diff options
| author | Michael Weiss <dev.primeos@gmail.com> | 2021-05-11 22:04:02 +0200 |
|---|---|---|
| committer | Michael Weiss <dev.primeos@gmail.com> | 2021-05-13 21:18:28 +0200 |
| commit | 217f268534ff57ec10d02c5cc569ac7dde542b01 (patch) | |
| tree | bbd596abc5ec7d232938f39f018845420e6c7611 /nixos/tests/signal-desktop.nix | |
| parent | d4a651f448258c5df7b373557348b6f73203595b (diff) | |
| download | nixpkgs-217f268534ff57ec10d02c5cc569ac7dde542b01.tar nixpkgs-217f268534ff57ec10d02c5cc569ac7dde542b01.tar.gz nixpkgs-217f268534ff57ec10d02c5cc569ac7dde542b01.tar.bz2 nixpkgs-217f268534ff57ec10d02c5cc569ac7dde542b01.tar.lz nixpkgs-217f268534ff57ec10d02c5cc569ac7dde542b01.tar.xz nixpkgs-217f268534ff57ec10d02c5cc569ac7dde542b01.tar.zst nixpkgs-217f268534ff57ec10d02c5cc569ac7dde542b01.zip | |
nixos/tests/signal-desktop: test if the SQLite DB is (un)encrypted
Well, this should test if the database is encrypted but currently it is still unencrypted and we need to notice if this behaviour changes in the future (as it will cause data loss, see e.g. #108772). Anyway, this doesn't really matter for security reasons but we need this test to prevent data loss (unfortunately Signal-Desktop and SQLCipher handle this badly... :o).
Diffstat (limited to 'nixos/tests/signal-desktop.nix')
| -rw-r--r-- | nixos/tests/signal-desktop.nix | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/nixos/tests/signal-desktop.nix b/nixos/tests/signal-desktop.nix index c424288e00a..deddb9d0834 100644 --- a/nixos/tests/signal-desktop.nix +++ b/nixos/tests/signal-desktop.nix @@ -3,7 +3,7 @@ import ./make-test-python.nix ({ pkgs, ...} : { name = "signal-desktop"; meta = with pkgs.lib.maintainers; { - maintainers = [ flokli ]; + maintainers = [ flokli primeos ]; }; machine = { ... }: @@ -16,7 +16,7 @@ import ./make-test-python.nix ({ pkgs, ...} : services.xserver.enable = true; test-support.displayManager.auto.user = "alice"; - environment.systemPackages = [ pkgs.signal-desktop ]; + environment.systemPackages = with pkgs; [ signal-desktop file ]; virtualisation.memorySize = 1024; }; @@ -39,5 +39,17 @@ import ./make-test-python.nix ({ pkgs, ...} : machine.wait_for_text("Signal") machine.wait_for_text("File Edit View Window Help") machine.screenshot("signal_desktop") + + # Test if the database is encrypted to prevent these issues: + # - https://github.com/NixOS/nixpkgs/issues/108772 + # - https://github.com/NixOS/nixpkgs/pull/117555 + print(machine.succeed("su - alice -c 'file ~/.config/Signal/sql/db.sqlite'")) + # TODO: The DB should be encrypted and the following should be machine.fail + # instead of machine.succeed but the DB is currently unencrypted and we + # want to notice if this isn't the case anymore as the transition to a + # encrypted DB can cause data loss!: + machine.succeed( + "su - alice -c 'file ~/.config/Signal/sql/db.sqlite' | grep -i sqlite" + ) ''; }) |