Package Details: signal 1.1.0-4

Git Clone URL: https://aur.archlinux.org/signal.git (read-only)
Package Base: signal
Description: Signal Private Messenger for the Desktop
Upstream URL: https://github.com/WhisperSystems/Signal-Desktop
Keywords: messenger secure
Licenses: GPL3
Conflicts: signal-desktop, signal-desktop-beta, signal-desktop-bin
Provides: signal
Submitter: onny
Maintainer: dbirks (Jake)
Last Packager: Jake
Votes: 85
Popularity: 19.945670
First Submitted: 2016-08-17 22:58
Last Updated: 2018-01-05 23:05

Latest Comments

abdulhakeem commented on 2018-01-12 20:23

What is the difference, if any, between 'signal' and 'signal-desktop' that are both on the AUR?

hero commented on 2018-01-06 13:37

It made me curious that the build did not fail for you with the tar release and I did a little digging. I think I know why it did not fail for you. It depends on where you build the package, your PKGBUILD was likely still inside the git repository of the AUR package. So the grunt job took the commit information of that repository. If you however copy the PKGBUILD and the three other files over into a new directory (which is not part of a git repository) you should be able to reproduce the error (of course with the old PKGBUILD that used the tar ball). So the new PKGBUILD that uses the git checkout now works for me as well and in the intended way. The only downside I see is that the download is no longer verified with the hashsum, but I do not know of a good solution to that myself.

Cheers!

Jake commented on 2018-01-05 23:27

Okay, that is interesting because i never encountered that problem... So let's use git then, it is anyway needed as makedepend. Hope this works for everyone now.

Current differences to signal-desktop are that signal uses the system electron (does not bundle it), has an additional tray mode desktop file, less dependencies and some minor things. It would probably be possible to merge them, but into which pkgbase? 'signal-desktop' seems like the correct name, but 'signal' is more popular. And i think having two options is also not bad?

hero commented on 2018-01-05 21:42

The package still does not build for me, because the Gruntfile tries to get information of a git commit, which is not available in the tarball. @milouse has a workaround for it in his PKGBUILD, but that would need to be updated every new release. Another option would be to again use the git commit and not the tar release.

Also on a side note, what is the difference between the 'signal' package and the 'signal-desktop' package? Could they be merged?

Jake commented on 2018-01-05 19:48

jplatte: Yes, i have dropped only libxss, because i was not sure about gtk2 and gconf. I have checked and it seems ok though, so they are removed now (pkgrel=3).

jplatte commented on 2018-01-05 18:26

There's still the unused dependencies I wrote about in my last comment... https://aur.archlinux.org/packages/signal/?comments=all#comment-625417

Jake commented on 2018-01-05 14:38

Package release 2 contains an additional desktop file, which starts Signal only in the tray. Also the command line switches are now supported. I have successfully build and tested it on multiple systems. Let me know if there are still errors.

dbirks commented on 2018-01-05 02:15

Jake: Thank you, that would be much appreciated.

Jake commented on 2018-01-04 17:02

@mikeA: That is strange if it works for you, i have tried it on 2 different systems with wired connection, but always: "Git source NOT trusted: it has no gpg signature at all"

milouse commented on 2018-01-04 16:54

@mikeA warning, the gpg verification of the signal-desktop package is NOT about the downloaded content but about the fetched commit. It just confirm to you that the commiter is really who it is intended to be. In no way this is a proof that nobody has altered the content during the download. That is to say, this gpg check has no more value than the green badge on github (as the gpg key to check the commit is fetched from the github API). If you really fear MITM attack while downloading this package, I recommend you to NOT use any of these packages and to build you own package, inspired from the signal-desktop-bin PKGBUILD available on AUR and by comparing the downloaded .deb files signature with this file https://updates.signal.org/desktop/apt/dists/xenial/main/binary-amd64/Packages, which is the only one I know containing whisper-systems signatures of tarball.

All comments