marfrit/libva-multiplanar
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bd37b51d8bdf5804b16e333af19958806d46c041
libva-multiplanar/firefox-fourier/PKGBUILD-overlay.md
T
marfrit f91469abe3 Iteration 3 close — F GREEN, A reproduced + diagnosed for iter4 
Phase 1 locked F (Firefox RDD sandbox verify-by-patch) and A (frame-11
EINVAL diagnose) running in parallel on a single firefox-fourier build.

Track F: GREEN. Patched Firefox 150.0.1 (firefox-fourier, pkgrel=1.1)
launches on ohm WITHOUT MOZ_DISABLE_RDD_SANDBOX=1 and engages our
libva-v4l2-request backend end-to-end. Three patches needed (Phase 2
identified one and deferred two):
  - Broker policy (SandboxBrokerPolicyFactory.cpp): allow /dev/media*,
    extend cap-filter to admit stateless decoders that lack M2M caps.
  - Seccomp policy (SandboxFilter.cpp): allow ioctl magic byte '|'
    for <linux/media.h> request-API ioctls.
  - Driver (media.c): replace select() with poll() — Mozilla's RDD
    seccomp common policy admits poll/ppoll/epoll_* but not
    select/pselect6. Driver-side fix preferred; smaller surface,
    portable across sandbox policies, and poll() is the modern API.

Track A: REPRODUCES + DIAGNOSED. Frame-11 EINVAL fires deterministically
on a single-slice P-frame (slice_type=0, frame_num=5, post-IDR) — the
exact iter1/iter2 carryover signature, confirming it isn't environmental.
Y2 instrumentation (in v4l2_ioctl_controls) now logs num_controls /
error_idx / per-control id+size on EINVAL. Sizes match kernel UAPI;
error_idx == num_controls is the kernel's "all bad / no specific control"
sentinel — it's a request-level rejection, not a single-field violation.
Fix is iter4's lock; rig + Y2 in place for fast iter4 turnaround.

Build infrastructure introduced: firefox-fourier LXD container on
boltzmann (RK3588 aarch64, persistent, ssh -J boltzmann
builder@firefox-fourier). Upstream Arch x86_64 wasi packages installed
to work around 4-year-stale ALARM versions. PGO generation crashes at
exit (LXC has no display); obj/dist/ tarball used as the deployable
artifact instead of the pacman package.

Phase 6 surprises captured in phase6_iter3_findings.md: malformed
first-cut patch (descriptive vs numeric hunk headers), --enable-v4l2
isn't a Mozilla 150 flag (auto-set on aarch64+GTK), Mozilla 2025 PGP
key rotation, ALARM-stale wasi, onnxruntime missing in ALARM, and the
"no tricks" lesson (revert workarounds first when redirected).

Carries to iter4 substrate: Track A fix is the natural lock; mpv
libplacebo --vo=gpu segfault stays as separate iter4 candidate.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-05 12:56:34 +00:00

6.6 KiB
Raw Blame History

firefox-fourier PKGBUILD overlay

Verified working sequence on boltzmann LXD container firefox-fourier, 2026-05-05.

Strategy

We do NOT fork mozilla-central. We layer a single-file patch on top of the upstream Arch Linux firefox PKGBUILD using AUR-style source=() + prepare() injection. This gives:

  • All build deps managed by pacman/makepkg
  • Arch's already-validated mozconfig
  • A pacman -U installable result on ohm
  • makepkg -e semantics for fast iteration

pkgname stays firefox. We bump pkgrel=1pkgrel=1.1 to mark our build, which lets pacman vercmp distinguish it from stock. Renaming pkgname would have rippled through ~30 $pkgname references in package() (companion files, branding paths, gnome-shell search provider) — the rel-bump approach is far cleaner and pacman -U replaces stock firefox naturally.

Source of upstream PKGBUILD

https://gitlab.archlinux.org/archlinux/packaging/packages/firefox/-/raw/main/PKGBUILD

Verified 2026-05-04: returns firefox 150.0.1-1 PKGBUILD with arch=(x86_64). ALARM does not fork it; ALARM's build farm builds straight from upstream Arch with arch= widened to include aarch64.

Bootstrap

The reproducible bootstrap script is bootstrap.sh in this directory. It:

  1. Installs pacman-contrib if missing (for updpkgsums)
  2. Fetches upstream PKGBUILD + companion source files into /build/aur/firefox-fourier/
  3. Copies our patch in as 0005-rdd-allow-stateless-v4l2-request-api.patch
  4. Applies five overlay edits in place:
    • pkgrel=1pkgrel=1.1
    • arch=(x86_64)arch=(x86_64 aarch64)
    • Our patch added to source=() after the existing 0004 entry
    • Our patch added to prepare() after the 0004 patch application
    • onnxruntime removed from makedepends and optdepends, plus the ln -srv libonnxruntime.so line removed from package() — onnxruntime is not in ALARM aarch64; it's only used by Firefox's optional ML smart-tab-groups feature, not on the V4L2 path.
  5. Runs updpkgsums to regenerate sha256/b2 sums for our new patch
  6. Validates with bash -n PKGBUILD

Run inside the container as builder:

ssh -J boltzmann builder@firefox-fourier
chmod +x ~/firefox-fourier/bootstrap.sh
~/firefox-fourier/bootstrap.sh

Prerequisite gap (ALARM-stale wasi packages)

ALARM extra ships wasi packages from 2021 (sdk-13 era, wasm32-wasi triple). Mozilla 150 + clang 22 use the wasm32-wasip1 triple. Before our build can configure, install upstream Arch x86_64 wasi packages — they're arch=any so the .pkg.tar.zst is identical across architectures:

sudo pacman -U \
  https://geo.mirror.pkgbuild.com/extra/os/x86_64/wasi-libc-1:0+592+161b3195-1-any.pkg.tar.zst \
  https://geo.mirror.pkgbuild.com/extra/os/x86_64/wasi-compiler-rt-22.1.0-2-any.pkg.tar.zst \
  https://geo.mirror.pkgbuild.com/extra/os/x86_64/wasi-libc++-22.1.0-1-any.pkg.tar.zst \
  https://geo.mirror.pkgbuild.com/extra/os/x86_64/wasi-libc++abi-22.1.0-1-any.pkg.tar.zst

(The container had this done by his subagent on 2026-05-05; the four packages are cached at /build/aur/wasi/upstream-any/.)

Verify:

ls /usr/lib/clang/22/lib/wasm32-unknown-wasip1/libclang_rt.builtins.a \
   /usr/share/wasi-sysroot/lib/wasm32-wasip1/crt1.o

Both must exist before the firefox build can pass configure.

Build

cd /build/aur/firefox-fourier
nohup makepkg --syncdeps --skippgpcheck --noconfirm --nocheck \
  > build.log 2>&1 < /dev/null &
disown

Why --skippgpcheck: Mozilla rotated their release-signing key in 2025 (5ECB6497C1A20256). The upstream Arch PKGBUILD's validpgpkeys=() array still has the old key. Skipping PGP does NOT weaken the build — sha256+blake2b sums on the source tarball are still verified, and the tarball is fetched over HTTPS from archive.mozilla.org.

The --enable-v4l2 mozconfig flag does NOT exist in Mozilla 150. MOZ_ENABLE_V4L2 is auto-set in toolkit/moz.configure:643 when target.cpu is arm/aarch64/riscv64 and toolkit is GTK. Adding ac_add_options --enable-v4l2 causes mozbuild.configure.options.InvalidOptionError. Don't add it.

Build time on boltzmann RK3588: 1.52.5 hours (8 cores, parallel C++ + one big rustc).

Resulting package

firefox-150.0.1-1.1-aarch64.pkg.tar.zst   (~80 MB)

(pkgname stayed firefox, the 1.1 in the filename is our pkgrel bump.)

What makepkg -e skips

From man makepkg:

-e, --noextract: Do not extract source files; use whatever source already exists in the src/ directory.

For our flow:

  • First build: makepkg --skippgpcheck (extract → patch → configure → compile → package)
  • After tweaking source under src/firefox-150.0.1/...: makepkg -e --skippgpcheck (skips extract AND prepare)
  • For .patch text changes: makepkg -C --skippgpcheck (full cleanbuild)

This squares with the user guidance: "if an aur package is the basis, remember to skip re-extraction and patching (makepkg -e) on rebuilds".

Validation gates

Pre-build:

  • bash -n PKGBUILD — syntax check
  • patch -Np1 --dry-run -i 0005-rdd-allow-stateless-v4l2-request-api.patch from inside src/firefox-150.0.1/ — confirm patch applies cleanly. The patch uses proper @@ -line,count +line,count @@ headers, regenerated against firefox-150.0.1's actual SandboxBrokerPolicyFactory.cpp.

Post-configure (~0:30 elapsed in build.log):

  • 0:28.86 checking the wasm C linker can find wasi libraries... yes
  • 0:29.19 checking the wasm C++ linker can find wasi libraries... yes

If either says no, the wasi sysroot install above didn't take.

Deployment to ohm

After successful build in the container:

# Pull package out of container onto boltzmann host:
ssh boltzmann lxc file pull \
  firefox-fourier/build/aur/firefox-fourier/firefox-150.0.1-1.1-aarch64.pkg.tar.zst /tmp/

# scp to ohm (operator powers ohm on first):
scp /tmp/firefox-150.0.1-1.1-aarch64.pkg.tar.zst mfritsche@ohm.fritz.box:/tmp/

# Install on ohm — replaces stock firefox 150.0.1-1 with our 150.0.1-1.1:
ssh mfritsche@ohm.fritz.box "sudo pacman -U /tmp/firefox-150.0.1-1.1-aarch64.pkg.tar.zst"

# Verify:
ssh mfritsche@ohm.fritz.box "firefox --version && pacman -Q firefox"
# Expect: Mozilla Firefox 150.0.1
#         firefox 150.0.1-1.1

Post-install on ohm, optionally pin against accidental upgrade:

echo "IgnorePkg = firefox" | sudo tee -a /etc/pacman.conf

File inventory

File Purpose
PKGBUILD-overlay.md This document
bootstrap.sh Reproducible PKGBUILD overlay script (run inside container)
0001-rdd-allow-stateless-v4l2-request-api.patch The patch (campaign-side filename; renamed to 0005-... when staged in container alongside upstream's 0001-0004)
Reference in New Issue View Git Blame Copy Permalink