On Wed, Feb 15, 2023 at 12:15:21PM -0500, Greg Hogan wrote: > Installing guix from source fails on the build of openssl@1.1.1l. I > see the same error on my working system (log attached) when executing > the command below. The issue looks to be caused by OpenSSL's expired > test certs fixed in 1.1.1p [0]. Guix currently grafts openssl 1.1.1s > but it seems grafts are not part of the bootstrap process (substitutes > disabled). > > If this is the correct diagnosis then we should be ungrafting before > future releases any bootstrap dependencies relating to build failures > (not necessarily for security updates). > > My personal fix was to adapt my installation script to iteratively set > back then reset the clock, as openssl only builds in the past but > diffutils-boot0 then fails due to newly created files being older than > distributed files.
Thanks for the notes. I do believe this has been discussed previously, to be found in the archives! In general, SSL/TLS implementations keep making this... unfortunate mistake in their test suites. It only really affects distros like Guix or Nix, so it's our problem to fix. I'd guess it's happened 4 times in the last several years. It's one of several reasons that rebuilding old Guix releases actually approaches being a Hard Problem.
