GNU bug report logs - #28004
Chromium

Previous Next

Package: guix-patches;

Reported by: Marius Bakke <mbakke <at> fastmail.com>

Date: Mon, 7 Aug 2017 20:00:01 UTC

Severity: normal

Done: Marius Bakke <mbakke <at> fastmail.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: ng0 <ng0 <at> n0.is>
To: Marius Bakke <mbakke <at> fastmail.com>
Cc: 28004 <at> debbugs.gnu.org, ng0 <ng0 <at> n0.is>
Subject: [bug#28004] Chromium
Date: Sat, 13 Jan 2018 19:02:35 +0000

[Message part 1 (text/plain, inline)]
I just got a bug report for the build via:

guix pull --url="https://c.n0.is/git/ng0/guix/guix.git" --branch="pretest/chromium"
guix package --install chromium

Failing with the attached build log excerpt. We are not FreeBSD, but I found
this in the first 5 minutes: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=160935
Maybe it helps to debug this, or maybe you've encountered this before.

I myself have been able to build this without issues on two systems.

All mentioned systems are GuixSD.


This should be a blocker, but maybe a head-up in potential build issues.
Marius Bakke transcribed 4.5K bytes:
> ng0 <ng0 <at> n0.is> writes:
> 
> > Many thanks for your ongoing work with this (and the patience :))
> > As this is 63, you you are keeping track of Debian, right? I tried
> > to package 64 a couple of days ago because I wanted the workaround
> > for some of the recent security clusterfucks, but Debian is still
> > on 63 :/
> > I hope they'll update their patchset soon.
> 
> Indeed Google did not add the Spectre mitigation to Chromium 63, even
> though the latest version was released after the fact.
> 
> https://xlab.tencent.com/special/spectre/spectre_check.html
> 
> For reasons that beat me, they only added it to the proprietary Chrome
> browser, which follows the same version number as Chromium.
> 
> The attached patch adds Spectre mitigation to the current Chromium
> release.  The patch was pulled from the Chrome 64 branch:
> 

> From b011b57f357af97f3a003a3b1c481fc8bd2b869c Mon Sep 17 00:00:00 2001
> From: Marius Bakke <mbakke <at> fastmail.com>
> Date: Thu, 11 Jan 2018 14:36:47 +0100
> Subject: [PATCH] gnu: chromium: Add spectre mitigation.
> 
> * gnu/packages/patches/chromium-spectre-mitigation.patch: New file.
> * gnu/local.mk (dist_patch_DATA): Register it.
> * gnu/packages/chromium.scm (chromium)[source]: Use it.
> ---
>  gnu/local.mk                                           |  1 +
>  gnu/packages/chromium.scm                              |  3 ++-
>  gnu/packages/patches/chromium-spectre-mitigation.patch | 13 +++++++++++++
>  3 files changed, 16 insertions(+), 1 deletion(-)
>  create mode 100644 gnu/packages/patches/chromium-spectre-mitigation.patch
> 
> diff --git a/gnu/local.mk b/gnu/local.mk
> index 513f64043..89dab227c 100644
> --- a/gnu/local.mk
> +++ b/gnu/local.mk
> @@ -575,6 +575,7 @@ dist_patch_DATA =						\
>    %D%/packages/patches/ceph-skip-collect-sys-info-test.patch	\
>    %D%/packages/patches/ceph-skip-unittest_blockdev.patch	\
>    %D%/packages/patches/chmlib-inttypes.patch			\
> +  %D%/packages/patches/chromium-spectre-mitigation.patch	\
>    %D%/packages/patches/clang-libc-search-path.patch		\
>    %D%/packages/patches/clang-3.8-libc-search-path.patch		\
>    %D%/packages/patches/clementine-use-openssl.patch		\
> diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm
> index dd040527b..1e9dba42e 100644
> --- a/gnu/packages/chromium.scm
> +++ b/gnu/packages/chromium.scm
> @@ -240,7 +240,8 @@
>                               %chromium-system-icu.patch
>                               %chromium-system-nspr.patch
>                               %chromium-system-libevent.patch
> -                             %chromium-disable-api-keys-warning.patch))
> +                             %chromium-disable-api-keys-warning.patch
> +                             (search-patch "chromium-spectre-mitigation.patch")))
>                (modules '((srfi srfi-1)
>                           (guix build utils)))
>                (snippet
> diff --git a/gnu/packages/patches/chromium-spectre-mitigation.patch b/gnu/packages/patches/chromium-spectre-mitigation.patch
> new file mode 100644
> index 000000000..a44a3bce4
> --- /dev/null
> +++ b/gnu/packages/patches/chromium-spectre-mitigation.patch
> @@ -0,0 +1,13 @@
> +diff --git a/content/public/common/content_features.cc b/content/public/common/content_features.cc
> +index 43feb76..33a49b8 100644
> +--- a/content/public/common/content_features.cc
> ++++ b/content/public/common/content_features.cc
> +@@ -308,7 +308,7 @@
> + 
> + // http://tc39.github.io/ecmascript_sharedmem/shmem.html
> + const base::Feature kSharedArrayBuffer{"SharedArrayBuffer",
> +-                                       base::FEATURE_ENABLED_BY_DEFAULT};
> ++                                       base::FEATURE_DISABLED_BY_DEFAULT};
> + 
> + // An experiment to require process isolation for the sign-in origin,
> + // https://accounts.google.com.  Launch bug: https://crbug.com/739418.
> -- 
> 2.15.1
> 




-- 
ng0 :: https://ea.n0.is
A88C8ADD129828D7EAC02E52E22F9BBFEE348588 :: https://ea.n0.is/keys/

[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 6 years and 153 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.