Mailing List Archive

Warnings during google-chrome build
Pale Moon is my "daily driver" web browser, but I need google-chrome
to handle Netflix DRM. Anyhow, I get some warnings at the end of the
build about...

1) Metadata location

2) USER_NS and sandbox

Does everybody else get them? Chrome seems to work OK.

======================================================================
* Final size of build directory: 4 KiB
* Final size of installed tree: 239104 KiB (233.5 MiB)

*
* This package seems to install metainfo files into the following
* location(s):
*
* /usr/share/appdata
*
* This location is deprecated, it should not be used anymore by new software.
* Appdata/Metainfo files should be installed into /usr/share/metainfo directory.
* For more details, please see the freedesktop Upstream Metadata guidelines at
* https://www.freedesktop.org/software/appstream/docs/chap-Metadata.html
*
* Gentoo Tracker bug: https://bugs.gentoo.org/709450
*

>>> Installing (5 of 5) www-client/google-chrome-91.0.4472.77::gentoo
* >>> SetUID: [chmod go-r] /opt/google/chrome/chrome-sandbox ... [ ok ]
* Updating .desktop files database ... [ ok ]
* Updating icons cache ... [ ok ]

>>> Recording www-client/google-chrome in "world" favorites file...

* Messages for package media-fonts/liberation-fonts-2.1.3:

* The following fontconfig configuration files have been installed:
*
* 60-liberation.conf
*
* Use `eselect fontconfig` to enable/disable them.

* Messages for package www-client/google-chrome-91.0.4472.77:

* USER_NS is required for sandbox to work
* Please check to make sure these options are set correctly.
* Failure to do so may cause unexpected problems.
>>> Auto-cleaning packages...

--
Walter Dnes <waltdnes@waltdnes.org>
I don't run "desktop environments"; I run useful applications
Re: Warnings during google-chrome build [ In reply to ]
On Saturday, 12 June 2021 19:16:17 BST Walter Dnes wrote:
> Pale Moon is my "daily driver" web browser, but I need google-chrome
> to handle Netflix DRM. Anyhow, I get some warnings at the end of the
> build about...
>
> 1) Metadata location
>
> 2) USER_NS and sandbox
>
> Does everybody else get them? Chrome seems to work OK.
>
> ======================================================================
> * Final size of build directory: 4 KiB
> * Final size of installed tree: 239104 KiB (233.5 MiB)
>
> *
> * This package seems to install metainfo files into the following
> * location(s):
> *
> * /usr/share/appdata
> *
> * This location is deprecated, it should not be used anymore by new
> software. * Appdata/Metainfo files should be installed into
> /usr/share/metainfo directory. * For more details, please see the
> freedesktop Upstream Metadata guidelines at *
> https://www.freedesktop.org/software/appstream/docs/chap-Metadata.html *
> * Gentoo Tracker bug: https://bugs.gentoo.org/709450
> *

The above bug refers - just a change of path to store metadata of chromium
into. Give it a few versions and it should drop out.


> >>> Installing (5 of 5) www-client/google-chrome-91.0.4472.77::gentoo
>
> * >>> SetUID: [chmod go-r] /opt/google/chrome/chrome-sandbox ... [
> ok ] * Updating .desktop files database ...
> [ ok ] * Updating icons cache ...
> [ ok ]
> >>> Recording www-client/google-chrome in "world" favorites file...
>
> * Messages for package media-fonts/liberation-fonts-2.1.3:
>
> * The following fontconfig configuration files have been installed:
> *
> * 60-liberation.conf
> *
> * Use `eselect fontconfig` to enable/disable them.
>
> * Messages for package www-client/google-chrome-91.0.4472.77:
>
> * USER_NS is required for sandbox to work
> * Please check to make sure these options are set correctly.
> * Failure to do so may cause unexpected problems.
>
> >>> Auto-cleaning packages...

This involves the use of namespaces for sandboxing purposes and your
configuration to enable it in the kernel:

$ grep USER_NS /usr/src/linux/.config
CONFIG_USER_NS=y

More here:

https://chromium.googlesource.com/chromium/src.git/+/refs/heads/main/docs/
linux/sandboxing.md
Re: Warnings during google-chrome build [ In reply to ]
On Sat, Jun 12, 2021 at 09:33:24PM +0100, Michael wrote
> On Saturday, 12 June 2021 19:16:17 BST Walter Dnes wrote:

> > * Messages for package www-client/google-chrome-91.0.4472.77:
> >
> > * USER_NS is required for sandbox to work
> > * Please check to make sure these options are set correctly.
> > * Failure to do so may cause unexpected problems.
> >
> > >>> Auto-cleaning packages...
>
> This involves the use of namespaces for sandboxing purposes and your
> configuration to enable it in the kernel:
>
> $ grep USER_NS /usr/src/linux/.config
> CONFIG_USER_NS=y
>
> More here:
>
> https://chromium.googlesource.com/chromium/src.git/+/refs/heads/main/docs/
> linux/sandboxing.md

I use a different "search" method. In the "make menuconfig" menu, the
top few lines state...

=======================================================================
Arrow keys navigate the menu. <Enter> selects submenus ---> (or empty
submenus ----). Highlighted letters are hotkeys. Pressing <Y>
includes, <N> excludes, <M> modularizes features. Press <Esc><Esc> to
exit, <?> for Help, </> for Search. Legend: [*] built-in [ ]
=======================================================================

Note the bit about "</> for Search". So I press "/" and type in
"USER_NS" or "CONFIG_USER_NS". It doesn't matter which, and it's not
case-sensitive. Hitting {ENTER} gives a list of hits, with associated
numbers. In this case, there's only one hit, with associated number
"1", so I press "1". That takes me to the *EXACT LOCATION* in the whole
"make menuconfig" layout where I need to press "Y" to enable it. Before
doing so, I tabbed over to the <Help> for this item. It mentions...

> When user namespaces are enabled in the kernel it is
> recommended that the MEMCG option also be enabled and that
> user-space use the memory control groups to limit the amount
> of memory a memory unprivileged users can use.

So I...
* <Exit> the help
* tap "Y" to enable "CONFIG_USER_NS"
* <Exit> out of the "Namespaces Support" menu
* <Exit> out of the "Search Results"

This take me back to "make menuconfig" "base level". From there I
repeat the process for "MEMCG" (or "CONFIG_MEMCG") upper/lower case is OK.

--
Walter Dnes <waltdnes@waltdnes.org>
I don't run "desktop environments"; I run useful applications