Chromium hint

willie at willie at
Thu Nov 26 11:32:07 PST 2015

AUTHOR: Willie Uvdel <willie at>

DATE: 2015-11-26

LICENSE: GNU Free Documentation License

SYNOPSIS: How to compile and install Chromium on LFS

How to compile and install Chromium on LFS, covering most dependencies and
oddities.  Compiling Chromium can be a daunting task because of the large 
of dependencies and the build system.

A complete LFS-system and a lot of BLFS packages. Linking may
require a 64 bit LFS version.



1. Introduction to Chromium
Chromium provides an open source browser from Google. It can be used as an
alternative, or in conjunction, with other graphical browsers, such as 
Compiling and installing Chromium is somewhat different from other (B)LFS
packages. Please note, Chrome is a different version of Chromium. The 
browser is open source and can be used besides Chrome. Chrome includes Flash,
Google Update and a few proprietary plugins. Other than that, the browsers 
the same.

Compilation requires are least 4GB of memory and around 3GB - 5GB of free 
space. Linking Chromium can fail on a 32 bit system (haven't tried this 
I only use 64-bit). It takes about 200 SBU to compile on 4 cores.

These instructions are based on the official Chromium wiki pages and the Arch
Linux and Gentoo build scripts.

2. Setting up the build
Create a directory to store the tarballs and patches. This hint assumes the
builddir contains the ninja source, Chromium source and the listed patches. 
The links for these packages are below.

* Optional, in your kernel enable: CONFIG_SECURITY_YAMA in the Security 
This will strengthen the Chromium sandbox.

* Install the minizip libraries, these are needed for compiling Chromium.
Extract the zlib tarball used during the LFS install and run these commands.
./configure --prefix=/usr
cd contrib/minizip
rm -f Makefile
autoreconf -i
automake --add-missing
./configure --prefix=/usr
make install

* Compile ninja, this is the tool used to build Chromium, compilation time is
around 0.2 SBU.
MD5: 254133059f2da79d8727f654d7198f43

Compilation is simple, extract and run:
$ python2 --bootstrap

It will warn about a missing re2c package, but this package is not needed to
compile Chromium. Installation is not necessary, we only need it during
Chromium compilation. Keep these files for now.

Make sure to install xdg-utils or use the following one line xdg-open
replacement to satisfy Chromium.
# echo -e '#!/bin/bash'"\n/usr/bin/firefox \$1" > /usr/bin/xdg-open
# chmod 755 /usr/bin/xdg-open

Make sure your system has the following packages installed, you can use the
versions from the most recent stable BLFS book or newer versions. This list 
probably incomplete.
- libvpx-1.5.0 (compilation fails with 1.4.0)
- FFmpeg
- GnuTLS
- yasm
- Harfbuzz
- libevent
- libpng
- libjpeg-turbo
- libxml
- libxslt
- GTK2
- x264
- libffi

Download the Chromium tarball. Chromium releases often, so make sure to
download the newest version. Chromium download location:
MD5: dadfd54a7fd1366688ff95f21c3bd1b7

Running Chromium also requires a launcher. Technically this is optional, but
this helps prevent warnings about missing API keys and the launcher is 
if you want to use Flash (which I don't recommend).
MD5: bf6c9291237e4090d348ea126d26a9ec

Extract the source and compile. Compilation takes less than 0.1 SBU.
$ make PREFIX=/usr

Install the package.
# make PREFIX=/usr install

When running Chromium it complains about missing API keys. You can request 
keys from The keys are
only used when communicating with certain Google sites.
You can safely disable the use of API keys with the following command.
# sed -i "s#exec '/usr/lib/chromium/chromium'#\
\# Disable missing API keys warning message\n\$ENV{GOOGLE_API_KEY} = 'no';\n\
\nexec '/usr/lib/chromium/chromium'#" /usr/bin/chromium

3. Compilation
Extract the chromium source tarball, change directory to the extracted source
and prepare for building.

First make sure to use the system installed python2.
$ export PATH="$PWD/python2-path:$PATH"
$ find . -name '*.py' -exec sed -i -r 's|/usr/bin/python$|&2|g' {} +
$ mkdir python2-path
$ ln -s /usr/bin/python2 python2-path/python

Create an empty testfile to prevent compilation failure. See
$ touch chrome/test/data/webui/i18n_process_css_test.html

Make sure to use the system version of ICU by deleting the ICU files from the
source directory.
$ find third_party/icu -type f \! -regex '.*\.\(gyp\|gypi\|isolate\)' -delete

To use the system installed ffmpeg version use the following patch. Place it
in the builddir (..)
MD5: 5b580bc4db44d20d433697460f20cf8b

$ patch -Np1 -i ../chromium-system-ffmpeg-r0.patch

Compilation options can be set by providing an array to the ninja build
program. Enter the following command, this is only tested in Bash, but should
probably work in other shells as well.


Most options should be self explanatory. Some options are sparsely documented
online or mentioned in the source. Some notable options:
- Denable_webrtc=0. Set this to 1 to enable webrtc, this has certain security
  implications, see Wikipedia for example for a discussion.
- Ddisable_glibc=1. This disables Chromium from compiling some internal glibc
  code, which is already on the LFS system.
- Duse_pulseaudio=0. Set to 1 if PulseAudio is installed.

Finally, the package is ready for compilation, which takes a long time. Make
sure the compiled ninja package is still available in the parent directory.

$ build/linux/unbundle/ "${_chromium_conf[@]}"
$ build/gyp_chromium --depth=. "${_chromium_conf[@]}"
$ ../ninja-1.6.0/ninja -C out/Release chrome chrome_sandbox chromedriver

Ignore the errors that state: "builds involving this target will not be

4. Installation
There is no "make install", installation requires copying the compiled files 
some system location. I choose /usr/lib/chromium, which makes upgrading easy 
removing /usr/lib/chromium and installing the new files. You might want to 
a versioned directory, such as /usr/lib/chromium-46.0.2490.86 which is more
consistent with LFS.

Personally, I create a zip of the compiled Chromium package so I can easily
install it on multiple systems. From the compiled source directory run these
$ CVERSION=46.0.2490.86
$ mkdir -p ../chromium-$CVERSION-compiled/{chromium,man}
$ cp out/Release/chrome ../chromium-$CVERSION-compiled/chromium/chromium
$ cp out/Release/chrome_sandbox \
$ cp out/Release/chromedriver ../chromium-$CVERSION-compiled/chromium
$ cp out/Release/{*.pak,*.bin} ../chromium-$CVERSION-compiled/chromium
$ cp -r out/Release/locales ../chromium-$CVERSION-compiled/chromium
$ cp out/Release/chrome.1 ../chromium-$CVERSION-compiled/man
$ cd ..
$ tar cJvf chromium-$CVERSION-compiled.tar.xz chromium-$CVERSION-compiled
$ rm -fr chromium-$CVERSION-compiled

The resulting package can be installed on multiple systems, as long as each
system has the same dependencies installed and you use generic CFLAGS when
compiling, such as "-march=x86-64 -O2 -pipe"

Install the package as root:
# CVERSION=46.0.2490.86
# tar Jxf chromium-$CVERSION-compiled.tar.xz
# cd chromium-$CVERSION-compiled
# mv chromium /usr/lib

Make sure root owns everything in the install dir:
# chown root:root /usr/lib/chromium -R

Set the Chromium sandbox setuid, although this might seem counter intuitive
this helps Chromium drop privileges after starting.
# chmod 4755 /usr/lib/chromium/chrome-sandbox

Install the man page
# install -Dm644 man/chrome.1 /usr/share/man/man1/chromium.1

Finally, create /usr/share/applications/chromium.desktop with 644 
This is optional but makes Chromium show up in your Desktop Environment. You
can use the desktop file provided by Arch Linux:

5. Checks
Open Chromium and type in this URL: chrome://sandbox
The page should say: "You are adequately sandboxed." On my system every 
is on Yes, except the Namespace Sandbox. If you haven't enabled the YAMA
security settings in your kernel config this settings is "No" as well.

6. Privacy
Unfortunately Chromium includes some code that might violate your privacy. 
example, the URL bar sends an identifier to Google to search for the
geographically closest search provider. Users may not be comfortable with
Chromium contacting Google or other companies. To prevent this you can use 
Inox patchset, which provides a set of patches to increase privacy.
These patches can be applied after decompressing the source. The author also
recommends some changes to the _chromium_conf variable. I've tested Chromium
with and without these patches and settings, both work fine.

An alternative is the Iridium browser which does something similar and is a
fork of Chromium. I have no experience with this browser.

* Arch Linux Chromium package maintainers
* Gentoo Chromium package maintainers

  * Initial revision.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the hints mailing list