Project

General

Profile

Feature #15200

Feature #14567: Investigate mobile messaging applications

Test Signal in Tails

Added by Anonymous about 2 years ago. Updated 1 day ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
01/19/2018
Due date:
% Done:

100%

Feature Branch:
Type of work:
Research
Starter:
Affected tool:

Description

There is currently no official Debian package for Signal.

Our options seem to be:

  • use the Flatpak as documented on https://bisco.org/notes/installing-and-running-signal-on-tails/ → Tails is not 100% ready for this yet
  • use the upstream Debian repository → that's putting a lot of trust in Signal upstream and infra; most of the reasons why we've rejected the Electrum AppImage idea probably apply here

Screenshot from 2019-10-09 18-52-29.png View (179 KB) op_mb, 10/09/2019 07:16 PM


Related issues

Related to Tails - Feature #15874: Start looking at technologies used by snap/Flatpak for user-friendlier sandboxing Confirmed 08/30/2018

History

#1 Updated by Anonymous about 2 years ago

@spriver has made a test:

@spriver has already tried it and found:

Signal (https://signal.org/) announced that the until now used Chromium-based desktop application is deprecated, it's going to be replaced by a (Electron framework [https://electron.atom.io/] based) standalone application, thus dropping the requirement of installing Chromium to use Signal Messenger on a Desktop system.

So far the application is available in the repo of Signal, I don't know if it's going to be available via the Debian native repositories someday.

Edit after some brief testing (in Tails):

adding the repo is only possible when apt-transport-https is installed, the repo is refusing plain HTTP connections
the executable is huge:
Need to get 97.3 MB of archives.
After this operation, 226 MB of additional disk space will be used.
starting the app is no problem, but it's not possible to configure a proxy. the app won't boot at all when it's started via torsocks in CLI -> AFAICT the application is (atm) not usable in Tails. The issue tracker of signal-desktop has an open ticket wrt. adding SOCKS proxy support (https://github.com/WhisperSystems/Signal-Desktop/issues/1430)
settings/data are stored in ~/.config/Signal/

#2 Updated by spriver about 2 years ago

  • Assignee set to spriver

#3 Updated by spriver about 2 years ago

Up-to-date state of Signal in Debian:

Following the instructions on https://signal.org/download/ and after installing apt-transport-https and changing the source line in signal-xenial.list into deb [arch=amd64] tor+https://updates.signal.org/desktop/apt xenial main, an apt update is possible.

apt show signal-desktop will show:
Package: signal-desktop
Version: 1.5.2
Priority: extra
Section: default
Maintainer: Open Whisper Systems <>Up-to-date state of Signal in Debian:

Following the instructions on https://signal.org/download/ and after installing apt-transport-https and changing the source line in signal-xenial.list into deb [arch=amd64] tor+https://updates.signal.org/desktop/apt xenial main, an apt update is possible.

apt show signal-desktop will show:
Package: signal-desktop
Version: 1.5.2
Priority: extra
Section: default
Maintainer: Open Whisper Systems <support@signal.org>
Installed-Size: 189 MB
Depends: gconf2, gconf-service, libnotify4, libappindicator1, libxtst6, libnss3, libasound2, libxss1
Homepage: https://github.com/signalapp/Signal-Desktop#readme
Vendor: Open Whisper Systems <support@signal.org>
License: GPL-3.0
Download-Size: 65.9 MB
APT-Manual-Installed: yes
APT-Sources: tor+https://updates.signal.org/desktop/apt xenial/main amd64 Packages
Description: Private messaging from your desktop
Installed-Size: 189 MB
Depends: gconf2, gconf-service, libnotify4, libappindicator1, libxtst6, libnss3, libasound2, libxss1
Homepage: https://github.com/signalapp/Signal-Desktop#readme
Vendor: Open Whisper Systems <support@signal.org>
License: GPL-3.0
Download-Size: 65.9 MB
APT-Manual-Installed: yes
APT-Sources: tor+https://updates.signal.org/desktop/apt xenial/main amd64 Packages
Description: Private messaging from your desktop

Note the huge installed size. I'm not quite sure if we want to huge such huge binary (in terms of size and actual used memory during usage) inside of the standard Tails iso.

After the installation it's possible to launch Signal, but it will fail to establish a connection to generate a captcha to be scanned from a smartphone where Signal is already installed (it is not possible to use Signal without a smartphone). It is not possible (neither at this nor at a later stage) to configure a proxy or similar. Starting Signal with torsocks will result in nothing (strace results in endless nanosleep({tv_sec=0, tv_nsec=2000001}, NULL) = 0).

Buuut…installing proxychains and launching Signal makes it work directly and with no problems.

#4 Updated by spriver about 2 years ago

Some remarks after some further testing:

  • for installing the Signal Desktop client one has to trust a completely arbitrary key which has to be downloaded from the Signal website. The key is also available on keyservers, but there is no chain of trust for the key which will be imported via apt-key to establish trust for the repo for apt. I don't understand why Signal is hosting an own repo instead of uploading directly to Debian et al. (besides that, I don't like the fact that their official instructions won't validate the downloaded key etc.). Furthermore, the repo requires apt-transport-https (which is neither good or bad, it's just a requirement that would not exist with official Debian repos)
  • after the setup of the repo Signal Desktop resp. Signal Desktop Beta. I really dislike the fact of the tremendous installed size of ~190MByte, which is around one sixth of the current .iso (yay for using modern and cool frameworks like electronjs)
  • Signal Desktop has no possibility to configure a proxy to use Tor. Using torsocks won't make it launch, launching Signal with proxychains makes it possible to connect to Tor (I could not find any other option to make Signal work, maybe there's something which won't additionaly require to install proxychains) and connect the Client via a QR-Code which needs to be scanned by a smartphone which will then make the smartphone's account available on the Desktop Client.
  • all user data and configs will go to the directory /home/amnesia/.config/Signal The folder can be added without any problems to the persistence.conf file. The configured account and data will remain persistent.

#5 Updated by intrigeri about 2 years ago

I think that at least some of the messaging client ecosystem won't fit into the Debian packaging/release model, for various cultural and technical reasons. This general situation makes me sad (and is being discussed on debian-devel@ as we speak) but it will take years to solve it so it would be unrealistic to block on it. So IMO the best current answer to this app distribution problem is Flatpak; FTR Signal is available on Flathub (last time I checked the version there was slightly outdated but that wasn't too concerning). Now, of course Tails is not ready to ship Flatpaks yet and we have postponed this topic to post-2019 on our roadmap. The way I see it, messaging clients may very well be one of the key reasons why we may want to decide to prioritize Flatpak integration when we update our roadmap :)

#6 Updated by spriver about 2 years ago

intrigeri wrote:

I think that at least some of the messaging client ecosystem won't fit into the Debian packaging/release model, for various cultural and technical reasons. This general situation makes me sad (and is being discussed on debian-devel@ as we speak) but it will take years to solve it so it would be unrealistic to block on it.

I see.

So IMO the best current answer to this app distribution problem is Flatpak; FTR Signal is available on Flathub (last time I checked the version there was slightly outdated but that wasn't too concerning). Now, of course Tails is not ready to ship Flatpaks yet and we have postponed this topic to post-2019 on our roadmap. The way I see it, messaging clients may very well be one of the key reasons why we may want to decide to prioritize Flatpak integration when we update our roadmap :)

Flatpak is indeed promising for such stuff (extra layer of sandboxing, etc.). I tried Signal via it and besides the fact that it uses a quite huge runtime and the huge binary size Signal itself it runs (not in Tails, but on Debian). And there's still some (upstream?) work left to do wrt. Tor+Signal as Signal does not support to configure a proxy.

#7 Updated by sajolida almost 2 years ago

Voice calls with Signal don't work over Tor.

#8 Updated by intrigeri 6 months ago

  • Related to Feature #15874: Start looking at technologies used by snap/Flatpak for user-friendlier sandboxing added

#9 Updated by intrigeri 6 months ago

  • Description updated (diff)

Someone documented how to use Signal, installed via Flatpak, in Tails: https://bisco.org/notes/installing-and-running-signal-on-tails/ :)

#10 Updated by op_mb 6 months ago

it works with .deb package the same way - you have to export those http/s variables,like the above article shows

export HTTP_PROXY=socks://127.0.0.1:9050
export HTTPS_PROXY=socks://127.0.0.1:9050

signal-desktop

it will only launch from command, wont launch from the Applications menu.
when it connected, it synchronized with no problems, i've attached the pic

would it be possible to include it into tails repository, so people could download it if they needed it? this way you wouldn't bloat the .iso

#11 Updated by intrigeri about 1 month ago

  • Status changed from Confirmed to Resolved

intrigeri wrote:

Someone documented how to use Signal, installed via Flatpak, in Tails: https://bisco.org/notes/installing-and-running-signal-on-tails/ :)

IMO this achieved what this ticket is about. I've added the link to https://tails.boum.org/blueprint/mobile_messaging/ so it's not lost while closing this ticket.

#12 Updated by intrigeri about 1 month ago

  • Assignee deleted (spriver)
  • % Done changed from 0 to 100

#13 Updated by syster 28 days ago

feedback after testing signal with flatpak installation:

works, but is slow when running. when clicking on something it takes time until something happens.

#14 Updated by intrigeri 28 days ago

Hi @syster,

feedback after testing signal with flatpak installation:
works, but is slow when running. when clicking on something it takes time until something happens.

Thanks!

Would you like to update the blueprint accordingly?
Else, I can do it.

That blueprint currently serves as a place where where we can compile such info. My hope is that it'll be easier to find this info there later than in a series of comments on 4+ different Redmine/GitLab issues :)

#15 Updated by syster 26 days ago

@intrigeri thx for the pointer. I have added it, and try to do so in future directly.

#16 Updated by syster 26 days ago

@intrigeri can you add a link to [[blueprint/mobile_messaging]] into the description of this issue, so that it's easier to be discoverd?

#17 Updated by intrigeri 26 days ago

Hi @syster,

intrigeri can you add a link to [[blueprint/mobile_messaging]] into the description of this issue, so that it's easier to be discoverd?

I like this thinking!
This should ideally go into the "Blueprint" field.
I've just granted you the Redmine credentials needed so you can do it yourself :)

#18 Updated by syster 26 days ago

  • Blueprint set to https://tails.boum.org/blueprint/mobile_messaging/

#19 Updated by syster 22 days ago

the following is rather a matter of how flatpak behaves within tails rather then signal:

flatpak consumes space in /, where are only 1.9 GB available.
flatpak apps consume a good amount of space.
having other programs installed too, might then result in signal failing to download, due to missing space in /.

symlink as describes here: https://github.com/flatpak/flatpak/issues/2147#issuecomment-425864181
or the method decribed by flatpak users who run into similiar issues here: https://github.com/flatpak/flatpak/issues/2147#issuecomment-425864181
did not work for me to solve the issue.

I will add it to the blueprint, after more testing and research.

#20 Updated by syster 1 day ago

i found a discription on how to store the flatpaks where one defines, can be even another usb stick:

https://blogs.gnome.org/mclasen/2018/08/26/about-flatpak-installations/

I have not tested this yet. But it should contain the informations to solve the issue with flatpak running out of space.

At the same it would make applications in tails portable to any other tails/OS.

#21 Updated by syster 1 day ago

more informations:

There is a signal client for the terminal that allows registration (signal-desktop does not support this).

The issue with signal-cli:
As it is currently, it does not run in tails. Torsocks does also not work.
For more on that see:
https://github.com/AsamK/signal-cli/issues/261

Also available in: Atom PDF