Revert "signal-desktop: Add a Python wrapper to re-encrypt DBs"
This reverts commit 45bd7b39a444c904986324b5f7c46ba867612575. The database for users on NixOS 20.09 is still encrypted so we don't need this wrapper for users that upgrade from NixOS 20.09 to 21.05.
This commit is contained in:
parent
11f5b3279d
commit
13e13349bd
@ -1,92 +0,0 @@
|
||||
#!@PYTHON@
|
||||
|
||||
import json
|
||||
import os
|
||||
import re
|
||||
import shlex
|
||||
import sqlite3
|
||||
import subprocess
|
||||
import sys
|
||||
|
||||
|
||||
DB_PATH = os.path.join(os.environ['HOME'], '.config/Signal/sql/db.sqlite')
|
||||
DB_COPY = os.path.join(os.environ['HOME'], '.config/Signal/sql/db.tmp')
|
||||
CONFIG_PATH = os.path.join(os.environ['HOME'], '.config/Signal/config.json')
|
||||
|
||||
|
||||
def zenity_askyesno(title, text):
|
||||
args = [
|
||||
'@ZENITY@',
|
||||
'--question',
|
||||
'--title',
|
||||
shlex.quote(title),
|
||||
'--text',
|
||||
shlex.quote(text)
|
||||
]
|
||||
return subprocess.run(args).returncode == 0
|
||||
|
||||
|
||||
def start_signal():
|
||||
os.execvp('@SIGNAL-DESKTOP@', ['@SIGNAL-DESKTOP@'] + sys.argv[1:])
|
||||
|
||||
|
||||
def copy_pragma(name):
|
||||
result = subprocess.run([
|
||||
'@SQLCIPHER@',
|
||||
DB_PATH,
|
||||
f"PRAGMA {name};"
|
||||
], check=True, capture_output=True).stdout
|
||||
result = re.search(r'[0-9]+', result.decode()).group(0)
|
||||
subprocess.run([
|
||||
'@SQLCIPHER@',
|
||||
DB_COPY,
|
||||
f"PRAGMA key = \"x'{key}'\"; PRAGMA {name} = {result};"
|
||||
], check=True, capture_output=True)
|
||||
|
||||
|
||||
try:
|
||||
# Test if DB is encrypted:
|
||||
con = sqlite3.connect(f'file:{DB_PATH}?mode=ro', uri=True)
|
||||
cursor = con.cursor()
|
||||
cursor.execute("SELECT name FROM sqlite_master WHERE type='table';")
|
||||
con.close()
|
||||
except:
|
||||
# DB is encrypted, everything ok:
|
||||
start_signal()
|
||||
|
||||
|
||||
# DB is unencrypted!
|
||||
answer = zenity_askyesno(
|
||||
"Error: Signal-Desktop database is not encrypted",
|
||||
"Should we try to fix this automatically?"
|
||||
+ "You likely want to backup ~/.config/Signal/ first."
|
||||
)
|
||||
if not answer:
|
||||
answer = zenity_askyesno(
|
||||
"Launch Signal-Desktop",
|
||||
"DB is unencrypted, should we still launch Signal-Desktop?"
|
||||
+ "Warning: This could result in data loss!"
|
||||
)
|
||||
if not answer:
|
||||
print('Aborted')
|
||||
sys.exit(0)
|
||||
start_signal()
|
||||
|
||||
# Re-encrypt the DB:
|
||||
with open(CONFIG_PATH) as json_file:
|
||||
key = json.load(json_file)['key']
|
||||
result = subprocess.run([
|
||||
'@SQLCIPHER@',
|
||||
DB_PATH,
|
||||
f" ATTACH DATABASE '{DB_COPY}' AS signal_db KEY \"x'{key}'\";"
|
||||
+ " SELECT sqlcipher_export('signal_db');"
|
||||
+ " DETACH DATABASE signal_db;"
|
||||
]).returncode
|
||||
if result != 0:
|
||||
print('DB encryption failed')
|
||||
sys.exit(1)
|
||||
# Need to copy user_version and schema_version manually:
|
||||
copy_pragma('user_version')
|
||||
copy_pragma('schema_version')
|
||||
os.rename(DB_COPY, DB_PATH)
|
||||
start_signal()
|
@ -10,9 +10,6 @@
|
||||
, hunspellDicts, spellcheckerLanguage ? null # E.g. "de_DE"
|
||||
# For a full list of available languages:
|
||||
# $ cat pkgs/development/libraries/hunspell/dictionaries.nix | grep "dictFileName =" | awk '{ print $3 }'
|
||||
, python3
|
||||
, gnome
|
||||
, sqlcipher
|
||||
}:
|
||||
|
||||
let
|
||||
@ -115,7 +112,7 @@ in stdenv.mkDerivation rec {
|
||||
|
||||
# Symlink to bin
|
||||
mkdir -p $out/bin
|
||||
ln -s $out/lib/Signal/signal-desktop $out/bin/signal-desktop-unwrapped
|
||||
ln -s $out/lib/Signal/signal-desktop $out/bin/signal-desktop
|
||||
|
||||
runHook postInstall
|
||||
'';
|
||||
@ -140,16 +137,6 @@ in stdenv.mkDerivation rec {
|
||||
patchelf --add-needed ${libpulseaudio}/lib/libpulse.so $out/lib/Signal/resources/app.asar.unpacked/node_modules/ringrtc/build/linux/libringrtc.node
|
||||
'';
|
||||
|
||||
postFixup = ''
|
||||
# This hack is temporarily required to avoid data-loss for users:
|
||||
cp ${./db-reencryption-wrapper.py} $out/bin/signal-desktop
|
||||
substituteInPlace $out/bin/signal-desktop \
|
||||
--replace '@PYTHON@' '${python3}/bin/python3' \
|
||||
--replace '@ZENITY@' '${gnome.zenity}/bin/zenity' \
|
||||
--replace '@SQLCIPHER@' '${sqlcipher}/bin/sqlcipher' \
|
||||
--replace '@SIGNAL-DESKTOP@' "$out/bin/signal-desktop-unwrapped"
|
||||
'';
|
||||
|
||||
# Tests if the application launches and waits for "Link your phone to Signal Desktop":
|
||||
passthru.tests.application-launch = nixosTests.signal-desktop;
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user