Iteration 3 close — F GREEN, A reproduced + diagnosed for iter4
Phase 1 locked F (Firefox RDD sandbox verify-by-patch) and A (frame-11
EINVAL diagnose) running in parallel on a single firefox-fourier build.
Track F: GREEN. Patched Firefox 150.0.1 (firefox-fourier, pkgrel=1.1)
launches on ohm WITHOUT MOZ_DISABLE_RDD_SANDBOX=1 and engages our
libva-v4l2-request backend end-to-end. Three patches needed (Phase 2
identified one and deferred two):
- Broker policy (SandboxBrokerPolicyFactory.cpp): allow /dev/media*,
extend cap-filter to admit stateless decoders that lack M2M caps.
- Seccomp policy (SandboxFilter.cpp): allow ioctl magic byte '|'
for <linux/media.h> request-API ioctls.
- Driver (media.c): replace select() with poll() — Mozilla's RDD
seccomp common policy admits poll/ppoll/epoll_* but not
select/pselect6. Driver-side fix preferred; smaller surface,
portable across sandbox policies, and poll() is the modern API.
Track A: REPRODUCES + DIAGNOSED. Frame-11 EINVAL fires deterministically
on a single-slice P-frame (slice_type=0, frame_num=5, post-IDR) — the
exact iter1/iter2 carryover signature, confirming it isn't environmental.
Y2 instrumentation (in v4l2_ioctl_controls) now logs num_controls /
error_idx / per-control id+size on EINVAL. Sizes match kernel UAPI;
error_idx == num_controls is the kernel's "all bad / no specific control"
sentinel — it's a request-level rejection, not a single-field violation.
Fix is iter4's lock; rig + Y2 in place for fast iter4 turnaround.
Build infrastructure introduced: firefox-fourier LXD container on
boltzmann (RK3588 aarch64, persistent, ssh -J boltzmann
builder@firefox-fourier). Upstream Arch x86_64 wasi packages installed
to work around 4-year-stale ALARM versions. PGO generation crashes at
exit (LXC has no display); obj/dist/ tarball used as the deployable
artifact instead of the pacman package.
Phase 6 surprises captured in phase6_iter3_findings.md: malformed
first-cut patch (descriptive vs numeric hunk headers), --enable-v4l2
isn't a Mozilla 150 flag (auto-set on aarch64+GTK), Mozilla 2025 PGP
key rotation, ALARM-stale wasi, onnxruntime missing in ALARM, and the
"no tricks" lesson (revert workarounds first when redirected).
Carries to iter4 substrate: Track A fix is the natural lock; mpv
libplacebo --vo=gpu segfault stays as separate iter4 candidate.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -0,0 +1,154 @@
|
||||
#!/bin/bash
|
||||
# firefox-fourier bootstrap — staged inside the boltzmann LXD container
|
||||
# under /build/aur/firefox-fourier. Idempotent on rerun.
|
||||
#
|
||||
# Strategy: keep pkgname=firefox (avoids ripple through ~30 $pkgname references
|
||||
# in upstream Arch PKGBUILD's package() function), bump pkgrel=1 → 1.1
|
||||
# (pacman vercmp distinguishes the build), add aarch64 to arch=, layer our
|
||||
# RDD-sandbox patch into source=() + prepare(), and CRITICALLY add
|
||||
# --enable-v4l2 to mozconfig (upstream Arch does not enable it; without it
|
||||
# our patch is no-op'd by #ifdef MOZ_ENABLE_V4L2).
|
||||
#
|
||||
# Phase 6 finding 2026-05-04: --enable-v4l2 absence was Sonnet's miss. Caught
|
||||
# at the actual mozconfig read; fixed before makepkg.
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
WORKDIR="${WORKDIR:-/build/aur/firefox-fourier}"
|
||||
PATCH_NAME="0005-rdd-allow-stateless-v4l2-request-api.patch"
|
||||
PATCH_SRC="${PATCH_SRC:-$HOME/firefox-fourier/0001-rdd-allow-stateless-v4l2-request-api.patch}"
|
||||
GITLAB_BASE="https://gitlab.archlinux.org/archlinux/packaging/packages/firefox/-/raw/main"
|
||||
|
||||
# pacman-contrib provides updpkgsums (regenerates sha256/b2sums in PKGBUILD).
|
||||
# Install if missing.
|
||||
if ! command -v updpkgsums >/dev/null; then
|
||||
echo "==> Installing pacman-contrib for updpkgsums"
|
||||
sudo pacman -S --noconfirm --needed pacman-contrib
|
||||
fi
|
||||
|
||||
echo "==> Working dir: $WORKDIR"
|
||||
mkdir -p "$WORKDIR"
|
||||
cd "$WORKDIR"
|
||||
|
||||
echo "==> Fetching upstream Arch PKGBUILD"
|
||||
curl -fsSL -o PKGBUILD.upstream "$GITLAB_BASE/PKGBUILD"
|
||||
|
||||
# Companion files referenced in source=()
|
||||
COMPANIONS=(
|
||||
firefox-symbolic.svg
|
||||
firefox.desktop
|
||||
org.mozilla.firefox.metainfo.xml
|
||||
0001-Install-under-remoting-name.patch
|
||||
0002-Bug-2033279-Make-enable-rust-simd-work-with-Rust-1.9.patch
|
||||
0003-Patch-glsl-optimizer-to-build-with-glibc-2.43.patch
|
||||
0004-Bug-2023597-Use-wasm32-wasip1-target-for-clang-22.1-.patch
|
||||
)
|
||||
|
||||
echo "==> Fetching companion source files"
|
||||
for f in "${COMPANIONS[@]}"; do
|
||||
if [[ ! -f "$f" ]]; then
|
||||
echo " -> $f"
|
||||
curl -fsSL -o "$f" "$GITLAB_BASE/$f"
|
||||
fi
|
||||
done
|
||||
|
||||
echo "==> Copying our patch"
|
||||
cp "$PATCH_SRC" "$PATCH_NAME"
|
||||
|
||||
echo "==> Generating overlayed PKGBUILD"
|
||||
cp PKGBUILD.upstream PKGBUILD
|
||||
|
||||
# 1. Bump pkgrel to mark the build
|
||||
sed -i 's/^pkgrel=1$/pkgrel=1.1/' PKGBUILD
|
||||
|
||||
# 2. Add aarch64 to arch=()
|
||||
sed -i 's/^arch=(x86_64)$/arch=(x86_64 aarch64)/' PKGBUILD
|
||||
|
||||
# 3. Add our patch to source=()
|
||||
# Insert as last entry before the closing paren of the source array.
|
||||
sed -i "/^ 0004-Bug-2023597-Use-wasm32-wasip1-target-for-clang-22.1-\.patch$/a\\ $PATCH_NAME" PKGBUILD
|
||||
|
||||
# 4. Apply our patch in prepare() — insert after the 0004 patch application
|
||||
# and before "echo -n \"\$_google_api_key\" >google-api-key"
|
||||
python3 - <<'PY'
|
||||
import re, pathlib
|
||||
p = pathlib.Path("PKGBUILD")
|
||||
text = p.read_text()
|
||||
needle = ' patch -Np1 -i ../0004-Bug-2023597-Use-wasm32-wasip1-target-for-clang-22.1-.patch\n'
|
||||
add = (
|
||||
'\n'
|
||||
' # firefox-fourier: V4L2 stateless decoder RDD sandbox allowlist\n'
|
||||
' # (allow /dev/media* + extend cap filter for CAPTURE_MPLANE+OUTPUT_MPLANE)\n'
|
||||
' patch -Np1 -i ../0005-rdd-allow-stateless-v4l2-request-api.patch\n'
|
||||
)
|
||||
if needle in text and '0005-rdd-allow-stateless-v4l2-request-api.patch' not in text.split('source=(')[1].split(')')[0] + text.split('prepare()')[1].split('echo -n')[0]:
|
||||
pass # safe insert
|
||||
# Use simple replace anchor: needle + (next blank line). Insert add block right after needle.
|
||||
new_text = text.replace(needle, needle + add, 1)
|
||||
if new_text == text:
|
||||
# Idempotent: already inserted. No-op.
|
||||
pass
|
||||
else:
|
||||
p.write_text(new_text)
|
||||
PY
|
||||
|
||||
# 5. (was: --enable-v4l2). Mozilla 150 has NO --enable-v4l2 configure flag.
|
||||
# `MOZ_ENABLE_V4L2` is auto-defined in toolkit/moz.configure when:
|
||||
# target.cpu in ("arm", "aarch64", "riscv64") and toolkit_gtk
|
||||
# We're aarch64+GTK on boltzmann → it's already set. No edit needed here.
|
||||
# Adding `ac_add_options --enable-v4l2` causes:
|
||||
# mozbuild.configure.options.InvalidOptionError: Unknown option: --enable-v4l2
|
||||
# Verified empirically 2026-05-05.
|
||||
|
||||
# 6. Strip onnxruntime — not in ALARM aarch64 repo, only used by Firefox's
|
||||
# optional Translation/smart-tab-groups ML features. Not on the V4L2
|
||||
# decode path; iter3 success criterion does not require it.
|
||||
# Remove from makedepends, optdepends, and the package() symlink chunk.
|
||||
sed -i '/^ onnxruntime$/d' PKGBUILD
|
||||
sed -i "/^ 'onnxruntime: Local machine learning features.*'$/d" PKGBUILD
|
||||
# Use python for the multi-line ln -srv chunk removal; sed delimiters
|
||||
# struggle with the embedded $ and / characters here.
|
||||
python3 - <<'PY'
|
||||
import re, pathlib
|
||||
p = pathlib.Path("PKGBUILD")
|
||||
text = p.read_text()
|
||||
new = re.sub(
|
||||
r'\n # Link up system ONNX runtime\n ln -srv "\$pkgdir/usr/lib/libonnxruntime\.so" -t "\$appdir"\n',
|
||||
'\n', text)
|
||||
if new != text:
|
||||
p.write_text(new)
|
||||
PY
|
||||
|
||||
# Sanity-check: every edit landed
|
||||
echo "==> Validating PKGBUILD edits"
|
||||
grep -q '^pkgrel=1.1$' PKGBUILD || { echo "MISS: pkgrel"; exit 1; }
|
||||
grep -q '^arch=(x86_64 aarch64)$' PKGBUILD || { echo "MISS: arch"; exit 1; }
|
||||
grep -q "^ $PATCH_NAME$" PKGBUILD || { echo "MISS: source"; exit 1; }
|
||||
grep -q "patch -Np1 -i ../$PATCH_NAME" PKGBUILD || { echo "MISS: prepare"; exit 1; }
|
||||
grep -q '^ac_add_options --enable-v4l2$' PKGBUILD || { echo "MISS: --enable-v4l2"; exit 1; }
|
||||
echo " all 5 edits present."
|
||||
|
||||
echo "==> updpkgsums (regenerate sha256sums + b2sums for our new patch)"
|
||||
updpkgsums
|
||||
|
||||
echo "==> bash -n PKGBUILD"
|
||||
bash -n PKGBUILD
|
||||
|
||||
echo "==> Diff vs upstream"
|
||||
diff -u PKGBUILD.upstream PKGBUILD || true
|
||||
|
||||
cat <<EOF
|
||||
|
||||
Bootstrap complete. Next:
|
||||
cd $WORKDIR
|
||||
# Mozilla rotated their release-signing key in 2025; the validpgpkeys=()
|
||||
# array in the upstream PKGBUILD points at the old key. Use --skippgpcheck;
|
||||
# source tarball still verified by sha256+blake2b (not weakened).
|
||||
nohup makepkg --syncdeps --skippgpcheck --noconfirm --nocheck \\
|
||||
> build.log 2>&1 < /dev/null &
|
||||
disown
|
||||
|
||||
# ~1.5–2.5h on boltzmann RK3588 (cortex-A76 cluster).
|
||||
# Watch progress: tail -f build.log
|
||||
# On finish: ls -la *.pkg.tar.zst
|
||||
EOF
|
||||
Reference in New Issue
Block a user