59de06d093
Due to recent changes (likely a sqlite3 update) the sqlite3 meta-command did suddenly succeed while sqlite3 is still unable to read the still encrypted database. It just prints the following output and doesn't seem to try to open/read the DB (which would fail): ``` main: /home/alice/.config/Signal/sql/db.sqlite r/w ``` We can simply fix this "regression" by instructing sqlite3 to list the tables in the database (which fails because it cannot read the encrypted DB): ``` machine: must fail: su - alice -c 'sqlite3 ~/.config/Signal/sql/db.sqlite .tables' machine # [ 47.036720] su[1178]: Successful su for alice by root machine # [ 47.041049] su[1178]: pam_unix(su:session): session opened for user alice(uid=1000) by (uid=0) machine # Error: file is not a database machine # [ 47.116070] su[1178]: pam_unix(su:session): session closed for user alice (finished: must fail: su - alice -c 'sqlite3 ~/.config/Signal/sql/db.sqlite .tables', in 0.12 seconds) ``` Fix #181463.
70 lines
2.1 KiB
Nix
70 lines
2.1 KiB
Nix
import ./make-test-python.nix ({ pkgs, ...} :
|
|
|
|
let
|
|
sqlcipher-signal = pkgs.writeShellScriptBin "sqlcipher" ''
|
|
set -eu
|
|
|
|
readonly CFG=~/.config/Signal/config.json
|
|
readonly KEY="$(${pkgs.jq}/bin/jq --raw-output '.key' $CFG)"
|
|
readonly DB="$1"
|
|
readonly SQL="SELECT * FROM sqlite_master where type='table'"
|
|
${pkgs.sqlcipher}/bin/sqlcipher "$DB" "PRAGMA key = \"x'$KEY'\"; $SQL"
|
|
'';
|
|
in {
|
|
name = "signal-desktop";
|
|
meta = with pkgs.lib.maintainers; {
|
|
maintainers = [ flokli primeos ];
|
|
};
|
|
|
|
nodes.machine = { ... }:
|
|
|
|
{
|
|
imports = [
|
|
./common/user-account.nix
|
|
./common/x11.nix
|
|
];
|
|
|
|
services.xserver.enable = true;
|
|
test-support.displayManager.auto.user = "alice";
|
|
environment.systemPackages = with pkgs; [
|
|
signal-desktop file sqlite sqlcipher-signal
|
|
];
|
|
};
|
|
|
|
enableOCR = true;
|
|
|
|
testScript = { nodes, ... }: let
|
|
user = nodes.machine.config.users.users.alice;
|
|
in ''
|
|
start_all()
|
|
machine.wait_for_x()
|
|
|
|
# start signal desktop
|
|
machine.execute("su - alice -c signal-desktop >&2 &")
|
|
|
|
# Wait for the Signal window to appear. Since usually the tests
|
|
# are run sandboxed and therfore with no internet, we can not wait
|
|
# for the message "Link your phone ...". Nor should we wait for
|
|
# the "Failed to connect to server" message, because when manually
|
|
# running this test it will be not sandboxed.
|
|
machine.wait_for_text("Signal")
|
|
machine.wait_for_text("File Edit View Window Help")
|
|
machine.screenshot("signal_desktop")
|
|
|
|
# Test if the database is encrypted to prevent these issues:
|
|
# - https://github.com/NixOS/nixpkgs/issues/108772
|
|
# - https://github.com/NixOS/nixpkgs/pull/117555
|
|
print(machine.succeed("su - alice -c 'file ~/.config/Signal/sql/db.sqlite'"))
|
|
machine.fail(
|
|
"su - alice -c 'file ~/.config/Signal/sql/db.sqlite' | grep -e SQLite -e database"
|
|
)
|
|
# Only SQLCipher should be able to read the encrypted DB:
|
|
machine.fail(
|
|
"su - alice -c 'sqlite3 ~/.config/Signal/sql/db.sqlite .tables'"
|
|
)
|
|
print(machine.succeed(
|
|
"su - alice -c 'sqlcipher ~/.config/Signal/sql/db.sqlite'"
|
|
))
|
|
'';
|
|
})
|