Bug#834857: nagios-nrpe: please make the build reproducible

[Chris Lamb]

Source: nagios-nrpe
Version: 2.15-1
Severity: wishlist
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: timestamps randomness
X-Debbugs-Cc: reproducible-bui...@lists.alioth.debian.org

Hi,

Whilst working on the Reproducible Builds effort [0], I noticed
that nagios-nrpe could not be built reproducibly.

Whilst I "fix" the Diffie-Hellman key parameters, this is no worse
than the current situation in that they were random across builds:
everyone using the (for example) amd64 package was using the same
parameters anyway…

Patch attached.

 [0] https://reproducible-builds.org/


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      la...@debian.org / chris-lamb.co.uk
       `-

--- a/debian/patches/00list     2016-08-19 21:13:52.279707711 +0100
--- b/debian/patches/00list     2016-08-19 22:32:45.467992041 +0100
@@ -4,3 +4,4 @@
 06_pid_directory.dpatch
 07_warn_ssloption.dpatch
 09_noremove_pid.dpatch
+10_reproducible_build.dpatch
--- a/debian/patches/10_reproducible_build.dpatch       1970-01-01 
01:00:00.000000000 +0100
--- b/debian/patches/10_reproducible_build.dpatch       2016-08-19 
22:37:32.874466180 +0100
@@ -0,0 +1,26 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 10_reproducible_build.dpatch by Chris Lamb <la...@debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Make the build reproducible.
+
+@DPATCH@
+diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' 
'--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' 
pkg-nrpe~/update-version pkg-nrpe/update-version
+--- pkg-nrpe~/update-version   2016-08-19 21:13:52.279707711 +0100
++++ pkg-nrpe/update-version    2016-08-19 22:29:19.434217944 +0100
+@@ -20,11 +20,11 @@
+ 
+ # Get date (two formats)
+ if [ -n "$2" ]; then
+-    LONGDATE=`date -d "$2" "+%B %d, %Y"`
+-    SHORTDATE=`date -d "$2" "+%m-%d-%Y"`
++    LONGDATE=$(LC_ALL=C date -u -d "$2" "+%B %d, %Y")
++    SHORTDATE=$(date -u -d "$2" "+%m-%d-%Y")
+ else
+-    LONGDATE=`date "+%B %d, %Y"`
+-    SHORTDATE=`date "+%m-%d-%Y"`
++    LONGDATE=$(LC_ALL=C date -u -d "@${SOURCE_DATE_EPOCH:-$(date +%s)}" "+%B 
%d, %Y")
++    SHORTDATE=$(date -u -d "@${SOURCE_DATE_EPOCH:-$(date +%s)}" "+%m-%d-%Y")
+ fi
+ 
+ # Current version number
--- a/debian/rules      2016-08-19 21:13:52.279707711 +0100
--- b/debian/rules      2016-08-19 22:52:57.430353150 +0100
@@ -10,6 +10,8 @@
            dh $@ --with dpatch,autotools_dev
 
 override_dh_auto_configure:
+       # Save deterministic "openssl dhparam" output.
+       cp include/dh.h include/dh.h.orig
        ./configure \
                --prefix=/usr \
                --enable-ssl \
@@ -18,5 +20,7 @@
                --localstatedir=/var \
                --libexecdir=/usr/lib/nagios/plugins \
                --libdir=/usr/lib/nagios
+       # Restore deterministic "openssl dhparam" output.
+       cp include/dh.h.orig include/dh.h
 
 override_dh_auto_install: