Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pin root of trust in chrome => native upgrade flow #2137

Closed
jpouellet opened this issue Mar 15, 2018 · 0 comments
Closed

Pin root of trust in chrome => native upgrade flow #2137

jpouellet opened this issue Mar 15, 2018 · 0 comments
Labels
Feature Request

Comments

@jpouellet
Copy link

While upgrading from the chrome app to native signal-desktop, the "Debian-based Linux" install instructions recommend:

curl -s https://updates.signal.org/desktop/apt/keys.asc | sudo apt-key add -
echo "deb [arch=amd64] https://updates.signal.org/desktop/apt xenial main" | sudo tee -a /etc/apt/sources.list.d/signal-xenial.list
sudo apt update && sudo apt install signal-desktop
/opt/Signal/signal-desktop --import

(defined in background.html#L599-L602)

This relies on SSL to bootstrap trust in the package signing key from scratch, but we already have a trusted chrome extension from which we could bootstrap trust in that key.

It would be nice to somehow automatically pin the correct fingerprint via the install instructions, or at least provide it in a user-visible comment below the instructions.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feature Request
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jpouellet @scottnonnenberg-signal @automated-signal