1 |
>> > I don't get it then. Does anyone know why I can't compile Firefox |
2 |
>> > as described in the link above? This sums it up: |
3 |
>> > |
4 |
>> > "firefox-9.0 ebuild stalls at the install phase while xpcshell |
5 |
>> > command tops CPU usage for hours." |
6 |
>> > |
7 |
>> > Although xpcshell doesn't use any CPU for me. It just sits there |
8 |
>> > and the install phase doesn't proceed. |
9 |
>> > |
10 |
>> > - Grant |
11 |
>> |
12 |
>> I can compile Icecat with a customized ebuild. since it's basically |
13 |
>> the same as Firefox, maybe that helps. Basically it disables jit. |
14 |
>> |
15 |
> |
16 |
> You can't compile it on a grsec kernel because of this bug: :) |
17 |
> https://bugs.gentoo.org/show_bug.cgi?id=396275 |
18 |
> |
19 |
> It's odd that it hangs at xpcshell for you as it's already paxmarked in the |
20 |
> ebuild... |
21 |
> |
22 |
> Anyway, I'd suggest: |
23 |
> |
24 |
> 1) keyword firefox so you can get the latest one, which currently is the |
25 |
> 10.0.1. I'm not sure if the security patches between 9.0.1 and 10.0.1 have |
26 |
> been backported. AFAIK, Firefox-10.0.1 from the ebuild in portage tree will |
27 |
> compile just fine on hardened. |
28 |
|
29 |
10.0.1 fails the same way unfortunately. |
30 |
|
31 |
- Grant |
32 |
|
33 |
|
34 |
> 2) As suggested, disabling JIT will do the trick and it seems like recent |
35 |
> versions of Firefox can actually have it disabled properly. So the ebuild for |
36 |
> icecat/firefox will work for you, you just need this in src_configure() : |
37 |
> |
38 |
> if use pax_kernel; then |
39 |
> mozconfig_annotate '' --disable-methodjit |
40 |
> mozconfig_annotate '' --disable-tracejit |
41 |
> fi |
42 |
> |
43 |
> 3) the other benefit of disabling jit completely is that you can now disable |
44 |
> the paxmarking turning MPROTECT off and benefit from properfly enforced W^X pages |
45 |
> :) Unless you want to use FF for flash or java that is... ;) |