To quickly summarize the various discussions regarding the availability of signal-cli as a mean to send alerts from the monitor (the ideas is not new), @mickael experimented the integration with SecureDrop and I explored options to package it.
Ideally it would be available in Debian GNU/Linux and Ubuntu but after a few weeks exploring this path, it cannot happen because the upstream is not amicable to the idea. We could package it on our own, of course, but that is a sizeable amount of work to chase upstream and even more difficult when it does not care to help when something as simple as tagging releases comes up.
@mickael experimented with the binary signal-cli package which contains about two dozen binary Java packages downloaded from maven. That allowed us to precisely identify which version of each library we need.
The only problem left to resolve is to be able to rebuild each java dependency from source so we have something reproducible instead of a set of binary blobs of unknown origins. I propose we build, upload to the docker hub and maintain a docker image. This docker image can then be installed on the monitor and used as if it was a command line, embedding all dependencies.
In terms of dependencies added to the monitor it would be:
- the docker engine
- the signal-cli image we build
What do you think ?