* bug#40316: [PATCH v3 1/5] gnu: nss: Fix cross-compilation.
[not found] <cover.1714653076.git.cdo@mutix.org>
@ 2024-05-02 12:33 ` Christina O'Donnell
2024-05-02 12:33 ` bug#40316: [PATCH v3 2/5] gnu: nspr: " Christina O'Donnell
` (3 subsequent siblings)
4 siblings, 0 replies; 5+ messages in thread
From: Christina O'Donnell @ 2024-05-02 12:33 UTC (permalink / raw)
To: 40316; +Cc: zhengjunjie, vagrant, steve
From: Zheng Junjie <zhengjunjie@iscas.ac.cn>
* gnu/packages/nss.scm (nss)[arguments]<#:make-flags>: When
cross-compilation, Add CROSS_COMPILE=1.
<#:phases>: When cross-compilation, Set env NATIVE_CC to gcc.
Change-Id: I5c9559a4b8cecf2cfc6c47d136d69c01a335faaf
Signed-off-by: Zheng Junjie <zhengjunjie@iscas.ac.cn>
---
gnu/packages/nss.scm | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm
index 7e9ed49ead..459e53bc1c 100644
--- a/gnu/packages/nss.scm
+++ b/gnu/packages/nss.scm
@@ -154,6 +154,9 @@ (define-public nss
(#$(target-linux?) "linux")
(else ""))))
#~())
+ #$@(if (%current-target-system)
+ #~("CROSS_COMPILE=1")
+ #~())
(string-append "NSPR_INCLUDE_DIR="
(search-input-directory %build-inputs
"include/nspr"))
@@ -175,6 +178,10 @@ (define-public nss
(lambda _
(setenv "CC" #$(cc-for-target))
(setenv "CCC" #$(cxx-for-target))
+ ;; TODO: Set this unconditionally
+ #$@(if (%current-target-system)
+ #~((setenv "NATIVE_CC" "gcc"))
+ #~())
;; No VSX on powerpc-linux.
#$@(if (target-ppc32?)
#~((setenv "NSS_DISABLE_CRYPTO_VSX" "1"))
--
2.41.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* bug#40316: [PATCH v3 2/5] gnu: nspr: Fix cross-compilation.
[not found] <cover.1714653076.git.cdo@mutix.org>
2024-05-02 12:33 ` bug#40316: [PATCH v3 1/5] gnu: nss: Fix cross-compilation Christina O'Donnell
@ 2024-05-02 12:33 ` Christina O'Donnell
2024-05-02 12:33 ` bug#40316: [PATCH v3 3/5] gnu: nss: Update to 3.99 Christina O'Donnell
` (2 subsequent siblings)
4 siblings, 0 replies; 5+ messages in thread
From: Christina O'Donnell @ 2024-05-02 12:33 UTC (permalink / raw)
To: 40316; +Cc: zhengjunjie, vagrant, steve
From: Zheng Junjie <zhengjunjie@iscas.ac.cn>
* gnu/packages/nss.scm (nspr)[arguments]<#:configure-flags>: When
cross-compilation, Add HOST_CC=gcc.
Change-Id: I337f217f153f8cc3a713906643d6fab9115056e9
Signed-off-by: Zheng Junjie <zhengjunjie@iscas.ac.cn>
---
gnu/packages/nss.scm | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm
index 459e53bc1c..0baafe2f37 100644
--- a/gnu/packages/nss.scm
+++ b/gnu/packages/nss.scm
@@ -71,7 +71,10 @@ (define-public nspr
#~(list "--disable-static"
"--enable-64bit"
(string-append "LDFLAGS=-Wl,-rpath="
- (assoc-ref %outputs "out") "/lib"))
+ (assoc-ref %outputs "out") "/lib")
+ #$@(if (%current-target-system)
+ #~("HOST_CC=gcc")
+ #~()))
;; Use fixed timestamps for reproducibility.
#:make-flags #~'("SH_DATE='1970-01-01 00:00:01'"
;; This is epoch 1 in microseconds.
--
2.41.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* bug#40316: [PATCH v3 3/5] gnu: nss: Update to 3.99.
[not found] <cover.1714653076.git.cdo@mutix.org>
2024-05-02 12:33 ` bug#40316: [PATCH v3 1/5] gnu: nss: Fix cross-compilation Christina O'Donnell
2024-05-02 12:33 ` bug#40316: [PATCH v3 2/5] gnu: nspr: " Christina O'Donnell
@ 2024-05-02 12:33 ` Christina O'Donnell
2024-05-02 12:33 ` bug#40316: [PATCH v3 4/5] gnu: nss-certs: " Christina O'Donnell
2024-05-02 12:33 ` bug#40316: [PATCH v3 5/5] gnu: nss: Make reproducible Christina O'Donnell
4 siblings, 0 replies; 5+ messages in thread
From: Christina O'Donnell @ 2024-05-02 12:33 UTC (permalink / raw)
To: 40316; +Cc: Christina O'Donnell, zhengjunjie, vagrant, steve
gnu/packages/nss.scm (nss): Update to 3.99.
Change-Id: Iba6c9dc2956cc0febb62a1c471add899250fa489
---
gnu/packages/nss.scm | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm
index 0baafe2f37..6795e59d28 100644
--- a/gnu/packages/nss.scm
+++ b/gnu/packages/nss.scm
@@ -109,7 +109,7 @@ (define-public nss
;; IMPORTANT: Also update and test the nss-certs package, which duplicates
;; version and source to avoid a top-level variable reference & module
;; cycle.
- (version "3.88.1")
+ (version "3.99")
(source (origin
(method url-fetch)
(uri (let ((version-with-underscores
@@ -120,7 +120,7 @@ (define-public nss
"nss-" version ".tar.gz")))
(sha256
(base32
- "15il9fsmixa1r4446zq1wl627sg0hz9h67w6kjxz273xz3nl7li7"))
+ "1g89ig40gfi1sp02gybvl2z818lawcnrqjzsws36cdva834c5maw"))
;; Create nss.pc and nss-config.
(patches (search-patches "nss-3.56-pkgconfig.patch"
"nss-getcwd-nonnull.patch"
@@ -207,7 +207,7 @@ (define-public nss
;; leading to test failures:
;; <https://bugzilla.mozilla.org/show_bug.cgi?id=609734>. To
;; work around that, set the time to roughly the release date.
- (invoke "faketime" "2022-11-01" "./nss/tests/all.sh"))
+ (invoke "faketime" "2024-02-01" "./nss/tests/all.sh"))
(format #t "test suite not run~%"))))
(replace 'install
(lambda* (#:key outputs #:allow-other-keys)
--
2.41.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* bug#40316: [PATCH v3 4/5] gnu: nss-certs: Update to 3.99.
[not found] <cover.1714653076.git.cdo@mutix.org>
` (2 preceding siblings ...)
2024-05-02 12:33 ` bug#40316: [PATCH v3 3/5] gnu: nss: Update to 3.99 Christina O'Donnell
@ 2024-05-02 12:33 ` Christina O'Donnell
2024-05-02 12:33 ` bug#40316: [PATCH v3 5/5] gnu: nss: Make reproducible Christina O'Donnell
4 siblings, 0 replies; 5+ messages in thread
From: Christina O'Donnell @ 2024-05-02 12:33 UTC (permalink / raw)
To: 40316; +Cc: Christina O'Donnell, zhengjunjie, vagrant, steve
gnu/packages/certs.scm (nss-certs-3.88.1): New variable.
(nss-certs-3.98): Update and rename to nss-certs-3.99.
(nss-certs): Update to 3.99.
Change-Id: I2f5f737d44d08497d4f5e0e07557be36d2f1f070
---
gnu/packages/certs.scm | 24 +++++++++++++++++++-----
1 file changed, 19 insertions(+), 5 deletions(-)
diff --git a/gnu/packages/certs.scm b/gnu/packages/certs.scm
index 7078c7c8d1..7aa96493fb 100644
--- a/gnu/packages/certs.scm
+++ b/gnu/packages/certs.scm
@@ -125,7 +125,7 @@ (define-public certdata2pem
that was originally contributed to Debian.")
(license license:isc))))
-(define-public nss-certs
+(define-public nss-certs-3.88.1
(package
(name "nss-certs")
;; XXX We used to refer to the nss package here, but that eventually caused
@@ -188,10 +188,10 @@ (define-public nss-certs
(home-page "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS")
(license license:mpl2.0)))
-(define-public nss-certs-3.98
+(define-public nss-certs-3.99
(package
- (inherit nss-certs)
- (version "3.98")
+ (inherit nss-certs-3.88.1)
+ (version "3.99")
(source (origin
(method url-fetch)
(uri (let ((version-with-underscores
@@ -202,7 +202,21 @@ (define-public nss-certs-3.98
"nss-" version ".tar.gz")))
(sha256
(base32
- "1kh98amfklrq6915n4mlbrcqghc3srm7rkzs9dkh21jwscrwqjgm"))))))
+ "15il9fsmixa1r4446zq1wl627sg0hz9h67w6kjxz273xz3nl7li7"))
+ ;; Create nss.pc and nss-config.
+ (patches (search-patches "nss-3.56-pkgconfig.patch"
+ "nss-getcwd-nonnull.patch"
+ "nss-increase-test-timeout.patch"
+ "nss-Disable-library-signing.patch"))
+ (modules '((guix build utils)))
+ (snippet
+ '(begin
+ ;; Delete the bundled copy of these libraries.
+ (delete-file-recursively "nss/lib/zlib")
+ (delete-file-recursively "nss/lib/sqlite")))))))
+
+(define-public nss-certs
+ nss-certs-3.99)
(define-public le-certs
(package
--
2.41.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* bug#40316: [PATCH v3 5/5] gnu: nss: Make reproducible.
[not found] <cover.1714653076.git.cdo@mutix.org>
` (3 preceding siblings ...)
2024-05-02 12:33 ` bug#40316: [PATCH v3 4/5] gnu: nss-certs: " Christina O'Donnell
@ 2024-05-02 12:33 ` Christina O'Donnell
4 siblings, 0 replies; 5+ messages in thread
From: Christina O'Donnell @ 2024-05-02 12:33 UTC (permalink / raw)
To: 40316; +Cc: Christina O'Donnell, zhengjunjie, vagrant, steve
gnu/packages/nss.scm (nss): Define NSS_FIPS_DISABLED to disable FIPS. This is
required because FIPS relies on libraries signed with shlibsign, which is inherently
non-determinstic. This removes all non-determinism from this package.
Change-Id: Ic111c9f290719e82b3ff69589f585384f2e74baa
Change-Id: Id5a59840fa22c013982ab53826f7e66b40bb5227
Change-Id: I2b294530b017285d0949a1082abaaf3a8fe1f6b5
Change-Id: I5a52ef3db687a2fe538dfffd744a0fc8515b2cb1
---
gnu/packages/nss.scm | 6 +++-
.../nss-define-NSS_FIPS_DISABLED.patch | 29 ++++++++++++++++
.../patches/nss-disable-shlibsign.patch | 33 +++++++++++++++++++
3 files changed, 67 insertions(+), 1 deletion(-)
create mode 100644 gnu/packages/patches/nss-define-NSS_FIPS_DISABLED.patch
create mode 100644 gnu/packages/patches/nss-disable-shlibsign.patch
diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm
index 6795e59d28..404baaf550 100644
--- a/gnu/packages/nss.scm
+++ b/gnu/packages/nss.scm
@@ -124,7 +124,9 @@ (define-public nss
;; Create nss.pc and nss-config.
(patches (search-patches "nss-3.56-pkgconfig.patch"
"nss-getcwd-nonnull.patch"
- "nss-increase-test-timeout.patch"))
+ "nss-increase-test-timeout.patch"
+ "nss-disable-shlibsign.patch"
+ "nss-define-NSS_FIPS_DISABLED.patch"))
(modules '((guix build utils)))
(snippet
'(begin
@@ -202,6 +204,8 @@ (define-public nss
(setenv "DOMSUF" "localdomain")
(setenv "USE_IP" "TRUE")
(setenv "IP_ADDRESS" "127.0.0.1")
+ (setenv "NSS_CYCLES" "standard")
+ (setenv "NSS_TESTS" "cipher lowhash libpkix cert dbtests tools sdr crmf smime ssl ocsp merge pkits ec gtests ssl_gtests policy")
;; The "PayPalEE.cert" certificate expires every six months,
;; leading to test failures:
diff --git a/gnu/packages/patches/nss-define-NSS_FIPS_DISABLED.patch b/gnu/packages/patches/nss-define-NSS_FIPS_DISABLED.patch
new file mode 100644
index 0000000000..40ac66e365
--- /dev/null
+++ b/gnu/packages/patches/nss-define-NSS_FIPS_DISABLED.patch
@@ -0,0 +1,29 @@
+From e89a33daac982107421117ad95ae8443ef316079 Mon Sep 17 00:00:00 2001
+Message-ID: <e89a33daac982107421117ad95ae8443ef316079.1714649801.git.cdo@mutix.org>
+From: Christina O'Donnell <cdo@mutix.org>
+Date: Thu, 2 May 2024 12:34:40 +0100
+Subject: [PATCH] Define NSS_FIPS_DISABLED.
+
+Disable FIPS as it depends on shlibsign which is non-deterministic.
+---
+ nss/coreconf/config.mk | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/nss/coreconf/config.mk b/nss/coreconf/config.mk
+index 741bbee..e02e5d2 100644
+--- a/nss/coreconf/config.mk
++++ b/nss/coreconf/config.mk
+@@ -215,7 +215,7 @@ endif
+ # NSS_NO_INIT_SUPPORT is always defined on platforms that don't support
+ # executing the startup tests at library load time.
+ ifndef NSS_FORCE_FIPS
+-DEFINES += -DNSS_NO_INIT_SUPPORT
++DEFINES += -DNSS_NO_INIT_SUPPORT -DNSS_FIPS_DISABLED
+ endif
+
+ ifdef NSS_SEED_ONLY_DEV_URANDOM
+
+base-commit: 490a62da7d23b579fab71a84e2107f414187738d
+--
+2.41.0
+
diff --git a/gnu/packages/patches/nss-disable-shlibsign.patch b/gnu/packages/patches/nss-disable-shlibsign.patch
new file mode 100644
index 0000000000..591af76449
--- /dev/null
+++ b/gnu/packages/patches/nss-disable-shlibsign.patch
@@ -0,0 +1,33 @@
+From 85b7cf166687cbfaf3e3764ed1ea9bb3b9404ef0 Mon Sep 17 00:00:00 2001
+Message-ID: <85b7cf166687cbfaf3e3764ed1ea9bb3b9404ef0.1714589168.git.cdo@mutix.org>
+From: Christina O'Donnell <cdo@mutix.org>
+Date: Wed, 1 May 2024 19:44:09 +0100
+Subject: [PATCH] nss: Disable shlibsign.
+
+This is required as it generates a new key each time it is run through a
+non-deterministic process.
+---
+ nss/cmd/shlibsign/sign.sh | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/nss/cmd/shlibsign/sign.sh b/nss/cmd/shlibsign/sign.sh
+index 5551c5f..baf1dea 100644
+--- a/nss/cmd/shlibsign/sign.sh
++++ b/nss/cmd/shlibsign/sign.sh
+@@ -45,7 +45,9 @@ WIN*)
+ export LIBRARY_PATH
+ ADDON_PATH=${1}/lib:${4}:$ADDON_PATH
+ export ADDON_PATH
+- echo "${2}"/shlibsign -v -i "${5}"
+- "${2}"/shlibsign -v -i "${5}"
++ # Disable lib signing as it generates its keys through a non-deterministic
++ # process.
++ # echo "${2}"/shlibsign -v -i "${5}"
++ # "${2}"/shlibsign -v -i "${5}"
+ ;;
+ esac
+
+base-commit: c9d74497ed5a5b0a0d3f7d609b1c15a3b810ee5b
+--
+2.41.0
+
--
2.41.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
end of thread, other threads:[~2024-05-02 12:36 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <cover.1714653076.git.cdo@mutix.org>
2024-05-02 12:33 ` bug#40316: [PATCH v3 1/5] gnu: nss: Fix cross-compilation Christina O'Donnell
2024-05-02 12:33 ` bug#40316: [PATCH v3 2/5] gnu: nspr: " Christina O'Donnell
2024-05-02 12:33 ` bug#40316: [PATCH v3 3/5] gnu: nss: Update to 3.99 Christina O'Donnell
2024-05-02 12:33 ` bug#40316: [PATCH v3 4/5] gnu: nss-certs: " Christina O'Donnell
2024-05-02 12:33 ` bug#40316: [PATCH v3 5/5] gnu: nss: Make reproducible Christina O'Donnell
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).