nixos/tests/signal-desktop.nix at master · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / signal-desktop.nix
at master 2.3 kB view raw
 1{ pkgs, ... }:
 2let
 3  sqlcipher-signal = pkgs.writeShellScriptBin "sqlcipher" ''
 4    set -eu
 5
 6    readonly CFG=~/.config/Signal/config.json
 7    readonly KEY="$(${pkgs.jq}/bin/jq --raw-output '.key' $CFG)"
 8    readonly DB="$1"
 9    readonly SQL="SELECT * FROM sqlite_master where type='table'"
10    ${pkgs.sqlcipher}/bin/sqlcipher "$DB" "PRAGMA key = \"x'$KEY'\"; $SQL"
11  '';
12in
13{
14  name = "signal-desktop";
15  meta = with pkgs.lib.maintainers; {
16    maintainers = [
17      flokli
18    ];
19  };
20
21  nodes.machine =
22    { ... }:
23
24    {
25      imports = [
26        ./common/user-account.nix
27        ./common/x11.nix
28      ];
29
30      services.xserver.enable = true;
31      test-support.displayManager.auto.user = "alice";
32      environment.systemPackages = with pkgs; [
33        signal-desktop
34        file
35        sqlite
36        sqlcipher-signal
37      ];
38    };
39
40  enableOCR = true;
41
42  testScript =
43    { nodes, ... }:
44    let
45      user = nodes.machine.config.users.users.alice;
46    in
47    ''
48      start_all()
49      machine.wait_for_x()
50
51      # start signal desktop
52      machine.execute("su - alice -c signal-desktop >&2 &")
53
54      # Wait for the Signal window to appear. Since usually the tests
55      # are run sandboxed and therefore with no internet, we can not wait
56      # for the message "Link your phone ...". Nor should we wait for
57      # the "Failed to connect to server" message, because when manually
58      # running this test it will be not sandboxed.
59      machine.wait_for_text("Signal")
60      machine.wait_for_text("File Edit View Window Help")
61      machine.screenshot("signal_desktop")
62
63      # Test if the database is encrypted to prevent these issues:
64      # - https://github.com/NixOS/nixpkgs/issues/108772
65      # - https://github.com/NixOS/nixpkgs/pull/117555
66      print(machine.succeed("su - alice -c 'file ~/.config/Signal/sql/db.sqlite'"))
67      machine.fail(
68          "su - alice -c 'file ~/.config/Signal/sql/db.sqlite' | grep -e SQLite -e database"
69      )
70      # Only SQLCipher should be able to read the encrypted DB:
71      machine.fail(
72          "su - alice -c 'sqlite3 ~/.config/Signal/sql/db.sqlite .tables'"
73      )
74      print(machine.succeed(
75          "su - alice -c 'sqlcipher ~/.config/Signal/sql/db.sqlite'"
76      ))
77    '';
78}