#+TITLE: Chrooting zoom on linux #+SHORT-TITLE: zoom #+TOC-KEYWORDS: linux #+KEYWORDS: linux, chroot #+DESCRIPTION: chrooted zoom in Debian #+BEGIN(menu):left [[toc][]] #+END * Introduction Back in 2000s, Skype was a good program with linux support until Microsoft bought it. At that time Microsoft was aggressively trying to defend its monopoly by killing linux, so eventually Skype stopped supporting linux. Since the pandemic many people use [[https://zoom.us/][zoom]] so it makes sense to install it on my linux laptop. However, I do not trust [[https://zoom.us/][zoom]] and its creators; I suspect that it may work as a spyware with numerous vulnerabilities allowing unauthorized access to my data. [[https://www.youtube.com/watch?v=kJOvr96Wwko][They say]], [[https://jami.net/][jami]] is an alternative to skype and [[https://zoom.us/][zoom]] but even if [[https://jami.net/][jami]] is better, still everyone has to use whatever schools and corporations choose. Below I share my experience on installing [[https://zoom.us/][zoom]] on Debian. (Note that [[https://www.microsoft.com/en-us/microsoft-teams/group-chat-software][MS teams]] refused to start after I tried to install it using the same approach.) *:max-width=65ex Creating the sandbox The purpose of the sandbox is to prevent unauthorized access to my files. All my sandboxes are stored in [[src:\/mnt\/sandbox\/]]: #+BEGIN(src):root shell mkdir -p /mnt/sandbox/zoom #+END Installing [[https://www.debian.org/releases/buster/][Debian Buster]] (somewhat obsolete, but working): #+BEGIN(src):root shell chgrp -R tmp /mnt/sandbox chmod a+rx /mnt /mnt/sandbox debootstrap buster /mnt/sandbox/zoom mkdir /mnt/sandbox/zoom/home/shalaev chown shalaev.shalaev /mnt/sandbox/zoom/home/shalaev #+END where in my linux configuration the group [[src:tmp]] prevents backups, and [[src:shalaev]] is my user- and group name. * Configuring schroot Here is my zoom configuration: #+BEGIN(src):/etc/schroot/schroot.conf [zoom] description=debian created under chroot type=directory directory=/mnt/sandbox/zoom profile=buster users=shalaev groups=shalaev root-groups=root #+END #+BEGIN(src):/etc/schroot/buster/copyfiles /etc/resolv.conf #+END #+BEGIN(src):/etc/schroot/buster/fstab /proc /proc none rw,bind 0 0 /sys /sys none rw,bind 0 0 /dev /dev none rw,bind 0 0 /dev/pts /dev/pts none rw,bind 0 0 /run /run none rw,bind 0 0 #+END #+BEGIN(src):/etc/schroot/buster/nssdatabases passwd shadow group gshadow services protocols networks hosts #+END *:max-width=100ex Installing zoom inside chroot Assuming that we have already downloaded [[https://zoom.us/][zoom]] into [[src:\~/Downloads/]]: #+BEGIN(src):root shell mkdir -p /mnt/sandbox/zoom/{srv/local-apt-repository,var/lib/local-apt-repository} mv ~shalaev/Downloads/zoom_amd64.deb /mnt/sandbox/zoom/srv/local-apt-repository/ schroot -c zoom -u root --directory / #+END Then, inside an schroot shell, we install [[https://packages.debian.org/buster/local-apt-repository][local-apt-repository]] which will allow us to treat [[https://zoom.us/][zoom]] as if it was part of the Debian repository: #+BEGIN(src):chroot root shell apt-get install aptitude local-apt-repository /usr/lib/local-apt-repository/rebuild #+END Now we can install [[https://zoom.us/][zoom]] using [[src:aptitude]] or [[src:apt-get]] or any other package manager: #+BEGIN(src):chroot root shell aptitude update aptitude install zoom #+END The last command will install all the necessary dependencies. Note that [[https://zoom.us/][zoom]] requires [[https://wiki.archlinux.org/title/PulseAudio][pulse audio]]. (I am annoyed by that because I do not need more functionality than [[https://wiki.archlinux.org/title/ALSA][ALSA]] provides, and [[https://wiki.archlinux.org/title/PulseAudio][pulse audio]] is less stable than [[https://wiki.archlinux.org/title/ALSA][ALSA]].) * Starting the zoom session (Note that we do not need root privileges any more.) #+BEGIN(src):shell schroot -c zoom -d ~ #+END #+BEGIN(src):chroot shell export DISPLAY=:0 zoom #+END Do not forget to quit [[https://zoom.us/][zoom]] as well as the chroot session when you are done with it.