nixosTests.chromium: Port to Python
This commit is contained in:
Jacek Galowicz
Jacek Galowicz
parent
1013c2e3a6
commit
2e7d406b11
@ -8,7 +8,7 @@
|
|||||||
}
|
}
|
||||||
}:
|
}:
|
||||||
|
|
||||||
with import ../lib/testing.nix { inherit system pkgs; };
|
with import ../lib/testing-python.nix { inherit system pkgs; };
|
||||||
with pkgs.lib;
|
with pkgs.lib;
|
||||||
|
|
||||||
mapAttrs (channel: chromiumPkg: makeTest rec {
|
mapAttrs (channel: chromiumPkg: makeTest rec {
|
||||||
@ -21,9 +21,11 @@ mapAttrs (channel: chromiumPkg: makeTest rec {
|
|||||||
|
|
||||||
enableOCR = true;
|
enableOCR = true;
|
||||||
|
|
||||||
|
user = "alice";
|
||||||
|
|
||||||
machine.imports = [ ./common/user-account.nix ./common/x11.nix ];
|
machine.imports = [ ./common/user-account.nix ./common/x11.nix ];
|
||||||
machine.virtualisation.memorySize = 2047;
|
machine.virtualisation.memorySize = 2047;
|
||||||
machine.test-support.displayManager.auto.user = "alice";
|
machine.test-support.displayManager.auto.user = user;
|
||||||
machine.environment.systemPackages = [ chromiumPkg ];
|
machine.environment.systemPackages = [ chromiumPkg ];
|
||||||
|
|
||||||
startupHTML = pkgs.writeText "chromium-startup.html" ''
|
startupHTML = pkgs.writeText "chromium-startup.html" ''
|
||||||
@ -47,155 +49,218 @@ mapAttrs (channel: chromiumPkg: makeTest rec {
|
|||||||
xdoScript = pkgs.writeText "${name}.xdo" text;
|
xdoScript = pkgs.writeText "${name}.xdo" text;
|
||||||
in "${pkgs.xdotool}/bin/xdotool '${xdoScript}'";
|
in "${pkgs.xdotool}/bin/xdotool '${xdoScript}'";
|
||||||
in ''
|
in ''
|
||||||
# Run as user alice
|
import shlex
|
||||||
sub ru ($) {
|
from contextlib import contextmanager, _GeneratorContextManager
|
||||||
my $esc = $_[0] =~ s/'/'\\${"'"}'/gr;
|
|
||||||
return "su - alice -c '$esc'";
|
|
||||||
}
|
|
||||||
|
|
||||||
sub createNewWin {
|
|
||||||
$machine->nest("creating a new Chromium window", sub {
|
# Run as user alice
|
||||||
$machine->execute(ru "${xdo "new-window" ''
|
def ru(cmd):
|
||||||
|
return "su - ${user} -c " + shlex.quote(cmd)
|
||||||
|
|
||||||
|
|
||||||
|
def create_new_win():
|
||||||
|
with machine.nested("Creating a new Chromium window"):
|
||||||
|
machine.execute(
|
||||||
|
ru(
|
||||||
|
"${xdo "new-window" ''
|
||||||
search --onlyvisible --name "startup done"
|
search --onlyvisible --name "startup done"
|
||||||
windowfocus --sync
|
windowfocus --sync
|
||||||
windowactivate --sync
|
windowactivate --sync
|
||||||
''}");
|
''}"
|
||||||
$machine->execute(ru "${xdo "new-window" ''
|
)
|
||||||
|
)
|
||||||
|
machine.execute(
|
||||||
|
ru(
|
||||||
|
"${xdo "new-window" ''
|
||||||
key Ctrl+n
|
key Ctrl+n
|
||||||
''}");
|
''}"
|
||||||
});
|
)
|
||||||
}
|
)
|
||||||
|
|
||||||
sub closeWin {
|
|
||||||
Machine::retry sub {
|
def close_win():
|
||||||
$machine->execute(ru "${xdo "close-window" ''
|
def try_close(_):
|
||||||
|
machine.execute(
|
||||||
|
ru(
|
||||||
|
"${xdo "close-window" ''
|
||||||
search --onlyvisible --name "new tab"
|
search --onlyvisible --name "new tab"
|
||||||
windowfocus --sync
|
windowfocus --sync
|
||||||
windowactivate --sync
|
windowactivate --sync
|
||||||
''}");
|
''}"
|
||||||
$machine->execute(ru "${xdo "close-window" ''
|
)
|
||||||
|
)
|
||||||
|
machine.execute(
|
||||||
|
ru(
|
||||||
|
"${xdo "close-window" ''
|
||||||
key Ctrl+w
|
key Ctrl+w
|
||||||
''}");
|
''}"
|
||||||
for (1..20) {
|
)
|
||||||
my ($status, $out) = $machine->execute(ru "${xdo "wait-for-close" ''
|
)
|
||||||
|
for _ in range(1, 20):
|
||||||
|
status, out = machine.execute(
|
||||||
|
ru(
|
||||||
|
"${xdo "wait-for-close" ''
|
||||||
search --onlyvisible --name "new tab"
|
search --onlyvisible --name "new tab"
|
||||||
''}");
|
''}"
|
||||||
return 1 if $status != 0;
|
)
|
||||||
$machine->sleep(1);
|
)
|
||||||
}
|
if status != 0:
|
||||||
}
|
return True
|
||||||
}
|
machine.sleep(1)
|
||||||
|
return False
|
||||||
|
|
||||||
sub waitForNewWin {
|
retry(try_close)
|
||||||
my $ret = 0;
|
|
||||||
$machine->nest("waiting for new Chromium window to appear", sub {
|
|
||||||
for (1..20) {
|
def wait_for_new_win():
|
||||||
my ($status, $out) = $machine->execute(ru "${xdo "wait-for-window" ''
|
ret = False
|
||||||
|
with machine.nested("Waiting for new Chromium window to appear"):
|
||||||
|
for _ in range(1, 20):
|
||||||
|
status, out = machine.execute(
|
||||||
|
ru(
|
||||||
|
"${xdo "wait-for-window" ''
|
||||||
search --onlyvisible --name "new tab"
|
search --onlyvisible --name "new tab"
|
||||||
windowfocus --sync
|
windowfocus --sync
|
||||||
windowactivate --sync
|
windowactivate --sync
|
||||||
''}");
|
''}"
|
||||||
if ($status == 0) {
|
)
|
||||||
$ret = 1;
|
)
|
||||||
|
if status == 0:
|
||||||
|
ret = True
|
||||||
|
machine.sleep(10)
|
||||||
|
break
|
||||||
|
machine.sleep(1)
|
||||||
|
return ret
|
||||||
|
|
||||||
# XXX: Somehow Chromium is not accepting keystrokes for a few
|
|
||||||
# seconds after a new window has appeared, so let's wait a while.
|
|
||||||
$machine->sleep(10);
|
|
||||||
|
|
||||||
last;
|
def create_and_wait_for_new_win():
|
||||||
}
|
for _ in range(1, 3):
|
||||||
$machine->sleep(1);
|
create_new_win()
|
||||||
}
|
if wait_for_new_win():
|
||||||
});
|
return True
|
||||||
return $ret;
|
assert False, "new window did not appear within 60 seconds"
|
||||||
}
|
|
||||||
|
|
||||||
sub createAndWaitForNewWin {
|
|
||||||
for (1..3) {
|
|
||||||
createNewWin;
|
|
||||||
return 1 if waitForNewWin;
|
|
||||||
}
|
|
||||||
die "new window didn't appear within 60 seconds";
|
|
||||||
}
|
|
||||||
|
|
||||||
sub testNewWin {
|
@contextmanager
|
||||||
my ($desc, $code) = @_;
|
def test_new_win(description):
|
||||||
createAndWaitForNewWin;
|
create_and_wait_for_new_win()
|
||||||
subtest($desc, $code);
|
with machine.nested(description):
|
||||||
closeWin;
|
yield
|
||||||
}
|
close_win()
|
||||||
|
|
||||||
$machine->waitForX;
|
|
||||||
|
|
||||||
my $url = "file://${startupHTML}";
|
machine.wait_for_x()
|
||||||
$machine->execute(ru "ulimit -c unlimited; chromium \"$url\" & disown");
|
|
||||||
$machine->waitForText(qr/startup done/);
|
url = "file://${startupHTML}"
|
||||||
$machine->waitUntilSucceeds(ru "${xdo "check-startup" ''
|
machine.succeed(ru(f'ulimit -c unlimited; chromium "{url}" & disown'))
|
||||||
|
machine.wait_for_text("startup done")
|
||||||
|
machine.wait_until_succeeds(
|
||||||
|
ru(
|
||||||
|
"${xdo "check-startup" ''
|
||||||
search --sync --onlyvisible --name "startup done"
|
search --sync --onlyvisible --name "startup done"
|
||||||
# close first start help popup
|
# close first start help popup
|
||||||
key -delay 1000 Escape
|
key -delay 1000 Escape
|
||||||
windowfocus --sync
|
windowfocus --sync
|
||||||
windowactivate --sync
|
windowactivate --sync
|
||||||
''}");
|
''}"
|
||||||
|
)
|
||||||
|
)
|
||||||
|
|
||||||
createAndWaitForNewWin;
|
create_and_wait_for_new_win()
|
||||||
$machine->screenshot("empty_windows");
|
machine.screenshot("empty_windows")
|
||||||
closeWin;
|
close_win()
|
||||||
|
|
||||||
$machine->screenshot("startup_done");
|
machine.screenshot("startup_done")
|
||||||
|
|
||||||
testNewWin "check sandbox", sub {
|
with test_new_win("check sandbox"):
|
||||||
$machine->succeed(ru "${xdo "type-url" ''
|
machine.succeed(
|
||||||
|
ru(
|
||||||
|
"${xdo "type-url" ''
|
||||||
search --sync --onlyvisible --name "new tab"
|
search --sync --onlyvisible --name "new tab"
|
||||||
windowfocus --sync
|
windowfocus --sync
|
||||||
type --delay 1000 "chrome://sandbox"
|
type --delay 1000 "chrome://sandbox"
|
||||||
''}");
|
''}"
|
||||||
|
)
|
||||||
|
)
|
||||||
|
|
||||||
$machine->succeed(ru "${xdo "submit-url" ''
|
machine.succeed(
|
||||||
|
ru(
|
||||||
|
"${xdo "submit-url" ''
|
||||||
search --sync --onlyvisible --name "new tab"
|
search --sync --onlyvisible --name "new tab"
|
||||||
windowfocus --sync
|
windowfocus --sync
|
||||||
key --delay 1000 Return
|
key --delay 1000 Return
|
||||||
''}");
|
''}"
|
||||||
|
)
|
||||||
|
)
|
||||||
|
|
||||||
$machine->screenshot("sandbox_info");
|
machine.screenshot("sandbox_info")
|
||||||
|
|
||||||
$machine->succeed(ru "${xdo "find-window" ''
|
machine.succeed(
|
||||||
|
ru(
|
||||||
|
"${xdo "find-window" ''
|
||||||
search --sync --onlyvisible --name "sandbox status"
|
search --sync --onlyvisible --name "sandbox status"
|
||||||
windowfocus --sync
|
windowfocus --sync
|
||||||
''}");
|
''}"
|
||||||
$machine->succeed(ru "${xdo "copy-sandbox-info" ''
|
)
|
||||||
|
)
|
||||||
|
machine.succeed(
|
||||||
|
ru(
|
||||||
|
"${xdo "copy-sandbox-info" ''
|
||||||
key --delay 1000 Ctrl+a Ctrl+c
|
key --delay 1000 Ctrl+a Ctrl+c
|
||||||
''}");
|
''}"
|
||||||
|
)
|
||||||
|
)
|
||||||
|
|
||||||
my $clipboard = $machine->succeed(ru "${pkgs.xclip}/bin/xclip -o");
|
clipboard = machine.succeed(
|
||||||
die "sandbox not working properly: $clipboard"
|
ru("${pkgs.xclip}/bin/xclip -o")
|
||||||
unless $clipboard =~ /layer 1 sandbox.*namespace/mi
|
)
|
||||||
&& $clipboard =~ /pid namespaces.*yes/mi
|
|
||||||
&& $clipboard =~ /network namespaces.*yes/mi
|
|
||||||
&& $clipboard =~ /seccomp.*sandbox.*yes/mi
|
|
||||||
&& $clipboard =~ /you are adequately sandboxed/mi;
|
|
||||||
|
|
||||||
$machine->sleep(1);
|
filters = [
|
||||||
$machine->succeed(ru "${xdo "find-window-after-copy" ''
|
"layer 1 sandbox.*namespace",
|
||||||
|
"pid namespaces.*yes",
|
||||||
|
"network namespaces.*yes",
|
||||||
|
"seccomp.*sandbox.*yes",
|
||||||
|
"you are adequately sandboxed",
|
||||||
|
]
|
||||||
|
if not all(
|
||||||
|
re.search(filter, clipboard, flags=re.DOTALL | re.IGNORECASE)
|
||||||
|
for filter in filters
|
||||||
|
):
|
||||||
|
assert False, f"sandbox not working properly: {clipboard}"
|
||||||
|
|
||||||
|
machine.sleep(1)
|
||||||
|
machine.succeed(
|
||||||
|
ru(
|
||||||
|
"${xdo "find-window-after-copy" ''
|
||||||
search --onlyvisible --name "sandbox status"
|
search --onlyvisible --name "sandbox status"
|
||||||
''}");
|
''}"
|
||||||
|
)
|
||||||
|
)
|
||||||
|
|
||||||
my $clipboard = $machine->succeed(ru "echo void | ${pkgs.xclip}/bin/xclip -i");
|
clipboard = machine.succeed(
|
||||||
$machine->succeed(ru "${xdo "copy-sandbox-info" ''
|
ru(
|
||||||
|
"echo void | ${pkgs.xclip}/bin/xclip -i"
|
||||||
|
)
|
||||||
|
)
|
||||||
|
machine.succeed(
|
||||||
|
ru(
|
||||||
|
"${xdo "copy-sandbox-info" ''
|
||||||
key --delay 1000 Ctrl+a Ctrl+c
|
key --delay 1000 Ctrl+a Ctrl+c
|
||||||
''}");
|
''}"
|
||||||
|
)
|
||||||
|
)
|
||||||
|
|
||||||
my $clipboard = $machine->succeed(ru "${pkgs.xclip}/bin/xclip -o");
|
clipboard = machine.succeed(
|
||||||
die "copying twice in a row does not work properly: $clipboard"
|
ru("${pkgs.xclip}/bin/xclip -o")
|
||||||
unless $clipboard =~ /layer 1 sandbox.*namespace/mi
|
)
|
||||||
&& $clipboard =~ /pid namespaces.*yes/mi
|
if not all(
|
||||||
&& $clipboard =~ /network namespaces.*yes/mi
|
re.search(filter, clipboard, flags=re.DOTALL | re.IGNORECASE)
|
||||||
&& $clipboard =~ /seccomp.*sandbox.*yes/mi
|
for filter in filters
|
||||||
&& $clipboard =~ /you are adequately sandboxed/mi;
|
):
|
||||||
|
assert False, f"copying twice in a row does not work properly: {clipboard}"
|
||||||
|
|
||||||
$machine->screenshot("afer_copy_from_chromium");
|
machine.screenshot("after_copy_from_chromium")
|
||||||
};
|
|
||||||
|
|
||||||
$machine->shutdown;
|
machine.shutdown()
|
||||||
'';
|
'';
|
||||||
}) channelMap
|
}) channelMap
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user