Using Signal Desktop on Fedora with Flatpak

In the 2018 race to re-invent AOL instant messenger Signal comes out on top of the competition for end-to-end encryption and a focus on privacy and security.  Signal desktop was recently released for Windows, Mac and only Debian-based Linux distributions with no official RPM available.  Here’s how to use app sandboxing with Flatpak to get it running nicely.


Getting Started with Flatpak
Flatpak is a containerized application framework that uses ostree for updates and management.  It is also independent of distribution which comes in useful for applications that might have native Linux applications but no packages available for your distribution yet.  Lastly the application is sandboxed from the rest of the system so there’s some utility in just running things that way anyway.

First you’ll need to install it for Fedora with the following commands as root.

dnf install flatpak

Once the flatpak framework is installed everything else is run as your local user.

Install Flathub Repo
Obtain the Flathub repository, this is sort of like an RPM repository for flatpak packages.

flatpak remote-add --if-not-exists flathub

Flatpak should prompt you with PackageKit authorization (this is a good thing, read below about why we’re not using Docker instead):

You can find other Flathub flatpak packages here.

Install Signal Flatpak
Now you’ll want the Signal flatpak, run this to install it as your local user:

flatpak install

You’ll see some dependencies being pulled down also.

Installing: org.signal.Signal/x86_64/stable
Required runtime for org.signal.Signal/x86_64/stable 
(org.freedesktop.Platform/x86_64/1.6) is not installed, searching...
Found in remote flathub, do you want to install it? [y/n]: y
Installing: org.freedesktop.Platform/x86_64/1.6 from flathub
[######- ] Downloading: 35.6 MB/136.2 MB (1.3 MB/s)

Once finished you should see it under the flatpak list command along with any dependencies that were pulled in

flatpak list
Ref                                             Options 
org.signal.Signal/x86_64/stable                 system,current
org.freedesktop.Platform.VAAPI.Intel/x86_64/1.6 system,runtime
org.freedesktop.Platform.ffmpeg/x86_64/1.6      system,runtime
org.freedesktop.Platform/x86_64/1.6             system,runtime

Running Signal
At this point you can run Signal via the following command:

flatpak run org.signal.Signal/x86_64/stable

It will prompt you to scan the QR code on your phone Signal app then things should work.

Update:  Creating the below .desktop file should no longer be necessary with Flatpak, however I’m leaving this in here for posterity (or if for some reason it does not create one for you).

We’re going to setup a .desktop file so it makes a nice pretty icon.

cat > ~/.local/share/applications/signal.desktop << EOF
[Desktop Entry]
Name=Signal Desktop
Comment=Signal Private Messenger
Exec=flatpak run org.signal.Signal/x86_64/stable


Now you should be able to run Signal from your application menu or nest it within plank or an application launcher.  Now we have a sweet application icon.

Updating Signal
You can update flatpaks by running the update command

flatpak update org.signal.Signal/x86_64/stable

You can also get more info about any available flatpaks via the info command:

flatpak info org.signal.Signal/x86_64/stable
Ref: app/org.signal.Signal/x86_64/stable
ID: org.signal.Signal
Arch: x86_64
Branch: stable
Origin: flathub
Date: 2018-03-14 17:31:57 +0000
Subject: update to v1.6.0 (90263399)
Commit: f3cce0883a929017e933dcb3bd2eccfd3fc7c99f3199de4cd878d
Parent: ae745b3ff32255fe69666b0b7b83b75780108484ca5b366a7c4f9
Location: /var/lib/flatpak/app/org.signal.Signal/x86_64/stable/f3c
Installed size: 225.9 MB
Runtime: org.freedesktop.Platform/x86_64/1.6

Updating Everything
You can run the update command by itself to update all the dependencies and and Flatpak applications at once.

flatpak update

Using Signal
I quite like Signal and their focus on privacy and security.  It’s important to note Google will be discontinuing Google chrome apps in 2018 as they do with most things people find useful for too long.  It’s good to start thinking about moving over common applications you might use on the desktop that previously relied on using a chrome app.  In this case flatpak makes this easier.

Update: Someone has made an unofficial Fedora COPR repository that provides Signal desktop via RPM on Fedora or CentOS/RHEL.

Why FlatPak (App Sandboxing) instead of Docker?
There’s a good thread on Reddit that explains the differences between Docker vs. Flatpak in more detail than I need to here.  For my usage with desktop applications Docker is not the best choice.  The main reasons why I believe Docker is not a good choice for this are around standards compatibility, modularity and overall security.

Flatpak app sandboxing has the ability to update/manage individual sub-dependencies (e.g. Xorg, libraries, etc) without having to spin up a new container – it’s modular instead of monolithic.

Another reason is security, with Flatpak application binaries are sandboxed entirely as your non-root user.  Docker has no concept of access control (privilege elevation, PackageKit, ConsoleKit, etc) whereas FlatPak app sandboxing operates strictly under these well-defined and documented guidelines/specifications.

It’s more possible (though usually unlikely) something could escape the cgroup confines of a container and become a vector, you really need to trust what you’re running as a container.  For containerized Xorg desktop apps you also need to give it an X11 socket.

X11/Xorg runs via an suid root wrapper on most distributions and a historically less-than-stellar security track record.  Yes, you can reconfigure Xorg/X11 to run without root rights but nobody does this.

Lastly standards compliance is important, and Flatpak is built upon this.  Flatpak is made for X11 application sandboxing and has a very strict package submission process and requires that it also passes test coverage and standards enforcement.  This sort of scrutiny isn’t in place at say, Dockerhub.

Docker/LXC/containers certainly have their place in a lot of solutions and really empower services, micro-services and many other use cases but here I think Flatpak application sandboxing instead of a full-blown container is a better solution as it deals with X11/Xorg applications like Signal.

About Will Foster

hobo devop/sysadmin/SRE
This entry was posted in open source, sysadmin and tagged , , , , , , , , , , . Bookmark the permalink.

13 Responses to Using Signal Desktop on Fedora with Flatpak

  1. Kunal says:

    Thanks Will! :)


  2. RG says:

    Nice post!

    Will this flatpak work with Wayland?

    What is the trust model with flatpaks in general and this one specifically? I.e., how do we know this isn’t a MitM, Trojan, etc.?

    Thanks for updating your post with the COPR RPM availability. Do you have any comments about its trust model?


    • Will Foster says:

      Flatpaks on flathub have a pretty strict submission policy so generally speaking they should be mostly trustworthy, but with anything it’s always best to interrogate the source.

      Sorry, I don’t know about Wayland but I imagine it should work fine as Flatpak also handles the graphics library required depending on your video card (for my desktop for example it fetches the latest Nvidia libs isolated in their own area).


  3. alexanderlarsson2013 says:

    There is no need to manually create a desktop file. Flatpak will do that automatically for you. Its possible you need to log out+in once after the first time you installed flatpak to get the custom .desktop file directory into the XDG_DATA_DIRS env var though.


  4. philiprhoades says:

    I accidentally archived a group message list – I can still see it on Android but I would like to unarchive it Fedora – is this possible?



  5. always a good day when google brings me to to solve a problem I was looking for a solution to

    Liked by 1 person

  6. Sten Dec says:

    Hi Wil,
    many thanks! Just did a clean install of Fedora 30 and added Signal. Run into a blank screen when starting Signal. Any ideas? Happy to share the Terminal output, though I do not want to clut your blog.


  7. Thank you for the thorough bang up job of writing this up! I was having some difficulty with the other sources of information online and was missing the nugget:

    flatpak remote-add –if-not-exists flathub

    Once I added flathub as the remote, I was able to get this working!


  8. Jeff says:

    Any recommendations on getting Signal to run at startup and run as a backgroun process? I don’t know if there’s a flatpak friendly way of doing this here in 2022, and Signal itself doesn’t seem to be OS aware enough to have a simple “Run at Startup” option. I keep forgetting to fire up Signal when I log in which of course makes it harder to keep in touch with people messaging me!


    • Will Foster says:

      Hey Jeff, autostart is going to depend a lot on what Desktop Environment you are using. For XFCE at least in my case there’s an area where you can add/remove/manage start-up apps.

      I would find the respective area in your Desktop Environment for autostart and add the flatpak launch command to start Signal and see if that does it for you.

      flatpak run org.signal.Signal


Have a Squat, Leave a Reply ..

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.