summary refs log tree commit diff
diff options
context:
space:
mode:
authorMichael Weiss <dev.primeos@gmail.com>2021-08-05 18:17:49 +0200
committerMichael Weiss <dev.primeos@gmail.com>2021-08-05 18:26:59 +0200
commitc4c087da21bc85cd223539077c4c5884dae2a480 (patch)
tree0f7005931eb2175625f7219baf792315a127ea21
parentfd2bb8574e7b16cf716d2ad1e654a5ba83555ab7 (diff)
downloadnixpkgs-c4c087da21bc85cd223539077c4c5884dae2a480.tar
nixpkgs-c4c087da21bc85cd223539077c4c5884dae2a480.tar.gz
nixpkgs-c4c087da21bc85cd223539077c4c5884dae2a480.tar.bz2
nixpkgs-c4c087da21bc85cd223539077c4c5884dae2a480.tar.lz
nixpkgs-c4c087da21bc85cd223539077c4c5884dae2a480.tar.xz
nixpkgs-c4c087da21bc85cd223539077c4c5884dae2a480.tar.zst
nixpkgs-c4c087da21bc85cd223539077c4c5884dae2a480.zip
nixos/tests/signal-desktop: Improve the DB test
The command "file ~/.config/Signal/sql/db.sqlite | grep 'db.sqlite: data'"
can randomly fail because "file" sometimes recognizes the "random"
(encrypted) data as something. This occasionally causes test failures,
e.g. [0] were it was recognized as "PGP Secret Sub-key -" or in another
instance as an ext4 filesystem [1].

[0]: https://github.com/NixOS/nixpkgs/pull/132644#issuecomment-892601504
[1]: https://social.primeos.dev/notice/A7H8VWV0KtQHUZZIsC
Diffstat
-rw-r--r--nixos/tests/signal-desktop.nix26
1 files changed, 21 insertions, 5 deletions
diff --git a/nixos/tests/signal-desktop.nix b/nixos/tests/signal-desktop.nix
index 42485cd0da7..379af4d3912 100644
--- a/nixos/tests/signal-desktop.nix
+++ b/nixos/tests/signal-desktop.nix
@@ -1,6 +1,16 @@
 import ./make-test-python.nix ({ pkgs, ...} :
 
-{
+let
+  sqlcipher-signal = pkgs.writeShellScriptBin "sqlcipher" ''
+    set -eu
+
+    readonly CFG=~/.config/Signal/config.json
+    readonly KEY="$(${pkgs.jq}/bin/jq --raw-output '.key' $CFG)"
+    readonly DB="$1"
+    readonly SQL="SELECT * FROM sqlite_master where type='table'"
+    ${pkgs.sqlcipher}/bin/sqlcipher "$DB" "PRAGMA key = \"x'$KEY'\"; $SQL"
+  '';
+in {
   name = "signal-desktop";
   meta = with pkgs.lib.maintainers; {
     maintainers = [ flokli primeos ];
@@ -16,7 +26,9 @@ import ./make-test-python.nix ({ pkgs, ...} :
 
     services.xserver.enable = true;
     test-support.displayManager.auto.user = "alice";
-    environment.systemPackages = with pkgs; [ signal-desktop file ];
+    environment.systemPackages = with pkgs; [
+      signal-desktop file sqlite sqlcipher-signal
+    ];
     virtualisation.memorySize = 1024;
   };
 
@@ -44,11 +56,15 @@ import ./make-test-python.nix ({ pkgs, ...} :
     # - https://github.com/NixOS/nixpkgs/issues/108772
     # - https://github.com/NixOS/nixpkgs/pull/117555
     print(machine.succeed("su - alice -c 'file ~/.config/Signal/sql/db.sqlite'"))
-    machine.succeed(
-        "su - alice -c 'file ~/.config/Signal/sql/db.sqlite' | grep 'db.sqlite: data'"
-    )
     machine.fail(
         "su - alice -c 'file ~/.config/Signal/sql/db.sqlite' | grep -e SQLite -e database"
     )
+    # Only SQLCipher should be able to read the encrypted DB:
+    machine.fail(
+        "su - alice -c 'sqlite3 ~/.config/Signal/sql/db.sqlite .databases'"
+    )
+    print(machine.succeed(
+        "su - alice -c 'sqlcipher ~/.config/Signal/sql/db.sqlite'"
+    ))
   '';
 })
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-17 21:28:52 +0000