source: xsoft/graphweb/firefox-legacy.xml@ 883e376

11.0 11.1 lazarus qt5new trunk upgradedb xry111/intltool xry111/test-20220226
Last change on this file since 883e376 was 883e376, checked in by Ken Moffat <ken@…>, 10 months ago

Firefox security updates:

JS78 using firefox-78.13.0esr
and introducing firefox-78.13.0esr as Firefox Legacy.

The first two have been tested and measured on glibc-2.34 systems.
The latter has been measured on a slightly older system where 91.0
fails to build.

If anyone likes ff78 so much that they want to use it on a
glibc-2.34 system, feel free to create the necessary patches
but note that I expect to remove Firefox Legacy in November,
it is only a transitional item.

  • Property mode set to 100644
File size: 24.1 KB
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
7 <!ENTITY firefox-download-http "&mozilla-http;/firefox/releases/&JS78-version;esr/source/firefox-&JS78-version;esr.source.tar.xz">
8 <!ENTITY firefox-download-ftp " ">
9 <!ENTITY firefox-md5sum "872623fc9f93ea8d3f3290024f0c0925">
10 <!ENTITY firefox-size "319 MB">
11 <!-- NB with stylo, much of the build uses rust, and therefore cargo files.
12 But the extra cached cargo files, if any, seem to be minimal -->
13 <!ENTITY firefox-buildsize "5.2 GB (186 MB installed) without tests">
14 <!-- editors: with ff63 and rust-1.29, ./mach build -j4 is probably the
15 most practical way to get a timing on a machine with more cores, if taking
16 cores offline is not practical. If in doubt, round up -->
17 <!ENTITY firefox-time "28 SBU (on a 4-core machine) without tests">
20<sect1 id="firefox-legacy" xreflabel="Firefox-&JS78-version; Legacy">
21 <?dbhtml filename="firefox-legacy.html" ?>
23 <sect1info>
24 <date>$Date$</date>
25 </sect1info>
27 <title>Firefox-&JS78-version;</title>
29 <indexterm zone="firefox-legacy">
30 <primary sortas="a-Firefox">Firefox Legacy</primary>
31 </indexterm>
33 <sect2 role="package">
34 <title>Introduction to Firefox Legacy</title>
36 <para>
37 <application>Firefox</application> is a stand-alone browser based on the
38 <application>Mozilla</application> codebase.
39 </para>
41 &lfs101_checked;
43 <bridgehead renderas="sect3">Package Information</bridgehead>
44 <itemizedlist spacing="compact">
45 <listitem>
46 <para>
47 Download (HTTP): <ulink url="&firefox-download-http;"/>
48 </para>
49 </listitem>
50 <listitem>
51 <para>
52 Download (FTP): <ulink url="&firefox-download-ftp;"/>
53 </para>
54 </listitem>
55 <listitem>
56 <para>
57 Download MD5 sum: &firefox-md5sum;
58 </para>
59 </listitem>
60 <listitem>
61 <para>
62 Download size: &firefox-size;
63 </para>
64 </listitem>
65 <listitem>
66 <para>
67 Estimated disk space required: &firefox-buildsize;
68 </para>
69 </listitem>
70 <listitem>
71 <para>
72 Estimated build time: &firefox-time;
73 </para>
74 </listitem>
75 </itemizedlist>
77<!--<bridgehead renderas="sect3">Additional Downloads</bridgehead>
78 <itemizedlist spacing="compact">
79 <listitem>
80 <para>
81 Required patch:
82 <ulink url="&patch-root;/firefox-&firefox-version;esr-rust1520-1.patch"/>
83 </para>
84 </listitem>
85 </itemizedlist>-->
87 <warning>
88 <para>
89 This is the old series of firefox ESR releases, the final release is
90 planned to be 78.15.0 in October 2021. This page is expected to be
91 removed in November 2021 when firefox-91.3 is released.
92 </para>
94 <para>
95 If you are using glibc-2.34 or later, this old version of firefox will
96 not be usable and you should use <xref linkend="firefox"/>.
97 </para>
99 <para>
100 There are only two reasons to use this version: either you want to use
101 ftp from the browser and do not yet have a workaround, or you have a
102 system which for unexplained reasons cannot compile current firefox.
103 </para>
104 </warning>
106 <note>
107 <para>
108 The directory name is firefox-&JS78-version;
109 </para>
111 <para>
112 Extracting the tarball
113 will reset the permissions of the current directory to 0755 if you
114 have permission to do that. If you do this in a directory where
115 the sticky bit is set, such
116 as <filename class="directory">/tmp</filename> it will end with error
117 messages:
118 </para>
120<literallayout>tar: .: Cannot utime: Operation not permitted
121tar: .: Cannot change mode to rwxr-xr-t: Operation not permitted
122tar: Exiting with failure status due to previous errors
125 <para>
126 This does finish with non-zero status, but it does
127 <emphasis>NOT</emphasis> mean there is a real problem.
128 Do not untar as the <systemitem class="username">root</systemitem> user
129 in a directory where the sticky bit is set - that will unset it.
130 </para>
132 <para>
133 As with other large packages which use C++ (or rust), the SBU times
134 to build this vary more widely than you might expect. The build times
135 will increase significantly if your machine has to swap.
136 </para>
138 <para>
139 Although upstream prefer to use <application>PulseAudio</application>,
140 for the moment <application>Alsa</application> can still be used. Both
141 may need runtime configuration to get sound working.
142 </para>
143 </note>
145 <bridgehead renderas="sect3">Firefox Dependencies</bridgehead>
147 <bridgehead renderas="sect4">Required</bridgehead>
148 <para role="required">
149 <xref linkend="autoconf213"/>,
150 <xref linkend="cbindgen"/>,
151 <xref linkend="dbus-glib"/>,
152 both <xref linkend="gtk3"/> and
153 <xref linkend="gtk2"/>,
154 <xref linkend="libnotify"/>,
155 <xref linkend="llvm"/> (clang, used for bindgen even if using gcc),
156 <xref linkend="nodejs"/>,
157 <xref linkend="nss"/>,
158 <xref linkend="pulseaudio"/>
159 (or
160 <xref linkend="alsa-lib"/> if you edit the mozconfig;
161 now deprecated by mozilla), in either case please read the
162 Configuration Information,
163 <!-- rustc is required by cbindgen so not needed here
164 <xref linkend="rust"/>,-->
165 <xref linkend="python3"/> (rebuilt after installing <xref linkend="sqlite"/>),
166 <xref linkend="startup-notification"/>,
167 <xref linkend="unzip"/>,
168 <xref linkend="yasm"/>, and
169 <xref linkend="zip"/>
170 </para>
172 <bridgehead renderas="sect4">Recommended</bridgehead>
173 <para role="recommended">
174 <xref linkend="icu"/>,
175 <xref linkend="libevent"/>,
176 <xref linkend="libwebp"/>,
177 <xref linkend="nasm"/>
178 </para>
180 <note>
181 <para>
182 If you don't install recommended dependencies, then internal copies of
183 those packages will be used. They might be tested to work, but they can
184 be out of date or contain security holes.
185 </para>
186 </note>
188 <bridgehead renderas="sect4">Optional</bridgehead>
189 <para role="optional">
190 <xref linkend="curl"/>,
191 <xref linkend="doxygen"/>,
192 <xref role="runtime" linkend="ffmpeg"/> (runtime, to play mov, mp3 or mp4 files),
193 <!-- <phrase revision="sysv"><ulink url="">liboauth</ulink></phrase> -->
194 <xref linkend="liboauth"/>,
195 <xref linkend="openjdk"/>,
196 <xref linkend="valgrind"/>,
197 <xref linkend="wget"/>,
198 <xref linkend="wireless_tools"/>,
199 <ulink url="">libproxy</ulink>
200 </para>
202 <para condition="html" role="usernotes">
203 User Notes: <ulink url="&blfs-wiki;/firefox"/>
204 </para>
205 </sect2>
207 <sect2 role="installation">
208 <title>Installation of Firefox Legacy</title>
210 <para>
211 The configuration of <application>Firefox</application> is accomplished
212 by creating a <filename>mozconfig</filename> file containing the desired
213 configuration options. A default <filename>mozconfig</filename> is
214 created below. To see the entire list of available configuration options
215 (and an abbreviated description of some of them), issue <command>./mach
216 configure &amp;&amp; ./configure --help | less</command>. You may also
217 wish to review the entire file and uncomment any other desired options.
218 Create the file by issuing the following command:
219 </para>
221<screen><userinput>cat &gt; mozconfig &lt;&lt; "EOF"
222<literal># If you have a multicore machine, all cores will be used by default.
224# If you have installed (or will install) wireless-tools, and you wish
225# to use geolocation web services, comment out this line
226ac_add_options --disable-necko-wifi
228# API Keys for geolocation APIs - necko-wifi (above) is required for MLS
229# Uncomment the following line if you wish to use Mozilla Location Service
230#ac_add_options --with-mozilla-api-keyfile=$PWD/mozilla-key
232# Uncomment the following line if you wish to use Google's geolocaton API
233# (needed for use with saved maps with Google Maps)
234#ac_add_options --with-google-location-service-api-keyfile=$PWD/google-key
236# startup-notification is required since firefox-78
238# Uncomment the following option if you have not installed PulseAudio
239#ac_add_options --disable-pulseaudio
240# or uncomment this if you installed alsa-lib instead of PulseAudio
241#ac_add_options --enable-alsa
243# Comment out following options if you have not installed
244# recommended dependencies:
245ac_add_options --with-system-libevent
246ac_add_options --with-system-webp
247ac_add_options --with-system-nspr
248ac_add_options --with-system-nss
249ac_add_options --with-system-icu
251# Do not specify the gold linker which is not the default. It will take
252# longer and use more disk space when debug symbols are disabled.
254# libdavid (av1 decoder) requires nasm. Uncomment this if nasm
255# has not been installed.
256#ac_add_options --disable-av1
258# You cannot distribute the binary if you do this
259ac_add_options --enable-official-branding
261# Stripping is now enabled by default.
262# Uncomment these lines if you need to run a debugger:
263#ac_add_options --disable-strip
264#ac_add_options --disable-install-strip
266# Disabling debug symbols makes the build much smaller and a little
267# faster. Comment this if you need to run a debugger. Note: This is
268# required for compilation on i686.
269ac_add_options --disable-debug-symbols
271# The elf-hack is reported to cause failed installs (after successful builds)
272# on some machines. It is supposed to improve startup time and it shrinks
273# by a few MB - comment this if you know your machine is not affected.
274ac_add_options --disable-elf-hack
276# The BLFS editors recommend not changing anything below this line:
277ac_add_options --prefix=/usr
278ac_add_options --enable-application=browser
279ac_add_options --disable-crashreporter
280ac_add_options --disable-updater
281# enabling the tests will use a lot more space and significantly
282# increase the build time, for no obvious benefit.
283ac_add_options --disable-tests
285# The default level of optimization again produces a working build with gcc.
286ac_add_options --enable-optimize
288ac_add_options --enable-system-ffi
289ac_add_options --enable-system-pixman
291# --with-system-bz2 was removed in firefox-78
292ac_add_options --with-system-jpeg
293ac_add_options --with-system-png
294ac_add_options --with-system-zlib
296# The following option unsets Telemetry Reporting. With the Addons Fiasco,
297# Mozilla was found to be collecting user's data, including saved passwords and
298# web form data, without users consent. Mozilla was also found shipping updates
299# to systems without the user's knowledge or permission.
300# As a result of this, use the following command to permanently disable
301# telemetry reporting in Firefox.
304mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/firefox-build-dir</literal>
307 <para>
308 Compile <application>Firefox</application> by issuing the following
309 commands:
310 </para>
313 Apply a patch that prevent a crash when opening HTML videos if
314 compiling against rust-1.52.0 or higher:
315 </para>
317<screen><userinput>patch -Np1 -i ../firefox-&firefox-version;esr-rust1520-1.patch</userinput></screen>-->
319 <para>
320 In the esr version of firefox-78, the code to ensure that add-ons
321 are signed by the trusted root has been disabled, presumably for
322 organizations which require their own add-ons. To enable it as an
323 added security measure issue the following command:
324 </para>
326<screen><userinput>sed -e 's/Disable/Enable/' \
327 -e '/^MOZ_REQUIRE_SIGNING/s/0/1/' \
328 -i build/mozconfig.common</userinput></screen>
330 <para>
331 If the geolocation APIs are needed:
332 </para>
334 <note>
335 <para>
336 <!-- Taken from Arch Linux - an immensely helpful link - Thanks -->
337 The Google and Mozilla API Keys below are specific to LFS. If using
338 these instructions for another distro, or if you intend to distribute
339 binary copies of the software using these instructions, please obtain
340 your own keys following the instructions located at
341 <ulink url=""/> and
342 <ulink url=""/> respectively.
343 <!-- BLFS Devs, register an account at Google with your
344 email address, and I'll make you an administrator
345 for the 'Google APIs for LFS' project (where the API and OAuth keys
346 were created for use in the book).-->
347 </para>
348 </note>
350<screen><userinput>echo "AIzaSyDxKL42zsPjbke5O8_rPVpVrLrJ8aeE9rQ" > google-key
351echo "613364a7-9418-4c86-bcee-57e32fd70c23" > mozilla-key</userinput></screen>
353 <note>
355 <xi:include xmlns:xi=""
356 href="../../xincludes/mozshm.xml"/>
358 <xi:include xmlns:xi=""
359 href="../../xincludes/mozmach.xml"/>
361 </note>
362 <!--
363 <para>
364 If you are building on i686, apply a fix to prevent Internal Compiler
365 Errors in GCC-7+:
366 </para>
368<screen><userinput remap="pre">case $(uname -m) in
369 i?86) sed -i "562 s/mips64/i386/" gfx/skia/skia/third_party/skcms/src/Transform_inl.h ;;
371 -->
373 Apply a patch to allow this to be compiled with <xref linkend="rust"/>:
374 </para>
376<screen><userinput remap="pre">patch -p1 -i ../firefox-&firefox-version;esr-rustc1470-1.patch</userinput></screen>-->
378 <para>
379 Now invoke the Python script to compile the package.
380 </para>
382<screen><userinput>export CC=gcc CXX=g++ &amp;&amp;
383export MOZBUILD_STATE_PATH=${PWD}/mozbuild &amp;&amp;
384./mach configure &amp;&amp;
385./mach build</userinput></screen>
387 <para>
388 The <filename>mozconfig</filename> above disables the tests because
389 they use a lot more time and disk space for no obvious benefit. If
390 you have nevertheless enabled them, you can run the tests by executing
391 <command>./mach gtest</command>. This will require a network connection,
392 and to be run from within an Xorg session - there is a popup dialog
393 when it fails to connect to ALSA (that does not create a failed test).
394 One or two tests will fail. To see the details of the failure(s) you
395 will need to log the output from that command so that you can review it.
396 </para>
398 <para>
399 Now, as the <systemitem class="username">root</systemitem> user:
400 </para>
402<screen role="root"><userinput>./mach install</userinput></screen>
404 <para>
405 Set environment variables back to their values:
406 </para>
408<screen><userinput>unset CC CXX MOZBUILD_STATE_PATH</userinput></screen>
410 </sect2>
412 <sect2 role="commands">
413 <title>Command Explanations</title>
415<!--<xi:include xmlns:xi=""
416 href="../../xincludes/SIOCGSTAMP.xml"/>-->
418 <para>
419 <command>export CC=gcc CXX=g++ ...</command>: Upstream now prefer
420 <application>clang</application> so that they can use one compiler
421 everywhere. On the X86 architectures <application>clang</application>
422 now appears to support most of the same security-hardening options as
423 <application>GCC</application>.
424 <!-- supported in llvm-11
425 but the newer
426 <literal>-fstack-clash-protection</literal> is still not supported.-->
427 With the current versions and the default flags,
428 <application>GCC</application> creates a marginally bigger build but
429 takes typically 2 SBU less time on a 4-core machine using the mozconfig
430 above.
431 </para>
433 <para>
434 <command>export MOZBUILD_STATE_PATH=${PWD}/mozbuild</command>: The build
435 is now supposed to tell you that it intends to create <filename
436 class="directory">~/.mozbuild</filename>, and offer you an option to
437 press &lt;ENTER&gt; to accept this, or Ctrl-C to cancel and restart the
438 build after specifying the directory. In practice, the message may not
439 appear until after &lt;ENTER&gt; is keyed, i.e. the build stalls.
440 </para>
442 <para>
443 That directory is used for a (probably random) telemetry identifier.
444 Creating this in the build directory, and deleting that after the
445 installation, prevents it being used. If you wish to participate in
446 telemetry, export MOZBUILD_STATE_PATH to point to its default directory.
447 </para>
449 <para>
450 <command>./mach build</command>: <application>Firefox</application>
451 now uses this <application>python</application> script to run the
452 build and install.
453 </para>
455 <para>
456 <option>./mach build --verbose</option>: Use this alternative if you
457 need details of which files are being compiled, together with any C or
458 C++ flags being used. But do not add '--verbose' to the install command,
459 it is not accepted there.
460 </para>
462 <para>
463 <option>./mach build -jN</option>: The build should, by default, use
464 all the online CPU cores. If using all the cores causes the build to swap
465 because you have insufficient memory, using fewer cores can be faster.
466 </para>
469 <para>
470 <command>mkdir -pv /usr/lib/mozilla/plugins</command>: This ensures
471 that <filename class="directory">/usr/lib/mozilla/plugins/</filename>
472 exists.
473 </para>
475 <para>
476 <command>ln -sv ... /usr/lib/firefox/browser</command>:
477 This command creates a symbolic link to <filename
478 class="directory">/usr/lib/mozilla/plugins</filename>. It's not really
479 needed, as <application>Firefox</application> checks <filename
480 class="directory">/usr/lib/mozilla/plugins</filename> by default, but the
481 symbolic link is made to keep all the plugins installed in one folder.
482 </para>
485 </sect2>
487 <sect2 role="configuration">
488 <title>Configuring Firefox</title>
490 <para>
491 If you use a desktop environment like <application>Gnome</application> or
492 <application>KDE</application> you may like to create a
493 <filename>firefox.desktop</filename> file so that
494 <application>Firefox</application> appears in the panel's menus. <!--If you
495 didn't enable startup-notification in your mozconfig change the
496 StartupNotify line to false.--> As the
497 <systemitem class="username">root</systemitem> user:
498 </para>
500<screen role="root"><userinput>mkdir -pv /usr/share/applications &amp;&amp;
501mkdir -pv /usr/share/pixmaps &amp;&amp;
503cat &gt; /usr/share/applications/firefox.desktop &lt;&lt; "EOF" &amp;&amp;
504<literal>[Desktop Entry]
506Name=Firefox Web Browser
507Comment=Browse the World Wide Web
508GenericName=Web Browser
509Exec=firefox %u
518ln -sfv /usr/lib/firefox/browser/chrome/icons/default/default128.png \
519 /usr/share/pixmaps/firefox.png</userinput></screen>
521 <sect3><title>Configuration Information</title>
523 <para>
524 The application settings for firefox are accessible by keying
525 <command>about:config</command> in the address bar.
526 </para>
528 <para>
529 Occasionally, getting working sound in
530 <application>firefox</application> can be a problem. Although upstream
531 prefers pulseaudio,
532 on balance using <application>Alsa</application> may be easier.
533 </para>
535 <para>
536 If you enabled <application>Alsa</application> for sound, you may need
537 to alter one variable to get working sound. If you run
538 <command>firefox</command> from a term and try to play something with
539 sound you might encounter error messages like:
540 </para>
542 <para>
543 <literal>Sandbox: seccomp sandbox violation: pid 3941, tid 4030,
544 syscall 16, args 48 2147767296 139909894784796 0 0 0.</literal>
545 </para>
547 <para>
548 That was on x86_64, on i686 the syscall number is 54. To allow this
549 syscall, in <command>about:config</command> change
550 <command>security.sandbox.content.syscall_whitelist</command> to 16
551 (or 54 if using i686).
552 </para>
554 <para>
555 If you use <command>pulseaudio</command> in a Desktop Environment, it
556 might already be started by that DE. But if it is not, although
557 firefox-57 managed to start it, firefox-58 did not. If you run
558 <command>firefox</command> from a term and this problem is present,
559 trying to play sound will
560 encounter error messages warning <literal>Can't get cubeb
561 context!</literal>
562 </para>
564 <para>
565 The fix for this is to close firefox, start pulseaudio to check it
566 does start (if not, read the information on Configuring in <xref
567 linkend="pulseaudio"/>) and restart firefox to check it is working.
568 If it now works, add the following to your <filename>~/.xinitrc</filename>:
569<phrase revision="sysv">
570<literal>pulseaudio --verbose --log-target=syslog&amp;</literal></phrase>
571<phrase revision="systemd">
572<literal>pulseaudio --verbose --log-target=journald&amp;</literal></phrase>
573 (unfortunately, on some systems this does not work).
574 </para>
576 <para>
577 You may wish to use multiple profiles within firefox. To do that, invoke
578 firefox as <command>firefox --ProfileManager</command>. You can also
579 check which profile is currently in use from
580 <command>about:profiles</command>.
581 </para>
583 <para>
584 Although WebRender (using the GPU for compositing) is not used by
585 default, it now appears to work well on supported hardware (ATI, Nvidia
586 and Intel GPUs with Mesa-18 or later. For an explanation, please see
587 <ulink
588 url=""></ulink>.
589 The only downside seems to be that on a machine with limited RAM it might
590 use more RAM.
591 </para>
593 <para>
594 To check if WebRender is being used, look in about:support. In the Graphics
595 section Compositing will either show 'Basic' (i.e. not in use) or
596 'WebRender'. To enable it, go to about:config and change gfx.webrender.all
597 to True. You will need to restart firefox.
598 </para>
600 <para>
601 It may be useful to mention the processes from firefox which can appear in
602 <command>top</command> - as well as firefox itself, there may be multiple
603 Web Content processes, and now an RDD Process (Remote Data Decoder) which
604 appears when playing web videos encoded with av1 (libdav1d). If WebRender
605 has been enabled, a GPU Process will also appear when firefox has to
606 repaint (e.g. scrolling, opening a new tab, or playing a video).
607 </para>
609 </sect3>
610 </sect2>
612 <sect2 role="content">
613 <title>Contents</title>
615 <segmentedlist>
616 <segtitle>Installed Programs</segtitle>
617 <segtitle>Installed Libraries</segtitle>
618 <segtitle>Installed Directory</segtitle>
620 <seglistitem>
621 <seg>
622 firefox
623 </seg>
624 <seg>
625 Numerous libraries, browser components, plugins, extensions, and
626 helper modules installed in /usr/lib/firefox
627 </seg>
628 <seg>
629 /usr/lib/firefox and /usr/lib/mozilla
630 </seg>
631 </seglistitem>
632 </segmentedlist>
634 <variablelist>
635 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
636 <?dbfo list-presentation="list"?>
637 <?dbhtml list-presentation="table"?>
639 <varlistentry id="firefox-legacy-prog">
640 <term><command>firefox</command></term>
641 <listitem>
642 <para>
643 is a <application>GTK+-3</application> internet browser that uses
644 the Mozilla Gecko rendering engine
645 </para>
646 <indexterm zone="firefox-legacy firefox-legacy-prog">
647 <primary sortas="b-firefox">firefox</primary>
648 </indexterm>
649 </listitem>
650 </varlistentry>
652 </variablelist>
654 </sect2>
Note: See TracBrowser for help on using the repository browser.