Closed mrcobra92 closed 3 years ago
Can you talk about the current state of Windows on ARM a bit? How have things changed recently?
It has! Windows on ARM is actually a pretty great experience now! It is full windows 10, not windows RT. Meaning you can attempt to install and run any app you want. Most 32 bit apps work with emulation very well. Even simple gaming isn't too bad as long as the game uses direct 3d/x rather than open gl. X86 64 bit apps do not work at all. ARM 64 bit apps are really where it performs its best however. I love the battery life I am getting plus the always connected LTE that ARM brings to the table. It is only going to get better as developers recompile 64 bit apps for 64 bit ARM.
There is an offical Windows on Arm (64 bit) Electron release, it that helps? https://github.com/electron/electron/releases/tag/v7.0.0
IS this fir the developers? I know Signal for desktop was developed using Electron, but I don't believe I as just a user can re-compile it myself can I?
For the developer. Because he asked for the status of Windows on ARM. Having an official Electron release which supports Windows on ARM is probably an important prerequisite to build the Signal-Desktop app. I think Microsoft takes a huge effort to push forward Windows on ARM with the release of the Surface Pro X within the Pro series. But it all depends on the availability of software for this platform. So, Signal, please? :-)
@scottnonnenberg-signal Surface Pro X is a great device running windows on ARM64, and microsoft is pushing it hard, would be great to have Signal desktop available for it.
This has been asked (and shot down) several times, but why not just compile for x86 Windows? This would kill two birds with one stone. See: https://github.com/signalapp/Signal-Desktop/issues/1636 (and others).
I would be happier with an x86 build option too. It's also useful for people on really old computers too.
Here's vscode's arm64 issue and patch they just implemented: https://github.com/microsoft/vscode/issues/33620 https://github.com/microsoft/vscode/pull/85326/files
Just tried setting Signal up on my Surface Pro X and was very surprised to find out that there isn't an ARM64 or 32bit version available.
Please do at least one!
Microsoft is pushing ARM64 heavily on upcoming devices, so this will be a growing issue.
Yes please.. I too am shocked there is no ARM support!
I am on Galaxy Book S.. Win 10 ARM is very very nice now and need Signal!
I'm waiting for this too
I started working on 32-bit support, it's more work than expected π some native modules will need to be compiled for 32-bit (and ideally arm64) as well as they're 64-bit only currently. I'm stuck at one native module, more details here: https://github.com/signalapp/Signal-Desktop/pull/4514 - would appreciate if anyone could help as I'm not familiar with Rust/GN/etc.
UPDATE September 14: think I've found the culprit for the issue mentioned above. Looks like one of ringrtc
's dependencies needs an update to support x86. Details: https://github.com/signalapp/ringrtc/pull/12
Hope the Signal team will accept the PRs when they're done! π
I'm giving this a try, working on this branch, see CI runs here.
@EwoutH you very likely won't be able to get this to work until the native modules that Signal Desktop uses support arm64 somehow, like ringrtc
as I mentioned above. I'm very eagerly waiting for https://github.com/neon-bindings/neon to finish their N-API migration guide - that can be the starting point to get things moving here π They just finished their work for N-API so that's great news for sure!
Will update https://github.com/signalapp/ringrtc/pull/12 as soon as there's news in that area π if you find any other native modules that need updates, please go ahead and try to add support for arm64 to those π
Making great progress working on a native ARM64 build of Signal Desktop for Windows. Some native dependencies need to be updated. Here's the PRs tracking that work:
I hope to be able to get some first test build some time next week, assuming that I won't be blocked on other dependencies. To be continued π
For cross-reference: issue for Windows 32-bit support: https://github.com/signalapp/Signal-Desktop/issues/1636
Update: https://github.com/node-ffi-napi/node-ffi-napi/pull/131#issuecomment-777297706 was merged yesterday, so I spent some hours today to continue working on Signal Desktop on Windows arm64. It mostly came down to updating some dependencies (see https://github.com/signalapp/Signal-Desktop/compare/development...dennisameling:windows-multi-arch-support for the diff). Those dependencies have dependencies, and they have dependencies, etc. - oh well π π€―
The good news is that I'm able to install/build all dependencies now on Windows arm64 βοΈ, and even yarn build:dev
works βοΈ, but it crashes on start with error 3228369023:
PS C:\repos\Signal-Desktop> yarn start
yarn run v1.22.10
$ electron .
Set Windows Application User Model ID (AUMID) { appUserModelId: 'org.whispersystems.signal-desktop' }
NODE_ENV development
NODE_CONFIG_DIR C:\repos\Signal-Desktop\config
NODE_CONFIG {}
ALLOW_CONFIG_MUTATIONS undefined
HOSTNAME undefined
NODE_APP_INSTANCE undefined
SUPPRESS_NO_CONFIG_WARNING undefined
SIGNAL_ENABLE_HTTP undefined
userData: C:\Users\denni\AppData\Roaming\Signal-development
config/get: Successfully read user config file
x-attr dependency did not load successfully
config/get: Did not find ephemeral config file, cache is now empty object
error Command failed with exit code 3228369023.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.
Visual Studio debugging leads me to node_sqlite3.node
as the crashing module. More details in https://github.com/journeyapps/node-sqlcipher/issues/73, will report back here when I have more info :)
I have to give up for now at the crashing node_sqlite3.node
module. Debugging that goes beyond my knowledge and available time at the moment. I've provided details, including the .dmp
file and related files for debugging in Visual Studio, at https://github.com/journeyapps/node-sqlcipher/issues/73#issuecomment-782893874. If anyone has experience with that, I'd be super grateful if you could have a look! Happy to provide more details/files if needed.
Got it to work!!! π
Will need to follow up in https://github.com/journeyapps/node-sqlcipher/issues/73#issuecomment-782893874 to add statically linked OpenSSL binaries for Windows ARM64 which I just generated, but this is super exciting news! π
UPDATE: created a PR for node-sqlcipher
: https://github.com/EvanHahn-Signal/node-sqlcipher/pull/1
Had to create a new branch since quite a lot has changed to Signal's dependencies in the last couple weeks. The ARM64 Windows build broke on better-sqlite3
, so I created a PR there to add Windows ARM64 support: https://github.com/signalapp/better-sqlite3/pull/1
If you want to try it out on your Windows on ARM device, do the following:
git clone https://github.com/dennisameling/Signal-Desktop
cd Signal-Desktop
git checkout multi-arch-support
yarn
yarn build:dev
yarn start
I was able to set up my Surface Pro X as a standalone device on Signal's staging servers (after applying https://github.com/signalapp/Signal-Desktop/pull/5121 as well) in combination with a staging build of Signal for Android π receiving messages works, and the camera + mic seem to be working as well, but I'm not able to send messages or place calls to the Android device (note the single check mark next to my message). I'm expecting this to be a bug with Signal itself, rather than the Windows on ARM version specifically.
Now it's up to the Signal team to do the following things:
Then set up a CI pipeline that builds arm64 versions of the native dependencies, next to the already existing x64 versions:
signal-ringrtc-node
(see https://github.com/dennisameling/signal-ringrtc-node/tree/cross-compilation-support-new/build/win32 for an example)libsignal-client-node
(see https://github.com/dennisameling/libsignal-client-node/tree/jack/release-0.3.3/build for an example)signal-zkgroup-node
(see https://github.com/dennisameling/signal-zkgroup-node/tree/cross-compilation-new for an example)Then, lastly:
Here's a production build of Signal Desktop 5.2.0 arm64+ia32: https://github.com/dennisameling/Signal-Desktop/releases/tag/v5.2.0
I plan to update the production builds regularly until the Signal team does, but it also means that auto-updating is disabled for now. You can either subscribe to this issue or my fork to be notified when a new version becomes available π
This is in regard to Dennis' release two days ago: since Microsoft Edge powered by Windows Defender SmartScreen (yes, I'm running Windows 10 on ARM64) issued a warning and blocked the Windows Client release after downloading, I did a submission to Microsoft Security Intelligence. We should be good to go until the next release (and/or a digitally signed executable):
signal-desktop-win-5.2.0-arm64.exe Submission ID: 918422f6-7c1c-4a50-af70-f431c1b67cea Status: Completed Submitted by: REDACTED Submitted: May 24, 2021 5:41:59 PM User Opinion: Incorrect detection Analyst comments: The warning you experienced indicates that the application had not established reputation with the Microsoft Defender SmartScreen Application Reputation feature at that time. We can confirm that the application "signal-desktop-win-5.2.0-arm64.exe" (sha256 β β38d7e1d276f0e6fd4b2a642f696e74dc042a124c16fb73642f2e8c377608be5bβ) has since established reputation and attempting to download or run the application should no longer show any warnings. Please note, however, that the submitted files are not signed using a valid digital certificate. Unsigned files will have to establish reputation each time a new version is released. Application Reputation warnings are meant to indicate when applications do not have known positive reputation. This doesnβt mean that the application is malicious, only that it is βunknown.β Users can still proceed to download and run the application. If establishing reputation immediately is critical, you may want to consider investing in an EV Authenticode certificate. A valid EV Authenticode certificate can immediately establish reputation with SmartScreen reputation services even if no prior reputation exists. In order to be considered a valid EV certificate, the certificate must be issued by a Certificate Authority that is authorized by the Microsoft Trusted Root Certificate Program and recognized as an Extended Validation issuer. Thank you for contacting Microsoft.
Signal Desktop 5.3.0 just got released, here's a fresh build for arm64 + ia32: https://github.com/dennisameling/Signal-Desktop/releases/tag/v5.3.0-multi-arch
@marcocastagna Thanks for sharing that - let me have a look into code signing in the coming weekend. Hopefully that will help prevent this issue in the future ππΌ
No worries @dennisameling - the least I can do. It's the same with the 5.3.0 release. I did a new submission to Microsoft Security Intelligence (analysis pending), so in a few hours MS Edge should stop issue warnings and no longer block this download as well.
By the way: it seems as long as the file has not been validated, Windows Defender is also trying to prevent installation (which basically is a fine thing). As a user you can overrule this of course, but people might get scared (which again, basically would be a good thing). So yes, signed code would definitely help. π€
And by the way: thanks a lot for your valuable work!! πͺ
(in the meantime 5.3.0 release for Windows has also established reputation with Microsoft Defender SmartScreen)
Some very exciting news - just released 5.4.0 with a bunch of optimizations! Auto-updates are enabled now through my custom server. So, you should automatically be notified when 5.5.0 becomes available at some point. Next to that, the app has been fully signed with a Code Signing Certificate. I bought a regular one, since EV certificates are rather expensive and cumbersome to integrate in CI workflows.
@marcocastagna the certificate I attach to the executables should build up SmartScreen reputation over time, meaning that next versions likely will pass checks immediately. Please keep reporting them as safe for the time being π
Large parts of the build process are now automated, but there's still quite some moving parts that I'd like to automate even more. Will work on that in the coming weeks, though with low prio now that we have a stable foundation.
Do let me know if this release works for you - can't wait for you to see the auto-update mechanism in action when the next version comes out! Tested it locally and it works great π
@marcocastagna the certificate I attach to the executables should build up SmartScreen reputation over time, meaning that next versions likely will pass checks immediately. Please keep reporting them as safe for the time being π
Both arm64 and iam32 are reported, should be ok in a few hours. (dmg did not trigger any warning when downloading)
Update: both files have established reputation with Microsoft Defender SmartScreen services.
Furthermore (and important for the future):
The signing certificate thumbprint βACC6AAB42506DFBC0550415EF3C1216E625F9085β is still in the process of establishing reputation. Once it does, all applications that are signed with that certificate should have a warn-free experience from the start.
Not sure I can see by when this will be done, hopefully before the next release.
Having trouble synching contacts and conversations with the new release, anyone else? Thanks @dennisameling for your work on this!
On Mon, Jun 7, 2021 at 3:30 AM Marco Castagna @.***> wrote:
Update: both files have established reputation with Microsoft Defender SmartScreen services.
Furthermore (and important for the future):
The signing certificate thumbprint βACC6AAB42506DFBC0550415EF3C1216E625F9085β is still in the process of establishing reputation. Once it does, all applications that are signed with that certificate should have a warn-free experience from the start.
Not sure I can see by when this will be done, hopefully before the next release.
β You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/signalapp/Signal-Desktop/issues/3745#issuecomment-855671918, or unsubscribe https://github.com/notifications/unsubscribe-auth/AOBXLYEYTJ7BNFSHEABTMZLTRRYRDANCNFSM4JOBSM5A .
5.4.1 is out! https://github.com/dennisameling/Signal-Desktop/releases/tag/v5.4.1-multi-arch
Users who are already on 5.4.0 will get an in-app notification that an update is ready π
@gber1983 all is working fine here, but the Signal team fixed a bug in 5.4.1 "that affected users who linked Signal Desktop for the first time on a new computer". Maybe that solves your issue!
It works! You continue to be the hero of all heroes @dennisameling!
On Wed, Jun 9, 2021 at 4:18 AM dennisameling @.***> wrote:
5.4.1 is out! https://github.com/dennisameling/Signal-Desktop/releases/tag/v5.4.1-multi-arch
Users who are already on 5.4.0 will get an in-app notification that an update is ready π
@gber1983 https://github.com/gber1983 all is working fine here, but the Signal team fixed a bug in 5.4.1 https://github.com/signalapp/Signal-Desktop/releases/tag/v5.4.1 "that affected users who linked Signal Desktop for the first time on a new computer". Maybe that solves your issue!
β You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/signalapp/Signal-Desktop/issues/3745#issuecomment-857490394, or unsubscribe https://github.com/notifications/unsubscribe-auth/AOBXLYDYIBC3UNLU2YKWGPLTR4PV5ANCNFSM4JOBSM5A .
haven't checked in on signal arm64 support for a year or so. Very excited and happy to see this. Just downloaded, installed, logged in. Contacts synced everything seems to run fine on Samsungs Galaxy Book S!
Big up and thanks a million to @dennisameling! Hope this gets included and credited officially!
5.5.0 now live: https://github.com/dennisameling/Signal-Desktop/releases/tag/v5.5.0-multi-arch
fyi: just got the OTA notification. updated, restarted. works just fine!
thanks again!
5.5.0 now live: https://github.com/dennisameling/Signal-Desktop/releases/tag/v5.5.0-multi-arch
I just learned that the v5.5.0 downloads are blocked by Microsoft Defender Smartscreen, again (should have tested that right away, sorry). They are signed with the same certificate as v5.4.0 but it seems it has not yet earned its reputation. Submissions to Microsoft Security Intelligence are done, waiting for feedback/clearance.
The v5.5.0 files have established reputation with Microsoft Defender SmartScreen services in the meantime. But the "signing certificate (thumbprint ACC6AAB42506DFBC0550415EF3C1216E625F9085) is still in the process of establishing reputation". Not sure if and how this could be improved, let's see if I can find some more information on this.
@dennisameling, since you are the developer of this software, according to this blog post by Microsoft Security it might help if you'd submit files on your own before publishing. I understand this (and of course following best practices in general π) could help you and your code signing certificates to establish reputation with the service faster. (And by the way: I wouldn't follow the EV certificate path either, fully understand. At the same time it's a good thing we learned that this might actually help in case of some emergency publishing needs.) I'm happy to further assist with file submissions - but I'm just some consumer of the service, I assume such contributions have less weight than the developer's.
(v.5.6.0 files are submitted to Microsoft Security Intelligence for analysis/clearance by Microsoft Defender SmartScreen servcies)
Microsoft's submission process is incredibly confusing. So far I've identified three places where files/URLs can be submitted:
I tried all three of them. The first one seems most promising, as it's the only one that actually sends me a confirmation email and allows me to follow the status of the file submissions. Let's just hope I won't have to do this every time since it's rather time consuming π
For macOS we simply can do yarn notarize
which submits it to Apple for validation.
Looking good so far:
Not sure what impact Edge Download Manager actually has. I was referring to (and personally use) https://www.microsoft.com/en-us/wdsi/filesubmission. In my case as a "Home Customer". In your case you'd choose "Software Developer" which hopefully would have a more relevant impact on both the individual files but also your Code Signing Certificate (this one needs to gain a good reputation).
Yeah I chose "Software Developer". Though I gotta say that the form is rather confusing as it talks about "malware/malicious" files, but when I scan it with Defender all is good. It's really about Smartscreen only, and though there's an option for that in the form, the rest of the form is a bit confusing IMO.
Correct. Current signatures of Microsoft Defender never detected any threats in your files. SmartScreen however "blocks" downloads as long these files have not established reputation with the service. Users can remove the block and choose to keep the files, but they need to click through a couple of warnings - which actually makes sense but a standard end user might get confused. After keeping the file SmartScreen will strike again when the user tries to install the software.
Parameters I provide when submitting files are:
Usually within a few hours analysis is done with the known analyst comments. After this, users are not warned anymore when downloading and/or installing.
Let's just hope I won't have to do this every time since it's rather time consuming π
Don't get me wrong, I'm happy to and I will continue doing this...
(only the last 30 days are kept in history)
I just doubt this to be a sustainable solution. Let's hope your cert will make it to the club, soon. π
(v.5.6.0 files have established reputation with Microsoft Defender SmartScreen services)
(v.5.6.1 files are submitted to Microsoft Security Intelligence for analysis/clearance by Microsoft Defender SmartScreen servcies)
(v.5.6.1 files have established reputation with Microsoft Defender SmartScreen services)
(v.5.6.2 files are submitted to Microsoft Security Intelligence for analysis/clearance by Microsoft Defender SmartScreen services)
(v.5.6.2 files have established reputation with Microsoft Defender SmartScreen services)
This is an automated message that version 5.7.1 is now live. Please note that it might take 1-2 hours for the binaries to be uploaded to the server.
Release URL: https://github.com/dennisameling/Signal-Desktop/releases/tag/v5.7.1-multi-arch
Bug Description
Signal has no 32 bit desktop app and has no support for ARM processors on Windows.
Steps to Reproduce
Actual Result:
Program can not be installed
Expected Result:
Program can be installed
-->
Platform Info
Signal Version:
Latest build
Operating System:
Windows 10 Surface Pro X
Linked Device Version:
Link to Debug Log