From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
To: 56137@debbugs.gnu.org
Cc: sjors@sprovoost.nl, ludo@gnu.org, maximedevos@telenet.be,
Maxim Cournoyer <maxim.cournoyer@gmail.com>,
zimon.toutoune@gmail.com
Subject: bug#56137: [PATCH 2/2] gnu: openssl-1.1: Run the test suite through datefudge.
Date: Sun, 26 Feb 2023 00:29:05 -0500 [thread overview]
Message-ID: <20230226052906.784-2-maxim.cournoyer@gmail.com> (raw)
In-Reply-To: <20230226052906.784-1-maxim.cournoyer@gmail.com>
Fixes <https://issues.guix.gnu.org/56137>.
* gnu/packages/tls.scm (openssl-1.1): Bind a RELEASE-DATE variable.
[arguments]: Invoke the test suite through datefudge, to avoid certificates
from expiring as time passes.
[native-inputs]: Add datefudge.
---
gnu/packages/tls.scm | 266 +++++++++++++++++++++++--------------------
1 file changed, 144 insertions(+), 122 deletions(-)
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 524b801443..c20548e89a 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -492,130 +492,152 @@ (define (target->openssl-target target)
(string-append kernel "-" arch))))
(define-public openssl-1.1
- (package
- (name "openssl")
- (version "1.1.1l")
- (replacement openssl/fixed)
- (source (origin
- (method url-fetch)
- (uri (list (string-append "https://www.openssl.org/source/openssl-"
- version ".tar.gz")
- (string-append "ftp://ftp.openssl.org/source/"
- "openssl-" version ".tar.gz")
- (string-append "ftp://ftp.openssl.org/source/old/"
- (string-trim-right version char-set:letter)
- "/openssl-" version ".tar.gz")))
- (patches (search-patches "openssl-1.1-c-rehash-in.patch"))
- (sha256
- (base32
- "1lbblxps2fhmz7bqh058iywh5wxfignbfx1s1kz2fj63b5g3wyhb"))))
- (build-system gnu-build-system)
- (outputs '("out"
- "doc" ;6.8 MiB of man3 pages and full HTML documentation
- "static")) ;6.4 MiB of .a files
- (native-inputs (list perl))
- (arguments
- (list
- #:parallel-tests? #f
- #:test-target "test"
-
- ;; Changes to OpenSSL sometimes cause Perl to "sneak in" to the closure,
- ;; so we explicitly disallow it here.
- #:disallowed-references (list (canonical-package perl))
- #:phases
- #~(modify-phases %standard-phases
- #$@(if (%current-target-system)
- #~((add-before 'configure 'set-cross-compile
- (lambda* (#:key target #:allow-other-keys)
- (setenv "CROSS_COMPILE" (string-append target "-"))
- (setenv "CONFIGURE_TARGET_ARCH"
- #$(target->openssl-target
- (%current-target-system))))))
- #~())
- ;; This test seems to be dependant on kernel features.
- ;; https://github.com/openssl/openssl/issues/12242
- #$@(if (or (target-arm?)
- (target-riscv64?))
- #~((replace 'check
- (lambda* (#:key tests? test-target #:allow-other-keys)
- (when tests?
- (invoke "make" "TESTS=-test_afalg" test-target)))))
- #~())
- (replace 'configure
- (lambda* (#:key configure-flags #:allow-other-keys)
- (let* ((out #$output)
- (lib (string-append out "/lib")))
- ;; It's not a shebang so patch-source-shebangs misses it.
- (substitute* "config"
- (("/usr/bin/env")
- (string-append (assoc-ref %build-inputs "coreutils")
- "/bin/env")))
- (apply
- invoke #$@(if (%current-target-system)
- #~("./Configure")
- #~("./config"))
- "shared" ;build shared libraries
- "--libdir=lib"
+ ;; Note to maintainers: when updating this package, make sure to update the
+ ;; RELEASE-DATE variable below. It is used by datefudge to avoid time bombs
+ ;; in the test suite.
+ (let ((release-date "2021-12-14 00:00"))
+ (package
+ (name "openssl")
+ (version "1.1.1l")
+ (replacement openssl/fixed)
+ (source (origin
+ (method url-fetch)
+ (uri (list (string-append "https://www.openssl.org/source/openssl-"
+ version ".tar.gz")
+ (string-append "ftp://ftp.openssl.org/source/"
+ "openssl-" version ".tar.gz")
+ (string-append "ftp://ftp.openssl.org/source/old/"
+ (string-trim-right version char-set:letter)
+ "/openssl-" version ".tar.gz")))
+ (patches (search-patches "openssl-1.1-c-rehash-in.patch"))
+ (sha256
+ (base32
+ "1lbblxps2fhmz7bqh058iywh5wxfignbfx1s1kz2fj63b5g3wyhb"))))
+ (build-system gnu-build-system)
+ (outputs '("out"
+ "doc" ;6.8 MiB of man3 pages and full HTML documentation
+ "static")) ;6.4 MiB of .a files
+ (native-inputs (list datefudge perl))
+ (arguments
+ (list
+ #:modules '((guix build gnu-build-system)
+ (guix build utils)
+ (srfi srfi-34))
+ #:parallel-tests? #f
+ #:test-target "test"
+ #:make-flags
+ #~(list #$@(if (or (target-arm?)
+ (target-riscv64?))
+ ;; This test seems to be dependant on kernel features.
+ ;; https://github.com/openssl/openssl/issues/12242
+ #~("TESTS=-test_afalg")
+ #~()))
+ ;; Changes to OpenSSL sometimes cause Perl to "sneak in" to the closure,
+ ;; so we explicitly disallow it here.
+ #:disallowed-references (list (canonical-package perl))
+ #:phases
+ #~(modify-phases %standard-phases
+ #$@(if (%current-target-system)
+ #~((add-before 'configure 'set-cross-compile
+ (lambda* (#:key target #:allow-other-keys)
+ (setenv "CROSS_COMPILE" (string-append target "-"))
+ (setenv "CONFIGURE_TARGET_ARCH"
+ #$(target->openssl-target
+ (%current-target-system))))))
+ #~())
+ (replace 'check
+ (lambda* (#:key target make-flags tests? test-target
+ parallel-tests? test-suite-log-regexp
+ #:allow-other-keys)
+ (if tests?
+ (guard (c ((invoke-error? c)
+ ;; Dump the test suite log to facilitate debugging.
+ (display "\nTest suite failed, dumping logs.\n"
+ (current-error-port))
+ (dump-file-contents "." test-suite-log-regexp)
+ (raise c)))
+ (apply invoke "datefudge" #$release-date
+ "make" test-target
+ `(,@(if parallel-tests?
+ `("-j" ,(number->string (parallel-job-count)))
+ '())
+ ,@make-flags)))
+ (format #t "test suite not run~%"))))
+ (replace 'configure
+ (lambda* (#:key configure-flags #:allow-other-keys)
+ (let* ((out #$output)
+ (lib (string-append out "/lib")))
+ ;; It's not a shebang so patch-source-shebangs misses it.
+ (substitute* "config"
+ (("/usr/bin/env")
+ (string-append (assoc-ref %build-inputs "coreutils")
+ "/bin/env")))
+ (apply
+ invoke #$@(if (%current-target-system)
+ #~("./Configure")
+ #~("./config"))
+ "shared" ;build shared libraries
+ "--libdir=lib"
- ;; The default for this catch-all directory is
- ;; PREFIX/ssl. Change that to something more
- ;; conventional.
- (string-append "--openssldir=" out
- "/share/openssl-"
- #$(package-version this-package))
+ ;; The default for this catch-all directory is
+ ;; PREFIX/ssl. Change that to something more
+ ;; conventional.
+ (string-append "--openssldir=" out
+ "/share/openssl-"
+ #$(package-version this-package))
- (string-append "--prefix=" out)
- (string-append "-Wl,-rpath," lib)
- #$@(if (%current-target-system)
- #~((getenv "CONFIGURE_TARGET_ARCH"))
- #~())
- configure-flags)
- ;; Output the configure variables.
- (invoke "perl" "configdata.pm" "--dump"))))
- (add-after 'install 'move-static-libraries
- (lambda _
- ;; Move static libraries to the "static" output.
- (let* ((out #$output)
- (lib (string-append out "/lib"))
- (static #$output:static)
- (slib (string-append static "/lib")))
- (for-each (lambda (file)
- (install-file file slib)
- (delete-file file))
- (find-files
- lib
- #$(if (target-mingw?)
- '(lambda (filename _)
- (and (string-suffix? ".a" filename)
- (not (string-suffix? ".dll.a" filename))))
- "\\.a$"))))))
- (add-after 'install 'move-extra-documentation
- (lambda _
- ;; Move man pages and full HTML documentation to "doc".
- (let* ((out #$output)
- (man (string-append out "/share/man"))
- (html (string-append out "/share/doc/openssl"))
- (doc #$output:doc)
- (man-target (string-append doc "/share/man"))
- (html-target (string-append doc "/share/doc/openssl")))
- (mkdir-p (dirname man-target))
- (mkdir-p (dirname html-target))
- (rename-file man man-target)
- (rename-file html html-target))))
- (add-after
- 'install 'remove-miscellany
- (lambda _
- ;; The 'misc' directory contains random undocumented shell and Perl
- ;; scripts. Remove them to avoid retaining a reference on Perl.
- (delete-file-recursively (string-append #$output "/share/openssl-"
- #$(package-version this-package)
- "/misc")))))))
- (native-search-paths
- (list $SSL_CERT_DIR $SSL_CERT_FILE))
- (synopsis "SSL/TLS implementation")
- (description "OpenSSL is an implementation of SSL/TLS.")
- (license license:openssl)
- (home-page "https://www.openssl.org/")))
+ (string-append "--prefix=" out)
+ (string-append "-Wl,-rpath," lib)
+ #$@(if (%current-target-system)
+ #~((getenv "CONFIGURE_TARGET_ARCH"))
+ #~())
+ configure-flags)
+ ;; Output the configure variables.
+ (invoke "perl" "configdata.pm" "--dump"))))
+ (add-after 'install 'move-static-libraries
+ (lambda _
+ ;; Move static libraries to the "static" output.
+ (let* ((out #$output)
+ (lib (string-append out "/lib"))
+ (static #$output:static)
+ (slib (string-append static "/lib")))
+ (for-each (lambda (file)
+ (install-file file slib)
+ (delete-file file))
+ (find-files
+ lib
+ #$(if (target-mingw?)
+ '(lambda (filename _)
+ (and (string-suffix? ".a" filename)
+ (not (string-suffix? ".dll.a" filename))))
+ "\\.a$"))))))
+ (add-after 'install 'move-extra-documentation
+ (lambda _
+ ;; Move man pages and full HTML documentation to "doc".
+ (let* ((out #$output)
+ (man (string-append out "/share/man"))
+ (html (string-append out "/share/doc/openssl"))
+ (doc #$output:doc)
+ (man-target (string-append doc "/share/man"))
+ (html-target (string-append doc "/share/doc/openssl")))
+ (mkdir-p (dirname man-target))
+ (mkdir-p (dirname html-target))
+ (rename-file man man-target)
+ (rename-file html html-target))))
+ (add-after
+ 'install 'remove-miscellany
+ (lambda _
+ ;; The 'misc' directory contains random undocumented shell and Perl
+ ;; scripts. Remove them to avoid retaining a reference on Perl.
+ (delete-file-recursively (string-append #$output "/share/openssl-"
+ #$(package-version this-package)
+ "/misc")))))))
+ (native-search-paths
+ (list $SSL_CERT_DIR $SSL_CERT_FILE))
+ (synopsis "SSL/TLS implementation")
+ (description "OpenSSL is an implementation of SSL/TLS.")
+ (license license:openssl)
+ (home-page "https://www.openssl.org/"))))
(define openssl/fixed
(package
--
2.39.1
next prev parent reply other threads:[~2023-02-26 5:30 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-22 9:58 bug#56137: OpenSSL 3.0.3/1.1.1n includes a time-dependent test Ludovic Courtès
2022-06-22 10:39 ` Ludovic Courtès
2022-06-22 10:49 ` Maxime Devos
2022-06-24 14:47 ` Ludovic Courtès
2022-06-24 15:00 ` Maxime Devos
2023-02-26 5:29 ` bug#56137: [PATCH 1/2] gnu: openssl-1.1: Do not quasiquote arguments Maxim Cournoyer
2023-02-26 5:29 ` Maxim Cournoyer [this message]
2023-02-26 6:03 ` bug#56137: [PATCH 2/2] gnu: openssl-1.1: Run the test suite through datefudge Maxim Cournoyer
2023-02-27 4:03 ` bug#56137: bug#58650: OpenSSL 1.1.1n test failures due to expired certificates (time bomb) Maxim Cournoyer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230226052906.784-2-maxim.cournoyer@gmail.com \
--to=maxim.cournoyer@gmail.com \
--cc=56137@debbugs.gnu.org \
--cc=ludo@gnu.org \
--cc=maximedevos@telenet.be \
--cc=sjors@sprovoost.nl \
--cc=zimon.toutoune@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).