Project

General

Profile

Feature #15946

Extend VeraCrypt automated tests with PIM

Added by intrigeri about 1 year ago. Updated 25 days ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Test suite
Target version:
Start date:
09/12/2018
Due date:
% Done:

0%

Feature Branch:
test/15946-veracrypt-tests-with-pim
Type of work:
Code
Blueprint:
Starter:
Affected tool:

Description

On Tails/Buster we have a recent enough cryptsetup that allows us to use the VeraCrypt PIM feature. So let's extend our test suite to exercise this.

I'll write the initial VeraCrypt tests in a way that makes it easy to do this.


Related issues

Related to Tails - Feature #14471: Write tests for VeraCrypt support in GNOME Disks Resolved 08/28/2017
Related to Tails - Feature #14472: Write tests for VeraCrypt support in GNOME Files Rejected 08/28/2017
Blocked by Tails - Feature #15944: Port Tails to Buster Resolved 09/12/2018

Associated revisions

Revision 744635f9 (diff)
Added by intrigeri about 1 month ago

Test suite: write Gherkin scenarios for VeraCrypt PIM support (refs: #15946)

Revision 01eb7355 (diff)
Added by intrigeri about 1 month ago

Test suite: implement the PIM scenarios (refs: #15946)

I had to adjust the passphrase and secret file to match what's in the container
with PIM segfault added: I can't easily generate one myself so let's use its
settings everywhere.

Also, refactor to avoid hard-coding things like "105 MB" in several places
(and avoid adding more in this very commit).

Revision e3362cdf (diff)
Added by intrigeri about 1 month ago

Test suite: make VeraCrypt PIM scenario more robust (refs: #15946)

Revision f63bef89
Added by segfault 25 days ago

Merge branch 'test/15946-veracrypt-tests-with-pim' into devel (Closes: #15946)

History

#1 Updated by intrigeri about 1 year ago

  • Related to Feature #14471: Write tests for VeraCrypt support in GNOME Disks added

#2 Updated by intrigeri about 1 year ago

  • Related to Feature #14472: Write tests for VeraCrypt support in GNOME Files added

#3 Updated by intrigeri 6 months ago

  • Target version changed from Tails_4.0 to Tails_3.17

#4 Updated by intrigeri 3 months ago

#5 Updated by intrigeri 3 months ago

Unfortunately, tcplay, that we use to generate VeraCrypt volumes in our test suite, does not support PIM. Its changelog suggests that 2.0 (not in Debian so far anyway) did not add this feature :/

The zuluplay fork adds this feature but it does not seem to be in Debian and I'd rather not add more ad-hoc, not easily installable requirements for folks who want to run our test suite.

zuluCrypt-cli also does support creating volumes with a PIM. I don't recall why I've chosen tcplay. This feature is not documented in the manpage but https://bbs.archlinux.org/viewtopic.php?pid=1558372#p1558372 explains how to use it. This seems our best bet at this point.

#6 Updated by intrigeri 3 months ago

  • Feature Branch set to test/15946-veracrypt-pim

#7 Updated by intrigeri 3 months ago

  • Feature Branch deleted (test/15946-veracrypt-pim)

Note to myself: our test suite not only needs to create VeraCrypt volumes with a PIM: it also needs to unlock them on the host system (that runs Stretch due to #15460) in order to create a filesystem and copy a file in there. zuluCrypt-cli is supposed to support this.

#8 Updated by segfault 3 months ago

intrigeri wrote:

Unfortunately, tcplay, that we use to generate VeraCrypt volumes in our test suite, does not support PIM. Its changelog suggests that 2.0 (not in Debian so far anyway) did not add this feature :/

The zuluplay fork adds this feature but it does not seem to be in Debian and I'd rather not add more ad-hoc, not easily installable requirements for folks who want to run our test suite.

zuluCrypt-cli also does support creating volumes with a PIM. I don't recall why I've chosen tcplay. This feature is not documented in the manpage but https://bbs.archlinux.org/viewtopic.php?pid=1558372#p1558372 explains how to use it. This seems our best bet at this point.

Wouldn't it be easier to just create a single container with a PIM and make it accessible to the test suite (just check it into our repo maybe?)?. I could provide you such a container.

#9 Updated by intrigeri 3 months ago

Wouldn't it be easier to just create a single container with a PIM and make it accessible to the test suite

You're entirely right that it would be easier. I had it in mind as a worst case solution, but I am presently unable to articulate why exactly, so perhaps it boils down to aesthetics, which should not matter too much here. And arguably, given we added VeraCrypt unlocking support and mostly assume one creates their VeraCrypt containers on a non-Linux platform, it makes sense to test stuff on a "foreign" container rather than insisting on generating it ourselves.

(just check it into our repo maybe?)?

This depends on the size. We went to great lengths to make tails.git smaller and not growing too fast. Granted, with the recent merge of the Weblate branch, perhaps this point is mostly moot nowadays.

I could provide you such a container.

Yes, please :)) It would at least allow me to write the tests, ensure PIM support does work, without blocking on the "how to generate the container and a filesystem in it" problem. Ideally, we need a VFAT filesystem in the container, with /usr/share/common-licenses/GPL-3 copied to SecretFile at the root of that filesystem. A mere empty encrypted container won't help much as I still would need to unlock it to set up the expected filesystem, which seems to be just as hard (on Stretch) as creating the container in the first place.

#10 Updated by segfault 3 months ago

  • Feature Branch set to feature/15946-veracrypt-tests-with-pim

intrigeri wrote:

I could provide you such a container.

Yes, please :)) It would at least allow me to write the tests, ensure PIM support does work, without blocking on the "how to generate the container and a filesystem in it" problem. Ideally, we need a VFAT filesystem in the container, with /usr/share/common-licenses/GPL-3 copied to SecretFile at the root of that filesystem. A mere empty encrypted container won't help much as I still would need to unlock it to set up the expected filesystem, which seems to be just as hard (on Stretch) as creating the container in the first place.

I pushed a commit. The size of the container is 400KB, I suppose that's small enough.

#11 Updated by intrigeri about 2 months ago

  • Target version changed from Tails_3.17 to Tails_4.0

#12 Updated by intrigeri about 1 month ago

  • Feature Branch changed from feature/15946-veracrypt-tests-with-pim to wip/test/15946-veracrypt-tests-with-pim

Thanks! Renaming the branch so Jenkins does not wastes cycles on it until I start working on this.

#13 Updated by intrigeri about 1 month ago

  • Status changed from Confirmed to In Progress

#14 Updated by intrigeri about 1 month ago

  • Feature Branch changed from wip/test/15946-veracrypt-tests-with-pim to test/15946-veracrypt-tests-with-pim

I've got something that works on my machine. Let's see if Jenkins agrees.

#15 Updated by intrigeri about 1 month ago

  • Status changed from In Progress to Needs Validation
  • Assignee changed from intrigeri to anonym

#16 Updated by intrigeri 25 days ago

  • Assignee deleted (anonym)

(anonym encouraged me to look for other reviewers.)

#17 Updated by segfault 25 days ago

  • Assignee set to segfault

#18 Updated by segfault 25 days ago

LGTM

#19 Updated by segfault 25 days ago

  • Status changed from Needs Validation to Resolved
  • % Done changed from 0 to 100

#20 Updated by segfault 25 days ago

  • Assignee deleted (segfault)
  • % Done changed from 100 to 0

Also available in: Atom PDF