From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:57169)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1eaQ93-0006My-Vj
	for guix-patches@gnu.org; Sat, 13 Jan 2018 13:03:07 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1eaQ90-0005HU-QT
	for guix-patches@gnu.org; Sat, 13 Jan 2018 13:03:06 -0500
Received: from debbugs.gnu.org ([208.118.235.43]:47187)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1eaQ90-0005HL-Ma
	for guix-patches@gnu.org; Sat, 13 Jan 2018 13:03:02 -0500
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1eaQ90-00030b-Ds
	for guix-patches@gnu.org; Sat, 13 Jan 2018 13:03:02 -0500
Subject: [bug#28004] Chromium
Resent-Message-ID: <handler.28004.B28004.151586657311551@debbugs.gnu.org>
Date: Sat, 13 Jan 2018 19:02:35 +0000
From: ng0 <ng0@n0.is>
Message-ID: <20180113190235.4yhko2v5cxiu7p6f@abyayala>
References: <87y3qvb15k.fsf@fastmail.com>
	<20171010131949.y43plpzxbppvrigr@abyayala> <87lgkha2cx.fsf@gnu.org>
	<20171012195628.GA31843@jasmine.lan> <87shensfq6.fsf@gnu.org>
	<87o9p45bb6.fsf@fastmail.com>
	<20180104191648.custe7w3l57fvbac@abyayala>
	<87wp0s2ewl.fsf@fastmail.com>
	<20180108232042.nqjurjr2bcfl2yyc@abyayala>
	<87373cey5b.fsf@fastmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="kqis44vvjivz3hfq"
Content-Disposition: inline
In-Reply-To: <87373cey5b.fsf@fastmail.com>
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-patches/>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org
Sender: "Guix-patches" <guix-patches-bounces+kyle=kyleam.com@gnu.org>
To: Marius Bakke <mbakke@fastmail.com>
Cc: 28004@debbugs.gnu.org


--kqis44vvjivz3hfq
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

I just got a bug report for the build via:

guix pull --url=3D"https://c.n0.is/git/ng0/guix/guix.git" --branch=3D"prete=
st/chromium"
guix package --install chromium

Failing with the attached build log excerpt. We are not FreeBSD, but I found
this in the first 5 minutes: https://bugs.freebsd.org/bugzilla/show_bug.cgi=
?id=3D160935
Maybe it helps to debug this, or maybe you've encountered this before.

I myself have been able to build this without issues on two systems.

All mentioned systems are GuixSD.


This should be a blocker, but maybe a head-up in potential build issues.
Marius Bakke transcribed 4.5K bytes:
> ng0 <ng0@n0.is> writes:
>=20
> > Many thanks for your ongoing work with this (and the patience :))
> > As this is 63, you you are keeping track of Debian, right? I tried
> > to package 64 a couple of days ago because I wanted the workaround
> > for some of the recent security clusterfucks, but Debian is still
> > on 63 :/
> > I hope they'll update their patchset soon.
>=20
> Indeed Google did not add the Spectre mitigation to Chromium 63, even
> though the latest version was released after the fact.
>=20
> https://xlab.tencent.com/special/spectre/spectre_check.html
>=20
> For reasons that beat me, they only added it to the proprietary Chrome
> browser, which follows the same version number as Chromium.
>=20
> The attached patch adds Spectre mitigation to the current Chromium
> release.  The patch was pulled from the Chrome 64 branch:
>=20

> From b011b57f357af97f3a003a3b1c481fc8bd2b869c Mon Sep 17 00:00:00 2001
> From: Marius Bakke <mbakke@fastmail.com>
> Date: Thu, 11 Jan 2018 14:36:47 +0100
> Subject: [PATCH] gnu: chromium: Add spectre mitigation.
>=20
> * gnu/packages/patches/chromium-spectre-mitigation.patch: New file.
> * gnu/local.mk (dist_patch_DATA): Register it.
> * gnu/packages/chromium.scm (chromium)[source]: Use it.
> ---
>  gnu/local.mk                                           |  1 +
>  gnu/packages/chromium.scm                              |  3 ++-
>  gnu/packages/patches/chromium-spectre-mitigation.patch | 13 +++++++++++++
>  3 files changed, 16 insertions(+), 1 deletion(-)
>  create mode 100644 gnu/packages/patches/chromium-spectre-mitigation.patch
>=20
> diff --git a/gnu/local.mk b/gnu/local.mk
> index 513f64043..89dab227c 100644
> --- a/gnu/local.mk
> +++ b/gnu/local.mk
> @@ -575,6 +575,7 @@ dist_patch_DATA =3D						\
>    %D%/packages/patches/ceph-skip-collect-sys-info-test.patch	\
>    %D%/packages/patches/ceph-skip-unittest_blockdev.patch	\
>    %D%/packages/patches/chmlib-inttypes.patch			\
> +  %D%/packages/patches/chromium-spectre-mitigation.patch	\
>    %D%/packages/patches/clang-libc-search-path.patch		\
>    %D%/packages/patches/clang-3.8-libc-search-path.patch		\
>    %D%/packages/patches/clementine-use-openssl.patch		\
> diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm
> index dd040527b..1e9dba42e 100644
> --- a/gnu/packages/chromium.scm
> +++ b/gnu/packages/chromium.scm
> @@ -240,7 +240,8 @@
>                               %chromium-system-icu.patch
>                               %chromium-system-nspr.patch
>                               %chromium-system-libevent.patch
> -                             %chromium-disable-api-keys-warning.patch))
> +                             %chromium-disable-api-keys-warning.patch
> +                             (search-patch "chromium-spectre-mitigation.=
patch")))
>                (modules '((srfi srfi-1)
>                           (guix build utils)))
>                (snippet
> diff --git a/gnu/packages/patches/chromium-spectre-mitigation.patch b/gnu=
/packages/patches/chromium-spectre-mitigation.patch
> new file mode 100644
> index 000000000..a44a3bce4
> --- /dev/null
> +++ b/gnu/packages/patches/chromium-spectre-mitigation.patch
> @@ -0,0 +1,13 @@
> +diff --git a/content/public/common/content_features.cc b/content/public/=
common/content_features.cc
> +index 43feb76..33a49b8 100644
> +--- a/content/public/common/content_features.cc
> ++++ b/content/public/common/content_features.cc
> +@@ -308,7 +308,7 @@
> +=20
> + // http://tc39.github.io/ecmascript_sharedmem/shmem.html
> + const base::Feature kSharedArrayBuffer{"SharedArrayBuffer",
> +-                                       base::FEATURE_ENABLED_BY_DEFAULT=
};
> ++                                       base::FEATURE_DISABLED_BY_DEFAUL=
T};
> +=20
> + // An experiment to require process isolation for the sign-in origin,
> + // https://accounts.google.com.  Launch bug: https://crbug.com/739418.
> --=20
> 2.15.1
>=20




--=20
ng0 :: https://ea.n0.is
A88C8ADD129828D7EAC02E52E22F9BBFEE348588 :: https://ea.n0.is/keys/

--kqis44vvjivz3hfq
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEqIyK3RKYKNfqwC5S4i+bv+40hYgFAlpaV8sACgkQ4i+bv+40
hYh3Sw//b6MPJEuZrE7/amksG3/kWlJlxjqmWqrSGmVHcfJuJqfEtulyJq6zT+va
YWQNcsXelCbKUX/hD3BWLE2J0N8lWHn8oa8FNFrv6Yd3PJrgZT2VS+qJ4Fhv788t
dMK2VTWJZ/cOgJjt+qohIipjuxQEnZpUDk3WZpWzljA8AcukSrzGc15Tw04ALucK
polnXLRvcUUk2zmFf5D1h3Ebahy4VdBEHl6Uv9ar7PvjbgHzYFiABa0ed3s9xuii
MyLYWEXM8LW7xOHr/uTEBMYfMpL40tHVNxQFVHGjDM1sL9oMT1iXEr1QKzXIsDz0
c+54Tk1dIgOOnNvov2sDWqyvlq1xO+1a0ZK0iqm1x3Yk4pRXHGU8YQ4hNIryyLoc
erfwyfsGjOVyhfFLNkcph+0Jov1NH+k/8mjyfaNRlIZdg0xTG5UwOO9NaZKLFfWX
Op3qlLZBDbQbqM760hMLC6zvI+84TyCYohTQwLJ6+Usr0M2t/UhzBCj4UMBM799z
CR7P2M9fQ3EsMO0BkD+WQHpzWQtPOKhG7nSfZDslTcCi7eO0fomY16m7Nxa6mgZk
QNtxpQMdKDHS/cd2OEyMsphq/5tKL4VhWnn09JciEUN6a5gDv/4VbDM/KFoqlcFY
uttIG2CfIfWHcTOHxNDFWinonot8713BTWCMK7g07YMBfwYS4kg=
=Resk
-----END PGP SIGNATURE-----

--kqis44vvjivz3hfq--