Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: use --password-store=basic when launching Signal #321

Merged
merged 2 commits into from
Oct 1, 2024
Merged

fix: use --password-store=basic when launching Signal #321

merged 2 commits into from
Oct 1, 2024

Conversation

jnsgruk
Copy link
Member

@jnsgruk jnsgruk commented Oct 1, 2024
edited
Loading

Fixes #300 🥳

Start Signal with --password-store=basic and prevent it from trying to use gnome-libsecret, which as far as I can tell is broken in the Chrome implementation, inherited by Electron, and thus meaning that Signal keeps losing access to the encryption key for its database!

This solution is less secure, but without it, Signal literally doesn't work on some platforms. The introduction of the safeStorage API in Signal is relatively recent, and fraught with issues on multiple platforms:

It appears to be broken in the Snap, Flatpak, official Deb and even on Windows - though this doesn't seem to be acknowledged by Signal.

My proposition is we merge this fix, and keep and eye on changes upstream, potentially removing this workaround once we have confidence it'll work!

Further info:

@jnsgruk
fix: use --password-store=basic when launching Signal
0f68810 
See snapcrafters#300
An upstream Chrome issue blocks the correct inovation of libsecret from within
snap/flatpak environments, which means that Signal loses access to the encryption
key used to encrypt the local database, and needs to be re-linked (losing all message
history) every time it's launched.
@jnsgruk jnsgruk changed the title Basic password store fix: use --password-store=basic when launching Signal Oct 1, 2024
@jnsgruk jnsgruk mentioned this pull request Oct 1, 2024
Closed
@jnsgruk
Copy link
Member Author

jnsgruk commented Oct 1, 2024
edited
Loading

See also #322 as a preferred alternative

Edit: disproved my own theory! Updated the PR description with more info.

@jnsgruk jnsgruk marked this pull request as draft October 1, 2024 13:46
@jnsgruk jnsgruk marked this pull request as ready for review October 1, 2024 13:59
kenvandine
kenvandine approved these changes Oct 1, 2024
View reviewed changes
Copy link
Contributor

@kenvandine kenvandine left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I do think this is the way to solve this. My only concern is what will the experience be for users that already have their auth stored in the keyring. I guess they will just get prompted to login again, which isn't bad.

@jnsgruk
Copy link
Member Author

jnsgruk commented Oct 1, 2024

I do think this is the way to solve this. My only concern is what will the experience be for users that already have their auth stored in the keyring. I guess they will just get prompted to login again, which isn't bad.

I don't think so -- for users that already use the keyring, things will carry on as normal.

@jnsgruk jnsgruk merged commit d42fdb6 into snapcrafters:candidate Oct 1, 2024
1 check passed
@jnsgruk jnsgruk deleted the basic-password-store branch October 1, 2024 14:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kenvandine kenvandine kenvandine approved these changes

@merlijn-sebrechts merlijn-sebrechts Awaiting requested review from merlijn-sebrechts

@popey popey Awaiting requested review from popey

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Bug]: signal-desktop does not start due to database-error
3 participants
@jnsgruk @kenvandine @merlijn-sebrechts