diff options
author | Michael Weiss <dev.primeos@gmail.com> | 2021-05-14 02:23:56 +0200 |
---|---|---|
committer | Michael Weiss <dev.primeos@gmail.com> | 2021-05-14 02:33:42 +0200 |
commit | 940dfa99401c04c78bc530c72ecba6f6ccee62e8 (patch) | |
tree | 4c9121f527ebfc9b2d2ae9a1e0983a84498dc3d3 /nixos/tests/signal-desktop.nix | |
parent | 1cdf5f44364fe06ce3d0cded1d784e132e6f3354 (diff) |
signal-desktop: Fix the database encryption by preloading SQLCipher
AFAIK this is the only reliable way for us to ensure SQLCipher will be loaded instead of SQLite. It feels like a hack/workaround but according to the SQLCipher developers [0] "this issue can and should be handled downstream at the application level: 1. While it may feel like a workaround, using LD_PRELOAD is a legitimate approach here because it will substitute the system SQLite with SQLCipher which is the intended usage model;". This fixes #108772 for NixOS 20.09 users who upgrade to NixOS 21.05 and replaces #117555. For nixos-unstable users this will unfortunately break everything again so we should add a script to ease the transition (in a separate commit so that we can revert it for NixOS 21.05). [0]: https://github.com/sqlcipher/sqlcipher/issues/385#issuecomment-802874340
Diffstat (limited to 'nixos/tests/signal-desktop.nix')
-rw-r--r-- | nixos/tests/signal-desktop.nix | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/nixos/tests/signal-desktop.nix b/nixos/tests/signal-desktop.nix index deddb9d0834fe..42485cd0da7ed 100644 --- a/nixos/tests/signal-desktop.nix +++ b/nixos/tests/signal-desktop.nix @@ -44,12 +44,11 @@ import ./make-test-python.nix ({ pkgs, ...} : # - https://github.com/NixOS/nixpkgs/issues/108772 # - https://github.com/NixOS/nixpkgs/pull/117555 print(machine.succeed("su - alice -c 'file ~/.config/Signal/sql/db.sqlite'")) - # TODO: The DB should be encrypted and the following should be machine.fail - # instead of machine.succeed but the DB is currently unencrypted and we - # want to notice if this isn't the case anymore as the transition to a - # encrypted DB can cause data loss!: machine.succeed( - "su - alice -c 'file ~/.config/Signal/sql/db.sqlite' | grep -i sqlite" + "su - alice -c 'file ~/.config/Signal/sql/db.sqlite' | grep 'db.sqlite: data'" + ) + machine.fail( + "su - alice -c 'file ~/.config/Signal/sql/db.sqlite' | grep -e SQLite -e database" ) ''; }) |