Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: use --password-store=basic when launching Signal #321

Merged
merged 2 commits into from
Oct 1, 2024

Conversation

jnsgruk
Copy link
Member

@jnsgruk jnsgruk commented Oct 1, 2024

Fixes #300 🥳

Start Signal with --password-store=basic and prevent it from trying to use gnome-libsecret, which as far as I can tell is broken in the Chrome implementation, inherited by Electron, and thus meaning that Signal keeps losing access to the encryption key for its database!

This solution is less secure, but without it, Signal literally doesn't work on some platforms. The introduction of the safeStorage API in Signal is relatively recent, and fraught with issues on multiple platforms:

It appears to be broken in the Snap, Flatpak, official Deb and even on Windows - though this doesn't seem to be acknowledged by Signal.

My proposition is we merge this fix, and keep and eye on changes upstream, potentially removing this workaround once we have confidence it'll work!

Further info:

See snapcrafters#300
An upstream Chrome issue blocks the correct inovation of libsecret from within
snap/flatpak environments, which means that Signal loses access to the encryption
key used to encrypt the local database, and needs to be re-linked (losing all message
history) every time it's launched.
@jnsgruk jnsgruk changed the title Basic password store fix: use --password-store=basic when launching Signal Oct 1, 2024
@jnsgruk
Copy link
Member Author

jnsgruk commented Oct 1, 2024

See also #322 as a preferred alternative

Edit: disproved my own theory! Updated the PR description with more info.

@jnsgruk jnsgruk marked this pull request as draft October 1, 2024 13:46
@jnsgruk jnsgruk marked this pull request as ready for review October 1, 2024 13:59
Copy link
Contributor

@kenvandine kenvandine left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I do think this is the way to solve this. My only concern is what will the experience be for users that already have their auth stored in the keyring. I guess they will just get prompted to login again, which isn't bad.

@jnsgruk
Copy link
Member Author

jnsgruk commented Oct 1, 2024

I do think this is the way to solve this. My only concern is what will the experience be for users that already have their auth stored in the keyring. I guess they will just get prompted to login again, which isn't bad.

I don't think so -- for users that already use the keyring, things will carry on as normal.

@jnsgruk jnsgruk merged commit d42fdb6 into snapcrafters:candidate Oct 1, 2024
1 check passed
@jnsgruk jnsgruk deleted the basic-password-store branch October 1, 2024 14:57
@exoosh
Copy link

exoosh commented Oct 14, 2024

Can anyone say in which version the fix should have manifested? Or is this still pending? Also, would I see an effect on Windows with that fix (I don't mean the wrapper, which obviously won't ... I mean adding the argument)?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[Bug]: signal-desktop does not start due to database-error
4 participants