>> > I don't get it then. Does anyone know why I can't compile Firefox >> > as described in the link above? This sums it up: >> > >> > "firefox-9.0 ebuild stalls at the install phase while xpcshell >> > command tops CPU usage for hours." >> > >> > Although xpcshell doesn't use any CPU for me. It just sits there >> > and the install phase doesn't proceed. >> > >> > - Grant >> >> I can compile Icecat with a customized ebuild. since it's basically >> the same as Firefox, maybe that helps. Basically it disables jit. >> > > You can't compile it on a grsec kernel because of this bug: :) > https://bugs.gentoo.org/show_bug.cgi?id=396275 > > It's odd that it hangs at xpcshell for you as it's already paxmarked in the > ebuild... > > Anyway, I'd suggest: > > 1) keyword firefox so you can get the latest one, which currently is the > 10.0.1. I'm not sure if the security patches between 9.0.1 and 10.0.1 have > been backported. AFAIK, Firefox-10.0.1 from the ebuild in portage tree will > compile just fine on hardened.
10.0.1 fails the same way unfortunately. - Grant > 2) As suggested, disabling JIT will do the trick and it seems like recent > versions of Firefox can actually have it disabled properly. So the ebuild for > icecat/firefox will work for you, you just need this in src_configure() : > > if use pax_kernel; then > mozconfig_annotate '' --disable-methodjit > mozconfig_annotate '' --disable-tracejit > fi > > 3) the other benefit of disabling jit completely is that you can now disable > the paxmarking turning MPROTECT off and benefit from properfly enforced W^X > pages > :) Unless you want to use FF for flash or java that is... ;)
