA.utf8/LC_CTYPE\nef6c8000 1216K r---- /usr/lib/locale/zu_ZA.utf8/LC_COLLATE\nef7f8000 4K ----- [ anon ]\nef7f9000 8188K rwx-- [ anon ]\nefff8000 16K r-x-- /lib/i386-linux-gnu/libuuid.so.1.3.0\nefffc000 4K r---- /lib/i386-linux-gnu/libuuid.so.1.3.0\nefffd000 4K rw--- /lib/i386-linux-gnu/libuuid.so.1.3.0\nefffe000 20K r-x-- /usr/lib/i386-linux-gnu/libXdmcp.so.6.0.0\nf0003000 4K rw--- /usr/lib/i386-linux-gnu/libXdmcp.so.6.0.0\nf0004000 8K r-x-- /usr/lib/i386-linux-gnu/libXau.so.6.0.0\nf0006000 4K r---- /usr/lib/i386-linux-gnu/libXau.so.6.0.0\nf0007000 4K rw--- /usr/lib/i386-linux-gnu/libXau.so.6.0.0\nf0008000 28K r-x-- /usr/lib/i386-linux-gnu/libdatrie.so.1.3.1\nf000f000 4K r---- /usr/lib/i386-linux-gnu/libdatrie.so.1.3.1\nf0010000 4K rw--- /usr/lib/i386-linux-gnu/libdatrie.so.1.3.1\nf0011000 148K r-x-- /usr/lib/i386-linux-gnu/libgraphite2.so.3.0.1\nf0036000 8K r---- /usr/lib/i386-linux-gnu/libgraphite2.so.3.0.1\nf0038000 4K rw--- /usr/lib/i386-linux-gnu/libgraphite2.so.3.0.1\nf0039000 100K r-x-- /usr/lib/i386-linux-gnu/libICE.so.6.3.0\nf0052000 4K r---- /usr/lib/i386-linux-gnu/libICE.so.6.3.0\nf0053000 4K rw--- /usr/lib/i386-linux-gnu/libICE.so.6.3.0\nf0054000 8K rw--- [ anon ]\nf0056000 32K r-x-- /usr/lib/i386-linux-gnu/libSM.so.6.0.1\nf005e000 4K r---- /usr/lib/i386-linux-gnu/libSM.so.6.0.1\nf005f000 4K rw--- /usr/lib/i386-linux-gnu/libSM.so.6.0.1\nf0060000 144K r-x-- /usr/lib/i386-linux-gnu/libxcb.so.1.1.0\nf0084000 4K r---- /usr/lib/i386-linux-gnu/libxcb.so.1.1.0\nf0085000 4K rw--- /usr/lib/i386-linux-gnu/libxcb.so.1.1.0\nf0086000 36K r-x-- /usr/lib/i386-linux-gnu/libxcb-render.so.0.0.0\nf008f000 4K r---- /usr/lib/i386-linux-gnu/libxcb-render.so.0.0.0\nf0090000 4K rw--- /usr/lib/i386-linux-gnu/libxcb-render.so.0.0.0\nf0091000 8K r-x-- /usr/lib/i386-linux-gnu/libxcb-shm.so.0.0.0\nf0093000 4K r---- /usr/lib/i386-linux-gnu/libxcb-shm.so.0.0.0\nf0094000 4K rw--- /usr/lib/i386-linux-gnu/libxcb-shm.so.0.0.0\nf0095000 712K r-x-- /usr/lib/i386-linux-gnu/libpixman-1.so.0.32.6\nf0147000 24K r---- /usr/lib/i386-linux-gnu/libpixman-1.so.0.32.6\nf014d000 4K rw--- /usr/lib/i386-linux-gnu/libpixman-1.so.0.32.6\nf014e000 32K r-x-- /usr/lib/i386-linux-gnu/libthai.so.0.2.0\nf0156000 4K r---- /usr/lib/i386-linux-gnu/libthai.so.0.2.0\nf0157000 4K rw--- /usr/lib/i386-linux-gnu/libthai.so.0.2.0\nf0158000 40K r-x-- /usr/lib/i386-linux-gnu/libXcursor.so.1.0.2\nf0162000 4K r---- /usr/lib/i386-linux-gnu/libXcursor.so.1.0.2\nf0163000 4K rw--- /usr/lib/i386-linux-gnu/libXcursor.so.1.0.2\nf0164000 40K r-x-- /usr/lib/i386-linux-gnu/libXrandr.so.2.2.0\nf016e000 4K r---- /usr/lib/i386-linux-gnu/libXrandr.so.2.2.0\nf016f000 4K rw--- /usr/lib/i386-linux-gnu/libXrandr.so.2.2.0\nf0170000 68K r-x-- /usr/lib/i386-linux-gnu/libXi.so.6.1.0\nf0181000 4K r---- /usr/lib/i386-linux-gnu/libXi.so.6.1.0\nf0182000 4K rw--- /usr/lib/i386-linux-gnu/libXi.so.6.1.0\nf0183000 8K r-x-- /usr/lib/i386-linux-gnu/libXinerama.so.1.0.0\nf0185000 4K r---- /usr/lib/i386-linux-gnu/libXinerama.so.1.0.0\nf0186000 4K rw--- /usr/lib/i386-linux-gnu/libXinerama.so.1.0.0\nf0187000 364K r-x-- /usr/lib/i386-linux-gnu/libharfbuzz.so.0.935.0\nf01e2000 4K r---- /usr/lib/i386-linux-gnu/libharfbuzz.so.0.935.0\nf01e3000 4K rw--- /usr/lib/i386-linux-gnu/libharfbuzz.so.0.935.0\nf01e4000 76K r-x-- /lib/i386-linux-gnu/libresolv-2.19.so\nf01f7000 8K r---- /lib/i386-linux-gnu/libresolv-2.19.so\nf01f9000 4K rw--- /lib/i386-linux-gnu/libresolv-2.19.so\nf01fa000 8K rw--- [ anon ]\nf01fc000 148K r-x-- /lib/i386-linux-gnu/libselinux.so.1\nf0221000 4K r---- /lib/i386-linux-gnu/libselinux.so.1\nf0222000 4K rw--- /lib/i386-linux-gnu/libselinux.so.1\nf0223000 4K rw--- [ anon ]\nf0224000 20K r-x-- /usr/lib/i386-linux-gnu/libXfixes.so.3.1.0\nf0229000 4K r---- /usr/lib/i386-linux-gnu/libXfixes.so.3.1.0\nf022a000 4K rw--- /usr/lib/i386-linux-gnu/libXfixes.so.3.1.0\nf022b000 8K r-x-- /usr/lib/i386-linux-gnu/libXdamage.so.1.1.0\nf022d000 4K r---- /usr/lib/i386-linux-gnu/libXdamage.so.1.1.0\nf022e000 4K rw--- /usr/lib/i386-linux-gnu/libXdamage.so.1.1.0\nf022f000 8K r-x-- /usr/lib/i386-linux-gnu/libXcomposite.so.1.0.0\nf0231000 4K r---- /usr/lib/i386-linux-gnu/libXcomposite.so.1.0.0\nf0232000 4K rw--- /usr/lib/i386-linux-gnu/libXcomposite.so.1.0.0\nf0233000 448K r-x-- /lib/i386-linux-gnu/libpcre.so.3.13.1\nf02a3000 8K r---- /lib/i386-linux-gnu/libpcre.so.3.13.1\nf02a5000 4K rw--- /lib/i386-linux-gnu/libpcre.so.3.13.1\nf02a6000 152K r-x-- /lib/i386-linux-gnu/libexpat.so.1.6.0\nf02cc000 8K r---- /lib/i386-linux-gnu/libexpat.so.1.6.0\nf02ce000 4K rw--- /lib/i386-linux-gnu/libexpat.so.1.6.0\nf02cf000 172K r-x-- /lib/i386-linux-gnu/libpng12.so.0.50.0\nf02fa000 4K r---- /lib/i386-linux-gnu/libpng12.so.0.50.0\nf02fb000 4K rw--- /lib/i386-linux-gnu/libpng12.so.0.50.0\nf02fc000 104K r-x-- /lib/i386-linux-gnu/libz.so.1.2.8\nf0316000 8K r---- /lib/i386-linux-gnu/libz.so.1.2.8\nf0318000 4K rw--- /lib/i386-linux-gnu/libz.so.1.2.8\nf0319000 392K r-x-- /usr/lib/i386-linux-gnu/libXt.so.6.0.0\nf037b000 4K r---- /usr/lib/i386-linux-gnu/libXt.so.6.0.0\nf037c000 12K rw--- /usr/lib/i386-linux-gnu/libXt.so.6.0.0\nf037f000 4K rw--- [ anon ]\nf0380000 76K r-x-- /usr/lib/i386-linux-gnu/libXext.so.6.4.0\nf0393000 4K r---- /usr/lib/i386-linux-gnu/libXext.so.6.4.0\nf0394000 4K rw--- /usr/lib/i386-linux-gnu/libXext.so.6.4.0\nf0395000 1332K r-x-- /usr/lib/i386-linux-gnu/libX11.so.6.3.0\nf04e2000 8K r---- /usr/lib/i386-linux-gnu/libX11.so.6.3.0\nf04e4000 12K rw--- /usr/lib/i386-linux-gnu/libX11.so.6.3.0\nf04e7000 1300K r-x-- /usr/lib/i386-linux-gnu/libcairo.so.2.11400.0\nf062c000 8K r---- /usr/lib/i386-linux-gnu/libcairo.so.2.11400.0\nf062e000 4K rw--- /usr/lib/i386-linux-gnu/libcairo.so.2.11400.0\nf062f000 4K rw--- [ anon ]\nf0630000 320K r-x-- /usr/lib/i386-linux-gnu/libpango-1.0.so.0.3600.8\nf0680000 4K r---- /usr/lib/i386-linux-gnu/libpango-1.0.so.0.3600.8\nf0681000 4K rw--- /usr/lib/i386-linux-gnu/libpango-1.0.so.0.3600.8\nf0682000 156K r-x-- /usr/lib/i386-linux-gnu/libgdk_pixbuf-2.0.so.0.3100.1\nf06a9000 4K r---- /usr/lib/i386-linux-gnu/libgdk_pixbuf-2.0.so.0.3100.1\nf06aa000 4K rw--- /usr/lib/i386-linux-gnu/libgdk_pixbuf-2.0.so.0.3100.1\nf06ab000 48K r-x-- /usr/lib/i386-linux-gnu/libpangocairo-1.0.so.0.3600.8\nf06b7000 4K r---- /usr/lib/i386-linux-gnu/libpangocairo-1.0.so.0.3600.8\nf06b8000 4K rw--- /usr/lib/i386-linux-gnu/libpangocairo-1.0.so.0.3600.8\nf06b9000 756K r-x-- /usr/lib/i386-linux-gnu/libgdk-x11-2.0.so.0.2400.25\nf0776000 12K r---- /usr/lib/i386-linux-gnu/libgdk-x11-2.0.so.0.2400.25\nf0779000 4K rw--- /usr/lib/i386-linux-gnu/libgdk-x11-2.0.so.0.2400.25\nf077a000 88K r-x-- /usr/lib/i386-linux-gnu/libpangoft2-1.0.so.0.3600.8\nf0790000 4K r---- /usr/lib/i386-linux-gnu/libpangoft2-1.0.so.0.3600.8\nf0791000 4K rw--- /usr/lib/i386-linux-gnu/libpangoft2-1.0.so.0.3600.8\nf0792000 1732K r-x-- /usr/lib/i386-linux-gnu/libgio-2.0.so.0.4200.1\nf0943000 12K r---- /usr/lib/i386-linux-gnu/libgio-2.0.so.0.4200.1\nf0946000 4K rw--- /usr/lib/i386-linux-gnu/libgio-2.0.so.0.4200.1\nf0947000 4K rw--- [ anon ]\nf0948000 148K r-x-- /usr/lib/i386-linux-gnu/libatk-1.0.so.0.21409.1\nf096d000 8K r---- /usr/lib/i386-linux-gnu/libatk-1.0.so.0.21409.1\nf096f000 4K rw--- /usr/lib/i386-linux-gnu/libatk-1.0.so.0.21409.1\nf0970000 5056K r-x-- /usr/lib/i386-linux-gnu/libgtk-x11-2.0.so.0.2400.25\nf0e60000 16K r---- /usr/lib/i386-linux-gnu/libgtk-x11-2.0.so.0.2400.25\nf0e64000 8K rw--- /usr/lib/i386-linux-gnu/libgtk-x11-2.0.so.0.2400.25\nf0e66000 8K rw--- [ anon ]\nf0e68000 1176K r-x-- /lib/i386-linux-gnu/libglib-2.0.so.0.4200.1\nf0f8e000 4K r---- /lib/i386-linux-gnu/libglib-2.0.so.0.4200.1\nf0f8f000 4K rw--- /lib/i386-linux-gnu/libglib-2.0.so.0.4200.1\nf0f90000 368K r-x-- /usr/lib/i386-linux-gnu/libgobject-2.0.so.0.4200.1\nf0fec000 4K r---- /usr/lib/i386-linux-gnu/libgobject-2.0.so.0.4200.1\nf0fed000 4K rw--- /usr/lib/i386-linux-gnu/libgobject-2.0.so.0.4200.1\nf0fee000 336K r-x-- /lib/i386-linux-gnu/libdbus-1.so.3.8.13\nf1042000 8K r---- /lib/i386-linux-gnu/libdbus-1.so.3.8.13\nf1044000 4K rw--- /lib/i386-linux-gnu/libdbus-1.so.3.8.13\nf1045000 148K r-x-- /usr/lib/i386-linux-gnu/libdbus-glib-1.so.2.2.2\nf106a000 4K r---- /usr/lib/i386-linux-gnu/libdbus-glib-1.so.2.2.2\nf106b000 4K rw--- /usr/lib/i386-linux-gnu/libdbus-glib-1.so.2.2.2\nf106c000 1036K r-x-- /usr/lib/i386-linux-gnu/libasound.so.2.0.0\nf116f000 16K r---- /usr/lib/i386-linux-gnu/libasound.so.2.0.0\nf1173000 4K rw--- /usr/lib/i386-linux-gnu/libasound.so.2.0.0\nf1174000 40K r-x-- /usr/lib/i386-linux-gnu/libXrender.so.1.3.0\nf117e000 4K r---- /usr/lib/i386-linux-gnu/libXrender.so.1.3.0\nf117f000 4K rw--- /usr/lib/i386-linux-gnu/libXrender.so.1.3.0\nf1180000 256K r-x-- /usr/lib/i386-linux-gnu/libfontconfig.so.1.8.0\nf11c0000 4K r---- /usr/lib/i386-linux-gnu/libfontconfig.so.1.8.0\nf11c1000 4K rw--- /usr/lib/i386-linux-gnu/libfontconfig.so.1.8.0\nf11c2000 692K r-x-- /usr/lib/i386-linux-gnu/libfreetype.so.6.11.1\nf126f000 16K r---- /usr/lib/i386-linux-gnu/libfreetype.so.6.11.1\nf1273000 4K rw--- /usr/lib/i386-linux-gnu/libfreetype.so.6.11.1\nf1274000 4K r-x-- /usr/lib/i386-linux-gnu/libX11-xcb.so.1.0.0\nf1275000 4K r---- /usr/lib/i386-linux-gnu/libX11-xcb.so.1.0.0\nf1276000 4K rw--- /usr/lib/i386-linux-gnu/libX11-xcb.so.1.0.0\nf1277000 4K ----- [ anon ]\nf1278000 4K r-x-- /usr/lib/i386-linux-gnu/gtk-2.0/modules/libatk-bridge.so\nf1279000 4K r---- /usr/lib/i386-linux-gnu/gtk-2.0/modules/libatk-bridge.so\nf127a000 4K rw--- /usr/lib/i386-linux-gnu/gtk-2.0/modules/libatk-bridge.so\nf127b000 8K r-x-- /usr/lib/i386-linux-gnu/gtk-2.0/2.10.0/engines/libadwaita.so\nf127d000 4K r---- /usr/lib/i386-linux-gnu/gtk-2.0/2.10.0/engines/libadwaita.so\nf127e000 4K rw--- /usr/lib/i386-linux-gnu/gtk-2.0/2.10.0/engines/libadwaita.so\nf127f000 4K r---- /usr/lib/locale/zu_ZA.utf8/LC_NUMERIC\nf1280000 4K r---- /usr/lib/locale/en_US.utf8/LC_TIME\nf1281000 4K r---- /usr/lib/locale/en_US.utf8/LC_MONETARY\nf1282000 4K r---- /usr/lib/locale/ug_CN/LC_MESSAGES/SYS_LC_MESSAGES\nf1283000 4K r---- /usr/lib/locale/yi_US.utf8/LC_PAPER\nf1284000 28K r--s- /usr/lib/i386-linux-gnu/gconv/gconv-modules.cache\nf128b000 91548K r-x-- /usr/local/lib/tor-browser/libxul.so\nf6bf2000 2612K r---- /usr/local/lib/tor-browser/libxul.so\nf6e7f000 348K rw--- /usr/local/lib/tor-browser/libxul.so\nf6ed6000 196K rw--- [ anon ]\nf6f07000 748K r-x-- /usr/local/lib/tor-browser/libmozsqlite3.so\nf6fc2000 8K r---- /usr/local/lib/tor-browser/libmozsqlite3.so\nf6fc4000 8K rw--- /usr/local/lib/tor-browser/libmozsqlite3.so\nf6fc6000 204K r-x-- /usr/local/lib/tor-browser/libssl3.so\nf6ff9000 4K ----- /usr/local/lib/tor-browser/libssl3.so\nf6ffa000 8K r---- /usr/local/lib/tor-browser/libssl3.so\nf6ffc000 4K rw--- /usr/local/lib/tor-browser/libssl3.so\nf6ffd000 116K r-x-- /usr/local/lib/tor-browser/libsmime3.so\nf701a000 4K ----- /usr/local/lib/tor-browser/libsmime3.so\nf701b000 8K r---- /usr/local/lib/tor-browser/libsmime3.so\nf701d000 4K rw--- /usr/local/lib/tor-browser/libsmime3.so\nf701e000 880K r-x-- /usr/local/lib/tor-browser/libnss3.so\nf70fa000 4K ----- /usr/local/lib/tor-browser/libnss3.so\nf70fb000 12K r---- /usr/local/lib/tor-browser/libnss3.so\nf70fe000 4K rw--- /usr/local/lib/tor-browser/libnss3.so\nf70ff000 2052K rw--- [ anon ]\nf7300000 4K r---- /usr/lib/locale/yi_US.utf8/LC_NAME\nf7301000 4K r---- /usr/lib/locale/en_US.utf8/LC_ADDRESS\nf7302000 24K r-x-- /usr/lib/i386-linux-gnu/libffi.so.6.0.2\nf7308000 4K r---- /usr/lib/i386-linux-gnu/libffi.so.6.0.2\nf7309000 4K rw--- /usr/lib/i386-linux-gnu/libffi.so.6.0.2\nf730a000 40K r-x-- /usr/local/lib/tor-browser/liblgpllibs.so\nf7314000 4K r---- /usr/local/lib/tor-browser/liblgpllibs.so\nf7315000 4K rw--- /usr/local/lib/tor-browser/liblgpllibs.so\nf7316000 120K r-x-- /usr/local/lib/tor-browser/libnssutil3.so\nf7334000 4K ----- /usr/local/lib/tor-browser/libnssutil3.so\nf7335000 12K r---- /usr/local/lib/tor-browser/libnssutil3.so\nf7338000 4K rw--- /usr/local/lib/tor-browser/libnssutil3.so\nf7339000 304K r-x-- /usr/local/lib/tor-browser/libnspr4.so\nf7385000 4K ----- /usr/local/lib/tor-browser/libnspr4.so\nf7386000 4K r---- /usr/local/lib/tor-browser/libnspr4.so\nf7387000 4K rw--- /usr/local/lib/tor-browser/libnspr4.so\nf7388000 20K rw--- [ anon ]\nf738d000 1464K r-x-- /lib/i386-linux-gnu/libc-2.19.so\nf74fb000 8K r---- /lib/i386-linux-gnu/libc-2.19.so\nf74fd000 4K rw--- /lib/i386-linux-gnu/libc-2.19.so\nf74fe000 12K rw--- [ anon ]\nf7501000 112K r-x-- /lib/i386-linux-gnu/libgcc_s.so.1\nf751d000 4K rw--- /lib/i386-linux-gnu/libgcc_s.so.1\nf751e000 268K r-x-- /lib/i386-linux-gnu/libm-2.19.so\nf7561000 4K r---- /lib/i386-linux-gnu/libm-2.19.so\nf7562000 4K rw--- /lib/i386-linux-gnu/libm-2.19.so\nf7563000 1600K r-x-- /usr/local/lib/tor-browser/libstdc++.so.6\nf76f3000 24K r---- /usr/local/lib/tor-browser/libstdc++.so.6\nf76f9000 4K rw--- /usr/local/lib/tor-browser/libstdc++.so.6\nf76fa000 8K rw--- [ anon ]\nf76fc000 28K r-x-- /lib/i386-linux-gnu/librt-2.19.so\nf7703000 4K r---- /lib/i386-linux-gnu/librt-2.19.so\nf7704000 4K rw--- /lib/i386-linux-gnu/librt-2.19.so\nf7705000 12K r-x-- /lib/i386-linux-gnu/libdl-2.19.so\nf7708000 4K r---- /lib/i386-linux-gnu/libdl-2.19.so\nf7709000 4K rw--- /lib/i386-linux-gnu/libdl-2.19.so\nf770a000 92K r-x-- /lib/i386-linux-gnu/libpthread-2.19.so\nf7721000 4K r---- /lib/i386-linux-gnu/libpthread-2.19.so\nf7722000 4K rw--- /lib/i386-linux-gnu/libpthread-2.19.so\nf7723000 8K rw--- [ anon ]\nf7725000 4K r---- /usr/lib/locale/yi_US.utf8/LC_TELEPHONE\nf7726000 4K r---- /usr/lib/locale/yi_US.utf8/LC_MEASUREMENT\nf7727000 12K r-x-- /usr/lib/i386-linux-gnu/libgmodule-2.0.so.0.4200.1\nf772a000 4K r---- /usr/lib/i386-linux-gnu/libgmodule-2.0.so.0.4200.1\nf772b000 4K rw--- /usr/lib/i386-linux-gnu/libgmodule-2.0.so.0.4200.1\nf772c000 4K r-x-- /usr/lib/i386-linux-gnu/libgthread-2.0.so.0.4200.1\nf772d000 4K r---- /usr/lib/i386-linux-gnu/libgthread-2.0.so.0.4200.1\nf772e000 4K rw--- /usr/lib/i386-linux-gnu/libgthread-2.0.so.0.4200.1\nf772f000 12K r-x-- /usr/local/lib/tor-browser/libplds4.so\nf7732000 4K r---- /usr/local/lib/tor-browser/libplds4.so\nf7733000 4K rw--- /usr/local/lib/tor-browser/libplds4.so\nf7734000 20K r-x-- /usr/local/lib/tor-browser/libplc4.so\nf7739000 4K r---- /usr/local/lib/tor-browser/libplc4.so\nf773a000 4K rw--- /usr/local/lib/tor-browser/libplc4.so\nf773b000 4K r---- /usr/lib/locale/en_US.utf8/LC_IDENTIFICATION\nf773c000 8K rw--- [ anon ]\nf773e000 4K r-x-- [ anon ]\nf773f000 8K r---- [ anon ]\nf7741000 124K r-x-- /lib/i386-linux-gnu/ld-2.19.so\nf7760000 4K r---- /lib/i386-linux-gnu/ld-2.19.so\nf7761000 4K rw--- /lib/i386-linux-gnu/ld-2.19.so\nf7762000 148K r-x-- /usr/local/lib/tor-browser/firefox-unconfined\nf7787000 4K rw--- [ anon ]\nf7788000 4K r---- /usr/local/lib/tor-browser/firefox-unconfined\nf7789000 4K rw--- /usr/local/lib/tor-browser/firefox-unconfined\nffdba000 128K rwx-- [ stack ]\nffdda000 4K rw--- [ anon ]\n total 351856K\n", ""] calling as root: find /usr/lib /lib -name "libfreebl3.so" call returned: [0, "/usr/lib/i386-linux-gnu/nss/libfreebl3.so\n/usr/lib/icedove/libfreebl3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/i386-linux-gnu/nss/libfreebl3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/icedove/libfreebl3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/local/lib/tor-browser/libfreebl3.so\n", ""] calling as root: find /usr/lib /lib -name "liblgpllibs.so" call returned: [0, "/lib/live/mount/rootfs/filesystem.squashfs/usr/local/lib/tor-browser/liblgpllibs.so\n", ""] calling as root: find /usr/lib /lib -name "libmozsqlite3.so" call returned: [0, "/lib/live/mount/rootfs/filesystem.squashfs/usr/local/lib/tor-browser/libmozsqlite3.so\n", ""] calling as root: find /usr/lib /lib -name "libnspr4.so" call returned: [0, "/usr/lib/i386-linux-gnu/libnspr4.so\n/usr/lib/icedove/libnspr4.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/i386-linux-gnu/libnspr4.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/icedove/libnspr4.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/local/lib/tor-browser/libnspr4.so\n", ""] calling as root: find /usr/lib /lib -name "libnss3.so" call returned: [0, "/usr/lib/i386-linux-gnu/libnss3.so\n/usr/lib/icedove/libnss3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/i386-linux-gnu/libnss3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/icedove/libnss3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/local/lib/tor-browser/libnss3.so\n", ""] calling as root: find /usr/lib /lib -name "libnssckbi.so" call returned: [0, "/usr/lib/i386-linux-gnu/nss/libnssckbi.so\n/usr/lib/icedove/libnssckbi.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/i386-linux-gnu/nss/libnssckbi.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/icedove/libnssckbi.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/local/lib/tor-browser/libnssckbi.so\n", ""] calling as root: find /usr/lib /lib -name "libnssdbm3.so" call returned: [0, "/usr/lib/i386-linux-gnu/nss/libnssdbm3.so\n/usr/lib/icedove/libnssdbm3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/i386-linux-gnu/nss/libnssdbm3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/icedove/libnssdbm3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/local/lib/tor-browser/libnssdbm3.so\n", ""] calling as root: find /usr/lib /lib -name "libnssutil3.so" call returned: [0, "/usr/lib/i386-linux-gnu/libnssutil3.so\n/usr/lib/icedove/libnssutil3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/i386-linux-gnu/libnssutil3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/icedove/libnssutil3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/local/lib/tor-browser/libnssutil3.so\n", ""] calling as root: find /usr/lib /lib -name "libplc4.so" call returned: [0, "/usr/lib/i386-linux-gnu/libplc4.so\n/usr/lib/icedove/libplc4.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/i386-linux-gnu/libplc4.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/icedove/libplc4.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/local/lib/tor-browser/libplc4.so\n", ""] calling as root: find /usr/lib /lib -name "libplds4.so" call returned: [0, "/usr/lib/i386-linux-gnu/libplds4.so\n/usr/lib/icedove/libplds4.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/i386-linux-gnu/libplds4.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/icedove/libplds4.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/local/lib/tor-browser/libplds4.so\n", ""] calling as root: find /usr/lib /lib -name "libsmime3.so" call returned: [0, "/usr/lib/i386-linux-gnu/libsmime3.so\n/usr/lib/icedove/libsmime3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/i386-linux-gnu/libsmime3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/icedove/libsmime3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/local/lib/tor-browser/libsmime3.so\n", ""] calling as root: find /usr/lib /lib -name "libsoftokn3.so" call returned: [0, "/usr/lib/i386-linux-gnu/nss/libsoftokn3.so\n/usr/lib/icedove/libsoftokn3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/i386-linux-gnu/nss/libsoftokn3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/icedove/libsoftokn3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/local/lib/tor-browser/libsoftokn3.so\n", ""] calling as root: find /usr/lib /lib -name "libssl3.so" call returned: [0, "/usr/lib/i386-linux-gnu/libssl3.so\n/usr/lib/icedove/libssl3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/i386-linux-gnu/libssl3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/icedove/libssl3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/local/lib/tor-browser/libssl3.so\n", ""] calling as root: find /usr/lib /lib -name "libxul.so" call returned: [0, "/usr/lib/icedove/libxul.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/icedove/libxul.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/local/lib/tor-browser/libxul.so\n", ""] And the Tor Launcher uses all expected TBB shared libraries # features/step_definitions/browser.rb:162 Scenario: Using bridges # features/tor_bridges.feature:14 [log] CLICK on (239,455) [log] CLICK on (243,305) [log] CLICK on (791,624) [log] CLICK on (301,326) [log] TYPE "bridge 10.2.1.1:5037 E39C54F534D4F7D7EEC4BD3D0CC3DEAE367AD8F0 " [log] TYPE "bridge 10.2.1.1:5036 C0358A7C33A1B3BBE329D8BAAD1B44531E668B8F " [log] TYPE "bridge 10.2.1.1:5035 4FE053E2EADDA7EAF5A97B7D31C41D7733F16693 " [log] CLICK on (791,624) [log] CLICK on (791,624) When I configure some bridge pluggable transports in Tor Launcher # features/step_definitions/tor.rb:339 calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [0, "", ""] calling as root: test -e /var/run/tordate/done call returned: [1, "", ""] calling as root: test -e /var/run/tordate/done call returned: [0, "", ""] calling as root: test -e /var/run/htpdate/success call returned: [1, "", ""] calling as root: test -e /var/run/htpdate/success call returned: [1, "", ""] calling as root: test -e /var/run/htpdate/success call returned: [0, "", ""] calling as root: systemctl is-system-running call returned: [0, "running\n", ""] Then Tor is ready # features/step_definitions/common_steps.rb:373 calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [0, "", ""] And available upgrades have been checked # features/step_definitions/common_steps.rb:392 And all Internet traffic has only flowed through the configured pluggable transports # features/step_definitions/tor.rb:390 Scenario: Using obfs4 pluggable transports # features/tor_bridges.feature:20 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [1, "", ""] calling as root: date -s '@1465816822' call returned: [0, "Mon Jun 13 11:20:22 UTC 2016\n", ""] calling as root: . /usr/local/lib/tails-shell-library/tor-browser.sh && echo ${TBB_INSTALL}/firefox call returned: [0, "/usr/local/lib/tor-browser/firefox\n", ""] calling as root: . /usr/local/lib/tails-shell-library/tor-browser.sh && echo ${TOR_LAUNCHER_INSTALL} call returned: [0, "/usr/local/lib/tor-launcher-standalone\n", ""] calling as root: pgrep --uid tor-launcher --full --exact '/usr/local/lib/tor-browser/firefox-unconfined +-app /usr/local/lib/tor-launcher-standalone/application.ini.*' call returned: [0, "2930\n", ""] calling as root: . /usr/local/lib/tails-shell-library/tor-browser.sh && ls -1 ${TBB_INSTALL}/*.so call returned: [0, "/usr/local/lib/tor-browser/libfreebl3.so\n/usr/local/lib/tor-browser/liblgpllibs.so\n/usr/local/lib/tor-browser/libmozsqlite3.so\n/usr/local/lib/tor-browser/libnspr4.so\n/usr/local/lib/tor-browser/libnss3.so\n/usr/local/lib/tor-browser/libnssckbi.so\n/usr/local/lib/tor-browser/libnssdbm3.so\n/usr/local/lib/tor-browser/libnssutil3.so\n/usr/local/lib/tor-browser/libplc4.so\n/usr/local/lib/tor-browser/libplds4.so\n/usr/local/lib/tor-browser/libsmime3.so\n/usr/local/lib/tor-browser/libsoftokn3.so\n/usr/local/lib/tor-browser/libssl3.so\n/usr/local/lib/tor-browser/libxul.so\n", ""] calling as root: pmap --show-path 2930 call returned: [0, "2930: /usr/local/lib/tor-browser/firefox-unconfined -app /usr/local/lib/tor-launcher-standalone/application.ini -profile /home/tor-launcher/.tor-launcher/profile.default\ne2700000 1024K rw--- [ anon ]\ne28e0000 128K rwx-- [ anon ]\ne2900000 2048K rw--- [ anon ]\ne2b07000 208K r-x-- /usr/lib/i386-linux-gnu/libgconf-2.so.4.1.5\ne2b3b000 4K r---- /usr/lib/i386-linux-gnu/libgconf-2.so.4.1.5\ne2b3c000 4K rw--- /usr/lib/i386-linux-gnu/libgconf-2.so.4.1.5\ne2b44000 64K rwx-- [ anon ]\ne2b54000 572K r---- /usr/local/lib/tor-browser/fonts/Arimo-Bold.ttf\ne2be3000 572K r---- /usr/local/lib/tor-browser/fonts/Arimo-Bold.ttf\ne2c72000 568K r---- /usr/local/lib/tor-browser/fonts/Arimo-Regular.ttf\ne2d00000 4K ----- [ anon ]\ne2d01000 1020K rwx-- [ anon ]\ne2e00000 1024K rw--- [ anon ]\ne2f00000 4K ----- [ anon ]\ne2f01000 8188K rwx-- [ anon ]\ne3700000 4K ----- [ anon ]\ne3701000 8188K rwx-- [ anon ]\ne3f00000 4K ----- [ anon ]\ne3f01000 8188K rwx-- [ anon ]\ne4700000 4K ----- [ anon ]\ne4701000 8188K rwx-- [ anon ]\ne4f00000 4K ----- [ anon ]\ne4f01000 8188K rwx-- [ anon ]\ne5700000 4K ----- [ anon ]\ne5701000 8188K rwx-- [ anon ]\ne5f00000 1024K rw--- [ anon ]\ne6008000 568K r---- /usr/local/lib/tor-browser/fonts/Arimo-Regular.ttf\ne6096000 64K rwx-- [ anon ]\ne60a6000 120K r--s- /usr/share/mime/mime.cache\ne60c4000 64K rwx-- [ anon ]\ne60d4000 84K r--s- /home/tor-launcher/.cache/fontconfig/42f746296937150ee8e3c23c67344d6d-le32d4.cache-4\ne60e9000 64K rwx-- [ anon ]\ne60f9000 4K ----- [ anon ]\ne60fa000 8188K rwx-- [ anon ]\ne68f9000 172K r-x-- /usr/lib/i386-linux-gnu/libvorbis.so.0.4.7\ne6924000 4K r---- /usr/lib/i386-linux-gnu/libvorbis.so.0.4.7\ne6925000 4K rw--- /usr/lib/i386-linux-gnu/libvorbis.so.0.4.7\ne6926000 72K r-x-- /lib/i386-linux-gnu/libgpg-error.so.0.13.0\ne6938000 4K r---- /lib/i386-linux-gnu/libgpg-error.so.0.13.0\ne6939000 4K rw--- /lib/i386-linux-gnu/libgpg-error.so.0.13.0\ne693a000 496K r-x-- /usr/lib/i386-linux-gnu/libvorbisenc.so.2.0.10\ne69b6000 72K r---- /usr/lib/i386-linux-gnu/libvorbisenc.so.2.0.10\ne69c8000 4K rw--- /usr/lib/i386-linux-gnu/libvorbisenc.so.2.0.10\ne69c9000 212K r-x-- /usr/lib/i386-linux-gnu/libFLAC.so.8.3.0\ne69fe000 4K r---- /usr/lib/i386-linux-gnu/libFLAC.so.8.3.0\ne69ff000 4K rw--- /usr/lib/i386-linux-gnu/libFLAC.so.8.3.0\ne6a00000 4K ----- [ anon ]\ne6a01000 8188K rwx-- [ anon ]\ne7200000 4K ----- [ anon ]\ne7201000 8188K rwx-- [ anon ]\ne7a00000 4K ----- [ anon ]\ne7a01000 8188K rwx-- [ anon ]\ne8200000 4K ----- [ anon ]\ne8201000 8188K rwx-- [ anon ]\ne8a00000 4K ----- [ anon ]\ne8a01000 8188K rwx-- [ anon ]\ne9200000 8192K rw--- [ anon ]\ne9a00000 4K ----- [ anon ]\ne9a01000 8188K rwx-- [ anon ]\nea200000 5120K rw--- [ anon ]\nea706000 28K r-x-- /usr/lib/i386-linux-gnu/libogg.so.0.8.2\nea70d000 4K r---- /usr/lib/i386-linux-gnu/libogg.so.0.8.2\nea70e000 4K rw--- /usr/lib/i386-linux-gnu/libogg.so.0.8.2\nea70f000 84K r-x-- /lib/i386-linux-gnu/libnsl-2.19.so\nea724000 4K r---- /lib/i386-linux-gnu/libnsl-2.19.so\nea725000 4K rw--- /lib/i386-linux-gnu/libnsl-2.19.so\nea726000 8K rw--- [ anon ]\nea728000 692K r-x-- /lib/i386-linux-gnu/libgcrypt.so.20.0.3\nea7d5000 4K r---- /lib/i386-linux-gnu/libgcrypt.so.20.0.3\nea7d6000 12K rw--- /lib/i386-linux-gnu/libgcrypt.so.20.0.3\nea7d9000 152K r-x-- /lib/i386-linux-gnu/liblzma.so.5.0.0\nea7ff000 8K r---- /lib/i386-linux-gnu/liblzma.so.5.0.0\nea801000 4K rw--- /lib/i386-linux-gnu/liblzma.so.5.0.0\nea802000 16K r-x-- /lib/i386-linux-gnu/libattr.so.1.1.0\nea806000 4K r---- /lib/i386-linux-gnu/libattr.so.1.1.0\nea807000 4K rw--- /lib/i386-linux-gnu/libattr.so.1.1.0\nea808000 20K r-x-- /usr/lib/i386-linux-gnu/libasyncns.so.0.3.1\nea80d000 4K r---- /usr/lib/i386-linux-gnu/libasyncns.so.0.3.1\nea80e000 4K rw--- /usr/lib/i386-linux-gnu/libasyncns.so.0.3.1\nea80f000 456K r-x-- /usr/lib/i386-linux-gnu/libsndfile.so.1.0.25\nea881000 8K r---- /usr/lib/i386-linux-gnu/libsndfile.so.1.0.25\nea883000 4K rw--- /usr/lib/i386-linux-gnu/libsndfile.so.1.0.25\nea884000 16K rw--- [ anon ]\nea888000 156K r-x-- /lib/i386-linux-gnu/libsystemd.so.0.3.1\nea8af000 4K r---- /lib/i386-linux-gnu/libsystemd.so.0.3.1\nea8b0000 4K rw--- /lib/i386-linux-gnu/libsystemd.so.0.3.1\nea8b1000 512K r-x-- /usr/lib/i386-linux-gnu/pulseaudio/libpulsecommon-5.0.so\nea931000 4K r---- /usr/lib/i386-linux-gnu/pulseaudio/libpulsecommon-5.0.so\nea932000 4K rw--- /usr/lib/i386-linux-gnu/pulseaudio/libpulsecommon-5.0.so\nea933000 344K r-x-- /usr/lib/i386-linux-gnu/libpulse.so.0.17.3\nea989000 4K r---- /usr/lib/i386-linux-gnu/libpulse.so.0.17.3\nea98a000 4K rw--- /usr/lib/i386-linux-gnu/libpulse.so.0.17.3\nea98b000 396K r-x-- /usr/local/lib/tor-browser/libnssckbi.so\nea9ee000 48K r---- /usr/local/lib/tor-browser/libnssckbi.so\nea9fa000 24K rw--- /usr/local/lib/tor-browser/libnssckbi.so\neaa00000 1024K rw--- [ anon ]\neab01000 32K r-x-- /lib/i386-linux-gnu/libwrap.so.0.7.6\neab09000 4K r---- /lib/i386-linux-gnu/libwrap.so.0.7.6\neab0a000 4K rw--- /lib/i386-linux-gnu/libwrap.so.0.7.6\neab0b000 24K r-x-- /usr/lib/i386-linux-gnu/libXtst.so.6.1.0\neab11000 4K r---- /usr/lib/i386-linux-gnu/libXtst.so.6.1.0\neab12000 4K rw--- /usr/lib/i386-linux-gnu/libXtst.so.6.1.0\neab13000 4K r-x-- /usr/lib/i386-linux-gnu/libX11-xcb.so.1.0.0\neab14000 4K r---- /usr/lib/i386-linux-gnu/libX11-xcb.so.1.0.0\neab15000 4K rw--- /usr/lib/i386-linux-gnu/libX11-xcb.so.1.0.0\neab16000 40K r-x-- /lib/i386-linux-gnu/libjson-c.so.2.0.0\neab20000 4K r---- /lib/i386-linux-gnu/libjson-c.so.2.0.0\neab21000 4K rw--- /lib/i386-linux-gnu/libjson-c.so.2.0.0\neab22000 20K r-x-- /usr/lib/i386-linux-gnu/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-png.so\neab27000 4K r---- /usr/lib/i386-linux-gnu/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-png.so\neab28000 4K rw--- /usr/lib/i386-linux-gnu/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-png.so\neab29000 64K rwx-- [ anon ]\neab39000 420K r-x-- /usr/local/lib/tor-browser/libfreebl3.so\neaba2000 4K ----- /usr/local/lib/tor-browser/libfreebl3.so\neaba3000 4K r---- /usr/local/lib/tor-browser/libfreebl3.so\neaba4000 4K rw--- /usr/local/lib/tor-browser/libfreebl3.so\neaba5000 16K rw--- [ anon ]\neaba9000 212K r-x-- /usr/local/lib/tor-browser/libsoftokn3.so\neabde000 4K r---- /usr/local/lib/tor-browser/libsoftokn3.so\neabdf000 4K rw--- /usr/local/lib/tor-browser/libsoftokn3.so\neabe0000 4K ----- [ anon ]\neabe1000 124K rwx-- [ anon ]\neac00000 4K ----- [ anon ]\neac01000 8188K rwx-- [ anon ]\neb400000 3072K rw--- [ anon ]\neb700000 4K ----- [ anon ]\neb701000 8188K rwx-- [ anon ]\nebf00000 16384K rw--- [ anon ]\necf00000 4K ----- [ anon ]\necf01000 2044K rwx-- [ anon ]\ned100000 4K ----- [ anon ]\ned101000 2044K rwx-- [ anon ]\ned300000 4K ----- [ anon ]\ned301000 2044K rwx-- [ anon ]\ned500000 4K ----- [ anon ]\ned501000 2044K rwx-- [ anon ]\ned700000 4K ----- [ anon ]\ned701000 2044K rwx-- [ anon ]\ned900000 1024K rw--- [ anon ]\neda00000 112K r-x-- /usr/local/lib/tor-browser/libnssdbm3.so\neda1c000 4K ----- /usr/local/lib/tor-browser/libnssdbm3.so\neda1d000 4K r---- /usr/local/lib/tor-browser/libnssdbm3.so\neda1e000 4K rw--- /usr/local/lib/tor-browser/libnssdbm3.so\neda1f000 568K r---- /usr/local/lib/tor-browser/fonts/Arimo-Regular.ttf\nedaad000 4K ----- [ anon ]\nedaae000 8188K rwx-- [ anon ]\nee2ad000 4K ----- [ anon ]\nee2ae000 8188K rwx-- [ anon ]\neeaad000 9548K r---- /usr/local/lib/tor-browser/omni.ja\nef400000 1024K rw--- [ anon ]\nef501000 388K r-x-- /usr/lib/i386-linux-gnu/libibus-1.0.so.5.0.509\nef562000 8K r---- /usr/lib/i386-linux-gnu/libibus-1.0.so.5.0.509\nef564000 4K rw--- /usr/lib/i386-linux-gnu/libibus-1.0.so.5.0.509\nef566000 16K r-x-- /lib/i386-linux-gnu/libcap.so.2.24\nef56a000 4K r---- /lib/i386-linux-gnu/libcap.so.2.24\nef56b000 4K rw--- /lib/i386-linux-gnu/libcap.so.2.24\nef56c000 128K rwx-- [ anon ]\nef58c000 196K r-x-- /usr/lib/i386-linux-gnu/libatk-bridge-2.0.so.0.0.0\nef5bd000 4K r---- /usr/lib/i386-linux-gnu/libatk-bridge-2.0.so.0.0.0\nef5be000 4K rw--- /usr/lib/i386-linux-gnu/libatk-bridge-2.0.so.0.0.0\nef5bf000 4K rw--- [ anon ]\nef5c0000 188K r-x-- /usr/lib/i386-linux-gnu/libatspi.so.0.0.1\nef5ef000 12K r---- /usr/lib/i386-linux-gnu/libatspi.so.0.0.1\nef5f2000 4K rw--- /usr/lib/i386-linux-gnu/libatspi.so.0.0.1\nef5f3000 32K r-x-- /usr/lib/i386-linux-gnu/libgailutil.so.18.0.1\nef5fb000 4K r---- /usr/lib/i386-linux-gnu/libgailutil.so.18.0.1\nef5fc000 4K rw--- /usr/lib/i386-linux-gnu/libgailutil.so.18.0.1\nef5fe000 28K r-x-- /usr/lib/i386-linux-gnu/gtk-2.0/2.10.0/immodules/im-ibus.so\nef605000 4K r---- /usr/lib/i386-linux-gnu/gtk-2.0/2.10.0/immodules/im-ibus.so\nef606000 4K rw--- /usr/lib/i386-linux-gnu/gtk-2.0/2.10.0/immodules/im-ibus.so\nef607000 4K ----- [ anon ]\nef608000 28K rwx-- [ anon ]\nef60f000 12K r-x-- /usr/lib/i386-linux-gnu/gconv/UTF-16.so\nef612000 4K r---- /usr/lib/i386-linux-gnu/gconv/UTF-16.so\nef613000 4K rw--- /usr/lib/i386-linux-gnu/gconv/UTF-16.so\nef614000 360K r-x-- /usr/lib/i386-linux-gnu/gtk-2.0/modules/libgail.so\nef66e000 4K r---- /usr/lib/i386-linux-gnu/gtk-2.0/modules/libgail.so\nef66f000 4K rw--- /usr/lib/i386-linux-gnu/gtk-2.0/modules/libgail.so\nef670000 40K r-x-- /usr/lib/i386-linux-gnu/gtk-2.0/2.10.0/engines/libpixmap.so\nef67a000 8K r---- /usr/lib/i386-linux-gnu/gtk-2.0/2.10.0/engines/libpixmap.so\nef67c000 4K rw--- /usr/lib/i386-linux-gnu/gtk-2.0/2.10.0/engines/libpixmap.so\nef67d000 252K r---- /usr/lib/locale/zu_ZA.utf8/LC_CTYPE\nef6bc000 1216K r---- /usr/lib/locale/zu_ZA.utf8/LC_COLLATE\nef7ec000 4K ----- [ anon ]\nef7ed000 8188K rwx-- [ anon ]\neffec000 16K r-x-- /lib/i386-linux-gnu/libuuid.so.1.3.0\nefff0000 4K r---- /lib/i386-linux-gnu/libuuid.so.1.3.0\nefff1000 4K rw--- /lib/i386-linux-gnu/libuuid.so.1.3.0\nefff2000 20K r-x-- /usr/lib/i386-linux-gnu/libXdmcp.so.6.0.0\nefff7000 4K rw--- /usr/lib/i386-linux-gnu/libXdmcp.so.6.0.0\nefff8000 8K r-x-- /usr/lib/i386-linux-gnu/libXau.so.6.0.0\nefffa000 4K r---- /usr/lib/i386-linux-gnu/libXau.so.6.0.0\nefffb000 4K rw--- /usr/lib/i386-linux-gnu/libXau.so.6.0.0\nefffc000 28K r-x-- /usr/lib/i386-linux-gnu/libdatrie.so.1.3.1\nf0003000 4K r---- /usr/lib/i386-linux-gnu/libdatrie.so.1.3.1\nf0004000 4K rw--- /usr/lib/i386-linux-gnu/libdatrie.so.1.3.1\nf0005000 148K r-x-- /usr/lib/i386-linux-gnu/libgraphite2.so.3.0.1\nf002a000 8K r---- /usr/lib/i386-linux-gnu/libgraphite2.so.3.0.1\nf002c000 4K rw--- /usr/lib/i386-linux-gnu/libgraphite2.so.3.0.1\nf002d000 100K r-x-- /usr/lib/i386-linux-gnu/libICE.so.6.3.0\nf0046000 4K r---- /usr/lib/i386-linux-gnu/libICE.so.6.3.0\nf0047000 4K rw--- /usr/lib/i386-linux-gnu/libICE.so.6.3.0\nf0048000 8K rw--- [ anon ]\nf004a000 32K r-x-- /usr/lib/i386-linux-gnu/libSM.so.6.0.1\nf0052000 4K r---- /usr/lib/i386-linux-gnu/libSM.so.6.0.1\nf0053000 4K rw--- /usr/lib/i386-linux-gnu/libSM.so.6.0.1\nf0054000 144K r-x-- /usr/lib/i386-linux-gnu/libxcb.so.1.1.0\nf0078000 4K r---- /usr/lib/i386-linux-gnu/libxcb.so.1.1.0\nf0079000 4K rw--- /usr/lib/i386-linux-gnu/libxcb.so.1.1.0\nf007a000 36K r-x-- /usr/lib/i386-linux-gnu/libxcb-render.so.0.0.0\nf0083000 4K r---- /usr/lib/i386-linux-gnu/libxcb-render.so.0.0.0\nf0084000 4K rw--- /usr/lib/i386-linux-gnu/libxcb-render.so.0.0.0\nf0085000 8K r-x-- /usr/lib/i386-linux-gnu/libxcb-shm.so.0.0.0\nf0087000 4K r---- /usr/lib/i386-linux-gnu/libxcb-shm.so.0.0.0\nf0088000 4K rw--- /usr/lib/i386-linux-gnu/libxcb-shm.so.0.0.0\nf0089000 712K r-x-- /usr/lib/i386-linux-gnu/libpixman-1.so.0.32.6\nf013b000 24K r---- /usr/lib/i386-linux-gnu/libpixman-1.so.0.32.6\nf0141000 4K rw--- /usr/lib/i386-linux-gnu/libpixman-1.so.0.32.6\nf0142000 32K r-x-- /usr/lib/i386-linux-gnu/libthai.so.0.2.0\nf014a000 4K r---- /usr/lib/i386-linux-gnu/libthai.so.0.2.0\nf014b000 4K rw--- /usr/lib/i386-linux-gnu/libthai.so.0.2.0\nf014c000 40K r-x-- /usr/lib/i386-linux-gnu/libXcursor.so.1.0.2\nf0156000 4K r---- /usr/lib/i386-linux-gnu/libXcursor.so.1.0.2\nf0157000 4K rw--- /usr/lib/i386-linux-gnu/libXcursor.so.1.0.2\nf0158000 40K r-x-- /usr/lib/i386-linux-gnu/libXrandr.so.2.2.0\nf0162000 4K r---- /usr/lib/i386-linux-gnu/libXrandr.so.2.2.0\nf0163000 4K rw--- /usr/lib/i386-linux-gnu/libXrandr.so.2.2.0\nf0164000 68K r-x-- /usr/lib/i386-linux-gnu/libXi.so.6.1.0\nf0175000 4K r---- /usr/lib/i386-linux-gnu/libXi.so.6.1.0\nf0176000 4K rw--- /usr/lib/i386-linux-gnu/libXi.so.6.1.0\nf0177000 8K r-x-- /usr/lib/i386-linux-gnu/libXinerama.so.1.0.0\nf0179000 4K r---- /usr/lib/i386-linux-gnu/libXinerama.so.1.0.0\nf017a000 4K rw--- /usr/lib/i386-linux-gnu/libXinerama.so.1.0.0\nf017b000 364K r-x-- /usr/lib/i386-linux-gnu/libharfbuzz.so.0.935.0\nf01d6000 4K r---- /usr/lib/i386-linux-gnu/libharfbuzz.so.0.935.0\nf01d7000 4K rw--- /usr/lib/i386-linux-gnu/libharfbuzz.so.0.935.0\nf01d8000 76K r-x-- /lib/i386-linux-gnu/libresolv-2.19.so\nf01eb000 8K r---- /lib/i386-linux-gnu/libresolv-2.19.so\nf01ed000 4K rw--- /lib/i386-linux-gnu/libresolv-2.19.so\nf01ee000 8K rw--- [ anon ]\nf01f0000 148K r-x-- /lib/i386-linux-gnu/libselinux.so.1\nf0215000 4K r---- /lib/i386-linux-gnu/libselinux.so.1\nf0216000 4K rw--- /lib/i386-linux-gnu/libselinux.so.1\nf0217000 4K rw--- [ anon ]\nf0218000 20K r-x-- /usr/lib/i386-linux-gnu/libXfixes.so.3.1.0\nf021d000 4K r---- /usr/lib/i386-linux-gnu/libXfixes.so.3.1.0\nf021e000 4K rw--- /usr/lib/i386-linux-gnu/libXfixes.so.3.1.0\nf021f000 8K r-x-- /usr/lib/i386-linux-gnu/libXdamage.so.1.1.0\nf0221000 4K r---- /usr/lib/i386-linux-gnu/libXdamage.so.1.1.0\nf0222000 4K rw--- /usr/lib/i386-linux-gnu/libXdamage.so.1.1.0\nf0223000 8K r-x-- /usr/lib/i386-linux-gnu/libXcomposite.so.1.0.0\nf0225000 4K r---- /usr/lib/i386-linux-gnu/libXcomposite.so.1.0.0\nf0226000 4K rw--- /usr/lib/i386-linux-gnu/libXcomposite.so.1.0.0\nf0227000 448K r-x-- /lib/i386-linux-gnu/libpcre.so.3.13.1\nf0297000 8K r---- /lib/i386-linux-gnu/libpcre.so.3.13.1\nf0299000 4K rw--- /lib/i386-linux-gnu/libpcre.so.3.13.1\nf029a000 152K r-x-- /lib/i386-linux-gnu/libexpat.so.1.6.0\nf02c0000 8K r---- /lib/i386-linux-gnu/libexpat.so.1.6.0\nf02c2000 4K rw--- /lib/i386-linux-gnu/libexpat.so.1.6.0\nf02c3000 172K r-x-- /lib/i386-linux-gnu/libpng12.so.0.50.0\nf02ee000 4K r---- /lib/i386-linux-gnu/libpng12.so.0.50.0\nf02ef000 4K rw--- /lib/i386-linux-gnu/libpng12.so.0.50.0\nf02f0000 104K r-x-- /lib/i386-linux-gnu/libz.so.1.2.8\nf030a000 8K r---- /lib/i386-linux-gnu/libz.so.1.2.8\nf030c000 4K rw--- /lib/i386-linux-gnu/libz.so.1.2.8\nf030d000 392K r-x-- /usr/lib/i386-linux-gnu/libXt.so.6.0.0\nf036f000 4K r---- /usr/lib/i386-linux-gnu/libXt.so.6.0.0\nf0370000 12K rw--- /usr/lib/i386-linux-gnu/libXt.so.6.0.0\nf0373000 4K rw--- [ anon ]\nf0374000 76K r-x-- /usr/lib/i386-linux-gnu/libXext.so.6.4.0\nf0387000 4K r---- /usr/lib/i386-linux-gnu/libXext.so.6.4.0\nf0388000 4K rw--- /usr/lib/i386-linux-gnu/libXext.so.6.4.0\nf0389000 1332K r-x-- /usr/lib/i386-linux-gnu/libX11.so.6.3.0\nf04d6000 8K r---- /usr/lib/i386-linux-gnu/libX11.so.6.3.0\nf04d8000 12K rw--- /usr/lib/i386-linux-gnu/libX11.so.6.3.0\nf04db000 1300K r-x-- /usr/lib/i386-linux-gnu/libcairo.so.2.11400.0\nf0620000 8K r---- /usr/lib/i386-linux-gnu/libcairo.so.2.11400.0\nf0622000 4K rw--- /usr/lib/i386-linux-gnu/libcairo.so.2.11400.0\nf0623000 4K rw--- [ anon ]\nf0624000 320K r-x-- /usr/lib/i386-linux-gnu/libpango-1.0.so.0.3600.8\nf0674000 4K r---- /usr/lib/i386-linux-gnu/libpango-1.0.so.0.3600.8\nf0675000 4K rw--- /usr/lib/i386-linux-gnu/libpango-1.0.so.0.3600.8\nf0676000 156K r-x-- /usr/lib/i386-linux-gnu/libgdk_pixbuf-2.0.so.0.3100.1\nf069d000 4K r---- /usr/lib/i386-linux-gnu/libgdk_pixbuf-2.0.so.0.3100.1\nf069e000 4K rw--- /usr/lib/i386-linux-gnu/libgdk_pixbuf-2.0.so.0.3100.1\nf069f000 48K r-x-- /usr/lib/i386-linux-gnu/libpangocairo-1.0.so.0.3600.8\nf06ab000 4K r---- /usr/lib/i386-linux-gnu/libpangocairo-1.0.so.0.3600.8\nf06ac000 4K rw--- /usr/lib/i386-linux-gnu/libpangocairo-1.0.so.0.3600.8\nf06ad000 756K r-x-- /usr/lib/i386-linux-gnu/libgdk-x11-2.0.so.0.2400.25\nf076a000 12K r---- /usr/lib/i386-linux-gnu/libgdk-x11-2.0.so.0.2400.25\nf076d000 4K rw--- /usr/lib/i386-linux-gnu/libgdk-x11-2.0.so.0.2400.25\nf076e000 88K r-x-- /usr/lib/i386-linux-gnu/libpangoft2-1.0.so.0.3600.8\nf0784000 4K r---- /usr/lib/i386-linux-gnu/libpangoft2-1.0.so.0.3600.8\nf0785000 4K rw--- /usr/lib/i386-linux-gnu/libpangoft2-1.0.so.0.3600.8\nf0786000 1732K r-x-- /usr/lib/i386-linux-gnu/libgio-2.0.so.0.4200.1\nf0937000 12K r---- /usr/lib/i386-linux-gnu/libgio-2.0.so.0.4200.1\nf093a000 4K rw--- /usr/lib/i386-linux-gnu/libgio-2.0.so.0.4200.1\nf093b000 4K rw--- [ anon ]\nf093c000 148K r-x-- /usr/lib/i386-linux-gnu/libatk-1.0.so.0.21409.1\nf0961000 8K r---- /usr/lib/i386-linux-gnu/libatk-1.0.so.0.21409.1\nf0963000 4K rw--- /usr/lib/i386-linux-gnu/libatk-1.0.so.0.21409.1\nf0964000 5056K r-x-- /usr/lib/i386-linux-gnu/libgtk-x11-2.0.so.0.2400.25\nf0e54000 16K r---- /usr/lib/i386-linux-gnu/libgtk-x11-2.0.so.0.2400.25\nf0e58000 8K rw--- /usr/lib/i386-linux-gnu/libgtk-x11-2.0.so.0.2400.25\nf0e5a000 8K rw--- [ anon ]\nf0e5c000 1176K r-x-- /lib/i386-linux-gnu/libglib-2.0.so.0.4200.1\nf0f82000 4K r---- /lib/i386-linux-gnu/libglib-2.0.so.0.4200.1\nf0f83000 4K rw--- /lib/i386-linux-gnu/libglib-2.0.so.0.4200.1\nf0f84000 368K r-x-- /usr/lib/i386-linux-gnu/libgobject-2.0.so.0.4200.1\nf0fe0000 4K r---- /usr/lib/i386-linux-gnu/libgobject-2.0.so.0.4200.1\nf0fe1000 4K rw--- /usr/lib/i386-linux-gnu/libgobject-2.0.so.0.4200.1\nf0fe2000 336K r-x-- /lib/i386-linux-gnu/libdbus-1.so.3.8.13\nf1036000 8K r---- /lib/i386-linux-gnu/libdbus-1.so.3.8.13\nf1038000 4K rw--- /lib/i386-linux-gnu/libdbus-1.so.3.8.13\nf1039000 148K r-x-- /usr/lib/i386-linux-gnu/libdbus-glib-1.so.2.2.2\nf105e000 4K r---- /usr/lib/i386-linux-gnu/libdbus-glib-1.so.2.2.2\nf105f000 4K rw--- /usr/lib/i386-linux-gnu/libdbus-glib-1.so.2.2.2\nf1060000 1036K r-x-- /usr/lib/i386-linux-gnu/libasound.so.2.0.0\nf1163000 16K r---- /usr/lib/i386-linux-gnu/libasound.so.2.0.0\nf1167000 4K rw--- /usr/lib/i386-linux-gnu/libasound.so.2.0.0\nf1168000 40K r-x-- /usr/lib/i386-linux-gnu/libXrender.so.1.3.0\nf1172000 4K r---- /usr/lib/i386-linux-gnu/libXrender.so.1.3.0\nf1173000 4K rw--- /usr/lib/i386-linux-gnu/libXrender.so.1.3.0\nf1174000 256K r-x-- /usr/lib/i386-linux-gnu/libfontconfig.so.1.8.0\nf11b4000 4K r---- /usr/lib/i386-linux-gnu/libfontconfig.so.1.8.0\nf11b5000 4K rw--- /usr/lib/i386-linux-gnu/libfontconfig.so.1.8.0\nf11b6000 692K r-x-- /usr/lib/i386-linux-gnu/libfreetype.so.6.11.1\nf1263000 16K r---- /usr/lib/i386-linux-gnu/libfreetype.so.6.11.1\nf1267000 4K rw--- /usr/lib/i386-linux-gnu/libfreetype.so.6.11.1\nf126a000 4K ----- [ anon ]\nf126b000 4K r-x-- /usr/lib/i386-linux-gnu/gtk-2.0/modules/libatk-bridge.so\nf126c000 4K r---- /usr/lib/i386-linux-gnu/gtk-2.0/modules/libatk-bridge.so\nf126d000 4K rw--- /usr/lib/i386-linux-gnu/gtk-2.0/modules/libatk-bridge.so\nf126e000 8K r-x-- /usr/lib/i386-linux-gnu/gtk-2.0/2.10.0/engines/libadwaita.so\nf1270000 4K r---- /usr/lib/i386-linux-gnu/gtk-2.0/2.10.0/engines/libadwaita.so\nf1271000 4K rw--- /usr/lib/i386-linux-gnu/gtk-2.0/2.10.0/engines/libadwaita.so\nf1272000 4K r---- /usr/lib/locale/zu_ZA.utf8/LC_NUMERIC\nf1273000 4K r---- /usr/lib/locale/en_US.utf8/LC_TIME\nf1274000 4K r---- /usr/lib/locale/en_US.utf8/LC_MONETARY\nf1275000 4K r---- /usr/lib/locale/ug_CN/LC_MESSAGES/SYS_LC_MESSAGES\nf1276000 4K r---- /usr/lib/locale/yi_US.utf8/LC_PAPER\nf1277000 4K r---- /usr/lib/locale/yi_US.utf8/LC_NAME\nf1278000 28K r--s- /usr/lib/i386-linux-gnu/gconv/gconv-modules.cache\nf127f000 91548K r-x-- /usr/local/lib/tor-browser/libxul.so\nf6be6000 2612K r---- /usr/local/lib/tor-browser/libxul.so\nf6e73000 348K rw--- /usr/local/lib/tor-browser/libxul.so\nf6eca000 196K rw--- [ anon ]\nf6efb000 40K r-x-- /usr/local/lib/tor-browser/liblgpllibs.so\nf6f05000 4K r---- /usr/local/lib/tor-browser/liblgpllibs.so\nf6f06000 4K rw--- /usr/local/lib/tor-browser/liblgpllibs.so\nf6f07000 748K r-x-- /usr/local/lib/tor-browser/libmozsqlite3.so\nf6fc2000 8K r---- /usr/local/lib/tor-browser/libmozsqlite3.so\nf6fc4000 8K rw--- /usr/local/lib/tor-browser/libmozsqlite3.so\nf6fc6000 204K r-x-- /usr/local/lib/tor-browser/libssl3.so\nf6ff9000 4K ----- /usr/local/lib/tor-browser/libssl3.so\nf6ffa000 8K r---- /usr/local/lib/tor-browser/libssl3.so\nf6ffc000 4K rw--- /usr/local/lib/tor-browser/libssl3.so\nf6ffd000 116K r-x-- /usr/local/lib/tor-browser/libsmime3.so\nf701a000 4K ----- /usr/local/lib/tor-browser/libsmime3.so\nf701b000 8K r---- /usr/local/lib/tor-browser/libsmime3.so\nf701d000 4K rw--- /usr/local/lib/tor-browser/libsmime3.so\nf701e000 880K r-x-- /usr/local/lib/tor-browser/libnss3.so\nf70fa000 4K ----- /usr/local/lib/tor-browser/libnss3.so\nf70fb000 12K r---- /usr/local/lib/tor-browser/libnss3.so\nf70fe000 4K rw--- /usr/local/lib/tor-browser/libnss3.so\nf70ff000 2052K rw--- [ anon ]\nf7300000 4K r---- /usr/lib/locale/en_US.utf8/LC_ADDRESS\nf7301000 24K r-x-- /usr/lib/i386-linux-gnu/libffi.so.6.0.2\nf7307000 4K r---- /usr/lib/i386-linux-gnu/libffi.so.6.0.2\nf7308000 4K rw--- /usr/lib/i386-linux-gnu/libffi.so.6.0.2\nf7309000 120K r-x-- /usr/local/lib/tor-browser/libnssutil3.so\nf7327000 4K ----- /usr/local/lib/tor-browser/libnssutil3.so\nf7328000 12K r---- /usr/local/lib/tor-browser/libnssutil3.so\nf732b000 4K rw--- /usr/local/lib/tor-browser/libnssutil3.so\nf732c000 304K r-x-- /usr/local/lib/tor-browser/libnspr4.so\nf7378000 4K ----- /usr/local/lib/tor-browser/libnspr4.so\nf7379000 4K r---- /usr/local/lib/tor-browser/libnspr4.so\nf737a000 4K rw--- /usr/local/lib/tor-browser/libnspr4.so\nf737b000 20K rw--- [ anon ]\nf7380000 1464K r-x-- /lib/i386-linux-gnu/libc-2.19.so\nf74ee000 8K r---- /lib/i386-linux-gnu/libc-2.19.so\nf74f0000 4K rw--- /lib/i386-linux-gnu/libc-2.19.so\nf74f1000 12K rw--- [ anon ]\nf74f4000 112K r-x-- /lib/i386-linux-gnu/libgcc_s.so.1\nf7510000 4K rw--- /lib/i386-linux-gnu/libgcc_s.so.1\nf7511000 268K r-x-- /lib/i386-linux-gnu/libm-2.19.so\nf7554000 4K r---- /lib/i386-linux-gnu/libm-2.19.so\nf7555000 4K rw--- /lib/i386-linux-gnu/libm-2.19.so\nf7556000 1600K r-x-- /usr/local/lib/tor-browser/libstdc++.so.6\nf76e6000 24K r---- /usr/local/lib/tor-browser/libstdc++.so.6\nf76ec000 4K rw--- /usr/local/lib/tor-browser/libstdc++.so.6\nf76ed000 8K rw--- [ anon ]\nf76ef000 28K r-x-- /lib/i386-linux-gnu/librt-2.19.so\nf76f6000 4K r---- /lib/i386-linux-gnu/librt-2.19.so\nf76f7000 4K rw--- /lib/i386-linux-gnu/librt-2.19.so\nf76f8000 12K r-x-- /lib/i386-linux-gnu/libdl-2.19.so\nf76fb000 4K r---- /lib/i386-linux-gnu/libdl-2.19.so\nf76fc000 4K rw--- /lib/i386-linux-gnu/libdl-2.19.so\nf76fd000 92K r-x-- /lib/i386-linux-gnu/libpthread-2.19.so\nf7714000 4K r---- /lib/i386-linux-gnu/libpthread-2.19.so\nf7715000 4K rw--- /lib/i386-linux-gnu/libpthread-2.19.so\nf7716000 8K rw--- [ anon ]\nf7718000 4K r---- /usr/lib/locale/yi_US.utf8/LC_TELEPHONE\nf7719000 4K r---- /usr/lib/locale/yi_US.utf8/LC_MEASUREMENT\nf771a000 12K r-x-- /usr/lib/i386-linux-gnu/libgmodule-2.0.so.0.4200.1\nf771d000 4K r---- /usr/lib/i386-linux-gnu/libgmodule-2.0.so.0.4200.1\nf771e000 4K rw--- /usr/lib/i386-linux-gnu/libgmodule-2.0.so.0.4200.1\nf771f000 4K r-x-- /usr/lib/i386-linux-gnu/libgthread-2.0.so.0.4200.1\nf7720000 4K r---- /usr/lib/i386-linux-gnu/libgthread-2.0.so.0.4200.1\nf7721000 4K rw--- /usr/lib/i386-linux-gnu/libgthread-2.0.so.0.4200.1\nf7722000 12K r-x-- /usr/local/lib/tor-browser/libplds4.so\nf7725000 4K r---- /usr/local/lib/tor-browser/libplds4.so\nf7726000 4K rw--- /usr/local/lib/tor-browser/libplds4.so\nf7727000 20K r-x-- /usr/local/lib/tor-browser/libplc4.so\nf772c000 4K r---- /usr/local/lib/tor-browser/libplc4.so\nf772d000 4K rw--- /usr/local/lib/tor-browser/libplc4.so\nf772e000 4K r---- /usr/lib/locale/en_US.utf8/LC_IDENTIFICATION\nf772f000 8K rw--- [ anon ]\nf7731000 4K r-x-- [ anon ]\nf7732000 8K r---- [ anon ]\nf7734000 124K r-x-- /lib/i386-linux-gnu/ld-2.19.so\nf7753000 4K r---- /lib/i386-linux-gnu/ld-2.19.so\nf7754000 4K rw--- /lib/i386-linux-gnu/ld-2.19.so\nf7755000 148K r-x-- /usr/local/lib/tor-browser/firefox-unconfined\nf777a000 4K rw--- [ anon ]\nf777b000 4K r---- /usr/local/lib/tor-browser/firefox-unconfined\nf777c000 4K rw--- /usr/local/lib/tor-browser/firefox-unconfined\nffee0000 128K rwx-- [ stack ]\nfff00000 4K rw--- [ anon ]\n total 343664K\n", ""] calling as root: find /usr/lib /lib -name "libfreebl3.so" call returned: [0, "/usr/lib/i386-linux-gnu/nss/libfreebl3.so\n/usr/lib/icedove/libfreebl3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/i386-linux-gnu/nss/libfreebl3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/icedove/libfreebl3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/local/lib/tor-browser/libfreebl3.so\n", ""] calling as root: find /usr/lib /lib -name "liblgpllibs.so" call returned: [0, "/lib/live/mount/rootfs/filesystem.squashfs/usr/local/lib/tor-browser/liblgpllibs.so\n", ""] calling as root: find /usr/lib /lib -name "libmozsqlite3.so" call returned: [0, "/lib/live/mount/rootfs/filesystem.squashfs/usr/local/lib/tor-browser/libmozsqlite3.so\n", ""] calling as root: find /usr/lib /lib -name "libnspr4.so" call returned: [0, "/usr/lib/i386-linux-gnu/libnspr4.so\n/usr/lib/icedove/libnspr4.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/i386-linux-gnu/libnspr4.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/icedove/libnspr4.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/local/lib/tor-browser/libnspr4.so\n", ""] calling as root: find /usr/lib /lib -name "libnss3.so" call returned: [0, "/usr/lib/i386-linux-gnu/libnss3.so\n/usr/lib/icedove/libnss3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/i386-linux-gnu/libnss3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/icedove/libnss3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/local/lib/tor-browser/libnss3.so\n", ""] calling as root: find /usr/lib /lib -name "libnssckbi.so" call returned: [0, "/usr/lib/i386-linux-gnu/nss/libnssckbi.so\n/usr/lib/icedove/libnssckbi.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/i386-linux-gnu/nss/libnssckbi.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/icedove/libnssckbi.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/local/lib/tor-browser/libnssckbi.so\n", ""] calling as root: find /usr/lib /lib -name "libnssdbm3.so" call returned: [0, "/usr/lib/i386-linux-gnu/nss/libnssdbm3.so\n/usr/lib/icedove/libnssdbm3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/i386-linux-gnu/nss/libnssdbm3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/icedove/libnssdbm3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/local/lib/tor-browser/libnssdbm3.so\n", ""] calling as root: find /usr/lib /lib -name "libnssutil3.so" call returned: [0, "/usr/lib/i386-linux-gnu/libnssutil3.so\n/usr/lib/icedove/libnssutil3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/i386-linux-gnu/libnssutil3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/icedove/libnssutil3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/local/lib/tor-browser/libnssutil3.so\n", ""] calling as root: find /usr/lib /lib -name "libplc4.so" call returned: [0, "/usr/lib/i386-linux-gnu/libplc4.so\n/usr/lib/icedove/libplc4.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/i386-linux-gnu/libplc4.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/icedove/libplc4.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/local/lib/tor-browser/libplc4.so\n", ""] calling as root: find /usr/lib /lib -name "libplds4.so" call returned: [0, "/usr/lib/i386-linux-gnu/libplds4.so\n/usr/lib/icedove/libplds4.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/i386-linux-gnu/libplds4.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/icedove/libplds4.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/local/lib/tor-browser/libplds4.so\n", ""] calling as root: find /usr/lib /lib -name "libsmime3.so" call returned: [0, "/usr/lib/i386-linux-gnu/libsmime3.so\n/usr/lib/icedove/libsmime3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/i386-linux-gnu/libsmime3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/icedove/libsmime3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/local/lib/tor-browser/libsmime3.so\n", ""] calling as root: find /usr/lib /lib -name "libsoftokn3.so" call returned: [0, "/usr/lib/i386-linux-gnu/nss/libsoftokn3.so\n/usr/lib/icedove/libsoftokn3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/i386-linux-gnu/nss/libsoftokn3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/icedove/libsoftokn3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/local/lib/tor-browser/libsoftokn3.so\n", ""] calling as root: find /usr/lib /lib -name "libssl3.so" call returned: [0, "/usr/lib/i386-linux-gnu/libssl3.so\n/usr/lib/icedove/libssl3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/i386-linux-gnu/libssl3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/icedove/libssl3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/local/lib/tor-browser/libssl3.so\n", ""] calling as root: find /usr/lib /lib -name "libxul.so" call returned: [0, "/usr/lib/icedove/libxul.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/icedove/libxul.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/local/lib/tor-browser/libxul.so\n", ""] [log] CLICK on (239,455) [log] CLICK on (243,305) [log] CLICK on (791,624) [log] CLICK on (301,326) [log] TYPE "obfs4 10.2.1.1:42270 93C972C243FB9C6CD690F5E61D8C90490E25FC91 cert=2W73QrAuwfw4S2Sa2u53JValyZB30cOY/zalKKsPwXt30DX17ImZVssfubITOdX9AMMgWQ iat-mode=0 " [log] TYPE "obfs4 10.2.1.1:44299 A1412783189DB1F419435BED2C2A388CA9C48228 cert=OukVJbpGJTrw7HfxluqqFH8KkiSW+2tTwc45iZJ/xKEKUe7HE6CRn7iZbS5cljOJcRcaDg iat-mode=0 " [log] TYPE "obfs4 10.2.1.1:35334 4A3C735D9DB303945FBE713A36E40A07C5AF1161 cert=LsjGFFSM6zktP4k4aGkQ+Uhl7n15cilcvbUWT6XWr6dOcu6LNr9j7mtA/lTXHu8SPZSdNA iat-mode=0 " [log] CLICK on (791,624) [log] CLICK on (791,624) When I configure some obfs4 pluggable transports in Tor Launcher # features/step_definitions/tor.rb:339 calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [0, "", ""] calling as root: test -e /var/run/tordate/done call returned: [1, "", ""] calling as root: test -e /var/run/tordate/done call returned: [0, "", ""] calling as root: test -e /var/run/htpdate/success call returned: [1, "", ""] calling as root: test -e /var/run/htpdate/success call returned: [1, "", ""] calling as root: test -e /var/run/htpdate/success call returned: [0, "", ""] calling as root: systemctl is-system-running call returned: [0, "running\n", ""] Then Tor is ready # features/step_definitions/common_steps.rb:373 calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [0, "", ""] And available upgrades have been checked # features/step_definitions/common_steps.rb:392 And all Internet traffic has only flowed through the configured pluggable transports # features/step_definitions/tor.rb:390 @product Feature: Installing Tails to a USB drive As a Tails user I want to install Tails to a suitable USB drive Scenario: Try installing Tails to a too small USB drive # features/usb_install.feature:6 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [1, "", ""] calling as root: date -s '@1465816934' call returned: [0, "Mon Jun 13 11:22:14 UTC 2016\n", ""] Given I have started Tails from DVD without network and logged in # features/step_definitions/snapshots.rb:199 And I temporarily create a 2 GiB disk named "too-small-device" # features/step_definitions/common_steps.rb:139 calling as amnesia: mktemp call returned: [0, "/tmp/tmp.HDzszmWlSF\n", ""] calling as root: rm -f '/tmp/tmp.HDzszmWlSF' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Applications'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.HDzszmWlSF' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.HDzszmWlSF' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.HDzszmWlSF_20160613-112215_debug ...\nClicking on [label | Applications]\nMouse button 1 click at (47,13)\n", ""] calling as root: rm -f '/tmp/tmp.HDzszmWlSF' call returned: [0, "", ""] calling as amnesia: mktemp call returned: [0, "/tmp/tmp.ErZbVxfYz5\n", ""] calling as root: rm -f '/tmp/tmp.ErZbVxfYz5' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Tails'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.ErZbVxfYz5' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.ErZbVxfYz5' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.ErZbVxfYz5_20160613-112218_debug ...\nClicking on [label | Tails]\nMouse button 1 click at (47,364)\n", ""] calling as root: rm -f '/tmp/tmp.ErZbVxfYz5' call returned: [0, "", ""] calling as amnesia: mktemp call returned: [0, "/tmp/tmp.Lv28Slr4dh\n", ""] calling as root: rm -f '/tmp/tmp.Lv28Slr4dh' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Tails Installer'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.Lv28Slr4dh' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.Lv28Slr4dh' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.Lv28Slr4dh_20160613-112222_debug ...\nClicking on [label | Tails Installer]\nMouse button 1 click at (301,249)\n", ""] calling as root: rm -f '/tmp/tmp.Lv28Slr4dh' call returned: [0, "", ""] [log] CLICK on (279,216) And I start Tails Installer in "Clone & Install" mode # features/step_definitions/usb.rb:87 But a suitable USB device is not found # features/step_definitions/usb.rb:607 calling as root: test -b /dev/sda call returned: [1, "", ""] calling as root: test -b /dev/sda call returned: [1, "", ""] calling as root: test -b /dev/sda call returned: [0, "", ""] When I plug USB drive "too-small-device" # features/step_definitions/common_steps.rb:145 Then Tails Installer detects that a device is too small # features/step_definitions/usb.rb:101 And a suitable USB device is not found # features/step_definitions/usb.rb:607 When I unplug USB drive "too-small-device" # features/step_definitions/usb.rb:55 And I create a 4 GiB disk named "big-enough" # features/step_definitions/common_steps.rb:139 calling as root: test -b /dev/sda call returned: [1, "", ""] calling as root: test -b /dev/sda call returned: [0, "", ""] And I plug USB drive "big-enough" # features/step_definitions/common_steps.rb:145 Then the "big-enough" USB drive is selected # features/step_definitions/usb.rb:611 Scenario: Detecting when a target USB drive is inserted or removed # features/usb_install.feature:19 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [1, "", ""] calling as root: date -s '@1465816959' call returned: [0, "Mon Jun 13 11:22:39 UTC 2016\n", ""] Given I have started Tails from DVD without network and logged in # features/step_definitions/snapshots.rb:199 And I temporarily create a 4 GiB disk named "temp" # features/step_definitions/common_steps.rb:139 calling as amnesia: mktemp call returned: [0, "/tmp/tmp.eroW7uoQRe\n", ""] calling as root: rm -f '/tmp/tmp.eroW7uoQRe' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Applications'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.eroW7uoQRe' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.eroW7uoQRe' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.eroW7uoQRe_20160613-112240_debug ...\nClicking on [label | Applications]\nMouse button 1 click at (47,13)\n", ""] calling as root: rm -f '/tmp/tmp.eroW7uoQRe' call returned: [0, "", ""] calling as amnesia: mktemp call returned: [0, "/tmp/tmp.ZggFO4P91o\n", ""] calling as root: rm -f '/tmp/tmp.ZggFO4P91o' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Tails'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.ZggFO4P91o' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.ZggFO4P91o' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.ZggFO4P91o_20160613-112243_debug ...\nClicking on [label | Tails]\nMouse button 1 click at (47,364)\n", ""] calling as root: rm -f '/tmp/tmp.ZggFO4P91o' call returned: [0, "", ""] calling as amnesia: mktemp call returned: [0, "/tmp/tmp.TPbR6U1eqL\n", ""] calling as root: rm -f '/tmp/tmp.TPbR6U1eqL' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Tails Installer'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.TPbR6U1eqL' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.TPbR6U1eqL' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.TPbR6U1eqL_20160613-112246_debug ...\nClicking on [label | Tails Installer]\nMouse button 1 click at (301,249)\n", ""] calling as root: rm -f '/tmp/tmp.TPbR6U1eqL' call returned: [0, "", ""] [log] CLICK on (279,216) And I start Tails Installer in "Clone & Install" mode # features/step_definitions/usb.rb:87 But a suitable USB device is not found # features/step_definitions/usb.rb:607 calling as root: test -b /dev/sda call returned: [1, "", ""] calling as root: test -b /dev/sda call returned: [1, "", ""] calling as root: test -b /dev/sda call returned: [0, "", ""] When I plug USB drive "temp" # features/step_definitions/common_steps.rb:145 Then the "temp" USB drive is selected # features/step_definitions/usb.rb:611 When I unplug USB drive "temp" # features/step_definitions/usb.rb:55 Then no USB drive is selected # features/step_definitions/usb.rb:615 And a suitable USB device is not found # features/step_definitions/usb.rb:607 @source Feature: custom APT sources to build branches As a Tails developer, when I build Tails, I'd be happy if the proper APT sources were automatically picked depending on which Git branch I am working on. Scenario: build from an untagged stable branch where the config/APT_overlays.d directory is empty # features/build.feature:7 Given I am working on the stable base branch # features/step_definitions/build.rb:70 And the last version mentioned in debian/changelog is 1.0 # features/step_definitions/build.rb:36 And Tails 1.0 has not been released yet # features/step_definitions/build.rb:32 And the config/APT_overlays.d directory is empty # features/step_definitions/build.rb:122 When I successfully run tails-custom-apt-sources # features/step_definitions/build.rb:99 Then I should see only the 'stable' suite # features/step_definitions/build.rb:113 Scenario: build from an untagged stable branch where config/APT_overlays.d is not empty # features/build.feature:15 Given I am working on the stable base branch # features/step_definitions/build.rb:70 And the last version mentioned in debian/changelog is 1.0 # features/step_definitions/build.rb:36 And Tails 1.0 has not been released yet # features/step_definitions/build.rb:32 And config/APT_overlays.d contains 'feature-foo' # features/step_definitions/build.rb:127 And config/APT_overlays.d contains 'bugfix-bar' # features/step_definitions/build.rb:127 When I successfully run tails-custom-apt-sources # features/step_definitions/build.rb:99 Then I should see the 'stable' suite # features/step_definitions/build.rb:109 And I should see the 'feature-foo' suite # features/step_definitions/build.rb:109 And I should see the 'bugfix-bar' suite # features/step_definitions/build.rb:109 But I should not see the '1.0' suite # features/step_definitions/build.rb:118 Scenario: build from an untagged stable branch with no encoded time-based snapshot # features/build.feature:27 Given I am working on the stable base branch # features/step_definitions/build.rb:70 And Tails 0.10 has been released # features/step_definitions/build.rb:1 And the last versions mentioned in debian/changelog are 0.10 and 1.0 # features/step_definitions/build.rb:45 And Tails 1.0 has not been released yet # features/step_definitions/build.rb:32 And no frozen APT snapshot is encoded in config/APT_snapshots.d # features/step_definitions/build.rb:50 When I successfully run "apt-snapshots-serials prepare-build" # features/step_definitions/build.rb:99 And I successfully run "apt-mirror debian" # features/step_definitions/build.rb:99 Then I should see the 0.10 tagged snapshot # features/step_definitions/build.rb:147 When I successfully run "apt-mirror torproject" # features/step_definitions/build.rb:99 Then I should see the 0.10 tagged snapshot # features/step_definitions/build.rb:147 When I successfully run "apt-mirror debian-security" # features/step_definitions/build.rb:99 Then I should see a time-based snapshot # features/step_definitions/build.rb:151 Scenario: build from an untagged stable branch with encoded time-based snapshots # features/build.feature:41 Given I am working on the stable base branch # features/step_definitions/build.rb:70 And Tails 0.10 has been released # features/step_definitions/build.rb:1 And the last versions mentioned in debian/changelog are 0.10 and 1.0 # features/step_definitions/build.rb:45 And Tails 1.0 has not been released yet # features/step_definitions/build.rb:32 And frozen APT snapshots are encoded in config/APT_snapshots.d # features/step_definitions/build.rb:58 When I successfully run "apt-snapshots-serials prepare-build" # features/step_definitions/build.rb:99 And I successfully run "apt-mirror debian" # features/step_definitions/build.rb:99 Then I should see a time-based snapshot # features/step_definitions/build.rb:151 When I successfully run "apt-mirror torproject" # features/step_definitions/build.rb:99 Then I should see a time-based snapshot # features/step_definitions/build.rb:151 When I successfully run "apt-mirror debian-security" # features/step_definitions/build.rb:99 Then I should see a time-based snapshot # features/step_definitions/build.rb:151 Scenario: build from a tagged stable branch where the config/APT_overlays.d directory is empty # features/build.feature:55 Given Tails 0.10 has been released # features/step_definitions/build.rb:1 And the last version mentioned in debian/changelog is 0.10 # features/step_definitions/build.rb:36 And I am working on the stable base branch # features/step_definitions/build.rb:70 And I checkout the 0.10 tag # features/step_definitions/build.rb:82 And the config/APT_overlays.d directory is empty # features/step_definitions/build.rb:122 When I successfully run tails-custom-apt-sources # features/step_definitions/build.rb:99 Then I should see only the '0.10' suite # features/step_definitions/build.rb:113 Scenario: build from a tagged stable branch where config/APT_overlays.d is not empty # features/build.feature:64 Given Tails 0.10 has been released # features/step_definitions/build.rb:1 And the last version mentioned in debian/changelog is 0.10 # features/step_definitions/build.rb:36 And I am working on the stable base branch # features/step_definitions/build.rb:70 And I checkout the 0.10 tag # features/step_definitions/build.rb:82 And config/APT_overlays.d contains 'feature-foo' # features/step_definitions/build.rb:127 When I run tails-custom-apt-sources # features/step_definitions/build.rb:104 Then it should fail # features/step_definitions/build.rb:131 Scenario: build from a tagged stable branch with no encoded time-based snapshot # features/build.feature:73 Given I am working on the stable base branch # features/step_definitions/build.rb:70 And Tails 0.10 has been released # features/step_definitions/build.rb:1 And the last version mentioned in debian/changelog is 0.10 # features/step_definitions/build.rb:36 And no frozen APT snapshot is encoded in config/APT_snapshots.d # features/step_definitions/build.rb:50 And I checkout the 0.10 tag # features/step_definitions/build.rb:82 When I successfully run "apt-snapshots-serials prepare-build" # features/step_definitions/build.rb:99 And I successfully run "apt-mirror debian" # features/step_definitions/build.rb:99 Then I should see the 0.10 tagged snapshot # features/step_definitions/build.rb:147 When I successfully run "apt-mirror torproject" # features/step_definitions/build.rb:99 Then I should see the 0.10 tagged snapshot # features/step_definitions/build.rb:147 When I successfully run "apt-mirror debian-security" # features/step_definitions/build.rb:99 Then I should see the 0.10 tagged snapshot # features/step_definitions/build.rb:147 Scenario: build from a tagged stable branch with encoded time-based snapshots # features/build.feature:87 Given I am working on the stable base branch # features/step_definitions/build.rb:70 And Tails 0.10 has been released # features/step_definitions/build.rb:1 And the last version mentioned in debian/changelog is 0.10 # features/step_definitions/build.rb:36 And frozen APT snapshots are encoded in config/APT_snapshots.d # features/step_definitions/build.rb:58 And I checkout the 0.10 tag # features/step_definitions/build.rb:82 When I successfully run "apt-snapshots-serials prepare-build" # features/step_definitions/build.rb:99 And I successfully run "apt-mirror debian" # features/step_definitions/build.rb:99 Then I should see the 0.10 tagged snapshot # features/step_definitions/build.rb:147 When I successfully run "apt-mirror torproject" # features/step_definitions/build.rb:99 Then I should see the 0.10 tagged snapshot # features/step_definitions/build.rb:147 When I successfully run "apt-mirror debian-security" # features/step_definitions/build.rb:99 Then I should see the 0.10 tagged snapshot # features/step_definitions/build.rb:147 Scenario: build from a bugfix branch without overlays for a stable release # features/build.feature:101 Given Tails 0.10 has been released # features/step_definitions/build.rb:1 And the last version mentioned in debian/changelog is 0.10.1 # features/step_definitions/build.rb:36 And Tails 0.10.1 has not been released yet # features/step_definitions/build.rb:32 And I am working on the bugfix/disable_gdomap branch based on stable # features/step_definitions/build.rb:87 And the config/APT_overlays.d directory is empty # features/step_definitions/build.rb:122 When I successfully run tails-custom-apt-sources # features/step_definitions/build.rb:99 Then I should see only the 'stable' suite # features/step_definitions/build.rb:113 Scenario: build from a bugfix branch with overlays for a stable release # features/build.feature:110 Given Tails 0.10 has been released # features/step_definitions/build.rb:1 And the last version mentioned in debian/changelog is 0.10.1 # features/step_definitions/build.rb:36 And Tails 0.10.1 has not been released yet # features/step_definitions/build.rb:32 And I am working on the bugfix/disable_gdomap branch based on stable # features/step_definitions/build.rb:87 And config/APT_overlays.d contains 'bugfix-disable-gdomap' # features/step_definitions/build.rb:127 And config/APT_overlays.d contains 'bugfix-bar' # features/step_definitions/build.rb:127 When I successfully run tails-custom-apt-sources # features/step_definitions/build.rb:99 Then I should see the 'stable' suite # features/step_definitions/build.rb:109 And I should see the 'bugfix-disable-gdomap' suite # features/step_definitions/build.rb:109 And I should see the 'bugfix-bar' suite # features/step_definitions/build.rb:109 But I should not see the '0.10' suite # features/step_definitions/build.rb:118 Scenario: build from a bugfix branch with no encoded time-based snapshot for a stable release # features/build.feature:123 Given Tails 0.10 has been released # features/step_definitions/build.rb:1 And the last version mentioned in debian/changelog is 0.10.1 # features/step_definitions/build.rb:36 And Tails 0.10.1 has not been released yet # features/step_definitions/build.rb:32 And I am working on the bugfix/disable_gdomap branch based on stable # features/step_definitions/build.rb:87 And no frozen APT snapshot is encoded in config/APT_snapshots.d # features/step_definitions/build.rb:50 When I successfully run "apt-snapshots-serials prepare-build" # features/step_definitions/build.rb:99 And I successfully run "apt-mirror debian" # features/step_definitions/build.rb:99 Then I should see the 0.10 tagged snapshot # features/step_definitions/build.rb:147 When I successfully run "apt-mirror torproject" # features/step_definitions/build.rb:99 Then I should see the 0.10 tagged snapshot # features/step_definitions/build.rb:147 When I successfully run "apt-mirror debian-security" # features/step_definitions/build.rb:99 Then I should see a time-based snapshot # features/step_definitions/build.rb:151 Scenario: build from a bugfix branch with encoded time-based snapshots for a stable release # features/build.feature:137 Given Tails 0.10 has been released # features/step_definitions/build.rb:1 And the last version mentioned in debian/changelog is 0.10.1 # features/step_definitions/build.rb:36 And Tails 0.10.1 has not been released yet # features/step_definitions/build.rb:32 And I am working on the bugfix/disable_gdomap branch based on stable # features/step_definitions/build.rb:87 And frozen APT snapshots are encoded in config/APT_snapshots.d # features/step_definitions/build.rb:58 When I successfully run "apt-snapshots-serials prepare-build" # features/step_definitions/build.rb:99 And I successfully run "apt-mirror debian" # features/step_definitions/build.rb:99 Then I should see a time-based snapshot # features/step_definitions/build.rb:151 When I successfully run "apt-mirror torproject" # features/step_definitions/build.rb:99 Then I should see a time-based snapshot # features/step_definitions/build.rb:151 When I successfully run "apt-mirror debian-security" # features/step_definitions/build.rb:99 Then I should see a time-based snapshot # features/step_definitions/build.rb:151 Scenario: build from an untagged testing branch where the config/APT_overlays.d directory is empty # features/build.feature:151 Given I am working on the testing base branch # features/step_definitions/build.rb:70 And the last version mentioned in debian/changelog is 0.11 # features/step_definitions/build.rb:36 And Tails 0.11 has not been released yet # features/step_definitions/build.rb:32 And the config/APT_overlays.d directory is empty # features/step_definitions/build.rb:122 When I successfully run tails-custom-apt-sources # features/step_definitions/build.rb:99 Then I should see the 'testing' suite # features/step_definitions/build.rb:109 And I should not see the '0.11' suite # features/step_definitions/build.rb:118 And I should not see the 'feature-foo' suite # features/step_definitions/build.rb:118 And I should not see the 'bugfix-bar' suite # features/step_definitions/build.rb:118 Scenario: build from an untagged testing branch where config/APT_overlays.d is not empty # features/build.feature:162 Given I am working on the testing base branch # features/step_definitions/build.rb:70 And the last version mentioned in debian/changelog is 0.11 # features/step_definitions/build.rb:36 And Tails 0.11 has not been released yet # features/step_definitions/build.rb:32 And config/APT_overlays.d contains 'feature-foo' # features/step_definitions/build.rb:127 And config/APT_overlays.d contains 'bugfix-bar' # features/step_definitions/build.rb:127 When I successfully run tails-custom-apt-sources # features/step_definitions/build.rb:99 Then I should see the 'testing' suite # features/step_definitions/build.rb:109 And I should see the 'feature-foo' suite # features/step_definitions/build.rb:109 And I should see the 'bugfix-bar' suite # features/step_definitions/build.rb:109 But I should not see the '0.11' suite # features/step_definitions/build.rb:118 Scenario: build from an untagged testing branch with no encoded time-based snapshot # features/build.feature:174 Given I am working on the testing base branch # features/step_definitions/build.rb:70 And Tails 0.10 has been released # features/step_definitions/build.rb:1 And the last versions mentioned in debian/changelog are 0.10 and 1.0 # features/step_definitions/build.rb:45 And Tails 1.0 has not been released yet # features/step_definitions/build.rb:32 And no frozen APT snapshot is encoded in config/APT_snapshots.d # features/step_definitions/build.rb:50 When I successfully run "apt-snapshots-serials prepare-build" # features/step_definitions/build.rb:99 And I successfully run "apt-mirror debian" # features/step_definitions/build.rb:99 Then I should see a time-based snapshot # features/step_definitions/build.rb:151 When I successfully run "apt-mirror torproject" # features/step_definitions/build.rb:99 Then I should see a time-based snapshot # features/step_definitions/build.rb:151 When I successfully run "apt-mirror debian-security" # features/step_definitions/build.rb:99 Then I should see a time-based snapshot # features/step_definitions/build.rb:151 Scenario: build from an untagged testing branch with encoded time-based snapshots # features/build.feature:188 Given I am working on the testing base branch # features/step_definitions/build.rb:70 And Tails 0.10 has been released # features/step_definitions/build.rb:1 And the last versions mentioned in debian/changelog are 0.10 and 1.0 # features/step_definitions/build.rb:45 And Tails 1.0 has not been released yet # features/step_definitions/build.rb:32 And frozen APT snapshots are encoded in config/APT_snapshots.d # features/step_definitions/build.rb:58 When I successfully run "apt-snapshots-serials prepare-build" # features/step_definitions/build.rb:99 And I successfully run "apt-mirror debian" # features/step_definitions/build.rb:99 Then I should see a time-based snapshot # features/step_definitions/build.rb:151 When I successfully run "apt-mirror torproject" # features/step_definitions/build.rb:99 Then I should see a time-based snapshot # features/step_definitions/build.rb:151 When I successfully run "apt-mirror debian-security" # features/step_definitions/build.rb:99 Then I should see a time-based snapshot # features/step_definitions/build.rb:151 Scenario: build from a tagged testing branch where the config/APT_overlays.d directory is empty # features/build.feature:202 Given I am working on the testing base branch # features/step_definitions/build.rb:70 And the last version mentioned in debian/changelog is 0.11 # features/step_definitions/build.rb:36 And Tails 0.11 has been released # features/step_definitions/build.rb:1 And the config/APT_overlays.d directory is empty # features/step_definitions/build.rb:122 And I checkout the 0.11 tag # features/step_definitions/build.rb:82 When I successfully run tails-custom-apt-sources # features/step_definitions/build.rb:99 Then I should see only the '0.11' suite # features/step_definitions/build.rb:113 Scenario: build from a tagged testing branch where config/APT_overlays.d is not empty # features/build.feature:211 Given I am working on the testing base branch # features/step_definitions/build.rb:70 And the last version mentioned in debian/changelog is 0.11 # features/step_definitions/build.rb:36 And Tails 0.11 has been released # features/step_definitions/build.rb:1 And config/APT_overlays.d contains 'feature-foo' # features/step_definitions/build.rb:127 And I checkout the 0.11 tag # features/step_definitions/build.rb:82 When I run tails-custom-apt-sources # features/step_definitions/build.rb:104 Then it should fail # features/step_definitions/build.rb:131 Scenario: build from a tagged testing branch with no encoded time-based snapshot # features/build.feature:220 Given I am working on the testing base branch # features/step_definitions/build.rb:70 And the last version mentioned in debian/changelog is 0.11 # features/step_definitions/build.rb:36 And Tails 0.11 has been released # features/step_definitions/build.rb:1 And no frozen APT snapshot is encoded in config/APT_snapshots.d # features/step_definitions/build.rb:50 And I checkout the 0.11 tag # features/step_definitions/build.rb:82 When I successfully run "apt-snapshots-serials prepare-build" # features/step_definitions/build.rb:99 And I run "apt-mirror debian" # features/step_definitions/build.rb:104 Then it should fail # features/step_definitions/build.rb:131 When I run "apt-mirror torproject" # features/step_definitions/build.rb:104 Then it should fail # features/step_definitions/build.rb:131 When I successfully run "apt-mirror debian-security" # features/step_definitions/build.rb:99 Then I should see the 0.11 tagged snapshot # features/step_definitions/build.rb:147 Scenario: build from a tagged testing branch with encoded time-based snapshots # features/build.feature:234 Given I am working on the testing base branch # features/step_definitions/build.rb:70 And the last version mentioned in debian/changelog is 0.11 # features/step_definitions/build.rb:36 And Tails 0.11 has been released # features/step_definitions/build.rb:1 And frozen APT snapshots are encoded in config/APT_snapshots.d # features/step_definitions/build.rb:58 And I checkout the 0.11 tag # features/step_definitions/build.rb:82 When I successfully run "apt-snapshots-serials prepare-build" # features/step_definitions/build.rb:99 And I successfully run "apt-mirror debian" # features/step_definitions/build.rb:99 Then I should see the 0.11 tagged snapshot # features/step_definitions/build.rb:147 When I successfully run "apt-mirror torproject" # features/step_definitions/build.rb:99 Then I should see the 0.11 tagged snapshot # features/step_definitions/build.rb:147 When I successfully run "apt-mirror debian-security" # features/step_definitions/build.rb:99 Then I should see the 0.11 tagged snapshot # features/step_definitions/build.rb:147 Scenario: build a release candidate from a tagged testing branch # features/build.feature:248 Given I am working on the testing base branch # features/step_definitions/build.rb:70 And Tails 0.11 has been released # features/step_definitions/build.rb:1 And the last version mentioned in debian/changelog is 0.12~rc1 # features/step_definitions/build.rb:36 And Tails 0.12-rc1 has been tagged # features/step_definitions/build.rb:28 And the config/APT_overlays.d directory is empty # features/step_definitions/build.rb:122 And I checkout the 0.12-rc1 tag # features/step_definitions/build.rb:82 When I successfully run tails-custom-apt-sources # features/step_definitions/build.rb:99 Then I should see only the '0.12-rc1' suite # features/step_definitions/build.rb:113 Scenario: build a release candidate from a tagged testing branch where config/APT_overlays.d is not empty # features/build.feature:258 Given I am working on the testing base branch # features/step_definitions/build.rb:70 And Tails 0.11 has been released # features/step_definitions/build.rb:1 And the last version mentioned in debian/changelog is 0.12~rc1 # features/step_definitions/build.rb:36 And Tails 0.12-rc1 has been tagged # features/step_definitions/build.rb:28 And config/APT_overlays.d contains 'bugfix-bar' # features/step_definitions/build.rb:127 And I checkout the 0.12-rc1 tag # features/step_definitions/build.rb:82 When I run tails-custom-apt-sources # features/step_definitions/build.rb:104 Then it should fail # features/step_definitions/build.rb:131 Scenario: build from a bugfix branch with no encoded time-based snapshot for a major release # features/build.feature:268 Given I am working on the testing base branch # features/step_definitions/build.rb:70 And Tails 0.10~rc1 has been released # features/step_definitions/build.rb:1 And the last versions mentioned in debian/changelog are 0.10~rc1 and 0.10 # features/step_definitions/build.rb:45 And Tails 0.10 has not been released yet # features/step_definitions/build.rb:32 And I am working on the bugfix/disable_gdomap branch based on testing # features/step_definitions/build.rb:87 And no frozen APT snapshot is encoded in config/APT_snapshots.d # features/step_definitions/build.rb:50 When I successfully run "apt-snapshots-serials prepare-build" # features/step_definitions/build.rb:99 And I successfully run "apt-mirror debian" # features/step_definitions/build.rb:99 Then I should see a time-based snapshot # features/step_definitions/build.rb:151 When I successfully run "apt-mirror torproject" # features/step_definitions/build.rb:99 Then I should see a time-based snapshot # features/step_definitions/build.rb:151 When I successfully run "apt-mirror debian-security" # features/step_definitions/build.rb:99 Then I should see a time-based snapshot # features/step_definitions/build.rb:151 Scenario: build from a bugfix branch with encoded time-based snapshots for a major release # features/build.feature:283 Given I am working on the testing base branch # features/step_definitions/build.rb:70 And Tails 0.10~rc1 has been released # features/step_definitions/build.rb:1 And the last versions mentioned in debian/changelog are 0.10~rc1 and 0.10 # features/step_definitions/build.rb:45 And Tails 0.10 has not been released yet # features/step_definitions/build.rb:32 And I am working on the bugfix/disable_gdomap branch based on testing # features/step_definitions/build.rb:87 And frozen APT snapshots are encoded in config/APT_snapshots.d # features/step_definitions/build.rb:58 When I successfully run "apt-snapshots-serials prepare-build" # features/step_definitions/build.rb:99 And I successfully run "apt-mirror debian" # features/step_definitions/build.rb:99 Then I should see a time-based snapshot # features/step_definitions/build.rb:151 When I successfully run "apt-mirror torproject" # features/step_definitions/build.rb:99 Then I should see a time-based snapshot # features/step_definitions/build.rb:151 When I successfully run "apt-mirror debian-security" # features/step_definitions/build.rb:99 Then I should see a time-based snapshot # features/step_definitions/build.rb:151 Scenario: build from the devel branch without overlays # features/build.feature:298 Given I am working on the devel base branch # features/step_definitions/build.rb:70 And the config/APT_overlays.d directory is empty # features/step_definitions/build.rb:122 When I successfully run tails-custom-apt-sources # features/step_definitions/build.rb:99 Then I should see only the 'devel' suite # features/step_definitions/build.rb:113 Scenario: build from the devel branch with overlays # features/build.feature:304 Given I am working on the devel base branch # features/step_definitions/build.rb:70 And config/APT_overlays.d contains 'feature-foo' # features/step_definitions/build.rb:127 And config/APT_overlays.d contains 'bugfix-bar' # features/step_definitions/build.rb:127 When I successfully run tails-custom-apt-sources # features/step_definitions/build.rb:99 Then I should see the 'devel' suite # features/step_definitions/build.rb:109 And I should see the 'feature-foo' suite # features/step_definitions/build.rb:109 And I should see the 'bugfix-bar' suite # features/step_definitions/build.rb:109 Scenario: build from the devel branch with no encoded time-based snapshot # features/build.feature:313 Given I am working on the devel base branch # features/step_definitions/build.rb:70 And no frozen APT snapshot is encoded in config/APT_snapshots.d # features/step_definitions/build.rb:50 When I successfully run "apt-snapshots-serials prepare-build" # features/step_definitions/build.rb:99 And I successfully run "apt-mirror debian" # features/step_definitions/build.rb:99 Then I should see a time-based snapshot # features/step_definitions/build.rb:151 When I successfully run "apt-mirror torproject" # features/step_definitions/build.rb:99 Then I should see a time-based snapshot # features/step_definitions/build.rb:151 When I successfully run "apt-mirror debian-security" # features/step_definitions/build.rb:99 Then I should see a time-based snapshot # features/step_definitions/build.rb:151 Scenario: build from the devel branch with encoded time-based snapshots # features/build.feature:324 Given I am working on the devel base branch # features/step_definitions/build.rb:70 And frozen APT snapshots are encoded in config/APT_snapshots.d # features/step_definitions/build.rb:58 When I successfully run "apt-snapshots-serials prepare-build" # features/step_definitions/build.rb:99 And I run "apt-mirror debian" # features/step_definitions/build.rb:104 Then it should fail # features/step_definitions/build.rb:131 When I run "apt-mirror torproject" # features/step_definitions/build.rb:104 Then it should fail # features/step_definitions/build.rb:131 When I successfully run "apt-mirror debian-security" # features/step_definitions/build.rb:99 Then I should see a time-based snapshot # features/step_definitions/build.rb:151 Scenario: build from the feature/jessie branch without overlays # features/build.feature:335 Given I am working on the feature/jessie base branch # features/step_definitions/build.rb:70 And the config/APT_overlays.d directory is empty # features/step_definitions/build.rb:122 When I successfully run tails-custom-apt-sources # features/step_definitions/build.rb:99 Then I should see only the 'feature-jessie' suite # features/step_definitions/build.rb:113 Scenario: build from the feature/jessie branch with overlays # features/build.feature:341 Given I am working on the feature/jessie base branch # features/step_definitions/build.rb:70 And config/APT_overlays.d contains 'feature-7756-reintroduce-whisperback' # features/step_definitions/build.rb:127 When I successfully run tails-custom-apt-sources # features/step_definitions/build.rb:99 Then I should see the 'feature-jessie' suite # features/step_definitions/build.rb:109 And I should see the 'feature-7756-reintroduce-whisperback' suite # features/step_definitions/build.rb:109 Scenario: build from a feature branch with overlays based on devel # features/build.feature:348 Given I am working on the feature/icedove branch based on devel # features/step_definitions/build.rb:87 And config/APT_overlays.d contains 'feature-icedove' # features/step_definitions/build.rb:127 And config/APT_overlays.d contains 'bugfix-bar' # features/step_definitions/build.rb:127 When I successfully run tails-custom-apt-sources # features/step_definitions/build.rb:99 Then I should see the 'devel' suite # features/step_definitions/build.rb:109 And I should see the 'feature-icedove' suite # features/step_definitions/build.rb:109 And I should see the 'bugfix-bar' suite # features/step_definitions/build.rb:109 Scenario: build from a feature branch without overlays based on devel # features/build.feature:357 Given I am working on the feature/icedove branch based on devel # features/step_definitions/build.rb:87 And the config/APT_overlays.d directory is empty # features/step_definitions/build.rb:122 When I successfully run tails-custom-apt-sources # features/step_definitions/build.rb:99 Then I should see only the 'devel' suite # features/step_definitions/build.rb:113 Scenario: build from a feature branch based on devel with no encoded time-based snapshot # features/build.feature:363 Given I am working on the feature/icedove branch based on devel # features/step_definitions/build.rb:87 And no frozen APT snapshot is encoded in config/APT_snapshots.d # features/step_definitions/build.rb:50 When I successfully run "apt-snapshots-serials prepare-build" # features/step_definitions/build.rb:99 And I successfully run "apt-mirror debian" # features/step_definitions/build.rb:99 Then I should see a time-based snapshot # features/step_definitions/build.rb:151 When I successfully run "apt-mirror torproject" # features/step_definitions/build.rb:99 Then I should see a time-based snapshot # features/step_definitions/build.rb:151 When I successfully run "apt-mirror debian-security" # features/step_definitions/build.rb:99 Then I should see a time-based snapshot # features/step_definitions/build.rb:151 Scenario: build from a feature branch based on devel with encoded time-based snapshots # features/build.feature:374 Given I am working on the feature/icedove branch based on devel # features/step_definitions/build.rb:87 And frozen APT snapshots are encoded in config/APT_snapshots.d # features/step_definitions/build.rb:58 When I successfully run "apt-snapshots-serials prepare-build" # features/step_definitions/build.rb:99 And I run "apt-mirror debian" # features/step_definitions/build.rb:104 Then it should fail # features/step_definitions/build.rb:131 When I run "apt-mirror torproject" # features/step_definitions/build.rb:104 Then it should fail # features/step_definitions/build.rb:131 When I successfully run "apt-mirror debian-security" # features/step_definitions/build.rb:99 Then I should see a time-based snapshot # features/step_definitions/build.rb:151 Scenario: build from a feature branch with overlays based on feature/jessie # features/build.feature:385 Given I am working on the feature/7756-reintroduce-whisperback branch based on feature/jessie # features/step_definitions/build.rb:87 And config/APT_overlays.d contains 'feature-7756-reintroduce-whisperback' # features/step_definitions/build.rb:127 And config/APT_overlays.d contains 'bugfix-bar' # features/step_definitions/build.rb:127 When I successfully run tails-custom-apt-sources # features/step_definitions/build.rb:99 Then I should see the 'feature-jessie' suite # features/step_definitions/build.rb:109 And I should see the 'feature-7756-reintroduce-whisperback' suite # features/step_definitions/build.rb:109 And I should see the 'bugfix-bar' suite # features/step_definitions/build.rb:109 Scenario: build from a feature branch without overlays based on feature/jessie # features/build.feature:394 Given I am working on the feature/icedove branch based on feature/jessie # features/step_definitions/build.rb:87 And the config/APT_overlays.d directory is empty # features/step_definitions/build.rb:122 When I successfully run tails-custom-apt-sources # features/step_definitions/build.rb:99 Then I should see only the 'feature-jessie' suite # features/step_definitions/build.rb:113 Scenario: build from a feature branch based on devel with dots in its name # features/build.feature:400 Given I am working on the feature/live-boot-3.x branch based on devel # features/step_definitions/build.rb:87 And config/APT_overlays.d contains 'feature-live-boot-3.x' # features/step_definitions/build.rb:127 When I successfully run tails-custom-apt-sources # features/step_definitions/build.rb:99 Then I should see the 'devel' suite # features/step_definitions/build.rb:109 And I should see the 'feature-live-boot-3.x' suite # features/step_definitions/build.rb:109 Scenario: build from a branch that has no config/APT_overlays.d directory # features/build.feature:407 Given I am working on the stable base branch # features/step_definitions/build.rb:70 And the config/APT_overlays.d directory does not exist # features/step_definitions/build.rb:139 When I run tails-custom-apt-sources # features/step_definitions/build.rb:104 Then it should fail # features/step_definitions/build.rb:131 Scenario: build from a branch that has no config/base_branch file # features/build.feature:413 Given I am working on the stable base branch # features/step_definitions/build.rb:70 And the config/base_branch file does not exist # features/step_definitions/build.rb:135 When I run tails-custom-apt-sources # features/step_definitions/build.rb:104 Then it should fail # features/step_definitions/build.rb:131 Scenario: build from a branch where config/base_branch is empty # features/build.feature:419 Given I am working on the stable base branch # features/step_definitions/build.rb:70 And the config/base_branch file is empty # features/step_definitions/build.rb:143 When I run tails-custom-apt-sources # features/step_definitions/build.rb:104 Then it should fail # features/step_definitions/build.rb:131 @product Feature: Various checks Scenario: AppArmor is enabled and has enforced profiles # features/checks.feature:4 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' [log] CLICK on (1024,384) call returned: [1, "", ""] calling as root: date -s '@1465817032' call returned: [0, "Mon Jun 13 11:23:52 UTC 2016\n", ""] Given I have started Tails from DVD without network and logged in # features/step_definitions/snapshots.rb:199 calling as root: aa-status call returned: [0, "apparmor module is loaded.\n24 profiles are loaded.\n21 profiles are in enforce mode.\n /usr/bin/evince\n /usr/bin/evince-previewer\n /usr/bin/evince-previewer//sanitized_helper\n /usr/bin/evince-thumbnailer\n /usr/bin/evince-thumbnailer//sanitized_helper\n /usr/bin/evince//sanitized_helper\n /usr/bin/irssi\n /usr/bin/pidgin\n /usr/bin/pidgin//sanitized_helper\n /usr/bin/tor\n /usr/bin/totem\n /usr/bin/totem-audio-preview\n /usr/bin/totem-video-thumbnailer\n /usr/lib/cups/backend/cups-pdf\n /usr/local/lib/tor-browser/firefox\n /usr/sbin/apt-cacher-ng\n /usr/sbin/cupsd\n /usr/sbin/cupsd//third_party\n /usr/sbin/tcpdump\n gst_plugin_scanner\n system_i2p\n3 profiles are in complain mode.\n /usr/sbin/avahi-daemon\n /usr/{sbin/traceroute,bin/traceroute.db}\n /{usr/,}bin/ping\n1 processes have profiles defined.\n1 processes are in enforce mode.\n /usr/sbin/cupsd (2169) \n0 processes are in complain mode.\n0 processes are unconfined but have a profile defined.\n", ""] Then AppArmor is enabled # features/step_definitions/checks.rb:159 calling as root: aa-status --enforced call returned: [0, "21\n", ""] And some AppArmor profiles are enforced # features/step_definitions/checks.rb:163 Scenario: A screenshot is taken when the PRINTSCREEN key is pressed # features/checks.feature:9 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [1, "", ""] calling as root: date -s '@1465817036' call returned: [0, "Mon Jun 13 11:23:56 UTC 2016\n", ""] Given I have started Tails from DVD without network and logged in # features/step_definitions/snapshots.rb:199 calling as root: find '/home/amnesia/Pictures' -name 'Screenshot*.png' -maxdepth 1 call returned: [0, "", ""] And there is no screenshot in the live user's Pictures directory # features/step_definitions/checks.rb:104 [log] TYPE "" When I press the "PRINTSCREEN" key # features/step_definitions/common_steps.rb:682 calling as root: find '/home/amnesia/Pictures' -name 'Screenshot*.png' -maxdepth 1 call returned: [0, "", ""] calling as root: find '/home/amnesia/Pictures' -name 'Screenshot*.png' -maxdepth 1 call returned: [0, "/home/amnesia/Pictures/Screenshot from 2016-06-13 11:23:56.png\n", ""] Then a screenshot is saved to the live user's Pictures directory # features/step_definitions/checks.rb:112 Scenario: VirtualBox guest modules are available # features/checks.feature:15 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [1, "", ""] calling as root: date -s '@1465817042' call returned: [0, "Mon Jun 13 11:24:02 UTC 2016\n", ""] Given I have started Tails from DVD without network and logged in # features/step_definitions/snapshots.rb:199 calling as root: uname -r | grep -qs 'amd64$' call returned: [0, "", ""] When Tails has booted a 64-bit kernel # features/step_definitions/checks.rb:99 calling as root: modinfo vboxguest call returned: [0, "filename: /lib/modules/3.16.0-4-amd64/updates/vboxguest.ko\nversion: 4.3.36_Debian\nlicense: GPL\ndescription: Oracle VM VirtualBox Guest Additions for Linux Module\nauthor: Oracle Corporation\nsrcversion: AD862EFF066EF98EB79BCCE\nalias: pci:v000080EEd0000CAFEsv00000000sd00000000bc*sc*i*\ndepends: \nvermagic: 3.16.0-4-amd64 SMP mod_unload modversions \n", ""] Then the VirtualBox guest modules are available # features/step_definitions/checks.rb:121 Scenario: The shipped Tails OpenPGP keys are up-to-date # features/checks.feature:20 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [1, "", ""] calling as root: date -s '@1465817046' call returned: [0, "Mon Jun 13 11:24:06 UTC 2016\n", ""] Given I have started Tails from DVD without network and logged in # features/step_definitions/snapshots.rb:199 calling as amnesia: gpg --batch --with-colons --fingerprint --list-key call returned: [0, "tru::1:1465815572:0:3:1:5\npub:-:4096:1:C436090F4BB47C6F:2014-07-11:::-:Tails accounting team (schleuder list) ::escaESCA:\nfpr:::::::::256DEB9077880CD681678528C436090F4BB47C6F:\nuid:-::::2014-07-11::860DB6331C0F426D92DAD98F2BA7DA31AB280658::Tails accounting team (schleuder list) :\nuid:-::::2014-07-11::7B211AEF221E8740CE46D12D87A6C17D432003D7::Tails accounting team (schleuder list) :\nsub:-:4096:1:289A5B45A9E89475:2014-07-11::::::esa:\nfpr:::::::::7C0815E885B151F0F7B82273289A5B45A9E89475:\npub:-:4096:1:EC57B56EF0C43132:2013-07-24:2018-07-23::-:Tails bug squad ::scESC:\nfpr:::::::::1F56EDD30741048035DAC1C5EC57B56EF0C43132:\nuid:-::::2014-02-04::3C8AD9F790E35644AAE05A8AF50215E17064C8AF::Tails bug squad (schleuder list) :\nuid:-::::2014-02-04::D6A38EAB24671D5465AF7FBA66EE4604FDAAF742::Tails bug squad (schleuder list) :\nuid:-::::2014-08-12::C7C338FDD8528B045BAE64637C70E204A58FB93B::Tails private user support :\nsub:-:4096:1:9D6D6472AFC1AD77:2013-07-24:2018-07-23:::::e:\nfpr:::::::::0012C2281573FE8D1C24E3509D6D6472AFC1AD77:\npub:-:4096:1:1D2975EDF93E735F:2009-08-14:2016-12-27::-:Tails developers (Schleuder mailing-list) ::scESC:\nfpr:::::::::09F6BC8FEEC9D8EE005DBAA41D2975EDF93E735F:\nuid:-::::2014-12-28::60E13D6723C9457B7304C3C6E5452D7B0D7DEDAD::Tails list (schleuder list) :\nuid:-::::2014-12-28::CA2EF3B42A28EC119780E908046D4B9FCBF99BAB::Tails list (schleuder list) :\nuid:r::::::9933827C0B9BDC6F26DD5C4396AE098A27091851::Amnesia :\nuid:r::::::12DFA836D53698FFABE5061FB3DD3CD796DF26F9::T(A)ILS developers (Schleuder mailing-list) :\nsub:-:4096:1:D843C2F5E89382EB:2009-08-14:2016-12-27:::::e:\nfpr:::::::::C3948FE7B604C6114E294DDFD843C2F5E89382EB:\npub:-:4096:1:D2EDA621B572DD73:2016-04-29:::-:Tails mirror pool managers (schleuder list) ::escaESCA:\nfpr:::::::::0B088E31D4F8E59A3D399137D2EDA621B572DD73:\nuid:-::::2016-04-29::F9D65DB569B07586B0DA61F8DA4C9C8F732AC4AD::Tails mirror pool managers (schleuder list) :\nuid:-::::2016-04-29::C450DB00E0BE9AAB5E58FF748A7A221411EB0FE1::Tails mirror pool managers (schleuder list) :\nsub:-:4096:1:3DCFC1EB1C62C73C:2016-04-29::::::esa:\nfpr:::::::::C3B6EA2B3704474BCF2454C33DCFC1EB1C62C73C:\npub:-:4096:1:457080B5A072CBE3:2014-07-11:::-:Tails press team (schleuder list) ::escaESCA:\nfpr:::::::::F3CD9B7B4BDF9995DA22088E457080B5A072CBE3:\nuid:-::::2014-07-11::A6BDD1625A8F0B65F154829FCEB33D68A6841624::Tails press team (schleuder list) :\nuid:-::::2014-07-11::2BA6F200D94205F82E9F3A809BD2D57B0EA9042F::Tails press team (schleuder list) :\nsub:-:4096:1:5748DE3BC338BFFC:2014-07-11::::::esa:\nfpr:::::::::79600454A497A88CC0D7F8685748DE3BC338BFFC:\npub:-:4096:1:DBB802B258ACD84F:2015-01-18:2017-01-11::-:Tails developers (offline long-term identity key) ::cSC:\nfpr:::::::::A490D0F4D311A4153E2BB7CADBB802B258ACD84F:\nuid:-::::2015-09-27::56CE2B43AA9493872A802884F36253ED9A504FF1::Tails developers :\nsub:-:4096:1:98FEC6BC752A3DB6:2015-01-18:2017-01-11:::::s:\nfpr:::::::::BA2C222F44AC00ED9899389398FEC6BC752A3DB6:\nsub:-:4096:1:3C83DCB52F699C56:2015-01-18:2017-01-11:::::s:\nfpr:::::::::A5091F72C746BA6B163D1C183C83DCB52F699C56:\nsub:r:4096:1:AA9E014656987A65:2015-01-18:2016-01-11:::::s:\nfpr:::::::::C3B6813CD95D79C212F5AA21AA9E014656987A65:\npub:-:4096:1:70F4F03116525F43:2012-08-23:2018-05-16::-:Tails system administrators ::scESC:\nfpr:::::::::D113CB6D5131D34BA5F0FE9E70F4F03116525F43:\nuid:-::::2016-05-16::DA6CF2C472639E55AB464CB7E1F76416FE91069C::Tails system administrators (schleuder list) :\nuid:-::::2016-05-16::0C10D3FD3B1C9750C5C547D5AE15A6B355950802::Tails system administrators (schleuder list) :\nsub:-:4096:1:58BA940CCA0A30B4:2012-08-23:2018-05-16:::::e:\nfpr:::::::::373DA2F425C9D097B95ADAD458BA940CCA0A30B4:\n", ""] calling as amnesia: gpg --batch --list-key 256DEB9077880CD681678528C436090F4BB47C6F call returned: [0, "pub 4096R/0xC436090F4BB47C6F 2014-07-11\n Key fingerprint = 256D EB90 7788 0CD6 8167 8528 C436 090F 4BB4 7C6F\nuid [ unknown] Tails accounting team (schleuder list) \nuid [ unknown] Tails accounting team (schleuder list) \nuid [ unknown] Tails accounting team (schleuder list) \nsub 4096R/0x289A5B45A9E89475 2014-07-11\n\n", ""] calling as amnesia: gpg --batch --list-key 7C0815E885B151F0F7B82273289A5B45A9E89475 call returned: [0, "pub 4096R/0xC436090F4BB47C6F 2014-07-11\n Key fingerprint = 256D EB90 7788 0CD6 8167 8528 C436 090F 4BB4 7C6F\nuid [ unknown] Tails accounting team (schleuder list) \nuid [ unknown] Tails accounting team (schleuder list) \nuid [ unknown] Tails accounting team (schleuder list) \nsub 4096R/0x289A5B45A9E89475 2014-07-11\n\n", ""] calling as amnesia: gpg --batch --list-key 1F56EDD30741048035DAC1C5EC57B56EF0C43132 call returned: [0, "pub 4096R/0xEC57B56EF0C43132 2013-07-24 [expires: 2018-07-23]\n Key fingerprint = 1F56 EDD3 0741 0480 35DA C1C5 EC57 B56E F0C4 3132\nuid [ unknown] Tails bug squad \nuid [ unknown] Tails bug squad (schleuder list) \nuid [ unknown] Tails bug squad (schleuder list) \nuid [ unknown] Tails private user support \nsub 4096R/0x9D6D6472AFC1AD77 2013-07-24 [expires: 2018-07-23]\n\n", ""] calling as amnesia: gpg --batch --list-key 0012C2281573FE8D1C24E3509D6D6472AFC1AD77 call returned: [0, "pub 4096R/0xEC57B56EF0C43132 2013-07-24 [expires: 2018-07-23]\n Key fingerprint = 1F56 EDD3 0741 0480 35DA C1C5 EC57 B56E F0C4 3132\nuid [ unknown] Tails bug squad \nuid [ unknown] Tails bug squad (schleuder list) \nuid [ unknown] Tails bug squad (schleuder list) \nuid [ unknown] Tails private user support \nsub 4096R/0x9D6D6472AFC1AD77 2013-07-24 [expires: 2018-07-23]\n\n", ""] calling as amnesia: gpg --batch --list-key 09F6BC8FEEC9D8EE005DBAA41D2975EDF93E735F call returned: [0, "pub 4096R/0x1D2975EDF93E735F 2009-08-14 [expires: 2016-12-27]\n Key fingerprint = 09F6 BC8F EEC9 D8EE 005D BAA4 1D29 75ED F93E 735F\nuid [ unknown] Tails developers (Schleuder mailing-list) \nuid [ unknown] Tails list (schleuder list) \nuid [ unknown] Tails list (schleuder list) \nsub 4096R/0xD843C2F5E89382EB 2009-08-14 [expires: 2016-12-27]\n\n", ""] calling as amnesia: gpg --batch --list-key C3948FE7B604C6114E294DDFD843C2F5E89382EB call returned: [0, "pub 4096R/0x1D2975EDF93E735F 2009-08-14 [expires: 2016-12-27]\n Key fingerprint = 09F6 BC8F EEC9 D8EE 005D BAA4 1D29 75ED F93E 735F\nuid [ unknown] Tails developers (Schleuder mailing-list) \nuid [ unknown] Tails list (schleuder list) \nuid [ unknown] Tails list (schleuder list) \nsub 4096R/0xD843C2F5E89382EB 2009-08-14 [expires: 2016-12-27]\n\n", ""] calling as amnesia: gpg --batch --list-key 0B088E31D4F8E59A3D399137D2EDA621B572DD73 call returned: [0, "pub 4096R/0xD2EDA621B572DD73 2016-04-29\n Key fingerprint = 0B08 8E31 D4F8 E59A 3D39 9137 D2ED A621 B572 DD73\nuid [ unknown] Tails mirror pool managers (schleuder list) \nuid [ unknown] Tails mirror pool managers (schleuder list) \nuid [ unknown] Tails mirror pool managers (schleuder list) \nsub 4096R/0x3DCFC1EB1C62C73C 2016-04-29\n\n", ""] calling as amnesia: gpg --batch --list-key C3B6EA2B3704474BCF2454C33DCFC1EB1C62C73C call returned: [0, "pub 4096R/0xD2EDA621B572DD73 2016-04-29\n Key fingerprint = 0B08 8E31 D4F8 E59A 3D39 9137 D2ED A621 B572 DD73\nuid [ unknown] Tails mirror pool managers (schleuder list) \nuid [ unknown] Tails mirror pool managers (schleuder list) \nuid [ unknown] Tails mirror pool managers (schleuder list) \nsub 4096R/0x3DCFC1EB1C62C73C 2016-04-29\n\n", ""] calling as amnesia: gpg --batch --list-key F3CD9B7B4BDF9995DA22088E457080B5A072CBE3 call returned: [0, "pub 4096R/0x457080B5A072CBE3 2014-07-11\n Key fingerprint = F3CD 9B7B 4BDF 9995 DA22 088E 4570 80B5 A072 CBE3\nuid [ unknown] Tails press team (schleuder list) \nuid [ unknown] Tails press team (schleuder list) \nuid [ unknown] Tails press team (schleuder list) \nsub 4096R/0x5748DE3BC338BFFC 2014-07-11\n\n", ""] calling as amnesia: gpg --batch --list-key 79600454A497A88CC0D7F8685748DE3BC338BFFC call returned: [0, "pub 4096R/0x457080B5A072CBE3 2014-07-11\n Key fingerprint = F3CD 9B7B 4BDF 9995 DA22 088E 4570 80B5 A072 CBE3\nuid [ unknown] Tails press team (schleuder list) \nuid [ unknown] Tails press team (schleuder list) \nuid [ unknown] Tails press team (schleuder list) \nsub 4096R/0x5748DE3BC338BFFC 2014-07-11\n\n", ""] calling as amnesia: gpg --batch --list-key A490D0F4D311A4153E2BB7CADBB802B258ACD84F call returned: [0, "pub 4096R/0xDBB802B258ACD84F 2015-01-18 [expires: 2017-01-11]\n Key fingerprint = A490 D0F4 D311 A415 3E2B B7CA DBB8 02B2 58AC D84F\nuid [ unknown] Tails developers (offline long-term identity key) \nuid [ unknown] Tails developers \nsub 4096R/0x98FEC6BC752A3DB6 2015-01-18 [expires: 2017-01-11]\nsub 4096R/0x3C83DCB52F699C56 2015-01-18 [expires: 2017-01-11]\n\n", ""] calling as amnesia: gpg --batch --list-key BA2C222F44AC00ED9899389398FEC6BC752A3DB6 call returned: [0, "pub 4096R/0xDBB802B258ACD84F 2015-01-18 [expires: 2017-01-11]\n Key fingerprint = A490 D0F4 D311 A415 3E2B B7CA DBB8 02B2 58AC D84F\nuid [ unknown] Tails developers (offline long-term identity key) \nuid [ unknown] Tails developers \nsub 4096R/0x98FEC6BC752A3DB6 2015-01-18 [expires: 2017-01-11]\nsub 4096R/0x3C83DCB52F699C56 2015-01-18 [expires: 2017-01-11]\n\n", ""] calling as amnesia: gpg --batch --list-key A5091F72C746BA6B163D1C183C83DCB52F699C56 call returned: [0, "pub 4096R/0xDBB802B258ACD84F 2015-01-18 [expires: 2017-01-11]\n Key fingerprint = A490 D0F4 D311 A415 3E2B B7CA DBB8 02B2 58AC D84F\nuid [ unknown] Tails developers (offline long-term identity key) \nuid [ unknown] Tails developers \nsub 4096R/0x98FEC6BC752A3DB6 2015-01-18 [expires: 2017-01-11]\nsub 4096R/0x3C83DCB52F699C56 2015-01-18 [expires: 2017-01-11]\n\n", ""] calling as amnesia: gpg --batch --list-key C3B6813CD95D79C212F5AA21AA9E014656987A65 call returned: [0, "pub 4096R/0xDBB802B258ACD84F 2015-01-18 [expires: 2017-01-11]\n Key fingerprint = A490 D0F4 D311 A415 3E2B B7CA DBB8 02B2 58AC D84F\nuid [ unknown] Tails developers (offline long-term identity key) \nuid [ unknown] Tails developers \nsub 4096R/0x98FEC6BC752A3DB6 2015-01-18 [expires: 2017-01-11]\nsub 4096R/0x3C83DCB52F699C56 2015-01-18 [expires: 2017-01-11]\n\n", ""] calling as amnesia: gpg --batch --list-key D113CB6D5131D34BA5F0FE9E70F4F03116525F43 call returned: [0, "pub 4096R/0x70F4F03116525F43 2012-08-23 [expires: 2018-05-16]\n Key fingerprint = D113 CB6D 5131 D34B A5F0 FE9E 70F4 F031 1652 5F43\nuid [ unknown] Tails system administrators \nuid [ unknown] Tails system administrators (schleuder list) \nuid [ unknown] Tails system administrators (schleuder list) \nsub 4096R/0x58BA940CCA0A30B4 2012-08-23 [expires: 2018-05-16]\n\n", ""] calling as amnesia: gpg --batch --list-key 373DA2F425C9D097B95ADAD458BA940CCA0A30B4 call returned: [0, "pub 4096R/0x70F4F03116525F43 2012-08-23 [expires: 2018-05-16]\n Key fingerprint = D113 CB6D 5131 D34B A5F0 FE9E 70F4 F031 1652 5F43\nuid [ unknown] Tails system administrators \nuid [ unknown] Tails system administrators (schleuder list) \nuid [ unknown] Tails system administrators (schleuder list) \nsub 4096R/0x58BA940CCA0A30B4 2012-08-23 [expires: 2018-05-16]\n\n", ""] Then the OpenPGP keys shipped with Tails will be valid for the next 3 months # features/step_definitions/checks.rb:7 Scenario: The Tails Debian repository key is up-to-date # features/checks.feature:24 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [1, "", ""] calling as root: date -s '@1465817055' call returned: [0, "Mon Jun 13 11:24:15 UTC 2016\n", ""] Given I have started Tails from DVD without network and logged in # features/step_definitions/snapshots.rb:199 calling as root: apt-key adv --batch --list-key 221F9A3C6FA3E09E182E060BC7988EA7A358D82E call returned: [0, "Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --homedir /tmp/tmp.dUwPbmQUyX --no-auto-check-trustdb --trust-model always --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-squeeze-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-squeeze-stable.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-wheezy-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-wheezy-stable.gpg --batch --list-key 221F9A3C6FA3E09E182E060BC7988EA7A358D82E\npub 4096R/A358D82E 2012-02-04 [expires: 2018-01-25]\nuid deb.tails.boum.org archive signing key\n\n", ""] Then the shipped Debian repository key will be valid for the next 3 months # features/step_definitions/checks.rb:20 @doc Scenario: The "Report an Error" launcher will open the support documentation # features/checks.feature:29 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [1, "", ""] calling as root: date -s '@1465817059' call returned: [0, "Mon Jun 13 11:24:19 UTC 2016\n", ""] Given I have started Tails from DVD without network and logged in # features/step_definitions/snapshots.rb:199 And the network is plugged # features/step_definitions/common_steps.rb:159 calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [0, "", ""] calling as root: test -e /var/run/tordate/done call returned: [1, "", ""] calling as root: test -e /var/run/tordate/done call returned: [0, "", ""] calling as root: test -e /var/run/htpdate/success call returned: [1, "", ""] calling as root: test -e /var/run/htpdate/success call returned: [1, "", ""] calling as root: test -e /var/run/htpdate/success call returned: [0, "", ""] calling as root: systemctl is-system-running call returned: [0, "running\n", ""] And Tor is ready # features/step_definitions/common_steps.rb:373 [log] CLICK on (1007,762) [profile] Finder.findAll START [profile] Finder.findAll END: 86ms [log] CLICK on (991,697) [log] CLICK on (990,584) And all notifications have disappeared # features/step_definitions/common_steps.rb:434 [log] CLICK on (51,16) [log] DOUBLE CLICK on (89,174) When I double-click the Report an Error launcher on the desktop # features/step_definitions/checks.rb:38 Then the support documentation page opens in Tor Browser # features/step_definitions/checks.rb:137 Scenario: The live user is setup correctly # features/checks.feature:37 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' [log] CLICK on (1024,384) call returned: [1, "", ""] calling as root: date -s '@1465817107' call returned: [0, "Mon Jun 13 11:25:07 UTC 2016\n", ""] Given I have started Tails from DVD without network and logged in # features/step_definitions/snapshots.rb:199 calling as root: test -e /var/lib/live/config/user-setup call returned: [0, "", ""] calling as root: . /etc/live/config/username.conf; echo $LIVE_USERNAME call returned: [0, "amnesia\n", ""] Then the live user has been setup by live-boot # features/step_definitions/checks.rb:42 calling as root: groups amnesia call returned: [0, "amnesia : amnesia lp dialout cdrom floppy audio video plugdev netdev lpadmin scanner vboxsf\n", ""] And the live user is a member of only its own group and "audio cdrom dialout floppy video plugdev netdev scanner lp lpadmin vboxsf" # features/step_definitions/checks.rb:50 calling as root: test -d /home/amnesia call returned: [0, "", ""] calling as root: stat -c %U:%G /home/amnesia call returned: [0, "amnesia:amnesia\n", ""] calling as root: stat -c %a /home/amnesia call returned: [0, "700\n", ""] And the live user owns its home dir and it has normal permissions # features/step_definitions/checks.rb:61 Scenario: No initial network # features/checks.feature:43 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [1, "", ""] calling as root: date -s '@1465817112' call returned: [0, "Mon Jun 13 11:25:12 UTC 2016\n", ""] Given I have started Tails from DVD without network and logged in # features/step_definitions/snapshots.rb:199 And I wait between 30 and 60 seconds # features/step_definitions/common_steps.rb:851 Slept for 35 seconds Then the Tor Status icon tells me that Tor is not usable # features/step_definitions/checks.rb:249 When the network is plugged # features/step_definitions/common_steps.rb:159 calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [0, "", ""] calling as root: test -e /var/run/tordate/done call returned: [0, "", ""] calling as root: test -e /var/run/htpdate/success call returned: [1, "", ""] calling as root: test -e /var/run/htpdate/success call returned: [1, "", ""] calling as root: test -e /var/run/htpdate/success call returned: [1, "", ""] calling as root: test -e /var/run/htpdate/success call returned: [0, "", ""] calling as root: systemctl is-system-running call returned: [0, "running\n", ""] Then Tor is ready # features/step_definitions/common_steps.rb:373 And the Tor Status icon tells me that Tor is usable # features/step_definitions/checks.rb:249 [log] CLICK on (1007,762) [profile] Finder.findAll START [profile] Finder.findAll END: 64ms [log] CLICK on (991,697) [log] CLICK on (990,584) [log] CLICK on (51,16) And all notifications have disappeared # features/step_definitions/common_steps.rb:434 calling as root: test -e /var/run/tordate/done call returned: [0, "", ""] calling as root: test -e /var/run/htpdate/success call returned: [0, "", ""] And the time has synced # features/step_definitions/common_steps.rb:386 Scenario: The tor process should be confined with Seccomp # features/checks.feature:61 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [1, "", ""] calling as root: date -s '@1465817171' call returned: [0, "Mon Jun 13 11:26:11 UTC 2016\n", ""] Given I have started Tails from DVD without network and logged in # features/step_definitions/snapshots.rb:199 And the network is plugged # features/step_definitions/common_steps.rb:159 calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [0, "", ""] calling as root: test -e /var/run/tordate/done call returned: [0, "", ""] calling as root: test -e /var/run/htpdate/success call returned: [1, "", ""] calling as root: test -e /var/run/htpdate/success call returned: [1, "", ""] calling as root: test -e /var/run/htpdate/success call returned: [0, "", ""] calling as root: systemctl is-system-running call returned: [0, "running\n", ""] And Tor is ready # features/step_definitions/common_steps.rb:373 calling as root: pidof -x -o '%PPID' tor call returned: [0, "3040\n", ""] calling as root: pidof -x -o '%PPID' tor call returned: [0, "3040\n", ""] calling as root: cat /proc/3040/status call returned: [0, "Name:\ttor\nState:\tS (sleeping)\nTgid:\t3040\nNgid:\t0\nPid:\t3040\nPPid:\t1\nTracerPid:\t0\nUid:\t107\t107\t107\t107\nGid:\t116\t116\t116\t116\nFDSize:\t128\nGroups:\t116 \nVmPeak:\t 13912 kB\nVmSize:\t 13912 kB\nVmLck:\t 0 kB\nVmPin:\t 0 kB\nVmHWM:\t 10772 kB\nVmRSS:\t 10772 kB\nVmData:\t 5020 kB\nVmStk:\t 136 kB\nVmExe:\t 2364 kB\nVmLib:\t 6020 kB\nVmPTE:\t 36 kB\nVmSwap:\t 0 kB\nThreads:\t1\nSigQ:\t0/7970\nSigPnd:\t0000000000000000\nShdPnd:\t0000000000000000\nSigBlk:\t0000000000000000\nSigIgn:\t0000000000000000\nSigCgt:\t00000001d1015ecb\nCapInh:\t0000000000000000\nCapPrm:\t0000000000000000\nCapEff:\t0000000000000000\nCapBnd:\t00000000000004cb\nSeccomp:\t2\nCpus_allowed:\t1\nCpus_allowed_list:\t0\nMems_allowed:\t00000000,00000001\nMems_allowed_list:\t0\nvoluntary_ctxt_switches:\t203\nnonvoluntary_ctxt_switches:\t649\n", ""] Then the running process "tor" is confined with Seccomp in filter mode # features/step_definitions/checks.rb:197 Scenario: No unexpected network services # features/checks.feature:67 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [1, "", ""] calling as root: date -s '@1465817192' call returned: [0, "Mon Jun 13 11:26:32 UTC 2016\n", ""] Given I have started Tails from DVD without network and logged in # features/step_definitions/snapshots.rb:199 When the network is plugged # features/step_definitions/common_steps.rb:159 calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [0, "", ""] calling as root: test -e /var/run/tordate/done call returned: [0, "", ""] calling as root: test -e /var/run/htpdate/success call returned: [1, "", ""] calling as root: test -e /var/run/htpdate/success call returned: [1, "", ""] calling as root: test -e /var/run/htpdate/success call returned: [0, "", ""] calling as root: systemctl is-system-running call returned: [0, "running\n", ""] And Tor is ready # features/step_definitions/common_steps.rb:373 calling as root: netstat -ltupn call returned: [0, "Active Internet connections (only servers)\nProto Recv-Q Send-Q Local Address Foreign Address State PID/Program name\ntcp 0 0 127.0.0.1:6136 0.0.0.0:* LISTEN 2081/perl \ntcp 0 0 127.0.0.1:9050 0.0.0.0:* LISTEN 3109/tor \ntcp 0 0 127.0.0.1:9051 0.0.0.0:* LISTEN 3109/tor \ntcp 0 0 127.0.0.1:9052 0.0.0.0:* LISTEN 1330/python \ntcp 0 0 127.0.0.1:9150 0.0.0.0:* LISTEN 3109/tor \ntcp 0 0 127.0.0.1:9061 0.0.0.0:* LISTEN 3109/tor \ntcp 0 0 127.0.0.1:9062 0.0.0.0:* LISTEN 3109/tor \ntcp 0 0 127.0.0.1:9040 0.0.0.0:* LISTEN 3109/tor \ntcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 2169/cupsd \nudp 0 0 0.0.0.0:51956 0.0.0.0:* 2788/dhclient \nudp 0 0 127.0.0.2:53 0.0.0.0:* 3445/ttdnsd \nudp 0 0 0.0.0.0:68 0.0.0.0:* 2788/dhclient \nudp 0 0 127.0.0.1:5353 0.0.0.0:* 3109/tor \nudp6 0 0 :::10854 :::* 2788/dhclient \n", ""] Then no unexpected services are listening for network connections # features/step_definitions/checks.rb:71 Service 'dhclient' is listening on 0.0.0.0:51956 but has an exception Service 'dhclient' is listening on 0.0.0.0:68 but has an exception Scenario: The emergency shutdown applet can shutdown Tails # features/checks.feature:73 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [1, "", ""] calling as root: date -s '@1465817215' call returned: [0, "Mon Jun 13 11:26:55 UTC 2016\n", ""] Given I have started Tails from DVD without network and logged in # features/step_definitions/snapshots.rb:199 [log] CLICK on (987,12) [log] CLICK on (945,146) When I request a shutdown using the emergency shutdown applet # features/step_definitions/common_steps.rb:537 Then Tails eventually shuts down # features/step_definitions/common_steps.rb:519 Scenario: The emergency shutdown applet can reboot Tails # features/checks.feature:78 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [1, "", ""] calling as root: date -s '@1465817245' call returned: [0, "Mon Jun 13 11:27:25 UTC 2016\n", ""] Given I have started Tails from DVD without network and logged in # features/step_definitions/snapshots.rb:199 [log] CLICK on (987,12) When I request a reboot using the emergency shutdown applet # features/step_definitions/common_steps.rb:547 [log] CLICK on (840,146) Then Tails eventually restarts # features/step_definitions/common_steps.rb:527 Scenario: tails-debugging-info does not leak information # features/checks.feature:83 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [1, "", ""] calling as root: date -s '@1465817276' call returned: [0, "Mon Jun 13 11:27:56 UTC 2016\n", ""] Given I have started Tails from DVD without network and logged in # features/step_definitions/snapshots.rb:199 calling as root: echo 'T0P S3Cr1t -- 3yEs oN1y' >> '/secret' call returned: [0, "", ""] calling as root: chmod u=rw,go= /secret call returned: [0, "", ""] calling as root: chown root:root /secret call returned: [0, "", ""] calling as root: cat /usr/local/sbin/tails-debugging-info call returned: [0, "#!/bin/sh\n\ndebug_command() {\n echo\n echo \"===== output of command $@ =====\"\n \"$@\"\n}\n\ndebug_file() {\n local user=\"${1}\"\n shift\n file=\"${1}\"\n [ ! -e \"${file}\" ] && return\n echo\n echo \"===== content of $1 =====\"\n sudo -u \"${user}\" -- cat \"${file}\"\n}\n\ndebug_command /usr/sbin/dmidecode -s system-manufacturer\ndebug_command /usr/sbin/dmidecode -s system-product-name\ndebug_command /usr/sbin/dmidecode -s system-version\ndebug_command \"/bin/lsmod\"\ndebug_command \"/bin/mount\"\ndebug_command \"/usr/bin/lspci\"\ndebug_command /bin/journalctl --catalog --no-pager\n\n# Great attention must be given to the ownership situation of these\n# files and their parent directories in order to avoid a symlink-based\n# attack that could read the contents of any file and make it\n# accessible to the user running this script (typicall the live\n# user). Therefore, when adding a new file, give as the first argument\n# 'root' only if the complete path to it (including the file itself)\n# is owned by root and already exists before the system is connected to\n# the network (that is, before GDM's PostLogin script is run).\n# If not, the following rules must be followed strictly:\n#\n# * only one non-root user is involved in the ownership situation (the\n# file, its dir and the parent dirs). From now on let's assume it is\n# the case and call it $USER.\n#\n# * if any non-root group has write access, it must not have any\n# members.\n#\n# If any of these rules does not apply, the file cannot be added here\n# safely and something is probably quite wrong and should be\n# investigated carefully.\ndebug_file root \"/etc/X11/xorg.conf\"\ndebug_file root \"/proc/asound/cards\"\ndebug_file root \"/proc/asound/devices\"\ndebug_file root \"/proc/asound/modules\"\ndebug_file Debian-gdm \"/var/log/gdm3/tails-greeter.errors\"\ndebug_file root \"/var/log/live-persist\"\ndebug_file root \"/var/log/live/boot.log\"\ndebug_file root \"/var/log/live/config.log\"\ndebug_file root \"/var/lib/gdm3/tails.persistence\"\ndebug_file root \"/var/lib/live/config/tails.physical_security\"\ndebug_file root \"/live/persistence/TailsData_unlocked/persistence.conf\"\ndebug_file root \"/live/persistence/TailsData_unlocked/live-additional-software.conf\"\n", ""] calling as root: rm /var/log/gdm3/tails-greeter.errors call returned: [1, "", "rm: cannot remove \u2018/var/log/gdm3/tails-greeter.errors\u2019: No such file or directory\n"] Then tails-debugging-info is not susceptible to symlink attacks # features/step_definitions/checks.rb:208 Scenario: Tails shuts down on DVD boot medium removal # features/checks.feature:87 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [1, "", ""] calling as root: date -s '@1465817281' call returned: [0, "Mon Jun 13 11:28:01 UTC 2016\n", ""] Given I have started Tails from DVD without network and logged in # features/step_definitions/snapshots.rb:199 calling as root: udevadm info --device-id-of-file=/lib/live/mount/medium call returned: [0, "11:0\n", ""] calling as root: readlink -f /dev/block/'11:0' call returned: [0, "/dev/sr0\n", ""] calling as root: udevadm info --query=property --name='/dev/sr0' call returned: [0, "DEVLINKS=/dev/cdrom /dev/disk/by-id/ata-QEMU_DVD-ROM_QM00003 /dev/disk/by-label/TAILS\\x202.4.1\\x20-\\x2020160613 /dev/disk/by-uuid/2016-06-13-10-26-46-00 /dev/dvd\nDEVNAME=/dev/sr0\nDEVPATH=/devices/pci0000:00/0000:00:01.1/ata2/host1/target1:0:0/1:0:0:0/block/sr0\nDEVTYPE=disk\nID_ATA=1\nID_BUS=ata\nID_CDROM=1\nID_CDROM_DVD=1\nID_CDROM_MEDIA=1\nID_CDROM_MEDIA_DVD=1\nID_CDROM_MEDIA_SESSION_COUNT=1\nID_CDROM_MEDIA_STATE=complete\nID_CDROM_MEDIA_TRACK_COUNT=1\nID_CDROM_MEDIA_TRACK_COUNT_DATA=1\nID_CDROM_MRW=1\nID_CDROM_MRW_W=1\nID_FS_APPLICATION_ID=The\\x20Amnesic\\x20Incognito\\x20Live\\x20System\nID_FS_BOOT_SYSTEM_ID=EL\\x20TORITO\\x20SPECIFICATION\nID_FS_LABEL=TAILS_2.4.1_-_20160613\nID_FS_LABEL_ENC=TAILS\\x202.4.1\\x20-\\x2020160613\nID_FS_PUBLISHER_ID=https:\\x2f\\x2ftails.boum.org\\x2f\nID_FS_SYSTEM_ID=LINUX\nID_FS_TYPE=iso9660\nID_FS_USAGE=filesystem\nID_FS_UUID=2016-06-13-10-26-46-00\nID_FS_UUID_ENC=2016-06-13-10-26-46-00\nID_FS_VERSION=Joliet Extension\nID_MODEL=QEMU_DVD-ROM\nID_MODEL_ENC=QEMU\\x20DVD-ROM\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\nID_PART_TABLE_TYPE=dos\nID_PART_TABLE_UUID=6b8b4567\nID_REVISION=0.15\nID_SERIAL=QEMU_DVD-ROM_QM00003\nID_SERIAL_SHORT=QM00003\nID_TYPE=cd\nMAJOR=11\nMINOR=0\nSUBSYSTEM=block\nTAGS=:seat:systemd:uaccess:\nUSEC_INITIALIZED=86631\n", ""] When I eject the boot medium # features/step_definitions/common_steps.rb:903 Then Tails eventually shuts down # features/step_definitions/common_steps.rb:519 Scenario: The Tails Greeter "disable all networking" option disables networking within Tails # features/checks.feature:99 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [1, "", "eth0: error fetching interface information: Device not found\n"] calling as root: date -s '@1465817307' call returned: [0, "Mon Jun 13 11:28:27 UTC 2016\n", ""] Given I have started Tails from DVD without network and stopped at Tails Greeter's login screen # features/step_definitions/snapshots.rb:199 [log] CLICK on (433,404) [log] CLICK on (643,447) And I enable more Tails Greeter options # features/step_definitions/common_steps.rb:308 [log] CLICK on (512,671) And I disable all networking in the Tails Greeter # features/step_definitions/checks.rb:240 [log] CLICK on (812,712) calling as root: test -e '/etc/sudoers.d/tails-greeter' -o -e '/etc/sudoers.d/tails-greeter-no-password-lecture' call returned: [1, "", ""] calling as root: test -e '/etc/sudoers.d/tails-greeter' -o -e '/etc/sudoers.d/tails-greeter-no-password-lecture' call returned: [0, "", ""] calling as amnesia: gsettings set org.gnome.desktop.session idle-delay 0 call returned: [0, "", ""] calling as amnesia: gsettings set org.gnome.desktop.interface toolkit-accessibility true call returned: [0, "", ""] calling as amnesia: xdotool search --all --onlyvisible --maxdepth 1 --classname 'Florence' call returned: [1, "", ""] And I log in to a new session # features/step_definitions/common_steps.rb:292 calling as root: . /usr/local/lib/tails-shell-library/hardware.sh && get_all_ethernet_nics call returned: [0, "", ""] Then no network interfaces are enabled # features/step_definitions/mac_spoofing.rb:75 @product Feature: Getting a DHCP lease without leaking too much information As a Tails user when I connect to a network with a DHCP server I should be able to connect to the Internet and the hostname should not have been leaked on the network. Background: # features/dhcp.feature:8 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [1, "", ""] calling as root: date -s '@1465817348' call returned: [0, "Mon Jun 13 11:29:08 UTC 2016\n", ""] Given I have started Tails from DVD without network and logged in # features/step_definitions/snapshots.rb:199 And I capture all network traffic # features/step_definitions/common_steps.rb:171 And the network is plugged # features/step_definitions/common_steps.rb:159 calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [0, "", ""] calling as root: test -e /var/run/tordate/done call returned: [1, "", ""] calling as root: test -e /var/run/tordate/done call returned: [0, "", ""] calling as root: test -e /var/run/htpdate/success call returned: [1, "", ""] calling as root: test -e /var/run/htpdate/success call returned: [0, "", ""] calling as root: systemctl is-system-running call returned: [0, "running\n", ""] And Tor is ready # features/step_definitions/common_steps.rb:373 [log] CLICK on (1007,762) [profile] Finder.findAll START [profile] Finder.findAll END: 83ms [log] CLICK on (991,697) [log] CLICK on (990,584) [log] CLICK on (51,16) And all notifications have disappeared # features/step_definitions/common_steps.rb:434 calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [0, "", ""] And available upgrades have been checked # features/step_definitions/common_steps.rb:392 Scenario: Getting a DHCP lease with the default NetworkManager connection # features/dhcp.feature:16 calling as root: hostname call returned: [0, "amnesia\n", ""] Then the hostname should not have been leaked on the network # features/step_definitions/dhcp.rb:1 Scenario: Getting a DHCP lease with a manually configured NetworkManager connection # features/dhcp.feature:19 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [1, "", ""] calling as root: date -s '@1465817404' call returned: [0, "Mon Jun 13 11:30:04 UTC 2016\n", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [0, "", ""] calling as root: test -e /var/run/tordate/done call returned: [0, "", ""] calling as root: test -e /var/run/htpdate/success call returned: [1, "", ""] calling as root: test -e /var/run/htpdate/success call returned: [0, "", ""] calling as root: systemctl is-system-running call returned: [0, "running\n", ""] [log] CLICK on (1007,762) [profile] Finder.findAll START [profile] Finder.findAll END: 79ms [log] CLICK on (991,697) [log] CLICK on (990,584) [log] CLICK on (51,16) calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [0, "", ""] calling as root: echo '[802-3-ethernet]' >> /tmp/NM.manually-added-con call returned: [0, "", ""] calling as root: echo 'duplex=full' >> /tmp/NM.manually-added-con call returned: [0, "", ""] calling as root: echo '' >> /tmp/NM.manually-added-con call returned: [0, "", ""] calling as root: echo '[connection]' >> /tmp/NM.manually-added-con call returned: [0, "", ""] calling as root: echo 'id=manually-added-con' >> /tmp/NM.manually-added-con call returned: [0, "", ""] calling as root: echo 'uuid=bbc60668-1be0-11e4-a9c6-2f1ce0e75bf1' >> /tmp/NM.manually-added-con call returned: [0, "", ""] calling as root: echo 'type=802-3-ethernet' >> /tmp/NM.manually-added-con call returned: [0, "", ""] calling as root: echo 'timestamp=1395406011' >> /tmp/NM.manually-added-con call returned: [0, "", ""] calling as root: echo '' >> /tmp/NM.manually-added-con call returned: [0, "", ""] calling as root: echo '[ipv6]' >> /tmp/NM.manually-added-con call returned: [0, "", ""] calling as root: echo 'method=auto' >> /tmp/NM.manually-added-con call returned: [0, "", ""] calling as root: echo '' >> /tmp/NM.manually-added-con call returned: [0, "", ""] calling as root: echo '[ipv4]' >> /tmp/NM.manually-added-con call returned: [0, "", ""] calling as root: echo 'method=auto' >> /tmp/NM.manually-added-con call returned: [0, "", ""] calling as root: install -m 0600 '/tmp/NM.manually-added-con' '/etc/NetworkManager/system-connections/manually-added-con' call returned: [0, "", ""] calling as root: nmcli connection load '/etc/NetworkManager/system-connections/manually-added-con' call returned: [0, "", ""] calling as root: nmcli --terse --fields NAME connection show call returned: [0, "manually-added-con\nWired connection\n", ""] When I add a wired DHCP NetworkManager connection called "manually-added-con" # features/step_definitions/common_steps.rb:578 calling as root: nmcli connection up id manually-added-con call returned: [0, "Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/1)\n", ""] calling as root: nmcli --terse --fields NAME,STATE connection show call returned: [0, "manually-added-con:activated\nWired connection:--\n", ""] And I switch to the "manually-added-con" NetworkManager connection # features/step_definitions/common_steps.rb:607 calling as root: hostname call returned: [0, "amnesia\n", ""] Then the hostname should not have been leaked on the network # features/step_definitions/dhcp.rb:1 @product @check_tor_leaks Feature: Electrum Bitcoin client As a Tails user I might want to use a Bitcoin client And all Internet traffic should flow only through Tor Scenario: A warning will be displayed if Electrum is not persistent # features/electrum.feature:7 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [1, "", ""] calling as root: date -s '@1465817462' call returned: [0, "Mon Jun 13 11:31:02 UTC 2016\n", ""] Given I have started Tails from DVD without network and logged in # features/step_definitions/snapshots.rb:199 calling as amnesia: mktemp call returned: [0, "/tmp/tmp.0VhdT0kBT6\n", ""] calling as root: rm -f '/tmp/tmp.0VhdT0kBT6' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Applications'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.0VhdT0kBT6' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.0VhdT0kBT6' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.0VhdT0kBT6_20160613-113103_debug ...\nClicking on [label | Applications]\nMouse button 1 click at (47,13)\n", ""] calling as root: rm -f '/tmp/tmp.0VhdT0kBT6' call returned: [0, "", ""] calling as amnesia: mktemp call returned: [0, "/tmp/tmp.0wJAeYMMo7\n", ""] calling as root: rm -f '/tmp/tmp.0wJAeYMMo7' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Internet'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.0wJAeYMMo7' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.0wJAeYMMo7' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.0wJAeYMMo7_20160613-113106_debug ...\nClicking on [label | Internet]\nMouse button 1 click at (59,166)\n", ""] calling as root: rm -f '/tmp/tmp.0wJAeYMMo7' call returned: [0, "", ""] calling as amnesia: mktemp call returned: [0, "/tmp/tmp.XQBU2FviI1\n", ""] calling as root: rm -f '/tmp/tmp.XQBU2FviI1' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Electrum Bitcoin Wallet'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.XQBU2FviI1' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.XQBU2FviI1' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.XQBU2FviI1_20160613-113110_debug ...\nClicking on [label | Electrum Bitcoin Wallet]\nMouse button 1 click at (334,72)\n", ""] calling as root: rm -f '/tmp/tmp.XQBU2FviI1' call returned: [0, "", ""] When I start Electrum through the GNOME menu # features/step_definitions/electrum.rb:1 calling as root: perl -E ' use strict; use warnings FATAL => "all"; use Tails::Persistence::Configuration::Presets; foreach my $preset (Tails::Persistence::Configuration::Presets->new()->all) { say $preset->destination, ":", join(",", @{$preset->options}); }' call returned: [0, "/home/amnesia/Persistent:source=Persistent\n/home/amnesia/.gnupg:source=gnupg\n/home/amnesia/.ssh:source=openssh-client\n/home/amnesia/.purple:source=pidgin\n/home/amnesia/.icedove:source=icedove\n/home/amnesia/.gnome2/keyrings:source=gnome-keyrings\n/etc/NetworkManager/system-connections:source=nm-system-connections\n/home/amnesia/.mozilla/firefox/bookmarks:source=bookmarks\n/etc/cups:source=cups-configuration\n/home/amnesia/.electrum:source=electrum\n/var/cache/apt/archives:source=apt/cache\n/var/lib/apt/lists:source=apt/lists\n/home/amnesia:source=dotfiles,link\n", ""] calling as root: findmnt --noheadings --output SOURCE --target '/home/amnesia/.electrum' call returned: [0, "aufs\n", ""] But persistence for "electrum" is not enabled # features/step_definitions/common_steps.rb:662 Then I see a warning that Electrum is not persistent # features/step_definitions/electrum.rb:39 @product Feature: Encryption and verification using GnuPG As a Tails user I want to be able to easily encrypt and sign messages using GnuPG And decrypt and verify GnuPG blocks Background: # features/encryption.feature:7 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [1, "", ""] calling as root: date -s '@1465817481' call returned: [0, "Mon Jun 13 11:31:21 UTC 2016\n", ""] Given I have started Tails from DVD without network and logged in # features/step_definitions/snapshots.rb:199 calling as amnesia: echo ' Key-Type: RSA' >> /tmp/gpg_key_recipie call returned: [0, "", ""] calling as amnesia: echo ' Key-Length: 4096' >> /tmp/gpg_key_recipie call returned: [0, "", ""] calling as amnesia: echo ' Subkey-Type: RSA' >> /tmp/gpg_key_recipie call returned: [0, "", ""] calling as amnesia: echo ' Subkey-Length: 4096' >> /tmp/gpg_key_recipie call returned: [0, "", ""] calling as amnesia: echo ' Name-Real: test' >> /tmp/gpg_key_recipie call returned: [0, "", ""] calling as amnesia: echo ' Name-Comment: Blah' >> /tmp/gpg_key_recipie call returned: [0, "", ""] calling as amnesia: echo ' Name-Email: test@test.org' >> /tmp/gpg_key_recipie call returned: [0, "", ""] calling as amnesia: echo ' Expire-Date: 0' >> /tmp/gpg_key_recipie call returned: [0, "", ""] calling as amnesia: echo ' Passphrase: asdf' >> /tmp/gpg_key_recipie call returned: [0, "", ""] calling as amnesia: echo ' %commit' >> /tmp/gpg_key_recipie call returned: [0, "", ""] calling as amnesia: gpg --batch --gen-key < /tmp/gpg_key_recipie call returned: [0, "", "+++++\n.+++++\n..............+++++\n..................+++++\ngpg: key 0x6185000F4BDA26A1 marked as ultimately trusted\n"] And I generate an OpenPGP key named "test" with password "asdf" # features/step_definitions/encryption.rb:11 Scenario: Symmetric encryption and decryption using OpenPGP Applet # features/encryption.feature:32 calling as amnesia: mktemp call returned: [0, "/tmp/tmp.iaigDflRZb\n", ""] calling as root: rm -f '/tmp/tmp.iaigDflRZb' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Applications'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.iaigDflRZb' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.iaigDflRZb' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.iaigDflRZb_20160613-113138_debug ...\nClicking on [label | Applications]\nMouse button 1 click at (47,13)\n", ""] calling as root: rm -f '/tmp/tmp.iaigDflRZb' call returned: [0, "", ""] calling as amnesia: mktemp call returned: [0, "/tmp/tmp.TyGp5zEdnZ\n", ""] calling as root: rm -f '/tmp/tmp.TyGp5zEdnZ' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Accessories'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.TyGp5zEdnZ' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.TyGp5zEdnZ' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.TyGp5zEdnZ_20160613-113141_debug ...\nClicking on [label | Accessories]\nMouse button 1 click at (71,101)\n", ""] calling as root: rm -f '/tmp/tmp.TyGp5zEdnZ' call returned: [0, "", ""] calling as amnesia: mktemp call returned: [0, "/tmp/tmp.0YvnEJYr0u\n", ""] calling as root: rm -f '/tmp/tmp.0YvnEJYr0u' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'gedit'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.0YvnEJYr0u' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.0YvnEJYr0u' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.0YvnEJYr0u_20160613-113145_debug ...\nClicking on [label | gedit]\nMouse button 1 click at (274,160)\n", ""] calling as root: rm -f '/tmp/tmp.0YvnEJYr0u' call returned: [0, "", ""] [log] CLICK on (504,71) When I type a message into gedit # features/step_definitions/encryption.rb:34 [log] TYPE "ATTACK AT DAWN" [log] RIGHT CLICK on (568,376) [log] CLICK on (627,587) [log] RIGHT CLICK on (568,376) [log] CLICK on (612,492) [log] CLICK on (691,9) [log] CLICK on (829,24) [log] CLICK on (365,379) [log] TYPE "asdf " [log] CLICK on (365,379) [log] TYPE "asdf " [log] CLICK on (208,71) [log] RIGHT CLICK on (568,376) [log] RIGHT CLICK on (671,397) [log] RIGHT CLICK on (671,397) [log] RIGHT CLICK on (671,397) [log] RIGHT CLICK on (671,397) And I symmetrically encrypt the message with password "asdf" # features/step_definitions/encryption.rb:126 try_for() timeout expired Last ignored exception was: FindFailed: can not find GeditPaste.png on the screen. (Timeout::Error) ./features/support/helpers/misc_helpers.rb:83:in `rescue in try_for' ./features/support/helpers/misc_helpers.rb:33:in `try_for' ./features/step_definitions/common_steps.rb:30:in `context_menu_helper' ./features/step_definitions/encryption.rb:65:in `gedit_paste_into_a_new_tab' ./features/step_definitions/encryption.rb:132:in `/^I symmetrically encrypt the message with password "([^"]+)"$/' features/encryption.feature:34:in `And I symmetrically encrypt the message with password "asdf"' Then I can decrypt the encrypted message # features/step_definitions/encryption.rb:94 Scenario failed at time 01:02:05 Screenshot: https://jenkins.tails.boum.org/job/test_Tails_ISO_test-11394-symmetric-encryption-with-openpgp-aplet-is-fragile/27/artifact/build-artifacts/01:02:05_Symmetric_encryption_and_decryption_using_OpenPGP_Applet.png Video: https://jenkins.tails.boum.org/job/test_Tails_ISO_test-11394-symmetric-encryption-with-openpgp-aplet-is-fragile/27/artifact/build-artifacts/01:02:05_Symmetric_encryption_and_decryption_using_OpenPGP_Applet.mkv @product Feature: Using Evince As a Tails user I want to view and print PDF files in Evince And AppArmor should prevent Evince from doing dangerous things Scenario: I cannot view a PDF file stored in non-persistent /home/amnesia/.gnupg # features/evince.feature:24 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [1, "", ""] calling as root: date -s '@1465817612' call returned: [0, "Mon Jun 13 11:33:32 UTC 2016\n", ""] Given I have started Tails from DVD without network and logged in # features/step_definitions/snapshots.rb:199 calling as amnesia: cp "/usr/share/cups/data/default-testpage.pdf" "/home/amnesia/.gnupg" call returned: [0, "", ""] And I copy "/usr/share/cups/data/default-testpage.pdf" to "/home/amnesia/.gnupg" as user "amnesia" # features/step_definitions/common_steps.rb:650 calling as root: test -e '/home/amnesia/.gnupg/default-testpage.pdf' call returned: [0, "", ""] Then the file "/home/amnesia/.gnupg/default-testpage.pdf" exists # features/step_definitions/common_steps.rb:628 calling as root: test -e '/lib/live/mount/overlay/home/amnesia/.gnupg/default-testpage.pdf' call returned: [0, "", ""] And the file "/lib/live/mount/overlay/home/amnesia/.gnupg/default-testpage.pdf" exists # features/step_definitions/common_steps.rb:628 calling as root: test -e '/live/overlay/home/amnesia/.gnupg/default-testpage.pdf' call returned: [0, "", ""] And the file "/live/overlay/home/amnesia/.gnupg/default-testpage.pdf" exists # features/step_definitions/common_steps.rb:628 calling as root: sysctl -w kernel.printk_ratelimit=0 call returned: [0, "kernel.printk_ratelimit = 0\n", ""] calling as root: date +"%Y-%m-%d %H:%M:%S" call returned: [0, "2016-06-13 11:33:34\n", ""] Given I start monitoring the AppArmor log of "/usr/bin/evince" # features/step_definitions/common_steps.rb:861 calling as root: pidof -x -o '%PPID' gnome-terminal-server call returned: [1, "", ""] calling as amnesia: mktemp call returned: [0, "/tmp/tmp.j34rh4QvvY\n", ""] calling as root: rm -f '/tmp/tmp.j34rh4QvvY' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Applications'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.j34rh4QvvY' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.j34rh4QvvY' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.j34rh4QvvY_20160613-113335_debug ...\nClicking on [label | Applications]\nMouse button 1 click at (47,13)\n", ""] calling as root: rm -f '/tmp/tmp.j34rh4QvvY' call returned: [0, "", ""] calling as amnesia: mktemp call returned: [0, "/tmp/tmp.rOxqBGQPE8\n", ""] calling as root: rm -f '/tmp/tmp.rOxqBGQPE8' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Utilities'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.rOxqBGQPE8' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.rOxqBGQPE8' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.rOxqBGQPE8_20160613-113338_debug ...\nClicking on [label | Utilities]\nMouse button 1 click at (58,430)\n", ""] calling as root: rm -f '/tmp/tmp.rOxqBGQPE8' call returned: [0, "", ""] calling as amnesia: mktemp call returned: [0, "/tmp/tmp.wF1SLtGjIg\n", ""] calling as root: rm -f '/tmp/tmp.wF1SLtGjIg' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Terminal'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.wF1SLtGjIg' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.wF1SLtGjIg' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.wF1SLtGjIg_20160613-113342_debug ...\nClicking on [label | Terminal]\nMouse button 1 click at (286,468)\n", ""] calling as root: rm -f '/tmp/tmp.wF1SLtGjIg' call returned: [0, "", ""] [log] TYPE "evince /home/amnesia/.gnupg/default-testpage.pdf " When I try to open "/home/amnesia/.gnupg/default-testpage.pdf" with Evince # features/step_definitions/evince.rb:1 Then I see "EvinceUnableToOpen.png" after at most 10 seconds # features/step_definitions/common_steps.rb:459 calling as root: journalctl --full --no-pager --since='2016-06-13 11:33:34' SYSLOG_IDENTIFIER=kernel | grep -w 'apparmor="DENIED" operation="open" profile="/usr/bin/evince" name="/home/amnesia/.gnupg/default-testpage.pdf"' call returned: [0, "Jun 13 11:33:51 amnesia kernel: audit: type=1400 audit(1465817631.816:26): apparmor=\"DENIED\" operation=\"open\" profile=\"/usr/bin/evince\" name=\"/home/amnesia/.gnupg/default-testpage.pdf\" pid=3298 comm=\"EvJobScheduler\" requested_mask=\"r\" denied_mask=\"r\" fsuid=1000 ouid=1000\nJun 13 11:33:51 amnesia kernel: audit: type=1400 audit(1465817631.816:27): apparmor=\"DENIED\" operation=\"open\" profile=\"/usr/bin/evince\" name=\"/home/amnesia/.gnupg/default-testpage.pdf\" pid=3298 comm=\"EvJobScheduler\" requested_mask=\"r\" denied_mask=\"r\" fsuid=1000 ouid=1000\n", ""] And AppArmor has denied "/usr/bin/evince" from opening "/home/amnesia/.gnupg/default-testpage.pdf" # features/step_definitions/common_steps.rb:873 [log] Ctrl+TYPE "w" calling as root: pidof -x -o '%PPID' evince call returned: [1, "", ""] When I close Evince # features/step_definitions/evince.rb:22 calling as root: sysctl -w kernel.printk_ratelimit=0 call returned: [0, "kernel.printk_ratelimit = 0\n", ""] calling as root: date +"%Y-%m-%d %H:%M:%S" call returned: [0, "2016-06-13 11:33:54\n", ""] Given I restart monitoring the AppArmor log of "/usr/bin/evince" # features/step_definitions/common_steps.rb:861 calling as root: pidof -x -o '%PPID' gnome-terminal-server call returned: [0, "3228\n", ""] [log] CLICK on (226,173) [log] TYPE "evince /lib/live/mount/overlay/home/amnesia/.gnupg/default-testpage.pdf " When I try to open "/lib/live/mount/overlay/home/amnesia/.gnupg/default-testpage.pdf" with Evince # features/step_definitions/evince.rb:1 Then I see "EvinceUnableToOpen.png" after at most 10 seconds # features/step_definitions/common_steps.rb:459 calling as root: journalctl --full --no-pager --since='2016-06-13 11:33:54' SYSLOG_IDENTIFIER=kernel | grep -w 'apparmor="DENIED" operation="open" profile="/usr/bin/evince" name="/lib/live/mount/overlay/home/amnesia/.gnupg/default-testpage.pdf"' call returned: [0, "Jun 13 11:33:59 amnesia kernel: audit: type=1400 audit(1465817639.384:28): apparmor=\"DENIED\" operation=\"open\" profile=\"/usr/bin/evince\" name=\"/lib/live/mount/overlay/home/amnesia/.gnupg/default-testpage.pdf\" pid=3454 comm=\"EvJobScheduler\" requested_mask=\"r\" denied_mask=\"r\" fsuid=1000 ouid=1000\nJun 13 11:33:59 amnesia kernel: audit: type=1400 audit(1465817639.384:29): apparmor=\"DENIED\" operation=\"open\" profile=\"/usr/bin/evince\" name=\"/lib/live/mount/overlay/home/amnesia/.gnupg/default-testpage.pdf\" pid=3454 comm=\"EvJobScheduler\" requested_mask=\"r\" denied_mask=\"r\" fsuid=1000 ouid=1000\n", ""] And AppArmor has denied "/usr/bin/evince" from opening "/lib/live/mount/overlay/home/amnesia/.gnupg/default-testpage.pdf" # features/step_definitions/common_steps.rb:873 [log] Ctrl+TYPE "w" calling as root: pidof -x -o '%PPID' evince call returned: [0, "3442\n", ""] calling as root: pidof -x -o '%PPID' evince call returned: [1, "", ""] When I close Evince # features/step_definitions/evince.rb:22 calling as root: sysctl -w kernel.printk_ratelimit=0 call returned: [0, "kernel.printk_ratelimit = 0\n", ""] calling as root: date +"%Y-%m-%d %H:%M:%S" call returned: [0, "2016-06-13 11:34:03\n", ""] Given I restart monitoring the AppArmor log of "/usr/bin/evince" # features/step_definitions/common_steps.rb:861 calling as root: pidof -x -o '%PPID' gnome-terminal-server call returned: [0, "3228\n", ""] [log] CLICK on (226,173) [log] TYPE "evince /live/overlay/home/amnesia/.gnupg/default-testpage.pdf " When I try to open "/live/overlay/home/amnesia/.gnupg/default-testpage.pdf" with Evince # features/step_definitions/evince.rb:1 Then I see "EvinceUnableToOpen.png" after at most 10 seconds # features/step_definitions/common_steps.rb:459 calling as root: journalctl --full --no-pager --since='2016-06-13 11:34:03' SYSLOG_IDENTIFIER=kernel | grep -w 'apparmor="DENIED" operation="open" profile="/usr/bin/evince" name="/lib/live/mount/overlay/home/amnesia/.gnupg/default-testpage.pdf"' call returned: [0, "Jun 13 11:34:07 amnesia kernel: audit: type=1400 audit(1465817647.344:30): apparmor=\"DENIED\" operation=\"open\" profile=\"/usr/bin/evince\" name=\"/lib/live/mount/overlay/home/amnesia/.gnupg/default-testpage.pdf\" pid=3631 comm=\"EvJobScheduler\" requested_mask=\"r\" denied_mask=\"r\" fsuid=1000 ouid=1000\nJun 13 11:34:07 amnesia kernel: audit: type=1400 audit(1465817647.344:31): apparmor=\"DENIED\" operation=\"open\" profile=\"/usr/bin/evince\" name=\"/lib/live/mount/overlay/home/amnesia/.gnupg/default-testpage.pdf\" pid=3631 comm=\"EvJobScheduler\" requested_mask=\"r\" denied_mask=\"r\" fsuid=1000 ouid=1000\n", ""] And AppArmor has denied "/usr/bin/evince" from opening "/lib/live/mount/overlay/home/amnesia/.gnupg/default-testpage.pdf" # features/step_definitions/common_steps.rb:873 @product Feature: Localization As a Tails user I want Tails to be localized in my native language And various Tails features should still work @doc Scenario: The Report an Error launcher will open the support documentation in supported non-English locales # features/localization.feature:8 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [1, "", "eth0: error fetching interface information: Device not found\n"] calling as root: date -s '@1465817652' call returned: [0, "Mon Jun 13 11:34:12 UTC 2016\n", ""] Given I have started Tails from DVD without network and stopped at Tails Greeter's login screen # features/step_definitions/snapshots.rb:199 And the network is plugged # features/step_definitions/common_steps.rb:159 [log] CLICK on (310,753) [log] CLICK on (292,704) [log] CLICK on (639,447) calling as root: test -e '/etc/sudoers.d/tails-greeter' -o -e '/etc/sudoers.d/tails-greeter-no-password-lecture' call returned: [1, "", ""] calling as root: test -e '/etc/sudoers.d/tails-greeter' -o -e '/etc/sudoers.d/tails-greeter-no-password-lecture' call returned: [0, "", ""] calling as amnesia: gsettings set org.gnome.desktop.session idle-delay 0 call returned: [0, "", ""] calling as amnesia: gsettings set org.gnome.desktop.interface toolkit-accessibility true call returned: [0, "", ""] calling as amnesia: xdotool search --all --onlyvisible --maxdepth 1 --classname 'Florence' call returned: [1, "", ""] And I log in to a new session in German # features/step_definitions/common_steps.rb:292 calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [0, "", ""] calling as root: test -e /var/run/tordate/done call returned: [0, "", ""] calling as root: test -e /var/run/htpdate/success call returned: [0, "", ""] calling as root: systemctl is-system-running call returned: [0, "running\n", ""] And Tor is ready # features/step_definitions/common_steps.rb:373 [log] DOUBLE CLICK on (89,174) When I double-click the Report an Error launcher on the desktop # features/step_definitions/checks.rb:38 Then the support documentation page opens in Tor Browser # features/step_definitions/checks.rb:137 Scenario: The Unsafe Browser can be used in all languages supported in Tails # features/localization.feature:16 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [1, "", ""] calling as root: date -s '@1465817716' call returned: [0, "Mon Jun 13 11:35:16 UTC 2016\n", ""] Checkpoint: I have started Tails from DVD and logged in and the network is connected Given I have started Tails from DVD without network and logged in And the network is plugged calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [0, "", ""] calling as root: test -e /var/run/tordate/done call returned: [0, "", ""] calling as root: test -e /var/run/htpdate/success call returned: [1, "", ""] calling as root: test -e /var/run/htpdate/success call returned: [1, "", ""] calling as root: test -e /var/run/htpdate/success call returned: [0, "", ""] calling as root: systemctl is-system-running call returned: [0, "running\n", ""] And Tor is ready [log] CLICK on (1007,762) [profile] Finder.findAll START [profile] Finder.findAll END: 90ms [log] CLICK on (991,697) [log] CLICK on (990,584) [log] CLICK on (51,16) And all notifications have disappeared calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [1, "", ""] calling as root: test -e '/var/run/tails-upgrader/checked_upgrades' call returned: [0, "", ""] And available upgrades have been checked Given I have started Tails from DVD and logged in and the network is connected # features/step_definitions/snapshots.rb:199 calling as root: test -d '/usr/lib/locale/ar_EG.utf8' call returned: [0, "", ""] calling as root: test -d '/usr/lib/locale/de_DE.utf8' call returned: [0, "", ""] calling as root: test -d '/usr/lib/locale/es_ES_ES.utf8' call returned: [1, "", ""] calling as root: test -d '/usr/lib/locale/es_ES.utf8' call returned: [0, "", ""] calling as root: test -d '/usr/lib/locale/en_US_US.utf8' call returned: [1, "", ""] calling as root: test -d '/usr/lib/locale/en_US.utf8' call returned: [0, "", ""] calling as root: test -d '/usr/lib/locale/fa_IR.utf8' call returned: [1, "", ""] calling as root: test -d '/usr/lib/locale/fa.utf8' call returned: [1, "", ""] calling as root: test -d '/usr/lib/locale/fa_IR' call returned: [0, "", ""] calling as root: test -d '/usr/lib/locale/fr_FR.utf8' call returned: [0, "", ""] calling as root: test -d '/usr/lib/locale/it_IT.utf8' call returned: [0, "", ""] calling as root: test -d '/usr/lib/locale/ja_JP.utf8' call returned: [0, "", ""] calling as root: test -d '/usr/lib/locale/ko_KR.utf8' call returned: [0, "", ""] calling as root: test -d '/usr/lib/locale/nl_NL.utf8' call returned: [0, "", ""] calling as root: test -d '/usr/lib/locale/pl_PL.utf8' call returned: [0, "", ""] calling as root: test -d '/usr/lib/locale/pt_PT_PT.utf8' call returned: [1, "", ""] calling as root: test -d '/usr/lib/locale/pt_PT.utf8' call returned: [0, "", ""] calling as root: test -d '/usr/lib/locale/ru_RU.utf8' call returned: [0, "", ""] calling as root: test -d '/usr/lib/locale/tr_TR.utf8' call returned: [0, "", ""] calling as root: test -d '/usr/lib/locale/vi_VN.utf8' call returned: [1, "", ""] calling as root: test -d '/usr/lib/locale/vi.utf8' call returned: [1, "", ""] calling as root: test -d '/usr/lib/locale/vi_VN' call returned: [0, "", ""] calling as root: test -d '/usr/lib/locale/zh_CN_CN.utf8' call returned: [1, "", ""] calling as root: test -d '/usr/lib/locale/zh_CN.utf8' call returned: [0, "", ""] calling as root: pidof -x -o '%PPID' gnome-terminal-server call returned: [1, "", ""] calling as amnesia: mktemp call returned: [0, "/tmp/tmp.NVJJO7AJ6i\n", ""] calling as root: rm -f '/tmp/tmp.NVJJO7AJ6i' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Applications'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.NVJJO7AJ6i' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.NVJJO7AJ6i' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.NVJJO7AJ6i_20160613-113617_debug ...\nClicking on [label | Applications]\nMouse button 1 click at (47,13)\n", ""] calling as root: rm -f '/tmp/tmp.NVJJO7AJ6i' call returned: [0, "", ""] calling as amnesia: mktemp call returned: [0, "/tmp/tmp.U0EKZaMzsE\n", ""] calling as root: rm -f '/tmp/tmp.U0EKZaMzsE' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Utilities'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.U0EKZaMzsE' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.U0EKZaMzsE' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.U0EKZaMzsE_20160613-113620_debug ...\nClicking on [label | Utilities]\nMouse button 1 click at (58,430)\n", ""] calling as root: rm -f '/tmp/tmp.U0EKZaMzsE' call returned: [0, "", ""] calling as amnesia: mktemp call returned: [0, "/tmp/tmp.Wsr7nwLEMQ\n", ""] calling as root: rm -f '/tmp/tmp.Wsr7nwLEMQ' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Terminal'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.Wsr7nwLEMQ' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.Wsr7nwLEMQ' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.Wsr7nwLEMQ_20160613-113624_debug ...\nClicking on [label | Terminal]\nMouse button 1 click at (286,468)\n", ""] calling as root: rm -f '/tmp/tmp.Wsr7nwLEMQ' call returned: [0, "", ""] [log] TYPE "LANG=ar_EG.utf8 LC_ALL=ar_EG.utf8 sudo unsafe-browser " [log] TYPE " " [log] Ctrl+TYPE "q" calling as root: . /usr/local/lib/tails-shell-library/tor-browser.sh && echo ${TBB_INSTALL}/firefox call returned: [0, "/usr/local/lib/tor-browser/firefox\n", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [1, "", ""] calling as root: pidof -x -o '%PPID' gnome-terminal-server call returned: [0, "4840\n", ""] [log] CLICK on (226,587) [log] TYPE "LANG=de_DE.utf8 LC_ALL=de_DE.utf8 sudo unsafe-browser " [log] TYPE " " [log] Ctrl+TYPE "q" calling as root: . /usr/local/lib/tails-shell-library/tor-browser.sh && echo ${TBB_INSTALL}/firefox call returned: [0, "/usr/local/lib/tor-browser/firefox\n", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [1, "", ""] calling as root: pidof -x -o '%PPID' gnome-terminal-server call returned: [0, "4840\n", ""] [log] CLICK on (226,587) [log] TYPE "LANG=es_ES.utf8 LC_ALL=es_ES.utf8 sudo unsafe-browser " [log] TYPE " " [log] Ctrl+TYPE "q" calling as root: . /usr/local/lib/tails-shell-library/tor-browser.sh && echo ${TBB_INSTALL}/firefox call returned: [0, "/usr/local/lib/tor-browser/firefox\n", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [1, "", ""] calling as root: pidof -x -o '%PPID' gnome-terminal-server call returned: [0, "4840\n", ""] [log] CLICK on (226,587) [log] TYPE "LANG=en_US.utf8 LC_ALL=en_US.utf8 sudo unsafe-browser " [log] TYPE " " [log] Ctrl+TYPE "q" calling as root: . /usr/local/lib/tails-shell-library/tor-browser.sh && echo ${TBB_INSTALL}/firefox call returned: [0, "/usr/local/lib/tor-browser/firefox\n", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [1, "", ""] calling as root: pidof -x -o '%PPID' gnome-terminal-server call returned: [0, "4840\n", ""] [log] CLICK on (226,587) [log] TYPE "LANG=fa_IR LC_ALL=fa_IR sudo unsafe-browser " [log] TYPE " " [log] Ctrl+TYPE "q" calling as root: . /usr/local/lib/tails-shell-library/tor-browser.sh && echo ${TBB_INSTALL}/firefox call returned: [0, "/usr/local/lib/tor-browser/firefox\n", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [1, "", ""] calling as root: pidof -x -o '%PPID' gnome-terminal-server call returned: [0, "4840\n", ""] [log] CLICK on (226,587) [log] TYPE "LANG=fr_FR.utf8 LC_ALL=fr_FR.utf8 sudo unsafe-browser " [log] TYPE " " [log] Ctrl+TYPE "q" calling as root: . /usr/local/lib/tails-shell-library/tor-browser.sh && echo ${TBB_INSTALL}/firefox call returned: [0, "/usr/local/lib/tor-browser/firefox\n", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [1, "", ""] calling as root: pidof -x -o '%PPID' gnome-terminal-server call returned: [0, "4840\n", ""] [log] CLICK on (226,587) [log] TYPE "LANG=it_IT.utf8 LC_ALL=it_IT.utf8 sudo unsafe-browser " [log] TYPE " " [log] Ctrl+TYPE "q" calling as root: . /usr/local/lib/tails-shell-library/tor-browser.sh && echo ${TBB_INSTALL}/firefox call returned: [0, "/usr/local/lib/tor-browser/firefox\n", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [1, "", ""] calling as root: pidof -x -o '%PPID' gnome-terminal-server call returned: [0, "4840\n", ""] [log] CLICK on (226,587) [log] TYPE "LANG=ja_JP.utf8 LC_ALL=ja_JP.utf8 sudo unsafe-browser " [log] TYPE " " [log] Ctrl+TYPE "q" calling as root: . /usr/local/lib/tails-shell-library/tor-browser.sh && echo ${TBB_INSTALL}/firefox call returned: [0, "/usr/local/lib/tor-browser/firefox\n", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [1, "", ""] calling as root: pidof -x -o '%PPID' gnome-terminal-server call returned: [0, "4840\n", ""] [log] CLICK on (226,587) [log] TYPE "LANG=ko_KR.utf8 LC_ALL=ko_KR.utf8 sudo unsafe-browser " [log] TYPE " " [log] Ctrl+TYPE "q" calling as root: . /usr/local/lib/tails-shell-library/tor-browser.sh && echo ${TBB_INSTALL}/firefox call returned: [0, "/usr/local/lib/tor-browser/firefox\n", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [1, "", ""] calling as root: pidof -x -o '%PPID' gnome-terminal-server call returned: [0, "4840\n", ""] [log] CLICK on (226,587) [log] TYPE "LANG=nl_NL.utf8 LC_ALL=nl_NL.utf8 sudo unsafe-browser " [log] TYPE " " [log] Ctrl+TYPE "q" calling as root: . /usr/local/lib/tails-shell-library/tor-browser.sh && echo ${TBB_INSTALL}/firefox call returned: [0, "/usr/local/lib/tor-browser/firefox\n", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [1, "", ""] calling as root: pidof -x -o '%PPID' gnome-terminal-server call returned: [0, "4840\n", ""] [log] CLICK on (226,587) [log] TYPE "LANG=pl_PL.utf8 LC_ALL=pl_PL.utf8 sudo unsafe-browser " [log] TYPE " " [log] Ctrl+TYPE "q" calling as root: . /usr/local/lib/tails-shell-library/tor-browser.sh && echo ${TBB_INSTALL}/firefox call returned: [0, "/usr/local/lib/tor-browser/firefox\n", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [1, "", ""] calling as root: pidof -x -o '%PPID' gnome-terminal-server call returned: [0, "4840\n", ""] [log] CLICK on (226,587) [log] TYPE "LANG=pt_PT.utf8 LC_ALL=pt_PT.utf8 sudo unsafe-browser " [log] TYPE " " [log] Ctrl+TYPE "q" calling as root: . /usr/local/lib/tails-shell-library/tor-browser.sh && echo ${TBB_INSTALL}/firefox call returned: [0, "/usr/local/lib/tor-browser/firefox\n", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [1, "", ""] calling as root: pidof -x -o '%PPID' gnome-terminal-server call returned: [0, "4840\n", ""] [log] CLICK on (226,587) [log] TYPE "LANG=ru_RU.utf8 LC_ALL=ru_RU.utf8 sudo unsafe-browser " [log] TYPE " " [log] Ctrl+TYPE "q" calling as root: . /usr/local/lib/tails-shell-library/tor-browser.sh && echo ${TBB_INSTALL}/firefox call returned: [0, "/usr/local/lib/tor-browser/firefox\n", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [1, "", ""] calling as root: pidof -x -o '%PPID' gnome-terminal-server call returned: [0, "4840\n", ""] [log] CLICK on (226,587) [log] TYPE "LANG=tr_TR.utf8 LC_ALL=tr_TR.utf8 sudo unsafe-browser " [log] TYPE " " calling as root: . /usr/local/lib/tails-shell-library/tor-browser.sh && echo ${TBB_INSTALL}/firefox [log] Ctrl+TYPE "q" call returned: [0, "/usr/local/lib/tor-browser/firefox\n", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [1, "", ""] calling as root: pidof -x -o '%PPID' gnome-terminal-server call returned: [0, "4840\n", ""] [log] CLICK on (226,587) [log] TYPE "LANG=vi_VN LC_ALL=vi_VN sudo unsafe-browser " [log] TYPE " " [log] Ctrl+TYPE "q" calling as root: . /usr/local/lib/tails-shell-library/tor-browser.sh && echo ${TBB_INSTALL}/firefox call returned: [0, "/usr/local/lib/tor-browser/firefox\n", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [1, "", ""] calling as root: pidof -x -o '%PPID' gnome-terminal-server call returned: [0, "4840\n", ""] [log] CLICK on (226,587) [log] TYPE "LANG=zh_CN.utf8 LC_ALL=zh_CN.utf8 sudo unsafe-browser " [log] TYPE " " [log] Ctrl+TYPE "q" calling as root: . /usr/local/lib/tails-shell-library/tor-browser.sh && echo ${TBB_INSTALL}/firefox call returned: [0, "/usr/local/lib/tor-browser/firefox\n", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [0, "", ""] calling as root: test -d '/var/lib/unsafe-browser/chroot' call returned: [1, "", ""] Then the Unsafe Browser works in all supported languages # features/step_definitions/unsafe_browser.rb:30 @product Feature: Spoofing MAC addresses In order to not reveal information about the physical location As a Tails user I want to be able to control whether my network devices MAC addresses should be spoofed And I want this feature to fail safe and notify me in case of errors Background: # features/mac_spoofing.feature:8 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [1, "", "eth0: error fetching interface information: Device not found\n"] calling as root: date -s '@1465818092' call returned: [0, "Mon Jun 13 11:41:32 UTC 2016\n", ""] Given I have started Tails from DVD without network and stopped at Tails Greeter's login screen # features/step_definitions/snapshots.rb:199 And I capture all network traffic # features/step_definitions/common_steps.rb:171 And the network is plugged # features/step_definitions/common_steps.rb:159 Scenario: MAC address spoofing is disabled # features/mac_spoofing.feature:13 [log] CLICK on (433,404) [log] CLICK on (643,447) When I enable more Tails Greeter options # features/step_definitions/common_steps.rb:308 [log] CLICK on (511,441) And I disable MAC spoofing in Tails Greeter # features/step_definitions/mac_spoofing.rb:7 [log] CLICK on (812,712) calling as root: test -e '/etc/sudoers.d/tails-greeter' -o -e '/etc/sudoers.d/tails-greeter-no-password-lecture' call returned: [1, "", ""] calling as root: test -e '/etc/sudoers.d/tails-greeter' -o -e '/etc/sudoers.d/tails-greeter-no-password-lecture' call returned: [0, "", ""] calling as amnesia: gsettings set org.gnome.desktop.session idle-delay 0 call returned: [0, "", ""] calling as amnesia: gsettings set org.gnome.desktop.interface toolkit-accessibility true call returned: [0, "", ""] calling as amnesia: xdotool search --all --onlyvisible --maxdepth 1 --classname 'Florence' call returned: [1, "", ""] And I log in to a new session # features/step_definitions/common_steps.rb:292 calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [0, "", ""] calling as root: test -e /var/run/tordate/done call returned: [0, "", ""] calling as root: test -e /var/run/htpdate/success call returned: [0, "", ""] calling as root: systemctl is-system-running call returned: [0, "running\n", ""] And Tor is ready # features/step_definitions/common_steps.rb:373 calling as root: . /usr/local/lib/tails-shell-library/hardware.sh && get_all_ethernet_nics call returned: [0, "eth0\n", ""] Then 1 network interface is enabled # features/step_definitions/mac_spoofing.rb:75 calling as root: . /usr/local/lib/tails-shell-library/hardware.sh && get_all_ethernet_nics call returned: [0, "eth0\n", ""] calling as root: . /usr/local/lib/tails-shell-library/hardware.sh && get_all_ethernet_nics call returned: [0, "eth0\n", ""] calling as root: . /usr/local/lib/tails-shell-library/hardware.sh && get_current_mac_of_nic eth0 call returned: [0, "52:54:00:ac:dd:ee\n", ""] And the network device has its default MAC address configured # features/step_definitions/mac_spoofing.rb:11 And the real MAC address was leaked # features/step_definitions/mac_spoofing.rb:34 Scenario: MAC address spoofing is successful # features/mac_spoofing.feature:22 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [1, "", "eth0: error fetching interface information: Device not found\n"] calling as root: date -s '@1465818136' call returned: [0, "Mon Jun 13 11:42:16 UTC 2016\n", ""] calling as root: test -e '/etc/sudoers.d/tails-greeter' -o -e '/etc/sudoers.d/tails-greeter-no-password-lecture' [log] CLICK on (642,449) call returned: [1, "", ""] calling as root: test -e '/etc/sudoers.d/tails-greeter' -o -e '/etc/sudoers.d/tails-greeter-no-password-lecture' call returned: [0, "", ""] calling as amnesia: gsettings set org.gnome.desktop.session idle-delay 0 call returned: [0, "", ""] calling as amnesia: gsettings set org.gnome.desktop.interface toolkit-accessibility true call returned: [0, "", ""] calling as amnesia: xdotool search --all --onlyvisible --maxdepth 1 --classname 'Florence' call returned: [1, "", ""] When I log in to a new session # features/step_definitions/common_steps.rb:292 calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [0, "", ""] calling as root: test -e /var/run/tordate/done call returned: [0, "", ""] calling as root: test -e /var/run/htpdate/success call returned: [0, "", ""] calling as root: systemctl is-system-running call returned: [0, "running\n", ""] And Tor is ready # features/step_definitions/common_steps.rb:373 calling as root: . /usr/local/lib/tails-shell-library/hardware.sh && get_all_ethernet_nics call returned: [0, "eth0\n", ""] Then 1 network interface is enabled # features/step_definitions/mac_spoofing.rb:75 calling as root: . /usr/local/lib/tails-shell-library/hardware.sh && get_all_ethernet_nics call returned: [0, "eth0\n", ""] calling as root: . /usr/local/lib/tails-shell-library/hardware.sh && get_all_ethernet_nics call returned: [0, "eth0\n", ""] calling as root: . /usr/local/lib/tails-shell-library/hardware.sh && get_current_mac_of_nic eth0 call returned: [0, "50:54:00:e4:f7:72\n", ""] And the network device has a spoofed MAC address configured # features/step_definitions/mac_spoofing.rb:11 And the real MAC address was not leaked # features/step_definitions/mac_spoofing.rb:34 Scenario: The MAC address is not leaked when booting Tails # features/mac_spoofing.feature:58 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [1, "", "eth0: error fetching interface information: Device not found\n"] calling as root: date -s '@1465818179' call returned: [0, "Mon Jun 13 11:42:59 UTC 2016\n", ""] Given a computer # features/step_definitions/common_steps.rb:122 And I capture all network traffic # features/step_definitions/common_steps.rb:171 When I start the computer # features/step_definitions/common_steps.rb:184 [log] CLICK on (1024,384) [log] TYPE " " [log] TYPE " autotest_never_use_this_option blacklist=psmouse " calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] calling as root: service tor status call returned: [3, "\u25cf tor.service - Anonymizing overlay network for TCP (multi-instance-master)\n Loaded: loaded (/lib/systemd/system/tor.service; disabled)\n Active: inactive (dead)\n", ""] calling as root: echo 'TestingTorNetwork 1 AssumeReachable 1 PathsNeededToBuildCircuits 0.25 TestingBridgeDownloadSchedule 0, 5 TestingClientConsensusDownloadSchedule 0, 5 TestingClientDownloadSchedule 0, 5 TestingDirAuthVoteExit * TestingDirAuthVoteGuard * TestingDirAuthVoteHSDir * TestingMinExitFlagThreshold 0 V3AuthNIntervalsValid 2 ClientRejectInternalAddresses 1 AlternateDirAuthority test000auth orport=5000 no-v2 hs v3ident=F331DEF03340024E27063D865A4A0D11A21420ED 10.2.1.1:7000 AE0896F267595CC58A3F8432998765FCF1AD1A6D AlternateDirAuthority test001auth orport=5001 no-v2 hs v3ident=5228B82B1FA52163CD2938D9880D62F7FDAEC7BE 10.2.1.1:7001 A4B46490D9F3E18CB9FA4DE4973114C9CDFC972A AlternateDirAuthority test002auth orport=5002 no-v2 hs v3ident=4989A61D959085B49A9855C38A8F69EE6099914C 10.2.1.1:7002 90944BF1079C2A7D6A77C41D62D10D7CCA44E27F AlternateDirAuthority test003auth orport=5003 no-v2 hs v3ident=2C590C78CC3BE6311EEDBFC7A6DA9883F80C40B8 10.2.1.1:7003 780C6EFF7CF37F05149E318488BE30F8F5E908F7 AlternateBridgeAuthority test004brauth orport=5004 no-v2 bridge 10.2.1.1:7004 FE7BB8E09C53B7354A1A5ABCC8F64C311A6D696A ' >> '/etc/tor/torrc' call returned: [0, "", ""] Then the computer boots Tails # features/step_definitions/common_steps.rb:273 calling as root: . /usr/local/lib/tails-shell-library/hardware.sh && get_all_ethernet_nics call returned: [0, "", ""] And no network interfaces are enabled # features/step_definitions/mac_spoofing.rb:75 And the real MAC address was not leaked # features/step_definitions/mac_spoofing.rb:34 @product Feature: Metadata Anonymization Toolkit As a Tails user I want to be able to remove leaky metadata from documents and media files # In this feature we cannot restore from snapshots since it's # incompatible with filesystem shares. Scenario: MAT can clean a PDF file # features/mat.feature:9 Given a computer # features/step_definitions/common_steps.rb:122 And I setup a filesystem share containing a sample PDF # features/step_definitions/checks.rb:126 [log] CLICK on (1024,384) [log] TYPE " " [log] TYPE " autotest_never_use_this_option blacklist=psmouse " calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] calling as root: mkdir -p /tmp/shared_pdf_dir call returned: [0, "", ""] calling as root: mount -t 9p -o trans=virtio /tmp/shared_pdf_dir /tmp/shared_pdf_dir call returned: [0, "", ""] calling as root: service tor status call returned: [3, "\u25cf tor.service - Anonymizing overlay network for TCP (multi-instance-master)\n Loaded: loaded (/lib/systemd/system/tor.service; disabled)\n Active: inactive (dead)\n", ""] calling as root: echo 'TestingTorNetwork 1 AssumeReachable 1 PathsNeededToBuildCircuits 0.25 TestingBridgeDownloadSchedule 0, 5 TestingClientConsensusDownloadSchedule 0, 5 TestingClientDownloadSchedule 0, 5 TestingDirAuthVoteExit * TestingDirAuthVoteGuard * TestingDirAuthVoteHSDir * TestingMinExitFlagThreshold 0 V3AuthNIntervalsValid 2 ClientRejectInternalAddresses 1 AlternateDirAuthority test000auth orport=5000 no-v2 hs v3ident=F331DEF03340024E27063D865A4A0D11A21420ED 10.2.1.1:7000 AE0896F267595CC58A3F8432998765FCF1AD1A6D AlternateDirAuthority test001auth orport=5001 no-v2 hs v3ident=5228B82B1FA52163CD2938D9880D62F7FDAEC7BE 10.2.1.1:7001 A4B46490D9F3E18CB9FA4DE4973114C9CDFC972A AlternateDirAuthority test002auth orport=5002 no-v2 hs v3ident=4989A61D959085B49A9855C38A8F69EE6099914C 10.2.1.1:7002 90944BF1079C2A7D6A77C41D62D10D7CCA44E27F AlternateDirAuthority test003auth orport=5003 no-v2 hs v3ident=2C590C78CC3BE6311EEDBFC7A6DA9883F80C40B8 10.2.1.1:7003 780C6EFF7CF37F05149E318488BE30F8F5E908F7 AlternateBridgeAuthority test004brauth orport=5004 no-v2 bridge 10.2.1.1:7004 FE7BB8E09C53B7354A1A5ABCC8F64C311A6D696A ' >> '/etc/tor/torrc' call returned: [0, "", ""] [log] CLICK on (642,449) calling as root: test -e '/etc/sudoers.d/tails-greeter' -o -e '/etc/sudoers.d/tails-greeter-no-password-lecture' call returned: [1, "", ""] calling as root: test -e '/etc/sudoers.d/tails-greeter' -o -e '/etc/sudoers.d/tails-greeter-no-password-lecture' call returned: [0, "", ""] calling as amnesia: gsettings set org.gnome.desktop.session idle-delay 0 call returned: [0, "", ""] calling as amnesia: gsettings set org.gnome.desktop.interface toolkit-accessibility true call returned: [0, "", ""] calling as amnesia: xdotool search --all --onlyvisible --maxdepth 1 --classname 'Florence' call returned: [1, "", ""] [log] CLICK on (1007,762) [profile] Finder.findAll START [profile] Finder.findAll END: 264ms [profile] Finder.findAll START [profile] Finder.findAll END: 248ms [profile] Finder.findAll START [profile] Finder.findAll END: 230ms [profile] Finder.findAll START [profile] Finder.findAll END: 291ms [profile] Finder.findAll START [profile] Finder.findAll END: 235ms [profile] Finder.findAll START [profile] Finder.findAll END: 236ms [profile] Finder.findAll START [profile] Finder.findAll END: 274ms [profile] Finder.findAll START [profile] Finder.findAll END: 237ms [log] CLICK on (51,16) And I start Tails from DVD with network unplugged and I login # features/step_definitions/common_steps.rb:191 calling as amnesia: cp "/tmp/shared_pdf_dir/sample.pdf" "/home/amnesia/sample.pdf" call returned: [0, "", ""] calling as amnesia: mat --check '/home/amnesia/sample.pdf' call returned: [0, "[+] /home/amnesia/sample.pdf is not clean\n", ""] calling as amnesia: mat '/home/amnesia/sample.pdf' call returned: [0, "[*] Cleaning /home/amnesia/sample.pdf\n[+] /home/amnesia/sample.pdf cleaned!\n", ""] calling as amnesia: mat --check '/home/amnesia/sample.pdf' call returned: [0, "[+] /home/amnesia/sample.pdf is clean\n", ""] calling as root: rm '/home/amnesia/sample.pdf' call returned: [0, "", ""] Then MAT can clean some sample PDF file # features/step_definitions/checks.rb:141 @product Feature: Chatting anonymously using Pidgin As a Tails user when I chat using Pidgin I should be able to use OTR And I should be able to persist my Pidgin configuration And AppArmor should prevent Pidgin from doing dangerous things And all Internet traffic should flow only through Tor Scenario: Adding a certificate to Pidgin # features/pidgin.feature:74 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [0, "", ""] calling as root: systemctl --quiet is-active tor@default.service call returned: [0, "", ""] calling as root: systemctl stop tor@default.service call returned: [0, "", ""] calling as root: rm -f /var/log/tor/log call returned: [0, "", ""] calling as root: systemctl --no-block restart tails-tor-has-bootstrapped.target call returned: [0, "", ""] calling as root: date -s '@1465818425' call returned: [0, "Mon Jun 13 11:47:05 UTC 2016\n", ""] spawning as root: restart-tor calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [0, "", ""] calling as root: cat /proc/cmdline call returned: [0, "BOOT_IMAGE=/live/vmlinuz2 initrd=/live/initrd2.img boot=live config live-media=removable apparmor=1 security=apparmor nopersistence noprompt timezone=Etc/UTC block.events_dfl_poll_msecs=1000 splash noautologin module=Tails slab_nomerge slub_debug=FZ mce=0 vsyscall=none quiet autotest_never_use_this_option blacklist=psmouse \n", ""] Given I have started Tails from DVD and logged in and the network is connected # features/step_definitions/snapshots.rb:199 calling as amnesia: mktemp call returned: [0, "/tmp/tmp.5ussH7WEQl\n", ""] calling as root: rm -f '/tmp/tmp.5ussH7WEQl' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Applications'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.5ussH7WEQl' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.5ussH7WEQl' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.5ussH7WEQl_20160613-114711_debug ...\nClicking on [label | Applications]\nMouse button 1 click at (47,13)\n", ""] calling as root: rm -f '/tmp/tmp.5ussH7WEQl' call returned: [0, "", ""] calling as amnesia: mktemp call returned: [0, "/tmp/tmp.FQqBeQsJ6z\n", ""] calling as root: rm -f '/tmp/tmp.FQqBeQsJ6z' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Internet'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.FQqBeQsJ6z' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.FQqBeQsJ6z' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.FQqBeQsJ6z_20160613-114714_debug ...\nClicking on [label | Internet]\nMouse button 1 click at (59,166)\n", ""] calling as root: rm -f '/tmp/tmp.FQqBeQsJ6z' call returned: [0, "", ""] calling as amnesia: mktemp call returned: [0, "/tmp/tmp.yJRb3be2Hy\n", ""] calling as root: rm -f '/tmp/tmp.yJRb3be2Hy' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Pidgin Internet Messenger'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.yJRb3be2Hy' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.yJRb3be2Hy' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.yJRb3be2Hy_20160613-114718_debug ...\nClicking on [label | Pidgin Internet Messenger]\nMouse button 1 click at (343,292)\n", ""] calling as root: rm -f '/tmp/tmp.yJRb3be2Hy' call returned: [0, "", ""] And I start Pidgin through the GNOME menu # features/step_definitions/pidgin.rb:291 And I see Pidgin's account manager window # features/step_definitions/pidgin.rb:301 [log] CLICK on (710,528) And I close Pidgin's account manager window # features/step_definitions/pidgin.rb:305 calling as amnesia: cp "/usr/share/ca-certificates/spi-inc.org/spi-cacert-2008.crt" "/home/amnesia/test.crt" call returned: [0, "", ""] calling as amnesia: xdotool search --name 'Buddy List' windowactivate --sync call returned: [0, "", ""] [log] CLICK on (318,186) [log] CLICK on (354,240) [log] CLICK on (644,273) [log] CLICK on (146,308) [log] CLICK on (122,134) [log] Alt+TYPE "l" [log] TYPE "/home/amnesia/test.crt " [log] TYPE "XXX test XXX " Then I can add a certificate from the "/home/amnesia" directory to Pidgin # features/step_definitions/pidgin.rb:457 Scenario: Failing to add a certificate to Pidgin # features/pidgin.feature:81 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [0, "", ""] calling as root: systemctl --quiet is-active tor@default.service call returned: [0, "", ""] calling as root: systemctl stop tor@default.service call returned: [0, "", ""] calling as root: rm -f /var/log/tor/log call returned: [0, "", ""] calling as root: systemctl --no-block restart tails-tor-has-bootstrapped.target call returned: [0, "", ""] calling as root: date -s '@1465818465' call returned: [0, "Mon Jun 13 11:47:45 UTC 2016\n", ""] spawning as root: restart-tor calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [0, "", ""] calling as root: cat /proc/cmdline call returned: [0, "BOOT_IMAGE=/live/vmlinuz2 initrd=/live/initrd2.img boot=live config live-media=removable apparmor=1 security=apparmor nopersistence noprompt timezone=Etc/UTC block.events_dfl_poll_msecs=1000 splash noautologin module=Tails slab_nomerge slub_debug=FZ mce=0 vsyscall=none quiet autotest_never_use_this_option blacklist=psmouse \n", ""] Given I have started Tails from DVD and logged in and the network is connected # features/step_definitions/snapshots.rb:199 calling as amnesia: mktemp call returned: [0, "/tmp/tmp.uPiCsx0y7U\n", ""] calling as root: rm -f '/tmp/tmp.uPiCsx0y7U' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Applications'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.uPiCsx0y7U' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.uPiCsx0y7U' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.uPiCsx0y7U_20160613-114750_debug ...\nClicking on [label | Applications]\nMouse button 1 click at (47,13)\n", ""] calling as root: rm -f '/tmp/tmp.uPiCsx0y7U' call returned: [0, "", ""] calling as amnesia: mktemp call returned: [0, "/tmp/tmp.AsBPue7xkF\n", ""] calling as root: rm -f '/tmp/tmp.AsBPue7xkF' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Internet'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.AsBPue7xkF' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.AsBPue7xkF' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.AsBPue7xkF_20160613-114754_debug ...\nClicking on [label | Internet]\nMouse button 1 click at (59,166)\n", ""] calling as root: rm -f '/tmp/tmp.AsBPue7xkF' call returned: [0, "", ""] calling as amnesia: mktemp call returned: [0, "/tmp/tmp.O5yBWKzrNa\n", ""] calling as root: rm -f '/tmp/tmp.O5yBWKzrNa' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Pidgin Internet Messenger'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.O5yBWKzrNa' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.O5yBWKzrNa' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.O5yBWKzrNa_20160613-114758_debug ...\nClicking on [label | Pidgin Internet Messenger]\nMouse button 1 click at (343,292)\n", ""] calling as root: rm -f '/tmp/tmp.O5yBWKzrNa' call returned: [0, "", ""] When I start Pidgin through the GNOME menu # features/step_definitions/pidgin.rb:291 And I see Pidgin's account manager window # features/step_definitions/pidgin.rb:301 [log] CLICK on (710,528) And I close Pidgin's account manager window # features/step_definitions/pidgin.rb:305 calling as amnesia: cp "/usr/share/ca-certificates/spi-inc.org/spi-cacert-2008.crt" "/home/amnesia/.gnupg/test.crt" call returned: [0, "", ""] calling as amnesia: xdotool search --name 'Buddy List' windowactivate --sync call returned: [0, "", ""] [log] CLICK on (318,186) [log] CLICK on (354,240) [log] CLICK on (644,273) [log] CLICK on (146,308) [log] CLICK on (122,134) [log] Alt+TYPE "l" [log] TYPE "/home/amnesia/.gnupg/test.crt " Then I cannot add a certificate from the "/home/amnesia/.gnupg" directory to Pidgin # features/step_definitions/pidgin.rb:464 [log] TYPE "" When I close Pidgin's certificate import failure dialog # features/step_definitions/pidgin.rb:476 And I close Pidgin's certificate manager # features/step_definitions/pidgin.rb:469 [log] TYPE "" calling as amnesia: cp "/usr/share/ca-certificates/spi-inc.org/spi-cacert-2008.crt" "/lib/live/mount/overlay/home/amnesia/.gnupg/test.crt" call returned: [0, "", ""] calling as amnesia: xdotool search --name 'Buddy List' windowactivate --sync call returned: [0, "", ""] [log] CLICK on (318,186) [log] CLICK on (354,240) [log] CLICK on (644,273) [log] CLICK on (122,134) [log] Alt+TYPE "l" [log] TYPE "/lib/live/mount/overlay/home/amnesia/.gnupg/test.crt " Then I cannot add a certificate from the "/lib/live/mount/overlay/home/amnesia/.gnupg" directory to Pidgin # features/step_definitions/pidgin.rb:464 When I close Pidgin's certificate import failure dialog # features/step_definitions/pidgin.rb:476 [log] TYPE "" [log] TYPE "" And I close Pidgin's certificate manager # features/step_definitions/pidgin.rb:469 calling as amnesia: cp "/usr/share/ca-certificates/spi-inc.org/spi-cacert-2008.crt" "/live/overlay/home/amnesia/.gnupg/test.crt" call returned: [0, "", ""] calling as amnesia: xdotool search --name 'Buddy List' windowactivate --sync call returned: [0, "", ""] [log] CLICK on (318,186) [log] CLICK on (354,240) [log] CLICK on (644,273) [log] CLICK on (122,134) [log] Alt+TYPE "l" [log] TYPE "/live/overlay/home/amnesia/.gnupg/test.crt " Then I cannot add a certificate from the "/live/overlay/home/amnesia/.gnupg" directory to Pidgin # features/step_definitions/pidgin.rb:464 @source Feature: check PO files As a Tails developer, when I build Tails, I want to make sure the PO files in use are correct. @doc Scenario: check all PO files # features/po.feature:7 Given I am in the Git branch being tested # features/step_definitions/po.rb:1 Then all the PO files should be correct # features/step_definitions/po.rb:5 @product Feature: The Tor enforcement is effective As a Tails user I want all direct Internet connections I do by mistake or applications do by misconfiguration or buggy leaks to be blocked And as a Tails developer I want to ensure that the automated test suite detects firewall leaks reliably Scenario: Tails' Tor binary is configured to use the expected Tor authorities # features/tor_enforcement.feature:8 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [0, "", ""] calling as root: systemctl --quiet is-active tor@default.service call returned: [0, "", ""] calling as root: systemctl stop tor@default.service call returned: [0, "", ""] calling as root: rm -f /var/log/tor/log call returned: [0, "", ""] calling as root: systemctl --no-block restart tails-tor-has-bootstrapped.target call returned: [0, "", ""] calling as root: date -s '@1465818552' call returned: [0, "Mon Jun 13 11:49:12 UTC 2016\n", ""] spawning as root: restart-tor calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [0, "", ""] calling as root: cat /proc/cmdline call returned: [0, "BOOT_IMAGE=/live/vmlinuz2 initrd=/live/initrd2.img boot=live config live-media=removable apparmor=1 security=apparmor nopersistence noprompt timezone=Etc/UTC block.events_dfl_poll_msecs=1000 splash noautologin module=Tails slab_nomerge slub_debug=FZ mce=0 vsyscall=none quiet autotest_never_use_this_option blacklist=psmouse \n", ""] Given I have started Tails from DVD and logged in and the network is connected # features/step_definitions/snapshots.rb:199 calling as root: strings /usr/bin/tor | grep -E 'orport=[0-9]+' call returned: [0, "moria1 orport=9101 v3ident=D586D18309DED4CD6D57C18FDB97EFA96D330566 128.31.0.39:9131 9695 DFC3 5FFE B861 329B 9F1A B04C 4639 7020 CE31\ntor26 orport=443 v3ident=14C131DFC5C6F93646BE72FA1401C02A8DF2E8B4 86.59.21.38:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D\ndizum orport=443 v3ident=E8A9C45EDE6D711294FADF8E7951F4DE6CA56B58 194.109.206.212:80 7EA6 EAD6 FD83 083C 538F 4403 8BBF A077 587D D755\nTonga orport=443 bridge 82.94.251.203:80 4A0C CD2D DC79 9508 3D73 F5D6 6710 0C8A 5831 F16D\ngabelmoo orport=443 v3ident=ED03BB616EB2F60BEC80151114BB25CEF515B226 131.188.40.189:80 F204 4413 DAC2 E02E 3D6B CF47 35A1 9BCA 1DE9 7281\ndannenberg orport=443 v3ident=585769C78764D58426B8B52B6651A5A71137189A 193.23.244.244:80 7BE6 83E6 5D48 1413 21C5 ED92 F075 C553 64AC 7123\nurras orport=80 v3ident=80550987E1D626E3EBA5E5E75A458DE0626D088C 208.83.223.34:443 0AD3 FA88 4D18 F89E EA2D 89C0 1937 9E0E 7FD9 4417\nmaatuska orport=80 v3ident=49015F787433103580E3B66A1707A00E60F2D15B 171.25.193.9:443 BD6A 8292 55CB 08E6 6FBE 7D37 4836 3586 E46B 3810\nFaravahar orport=443 v3ident=EFCBE720AB3A82B99F9E953CD5BF50F7EEFC7B97 154.35.175.225:80 CF6D 0AAF B385 BE71 B8E1 11FC 5CFF 4B47 9237 33BC\nlongclaw orport=443 v3ident=23D15D965BC35114467363C165C4F724B64B4F66 199.254.238.52:80 74A9 1064 6BCE EFBC D2E8 74FC 1DC9 9743 0F96 8145\n", ""] Then the Tor binary is configured to use the expected Tor authorities # features/step_definitions/tor.rb:398 Scenario: The firewall configuration is very restrictive # features/tor_enforcement.feature:12 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [0, "", ""] calling as root: systemctl --quiet is-active tor@default.service call returned: [0, "", ""] calling as root: systemctl stop tor@default.service call returned: [0, "", ""] calling as root: rm -f /var/log/tor/log call returned: [0, "", ""] calling as root: systemctl --no-block restart tails-tor-has-bootstrapped.target call returned: [0, "", ""] calling as root: date -s '@1465818563' call returned: [0, "Mon Jun 13 11:49:23 UTC 2016\n", ""] spawning as root: restart-tor calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [0, "", ""] calling as root: cat /proc/cmdline call returned: [0, "BOOT_IMAGE=/live/vmlinuz2 initrd=/live/initrd2.img boot=live config live-media=removable apparmor=1 security=apparmor nopersistence noprompt timezone=Etc/UTC block.events_dfl_poll_msecs=1000 splash noautologin module=Tails slab_nomerge slub_debug=FZ mce=0 vsyscall=none quiet autotest_never_use_this_option blacklist=psmouse \n", ""] Given I have started Tails from DVD and logged in and the network is connected # features/step_definitions/snapshots.rb:199 calling as root: iptables-save -c -t filter | iptables-xml call returned: [0, "\n\n \n \n \n \n \n ESTABLISHED\n \n \n \n \n \n\n \n\n \n \n \n lo\n \n \n \n \n \n\n \n\n \n \n \n \n \n ESTABLISHED\n \n \n \n \n \n\n \n\n \n \n \n lo\n

icmp

\n
\n \n RELATED\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n 9050\n FIN,SYN,RST,ACK SYN\n \n \n 0\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n 9050\n FIN,SYN,RST,ACK SYN\n \n \n 13\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n 9050\n FIN,SYN,RST,ACK SYN\n \n \n 65534\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n FIN,SYN,RST,ACK SYN\n \n \n 9050,9061,9062,9150\n \n \n 1000\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n 9062\n FIN,SYN,RST,ACK SYN\n \n \n 118\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n 9062\n FIN,SYN,RST,ACK SYN\n \n \n 121\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n 9062\n FIN,SYN,RST,ACK SYN\n \n \n 122\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n 9051\n \n \n 124\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n 9051\n \n \n 0\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n 9052\n \n \n 1000\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n 9040\n \n \n 1000\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

udp

\n
\n \n 53\n \n \n 1000\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

udp

\n
\n \n 5353\n \n \n 1000\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.2/32\n lo\n

udp

\n
\n \n 53\n \n \n 1000\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.2/32\n lo\n

tcp

\n
\n \n 53\n FIN,SYN,RST,ACK SYN\n \n \n 1000\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n 4101\n FIN,SYN,RST,ACK SYN\n \n \n 1000\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n 631\n FIN,SYN,RST,ACK SYN\n \n \n 1000\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n 6136\n FIN,SYN,RST,ACK SYN\n \n \n 1000\n \n
\n \n \n \n\n
\n\n \n \n \n lo\n

tcp

\n
\n \n 117\n \n
\n \n \n \n\n
\n\n \n \n \n lo\n

udp

\n
\n \n 117\n \n \n 53\n \n
\n \n \n \n\n
\n\n \n \n \n 10.0.0.0/8\n \n \n \n \n \n \n \n\n \n\n \n \n \n 172.16.0.0/12\n \n \n \n \n \n \n \n\n \n\n \n \n \n 192.168.0.0/16\n \n \n \n \n \n \n \n\n \n\n \n \n \n

tcp

\n
\n \n 107\n \n \n FIN,SYN,RST,ACK SYN\n \n \n NEW\n \n
\n \n \n \n\n
\n\n \n \n \n "Dropped outbound packet: "\n 7\n \n \n \n\n \n\n \n \n \n icmp-port-unreachable\n \n \n\n \n\n
\n \n \n \n \n

tcp

\n
\n \n 53\n \n
\n \n \n icmp-port-unreachable\n \n \n\n
\n\n \n \n \n

udp

\n
\n \n 53\n \n
\n \n \n icmp-port-unreachable\n \n \n\n
\n\n \n \n \n 116\n \n \n \n \n icmp-port-unreachable\n \n \n\n \n\n \n \n \n \n\n \n\n
\n \n
\n\n
\n", ""] Then the firewall's policy is to DROP all IPv4 traffic # features/step_definitions/tor.rb:55 calling as root: id -u clearnet call returned: [0, "117\n", ""] calling as root: id -u debian-tor call returned: [0, "107\n", ""] calling as root: iptables-save -c -t filter | iptables-xml call returned: [0, "\n\n \n \n \n \n \n ESTABLISHED\n \n \n \n \n \n\n \n\n \n \n \n lo\n \n \n \n \n \n\n \n\n \n \n \n \n \n ESTABLISHED\n \n \n \n \n \n\n \n\n \n \n \n lo\n

icmp

\n
\n \n RELATED\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n 9050\n FIN,SYN,RST,ACK SYN\n \n \n 0\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n 9050\n FIN,SYN,RST,ACK SYN\n \n \n 13\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n 9050\n FIN,SYN,RST,ACK SYN\n \n \n 65534\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n FIN,SYN,RST,ACK SYN\n \n \n 9050,9061,9062,9150\n \n \n 1000\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n 9062\n FIN,SYN,RST,ACK SYN\n \n \n 118\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n 9062\n FIN,SYN,RST,ACK SYN\n \n \n 121\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n 9062\n FIN,SYN,RST,ACK SYN\n \n \n 122\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n 9051\n \n \n 124\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n 9051\n \n \n 0\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n 9052\n \n \n 1000\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n 9040\n \n \n 1000\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

udp

\n
\n \n 53\n \n \n 1000\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

udp

\n
\n \n 5353\n \n \n 1000\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.2/32\n lo\n

udp

\n
\n \n 53\n \n \n 1000\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.2/32\n lo\n

tcp

\n
\n \n 53\n FIN,SYN,RST,ACK SYN\n \n \n 1000\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n 4101\n FIN,SYN,RST,ACK SYN\n \n \n 1000\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n 631\n FIN,SYN,RST,ACK SYN\n \n \n 1000\n \n
\n \n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n lo\n

tcp

\n
\n \n 6136\n FIN,SYN,RST,ACK SYN\n \n \n 1000\n \n
\n \n \n \n\n
\n\n \n \n \n lo\n

tcp

\n
\n \n 117\n \n
\n \n \n \n\n
\n\n \n \n \n lo\n

udp

\n
\n \n 117\n \n \n 53\n \n
\n \n \n \n\n
\n\n \n \n \n 10.0.0.0/8\n \n \n \n \n \n \n \n\n \n\n \n \n \n 172.16.0.0/12\n \n \n \n \n \n \n \n\n \n\n \n \n \n 192.168.0.0/16\n \n \n \n \n \n \n \n\n \n\n \n \n \n

tcp

\n
\n \n 107\n \n \n FIN,SYN,RST,ACK SYN\n \n \n NEW\n \n
\n \n \n \n\n
\n\n \n \n \n "Dropped outbound packet: "\n 7\n \n \n \n\n \n\n \n \n \n icmp-port-unreachable\n \n \n\n \n\n
\n \n \n \n \n

tcp

\n
\n \n 53\n \n
\n \n \n icmp-port-unreachable\n \n \n\n
\n\n \n \n \n

udp

\n
\n \n 53\n \n
\n \n \n icmp-port-unreachable\n \n \n\n
\n\n \n \n \n 116\n \n \n \n \n icmp-port-unreachable\n \n \n\n \n\n \n \n \n \n\n \n\n
\n \n
\n\n
\n", ""] And the firewall is configured to only allow the clearnet and debian-tor users to connect directly to the Internet over IPv4 # features/step_definitions/tor.rb:65 calling as root: iptables-save -c -t nat | iptables-xml call returned: [0, "\n\n \n \n \n \n \n 127.192.0.0/10\n

tcp

\n
\n
\n \n \n 9040\n \n \n\n
\n\n \n \n \n 127.0.0.1/32\n

udp

\n
\n \n 53\n \n
\n \n \n 5353\n \n \n\n
\n\n
\n \n \n \n
\n\n
\n", ""] And the firewall's NAT rules only redirect traffic for Tor's TransPort and DNSPort # features/step_definitions/tor.rb:120 calling as root: ip6tables-save -c -t filter | iptables-xml call returned: [0, "\n\n \n \n \n \n \n ::1/128\n ::1/128\n lo\n

tcp

\n
\n \n 4101\n \n
\n \n \n \n\n
\n\n \n \n \n ::1/128\n ::1/128\n lo\n

tcp

\n
\n \n 4101\n \n \n ESTABLISHED\n \n
\n \n \n \n\n
\n\n
\n \n \n \n \n ::1/128\n ::1/128\n lo\n

tcp

\n
\n \n 4101\n \n \n 1000\n \n
\n \n \n \n\n
\n\n \n \n \n ::1/128\n ::1/128\n lo\n

tcp

\n
\n \n 4101\n \n \n ESTABLISHED\n \n
\n \n \n \n\n
\n\n \n \n \n "Dropped outbound packet: "\n 7\n \n \n \n\n \n\n \n \n \n icmp6-port-unreachable\n \n \n\n \n\n
\n \n
\n\n
\n", ""] And the firewall is configured to block all external IPv6 traffic # features/step_definitions/tor.rb:156 Scenario: Anti test: Detecting TCP leaks of DNS lookups with the firewall leak detector # features/tor_enforcement.feature:28 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [0, "", ""] calling as root: systemctl --quiet is-active tor@default.service call returned: [0, "", ""] calling as root: systemctl stop tor@default.service call returned: [0, "", ""] calling as root: rm -f /var/log/tor/log call returned: [0, "", ""] calling as root: systemctl --no-block restart tails-tor-has-bootstrapped.target call returned: [0, "", ""] calling as root: date -s '@1465818577' call returned: [0, "Mon Jun 13 11:49:37 UTC 2016\n", ""] spawning as root: restart-tor calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [0, "", ""] calling as root: cat /proc/cmdline call returned: [0, "BOOT_IMAGE=/live/vmlinuz2 initrd=/live/initrd2.img boot=live config live-media=removable apparmor=1 security=apparmor nopersistence noprompt timezone=Etc/UTC block.events_dfl_poll_msecs=1000 splash noautologin module=Tails slab_nomerge slub_debug=FZ mce=0 vsyscall=none quiet autotest_never_use_this_option blacklist=psmouse \n", ""] Given I have started Tails from DVD and logged in and the network is connected # features/step_definitions/snapshots.rb:199 And I capture all network traffic # features/step_definitions/common_steps.rb:171 calling as root: /usr/local/lib/do_not_ever_run_me call returned: [0, "", ""] calling as root: iptables -L -n -v call returned: [0, "Chain INPUT (policy ACCEPT 0 packets, 0 bytes)\n pkts bytes target prot opt in out source destination \n\nChain FORWARD (policy ACCEPT 0 packets, 0 bytes)\n pkts bytes target prot opt in out source destination \n\nChain OUTPUT (policy ACCEPT 0 packets, 0 bytes)\n pkts bytes target prot opt in out source destination \n", ""] And I disable Tails' firewall # features/step_definitions/firewall_leaks.rb:7 calling as amnesia: host -T torproject.org 208.67.222.222 call returned: [0, "Using domain server:\nName: 208.67.222.222\nAddress: 208.67.222.222#53\nAliases: \n\ntorproject.org has address 38.229.72.16\ntorproject.org has address 82.195.75.101\ntorproject.org has address 86.59.30.40\ntorproject.org has address 138.201.14.197\ntorproject.org has IPv6 address 2001:41b8:202:deb:213:21ff:fe20:1426\ntorproject.org has IPv6 address 2001:858:2:2:aabb:0:563b:1e28\ntorproject.org has IPv6 address 2620:0:6b0:b:1a1a:0:26e5:4810\ntorproject.org has IPv6 address 2a01:4f8:172:1b46:0:abba:5:1\ntorproject.org mail is handled by 10 eugeni.torproject.org.\n", ""] When I do a TCP DNS lookup of "torproject.org" # features/step_definitions/firewall_leaks.rb:19 Then the firewall leak detector has detected leaks # features/step_definitions/firewall_leaks.rb:1 Scenario: Anti test: Detecting UDP leaks of DNS lookups with the firewall leak detector # features/tor_enforcement.feature:35 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [0, "", ""] calling as root: systemctl --quiet is-active tor@default.service call returned: [0, "", ""] calling as root: systemctl stop tor@default.service call returned: [0, "", ""] calling as root: rm -f /var/log/tor/log call returned: [0, "", ""] calling as root: systemctl --no-block restart tails-tor-has-bootstrapped.target call returned: [0, "", ""] calling as root: date -s '@1465818590' call returned: [0, "Mon Jun 13 11:49:50 UTC 2016\n", ""] spawning as root: restart-tor calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [0, "", ""] calling as root: cat /proc/cmdline call returned: [0, "BOOT_IMAGE=/live/vmlinuz2 initrd=/live/initrd2.img boot=live config live-media=removable apparmor=1 security=apparmor nopersistence noprompt timezone=Etc/UTC block.events_dfl_poll_msecs=1000 splash noautologin module=Tails slab_nomerge slub_debug=FZ mce=0 vsyscall=none quiet autotest_never_use_this_option blacklist=psmouse \n", ""] Given I have started Tails from DVD and logged in and the network is connected # features/step_definitions/snapshots.rb:199 And I capture all network traffic # features/step_definitions/common_steps.rb:171 calling as root: /usr/local/lib/do_not_ever_run_me call returned: [0, "", ""] calling as root: iptables -L -n -v call returned: [0, "Chain INPUT (policy ACCEPT 0 packets, 0 bytes)\n pkts bytes target prot opt in out source destination \n\nChain FORWARD (policy ACCEPT 0 packets, 0 bytes)\n pkts bytes target prot opt in out source destination \n\nChain OUTPUT (policy ACCEPT 0 packets, 0 bytes)\n pkts bytes target prot opt in out source destination \n", ""] And I disable Tails' firewall # features/step_definitions/firewall_leaks.rb:7 calling as amnesia: host torproject.org 208.67.222.222 call returned: [0, "Using domain server:\nName: 208.67.222.222\nAddress: 208.67.222.222#53\nAliases: \n\ntorproject.org has address 82.195.75.101\ntorproject.org has address 38.229.72.16\ntorproject.org has address 86.59.30.40\ntorproject.org has address 138.201.14.197\ntorproject.org has IPv6 address 2001:858:2:2:aabb:0:563b:1e28\ntorproject.org has IPv6 address 2620:0:6b0:b:1a1a:0:26e5:4810\ntorproject.org has IPv6 address 2a01:4f8:172:1b46:0:abba:5:1\ntorproject.org has IPv6 address 2001:41b8:202:deb:213:21ff:fe20:1426\ntorproject.org mail is handled by 10 eugeni.torproject.org.\n", ""] When I do a UDP DNS lookup of "torproject.org" # features/step_definitions/firewall_leaks.rb:24 Then the firewall leak detector has detected leaks # features/step_definitions/firewall_leaks.rb:1 Scenario: Anti test: Detecting ICMP leaks of ping with the firewall leak detector # features/tor_enforcement.feature:42 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [0, "", ""] calling as root: systemctl --quiet is-active tor@default.service call returned: [0, "", ""] calling as root: systemctl stop tor@default.service call returned: [0, "", ""] calling as root: rm -f /var/log/tor/log call returned: [0, "", ""] calling as root: systemctl --no-block restart tails-tor-has-bootstrapped.target call returned: [0, "", ""] calling as root: date -s '@1465818603' call returned: [0, "Mon Jun 13 11:50:03 UTC 2016\n", ""] spawning as root: restart-tor calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [0, "", ""] calling as root: cat /proc/cmdline call returned: [0, "BOOT_IMAGE=/live/vmlinuz2 initrd=/live/initrd2.img boot=live config live-media=removable apparmor=1 security=apparmor nopersistence noprompt timezone=Etc/UTC block.events_dfl_poll_msecs=1000 splash noautologin module=Tails slab_nomerge slub_debug=FZ mce=0 vsyscall=none quiet autotest_never_use_this_option blacklist=psmouse \n", ""] Given I have started Tails from DVD and logged in and the network is connected # features/step_definitions/snapshots.rb:199 And I capture all network traffic # features/step_definitions/common_steps.rb:171 calling as root: /usr/local/lib/do_not_ever_run_me call returned: [0, "", ""] calling as root: iptables -L -n -v call returned: [0, "Chain INPUT (policy ACCEPT 1 packets, 52 bytes)\n pkts bytes target prot opt in out source destination \n\nChain FORWARD (policy ACCEPT 0 packets, 0 bytes)\n pkts bytes target prot opt in out source destination \n\nChain OUTPUT (policy ACCEPT 1 packets, 40 bytes)\n pkts bytes target prot opt in out source destination \n", ""] And I disable Tails' firewall # features/step_definitions/firewall_leaks.rb:7 calling as root: ping -c 5 208.67.222.222 call returned: [0, "PING 208.67.222.222 (208.67.222.222) 56(84) bytes of data.\n64 bytes from 208.67.222.222: icmp_seq=1 ttl=60 time=2.01 ms\n64 bytes from 208.67.222.222: icmp_seq=2 ttl=60 time=0.822 ms\n64 bytes from 208.67.222.222: icmp_seq=3 ttl=60 time=0.672 ms\n64 bytes from 208.67.222.222: icmp_seq=4 ttl=60 time=0.618 ms\n64 bytes from 208.67.222.222: icmp_seq=5 ttl=60 time=0.793 ms\n\n--- 208.67.222.222 ping statistics ---\n5 packets transmitted, 5 received, 0% packet loss, time 4000ms\nrtt min/avg/max/mdev = 0.618/0.984/2.019/0.524 ms\n", ""] When I send some ICMP pings # features/step_definitions/firewall_leaks.rb:29 Then the firewall leak detector has detected leaks # features/step_definitions/firewall_leaks.rb:1 @check_tor_leaks Scenario: The Tor enforcement is effective at blocking untorified TCP connection attempts # features/tor_enforcement.feature:50 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [0, "", ""] calling as root: systemctl --quiet is-active tor@default.service call returned: [0, "", ""] calling as root: systemctl stop tor@default.service call returned: [0, "", ""] calling as root: rm -f /var/log/tor/log call returned: [0, "", ""] calling as root: systemctl --no-block restart tails-tor-has-bootstrapped.target call returned: [0, "", ""] calling as root: date -s '@1465818618' call returned: [0, "Mon Jun 13 11:50:18 UTC 2016\n", ""] spawning as root: restart-tor calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [0, "", ""] calling as root: cat /proc/cmdline call returned: [0, "BOOT_IMAGE=/live/vmlinuz2 initrd=/live/initrd2.img boot=live config live-media=removable apparmor=1 security=apparmor nopersistence noprompt timezone=Etc/UTC block.events_dfl_poll_msecs=1000 splash noautologin module=Tails slab_nomerge slub_debug=FZ mce=0 vsyscall=none quiet autotest_never_use_this_option blacklist=psmouse \n", ""] Given I have started Tails from DVD and logged in and the network is connected # features/step_definitions/snapshots.rb:199 calling as root: journalctl --dmesg --output=cat | grep -qP '^Dropped outbound packet: .* DST=1\.2\.3\.4 .* PROTO=TCP .* DPT=42 ' call returned: [1, "", ""] calling as amnesia: echo | netcat 1.2.3.4 42 call returned: [1, "", "(UNKNOWN) [1.2.3.4] 42 (nameserver) : Connection refused\n"] When I open an untorified TCP connections to 1.2.3.4 on port 42 that is expected to fail # features/step_definitions/tor.rb:187 Then the untorified connection fails # features/step_definitions/tor.rb:211 calling as root: journalctl --dmesg --output=cat | grep -qP '^Dropped outbound packet: .* DST=1\.2\.3\.4 .* PROTO=TCP .* DPT=42 ' call returned: [0, "", ""] And the untorified connection is logged as dropped by the firewall # features/step_definitions/tor.rb:225 @check_tor_leaks Scenario: The Tor enforcement is effective at blocking untorified UDP connection attempts # features/tor_enforcement.feature:57 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [0, "", ""] calling as root: systemctl --quiet is-active tor@default.service call returned: [0, "", ""] calling as root: systemctl stop tor@default.service call returned: [0, "", ""] calling as root: rm -f /var/log/tor/log call returned: [0, "", ""] calling as root: systemctl --no-block restart tails-tor-has-bootstrapped.target call returned: [0, "", ""] calling as root: date -s '@1465818630' call returned: [0, "Mon Jun 13 11:50:30 UTC 2016\n", ""] spawning as root: restart-tor calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [0, "", ""] calling as root: cat /proc/cmdline call returned: [0, "BOOT_IMAGE=/live/vmlinuz2 initrd=/live/initrd2.img boot=live config live-media=removable apparmor=1 security=apparmor nopersistence noprompt timezone=Etc/UTC block.events_dfl_poll_msecs=1000 splash noautologin module=Tails slab_nomerge slub_debug=FZ mce=0 vsyscall=none quiet autotest_never_use_this_option blacklist=psmouse \n", ""] Given I have started Tails from DVD and logged in and the network is connected # features/step_definitions/snapshots.rb:199 calling as root: journalctl --dmesg --output=cat | grep -qP '^Dropped outbound packet: .* DST=1\.2\.3\.4 .* PROTO=UDP .* DPT=42 ' call returned: [1, "", ""] calling as amnesia: echo | netcat -u 1.2.3.4 42 call returned: [1, "", ""] When I open an untorified UDP connections to 1.2.3.4 on port 42 that is expected to fail # features/step_definitions/tor.rb:187 Then the untorified connection fails # features/step_definitions/tor.rb:211 calling as root: journalctl --dmesg --output=cat | grep -qP '^Dropped outbound packet: .* DST=1\.2\.3\.4 .* PROTO=UDP .* DPT=42 ' call returned: [0, "", ""] And the untorified connection is logged as dropped by the firewall # features/step_definitions/tor.rb:225 Scenario: The system DNS is always set up to use Tor's DNSPort # features/tor_enforcement.feature:70 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [1, "", ""] calling as root: date -s '@1465818639' call returned: [0, "Mon Jun 13 11:50:39 UTC 2016\n", ""] Given I have started Tails from DVD without network and logged in # features/step_definitions/snapshots.rb:199 calling as root: cat /etc/resolv.conf call returned: [0, "nameserver 127.0.0.1\n", ""] And the system DNS is using the local DNS resolver # features/step_definitions/tor.rb:232 And the network is plugged # features/step_definitions/common_steps.rb:159 calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [0, "", ""] calling as root: test -e /var/run/tordate/done call returned: [1, "", ""] calling as root: test -e /var/run/tordate/done call returned: [0, "", ""] calling as root: test -e /var/run/htpdate/success call returned: [1, "", ""] calling as root: test -e /var/run/htpdate/success call returned: [1, "", ""] calling as root: test -e /var/run/htpdate/success call returned: [1, "", ""] calling as root: test -e /var/run/htpdate/success call returned: [1, "", ""] calling as root: test -e /var/run/htpdate/success call returned: [1, "", ""] calling as root: test -e /var/run/htpdate/success call returned: [1, "", ""] calling as root: test -e /var/run/htpdate/success call returned: [1, "", ""] calling as root: test -e /var/run/htpdate/success call returned: [1, "", ""] calling as root: test -e /var/run/htpdate/success call returned: [0, "", ""] calling as root: systemctl is-system-running call returned: [0, "running\n", ""] And Tor is ready # features/step_definitions/common_steps.rb:373 calling as root: cat /etc/resolv.conf call returned: [0, "nameserver 127.0.0.1\n", ""] Then the system DNS is still using the local DNS resolver # features/step_definitions/tor.rb:232 @product @check_tor_leaks Feature: Tor stream isolation is effective As a Tails user I want my Torified sessions to be sensibly isolated from each other to prevent identity correlation Background: # features/tor_stream_isolation.feature:6 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [0, "", ""] calling as root: systemctl --quiet is-active tor@default.service call returned: [0, "", ""] calling as root: systemctl stop tor@default.service call returned: [0, "", ""] calling as root: rm -f /var/log/tor/log call returned: [0, "", ""] calling as root: systemctl --no-block restart tails-tor-has-bootstrapped.target call returned: [0, "", ""] calling as root: date -s '@1465818670' call returned: [0, "Mon Jun 13 11:51:10 UTC 2016\n", ""] spawning as root: restart-tor calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [0, "", ""] calling as root: cat /proc/cmdline call returned: [0, "BOOT_IMAGE=/live/vmlinuz2 initrd=/live/initrd2.img boot=live config live-media=removable apparmor=1 security=apparmor nopersistence noprompt timezone=Etc/UTC block.events_dfl_poll_msecs=1000 splash noautologin module=Tails slab_nomerge slub_debug=FZ mce=0 vsyscall=none quiet autotest_never_use_this_option blacklist=psmouse \n", ""] Given I have started Tails from DVD and logged in and the network is connected # features/step_definitions/snapshots.rb:199 Scenario: tails-security-check is using the Tails-specific SocksPort # features/tor_stream_isolation.feature:9 spawning as root: while true; do netstat -taupen | grep "\.\+/perl\>"; sleep 0.1; done > /tmp/netstat.log When I monitor the network connections of tails-security-check # features/step_definitions/tor.rb:281 calling as amnesia: tails-security-check call returned: [0, "", ""] And I re-run tails-security-check # features/step_definitions/tor.rb:305 calling as root: cat /tmp/netstat.log call returned: [0, "tcp 0 0 127.0.0.1:59977 127.0.0.1:9062 ESTABLISHED 1000 41254 4450/perl \ntcp 0 0 127.0.0.1:59977 127.0.0.1:9062 ESTABLISHED 1000 41254 4450/perl \ntcp 0 181 127.0.0.1:59977 127.0.0.1:9062 ESTABLISHED 1000 41254 4450/perl \n", ""] Then I see that tails-security-check is properly stream isolated # features/step_definitions/tor.rb:290 Scenario: htpdate is using the Tails-specific SocksPort # features/tor_stream_isolation.feature:14 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [0, "", ""] calling as root: systemctl --quiet is-active tor@default.service call returned: [0, "", ""] calling as root: systemctl stop tor@default.service call returned: [0, "", ""] calling as root: rm -f /var/log/tor/log call returned: [0, "", ""] calling as root: systemctl --no-block restart tails-tor-has-bootstrapped.target call returned: [0, "", ""] calling as root: date -s '@1465818682' call returned: [0, "Mon Jun 13 11:51:22 UTC 2016\n", ""] spawning as root: restart-tor calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [0, "", ""] calling as root: cat /proc/cmdline call returned: [0, "BOOT_IMAGE=/live/vmlinuz2 initrd=/live/initrd2.img boot=live config live-media=removable apparmor=1 security=apparmor nopersistence noprompt timezone=Etc/UTC block.events_dfl_poll_msecs=1000 splash noautologin module=Tails slab_nomerge slub_debug=FZ mce=0 vsyscall=none quiet autotest_never_use_this_option blacklist=psmouse \n", ""] spawning as root: while true; do netstat -taupen | grep "/curl\>"; sleep 0.1; done > /tmp/netstat.log When I monitor the network connections of htpdate # features/step_definitions/tor.rb:281 calling as root: service htpdate stop && rm -f /var/run/htpdate/* && systemctl --no-block start htpdate.service call returned: [0, "", ""] calling as root: test -e /var/run/tordate/done call returned: [0, "", ""] calling as root: test -e /var/run/htpdate/success call returned: [1, "", ""] calling as root: test -e /var/run/htpdate/success call returned: [1, "", ""] calling as root: test -e /var/run/htpdate/success call returned: [0, "", ""] And I re-run htpdate # features/step_definitions/tor.rb:309 calling as root: cat /tmp/netstat.log call returned: [0, "tcp 0 18 127.0.0.1:59978 127.0.0.1:9062 ESTABLISHED 118 42686 4574/curl \ntcp 0 0 127.0.0.1:59980 127.0.0.1:9062 ESTABLISHED 118 42722 4581/curl \ntcp 0 0 127.0.0.1:59979 127.0.0.1:9062 ESTABLISHED 118 42715 4578/curl \ntcp 0 0 127.0.0.1:59978 127.0.0.1:9062 ESTABLISHED 118 42686 4574/curl \ntcp 0 0 127.0.0.1:59980 127.0.0.1:9062 ESTABLISHED 118 42722 4581/curl \ntcp 0 0 127.0.0.1:59979 127.0.0.1:9062 ESTABLISHED 118 42715 4578/curl \ntcp 0 0 127.0.0.1:59978 127.0.0.1:9062 ESTABLISHED 118 42686 4574/curl \ntcp 0 0 127.0.0.1:59980 127.0.0.1:9062 ESTABLISHED 118 42722 4581/curl \ntcp 0 0 127.0.0.1:59979 127.0.0.1:9062 ESTABLISHED 118 42715 4578/curl \ntcp 0 0 127.0.0.1:59980 127.0.0.1:9062 ESTABLISHED 118 42722 4581/curl \ntcp 0 0 127.0.0.1:59979 127.0.0.1:9062 ESTABLISHED 118 42715 4578/curl \ntcp 0 0 127.0.0.1:59980 127.0.0.1:9062 ESTABLISHED 118 42722 4581/curl \ntcp 0 0 127.0.0.1:59980 127.0.0.1:9062 ESTABLISHED 118 42722 4581/curl \n", ""] Then I see that htpdate is properly stream isolated # features/step_definitions/tor.rb:290 Scenario: tails-upgrade-frontend-wrapper is using the Tails-specific SocksPort # features/tor_stream_isolation.feature:19 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [0, "", ""] calling as root: systemctl --quiet is-active tor@default.service call returned: [0, "", ""] calling as root: systemctl stop tor@default.service call returned: [0, "", ""] calling as root: rm -f /var/log/tor/log call returned: [0, "", ""] calling as root: systemctl --no-block restart tails-tor-has-bootstrapped.target call returned: [0, "", ""] calling as root: date -s '@1465818697' call returned: [0, "Mon Jun 13 11:51:37 UTC 2016\n", ""] spawning as root: restart-tor calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [0, "", ""] calling as root: cat /proc/cmdline call returned: [0, "BOOT_IMAGE=/live/vmlinuz2 initrd=/live/initrd2.img boot=live config live-media=removable apparmor=1 security=apparmor nopersistence noprompt timezone=Etc/UTC block.events_dfl_poll_msecs=1000 splash noautologin module=Tails slab_nomerge slub_debug=FZ mce=0 vsyscall=none quiet autotest_never_use_this_option blacklist=psmouse \n", ""] spawning as root: while true; do netstat -taupen | grep "\.\+/perl\>"; sleep 0.1; done > /tmp/netstat.log When I monitor the network connections of tails-upgrade-frontend-wrapper # features/step_definitions/tor.rb:281 calling as amnesia: tails-upgrade-frontend-wrapper call returned: [0, "localuser:tails-upgrade-frontend being added to access control list\nThe system is up-to-date\nlocaluser:tails-upgrade-frontend being removed from access control list\n", "Prototype mismatch: sub Tails::MirrorPool::assert ($;$) vs none at /usr/share/perl5/Tails/MirrorPool.pm line 28.\nPrototype mismatch: sub Tails::IUK::Frontend::assert ($;$) vs none at /usr/share/perl5/Tails/IUK/Frontend.pm line 42.\n"] And I re-run tails-upgrade-frontend-wrapper # features/step_definitions/tor.rb:316 calling as root: cat /tmp/netstat.log call returned: [0, "tcp 0 0 127.0.0.1:59978 127.0.0.1:9062 ESTABLISHED 122 45687 5351/perl \ntcp 0 0 127.0.0.1:59979 127.0.0.1:9062 ESTABLISHED 122 45704 5351/perl \ntcp 0 0 127.0.0.1:59979 127.0.0.1:9062 ESTABLISHED 122 45704 5351/perl \n", ""] Then I see that tails-upgrade-frontend-wrapper is properly stream isolated # features/step_definitions/tor.rb:290 Scenario: The Tor Browser is using the web browser-specific SocksPort # features/tor_stream_isolation.feature:24 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [0, "", ""] calling as root: systemctl --quiet is-active tor@default.service call returned: [0, "", ""] calling as root: systemctl stop tor@default.service call returned: [0, "", ""] calling as root: rm -f /var/log/tor/log call returned: [0, "", ""] calling as root: systemctl --no-block restart tails-tor-has-bootstrapped.target call returned: [0, "", ""] calling as root: date -s '@1465818744' call returned: [0, "Mon Jun 13 11:52:24 UTC 2016\n", ""] spawning as root: restart-tor calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [0, "", ""] calling as root: cat /proc/cmdline call returned: [0, "BOOT_IMAGE=/live/vmlinuz2 initrd=/live/initrd2.img boot=live config live-media=removable apparmor=1 security=apparmor nopersistence noprompt timezone=Etc/UTC block.events_dfl_poll_msecs=1000 splash noautologin module=Tails slab_nomerge slub_debug=FZ mce=0 vsyscall=none quiet autotest_never_use_this_option blacklist=psmouse \n", ""] spawning as root: while true; do netstat -taupen | grep "/firefox\>"; sleep 0.1; done > /tmp/netstat.log When I monitor the network connections of Tor Browser # features/step_definitions/tor.rb:281 calling as amnesia: mktemp call returned: [0, "/tmp/tmp.JOAuHGgzLC\n", ""] calling as root: rm -f '/tmp/tmp.JOAuHGgzLC' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Applications'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.JOAuHGgzLC' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.JOAuHGgzLC' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.JOAuHGgzLC_20160613-115230_debug ...\nClicking on [label | Applications]\nMouse button 1 click at (47,13)\n", ""] calling as root: rm -f '/tmp/tmp.JOAuHGgzLC' call returned: [0, "", ""] calling as amnesia: mktemp call returned: [0, "/tmp/tmp.PDPjI4Ct78\n", ""] calling as root: rm -f '/tmp/tmp.PDPjI4Ct78' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Internet'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.PDPjI4Ct78' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.PDPjI4Ct78' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.PDPjI4Ct78_20160613-115233_debug ...\nClicking on [label | Internet]\nMouse button 1 click at (59,166)\n", ""] calling as root: rm -f '/tmp/tmp.PDPjI4Ct78' call returned: [0, "", ""] calling as amnesia: mktemp call returned: [0, "/tmp/tmp.k1fNF3iFrX\n", ""] calling as root: rm -f '/tmp/tmp.k1fNF3iFrX' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Tor Browser'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.k1fNF3iFrX' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.k1fNF3iFrX' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.k1fNF3iFrX_20160613-115237_debug ...\nClicking on [label | Tor Browser]\nMouse button 1 click at (297,336)\n", ""] calling as root: rm -f '/tmp/tmp.k1fNF3iFrX' call returned: [0, "", ""] And I start the Tor Browser # features/step_definitions/common_steps.rb:558 calling as amnesia: mktemp call returned: [0, "/tmp/tmp.XOPy6aPRy4\n", ""] calling as root: rm -f '/tmp/tmp.XOPy6aPRy4' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'Firefox'"'"') application.child('"'"'Tails - News - Tor Browser'"'"', roleName='"'"'frame'"'"')' >> '/tmp/tmp.XOPy6aPRy4' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.XOPy6aPRy4' call returned: [0, "", ""] calling as root: rm -f '/tmp/tmp.XOPy6aPRy4' call returned: [0, "", ""] calling as amnesia: mktemp call returned: [0, "/tmp/tmp.Pd0rPST5g3\n", ""] calling as root: rm -f '/tmp/tmp.Pd0rPST5g3' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'Firefox'"'"') application.child('"'"'Reload current page'"'"', roleName='"'"'push button'"'"')' >> '/tmp/tmp.Pd0rPST5g3' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.Pd0rPST5g3' call returned: [0, "", ""] calling as root: rm -f '/tmp/tmp.Pd0rPST5g3' call returned: [0, "", ""] And the Tor Browser has started and loaded the startup page # features/step_definitions/common_steps.rb:403 calling as root: cat /tmp/netstat.log call returned: [0, "tcp 0 0 127.0.0.1:47662 127.0.0.1:9150 ESTABLISHED 1000 46387 4929/firefox \ntcp 0 0 127.0.0.1:47662 127.0.0.1:9150 ESTABLISHED 1000 46387 4929/firefox \ntcp 0 0 127.0.0.1:47662 127.0.0.1:9150 ESTABLISHED 1000 46387 4929/firefox \ntcp 0 0 127.0.0.1:47662 127.0.0.1:9150 ESTABLISHED 1000 46387 4929/firefox \ntcp 0 0 127.0.0.1:47662 127.0.0.1:9150 ESTABLISHED 1000 46387 4929/firefox \ntcp 0 0 127.0.0.1:47662 127.0.0.1:9150 ESTABLISHED 1000 46387 4929/firefox \ntcp 0 0 127.0.0.1:47662 127.0.0.1:9150 ESTABLISHED 1000 46387 4929/firefox \ntcp 0 0 127.0.0.1:47662 127.0.0.1:9150 ESTABLISHED 1000 46387 4929/firefox \ntcp 0 0 127.0.0.1:47662 127.0.0.1:9150 ESTABLISHED 1000 46387 4929/firefox \ntcp 0 0 127.0.0.1:47662 127.0.0.1:9150 ESTABLISHED 1000 46387 4929/firefox \ntcp 0 0 127.0.0.1:47662 127.0.0.1:9150 ESTABLISHED 1000 46387 4929/firefox \ntcp 0 0 127.0.0.1:47662 127.0.0.1:9150 ESTABLISHED 1000 46387 4929/firefox \ntcp 0 0 127.0.0.1:47662 127.0.0.1:9150 ESTABLISHED 1000 46387 4929/firefox \ntcp 0 0 127.0.0.1:47662 127.0.0.1:9150 ESTABLISHED 1000 46387 4929/firefox \ntcp 0 0 127.0.0.1:47662 127.0.0.1:9150 ESTABLISHED 1000 46387 4929/firefox \ntcp 0 0 127.0.0.1:47662 127.0.0.1:9150 ESTABLISHED 1000 46387 4929/firefox \ntcp 0 0 127.0.0.1:47662 127.0.0.1:9150 ESTABLISHED 1000 46387 4929/firefox \ntcp 0 0 127.0.0.1:47662 127.0.0.1:9150 ESTABLISHED 1000 46387 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47662 127.0.0.1:9150 ESTABLISHED 1000 46387 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47662 127.0.0.1:9150 ESTABLISHED 1000 46387 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47662 127.0.0.1:9150 ESTABLISHED 1000 46387 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47662 127.0.0.1:9150 ESTABLISHED 1000 46387 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47662 127.0.0.1:9150 ESTABLISHED 1000 46387 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47662 127.0.0.1:9150 ESTABLISHED 1000 46387 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47662 127.0.0.1:9150 ESTABLISHED 1000 46387 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47662 127.0.0.1:9150 ESTABLISHED 1000 46387 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47662 127.0.0.1:9150 ESTABLISHED 1000 46387 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47662 127.0.0.1:9150 ESTABLISHED 1000 46387 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47662 127.0.0.1:9150 ESTABLISHED 1000 46387 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47662 127.0.0.1:9150 ESTABLISHED 1000 46387 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47662 127.0.0.1:9150 ESTABLISHED 1000 46387 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47662 127.0.0.1:9150 ESTABLISHED 1000 46387 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47662 127.0.0.1:9150 ESTABLISHED 1000 46387 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47662 127.0.0.1:9150 ESTABLISHED 1000 46387 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47662 127.0.0.1:9150 ESTABLISHED 1000 46387 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47662 127.0.0.1:9150 ESTABLISHED 1000 46387 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47662 127.0.0.1:9150 ESTABLISHED 1000 46387 4929/firefox \ntcp 0 0 127.0.0.1:47664 127.0.0.1:9150 ESTABLISHED 1000 46949 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47662 127.0.0.1:9150 ESTABLISHED 1000 46387 4929/firefox \ntcp 0 0 127.0.0.1:47664 127.0.0.1:9150 ESTABLISHED 1000 46949 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47662 127.0.0.1:9150 ESTABLISHED 1000 46387 4929/firefox \ntcp 0 0 127.0.0.1:47664 127.0.0.1:9150 ESTABLISHED 1000 46949 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47662 127.0.0.1:9150 ESTABLISHED 1000 46387 4929/firefox \ntcp 0 0 127.0.0.1:47664 127.0.0.1:9150 ESTABLISHED 1000 46949 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47662 127.0.0.1:9150 ESTABLISHED 1000 46387 4929/firefox \ntcp 0 0 127.0.0.1:47664 127.0.0.1:9150 ESTABLISHED 1000 46949 4929/firefox \ntcp 0 0 127.0.0.1:47665 127.0.0.1:9150 ESTABLISHED 1000 47007 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47666 127.0.0.1:9150 ESTABLISHED 1000 47009 4929/firefox \ntcp 0 0 127.0.0.1:47662 127.0.0.1:9150 ESTABLISHED 1000 46387 4929/firefox \ntcp 0 0 127.0.0.1:47664 127.0.0.1:9150 ESTABLISHED 1000 46949 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47666 127.0.0.1:9150 ESTABLISHED 1000 47009 4929/firefox \ntcp 0 0 127.0.0.1:47662 127.0.0.1:9150 ESTABLISHED 1000 46387 4929/firefox \ntcp 0 0 127.0.0.1:47664 127.0.0.1:9150 ESTABLISHED 1000 46949 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47666 127.0.0.1:9150 ESTABLISHED 1000 47009 4929/firefox \ntcp 0 0 127.0.0.1:47662 127.0.0.1:9150 ESTABLISHED 1000 46387 4929/firefox \ntcp 0 0 127.0.0.1:47664 127.0.0.1:9150 ESTABLISHED 1000 46949 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47666 127.0.0.1:9150 ESTABLISHED 1000 47009 4929/firefox \ntcp 0 0 127.0.0.1:47662 127.0.0.1:9150 ESTABLISHED 1000 46387 4929/firefox \ntcp 0 0 127.0.0.1:47664 127.0.0.1:9150 ESTABLISHED 1000 46949 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 341 127.0.0.1:47666 127.0.0.1:9150 ESTABLISHED 1000 47009 4929/firefox \ntcp 0 0 127.0.0.1:47662 127.0.0.1:9150 ESTABLISHED 1000 46387 4929/firefox \ntcp 0 0 127.0.0.1:47664 127.0.0.1:9150 ESTABLISHED 1000 46949 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47666 127.0.0.1:9150 ESTABLISHED 1000 47009 4929/firefox \ntcp 0 0 127.0.0.1:47662 127.0.0.1:9150 ESTABLISHED 1000 46387 4929/firefox \ntcp 0 0 127.0.0.1:47664 127.0.0.1:9150 ESTABLISHED 1000 46949 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47666 127.0.0.1:9150 ESTABLISHED 1000 47009 4929/firefox \ntcp 0 0 127.0.0.1:47662 127.0.0.1:9150 ESTABLISHED 1000 46387 4929/firefox \ntcp 0 0 127.0.0.1:47664 127.0.0.1:9150 ESTABLISHED 1000 46949 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47666 127.0.0.1:9150 ESTABLISHED 1000 47009 4929/firefox \ntcp 0 0 127.0.0.1:47662 127.0.0.1:9150 ESTABLISHED 1000 46387 4929/firefox \ntcp 0 341 127.0.0.1:47664 127.0.0.1:9150 ESTABLISHED 1000 46949 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47666 127.0.0.1:9150 ESTABLISHED 1000 47009 4929/firefox \ntcp 0 0 127.0.0.1:47662 127.0.0.1:9150 ESTABLISHED 1000 46387 4929/firefox \ntcp 0 0 127.0.0.1:47664 127.0.0.1:9150 ESTABLISHED 1000 46949 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47666 127.0.0.1:9150 ESTABLISHED 1000 47009 4929/firefox \ntcp 0 0 127.0.0.1:47662 127.0.0.1:9150 ESTABLISHED 1000 46387 4929/firefox \ntcp 0 0 127.0.0.1:47664 127.0.0.1:9150 ESTABLISHED 1000 46949 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47666 127.0.0.1:9150 ESTABLISHED 1000 47009 4929/firefox \ntcp 0 0 127.0.0.1:47662 127.0.0.1:9150 ESTABLISHED 1000 46387 4929/firefox \ntcp 0 0 127.0.0.1:47664 127.0.0.1:9150 ESTABLISHED 1000 46949 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47666 127.0.0.1:9150 ESTABLISHED 1000 47009 4929/firefox \ntcp 0 0 127.0.0.1:47664 127.0.0.1:9150 ESTABLISHED 1000 46949 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47666 127.0.0.1:9150 ESTABLISHED 1000 47009 4929/firefox \ntcp 0 0 127.0.0.1:47664 127.0.0.1:9150 ESTABLISHED 1000 46949 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47666 127.0.0.1:9150 ESTABLISHED 1000 47009 4929/firefox \ntcp 0 0 127.0.0.1:47664 127.0.0.1:9150 ESTABLISHED 1000 46949 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 357 127.0.0.1:47666 127.0.0.1:9150 ESTABLISHED 1000 47009 4929/firefox \ntcp 0 405 127.0.0.1:47664 127.0.0.1:9150 ESTABLISHED 1000 46949 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47666 127.0.0.1:9150 ESTABLISHED 1000 47009 4929/firefox \ntcp 0 0 127.0.0.1:47664 127.0.0.1:9150 ESTABLISHED 1000 46949 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47666 127.0.0.1:9150 ESTABLISHED 1000 47009 4929/firefox \ntcp 0 0 127.0.0.1:47664 127.0.0.1:9150 ESTABLISHED 1000 46949 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47666 127.0.0.1:9150 ESTABLISHED 1000 47009 4929/firefox \ntcp 0 0 127.0.0.1:47664 127.0.0.1:9150 ESTABLISHED 1000 46949 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47666 127.0.0.1:9150 ESTABLISHED 1000 47009 4929/firefox \ntcp 0 0 127.0.0.1:47664 127.0.0.1:9150 ESTABLISHED 1000 46949 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47666 127.0.0.1:9150 ESTABLISHED 1000 47009 4929/firefox \ntcp 0 0 127.0.0.1:47664 127.0.0.1:9150 ESTABLISHED 1000 46949 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47666 127.0.0.1:9150 ESTABLISHED 1000 47009 4929/firefox \ntcp 0 0 127.0.0.1:47664 127.0.0.1:9150 ESTABLISHED 1000 46949 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47666 127.0.0.1:9150 ESTABLISHED 1000 47009 4929/firefox \ntcp 0 0 127.0.0.1:47664 127.0.0.1:9150 ESTABLISHED 1000 46949 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47666 127.0.0.1:9150 ESTABLISHED 1000 47009 4929/firefox \ntcp 0 0 127.0.0.1:47664 127.0.0.1:9150 ESTABLISHED 1000 46949 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47666 127.0.0.1:9150 ESTABLISHED 1000 47009 4929/firefox \ntcp 0 0 127.0.0.1:47664 127.0.0.1:9150 ESTABLISHED 1000 46949 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47666 127.0.0.1:9150 ESTABLISHED 1000 47009 4929/firefox \ntcp 0 0 127.0.0.1:47664 127.0.0.1:9150 ESTABLISHED 1000 46949 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47666 127.0.0.1:9150 ESTABLISHED 1000 47009 4929/firefox \ntcp 0 0 127.0.0.1:47664 127.0.0.1:9150 ESTABLISHED 1000 46949 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47666 127.0.0.1:9150 ESTABLISHED 1000 47009 4929/firefox \ntcp 0 0 127.0.0.1:47664 127.0.0.1:9150 ESTABLISHED 1000 46949 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47666 127.0.0.1:9150 ESTABLISHED 1000 47009 4929/firefox \ntcp 0 0 127.0.0.1:47664 127.0.0.1:9150 ESTABLISHED 1000 46949 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47666 127.0.0.1:9150 ESTABLISHED 1000 47009 4929/firefox \ntcp 0 0 127.0.0.1:47664 127.0.0.1:9150 ESTABLISHED 1000 46949 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47666 127.0.0.1:9150 ESTABLISHED 1000 47009 4929/firefox \ntcp 0 0 127.0.0.1:47664 127.0.0.1:9150 ESTABLISHED 1000 46949 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47666 127.0.0.1:9150 ESTABLISHED 1000 47009 4929/firefox \ntcp 0 0 127.0.0.1:47664 127.0.0.1:9150 ESTABLISHED 1000 46949 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47666 127.0.0.1:9150 ESTABLISHED 1000 47009 4929/firefox \ntcp 0 0 127.0.0.1:47664 127.0.0.1:9150 ESTABLISHED 1000 46949 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47666 127.0.0.1:9150 ESTABLISHED 1000 47009 4929/firefox \ntcp 0 0 127.0.0.1:47664 127.0.0.1:9150 ESTABLISHED 1000 46949 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47666 127.0.0.1:9150 ESTABLISHED 1000 47009 4929/firefox \ntcp 0 0 127.0.0.1:47664 127.0.0.1:9150 ESTABLISHED 1000 46949 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47666 127.0.0.1:9150 ESTABLISHED 1000 47009 4929/firefox \ntcp 0 0 127.0.0.1:47664 127.0.0.1:9150 ESTABLISHED 1000 46949 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47666 127.0.0.1:9150 ESTABLISHED 1000 47009 4929/firefox \ntcp 0 0 127.0.0.1:47664 127.0.0.1:9150 ESTABLISHED 1000 46949 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47666 127.0.0.1:9150 ESTABLISHED 1000 47009 4929/firefox \ntcp 0 0 127.0.0.1:47664 127.0.0.1:9150 ESTABLISHED 1000 46949 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47666 127.0.0.1:9150 ESTABLISHED 1000 47009 4929/firefox \ntcp 0 0 127.0.0.1:47664 127.0.0.1:9150 ESTABLISHED 1000 46949 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47666 127.0.0.1:9150 ESTABLISHED 1000 47009 4929/firefox \ntcp 0 0 127.0.0.1:47664 127.0.0.1:9150 ESTABLISHED 1000 46949 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47666 127.0.0.1:9150 ESTABLISHED 1000 47009 4929/firefox \ntcp 0 0 127.0.0.1:47664 127.0.0.1:9150 ESTABLISHED 1000 46949 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47666 127.0.0.1:9150 ESTABLISHED 1000 47009 4929/firefox \ntcp 0 0 127.0.0.1:47664 127.0.0.1:9150 ESTABLISHED 1000 46949 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47666 127.0.0.1:9150 ESTABLISHED 1000 47009 4929/firefox \ntcp 0 0 127.0.0.1:47664 127.0.0.1:9150 ESTABLISHED 1000 46949 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47666 127.0.0.1:9150 ESTABLISHED 1000 47009 4929/firefox \ntcp 0 0 127.0.0.1:47664 127.0.0.1:9150 ESTABLISHED 1000 46949 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47666 127.0.0.1:9150 ESTABLISHED 1000 47009 4929/firefox \ntcp 0 0 127.0.0.1:47664 127.0.0.1:9150 ESTABLISHED 1000 46949 4929/firefox \ntcp 0 0 127.0.0.1:47663 127.0.0.1:9150 ESTABLISHED 1000 46653 4929/firefox \ntcp 0 0 127.0.0.1:47666 127.0.0.1:9150 ESTABLISHED 1000 47009 4929/firefox \n", ""] Then I see that Tor Browser is properly stream isolated # features/step_definitions/tor.rb:290 Scenario: SSH is using the default SocksPort # features/tor_stream_isolation.feature:37 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [0, "", ""] calling as root: systemctl --quiet is-active tor@default.service call returned: [0, "", ""] calling as root: systemctl stop tor@default.service call returned: [0, "", ""] calling as root: rm -f /var/log/tor/log call returned: [0, "", ""] calling as root: systemctl --no-block restart tails-tor-has-bootstrapped.target call returned: [0, "", ""] calling as root: date -s '@1465818794' call returned: [0, "Mon Jun 13 11:53:14 UTC 2016\n", ""] spawning as root: restart-tor calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [0, "", ""] calling as root: cat /proc/cmdline call returned: [0, "BOOT_IMAGE=/live/vmlinuz2 initrd=/live/initrd2.img boot=live config live-media=removable apparmor=1 security=apparmor nopersistence noprompt timezone=Etc/UTC block.events_dfl_poll_msecs=1000 splash noautologin module=Tails slab_nomerge slub_debug=FZ mce=0 vsyscall=none quiet autotest_never_use_this_option blacklist=psmouse \n", ""] spawning as root: while true; do netstat -taupen | grep "/\(connect-proxy\|ssh\)\>"; sleep 0.1; done > /tmp/netstat.log When I monitor the network connections of SSH # features/step_definitions/tor.rb:281 calling as root: pidof -x -o '%PPID' gnome-terminal-server call returned: [1, "", ""] calling as amnesia: mktemp call returned: [0, "/tmp/tmp.GMBpM0zK31\n", ""] calling as root: rm -f '/tmp/tmp.GMBpM0zK31' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Applications'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.GMBpM0zK31' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.GMBpM0zK31' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.GMBpM0zK31_20160613-115321_debug ...\nClicking on [label | Applications]\nMouse button 1 click at (47,13)\n", ""] calling as root: rm -f '/tmp/tmp.GMBpM0zK31' call returned: [0, "", ""] calling as amnesia: mktemp call returned: [0, "/tmp/tmp.lpZ3U3h6vk\n", ""] calling as root: rm -f '/tmp/tmp.lpZ3U3h6vk' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Utilities'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.lpZ3U3h6vk' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.lpZ3U3h6vk' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.lpZ3U3h6vk_20160613-115325_debug ...\nClicking on [label | Utilities]\nMouse button 1 click at (58,430)\n", ""] calling as root: rm -f '/tmp/tmp.lpZ3U3h6vk' call returned: [0, "", ""] calling as amnesia: mktemp call returned: [0, "/tmp/tmp.L05r4vDFMF\n", ""] calling as root: rm -f '/tmp/tmp.L05r4vDFMF' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Terminal'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.L05r4vDFMF' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.L05r4vDFMF' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.L05r4vDFMF_20160613-115329_debug ...\nClicking on [label | Terminal]\nMouse button 1 click at (286,468)\n", ""] calling as root: rm -f '/tmp/tmp.L05r4vDFMF' call returned: [0, "", ""] [log] TYPE "ssh lizard.tails.boum.org " And I run "ssh lizard.tails.boum.org" in GNOME Terminal # features/step_definitions/common_steps.rb:619 And I see "SSHAuthVerification.png" after at most 60 seconds # features/step_definitions/common_steps.rb:459 calling as root: cat /tmp/netstat.log call returned: [0, "tcp 0 1968 127.0.0.1:51275 127.0.0.1:9050 ESTABLISHED 1000 46260 5130/connect-proxy\ntcp 0 0 127.0.0.1:51275 127.0.0.1:9050 ESTABLISHED 1000 46260 5130/connect-proxy\ntcp 0 0 127.0.0.1:51275 127.0.0.1:9050 ESTABLISHED 1000 46260 5130/connect-proxy\ntcp 0 0 127.0.0.1:51275 127.0.0.1:9050 ESTABLISHED 1000 46260 5130/connect-proxy\ntcp 0 0 127.0.0.1:51275 127.0.0.1:9050 ESTABLISHED 1000 46260 5130/connect-proxy\ntcp 0 0 127.0.0.1:51275 127.0.0.1:9050 ESTABLISHED 1000 46260 5130/connect-proxy\n", ""] Then I see that SSH is properly stream isolated # features/step_definitions/tor.rb:290 Scenario: whois lookups use the default SocksPort # features/tor_stream_isolation.feature:43 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [0, "", ""] calling as root: systemctl --quiet is-active tor@default.service call returned: [0, "", ""] calling as root: systemctl stop tor@default.service call returned: [0, "", ""] calling as root: rm -f /var/log/tor/log call returned: [0, "", ""] calling as root: systemctl --no-block restart tails-tor-has-bootstrapped.target call returned: [0, "", ""] calling as root: date -s '@1465818823' call returned: [0, "Mon Jun 13 11:53:43 UTC 2016\n", ""] spawning as root: restart-tor calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [0, "", ""] calling as root: cat /proc/cmdline call returned: [0, "BOOT_IMAGE=/live/vmlinuz2 initrd=/live/initrd2.img boot=live config live-media=removable apparmor=1 security=apparmor nopersistence noprompt timezone=Etc/UTC block.events_dfl_poll_msecs=1000 splash noautologin module=Tails slab_nomerge slub_debug=FZ mce=0 vsyscall=none quiet autotest_never_use_this_option blacklist=psmouse \n", ""] spawning as root: while true; do netstat -taupen | grep "/whois\>"; sleep 0.1; done > /tmp/netstat.log When I monitor the network connections of whois # features/step_definitions/tor.rb:281 calling as amnesia: whois 'boum.org' call returned: [0, "Domain Name: BOUM.ORG\nDomain ID: D103677623-LROR\nWHOIS Server:\nReferral URL: http://www.gandi.net\nUpdated Date: 2011-11-21T00:31:40Z\nCreation Date: 2004-01-07T17:49:42Z\nRegistry Expiry Date: 2019-01-07T17:49:42Z\nSponsoring Registrar: Gandi SAS\nSponsoring Registrar IANA ID: 81\nDomain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited\nRegistrant ID: O-811294-GANDI\nRegistrant Name: Ben voui\nRegistrant Organization: Ben voui\nRegistrant Street: 5 rue Orfila\nRegistrant City: Paris\nRegistrant State/Province:\nRegistrant Postal Code: 75020\nRegistrant Country: FR\nRegistrant Phone: +33.143664644\nRegistrant Phone Ext:\nRegistrant Fax:\nRegistrant Fax Ext:\nRegistrant Email: 600dcd01d46cf5fe42f3e8fd48edf086-599038@contact.gandi.net\nAdmin ID: BV222-GANDI\nAdmin Name: Ben voui\nAdmin Organization:\nAdmin Street: 5 rue Orfila\nAdmin City: Paris\nAdmin State/Province:\nAdmin Postal Code: 75020\nAdmin Country: FR\nAdmin Phone: +33.143664644\nAdmin Phone Ext:\nAdmin Fax:\nAdmin Fax Ext:\nAdmin Email: 60a04aeab747f1964c5ee769feac8cba-203074@contact.gandi.net\nTech ID: BV222-GANDI\nTech Name: Ben voui\nTech Organization:\nTech Street: 5 rue Orfila\nTech City: Paris\nTech State/Province:\nTech Postal Code: 75020\nTech Country: FR\nTech Phone: +33.143664644\nTech Phone Ext:\nTech Fax:\nTech Fax Ext:\nTech Email: 60a04aeab747f1964c5ee769feac8cba-203074@contact.gandi.net\nName Server: NS.BOUM.ORG\nName Server: NS2.BOUM.ORG\nDNSSEC: unsigned\n>>> Last update of WHOIS database: 2016-06-10T13:47:39Z <<<\n\nFor more information on Whois status codes, please visit https://icann.org/epp\n\nAccess to Public Interest Registry WHOIS information is provided to assist persons in determining the contents of a domain name registration record in the Public Interest Registry registry database. The data in this record is provided by Public Interest Registry for informational purposes only, and Public Interest Registry does not guarantee its accuracy. This service is intended only for query-based access. You agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to(a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator, a Registrar, or Afilias except as reasonably necessary to register domain names or modify existing registrations. All rights reserved. Public Interest Registry reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy.\n", ""] And I query the whois directory service for "boum.org" # features/step_definitions/torified_misc.rb:1 And the whois command is successful # features/step_definitions/torified_misc.rb:25 calling as root: cat /tmp/netstat.log call returned: [0, "tcp 0 0 127.0.0.1:51276 127.0.0.1:9050 ESTABLISHED 1000 41497 4477/whois \ntcp 0 0 127.0.0.1:51276 127.0.0.1:9050 ESTABLISHED 1000 41497 4477/whois \ntcp 0 0 127.0.0.1:51276 127.0.0.1:9050 ESTABLISHED 1000 41497 4477/whois \ntcp 0 0 127.0.0.1:51276 127.0.0.1:9050 ESTABLISHED 1000 41497 4477/whois \ntcp 0 0 127.0.0.1:51276 127.0.0.1:9050 ESTABLISHED 1000 41497 4477/whois \ntcp 0 0 127.0.0.1:51276 127.0.0.1:9050 ESTABLISHED 1000 41497 4477/whois \ntcp 0 0 127.0.0.1:51276 127.0.0.1:9050 ESTABLISHED 1000 41497 4477/whois \ntcp 0 10 127.0.0.1:51277 127.0.0.1:9050 ESTABLISHED 1000 41607 4477/whois \ntcp 0 0 127.0.0.1:51277 127.0.0.1:9050 ESTABLISHED 1000 41607 4477/whois \n", ""] Then I see that whois is properly stream isolated # features/step_definitions/tor.rb:290 @product Feature: Browsing the web using the Tor Browser As a Tails user when I browse the web using the Tor Browser all Internet traffic should flow only through Tor Scenario: The Tor Browser cannot access the LAN # features/torified_browsing.feature:7 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [0, "", ""] calling as root: systemctl --quiet is-active tor@default.service call returned: [0, "", ""] calling as root: systemctl stop tor@default.service call returned: [0, "", ""] calling as root: rm -f /var/log/tor/log call returned: [0, "", ""] calling as root: systemctl --no-block restart tails-tor-has-bootstrapped.target call returned: [0, "", ""] calling as root: date -s '@1465818837' call returned: [0, "Mon Jun 13 11:53:57 UTC 2016\n", ""] spawning as root: restart-tor calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [0, "", ""] calling as root: cat /proc/cmdline call returned: [0, "BOOT_IMAGE=/live/vmlinuz2 initrd=/live/initrd2.img boot=live config live-media=removable apparmor=1 security=apparmor nopersistence noprompt timezone=Etc/UTC block.events_dfl_poll_msecs=1000 splash noautologin module=Tails slab_nomerge slub_debug=FZ mce=0 vsyscall=none quiet autotest_never_use_this_option blacklist=psmouse \n", ""] Given I have started Tails from DVD and logged in and the network is connected # features/step_definitions/snapshots.rb:199 calling as amnesia: curl http://10.2.1.1:8000 call returned: [0, "Welcome to the LAN web server!", " % Total % Received % Xferd Average Speed Time Time Time Current\n Dload Upload Total Spent Left Speed\n\r 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0\r100 30 100 30 0 0 1147 0 --:--:-- --:--:-- --:--:-- 1200\n"] And a web server is running on the LAN # features/step_definitions/common_steps.rb:798 And I capture all network traffic # features/step_definitions/common_steps.rb:171 calling as amnesia: mktemp call returned: [0, "/tmp/tmp.4OLUdWkWR9\n", ""] calling as root: rm -f '/tmp/tmp.4OLUdWkWR9' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Applications'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.4OLUdWkWR9' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.4OLUdWkWR9' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.4OLUdWkWR9_20160613-115403_debug ...\nClicking on [label | Applications]\nMouse button 1 click at (47,13)\n", ""] calling as root: rm -f '/tmp/tmp.4OLUdWkWR9' call returned: [0, "", ""] calling as amnesia: mktemp call returned: [0, "/tmp/tmp.K3o8mmVaa2\n", ""] calling as root: rm -f '/tmp/tmp.K3o8mmVaa2' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Internet'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.K3o8mmVaa2' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.K3o8mmVaa2' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.K3o8mmVaa2_20160613-115407_debug ...\nClicking on [label | Internet]\nMouse button 1 click at (59,166)\n", ""] calling as root: rm -f '/tmp/tmp.K3o8mmVaa2' call returned: [0, "", ""] calling as amnesia: mktemp call returned: [0, "/tmp/tmp.flb7b9Z59q\n", ""] calling as root: rm -f '/tmp/tmp.flb7b9Z59q' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Tor Browser'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.flb7b9Z59q' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.flb7b9Z59q' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.flb7b9Z59q_20160613-115411_debug ...\nClicking on [label | Tor Browser]\nMouse button 1 click at (297,336)\n", ""] calling as root: rm -f '/tmp/tmp.flb7b9Z59q' call returned: [0, "", ""] When I start the Tor Browser # features/step_definitions/common_steps.rb:558 calling as amnesia: mktemp call returned: [0, "/tmp/tmp.69ZnlbFoDZ\n", ""] calling as root: rm -f '/tmp/tmp.69ZnlbFoDZ' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'Firefox'"'"') application.child('"'"'Tails - News - Tor Browser'"'"', roleName='"'"'frame'"'"')' >> '/tmp/tmp.69ZnlbFoDZ' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.69ZnlbFoDZ' call returned: [0, "", ""] calling as root: rm -f '/tmp/tmp.69ZnlbFoDZ' call returned: [0, "", ""] calling as amnesia: mktemp call returned: [0, "/tmp/tmp.pH1DEPQ0lL\n", ""] calling as root: rm -f '/tmp/tmp.pH1DEPQ0lL' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'Firefox'"'"') application.child('"'"'Reload current page'"'"', roleName='"'"'push button'"'"')' >> '/tmp/tmp.pH1DEPQ0lL' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.pH1DEPQ0lL' call returned: [0, "", ""] calling as root: rm -f '/tmp/tmp.pH1DEPQ0lL' call returned: [0, "", ""] And the Tor Browser has started and loaded the startup page # features/step_definitions/common_steps.rb:403 calling as root: . /usr/local/lib/tails-shell-library/tor-browser.sh && echo ${TBB_INSTALL}/firefox call returned: [0, "/usr/local/lib/tor-browser/firefox\n", ""] [log] CLICK on (243,83) calling as root: . /usr/local/lib/tails-shell-library/tor-browser.sh && echo ${TBB_INSTALL}/firefox call returned: [0, "/usr/local/lib/tor-browser/firefox\n", ""] [log] CLICK on (238,117) calling as amnesia: echo -n 'http://10.2.1.1:8000' | xsel --input --clipboard call returned: [0, "", ""] And I open a page on the LAN web server in the Tor Browser # features/step_definitions/common_steps.rb:847 [log] Ctrl+TYPE "v" [log] TYPE " " calling as amnesia: mktemp call returned: [0, "/tmp/tmp.W87l0yLO4H\n", ""] calling as root: rm -f '/tmp/tmp.W87l0yLO4H' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'Firefox'"'"') application.child('"'"'Problem loading page'"'"', roleName='"'"'document frame'"'"')' >> '/tmp/tmp.W87l0yLO4H' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.W87l0yLO4H' call returned: [0, "", ""] calling as root: rm -f '/tmp/tmp.W87l0yLO4H' call returned: [0, "", ""] calling as amnesia: mktemp call returned: [0, "/tmp/tmp.7swlFeD0HZ\n", ""] calling as root: rm -f '/tmp/tmp.7swlFeD0HZ' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'Firefox'"'"') from dogtail import predicate for n in application.child('"'"'Problem loading page'"'"', roleName='"'"'document frame'"'"').findChildren(predicate.GenericPredicate(roleName='"'"'heading'"'"')): print(n.path)' >> '/tmp/tmp.7swlFeD0HZ' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.7swlFeD0HZ' call returned: [0, "/org/a11y/atspi/accessible/1216\n", ""] calling as root: rm -f '/tmp/tmp.7swlFeD0HZ' call returned: [0, "", ""] calling as amnesia: mktemp call returned: [0, "/tmp/tmp.Tp30KMF1t9\n", ""] calling as root: rm -f '/tmp/tmp.Tp30KMF1t9' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'Firefox'"'"') from dogtail import predicate node = None for n in application.child('"'"'Problem loading page'"'"', roleName='"'"'document frame'"'"').findChildren(predicate.GenericPredicate()): if str(n.path) == '"'"'/org/a11y/atspi/accessible/1216'"'"': node = n break assert(node) print(node.text)' >> '/tmp/tmp.Tp30KMF1t9' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.Tp30KMF1t9' call returned: [0, "Unable to connect\n", ""] calling as root: rm -f '/tmp/tmp.Tp30KMF1t9' call returned: [0, "", ""] Then the Tor Browser shows the "Unable to connect" error # features/step_definitions/browser.rb:223 And no traffic was sent to the web server on the LAN # features/step_definitions/torified_browsing.rb:1 @check_tor_leaks Scenario: The Tor Browser directory is usable # features/torified_browsing.feature:18 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [0, "", ""] calling as root: systemctl --quiet is-active tor@default.service call returned: [0, "", ""] calling as root: systemctl stop tor@default.service call returned: [0, "", ""] calling as root: rm -f /var/log/tor/log call returned: [0, "", ""] calling as root: systemctl --no-block restart tails-tor-has-bootstrapped.target call returned: [0, "", ""] calling as root: date -s '@1465818901' call returned: [0, "Mon Jun 13 11:55:01 UTC 2016\n", ""] spawning as root: restart-tor calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [0, "", ""] calling as root: cat /proc/cmdline call returned: [0, "BOOT_IMAGE=/live/vmlinuz2 initrd=/live/initrd2.img boot=live config live-media=removable apparmor=1 security=apparmor nopersistence noprompt timezone=Etc/UTC block.events_dfl_poll_msecs=1000 splash noautologin module=Tails slab_nomerge slub_debug=FZ mce=0 vsyscall=none quiet autotest_never_use_this_option blacklist=psmouse \n", ""] Given I have started Tails from DVD and logged in and the network is connected # features/step_definitions/snapshots.rb:199 calling as root: test -d '/home/amnesia/Tor Browser' call returned: [0, "", ""] Then the amnesiac Tor Browser directory exists # features/step_definitions/common_steps.rb:690 [log] CLICK on (150,14) [log] TYPE "" And there is a GNOME bookmark for the amnesiac Tor Browser directory # features/step_definitions/common_steps.rb:700 calling as root: test -d '/home/amnesia/Persistent/Tor Browser' call returned: [1, "", ""] And the persistent Tor Browser directory does not exist # features/step_definitions/common_steps.rb:690 calling as amnesia: mktemp call returned: [0, "/tmp/tmp.L1YjfT4oA1\n", ""] calling as root: rm -f '/tmp/tmp.L1YjfT4oA1' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Applications'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.L1YjfT4oA1' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.L1YjfT4oA1' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.L1YjfT4oA1_20160613-115509_debug ...\nClicking on [label | Applications]\nMouse button 1 click at (47,13)\n", ""] calling as root: rm -f '/tmp/tmp.L1YjfT4oA1' call returned: [0, "", ""] calling as amnesia: mktemp call returned: [0, "/tmp/tmp.3X3tEZvFHn\n", ""] calling as root: rm -f '/tmp/tmp.3X3tEZvFHn' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Internet'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.3X3tEZvFHn' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.3X3tEZvFHn' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.3X3tEZvFHn_20160613-115512_debug ...\nClicking on [label | Internet]\nMouse button 1 click at (59,166)\n", ""] calling as root: rm -f '/tmp/tmp.3X3tEZvFHn' call returned: [0, "", ""] calling as amnesia: mktemp call returned: [0, "/tmp/tmp.3YDkF2OvDj\n", ""] calling as root: rm -f '/tmp/tmp.3YDkF2OvDj' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Tor Browser'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.3YDkF2OvDj' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.3YDkF2OvDj' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.3YDkF2OvDj_20160613-115516_debug ...\nClicking on [label | Tor Browser]\nMouse button 1 click at (297,336)\n", ""] calling as root: rm -f '/tmp/tmp.3YDkF2OvDj' call returned: [0, "", ""] When I start the Tor Browser # features/step_definitions/common_steps.rb:558 calling as amnesia: mktemp call returned: [0, "/tmp/tmp.Guey1z3FE6\n", ""] calling as root: rm -f '/tmp/tmp.Guey1z3FE6' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'Firefox'"'"') application.child('"'"'Tails - News - Tor Browser'"'"', roleName='"'"'frame'"'"')' >> '/tmp/tmp.Guey1z3FE6' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.Guey1z3FE6' call returned: [0, "", ""] calling as root: rm -f '/tmp/tmp.Guey1z3FE6' call returned: [0, "", ""] calling as amnesia: mktemp call returned: [0, "/tmp/tmp.Fwl6DFg66z\n", ""] calling as root: rm -f '/tmp/tmp.Fwl6DFg66z' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'Firefox'"'"') application.child('"'"'Reload current page'"'"', roleName='"'"'push button'"'"')' >> '/tmp/tmp.Fwl6DFg66z' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.Fwl6DFg66z' call returned: [0, "", ""] calling as root: rm -f '/tmp/tmp.Fwl6DFg66z' call returned: [0, "", ""] And the Tor Browser has started and loaded the startup page # features/step_definitions/common_steps.rb:403 [log] Ctrl+TYPE "s" [log] TYPE "index" [log] TYPE " " calling as root: test -e '/home/amnesia/Tor Browser/index.html' call returned: [1, "", ""] calling as root: test -e '/home/amnesia/Tor Browser/index.html' call returned: [1, "", ""] calling as root: test -e '/home/amnesia/Tor Browser/index.html' call returned: [0, "", ""] Then I can save the current page as "index.html" to the default downloads directory # features/step_definitions/common_steps.rb:748 [log] Ctrl+TYPE "p" [log] CLICK on (273,240) [log] DOUBLE CLICK on (364,366) [log] TYPE "/home/amnesia/Tor Browser/output " calling as root: test -e '/home/amnesia/Tor Browser/output.pdf' call returned: [1, "", ""] calling as root: test -e '/home/amnesia/Tor Browser/output.pdf' call returned: [1, "", ""] calling as root: test -e '/home/amnesia/Tor Browser/output.pdf' call returned: [1, "", ""] calling as root: test -e '/home/amnesia/Tor Browser/output.pdf' call returned: [1, "", ""] calling as root: test -e '/home/amnesia/Tor Browser/output.pdf' call returned: [1, "", ""] calling as root: test -e '/home/amnesia/Tor Browser/output.pdf' call returned: [1, "", ""] calling as root: test -e '/home/amnesia/Tor Browser/output.pdf' call returned: [1, "", ""] calling as root: test -e '/home/amnesia/Tor Browser/output.pdf' call returned: [1, "", ""] calling as root: test -e '/home/amnesia/Tor Browser/output.pdf' call returned: [0, "", ""] And I can print the current page as "output.pdf" to the default downloads directory # features/step_definitions/common_steps.rb:778 Scenario: I can view a file stored in "~/Tor Browser" but not in ~/.gnupg # features/torified_browsing.feature:48 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [0, "", ""] calling as root: systemctl --quiet is-active tor@default.service call returned: [0, "", ""] calling as root: systemctl stop tor@default.service call returned: [0, "", ""] calling as root: rm -f /var/log/tor/log call returned: [0, "", ""] calling as root: systemctl --no-block restart tails-tor-has-bootstrapped.target call returned: [0, "", ""] calling as root: date -s '@1465818970' call returned: [0, "Mon Jun 13 11:56:10 UTC 2016\n", ""] spawning as root: restart-tor calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [0, "", ""] calling as root: cat /proc/cmdline call returned: [0, "BOOT_IMAGE=/live/vmlinuz2 initrd=/live/initrd2.img boot=live config live-media=removable apparmor=1 security=apparmor nopersistence noprompt timezone=Etc/UTC block.events_dfl_poll_msecs=1000 splash noautologin module=Tails slab_nomerge slub_debug=FZ mce=0 vsyscall=none quiet autotest_never_use_this_option blacklist=psmouse \n", ""] Given I have started Tails from DVD and logged in and the network is connected # features/step_definitions/snapshots.rb:199 calling as amnesia: cp "/usr/share/synaptic/html/index.html" "/home/amnesia/Tor Browser/synaptic.html" call returned: [0, "", ""] And I copy "/usr/share/synaptic/html/index.html" to "/home/amnesia/Tor Browser/synaptic.html" as user "amnesia" # features/step_definitions/common_steps.rb:650 calling as amnesia: cp "/usr/share/synaptic/html/index.html" "/home/amnesia/.gnupg/synaptic.html" call returned: [0, "", ""] And I copy "/usr/share/synaptic/html/index.html" to "/home/amnesia/.gnupg/synaptic.html" as user "amnesia" # features/step_definitions/common_steps.rb:650 calling as amnesia: cp "/usr/share/synaptic/html/index.html" "/tmp/synaptic.html" call returned: [0, "", ""] And I copy "/usr/share/synaptic/html/index.html" to "/tmp/synaptic.html" as user "amnesia" # features/step_definitions/common_steps.rb:650 calling as root: test -e '/home/amnesia/.gnupg/synaptic.html' call returned: [0, "", ""] Then the file "/home/amnesia/.gnupg/synaptic.html" exists # features/step_definitions/common_steps.rb:628 calling as root: test -e '/lib/live/mount/overlay/home/amnesia/.gnupg/synaptic.html' call returned: [0, "", ""] And the file "/lib/live/mount/overlay/home/amnesia/.gnupg/synaptic.html" exists # features/step_definitions/common_steps.rb:628 calling as root: test -e '/live/overlay/home/amnesia/.gnupg/synaptic.html' call returned: [0, "", ""] And the file "/live/overlay/home/amnesia/.gnupg/synaptic.html" exists # features/step_definitions/common_steps.rb:628 calling as root: test -e '/tmp/synaptic.html' call returned: [0, "", ""] And the file "/tmp/synaptic.html" exists # features/step_definitions/common_steps.rb:628 calling as root: sysctl -w kernel.printk_ratelimit=0 call returned: [0, "kernel.printk_ratelimit = 0\n", ""] calling as root: date +"%Y-%m-%d %H:%M:%S" call returned: [0, "2016-06-13 11:56:18\n", ""] Given I start monitoring the AppArmor log of "/usr/local/lib/tor-browser/firefox" # features/step_definitions/common_steps.rb:861 calling as amnesia: mktemp call returned: [0, "/tmp/tmp.f26Pur3tHQ\n", ""] calling as root: rm -f '/tmp/tmp.f26Pur3tHQ' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Applications'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.f26Pur3tHQ' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.f26Pur3tHQ' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.f26Pur3tHQ_20160613-115619_debug ...\nClicking on [label | Applications]\nMouse button 1 click at (47,13)\n", ""] calling as root: rm -f '/tmp/tmp.f26Pur3tHQ' call returned: [0, "", ""] calling as amnesia: mktemp call returned: [0, "/tmp/tmp.MEkUTwKrCP\n", ""] calling as root: rm -f '/tmp/tmp.MEkUTwKrCP' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Internet'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.MEkUTwKrCP' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.MEkUTwKrCP' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.MEkUTwKrCP_20160613-115622_debug ...\nClicking on [label | Internet]\nMouse button 1 click at (59,166)\n", ""] calling as root: rm -f '/tmp/tmp.MEkUTwKrCP' call returned: [0, "", ""] calling as amnesia: mktemp call returned: [0, "/tmp/tmp.lAATpOKOhV\n", ""] calling as root: rm -f '/tmp/tmp.lAATpOKOhV' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Tor Browser'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.lAATpOKOhV' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.lAATpOKOhV' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.lAATpOKOhV_20160613-115626_debug ...\nClicking on [label | Tor Browser]\nMouse button 1 click at (297,336)\n", ""] calling as root: rm -f '/tmp/tmp.lAATpOKOhV' call returned: [0, "", ""] When I start the Tor Browser # features/step_definitions/common_steps.rb:558 calling as amnesia: mktemp call returned: [0, "/tmp/tmp.W0ebxwOlgB\n", ""] calling as root: rm -f '/tmp/tmp.W0ebxwOlgB' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'Firefox'"'"') application.child('"'"'Tails - News - Tor Browser'"'"', roleName='"'"'frame'"'"')' >> '/tmp/tmp.W0ebxwOlgB' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.W0ebxwOlgB' call returned: [0, "", ""] calling as root: rm -f '/tmp/tmp.W0ebxwOlgB' call returned: [0, "", ""] calling as amnesia: mktemp call returned: [0, "/tmp/tmp.vlVGwIaihB\n", ""] calling as root: rm -f '/tmp/tmp.vlVGwIaihB' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'Firefox'"'"') application.child('"'"'Reload current page'"'"', roleName='"'"'push button'"'"')' >> '/tmp/tmp.vlVGwIaihB' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.vlVGwIaihB' call returned: [0, "", ""] calling as root: rm -f '/tmp/tmp.vlVGwIaihB' call returned: [0, "", ""] And the Tor Browser has started and loaded the startup page # features/step_definitions/common_steps.rb:403 calling as root: . /usr/local/lib/tails-shell-library/tor-browser.sh && echo ${TBB_INSTALL}/firefox call returned: [0, "/usr/local/lib/tor-browser/firefox\n", ""] [log] CLICK on (243,83) calling as root: . /usr/local/lib/tails-shell-library/tor-browser.sh && echo ${TBB_INSTALL}/firefox call returned: [0, "/usr/local/lib/tor-browser/firefox\n", ""] [log] CLICK on (238,117) calling as amnesia: echo -n 'file:///home/amnesia/Tor Browser/synaptic.html' | xsel --input --clipboard call returned: [0, "", ""] [log] Ctrl+TYPE "v" [log] TYPE " " And I open the address "file:///home/amnesia/Tor Browser/synaptic.html" in the Tor Browser # features/step_definitions/browser.rb:88 Then I see "TorBrowserSynapticManual.png" after at most 5 seconds # features/step_definitions/common_steps.rb:459 calling as root: journalctl --full --no-pager --since='2016-06-13 11:56:18' SYSLOG_IDENTIFIER=kernel | grep -w 'apparmor="DENIED" operation="open" profile="/usr/local/lib/tor-browser/firefox" name="/home/amnesia/Tor Browser/synaptic.html"' call returned: [1, "", ""] And AppArmor has not denied "/usr/local/lib/tor-browser/firefox" from opening "/home/amnesia/Tor Browser/synaptic.html" # features/step_definitions/common_steps.rb:873 calling as root: sysctl -w kernel.printk_ratelimit=0 call returned: [0, "kernel.printk_ratelimit = 0\n", ""] calling as root: date +"%Y-%m-%d %H:%M:%S" call returned: [0, "2016-06-13 11:57:03\n", ""] Given I restart monitoring the AppArmor log of "/usr/local/lib/tor-browser/firefox" # features/step_definitions/common_steps.rb:861 calling as root: . /usr/local/lib/tails-shell-library/tor-browser.sh && echo ${TBB_INSTALL}/firefox call returned: [0, "/usr/local/lib/tor-browser/firefox\n", ""] [log] CLICK on (453,83) calling as root: . /usr/local/lib/tails-shell-library/tor-browser.sh && echo ${TBB_INSTALL}/firefox call returned: [0, "/usr/local/lib/tor-browser/firefox\n", ""] [log] CLICK on (238,117) calling as amnesia: echo -n 'file:///home/amnesia/.gnupg/synaptic.html' | xsel --input --clipboard call returned: [0, "", ""] [log] Ctrl+TYPE "v" [log] TYPE " " When I open the address "file:///home/amnesia/.gnupg/synaptic.html" in the Tor Browser # features/step_definitions/browser.rb:88 Then I do not see "TorBrowserSynapticManual.png" after at most 5 seconds # features/step_definitions/common_steps.rb:459 calling as root: journalctl --full --no-pager --since='2016-06-13 11:57:03' SYSLOG_IDENTIFIER=kernel | grep -w 'apparmor="DENIED" operation="open" profile="/usr/local/lib/tor-browser/firefox" name="/home/amnesia/.gnupg/synaptic.html"' call returned: [0, "Jun 13 11:57:12 amnesia kernel: audit: type=1400 audit(1465819032.204:32): apparmor=\"DENIED\" operation=\"open\" profile=\"/usr/local/lib/tor-browser/firefox\" name=\"/home/amnesia/.gnupg/synaptic.html\" pid=4943 comm=53747265616D5472616E73202333 requested_mask=\"r\" denied_mask=\"r\" fsuid=1000 ouid=1000\n", ""] And AppArmor has denied "/usr/local/lib/tor-browser/firefox" from opening "/home/amnesia/.gnupg/synaptic.html" # features/step_definitions/common_steps.rb:873 calling as root: sysctl -w kernel.printk_ratelimit=0 call returned: [0, "kernel.printk_ratelimit = 0\n", ""] calling as root: date +"%Y-%m-%d %H:%M:%S" call returned: [0, "2016-06-13 11:57:19\n", ""] Given I restart monitoring the AppArmor log of "/usr/local/lib/tor-browser/firefox" # features/step_definitions/common_steps.rb:861 calling as root: . /usr/local/lib/tails-shell-library/tor-browser.sh && echo ${TBB_INSTALL}/firefox call returned: [0, "/usr/local/lib/tor-browser/firefox\n", ""] [log] CLICK on (663,83) calling as root: . /usr/local/lib/tails-shell-library/tor-browser.sh && echo ${TBB_INSTALL}/firefox call returned: [0, "/usr/local/lib/tor-browser/firefox\n", ""] [log] CLICK on (238,117) calling as amnesia: echo -n 'file:///lib/live/mount/overlay/home/amnesia/.gnupg/synaptic.html' | xsel --input --clipboard call returned: [0, "", ""] [log] Ctrl+TYPE "v" [log] TYPE " " When I open the address "file:///lib/live/mount/overlay/home/amnesia/.gnupg/synaptic.html" in the Tor Browser # features/step_definitions/browser.rb:88 Then I do not see "TorBrowserSynapticManual.png" after at most 5 seconds # features/step_definitions/common_steps.rb:459 calling as root: journalctl --full --no-pager --since='2016-06-13 11:57:19' SYSLOG_IDENTIFIER=kernel | grep -w 'apparmor="DENIED" operation="open" profile="/usr/local/lib/tor-browser/firefox" name="/lib/live/mount/overlay/home/amnesia/.gnupg/synaptic.html"' call returned: [0, "Jun 13 11:57:27 amnesia kernel: audit: type=1400 audit(1465819047.912:33): apparmor=\"DENIED\" operation=\"open\" profile=\"/usr/local/lib/tor-browser/firefox\" name=\"/lib/live/mount/overlay/home/amnesia/.gnupg/synaptic.html\" pid=4943 comm=53747265616D5472616E73202333 requested_mask=\"r\" denied_mask=\"r\" fsuid=1000 ouid=1000\n", ""] And AppArmor has denied "/usr/local/lib/tor-browser/firefox" from opening "/lib/live/mount/overlay/home/amnesia/.gnupg/synaptic.html" # features/step_definitions/common_steps.rb:873 calling as root: sysctl -w kernel.printk_ratelimit=0 call returned: [0, "kernel.printk_ratelimit = 0\n", ""] calling as root: date +"%Y-%m-%d %H:%M:%S" call returned: [0, "2016-06-13 11:57:34\n", ""] Given I restart monitoring the AppArmor log of "/usr/local/lib/tor-browser/firefox" # features/step_definitions/common_steps.rb:861 calling as root: . /usr/local/lib/tails-shell-library/tor-browser.sh && echo ${TBB_INSTALL}/firefox call returned: [0, "/usr/local/lib/tor-browser/firefox\n", ""] [log] CLICK on (873,83) calling as root: . /usr/local/lib/tails-shell-library/tor-browser.sh && echo ${TBB_INSTALL}/firefox call returned: [0, "/usr/local/lib/tor-browser/firefox\n", ""] [log] CLICK on (238,117) calling as amnesia: echo -n 'file:///live/overlay/home/amnesia/.gnupg/synaptic.html' | xsel --input --clipboard call returned: [0, "", ""] [log] Ctrl+TYPE "v" [log] TYPE " " When I open the address "file:///live/overlay/home/amnesia/.gnupg/synaptic.html" in the Tor Browser # features/step_definitions/browser.rb:88 Then I do not see "TorBrowserSynapticManual.png" after at most 5 seconds # features/step_definitions/common_steps.rb:459 calling as root: journalctl --full --no-pager --since='2016-06-13 11:57:34' SYSLOG_IDENTIFIER=kernel | grep -w 'apparmor="DENIED" operation="open" profile="/usr/local/lib/tor-browser/firefox" name="/lib/live/mount/overlay/home/amnesia/.gnupg/synaptic.html"' call returned: [0, "Jun 13 11:57:43 amnesia kernel: audit: type=1400 audit(1465819063.532:34): apparmor=\"DENIED\" operation=\"open\" profile=\"/usr/local/lib/tor-browser/firefox\" name=\"/lib/live/mount/overlay/home/amnesia/.gnupg/synaptic.html\" pid=4943 comm=53747265616D5472616E73202333 requested_mask=\"r\" denied_mask=\"r\" fsuid=1000 ouid=1000\n", ""] And AppArmor has denied "/usr/local/lib/tor-browser/firefox" from opening "/lib/live/mount/overlay/home/amnesia/.gnupg/synaptic.html" # features/step_definitions/common_steps.rb:873 calling as root: . /usr/local/lib/tails-shell-library/tor-browser.sh && echo ${TBB_INSTALL}/firefox call returned: [0, "/usr/local/lib/tor-browser/firefox\n", ""] [log] CLICK on (991,83) calling as root: . /usr/local/lib/tails-shell-library/tor-browser.sh && echo ${TBB_INSTALL}/firefox call returned: [0, "/usr/local/lib/tor-browser/firefox\n", ""] [log] CLICK on (238,117) calling as amnesia: echo -n 'file:///tmp/synaptic.html' | xsel --input --clipboard call returned: [0, "", ""] [log] Ctrl+TYPE "v" [log] TYPE " " When I open the address "file:///tmp/synaptic.html" in the Tor Browser # features/step_definitions/browser.rb:88 Then I do not see "TorBrowserSynapticManual.png" after at most 5 seconds # features/step_definitions/common_steps.rb:459 @doc Scenario: The "Tails documentation" link on the Desktop works # features/torified_browsing.feature:87 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [0, "", ""] calling as root: systemctl --quiet is-active tor@default.service call returned: [0, "", ""] calling as root: systemctl stop tor@default.service call returned: [0, "", ""] calling as root: rm -f /var/log/tor/log call returned: [0, "", ""] calling as root: systemctl --no-block restart tails-tor-has-bootstrapped.target call returned: [0, "", ""] calling as root: date -s '@1465819090' call returned: [0, "Mon Jun 13 11:58:10 UTC 2016\n", ""] spawning as root: restart-tor calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [0, "", ""] calling as root: cat /proc/cmdline call returned: [0, "BOOT_IMAGE=/live/vmlinuz2 initrd=/live/initrd2.img boot=live config live-media=removable apparmor=1 security=apparmor nopersistence noprompt timezone=Etc/UTC block.events_dfl_poll_msecs=1000 splash noautologin module=Tails slab_nomerge slub_debug=FZ mce=0 vsyscall=none quiet autotest_never_use_this_option blacklist=psmouse \n", ""] Given I have started Tails from DVD and logged in and the network is connected # features/step_definitions/snapshots.rb:199 [log] DOUBLE CLICK on (87,282) When I double-click on the "Tails documentation" link on the Desktop # features/step_definitions/common_steps.rb:732 Then the Tor Browser has started # features/step_definitions/common_steps.rb:398 And I see "TailsOfflineDocHomepage.png" after at most 10 seconds # features/step_definitions/common_steps.rb:459 Scenario: The Tor Browser uses TBB's shared libraries # features/torified_browsing.feature:93 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [0, "", ""] calling as root: systemctl --quiet is-active tor@default.service call returned: [0, "", ""] calling as root: systemctl stop tor@default.service call returned: [0, "", ""] calling as root: rm -f /var/log/tor/log call returned: [0, "", ""] calling as root: systemctl --no-block restart tails-tor-has-bootstrapped.target call returned: [0, "", ""] calling as root: date -s '@1465819119' call returned: [0, "Mon Jun 13 11:58:39 UTC 2016\n", ""] spawning as root: restart-tor calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [0, "", ""] calling as root: cat /proc/cmdline call returned: [0, "BOOT_IMAGE=/live/vmlinuz2 initrd=/live/initrd2.img boot=live config live-media=removable apparmor=1 security=apparmor nopersistence noprompt timezone=Etc/UTC block.events_dfl_poll_msecs=1000 splash noautologin module=Tails slab_nomerge slub_debug=FZ mce=0 vsyscall=none quiet autotest_never_use_this_option blacklist=psmouse \n", ""] Given I have started Tails from DVD and logged in and the network is connected # features/step_definitions/snapshots.rb:199 calling as amnesia: mktemp call returned: [0, "/tmp/tmp.yXD6AHczxf\n", ""] calling as root: rm -f '/tmp/tmp.yXD6AHczxf' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Applications'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.yXD6AHczxf' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.yXD6AHczxf' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.yXD6AHczxf_20160613-115846_debug ...\nClicking on [label | Applications]\nMouse button 1 click at (47,13)\n", ""] calling as root: rm -f '/tmp/tmp.yXD6AHczxf' call returned: [0, "", ""] calling as amnesia: mktemp call returned: [0, "/tmp/tmp.sVIDYEnSKJ\n", ""] calling as root: rm -f '/tmp/tmp.sVIDYEnSKJ' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Internet'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.sVIDYEnSKJ' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.sVIDYEnSKJ' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.sVIDYEnSKJ_20160613-115849_debug ...\nClicking on [label | Internet]\nMouse button 1 click at (59,166)\n", ""] calling as root: rm -f '/tmp/tmp.sVIDYEnSKJ' call returned: [0, "", ""] calling as amnesia: mktemp call returned: [0, "/tmp/tmp.XHmNJletWy\n", ""] calling as root: rm -f '/tmp/tmp.XHmNJletWy' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Tor Browser'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.XHmNJletWy' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.XHmNJletWy' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.XHmNJletWy_20160613-115853_debug ...\nClicking on [label | Tor Browser]\nMouse button 1 click at (297,336)\n", ""] calling as root: rm -f '/tmp/tmp.XHmNJletWy' call returned: [0, "", ""] When I start the Tor Browser # features/step_definitions/common_steps.rb:558 And the Tor Browser has started # features/step_definitions/common_steps.rb:398 calling as root: . /usr/local/lib/tails-shell-library/tor-browser.sh && echo ${TBB_INSTALL}/firefox call returned: [0, "/usr/local/lib/tor-browser/firefox\n", ""] calling as root: pgrep --uid amnesia --full --exact '/usr/local/lib/tor-browser/firefox .* -profile /home/amnesia/.tor-browser/profile.default' call returned: [0, "4688\n", ""] calling as root: . /usr/local/lib/tails-shell-library/tor-browser.sh && ls -1 ${TBB_INSTALL}/*.so call returned: [0, "/usr/local/lib/tor-browser/libfreebl3.so\n/usr/local/lib/tor-browser/liblgpllibs.so\n/usr/local/lib/tor-browser/libmozsqlite3.so\n/usr/local/lib/tor-browser/libnspr4.so\n/usr/local/lib/tor-browser/libnss3.so\n/usr/local/lib/tor-browser/libnssckbi.so\n/usr/local/lib/tor-browser/libnssdbm3.so\n/usr/local/lib/tor-browser/libnssutil3.so\n/usr/local/lib/tor-browser/libplc4.so\n/usr/local/lib/tor-browser/libplds4.so\n/usr/local/lib/tor-browser/libsmime3.so\n/usr/local/lib/tor-browser/libsoftokn3.so\n/usr/local/lib/tor-browser/libssl3.so\n/usr/local/lib/tor-browser/libxul.so\n", ""] calling as root: pmap --show-path 4688 call returned: [0, "4688: /usr/local/lib/tor-browser/firefox -allow-remote --class Tor Browser -profile /home/amnesia/.tor-browser/profile.default\nd6600000 2048K rw--- [ anon ]\nd6800000 4K ----- [ anon ]\nd6801000 8188K rwx-- [ anon ]\nd7000000 3072K rw--- [ anon ]\nd7300000 4K ----- [ anon ]\nd7301000 8188K rwx-- [ anon ]\nd7b00000 4K ----- [ anon ]\nd7b01000 8188K rwx-- [ anon ]\nd8300000 3072K rw--- [ anon ]\nd86c8000 1248K r---- /usr/local/share/tor-browser-extensions/torbutton@torproject.org.xpi\nd8800000 3072K rw--- [ anon ]\nd8b76000 552K r---- /usr/local/share/tor-browser-extensions/{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi\nd8c00000 4K ----- [ anon ]\nd8c01000 8188K rwx-- [ anon ]\nd9400000 3072K rw--- [ anon ]\nd9772000 568K r---- /usr/local/lib/tor-browser/fonts/Arimo-Regular.ttf\nd9800000 7168K rw--- [ anon ]\nd9f10000 64K rwx-- [ anon ]\nd9f20000 4K ----- [ anon ]\nd9f21000 892K rwx-- [ anon ]\nda000000 1024K rw--- [ anon ]\nda100000 4K ----- [ anon ]\nda101000 8188K rwx-- [ anon ]\nda900000 4K ----- [ anon ]\nda901000 8188K rwx-- [ anon ]\ndb100000 4K ----- [ anon ]\ndb101000 8188K rwx-- [ anon ]\ndb900000 4K ----- [ anon ]\ndb901000 8188K rwx-- [ anon ]\ndc100000 8192K rw--- [ anon ]\ndc900000 4K ----- [ anon ]\ndc901000 8188K rwx-- [ anon ]\ndd100000 6144K rw--- [ anon ]\ndd700000 2048K rw--- [ anon ]\ndd903000 568K r---- /usr/local/lib/tor-browser/fonts/Arimo-Regular.ttf\ndd991000 4K ----- [ anon ]\ndd992000 1020K rwx-- [ anon ]\ndda91000 4K ----- [ anon ]\ndda92000 8188K rwx-- [ anon ]\nde291000 4K ----- [ anon ]\nde292000 8188K rwx-- [ anon ]\ndea91000 1468K r---- /usr/lib/locale/C.UTF-8/LC_COLLATE\ndec00000 47104K rw--- [ anon ]\ne1a08000 384K rwx-- [ anon ]\ne1a68000 384K rw-s- [ shmid=0x90004 ]\ne1ad0000 192K rwx-- [ anon ]\ne1b00000 14336K rw--- [ anon ]\ne2900000 4K ----- [ anon ]\ne2901000 8188K rwx-- [ anon ]\ne3100000 4K ----- [ anon ]\ne3101000 8188K rwx-- [ anon ]\ne3900000 1024K rw--- [ anon ]\ne3a00000 4K ----- [ anon ]\ne3a01000 8188K rwx-- [ anon ]\ne4200000 1024K rw--- [ anon ]\ne4304000 256K rwx-- [ anon ]\ne4344000 120K r--s- /usr/share/mime/mime.cache\ne436c000 512K rwx-- [ anon ]\ne43ec000 4K ----- [ anon ]\ne43ed000 1020K rwx-- [ anon ]\ne44ec000 4K ----- [ anon ]\ne44ed000 8188K rwx-- [ anon ]\ne4cf4000 152K r---- /usr/lib/locale/C.UTF-8/LC_CTYPE\ne4d1a000 208K r-x-- /usr/lib/i386-linux-gnu/libgconf-2.so.4.1.5\ne4d4e000 4K r---- /usr/lib/i386-linux-gnu/libgconf-2.so.4.1.5\ne4d4f000 4K rw--- /usr/lib/i386-linux-gnu/libgconf-2.so.4.1.5\ne4d57000 128K rwx-- [ anon ]\ne4d78000 32K rw-s- /home/amnesia/.tor-browser/profile.default/webappsstore.sqlite-shm\ne4d80000 512K rwx-- [ anon ]\ne4e00000 2048K rw--- [ anon ]\ne5003000 32K rw-s- /home/amnesia/.tor-browser/profile.default/places.sqlite-shm\ne500b000 512K rwx-- [ anon ]\ne508b000 4K ----- [ anon ]\ne508c000 8188K rwx-- [ anon ]\ne588b000 4K ----- [ anon ]\ne588c000 8188K rwx-- [ anon ]\ne608b000 396K r-x-- /usr/local/lib/tor-browser/libnssckbi.so\ne60ee000 48K r---- /usr/local/lib/tor-browser/libnssckbi.so\ne60fa000 24K rw--- /usr/local/lib/tor-browser/libnssckbi.so\ne6100000 1024K rw--- [ anon ]\ne6200000 4K ----- [ anon ]\ne6201000 8188K rwx-- [ anon ]\ne6a00000 1024K rw--- [ anon ]\ne6b02000 20K r-x-- /usr/lib/i386-linux-gnu/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-png.so\ne6b07000 4K r---- /usr/lib/i386-linux-gnu/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-png.so\ne6b08000 4K rw--- /usr/lib/i386-linux-gnu/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-png.so\ne6b09000 420K r-x-- /usr/local/lib/tor-browser/libfreebl3.so\ne6b72000 4K ----- /usr/local/lib/tor-browser/libfreebl3.so\ne6b73000 4K r---- /usr/local/lib/tor-browser/libfreebl3.so\ne6b74000 4K rw--- /usr/local/lib/tor-browser/libfreebl3.so\ne6b75000 16K rw--- [ anon ]\ne6b79000 212K r-x-- /usr/local/lib/tor-browser/libsoftokn3.so\ne6bae000 4K r---- /usr/local/lib/tor-browser/libsoftokn3.so\ne6baf000 4K rw--- /usr/local/lib/tor-browser/libsoftokn3.so\ne6bb0000 64K rwx-- [ anon ]\ne6bc0000 4K ----- [ anon ]\ne6bc1000 124K rwx-- [ anon ]\ne6be0000 172K r-x-- /usr/lib/i386-linux-gnu/libvorbis.so.0.4.7\ne6c0b000 4K r---- /usr/lib/i386-linux-gnu/libvorbis.so.0.4.7\ne6c0c000 4K rw--- /usr/lib/i386-linux-gnu/libvorbis.so.0.4.7\ne6c0d000 72K r-x-- /lib/i386-linux-gnu/libgpg-error.so.0.13.0\ne6c1f000 4K r---- /lib/i386-linux-gnu/libgpg-error.so.0.13.0\ne6c20000 4K rw--- /lib/i386-linux-gnu/libgpg-error.so.0.13.0\ne6c21000 496K r-x-- /usr/lib/i386-linux-gnu/libvorbisenc.so.2.0.10\ne6c9d000 72K r---- /usr/lib/i386-linux-gnu/libvorbisenc.so.2.0.10\ne6caf000 4K rw--- /usr/lib/i386-linux-gnu/libvorbisenc.so.2.0.10\ne6cb0000 212K r-x-- /usr/lib/i386-linux-gnu/libFLAC.so.8.3.0\ne6ce5000 4K r---- /usr/lib/i386-linux-gnu/libFLAC.so.8.3.0\ne6ce6000 4K rw--- /usr/lib/i386-linux-gnu/libFLAC.so.8.3.0\ne6ce7000 84K r-x-- /lib/i386-linux-gnu/libnsl-2.19.so\ne6cfc000 4K r---- /lib/i386-linux-gnu/libnsl-2.19.so\ne6cfd000 4K rw--- /lib/i386-linux-gnu/libnsl-2.19.so\ne6cfe000 8K rw--- [ anon ]\ne6d00000 4K ----- [ anon ]\ne6d01000 8188K rwx-- [ anon ]\ne7500000 4K ----- [ anon ]\ne7501000 8188K rwx-- [ anon ]\ne7d00000 4K ----- [ anon ]\ne7d01000 8188K rwx-- [ anon ]\ne8500000 8192K rw--- [ anon ]\ne8d00000 4K ----- [ anon ]\ne8d01000 8188K rwx-- [ anon ]\ne9500000 5120K rw--- [ anon ]\ne9a02000 8K r-x-- /usr/lib/i386-linux-gnu/libXss.so.1.0.0\ne9a04000 4K rw--- /usr/lib/i386-linux-gnu/libXss.so.1.0.0\ne9a05000 28K r-x-- /usr/lib/i386-linux-gnu/libogg.so.0.8.2\ne9a0c000 4K r---- /usr/lib/i386-linux-gnu/libogg.so.0.8.2\ne9a0d000 4K rw--- /usr/lib/i386-linux-gnu/libogg.so.0.8.2\ne9a0e000 692K r-x-- /lib/i386-linux-gnu/libgcrypt.so.20.0.3\ne9abb000 4K r---- /lib/i386-linux-gnu/libgcrypt.so.20.0.3\ne9abc000 12K rw--- /lib/i386-linux-gnu/libgcrypt.so.20.0.3\ne9abf000 16K r-x-- /lib/i386-linux-gnu/libattr.so.1.1.0\ne9ac3000 4K r---- /lib/i386-linux-gnu/libattr.so.1.1.0\ne9ac4000 4K rw--- /lib/i386-linux-gnu/libattr.so.1.1.0\ne9ac5000 20K r-x-- /usr/lib/i386-linux-gnu/libasyncns.so.0.3.1\ne9aca000 4K r---- /usr/lib/i386-linux-gnu/libasyncns.so.0.3.1\ne9acb000 4K rw--- /usr/lib/i386-linux-gnu/libasyncns.so.0.3.1\ne9acc000 456K r-x-- /usr/lib/i386-linux-gnu/libsndfile.so.1.0.25\ne9b3e000 8K r---- /usr/lib/i386-linux-gnu/libsndfile.so.1.0.25\ne9b40000 4K rw--- /usr/lib/i386-linux-gnu/libsndfile.so.1.0.25\ne9b41000 16K rw--- [ anon ]\ne9b45000 32K r-x-- /lib/i386-linux-gnu/libwrap.so.0.7.6\ne9b4d000 4K r---- /lib/i386-linux-gnu/libwrap.so.0.7.6\ne9b4e000 4K rw--- /lib/i386-linux-gnu/libwrap.so.0.7.6\ne9b4f000 156K r-x-- /lib/i386-linux-gnu/libsystemd.so.0.3.1\ne9b76000 4K r---- /lib/i386-linux-gnu/libsystemd.so.0.3.1\ne9b77000 4K rw--- /lib/i386-linux-gnu/libsystemd.so.0.3.1\ne9b78000 24K r-x-- /usr/lib/i386-linux-gnu/libXtst.so.6.1.0\ne9b7e000 4K r---- /usr/lib/i386-linux-gnu/libXtst.so.6.1.0\ne9b7f000 4K rw--- /usr/lib/i386-linux-gnu/libXtst.so.6.1.0\ne9b80000 512K r-x-- /usr/lib/i386-linux-gnu/pulseaudio/libpulsecommon-5.0.so\ne9c00000 4K r---- /usr/lib/i386-linux-gnu/pulseaudio/libpulsecommon-5.0.so\ne9c01000 4K rw--- /usr/lib/i386-linux-gnu/pulseaudio/libpulsecommon-5.0.so\ne9c02000 344K r-x-- /usr/lib/i386-linux-gnu/libpulse.so.0.17.3\ne9c58000 4K r---- /usr/lib/i386-linux-gnu/libpulse.so.0.17.3\ne9c59000 4K rw--- /usr/lib/i386-linux-gnu/libpulse.so.0.17.3\ne9c5a000 152K r-x-- /lib/i386-linux-gnu/liblzma.so.5.0.0\ne9c80000 8K r---- /lib/i386-linux-gnu/liblzma.so.5.0.0\ne9c82000 4K rw--- /lib/i386-linux-gnu/liblzma.so.5.0.0\ne9c83000 1516K r-x-- /usr/lib/i386-linux-gnu/libxml2.so.2.9.1\ne9dfe000 20K r---- /usr/lib/i386-linux-gnu/libxml2.so.2.9.1\ne9e03000 4K rw--- /usr/lib/i386-linux-gnu/libxml2.so.2.9.1\ne9e04000 4K rw--- [ anon ]\ne9e05000 288K r-x-- /usr/lib/i386-linux-gnu/libbluray.so.1.6.2\ne9e4d000 4K r---- /usr/lib/i386-linux-gnu/libbluray.so.1.6.2\ne9e4e000 4K rw--- /usr/lib/i386-linux-gnu/libbluray.so.1.6.2\ne9e4f000 64K r-x-- /lib/i386-linux-gnu/libudev.so.1.5.0\ne9e5f000 4K r---- /lib/i386-linux-gnu/libudev.so.1.5.0\ne9e60000 4K rw--- /lib/i386-linux-gnu/libudev.so.1.5.0\ne9e61000 224K r-x-- /usr/lib/i386-linux-gnu/gvfs/libgvfscommon.so\ne9e99000 8K r---- /usr/lib/i386-linux-gnu/gvfs/libgvfscommon.so\ne9e9b000 4K rw--- /usr/lib/i386-linux-gnu/gvfs/libgvfscommon.so\ne9e9c000 388K r-x-- /usr/lib/i386-linux-gnu/libibus-1.0.so.5.0.509\ne9efd000 8K r---- /usr/lib/i386-linux-gnu/libibus-1.0.so.5.0.509\ne9eff000 4K rw--- /usr/lib/i386-linux-gnu/libibus-1.0.so.5.0.509\ne9f00000 1024K rw--- [ anon ]\nea000000 4K ----- [ anon ]\nea001000 8188K rwx-- [ anon ]\nea800000 3072K rw--- [ anon ]\neab00000 4K ----- [ anon ]\neab01000 8188K rwx-- [ anon ]\neb300000 16384K rw--- [ anon ]\nec300000 4K ----- [ anon ]\nec301000 2044K rwx-- [ anon ]\nec500000 4K ----- [ anon ]\nec501000 2044K rwx-- [ anon ]\nec700000 4K ----- [ anon ]\nec701000 2044K rwx-- [ anon ]\nec900000 4K ----- [ anon ]\nec901000 2044K rwx-- [ anon ]\necb00000 4K ----- [ anon ]\necb01000 2044K rwx-- [ anon ]\necd00000 1024K rw--- [ anon ]\nece00000 40K r-x-- /lib/i386-linux-gnu/libjson-c.so.2.0.0\nece0a000 4K r---- /lib/i386-linux-gnu/libjson-c.so.2.0.0\nece0b000 4K rw--- /lib/i386-linux-gnu/libjson-c.so.2.0.0\nece0c000 220K r-x-- /usr/lib/i386-linux-gnu/gio/modules/libgvfsdbus.so\nece43000 4K r---- /usr/lib/i386-linux-gnu/gio/modules/libgvfsdbus.so\nece44000 4K rw--- /usr/lib/i386-linux-gnu/gio/modules/libgvfsdbus.so\nece45000 568K r---- /usr/local/lib/tor-browser/fonts/Arimo-Regular.ttf\neced3000 4K ----- [ anon ]\neced4000 8188K rwx-- [ anon ]\ned6d3000 4K ----- [ anon ]\ned6d4000 8188K rwx-- [ anon ]\neded3000 12136K r---- /usr/local/lib/tor-browser/browser/omni.ja\neeaad000 9548K r---- /usr/local/lib/tor-browser/omni.ja\nef400000 1024K rw--- [ anon ]\nef500000 4K r---- /usr/lib/locale/C.UTF-8/LC_NUMERIC\nef501000 16K r-x-- /lib/i386-linux-gnu/libcap.so.2.24\nef505000 4K r---- /lib/i386-linux-gnu/libcap.so.2.24\nef506000 4K rw--- /lib/i386-linux-gnu/libcap.so.2.24\nef507000 4K r---- /usr/lib/locale/C.UTF-8/LC_TIME\nef508000 4K r---- /usr/lib/locale/C.UTF-8/LC_MONETARY\nef509000 4K r---- /usr/lib/locale/C.UTF-8/LC_MESSAGES/SYS_LC_MESSAGES\nef50a000 4K r---- /usr/lib/locale/C.UTF-8/LC_PAPER\nef50b000 4K r---- /usr/lib/locale/C.UTF-8/LC_NAME\nef50c000 4K r---- /usr/lib/locale/C.UTF-8/LC_ADDRESS\nef50d000 4K r---- /usr/lib/locale/C.UTF-8/LC_TELEPHONE\nef50e000 64K rwx-- [ anon ]\nef51e000 128K r-x-- /usr/local/lib/tor-browser/browser/components/libbrowsercomps.so\nef53e000 4K ----- /usr/local/lib/tor-browser/browser/components/libbrowsercomps.so\nef53f000 4K r---- /usr/local/lib/tor-browser/browser/components/libbrowsercomps.so\nef540000 4K rw--- /usr/local/lib/tor-browser/browser/components/libbrowsercomps.so\nef541000 196K r-x-- /usr/lib/i386-linux-gnu/libatk-bridge-2.0.so.0.0.0\nef572000 4K r---- /usr/lib/i386-linux-gnu/libatk-bridge-2.0.so.0.0.0\nef573000 4K rw--- /usr/lib/i386-linux-gnu/libatk-bridge-2.0.so.0.0.0\nef574000 4K rw--- [ anon ]\nef575000 188K r-x-- /usr/lib/i386-linux-gnu/libatspi.so.0.0.1\nef5a4000 12K r---- /usr/lib/i386-linux-gnu/libatspi.so.0.0.1\nef5a7000 4K rw--- /usr/lib/i386-linux-gnu/libatspi.so.0.0.1\nef5a8000 4K r-x-- /usr/lib/i386-linux-gnu/libX11-xcb.so.1.0.0\nef5a9000 4K r---- /usr/lib/i386-linux-gnu/libX11-xcb.so.1.0.0\nef5aa000 4K rw--- /usr/lib/i386-linux-gnu/libX11-xcb.so.1.0.0\nef5ab000 8K r-x-- /lib/i386-linux-gnu/libutil-2.19.so\nef5ad000 4K r---- /lib/i386-linux-gnu/libutil-2.19.so\nef5ae000 4K rw--- /lib/i386-linux-gnu/libutil-2.19.so\nef5af000 64K rwx-- [ anon ]\nef5bf000 32K r-x-- /usr/lib/i386-linux-gnu/libgailutil.so.18.0.1\nef5c7000 4K r---- /usr/lib/i386-linux-gnu/libgailutil.so.18.0.1\nef5c8000 4K rw--- /usr/lib/i386-linux-gnu/libgailutil.so.18.0.1\nef5c9000 4K r---- /usr/lib/locale/C.UTF-8/LC_MEASUREMENT\nef5ca000 4K r---- /usr/lib/locale/C.UTF-8/LC_IDENTIFICATION\nef5cb000 28K r-x-- /usr/lib/i386-linux-gnu/gtk-2.0/2.10.0/immodules/im-ibus.so\nef5d2000 4K r---- /usr/lib/i386-linux-gnu/gtk-2.0/2.10.0/immodules/im-ibus.so\nef5d3000 4K rw--- /usr/lib/i386-linux-gnu/gtk-2.0/2.10.0/immodules/im-ibus.so\nef5d4000 4K ----- [ anon ]\nef5d5000 28K rwx-- [ anon ]\nef5dc000 4K ----- [ anon ]\nef5dd000 4K r-x-- /usr/lib/i386-linux-gnu/gtk-2.0/modules/libatk-bridge.so\nef5de000 4K r---- /usr/lib/i386-linux-gnu/gtk-2.0/modules/libatk-bridge.so\nef5df000 4K rw--- /usr/lib/i386-linux-gnu/gtk-2.0/modules/libatk-bridge.so\nef5e0000 360K r-x-- /usr/lib/i386-linux-gnu/gtk-2.0/modules/libgail.so\nef63a000 4K r---- /usr/lib/i386-linux-gnu/gtk-2.0/modules/libgail.so\nef63b000 4K rw--- /usr/lib/i386-linux-gnu/gtk-2.0/modules/libgail.so\nef63c000 40K r-x-- /usr/lib/i386-linux-gnu/gtk-2.0/2.10.0/engines/libpixmap.so\nef646000 8K r---- /usr/lib/i386-linux-gnu/gtk-2.0/2.10.0/engines/libpixmap.so\nef648000 4K rw--- /usr/lib/i386-linux-gnu/gtk-2.0/2.10.0/engines/libpixmap.so\nef649000 1216K r---- /usr/lib/locale/zu_ZA.utf8/LC_COLLATE\nef779000 4K ----- [ anon ]\nef77a000 8188K rwx-- [ anon ]\neff79000 252K r---- /usr/lib/locale/zu_ZA.utf8/LC_CTYPE\neffb8000 16K r-x-- /lib/i386-linux-gnu/libuuid.so.1.3.0\neffbc000 4K r---- /lib/i386-linux-gnu/libuuid.so.1.3.0\neffbd000 4K rw--- /lib/i386-linux-gnu/libuuid.so.1.3.0\neffbe000 20K r-x-- /usr/lib/i386-linux-gnu/libXdmcp.so.6.0.0\neffc3000 4K rw--- /usr/lib/i386-linux-gnu/libXdmcp.so.6.0.0\neffc4000 8K r-x-- /usr/lib/i386-linux-gnu/libXau.so.6.0.0\neffc6000 4K r---- /usr/lib/i386-linux-gnu/libXau.so.6.0.0\neffc7000 4K rw--- /usr/lib/i386-linux-gnu/libXau.so.6.0.0\neffc8000 28K r-x-- /usr/lib/i386-linux-gnu/libdatrie.so.1.3.1\neffcf000 4K r---- /usr/lib/i386-linux-gnu/libdatrie.so.1.3.1\neffd0000 4K rw--- /usr/lib/i386-linux-gnu/libdatrie.so.1.3.1\neffd1000 148K r-x-- /usr/lib/i386-linux-gnu/libgraphite2.so.3.0.1\nefff6000 8K r---- /usr/lib/i386-linux-gnu/libgraphite2.so.3.0.1\nefff8000 4K rw--- /usr/lib/i386-linux-gnu/libgraphite2.so.3.0.1\nefff9000 100K r-x-- /usr/lib/i386-linux-gnu/libICE.so.6.3.0\nf0012000 4K r---- /usr/lib/i386-linux-gnu/libICE.so.6.3.0\nf0013000 4K rw--- /usr/lib/i386-linux-gnu/libICE.so.6.3.0\nf0014000 8K rw--- [ anon ]\nf0016000 32K r-x-- /usr/lib/i386-linux-gnu/libSM.so.6.0.1\nf001e000 4K r---- /usr/lib/i386-linux-gnu/libSM.so.6.0.1\nf001f000 4K rw--- /usr/lib/i386-linux-gnu/libSM.so.6.0.1\nf0020000 144K r-x-- /usr/lib/i386-linux-gnu/libxcb.so.1.1.0\nf0044000 4K r---- /usr/lib/i386-linux-gnu/libxcb.so.1.1.0\nf0045000 4K rw--- /usr/lib/i386-linux-gnu/libxcb.so.1.1.0\nf0046000 36K r-x-- /usr/lib/i386-linux-gnu/libxcb-render.so.0.0.0\nf004f000 4K r---- /usr/lib/i386-linux-gnu/libxcb-render.so.0.0.0\nf0050000 4K rw--- /usr/lib/i386-linux-gnu/libxcb-render.so.0.0.0\nf0051000 8K r-x-- /usr/lib/i386-linux-gnu/libxcb-shm.so.0.0.0\nf0053000 4K r---- /usr/lib/i386-linux-gnu/libxcb-shm.so.0.0.0\nf0054000 4K rw--- /usr/lib/i386-linux-gnu/libxcb-shm.so.0.0.0\nf0055000 712K r-x-- /usr/lib/i386-linux-gnu/libpixman-1.so.0.32.6\nf0107000 24K r---- /usr/lib/i386-linux-gnu/libpixman-1.so.0.32.6\nf010d000 4K rw--- /usr/lib/i386-linux-gnu/libpixman-1.so.0.32.6\nf010e000 32K r-x-- /usr/lib/i386-linux-gnu/libthai.so.0.2.0\nf0116000 4K r---- /usr/lib/i386-linux-gnu/libthai.so.0.2.0\nf0117000 4K rw--- /usr/lib/i386-linux-gnu/libthai.so.0.2.0\nf0118000 40K r-x-- /usr/lib/i386-linux-gnu/libXcursor.so.1.0.2\nf0122000 4K r---- /usr/lib/i386-linux-gnu/libXcursor.so.1.0.2\nf0123000 4K rw--- /usr/lib/i386-linux-gnu/libXcursor.so.1.0.2\nf0124000 40K r-x-- /usr/lib/i386-linux-gnu/libXrandr.so.2.2.0\nf012e000 4K r---- /usr/lib/i386-linux-gnu/libXrandr.so.2.2.0\nf012f000 4K rw--- /usr/lib/i386-linux-gnu/libXrandr.so.2.2.0\nf0130000 68K r-x-- /usr/lib/i386-linux-gnu/libXi.so.6.1.0\nf0141000 4K r---- /usr/lib/i386-linux-gnu/libXi.so.6.1.0\nf0142000 4K rw--- /usr/lib/i386-linux-gnu/libXi.so.6.1.0\nf0143000 8K r-x-- /usr/lib/i386-linux-gnu/libXinerama.so.1.0.0\nf0145000 4K r---- /usr/lib/i386-linux-gnu/libXinerama.so.1.0.0\nf0146000 4K rw--- /usr/lib/i386-linux-gnu/libXinerama.so.1.0.0\nf0147000 364K r-x-- /usr/lib/i386-linux-gnu/libharfbuzz.so.0.935.0\nf01a2000 4K r---- /usr/lib/i386-linux-gnu/libharfbuzz.so.0.935.0\nf01a3000 4K rw--- /usr/lib/i386-linux-gnu/libharfbuzz.so.0.935.0\nf01a4000 76K r-x-- /lib/i386-linux-gnu/libresolv-2.19.so\nf01b7000 8K r---- /lib/i386-linux-gnu/libresolv-2.19.so\nf01b9000 4K rw--- /lib/i386-linux-gnu/libresolv-2.19.so\nf01ba000 8K rw--- [ anon ]\nf01bc000 148K r-x-- /lib/i386-linux-gnu/libselinux.so.1\nf01e1000 4K r---- /lib/i386-linux-gnu/libselinux.so.1\nf01e2000 4K rw--- /lib/i386-linux-gnu/libselinux.so.1\nf01e3000 4K rw--- [ anon ]\nf01e4000 20K r-x-- /usr/lib/i386-linux-gnu/libXfixes.so.3.1.0\nf01e9000 4K r---- /usr/lib/i386-linux-gnu/libXfixes.so.3.1.0\nf01ea000 4K rw--- /usr/lib/i386-linux-gnu/libXfixes.so.3.1.0\nf01eb000 8K r-x-- /usr/lib/i386-linux-gnu/libXdamage.so.1.1.0\nf01ed000 4K r---- /usr/lib/i386-linux-gnu/libXdamage.so.1.1.0\nf01ee000 4K rw--- /usr/lib/i386-linux-gnu/libXdamage.so.1.1.0\nf01ef000 448K r-x-- /lib/i386-linux-gnu/libpcre.so.3.13.1\nf025f000 8K r---- /lib/i386-linux-gnu/libpcre.so.3.13.1\nf0261000 4K rw--- /lib/i386-linux-gnu/libpcre.so.3.13.1\nf0262000 24K r-x-- /usr/lib/i386-linux-gnu/libffi.so.6.0.2\nf0268000 4K r---- /usr/lib/i386-linux-gnu/libffi.so.6.0.2\nf0269000 4K rw--- /usr/lib/i386-linux-gnu/libffi.so.6.0.2\nf026a000 152K r-x-- /lib/i386-linux-gnu/libexpat.so.1.6.0\nf0290000 8K r---- /lib/i386-linux-gnu/libexpat.so.1.6.0\nf0292000 4K rw--- /lib/i386-linux-gnu/libexpat.so.1.6.0\nf0293000 172K r-x-- /lib/i386-linux-gnu/libpng12.so.0.50.0\nf02be000 4K r---- /lib/i386-linux-gnu/libpng12.so.0.50.0\nf02bf000 4K rw--- /lib/i386-linux-gnu/libpng12.so.0.50.0\nf02c0000 104K r-x-- /lib/i386-linux-gnu/libz.so.1.2.8\nf02da000 8K r---- /lib/i386-linux-gnu/libz.so.1.2.8\nf02dc000 4K rw--- /lib/i386-linux-gnu/libz.so.1.2.8\nf02dd000 392K r-x-- /usr/lib/i386-linux-gnu/libXt.so.6.0.0\nf033f000 4K r---- /usr/lib/i386-linux-gnu/libXt.so.6.0.0\nf0340000 12K rw--- /usr/lib/i386-linux-gnu/libXt.so.6.0.0\nf0343000 4K rw--- [ anon ]\nf0344000 76K r-x-- /usr/lib/i386-linux-gnu/libXext.so.6.4.0\nf0357000 4K r---- /usr/lib/i386-linux-gnu/libXext.so.6.4.0\nf0358000 4K rw--- /usr/lib/i386-linux-gnu/libXext.so.6.4.0\nf0359000 1332K r-x-- /usr/lib/i386-linux-gnu/libX11.so.6.3.0\nf04a6000 8K r---- /usr/lib/i386-linux-gnu/libX11.so.6.3.0\nf04a8000 12K rw--- /usr/lib/i386-linux-gnu/libX11.so.6.3.0\nf04ab000 1300K r-x-- /usr/lib/i386-linux-gnu/libcairo.so.2.11400.0\nf05f0000 8K r---- /usr/lib/i386-linux-gnu/libcairo.so.2.11400.0\nf05f2000 4K rw--- /usr/lib/i386-linux-gnu/libcairo.so.2.11400.0\nf05f3000 4K rw--- [ anon ]\nf05f4000 320K r-x-- /usr/lib/i386-linux-gnu/libpango-1.0.so.0.3600.8\nf0644000 4K r---- /usr/lib/i386-linux-gnu/libpango-1.0.so.0.3600.8\nf0645000 4K rw--- /usr/lib/i386-linux-gnu/libpango-1.0.so.0.3600.8\nf0646000 156K r-x-- /usr/lib/i386-linux-gnu/libgdk_pixbuf-2.0.so.0.3100.1\nf066d000 4K r---- /usr/lib/i386-linux-gnu/libgdk_pixbuf-2.0.so.0.3100.1\nf066e000 4K rw--- /usr/lib/i386-linux-gnu/libgdk_pixbuf-2.0.so.0.3100.1\nf066f000 48K r-x-- /usr/lib/i386-linux-gnu/libpangocairo-1.0.so.0.3600.8\nf067b000 4K r---- /usr/lib/i386-linux-gnu/libpangocairo-1.0.so.0.3600.8\nf067c000 4K rw--- /usr/lib/i386-linux-gnu/libpangocairo-1.0.so.0.3600.8\nf067d000 756K r-x-- /usr/lib/i386-linux-gnu/libgdk-x11-2.0.so.0.2400.25\nf073a000 12K r---- /usr/lib/i386-linux-gnu/libgdk-x11-2.0.so.0.2400.25\nf073d000 4K rw--- /usr/lib/i386-linux-gnu/libgdk-x11-2.0.so.0.2400.25\nf073e000 88K r-x-- /usr/lib/i386-linux-gnu/libpangoft2-1.0.so.0.3600.8\nf0754000 4K r---- /usr/lib/i386-linux-gnu/libpangoft2-1.0.so.0.3600.8\nf0755000 4K rw--- /usr/lib/i386-linux-gnu/libpangoft2-1.0.so.0.3600.8\nf0756000 1732K r-x-- /usr/lib/i386-linux-gnu/libgio-2.0.so.0.4200.1\nf0907000 12K r---- /usr/lib/i386-linux-gnu/libgio-2.0.so.0.4200.1\nf090a000 4K rw--- /usr/lib/i386-linux-gnu/libgio-2.0.so.0.4200.1\nf090b000 4K rw--- [ anon ]\nf090c000 148K r-x-- /usr/lib/i386-linux-gnu/libatk-1.0.so.0.21409.1\nf0931000 8K r---- /usr/lib/i386-linux-gnu/libatk-1.0.so.0.21409.1\nf0933000 4K rw--- /usr/lib/i386-linux-gnu/libatk-1.0.so.0.21409.1\nf0934000 5056K r-x-- /usr/lib/i386-linux-gnu/libgtk-x11-2.0.so.0.2400.25\nf0e24000 16K r---- /usr/lib/i386-linux-gnu/libgtk-x11-2.0.so.0.2400.25\nf0e28000 8K rw--- /usr/lib/i386-linux-gnu/libgtk-x11-2.0.so.0.2400.25\nf0e2a000 8K rw--- [ anon ]\nf0e2c000 1176K r-x-- /lib/i386-linux-gnu/libglib-2.0.so.0.4200.1\nf0f52000 4K r---- /lib/i386-linux-gnu/libglib-2.0.so.0.4200.1\nf0f53000 4K rw--- /lib/i386-linux-gnu/libglib-2.0.so.0.4200.1\nf0f54000 368K r-x-- /usr/lib/i386-linux-gnu/libgobject-2.0.so.0.4200.1\nf0fb0000 4K r---- /usr/lib/i386-linux-gnu/libgobject-2.0.so.0.4200.1\nf0fb1000 4K rw--- /usr/lib/i386-linux-gnu/libgobject-2.0.so.0.4200.1\nf0fb2000 336K r-x-- /lib/i386-linux-gnu/libdbus-1.so.3.8.13\nf1006000 8K r---- /lib/i386-linux-gnu/libdbus-1.so.3.8.13\nf1008000 4K rw--- /lib/i386-linux-gnu/libdbus-1.so.3.8.13\nf1009000 148K r-x-- /usr/lib/i386-linux-gnu/libdbus-glib-1.so.2.2.2\nf102e000 4K r---- /usr/lib/i386-linux-gnu/libdbus-glib-1.so.2.2.2\nf102f000 4K rw--- /usr/lib/i386-linux-gnu/libdbus-glib-1.so.2.2.2\nf1030000 1036K r-x-- /usr/lib/i386-linux-gnu/libasound.so.2.0.0\nf1133000 16K r---- /usr/lib/i386-linux-gnu/libasound.so.2.0.0\nf1137000 4K rw--- /usr/lib/i386-linux-gnu/libasound.so.2.0.0\nf1138000 40K r-x-- /usr/lib/i386-linux-gnu/libXrender.so.1.3.0\nf1142000 4K r---- /usr/lib/i386-linux-gnu/libXrender.so.1.3.0\nf1143000 4K rw--- /usr/lib/i386-linux-gnu/libXrender.so.1.3.0\nf1144000 256K r-x-- /usr/lib/i386-linux-gnu/libfontconfig.so.1.8.0\nf1184000 4K r---- /usr/lib/i386-linux-gnu/libfontconfig.so.1.8.0\nf1185000 4K rw--- /usr/lib/i386-linux-gnu/libfontconfig.so.1.8.0\nf1186000 692K r-x-- /usr/lib/i386-linux-gnu/libfreetype.so.6.11.1\nf1233000 16K r---- /usr/lib/i386-linux-gnu/libfreetype.so.6.11.1\nf1237000 4K rw--- /usr/lib/i386-linux-gnu/libfreetype.so.6.11.1\nf1238000 8K r-x-- /usr/lib/i386-linux-gnu/gtk-2.0/2.10.0/engines/libadwaita.so\nf123a000 4K r---- /usr/lib/i386-linux-gnu/gtk-2.0/2.10.0/engines/libadwaita.so\nf123b000 4K rw--- /usr/lib/i386-linux-gnu/gtk-2.0/2.10.0/engines/libadwaita.so\nf123c000 4K r---- /usr/lib/locale/zu_ZA.utf8/LC_NUMERIC\nf123d000 4K r---- /usr/lib/locale/en_US.utf8/LC_TIME\nf123e000 4K r---- /usr/lib/locale/en_US.utf8/LC_MONETARY\nf123f000 4K r---- /usr/lib/locale/ug_CN/LC_MESSAGES/SYS_LC_MESSAGES\nf1240000 4K r---- /usr/lib/locale/yi_US.utf8/LC_PAPER\nf1241000 4K r---- /usr/lib/locale/yi_US.utf8/LC_NAME\nf1242000 4K r---- /usr/lib/locale/en_US.utf8/LC_ADDRESS\nf1243000 12K r-x-- /usr/lib/i386-linux-gnu/gconv/UTF-16.so\nf1246000 4K r---- /usr/lib/i386-linux-gnu/gconv/UTF-16.so\nf1247000 4K rw--- /usr/lib/i386-linux-gnu/gconv/UTF-16.so\nf1248000 28K r--s- /usr/lib/i386-linux-gnu/gconv/gconv-modules.cache\nf124f000 91548K r-x-- /usr/local/lib/tor-browser/libxul.so\nf6bb6000 2612K r---- /usr/local/lib/tor-browser/libxul.so\nf6e43000 348K rw--- /usr/local/lib/tor-browser/libxul.so\nf6e9a000 196K rw--- [ anon ]\nf6ecb000 40K r-x-- /usr/local/lib/tor-browser/liblgpllibs.so\nf6ed5000 4K r---- /usr/local/lib/tor-browser/liblgpllibs.so\nf6ed6000 4K rw--- /usr/local/lib/tor-browser/liblgpllibs.so\nf6ed7000 748K r-x-- /usr/local/lib/tor-browser/libmozsqlite3.so\nf6f92000 8K r---- /usr/local/lib/tor-browser/libmozsqlite3.so\nf6f94000 8K rw--- /usr/local/lib/tor-browser/libmozsqlite3.so\nf6f96000 204K r-x-- /usr/local/lib/tor-browser/libssl3.so\nf6fc9000 4K ----- /usr/local/lib/tor-browser/libssl3.so\nf6fca000 8K r---- /usr/local/lib/tor-browser/libssl3.so\nf6fcc000 4K rw--- /usr/local/lib/tor-browser/libssl3.so\nf6fcd000 880K r-x-- /usr/local/lib/tor-browser/libnss3.so\nf70a9000 4K ----- /usr/local/lib/tor-browser/libnss3.so\nf70aa000 12K r---- /usr/local/lib/tor-browser/libnss3.so\nf70ad000 4K rw--- /usr/local/lib/tor-browser/libnss3.so\nf70ae000 4K rw--- [ anon ]\nf70af000 304K r-x-- /usr/local/lib/tor-browser/libnspr4.so\nf70fb000 4K ----- /usr/local/lib/tor-browser/libnspr4.so\nf70fc000 4K r---- /usr/local/lib/tor-browser/libnspr4.so\nf70fd000 4K rw--- /usr/local/lib/tor-browser/libnspr4.so\nf70fe000 2056K rw--- [ anon ]\nf7300000 8K r-x-- /usr/lib/i386-linux-gnu/libXcomposite.so.1.0.0\nf7302000 4K r---- /usr/lib/i386-linux-gnu/libXcomposite.so.1.0.0\nf7303000 4K rw--- /usr/lib/i386-linux-gnu/libXcomposite.so.1.0.0\nf7304000 116K r-x-- /usr/local/lib/tor-browser/libsmime3.so\nf7321000 4K ----- /usr/local/lib/tor-browser/libsmime3.so\nf7322000 8K r---- /usr/local/lib/tor-browser/libsmime3.so\nf7324000 4K rw--- /usr/local/lib/tor-browser/libsmime3.so\nf7325000 120K r-x-- /usr/local/lib/tor-browser/libnssutil3.so\nf7343000 4K ----- /usr/local/lib/tor-browser/libnssutil3.so\nf7344000 12K r---- /usr/local/lib/tor-browser/libnssutil3.so\nf7347000 4K rw--- /usr/local/lib/tor-browser/libnssutil3.so\nf7348000 12K rw--- [ anon ]\nf734b000 1464K r-x-- /lib/i386-linux-gnu/libc-2.19.so\nf74b9000 8K r---- /lib/i386-linux-gnu/libc-2.19.so\nf74bb000 4K rw--- /lib/i386-linux-gnu/libc-2.19.so\nf74bc000 12K rw--- [ anon ]\nf74bf000 112K r-x-- /lib/i386-linux-gnu/libgcc_s.so.1\nf74db000 4K rw--- /lib/i386-linux-gnu/libgcc_s.so.1\nf74dc000 268K r-x-- /lib/i386-linux-gnu/libm-2.19.so\nf751f000 4K r---- /lib/i386-linux-gnu/libm-2.19.so\nf7520000 4K rw--- /lib/i386-linux-gnu/libm-2.19.so\nf7521000 1600K r-x-- /usr/local/lib/tor-browser/libstdc++.so.6\nf76b1000 24K r---- /usr/local/lib/tor-browser/libstdc++.so.6\nf76b7000 4K rw--- /usr/local/lib/tor-browser/libstdc++.so.6\nf76b8000 8K rw--- [ anon ]\nf76ba000 28K r-x-- /lib/i386-linux-gnu/librt-2.19.so\nf76c1000 4K r---- /lib/i386-linux-gnu/librt-2.19.so\nf76c2000 4K rw--- /lib/i386-linux-gnu/librt-2.19.so\nf76c3000 12K r-x-- /lib/i386-linux-gnu/libdl-2.19.so\nf76c6000 4K r---- /lib/i386-linux-gnu/libdl-2.19.so\nf76c7000 4K rw--- /lib/i386-linux-gnu/libdl-2.19.so\nf76c8000 92K r-x-- /lib/i386-linux-gnu/libpthread-2.19.so\nf76df000 4K r---- /lib/i386-linux-gnu/libpthread-2.19.so\nf76e0000 4K rw--- /lib/i386-linux-gnu/libpthread-2.19.so\nf76e1000 8K rw--- [ anon ]\nf76e3000 4K r---- /usr/lib/locale/yi_US.utf8/LC_TELEPHONE\nf76e4000 4K r---- /usr/lib/locale/yi_US.utf8/LC_MEASUREMENT\nf76e5000 12K r-x-- /usr/lib/i386-linux-gnu/libgmodule-2.0.so.0.4200.1\nf76e8000 4K r---- /usr/lib/i386-linux-gnu/libgmodule-2.0.so.0.4200.1\nf76e9000 4K rw--- /usr/lib/i386-linux-gnu/libgmodule-2.0.so.0.4200.1\nf76ea000 4K r-x-- /usr/lib/i386-linux-gnu/libgthread-2.0.so.0.4200.1\nf76eb000 4K r---- /usr/lib/i386-linux-gnu/libgthread-2.0.so.0.4200.1\nf76ec000 4K rw--- /usr/lib/i386-linux-gnu/libgthread-2.0.so.0.4200.1\nf76ed000 12K r-x-- /usr/local/lib/tor-browser/libplds4.so\nf76f0000 4K r---- /usr/local/lib/tor-browser/libplds4.so\nf76f1000 4K rw--- /usr/local/lib/tor-browser/libplds4.so\nf76f2000 20K r-x-- /usr/local/lib/tor-browser/libplc4.so\nf76f7000 4K r---- /usr/local/lib/tor-browser/libplc4.so\nf76f8000 4K rw--- /usr/local/lib/tor-browser/libplc4.so\nf76f9000 4K r---- /usr/lib/locale/en_US.utf8/LC_IDENTIFICATION\nf76fa000 8K rw--- [ anon ]\nf76fc000 4K r-x-- [ anon ]\nf76fd000 8K r---- [ anon ]\nf76ff000 124K r-x-- /lib/i386-linux-gnu/ld-2.19.so\nf771e000 4K r---- /lib/i386-linux-gnu/ld-2.19.so\nf771f000 4K rw--- /lib/i386-linux-gnu/ld-2.19.so\nf7720000 148K r-x-- /usr/local/lib/tor-browser/firefox\nf7745000 4K rw--- [ anon ]\nf7746000 4K r---- /usr/local/lib/tor-browser/firefox\nf7747000 4K rw--- /usr/local/lib/tor-browser/firefox\nffdb5000 124K rwx-- [ stack ]\nffdd4000 8K rw--- [ anon ]\n total 540100K\n", ""] calling as root: find /usr/lib /lib -name "libfreebl3.so" call returned: [0, "/usr/lib/i386-linux-gnu/nss/libfreebl3.so\n/usr/lib/icedove/libfreebl3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/i386-linux-gnu/nss/libfreebl3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/icedove/libfreebl3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/local/lib/tor-browser/libfreebl3.so\n", ""] calling as root: find /usr/lib /lib -name "liblgpllibs.so" call returned: [0, "/lib/live/mount/rootfs/filesystem.squashfs/usr/local/lib/tor-browser/liblgpllibs.so\n", ""] calling as root: find /usr/lib /lib -name "libmozsqlite3.so" call returned: [0, "/lib/live/mount/rootfs/filesystem.squashfs/usr/local/lib/tor-browser/libmozsqlite3.so\n", ""] calling as root: find /usr/lib /lib -name "libnspr4.so" call returned: [0, "/usr/lib/i386-linux-gnu/libnspr4.so\n/usr/lib/icedove/libnspr4.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/i386-linux-gnu/libnspr4.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/icedove/libnspr4.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/local/lib/tor-browser/libnspr4.so\n", ""] calling as root: find /usr/lib /lib -name "libnss3.so" call returned: [0, "/usr/lib/i386-linux-gnu/libnss3.so\n/usr/lib/icedove/libnss3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/i386-linux-gnu/libnss3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/icedove/libnss3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/local/lib/tor-browser/libnss3.so\n", ""] calling as root: find /usr/lib /lib -name "libnssckbi.so" call returned: [0, "/usr/lib/i386-linux-gnu/nss/libnssckbi.so\n/usr/lib/icedove/libnssckbi.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/i386-linux-gnu/nss/libnssckbi.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/icedove/libnssckbi.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/local/lib/tor-browser/libnssckbi.so\n", ""] calling as root: find /usr/lib /lib -name "libnssdbm3.so" call returned: [0, "/usr/lib/i386-linux-gnu/nss/libnssdbm3.so\n/usr/lib/icedove/libnssdbm3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/i386-linux-gnu/nss/libnssdbm3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/icedove/libnssdbm3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/local/lib/tor-browser/libnssdbm3.so\n", ""] calling as root: find /usr/lib /lib -name "libnssutil3.so" call returned: [0, "/usr/lib/i386-linux-gnu/libnssutil3.so\n/usr/lib/icedove/libnssutil3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/i386-linux-gnu/libnssutil3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/icedove/libnssutil3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/local/lib/tor-browser/libnssutil3.so\n", ""] calling as root: find /usr/lib /lib -name "libplc4.so" call returned: [0, "/usr/lib/i386-linux-gnu/libplc4.so\n/usr/lib/icedove/libplc4.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/i386-linux-gnu/libplc4.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/icedove/libplc4.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/local/lib/tor-browser/libplc4.so\n", ""] calling as root: find /usr/lib /lib -name "libplds4.so" call returned: [0, "/usr/lib/i386-linux-gnu/libplds4.so\n/usr/lib/icedove/libplds4.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/i386-linux-gnu/libplds4.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/icedove/libplds4.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/local/lib/tor-browser/libplds4.so\n", ""] calling as root: find /usr/lib /lib -name "libsmime3.so" call returned: [0, "/usr/lib/i386-linux-gnu/libsmime3.so\n/usr/lib/icedove/libsmime3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/i386-linux-gnu/libsmime3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/icedove/libsmime3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/local/lib/tor-browser/libsmime3.so\n", ""] calling as root: find /usr/lib /lib -name "libsoftokn3.so" call returned: [0, "/usr/lib/i386-linux-gnu/nss/libsoftokn3.so\n/usr/lib/icedove/libsoftokn3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/i386-linux-gnu/nss/libsoftokn3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/icedove/libsoftokn3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/local/lib/tor-browser/libsoftokn3.so\n", ""] calling as root: find /usr/lib /lib -name "libssl3.so" call returned: [0, "/usr/lib/i386-linux-gnu/libssl3.so\n/usr/lib/icedove/libssl3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/i386-linux-gnu/libssl3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/icedove/libssl3.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/local/lib/tor-browser/libssl3.so\n", ""] calling as root: find /usr/lib /lib -name "libxul.so" call returned: [0, "/usr/lib/icedove/libxul.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/lib/icedove/libxul.so\n/lib/live/mount/rootfs/filesystem.squashfs/usr/local/lib/tor-browser/libxul.so\n", ""] Then the Tor Browser uses all expected TBB shared libraries # features/step_definitions/browser.rb:162 Scenario: The Tor Browser should not have any plugins enabled # features/torified_browsing.feature:110 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [0, "", ""] calling as root: systemctl --quiet is-active tor@default.service call returned: [0, "", ""] calling as root: systemctl stop tor@default.service call returned: [0, "", ""] calling as root: rm -f /var/log/tor/log call returned: [0, "", ""] calling as root: systemctl --no-block restart tails-tor-has-bootstrapped.target call returned: [0, "", ""] calling as root: date -s '@1465819180' call returned: [0, "Mon Jun 13 11:59:40 UTC 2016\n", ""] spawning as root: restart-tor calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [0, "", ""] calling as root: cat /proc/cmdline call returned: [0, "BOOT_IMAGE=/live/vmlinuz2 initrd=/live/initrd2.img boot=live config live-media=removable apparmor=1 security=apparmor nopersistence noprompt timezone=Etc/UTC block.events_dfl_poll_msecs=1000 splash noautologin module=Tails slab_nomerge slub_debug=FZ mce=0 vsyscall=none quiet autotest_never_use_this_option blacklist=psmouse \n", ""] Given I have started Tails from DVD and logged in and the network is connected # features/step_definitions/snapshots.rb:199 calling as amnesia: mktemp call returned: [0, "/tmp/tmp.GRM1obB011\n", ""] calling as root: rm -f '/tmp/tmp.GRM1obB011' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Applications'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.GRM1obB011' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.GRM1obB011' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.GRM1obB011_20160613-115947_debug ...\nClicking on [label | Applications]\nMouse button 1 click at (47,13)\n", ""] calling as root: rm -f '/tmp/tmp.GRM1obB011' call returned: [0, "", ""] calling as amnesia: mktemp call returned: [0, "/tmp/tmp.7S0AH7Wmsk\n", ""] calling as root: rm -f '/tmp/tmp.7S0AH7Wmsk' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Internet'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.7S0AH7Wmsk' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.7S0AH7Wmsk' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.7S0AH7Wmsk_20160613-115950_debug ...\nClicking on [label | Internet]\nMouse button 1 click at (59,166)\n", ""] calling as root: rm -f '/tmp/tmp.7S0AH7Wmsk' call returned: [0, "", ""] calling as amnesia: mktemp call returned: [0, "/tmp/tmp.9K4oPq7nKf\n", ""] calling as root: rm -f '/tmp/tmp.9K4oPq7nKf' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Tor Browser'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.9K4oPq7nKf' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.9K4oPq7nKf' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.9K4oPq7nKf_20160613-115953_debug ...\nClicking on [label | Tor Browser]\nMouse button 1 click at (297,336)\n", ""] calling as root: rm -f '/tmp/tmp.9K4oPq7nKf' call returned: [0, "", ""] When I start the Tor Browser # features/step_definitions/common_steps.rb:558 calling as amnesia: mktemp call returned: [0, "/tmp/tmp.knonzOqDD0\n", ""] calling as root: rm -f '/tmp/tmp.knonzOqDD0' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'Firefox'"'"') application.child('"'"'Tails - News - Tor Browser'"'"', roleName='"'"'frame'"'"')' >> '/tmp/tmp.knonzOqDD0' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.knonzOqDD0' call returned: [0, "", ""] calling as root: rm -f '/tmp/tmp.knonzOqDD0' call returned: [0, "", ""] calling as amnesia: mktemp call returned: [0, "/tmp/tmp.C62R77fjP0\n", ""] calling as root: rm -f '/tmp/tmp.C62R77fjP0' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'Firefox'"'"') application.child('"'"'Reload current page'"'"', roleName='"'"'push button'"'"')' >> '/tmp/tmp.C62R77fjP0' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.C62R77fjP0' call returned: [0, "", ""] calling as root: rm -f '/tmp/tmp.C62R77fjP0' call returned: [0, "", ""] And the Tor Browser has started and loaded the startup page # features/step_definitions/common_steps.rb:403 calling as root: . /usr/local/lib/tails-shell-library/tor-browser.sh && echo ${TBB_INSTALL}/firefox call returned: [0, "/usr/local/lib/tor-browser/firefox\n", ""] [log] CLICK on (243,83) calling as root: . /usr/local/lib/tails-shell-library/tor-browser.sh && echo ${TBB_INSTALL}/firefox call returned: [0, "/usr/local/lib/tor-browser/firefox\n", ""] [log] CLICK on (238,117) calling as amnesia: echo -n 'about:plugins' | xsel --input --clipboard call returned: [0, "", ""] [log] Ctrl+TYPE "v" [log] TYPE " " Then the Tor Browser has no plugins installed # features/step_definitions/browser.rb:129 @product @check_tor_leaks Feature: Keyserver interaction with GnuPG As a Tails user when I interact with keyservers using various GnuPG tools the configured keyserver must be used and all Internet traffic should flow only through Tor. Background: # features/torified_gnupg.feature:8 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [0, "", ""] calling as root: systemctl --quiet is-active tor@default.service call returned: [0, "", ""] calling as root: systemctl stop tor@default.service call returned: [0, "", ""] calling as root: rm -f /var/log/tor/log call returned: [0, "", ""] calling as root: systemctl --no-block restart tails-tor-has-bootstrapped.target call returned: [0, "", ""] calling as root: date -s '@1465819232' call returned: [0, "Mon Jun 13 12:00:32 UTC 2016\n", ""] spawning as root: restart-tor calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [0, "", ""] calling as root: cat /proc/cmdline call returned: [0, "BOOT_IMAGE=/live/vmlinuz2 initrd=/live/initrd2.img boot=live config live-media=removable apparmor=1 security=apparmor nopersistence noprompt timezone=Etc/UTC block.events_dfl_poll_msecs=1000 splash noautologin module=Tails slab_nomerge slub_debug=FZ mce=0 vsyscall=none quiet autotest_never_use_this_option blacklist=psmouse \n", ""] Given I have started Tails from DVD and logged in and the network is connected # features/step_definitions/snapshots.rb:199 calling as amnesia: gpg --batch --list-keys '10CC5BC7' call returned: [2, "", "gpg: error reading key: public key not found\n"] And the "10CC5BC7" OpenPGP key is not in the live user's public keyring # features/step_definitions/torified_gnupg.rb:40 Scenario: Seahorse is configured to use the correct keyserver # features/torified_gnupg.feature:12 calling as amnesia: gsettings get org.gnome.crypto.pgp keyservers call returned: [0, "['hkp://pool.sks-keyservers.net']\n", ""] Then Seahorse is configured to use the correct keyserver # features/step_definitions/torified_gnupg.rb:201 Scenario: Fetching OpenPGP keys using GnuPG should work and be done over Tor. # features/torified_gnupg.feature:15 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [0, "", ""] calling as root: systemctl --quiet is-active tor@default.service call returned: [0, "", ""] calling as root: systemctl stop tor@default.service call returned: [0, "", ""] calling as root: rm -f /var/log/tor/log call returned: [0, "", ""] calling as root: systemctl --no-block restart tails-tor-has-bootstrapped.target call returned: [0, "", ""] calling as root: date -s '@1465819244' call returned: [0, "Mon Jun 13 12:00:44 UTC 2016\n", ""] spawning as root: restart-tor calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [0, "", ""] calling as root: cat /proc/cmdline call returned: [0, "BOOT_IMAGE=/live/vmlinuz2 initrd=/live/initrd2.img boot=live config live-media=removable apparmor=1 security=apparmor nopersistence noprompt timezone=Etc/UTC block.events_dfl_poll_msecs=1000 splash noautologin module=Tails slab_nomerge slub_debug=FZ mce=0 vsyscall=none quiet autotest_never_use_this_option blacklist=psmouse \n", ""] calling as amnesia: gpg --batch --list-keys '10CC5BC7' call returned: [2, "", "gpg: error reading key: public key not found\n"] calling as amnesia: timeout 120 gpg --batch --recv-key '10CC5BC7' call returned: [0, "", "gpg: requesting key 0x10CC5BC7 from hkps server hkps.pool.sks-keyservers.net\ngpg: key 0x1D84CCF010CC5BC7: public key \"anonym \" imported\ngpg: no ultimately trusted keys found\ngpg: Total number processed: 1\ngpg: imported: 1 (RSA: 1)\n"] When I fetch the "10CC5BC7" OpenPGP key using the GnuPG CLI # features/step_definitions/torified_gnupg.rb:46 Then GnuPG uses the configured keyserver # features/step_definitions/torified_gnupg.rb:77 And the GnuPG fetch is successful # features/step_definitions/torified_gnupg.rb:67 calling as amnesia: gpg --batch --list-keys '10CC5BC7' call returned: [0, "pub 4096R/0x1D84CCF010CC5BC7 2012-08-21 [expires: 2016-08-24]\n Key fingerprint = 52B6 9F10 A3B0 785A D05A FB47 1D84 CCF0 10CC 5BC7\nuid [ unknown] anonym \nsub 4096R/0x839D3BF32EA80502 2012-08-21 [expires: 2016-08-24]\n\n", ""] And the "10CC5BC7" key is in the live user's public keyring # features/step_definitions/torified_gnupg.rb:82 Scenario: Fetching OpenPGP keys using Seahorse should work and be done over Tor. # features/torified_gnupg.feature:21 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [0, "", ""] calling as root: systemctl --quiet is-active tor@default.service call returned: [0, "", ""] calling as root: systemctl stop tor@default.service call returned: [0, "", ""] calling as root: rm -f /var/log/tor/log call returned: [0, "", ""] calling as root: systemctl --no-block restart tails-tor-has-bootstrapped.target call returned: [0, "", ""] calling as root: date -s '@1465819255' call returned: [0, "Mon Jun 13 12:00:55 UTC 2016\n", ""] spawning as root: restart-tor calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [0, "", ""] calling as root: cat /proc/cmdline call returned: [0, "BOOT_IMAGE=/live/vmlinuz2 initrd=/live/initrd2.img boot=live config live-media=removable apparmor=1 security=apparmor nopersistence noprompt timezone=Etc/UTC block.events_dfl_poll_msecs=1000 splash noautologin module=Tails slab_nomerge slub_debug=FZ mce=0 vsyscall=none quiet autotest_never_use_this_option blacklist=psmouse \n", ""] calling as amnesia: gpg --batch --list-keys '10CC5BC7' call returned: [2, "", "gpg: error reading key: public key not found\n"] calling as amnesia: mktemp call returned: [0, "/tmp/tmp.83mb8jrmg0\n", ""] calling as root: rm -f '/tmp/tmp.83mb8jrmg0' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Applications'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.83mb8jrmg0' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.83mb8jrmg0' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.83mb8jrmg0_20160613-120102_debug ...\nClicking on [label | Applications]\nMouse button 1 click at (47,13)\n", ""] calling as root: rm -f '/tmp/tmp.83mb8jrmg0' call returned: [0, "", ""] calling as amnesia: mktemp call returned: [0, "/tmp/tmp.QzMDqL8Isw\n", ""] calling as root: rm -f '/tmp/tmp.QzMDqL8Isw' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Utilities'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.QzMDqL8Isw' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.QzMDqL8Isw' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.QzMDqL8Isw_20160613-120105_debug ...\nClicking on [label | Utilities]\nMouse button 1 click at (58,430)\n", ""] calling as root: rm -f '/tmp/tmp.QzMDqL8Isw' call returned: [0, "", ""] calling as amnesia: mktemp call returned: [0, "/tmp/tmp.wqgNWpQBhU\n", ""] calling as root: rm -f '/tmp/tmp.wqgNWpQBhU' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Passwords and Keys'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.wqgNWpQBhU' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.wqgNWpQBhU' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.wqgNWpQBhU_20160613-120109_debug ...\nClicking on [label | Passwords and Keys]\nMouse button 1 click at (324,292)\n", ""] calling as root: rm -f '/tmp/tmp.wqgNWpQBhU' call returned: [0, "", ""] calling as root: pidof -x -o '%PPID' seahorse [log] CLICK on (283,16) call returned: [0, "4697\n", ""] [log] CLICK on (304,145) [log] CLICK on (361,176) [log] TYPE "10CC5BC7 " [log] CLICK on (281,50) [log] CLICK on (19,165) calling as amnesia: gpg --batch --list-keys '10CC5BC7' [log] CLICK on (51,118) call returned: [2, "", "gpg: error reading key: public key not found\n"] calling as amnesia: gpg --batch --list-keys '10CC5BC7' call returned: [0, "pub 4096R/0x1D84CCF010CC5BC7 2012-08-21 [expires: 2016-08-24]\n Key fingerprint = 52B6 9F10 A3B0 785A D05A FB47 1D84 CCF0 10CC 5BC7\nuid [ unknown] anonym \nsub 4096R/0x839D3BF32EA80502 2012-08-21 [expires: 2016-08-24]\n\n", ""] When I fetch the "10CC5BC7" OpenPGP key using Seahorse # features/step_definitions/torified_gnupg.rb:154 calling as root: pidof -x -o '%PPID' seahorse call returned: [0, "4697\n", ""] And the Seahorse operation is successful # features/step_definitions/torified_gnupg.rb:72 calling as amnesia: gpg --batch --list-keys '10CC5BC7' call returned: [0, "pub 4096R/0x1D84CCF010CC5BC7 2012-08-21 [expires: 2016-08-24]\n Key fingerprint = 52B6 9F10 A3B0 785A D05A FB47 1D84 CCF0 10CC 5BC7\nuid [ unknown] anonym \nsub 4096R/0x839D3BF32EA80502 2012-08-21 [expires: 2016-08-24]\n\n", ""] Then the "10CC5BC7" key is in the live user's public keyring # features/step_definitions/torified_gnupg.rb:82 Scenario: Fetching OpenPGP keys using Seahorse via the OpenPGP Applet should work and be done over Tor. # features/torified_gnupg.feature:26 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [0, "", ""] calling as root: systemctl --quiet is-active tor@default.service call returned: [0, "", ""] calling as root: systemctl stop tor@default.service call returned: [0, "", ""] calling as root: rm -f /var/log/tor/log call returned: [0, "", ""] calling as root: systemctl --no-block restart tails-tor-has-bootstrapped.target call returned: [0, "", ""] calling as root: date -s '@1465819300' call returned: [0, "Mon Jun 13 12:01:40 UTC 2016\n", ""] spawning as root: restart-tor calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [0, "", ""] calling as root: cat /proc/cmdline call returned: [0, "BOOT_IMAGE=/live/vmlinuz2 initrd=/live/initrd2.img boot=live config live-media=removable apparmor=1 security=apparmor nopersistence noprompt timezone=Etc/UTC block.events_dfl_poll_msecs=1000 splash noautologin module=Tails slab_nomerge slub_debug=FZ mce=0 vsyscall=none quiet autotest_never_use_this_option blacklist=psmouse \n", ""] calling as amnesia: gpg --batch --list-keys '10CC5BC7' call returned: [2, "", "gpg: error reading key: public key not found\n"] [log] CLICK on (665,11) [log] CLICK on (731,81) [log] CLICK on (511,113) calling as root: pidof -x -o '%PPID' seahorse call returned: [0, "4425\n", ""] [log] CLICK on (304,145) [log] CLICK on (361,176) [log] TYPE "10CC5BC7 " [log] CLICK on (281,50) [log] CLICK on (19,165) [log] CLICK on (51,118) calling as amnesia: gpg --batch --list-keys '10CC5BC7' call returned: [2, "", "gpg: error reading key: public key not found\n"] calling as amnesia: gpg --batch --list-keys '10CC5BC7' call returned: [0, "pub 4096R/0x1D84CCF010CC5BC7 2012-08-21 [expires: 2016-08-24]\n Key fingerprint = 52B6 9F10 A3B0 785A D05A FB47 1D84 CCF0 10CC 5BC7\nuid [ unknown] anonym \nsub 4096R/0x839D3BF32EA80502 2012-08-21 [expires: 2016-08-24]\n\n", ""] When I fetch the "10CC5BC7" OpenPGP key using Seahorse via the OpenPGP Applet # features/step_definitions/torified_gnupg.rb:154 calling as root: pidof -x -o '%PPID' seahorse call returned: [0, "4425\n", ""] And the Seahorse operation is successful # features/step_definitions/torified_gnupg.rb:72 calling as amnesia: gpg --batch --list-keys '10CC5BC7' call returned: [0, "pub 4096R/0x1D84CCF010CC5BC7 2012-08-21 [expires: 2016-08-24]\n Key fingerprint = 52B6 9F10 A3B0 785A D05A FB47 1D84 CCF0 10CC 5BC7\nuid [ unknown] anonym \nsub 4096R/0x839D3BF32EA80502 2012-08-21 [expires: 2016-08-24]\n\n", ""] Then the "10CC5BC7" key is in the live user's public keyring # features/step_definitions/torified_gnupg.rb:82 Scenario: Syncing OpenPGP keys using Seahorse should work and be done over Tor. # features/torified_gnupg.feature:31 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [0, "", ""] calling as root: systemctl --quiet is-active tor@default.service call returned: [0, "", ""] calling as root: systemctl stop tor@default.service call returned: [0, "", ""] calling as root: rm -f /var/log/tor/log call returned: [0, "", ""] calling as root: systemctl --no-block restart tails-tor-has-bootstrapped.target call returned: [0, "", ""] calling as root: date -s '@1465819338' call returned: [0, "Mon Jun 13 12:02:18 UTC 2016\n", ""] spawning as root: restart-tor calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [0, "", ""] calling as root: cat /proc/cmdline call returned: [0, "BOOT_IMAGE=/live/vmlinuz2 initrd=/live/initrd2.img boot=live config live-media=removable apparmor=1 security=apparmor nopersistence noprompt timezone=Etc/UTC block.events_dfl_poll_msecs=1000 splash noautologin module=Tails slab_nomerge slub_debug=FZ mce=0 vsyscall=none quiet autotest_never_use_this_option blacklist=psmouse \n", ""] calling as amnesia: gpg --batch --list-keys '10CC5BC7' call returned: [2, "", "gpg: error reading key: public key not found\n"] calling as amnesia: timeout 120 gpg --batch --keyserver-options import-clean --recv-key '10CC5BC7' call returned: [0, "", "gpg: requesting key 0x10CC5BC7 from hkps server hkps.pool.sks-keyservers.net\ngpg: key 0x1D84CCF010CC5BC7: public key \"anonym \" imported\ngpg: no ultimately trusted keys found\ngpg: Total number processed: 1\ngpg: imported: 1 (RSA: 1)\n"] Given I fetch the "10CC5BC7" OpenPGP key using the GnuPG CLI without any signatures # features/step_definitions/torified_gnupg.rb:46 And the GnuPG fetch is successful # features/step_definitions/torified_gnupg.rb:67 calling as amnesia: gpg --batch --list-keys '10CC5BC7' call returned: [0, "pub 4096R/0x1D84CCF010CC5BC7 2012-08-21 [expires: 2016-08-24]\n Key fingerprint = 52B6 9F10 A3B0 785A D05A FB47 1D84 CCF0 10CC 5BC7\nuid [ unknown] anonym \nsub 4096R/0x839D3BF32EA80502 2012-08-21 [expires: 2016-08-24]\n\n", ""] And the "10CC5BC7" key is in the live user's public keyring # features/step_definitions/torified_gnupg.rb:82 calling as amnesia: gpg --batch --list-sigs 10CC5BC7 call returned: [0, "pub 4096R/0x1D84CCF010CC5BC7 2012-08-21 [expires: 2016-08-24]\n Key fingerprint = 52B6 9F10 A3B0 785A D05A FB47 1D84 CCF0 10CC 5BC7\nuid [ unknown] anonym \nsig 3 0x1D84CCF010CC5BC7 2015-08-25 anonym \nsub 4096R/0x839D3BF32EA80502 2012-08-21 [expires: 2016-08-24]\nsig 0x1D84CCF010CC5BC7 2015-08-25 anonym \n\n", ""] But the key "10CC5BC7" has only 2 signatures # features/step_definitions/torified_gnupg.rb:28 calling as amnesia: mktemp call returned: [0, "/tmp/tmp.uUIFlxOzZc\n", ""] calling as root: rm -f '/tmp/tmp.uUIFlxOzZc' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Applications'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.uUIFlxOzZc' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.uUIFlxOzZc' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.uUIFlxOzZc_20160613-120231_debug ...\nClicking on [label | Applications]\nMouse button 1 click at (47,13)\n", ""] calling as root: rm -f '/tmp/tmp.uUIFlxOzZc' call returned: [0, "", ""] calling as amnesia: mktemp call returned: [0, "/tmp/tmp.YDc9QlcW8f\n", ""] calling as root: rm -f '/tmp/tmp.YDc9QlcW8f' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Utilities'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.YDc9QlcW8f' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.YDc9QlcW8f' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.YDc9QlcW8f_20160613-120234_debug ...\nClicking on [label | Utilities]\nMouse button 1 click at (58,430)\n", ""] calling as root: rm -f '/tmp/tmp.YDc9QlcW8f' call returned: [0, "", ""] calling as amnesia: mktemp call returned: [0, "/tmp/tmp.5ISBQwjVZi\n", ""] calling as root: rm -f '/tmp/tmp.5ISBQwjVZi' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Passwords and Keys'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.5ISBQwjVZi' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.5ISBQwjVZi' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.5ISBQwjVZi_20160613-120238_debug ...\nClicking on [label | Passwords and Keys]\nMouse button 1 click at (324,292)\n", ""] calling as root: rm -f '/tmp/tmp.5ISBQwjVZi' call returned: [0, "", ""] When I start Seahorse # features/step_definitions/torified_gnupg.rb:90 Then Seahorse has opened # features/step_definitions/torified_gnupg.rb:95 calling as root: pidof -x -o '%PPID' seahorse call returned: [0, "4753\n", ""] [log] CLICK on (283,16) calling as root: pidof -x -o '%PPID' seahorse call returned: [0, "4753\n", ""] [log] CLICK on (250,145) [log] CLICK on (294,270) [log] Alt+TYPE "p" [log] TYPE "" And I enable key synchronization in Seahorse # features/step_definitions/torified_gnupg.rb:99 [log] Alt+TYPE "c" [log] CLICK on (511,113) calling as root: pidof -x -o '%PPID' seahorse call returned: [0, "4753\n", ""] [log] CLICK on (304,145) [log] CLICK on (375,205) [log] Alt+TYPE "s" calling as amnesia: gpg --batch --list-sigs 10CC5BC7 call returned: [0, "pub 4096R/0x1D84CCF010CC5BC7 2012-08-21 [expires: 2016-08-24]\n Key fingerprint = 52B6 9F10 A3B0 785A D05A FB47 1D84 CCF0 10CC 5BC7\nuid [ unknown] anonym \nsig 3 0x1D84CCF010CC5BC7 2015-08-25 anonym \nsub 4096R/0x839D3BF32EA80502 2012-08-21 [expires: 2016-08-24]\nsig 0x1D84CCF010CC5BC7 2015-08-25 anonym \n\n", ""] calling as root: pidof -x -o '%PPID' seahorse call returned: [0, "4753\n", ""] calling as amnesia: gpg --batch --list-sigs 10CC5BC7 call returned: [0, "pub 4096R/0x1D84CCF010CC5BC7 2012-08-21 [expires: 2016-08-24]\n Key fingerprint = 52B6 9F10 A3B0 785A D05A FB47 1D84 CCF0 10CC 5BC7\nuid [ unknown] anonym \nsig 3 0x1D84CCF010CC5BC7 2015-08-25 anonym \nsig 0x03CF4A0AB3C79A63 2014-07-09 [User ID not found]\nsig 0xB14BB0C38D861CF1 2014-08-17 [User ID not found]\nsig 0x23CF2E3D254514F7 2015-02-05 [User ID not found]\nsig 0xC218525819F78451 2014-07-12 [User ID not found]\nsig 0xBACE15D2A57498FF 2013-08-07 [User ID not found]\nsig 0x9768FD3CC48815F2 2014-07-06 [User ID not found]\nsig 3 0x1D84CCF010CC5BC7 2013-08-07 anonym \nsig 3 0x1D84CCF010CC5BC7 2015-01-14 anonym \nsig 3 0x1D84CCF010CC5BC7 2015-08-09 anonym \nsig 0xAECEF546EC8B0260 2014-07-06 [User ID not found]\nsub 4096R/0x839D3BF32EA80502 2012-08-21 [expires: 2016-08-24]\nsig 0x1D84CCF010CC5BC7 2015-08-25 anonym \n\n", ""] calling as root: pidof -x -o '%PPID' seahorse call returned: [0, "4753\n", ""] And I synchronize keys in Seahorse # features/step_definitions/torified_gnupg.rb:109 calling as root: pidof -x -o '%PPID' seahorse call returned: [0, "4753\n", ""] And the Seahorse operation is successful # features/step_definitions/torified_gnupg.rb:72 calling as amnesia: gpg --batch --list-sigs 10CC5BC7 call returned: [0, "pub 4096R/0x1D84CCF010CC5BC7 2012-08-21 [expires: 2016-08-24]\n Key fingerprint = 52B6 9F10 A3B0 785A D05A FB47 1D84 CCF0 10CC 5BC7\nuid [ unknown] anonym \nsig 3 0x1D84CCF010CC5BC7 2015-08-25 anonym \nsig 0x03CF4A0AB3C79A63 2014-07-09 [User ID not found]\nsig 0xB14BB0C38D861CF1 2014-08-17 [User ID not found]\nsig 0x23CF2E3D254514F7 2015-02-05 [User ID not found]\nsig 0xC218525819F78451 2014-07-12 [User ID not found]\nsig 0xBACE15D2A57498FF 2013-08-07 [User ID not found]\nsig 0x9768FD3CC48815F2 2014-07-06 [User ID not found]\nsig 3 0x1D84CCF010CC5BC7 2013-08-07 anonym \nsig 3 0x1D84CCF010CC5BC7 2015-01-14 anonym \nsig 3 0x1D84CCF010CC5BC7 2015-08-09 anonym \nsig 0xAECEF546EC8B0260 2014-07-06 [User ID not found]\nsub 4096R/0x839D3BF32EA80502 2012-08-21 [expires: 2016-08-24]\nsig 0x1D84CCF010CC5BC7 2015-08-25 anonym \n\n", ""] Then the key "10CC5BC7" has more than 2 signatures # features/step_definitions/torified_gnupg.rb:28 Scenario: Syncing OpenPGP keys using Seahorse started from the OpenPGP Applet should work and be done over Tor. # features/torified_gnupg.feature:43 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [0, "", ""] calling as root: systemctl --quiet is-active tor@default.service call returned: [0, "", ""] calling as root: systemctl stop tor@default.service call returned: [0, "", ""] calling as root: rm -f /var/log/tor/log call returned: [0, "", ""] calling as root: systemctl --no-block restart tails-tor-has-bootstrapped.target call returned: [0, "", ""] calling as root: date -s '@1465819393' call returned: [0, "Mon Jun 13 12:03:13 UTC 2016\n", ""] spawning as root: restart-tor calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [0, "", ""] calling as root: cat /proc/cmdline call returned: [0, "BOOT_IMAGE=/live/vmlinuz2 initrd=/live/initrd2.img boot=live config live-media=removable apparmor=1 security=apparmor nopersistence noprompt timezone=Etc/UTC block.events_dfl_poll_msecs=1000 splash noautologin module=Tails slab_nomerge slub_debug=FZ mce=0 vsyscall=none quiet autotest_never_use_this_option blacklist=psmouse \n", ""] calling as amnesia: gpg --batch --list-keys '10CC5BC7' call returned: [2, "", "gpg: error reading key: public key not found\n"] calling as amnesia: timeout 120 gpg --batch --keyserver-options import-clean --recv-key '10CC5BC7' call returned: [0, "", "gpg: requesting key 0x10CC5BC7 from hkps server hkps.pool.sks-keyservers.net\ngpg: key 0x1D84CCF010CC5BC7: public key \"anonym \" imported\ngpg: no ultimately trusted keys found\ngpg: Total number processed: 1\ngpg: imported: 1 (RSA: 1)\n"] Given I fetch the "10CC5BC7" OpenPGP key using the GnuPG CLI without any signatures # features/step_definitions/torified_gnupg.rb:46 And the GnuPG fetch is successful # features/step_definitions/torified_gnupg.rb:67 calling as amnesia: gpg --batch --list-keys '10CC5BC7' call returned: [0, "pub 4096R/0x1D84CCF010CC5BC7 2012-08-21 [expires: 2016-08-24]\n Key fingerprint = 52B6 9F10 A3B0 785A D05A FB47 1D84 CCF0 10CC 5BC7\nuid [ unknown] anonym \nsub 4096R/0x839D3BF32EA80502 2012-08-21 [expires: 2016-08-24]\n\n", ""] And the "10CC5BC7" key is in the live user's public keyring # features/step_definitions/torified_gnupg.rb:82 calling as amnesia: gpg --batch --list-sigs 10CC5BC7 call returned: [0, "pub 4096R/0x1D84CCF010CC5BC7 2012-08-21 [expires: 2016-08-24]\n Key fingerprint = 52B6 9F10 A3B0 785A D05A FB47 1D84 CCF0 10CC 5BC7\nuid [ unknown] anonym \nsig 3 0x1D84CCF010CC5BC7 2015-08-25 anonym \nsub 4096R/0x839D3BF32EA80502 2012-08-21 [expires: 2016-08-24]\nsig 0x1D84CCF010CC5BC7 2015-08-25 anonym \n\n", ""] But the key "10CC5BC7" has only 2 signatures # features/step_definitions/torified_gnupg.rb:28 [log] CLICK on (665,11) [log] CLICK on (731,81) When I start Seahorse via the OpenPGP Applet # features/step_definitions/torified_gnupg.rb:90 Then Seahorse has opened # features/step_definitions/torified_gnupg.rb:95 calling as root: pidof -x -o '%PPID' seahorse call returned: [0, "4498\n", ""] calling as root: pidof -x -o '%PPID' seahorse [log] CLICK on (511,113) call returned: [0, "4498\n", ""] [log] CLICK on (250,145) [log] CLICK on (294,270) [log] Alt+TYPE "p" [log] TYPE "" And I enable key synchronization in Seahorse # features/step_definitions/torified_gnupg.rb:99 [log] Alt+TYPE "c" [log] CLICK on (511,113) calling as root: pidof -x -o '%PPID' seahorse call returned: [0, "4498\n", ""] [log] CLICK on (304,145) [log] CLICK on (375,205) [log] Alt+TYPE "s" calling as amnesia: gpg --batch --list-sigs 10CC5BC7 call returned: [0, "pub 4096R/0x1D84CCF010CC5BC7 2012-08-21 [expires: 2016-08-24]\n Key fingerprint = 52B6 9F10 A3B0 785A D05A FB47 1D84 CCF0 10CC 5BC7\nuid [ unknown] anonym \nsig 3 0x1D84CCF010CC5BC7 2015-08-25 anonym \nsub 4096R/0x839D3BF32EA80502 2012-08-21 [expires: 2016-08-24]\nsig 0x1D84CCF010CC5BC7 2015-08-25 anonym \n\n", ""] calling as root: pidof -x -o '%PPID' seahorse call returned: [0, "4498\n", ""] calling as amnesia: gpg --batch --list-sigs 10CC5BC7 call returned: [0, "pub 4096R/0x1D84CCF010CC5BC7 2012-08-21 [expires: 2016-08-24]\n Key fingerprint = 52B6 9F10 A3B0 785A D05A FB47 1D84 CCF0 10CC 5BC7\nuid [ unknown] anonym \nsig 3 0x1D84CCF010CC5BC7 2015-08-25 anonym \nsub 4096R/0x839D3BF32EA80502 2012-08-21 [expires: 2016-08-24]\nsig 0x1D84CCF010CC5BC7 2015-08-25 anonym \n\n", ""] calling as root: pidof -x -o '%PPID' seahorse call returned: [0, "4498\n", ""] calling as amnesia: gpg --batch --list-sigs 10CC5BC7 call returned: [0, "pub 4096R/0x1D84CCF010CC5BC7 2012-08-21 [expires: 2016-08-24]\n Key fingerprint = 52B6 9F10 A3B0 785A D05A FB47 1D84 CCF0 10CC 5BC7\nuid [ unknown] anonym \nsig 3 0x1D84CCF010CC5BC7 2015-08-25 anonym \nsub 4096R/0x839D3BF32EA80502 2012-08-21 [expires: 2016-08-24]\nsig 0x1D84CCF010CC5BC7 2015-08-25 anonym \n\n", ""] calling as root: pidof -x -o '%PPID' seahorse call returned: [0, "4498\n", ""] calling as amnesia: gpg --batch --list-sigs 10CC5BC7 call returned: [0, "pub 4096R/0x1D84CCF010CC5BC7 2012-08-21 [expires: 2016-08-24]\n Key fingerprint = 52B6 9F10 A3B0 785A D05A FB47 1D84 CCF0 10CC 5BC7\nuid [ unknown] anonym \nsig 3 0x1D84CCF010CC5BC7 2015-08-25 anonym \nsub 4096R/0x839D3BF32EA80502 2012-08-21 [expires: 2016-08-24]\nsig 0x1D84CCF010CC5BC7 2015-08-25 anonym \n\n", ""] calling as root: pidof -x -o '%PPID' seahorse call returned: [0, "4498\n", ""] calling as amnesia: gpg --batch --list-sigs 10CC5BC7 call returned: [0, "pub 4096R/0x1D84CCF010CC5BC7 2012-08-21 [expires: 2016-08-24]\n Key fingerprint = 52B6 9F10 A3B0 785A D05A FB47 1D84 CCF0 10CC 5BC7\nuid [ unknown] anonym \nsig 3 0x1D84CCF010CC5BC7 2015-08-25 anonym \nsub 4096R/0x839D3BF32EA80502 2012-08-21 [expires: 2016-08-24]\nsig 0x1D84CCF010CC5BC7 2015-08-25 anonym \n\n", ""] calling as root: pidof -x -o '%PPID' seahorse call returned: [0, "4498\n", ""] calling as amnesia: gpg --batch --list-sigs 10CC5BC7 call returned: [0, "pub 4096R/0x1D84CCF010CC5BC7 2012-08-21 [expires: 2016-08-24]\n Key fingerprint = 52B6 9F10 A3B0 785A D05A FB47 1D84 CCF0 10CC 5BC7\nuid [ unknown] anonym \nsig 3 0x1D84CCF010CC5BC7 2015-08-25 anonym \nsub 4096R/0x839D3BF32EA80502 2012-08-21 [expires: 2016-08-24]\nsig 0x1D84CCF010CC5BC7 2015-08-25 anonym \n\n", ""] calling as root: pidof -x -o '%PPID' seahorse call returned: [0, "4498\n", ""] calling as amnesia: gpg --batch --list-sigs 10CC5BC7 call returned: [0, "pub 4096R/0x1D84CCF010CC5BC7 2012-08-21 [expires: 2016-08-24]\n Key fingerprint = 52B6 9F10 A3B0 785A D05A FB47 1D84 CCF0 10CC 5BC7\nuid [ unknown] anonym \nsig 3 0x1D84CCF010CC5BC7 2015-08-25 anonym \nsub 4096R/0x839D3BF32EA80502 2012-08-21 [expires: 2016-08-24]\nsig 0x1D84CCF010CC5BC7 2015-08-25 anonym \n\n", ""] calling as root: pidof -x -o '%PPID' seahorse call returned: [0, "4498\n", ""] calling as amnesia: gpg --batch --list-sigs 10CC5BC7 call returned: [0, "pub 4096R/0x1D84CCF010CC5BC7 2012-08-21 [expires: 2016-08-24]\n Key fingerprint = 52B6 9F10 A3B0 785A D05A FB47 1D84 CCF0 10CC 5BC7\nuid [ unknown] anonym \nsig 3 0x1D84CCF010CC5BC7 2015-08-25 anonym \nsub 4096R/0x839D3BF32EA80502 2012-08-21 [expires: 2016-08-24]\nsig 0x1D84CCF010CC5BC7 2015-08-25 anonym \n\n", ""] calling as root: pidof -x -o '%PPID' seahorse call returned: [0, "4498\n", ""] calling as amnesia: gpg --batch --list-sigs 10CC5BC7 call returned: [0, "pub 4096R/0x1D84CCF010CC5BC7 2012-08-21 [expires: 2016-08-24]\n Key fingerprint = 52B6 9F10 A3B0 785A D05A FB47 1D84 CCF0 10CC 5BC7\nuid [ unknown] anonym \nsig 3 0x1D84CCF010CC5BC7 2015-08-25 anonym \nsub 4096R/0x839D3BF32EA80502 2012-08-21 [expires: 2016-08-24]\nsig 0x1D84CCF010CC5BC7 2015-08-25 anonym \n\n", ""] calling as root: pidof -x -o '%PPID' seahorse call returned: [0, "4498\n", ""] calling as amnesia: gpg --batch --list-sigs 10CC5BC7 call returned: [0, "pub 4096R/0x1D84CCF010CC5BC7 2012-08-21 [expires: 2016-08-24]\n Key fingerprint = 52B6 9F10 A3B0 785A D05A FB47 1D84 CCF0 10CC 5BC7\nuid [ unknown] anonym \nsig 3 0x1D84CCF010CC5BC7 2015-08-25 anonym \nsub 4096R/0x839D3BF32EA80502 2012-08-21 [expires: 2016-08-24]\nsig 0x1D84CCF010CC5BC7 2015-08-25 anonym \n\n", ""] calling as root: pidof -x -o '%PPID' seahorse call returned: [0, "4498\n", ""] calling as amnesia: gpg --batch --list-sigs 10CC5BC7 call returned: [0, "pub 4096R/0x1D84CCF010CC5BC7 2012-08-21 [expires: 2016-08-24]\n Key fingerprint = 52B6 9F10 A3B0 785A D05A FB47 1D84 CCF0 10CC 5BC7\nuid [ unknown] anonym \nsig 3 0x1D84CCF010CC5BC7 2015-08-25 anonym \nsub 4096R/0x839D3BF32EA80502 2012-08-21 [expires: 2016-08-24]\nsig 0x1D84CCF010CC5BC7 2015-08-25 anonym \n\n", ""] calling as root: pidof -x -o '%PPID' seahorse call returned: [0, "4498\n", ""] calling as amnesia: gpg --batch --list-sigs 10CC5BC7 call returned: [0, "pub 4096R/0x1D84CCF010CC5BC7 2012-08-21 [expires: 2016-08-24]\n Key fingerprint = 52B6 9F10 A3B0 785A D05A FB47 1D84 CCF0 10CC 5BC7\nuid [ unknown] anonym \nsig 3 0x1D84CCF010CC5BC7 2015-08-25 anonym \nsub 4096R/0x839D3BF32EA80502 2012-08-21 [expires: 2016-08-24]\nsig 0x1D84CCF010CC5BC7 2015-08-25 anonym \n\n", ""] calling as root: pidof -x -o '%PPID' seahorse call returned: [0, "4498\n", ""] calling as amnesia: gpg --batch --list-sigs 10CC5BC7 call returned: [0, "pub 4096R/0x1D84CCF010CC5BC7 2012-08-21 [expires: 2016-08-24]\n Key fingerprint = 52B6 9F10 A3B0 785A D05A FB47 1D84 CCF0 10CC 5BC7\nuid [ unknown] anonym \nsig 3 0x1D84CCF010CC5BC7 2015-08-25 anonym \nsub 4096R/0x839D3BF32EA80502 2012-08-21 [expires: 2016-08-24]\nsig 0x1D84CCF010CC5BC7 2015-08-25 anonym \n\n", ""] Tor operation failed (Try 1 of 10) with: OpenPGPKeyserverCommunicationError: Found GnomeCloseButton.png' on the screen Forcing new Tor circuit... calling as root: . /usr/local/lib/tails-shell-library/tor.sh && tor_control_send "signal NEWNYM" call returned: [0, "250 OK\n250 OK\n250 closing connection\n", ""] calling as root: pidof -x -o '%PPID' seahorse call returned: [0, "4498\n", ""] calling as root: killall seahorse call returned: [0, "", ""] calling as root: pidof -x -o '%PPID' seahorse call returned: [1, "", ""] Restarting Seahorse. [log] CLICK on (665,11) [log] CLICK on (731,81) [log] CLICK on (511,113) calling as root: pidof -x -o '%PPID' seahorse call returned: [0, "5197\n", ""] [log] CLICK on (304,145) [log] CLICK on (375,205) [log] Alt+TYPE "s" calling as amnesia: gpg --batch --list-sigs 10CC5BC7 call returned: [0, "pub 4096R/0x1D84CCF010CC5BC7 2012-08-21 [expires: 2016-08-24]\n Key fingerprint = 52B6 9F10 A3B0 785A D05A FB47 1D84 CCF0 10CC 5BC7\nuid [ unknown] anonym \nsig 3 0x1D84CCF010CC5BC7 2015-08-25 anonym \nsub 4096R/0x839D3BF32EA80502 2012-08-21 [expires: 2016-08-24]\nsig 0x1D84CCF010CC5BC7 2015-08-25 anonym \n\n", ""] calling as root: pidof -x -o '%PPID' seahorse call returned: [0, "5197\n", ""] calling as amnesia: gpg --batch --list-sigs 10CC5BC7 call returned: [0, "pub 4096R/0x1D84CCF010CC5BC7 2012-08-21 [expires: 2016-08-24]\n Key fingerprint = 52B6 9F10 A3B0 785A D05A FB47 1D84 CCF0 10CC 5BC7\nuid [ unknown] anonym \nsig 3 0x1D84CCF010CC5BC7 2015-08-25 anonym \nsig 0x03CF4A0AB3C79A63 2014-07-09 [User ID not found]\nsig 0xB14BB0C38D861CF1 2014-08-17 [User ID not found]\nsig 0x23CF2E3D254514F7 2015-02-05 [User ID not found]\nsig 0xC218525819F78451 2014-07-12 [User ID not found]\nsig 0xBACE15D2A57498FF 2013-08-07 [User ID not found]\nsig 0x9768FD3CC48815F2 2014-07-06 [User ID not found]\nsig 3 0x1D84CCF010CC5BC7 2013-08-07 anonym \nsig 3 0x1D84CCF010CC5BC7 2015-01-14 anonym \nsig 3 0x1D84CCF010CC5BC7 2015-08-09 anonym \nsig 0xAECEF546EC8B0260 2014-07-06 [User ID not found]\nsub 4096R/0x839D3BF32EA80502 2012-08-21 [expires: 2016-08-24]\nsig 0x1D84CCF010CC5BC7 2015-08-25 anonym \n\n", ""] calling as root: pidof -x -o '%PPID' seahorse call returned: [0, "5197\n", ""] And I synchronize keys in Seahorse # features/step_definitions/torified_gnupg.rb:109 calling as root: pidof -x -o '%PPID' seahorse call returned: [0, "5197\n", ""] And the Seahorse operation is successful # features/step_definitions/torified_gnupg.rb:72 calling as amnesia: gpg --batch --list-sigs 10CC5BC7 call returned: [0, "pub 4096R/0x1D84CCF010CC5BC7 2012-08-21 [expires: 2016-08-24]\n Key fingerprint = 52B6 9F10 A3B0 785A D05A FB47 1D84 CCF0 10CC 5BC7\nuid [ unknown] anonym \nsig 3 0x1D84CCF010CC5BC7 2015-08-25 anonym \nsig 0x03CF4A0AB3C79A63 2014-07-09 [User ID not found]\nsig 0xB14BB0C38D861CF1 2014-08-17 [User ID not found]\nsig 0x23CF2E3D254514F7 2015-02-05 [User ID not found]\nsig 0xC218525819F78451 2014-07-12 [User ID not found]\nsig 0xBACE15D2A57498FF 2013-08-07 [User ID not found]\nsig 0x9768FD3CC48815F2 2014-07-06 [User ID not found]\nsig 3 0x1D84CCF010CC5BC7 2013-08-07 anonym \nsig 3 0x1D84CCF010CC5BC7 2015-01-14 anonym \nsig 3 0x1D84CCF010CC5BC7 2015-08-09 anonym \nsig 0xAECEF546EC8B0260 2014-07-06 [User ID not found]\nsub 4096R/0x839D3BF32EA80502 2012-08-21 [expires: 2016-08-24]\nsig 0x1D84CCF010CC5BC7 2015-08-25 anonym \n\n", ""] Then the key "10CC5BC7" has more than 2 signatures # features/step_definitions/torified_gnupg.rb:28 @product @check_tor_leaks Feature: Various checks for torified software Background: # features/torified_misc.feature:4 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [0, "", ""] calling as root: systemctl --quiet is-active tor@default.service call returned: [0, "", ""] calling as root: systemctl stop tor@default.service call returned: [0, "", ""] calling as root: rm -f /var/log/tor/log call returned: [0, "", ""] calling as root: systemctl --no-block restart tails-tor-has-bootstrapped.target call returned: [0, "", ""] calling as root: date -s '@1465819505' call returned: [0, "Mon Jun 13 12:05:05 UTC 2016\n", ""] spawning as root: restart-tor calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [0, "", ""] calling as root: cat /proc/cmdline call returned: [0, "BOOT_IMAGE=/live/vmlinuz2 initrd=/live/initrd2.img boot=live config live-media=removable apparmor=1 security=apparmor nopersistence noprompt timezone=Etc/UTC block.events_dfl_poll_msecs=1000 splash noautologin module=Tails slab_nomerge slub_debug=FZ mce=0 vsyscall=none quiet autotest_never_use_this_option blacklist=psmouse \n", ""] Given I have started Tails from DVD and logged in and the network is connected # features/step_definitions/snapshots.rb:199 Scenario: wget(1) should work for HTTP and go through Tor. # features/torified_misc.feature:7 calling as amnesia: wget -O - 'http://example.com/' call returned: [0, "\n\n\n Example Domain\n\n \n \n \n \n\n\n\n
\n

Example Domain

\n

This domain is established to be used for illustrative examples in documents. You may use this\n domain in examples without prior coordination or asking for permission.

\n

More information...

\n
\n\n\n", "--2016-06-13 12:05:11-- http://example.com/\nResolving example.com (example.com)... 93.184.216.34\nConnecting to example.com (example.com)|93.184.216.34|:80... connected.\nHTTP request sent, awaiting response... 200 OK\nLength: 1270 (1.2K) [text/html]\nSaving to: \u2018STDOUT\u2019\n\n 0K . 100% 230M=0s\n\n2016-06-13 12:05:11 (230 MB/s) - written to stdout [1270/1270]\n\n"] When I wget "http://example.com/" to stdout # features/step_definitions/torified_misc.rb:12 Then the wget command is successful # features/step_definitions/torified_misc.rb:25 And the wget standard output contains "Example Domain" # features/step_definitions/torified_misc.rb:34 Scenario: wget(1) should work for HTTPS and go through Tor. # features/torified_misc.feature:12 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [0, "", ""] calling as root: systemctl --quiet is-active tor@default.service call returned: [0, "", ""] calling as root: systemctl stop tor@default.service call returned: [0, "", ""] calling as root: rm -f /var/log/tor/log call returned: [0, "", ""] calling as root: systemctl --no-block restart tails-tor-has-bootstrapped.target call returned: [0, "", ""] calling as root: date -s '@1465819517' call returned: [0, "Mon Jun 13 12:05:17 UTC 2016\n", ""] spawning as root: restart-tor calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [0, "", ""] calling as root: cat /proc/cmdline call returned: [0, "BOOT_IMAGE=/live/vmlinuz2 initrd=/live/initrd2.img boot=live config live-media=removable apparmor=1 security=apparmor nopersistence noprompt timezone=Etc/UTC block.events_dfl_poll_msecs=1000 splash noautologin module=Tails slab_nomerge slub_debug=FZ mce=0 vsyscall=none quiet autotest_never_use_this_option blacklist=psmouse \n", ""] calling as amnesia: wget -O - 'https://example.com/' call returned: [0, "\n\n\n Example Domain\n\n \n \n \n \n\n\n\n
\n

Example Domain

\n

This domain is established to be used for illustrative examples in documents. You may use this\n domain in examples without prior coordination or asking for permission.

\n

More information...

\n
\n\n\n", "--2016-06-13 12:05:23-- https://example.com/\nResolving example.com (example.com)... 93.184.216.34\nConnecting to example.com (example.com)|93.184.216.34|:443... connected.\nHTTP request sent, awaiting response... 200 OK\nLength: 1270 (1.2K) [text/html]\nSaving to: \u2018STDOUT\u2019\n\n 0K . 100% 33.0K=0.04s\n\n2016-06-13 12:05:23 (33.0 KB/s) - written to stdout [1270/1270]\n\n"] When I wget "https://example.com/" to stdout # features/step_definitions/torified_misc.rb:12 Then the wget command is successful # features/step_definitions/torified_misc.rb:25 And the wget standard output contains "Example Domain" # features/step_definitions/torified_misc.rb:34 Scenario: wget(1) with tricky options should work for HTTP and go through Tor. # features/torified_misc.feature:17 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [0, "", ""] calling as root: systemctl --quiet is-active tor@default.service call returned: [0, "", ""] calling as root: systemctl stop tor@default.service call returned: [0, "", ""] calling as root: rm -f /var/log/tor/log call returned: [0, "", ""] calling as root: systemctl --no-block restart tails-tor-has-bootstrapped.target call returned: [0, "", ""] calling as root: date -s '@1465819529' call returned: [0, "Mon Jun 13 12:05:29 UTC 2016\n", ""] spawning as root: restart-tor calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [0, "", ""] calling as root: cat /proc/cmdline call returned: [0, "BOOT_IMAGE=/live/vmlinuz2 initrd=/live/initrd2.img boot=live config live-media=removable apparmor=1 security=apparmor nopersistence noprompt timezone=Etc/UTC block.events_dfl_poll_msecs=1000 splash noautologin module=Tails slab_nomerge slub_debug=FZ mce=0 vsyscall=none quiet autotest_never_use_this_option blacklist=psmouse \n", ""] calling as amnesia: wget --spider --header="Host: dl.amnesia.boum.org" -O - 'http://195.154.14.189/tails/stable/' call returned: [0, "", "Spider mode enabled. Check if remote file exists.\n--2016-06-13 12:05:34-- http://195.154.14.189/tails/stable/\nConnecting to 195.154.14.189:80... connected.\nHTTP request sent, awaiting response... 200 OK\nLength: unspecified [text/html]\nRemote file exists and could contain further links,\nbut recursion is disabled -- not retrieving.\n\n"] When I wget "http://195.154.14.189/tails/stable/" to stdout with the '--spider --header="Host: dl.amnesia.boum.org"' options # features/step_definitions/torified_misc.rb:12 Then the wget command is successful # features/step_definitions/torified_misc.rb:25 Scenario: whois(1) should work and go through Tor. # features/torified_misc.feature:21 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [0, "", ""] calling as root: systemctl --quiet is-active tor@default.service call returned: [0, "", ""] calling as root: systemctl stop tor@default.service call returned: [0, "", ""] calling as root: rm -f /var/log/tor/log call returned: [0, "", ""] calling as root: systemctl --no-block restart tails-tor-has-bootstrapped.target call returned: [0, "", ""] calling as root: date -s '@1465819540' call returned: [0, "Mon Jun 13 12:05:40 UTC 2016\n", ""] spawning as root: restart-tor calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [1, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [3, "", ""] calling as root: /usr/local/sbin/tor-has-bootstrapped call returned: [0, "", ""] calling as root: cat /proc/cmdline call returned: [0, "BOOT_IMAGE=/live/vmlinuz2 initrd=/live/initrd2.img boot=live config live-media=removable apparmor=1 security=apparmor nopersistence noprompt timezone=Etc/UTC block.events_dfl_poll_msecs=1000 splash noautologin module=Tails slab_nomerge slub_debug=FZ mce=0 vsyscall=none quiet autotest_never_use_this_option blacklist=psmouse \n", ""] calling as amnesia: whois 'torproject.org' call returned: [0, "Domain Name: TORPROJECT.ORG\nDomain ID: D130971538-LROR\nWHOIS Server:\nReferral URL: http://www.joker.com\nUpdated Date: 2016-06-11T13:08:57Z\nCreation Date: 2006-10-17T22:02:50Z\nRegistry Expiry Date: 2018-10-17T22:02:50Z\nSponsoring Registrar: CSL Computer Service Langenbach GmbH d/b/a joker.com a German GmbH\nSponsoring Registrar IANA ID: 113\nDomain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited\nRegistrant ID: CORG-167587\nRegistrant Name: - -\nRegistrant Organization: The Tor Project, Inc\nRegistrant Street: 217 1st Ave S #4903\nRegistrant City: Seattle\nRegistrant State/Province: WA\nRegistrant Postal Code: 98194\nRegistrant Country: US\nRegistrant Phone: +1.2064203471\nRegistrant Phone Ext:\nRegistrant Fax:\nRegistrant Fax Ext:\nRegistrant Email: hostmaster@torproject.org\nAdmin ID: CORG-288059\nAdmin Name: The Tor Project\nAdmin Organization: The Tor Project\nAdmin Street: 217 1st Ave S #4903\nAdmin City: Seattle\nAdmin State/Province: WA\nAdmin Postal Code: 98194\nAdmin Country: US\nAdmin Phone: +1.2064203471\nAdmin Phone Ext:\nAdmin Fax:\nAdmin Fax Ext:\nAdmin Email: hostmaster@torproject.org\nTech ID: CORG-288059\nTech Name: The Tor Project\nTech Organization: The Tor Project\nTech Street: 217 1st Ave S #4903\nTech City: Seattle\nTech State/Province: WA\nTech Postal Code: 98194\nTech Country: US\nTech Phone: +1.2064203471\nTech Phone Ext:\nTech Fax:\nTech Fax Ext:\nTech Email: hostmaster@torproject.org\nName Server: NS1.TORPROJECT.ORG\nName Server: NS3.TORPROJECT.ORG\nName Server: NS2.TORPROJECT.ORG\nName Server: NS4.TORPROJECT.ORG\nName Server: NS5.TORPROJECT.ORG\nDNSSEC: signedDelegation\n>>> Last update of WHOIS database: 2016-06-11T13:13:17Z <<<\n\nFor more information on Whois status codes, please visit https://icann.org/epp\n\nAccess to Public Interest Registry WHOIS information is provided to assist persons in determining the contents of a domain name registration record in the Public Interest Registry registry database. The data in this record is provided by Public Interest Registry for informational purposes only, and Public Interest Registry does not guarantee its accuracy. This service is intended only for query-based access. You agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to(a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator, a Registrar, or Afilias except as reasonably necessary to register domain names or modify existing registrations. All rights reserved. Public Interest Registry reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy.\n", ""] When I query the whois directory service for "torproject.org" # features/step_definitions/torified_misc.rb:1 Then the whois command is successful # features/step_definitions/torified_misc.rb:25 Then the whois standard output contains "The Tor Project" # features/step_definitions/torified_misc.rb:34 @product Feature: Using Totem As a Tails user I want to watch local and remote videos in Totem And AppArmor should prevent Totem from doing dangerous things And all Internet traffic should flow only through Tor Background: # features/totem.feature:8 Given I create sample videos # features/step_definitions/totem.rb:1 Scenario: Watching a MP4 video stored on the non-persistent filesystem # features/totem.feature:11 Given a computer # features/step_definitions/common_steps.rb:122 And I setup a filesystem share containing sample videos # features/step_definitions/totem.rb:13 [log] CLICK on (1024,384) [log] TYPE " " [log] TYPE " autotest_never_use_this_option blacklist=psmouse " calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] calling as root: mkdir -p /tmp/shared_video_dir call returned: [0, "", ""] calling as root: mount -t 9p -o trans=virtio /tmp/shared_video_dir /tmp/shared_video_dir call returned: [0, "", ""] calling as root: service tor status call returned: [3, "\u25cf tor.service - Anonymizing overlay network for TCP (multi-instance-master)\n Loaded: loaded (/lib/systemd/system/tor.service; disabled)\n Active: inactive (dead)\n", ""] calling as root: echo 'TestingTorNetwork 1 AssumeReachable 1 PathsNeededToBuildCircuits 0.25 TestingBridgeDownloadSchedule 0, 5 TestingClientConsensusDownloadSchedule 0, 5 TestingClientDownloadSchedule 0, 5 TestingDirAuthVoteExit * TestingDirAuthVoteGuard * TestingDirAuthVoteHSDir * TestingMinExitFlagThreshold 0 V3AuthNIntervalsValid 2 ClientRejectInternalAddresses 1 AlternateDirAuthority test000auth orport=5000 no-v2 hs v3ident=F331DEF03340024E27063D865A4A0D11A21420ED 10.2.1.1:7000 AE0896F267595CC58A3F8432998765FCF1AD1A6D AlternateDirAuthority test001auth orport=5001 no-v2 hs v3ident=5228B82B1FA52163CD2938D9880D62F7FDAEC7BE 10.2.1.1:7001 A4B46490D9F3E18CB9FA4DE4973114C9CDFC972A AlternateDirAuthority test002auth orport=5002 no-v2 hs v3ident=4989A61D959085B49A9855C38A8F69EE6099914C 10.2.1.1:7002 90944BF1079C2A7D6A77C41D62D10D7CCA44E27F AlternateDirAuthority test003auth orport=5003 no-v2 hs v3ident=2C590C78CC3BE6311EEDBFC7A6DA9883F80C40B8 10.2.1.1:7003 780C6EFF7CF37F05149E318488BE30F8F5E908F7 AlternateBridgeAuthority test004brauth orport=5004 no-v2 bridge 10.2.1.1:7004 FE7BB8E09C53B7354A1A5ABCC8F64C311A6D696A ' >> '/etc/tor/torrc' call returned: [0, "", ""] [log] CLICK on (642,449) calling as root: test -e '/etc/sudoers.d/tails-greeter' -o -e '/etc/sudoers.d/tails-greeter-no-password-lecture' call returned: [1, "", ""] calling as root: test -e '/etc/sudoers.d/tails-greeter' -o -e '/etc/sudoers.d/tails-greeter-no-password-lecture' call returned: [0, "", ""] calling as amnesia: gsettings set org.gnome.desktop.session idle-delay 0 call returned: [0, "", ""] calling as amnesia: gsettings set org.gnome.desktop.interface toolkit-accessibility true call returned: [0, "", ""] calling as amnesia: xdotool search --all --onlyvisible --maxdepth 1 --classname 'Florence' call returned: [1, "", ""] [log] CLICK on (1007,762) [profile] Finder.findAll START [profile] Finder.findAll END: 293ms [profile] Finder.findAll START [profile] Finder.findAll END: 272ms [profile] Finder.findAll START [profile] Finder.findAll END: 329ms [profile] Finder.findAll START [profile] Finder.findAll END: 237ms [profile] Finder.findAll START [profile] Finder.findAll END: 237ms [profile] Finder.findAll START [profile] Finder.findAll END: 238ms [profile] Finder.findAll START [profile] Finder.findAll END: 268ms [log] CLICK on (51,16) And I start Tails from DVD with network unplugged and I login # features/step_definitions/common_steps.rb:191 calling as amnesia: cp "/tmp/shared_video_dir/video.mp4" "/home/amnesia/video.mp4" call returned: [0, "", ""] And I copy the sample videos to "/home/amnesia" as user "amnesia" # features/step_definitions/totem.rb:17 calling as root: test -e '/home/amnesia/video.mp4' call returned: [0, "", ""] And the file "/home/amnesia/video.mp4" exists # features/step_definitions/common_steps.rb:628 calling as root: sysctl -w kernel.printk_ratelimit=0 call returned: [0, "kernel.printk_ratelimit = 0\n", ""] calling as root: date +"%Y-%m-%d %H:%M:%S" call returned: [0, "2016-06-13 12:08:10\n", ""] Given I start monitoring the AppArmor log of "/usr/bin/totem" # features/step_definitions/common_steps.rb:861 calling as root: pidof -x -o '%PPID' gnome-terminal-server call returned: [1, "", ""] calling as amnesia: mktemp call returned: [0, "/tmp/tmp.qq95tpWHD3\n", ""] calling as root: rm -f '/tmp/tmp.qq95tpWHD3' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Applications'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.qq95tpWHD3' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.qq95tpWHD3' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.qq95tpWHD3_20160613-120811_debug ...\nClicking on [label | Applications]\nMouse button 1 click at (47,13)\n", ""] calling as root: rm -f '/tmp/tmp.qq95tpWHD3' call returned: [0, "", ""] calling as amnesia: mktemp call returned: [0, "/tmp/tmp.fymbX5SJNq\n", ""] calling as root: rm -f '/tmp/tmp.fymbX5SJNq' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Utilities'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.fymbX5SJNq' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.fymbX5SJNq' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.fymbX5SJNq_20160613-120815_debug ...\nClicking on [label | Utilities]\nMouse button 1 click at (58,430)\n", ""] calling as root: rm -f '/tmp/tmp.fymbX5SJNq' call returned: [0, "", ""] calling as amnesia: mktemp call returned: [0, "/tmp/tmp.OiBuUl1EwE\n", ""] calling as root: rm -f '/tmp/tmp.OiBuUl1EwE' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Terminal'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.OiBuUl1EwE' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.OiBuUl1EwE' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.OiBuUl1EwE_20160613-120819_debug ...\nClicking on [label | Terminal]\nMouse button 1 click at (286,468)\n", ""] calling as root: rm -f '/tmp/tmp.OiBuUl1EwE' call returned: [0, "", ""] [log] TYPE "totem /home/amnesia/video.mp4 " When I open "/home/amnesia/video.mp4" with Totem # features/step_definitions/totem.rb:26 Then I see "SampleLocalMp4VideoFrame.png" after at most 20 seconds # features/step_definitions/common_steps.rb:459 calling as root: journalctl --full --no-pager --since='2016-06-13 12:08:10' SYSLOG_IDENTIFIER=kernel | grep -w 'apparmor="DENIED" operation="open" profile="/usr/bin/totem" name="/home/amnesia/video.mp4"' call returned: [1, "", ""] And AppArmor has not denied "/usr/bin/totem" from opening "/home/amnesia/video.mp4" # features/step_definitions/common_steps.rb:873 calling as root: killall totem call returned: [0, "", ""] calling as root: pidof -x -o '%PPID' totem call returned: [1, "", ""] Given I close Totem # features/step_definitions/totem.rb:30 calling as amnesia: cp "/tmp/shared_video_dir/video.mp4" "/home/amnesia/.gnupg/video.mp4" call returned: [0, "", ""] And I copy the sample videos to "/home/amnesia/.gnupg" as user "amnesia" # features/step_definitions/totem.rb:17 calling as root: test -e '/home/amnesia/.gnupg/video.mp4' call returned: [0, "", ""] And the file "/home/amnesia/.gnupg/video.mp4" exists # features/step_definitions/common_steps.rb:628 calling as root: sysctl -w kernel.printk_ratelimit=0 call returned: [0, "kernel.printk_ratelimit = 0\n", ""] calling as root: date +"%Y-%m-%d %H:%M:%S" call returned: [0, "2016-06-13 12:08:34\n", ""] And I restart monitoring the AppArmor log of "/usr/bin/totem" # features/step_definitions/common_steps.rb:861 calling as root: pidof -x -o '%PPID' gnome-terminal-server call returned: [0, "3119\n", ""] [log] CLICK on (226,173) When I try to open "/home/amnesia/.gnupg/video.mp4" with Totem # features/step_definitions/totem.rb:26 [log] TYPE "totem /home/amnesia/.gnupg/video.mp4 " Then I see "TotemUnableToOpen.png" after at most 10 seconds # features/step_definitions/common_steps.rb:459 calling as root: journalctl --full --no-pager --since='2016-06-13 12:08:34' SYSLOG_IDENTIFIER=kernel | grep -w 'apparmor="DENIED" operation="open" profile="/usr/bin/totem" name="/home/amnesia/.gnupg/video.mp4"' call returned: [0, "Jun 13 12:08:38 amnesia kernel: audit: type=1400 audit(1465819718.560:28): apparmor=\"DENIED\" operation=\"open\" profile=\"/usr/bin/totem\" name=\"/home/amnesia/.gnupg/video.mp4\" pid=3417 comm=\"pool\" requested_mask=\"r\" denied_mask=\"r\" fsuid=1000 ouid=1000\nJun 13 12:08:38 amnesia kernel: audit: type=1400 audit(1465819718.644:29): apparmor=\"DENIED\" operation=\"open\" profile=\"/usr/bin/totem\" name=\"/home/amnesia/.gnupg/video.mp4\" pid=3404 comm=\"totem\" requested_mask=\"r\" denied_mask=\"r\" fsuid=1000 ouid=1000\nJun 13 12:08:38 amnesia kernel: audit: type=1400 audit(1465819718.644:30): apparmor=\"DENIED\" operation=\"open\" profile=\"/usr/bin/totem\" name=\"/home/amnesia/.gnupg/video.mp4\" pid=3404 comm=\"totem\" requested_mask=\"r\" denied_mask=\"r\" fsuid=1000 ouid=1000\nJun 13 12:08:38 amnesia kernel: audit: type=1400 audit(1465819718.644:31): apparmor=\"DENIED\" operation=\"open\" profile=\"/usr/bin/totem\" name=\"/home/amnesia/.gnupg/video.mp4\" pid=3404 comm=\"totem\" requested_mask=\"r\" denied_mask=\"r\" fsuid=1000 ouid=1000\n", ""] And AppArmor has denied "/usr/bin/totem" from opening "/home/amnesia/.gnupg/video.mp4" # features/step_definitions/common_steps.rb:873 calling as root: killall totem call returned: [0, "", ""] calling as root: pidof -x -o '%PPID' totem call returned: [1, "", ""] Given I close Totem # features/step_definitions/totem.rb:30 calling as root: test -e '/lib/live/mount/overlay/home/amnesia/.gnupg/video.mp4' call returned: [0, "", ""] And the file "/lib/live/mount/overlay/home/amnesia/.gnupg/video.mp4" exists # features/step_definitions/common_steps.rb:628 calling as root: sysctl -w kernel.printk_ratelimit=0 call returned: [0, "kernel.printk_ratelimit = 0\n", ""] calling as root: date +"%Y-%m-%d %H:%M:%S" call returned: [0, "2016-06-13 12:08:43\n", ""] And I restart monitoring the AppArmor log of "/usr/bin/totem" # features/step_definitions/common_steps.rb:861 calling as root: pidof -x -o '%PPID' gnome-terminal-server call returned: [0, "3119\n", ""] [log] CLICK on (226,317) [log] TYPE "totem /lib/live/mount/overlay/home/amnesia/.gnupg/video.mp4 " When I try to open "/lib/live/mount/overlay/home/amnesia/.gnupg/video.mp4" with Totem # features/step_definitions/totem.rb:26 Then I see "TotemUnableToOpen.png" after at most 10 seconds # features/step_definitions/common_steps.rb:459 calling as root: journalctl --full --no-pager --since='2016-06-13 12:08:43' SYSLOG_IDENTIFIER=kernel | grep -w 'apparmor="DENIED" operation="open" profile="/usr/bin/totem" name="/lib/live/mount/overlay/home/amnesia/.gnupg/video.mp4"' call returned: [0, "Jun 13 12:08:49 amnesia kernel: audit: type=1400 audit(1465819729.016:33): apparmor=\"DENIED\" operation=\"open\" profile=\"/usr/bin/totem\" name=\"/lib/live/mount/overlay/home/amnesia/.gnupg/video.mp4\" pid=3619 comm=\"pool\" requested_mask=\"r\" denied_mask=\"r\" fsuid=1000 ouid=1000\nJun 13 12:08:49 amnesia kernel: audit: type=1400 audit(1465819729.068:34): apparmor=\"DENIED\" operation=\"open\" profile=\"/usr/bin/totem\" name=\"/lib/live/mount/overlay/home/amnesia/.gnupg/video.mp4\" pid=3607 comm=\"totem\" requested_mask=\"r\" denied_mask=\"r\" fsuid=1000 ouid=1000\nJun 13 12:08:49 amnesia kernel: audit: type=1400 audit(1465819729.072:35): apparmor=\"DENIED\" operation=\"open\" profile=\"/usr/bin/totem\" name=\"/lib/live/mount/overlay/home/amnesia/.gnupg/video.mp4\" pid=3607 comm=\"totem\" requested_mask=\"r\" denied_mask=\"r\" fsuid=1000 ouid=1000\nJun 13 12:08:49 amnesia kernel: audit: type=1400 audit(1465819729.072:36): apparmor=\"DENIED\" operation=\"open\" profile=\"/usr/bin/totem\" name=\"/lib/live/mount/overlay/home/amnesia/.gnupg/video.mp4\" pid=3607 comm=\"totem\" requested_mask=\"r\" denied_mask=\"r\" fsuid=1000 ouid=1000\n", ""] And AppArmor has denied "/usr/bin/totem" from opening "/lib/live/mount/overlay/home/amnesia/.gnupg/video.mp4" # features/step_definitions/common_steps.rb:873 calling as root: killall totem call returned: [0, "", ""] calling as root: pidof -x -o '%PPID' totem call returned: [1, "", ""] Given I close Totem # features/step_definitions/totem.rb:30 calling as root: test -e '/live/overlay/home/amnesia/.gnupg/video.mp4' call returned: [0, "", ""] And the file "/live/overlay/home/amnesia/.gnupg/video.mp4" exists # features/step_definitions/common_steps.rb:628 calling as root: sysctl -w kernel.printk_ratelimit=0 call returned: [0, "kernel.printk_ratelimit = 0\n", ""] calling as root: date +"%Y-%m-%d %H:%M:%S" call returned: [0, "2016-06-13 12:08:53\n", ""] And I restart monitoring the AppArmor log of "/usr/bin/totem" # features/step_definitions/common_steps.rb:861 calling as root: pidof -x -o '%PPID' gnome-terminal-server call returned: [0, "3119\n", ""] [log] CLICK on (226,587) [log] TYPE "totem /live/overlay/home/amnesia/.gnupg/video.mp4 " When I try to open "/live/overlay/home/amnesia/.gnupg/video.mp4" with Totem # features/step_definitions/totem.rb:26 Then I see "TotemUnableToOpen.png" after at most 10 seconds # features/step_definitions/common_steps.rb:459 calling as root: journalctl --full --no-pager --since='2016-06-13 12:08:53' SYSLOG_IDENTIFIER=kernel | grep -w 'apparmor="DENIED" operation="open" profile="/usr/bin/totem" name="/lib/live/mount/overlay/home/amnesia/.gnupg/video.mp4"' call returned: [0, "Jun 13 12:08:57 amnesia kernel: audit: type=1400 audit(1465819737.488:38): apparmor=\"DENIED\" operation=\"open\" profile=\"/usr/bin/totem\" name=\"/lib/live/mount/overlay/home/amnesia/.gnupg/video.mp4\" pid=3825 comm=\"pool\" requested_mask=\"r\" denied_mask=\"r\" fsuid=1000 ouid=1000\nJun 13 12:08:57 amnesia kernel: audit: type=1400 audit(1465819737.548:39): apparmor=\"DENIED\" operation=\"open\" profile=\"/usr/bin/totem\" name=\"/lib/live/mount/overlay/home/amnesia/.gnupg/video.mp4\" pid=3813 comm=\"totem\" requested_mask=\"r\" denied_mask=\"r\" fsuid=1000 ouid=1000\nJun 13 12:08:57 amnesia kernel: audit: type=1400 audit(1465819737.548:40): apparmor=\"DENIED\" operation=\"open\" profile=\"/usr/bin/totem\" name=\"/lib/live/mount/overlay/home/amnesia/.gnupg/video.mp4\" pid=3813 comm=\"totem\" requested_mask=\"r\" denied_mask=\"r\" fsuid=1000 ouid=1000\nJun 13 12:08:57 amnesia kernel: audit: type=1400 audit(1465819737.548:41): apparmor=\"DENIED\" operation=\"open\" profile=\"/usr/bin/totem\" name=\"/lib/live/mount/overlay/home/amnesia/.gnupg/video.mp4\" pid=3813 comm=\"totem\" requested_mask=\"r\" denied_mask=\"r\" fsuid=1000 ouid=1000\n", ""] And AppArmor has denied "/usr/bin/totem" from opening "/lib/live/mount/overlay/home/amnesia/.gnupg/video.mp4" # features/step_definitions/common_steps.rb:873 @product Feature: Browsing the web using the Unsafe Browser As a Tails user when I browse the web using the Unsafe Browser I should have direct access to the web Scenario: Starting the Unsafe Browser without a network connection results in a complaint about no DNS server being configured # features/unsafe_browser.feature:68 calling as root: echo 'hello?' call returned: [0, "hello?\n", ""] [log] CLICK on (1024,384) calling as root: /sbin/ifconfig eth0 | grep -q 'inet addr' call returned: [1, "", ""] calling as root: date -s '@1465819742' call returned: [0, "Mon Jun 13 12:09:02 UTC 2016\n", ""] Given I have started Tails from DVD without network and logged in # features/step_definitions/snapshots.rb:199 calling as amnesia: mktemp call returned: [0, "/tmp/tmp.3wSJhfLMin\n", ""] calling as root: rm -f '/tmp/tmp.3wSJhfLMin' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Applications'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.3wSJhfLMin' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.3wSJhfLMin' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.3wSJhfLMin_20160613-120903_debug ...\nClicking on [label | Applications]\nMouse button 1 click at (47,13)\n", ""] calling as root: rm -f '/tmp/tmp.3wSJhfLMin' call returned: [0, "", ""] calling as amnesia: mktemp call returned: [0, "/tmp/tmp.zzF6tkxhU5\n", ""] calling as root: rm -f '/tmp/tmp.zzF6tkxhU5' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Internet'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.zzF6tkxhU5' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.zzF6tkxhU5' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.zzF6tkxhU5_20160613-120906_debug ...\nClicking on [label | Internet]\nMouse button 1 click at (59,166)\n", ""] calling as root: rm -f '/tmp/tmp.zzF6tkxhU5' call returned: [0, "", ""] calling as amnesia: mktemp call returned: [0, "/tmp/tmp.cPY3rbLuN6\n", ""] calling as root: rm -f '/tmp/tmp.cPY3rbLuN6' call returned: [0, "", ""] calling as amnesia: echo '#!/usr/bin/python from dogtail import tree from dogtail.config import config config.searchShowingOnly = True application = tree.root.application('"'"'gnome-shell'"'"') application.child('"'"'Unsafe Browser'"'"', roleName='"'"'label'"'"').click()' >> '/tmp/tmp.cPY3rbLuN6' call returned: [0, "", ""] calling as amnesia: /usr/bin/python '/tmp/tmp.cPY3rbLuN6' call returned: [0, "Creating logfile at /tmp/dogtail-amnesia/logs/tmp.cPY3rbLuN6_20160613-120910_debug ...\nClicking on [label | Unsafe Browser]\nMouse button 1 click at (309,380)\n", ""] calling as root: rm -f '/tmp/tmp.cPY3rbLuN6' call returned: [0, "", ""] When I start the Unsafe Browser # features/step_definitions/browser.rb:14 Then the Unsafe Browser complains that no DNS server is configured # features/step_definitions/unsafe_browser.rb:169 Artifacts directory: /tmp/TailsToaster/run-2016-06-13_10:31:23_+0000-git_4623362-r6qtXN Failing Scenarios: cucumber features/encryption.feature:32 # Scenario: Symmetric encryption and decryption using OpenPGP Applet 130 scenarios (1 failed, 129 passed) 889 steps (1 failed, 1 skipped, 887 passed) 97m51.525s