From 48a1bb314dd77916203deadc8ce7bc664e0f95f9 Mon Sep 17 00:00:00 2001
From: Marius Bakke <marius@gnu.org>
Date: Wed, 15 Dec 2021 18:16:20 +0100
Subject: gnu: ungoogled-chromium: Enable RUNPATH validation.

* gnu/packages/patches/ungoogled-chromium-RUNPATH.patch: New file.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
* gnu/packages/chromium.scm (%guix-patches): Add it.
(ungoogled-chromium)[arguments]: Remove #:validate-runpath?.
---
 .../patches/ungoogled-chromium-RUNPATH.patch       | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 gnu/packages/patches/ungoogled-chromium-RUNPATH.patch

(limited to 'gnu/packages/patches')

diff --git a/gnu/packages/patches/ungoogled-chromium-RUNPATH.patch b/gnu/packages/patches/ungoogled-chromium-RUNPATH.patch
new file mode 100644
index 0000000000..379c47ac7e
--- /dev/null
+++ b/gnu/packages/patches/ungoogled-chromium-RUNPATH.patch
@@ -0,0 +1,22 @@
+Use RUNPATH instead of RPATH so that end users can override the library
+search path (and the 'validate-runpath' phase can do its work).
+
+diff --git a/build/config/gcc/BUILD.gn b/build/config/gcc/BUILD.gn
+--- a/build/config/gcc/BUILD.gn
++++ b/build/config/gcc/BUILD.gn
+@@ -99,7 +99,14 @@ config("executable_config") {
+     ]
+   }
+ 
+-  if (!is_android && current_os != "aix") {
++  if (is_linux) {
++    ldflags += [
++      # Set DT_RUNPATH instead of DT_RPATH which is important because the
++      # former can be overridden at runtime, and Guix has support for
++      # verifying that nothing is missing.
++      "-Wl,--enable-new-dtags",
++    ]
++  } else if (!is_android && current_os != "aix") {
+     ldflags += [
+       # TODO(GYP): Do we need a check on the binutils version here?
+       #
-- 
cgit v1.2.3