View previous topic :: View next topic |
Author |
Message |
geki Advocate
Joined: 13 May 2004 Posts: 2387 Location: Germania
|
Posted: Sun Oct 29, 2017 10:15 am Post subject: chromium versus libressl (remove nodejs dep) |
|
|
Hi all!
Well, I went through the trouble to move from openssl to libressl. Luckily, only some packages were not patched in gentoo repository yet, though, patches could be found on b.g.o.
The last one to hack is chromium[0]. It depends on nodejs with vulcanize + crisper[1] to combine html/js/css resources, which optimizes page load times. Luckily again, there is a build flag[2] to disable vulcanizing chromiums webui.
update
chromium finally built on my build box, where there is no nodejs installed. Patch has been updated to simply disable vulcanization.
So, disabling vulcanize means loss in page load times and increase in resources used, but in return nodejs dependency is gone.
Maybe you are interested in pre-generating the vulcanized versions of chromiums webui, adding the tarball to the ebuild, and hacking chromium build process not to try to generate the optimized webui versions but still using them later on in the build. My patch can be found at [3].
Have fun hacking!
[0] https://github.com/perfect7gentleman/pg_overlay/tree/master/www-client/chromium
[1] https://codereview.chromium.org/1378993003
[2] https://codereview.chromium.org/1494253003/
[3] http://geki.selfhost.eu/hacks/chromium_no-nodejs.patch _________________ hear hear
Last edited by geki on Mon Oct 30, 2017 8:40 am; edited 1 time in total |
|
Back to top |
|
|
Perfect Gentleman Veteran
Joined: 18 May 2014 Posts: 1249
|
Posted: Sun Oct 29, 2017 12:14 pm Post subject: |
|
|
I am not interesting in it as
Quote: | loss in page load times and increase in resources used |
|
|
Back to top |
|
|
geki Advocate
Joined: 13 May 2004 Posts: 2387 Location: Germania
|
Posted: Mon Oct 30, 2017 8:37 am Post subject: |
|
|
Yes, it must be unconditional. Cannot work otherwise. _________________ hear hear |
|
Back to top |
|
|
geki Advocate
Joined: 13 May 2004 Posts: 2387 Location: Germania
|
Posted: Mon Oct 30, 2017 8:43 am Post subject: |
|
|
So, it finally built on my box. Updated patch to reflect necessary changes. First version removed a bit more than needed. _________________ hear hear |
|
Back to top |
|
|
Perfect Gentleman Veteran
Joined: 18 May 2014 Posts: 1249
|
Posted: Mon Oct 30, 2017 8:52 am Post subject: |
|
|
I don't the point in that. What is it, the openssl hating?
moreover, afaik, Google uses its BoringSSL in Chromium and Chrome products. |
|
Back to top |
|
|
saboya Guru
Joined: 28 Nov 2006 Posts: 552 Location: Brazil
|
Posted: Mon Oct 30, 2017 10:41 am Post subject: |
|
|
Perfect Gentleman wrote: | I don't the point in that. What is it, the openssl hating?
moreover, afaik, Google uses its BoringSSL in Chromium and Chrome products. |
Nodejs pulls in OpenSSL, which is why he removed the need for it. |
|
Back to top |
|
|
Perfect Gentleman Veteran
Joined: 18 May 2014 Posts: 1249
|
Posted: Mon Oct 30, 2017 10:47 am Post subject: |
|
|
Code: | net-libs/nodejs-8.8.1 (>=dev-libs/openssl-1.0.2g:0[-bindist]) |
OpenSSL can be avoided. |
|
Back to top |
|
|
geki Advocate
Joined: 13 May 2004 Posts: 2387 Location: Germania
|
Posted: Mon Oct 30, 2017 8:44 pm Post subject: |
|
|
O why so much hate? There is no hate. I have had neither emotional nor technical reason to switch - merely fun and tinkering. Also switched from mysql to mariadb on the way. Do I hate mysql now? "Smells like teen spirit" (c) Nirvana, err, like strange causal chain of reasoning. There is no hate.
Looking from my developers pov, one could argue, let's see what openssl using application (and the developers thereof) uses sane openssl api and which does not - and fails. AFAIK libressl removed dangerous api or such? Therefore ... o well, however.
From my users pov, have less CVEs. Some do care.
nodejs requires openssl - no option to disable. Two issues were raised on their tracker to support libressl which failed to complete in the end.
And for my personal use-case, I had nodejs installed on my build box only for that vulcanization of chromiums configuration pages. That is just overkill - wasting time and resources. These can just be pre-generated. While browsing through the references and other bug reports of chromium, one comment was fun to read and like so: Now you need two javascript V8 implementations for chromium (to build)?!
Well, just my mindset.
As for the patch which was formerly noted in topic and now just left in the body: it is a hack. To include into your or anyones ebuild it would require a useflag. But at least I cannot think of a sane useflag for this libressl <-> nodejs <-> vulcanization situation. So, whoever is in need of libressl can build chromium with this hack.
Have fun! _________________ hear hear |
|
Back to top |
|
|
Ant P. Watchman
Joined: 18 Apr 2009 Posts: 6920
|
Posted: Mon Oct 30, 2017 9:23 pm Post subject: |
|
|
Use nodejs from the libressl overlay and p.mask the gentoo versions. Problem solved, no need to spend all day rebuilding chromium. |
|
Back to top |
|
|
geki Advocate
Joined: 13 May 2004 Posts: 2387 Location: Germania
|
Posted: Tue Oct 31, 2017 5:44 pm Post subject: |
|
|
Well, I wonder about the state of that patch. Browsing through nodejs/node issue tracker and pull requests does not show that patch. It is not https://github.com/nodejs/node/pull/9376, is it? That is unfinished work.
Since I read https://github.com/nodejs/node/issues/428 I just remove nodejs dependency.
I also wonder about the performance penalty. I would need to see measurements first for that bloat to be justified.
My browsing experience has not suffered yet. Maybe my eyes are too slow to see the impact. _________________ hear hear |
|
Back to top |
|
|
geki Advocate
Joined: 13 May 2004 Posts: 2387 Location: Germania
|
|
Back to top |
|
|
|