Posted by CarloWood on Mon 10 Mar 2008 at 06:22
If you weren't already convinced that closed source sucked before, then surely the experience of trying to browse the net with an amd64 machine will have won you over; I could ponder on how much Microsoft is paying Adobe not to release a 64-bit version of their flash plugin— but why Sun is categorically refusing to address our cry for a 64-bit java plugin for mozilla based browsers for this many years is beyond me.
There are three approaches to work around this conspiracy:
I used option 1 (the chroot) for a while, but that approach has several annoying disadvantages:
I tried option 2, but it was a horror. Maybe some day that option will mature, but right now it's just not working for me.
That leaves option 3. However, the main disadvantage of that option is that you simply can't install i386 debian packages on an amd64 system. Therefore you have to fall-back to tar-balls and install everything manually. I tried this too, with as result that anti-aliasing didn't work anymore and java simply froze iceweasel.
The approach that I chose in the end is as follows: I installed everything that has to be of i386 architecture in a 32-bit chroot (as in option 1), using apt-get (or aptitude or whatever you like) and used a small wrapper and environment variables to run the browser in the 64-bit environment with a linux32 personality (as in option 3).
This turns out to a simple and painless procedure.
First, create an i386 chroot inside of which we will later install iceweasel. This chroot will be much smaller than that of option 1 above, because we won't need to install libraries that are already available from ia32 packages for the amd64 architecture.
You'll need some packages:
sudo apt-get install debootstrap
Choose the root of the chroot and it's handle:
CHROOT="/opt/firefox-chroot"; # The directory of the chroot. CHROOTNAME="firefox"; # The name as listed by schroot -l.
We need these too. You can set them to whatever works for you but the following should set them automatically (as usually, in my HOWTO's, just copy&paste the whole block to your (non-root) shell prompt):
HELPVAR=$(apt-cache policy coreutils | egrep '^[[:space:][:digit:]]*http:' | \
sed -r 's/^[[:space:]]*//;s/[[:space:]]+/,/g' | sort -rn | head -n 1)
SUITE=$(echo "$HELPVAR" | cut -d, -f 3 | sed -e 's%/.*%%')
DEBIANMIRROR=$(grep "^deb $(echo "$HELPVAR" | cut -d, -f 2).*$SUITE" /etc/apt/sources.list | \
sed -r 's/^[[:space:]]*//;s/[[:space:]]+/,/g;s%/,%,%g;s%,%/,%g' | cut -d, -f 2)
echo -e "SUITE = \"$SUITE\"\nDEBIANMIRROR = \"$DEBIANMIRROR\""
This should set $SUITE to something like 'lenny' and $DEBIANMIRROR to something like 'http://ftp.debian.org/debian/'.
If SUITE is 'unstable', 'testing' or 'stable' then debootstrap won't work without providing the current codename. Therefore, try to extract that:
CODENAME=$SUITE if test ! -e /usr/share/debootstrap/scripts/$SUITE; then CODENAME=$(sed -ne 's/^Codename: \([a-z]*\)$/\1/p' /var/lib/apt/lists/$(echo "$DEBIANMIRROR" | sed -e "s%http://*%%;s%/%_%g")dists_"$SUITE"_Release) fi echo "CODENAME = $CODENAME"
Create the new directory and install the base system into it:
sudo mkdir "$CHROOT" sudo debootstrap --arch i386 $SUITE "$CHROOT" $DEBIANMIRROR /usr/share/debootstrap/scripts/$CODENAME
This installs about 180 MB in $CHROOT.
Since we won't run iceweasel inside the chroot, there is no need to do (bind) mounts, or install home directories or whatever— but we still need a few more packages to be installed.
Enter the chroot as root:
sudo chroot "$CHROOT"
Before running apt-get, you might want to fix a few things:
In order to get rid of the message
"WARNING: The following packages cannot be authenticated!",
run the following command:
apt-get update
This will retrieve the missing Release.gpg.
If you want to get rid of the warnings:
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = (unset),
LC_ALL = (unset),
LANG = "en_US.UTF-8"
are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
then run the following commands (this installs an additional 18 MB):
LANG= apt-get install locales
eval `locale 2> /dev/null`
sed -ri 's/^([^#].*)/# \1/;s/^# ('$LC_CTYPE'($| .*))/\1/' /etc/locale.gen
locale-gen
[ If you don't want that, then you can temporarily suppress these messages by doing instead:
eval `LANG= locale`
but you'd need to do that every time you enter the chroot for maintenance. ]
Next, edit /etc/apt/sources.list and add a line
for security updates (as usual, just copy&paste the whole block to
the shell prompt (outside the chroot)):
exit # Leave the chroot if ! grep 'security\.debian\.org' $CHROOT/etc/apt/sources.list; then sudo sh -c 'echo "# Security updates." >> '"$CHROOT"'/etc/apt/sources.list; \ echo "deb http://security.debian.org/ '"$SUITE"'/updates main contrib" >> '"$CHROOT"'/etc/apt/sources.list' fi
Also add contrib and non-free, as we'll need that for
the plugins later on:
sudo sed -ri 's/^(deb '$(echo $DEBIANMIRROR | sed 's/\/$//;s/\([$/.]\)/\\\1/g')' '$SUITE' main)$/\1 contrib non-free/' $CHROOT/etc/apt/sources.list
and update the chroot
sudo chroot $CHROOT apt-get update sudo chroot $CHROOT apt-get dist-upgrade
If you are just creating the chroot for running iceweasel, then you can skip this paragraph. However, I can imagine that some people are using this page to set up a more general chroot, for other purposes; therefore I decided to add this paragraph that describes how to finish the chroot so it can be used in general, just to have all information in one place.
First you'll want to bind mount a few directories. Add the (output of) the following to your /etc/fstab (the real one, not the one in the chroot!).
exit # Leave the chroot cat << EOF # $CHROOTNAME chroot /proc $CHROOT/proc none bind 0 0 /dev $CHROOT/dev none bind 0 0 /tmp $CHROOT/tmp none bind 0 0 /home $CHROOT/home none bind 0 0 EOF
and possibly other directories. Try to avoid any directories that debian installs files in however, or the chroot will overwrite your system files (and vica versa) of course.
WARNING: If you 'rm -rf' the $CHROOT
directory then everything (still) bind mounted will be deleted as well!
A 'bind mount' is not normally visible with 'df', you
will need to do 'df -a' to see it
(I lost my home directory this way, while doing tests in order to write this howto)!
After adding those lines, they are still not mounted until you reboot; so mount them manually this time:
sudo mount $CHROOT/proc sudo mount $CHROOT/dev sudo mount $CHROOT/tmp sudo mount $CHROOT/home
Note that you can also bind mount from the command line without
adding the extra configuration lines to /etc/fstab.
You'll need --rbind for /dev,
because otherwise /dev/pts isn't included. For example,
sudo mount --bind /proc $CHROOT/proc sudo mount --rbind /dev $CHROOT/dev sudo mount --bind /tmp $CHROOT/tmp
You'll want to use schroot to switch to the
chroot as a normal user:
sudo apt-get install schroot
Finally, fix your /etc/schroot/schroot.conf and possibly
setup a little wrapper and symlinks as is described in
Running applications inside a chroot using schroot.
Okay, back to installing iceweasel.
Enter the chroot and install iceweasel (this drags in another 130 MB)
and fix /usr/lib/iceweasel/iceweasel not to be anal about
where it's installed:
sudo chroot $CHROOT apt-get --yes install libgconf2-4 apt-get --yes install iceweasel sed -i 's/^MOZ_DIST_BIN=.*/MOZ_DIST_BIN="$(dirname $0)"/' /usr/lib/iceweasel/iceweasel
Leave the chroot and install some needed libraries:
exit # Leave the chroot sudo apt-get install ia32-libs-gtk
Installing iceweasel already dragged in so many libraries into
the chroot, that ia32-libs-gtk is only really need for
/usr/lib/gtk-2.0/2.10.0/engines/libclearlooks.so.
I can imagine that it's possible to remove (a lot of) libraries
from the chroot because they are already installed as some ia32
package in your amd64 environment, but at this moment I'm too
lazy to look into that (for the few cents worth of diskspace).
Next, create the wrapper to start iceweasel;
for example, create a file /usr/local/bin/firefox as follows:
sudo sh -c 'cat > /usr/local/bin/firefox << EOF #!/bin/sh export GTK_PATH="/usr/lib32/gtk-2.0" CHROOT="'$CHROOT'" export LD_LIBRARY_PATH="/lib32:/usr/lib32:\$CHROOT/lib:\$CHROOT/usr/lib" linux32 "\$CHROOT/usr/lib/iceweasel/iceweasel" "\$@" EOF' sudo chmod +x /usr/local/bin/firefox
This should create a file with content like the following:
#!/bin/sh export GTK_PATH="/usr/lib32/gtk-2.0" CHROOT="/opt2/firefox-chroot" export LD_LIBRARY_PATH="/lib32:/usr/lib32:$CHROOT/lib:$CHROOT/usr/lib" linux32 "$CHROOT/usr/lib/iceweasel/iceweasel" "$@"
At this point everything should work except plugins: It's using your
normal home directory, and thus ~/.mozilla and thus your
bookmarks, preferences, cookies, passwords etc. Also anti-aliasing should
work fine already at this point, as well as "File Type / Download Actions"
(Preferences -> Content -> File Types, Manage...), which will run
your external applications as 64-bit applications now.
Note that the wrapper sets LD_LIBRARY_PATH to both,
[/usr]/lib32 as well as $CHROOT[/usr]/lib,
both containing 32-bit libraries. The latter are needed because
not all needed 32-bit libraries are provided by ia32-libs
and ia32-libs-gtk. But why prepend the path with
the lib32 ones? Surely every needed 32-bit library could be installed
in the chroot? The reason for this is that some of the libraries
contain hardcoded paths, or should I say, one library contains
a hardcoded path... $CHROOT/usr/lib/libgdk_pixbuf-2.0.so.0
contains the hardcoded path /usr/lib/gtk-2.0/2.10.0/loaders.
This causes it to read the files in /usr/lib/gtk-2.0/2.10.0/loader-files.d,
which contain libraries paths in /usr/lib, 64-bit libraries.
Therefore it is needed to load libraries from /usr/lib32
before $CHROOT/usr/lib.
Installing plugins, which are loaded when the browser is already running, should be easy. The only remaining problem might be hard-coded paths for externally run programs (like java_vm). Flash should not give any problems, so lets start with that.
Fonts
Flash applications often use Microsoft core fonts, and simply don't display any text if you don't have them (which can be very confusing). Therefore, you better install them as well (in the amd64 root):
sudo apt-get install msttcorefonts
After you installed the plugin, you can test if that worked
here. Besides TEXT1,
TEXT2 and TEXT3, you should see a
TEXT4.
The whole point of the chroot is to make it easy to install and update the plugins. So, just enter the chroot and install the plugin the debian way:
sudo chroot $CHROOT apt-get install flashplugin-nonfree
Unfortunately the debian "maintainers" decided to remove this plugin from debian as of lenny. The plugin is now only available if you're using etch or when you're using unstable. See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457291 for their reasons.
If the above didn't work then you'll have to use the package from unstable (codename: sid). Once lenny has become stable, and you are using stable you should use the backport (see below).
If you're using testing— then you might want to create the backport yourself, because backports.org is for 'stable', following the instructions below (adapted from 6.4.10 Port a package to the stable system from the debian reference manual). However, you might want to try to just use the 'stable' backport (hoping your libs are compatible; what they usually should be because 'testing' is newer than 'stable').
In order to compile the backport yourself do the following:
exit # Leave chroot if ! grep '^deb-src.*unstable' $CHROOT/etc/apt/sources.list; then sudo sh -c 'echo "# Sources from unstable." >> '"$CHROOT"'/etc/apt/sources.list; \ echo "deb-src '"$DEBIANMIRROR"' unstable main contrib non-free" >> '"$CHROOT"'/etc/apt/sources.list' fi sudo chroot $CHROOT apt-get update apt-get --yes install build-essential fakeroot devscripts debhelper; # Installs 65 MB. cd /usr/src mkdir flashplugin-nonfree cd flashplugin-nonfree apt-get source flashplugin-nonfree cd flashplugin-nonfree-* apt-get --yes build-dep flashplugin-nonfree dpkg-buildpackage -rfakeroot -us -uc dpkg -i ../flashplugin-nonfree_*_i386.deb apt-get purge build-essential fakeroot devscripts debhelper apt-get autoremove; # Free 65 MB again. cd /usr/src rm -rf flashplugin-nonfree
A disadvantage of this method is that it won't upgrade flash when a new release is available.
In order to use backports.org do the following (adapted from here). I'd urge you to use pinning so that upgrading later on will be automatic.
exit # Leave chroot STABLECODENAME=etch; # Change this if needed! if ! grep '^deb http://www\.backports\.org' $CHROOT/etc/apt/sources.list; then sudo sh -c 'echo "# Stable backports." >> '"$CHROOT"'/etc/apt/sources.list; \ echo "deb http://www.backports.org/debian '"$STABLECODENAME"'-backports main contrib non-free" >> '"$CHROOT"'/etc/apt/sources.list' fi sudo chroot $CHROOT apt-get update wget -O - http://backports.org/debian/archive.key | apt-key add - exit sudo chroot $CHROOT apt-get --yes --force-yes -t '"$STABLECODENAME"'-backports install flashplugin-nonfree
Since the support from debian is basically gone,
you might also opt for the alternative to download
the flashplayer from Adobe yourself and simply drop
it in ~/.mozilla/plugins/libflashplayer.so.
Note that flash player 9.0 r115 (which you will get if
you download it now) and later have stricter policy files
which can cause your client to not be able to connect anymore to
certain servers. See for example here and
Adobes article on the matter.
Version 9.0 r48 and r31 work fine for me. You can obtain the version of your
current libflashplayer.so with:
strings $CHROOT/usr/lib/iceweasel/plugins/libflashplayer.so | grep -e "^Shockwave Flash [.\d+]*" | sed -e "s/Shockwave Flash //g"
The version is also visible in about:plugins
Download install_flash_player_9_linux.tar.gz
from http://www.adobe.com/ and save and extract the tar-ball,
change directory to the extracted content and run as non-root:
linux32 ./flashplayer-installer
to install the plugin in ~/.mozilla/plugins, or run as root
to install system wide (the wrapper must be system wide too then, of course).
In the latter case enter <CHROOT>/usr/lib/iceweasel as
browser directory, where you should replace <CHROOT>
with the value of your $CHROOT.
Finally, you want to test it of course. Try this cool site.
I wasted two days trying to get acroread to work, but it's broken. Seriously, this is not incompetence; Adobe's acrobat reader really sucks.
Fortunately, there is an open source alternative and that means that if that doesn't work, we can fix it!
Firstly install mozplugger in the firefox chroot,
and evince on your amd64:
sudo chroot $CHROOT apt-get --yes install mozplugger sudo apt-get install evince
This should immediately allow you to watch movies inside the browser
(provided you have mplayer installed in your amd64 environment); try
to open some .avi from your harddisk with the browser. Also have a look
at about:plugins again. Wait, ... watching PDF and postscript
works too. It just all works! I love open source.
More closed source... Yes, java is open source these days, but the plugin isn't: Sun refuses to release a 64-bit plugin for java, and when that was really open source, it would have been ported long ago.
The following commands will make java work:
sudo chroot $CHROOT apt-get --yes install libnss-mdns export LD_LIBRARY_PATH=/usr/lib/jvm/java-6-sun/jre/lib/i386/jli apt-get --yes --force-yes install sun-java6-bin
The export is needed as work around for bug #435293
in the Debian bug tracking system. The package libnss-mdns
is needed because otherwise java just hangs firefox with 100% cpu
usage. You don't want to know what I all needed to do to find that
THAT was needed! Unfortunately, I still don't know WHY it is needed,
rather unsatisfactory.
Finally, we need:
exit # Leave chroot sudo update-alternatives --install /usr/lib/mozilla-firefox/plugins/libjavaplugin.so firefox-javaplugin.so $CHROOT/usr/lib/jvm/java-6-sun/jre/plugin/i386/ns7/libjavaplugin_oji.so 100 sudo update-alternatives --set firefox-javaplugin.so $CHROOT/usr/lib/jvm/java-6-sun/jre/plugin/i386/ns7/libjavaplugin_oji.so
The first update-alternatives command (see man update-alternatives) creates (or appends to)
a group firefox-javaplugin.so with generic name /usr/lib/mozilla-firefox/plugins/libjavaplugin.so
and possible value $CHROOT/usr/lib/jvm/java-6-sun/jre/plugin/i386/ns7/libjavaplugin_oji.so.
The group is created in automatic mode, using the (arbitrarily chosen) priority 100. The second
update-alternatives command sets the group in manual mode and permanently links it to
the given value. In effect, the result is that a symbolic link /usr/lib/mozilla-firefox/plugins/libjavaplugin.so
points to /etc/alternatives/firefox-javaplugin.so which in turn points to
$CHROOT/usr/lib/jvm/java-6-sun/jre/plugin/i386/ns7/libjavaplugin_oji.so.
So why is this needed? Well, when run, iceweasel tries to load
all shared libraries in $CHROOT/usr/lib/mozilla-firefox/plugins,
the installation of sun-java6-bin in the chroot created an alternative
with the name /usr/lib/mozilla-firefox/plugins in the chroot that points to
/etc/alternatives/firefox-javaplugin.so, exactly as we just did thus (and
even if it didn't do that; firefox simply loads everything from /usr/lib/mozilla-firefox/plugins
in the amd64 root!).
Therefore, either by reading the link $CHROOT/usr/lib/mozilla-firefox/plugins or
by reading a hardcoded path /usr/lib/mozilla-firefox/plugins, it
is refered to /etc/alternatives/firefox-javaplugin.so in the amd64 root!
Hence, we need to add this alternative/symlink and point it back to the correct shared library
in the chroot. There is a minor problem with this however. Suppose one day you run 'apt-get update & apt-get upgrade'
in the chroot, and it changes the symbolic link— then our manually added link will
not change along and java will simply not work anymore. In that case you will have to update
this alternative manually. It is unlikely that it will change however: the name of the package
is sun-java6-bin, containing the '6', so at most the 'ns7' part might change one day
to 'ns8'?
The most up to date version of this HOWTO can be found on my home page, together with more debian related HOWTO's from myself.
Regards, Carlo Wood
This article can be found online at the Debian Administration website at the following bookmarkable URL (along with associated comments):
This article is copyright 2008 CarloWood - please ask for permission to republish or translate.