From unknown Sat Jun 21 10:34:12 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#70663 <70663@debbugs.gnu.org> To: bug#70663 <70663@debbugs.gnu.org> Subject: Status: nss@3.99 is really hard to build Reply-To: bug#70663 <70663@debbugs.gnu.org> Date: Sat, 21 Jun 2025 17:34:12 +0000 retitle 70663 nss@3.99 is really hard to build reassign 70663 guix submitter 70663 Christopher Baines severity 70663 normal thanks From debbugs-submit-bounces@debbugs.gnu.org Tue Apr 30 05:17:31 2024 Received: (at submit) by debbugs.gnu.org; 30 Apr 2024 09:17:31 +0000 Received: from localhost ([127.0.0.1]:59264 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s1jcB-0000TF-Cr for submit@debbugs.gnu.org; Tue, 30 Apr 2024 05:17:31 -0400 Received: from lists.gnu.org ([2001:470:142::17]:33776) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s1jc6-0000T7-DX for submit@debbugs.gnu.org; Tue, 30 Apr 2024 05:17:30 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1s1jbZ-0005KS-Pq for bug-guix@gnu.org; Tue, 30 Apr 2024 05:16:59 -0400 Received: from mira.cbaines.net ([212.71.252.8]) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1s1jbX-0000ge-7o for bug-guix@gnu.org; Tue, 30 Apr 2024 05:16:53 -0400 Received: from localhost (unknown [212.132.255.10]) by mira.cbaines.net (Postfix) with ESMTPSA id A009327BBE2 for ; Tue, 30 Apr 2024 10:16:48 +0100 (BST) Received: from felis (localhost.lan [127.0.0.1]) by localhost (OpenSMTPD) with ESMTP id e3921ce0 for ; Tue, 30 Apr 2024 09:16:48 +0000 (UTC) From: Christopher Baines To: bug-guix@gnu.org Subject: nss@3.99 is really hard to build User-Agent: mu4e 1.12.2; emacs 29.3 Date: Tue, 30 Apr 2024 10:16:46 +0100 Message-ID: <87plu7xla9.fsf@cbaines.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Received-SPF: pass client-ip=212.71.252.8; envelope-from=mail@cbaines.net; helo=mira.cbaines.net X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 0.9 (/) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.1 (/) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable nss@3.99 is really hard to build, it's so hard and so important that data.guix.gnu.org is still after two days trying to process [1]. I say so important because you have to build nss@3.99 to compute the channel instance derivations for Guix. 1: https://data.guix.gnu.org/revision/72308f262c910977e40c2c9f350dc563c0a84= 37a Looking at the next revision which has been processed [2], it's been built on riscv64-linux as the testsuite is disabled, and it has also built on aarch64-linux, but there's no successful build for any other architecture. 2: https://data.guix.gnu.org/revision/9f183c3627a006e8fd3bb9708448bc05a6204= e6d/package/nss/3.99.0?locale=3Den_US.UTF-8 I think there's two issues here, was this spotted before merging, and what if anything can be done about this now. Where there's not a substitute available for nss@3.99, this will affect guix pull/guix time-machine, e.g. =E2=86=92 guix time-machine --commit=3D72308f262c910977e40c2c9f350dc563c0= a8437a -- describe Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.= org/git/guix.git'... substitute: updating substitutes from 'https://bordeaux.guix.gnu.org'... = 100.0% substitute: updating substitutes from 'https://bordeaux.guix.gnu.org'... = 100.0% substitute: updating substitutes from 'https://bordeaux.guix.gnu.org'... = 100.0% nss-3.99.tar.xz 55.2MiB = 13.7MiB/s 00:04 =E2=96=95=E2= =96=88=E2=96=88=E2=96=88=E2=96=88=E2=96=88=E2=96=88=E2=96=88=E2=96=88=E2=96= =88=E2=96=88=E2=96=88=E2=96=88=E2=96=88=E2=96=88=E2=96=88=E2=96=88=E2=96=88= =E2=96=88=E2=96=8F 100.0% building /gnu/store/8379qa0y6s7ssjr8gplm5fyw9r5pnxhn-nss-3.99.0.drv... --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQKlBAEBCgCPFiEEPonu50WOcg2XVOCyXiijOwuE9XcFAmYwtv5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcRHG1haWxAY2Jh aW5lcy5uZXQACgkQXiijOwuE9Xdqtg//UfhI6FP67u+ne7heb9jfzjLLzdBNXzsz dq1y87frK4jRQeqluxxrI88/DpOm3eRJKy1TXUh1zpG5nBauflk/hk2DZdhda0dW YlgQxYDiT/cLgdODl5KsOwwkD3V3wXz6RJBanaDF75JFjIo0xa8tNxq36y9ZCVEY kSoOfi8T6Sl4F2c2o8IiQuR2JHlZ65kXNDWZEPbWNOgh2vcq+2/SJWhMRhdEpal5 UrbswxOydaJ5xsJ1IXNkNffkIeLmvJelzTJyrqT07jUaSm+ua8aXssaRoDzJWr+D 192kV1Q7V4O7OTPuuxwiJeUOmVcXLUEgULs3f4c+hYKfULkzyltVKOPfFH+23Y8F 7rd/naSIDz5L5mvW+72wXZe68MzMgr+ga1+amYfTl79o5i3+FH9+a76wGxzf3+7Y I07k8x7iZxwbiRrBCOlIJeRUwz69emPyC9Za58J0gPZYRuoywtaSOJR1awra3ycL EAei6iIACxONTIpX7304VkxgAE4nea/V8icDr6pgKCFJbpHgV1OPXrOdeSHwuhUX 8WaAg5buhpTExUcLTJkzjhoHjdaaYeMnmI1hqV2vfGYgZA/hd6f0Wu3v+DWn8/QU 29Qnu1wg3xYBqp6THbMNWh1wjJ1BGWbAJ+BNz1kf5F/SyEdWMRl8YjpTY5xE746j 8MCbyxjHCmY= =QBkH -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Wed May 01 06:12:01 2024 Received: (at 70663) by debbugs.gnu.org; 1 May 2024 10:12:01 +0000 Received: from localhost ([127.0.0.1]:36572 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s26wT-0004Vf-44 for submit@debbugs.gnu.org; Wed, 01 May 2024 06:12:01 -0400 Received: from mira.cbaines.net ([2a01:7e00:e000:2f8:fd4d:b5c7:13fb:3d27]:55753) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s26wQ-0004VV-QV for 70663@debbugs.gnu.org; Wed, 01 May 2024 06:11:59 -0400 Received: from localhost (unknown [212.132.255.10]) by mira.cbaines.net (Postfix) with ESMTPSA id 88FB927BBE2 for <70663@debbugs.gnu.org>; Wed, 1 May 2024 11:11:36 +0100 (BST) Received: from felis (localhost.lan [127.0.0.1]) by localhost (OpenSMTPD) with ESMTP id 5e5e26b3 for <70663@debbugs.gnu.org>; Wed, 1 May 2024 10:11:36 +0000 (UTC) From: Christopher Baines To: 70663@debbugs.gnu.org Subject: Re: nss@3.99 is really hard to build In-Reply-To: <87plu7xla9.fsf@cbaines.net> (Christopher Baines's message of "Tue, 30 Apr 2024 10:16:46 +0100") References: <87plu7xla9.fsf@cbaines.net> User-Agent: mu4e 1.12.2; emacs 29.3 Date: Wed, 01 May 2024 11:11:31 +0100 Message-ID: <871q6lx2ng.fsf@cbaines.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 70663 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Christopher Baines writes: > nss@3.99 is really hard to build, it's so hard and so important that > data.guix.gnu.org is still after two days trying to process [1]. I say > so important because you have to build nss@3.99 to compute the channel > instance derivations for Guix. > > 1: https://data.guix.gnu.org/revision/72308f262c910977e40c2c9f350dc563c0a= 8437a > > Looking at the next revision which has been processed [2], it's been > built on riscv64-linux as the testsuite is disabled, and it has also > built on aarch64-linux, but there's no successful build for any other > architecture. > > 2: https://data.guix.gnu.org/revision/9f183c3627a006e8fd3bb9708448bc05a62= 04e6d/package/nss/3.99.0?locale=3Den_US.UTF-8 > > I think there's two issues here, was this spotted before merging, and > what if anything can be done about this now. Where there's not a > substitute available for nss@3.99, this will affect guix pull/guix > time-machine, e.g. > > =E2=86=92 guix time-machine --commit=3D72308f262c910977e40c2c9f350dc563= c0a8437a -- describe > Updating channel 'guix' from Git repository at 'https://git.savannah.gn= u.org/git/guix.git'... > substitute: updating substitutes from 'https://bordeaux.guix.gnu.org'..= . 100.0% > substitute: updating substitutes from 'https://bordeaux.guix.gnu.org'..= . 100.0% > substitute: updating substitutes from 'https://bordeaux.guix.gnu.org'..= . 100.0% > nss-3.99.tar.xz 55.2MiB = 13.7MiB/s 00:04 =E2=96=95=E2= =96=88=E2=96=88=E2=96=88=E2=96=88=E2=96=88=E2=96=88=E2=96=88=E2=96=88=E2=96= =88=E2=96=88=E2=96=88=E2=96=88=E2=96=88=E2=96=88=E2=96=88=E2=96=88=E2=96=88= =E2=96=88=E2=96=8F 100.0% > building /gnu/store/8379qa0y6s7ssjr8gplm5fyw9r5pnxhn-nss-3.99.0.drv... Looking at the build failures for x86_64-linux, it seems that there's just one test failure. There's a threshold of less than 5 seconds, and it takes 5 to 7 seconds to complete. This probably isn't helped by using faketime. Here's an upstream bug [3] where they raised the threshold a bit, but this isn't enough for our use case. 3: https://bugzilla.mozilla.org/show_bug.cgi?id=3D1835357 I've sent a patch here which increases the threshold by a lot: https://issues.guix.gnu.org/70693 --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQKlBAEBCgCPFiEEPonu50WOcg2XVOCyXiijOwuE9XcFAmYyFVNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcRHG1haWxAY2Jh aW5lcy5uZXQACgkQXiijOwuE9Xc5ehAAlSBhAj0V6Ce6bQqGcg6+IjHTn9yRtiis asmAS4xKgzw1wEKJni3YixoiLNRy6IdlGcZ0QrEBLKByfwUKITWyjjujl8bxbykL BCoG6F/0n/6Lqh+G/+WiOjHPySM0WfJmGTEP47Vw/7Y/feR6jI852DNvUhwb5v07 NnXKKyu/kgUeD2gCaub/zVmSvGJhZXJQlycPDDG91XhITQaiCmjJCOsgF0bK/kT/ kbIE9Lh5ctFSwGKCGoj5gCiF/Vz+i/loek1BvYMT33shGnxQJmLDA2OObwD/r7B2 IIdhLj/sVIy6hYRzZ1Cl5bbG7rIcB1cEgdy4f4EHOT0oMomWJ5QJvG25xx1/+bN6 +qcpNnAuYnHaatR6DV8zEklX0xgF5d3wjbmAqFtS5PragpF2P1CcQqp/r8eeE5OL m1Re81tdKBAsLpf80XkIsWI+G05abQ1UOQ7C/vngaDTNS7OWUe5ceWKwE1Jkf8ij xqmSRgpArwafptjn6VpaaEbsJ2hLuUCRlwV4h1GD2nWx2zARC0nctKj7eUJGKBxw pCWvK4a3TlwV3Bk7emRFfMsXi9cAMT66pOIYEutAvbNfe1AlIZcqbqKwWyOWl1Kz /TheB2KxBE9/VyWHqS+BTEPPBUfsC/hq6m9QbDWAnaSRvaIL1C2itRo2yxuaeWwG 45iN0I80mHI= =bNsA -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Wed May 01 12:54:39 2024 Received: (at 70663) by debbugs.gnu.org; 1 May 2024 16:54:39 +0000 Received: from localhost ([127.0.0.1]:38379 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s2DE7-00043v-6T for submit@debbugs.gnu.org; Wed, 01 May 2024 12:54:39 -0400 Received: from mail-qk1-x72f.google.com ([2607:f8b0:4864:20::72f]:49575) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s2DE5-00043j-Ej for 70663@debbugs.gnu.org; Wed, 01 May 2024 12:54:38 -0400 Received: by mail-qk1-x72f.google.com with SMTP id af79cd13be357-790fb9d1b55so257921685a.3 for <70663@debbugs.gnu.org>; Wed, 01 May 2024 09:54:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1714582450; x=1715187250; darn=debbugs.gnu.org; h=mime-version:user-agent:message-id:date:references:in-reply-to :subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to; bh=FkAJ1DgQbraORNZAmo/VzLidIFeInYkY8xC/RRNO9lE=; b=bu2v+EWupfKENqkAb6TGfwTkQUHppFJksWrZS50XDbGoWb+vJZTAPhpy/+2YJv/XPL unS5adUde9TwfzDJwawOoKRtVNaQ9WOmQ9Otp9UhVSzlPlEGel9qxLadRVFztfpTu1xT ZbhKcR7GigIWxUjTzrTGBoYt37eLqLy9T98Xy+qpYC38WCW628GddvKMvWXeb078HTKH oRSqrQ3h6nFqvXRUAydRO+tBWkDCEiVlROvOdsYV/zyKEBtw0VGXGnBwYvFBPLWKdYVQ R3BD6hMsZWWGbSt21coqa9Vdpip8jrXj0BAU5r+C0LRJ2Nn8FRnzyATyAL0sXfTnP5hC n1hQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714582450; x=1715187250; h=mime-version:user-agent:message-id:date:references:in-reply-to :subject:cc:to:from:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=FkAJ1DgQbraORNZAmo/VzLidIFeInYkY8xC/RRNO9lE=; b=k0OeuviOMlrllggGi3nD4R6j/WevSqAhybz9sVS3OjgGOGYbcJ47XEnYLNxUDYhCJ0 XPTfeNff0gxdaK5GDFJPAoNdA9hj2Ezzw1DZ+5VEBi7wtx4F99DNHwWgmsBtb4dHlela kOy2TKFFDbSuQUXWloJROcZ/xS3IlJWLg7bHWz36lVW2AF91rvDQS0vmBfR2GpXSU7xm IgJcGPuYGMU5ttU5H9XBSUzoU4zKPioApXCsonnMkj2MqneF5goEOgbLVMmeNCdoT2He 4d4jWR5DBzDWcaGEYBvvAAuRsAUUS+KVWwzahLhKuJyYJirPP9Kh2byx67xe3bTYM2gt 5ZfA== X-Gm-Message-State: AOJu0Yyej+Cmi9vGrnQ63Rvr/HicGrYM2y4GxeStlpLOVQmr74IRZ/cJ 7g/wmS0wfAh4C7TjJvRie+WingAMX43eikUp2OmpcK/VC+kaBpPuFUdLhQ== X-Google-Smtp-Source: AGHT+IGmrsIvyYp6/i3Ji2Pq4qTdtV5S3TcSKud0KS6n0sFstDlL0r1Z51jFgLk61AjdXf2CyNxN0w== X-Received: by 2002:a05:6214:2aa8:b0:6a0:9360:c507 with SMTP id js8-20020a0562142aa800b006a09360c507mr2998283qvb.11.1714582449889; Wed, 01 May 2024 09:54:09 -0700 (PDT) Received: from hurd (dsl-158-62.b2b2c.ca. [66.158.158.62]) by smtp.gmail.com with ESMTPSA id k4-20020a056214024400b006a0d057073bsm2881639qvt.58.2024.05.01.09.54.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 01 May 2024 09:54:09 -0700 (PDT) From: Maxim Cournoyer To: Christopher Baines Subject: Re: bug#70663: nss@3.99 is really hard to build In-Reply-To: <87plu7xla9.fsf@cbaines.net> (Christopher Baines's message of "Tue, 30 Apr 2024 10:16:46 +0100") References: <87plu7xla9.fsf@cbaines.net> Date: Wed, 01 May 2024 12:54:08 -0400 Message-ID: <87sez179sf.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 70663 Cc: 70663@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi Chris, Christopher Baines writes: > nss@3.99 is really hard to build, it's so hard and so important that > data.guix.gnu.org is still after two days trying to process [1]. I say > so important because you have to build nss@3.99 to compute the channel > instance derivations for Guix. I agree that the nss test suite takes a ridiculous amount of time to run (multiple hours on a fast machine IIRC). Are we missing a '--fast' test flag or something to make it run in a more reasonable amount of time? -- Thanks, Maxim From debbugs-submit-bounces@debbugs.gnu.org Wed May 01 13:15:15 2024 Received: (at 70663) by debbugs.gnu.org; 1 May 2024 17:15:15 +0000 Received: from localhost ([127.0.0.1]:38466 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s2DY2-0004LG-Vw for submit@debbugs.gnu.org; Wed, 01 May 2024 13:15:15 -0400 Received: from mira.cbaines.net ([212.71.252.8]:43416) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s2DY1-0004LA-JI for 70663@debbugs.gnu.org; Wed, 01 May 2024 13:15:14 -0400 Received: from localhost (unknown [212.132.255.10]) by mira.cbaines.net (Postfix) with ESMTPSA id 843BB27BBE2; Wed, 1 May 2024 18:14:51 +0100 (BST) Received: from felis (localhost.lan [127.0.0.1]) by localhost (OpenSMTPD) with ESMTP id f03b8fec; Wed, 1 May 2024 17:14:51 +0000 (UTC) From: Christopher Baines To: Maxim Cournoyer Subject: Re: bug#70663: nss@3.99 is really hard to build In-Reply-To: <87sez179sf.fsf@gmail.com> (Maxim Cournoyer's message of "Wed, 01 May 2024 12:54:08 -0400") References: <87plu7xla9.fsf@cbaines.net> <87sez179sf.fsf@gmail.com> User-Agent: mu4e 1.12.2; emacs 29.3 Date: Wed, 01 May 2024 18:14:48 +0100 Message-ID: <87edalv4hj.fsf@cbaines.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 70663 Cc: 70663@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain Maxim Cournoyer writes: > Hi Chris, > > Christopher Baines writes: > >> nss@3.99 is really hard to build, it's so hard and so important that >> data.guix.gnu.org is still after two days trying to process [1]. I say >> so important because you have to build nss@3.99 to compute the channel >> instance derivations for Guix. > > I agree that the nss test suite takes a ridiculous amount of time to run > (multiple hours on a fast machine IIRC). Are we missing a '--fast' test > flag or something to make it run in a more reasonable amount of time? I did read some of the all.sh script used for the tests and there is some environment variables you can set here: https://github.com/nss-dev/nss/blob/master/tests/all.sh#L70-L82 It seems like there are 4 "cycles", maybe we could just run the standard cycle or at least check how long they each take. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQKlBAEBCgCPFiEEPonu50WOcg2XVOCyXiijOwuE9XcFAmYyeIhfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcRHG1haWxAY2Jh aW5lcy5uZXQACgkQXiijOwuE9Xey0w//VCqizlY958Dn2sJklAgROJqNOFPSmGEx 5FTD4Eq0Ak1H25XeIsBiYCXOnE7hC7y3OmcEg0+KRsdR4fQ1PBClmzCxCQv5uJmw PpyZfpNubLcxZIfvyYRiX4mb7S1PXrYs8XToS2pLeayXL/mtLq++qejLBYtx3gAC yfc3szc6SNe67/+dvjY0hBs1kbR629thdXntpD/Lr1iNlCsXDvawsU112ZOaKOSn C9NYudEu/hno4NrNLOpBj5FfyKxgGlK2ZydpvShS2CdNDpg2Uvx8v52BaIO6bEMm H+HDO2JWgVgN5V51mKBTgxEhTCwmP2JrzHrR5N9hzuywRLWqW1O37zYvgauCE/2k fXX3EM7KqlijeUJ94vhuj2eRy/u3Cay78Kzlx2EX+O87ETwgY8smeeAaL3LBsLW2 l3B6Lq9x0AUQoJSqSMQiAwCeP1Kk+kYyOo7KbzeqZnUVuE4oRXquAbtx7sIxLRve geA70W+ECVLF7whgWl6VwcsokEirAByjAeyHwptwYEXtBi7rv2/cVb9qT4NhF/U/ otQzXMCvhori0mppr/EKJTMu5cwj/iO/hxMgO/NCmDQTO+2HhKqFoNbaAlEbwGvF Q4LHRbg3knBoVwSw72q/fx/8ohq2Qb2CgpI4D+ifZAKnpxTmfWF/qyWWWxqKWWOt UNuucBBxEsI= =dROs -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Thu May 02 16:39:15 2024 Received: (at 70663) by debbugs.gnu.org; 2 May 2024 20:39:15 +0000 Received: from localhost ([127.0.0.1]:45813 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s2dD0-0007Gw-Jt for submit@debbugs.gnu.org; Thu, 02 May 2024 16:39:14 -0400 Received: from vmi993448.contaboserver.net ([194.163.141.236]:55076 helo=mutix.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s2dCw-0007Go-90 for 70663@debbugs.gnu.org; Thu, 02 May 2024 16:39:13 -0400 Received: from [192.168.1.172] (host81-152-149-149.range81-152.btcentralplus.com [81.152.149.149]) (Authenticated sender: cdo) by mutix.org (Postfix) with ESMTPSA id 58A20A605A8; Thu, 2 May 2024 22:38:46 +0200 (CEST) Message-ID: Date: Thu, 2 May 2024 21:38:45 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.15.0 Subject: Re: bug#70663: nss@3.99 is really hard to build Content-Language: en-US To: Christopher Baines , Maxim Cournoyer References: <87plu7xla9.fsf@cbaines.net> <87sez179sf.fsf@gmail.com> <87edalv4hj.fsf@cbaines.net> From: Christina O'Donnell In-Reply-To: <87edalv4hj.fsf@cbaines.net> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Score: -4.3 (----) X-Debbugs-Envelope-To: 70663 Cc: 70663@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.3 (-----) Hi, On 01/05/2024 18:14, Christopher Baines wrote: > Maxim Cournoyer writes: > >> Hi Chris, >> >> Christopher Baines writes: >> >>> nss@3.99 is really hard to build, it's so hard and so important that >>> data.guix.gnu.org is still after two days trying to process [1]. I say >>> so important because you have to build nss@3.99 to compute the channel >>> instance derivations for Guix. >> I agree that the nss test suite takes a ridiculous amount of time to run >> (multiple hours on a fast machine IIRC). Are we missing a '--fast' test >> flag or something to make it run in a more reasonable amount of time? > I did read some of the all.sh script used for the tests and there is > some environment variables you can set here: > > https://github.com/nss-dev/nss/blob/master/tests/all.sh#L70-L82 > > It seems like there are 4 "cycles", maybe we could just run the standard > cycle or at least check how long they each take. On my machine building natively on x86_64 I was getting approximately 63 mins for a full test and 20 mins for just the 'standard' 'cycle'. My vote would be to just run 'standard' since that runs all of the tests once. I can profile individual tests if needed to see if there's any that are particularly worth culling, but just the above change is an easy win without sacrificing too much test coverage. Kind regards, Christina From debbugs-submit-bounces@debbugs.gnu.org Sun May 05 06:01:51 2024 Received: (at control) by debbugs.gnu.org; 5 May 2024 10:01:51 +0000 Received: from localhost ([127.0.0.1]:58866 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s3Ygp-0006ET-H2 for submit@debbugs.gnu.org; Sun, 05 May 2024 06:01:51 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:33762) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s3Ygo-0006EL-9p for control@debbugs.gnu.org; Sun, 05 May 2024 06:01:50 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1s3YgC-00056p-W5 for control@debbugs.gnu.org; Sun, 05 May 2024 06:01:20 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-version:Subject:From:To:Date:in-reply-to: references; bh=aXGHaI0cV4kb40ZsU71GbPB4Um2jbtGXXz4SRlNHbAM=; b=StppbMNrLB/SRJ vKrTCD/h4HSyTroNYsrFCYNMS+yUqW7xkybbD6N0BcTiOT3sCtQVuZv4wyVpN75k9QH/NK5DXjFNB DhTO8nhvR6qMkT8wwI/exPTNch+/uHHYVLmxoUXAzLF5cXLRNhWa4OogvaAoYguVxkBKhXEjB2gB+ Bq3uKG1plcpMQ/MCcm+Cnq13Rmw5K+mdF+pjxrX6erxA7aAMMlItHbHwk/ru6pBCzIy7nnQSrHbZ1 f5RypyVB9MosN9xCteOZKPSNyfB+xnKa5UJ6eTorNDrM8bG1TM5fFwGultJCM5Sc9pG5ox94KF6iT +4DPAJhdlFVxjpjt9dew==; Date: Sun, 05 May 2024 12:01:09 +0200 Message-Id: <877cg8shlm.fsf@gnu.org> To: control@debbugs.gnu.org From: =?utf-8?Q?Ludovic_Court=C3=A8s?= Subject: control message for bug #70663 MIME-version: 1.0 Content-type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) merge 70663 70771 quit From debbugs-submit-bounces@debbugs.gnu.org Thu May 09 13:02:08 2024 Received: (at 70663) by debbugs.gnu.org; 9 May 2024 17:02:08 +0000 Received: from localhost ([127.0.0.1]:56313 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s579k-0008Me-6Z for submit@debbugs.gnu.org; Thu, 09 May 2024 13:02:08 -0400 Received: from mx2.dismail.de ([159.69.191.136]:20671) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s579e-0008MG-FS for 70663@debbugs.gnu.org; Thu, 09 May 2024 13:02:06 -0400 Received: from mx2.dismail.de (localhost [127.0.0.1]) by mx2.dismail.de (OpenSMTPD) with ESMTP id d8babcac; Thu, 9 May 2024 19:01:29 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=dismail.de; h=from:to:cc :subject:in-reply-to:references:date:message-id:mime-version :content-type; s=20190914; bh=wDKJLkJQihfqA/gCNuCnurP/U30aK5ve2v eazWfha9w=; b=JdROxPLZlY2YBKtp3OWgF0Qf6jCtcvuCfJ2Ge9xWogeFVoCCai K2CBuU8F3hIUF9O8WV+j5/MLIMHR1B9fZHEOlpuTl1Thh1eXm15aFcFiJzlt3xqt 37JzHXSR4h5iHfqONeaOiG/4EDqjSu1OMkMWpFqpxMkQr+8UHWs9BFh8arayEmI7 /P4yK63bWJJZpHHusznnZWCdCO/YSZE50nP50HnHAyChtM3yRPqluMOOy7Q7wAHw lo3zpz0NYpNqmYFjZoCTl+wy4M2Oongiaqh37qIm3sRfG8FFCnWoCfaEmMcfBixw IIhA5od2lA+gpILjCxMxuiIo2LzuYNZ28cKw== Received: from smtp1.dismail.de ( [10.240.26.11]) by mx2.dismail.de (OpenSMTPD) with ESMTP id 22de6e24; Thu, 9 May 2024 19:01:29 +0200 (CEST) Received: from smtp1.dismail.de (localhost [127.0.0.1]) by smtp1.dismail.de (OpenSMTPD) with ESMTP id 386b7dba; Thu, 9 May 2024 19:01:28 +0200 (CEST) Received: by dismail.de (OpenSMTPD) with ESMTPSA id 5d30d68d (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Thu, 9 May 2024 19:01:28 +0200 (CEST) From: Joshua Branson To: Christina O'Donnell Subject: Re: bug#70663: nss@3.99 is really hard to build In-Reply-To: (Christina O'Donnell's message of "Thu, 2 May 2024 21:38:45 +0100") References: <87plu7xla9.fsf@cbaines.net> <87sez179sf.fsf@gmail.com> <87edalv4hj.fsf@cbaines.net> Date: Thu, 09 May 2024 13:01:18 -0400 Message-ID: <87seyqzzq9.fsf@dismail.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 70663 Cc: 70663@debbugs.gnu.org, Christopher Baines , Maxim Cournoyer X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Perhaps we could disable the test suite for power9 ? At the moment guix pull fails on power9...I believe due to this bug. Just a thought. Joshua From debbugs-submit-bounces@debbugs.gnu.org Tue May 14 05:05:42 2024 Received: (at 70663) by debbugs.gnu.org; 14 May 2024 09:05:42 +0000 Received: from localhost ([127.0.0.1]:38068 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s6o6P-0004v3-FS for submit@debbugs.gnu.org; Tue, 14 May 2024 05:05:41 -0400 Received: from mira.cbaines.net ([212.71.252.8]:43508) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s6o6L-0004ux-Cd for 70663@debbugs.gnu.org; Tue, 14 May 2024 05:05:40 -0400 Received: from localhost (unknown [45.67.83.168]) by mira.cbaines.net (Postfix) with ESMTPSA id 983ED27BBE2; Tue, 14 May 2024 10:05:34 +0100 (BST) Received: from felis (localhost [127.0.0.1]) by localhost (OpenSMTPD) with ESMTP id 1c7af51f; Tue, 14 May 2024 09:05:30 +0000 (UTC) From: Christopher Baines To: 70663@debbugs.gnu.org, Maxim Cournoyer , Ian Eure Subject: Re: nss@3.99 is really hard to build In-Reply-To: <87plu7xla9.fsf@cbaines.net> (Christopher Baines's message of "Tue, 30 Apr 2024 10:16:46 +0100") References: <87plu7xla9.fsf@cbaines.net> User-Agent: mu4e 1.12.2; emacs 29.3 Date: Tue, 14 May 2024 10:05:28 +0100 Message-ID: <87o798zrtz.fsf@cbaines.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 70663 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Christopher Baines writes: > nss@3.99 is really hard to build, it's so hard and so important that > data.guix.gnu.org is still after two days trying to process [1]. I say > so important because you have to build nss@3.99 to compute the channel > instance derivations for Guix. > > 1: https://data.guix.gnu.org/revision/72308f262c910977e40c2c9f350dc563c0a= 8437a > > Looking at the next revision which has been processed [2], it's been > built on riscv64-linux as the testsuite is disabled, and it has also > built on aarch64-linux, but there's no successful build for any other > architecture. > > 2: https://data.guix.gnu.org/revision/9f183c3627a006e8fd3bb9708448bc05a62= 04e6d/package/nss/3.99.0?locale=3Den_US.UTF-8 > > I think there's two issues here, was this spotted before merging, and > what if anything can be done about this now. Where there's not a > substitute available for nss@3.99, this will affect guix pull/guix > time-machine, e.g. > > =E2=86=92 guix time-machine --commit=3D72308f262c910977e40c2c9f350dc563= c0a8437a -- describe > Updating channel 'guix' from Git repository at 'https://git.savannah.gn= u.org/git/guix.git'... > substitute: updating substitutes from 'https://bordeaux.guix.gnu.org'..= . 100.0% > substitute: updating substitutes from 'https://bordeaux.guix.gnu.org'..= . 100.0% > substitute: updating substitutes from 'https://bordeaux.guix.gnu.org'..= . 100.0% > nss-3.99.tar.xz 55.2MiB = 13.7MiB/s 00:04 =E2=96=95=E2= =96=88=E2=96=88=E2=96=88=E2=96=88=E2=96=88=E2=96=88=E2=96=88=E2=96=88=E2=96= =88=E2=96=88=E2=96=88=E2=96=88=E2=96=88=E2=96=88=E2=96=88=E2=96=88=E2=96=88= =E2=96=88=E2=96=8F 100.0% > building /gnu/store/8379qa0y6s7ssjr8gplm5fyw9r5pnxhn-nss-3.99.0.drv... So with the changes in #70693 merged, this issue should be fixed going forward, but the revisions with the broken nss are going to be affected forever and thus the impact is going to drag on for a while. For example, data.guix.gnu.org is going to be struggling to process the revisions with the broken nss for a long while to come. Before closing this bug, it would be good to understand more about how this happened and from that try to think if anything can be done to prevent similar issues in the future? At least from what I can see on the issues, the problem was introduced with the update to 3.98.0 [3] and then continued with the update to 3.99 [4]. Given the changes in 70662 were sent to guix-patches and then merged less than 24 hours later, I'd imagine that wasn't sufficient time for data.qa.guix.gnu.org to fail attempting to build nss. 3: https://issues.guix.gnu.org/70662 4: https://issues.guix.gnu.org/70618 Had the changes waited for longer, then these failures should have been spotted by QA, I would guess that the revision might have failed to be processed, and if it was processed successfully, the nss failures should have shown up, so maybe we should start requiring [5] that not only are changes sent to guix-patches@gnu.org, but that QA processes them (to some extent) before merging? 5: https://guix.gnu.org/manual/devel/en/html_node/Managing-Patches-and-Bran= ches.html# Thanks, Chris --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQKlBAEBCgCPFiEEPonu50WOcg2XVOCyXiijOwuE9XcFAmZDKVhfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcRHG1haWxAY2Jh aW5lcy5uZXQACgkQXiijOwuE9XdM2xAAoc9IN7usc1G2+xZroJRriFxA2AYojpk8 CxqyZ/lI8zg84jFgXNW0wJXtJp3KNgILEevvq1jXlsP8vlP/mkDq8l2s3e7VlPu3 9aXPRerflHrAJL75herxiav58VxuTe/dQ81sQGBxM6OdupoYDghNphZhDhzsc+Ny H2ATepx/tmUQ9lQQwni5wiZee/iw1w6MwE1hyS6s8KzrSLDc9Sg7PogRGLJ1cP+r 2/M4k7eWMJGT70p0QqXay0Tb5fNzLLuOulm0x6BKkm/vuGuzSALZ/RdIMjewa9H5 Edj2qGbGo4j+J+swTZtD0zFsDhb1J5MMIKx84Rm3gvGkQTvlzymXCDLfW/IN70QM TsSkrLaBNMICDAx8OJ1eSqe/Wy93ub8zd7WtEjkXA/E4W5vZ7SyZ784MvBUf3ir8 ZokT2T+VNdoacu1xZFkTxAzr3Opb4oufiPb6kyfDX6zTFWXKgSXEXIpD0mJH6Mzr TM9YeOjJo6/EoWHpBmls5C1FysHbkrgmUizSBn5vmxKrTvsEkhLeiMIvEZ6EMapZ oTSbZE4vDSn2d4/wFKQCuaZFQ2Hm9JTjEFoCsnRK4+RTscEjzRXAQ5Vwj5bh5VRX +Qvugfd4SXq9lbBA5QLO/9FCIUWZw4+t13w2YXxLxXCga3tRTgYN5ITDc4Kuicie +43o2g9iV8E= =OCea -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Tue May 14 06:20:10 2024 Received: (at 70663) by debbugs.gnu.org; 14 May 2024 10:20:10 +0000 Received: from localhost ([127.0.0.1]:38420 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s6pGT-0005kI-Mw for submit@debbugs.gnu.org; Tue, 14 May 2024 06:20:09 -0400 Received: from vmi993448.contaboserver.net ([194.163.141.236]:47142 helo=mutix.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s6pGK-0005jf-LK; Tue, 14 May 2024 06:20:04 -0400 Received: from [192.168.1.172] (unknown [217.46.106.239]) (Authenticated sender: cdo) by mutix.org (Postfix) with ESMTPSA id 0B327A63C0D; Tue, 14 May 2024 12:19:58 +0200 (CEST) Message-ID: <339167fe-c899-1303-166f-8040b49f0f59@mutix.org> Date: Tue, 14 May 2024 11:19:57 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.15.0 Subject: Re: Scheduling a new release? Content-Language: en-US To: Christopher Baines , Simon Tournier References: <878r0nqjmu.fsf@gmail.com> <87jzk4fofj.fsf@cbaines.net> From: Christina O'Donnell In-Reply-To: <87jzk4fofj.fsf@cbaines.net> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Score: -3.4 (---) X-Debbugs-Envelope-To: 70663 Cc: Guix Devel , 70662@debbugs.gnu.org, 70663@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -4.4 (----) Hi, On 08/05/2024 14:01, Christopher Baines wrote: > I think it would be nice to have a new release, and indeed release more > often, I think the way to get there is for less things to be broken > between releases, such that releasing takes less effort in terms of > testing and fixing things. > > To give some specific issues, I've run up against the recent issues with > nss [1][2] and I don't think we could release with the nss package as is > currently. > > 1: https://issues.guix.gnu.org/70662 > 2: https://issues.guix.gnu.org/70663 I can fix these by disabling tests, but I would prefer if someone with more experience packaging for guix could make a decision on it. Otherwise, I don't have any problem reducing the number of tests and disabling all tests on PowerPC at least. I could also do some analysis if it was deemed necessary, inserting a patch to measure the timings of each test/cycle. Additionally, I could try packaging some of the versions between 0.88 and 0.98 to identify the exact change that could be to blame. However, both of these seem overkill, given the backlog of patches/issues we have left to get through, and the manpower we currently have to work with. Would any of that be helpful? > ... Kind regards, Christina From debbugs-submit-bounces@debbugs.gnu.org Tue May 14 06:36:37 2024 Received: (at 70663) by debbugs.gnu.org; 14 May 2024 10:36:37 +0000 Received: from localhost ([127.0.0.1]:38506 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s6pWP-0005wd-Fw for submit@debbugs.gnu.org; Tue, 14 May 2024 06:36:37 -0400 Received: from relay.yourmailgateway.de ([194.59.206.189]:60455) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s6pWI-0005wJ-Bx for 70663@debbugs.gnu.org; Tue, 14 May 2024 06:36:35 -0400 Received: from relay02-mors.netcup.net (localhost [127.0.0.1]) by relay02-mors.netcup.net (Postfix) with ESMTPS id 4Vdt7Z5l43z45QM; Tue, 14 May 2024 12:36:26 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=pelzflorian.de; s=key2; t=1715682986; bh=HauXyJUUTHKyV/PICQYYrTsdGnL4lmks85y3+Vgjbq0=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=j7iAKnBakUZJSfokZaDaHLCxNDK+BkktKPpquRdaAIyTknLE7+ciEm8gW59dTxXLU az87JtSrD/EH5TGO1mQROBWmbbC6Det7ou1kEAOzcCQuBtr9j15BIuyj6h/PTCJNQx IQCeeCSEKSzxQK7xdiD+JIV3dq8VoniSIyTpOJe9dgeg8L1yuFI3p6U7tNnJzqr1Mu Qz7/JnuZw92pT0KIalOWB2+HZcE0J5Vi6T0mO9zeSoh7XHj9n8ctE3jZPNE6L7Ry1E lHmddJNpPCZiWkD9sd2qxENyH2NBXzJ61o3Yyg7Dk1NayV/txoWgfJTW98jQZnoP0S /TZvIM0aLCpCQ== Received: from policy02-mors.netcup.net (unknown [46.38.225.35]) by relay02-mors.netcup.net (Postfix) with ESMTPS id 4Vdt7Z5MWMz7wy4; Tue, 14 May 2024 12:36:26 +0200 (CEST) Received: from mxe217.netcup.net (unknown [10.243.12.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by policy02-mors.netcup.net (Postfix) with ESMTPS id 4Vdt7Z20Hkz8sbC; Tue, 14 May 2024 12:36:26 +0200 (CEST) Received: from florianrock64 (ipb2186896.dynamic.kabel-deutschland.de [178.24.104.150]) by mxe217.netcup.net (Postfix) with ESMTPSA id EAC2C83D60; Tue, 14 May 2024 12:36:18 +0200 (CEST) From: "pelzflorian (Florian Pelz)" To: Christopher Baines Subject: Re: bug#70663: nss@3.99 is really hard to build In-Reply-To: <87o798zrtz.fsf@cbaines.net> (Christopher Baines's message of "Tue, 14 May 2024 10:05:28 +0100") References: <87plu7xla9.fsf@cbaines.net> <87o798zrtz.fsf@cbaines.net> Date: Tue, 14 May 2024 12:36:18 +0200 Message-ID: <87eda4vfx9.fsf@pelzflorian.de> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain X-Rspamd-Queue-Id: EAC2C83D60 X-Rspamd-Server: rspamd-worker-8404 X-NC-CID: fkfcFg0HL0LC4S8jArCQA/M+kVD/otzXKpSgDkPPwtOYIyhKle5WZaN/ X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 70663 Cc: 70663@debbugs.gnu.org, Maxim Cournoyer , Ian Eure X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hello Christopher. Christopher Baines writes: > Had the changes waited for longer, then these failures should have been > spotted by QA, I would guess that the revision might have failed to be > processed, and if it was processed successfully, the nss failures should > have shown up, so maybe we should start requiring [5] that not only are > changes sent to guix-patches@gnu.org, but that QA processes them (to > some extent) before merging? > > 5: https://guix.gnu.org/manual/devel/en/html_node/Managing-Patches-and-Branches.html# Yes, though note that the nss change did provide security fixes: commit e584ff08b162c46ef587daca438e97d56bc20b32 Author: Maxim Cournoyer Date: Wed Apr 24 11:22:30 2024 -0400 gnu: nss: Graft with version 3.98 [security fixes]. This fixes CVE-2023-5388, CVE-2023-6135 and CVE-2024-0743. * gnu/packages/nss.scm (nss) [replacement]: New field. (nss-3.98): Rename variable to... (nss/fixed): ... this. Make it a hidden package. * gnu/packages/librewolf.scm (librewolf) [inputs]: Replace nss-3.98 with nss/fixed. Change-Id: I8cc667c53a270dfe00738bf731923f1342036624 I suppose the requirement to wait for QA should apply to security fixes as well? Thank you for all your work. Regards, Florian From debbugs-submit-bounces@debbugs.gnu.org Tue May 14 09:00:05 2024 Received: (at 70663) by debbugs.gnu.org; 14 May 2024 13:00:05 +0000 Received: from localhost ([127.0.0.1]:39224 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s6rlE-0004ht-EQ for submit@debbugs.gnu.org; Tue, 14 May 2024 09:00:05 -0400 Received: from mail-yw1-f181.google.com ([209.85.128.181]:54520) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s6rlB-0004gp-Dq for 70663@debbugs.gnu.org; Tue, 14 May 2024 09:00:02 -0400 Received: by mail-yw1-f181.google.com with SMTP id 00721157ae682-61af74a010aso52458667b3.0 for <70663@debbugs.gnu.org>; Tue, 14 May 2024 06:00:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1715691535; x=1716296335; darn=debbugs.gnu.org; h=content-transfer-encoding:mime-version:user-agent:message-id:date :references:in-reply-to:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=bEBv/AGzmi7GXgqX1IUkIwI7bba1a/OcIB7Pbm1ymto=; b=Wi3LcXAWiN6rVfJqfT4meT5VH0NMYbLSOEbLtjw6yAs/uPUjyNC41xx+JA1WvpCQkJ KaqkBaBkm8JkyHeq9LdaJ9EKI79nMf/1SbrVZiPeJhA7758yjZIyDA8bbPGOX/Cpwvjl 8+4QACWins7pqJ6P+Axp3ocw6/sIV2kM4CEykKJnIGQRqk0N/mYeL9naoeKssfIHWyq1 V3ERn/nL5GkZ3BVRDl6Od/E1Ob9jeEag01AbVnxJ6i8vx2qsvwZ6gNNm3CY23jpIFOUY jhBzWbkNCPOE/1ww4/kGa6/74jUAEOod/I7Y+T/K4b4jd2f9jg73SVE8Wzqiy5esq1Ov ggzA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715691535; x=1716296335; h=content-transfer-encoding:mime-version:user-agent:message-id:date :references:in-reply-to:subject:cc:to:from:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=bEBv/AGzmi7GXgqX1IUkIwI7bba1a/OcIB7Pbm1ymto=; b=X6n2tD3WK1z4wdArzUQRl8zaZ7B84u7h06W2L5/c4GdYGnOA0oDrs7fz+uuTeQ0okY zpQiLkHH+jl+F79myzJiQxFk7P9SJYE35ojTkhy7r1koSGhBtMLLdOn/7Fpno3zJ5tFr SZJ8xPupM+vkujLx1TAyJ77wS8sYlKdeP9yhkvCBRn5/Y06NyMkmtIdfhMsego0MijT1 kh1uIlkwwL7A4VSOESnQem5EXSCJwxx55uXLIUhHDMbtkusLqr+F/yHOoR+utgZkAVP0 vlzCbwj7Hdy9bLAJMukfhRLYog2D1lq6Yvp+Q8g/llGXuvJK8614ahwVtNII3mK1Rl3C dqsg== X-Gm-Message-State: AOJu0YwJjAmqTAYXhvJl5nGsLeNBSAI4leSG+QcGDCraWPhrv+Qqhd2t YkB30qizpgt4tP/7kQrkxplsfaPWX1IZjru0omD10qQrj5uTGxuC891DrQ== X-Google-Smtp-Source: AGHT+IGjZVzVaHiOmLJ9w5Em0D27VH2CFUqAvBMxr/IhYpyaJg+wm7QS2l5+efnvUPlYdZ5nkOEEMg== X-Received: by 2002:a81:4327:0:b0:61a:d846:9858 with SMTP id 00721157ae682-622affa8a04mr118716527b3.20.1715691534533; Tue, 14 May 2024 05:58:54 -0700 (PDT) Received: from hurd (dsl-10-128-5.b2b2c.ca. [72.10.128.5]) by smtp.gmail.com with ESMTPSA id d75a77b69052e-43df54d6e47sm68088791cf.28.2024.05.14.05.58.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 May 2024 05:58:53 -0700 (PDT) From: Maxim Cournoyer To: Christopher Baines Subject: Re: nss@3.99 is really hard to build In-Reply-To: <87o798zrtz.fsf@cbaines.net> (Christopher Baines's message of "Tue, 14 May 2024 10:05:28 +0100") References: <87plu7xla9.fsf@cbaines.net> <87o798zrtz.fsf@cbaines.net> Date: Tue, 14 May 2024 08:58:52 -0400 Message-ID: <87le4czh0z.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 70663 Cc: 70663@debbugs.gnu.org, Ian Eure X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi, Christopher Baines writes: [...] >> I think there's two issues here, was this spotted before merging, and >> what if anything can be done about this now. Where there's not a >> substitute available for nss@3.99, this will affect guix pull/guix >> time-machine, e.g. >> >> =E2=86=92 guix time-machine --commit=3D72308f262c910977e40c2c9f350dc56= 3c0a8437a -- describe >> Updating channel 'guix' from Git repository at 'https://git.savannah.g= nu.org/git/guix.git'... >> substitute: updating substitutes from 'https://bordeaux.guix.gnu.org'.= .. 100.0% >> substitute: updating substitutes from 'https://bordeaux.guix.gnu.org'.= .. 100.0% >> substitute: updating substitutes from 'https://bordeaux.guix.gnu.org'.= .. 100.0% >> nss-3.99.tar.xz 55.2MiB = 13.7MiB/s 00:04 =E2=96=95= =E2=96=88=E2=96=88=E2=96=88=E2=96=88=E2=96=88=E2=96=88=E2=96=88=E2=96=88=E2= =96=88=E2=96=88=E2=96=88=E2=96=88=E2=96=88=E2=96=88=E2=96=88=E2=96=88=E2=96= =88=E2=96=88=E2=96=8F 100.0% >> building /gnu/store/8379qa0y6s7ssjr8gplm5fyw9r5pnxhn-nss-3.99.0.drv... > > So with the changes in #70693 merged, this issue should be fixed going > forward, but the revisions with the broken nss are going to be affected > forever and thus the impact is going to drag on for a while. For > example, data.guix.gnu.org is going to be struggling to process the > revisions with the broken nss for a long while to come. > > Before closing this bug, it would be good to understand more about how > this happened and from that try to think if anything can be done to > prevent similar issues in the future? > > At least from what I can see on the issues, the problem was introduced > with the update to 3.98.0 [3] and then continued with the update to 3.99 > [4]. Given the changes in 70662 were sent to guix-patches and then > merged less than 24 hours later, I'd imagine that wasn't sufficient time > for data.qa.guix.gnu.org to fail attempting to build nss. I think in [3] you meant https://issues.guix.gnu.org/70569, not #70662. Since this was security sensitive, I built it on x86_64, tested it there to ensure that IceCat worked as expected, had others confirmed it worked for them on #guix then pushed. In the past, I've had more patience waiting for QA to build things, but since this is not guaranteed (it sometimes never happened), it seems reasonable to me to promptly push security fixes that were manually built & tested and adjust for any breakage later, if there is any. > 3: https://issues.guix.gnu.org/70662 > 4: https://issues.guix.gnu.org/70618 > > Had the changes waited for longer, then these failures should have been > spotted by QA, I would guess that the revision might have failed to be > processed, and if it was processed successfully, the nss failures should > have shown up, so maybe we should start requiring [5] that not only are > changes sent to guix-patches@gnu.org, but that QA processes them (to > some extent) before merging? I have some apprehensions about that; given the QA build farm is somewhat under-resourced for builds, I fear security changes could be gated for longer periods of time than is reasonable to wait. If we go that route, I think we should dedicate more hardware first. --=20 Thanks, Maxim From debbugs-submit-bounces@debbugs.gnu.org Tue May 14 09:34:31 2024 Received: (at 70663) by debbugs.gnu.org; 14 May 2024 13:34:32 +0000 Received: from localhost ([127.0.0.1]:39381 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s6sIZ-0005FZ-GL for submit@debbugs.gnu.org; Tue, 14 May 2024 09:34:31 -0400 Received: from mira.cbaines.net ([212.71.252.8]:43510) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s6sIW-0005FS-3l for 70663@debbugs.gnu.org; Tue, 14 May 2024 09:34:30 -0400 Received: from localhost (unknown [45.67.83.168]) by mira.cbaines.net (Postfix) with ESMTPSA id 4D96927BBE2; Tue, 14 May 2024 14:33:55 +0100 (BST) Received: from felis (localhost [127.0.0.1]) by localhost (OpenSMTPD) with ESMTP id b8f713c5; Tue, 14 May 2024 13:33:53 +0000 (UTC) From: Christopher Baines To: Maxim Cournoyer Subject: Re: nss@3.99 is really hard to build In-Reply-To: <87le4czh0z.fsf@gmail.com> (Maxim Cournoyer's message of "Tue, 14 May 2024 08:58:52 -0400") References: <87plu7xla9.fsf@cbaines.net> <87o798zrtz.fsf@cbaines.net> <87le4czh0z.fsf@gmail.com> User-Agent: mu4e 1.12.2; emacs 29.3 Date: Tue, 14 May 2024 14:33:51 +0100 Message-ID: <87cypozfeo.fsf@cbaines.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 70663 Cc: 70663@debbugs.gnu.org, Ian Eure X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain Maxim Cournoyer writes: >> Before closing this bug, it would be good to understand more about how >> this happened and from that try to think if anything can be done to >> prevent similar issues in the future? >> >> At least from what I can see on the issues, the problem was introduced >> with the update to 3.98.0 [3] and then continued with the update to 3.99 >> [4]. Given the changes in 70662 were sent to guix-patches and then >> merged less than 24 hours later, I'd imagine that wasn't sufficient time >> for data.qa.guix.gnu.org to fail attempting to build nss. > > I think in [3] you meant https://issues.guix.gnu.org/70569, not #70662. Ah, yep. > Since this was security sensitive, I built it on x86_64, tested it there > to ensure that IceCat worked as expected, had others confirmed it worked > for them on #guix then pushed. > > In the past, I've had more patience waiting for QA to build things, but > since this is not guaranteed (it sometimes never happened), it seems > reasonable to me to promptly push security fixes that were manually > built & tested and adjust for any breakage later, if there is any. I think pushing security fixes quickly is good, but this does set a precedent on architecture support (only x86_64-linux matters). For some packages (including nss in this instance), not looking at non x86_64-linux support doesn't just affect users, the data service and ci.guix.gnu.org were particularly affected, so for some packages it's important to test across the "supported" systems just to ensure the projects own tooling doesn't break. >> 3: https://issues.guix.gnu.org/70662 >> 4: https://issues.guix.gnu.org/70618 >> >> Had the changes waited for longer, then these failures should have been >> spotted by QA, I would guess that the revision might have failed to be >> processed, and if it was processed successfully, the nss failures should >> have shown up, so maybe we should start requiring [5] that not only are >> changes sent to guix-patches@gnu.org, but that QA processes them (to >> some extent) before merging? > > I have some apprehensions about that; given the QA build farm is > somewhat under-resourced for builds, I fear security changes could be > gated for longer periods of time than is reasonable to wait. If we go > that route, I think we should dedicate more hardware first. I think that's reasonable, I have been putting time in to the hardware, but it's not been particularly easy going. The data service instances are also still stuck on hardware I'm renting as well. In terms of QA speed, there's the resources for data.qa.guix.gnu.org and there's the hardware available for the bordeaux build farm. There's also the potential to try and add more prioritisation. Currently the data service prioritises branch revisions over patches, and newer revisions more generally, but I guess it could prioritise security related things. I'm not sure how to make that happen yet though, QA can probably come up with the priorities, but I don't know how to convey that to the data service. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQKlBAEBCgCPFiEEPonu50WOcg2XVOCyXiijOwuE9XcFAmZDaD9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcRHG1haWxAY2Jh aW5lcy5uZXQACgkQXiijOwuE9XcTDA/+Pw/fN3P+zkMhqBtpLQssfpjGvQjp+ij3 cGbv2/n5uktDH4NQnqevPScAwt3zmPY34upkG5aIcgBpBDt9s7lYK67ZVAKsZFVZ oX5R7QbIwc/gH4rHFFtCFz7g0iGQlZrpBID7w0UtoJd8+MEoA64Jgs1PI26ZXdD2 wAHCEo7kehW/PBwvQeggjmhwJFexeeZj72qB4WQSYveQLmkMtsjkJtMiiC2xkwgS 0avBTsM7JXq9AnKTOhQfUiYwMPxC1xkij2GFCm/Bph9u02MJ6lsSwNQMapHjNeRK UzkZn1YpX6kWqdkEQ1KNIZhKPzBJpIemoE2jsjyfQlQA9QdK++hcWqx0JkEHJk1V d3rLHLvm9GiIDJOspFHvNuzRgr1yreoexL78hCogVhMNv83Vi5k9YrvJAC35tFZT AeLtrOFD4wtSC/zGtdbL1Ho7WyZfjzSqMog6EEkX0uYmfWm0t8UrVmWT6D1fktGi zi9YDGDffhLmX3OotuejFUym9RnVWXasAjW+LX5TxAd76GZVpKSTwhYbbnE/wrCu Re2ooKQj0MOY+FoKoX9z0lGS/LbnTGGfSamJsRfLJ3igz6W5zzOQ5HfIv4BuwINQ kYFLF+iMf3YTbnI0xJJJVm0mmFU3OvBBIclUlttPCSy/BQQHD7GKD0mJaxKt0lnx EDmhajU+qU4= =vAiA -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Tue May 14 09:37:42 2024 Received: (at 70663) by debbugs.gnu.org; 14 May 2024 13:37:42 +0000 Received: from localhost ([127.0.0.1]:39397 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s6sLe-0005HJ-5q for submit@debbugs.gnu.org; Tue, 14 May 2024 09:37:42 -0400 Received: from mira.cbaines.net ([212.71.252.8]:43512) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s6sLc-0005HD-0E for 70663@debbugs.gnu.org; Tue, 14 May 2024 09:37:40 -0400 Received: from localhost (unknown [45.67.83.168]) by mira.cbaines.net (Postfix) with ESMTPSA id 0C2E927BBE2; Tue, 14 May 2024 14:37:37 +0100 (BST) Received: from felis (localhost [127.0.0.1]) by localhost (OpenSMTPD) with ESMTP id cff97d30; Tue, 14 May 2024 13:37:36 +0000 (UTC) From: Christopher Baines To: "pelzflorian (Florian Pelz)" Subject: Re: bug#70663: nss@3.99 is really hard to build In-Reply-To: <87eda4vfx9.fsf@pelzflorian.de> (pelzflorian@pelzflorian.de's message of "Tue, 14 May 2024 12:36:18 +0200") References: <87plu7xla9.fsf@cbaines.net> <87o798zrtz.fsf@cbaines.net> <87eda4vfx9.fsf@pelzflorian.de> User-Agent: mu4e 1.12.2; emacs 29.3 Date: Tue, 14 May 2024 14:37:35 +0100 Message-ID: <877cfwzf8g.fsf@cbaines.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 70663 Cc: 70663@debbugs.gnu.org, Maxim Cournoyer , Ian Eure X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain "pelzflorian (Florian Pelz)" writes: > Hello Christopher. > > Christopher Baines writes: >> Had the changes waited for longer, then these failures should have been >> spotted by QA, I would guess that the revision might have failed to be >> processed, and if it was processed successfully, the nss failures should >> have shown up, so maybe we should start requiring [5] that not only are >> changes sent to guix-patches@gnu.org, but that QA processes them (to >> some extent) before merging? >> >> 5: https://guix.gnu.org/manual/devel/en/html_node/Managing-Patches-and-Branches.html# > > Yes, though note that the nss change did provide security fixes: > > commit e584ff08b162c46ef587daca438e97d56bc20b32 > Author: Maxim Cournoyer > Date: Wed Apr 24 11:22:30 2024 -0400 > > gnu: nss: Graft with version 3.98 [security fixes]. > > This fixes CVE-2023-5388, CVE-2023-6135 and CVE-2024-0743. > > * gnu/packages/nss.scm (nss) [replacement]: New field. > (nss-3.98): Rename variable to... > (nss/fixed): ... this. Make it a hidden package. > * gnu/packages/librewolf.scm (librewolf) [inputs]: Replace nss-3.98 with > nss/fixed. > > Change-Id: I8cc667c53a270dfe00738bf731923f1342036624 > > I suppose the requirement to wait for QA should apply to security fixes > as well? Well, there's a risk in not testing things across multiple machines/architectures at least. The value of getting a security fix merged quickly is reduced if users on some architectures/systems can't use it. There's always going to be trade offs, and that's fine, but the question is more what can be done to try and improve things for the future. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQKlBAEBCgCPFiEEPonu50WOcg2XVOCyXiijOwuE9XcFAmZDaR9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcRHG1haWxAY2Jh aW5lcy5uZXQACgkQXiijOwuE9Xdx9A/+Iy7qrK5xRz7Uh4//Oyyb4U3MwHQkAL84 0feFaH+RlZhkETWohhK65KN4B2iCEWs0UVRc5IR5FFCnygCDRiIZPU3miO45Xe7B +YCWUPYld26mwlwkH7QneWYSJ5Hb9peamqA9YWhtYZ7aoionZrlybYx0MV5Rpj/K 2lWA0S5Qn0TQKgfF63fN5CLl90DKtCjP/yIwnjE05Ca1SnLA/uJvSWzd8pKKv33Z q4ylaqIuYEQMCDh4X5ag0qr0DtFFn6UluEHMIFIt9NB6+GGzRC2aGdw1bxvLAlpB WXvimaRAD0tIY4FX7+TDOZBUHnrgizNL18SWfADQ9AZ2iLoHKHJNzqqytv8Bq/oA AEzzuSH9y95W88L6qWIYmqM31M1x7AK05m/M9pwHoar4dBp6D099hW+xiF+Hl7Ei UlNXd3TNLzTxZWyy1w0nUrd5QUrBimkrDAvZVehWAN6/uYzarAAF8TruyqTNa+Nd t7SXF/IbD5+qf74gVc7ArD0+arm4SeawPcs3Bihr0xMsXlHZg7SxeUgetRs095jG NSrIhdzs87wdtMAAcapuZJzCen1yj6YJrucYiV5J1hOa2cKQX9P1u6FzYHUbxZ+A EAtCISJ7V/G45euhFAtqVcbEDb1FL/A5jGjhhrthuwI43ou3hGwrTB0vwwGg0O5D 58i8A38ReTo= =2wdF -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Tue May 14 11:02:46 2024 Received: (at 70663) by debbugs.gnu.org; 14 May 2024 15:02:46 +0000 Received: from localhost ([127.0.0.1]:39831 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s6tfy-0006Ip-D3 for submit@debbugs.gnu.org; Tue, 14 May 2024 11:02:46 -0400 Received: from world.peace.net ([92.243.26.228]:47232) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s6tfu-0006Ih-Jx for 70663@debbugs.gnu.org; Tue, 14 May 2024 11:02:44 -0400 Received: from mhw by world.peace.net with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1s6tfl-0001Ln-KV; Tue, 14 May 2024 11:02:34 -0400 From: Mark H Weaver To: Maxim Cournoyer , Christopher Baines Subject: Re: bug#70663: nss@3.99 is really hard to build In-Reply-To: <87le4czh0z.fsf@gmail.com> References: <87plu7xla9.fsf@cbaines.net> <87o798zrtz.fsf@cbaines.net> <87le4czh0z.fsf@gmail.com> Date: Tue, 14 May 2024 11:03:41 -0400 Message-ID: <87h6f0a107.fsf@netris.org> MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 70663 Cc: 70663@debbugs.gnu.org, Ian Eure X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi Maxim, Maxim Cournoyer writes: > Christopher Baines writes: [...] >> At least from what I can see on the issues, the problem was introduced >> with the update to 3.98.0 [3] and then continued with the update to 3.99 >> [4]. Given the changes in 70662 were sent to guix-patches and then >> merged less than 24 hours later, I'd imagine that wasn't sufficient time >> for data.qa.guix.gnu.org to fail attempting to build nss. > > I think in [3] you meant https://issues.guix.gnu.org/70569, not #70662. > > Since this was security sensitive, I built it on x86_64, tested it there > to ensure that IceCat worked as expected, had others confirmed it worked > for them on #guix then pushed. [...] >> 3: https://issues.guix.gnu.org/70662 >> 4: https://issues.guix.gnu.org/70618 Note that the IceCat package in Guix currently uses the copy of NSS that comes bundled with the IceCat source code, so testing IceCat probably won't tell you much about whether the standalone NSS package in Guix works properly. Regards, Mark From debbugs-submit-bounces@debbugs.gnu.org Wed May 15 22:45:17 2024 Received: (at 70663) by debbugs.gnu.org; 16 May 2024 02:45:17 +0000 Received: from localhost ([127.0.0.1]:45883 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s7R7N-0003aT-3d for submit@debbugs.gnu.org; Wed, 15 May 2024 22:45:17 -0400 Received: from mail-qt1-f180.google.com ([209.85.160.180]:55513) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s7R7K-0003aI-GZ for 70663@debbugs.gnu.org; Wed, 15 May 2024 22:45:15 -0400 Received: by mail-qt1-f180.google.com with SMTP id d75a77b69052e-43df44ef3e3so30385531cf.2 for <70663@debbugs.gnu.org>; Wed, 15 May 2024 19:45:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1715827447; x=1716432247; darn=debbugs.gnu.org; h=mime-version:user-agent:message-id:date:references:in-reply-to :subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to; bh=jff74o6LfwZw7q28GTyq1Q0FMDrMd9HX0p/GVBPBrTU=; b=mdp0F1T9U18NtPXXUD6tVgrx9++jZHBTzwF3nlxJHCpPbj6gBqU2x7ZRthtf0VE1N2 ug1d9RvdaiKL1V9idUGJVasyeefqlrLQGA9LTD2uESEPSyhuqC8SxNaOsP9ntEJpsuEd ZyPZtpmbsjWqcG7azPOaSVyPahR2vzXS9rcKM/jxm0TJ8v16uhgSAPkFQZJ/XfIaw6P4 4gmf462j0kKgkAf96VmN/OT+91lW6YN6xVU5G/n5bOj7LiMtIhqFZhSC+RbEvk27bAAv rA5eS95BjYeXlvZNesBYQVQLESE2e3UdVJ4NlRDoje6qEynLmIE31hMnk3HTEbL/CKKA 8Zrw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715827447; x=1716432247; h=mime-version:user-agent:message-id:date:references:in-reply-to :subject:cc:to:from:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=jff74o6LfwZw7q28GTyq1Q0FMDrMd9HX0p/GVBPBrTU=; b=irSu8XVbGrXcqPFxcIQFCzcGkGdhOHE/UM/5UggxWfP4sSHJiwJaMwg6ZdciiQNBJ8 jQe2YeYufCDSocOPsV/3XLmwHb3jW8iGHEoRlc3H+RuWSRaNJyI6Q7bb5Ru9WRWZRqnb tSdCYa5N7zT9QlMdCuS3ooLErbM10jZxruZzg/Vp4K+bmnFIfhJ0SsvJjl09lrMLBUc4 NPNcRMp6CrzEpPx0zotq13LoLU2CBs3N5NZqnJtCEXSQwClRVtq1ooBrqWyud1fnmEbi IjJHm2KyqgcK70kZbqSdH1jDu8pzVN9TdGk9Z3/HS1WWumypsxac2R2yn/iQ58x9c0IS sLkg== X-Forwarded-Encrypted: i=1; AJvYcCVQa84urTMIxezuN71Mx1v5aZGnEJsiUbMRu1SXVZLSf13A1dTrx+RokA60Fhy9cLSblnhzF+VWLKupqTHiIPJcfY3tGj4= X-Gm-Message-State: AOJu0YwSQtqu3VYSwmXqBISziKhC4yG5aXlKyM+Zb7aTqBssg8cro8YU WzCdauYS4/4ISKP884KkmFFx33GC4ZzIVZseGk7jCmbuqujMF5OhoX3dzg== X-Google-Smtp-Source: AGHT+IHmTmCZjKUhZMslwfwVlsaK+NCQyCTRNESwAUd0H3twpeyjWhFXoinnBR1r+rtM/5R+Wvdwbw== X-Received: by 2002:ac8:7f8f:0:b0:43e:3d29:4311 with SMTP id d75a77b69052e-43e3d294613mr6593781cf.12.1715827446679; Wed, 15 May 2024 19:44:06 -0700 (PDT) Received: from hurd (dsl-205-233-125-107.b2b2c.ca. [205.233.125.107]) by smtp.gmail.com with ESMTPSA id d75a77b69052e-43e3818469csm11313621cf.55.2024.05.15.19.44.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 15 May 2024 19:44:06 -0700 (PDT) From: Maxim Cournoyer To: Mark H Weaver Subject: Re: bug#70663: nss@3.99 is really hard to build In-Reply-To: <87h6f0a107.fsf@netris.org> (Mark H. Weaver's message of "Tue, 14 May 2024 11:03:41 -0400") References: <87plu7xla9.fsf@cbaines.net> <87o798zrtz.fsf@cbaines.net> <87le4czh0z.fsf@gmail.com> <87h6f0a107.fsf@netris.org> Date: Wed, 15 May 2024 22:44:04 -0400 Message-ID: <8734qixyq3.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 70663 Cc: Christopher Baines , 70663@debbugs.gnu.org, Ian Eure X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi Mark, Mark H Weaver writes: > Hi Maxim, > > Maxim Cournoyer writes: > >> Christopher Baines writes: > [...] >>> At least from what I can see on the issues, the problem was introduced >>> with the update to 3.98.0 [3] and then continued with the update to 3.99 >>> [4]. Given the changes in 70662 were sent to guix-patches and then >>> merged less than 24 hours later, I'd imagine that wasn't sufficient time >>> for data.qa.guix.gnu.org to fail attempting to build nss. >> >> I think in [3] you meant https://issues.guix.gnu.org/70569, not #70662. >> >> Since this was security sensitive, I built it on x86_64, tested it there >> to ensure that IceCat worked as expected, had others confirmed it worked >> for them on #guix then pushed. > [...] >>> 3: https://issues.guix.gnu.org/70662 >>> 4: https://issues.guix.gnu.org/70618 > > Note that the IceCat package in Guix currently uses the copy of NSS that > comes bundled with the IceCat source code, so testing IceCat probably > won't tell you much about whether the standalone NSS package in Guix > works properly. Thanks for the heads-up. It looks like there are now some low hanging fruits in terms of unbundling opportunities for icecat/Icedove! -- Thanks, Maxim From debbugs-submit-bounces@debbugs.gnu.org Thu May 16 00:05:55 2024 Received: (at 70663) by debbugs.gnu.org; 16 May 2024 04:05:55 +0000 Received: from localhost ([127.0.0.1]:46212 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s7SNP-0004nh-9g for submit@debbugs.gnu.org; Thu, 16 May 2024 00:05:55 -0400 Received: from fhigh7-smtp.messagingengine.com ([103.168.172.158]:45295) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s7SNL-0004nb-Kl for 70663@debbugs.gnu.org; Thu, 16 May 2024 00:05:53 -0400 Received: from compute6.internal (compute6.nyi.internal [10.202.2.47]) by mailfhigh.nyi.internal (Postfix) with ESMTP id A1BC711400D4; Thu, 16 May 2024 00:05:43 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute6.internal (MEProxy); Thu, 16 May 2024 00:05:43 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=retrospec.tv; h= cc:cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm2; t=1715832343; x=1715918743; bh=megug9wzmnkfv4qiuVqsHcWv9Twf5oKKOFNXXO41ymo=; b= kkjH9jbrZJUQ+ZEvA6U8xUneIyiJGtuw9M9DLYccNhxxZtlSuiXrqjoSx6QkvSrl 5sL3+OdhnYxItmQKaoKRNOLUx3LtMtA90//RY5IDU0OfhP8X64EixKAWmqnhYM5j SVHwtMX2G0c+wpITuOQ87au34l6CEm1aPOObVB7dt7JlVfD6YIetx7cNQ2Nog3+2 +wy7ZBGagSv3+1Dx+ujHLpg5Ep4IQBjD/OzUV1QybqIKlxXxwCS/Stec0Y9OEqsy LxV9Gm6jW8pxmp6Pv0auPUtCaduTQDg3EzIOwEaWbkOlssGGQ+Cs6uEkWp0scSIn hz1IMCE0hfoZBNrPtFEfiw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t=1715832343; x= 1715918743; bh=megug9wzmnkfv4qiuVqsHcWv9Twf5oKKOFNXXO41ymo=; b=L TTf8DAKhjzN8bhx83Bjtllc0LDI00K4i9ItpVxTI7JxvORH44JVKU/sOS5WqDlqK 4HvdnHOif02j69XsgIyd4/HkyJ0ycxB8b6KzQePavVpHvpz7FA9zhLiRFGlWLHzs LapmZAsoPxPFvO/4DotRQBnu2xc6NNPpXgyk14+gzFdYH6pNR86ZJZg9IEi+jraX RKf184KendzJ00/BQmlUFJQTgAQZrelz01WdSsRxWQLkoenYLvE0PgOTJKLu5IAq obdvpwijrlf5Dau8tvIA4pfd/2ERFX+NIrPfRhf6OHkiGoOX09gDQdV5bML6TZl3 HvIC3zDYdaYeT2otqtmXQ== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrvdegledgjeehucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepfhgfhffvvefuffgjkfggtgfgsehtqhertddtreejnecuhfhrohhmpefkrghn ucfguhhrvgcuoehirghnsehrvghtrhhoshhpvggtrdhtvheqnecuggftrfgrthhtvghrnh ephffhgeeikeefgeeuheefleetjefhuefgledvgefguddvveetleelteeklefftdeknecu ffhomhgrihhnpehgnhhurdhorhhgnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrg hmpehmrghilhhfrhhomhepihgrnhesrhgvthhrohhsphgvtgdrthhv X-ME-Proxy: Feedback-ID: id9014242:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Thu, 16 May 2024 00:05:42 -0400 (EDT) References: <87plu7xla9.fsf@cbaines.net> <87o798zrtz.fsf@cbaines.net> <87le4czh0z.fsf@gmail.com> <87h6f0a107.fsf@netris.org> <8734qixyq3.fsf@gmail.com> User-agent: mu4e 1.8.13; emacs 28.2 From: Ian Eure To: Maxim Cournoyer Subject: Re: bug#70663: nss@3.99 is really hard to build Date: Wed, 15 May 2024 21:02:36 -0700 In-reply-to: <8734qixyq3.fsf@gmail.com> Message-ID: <87r0e2v1t6.fsf@meson> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 70663 Cc: Mark H Weaver , Christopher Baines , 70663@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) Maxim Cournoyer writes: > Hi Mark, > > Mark H Weaver writes: > >> Hi Maxim, >> >> Maxim Cournoyer writes: >> >>> Christopher Baines writes: >> [...] >>>> At least from what I can see on the issues, the problem was=20 >>>> introduced >>>> with the update to 3.98.0 [3] and then continued with the=20 >>>> update to 3.99 >>>> [4]. Given the changes in 70662 were sent to guix-patches and=20 >>>> then >>>> merged less than 24 hours later, I'd imagine that wasn't=20 >>>> sufficient time >>>> for data.qa.guix.gnu.org to fail attempting to build nss. >>> >>> I think in [3] you meant https://issues.guix.gnu.org/70569,=20 >>> not #70662. >>> >>> Since this was security sensitive, I built it on x86_64,=20 >>> tested it there >>> to ensure that IceCat worked as expected, had others confirmed=20 >>> it worked >>> for them on #guix then pushed. >> [...] >>>> 3: https://issues.guix.gnu.org/70662 >>>> 4: https://issues.guix.gnu.org/70618 >> >> Note that the IceCat package in Guix currently uses the copy of=20 >> NSS that >> comes bundled with the IceCat source code, so testing IceCat=20 >> probably >> won't tell you much about whether the standalone NSS package in=20 >> Guix >> works properly. > > Thanks for the heads-up. It looks like there are now some low=20 > hanging > fruits in terms of unbundling opportunities for icecat/Icedove! > Definitely. The LibreWolf package is probably a good reference,=20 as I was able to unbundle all its library dependencies and use the=20 Guix-packaged versions instead. =E2=80=94 Ian From debbugs-submit-bounces@debbugs.gnu.org Tue May 21 19:43:51 2024 Received: (at 70663) by debbugs.gnu.org; 21 May 2024 23:43:51 +0000 Received: from localhost ([127.0.0.1]:51871 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s9Z95-00080o-8V for submit@debbugs.gnu.org; Tue, 21 May 2024 19:43:51 -0400 Received: from mail-oi1-f182.google.com ([209.85.167.182]:61722) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s9Z92-00080f-3b; Tue, 21 May 2024 19:43:49 -0400 Received: by mail-oi1-f182.google.com with SMTP id 5614622812f47-3c9d70d93dbso1950397b6e.3; Tue, 21 May 2024 16:43:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1716334956; x=1716939756; darn=debbugs.gnu.org; h=mime-version:user-agent:message-id:date:references:in-reply-to :subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to; bh=HoxBJtNN6werL/C7I13sL2oWmAWczsgK+ybqrUoinFM=; b=N8yh9qknKvlTZxTyhes4gzZ6fcN6BOA4LxDVbGuz9WP3sz8CgDuijgxuhKQtmPXaft qena6dHJAQJyGPkcFab0Z4nfyyyq/RTs8zkaOHKnRzFRkYZzBBEzBzESDqco1v0JUEcj OaOzapLs0fOFRrP7BX+lSHeseGZc1ypM3uLSaOgEcSMRqvIy0e1R+QJszlAoUG8Zu1/2 VozzSDoi4shZJiNjl7Dwobg5ZTkM7/eF8G+uiqI/ZhNVVZQtaZel7R1ZXKU3vIuVe2iW fIR0sSRF5MiOpULagTF2eNRyASIlvqRZOSiKplKhCOqCWVHQkr+q0/cZWb9afk40snLz McoA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1716334956; x=1716939756; h=mime-version:user-agent:message-id:date:references:in-reply-to :subject:cc:to:from:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=HoxBJtNN6werL/C7I13sL2oWmAWczsgK+ybqrUoinFM=; b=NHWOMwA1p+qFL+B3OFqEZJ3iJuBtiUWJ2DXo6LqW21xuikUDhjMq9V4JM6NgNz5KFn eutLicWyatT/2qwxISPrCBZ59jvPRoEfrwY+/yr23JJE6Ip9vZHnnhWFG33NzFt6SGtU k335NY5OaHam3AJy8YuGW7XRlRSFuMfKSQAyfDGrkxoE3887c/F4/7bbByBb8hdFBL2o XhprhRejhBt4d1At5sJ1HR5qklED9ALHdVRAOD4hMbt+7YSwn/4a2ON7QCEC2wnZBfnI sdon/pKf3QXiaSE+J5FCESxaOsKtvXeMy0Aef88IXUK5929vg9vY+PRL3oWz0o2VHyZ1 OU/A== X-Forwarded-Encrypted: i=1; AJvYcCVnjxKQr3NS/cbZbaYRNK5vJGuOtoMLMskb+fo7BJ/MiXw1WUAUBwtE1E/sGN1w4+Ie5EztXzElYhoNCLUzCnFMjSkZIFUQtB2fukBt+j//xX4dVvm+/gr5HLrQgw== X-Gm-Message-State: AOJu0YzN7ckQQAdhjxKTLuHVTzuJ0gKe294shQpYZxduhlk01adrlt4X rb355OTVEKYzsIXdA1JP+BlDsp4W2tjjc6w9sRvpBe9gy1F1p9HsHk+j/A== X-Google-Smtp-Source: AGHT+IFdqz5cZEj9LFTX+itertnoEse8dCGPZIlUn/ymC3GIxxDUdx09J8xXwyCx6eOCGgxjyaDNZA== X-Received: by 2002:a05:6808:179e:b0:3c9:6dd3:32dc with SMTP id 5614622812f47-3cdb66b0d8cmr578971b6e.30.1716334955844; Tue, 21 May 2024 16:42:35 -0700 (PDT) Received: from hurd (dsl-205-233-124-234.b2b2c.ca. [205.233.124.234]) by smtp.gmail.com with ESMTPSA id af79cd13be357-792bf27591bsm1338584185a.16.2024.05.21.16.42.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 21 May 2024 16:42:35 -0700 (PDT) From: Maxim Cournoyer To: Christina O'Donnell Subject: Re: bug#70662: Problems building nss@3.98.0 In-Reply-To: <339167fe-c899-1303-166f-8040b49f0f59@mutix.org> (Christina O'Donnell's message of "Tue, 14 May 2024 11:19:57 +0100") References: <878r0nqjmu.fsf@gmail.com> <87jzk4fofj.fsf@cbaines.net> <339167fe-c899-1303-166f-8040b49f0f59@mutix.org> Date: Tue, 21 May 2024 19:42:33 -0400 Message-ID: <878r0268ba.fsf_-_@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 70663 Cc: Guix Devel , 70662@debbugs.gnu.org, Christopher Baines , 70663@debbugs.gnu.org, Simon Tournier X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi, Christina O'Donnell writes: > Hi, > > On 08/05/2024 14:01, Christopher Baines wrote: >> I think it would be nice to have a new release, and indeed release more >> often, I think the way to get there is for less things to be broken >> between releases, such that releasing takes less effort in terms of >> testing and fixing things. >> >> To give some specific issues, I've run up against the recent issues with >> nss [1][2] and I don't think we could release with the nss package as is >> currently. >> >> 1: https://issues.guix.gnu.org/70662 >> 2: https://issues.guix.gnu.org/70663 > > I can fix these by disabling tests, but I would prefer if someone with > more experience packaging for guix could make a decision on > it. Otherwise, I don't have any problem reducing the number of tests > and disabling all tests on PowerPC at least. > > I could also do some analysis if it was deemed necessary, inserting a > patch to measure the timings of each test/cycle. Additionally, I could > try packaging some of the versions between 0.88 and 0.98 to identify > the exact change that could be to blame. However, both of these seem > overkill, given the backlog of patches/issues we have left to get > through, and the manpower we currently have to work with. > > Would any of that be helpful? I just encountered the following single test failure building on powerpc64le: --8<---------------cut here---------------start------------->8--- time certutil -K -d /tmp/guix-build-nss-3.99.0.drv-0/nss-3.99/tests_results/security/localhost.1/bigdir -f ../tests.pw ------------- time ---------------------- real 10.32 user 10.25 sys 0.07 10 seconds dbtests.sh: #27: certutil dump keys with explicit default trust flags - FAILED --8<---------------cut here---------------end--------------->8--- with the summary: --8<---------------cut here---------------start------------->8--- SUMMARY: ======== NSS variables: -------------- HOST=localhost DOMSUF=localdomain BUILD_OPT= USE_X32= USE_64=1 NSS_CYCLES="" NSS_TESTS="" NSS_SSL_TESTS="crl iopr policy normal_normal" NSS_SSL_RUN="cov auth stapling signed_cert_timestamps scheme" NSS_AIA_PATH= NSS_AIA_HTTP= NSS_AIA_OCSP= IOPR_HOSTADDR_LIST= PKITS_DATA= NSS_DISABLE_HW_AES= NSS_DISABLE_HW_SHA1= NSS_DISABLE_HW_SHA2= NSS_DISABLE_PCLMUL= NSS_DISABLE_AVX= NSS_DISABLE_ARM_NEON= NSS_DISABLE_SSSE3= Tests summary: -------------- Passed: 79016 Failed: 1 Failed with core: 0 ASan failures: 0 Unknown status: 2 TinderboxPrint:Unknown: 2 error: in phase 'check': uncaught exception: %exception #<&invoke-error program: "faketime" arguments: ("2024-01-23" "./nss/tests/all.sh") exit-status: 1 term-signal: #f stop-signal: #f> phase `check' failed after 36124.0 seconds command "faketime" "2024-01-23" "./nss/tests/all.sh" failed with status 1 builder for `/gnu/store/q3cqzzd4fg384lfmk91gd6higsyhs1nq-nss-3.99.0.drv' failed with exit code 1 @ build-failed /gnu/store/q3cqzzd4fg384lfmk91gd6higsyhs1nq-nss-3.99.0.drv - 1 builder for `/gnu/store/q3cqzzd4fg384lfmk91gd6higsyhs1nq-nss-3.99.0.drv' failed with exit code 1 --8<---------------cut here---------------end--------------->8--- So I'm not sure why, but the 'certutil dump keys with explicit default trust flags' fails on powerpc64le and should probably be disabled. Also, 36124 s, ouch! #70950 should help for that. -- Thanks, Maxim From unknown Sat Jun 21 10:34:12 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Thu, 17 Oct 2024 11:24:11 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator