From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:57169) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eaQ93-0006My-Vj for guix-patches@gnu.org; Sat, 13 Jan 2018 13:03:07 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eaQ90-0005HU-QT for guix-patches@gnu.org; Sat, 13 Jan 2018 13:03:06 -0500 Received: from debbugs.gnu.org ([208.118.235.43]:47187) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1eaQ90-0005HL-Ma for guix-patches@gnu.org; Sat, 13 Jan 2018 13:03:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1eaQ90-00030b-Ds for guix-patches@gnu.org; Sat, 13 Jan 2018 13:03:02 -0500 Subject: [bug#28004] Chromium Resent-Message-ID: Date: Sat, 13 Jan 2018 19:02:35 +0000 From: ng0 Message-ID: <20180113190235.4yhko2v5cxiu7p6f@abyayala> References: <87y3qvb15k.fsf@fastmail.com> <20171010131949.y43plpzxbppvrigr@abyayala> <87lgkha2cx.fsf@gnu.org> <20171012195628.GA31843@jasmine.lan> <87shensfq6.fsf@gnu.org> <87o9p45bb6.fsf@fastmail.com> <20180104191648.custe7w3l57fvbac@abyayala> <87wp0s2ewl.fsf@fastmail.com> <20180108232042.nqjurjr2bcfl2yyc@abyayala> <87373cey5b.fsf@fastmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="kqis44vvjivz3hfq" Content-Disposition: inline In-Reply-To: <87373cey5b.fsf@fastmail.com> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: Marius Bakke Cc: 28004@debbugs.gnu.org --kqis44vvjivz3hfq Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable I just got a bug report for the build via: guix pull --url=3D"https://c.n0.is/git/ng0/guix/guix.git" --branch=3D"prete= st/chromium" guix package --install chromium Failing with the attached build log excerpt. We are not FreeBSD, but I found this in the first 5 minutes: https://bugs.freebsd.org/bugzilla/show_bug.cgi= ?id=3D160935 Maybe it helps to debug this, or maybe you've encountered this before. I myself have been able to build this without issues on two systems. All mentioned systems are GuixSD. This should be a blocker, but maybe a head-up in potential build issues. Marius Bakke transcribed 4.5K bytes: > ng0 writes: >=20 > > Many thanks for your ongoing work with this (and the patience :)) > > As this is 63, you you are keeping track of Debian, right? I tried > > to package 64 a couple of days ago because I wanted the workaround > > for some of the recent security clusterfucks, but Debian is still > > on 63 :/ > > I hope they'll update their patchset soon. >=20 > Indeed Google did not add the Spectre mitigation to Chromium 63, even > though the latest version was released after the fact. >=20 > https://xlab.tencent.com/special/spectre/spectre_check.html >=20 > For reasons that beat me, they only added it to the proprietary Chrome > browser, which follows the same version number as Chromium. >=20 > The attached patch adds Spectre mitigation to the current Chromium > release. The patch was pulled from the Chrome 64 branch: >=20 > From b011b57f357af97f3a003a3b1c481fc8bd2b869c Mon Sep 17 00:00:00 2001 > From: Marius Bakke > Date: Thu, 11 Jan 2018 14:36:47 +0100 > Subject: [PATCH] gnu: chromium: Add spectre mitigation. >=20 > * gnu/packages/patches/chromium-spectre-mitigation.patch: New file. > * gnu/local.mk (dist_patch_DATA): Register it. > * gnu/packages/chromium.scm (chromium)[source]: Use it. > --- > gnu/local.mk | 1 + > gnu/packages/chromium.scm | 3 ++- > gnu/packages/patches/chromium-spectre-mitigation.patch | 13 +++++++++++++ > 3 files changed, 16 insertions(+), 1 deletion(-) > create mode 100644 gnu/packages/patches/chromium-spectre-mitigation.patch >=20 > diff --git a/gnu/local.mk b/gnu/local.mk > index 513f64043..89dab227c 100644 > --- a/gnu/local.mk > +++ b/gnu/local.mk > @@ -575,6 +575,7 @@ dist_patch_DATA =3D \ > %D%/packages/patches/ceph-skip-collect-sys-info-test.patch \ > %D%/packages/patches/ceph-skip-unittest_blockdev.patch \ > %D%/packages/patches/chmlib-inttypes.patch \ > + %D%/packages/patches/chromium-spectre-mitigation.patch \ > %D%/packages/patches/clang-libc-search-path.patch \ > %D%/packages/patches/clang-3.8-libc-search-path.patch \ > %D%/packages/patches/clementine-use-openssl.patch \ > diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm > index dd040527b..1e9dba42e 100644 > --- a/gnu/packages/chromium.scm > +++ b/gnu/packages/chromium.scm > @@ -240,7 +240,8 @@ > %chromium-system-icu.patch > %chromium-system-nspr.patch > %chromium-system-libevent.patch > - %chromium-disable-api-keys-warning.patch)) > + %chromium-disable-api-keys-warning.patch > + (search-patch "chromium-spectre-mitigation.= patch"))) > (modules '((srfi srfi-1) > (guix build utils))) > (snippet > diff --git a/gnu/packages/patches/chromium-spectre-mitigation.patch b/gnu= /packages/patches/chromium-spectre-mitigation.patch > new file mode 100644 > index 000000000..a44a3bce4 > --- /dev/null > +++ b/gnu/packages/patches/chromium-spectre-mitigation.patch > @@ -0,0 +1,13 @@ > +diff --git a/content/public/common/content_features.cc b/content/public/= common/content_features.cc > +index 43feb76..33a49b8 100644 > +--- a/content/public/common/content_features.cc > ++++ b/content/public/common/content_features.cc > +@@ -308,7 +308,7 @@ > +=20 > + // http://tc39.github.io/ecmascript_sharedmem/shmem.html > + const base::Feature kSharedArrayBuffer{"SharedArrayBuffer", > +- base::FEATURE_ENABLED_BY_DEFAULT= }; > ++ base::FEATURE_DISABLED_BY_DEFAUL= T}; > +=20 > + // An experiment to require process isolation for the sign-in origin, > + // https://accounts.google.com. Launch bug: https://crbug.com/739418. > --=20 > 2.15.1 >=20 --=20 ng0 :: https://ea.n0.is A88C8ADD129828D7EAC02E52E22F9BBFEE348588 :: https://ea.n0.is/keys/ --kqis44vvjivz3hfq Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEqIyK3RKYKNfqwC5S4i+bv+40hYgFAlpaV8sACgkQ4i+bv+40 hYh3Sw//b6MPJEuZrE7/amksG3/kWlJlxjqmWqrSGmVHcfJuJqfEtulyJq6zT+va YWQNcsXelCbKUX/hD3BWLE2J0N8lWHn8oa8FNFrv6Yd3PJrgZT2VS+qJ4Fhv788t dMK2VTWJZ/cOgJjt+qohIipjuxQEnZpUDk3WZpWzljA8AcukSrzGc15Tw04ALucK polnXLRvcUUk2zmFf5D1h3Ebahy4VdBEHl6Uv9ar7PvjbgHzYFiABa0ed3s9xuii MyLYWEXM8LW7xOHr/uTEBMYfMpL40tHVNxQFVHGjDM1sL9oMT1iXEr1QKzXIsDz0 c+54Tk1dIgOOnNvov2sDWqyvlq1xO+1a0ZK0iqm1x3Yk4pRXHGU8YQ4hNIryyLoc erfwyfsGjOVyhfFLNkcph+0Jov1NH+k/8mjyfaNRlIZdg0xTG5UwOO9NaZKLFfWX Op3qlLZBDbQbqM760hMLC6zvI+84TyCYohTQwLJ6+Usr0M2t/UhzBCj4UMBM799z CR7P2M9fQ3EsMO0BkD+WQHpzWQtPOKhG7nSfZDslTcCi7eO0fomY16m7Nxa6mgZk QNtxpQMdKDHS/cd2OEyMsphq/5tKL4VhWnn09JciEUN6a5gDv/4VbDM/KFoqlcFY uttIG2CfIfWHcTOHxNDFWinonot8713BTWCMK7g07YMBfwYS4kg= =Resk -----END PGP SIGNATURE----- --kqis44vvjivz3hfq--