Hi, since firefox 95 one can use a 'wasi sysroot' to sandbox some external libraries bundled within firefox (eg Graphite, Hunspell, Ogg, Expat and Woff2) by building them first from C/C++ to wasm then to C via wasm2c.
All this plumbing is supposed to bring better 'sandboxing' to those libraries, as explained in the below links: https://hacks.mozilla.org/2019/03/standardizing-wasi-a-webassembly-system-interface/ https://hacks.mozilla.org/2020/02/securing-firefox-with-webassembly/ https://hacks.mozilla.org/2021/12/webassembly-and-back-again-fine-grained-sandboxing-in-firefox-95/ to achieve that, i had to wrap up 4 ports on top of llvm 13.0.0 bits: wasi-libc, wasi-libcxx, wasi-libcxxabi & wasi-compiler-rt. I've settled for the same version we use for devel/llvm, without any patches, and so far only tested it on amd64. with those 4 ports installed, and the below diff, i have a build of firefox 100.0b6 that runs here, no idea how to test differences in runtime though. -CONFIGURE_ARGS += --without-wasm-sandboxed-libraries +CONFIGURE_ARGS += --with-wasi-sysroot=${LOCALBASE}/share/wasi-sysroot feedback on the 4 ports (unpack in lang/) much welcome, i dunno how i could improve the layout (eg build a single port once for libcxx/libcxxabi is how other oses do)... so more eyes needed :) the DISTFILES hack (and move source dirs around) are ugly but all those llvm-based ports sadly require the full llvm source tree to build, ideas on how to improve that are welcome. For build options and layout, i've taken inspiration from what freebsd, alpine linux, archlinux and pkgsrc did. Thanks to them :) https://git.alpinelinux.org/aports/tree/community/wasi-compiler-rt/APKBUILD https://git.alpinelinux.org/aports/tree/community/wasi-libcxx/APKBUILD https://reviews.freebsd.org/D22960 http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/lang/wasi-compiler-rt/Makefile http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/lang/wasi-libcxx/Makefile https://cgit.freebsd.org/ports/tree/devel/wasi-libc/Makefile https://cgit.freebsd.org/ports/tree/devel/wasi-libcxx/Makefile https://github.com/archlinux/svntogit-community/blob/packages/wasi-compiler-rt/trunk/PKGBUILD Landry
wasi-sdk.tgz
Description: application/tar-gz
