.
For example, being warned about sharing /etc with a container.
To reproduce, run the Guix command in a basic VM image, connecting to Guix
daemon on the host.[1]
Please let me know if you have any questions!
Kind regards,
- Christina O'Donnell
https://mutix.org/
---
[1] See my blog for more
Hi Guix,
From my machine[1] connecting to https://issues.guix.gnu.org/ results
in, after 130 seconds[2], a 502 bad gateway. It's been having issues for
over a week, but I only just found a need to test it.
I couldn't see an issue about it on debbugs so I thought it prudent to
raise an
Hi Felix,
You are welcome to use my Mumi clone at mumi.juix.org.
Bookmarked, thanks!
Looks like issues.guix.gnu.org is back up again.
Kind regards,
- Christina
On 04/02/2024 05:33, Felix Lechner wrote:
Hi Christina,
On Sat, Feb 03 2024, Christina O'Donnell wrote:
connecting to https
Hi,
On my machine the order of search paths are:
$ echo $PATH | tr : '\n'
/home/cdo/.guix-home/profile/bin
/home/cdo/.guix-home/profile/sbin
/run/setuid-programs
/home/cdo/.config/guix/current/bin
/home/cdo/.guix-profile/bin
/run/current-system/profile/bin
/run/current-system/profile/sbin
Hi Simon, Paul,
I've also run into this bug and I believe it is due to the error being
cached. This is clearly undesirable so this issue should stay open until
that is resolved.
My reasoning for thinking it is a cache issues is:
- An issue with package transformations should never cause an
gnu/packages/certs.scm (nss-certs-3.88.1): New variable.
(nss-certs-3.98): Update and rename to nss-certs-3.99.
(nss-certs): Update to 3.99.
Change-Id: I2f5f737d44d08497d4f5e0e07557be36d2f1f070
---
gnu/packages/certs.scm | 24 +++-
1 file changed, 19 insertions(+), 5
gnu/packages/nss.scm (nss): Update to 3.99.
Change-Id: Iba6c9dc2956cc0febb62a1c471add899250fa489
---
gnu/packages/nss.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm
index b608a995577..80667d8affe 100644
---
I've missded
then I'd appreciate that. Otherwise I'm free to pick it back up again on
Tuesday.
Let me know if you have any questions.
Kind regards,
Christina
Christina O'Donnell (4):
gnu: nss: Make reproducible.
gnu: nss: Update to 3.99.
gnu: nss-certs: Update to 3.99.
WIP: nss
There are 51 new test failures which all appear to be related to FIPS.
For example:
modutil -dbdir
/tmp/guix-build-nss-3.99.drv-0/nss-3.99/tests_results/security/localhost.1/fips
-fips true
WARNING: Performing this operation while the browser is running could cause
corruption of your security
From: Zheng Junjie
* gnu/packages/nss.scm (nss)[arguments]<#:make-flags>: When
cross-compilation, Add CROSS_COMPILE=1.
<#:phases>: When cross-compilation, Set env NATIVE_CC to gcc.
Change-Id: I5c9559a4b8cecf2cfc6c47d136d69c01a335faaf
Signed-off-by: Zheng Junjie
---
gnu/packages/nss.scm | 7
From: Zheng Junjie
* gnu/packages/nss.scm (nspr)[arguments]<#:configure-flags>: When
cross-compilation, Add HOST_CC=gcc.
Change-Id: I337f217f153f8cc3a713906643d6fab9115056e9
Signed-off-by: Zheng Junjie
---
gnu/packages/nss.scm | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff
b834755822f962af29e9395daa7338084e21 Mon Sep 17 00:00:00 2001
+Message-ID:
<4734b834755822f962af29e9395daa7338084e21.1714059680.git@mutix.org>
+From: Christina O'Donnell
+Date: Thu, 25 Apr 2024 16:35:50 +0100
+Subject: [PATCH] nss: Disable library signing.
+
+---
+ nss/cmd/shlibsign
Hi Steve,
It would be good to confirm this one:
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=40316
Still fails to reproduce with those changes applied.
The culprit is in nss/cmd/shlibsign/shlibsign.c:
shlibSignHMAC generates a new key-pair each time it's run:
/* Generate a DSA key
Hi,
I believe I have a fix for this, I'm just waiting on my machine to hurry
up and confirm it, might end up running over night, then I'll send my
patch up.
I'm doing two native builds and two cross-builds.
I've also updated to 3.99.
Kind regards,
Christina
On 25/04/2024 15:06, Christina
Hi,
On 06/05/2024 11:12, Ludovic Courtès wrote:
Hi,
Christina O'Donnell skribis:
Tangentially, given how long nss takes to build, do you think that
it'd be worth shaving it down to a single test pass? Currently it runs
each test up to 3 times, which takes ~1h on my machine with no other
user guix
close 70633
quit
Thanks for the report. It sounds like this can be closed now. Hopefully
it's a one off!
Kind regards,
Christina
for the noise.
Christina
On 02/05/2024 12:00, Christina O'Donnell wrote:
This patch series is an incomplete attempt to make nss reproducible. Currently
this fails 4 tests due to NSS_FIPS_DISABLED not being respected.
Christina O'Donnell (4):
gnu: nss: Update to 3.99.
gnu: nss-certs: Update to 3.99
-git a/gnu/packages/patches/nss-disable-shlibsign.patch
b/gnu/packages/patches/nss-disable-shlibsign.patch
new file mode 100644
index 00..591af76449
--- /dev/null
+++ b/gnu/packages/patches/nss-disable-shlibsign.patch
@@ -0,0 +1,33 @@
+From 85b7cf166687cbfaf3e3764ed1ea9bb3b9404ef0 Mon Sep
gnu/packages/nss.scm (nss): Update to 3.99.
Change-Id: Iba6c9dc2956cc0febb62a1c471add899250fa489
---
gnu/packages/nss.scm | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm
index 0baafe2f37..6795e59d28 100644
---
From: Zheng Junjie
* gnu/packages/nss.scm (nspr)[arguments]<#:configure-flags>: When
cross-compilation, Add HOST_CC=gcc.
Change-Id: I337f217f153f8cc3a713906643d6fab9115056e9
Signed-off-by: Zheng Junjie
---
gnu/packages/nss.scm | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff
nss-disable-fips-in-lowhashtest.patch
@@ -0,0 +1,28 @@
+From f32bd353c5b741d6da5811fd40681dda80799bfb Mon Sep 17 00:00:00 2001
+Message-ID:
+From: Christina O'Donnell
+Date: Wed, 1 May 2024 20:30:15 +0100
+Subject: [PATCH] nss: Disable FIPS in lowhashtest.
+
+---
+ nss/tests/lowhash/lowhash.sh | 2 +-
+ 1 file chan
gnu/packages/nss.scm (nss): Update to 3.99.
Change-Id: Iba6c9dc2956cc0febb62a1c471add899250fa489
---
gnu/packages/nss.scm | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm
index 0baafe2f37..6795e59d28 100644
---
s/patches/nss-define-NSS_FIPS_DISABLED.patch
new file mode 100644
index 00..40ac66e365
--- /dev/null
+++ b/gnu/packages/patches/nss-define-NSS_FIPS_DISABLED.patch
@@ -0,0 +1,29 @@
+From e89a33daac982107421117ad95ae8443ef316079 Mon Sep 17 00:00:00 2001
+Message-ID:
+From: Christina O'Donnell
+D
From: Zheng Junjie
* gnu/packages/nss.scm (nspr)[arguments]<#:configure-flags>: When
cross-compilation, Add HOST_CC=gcc.
Change-Id: I337f217f153f8cc3a713906643d6fab9115056e9
Signed-off-by: Zheng Junjie
---
gnu/packages/nss.scm | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff
gnu/packages/certs.scm (nss-certs-3.88.1): New variable.
(nss-certs-3.98): Update and rename to nss-certs-3.99.
(nss-certs): Update to 3.99.
Change-Id: I2f5f737d44d08497d4f5e0e07557be36d2f1f070
---
gnu/packages/certs.scm | 24 +++-
1 file changed, 19 insertions(+), 5
gnu/packages/certs.scm (nss-certs-3.88.1): New variable.
(nss-certs-3.98): Update and rename to nss-certs-3.99.
(nss-certs): Update to 3.99.
Change-Id: I2f5f737d44d08497d4f5e0e07557be36d2f1f070
---
gnu/packages/certs.scm | 24 +++-
1 file changed, 19 insertions(+), 5
From: Zheng Junjie
* gnu/packages/nss.scm (nss)[arguments]<#:make-flags>: When
cross-compilation, Add CROSS_COMPILE=1.
<#:phases>: When cross-compilation, Set env NATIVE_CC to gcc.
Change-Id: I5c9559a4b8cecf2cfc6c47d136d69c01a335faaf
Signed-off-by: Zheng Junjie
---
gnu/packages/nss.scm | 7
This patch series is an incomplete attempt to make nss reproducible. Currently
this fails 4 tests due to NSS_FIPS_DISABLED not being respected.
Christina O'Donnell (4):
gnu: nss: Update to 3.99.
gnu: nss-certs: Update to 3.99.
gnu: nss: Attempt to disable FIPS.
gnu: nss: Disable FIPS
From: Zheng Junjie
* gnu/packages/nss.scm (nss)[arguments]<#:make-flags>: When
cross-compilation, Add CROSS_COMPILE=1.
<#:phases>: When cross-compilation, Set env NATIVE_CC to gcc.
Change-Id: I5c9559a4b8cecf2cfc6c47d136d69c01a335faaf
Signed-off-by: Zheng Junjie
---
gnu/packages/nss.scm | 7
Hi Vagrant,
On 26/04/2024 23:58, Vagrant Cascadian wrote:
On 2024-04-26, Christina O'Donnell wrote:
gnu/packages/patches/nss-Disable-library-signing.patch: Disable library
signing to make the build reproducible.
gnu/packages/nss.scm (nss): Apply this new patch.
Nice!
I have reordered my
From: Zheng Junjie
* gnu/packages/nss.scm (nss)[arguments]<#:make-flags>: When
cross-compilation, Add CROSS_COMPILE=1.
<#:phases>: When cross-compilation, Set env NATIVE_CC to gcc.
Change-Id: I5c9559a4b8cecf2cfc6c47d136d69c01a335faaf
Signed-off-by: Zheng Junjie
---
gnu/packages/nss.scm | 7
machine with no other build
running. Running only the standard pass takes 2.5-3x less time, which is
a huge quality of life improvement.
Kind regards,
Christina
On 02/05/2024 09:15, Ludovic Courtès wrote:
Hi Christina,
Nice work!
Christina O'Donnell skribis:
I've got as far as making nss
From: Zheng Junjie
* gnu/packages/nss.scm (nspr)[arguments]<#:configure-flags>: When
cross-compilation, Add HOST_CC=gcc.
Change-Id: I337f217f153f8cc3a713906643d6fab9115056e9
Signed-off-by: Zheng Junjie
---
gnu/packages/nss.scm | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff
This patch-set is a slight modification of the previous one with a single
change:
In the last commit, I have removed the specification of test parameters that
previously reduced the number of tests. This wasn't justified in the commit
message and turned out to be unnecessary anyway.
Christina
gnu/packages/certs.scm (nss-certs-3.88.1): New variable.
(nss-certs-3.98): Update and rename to nss-certs-3.99.
(nss-certs): Update to 3.99.
Change-Id: I2f5f737d44d08497d4f5e0e07557be36d2f1f070
---
gnu/packages/certs.scm | 24 +++-
1 file changed, 19 insertions(+), 5
gnu/packages/nss.scm (nss): Update to 3.99.
Change-Id: Iba6c9dc2956cc0febb62a1c471add899250fa489
---
gnu/packages/nss.scm | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm
index 0baafe2f37..6795e59d28 100644
---
file mode 100644
index 00..40ac66e365
--- /dev/null
+++ b/gnu/packages/patches/nss-define-NSS_FIPS_DISABLED.patch
@@ -0,0 +1,29 @@
+From e89a33daac982107421117ad95ae8443ef316079 Mon Sep 17 00:00:00 2001
+Message-ID:
+From: Christina O'Donnell
+Date: Thu, 2 May 2024 12:34:40 +0100
Hi,
On 08/05/2024 14:01, Christopher Baines wrote:
I think it would be nice to have a new release, and indeed release more
often, I think the way to get there is for less things to be broken
between releases, such that releasing takes less effort in terms of
testing and fixing things.
To give
Hi,
On 01/05/2024 18:14, Christopher Baines wrote:
Maxim Cournoyer writes:
Hi Chris,
Christopher Baines writes:
nss@3.99 is really hard to build, it's so hard and so important that
data.guix.gnu.org is still after two days trying to process [1]. I say
so important because you have to
39 matches
Mail list logo