It takes more than two _days_ to build chromium across all architectures. 

As you can see here:

https://bodhi.fedoraproject.org/updates/?search=chromium

78.0.3904.70 is in testing for all active branches

78.0.3904.87 is about to go to testing for all active branches, I was just waiting for the EPEL-8 build to finish.

(In reply to Tom "spot" Callaway from comment #1)
> It takes more than two _days_ to build chromium across all architectures. 
> 
> As you can see here:
> 
> https://bodhi.fedoraproject.org/updates/?search=chromium
> 
> 78.0.3904.70 is in testing for all active branches
> 
> 78.0.3904.87 is about to go to testing for all active branches, I was just
> waiting for the EPEL-8 build to finish.

Would it be possible to push out packages as soon as they are built, and build x86_64 (presumably the most used) first?   If I recall correctly, one of the security vulnerabilities patched in the latest release is being exploited in the wild, so speed is critical.

(In reply to Demi Marie Obenour from comment #2)

> Would it be possible to push out packages as soon as they are built, and
> build x86_64 (presumably the most used) first?   If I recall correctly, one
> of the security vulnerabilities patched in the latest release is being
> exploited in the wild, so speed is critical.

Unfortunately, it is not currently possible to do this. 

Users could manually look at an ongoing chromium build in koji and see that x86_64 has finished and download/install those binary packages by hand, but I cannot push it as an update until all supported architectures have finished. 

(This is also why I have resisted efforts to enable armv7hl support, because I believe that will almost double the time necessary for chromium builds to finish).

(In reply to Tom "spot" Callaway from comment #3)
> (In reply to Demi Marie Obenour from comment #2)
> 
> > Would it be possible to push out packages as soon as they are built, and
> > build x86_64 (presumably the most used) first?   If I recall correctly, one
> > of the security vulnerabilities patched in the latest release is being
> > exploited in the wild, so speed is critical.
> 
> Unfortunately, it is not currently possible to do this. 
> 
> Users could manually look at an ongoing chromium build in koji and see that
> x86_64 has finished and download/install those binary packages by hand, but
> I cannot push it as an update until all supported architectures have
> finished. 

Why is this?

> (This is also why I have resisted efforts to enable armv7hl support, because
> I believe that will almost double the time necessary for chromium builds to
> finish).

What about running all builds for all architectures in parallel?  That would require more build machines, but I don’t think we have a choice if we want to keep users safe.  Perhaps we could support cancelling (and later restarting) low-priority builds if high-priority ones (such as security patches) come along.

(In reply to Demi Marie Obenour from comment #4)
> (In reply to Tom "spot" Callaway from comment #3)

> > Unfortunately, it is not currently possible to do this. 
> > 
> > Users could manually look at an ongoing chromium build in koji and see that
> > x86_64 has finished and download/install those binary packages by hand, but
> > I cannot push it as an update until all supported architectures have
> > finished. 
> 
> Why is this?

The simple answer is that koji (our buildserver software) does not "tag" a build as complete until it finishes with success on all "primary" architectures that haven't been ExcludeArch'd inside the source rpm for that build. For chromium, that means it needs to build successfully on x86_64, i686, and aarch64 (this is the slow one). 
 
> > (This is also why I have resisted efforts to enable armv7hl support, because
> > I believe that will almost double the time necessary for chromium builds to
> > finish).
> 
> What about running all builds for all architectures in parallel?  That would
> require more build machines, but I don’t think we have a choice if we want
> to keep users safe.  Perhaps we could support cancelling (and later
> restarting) low-priority builds if high-priority ones (such as security
> patches) come along.

They are actually run in parallel. aarch64 is that slow (and chromium is that massive).

(In reply to Tom "spot" Callaway from comment #5)
> The simple answer is that koji (our buildserver software) does not "tag" a
> build as complete until it finishes with success on all "primary"
> architectures that haven't been ExcludeArch'd inside the source rpm for that
> build. For chromium, that means it needs to build successfully on x86_64,
> i686, and aarch64 (this is the slow one). 
>  
> > > (This is also why I have resisted efforts to enable armv7hl support, because
> > > I believe that will almost double the time necessary for chromium builds to
> > > finish).
> > 
> > What about running all builds for all architectures in parallel?  That would
> > require more build machines, but I don’t think we have a choice if we want
> > to keep users safe.  Perhaps we could support cancelling (and later
> > restarting) low-priority builds if high-priority ones (such as security
> > patches) come along.
> 
> They are actually run in parallel. aarch64 is that slow (and chromium is
> that massive).

The only solutions I can think of are:

* Drop aarch64 support.  This means either leaving users with an insecure system (which is not acceptable), or pushing an update that uninstalls Chromium (probably not acceptable either).
* Make an exception to Fedora policy to allow Chromium to be cross-compiled.  Chromium should support this.

We will not be dropping aarch64 support at this point. Nor will I support cross-compiling chromium. While that might save some time (a few hours perhaps), it introduces a whole new world of odd compiler related bugs.

It might be possible to see if we could request that the builder instances spawned for chromium (specifically for aarch64) are somehow provisioned heavier (more RAM, more CPU).

FEDORA-2019-8f27a14efa has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-8f27a14efa

FEDORA-2019-1a10c04281 has been submitted as an update to Fedora 31. https://bodhi.fedoraproject.org/updates/FEDORA-2019-1a10c04281

chromium-79.0.3945.79-1.fc31 has been pushed to the Fedora 31 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-1a10c04281

chromium-79.0.3945.79-1.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-8f27a14efa

chromium-79.0.3945.79-1.fc31 has been pushed to the Fedora 31 stable repository. If problems still persist, please make note of it in this bug report.

FEDORA-2019-2307619ddd has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-2307619ddd

chromium-79.0.3945.88-1.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-2307619ddd

chromium-79.0.3945.117-1.fc30 has been pushed to the Fedora 30 stable repository. If problems still persist, please make note of it in this bug report.