From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <guix-devel-bounces+larch=yhetil.org@gnu.org>
Received: from mp1.migadu.com ([2001:41d0:403:58f0::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms1.migadu.com with LMTPS
	id gIMHMRYeLGZoxwAA62LTzQ:P1
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Fri, 26 Apr 2024 23:35:18 +0200
Received: from aspmx1.migadu.com ([2001:41d0:403:58f0::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp1.migadu.com with LMTPS
	id gIMHMRYeLGZoxwAA62LTzQ
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Fri, 26 Apr 2024 23:35:18 +0200
X-Envelope-To: larch@yhetil.org
Authentication-Results: aspmx1.migadu.com;
	dkim=none;
	dmarc=none;
	spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org"
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1714167318;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=0lIB3LeVhTEJ98zkjkH1+v/FRRaoltYESqZWBT63VlA=;
	b=EXiCgyLNCnmDBMAUmQ4YUsSRSmIyzaEdqWkA5ttFs176u9BzFDIAUhLGNoEbBZADan6Wjo
	WQYbOyeu+rrzMvCEuy0KL0RWrsDPD0rAWzCsFOkPI17RwzfgLov8lzP0CcftX6jiKM3r9U
	bZnmu53wYdKZSm8dyqAC/u/zZ4IuuQ7gjveL6/KxlH5vfuh0Ex4ASbf1HrCktRMp08xBu/
	2jLZQBUQcBU5JZADFnjBchXQaO7au3Tto0+6cN77/BEdEWVUpFJEY5U1CAZaE4sP/n1x9p
	+G2Nb1Ct176LTwbco12F49/3X+Rv7doFnetZO1J2n7Dnk6t3x+XE+Gm8OFE9/w==
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1714167318; a=rsa-sha256; cv=none;
	b=LVP6lZ3dWg99QlW8d4M7IVdrPD6tznWoGrrX0SFilf0/0V5tGxxatVNVQRv8/fD/kYU0XW
	NHnilUsbLUlLnkRRcexn/b4sTtpEfW1SXAhVE7gv4yHhnNn7BnI+wBRiBGsIQbe2h9XFbk
	MX5SmwGWne7WbWX6bbbsOWWvD+RqZMvFzy6dIxfiVKPUiT6hGOJLlQMjTmU+s1/1RPixIQ
	NXXsFMRohAlLGZo1qgJ1px9rt/vvXrVIDrq10GWUdcCnOwjTTP5nmElPBA8fqVVkxlKrc7
	ToVaC9O/Vv9srSTiYaT64JHk1G02dTQKfY7OSMsGM2url78AMcdH+fzwyZLFxQ==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=none;
	dmarc=none;
	spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org"
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id AFFAF3948E
	for <larch@yhetil.org>; Fri, 26 Apr 2024 23:35:18 +0200 (CEST)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-devel-bounces@gnu.org>)
	id 1s0TDB-00054C-6Q; Fri, 26 Apr 2024 17:34:29 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <cdo@mutix.org>) id 1s0TD7-000523-1m
 for guix-devel@gnu.org; Fri, 26 Apr 2024 17:34:25 -0400
Received: from vmi993448.contaboserver.net ([194.163.141.236] helo=mutix.org)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <cdo@mutix.org>) id 1s0TD3-00030E-Uv
 for guix-devel@gnu.org; Fri, 26 Apr 2024 17:34:24 -0400
Received: from [86.132.246.87]
 (host81-152-149-149.range81-152.btcentralplus.com [81.152.149.149])
 (Authenticated sender: cdo)
 by mutix.org (Postfix) with ESMTPSA id 1D43BA63B06;
 Fri, 26 Apr 2024 23:34:18 +0200 (CEST)
From: Christina O'Donnell <cdo@mutix.org>
To: 40316@debbugs.gnu.org
Cc: guix-devel@gnu.org, steve@futurile.net, zhengjunjie@iscas.ac.cn,
 Christina O'Donnell <cdo@mutix.org>
Subject: [PATCH 3/6] gnu: nss: Make reproducible.
Date: Fri, 26 Apr 2024 22:33:59 +0100
Message-ID: <ba7d0083ae84b8ff3bd5e01a633cbe32226f8651.1714166213.git.cdo@mutix.org>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <cover.1714166213.git.cdo@mutix.org>
References: <cover.1714166213.git.cdo@mutix.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=194.163.141.236; envelope-from=cdo@mutix.org;
 helo=mutix.org
X-Spam_score_int: -18
X-Spam_score: -1.9
X-Spam_bar: -
X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_PASS=-0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: guix-devel@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Development of GNU Guix and the GNU System distribution."
 <guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org
Sender: guix-devel-bounces+larch=yhetil.org@gnu.org
X-Migadu-Flow: FLOW_IN
X-Migadu-Country: US
X-Migadu-Spam-Score: -1.89
X-Spam-Score: -1.89
X-Migadu-Queue-Id: AFFAF3948E
X-Migadu-Scanner: mx11.migadu.com
X-TUID: UIYuD576FMgD

gnu/packages/patches/nss-Disable-library-signing.patch: Disable library
signing to make the build reproducible.
gnu/packages/nss.scm (nss): Apply this new patch.

Change-Id: I7860bae219ecc4a79423a590c27a1097ae2e7874
---
 gnu/packages/nss.scm                          |  3 +-
 .../patches/nss-Disable-library-signing.patch | 67 +++++++++++++++++++
 2 files changed, 69 insertions(+), 1 deletion(-)
 create mode 100644 gnu/packages/patches/nss-Disable-library-signing.patch

diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm
index 0baafe2f373..b608a995577 100644
--- a/gnu/packages/nss.scm
+++ b/gnu/packages/nss.scm
@@ -124,7 +124,8 @@ (define-public nss
               ;; Create nss.pc and nss-config.
               (patches (search-patches "nss-3.56-pkgconfig.patch"
                                        "nss-getcwd-nonnull.patch"
-                                       "nss-increase-test-timeout.patch"))
+                                       "nss-increase-test-timeout.patch"
+                                       "nss-Disable-library-signing.patch"))
               (modules '((guix build utils)))
               (snippet
                '(begin
diff --git a/gnu/packages/patches/nss-Disable-library-signing.patch b/gnu/packages/patches/nss-Disable-library-signing.patch
new file mode 100644
index 00000000000..b488d29dcad
--- /dev/null
+++ b/gnu/packages/patches/nss-Disable-library-signing.patch
@@ -0,0 +1,67 @@
+From 4734b834755822f962af29e9395daa7338084e21 Mon Sep 17 00:00:00 2001
+Message-ID: <4734b834755822f962af29e9395daa7338084e21.1714059680.git.cdo@mutix.org>
+From: Christina O'Donnell <cdo@mutix.org>
+Date: Thu, 25 Apr 2024 16:35:50 +0100
+Subject: [PATCH] nss: Disable library signing.
+
+---
+ nss/cmd/shlibsign/Makefile | 32 +-------------------------------
+ 1 file changed, 1 insertion(+), 31 deletions(-)
+
+diff --git a/nss/cmd/shlibsign/Makefile b/nss/cmd/shlibsign/Makefile
+index a119205..7a85c1d 100644
+--- a/nss/cmd/shlibsign/Makefile
++++ b/nss/cmd/shlibsign/Makefile
+@@ -43,22 +43,9 @@ EXTRA_SHARED_LIBS += \
+ 
+ endif
+ 
+-
+-# sign any and all shared libraries that contain the word freebl
+-ifeq ($(NSS_BUILD_WITHOUT_SOFTOKEN),1)
++# Disable library signing as it's non-deterministic
+ CHECKLIBS =
+ CHECKLOC =
+-else
+-CHECKLIBS = $(DIST)/lib/$(DLL_PREFIX)softokn3.$(DLL_SUFFIX)
+-CHECKLIBS += $(wildcard $(DIST)/lib/$(DLL_PREFIX)freebl*3.$(DLL_SUFFIX))
+-ifndef NSS_DISABLE_DBM
+-CHECKLIBS += $(DIST)/lib/$(DLL_PREFIX)nssdbm3.$(DLL_SUFFIX)
+-endif
+-CHECKLOC = $(CHECKLIBS:.$(DLL_SUFFIX)=.chk)
+-
+-MD_LIB_RELEASE_FILES = $(CHECKLOC)
+-ALL_TRASH += $(CHECKLOC)
+-endif
+ 
+ #######################################################################
+ # (5) Execute "global" rules. (OPTIONAL)                              #
+@@ -78,23 +65,6 @@ include $(CORE_DEPTH)/coreconf/rules.mk
+ 
+ include ../platrules.mk
+ 
+-SRCDIR = $(call core_abspath,.)
+-
+-%.chk: %.$(DLL_SUFFIX) 
+-ifeq ($(OS_TARGET), OS2)
+-	cd $(OBJDIR) ; cmd.exe /c $(SRCDIR)/sign.cmd $(DIST) \
+-	$(call core_abspath,$(OBJDIR)) $(OS_TARGET) \
+-	$(call core_abspath,$(NSPR_LIB_DIR)) $(call core_abspath,$<)
+-else
+-    ifeq ($(CROSS_COMPILE),1)
+-	# do nothing
+-    else
+-	cd $(OBJDIR) ; sh $(SRCDIR)/sign.sh $(call core_abspath,$(DIST)) \
+-	$(call core_abspath,$(OBJDIR)) $(OS_TARGET) \
+-	$(call core_abspath,$(NSPR_LIB_DIR)) $(call core_abspath,$<)
+-    endif
+-endif
+-
+ libs: install
+ ifdef CHECKLOC
+ 	$(MAKE) $(CHECKLOC)
+
+base-commit: 2951778f8e8855bed24754a57ecc43f02a2843dd
+-- 
+2.41.0
+
-- 
2.41.0