FS#78527 - [element-desktop] 1.11.31-2 Seshat native Node module for search in E2E encrypted rooms broken
Attached to Project:
Community Packages
Opened by 6t8k (6t8k) - Monday, 15 May 2023, 20:20 GMT
Last edited by Antonio Rojas (arojas) - Tuesday, 23 May 2023, 08:38 GMT
Opened by 6t8k (6t8k) - Monday, 15 May 2023, 20:20 GMT
Last edited by Antonio Rojas (arojas) - Tuesday, 23 May 2023, 08:38 GMT
|
Details
Description:
Since at least element-desktop 1.11.31-2 (possibly earlier), the Seshat native Node module for search in E2E encrypted rooms is broken due to a packaging bug. Steps to reproduce: 1. Start element-desktop 2. Login 3. Go to the "Security & Privacy" settings 4. The "Message search" section will say "Message search initialization failed" and 'Error opening the database: SqlCipherError("Sqlcipher support is missing")'. Expected result (in contrast to the actual result described above): - The "Message search" section will say "Securely cache encrypted messages locally [...]". Compare: https://github.com/vector-im/element-desktop/pull/631#issuecomment-1518078921 I can confirm that this can be fixed by making the following changes to the element.io PKGBUILD (due to having made these changes and having built the package myself): 1) Remove sqlcipher from the runtime dependencies again, keep it as a build-time dependency 2) Instead of setting an environment variable SQLCIPHER_STATIC=1, set SQLCIPHER_BUNDLED=1 Additional info: * element-desktop 1.11.31-2 * No specific configuration necessary to trigger this bug. Can be triggered by installing element-desktop 1.11.31-2 on a fresh Arch Linux machine and using a freshly created Matrix user account. * See https://github.com/vector-im/element-desktop/blob/develop/CHANGELOG.md#changes-in-11131-2023-05-10 (section titled "BREAKING CHANGES") * See https://github.com/vector-im/element-desktop/blob/develop/docs/native-node-modules.md#statically-linking-libsqlcipher |
This task depends upon
Closed by Antonio Rojas (arojas)
Tuesday, 23 May 2023, 08:38 GMT
Reason for closing: Fixed
Additional comments about closing: element-desktop 1.11.31-3
Tuesday, 23 May 2023, 08:38 GMT
Reason for closing: Fixed
Additional comments about closing: element-desktop 1.11.31-3
FS#72359> SQLCIPHER_BUNDLED=1 doesn't have any effect here. Only preloading sqlcipher.so.0 works.
I've just now created a completely fresh VM based on archlinux-2023.05.03-x86_64.iso, using the included archinstall script with the Desktop profile, choosing Xfce. I applied the attached patch to the element.io PKGBUILD (remove sqlcipher from depends and makedepends, change SQLCIPHER_STATIC=1 to SQLCIPHER_BUNDLED=1, nothing else), built and installed it, and Seshat/the search in E2E encrypted rooms feature works fine.
This is what I've done right after rebooting the VM for the first time:
$ sudo pacman -Syu git && git clone https://gitlab.archlinux.org/archlinux/packaging/packages/element.io.git && cd element.io
$ git log
commit fed620451d1930699c83c2aefdc32250ca1b5cf6 (HEAD -> main, tag: 1.11.31-2, origin/main, origin/HEAD)
<snip>
$ git am 0001-Fix-FS-78527.patch # patch is attached to this post for reproducibility
$ gpg --import keys/pgp/712BFBEE92DCA45252DB17D7C7BE97EFA179B100.asc
$ makepkg -sic
(go through build process)
$ element-desktop
(feature works)
The current tip commit does not preload sqlcipher.
Could you please take a look at this again?
> Please try building it in a clean chroot
Right, thanks for the heads-up. If you adjust the default packaging options in the PKGBUILD, then the Seshat feature works if the executable was built inside a clean chroot too.
This is because the devtools override the default makepkg configuration within the chroot (compare https://gitlab.archlinux.org/archlinux/devtools/-/blob/1.0.0/config/makepkg/x86_64.conf#L97 to `$ man 5 makepkg.conf`), which results in parts of the package being removed after the build, leaving element unable to access the library.
The attached revised patch to the PKGBUILD works when building inside a clean chroot.
I set `options=(libtool staticlib !lto)` here which may not be optimal; it may be possible to override less options while still leaving the Seshat feature working, but as building element.io takes a while I haven't looked further into this.
This what I did after rebooting the VM for the first time to confirm this:
$ sudo pacman -Syu devtools && git clone https://gitlab.archlinux.org/archlinux/packaging/packages/element.io.git && cd element.io
$ git log
commit fed620451d1930699c83c2aefdc32250ca1b5cf6 (HEAD -> main, tag: 1.11.31-2, origin/main, origin/HEAD)
<snip>
$ git am 0001-Fix-FS-78527-v2.patch
$ gpg --import keys/pgp/712BFBEE92DCA45252DB17D7C7BE97EFA179B100.asc
$ extra-x86_64-build
(go through build process)
$ sudo pacman -U element-web-1.11.31-3-x86_64.pkg.tar.zst element-desktop-1.11.31-3-x86_64.pkg.tar.zst
$ element-desktop
(feature works)
Although it doesn't seem to be documented in the wiki, I've picked up that Arch Linux policy is to discourage static linking (devtools overriding makepkg's default package options the way they do probably has a good reason, I surmise!), and I'm not sure to what extent exceptions are granted.
Now that upstream has decided to vendor sqlcipher, I'd prefer the static linking over a LD_PRELOAD + runtime dependency solution if the latter could work too (Bruno also wrote here https://gitlab.archlinux.org/archlinux/packaging/packages/element.io/-/commit/871a2319478de9f278863ccb883e20311743d240 that this caused conflicts with GTK?), but this is of course package maintainers' decision to make.
> as building element.io takes a while
yeah, unfortunately our electron package is badly outdated so it builds its own bundled electron.