summary refs log tree commit diff
path: root/gnu
diff options
context:
space:
mode:
authorMarius Bakke <marius@gnu.org>2021-12-15 18:16:20 +0100
committerMarius Bakke <marius@gnu.org>2021-12-16 22:21:12 +0100
commit48a1bb314dd77916203deadc8ce7bc664e0f95f9 (patch)
treecba9836bf19900e32f2c0ff8c1ad34ad6c070122 /gnu
parentd2af1df65f453ff81567eb2c49d908c0a2032329 (diff)
downloadguix-48a1bb314dd77916203deadc8ce7bc664e0f95f9.tar.gz
gnu: ungoogled-chromium: Enable RUNPATH validation.
* gnu/packages/patches/ungoogled-chromium-RUNPATH.patch: New file.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
* gnu/packages/chromium.scm (%guix-patches): Add it.
(ungoogled-chromium)[arguments]: Remove #:validate-runpath?.
Diffstat (limited to 'gnu')
-rw-r--r--gnu/local.mk1
-rw-r--r--gnu/packages/chromium.scm5
-rw-r--r--gnu/packages/patches/ungoogled-chromium-RUNPATH.patch22
3 files changed, 26 insertions, 2 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index 2d91c95feb..c5ed210406 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1849,6 +1849,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/ucx-tcp-iface-ioctl.patch		\
   %D%/packages/patches/ungoogled-chromium-extension-search-path.patch	\
   %D%/packages/patches/ungoogled-chromium-ffmpeg-compat.patch	\
+  %D%/packages/patches/ungoogled-chromium-RUNPATH.patch		\
   %D%/packages/patches/ungoogled-chromium-system-nspr.patch	\
   %D%/packages/patches/unison-fix-ocaml-4.08.patch		\
   %D%/packages/patches/unknown-horizons-python-3.8-distro.patch	\
diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm
index f3028d3bd0..a6df47e374 100644
--- a/gnu/packages/chromium.scm
+++ b/gnu/packages/chromium.scm
@@ -375,6 +375,9 @@
           (search-patch "ungoogled-chromium-extension-search-path.patch")))
         (local-file
          (assume-valid-file-name
+          (search-patch "ungoogled-chromium-RUNPATH.patch")))
+        (local-file
+         (assume-valid-file-name
           (search-patch "ungoogled-chromium-ffmpeg-compat.patch")))
         (local-file
          (assume-valid-file-name
@@ -483,8 +486,6 @@
     (build-system gnu-build-system)
     (arguments
      `(#:tests? #f
-       ;; FIXME: Chromiums RUNPATH lacks entries for some libraries.
-       #:validate-runpath? #f
        #:modules ((guix build gnu-build-system)
                   (guix build utils)
                   (srfi srfi-26))
diff --git a/gnu/packages/patches/ungoogled-chromium-RUNPATH.patch b/gnu/packages/patches/ungoogled-chromium-RUNPATH.patch
new file mode 100644
index 0000000000..379c47ac7e
--- /dev/null
+++ b/gnu/packages/patches/ungoogled-chromium-RUNPATH.patch
@@ -0,0 +1,22 @@
+Use RUNPATH instead of RPATH so that end users can override the library
+search path (and the 'validate-runpath' phase can do its work).
+
+diff --git a/build/config/gcc/BUILD.gn b/build/config/gcc/BUILD.gn
+--- a/build/config/gcc/BUILD.gn
++++ b/build/config/gcc/BUILD.gn
+@@ -99,7 +99,14 @@ config("executable_config") {
+     ]
+   }
+ 
+-  if (!is_android && current_os != "aix") {
++  if (is_linux) {
++    ldflags += [
++      # Set DT_RUNPATH instead of DT_RPATH which is important because the
++      # former can be overridden at runtime, and Guix has support for
++      # verifying that nothing is missing.
++      "-Wl,--enable-new-dtags",
++    ]
++  } else if (!is_android && current_os != "aix") {
+     ldflags += [
+       # TODO(GYP): Do we need a check on the binutils version here?
+       #