[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [Priority Support]

Can't install Electrum


#1

Hey, i just installed Whonix 14 and now I can’t install Electrum. I followed the instructions from the Whonix Wiki, but every time i try to run the final command to install Electrum this happens:

user@host:~$ sudo apt-get -t buster install electrum
Reading package lists… Done
Building dependency tree
Reading state information… Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
libkf5coreaddons5 : Breaks: libkf5auth5 (< 5.47) but 5.28.0-2 is to be installed
Breaks: libkf5globalaccel-bin (< 5.47) but 5.28.0-1 is to be installed
libkf5crash5 : Breaks: libkf5globalaccel-bin (< 5.47) but 5.28.0-1 is to be installed
E: Error, pkgProblemResolver::Resolve generated breaks, this may be caused by held packages.

I’m quite new to Linux so i don’t really know what to do. I hope you guys can help me out.


#2

Hi berto

Hold of on using those instructions as resolveing the dependency problem will likely break your Whonix-Workstation VM.

I’ll working on trying to find a solution :wink:


#3

I installed it following the instructions on the electrum website:

Install dependencies:
sudo apt-get install python3-setuptools python3-pyqt5 python3-pip

Install Electrum:
sudo pip3 install https://download.electrum.org/3.2.2/Electrum-3.2.2.tar.gz

#4

Bad. -> https://www.whonix.org/wiki/Install_Software#Avoid_Third_Party_Package_Managers


#5

What is the danger? If i install Electrum following the instructions from the electrum website is it possible for electrum to connect to bitcoin node directly, and not using the tor network?


#6

pip is a third party package manager. Referenced on https://www.whonix.org/wiki/Install_Software#Avoid_Third_Party_Package_Managers. Did you read https://www.whonix.org/wiki/Install_Software#Avoid_Third_Party_Package_Managers? Since it explains exactly that. It even names pip.


#7

I asked a specific question which is not answered in the documentation. And i don’t see other option, at the moment, for installing electrum except using pip.


#8

Indeed.

My previous answer was only addressing your question “What is the danger?”. In short: by resorting to unsafe practices the probability increases of a system compromise which increases chances for being completely surveillance, loosing all data, loosing all coins. What you make out of the security advice is of course up to you.


#9

Thank you guys! Maybe I’ll install electrum using pip, but I’m not quite sure about it.

`


#10

Indeed, there is not a clear and secure way to install Electrum. However, there is still a secure way to accomplish it which is not so difficult.

  1. Get packages from apt:
$ sudo apt-get install python3-setuptools python3-pyqt5 python3-pip
  1. Scroll down to “Sources” section and download tar.gz and sig:
$ curl -O "https://download.electrum.org/3.2.2/Electrum-3.2.2.tar.gz" -O "https://download.electrum.org/3.2.2/Electrum-3.2.2.tar.gz.asc"
  1. Retrieve ThomasV’s key from keyservers or Github.
$ gpg --recv-keys 6694D8DE7BE8EE5631BED9502BD5824B7F9470E6
gpg: key 0x2BD5824B7F9470E6: public key "Thomas Voegtlin (https://electrum.org) <thomasv@electrum.org>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:               imported: 1
  1. Verify downloaded source code:
$ gpg --verify Electrum-3.2.2.tar.gz.asc Electrum-3.2.2.tar.gz
gpg: Signature made Mon 02 Jul 2018 07:12:08 AM UTC
gpg:                using RSA key 0x2BD5824B7F9470E6
gpg: Good signature from "Thomas Voegtlin (https://electrum.org) <thomasv@electrum.org>" [unknown]
gpg:                 aka "ThomasV <thomasv1@gmx.de>" [unknown]
gpg:                 aka "Thomas Voegtlin <thomasv1@gmx.de>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 6694 D8DE 7BE8 EE56 31BE  D950 2BD5 824B 7F94 70E6
  1. At this point you can install with pip3 from your verified souce:

$ sudo pip3 install Electrum-3.2.2.tar.gz

See patrick’s comment below for why pip is insecure, even with a verified source.

you can extract and run from the source folder:

$ tar xf Electrum-3.2.2.tar.gz 
user@host:~$ cd Electrum-3.2.2/
user@host:~/Electrum-3.2.2$ ./electrum -v

or you can copy/link the electrum executable to somewhere in your $PATH, like /usr/local/bin.

Enjoy. :slight_smile:


#11

Security issue: At that stage electrum does tons of downloads of third party libraries. I don’t think software signatures are verified.


Status: Draft

Related:
https://www.whonix.org/wiki/Warning#Always_Verify_Signatures


#12

You are right, starts pulling other packages over pip. I edited my steps above accordingly.


#13

Hi everyone!

The Whonix wiki Electrum documentation has been updated. Anyone that would like to install Electrum in Whonix 14 can find the the instructions here:


Cannot install Electrum on fresh Whonix install
#14

First of all thanks for the update. The installation worked fine, but somehow i can’t start the application.


#15

Hi berto

Can you try using the konsole to start electrum?

In Whonix-Workstaton konsole, run.

electrum


#16

It worked!
Thank you 0brand.


#17

More reasons to be cautious of third party package managers: a JS dependency used in many cryptocurrency wallets was used to inject malware, steal funds.

One positive outcome is that other projects are now reviewing their own policies and security practices regarding third party package managers.


#18

Isn’t it better to follow @qubenix instructions above rather than to install from Debian testing? I think they are simpler as well.

packages in testing or unstable can have hidden bugs, security holes etc. Moreover, some packages in testing and unstable might not be working as intended.


#19

sudo pip3 install Electrum-3.2.2.tar.gz

Security issue: At that stage electrum does tons of downloads of third >party libraries. I don’t think software signatures are verified.

More reasons to be cautious of third party package managers: a JS dependency used in many cryptocurrency wallets was used to inject malware, steal funds.

https://github.com/dominictarr/event-stream/issues/116
https://github.com/bitpay/copay/issues/9346

One positive outcome is that other projects are now reviewing their own policies and security practices regarding third party package managers.

https://github.com/spesmilo/electrum/issues/4874


#20

Did you notice he revised his instructions? they do not include pip anymore.

Those revised instruction are preferable in my opinion to installing from Debian Testing. If I’m wrong I’d like to know why. The tar file is verified with the signature before used. Similar to verifying Whonix’s ova before importing them to VirtualBox.