clearlinux
installing chrome
it is possible to install chrome on Clear Linux in secure way ? and if yes, how i update it afterward ?
it is possible to install chrome on Clear Linux in secure way ?
While I would not call it "installing", https://www.opendesktop.org/p/1266054/ has an AppImage of Chromium (ungoogled) that runs fine for me on Clear Linux OS. An AppImage is basically a self-mounting compressed disk image that contains the application and all it needs to run on most systems. If you have ever worked on a Mac, this should be familiar to you.
For it to work, you need to ensure that the FUSE kernel module is loaded.
We are not allowed to make redistribute custom packages of Google Chrome (I think), but you can easily make your own using this recipe like this on a Debian/Ubuntu system:
wget -c "https://github.com/AppImage/AppImages/raw/master/pkg2appimage"
bash -ex pkg2appimage Google_Chrome
The resulting AppImage should run on Clear Linux OS, as it will on many other Linux distributions.
and if yes, how i update it afterward ?
AppImages can come with a built-in delta update mechanism that is similar to what Clear Linux OS uses for the base system, but entirely independent of it. See AppImageUpdate for more information.
Maybe not the proper solution, but I wrote a script which installs Chrome in ~/chrome (like Clear Linux Firefox, which is installed in ~/firefox). I run the same script from time to time to check for an updated version of Chrome and install it. If you want to use it, here it is:
#!/bin/bash
DEST=~/chrome
VERSION_FILE=${DEST}/.version
echo Google Chrome updater
LOCAL_VERSION="none" && [ -f $VERSION_FILE ] && LOCAL_VERSION=$(cat $VERSION_FILE)
echo -e "Local version\t: $LOCAL_VERSION"
# Check version on remote
REMOTE_VERSION=$(wget -q https://dl.google.com/linux/chrome/deb/dists/stable/main/binary-amd64/Packages.gz -O-| gunzip|sed -n '/Package: google-chrome-stable/ {n;p}'|cut -f2 -d\ )
echo -e "Remote version\t: $REMOTE_VERSION"
if [ "$REMOTE_VERSION" == "$LOCAL_VERSION" ]; then
echo "No update available"
exit
fi
read -sp "Enter to update, Ctrl-C to abort... " && echo
echo Downloading ...
TMPWORK=$(mktemp -d)
cd $TMPWORK
wget -q --show-progress https://dl.google.com/linux/chrome/deb/pool/main/g/google-chrome-stable/google-chrome-stable_${REMOTE_VERSION}_amd64.deb -O google-chrome-stable_current_amd64.deb
echo Extracting ...
ar x google-chrome-stable_current_amd64.deb data.tar.xz
rm -rf $DEST
mkdir $DEST
bsdtar -xf data.tar.xz -C $DEST
# adjust path
sed -e "s%/usr/bin/google-chrome-stable%${DEST}/opt/google/chrome/google-chrome%" ${DEST}/usr/share/applications/google-chrome.desktop > ~/.local/share/applications/google-chrome.desktop
# Store version
echo $REMOTE_VERSION > $VERSION_FILE
cd
rm -rf $TMPWORK
echo Done.
[ $(pgrep -c -f ${DEST}/opt/google/chrome/chrome) -gt 0 ] && echo "Restart Google Chrome to use the latest version."
DistroWatch shows Chromium as a package for Clear Linux which must be wrong.
https://distrowatch.com/table.php?distribution=clear
If you don't have a Debian/Ubuntu environment handy, I wrote up a quick Docker container image that will make the AppImage and dump it into the mounted directory you map in. Nothing fancy but it outputs a working Google Chrome.
docker pull jaybee83/clr-appimages:chrome
docker run --rm -v /path/to/dir:/mnt/out jaybee83/clr-appimages:chrome
I just downloaded the .rpm package from the official chrome download site, extracted it to wherever in my home directory and it runs just fine. The only problem seems to be that it cant find the fonts. So you have to set this: export FONTCONFIG_PATH=/usr/share/defaults/fonts
Then start ./google-chrome
This is the second font path issue in two days.
The Chrome .rpm links dynamically to libfontconfig, so we need to debug why it couldn't find the fonts.
export FONTCONFIG_PATH=/usr/share/defaults/fonts
Well that I can fix. That certainly points to a gaping hole in our stateless patch.
fixes
The Chrome .rpm links dynamically to libfontconfig, so we need to debug why it couldn't find the fonts.
Are you sure about this? It's been statically linked in Chrome for about 16 months since https://chromium.googlesource.com/chromium/src.git/+/65f919d2d86e54c851b0327740a330d152b07ed5
Neither readelf -d or abireport show any indication of linking to libfontconfig. ldd will show libfontconfig as it links to libraries that depend on it, but chrome is using a static version internally.
@thiagomacieira @ahkok I'm more inclined to @sunnyflunk findings, additionally I can confirm that google-chrome-stable is actually loading our font configs:
% FC_DEBUG=1024 google-chrome-stable
Fontconfig error: Cannot load default config file
[6401:6401:0425/143146.044635:ERROR:sandbox_linux.cc(364)] InitializeSandbox() called with multiple threads in process gpu-process.
(pkix_CacheCert_Add: PKIX_PL_HashTable_Add for Certs skipped: entry existed
(pkix_CacheCert_Add: PKIX_PL_HashTable_Add for Certs skipped: entry existed
(pkix_CacheCert_Add: PKIX_PL_HashTable_Add for Certs skipped: entry existed
(PKIX_PL_Cert_VerifySignature: PKIX_PL_HashTable_Add skipped: entry existed
(pkix_CacheCert_Add: PKIX_PL_HashTable_Add for Certs skipped: entry existed
FC_DEBUG=1024
Loading config file from memory
Scanning config dir /home/mark/.config/fontconfig/conf.d
Loading config file from memory done
FC_DEBUG=1024
Loading config file from /usr/share/defaults/fonts/fonts.conf
Scanning config dir /usr/share/defaults/fonts/conf.d
Loading config file from /usr/share/defaults/fonts/conf.d/10-hinting-slight.conf
Loading config file from /usr/share/defaults/fonts/conf.d/10-hinting-slight.conf done
Loading config file from /usr/share/defaults/fonts/conf.d/10-scale-bitmap-fonts.conf
Loading config file from /usr/share/defaults/fonts/conf.d/10-scale-bitmap-fonts.conf done
Loading config file from /usr/share/defaults/fonts/conf.d/20-unhint-clear-sans.conf
Loading config file from /usr/share/defaults/fonts/conf.d/20-unhint-clear-sans.conf done
Loading config file from /usr/share/defaults/fonts/conf.d/20-unhint-small-vera.conf
Loading config file from /usr/share/defaults/fonts/conf.d/20-unhint-small-vera.conf done
Loading config file from /usr/share/defaults/fonts/conf.d/30-metric-aliases.conf
Loading config file from /usr/share/defaults/fonts/conf.d/30-metric-aliases.conf done
Loading config file from /usr/share/defaults/fonts/conf.d/40-nonlatin.conf
Loading config file from /usr/share/defaults/fonts/conf.d/40-nonlatin.conf done
Loading config file from /usr/share/defaults/fonts/conf.d/42-clear.conf
Loading config file from /usr/share/defaults/fonts/conf.d/42-clear.conf done
Loading config file from /usr/share/defaults/fonts/conf.d/45-generic.conf
Loading config file from /usr/share/defaults/fonts/conf.d/45-generic.conf done
Loading config file from /usr/share/defaults/fonts/conf.d/45-latin.conf
Loading config file from /usr/share/defaults/fonts/conf.d/45-latin.conf done
Loading config file from /usr/share/defaults/fonts/conf.d/49-sansserif.conf
Loading config file from /usr/share/defaults/fonts/conf.d/49-sansserif.conf done
Loading config file from /usr/share/defaults/fonts/conf.d/50-user.conf
Scanning config dir /home/mark/.config/fontconfig/conf.d
Loading config file from /usr/share/defaults/fonts/conf.d/50-user.conf done
Loading config file from /usr/share/defaults/fonts/conf.d/51-local.conf
Loading config file from /usr/share/defaults/fonts/conf.d/51-local.conf done
Loading config file from /usr/share/defaults/fonts/conf.d/60-generic.conf
Loading config file from /usr/share/defaults/fonts/conf.d/60-generic.conf done
Loading config file from /usr/share/defaults/fonts/conf.d/60-latin.conf
Loading config file from /usr/share/defaults/fonts/conf.d/60-latin.conf done
Loading config file from /usr/share/defaults/fonts/conf.d/65-fonts-persian.conf
Loading config file from /usr/share/defaults/fonts/conf.d/65-fonts-persian.conf done
Loading config file from /usr/share/defaults/fonts/conf.d/65-nonlatin.conf
Loading config file from /usr/share/defaults/fonts/conf.d/65-nonlatin.conf done
Loading config file from /usr/share/defaults/fonts/conf.d/69-unifont.conf
Loading config file from /usr/share/defaults/fonts/conf.d/69-unifont.conf done
Loading config file from /usr/share/defaults/fonts/conf.d/70-disable-x11-75-100-dpi.conf
Loading config file from /usr/share/defaults/fonts/conf.d/70-disable-x11-75-100-dpi.conf done
Loading config file from /usr/share/defaults/fonts/conf.d/80-delicious.conf
Loading config file from /usr/share/defaults/fonts/conf.d/80-delicious.conf done
Loading config file from /usr/share/defaults/fonts/conf.d/90-synthetic.conf
Loading config file from /usr/share/defaults/fonts/conf.d/90-synthetic.conf done
Loading config file from /usr/share/defaults/fonts/fonts.conf done
Scanning config dir /usr/share/fontconfig/conf.avail
Scanning config file from /usr/share/fontconfig/conf.avail/10-antialiasing.conf
Scanning config file from /usr/share/fontconfig/conf.avail/10-antialiasing.conf done
Scanning config file from /usr/share/fontconfig/conf.avail/10-autohint.conf
Scanning config file from /usr/share/fontconfig/conf.avail/10-autohint.conf done
Scanning config file from /usr/share/fontconfig/conf.avail/10-hinting-full.conf
more info on debugging fontconfig here
As of the init process for chrome's internal fontconfig for not finding our confs, I'm on a blindspot here.
I tried with a fonconfig in $XDG_CONFIG_HOME/.config/fontconfig/conf.d which forces the load of our configs in /usr/share/defaults which works, but it's a rather ugly hack that I'd prefer to avoid ;-(
this is what I've used fwiw:
% cat ~/.config/fontconfig/conf.d/50-chrome-legacy.conf
<?xml version="1.0"?>
<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
<fontconfig>
<!--
bad google-chrome is the only one who does not honor
fontconfig stateless (statically linked version?)
so we ough to "workaround" with this ugly hack ;-(
-->
<include ignore_missing="yes">/usr/share/defaults/fonts/conf.d</include>
</fontconfig>
well it used to be almost all websites that had their fonts missing, but now it was basically just Google and that got fixed with what I said.
Any progress with this? Right now I use the workaround @Meai1 mentioned, it works fine.
Also I would suggest you add Chromium with vaapi patch as a bundle. It does help quite a bit from what I've seen when I did some testing.
@ahkok , was this ever applied? I just installed chrome and had the font issue and used @Meai1 solution to correct the fonts
Maybe not the proper solution, but I wrote a script which installs Chrome in ~/chrome (like Clear Linux Firefox, which is installed in ~/firefox). I run the same script from time to time to check for an updated version of Chrome and install it. If you want to use it, here it is:
#!/bin/bash DEST=~/chrome VERSION_FILE=${DEST}/.version echo Google Chrome updater LOCAL_VERSION="none" && [ -f $VERSION_FILE ] && LOCAL_VERSION=$(cat $VERSION_FILE) echo -e "Local version\t: $LOCAL_VERSION" # Check version on remote REMOTE_VERSION=$(wget -q https://dl.google.com/linux/chrome/deb/dists/stable/main/binary-amd64/Packages.gz -O-| gunzip|sed -n '/Package: google-chrome-stable/ {n;p}'|cut -f2 -d\ ) echo -e "Remote version\t: $REMOTE_VERSION" if [ "$REMOTE_VERSION" == "$LOCAL_VERSION" ]; then echo "No update available" exit fi read -sp "Enter to update, Ctrl-C to abort... " && echo echo Downloading ... TMPWORK=$(mktemp -d) cd $TMPWORK wget -q --show-progress https://dl.google.com/linux/chrome/deb/pool/main/g/google-chrome-stable/google-chrome-stable_${REMOTE_VERSION}_amd64.deb -O google-chrome-stable_current_amd64.deb echo Extracting ... ar x google-chrome-stable_current_amd64.deb data.tar.xz rm -rf $DEST mkdir $DEST bsdtar -xf data.tar.xz -C $DEST # adjust path sed -e "s%/usr/bin/google-chrome-stable%${DEST}/opt/google/chrome/google-chrome%" ${DEST}/usr/share/applications/google-chrome.desktop > ~/.local/share/applications/google-chrome.desktop # Store version echo $REMOTE_VERSION > $VERSION_FILE cd rm -rf $TMPWORK echo Done. [ $(pgrep -c -f ${DEST}/opt/google/chrome/chrome) -gt 0 ] && echo "Restart Google Chrome to use the latest version."
Thank you very much, Danyer. Works like a charm!
This procedure was the only working on how to install google-chrome (with all functionalities, including fonts and favorite adding for gnome) on clear linux, at least to me.
Run the following command in a terminal to get the root privileges.
sudo su -
Get the dnf, rpm, cpio and rpm2cpio tools
swupd bundle-add package-utils cpio wget
Download the Chrome browser
wget https://dl.google.com/linux/direct/google-chrome-stable_current_x86_64.rpm
Install the files without extraction
rpm2cpio google-chrome*.rpm | ( cd /; cpio -idv)
Remove downloaded files
rm -f google-chrome*.rpm
Adjust the fonts
f=/etc/environment; s='export FONTCONFIG_PATH=/usr/share/defaults/fonts'; touch $f; if ! grep -q "$s" $f ; then echo $s >> $f; fi
Reboot your system
reboot
Credits and a big thanks to: nayab.xyz for this post
Just get the chrome/chrominum rpm and install it with:
rpm -i --nodeps <package>.rpm
That way you can easily uninstall it later.
Definitely there should be a chromium bundle w/ the vaapi patch. VAAPI is an intel technology and an optimization so I think it fits perfectly with what Clear Linux is trying to do
Yea well, it's a big compile but not very difficult if you get the proper patches, should be easy to maintain once the Clear Linux people get the base done.
So, has there been anymore progress on this. I've installed chrome using @enisbajra method. But a more automated and sustainable process is definitely desired.
In #413 there are two comments
- https://github.com/clearlinux/distribution/issues/413#issuecomment-501740997
- https://github.com/clearlinux/distribution/issues/413#issuecomment-501842142
by Intel employees that basically say that Google Chrome (and other licensed software) won't by available through the official repositories for at least a long time. Someone else noted, that other distributions manage to maintain their own 3rd party repositories and I tried to make contact with a friend of mine, working at SUSE. Maybe there's a way we get such software without having to manage it on our own.
Chromium is under the BSD license with other parts under various compatible open source licences. Google chrome isn't something I'd personally want (I don't know how strong people's opinions are there) but chromium does not face such licensing concerns.
Chromium is under the BSD license with other parts under various compatible open source licences. Google chrome isn't something I'd personally want (I don't know how strong people's opinions are there) but chromium does not face such licensing concerns.
I wouldn't want Chrome either. Chromium is far more desirable.
Chromium is far more desirable.
I've compiled Chromium previously(with LTO, march, mtune) and the speedup is considerable - from this point of view, I'm also more interested in Chromium, more than into an official "unoptimized" build of Chrome.
Chromium support is the only blocker for me moving to ClearLinux. I don't think the legal restrictions for distributing chromium are bad, there's many smaller distros that have packages: https://chromium.googlesource.com/chromium/src/+/master/docs/linux_chromium_packages.md
Not only do many desktop users prefer chromium, but it's also faster in many benchmarks than firefox. And applying a few optimizations could make a good business case for management.. the Phoronix benchmarks could see big gains!
PS: This is the first time hearing of VAAPI, pretty cool! But does it support my UHD 630 graphics as well? I only see HD on the project page.
Chromium is even listed right next to Clear Linux on the Intel 01.org/projects page.
I can easily compile chromium, and have done so before. But chromium is one of very few software projects with both frequent security-critical updates and long resource-intensive builds.
I'd even be willing to make a little build server and create optimized chromium bundles, but then there's no way to distribute without making an entire new ClearLinux distro, which no one wants to use (even me).
So will Clear Linux maintainers accept a bundle patch with Open Source, redistributable chromium? If not then I have to wonder about the management and direction of the project. Which is a shame, since Clear Linux looks to be one of the most innovative, secure, and performant distros ever made.. something I'd love to be able to use with my loyally bought intel chipset!
I think the issue we have to work around with chromium is that the sources contain ffmpeg. If you notice our not-ffmpeg package, you'll see we ship a reduced version of the sources and would need to do something similar for chromium.
Is there someplace I can read about it? Plenty of distros package ffmpeg
I'm not aware of that being public, sorry. We have discussed in a number of forums though that just because other distros package ffmpeg as is does not mean we can as well.