From 6b1b8b296e067d691bbbdf4ce8240242f3e5c90c Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Wed, 12 May 2021 19:38:31 +0200 Subject: [PATCH 1/3] signal-desktop: 5.0.0 -> 5.1.0 This is the most important Signal-Desktop release in a while as we finally have Wayland support via Electron 12 \o/ #YAY :D https://github.com/signalapp/Signal-Desktop/issues/3411 https://github.com/signalapp/Signal-Desktop/commit/5bcf50ede96fed18dccc207e89bbae7ceb2d2dff#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519R231 https://github.com/signalapp/Signal-Desktop/commit/c6d5d852a9f9668268803bb5a20d94b4a505dd87#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519R232 https://en.wikipedia.org/wiki/Electron_(software_framework)#Versions (cherry picked from commit fd4f20bce4fd0b08fcc704eab54c6bf07dffd3e9) --- .../networking/instant-messengers/signal-desktop/default.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/networking/instant-messengers/signal-desktop/default.nix b/pkgs/applications/networking/instant-messengers/signal-desktop/default.nix index 313a298941d0bf..654783b506b848 100644 --- a/pkgs/applications/networking/instant-messengers/signal-desktop/default.nix +++ b/pkgs/applications/networking/instant-messengers/signal-desktop/default.nix @@ -25,7 +25,7 @@ let else ""); in stdenv.mkDerivation rec { pname = "signal-desktop"; - version = "5.0.0"; # Please backport all updates to the stable channel. + version = "5.1.0"; # Please backport all updates to the stable channel. # All releases have a limited lifetime and "expire" 90 days after the release. # When releases "expire" the application becomes unusable until an update is # applied. The expiration date for the current release can be extracted with: @@ -35,7 +35,7 @@ in stdenv.mkDerivation rec { src = fetchurl { url = "https://updates.signal.org/desktop/apt/pool/main/s/signal-desktop/signal-desktop_${version}_amd64.deb"; - sha256 = "17hxg61m9kk1kph6ifqy6507kzx5hi6yafr2mj8n0a6c39vc8f9g"; + sha256 = "1cirnnxy63jfkl98472k25bn1yp5apa7b5s74r42sxhlwzwkplw1"; }; nativeBuildInputs = [ @@ -78,6 +78,7 @@ in stdenv.mkDerivation rec { pango systemd xorg.libxcb + xorg.libxshmfence ]; runtimeDependencies = [ From fca28ec22dda92f66dfc9680ba939ef3fb0c9b2e Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Tue, 11 May 2021 22:04:02 +0200 Subject: [PATCH 2/3] nixos/tests/signal-desktop: test if the SQLite DB is (un)encrypted Well, this should test if the database is encrypted but currently it is still unencrypted and we need to notice if this behaviour changes in the future (as it will cause data loss, see e.g. #108772). Anyway, this doesn't really matter for security reasons but we need this test to prevent data loss (unfortunately Signal-Desktop and SQLCipher handle this badly... :o). (cherry picked from commit 217f268534ff57ec10d02c5cc569ac7dde542b01) --- nixos/tests/signal-desktop.nix | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/nixos/tests/signal-desktop.nix b/nixos/tests/signal-desktop.nix index 65ae49a267d98f..49edab614cdc81 100644 --- a/nixos/tests/signal-desktop.nix +++ b/nixos/tests/signal-desktop.nix @@ -3,7 +3,7 @@ import ./make-test-python.nix ({ pkgs, ...} : { name = "signal-desktop"; meta = with pkgs.stdenv.lib.maintainers; { - maintainers = [ flokli ]; + maintainers = [ flokli primeos ]; }; machine = { ... }: @@ -16,7 +16,7 @@ import ./make-test-python.nix ({ pkgs, ...} : services.xserver.enable = true; test-support.displayManager.auto.user = "alice"; - environment.systemPackages = [ pkgs.signal-desktop ]; + environment.systemPackages = with pkgs; [ signal-desktop file ]; virtualisation.memorySize = 1024; }; @@ -39,5 +39,17 @@ import ./make-test-python.nix ({ pkgs, ...} : machine.wait_for_text("Signal") machine.wait_for_text("File Edit View Window Help") machine.screenshot("signal_desktop") + + # Test if the database is encrypted to prevent these issues: + # - https://github.com/NixOS/nixpkgs/issues/108772 + # - https://github.com/NixOS/nixpkgs/pull/117555 + print(machine.succeed("su - alice -c 'file ~/.config/Signal/sql/db.sqlite'")) + # TODO: The DB should be encrypted and the following should be machine.fail + # instead of machine.succeed but the DB is currently unencrypted and we + # want to notice if this isn't the case anymore as the transition to a + # encrypted DB can cause data loss!: + machine.succeed( + "su - alice -c 'file ~/.config/Signal/sql/db.sqlite' | grep -i sqlite" + ) ''; }) From 006745800937a770e540fe03795a23d6841848f9 Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Fri, 14 May 2021 02:23:56 +0200 Subject: [PATCH 3/3] nixos/tests/signal-desktop: test if the SQLite DB is encrypted Based on commit 940dfa99401c04c78bc530c72ecba6f6ccee62e8 (#122926) but specific for NixOS 20.09 (to verify and ensure that the DB is still encrypted there). --- nixos/tests/signal-desktop.nix | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/nixos/tests/signal-desktop.nix b/nixos/tests/signal-desktop.nix index 49edab614cdc81..4ce033ea7b4f54 100644 --- a/nixos/tests/signal-desktop.nix +++ b/nixos/tests/signal-desktop.nix @@ -44,12 +44,8 @@ import ./make-test-python.nix ({ pkgs, ...} : # - https://github.com/NixOS/nixpkgs/issues/108772 # - https://github.com/NixOS/nixpkgs/pull/117555 print(machine.succeed("su - alice -c 'file ~/.config/Signal/sql/db.sqlite'")) - # TODO: The DB should be encrypted and the following should be machine.fail - # instead of machine.succeed but the DB is currently unencrypted and we - # want to notice if this isn't the case anymore as the transition to a - # encrypted DB can cause data loss!: - machine.succeed( - "su - alice -c 'file ~/.config/Signal/sql/db.sqlite' | grep -i sqlite" + machine.fail( + "su - alice -c 'file ~/.config/Signal/sql/db.sqlite' | grep -e SQLite -e database" ) ''; })