site  contact  history  index

Rolled back to gtk2 version of yad

September 15, 2021 — BarryK

EasyOS is staying with the gtk2 version of 'gtkdialog', in fact, I am hanging onto gtk2 apps indefinitely.

Today it was brought to my attention that 'yad', as compiled in OpenEmbedded, is linked with gtk3. There are some issues, for example here:

It was a pleasant surprise that although yad now links with gtk3. the gtk2 version is still maintained, for Fatdog64:

So, I have created a recipe for it in my EasyOS layer in OpenEmbedded, and named the package 'yad0'. Compiled it for amd64 and aarch64, and changed the package-list in woofQ to build with 'yad0' instead of 'yad'.

The maintainer is "step-", don't know who that is. Will have to send him/her a message that his/her maintenance project is now in EasyOS, from version 3.0.   

Tags: easy

Chromium SFS runs as user chromium in EasyOS 3.0

September 15, 2021 — BarryK

Yay, works great!

I downloaded one of peebee's Chromium SFSs, and copied the contents to a folder named 'chromium_93.0.4577.63-bk1_amd64'. I changed usr/lib64 to usr/lib, usr/bin/chromium to a symlink to usr/lib/chromium/chromium, and made sure that usr/share/pixmaps/chromium.png (48x48) exists. Then ran 'dir2sfs':

# dir2sfs chromium_93.0.4577.63-bk1_amd64

...this has to be done in EasyOS 3.0, which is not yet released.

A few GUI windows popup, including asks if want to default to run chromium as a non-root client -- I clicked the "YES" button, and a SFS was created. Copied it to /mnt/wkg/sfs/easyos/oe/dunfell, then from the menu "Filesystem -> Easy BootManager", chose to add the Chromium SFS at bootup. Then rebooted.

Some notes, with pictures, on using 'dir2sfs' can be found here:

...though in this case we aren't interested in the container parts of that page.

After rebooting, looked in /clients:


And looked in /clients/chromium:


...Chromium will only be able to save files inside /clients/chromium, and defaults to /clients/chromium/Downloads.

I chose "Internet -> Chromium web browser" from the menu, and Chromium works. Chromium can also be launched by typing "chromium" in a terminal window, or by clicking on the icon in the above window.

I haven't checked, but sc0ttman's "Default Applications Chooser" is in the "Setup" menu, and it should be possible to choose Chromium as the default web browser, so when you click on the "www" icon on the desktop, Chromium will run.

This is good. For those who haven't followed earlier blog posts, this has nothing to do with containers. Chromium SFS is running on the main desktop, as non-root user 'chromium' and group 'chromium'. This provides excellent security.

However, Chromium could also be run in a container, and I will investigate this next.

The Chromium SFS requires EasyOS 3.0 or later, so those who are keen to use Chromium in the Dunfell-series will have to wait a little while! It will of course be available via the "sfsget" icon on the desktop.    

Tags: easy

Infrastructure in place to run each app as a separate user

September 14, 2021 — BarryK

The 'spot' user was broken in EasyOS, for the situation in which a password is entered at bootup and folders in the working-partition are encrypted. After some experimenting and lucky guesses, this problem was solved, see previous blog post:

I have now embarked on a significant change in how EasyOS works: run any app that accesses the Internet as a non-root user. Not 'spot', but each app will run as its own user.

I got this idea a couple of years ago, when reading how Android works. This is how Android works, each app runs as a separate user. This then can be the basic mechanism for access permissions. For example, if file /etc/group has a group for "camera", like this:


...on the end is a comma-delimited list of users allowed to access the "camera" group.

Running an app as a non-root user also means that it can't write just anywhere in the filesystem, can be constrained to only write in its own home folder. And if required, can be prevented from reading critical files.

Of course Easy already has "crippled root" in containers, so running, say, SeaMonkey, on the main desktop as a non-root user would have to be seen as an alternative security strategy. SeaMonkey will run a little bit faster, and won't have the issues that some people have reported with running SM in a container, such as problem with network connectivity.

If each app is run as its own user, this means that EasyOS can implement a permissions management GUI like in Android. Like, do you want this app to be able to access the camera, network, audio, folders outside the "home" folder? ...etc.

So, have started to setup the infrastructure to support this. The idea is that top-level /clients folder will have these non-root users, though I would like to refer to them as "clients".

WoofQ is now defaulting to run SeaMonkey as a client. That is, it will run as user "seamonkey" and group "seamonkey". So, in woofQ, have built EasyOS, and running it, this is what is seen under /clients folder:


...'rover' and 'zeus' were experiments, they may get removed. 'spot' is deprecated, may also get removed.

The idea is that each client app will have a folder under /clients, which is actually the home-folder for that app. Clicking on 'seamonkey' will show what that client has to "offer":


The 'Downloads' folder is SeaMonkey's default file download and open location. Clicking on the 'seamonkey' icon will run SeaMonkey. I don't know what 'Desktop' folder is for, SeaMonkey created that automatically.

Of course, SM can still be launched in the usual way, from the "www" icon on the desktop, or via the menu. And it will run as a client, that is, as user 'seamonkey'.

As before, SeaMonkey can be changed to run either as a root user, or client 'seamonkey', via the menu "System -> Login & Security Manager". Just like before, with 'spot'.

There is a file that shows what apps are running as a client, it is file /root/.clients-status. Here it what it has on my currenly running EasyOS:


Which means that SM will run as a client. If it had "seamonkey=false", or seamonkey completely missing from the file, then SM will run as root. The "Login & Security Manager" writes to this file.

Scripts for client management are now grouped under /usr/local/clients. WoofQ runs one of these, 'setup-client', when building EasyOS, if it is chosen to run SM as a client. The main thing that the script does is create a special script for running SM, /usr/bin/seamonkey (and the original is renamed to seamonkey.bin). Here is the script:

[ -f /clients/seamonkey/.mozilla/seamonkey/a2bvafqx.default/places.sqlite ] && ln -snf /usr/lib/seamonkey/seamonkey /usr/bin/seamonkey.bin
#script to run $APPbin as a client...
if [ $1 ];then
while [ "$1" ]
#do not put quotes around if a single word. example is "-edit" for seamonkey, the quotes stuff it up entirely...
if [ "${1/ /}" == "${1}" ];then
ARGS="${ARGS} ${1}"
ARGS="${ARGS} \"${1}\""

if [ $(id -u) -ne 0 ]; then
exec "$APPbin" $ARGS
#if inside a container, do not run as client...
if [ -f /INSIDE_* ];then
exec "$APPbin" ${ROOTOPTS} ${ARGS}

#this is a method to authorize x server to run by user. works when server running.
#note: this setting does not seem to be stored in a file. it affects the currently
# running x server and will be lost when x quits.
ALLOWflg="$(xhost | grep -o ":${APPname}$")"
if [ ! "$ALLOWflg" ];then
xhost +SI:localuser:${APPname}

[ $XAUTHORITY ] && cp $XAUTHORITY -f /clients/${APPname}/.Xauthority 2>/dev/null
touch /clients/${APPname}/.Xauthority
#following line is mostly there to catch any root:root files that may have got copied in...
chown -R ${APPname}:${APPname} /clients/${APPname} &
sleep 0.1
export XAUTHORITY=/clients/${APPname}/.Xauthority
export XDG_CONFIG_HOME=/clients/${APPname}/.config
export XDG_CACHE_HOME=/clients/${APPname}/.cache
export XDG_DATA_HOME=/clients/${APPname}/.local/share

#20210912 need to allow write inside encrypted fs...
which keyctl >/dev/null
if [ $? -eq 0 ];then
IDflg="$(grep -o " logon " /proc/keys)"
if [ "$IDflg" ];then
exec su -l ${APPname} -s /bin/sh -c "DISPLAY=${DISPLAY} /usr/local/clients/run-client-indirect \"$APPbin\" $ARGS"
exec su -l ${APPname} -s /bin/sh -c "DISPLAY=${DISPLAY} \"$APPbin\" $ARGS"

This is the content of /usr/local/clients/run-client-indirect:

#when running in fscrypt encrypted folder, need to run this so as
#to enable write-permission when logged into a non-root client.

APP="$1"; shift
#[ $1 ] && while [ "$1" ]; do ARGS="$ARGS \"$1\""; shift; done
if [ $1 ];then
while [ "$1" ]
#do not put quotes around if a single word. example is "-edit" for seamonkey, the quotes stuff it up entirely...
if [ "${1/ /}" == "${1}" ];then
ARGS="${ARGS} ${1}"
ARGS="${ARGS} \"${1}\""

ID="$(grep " logon " /proc/keys | head -n 1 | cut -f 1 -d " ")"
if [ "$ID" ];then
keyctl link 0x${ID} @us #link fscrypt key to user-session.

exec ${APP} ${ARGS}

Have posted these technical details for whoever is interested, but from the user perspective, you just want it to work, and be easy to use.

Well, it should be easy. SeaMonkey works as normal, except that cannot save files outside its home, /clients/seamonkey. Not by default anyway.

By means of the "Login & Security Manager", you should be able to select any app to run as a client.

Testing with SeaMonkey, all is good, except for the Composer module. I use this regularly, and want to be able to edit html files anywhere. Not quite sure how to handle this -- might setup SeaMonkey-Composer to run as root only.

There are some issues to resolve, so it will be awhile before the next release. It is likely that the next release of EasyOS will have a version bump to 3.0.

I have got Chromium SFS running as a non-root user. This was a problem, see earlier posts. Will probably have it default to run as a client, so there will be a folder /clients/chromium, just like have for SM.

So, what to choose? Do you run SM as a client on the main desktop, or as "crippled root" in a container. Or... this is a possibility, run SM as a non-root client inside a container -- I don't yet know if that will work, but it sure would be the ultimate in security.  

Tags: easy

Fscrypt now works in user spot

September 12, 2021 — BarryK

Continuing from yesterday:

Analysed it a bit more. In the 'init' script in the initrd, /proc is getting mounted like this:

mount -o hidepid=1 -t proc none /proc #20210407

That "hidepid=1" is a security feature, which seemed like a good idea at the time. I think a repercussion is, when login as spot, it won't see all of root's /proc.

To get around this, I have created a new group, in /etc/group:


Then I changed the mounting of /proc in the 'init' script:

mount -o hidepid=1,gid=118 -t proc none /proc #20210407 20210912

...this disables the "hidepid=1" for any users belonging to group "fscryptgrp".

I now have fscrypt working, but had to do a few more things... writing it down here, as just got it working, and want to record exactly what I did! Here we go...

As root, did this:

# keyctl show
Session Keyring
5898855 --alswrv 0 65534 keyring: _uid_ses.0
382717390 --alswrv 0 65534 \_ keyring: _uid.0
448736447 --alsw-v 0 0 \_ logon: ext4:6db5ac6afa4a5042
# keyctl setperm 448736447 0x3f3f3f3f
# keyctl chgrp 448736447 118

...I don't know if changing the permissions to "0x3f3f3f3f", which means everything enabled, is necessary.

Now login as spot:

# su -l spot
# cat /proc/keys
02547b7e I--Q--- 1 perm 1f3f0000 502 65534 keyring _uid_ses.502: 1
1abf2cbf I--Q--- 1 perm 3f3f3f3f 0 118 logon ext4:6db5ac6afa4a5042: 72
341d39dd I--Q--- 2 perm 1f3f0000 502 65534 keyring _uid.502: empty
# keyctl link 0x1abf2cbf @us
# ls -a
. .cache .didiwiki Downloads .local spot.png .Xauthority
.. .config .DirIcon .history README.txt
# echo 'abc' > testfile1
# cat testfile1


Tags: easy

Fscrypt broken in user spot

September 12, 2021 — BarryK

I have posted about being unable to get Chromium and Chrome to run as user spot:

It turns out that there is a fundamental problem in EasyOS. If a person entered a password at the very first bootup, Easy creates encrypted folders in the ext4 working-partition. So, if anyone steals your usb-stick or hard drive, they won't be able to access the files in those folders.

The encryption mechanism works on a per-folder basis, and the init script in the initrd will unlock those folders when the correct password is entered at bootup. It works great, however, falls apart if login as a non-root user...

I have a utility, 'keyctl', from the 'keyutils' package. I have today compiled that in OE and added it to the package list, so it will be in future releases of EasyOS. It is for managing the kernel keys. I know hardly anything about this topic, but let's explore...

# keyctl show
Session Keyring
1025593870 --alswrv 0 65534 keyring: _uid_ses.0
668976992 --alswrv 0 65534 \_ keyring: _uid.0
291187953 --alsw-v 0 0 \_ logon: ext4:6db5ac6afa4a5041
# ls -a /root/spot
. .cache .didiwiki Downloads .local spot.png
.. .config .DirIcon .history README.txt .Xauthority

That highlighted entry looks like the encryption of the ext4 filesystem. OK, now let's login as spot:

# su -l spot
# keyctl show
Session Keyring
766538552 --alswrv 502 65534 keyring: _uid_ses.502
676258719 --alswrv 502 65534 \_ keyring: _uid.502
# pwd
# echo 'abc' > testfile1
-sh: testfile1: Required key not available
# ls
6rW37WId+lKMnweIIvtagzdl6yDbnlwV oqjFdCBsfmOhji42Vcl25rPB11d8rQhm
8njV2L9wUPwq00z9kbB9h5gewrv31HGY README.txt
adx4yf4hAOVnM2cVKKvWawXQLPXCBMOz spot.png
cTXh+5oKTshqUql5A30nVWaCWTLObsx2 UCUPdY5gOs0rEYI,6tpi9Ap,n7nh4ppB
Downloads Y09MYYqmfJzqU7sPrUbUDnuZV55Dctsp
E3lquNhL1RiXxPvFoSUWSW87Q77hnI8A yCXJJnoom8XbLB65uNAZ,anhMcUHIV+W

Now isn't that interesting!

It seems that the ext4 filesystem key is not available when logged into spot.

Note that "ls" does list some files and one folder correctly. The others are encrypted.

So, the big question, how do I activate that "ext4:6db5ac6afa4a5041" key when logged in as spot?

I haven't solved this yet, as don't know much about kernel keys, how they work and how to manage.

Progress! Was reading the 'e4crypt' man page:

 e4crypt add_key [-vq] [-S salt ] [-k keyring ] [ -p pad ] [ path
       ... ]
              Prompts the user for a passphrase and inserts it into the
              specified keyring.  If no keyring is specified, e4crypt
              will use the session keyring if it exists or the user
              session keyring if it does not.

'e4crypt' is a utility in the 'e2fsprogs' package. It is compiled statically and used in the initrd to create the encrypted folders. What turned on the lights for me is this: "e4crypt will use the session keyring if it exists or the user session keyring if it does not".

"user session" is the root user. The 'keyctl' utility has names for these: "@s" and "@us". The session keyring should be available if I login later on as spot. Let's find out...

# keyctl link @s @us
# su -l spot
# pwd
/root/spot# keyctl show
Session Keyring
766538552 --alswrv 502 65534 keyring: _uid_ses.502
676258719 --alswrv 502 65534 \_ keyring: _uid.502
# echo 'abc' > testfile1
-sh: testfile1: Required key not available
# whoami
# ls -a
. .cache .didiwiki Downloads .local spot.png
.. .config .DirIcon .history README.txt .Xauthority

The improvement is that the folders are now unencrypted, but still cannot write a file.

EDIT 2021-09-12:
Ignore that "keyctl link @s @us", I was just learning, don't think that does anything.

Have got fscrypt to work in spot, see next blog post:       

Tags: easy

Xarchive now extracts DEBIAN control folder

September 11, 2021 — BarryK

Jon (scsijon in the Puppy Forum) is helping me to get Chrome and Chromium working non-root. This has resulted in me making a discovery yesterday, about the Xarchive archiver and extraction GUI tool.

Jon downloaded a Chrome 64-bit DEB file, and clicked on it, in a running EasyOS 2.9, to install it. The PETget installer, if sees a post-install script, will execute it. Then he got it working as user 'spot'.

He emailed instructions to me, including to edit script /usr/bin/google-chrome.

I downloaded the same DEB, opened it up using Xarchive to examine its contents, then manually copied the files to install it. It did not have script /usr/bin/google-chrome.

The penny dropped. Xarchive does not extract the 'DEBIAN' control folder. This has a post-install script that creates /usr/bin/google-chrome.

I want to use Xarchive to view and extract exactly what is inside a archive file!

I have modified /usr/lib/xarchive/wrappers/, inserted a line:

    -e) # extract: from archive passed files 
# convert deb to a temporary tar file
tmptar="$(mktemp -t tartmp.XXXXXX)"
$DEB_PROG $CONVERT_OPTS "$archive" > "$tmptar"
# extract files from the temporary tar
$TAR_PROG $TAR_EXTRACT_OPTS "$tmptar" "$@"
#20210911 BK include control info in extraction...
$DEB_PROG -e $archive DEBIAN
# remove temporary tar
rm "$tmptar"
exit $wrapper_status

...where DEB_PROG=dpkg-deb

Unfortunately, the DEBIAN folder is not listed when viewing the .deb file contents in Xarchive. Probably could be done, but complicates the script immensely.

At least now, when extract a .deb file, will get the DEBIAN folder and can examine what is in it. Not a perfect solution, but passable.

Note, some other pups are using Xarchiver, which is a different project, does the same thing. Xarchive is a dead project, last release in 2006:

However, Puppy developers have worked on it since, and it has been internationalized. There are also posts about additional wrapper scripts. Here is one old post:

Here is the source that I use:    

Tags: easy

Helena Campsite and Speedster Stove test

September 10, 2021 — BarryK

Last weekend, went for a hike. Usual stamping ground, Mundaring locality. Caught train then bus to the town of Mundaring, which is in the hills just outside the Perth metropolitan area. Then walked south on the Mundabiddi Trail to the Mundaring Weir Hotel -- as usual, had lunch there. Then walked approximately East, on the Bibbulmun Track, and camped overnight at the Helena Campsite. Next morning, ambled back along old fire trails, to the Mundaring town, then public transport back to Perth.

Lovely Spring weather, a couple of sunny days, though the nights were cold. I was surprised, about 20 people stayed overnight at the Helena Campsite. Some used the internal bedding provision, some, me included, pitched tents. Yeah, we did the sitting-around-the-campfire thing at night. Even somewhat-anti-social-me sat there for awhile.

Here is a photo just after 6.00am, before the sun has appeared on the horizon, but is starting to light the sky:


When I arrived at the campsite on Saturday evening, my legs were knackered, so the walking had degenerated to a slow shamble. Don't have an app for measuring distance, but it would have been about 23km.

Chatted with one young fellow who had run all the way from the Mundaring Weir Discovery Centre, he said it took him about 1 hour. The trail is up and down rocky terrain, and I took about 4 hours to walk that same path. Oh well.

Next morning, followed lovely old fire-trails, here is a photo:


Legs were knackered, but walked slowly and it was very pleasant.

Main reason for this post, is want to report on using the Speedster Stove, and the new "kitchen kit". I used it on the hike, to rehydrate a veggie & couscous packet for the evening meal. Firstly, about the stove, this is it:

...oh, the site is currently offline, say they are off backpacking and will be online in 4 days.

Anyway, that's what I bought, 30ml spill-proof methylated-spirit (alcohol) stove, with a matching folding stand. They hardly weigh anything. The stove burns for about 18 minutes. No priming required, immediately usable. It won't spill, just screw on the lid and fuel can be left in the stove.

I had great fun putting together the "kitchen kit". I own a Toaks 1000ml titanium pot, and was able to put everything into the pot, including the meths. Here is the pot, total weight with everything inside is 498g:


Toaks do not sell the 1000ml size any more, they do have a 900ml and a 1200ml. But there are other manufacturers, look on eBay and Aliexpress. Open the lid, everything packed neatly inside:


The bottles are each 50ml, to hold the meths. Some meths can also be held in the stove, so potentially can carry 230ml. The weight that I measured, 498g, was with all bottles filled and the stove partly filled.

The big question is, how many days will 230ml of meths last? Hold that thought, for now, presenting everything packed into the pot:


...on the left is a collapsible silicone cup, a funnel, matches, sponge, folding knife, pill-holder, titanium wind-shield, folding titanium spoon, and the Speedster Stove and folding stand.

All of these items are available on eBay and Aliexpress. The bottles are these:

They allow precise application of the meths, with a narrow opening, see this photo of the 100ml bottle:


The titanium windshield is readily available also. Mine was originally 110mm wide, but I cut it down slightly so as to fit underneath the pot handles. It is extremely thin and can be cut with scissors. Weight, after cutting, is only 11g. I use a paper-clip to hold it in place around the stove.

The titanium folding spoon is Keith brand, which I chose as it is slightly wider (41mm) than other brands. Got it from Aliexpress.

Here is the stove and stand:


The windshield is absolutely essential. It shelters the flame from breezes, but also acts with the chimney-effect, drawing air from holes at the bottom and focussing the flame onto the pot. With the windshield in place and the pot on the stand, the flame is hardly seen:


If the pot is removed, the flame is quite yellow, and high:


I would never have thought that this is efficient combustion, but it is. With the pot on the stand, there is hardly any tar residue deposited on the pot, and water is boiled remarkably fast.

In fact, side-by-side tests with other meths stoves, the Speedster boils the water faster. There are some comparisons on YouTube, such as this one, using the smaller 20ml Speedster:

...3 minutes versus 4½ minutes, the Speedster won. Also, the Mini Trangia stove has to be primed, which wastes more fuel and time -- he did not include the priming-time in that 4½ minutes.

As can be seen in the above stove, I set it up on top of my kitchen stove (with ceiling extractor fan running). I also tested the boil time. 400ml took 6 minutes.

My "cooking" on the trail is really just heating up food then eat, such as baked beans, or boil water to rehydrate a meal. And, boil water for coffee. Prolonged cooking is not required, as if required can use my insulated pouch to complete the cooking process. I have one of these, weighs just 43g:

So, back on that question, how many days can I hike with 230ml of meths? According to the Speedster Stoves website, the 30ml stove will burn for 18 minutes. I would probably only need to boil about 600ml per day, which will take 9 minutes -- pour some out for the coffee, the rest to rehydrate a meal. That would mean 15ml per day, so the meths will last for 15 days!

Others might have heavier usage, such as make coffee in the morning, but even if the meths lasts for only 7 days, that is pretty good.

It would be interesting to compare with a gas setup. A 230g gas canister weighs 230g plus the steel container, a small gas screw-on burner is about 75g. They would probably fit in the pot OK. All-up weight is probably going to be higher, plus those gas canisters are not environmentally-friendly.

The motivation behind checking out this meths stove, is previously had used a wood-burning stove, but there are fire restrictions for much of the year here in Western Australia. Gas and meths stoves are allowed all-year round.

A few years ago, I was camping on the South Coast of WA, at a CALM campsite, and was cooking in a camp kitchen. I had a Vargo alcohol stove, and was cooking on a stainless steel bench. This stove: is not very stable, and I accidentally tipped it over. Meths ran over the benchtop, and the flame followed it.

The Speedster Stove, on the otherhand, really is spill proof, see this video:

...he is showing the carbon one, I have the "normal" one, presume that is also just as spill proof.

I was wondering what the weight would be if went for a gas canister solution, instead of a meths stove...

Looked up the calorific value (heating power) of butane gas versus ethanol, and it is about 50Mj/kg versus 29.7Mj/kg. However, that is for 100% ethanol. Methylated Spirits sold in Australia is 95% ethanol and 5% water, with a bittering agent to render it undrinkable. So meths is going to have lower calorific value -- let's estimate around 25Mj/kg.

What that means is half the weight of butane to get the same amount of heating power as meths.

Very roughly then a 100g butane gas canister will be the same heating power as my 200ml bottles of meths.

OK, a 100g gas canister from MacPac weighs 190g, costs AU$10.99. A screw-on burner is $67.46, weighs 72g.
4 litres of methylated spirits from Bunnings is $15.72, which is $1.58 for 200ml.

So from a cost point of view, the meths is far cheaper. What about weight?

My kitchen kit, without the meths parts, packed with a 100g gas canister and screw-on burner, will weigh 488g. This is the base weight of 226g, +190g, +72g

Very similar from a weight perspective. So the choice really comes down to cost and environmental impact. Well, not entirely -- if you are only going hiking for a couple of days, then only one 50ml meths bottle is needed, so can reduce the carrying weight: 498g, take off three bottles at 58g each, the total weight of the kitchen kit becomes 324g.

Another consideration: how do you know how much gas is left? You might have to carry a spare canister just in case.

Just remembered something: if you buy the Diggers brand of methylated spirits here in AU, there is a warning on the label not to use it in alcohol stoves. The reason for this is the company is covering themselves legally, see this forum thread:

Interesting topic, gas versus alcohol!    

Tags: light

Attempted compile Firefox in EasyOS

September 09, 2021 — BarryK

Some applications, over the years, have become more bloated and more difficult to compile. Firefox included.

The Linux From Scratch people have instructions, for example:

Rust and clang (LLVM) are required to compile Firefox. This is how to install Rust:

# curl -4 --proto '=https' --tlsv1.2 -sSf | sh

Choose custom install, and type in "1.51.0" for Default toolchain.

Installs to /root/.cargo

A dependency is 'cbindgen', a rust package, install:

# cargo install cbindgen

Another dependency is 'nodejs', obtain from here, the LTS package, doesn't need to be compiled:

Python3 is also required, unlike SeaMonkey that is still stuck on needing Python2. Python3 is already in EasyOS, with the "devx" SFS loaded of course, for the full Python3.

I compiled the LLVM package in OpenEmbedded, which includes 'clang'. I was shocked that the binary package, xz-compressed, is 2GB, but that includes a lot of ".a" files. The library "libllvm*so" on its own is 60MB, and prior to now did not have it in the OE Dunfell build -- even though it means some GPU drivers in the 'mesa' package could not be built.

It really does go against the grain for me, to include such a huge library in EasyOS, and I won't. I have compiled it in OE only for the purpose of compiling Firefox (in a running EasyOS), with the intention that Firefox will be an SFS, not builtin to EasyOS.

So, LLVM and clang, compiled in OE, binary package now installed in running EasyOS 2.9, getting ready to compile Firefox...

Actually, it is not Firefox itself that needs clang and libllvm, it is 'cbindgen', the rust package. Cross fingers that won't need libllvm in the final firefox executable.

Final steps to getting ready for the compile, set some variables:

# export PATH="/root/.cargo/bin:${PATH}"
# export SHELL=/bin/sh
# export CC=gcc
# export CXX=g++

Here is the 'mozconfig' file, that needs to be in the Firefox source folder:

mk_add_options MOZ_OBJDIR=obj-x86_64-pc-linux-gnu
ac_add_options --enable-application=browser
ac_add_options --prefix=/usr
ac_add_options --host=x86_64-unknown-linux-gnu
ac_add_options --disable-dbus
ac_add_options --disable-accessibility
ac_add_options --disable-updater
ac_add_options --disable-parental-controls
ac_add_options --enable-strip
ac_add_options --with-system-jpeg
ac_add_options --with-system-zlib
ac_add_options --disable-tests
ac_add_options --disable-crashreporter
ac_add_options --with-system-libvpx
ac_add_options --disable-necko-wifi
ac_add_options --without-system-nspr
ac_add_options --without-system-nss
ac_add_options --without-system-icu
ac_add_options --disable-pulseaudio
ac_add_options --enable-alsa
ac_add_options --enable-system-ffi
ac_add_options --enable-system-pixman
ac_add_options --disable-debug
ac_add_options --with-system-libevent
ac_add_options --enable-optimize='-O2'
ac_add_options --enable-ffmpeg
ac_add_options --disable-webrtc
ac_add_options --enable-printing
ac_add_options --disable-jack
ac_add_options --without-system-webp
ac_add_options --disable-elf-hack

I downloaded the latest source, version 92.0, from here:

Copied 'mozconfig' into it, then ran:

# ./mach configure


# ./mach build compiled for a couple of hours, then compile fail.

Tried the legacy ESR version 78.x, see here:

Source package:

...compile also failed, different place, in "netwerk/dns/mdns".

What requires mdns? WebRTC does, and I have "--disable-webrtc" in mozconfig. Worth a punt, have taken that out, trying again...

# rm -rf obj-x86_64-pc-linux-gnu/
# ./mach configure
# ./mach build

...failed again, this time in "modules/libjar/zipwriter".

Haven't given up yet! Downloaded the Firefox source from Debian:

Expanded the "debian" package inside the Firefox source, then applied the patches:

for aP in $P
patch -p1 --dry-run < debian/patches/${aP} >/dev/null 2>&1
if [ $? -eq 0 ];then
echo "PATCH: ${aP}"
patch -p1 < debian/patches/${aP} >/dev/null 2>&1
echo "FAILED: ${aP}"

Off we go again...

...failed again. Oh well, will just use an already-compiled package to create a Firefox SFS.    

Tags: easy