Tests would fail once certificates had expired, along these lines:
chains.sh: Verifying certificate(s) PayPalEE.cert with flags -d AllDB -pp -o OID.2.16.840.1.114412.1.1
vfychain -d AllDB -pp -vv -o OID.2.16.840.1.114412.1.1 /tmp/guix-build-nss-3.39.drv-0/nss-3.39/nss/tests/libpkix/certs/PayPalEE.cert
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 0. PayPalEE :
ERROR -8181: Peer's Certificate has expired.
Returned value is 1, expected result is pass
Using 'faketime' allows us to get deterministic results.
* gnu/packages/gnuzilla.scm (nss)[arguments]: In 'check' phase, run
'all.sh' under 'faketime'.
[native-inputs]: Add LIBFAKETIME.
* gnu/packages/multiprecision.scm (tomsfastmath): New variable.
* gnu/packages/patches/tomsfastmath-constness.patch: New patch.
* gnu/local.mk (dist_patch_DATA): Add it.
Increases size of llvm@6 by 2.5MiB (2.5%), but saves building specialized
llvm's with rtti enabled for packages that require RTTI when linking with the
llvm libraries.
* gnu/packages/llvm.scm (llvm-3.8-with-rtti): Remove variable.
(llvm)[arguments]: Add '-DLLVM_REQUIRES_RTTI=1' to #:configure-flags.
* gnu/packages/audio.scm (faust-2)[native-inputs]:
'llvm-3.8-with-rtti' -> 'llvm-3.8'.
Suggested by swedebugia <swedebugia@riseup.net>.
* doc/contributing.texi (Running Guix Before It Is Installed): Mention
that ./pre-inst-env is generated.
pgp.mit.edu appears to be unreliable these days.
* doc/guix.texi (KEY-SERVER): New variable.
(Binary Installation, USB Stick and DVD Installation): Use it in 'gpg
--recv-keys' example.
This fixes https://bugs.gnu.org/33196, a build problem caused by a defective
Elisp snippet in a check in configure.ac.
* gnu/packages/patches/emacs-realgud-fix-configure-ac.patch: Add patch.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/emacs.scm (emacs-realgud)[source]: Use it.
* gnu/packages/bioinformatics.scm (bamtools, ribotaper, bioawk)
(codingquarry, fraggenescan, minced, pplacer, star, subread, sailfish)
(salmon): Return #t from all phases and snippets, use 'invoke' where
appropriate, and remove vestigal plumbing.
* gnu/packages/databases.scm (4store, go-gopkg.in-mgo.v2, mongodb)
(sparql-query, tdb, sqlcipher, python-sqlparse, mongo-tools): Return #t from
all phases, use invoke where appropriate, and remove vestigial plumbing.
* gnu/packages/check.scm (cmdtest, python-pytest-cov, python-fixtures)
(python-pytest-localserver, python-pytest-flakes)
(python2-coverage-test-runner, python-pylint, python-behave-web-api):
Return #t from all phases, and use invoke where appropriate.
* gnu/packages/audio.scm (clalsadrv, jack-2, libsbsms, zita-convolver)
(zita-resampler, zita-alsa-pcmi, gsm, cava): Return #t from all phases.
(ladspa): Use 'modify-phases'. Return #t from all phases.
* gnu/packages/video.scm (youtube-dl-gui, avidemux, xvid, twitchy, aegisub):
Return #t from all phases, use invoke where appropriate, and remove vestigial
plumbing.
That way it is handled in the same way as other helper scripts.
* nix/scripts/guix-authenticate.in: Rename to...
* nix/scripts/authenticate.in: ... this.
* config-daemon.ac: Adjust accordingly.
* nix/local.mk (libstore_a_CPPFLAGS): Remove -DOPENSSL_PATH.
(nodist_libexec_SCRIPTS): Remove.
(nodist_pkglibexec_SCRIPTS): New variable.
* nix/nix-daemon/guix-daemon.cc (main): Remove 'setenv' call for
"PATH".
* nix/libstore/local-store.cc (runAuthenticationProgram): New function.
(LocalStore::exportPath, LocalStore::importPath): Use it instead of
'runProgram' and OPENSSL_PATH.
Fixes <https://bugs.gnu.org/33368>.
Reported by Konrad Hinsen <konrad.hinsen@fastmail.net>.
* gnu/packages/package-management.scm (guix-daemon)[arguments]: In
'install' phase, build "install-nodist_libexecSCRIPTS" target to install
'guix-authenticate'.
Bug <http://bugs.gnu.org/22774> is no longer relevant now that we use
"builtin:download" exclusively.
* guix/download.scm (%content-addressed-mirrors): Use "https", not
"http".
Ludovic Courtès