Release: Alpha.3

Teleghosts is now a standalone app independent from SimpleX-CLI!

Overview

We’re happy to announce the alpha.3 release that turns teleghosts into a standalone application. We moved from WebSocket APIs to FFI bindings and now we distribute teleghosts as an independent bundle that only needs a few stadnard Linux dependencies to launch. This solves all our concerns regarding inter-process communication security and opens up a great potential for optimizations as multiple teleghosts users can now be served within a single process. The only downside of this change is the new build workflow which became quite complicated, so now we offer reproducible builds via podman.

Help up test that builds are trully reproducible by cloning the repo and running the podman build. Follow the updated building from source code guide.

The other important change is the introduction of TEGHOST_PIN environment variable which helps to mitigate phishing attacks. Read the updated self-hosting guide to learn more about it.

Besides developing teleghosts during this month we also put a lot of time into research and internal engineering and we came to the conclusion that using Telegram Bot-API is not the way forward. The alpha.3 release turned teleghosts into a native SimpleX-Chat client, the next release will turn teleghosts into a native Telegram client!

Join our SimpleX group for reporting issues, getting help, providing suggestions, and general discussion.

Changelog

• Migrate to FFI bindings
• Configure reproducible builds via podman
• Remove --oracle mode from teleghosts. This will be a feature of teleghosts-server.
• Introduce TEGHOST_PIN env variable to mitigate phishing attacks
• Remove all code and configurations related to WebSocket setup.
• Slightly blur generated profile avatars to achieve anti-aliasing effect
• Media thumbnails are now blurred instead of being pixelated
• Improve error messages
• The min log level is changed to “INFO” for production builds

Release integrity verification

To verify the release you must have ssh-keygen installed

1. Download the release and the corresponding .sig file from the Downloads section below
2. Download the SSH allowed signers file
3. Ensure that the downloaded allowed signers file matches the .gitsigners file located in the code repository
4. Execute ssh-keygen -Y verify -n file -f ./allowed_signers -I teleghost-dev@nomail.brr -s teleghosts.tar.gz.sig < teleghosts.tar.gz
5. Unpack the teleghosts.tar.gz and run sha256sum ./teleghosts.. Ensure the check sum is the same as on the Releases page.

Downloads

• teleghosts-v1.0.0-alpha.3-linux-x86_64
• teleghosts-v1.0.0-alpha.3-linux-x86_64.sig