diff options
Diffstat (limited to 'nixpkgs/nixos/tests/signal-desktop.nix')
-rw-r--r-- | nixpkgs/nixos/tests/signal-desktop.nix | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/nixpkgs/nixos/tests/signal-desktop.nix b/nixpkgs/nixos/tests/signal-desktop.nix new file mode 100644 index 000000000000..f146804a958d --- /dev/null +++ b/nixpkgs/nixos/tests/signal-desktop.nix @@ -0,0 +1,69 @@ +import ./make-test-python.nix ({ pkgs, ...} : + +let + sqlcipher-signal = pkgs.writeShellScriptBin "sqlcipher" '' + set -eu + + readonly CFG=~/.config/Signal/config.json + readonly KEY="$(${pkgs.jq}/bin/jq --raw-output '.key' $CFG)" + readonly DB="$1" + readonly SQL="SELECT * FROM sqlite_master where type='table'" + ${pkgs.sqlcipher}/bin/sqlcipher "$DB" "PRAGMA key = \"x'$KEY'\"; $SQL" + ''; +in { + name = "signal-desktop"; + meta = with pkgs.lib.maintainers; { + maintainers = [ flokli primeos ]; + }; + + nodes.machine = { ... }: + + { + imports = [ + ./common/user-account.nix + ./common/x11.nix + ]; + + services.xserver.enable = true; + test-support.displayManager.auto.user = "alice"; + environment.systemPackages = with pkgs; [ + signal-desktop file sqlite sqlcipher-signal + ]; + }; + + enableOCR = true; + + testScript = { nodes, ... }: let + user = nodes.machine.config.users.users.alice; + in '' + start_all() + machine.wait_for_x() + + # start signal desktop + machine.execute("su - alice -c signal-desktop >&2 &") + + # Wait for the Signal window to appear. Since usually the tests + # are run sandboxed and therefore with no internet, we can not wait + # for the message "Link your phone ...". Nor should we wait for + # the "Failed to connect to server" message, because when manually + # running this test it will be not sandboxed. + machine.wait_for_text("Signal") + machine.wait_for_text("File Edit View Window Help") + machine.screenshot("signal_desktop") + + # Test if the database is encrypted to prevent these issues: + # - https://github.com/NixOS/nixpkgs/issues/108772 + # - https://github.com/NixOS/nixpkgs/pull/117555 + print(machine.succeed("su - alice -c 'file ~/.config/Signal/sql/db.sqlite'")) + machine.fail( + "su - alice -c 'file ~/.config/Signal/sql/db.sqlite' | grep -e SQLite -e database" + ) + # Only SQLCipher should be able to read the encrypted DB: + machine.fail( + "su - alice -c 'sqlite3 ~/.config/Signal/sql/db.sqlite .tables'" + ) + print(machine.succeed( + "su - alice -c 'sqlcipher ~/.config/Signal/sql/db.sqlite'" + )) + ''; +}) |