Revert "signal-desktop: Add a Python wrapper to re-encrypt DBs"

This reverts commit 45bd7b39a444c904986324b5f7c46ba867612575. The database for users on NixOS 20.09 is still encrypted so we don't need this wrapper for users that upgrade from NixOS 20.09 to 21.05.
2021-05-23 11:37:15 +02:00 · 2021-05-23 11:37:15 +02:00 · 13e13349bd
commit 13e13349bd
parent 11f5b3279d
2 changed files with 1 additions and 106 deletions
--- a/pkgs/applications/networking/instant-messengers/signal-desktop/db-reencryption-wrapper.py
+++ b/pkgs/applications/networking/instant-messengers/signal-desktop/db-reencryption-wrapper.py
@ -1,92 +0,0 @@
-#!@PYTHON@
-
-import json
-import os
-import re
-import shlex
-import sqlite3
-import subprocess
-import sys
-
-
-DB_PATH = os.path.join(os.environ['HOME'], '.config/Signal/sql/db.sqlite')
-DB_COPY = os.path.join(os.environ['HOME'], '.config/Signal/sql/db.tmp')
-CONFIG_PATH = os.path.join(os.environ['HOME'], '.config/Signal/config.json')
-
-
-def zenity_askyesno(title, text):
-    args = [
-        '@ZENITY@',
-        '--question',
-        '--title',
-        shlex.quote(title),
-        '--text',
-        shlex.quote(text)
-    ]
-    return subprocess.run(args).returncode == 0
-
-
-def start_signal():
-    os.execvp('@SIGNAL-DESKTOP@', ['@SIGNAL-DESKTOP@'] + sys.argv[1:])
-
-
-def copy_pragma(name):
-    result = subprocess.run([
-        '@SQLCIPHER@',
-        DB_PATH,
-        f"PRAGMA {name};"
-    ], check=True, capture_output=True).stdout
-    result = re.search(r'[0-9]+', result.decode()).group(0)
-    subprocess.run([
-        '@SQLCIPHER@',
-        DB_COPY,
-        f"PRAGMA key = \"x'{key}'\"; PRAGMA {name} = {result};"
-    ], check=True, capture_output=True)
-
-
-try:
-    # Test if DB is encrypted:
-    con = sqlite3.connect(f'file:{DB_PATH}?mode=ro', uri=True)
-    cursor = con.cursor()
-    cursor.execute("SELECT name FROM sqlite_master WHERE type='table';")
-    con.close()
-except:
-    # DB is encrypted, everything ok:
-    start_signal()
-
-
-# DB is unencrypted!
-answer = zenity_askyesno(
-        "Error: Signal-Desktop database is not encrypted",
-        "Should we try to fix this automatically?"
-        + "You likely want to backup ~/.config/Signal/ first."
-)
-if not answer:
-    answer = zenity_askyesno(
-            "Launch Signal-Desktop",
-            "DB is unencrypted, should we still launch Signal-Desktop?"
-            + "Warning: This could result in data loss!"
-    )
-    if not answer:
-        print('Aborted')
-        sys.exit(0)
-    start_signal()
-
-# Re-encrypt the DB:
-with open(CONFIG_PATH) as json_file:
-    key = json.load(json_file)['key']
-result = subprocess.run([
-    '@SQLCIPHER@',
-    DB_PATH,
-    f" ATTACH DATABASE '{DB_COPY}' AS signal_db KEY \"x'{key}'\";"
-    + " SELECT sqlcipher_export('signal_db');"
-    + " DETACH DATABASE signal_db;"
-]).returncode
-if result != 0:
-    print('DB encryption failed')
-    sys.exit(1)
-# Need to copy user_version and schema_version manually:
-copy_pragma('user_version')
-copy_pragma('schema_version')
-os.rename(DB_COPY, DB_PATH)
-start_signal()
--- a/pkgs/applications/networking/instant-messengers/signal-desktop/default.nix
+++ b/pkgs/applications/networking/instant-messengers/signal-desktop/default.nix
@ -10,9 +10,6 @@
 , hunspellDicts, spellcheckerLanguage ? null # E.g. "de_DE"
 # For a full list of available languages:
 # $ cat pkgs/development/libraries/hunspell/dictionaries.nix | grep "dictFileName =" | awk '{ print $3 }'
-, python3
-, gnome
-, sqlcipher
 }:

 let
@ -115,7 +112,7 @@ in stdenv.mkDerivation rec {

    # Symlink to bin
    mkdir -p $out/bin
-    ln -s $out/lib/Signal/signal-desktop $out/bin/signal-desktop-unwrapped
+    ln -s $out/lib/Signal/signal-desktop $out/bin/signal-desktop

    runHook postInstall
  '';
@ -140,16 +137,6 @@ in stdenv.mkDerivation rec {
    patchelf --add-needed ${libpulseaudio}/lib/libpulse.so $out/lib/Signal/resources/app.asar.unpacked/node_modules/ringrtc/build/linux/libringrtc.node
  '';

-  postFixup = ''
-    # This hack is temporarily required to avoid data-loss for users:
-    cp ${./db-reencryption-wrapper.py} $out/bin/signal-desktop
-    substituteInPlace $out/bin/signal-desktop \
-      --replace '@PYTHON@' '${python3}/bin/python3' \
-      --replace '@ZENITY@' '${gnome.zenity}/bin/zenity' \
-      --replace '@SQLCIPHER@' '${sqlcipher}/bin/sqlcipher' \
-      --replace '@SIGNAL-DESKTOP@' "$out/bin/signal-desktop-unwrapped"
-  '';
-
  # Tests if the application launches and waits for "Link your phone to Signal Desktop":
  passthru.tests.application-launch = nixosTests.signal-desktop;