unofficial mirror of bug-guix@gnu.org 
 help / color / mirror / code / Atom feed
* bug#40316: core-updates nss not reproducible
@ 2020-03-29 11:16 Danny Milosavljevic
  2020-03-30  6:09 ` Gábor Boskovits
                   ` (6 more replies)
  0 siblings, 7 replies; 26+ messages in thread
From: Danny Milosavljevic @ 2020-03-29 11:16 UTC (permalink / raw)
  To: 40316

[-- Attachment #1: Type: text/plain, Size: 10181 bytes --]

Hi,

core-updates' nss is not reproducible (commit
aebcbb27bc2f192cc06163251bab66a4ceb7b7d6).

diffoscope says:

--- /gnu/store/gfpgqvwrixhf3sf1bnzsfxzvld0nd8b7-nss-3.50
+++ /gnu/store/gfpgqvwrixhf3sf1bnzsfxzvld0nd8b7-nss-3.50-check
├── lib
│ ├── nss
│ │ ├── libfreebl3.chk
│ │ │┄ xxd not available in path. Falling back to Python hexlify.
│ │ │ @@ -11,19 +11,19 @@
│ │ │  5c80e3430a9e943586d458a1ca22b973460bfb3e33f1d5d3b426bf50d7f20933
│ │ │  6ec0311b6d077086ca57f70b4a63f06fc88aed5060f311c744f3ce4e50422d85
│ │ │  335457038ddc664d6183171c7b0d65bc8f2c1986fce29f5d67fcd4a5f823a11a
│ │ │  a2e11115843201ee88f15530e9743c1a2b54452e39b977e132af2d97e021ecf5
│ │ │  58e1c72ee0713d29a4d6e25f859c0504464189033cfab2cffad567ccec68fc83
│ │ │  d91f2e4e9a5e77a1ffe66f048bf96b47c649d2886e29a31baee04f728a28940c
│ │ │  1d8c99a26ff8ba9990c7e5b13c1034866a6a1f396358e15e9795454038456f02
│ │ │ -b5866eae2f327ea13a342c1cd3ff4e2c381caa2e66be323e3c065f0000010029
│ │ │ -713ef8afdc7c8efcff89e8c420bfdd8835e6d08bb934ce160fe927b99ac8f997
│ │ │ -c043c16bfe67abbbd27a97b4aa4df753c33f5a093d9598413edfb4c6a0a68309
│ │ │ -4f3a160aec8a5e8e383c108c802580e5f117f9b2be6d496f6eb6e85937258e53
│ │ │ -f3f55ac49f7ffa955e91e054d1dd6b19f725506e2242fbb2f8acf81c9ff4278c
│ │ │ -5c6ad6528d1a8505c6c83fd643660e3a31dddff7eb5f046f0df6d47ea455c82c
│ │ │ -78ec32d8a1aaa29c9deed1053feae3029eacce8b9ff88777ff964757aeb1ccce
│ │ │ -bd14d326b7fb0822bbc982250e51d4eaa73599ef8e4fd2298f076edf9a9be41e
│ │ │ -94da645f57dc12af730b3661973390672cbcf767caf495e1f3656f06f0fae300
│ │ │ -00004030361665e91e760d37d9117256e4f698d2b124115e83aafcc92c2751fa
│ │ │ -f2b3384c22c76a207da12a4c4b72662e9ae53f356d6b6d98a066cd240cb06fed
│ │ │ -337d6d
│ │ │ +b5866eae2f327ea13a342c1cd3ff4e2c381caa2e66be323e3c065f00000100a3
│ │ │ +35c76bfe38266728b573ef4fedcb22131ce275a8a484902b3ad994ca3a87a754
│ │ │ +998b5c5807e4fa0e9b83a6677eca9140b8bbeeb4c36897473065b8305c4d1ddd
│ │ │ +3f967b7041217df53ae6ec4211b031cc12df895a35efcde570dd2c7a610151c9
│ │ │ +ef0acdf28a646db355ece183e2e71275c51b4331e61ca7948c7aa62d420e8b17
│ │ │ +481f427197c78094832de5e3f21d27bf701e6fc524e5f700567969f91e8864c0
│ │ │ +fae4da549d548ce8b134456e0720d083c8649bdb44ac6383d2e5a41bd2ec3b64
│ │ │ +e9b6d281708447aefdd60be32f7d9093fef2579d6c122b48e449b2266bdc4678
│ │ │ +9639fd997f0d8fe649b51a5f3097603b130bb5e8a811b5f3c121ed6d7bb58300
│ │ │ +00004004c38a443627df69c2bc659e2e810b24b0e4dc042311fb9b2c99d18e7b
│ │ │ +242fc7729f9e5facc1dc69ced89ea571bd69f95277894e9954c28c2f8ab77d62
│ │ │ +e96c1d
│ │ ├── libfreeblpriv3.chk
│ │ │┄ xxd not available in path. Falling back to Python hexlify.
│ │ │ @@ -11,19 +11,19 @@
│ │ │  5c80e3430a9e943586d458a1ca22b973460bfb3e33f1d5d3b426bf50d7f20933
│ │ │  6ec0311b6d077086ca57f70b4a63f06fc88aed5060f311c744f3ce4e50422d85
│ │ │  335457038ddc664d6183171c7b0d65bc8f2c1986fce29f5d67fcd4a5f823a11a
│ │ │  a2e11115843201ee88f15530e9743c1a2b54452e39b977e132af2d97e021ecf5
│ │ │  58e1c72ee0713d29a4d6e25f859c0504464189033cfab2cffad567ccec68fc83
│ │ │  d91f2e4e9a5e77a1ffe66f048bf96b47c649d2886e29a31baee04f728a28940c
│ │ │  1d8c99a26ff8ba9990c7e5b13c1034866a6a1f396358e15e9795454038456f02
│ │ │ -b5866eae2f327ea13a342c1cd3ff4e2c381caa2e66be323e3c065f00000100a3
│ │ │ -298c351142cb4107acceb8e07a997cc63fade4c4dd6cc0d3f5dedad25fca66bc
│ │ │ -d58fb35b3a1f8ce3c90c795a8066cb4312b2b11558daf3c388ee3865d1cbc75d
│ │ │ -88832d044dd267885c36455be97ee5ff17ee95a9377170441267b604d6bea8d2
│ │ │ -c7fbaebd2c39506220d5d2c4a34e6a848fc139bd38f95c7e48160d847c270a78
│ │ │ -e88519f1a5f2f36c6d6d4c16d621b2e763e48d42818b1a3b76421a52c7c209b9
│ │ │ -a70fe921ad9b80411150a5e4d800bd89fe4486361412b39a9b5c68abec6bb68d
│ │ │ -8f7d1b823c9d455d0062d9b819b1d5173a493cdbea00dcfc98a52537bd373acb
│ │ │ -cb046c7fe4246590c9875413f19dba8f63a2f05771d161513efeb2e663ebf400
│ │ │ -000040299e7b6851b43d6f40d1704237831bbb5a1fd4e38c041f1b7222480338
│ │ │ -c27b4e655f1846220c4950db84ce7da9b2c1b2c6530304a73c8caff757be8ba4
│ │ │ -51d8ec
│ │ │ +b5866eae2f327ea13a342c1cd3ff4e2c381caa2e66be323e3c065f0000010032
│ │ │ +0bdce77a4aabe0b8a8b97469180a5882104d30c155dfc227f99b7add6aedda98
│ │ │ +b9aee674e8a2f43377eea0e32f4382f8818a9cd39dfe0f2217b989ab695b1317
│ │ │ +971ae000096efde5a3610306a7a60b3075204f77543509fb48d1605d0ae6d7cd
│ │ │ +dd5b3576d2d09d9e4d5357ea21e7376e2fa69ba804a19161ab639219592efef5
│ │ │ +ad5b8714ad21118b1fa53453b6e4222e267b0a692704de6bcd10895afeaf5f21
│ │ │ +f721c406a796e092b344bc78abd953205e6d932c87fef89e80715a9eefbd6417
│ │ │ +eef4e8c8630fe92927d81870c50f64aa15f2dbb965d9aa51a450d0c53607d60a
│ │ │ +8c4ad1461e32c7dc78bf606eaacf38a88a2c47f496b3ba289e104e8d25a84400
│ │ │ +0000408df400964ed23bd859d524136afbf355cce08ae540f65bbfe055e81950
│ │ │ +6b84f52240c447ad47c53ee31e9fed82d08905f65adfedd54f5b91b6b9d6105b
│ │ │ +f2f8f4
│ │ ├── libnssdbm3.chk
│ │ │┄ xxd not available in path. Falling back to Python hexlify.
│ │ │ @@ -11,19 +11,19 @@
│ │ │  5c80e3430a9e943586d458a1ca22b973460bfb3e33f1d5d3b426bf50d7f20933
│ │ │  6ec0311b6d077086ca57f70b4a63f06fc88aed5060f311c744f3ce4e50422d85
│ │ │  335457038ddc664d6183171c7b0d65bc8f2c1986fce29f5d67fcd4a5f823a11a
│ │ │  a2e11115843201ee88f15530e9743c1a2b54452e39b977e132af2d97e021ecf5
│ │ │  58e1c72ee0713d29a4d6e25f859c0504464189033cfab2cffad567ccec68fc83
│ │ │  d91f2e4e9a5e77a1ffe66f048bf96b47c649d2886e29a31baee04f728a28940c
│ │ │  1d8c99a26ff8ba9990c7e5b13c1034866a6a1f396358e15e9795454038456f02
│ │ │ -b5866eae2f327ea13a342c1cd3ff4e2c381caa2e66be323e3c065f000001009d
│ │ │ -76e916a4dfe80c81097e4cff0f945852d689772f01c87f11c2fab03f99f20417
│ │ │ -d1458884f5255774a9028c848ce879369734f01f1e12ceb9cf63dc9eca1170b8
│ │ │ -23e6678ab9f65f2dbeeae2c96fd90367e720124a2d11551127baf17e2a7b214d
│ │ │ -f24bca9fbb5355d2479e7c06ec05fe138ad50c26a1876053143bf0ed18eae349
│ │ │ -42b8b96ab9bdde2e234fbfe354d8b3698cd5ddadfdd1de6ab8d75c558a96bd8a
│ │ │ -accb720a1207f4b25c9e1df0e0b60574d8f89d65e6698e1626e1d1a892c3c1d5
│ │ │ -13ee0f6ee4e87e2b54d566283e99aaa6300e3131913c9549d4b1a6ad2869fd4c
│ │ │ -d28567c75a32f0d132021b586ab8fb292994d065ec4b3875dabc993cb0e17800
│ │ │ -00004070a60b59d01834af5e27dff70526b0beb20dfabb43a6ab25f766d1ec26
│ │ │ -90ce003539dbf276a167ec78d7a998f69e99bf3c81fc7246572342aec6d214da
│ │ │ -abcc97
│ │ │ +b5866eae2f327ea13a342c1cd3ff4e2c381caa2e66be323e3c065f000001006b
│ │ │ +6170f9835f65f0409f61d947626f5880691b5b1ec5f0d280b82d832d3d5d3957
│ │ │ +1745597c3a2392c1271f8508a1c748bc4be5681bacfd11480a1855af07ae3cd4
│ │ │ +4fbc4165f89174e7cba60ac7f7c0a17116cfa3fd8e0ed6c0c02696352b3f9d53
│ │ │ +7fcbda8cb21b0a95f9e92d38dc8121ea2dac2eabd750ba7770c47d514282f45b
│ │ │ +357ef3586d8930a05a6e26c9ea391351d16fa2ab10fb08e42406e7a0365c3258
│ │ │ +00de8afadfb3086ca003e964ed1ab11b3410f4ccfede3e7b987ade295d4a0bc5
│ │ │ +d505170822d4a01535a93de3a507a51c4180989530d22e50d725d775f7455e9a
│ │ │ +9d5a851f2f976a6f312e924c27ac72a3599f9cf8878bbe01046a91cd04664c00
│ │ │ +00004002c563080dfd3803f27fa9c896d0dd1b3c985bd53f0622cabea11746fa
│ │ │ +ada72d7c05b819eb4dc9cda731e0006b637bd893555506c000dabb5c066d3f7e
│ │ │ +3ea9d8
│ │ ├── libsoftokn3.chk
│ │ │┄ xxd not available in path. Falling back to Python hexlify.
│ │ │ @@ -11,19 +11,19 @@
│ │ │  5c80e3430a9e943586d458a1ca22b973460bfb3e33f1d5d3b426bf50d7f20933
│ │ │  6ec0311b6d077086ca57f70b4a63f06fc88aed5060f311c744f3ce4e50422d85
│ │ │  335457038ddc664d6183171c7b0d65bc8f2c1986fce29f5d67fcd4a5f823a11a
│ │ │  a2e11115843201ee88f15530e9743c1a2b54452e39b977e132af2d97e021ecf5
│ │ │  58e1c72ee0713d29a4d6e25f859c0504464189033cfab2cffad567ccec68fc83
│ │ │  d91f2e4e9a5e77a1ffe66f048bf96b47c649d2886e29a31baee04f728a28940c
│ │ │  1d8c99a26ff8ba9990c7e5b13c1034866a6a1f396358e15e9795454038456f02
│ │ │ -b5866eae2f327ea13a342c1cd3ff4e2c381caa2e66be323e3c065f0000010030
│ │ │ -045311203f4d6c1624ea5336dc9a5470a2baa285ca7294bf2162c479bc0913d4
│ │ │ -f8f326ef62ca8b31781b61e9ad3057d3c4cdd90c882dceb252149d7578cceab4
│ │ │ -4ce0bb338d395901afafbe3c570493a7add01e625de9a0a90c4e85c52ce67630
│ │ │ -3b1cc388c65d76d87c5bd31d2db8fbe17db05186c3a4bc2032614af6d950e8c7
│ │ │ -91da637dc8a7c2897071c92910e47b529566eddafc918e1c05f39aedea9e712f
│ │ │ -98be2b6b87685411a5d8be0cd4d0c5e680ade81a3b9ee09d7aa6489775e3465b
│ │ │ -0dd470a8bd99a84df719cbf935d46a08f9045c58ccb2861dd35e76d085caed0a
│ │ │ -9ecc3cffe9bec61966d09e633bf7ac9870d02e03f8d4a2911da1b6e02cf6ab00
│ │ │ -0000408a5c4418abe2196ccf3ad0ce5d4df8edfa598befb414c4c622e92b2a70
│ │ │ -c94c5646c44609ba518ecdeef2eaa2745144a5048e2c4a92415fee1e3fe2c479
│ │ │ -1fe98a
│ │ │ +b5866eae2f327ea13a342c1cd3ff4e2c381caa2e66be323e3c065f0000010042
│ │ │ +3475f0c8a0fbfcbf67cdac446df60765ccc7b02fb6c5079e14c9d2c1da2d7ae5
│ │ │ +8f274ecfcf9d135c05a7405008e8f8c7f5ac86c274aabe5fdc33e014b622a5f4
│ │ │ +0c8525071b0d5ee7614464deffee9320a965701df92070ff15fe786c1e8c41b3
│ │ │ +b4298574d9c0b9d8e1fe896a12973e579372d75fe8f3262254a80b622e6543bb
│ │ │ +16be7160f9a89b934cd7133aa87fa5e03bcf981806cbb0bccf01af77008fd424
│ │ │ +cf6190e09910d4aaa812092fa64766d1bce0a9cf77f3470f5f0aa37715014cc6
│ │ │ +661c5f55253063713dac706cabab09005b9f1e2889f03e5b860f7eacbce21744
│ │ │ +fd33e21a0ca62878a7863e27667f0f7eb440bdfff02b9838d75d3fda4dac2400
│ │ │ +000040180f14354ae8e6d4d243e4fef0819e75346888290dd80849a7494dd220
│ │ │ +db71d615c82b2dbdee722fb914aff6875ffd66be934a102f0f684535169c9940
│ │ │ +c0733d

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

^ permalink raw reply	[flat|nested] 26+ messages in thread

* bug#40316: core-updates nss not reproducible
  2020-03-29 11:16 bug#40316: core-updates nss not reproducible Danny Milosavljevic
@ 2020-03-30  6:09 ` Gábor Boskovits
  2020-03-30 11:55 ` Marius Bakke
                   ` (5 subsequent siblings)
  6 siblings, 0 replies; 26+ messages in thread
From: Gábor Boskovits @ 2020-03-30  6:09 UTC (permalink / raw)
  To: Danny Milosavljevic; +Cc: 40316

Hello Danny,

Danny Milosavljevic <dannym@scratchpost.org> ezt írta (időpont: 2020.
márc. 30., H, 4:38):
>
> Hi,
>
> core-updates' nss is not reproducible (commit
> aebcbb27bc2f192cc06163251bab66a4ceb7b7d6).
>
> diffoscope says:
>
> --- /gnu/store/gfpgqvwrixhf3sf1bnzsfxzvld0nd8b7-nss-3.50
> +++ /gnu/store/gfpgqvwrixhf3sf1bnzsfxzvld0nd8b7-nss-3.50-check
> ├── lib
> │ ├── nss
> │ │ ├── libfreebl3.chk
> │ │ │┄ xxd not available in path. Falling back to Python hexlify.
> │ │ │ @@ -11,19 +11,19 @@
> │ │ │  5c80e3430a9e943586d458a1ca22b973460bfb3e33f1d5d3b426bf50d7f20933
> │ │ │  6ec0311b6d077086ca57f70b4a63f06fc88aed5060f311c744f3ce4e50422d85
> │ │ │  335457038ddc664d6183171c7b0d65bc8f2c1986fce29f5d67fcd4a5f823a11a
> │ │ │  a2e11115843201ee88f15530e9743c1a2b54452e39b977e132af2d97e021ecf5
> │ │ │  58e1c72ee0713d29a4d6e25f859c0504464189033cfab2cffad567ccec68fc83
> │ │ │  d91f2e4e9a5e77a1ffe66f048bf96b47c649d2886e29a31baee04f728a28940c
> │ │ │  1d8c99a26ff8ba9990c7e5b13c1034866a6a1f396358e15e9795454038456f02
> │ │ │ -b5866eae2f327ea13a342c1cd3ff4e2c381caa2e66be323e3c065f0000010029
> │ │ │ -713ef8afdc7c8efcff89e8c420bfdd8835e6d08bb934ce160fe927b99ac8f997
> │ │ │ -c043c16bfe67abbbd27a97b4aa4df753c33f5a093d9598413edfb4c6a0a68309
> │ │ │ -4f3a160aec8a5e8e383c108c802580e5f117f9b2be6d496f6eb6e85937258e53
> │ │ │ -f3f55ac49f7ffa955e91e054d1dd6b19f725506e2242fbb2f8acf81c9ff4278c
> │ │ │ -5c6ad6528d1a8505c6c83fd643660e3a31dddff7eb5f046f0df6d47ea455c82c
> │ │ │ -78ec32d8a1aaa29c9deed1053feae3029eacce8b9ff88777ff964757aeb1ccce
> │ │ │ -bd14d326b7fb0822bbc982250e51d4eaa73599ef8e4fd2298f076edf9a9be41e
> │ │ │ -94da645f57dc12af730b3661973390672cbcf767caf495e1f3656f06f0fae300
> │ │ │ -00004030361665e91e760d37d9117256e4f698d2b124115e83aafcc92c2751fa
> │ │ │ -f2b3384c22c76a207da12a4c4b72662e9ae53f356d6b6d98a066cd240cb06fed
> │ │ │ -337d6d
> │ │ │ +b5866eae2f327ea13a342c1cd3ff4e2c381caa2e66be323e3c065f00000100a3
> │ │ │ +35c76bfe38266728b573ef4fedcb22131ce275a8a484902b3ad994ca3a87a754
> │ │ │ +998b5c5807e4fa0e9b83a6677eca9140b8bbeeb4c36897473065b8305c4d1ddd
> │ │ │ +3f967b7041217df53ae6ec4211b031cc12df895a35efcde570dd2c7a610151c9
> │ │ │ +ef0acdf28a646db355ece183e2e71275c51b4331e61ca7948c7aa62d420e8b17
> │ │ │ +481f427197c78094832de5e3f21d27bf701e6fc524e5f700567969f91e8864c0
> │ │ │ +fae4da549d548ce8b134456e0720d083c8649bdb44ac6383d2e5a41bd2ec3b64
> │ │ │ +e9b6d281708447aefdd60be32f7d9093fef2579d6c122b48e449b2266bdc4678
> │ │ │ +9639fd997f0d8fe649b51a5f3097603b130bb5e8a811b5f3c121ed6d7bb58300
> │ │ │ +00004004c38a443627df69c2bc659e2e810b24b0e4dc042311fb9b2c99d18e7b
> │ │ │ +242fc7729f9e5facc1dc69ced89ea571bd69f95277894e9954c28c2f8ab77d62
> │ │ │ +e96c1d
> │ │ ├── libfreeblpriv3.chk
> │ │ │┄ xxd not available in path. Falling back to Python hexlify.
> │ │ │ @@ -11,19 +11,19 @@
> │ │ │  5c80e3430a9e943586d458a1ca22b973460bfb3e33f1d5d3b426bf50d7f20933
> │ │ │  6ec0311b6d077086ca57f70b4a63f06fc88aed5060f311c744f3ce4e50422d85
> │ │ │  335457038ddc664d6183171c7b0d65bc8f2c1986fce29f5d67fcd4a5f823a11a
> │ │ │  a2e11115843201ee88f15530e9743c1a2b54452e39b977e132af2d97e021ecf5
> │ │ │  58e1c72ee0713d29a4d6e25f859c0504464189033cfab2cffad567ccec68fc83
> │ │ │  d91f2e4e9a5e77a1ffe66f048bf96b47c649d2886e29a31baee04f728a28940c
> │ │ │  1d8c99a26ff8ba9990c7e5b13c1034866a6a1f396358e15e9795454038456f02
> │ │ │ -b5866eae2f327ea13a342c1cd3ff4e2c381caa2e66be323e3c065f00000100a3
> │ │ │ -298c351142cb4107acceb8e07a997cc63fade4c4dd6cc0d3f5dedad25fca66bc
> │ │ │ -d58fb35b3a1f8ce3c90c795a8066cb4312b2b11558daf3c388ee3865d1cbc75d
> │ │ │ -88832d044dd267885c36455be97ee5ff17ee95a9377170441267b604d6bea8d2
> │ │ │ -c7fbaebd2c39506220d5d2c4a34e6a848fc139bd38f95c7e48160d847c270a78
> │ │ │ -e88519f1a5f2f36c6d6d4c16d621b2e763e48d42818b1a3b76421a52c7c209b9
> │ │ │ -a70fe921ad9b80411150a5e4d800bd89fe4486361412b39a9b5c68abec6bb68d
> │ │ │ -8f7d1b823c9d455d0062d9b819b1d5173a493cdbea00dcfc98a52537bd373acb
> │ │ │ -cb046c7fe4246590c9875413f19dba8f63a2f05771d161513efeb2e663ebf400
> │ │ │ -000040299e7b6851b43d6f40d1704237831bbb5a1fd4e38c041f1b7222480338
> │ │ │ -c27b4e655f1846220c4950db84ce7da9b2c1b2c6530304a73c8caff757be8ba4
> │ │ │ -51d8ec
> │ │ │ +b5866eae2f327ea13a342c1cd3ff4e2c381caa2e66be323e3c065f0000010032
> │ │ │ +0bdce77a4aabe0b8a8b97469180a5882104d30c155dfc227f99b7add6aedda98
> │ │ │ +b9aee674e8a2f43377eea0e32f4382f8818a9cd39dfe0f2217b989ab695b1317
> │ │ │ +971ae000096efde5a3610306a7a60b3075204f77543509fb48d1605d0ae6d7cd
> │ │ │ +dd5b3576d2d09d9e4d5357ea21e7376e2fa69ba804a19161ab639219592efef5
> │ │ │ +ad5b8714ad21118b1fa53453b6e4222e267b0a692704de6bcd10895afeaf5f21
> │ │ │ +f721c406a796e092b344bc78abd953205e6d932c87fef89e80715a9eefbd6417
> │ │ │ +eef4e8c8630fe92927d81870c50f64aa15f2dbb965d9aa51a450d0c53607d60a
> │ │ │ +8c4ad1461e32c7dc78bf606eaacf38a88a2c47f496b3ba289e104e8d25a84400
> │ │ │ +0000408df400964ed23bd859d524136afbf355cce08ae540f65bbfe055e81950
> │ │ │ +6b84f52240c447ad47c53ee31e9fed82d08905f65adfedd54f5b91b6b9d6105b
> │ │ │ +f2f8f4
> │ │ ├── libnssdbm3.chk
> │ │ │┄ xxd not available in path. Falling back to Python hexlify.
> │ │ │ @@ -11,19 +11,19 @@
> │ │ │  5c80e3430a9e943586d458a1ca22b973460bfb3e33f1d5d3b426bf50d7f20933
> │ │ │  6ec0311b6d077086ca57f70b4a63f06fc88aed5060f311c744f3ce4e50422d85
> │ │ │  335457038ddc664d6183171c7b0d65bc8f2c1986fce29f5d67fcd4a5f823a11a
> │ │ │  a2e11115843201ee88f15530e9743c1a2b54452e39b977e132af2d97e021ecf5
> │ │ │  58e1c72ee0713d29a4d6e25f859c0504464189033cfab2cffad567ccec68fc83
> │ │ │  d91f2e4e9a5e77a1ffe66f048bf96b47c649d2886e29a31baee04f728a28940c
> │ │ │  1d8c99a26ff8ba9990c7e5b13c1034866a6a1f396358e15e9795454038456f02
> │ │ │ -b5866eae2f327ea13a342c1cd3ff4e2c381caa2e66be323e3c065f000001009d
> │ │ │ -76e916a4dfe80c81097e4cff0f945852d689772f01c87f11c2fab03f99f20417
> │ │ │ -d1458884f5255774a9028c848ce879369734f01f1e12ceb9cf63dc9eca1170b8
> │ │ │ -23e6678ab9f65f2dbeeae2c96fd90367e720124a2d11551127baf17e2a7b214d
> │ │ │ -f24bca9fbb5355d2479e7c06ec05fe138ad50c26a1876053143bf0ed18eae349
> │ │ │ -42b8b96ab9bdde2e234fbfe354d8b3698cd5ddadfdd1de6ab8d75c558a96bd8a
> │ │ │ -accb720a1207f4b25c9e1df0e0b60574d8f89d65e6698e1626e1d1a892c3c1d5
> │ │ │ -13ee0f6ee4e87e2b54d566283e99aaa6300e3131913c9549d4b1a6ad2869fd4c
> │ │ │ -d28567c75a32f0d132021b586ab8fb292994d065ec4b3875dabc993cb0e17800
> │ │ │ -00004070a60b59d01834af5e27dff70526b0beb20dfabb43a6ab25f766d1ec26
> │ │ │ -90ce003539dbf276a167ec78d7a998f69e99bf3c81fc7246572342aec6d214da
> │ │ │ -abcc97
> │ │ │ +b5866eae2f327ea13a342c1cd3ff4e2c381caa2e66be323e3c065f000001006b
> │ │ │ +6170f9835f65f0409f61d947626f5880691b5b1ec5f0d280b82d832d3d5d3957
> │ │ │ +1745597c3a2392c1271f8508a1c748bc4be5681bacfd11480a1855af07ae3cd4
> │ │ │ +4fbc4165f89174e7cba60ac7f7c0a17116cfa3fd8e0ed6c0c02696352b3f9d53
> │ │ │ +7fcbda8cb21b0a95f9e92d38dc8121ea2dac2eabd750ba7770c47d514282f45b
> │ │ │ +357ef3586d8930a05a6e26c9ea391351d16fa2ab10fb08e42406e7a0365c3258
> │ │ │ +00de8afadfb3086ca003e964ed1ab11b3410f4ccfede3e7b987ade295d4a0bc5
> │ │ │ +d505170822d4a01535a93de3a507a51c4180989530d22e50d725d775f7455e9a
> │ │ │ +9d5a851f2f976a6f312e924c27ac72a3599f9cf8878bbe01046a91cd04664c00
> │ │ │ +00004002c563080dfd3803f27fa9c896d0dd1b3c985bd53f0622cabea11746fa
> │ │ │ +ada72d7c05b819eb4dc9cda731e0006b637bd893555506c000dabb5c066d3f7e
> │ │ │ +3ea9d8
> │ │ ├── libsoftokn3.chk
> │ │ │┄ xxd not available in path. Falling back to Python hexlify.
> │ │ │ @@ -11,19 +11,19 @@
> │ │ │  5c80e3430a9e943586d458a1ca22b973460bfb3e33f1d5d3b426bf50d7f20933
> │ │ │  6ec0311b6d077086ca57f70b4a63f06fc88aed5060f311c744f3ce4e50422d85
> │ │ │  335457038ddc664d6183171c7b0d65bc8f2c1986fce29f5d67fcd4a5f823a11a
> │ │ │  a2e11115843201ee88f15530e9743c1a2b54452e39b977e132af2d97e021ecf5
> │ │ │  58e1c72ee0713d29a4d6e25f859c0504464189033cfab2cffad567ccec68fc83
> │ │ │  d91f2e4e9a5e77a1ffe66f048bf96b47c649d2886e29a31baee04f728a28940c
> │ │ │  1d8c99a26ff8ba9990c7e5b13c1034866a6a1f396358e15e9795454038456f02
> │ │ │ -b5866eae2f327ea13a342c1cd3ff4e2c381caa2e66be323e3c065f0000010030
> │ │ │ -045311203f4d6c1624ea5336dc9a5470a2baa285ca7294bf2162c479bc0913d4
> │ │ │ -f8f326ef62ca8b31781b61e9ad3057d3c4cdd90c882dceb252149d7578cceab4
> │ │ │ -4ce0bb338d395901afafbe3c570493a7add01e625de9a0a90c4e85c52ce67630
> │ │ │ -3b1cc388c65d76d87c5bd31d2db8fbe17db05186c3a4bc2032614af6d950e8c7
> │ │ │ -91da637dc8a7c2897071c92910e47b529566eddafc918e1c05f39aedea9e712f
> │ │ │ -98be2b6b87685411a5d8be0cd4d0c5e680ade81a3b9ee09d7aa6489775e3465b
> │ │ │ -0dd470a8bd99a84df719cbf935d46a08f9045c58ccb2861dd35e76d085caed0a
> │ │ │ -9ecc3cffe9bec61966d09e633bf7ac9870d02e03f8d4a2911da1b6e02cf6ab00
> │ │ │ -0000408a5c4418abe2196ccf3ad0ce5d4df8edfa598befb414c4c622e92b2a70
> │ │ │ -c94c5646c44609ba518ecdeef2eaa2745144a5048e2c4a92415fee1e3fe2c479
> │ │ │ -1fe98a
> │ │ │ +b5866eae2f327ea13a342c1cd3ff4e2c381caa2e66be323e3c065f0000010042
> │ │ │ +3475f0c8a0fbfcbf67cdac446df60765ccc7b02fb6c5079e14c9d2c1da2d7ae5
> │ │ │ +8f274ecfcf9d135c05a7405008e8f8c7f5ac86c274aabe5fdc33e014b622a5f4
> │ │ │ +0c8525071b0d5ee7614464deffee9320a965701df92070ff15fe786c1e8c41b3
> │ │ │ +b4298574d9c0b9d8e1fe896a12973e579372d75fe8f3262254a80b622e6543bb
> │ │ │ +16be7160f9a89b934cd7133aa87fa5e03bcf981806cbb0bccf01af77008fd424
> │ │ │ +cf6190e09910d4aaa812092fa64766d1bce0a9cf77f3470f5f0aa37715014cc6
> │ │ │ +661c5f55253063713dac706cabab09005b9f1e2889f03e5b860f7eacbce21744
> │ │ │ +fd33e21a0ca62878a7863e27667f0f7eb440bdfff02b9838d75d3fda4dac2400
> │ │ │ +000040180f14354ae8e6d4d243e4fef0819e75346888290dd80849a7494dd220
> │ │ │ +db71d615c82b2dbdee722fb914aff6875ffd66be934a102f0f684535169c9940
> │ │ │ +c0733d

Do you have any idea what these might be?
Are these text files, but not recoginzed by diffoscope, or are they
really binary?
Also, IIRC we had problems earlier with this package, as some keys
were generated.
Might this be somehow related?

Best regards,
g_bor
-- 
OpenPGP Key Fingerprint: 7988:3B9F:7D6A:4DBF:3719:0367:2506:A96C:CF63:0B21

^ permalink raw reply	[flat|nested] 26+ messages in thread

* bug#40316: core-updates nss not reproducible
  2020-03-29 11:16 bug#40316: core-updates nss not reproducible Danny Milosavljevic
  2020-03-30  6:09 ` Gábor Boskovits
@ 2020-03-30 11:55 ` Marius Bakke
  2020-03-31  9:28   ` Björn Höfling
  2021-05-18  1:04 ` Bone Baboon via Bug reports for GNU Guix
                   ` (4 subsequent siblings)
  6 siblings, 1 reply; 26+ messages in thread
From: Marius Bakke @ 2020-03-30 11:55 UTC (permalink / raw)
  To: Danny Milosavljevic, 40316

[-- Attachment #1: Type: text/plain, Size: 295 bytes --]

Danny Milosavljevic <dannym@scratchpost.org> writes:

> Hi,
>
> core-updates' nss is not reproducible (commit
> aebcbb27bc2f192cc06163251bab66a4ceb7b7d6).

Is this issue only present on the 'core-updates' branch?  There haven't
been any changes to NSS on that branch compared to 'master' AFAIK.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]

^ permalink raw reply	[flat|nested] 26+ messages in thread

* bug#40316: core-updates nss not reproducible
  2020-03-30 11:55 ` Marius Bakke
@ 2020-03-31  9:28   ` Björn Höfling
  0 siblings, 0 replies; 26+ messages in thread
From: Björn Höfling @ 2020-03-31  9:28 UTC (permalink / raw)
  To: Marius Bakke; +Cc: 40316

[-- Attachment #1: Type: text/plain, Size: 875 bytes --]

On Mon, 30 Mar 2020 13:55:09 +0200
Marius Bakke <mbakke@fastmail.com> wrote:

> Danny Milosavljevic <dannym@scratchpost.org> writes:
> 
> > Hi,
> >
> > core-updates' nss is not reproducible (commit
> > aebcbb27bc2f192cc06163251bab66a4ceb7b7d6).  
> 
> Is this issue only present on the 'core-updates' branch?  There
> haven't been any changes to NSS on that branch compared to 'master'
> AFAIK.

I haven't tried it on 'master', but I think it is branch-independent,
people are only testing it on core-updates. This bug is over 2 years
old with different versions of nss affected and the same three files
not reproducible. And we had past core-updates mergers.

I found and merged these reports:
bug#30108: [core-updates] nss 3.34.1 not reproducible
bug#33507: nss 3.39 output is not deterministic
bug#40316: core-updates nss not reproducible

Björn

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

^ permalink raw reply	[flat|nested] 26+ messages in thread

* bug#40316: core-updates nss not reproducible
  2020-03-29 11:16 bug#40316: core-updates nss not reproducible Danny Milosavljevic
  2020-03-30  6:09 ` Gábor Boskovits
  2020-03-30 11:55 ` Marius Bakke
@ 2021-05-18  1:04 ` Bone Baboon via Bug reports for GNU Guix
  2024-03-07 22:16   ` Vagrant Cascadian
  2024-04-23 12:42 ` bug#40316: Update needed of NSS Steve George
                   ` (3 subsequent siblings)
  6 siblings, 1 reply; 26+ messages in thread
From: Bone Baboon via Bug reports for GNU Guix @ 2021-05-18  1:04 UTC (permalink / raw)
  To: 40316

I am also getting the same four files that are not reproducible for nss
on the master branch.

As nss is also not reproducible on master maybe the title of this bug
should be changed to "nss not reproducible".

`guix describe` outputs:

```
Generation 24   May 12 2021 18:06:24    (current)
  guix d6aeebb
    repository URL: https://git.savannah.gnu.org/git/guix.git
    branch: master
    commit: d6aeebb23639258311fdfb9dbf5f903079fde51a
```

`guix challenge /gnu/store/vs3dxnrkbf58s85p49phxp5xambafp2m-nss-3.59`
outputs:

```
/gnu/store/vs3dxnrkbf58s85p49phxp5xambafp2m-nss-3.59 contents differ:
  local hash: 0pqq1v88yjj80sll4j4ahfh52zzqhvkjv3vgkhmnnikvl6vd5sck
  https://ci.guix.gnu.org/nar/lzip/vs3dxnrkbf58s85p49phxp5xambafp2m-nss-3.59: 1smx41irpiy9kly3zvr0d61x7hwm0haggvyii34byzfypca1xn2f
differing files:
    /lib/nss/libfreebl3.chk
    /lib/nss/libsoftokn3.chk
    /lib/nss/libfreeblpriv3.chk
    /lib/nss/libnssdbm3.chk

1 store items were analyzed:
  - 0 (0.0%) were identical
  - 1 (100.0%) differed
  - 0 (0.0%) were inconclusive
```

`guix challenge --diff=diffoscope
/gnu/store/vs3dxnrkbf58s85p49phxp5xambafp2m-nss-3.59` outputs:

```
/gnu/store/vs3dxnrkbf58s85p49phxp5xambafp2m-nss-3.59 contents differ:
  local hash: 0pqq1v88yjj80sll4j4ahfh52zzqhvkjv3vgkhmnnikvl6vd5sck
  https://ci.guix.gnu.org/nar/lzip/vs3dxnrkbf58s85p49phxp5xambafp2m-nss-3.59: 1smx41irpiy9kly3zvr0d61x7hwm0haggvyii34byzfypca1xn2f
--- /tmp/guix-directory.jSGCMh
+++ /gnu/store/vs3dxnrkbf58s85p49phxp5xambafp2m-nss-3.59
│   --- /tmp/guix-directory.jSGCMh/lib
├── +++ /gnu/store/vs3dxnrkbf58s85p49phxp5xambafp2m-nss-3.59/lib
│ │   --- /tmp/guix-directory.jSGCMh/lib/nss
│ ├── +++ /gnu/store/vs3dxnrkbf58s85p49phxp5xambafp2m-nss-3.59/lib/nss
│ │ │   --- /tmp/guix-directory.jSGCMh/lib/nss/libfreebl3.chk
│ │ ├── +++ /gnu/store/vs3dxnrkbf58s85p49phxp5xambafp2m-nss-3.59/lib/nss/libfreebl3.chk
│ │ │┄ xxd not available in path. Falling back to Python hexlify.
│ │ │ @@ -11,19 +11,19 @@
│ │ │  5c80e3430a9e943586d458a1ca22b973460bfb3e33f1d5d3b426bf50d7f20933
│ │ │  6ec0311b6d077086ca57f70b4a63f06fc88aed5060f311c744f3ce4e50422d85
│ │ │  335457038ddc664d6183171c7b0d65bc8f2c1986fce29f5d67fcd4a5f823a11a
│ │ │  a2e11115843201ee88f15530e9743c1a2b54452e39b977e132af2d97e021ecf5
│ │ │  58e1c72ee0713d29a4d6e25f859c0504464189033cfab2cffad567ccec68fc83
│ │ │  d91f2e4e9a5e77a1ffe66f048bf96b47c649d2886e29a31baee04f728a28940c
│ │ │  1d8c99a26ff8ba9990c7e5b13c1034866a6a1f396358e15e9795454038456f02
│ │ │ -b5866eae2f327ea13a342c1cd3ff4e2c381caa2e66be323e3c065f0000010062
│ │ │ -d97f1f01f03e65f037c7fee3230c59c36d170cc30f23372fbc6eb28d9ec87008
│ │ │ -f07660714bb43d98a06734a1658ce721feab8b0ece03ee54cb45dbaee9cff57f
│ │ │ -9d9c0fac4a2d67f4f314423973a42819a9eceba758344ef4b304f1737ebe23a4
│ │ │ -e13aba8e9f88bec5c067d61a16a3dcb347789575f4cfa8629880f734ec3db9cc
│ │ │ -d963cee322fa2eba5172715eb19686e185ff13dfcf23eb7ed9338230f90b4b57
│ │ │ -8f7f3c3fb8e0e968d4625646f5fb0897c3e2400e5a5596f01f841f7e4946d406
│ │ │ -977e6adbce9113d027a38cd34942cf3158422b590c27b2731fd506c2326a2dbb
│ │ │ -1a363a864475bd8464282544cf46fe60e94d705cda2d34257c9e3cadc378fe00
│ │ │ -00004025839bed8e61fecf86f99135e9912ab62b5497dc33bdf2bbda445cf237
│ │ │ -bfd47c8b826ec02b6cac983765bedd1ae17a57827f6fe0af965a2538a2776388
│ │ │ -c14b6c
│ │ │ +b5866eae2f327ea13a342c1cd3ff4e2c381caa2e66be323e3c065f0000010087
│ │ │ +37f4789b39e4bcbe32600d9a952265b9a8623a91658d6c5b5c7e8d42741219f2
│ │ │ +1f4d9e54994ffa87cc533d63273f7b7d24b63cc0415b62cd419656c63f5acf46
│ │ │ +688991664fc00c10740ab0cabbcdb639a9408b76c4cbf27827257fdd3aeaa526
│ │ │ +bb9425a9a8c55bb4d4a54e2d389de9561a61af754170bf640b8e23bc9c4c7945
│ │ │ +8cfdafc309c7737aa53d0fb451cc7476f73b04b4b5c6cfaeabc332d0478c8c5d
│ │ │ +bdde681ef55b30b669a106440c4676f5bf3454617d1707e710c0e426ee823ee1
│ │ │ +f1892576f4f4795e6e4fc040b9aab73d65ef132087fdaaba64fa8795a9eef4b6
│ │ │ +24700af69d0be0c2f86c1fbfc8a90cc0f50c0a90232cd3ce9f5987cf442d4b00
│ │ │ +0000405a720066a9593276d13e8b322c50381a926302d79ae6f571c5fcbbbefa
│ │ │ +71a9d259b7efa16aca52365e60baf1aef8904d28f9332d71b3fb3e8ecb30bcfb
│ │ │ +19053e
│ │ │   --- /tmp/guix-directory.jSGCMh/lib/nss/libfreeblpriv3.chk
│ │ ├── +++ /gnu/store/vs3dxnrkbf58s85p49phxp5xambafp2m-nss-3.59/lib/nss/libfreeblpriv3.chk
│ │ │┄ xxd not available in path. Falling back to Python hexlify.
│ │ │ @@ -11,19 +11,19 @@
│ │ │  5c80e3430a9e943586d458a1ca22b973460bfb3e33f1d5d3b426bf50d7f20933
│ │ │  6ec0311b6d077086ca57f70b4a63f06fc88aed5060f311c744f3ce4e50422d85
│ │ │  335457038ddc664d6183171c7b0d65bc8f2c1986fce29f5d67fcd4a5f823a11a
│ │ │  a2e11115843201ee88f15530e9743c1a2b54452e39b977e132af2d97e021ecf5
│ │ │  58e1c72ee0713d29a4d6e25f859c0504464189033cfab2cffad567ccec68fc83
│ │ │  d91f2e4e9a5e77a1ffe66f048bf96b47c649d2886e29a31baee04f728a28940c
│ │ │  1d8c99a26ff8ba9990c7e5b13c1034866a6a1f396358e15e9795454038456f02
│ │ │ -b5866eae2f327ea13a342c1cd3ff4e2c381caa2e66be323e3c065f000001009a
│ │ │ -19ffb743e104ab34cda81d282b09c74ca73dab5baf4e5951814556e25fa92f09
│ │ │ -fbb06af5f80893a2c4fb0295ef23c2e8302fc238fda3f3d582c9d3e8c062ae8a
│ │ │ -e18dc7a48a1d9e97fc4d21e11abaeb7c98495f478affc6866742c48090d44b09
│ │ │ -a5832f4648b1d165de42e279df2d1512bfe47dffffb65f0c543a6c92cfe8beed
│ │ │ -3fa84456e6eef833bd675d04846d630eed817bfd153377745d5c6244e2f913ef
│ │ │ -17a2b360bebd6f9a0fcbb24ed86e2d59ae5f28df2632518390d7e2f75a2da2fe
│ │ │ -2bebf06b7d095a60282a93c38da54ae19625630aac1c4755339a047213ed98e9
│ │ │ -91ad52e2723789c34498a0d0eb78055949383ab3a583363c653c5ef89a0c0200
│ │ │ -000040862ab0814d947cfb3bf2cf74720e14c633e910a7d3d4d7a81364505701
│ │ │ -c3c2c785f6f3804f8aa0de63449bc436f1eb9a4ce187392103de463caec69431
│ │ │ -bffb74
│ │ │ +b5866eae2f327ea13a342c1cd3ff4e2c381caa2e66be323e3c065f0000010038
│ │ │ +5f7f605095448c566ae24ab5677dd5ff8519a2564d09c3550608f860b12d8e84
│ │ │ +a4e5b87752d9bc32caba6bd53d181776624e22a217d9c7567a4556bcb316a13e
│ │ │ +1ecf3d2aa360477073f1fa1d376704668122ec75d1d6177cd0368610d4c1c098
│ │ │ +1ca41b0fdd1a188bf4940a5b0773e9c7178cd4141032d9f3bca8f77c480884f6
│ │ │ +7a30ba559fcf7547abf80840bb0b42e7c3bb47bf3f064e20c827ce0b0ce48c8f
│ │ │ +f7ecb9f513589edd858a5e5a3441b12e10a8bb61c93c3cf33d04c518804dcc27
│ │ │ +7a9d0df213922ff752f8ea4cba6fb0f5ba8acb57dcf02d3746a7cc588b1362a8
│ │ │ +2f7c7077399e18536ca1540e2a868780605dc4bf518a2c86dd2bc904df989f00
│ │ │ +0000404547c764e3ab6f499e0ea3656a9332f2da71506a1a5178d4828657682a
│ │ │ +c5f3f65eaf7212c1a7e41438bb48524eb5e1eff3d87080f1339c5d3e99369d56
│ │ │ +ebc5fd
│ │ │   --- /tmp/guix-directory.jSGCMh/lib/nss/libnssdbm3.chk
│ │ ├── +++ /gnu/store/vs3dxnrkbf58s85p49phxp5xambafp2m-nss-3.59/lib/nss/libnssdbm3.chk
│ │ │┄ xxd not available in path. Falling back to Python hexlify.
│ │ │ @@ -11,19 +11,19 @@
│ │ │  5c80e3430a9e943586d458a1ca22b973460bfb3e33f1d5d3b426bf50d7f20933
│ │ │  6ec0311b6d077086ca57f70b4a63f06fc88aed5060f311c744f3ce4e50422d85
│ │ │  335457038ddc664d6183171c7b0d65bc8f2c1986fce29f5d67fcd4a5f823a11a
│ │ │  a2e11115843201ee88f15530e9743c1a2b54452e39b977e132af2d97e021ecf5
│ │ │  58e1c72ee0713d29a4d6e25f859c0504464189033cfab2cffad567ccec68fc83
│ │ │  d91f2e4e9a5e77a1ffe66f048bf96b47c649d2886e29a31baee04f728a28940c
│ │ │  1d8c99a26ff8ba9990c7e5b13c1034866a6a1f396358e15e9795454038456f02
│ │ │ -b5866eae2f327ea13a342c1cd3ff4e2c381caa2e66be323e3c065f000001002e
│ │ │ -21ad266d676e56ae5ccc227879f1c1c6b9b6dd83eb7446a82f5a18bb09a4d252
│ │ │ -4cb3f635179b88fdab69e30efbc1684d7bcd5f24b3c6c70a14b998b19c7af1a0
│ │ │ -d3d79f75d2f3fd00a2fe19bfdcef007b67c2004f0571f670887e1f8ac7d1bf5d
│ │ │ -3dea50a0117efd7ff049d41ee286e642a0fe43256d77146324ab6ce8a83ef8c4
│ │ │ -9807d016f639f5ceb6f427062f5201e51e7776bb6463d89f9afeddbc7a9a28ee
│ │ │ -653be542425efa441a6815238c5898d33d76b9e44ceb7353e98927bb2935e025
│ │ │ -953cd7649241efaf3edbb5eed3abb7826c837dbbf2aaf1e1d9d2ee72dee0b3b5
│ │ │ -0d872cd2eb74969baa23c186b00fa87b4951ae0eb3fa867fb6462fad73154800
│ │ │ -0000403e373b8324248b0d53ba133dda29283d13350324847164c5ab29024678
│ │ │ -03611368137b58211456ce78c50968bd1233758422d591805c87d25b64a5abda
│ │ │ -09dda9
│ │ │ +b5866eae2f327ea13a342c1cd3ff4e2c381caa2e66be323e3c065f000001005b
│ │ │ +7a928e5d253ed22eb50a37023609db35ebab0672812f924d3ea7b74be43f26d5
│ │ │ +bc93ef30cd96d39daad0ab6eb98efab9047dcc73fa7b7dae259dc6a3f43255be
│ │ │ +e519afbb0a727b75247fc078fa22c0f1c716655c99e30b24867974959b52179d
│ │ │ +92d2b9bee276208c7ae5707975c55eea7125d83929709f5e63b6172e389a4858
│ │ │ +6d10c85f501882a285a476692f97247993f4aef2243b803b36528fc26d384503
│ │ │ +4437d3107e853f1d05a02f411e7e609ef720ff7bc299575d8840faaa40d33ddd
│ │ │ +b58f03a0669be967bc8021dfea2bbce37ae23b3c929ff98396d12a84e0634834
│ │ │ +1b80442fbbd9f7dcdda35dea83d1092c5ccc1ac2980bd0f3233bc82cbf165300
│ │ │ +00004030d6ccc46ba7ac1abdce687718962041cf98cb55787191130175f9e0d1
│ │ │ +ab8b2c610437f4e7a11d220d5989c3868d6db6257ab841d80ffcbff56d3b268c
│ │ │ +5abbee
│ │ │   --- /tmp/guix-directory.jSGCMh/lib/nss/libsoftokn3.chk
│ │ ├── +++ /gnu/store/vs3dxnrkbf58s85p49phxp5xambafp2m-nss-3.59/lib/nss/libsoftokn3.chk
│ │ │┄ xxd not available in path. Falling back to Python hexlify.
│ │ │ @@ -11,19 +11,19 @@
│ │ │  5c80e3430a9e943586d458a1ca22b973460bfb3e33f1d5d3b426bf50d7f20933
│ │ │  6ec0311b6d077086ca57f70b4a63f06fc88aed5060f311c744f3ce4e50422d85
│ │ │  335457038ddc664d6183171c7b0d65bc8f2c1986fce29f5d67fcd4a5f823a11a
│ │ │  a2e11115843201ee88f15530e9743c1a2b54452e39b977e132af2d97e021ecf5
│ │ │  58e1c72ee0713d29a4d6e25f859c0504464189033cfab2cffad567ccec68fc83
│ │ │  d91f2e4e9a5e77a1ffe66f048bf96b47c649d2886e29a31baee04f728a28940c
│ │ │  1d8c99a26ff8ba9990c7e5b13c1034866a6a1f396358e15e9795454038456f02
│ │ │ -b5866eae2f327ea13a342c1cd3ff4e2c381caa2e66be323e3c065f000001001e
│ │ │ -24d85331677aae2d94bd05a1efc093d260c20de07d57ee8c503956067275acf3
│ │ │ -0059cbab61581aa1c386dba534f268f96c5b9f802ef57311f7fa53915e8018b6
│ │ │ -d31abcd81c84f23d134ebe15127011e75cbbcaa809f6ca2d47f6ff67c3d02e8f
│ │ │ -5984d85463d458e3b35b9c35a1355fe4fae0709dd303eb4481809e10d8ce7ac0
│ │ │ -83ac85be99af4ce33520874f101665e0e77e7436ee6423cf82d4a8924aa53e51
│ │ │ -d21d7766aa5665041c4d4ef75fddce637a754ca42941cf986e1bbce60012bc1a
│ │ │ -5666674075c199c128048bcaee9dd35cb7e7248f553047c90e8e98511aeda17f
│ │ │ -2c75e8280037910e500c7e03c7bc935a7ad8d719484ff45bba3393e672c92500
│ │ │ -0000400605c2755588373f9f857d000b231c6d59cc6d0b1b08eb3f07a2b09cf7
│ │ │ -9a980124839b4bf70a8f3759f4e72fabc28550469f353451c570eb7b4efeebb2
│ │ │ -a15a6a
│ │ │ +b5866eae2f327ea13a342c1cd3ff4e2c381caa2e66be323e3c065f0000010011
│ │ │ +b0342b5cad4140db9fa893b68d1c5f3834c1cee9f95edc9b57a7968ec0c4ec2d
│ │ │ +18ccded167b847137ec4b8361aa1e782ccd0797b4401382f5d120848b67930be
│ │ │ +07389e0f52dda5f812d7462197594b4e86df50adedafbc57dc4e3160e09b8437
│ │ │ +4570899257469c8e97d46d40fe0801d906dfe8bdc611a953b2d0690a0e1d6dc8
│ │ │ +5c7699f30dee70856a6627847e08a710db7432e29b33474358005a53dfa5fa95
│ │ │ +f23817dda29c64694119e48e7a9b2a428d5afc42c43dafe78994cde0f065b7b9
│ │ │ +eca4ee565767ac13fe183cbac6c85002210e67ad8c5635c5bfde812c702b234a
│ │ │ +1dc530f5ff737c7ca25224e7375e35077874a999921570273afab1eb91f96200
│ │ │ +00004053356da884e81a92cd25fdea9dbd9137990a4e354d1421d50100bb7e56
│ │ │ +934dc868d7b5b00f1a9b470ca3c27379af91e9695c8fdab671a160b6272f9276
│ │ │ +d1fe04

1 store items were analyzed:
  - 0 (0.0%) were identical
  - 1 (100.0%) differed
  - 0 (0.0%) were inconclusive
```




^ permalink raw reply	[flat|nested] 26+ messages in thread

* bug#40316: core-updates nss not reproducible
  2021-05-18  1:04 ` Bone Baboon via Bug reports for GNU Guix
@ 2024-03-07 22:16   ` Vagrant Cascadian
  0 siblings, 0 replies; 26+ messages in thread
From: Vagrant Cascadian @ 2024-03-07 22:16 UTC (permalink / raw)
  To: 40316; +Cc: control

[-- Attachment #1: Type: text/plain, Size: 1137 bytes --]

retitle 40316 nss not reproducible
thanks

Still an issue on master as of d29e5a83e887cd2f4f459a12cbbfc40c77e55ce2:

guix challenge --verbose --diff=simple nss
guix challenge: warning: could not determine current substitute URLs; using defaults
/gnu/store/mc9gdsm0cqpyd2522f5xghdl59p1l35r-nss-3.88.1 contents differ:
  no local build for '/gnu/store/mc9gdsm0cqpyd2522f5xghdl59p1l35r-nss-3.88.1'
  https://ci.guix.gnu.org/nar/lzip/mc9gdsm0cqpyd2522f5xghdl59p1l35r-nss-3.88.1: 18xvq9cb7y2hajixnkk24bh969px0h5289hgby484iyg3x73sagp
  https://bordeaux.guix.gnu.org/nar/lzip/mc9gdsm0cqpyd2522f5xghdl59p1l35r-nss-3.88.1: 0pnmzsy7m34v51qxpi4lrj2a9m7l19prldabwad8gx24gih4irah
  differing files:
    /lib/nss/libfreebl3.chk
    /lib/nss/libfreeblpriv3.chk
    /lib/nss/libnssdbm3.chk
    /lib/nss/libsoftokn3.chk

1 store items were analyzed:
  - 0 (0.0%) were identical
  - 1 (100.0%) differed
  - 0 (0.0%) were inconclusive

According to the notes in Debian, this is due to cryptographic
signatures performed at build time:

  https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/diffoscope-results/nss.html


live well,
  vagrant

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 227 bytes --]

^ permalink raw reply	[flat|nested] 26+ messages in thread

* bug#40316: Update needed of NSS
  2020-03-29 11:16 bug#40316: core-updates nss not reproducible Danny Milosavljevic
                   ` (2 preceding siblings ...)
  2021-05-18  1:04 ` Bone Baboon via Bug reports for GNU Guix
@ 2024-04-23 12:42 ` Steve George
       [not found] ` <cover.1714166213.git.cdo@mutix.org>
                   ` (2 subsequent siblings)
  6 siblings, 0 replies; 26+ messages in thread
From: Steve George @ 2024-04-23 12:42 UTC (permalink / raw)
  To: 40316

Hi,

Confirmed nss doesn't build reproducibly on current core-updates branch.

Also looks like it needs an update to 3.99

Steve / Futurile




^ permalink raw reply	[flat|nested] 26+ messages in thread

* bug#40316: [PATCH 1/6] gnu: nss: Fix cross-compilation.
       [not found] ` <cover.1714166213.git.cdo@mutix.org>
@ 2024-04-26 21:33   ` Christina O'Donnell
  2024-04-26 21:33   ` bug#40316: [PATCH 2/6] gnu: nspr: " Christina O'Donnell
                     ` (2 subsequent siblings)
  3 siblings, 0 replies; 26+ messages in thread
From: Christina O'Donnell @ 2024-04-26 21:33 UTC (permalink / raw)
  To: 40316; +Cc: guix-devel, zhengjunjie, steve

From: Zheng Junjie <zhengjunjie@iscas.ac.cn>

* gnu/packages/nss.scm (nss)[arguments]<#:make-flags>: When
cross-compilation, Add CROSS_COMPILE=1.
<#:phases>: When cross-compilation, Set env NATIVE_CC to gcc.

Change-Id: I5c9559a4b8cecf2cfc6c47d136d69c01a335faaf
Signed-off-by: Zheng Junjie <zhengjunjie@iscas.ac.cn>
---
 gnu/packages/nss.scm | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm
index 7e9ed49ead8..459e53bc1cf 100644
--- a/gnu/packages/nss.scm
+++ b/gnu/packages/nss.scm
@@ -154,6 +154,9 @@ (define-public nss
                                             (#$(target-linux?) "linux")
                                             (else ""))))
                        #~())
+                #$@(if (%current-target-system)
+                       #~("CROSS_COMPILE=1")
+                       #~())
                 (string-append "NSPR_INCLUDE_DIR="
                                (search-input-directory %build-inputs
                                                        "include/nspr"))
@@ -175,6 +178,10 @@ (define-public nss
             (lambda _
               (setenv "CC" #$(cc-for-target))
               (setenv "CCC" #$(cxx-for-target))
+              ;; TODO: Set this unconditionally
+              #$@(if (%current-target-system)
+                     #~((setenv "NATIVE_CC" "gcc"))
+                     #~())
               ;; No VSX on powerpc-linux.
               #$@(if (target-ppc32?)
                      #~((setenv "NSS_DISABLE_CRYPTO_VSX" "1"))
-- 
2.41.0





^ permalink raw reply related	[flat|nested] 26+ messages in thread

* bug#40316: [PATCH 2/6] gnu: nspr: Fix cross-compilation.
       [not found] ` <cover.1714166213.git.cdo@mutix.org>
  2024-04-26 21:33   ` bug#40316: [PATCH 1/6] gnu: nss: Fix cross-compilation Christina O'Donnell
@ 2024-04-26 21:33   ` Christina O'Donnell
       [not found]   ` <ba7d0083ae84b8ff3bd5e01a633cbe32226f8651.1714166213.git.cdo@mutix.org>
       [not found]   ` <87jzkc1vfb.fsf_-_@gnu.org>
  3 siblings, 0 replies; 26+ messages in thread
From: Christina O'Donnell @ 2024-04-26 21:33 UTC (permalink / raw)
  To: 40316; +Cc: guix-devel, zhengjunjie, steve

From: Zheng Junjie <zhengjunjie@iscas.ac.cn>

* gnu/packages/nss.scm (nspr)[arguments]<#:configure-flags>: When
cross-compilation, Add HOST_CC=gcc.

Change-Id: I337f217f153f8cc3a713906643d6fab9115056e9
Signed-off-by: Zheng Junjie <zhengjunjie@iscas.ac.cn>
---
 gnu/packages/nss.scm | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm
index 459e53bc1cf..0baafe2f373 100644
--- a/gnu/packages/nss.scm
+++ b/gnu/packages/nss.scm
@@ -71,7 +71,10 @@ (define-public nspr
       #~(list "--disable-static"
               "--enable-64bit"
               (string-append "LDFLAGS=-Wl,-rpath="
-                             (assoc-ref %outputs "out") "/lib"))
+                             (assoc-ref %outputs "out") "/lib")
+              #$@(if (%current-target-system)
+                     #~("HOST_CC=gcc")
+                     #~()))
       ;; Use fixed timestamps for reproducibility.
       #:make-flags #~'("SH_DATE='1970-01-01 00:00:01'"
                        ;; This is epoch 1 in microseconds.
-- 
2.41.0





^ permalink raw reply related	[flat|nested] 26+ messages in thread

* bug#40316: [PATCH 3/6] gnu: nss: Make reproducible.
       [not found]   ` <ba7d0083ae84b8ff3bd5e01a633cbe32226f8651.1714166213.git.cdo@mutix.org>
@ 2024-04-26 22:58     ` Vagrant Cascadian
  2024-05-02 12:51       ` Christina O'Donnell
  0 siblings, 1 reply; 26+ messages in thread
From: Vagrant Cascadian @ 2024-04-26 22:58 UTC (permalink / raw)
  To: Christina O'Donnell, 40316
  Cc: Christina O'Donnell, zhengjunjie, steve

[-- Attachment #1: Type: text/plain, Size: 1479 bytes --]

On 2024-04-26, Christina O'Donnell wrote:
> gnu/packages/patches/nss-Disable-library-signing.patch: Disable library
> signing to make the build reproducible.
> gnu/packages/nss.scm (nss): Apply this new patch.

Nice!


> diff --git a/gnu/packages/patches/nss-Disable-library-signing.patch b/gnu/packages/patches/nss-Disable-library-signing.patch
> new file mode 100644
> index 00000000000..b488d29dcad
> --- /dev/null
> +++ b/gnu/packages/patches/nss-Disable-library-signing.patch
> @@ -0,0 +1,67 @@
> +From 4734b834755822f962af29e9395daa7338084e21 Mon Sep 17 00:00:00 2001
> +Message-ID: <4734b834755822f962af29e9395daa7338084e21.1714059680.git.cdo@mutix.org>
> +From: Christina O'Donnell <cdo@mutix.org>
> +Date: Thu, 25 Apr 2024 16:35:50 +0100
> +Subject: [PATCH] nss: Disable library signing.
> +
> +---
> + nss/cmd/shlibsign/Makefile | 32 +-------------------------------
> + 1 file changed, 1 insertion(+), 31 deletions(-)

I think it would be good to explain why this patch is included, not just
in the git commit message, but in the patch comments itself. I realize
the patch actually includes a comment about non-determinism, but it is a
bit lost in the diff.

Also, might be worth briefly explaining why disabling this feature is
unlikely to break anything, etc.

Curious if there might be some way to leave most of the code in place,
disable it... otherwise on version updates it is more likely to result
in conflicts with even minor changes...


live well,
  vagrant

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 227 bytes --]

^ permalink raw reply	[flat|nested] 26+ messages in thread

* bug#40316: [PATCH v2 0/6] Attempt to make nss reproducible
  2020-03-29 11:16 bug#40316: core-updates nss not reproducible Danny Milosavljevic
                   ` (4 preceding siblings ...)
       [not found] ` <cover.1714166213.git.cdo@mutix.org>
@ 2024-05-02 11:00 ` Christina O'Donnell
  2024-05-02 11:00   ` bug#40316: [PATCH v2 1/6] gnu: nss: Fix cross-compilation Christina O'Donnell
  2024-05-02 12:42   ` bug#40316: [PATCH v2 0/6] Attempt to make nss reproducible Christina O'Donnell
  2024-05-02 15:15 ` bug#40316: [PATCH v4 0/5] gnu: nss: Make reproducible Christina O'Donnell
  6 siblings, 2 replies; 26+ messages in thread
From: Christina O'Donnell @ 2024-05-02 11:00 UTC (permalink / raw)
  To: 40316; +Cc: Christina O'Donnell, zhengjunjie, vagrant, steve

This patch series is an incomplete attempt to make nss reproducible. Currently
this fails 4 tests due to NSS_FIPS_DISABLED not being respected.

Christina O'Donnell (4):
  gnu: nss: Update to 3.99.
  gnu: nss-certs: Update to 3.99.
  gnu: nss: Attempt to disable FIPS.
  gnu: nss: Disable FIPS in lowhashtest.

Zheng Junjie (2):
  gnu: nss: Fix cross-compilation.
  gnu: nspr: Fix cross-compilation.

 gnu/packages/certs.scm                        | 24 +++++++++++---
 gnu/packages/nss.scm                          | 27 ++++++++++++---
 .../nss-disable-fips-in-lowhashtest.patch     | 28 ++++++++++++++++
 .../patches/nss-disable-shlibsign.patch       | 33 +++++++++++++++++++
 4 files changed, 102 insertions(+), 10 deletions(-)
 create mode 100644 gnu/packages/patches/nss-disable-fips-in-lowhashtest.patch
 create mode 100644 gnu/packages/patches/nss-disable-shlibsign.patch


base-commit: 9a47ef6182b6a36354699efbdbedca17f24cd9b8
-- 
2.41.0





^ permalink raw reply	[flat|nested] 26+ messages in thread

* bug#40316: [PATCH v2 1/6] gnu: nss: Fix cross-compilation.
  2024-05-02 11:00 ` bug#40316: [PATCH v2 0/6] Attempt to make nss reproducible Christina O'Donnell
@ 2024-05-02 11:00   ` Christina O'Donnell
  2024-05-02 11:00     ` bug#40316: [PATCH v2 2/6] gnu: nspr: " Christina O'Donnell
                       ` (4 more replies)
  2024-05-02 12:42   ` bug#40316: [PATCH v2 0/6] Attempt to make nss reproducible Christina O'Donnell
  1 sibling, 5 replies; 26+ messages in thread
From: Christina O'Donnell @ 2024-05-02 11:00 UTC (permalink / raw)
  To: 40316; +Cc: zhengjunjie, vagrant, steve

From: Zheng Junjie <zhengjunjie@iscas.ac.cn>

* gnu/packages/nss.scm (nss)[arguments]<#:make-flags>: When
cross-compilation, Add CROSS_COMPILE=1.
<#:phases>: When cross-compilation, Set env NATIVE_CC to gcc.

Change-Id: I5c9559a4b8cecf2cfc6c47d136d69c01a335faaf
Signed-off-by: Zheng Junjie <zhengjunjie@iscas.ac.cn>
---
 gnu/packages/nss.scm | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm
index 7e9ed49ead..459e53bc1c 100644
--- a/gnu/packages/nss.scm
+++ b/gnu/packages/nss.scm
@@ -154,6 +154,9 @@ (define-public nss
                                             (#$(target-linux?) "linux")
                                             (else ""))))
                        #~())
+                #$@(if (%current-target-system)
+                       #~("CROSS_COMPILE=1")
+                       #~())
                 (string-append "NSPR_INCLUDE_DIR="
                                (search-input-directory %build-inputs
                                                        "include/nspr"))
@@ -175,6 +178,10 @@ (define-public nss
             (lambda _
               (setenv "CC" #$(cc-for-target))
               (setenv "CCC" #$(cxx-for-target))
+              ;; TODO: Set this unconditionally
+              #$@(if (%current-target-system)
+                     #~((setenv "NATIVE_CC" "gcc"))
+                     #~())
               ;; No VSX on powerpc-linux.
               #$@(if (target-ppc32?)
                      #~((setenv "NSS_DISABLE_CRYPTO_VSX" "1"))

base-commit: 9a47ef6182b6a36354699efbdbedca17f24cd9b8
-- 
2.41.0





^ permalink raw reply related	[flat|nested] 26+ messages in thread

* bug#40316: [PATCH v2 2/6] gnu: nspr: Fix cross-compilation.
  2024-05-02 11:00   ` bug#40316: [PATCH v2 1/6] gnu: nss: Fix cross-compilation Christina O'Donnell
@ 2024-05-02 11:00     ` Christina O'Donnell
  2024-05-02 11:00     ` bug#40316: [PATCH v2 3/6] gnu: nss: Update to 3.99 Christina O'Donnell
                       ` (3 subsequent siblings)
  4 siblings, 0 replies; 26+ messages in thread
From: Christina O'Donnell @ 2024-05-02 11:00 UTC (permalink / raw)
  To: 40316; +Cc: zhengjunjie, vagrant, steve

From: Zheng Junjie <zhengjunjie@iscas.ac.cn>

* gnu/packages/nss.scm (nspr)[arguments]<#:configure-flags>: When
cross-compilation, Add HOST_CC=gcc.

Change-Id: I337f217f153f8cc3a713906643d6fab9115056e9
Signed-off-by: Zheng Junjie <zhengjunjie@iscas.ac.cn>
---
 gnu/packages/nss.scm | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm
index 459e53bc1c..0baafe2f37 100644
--- a/gnu/packages/nss.scm
+++ b/gnu/packages/nss.scm
@@ -71,7 +71,10 @@ (define-public nspr
       #~(list "--disable-static"
               "--enable-64bit"
               (string-append "LDFLAGS=-Wl,-rpath="
-                             (assoc-ref %outputs "out") "/lib"))
+                             (assoc-ref %outputs "out") "/lib")
+              #$@(if (%current-target-system)
+                     #~("HOST_CC=gcc")
+                     #~()))
       ;; Use fixed timestamps for reproducibility.
       #:make-flags #~'("SH_DATE='1970-01-01 00:00:01'"
                        ;; This is epoch 1 in microseconds.
-- 
2.41.0





^ permalink raw reply related	[flat|nested] 26+ messages in thread

* bug#40316: [PATCH v2 3/6] gnu: nss: Update to 3.99.
  2024-05-02 11:00   ` bug#40316: [PATCH v2 1/6] gnu: nss: Fix cross-compilation Christina O'Donnell
  2024-05-02 11:00     ` bug#40316: [PATCH v2 2/6] gnu: nspr: " Christina O'Donnell
@ 2024-05-02 11:00     ` Christina O'Donnell
  2024-05-02 11:00     ` bug#40316: [PATCH v2 4/6] gnu: nss-certs: " Christina O'Donnell
                       ` (2 subsequent siblings)
  4 siblings, 0 replies; 26+ messages in thread
From: Christina O'Donnell @ 2024-05-02 11:00 UTC (permalink / raw)
  To: 40316; +Cc: Christina O'Donnell, zhengjunjie, vagrant, steve

gnu/packages/nss.scm (nss): Update to 3.99.

Change-Id: Iba6c9dc2956cc0febb62a1c471add899250fa489
---
 gnu/packages/nss.scm | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm
index 0baafe2f37..6795e59d28 100644
--- a/gnu/packages/nss.scm
+++ b/gnu/packages/nss.scm
@@ -109,7 +109,7 @@ (define-public nss
     ;; IMPORTANT: Also update and test the nss-certs package, which duplicates
     ;; version and source to avoid a top-level variable reference & module
     ;; cycle.
-    (version "3.88.1")
+    (version "3.99")
     (source (origin
               (method url-fetch)
               (uri (let ((version-with-underscores
@@ -120,7 +120,7 @@ (define-public nss
                       "nss-" version ".tar.gz")))
               (sha256
                (base32
-                "15il9fsmixa1r4446zq1wl627sg0hz9h67w6kjxz273xz3nl7li7"))
+                "1g89ig40gfi1sp02gybvl2z818lawcnrqjzsws36cdva834c5maw"))
               ;; Create nss.pc and nss-config.
               (patches (search-patches "nss-3.56-pkgconfig.patch"
                                        "nss-getcwd-nonnull.patch"
@@ -207,7 +207,7 @@ (define-public nss
                     ;; leading to test failures:
                     ;; <https://bugzilla.mozilla.org/show_bug.cgi?id=609734>.  To
                     ;; work around that, set the time to roughly the release date.
-                    (invoke "faketime" "2022-11-01" "./nss/tests/all.sh"))
+                    (invoke "faketime" "2024-02-01" "./nss/tests/all.sh"))
                   (format #t "test suite not run~%"))))
           (replace 'install
             (lambda* (#:key outputs #:allow-other-keys)
-- 
2.41.0





^ permalink raw reply related	[flat|nested] 26+ messages in thread

* bug#40316: [PATCH v2 4/6] gnu: nss-certs: Update to 3.99.
  2024-05-02 11:00   ` bug#40316: [PATCH v2 1/6] gnu: nss: Fix cross-compilation Christina O'Donnell
  2024-05-02 11:00     ` bug#40316: [PATCH v2 2/6] gnu: nspr: " Christina O'Donnell
  2024-05-02 11:00     ` bug#40316: [PATCH v2 3/6] gnu: nss: Update to 3.99 Christina O'Donnell
@ 2024-05-02 11:00     ` Christina O'Donnell
  2024-05-02 11:00     ` bug#40316: [PATCH v2 5/6] gnu: nss: Attempt to disable FIPS Christina O'Donnell
  2024-05-02 11:00     ` bug#40316: [PATCH v2 6/6] gnu: nss: Disable FIPS in lowhashtest Christina O'Donnell
  4 siblings, 0 replies; 26+ messages in thread
From: Christina O'Donnell @ 2024-05-02 11:00 UTC (permalink / raw)
  To: 40316; +Cc: Christina O'Donnell, zhengjunjie, vagrant, steve

gnu/packages/certs.scm (nss-certs-3.88.1): New variable.
(nss-certs-3.98): Update and rename to nss-certs-3.99.
(nss-certs): Update to 3.99.

Change-Id: I2f5f737d44d08497d4f5e0e07557be36d2f1f070
---
 gnu/packages/certs.scm | 24 +++++++++++++++++++-----
 1 file changed, 19 insertions(+), 5 deletions(-)

diff --git a/gnu/packages/certs.scm b/gnu/packages/certs.scm
index 7078c7c8d1..7aa96493fb 100644
--- a/gnu/packages/certs.scm
+++ b/gnu/packages/certs.scm
@@ -125,7 +125,7 @@ (define-public certdata2pem
 that was originally contributed to Debian.")
       (license license:isc))))
 
-(define-public nss-certs
+(define-public nss-certs-3.88.1
   (package
     (name "nss-certs")
     ;; XXX We used to refer to the nss package here, but that eventually caused
@@ -188,10 +188,10 @@ (define-public nss-certs
     (home-page "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS")
     (license license:mpl2.0)))
 
-(define-public nss-certs-3.98
+(define-public nss-certs-3.99
   (package
-    (inherit nss-certs)
-    (version "3.98")
+    (inherit nss-certs-3.88.1)
+    (version "3.99")
     (source (origin
               (method url-fetch)
               (uri (let ((version-with-underscores
@@ -202,7 +202,21 @@ (define-public nss-certs-3.98
                       "nss-" version ".tar.gz")))
               (sha256
                (base32
-                "1kh98amfklrq6915n4mlbrcqghc3srm7rkzs9dkh21jwscrwqjgm"))))))
+                "15il9fsmixa1r4446zq1wl627sg0hz9h67w6kjxz273xz3nl7li7"))
+              ;; Create nss.pc and nss-config.
+              (patches (search-patches "nss-3.56-pkgconfig.patch"
+                                       "nss-getcwd-nonnull.patch"
+                                       "nss-increase-test-timeout.patch"
+                                       "nss-Disable-library-signing.patch"))
+              (modules '((guix build utils)))
+              (snippet
+               '(begin
+                  ;; Delete the bundled copy of these libraries.
+                  (delete-file-recursively "nss/lib/zlib")
+                  (delete-file-recursively "nss/lib/sqlite")))))))
+
+(define-public nss-certs
+  nss-certs-3.99)
 
 (define-public le-certs
   (package
-- 
2.41.0





^ permalink raw reply related	[flat|nested] 26+ messages in thread

* bug#40316: [PATCH v2 5/6] gnu: nss: Attempt to disable FIPS.
  2024-05-02 11:00   ` bug#40316: [PATCH v2 1/6] gnu: nss: Fix cross-compilation Christina O'Donnell
                       ` (2 preceding siblings ...)
  2024-05-02 11:00     ` bug#40316: [PATCH v2 4/6] gnu: nss-certs: " Christina O'Donnell
@ 2024-05-02 11:00     ` Christina O'Donnell
  2024-05-02 11:00     ` bug#40316: [PATCH v2 6/6] gnu: nss: Disable FIPS in lowhashtest Christina O'Donnell
  4 siblings, 0 replies; 26+ messages in thread
From: Christina O'Donnell @ 2024-05-02 11:00 UTC (permalink / raw)
  To: 40316; +Cc: Christina O'Donnell, zhengjunjie, vagrant, steve

gnu/packages/nss.scm (nss): Define NSS_FIPS_DISABLED to disable FIPS. This is
required because FIPS relies on libraries signed with shlibsign, which is inherently
non-determinstic.

This patch is an incomplete attempt to get the tests to succeed by disabling
inapplicable tests, i.e. tests that depend on FIPS.

I have passed NSS_FIPS_DISABLED=1 to the Makefile however it seems to be
ignoring it for no logical reason.

Change-Id: Ic111c9f290719e82b3ff69589f585384f2e74baa
Change-Id: Id5a59840fa22c013982ab53826f7e66b40bb5227
---
 gnu/packages/nss.scm                          |  8 ++++-
 .../patches/nss-disable-shlibsign.patch       | 33 +++++++++++++++++++
 2 files changed, 40 insertions(+), 1 deletion(-)
 create mode 100644 gnu/packages/patches/nss-disable-shlibsign.patch

diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm
index 6795e59d28..08e4cb06ee 100644
--- a/gnu/packages/nss.scm
+++ b/gnu/packages/nss.scm
@@ -124,7 +124,8 @@ (define-public nss
               ;; Create nss.pc and nss-config.
               (patches (search-patches "nss-3.56-pkgconfig.patch"
                                        "nss-getcwd-nonnull.patch"
-                                       "nss-increase-test-timeout.patch"))
+                                       "nss-increase-test-timeout.patch"
+                                       "nss-disable-shlibsign.patch"))
               (modules '((guix build utils)))
               (snippet
                '(begin
@@ -141,6 +142,9 @@ (define-public nss
                 (string-append "PREFIX=" #$output)
                 "NSDISTMODE=copy"
                 "NSS_USE_SYSTEM_SQLITE=1"
+                ;; No FIPS because it adds non-determinism.
+                "NSS_FIPS_DISABLED=1"
+                "NSS_NO_INIT_SUPPORT=1"
                 ;; The gtests fail to compile on riscv64.
                 ;; Skipping them doesn't affect the test suite.
                 #$@(if (target-riscv64?)
@@ -202,6 +206,8 @@ (define-public nss
                     (setenv "DOMSUF" "localdomain")
                     (setenv "USE_IP" "TRUE")
                     (setenv "IP_ADDRESS" "127.0.0.1")
+                    (setenv "NSS_CYCLES" "standard")
+                    (setenv "NSS_TESTS" "cipher lowhash libpkix cert dbtests tools sdr crmf smime ssl ocsp merge pkits ec gtests ssl_gtests policy")
 
                     ;; The "PayPalEE.cert" certificate expires every six months,
                     ;; leading to test failures:
diff --git a/gnu/packages/patches/nss-disable-shlibsign.patch b/gnu/packages/patches/nss-disable-shlibsign.patch
new file mode 100644
index 0000000000..591af76449
--- /dev/null
+++ b/gnu/packages/patches/nss-disable-shlibsign.patch
@@ -0,0 +1,33 @@
+From 85b7cf166687cbfaf3e3764ed1ea9bb3b9404ef0 Mon Sep 17 00:00:00 2001
+Message-ID: <85b7cf166687cbfaf3e3764ed1ea9bb3b9404ef0.1714589168.git.cdo@mutix.org>
+From: Christina O'Donnell <cdo@mutix.org>
+Date: Wed, 1 May 2024 19:44:09 +0100
+Subject: [PATCH] nss: Disable shlibsign.
+
+This is required as it generates a new key each time it is run through a
+non-deterministic process.
+---
+ nss/cmd/shlibsign/sign.sh | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/nss/cmd/shlibsign/sign.sh b/nss/cmd/shlibsign/sign.sh
+index 5551c5f..baf1dea 100644
+--- a/nss/cmd/shlibsign/sign.sh
++++ b/nss/cmd/shlibsign/sign.sh
+@@ -45,7 +45,9 @@ WIN*)
+     export LIBRARY_PATH
+     ADDON_PATH=${1}/lib:${4}:$ADDON_PATH
+     export ADDON_PATH
+-    echo "${2}"/shlibsign -v -i "${5}"
+-    "${2}"/shlibsign -v -i "${5}"
++    # Disable lib signing as it generates its keys through a non-deterministic
++    # process.
++    # echo "${2}"/shlibsign -v -i "${5}"
++    # "${2}"/shlibsign -v -i "${5}"
+     ;;
+ esac
+
+base-commit: c9d74497ed5a5b0a0d3f7d609b1c15a3b810ee5b
+-- 
+2.41.0
+
-- 
2.41.0





^ permalink raw reply related	[flat|nested] 26+ messages in thread

* bug#40316: [PATCH v2 6/6] gnu: nss: Disable FIPS in lowhashtest.
  2024-05-02 11:00   ` bug#40316: [PATCH v2 1/6] gnu: nss: Fix cross-compilation Christina O'Donnell
                       ` (3 preceding siblings ...)
  2024-05-02 11:00     ` bug#40316: [PATCH v2 5/6] gnu: nss: Attempt to disable FIPS Christina O'Donnell
@ 2024-05-02 11:00     ` Christina O'Donnell
  4 siblings, 0 replies; 26+ messages in thread
From: Christina O'Donnell @ 2024-05-02 11:00 UTC (permalink / raw)
  To: 40316; +Cc: Christina O'Donnell, zhengjunjie, vagrant, steve

* gnu/packages/nss.scm (nss): Disable FIPS in lowhashtests.
This is required as FIPS is inherently non-deterministic, making the build no
longer reproducible.

Change-Id: I2b294530b017285d0949a1082abaaf3a8fe1f6b5
---
 gnu/packages/nss.scm                          |  3 +-
 .../nss-disable-fips-in-lowhashtest.patch     | 28 +++++++++++++++++++
 2 files changed, 30 insertions(+), 1 deletion(-)
 create mode 100644 gnu/packages/patches/nss-disable-fips-in-lowhashtest.patch

diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm
index 08e4cb06ee..02081c32e1 100644
--- a/gnu/packages/nss.scm
+++ b/gnu/packages/nss.scm
@@ -125,7 +125,8 @@ (define-public nss
               (patches (search-patches "nss-3.56-pkgconfig.patch"
                                        "nss-getcwd-nonnull.patch"
                                        "nss-increase-test-timeout.patch"
-                                       "nss-disable-shlibsign.patch"))
+                                       "nss-disable-shlibsign.patch"
+                                       "nss-disable-fips-in-lowhashtest.patch"))
               (modules '((guix build utils)))
               (snippet
                '(begin
diff --git a/gnu/packages/patches/nss-disable-fips-in-lowhashtest.patch b/gnu/packages/patches/nss-disable-fips-in-lowhashtest.patch
new file mode 100644
index 0000000000..c8fc1e7e7a
--- /dev/null
+++ b/gnu/packages/patches/nss-disable-fips-in-lowhashtest.patch
@@ -0,0 +1,28 @@
+From f32bd353c5b741d6da5811fd40681dda80799bfb Mon Sep 17 00:00:00 2001
+Message-ID: <f32bd353c5b741d6da5811fd40681dda80799bfb.1714591857.git.cdo@mutix.org>
+From: Christina O'Donnell <cdo@mutix.org>
+Date: Wed, 1 May 2024 20:30:15 +0100
+Subject: [PATCH] nss: Disable FIPS in lowhashtest.
+
+---
+ nss/tests/lowhash/lowhash.sh | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/nss/tests/lowhash/lowhash.sh b/nss/tests/lowhash/lowhash.sh
+index 2984b9b..9dcc89b 100755
+--- a/nss/tests/lowhash/lowhash.sh
++++ b/nss/tests/lowhash/lowhash.sh
+@@ -63,7 +63,7 @@ lowhash_test()
+   else
+     TESTS="MD5 SHA1 SHA224 SHA256 SHA384 SHA512"
+     OLD_MODE=`echo ${NSS_FIPS}`
+-    for fips_mode in 0 1; do
++    for fips_mode in 0; do
+       echo "lowhashtest with fips mode=${fips_mode}"
+       export NSS_FIPS=${fips_mode}
+       for TEST in ${TESTS}
+
+base-commit: 85b7cf166687cbfaf3e3764ed1ea9bb3b9404ef0
+-- 
+2.41.0
+
-- 
2.41.0





^ permalink raw reply related	[flat|nested] 26+ messages in thread

* bug#40316: [PATCH v2 0/6] Attempt to make nss reproducible
  2024-05-02 11:00 ` bug#40316: [PATCH v2 0/6] Attempt to make nss reproducible Christina O'Donnell
  2024-05-02 11:00   ` bug#40316: [PATCH v2 1/6] gnu: nss: Fix cross-compilation Christina O'Donnell
@ 2024-05-02 12:42   ` Christina O'Donnell
  1 sibling, 0 replies; 26+ messages in thread
From: Christina O'Donnell @ 2024-05-02 12:42 UTC (permalink / raw)
  To: 40316; +Cc: zhengjunjie, vagrant, steve

Hi,

Please disregard my v2 patch. I now see where I went wrong and it's now 
working as expected on my machine.

I've sent an updated (v3) patch which builds successfully on x86_64, 
though I haven't yet tried cross-compiling or confirmed that it's still 
building reproducibly.

Sorry for the noise.

Christina

On 02/05/2024 12:00, Christina O'Donnell wrote:
> This patch series is an incomplete attempt to make nss reproducible. Currently
> this fails 4 tests due to NSS_FIPS_DISABLED not being respected.
>
> Christina O'Donnell (4):
>    gnu: nss: Update to 3.99.
>    gnu: nss-certs: Update to 3.99.
>    gnu: nss: Attempt to disable FIPS.
>    gnu: nss: Disable FIPS in lowhashtest.
>
> Zheng Junjie (2):
>    gnu: nss: Fix cross-compilation.
>    gnu: nspr: Fix cross-compilation.
>
>   gnu/packages/certs.scm                        | 24 +++++++++++---
>   gnu/packages/nss.scm                          | 27 ++++++++++++---
>   .../nss-disable-fips-in-lowhashtest.patch     | 28 ++++++++++++++++
>   .../patches/nss-disable-shlibsign.patch       | 33 +++++++++++++++++++
>   4 files changed, 102 insertions(+), 10 deletions(-)
>   create mode 100644 gnu/packages/patches/nss-disable-fips-in-lowhashtest.patch
>   create mode 100644 gnu/packages/patches/nss-disable-shlibsign.patch
>
>
> base-commit: 9a47ef6182b6a36354699efbdbedca17f24cd9b8




^ permalink raw reply	[flat|nested] 26+ messages in thread

* bug#40316: [PATCH 3/6] gnu: nss: Make reproducible.
  2024-04-26 22:58     ` bug#40316: [PATCH 3/6] gnu: nss: Make reproducible Vagrant Cascadian
@ 2024-05-02 12:51       ` Christina O'Donnell
  0 siblings, 0 replies; 26+ messages in thread
From: Christina O'Donnell @ 2024-05-02 12:51 UTC (permalink / raw)
  To: Vagrant Cascadian, 40316; +Cc: zhengjunjie, steve

Hi Vagrant,

On 26/04/2024 23:58, Vagrant Cascadian wrote:
> On 2024-04-26, Christina O'Donnell wrote:
>> gnu/packages/patches/nss-Disable-library-signing.patch: Disable library
>> signing to make the build reproducible.
>> gnu/packages/nss.scm (nss): Apply this new patch.
> Nice!

I have reordered my commits to first update to 3.99, before making nss 
reproducible. The more

This is similar to the approach that Nix takes,  though Nix adds a 
parameter that enables FIPS and shlibsign again. Is it worth adding a 
parameter to re-enable FIPS?

>> diff --git a/gnu/packages/patches/nss-Disable-library-signing.patch b/gnu/packages/patches/nss-Disable-library-signing.patch
>> new file mode 100644
>> index 00000000000..b488d29dcad
>> --- /dev/null
>> +++ b/gnu/packages/patches/nss-Disable-library-signing.patch
>> @@ -0,0 +1,67 @@
>> +From 4734b834755822f962af29e9395daa7338084e21 Mon Sep 17 00:00:00 2001
>> +Message-ID: <4734b834755822f962af29e9395daa7338084e21.1714059680.git.cdo@mutix.org>
>> +From: Christina O'Donnell <cdo@mutix.org>
>> +Date: Thu, 25 Apr 2024 16:35:50 +0100
>> +Subject: [PATCH] nss: Disable library signing.
>> +
>> +---
>> + nss/cmd/shlibsign/Makefile | 32 +-------------------------------
>> + 1 file changed, 1 insertion(+), 31 deletions(-)
> I think it would be good to explain why this patch is included, not just
> in the git commit message, but in the patch comments itself. I realize
> the patch actually includes a comment about non-determinism, but it is a
> bit lost in the diff.
Okay I've added a description to the v3 patch.
> Also, might be worth briefly explaining why disabling this feature is
> unlikely to break anything, etc.

I was actually wrong wrong about this on my v1 patch, that did break the 
FIPS tests. However disabling FIPS is what Nix does by default and all 
other tests pass without it.

I have noticed that Nix parameterizes on whether FIPS is enabled so 
users can re-enable FIPS if they need it for their use-cases. Is it 
worth doing something similar here, or would that add too much complexity?

> Curious if there might be some way to leave most of the code in place,
> disable it... otherwise on version updates it is more likely to result
> in conflicts with even minor changes...

I've shrunk the patches to be a few lines each.

Kind regards,

Christina


> live well,
>    vagrant




^ permalink raw reply	[flat|nested] 26+ messages in thread

* bug#40316: [PATCH v4 0/5] gnu: nss: Make reproducible.
  2020-03-29 11:16 bug#40316: core-updates nss not reproducible Danny Milosavljevic
                   ` (5 preceding siblings ...)
  2024-05-02 11:00 ` bug#40316: [PATCH v2 0/6] Attempt to make nss reproducible Christina O'Donnell
@ 2024-05-02 15:15 ` Christina O'Donnell
  2024-05-02 15:15   ` bug#40316: [PATCH v4 1/5] gnu: nss: Fix cross-compilation Christina O'Donnell
                     ` (4 more replies)
  6 siblings, 5 replies; 26+ messages in thread
From: Christina O'Donnell @ 2024-05-02 15:15 UTC (permalink / raw)
  To: 40316; +Cc: Christina O'Donnell, zhengjunjie, vagrant, steve

This patch-set is a slight modification of the previous one with a single change:

In the last commit, I have removed the specification of test parameters that
previously reduced the number of tests. This wasn't justified in the commit
message and turned out to be unnecessary anyway.

Christina O'Donnell (3):
  gnu: nss: Update to 3.99.
  gnu: nss-certs: Update to 3.99.
  gnu: nss: Make reproducible.

Zheng Junjie (2):
  gnu: nss: Fix cross-compilation.
  gnu: nspr: Fix cross-compilation.

 gnu/packages/certs.scm                        | 24 +++++++++++---
 gnu/packages/nss.scm                          | 22 ++++++++++---
 .../nss-define-NSS_FIPS_DISABLED.patch        | 29 ++++++++++++++++
 .../patches/nss-disable-shlibsign.patch       | 33 +++++++++++++++++++
 4 files changed, 98 insertions(+), 10 deletions(-)
 create mode 100644 gnu/packages/patches/nss-define-NSS_FIPS_DISABLED.patch
 create mode 100644 gnu/packages/patches/nss-disable-shlibsign.patch


base-commit: 9a47ef6182b6a36354699efbdbedca17f24cd9b8
-- 
2.41.0





^ permalink raw reply	[flat|nested] 26+ messages in thread

* bug#40316: [PATCH v4 1/5] gnu: nss: Fix cross-compilation.
  2024-05-02 15:15 ` bug#40316: [PATCH v4 0/5] gnu: nss: Make reproducible Christina O'Donnell
@ 2024-05-02 15:15   ` Christina O'Donnell
  2024-05-02 15:15   ` bug#40316: [PATCH v4 2/5] gnu: nspr: " Christina O'Donnell
                     ` (3 subsequent siblings)
  4 siblings, 0 replies; 26+ messages in thread
From: Christina O'Donnell @ 2024-05-02 15:15 UTC (permalink / raw)
  To: 40316; +Cc: zhengjunjie, vagrant, steve

From: Zheng Junjie <zhengjunjie@iscas.ac.cn>

* gnu/packages/nss.scm (nss)[arguments]<#:make-flags>: When
cross-compilation, Add CROSS_COMPILE=1.
<#:phases>: When cross-compilation, Set env NATIVE_CC to gcc.

Change-Id: I5c9559a4b8cecf2cfc6c47d136d69c01a335faaf
Signed-off-by: Zheng Junjie <zhengjunjie@iscas.ac.cn>
---
 gnu/packages/nss.scm | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm
index 7e9ed49ead..459e53bc1c 100644
--- a/gnu/packages/nss.scm
+++ b/gnu/packages/nss.scm
@@ -154,6 +154,9 @@ (define-public nss
                                             (#$(target-linux?) "linux")
                                             (else ""))))
                        #~())
+                #$@(if (%current-target-system)
+                       #~("CROSS_COMPILE=1")
+                       #~())
                 (string-append "NSPR_INCLUDE_DIR="
                                (search-input-directory %build-inputs
                                                        "include/nspr"))
@@ -175,6 +178,10 @@ (define-public nss
             (lambda _
               (setenv "CC" #$(cc-for-target))
               (setenv "CCC" #$(cxx-for-target))
+              ;; TODO: Set this unconditionally
+              #$@(if (%current-target-system)
+                     #~((setenv "NATIVE_CC" "gcc"))
+                     #~())
               ;; No VSX on powerpc-linux.
               #$@(if (target-ppc32?)
                      #~((setenv "NSS_DISABLE_CRYPTO_VSX" "1"))
-- 
2.41.0





^ permalink raw reply related	[flat|nested] 26+ messages in thread

* bug#40316: [PATCH v4 2/5] gnu: nspr: Fix cross-compilation.
  2024-05-02 15:15 ` bug#40316: [PATCH v4 0/5] gnu: nss: Make reproducible Christina O'Donnell
  2024-05-02 15:15   ` bug#40316: [PATCH v4 1/5] gnu: nss: Fix cross-compilation Christina O'Donnell
@ 2024-05-02 15:15   ` Christina O'Donnell
  2024-05-02 15:15   ` bug#40316: [PATCH v4 3/5] gnu: nss: Update to 3.99 Christina O'Donnell
                     ` (2 subsequent siblings)
  4 siblings, 0 replies; 26+ messages in thread
From: Christina O'Donnell @ 2024-05-02 15:15 UTC (permalink / raw)
  To: 40316; +Cc: zhengjunjie, vagrant, steve

From: Zheng Junjie <zhengjunjie@iscas.ac.cn>

* gnu/packages/nss.scm (nspr)[arguments]<#:configure-flags>: When
cross-compilation, Add HOST_CC=gcc.

Change-Id: I337f217f153f8cc3a713906643d6fab9115056e9
Signed-off-by: Zheng Junjie <zhengjunjie@iscas.ac.cn>
---
 gnu/packages/nss.scm | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm
index 459e53bc1c..0baafe2f37 100644
--- a/gnu/packages/nss.scm
+++ b/gnu/packages/nss.scm
@@ -71,7 +71,10 @@ (define-public nspr
       #~(list "--disable-static"
               "--enable-64bit"
               (string-append "LDFLAGS=-Wl,-rpath="
-                             (assoc-ref %outputs "out") "/lib"))
+                             (assoc-ref %outputs "out") "/lib")
+              #$@(if (%current-target-system)
+                     #~("HOST_CC=gcc")
+                     #~()))
       ;; Use fixed timestamps for reproducibility.
       #:make-flags #~'("SH_DATE='1970-01-01 00:00:01'"
                        ;; This is epoch 1 in microseconds.
-- 
2.41.0





^ permalink raw reply related	[flat|nested] 26+ messages in thread

* bug#40316: [PATCH v4 3/5] gnu: nss: Update to 3.99.
  2024-05-02 15:15 ` bug#40316: [PATCH v4 0/5] gnu: nss: Make reproducible Christina O'Donnell
  2024-05-02 15:15   ` bug#40316: [PATCH v4 1/5] gnu: nss: Fix cross-compilation Christina O'Donnell
  2024-05-02 15:15   ` bug#40316: [PATCH v4 2/5] gnu: nspr: " Christina O'Donnell
@ 2024-05-02 15:15   ` Christina O'Donnell
  2024-05-02 15:15   ` bug#40316: [PATCH v4 4/5] gnu: nss-certs: " Christina O'Donnell
  2024-05-02 15:15   ` bug#40316: [PATCH v4 5/5] gnu: nss: Make reproducible Christina O'Donnell
  4 siblings, 0 replies; 26+ messages in thread
From: Christina O'Donnell @ 2024-05-02 15:15 UTC (permalink / raw)
  To: 40316; +Cc: Christina O'Donnell, zhengjunjie, vagrant, steve

gnu/packages/nss.scm (nss): Update to 3.99.

Change-Id: Iba6c9dc2956cc0febb62a1c471add899250fa489
---
 gnu/packages/nss.scm | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm
index 0baafe2f37..6795e59d28 100644
--- a/gnu/packages/nss.scm
+++ b/gnu/packages/nss.scm
@@ -109,7 +109,7 @@ (define-public nss
     ;; IMPORTANT: Also update and test the nss-certs package, which duplicates
     ;; version and source to avoid a top-level variable reference & module
     ;; cycle.
-    (version "3.88.1")
+    (version "3.99")
     (source (origin
               (method url-fetch)
               (uri (let ((version-with-underscores
@@ -120,7 +120,7 @@ (define-public nss
                       "nss-" version ".tar.gz")))
               (sha256
                (base32
-                "15il9fsmixa1r4446zq1wl627sg0hz9h67w6kjxz273xz3nl7li7"))
+                "1g89ig40gfi1sp02gybvl2z818lawcnrqjzsws36cdva834c5maw"))
               ;; Create nss.pc and nss-config.
               (patches (search-patches "nss-3.56-pkgconfig.patch"
                                        "nss-getcwd-nonnull.patch"
@@ -207,7 +207,7 @@ (define-public nss
                     ;; leading to test failures:
                     ;; <https://bugzilla.mozilla.org/show_bug.cgi?id=609734>.  To
                     ;; work around that, set the time to roughly the release date.
-                    (invoke "faketime" "2022-11-01" "./nss/tests/all.sh"))
+                    (invoke "faketime" "2024-02-01" "./nss/tests/all.sh"))
                   (format #t "test suite not run~%"))))
           (replace 'install
             (lambda* (#:key outputs #:allow-other-keys)
-- 
2.41.0





^ permalink raw reply related	[flat|nested] 26+ messages in thread

* bug#40316: [PATCH v4 4/5] gnu: nss-certs: Update to 3.99.
  2024-05-02 15:15 ` bug#40316: [PATCH v4 0/5] gnu: nss: Make reproducible Christina O'Donnell
                     ` (2 preceding siblings ...)
  2024-05-02 15:15   ` bug#40316: [PATCH v4 3/5] gnu: nss: Update to 3.99 Christina O'Donnell
@ 2024-05-02 15:15   ` Christina O'Donnell
  2024-05-02 15:15   ` bug#40316: [PATCH v4 5/5] gnu: nss: Make reproducible Christina O'Donnell
  4 siblings, 0 replies; 26+ messages in thread
From: Christina O'Donnell @ 2024-05-02 15:15 UTC (permalink / raw)
  To: 40316; +Cc: Christina O'Donnell, zhengjunjie, vagrant, steve

gnu/packages/certs.scm (nss-certs-3.88.1): New variable.
(nss-certs-3.98): Update and rename to nss-certs-3.99.
(nss-certs): Update to 3.99.

Change-Id: I2f5f737d44d08497d4f5e0e07557be36d2f1f070
---
 gnu/packages/certs.scm | 24 +++++++++++++++++++-----
 1 file changed, 19 insertions(+), 5 deletions(-)

diff --git a/gnu/packages/certs.scm b/gnu/packages/certs.scm
index 7078c7c8d1..7aa96493fb 100644
--- a/gnu/packages/certs.scm
+++ b/gnu/packages/certs.scm
@@ -125,7 +125,7 @@ (define-public certdata2pem
 that was originally contributed to Debian.")
       (license license:isc))))
 
-(define-public nss-certs
+(define-public nss-certs-3.88.1
   (package
     (name "nss-certs")
     ;; XXX We used to refer to the nss package here, but that eventually caused
@@ -188,10 +188,10 @@ (define-public nss-certs
     (home-page "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS")
     (license license:mpl2.0)))
 
-(define-public nss-certs-3.98
+(define-public nss-certs-3.99
   (package
-    (inherit nss-certs)
-    (version "3.98")
+    (inherit nss-certs-3.88.1)
+    (version "3.99")
     (source (origin
               (method url-fetch)
               (uri (let ((version-with-underscores
@@ -202,7 +202,21 @@ (define-public nss-certs-3.98
                       "nss-" version ".tar.gz")))
               (sha256
                (base32
-                "1kh98amfklrq6915n4mlbrcqghc3srm7rkzs9dkh21jwscrwqjgm"))))))
+                "15il9fsmixa1r4446zq1wl627sg0hz9h67w6kjxz273xz3nl7li7"))
+              ;; Create nss.pc and nss-config.
+              (patches (search-patches "nss-3.56-pkgconfig.patch"
+                                       "nss-getcwd-nonnull.patch"
+                                       "nss-increase-test-timeout.patch"
+                                       "nss-Disable-library-signing.patch"))
+              (modules '((guix build utils)))
+              (snippet
+               '(begin
+                  ;; Delete the bundled copy of these libraries.
+                  (delete-file-recursively "nss/lib/zlib")
+                  (delete-file-recursively "nss/lib/sqlite")))))))
+
+(define-public nss-certs
+  nss-certs-3.99)
 
 (define-public le-certs
   (package
-- 
2.41.0





^ permalink raw reply related	[flat|nested] 26+ messages in thread

* bug#40316: [PATCH v4 5/5] gnu: nss: Make reproducible.
  2024-05-02 15:15 ` bug#40316: [PATCH v4 0/5] gnu: nss: Make reproducible Christina O'Donnell
                     ` (3 preceding siblings ...)
  2024-05-02 15:15   ` bug#40316: [PATCH v4 4/5] gnu: nss-certs: " Christina O'Donnell
@ 2024-05-02 15:15   ` Christina O'Donnell
  4 siblings, 0 replies; 26+ messages in thread
From: Christina O'Donnell @ 2024-05-02 15:15 UTC (permalink / raw)
  To: 40316; +Cc: Christina O'Donnell, zhengjunjie, vagrant, steve

gnu/packages/nss.scm (nss): Define NSS_FIPS_DISABLED to disable FIPS. This is
required because FIPS relies on libraries signed with shlibsign, which is inherently
non-determinstic. This removes all non-determinism from this package.

Change-Id: Ic111c9f290719e82b3ff69589f585384f2e74baa
Change-Id: Id5a59840fa22c013982ab53826f7e66b40bb5227
Change-Id: I2b294530b017285d0949a1082abaaf3a8fe1f6b5
Change-Id: I5a52ef3db687a2fe538dfffd744a0fc8515b2cb1
---
 gnu/packages/nss.scm                          |  4 ++-
 .../nss-define-NSS_FIPS_DISABLED.patch        | 29 ++++++++++++++++
 .../patches/nss-disable-shlibsign.patch       | 33 +++++++++++++++++++
 3 files changed, 65 insertions(+), 1 deletion(-)
 create mode 100644 gnu/packages/patches/nss-define-NSS_FIPS_DISABLED.patch
 create mode 100644 gnu/packages/patches/nss-disable-shlibsign.patch

diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm
index 6795e59d28..ecc1c5156b 100644
--- a/gnu/packages/nss.scm
+++ b/gnu/packages/nss.scm
@@ -124,7 +124,9 @@ (define-public nss
               ;; Create nss.pc and nss-config.
               (patches (search-patches "nss-3.56-pkgconfig.patch"
                                        "nss-getcwd-nonnull.patch"
-                                       "nss-increase-test-timeout.patch"))
+                                       "nss-increase-test-timeout.patch"
+                                       "nss-disable-shlibsign.patch"
+                                       "nss-define-NSS_FIPS_DISABLED.patch"))
               (modules '((guix build utils)))
               (snippet
                '(begin
diff --git a/gnu/packages/patches/nss-define-NSS_FIPS_DISABLED.patch b/gnu/packages/patches/nss-define-NSS_FIPS_DISABLED.patch
new file mode 100644
index 0000000000..40ac66e365
--- /dev/null
+++ b/gnu/packages/patches/nss-define-NSS_FIPS_DISABLED.patch
@@ -0,0 +1,29 @@
+From e89a33daac982107421117ad95ae8443ef316079 Mon Sep 17 00:00:00 2001
+Message-ID: <e89a33daac982107421117ad95ae8443ef316079.1714649801.git.cdo@mutix.org>
+From: Christina O'Donnell <cdo@mutix.org>
+Date: Thu, 2 May 2024 12:34:40 +0100
+Subject: [PATCH] Define NSS_FIPS_DISABLED.
+
+Disable FIPS as it depends on shlibsign which is non-deterministic.
+---
+ nss/coreconf/config.mk | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/nss/coreconf/config.mk b/nss/coreconf/config.mk
+index 741bbee..e02e5d2 100644
+--- a/nss/coreconf/config.mk
++++ b/nss/coreconf/config.mk
+@@ -215,7 +215,7 @@ endif
+ # NSS_NO_INIT_SUPPORT is always defined on platforms that don't support
+ # executing the startup tests at library load time.
+ ifndef NSS_FORCE_FIPS
+-DEFINES += -DNSS_NO_INIT_SUPPORT
++DEFINES += -DNSS_NO_INIT_SUPPORT -DNSS_FIPS_DISABLED
+ endif
+ 
+ ifdef NSS_SEED_ONLY_DEV_URANDOM
+
+base-commit: 490a62da7d23b579fab71a84e2107f414187738d
+-- 
+2.41.0
+
diff --git a/gnu/packages/patches/nss-disable-shlibsign.patch b/gnu/packages/patches/nss-disable-shlibsign.patch
new file mode 100644
index 0000000000..591af76449
--- /dev/null
+++ b/gnu/packages/patches/nss-disable-shlibsign.patch
@@ -0,0 +1,33 @@
+From 85b7cf166687cbfaf3e3764ed1ea9bb3b9404ef0 Mon Sep 17 00:00:00 2001
+Message-ID: <85b7cf166687cbfaf3e3764ed1ea9bb3b9404ef0.1714589168.git.cdo@mutix.org>
+From: Christina O'Donnell <cdo@mutix.org>
+Date: Wed, 1 May 2024 19:44:09 +0100
+Subject: [PATCH] nss: Disable shlibsign.
+
+This is required as it generates a new key each time it is run through a
+non-deterministic process.
+---
+ nss/cmd/shlibsign/sign.sh | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/nss/cmd/shlibsign/sign.sh b/nss/cmd/shlibsign/sign.sh
+index 5551c5f..baf1dea 100644
+--- a/nss/cmd/shlibsign/sign.sh
++++ b/nss/cmd/shlibsign/sign.sh
+@@ -45,7 +45,9 @@ WIN*)
+     export LIBRARY_PATH
+     ADDON_PATH=${1}/lib:${4}:$ADDON_PATH
+     export ADDON_PATH
+-    echo "${2}"/shlibsign -v -i "${5}"
+-    "${2}"/shlibsign -v -i "${5}"
++    # Disable lib signing as it generates its keys through a non-deterministic
++    # process.
++    # echo "${2}"/shlibsign -v -i "${5}"
++    # "${2}"/shlibsign -v -i "${5}"
+     ;;
+ esac
+
+base-commit: c9d74497ed5a5b0a0d3f7d609b1c15a3b810ee5b
+-- 
+2.41.0
+
-- 
2.41.0





^ permalink raw reply related	[flat|nested] 26+ messages in thread

* bug#40316: nss not reproducible
       [not found]   ` <87jzkc1vfb.fsf_-_@gnu.org>
@ 2024-05-05  8:00     ` Tobias Alexandra Platen
  0 siblings, 0 replies; 26+ messages in thread
From: Tobias Alexandra Platen @ 2024-05-05  8:00 UTC (permalink / raw)
  To: 40316

Building nss on my Talos II takes a long time, I did not test weather
it is reproducible. It seems that there are no binaries from the
build farm.

Alex




^ permalink raw reply	[flat|nested] 26+ messages in thread

end of thread, other threads:[~2024-05-06 14:50 UTC | newest]

Thread overview: 26+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-03-29 11:16 bug#40316: core-updates nss not reproducible Danny Milosavljevic
2020-03-30  6:09 ` Gábor Boskovits
2020-03-30 11:55 ` Marius Bakke
2020-03-31  9:28   ` Björn Höfling
2021-05-18  1:04 ` Bone Baboon via Bug reports for GNU Guix
2024-03-07 22:16   ` Vagrant Cascadian
2024-04-23 12:42 ` bug#40316: Update needed of NSS Steve George
     [not found] ` <cover.1714166213.git.cdo@mutix.org>
2024-04-26 21:33   ` bug#40316: [PATCH 1/6] gnu: nss: Fix cross-compilation Christina O'Donnell
2024-04-26 21:33   ` bug#40316: [PATCH 2/6] gnu: nspr: " Christina O'Donnell
     [not found]   ` <ba7d0083ae84b8ff3bd5e01a633cbe32226f8651.1714166213.git.cdo@mutix.org>
2024-04-26 22:58     ` bug#40316: [PATCH 3/6] gnu: nss: Make reproducible Vagrant Cascadian
2024-05-02 12:51       ` Christina O'Donnell
     [not found]   ` <87jzkc1vfb.fsf_-_@gnu.org>
2024-05-05  8:00     ` bug#40316: nss not reproducible Tobias Alexandra Platen
2024-05-02 11:00 ` bug#40316: [PATCH v2 0/6] Attempt to make nss reproducible Christina O'Donnell
2024-05-02 11:00   ` bug#40316: [PATCH v2 1/6] gnu: nss: Fix cross-compilation Christina O'Donnell
2024-05-02 11:00     ` bug#40316: [PATCH v2 2/6] gnu: nspr: " Christina O'Donnell
2024-05-02 11:00     ` bug#40316: [PATCH v2 3/6] gnu: nss: Update to 3.99 Christina O'Donnell
2024-05-02 11:00     ` bug#40316: [PATCH v2 4/6] gnu: nss-certs: " Christina O'Donnell
2024-05-02 11:00     ` bug#40316: [PATCH v2 5/6] gnu: nss: Attempt to disable FIPS Christina O'Donnell
2024-05-02 11:00     ` bug#40316: [PATCH v2 6/6] gnu: nss: Disable FIPS in lowhashtest Christina O'Donnell
2024-05-02 12:42   ` bug#40316: [PATCH v2 0/6] Attempt to make nss reproducible Christina O'Donnell
2024-05-02 15:15 ` bug#40316: [PATCH v4 0/5] gnu: nss: Make reproducible Christina O'Donnell
2024-05-02 15:15   ` bug#40316: [PATCH v4 1/5] gnu: nss: Fix cross-compilation Christina O'Donnell
2024-05-02 15:15   ` bug#40316: [PATCH v4 2/5] gnu: nspr: " Christina O'Donnell
2024-05-02 15:15   ` bug#40316: [PATCH v4 3/5] gnu: nss: Update to 3.99 Christina O'Donnell
2024-05-02 15:15   ` bug#40316: [PATCH v4 4/5] gnu: nss-certs: " Christina O'Donnell
2024-05-02 15:15   ` bug#40316: [PATCH v4 5/5] gnu: nss: Make reproducible Christina O'Donnell

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).