signalapp
Database error when switching from KDE to hyprland
Using a supported version?
- [X] I have searched searched open and closed issues for duplicates.
- [X] I am using Signal-Desktop as provided by the Signal team, not a 3rd-party package.
Overall summary
When signal is started once on KDE plasma , it stops working on hyprland completely.
The only way to fix it, is to remove everything from .config/Signal and re-link the device, then never start Signal on Plasma.
The error message is:
Database error
Unable to access the database encryption key because the OS encryption keyring backend has changed from kwallet6 to basic_text. This can occur if the desktop environment changes, for example between GNOME and KDE.
Please switch to the previous desktop environment.
Following the instructions, it is indeed possible to start Signal on Plasma, however this means I cannot ever start Signal on any other desktop environment. Obviously, this is not really a solution.
Even if I auto start kwallet on hyprland before anything else starts, the same issue persists.
Steps to reproduce
- Start Signal on KDE Plasma
- Switch to hyprland (presumably any other desktop environment)
- Start Signal
- Observe error
Expected result
Signal starts normally, without any errors.
Actual result
Signal doesn't start, only shows an error box.
Screenshots
Signal version
7.18.0-1
Operating system
Arch Linux
Version of Signal on your phone
7.9.6
Link to debug log
No response
Hi, sorry this is happening for you. Could you try this: be on hyprland and make sure kwallet is running, then start signal-desktop with the command line flag --password-store="kwallet6"
Hey, yup that works! Signal starts up normally on hyprland with that flag. Thanks!
glad to hear it! we'll update it so the dialog becomes a little more helpful
I have the same trouble since the last update of signal-desktop. But I don't want to grant access to kwallet (it's asking for "kdewallet") for signal-desktop. How did it work before, how can I get back to a (presumed) file-system based password-store?
I tried signal-desktop --password-store=basic_text but it keeps asking and only comes up if I grant access to "kdewallet".
@github-signalapp-msf This is because of a recent change to use your OS's secure password storage to store the secret used to encrypt your local database.
@jamiebuilds-signal many thanks for the explanation. It helped my to get a bit further towards my goal of signal being independent from the desktop environment (gnome, various versions of kde).
I see a valid use case for users to (temporarily) migrate back to basic even while encryption is available, e.g. to support them during trying out different desktop environments. It might start with reverting be5829baaa5daecdd459372a1f43a93c600c0c9e.
I'm also having this problem and also can solve it with the above method. I'm just curious if I will always have to pass this flag. Will there be an update at some point that saves the password store option?
@embeddedpenguin Currently you need to always pass the flag, sorry about that. A workaround would be if you have a file that launches the app, to append the command line flag.
It's a good idea to persist the last used keyring backend, so we can auto select it on app start. We'll work on doing that.
@embeddedpenguin Currently you need to always pass the flag, sorry about that. A workaround would be if you have a file that launches the app, to append the command line flag.
It's a good idea to persist the last used keyring backend, so we can auto select it on app start. We'll work on doing that.
No need to apologize, just wanted to make sure aliasing with that flag was the right play for right now. Thank you for signal.
This just bit me. And it will bite a lot of other people, since Plasma 6 is out, Plasma 5 is deprecated. And therefore the store changes from kwallet5 to kwallet6. Please provide a clean way to switch password stores. Also, does the app support libsecret? Would be vastly preferred over kwallet (KeepassXC).
It's a good point that we need the ability to migrate between secret stores. We are planning to add it.
Regarding libsecret, it can be selected with the command line flag --password-store="gnome-libsecret". For details on flags see: https://www.electronjs.org/docs/latest/api/safe-storage#safestoragegetselectedstoragebackend-linux
Starting Signal with the flag wasn't enough: signal-desktop --password-store="gnome-libsecret". I had to do: flatpak run org.signal.Signal --password-store="gnome-libsecret". Signal launched but reported that the database is corrupt and must be deleted. I let it create a new one because there was no other option. It worked, but all previous messages were gone. However, it failed to launch again when using the app the second day. So, I deleted .config/Signal, but that didn't help, either.
I uninstalled and reinstalled Signal. It insists on switching to the "previous desktop environment", which I don't want to do. I'm using the Gnome desktop environment on Ubuntu, and only temporarily used X11, which is when the problem occurred. What else should I try?
@iqtedar First, switching beck and forth between window managers (like you said, Gnome and X11) will cause problems because Desktop will try to access its decryption key from the previous window manager's secure storage.
Next, make sure that you're on the very latest flatpak version, because they've made some fixes recently.
Lastly, did you know that the flatpak folks believe that any encrypted storage mechanism is risky? Perhaps you could consider installing Signal from the official apt repo? https://signal.org/download
Is there an issue to follow for a proper fix such as the one mentioned above https://github.com/signalapp/Signal-Desktop/issues/6962#issuecomment-2334541180 ? I wouldn't expect a workaround to be considered a solution.
For anyone else dealing with this on Nix, the workaround can be applied transparently by replacing the signal-desktop package declaration with the wrapper such as (changing kwallet6 as appropriate)
(pkgs.symlinkJoin {
name = "signal-desktop";
paths = [ pkgs.signal-desktop ];
buildInputs = [ pkgs.makeWrapper ];
postBuild = ''
wrapProgram $out/bin/signal-desktop --add-flags --password-store="kwallet6"
'';
})
@dyercode Thank you for figuring out a Nix workaround.
For secret store migration, I checked all the issues and it seems like this one would be most appropriate for tracking, so we'll reopen it until migration is implemented.
This just bit me in the ass too after upgrading to Plasma 6. There is no longer kwallet5 on my system, so I don't know what I am meant to do here.
I don't understand what purpose this feature serves. It seems to me the program is going out of its way to break?
This just bit me in the ass too after upgrading to Plasma 6. There is no longer
kwallet5on my system, so I don't know what I am meant to do here.I don't understand what purpose this feature serves. It seems to me the program is going out of its way to break?
You need to use the flag --password-store="kwallet5" when starting it. Just right-click on your Signal App entry in the menu and then "edit application" Then you go to program and edit the arguments. For instance this is what I am having there now: --password-store=kwallet5 --use-tray-icon %U
I got the same thing after upgrading to plasma 6 as well, this indeed works but looks more like a workaround than a solution. Since only kwallet6 is installed, it feels very counter-intuitive to ask for kwallet5 that is just not anywhere on the system.
I got the same thing after upgrading to plasma 6 as well, this indeed works but looks more like a workaround than a solution. Since only kwallet6 is installed, it feels very counter-intuitive to ask for kwallet5 that is just not anywhere on the system.
Well, I am pretty sure that Plasma 6 contains kwallet5 for now because not everything is ported yet. For now, at least. Gentoo as an instance automatically keeps kwallet5 and kwallet6 around, it's hardcoded. So this shouldn't be an issue. Well, for now at least. This should get fixed though, because we are basically depending on something transitional now.
The only kwallet package I have is 6.6. There is a libpam-kwallet5 package but it's a 6.1.5, so maybe a compat package 🤷🏻♂️
For the guys that struggle after KDE6 update:
Edit:
/home/USER_NAME/.config/Signal/config.json
FROM
{
"mediaPermissions": true,
"mediaCameraPermissions": true,
"encryptedKey": "***************************>
"safeStorageBackend": "kwallet5"
}
TO
{
"mediaPermissions": true,
"mediaCameraPermissions": true,
"encryptedKey": "***************************>
"safeStorageBackend": "kwallet6"
}
Source: https://forums.gentoo.org/viewtopic-p-8841636.html?sid=21c475171c7c7349dbbf3066f2612459
For the guys that struggle after KDE6 update:
Edit: /home/USER_NAME/.config/Signal/config.json FROM { "mediaPermissions": true, "mediaCameraPermissions": true, "encryptedKey": "***************************> "safeStorageBackend": "kwallet5" } TO { "mediaPermissions": true, "mediaCameraPermissions": true, "encryptedKey": "***************************> "safeStorageBackend": "kwallet6" }Source: https://forums.gentoo.org/viewtopic-p-8841636.html?sid=21c475171c7c7349dbbf3066f2612459
Thank you. That's a good enough solution for now. Still, I would prefer to migrate the data to libsecret (KeepassXC) but I can't find the right field in the kwallet. I'll just wait for the migration feature. For now, this is good enough for me.
+1, Please implement the ability to convert the database saves from one secret storage to another, as soon as possible. Also, it would be great in the long term if a proper backup and restore mechanism would get implemented on desktop signal as well.
I use Hyprland(Arch) and for me just removing /home/USER_NAME/.config/Signal/config.json and relinking the account worked.
Edit: It removes the history through, but I just wanted the app to work again
I use Hyprland(Arch) and for me just removing
/home/USER_NAME/.config/Signal/config.jsonand relinking the account worked.
... which completely erases your message history on the machine.
So the command line argument works, but Signal worked just fine with kwallet6 before I launched it on KDE and I didn't need any arguments. Is there a way to fix whatever underlying issue causing signal to think something's changed? I've only ever used kwallet6 before, during, and after briefly using KDE 6.
The same issue happened to me as well. The reason Signal thinks the environment changed is because it uses the electron safeStorage API to get the safe storage backend:
https://github.com/signalapp/Signal-Desktop/blob/5f611b74f88ebaacc2932b6b2cdd63bde30bf460/app/main.ts#L1659-L1680
This ultimately ends up in the Chromium os_crypt source code, where it decides the backend based on the XDG_CURRENT_DESKTOP desktop environment variable.
As also described in https://github.com/signalapp/Signal-Desktop/issues/6962#issuecomment-2381816693 , once this changes, e.g. from KDE to GNOME, Chromium uses a different safeStorage backend as well and Signal detects that change. Since all that depends on Chromium / Electron I think that migrating between backends automatically isn't easy (unless, of course, it's as simple as accepting the new backend as would have been the case for KDE 5 to 6) without at least some user interaction.
I got a workaround working for me and reported here in this other thread: https://github.com/signalapp/Signal-Desktop/issues/6970#issuecomment-2650568715
https://github.com/signalapp/Signal-Desktop/issues/6962#issuecomment-2470164938
This got me on the right track to a permanent solution where you don't lose your message history:
- Make sure your message history is on another device (iPhone, PC, etc.).
- Rename
/home/USER_NAME/.config/Signal/config.jsonto/home/USER_NAME/.config/Signal/config.json.bak - Restart signal. Ignore any warnings about your data being deleted, etc. I also got a SQLITE memory error ¯_(ツ)_/¯
- Set up signal and it should ask to sync your message history from another device.
Signal now launches on my wayland system without needing to pass any command line flags.
The new error message is helpful, but the copy button does not work (kubunut 25.04; wayland) and i can not highlight the text i need to copy --password-store="kwallet5" rather annoying...
