From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0.migadu.com ([2001:41d0:403:4876::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms1.migadu.com with LMTPS id gNxyNSAeLGZs2AAAqHPOHw:P1 (envelope-from ) for ; Fri, 26 Apr 2024 23:35:29 +0200 Received: from aspmx1.migadu.com ([2001:41d0:403:4876::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0.migadu.com with LMTPS id gNxyNSAeLGZs2AAAqHPOHw (envelope-from ) for ; Fri, 26 Apr 2024 23:35:28 +0200 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=none; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org"; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1714167328; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=/5eL++7jSoIvuWg+KmeFg7GJV4k6Ea6Wz/sZ9aQxIHI=; b=HrHKXEZoXUJtWwAY6RaasAHWk+MTvpxKsKjL7AWGNaZKiGuufLPjRdfY0IS2/Dspn9NsHY ZmqfNB7yRJCGlM81OH1/M+XJ+abnXzfvKLX5ksvN80W7R8+F7U/4AzmgLsVoY8FshxgYOu zuhPk9HfFglMR4PP/fPVFqOHbe6dar75u7u7kPtqVyCtlitJvP8uKG+gfvTs0Ws2ZP8k1+ hkkyCsQacjaPXemUlkQn8T0mto3xeHVxi5jNO9oq3mdx8wAZAGXUzOe0GnfpXCibAMNK+T 8/RzuEf61/4IrtppbBpkrTzdDo5Sa6JtkHe9mhpnYwQUhJ0AsYSHo0PavET8og== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org"; dmarc=none ARC-Seal: i=1; s=key1; d=yhetil.org; t=1714167328; a=rsa-sha256; cv=none; b=qDFyZZo4MUkwIqmYXxUBUOCm7bmzYeacsrCPV6x2S/3V+tVFfSor/yvKJIyPmP2qa3bmlG RXyY/UzW7kpdwvYSD3U85nSa5QxZScSfWb+t34X/966l1wbBGNz7vjlqgvxbmjs25oPu5Q APCbWJ012/2NKLq3fu+7ITYhyreJA9f9K5AaBqJpc2UJFIK+PZdneRoWthga0avA0AJwHl HbRYU/C6GdYxphkaqihUnc9v/FDvbAMgLfhX96FzDU+Xp2ozqFL3T4l74JmvG1A39ZOjpO XUAhQN2iji3D2OW9hQImFceoxn7e5fWE62eC91WJyeUUI/Ro3rdPo4Gj3I8/uw== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id B1EF624E71 for ; Fri, 26 Apr 2024 23:35:28 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1s0TDA-00053L-0W; Fri, 26 Apr 2024 17:34:28 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1s0TD7-00051x-0N for guix-devel@gnu.org; Fri, 26 Apr 2024 17:34:25 -0400 Received: from vmi993448.contaboserver.net ([194.163.141.236] helo=mutix.org) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1s0TD4-000302-10 for guix-devel@gnu.org; Fri, 26 Apr 2024 17:34:24 -0400 Received: from [86.132.246.87] (host81-152-149-149.range81-152.btcentralplus.com [81.152.149.149]) (Authenticated sender: cdo) by mutix.org (Postfix) with ESMTPSA id A1B2DA604B4; Fri, 26 Apr 2024 23:34:17 +0200 (CEST) From: Christina O'Donnell To: 40316@debbugs.gnu.org Cc: guix-devel@gnu.org, steve@futurile.net, zhengjunjie@iscas.ac.cn, Christina O'Donnell Subject: [PATCH 0/6] WIP: nss: Update to 3.99 Date: Fri, 26 Apr 2024 22:33:56 +0100 Message-ID: X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=194.163.141.236; envelope-from=cdo@mutix.org; helo=mutix.org X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: guix-devel-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN X-Spam-Score: -4.89 X-Migadu-Queue-Id: B1EF624E71 X-Migadu-Scanner: mx10.migadu.com X-Migadu-Spam-Score: -4.89 X-TUID: 2g9txSvtUK5x Hi, I've got as far as making nss 3.98 reproducible, however updating it to 3.99 results in 51 test failures. These are regressions, and worked correctly for 3.98. I'm not entirely sure what the issue is, but I've run out of time to debug it this week, so I'm sending this patch up as is. Up to patch 3 build correctly. Patch 4 is the first one that fails. The issue specifically seems to all be related to FIPS: A PKCS #11 module returned CKR_DEVICE_ERROR, indicating that a problem has occurred with the token or slot. If someone could take a look at this and see if there's anything I've missded then I'd appreciate that. Otherwise I'm free to pick it back up again on Tuesday. Let me know if you have any questions. Kind regards, Christina Christina O'Donnell (4): gnu: nss: Make reproducible. gnu: nss: Update to 3.99. gnu: nss-certs: Update to 3.99. WIP: nss: Attempting to resolve FIPS regression. Zheng Junjie (2): gnu: nss: Fix cross-compilation. gnu: nspr: Fix cross-compilation. gnu/packages/certs.scm | 24 +++++-- gnu/packages/nss.scm | 30 +++++++-- .../patches/nss-Disable-library-signing.patch | 67 +++++++++++++++++++ 3 files changed, 111 insertions(+), 10 deletions(-) create mode 100644 gnu/packages/patches/nss-Disable-library-signing.patch base-commit: 9a47ef6182b6a36354699efbdbedca17f24cd9b8 -- 2.41.0