commit 06552b72346632b6943c8032e57e702ea12413bf

pyrox.dev / nixpkgs

lol

fork atom

Merge pull request #132802 from primeos/nixos-tests-signal-desktop

nixos/tests/signal-desktop: Improve the DB test

authored by

Timothy DeHerrera and committed by

GitHub 4 years ago 06552b72 9207d090

+21 -5

1 changed file

expand all

unified split

nixos

tests

signal-desktop.nix

+21 -5

nixos/tests/signal-desktop.nix

··· 1 import ./make-test-python.nix ({ pkgs, ...} : 2 3 - { 4 name = "signal-desktop"; 5 meta = with pkgs.lib.maintainers; { 6 maintainers = [ flokli primeos ]; ··· 16 17 services.xserver.enable = true; 18 test-support.displayManager.auto.user = "alice"; 19 - environment.systemPackages = with pkgs; [ signal-desktop file ]; 20 virtualisation.memorySize = 1024; 21 }; 22 ··· 44 # - https://github.com/NixOS/nixpkgs/issues/108772 45 # - https://github.com/NixOS/nixpkgs/pull/117555 46 print(machine.succeed("su - alice -c 'file ~/.config/Signal/sql/db.sqlite'")) 47 - machine.succeed( 48 - "su - alice -c 'file ~/.config/Signal/sql/db.sqlite' | grep 'db.sqlite: data'" 49 - ) 50 machine.fail( 51 "su - alice -c 'file ~/.config/Signal/sql/db.sqlite' | grep -e SQLite -e database" 52 ) 53 ''; 54 })

··· 1 import ./make-test-python.nix ({ pkgs, ...} : 2 3 + let 4 + sqlcipher-signal = pkgs.writeShellScriptBin "sqlcipher" '' 5 + set -eu 6 + 7 + readonly CFG=~/.config/Signal/config.json 8 + readonly KEY="$(${pkgs.jq}/bin/jq --raw-output '.key' $CFG)" 9 + readonly DB="$1" 10 + readonly SQL="SELECT * FROM sqlite_master where type='table'" 11 + ${pkgs.sqlcipher}/bin/sqlcipher "$DB" "PRAGMA key = \"x'$KEY'\"; $SQL" 12 + ''; 13 + in { 14 name = "signal-desktop"; 15 meta = with pkgs.lib.maintainers; { 16 maintainers = [ flokli primeos ]; ··· 26 27 services.xserver.enable = true; 28 test-support.displayManager.auto.user = "alice"; 29 + environment.systemPackages = with pkgs; [ 30 + signal-desktop file sqlite sqlcipher-signal 31 + ]; 32 virtualisation.memorySize = 1024; 33 }; 34 ··· 56 # - https://github.com/NixOS/nixpkgs/issues/108772 57 # - https://github.com/NixOS/nixpkgs/pull/117555 58 print(machine.succeed("su - alice -c 'file ~/.config/Signal/sql/db.sqlite'")) 59 machine.fail( 60 "su - alice -c 'file ~/.config/Signal/sql/db.sqlite' | grep -e SQLite -e database" 61 ) 62 + # Only SQLCipher should be able to read the encrypted DB: 63 + machine.fail( 64 + "su - alice -c 'sqlite3 ~/.config/Signal/sql/db.sqlite .databases'" 65 + ) 66 + print(machine.succeed( 67 + "su - alice -c 'sqlcipher ~/.config/Signal/sql/db.sqlite'" 68 + )) 69 ''; 70 })