source: xsoft/graphweb/firefox.xml@ 2eb6c62

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
   "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
  <!ENTITY % general-entities SYSTEM "../../general.ent">
  %general-entities;

  <!ENTITY firefox-download-http "&mozilla-http;/firefox/releases/&firefox-version;esr/source/firefox-&firefox-version;esr.source.tar.xz">
  <!ENTITY firefox-download-ftp  " ">
  <!ENTITY firefox-md5sum        "0aa9c735305304373f9fddc35c56e81b">
  <!ENTITY firefox-size          "319 MB">
  <!-- NB with stylo, much of the build uses rust, and therefore cargo files.
    But the extra cached cargo files, if any, seem to be minimal -->
  <!ENTITY firefox-buildsize     "5.2 GB (186 MB installed) without tests">
  <!-- editors: with ff63 and rust-1.29, ./mach build -j4 is probably the
   most practical way to get a timing on a machine with more cores, if taking
   cores offline is not practical. If in doubt, round up -->
  <!ENTITY firefox-time          "30 SBU (on a 4-core machine) without tests">
]>

<sect1 id="firefox" xreflabel="Firefox-&firefox-version;">
  <?dbhtml filename="firefox.html" ?>

  <sect1info>
    <date>$Date$</date>
  </sect1info>

  <title>Firefox-&firefox-version;</title>

  <indexterm zone="firefox">
    <primary sortas="a-Firefox">Firefox</primary>
  </indexterm>

  <sect2 role="package">
    <title>Introduction to Firefox</title>

    <para>
      <application>Firefox</application> is a stand-alone browser based on the
      <application>Mozilla</application> codebase.
    </para>

    &lfs101_checked;

    <bridgehead renderas="sect3">Package Information</bridgehead>
    <itemizedlist spacing="compact">
      <listitem>
        <para>
          Download (HTTP): <ulink url="&firefox-download-http;"/>
        </para>
      </listitem>
      <listitem>
        <para>
          Download (FTP): <ulink url="&firefox-download-ftp;"/>
        </para>
      </listitem>
      <listitem>
        <para>
          Download MD5 sum: &firefox-md5sum;
        </para>
      </listitem>
      <listitem>
        <para>
          Download size: &firefox-size;
        </para>
      </listitem>
      <listitem>
        <para>
          Estimated disk space required: &firefox-buildsize;
        </para>
      </listitem>
      <listitem>
        <para>
          Estimated build time: &firefox-time;
        </para>
      </listitem>
    </itemizedlist>

<bridgehead renderas="sect3">Additional Downloads</bridgehead>
    <itemizedlist spacing="compact">
      <listitem>
        <para>
          Required patch:
          <ulink url="&patch-root;/firefox-&firefox-version;esr-rust1520-1.patch"/>
        </para>
      </listitem>
    </itemizedlist>

    <note>
      <para>
        The directory name is firefox-&firefox-version;
      </para>

      <para>
        Extracting the tarball
        will reset the permissions of the current directory to 0755 if you
        have permission to do that. If you do this in a directory where
        the sticky bit is set, such
        as <filename class="directory">/tmp</filename> it will end with error
        messages:
      </para>

<literallayout>tar: .: Cannot utime: Operation not permitted
tar: .: Cannot change mode to rwxr-xr-t: Operation not permitted
tar: Exiting with failure status due to previous errors
</literallayout>

      <para>
        This does finish with non-zero status, but it does
        <emphasis>NOT</emphasis> mean there is a real problem.
        Do not untar as the <systemitem class="username">root</systemitem> user
        in a directory where the sticky bit is set - that will unset it.
      </para>

      <para>
        As with other large packages which use C++ (or rust), the SBU times
        to build this vary more widely than you might expect. The build times
        will increase significantly if your machine has to swap.
      </para>

      <!-- commented, by 78.0 it seems to work reliably
      <para>
        The mach build system (Python scripts) can be somewhat unreliable: if
        the build fails and reports an Error, it can still return a status of
        success, causing a scripted build to try to install (which does not rerun
        the build), fail during the preparations for installing, but still exit
        with a status of success. Also, on occasion it may limit itself to only
        running one set of jobs - that will make the build take about 3 times as
        long as running with four sets of jobs.
      </para>-->

      <para>
        Although upstream prefer to use <application>PulseAudio</application>,
        for the moment <application>Alsa</application> can still be used. Both
        may need runtime configuration to get sound working.
      </para>
    </note>

    <bridgehead renderas="sect3">Firefox Dependencies</bridgehead>

    <bridgehead renderas="sect4">Required</bridgehead>
    <para role="required">
      <xref linkend="autoconf213"/>,
      <xref linkend="cbindgen"/>,
      <xref linkend="dbus-glib"/>,
      both <xref linkend="gtk3"/> and
      <xref linkend="gtk2"/>,
      <xref linkend="libnotify"/>,
      <xref linkend="llvm"/> (clang, used for bindgen even if using gcc),
      <xref linkend="nodejs"/>,
      <xref linkend="nss"/>,
      <xref linkend="pulseaudio"/>
      (or
      <xref linkend="alsa-lib"/> if you edit the mozconfig;
        now deprecated by mozilla), in either case please read the
        Configuration Information,
      <!-- rustc is required by cbindgen so not needed here
      <xref linkend="rust"/>,-->
      <xref linkend="python3"/> (rebuilt after installing <xref linkend="sqlite"/>),
      <xref linkend="startup-notification"/>,
      <xref linkend="unzip"/>,
      <xref linkend="yasm"/>, and
      <xref linkend="zip"/>
    </para>

    <bridgehead renderas="sect4">Recommended</bridgehead>
    <para role="recommended">
      <xref linkend="icu"/>,
      <xref linkend="libevent"/>,
      <xref linkend="libwebp"/>,
      <xref linkend="nasm"/>
    </para>

    <note>
      <para>
        If you don't install recommended dependencies, then internal copies of
        those packages will be used. They might be tested to work, but they can
        be out of date or contain security holes.
      </para>
    </note>

    <bridgehead renderas="sect4">Optional</bridgehead>
    <para role="optional">
      <xref linkend="curl"/>,
      <xref linkend="doxygen"/>,
      <xref role="runtime" linkend="ffmpeg"/> (runtime, to play mov, mp3 or mp4 files),
      <!--      <phrase revision="sysv"><ulink url="https://sourceforge.net/projects/liboauth/files/">liboauth</ulink></phrase> -->
      <xref linkend="liboauth"/>,
      <xref linkend="openjdk"/>,
      <xref linkend="valgrind"/>,
      <xref linkend="wget"/>,
      <xref linkend="wireless_tools"/>,
      <ulink url="https://github.com/libproxy/libproxy">libproxy</ulink>
    </para>

    <para condition="html" role="usernotes">
      User Notes: <ulink url="&blfs-wiki;/firefox"/>
    </para>
  </sect2>

  <sect2 role="installation">
    <title>Installation of Firefox</title>

    <para>
      The configuration of <application>Firefox</application> is accomplished
      by creating a <filename>mozconfig</filename> file containing the desired
      configuration options. A default <filename>mozconfig</filename> is
      created below. To see the entire list of available configuration options
      (and an abbreviated description of some of them), issue <command>./mach
      configure &amp;&amp; ./configure --help | less</command>. You may also
      wish to review the entire file and uncomment any other desired options.
      Create the file by issuing the following command:
    </para>

<screen><userinput>cat &gt; mozconfig &lt;&lt; "EOF"
<literal># If you have a multicore machine, all cores will be used by default.

# If you have installed (or will install) wireless-tools, and you wish
# to use geolocation web services, comment out this line
ac_add_options --disable-necko-wifi

# API Keys for geolocation APIs - necko-wifi (above) is required for MLS
# Uncomment the following line if you wish to use Mozilla Location Service
#ac_add_options --with-mozilla-api-keyfile=$PWD/mozilla-key

# Uncomment the following line if you wish to use Google's geolocaton API
# (needed for use with saved maps with Google Maps)
#ac_add_options --with-google-location-service-api-keyfile=$PWD/google-key

# startup-notification is required since firefox-78

# Uncomment the following option if you have not installed PulseAudio
#ac_add_options --disable-pulseaudio
# or uncomment this if you installed alsa-lib instead of PulseAudio
#ac_add_options --enable-alsa

# Comment out following options if you have not installed
# recommended dependencies:
ac_add_options --with-system-libevent
ac_add_options --with-system-webp
ac_add_options --with-system-nspr
ac_add_options --with-system-nss
ac_add_options --with-system-icu

# Do not specify the gold linker which is not the default. It will take
# longer and use more disk space when debug symbols are disabled.

# libdavid (av1 decoder) requires nasm. Uncomment this if nasm
# has not been installed.
#ac_add_options --disable-av1

# You cannot distribute the binary if you do this
ac_add_options --enable-official-branding

# Stripping is now enabled by default.
# Uncomment these lines if you need to run a debugger:
#ac_add_options --disable-strip
#ac_add_options --disable-install-strip

# Disabling debug symbols makes the build much smaller and a little
# faster. Comment this if you need to run a debugger. Note: This is
# required for compilation on i686.
ac_add_options --disable-debug-symbols

# The elf-hack is reported to cause failed installs (after successful builds)
# on some machines. It is supposed to improve startup time and it shrinks
# libxul.so by a few MB - comment this if you know your machine is not affected.
ac_add_options --disable-elf-hack

# The BLFS editors recommend not changing anything below this line:
ac_add_options --prefix=/usr
ac_add_options --enable-application=browser
ac_add_options --disable-crashreporter
ac_add_options --disable-updater
# enabling the tests will use a lot more space and significantly
# increase the build time, for no obvious benefit.
ac_add_options --disable-tests

# The default level of optimization again produces a working build with gcc.
ac_add_options --enable-optimize

ac_add_options --enable-system-ffi
ac_add_options --enable-system-pixman

# --with-system-bz2 was removed in firefox-78
ac_add_options --with-system-jpeg
ac_add_options --with-system-png
ac_add_options --with-system-zlib

# The following option unsets Telemetry Reporting. With the Addons Fiasco,
# Mozilla was found to be collecting user's data, including saved passwords and
# web form data, without users consent. Mozilla was also found shipping updates
# to systems without the user's knowledge or permission.
# As a result of this, use the following command to permanently disable
# telemetry reporting in Firefox.
unset MOZ_TELEMETRY_REPORTING

mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/firefox-build-dir</literal>
EOF</userinput></screen>

    <para>
      Compile <application>Firefox</application> by issuing the following
      commands:
    </para>

    <para>
      Apply a patch that prevent a crash when opening HTML videos if
      compiling against rust-1.52.0 or higher:
    </para>

<screen><userinput>patch -Np1 -i ../firefox-&firefox-version;esr-rust1520-1.patch</userinput></screen>

    <para>
      In the esr version of firefox-78, the code to ensure that add-ons
      are signed by the trusted root has been disabled, presumably for
      organizations which require their own add-ons. To enable it as an
      added security measure issue the following command:
    </para>

<screen><userinput>sed -e 's/Disable/Enable/'            \
    -e '/^MOZ_REQUIRE_SIGNING/s/0/1/' \
    -i build/mozconfig.common</userinput></screen>

    <para>
      If the geolocation APIs are needed:
    </para>

    <note>
      <para>
        <!-- Taken from Arch Linux - an immensely helpful link - Thanks -->
        The Google and Mozilla API Keys below are specific to LFS. If using
        these instructions for another distro, or if you intend to distribute
        binary copies of the software using these instructions, please obtain
        your own keys following the instructions located at
        <ulink url="http://www.chromium.org/developers/how-tos/api-keys"/> and
        <ulink url="https://location.services.mozilla.com/api"/> respectively.
        <!-- BLFS Devs, register an account at Google with your
        @linuxfromscratch.org email address, and I'll make you an administrator
        for the 'Google APIs for LFS' project (where the API and OAuth keys
        were created for use in the book).-->
      </para>
    </note>

<screen><userinput>echo "AIzaSyDxKL42zsPjbke5O8_rPVpVrLrJ8aeE9rQ" > google-key
echo "613364a7-9418-4c86-bcee-57e32fd70c23" > mozilla-key</userinput></screen>

    <note>

      <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
       href="../../xincludes/mozshm.xml"/>

      <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
       href="../../xincludes/mozmach.xml"/>

    </note>
    <!--
    <para>
      If you are building on i686, apply a fix to prevent Internal Compiler
      Errors in GCC-7+:
    </para>

<screen><userinput remap="pre">case $(uname -m) in
   i?86) sed -i "562 s/mips64/i386/" gfx/skia/skia/third_party/skcms/src/Transform_inl.h ;;
esac</userinput></screen>
    -->
<!--<para>
      Apply a patch to allow this to be compiled with <xref linkend="rust"/>:
    </para>

<screen><userinput remap="pre">patch -p1 -i ../firefox-&firefox-version;esr-rustc1470-1.patch</userinput></screen>-->

    <para>
      Now invoke the Python script to compile the package.
    </para>

<screen><userinput>export CC=gcc CXX=g++ &amp;&amp;
export MOZBUILD_STATE_PATH=${PWD}/mozbuild &amp;&amp;
./mach configure                           &amp;&amp;
./mach build</userinput></screen>

    <para>
      The <filename>mozconfig</filename> above disables the tests because
      they use a lot more time and disk space for no obvious benefit. If
      you have nevertheless enabled them, you can run the tests by executing
      <command>./mach gtest</command>. This will require a network connection,
      and to be run from within an Xorg session - there is a popup dialog
      when it fails to connect to ALSA (that does not create a failed test).
      One or two tests will fail.  To see the details of the failure(s) you
      will need to log the output from that command so that you can review it.
    </para>

    <para>
      Now, as the <systemitem class="username">root</systemitem> user:
    </para>

<screen role="root"><userinput>./mach install</userinput></screen>

    <para>
      Set environment variables back to their values:
    </para>

<screen><userinput>unset CC CXX MOZBUILD_STATE_PATH</userinput></screen>

  </sect2>

  <sect2 role="commands">
    <title>Command Explanations</title>

<!--<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
      href="../../xincludes/SIOCGSTAMP.xml"/>-->

    <para>
      <command>export CC=gcc CXX=g++ ...</command>: Upstream now prefer
      <application>clang</application> so that they can use one compiler
      everywhere. On the X86 architectures <application>clang</application>
      now appears to support most of the same security-hardening options as
      <application>GCC</application>.
      <!-- supported in llvm-11
      but the newer
      <literal>-fstack-clash-protection</literal> is still not supported.-->
      With the current versions and the default flags,
      <application>GCC</application> creates a marginally bigger build but
      takes typically 2 SBU less time on a 4-core machine using the mozconfig
      above.
    </para>

    <para>
      <command>export MOZBUILD_STATE_PATH=${PWD}/mozbuild</command>: The build
      is now supposed to tell you that it intends to create <filename
      class="directory">~/.mozbuild</filename>, and offer you an option to
      press &lt;ENTER&gt; to accept this, or Ctrl-C to cancel and restart the
      build after specifying the directory. In practice, the message may not
      appear until after &lt;ENTER&gt; is keyed, i.e. the build stalls.
    </para>

    <para>
      That directory is used for a (probably random) telemetry identifier.
      Creating this in the build directory, and deleting that after the
      installation, prevents it being used. If you wish to participate in
      telemetry, export MOZBUILD_STATE_PATH to point to its default directory.
    </para>

    <para>
      <command>./mach build</command>: <application>Firefox</application>
      now uses this <application>python</application> script to run the
      build and install.
    </para>

    <para>
      <option>./mach build --verbose</option>: Use this alternative if you
      need details of which files are being compiled, together with any C or
      C++ flags being used. But do not add '--verbose' to the install command,
      it is not accepted there.
    </para>

    <para>
      <option>./mach build -jN</option>: The build should, by default, use
      all the online CPU cores. If using all the cores causes the build to swap
      because you have insufficient memory, using fewer cores can be faster.
    </para>

    <para>
      <command>mkdir -pv /usr/lib/mozilla/plugins</command>: This ensures
      that <filename class="directory">/usr/lib/mozilla/plugins/</filename>
      exists.
    </para>

    <para>
      <command>ln -sv ... /usr/lib/firefox/browser</command>:
      This command creates a symbolic link to <filename
      class="directory">/usr/lib/mozilla/plugins</filename>. It's not really
      needed, as <application>Firefox</application> checks <filename
      class="directory">/usr/lib/mozilla/plugins</filename> by default, but the
      symbolic link is made to keep all the plugins installed in one folder.
    </para>

  </sect2>

  <sect2 role="configuration">
    <title>Configuring Firefox</title>

    <para>
      If you use a desktop environment like <application>Gnome</application> or
      <application>KDE</application> you may like to create a
      <filename>firefox.desktop</filename> file so that
      <application>Firefox</application> appears in the panel's menus. <!--If you
      didn't enable startup-notification in your mozconfig change the
      StartupNotify line to false.--> As the
      <systemitem class="username">root</systemitem> user:
    </para>

<screen role="root"><userinput>mkdir -pv /usr/share/applications &amp;&amp;
mkdir -pv /usr/share/pixmaps &amp;&amp;

cat &gt; /usr/share/applications/firefox.desktop &lt;&lt; "EOF" &amp;&amp;
<literal>[Desktop Entry]
Encoding=UTF-8
Name=Firefox Web Browser
Comment=Browse the World Wide Web
GenericName=Web Browser
Exec=firefox %u
Terminal=false
Type=Application
Icon=firefox
Categories=GNOME;GTK;Network;WebBrowser;
MimeType=text/html;text/xml;application/xhtml+xml;application/vnd.mozilla.xul+xml;text/mml;x-scheme-handler/http;x-scheme-handler/https;
StartupNotify=true</literal>
EOF

ln -sfv /usr/lib/firefox/browser/chrome/icons/default/default128.png \
        /usr/share/pixmaps/firefox.png</userinput></screen>

    <sect3><title>Configuration Information</title>

      <para>
        The application settings for firefox are accessible by keying
        <command>about:config</command> in the address bar.
      </para>

      <para>
        Occasionally, getting working sound in
        <application>firefox</application> can be a problem.  Although upstream
        prefers pulseaudio,
        on balance using <application>Alsa</application> may be easier.
      </para>

      <para>
        If you enabled <application>Alsa</application> for sound, you may need
        to alter one variable to get working sound. If you run
        <command>firefox</command> from a term and try to play something with
        sound you might encounter error messages like:
      </para>

      <para>
         <literal>Sandbox: seccomp sandbox violation: pid 3941, tid 4030,
         syscall 16, args 48 2147767296 139909894784796 0 0 0.</literal>
      </para>

      <para>
        That was on x86_64, on i686 the syscall number is 54. To allow this
        syscall, in <command>about:config</command> change
        <command>security.sandbox.content.syscall_whitelist</command> to 16
        (or 54 if using i686).
      </para>

      <para>
        If you use <command>pulseaudio</command> in a Desktop Environment, it
        might already be started by that DE.  But if it is not, although
        firefox-57 managed to start it, firefox-58 did not.  If you run
        <command>firefox</command> from a term and this problem is present,
        trying to play sound will
        encounter error messages warning <literal>Can't get cubeb
        context!</literal>
      </para>

    <para>
      The fix for this is to close firefox, start pulseaudio to check it
      does start (if not, read the information on Configuring in <xref
      linkend="pulseaudio"/>) and restart firefox to check it is working.
      If it now works, add the following to your <filename>~/.xinitrc</filename>:
<phrase revision="sysv">
<literal>pulseaudio --verbose --log-target=syslog&amp;</literal></phrase>
<phrase revision="systemd">
<literal>pulseaudio --verbose --log-target=journald&amp;</literal></phrase>
        (unfortunately, on some systems this does not work).
      </para>

      <para>
        You may wish to use multiple profiles within firefox. To do that, invoke
        firefox as <command>firefox --ProfileManager</command>. You can also
        check which profile is currently in use from
        <command>about:profiles</command>.
      </para>

      <para>
        Although WebRender (using the GPU for compositing) is not used by
        default, it now appears to work well on supported hardware (ATI, Nvidia
        and Intel GPUs with Mesa-18 or later. For an explanation, please see
        <ulink
       url="https://hacks.mozilla.org/2017/10/the-whole-web-at-maximum-fps-how-webrender-gets-rid-of-jank/">hacks.mozilla.org</ulink>.
       The only downside seems to be that on a machine with limited RAM it might
       use more RAM.
     </para>

    <para>
      To check if WebRender is being used, look in about:support. In the Graphics
      section Compositing will either show 'Basic' (i.e. not in use) or
      'WebRender'. To enable it, go to about:config and change gfx.webrender.all
      to True. You will need to restart firefox.
    </para>

    <para>
      It may be useful to mention the processes from firefox which can appear in
      <command>top</command> - as well as firefox itself, there may be multiple
      Web Content processes, and now an RDD Process (Remote Data Decoder) which
      appears when playing web videos encoded with av1 (libdav1d). If WebRender
      has been enabled, a GPU Process will also appear when firefox has to
      repaint (e.g. scrolling, opening a new tab, or playing a video).
    </para>

    </sect3>
  </sect2>

  <sect2 role="content">
    <title>Contents</title>

    <segmentedlist>
      <segtitle>Installed Programs</segtitle>
      <segtitle>Installed Libraries</segtitle>
      <segtitle>Installed Directory</segtitle>

      <seglistitem>
        <seg>
          firefox
        </seg>
        <seg>
          Numerous libraries, browser components, plugins, extensions, and
          helper modules installed in /usr/lib/firefox
        </seg>
        <seg>
          /usr/lib/firefox and /usr/lib/mozilla
        </seg>
      </seglistitem>
    </segmentedlist>

    <variablelist>
      <bridgehead renderas="sect3">Short Descriptions</bridgehead>
      <?dbfo list-presentation="list"?>
      <?dbhtml list-presentation="table"?>

      <varlistentry id="firefox-prog">
        <term><command>firefox</command></term>
        <listitem>
          <para>
            is a <application>GTK+-3</application> internet browser that uses
            the Mozilla Gecko rendering engine
          </para>
          <indexterm zone="firefox firefox-prog">
            <primary sortas="b-firefox">firefox</primary>
          </indexterm>
        </listitem>
      </varlistentry>

    </variablelist>

  </sect2>

</sect1>