Update zoom.tar.xz to 5.17.1.1840

[flathubbot]

🤖 This pull request was automatically generated by flathub/flatpak-external-data-checker. Please open an issue if you have any questions or complaints. 🤖

[flathubbot]

Started test build 90035

[flathubbot]

Build 90035 successful To test this build, install it from the testing repository:

flatpak install --user https://dl.flathub.org/build-repo/72716/us.zoom.Zoom.flatpakref

[nedrichards]

bot, build

[flathubbot]

Queued test build for us.zoom.Zoom.

[flathubbot]

Started test build 90614

[flathubbot]

Build 90614 successful To test this build, install it from the testing repository:

flatpak install --user https://dl.flathub.org/build-repo/73295/us.zoom.Zoom.flatpakref

[xqqp]

bot, build

[flathubbot]

Queued test build for us.zoom.Zoom.

[flathubbot]

Started test build 91036

[flathubbot]

Build 91036 successful To test this build, install it from the testing repository:

flatpak install --user https://dl.flathub.org/build-repo/73716/us.zoom.Zoom.flatpakref

[pgoodall]

FWIW, the latest build crashes on my laptop. Please let me know if you need the crash info.

[muelli]

thanks for testing! It really helps assuring we don't ship broken stuff.

[takluyver]

Yup, I also see a crash on launch, the same as PR #427 (zoom.real killed by SIGTRAP).

I think I remember that Zoom (or organisations using it) enforces a minimum client version connecting to the server, so at some point the older working version will stop working. I don't know when that will happen, but I thought I'd try investigating what's going on.

A backtrace on the coredump didn't get me very far (though it hinted that libcef might be involved). I presume because we're repackaging a pre-built Zoom, there are no debug symbols to reference it against.

I found a file ~/.zoom/logs/zoom_stdout_stderr.log, into which stdout & stderr are redirected for the main zoom command. This is what it contains for one crashing run:

Stdout & stderr log

``` ZoomLauncher started. Zoom path is: /app/extra/zoom cmd line: Start subprocess: /app/extra/zoom/zoom sucessfully, process pid: 47 Can't load/home/takluyver/.config/zoomus.conf sh: line 1: pacmd: command not found [57 preload-host-spawn-strategy] Warning: waitpid override ignores groups [57 preload-host-spawn-strategy] Warning: waitpid override ignores groups [57 preload-host-spawn-strategy] Warning: waitpid override ignores groups Class App Lib Possible Culprit Flags resip::Connection 656 656 resip::Data 36 36 resip::DnsResult 1080 1080 resip::Headers 1 1 resip::MsgHeaderScanner 40 40 resip::SipMessage 5224 5224 resip::TransportSelector 896 896 resip::Tuple 128 128 resip::UdpTransport 1144 1144 resip::GenericIPAddress 28 28 zoom started. [71 zypak-sandbox] Failed to send spawn request to supervisor: Bad file descriptor (errno 9) [0103/175848.009051:FATAL:zygote_host_impl_linux.cc(201)] Check failed: . : Operation not permitted (1) sh: line 1: pacmd: command not found Class App Lib Possible Culprit Flags resip::Connection 656 656 resip::Data 36 36 resip::DnsResult 1080 1080 resip::Headers 1 1 resip::MsgHeaderScanner 40 40 resip::SipMessage 5224 5224 resip::TransportSelector 896 896 resip::Tuple 128 128 resip::UdpTransport 1144 1144 resip::GenericIPAddress 28 28 zoom started. zoom was exited due to a handled signal: 5 ZoomLauncher exit. ```

Then I also found it was writing to ~/.zoom/data/cefcache/cef.log, one line like this on each launch/crash:

[0103/182242.425213:FATAL:zygote_host_impl_linux.cc(201)] Check failed: . : Operation not permitted (1)

So that sounds like something is failing with EPERM. strace-ing zoom shows only one operation getting that error:

clone(child_stack=0x7ffe461a69a0, flags=CLONE_NEWUSER|SIGCHLD) = -1 EPERM (Operation not permitted)

Snippet from clone man page on EPERM

``` EPERM CLONE_NEWUSER was specified in the flags mask, but either the effective user ID or the effective group ID of the caller does not have a mapping in the parent namespace (see user_namespaces(7)). EPERM (since Linux 3.9) CLONE_NEWUSER was specified in the flags mask and the caller is in a chroot environment (i.e., the caller's root directory does not match the root directory of the mount namespace in which it resides). ```

It looks like Chromium (CEF) is trying to set up some sandboxing of its own, and can't do that inside the Flatpak sandbox. AIUI, Zypak is meant to fix this, but it must be going wrong somewhere. This issue looks like it's describing a similar scenario: https://github.com/refi64/zypak/issues/14

That's all I've got time for just now; I hope it provides a starting point for someone who understands this stuff better to fix it. :slightly_smiling_face:

[takluyver]

I did a bit more digging, and I guess Zoom 5.17 has a newer version of Chromium, which needs a recent-ish fix in Zypak:

https://github.com/refi64/zypak/commit/c7daf0cc5b82eb5f63a1665cf7d72ff267100690

There hasn't been a new release tag of Zypak since then (I've made an issue to ask for one), so the version this Flatpak gets through org.electronjs.Electron2.BaseApp doesn't yet have that fix. If a new tag doesn't turn up soon, we could rebuild Zypak from the latest commit.

Once that's done, I think we'll also need to set the ZYPAK_CEF_LIBRARY_PATH environment variable.

---

It's amazing that Zypak works, but awful that so many apps - most apps using Electron or CEF, I think - have to rely on a fragile workaround, using LD_PRELOAD tricks to let Chromium start its sandbox inside Flatpak. In the longer term, it would be really helpful if Chromium worked with Flatpak's sandboxing without the need for Zypak.

[nedrichards]

Resolved in https://github.com/flathub/us.zoom.Zoom/pull/440