From: Christina O'Donnell <cdo@mutix.org>
To: 40316@debbugs.gnu.org
Cc: guix-devel@gnu.org, steve@futurile.net, zhengjunjie@iscas.ac.cn,
Christina O'Donnell <cdo@mutix.org>
Subject: [PATCH 3/6] gnu: nss: Make reproducible.
Date: Fri, 26 Apr 2024 22:33:59 +0100 [thread overview]
Message-ID: <ba7d0083ae84b8ff3bd5e01a633cbe32226f8651.1714166213.git.cdo@mutix.org> (raw)
In-Reply-To: <cover.1714166213.git.cdo@mutix.org>
gnu/packages/patches/nss-Disable-library-signing.patch: Disable library
signing to make the build reproducible.
gnu/packages/nss.scm (nss): Apply this new patch.
Change-Id: I7860bae219ecc4a79423a590c27a1097ae2e7874
---
gnu/packages/nss.scm | 3 +-
.../patches/nss-Disable-library-signing.patch | 67 +++++++++++++++++++
2 files changed, 69 insertions(+), 1 deletion(-)
create mode 100644 gnu/packages/patches/nss-Disable-library-signing.patch
diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm
index 0baafe2f373..b608a995577 100644
--- a/gnu/packages/nss.scm
+++ b/gnu/packages/nss.scm
@@ -124,7 +124,8 @@ (define-public nss
;; Create nss.pc and nss-config.
(patches (search-patches "nss-3.56-pkgconfig.patch"
"nss-getcwd-nonnull.patch"
- "nss-increase-test-timeout.patch"))
+ "nss-increase-test-timeout.patch"
+ "nss-Disable-library-signing.patch"))
(modules '((guix build utils)))
(snippet
'(begin
diff --git a/gnu/packages/patches/nss-Disable-library-signing.patch b/gnu/packages/patches/nss-Disable-library-signing.patch
new file mode 100644
index 00000000000..b488d29dcad
--- /dev/null
+++ b/gnu/packages/patches/nss-Disable-library-signing.patch
@@ -0,0 +1,67 @@
+From 4734b834755822f962af29e9395daa7338084e21 Mon Sep 17 00:00:00 2001
+Message-ID: <4734b834755822f962af29e9395daa7338084e21.1714059680.git.cdo@mutix.org>
+From: Christina O'Donnell <cdo@mutix.org>
+Date: Thu, 25 Apr 2024 16:35:50 +0100
+Subject: [PATCH] nss: Disable library signing.
+
+---
+ nss/cmd/shlibsign/Makefile | 32 +-------------------------------
+ 1 file changed, 1 insertion(+), 31 deletions(-)
+
+diff --git a/nss/cmd/shlibsign/Makefile b/nss/cmd/shlibsign/Makefile
+index a119205..7a85c1d 100644
+--- a/nss/cmd/shlibsign/Makefile
++++ b/nss/cmd/shlibsign/Makefile
+@@ -43,22 +43,9 @@ EXTRA_SHARED_LIBS += \
+
+ endif
+
+-
+-# sign any and all shared libraries that contain the word freebl
+-ifeq ($(NSS_BUILD_WITHOUT_SOFTOKEN),1)
++# Disable library signing as it's non-deterministic
+ CHECKLIBS =
+ CHECKLOC =
+-else
+-CHECKLIBS = $(DIST)/lib/$(DLL_PREFIX)softokn3.$(DLL_SUFFIX)
+-CHECKLIBS += $(wildcard $(DIST)/lib/$(DLL_PREFIX)freebl*3.$(DLL_SUFFIX))
+-ifndef NSS_DISABLE_DBM
+-CHECKLIBS += $(DIST)/lib/$(DLL_PREFIX)nssdbm3.$(DLL_SUFFIX)
+-endif
+-CHECKLOC = $(CHECKLIBS:.$(DLL_SUFFIX)=.chk)
+-
+-MD_LIB_RELEASE_FILES = $(CHECKLOC)
+-ALL_TRASH += $(CHECKLOC)
+-endif
+
+ #######################################################################
+ # (5) Execute "global" rules. (OPTIONAL) #
+@@ -78,23 +65,6 @@ include $(CORE_DEPTH)/coreconf/rules.mk
+
+ include ../platrules.mk
+
+-SRCDIR = $(call core_abspath,.)
+-
+-%.chk: %.$(DLL_SUFFIX)
+-ifeq ($(OS_TARGET), OS2)
+- cd $(OBJDIR) ; cmd.exe /c $(SRCDIR)/sign.cmd $(DIST) \
+- $(call core_abspath,$(OBJDIR)) $(OS_TARGET) \
+- $(call core_abspath,$(NSPR_LIB_DIR)) $(call core_abspath,$<)
+-else
+- ifeq ($(CROSS_COMPILE),1)
+- # do nothing
+- else
+- cd $(OBJDIR) ; sh $(SRCDIR)/sign.sh $(call core_abspath,$(DIST)) \
+- $(call core_abspath,$(OBJDIR)) $(OS_TARGET) \
+- $(call core_abspath,$(NSPR_LIB_DIR)) $(call core_abspath,$<)
+- endif
+-endif
+-
+ libs: install
+ ifdef CHECKLOC
+ $(MAKE) $(CHECKLOC)
+
+base-commit: 2951778f8e8855bed24754a57ecc43f02a2843dd
+--
+2.41.0
+
--
2.41.0
next prev parent reply other threads:[~2024-04-26 21:35 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20200329131611.38448a58@scratchpost.org>
2024-04-26 21:33 ` [PATCH 0/6] WIP: nss: Update to 3.99 Christina O'Donnell
2024-04-26 21:33 ` bug#40316: [PATCH 1/6] gnu: nss: Fix cross-compilation Christina O'Donnell
2024-04-26 21:33 ` bug#40316: [PATCH 2/6] gnu: nspr: " Christina O'Donnell
2024-04-26 21:33 ` Christina O'Donnell [this message]
2024-04-26 21:34 ` [PATCH 4/6] gnu: nss: Update to 3.99 Christina O'Donnell
2024-04-26 21:34 ` [PATCH 5/6] gnu: nss-certs: " Christina O'Donnell
2024-04-26 21:34 ` [PATCH 6/6] WIP: nss: Attempting to resolve FIPS regression Christina O'Donnell
2024-05-02 8:15 ` bug#40316: nss not reproducible Ludovic Courtès
2024-05-02 15:20 ` Christina O'Donnell
2024-05-06 10:12 ` Ludovic Courtès
2024-05-06 11:37 ` Christina O'Donnell
2024-05-14 9:15 ` Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ba7d0083ae84b8ff3bd5e01a633cbe32226f8651.1714166213.git.cdo@mutix.org \
--to=cdo@mutix.org \
--cc=40316@debbugs.gnu.org \
--cc=guix-devel@gnu.org \
--cc=steve@futurile.net \
--cc=zhengjunjie@iscas.ac.cn \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).