Has anyone installed Signal app's desktop version in Fedora?

OS: Fedora 33

I’ve started using Signal messaging app. When I am using Whatsapp, I usually use Whatsapp web because I am not very good typing long sentences from Whatsapp mobile.

Same goes for Signal. I prefer to use the desktop version of Signal. But, Signal desktop installer for Linux is only available for Debian based systems (Link below)!!! Any idea how I can install Signal desktop app in a Fedora machine using rpm or yum repositories or any other way ?

2 Likes

install direct from Software

4 Likes

It is available as a flatpak in Flathub. Add Flathub repo if it is not enabled already:

flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo

After that, you can use GNOME Software as mentioned above. If it doesn’t show up after adding Flathub, try restarting.

6 Likes

Thank You Adrian K, ersen

As ersen suggested, following is what I did

Step1.

$ flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
$ 

Interestingly, no output for the above “flatpak remote-add” command. After I executed, all i got was a dollor prompt.

Step2. From Gnome software, I searched for Signal and clicked on Install. Well, I Signal was listed even before I ran step 1. Maybe because I had already configured the flatpack before and I forgot.

Quick question:
So, gnome’s ‘Software’ utility can use yum or dnf or flatpack commands internally. Right ?

2 Likes

It can install flatpaks from the repos you have added, in this case Flathub; it can also install RPMs but it doesn’t use yum or dnf, it uses something called PackageKit as backend:

https://www.freedesktop.org/software/PackageKit/

3 Likes
dnf install apt dpkg -y 
echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/signal-desktop-keyring.gpg] https://updates.signal.org/desktop/apt xenial main' | tee -a /etc/apt/sources.list.d/signal-xenial.list
wget -O- https://updates.signal.org/desktop/apt/keys.asc | gpg --dearmor > signal-desktop-keyring.gpg
cat signal-desktop-keyring.gpg | tee -a /usr/share/keyrings/signal-desktop-keyring.gpg > /dev/null
apt update
cd /tmp/
apt-get download signal-desktop
dpkg --force-depends -i signal-desktop_5.23.0_amd64.deb
desktop-file-install /usr/share/applications/signal-desktop.desktop

if you want uninstall it

dpkg --remove signal-desktop
2 Likes

Using snap worked for me:

# sudo dnf install snapd # restart if needed
# sudo ln -s /var/lib/snapd/snap /snap # To enable classic snap support. Not sure if it is needed
sudo snap install signal-desktop
1 Like

The easiest is probably the copr repo packaging Signal for Fedora, as long as you trust it: luminoso/Signal-Desktop Copr

#Enable copr repository
sudo dnf copr enable luminoso/Signal-Desktop

#Install Signal Desktop
sudo dnf install signal-desktop

I might be very late but this worked for me:
https://github.com/signalapp/Signal-Desktop/issues/1630#issuecomment-894495950

1 Like

Y’all are comfortable with and have validated who has provided these alternate packages, snaps, and flatpaks (outside of the Signal repo) and that the binaries haven’t been tampered with, right?

1 Like

Welcome to ask :fedora:edora.

You should consider that there is one person responsible for accepting the software you install on your system. YOU
What I accept may not be acceptable to you and vice versa.

The only thing I am comfortable saying in response to your question is that I trust what is stored on the fedora repos and on the rpmfusion repos for use with fedora. Anything else I evaluate on a case by case basis.

4 Likes

A good approach… the long term challenge though is around ongoing supply chain risk. What is safe today (ie, a Signal snap that Popey developed that pulls the deb directly from signal and verifies that hash for the file) may degrade in the future or be corrupted by a bad actor. Do you/we have the bandwidth to keep a constant eye on a package source that isn’t the source? Of course, we have to trust Signal and their ability to sign their packages, but what about downstream in the supply chain? For something as critical as Signal, you have to way the risks carefully…and consider the long term implications of your choice. Perhaps build in a process for validating the process/source for a Snap each time you update it? Lots of ways to solve this problem, but it involves more work and time as a system administrator and eventually, one gets lazy one update, and wouldn’t you know, that’s when the supply chain has been corrupted…

Works for me.

Comprehensively,

dnf install -y flatpak
flatpak remote-add -y --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
flapak install -y flathub org.signal.Signal
1 Like

Flathub and Snap are generally safe, but I too am wary of the COPR repositories.

Now there is a package built for Fedora from openSUSE: Show network:im:signal - openSUSE Build Service

https://software.opensuse.org//download.html?project=network%3Aim%3Asignal&package=signal-desktop

dnf config-manager --add-repo https://download.opensuse.org/repositories/network:im:signal/Fedora_36/network:im:signal.repo
dnf install signal-desktop
3 Likes

Do you know whether the compilation is official in any capacity? Slightly too much information is presented for me to ascertain whether it is trustworthy.

It’s not official; for that you need to download from signal.org and use their (only deb) repositories: Signal >> Download Signal

But network:im:signal apparently compiles all the dependencies from source, unlike the luminoso copr which used some binaries, so that increases trustworthiness.

For a lot more discussion, see the (closed…) github issue requesting rpm packages: https://github.com/signalapp/Signal-Desktop/issues/1630