Webcord RPM package cannot be installed because headers are not signed. #523
Comments
|
Right now, none of the builds are signed. This is mostly there's no integrated way in the Forge to sign (most) Linux distributables. And I'm not going to buy and keep renewing any certificate for Windows and macOS when I make $0 of monthly income from WebCord as of itself (some people donate me money to support me as a dev, but I consider this money as a way of supporting me, to help me reach a goal of giving more of my time to FOSS development than consider working on proprietary code only just so I don't die poor). As of macOS I've also heard of a way to get cert that can be used for non-profit purposes (as non-profit org or party I guess), so that could be it, but again I still have no Apple hardware and installing macOS outside of it (hackintosh, emulators etc.) feels like to be in gray zone when it comes to the legality. Consider even Microsoft providing free builds of Windows just made for the developers to test their applications in their OS on a VM. This is just how Apple is unfriendly towards the developers that are the userbase of another OSes, they want from devs to buy their hardware and stuff just to have some dev env for it. As of Linux, before I sign stuff, I need to learn how to do it first - most packages are signed with GPG for sure, but again there might be some required toolkits to embed the signature within the package. I might also need to do this as a Forge process, since Forge immediately publishes the packages to GitHub after creating them during the release process. So yes, signing there isn't that much straightforward when makers (in your scenario, I guess you might need to tinker with your distro and disable it as a workaround? I see reasons at enforcing package signing, for sure it's useful especially when installing stuff from repos since you usually don't verify the contents of each of the packages manually there in any way. For now I'll flag this as |
SpacingBat3
added
status:wontfix
|
A workaround is installing from terminal with these parameters (at least on openSUSE), until a signed package is provided: sudo zypper --no-gpg-checks install webcord-4.8.0-1.x86_64.rpm |
Acknowledgements
I have checked that there is no other issue describing the same or
similar problem that I currently have, regardless if it has been
closed or open.
This bug affects Discord website.
This issue is confirmed to be reproducible when WebCord is packaged
on at least all three latest supported Electron major releases.
This issue is reproducible in Chrome, Chromium or any
Chromium-based browser, e.g Brave or Edge (please write in
Additional Context which browser you have used if it is neither
Chrome nor unmodified Chromium).
There are no fixes done to
masterwhich resolves this issue.My issue describes one of the unstable and/or not fully implemented
features.
I have found a workaround to mitigate or temporarily fix this issue
in affected releases (please write it in Additional context section
below).
Operating System / Platform
🐧️ Linux
Operating system architecture
x64 (64-bit Intel/AMD)
Electron version
None
Application version
v4.8.0
Bug description
The RPM package for x68_64 cannot be installed because it is unsigned.
When trying to install Webcord, the package manager returns this error:
Sorry about the log in spanish, that means the package header needs to signed with GPG to be able install it. I'm not 100% sure but I think the following link contains how to fix this: https://www.redhat.com/sysadmin/rpm-gpg-verify-packages.
Thanks.
Additional context
System info
OS: openSUSE Tumbleweed x86_64
Kernel: 6.7.6-1-default
Resolution: 2560x1440
DE: Hyprland
CPU: AMD Ryzen 7 1700X (16) @ 3.400GHz
GPU: AMD ATI Radeon RX 5600 OEM/5600 XT / 5700/5700 XT
Memory: 3900MiB / 32016MiB
The text was updated successfully, but these errors were encountered: