Is unreproducible as it includes dynamically generated DH params
Task Info (Flyspray) | |
---|---|
Opened By | loqs (loqs) |
Task ID | 74015 |
Type | Bug Report |
Project | Community Packages |
Category | Reproducible Builds |
Version | None |
OS | All |
Opened | 2022-03-03 01:08:14 UTC |
Status | Assigned |
Assignee | Jonathan Steel (jsteel) |
Details
Description: This means each build will be unique. Upstream issue [1]. PKGBUILD.diff.1 uses SSL_CTX_set_dh_auto to have openssl select DH parameters appropriate for the key size. PKGBUILD.diff.2 uses DH parameters provided by Debian. Both options are compatible with both openssl 1.1 and 3.0. The current build is not 3.0 compatible as 3.0 removed dhparam -C which generates the C code to produce DH params.
Additional info:
- nrpe 4.0.3-2 [1] https://github.com/NagiosEnterprises/nrpe/issues/258 [2] PKGBUILD.diff.1 [3] PKGBUILD.diff.2 [4] https://github.com/openssl/openssl/commit/1696b8909bbe1485871ce68ed129bf91af5e17e2