Your message dated Thu, 26 Mar 2026 05:49:06 +0000
with message-id <[email protected]>
and subject line Bug#1083087: fixed in nss-pem 1.1.1+1-1
has caused the Debian Bug report #1083087,
regarding nss FTBFS on 32bit arm userland and 64bit kernel
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1083087: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1083087
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: nss
Version: 2:3.103-1
Severity: important
Tags: ftbfs patch
Control: clone -1 -2
Control: reassign -2 src:nss-pem
Control: clone 948523 -3
Control: reassign -3 src:nss-pem
Control: clone -1 -4
Control: retitle -4 nss-pem: unregistered vendor copy of nss
Control: tags -4 =
Control: reassign -4 src:nss-pem
Hi,
nss and nss-pem FTBFS on the reproducible builds infrastructure for
armhf. For nss-pem, it was the second build that FTBFS. That got me
looking and allowed me identifying the cause. It looks at the uname and
when you build on an arm32 userland with a 64bit kernel, some features
are detected differently (as it looks at uname -m) and then the build
fails.
We already pass OS_TEST for cross building where uname -m is a problem,
so I suggest extending this to cover the arm case and overriding OS_TEST
even for native builds. I'm attaching a patch for your convenience.
As this bug also affects nss-pem, I am cloning the bug (as -2) for
nss-pem and also cloning another bug (as -3) where nss-pem FTCBFS for
ppc64el.
I also observe that the vendoring of nss-pem is not registered in the
security tracker
https://salsa.debian.org/security-tracker-team/security-tracker/-/blob/master/data/embedded-code-copies.
Please unvendor nss from nss-pem or register your copy. This matter is
tracked as bug -4.
Helmut
--- nss-b/debian/rules
+++ nss-a/debian/rules
@@ -47,6 +47,11 @@
endif
TOOLCHAIN += OS_TEST=$(DEB_HOST_GNU_CPU)
TOOLCHAIN += KERNEL=$(DEB_HOST_ARCH_OS)
+else
+# Avoid misdetecting armhf as arm64 when built on a 64bit kernel.
+ifeq ($(DEB_HOST_GNU_CPU),arm)
+TOOLCHAIN += OS_TEST=arm
+endif
endif
# $(foreach foo,$(list),$(call cmd,some command $(foo))) expands to
--- End Message ---
--- Begin Message ---
Source: nss-pem
Source-Version: 1.1.1+1-1
Done: Timo Aaltonen <[email protected]>
We believe that the bug you reported is fixed in the latest version of
nss-pem, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Timo Aaltonen <[email protected]> (supplier of updated nss-pem package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 26 Mar 2026 07:22:27 +0200
Source: nss-pem
Built-For-Profiles: derivative.ubuntu noudeb
Architecture: source
Version: 1.1.1+1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian FreeIPA Team <[email protected]>
Changed-By: Timo Aaltonen <[email protected]>
Closes: 1083087 1083088 1127617
Changes:
nss-pem (1.1.1+1-1) unstable; urgency=medium
.
[ Timo Aaltonen ]
* New upstream release.
* nss: Sync with src:nss 2:3.121.1-1. (Closes: #1083087, #1083088)
* patches: Refreshed, drop upstreamed cmake patch.
.
[ Bastian Germann ]
* d/copyright: Fix license misrepresentations. (Closes: #1127617)
Checksums-Sha1:
c72b3b8e01a3af6a45a866cb3e7afe0dc21efca2 2080 nss-pem_1.1.1+1-1.dsc
ed0154eb4f4b4715c5157d50bda25a3d0b423c24 58460796 nss-pem_1.1.1+1.orig.tar.xz
f541020d6041c4a262a490b4d88fcb2b44e92d18 5804 nss-pem_1.1.1+1-1.debian.tar.xz
ed5fb2b8ce5897bc335857220c1c319e84f7af46 9050
nss-pem_1.1.1+1-1_source.buildinfo
Checksums-Sha256:
7b3c7ed18ff7943d824744979e8e5ea960390af6e13b008cbd7d73f4545bf1d2 2080
nss-pem_1.1.1+1-1.dsc
a312a218305e6db6608aee5aef6e166a30456a1c9a5baa2cee1dfda36aefe0e0 58460796
nss-pem_1.1.1+1.orig.tar.xz
e76b50a5d46e9272e4902988cebf6be336758b381b5107b6998b2940d4196f02 5804
nss-pem_1.1.1+1-1.debian.tar.xz
e449217829757b3614625eee28b869f55fae02542530ec4dffb92110746a8403 9050
nss-pem_1.1.1+1-1_source.buildinfo
Files:
ef0b2d6ad483324965a36edc3b490599 2080 libs optional nss-pem_1.1.1+1-1.dsc
747a20fe2814c89113f4af3461ec0142 58460796 libs optional
nss-pem_1.1.1+1.orig.tar.xz
6333282b7eaf8c5d54dc5d333700e065 5804 libs optional
nss-pem_1.1.1+1-1.debian.tar.xz
d6ae271729af0024f4f7534faf452d6e 9050 libs optional
nss-pem_1.1.1+1-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEdS3ifE3rFwGbS2Yjy3AxZaiJhNwFAmnEwrAACgkQy3AxZaiJ
hNxWFBAAiRbztFua8Jk9L9UY4p08qXDTTvlB07OFfkkcmmqYtrgyQ9KI1D6z4phg
LWCYy5ccgjCd0CnwBmX0SAQ1xpjAgMbcRqhg8I8ZJpyJvJdT1vHM9t93lasjZPkX
5Et3gBZQLIDQ1n3rJctHd0GPlQVcnJBX74p6k33Aud9qYLjSA5ej8E1I87OpacVI
4XWeerDFl6sKbqjhYCmjPlHzZyAJ8uEU2VIEnzrHOVoGVzLIHu6y/fViEHdOfM4y
ZsdJ5m8BxnX5aA5Zxmai3gK7fD+vQsczPdiAxXLXZGFEWuSJl2k84Ehkga+Qz391
0iJ5yiih1zX9o6N8Y+qYDaNHci+684XphdXTkJnFGaXNiiYXivlQ/3clRLF+Off2
RUN51f9wT/sNr6HAPrKAjObgpiSVclDBthciG9UUGObN9vLrLBK5q2WPniHV8G2g
801OZXcH7ZvS0GyyIHI/Ye4f+ZmuWTQ9pBaYPNcZz4Vafs5Amwrv+8jzOC8shOjG
/Dki33DW1RnOpf+xrc0KnnoHHmnkHvqtikQcCmuVYNY1qo6Io86CL5iJ+SVLeuCg
uyxQopJPPZth4eOOpDe+lFz/RMrYWVPbZgSrZjtX1VHaZVvaesBZXPIld/K/bpge
ldgzky8/wC+z6WEszFwS6G9aoaZWKWAuDJKMwyvoYXNTNiQ2Fu0=
=PlBr
-----END PGP SIGNATURE-----
pgpCLBIW0mBJw.pgp
Description: PGP signature
--- End Message ---
