From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1.migadu.com ([2001:41d0:403:4876::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms8.migadu.com with LMTPS id GOl0Lw3e0GX3ugAA62LTzQ:P1 (envelope-from ) for ; Sat, 17 Feb 2024 17:25:49 +0100 Received: from aspmx1.migadu.com ([2001:41d0:403:4876::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1.migadu.com with LMTPS id GOl0Lw3e0GX3ugAA62LTzQ (envelope-from ) for ; Sat, 17 Feb 2024 17:25:49 +0100 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=retrospec.tv header.s=fm3 header.b=Man1Z9K7; dkim=fail ("headers rsa verify failed") header.d=messagingengine.com header.s=fm1 header.b="i 25P3QE"; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1708187149; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=+NHYzQbMTP2cGAKjWsPRLMOCdhAOZwC1l4YDA6jU2Fw=; b=kIjIioqqG5PGBPuEx9+32mZsxyaZhjyV/X8JE06V40JZEoSO3ntCemqtt/g6RhCVjOdUYE BC31zV6186FgfhBbgwXdQ99zUPOaxUTrIuZQBPLmCbBpDeh4YUzat1SYf0E/I/sk4pOYGB K6zye6nAOEB7KgpfROi1TKRtNLcUdky7q/lvdKG+HRN1Mq9X0sUB4bilblF97FyJ5Jv8uK XYjbpUmZtXvkrmx+e1Iou8XFanKJNsYsg6J3dwpEKzXD2x8Sz7vNH9QyE1MyKGk/3HpUS2 OM3lmw+Q6wfgQVfaJtaETDtunpFtnwO2auUJwCez3SAEv3jS2nY4lzY6y4VEVA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=retrospec.tv header.s=fm3 header.b=Man1Z9K7; dkim=fail ("headers rsa verify failed") header.d=messagingengine.com header.s=fm1 header.b="i 25P3QE"; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=none ARC-Seal: i=1; s=key1; d=yhetil.org; t=1708187149; a=rsa-sha256; cv=none; b=UwLFJgEX0I8PB/2FsK2yukliDSwJ1yiE5Cqh4cOJMdk7w3Q7xyyEHoV3S+uC/98Vb6gaBv NeO97Mt7thbTSVg8qdu73KFo09ZmOa39UJ31gLThpct7Eh4MMEYjPBlrfFK9yMZp0+3IIa ycqS0Xa8f/N2+Z4xzdeHVyo5aV35plHRvtQwhB2kB5F+IftAhiNMPfAQlByMP5feVW6vxS aeySpl04zuTG7xOUqDq0/zSDTnM2hUZWroCj0eZ8HhktJWv7jWcRc8ECVJ4w2jkhHbdfMg rAKBX/qv4rJUG1DIt21f6+XGWmUcNRmD1XEJ8YdXQSgJ3iD+u24+xbLfmhAaZw== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 8936D21771 for ; Sat, 17 Feb 2024 17:25:49 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rbNVZ-0000DZ-Ez; Sat, 17 Feb 2024 11:25:45 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rbNVW-0000Ct-SR for guix-patches@gnu.org; Sat, 17 Feb 2024 11:25:42 -0500 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rbNVW-0006tr-KN for guix-patches@gnu.org; Sat, 17 Feb 2024 11:25:42 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1rbNVq-0004qj-Gz for guix-patches@gnu.org; Sat, 17 Feb 2024 11:26:02 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#67512] [PATCH v4 3/4] gnu: Add wasm packages. Resent-From: Ian Eure Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 17 Feb 2024 16:26:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 67512 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: =?UTF-8?Q?Cl=C3=A9ment?= Lassieur Cc: 67512@debbugs.gnu.org, Mark H Weaver , Liliana Marie Prikler Received: via spool by 67512-submit@debbugs.gnu.org id=B67512.170818715318626 (code B ref 67512); Sat, 17 Feb 2024 16:26:02 +0000 Received: (at 67512) by debbugs.gnu.org; 17 Feb 2024 16:25:53 +0000 Received: from localhost ([127.0.0.1]:33674 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rbNVg-0004qM-FF for submit@debbugs.gnu.org; Sat, 17 Feb 2024 11:25:52 -0500 Received: from wfhigh6-smtp.messagingengine.com ([64.147.123.157]:34249) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rbNVd-0004py-6Y for 67512@debbugs.gnu.org; Sat, 17 Feb 2024 11:25:50 -0500 Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailfhigh.west.internal (Postfix) with ESMTP id E6B3218000AD; Sat, 17 Feb 2024 11:25:22 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute1.internal (MEProxy); Sat, 17 Feb 2024 11:25:23 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=retrospec.tv; h= cc:cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm3; t=1708187122; x=1708273522; bh=+NHYzQbMTP2cGAKjWsPRLMOCdhAOZwC1l4YDA6jU2Fw=; b= Man1Z9K7ub5XiaJIwWMk56psTqHs5U6YBv4TgyKhLDsJp2og/FasycfgVN8q1eu8 87IA54wJMAfFYDG7ufveD5LHdlChjhPpVkM2EAZMDBDFAQkejzkwn4+qXLehX+UQ 8S50MZ7+Fu/OUrjyId4qt6MkOwFzTcLoY49u8mM399eEzhCoFBdjVfJHOOZpvC4L SoARHNLQQrT2L59Y0Eq6Uyo78nyzFzgSEvtxpnZU4wsL/AuZSbM9G/dCFLA7togZ ls5WE29E1rn2T3DSIxEn15ztW4ot6GOIWpFKItm5O6zHr5uacUG/HAnTFnXD122x X370hOLBw2cXU2vNh1mmzw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1708187122; x= 1708273522; bh=+NHYzQbMTP2cGAKjWsPRLMOCdhAOZwC1l4YDA6jU2Fw=; b=i 25P3QEO/6IdC5LpItqmeVeX8pAoywLjCUvCcg/S11gaJegT3NAP4XgcjUK9SMw49 cAdwWVBdticoiWCZH13D45az+sj+M1hrKcU9x/zP5g2aMFnqe16k/y+KvjzoycUD xKXdhLWmA8MFZrIVXTF8juMDRaWpOWO2N9DPd19FUQttVZdl+nXnmUWTpWYMCKak VJY6F8agOO+0EGYeUF6bm9qmU5atvDVk2PRoLMORrmik9w6UtNCudLgycJBnY/tT +dS6yXzLmShdr28ojLE3LfDbqNzzaxPftRfIe2/Gf/UmWvaSOTZitJnd+bJQWY0g EyNHZTSz+QlVOU3JsN+1g== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrvdeggdekjecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpehffgfhvfevufffjgfkgggtgfesthhqredttderjeenucfhrhhomhepkfgrnhcu gfhurhgvuceoihgrnhesrhgvthhrohhsphgvtgdrthhvqeenucggtffrrghtthgvrhhnpe fhfffhvdduvedvueevjeeiueekgeeukedvfeehleegkeffhfeggfetgeeujeeuheenucff ohhmrghinhepmhhoiihilhhlrgdrohhrghenucevlhhushhtvghrufhiiigvpedtnecurf grrhgrmhepmhgrihhlfhhrohhmpehirghnsehrvghtrhhoshhpvggtrdhtvh X-ME-Proxy: Feedback-ID: id9014242:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sat, 17 Feb 2024 11:25:21 -0500 (EST) References: <39662eaab8ebb73981be67f42a0277c2013be76b.1707855137.git.ian@retrospec.tv> <1808da259ee4755731fade4507812fb3f9ba619e.camel@gmail.com> <87eddgx6y7.fsf@retrospec.tv> <877cj4fpo6.fsf@lassieur.org> User-agent: mu4e 1.10.8; emacs 29.1 From: Ian Eure Date: Sat, 17 Feb 2024 08:09:22 -0800 In-reply-to: <877cj4fpo6.fsf@lassieur.org> Message-ID: <871q9bdpn3.fsf@retrospec.tv> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Scanner: mx10.migadu.com X-Migadu-Spam-Score: -2.21 X-Spam-Score: -2.21 X-Migadu-Queue-Id: 8936D21771 X-TUID: gWtOA6jB6maT Cl=C3=A9ment Lassieur writes: > On Tue, Feb 13 2024, Ian Eure wrote: > >> D. Fold the new (gnu packages wasm) into (gnu packages=20 >> librewolf). This is the >> only place they=E2=80=99re used, but it sounds like there=E2=80=99s desi= re to=20 >> port some of the >> other firefoxen to this stuff, so probably not a good long-term=20 >> option. > > Does Librewolf depend on the Wasm packages more than the other=20 > Firefox > based browsers? Upstream Librewolf doesn=E2=80=99t depend on the WASM packages more than=20 any other Firefoxen. I believe that WASM sandboxing is an=20 optional feature for recent Firefox and FF-derived browsers. In case anyone reading this isn=E2=80=99t familiar: Firefox has taken some= =20 libraries that handle untrusted data (which are implemented in=20 C/C++) and complied those WASM, which it runs in isolated=20 sandboxes. The idea being that if there=E2=80=99s a vulnerability in one=20 of those libraries, the impact will be diminished becasue the=20 exploit runs in an environment with very limited privileges[1]. > My point is that if your Librewolf package is independent from=20 > the Wasm packages, they can be split and reviewed independently. The Librewolf package I=E2=80=99m submitting depends on these WASM=20 packages; other Firefox-derived browsers currently in Guix don=E2=80=99t=20 (because they can=E2=80=99t, because the toolchain isn=E2=80=99t in Guix). > That would make the Librewolf review shorter and easier, and the=20 > Wasm > review more consistent and easy to test. Also, adding Wasm to=20 > our > Firefox based browsers would be a one-shot. (Of course it=20 > doesn't have > to be included in Icecat, but I think it would be great to have=20 > it in > =E2=80=98make-torbrowser=E2=80=99.) > I=E2=80=99m not sure what you mean by "adding Wasm to our Firefox based=20 browsers would be a one-shot." Are you saying you want a process=20 like: 1a. Get wasm toolchain stuff merged. 1b. Get Librewolf merged without WASM sandboxing. 2. Update icecat, torbrowser, mullvad, and librewolf to use WASM=20 sandboxing. Thanks, =E2=80=94 Ian [1]: See=20 https://hacks.mozilla.org/2020/02/securing-firefox-with-webassembly/=20 and=20 https://blog.mozilla.org/attack-and-defense/2021/12/06/webassembly-and-back= -again-fine-grained-sandboxing-in-firefox-95/=20 for more on this.