flathub · bermeitinger-b · Sep 27, 2024 · Sep 26, 2024 · Sep 26, 2024 · Sep 26, 2024
diff --git a/README.md b/README.md
@@ -19,6 +19,12 @@ You can set the following environment variables:
 - `ELECTRON_OZONE_PLATFORM_HINT=auto`: Enables Wayland support
 - `SIGNAL_DISABLE_GPU=1`: Disables GPU acceleration
 - `SIGNAL_DISABLE_GPU_SANDBOX=1`: Disables GPU sandbox
+- `SIGNAL_PASSWORD_STORE`: Selects where the database key is stored. Valid options are:
+	- `basic` Writes the key in plaintext to config.json. This is the default.
+	- `gnome_libsecret` for X-Cinnamon, Deepin, GNOME, Pantheon, XFCE, UKUI, unity
+	- `kwallet` for kde4
+	- `kwallet5` for kde5
+	- `kwallet6` for kde6
 
 ## Wayland
 

diff --git a/org.signal.Signal.yaml b/org.signal.Signal.yaml
@@ -35,6 +35,7 @@ finish-args:
   # Environment Variables to control the behavior
   - --env=SIGNAL_DISABLE_GPU=0
   - --env=SIGNAL_DISABLE_GPU_SANDBOX=0
+  - --env=SIGNAL_PASSWORD_STORE=basic
   # Use same mouse cursors as host
   - --env=XCURSOR_PATH=/run/host/user-share/icons:/run/host/share/icons
 

diff --git a/signal-desktop.sh b/signal-desktop.sh
@@ -1,15 +1,66 @@
 #!/bin/bash
 
+report_warning() {
+    read -r -d '|' MESSAGE <<EOF
+Signal is being launched with the <b>plaintext password store</b> by
+default due to database corruption bugs when using the encrypted backends.
+This will leave your keys <b>unencrypted</b> on disk as it did in all previous versions.
+
+If you wish to experiment with the encrypted backend, set the environment variable
+<tt>SIGNAL_PASSWORD_STORE</tt> to <tt>gnome_libsecret</tt>, <tt>kwallet</tt>,
+<tt>kwallet5 or <tt>kwallet6</tt> depending on your desktop environment using
+Flatseal or the following command:
+
+<tt>flatpak override --env=SIGNAL_PASSWORD_STORE=gnome-libsecret org.signal.Signal</tt>
+
+Note that the encrypted backends are <b>experimental</b> and may cause data loss on some systems.
+
+Press <b>Yes</b> to proceed with <b>plaintext password store</b> or
+<b>No</b> to <b>exit</b>. |
+EOF
+    zenity --question --no-wrap --default-cancel --icon-name=dialog-warning --title "Warning" --text "$MESSAGE"
+
+    if [ "$?" -eq "1" ]; then
+        echo "Debug: Abort as user pressed no"
+        exit 1
+    else
+        touch "${XDG_CACHE_HOME}"/warning-shown
+    fi
+}
+
 EXTRA_ARGS=()
 
 declare -i SIGNAL_DISABLE_GPU="${SIGNAL_DISABLE_GPU:-0}"
 declare -i SIGNAL_DISABLE_GPU_SANDBOX="${SIGNAL_DISABLE_GPU_SANDBOX:-0}"
 
 # only kept for backward compatibility
-if (( ${SIGNAL_USE_WAYLAND:-0} )); then
+if ((${SIGNAL_USE_WAYLAND:-0})); then
     export ELECTRON_OZONE_PLATFORM_HINT="${ELECTRON_OZONE_PLATFORM_HINT:-auto}"
 fi
 
+declare -r SIGNAL_PASSWORD_STORE="${SIGNAL_PASSWORD_STORE:-basic}"
+
+case "${SIGNAL_PASSWORD_STORE}" in
+    basic | gnome-libsecret | kwallet | kwallet5 | kwallet6)
+        echo "Debug: Using password store: ${SIGNAL_PASSWORD_STORE}"
+        EXTRA_ARGS=(
+            "--password-store=${SIGNAL_PASSWORD_STORE}"
+        )
+        ;;
+    *)
+        echo "Error: SIGNAL_PASSWORD_STORE (${SIGNAL_PASSWORD_STORE}) must be one of the following: basic, gnome-libsecret, kwallet, kwallet5, kwallet6"
+        exit 1
+        ;;
+esac
+
+if [[ "${SIGNAL_PASSWORD_STORE}" == "basic" ]]; then
+    if [[ -f "${XDG_CACHE_HOME}"/warning-shown ]]; then
+        rm "${XDG_CACHE_HOME}"/warning-shown || true
+    else
+        report_warning
+    fi
+fi
+
 if [[ "${SIGNAL_DISABLE_GPU}" -eq 1 ]]; then
     EXTRA_ARGS+=(
         "--disable-gpu"