Revert "signal-desktop: Add a Python wrapper to re-encrypt DBs"

This reverts commit 45bd7b39a444c904986324b5f7c46ba867612575.

The database for users on NixOS 20.09 is still encrypted so we don't
need this wrapper for users that upgrade from NixOS 20.09 to 21.05.
This commit is contained in:
Michael Weiss 2021-05-23 11:37:15 +02:00
parent 11f5b3279d
commit 13e13349bd
No known key found for this signature in database
GPG Key ID: 5BE487C4D4771D83
2 changed files with 1 additions and 106 deletions

View File

@ -1,92 +0,0 @@
#!@PYTHON@
import json
import os
import re
import shlex
import sqlite3
import subprocess
import sys
DB_PATH = os.path.join(os.environ['HOME'], '.config/Signal/sql/db.sqlite')
DB_COPY = os.path.join(os.environ['HOME'], '.config/Signal/sql/db.tmp')
CONFIG_PATH = os.path.join(os.environ['HOME'], '.config/Signal/config.json')
def zenity_askyesno(title, text):
args = [
'@ZENITY@',
'--question',
'--title',
shlex.quote(title),
'--text',
shlex.quote(text)
]
return subprocess.run(args).returncode == 0
def start_signal():
os.execvp('@SIGNAL-DESKTOP@', ['@SIGNAL-DESKTOP@'] + sys.argv[1:])
def copy_pragma(name):
result = subprocess.run([
'@SQLCIPHER@',
DB_PATH,
f"PRAGMA {name};"
], check=True, capture_output=True).stdout
result = re.search(r'[0-9]+', result.decode()).group(0)
subprocess.run([
'@SQLCIPHER@',
DB_COPY,
f"PRAGMA key = \"x'{key}'\"; PRAGMA {name} = {result};"
], check=True, capture_output=True)
try:
# Test if DB is encrypted:
con = sqlite3.connect(f'file:{DB_PATH}?mode=ro', uri=True)
cursor = con.cursor()
cursor.execute("SELECT name FROM sqlite_master WHERE type='table';")
con.close()
except:
# DB is encrypted, everything ok:
start_signal()
# DB is unencrypted!
answer = zenity_askyesno(
"Error: Signal-Desktop database is not encrypted",
"Should we try to fix this automatically?"
+ "You likely want to backup ~/.config/Signal/ first."
)
if not answer:
answer = zenity_askyesno(
"Launch Signal-Desktop",
"DB is unencrypted, should we still launch Signal-Desktop?"
+ "Warning: This could result in data loss!"
)
if not answer:
print('Aborted')
sys.exit(0)
start_signal()
# Re-encrypt the DB:
with open(CONFIG_PATH) as json_file:
key = json.load(json_file)['key']
result = subprocess.run([
'@SQLCIPHER@',
DB_PATH,
f" ATTACH DATABASE '{DB_COPY}' AS signal_db KEY \"x'{key}'\";"
+ " SELECT sqlcipher_export('signal_db');"
+ " DETACH DATABASE signal_db;"
]).returncode
if result != 0:
print('DB encryption failed')
sys.exit(1)
# Need to copy user_version and schema_version manually:
copy_pragma('user_version')
copy_pragma('schema_version')
os.rename(DB_COPY, DB_PATH)
start_signal()

View File

@ -10,9 +10,6 @@
, hunspellDicts, spellcheckerLanguage ? null # E.g. "de_DE"
# For a full list of available languages:
# $ cat pkgs/development/libraries/hunspell/dictionaries.nix | grep "dictFileName =" | awk '{ print $3 }'
, python3
, gnome
, sqlcipher
}:
let
@ -115,7 +112,7 @@ in stdenv.mkDerivation rec {
# Symlink to bin
mkdir -p $out/bin
ln -s $out/lib/Signal/signal-desktop $out/bin/signal-desktop-unwrapped
ln -s $out/lib/Signal/signal-desktop $out/bin/signal-desktop
runHook postInstall
'';
@ -140,16 +137,6 @@ in stdenv.mkDerivation rec {
patchelf --add-needed ${libpulseaudio}/lib/libpulse.so $out/lib/Signal/resources/app.asar.unpacked/node_modules/ringrtc/build/linux/libringrtc.node
'';
postFixup = ''
# This hack is temporarily required to avoid data-loss for users:
cp ${./db-reencryption-wrapper.py} $out/bin/signal-desktop
substituteInPlace $out/bin/signal-desktop \
--replace '@PYTHON@' '${python3}/bin/python3' \
--replace '@ZENITY@' '${gnome.zenity}/bin/zenity' \
--replace '@SQLCIPHER@' '${sqlcipher}/bin/sqlcipher' \
--replace '@SIGNAL-DESKTOP@' "$out/bin/signal-desktop-unwrapped"
'';
# Tests if the application launches and waits for "Link your phone to Signal Desktop":
passthru.tests.application-launch = nixosTests.signal-desktop;