Re: [Tails-dev] [review'n'merge:1.1] bugfix/7443-persistent-…

Delete this message

Reply to this message
Author: anonym
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] [review'n'merge:1.1] bugfix/7443-persistent-files-permission
01/07/14 15:22, anonym wrote:
> I'm currently running usb_install.feature with current testing as
> --old-iso, which should test the permission fixes from commit 97961bf in
> an appropriate manner. I'll report back on that.


Another issue:

> commit d5a602bf65032ae4da715f62ce4079b915b4bedf

[...]
> +def persistent_source_dirs
> + ["Persistent",
> + "apt",
> + "bookmarks",
> + "claws-mail",
> + "cups",
> + "dotfiles",
> + "gnome-keyrings",
> + "gnupg",
> + "nm-system-connections",
> + "openssh-client",
> + "pidgin",
> + ]
> +end


'apt' is not a source dir, but 'apt/cache' and 'apt/lists' are. Also, no
exception was added for (the incorrect) 'apt' in the "persistent
directories have safe access rights" step (like was done for
'nm-system-connections' and 'cups').

I think I cleaned this up quite a bit in commit a59e28a, and
future-proofed it for new persistent non-amnesia-user directories. At

> commit 86da95283669545219492d6f4921eb9cb66dd2eb
> Author: Tails developers <amnesia@???>
> Date: Mon Jun 30 09:42:07 2014 +0000
>
>     Remove files as the parent directory's owner.

>
>     Else, it can't possibly succeed.

[...]
> -    assert(@vm.execute("rm #{dir}/XXX_persist").success?,
> +    owner = @vm.execute("stat -c %U #{dir}").stdout.chomp
> +    assert(@vm.execute("rm #{dir}/XXX_persist", user=owner).success?,


I do not get this. @vm.execute runs the command as root by default, so
the owner stuff seems unnecessary.

Next (and I think this is unrealted to this branch) in "Scenario:
Upgrading an old Tails USB installation from an ISO image, running on
the old version" I get:

    Then Tails is installed on USB drive "to_upgrade"
                          # features/step_definitions/usb.rb:163
      USB drive 'to_upgrade' has differences in /live:
      Files /lib/live/mount/medium/live/filesystem.packages and
/mnt/new/live/filesystem.packages differ
      Files /lib/live/mount/medium/live/filesystem.squashfs and
/mnt/new/live/filesystem.squashfs differ
      Files /lib/live/mount/medium/live/initrd.img and
/mnt/new/live/initrd.img differ
      Files /lib/live/mount/medium/live/initrd2.img and
/mnt/new/live/initrd2.img differ


I'll get back to this.

With the current state of bugfix/7443-persistent-files-permission, all
tests are green except the above one, if I run with the following
uncommitted fix:

--- a/features/usb_install.feature
+++ b/features/usb_install.feature
@@ -160,7 +160,6 @@ Scenario: Writing files to a read/write-enabled
persistent partition with the old Tails USB installation
     And I write some files expected to persist
     And persistent filesystems have safe access rights
     And persistence configuration files have safe access rights
-    And persistent directories have safe access rights
     And I shutdown Tails and wait for the computer to power off
     Then only the expected files should persist on USB drive "old"


since my --old-iso doesn't have the permission fix, that step will
otherwise fail. Let's just ignore that.

Cheers!