Project

General

Profile

Feature #15200

Feature #14567: Investigate mobile messaging applications

Test Signal in Tails

Added by u over 1 year ago. Updated 8 days ago.

Status:
Confirmed
Priority:
Normal
Assignee:
Category:
-
Target version:
-
Start date:
01/19/2018
Due date:
% Done:

0%

Feature Branch:
Type of work:
Research
Blueprint:
Starter:
Affected tool:

Description

There is currently no official Debian package for Signal.

Our options seem to be:

  • use the Flatpak as documented on https://bisco.org/notes/installing-and-running-signal-on-tails/ → Tails is not 100% ready for this yet
  • use the upstream Debian repository → that's putting a lot of trust in Signal upstream and infra; most of the reasons why we've rejected the Electrum AppImage idea probably apply here

Screenshot from 2019-10-09 18-52-29.png View (179 KB) op_mb, 10/09/2019 07:16 PM


Related issues

Related to Tails - Feature #15874: Start looking at snaps/Flatpak for sandboxing Confirmed 08/30/2018

History

#1 Updated by u over 1 year ago

@spriver has made a test:

@spriver has already tried it and found:

Signal (https://signal.org/) announced that the until now used Chromium-based desktop application is deprecated, it's going to be replaced by a (Electron framework [https://electron.atom.io/] based) standalone application, thus dropping the requirement of installing Chromium to use Signal Messenger on a Desktop system.

So far the application is available in the repo of Signal, I don't know if it's going to be available via the Debian native repositories someday.

Edit after some brief testing (in Tails):

adding the repo is only possible when apt-transport-https is installed, the repo is refusing plain HTTP connections
the executable is huge:
Need to get 97.3 MB of archives.
After this operation, 226 MB of additional disk space will be used.
starting the app is no problem, but it's not possible to configure a proxy. the app won't boot at all when it's started via torsocks in CLI -> AFAICT the application is (atm) not usable in Tails. The issue tracker of signal-desktop has an open ticket wrt. adding SOCKS proxy support (https://github.com/WhisperSystems/Signal-Desktop/issues/1430)
settings/data are stored in ~/.config/Signal/

#2 Updated by spriver over 1 year ago

  • Assignee set to spriver

#3 Updated by spriver over 1 year ago

Up-to-date state of Signal in Debian:

Following the instructions on https://signal.org/download/ and after installing apt-transport-https and changing the source line in signal-xenial.list into deb [arch=amd64] tor+https://updates.signal.org/desktop/apt xenial main, an apt update is possible.

apt show signal-desktop will show:
Package: signal-desktop
Version: 1.5.2
Priority: extra
Section: default
Maintainer: Open Whisper Systems <>Up-to-date state of Signal in Debian:

Following the instructions on https://signal.org/download/ and after installing apt-transport-https and changing the source line in signal-xenial.list into deb [arch=amd64] tor+https://updates.signal.org/desktop/apt xenial main, an apt update is possible.

apt show signal-desktop will show:
Package: signal-desktop
Version: 1.5.2
Priority: extra
Section: default
Maintainer: Open Whisper Systems <support@signal.org>
Installed-Size: 189 MB
Depends: gconf2, gconf-service, libnotify4, libappindicator1, libxtst6, libnss3, libasound2, libxss1
Homepage: https://github.com/signalapp/Signal-Desktop#readme
Vendor: Open Whisper Systems <support@signal.org>
License: GPL-3.0
Download-Size: 65.9 MB
APT-Manual-Installed: yes
APT-Sources: tor+https://updates.signal.org/desktop/apt xenial/main amd64 Packages
Description: Private messaging from your desktop
Installed-Size: 189 MB
Depends: gconf2, gconf-service, libnotify4, libappindicator1, libxtst6, libnss3, libasound2, libxss1
Homepage: https://github.com/signalapp/Signal-Desktop#readme
Vendor: Open Whisper Systems <support@signal.org>
License: GPL-3.0
Download-Size: 65.9 MB
APT-Manual-Installed: yes
APT-Sources: tor+https://updates.signal.org/desktop/apt xenial/main amd64 Packages
Description: Private messaging from your desktop

Note the huge installed size. I'm not quite sure if we want to huge such huge binary (in terms of size and actual used memory during usage) inside of the standard Tails iso.

After the installation it's possible to launch Signal, but it will fail to establish a connection to generate a captcha to be scanned from a smartphone where Signal is already installed (it is not possible to use Signal without a smartphone). It is not possible (neither at this nor at a later stage) to configure a proxy or similar. Starting Signal with torsocks will result in nothing (strace results in endless nanosleep({tv_sec=0, tv_nsec=2000001}, NULL) = 0).

Buuut…installing proxychains and launching Signal makes it work directly and with no problems.

#4 Updated by spriver over 1 year ago

Some remarks after some further testing:

  • for installing the Signal Desktop client one has to trust a completely arbitrary key which has to be downloaded from the Signal website. The key is also available on keyservers, but there is no chain of trust for the key which will be imported via apt-key to establish trust for the repo for apt. I don't understand why Signal is hosting an own repo instead of uploading directly to Debian et al. (besides that, I don't like the fact that their official instructions won't validate the downloaded key etc.). Furthermore, the repo requires apt-transport-https (which is neither good or bad, it's just a requirement that would not exist with official Debian repos)
  • after the setup of the repo Signal Desktop resp. Signal Desktop Beta. I really dislike the fact of the tremendous installed size of ~190MByte, which is around one sixth of the current .iso (yay for using modern and cool frameworks like electronjs)
  • Signal Desktop has no possibility to configure a proxy to use Tor. Using torsocks won't make it launch, launching Signal with proxychains makes it possible to connect to Tor (I could not find any other option to make Signal work, maybe there's something which won't additionaly require to install proxychains) and connect the Client via a QR-Code which needs to be scanned by a smartphone which will then make the smartphone's account available on the Desktop Client.
  • all user data and configs will go to the directory /home/amnesia/.config/Signal The folder can be added without any problems to the persistence.conf file. The configured account and data will remain persistent.

#5 Updated by intrigeri over 1 year ago

I think that at least some of the messaging client ecosystem won't fit into the Debian packaging/release model, for various cultural and technical reasons. This general situation makes me sad (and is being discussed on debian-devel@ as we speak) but it will take years to solve it so it would be unrealistic to block on it. So IMO the best current answer to this app distribution problem is Flatpak; FTR Signal is available on Flathub (last time I checked the version there was slightly outdated but that wasn't too concerning). Now, of course Tails is not ready to ship Flatpaks yet and we have postponed this topic to post-2019 on our roadmap. The way I see it, messaging clients may very well be one of the key reasons why we may want to decide to prioritize Flatpak integration when we update our roadmap :)

#6 Updated by spriver over 1 year ago

intrigeri wrote:

I think that at least some of the messaging client ecosystem won't fit into the Debian packaging/release model, for various cultural and technical reasons. This general situation makes me sad (and is being discussed on debian-devel@ as we speak) but it will take years to solve it so it would be unrealistic to block on it.

I see.

So IMO the best current answer to this app distribution problem is Flatpak; FTR Signal is available on Flathub (last time I checked the version there was slightly outdated but that wasn't too concerning). Now, of course Tails is not ready to ship Flatpaks yet and we have postponed this topic to post-2019 on our roadmap. The way I see it, messaging clients may very well be one of the key reasons why we may want to decide to prioritize Flatpak integration when we update our roadmap :)

Flatpak is indeed promising for such stuff (extra layer of sandboxing, etc.). I tried Signal via it and besides the fact that it uses a quite huge runtime and the huge binary size Signal itself it runs (not in Tails, but on Debian). And there's still some (upstream?) work left to do wrt. Tor+Signal as Signal does not support to configure a proxy.

#7 Updated by sajolida over 1 year ago

Voice calls with Signal don't work over Tor.

#8 Updated by intrigeri 14 days ago

  • Related to Feature #15874: Start looking at snaps/Flatpak for sandboxing added

#9 Updated by intrigeri 14 days ago

  • Description updated (diff)

Someone documented how to use Signal, installed via Flatpak, in Tails: https://bisco.org/notes/installing-and-running-signal-on-tails/ :)

#10 Updated by op_mb 8 days ago

it works with .deb package the same way - you have to export those http/s variables,like the above article shows

export HTTP_PROXY=socks://127.0.0.1:9050
export HTTPS_PROXY=socks://127.0.0.1:9050

signal-desktop

it will only launch from command, wont launch from the Applications menu.
when it connected, it synchronized with no problems, i've attached the pic

would it be possible to include it into tails repository, so people could download it if they needed it? this way you wouldn't bloat the .iso

Also available in: Atom PDF