Project

General

Profile

Bug #16701

"tails-security-check is using the Tails-specific SocksPort" test is broken when there's a live security advisory

Added by intrigeri 6 months ago. Updated 6 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Test suite
Target version:
Start date:
Due date:
% Done:

100%

Feature Branch:
https://salsa.debian.org/tails-team/tails/merge_requests/20
Type of work:
Code
Blueprint:
Starter:
Affected tool:
Security Check

Description

We currently have a live security advisory for #16694, which breaks this test, probably due to the fact tails-security-check is already running. IMO the "I re-run tails-security-check" step should do systemctl --user restart tails-security-check.service, so that:

  1. any already running tails-security-check is killed, which should fix this bug
  2. we test tails-security-check in an environment closer to how it's run in a real Tails: as we can see on #16603, running this kind of scripts via systemd or without it can yield subtly different behavior

Related issues

Blocks Tails - Feature #16209: Core work: Foundations Team Confirmed

Associated revisions

Revision c36f0684 (diff)
Added by intrigeri 6 months ago

Test suite: make tails-security-check's SOCKS port test work when there's a live security advisory (refs: #16701)

With a live security advisory, an instance of tails-security-check is already
running, which breaks "I re-run tails-security-check" (timeout waiting for the
process to exit). Let's instead re-run it via its systemd service, so that:

1. any already running tails-security-check is killed, which fixes this bug;

2. we test tails-security-check in an environment closer to how it's run in
a real Tails: as we can see on #16603, running this kind of scripts via
systemd or without it can yield subtly different behavior.

But systemctl returns as soon as the process is started, while our
previous implementation waited for tails-security-check to exit.
So we need to wait a little bit before analysing the network trace.

Revision 190b9681
Added by anonym 6 months ago

Merge remote-tracking branch 'origin/test/16701-more-robust-and-realistic-stream-isolation' into stable

Fix-committed: #16701

History

#1 Updated by intrigeri 6 months ago

  • Status changed from Confirmed to In Progress

#2 Updated by intrigeri 6 months ago

  • Assignee changed from intrigeri to anonym
  • Target version set to Tails_3.14
  • QA Check set to Ready for QA
  • Feature Branch set to https://salsa.debian.org/tails-team/tails/merge_requests/20

@anonym, can you please review this?

#3 Updated by intrigeri 6 months ago

#4 Updated by anonym 6 months ago

  • Status changed from In Progress to Fix committed
  • % Done changed from 0 to 100

#5 Updated by anonym 6 months ago

  • Assignee deleted (anonym)
  • QA Check changed from Ready for QA to Pass

Merged! Details on Salsa! :)

#6 Updated by CyrilBrulebois 6 months ago

  • Status changed from Fix committed to Resolved

Also available in: Atom PDF