Re: [gentoo-user] Python 2.7 removal : problem with Firefox + Spidermonkey
On 8/2/20 6:22 AM, Walter Dnes wrote: On Sat, Aug 01, 2020 at 11:08:47PM -0400, james wrote On 8/1/20 12:10 PM, Walter Dnes wrote: So a "palemoon-bin" ebuild is possible. But is it necessary? If you pull down and extract the precompiled tarball to your home dir, it can be set to check for, and do, updates (as long as you have write permission to the Pale Moon directory). No need for portage to do it. Further security ideas with palemoon are of keen interest to me too. A set of local security testing tools/semantics etc etc would be useful; pointers to existing security tools are keen appreciated too. The best security advice for the average user is to keep up with the latest updates. yep yep yep. See http://www.palemoon.org/releasenotes.shtml for an idea of feature updates and security and bug fixes with each release. To keep up-to-date *ON AN OFFICIAL BINARY* follow the menu tree... Tools ==> Preferences ==> Advanced ==> Update NICE. ..and select the appropriate option. See http://www.palemoon.org/support/prefs-advanced-update for an explanation. If you install the official binary manually in your home dir (or anywhere else you have write permission), Pale Moon can do in-place updates. If you do it "the official Portage way") the installed files will end up somewhere in /usr/ and you, as regular user, cannot authorize the update. Since you're talking about security, I assume you're not browsing as root. never. Another thing to note is that the Pale Moon devs are currently "de-unifying the source". This means that over time, manual builds will take longer and longer to compile, especially on older machines with low ram. Unifying source speeds up compile-time, but... large monolithic source files make bugs and error messages a lot harder to track down. Run-time performance is not affected. All of my "old amd64" systems have 32 G of ram. I'm evaluating which cluster technology to use all (3) on compiles. But with the use of the GPU soon to be practical on Gentoo, maybe that times(3) cluster will not be needed? Except on big compile days.. tldr; the quickest/dirtiest/securest way to deal with Pale Moon (e.g. for 64-bit) is... mkdir $HOME/pm cd $HOME/pm # # Download the official tarball from http://linux.palemoon.org/download/mainline/ # # Stop Pale Moon and "uninstall" and extract killall palemoon rm -rf palemoon tar xf ..and point your program launcher to $HOME/pm/palemoon/palemoon ${*} very cool. If you want to get fancy and run multiple profiles simultaneously you can pass commandline parameters like... $HOME/pm/palemoon/palemoon -new-instance -p 680_news $HOME/pm/palemoon/palemoon -new-instance -p covid $HOME/pm/palemoon/palemoon -new-instance -p dslr $HOME/pm/palemoon/palemoon -new-instance -p slashdot $HOME/pm/palemoon/palemoon -new-instance -p youtube Note that these profiles have to already exist. To launch the profile manager to enable profile creation... $HOME/pm/palemoon/palemoon -new-instance -p Multiple profiles have advantages... 1) You can get multiple specified webpages to open up on startup that are related to one item. Hint; In "Tools ==> Preferences ==> General" you can set "Home Page" like so... http://bad.example.com | ftp://blah.blah.blah.com | https://youtube.com Nice. ..etc, etc. Multiple webpages are separated by {SPACE} {PIPE} {SPACE}. I've got some really long lines on one or two profiles. 2) 3rd-party cookies in one profile cannot be accessed by webpages in another profile. This reduces the effectiveness of tracking. Kinda been suspecting this, great to get verification. 3) Add-ons only apply to the profile they're downloaded to. The only one I use is ANM "Advanced Night Mode" https://addons.palemoon.org/addon/advanced-night-mode/ Some webpages are run by idiot webmasters who set "low contrast" fonts to something bordering on... FONT FOREGROUND #FEFEFE FONT BACKGROUND #FF ANM cures that by forcing white text on black background. This add-on is specific to Pale Moon. The add-on works only in profile(s) it's downloaded to, so sane webpages can be left alone. Actually, even sane webpages sometimes look better with ANM. Thanks Walter, for all of the palemoon info. I'm putting up a gentoo test system for such (palemoon) excursions. James
Re: [gentoo-user] Python 2.7 removal : problem with Firefox + Spidermonkey
On Sat, Aug 01, 2020 at 11:08:47PM -0400, james wrote > On 8/1/20 12:10 PM, Walter Dnes wrote: > > > >So a "palemoon-bin" ebuild is possible. But is it necessary? If > > you pull down and extract the precompiled tarball to your home dir, it > > can be set to check for, and do, updates (as long as you have write > > permission to the Pale Moon directory). No need for portage to do it. > > Further security ideas with palemoon are of keen interest to me too. A > set of local security testing tools/semantics etc etc would be useful; > pointers to existing security tools are keen appreciated too. The best security advice for the average user is to keep up with the latest updates. See http://www.palemoon.org/releasenotes.shtml for an idea of feature updates and security and bug fixes with each release. To keep up-to-date *ON AN OFFICIAL BINARY* follow the menu tree... Tools ==> Preferences ==> Advanced ==> Update ...and select the appropriate option. See http://www.palemoon.org/support/prefs-advanced-update for an explanation. If you install the official binary manually in your home dir (or anywhere else you have write permission), Pale Moon can do in-place updates. If you do it "the official Portage way") the installed files will end up somewhere in /usr/ and you, as regular user, cannot authorize the update. Since you're talking about security, I assume you're not browsing as root. Another thing to note is that the Pale Moon devs are currently "de-unifying the source". This means that over time, manual builds will take longer and longer to compile, especially on older machines with low ram. Unifying source speeds up compile-time, but... large monolithic source files make bugs and error messages a lot harder to track down. Run-time performance is not affected. tldr; the quickest/dirtiest/securest way to deal with Pale Moon (e.g. for 64-bit) is... mkdir $HOME/pm cd $HOME/pm # # Download the official tarball from http://linux.palemoon.org/download/mainline/ # # Stop Pale Moon and "uninstall" and extract killall palemoon rm -rf palemoon tar xf ...and point your program launcher to $HOME/pm/palemoon/palemoon ${*} If you want to get fancy and run multiple profiles simultaneously you can pass commandline parameters like... $HOME/pm/palemoon/palemoon -new-instance -p 680_news $HOME/pm/palemoon/palemoon -new-instance -p covid $HOME/pm/palemoon/palemoon -new-instance -p dslr $HOME/pm/palemoon/palemoon -new-instance -p slashdot $HOME/pm/palemoon/palemoon -new-instance -p youtube Note that these profiles have to already exist. To launch the profile manager to enable profile creation... $HOME/pm/palemoon/palemoon -new-instance -p Multiple profiles have advantages... 1) You can get multiple specified webpages to open up on startup that are related to one item. Hint; In "Tools ==> Preferences ==> General" you can set "Home Page" like so... http://bad.example.com | ftp://blah.blah.blah.com | https://youtube.com ...etc, etc. Multiple webpages are separated by {SPACE} {PIPE} {SPACE}. I've got some really long lines on one or two profiles. 2) 3rd-party cookies in one profile cannot be accessed by webpages in another profile. This reduces the effectiveness of tracking. 3) Add-ons only apply to the profile they're downloaded to. The only one I use is ANM "Advanced Night Mode" https://addons.palemoon.org/addon/advanced-night-mode/ Some webpages are run by idiot webmasters who set "low contrast" fonts to something bordering on... FONT FOREGROUND #FEFEFE FONT BACKGROUND #FF ANM cures that by forcing white text on black background. This add-on is specific to Pale Moon. The add-on works only in profile(s) it's downloaded to, so sane webpages can be left alone. Actually, even sane webpages sometimes look better with ANM. -- Walter Dnes I don't run "desktop environments"; I run useful applications
Re: [gentoo-user] Python 2.7 removal : problem with Firefox + Spidermonkey
Hello, On Sat, 01 Aug 2020, james wrote: >On 8/1/20 7:04 PM, David Haller wrote: >> On Sat, 01 Aug 2020, Walter Dnes wrote: >> [..] >> > So a "palemoon-bin" ebuild is possible. >> >> There's already one in the palemoon overlay. > >This is what you are referring to? > >www-client/palemoon-bin [2] >Available versions: 28.11.0^ms {startup-notification} > Homepage:https://www.palemoon.org/ > >[2] "palemoon" /var/lib/layman/palemoon If your palemoon is the one "in" layman and refers to sync-uri = https://github.com/deu/palemoon-overlay.git then yes. -dnh -- "Now, what was I doing before I so rudely interrupted myself?"
Re: [gentoo-user] Python 2.7 removal : problem with Firefox + Spidermonkey
On 8/1/20 7:04 PM, David Haller wrote: Hello, On Sat, 01 Aug 2020, Walter Dnes wrote: [..] So a "palemoon-bin" ebuild is possible. There's already one in the palemoon overlay. -dnh This is what you are referring to? www-client/palemoon-bin [2] Available versions: 28.11.0^ms {startup-notification} Homepage:https://www.palemoon.org/ [1] "octopus" /var/lib/layman/octopus [2] "palemoon" /var/lib/layman/palemoon If other, please post an exact link? James
Re: [gentoo-user] Python 2.7 removal : problem with Firefox + Spidermonkey
On 8/1/20 12:10 PM, Walter Dnes wrote: On Sat, Aug 01, 2020 at 01:05:30AM -0400, Walter Dnes wrote I have another idea. We already have firefox-bin and libreoffice-bin ebuilds where the compiled tarball is pulled down from upstream, and untarred. Would this work on Pale Moon? I guess it comes down to whether or not python 2.7 is a run-time dependancy as well as a build time dependency. I'll ask on the Pale Moon forum. I checked, and it looks like python 2.7 is build-time dependency only. Pale Moon will *RUN* just fine without python. Runtime system requirements according to http://linux.palemoon.org/download/mainline/ * A modern Linux distribution. The browser may not work well on old or LTS releases of Linux. * A modern processor (must have SSE2 support as the absolute minimum). * 1GB of RAM (2GB or more recommended for heavy use). * GTK+ v2.24 * GLib 2.22 or higher * Pango 1.14 or higher * libstdc++ 4.6.1 or higher So a "palemoon-bin" ebuild is possible. But is it necessary? If you pull down and extract the precompiled tarball to your home dir, it can be set to check for, and do, updates (as long as you have write permission to the Pale Moon directory). No need for portage to do it. OK, give a few days, as I do like the idea of building palemoon locally, outside of portage. Since it is a critical, at this time, app for me, having more than one way to build it or get the binary, is of keen interest to me. What we do not need to do, is start trying to stay on top of all the python.2_7 security issues that abound. In fact, since palemoon is all about a secure browser (for me at least) I'm surprised they, as a project team, are not accelerating the migration to pure Python-3. Further security ideas with palemoon are of keen interest to me too. A set of local security testing tools/semantics etc etc would be useful; pointers to existing security tools are keen appreciated too. thx Walter. James
Re: [gentoo-user] Python 2.7 removal : problem with Firefox + Spidermonkey
Hello, On Sat, 01 Aug 2020, Walter Dnes wrote: [..] > So a "palemoon-bin" ebuild is possible. There's already one in the palemoon overlay. -dnh -- "If Pacman had affected us as kids we'd be running around in dark rooms, munching pills and listening to repetitive music." -- Marcus Brigstocke
Re: [gentoo-user] Python 2.7 removal : problem with Firefox + Spidermonkey
On Sat, Aug 01, 2020 at 01:05:30AM -0400, Walter Dnes wrote > > I have another idea. We already have firefox-bin and libreoffice-bin > ebuilds where the compiled tarball is pulled down from upstream, and > untarred. Would this work on Pale Moon? I guess it comes down to > whether or not python 2.7 is a run-time dependancy as well as a build > time dependency. I'll ask on the Pale Moon forum. I checked, and it looks like python 2.7 is build-time dependency only. Pale Moon will *RUN* just fine without python. Runtime system requirements according to http://linux.palemoon.org/download/mainline/ * A modern Linux distribution. The browser may not work well on old or LTS releases of Linux. * A modern processor (must have SSE2 support as the absolute minimum). * 1GB of RAM (2GB or more recommended for heavy use). * GTK+ v2.24 * GLib 2.22 or higher * Pango 1.14 or higher * libstdc++ 4.6.1 or higher So a "palemoon-bin" ebuild is possible. But is it necessary? If you pull down and extract the precompiled tarball to your home dir, it can be set to check for, and do, updates (as long as you have write permission to the Pale Moon directory). No need for portage to do it. -- Walter Dnes I don't run "desktop environments"; I run useful applications
Re: [gentoo-user] Python 2.7 removal : problem with Firefox + Spidermonkey
On Fri, Jul 31, 2020 at 06:09:53PM -0400, james wrote > and it builds, robustly and without errors, but is still dependent on > python 2.7. > > > so your details do result in palemoon 28.11.0 without python 2.7 > attendances? Python 2.7 is still a build-time dependency. But rather than being provided by Portage, it's provided by the manually installed version. The manually installed version won't be touched by Portage. I have another idea. We already have firefox-bin and libreoffice-bin ebuilds where the compiled tarball is pulled down from upstream, and untarred. Would this work on Pale Moon? I guess it comes down to whether or not python 2.7 is a run-time dependancy as well as a build time dependency. I'll ask on the Pale Moon forum. If you want to go 100% manual you can actually pull down the tarball from http://linux.palemoon.org/download/mainline/ and extract it. Nice part is that you can pull down the tarball to say $HOME/pm/ and extract it, without root permissions. Point your program launcher to $HOME/pm/palemoon/palemoon (correct) and away you go. You can get fancy with multiple profiles. It doesn't splatter libs all over, so "uninstalling" consists of... rm -rf $HOME/pm/palemoon -- Walter Dnes I don't run "desktop environments"; I run useful applications
Re: [gentoo-user] Python 2.7 removal : problem with Firefox + Spidermonkey
On 7/31/20 9:40 AM, Walter Dnes wrote: On Wed, Jul 29, 2020 at 08:01:33PM -0400, james wrote Me, palemoon is my fav browser and it seems to be long term stuck on python 2.7.. Any suggests on a more secure, feature rich browser other than palemoon would be interesting to me to at least test. Pale Moon is a Firefox fork and has inherited this dependancy from it. I used to build Pale Moon manually on an older 32-bit CentOS chroot. That CentOS version only went up to python 2.4, which did not work. I had to download a python 2.7 tarball and build it in the home dir (yes, it works). The Pale Moon build toolchain found it and it built OK. The steps are... # # Name it whatever you want mkdir pysource cd pysource wget https://www.python.org/ftp/python/2.7.18/Python-2.7.18.tar.xz tar xf Py* cd Python-2.7.18 # # Name it whatever you want ./configure --prefix=$HOME/py27 make # # "su" or "sudo" is not required in the next step. You have write # permission to your home directory. make install The "make" command may take while to build, depending on RAM and CPU in your machine. Afterwards you probably have to include... I just use this: /var/lib/layman/palemoon/www-client/palemoon and www-client/palemoon 28.11.0 installs without issue. Your method makes palemoon.28.11.0 install without any dependence on python.2_7 ? The package build/install for palemoon will not be part of portage.? (if I'm understanding what you have written). James
Re: [gentoo-user] Python 2.7 removal : problem with Firefox + Spidermonkey
On 7/31/20 9:50 AM, Walter Dnes wrote: On Wed, Jul 29, 2020 at 08:01:33PM -0400, james wrote Me, palemoon is my fav browser and it seems to be long term stuck on python 2.7.. Any suggests on a more secure, feature rich browser other than palemoon would be interesting to me to at least test. Pale Moon is a Firefox fork and has inherited this dependancy from it. I used to build Pale Moon manually on an older 32-bit CentOS chroot. That CentOS version only went up to python 2.4, which did not work. I had to download a python 2.7 tarball and build it in the home dir (yes, it works). The Pale Moon build toolchain found it and it built OK. The steps are... # # Name it whatever you want mkdir pysource cd pysource wget https://www.python.org/ftp/python/2.7.18/Python-2.7.18.tar.xz tar xf Py* cd Python-2.7.18 # # Name it whatever you want ./configure --prefix=$HOME/py27 make # # "su" or "sudo" is not required in the next step. You have write # permission to your home directory. make install Interesting. The "make" command may take while to build, depending on RAM and CPU in your machine. Afterwards you probably have to include... Explicitly, this will result in palemoon.28.11.0 being build, only dependant on Python 3 ? I just added a repo via layman: /var/lib/layman/palemoon/www-client/palemoon www-client/palemoon Available versions: {M}(~)27.9.4[1] {M}**27.-r2[1] (~)28.2.2*l^m[1] (~)28.3.0*l^m[1] 28.9.0.1*l[2] 28.9.0.2*l[2] 28.9.1*l[2] 28.9.2*l[2] 28.9.3*l[2] 28.10.0*l[2] 28.11.0 via [2] "palemoon" /var/lib/layman/palemoon and it builds, robustly and without errors, but is still dependent on python 2.7. so your details do result in palemoon 28.11.0 without python 2.7 attendances?
Re: [gentoo-user] Python 2.7 removal : problem with Firefox + Spidermonkey
On Wed, Jul 29, 2020 at 08:01:33PM -0400, james wrote > Me, palemoon is my fav browser and it seems to be long term stuck on > python 2.7.. Any suggests on a more secure, feature rich browser > other than palemoon would be interesting to me to at least test. Pale Moon is a Firefox fork and has inherited this dependancy from it. I used to build Pale Moon manually on an older 32-bit CentOS chroot. That CentOS version only went up to python 2.4, which did not work. I had to download a python 2.7 tarball and build it in the home dir (yes, it works). The Pale Moon build toolchain found it and it built OK. The steps are... # # Name it whatever you want mkdir pysource cd pysource wget https://www.python.org/ftp/python/2.7.18/Python-2.7.18.tar.xz tar xf Py* cd Python-2.7.18 # # Name it whatever you want ./configure --prefix=$HOME/py27 make # # "su" or "sudo" is not required in the next step. You have write # permission to your home directory. make install The "make" command may take while to build, depending on RAM and CPU in your machine. Afterwards you probably have to include... I don't run "desktop environments"; I run useful applications
Re: [gentoo-user] Python 2.7 removal : problem with Firefox + Spidermonkey
On 7/29/20 1:21 PM, Simon Thelen wrote: [2020-07-29 13:11] Philip Webb Hi, I've removed every other pkg which might require Python-2.7, but am stuck with this : root:605 ~> emerge -cpv python:2.7 Calculating dependencies... done! dev-lang/python-2.7.18-r1 pulled in by: dev-lang/spidermonkey-60.5.2_p0-r4 requires >=dev-lang/python-2.7.5-r2:2.7[ncurses,sqlite,ssl,threads] www-client/firefox-68.10.0 requires dev-lang/python:2.7[ncurses,sqlite,ssl,threads(+)] Yes, I've looked in package.use & in the ebuilds & can't find any source of these requirements : can anyone help ? The dependencies on python2.7 are being added by the mozcoreconf eclasses. The firefox requirement is in eclass/mozcoreconf-v6.eclass, spidermonkey has essentially the same thing but in -v5.eclass I'm down to (9) or so. Periodically, I use this command to see where I am:: eix --installed-with-use python_targets_python2_7 and in the top of my package.use I have:: */* PYTHON_TARGETS: python3_6 python3_7 python3_8 python3_9 */* PYTHON_SINGLE_TARGET: -* python3_7 */* PYTHON_TARGETS: -python2_7 There are many variants on these approaches, depending on how aggressively you want to get rid of python 2_7. Me, palemoon is my fav browser and it seems to be long term stuck on python 2.7.. Any suggests on a more secure, feature rich browser other than palemoon would be interesting to me to at least test. But, this is a system, with thousands of packages from gentoo (gentrified) proper, and dozens of other hacks. and dozens of my own (rev-5) ebuilds I'm too lazy/stupid to update to (rev-7). If I were only smarter and motivated.. As I age, I'm getting lazier; and that includes all things gentoo hth, James
Re: [gentoo-user] Python 2.7 removal : problem with Firefox + Spidermonkey
200729 i.Dark_Templar wrote: > 29.07.2020 20:11, Philip Webb пишет: >> I've removed every other pkg which might require Python-2.7, >> but am stuck with this : >> >> root:605 ~> emerge -cpv python:2.7 >> Calculating dependencies... done! >> dev-lang/python-2.7.18-r1 pulled in by: >> dev-lang/spidermonkey-60.5.2_p0-r4 requires >> >=dev-lang/python-2.7.5-r2:2.7[ncurses,sqlite,ssl,threads] >> www-client/firefox-68.10.0 requires >> dev-lang/python:2.7[ncurses,sqlite,ssl,threads(+)] >> > For firefox, it's in mozcoreconf-v6.eclass. Indeed, it is. Is there anything I can do re it today ? If not, are steps being taken by the devs to remove these requirements ? What might happen, if I simply remove Python-2.7 with -C ? Thanks for both responses. -- ,, SUPPORT ___//___, Philip Webb ELECTRIC /] [] [] [] [] []| Cities Centre, University of Toronto TRANSIT`-O--O---' purslowatcadotinterdotnet
Re: [gentoo-user] Python 2.7 removal : problem with Firefox + Spidermonkey
[2020-07-29 13:11] Philip Webb Hi, > I've removed every other pkg which might require Python-2.7, > but am stuck with this : > > root:605 ~> emerge -cpv python:2.7 > > Calculating dependencies... done! > dev-lang/python-2.7.18-r1 pulled in by: > dev-lang/spidermonkey-60.5.2_p0-r4 requires > >=dev-lang/python-2.7.5-r2:2.7[ncurses,sqlite,ssl,threads] > www-client/firefox-68.10.0 requires > dev-lang/python:2.7[ncurses,sqlite,ssl,threads(+)] > > Yes, I've looked in package.use & in the ebuilds > & can't find any source of these requirements : can anyone help ? The dependencies on python2.7 are being added by the mozcoreconf eclasses. The firefox requirement is in eclass/mozcoreconf-v6.eclass, spidermonkey has essentially the same thing but in -v5.eclass -- Simon Thelen
Re: [gentoo-user] Python 2.7 removal : problem with Firefox + Spidermonkey
29.07.2020 20:11, Philip Webb пишет: > I've removed every other pkg which might require Python-2.7, > but am stuck with this : > > root:605 ~> emerge -cpv python:2.7 > > Calculating dependencies... done! > dev-lang/python-2.7.18-r1 pulled in by: > dev-lang/spidermonkey-60.5.2_p0-r4 requires > >=dev-lang/python-2.7.5-r2:2.7[ncurses,sqlite,ssl,threads] > www-client/firefox-68.10.0 requires > dev-lang/python:2.7[ncurses,sqlite,ssl,threads(+)] > > Yes, I've looked in package.use & in the ebuilds > & can't find any source of these requirements : can anyone help ? > It's in one of eclasses inherited by those ebuilds. For firefox, it's in mozcoreconf-v6.eclass.