3 files changed, 41 insertions, 127 deletions
diff --git a/nixos/tests/nextcloud/default.nix b/nixos/tests/nextcloud/default.nix
index b9f35b398cfe..19d04b28b4f9 100644
--- a/nixos/tests/nextcloud/default.nix
+++ b/nixos/tests/nextcloud/default.nix
@@ -8,10 +8,6 @@ with pkgs.lib;
 foldl
   (matrix: ver: matrix // {
     "basic${toString ver}" = import ./basic.nix { inherit system pkgs; nextcloudVersion = ver; };
-    "openssl-sse${toString ver}" = import ./openssl-sse.nix {
-      inherit system pkgs;
-      nextcloudVersion = ver;
-    };
     "with-postgresql-and-redis${toString ver}" = import ./with-postgresql-and-redis.nix {
       inherit system pkgs;
       nextcloudVersion = ver;
@@ -26,4 +22,4 @@ foldl
     };
   })
 { }
-  [ 25 26 27 ]
+  [ 26 27 ]
diff --git a/nixos/tests/nextcloud/openssl-sse.nix b/nixos/tests/nextcloud/openssl-sse.nix
deleted file mode 100644
index d6ea39c6155a..000000000000
--- a/nixos/tests/nextcloud/openssl-sse.nix
+++ /dev/null
@@ -1,109 +0,0 @@
-args@{ pkgs, nextcloudVersion ? 25, ... }:
-
-(import ../make-test-python.nix ({ pkgs, ...}: let
-  adminuser = "root";
-  adminpass = "notproduction";
-  nextcloudBase = {
-    networking.firewall.allowedTCPPorts = [ 80 ];
-    system.stateVersion = "22.05"; # stateVersions <22.11 use openssl 1.1 by default
-    services.nextcloud = {
-      enable = true;
-      config.adminpassFile = "${pkgs.writeText "adminpass" adminpass}";
-      database.createLocally = true;
-      package = pkgs.${"nextcloud" + (toString nextcloudVersion)};
-    };
-  };
-in {
-  name = "nextcloud-openssl";
-  meta = with pkgs.lib.maintainers; {
-    maintainers = [ ma27 ];
-  };
-  nodes.nextcloudwithopenssl1 = {
-    imports = [ nextcloudBase ];
-    services.nextcloud.hostName = "nextcloudwithopenssl1";
-  };
-  nodes.nextcloudwithopenssl3 = {
-    imports = [ nextcloudBase ];
-    services.nextcloud = {
-      hostName = "nextcloudwithopenssl3";
-      enableBrokenCiphersForSSE = false;
-    };
-  };
-  testScript = { nodes, ... }: let
-    withRcloneEnv = host: pkgs.writeScript "with-rclone-env" ''
-      #!${pkgs.runtimeShell}
-      export RCLONE_CONFIG_NEXTCLOUD_TYPE=webdav
-      export RCLONE_CONFIG_NEXTCLOUD_URL="http://${host}/remote.php/dav/files/${adminuser}"
-      export RCLONE_CONFIG_NEXTCLOUD_VENDOR="nextcloud"
-      export RCLONE_CONFIG_NEXTCLOUD_USER="${adminuser}"
-      export RCLONE_CONFIG_NEXTCLOUD_PASS="$(${pkgs.rclone}/bin/rclone obscure ${adminpass})"
-      "''${@}"
-    '';
-    withRcloneEnv1 = withRcloneEnv "nextcloudwithopenssl1";
-    withRcloneEnv3 = withRcloneEnv "nextcloudwithopenssl3";
-    copySharedFile1 = pkgs.writeScript "copy-shared-file" ''
-      #!${pkgs.runtimeShell}
-      echo 'hi' | ${withRcloneEnv1} ${pkgs.rclone}/bin/rclone rcat nextcloud:test-shared-file
-    '';
-    copySharedFile3 = pkgs.writeScript "copy-shared-file" ''
-      #!${pkgs.runtimeShell}
-      echo 'bye' | ${withRcloneEnv3} ${pkgs.rclone}/bin/rclone rcat nextcloud:test-shared-file2
-    '';
-    openssl1-node = nodes.nextcloudwithopenssl1.system.build.toplevel;
-    openssl3-node = nodes.nextcloudwithopenssl3.system.build.toplevel;
-  in ''
-    nextcloudwithopenssl1.start()
-    nextcloudwithopenssl1.wait_for_unit("multi-user.target")
-    nextcloudwithopenssl1.succeed("nextcloud-occ status")
-    nextcloudwithopenssl1.succeed("curl -sSf http://nextcloudwithopenssl1/login")
-    nextcloud_version = ${toString nextcloudVersion}
-
-    with subtest("With OpenSSL 1 SSE can be enabled and used"):
-        nextcloudwithopenssl1.succeed("nextcloud-occ app:enable encryption")
-        nextcloudwithopenssl1.succeed("nextcloud-occ encryption:enable")
-
-    with subtest("Upload file and ensure it's encrypted"):
-        nextcloudwithopenssl1.succeed("${copySharedFile1}")
-        nextcloudwithopenssl1.succeed("grep -E '^HBEGIN:oc_encryption_module' /var/lib/nextcloud/data/root/files/test-shared-file")
-        nextcloudwithopenssl1.succeed("${withRcloneEnv1} ${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file | grep hi")
-
-    with subtest("Switch to OpenSSL 3"):
-        nextcloudwithopenssl1.succeed("${openssl3-node}/bin/switch-to-configuration test")
-        nextcloudwithopenssl1.wait_for_open_port(80)
-        nextcloudwithopenssl1.succeed("nextcloud-occ status")
-
-    with subtest("Existing encrypted files cannot be read, but new files can be added"):
-        # This will succeed starting NC26 because of their custom implementation of openssl_seal
-        read_existing_file_test = nextcloudwithopenssl1.fail if nextcloud_version < 26 else nextcloudwithopenssl1.succeed
-        read_existing_file_test("${withRcloneEnv3} ${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file >&2")
-        nextcloudwithopenssl1.succeed("nextcloud-occ encryption:disable")
-        nextcloudwithopenssl1.succeed("${copySharedFile3}")
-        nextcloudwithopenssl1.succeed("grep bye /var/lib/nextcloud/data/root/files/test-shared-file2")
-        nextcloudwithopenssl1.succeed("${withRcloneEnv3} ${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file2 | grep bye")
-
-    with subtest("Switch back to OpenSSL 1.1 and ensure that encrypted files are readable again"):
-        nextcloudwithopenssl1.succeed("${openssl1-node}/bin/switch-to-configuration test")
-        nextcloudwithopenssl1.wait_for_open_port(80)
-        nextcloudwithopenssl1.succeed("nextcloud-occ status")
-        nextcloudwithopenssl1.succeed("nextcloud-occ encryption:enable")
-        nextcloudwithopenssl1.succeed("${withRcloneEnv1} ${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file2 | grep bye")
-        nextcloudwithopenssl1.succeed("${withRcloneEnv1} ${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file | grep hi")
-        nextcloudwithopenssl1.succeed("grep -E '^HBEGIN:oc_encryption_module' /var/lib/nextcloud/data/root/files/test-shared-file")
-        nextcloudwithopenssl1.succeed("grep bye /var/lib/nextcloud/data/root/files/test-shared-file2")
-
-    with subtest("Ensure that everything can be decrypted"):
-        nextcloudwithopenssl1.succeed("echo y | nextcloud-occ encryption:decrypt-all >&2")
-        nextcloudwithopenssl1.succeed("${withRcloneEnv1} ${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file2 | grep bye")
-        nextcloudwithopenssl1.succeed("${withRcloneEnv1} ${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file | grep hi")
-        nextcloudwithopenssl1.succeed("grep -vE '^HBEGIN:oc_encryption_module' /var/lib/nextcloud/data/root/files/test-shared-file")
-
-    with subtest("Switch to OpenSSL 3 ensure that all files are usable now"):
-        nextcloudwithopenssl1.succeed("${openssl3-node}/bin/switch-to-configuration test")
-        nextcloudwithopenssl1.wait_for_open_port(80)
-        nextcloudwithopenssl1.succeed("nextcloud-occ status")
-        nextcloudwithopenssl1.succeed("${withRcloneEnv3} ${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file2 | grep bye")
-        nextcloudwithopenssl1.succeed("${withRcloneEnv3} ${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file | grep hi")
-
-    nextcloudwithopenssl1.shutdown()
-  '';
-})) args
diff --git a/nixos/tests/xfce.nix b/nixos/tests/xfce.nix
index 3758ccbccf42..2df1a5b6e8c3 100644
--- a/nixos/tests/xfce.nix
+++ b/nixos/tests/xfce.nix
@@ -20,26 +20,53 @@ import ./make-test-python.nix ({ pkgs, ...} : {
       };
 
       services.xserver.desktopManager.xfce.enable = true;
+      environment.systemPackages = [ pkgs.xfce.xfce4-whiskermenu-plugin ];
 
       hardware.pulseaudio.enable = true; # needed for the factl test, /dev/snd/* exists without them but udev doesn't care then
 
     };
 
+  enableOCR = true;
+
   testScript = { nodes, ... }: let
     user = nodes.machine.users.users.alice;
+    bus = "DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/${toString user.uid}/bus";
   in ''
-      machine.wait_for_x()
-      machine.wait_for_file("${user.home}/.Xauthority")
-      machine.succeed("xauth merge ${user.home}/.Xauthority")
-      machine.wait_for_window("xfce4-panel")
-      machine.sleep(10)
-
-      # Check that logging in has given the user ownership of devices.
-      machine.succeed("getfacl -p /dev/snd/timer | grep -q ${user.name}")
-
-      machine.succeed("su - ${user.name} -c 'DISPLAY=:0.0 xfce4-terminal >&2 &'")
-      machine.wait_for_window("Terminal")
-      machine.sleep(10)
-      machine.screenshot("screen")
+      with subtest("Wait for login"):
+        machine.wait_for_x()
+        machine.wait_for_file("${user.home}/.Xauthority")
+        machine.succeed("xauth merge ${user.home}/.Xauthority")
+
+      with subtest("Check that logging in has given the user ownership of devices"):
+        machine.succeed("getfacl -p /dev/snd/timer | grep -q ${user.name}")
+
+      with subtest("Check if Xfce components actually start"):
+        machine.wait_for_window("xfce4-panel")
+        machine.wait_for_window("Desktop")
+        for i in ["xfwm4", "xfsettingsd", "xfdesktop", "xfce4-screensaver", "xfce4-notifyd", "xfconfd"]:
+          machine.wait_until_succeeds(f"pgrep -f {i}")
+
+      with subtest("Open whiskermenu"):
+        machine.succeed("su - ${user.name} -c 'DISPLAY=:0 ${bus} xfconf-query -c xfce4-panel -p /plugins/plugin-1 -t string -s whiskermenu -n >&2 &'")
+        machine.succeed("su - ${user.name} -c 'DISPLAY=:0 ${bus} xfconf-query -c xfce4-panel -p /plugins/plugin-1/stay-on-focus-out -t bool -s true -n >&2 &'")
+        machine.succeed("su - ${user.name} -c 'DISPLAY=:0 ${bus} xfce4-panel -r >&2 &'")
+        machine.wait_until_succeeds("journalctl -b --grep 'xfce4-panel: Restarting' -t xsession")
+        machine.sleep(5)
+        machine.wait_until_succeeds("pgrep -f libwhiskermenu")
+        machine.succeed("su - ${user.name} -c 'DISPLAY=:0 ${bus} xfce4-popup-whiskermenu >&2 &'")
+        machine.wait_for_text('Mail Reader')
+        # Close the menu.
+        machine.succeed("su - ${user.name} -c 'DISPLAY=:0 ${bus} xfce4-popup-whiskermenu >&2 &'")
+
+      with subtest("Open Xfce terminal"):
+        machine.succeed("su - ${user.name} -c 'DISPLAY=:0 xfce4-terminal >&2 &'")
+        machine.wait_for_window("Terminal")
+
+      with subtest("Open Thunar"):
+        machine.succeed("su - ${user.name} -c 'DISPLAY=:0 thunar >&2 &'")
+        machine.wait_for_window("Thunar")
+        machine.wait_for_text('(Pictures|Public|Templates|Videos)')
+        machine.sleep(10)
+        machine.screenshot("screen")
     '';
 })