[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#44559: gnutls 3.6.12 fails to build: FAIL: status-request-revoked
From: |
Ludovic Courtès |
Subject: |
bug#44559: gnutls 3.6.12 fails to build: FAIL: status-request-revoked |
Date: |
Thu, 12 Nov 2020 22:06:09 +0100 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) |
Hi,
Christopher Baines <mail@cbaines.net> skribis:
> I found this when trying to build guile3.0-gnutls:
>
> guix time-machine --commit=94585fffb23079fe71110e2bf99782eb4ccfa12b --
> build --no-grafts --check guile3.0-gnutls
>
>
> FAIL: status-request-revoked
> ============================
>
> trying NORMAL:-VERS-ALL:+VERS-TLS1.2
> received status request
> received status request
> cert_verify_callback:263: certificate verify status doesn't match: 100402 !=
> 22FAIL status-request-revoked (exit status: 1)
This was fixed upstream between 3.6.12 and 3.6.14 with this patch by
Bernhard (it’s a small world!):
--8<---------------cut here---------------start------------->8---
commit ed208fe55f31478732fd6cc394f9576b315a42cd
Author: Bernhard M. Wiedemann <bwiedemann@suse.de>
Date: Sun Apr 5 15:09:57 2020 +0200
tests: Fix status-request-revoked after 2020-10-24
included certs expire 2020-10-24 so this test fails after that date.
Fixes #967
This patch was done while working on reproducible builds for openSUSE.
Signed-off-by: Bernhard M. Wiedemann <bwiedemann@suse.de>
--8<---------------cut here---------------end--------------->8---
The question for us becomes how to ensure long-term reproducibility in
the presence of such bugs.
In this case, I think the only solution would be to change the system
clock when one rebuilds GnuTLS (or to use ‘--without-tests=gnutls’, but
you end up with different derivations, which is not necessarily
desirable).
Thoughts?
Ludo’.