nixos/tests/signal-desktop.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / signal-desktop.nix
at 25.11-pre 2.3 kB view raw
 1{ pkgs, ... }:
 2let
 3  sqlcipher-signal = pkgs.writeShellScriptBin "sqlcipher" ''
 4    set -eu
 5
 6    readonly CFG=~/.config/Signal/config.json
 7    readonly KEY="$(${pkgs.jq}/bin/jq --raw-output '.key' $CFG)"
 8    readonly DB="$1"
 9    readonly SQL="SELECT * FROM sqlite_master where type='table'"
10    ${pkgs.sqlcipher}/bin/sqlcipher "$DB" "PRAGMA key = \"x'$KEY'\"; $SQL"
11  '';
12in
13{
14  name = "signal-desktop";
15  meta = with pkgs.lib.maintainers; {
16    maintainers = [
17      flokli
18      primeos
19    ];
20  };
21
22  nodes.machine =
23    { ... }:
24
25    {
26      imports = [
27        ./common/user-account.nix
28        ./common/x11.nix
29      ];
30
31      services.xserver.enable = true;
32      test-support.displayManager.auto.user = "alice";
33      environment.systemPackages = with pkgs; [
34        signal-desktop
35        file
36        sqlite
37        sqlcipher-signal
38      ];
39    };
40
41  enableOCR = true;
42
43  testScript =
44    { nodes, ... }:
45    let
46      user = nodes.machine.config.users.users.alice;
47    in
48    ''
49      start_all()
50      machine.wait_for_x()
51
52      # start signal desktop
53      machine.execute("su - alice -c signal-desktop >&2 &")
54
55      # Wait for the Signal window to appear. Since usually the tests
56      # are run sandboxed and therefore with no internet, we can not wait
57      # for the message "Link your phone ...". Nor should we wait for
58      # the "Failed to connect to server" message, because when manually
59      # running this test it will be not sandboxed.
60      machine.wait_for_text("Signal")
61      machine.wait_for_text("File Edit View Window Help")
62      machine.screenshot("signal_desktop")
63
64      # Test if the database is encrypted to prevent these issues:
65      # - https://github.com/NixOS/nixpkgs/issues/108772
66      # - https://github.com/NixOS/nixpkgs/pull/117555
67      print(machine.succeed("su - alice -c 'file ~/.config/Signal/sql/db.sqlite'"))
68      machine.fail(
69          "su - alice -c 'file ~/.config/Signal/sql/db.sqlite' | grep -e SQLite -e database"
70      )
71      # Only SQLCipher should be able to read the encrypted DB:
72      machine.fail(
73          "su - alice -c 'sqlite3 ~/.config/Signal/sql/db.sqlite .tables'"
74      )
75      print(machine.succeed(
76          "su - alice -c 'sqlcipher ~/.config/Signal/sql/db.sqlite'"
77      ))
78    '';
79}