Building the latest firefox fails with many "IDENTIFIER was not declared in this scope" errors. Previous versions of firefox built OK with the same CFLAGS and USE options. Reproducible: Always Steps to Reproduce: emerge -u firefox Actual Results: Many build errors looking like this: /var/tmp/portage/www-client/firefox-97.0/work/firefox-97.0/security/sandbox/linux/reporter/SandboxReporter.cpp:222:18: error: 'SANDBOX_ARCH_NAME' was not declared in this scope Portage 3.0.30 (python 3.10.0-final-0, default/linux/ppc64le/17.0/desktop/plasma/systemd, gcc-11.2.0, glibc-2.33-r7, 5.10.93-gentoo-ppc64le ppc64le) ================================================================= System Settings ================================================================= System uname: Linux-5.10.93-gentoo-ppc64le-ppc64le-POWER9,_altivec_supported-with-glibc2.33 KiB Mem: 197560332 total, 100759660 free KiB Swap: 33554428 total, 33168460 free Timestamp of repository gentoo: Wed, 09 Feb 2022 15:15:01 +0000 Head commit of repository gentoo: 47ee95bcd93870d5a14c823dbb41fdab528aa0d5 sh bash 5.1_p16 ld GNU ld (Gentoo 2.37_p1 p0) 2.37 ccache version 4.5.1 [disabled] app-misc/pax-utils: 1.3.3::gentoo app-shells/bash: 5.1_p16::gentoo dev-lang/perl: 5.34.0-r6::gentoo dev-lang/python: 2.7.18_p13::gentoo, 3.9.9-r1::gentoo, 3.10.0_p1-r1::gentoo dev-lang/rust: 1.58.1::gentoo dev-util/ccache: 4.5.1::gentoo dev-util/cmake: 3.22.2::gentoo dev-util/meson: 0.60.3::gentoo sys-apps/baselayout: 2.7-r3::gentoo sys-apps/sandbox: 2.25::gentoo sys-apps/systemd: 249.9::gentoo sys-devel/autoconf: 2.13-r1::gentoo, 2.71-r1::gentoo sys-devel/automake: 1.16.4::gentoo sys-devel/binutils: 2.37_p1::gentoo sys-devel/binutils-config: 5.4::gentoo sys-devel/clang: 13.0.0::gentoo sys-devel/gcc: 11.2.0::gentoo sys-devel/gcc-config: 2.5-r1::gentoo sys-devel/libtool: 2.4.6-r6::gentoo sys-devel/llvm: 13.0.0::gentoo sys-devel/make: 4.3::gentoo sys-kernel/linux-headers: 5.15-r3::gentoo (virtual/os-headers) sys-libs/glibc: 2.33-r7::gentoo Repositories: gentoo location: /var/db/repos/gentoo sync-type: rsync sync-uri: rsync://rsync.europe.gentoo.org/gentoo-portage priority: -1000 sync-rsync-extra-opts: sync-rsync-verify-max-age: 24 sync-rsync-verify-metamanifest: yes sync-rsync-verify-jobs: 1 local location: /var/db/repos/localrepo masters: gentoo ACCEPT_KEYWORDS="ppc64" ACCEPT_LICENSE="@FREE" CBUILD="powerpc64le-unknown-linux-gnu" CFLAGS="-O2 -pipe -mcpu=power9 -mtune=power9" CHOST="powerpc64le-unknown-linux-gnu" CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-O2 -pipe -mcpu=power9 -mtune=power9" DISTDIR="/var/cache/distfiles" ENV_UNSET="CARGO_HOME DBUS_SESSION_BUS_ADDRESS DISPLAY GOBIN GOPATH PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR" FCFLAGS="-O2 -pipe -mcpu=power9 -mtune=power9" FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs buildpkg buildpkg-live config-protect-if-modified distlocks ebuild-locks fixlafiles ipc-sandbox merge-sync multilib-strict network-sandbox news parallel-fetch pid-sandbox preserve-libs protect-owned qa-unresolved-soname-deps sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" FFLAGS="-O2 -pipe -mcpu=power9 -mtune=power9" GENTOO_MIRRORS=" https://mirrors.dotsrc.org/gentoo/ https://linux.rz.ruhr-uni-bochum.de/download/gentoo-mirror/ " LANG="C.UTF8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" MAKEOPTS="-j24" PKGDIR="/var/cache/binpkgs" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git" PORTAGE_TMPDIR="/var/tmp" SHELL="/bin/bash" USE="X a52 aac acl activities alsa bash-completion branding brotli bzip2 cairo caps cdda cdr cli crypt cryptsetup cups dbus declarative dri dts dvd dvdr encode exif flac fortran gdbm gif gpm gtk gui iconv icu ipv6 jpeg kde kwallet lcms libglvnd libnotify lto lvm lz4 lzma lzo mad mng mp3 mp4 mpeg ncurses networkmanager nls nptl ogg opengl openmp pam pango pcre pdf pipewire plasma png policykit ppc64 ppds pulseaudio qml qt5 readline sdl seccomp semantic-desktop smartcard spell split-usr ssl startup-notification svg systemd tiff truetype udev udisks unicode upower usb vaapi verify-sig vorbis vulkan wayland widgets wxwidgets x264 xattr xcb xml xv xvid zlib zstd" ABI_PPC="64" ADA_TARGET="gnat_2020" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon sheets words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_PPC="altivec vsx vsx2 vsx3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="libinput" KERNEL="linux" L10N="en en-GB eo et" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LLVM_TARGETS="AMDGPU BPF PowerPC" LUA_SINGLE_TARGET="lua5-1" LUA_TARGETS="lua5-1" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php7-4 php8-0" POSTGRES_TARGETS="postgres12 postgres13" PYTHON_SINGLE_TARGET="python3_9" PYTHON_TARGETS="python3_9 python3_10" RUBY_TARGETS="ruby26 ruby27" USERLAND="GNU" VIDEO_CARDS="amdgpu radeon ast fbdev" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq proto steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: ADDR2LINE, AR, ARFLAGS, AS, ASFLAGS, CC, CCLD, CONFIG_SHELL, CPP, CPPFLAGS, CTARGET, CXX, CXXFILT, ELFEDIT, EMERGE_DEFAULT_OPTS, EXTRA_ECONF, F77FLAGS, FC, GCOV, GPROF, INSTALL_MASK, LC_ALL, LD, LEX, LFLAGS, LIBTOOL, LINGUAS, MAKE, MAKEFLAGS, NM, OBJCOPY, OBJDUMP, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, RANLIB, READELF, RUSTFLAGS, SIZE, STRINGS, STRIP, YACC, YFLAGS ================================================================= Package Settings ================================================================= www-client/firefox-96.0.3::gentoo was built with the following: USE="dbus gmp-autoupdate hardened lto openh264 pulseaudio system-harfbuzz system-icu system-jpeg system-libevent system-libvpx system-webp wayland (-clang) -debug (-eme-free) -geckodriver -hwaccel -jack -pgo -screencast (-selinux) -sndio (-system-av1) -system-png -wifi" L10N="en-GB eo et -ach -af -an -ar -ast -az -be -bg -bn -br -bs -ca -ca-valencia -cak -cs -cy -da -de -dsb -el -en-CA -es-AR -es-CL -es-ES -es-MX -eu -fa -ff -fi -fr -fy -ga -gd -gl -gn -gu -he -hi -hr -hsb -hu -hy -ia -id -is -it -ja -ka -kab -kk -km -kn -ko -lij -lt -lv -mk -mr -ms -my -nb -ne -nl -nn -oc -pa -pl -pt-BR -pt-PT -rm -ro -ru -sco -si -sk -sl -son -sq -sr -sv -szl -ta -te -th -tl -tr -trs -uk -ur -uz -vi -xh -zh-CN -zh-TW" CFLAGS="-pipe -mcpu=power9 -mtune=power9" CXXFLAGS="-pipe -mcpu=power9 -mtune=power9 -fno-tree-loop-vectorize" LDFLAGS="-Wl,-O1 -Wl,--as-needed -Wl,-z,relro -Wl,-z,now -Wl,--compress-debug-sections=zlib -Wl,-rpath=/usr/lib64/firefox,--enable-new-dtags"
Created attachment 764701 [details] build log (last 1000 lines so as not to exceed size limit)
Could you try editing the ebuild and switch --enable-sandbox to --disable-sandbox It's in line 707, https://gitweb.gentoo.org/repo/gentoo.git/tree/www-client/firefox/firefox-97.0.ebuild#n707 (don't forget the \ )
I confirm: Firefox 96 compiles fine on my system while 97 fails.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=87e4d048cf7c2c53963be2a7224791c8a28218a3 commit 87e4d048cf7c2c53963be2a7224791c8a28218a3 Author: Joonas Niilola <juippis@gentoo.org> AuthorDate: 2022-02-10 17:01:12 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2022-02-10 17:09:08 +0000 www-client/firefox: 97.0 fixes - also export the 2nd MACH_SYSTEM_ASSERTED_COMPATIBLE variable, - disable sandbox feature with ppc64, as it's currently only supported for amd64, arm, arm64 and x86, - include the skip-pip-check.patch in the full patch set. Bug: https://bugs.gentoo.org/832975 Bug: https://bugs.gentoo.org/828999 Closes: https://bugs.gentoo.org/833001 Signed-off-by: Joonas Niilola <juippis@gentoo.org> www-client/firefox/Manifest | 2 +- www-client/firefox/files/firefox-skip-pip-check.patch | 14 -------------- www-client/firefox/firefox-97.0.ebuild | 16 +++++++++++----- 3 files changed, 12 insertions(+), 20 deletions(-)
Did the sandbox work in 96? Disabling the sandbox sounds like exposing the use to security vulnerabilities.
This particular option wasn't enabled for any arch in 96. I just found about the configure option when bumping to 97. There's this code in Firefox-ESR: ---------- case "$OS_TARGET" in WINNT|Darwin|OpenBSD) ;; Linux) case $CPU_ARCH in x86_64|x86|arm|aarch64) ;; # Linux sandbox is only available on x86{,_64} and arm{,64}. *) MOZ_SANDBOX= ;; esac ;; *) # Only enable the sandbox by default on Linux, OpenBSD, macOS, and Windows MOZ_SANDBOX= ;; esac if test -n "$MOZ_SANDBOX"; then cat >> confdefs.pytmp <<\EOF (''' MOZ_SANDBOX ''', ' 1 ') EOF cat >> confdefs.h <<\EOF #define MOZ_SANDBOX 1 EOF fi ---------- Which seems to enable it by default for amd64, arm, arm64 and x86. You can go to your about:support, ctrl+f the big "Sandbox" section and see what is enabled there and what is not. I'd also be curious to compare between 96.0.3 and 97.0 what you see there (if anything). Previously there were some individual sandboxing options, like --enable-content-sandbox, but I can't find those from the source anymore.
I don't even have a Sandbox section in about:support in 96!
Yep, as said, previously it was automatically enabled for the supported arches, and disabled for the unsupported ones. I logged an upstream issue to ask about ppc64 (+ other arches) support, follow it here: https://bugzilla.mozilla.org/show_bug.cgi?id=1754959
