On Thu, Mar 18, 2021 at 11:33 PM ken--- via blfs-book < blfs-book@lists.linuxfromscratch.org> wrote:
> Author: ken > Date: Thu Mar 18 21:32:57 2021 > New Revision: 24382 > > Log: > Update qtwebengine to 5.15.3 from git. > > This is a lot bigger and slower to build. > > Downgrade the 'Caution's in qtwebengien and falkon to 'Warning's. > I am not yet suggesting we should deprecate those two packages, > but users should start to ask themselves whether the want to use > a package where the upstreams are happy to stick with python2 > and have no interest in running on current glibc. > > Modified: > trunk/BOOK/general.ent > trunk/BOOK/introduction/welcome/changelog.xml > trunk/BOOK/packages.ent > trunk/BOOK/x/lib/qtwebengine.xml > trunk/BOOK/xsoft/graphweb/falkon.xml > > Modified: trunk/BOOK/general.ent > > ============================================================================== > --- trunk/BOOK/general.ent Wed Mar 17 10:54:14 2021 (r24381) > +++ trunk/BOOK/general.ent Thu Mar 18 21:32:57 2021 (r24382) > @@ -1,12 +1,12 @@ > <!-- $LastChangedBy$ $Date$ --> > > -<!ENTITY day "17"> <!-- Always 2 digits --> > +<!ENTITY day "18"> <!-- Always 2 digits --> > <!ENTITY month "03"> <!-- Always 2 digits --> > <!ENTITY year "2021"> > <!ENTITY copyrightdate "2001-&year;"> > <!ENTITY copyholder "The BLFS Development Team"> > <!ENTITY version "&year;-&month;-&day;"> > -<!ENTITY releasedate "March 17th, &year;"> > +<!ENTITY releasedate "March 18th, &year;"> > <!ENTITY pubdate "&year;-&month;-&day;"> <!-- metadata req. by TLDP > --> > <!ENTITY blfs-version "svn"> <!-- svn|[release #] --> > <!ENTITY lfs-version "development"> <!-- x.y|development --> > > Modified: trunk/BOOK/introduction/welcome/changelog.xml > > ============================================================================== > --- trunk/BOOK/introduction/welcome/changelog.xml Wed Mar 17 > 10:54:14 2021 (r24381) > +++ trunk/BOOK/introduction/welcome/changelog.xml Thu Mar 18 > 21:32:57 2021 (r24382) > @@ -42,6 +42,16 @@ > </listitem> > --> > <listitem> > + <para>March 18th, 2021</para> > + <itemizedlist> > + <listitem> > + <para>[ken] - Update to qtwebengine-5.15.3 from git (security > fixes). > + Fixes <ulink > url="&blfs-ticket-root;14729">#14729</ulink>.</para> > + </listitem> > + </itemizedlist> > + </listitem> > + > + <listitem> > <para>March 17th, 2021</para> > <itemizedlist> > <listitem> > > Modified: trunk/BOOK/packages.ent > > ============================================================================== > --- trunk/BOOK/packages.ent Wed Mar 17 10:54:14 2021 (r24381) > +++ trunk/BOOK/packages.ent Thu Mar 18 21:32:57 2021 (r24382) > @@ -756,7 +756,7 @@ > <!ENTITY pango-version "1.48.3"> > <!ENTITY pangomm-version "2.46.0"> > <!ENTITY qt5-version "5.15.2"> > -<!ENTITY qtwebengine-version "5.15.2"> > +<!ENTITY qtwebengine-version "5.15.3"> > <!ENTITY qtwebkit-version "5.9.0"> > <!ENTITY qscintilla-version "2.10.4"> > <!ENTITY shared-mime-info-version "2.1"> > > Modified: trunk/BOOK/x/lib/qtwebengine.xml > > ============================================================================== > --- trunk/BOOK/x/lib/qtwebengine.xml Wed Mar 17 10:54:14 2021 > (r24381) > +++ trunk/BOOK/x/lib/qtwebengine.xml Thu Mar 18 21:32:57 2021 > (r24382) > @@ -5,12 +5,15 @@ > %general-entities; > > <!ENTITY qtwebengine-major "5.15"> > +<!-- URL if there is a public release > <!ENTITY qtwebengine-download-http " > https://download.qt.io/archive/qt/&qtwebengine-major;/&qtwebengine-version;/submodules/qtwebengine-everywhere-src-&qtwebengine-version;.tar.xz > "> > + URL for a prepared git version --> > + <!ENTITY qtwebengine-download-http > "&sources-anduin-http;/qtwebengine/qtwebengine-&qtwebengine-version;.tar.xz"> > <!ENTITY qtwebengine-download-ftp " "> > - <!ENTITY qtwebengine-md5sum "c88cbe3158feb20c4feb3d54262feb23"> > - <!ENTITY qtwebengine-size "267 MB"> > - <!ENTITY qtwebengine-buildsize "4.4 GB (145 MB installed)"> > - <!ENTITY qtwebengine-time "64 SBU (Using parallelism=4)"> > + <!ENTITY qtwebengine-md5sum "838d5d4ef9d1e5b82a41bff6f830e4a4"> > + <!ENTITY qtwebengine-size "306 MB"> > + <!ENTITY qtwebengine-buildsize "4.4 GB (154 MB installed)"> > > + <!ENTITY qtwebengine-time "64 SBU (Using parallelism=4)"> > > ]> > > <sect1 id="qtwebengine" xreflabel="qtwebengine-&qtwebengine-version;"> > @@ -39,20 +42,70 @@ > <application>chromium</application> developers. > </para> > > - <caution> > + <!-- Note for editors re switching between git versions and releases: > + If a public release of Qt 5.15.3 (or later) appears in a meaningful > + time frame, please keep the notes re the git build, as comments, so > + that updating for later fixes will be easier: in the past, updates > + of 'stable' versions (i.e. 5.12 when 5.14, 5.15 were the newest) > + happened much later than updates to the newest version (now Qt6) > + and it seems likely we might again need to use a git version to fix > + future chromium vulnerabilities. --> > + > + <warning> > <para> > QtWebEngine uses a forked copy of chromium, and is therefore > vulnerable > to many issues found there. The Qt developers have always > preferred to > make releases at the same time as the rest of Qt (rather than > adding > - emergency fixes). Now that they are keen to move to Qt6, the > 5.15.3 and > - later Qt-5.15 releases are initially only available to paying > customers. > - QtWebEngine is something of an exception because of its LGPL > licence, > - but the source in git and its forked submodules is not neatly > packaged. > - Until someone is able to build this on BLFS, using this package > and > - browsers which use it leaves you open you to unpatched security > - vulnerabilities. > + emergency fixes), but with stable versions getting released after > the > + current development version. Now that they are keen to move to > Qt6, the > + 5.15.3 and later Qt-5.15 releases are initially only available to > paying > + customers. QtWebEngine is something of an exception because of > its LGPL > + licence, but getting the git sources (with the forked chromium > submodule) > + to a position where they will successfully build on a current > BLFS system > + can take a lot of effort and therefore updates to the book may be > delayed. > + </para> > + > + <para> > + It seems likely that future 5.15-series versions will also be > released > + long after the chromium vulnerabilities are known. > </para> > - </caution> > + > + <para> <!-- for git versions --> > + The tarball linked to above was created from the 5.15 git branch > + at https://code.qt.io/cgit/qt/qtwebengine.git commit 029771bcd254 > + just before the version there was rolled on for 5.15.4, > + <!-- the DTS doesn't let me put a url in a para --> > + <!--ulink url=" > https://code.qt.io/cgit/qt/qtwebengine.git/commit/?h=5.15&id=029771bcd254 > "/>code.qt.io/cgit/qt/qtwebengine.git</ulink>--> > + with the chromium submodule using the 87-branch at revision > 7c8217b36a95. > + </para> > + </warning> > + > + <!-- note for editors on obtaining webengine from git. > + First (if you do not already have a past version) > + git clone git://code.qt.io/qt/qtwebengine.git > + git submodule init - > + that will report qtwebengine-chromium.git registered for > src/3rdparty > + now find the main branch names: > + git fetch origin > + git branch -r > + after a release is prepared (even if the rest is not public), the > 5.15 > + branch is probably what you want > + git checkout origin/5.15 > + Confirm that HEAD is where you expected. > + Now go to src/3rdparty > + git fetch origin > + git branch -r > + The required branch is likely to be 87-branch unless there is a > newer one > + git checkout origin/87-branch (or whatever) > + Use git log or git tk to look at its HEAD and check it seems > appropriate. > + > + Now create tarballs - 'git archive' does not work across submodule > boundaries, > + so you need to create one archive from the top of qtwebengine/ and > another > + from the top of src/3rdparty (chromium, gn, ninja are apparently > all part of > + the qtwebengine-chromium module). Then in a work area untar the > qtwebengine > + tarball, go down to src/3rdparty and untar the submodule tarball. > + Decide on what to call the result and create a full xz tarball > using tar -cJf. > + --> > > &lfs101_checked; > > @@ -115,13 +168,10 @@ > <listitem> > <para> > Required patch: > + <!-- keep links for releases and git versions as a reminder > + that the tarball names names differ --> > <ulink > url="&patch-root;/qtwebengine-everywhere-src-&qtwebengine-version;-ICU68-2.patch"/> > - </para> > - </listitem> > - <listitem> > - <para> > - Required patch: > - <ulink > url="&patch-root;/qtwebengine-everywhere-src-&qtwebengine-version;-glibc233-1.patch"/> > + <ulink > url="&patch-root;/qtwebengine-&qtwebengine-version;-build_fixes-1.patch"/> > </para> > </listitem> > </itemizedlist> > @@ -131,6 +181,7 @@ > <bridgehead renderas="sect4">Required</bridgehead> > <!-- the qmake output tends to be misleading. 'khr' is from Mesa --> > <para role="required"> > + <xref linkend="node"/>, > <xref linkend="nss"/>, > <xref linkend="python2"/>, and > <xref linkend='qt5'/> > @@ -172,25 +223,60 @@ > <sect2 role="installation"> > <title>Installation of qtwebengine</title> > > + <note> > + <para> > + Unlike version 5.15.2, the chromium-derived build system now needs > + <command>python</command> to be available and to be python2. In > + BLFS-10.1 the creation of the python symlink was removed as a step > + towards eventually getting rid of python2 (other old packages > which > + need python2 usually work by invoking python2). If you are still > + using an earlier version of BLFS where > + <filename>/usr/bin/python</filename> exists, you can skip the > + commands to create the symlink, and to later remove it. > + </para> > + </note> > + > <para> > - First, ensure that the local headers are available when not > building as > - part of the complete <xref linkend="qt5"/>: > + First, as the <systemitem class="username">root</systemitem> > + user, create the python symlink: > </para> > > -<screen><userinput>find -type f -name "*.pr[io]" | > - xargs sed -i -e 's|INCLUDEPATH += |&$$QTWEBENGINE_ROOT/include > |'</userinput></screen> > +<screen role="root"><userinput>ln -svf > /usr/bin/python{2,}</userinput></screen> > + > + <para> > + Now apply a patch to fix several issues that can prevent the build > working: > + </para> > + > +<screen><userinput remap="pre">patch -Np1 -i > ../qtwebengine-&qtwebengine-version;-build_fixes-1.patch</userinput></screen> > + > +<!-- start of commands for git versions only --> > + <para> > + Although the patch has ensured that git is not invoked during the > build, > + the build system has labyrinthine rules of byzantine complexity, > and in > + particular trying to build without two <filename>.git</filename> > directories > + will lead to it eventually falling into unexpected and unbuildable > code > + which references a private header that has not been created. Avoid > this > + by creating the required directories: > + </para> > + > +<screen><userinput>mkdir -pv .git > src/3rdparty/chromium/.git</userinput></screen> > > <para> > - Next, apply a patch that fixes the build with system ICU version > 68.1. > + Because this version of qtwebengine is aimed at a later release > than the > + current public releases, change it to build for qt-&qt5-version; > using a > + sed: > </para> > > -<screen><userinput remap="pre">patch -Np1 -i > ../qtwebengine-everywhere-src-&qtwebengine-version;-ICU68-2.patch</userinput></screen> > +<screen><userinput>sed -e '/^MODULE_VERSION/s/5.*/&qt5-version;/' -i > .qmake.conf</userinput></screen> > +<!-- end of commands for git versions only --> > > <para> > - Now apply a patch to fix an issue introduced by glibc-2.33. > + Now, ensure that the local headers are available when not building > as > + part of the complete <xref linkend="qt5"/>: > </para> > > -<screen><userinput remap="pre">patch -Np1 -i > ../qtwebengine-everywhere-src-&qtwebengine-version;-glibc233-1.patch</userinput></screen> > +<screen><userinput>find -type f -name "*.pr[io]" | > + xargs sed -i -e 's|INCLUDEPATH += |&$$QTWEBENGINE_ROOT/include > |'</userinput></screen> > > <para> > Next, allow the pulseaudio library to be linked at build time, > instead > @@ -251,6 +337,7 @@ > </para> > > <screen role="root"><userinput>make install</userinput></screen> > + > <!-- EDITORS NOTE: If you are updating this package, use INSTALL_ROOT= > instead of DESTDIR= --> > <!-- > @@ -268,6 +355,13 @@ > > <screen role="root"><userinput>find $QT5DIR/ -name \*.prl \ > -exec sed -i -e '/^QMAKE_PRL_BUILD_DIR/d' {} \;</userinput></screen> > + > + <para> > + Finally, as the <systemitem class="username">root</systemitem> > + user, remove the python symlink: > + </para> > + > +<screen role="root"><userinput>rm -v /usr/bin/python</userinput></screen> > </sect2> > > <sect2 role="commands"> > @@ -299,7 +393,7 @@ > recognize the NINJAJOBS environment variable, this command will run > system > ninja with the specified number of jobs (i.e. 4). > There are several reasons why you might want to do this: > - </para> > + </para> > > <itemizedlist> > <listitem> > @@ -348,10 +442,46 @@ > few times for each affected tab. > </para> > > + <para> > + If a browser using this package fails to run and when run > + from a term it reports 'Trace/breakpoint trap' that is > + probably a kernel configuration issue - there is no need > + to rebuild QtWebEngine, see the next section, recompile > + the kernel and reboot to the new kernel. > + </para> > + > </sect3> > > </sect2> > > + <sect2 role="kernel" id="qtwebengine-kernel"> > + <title>Kernel Configuration</title> > + > + <para> > + Enable the following options in the kernel configuration and > recompile the > + kernel if necessary: > + </para> > + > +<!-- Spaces are significant in <screen> sections --> > +<screen><literal>General setup ---> > + -*- Namespaces support ---> > + [*] UTS namespace [CONFIG_UTS_NS] > + [*] TIME namespace [CONFIG_TIME_NS] > + [*] IPC namespace [CONFIG_IPC_NS] > + [ ] User namespace #CONFIG_USER_NS is not set > + [*] PID namespace [CONFIG_PID_NS] > + [*] Network namespace > [CONFIG_NET_NS]</literal></screen> > + > + <para> > + These are now the default options. Do <emphasis>NOT</emphasis> > enable > + User namespace (CONFIG_USER_NS), it <emphasis>will</emphasis> cause > + libQtWebengineCore to crash. > + </para> > + > + <indexterm zone="qtwebengine qtwebengine-kernel"> > + <primary sortas="d-qtwebengine">qtwebengine</primary> > + </indexterm> > + </sect2> > > This is going to be a problem. UPower requires CONFIG_USER_NS to function properly. I'll spend some time looking at this when i'm done with video editing work (Monday, which is also when I'll start on GNOME-40 and other tickets).
-- http://lists.linuxfromscratch.org/listinfo/blfs-book FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
