Opened 18 years ago
Closed 18 years ago
#1906 closed task (fixed)
Firefox-1.5.0.2
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | normal | Milestone: | 6.2.0 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | firefox |
| Cc: |
Description
Version upgrade. New release contains mostly bug and security fixes:
http://www.squarefree.com/burningedge/releases/1.5.0.2.html
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox1.5.0.2
Change History (13)
comment:1 by , 18 years ago
comment:2 by , 18 years ago
I'm going to take this update as a chance to suggest that we drop the suggestion to run firefox as root and instead use the new firefox switch called -register. I've tested running firefox as root and firefox -register on a fresh build. Ignoring the files in root's .mozilla directory, these are the files affected by either:
/usr/lib/firefox-1.5.0.1/components/compreg.dat /usr/lib/firefox-1.5.0.1/components/xpti.dat
Firefox ran fine after only using firefox -register. This is nice because the build can be contained. No starting an X session for root and creating a firefox profile.
Paldo is using this:
http://www.paldo.org/paldo/specs/firefox.xml
RedHat simply touches the compreg.dat and xpti.dat files at the conclusion of the build:
http://cvs.fedora.redhat.com/viewcvs/devel/firefox/firefox.spec?view=markup
comment:3 by , 18 years ago
I still don't know why that's needed. I've been installing Firefox, installing and copying all the files according to BLFS instructions, then running as a regular user (never once running it as root), for weeks (ever since 1.5 was added to BLFS) without problems. Or is there some subtle functionality (that I'm somehow not even seeing) missing if you don't update those files?
comment:4 by , 18 years ago
I believe the biggest reason it is in there is because there is a big fat warning on the mozilla installation instruction page to do it. I have no clue what subtle effects there may be if those files are not updated.
comment:5 by , 18 years ago
OK, I'm not seeing the warning on the mozilla website, but since it does update stuff in the installation dir I'm not going to dispute it. I was mostly wondering because I know that firefox 1.0.x simply refused to start at all if you never ran it as root (thus the reason for the "run as root" instruction was obvious), but 1.5 appears to work fine.
comment:6 by , 18 years ago
Chris,
You may very well be right. As I said, I don't know. However, on this page - http://www.mozilla.com/firefox/releases/1.5.0.2.html#install under the "Known Issues - All Systems" heading, it says this:
If Firefox 1.5.0.2 is installed on a multi-user system in a location which is not writable by users, Firefox must be run once by a privileged user. If this is not desirable, an empty file must be created in the following directory: <install-directory>/extensions/talkback@…/chrome.manifest
=================================================================
Perhaps the book could be updated to include a choice of running once as root, or doing the empty directory thing for folks that don't wish to run once as root.
comment:7 by , 18 years ago
If there's an alternative way, that doesn't involve running Firefox as root, we should do it. I never run Firefox as root and it doesn't cause me (or any other user) any problems.
comment:9 by , 18 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
I just built this today. Same as 1.5.0.1. I'm proposing replacing the "run as root" part with
install -v -m755 /usr/lib/firefox-1.5.0.2/extensions/talkback\@mozilla.org touch /usr/lib/firefox-1.5.0.2/extensions/talkback\@mozilla.org/chrome.manifest
I do run firefox -register, and it does generate files in /usr/lib/firefox-*, no one else seems to have problems with this. It can be revisited later if necessary.
Thoughts?
comment:10 by , 18 years ago
My personal preference is to leave it as it is. It is recommended by Moz, and what you suggests, seems to be more of a workaround for folks that *cannot* run as root one time. We don't have support issues and everything just works. Why change?
root gets a .firefox or whatever. so what?
comment:11 by , 18 years ago
The reason I want to change it is two-fold.
- This is the only reason I ever had to log into X with root.
- The build isn't self contained unless your logged into X with root when you begin.
However, if we've really gone to bug-fix mode, we can talk about this later.
comment:12 by , 18 years ago
I suppose I've never looked at it like that. I build in an X-term on a PC separate from the machine I'm building on. I use hummingbird for X, whereas I'm sure putty would provide the same.
Anyway, I *always* use a dedicated build user and never log into X using root. I simply 'su' and then run firefox one time, close the window and exit the su shell. I never looked at that as logging into X as root.
Do what you think is best. You asked for comments, I provided one, now you provide additional comments to counter my comments. :-)
It is a minor thing to me. As mentioned, do what you think is best. I know Andy doesn't have an issue, so perhaps just go with the majority, which right now is to not mention root.
However, I'll offer one more opinion. Since moz recommends running one time as root, perhaps phrasing the message something like:
"Though the Moz developers recommend running firefox as the root user one time, BLFS testing has shown that equivalent functionality is provided by doing this instead (this is also mentioned by the Moz devs if running as root is not available, or desired):"
comment:13 by , 18 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Update committed in r5908. We can revisit the "run as root" issue later if we want. It's not that important, and there's no consensus.
I put this up without incident. The system-nss patch applies fine with offsets. If anything is seriously wrong I haven't stumbled on it yet. - Marty Jack