alioth/nixpkgs
3
0
Fork 0
forked from mirrors/nixpkgs
Code Releases Activity
nixpkgs/pkgs/applications/networking/instant-messengers/signal-desktop/default.nix
Michael Weiss 940dfa9940
signal-desktop: Fix the database encryption by preloading SQLCipher 
AFAIK this is the only reliable way for us to ensure SQLCipher will be
loaded instead of SQLite. It feels like a hack/workaround but according
to the SQLCipher developers [0] "this issue can and should be handled
downstream at the application level: 1. While it may feel like a
workaround, using LD_PRELOAD is a legitimate approach here because it
will substitute the system SQLite with SQLCipher which is the intended
usage model;".

This fixes #108772 for NixOS 20.09 users who upgrade to NixOS 21.05 and
replaces #117555.

For nixos-unstable users this will unfortunately break everything again
so we should add a script to ease the transition (in a separate commit
so that we can revert it for NixOS 21.05).

[0]: https://github.com/sqlcipher/sqlcipher/issues/385#issuecomment-802874340
2021-05-14 02:33:42 +02:00

156 lines
5 KiB
Nix
Raw Blame History

{ stdenv, lib, fetchurl, autoPatchelfHook, dpkg, wrapGAppsHook, nixosTests
, gnome2, gtk3, atk, at-spi2-atk, cairo, pango, gdk-pixbuf, glib, freetype, fontconfig
, dbus, libX11, xorg, libXi, libXcursor, libXdamage, libXrandr, libXcomposite
, libXext, libXfixes, libXrender, libXtst, libXScrnSaver, nss, nspr, alsaLib
, cups, expat, libuuid, at-spi2-core, libappindicator-gtk3, mesa
# Runtime dependencies:
, systemd, libnotify, libdbusmenu, libpulseaudio
# Unfortunately this also overwrites the UI language (not just the spell
# checking language!):
, hunspellDicts, spellcheckerLanguage ? null # E.g. "de_DE"
# For a full list of available languages:
# $ cat pkgs/development/libraries/hunspell/dictionaries.nix | grep "dictFileName =" | awk '{ print $3 }'
}:
let
customLanguageWrapperArgs = (with lib;
let
# E.g. "de_DE" -> "de-de" (spellcheckerLanguage -> hunspellDict)
spellLangComponents = splitString "_" spellcheckerLanguage;
hunspellDict = elemAt spellLangComponents 0 + "-" + toLower (elemAt spellLangComponents 1);
in if spellcheckerLanguage != null
then ''
--set HUNSPELL_DICTIONARIES "${hunspellDicts.${hunspellDict}}/share/hunspell" \
--set LC_MESSAGES "${spellcheckerLanguage}"''
else "");
in stdenv.mkDerivation rec {
pname = "signal-desktop";
version = "5.1.0"; # Please backport all updates to the stable channel.
# All releases have a limited lifetime and "expire" 90 days after the release.
# When releases "expire" the application becomes unusable until an update is
# applied. The expiration date for the current release can be extracted with:
# $ grep -a "^{\"buildExpiration" "${signal-desktop}/lib/Signal/resources/app.asar"
# (Alternatively we could try to patch the asar archive, but that requires a
# few additional steps and might not be the best idea.)
src = fetchurl {
url = "https://updates.signal.org/desktop/apt/pool/main/s/signal-desktop/signal-desktop_${version}_amd64.deb";
sha256 = "1cirnnxy63jfkl98472k25bn1yp5apa7b5s74r42sxhlwzwkplw1";
};
nativeBuildInputs = [
autoPatchelfHook
dpkg
wrapGAppsHook
];
buildInputs = [
alsaLib
at-spi2-atk
at-spi2-core
atk
cairo
cups
dbus
expat
fontconfig
freetype
gdk-pixbuf
glib
gnome2.GConf
gtk3
libX11
libXScrnSaver
libXcomposite
libXcursor
libXdamage
libXext
libXfixes
libXi
libXrandr
libXrender
libXtst
libappindicator-gtk3
libnotify
libuuid
mesa # for libgbm
nspr
nss
pango
systemd
xorg.libxcb
xorg.libxshmfence
];
runtimeDependencies = [
(lib.getLib systemd)
libnotify
libdbusmenu
];
unpackPhase = "dpkg-deb -x $src .";
dontBuild = true;
dontConfigure = true;
dontPatchELF = true;
# We need to run autoPatchelf manually with the "no-recurse" option, see
# https://github.com/NixOS/nixpkgs/pull/78413 for the reasons.
dontAutoPatchelf = true;
installPhase = ''
runHook preInstall
mkdir -p $out/lib
mv usr/share $out/share
mv opt/Signal $out/lib/Signal
# Note: The following path contains bundled libraries:
# $out/lib/Signal/resources/app.asar.unpacked/node_modules/sharp/vendor/lib/
# We run autoPatchelf with the "no-recurse" option to avoid picking those
# up, but resources/app.asar still requires them.
# Symlink to bin
mkdir -p $out/bin
ln -s $out/lib/Signal/signal-desktop $out/bin/signal-desktop
runHook postInstall
'';
# Required for $SQLCIPHER_LIB which contains "/build/" inside the path:
noAuditTmpdir = true;
preFixup = ''
export SQLCIPHER_LIB="$out/lib/Signal/resources/app.asar.unpacked/node_modules/better-sqlite3/build/Release/better_sqlite3.node"
test -x "$SQLCIPHER_LIB" # To ensure the location hasn't changed
gappsWrapperArgs+=(
--prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [ stdenv.cc.cc ] }"
--prefix LD_PRELOAD : "$SQLCIPHER_LIB"
${customLanguageWrapperArgs}
)
# Fix the desktop link
substituteInPlace $out/share/applications/signal-desktop.desktop \
--replace /opt/Signal/signal-desktop $out/bin/signal-desktop
autoPatchelf --no-recurse -- $out/lib/Signal/
patchelf --add-needed ${libpulseaudio}/lib/libpulse.so $out/lib/Signal/resources/app.asar.unpacked/node_modules/ringrtc/build/linux/libringrtc.node
'';
# Tests if the application launches and waits for "Link your phone to Signal Desktop":
passthru.tests.application-launch = nixosTests.signal-desktop;
meta = {
description = "Private, simple, and secure messenger";
longDescription = ''
Signal Desktop is an Electron application that links with your
"Signal Android" or "Signal iOS" app.
'';
homepage = "https://signal.org/";
changelog = "https://github.com/signalapp/Signal-Desktop/releases/tag/v${version}";
license = lib.licenses.agpl3Only;
maintainers = with lib.maintainers; [ ixmatus primeos equirosa ];
platforms = [ "x86_64-linux" ];
};
}
View git blame Copy permalink