Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

--with-need-dh=no configure option has no effect any more #143

Closed
sebastic opened this issue Jul 5, 2017 · 3 comments
Closed

--with-need-dh=no configure option has no effect any more #143

sebastic opened this issue Jul 5, 2017 · 3 comments
Assignees
@hedenface
Labels
Bug Code Quality
Milestone
3.2.1

Comments

@sebastic
Copy link
Contributor

sebastic commented Jul 5, 2017

Commit 1715dcd#diff-67e997bcfdac55191033d57a16d1408a sets need_dh=yes discarding the value of the configure option.

Generating the include/dh.h header as part of the configure process causes the build to become unreproducible. See: Debian Bug #834857.
@hedenface
Copy link
Contributor

Here is a random commit from 3.1.1 for the configure.ac file:
https://github.com/NagiosEnterprises/nrpe/blob/fdc9caf696b8f5726b3333f865f8992d79bf40b9/configure.ac

You'll notice that the line you point to need_dh=yes is in there. The change in the commit you are reviewing here is one that I reverted because I re-imported the autoconf-macros project into NRPE in an earlier commit/merge. While I was doing so, I was unfamiliar with the need to uncomment that. When running with that line set to no, or commented, you'll notice that the dh.h is NEVER generated.

In fact, if you checkout the above commit and run autoconf, the same behavior you are suggesting existed then as well. The only way to disable dh truthfully is with --disable-ssl (since adh is necessary when compiling with SSL).

git checkout fdc9caf696b8f5726b3333f865f8992d79bf40b9
autoconf
./configure --with-need-dh=no

(notice the same behavior)

./configure --disable-ssl

(notice the same behavior as the current version).

So you tell me, is there an enhancement that needs to occur where --with-need-dh=no needs to override that value even if SSL is enabled? Because otherwise, this is not a bug.

@sebastic
Copy link
Contributor Author

sebastic commented Jul 5, 2017

The sole purpose of the --with-need-dh configure option is to set the need_dh value to no to prevent the openssl call which generates the dh.h file.

In the case of the Debian package, the dh.h file is created outside of the configure process to make the package build reproducible. See the linked Debian bugreport.

If you want configure to always generate the dh file, the --with-need-dh option needs to be removed because it doesn't do anything any more.

@hedenface
Copy link
Contributor

I'm still confused. Partly because of the lack of documentation in the autoconf-macros. You are correct, but I'm unsure why the commit I checked after I updated the autoconf-macros subtree looks exactly how it looked in your reference. I'm also unsure why the commented line exists # need dh should only be set for NRPE. Regardless, the fix is here: c339ba2

@hedenface hedenface self-assigned this Jul 5, 2017
@hedenface hedenface mentioned this issue Jul 6, 2017
Closed
@hedenface hedenface added this to the 3.2.1 milestone Jul 7, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hedenface hedenface

Labels
Bug Code Quality
Projects
None yet
Milestone
3.2.1
Development

No branches or pull requests
2 participants
@sebastic @hedenface