Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

guix: fix suggested fake date for openssl-1.1.1l #29999

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

guix: fix suggested fake date for openssl-1.1.1l #29999

wants to merge 1 commit into from
+8 −5

Conversation

Sjors
Copy link
Member

@Sjors Sjors commented Apr 29, 2024

Using 2020-10-01 as the fake timestamp will cause many test failures with /gnu/store/bfirgq65ndhf63nn4q6vlkbha9zd931q-openssl-1.1.1l.drv. I didn't investigate why, but I guess because it's before the test certificates were created. They expired in June 2022. I tried a month before that, which worked.

Also fixes layout of instructions.

@Sjors
guix: fix suggested fake date for openssl -1.1.1l
8fee535 
Also fix layout of instructions.
@DrahtBot
Copy link
Contributor

DrahtBot commented Apr 29, 2024
edited

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Code Coverage

For detailed information about the code coverage, see the test coverage report.

Reviews

See the guideline for information on the review process.
A summary of reviews will appear here.

@Sjors
Copy link
Member Author

Sjors commented Apr 29, 2024

cc @dongcarl

@laanwj
Copy link
Member

laanwj commented Apr 29, 2024

Changing the system date is a terrible workaround in any case imo. Is there really no other way?

@Sjors
Copy link
Member Author

Sjors commented Apr 29, 2024

@laanwj I believe newer versions of OpenSSL have more robust tests, but we don't want to bump our Guix Time Machine commit just for that.

@bitcoin bitcoin deleted a comment from Lukasz8181 Apr 30, 2024
@dongcarl
Copy link
Contributor

If I remember correctly, I think that you can likely just patch OpenSSL here since it's not a package that is "core" to Guix like GnuTLS was?

@Sjors
Copy link
Member Author

Sjors commented Apr 30, 2024
edited

I wrote:

we don't want to bump our Guix Time Machine commit just for that.

Actually our Time Machine commit is much more recent than I thought. Will defer to @dongcarl.

@maflcko
Copy link
Member

maflcko commented Apr 30, 2024

we don't want to bump our Guix Time Machine commit just for that.

Actually our Time Machine commit is much more recent than I thought.

I presume openssl is used in the bootstrap chain, to bootstrap older software, so it probably can never be removed in a time machine bump?

@maflcko
Copy link
Member

maflcko commented Apr 30, 2024
edited

If I remember correctly, I think that you can likely just patch OpenSSL here since it's not a package that is "core" to Guix like GnuTLS was?

Yes, this is workaround 3, added in fad444f.

"Workaround 3: Disable the tests in the Guix source code for this single derivation"

@Sjors
Copy link
Member Author

Sjors commented Apr 30, 2024

Disable the tests in the Guix source code for this single derivation

We already have that recommendation, but I think it's better to offer an alternative. "Don't worry about tests not passing" is something I prefer to only do when I really understand how everything works, which I don't.

@luke-jr
Copy link
Member

luke-jr commented May 7, 2024

Is it possible to use a UTS namespace to spoof the clock just for the build?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Build system
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@Sjors @DrahtBot @laanwj @dongcarl @maflcko @luke-jr