AUTHOR: Willie Uvdel <[email protected]> DATE: 2015-11-26
LICENSE: GNU Free Documentation License SYNOPSIS: How to compile and install Chromium on LFS DESCRIPTION: How to compile and install Chromium on LFS, covering most dependencies and oddities. Compiling Chromium can be a daunting task because of the large amount of dependencies and the build system. PREREQUISITES: A complete LFS-system and a lot of BLFS packages. Linking may require a 64 bit LFS version. HINT: -------------------------------------------------------------------------------- Chromium-46.0.2490.86 ===================== 1. Introduction to Chromium =========================== Chromium provides an open source browser from Google. It can be used as an alternative, or in conjunction, with other graphical browsers, such as Firefox. Compiling and installing Chromium is somewhat different from other (B)LFS packages. Please note, Chrome is a different version of Chromium. The Chromium browser is open source and can be used besides Chrome. Chrome includes Flash, Google Update and a few proprietary plugins. Other than that, the browsers are the same. Compilation requires are least 4GB of memory and around 3GB - 5GB of free disk space. Linking Chromium can fail on a 32 bit system (haven't tried this myself, I only use 64-bit). It takes about 200 SBU to compile on 4 cores. These instructions are based on the official Chromium wiki pages and the Arch Linux and Gentoo build scripts. 2. Setting up the build ======================= Create a directory to store the tarballs and patches. This hint assumes the builddir contains the ninja source, Chromium source and the listed patches. The links for these packages are below. * Optional, in your kernel enable: CONFIG_SECURITY_YAMA in the Security options. This will strengthen the Chromium sandbox. * Install the minizip libraries, these are needed for compiling Chromium. Extract the zlib tarball used during the LFS install and run these commands. ./configure --prefix=/usr make cd contrib/minizip rm -f Makefile autoreconf -i autoconf automake --add-missing automake ./configure --prefix=/usr make make install * Compile ninja, this is the tool used to build Chromium, compilation time is around 0.2 SBU. Homepage: https://ninja-build.org Download: https://github.com/ninja-build/ninja/archive/v1.6.0.tar.gz MD5: 254133059f2da79d8727f654d7198f43 Compilation is simple, extract and run: $ python2 configure.py --bootstrap It will warn about a missing re2c package, but this package is not needed to compile Chromium. Installation is not necessary, we only need it during Chromium compilation. Keep these files for now. Make sure to install xdg-utils or use the following one line xdg-open replacement to satisfy Chromium. # echo -e '#!/bin/bash'"\n/usr/bin/firefox \$1" > /usr/bin/xdg-open # chmod 755 /usr/bin/xdg-open Make sure your system has the following packages installed, you can use the versions from the most recent stable BLFS book or newer versions. This list is probably incomplete. - libvpx-1.5.0 (compilation fails with 1.4.0) - FFmpeg - GnuTLS - yasm - FLAC - Harfbuzz - ICU - libevent - libpng - libjpeg-turbo - libxml - libxslt - GTK2 - x264 - libffi Download the Chromium tarball. Chromium releases often, so make sure to download the newest version. Chromium download location: https://commondatastorage.googleapis.com/chromium-browser-official chromium-46.0.2490.86.tar.xz MD5: dadfd54a7fd1366688ff95f21c3bd1b7 Running Chromium also requires a launcher. Technically this is optional, but this helps prevent warnings about missing API keys and the launcher is required if you want to use Flash (which I don't recommend). Download: https://github.com/foutrelis/chromium-launcher/archive/v3.tar.gz MD5: bf6c9291237e4090d348ea126d26a9ec Extract the source and compile. Compilation takes less than 0.1 SBU. $ make PREFIX=/usr Install the package. # make PREFIX=/usr install When running Chromium it complains about missing API keys. You can request API keys from http://www.chromium.org/developers/how-tos/api-keys. The keys are only used when communicating with certain Google sites. You can safely disable the use of API keys with the following command. # sed -i "s#exec '/usr/lib/chromium/chromium'#\ \# Disable missing API keys warning message\n\$ENV{GOOGLE_API_KEY} = 'no';\n\ \$ENV{GOOGLE_DEFAULT_CLIENT_ID} = 'no';\n\ \$ENV{GOOGLE_DEFAULT_CLIENT_SECRET} = 'no';\n\ \nexec '/usr/lib/chromium/chromium'#" /usr/bin/chromium 3. Compilation ============== Extract the chromium source tarball, change directory to the extracted source and prepare for building. First make sure to use the system installed python2. $ export PATH="$PWD/python2-path:$PATH" $ find . -name '*.py' -exec sed -i -r 's|/usr/bin/python$|&2|g' {} + $ mkdir python2-path $ ln -s /usr/bin/python2 python2-path/python Create an empty testfile to prevent compilation failure. See https://groups.google.com/a/chromium.org/d/topic/chromium-packagers 9JX1N2nf4PU/discussion $ touch chrome/test/data/webui/i18n_process_css_test.html Make sure to use the system version of ICU by deleting the ICU files from the source directory. $ find third_party/icu -type f \! -regex '.*\.\(gyp\|gypi\|isolate\)' -delete To use the system installed ffmpeg version use the following patch. Place it in the builddir (..) Download: http://ltsp.mirrors.tds.net/pub/gentoo-portage/www-client/chromium files/chromium-system-ffmpeg-r0.patch MD5: 5b580bc4db44d20d433697460f20cf8b $ patch -Np1 -i ../chromium-system-ffmpeg-r0.patch Compilation options can be set by providing an array to the ninja build program. Enter the following command, this is only tested in Bash, but should probably work in other shells as well. _chromium_conf=( -Dwerror= -Dclang=0 -Dpython_ver=2.7 -Dlinux_link_gsettings=1 -Dlinux_link_libpci=1 -Dlinux_link_libspeechd=0 -Duse_kerberos=0 -Duse_pulseaudio=0 -Dlinux_strip_binary=1 -Dlinux_use_bundled_binutils=0 -Dlinux_use_bundled_gold=0 -Dlinux_use_gold_flags=0 -Dicu_use_data_file_flag=0 -Dlogging_like_official_build=1 -Drelease_extra_cflags="$CFLAGS" -Dffmpeg_branding=Chrome -Dproprietary_codecs=1 -Duse_gnome_keyring=0 -Duse_system_bzip2=1 -Duse_system_flac=1 -Duse_system_ffmpeg=1 -Duse_system_harfbuzz=1 -Duse_system_icu=1 -Duse_system_libevent=1 -Duse_system_libjpeg=1 -Duse_system_libpng=1 -Duse_system_libvpx=1 -Duse_system_libxml=1 -Duse_system_libxslt=1 -Duse_system_minizip=1 -Duse_system_snappy=0 -Duse_system_xdg_utils=1 -Duse_system_yasm=1 -Duse_system_zlib=1 -Duse_mojo=0 -Duse_gconf=0 -Ddisable_fatal_linker_warnings=1 -Ddisable_glibc=1 -Ddisable_nacl=1 -Denable_webrtc=0 -Dtracing_like_official_build=1 -Dfieldtrial_testing_like_official_build=1 -Ddisable_pnacl=1) Most options should be self explanatory. Some options are sparsely documented online or mentioned in the source. Some notable options: - Denable_webrtc=0. Set this to 1 to enable webrtc, this has certain security implications, see Wikipedia for example for a discussion. - Ddisable_glibc=1. This disables Chromium from compiling some internal glibc code, which is already on the LFS system. - Duse_pulseaudio=0. Set to 1 if PulseAudio is installed. Finally, the package is ready for compilation, which takes a long time. Make sure the compiled ninja package is still available in the parent directory. $ build/linux/unbundle/replace_gyp_files.py "${_chromium_conf[@]}" $ build/gyp_chromium --depth=. "${_chromium_conf[@]}" $ ../ninja-1.6.0/ninja -C out/Release chrome chrome_sandbox chromedriver Ignore the errors that state: "builds involving this target will not be correct" 4. Installation =============== There is no "make install", installation requires copying the compiled files to some system location. I choose /usr/lib/chromium, which makes upgrading easy by removing /usr/lib/chromium and installing the new files. You might want to use a versioned directory, such as /usr/lib/chromium-46.0.2490.86 which is more consistent with LFS. Personally, I create a zip of the compiled Chromium package so I can easily install it on multiple systems. From the compiled source directory run these commands. $ CVERSION=46.0.2490.86 $ mkdir -p ../chromium-$CVERSION-compiled/{chromium,man} $ cp out/Release/chrome ../chromium-$CVERSION-compiled/chromium/chromium $ cp out/Release/chrome_sandbox \ ../chromium-$CVERSION-compiled/chromium/chrome-sandbox $ cp out/Release/chromedriver ../chromium-$CVERSION-compiled/chromium $ cp out/Release/{*.pak,*.bin} ../chromium-$CVERSION-compiled/chromium $ cp -r out/Release/locales ../chromium-$CVERSION-compiled/chromium $ cp out/Release/chrome.1 ../chromium-$CVERSION-compiled/man $ cd .. $ tar cJvf chromium-$CVERSION-compiled.tar.xz chromium-$CVERSION-compiled $ rm -fr chromium-$CVERSION-compiled The resulting package can be installed on multiple systems, as long as each system has the same dependencies installed and you use generic CFLAGS when compiling, such as "-march=x86-64 -O2 -pipe" Install the package as root: # CVERSION=46.0.2490.86 # tar Jxf chromium-$CVERSION-compiled.tar.xz # cd chromium-$CVERSION-compiled # mv chromium /usr/lib Make sure root owns everything in the install dir: # chown root:root /usr/lib/chromium -R Set the Chromium sandbox setuid, although this might seem counter intuitive this helps Chromium drop privileges after starting. # chmod 4755 /usr/lib/chromium/chrome-sandbox Install the man page # install -Dm644 man/chrome.1 /usr/share/man/man1/chromium.1 Finally, create /usr/share/applications/chromium.desktop with 644 permissions. This is optional but makes Chromium show up in your Desktop Environment. You can use the desktop file provided by Arch Linux: https://projects.archlinux.org/svntogit/packages.git/plain trunk/chromium.desktop?h=packages/chromium 5. Checks ========= Open Chromium and type in this URL: chrome://sandbox The page should say: "You are adequately sandboxed." On my system every setting is on Yes, except the Namespace Sandbox. If you haven't enabled the YAMA security settings in your kernel config this settings is "No" as well. 6. Privacy ========== Unfortunately Chromium includes some code that might violate your privacy. For example, the URL bar sends an identifier to Google to search for the geographically closest search provider. Users may not be comfortable with Chromium contacting Google or other companies. To prevent this you can use the Inox patchset, which provides a set of patches to increase privacy. These patches can be applied after decompressing the source. The author also recommends some changes to the _chromium_conf variable. I've tested Chromium with and without these patches and settings, both work fine. https://github.com/gcarq/inox-patchset An alternative is the Iridium browser which does something similar and is a fork of Chromium. I have no experience with this browser. ACKNOWLEDGEMENTS: * Arch Linux Chromium package maintainers * Gentoo Chromium package maintainers -------------------------------------------------------------------------------- CHANGELOG: [2015-11-26] * Initial revision.
-- http://lists.linuxfromscratch.org/listinfo/hints FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
