GNU bug report logs - #40316
nss not reproducible

Previous Next

Package: guix;

Reported by: Danny Milosavljevic <dannym <at> scratchpost.org>

Date: Mon, 30 Mar 2020 02:36:21 UTC

Severity: normal

Merged with 30108, 33507

Full log

View this message in rfc822 format

From: Christina O'Donnell <cdo <at> mutix.org>
To: 40316 <at> debbugs.gnu.org
Cc: Christina O'Donnell <cdo <at> mutix.org>, zhengjunjie <at> iscas.ac.cn, vagrant <at> reproducible-builds.org, steve <at> futurile.net
Subject: bug#40316: [PATCH v2 6/6] gnu: nss: Disable FIPS in lowhashtest.
Date: Thu,  2 May 2024 12:00:50 +0100

* gnu/packages/nss.scm (nss): Disable FIPS in lowhashtests.
This is required as FIPS is inherently non-deterministic, making the build no
longer reproducible.

Change-Id: I2b294530b017285d0949a1082abaaf3a8fe1f6b5
---
 gnu/packages/nss.scm                          |  3 +-
 .../nss-disable-fips-in-lowhashtest.patch     | 28 +++++++++++++++++++
 2 files changed, 30 insertions(+), 1 deletion(-)
 create mode 100644 gnu/packages/patches/nss-disable-fips-in-lowhashtest.patch

diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm
index 08e4cb06ee..02081c32e1 100644
--- a/gnu/packages/nss.scm
+++ b/gnu/packages/nss.scm
@@ -125,7 +125,8 @@ (define-public nss
               (patches (search-patches "nss-3.56-pkgconfig.patch"
                                        "nss-getcwd-nonnull.patch"
                                        "nss-increase-test-timeout.patch"
-                                       "nss-disable-shlibsign.patch"))
+                                       "nss-disable-shlibsign.patch"
+                                       "nss-disable-fips-in-lowhashtest.patch"))
               (modules '((guix build utils)))
               (snippet
                '(begin
diff --git a/gnu/packages/patches/nss-disable-fips-in-lowhashtest.patch b/gnu/packages/patches/nss-disable-fips-in-lowhashtest.patch
new file mode 100644
index 0000000000..c8fc1e7e7a
--- /dev/null
+++ b/gnu/packages/patches/nss-disable-fips-in-lowhashtest.patch
@@ -0,0 +1,28 @@
+From f32bd353c5b741d6da5811fd40681dda80799bfb Mon Sep 17 00:00:00 2001
+Message-ID: <f32bd353c5b741d6da5811fd40681dda80799bfb.1714591857.git.cdo <at> mutix.org>
+From: Christina O'Donnell <cdo <at> mutix.org>
+Date: Wed, 1 May 2024 20:30:15 +0100
+Subject: [PATCH] nss: Disable FIPS in lowhashtest.
+
+---
+ nss/tests/lowhash/lowhash.sh | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/nss/tests/lowhash/lowhash.sh b/nss/tests/lowhash/lowhash.sh
+index 2984b9b..9dcc89b 100755
+--- a/nss/tests/lowhash/lowhash.sh
++++ b/nss/tests/lowhash/lowhash.sh
+@@ -63,7 +63,7 @@ lowhash_test()
+   else
+     TESTS="MD5 SHA1 SHA224 SHA256 SHA384 SHA512"
+     OLD_MODE=`echo ${NSS_FIPS}`
+-    for fips_mode in 0 1; do
++    for fips_mode in 0; do
+       echo "lowhashtest with fips mode=${fips_mode}"
+       export NSS_FIPS=${fips_mode}
+       for TEST in ${TESTS}
+
+base-commit: 85b7cf166687cbfaf3e3764ed1ea9bb3b9404ef0
+-- 
+2.41.0
+
-- 
2.41.0
This bug report was last modified 1 year and 29 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.