Re: gnutls 'name-constraints' test failure

[Leo Famulari <leo@famulari.name>]

[-- Attachment #1.1: Type: text/plain, Size: 296 bytes --]

On Sun, Jul 17, 2016 at 03:25:46PM +0200, Ludovic Courtès wrote:
> Interesting failure mode.

"Interesting" is one word for it ;) It's not the first time I've seen a
test go stale.

> In the meantime grafting is a good idea.  Would you like to try that?

A patch is attached for review!

[-- Attachment #1.2: 0001-gnu-gnutls-Fix-test-failure.patch --]
[-- Type: text/x-diff, Size: 4079 bytes --]

From 55512c47d6331109a82acc083ad5ea905d386be7 Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Sun, 17 Jul 2016 13:07:35 -0400
Subject: [PATCH] gnu: gnutls: Fix test failure.

* gnu/packages/patches/gnutls-fix-stale-test.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/tls.scm (gnutls)[replacement]: New field.
(gnutls/fixed): New variable.
---
 gnu/local.mk                                     |  1 +
 gnu/packages/patches/gnutls-fix-stale-test.patch | 50 ++++++++++++++++++++++++
 gnu/packages/tls.scm                             |  8 ++++
 3 files changed, 59 insertions(+)
 create mode 100644 gnu/packages/patches/gnutls-fix-stale-test.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 536ecef..ef2eb0b 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -533,6 +533,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/gmp-faulty-test.patch			\
   %D%/packages/patches/gnome-tweak-tool-search-paths.patch	\
   %D%/packages/patches/gnucash-price-quotes-perl.patch		\
+  %D%/packages/patches/gnutls-fix-stale-test.patch		\
   %D%/packages/patches/gobject-introspection-absolute-shlib-path.patch \
   %D%/packages/patches/gobject-introspection-cc.patch		\
   %D%/packages/patches/gobject-introspection-girepository.patch	\
diff --git a/gnu/packages/patches/gnutls-fix-stale-test.patch b/gnu/packages/patches/gnutls-fix-stale-test.patch
new file mode 100644
index 0000000..abb547a
--- /dev/null
+++ b/gnu/packages/patches/gnutls-fix-stale-test.patch
@@ -0,0 +1,50 @@
+A certificate used in the GnuTLS test suite has expired, causing the
+test suite to fail.
+
+The effect of this patch depends on whether or not the datefudge program
+is available. If it is, then it is used to change the date in the test
+environment. If it is not, then the test is skipped.
+
+At the time this patch was added to Guix, datefudge was not available,
+so the test is skipped.
+
+Taken from upstream commit:
+https://gitlab.com/gnutls/gnutls/commit/47f25d9e08d4e102572804a2aed186b01db23c65
+
+From 47f25d9e08d4e102572804a2aed186b01db23c65 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@redhat.com>
+Date: Wed, 29 Jun 2016 17:31:13 +0200
+Subject: [PATCH] tests: use datefudge in name-constraints test
+
+This avoids the expiration of the used certificate to affect the test.
+---
+ tests/cert-tests/name-constraints | 13 ++++++++++++-
+ 1 file changed, 12 insertions(+), 1 deletion(-)
+
+diff --git a/tests/cert-tests/name-constraints b/tests/cert-tests/name-constraints
+index 05d6e9b..59af00f 100755
+--- a/tests/cert-tests/name-constraints
++++ b/tests/cert-tests/name-constraints
+@@ -28,7 +28,18 @@ if ! test -z "${VALGRIND}"; then
+ fi
+ TMPFILE=tmp.$$.pem
+ 
+-${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/name-constraints-ip.pem"
++export TZ="UTC"
++
++# Check for datefudge
++TSTAMP=`datefudge -s "2006-09-23" date -u +%s || true`
++if test "$TSTAMP" != "1158969600"; then
++	echo $TSTAMP
++	echo "You need datefudge to run this test"
++	exit 77
++fi
++
++datefudge -s "2016-04-22" \
++	${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/name-constraints-ip.pem"
+ rc=$?
+ 
+ if test "${rc}" != "0"; then
+-- 
+2.9.1
+
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index bdc1d7c..6ba1776 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -122,6 +122,7 @@ living in the same process.")
 (define-public gnutls
   (package
     (name "gnutls")
+    (replacement gnutls/fixed)
     (version "3.4.7")
     (source (origin
              (method url-fetch)
@@ -194,6 +195,13 @@ required structures.")
     (properties '((ftp-server . "ftp.gnutls.org")
                   (ftp-directory . "/gcrypt/gnutls")))))
 
+(define-public gnutls/fixed
+  (package
+    (inherit gnutls)
+    (source (origin
+              (inherit (package-source gnutls))
+              (patches (search-patches "gnutls-fix-stale-test.patch"))))))
+
 (define-public openssl
   (package
    (name "openssl")
-- 
2.9.1


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]