nixos/tests/signal-desktop: Improve the DB test

The command "file ~/.config/Signal/sql/db.sqlite | grep 'db.sqlite: data'" can randomly fail because "file" sometimes recognizes the "random" (encrypted) data as something. This occasionally causes test failures, e.g. [0] were it was recognized as "PGP Secret Sub-key -" or in another instance as an ext4 filesystem [1]. [0]: https://github.com/NixOS/nixpkgs/pull/132644#issuecomment-892601504 [1]: https://social.primeos.dev/notice/A7H8VWV0KtQHUZZIsC
2021-08-05 18:17:49 +02:00 · 2021-08-05 18:17:49 +02:00 · c4c087da21
parent fd2bb8574e
commit c4c087da21
1 changed files with 21 additions and 5 deletions
--- a/nixos/tests/signal-desktop.nix
+++ b/nixos/tests/signal-desktop.nix
@ -1,6 +1,16 @@
 import ./make-test-python.nix ({ pkgs, ...} :

-{
+let
+  sqlcipher-signal = pkgs.writeShellScriptBin "sqlcipher" ''
+    set -eu
+
+    readonly CFG=~/.config/Signal/config.json
+    readonly KEY="$(${pkgs.jq}/bin/jq --raw-output '.key' $CFG)"
+    readonly DB="$1"
+    readonly SQL="SELECT * FROM sqlite_master where type='table'"
+    ${pkgs.sqlcipher}/bin/sqlcipher "$DB" "PRAGMA key = \"x'$KEY'\"; $SQL"
+  '';
+in {
  name = "signal-desktop";
  meta = with pkgs.lib.maintainers; {
    maintainers = [ flokli primeos ];
@ -16,7 +26,9 @@ import ./make-test-python.nix ({ pkgs, ...} :

    services.xserver.enable = true;
    test-support.displayManager.auto.user = "alice";
-    environment.systemPackages = with pkgs; [ signal-desktop file ];
+    environment.systemPackages = with pkgs; [
+      signal-desktop file sqlite sqlcipher-signal
+    ];
    virtualisation.memorySize = 1024;
  };

@ -44,11 +56,15 @@ import ./make-test-python.nix ({ pkgs, ...} :
    # - https://github.com/NixOS/nixpkgs/issues/108772
    # - https://github.com/NixOS/nixpkgs/pull/117555
    print(machine.succeed("su - alice -c 'file ~/.config/Signal/sql/db.sqlite'"))
-    machine.succeed(
-        "su - alice -c 'file ~/.config/Signal/sql/db.sqlite' | grep 'db.sqlite: data'"
-    )
    machine.fail(
        "su - alice -c 'file ~/.config/Signal/sql/db.sqlite' | grep -e SQLite -e database"
    )
+    # Only SQLCipher should be able to read the encrypted DB:
+    machine.fail(
+        "su - alice -c 'sqlite3 ~/.config/Signal/sql/db.sqlite .databases'"
+    )
+    print(machine.succeed(
+        "su - alice -c 'sqlcipher ~/.config/Signal/sql/db.sqlite'"
+    ))
  '';
 })