aboutsummaryrefslogtreecommitdiff
path: root/reproduce/software
diff options
context:
space:
mode:
authorMohammad Akhlaghi <mohammad@akhlaghi.org>2019-08-22 22:38:03 +0530
committerMohammad Akhlaghi <mohammad@akhlaghi.org>2019-08-22 22:38:03 +0530
commit2a1c2f23f21aab460292ede7f9091968a4ac922b (patch)
treeaedd7f6baf05abad6f833cb6e64017fc0680b2fa /reproduce/software
parent0980667fe8d08596b107cb19ab57563c66cea221 (diff)
OpenMPI environment variable used to disable need for OpenSSH
Until now, OpenMPI would complain about not having `ssh' or `rsh' as a remote shell feature. However, such features should not be necessary in a reproducible scenario and they also have major security issues. With this commit, we are now using OpenMPI's `OMPI_MCA_plm_rsh_agent' environment variable to disable any remote shell dependency for it (as suggested by Boud). Therefore, any dependency for OpenSSH has been removed. But I thought to keep the build instructions incase it may be useful under some un-foreseen scenario. However, to discourage people from building it, a notice was added ontop of the build instructions. This bug was found, tested and solved thanks to Roberto Baena Gallé and Boud Roukema. This fixes bug #56724.
Diffstat (limited to 'reproduce/software')
-rw-r--r--reproduce/software/make/high-level.mk8
1 files changed, 6 insertions, 2 deletions
diff --git a/reproduce/software/make/high-level.mk b/reproduce/software/make/high-level.mk
index 23e5c00..196eea7 100644
--- a/reproduce/software/make/high-level.mk
+++ b/reproduce/software/make/high-level.mk
@@ -506,12 +506,16 @@ $(ibidir)/openblas: $(tdir)/openblas-$(openblas-version).tar.gz
&& rm -rf OpenBLAS-$(openblas-version) \
&& echo "OpenBLAS $(openblas-version)" > $@
-$(ibidir)/openmpi: $(tdir)/openmpi-$(openmpi-version).tar.gz \
- | $(ibidir)/openssh
+$(ibidir)/openmpi: $(tdir)/openmpi-$(openmpi-version).tar.gz
$(call gbuild, $<, openmpi-$(openmpi-version), static, , \
-j$(numthreads) V=1) \
&& echo "Open MPI $(openmpi-version)" > $@
+# IMPORTANT NOTE: The build instructions for OpenSSH are defined here, but
+# it is best that it not be prerequisite of any program and thus not built
+# within the project because of all the security issues it may cause. Only
+# enable/build it in a project with caution, and if there is no other
+# solution (for example to disable SSH in a program that may ask for it.
$(ibidir)/openssh: $(tdir)/openssh-$(openssh-version).tar.gz
$(call gbuild, $<, openssh-$(openssh-version), static, \
--with-privsep-path=$(ibdir)/.ssh_privsep \