nss not reproducible

  • Open
  • quality assurance status badge
Details
8 participants
  • Björn Höfling
  • Bone Baboon
  • Gábor Boskovits
  • Christina O'Donnell
  • Danny Milosavljevic
  • Marius Bakke
  • Steve George
  • Vagrant Cascadian
Owner
unassigned
Submitted by
Danny Milosavljevic
Severity
normal
Merged with
D
D
Danny Milosavljevic wrote on 29 Mar 2020 13:16
(address . bug-guix@gnu.org)
20200329131611.38448a58@scratchpost.org
Hi,

core-updates' nss is not reproducible (commit
aebcbb27bc2f192cc06163251bab66a4ceb7b7d6).

diffoscope says:

--- /gnu/store/gfpgqvwrixhf3sf1bnzsfxzvld0nd8b7-nss-3.50
+++ /gnu/store/gfpgqvwrixhf3sf1bnzsfxzvld0nd8b7-nss-3.50-check
??? lib
? ??? nss
? ? ??? libfreebl3.chk
? ? ?? xxd not available in path. Falling back to Python hexlify.
? ? ? @@ -11,19 +11,19 @@
? ? ? 5c80e3430a9e943586d458a1ca22b973460bfb3e33f1d5d3b426bf50d7f20933
? ? ? 6ec0311b6d077086ca57f70b4a63f06fc88aed5060f311c744f3ce4e50422d85
? ? ? 335457038ddc664d6183171c7b0d65bc8f2c1986fce29f5d67fcd4a5f823a11a
? ? ? a2e11115843201ee88f15530e9743c1a2b54452e39b977e132af2d97e021ecf5
? ? ? 58e1c72ee0713d29a4d6e25f859c0504464189033cfab2cffad567ccec68fc83
? ? ? d91f2e4e9a5e77a1ffe66f048bf96b47c649d2886e29a31baee04f728a28940c
? ? ? 1d8c99a26ff8ba9990c7e5b13c1034866a6a1f396358e15e9795454038456f02
? ? ? -b5866eae2f327ea13a342c1cd3ff4e2c381caa2e66be323e3c065f0000010029
? ? ? -713ef8afdc7c8efcff89e8c420bfdd8835e6d08bb934ce160fe927b99ac8f997
? ? ? -c043c16bfe67abbbd27a97b4aa4df753c33f5a093d9598413edfb4c6a0a68309
? ? ? -4f3a160aec8a5e8e383c108c802580e5f117f9b2be6d496f6eb6e85937258e53
? ? ? -f3f55ac49f7ffa955e91e054d1dd6b19f725506e2242fbb2f8acf81c9ff4278c
? ? ? -5c6ad6528d1a8505c6c83fd643660e3a31dddff7eb5f046f0df6d47ea455c82c
? ? ? -78ec32d8a1aaa29c9deed1053feae3029eacce8b9ff88777ff964757aeb1ccce
? ? ? -bd14d326b7fb0822bbc982250e51d4eaa73599ef8e4fd2298f076edf9a9be41e
? ? ? -94da645f57dc12af730b3661973390672cbcf767caf495e1f3656f06f0fae300
? ? ? -00004030361665e91e760d37d9117256e4f698d2b124115e83aafcc92c2751fa
? ? ? -f2b3384c22c76a207da12a4c4b72662e9ae53f356d6b6d98a066cd240cb06fed
? ? ? -337d6d
? ? ? +b5866eae2f327ea13a342c1cd3ff4e2c381caa2e66be323e3c065f00000100a3
? ? ? +35c76bfe38266728b573ef4fedcb22131ce275a8a484902b3ad994ca3a87a754
? ? ? +998b5c5807e4fa0e9b83a6677eca9140b8bbeeb4c36897473065b8305c4d1ddd
? ? ? +3f967b7041217df53ae6ec4211b031cc12df895a35efcde570dd2c7a610151c9
? ? ? +ef0acdf28a646db355ece183e2e71275c51b4331e61ca7948c7aa62d420e8b17
? ? ? +481f427197c78094832de5e3f21d27bf701e6fc524e5f700567969f91e8864c0
? ? ? +fae4da549d548ce8b134456e0720d083c8649bdb44ac6383d2e5a41bd2ec3b64
? ? ? +e9b6d281708447aefdd60be32f7d9093fef2579d6c122b48e449b2266bdc4678
? ? ? +9639fd997f0d8fe649b51a5f3097603b130bb5e8a811b5f3c121ed6d7bb58300
? ? ? +00004004c38a443627df69c2bc659e2e810b24b0e4dc042311fb9b2c99d18e7b
? ? ? +242fc7729f9e5facc1dc69ced89ea571bd69f95277894e9954c28c2f8ab77d62
? ? ? +e96c1d
? ? ??? libfreeblpriv3.chk
? ? ?? xxd not available in path. Falling back to Python hexlify.
? ? ? @@ -11,19 +11,19 @@
? ? ? 5c80e3430a9e943586d458a1ca22b973460bfb3e33f1d5d3b426bf50d7f20933
? ? ? 6ec0311b6d077086ca57f70b4a63f06fc88aed5060f311c744f3ce4e50422d85
? ? ? 335457038ddc664d6183171c7b0d65bc8f2c1986fce29f5d67fcd4a5f823a11a
? ? ? a2e11115843201ee88f15530e9743c1a2b54452e39b977e132af2d97e021ecf5
? ? ? 58e1c72ee0713d29a4d6e25f859c0504464189033cfab2cffad567ccec68fc83
? ? ? d91f2e4e9a5e77a1ffe66f048bf96b47c649d2886e29a31baee04f728a28940c
? ? ? 1d8c99a26ff8ba9990c7e5b13c1034866a6a1f396358e15e9795454038456f02
? ? ? -b5866eae2f327ea13a342c1cd3ff4e2c381caa2e66be323e3c065f00000100a3
? ? ? -298c351142cb4107acceb8e07a997cc63fade4c4dd6cc0d3f5dedad25fca66bc
? ? ? -d58fb35b3a1f8ce3c90c795a8066cb4312b2b11558daf3c388ee3865d1cbc75d
? ? ? -88832d044dd267885c36455be97ee5ff17ee95a9377170441267b604d6bea8d2
? ? ? -c7fbaebd2c39506220d5d2c4a34e6a848fc139bd38f95c7e48160d847c270a78
? ? ? -e88519f1a5f2f36c6d6d4c16d621b2e763e48d42818b1a3b76421a52c7c209b9
? ? ? -a70fe921ad9b80411150a5e4d800bd89fe4486361412b39a9b5c68abec6bb68d
? ? ? -8f7d1b823c9d455d0062d9b819b1d5173a493cdbea00dcfc98a52537bd373acb
? ? ? -cb046c7fe4246590c9875413f19dba8f63a2f05771d161513efeb2e663ebf400
? ? ? -000040299e7b6851b43d6f40d1704237831bbb5a1fd4e38c041f1b7222480338
? ? ? -c27b4e655f1846220c4950db84ce7da9b2c1b2c6530304a73c8caff757be8ba4
? ? ? -51d8ec
? ? ? +b5866eae2f327ea13a342c1cd3ff4e2c381caa2e66be323e3c065f0000010032
? ? ? +0bdce77a4aabe0b8a8b97469180a5882104d30c155dfc227f99b7add6aedda98
? ? ? +b9aee674e8a2f43377eea0e32f4382f8818a9cd39dfe0f2217b989ab695b1317
? ? ? +971ae000096efde5a3610306a7a60b3075204f77543509fb48d1605d0ae6d7cd
? ? ? +dd5b3576d2d09d9e4d5357ea21e7376e2fa69ba804a19161ab639219592efef5
? ? ? +ad5b8714ad21118b1fa53453b6e4222e267b0a692704de6bcd10895afeaf5f21
? ? ? +f721c406a796e092b344bc78abd953205e6d932c87fef89e80715a9eefbd6417
? ? ? +eef4e8c8630fe92927d81870c50f64aa15f2dbb965d9aa51a450d0c53607d60a
? ? ? +8c4ad1461e32c7dc78bf606eaacf38a88a2c47f496b3ba289e104e8d25a84400
? ? ? +0000408df400964ed23bd859d524136afbf355cce08ae540f65bbfe055e81950
? ? ? +6b84f52240c447ad47c53ee31e9fed82d08905f65adfedd54f5b91b6b9d6105b
? ? ? +f2f8f4
? ? ??? libnssdbm3.chk
? ? ?? xxd not available in path. Falling back to Python hexlify.
? ? ? @@ -11,19 +11,19 @@
? ? ? 5c80e3430a9e943586d458a1ca22b973460bfb3e33f1d5d3b426bf50d7f20933
? ? ? 6ec0311b6d077086ca57f70b4a63f06fc88aed5060f311c744f3ce4e50422d85
? ? ? 335457038ddc664d6183171c7b0d65bc8f2c1986fce29f5d67fcd4a5f823a11a
? ? ? a2e11115843201ee88f15530e9743c1a2b54452e39b977e132af2d97e021ecf5
? ? ? 58e1c72ee0713d29a4d6e25f859c0504464189033cfab2cffad567ccec68fc83
? ? ? d91f2e4e9a5e77a1ffe66f048bf96b47c649d2886e29a31baee04f728a28940c
? ? ? 1d8c99a26ff8ba9990c7e5b13c1034866a6a1f396358e15e9795454038456f02
? ? ? -b5866eae2f327ea13a342c1cd3ff4e2c381caa2e66be323e3c065f000001009d
? ? ? -76e916a4dfe80c81097e4cff0f945852d689772f01c87f11c2fab03f99f20417
? ? ? -d1458884f5255774a9028c848ce879369734f01f1e12ceb9cf63dc9eca1170b8
? ? ? -23e6678ab9f65f2dbeeae2c96fd90367e720124a2d11551127baf17e2a7b214d
? ? ? -f24bca9fbb5355d2479e7c06ec05fe138ad50c26a1876053143bf0ed18eae349
? ? ? -42b8b96ab9bdde2e234fbfe354d8b3698cd5ddadfdd1de6ab8d75c558a96bd8a
? ? ? -accb720a1207f4b25c9e1df0e0b60574d8f89d65e6698e1626e1d1a892c3c1d5
? ? ? -13ee0f6ee4e87e2b54d566283e99aaa6300e3131913c9549d4b1a6ad2869fd4c
? ? ? -d28567c75a32f0d132021b586ab8fb292994d065ec4b3875dabc993cb0e17800
? ? ? -00004070a60b59d01834af5e27dff70526b0beb20dfabb43a6ab25f766d1ec26
? ? ? -90ce003539dbf276a167ec78d7a998f69e99bf3c81fc7246572342aec6d214da
? ? ? -abcc97
? ? ? +b5866eae2f327ea13a342c1cd3ff4e2c381caa2e66be323e3c065f000001006b
? ? ? +6170f9835f65f0409f61d947626f5880691b5b1ec5f0d280b82d832d3d5d3957
? ? ? +1745597c3a2392c1271f8508a1c748bc4be5681bacfd11480a1855af07ae3cd4
? ? ? +4fbc4165f89174e7cba60ac7f7c0a17116cfa3fd8e0ed6c0c02696352b3f9d53
? ? ? +7fcbda8cb21b0a95f9e92d38dc8121ea2dac2eabd750ba7770c47d514282f45b
? ? ? +357ef3586d8930a05a6e26c9ea391351d16fa2ab10fb08e42406e7a0365c3258
? ? ? +00de8afadfb3086ca003e964ed1ab11b3410f4ccfede3e7b987ade295d4a0bc5
? ? ? +d505170822d4a01535a93de3a507a51c4180989530d22e50d725d775f7455e9a
? ? ? +9d5a851f2f976a6f312e924c27ac72a3599f9cf8878bbe01046a91cd04664c00
? ? ? +00004002c563080dfd3803f27fa9c896d0dd1b3c985bd53f0622cabea11746fa
? ? ? +ada72d7c05b819eb4dc9cda731e0006b637bd893555506c000dabb5c066d3f7e
? ? ? +3ea9d8
? ? ??? libsoftokn3.chk
? ? ?? xxd not available in path. Falling back to Python hexlify.
? ? ? @@ -11,19 +11,19 @@
? ? ? 5c80e3430a9e943586d458a1ca22b973460bfb3e33f1d5d3b426bf50d7f20933
? ? ? 6ec0311b6d077086ca57f70b4a63f06fc88aed5060f311c744f3ce4e50422d85
? ? ? 335457038ddc664d6183171c7b0d65bc8f2c1986fce29f5d67fcd4a5f823a11a
? ? ? a2e11115843201ee88f15530e9743c1a2b54452e39b977e132af2d97e021ecf5
? ? ? 58e1c72ee0713d29a4d6e25f859c0504464189033cfab2cffad567ccec68fc83
? ? ? d91f2e4e9a5e77a1ffe66f048bf96b47c649d2886e29a31baee04f728a28940c
? ? ? 1d8c99a26ff8ba9990c7e5b13c1034866a6a1f396358e15e9795454038456f02
? ? ? -b5866eae2f327ea13a342c1cd3ff4e2c381caa2e66be323e3c065f0000010030
? ? ? -045311203f4d6c1624ea5336dc9a5470a2baa285ca7294bf2162c479bc0913d4
? ? ? -f8f326ef62ca8b31781b61e9ad3057d3c4cdd90c882dceb252149d7578cceab4
? ? ? -4ce0bb338d395901afafbe3c570493a7add01e625de9a0a90c4e85c52ce67630
? ? ? -3b1cc388c65d76d87c5bd31d2db8fbe17db05186c3a4bc2032614af6d950e8c7
? ? ? -91da637dc8a7c2897071c92910e47b529566eddafc918e1c05f39aedea9e712f
? ? ? -98be2b6b87685411a5d8be0cd4d0c5e680ade81a3b9ee09d7aa6489775e3465b
? ? ? -0dd470a8bd99a84df719cbf935d46a08f9045c58ccb2861dd35e76d085caed0a
? ? ? -9ecc3cffe9bec61966d09e633bf7ac9870d02e03f8d4a2911da1b6e02cf6ab00
? ? ? -0000408a5c4418abe2196ccf3ad0ce5d4df8edfa598befb414c4c622e92b2a70
? ? ? -c94c5646c44609ba518ecdeef2eaa2745144a5048e2c4a92415fee1e3fe2c479
? ? ? -1fe98a
? ? ? +b5866eae2f327ea13a342c1cd3ff4e2c381caa2e66be323e3c065f0000010042
? ? ? +3475f0c8a0fbfcbf67cdac446df60765ccc7b02fb6c5079e14c9d2c1da2d7ae5
? ? ? +8f274ecfcf9d135c05a7405008e8f8c7f5ac86c274aabe5fdc33e014b622a5f4
? ? ? +0c8525071b0d5ee7614464deffee9320a965701df92070ff15fe786c1e8c41b3
? ? ? +b4298574d9c0b9d8e1fe896a12973e579372d75fe8f3262254a80b622e6543bb
? ? ? +16be7160f9a89b934cd7133aa87fa5e03bcf981806cbb0bccf01af77008fd424
? ? ? +cf6190e09910d4aaa812092fa64766d1bce0a9cf77f3470f5f0aa37715014cc6
? ? ? +661c5f55253063713dac706cabab09005b9f1e2889f03e5b860f7eacbce21744
? ? ? +fd33e21a0ca62878a7863e27667f0f7eb440bdfff02b9838d75d3fda4dac2400
? ? ? +000040180f14354ae8e6d4d243e4fef0819e75346888290dd80849a7494dd220
? ? ? +db71d615c82b2dbdee722fb914aff6875ffd66be934a102f0f684535169c9940
? ? ? +c0733d
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEds7GsXJ0tGXALbPZ5xo1VCwwuqUFAl6Ag3sACgkQ5xo1VCww
uqUcOQf9FRk0qJnm4CkVu0X3dfZk+MXcqa3Cki13j3PjZ3feJpJT5ypO1EB5V15H
CbSQMLRNn3XJoR/O+cmWor1fyUvwEn9FmwNVQymMEATkKoxGz4VoOREOHeu7XTf8
IkjnSrJW03pmNoMkoFv5awv8CTQ/f7VvWVBunI+scruI0AG9OzAVd3jiYsjuLfeH
a7DcBHS0eCqgrFRkAaYxXjKOVmbFhIFOQv1vreAcHupH7N1G2nVWiPkH/WJjUAnh
Jzl+0C8z+uS/GmdkkZ08wj/U8SR8l+0ME1hushNtF8B2xTnc+5z01UlfxXkf8Mzg
XTC3lG9ByG0vFMB0pyld9Gbv3s9kCA==
=WADR
-----END PGP SIGNATURE-----


G
G
Gábor Boskovits wrote on 30 Mar 2020 08:09
(name . Danny Milosavljevic)(address . dannym@scratchpost.org)(address . 40316@debbugs.gnu.org)
CAE4v=pj6kWsqUkQRJzf8wFdFpiTCnGZySgqE3RyQk0pp-PbcUA@mail.gmail.com
Hello Danny,

Danny Milosavljevic <dannym@scratchpost.org> ezt írta (id?pont: 2020.
márc. 30., H, 4:38):
Toggle quote (149 lines)
>
> Hi,
>
> core-updates' nss is not reproducible (commit
> aebcbb27bc2f192cc06163251bab66a4ceb7b7d6).
>
> diffoscope says:
>
> --- /gnu/store/gfpgqvwrixhf3sf1bnzsfxzvld0nd8b7-nss-3.50
> +++ /gnu/store/gfpgqvwrixhf3sf1bnzsfxzvld0nd8b7-nss-3.50-check
> ??? lib
> ? ??? nss
> ? ? ??? libfreebl3.chk
> ? ? ?? xxd not available in path. Falling back to Python hexlify.
> ? ? ? @@ -11,19 +11,19 @@
> ? ? ? 5c80e3430a9e943586d458a1ca22b973460bfb3e33f1d5d3b426bf50d7f20933
> ? ? ? 6ec0311b6d077086ca57f70b4a63f06fc88aed5060f311c744f3ce4e50422d85
> ? ? ? 335457038ddc664d6183171c7b0d65bc8f2c1986fce29f5d67fcd4a5f823a11a
> ? ? ? a2e11115843201ee88f15530e9743c1a2b54452e39b977e132af2d97e021ecf5
> ? ? ? 58e1c72ee0713d29a4d6e25f859c0504464189033cfab2cffad567ccec68fc83
> ? ? ? d91f2e4e9a5e77a1ffe66f048bf96b47c649d2886e29a31baee04f728a28940c
> ? ? ? 1d8c99a26ff8ba9990c7e5b13c1034866a6a1f396358e15e9795454038456f02
> ? ? ? -b5866eae2f327ea13a342c1cd3ff4e2c381caa2e66be323e3c065f0000010029
> ? ? ? -713ef8afdc7c8efcff89e8c420bfdd8835e6d08bb934ce160fe927b99ac8f997
> ? ? ? -c043c16bfe67abbbd27a97b4aa4df753c33f5a093d9598413edfb4c6a0a68309
> ? ? ? -4f3a160aec8a5e8e383c108c802580e5f117f9b2be6d496f6eb6e85937258e53
> ? ? ? -f3f55ac49f7ffa955e91e054d1dd6b19f725506e2242fbb2f8acf81c9ff4278c
> ? ? ? -5c6ad6528d1a8505c6c83fd643660e3a31dddff7eb5f046f0df6d47ea455c82c
> ? ? ? -78ec32d8a1aaa29c9deed1053feae3029eacce8b9ff88777ff964757aeb1ccce
> ? ? ? -bd14d326b7fb0822bbc982250e51d4eaa73599ef8e4fd2298f076edf9a9be41e
> ? ? ? -94da645f57dc12af730b3661973390672cbcf767caf495e1f3656f06f0fae300
> ? ? ? -00004030361665e91e760d37d9117256e4f698d2b124115e83aafcc92c2751fa
> ? ? ? -f2b3384c22c76a207da12a4c4b72662e9ae53f356d6b6d98a066cd240cb06fed
> ? ? ? -337d6d
> ? ? ? +b5866eae2f327ea13a342c1cd3ff4e2c381caa2e66be323e3c065f00000100a3
> ? ? ? +35c76bfe38266728b573ef4fedcb22131ce275a8a484902b3ad994ca3a87a754
> ? ? ? +998b5c5807e4fa0e9b83a6677eca9140b8bbeeb4c36897473065b8305c4d1ddd
> ? ? ? +3f967b7041217df53ae6ec4211b031cc12df895a35efcde570dd2c7a610151c9
> ? ? ? +ef0acdf28a646db355ece183e2e71275c51b4331e61ca7948c7aa62d420e8b17
> ? ? ? +481f427197c78094832de5e3f21d27bf701e6fc524e5f700567969f91e8864c0
> ? ? ? +fae4da549d548ce8b134456e0720d083c8649bdb44ac6383d2e5a41bd2ec3b64
> ? ? ? +e9b6d281708447aefdd60be32f7d9093fef2579d6c122b48e449b2266bdc4678
> ? ? ? +9639fd997f0d8fe649b51a5f3097603b130bb5e8a811b5f3c121ed6d7bb58300
> ? ? ? +00004004c38a443627df69c2bc659e2e810b24b0e4dc042311fb9b2c99d18e7b
> ? ? ? +242fc7729f9e5facc1dc69ced89ea571bd69f95277894e9954c28c2f8ab77d62
> ? ? ? +e96c1d
> ? ? ??? libfreeblpriv3.chk
> ? ? ?? xxd not available in path. Falling back to Python hexlify.
> ? ? ? @@ -11,19 +11,19 @@
> ? ? ? 5c80e3430a9e943586d458a1ca22b973460bfb3e33f1d5d3b426bf50d7f20933
> ? ? ? 6ec0311b6d077086ca57f70b4a63f06fc88aed5060f311c744f3ce4e50422d85
> ? ? ? 335457038ddc664d6183171c7b0d65bc8f2c1986fce29f5d67fcd4a5f823a11a
> ? ? ? a2e11115843201ee88f15530e9743c1a2b54452e39b977e132af2d97e021ecf5
> ? ? ? 58e1c72ee0713d29a4d6e25f859c0504464189033cfab2cffad567ccec68fc83
> ? ? ? d91f2e4e9a5e77a1ffe66f048bf96b47c649d2886e29a31baee04f728a28940c
> ? ? ? 1d8c99a26ff8ba9990c7e5b13c1034866a6a1f396358e15e9795454038456f02
> ? ? ? -b5866eae2f327ea13a342c1cd3ff4e2c381caa2e66be323e3c065f00000100a3
> ? ? ? -298c351142cb4107acceb8e07a997cc63fade4c4dd6cc0d3f5dedad25fca66bc
> ? ? ? -d58fb35b3a1f8ce3c90c795a8066cb4312b2b11558daf3c388ee3865d1cbc75d
> ? ? ? -88832d044dd267885c36455be97ee5ff17ee95a9377170441267b604d6bea8d2
> ? ? ? -c7fbaebd2c39506220d5d2c4a34e6a848fc139bd38f95c7e48160d847c270a78
> ? ? ? -e88519f1a5f2f36c6d6d4c16d621b2e763e48d42818b1a3b76421a52c7c209b9
> ? ? ? -a70fe921ad9b80411150a5e4d800bd89fe4486361412b39a9b5c68abec6bb68d
> ? ? ? -8f7d1b823c9d455d0062d9b819b1d5173a493cdbea00dcfc98a52537bd373acb
> ? ? ? -cb046c7fe4246590c9875413f19dba8f63a2f05771d161513efeb2e663ebf400
> ? ? ? -000040299e7b6851b43d6f40d1704237831bbb5a1fd4e38c041f1b7222480338
> ? ? ? -c27b4e655f1846220c4950db84ce7da9b2c1b2c6530304a73c8caff757be8ba4
> ? ? ? -51d8ec
> ? ? ? +b5866eae2f327ea13a342c1cd3ff4e2c381caa2e66be323e3c065f0000010032
> ? ? ? +0bdce77a4aabe0b8a8b97469180a5882104d30c155dfc227f99b7add6aedda98
> ? ? ? +b9aee674e8a2f43377eea0e32f4382f8818a9cd39dfe0f2217b989ab695b1317
> ? ? ? +971ae000096efde5a3610306a7a60b3075204f77543509fb48d1605d0ae6d7cd
> ? ? ? +dd5b3576d2d09d9e4d5357ea21e7376e2fa69ba804a19161ab639219592efef5
> ? ? ? +ad5b8714ad21118b1fa53453b6e4222e267b0a692704de6bcd10895afeaf5f21
> ? ? ? +f721c406a796e092b344bc78abd953205e6d932c87fef89e80715a9eefbd6417
> ? ? ? +eef4e8c8630fe92927d81870c50f64aa15f2dbb965d9aa51a450d0c53607d60a
> ? ? ? +8c4ad1461e32c7dc78bf606eaacf38a88a2c47f496b3ba289e104e8d25a84400
> ? ? ? +0000408df400964ed23bd859d524136afbf355cce08ae540f65bbfe055e81950
> ? ? ? +6b84f52240c447ad47c53ee31e9fed82d08905f65adfedd54f5b91b6b9d6105b
> ? ? ? +f2f8f4
> ? ? ??? libnssdbm3.chk
> ? ? ?? xxd not available in path. Falling back to Python hexlify.
> ? ? ? @@ -11,19 +11,19 @@
> ? ? ? 5c80e3430a9e943586d458a1ca22b973460bfb3e33f1d5d3b426bf50d7f20933
> ? ? ? 6ec0311b6d077086ca57f70b4a63f06fc88aed5060f311c744f3ce4e50422d85
> ? ? ? 335457038ddc664d6183171c7b0d65bc8f2c1986fce29f5d67fcd4a5f823a11a
> ? ? ? a2e11115843201ee88f15530e9743c1a2b54452e39b977e132af2d97e021ecf5
> ? ? ? 58e1c72ee0713d29a4d6e25f859c0504464189033cfab2cffad567ccec68fc83
> ? ? ? d91f2e4e9a5e77a1ffe66f048bf96b47c649d2886e29a31baee04f728a28940c
> ? ? ? 1d8c99a26ff8ba9990c7e5b13c1034866a6a1f396358e15e9795454038456f02
> ? ? ? -b5866eae2f327ea13a342c1cd3ff4e2c381caa2e66be323e3c065f000001009d
> ? ? ? -76e916a4dfe80c81097e4cff0f945852d689772f01c87f11c2fab03f99f20417
> ? ? ? -d1458884f5255774a9028c848ce879369734f01f1e12ceb9cf63dc9eca1170b8
> ? ? ? -23e6678ab9f65f2dbeeae2c96fd90367e720124a2d11551127baf17e2a7b214d
> ? ? ? -f24bca9fbb5355d2479e7c06ec05fe138ad50c26a1876053143bf0ed18eae349
> ? ? ? -42b8b96ab9bdde2e234fbfe354d8b3698cd5ddadfdd1de6ab8d75c558a96bd8a
> ? ? ? -accb720a1207f4b25c9e1df0e0b60574d8f89d65e6698e1626e1d1a892c3c1d5
> ? ? ? -13ee0f6ee4e87e2b54d566283e99aaa6300e3131913c9549d4b1a6ad2869fd4c
> ? ? ? -d28567c75a32f0d132021b586ab8fb292994d065ec4b3875dabc993cb0e17800
> ? ? ? -00004070a60b59d01834af5e27dff70526b0beb20dfabb43a6ab25f766d1ec26
> ? ? ? -90ce003539dbf276a167ec78d7a998f69e99bf3c81fc7246572342aec6d214da
> ? ? ? -abcc97
> ? ? ? +b5866eae2f327ea13a342c1cd3ff4e2c381caa2e66be323e3c065f000001006b
> ? ? ? +6170f9835f65f0409f61d947626f5880691b5b1ec5f0d280b82d832d3d5d3957
> ? ? ? +1745597c3a2392c1271f8508a1c748bc4be5681bacfd11480a1855af07ae3cd4
> ? ? ? +4fbc4165f89174e7cba60ac7f7c0a17116cfa3fd8e0ed6c0c02696352b3f9d53
> ? ? ? +7fcbda8cb21b0a95f9e92d38dc8121ea2dac2eabd750ba7770c47d514282f45b
> ? ? ? +357ef3586d8930a05a6e26c9ea391351d16fa2ab10fb08e42406e7a0365c3258
> ? ? ? +00de8afadfb3086ca003e964ed1ab11b3410f4ccfede3e7b987ade295d4a0bc5
> ? ? ? +d505170822d4a01535a93de3a507a51c4180989530d22e50d725d775f7455e9a
> ? ? ? +9d5a851f2f976a6f312e924c27ac72a3599f9cf8878bbe01046a91cd04664c00
> ? ? ? +00004002c563080dfd3803f27fa9c896d0dd1b3c985bd53f0622cabea11746fa
> ? ? ? +ada72d7c05b819eb4dc9cda731e0006b637bd893555506c000dabb5c066d3f7e
> ? ? ? +3ea9d8
> ? ? ??? libsoftokn3.chk
> ? ? ?? xxd not available in path. Falling back to Python hexlify.
> ? ? ? @@ -11,19 +11,19 @@
> ? ? ? 5c80e3430a9e943586d458a1ca22b973460bfb3e33f1d5d3b426bf50d7f20933
> ? ? ? 6ec0311b6d077086ca57f70b4a63f06fc88aed5060f311c744f3ce4e50422d85
> ? ? ? 335457038ddc664d6183171c7b0d65bc8f2c1986fce29f5d67fcd4a5f823a11a
> ? ? ? a2e11115843201ee88f15530e9743c1a2b54452e39b977e132af2d97e021ecf5
> ? ? ? 58e1c72ee0713d29a4d6e25f859c0504464189033cfab2cffad567ccec68fc83
> ? ? ? d91f2e4e9a5e77a1ffe66f048bf96b47c649d2886e29a31baee04f728a28940c
> ? ? ? 1d8c99a26ff8ba9990c7e5b13c1034866a6a1f396358e15e9795454038456f02
> ? ? ? -b5866eae2f327ea13a342c1cd3ff4e2c381caa2e66be323e3c065f0000010030
> ? ? ? -045311203f4d6c1624ea5336dc9a5470a2baa285ca7294bf2162c479bc0913d4
> ? ? ? -f8f326ef62ca8b31781b61e9ad3057d3c4cdd90c882dceb252149d7578cceab4
> ? ? ? -4ce0bb338d395901afafbe3c570493a7add01e625de9a0a90c4e85c52ce67630
> ? ? ? -3b1cc388c65d76d87c5bd31d2db8fbe17db05186c3a4bc2032614af6d950e8c7
> ? ? ? -91da637dc8a7c2897071c92910e47b529566eddafc918e1c05f39aedea9e712f
> ? ? ? -98be2b6b87685411a5d8be0cd4d0c5e680ade81a3b9ee09d7aa6489775e3465b
> ? ? ? -0dd470a8bd99a84df719cbf935d46a08f9045c58ccb2861dd35e76d085caed0a
> ? ? ? -9ecc3cffe9bec61966d09e633bf7ac9870d02e03f8d4a2911da1b6e02cf6ab00
> ? ? ? -0000408a5c4418abe2196ccf3ad0ce5d4df8edfa598befb414c4c622e92b2a70
> ? ? ? -c94c5646c44609ba518ecdeef2eaa2745144a5048e2c4a92415fee1e3fe2c479
> ? ? ? -1fe98a
> ? ? ? +b5866eae2f327ea13a342c1cd3ff4e2c381caa2e66be323e3c065f0000010042
> ? ? ? +3475f0c8a0fbfcbf67cdac446df60765ccc7b02fb6c5079e14c9d2c1da2d7ae5
> ? ? ? +8f274ecfcf9d135c05a7405008e8f8c7f5ac86c274aabe5fdc33e014b622a5f4
> ? ? ? +0c8525071b0d5ee7614464deffee9320a965701df92070ff15fe786c1e8c41b3
> ? ? ? +b4298574d9c0b9d8e1fe896a12973e579372d75fe8f3262254a80b622e6543bb
> ? ? ? +16be7160f9a89b934cd7133aa87fa5e03bcf981806cbb0bccf01af77008fd424
> ? ? ? +cf6190e09910d4aaa812092fa64766d1bce0a9cf77f3470f5f0aa37715014cc6
> ? ? ? +661c5f55253063713dac706cabab09005b9f1e2889f03e5b860f7eacbce21744
> ? ? ? +fd33e21a0ca62878a7863e27667f0f7eb440bdfff02b9838d75d3fda4dac2400
> ? ? ? +000040180f14354ae8e6d4d243e4fef0819e75346888290dd80849a7494dd220
> ? ? ? +db71d615c82b2dbdee722fb914aff6875ffd66be934a102f0f684535169c9940
> ? ? ? +c0733d

Do you have any idea what these might be?
Are these text files, but not recoginzed by diffoscope, or are they
really binary?
Also, IIRC we had problems earlier with this package, as some keys
were generated.
Might this be somehow related?

Best regards,
g_bor
--
OpenPGP Key Fingerprint: 7988:3B9F:7D6A:4DBF:3719:0367:2506:A96C:CF63:0B21
M
M
Marius Bakke wrote on 30 Mar 2020 13:55
87pncuukf6.fsf@devup.no
Danny Milosavljevic <dannym@scratchpost.org> writes:

Toggle quote (5 lines)
> Hi,
>
> core-updates' nss is not reproducible (commit
> aebcbb27bc2f192cc06163251bab66a4ceb7b7d6).

Is this issue only present on the 'core-updates' branch? There haven't
been any changes to NSS on that branch compared to 'master' AFAIK.
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAl6B3h0ACgkQoqBt8qM6
VPo8Bwf+M6nzNw0dug8dMEb5YzlB3/AdPpztjt76g1RUUFyyw0lxMeqkSuWXqXlg
3wq43RZWUKGtHbHSlD1wL7rvdR8aSiLbHjMJ0l+/Xt1j31izFuhrphJmaOWsfS90
ta1nfgJkLFbll6X/63NFmOC/HEsoW6ofx/V5gOb+FcvQAgajlkH1p4FaaC4Uq3YJ
xUTKwMt+/4/KTInOBOaGJ1/UEL6aknMfRL8Lqbrv2QMrN9XZ2Kmo/goqKLcz8HR4
6qpRaslY2vmguLFfgTWagHreOQ4Tf++2ZUsszVnvotuKQ8Tz1qYbX1uTNogZ9TVt
xUzAnBdgBAbxH81faOr56RM8R6nVsw==
=VX/z
-----END PGP SIGNATURE-----

B
B
Björn Höfling wrote on 31 Mar 2020 11:21
merge nss bugs
(address . request@debbugs.gnu.org)
20200331112158.663ecc89@alma-ubu
merge 40316 33507 30108
-----BEGIN PGP SIGNATURE-----

iF0EARECAB0WIQQiGUP0np8nb5SZM4K/KGy2WT5f/QUCXoMLtgAKCRC/KGy2WT5f
/eHuAJ9Ee/3Cy/8A+tNax7JvGuFmMS+XCQCePXVaJktqzKzbL1JO+o95PPoSKso=
=EwHg
-----END PGP SIGNATURE-----


B
B
Björn Höfling wrote on 31 Mar 2020 11:28
Re: bug#40316: core-updates nss not reproducible
(name . Marius Bakke)(address . mbakke@fastmail.com)
20200331112841.37c909bf@alma-ubu
On Mon, 30 Mar 2020 13:55:09 +0200
Marius Bakke <mbakke@fastmail.com> wrote:

Toggle quote (11 lines)
> Danny Milosavljevic <dannym@scratchpost.org> writes:
>
> > Hi,
> >
> > core-updates' nss is not reproducible (commit
> > aebcbb27bc2f192cc06163251bab66a4ceb7b7d6).
>
> Is this issue only present on the 'core-updates' branch? There
> haven't been any changes to NSS on that branch compared to 'master'
> AFAIK.

I haven't tried it on 'master', but I think it is branch-independent,
people are only testing it on core-updates. This bug is over 2 years
old with different versions of nss affected and the same three files
not reproducible. And we had past core-updates mergers.

I found and merged these reports:
bug#30108: [core-updates] nss 3.34.1 not reproducible
bug#33507: nss 3.39 output is not deterministic
bug#40316: core-updates nss not reproducible

Björn
-----BEGIN PGP SIGNATURE-----

iF0EARECAB0WIQQiGUP0np8nb5SZM4K/KGy2WT5f/QUCXoMNSQAKCRC/KGy2WT5f
/fpZAJ9iM9L7JtHZ/L+eixYEH8O9QLtOOQCgjqbh1dWZTZ35WpCkysuGaVT98c4=
=/7tG
-----END PGP SIGNATURE-----


B
B
Bone Baboon wrote on 18 May 2021 03:04
Re: core-updates nss not reproducible
(address . 40316@debbugs.gnu.org)
87a6osdf97.fsf@disroot.org
I am also getting the same four files that are not reproducible for nss
on the master branch.

As nss is also not reproducible on master maybe the title of this bug
should be changed to "nss not reproducible".

`guix describe` outputs:

```
Generation 24 May 12 2021 18:06:24 (current)
guix d6aeebb
branch: master
commit: d6aeebb23639258311fdfb9dbf5f903079fde51a
```

`guix challenge /gnu/store/vs3dxnrkbf58s85p49phxp5xambafp2m-nss-3.59`
outputs:

```
/gnu/store/vs3dxnrkbf58s85p49phxp5xambafp2m-nss-3.59 contents differ:
local hash: 0pqq1v88yjj80sll4j4ahfh52zzqhvkjv3vgkhmnnikvl6vd5sck
https://ci.guix.gnu.org/nar/lzip/vs3dxnrkbf58s85p49phxp5xambafp2m-nss-3.59:1smx41irpiy9kly3zvr0d61x7hwm0haggvyii34byzfypca1xn2f
differing files:
/lib/nss/libfreebl3.chk
/lib/nss/libsoftokn3.chk
/lib/nss/libfreeblpriv3.chk
/lib/nss/libnssdbm3.chk

1 store items were analyzed:
- 0 (0.0%) were identical
- 1 (100.0%) differed
- 0 (0.0%) were inconclusive
```

`guix challenge --diff=diffoscope
/gnu/store/vs3dxnrkbf58s85p49phxp5xambafp2m-nss-3.59` outputs:

```
/gnu/store/vs3dxnrkbf58s85p49phxp5xambafp2m-nss-3.59 contents differ:
local hash: 0pqq1v88yjj80sll4j4ahfh52zzqhvkjv3vgkhmnnikvl6vd5sck
https://ci.guix.gnu.org/nar/lzip/vs3dxnrkbf58s85p49phxp5xambafp2m-nss-3.59:1smx41irpiy9kly3zvr0d61x7hwm0haggvyii34byzfypca1xn2f
--- /tmp/guix-directory.jSGCMh
+++ /gnu/store/vs3dxnrkbf58s85p49phxp5xambafp2m-nss-3.59
? --- /tmp/guix-directory.jSGCMh/lib
??? +++ /gnu/store/vs3dxnrkbf58s85p49phxp5xambafp2m-nss-3.59/lib
? ? --- /tmp/guix-directory.jSGCMh/lib/nss
? ??? +++ /gnu/store/vs3dxnrkbf58s85p49phxp5xambafp2m-nss-3.59/lib/nss
? ? ? --- /tmp/guix-directory.jSGCMh/lib/nss/libfreebl3.chk
? ? ??? +++ /gnu/store/vs3dxnrkbf58s85p49phxp5xambafp2m-nss-3.59/lib/nss/libfreebl3.chk
? ? ?? xxd not available in path. Falling back to Python hexlify.
? ? ? @@ -11,19 +11,19 @@
? ? ? 5c80e3430a9e943586d458a1ca22b973460bfb3e33f1d5d3b426bf50d7f20933
? ? ? 6ec0311b6d077086ca57f70b4a63f06fc88aed5060f311c744f3ce4e50422d85
? ? ? 335457038ddc664d6183171c7b0d65bc8f2c1986fce29f5d67fcd4a5f823a11a
? ? ? a2e11115843201ee88f15530e9743c1a2b54452e39b977e132af2d97e021ecf5
? ? ? 58e1c72ee0713d29a4d6e25f859c0504464189033cfab2cffad567ccec68fc83
? ? ? d91f2e4e9a5e77a1ffe66f048bf96b47c649d2886e29a31baee04f728a28940c
? ? ? 1d8c99a26ff8ba9990c7e5b13c1034866a6a1f396358e15e9795454038456f02
? ? ? -b5866eae2f327ea13a342c1cd3ff4e2c381caa2e66be323e3c065f0000010062
? ? ? -d97f1f01f03e65f037c7fee3230c59c36d170cc30f23372fbc6eb28d9ec87008
? ? ? -f07660714bb43d98a06734a1658ce721feab8b0ece03ee54cb45dbaee9cff57f
? ? ? -9d9c0fac4a2d67f4f314423973a42819a9eceba758344ef4b304f1737ebe23a4
? ? ? -e13aba8e9f88bec5c067d61a16a3dcb347789575f4cfa8629880f734ec3db9cc
? ? ? -d963cee322fa2eba5172715eb19686e185ff13dfcf23eb7ed9338230f90b4b57
? ? ? -8f7f3c3fb8e0e968d4625646f5fb0897c3e2400e5a5596f01f841f7e4946d406
? ? ? -977e6adbce9113d027a38cd34942cf3158422b590c27b2731fd506c2326a2dbb
? ? ? -1a363a864475bd8464282544cf46fe60e94d705cda2d34257c9e3cadc378fe00
? ? ? -00004025839bed8e61fecf86f99135e9912ab62b5497dc33bdf2bbda445cf237
? ? ? -bfd47c8b826ec02b6cac983765bedd1ae17a57827f6fe0af965a2538a2776388
? ? ? -c14b6c
? ? ? +b5866eae2f327ea13a342c1cd3ff4e2c381caa2e66be323e3c065f0000010087
? ? ? +37f4789b39e4bcbe32600d9a952265b9a8623a91658d6c5b5c7e8d42741219f2
? ? ? +1f4d9e54994ffa87cc533d63273f7b7d24b63cc0415b62cd419656c63f5acf46
? ? ? +688991664fc00c10740ab0cabbcdb639a9408b76c4cbf27827257fdd3aeaa526
? ? ? +bb9425a9a8c55bb4d4a54e2d389de9561a61af754170bf640b8e23bc9c4c7945
? ? ? +8cfdafc309c7737aa53d0fb451cc7476f73b04b4b5c6cfaeabc332d0478c8c5d
? ? ? +bdde681ef55b30b669a106440c4676f5bf3454617d1707e710c0e426ee823ee1
? ? ? +f1892576f4f4795e6e4fc040b9aab73d65ef132087fdaaba64fa8795a9eef4b6
? ? ? +24700af69d0be0c2f86c1fbfc8a90cc0f50c0a90232cd3ce9f5987cf442d4b00
? ? ? +0000405a720066a9593276d13e8b322c50381a926302d79ae6f571c5fcbbbefa
? ? ? +71a9d259b7efa16aca52365e60baf1aef8904d28f9332d71b3fb3e8ecb30bcfb
? ? ? +19053e
? ? ? --- /tmp/guix-directory.jSGCMh/lib/nss/libfreeblpriv3.chk
? ? ??? +++ /gnu/store/vs3dxnrkbf58s85p49phxp5xambafp2m-nss-3.59/lib/nss/libfreeblpriv3.chk
? ? ?? xxd not available in path. Falling back to Python hexlify.
? ? ? @@ -11,19 +11,19 @@
? ? ? 5c80e3430a9e943586d458a1ca22b973460bfb3e33f1d5d3b426bf50d7f20933
? ? ? 6ec0311b6d077086ca57f70b4a63f06fc88aed5060f311c744f3ce4e50422d85
? ? ? 335457038ddc664d6183171c7b0d65bc8f2c1986fce29f5d67fcd4a5f823a11a
? ? ? a2e11115843201ee88f15530e9743c1a2b54452e39b977e132af2d97e021ecf5
? ? ? 58e1c72ee0713d29a4d6e25f859c0504464189033cfab2cffad567ccec68fc83
? ? ? d91f2e4e9a5e77a1ffe66f048bf96b47c649d2886e29a31baee04f728a28940c
? ? ? 1d8c99a26ff8ba9990c7e5b13c1034866a6a1f396358e15e9795454038456f02
? ? ? -b5866eae2f327ea13a342c1cd3ff4e2c381caa2e66be323e3c065f000001009a
? ? ? -19ffb743e104ab34cda81d282b09c74ca73dab5baf4e5951814556e25fa92f09
? ? ? -fbb06af5f80893a2c4fb0295ef23c2e8302fc238fda3f3d582c9d3e8c062ae8a
? ? ? -e18dc7a48a1d9e97fc4d21e11abaeb7c98495f478affc6866742c48090d44b09
? ? ? -a5832f4648b1d165de42e279df2d1512bfe47dffffb65f0c543a6c92cfe8beed
? ? ? -3fa84456e6eef833bd675d04846d630eed817bfd153377745d5c6244e2f913ef
? ? ? -17a2b360bebd6f9a0fcbb24ed86e2d59ae5f28df2632518390d7e2f75a2da2fe
? ? ? -2bebf06b7d095a60282a93c38da54ae19625630aac1c4755339a047213ed98e9
? ? ? -91ad52e2723789c34498a0d0eb78055949383ab3a583363c653c5ef89a0c0200
? ? ? -000040862ab0814d947cfb3bf2cf74720e14c633e910a7d3d4d7a81364505701
? ? ? -c3c2c785f6f3804f8aa0de63449bc436f1eb9a4ce187392103de463caec69431
? ? ? -bffb74
? ? ? +b5866eae2f327ea13a342c1cd3ff4e2c381caa2e66be323e3c065f0000010038
? ? ? +5f7f605095448c566ae24ab5677dd5ff8519a2564d09c3550608f860b12d8e84
? ? ? +a4e5b87752d9bc32caba6bd53d181776624e22a217d9c7567a4556bcb316a13e
? ? ? +1ecf3d2aa360477073f1fa1d376704668122ec75d1d6177cd0368610d4c1c098
? ? ? +1ca41b0fdd1a188bf4940a5b0773e9c7178cd4141032d9f3bca8f77c480884f6
? ? ? +7a30ba559fcf7547abf80840bb0b42e7c3bb47bf3f064e20c827ce0b0ce48c8f
? ? ? +f7ecb9f513589edd858a5e5a3441b12e10a8bb61c93c3cf33d04c518804dcc27
? ? ? +7a9d0df213922ff752f8ea4cba6fb0f5ba8acb57dcf02d3746a7cc588b1362a8
? ? ? +2f7c7077399e18536ca1540e2a868780605dc4bf518a2c86dd2bc904df989f00
? ? ? +0000404547c764e3ab6f499e0ea3656a9332f2da71506a1a5178d4828657682a
? ? ? +c5f3f65eaf7212c1a7e41438bb48524eb5e1eff3d87080f1339c5d3e99369d56
? ? ? +ebc5fd
? ? ? --- /tmp/guix-directory.jSGCMh/lib/nss/libnssdbm3.chk
? ? ??? +++ /gnu/store/vs3dxnrkbf58s85p49phxp5xambafp2m-nss-3.59/lib/nss/libnssdbm3.chk
? ? ?? xxd not available in path. Falling back to Python hexlify.
? ? ? @@ -11,19 +11,19 @@
? ? ? 5c80e3430a9e943586d458a1ca22b973460bfb3e33f1d5d3b426bf50d7f20933
? ? ? 6ec0311b6d077086ca57f70b4a63f06fc88aed5060f311c744f3ce4e50422d85
? ? ? 335457038ddc664d6183171c7b0d65bc8f2c1986fce29f5d67fcd4a5f823a11a
? ? ? a2e11115843201ee88f15530e9743c1a2b54452e39b977e132af2d97e021ecf5
? ? ? 58e1c72ee0713d29a4d6e25f859c0504464189033cfab2cffad567ccec68fc83
? ? ? d91f2e4e9a5e77a1ffe66f048bf96b47c649d2886e29a31baee04f728a28940c
? ? ? 1d8c99a26ff8ba9990c7e5b13c1034866a6a1f396358e15e9795454038456f02
? ? ? -b5866eae2f327ea13a342c1cd3ff4e2c381caa2e66be323e3c065f000001002e
? ? ? -21ad266d676e56ae5ccc227879f1c1c6b9b6dd83eb7446a82f5a18bb09a4d252
? ? ? -4cb3f635179b88fdab69e30efbc1684d7bcd5f24b3c6c70a14b998b19c7af1a0
? ? ? -d3d79f75d2f3fd00a2fe19bfdcef007b67c2004f0571f670887e1f8ac7d1bf5d
? ? ? -3dea50a0117efd7ff049d41ee286e642a0fe43256d77146324ab6ce8a83ef8c4
? ? ? -9807d016f639f5ceb6f427062f5201e51e7776bb6463d89f9afeddbc7a9a28ee
? ? ? -653be542425efa441a6815238c5898d33d76b9e44ceb7353e98927bb2935e025
? ? ? -953cd7649241efaf3edbb5eed3abb7826c837dbbf2aaf1e1d9d2ee72dee0b3b5
? ? ? -0d872cd2eb74969baa23c186b00fa87b4951ae0eb3fa867fb6462fad73154800
? ? ? -0000403e373b8324248b0d53ba133dda29283d13350324847164c5ab29024678
? ? ? -03611368137b58211456ce78c50968bd1233758422d591805c87d25b64a5abda
? ? ? -09dda9
? ? ? +b5866eae2f327ea13a342c1cd3ff4e2c381caa2e66be323e3c065f000001005b
? ? ? +7a928e5d253ed22eb50a37023609db35ebab0672812f924d3ea7b74be43f26d5
? ? ? +bc93ef30cd96d39daad0ab6eb98efab9047dcc73fa7b7dae259dc6a3f43255be
? ? ? +e519afbb0a727b75247fc078fa22c0f1c716655c99e30b24867974959b52179d
? ? ? +92d2b9bee276208c7ae5707975c55eea7125d83929709f5e63b6172e389a4858
? ? ? +6d10c85f501882a285a476692f97247993f4aef2243b803b36528fc26d384503
? ? ? +4437d3107e853f1d05a02f411e7e609ef720ff7bc299575d8840faaa40d33ddd
? ? ? +b58f03a0669be967bc8021dfea2bbce37ae23b3c929ff98396d12a84e0634834
? ? ? +1b80442fbbd9f7dcdda35dea83d1092c5ccc1ac2980bd0f3233bc82cbf165300
? ? ? +00004030d6ccc46ba7ac1abdce687718962041cf98cb55787191130175f9e0d1
? ? ? +ab8b2c610437f4e7a11d220d5989c3868d6db6257ab841d80ffcbff56d3b268c
? ? ? +5abbee
? ? ? --- /tmp/guix-directory.jSGCMh/lib/nss/libsoftokn3.chk
? ? ??? +++ /gnu/store/vs3dxnrkbf58s85p49phxp5xambafp2m-nss-3.59/lib/nss/libsoftokn3.chk
? ? ?? xxd not available in path. Falling back to Python hexlify.
? ? ? @@ -11,19 +11,19 @@
? ? ? 5c80e3430a9e943586d458a1ca22b973460bfb3e33f1d5d3b426bf50d7f20933
? ? ? 6ec0311b6d077086ca57f70b4a63f06fc88aed5060f311c744f3ce4e50422d85
? ? ? 335457038ddc664d6183171c7b0d65bc8f2c1986fce29f5d67fcd4a5f823a11a
? ? ? a2e11115843201ee88f15530e9743c1a2b54452e39b977e132af2d97e021ecf5
? ? ? 58e1c72ee0713d29a4d6e25f859c0504464189033cfab2cffad567ccec68fc83
? ? ? d91f2e4e9a5e77a1ffe66f048bf96b47c649d2886e29a31baee04f728a28940c
? ? ? 1d8c99a26ff8ba9990c7e5b13c1034866a6a1f396358e15e9795454038456f02
? ? ? -b5866eae2f327ea13a342c1cd3ff4e2c381caa2e66be323e3c065f000001001e
? ? ? -24d85331677aae2d94bd05a1efc093d260c20de07d57ee8c503956067275acf3
? ? ? -0059cbab61581aa1c386dba534f268f96c5b9f802ef57311f7fa53915e8018b6
? ? ? -d31abcd81c84f23d134ebe15127011e75cbbcaa809f6ca2d47f6ff67c3d02e8f
? ? ? -5984d85463d458e3b35b9c35a1355fe4fae0709dd303eb4481809e10d8ce7ac0
? ? ? -83ac85be99af4ce33520874f101665e0e77e7436ee6423cf82d4a8924aa53e51
? ? ? -d21d7766aa5665041c4d4ef75fddce637a754ca42941cf986e1bbce60012bc1a
? ? ? -5666674075c199c128048bcaee9dd35cb7e7248f553047c90e8e98511aeda17f
? ? ? -2c75e8280037910e500c7e03c7bc935a7ad8d719484ff45bba3393e672c92500
? ? ? -0000400605c2755588373f9f857d000b231c6d59cc6d0b1b08eb3f07a2b09cf7
? ? ? -9a980124839b4bf70a8f3759f4e72fabc28550469f353451c570eb7b4efeebb2
? ? ? -a15a6a
? ? ? +b5866eae2f327ea13a342c1cd3ff4e2c381caa2e66be323e3c065f0000010011
? ? ? +b0342b5cad4140db9fa893b68d1c5f3834c1cee9f95edc9b57a7968ec0c4ec2d
? ? ? +18ccded167b847137ec4b8361aa1e782ccd0797b4401382f5d120848b67930be
? ? ? +07389e0f52dda5f812d7462197594b4e86df50adedafbc57dc4e3160e09b8437
? ? ? +4570899257469c8e97d46d40fe0801d906dfe8bdc611a953b2d0690a0e1d6dc8
? ? ? +5c7699f30dee70856a6627847e08a710db7432e29b33474358005a53dfa5fa95
? ? ? +f23817dda29c64694119e48e7a9b2a428d5afc42c43dafe78994cde0f065b7b9
? ? ? +eca4ee565767ac13fe183cbac6c85002210e67ad8c5635c5bfde812c702b234a
? ? ? +1dc530f5ff737c7ca25224e7375e35077874a999921570273afab1eb91f96200
? ? ? +00004053356da884e81a92cd25fdea9dbd9137990a4e354d1421d50100bb7e56
? ? ? +934dc868d7b5b00f1a9b470ca3c27379af91e9695c8fdab671a160b6272f9276
? ? ? +d1fe04

1 store items were analyzed:
- 0 (0.0%) were identical
- 1 (100.0%) differed
- 0 (0.0%) were inconclusive
```
V
V
Vagrant Cascadian wrote on 7 Mar 23:16 +0100
Re: bug#40316: core-updates nss not reproducible
(address . 40316@debbugs.gnu.org)(address . control@debbugs.gnu.org)
87zfv9n0vy.fsf@wireframe
retitle 40316 nss not reproducible
thanks

Still an issue on master as of d29e5a83e887cd2f4f459a12cbbfc40c77e55ce2:

guix challenge --verbose --diff=simple nss
guix challenge: warning: could not determine current substitute URLs; using defaults
/gnu/store/mc9gdsm0cqpyd2522f5xghdl59p1l35r-nss-3.88.1 contents differ:
no local build for '/gnu/store/mc9gdsm0cqpyd2522f5xghdl59p1l35r-nss-3.88.1'
https://ci.guix.gnu.org/nar/lzip/mc9gdsm0cqpyd2522f5xghdl59p1l35r-nss-3.88.1:18xvq9cb7y2hajixnkk24bh969px0h5289hgby484iyg3x73sagp
differing files:
/lib/nss/libfreebl3.chk
/lib/nss/libfreeblpriv3.chk
/lib/nss/libnssdbm3.chk
/lib/nss/libsoftokn3.chk

1 store items were analyzed:
- 0 (0.0%) were identical
- 1 (100.0%) differed
- 0 (0.0%) were inconclusive

According to the notes in Debian, this is due to cryptographic
signatures performed at build time:



live well,
vagrant
-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQRlgHNhO/zFx+LkXUXcUY/If5cWqgUCZeo8wQAKCRDcUY/If5cW
qpPOAQD3X++W8pz9obrPqz7Lu6lBT7irx7v7bPgKZylMqrwddgEAnZVMhE9BN2R5
5la3TTgaeQLzJ3OFykNGfOIeGuAy4QQ=
=H8rd
-----END PGP SIGNATURE-----

S
S
Steve George wrote 4 days ago
Update needed of NSS
(address . 40316@debbugs.gnu.org)
ZiesyKIEQ-izI-3k@dragon2
Hi,

Confirmed nss doesn't build reproducibly on current core-updates branch.

Also looks like it needs an update to 3.99

Steve / Futurile
C
C
Christina O'Donnell wrote 35 hours ago
Re: Core updates status
(address . 40316@debbugs.gnu.org)
2dc99b59-cb76-f822-f2ce-027f523bb682@mutix.org
Hi Steve,

Toggle quote (4 lines)
> It would be good to confirm this one:
>
> https://debbugs.gnu.org/cgi/bugreport.cgi?bug=40316

Still fails to reproduce with those changes applied.

The culprit is in nss/cmd/shlibsign/shlibsign.c:

shlibSignHMAC generates a new key-pair each time it's run:

    /* Generate a DSA key pair */
    logIt("Generate an HMAC key ... \n");
    crv = pFunctionList->C_GenerateKey(hRwSession, &hmacKeyGenMech,
                                       hmacKeyTemplate,
PR_ARRAY_SIZE(hmacKeyTemplate),
                                       &hHMACKey);

Three options:
 1. Disable library signing entirely.
 2. Seed the generation to be deterministic.
 3. Drop in a HMAC key-pair and patch the code to use that instead of
generating.

2 and 3 defeat the point of the cryptographically secure supply chain as
the private key can be obtained deterministically, so my vote would be
simply  to not sign the libraries (1), which would be easier to
maintain. We're not the primary distributor and users can verify our
distribution of nss by running `guix challenge` anyway.

Toggle quote (2 lines)
> It looks like Zhen Junjie applied two patches to fix NSS cross-compilation on Master [0]

Building everything cross-compiled to ARM now.

Kind regards,

Christina
C
C
Christina O'Donnell wrote 33 hours ago
Re: nss not reproducible
(address . 40316@debbugs.gnu.org)
714bd3eb-76ed-2159-9761-f8614a1b164a@mutix.org
Hi,

I believe I have a fix for this, I'm just waiting on my machine to hurry
up and confirm it, might end up running over night, then I'll send my
patch up.

I'm doing two native builds and two cross-builds.

I've also updated to 3.99.

Kind regards,

Christina

On 25/04/2024 15:06, Christina O'Donnell wrote:
Toggle quote (41 lines)
> Hi Steve,
>
>> It would be good to confirm this one:
>>
>> https://debbugs.gnu.org/cgi/bugreport.cgi?bug=40316
>
> Still fails to reproduce with those changes applied.
>
> The culprit is in nss/cmd/shlibsign/shlibsign.c:
>
> shlibSignHMAC generates a new key-pair each time it's run:
>
>     /* Generate a DSA key pair */
>     logIt("Generate an HMAC key ... \n");
>     crv = pFunctionList->C_GenerateKey(hRwSession, &hmacKeyGenMech,
>                                        hmacKeyTemplate,
> PR_ARRAY_SIZE(hmacKeyTemplate),
>                                        &hHMACKey);
>
> Three options:
>  1. Disable library signing entirely.
>  2. Seed the generation to be deterministic.
>  3. Drop in a HMAC key-pair and patch the code to use that instead of
> generating.
>
> 2 and 3 defeat the point of the cryptographically secure supply chain
> as the private key can be obtained deterministically, so my vote would
> be simply  to not sign the libraries (1), which would be easier to
> maintain. We're not the primary distributor and users can verify our
> distribution of nss by running `guix challenge` anyway.
>
>> It looks like Zhen Junjie applied two patches to fix NSS
>> cross-compilation on Master [0]
>
> Building everything cross-compiled to ARM now.
>
> Kind regards,
>
> Christina
>
>
C
C
Christina O'Donnell wrote 4 hours ago
[PATCH 0/6] WIP: nss: Update to 3.99
(address . 40316@debbugs.gnu.org)
cover.1714166213.git.cdo@mutix.org
Hi,

I've got as far as making nss 3.98 reproducible, however updating it to 3.99
results in 51 test failures. These are regressions, and worked correctly for
3.98. I'm not entirely sure what the issue is, but I've run out of time to
debug it this week, so I'm sending this patch up as is.

Up to patch 3 build correctly. Patch 4 is the first one that fails.

The issue specifically seems to all be related to FIPS:

A PKCS #11 module returned CKR_DEVICE_ERROR, indicating that a problem has
occurred with the token or slot.

If someone could take a look at this and see if there's anything I've missded
then I'd appreciate that. Otherwise I'm free to pick it back up again on
Tuesday.

Let me know if you have any questions.

Kind regards,
Christina

Christina O'Donnell (4):
gnu: nss: Make reproducible.
gnu: nss: Update to 3.99.
gnu: nss-certs: Update to 3.99.
WIP: nss: Attempting to resolve FIPS regression.

Zheng Junjie (2):
gnu: nss: Fix cross-compilation.
gnu: nspr: Fix cross-compilation.

gnu/packages/certs.scm | 24 +++++--
gnu/packages/nss.scm | 30 +++++++--
.../patches/nss-Disable-library-signing.patch | 67 +++++++++++++++++++
3 files changed, 111 insertions(+), 10 deletions(-)
create mode 100644 gnu/packages/patches/nss-Disable-library-signing.patch


base-commit: 9a47ef6182b6a36354699efbdbedca17f24cd9b8
--
2.41.0
C
C
Christina O'Donnell wrote 4 hours ago
[PATCH 3/6] gnu: nss: Make reproducible.
(address . 40316@debbugs.gnu.org)
ba7d0083ae84b8ff3bd5e01a633cbe32226f8651.1714166213.git.cdo@mutix.org
gnu/packages/patches/nss-Disable-library-signing.patch: Disable library
signing to make the build reproducible.
gnu/packages/nss.scm (nss): Apply this new patch.

Change-Id: I7860bae219ecc4a79423a590c27a1097ae2e7874
---
gnu/packages/nss.scm | 3 +-
.../patches/nss-Disable-library-signing.patch | 67 +++++++++++++++++++
2 files changed, 69 insertions(+), 1 deletion(-)
create mode 100644 gnu/packages/patches/nss-Disable-library-signing.patch

Toggle diff (89 lines)
diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm
index 0baafe2f373..b608a995577 100644
--- a/gnu/packages/nss.scm
+++ b/gnu/packages/nss.scm
@@ -124,7 +124,8 @@ (define-public nss
;; Create nss.pc and nss-config.
(patches (search-patches "nss-3.56-pkgconfig.patch"
"nss-getcwd-nonnull.patch"
- "nss-increase-test-timeout.patch"))
+ "nss-increase-test-timeout.patch"
+ "nss-Disable-library-signing.patch"))
(modules '((guix build utils)))
(snippet
'(begin
diff --git a/gnu/packages/patches/nss-Disable-library-signing.patch b/gnu/packages/patches/nss-Disable-library-signing.patch
new file mode 100644
index 00000000000..b488d29dcad
--- /dev/null
+++ b/gnu/packages/patches/nss-Disable-library-signing.patch
@@ -0,0 +1,67 @@
+From 4734b834755822f962af29e9395daa7338084e21 Mon Sep 17 00:00:00 2001
+Message-ID: <4734b834755822f962af29e9395daa7338084e21.1714059680.git.cdo@mutix.org>
+From: Christina O'Donnell <cdo@mutix.org>
+Date: Thu, 25 Apr 2024 16:35:50 +0100
+Subject: [PATCH] nss: Disable library signing.
+
+---
+ nss/cmd/shlibsign/Makefile | 32 +-------------------------------
+ 1 file changed, 1 insertion(+), 31 deletions(-)
+
+diff --git a/nss/cmd/shlibsign/Makefile b/nss/cmd/shlibsign/Makefile
+index a119205..7a85c1d 100644
+--- a/nss/cmd/shlibsign/Makefile
++++ b/nss/cmd/shlibsign/Makefile
+@@ -43,22 +43,9 @@ EXTRA_SHARED_LIBS += \
+
+ endif
+
+-
+-# sign any and all shared libraries that contain the word freebl
+-ifeq ($(NSS_BUILD_WITHOUT_SOFTOKEN),1)
++# Disable library signing as it's non-deterministic
+ CHECKLIBS =
+ CHECKLOC =
+-else
+-CHECKLIBS = $(DIST)/lib/$(DLL_PREFIX)softokn3.$(DLL_SUFFIX)
+-CHECKLIBS += $(wildcard $(DIST)/lib/$(DLL_PREFIX)freebl*3.$(DLL_SUFFIX))
+-ifndef NSS_DISABLE_DBM
+-CHECKLIBS += $(DIST)/lib/$(DLL_PREFIX)nssdbm3.$(DLL_SUFFIX)
+-endif
+-CHECKLOC = $(CHECKLIBS:.$(DLL_SUFFIX)=.chk)
+-
+-MD_LIB_RELEASE_FILES = $(CHECKLOC)
+-ALL_TRASH += $(CHECKLOC)
+-endif
+
+ #######################################################################
+ # (5) Execute "global" rules. (OPTIONAL) #
+@@ -78,23 +65,6 @@ include $(CORE_DEPTH)/coreconf/rules.mk
+
+ include ../platrules.mk
+
+-SRCDIR = $(call core_abspath,.)
+-
+-%.chk: %.$(DLL_SUFFIX)
+-ifeq ($(OS_TARGET), OS2)
+- cd $(OBJDIR) ; cmd.exe /c $(SRCDIR)/sign.cmd $(DIST) \
+- $(call core_abspath,$(OBJDIR)) $(OS_TARGET) \
+- $(call core_abspath,$(NSPR_LIB_DIR)) $(call core_abspath,$<)
+-else
+- ifeq ($(CROSS_COMPILE),1)
+- # do nothing
+- else
+- cd $(OBJDIR) ; sh $(SRCDIR)/sign.sh $(call core_abspath,$(DIST)) \
+- $(call core_abspath,$(OBJDIR)) $(OS_TARGET) \
+- $(call core_abspath,$(NSPR_LIB_DIR)) $(call core_abspath,$<)
+- endif
+-endif
+-
+ libs: install
+ ifdef CHECKLOC
+ $(MAKE) $(CHECKLOC)
+
+base-commit: 2951778f8e8855bed24754a57ecc43f02a2843dd
+--
+2.41.0
+
--
2.41.0
C
C
Christina O'Donnell wrote 4 hours ago
[PATCH 1/6] gnu: nss: Fix cross-compilation.
(address . 40316@debbugs.gnu.org)
5ac99f62f8c43d2df3f64cd77ccbe0540dd82269.1714166213.git.cdo@mutix.org
From: Zheng Junjie <zhengjunjie@iscas.ac.cn>

* gnu/packages/nss.scm (nss)[arguments]<#:make-flags>: When
cross-compilation, Add CROSS_COMPILE=1.
<#:phases>: When cross-compilation, Set env NATIVE_CC to gcc.

Change-Id: I5c9559a4b8cecf2cfc6c47d136d69c01a335faaf
Signed-off-by: Zheng Junjie <zhengjunjie@iscas.ac.cn>
---
gnu/packages/nss.scm | 7 +++++++
1 file changed, 7 insertions(+)

Toggle diff (27 lines)
diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm
index 7e9ed49ead8..459e53bc1cf 100644
--- a/gnu/packages/nss.scm
+++ b/gnu/packages/nss.scm
@@ -154,6 +154,9 @@ (define-public nss
(#$(target-linux?) "linux")
(else ""))))
#~())
+ #$@(if (%current-target-system)
+ #~("CROSS_COMPILE=1")
+ #~())
(string-append "NSPR_INCLUDE_DIR="
(search-input-directory %build-inputs
"include/nspr"))
@@ -175,6 +178,10 @@ (define-public nss
(lambda _
(setenv "CC" #$(cc-for-target))
(setenv "CCC" #$(cxx-for-target))
+ ;; TODO: Set this unconditionally
+ #$@(if (%current-target-system)
+ #~((setenv "NATIVE_CC" "gcc"))
+ #~())
;; No VSX on powerpc-linux.
#$@(if (target-ppc32?)
#~((setenv "NSS_DISABLE_CRYPTO_VSX" "1"))
--
2.41.0
C
C
Christina O'Donnell wrote 4 hours ago
[PATCH 2/6] gnu: nspr: Fix cross-compilation.
(address . 40316@debbugs.gnu.org)
1ea4518f8c971f69a4731da7559c7ab322ff77ed.1714166213.git.cdo@mutix.org
From: Zheng Junjie <zhengjunjie@iscas.ac.cn>

* gnu/packages/nss.scm (nspr)[arguments]<#:configure-flags>: When
cross-compilation, Add HOST_CC=gcc.

Change-Id: I337f217f153f8cc3a713906643d6fab9115056e9
Signed-off-by: Zheng Junjie <zhengjunjie@iscas.ac.cn>
---
gnu/packages/nss.scm | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)

Toggle diff (18 lines)
diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm
index 459e53bc1cf..0baafe2f373 100644
--- a/gnu/packages/nss.scm
+++ b/gnu/packages/nss.scm
@@ -71,7 +71,10 @@ (define-public nspr
#~(list "--disable-static"
"--enable-64bit"
(string-append "LDFLAGS=-Wl,-rpath="
- (assoc-ref %outputs "out") "/lib"))
+ (assoc-ref %outputs "out") "/lib")
+ #$@(if (%current-target-system)
+ #~("HOST_CC=gcc")
+ #~()))
;; Use fixed timestamps for reproducibility.
#:make-flags #~'("SH_DATE='1970-01-01 00:00:01'"
;; This is epoch 1 in microseconds.
--
2.41.0
C
C
Christina O'Donnell wrote 4 hours ago
[PATCH 4/6] gnu: nss: Update to 3.99.
(address . 40316@debbugs.gnu.org)
e7eea53f912ca11685ddc2519e9090bb52c7ed6b.1714166213.git.cdo@mutix.org
gnu/packages/nss.scm (nss): Update to 3.99.

Change-Id: Iba6c9dc2956cc0febb62a1c471add899250fa489
---
gnu/packages/nss.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (24 lines)
diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm
index b608a995577..80667d8affe 100644
--- a/gnu/packages/nss.scm
+++ b/gnu/packages/nss.scm
@@ -109,7 +109,7 @@ (define-public nss
;; IMPORTANT: Also update and test the nss-certs package, which duplicates
;; version and source to avoid a top-level variable reference & module
;; cycle.
- (version "3.88.1")
+ (version "3.99")
(source (origin
(method url-fetch)
(uri (let ((version-with-underscores
@@ -120,7 +120,7 @@ (define-public nss
"nss-" version ".tar.gz")))
(sha256
(base32
- "15il9fsmixa1r4446zq1wl627sg0hz9h67w6kjxz273xz3nl7li7"))
+ "1g89ig40gfi1sp02gybvl2z818lawcnrqjzsws36cdva834c5maw"))
;; Create nss.pc and nss-config.
(patches (search-patches "nss-3.56-pkgconfig.patch"
"nss-getcwd-nonnull.patch"
--
2.41.0
C
C
Christina O'Donnell wrote 4 hours ago
[PATCH 5/6] gnu: nss-certs: Update to 3.99.
(address . 40316@debbugs.gnu.org)
4e8fc191444bf48b1d1b8d21c3f1a723c4f4ad85.1714166213.git.cdo@mutix.org
gnu/packages/certs.scm (nss-certs-3.88.1): New variable.
(nss-certs-3.98): Update and rename to nss-certs-3.99.
(nss-certs): Update to 3.99.

Change-Id: I2f5f737d44d08497d4f5e0e07557be36d2f1f070
---
gnu/packages/certs.scm | 24 +++++++++++++++++++-----
1 file changed, 19 insertions(+), 5 deletions(-)

Toggle diff (52 lines)
diff --git a/gnu/packages/certs.scm b/gnu/packages/certs.scm
index 7078c7c8d11..7aa96493fbe 100644
--- a/gnu/packages/certs.scm
+++ b/gnu/packages/certs.scm
@@ -125,7 +125,7 @@ (define-public certdata2pem
that was originally contributed to Debian.")
(license license:isc))))
-(define-public nss-certs
+(define-public nss-certs-3.88.1
(package
(name "nss-certs")
;; XXX We used to refer to the nss package here, but that eventually caused
@@ -188,10 +188,10 @@ (define-public nss-certs
(home-page "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS")
(license license:mpl2.0)))
-(define-public nss-certs-3.98
+(define-public nss-certs-3.99
(package
- (inherit nss-certs)
- (version "3.98")
+ (inherit nss-certs-3.88.1)
+ (version "3.99")
(source (origin
(method url-fetch)
(uri (let ((version-with-underscores
@@ -202,7 +202,21 @@ (define-public nss-certs-3.98
"nss-" version ".tar.gz")))
(sha256
(base32
- "1kh98amfklrq6915n4mlbrcqghc3srm7rkzs9dkh21jwscrwqjgm"))))))
+ "15il9fsmixa1r4446zq1wl627sg0hz9h67w6kjxz273xz3nl7li7"))
+ ;; Create nss.pc and nss-config.
+ (patches (search-patches "nss-3.56-pkgconfig.patch"
+ "nss-getcwd-nonnull.patch"
+ "nss-increase-test-timeout.patch"
+ "nss-Disable-library-signing.patch"))
+ (modules '((guix build utils)))
+ (snippet
+ '(begin
+ ;; Delete the bundled copy of these libraries.
+ (delete-file-recursively "nss/lib/zlib")
+ (delete-file-recursively "nss/lib/sqlite")))))))
+
+(define-public nss-certs
+ nss-certs-3.99)
(define-public le-certs
(package
--
2.41.0
C
C
Christina O'Donnell wrote 4 hours ago
[PATCH 6/6] WIP: nss: Attempting to resolve FIPS regression.
(address . 40316@debbugs.gnu.org)
bfed33ceadbd21b2688266f5e3a2918332c264c9.1714166213.git.cdo@mutix.org
There are 51 new test failures which all appear to be related to FIPS.

For example:

modutil -dbdir /tmp/guix-build-nss-3.99.drv-0/nss-3.99/tests_results/security/localhost.1/fips -fips true

WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type
'q <enter>' to abort, or <enter> to continue:
A PKCS #11 module returned CKR_DEVICE_ERROR, indicating that a problem has occurred with the token or slot.
ERROR: Unable to switch FIPS modes.
cert.sh: #291: Enable FIPS mode on database for FIPS PUB 140 Test Certificate (11) - FAILED
cert.sh ERROR: Enable FIPS mode on database for FIPS PUB 140 Test Certificate failed 11

Change-Id: If0d57bb9e129eb862fae1a28d9779c6100e0a23d
---
gnu/packages/nss.scm | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)

Toggle diff (43 lines)
diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm
index 80667d8affe..a8fb6965c2c 100644
--- a/gnu/packages/nss.scm
+++ b/gnu/packages/nss.scm
@@ -134,6 +134,10 @@ (define-public nss
(delete-file-recursively "nss/lib/sqlite")))))
(build-system gnu-build-system)
(outputs '("out" "bin"))
+ ;; (search-paths
+ ;; (list (search-path-specification
+ ;; (variable "LD_LIBRARY_PATH")
+ ;; (files '("lib")))))
(arguments
(list
#:make-flags
@@ -161,12 +165,15 @@ (define-public nss
#$@(if (%current-target-system)
#~("CROSS_COMPILE=1")
#~())
+ (string-append "NSS_FORCE_FIPS=1")
+ (string-append "NSPR_LIB_DIR="
+ (string-append #$nspr "/lib"))
(string-append "NSPR_INCLUDE_DIR="
(search-input-directory %build-inputs
"include/nspr"))
;; Add $out/lib/nss to RPATH.
(string-append "RPATH=" rpath)
- (string-append "LDFLAGS=" rpath)))
+ (string-append "LDFLAGS=" rpath " -L" #$nspr "/lib")))
#:modules '((guix build gnu-build-system)
(guix build utils)
(ice-9 ftw)
@@ -203,6 +210,8 @@ (define-public nss
(setenv "DOMSUF" "localdomain")
(setenv "USE_IP" "TRUE")
(setenv "IP_ADDRESS" "127.0.0.1")
+ ;; (setenv "LD_LIBRARY_PATH"
+ ;; (string-append (getenv "LD_LIBRARY_PATH")))
;; The "PayPalEE.cert" certificate expires every six months,
;; leading to test failures:
--
2.41.0
V
V
Vagrant Cascadian wrote 3 hours ago
Re: [PATCH 3/6] gnu: nss: Make reproducible.
87o79vybmn.fsf@wireframe
On 2024-04-26, Christina O'Donnell wrote:
Toggle quote (4 lines)
> gnu/packages/patches/nss-Disable-library-signing.patch: Disable library
> signing to make the build reproducible.
> gnu/packages/nss.scm (nss): Apply this new patch.

Nice!


Toggle quote (16 lines)
> diff --git a/gnu/packages/patches/nss-Disable-library-signing.patch b/gnu/packages/patches/nss-Disable-library-signing.patch
> new file mode 100644
> index 00000000000..b488d29dcad
> --- /dev/null
> +++ b/gnu/packages/patches/nss-Disable-library-signing.patch
> @@ -0,0 +1,67 @@
> +From 4734b834755822f962af29e9395daa7338084e21 Mon Sep 17 00:00:00 2001
> +Message-ID: <4734b834755822f962af29e9395daa7338084e21.1714059680.git.cdo@mutix.org>
> +From: Christina O'Donnell <cdo@mutix.org>
> +Date: Thu, 25 Apr 2024 16:35:50 +0100
> +Subject: [PATCH] nss: Disable library signing.
> +
> +---
> + nss/cmd/shlibsign/Makefile | 32 +-------------------------------
> + 1 file changed, 1 insertion(+), 31 deletions(-)

I think it would be good to explain why this patch is included, not just
in the git commit message, but in the patch comments itself. I realize
the patch actually includes a comment about non-determinism, but it is a
bit lost in the diff.

Also, might be worth briefly explaining why disabling this feature is
unlikely to break anything, etc.

Curious if there might be some way to leave most of the code in place,
disable it... otherwise on version updates it is more likely to result
in conflicts with even minor changes...


live well,
vagrant
-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQRlgHNhO/zFx+LkXUXcUY/If5cWqgUCZiwxoAAKCRDcUY/If5cW
qsQ5AQDJ/1xNdBXkWi9aT/MbiZO30A0F22MvfMv5LLUbX5WIXAEAxXLjwe8V188l
hwmE+P+mEqzNrlOzfqveZAXd/xk63gQ=
=tJPX
-----END PGP SIGNATURE-----

?