Sandboxed releases prevent startup on some linux distributions

[lucmp]

I tried the AppImage first. It won't run. Nothing happens. No output on the command line. Nothing. Yes, I made it executable. I have run AppImage packages before.

Then I tried the .deb installer. It installs partially:

# dpkg -i Vieb_0.2.1_amd64.deb 
Selecting previously unselected package vieb.
(Reading database ... 262685 files and directories currently installed.)
Preparing to unpack Vieb_0.2.1_amd64.deb ...
Unpacking vieb (0.2.1) ...
Setting up vieb (0.2.1) ...
ln: failed to create symbolic link '/usr/local/bin/vieb': No such file or directory
dpkg: error processing package vieb (--install):
subprocess installed post-installation script returned error exit status 1
Processing triggers for gnome-menus (3.13.3-9) ...
Processing triggers for desktop-file-utils (0.23-1) ...
Processing triggers for mime-support (3.60) ...
Processing triggers for hicolor-icon-theme (0.15-1) ...
Errors were encountered while processing:
 vieb

Then I found it in /opt. I ran it from the command line and nothing happened again. Not even some output. At all.

[Jelmerro]

Do other electron apps made with electron-builder work as expected on your system? I think that https://github.com/meetfranz/franz uses electron-builder as well, maybe you could try their latest appimage and deb to test if that's the problem.

Aside from that, it could be a Vieb 0.2.1 issue, there is a new release you could try out.

[Jelmerro]

Alternatively you could try to run it using npm install and npm start to see if that works, or try to build it yourself using the build.js script.

There are two other linux releases of Vieb you could try, the tar.gz is the portable generic linux executable or you could try the snap package.

[lucmp]

Same problems with 0.2.2, both .deb and AppImage.
The franz application works.
I don't know what npm is.

[lucmp]

The tar.gz portable generic linux executable fails, too. Nothing happens at all.
I don't know what a snap package is and how to use it, but three formats fail already. Something is wrong.
Is it supposed to run on Debian Stretch? Does it have any "future" dependency that shouldd only be available in "testing" or "unstable"?

[Jelmerro]

Something is wrong, agreed. I'll try to install it in a debian VM to see if that works as excepted. It might be a dependency issue.

[Jelmerro]

This seems to be a known issue with electron 5, as they have enabled sandboxing by default.

See:

• The SUID sandbox helper binary was found, but is not configured correctly electron/electron#17972
• Packaging Electron v5 with sandbox (linux) electron-userland/electron-builder#3872

For now you could try starting the portable application like this:
./vieb -no-sandbox that worked inside a fresh debian stable VM.
Keep in mind that Vieb incorrectly assumes that arguments with a single - are url's, which I have opened a new issue for here #21.
Alternatively, https://wiki.archlinux.org/index.php/Linux_Containers#Enable_support_to_run_unprivileged_containers_(optional) seems to have a workaround for the current session using the following command: sudo sysctl kernel.unprivileged_userns_clone=1, after which you should be able to start Vieb as well.

I'll try to find a way to fix this for Vieb, but I think this should ideally be fixed by electron or electron-builder.

[Jelmerro]

After using the workaround mentioned on the arch wiki, both the appimage and portable executable worked as expected, and I successfully installed the .deb using these commands afterwards:

sudo dpkg -i Vieb_0.2.2_amd64.deb
sudo apt-get -f install
sudo dpkg -i Vieb_0.2.2_amd64.deb

Though there might be a more efficient way to install .debs I'm not familiar with.

[thomasnordquist]

The initial comment provides a workaround to disable the sandbox for linux builds.
electron-userland/electron-builder#3872

[Jelmerro]

I don't believe I'm allowed to integrate or modify your code due to the license of MQTT-Explorer, maybe I will try to come up with my own implementation in the future (or an implementation somebody else contributes to Vieb).

Aside from that, it's still a workaround (although definitely a better one) and not a proper solution I think. So for now I will wait a bit if the electron-builder contributors decide to fix this.

See these links for CC-BY-ND incompatibility explanations:

• https://creativecommons.org/faq/#can-i-apply-a-creative-commons-license-to-software
• http://www.gnu.org/licenses/license-list.en.html#CC-BY-ND

[thomasnordquist]

@Jelmerro it was simply meant as a reference.
But yeah the license is crappy 😅

[Jelmerro]

I have considered many options over the past month, but they mostly come down to these two:

• Disable sandboxing for all linux distributions, using the example @thomasnordquist provided. This means even unaffected distributions will not have sandboxing enabled. Choosing specific builds to disable sandboxing is not an option, because the portable archive should run on any distro.
• Accept that unprivileged containers are intentionally disabled on some distributions and include a note how to enable them. This means user actions are required before starting, but it won't impact the unaffected distributions. Even affected systems can still run the sandboxed builds this way.

For Vieb I have chosen the second option. From now on, builds on the releases page will include a small note for linux users, that unprivileged containers are required. This way no compromises have to be made for unaffected systems.

I have tested the example from the arch wiki inside a VM with success, which is why I consider this specific issue closed. If you are still having problems starting Vieb after making sure that these type of containers are enabled on your system, please feel free to make a new issue for it.