nixpkgs-suyu/nixos/tests/signal-desktop.nix
Michael Weiss c4c087da21
nixos/tests/signal-desktop: Improve the DB test
The command "file ~/.config/Signal/sql/db.sqlite | grep 'db.sqlite: data'"
can randomly fail because "file" sometimes recognizes the "random"
(encrypted) data as something. This occasionally causes test failures,
e.g. [0] were it was recognized as "PGP Secret Sub-key -" or in another
instance as an ext4 filesystem [1].

[0]: https://github.com/NixOS/nixpkgs/pull/132644#issuecomment-892601504
[1]: https://social.primeos.dev/notice/A7H8VWV0KtQHUZZIsC
2021-08-05 18:26:59 +02:00

70 lines
2.2 KiB
Nix

import ./make-test-python.nix ({ pkgs, ...} :
let
sqlcipher-signal = pkgs.writeShellScriptBin "sqlcipher" ''
set -eu
readonly CFG=~/.config/Signal/config.json
readonly KEY="$(${pkgs.jq}/bin/jq --raw-output '.key' $CFG)"
readonly DB="$1"
readonly SQL="SELECT * FROM sqlite_master where type='table'"
${pkgs.sqlcipher}/bin/sqlcipher "$DB" "PRAGMA key = \"x'$KEY'\"; $SQL"
'';
in {
name = "signal-desktop";
meta = with pkgs.lib.maintainers; {
maintainers = [ flokli primeos ];
};
machine = { ... }:
{
imports = [
./common/user-account.nix
./common/x11.nix
];
services.xserver.enable = true;
test-support.displayManager.auto.user = "alice";
environment.systemPackages = with pkgs; [
signal-desktop file sqlite sqlcipher-signal
];
virtualisation.memorySize = 1024;
};
enableOCR = true;
testScript = { nodes, ... }: let
user = nodes.machine.config.users.users.alice;
in ''
start_all()
machine.wait_for_x()
# start signal desktop
machine.execute("su - alice -c signal-desktop &")
# Wait for the Signal window to appear. Since usually the tests
# are run sandboxed and therfore with no internet, we can not wait
# for the message "Link your phone ...". Nor should we wait for
# the "Failed to connect to server" message, because when manually
# running this test it will be not sandboxed.
machine.wait_for_text("Signal")
machine.wait_for_text("File Edit View Window Help")
machine.screenshot("signal_desktop")
# Test if the database is encrypted to prevent these issues:
# - https://github.com/NixOS/nixpkgs/issues/108772
# - https://github.com/NixOS/nixpkgs/pull/117555
print(machine.succeed("su - alice -c 'file ~/.config/Signal/sql/db.sqlite'"))
machine.fail(
"su - alice -c 'file ~/.config/Signal/sql/db.sqlite' | grep -e SQLite -e database"
)
# Only SQLCipher should be able to read the encrypted DB:
machine.fail(
"su - alice -c 'sqlite3 ~/.config/Signal/sql/db.sqlite .databases'"
)
print(machine.succeed(
"su - alice -c 'sqlcipher ~/.config/Signal/sql/db.sqlite'"
))
'';
})