http://bugzilla.opensuse.org/show_bug.cgi?id=1208478 Bug ID: 1208478 Summary: tigervnc embeds random RSA key Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: All Status: NEW Severity: Normal Priority: P5 - None Component: Other Assignee: joan.torres@suse.com Reporter: bwiedemann@suse.com QA Contact: qa-bugs@suse.de CC: sndirsch@suse.com Found By: Development Blocker: --- While working on reproducible builds for openSUSE, I found that our tigervnc package does not build reproducibly because it embeds a private key with timestamps in its .jar --- old /usr/share/vnc/classes/VncViewer.jar/META-INF/TIGERVNC.RSA (hex) +++ new /usr/share/vnc/classes/VncViewer.jar/META-INF/TIGERVNC.RSA (hex) @@ -1,8 +1,8 @@ 000000c0 74 77 61 72 65 20 44 65 76 65 6c 6f 70 6d 65 6e |tware Developmen| 000000d0 74 31 11 30 0f 06 03 55 04 03 13 08 54 69 67 65 |t1.0...U....Tige| 000000e0 72 56 4e 43 30 1e 17 0d 32 33 30 32 31 39 30 39 |rVNC0...23021909| -000000f0 35 31 32 30 5a 17 0d 34 33 30 32 31 34 30 39 35 |5120Z..430214095| -00000100 31 32 30 5a 30 7f 31 0b 30 09 06 03 55 04 06 13 |120Z0.1.0...U...| +000000f0 35 32 34 33 5a 17 0d 34 33 30 32 31 34 30 39 35 |5243Z..430214095| +00000100 32 34 33 5a 30 7f 31 0b 30 09 06 03 55 04 06 13 |243Z0.1.0...U...| 00000110 02 55 53 31 0e 30 0c 06 03 55 04 08 13 05 54 65 |.US1.0...U....Te| 00000120 78 61 73 31 0f 30 0d 06 03 55 04 07 13 06 41 75 |xas1.0...U....Au| 00000130 73 74 69 6e 31 1d 30 1b 06 03 55 04 0a 13 14 54 |stin1.0...U....T| Is that key used? And for what? -- You are receiving this mail because: You are on the CC list for the bug.