Skip to content

Instantly share code, notes, and snippets.

@dephekt

dephekt/multiple-signal-flatpaks.md

Created January 26, 2025 08:20
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save dephekt/fd344abf9acebb68173ac3859a2c28a6 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save dephekt/fd344abf9acebb68173ac3859a2c28a6 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
multiple-signal-flatpaks.md

If you have Signal installed as a Flatpak and want to run multiple, separate copies of it for different Signal accounts, it just requires making a new data directory for "Signal2" and adding a new desktop file.

mkdir -p ~/.var/app/org.signal.Signal2

Next, make a filesystem override so the Flatpak can access that path:

flatpak --user override org.signal.Signal --filesystem=~/.var/app/org.signal.Signal2

Then, copy the existing desktop file to our local applications path:

cp /var/lib/flatpak/exports/share/applications/org.signal.Signal.desktop ~/.local/share/applications/org.signal.Signal2.desktop

After that, modify the launcher Exec= line to use basic password storage, and the correct data directory, and change the Name= field to something like "Signal Alt". Whatever this name is will be what the app is named in the GNOME shell launcher or whatever launcher you use.

Exec=/usr/bin/flatpak run --branch=stable --arch=x86_64 --command=signal-desktop --file-forwarding org.signal.Signal --password-store=basic --user-data-dir=.var/app/org.signal.Signal2

Note: we're still running the same Flatpak runtime image org.signal.Signal, we're just telling Signal to store its data in a different path. The Flatpak system still sees this as a single Flatpak app only this app needs updated.

@dephekt
Copy link
Author

dephekt commented Jan 26, 2025
edited
Loading

The only negative to this approach, as far as I can see, is you can only have one copy utilizing the GNOME secrets vault. The others have to use basic plaintext (like all previous Signal Desktop editions used to do). As far as I could find, there's not a way to direct signal/chromium to use a different name when it communicates to the secretservice. Without changing the Flatpak app ID, and breaking auto updates (requiring repacking after every update). So, if you don't disable secretservice for the alt copies, they will override the database key for your primary Signal.

Also, and this should be obvious from the filesystem override above, but the primary Signal instance would be able to snoop on data from the other instances. This isn't an issue for my threat model, but consider any impact it may have on your own if using these instructions.

This is because there is only one Flatpak, but for it to have permission to write data outside of its usual contained path .var/app/org.signal.Signal, it needs a file override for every alternate data directory to which it would need write-access.

@dephekt
Copy link
Author

dephekt commented Jan 26, 2025
edited
Loading

Snaps (for all their issues) have a feature that lets you clone an app with a different ID, which actually makes this much cleaner in Ubuntu. I did this before, but it was a while ago. I think Snap calls them parallel installs. Not that I'm suggesting anyone actually entertain Mark's grand vision for Snaps, but if you're already on an Ubuntu system that may be a better option. Or maybe not. It's your system, so you can decide for yourself.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment