Difference between revisions of "Chromium/Tips and tricks"
(→Adding CAcert Certificates for Self-Signed Certificates) |
(→Adding CAcert Certificates for Self-Signed Certificates) |
||
| Line 105: | Line 105: | ||
==== Adding CAcert Certificates for Self-Signed Certificates ==== | ==== Adding CAcert Certificates for Self-Signed Certificates ==== | ||
Grab the CAcerts and create a nssdb if one does not already exist. To do this, first install the {{Pkg|nss}} package, then complete these steps: | Grab the CAcerts and create a nssdb if one does not already exist. To do this, first install the {{Pkg|nss}} package, then complete these steps: | ||
| − | + | {{bc|<nowiki>[[ ! -e $HOME/.pki/nssdb ]] && mkdir -p $HOME/.pki/nssdb && cd $HOME/.pki/nssdb && certutil -N -d sql:.</nowiki>}} | |
| − | + | {{Note|Users will need to create a password for the database should it not exist.}} | |
| − | + | ||
| − | + | {{bc|<nowiki>curl -k -o "cacert-root.crt" "http://www.cacert.org/certs/root.crt" | |
| − | + | curl -k -o "cacert-class3.crt" "http://www.cacert.org/certs/class3.crt" | |
| + | certutil -d sql:$HOME/.pki/nssdb -A -t TC -n "CAcert.org" -i cacert-root.crt | ||
| + | certutil -d sql:$HOME/.pki/nssdb -A -t TC -n "CAcert.org Class 3" -i cacert-class3.crt | ||
| + | </nowiki>}} | ||
{{Note|Users will need to create a password for the database should it not exist.}} | {{Note|Users will need to create a password for the database should it not exist.}} | ||
| + | |||
| + | Now users may manually import a self-signed certificate. | ||
| + | ===== Example: TomatoUSB ===== | ||
| + | Use the following script to export the TomatoUSB's certificate and import it to the nssdb. | ||
| + | |||
| + | #!/bin/sh | ||
| + | # | ||
| + | # usage: import-cert.sh remote.host.name [port] | ||
| + | # | ||
| + | REMHOST=$1 | ||
| + | REMPORT=${2:-443} | ||
| + | exec 6>&1 | ||
| + | exec > $REMHOST | ||
| + | echo | openssl s_client -connect ${REMHOST}:${REMPORT} 2>&1 |sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | ||
| + | certutil -d sql | ||
Revision as of 05:25, 5 January 2013
zh-CN:Chromium Tips and Tweaks Template:Article summary start Template:Article summary text Template:Article summary heading Template:Article summary wiki Template:Article summary wiki Template:Article summary end
Browsing experience
about:xxx
A number of tweaks can be accessed via typing about:xxx in the URL field. A complete list is available by typing about:chrome-urls into the URL field. Some of note are listed below:
- about:flags - access experimental features such as WebGL and rendering webpages with GPU, etc.
- about:plugins - view, enable and disable the currently used Chromium plugins.
- about:gpu-internals - status of different GPU options.
- about:sandbox - indicate sandbox status.
- about:version - display version and switches used to invoke the active
/usr/bin/chromium.
An automatically updated, complete listing of Chromium switches is available here.
Broken icons in Download Tab
If Chromium shows icon placeholders (icons representing broken documents) instead of appropriate icons in its download tab, the likely cause is that the gnome-icon-theme package is not installed.
Chromium overrides/overwrites Preferences file
If you enabled syncing with a Google Account, then Chromium will tend to override any edits made by hand to the Preferences file found under $HOME/.config/google-chrome/Default/Preferences. To work around this, start Chromium with the --disable-sync-preferences switch:
$ chromium --disable-sync-preferences
If Chromium is started in the background when you login to your desktop environment, make sure the command your desktop environment uses is
$ chromium --disable-sync-preferences --no-startup-window
Memory usage
Chromium offers some command-line options to help control how efficient it is with system memory, by determining how often it should release memory back to the operating system. It is done with the flag --memory-model=X, where X is one of the following:
- high - Never voluntarily relinquish memory.
- medium - Voluntarily reduce working set when switching tabs.
- low - Voluntarily reduce working set when switching tabs and also when the browser is not actively being used.
It is also possible to manually force Chromium to purge its memory. The flag --purge-memory-button enables a button in the task manager (available in Tools > Task Manager, or by pressing Template:Keypress) to do this.
Scroll speed of mouse wheel
Adjust the scroll speed of the wheel mouse via the --scroll-pixels=X switch:
$ chromium --scroll-pixels=200
Search Engines
Make sites like wiki.archlinux.org and wikipedia.org easily searchable by first executing a search on those pages, then going to Settings > Search and click the Manage search engines.. button. From there, "Edit" the Wikipedia entry and change its keyword to "w" (or some other shortcut you prefer). Now searching Wikipedia for "Arch Linux" from the address bar is done simply by entering "w arch linux".
Tmpfs
Cache in tmpfs
To limit Chromium from writing its cache to a physical disk, one can define an alternative location via the --disk-cache-dir=/foo/bar flag:
$ chromium --disk-cache-dir=/tmp/cache
Cache should be considered temporary and will not be saved after a reboot or hard lock.
Alternative way, in /etc/fstab:
tmpfs /home/<USER>/.cache tmpfs noatime,nodev,nosuid,size=400M 0 0
Profile in tmpfs
Relocate the browser profile to a tmpfs filesystem, including /tmp, or /dev/shm for improvements in application response as the entire profile is now stored in RAM.
Use an active management script for maximal reliability and ease of use. Several are available from the AUR:
- profile-sync-daemonAUR - symlinks and syncs browser profile directories to RAM. Refer to the Profile-sync-daemon wiki article for additional information on it.
- chromium-tmpfsAUR - a similar utility which has been deprecated by its author, who recommends using profile-sync-daemonAUR or user-profile-sync-daemon-gitAUR in its place.
Profile Maintenance
Chromium uses Sqlite databases to manage history and the like. Sqlite databases become fragmented over time and empty spaces appear all around. But, since there are no managing processes checking and optimizing the database, these factors eventually result in a performance hit. A good way to improve startup and some other bookmarks and history related tasks is to defragment and trim unused space from these databases.
profile-cleanerAUR in the AUR does just this.
Security
Run in a Sandbox
Run chromium in a sandbox for added security:
$ chromium --enable-seccomp-sandbox
User Agent
By default Chromium already sends an excessively detailed User Agent, as is viewable via the EFF's Panopticlick test. That alone makes each browser readily identifiable with high accuracy — and is further exacerbated by the use of non-stable versions, ones not recently provided by Google's release channels, ones customized e.g. by a distribution (such as the AUR's chromium-browser-ppaAUR), etc.
However, this User Agent can be arbitrarily modified at the start of Chromium's base instance via its --user-agent="[string]" parameter.
For the same User Agent as the stable Chrome release for Linux i686 (at the time of writing the most popular Linux edition of Chrome) one would use:
--user-agent="Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11"
An official, automatically updated listing of Chromium releases which also shows the included WebKit version is available as the OmahaProxy Viewer.
Making it all persistent
Add to ~/.profile:
export CHROMIUM_USER_FLAGS="--disk-cache-dir=/tmp --disk-cache-size=50000000"
Or add op to /etc/chromium/default
# Default settings for chromium. This file is sourced by /usr/bin/chromium # Options to pass to chromium CHROMIUM_FLAGS=" --scroll-pixels=200 "
SSL Certificates
Unfortunately, Chromium doesn't have a SSL certificate manager. It relies on the NSS Shared DB {ic|~/.pki.nssdb). In order to add SSL certificates to the database, users will have to use the shell.
Adding CAcert Certificates for Self-Signed Certificates
Grab the CAcerts and create a nssdb if one does not already exist. To do this, first install the nss package, then complete these steps:
[[ ! -e $HOME/.pki/nssdb ]] && mkdir -p $HOME/.pki/nssdb && cd $HOME/.pki/nssdb && certutil -N -d sql:.
curl -k -o "cacert-root.crt" "http://www.cacert.org/certs/root.crt" curl -k -o "cacert-class3.crt" "http://www.cacert.org/certs/class3.crt" certutil -d sql:$HOME/.pki/nssdb -A -t TC -n "CAcert.org" -i cacert-root.crt certutil -d sql:$HOME/.pki/nssdb -A -t TC -n "CAcert.org Class 3" -i cacert-class3.crt
Now users may manually import a self-signed certificate.
Example: TomatoUSB
Use the following script to export the TomatoUSB's certificate and import it to the nssdb.
#!/bin/sh
#
# usage: import-cert.sh remote.host.name [port]
#
REMHOST=$1
REMPORT=${2:-443}
exec 6>&1
exec > $REMHOST
echo | openssl s_client -connect ${REMHOST}:${REMPORT} 2>&1 |sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'
certutil -d sql