Iteration 3 close — F GREEN, A reproduced + diagnosed for iter4
Phase 1 locked F (Firefox RDD sandbox verify-by-patch) and A (frame-11
EINVAL diagnose) running in parallel on a single firefox-fourier build.
Track F: GREEN. Patched Firefox 150.0.1 (firefox-fourier, pkgrel=1.1)
launches on ohm WITHOUT MOZ_DISABLE_RDD_SANDBOX=1 and engages our
libva-v4l2-request backend end-to-end. Three patches needed (Phase 2
identified one and deferred two):
- Broker policy (SandboxBrokerPolicyFactory.cpp): allow /dev/media*,
extend cap-filter to admit stateless decoders that lack M2M caps.
- Seccomp policy (SandboxFilter.cpp): allow ioctl magic byte '|'
for <linux/media.h> request-API ioctls.
- Driver (media.c): replace select() with poll() — Mozilla's RDD
seccomp common policy admits poll/ppoll/epoll_* but not
select/pselect6. Driver-side fix preferred; smaller surface,
portable across sandbox policies, and poll() is the modern API.
Track A: REPRODUCES + DIAGNOSED. Frame-11 EINVAL fires deterministically
on a single-slice P-frame (slice_type=0, frame_num=5, post-IDR) — the
exact iter1/iter2 carryover signature, confirming it isn't environmental.
Y2 instrumentation (in v4l2_ioctl_controls) now logs num_controls /
error_idx / per-control id+size on EINVAL. Sizes match kernel UAPI;
error_idx == num_controls is the kernel's "all bad / no specific control"
sentinel — it's a request-level rejection, not a single-field violation.
Fix is iter4's lock; rig + Y2 in place for fast iter4 turnaround.
Build infrastructure introduced: firefox-fourier LXD container on
boltzmann (RK3588 aarch64, persistent, ssh -J boltzmann
builder@firefox-fourier). Upstream Arch x86_64 wasi packages installed
to work around 4-year-stale ALARM versions. PGO generation crashes at
exit (LXC has no display); obj/dist/ tarball used as the deployable
artifact instead of the pacman package.
Phase 6 surprises captured in phase6_iter3_findings.md: malformed
first-cut patch (descriptive vs numeric hunk headers), --enable-v4l2
isn't a Mozilla 150 flag (auto-set on aarch64+GTK), Mozilla 2025 PGP
key rotation, ALARM-stale wasi, onnxruntime missing in ALARM, and the
"no tricks" lesson (revert workarounds first when redirected).
Carries to iter4 substrate: Track A fix is the natural lock; mpv
libplacebo --vo=gpu segfault stays as separate iter4 candidate.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -0,0 +1,149 @@
|
||||
# firefox-fourier PKGBUILD overlay
|
||||
|
||||
Verified working sequence on `boltzmann` LXD container `firefox-fourier`, 2026-05-05.
|
||||
|
||||
## Strategy
|
||||
|
||||
We do NOT fork mozilla-central. We layer a single-file patch on top of the upstream Arch Linux `firefox` PKGBUILD using AUR-style `source=()` + `prepare()` injection. This gives:
|
||||
|
||||
- All build deps managed by pacman/makepkg
|
||||
- Arch's already-validated mozconfig
|
||||
- A `pacman -U` installable result on ohm
|
||||
- `makepkg -e` semantics for fast iteration
|
||||
|
||||
**`pkgname` stays `firefox`.** We bump `pkgrel=1` → `pkgrel=1.1` to mark our build, which lets pacman vercmp distinguish it from stock. Renaming `pkgname` would have rippled through ~30 `$pkgname` references in package() (companion files, branding paths, gnome-shell search provider) — the rel-bump approach is far cleaner and pacman -U replaces stock firefox naturally.
|
||||
|
||||
## Source of upstream PKGBUILD
|
||||
|
||||
`https://gitlab.archlinux.org/archlinux/packaging/packages/firefox/-/raw/main/PKGBUILD`
|
||||
|
||||
Verified 2026-05-04: returns firefox 150.0.1-1 PKGBUILD with `arch=(x86_64)`. ALARM does not fork it; ALARM's build farm builds straight from upstream Arch with `arch=` widened to include aarch64.
|
||||
|
||||
## Bootstrap
|
||||
|
||||
The reproducible bootstrap script is `bootstrap.sh` in this directory. It:
|
||||
|
||||
1. Installs `pacman-contrib` if missing (for `updpkgsums`)
|
||||
2. Fetches upstream PKGBUILD + companion source files into `/build/aur/firefox-fourier/`
|
||||
3. Copies our patch in as `0005-rdd-allow-stateless-v4l2-request-api.patch`
|
||||
4. Applies five overlay edits in place:
|
||||
- `pkgrel=1` → `pkgrel=1.1`
|
||||
- `arch=(x86_64)` → `arch=(x86_64 aarch64)`
|
||||
- Our patch added to `source=()` after the existing 0004 entry
|
||||
- Our patch added to `prepare()` after the 0004 patch application
|
||||
- `onnxruntime` removed from `makedepends` and `optdepends`, plus the `ln -srv libonnxruntime.so` line removed from `package()` — onnxruntime is not in ALARM aarch64; it's only used by Firefox's optional ML smart-tab-groups feature, not on the V4L2 path.
|
||||
5. Runs `updpkgsums` to regenerate sha256/b2 sums for our new patch
|
||||
6. Validates with `bash -n PKGBUILD`
|
||||
|
||||
Run inside the container as `builder`:
|
||||
|
||||
```bash
|
||||
ssh -J boltzmann builder@firefox-fourier
|
||||
chmod +x ~/firefox-fourier/bootstrap.sh
|
||||
~/firefox-fourier/bootstrap.sh
|
||||
```
|
||||
|
||||
## Prerequisite gap (ALARM-stale wasi packages)
|
||||
|
||||
ALARM extra ships wasi packages from 2021 (sdk-13 era, `wasm32-wasi` triple). Mozilla 150 + clang 22 use the `wasm32-wasip1` triple. Before our build can configure, install upstream Arch x86_64 wasi packages — they're `arch=any` so the `.pkg.tar.zst` is identical across architectures:
|
||||
|
||||
```bash
|
||||
sudo pacman -U \
|
||||
https://geo.mirror.pkgbuild.com/extra/os/x86_64/wasi-libc-1:0+592+161b3195-1-any.pkg.tar.zst \
|
||||
https://geo.mirror.pkgbuild.com/extra/os/x86_64/wasi-compiler-rt-22.1.0-2-any.pkg.tar.zst \
|
||||
https://geo.mirror.pkgbuild.com/extra/os/x86_64/wasi-libc++-22.1.0-1-any.pkg.tar.zst \
|
||||
https://geo.mirror.pkgbuild.com/extra/os/x86_64/wasi-libc++abi-22.1.0-1-any.pkg.tar.zst
|
||||
```
|
||||
|
||||
(The container had this done by his subagent on 2026-05-05; the four packages are cached at `/build/aur/wasi/upstream-any/`.)
|
||||
|
||||
Verify:
|
||||
|
||||
```bash
|
||||
ls /usr/lib/clang/22/lib/wasm32-unknown-wasip1/libclang_rt.builtins.a \
|
||||
/usr/share/wasi-sysroot/lib/wasm32-wasip1/crt1.o
|
||||
```
|
||||
|
||||
Both must exist before the firefox build can pass configure.
|
||||
|
||||
## Build
|
||||
|
||||
```bash
|
||||
cd /build/aur/firefox-fourier
|
||||
nohup makepkg --syncdeps --skippgpcheck --noconfirm --nocheck \
|
||||
> build.log 2>&1 < /dev/null &
|
||||
disown
|
||||
```
|
||||
|
||||
Why `--skippgpcheck`: Mozilla rotated their release-signing key in 2025 (5ECB6497C1A20256). The upstream Arch PKGBUILD's `validpgpkeys=()` array still has the old key. Skipping PGP does NOT weaken the build — sha256+blake2b sums on the source tarball are still verified, and the tarball is fetched over HTTPS from archive.mozilla.org.
|
||||
|
||||
The `--enable-v4l2` mozconfig flag does NOT exist in Mozilla 150. `MOZ_ENABLE_V4L2` is auto-set in `toolkit/moz.configure:643` when target.cpu is arm/aarch64/riscv64 and toolkit is GTK. Adding `ac_add_options --enable-v4l2` causes `mozbuild.configure.options.InvalidOptionError`. Don't add it.
|
||||
|
||||
Build time on boltzmann RK3588: 1.5–2.5 hours (8 cores, parallel C++ + one big rustc).
|
||||
|
||||
## Resulting package
|
||||
|
||||
```
|
||||
firefox-150.0.1-1.1-aarch64.pkg.tar.zst (~80 MB)
|
||||
```
|
||||
|
||||
(pkgname stayed `firefox`, the 1.1 in the filename is our pkgrel bump.)
|
||||
|
||||
## What `makepkg -e` skips
|
||||
|
||||
From `man makepkg`:
|
||||
|
||||
> -e, --noextract: Do not extract source files; use whatever source already exists in the src/ directory.
|
||||
|
||||
For our flow:
|
||||
- First build: `makepkg --skippgpcheck` (extract → patch → configure → compile → package)
|
||||
- After tweaking source under `src/firefox-150.0.1/...`: `makepkg -e --skippgpcheck` (skips extract AND prepare)
|
||||
- For .patch text changes: `makepkg -C --skippgpcheck` (full cleanbuild)
|
||||
|
||||
This squares with the user guidance: "if an aur package is the basis, remember to skip re-extraction and patching (makepkg -e) on rebuilds".
|
||||
|
||||
## Validation gates
|
||||
|
||||
Pre-build:
|
||||
- `bash -n PKGBUILD` — syntax check
|
||||
- `patch -Np1 --dry-run -i 0005-rdd-allow-stateless-v4l2-request-api.patch` from inside `src/firefox-150.0.1/` — confirm patch applies cleanly. The patch uses proper `@@ -line,count +line,count @@` headers, regenerated against firefox-150.0.1's actual SandboxBrokerPolicyFactory.cpp.
|
||||
|
||||
Post-configure (~0:30 elapsed in build.log):
|
||||
- `0:28.86 checking the wasm C linker can find wasi libraries... yes`
|
||||
- `0:29.19 checking the wasm C++ linker can find wasi libraries... yes`
|
||||
|
||||
If either says `no`, the wasi sysroot install above didn't take.
|
||||
|
||||
## Deployment to ohm
|
||||
|
||||
After successful build in the container:
|
||||
|
||||
```bash
|
||||
# Pull package out of container onto boltzmann host:
|
||||
ssh boltzmann lxc file pull \
|
||||
firefox-fourier/build/aur/firefox-fourier/firefox-150.0.1-1.1-aarch64.pkg.tar.zst /tmp/
|
||||
|
||||
# scp to ohm (operator powers ohm on first):
|
||||
scp /tmp/firefox-150.0.1-1.1-aarch64.pkg.tar.zst mfritsche@ohm.fritz.box:/tmp/
|
||||
|
||||
# Install on ohm — replaces stock firefox 150.0.1-1 with our 150.0.1-1.1:
|
||||
ssh mfritsche@ohm.fritz.box "sudo pacman -U /tmp/firefox-150.0.1-1.1-aarch64.pkg.tar.zst"
|
||||
|
||||
# Verify:
|
||||
ssh mfritsche@ohm.fritz.box "firefox --version && pacman -Q firefox"
|
||||
# Expect: Mozilla Firefox 150.0.1
|
||||
# firefox 150.0.1-1.1
|
||||
```
|
||||
|
||||
Post-install on ohm, optionally pin against accidental upgrade:
|
||||
```bash
|
||||
echo "IgnorePkg = firefox" | sudo tee -a /etc/pacman.conf
|
||||
```
|
||||
|
||||
## File inventory
|
||||
|
||||
| File | Purpose |
|
||||
|---|---|
|
||||
| `PKGBUILD-overlay.md` | This document |
|
||||
| `bootstrap.sh` | Reproducible PKGBUILD overlay script (run inside container) |
|
||||
| `0001-rdd-allow-stateless-v4l2-request-api.patch` | The patch (campaign-side filename; renamed to `0005-...` when staged in container alongside upstream's 0001-0004) |
|
||||
Reference in New Issue
Block a user