ungoogled-chromium-bin Archimage

[brunoalvieira]

I have constant difficulties keeping Ungoogled Chromium up to date on Ubuntu 20.04.6 as it is not well supported in the DEB base (where the classic appimages are generated), with clickot updating the minimum requirements to 22.04 and Maramduke being inconsistent on the Linux support; even flatpak doesn't have the same pace of updates.

That said, I realized that Arch has the best support for the browser and I tried to generate an appimage using its script, which is attached, but the generated file (https://archive.org/download/appimage-collection/%28HELP%29%20Chromium_115.0.5790.102-x86_64.AppImage) doesn't run, asking for help to understand what went wrong and to be able to improve it.

I thank you for your attention. ungoogled-chromium-bin-junest.sh.zip

[ivan-hc]

hi, this is not just a probmel with your ungoogled chromium, but with all web browsers using this method.

Archimages use "proot" and some parts need to be "binded" in the AppRun, for example, the default in my scripts is this:

$HERE/.local/share/junest/bin/junest proot -n -b "--bind=/home --bind=/home/$(echo $USER) --bind=/media --bind=/mnt --bind=/opt --bind=/usr/lib/locale --bind=/etc/fonts" 2> /dev/null -- BINARY "$@"

I still haven't figured out how we could do it either, yet applications like VLC and MPV can easily read network streams.

I think we should ask @fsquillace , the developer of JuNest, about using web browsers in JuNest in proot mode.

Have you tried to use it in JuNest in proot mode?

[brunoalvieira]

I did tests with Audacity with FFmpeg and Gparted and they didn't work either, probably for the same reason (but Audacity without optional dependencies worked).

I don't have much experience with Arch and I'm discovering it a little more thanks to this initiative and my intention is just to generate updated appimages of the apps I use, so I didn't test the JuNest project very deeply.

[ivan-hc]

The only thing I suggest is to check what is wrong in the AppRun, see what is missing among the paths you can mount (using --bind=)

[ivan-hc]

By playing around this issue, I have found that browsers in JuNest only work in normal mode.

There are three modes with wich we can use Junest, ie:

• normal mode, using namespaces;
• proot that mades apps portable (the default one used in ArchImages);
• chroot, for privileged users.

I have already faced the portability issue by starting this project, see https://github.com/ivan-hc/ArchImage/issues/1

However, if we found a way to use AppImages in normal mode and made them portable, we should have life easier. It is difficult, but still possible. We only have to find a solution for this.

Are you using Github actions? You should change the line 104 from...

$HERE/.local/share/junest/bin/junest proot -n -b "--bind=/home --bind=/home/$(echo $USER) --bind=/media --bind=/mnt --bind=/opt --bind=/usr/lib/locale --bind=/usr/lib/x86_64-linux-gnu/dri --bind=/usr/lib/dri --bind=/usr/share --bind=/etc/fonts" 2> /dev/null -- BINARY "$@"

...to...

$HERE/.local/share/junest/bin/junest ns  -- BINARY "$@"

optionally use the option -b to mount external partitions as described in https://github.com/fsquillace/junest/issues/253

Since I solved the first issue of this project I've no more tested archimages in normal mode.

[ivan-hc]

SPOILER: the problem is still the same (here I rebundled OBS Studio):

/tmp/.mount_OBS_St9PolfV/.junest/usr/bin/cp: impossible to remove '/tmp/.mount_OBS_St9PolfV/.junest//etc/host.conf': Read-only file system
rm: impossible to remove '[': Read-only file system

So, no way to run browsers at the moment.

However, I keep wondering how my JuNest-based ArchImages MPV and VLC do read network streams instead.

[brunoalvieira]

In fact, I experienced a similar problem:

/home/ubuntu-mate/Documentos/squashfs-root/.junest/usr/bin/bwrap: error while loading shared libraries: /home/ubuntu-mate/Documentos/squashfs-root/.junest/usr/bin/bwrap: cannot open shared object file: No such file or directory Error: Something went wrong while executing bwrap command. Exiting

Anyway, I will continue to follow the evolution of the project and contribute with the information I can. Thank you for now.

[ivan-hc]

UPDATE: I was able to run chromium in proot with the flag "--no-sandbox"

./.local/share/junest/bin/junest proot -n -b "--bind=/home --bind=/home/$(echo $USER) --bind=/media --bind=/mnt --bind=/opt --bind=/usr/lib/locale --bind=/etc/fonts" -- chromium --no-sandbox

NOTE: this is only a workaround, not a solution

[ivan-hc]

Also Firefox works (never tried, I trusted the test of another user asking the same).

OK, now I think that it can be related to the chromium sandbox that requires root privileges.

In the past I tried to run nyxt browser this way, maybe I was too newbie about the use of that browser, so I left.

[ivan-hc]

With this doesn't starts

ivan@debian:~$ ./.local/share/junest/bin/junest proot -n -- chromium
[0726/022558.766353:ERROR:elf_image_reader.cc(677)] no dynamic segment
[25989:25989:0100/000000.814197:ERROR:zygote_linux.cc(661)] write: Broken pipe (32)

Nor with this (-f is used in proot to run programs as root), but gives a suggestion about the flag --no-sandbox

ivan@debian:~$ ./.local/share/junest/bin/junest proot -f -n -- chromium
[26009:26009:0726/022608.987413:ERROR:zygote_host_impl_linux.cc(100)] Running as root without --no-sandbox is not supported. See https://crbug.com/638180.

With/without -f but with the flag --no-sandbox the browser works! Here without -f

ivan@debian:~$ ./.local/share/junest/bin/junest proot -n -- chromium --no-sandbox
[26153:26167:0726/022711.474078:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/dbus/system_bus_socket: No such file or directory
Gtk-Message: 02:27:11.496: Failed to load module "xapp-gtk3-module"
[26153:26172:0726/022711.527556:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/dbus/system_bus_socket: No such file or directory
[26153:26172:0726/022711.527620:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/dbus/system_bus_socket: No such file or directory
libva error: vaGetDriverNameByIndex() failed with unknown libva error, driver_name = (null)
[26180:26180:0726/022711.601505:ERROR:viz_main_impl.cc(186)] Exiting GPU process due to errors during initialization
[26153:26153:0726/022711.607308:ERROR:chrome_browser_cloud_management_controller.cc(162)] Cloud management controller initialization aborted as CBCM is not enabled.
[26153:26153:0726/022711.670358:ERROR:object_proxy.cc(590)] Failed to call method: org.freedesktop.portal.Settings.Read: object_path= /org/freedesktop/portal/desktop: org.freedesktop.DBus.Error.ServiceUnknown: The name org.freedesktop.portal.Desktop was not provided by any .service files
[26153:26260:0726/022711.682605:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/dbus/system_bus_socket: No such file or directory
[26153:26260:0726/022711.682652:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/dbus/system_bus_socket: No such file or directory
[26153:26260:0726/022711.682736:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/dbus/system_bus_socket: No such file or directory
[26153:26260:0726/022711.682782:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/dbus/system_bus_socket: No such file or directory
[26153:26260:0726/022711.682833:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/dbus/system_bus_socket: No such file or directory
libva error: vaGetDriverNameByIndex() failed with unknown libva error, driver_name = (null)
[26259:26259:0726/022711.740462:ERROR:viz_main_impl.cc(186)] Exiting GPU process due to errors during initialization
libva error: vaGetDriverNameByIndex() failed with unknown libva error, driver_name = (null)
[26242:26255:0726/022711.786466:ERROR:command_buffer_proxy_impl.cc(128)] ContextResult::kTransientFailure: Failed to send GpuControl.CreateCommandBuffer.

and here with -f

ivan@debian:~$ ./.local/share/junest/bin/junest proot -f -n -- chromium --no-sandbox
[26367:26380:0726/022724.918625:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/dbus/system_bus_socket: No such file or directory
Gtk-Message: 02:27:24.954: Failed to load module "xapp-gtk3-module"
[26367:26386:0726/022725.008122:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/dbus/system_bus_socket: No such file or directory
[26367:26386:0726/022725.008189:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/dbus/system_bus_socket: No such file or directory
[26367:26380:0726/022725.010139:ERROR:bus.cc(399)] Failed to connect to the bus: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.
[26367:26380:0726/022725.011747:ERROR:bus.cc(399)] Failed to connect to the bus: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.
[26367:26380:0726/022725.011942:ERROR:bus.cc(399)] Failed to connect to the bus: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.
[26367:26380:0726/022725.012134:ERROR:bus.cc(399)] Failed to connect to the bus: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.
[26367:26367:0726/022725.019947:ERROR:chrome_browser_cloud_management_controller.cc(162)] Cloud management controller initialization aborted as CBCM is not enabled.
[26367:26380:0726/022725.045395:ERROR:bus.cc(399)] Failed to connect to the bus: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.
[26367:26380:0726/022725.045622:ERROR:bus.cc(399)] Failed to connect to the bus: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.

(chromium:26367): dbind-WARNING **: 02:27:25.055: Couldn't register with accessibility bus: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.
[26367:26380:0726/022725.065168:ERROR:bus.cc(399)] Failed to connect to the bus: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.
[26367:26380:0726/022725.065389:ERROR:bus.cc(399)] Failed to connect to the bus: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.
[26367:26367:0726/022725.116725:ERROR:object_proxy.cc(590)] Failed to call method: org.freedesktop.portal.Settings.Read: object_path= /org/freedesktop/portal/desktop: unknown error type: 
libva error: vaGetDriverNameByIndex() failed with unknown libva error, driver_name = (null)
[26395:26395:0726/022725.119320:ERROR:viz_main_impl.cc(186)] Exiting GPU process due to errors during initialization
[26367:26473:0726/022725.162866:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/dbus/system_bus_socket: No such file or directory
[26367:26473:0726/022725.162927:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/dbus/system_bus_socket: No such file or directory
[26367:26473:0726/022725.162980:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/dbus/system_bus_socket: No such file or directory
[26367:26473:0726/022725.163029:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/dbus/system_bus_socket: No such file or directory
[26367:26473:0726/022725.163078:ERROR:bus.cc(399)] Failed to connect to the bus: Failed to connect to socket /run/dbus/system_bus_socket: No such file or directory
libva error: vaGetDriverNameByIndex() failed with unknown libva error, driver_name = (null)
[26474:26474:0726/022725.232401:ERROR:viz_main_impl.cc(186)] Exiting GPU process due to errors during initialization
libva error: vaGetDriverNameByIndex() failed with unknown libva error, driver_name = (null)
[26451:26464:0726/022725.267354:ERROR:command_buffer_proxy_impl.cc(128)] ContextResult::kTransientFailure: Failed to send GpuControl.CreateCommandBuffer.

Tested YouTube, video/audio works as expected.

[ivan-hc]

Also google-chrome works this way (--no-sandbox flag).

So the issue is with Chromium-based browsers and their sandbox.

You should get more info on how to disable this check.

[ivan-hc]

@brunoalvieira no way to work with default chrome-sandbox, however running these applications in proot mode is like we already run them into a sort of sandbox, being proot a portable solution that uses QEMU (so there is not a deep contact with host's components, if not specified).

All we can do is to use the --no-sandbox flag using chromium-based browsers and apps.

Additionally we can add --test-type to hide the warn when launching the browser.

This is what I have tested with Chromium:

./.local/share/junest/bin/junest proot -n -- chromium --no-sandbox --test-type 2> /dev/null

To do so, you should add "--no-sandbox --test-type 2> /dev/null" manually at line 188, this way

$HERE/.local/share/junest/bin/junest proot -n -b "--bind=/home --bind=/home/$(echo $USER) --bind=/media --bind=/mnt --bind=/opt --bind=/usr/lib/locale --bind=/etc/fonts" 2> /dev/null -- BINARY --no-sandbox --test-type 2> /dev/null "$@"

I think we can mark this as solved.

[ivan-hc]

@brunoalvieira I've successfully built Chromium ArchImage using this script

https://github.com/ivan-hc/Chromium-Web-Browser-appimage/blob/main/chromium-junest.sh

The result is a 200 MB Appimage that works using the flag "--no-sandbox -test-type" (the latter is needed to hide the first).

Note, add "ca-certificates" among the dependences and include "certificates" $BINSAVED, $SHARESAVED and $LIBSAVED to be able to connect to the internet.

Also add alsa, jack, pipewire and pulse in $LIBSAVED to enable audio.

"ca-certificates" and audio-related keywords will be optionally added in the next version of the main CLI.