openssh-sshd: host contamination fix
If you do a readelf -x .rodata /path/.../to/openssh/6.5p1-r0/packages-split/openssh-sshd/usr/sbin/sshd
You'll see two references to OE's sysroots/${BUILD_SYS} login and passwd binaries.
First one can be overridden with LOGIN_PROGRAM environment variable (see configure.ac),
second needs a cached variable definition.
(From OE-Core rev: 2127c80d0cc2a3a4d676bd3c0890454a175fba8e)
Signed-off-by: Matthieu Crapet <Matthieu.Crapet@ingenico.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Matthieu Crapet
Richard Purdie
parent
edb5f34b79
commit
920bfc3344
|
|
@ -7,7 +7,6 @@ SECTION = "console/network"
|
|||
LICENSE = "BSD"
|
||||
LIC_FILES_CHKSUM = "file://LICENCE;md5=e326045657e842541d3f35aada442507"
|
||||
|
||||
|
||||
DEPENDS = "zlib openssl"
|
||||
DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
|
||||
|
||||
|
|
@ -55,7 +54,9 @@ inherit autotools-brokensep
|
|||
CFLAGS += "-D__FILE_OFFSET_BITS=64"
|
||||
export LD = "${CC}"
|
||||
|
||||
EXTRA_OECONF = "${@base_contains('DISTRO_FEATURES', 'pam', '--with-pam', '--without-pam', d)} \
|
||||
# login path is hardcoded in sshd
|
||||
EXTRA_OECONF = "'LOGIN_PROGRAM=${base_bindir}/login' \
|
||||
${@base_contains('DISTRO_FEATURES', 'pam', '--with-pam', '--without-pam', d)} \
|
||||
--without-zlib-version-check \
|
||||
--with-privsep-path=/var/run/sshd \
|
||||
--sysconfdir=${sysconfdir}/ssh \
|
||||
|
|
@ -64,9 +65,11 @@ EXTRA_OECONF = "${@base_contains('DISTRO_FEATURES', 'pam', '--with-pam', '--with
|
|||
# Since we do not depend on libbsd, we do not want configure to use it
|
||||
# just because it finds libutil.h. But, specifying --disable-libutil
|
||||
# causes compile errors, so...
|
||||
#
|
||||
CACHED_CONFIGUREVARS += "ac_cv_header_bsd_libutil_h=no ac_cv_header_libutil_h=no"
|
||||
|
||||
# passwd path is hardcoded in sshd
|
||||
CACHED_CONFIGUREVARS += "ac_cv_path_PATH_PASSWD_PROG=${bindir}/passwd"
|
||||
|
||||
# This is a workaround for uclibc because including stdio.h
|
||||
# pulls in pthreads.h and causes conflicts in function prototypes.
|
||||
# This results in compilation failure, so unless this is fixed,
|
||||
|
|
@ -97,7 +100,7 @@ do_install_append () {
|
|||
install -d ${D}/${sysconfdir}/default/volatiles
|
||||
install -m 644 ${WORKDIR}/volatiles.99_sshd ${D}/${sysconfdir}/default/volatiles/99_sshd
|
||||
|
||||
# Create config files for read-only rootfs
|
||||
# Create config files for read-only rootfs
|
||||
install -d ${D}${sysconfdir}/ssh
|
||||
install -m 644 ${D}${sysconfdir}/ssh/sshd_config ${D}${sysconfdir}/ssh/sshd_config_readonly
|
||||
sed -i '/HostKey/d' ${D}${sysconfdir}/ssh/sshd_config_readonly
|
||||
|
|
@ -130,7 +133,6 @@ FILES_${PN}-keygen = "${bindir}/ssh-keygen"
|
|||
RDEPENDS_${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen"
|
||||
RDEPENDS_${PN}-sshd += "${PN}-keygen ${@base_contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}"
|
||||
|
||||
|
||||
CONFFILES_${PN}-sshd = "${sysconfdir}/ssh/sshd_config"
|
||||
CONFFILES_${PN}-ssh = "${sysconfdir}/ssh/ssh_config"
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue