On Wed, Jul 29, 2020 at 12:24:40PM +0200, Landry Breuil wrote:
Hello Landry,
[Firefox README]
> Feel free to send diffs, i'm not a native speaker.
Please find attached a first stab. I've also fixed a few inconsistencies in
the README: you should feel free to cherry pick any bits you think are
improvements and ignore the rest!
Laurie
Index: README
===================================================================
RCS file: /cvs/ports/www/mozilla-firefox/pkg/README,v
retrieving revision 1.28
diff -u -r1.28 README
--- README 28 Jul 2020 14:13:35 -0000 1.28
+++ README 29 Jul 2020 22:20:09 -0000
@@ -11,8 +11,8 @@
start Firefox with the -ProfileManager switch, e.g.
firefox -ProfileManager, and click "Create Profile".
-If Firefox doesn't start at all, try starting it with -safe-mode
-switch, which disables extensions and themes for your session.
+If Firefox doesn't start at all, try starting it with the -safe-mode
+switch, which temporarily disables extensions and themes.
pledge(2) and unveil(2) Support
===============================
@@ -20,10 +20,11 @@
the system calls and filesystem access that each of Firefox's three
process types (main, content, and GPU) is permitted. By default,
only ~/Downloads and /tmp can be written to when downloading files,
-or when viewing local files as file:// URLs.
+or when viewing local files as file:// URLs. You can edit the
+following files to change the pledge promises, unveil paths, and
+associated permissions:
-Files containing pledge promises and unveil paths and permissions
-for each type of process are located in ${SYSCONFDIR}/firefox/.
+ /etc/firefox/{unveil,pledge}.{main,content,gpu}
3rd-Party MIME Handlers
=======================
@@ -34,24 +35,26 @@
$ xdg-mime default mupdf.desktop application/pdf
And the corresponding binary must be unveiled for it to appear as an
-option in the "Open With" drop-down, ie add
-"${LOCALBASE}/bin/mupdf rx" to unveil.main.
+option in the "Open With" drop-down for example adding the following
+line to /etc/firefox/unveil.main:
+
+ ${LOCALBASE}/bin/mupdf rx
The current default for a given type can be viewed with xdg-mime's
query command:
$ xdg-mime query default application/pdf
-The older mailcap-format handlers are also supported, for example,
-a ~/.mailcap file specifying:
+Alternatively, you can use mailcap, for example a ~/.mailcap file of:
application/pdf; ${LOCALBASE}/bin/xpdf %s
-should open PDFs via xpdf.
+As with the XDG approach, the application(s) will need to be included in
+/etc/firefox/unveil.main.
Using mailto: links
===================
-To enable mailto: links in Firefox to open in your mail program,
+In order for mailto: links in Firefox to open your mail program,
you may have to set a mailto protocol handler. Type "about:config"
in Firefox's URL text field. Type "mailto" in the filter. If there
is a string called "network.protocol-handler.app.mailto", its value
@@ -69,7 +72,7 @@
this package, and run firefox inside egdb, so that you can gather
debugging logs and traces (for all threads!).
-If this is a pledge violation, you should figure out which codepath
+If this is a pledge violation, please try to find out which codepath
in which process leads to calling a forbidden syscall, and which pledge
is missing from the sets configured according to the section above.
Setting MOZ_LOG=OpenBSDSandbox:5 should help. Bug reports without
@@ -77,7 +80,7 @@
To disable pledge and/or unveil support when troubleshooting, set the
corresponding pledge or unveil file in
-/etc/${MOZILLA_PROJECT}/{unveil,pledge}.{main,content,gpu} to contain
+/etc/firefox/{unveil,pledge}.{main,content,gpu} to contain
just "disable".
D-BUS
@@ -87,29 +90,29 @@
If you're not running a desktop environment that takes care of it,
refer to /usr/local/share/doc/pkg-readmes/dbus to configure your
session startup script to start one.
-Without a session bus running, the port is faking one (see
-https://bugzilla.mozilla.org/show_bug.cgi?id=1466593), but GLIB might still try
-to spawn one which might lead to a 'proc' pledge violation in the content
-process.
+If a session bus is not running, this port fakes the existence of one
+(see https://bugzilla.mozilla.org/show_bug.cgi?id=1466593). However,
+GLIB can still try to spawn a session bus which can then lead to a 'proc'
+pledge violation in the content process.
HTML5 audio/video support
=========================
For a full multimedia experience, such as playing MP3 audio or MPEG
-videos, install the "ffmpeg" package. It will be used at runtime if
-firefox finds it.
+videos, install the "ffmpeg" package:
-# pkg_add ffmpeg
+ $ pkg_add ffmpeg
WebRTC support
==============
-For WebRTC to properly work, it is required to enable audio recording:
+For WebRTC to work properly, you need to enable audio recording:
-# sysctl kern.audio.record=1
+ $ sysctl kern.audio.record=1
-It is also required to change the ownership of the video(4) device so that your
-regular user can access the webcam device.
+You will also need to change the ownership and/or permissions of the
+relevant video(4) device so that your user can access the webcam
+device e.g.:
-# chown youruser /dev/video0
+ $ chown youruser /dev/video0
Screen sharing needs shmget() which isnt available when pledge() is active, so
you will have to disable pledge for the main process.
@@ -128,21 +131,20 @@
To instruct Firefox to use Kerberos for specific domains, open
'about:config' and modify the following key:
-network.negotiate-auth.trusted-uris: .example.com
+ network.negotiate-auth.trusted-uris: .example.com
Graphic Acceleration
====================
-By default on unices the OpenGL acceleration is disabled. One can enable it by
+By default, OpenGL acceleration is disabled. One can enable it by
setting MOZ_ACCELERATED=1 in the environment, or by switching the about:config
layers.acceleration.force-enable knob to true. Check the 'Decision log'
section in about:support to see whether HW_COMPOSITING and OPENGL_COMPOSITING
are enabled.
-Similarly, for the rust-based WebRender compositor, it is enabled by setting
+Similarly, the rust-based WebRender compositor can be enabled by setting
MOZ_WEBRENDER=1 in the environment, or by switching the about:config
gfx.webrender.enabled knob to true. Check it is enabled in the 'Features'
-section of about:support. For this feature, WebGL2 is necessary, so your
+section of about:support. For this feature, WebGL2 is necessary, so your
hardware must support at least OpenGL 4.
-Check
-https://wiki.mozilla.org/Platform/GFX/Quantum_Render for more details.
+See https://wiki.mozilla.org/Platform/GFX/Quantum_Render for more details.
No comments:
Post a Comment