Packages for rpm-based linux distributions

[nikwen]

• I have searched open and closed issues for duplicates

---

Currently, Signal-Desktop is only available for Debian-based distros with the APT package manager. Please provide pre-built packages for rpm-based distributions such as Fedora or RHEL.

[janvlug]

It would also be good to warn before the migration that there are only .deb packages. I did the migration to learn only after that the Chrome Desktop is disabled that there are is no RPM installer available.

[kees-closed]

Flatpak would also do the trick, no need for deb or rpm packaging.

[euneuber]

Please add openSuse to the list of supported Linux distributions!

[zimmski]

Please use the open build service http://openbuildservice.org/ to build packages. I do not know if the public instance https://build.opensuse.org enabled building packages for all major distributions, but the service application itself has the functionality https://en.opensuse.org/openSUSE:Build_Service_cross_distribution_howto, https://en.opensuse.org/openSUSE:Build_Service_Debian_builds. I am sure that the build service guys will support you with the configuration of your projects.

[sebix]

On 11/02/2017 10:52 AM, Markus Zimmermann wrote: I do not know if the public instance [https://build.opensuse.org] enabled building packages for all major distributions,

Yes, it does. I can help with OBS for deb- and rpm packages.

[nikwen]

For everyone in need of a transitional solution: Check out #1627.

[diazbastian]

I think it's #1639 is a better solution. Besides being a more "universal" option is the path where fedora is headed anyway.

[cryptomilk]

I don't see why #1639 is a better solution. Especially from a security point of view ...

[SISheogorath]

There is one complete deal breaker for #1639: Missing ibus support on Flatpaks.

[exploide]

There is one complete deal breaker for #1639: Missing ibus support on Flatpaks.

I don't know what exactly you miss, but according to flatpak/flatpak#675, flatpak does support ibus now.

[wrender]

An RPM would be nice. I think the idea of these other package types are good, but they need to be built into base linux OS's by default before they are actually useful.

[wrender]

So does anyone have a way of building an rpm yet?

[rriemann]

There is an rpm for suse. Note that it is a user contribution and may not be trustworthy.

https://software.opensuse.org/package/signal-desktop

spec file: https://build.opensuse.org/package/view_file/home:ithod:signal/signal-desktop/signal-desktop.spec

[cryptomilk]

I dicussed that with some friend yesterday. Packaging Signal is probably a huge task. However it could be done in the build service on a collaborative effort. The build services can also grab signed git tags and verify the signature. So you can rely on the integrity of the source code that way.

However, the biggest effort would be to package all the nodejs modules and other dependencies not available yet. They are not available and that would need to be done first. The spec @rriemann mentions is a bad packaging example. It includes just everything instead of packaging the dependencies.

Is 'npm install' actually checking signatures, is it trustworthy?

[rriemann]

On the security issues introduced by npm dependencies: https://hackernoon.com/im-harvesting-credit-card-numbers-and-passwords-from-your-site-here-s-how-9a8cb347c5b5

I imagine that Signal is carefully reviewing all packages and then all updates of them and their dependencies and guess that like ruby packages, npm package versions are locked.

Opensuse has some tool to package npms: https://github.com/marguerite/nodejs-packaging

Please read the ideas in the repo readme on some general remarks on node module packaging. In essence: packaging dependencies of node modules and their node modules to a global namespace does not make sense from their point of view.

[steelstring94]

Just here to agree that an RPM version would be much appreciated, as a Fedora user.

[diazbastian]

I don't know if the way is to duplicate the efforts in maintaining different options, but as I mentioned before, the path of fedora is towards the use of flatpak, on the other hand this alternative works in a wide range of other distributions.

@cryptomilk Could you be more specific?

[cryptomilk]

Distributions and package managers have been invented so that packages stay up to date and share resources.

flatpak doesn't share resources with my system it loads another Linux system into RAM (libc, xorg, gtk, openssl etc.) I don't really know if this system keeps up with security updates. It is a waste of resources just running a simple messenger.

[exploide]

While I totally agree that package maintainers of classical package repositories are important and do a good job, there are also reasonable usecases for Flatpak.

Most importantly to bundle proprietary software. Not that I like this kind of software but sometimes some people need it and classically it comes with an obscure install.sh and does horrible thing to your system. Flatpak is really a better bet there.

Additionally, even for FLOSS software, if a program is hard to package and the responsibility remains at the software authors, not the distribution's package maintainers, then the use of Flatpak can decrease their effort needed to serve to more Linux users. This is the case here. You say "simple messenger" but this is not what Signal Desktop is. It is based on Electron, and Fedora packagers didn't manage to include the closely associated Atom editor in the repositories, yet. The Electron/Chromium/Node stuff is simply too much effort. And here for OWS it is simpler to provide a distribution independent Flatpak than to manage multiple distribution specific build systems.

[cryptomilk]

I've just updated flatpak and Signal doesn't work anymore:

flatpak run org.signal.Signal
Gtk-Message: Failed to load module "canberra-gtk-module"
No protocol specified

My distro is better maintained ...

[diazbastian]

@cryptomilk I thought you had technical arguments against it, but I see that simply "the new model is not to your liking". With Flatpak, applications can be distributed directly from their providers, so in theory security updates will be obtained more quickly by its users than through an intermediary (maintainer). It also offers isolation and its runtime system allows resource sharing and deduplication, etc.

My Signal installation works properly for me, maybe you should update the runtime.

[sevagh]

Why does the path to Fedora necessarily involve endless circular discussions about Flatpak, while Debian-based distros are sitting happy with their debs? Whatever arguments you provide for not providing RPMs should be applied to block the release of debs as well.

[rriemann]

Can we please have the flatpak discussion somewhere else? I use opensuse and have never installed an app like this. However, I know how to deal with rpms. That's a widely used standard and if it is imperfect, than maybe the distros should invest into flatpak before individual applications do so.

My observations:

• If I cannot trust my distro and their build system, I cannot use my computer. I would need to assume keyloggers that take my data even before it is encrypted on the app level by e.g. Signal.
• I have to trust Signal.
• Both my distro and Signal are opensource which makes trust easier.
• So after all these assumptions, I do not understand the problem to also trust opensuse to checkout the code from signal, check the signatures and build using a transparent tool chain a trustworthy rpm.
• Same argument goes for Fedora.

I agree that packaging of npm deps is difficult, but I do not see how flatpak can provide an advantage here.

[ErikLentz]

If they're going to provide a deb, they need to provide an rpm.

[kees-closed]

I just noticed that in GNOME Software (on Fedora) a Signal Flatpak is available via FlatHub. It installed and works like a charm, it's the latest Signal Desktop edition. I consider the issue closed.

[SISheogorath]

@AquaL1te no, it's not. Neither does this flatpak support ibus, nor is it build against Fedora libraries.

Apart from this there is a noticeable difference when you install an application as flatpak or install it as a native application. It starts at CLI integration, differences in the security setup, cache-ability, which is actually more complicated with Flatpaks (apart from the point that a lot of people have RPM caches in place, while no flatpak cache right now), …

So it's far from being solved, even when the flatpak exists and is for a lot of people a valid alternative. (yes, I use it myself for month, but for all communication that needs some more special letters, I have to use my phone)

[BarbossHack]

Yes indeed, but as long as there is no official Fedora version (from @signalapp) , I prefer to build my own RPM package, for security reasons

[cryptomilk]

As long as there is no official Fedora version, there is always the copr one available. To install, look at:

https://copr.fedorainfracloud.org/coprs/luminoso/Signal-Desktop/

But it really would be awesome to have official support on Fedora.

As a Fedora proven packager, I'm more trustworthy if I package Signal in Fedora than outside?

[dreua]

This is about the trustworthyness of a package, not you as a person. You can't expect people to memorize the list of proven packagers, they shouldn't even need to know what that title means. (Congratulations, by the way.) A package in the Fedora repositories or rpmfusion will always be more trustworthy than copr or other sources and I believe this is a good thing.

[cryptomilk]

I would argue that nodejs apps per default are not trustworthy. You should be careful how you run them. I have signal-desktop still secured with apparmor.

Here is a yarn audit of Signal-Desktop 5.37.0:

207 vulnerabilities found - Packages audited: 2842
Severity: 19 Low | 80 Moderate | 85 High | 23 Critical

[piotr-dobrogost]

@cryptomilk
At https://build.opensuse.org/package/show/network:im:signal/signal-desktop there is build for Fedora Rawhide.
Could please add build for current version of Fedora (35) and if not describe steps needed to get one?

[cryptomilk]

That's not possible as Fedora 35 doesn't provide ffmpeg. I've just recently added ffmpeg to Fedora, it will be available with Fedora 36. You have to wait till f36 is out ...

[BarbossHack]

describe steps needed to get one

You can build your own Signal-Desktop rpm for Fedora 35 with this project @piotr-dobrogost https://github.com/BarbossHack/Signal-Desktop-Fedora

That's what I'm using, and no problem so far on Fedora 35

[leukimi]

@cryptomilk
@ALL

I have signal-desktop still secured with apparmor.

It would be very very interesting to know how exactly you secured it with AppArmour. Would you mind sharing it? Thank you in advance.

[cryptomilk]

You can find the apparmor files here:
https://build.opensuse.org/package/show/home:darix:apps/apparmor-profiles-nordisch

[leukimi]

The Docker build by BarbossHack works great.
OpenSUSE repository does not seem to build RPM for Fedora 35 after version 33.

The following recipe could serve as a plan B.

---

An approach to building signal-desktop branch 5.49.x on Fedora 35

In case someone would benefit from it, the following approach did prove successful on a fresh Fedora 35 install.

All you need is a "bit of patience", since it can take around ten minutes before you are a happy Fedora (signal-desktop) user.

Just in case someone doesn't know what the following code is doing, it is a bash script that will help you to build and install signal-desktop branch $LATEST_BRANCH. You can adapt the script to your needs and copy the bash script to a file which you can give the file name:

build_signal-desktop.sh

Make this file build_signal-desktop.sh executable in some way. This is how to do it using a terminal:

chmod +x build_signal-desktop.sh

Run:

./build_signal-desktop.sh

Watch the magic take place.

---

1. First step after the fresh install is to update Fedora 35.

# Update the newly installed Fedora 35.
sudo dnf update

# Reboot Fedora 35 to be on the safe side, since you probably installed a new kernel.
reboot

2. Second step is to install dependencies.

Fedora 35 already has most of the tools you will need. You can type this in the terminal to check:

echo "--------------------------------"
gcc --version
echo "--------------------------------"
git --version
echo "--------------------------------"
curl --version
echo "--------------------------------"

nvm

nvm does not come preinstalled on Fedora 35. nvm is the Node Version Manager used to manage multiple Node.js versions on a single system. nvm can install any version of Node.js. nvm tool installs on your system by typing this into terminal, so we will include it in the build script further down to make sure it gets installed automatically if it is not present:

curl https://raw.githubusercontent.com/creationix/nvm/master/install.sh | bash
source ~/.bashrc

3. Putting it all together in a script build_signal-desktop.sh

#!/bin/bash
##
## Script: build_signal-desktop.sh
##
## Description:
## Downloads the selected branch to $HOME/src/Signal-Desktop
## from git source.
## Compiles signal-desktop.
## Creates an RPM package.
##

VOICE_SOUND=true
REQUIRE_USER_CHECK=false
INSTALL_RPM=false
RUN_APPIMAGE=false

# Fedora 35 dependencies
if hash nvm 2>/dev/null; then
    nvm --version
else
    curl https://raw.githubusercontent.com/creationix/nvm/master/install.sh | bash
    source ~/.bashrc 
fi
if hash git 2>/dev/null; then
    git --version
else
    sudo dnf -y install git 
fi
if hash git-lfs 2>/dev/null; then
    git-lfs --version
else
    sudo dnf -y install git-lfs 
fi

# Edit this to select the branch you want to compile
#
# Previous branches:
# "5.48.x"
# ...
# "5.1.x"
LATEST_BRANCH="5.49.x"
echo
echo "You have selected to use branch:"
echo \"$LATEST_BRANCH\"
echo
echo LATEST_BRANCH=$LATEST_BRANCH
echo
sleep 2

# Building Signal Desktop (5.v.x) version on Fedora 34
# Edit the branch names when new releases are made available

mkdir -p $HOME/src
cd $HOME/src
echo "Changed directory to:"
pwd
echo

# Check latest branch
if [ -d Signal-Desktop ]; then
    # Check if you have the latest branch
    cd Signal-Desktop
    echo "Changed directory to:"
    pwd
    echo
    echo "Checking the list of branches that are available remotely:"
    
    git ls-remote | grep heads
    sleep 3
    echo
    echo "Your current (local) branches are:"
    git branch -a

    echo
    echo "If you want to delete a branch (I will do it for you):"
    echo "   git branch -D 5.yy.x"
    echo "   git branch -D 5.46.x"
    echo "   git branch -D 5.47.x"
    echo "   git branch -D 5.48.x"
    echo
    echo

    git branch -D 5.1.x
    git branch -D 5.2.x
    git branch -D 5.3.x
    git branch -D 5.4.x
    git branch -D 5.5.x
    git branch -D 5.6.x
    git branch -D 5.7.x
    git branch -D 5.8.x
    git branch -D 5.9.x
    git branch -D 5.10.x
    git branch -D 5.11.x
    git branch -D 5.12.x
    git branch -D 5.13.x
    git branch -D 5.14.x
    git branch -D 5.15.x
    git branch -D 5.16.x
    git branch -D 5.17.x
    git branch -D 5.18.x
    git branch -D 5.19.x
    git branch -D 5.20.x
    git branch -D 5.21.x
    git branch -D 5.22.x
    git branch -D 5.23.x 
    git branch -D 5.24.x
    git branch -D 5.25.x
    git branch -D 5.26.x
    git branch -D 5.27.x
    git branch -D 5.28.x
    git branch -D 5.29.x
    git branch -D 5.30.x
    git branch -D 5.31.x
    git branch -D 5.32.x
    git branch -D 5.33.x
    git branch -D 5.34.x
    git branch -D 5.35.x
    git branch -D 5.36.x
    git branch -D 5.37.x
    git branch -D 5.38.x
    git branch -D 5.39.x
    git branch -D 5.40.x
    git branch -D 5.41.x
    git branch -D 5.42.x
    git branch -D 5.43.x
    git branch -D 5.44.x
    git branch -D 5.45.x
    git branch -D 5.46.x
    git branch -D 5.47.x
    git branch -D 5.48.x

    echo
    echo "If the latest branch you have"
    sleep 2
    echo "is not the latest branch on the remote,"
    sleep 2
    echo "consider hitting Ctrl + C to stop this script now."
    sleep 3
    echo
    echo "I will wait ten seconds before I start building."
    echo "..."
    sleep 10

    # Add signal-desktop branch $LATEST_BRANCH
    git fetch https://github.com/signalapp/Signal-Desktop.git $LATEST_BRANCH:$LATEST_BRANCH

    # If you get a complaint about that you have unsaved work:
    # error: Your local changes to the following files would be overwritten by checkout:
    #	package.json
    # Please commit your changes or stash them before you switch branches.
    # Aborting
    # Do the following:
    git stash
    # To delete all stashes in git, we need to run the git stash command followed by the clear option.
    git stash clear
    # Now it should work to switch to the new branch

    # Check out $LATEST_BRANCH
    git checkout $LATEST_BRANCH

    # Update $LATEST_BRANCH
    git fetch --all
    git pull --rebase
    # git rebase $LATEST_BRANCH
    git reset --hard $LATEST_BRANCH
    # Now you should be sure to have the latest files in $LATEST_BRANCH

    # Update existing branch
    # git fetch origin
    # git fetch main
    # git rebase
    # git reset --hard
    # git reset --hard origin
    # git reset --hard main

    # If you made any changes, git will ask you to stash them:
    # git stash
    # git stash clear
    # git pull --rebase
    # git reset --hard

    # Delete all files that are not version controled
    git clean -dfx
    # git submodule foreach --recursive "git clean -dfx"
    git branch -a
else
    # Download signal-desktop branch $LATEST_BRANCH
    echo
    echo "Downloading Signal-Desktop source code from git."
    echo "If you already have the software, you might see"
    echo "error messages. Don't worry, that's okay."
    sleep 5
    echo
    git clone -b $LATEST_BRANCH --single-branch https://github.com/signalapp/Signal-Desktop.git

    # Change directory
    cd Signal-Desktop
    echo "Changed directory to:"
    pwd
    echo
fi

# Remove prior packages
# rm -rf release

# Show which version of nvm is required:
echo
echo "Required nvm version:"
cat .nvmrc
sleep 1

# Source nvm
source $HOME/.nvm/nvm.sh

# nvm
# nvm does not come preinstalled on Fedora 35. nvm is the Node Version Manager used to manage multiple Node.js versions on a single system. nvm can install any version of Node.js. nvm tool installs on your system by typing this into terminal, so we will include it in the build script further down to make sure it gets installed automatically if it is not present:
#
# Installation of nvm:
# curl https://raw.githubusercontent.com/creationix/nvm/master/install.sh | bash
# source ~/.bashrc

if hash nvm 2>/dev/null; then
    nvm --version
else
    curl https://raw.githubusercontent.com/creationix/nvm/master/install.sh | bash
    source ~/.bashrc 
fi

# Sometimes nvm is not found, run the command in terminal in such case
# nvm install v18.1.0
# nvm install v16.13.2
# or generic
cat .nvmrc | nvm install 
# Sometimes nvm is not found, run the command in terminal in such case
# nvm use v18.1.0
# nvm use v16.13.2
# or generic
cat .nvmrc | nvm use

# Verify which nvm is used
nvm list
sleep 2

# Check that npm is available
type npm >/dev/null 2>&1 || { echo >&2 echo; echo "Run this script again to start building signal-desktop."; exit 0; }

# To confirm that you have npm installed you can run this command in your terminal:
echo
echo "Confirm that you have npm installed:"
echo

npm -v
sleep 1

# Update npm
echo
echo "Update npm:"
echo

npm install -g npm
npm update -g

# New step in build 2022:
git-lfs install

npm install --global yarn

# Edit package.json to add the options 'rpm' and 'AppImage'
python3 <<EOF
query = '''
      "target": [
        "deb"
      ],
'''
replacement = '''
      "target": [
        "rpm",
        "AppImage"
      ],
'''
data = None
with open("package.json",'r') as file:
    data = file.read()
    data = data.replace(query,replacement)
with open("package.json",'w') as file:
    file.write(data)
EOF

echo
echo "[OK] Source code downloaded."
echo "----------------------------"
echo
echo "Now you should have everything you need to build."
sleep 4
echo "The compilation will take a little while."
sleep 3
if hash espeak-ng 2>/dev/null; then
    # You have espeak-ng installed
    true
elif hash festival 2>/dev/null; then
    # You have festival installed
    true
else
    echo "If you want your computer to tell you with a sound when it is ready:"
    sleep 3
    echo "Install the packages:"
    sleep 2
    echo
    echo "+ espeak-ng"
    sleep 1
    echo "and/or"
    echo "+ festival festvox-slt-arctic-hts"
    sleep 2
    echo
    echo "You may have to remove:"
    echo "- festvox-clb-arctic-hts"
    sleep 3
    echo
    echo "Type this in the terminal if you wish:"
    echo
    echo "sudo dnf install espeak-ng festival festvox-slt-arctic-hts"
    echo "sudo dnf remove festvox-clb-arctic-hts"
    echo
    echo
    sleep 5
fi

echo
echo "The building of Signal-Desktop starts now."
sleep 2

yarn install --frozen-lockfile

yarn grunt

# The following is not working although it is mentioned in the install instructions to execute this command.
yarn icon-gen

yarn generate

if $REQUIRE_USER_CHECK; then
    # Help user to decide what to build:
    zenity --width 400 --warning --title "Do you want AppImage?" --text "Dont forget to alter the 'package.json' file to tell yarn to build deb, rpm, snap, AppImage in the \"linux\" section.\n\n \"target\": [\n        \"deb\",\n        \"rpm\",\n        \"snap\",\n        \"AppImage\"\n      ],"

    # The line where user has to edit:
    gedit package.json +362

    # Help user to decide what to build:
    zenity --width 400 --info --title "Do you want AppImage?" --text "Click OK when you are done editing package.json\n\n \"target\": [\n        \"deb\",\n        \"rpm\",\n        \"snap\",\n        \"AppImage\"\n      ],"
fi

yarn build-release

# Install rpm

if $INSTALL_RPM; then
    sudo dnf install release/signal-desktop*.rpm
else
    xdg-open release
fi

# Make AppImage executable

chmod +x release/*.AppImage

if $RUN_APPIMAGE; then
    # Run AppImage
    release/*.AppImage
else
    # Run linux-unpacked
    release/linux-unpacked/signal-desktop
fi
# Uninstall
# sudo dnf remove signal-desktop

# Tell compilation is done

if $VOICE_SOUND; then
    if hash espeak-ng 2>/dev/null; then
        espeak-ng -ven-us+f5 -s2 -s160 "Your signal desktop software package in format R P M is ready."
        espeak-ng -ven-us+f5 -s2 -s160 "This message! Will self destruct! In 5 seconds. ... five ... four ... threee ... two ... one ... BOOM."
    elif hash festival 2>/dev/null; then
        echo "Your signal desktop software package in format R P M is ready." | festival --tts
        echo "This message will self destruct in 5 seconds. ... five ... four ... threee ... two ... one ... BOOM."
    fi
fi

Handle errors:

Clean yarn cache:
yarn cache clean
Delete node_modules:
rm -rf node_modules

Delete active nodejs:

nvm deactivate
nvm uninstall <TAB><TAB> 
nvm uninstall v16.13.2

Sometimes you may want to get rid of all nvm stuff and start new. nvm stores things here:
rm -rf ~./nvm

[cryptomilk]

Now Fedora 36 package are available at:

https://software.opensuse.org/download.html?project=network:im:signal&package=signal-desktop

[piotr-dobrogost]

Now Fedora 36 package are available at:

https://software.opensuse.org/download.html?project=network:im:signal&package=signal-desktop

@cryptomilk
Is there any way to send you money for your work on this?

[cryptomilk]

Donate the money to either https://signal.org/donate/ or https://sfconservancy.org/donate/ or both :-)

[maitra]

Now Fedora 36 package are available at:

https://software.opensuse.org/download.html?project=network:im:signal&package=signal-desktop

Thanks, wonderful! Thank you for your hard work on this.

Will this be in the official repo soon? There is also this package from the one in the copr by luminoso: https://github.com/luminoso/fedora-copr-signal-desktop but it would be great to have an official package. Don't know if that is your plan.

[luminoso]

Now Fedora 36 package are available at:
https://software.opensuse.org/download.html?project=network:im:signal&package=signal-desktop

Thanks, wonderful! Thank you for your hard work on this.

Will this be in the official repo soon? There is also this package from the one in the copr by luminoso: https://github.com/luminoso/fedora-copr-signal-desktop but it would be great to have an official package. Don't know if that is your plan.

network:im:signal is way superior to mine. My understanding is that it builds signal and its dependencies offline and without pre-built binaries shipped along with the repo.

On the other hand, my copr repo is way simpler. Just grabs signal-desktop repo and builds it. It requires internet connection and uses pre-built binaries from it. Wishful thinking that those binaries present in this signal-desktop repository are trustable 🤷

[cryptomilk]

network:im:signal builds everything from sources and uses system components like ffmpeg, system fonts etc. Also it has a nodejs-electron package.

To bring everything into Fedora is quite some work, the first step would be to bring nodejs-electron into Fedora.

[adatum]

Has anyone using a signal repo like network:im:signal managed to upgrade from Fedora 36 to 37?

 Problem 2: problem with installed package nodejs-electron-21.3.2-2.2.x86_64
  - package nodejs-electron-21.3.2-2.2.x86_64 requires libicui18n.so.69()(64bit), but none of the providers can be installed
  - package nodejs-electron-21.3.2-2.2.x86_64 requires libicuuc.so.69()(64bit), but none of the providers can be installed
  - libicu-69.1-6.fc36.x86_64 does not belong to a distupgrade repository
 Problem 3: problem with installed package signal-desktop-6.0.1-1.1.x86_64
  - package signal-desktop-6.0.1-1.1.x86_64 requires (nodejs-electron(x86-64) >= 21 with nodejs-electron(x86-64) < 22), but none of the providers can be installed
  - package nodejs-electron-21.3.2-2.2.x86_64 requires libjxl.so.0.6()(64bit), but none of the providers can be installed
  - package nodejs-electron-21.3.2-2.2.x86_64 requires libjxl.so.0.6(JXL_0)(64bit), but none of the providers can be installed
  - libjxl-0.6.1-9.fc36.x86_64 does not belong to a distupgrade repository

Related packages are blocking the upgrade for me. I could uninstall signal, upgrade, and reinstall, but I'd like to avoid that if possible to prevent having to re-configure signal and losing conversation history.

[ohhai]

@adatum I do use it and upgraded 36->37 successfully.
Try to add --allowerasing to your DNF command (I used dnf distro-sync) and check the output. But don't confirm after it asks to proceed, it may erase some other packages.

[adatum]

I do use it and upgraded 36->37 successfully. Try to add --allowerasing to your DNF command (I used dnf distro-sync) and check the output. But don't confirm after it asks to proceed, it may erase some other packages.

Good to know upgrading worked for you.

--allowerasing would work, but it would remove nodejs-electron and signal-desktop. Maybe that's inevitable.

[ohhai]

@adatum I had same problem at some moment, but I did wait couple of weeks and it disappeared. Some packages just were updated in repos, I guess.
That's versions of that packages I have installed right now for Fedora 37, you can try to replicate that with downloading these rpms manually and install by rpm -Uvh *.rpm :

signal-desktop-6.0.1-1.1.x86_64
nodejs-electron-21.3.2-2.4.x86_64
libjxl-0.7.0-3.fc37.x86_64
libicu-71.1-2.fc37.x86_64

[adatum]

@adatum I had same problem at some moment, but I did wait couple of weeks and it disappeared. Some packages just were updated in repos, I guess. That's versions of that packages I have installed right now for Fedora 37, you can try to replicate that with downloading these rpms manually and install by rpm -Uvh *.rpm :

signal-desktop-6.0.1-1.1.x86_64 nodejs-electron-21.3.2-2.4.x86_64 libjxl-0.7.0-3.fc37.x86_64 libicu-71.1-2.fc37.x86_64

Thanks for that info with the version numbers. I have the same versions for signal-desktop and nodejs-electron installed, but not libjxl or libicu. These two errors from above are perhaps the reason for the inability to upgrade:

- libicu-69.1-6.fc36.x86_64 does not belong to a distupgrade repository
- libjxl-0.6.1-9.fc36.x86_64 does not belong to a distupgrade repository

I might wait a while longer in case the upgraded versions of those libraries come to F36, especially while waiting for a similar blocking problem with nautilus-dropbox.

[grenade]

to install from (opensuse's fedora 37 repo) network-im-signal and have access to updates even after distro upgrades beyond fedora 37:

curl -L \
  -o /tmp/network_im_signal.repo \
  http://download.opensuse.org/repositories/network:/im:/signal/Fedora_37/network:im:signal.repo
sed -i 's/37/$releasever/g' /tmp/network_im_signal.repo
sudo dnf config-manager --add-repo /tmp/network_im_signal.repo
sudo dnf update
sudo dnf install -y signal-desktop

[maitra]

The repo: https://download.opensuse.org/repositories/network:/im:/signal/Fedora_38/ does not have the signal-desktop rpm for Fedora 38. I am not sure who to contact so I thought I would post here.

[cryptomilk]

Fedora 38 is missing for https://build.opensuse.org/project/show/devel:languages:nodejs which builds nodejs-electron. I've requested that it will be added.

[maitra]

Fedora 38 is missing for https://build.opensuse.org/project/show/devel:languages:nodejs which builds nodejs-electron. I've requested that it will be added.

signal-desktop is in for Fedora 38. Thanks!

[coldserenity]

For those who encountered this type of errors

error: Verifying a signature using certificate 0080689BE757A876CB7DC26962EB1A0917280DDF (network OBS Project <network@build.opensuse.org>):
  1. Certificiate 62EB1A0917280DDF invalid: certificate is not alive
      because: The primary key is not live
      because: Expired on 2022-06-09T08:03:55Z
  2. Key 62EB1A0917280DDF invalid: key is not alive
      because: The primary key is not live
      because: Expired on 2022-06-09T08:03:55Z

I've resolved it with a complete reinstall.

Make sure Signal uninstalled

sudo dnf remove signal-desktop

Remove the old key

sudo rpm -q gpg-pubkey --qf '%{name}-%{version}-%{release} → %{summary}\n'

## e.g. resulted in 
##   gpg-pubkey-17280ddf-5e82f96b → network OBS Project <network@build.opensuse.org> public key

sudo rpm -e gpg-pubkey-17280ddf-5e82f96b

Remove the OpenSuse Signal repository

sudo dnf repolist
##  network_im_signal                                               Signal Messaging Devel Project (Fedora_38)
sudo rm /etc/yum.repos.d/network_im_signal.repo
sudo dnf clean all

Re-import the OpenSuse Signal repository and its key

sudo rpm --import https://download.opensuse.org/repositories/network:/im:/signal/Fedora_38/repodata/repomd.xml.key
sudo dnf config-manager --add-repo https://download.opensuse.org/repositories/network:/im:/signal/Fedora_38/network:im:signal.repo
sudo dnf update

Re-install Signal

sudo dnf install signal-desktop

[felixphew]

@cryptomilk when you get a second, it'd be nice to have Fedora 40 packages in https://build.opensuse.org/package/show/network:im:signal/signal-desktop :)

let me know if there's anything I can do to help!

[maitra]

@cryptomilk When you get a chance, it'd be nice to have Fedora 41 packages in https://build.opensuse.org/package/show/network:im:signal/signal-desktop I think it should be fine to stop supporting Fedora 39 at the end of this month.

Feel free to let me know if there is anything I can do to help!