marfrit/libva-multiplanar
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
libva-multiplanar/firefox-fourier/PKGBUILD-overlay.md
T
marfrit f91469abe3 Iteration 3 close — F GREEN, A reproduced + diagnosed for iter4 
Phase 1 locked F (Firefox RDD sandbox verify-by-patch) and A (frame-11
EINVAL diagnose) running in parallel on a single firefox-fourier build.

Track F: GREEN. Patched Firefox 150.0.1 (firefox-fourier, pkgrel=1.1)
launches on ohm WITHOUT MOZ_DISABLE_RDD_SANDBOX=1 and engages our
libva-v4l2-request backend end-to-end. Three patches needed (Phase 2
identified one and deferred two):
  - Broker policy (SandboxBrokerPolicyFactory.cpp): allow /dev/media*,
    extend cap-filter to admit stateless decoders that lack M2M caps.
  - Seccomp policy (SandboxFilter.cpp): allow ioctl magic byte '|'
    for <linux/media.h> request-API ioctls.
  - Driver (media.c): replace select() with poll() — Mozilla's RDD
    seccomp common policy admits poll/ppoll/epoll_* but not
    select/pselect6. Driver-side fix preferred; smaller surface,
    portable across sandbox policies, and poll() is the modern API.

Track A: REPRODUCES + DIAGNOSED. Frame-11 EINVAL fires deterministically
on a single-slice P-frame (slice_type=0, frame_num=5, post-IDR) — the
exact iter1/iter2 carryover signature, confirming it isn't environmental.
Y2 instrumentation (in v4l2_ioctl_controls) now logs num_controls /
error_idx / per-control id+size on EINVAL. Sizes match kernel UAPI;
error_idx == num_controls is the kernel's "all bad / no specific control"
sentinel — it's a request-level rejection, not a single-field violation.
Fix is iter4's lock; rig + Y2 in place for fast iter4 turnaround.

Build infrastructure introduced: firefox-fourier LXD container on
boltzmann (RK3588 aarch64, persistent, ssh -J boltzmann
builder@firefox-fourier). Upstream Arch x86_64 wasi packages installed
to work around 4-year-stale ALARM versions. PGO generation crashes at
exit (LXC has no display); obj/dist/ tarball used as the deployable
artifact instead of the pacman package.

Phase 6 surprises captured in phase6_iter3_findings.md: malformed
first-cut patch (descriptive vs numeric hunk headers), --enable-v4l2
isn't a Mozilla 150 flag (auto-set on aarch64+GTK), Mozilla 2025 PGP
key rotation, ALARM-stale wasi, onnxruntime missing in ALARM, and the
"no tricks" lesson (revert workarounds first when redirected).

Carries to iter4 substrate: Track A fix is the natural lock; mpv
libplacebo --vo=gpu segfault stays as separate iter4 candidate.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-05 12:56:34 +00:00

150 lines
6.6 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# firefox-fourier PKGBUILD overlay
Verified working sequence on `boltzmann` LXD container `firefox-fourier`, 2026-05-05.
## Strategy
We do NOT fork mozilla-central. We layer a single-file patch on top of the upstream Arch Linux `firefox` PKGBUILD using AUR-style `source=()` + `prepare()` injection. This gives:
- All build deps managed by pacman/makepkg
- Arch's already-validated mozconfig
- A `pacman -U` installable result on ohm
- `makepkg -e` semantics for fast iteration
**`pkgname` stays `firefox`.** We bump `pkgrel=1``pkgrel=1.1` to mark our build, which lets pacman vercmp distinguish it from stock. Renaming `pkgname` would have rippled through ~30 `$pkgname` references in package() (companion files, branding paths, gnome-shell search provider) — the rel-bump approach is far cleaner and pacman -U replaces stock firefox naturally.
## Source of upstream PKGBUILD
`https://gitlab.archlinux.org/archlinux/packaging/packages/firefox/-/raw/main/PKGBUILD`
Verified 2026-05-04: returns firefox 150.0.1-1 PKGBUILD with `arch=(x86_64)`. ALARM does not fork it; ALARM's build farm builds straight from upstream Arch with `arch=` widened to include aarch64.
## Bootstrap
The reproducible bootstrap script is `bootstrap.sh` in this directory. It:
1. Installs `pacman-contrib` if missing (for `updpkgsums`)
2. Fetches upstream PKGBUILD + companion source files into `/build/aur/firefox-fourier/`
3. Copies our patch in as `0005-rdd-allow-stateless-v4l2-request-api.patch`
4. Applies five overlay edits in place:
- `pkgrel=1``pkgrel=1.1`
- `arch=(x86_64)``arch=(x86_64 aarch64)`
- Our patch added to `source=()` after the existing 0004 entry
- Our patch added to `prepare()` after the 0004 patch application
- `onnxruntime` removed from `makedepends` and `optdepends`, plus the `ln -srv libonnxruntime.so` line removed from `package()` — onnxruntime is not in ALARM aarch64; it's only used by Firefox's optional ML smart-tab-groups feature, not on the V4L2 path.
5. Runs `updpkgsums` to regenerate sha256/b2 sums for our new patch
6. Validates with `bash -n PKGBUILD`
Run inside the container as `builder`:
```bash
ssh -J boltzmann builder@firefox-fourier
chmod +x ~/firefox-fourier/bootstrap.sh
~/firefox-fourier/bootstrap.sh
```
## Prerequisite gap (ALARM-stale wasi packages)
ALARM extra ships wasi packages from 2021 (sdk-13 era, `wasm32-wasi` triple). Mozilla 150 + clang 22 use the `wasm32-wasip1` triple. Before our build can configure, install upstream Arch x86_64 wasi packages — they're `arch=any` so the `.pkg.tar.zst` is identical across architectures:
```bash
sudo pacman -U \
https://geo.mirror.pkgbuild.com/extra/os/x86_64/wasi-libc-1:0+592+161b3195-1-any.pkg.tar.zst \
https://geo.mirror.pkgbuild.com/extra/os/x86_64/wasi-compiler-rt-22.1.0-2-any.pkg.tar.zst \
https://geo.mirror.pkgbuild.com/extra/os/x86_64/wasi-libc++-22.1.0-1-any.pkg.tar.zst \
https://geo.mirror.pkgbuild.com/extra/os/x86_64/wasi-libc++abi-22.1.0-1-any.pkg.tar.zst
```
(The container had this done by his subagent on 2026-05-05; the four packages are cached at `/build/aur/wasi/upstream-any/`.)
Verify:
```bash
ls /usr/lib/clang/22/lib/wasm32-unknown-wasip1/libclang_rt.builtins.a \
/usr/share/wasi-sysroot/lib/wasm32-wasip1/crt1.o
```
Both must exist before the firefox build can pass configure.
## Build
```bash
cd /build/aur/firefox-fourier
nohup makepkg --syncdeps --skippgpcheck --noconfirm --nocheck \
> build.log 2>&1 < /dev/null &
disown
```
Why `--skippgpcheck`: Mozilla rotated their release-signing key in 2025 (5ECB6497C1A20256). The upstream Arch PKGBUILD's `validpgpkeys=()` array still has the old key. Skipping PGP does NOT weaken the build — sha256+blake2b sums on the source tarball are still verified, and the tarball is fetched over HTTPS from archive.mozilla.org.
The `--enable-v4l2` mozconfig flag does NOT exist in Mozilla 150. `MOZ_ENABLE_V4L2` is auto-set in `toolkit/moz.configure:643` when target.cpu is arm/aarch64/riscv64 and toolkit is GTK. Adding `ac_add_options --enable-v4l2` causes `mozbuild.configure.options.InvalidOptionError`. Don't add it.
Build time on boltzmann RK3588: 1.52.5 hours (8 cores, parallel C++ + one big rustc).
## Resulting package
```
firefox-150.0.1-1.1-aarch64.pkg.tar.zst (~80 MB)
```
(pkgname stayed `firefox`, the 1.1 in the filename is our pkgrel bump.)
## What `makepkg -e` skips
From `man makepkg`:
> -e, --noextract: Do not extract source files; use whatever source already exists in the src/ directory.
For our flow:
- First build: `makepkg --skippgpcheck` (extract → patch → configure → compile → package)
- After tweaking source under `src/firefox-150.0.1/...`: `makepkg -e --skippgpcheck` (skips extract AND prepare)
- For .patch text changes: `makepkg -C --skippgpcheck` (full cleanbuild)
This squares with the user guidance: "if an aur package is the basis, remember to skip re-extraction and patching (makepkg -e) on rebuilds".
## Validation gates
Pre-build:
- `bash -n PKGBUILD` — syntax check
- `patch -Np1 --dry-run -i 0005-rdd-allow-stateless-v4l2-request-api.patch` from inside `src/firefox-150.0.1/` — confirm patch applies cleanly. The patch uses proper `@@ -line,count +line,count @@` headers, regenerated against firefox-150.0.1's actual SandboxBrokerPolicyFactory.cpp.
Post-configure (~0:30 elapsed in build.log):
- `0:28.86 checking the wasm C linker can find wasi libraries... yes`
- `0:29.19 checking the wasm C++ linker can find wasi libraries... yes`
If either says `no`, the wasi sysroot install above didn't take.
## Deployment to ohm
After successful build in the container:
```bash
# Pull package out of container onto boltzmann host:
ssh boltzmann lxc file pull \
firefox-fourier/build/aur/firefox-fourier/firefox-150.0.1-1.1-aarch64.pkg.tar.zst /tmp/
# scp to ohm (operator powers ohm on first):
scp /tmp/firefox-150.0.1-1.1-aarch64.pkg.tar.zst mfritsche@ohm.fritz.box:/tmp/
# Install on ohm — replaces stock firefox 150.0.1-1 with our 150.0.1-1.1:
ssh mfritsche@ohm.fritz.box "sudo pacman -U /tmp/firefox-150.0.1-1.1-aarch64.pkg.tar.zst"
# Verify:
ssh mfritsche@ohm.fritz.box "firefox --version && pacman -Q firefox"
# Expect: Mozilla Firefox 150.0.1
# firefox 150.0.1-1.1
```
Post-install on ohm, optionally pin against accidental upgrade:
```bash
echo "IgnorePkg = firefox" | sudo tee -a /etc/pacman.conf
```
## File inventory
| File | Purpose |
|---|---|
| `PKGBUILD-overlay.md` | This document |
| `bootstrap.sh` | Reproducible PKGBUILD overlay script (run inside container) |
| `0001-rdd-allow-stateless-v4l2-request-api.patch` | The patch (campaign-side filename; renamed to `0005-...` when staged in container alongside upstream's 0001-0004) |
Reference in New Issue View Git Blame Copy Permalink