* gnu/packages/nss.scm (nss): Disable FIPS in lowhashtests.
This is required as FIPS is inherently non-deterministic, making the build no
longer reproducible.

Change-Id: I2b294530b017285d0949a1082abaaf3a8fe1f6b5
---
 gnu/packages/nss.scm                          |  3 +-
 .../nss-disable-fips-in-lowhashtest.patch     | 28 +++++++++++++++++++
 2 files changed, 30 insertions(+), 1 deletion(-)
 create mode 100644 gnu/packages/patches/nss-disable-fips-in-lowhashtest.patch

diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm
index 08e4cb06ee..02081c32e1 100644
--- a/gnu/packages/nss.scm
+++ b/gnu/packages/nss.scm
@@ -125,7 +125,8 @@ (define-public nss
               (patches (search-patches "nss-3.56-pkgconfig.patch"
                                        "nss-getcwd-nonnull.patch"
                                        "nss-increase-test-timeout.patch"
-                                       "nss-disable-shlibsign.patch"))
+                                       "nss-disable-shlibsign.patch"
+                                       
"nss-disable-fips-in-lowhashtest.patch"))
               (modules '((guix build utils)))
               (snippet
                '(begin
diff --git a/gnu/packages/patches/nss-disable-fips-in-lowhashtest.patch 
b/gnu/packages/patches/nss-disable-fips-in-lowhashtest.patch
new file mode 100644
index 0000000000..c8fc1e7e7a
--- /dev/null
+++ b/gnu/packages/patches/nss-disable-fips-in-lowhashtest.patch
@@ -0,0 +1,28 @@
+From f32bd353c5b741d6da5811fd40681dda80799bfb Mon Sep 17 00:00:00 2001
+Message-ID: 
<f32bd353c5b741d6da5811fd40681dda80799bfb.1714591857.git....@mutix.org>
+From: Christina O'Donnell <c...@mutix.org>
+Date: Wed, 1 May 2024 20:30:15 +0100
+Subject: [PATCH] nss: Disable FIPS in lowhashtest.
+
+---
+ nss/tests/lowhash/lowhash.sh | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/nss/tests/lowhash/lowhash.sh b/nss/tests/lowhash/lowhash.sh
+index 2984b9b..9dcc89b 100755
+--- a/nss/tests/lowhash/lowhash.sh
++++ b/nss/tests/lowhash/lowhash.sh
+@@ -63,7 +63,7 @@ lowhash_test()
+   else
+     TESTS="MD5 SHA1 SHA224 SHA256 SHA384 SHA512"
+     OLD_MODE=`echo ${NSS_FIPS}`
+-    for fips_mode in 0 1; do
++    for fips_mode in 0; do
+       echo "lowhashtest with fips mode=${fips_mode}"
+       export NSS_FIPS=${fips_mode}
+       for TEST in ${TESTS}
+
+base-commit: 85b7cf166687cbfaf3e3764ed1ea9bb3b9404ef0
+-- 
+2.41.0
+
-- 
2.41.0




Reply via email to