Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 698794 - net-analyzer/nrpe - should not hard-depend on tcp-wrappers
Summary: net-analyzer/nrpe - should not hard-depend on tcp-wrappers
Status: CONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Eclasses (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Sysadmin Bugs
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-10-28 19:23 UTC by Jaco Kroon
Modified: 2020-03-29 07:32 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jaco Kroon 2019-10-28 19:23:28 UTC
nrpe is hard-depending on tcp-wrappers.  We don't use tcp-wrappers (aka tcpd) for various reasons, and nrpe upgrade now forces the use thereof.  We use a firewall (iptables) to control this level and tcp-wrappers is just an additional layer (and have been the root cause of a few absolutely pointless DoS situations on our end).  We would highly appreciate if this can be made optional again.

This issue is similar to a previous bug from around 7 years back, referenced in the URL field.

Reproducible: Always
Comment 1 Jaco Kroon 2019-10-28 19:31:42 UTC
It doesn't look like there is a ./configure option (If you're willing to take it I'll be happy to write a patch).

However, I can confirm that by removing the tcp-wrappers dependency nrpe still merges and installs without tcp-wrappers pre-installed.

the configure script checks for the existence and availability of tcp-wrappers.  So by force-depending on tcp-wrappers we force the use.  This is better than the alternative of simply not depending on it and having random installation but it's still not good.  I'm currently hand-merging on probably about 30 systems to avoid tcp-wrappers.
Comment 2 Jaco Kroon 2020-03-29 07:32:52 UTC
ping.