nixpkgs/nixos/tests/signal-desktop.nix
Michael Weiss 59de06d093
nixos/tests/signal-desktop: Fix the sqlite3 part of the test (regressed)
Due to recent changes (likely a sqlite3 update) the sqlite3 meta-command
did suddenly succeed while sqlite3 is still unable to read the still
encrypted database. It just prints the following output and doesn't
seem to try to open/read the DB (which would fail):
```
main: /home/alice/.config/Signal/sql/db.sqlite r/w
```

We can simply fix this "regression" by instructing sqlite3 to list the tables
in the database (which fails because it cannot read the encrypted DB):
```
machine: must fail: su - alice -c 'sqlite3 ~/.config/Signal/sql/db.sqlite .tables'
machine # [   47.036720] su[1178]: Successful su for alice by root
machine # [   47.041049] su[1178]: pam_unix(su:session): session opened for user alice(uid=1000) by (uid=0)
machine # Error: file is not a database
machine # [   47.116070] su[1178]: pam_unix(su:session): session closed for user alice
(finished: must fail: su - alice -c 'sqlite3 ~/.config/Signal/sql/db.sqlite .tables', in 0.12 seconds)
```

Fix #181463.
2022-07-22 23:42:55 +02:00

70 lines
2.1 KiB
Nix

import ./make-test-python.nix ({ pkgs, ...} :
let
sqlcipher-signal = pkgs.writeShellScriptBin "sqlcipher" ''
set -eu
readonly CFG=~/.config/Signal/config.json
readonly KEY="$(${pkgs.jq}/bin/jq --raw-output '.key' $CFG)"
readonly DB="$1"
readonly SQL="SELECT * FROM sqlite_master where type='table'"
${pkgs.sqlcipher}/bin/sqlcipher "$DB" "PRAGMA key = \"x'$KEY'\"; $SQL"
'';
in {
name = "signal-desktop";
meta = with pkgs.lib.maintainers; {
maintainers = [ flokli primeos ];
};
nodes.machine = { ... }:
{
imports = [
./common/user-account.nix
./common/x11.nix
];
services.xserver.enable = true;
test-support.displayManager.auto.user = "alice";
environment.systemPackages = with pkgs; [
signal-desktop file sqlite sqlcipher-signal
];
};
enableOCR = true;
testScript = { nodes, ... }: let
user = nodes.machine.config.users.users.alice;
in ''
start_all()
machine.wait_for_x()
# start signal desktop
machine.execute("su - alice -c signal-desktop >&2 &")
# Wait for the Signal window to appear. Since usually the tests
# are run sandboxed and therfore with no internet, we can not wait
# for the message "Link your phone ...". Nor should we wait for
# the "Failed to connect to server" message, because when manually
# running this test it will be not sandboxed.
machine.wait_for_text("Signal")
machine.wait_for_text("File Edit View Window Help")
machine.screenshot("signal_desktop")
# Test if the database is encrypted to prevent these issues:
# - https://github.com/NixOS/nixpkgs/issues/108772
# - https://github.com/NixOS/nixpkgs/pull/117555
print(machine.succeed("su - alice -c 'file ~/.config/Signal/sql/db.sqlite'"))
machine.fail(
"su - alice -c 'file ~/.config/Signal/sql/db.sqlite' | grep -e SQLite -e database"
)
# Only SQLCipher should be able to read the encrypted DB:
machine.fail(
"su - alice -c 'sqlite3 ~/.config/Signal/sql/db.sqlite .tables'"
)
print(machine.succeed(
"su - alice -c 'sqlcipher ~/.config/Signal/sql/db.sqlite'"
))
'';
})