Linux Archive - Firefox won't compile on hardened profile

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 15.02.2012 17:39, Grant wrote:
>>>>> Firefox won't compile on my system due to the issue
>>>>> described here:
>>>>>
>>>>> http://www.gossamer-threads.com/lists/gentoo/hardened/245060
>>>>
>>>>
>>>>>
FWIW: I had no trouble compiling Firefox 9.0 on my amd64 system
>>>> using the current stable 3.2.2-r1 kernel, gcc 4.5.3,
>>>> grsec/pax enabled.
>>>
>>> To confirm, you aren't on a hardened profile?
>>
>> I am on a hardened profile, currently using
>> hardened/linux/amd64/no-multilib/selinux profile, only running
>> stable software.
>
> I don't get it then. Does anyone know why I can't compile Firefox
> as described in the link above? This sums it up:
>
> "firefox-9.0 ebuild stalls at the install phase while xpcshell
> command tops CPU usage for hours."
>
> Although xpcshell doesn't use any CPU for me. It just sits there
> and the install phase doesn't proceed.
>
> - Grant
>

I can compile Icecat with a customized ebuild. since it's basically
the same as Firefox, maybe that helps. Basically it disables jit.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPO+caAAoJEJwwOFaNFkYcuugH/jTv4dy6tQ6PnC6ZqHioUOiK
U6xdXra8jxS1Wi9y6iVr1mRmycXZZv8GD5ZLjs4BJl3Uofyfoq LmjTt0R+myn5R9
1ovZD9y1tTYIRRnA+HI7d7ZuNLwTULLcCmmXL7/TIg/1spi7K5JCKmbTGLPvcAJ+
MyrLSeiyCTK6iI384legi13Mw7B7k4G6Y0ZS1izZah/zno0uiPawLjcIE6LJPsMP
UhOMiW4YY5Xn+jdNqaHWN/87E3+Y+OUWCLqrP+8itK2afQoj5l4zs9b8JUcdEHPs
Y5JgI5dtGrWndkJMklerzSXQ20/8EKg1lJCxmHS7Ii85Icd3RxF3xwE2PjAVI1U=
=zfn0
-----END PGP SIGNATURE-----
# Copyright 1999-2012 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/www-client/icecat/icecat-10.0-r1.ebuild,v 1.1 2012/02/13 17:25:09 polynomial-c Exp $

EAPI="3"
VIRTUALX_REQUIRED="pgo"
WANT_AUTOCONF="2.1"

# This list can be updated with scripts/get_langs.sh from the mozilla overlay
MOZ_LANGS=(af ak ar as ast be bg bn-BD bn-IN br bs ca cs csb cy da de el en
en-GB en-US en-ZA eo es-AR es-CL es-ES es-MX et eu fa fi fr fy-NL ga-IE gd gl
gu-IN he hi-IN hr hu hy-AM id is it ja kk kn ko ku lg lt lv mai mk ml mr nb-NO
nl nn-NO nso or pa-IN pl pt-BR pt-PT rm ro ru si sk sl son sq sr sv-SE ta ta-LK
te th tr uk vi zh-CN zh-TW zu)

# Convert the ebuild version to the upstream mozilla version, used by mozlinguas
MOZ_PV="${PV/_alpha/a}" # Handle alpha for SRC_URI
MOZ_PV="${MOZ_PV/_beta/b}" # Handle beta for SRC_URI
MOZ_PV="${MOZ_PV/_rc/rc}" # Handle rc for SRC_URI

# Patch version
PATCH="firefox-10.0-patches-0.5"
# Upstream ftp release URI that's used by mozlinguas.eclass
# We don't use the http mirror because it deletes old tarballs.
MOZ_FTP_URI="ftp://ftp.mozilla.org/pub/firefox/releases"

inherit check-reqs flag-o-matic toolchain-funcs eutils gnome2-utils mozconfig-3 multilib pax-utils fdo-mime autotools python virtualx nsplugins mozlinguas

DESCRIPTION="GNU project's edition of Mozilla Firefox"
HOMEPAGE="http://www.gnu.org/software/gnuzilla/"

KEYWORDS="~amd64 ~ppc ~ppc64 ~x86"
SLOT="0"
LICENSE="|| ( MPL-1.1 GPL-2 LGPL-2.1 )"
IUSE="+crashreporter +ipc pgo methodjit tracejit pax_kernel selinux
system-sqlite +webm"

# More URIs appended below...
SRC_URI="${SRC_URI}
mirror://gnu/gnuzilla/${MOZ_PV}/${PN}-${MOZ_PV}.tar.xz
http://dev.gentoo.org/~anarchy/mozilla/patchsets/${PATCH}.tar.xz
http://dev.gentoo.org/~polynomial-c/mozilla/ff1001.diff"

ASM_DEPEND=">=dev-lang/yasm-1.1"

# Mesa 7.10 needed for WebGL + bugfixes
RDEPEND="
>=sys-devel/binutils-2.16.1
>=dev-libs/nss-3.13.1
>=dev-libs/nspr-4.8.8
>=dev-libs/glib-2.26:2
>=media-libs/mesa-7.10
media-libs/libpng[apng]
virtual/libffi
system-sqlite? ( >=dev-db/sqlite-3.7.7.1[fts3,secure-delete,threadsafe,unlock-notify,debug=] )
webm? ( >=media-libs/libvpx-0.9.7
media-libs/alsa-lib )
crashreporter? ( net-misc/curl )
selinux? ( sec-policy/selinux-mozilla )"
# We don't use PYTHON_DEPEND/PYTHON_USE_WITH for some silly reason
DEPEND="${RDEPEND}
dev-util/pkgconfig
pgo? (
=dev-lang/python-2*[sqlite]
>=sys-devel/gcc-4.5 )
webm? ( x86? ( ${ASM_DEPEND} )
amd64? ( ${ASM_DEPEND} ) )"

QA_PRESTRIPPED="usr/$(get_libdir)/${PN}/${PN}"

pkg_setup() {
moz_pkgsetup

# Avoid PGO profiling problems due to enviroment leakage
# These should *always* be cleaned up anyway
unset DBUS_SESSION_BUS_ADDRESS
DISPLAY
ORBIT_SOCKETDIR
SESSION_MANAGER
XDG_SESSION_COOKIE
XAUTHORITY

if use pgo ; then
einfo
ewarn "You will do a double build for profile guided optimization."
ewarn "This will result in your build taking at least twice as long as before."
fi

# Ensure we have enough disk space to compile
if use pgo || use debug || use test ; then
CHECKREQS_DISK_BUILD="8G"
else
CHECKREQS_DISK_BUILD="4G"
fi
check-reqs_pkg_setup
}

src_unpack() {
unpack ${A}

# Unpack language packs
mozlinguas_src_unpack
}

src_prepare() {
# Make this a 10.0.1 release
epatch "${DISTDIR}"/ff1001.diff

# Fix preferences location
sed -i 's|defaults/pref/|defaults/preferences/|' browser/installer/packages-static || die "sed failed"
# Apply our patches
EPATCH_EXCLUDE="2000-firefox_gentoo_install_dirs.patch"
EPATCH_SUFFIX="patch"
EPATCH_FORCE="yes"
epatch "${WORKDIR}/firefox"

epatch "${FILESDIR}"/2000-icecat-6_gentoo_install_dirs.patch

# Allow user to apply any additional patches without modifing ebuild
epatch_user

# Fix rebranding
sed -i 's|$(DIST)/bin/firefox|$(DIST)/bin/icecat|' browser/app/Makefile.in

# Enable gnomebreakpad
if use debug ; then
sed -i -e "s:GNOME_DISABLE_CRASH_DIALOG=1:GNOME_DISABLE_CRAS H_DIALOG=0:g"
"${S}"/build/unix/run-mozilla.sh || die "sed failed!"
fi

# Disable gnomevfs extension
sed -i -e "s:gnomevfs::" "${S}/"browser/confvars.sh
-e "s:gnomevfs::" "${S}/"xulrunner/confvars.sh
|| die "Failed to remove gnomevfs extension"

# Ensure that are plugins dir is enabled as default
sed -i -e "s:/usr/lib/mozilla/plugins:/usr/$(get_libdir)/nsbrowser/plugins:"
"${S}"/xpcom/io/nsAppFileLocationProvider.cpp || die "sed failed to replace plugin path!"

# Fix sandbox violations during make clean, bug 372817
sed -e "s:(/no-such-file):${T}1:g"
-i "${S}"/config/rules.mk
-i "${S}"/js/src/config/rules.mk
-i "${S}"/nsprpub/configure{.in,}
|| die

#Fix compilation with curl-7.21.7 bug 376027
sed -e '/#include <curl/types.h>/d'
-i "${S}"/toolkit/crashreporter/google-breakpad/src/common/linux/http_upload.cc
-i "${S}"/toolkit/crashreporter/google-breakpad/src/common/linux/libcurl_wrapper.cc
-i "${S}"/config/system-headers
-i "${S}"/js/src/config/system-headers || die "Sed failed"

eautoreconf
}

src_configure() {
# We will build our own .mozconfig
rm "${S}"/.mozconfig

MOZILLA_FIVE_HOME="/usr/$(get_libdir)/${PN}"
MEXTENSIONS="default"

####################################
#
# mozconfig, CFLAGS and CXXFLAGS setup
#
####################################

mozconfig_init
mozconfig_config

# It doesn't compile on alpha without this LDFLAGS
use alpha && append-ldflags "-Wl,--no-relax"

# Specific settings for icecat
echo "export MOZ_PHOENIX=1" >> "${S}"/.mozconfig
echo "mk_add_options MOZ_PHOENIX=1" "${S}"/.mozconfig
mozconfig_annotate ' --with-branding=browser/branding/unofficial
mozconfig_annotate ' --disable-official-branding
mozconfig_annotate ' --with-user-appdir=.icecat

mozconfig_annotate ' --prefix="${EPREFIX}"/usr
mozconfig_annotate ' --libdir="${EPREFIX}"/usr/$(get_libdir)
mozconfig_annotate ' --enable-extensions="${MEXTENSIONS}"
mozconfig_annotate ' --disable-gconf
mozconfig_annotate ' --disable-mailnews
mozconfig_annotate ' --enable-canvas
mozconfig_annotate ' --enable-safe-browsing
mozconfig_annotate ' --with-system-png
mozconfig_annotate ' --enable-system-ffi

# Other browser-specific settings
mozconfig_annotate ' --with-default-mozilla-five-home=${MOZILLA_FIVE_HOME}
mozconfig_annotate ' --target="${CTARGET:-${CHOST}}"

mozconfig_use_enable system-sqlite

# Allow for a proper pgo build
if use pgo ; then
echo "mk_add_options PROFILE_GEN_SCRIPT='$(PYTHON) $(OBJDIR)/_profile/pgo/profileserver.py'" >> "${S}"/.mozconfig
fi

if use pax_kernel; then
mozconfig_annotate ' --disable-methodjit
mozconfig_annotate ' --disable-tracejit
fi

# Finalize and report settings
mozconfig_final

if [[ $(gcc-major-version) -lt 4 ]]; then
append-cxxflags -fno-stack-protector
elif [[ $(gcc-major-version) -gt 4 || $(gcc-minor-version) -gt 3 ]]; then
if use amd64 || use x86; then
append-flags -mno-avx
fi
fi
}

src_compile() {
if use pgo; then
addpredict /root
addpredict /etc/gconf
# Reset and cleanup environment variables used by GNOME/XDG
gnome2_environment_reset

# icecat tries to use dri stuff when it's run, see bug 380283
shopt -s nullglob
cards=$(echo -n /dev/dri/card* | sed 's/ /:/g')
if test -n "${cards}"; then
# FOSS drivers are fine
addpredict "${cards}"
else
cards=$(echo -n /dev/ati/card* /dev/nvidiactl* | sed 's/ /:/g')
if test -n "${cards}"; then
# Binary drivers seem to cause access violations anyway, so
# let's use indirect rendering so that the device files aren't
# touched at all. See bug 394715.
export LIBGL_ALWAYS_INDIRECT=1
fi
fi
shopt -u nullglob

CC="$(tc-getCC)" CXX="$(tc-getCXX)" LD="$(tc-getLD)"
MOZ_MAKE_FLAGS="${MAKEOPTS}"
Xemake -f client.mk profiledbuild || die "Xemake failed"
else
CC="$(tc-getCC)" CXX="$(tc-getCXX)" LD="$(tc-getLD)"
MOZ_MAKE_FLAGS="${MAKEOPTS}"
emake -f client.mk || die "emake failed"
fi

}

src_install() {
MOZILLA_FIVE_HOME="/usr/$(get_libdir)/${PN}"

# MOZ_BUILD_ROOT, and hence OBJ_DIR change depending on arch, compiler, pgo, etc.
local obj_dir="$(echo */config.log)"
obj_dir="${obj_dir%/*}"
cd "${S}/${obj_dir}"

# Pax mark xpcshell for hardened support, only used for startupcache creation.
pax-mark m "${S}/${obj_dir}"/dist/bin/xpcshell

# Add our default prefs for firefox + xulrunner
cp "${FILESDIR}"/gentoo-default-prefs.js-1
"${S}/${obj_dir}/dist/bin/defaults/pref/all-gentoo.js" || die

MOZ_MAKE_FLAGS="${MAKEOPTS}"
emake DESTDIR="${D}" install || die "emake install failed"

# Install language packs
mozlinguas_src_install

local size sizes icon_path icon name

sizes="16 32 48"
icon_path="${S}/browser/branding/unofficial"

# Install icons and .desktop for menu entry
for size in ${sizes}; do
insinto "/usr/share/icons/hicolor/${size}x${size}/apps"
newins "${icon_path}/default${size}.png" "${PN}.png" || die
done
# The 128x128 icon has a different name
insinto "/usr/share/icons/hicolor/128x128/apps"
newins "${icon_path}/mozicon128.png" "${PN}.png" || die
# Install a 48x48 icon into /usr/share/pixmaps for legacy DEs
newicon "${icon_path}/content/icon48.png" "${PN}.png" || die
newmenu "${FILESDIR}/icon/${PN}.desktop" "${PN}.desktop" || die
sed -e "/^Icon/s:${PN}-icon:${PN}:" -i
"${ED}/usr/share/applications/${PN}.desktop" || die

# Add StartupNotify=true bug 237317
if use startup-notification ; then
echo "StartupNotify=true" >> "${ED}/usr/share/applications/${PN}.desktop"
fi

# Required in order to use plugins and even run firefox on hardened.
pax-mark m "${ED}"${MOZILLA_FIVE_HOME}/{${PN}{,-bin},plugin-container}

# Plugins dir
share_plugins_dir
}

pkg_preinst() {
gnome2_icon_savelist
}

pkg_postinst() {
# Update mimedb for the new .desktop file
fdo-mime_desktop_database_update
gnome2_icon_cache_update
}

pkg_postrm() {
gnome2_icon_cache_update
}