Package Details: skypeforlinux-stable-bin 8.56.0.103-1

Git Clone URL: https://aur.archlinux.org/skypeforlinux-stable-bin.git (read-only, click to copy)
Package Base: skypeforlinux-stable-bin
Description: Skype for Linux - Stable/Release Version
Upstream URL: http://www.skype.com
Keywords: skype
Licenses: custom
Conflicts: skype, skypeforlinux, skypeforlinux-beta-bin, skypeforlinux-bin, skypeforlinux-preview-bin
Provides: skype, skypeforlinux
Submitter: bulletmark
Maintainer: bulletmark
Last Packager: bulletmark
Votes: 208
Popularity: 8.44
First Submitted: 2018-01-11 03:56
Last Updated: 2020-01-31 08:03

Pinned Comments

bulletmark commented on 2018-02-15 12:21

Please don't post here (or on any other AUR packages) about out of date versions. Use the "Flag package out-of-date" link at the top. Also, BEFORE flagging this package out of date please check that it has not already been updated here to the new version.

Note that AUR package skypeforlinux-stable-bin is the version Microsoft release as their "stable" version. AUR package skypeforlinux-preview-bin is the version Microsoft release as their preview version and is always a later version than the stable version. PLEASE DO NOT FLAG THE STABLE VERSION OUT OF DATE WITHOUT UNDERSTANDING THIS!

Latest Comments

« First ‹ Previous 1 2 3 4 5 6 7 8 ... Next › Last »

zeroxfourc commented on 2019-08-19 14:13

@vasya That's definitely a much better solution. I'd suggest to use a bit more intuitive names though, like skypeforlinux-sandbox for the dependency and skypeforlinux-sandbox-default and skypeforlinux-sandbox-chromium for the packages providing it.

In fact, one would probably have to make separate packages for the stable and preview versions' sandboxes and then have skypeforlinux-sandbox-chromium provide them both in case there's some incompatibility.

vasya commented on 2019-08-19 13:59

@zeroxfourc one other alternative that I can think:

  • make skype depend on skype-suid.
  • create package skype-use-chromium-suid which provides skype-suid, depends on chromium and installs just a symlink.
  • create a package skype-native-suid which provides skype-suid and takes the suid from skype binaries themselves.

This requires creating 2 more packages though (maybe one if skype-native-suid would be made a split package). But it'll remain valid even when packages are installed/removed, presuming dependencies are still satisfied.

By the way, shameless plug: AUR helper named "rua" can detect SUID for you, so you have more trust/understanding of what you install. https://github.com/vn971/rua once the PR-s get merged, there is support for upstream diffs and split package support as well. Feel free to comment/ask on corresponding package.

zeroxfourc commented on 2019-08-19 13:31

@bulletmark @vasya I had a go at making a .install file:

post_install() {
    if [[ -e /usr/lib/chromium/chrome-sandbox ]]; then
        mv /usr/share/skypeforlinux/chrome-sandbox /usr/share/skypeforlinux/.chrome-sandbox
        ln -s /usr/lib/chromium/chrome-sandbox /usr/share/skypeforlinux/chrome-sandbox
        echo
        echo "==> The Skype-provided chrome-sandbox binary has been replaced"
        echo "==> with the one from the chromium package, as it is a potential"
        echo "==> security risk. To restore the original chrome-sandbox binary,"
        echo "==> run the following commands as root:"
        echo "==>"
        echo "==> cd /usr/share/skypeforlinux"
        echo "==> mv .chrome-sandbox chrome-sandbox"
        echo "==> chmod 4755 chrome-sandbox"
        echo
    else
        chmod 4755 /usr/share/skypeforlinux/chrome-sandbox
        echo
        echo "==> The Skype-provided chrome-sandbox binary is a potential security"
        echo "==> risk. It's possible to replace it with the one from the chromium"
        echo "==> package, to do this install the chromium package and run the"
        echo "==> following commands as root:"
        echo "==>"
        echo "==> cd /usr/share/skypeforlinux"
        echo "==> mv chrome-sandbox .chrome-sandbox"
        echo "==> ln -s /usr/lib/chromium/chrome-sandbox chrome-sandbox"
        echo
    fi
}

post_upgrade() {
    post_install
}

zeroxfourc commented on 2019-08-19 12:53

@vasya @bulletmark I just tried launching Skype with Chromium's sandbox and it worked. Maybe the package should have Chromium as an optdepend and a .install file that symlinks its sandbox into place if it exists and prints instructions on how to undo that if it would stop working? It would be really hacky but I'm really not comfortable giving Microsoft-compiled binaries root access on my machine.

vasya commented on 2019-08-19 12:12

@bulletmark, by the way, could you please fix some styling warnings from shellcheck: while read f; to become while read -r f; and cp $f ${f//@2x/} to become cp "$f" "${f//@2x/}" ? Makes it a bit more convenient to understand the PKGBUILD.

vasya commented on 2019-08-19 12:02

@bulletmark, interesting, thanks for the explanation. Skype also apparently fails to work without the namespace sandbox. If launched with --no-sandbox (as suggested in the logs by underlying chromium), it just silently exits.

One solution that might work is to replace skype-s sandbox with chromium one:

ln -sf /usr/lib/chromium/chrome-sandbox /usr/share/skypeforlinux/chrome-sandbox

That would require having chromium installed locally though. Too bad people try to push their own SUID things instead of consolidating on something like bubblewrap.

bulletmark commented on 2019-08-19 11:10

@vasya, I made that change to fix the issue reported at https://aur.archlinux.org/packages/skypeforlinux-preview-bin/#comment-703243 as per the error message. What do you suggest instead?

vasya commented on 2019-08-19 10:39

One of the latest changes gives root trust to skype (!!!): https://aur.archlinux.org/cgit/aur.git/commit/?h=skypeforlinux-stable-bin&id=642c867235e8

Is it really anywhere sane to do so? What happens without the SUID?

bulletmark commented on 2019-08-17 23:05

@melentye, are you sure it is not starting? The preview version had a bug for the 2 previous to last versions where it ignored the "start in background" setting and always started in background regardless. That bug was fixed in the latest preview version but it appears is now in the stable version.

melentye commented on 2019-08-17 17:59

8.51.0.72-1 doesn't seem to work for me: silently fails to start. Downgrading to 8.50.0.38-1 brings things back to normal.