Comments (22)
Does ArchLinux package can help?
https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=ungoogled-chromium-ozone
'is_official_build=true' # implies is_cfi=true on x86_64
# Fixes for building with libstdc++ instead of libc++
patch -Np1 -i ../patches/chromium-84-AXObject-stl-iterator.patch
patch -Np1 -i ../patches/chromium-84-ListContainerHelper-include-cstring.patch
patch -Np1 -i ../patches/chromium-84-crashpad-include-cstring.patch
patch -Np1 -i ../patches/chromium-84-gcc-10-include-stddef.patch
patch -Np1 -i ../patches/chromium-84-gcc-10-webrtc-include-stddef.patch
patch -Np1 -i ../patches/chromium-84-gcc-DCHECK_EQ-unique_ptr.patch
patch -Np1 -i ../patches/chromium-84-std-vector-const.patch
from gentoo-overlay.
Would it suffice just to add a requirement of
libcxx
USE flag forcfi
?
I will test to see if this is all that is required. In my toolchain, I am also using compiler-rt
and libunwind
, as these seem like standard practice for clang+llvm toolchains. On my other system where I will try this, I will start from a clean slate and only enable libcxx
and we will see what happens.
from gentoo-overlay.
Quick update: I am still trying other ways to build ungoogled-chromium on this other system. I want to see if I am able to build it even without -rtlib=compiler-rt
and/or -unwindlib=libunwind
. I am cataloguing every hurdle I run into as I do this.
from gentoo-overlay.
Are there a lot of them?
Not generally speaking. What's taking a while is needing to rebuild the toolchain every time I change any flag that pertains to it, then rebuilding ungoogled-chromium
and taking note of the errors.
from gentoo-overlay.
While experimenting with libcxx
support (or lack thereof) I ran across this: https://bugs.chromium.org/p/chromium/issues/detail?id=910644
This looks to be the exact same error that was encountered in #32. Somehow, it looks like this still occurs in my case (on both systems I'm testing on) unless libcxx
is being used, and I have no idea why. I'm still doing more testing with libcxx
and I should have a complete list of results by the end of today. I at least wanted to share the above bug before I lost it.
from gentoo-overlay.
Okay, so this is what I have found in my testing. All of the following guidance was done with the cfi
USE flag enabled. Any USE changes to the clang+llvm toolchain caused me to bootstrap the toolchain after building it initally with gcc.
If the llvm+clang toolchain is not built with the default-libcxx
USE flag, then v8/torque
will fail to compile with something like the following:
FAILED: torque
clang++ -pie -Wl,--build-id=sha1 -fPIC -Wl,-z,noexecstack -Wl,-z,relro -Wl,-z,now -Wl,-z,defs -Wl,--as-needed -fuse-ld=lld -Wl,--icf=all -Wl,--color-diagno
stics -flto=thin -Wl,--thinlto-jobs=8 -Wl,--thinlto-cache-dir=thinlto-cache -Wl,--thinlto-cache-policy,cache_size=10\%:cache_size_bytes=10g:cache_size_file
s=100000 -Wl,--lto-O2 -fwhole-program-vtables -m64 -rdynamic -fsanitize=cfi-vcall -fsanitize=cfi-derived-cast -fsanitize=cfi-unrelated-cast -fsanitize=cfi-
icall -pie -Wl,--disable-new-dtags -Wl,-O2 -Wl,--gc-sections -Wl,--as-needed -Wl,--sort-common -fuse-ld=lld -Wl,-S -Wl,-plugin-opt,-import-instr-limit=30 -
Wl,--thinlto-jobs=13 -o "./torque" -Wl,--start-group @"./torque.rsp" -Wl,--end-group -latomic -ldl -lpthread -lrt
ld.lld: error: undefined symbol: _Unwind_Resume
If default-libcxx
is enabled, this error does not occur. Note that if the toolchain is built with default-libcxx
, then libcxx
and libcxxabi
are also required, as well as -unwindlib=libunwind
in LDFLAGS
, or else the toolchain will run into the same errors (on my system it did).
It seems that in order to properly build with cfi
, all of the relevant libcxx
USE flags need to be enabled in order for these errors to be avoided and for the original invalid opcode error to be worked around, as well as to build all C++ dependencies with -stdlib=libc++
in order for proper linkage.
But, I am not satisfied with this answer because on my system, using -stdlib=libc++
breaks several important packages (namely cmake
and qtwebkit
). cmake
wants to link to jsoncpp
and for some reason it cannot do so if jsoncpp
is built with libc++
, and qtwebkit
will not link with re2
if it is built with libc++
for the same reason. The linker errors here are the same as those outlined in my original post or here. The jsoncpp
linker error can be avoided by not using the system-jsoncpp
USE flag for ungoogled-chromium
, but this cannot be used to avoid the linker error with re2
as no such flag is provided. Even so, I don't think that adding a system-re2
USE flag is the proper solution for this.
I should point out that this issue shouldn't be specific to ungoogled-chromium
but more than likely chromium
as well, only chromium
does not provide the cfi
USE flag directly in the ebuild.
from gentoo-overlay.
Hope nothing broke.
Happy to report that so far on my main system (where I'm using libcxx
) nothing broke.
I am currently prepping the toolchain on another system to see if I can build it with other USE flag combinations and get cfi
working.
from gentoo-overlay.
For the past 2 weeks I have been rebuilding my system with libc++ across the board where possible, as I have discovered that using multiple stdc++ libraries causes problems. But, I am still running into issues, though these are all unrelated to ungoogled-chromium
and cfi
. I have had zero issues building ungoogled-chromium
with cfi
as long as its dependencies are built with -stdlib=libc++
using clang. Perhaps we can amend the notice in the ebuild if cfi
is enabled to point here, too. Your thoughts, @PF4Public ?
from gentoo-overlay.
Do I get it right, that if everything is compiled with
-stdlib=libc++
,cfi
does not break the build?
Yes. My verdict is that if -stdlib=libc++
is not used for all dependencies, then the build will fail due to a CFI violation in the build process for v8/torque
(still not sure why). Note that I haven't tried building dependencies this way with gcc/g++, so I'm not sure if the same problem would occur.
from gentoo-overlay.
Awesome! Thank you for testing this out!
Looks like the key issue was to build with libc++. Would it suffice just to add a requirement of libcxx
USE flag for cfi
?
from gentoo-overlay.
I am cataloguing every hurdle I run into as I do this.
Are there a lot of them?
from gentoo-overlay.
While experimenting with
libcxx
support (or lack thereof) I ran across this: https://bugs.chromium.org/p/chromium/issues/detail?id=910644
That is a good find! But it is indeed marked as resolved more than a year ago… Weird.
from gentoo-overlay.
@alexminder Interesting. I will try these out tonight, but I may need to do a pretty large rebuild as most of my system is already using libc++
where possible.
from gentoo-overlay.
BTW, does cfi
have any significance or use or benefit for the trouble it presents for compiling?
from gentoo-overlay.
BTW, does
cfi
have any significance or use or benefit for the trouble it presents for compiling?
CFI is a proven effective security feature that has been in use on official builds of Google Chrome and Chromium for a while now.
From the Clang documention:
Clang includes an implementation of a number of control flow integrity (CFI) schemes, which are designed to abort the program upon detecting certain forms of undefined behavior that can potentially allow attackers to subvert the program’s control flow.
And from the Chromium documentation:
CFI for virtual calls is enabled for the official Chrome on Linux x86-64 (M54 and newer).
CFI for indirect (C-style) calls is enabled for the official Chrome on Linux x86-64 (M68 and newer).
Chrome is bad-cast clean, and we have a bot on chromium.memory that keeps it that way
We're working on additional compiler improvements to allow deploying CFI on more platforms.
from gentoo-overlay.
Recently I came to conclusion, that libcxx
flag should be once again removed from ebuild.
Last time, when I've removed it, I thought, that this should be accomplished by a user locally through env configuration, but since mainline chromium ebuild embraced libcxx
functionality, I've copied it verbatim into my ebuild. Turns out, their handling of libcxx is very flawed. So once again, I've decided to remove this flag with next release. This could probably ease the cfi
troubles.
from gentoo-overlay.
Recently I came to conclusion, that
libcxx
flag should be once again removed from ebuild.
Understood. I will be looking forward to test. I have another system not yet converted to libcxx
so I will try building using stdlibc++
(default) as soon as the ebuild is available. The patches referenced by @alexminder should help if there are any issues.
from gentoo-overlay.
Recently I came to conclusion, that
libcxx
flag should be once again removed from ebuild.
Just a note: That does not mean you cannot build ungoogled-chromium with libc++. You will need to manually edit portage env and apply CPPFLAGS and other settings as needed per package on your system.
from gentoo-overlay.
125 is out for testing. I've removed libcxx
flag. Hope nothing broke.
from gentoo-overlay.
Perhaps we can amend the notice in the ebuild if
cfi
is enabled to point here, too. Your thoughts, @PF4Public ?
Absolutely! I'm just patiently waiting for your verdict on the issue.
Do I get it right, that if everything is compiled with -stdlib=libc++
, cfi
does not break the build?
from gentoo-overlay.
I've just reworded the warning message. Feel free to close this bug if you consider that it is better explained now.
from gentoo-overlay.
I've just reworded the warning message. Feel free to close this bug if you consider that it is better explained now.
LGTM! Thank you for your patience.
from gentoo-overlay.
Related Issues (20)
- New package suggestion: Thorium HOT 2
- www-client/ungoogled-chromium-bin: fails to relaunch after setting flags HOT 4
- www-client/ungoogled-chromium:122.0.6261.111 (and at least 121 too) crash at start with “Assertion 'this->_M_is_engaged()' failed.” HOT 17
- www-client/ungoogled-chromium-122.0.6261.111_p1: fails to build HOT 4
- dev-util/electron-29.1.1: chromium-118-ffmpeg.patch fails to apply HOT 3
- www-client/ungoogled-chromium-122.0.6261.111_p1 compilation error HOT 7
- remove dependency on libpulse in ungoogled-chromium-bin HOT 5
- app-misc/font-manager-0.8.8: build failure due to multiple `buildtype` directives HOT 1
- www-client/ungoogled-chromium-122.0.6261.111_p1: `bubble_contents_wrapper.h:153:9: error: static assertion expression is not an integral constant expression` HOT 1
- net-im/element-desktop-1.11.63: electron v28 removed HOT 1
- dev-util/electron: fix_adapt_exclusive_access_for_electron_needs patch fails HOT 2
- app-editors/vscode: Error: Cannot find module '/usr/lib64/node_modules/yarn/bin/../lib/cli' HOT 7
- www-client/ungoogled-chromium-122.0.6261.111_p1: would it be possible to add a system-XNNPACK use flag? HOT 3
- www-client/ungoogled-chromium-123.0.6312.105_p1: configuring breaks HOT 4
- www-client/ungoogled-chromium-123.0.6312.105_p1: no matching member function for call to 'emplace' HOT 5
- www-client/ungoogled-chromium: Allow specifying linker thread count HOT 3
- www-client/ungoogled-chromium-123*: tabs freeze (javascript issue?) HOT 13
- www-client/ungoogled-chromium-bin: need chromium-browser symlink HOT 3
- www-client/ungoogled-chromium-122.0.6261.111_p1:0[+system-ffmpeg] compilation failure HOT 2
- dev-util/electron-29.3.2: AVX512 enabled breaking build on non-AVX512 hardware HOT 16
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gentoo-overlay.