ng0 transcribed 5.6K bytes: > I just got a bug report for the build via: > > guix pull --url="https://c.n0.is/git/ng0/guix/guix.git" --branch="pretest/chromium" > guix package --install chromium > > Failing with the attached build log excerpt. We are not FreeBSD, but I found > this in the first 5 minutes: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=160935 > Maybe it helps to debug this, or maybe you've encountered this before. > > I myself have been able to build this without issues on two systems. > > All mentioned systems are GuixSD. > this time with attached file. > This should be a blocker, but maybe a head-up in potential build issues. > Marius Bakke transcribed 4.5K bytes: > > ng0 writes: > > > > > Many thanks for your ongoing work with this (and the patience :)) > > > As this is 63, you you are keeping track of Debian, right? I tried > > > to package 64 a couple of days ago because I wanted the workaround > > > for some of the recent security clusterfucks, but Debian is still > > > on 63 :/ > > > I hope they'll update their patchset soon. > > > > Indeed Google did not add the Spectre mitigation to Chromium 63, even > > though the latest version was released after the fact. > > > > https://xlab.tencent.com/special/spectre/spectre_check.html > > > > For reasons that beat me, they only added it to the proprietary Chrome > > browser, which follows the same version number as Chromium. > > > > The attached patch adds Spectre mitigation to the current Chromium > > release. The patch was pulled from the Chrome 64 branch: > > > > > From b011b57f357af97f3a003a3b1c481fc8bd2b869c Mon Sep 17 00:00:00 2001 > > From: Marius Bakke > > Date: Thu, 11 Jan 2018 14:36:47 +0100 > > Subject: [PATCH] gnu: chromium: Add spectre mitigation. > > > > * gnu/packages/patches/chromium-spectre-mitigation.patch: New file. > > * gnu/local.mk (dist_patch_DATA): Register it. > > * gnu/packages/chromium.scm (chromium)[source]: Use it. > > --- > > gnu/local.mk | 1 + > > gnu/packages/chromium.scm | 3 ++- > > gnu/packages/patches/chromium-spectre-mitigation.patch | 13 +++++++++++++ > > 3 files changed, 16 insertions(+), 1 deletion(-) > > create mode 100644 gnu/packages/patches/chromium-spectre-mitigation.patch > > > > diff --git a/gnu/local.mk b/gnu/local.mk > > index 513f64043..89dab227c 100644 > > --- a/gnu/local.mk > > +++ b/gnu/local.mk > > @@ -575,6 +575,7 @@ dist_patch_DATA = \ > > %D%/packages/patches/ceph-skip-collect-sys-info-test.patch \ > > %D%/packages/patches/ceph-skip-unittest_blockdev.patch \ > > %D%/packages/patches/chmlib-inttypes.patch \ > > + %D%/packages/patches/chromium-spectre-mitigation.patch \ > > %D%/packages/patches/clang-libc-search-path.patch \ > > %D%/packages/patches/clang-3.8-libc-search-path.patch \ > > %D%/packages/patches/clementine-use-openssl.patch \ > > diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm > > index dd040527b..1e9dba42e 100644 > > --- a/gnu/packages/chromium.scm > > +++ b/gnu/packages/chromium.scm > > @@ -240,7 +240,8 @@ > > %chromium-system-icu.patch > > %chromium-system-nspr.patch > > %chromium-system-libevent.patch > > - %chromium-disable-api-keys-warning.patch)) > > + %chromium-disable-api-keys-warning.patch > > + (search-patch "chromium-spectre-mitigation.patch"))) > > (modules '((srfi srfi-1) > > (guix build utils))) > > (snippet > > diff --git a/gnu/packages/patches/chromium-spectre-mitigation.patch b/gnu/packages/patches/chromium-spectre-mitigation.patch > > new file mode 100644 > > index 000000000..a44a3bce4 > > --- /dev/null > > +++ b/gnu/packages/patches/chromium-spectre-mitigation.patch > > @@ -0,0 +1,13 @@ > > +diff --git a/content/public/common/content_features.cc b/content/public/common/content_features.cc > > +index 43feb76..33a49b8 100644 > > +--- a/content/public/common/content_features.cc > > ++++ b/content/public/common/content_features.cc > > +@@ -308,7 +308,7 @@ > > + > > + // http://tc39.github.io/ecmascript_sharedmem/shmem.html > > + const base::Feature kSharedArrayBuffer{"SharedArrayBuffer", > > +- base::FEATURE_ENABLED_BY_DEFAULT}; > > ++ base::FEATURE_DISABLED_BY_DEFAULT}; > > + > > + // An experiment to require process isolation for the sign-in origin, > > + // https://accounts.google.com. Launch bug: https://crbug.com/739418. > > -- > > 2.15.1 > > > > > > > -- > ng0 :: https://ea.n0.is > A88C8ADD129828D7EAC02E52E22F9BBFEE348588 :: https://ea.n0.is/keys/ -- ng0 :: https://ea.n0.is A88C8ADD129828D7EAC02E52E22F9BBFEE348588 :: https://ea.n0.is/keys/