nixpkgs/nixos/tests/chromium.nix

import ./make-test.nix (
{ pkgs
, channelMap ? {
    stable = pkgs.chromium;
    beta   = pkgs.chromiumBeta;
    dev    = pkgs.chromiumDev;
  }
, ...
}: rec {
  name = "chromium";

  machine.imports = [ ./common/x11.nix ];
  machine.virtualisation.memorySize = 1024;

  startupHTML = pkgs.writeText "chromium-startup.html" ''
    <!DOCTYPE html>
    <html>
    <head>
    <meta charset="UTF-8">
    <title>Chromium startup notifier</title>
    </head>
    <body onload="javascript:document.title='startup done'">
      <img src="file://${pkgs.fetchurl {
        url = "http://nixos.org/logo/nixos.svg";
        sha256 = "0p2iaqcx2cj24xqycfw1pi4i5461gnn0034lafpi99ph435x6z68";
      }}" />
    </body>
    </html>
  '';

  testScript = let
    xdo = name: text: let
      xdoScript = pkgs.writeText "${name}.xdo" text;
    in "${pkgs.xdotool}/bin/xdotool '${xdoScript}'";
  in ''
    sub createNewWin {
      $machine->nest("creating a new Chromium window", sub {
        $machine->execute("${xdo "new-window" ''
          search --onlyvisible --name "startup done"
          windowfocus --sync
          windowactivate --sync
          key Ctrl+n
        ''}");
      });
    }

    sub closeWin {
      Machine::retry sub {
        $machine->execute("${xdo "close-window" ''
          search --onlyvisible --name "new tab"
          windowfocus --sync
          windowactivate --sync
          key Ctrl+w
        ''}");
        for (1..20) {
          my ($status, $out) = $machine->execute("${xdo "wait-for-close" ''
            search --onlyvisible --name "new tab"
          ''}");
          return 1 if $status != 0;
          $machine->sleep(1);
        }
      }
    }

    sub waitForNewWin {
      my $ret = 0;
      $machine->nest("waiting for new Chromium window to appear", sub {
        for (1..20) {
          my ($status, $out) = $machine->execute("${xdo "wait-for-window" ''
            search --onlyvisible --name "new tab"
            windowfocus --sync
            windowactivate --sync
          ''}");
          if ($status == 0) {
            $ret = 1;
            last;
          }
          $machine->sleep(1);
        }
      });
      return $ret;
    }

    sub createAndWaitForNewWin {
      for (1..3) {
        createNewWin;
        return 1 if waitForNewWin;
      }
      die "new window didn't appear within 60 seconds";
    }

    sub testNewWin {
      my ($desc, $code) = @_;
      createAndWaitForNewWin;
      subtest($desc, $code);
      closeWin;
    }

    sub chromiumTest {
      my ($channel, $pkg, $code) = @_;
      $machine->waitForX;

      my $url = "file://${startupHTML}";
      my $args = "--user-data-dir=/tmp/chromium-$channel";
      $machine->execute(
        "ulimit -c unlimited; ".
        "$pkg/bin/chromium $args \"$url\" & disown"
      );
      $machine->waitUntilSucceeds("${xdo "check-startup" ''
        search --sync --onlyvisible --name "startup done"
        # close first start help popup
        key -delay 1000 Escape
        # XXX: This is to make sure the popup is closed, but we better do
        # screenshots to detect visual changes.
        key -delay 2000 Escape
        key -delay 3000 Escape
        key -delay 4000 Escape
        windowfocus --sync
        windowactivate --sync
      ''}");

      createAndWaitForNewWin;
      $machine->screenshot($channel."_emptywin");
      closeWin;

      $machine->screenshot($channel."_startup_done");

      subtest("Chromium $channel", $code);

      $machine->shutdown;
    }

    for (${let
      mkArray = name: pkg: "[\"${name}\", \"${pkg}\"]";
      chanArrays = pkgs.lib.mapAttrsToList mkArray channelMap;
    in pkgs.lib.concatStringsSep ", " chanArrays}) {
      my ($channel, $pkg) = @$_;
      chromiumTest $channel, $pkg, sub {
        testNewWin "check sandbox", sub {
          $machine->succeed("${xdo "type-url" ''
            search --sync --onlyvisible --name "new tab"
            windowfocus --sync
            type --delay 1000 "chrome://sandbox"
          ''}");

          $machine->succeed("${xdo "submit-url" ''
            search --sync --onlyvisible --name "new tab"
            windowfocus --sync
            key --delay 1000 Return
          ''}");

          $machine->screenshot($channel."_sandbox");

          $machine->succeed("${xdo "submit-url" ''
            search --sync --onlyvisible --name "sandbox status"
            windowfocus --sync
            key --delay 1000 Ctrl+a Ctrl+c
          ''}");

          my $clipboard = $machine->succeed("${pkgs.xclip}/bin/xclip -o");
          die "sandbox not working properly: $clipboard"
          unless $clipboard =~ /(?:suid|namespace) sandbox.*yes/mi
              && $clipboard =~ /pid namespaces.*yes/mi
              && $clipboard =~ /network namespaces.*yes/mi
              && $clipboard =~ /seccomp.*sandbox.*yes/mi;
        };
      };
    }
  '';
})
nixos/tests/chromium: Allow to override packages. Of course, this could be done via packageOverrides, but this is more explicit and makes it possible to run the tests with various Chromium overrides. Signed-off-by: aszlig <aszlig@redmoonstudios.org> 2014-11-19 15:48:14 +01:00			`import ./make-test.nix (`
			`{ pkgs`
			`, channelMap ? {`
			`stable = pkgs.chromium;`
			`beta = pkgs.chromiumBeta;`
			`dev = pkgs.chromiumDev;`
			`}`
			`, ...`
			`}: rec {`
nixos: Add rudimentary VM tests for Chromium. Currently, the test is only for testing the user namespace sandbox and even that isn't very representative, because we're running the tests as root. But apart from that, we should have functionality for opening/closing windows and the main goal here is to get them as deterministic as possible, because Chromium usually isn't very nice to chained xdotool keystrokes. And of course, the most important "test" we have here: We know at least whether Chromium works _at_all_. Signed-off-by: aszlig <aszlig@redmoonstudios.org> 2014-11-18 18:41:56 +01:00			`name = "chromium";`

			`machine.imports = [ ./common/x11.nix ];`
nixos/tests/chromium: Increase VM memory size. Chromium is quite memory hungry and we frequently get random crashes in the tests, so let's set it to 1024 MB because new releases of Chromium most probably won't consume less memory. Signed-off-by: aszlig <aszlig@redmoonstudios.org> 2015-01-24 13:21:33 +01:00			`machine.virtualisation.memorySize = 1024;`
nixos: Add rudimentary VM tests for Chromium. Currently, the test is only for testing the user namespace sandbox and even that isn't very representative, because we're running the tests as root. But apart from that, we should have functionality for opening/closing windows and the main goal here is to get them as deterministic as possible, because Chromium usually isn't very nice to chained xdotool keystrokes. And of course, the most important "test" we have here: We know at least whether Chromium works _at_all_. Signed-off-by: aszlig <aszlig@redmoonstudios.org> 2014-11-18 18:41:56 +01:00
			`startupHTML = pkgs.writeText "chromium-startup.html" ''`
			`<!DOCTYPE html>`
			`<html>`
			`<head>`
			`<meta charset="UTF-8">`
			`<title>Chromium startup notifier</title>`
			`</head>`
			`<body onload="javascript:document.title='startup done'">`
			`<img src="file://${pkgs.fetchurl {`
			`url = "http://nixos.org/logo/nixos.svg";`
			`sha256 = "0p2iaqcx2cj24xqycfw1pi4i5461gnn0034lafpi99ph435x6z68";`
			`}}" />`
			`</body>`
			`</html>`
			`'';`

			`testScript = let`
			`xdo = name: text: let`
			`xdoScript = pkgs.writeText "${name}.xdo" text;`
			`in "${pkgs.xdotool}/bin/xdotool '${xdoScript}'";`
			`in ''`
			`sub createNewWin {`
			`$machine->nest("creating a new Chromium window", sub {`
			`$machine->execute("${xdo "new-window" ''`
			`search --onlyvisible --name "startup done"`
			`windowfocus --sync`
			`windowactivate --sync`
			`key Ctrl+n`
			`''}");`
			`});`
			`}`

			`sub closeWin {`
			`Machine::retry sub {`
			`$machine->execute("${xdo "close-window" ''`
			`search --onlyvisible --name "new tab"`
			`windowfocus --sync`
			`windowactivate --sync`
			`key Ctrl+w`
			`''}");`
			`for (1..20) {`
			`my ($status, $out) = $machine->execute("${xdo "wait-for-close" ''`
			`search --onlyvisible --name "new tab"`
			`''}");`
			`return 1 if $status != 0;`
			`$machine->sleep(1);`
			`}`
			`}`
			`}`

			`sub waitForNewWin {`
			`my $ret = 0;`
			`$machine->nest("waiting for new Chromium window to appear", sub {`
			`for (1..20) {`
			`my ($status, $out) = $machine->execute("${xdo "wait-for-window" ''`
			`search --onlyvisible --name "new tab"`
			`windowfocus --sync`
			`windowactivate --sync`
			`''}");`
			`if ($status == 0) {`
			`$ret = 1;`
			`last;`
			`}`
			`$machine->sleep(1);`
			`}`
			`});`
			`return $ret;`
			`}`

			`sub createAndWaitForNewWin {`
			`for (1..3) {`
			`createNewWin;`
			`return 1 if waitForNewWin;`
			`}`
			`die "new window didn't appear within 60 seconds";`
			`}`

			`sub testNewWin {`
			`my ($desc, $code) = @_;`
			`createAndWaitForNewWin;`
			`subtest($desc, $code);`
			`closeWin;`
			`}`

			`sub chromiumTest {`
			`my ($channel, $pkg, $code) = @_;`
			`$machine->waitForX;`

			`my $url = "file://${startupHTML}";`
			`my $args = "--user-data-dir=/tmp/chromium-$channel";`
			`$machine->execute(`
			`"ulimit -c unlimited; ".`
			`"$pkg/bin/chromium $args \"$url\" & disown"`
			`);`
			`$machine->waitUntilSucceeds("${xdo "check-startup" ''`
			`search --sync --onlyvisible --name "startup done"`
			`# close first start help popup`
tests/chromium: Work around popup close flakiness. It's not nice to send the escape key over and over again just to ensure the popup is closed, because even if it fails to close the popup 4 times in a row it's just very unlikely that it will be closed. But in order to make really sure, we might need to do a screenshot and detect visual changes. Signed-off-by: aszlig <aszlig@redmoonstudios.org> 2015-04-02 14:08:23 +02:00			`key -delay 1000 Escape`
			`# XXX: This is to make sure the popup is closed, but we better do`
			`# screenshots to detect visual changes.`
			`key -delay 2000 Escape`
			`key -delay 3000 Escape`
			`key -delay 4000 Escape`
nixos: Add rudimentary VM tests for Chromium. Currently, the test is only for testing the user namespace sandbox and even that isn't very representative, because we're running the tests as root. But apart from that, we should have functionality for opening/closing windows and the main goal here is to get them as deterministic as possible, because Chromium usually isn't very nice to chained xdotool keystrokes. And of course, the most important "test" we have here: We know at least whether Chromium works _at_all_. Signed-off-by: aszlig <aszlig@redmoonstudios.org> 2014-11-18 18:41:56 +01:00			`windowfocus --sync`
			`windowactivate --sync`
			`''}");`

			`createAndWaitForNewWin;`
			`$machine->screenshot($channel."_emptywin");`
			`closeWin;`

			`$machine->screenshot($channel."_startup_done");`

			`subtest("Chromium $channel", $code);`

			`$machine->shutdown;`
			`}`

nixos/tests/chromium: Allow to override packages. Of course, this could be done via packageOverrides, but this is more explicit and makes it possible to run the tests with various Chromium overrides. Signed-off-by: aszlig <aszlig@redmoonstudios.org> 2014-11-19 15:48:14 +01:00			`for (${let`
			`mkArray = name: pkg: "[\"${name}\", \"${pkg}\"]";`
			`chanArrays = pkgs.lib.mapAttrsToList mkArray channelMap;`
			`in pkgs.lib.concatStringsSep ", " chanArrays}) {`
nixos: Add rudimentary VM tests for Chromium. Currently, the test is only for testing the user namespace sandbox and even that isn't very representative, because we're running the tests as root. But apart from that, we should have functionality for opening/closing windows and the main goal here is to get them as deterministic as possible, because Chromium usually isn't very nice to chained xdotool keystrokes. And of course, the most important "test" we have here: We know at least whether Chromium works _at_all_. Signed-off-by: aszlig <aszlig@redmoonstudios.org> 2014-11-18 18:41:56 +01:00			`my ($channel, $pkg) = @$_;`
			`chromiumTest $channel, $pkg, sub {`
			`testNewWin "check sandbox", sub {`
			`$machine->succeed("${xdo "type-url" ''`
			`search --sync --onlyvisible --name "new tab"`
			`windowfocus --sync`
			`type --delay 1000 "chrome://sandbox"`
			`''}");`

			`$machine->succeed("${xdo "submit-url" ''`
			`search --sync --onlyvisible --name "new tab"`
			`windowfocus --sync`
			`key --delay 1000 Return`
			`''}");`

			`$machine->screenshot($channel."_sandbox");`

			`$machine->succeed("${xdo "submit-url" ''`
			`search --sync --onlyvisible --name "sandbox status"`
			`windowfocus --sync`
			`key --delay 1000 Ctrl+a Ctrl+c`
			`''}");`

			`my $clipboard = $machine->succeed("${pkgs.xclip}/bin/xclip -o");`
			`die "sandbox not working properly: $clipboard"`
nixos/tests/chromium: Check new userns sandbox. Since Chromium version 42, we have a new user namespaces sandbox in the upstream project. It's more integrated so the chrome://sandbox page reports it as "Namespace Sandbox" instead of SUID sandbox, which we were re-using (or abusing?) in our patch. So if either "SUID Sandbox" or "Namespace Sandbox" reports with "Yes", it's fine on our side. Signed-off-by: aszlig <aszlig@redmoonstudios.org> 2015-02-20 19:01:46 +01:00			`unless $clipboard =~ /(?:suid\|namespace) sandbox.*yes/mi`
nixos: Add rudimentary VM tests for Chromium. Currently, the test is only for testing the user namespace sandbox and even that isn't very representative, because we're running the tests as root. But apart from that, we should have functionality for opening/closing windows and the main goal here is to get them as deterministic as possible, because Chromium usually isn't very nice to chained xdotool keystrokes. And of course, the most important "test" we have here: We know at least whether Chromium works _at_all_. Signed-off-by: aszlig <aszlig@redmoonstudios.org> 2014-11-18 18:41:56 +01:00			`&& $clipboard =~ /pid namespaces.*yes/mi`
			`&& $clipboard =~ /network namespaces.*yes/mi`
			`&& $clipboard =~ /seccomp.sandbox.yes/mi;`
			`};`
			`};`
			`}`
			`'';`
			`})`