F-Droid repository with builds of WebSocket fork

[xmikos]

Just to let you know, I have published experimental F-Droid repository with your WebSocket-based TextSecure fork, it can be found here:

https://fdroid.eutopia.cz

Sources (F-Droid build scripts) for this repo are here:

https://github.com/xmikos/fdroiddata

App ID is still same as original TextSecure (org.thoughtcrime.securesms), so anyone can upgrade from my TextSecure build to this WebSocket fork build without loosing app data (private keys, message history, etc.). I will actively maintain this repository.

[eighthave]

You can't upgrade from WhisperSystem's TextSecure to one signed by a different key. That's an essential part of the Android security model. So that means either using this @xmikos builds and sticking with them, or using WhisperSystem's builds and sticking with those.

[xmikos]

If you have root, you can backup TextSecure app data with something like Titanium Backup, uninstall TextSecure from Google Play, install TextSecure from my F-Droid repository and restore app data with Titanium Backup.

This way you can switch to my F-Droid builds without loosing data (private keys, message history, etc.).

[xmikos]

@eighthave I was talking about upgrade from my previous TextSecure builds (official GCM version, from my main F-Droid repo) to these new WebSocket builds (from my new experimental F-Droid repo). Both are signed by same key, so you can switch between GCM/WebSocket versions all you want without loosing data.

[patcon]

fwiw no need for root to do an export and import via plaintext backup -- built into TextSecure

[xmikos]

@patcon If I am not mistaken, integrated plaintext backup will not export the most important thing (private key), only messages history.

[xmikos]

But TextSecure doesn't have backups disabled in AndroidManifest.xml file, so maybe you can use adb or Helium Backup to make backup of app data without need for root permissions. But I didn't tested it.

[patcon]

@xmikos oh hey you're totally right :)

went searching and found this, fyi: https://github.com/WhisperSystems/TextSecure/issues/802

[ghost]

Can you provide a link with a fingerprint?

[ghost]

nevermind, should have checked the website rather than adding the link as a repo :p

thanks!

[dejIO]

Here you can see the Twitter conversation with moxie and xmikos about the F-Droid repo (read bottom to top).

Thought you might be interested.

@JavaJens @xmikos

[patcon]

@xmikos fwiw I don't think you or anyone else has the right to use the TextSecure name and logo. You can check out Firefox's Iceweasel wiki article for an analogous situation. Moxie's request is pretty reasonable imho -- and it will be confusing :(

[paride]

@patcon the case with Firefox is not exactly the same, as Debian did modify the original source (for example removing the Firefox logo), while @xmikos is building TextSecure without any modification. He indeed offered to rename the unofficial WebSocket fork.

What I don't like is Moxie's attitude. I understand that he doesn't want unofficial forks to be named TextSecure, but everything else is plain wrong. Why is him developing TextSecure as free software in the first place, if he doesn't work any third party client to be able to use their servers? He clearly understands software security, but he's asking us to blindly trust a binary build. Why? Wouldn't it be better to work together with the community towards, for example, reproducible builds? He's making a big mistake and wasting a lot of potential.

[patcon]

I'm just saying, they can probably enforce a trademark if they want. They've released the code from their control, not the brand.

I've opened another issue so as not to explode this one with trademark discussion :) https://github.com/JavaJens/TextSecure/issues/33

[xmikos]

I have renamed TextSecure to TextLibre and RedPhone to PhoneLibre in my F-Droid repository, for more info look here: https://github.com/JavaJens/TextSecure/issues/33#issuecomment-141523506

Application IDs are still the same, only strings has been renamed, so you will not lose data after upgrade.

[h-2]

THANK YOU VERY MUCH FOR THIS! :+1:

Unfortunately, I cannot install TextLibre. I have added the repo, but when I try to install 2.26.1-websocket it downloads and then tells me that the file is currupt.

[xmikos]

@h-2 If you have original Moxie's build from Google Play still installed, you can't upgrade to my builds (because they are signed by different key). You must first uninstall Moxie's build and then install mine (if you want app data to be preserved, you have to backup it first with something like Titanium Backup).

[h-2]

@xmikos no, I don't have an original TS installed. Its not a problem of different key, but of broken file or currupt file (don't know what the english translation is). Like, there is a size or checksum mismatch in f-droid from the expected one. Or I am being MITMed :scream:

[xmikos]

@h-2 files on server aren't corrupt, I have tried to reinstall it again without problems. So something must be messing with your download (but server has valid SSL certificate, if you are being MITMed, it must be someone with CA keys, which is very unlikely).

[xmikos]

Oh, sorry, you were right, F-Droid is telling me that file is corrupted (I have re/installed it from manually downloaded apk before). But the apk isn't corrupted, something must be wrong with F-Droid repo index (maybe because of rename), I will look into it...

[xmikos]

@h-2 It's fixed, problem was as I thought with repository index (because appid and version has been same after rename, fdroid didn't regenerate informations in index file, but used previous one from cache - so old sha256sum before rename has been there). Thank you for noticing me and sorry for inconvenience.

[h-2]

No, thank you for packaging in an F-Droid-repo! It works now :)

[onny]

Yep thank you very much! Also using it and already told a lot of people about it :)

[xmikos]

I have already published independent build of latest Signal (TextSecure merged with RedPhone) on https://fdroid.eutopia.cz. It has been renamed to LibreSignal.

I will also update experimental repo (app under same name LibreSignal) as soon as WebSocket-fork will be updated.

[git-marijus]

@xmikos your builds for the fdroid repo asks to install gcm during registration process. tested 2.28 and 3.0

[xmikos]

@git-marijus Yes, builds in my standard F-Droid repo are from unchanged official source code (except for rename of strings) which requires GCM. Builds of WebSocket fork are in experimental repo (latest version is 2.27.0-websocket).

[git-marijus]

ah... thanks for clarification...

[Asara]

Is there a migration path from Signal to LibreSignal without using proprietary software? I've tried adb pulling /data/data/org.thoughtcrime.securesms and then pushing it after installing LibreSignal, but I get errors saying LibreSignal is unable to register with Google Play and then crashes out. If I click the error in the drop down, it tells me my version of Google Play is broken and to download it again.

Edit 1:Also even with applications, there doesn't seem to be a way to just back up the data from TextSecure using Titanium, only the application itself.

Edit 2:So if you have TextSecure/Signal from the Play store, adb pull /data/data/org.thoughtcrime.securesms, delete the app, install the version from @xmikos's fdroid repo but make sure to install the regular one, not the websocket experimental version. adb push the folder back to /data/data, then upgrade to the experimental version. You will get a 'unable to connect to play store' error the first time you boot up the application, but after that it seems to work fine.

Thanks to both @xmikos and @JavaJens

[xmikos]

@Asara You could have use adb backup in the past (which doesn't need root), but backups has been disallowed in AndroidManifest.xml file since Signal 3.0 update :-( So now you definitely need root to backup app data.

With root, you can use oandbackup to backup & restore app data. It is similar to Titanium Backup (IMHO even better), but opensource.

Simply backup Signal app data with oandbackup, uninstall Signal, install LibreSignal from my F-Droid repository (it doesn't matter if standard or websocket version) and restore app data with oandbackup.

[Asara]

@xmikos Awesome man! After using oandbackup everything besides group texts work now. Don't know if that is related to me moving the data, the phone, or what, but for some reason I can't reply/send message to people in a group. Regardless, thanks!

[janvlug]

See this issue for group issues after restore: https://github.com/WhisperSystems/TextSecure/issues/1048

[dev-mb-zz]

Just to add some hints for people who had similar problems (incomplete uninstall/problems with key import) as I had while upgrading from self-build websockets-versions of textsecure to the LibreSignal builds from this f-droid respo:

1. back up your data key/conversations with oandbackup
2. uninstall old textsecure (if there are problems. use "pm uninstall org.thoughtcrime.securesms" and "rm /data/app/org.thoughtcrime.securesms" in a root shell )
3. than install a Libresignal clean from fdroid.
4. restore your backup (just the data!) with oandbackup
5. reboot your phone

That was needed for me to get it working with the old id/key.

[bonanza123]

You should be able to upgrade from official TS to LibreSignal using this Xposed module http://repo.xposed.info/module/com.pyler.xinstaller and temporarily disabling signature checking