Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Only warn if SIGNAL_PASSWORD_STORE is unset. #758

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Only warn if SIGNAL_PASSWORD_STORE is unset. #758

wants to merge 2 commits into from
+7 −10

Conversation

F-i-f
Copy link

@F-i-f F-i-f commented Oct 1, 2024

If a user already has set a flatpak override defining SIGNAL_PASSWORD_STORE to basic, there is no point showing them a warning.

@salim-b
Copy link

salim-b commented Oct 2, 2024
edited
Loading

Yes it is, because basic is less secure. But OS keystore support can likely be enabled by default again once #756 is merged.

@flathubbot
Copy link
Contributor

Started test build 151195

@flathubbot
Copy link
Contributor

Build 151195 successful
To test this build, install it from the testing repository:

flatpak install --user https://dl.flathub.org/build-repo/134282/org.signal.Signal.flatpakref

@bermeitinger-b
Copy link
Collaborator

bermeitinger-b commented Oct 3, 2024
edited
Loading

The default value of SIGNAL_PASSWORD_STORE not being empty but the value basic. With your patch, the warning would never show.

If the integration into the keyring works, we can set it to empty by default.

@F-i-f
Copy link
Author

F-i-f commented Oct 3, 2024

The default value of SIGNAL_PASSWORD_STORE not being empty but the value basic. With your patch, the warning would never show.

Not exactly.
If SIGNAL_PASSWORD_STORE is not set by the user via flatpak override, then the warning will show.
If SIGNAL_PASSWORD_STORE is set to any value (including basic) then the warning will not show.

If the integration into the keyring works, we can set it to empty by default.

Which would be best.

@bermeitinger-b
Copy link
Collaborator

But the value is by default set to basic. It is never empty.

@F-i-f
Don't set a default for SIGNAL_PASSWORD_STORE
a24e65d 
If we want to avoid displaying the encryption warning if the user already
has proactively set SIGNAL_PASSWORD_STORE with , we cannot
provide a default for the variable.
@flathubbot
Copy link
Contributor

Started test build 151623

@F-i-f
Copy link
Author

F-i-f commented Oct 3, 2024

Apologies, you are correct, I had missed that the variable is set by default in the environment.
This patch should take care of it.

@flathubbot
Copy link
Contributor

Build 151623 successful
To test this build, install it from the testing repository:

flatpak install --user https://dl.flathub.org/build-repo/134706/org.signal.Signal.flatpakref

@bermeitinger-b
Copy link
Collaborator

Thanks for the modification. The change you proposed is the default by upstream Signal. (Use the default password store). Then we can remove the warning altogether (upstream also does not "warn" the users about basic encryption).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@F-i-f @salim-b @flathubbot @bermeitinger-b