Saturday, November 18, 2017

The Firefox issue

The Firefox versions that were shipped on Solaris 11 Express (even across all of its SRUs) and Solris 11.3 GA (and probably across all of its SRUs as well) are, saddly, rather outdated (for Solaris 11 Express that's even worse). For Solaris 11.3 the version is 31.8.0:


I have noticed on the Firefox source code, that build support for Solaris has been dropped "long ago" and, at the same time, technology pace has rapidly increased. By the time I looked at the Firefox build system, it was transitioning from a traditional GNU build to an in-house build system based on Python. I became said with these two factors as there should be no reason to drop support to Solaris as long as it possesses a reasonable GNU and Python subsystems and because anyway the traditional GNU build system is reasonably established despite its issues.

Fact is, it seems that as time goes by, it will become progressively more difficult to get a reasonably updated web browser for Solaris. Adding to that, Oracle has publicly indicated (end-of-feature) strategies to gradually dismantle the Solaris desktop in favor of a more specialized headless server box and on-line experience. There may be good reasons for so, but in any case that makes me said as one thing do not necessarily imply the other and the work-arounds, if any, are inferior.

On Solaris 11.3 one gets the following from about:buildconfig :


One easy, near, but danger, "solution", is to download a contributed pre-built version of Firefox 52.0.2 ESR from Mozilla ftp server: firefox-52.0esr.en-US.opensolaris-i386.tar.bz2:



Even though it refers to OpenSolaris, it seems to work reasonably well under Solaris 11 Express and Solaris 11.3, at least. And there's even a pre-built version for Solaris 10 FCS for those still at Solaris 10.

As show above, the contributed new version have been build with GCC 4.9.2 from OpenCSW with few different build configure options, among which:
  • D-Trace have been disabled
  • Geo-APIs (Mozilla and Google) have been inserted
  • The standard malloc have been replaced
  • Pulse-Audio have been disabled
  • The ESR update channel have been enabled
     

WARNING
I know that pre-built contributed versions may not be accredited. This is the downside. Even though the checksum may verify, one never knows if the source code has been tampered with, unfortunately. In general, nothing is too good and too easy. Watch out! Better stay away.  

But if you deliberately attempt to use this newer version anyway, despite my warning about potential danger, make sure that you do it on a safe sandbox or that at least you can safely revert back to your old Firefox version. Backup your whole Firefox profile folder (usually located at: ~/.mozilla/firefox) before anything else. To better understand what's stored in a Firefox profile read the following Mozilla article: What's in a browser profile, anyway?  In fact I would recommend to take some time for creating ZFS subdatasets of a user ZFS dataset in order to take advantage of ZFS snapshots (in this case it's probably better to delegate ZFS permissions).

Upon launching the newer version, it will import and may upgrade some configuration and formats in such a way that the original ones may break if you revert back to original version. Please, be advised.

In addition to backing up existent Firefox profiles before proceed launching the new version, consider forcing Firefox to ask which profile to use each time it's launched. But first create another brand-new profile just for evaluating the new version and use it exclusively only upon launching the new version. While evaluating, don't perform any activity that may deal with private and sensible data and information.

Before extracting the downloaded tarball, verify its checksum (digest -a md5 ...) and then, as root, extract it to /opt, subsequently renaming it to firefox-52.0.2-esr and applying the root:bin ownership to the whole subtree (chown -R root:bin /opt/firefox-52.0.2-esr).

To invoke the new version of Firefox, just launch the binary /opt/firefox-52.0.2-esr/firefox or create symbolic links and/or GNOME launchers as needed.

While I was experimenting with the new version I've noticed a possibly unsettling or concerning situation: The Preferences | Advanced | Data Choices have been blanked. Would it be hiding or attempting to deceive someone?


I then took a look at about:telemetry to check if it was enabled. And it was! And the worse was I couldn't disabled it at that same place, despite the "Change" options:


While still suspicious I went to about:healthreport and fortunately could disable the telemetry by disabling the health report by clicking on Data Sharing which turned its indication to OFF.


But even with this basic actions, it's not possible to assure that the source code haven't been tampered with and could eventually intercept and disclose something it shouldn't. Even if you attempt some wire inspection you may not cover all the hacking possibilities. And right there resides the "?", the real and serious danger.

At least there's one positive thing out of all this:
It's possible to build Firefox 52.0.2 ESR for Solaris 10 and 11.
Someone have already done it, which means you may as well.
But be aware that it's not an easy task as initially explained.
If you do succeed you'll have conquered a true win!
In that case, please, do consider sharing it!
Good luck!