[Pkg-nagios-devel] Bug#834857: nagios-nrpe: please make the build reproducible

Fri Aug 19 21:59:35 UTC 2016

Source: nagios-nrpe
Version: 2.15-1
Severity: wishlist
Tags: patch
User: reproducible-builds at lists.alioth.debian.org
Usertags: timestamps randomness
X-Debbugs-Cc: reproducible-builds at lists.alioth.debian.org

Hi,

Whilst working on the Reproducible Builds effort [0], I noticed
that nagios-nrpe could not be built reproducibly.

Whilst I "fix" the Diffie-Hellman key parameters, this is no worse
than the current situation in that they were random across builds:
everyone using the (for example) amd64 package was using the same
parameters anyway…

Patch attached.

 [0] https://reproducible-builds.org/


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby at debian.org / chris-lamb.co.uk
       `-
-------------- next part --------------

--- a/debian/patches/00list	2016-08-19 21:13:52.279707711 +0100
--- b/debian/patches/00list	2016-08-19 22:32:45.467992041 +0100
@@ -4,3 +4,4 @@
 06_pid_directory.dpatch
 07_warn_ssloption.dpatch
 09_noremove_pid.dpatch
+10_reproducible_build.dpatch
--- a/debian/patches/10_reproducible_build.dpatch	1970-01-01 01:00:00.000000000 +0100
--- b/debian/patches/10_reproducible_build.dpatch	2016-08-19 22:37:32.874466180 +0100
@@ -0,0 +1,26 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 10_reproducible_build.dpatch by Chris Lamb <lamby at debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Make the build reproducible.
+
+ at DPATCH@
+diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' pkg-nrpe~/update-version pkg-nrpe/update-version
+--- pkg-nrpe~/update-version	2016-08-19 21:13:52.279707711 +0100
++++ pkg-nrpe/update-version	2016-08-19 22:29:19.434217944 +0100
+@@ -20,11 +20,11 @@
+ 
+ # Get date (two formats)
+ if [ -n "$2" ]; then
+-    LONGDATE=`date -d "$2" "+%B %d, %Y"`
+-    SHORTDATE=`date -d "$2" "+%m-%d-%Y"`
++    LONGDATE=$(LC_ALL=C date -u -d "$2" "+%B %d, %Y")
++    SHORTDATE=$(date -u -d "$2" "+%m-%d-%Y")
+ else
+-    LONGDATE=`date "+%B %d, %Y"`
+-    SHORTDATE=`date "+%m-%d-%Y"`
++    LONGDATE=$(LC_ALL=C date -u -d "@${SOURCE_DATE_EPOCH:-$(date +%s)}" "+%B %d, %Y")
++    SHORTDATE=$(date -u -d "@${SOURCE_DATE_EPOCH:-$(date +%s)}" "+%m-%d-%Y")
+ fi
+ 
+ # Current version number
--- a/debian/rules	2016-08-19 21:13:52.279707711 +0100
--- b/debian/rules	2016-08-19 22:52:57.430353150 +0100
@@ -10,6 +10,8 @@
 	    dh $@ --with dpatch,autotools_dev
 
 override_dh_auto_configure:
+	# Save deterministic "openssl dhparam" output.
+	cp include/dh.h include/dh.h.orig
 	./configure \
 		--prefix=/usr \
 		--enable-ssl \
@@ -18,5 +20,7 @@
 		--localstatedir=/var \
 		--libexecdir=/usr/lib/nagios/plugins \
 		--libdir=/usr/lib/nagios
+	# Restore deterministic "openssl dhparam" output.
+	cp include/dh.h.orig include/dh.h
 
 override_dh_auto_install:
