[Pkg-nagios-changes] [pkg-nrpe] 10/12: Reinstate 11_reproducible_dh.h.patch for reproducible dh.h.

Bas Couwenberg sebastic at debian.org
Wed Jul 5 08:55:13 UTC 2017


This is an automated email from the git hooks/post-receive script.

sebastic pushed a commit to branch master
in repository pkg-nrpe.

commit 46176be371b27a4e2a0bf66a12e973d65e95c864
Author: Bas Couwenberg <sebastic at xs4all.nl>
Date:   Wed Jul 5 10:23:11 2017 +0200

    Reinstate 11_reproducible_dh.h.patch for reproducible dh.h.
    
    Revert "Use --with-need-dh=no configure option instead of patch."
    
    This reverts commit 197d9c0418b0a3d748009aa0c7130545798758f4.
---
 debian/changelog                          |  1 +
 debian/patches/11_reproducible_dh.h.patch | 60 +++++++++++++++++++++++++++++++
 debian/patches/series                     |  1 +
 debian/rules                              |  6 ++++
 4 files changed, 68 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index bad0717..ef38894 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -8,6 +8,7 @@ nagios-nrpe (3.2.0-1) UNRELEASED; urgency=medium
   * Update watch file for GitHub releases.
   * Update copyright file.
   * Refresh patches.
+  * Reinstate 11_reproducible_dh.h.patch for reproducible dh.h.
 
  -- Bas Couwenberg <sebastic at debian.org>  Wed, 05 Jul 2017 09:34:53 +0200
 
diff --git a/debian/patches/11_reproducible_dh.h.patch b/debian/patches/11_reproducible_dh.h.patch
new file mode 100644
index 0000000..783a40a
--- /dev/null
+++ b/debian/patches/11_reproducible_dh.h.patch
@@ -0,0 +1,60 @@
+Description: Use pre-generated dh.h for reproducible builds.
+Author: Bas Couwenberg <sebastic at debian.org>
+Bug-Debian: https://bugs.debian.org/834857
+Forwarded: not-needed
+
+--- /dev/null
++++ b/include/dh.h
+@@ -0,0 +1,41 @@
++#ifndef HEADER_DH_H
++#include <openssl/dh.h>
++#endif
++DH *get_dh2048()
++	{
++	static unsigned char dh2048_p[]={
++		0xE9,0x3C,0xF4,0xCE,0x63,0x0A,0x57,0x9A,0xD1,0x34,0x74,0xA1,
++		0x3E,0xC3,0x93,0xB5,0x50,0x36,0x56,0x87,0x9F,0x8F,0xBC,0x74,
++		0x15,0x03,0x1D,0x00,0x45,0xB0,0x2F,0xA3,0x2C,0xC1,0x13,0xFF,
++		0x6C,0xF1,0xDB,0x36,0xB5,0xB5,0x49,0x2D,0x6A,0x8D,0x55,0xA1,
++		0xE6,0x4C,0xD1,0xA9,0x07,0x24,0xC4,0xDF,0x3A,0x2A,0x9E,0xDB,
++		0x4A,0x23,0xAD,0x56,0x79,0xA3,0x3D,0xC4,0xAD,0xE0,0x3E,0x17,
++		0x3B,0x43,0x0F,0xB6,0x83,0xE4,0x52,0xFD,0x6D,0x74,0x03,0xB3,
++		0x29,0x26,0xF2,0x29,0x0A,0xA2,0x33,0x56,0x0C,0x16,0xF7,0x81,
++		0xBF,0xDC,0xB8,0xCE,0x78,0xC1,0x73,0xD6,0x48,0x54,0x2D,0x98,
++		0xA5,0x7A,0xE3,0x38,0x8E,0x3D,0x75,0xDB,0x92,0x4D,0x76,0xC1,
++		0xCD,0xE7,0x27,0xEE,0x09,0x89,0xFA,0xCE,0x7A,0xD6,0xDC,0x5B,
++		0x08,0x6B,0xE8,0x7E,0x37,0x7B,0x40,0x89,0x72,0xBD,0x4E,0xF4,
++		0x9A,0xDC,0x94,0xA3,0x7D,0x4C,0x15,0xE4,0xE1,0xA8,0x8D,0xF9,
++		0xB2,0xF0,0x02,0x40,0x39,0x6C,0xDD,0x37,0x08,0xC1,0xE8,0x0B,
++		0xAD,0x16,0x24,0x81,0x5F,0x24,0xD9,0x65,0x71,0x34,0x78,0xF3,
++		0xFE,0x35,0xE0,0x20,0xFF,0x6D,0x41,0xE7,0xC8,0x8E,0x58,0x59,
++		0x24,0x01,0x9A,0xC8,0xA7,0x8D,0x48,0x43,0x8E,0x34,0x7C,0xC1,
++		0xB4,0xC8,0xD0,0x9C,0xBD,0xEA,0x83,0xC7,0xC9,0x86,0xFC,0xD1,
++		0xA7,0xAF,0x5C,0x99,0x98,0xD1,0x82,0x78,0xE4,0xA4,0x1C,0xB5,
++		0x87,0x72,0xD8,0x38,0x48,0x60,0xAE,0xCB,0x92,0xA2,0x79,0xFC,
++		0x8F,0x1D,0x94,0xB5,0x88,0xA5,0xA4,0xE1,0xF5,0x98,0xBA,0xB2,
++		0x06,0x22,0xA8,0x1B,
++		};
++	static unsigned char dh2048_g[]={
++		0x02,
++		};
++	DH *dh;
++
++	if ((dh=DH_new()) == NULL) return(NULL);
++	dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
++	dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
++	if ((dh->p == NULL) || (dh->g == NULL))
++		{ DH_free(dh); return(NULL); }
++	return(dh);
++	}
+--- a/configure.ac
++++ b/configure.ac
+@@ -313,7 +313,7 @@ AC_ARG_WITH([need_dh],
+ dnl Optional SSL library and include paths
+ if test x$check_for_ssl = xyes; then
+ 	# need_dh should only be set for NRPE
+-	need_dh=yes
++	need_dh=no
+ 	AC_NAGIOS_GET_SSL
+ fi
+ 
diff --git a/debian/patches/series b/debian/patches/series
index 95a107c..15e2844 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1,3 @@
 02_nrpe.cfg_local-include_support_nrpe.d.patch
 07_warn_ssloption.patch
+11_reproducible_dh.h.patch
diff --git a/debian/rules b/debian/rules
index c7b5329..305ffb5 100755
--- a/debian/rules
+++ b/debian/rules
@@ -14,6 +14,9 @@ export AUTOHEADER=true
 	    dh $@ --with autoreconf,systemd --parallel
 
 override_dh_auto_configure:
+	# Save deterministic "openssl dhparam" output.
+	cp include/dh.h include/dh.h.orig
+
 	dh_auto_configure -- \
 		--prefix=/usr \
 		--sysconfdir=/etc \
@@ -26,6 +29,9 @@ override_dh_auto_configure:
 		--with-ssl-lib=/usr/lib/$(DEB_HOST_MULTIARCH) \
 		--with-piddir=/var/run/nagios
 
+	# Restore deterministic "openssl dhparam" output.
+	cp include/dh.h.orig include/dh.h
+
 override_dh_auto_build:
 	dh_auto_build -- all
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-nagios/pkg-nrpe.git



More information about the Pkg-nagios-changes mailing list