diff options
| author | Michael Weiss <dev.primeos@gmail.com> | 2021-08-16 13:02:11 +0200 |
|---|---|---|
| committer | Michael Weiss <dev.primeos@gmail.com> | 2021-08-16 14:42:04 +0200 |
| commit | 8e2afd691f70225b508b118f06cd968e138db67a (patch) | |
| tree | 93861dcb33b79011770b61007ea4e65baef5dd32 /pkgs/applications/networking/instant-messengers/signal-desktop | |
| parent | 1f0f100c2da154f98416a0d17cb054577309fe2a (diff) | |
Revert "signal-desktop: Add a Python wrapper to re-encrypt DBs"
This reverts commit 45bd7b39a444c904986324b5f7c46ba867612575. It's been three months now since the introduction of this hack so we can finally drop it. All active users should have a re-encrypted DB by now since Signal-Desktop builds expire after three months.
Diffstat (limited to 'pkgs/applications/networking/instant-messengers/signal-desktop')
| -rwxr-xr-x | pkgs/applications/networking/instant-messengers/signal-desktop/db-reencryption-wrapper.py | 92 | ||||
| -rw-r--r-- | pkgs/applications/networking/instant-messengers/signal-desktop/default.nix | 15 |
2 files changed, 1 insertions, 106 deletions
diff --git a/pkgs/applications/networking/instant-messengers/signal-desktop/db-reencryption-wrapper.py b/pkgs/applications/networking/instant-messengers/signal-desktop/db-reencryption-wrapper.py deleted file mode 100755 index 8556ee1e4d736..0000000000000 --- a/pkgs/applications/networking/instant-messengers/signal-desktop/db-reencryption-wrapper.py +++ /dev/null @@ -1,92 +0,0 @@ -#!@PYTHON@ - -import json -import os -import re -import shlex -import sqlite3 -import subprocess -import sys - - -DB_PATH = os.path.join(os.environ['HOME'], '.config/Signal/sql/db.sqlite') -DB_COPY = os.path.join(os.environ['HOME'], '.config/Signal/sql/db.tmp') -CONFIG_PATH = os.path.join(os.environ['HOME'], '.config/Signal/config.json') - - -def zenity_askyesno(title, text): - args = [ - '@ZENITY@', - '--question', - '--title', - shlex.quote(title), - '--text', - shlex.quote(text) - ] - return subprocess.run(args).returncode == 0 - - -def start_signal(): - os.execvp('@SIGNAL-DESKTOP@', ['@SIGNAL-DESKTOP@'] + sys.argv[1:]) - - -def copy_pragma(name): - result = subprocess.run([ - '@SQLCIPHER@', - DB_PATH, - f"PRAGMA {name};" - ], check=True, capture_output=True).stdout - result = re.search(r'[0-9]+', result.decode()).group(0) - subprocess.run([ - '@SQLCIPHER@', - DB_COPY, - f"PRAGMA key = \"x'{key}'\"; PRAGMA {name} = {result};" - ], check=True, capture_output=True) - - -try: - # Test if DB is encrypted: - con = sqlite3.connect(f'file:{DB_PATH}?mode=ro', uri=True) - cursor = con.cursor() - cursor.execute("SELECT name FROM sqlite_master WHERE type='table';") - con.close() -except: - # DB is encrypted, everything ok: - start_signal() - - -# DB is unencrypted! -answer = zenity_askyesno( - "Error: Signal-Desktop database is not encrypted", - "Should we try to fix this automatically?" - + "You likely want to backup ~/.config/Signal/ first." -) -if not answer: - answer = zenity_askyesno( - "Launch Signal-Desktop", - "DB is unencrypted, should we still launch Signal-Desktop?" - + "Warning: This could result in data loss!" - ) - if not answer: - print('Aborted') - sys.exit(0) - start_signal() - -# Re-encrypt the DB: -with open(CONFIG_PATH) as json_file: - key = json.load(json_file)['key'] -result = subprocess.run([ - '@SQLCIPHER@', - DB_PATH, - f" ATTACH DATABASE '{DB_COPY}' AS signal_db KEY \"x'{key}'\";" - + " SELECT sqlcipher_export('signal_db');" - + " DETACH DATABASE signal_db;" -]).returncode -if result != 0: - print('DB encryption failed') - sys.exit(1) -# Need to copy user_version and schema_version manually: -copy_pragma('user_version') -copy_pragma('schema_version') -os.rename(DB_COPY, DB_PATH) -start_signal() diff --git a/pkgs/applications/networking/instant-messengers/signal-desktop/default.nix b/pkgs/applications/networking/instant-messengers/signal-desktop/default.nix index f5078181ed677..9b58931eed2cf 100644 --- a/pkgs/applications/networking/instant-messengers/signal-desktop/default.nix +++ b/pkgs/applications/networking/instant-messengers/signal-desktop/default.nix @@ -10,9 +10,6 @@ , hunspellDicts, spellcheckerLanguage ? null # E.g. "de_DE" # For a full list of available languages: # $ cat pkgs/development/libraries/hunspell/dictionaries.nix | grep "dictFileName =" | awk '{ print $3 }' -, python3 -, gnome -, sqlcipher }: let @@ -115,7 +112,7 @@ in stdenv.mkDerivation rec { # Symlink to bin mkdir -p $out/bin - ln -s $out/lib/Signal/signal-desktop $out/bin/signal-desktop-unwrapped + ln -s $out/lib/Signal/signal-desktop $out/bin/signal-desktop runHook postInstall ''; @@ -140,16 +137,6 @@ in stdenv.mkDerivation rec { patchelf --add-needed ${libpulseaudio}/lib/libpulse.so $out/lib/Signal/resources/app.asar.unpacked/node_modules/ringrtc/build/linux/libringrtc-x64.node ''; - postFixup = '' - # This hack is temporarily required to avoid data-loss for users: - cp ${./db-reencryption-wrapper.py} $out/bin/signal-desktop - substituteInPlace $out/bin/signal-desktop \ - --replace '@PYTHON@' '${python3}/bin/python3' \ - --replace '@ZENITY@' '${gnome.zenity}/bin/zenity' \ - --replace '@SQLCIPHER@' '${sqlcipher}/bin/sqlcipher' \ - --replace '@SIGNAL-DESKTOP@' "$out/bin/signal-desktop-unwrapped" - ''; - # Tests if the application launches and waits for "Link your phone to Signal Desktop": passthru.tests.application-launch = nixosTests.signal-desktop; |