Silently loses encryption capabilities with some gtk3 configurations

[kpcyrd]

hey!

I forgot to file a bug here too, we've been investigating a problem with signal-desktop, node-sqlcipher and gtk3 recently.

The relevant bug reports are:

• https://github.com/signalapp/Signal-Desktop/issues/4513
• https://github.com/sqlcipher/sqlcipher/issues/385
• https://gitlab.gnome.org/GNOME/tracker/-/issues/289

The short version is:

• sqlcipher doesn't support libsqlite to co-exist in the same process with the configuration node-sqlcipher is currently building it with
• gnome wants to introduce a sqlite dependency and therefore load libsqlite into all gui processes
• this would make node-sqlcipher incompatible with gnome
• this was discovered when an update in Arch Linux (that was temporarily reverted) broke signal-desktop

Is there any way you can help, specifically with the feedback from the sqlcipher issue?

Thank you very much!

[rkistner]

Is it really silently losing the capabilities? I'd expect an error the first time a relevant PRAGMA statment is used.

For the most part it doesn't appear like we can do much in the bindings, without the issue first resolved (or a usable workaround suggested) from the core sqlcipher project. If you do know of a workaround we can try, please let us know here, but it's a little out of my area of expertise.

In the meantime I'd keep this issue open so that others can be aware of the limitations.

[kpcyrd]

Unknown pragmas are silently ignored:

% sqlite3
SQLite version 3.35.4 2021-04-02 15:20:15
Enter ".help" for usage hints.
Connected to a transient in-memory database.
Use ".open FILENAME" to reopen on a persistent database.
sqlite> PRAGMA whatever_you_want=1337;
sqlite> 

There's some discussion in the sqlcipher issue but I'm not sure if any of that is actionable, maybe @eli-schwartz or @sjlombardo can help.

[sjlombardo]

Hello @kpcyrd - Unfortunately the approach described on sqlcipher/sqlcipher#385 does not appear to work. We did an extensive proof of concept and found that it would not reliably or consistently fix the GTK linking issue. As of today there has been no other progress on that front.

Based on all the factors, it really makes sense to consider statically linking SQLCipher. I know that static linking tends to be frowned upon, but there is no more reliable guarantee that the correct library would be used at runtime.

We also continue to recommend that wrapping libraries and applications perform a runtime check to verify that the correct SQLCipher library is being used (e.g. by checking the value returned by PRAGMA cipher_version).

[kpcyrd]

Considering this is nodejs ffi, is static linking possible? If so that seems like a good solution since node-sqlcipher doesn't seem to dynamically link to the system libraries anyway.