[Pkg-nagios-changes] [pkg-nrpe] 10/12: Reinstate 11_reproducible_dh.h.patch for reproducible dh.h.
Bas Couwenberg
sebastic at debian.org
Wed Jul 5 08:55:13 UTC 2017
This is an automated email from the git hooks/post-receive script.
sebastic pushed a commit to branch master
in repository pkg-nrpe.
commit 46176be371b27a4e2a0bf66a12e973d65e95c864
Author: Bas Couwenberg <sebastic at xs4all.nl>
Date: Wed Jul 5 10:23:11 2017 +0200
Reinstate 11_reproducible_dh.h.patch for reproducible dh.h.
Revert "Use --with-need-dh=no configure option instead of patch."
This reverts commit 197d9c0418b0a3d748009aa0c7130545798758f4.
---
debian/changelog | 1 +
debian/patches/11_reproducible_dh.h.patch | 60 +++++++++++++++++++++++++++++++
debian/patches/series | 1 +
debian/rules | 6 ++++
4 files changed, 68 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index bad0717..ef38894 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -8,6 +8,7 @@ nagios-nrpe (3.2.0-1) UNRELEASED; urgency=medium
* Update watch file for GitHub releases.
* Update copyright file.
* Refresh patches.
+ * Reinstate 11_reproducible_dh.h.patch for reproducible dh.h.
-- Bas Couwenberg <sebastic at debian.org> Wed, 05 Jul 2017 09:34:53 +0200
diff --git a/debian/patches/11_reproducible_dh.h.patch b/debian/patches/11_reproducible_dh.h.patch
new file mode 100644
index 0000000..783a40a
--- /dev/null
+++ b/debian/patches/11_reproducible_dh.h.patch
@@ -0,0 +1,60 @@
+Description: Use pre-generated dh.h for reproducible builds.
+Author: Bas Couwenberg <sebastic at debian.org>
+Bug-Debian: https://bugs.debian.org/834857
+Forwarded: not-needed
+
+--- /dev/null
++++ b/include/dh.h
+@@ -0,0 +1,41 @@
++#ifndef HEADER_DH_H
++#include <openssl/dh.h>
++#endif
++DH *get_dh2048()
++ {
++ static unsigned char dh2048_p[]={
++ 0xE9,0x3C,0xF4,0xCE,0x63,0x0A,0x57,0x9A,0xD1,0x34,0x74,0xA1,
++ 0x3E,0xC3,0x93,0xB5,0x50,0x36,0x56,0x87,0x9F,0x8F,0xBC,0x74,
++ 0x15,0x03,0x1D,0x00,0x45,0xB0,0x2F,0xA3,0x2C,0xC1,0x13,0xFF,
++ 0x6C,0xF1,0xDB,0x36,0xB5,0xB5,0x49,0x2D,0x6A,0x8D,0x55,0xA1,
++ 0xE6,0x4C,0xD1,0xA9,0x07,0x24,0xC4,0xDF,0x3A,0x2A,0x9E,0xDB,
++ 0x4A,0x23,0xAD,0x56,0x79,0xA3,0x3D,0xC4,0xAD,0xE0,0x3E,0x17,
++ 0x3B,0x43,0x0F,0xB6,0x83,0xE4,0x52,0xFD,0x6D,0x74,0x03,0xB3,
++ 0x29,0x26,0xF2,0x29,0x0A,0xA2,0x33,0x56,0x0C,0x16,0xF7,0x81,
++ 0xBF,0xDC,0xB8,0xCE,0x78,0xC1,0x73,0xD6,0x48,0x54,0x2D,0x98,
++ 0xA5,0x7A,0xE3,0x38,0x8E,0x3D,0x75,0xDB,0x92,0x4D,0x76,0xC1,
++ 0xCD,0xE7,0x27,0xEE,0x09,0x89,0xFA,0xCE,0x7A,0xD6,0xDC,0x5B,
++ 0x08,0x6B,0xE8,0x7E,0x37,0x7B,0x40,0x89,0x72,0xBD,0x4E,0xF4,
++ 0x9A,0xDC,0x94,0xA3,0x7D,0x4C,0x15,0xE4,0xE1,0xA8,0x8D,0xF9,
++ 0xB2,0xF0,0x02,0x40,0x39,0x6C,0xDD,0x37,0x08,0xC1,0xE8,0x0B,
++ 0xAD,0x16,0x24,0x81,0x5F,0x24,0xD9,0x65,0x71,0x34,0x78,0xF3,
++ 0xFE,0x35,0xE0,0x20,0xFF,0x6D,0x41,0xE7,0xC8,0x8E,0x58,0x59,
++ 0x24,0x01,0x9A,0xC8,0xA7,0x8D,0x48,0x43,0x8E,0x34,0x7C,0xC1,
++ 0xB4,0xC8,0xD0,0x9C,0xBD,0xEA,0x83,0xC7,0xC9,0x86,0xFC,0xD1,
++ 0xA7,0xAF,0x5C,0x99,0x98,0xD1,0x82,0x78,0xE4,0xA4,0x1C,0xB5,
++ 0x87,0x72,0xD8,0x38,0x48,0x60,0xAE,0xCB,0x92,0xA2,0x79,0xFC,
++ 0x8F,0x1D,0x94,0xB5,0x88,0xA5,0xA4,0xE1,0xF5,0x98,0xBA,0xB2,
++ 0x06,0x22,0xA8,0x1B,
++ };
++ static unsigned char dh2048_g[]={
++ 0x02,
++ };
++ DH *dh;
++
++ if ((dh=DH_new()) == NULL) return(NULL);
++ dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
++ dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
++ if ((dh->p == NULL) || (dh->g == NULL))
++ { DH_free(dh); return(NULL); }
++ return(dh);
++ }
+--- a/configure.ac
++++ b/configure.ac
+@@ -313,7 +313,7 @@ AC_ARG_WITH([need_dh],
+ dnl Optional SSL library and include paths
+ if test x$check_for_ssl = xyes; then
+ # need_dh should only be set for NRPE
+- need_dh=yes
++ need_dh=no
+ AC_NAGIOS_GET_SSL
+ fi
+
diff --git a/debian/patches/series b/debian/patches/series
index 95a107c..15e2844 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1,3 @@
02_nrpe.cfg_local-include_support_nrpe.d.patch
07_warn_ssloption.patch
+11_reproducible_dh.h.patch
diff --git a/debian/rules b/debian/rules
index c7b5329..305ffb5 100755
--- a/debian/rules
+++ b/debian/rules
@@ -14,6 +14,9 @@ export AUTOHEADER=true
dh $@ --with autoreconf,systemd --parallel
override_dh_auto_configure:
+ # Save deterministic "openssl dhparam" output.
+ cp include/dh.h include/dh.h.orig
+
dh_auto_configure -- \
--prefix=/usr \
--sysconfdir=/etc \
@@ -26,6 +29,9 @@ override_dh_auto_configure:
--with-ssl-lib=/usr/lib/$(DEB_HOST_MULTIARCH) \
--with-piddir=/var/run/nagios
+ # Restore deterministic "openssl dhparam" output.
+ cp include/dh.h.orig include/dh.h
+
override_dh_auto_build:
dh_auto_build -- all
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-nagios/pkg-nrpe.git
More information about the Pkg-nagios-changes
mailing list