Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
chromium versus libressl (remove nodejs dep)
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Unsupported Software
View previous topic :: View next topic  
Author Message
geki
Advocate
Advocate


Joined: 13 May 2004
Posts: 2251
Location: Germania

PostPosted: Sun Oct 29, 2017 10:15 am    Post subject: chromium versus libressl (remove nodejs dep) Reply with quote

Hi all!

Well, I went through the trouble to move from openssl to libressl. Luckily, only some packages were not patched in gentoo repository yet, though, patches could be found on b.g.o.

The last one to hack is chromium[0]. It depends on nodejs with vulcanize + crisper[1] to combine html/js/css resources, which optimizes page load times. Luckily again, there is a build flag[2] to disable vulcanizing chromiums webui.

update
chromium finally built on my build box, where there is no nodejs installed. Patch has been updated to simply disable vulcanization.

So, disabling vulcanize means loss in page load times and increase in resources used, but in return nodejs dependency is gone.


Maybe you are interested in pre-generating the vulcanized versions of chromiums webui, adding the tarball to the ebuild, and hacking chromium build process not to try to generate the optimized webui versions but still using them later on in the build. My patch can be found at [3].


Have fun hacking! :o


[0] https://github.com/perfect7gentleman/pg_overlay/tree/master/www-client/chromium
[1] https://codereview.chromium.org/1378993003
[2] https://codereview.chromium.org/1494253003/
[3] http://geki.selfhost.eu/hacks/chromium_no-nodejs.patch
_________________
boost|select libs to build|slotable|python-buildid

hear hear


Last edited by geki on Mon Oct 30, 2017 8:40 am; edited 1 time in total
Back to top
View user's profile Send private message
Perfect Gentleman
l33t
l33t


Joined: 18 May 2014
Posts: 660

PostPosted: Sun Oct 29, 2017 12:14 pm    Post subject: Reply with quote

I am not interesting in it as
Quote:
loss in page load times and increase in resources used
Back to top
View user's profile Send private message
geki
Advocate
Advocate


Joined: 13 May 2004
Posts: 2251
Location: Germania

PostPosted: Mon Oct 30, 2017 8:37 am    Post subject: Reply with quote

Yes, it must be unconditional. Cannot work otherwise. :o
_________________
boost|select libs to build|slotable|python-buildid

hear hear
Back to top
View user's profile Send private message
geki
Advocate
Advocate


Joined: 13 May 2004
Posts: 2251
Location: Germania

PostPosted: Mon Oct 30, 2017 8:43 am    Post subject: Reply with quote

So, it finally built on my box. Updated patch to reflect necessary changes. First version removed a bit more than needed.
_________________
boost|select libs to build|slotable|python-buildid

hear hear
Back to top
View user's profile Send private message
Perfect Gentleman
l33t
l33t


Joined: 18 May 2014
Posts: 660

PostPosted: Mon Oct 30, 2017 8:52 am    Post subject: Reply with quote

I don't the point in that. What is it, the openssl hating?
moreover, afaik, Google uses its BoringSSL in Chromium and Chrome products.
Back to top
View user's profile Send private message
saboya
Guru
Guru


Joined: 28 Nov 2006
Posts: 333
Location: Brazil

PostPosted: Mon Oct 30, 2017 10:41 am    Post subject: Reply with quote

Perfect Gentleman wrote:
I don't the point in that. What is it, the openssl hating?
moreover, afaik, Google uses its BoringSSL in Chromium and Chrome products.

Nodejs pulls in OpenSSL, which is why he removed the need for it.
Back to top
View user's profile Send private message
Perfect Gentleman
l33t
l33t


Joined: 18 May 2014
Posts: 660

PostPosted: Mon Oct 30, 2017 10:47 am    Post subject: Reply with quote

Code:
net-libs/nodejs-8.8.1 (>=dev-libs/openssl-1.0.2g:0[-bindist])

OpenSSL can be avoided.
Back to top
View user's profile Send private message
geki
Advocate
Advocate


Joined: 13 May 2004
Posts: 2251
Location: Germania

PostPosted: Mon Oct 30, 2017 8:44 pm    Post subject: Reply with quote

O why so much hate? There is no hate. I have had neither emotional nor technical reason to switch - merely fun and tinkering. Also switched from mysql to mariadb on the way. Do I hate mysql now? "Smells like teen spirit" (c) Nirvana, err, like strange causal chain of reasoning. There is no hate.

Looking from my developers pov, one could argue, let's see what openssl using application (and the developers thereof) uses sane openssl api and which does not - and fails. AFAIK libressl removed dangerous api or such? Therefore ... o well, however.

From my users pov, have less CVEs. Some do care.

nodejs requires openssl - no option to disable. Two issues were raised on their tracker to support libressl which failed to complete in the end.

And for my personal use-case, I had nodejs installed on my build box only for that vulcanization of chromiums configuration pages. That is just overkill - wasting time and resources. These can just be pre-generated. While browsing through the references and other bug reports of chromium, one comment was fun to read and like so: Now you need two javascript V8 implementations for chromium (to build)?! :roll:


Well, just my mindset. :)


As for the patch which was formerly noted in topic and now just left in the body: it is a hack. To include into your or anyones ebuild it would require a useflag. But at least I cannot think of a sane useflag for this libressl <-> nodejs <-> vulcanization situation. So, whoever is in need of libressl can build chromium with this hack.


Have fun!
_________________
boost|select libs to build|slotable|python-buildid

hear hear
Back to top
View user's profile Send private message
Ant P.
Advocate
Advocate


Joined: 18 Apr 2009
Posts: 4527

PostPosted: Mon Oct 30, 2017 9:23 pm    Post subject: Reply with quote

Use nodejs from the libressl overlay and p.mask the gentoo versions. Problem solved, no need to spend all day rebuilding chromium.
_________________
*.ebuild // /etc/service/*
Back to top
View user's profile Send private message
geki
Advocate
Advocate


Joined: 13 May 2004
Posts: 2251
Location: Germania

PostPosted: Tue Oct 31, 2017 5:44 pm    Post subject: Reply with quote

Well, I wonder about the state of that patch. Browsing through nodejs/node issue tracker and pull requests does not show that patch. It is not https://github.com/nodejs/node/pull/9376, is it? That is unfinished work.

Since I read https://github.com/nodejs/node/issues/428 I just remove nodejs dependency.

I also wonder about the performance penalty. I would need to see measurements first for that bloat to be justified. :o

My browsing experience has not suffered yet. Maybe my eyes are too slow to see the impact.
_________________
boost|select libs to build|slotable|python-buildid

hear hear
Back to top
View user's profile Send private message
geki
Advocate
Advocate


Joined: 13 May 2004
Posts: 2251
Location: Germania

PostPosted: Sun Dec 03, 2017 3:02 pm    Post subject: Reply with quote

JFYI, I updated my hack[0] for chromium 63. simply change 'use_vulcanize' to 'optimize_webui'.

[0] http://geki.selfhost.eu/hacks/chromium_no-nodejs.patch
_________________
boost|select libs to build|slotable|python-buildid

hear hear
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Unsupported Software All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum