diff options
author | aszlig <aszlig@nix.build> | 2018-04-29 19:38:24 +0200 |
---|---|---|
committer | aszlig <aszlig@nix.build> | 2018-04-29 19:38:24 +0200 |
commit | 9b5a119972e9c2d327500638d89063f4fce243ec (patch) | |
tree | e2edb88c951326406deeb2f527444c5dfcd34f70 /tests/sandbox.nix | |
parent | 0c3e4e2626856261da20c741f8664dbe08e5cafc (diff) |
pkgs/sandbox: Fix and pass through .desktop files
Since the introduction and move of a few packages to use the sandbox, we no longer have XDG desktop entries, because the sandbox only creates wrappers for all programs in $drv/bin. This now also copies the XDG desktop files and replaces absolute paths to binaries to refer to the sandboxed binaries. I also modified the test to go through the XDG desktop file by default so we can ensure that this works properly. Signed-off-by: aszlig <aszlig@nix.build>
Diffstat (limited to 'tests/sandbox.nix')
-rw-r--r-- | tests/sandbox.nix | 93 |
1 files changed, 70 insertions, 23 deletions
diff --git a/tests/sandbox.nix b/tests/sandbox.nix index 9a1b4a3a..20ae88d6 100644 --- a/tests/sandbox.nix +++ b/tests/sandbox.nix @@ -12,39 +12,86 @@ "/run/bar-test-sandbox" "/run/baz-test-sandbox" ]; + + # Only needed so we get the right XDG paths in the system path. + services.xserver.enable = true; + systemd.services.display-manager.enable = false; + environment.systemPackages = let - testProgram = pkgs.writeScriptBin "test-sandbox" '' - #!${pkgs.stdenv.shell} -ex + testPackage = pkgs.runCommand "test-sandbox" { + program = '' + #!${pkgs.stdenv.shell} -ex + + if [ "$1" != canary ]; then + echo 'Canary check failed, so the test program probably' \ + 'was not executed via the XDG desktop entry.' >&2 + exit 1 + fi + + # Should fail because we can't access the host's PATH + ! echo foo | grep -qF foo + + export PATH=/run/baz-test-sandbox/bin + echo foo > /home/foo/existing/bar + test ! -d /home/foo/nonexisting + /run/foo-test-sandbox/bin/hello + echo aaa | /run/bar-test-sandbox/bin/sed -e 's/a/b/g' - # Should fail because we can't access the host's PATH - ! echo foo | grep -qF foo + echo XDG1 > /home/foo/.local/share/xdg/1 + echo XDG2 > /home/foo/.config/xdg/2 + echo XDG3 > /home/foo/.cache/xdg/3 + echo > /home/foo/.cache/xdg/done + ''; + } '' + mkdir -p "$out/bin" "$out/share/applications" "$out/share/test-sandbox" - export PATH=/run/baz-test-sandbox/bin - echo foo > /home/foo/existing/bar - test ! -d /home/foo/nonexisting - /run/foo-test-sandbox/bin/hello - echo aaa | /run/bar-test-sandbox/bin/sed -e 's/a/b/g' + echo -n "$program" > "$out/bin/test-sandbox" + chmod +x "$out/bin/test-sandbox" - echo XDG1 > /home/foo/.local/share/xdg/1 - echo XDG2 > /home/foo/.config/xdg/2 - echo XDG3 > /home/foo/.cache/xdg/3 + echo '<svg xmlns="http://www.w3.org/2000/svg"/>' \ + > "$out/share/test-sandbox/icon.svg" + + cat > "$out/share/applications/test.desktop" <<EOF + [Desktop Entry] + Name=$fullName + Type=Application + Version=1.1 + Exec=$out/bin/test-sandbox canary + Icon=$out/share/test-sandbox/icon.svg + Categories=Utility + EOF ''; - in lib.singleton (pkgs.vuizvui.buildSandbox testProgram { - paths.required = [ - "/home/foo/existing" - "$XDG_DATA_HOME/xdg" - "$XDG_CONFIG_HOME/xdg" - "$XDG_CACHE_HOME/xdg" - ]; - paths.wanted = [ "/home/foo/nonexisting" ]; - paths.runtimeVars = [ "COLLECT_ME" ]; - }); + + in [ + # Unfortunately, "xdg-open test-sandbox.desktop" doesn't work, so let's + # use gtk-launch instead. We also need xvfb_run so that we can avoid to + # start a full-blown X server. + # + # See also: + # + # https://askubuntu.com/questions/5172 + # https://bugs.launchpad.net/ubuntu/+source/gvfs/+bug/378783 + # + (lib.getBin pkgs.gtk3) pkgs.xvfb_run + + (pkgs.vuizvui.buildSandbox testPackage { + paths.required = [ + "/home/foo/existing" + "$XDG_DATA_HOME/xdg" + "$XDG_CONFIG_HOME/xdg" + "$XDG_CACHE_HOME/xdg" + ]; + paths.wanted = [ "/home/foo/nonexisting" ]; + paths.runtimeVars = [ "COLLECT_ME" ]; + }) + ]; users.users.foo.isNormalUser = true; }; testScript = '' $machine->waitForUnit('multi-user.target'); - $machine->succeed('su - -c test-sandbox foo >&2'); + $machine->succeed('su - -c "xvfb-run gtk-launch test" foo >&2'); + $machine->waitForFile('/home/foo/.cache/xdg/done'); $machine->succeed('test -d /home/foo/existing'); $machine->succeed('grep -qF foo /home/foo/existing/bar'); |