Chromium hint

willie at tuta.io willie at tuta.io
Thu Nov 26 11:32:07 PST 2015


AUTHOR: Willie Uvdel <willie at tuta.io>

DATE: 2015-11-26

LICENSE: GNU Free Documentation License

SYNOPSIS: How to compile and install Chromium on LFS

DESCRIPTION:
How to compile and install Chromium on LFS, covering most dependencies and
oddities.  Compiling Chromium can be a daunting task because of the large 
amount
of dependencies and the build system.

PREREQUISITES:
A complete LFS-system and a lot of BLFS packages. Linking may
require a 64 bit LFS version.

HINT:
--------------------------------------------------------------------------------

Chromium-46.0.2490.86
=====================

1. Introduction to Chromium
===========================
Chromium provides an open source browser from Google. It can be used as an
alternative, or in conjunction, with other graphical browsers, such as 
Firefox.
Compiling and installing Chromium is somewhat different from other (B)LFS
packages. Please note, Chrome is a different version of Chromium. The 
Chromium
browser is open source and can be used besides Chrome. Chrome includes Flash,
Google Update and a few proprietary plugins. Other than that, the browsers 
are
the same.

Compilation requires are least 4GB of memory and around 3GB - 5GB of free 
disk
space. Linking Chromium can fail on a 32 bit system (haven't tried this 
myself,
I only use 64-bit). It takes about 200 SBU to compile on 4 cores.

These instructions are based on the official Chromium wiki pages and the Arch
Linux and Gentoo build scripts.

2. Setting up the build
=======================
Create a directory to store the tarballs and patches. This hint assumes the
builddir contains the ninja source, Chromium source and the listed patches. 
The links for these packages are below.

* Optional, in your kernel enable: CONFIG_SECURITY_YAMA in the Security 
options.
This will strengthen the Chromium sandbox.

* Install the minizip libraries, these are needed for compiling Chromium.
Extract the zlib tarball used during the LFS install and run these commands.
./configure --prefix=/usr
make
cd contrib/minizip
rm -f Makefile
autoreconf -i
autoconf
automake --add-missing
automake
./configure --prefix=/usr
make
make install

* Compile ninja, this is the tool used to build Chromium, compilation time is
around 0.2 SBU.
Homepage: https://ninja-build.org
Download: https://github.com/ninja-build/ninja/archive/v1.6.0.tar.gz
MD5: 254133059f2da79d8727f654d7198f43

Compilation is simple, extract and run:
$ python2 configure.py --bootstrap

It will warn about a missing re2c package, but this package is not needed to
compile Chromium. Installation is not necessary, we only need it during
Chromium compilation. Keep these files for now.

Make sure to install xdg-utils or use the following one line xdg-open
replacement to satisfy Chromium.
# echo -e '#!/bin/bash'"\n/usr/bin/firefox \$1" > /usr/bin/xdg-open
# chmod 755 /usr/bin/xdg-open

Make sure your system has the following packages installed, you can use the
versions from the most recent stable BLFS book or newer versions. This list 
is
probably incomplete.
- libvpx-1.5.0 (compilation fails with 1.4.0)
- FFmpeg
- GnuTLS
- yasm
- FLAC
- Harfbuzz
- ICU
- libevent
- libpng
- libjpeg-turbo
- libxml
- libxslt
- GTK2
- x264
- libffi

Download the Chromium tarball. Chromium releases often, so make sure to
download the newest version. Chromium download location:
https://commondatastorage.googleapis.com/chromium-browser-official
chromium-46.0.2490.86.tar.xz
MD5: dadfd54a7fd1366688ff95f21c3bd1b7

Running Chromium also requires a launcher. Technically this is optional, but
this helps prevent warnings about missing API keys and the launcher is 
required
if you want to use Flash (which I don't recommend).
Download: https://github.com/foutrelis/chromium-launcher/archive/v3.tar.gz
MD5: bf6c9291237e4090d348ea126d26a9ec

Extract the source and compile. Compilation takes less than 0.1 SBU.
$ make PREFIX=/usr

Install the package.
# make PREFIX=/usr install

When running Chromium it complains about missing API keys. You can request 
API
keys from http://www.chromium.org/developers/how-tos/api-keys. The keys are
only used when communicating with certain Google sites.
You can safely disable the use of API keys with the following command.
# sed -i "s#exec '/usr/lib/chromium/chromium'#\
\# Disable missing API keys warning message\n\$ENV{GOOGLE_API_KEY} = 'no';\n\
\$ENV{GOOGLE_DEFAULT_CLIENT_ID} = 'no';\n\
\$ENV{GOOGLE_DEFAULT_CLIENT_SECRET} = 'no';\n\
\nexec '/usr/lib/chromium/chromium'#" /usr/bin/chromium

3. Compilation
==============
Extract the chromium source tarball, change directory to the extracted source
and prepare for building.

First make sure to use the system installed python2.
$ export PATH="$PWD/python2-path:$PATH"
$ find . -name '*.py' -exec sed -i -r 's|/usr/bin/python$|&2|g' {} +
$ mkdir python2-path
$ ln -s /usr/bin/python2 python2-path/python

Create an empty testfile to prevent compilation failure. See
https://groups.google.com/a/chromium.org/d/topic/chromium-packagers
9JX1N2nf4PU/discussion
$ touch chrome/test/data/webui/i18n_process_css_test.html

Make sure to use the system version of ICU by deleting the ICU files from the
source directory.
$ find third_party/icu -type f \! -regex '.*\.\(gyp\|gypi\|isolate\)' -delete

To use the system installed ffmpeg version use the following patch. Place it
in the builddir (..)
Download: http://ltsp.mirrors.tds.net/pub/gentoo-portage/www-client/chromium
          files/chromium-system-ffmpeg-r0.patch
MD5: 5b580bc4db44d20d433697460f20cf8b

$ patch -Np1 -i ../chromium-system-ffmpeg-r0.patch

Compilation options can be set by providing an array to the ninja build
program. Enter the following command, this is only tested in Bash, but should
probably work in other shells as well.

_chromium_conf=(
  -Dwerror=
  -Dclang=0
  -Dpython_ver=2.7
  -Dlinux_link_gsettings=1
  -Dlinux_link_libpci=1
  -Dlinux_link_libspeechd=0
  -Duse_kerberos=0
  -Duse_pulseaudio=0
  -Dlinux_strip_binary=1
  -Dlinux_use_bundled_binutils=0
  -Dlinux_use_bundled_gold=0
  -Dlinux_use_gold_flags=0
  -Dicu_use_data_file_flag=0
  -Dlogging_like_official_build=1
  -Drelease_extra_cflags="$CFLAGS"
  -Dffmpeg_branding=Chrome
  -Dproprietary_codecs=1
  -Duse_gnome_keyring=0
  -Duse_system_bzip2=1
  -Duse_system_flac=1
  -Duse_system_ffmpeg=1
  -Duse_system_harfbuzz=1
  -Duse_system_icu=1
  -Duse_system_libevent=1
  -Duse_system_libjpeg=1
  -Duse_system_libpng=1
  -Duse_system_libvpx=1
  -Duse_system_libxml=1
  -Duse_system_libxslt=1
  -Duse_system_minizip=1
  -Duse_system_snappy=0
  -Duse_system_xdg_utils=1
  -Duse_system_yasm=1
  -Duse_system_zlib=1
  -Duse_mojo=0
  -Duse_gconf=0
  -Ddisable_fatal_linker_warnings=1
  -Ddisable_glibc=1
  -Ddisable_nacl=1
  -Denable_webrtc=0
  -Dtracing_like_official_build=1
  -Dfieldtrial_testing_like_official_build=1
  -Ddisable_pnacl=1)

Most options should be self explanatory. Some options are sparsely documented
online or mentioned in the source. Some notable options:
- Denable_webrtc=0. Set this to 1 to enable webrtc, this has certain security
  implications, see Wikipedia for example for a discussion.
- Ddisable_glibc=1. This disables Chromium from compiling some internal glibc
  code, which is already on the LFS system.
- Duse_pulseaudio=0. Set to 1 if PulseAudio is installed.

Finally, the package is ready for compilation, which takes a long time. Make
sure the compiled ninja package is still available in the parent directory.

$ build/linux/unbundle/replace_gyp_files.py "${_chromium_conf[@]}"
$ build/gyp_chromium --depth=. "${_chromium_conf[@]}"
$ ../ninja-1.6.0/ninja -C out/Release chrome chrome_sandbox chromedriver

Ignore the errors that state: "builds involving this target will not be
correct"

4. Installation
===============
There is no "make install", installation requires copying the compiled files 
to
some system location. I choose /usr/lib/chromium, which makes upgrading easy 
by
removing /usr/lib/chromium and installing the new files. You might want to 
use
a versioned directory, such as /usr/lib/chromium-46.0.2490.86 which is more
consistent with LFS.

Personally, I create a zip of the compiled Chromium package so I can easily
install it on multiple systems. From the compiled source directory run these
commands.
$ CVERSION=46.0.2490.86
$ mkdir -p ../chromium-$CVERSION-compiled/{chromium,man}
$ cp out/Release/chrome ../chromium-$CVERSION-compiled/chromium/chromium
$ cp out/Release/chrome_sandbox \
  ../chromium-$CVERSION-compiled/chromium/chrome-sandbox
$ cp out/Release/chromedriver ../chromium-$CVERSION-compiled/chromium
$ cp out/Release/{*.pak,*.bin} ../chromium-$CVERSION-compiled/chromium
$ cp -r out/Release/locales ../chromium-$CVERSION-compiled/chromium
$ cp out/Release/chrome.1 ../chromium-$CVERSION-compiled/man
$ cd ..
$ tar cJvf chromium-$CVERSION-compiled.tar.xz chromium-$CVERSION-compiled
$ rm -fr chromium-$CVERSION-compiled

The resulting package can be installed on multiple systems, as long as each
system has the same dependencies installed and you use generic CFLAGS when
compiling, such as "-march=x86-64 -O2 -pipe"

Install the package as root:
# CVERSION=46.0.2490.86
# tar Jxf chromium-$CVERSION-compiled.tar.xz
# cd chromium-$CVERSION-compiled
# mv chromium /usr/lib

Make sure root owns everything in the install dir:
# chown root:root /usr/lib/chromium -R

Set the Chromium sandbox setuid, although this might seem counter intuitive
this helps Chromium drop privileges after starting.
# chmod 4755 /usr/lib/chromium/chrome-sandbox

Install the man page
# install -Dm644 man/chrome.1 /usr/share/man/man1/chromium.1

Finally, create /usr/share/applications/chromium.desktop with 644 
permissions.
This is optional but makes Chromium show up in your Desktop Environment. You
can use the desktop file provided by Arch Linux:
https://projects.archlinux.org/svntogit/packages.git/plain
trunk/chromium.desktop?h=packages/chromium

5. Checks
=========
Open Chromium and type in this URL: chrome://sandbox
The page should say: "You are adequately sandboxed." On my system every 
setting
is on Yes, except the Namespace Sandbox. If you haven't enabled the YAMA
security settings in your kernel config this settings is "No" as well.

6. Privacy
==========
Unfortunately Chromium includes some code that might violate your privacy. 
For
example, the URL bar sends an identifier to Google to search for the
geographically closest search provider. Users may not be comfortable with
Chromium contacting Google or other companies. To prevent this you can use 
the
Inox patchset, which provides a set of patches to increase privacy.
These patches can be applied after decompressing the source. The author also
recommends some changes to the _chromium_conf variable. I've tested Chromium
with and without these patches and settings, both work fine.
https://github.com/gcarq/inox-patchset

An alternative is the Iridium browser which does something similar and is a
fork of Chromium. I have no experience with this browser.

ACKNOWLEDGEMENTS:
* Arch Linux Chromium package maintainers
* Gentoo Chromium package maintainers

--------------------------------------------------------------------------------
CHANGELOG:
[2015-11-26]
  * Initial revision.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfromscratch.org/pipermail/hints/attachments/20151126/6c6c2775/attachment.html>


More information about the hints mailing list