GNU bug report logs - #44559
gnutls 3.6.12 fails to build: FAIL: status-request-revoked

Previous Next

Package: guix;

Reported by: Christopher Baines <mail <at> cbaines.net>

Date: Tue, 10 Nov 2020 20:50:02 UTC

Severity: important

Tags: moreinfo

Done: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

Message #8 received at 44559 <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: Christopher Baines <mail <at> cbaines.net>
Cc: 44559 <at> debbugs.gnu.org
Subject: Re: bug#44559: gnutls 3.6.12 fails to build: FAIL:
 status-request-revoked
Date: Thu, 12 Nov 2020 22:06:09 +0100

Hi,

Christopher Baines <mail <at> cbaines.net> skribis:

> I found this when trying to build guile3.0-gnutls:
>
>   guix time-machine --commit=94585fffb23079fe71110e2bf99782eb4ccfa12b -- build --no-grafts --check guile3.0-gnutls
>   
>
> FAIL: status-request-revoked
> ============================
>
> trying NORMAL:-VERS-ALL:+VERS-TLS1.2
> received status request
> received status request
> cert_verify_callback:263: certificate verify status doesn't match: 100402 != 22FAIL status-request-revoked (exit status: 1)

This was fixed upstream between 3.6.12 and 3.6.14 with this patch by
Bernhard (it’s a small world!):

--8<---------------cut here---------------start------------->8---
commit ed208fe55f31478732fd6cc394f9576b315a42cd
Author: Bernhard M. Wiedemann <bwiedemann <at> suse.de>
Date:   Sun Apr 5 15:09:57 2020 +0200

    tests: Fix status-request-revoked after 2020-10-24
    
    included certs expire 2020-10-24 so this test fails after that date.
    
    Fixes #967
    
    This patch was done while working on reproducible builds for openSUSE.
    
    Signed-off-by: Bernhard M. Wiedemann <bwiedemann <at> suse.de>
--8<---------------cut here---------------end--------------->8---

The question for us becomes how to ensure long-term reproducibility in
the presence of such bugs.

In this case, I think the only solution would be to change the system
clock when one rebuilds GnuTLS (or to use ‘--without-tests=gnutls’, but
you end up with different derivations, which is not necessarily
desirable).

Thoughts?

Ludo’.
This bug report was last modified 2 years and 363 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.