unofficial mirror of bug-guix@gnu.org 
 help / color / mirror / Atom feed
* bug#44559: gnutls 3.6.12 fails to build: FAIL: status-request-revoked
@ 2020-11-10 20:49 Christopher Baines
  2020-11-12 21:06 ` Ludovic Courtès
  0 siblings, 1 reply; 4+ messages in thread
From: Christopher Baines @ 2020-11-10 20:49 UTC (permalink / raw)
  To: 44559

[-- Attachment #1: Type: text/plain, Size: 453 bytes --]


I found this when trying to build guile3.0-gnutls:

  guix time-machine --commit=94585fffb23079fe71110e2bf99782eb4ccfa12b -- build --no-grafts --check guile3.0-gnutls
  

FAIL: status-request-revoked
============================

trying NORMAL:-VERS-ALL:+VERS-TLS1.2
received status request
received status request
cert_verify_callback:263: certificate verify status doesn't match: 100402 != 22FAIL status-request-revoked (exit status: 1)

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 987 bytes --]

^ permalink raw reply	[flat|nested] 4+ messages in thread

* bug#44559: gnutls 3.6.12 fails to build: FAIL: status-request-revoked
  2020-11-10 20:49 bug#44559: gnutls 3.6.12 fails to build: FAIL: status-request-revoked Christopher Baines
@ 2020-11-12 21:06 ` Ludovic Courtès
  2020-11-12 21:18   ` Marius Bakke
  0 siblings, 1 reply; 4+ messages in thread
From: Ludovic Courtès @ 2020-11-12 21:06 UTC (permalink / raw)
  To: Christopher Baines; +Cc: 44559

Hi,

Christopher Baines <mail@cbaines.net> skribis:

> I found this when trying to build guile3.0-gnutls:
>
>   guix time-machine --commit=94585fffb23079fe71110e2bf99782eb4ccfa12b -- build --no-grafts --check guile3.0-gnutls
>   
>
> FAIL: status-request-revoked
> ============================
>
> trying NORMAL:-VERS-ALL:+VERS-TLS1.2
> received status request
> received status request
> cert_verify_callback:263: certificate verify status doesn't match: 100402 != 22FAIL status-request-revoked (exit status: 1)

This was fixed upstream between 3.6.12 and 3.6.14 with this patch by
Bernhard (it’s a small world!):

--8<---------------cut here---------------start------------->8---
commit ed208fe55f31478732fd6cc394f9576b315a42cd
Author: Bernhard M. Wiedemann <bwiedemann@suse.de>
Date:   Sun Apr 5 15:09:57 2020 +0200

    tests: Fix status-request-revoked after 2020-10-24
    
    included certs expire 2020-10-24 so this test fails after that date.
    
    Fixes #967
    
    This patch was done while working on reproducible builds for openSUSE.
    
    Signed-off-by: Bernhard M. Wiedemann <bwiedemann@suse.de>
--8<---------------cut here---------------end--------------->8---

The question for us becomes how to ensure long-term reproducibility in
the presence of such bugs.

In this case, I think the only solution would be to change the system
clock when one rebuilds GnuTLS (or to use ‘--without-tests=gnutls’, but
you end up with different derivations, which is not necessarily
desirable).

Thoughts?

Ludo’.




^ permalink raw reply	[flat|nested] 4+ messages in thread

* bug#44559: gnutls 3.6.12 fails to build: FAIL: status-request-revoked
  2020-11-12 21:06 ` Ludovic Courtès
@ 2020-11-12 21:18   ` Marius Bakke
  2020-11-15 11:05     ` Ludovic Courtès
  0 siblings, 1 reply; 4+ messages in thread
From: Marius Bakke @ 2020-11-12 21:18 UTC (permalink / raw)
  To: Ludovic Courtès, Christopher Baines; +Cc: 44559

[-- Attachment #1: Type: text/plain, Size: 603 bytes --]

Ludovic Courtès <ludo@gnu.org> writes:

> The question for us becomes how to ensure long-term reproducibility in
> the presence of such bugs.
>
> In this case, I think the only solution would be to change the system
> clock when one rebuilds GnuTLS (or to use ‘--without-tests=gnutls’, but
> you end up with different derivations, which is not necessarily
> desirable).
>
> Thoughts?

There is a related bug report here:

  https://issues.guix.gnu.org/39310

Perhaps we could make a "--with-system-clock" option for 'guix build'
that instructs the daemon to fake the system time?

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 507 bytes --]

^ permalink raw reply	[flat|nested] 4+ messages in thread

* bug#44559: gnutls 3.6.12 fails to build: FAIL: status-request-revoked
  2020-11-12 21:18   ` Marius Bakke
@ 2020-11-15 11:05     ` Ludovic Courtès
  0 siblings, 0 replies; 4+ messages in thread
From: Ludovic Courtès @ 2020-11-15 11:05 UTC (permalink / raw)
  To: Marius Bakke; +Cc: 44559

Hi,

Marius Bakke <marius@gnu.org> skribis:

> Ludovic Courtès <ludo@gnu.org> writes:
>
>> The question for us becomes how to ensure long-term reproducibility in
>> the presence of such bugs.
>>
>> In this case, I think the only solution would be to change the system
>> clock when one rebuilds GnuTLS (or to use ‘--without-tests=gnutls’, but
>> you end up with different derivations, which is not necessarily
>> desirable).
>>
>> Thoughts?
>
> There is a related bug report here:
>
>   https://issues.guix.gnu.org/39310
>
> Perhaps we could make a "--with-system-clock" option for 'guix build'
> that instructs the daemon to fake the system time?

How would it fake it though?

There are time_namespaces(7), but it’s only for CLOCK_MONOTONIC and
CLOCK_BOOTTIME.

LD_PRELOAD like ‘datefudge’ does is probably not a viable option.

Ludo’.




^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2020-11-15 11:07 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-11-10 20:49 bug#44559: gnutls 3.6.12 fails to build: FAIL: status-request-revoked Christopher Baines
2020-11-12 21:06 ` Ludovic Courtès
2020-11-12 21:18   ` Marius Bakke
2020-11-15 11:05     ` Ludovic Courtès

unofficial mirror of bug-guix@gnu.org 

This inbox may be cloned and mirrored by anyone:

	git clone --mirror https://yhetil.org/guix-bugs/0 guix-bugs/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 guix-bugs guix-bugs/ https://yhetil.org/guix-bugs \
		bug-guix@gnu.org
	public-inbox-index guix-bugs

Example config snippet for mirrors.
Newsgroups are available over NNTP:
	nntp://news.yhetil.org/yhetil.gnu.guix.bugs
	nntp://news.gmane.io/gmane.comp.gnu.guix.bugs


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git