#!/usr/bin/python # vim: fileencoding=utf-8 # # The Qubes OS Project, https://www.qubes-os.org/ # # Copyright (C) 2014-2015 # Marek Marczykowski-Górecki # Copyright (C) 2015 Wojtek Porczyk # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License along # with this program; if not, write to the Free Software Foundation, Inc., # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # from distutils import spawn import multiprocessing import os import subprocess import unittest import time from qubes.qubes import QubesVmCollection, defaults, QubesException import qubes.tests import re TEST_DATA = "0123456789" * 1024 class TC_00_AppVMMixin(qubes.tests.SystemTestsMixin): def setUp(self): super(TC_00_AppVMMixin, self).setUp() self.testvm1 = self.qc.add_new_vm( "QubesAppVm", name=self.make_vm_name('vm1'), template=self.qc.get_vm_by_name(self.template)) self.testvm1.create_on_disk(verbose=False) self.testvm2 = self.qc.add_new_vm( "QubesAppVm", name=self.make_vm_name('vm2'), template=self.qc.get_vm_by_name(self.template)) self.testvm2.create_on_disk(verbose=False) self.save_and_reload_db() self.qc.unlock_db() self.testvm1 = self.qc[self.testvm1.qid] self.testvm2 = self.qc[self.testvm2.qid] def test_000_start_shutdown(self): self.testvm1.start() self.assertEquals(self.testvm1.get_power_state(), "Running") self.testvm1.shutdown() shutdown_counter = 0 while self.testvm1.is_running(): if shutdown_counter > defaults["shutdown_counter_max"]: self.fail("VM hanged during shutdown") shutdown_counter += 1 time.sleep(1) time.sleep(1) self.assertEquals(self.testvm1.get_power_state(), "Halted") @unittest.skipUnless(spawn.find_executable('xdotool'), "xdotool not installed") def test_010_run_xterm(self): self.testvm1.start() self.assertEquals(self.testvm1.get_power_state(), "Running") self.testvm1.run("xterm") wait_count = 0 title = 'user@{}'.format(self.testvm1.name) if self.template.count("whonix"): title = 'user@host' while subprocess.call( ['xdotool', 'search', '--name', title], stdout=open(os.path.devnull, 'w'), stderr=subprocess.STDOUT) > 0: wait_count += 1 if wait_count > 100: self.fail("Timeout while waiting for xterm window") time.sleep(0.1) time.sleep(0.5) subprocess.check_call( ['xdotool', 'search', '--name', title, 'windowactivate', 'type', 'exit\n']) wait_count = 0 while subprocess.call(['xdotool', 'search', '--name', title], stdout=open(os.path.devnull, 'w'), stderr=subprocess.STDOUT) == 0: wait_count += 1 if wait_count > 100: self.fail("Timeout while waiting for xterm " "termination") time.sleep(0.1) @unittest.skipUnless(spawn.find_executable('xdotool'), "xdotool not installed") def test_011_run_gnome_terminal(self): if "minimal" in self.template: self.skipTest("Minimal template doesn't have 'gnome-terminal'") self.testvm1.start() self.assertEquals(self.testvm1.get_power_state(), "Running") self.testvm1.run("gnome-terminal") title = 'user@{}'.format(self.testvm1.name) if self.template.count("whonix"): title = 'user@host' wait_count = 0 while subprocess.call( ['xdotool', 'search', '--name', title], stdout=open(os.path.devnull, 'w'), stderr=subprocess.STDOUT) > 0: wait_count += 1 if wait_count > 100: self.fail("Timeout while waiting for gnome-terminal window") time.sleep(0.1) time.sleep(0.5) subprocess.check_call( ['xdotool', 'search', '--name', title, 'windowactivate', '--sync', 'type', 'exit\n']) wait_count = 0 while subprocess.call(['xdotool', 'search', '--name', title], stdout=open(os.path.devnull, 'w'), stderr=subprocess.STDOUT) == 0: wait_count += 1 if wait_count > 100: self.fail("Timeout while waiting for gnome-terminal " "termination") time.sleep(0.1) @unittest.skipUnless(spawn.find_executable('xdotool'), "xdotool not installed") def test_012_qubes_desktop_run(self): self.testvm1.start() self.assertEquals(self.testvm1.get_power_state(), "Running") xterm_desktop_path = "/usr/share/applications/xterm.desktop" # Debian has it different... xterm_desktop_path_debian = \ "/usr/share/applications/debian-xterm.desktop" if self.testvm1.run("test -r {}".format(xterm_desktop_path_debian), wait=True) == 0: xterm_desktop_path = xterm_desktop_path_debian self.testvm1.run("qubes-desktop-run {}".format(xterm_desktop_path)) title = 'user@{}'.format(self.testvm1.name) if self.template.count("whonix"): title = 'user@host' wait_count = 0 while subprocess.call( ['xdotool', 'search', '--name', title], stdout=open(os.path.devnull, 'w'), stderr=subprocess.STDOUT) > 0: wait_count += 1 if wait_count > 100: self.fail("Timeout while waiting for xterm window") time.sleep(0.1) time.sleep(0.5) subprocess.check_call( ['xdotool', 'search', '--name', title, 'windowactivate', '--sync', 'type', 'exit\n']) wait_count = 0 while subprocess.call(['xdotool', 'search', '--name', title], stdout=open(os.path.devnull, 'w'), stderr=subprocess.STDOUT) == 0: wait_count += 1 if wait_count > 100: self.fail("Timeout while waiting for xterm " "termination") time.sleep(0.1) def test_050_qrexec_simple_eof(self): """Test for data and EOF transmission dom0->VM""" result = multiprocessing.Value('i', 0) def run(self, result): p = self.testvm1.run("cat", passio_popen=True, passio_stderr=True) (stdout, stderr) = p.communicate(TEST_DATA) if stdout != TEST_DATA: result.value = 1 if len(stderr) > 0: result.value = 2 self.testvm1.start() t = multiprocessing.Process(target=run, args=(self, result)) t.start() t.join(timeout=10) if t.is_alive(): t.terminate() self.fail("Timeout, probably EOF wasn't transferred to the VM " "process") if result.value == 1: self.fail("Received data differs from what was sent") elif result.value == 2: self.fail("Some data was printed to stderr") def test_051_qrexec_simple_eof_reverse(self): """Test for EOF transmission VM->dom0""" result = multiprocessing.Value('i', 0) def run(self, result): p = self.testvm1.run("echo test; exec >&-; cat > /dev/null", passio_popen=True, passio_stderr=True) # this will hang on test failure stdout = p.stdout.read() p.stdin.write(TEST_DATA) p.stdin.close() if stdout.strip() != "test": result.value = 1 # this may hang in some buggy cases elif len(p.stderr.read()) > 0: result.value = 2 elif p.poll() is None: time.sleep(1) if p.poll() is None: result.value = 3 self.testvm1.start() t = multiprocessing.Process(target=run, args=(self, result)) t.start() t.join(timeout=10) if t.is_alive(): t.terminate() self.fail("Timeout, probably EOF wasn't transferred from the VM " "process") if result.value == 1: self.fail("Received data differs from what was expected") elif result.value == 2: self.fail("Some data was printed to stderr") elif result.value == 3: self.fail("VM proceess didn't terminated on EOF") def test_052_qrexec_vm_service_eof(self): """Test for EOF transmission VM(src)->VM(dst)""" result = multiprocessing.Value('i', 0) def run(self, result): p = self.testvm1.run("/usr/lib/qubes/qrexec-client-vm %s test.EOF " "/bin/sh -c 'echo test; exec >&-; cat " ">&$SAVED_FD_1'" % self.testvm2.name, passio_popen=True) (stdout, stderr) = p.communicate() if stdout != "test\n": result.value = 1 self.testvm1.start() self.testvm2.start() p = self.testvm2.run("cat > /etc/qubes-rpc/test.EOF", user="root", passio_popen=True) p.stdin.write("/bin/cat") p.stdin.close() p.wait() policy = open("/etc/qubes-rpc/policy/test.EOF", "w") policy.write("%s %s allow" % (self.testvm1.name, self.testvm2.name)) policy.close() self.addCleanup(os.unlink, "/etc/qubes-rpc/policy/test.EOF") t = multiprocessing.Process(target=run, args=(self, result)) t.start() t.join(timeout=10) if t.is_alive(): t.terminate() self.fail("Timeout, probably EOF wasn't transferred") if result.value == 1: self.fail("Received data differs from what was expected") @unittest.expectedFailure def test_053_qrexec_vm_service_eof_reverse(self): """Test for EOF transmission VM(src)<-VM(dst)""" result = multiprocessing.Value('i', 0) def run(self, result): p = self.testvm1.run("/usr/lib/qubes/qrexec-client-vm %s test.EOF " "/bin/sh -c 'cat >&$SAVED_FD_1'" % self.testvm2.name, passio_popen=True) (stdout, stderr) = p.communicate() if stdout != "test\n": result.value = 1 self.testvm1.start() self.testvm2.start() p = self.testvm2.run("cat > /etc/qubes-rpc/test.EOF", user="root", passio_popen=True) p.stdin.write("echo test; exec >&-; cat >/dev/null") p.stdin.close() p.wait() policy = open("/etc/qubes-rpc/policy/test.EOF", "w") policy.write("%s %s allow" % (self.testvm1.name, self.testvm2.name)) policy.close() self.addCleanup(os.unlink, "/etc/qubes-rpc/policy/test.EOF") t = multiprocessing.Process(target=run, args=(self, result)) t.start() t.join(timeout=10) if t.is_alive(): t.terminate() self.fail("Timeout, probably EOF wasn't transferred") if result.value == 1: self.fail("Received data differs from what was expected") def test_055_qrexec_dom0_service_abort(self): """ Test if service abort (by dom0) is properly handled by source VM. If "remote" part of the service terminates, the source part should properly be notified. This includes closing its stdin (which is already checked by test_053_qrexec_vm_service_eof_reverse), but also its stdout - otherwise such service might hang on write(2) call. """ def run (src): p = src.run("/usr/lib/qubes/qrexec-client-vm dom0 " "test.Abort /bin/cat /dev/zero", passio_popen=True) p.communicate() p.wait() self.testvm1.start() service = open("/etc/qubes-rpc/test.Abort", "w") service.write("sleep 1") service.close() self.addCleanup(os.unlink, "/etc/qubes-rpc/test.Abort") policy = open("/etc/qubes-rpc/policy/test.Abort", "w") policy.write("%s dom0 allow" % (self.testvm1.name)) policy.close() self.addCleanup(os.unlink, "/etc/qubes-rpc/policy/test.Abort") t = multiprocessing.Process(target=run, args=(self.testvm1,)) t.start() t.join(timeout=10) if t.is_alive(): t.terminate() self.fail("Timeout, probably stdout wasn't closed") def test_060_qrexec_exit_code_dom0(self): self.testvm1.start() p = self.testvm1.run("exit 0", passio_popen=True) p.wait() self.assertEqual(0, p.returncode) p = self.testvm1.run("exit 3", passio_popen=True) p.wait() self.assertEqual(3, p.returncode) @unittest.expectedFailure def test_065_qrexec_exit_code_vm(self): self.testvm1.start() self.testvm2.start() policy = open("/etc/qubes-rpc/policy/test.Retcode", "w") policy.write("%s %s allow" % (self.testvm1.name, self.testvm2.name)) policy.close() self.addCleanup(os.unlink, "/etc/qubes-rpc/policy/test.Retcode") p = self.testvm2.run("cat > /etc/qubes-rpc/test.Retcode", user="root", passio_popen=True) p.stdin.write("exit 0") p.stdin.close() p.wait() p = self.testvm1.run("/usr/lib/qubes/qrexec-client-vm %s test.Retcode " "/bin/sh -c 'cat >/dev/null'; echo $?" % self.testvm1.name, passio_popen=True) (stdout, stderr) = p.communicate() self.assertEqual(stdout, "0\n") p = self.testvm2.run("cat > /etc/qubes-rpc/test.Retcode", user="root", passio_popen=True) p.stdin.write("exit 3") p.stdin.close() p.wait() p = self.testvm1.run("/usr/lib/qubes/qrexec-client-vm %s test.Retcode " "/bin/sh -c 'cat >/dev/null'; echo $?" % self.testvm1.name, passio_popen=True) (stdout, stderr) = p.communicate() self.assertEqual(stdout, "3\n") def test_070_qrexec_vm_simultaneous_write(self): """Test for simultaneous write in VM(src)->VM(dst) connection This is regression test for #1347 Check for deadlock when initially both sides writes a lot of data (and not read anything). When one side starts reading, it should get the data and the remote side should be possible to write then more. There was a bug where remote side was waiting on write(2) and not handling anything else. """ result = multiprocessing.Value('i', -1) def run(self): p = self.testvm1.run( "/usr/lib/qubes/qrexec-client-vm %s test.write " "/bin/sh -c '" # first write a lot of data to fill all the buffers "dd if=/dev/zero bs=993 count=10000 iflag=fullblock & " # then after some time start reading "sleep 1; " "dd of=/dev/null bs=993 count=10000 iflag=fullblock; " "wait" "'" % self.testvm2.name, passio_popen=True) p.communicate() result.value = p.returncode self.testvm1.start() self.testvm2.start() p = self.testvm2.run("cat > /etc/qubes-rpc/test.write", user="root", passio_popen=True) # first write a lot of data p.stdin.write("dd if=/dev/zero bs=993 count=10000 iflag=fullblock\n") # and only then read something p.stdin.write("dd of=/dev/null bs=993 count=10000 iflag=fullblock\n") p.stdin.close() p.wait() policy = open("/etc/qubes-rpc/policy/test.write", "w") policy.write("%s %s allow" % (self.testvm1.name, self.testvm2.name)) policy.close() self.addCleanup(os.unlink, "/etc/qubes-rpc/policy/test.write") t = multiprocessing.Process(target=run, args=(self,)) t.start() t.join(timeout=10) if t.is_alive(): t.terminate() self.fail("Timeout, probably deadlock") self.assertEqual(result.value, 0, "Service call failed") def test_071_qrexec_dom0_simultaneous_write(self): """Test for simultaneous write in dom0(src)->VM(dst) connection Similar to test_070_qrexec_vm_simultaneous_write, but with dom0 as a source. """ result = multiprocessing.Value('i', -1) def run(self): result.value = self.testvm2.run_service( "test.write", localcmd="/bin/sh -c '" # first write a lot of data to fill all the buffers "dd if=/dev/zero bs=993 count=10000 iflag=fullblock & " # then after some time start reading "sleep 1; " "dd of=/dev/null bs=993 count=10000 iflag=fullblock; " "wait" "'") self.testvm2.start() p = self.testvm2.run("cat > /etc/qubes-rpc/test.write", user="root", passio_popen=True) # first write a lot of data p.stdin.write("dd if=/dev/zero bs=993 count=10000 iflag=fullblock\n") # and only then read something p.stdin.write("dd of=/dev/null bs=993 count=10000 iflag=fullblock\n") p.stdin.close() p.wait() policy = open("/etc/qubes-rpc/policy/test.write", "w") policy.write("%s %s allow" % (self.testvm1.name, self.testvm2.name)) policy.close() self.addCleanup(os.unlink, "/etc/qubes-rpc/policy/test.write") t = multiprocessing.Process(target=run, args=(self,)) t.start() t.join(timeout=10) if t.is_alive(): t.terminate() self.fail("Timeout, probably deadlock") self.assertEqual(result.value, 0, "Service call failed") def test_072_qrexec_to_dom0_simultaneous_write(self): """Test for simultaneous write in dom0(src)<-VM(dst) connection Similar to test_071_qrexec_dom0_simultaneous_write, but with dom0 as a "hanging" side. """ result = multiprocessing.Value('i', -1) def run(self): result.value = self.testvm2.run_service( "test.write", localcmd="/bin/sh -c '" # first write a lot of data to fill all the buffers "dd if=/dev/zero bs=993 count=10000 iflag=fullblock " # then, only when all written, read something "dd of=/dev/null bs=993 count=10000 iflag=fullblock; " "'") self.testvm2.start() p = self.testvm2.run("cat > /etc/qubes-rpc/test.write", user="root", passio_popen=True) # first write a lot of data p.stdin.write("dd if=/dev/zero bs=993 count=10000 iflag=fullblock &\n") # and only then read something p.stdin.write("dd of=/dev/null bs=993 count=10000 iflag=fullblock\n") p.stdin.write("sleep 1; \n") p.stdin.write("wait\n") p.stdin.close() p.wait() policy = open("/etc/qubes-rpc/policy/test.write", "w") policy.write("%s %s allow" % (self.testvm1.name, self.testvm2.name)) policy.close() self.addCleanup(os.unlink, "/etc/qubes-rpc/policy/test.write") t = multiprocessing.Process(target=run, args=(self,)) t.start() t.join(timeout=10) if t.is_alive(): t.terminate() self.fail("Timeout, probably deadlock") self.assertEqual(result.value, 0, "Service call failed") def test_080_qrexec_service_argument_allow_default(self): """Qrexec service call with argument""" self.testvm1.start() self.testvm2.start() p = self.testvm2.run("cat > /etc/qubes-rpc/test.Argument", user="root", passio_popen=True) p.communicate("/bin/echo $1") with open("/etc/qubes-rpc/policy/test.Argument", "w") as policy: policy.write("%s %s allow" % (self.testvm1.name, self.testvm2.name)) self.addCleanup(os.unlink, "/etc/qubes-rpc/policy/test.Argument") p = self.testvm1.run("/usr/lib/qubes/qrexec-client-vm {} " "test.Argument+argument".format(self.testvm2.name), passio_popen=True) (stdout, stderr) = p.communicate() self.assertEqual(stdout, "argument\n") def test_081_qrexec_service_argument_allow_specific(self): """Qrexec service call with argument - allow only specific value""" self.testvm1.start() self.testvm2.start() p = self.testvm2.run("cat > /etc/qubes-rpc/test.Argument", user="root", passio_popen=True) p.communicate("/bin/echo $1") with open("/etc/qubes-rpc/policy/test.Argument", "w") as policy: policy.write("$anyvm $anyvm deny") self.addCleanup(os.unlink, "/etc/qubes-rpc/policy/test.Argument") with open("/etc/qubes-rpc/policy/test.Argument+argument", "w") as \ policy: policy.write("%s %s allow" % (self.testvm1.name, self.testvm2.name)) self.addCleanup(os.unlink, "/etc/qubes-rpc/policy/test.Argument+argument") p = self.testvm1.run("/usr/lib/qubes/qrexec-client-vm {} " "test.Argument+argument".format(self.testvm2.name), passio_popen=True) (stdout, stderr) = p.communicate() self.assertEqual(stdout, "argument\n") def test_082_qrexec_service_argument_deny_specific(self): """Qrexec service call with argument - deny specific value""" self.testvm1.start() self.testvm2.start() p = self.testvm2.run("cat > /etc/qubes-rpc/test.Argument", user="root", passio_popen=True) p.communicate("/bin/echo $1") with open("/etc/qubes-rpc/policy/test.Argument", "w") as policy: policy.write("$anyvm $anyvm allow") self.addCleanup(os.unlink, "/etc/qubes-rpc/policy/test.Argument") with open("/etc/qubes-rpc/policy/test.Argument+argument", "w") as \ policy: policy.write("%s %s deny" % (self.testvm1.name, self.testvm2.name)) self.addCleanup(os.unlink, "/etc/qubes-rpc/policy/test.Argument+argument") p = self.testvm1.run("/usr/lib/qubes/qrexec-client-vm {} " "test.Argument+argument".format(self.testvm2.name), passio_popen=True) (stdout, stderr) = p.communicate() self.assertEqual(stdout, "") self.assertEqual(p.returncode, 1, "Service request should be denied") def test_083_qrexec_service_argument_specific_implementation(self): """Qrexec service call with argument - argument specific implementatation""" self.testvm1.start() self.testvm2.start() p = self.testvm2.run("cat > /etc/qubes-rpc/test.Argument", user="root", passio_popen=True) p.communicate("/bin/echo $1") p = self.testvm2.run("cat > /etc/qubes-rpc/test.Argument+argument", user="root", passio_popen=True) p.communicate("/bin/echo specific: $1") with open("/etc/qubes-rpc/policy/test.Argument", "w") as policy: policy.write("%s %s allow" % (self.testvm1.name, self.testvm2.name)) self.addCleanup(os.unlink, "/etc/qubes-rpc/policy/test.Argument") p = self.testvm1.run("/usr/lib/qubes/qrexec-client-vm {} " "test.Argument+argument".format(self.testvm2.name), passio_popen=True) (stdout, stderr) = p.communicate() self.assertEqual(stdout, "specific: argument\n") def test_084_qrexec_service_argument_extra_env(self): """Qrexec service call with argument - extra env variables""" self.testvm1.start() self.testvm2.start() p = self.testvm2.run("cat > /etc/qubes-rpc/test.Argument", user="root", passio_popen=True) p.communicate("/bin/echo $QREXEC_SERVICE_FULL_NAME " "$QREXEC_SERVICE_ARGUMENT") with open("/etc/qubes-rpc/policy/test.Argument", "w") as policy: policy.write("%s %s allow" % (self.testvm1.name, self.testvm2.name)) self.addCleanup(os.unlink, "/etc/qubes-rpc/policy/test.Argument") p = self.testvm1.run("/usr/lib/qubes/qrexec-client-vm {} " "test.Argument+argument".format(self.testvm2.name), passio_popen=True) (stdout, stderr) = p.communicate() self.assertEqual(stdout, "test.Argument+argument argument\n") def test_100_qrexec_filecopy(self): self.testvm1.start() self.testvm2.start() self.qrexec_policy('qubes.Filecopy', self.testvm1.name, self.testvm2.name) p = self.testvm1.run("qvm-copy-to-vm %s /etc/passwd" % self.testvm2.name, passio_popen=True, passio_stderr=True) p.wait() self.assertEqual(p.returncode, 0, "qvm-copy-to-vm failed: %s" % p.stderr.read()) retcode = self.testvm2.run("diff /etc/passwd " "/home/user/QubesIncoming/{}/passwd".format( self.testvm1.name), wait=True) self.assertEqual(retcode, 0, "file differs") def test_105_qrexec_filemove(self): self.testvm1.start() self.testvm2.start() self.qrexec_policy('qubes.Filecopy', self.testvm1.name, self.testvm2.name) retcode = self.testvm1.run("cp /etc/passwd passwd", wait=True) assert retcode == 0, "Failed to prepare source file" p = self.testvm1.run("qvm-move-to-vm %s passwd" % self.testvm2.name, passio_popen=True, passio_stderr=True) p.wait() self.assertEqual(p.returncode, 0, "qvm-move-to-vm failed: %s" % p.stderr.read()) retcode = self.testvm2.run("diff /etc/passwd " "/home/user/QubesIncoming/{}/passwd".format( self.testvm1.name), wait=True) self.assertEqual(retcode, 0, "file differs") retcode = self.testvm1.run("test -f passwd", wait=True) self.assertEqual(retcode, 1, "source file not removed") def test_101_qrexec_filecopy_with_autostart(self): self.testvm1.start() self.qrexec_policy('qubes.Filecopy', self.testvm1.name, self.testvm2.name) p = self.testvm1.run("qvm-copy-to-vm %s /etc/passwd" % self.testvm2.name, passio_popen=True, passio_stderr=True) p.wait() self.assertEqual(p.returncode, 0, "qvm-copy-to-vm failed: %s" % p.stderr.read()) # workaround for libvirt bug (domain ID isn't updated when is started # from other application) - details in # QubesOS/qubes-core-libvirt@63ede4dfb4485c4161dd6a2cc809e8fb45ca664f self.testvm2._libvirt_domain = None self.assertTrue(self.testvm2.is_running()) retcode = self.testvm2.run("diff /etc/passwd " "/home/user/QubesIncoming/{}/passwd".format( self.testvm1.name), wait=True) self.assertEqual(retcode, 0, "file differs") def test_110_qrexec_filecopy_deny(self): self.testvm1.start() self.testvm2.start() self.qrexec_policy('qubes.Filecopy', self.testvm1.name, self.testvm2.name, allow=False) p = self.testvm1.run("qvm-copy-to-vm %s /etc/passwd" % self.testvm2.name, passio_popen=True) p.wait() self.assertNotEqual(p.returncode, 0, "qvm-copy-to-vm unexpectedly " "succeeded") retcode = self.testvm1.run("ls /home/user/QubesIncoming/%s" % self.testvm1.name, wait=True, ignore_stderr=True) self.assertNotEqual(retcode, 0, "QubesIncoming exists although file " "copy was denied") @unittest.skip("Xen gntalloc driver crashes when page is mapped in the " "same domain") def test_120_qrexec_filecopy_self(self): self.testvm1.start() self.qrexec_policy('qubes.Filecopy', self.testvm1.name, self.testvm1.name) p = self.testvm1.run("qvm-copy-to-vm %s /etc/passwd" % self.testvm1.name, passio_popen=True, passio_stderr=True) p.wait() self.assertEqual(p.returncode, 0, "qvm-copy-to-vm failed: %s" % p.stderr.read()) retcode = self.testvm1.run( "diff /etc/passwd /home/user/QubesIncoming/{}/passwd".format( self.testvm1.name), wait=True) self.assertEqual(retcode, 0, "file differs") @unittest.skipUnless(spawn.find_executable('xdotool'), "xdotool not installed") def test_130_qrexec_filemove_disk_full(self): self.testvm1.start() self.testvm2.start() self.qrexec_policy('qubes.Filecopy', self.testvm1.name, self.testvm2.name) # Prepare test file prepare_cmd = ("yes teststring | dd of=testfile bs=1M " "count=50 iflag=fullblock") retcode = self.testvm1.run(prepare_cmd, wait=True) if retcode != 0: raise RuntimeError("Failed '{}' in {}".format(prepare_cmd, self.testvm1.name)) # Prepare target directory with limited size prepare_cmd = ( "mkdir -p /home/user/QubesIncoming && " "chown user /home/user/QubesIncoming && " "mount -t tmpfs none /home/user/QubesIncoming -o size=48M" ) retcode = self.testvm2.run(prepare_cmd, user="root", wait=True) if retcode != 0: raise RuntimeError("Failed '{}' in {}".format(prepare_cmd, self.testvm2.name)) p = self.testvm1.run("qvm-move-to-vm %s testfile" % self.testvm2.name, passio_popen=True, passio_stderr=True) # Close GUI error message self.enter_keys_in_window('Error', ['Return']) p.wait() self.assertNotEqual(p.returncode, 0, "qvm-move-to-vm should fail") retcode = self.testvm1.run("test -f testfile", wait=True) self.assertEqual(retcode, 0, "testfile should not be deleted in " "source VM") def test_200_timezone(self): """Test whether timezone setting is properly propagated to the VM""" if "whonix" in self.template: self.skipTest("Timezone propagation disabled on Whonix templates") self.testvm1.start() (vm_tz, _) = self.testvm1.run("date +%Z", passio_popen=True).communicate() (dom0_tz, _) = subprocess.Popen(["date", "+%Z"], stdout=subprocess.PIPE).communicate() self.assertEqual(vm_tz.strip(), dom0_tz.strip()) # Check if reverting back to UTC works (vm_tz, _) = self.testvm1.run("TZ=UTC date +%Z", passio_popen=True).communicate() self.assertEqual(vm_tz.strip(), "UTC") def test_210_time_sync(self): """Test time synchronization mechanism""" if self.template.startswith('whonix-'): self.skipTest('qvm-sync-clock disabled for Whonix VMs') self.testvm1.start() self.testvm2.start() (start_time, _) = subprocess.Popen(["date", "-u", "+%s"], stdout=subprocess.PIPE).communicate() original_clockvm = self.qc.get_clockvm_vm() if original_clockvm: original_clockvm_name = original_clockvm.name else: original_clockvm_name = "none" try: # use qubes-prefs to not hassle with qubes.xml locking subprocess.check_call(["qubes-prefs", "-s", "clockvm", self.testvm1.name]) # break vm and dom0 time, to check if qvm-sync-clock would fix it subprocess.check_call(["sudo", "date", "-s", "2001-01-01T12:34:56"], stdout=open(os.devnull, 'w')) retcode = self.testvm1.run("date -s 2001-01-01T12:34:56", user="root", wait=True) self.assertEquals(retcode, 0, "Failed to break the VM(1) time") retcode = self.testvm2.run("date -s 2001-01-01T12:34:56", user="root", wait=True) self.assertEquals(retcode, 0, "Failed to break the VM(2) time") retcode = subprocess.call(["qvm-sync-clock"]) self.assertEquals(retcode, 0, "qvm-sync-clock failed with code {}". format(retcode)) # qvm-sync-clock is asynchronous - it spawns qubes.SetDateTime # service, send it timestamp value and exists without waiting for # actual time set time.sleep(1) (vm_time, _) = self.testvm1.run("date -u +%s", passio_popen=True).communicate() self.assertAlmostEquals(int(vm_time), int(start_time), delta=30) (vm_time, _) = self.testvm2.run("date -u +%s", passio_popen=True).communicate() self.assertAlmostEquals(int(vm_time), int(start_time), delta=30) (dom0_time, _) = subprocess.Popen(["date", "-u", "+%s"], stdout=subprocess.PIPE ).communicate() self.assertAlmostEquals(int(dom0_time), int(start_time), delta=30) except: # reset time to some approximation of the real time subprocess.Popen(["sudo", "date", "-u", "-s", "@" + start_time]) raise finally: subprocess.call(["qubes-prefs", "-s", "clockvm", original_clockvm_name]) def test_250_resize_private_img(self): """ Test private.img resize, both offline and online :return: """ # First offline test self.testvm1.resize_private_img(4*1024**3) self.testvm1.start() df_cmd = '( df --output=size /rw || df /rw | awk \'{print $2}\' )|' \ 'tail -n 1' p = self.testvm1.run(df_cmd, passio_popen=True) # new_size in 1k-blocks (new_size, _) = p.communicate() # some safety margin for FS metadata self.assertGreater(int(new_size.strip()), 3.8*1024**2) # Then online test self.testvm1.resize_private_img(6*1024**3) p = self.testvm1.run(df_cmd, passio_popen=True) # new_size in 1k-blocks (new_size, _) = p.communicate() # some safety margin for FS metadata self.assertGreater(int(new_size.strip()), 5.8*1024**2) class TC_05_StandaloneVM(qubes.tests.SystemTestsMixin, qubes.tests.QubesTestCase): def test_000_create_start(self): testvm1 = self.qc.add_new_vm("QubesAppVm", template=None, name=self.make_vm_name('vm1')) testvm1.create_on_disk(verbose=False, source_template=self.qc.get_default_template()) self.qc.save() self.qc.unlock_db() testvm1.start() self.assertEquals(testvm1.get_power_state(), "Running") def test_100_resize_root_img(self): testvm1 = self.qc.add_new_vm("QubesAppVm", template=None, name=self.make_vm_name('vm1')) testvm1.create_on_disk(verbose=False, source_template=self.qc.get_default_template()) self.qc.save() self.qc.unlock_db() with self.assertRaises(QubesException): testvm1.resize_root_img(20*1024**3) testvm1.resize_root_img(20*1024**3, allow_start=True) timeout = 60 while testvm1.is_running(): time.sleep(1) timeout -= 1 if timeout == 0: self.fail("Timeout while waiting for VM shutdown") self.assertEquals(testvm1.get_root_img_sz(), 20*1024**3) testvm1.start() p = testvm1.run('df --output=size /|tail -n 1', passio_popen=True) # new_size in 1k-blocks (new_size, _) = p.communicate() # some safety margin for FS metadata self.assertGreater(int(new_size.strip()), 19*1024**2) class TC_10_HVM(qubes.tests.SystemTestsMixin, qubes.tests.QubesTestCase): # TODO: test with some OS inside # TODO: windows tools tests def test_000_create_start(self): testvm1 = self.qc.add_new_vm("QubesHVm", name=self.make_vm_name('vm1')) testvm1.create_on_disk(verbose=False) self.qc.save() self.qc.unlock_db() testvm1.start() self.assertEquals(testvm1.get_power_state(), "Running") def test_010_create_start_template(self): templatevm = self.qc.add_new_vm("QubesTemplateHVm", name=self.make_vm_name('template')) templatevm.create_on_disk(verbose=False) self.qc.save() self.qc.unlock_db() templatevm.start() self.assertEquals(templatevm.get_power_state(), "Running") def test_020_create_start_template_vm(self): templatevm = self.qc.add_new_vm("QubesTemplateHVm", name=self.make_vm_name('template')) templatevm.create_on_disk(verbose=False) testvm2 = self.qc.add_new_vm("QubesHVm", name=self.make_vm_name('vm2'), template=templatevm) testvm2.create_on_disk(verbose=False) self.qc.save() self.qc.unlock_db() testvm2.start() self.assertEquals(testvm2.get_power_state(), "Running") def test_030_prevent_simultaneus_start(self): templatevm = self.qc.add_new_vm("QubesTemplateHVm", name=self.make_vm_name('template')) templatevm.create_on_disk(verbose=False) testvm2 = self.qc.add_new_vm("QubesHVm", name=self.make_vm_name('vm2'), template=templatevm) testvm2.create_on_disk(verbose=False) self.qc.save() self.qc.unlock_db() templatevm.start() self.assertEquals(templatevm.get_power_state(), "Running") self.assertRaises(QubesException, testvm2.start) templatevm.force_shutdown() testvm2.start() self.assertEquals(testvm2.get_power_state(), "Running") self.assertRaises(QubesException, templatevm.start) def test_100_resize_root_img(self): testvm1 = self.qc.add_new_vm("QubesHVm", name=self.make_vm_name('vm1')) testvm1.create_on_disk(verbose=False) self.qc.save() self.qc.unlock_db() testvm1.resize_root_img(30*1024**3) self.assertEquals(testvm1.get_root_img_sz(), 30*1024**3) testvm1.start() self.assertEquals(testvm1.get_power_state(), "Running") # TODO: launch some OS there and check the size def test_200_start_invalid_drive(self): """Regression test for #1619""" testvm1 = self.qc.add_new_vm("QubesHVm", name=self.make_vm_name('vm1')) testvm1.create_on_disk(verbose=False) testvm1.drive = 'hd:dom0:/invalid' self.qc.save() self.qc.unlock_db() try: testvm1.start() except Exception as e: self.assertIsInstance(e, QubesException) else: self.fail('No exception raised') def test_201_start_invalid_drive_cdrom(self): """Regression test for #1619""" testvm1 = self.qc.add_new_vm("QubesHVm", name=self.make_vm_name('vm1')) testvm1.create_on_disk(verbose=False) testvm1.drive = 'cdrom:dom0:/invalid' self.qc.save() self.qc.unlock_db() try: testvm1.start() except Exception as e: self.assertIsInstance(e, QubesException) else: self.fail('No exception raised') class TC_20_DispVMMixin(qubes.tests.SystemTestsMixin): def test_000_prepare_dvm(self): self.qc.unlock_db() retcode = subprocess.call(['/usr/bin/qvm-create-default-dvm', self.template], stderr=open(os.devnull, 'w')) self.assertEqual(retcode, 0) self.qc.lock_db_for_writing() self.qc.load() self.assertIsNotNone(self.qc.get_vm_by_name( self.template + "-dvm")) # TODO: check mtime of snapshot file def test_010_simple_dvm_run(self): self.qc.unlock_db() p = subprocess.Popen(['/usr/lib/qubes/qfile-daemon-dvm', 'qubes.VMShell', 'dom0', 'DEFAULT'], stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=open(os.devnull, 'w')) (stdout, _) = p.communicate(input="echo test") self.assertEqual(stdout, "test\n") # TODO: check if DispVM is destroyed @unittest.skipUnless(spawn.find_executable('xdotool'), "xdotool not installed") def test_020_gui_app(self): self.qc.unlock_db() p = subprocess.Popen(['/usr/lib/qubes/qfile-daemon-dvm', 'qubes.VMShell', 'dom0', 'DEFAULT'], stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=open(os.devnull, 'w')) # wait for DispVM startup: p.stdin.write("echo test\n") p.stdin.flush() l = p.stdout.readline() self.assertEqual(l, "test\n") # potential race condition, but our tests are supposed to be # running on dedicated machine, so should not be a problem self.qc.lock_db_for_reading() self.qc.load() self.qc.unlock_db() max_qid = 0 for vm in self.qc.values(): if not vm.is_disposablevm(): continue if vm.qid > max_qid: max_qid = vm.qid dispvm = self.qc[max_qid] self.assertNotEqual(dispvm.qid, 0, "DispVM not found in qubes.xml") self.assertTrue(dispvm.is_running()) try: window_title = 'user@%s' % (dispvm.template.name + "-dvm") p.stdin.write("xterm -e " "\"sh -c 'echo \\\"\033]0;{}\007\\\";read x;'\"\n". format(window_title)) self.wait_for_window(window_title) time.sleep(0.5) self.enter_keys_in_window(window_title, ['Return']) # Wait for window to close self.wait_for_window(window_title, show=False) finally: p.stdin.close() wait_count = 0 while dispvm.is_running(): wait_count += 1 if wait_count > 100: self.fail("Timeout while waiting for DispVM destruction") time.sleep(0.1) wait_count = 0 while p.poll() is None: wait_count += 1 if wait_count > 100: self.fail("Timeout while waiting for qfile-daemon-dvm " "termination") time.sleep(0.1) self.assertEqual(p.returncode, 0) self.qc.lock_db_for_reading() self.qc.load() self.qc.unlock_db() self.assertIsNone(self.qc.get_vm_by_name(dispvm.name), "DispVM not removed from qubes.xml") def _handle_editor(self, winid): (window_title, _) = subprocess.Popen( ['xdotool', 'getwindowname', winid], stdout=subprocess.PIPE).\ communicate() window_title = window_title.strip().\ replace('(', '\(').replace(')', '\)') time.sleep(1) if "gedit" in window_title: subprocess.check_call(['xdotool', 'windowactivate', '--sync', winid, 'type', 'Test test 2\n']) time.sleep(0.5) subprocess.check_call(['xdotool', 'key', 'ctrl+s', 'ctrl+q']) elif "LibreOffice" in window_title: # wait for actual editor (we've got splash screen) search = subprocess.Popen(['xdotool', 'search', '--sync', '--onlyvisible', '--all', '--name', '--class', 'disp*|Writer'], stdout=subprocess.PIPE, stderr=open(os.path.devnull, 'w')) retcode = search.wait() if retcode == 0: winid = search.stdout.read().strip() time.sleep(0.5) subprocess.check_call(['xdotool', 'windowactivate', '--sync', winid, 'type', 'Test test 2\n']) time.sleep(0.5) subprocess.check_call(['xdotool', 'key', '--delay', '100', 'ctrl+s', 'Return', 'ctrl+q']) elif "emacs" in window_title: subprocess.check_call(['xdotool', 'windowactivate', '--sync', winid, 'type', 'Test test 2\n']) time.sleep(0.5) subprocess.check_call(['xdotool', 'key', 'ctrl+x', 'ctrl+s']) subprocess.check_call(['xdotool', 'key', 'ctrl+x', 'ctrl+c']) elif "vim" in window_title or "user@" in window_title: subprocess.check_call(['xdotool', 'windowactivate', '--sync', winid, 'key', 'i', 'type', 'Test test 2\n']) subprocess.check_call( ['xdotool', 'key', 'Escape', 'colon', 'w', 'q', 'Return']) else: self.fail("Unknown editor window: {}".format(window_title)) @unittest.skipUnless(spawn.find_executable('xdotool'), "xdotool not installed") def test_030_edit_file(self): testvm1 = self.qc.add_new_vm("QubesAppVm", name=self.make_vm_name('vm1'), template=self.qc.get_vm_by_name( self.template)) testvm1.create_on_disk(verbose=False) self.qc.save() testvm1.start() testvm1.run("echo test1 > /home/user/test.txt", wait=True) self.qc.unlock_db() p = testvm1.run("qvm-open-in-dvm /home/user/test.txt", passio_popen=True) wait_count = 0 winid = None while True: search = subprocess.Popen(['xdotool', 'search', '--onlyvisible', '--class', 'disp*'], stdout=subprocess.PIPE, stderr=open(os.path.devnull, 'w')) retcode = search.wait() if retcode == 0: winid = search.stdout.read().strip() break wait_count += 1 if wait_count > 100: self.fail("Timeout while waiting for editor window") time.sleep(0.3) time.sleep(0.5) self._handle_editor(winid) p.wait() p = testvm1.run("cat /home/user/test.txt", passio_popen=True) (test_txt_content, _) = p.communicate() # Drop BOM if added by editor if test_txt_content.startswith('\xef\xbb\xbf'): test_txt_content = test_txt_content[3:] self.assertEqual(test_txt_content, "Test test 2\ntest1\n") class TC_30_Gui_daemon(qubes.tests.SystemTestsMixin, qubes.tests.QubesTestCase): @unittest.skipUnless(spawn.find_executable('xdotool'), "xdotool not installed") def test_000_clipboard(self): testvm1 = self.qc.add_new_vm("QubesAppVm", name=self.make_vm_name('vm1'), template=self.qc.get_default_template()) testvm1.create_on_disk(verbose=False) testvm2 = self.qc.add_new_vm("QubesAppVm", name=self.make_vm_name('vm2'), template=self.qc.get_default_template()) testvm2.create_on_disk(verbose=False) self.qc.save() self.qc.unlock_db() testvm1.start() testvm2.start() window_title = 'user@{}'.format(testvm1.name) testvm1.run('zenity --text-info --editable --title={}'.format( window_title)) self.wait_for_window(window_title) time.sleep(0.5) test_string = "test{}".format(testvm1.xid) # Type and copy some text subprocess.check_call(['xdotool', 'search', '--name', window_title, 'windowactivate', '--sync', 'type', '{}'.format(test_string)]) # second xdotool call because type --terminator do not work (SEGV) # additionally do not use search here, so window stack will be empty # and xdotool will use XTEST instead of generating events manually - # this will be much better - at least because events will have # correct timestamp (so gui-daemon would not drop the copy request) subprocess.check_call(['xdotool', 'key', 'ctrl+a', 'ctrl+c', 'ctrl+shift+c', 'Escape']) clipboard_content = \ open('/var/run/qubes/qubes-clipboard.bin', 'r').read().strip() self.assertEquals(clipboard_content, test_string, "Clipboard copy operation failed - content") clipboard_source = \ open('/var/run/qubes/qubes-clipboard.bin.source', 'r').read().strip() self.assertEquals(clipboard_source, testvm1.name, "Clipboard copy operation failed - owner") # Then paste it to the other window window_title = 'user@{}'.format(testvm2.name) p = testvm2.run('zenity --entry --title={} > test.txt'.format( window_title), passio_popen=True) self.wait_for_window(window_title) subprocess.check_call(['xdotool', 'key', '--delay', '100', 'ctrl+shift+v', 'ctrl+v', 'Return']) p.wait() # And compare the result (test_output, _) = testvm2.run('cat test.txt', passio_popen=True).communicate() self.assertEquals(test_string, test_output.strip()) clipboard_content = \ open('/var/run/qubes/qubes-clipboard.bin', 'r').read().strip() self.assertEquals(clipboard_content, "", "Clipboard not wiped after paste - content") clipboard_source = \ open('/var/run/qubes/qubes-clipboard.bin.source', 'r').read( ).strip() self.assertEquals(clipboard_source, "", "Clipboard not wiped after paste - owner") @unittest.skipUnless(os.path.exists('/var/lib/qubes/vm-kernels/pvgrub2'), 'grub-xen package not installed') class TC_40_PVGrub(qubes.tests.SystemTestsMixin): def setUp(self): super(TC_40_PVGrub, self).setUp() supported = False if self.template.startswith('fedora-'): supported = True elif self.template.startswith('debian-'): supported = True if not supported: self.skipTest("Template {} not supported by this test".format( self.template)) def install_packages(self, vm): if self.template.startswith('fedora-'): cmd_install1 = 'dnf clean expire-cache && ' \ 'dnf install -y qubes-kernel-vm-support grub2-tools' cmd_install2 = 'yum install -y kernel && ' \ 'KVER=$(rpm -q --qf %{VERSION}-%{RELEASE}.%{ARCH} kernel) && ' \ 'dnf install --allowerasing -y kernel-devel-$KVER && ' \ 'dkms autoinstall -k $KVER' cmd_update_grub = 'grub2-mkconfig -o /boot/grub2/grub.cfg' elif self.template.startswith('debian-'): cmd_install1 = 'apt-get update && apt-get install -y ' \ 'qubes-kernel-vm-support grub2-common' cmd_install2 = 'apt-get install -y linux-image-amd64' cmd_update_grub = 'mkdir /boot/grub && update-grub2' else: assert False, "Unsupported template?!" for cmd in [cmd_install1, cmd_install2, cmd_update_grub]: p = vm.run(cmd, user="root", passio_popen=True, passio_stderr=True) (stdout, stderr) = p.communicate() self.assertEquals(p.returncode, 0, "Failed command: {}\nSTDOUT: {}\nSTDERR: {}" .format(cmd, stdout, stderr)) def get_kernel_version(self, vm): if self.template.startswith('fedora-'): cmd_get_kernel_version = 'rpm -q kernel|sort -n|tail -1|' \ 'cut -d - -f 2-' elif self.template.startswith('debian-'): cmd_get_kernel_version = \ 'dpkg-query --showformat=\'${Package}\\n\' --show ' \ '\'linux-image-*-amd64\'|sort -n|tail -1|cut -d - -f 3-' else: raise RuntimeError("Unsupported template?!") p = vm.run(cmd_get_kernel_version, user="root", passio_popen=True) (kver, _) = p.communicate() self.assertEquals(p.returncode, 0, "Failed command: {}".format(cmd_get_kernel_version)) return kver.strip() def test_000_standalone_vm(self): testvm1 = self.qc.add_new_vm("QubesAppVm", template=None, name=self.make_vm_name('vm1')) testvm1.create_on_disk(verbose=False, source_template=self.qc.get_vm_by_name( self.template)) self.save_and_reload_db() self.qc.unlock_db() testvm1 = self.qc[testvm1.qid] testvm1.start() self.install_packages(testvm1) kver = self.get_kernel_version(testvm1) self.shutdown_and_wait(testvm1) self.qc.lock_db_for_writing() self.qc.load() testvm1 = self.qc[testvm1.qid] testvm1.kernel = 'pvgrub2' self.save_and_reload_db() self.qc.unlock_db() testvm1 = self.qc[testvm1.qid] testvm1.start() p = testvm1.run('uname -r', passio_popen=True) (actual_kver, _) = p.communicate() self.assertEquals(actual_kver.strip(), kver) def test_010_template_based_vm(self): test_template = self.qc.add_new_vm("QubesTemplateVm", template=None, name=self.make_vm_name('template')) test_template.clone_attrs(self.qc.get_vm_by_name(self.template)) test_template.clone_disk_files( src_vm=self.qc.get_vm_by_name(self.template), verbose=False) testvm1 = self.qc.add_new_vm("QubesAppVm", template=test_template, name=self.make_vm_name('vm1')) testvm1.create_on_disk(verbose=False, source_template=test_template) self.save_and_reload_db() self.qc.unlock_db() test_template = self.qc[test_template.qid] testvm1 = self.qc[testvm1.qid] test_template.start() self.install_packages(test_template) kver = self.get_kernel_version(test_template) self.shutdown_and_wait(test_template) self.qc.lock_db_for_writing() self.qc.load() test_template = self.qc[test_template.qid] test_template.kernel = 'pvgrub2' testvm1 = self.qc[testvm1.qid] testvm1.kernel = 'pvgrub2' self.save_and_reload_db() self.qc.unlock_db() # Check if TemplateBasedVM boots and has the right kernel testvm1 = self.qc[testvm1.qid] testvm1.start() p = testvm1.run('uname -r', passio_popen=True) (actual_kver, _) = p.communicate() self.assertEquals(actual_kver.strip(), kver) # And the same for the TemplateVM itself test_template = self.qc[test_template.qid] test_template.start() p = test_template.run('uname -r', passio_popen=True) (actual_kver, _) = p.communicate() self.assertEquals(actual_kver.strip(), kver) @unittest.skipUnless( spawn.find_executable('xprop') and spawn.find_executable('xdotool') and spawn.find_executable('wmctrl'), "xprop or xdotool or wmctrl not installed") class TC_50_MimeHandlers(qubes.tests.SystemTestsMixin): @classmethod def setUpClass(cls): if cls.template == 'whonix-gw' or 'minimal' in cls.template: raise unittest.SkipTest( 'Template {} not supported by this test'.format(cls.template)) if cls.template == 'whonix-ws': # TODO remove when Whonix-based DispVMs will work (Whonix 13?) raise unittest.SkipTest( 'Template {} not supported by this test'.format(cls.template)) qc = QubesVmCollection() cls._kill_test_vms(qc, prefix=qubes.tests.CLSVMPREFIX) qc.lock_db_for_writing() qc.load() cls._remove_test_vms(qc, qubes.qubes.vmm.libvirt_conn, prefix=qubes.tests.CLSVMPREFIX) cls.source_vmname = cls.make_vm_name('source', True) source_vm = qc.add_new_vm("QubesAppVm", template=qc.get_vm_by_name(cls.template), name=cls.source_vmname) source_vm.create_on_disk(verbose=False) cls.target_vmname = cls.make_vm_name('target', True) target_vm = qc.add_new_vm("QubesAppVm", template=qc.get_vm_by_name(cls.template), name=cls.target_vmname) target_vm.create_on_disk(verbose=False) qc.save() qc.unlock_db() source_vm.start() target_vm.start() # make sure that DispVMs will be started of the same template retcode = subprocess.call(['/usr/bin/qvm-create-default-dvm', cls.template], stderr=open(os.devnull, 'w')) assert retcode == 0, "Error preparing DispVM" def setUp(self): super(TC_50_MimeHandlers, self).setUp() self.source_vm = self.qc.get_vm_by_name(self.source_vmname) self.target_vm = self.qc.get_vm_by_name(self.target_vmname) def get_window_class(self, winid, dispvm=False): (vm_winid, _) = subprocess.Popen( ['xprop', '-id', winid, '_QUBES_VMWINDOWID'], stdout=subprocess.PIPE ).communicate() vm_winid = vm_winid.split("#")[1].strip('\n" ') if dispvm: (vmname, _) = subprocess.Popen( ['xprop', '-id', winid, '_QUBES_VMNAME'], stdout=subprocess.PIPE ).communicate() vmname = vmname.split("=")[1].strip('\n" ') window_class = None while window_class is None: # XXX to use self.qc.get_vm_by_name would require reloading # qubes.xml, so use qvm-run instead xprop = subprocess.Popen( ['qvm-run', '-p', vmname, 'xprop -id {} WM_CLASS'.format( vm_winid)], stdout=subprocess.PIPE) (window_class, _) = xprop.communicate() if xprop.returncode != 0: self.skipTest("xprop failed, not installed?") if 'not found' in window_class: # WM_CLASS not set yet, wait a little time.sleep(0.1) window_class = None else: window_class = None while window_class is None: xprop = self.target_vm.run( 'xprop -id {} WM_CLASS'.format(vm_winid), passio_popen=True) (window_class, _) = xprop.communicate() if xprop.returncode != 0: self.skipTest("xprop failed, not installed?") if 'not found' in window_class: # WM_CLASS not set yet, wait a little time.sleep(0.1) window_class = None # output: WM_CLASS(STRING) = "gnome-terminal-server", "Gnome-terminal" try: window_class = window_class.split("=")[1].split(",")[0].strip('\n" ') except IndexError: raise Exception( "Unexpected output from xprop: '{}'".format(window_class)) return window_class def open_file_and_check_viewer(self, filename, expected_app_titles, expected_app_classes, dispvm=False): self.qc.unlock_db() if dispvm: p = self.source_vm.run("qvm-open-in-dvm {}".format(filename), passio_popen=True) vmpattern = "disp*" else: self.qrexec_policy('qubes.OpenInVM', self.source_vm.name, self.target_vmname) self.qrexec_policy('qubes.OpenURL', self.source_vm.name, self.target_vmname) p = self.source_vm.run("qvm-open-in-vm {} {}".format( self.target_vmname, filename), passio_popen=True) vmpattern = self.target_vmname wait_count = 0 winid = None window_title = None while True: search = subprocess.Popen(['xdotool', 'search', '--onlyvisible', '--class', vmpattern], stdout=subprocess.PIPE, stderr=open(os.path.devnull, 'w')) retcode = search.wait() if retcode == 0: winid = search.stdout.read().strip() # get window title (window_title, _) = subprocess.Popen( ['xdotool', 'getwindowname', winid], stdout=subprocess.PIPE). \ communicate() window_title = window_title.strip() # ignore LibreOffice splash screen and window with no title # set yet if window_title and not window_title.startswith("LibreOffice")\ and not window_title == 'VMapp command': break wait_count += 1 if wait_count > 100: self.fail("Timeout while waiting for editor window") time.sleep(0.3) # get window class window_class = self.get_window_class(winid, dispvm) # close the window - we've got the window class, it is no longer needed subprocess.check_call(['wmctrl', '-i', '-c', winid]) p.wait() self.wait_for_window(window_title, show=False) def check_matches(obj, patterns): return any((pat.search(obj) if isinstance(pat, type(re.compile(''))) else pat in obj) for pat in patterns) if not check_matches(window_title, expected_app_titles) and \ not check_matches(window_class, expected_app_classes): self.fail("Opening file {} resulted in window '{} ({})', which is " "none of {!r} ({!r})".format( filename, window_title, window_class, expected_app_titles, expected_app_classes)) def prepare_txt(self, filename): p = self.source_vm.run("cat > {}".format(filename), passio_popen=True) p.stdin.write("This is test\n") p.stdin.close() retcode = p.wait() assert retcode == 0, "Failed to write {} file".format(filename) def prepare_pdf(self, filename): self.prepare_txt("/tmp/source.txt") cmd = "convert /tmp/source.txt {}".format(filename) retcode = self.source_vm.run(cmd, wait=True) assert retcode == 0, "Failed to run '{}'".format(cmd) def prepare_doc(self, filename): self.prepare_txt("/tmp/source.txt") cmd = "unoconv -f doc -o {} /tmp/source.txt".format(filename) retcode = self.source_vm.run(cmd, wait=True) if retcode != 0: self.skipTest("Failed to run '{}', not installed?".format(cmd)) def prepare_pptx(self, filename): self.prepare_txt("/tmp/source.txt") cmd = "unoconv -f pptx -o {} /tmp/source.txt".format(filename) retcode = self.source_vm.run(cmd, wait=True) if retcode != 0: self.skipTest("Failed to run '{}', not installed?".format(cmd)) def prepare_png(self, filename): self.prepare_txt("/tmp/source.txt") cmd = "convert /tmp/source.txt {}".format(filename) retcode = self.source_vm.run(cmd, wait=True) if retcode != 0: self.skipTest("Failed to run '{}', not installed?".format(cmd)) def prepare_jpg(self, filename): self.prepare_txt("/tmp/source.txt") cmd = "convert /tmp/source.txt {}".format(filename) retcode = self.source_vm.run(cmd, wait=True) if retcode != 0: self.skipTest("Failed to run '{}', not installed?".format(cmd)) def test_000_txt(self): filename = "/home/user/test_file.txt" self.prepare_txt(filename) self.open_file_and_check_viewer(filename, ["vim", "user@"], ["gedit", "emacs", "libreoffice"]) def test_001_pdf(self): filename = "/home/user/test_file.pdf" self.prepare_pdf(filename) self.open_file_and_check_viewer(filename, [], ["evince"]) def test_002_doc(self): filename = "/home/user/test_file.doc" self.prepare_doc(filename) self.open_file_and_check_viewer(filename, [], ["libreoffice", "abiword"]) def test_003_pptx(self): filename = "/home/user/test_file.pptx" self.prepare_pptx(filename) self.open_file_and_check_viewer(filename, [], ["libreoffice"]) def test_004_png(self): filename = "/home/user/test_file.png" self.prepare_png(filename) self.open_file_and_check_viewer(filename, [], ["shotwell", "eog", "display"]) def test_005_jpg(self): filename = "/home/user/test_file.jpg" self.prepare_jpg(filename) self.open_file_and_check_viewer(filename, [], ["shotwell", "eog", "display"]) def test_006_jpeg(self): filename = "/home/user/test_file.jpeg" self.prepare_jpg(filename) self.open_file_and_check_viewer(filename, [], ["shotwell", "eog", "display"]) def test_010_url(self): self.open_file_and_check_viewer("https://www.qubes-os.org/", [], ["Firefox", "Iceweasel", "Navigator"]) def test_100_txt_dispvm(self): filename = "/home/user/test_file.txt" self.prepare_txt(filename) self.open_file_and_check_viewer(filename, ["vim", "user@"], ["gedit", "emacs", "libreoffice"], dispvm=True) def test_101_pdf_dispvm(self): filename = "/home/user/test_file.pdf" self.prepare_pdf(filename) self.open_file_and_check_viewer(filename, [], ["evince"], dispvm=True) def test_102_doc_dispvm(self): filename = "/home/user/test_file.doc" self.prepare_doc(filename) self.open_file_and_check_viewer(filename, [], ["libreoffice", "abiword"], dispvm=True) def test_103_pptx_dispvm(self): filename = "/home/user/test_file.pptx" self.prepare_pptx(filename) self.open_file_and_check_viewer(filename, [], ["libreoffice"], dispvm=True) def test_104_png_dispvm(self): filename = "/home/user/test_file.png" self.prepare_png(filename) self.open_file_and_check_viewer(filename, [], ["shotwell", "eog", "display"], dispvm=True) def test_105_jpg_dispvm(self): filename = "/home/user/test_file.jpg" self.prepare_jpg(filename) self.open_file_and_check_viewer(filename, [], ["shotwell", "eog", "display"], dispvm=True) def test_106_jpeg_dispvm(self): filename = "/home/user/test_file.jpeg" self.prepare_jpg(filename) self.open_file_and_check_viewer(filename, [], ["shotwell", "eog", "display"], dispvm=True) def test_110_url_dispvm(self): self.open_file_and_check_viewer("https://www.qubes-os.org/", [], ["Firefox", "Iceweasel", "Navigator"], dispvm=True) def load_tests(loader, tests, pattern): try: qc = qubes.qubes.QubesVmCollection() qc.lock_db_for_reading() qc.load() qc.unlock_db() templates = [vm.name for vm in qc.values() if isinstance(vm, qubes.qubes.QubesTemplateVm)] except OSError: templates = [] for template in templates: tests.addTests(loader.loadTestsFromTestCase( type( 'TC_00_AppVM_' + template, (TC_00_AppVMMixin, qubes.tests.QubesTestCase), {'template': template}))) tests.addTests(loader.loadTestsFromTestCase( type( 'TC_20_DispVM_' + template, (TC_20_DispVMMixin, qubes.tests.QubesTestCase), {'template': template}))) tests.addTests(loader.loadTestsFromTestCase( type( 'TC_40_PVGrub_' + template, (TC_40_PVGrub, qubes.tests.QubesTestCase), {'template': template}))) tests.addTests(loader.loadTestsFromTestCase( type( 'TC_50_MimeHandlers_' + template, (TC_50_MimeHandlers, qubes.tests.QubesTestCase), {'template': template}))) return tests