sysmo-bts
/
meta-sysmocom-bsp
9
1
Fork 0
Code Issues Pull Requests Releases Activity

dropbear: import 2022.83 from upstream OE 

Import current packaging of dropbear from openembedded-core.git, commit
0defbb5925e309799162e221285e4cfb2e2c2ca5.

Related: SYS#6402
Change-Id: I431934b0558350931bb9571b0fa6efff8ba45387
This commit is contained in:
Oliver Smith 2023-04-27 11:36:55 +02:00
parent 6c81973fe7
commit 0afdce6dd2
14 changed files with 143 additions and 379 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch
View File

@ -2,22 +2,22 @@ Subject: [PATCH 1/6] urandom-xauth-changes-to-options.h
Upstream-Status: Inappropriate [configuration]
---
options.h | 2 +-
default_options.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/options.h b/options.h
index 7d06322..71a21c2 100644
--- a/options.h
+++ b/options.h
@@ -247,7 +247,7 @@ much traffic. */
diff --git a/default_options.h b/default_options.h
index 349338c..5ffac25 100644
--- a/default_options.h
+++ b/default_options.h
@@ -289,7 +289,7 @@ group1 in Dropbear server too */
/* The command to invoke for xauth when using X11 forwarding.
* "-q" for quiet */
#ifndef XAUTH_COMMAND
-#define XAUTH_COMMAND "/usr/bin/xauth -q"
+#define XAUTH_COMMAND "xauth -q"
#endif
/* if you want to enable running an sftp server (such as the one included with
/* If you want to enable running an sftp server (such as the one included with
--
1.7.11.7
2.25.1

42
recipes-core/dropbear/dropbear/0003-configure.patch
View File

@ -1,42 +0,0 @@
From c5f5c5054c1b15539dccf866e2c3faba7ed68456 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Eric=20B=C3=A9nard?= <eric@eukrea.com>
Date: Thu, 25 Apr 2013 00:27:25 +0200
Subject: [PATCH 3/6] configure: add a variable to allow openpty check to be cached
Upstream-Status: Pending
---
configure.ac | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/configure.ac b/configure.ac
index 05461f3..9c16d90 100644
--- a/configure.ac
+++ b/configure.ac
@@ -166,15 +166,20 @@ AC_ARG_ENABLE(openpty,
AC_MSG_NOTICE(Not using openpty)
else
AC_MSG_NOTICE(Using openpty if available)
- AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY,,Have openpty() function)])
+ AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes])
fi
],
[
AC_MSG_NOTICE(Using openpty if available)
- AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY)])
+ AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes])
]
)
-
+
+if test "x$dropbear_cv_func_have_openpty" = "xyes"; then
+ AC_DEFINE(HAVE_OPENPTY,,Have openpty() function)
+ no_ptc_check=yes
+ no_ptmx_check=yes
+fi
AC_ARG_ENABLE(syslog,
[ --disable-syslog Don't include syslog support],
--
1.7.11.7

22
recipes-core/dropbear/dropbear/0004-fix-2kb-keys.patch
View File

@ -1,22 +0,0 @@
Subject: [PATCH 4/6] fix 2kb keys
Upstream-Status: Inappropriate [configuration]
---
kex.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kex.h b/kex.h
index 72430e9..375c677 100644
--- a/kex.h
+++ b/kex.h
@@ -67,6 +67,6 @@ struct KEXState {
};
-#define MAX_KEXHASHBUF 2000
+#define MAX_KEXHASHBUF 3000
#endif /* _KEX_H_ */
--
1.7.11.7

41
recipes-core/dropbear/dropbear/0005-dropbear-enable-pam.patch
View File

@ -3,7 +3,7 @@ From: Jussi Kukkonen <jussi.kukkonen@intel.com>
Date: Wed, 2 Dec 2015 11:36:02 +0200
Subject: Enable pam
We need modify file option.h besides enabling pam in
We need modify file default_options.h besides enabling pam in
configure if we want dropbear to support pam.
Upstream-Status: Pending
@ -11,26 +11,31 @@ Upstream-Status: Pending
Signed-off-by: Xiaofeng Yan <xiaofeng.yan@windriver.com>
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
---
options.h | 4 ++--
default_options.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/options.h b/options.h
index 94261f6..90bfe2f 100644
--- a/options.h
+++ b/options.h
@@ -208,10 +208,10 @@ If you test it please contact the Dropbear author */
diff --git a/default_options.h b/default_options.h
index 0e3d027..349338c 100644
--- a/default_options.h
+++ b/default_options.h
@@ -210,7 +210,7 @@ group1 in Dropbear server too */
/* This requires crypt() */
#ifdef HAVE_CRYPT
-#define ENABLE_SVR_PASSWORD_AUTH
+/*#define ENABLE_SVR_PASSWORD_AUTH*/
#endif
/* PAM requires ./configure --enable-pam */
-/*#define ENABLE_SVR_PAM_AUTH */
+#define ENABLE_SVR_PAM_AUTH
#define ENABLE_SVR_PUBKEY_AUTH
/* Authentication Types - at least one required.
RFC Draft requires pubkey auth, and recommends password */
-#define DROPBEAR_SVR_PASSWORD_AUTH 1
+#define DROPBEAR_SVR_PASSWORD_AUTH 0
/* Whether to take public key options in
/* Note: PAM auth is quite simple and only works for PAM modules which just do
* a simple "Login: " "Password: " (you can edit the strings in svr-authpam.c).
@@ -218,7 +218,7 @@ group1 in Dropbear server too */
* but there's an interface via a PAM module. It won't work for more complex
* PAM challenge/response.
* You can't enable both PASSWORD and PAM. */
-#define DROPBEAR_SVR_PAM_AUTH 0
+#define DROPBEAR_SVR_PAM_AUTH 1
/* ~/.ssh/authorized_keys authentication.
* You must define DROPBEAR_SVR_PUBKEY_AUTH in order to use plugins. */
--
2.1.4
2.25.1

23
recipes-core/dropbear/dropbear/0006-dropbear-configuration-file.patch
View File

@ -1,4 +1,7 @@
Subject: [PATCH 6/6] dropbear configuration file
From e3a5db1b6d3f6382a15b2266458c26c645a10f18 Mon Sep 17 00:00:00 2001
From: Mingli Yu <Mingli.Yu@windriver.com>
Date: Thu, 6 Sep 2018 15:54:00 +0800
Subject: [PATCH] dropbear configuration file
dropbear: Change the path ("/etc/pam.d/sshd" as default) to find a pam configuration file \
to "/etc/pam.d/dropbear for dropbear when enabling pam supporting"
@ -7,12 +10,17 @@ Upstream-Status: Inappropriate [configuration]
Signed-off-by: Maxin B. John <maxin.john@enea.com>
Signed-off-by: Xiaofeng Yan <xiaofeng.yan@windriver.com>
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
---
diff -Naur dropbear-2013.60-orig/svr-authpam.c dropbear-2013.60/svr-authpam.c
--- dropbear-2013.60-orig/svr-authpam.c 2013-10-16 16:34:53.000000000 +0200
+++ dropbear-2013.60/svr-authpam.c 2013-10-21 17:04:04.969416055 +0200
@@ -211,7 +211,7 @@
userData.passwd = password;
svr-authpam.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/svr-authpam.c b/svr-authpam.c
index d201bc9..165ec5c 100644
--- a/svr-authpam.c
+++ b/svr-authpam.c
@@ -223,7 +223,7 @@ void svr_auth_pam(int valid_user) {
}
/* Init pam */
- if ((rc = pam_start("sshd", NULL, &pamConv, &pamHandlep)) != PAM_SUCCESS) {
@ -20,3 +28,6 @@ diff -Naur dropbear-2013.60-orig/svr-authpam.c dropbear-2013.60/svr-authpam.c
dropbear_log(LOG_WARNING, "pam_start() failed, rc=%d, %s",
rc, pam_strerror(pamHandlep, rc));
goto cleanup;
--
2.7.4

140
recipes-core/dropbear/dropbear/0007-dropbear-fix-for-x32-abi.patch
View File

@ -1,140 +0,0 @@
Upstream-Status: Pending
The dropbearkey utility built in x32 abi format, when generating ssh
keys, was getting lost in the infinite loop.
This patch fixes the issue by fixing types of variables and
parameters of functions used in the code, which were getting
undesired size, when compiled with the x32 abi toolchain.
2013/05/23
Received this fix from H J Lu.
Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com>
# HG changeset patch
# User H.J. Lu <hjl.tools@gmail.com>
# Date 1369344079 25200
# Node ID a10a1c46b857cc8a3923c3bb6d1504aa25b6052f
# Parent e76614145aea67f66e4a4257685c771efba21aa1
Typdef mp_digit to unsigned long long for MP_64BIT
When GCC is used with MP_64BIT, we should typedef mp_digit to unsigned
long long instead of unsigned long since for x32, unsigned long is
32-bit and unsigned long long is 64-bit and it is safe to use unsigned
long long for 64-bit integer with GCC.
diff -r e76614145aea -r a10a1c46b857 libtommath/tommath.h
--- a/libtommath/tommath.h Thu Apr 18 22:57:47 2013 +0800
+++ b/libtommath/tommath.h Thu May 23 14:21:19 2013 -0700
@@ -73,7 +73,7 @@
typedef signed long long long64;
#endif
- typedef unsigned long mp_digit;
+ typedef unsigned long long mp_digit;
typedef unsigned long mp_word __attribute__ ((mode(TI)));
#define DIGIT_BIT 60
# HG changeset patch
# User H.J. Lu <hjl.tools@gmail.com>
# Date 1369344241 25200
# Node ID c7555a4cb7ded3a88409ba85f4027baa7af5f536
# Parent a10a1c46b857cc8a3923c3bb6d1504aa25b6052f
Cast to mp_digit when updating *rho
There is
int
mp_montgomery_setup (mp_int * n, mp_digit * rho)
We should cast to mp_digit instead of unsigned long when updating
*rho since mp_digit may be unsigned long long and unsigned long long
may be different from unsigned long, like in x32.
diff -r a10a1c46b857 -r c7555a4cb7de libtommath/bn_mp_montgomery_setup.c
--- a/libtommath/bn_mp_montgomery_setup.c Thu May 23 14:21:19 2013 -0700
+++ b/libtommath/bn_mp_montgomery_setup.c Thu May 23 14:24:01 2013 -0700
@@ -48,7 +48,7 @@
#endif
/* rho = -1/m mod b */
- *rho = (unsigned long)(((mp_word)1 << ((mp_word) DIGIT_BIT)) - x) & MP_MASK;
+ *rho = (mp_digit)(((mp_word)1 << ((mp_word) DIGIT_BIT)) - x) & MP_MASK;
return MP_OKAY;
}
# HG changeset patch
# User H.J. Lu <hjl.tools@gmail.com>
# Date 1369344541 25200
# Node ID 7c656e7071a6412688b2f30a529a9afac6c7bf5a
# Parent c7555a4cb7ded3a88409ba85f4027baa7af5f536
Define LTC_FAST_TYPE to unsigned long long for __x86_64__
We should define LTC_FAST_TYPE to unsigned long long instead of unsigned
long if __x86_64__ to support x32 where unsigned long long is 64-bit
and unsigned long is 32-bit.
diff -r c7555a4cb7de -r 7c656e7071a6 libtomcrypt/src/headers/tomcrypt_cfg.h
--- a/libtomcrypt/src/headers/tomcrypt_cfg.h Thu May 23 14:24:01 2013 -0700
+++ b/libtomcrypt/src/headers/tomcrypt_cfg.h Thu May 23 14:29:01 2013 -0700
@@ -74,7 +74,7 @@
#define ENDIAN_LITTLE
#define ENDIAN_64BITWORD
#define LTC_FAST
- #define LTC_FAST_TYPE unsigned long
+ #define LTC_FAST_TYPE unsigned long long
#endif
/* detect PPC32 */
# HG changeset patch
# User H.J. Lu <hjl.tools@gmail.com>
# Date 1369344730 25200
# Node ID a7d4690158fae4ede2c4e5b56233e83730bf38ee
# Parent 7c656e7071a6412688b2f30a529a9afac6c7bf5a
Use unsigned long long aas unsigned 64-bit integer for x86-64 GCC
We should use unsigned long long instead of unsigned long as unsigned
64-bit integer for x86-64 GCC to support x32 where unsigned long is
32-bit.
diff -r 7c656e7071a6 -r a7d4690158fa libtomcrypt/src/headers/tomcrypt_macros.h
--- a/libtomcrypt/src/headers/tomcrypt_macros.h Thu May 23 14:29:01 2013 -0700
+++ b/libtomcrypt/src/headers/tomcrypt_macros.h Thu May 23 14:32:10 2013 -0700
@@ -343,7 +343,7 @@
/* 64-bit Rotates */
#if !defined(__STRICT_ANSI__) && defined(__GNUC__) && defined(__x86_64__) && !defined(LTC_NO_ASM)
-static inline unsigned long ROL64(unsigned long word, int i)
+static inline unsigned long long ROL64(unsigned long long word, int i)
{
asm("rolq %%cl,%0"
:"=r" (word)
@@ -351,7 +351,7 @@
return word;
}
-static inline unsigned long ROR64(unsigned long word, int i)
+static inline unsigned long long ROR64(unsigned long long word, int i)
{
asm("rorq %%cl,%0"
:"=r" (word)
@@ -361,7 +361,7 @@
#ifndef LTC_NO_ROLC
-static inline unsigned long ROL64c(unsigned long word, const int i)
+static inline unsigned long long ROL64c(unsigned long long word, const int i)
{
asm("rolq %2,%0"
:"=r" (word)
@@ -369,7 +369,7 @@
return word;
}
-static inline unsigned long ROR64c(unsigned long word, const int i)
+static inline unsigned long long ROR64c(unsigned long long word, const int i)
{
asm("rorq %2,%0"
:"=r" (word)

31
recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch Normal file
View File

@ -0,0 +1,31 @@
From c347ece05a7fdbf50d76cb136b9ed45caed333f6 Mon Sep 17 00:00:00 2001
From: Joseph Reynolds <joseph.reynolds1@ibm.com>
Date: Thu, 20 Jun 2019 16:29:15 -0500
Subject: [PATCH] dropbear: new feature: disable-weak-ciphers
This feature disables all CBC, SHA1, and diffie-hellman group1 ciphers
in the dropbear ssh server and client since they're considered weak ciphers
and we want to support the stong algorithms.
Upstream-Status: Inappropriate [configuration]
Signed-off-by: Joseph Reynolds <joseph.reynolds1@ibm.com>
---
default_options.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/default_options.h b/default_options.h
index d417588..bc5200f 100644
--- a/default_options.h
+++ b/default_options.h
@@ -180,7 +180,7 @@ IMPORTANT: Some options will require "make clean" after changes */
* Small systems should generally include either curve25519 or ecdh for performance.
* curve25519 is less widely supported but is faster
*/
-#define DROPBEAR_DH_GROUP14_SHA1 1
+#define DROPBEAR_DH_GROUP14_SHA1 0
#define DROPBEAR_DH_GROUP14_SHA256 1
#define DROPBEAR_DH_GROUP16 0
#define DROPBEAR_CURVE25519 1
--
2.25.1

2
recipes-core/dropbear/dropbear/dropbear.default Normal file
View File

@ -0,0 +1,2 @@
# Disallow root logins by default
DROPBEAR_EXTRA_ARGS="-w"

1
recipes-core/dropbear/dropbear/dropbearkey.service
View File

@ -11,3 +11,4 @@ Type=oneshot
ExecStart=@BASE_BINDIR@/mkdir -p ${DROPBEAR_RSAKEY_DIR}
ExecStart=@SBINDIR@/dropbearkey -t rsa -f ${DROPBEAR_RSAKEY_DIR}/dropbear_rsa_host_key
RemainAfterExit=yes
Nice=10

48
recipes-core/dropbear/dropbear/fix-libtomcrypt-libtommath-ordering.patch
View File

@ -1,48 +0,0 @@
From 2fd8d2aedad0c50cdf1e43edd2387874b720ad4c Mon Sep 17 00:00:00 2001
From: Andre McCurdy <armccurdy@gmail.com>
Date: Fri, 16 Sep 2016 12:18:23 -0700
Subject: [PATCH] fix libtomcrypt/libtommath ordering
To prevent build failures when using system libtom libraries and
linking with --as-needed, LIBTOM_LIBS should be in the order
-ltomcrypt -ltommath, not the other way around, ie libs should be
prepended to LIBTOM_LIBS as they are found, not appended.
Note that LIBTOM_LIBS is not used when linking with the bundled
libtom libs.
Upstream-Status: Pending
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
---
configure.ac | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/configure.ac b/configure.ac
index b6abe4c..85bb8bc 100644
--- a/configure.ac
+++ b/configure.ac
@@ -390,16 +390,16 @@ AC_ARG_ENABLE(bundled-libtom,
AC_MSG_NOTICE(Forcing bundled libtom*)
else
BUNDLED_LIBTOM=0
- AC_CHECK_LIB(tommath, mp_exptmod, LIBTOM_LIBS="$LIBTOM_LIBS -ltommath",
+ AC_CHECK_LIB(tommath, mp_exptmod, LIBTOM_LIBS="-ltommath $LIBTOM_LIBS",
[AC_MSG_ERROR([Missing system libtommath and --disable-bundled-libtom was specified])] )
- AC_CHECK_LIB(tomcrypt, register_cipher, LIBTOM_LIBS="$LIBTOM_LIBS -ltomcrypt",
+ AC_CHECK_LIB(tomcrypt, register_cipher, LIBTOM_LIBS="-ltomcrypt $LIBTOM_LIBS",
[AC_MSG_ERROR([Missing system libtomcrypt and --disable-bundled-libtom was specified])] )
fi
],
[
BUNDLED_LIBTOM=0
- AC_CHECK_LIB(tommath, mp_exptmod, LIBTOM_LIBS="$LIBTOM_LIBS -ltommath", BUNDLED_LIBTOM=1)
- AC_CHECK_LIB(tomcrypt, register_cipher, LIBTOM_LIBS="$LIBTOM_LIBS -ltomcrypt", BUNDLED_LIBTOM=1)
+ AC_CHECK_LIB(tommath, mp_exptmod, LIBTOM_LIBS="-ltommath $LIBTOM_LIBS", BUNDLED_LIBTOM=1)
+ AC_CHECK_LIB(tomcrypt, register_cipher, LIBTOM_LIBS="-ltomcrypt $LIBTOM_LIBS", BUNDLED_LIBTOM=1)
]
)
--
1.9.1

26
recipes-core/dropbear/dropbear/init
View File

@ -17,8 +17,11 @@ NAME=dropbear
DESC="Dropbear SSH server"
PIDFILE=/var/run/dropbear.pid
# These values may be replaced by those from /etc/default/dropbear
DROPBEAR_RSAKEY_DIR="/etc/dropbear"
DROPBEAR_PORT=22
DROPBEAR_EXTRA_ARGS=
DROPBEAR_RSAKEY_ARGS=
NO_START=0
set -e
@ -28,32 +31,19 @@ test "$NO_START" = "0" || exit 0
test -x "$DAEMON" || exit 0
test ! -h /var/service/dropbear || exit 0
readonly_rootfs=0
for flag in `awk '{ if ($2 == "/") { split($4,FLAGS,",") } }; END { for (f in FLAGS) print FLAGS[f] }' </proc/mounts`; do
case $flag in
ro)
readonly_rootfs=1
;;
esac
done
if [ $readonly_rootfs = "1" ]; then
mkdir -p /var/lib/dropbear
DROPBEAR_RSAKEY_DEFAULT="/var/lib/dropbear/dropbear_rsa_host_key"
else
DROPBEAR_RSAKEY_DEFAULT="/etc/dropbear/dropbear_rsa_host_key"
fi
test -z "$DROPBEAR_BANNER" || \
DROPBEAR_EXTRA_ARGS="$DROPBEAR_EXTRA_ARGS -b $DROPBEAR_BANNER"
test -n "$DROPBEAR_RSAKEY" || \
DROPBEAR_RSAKEY=$DROPBEAR_RSAKEY_DEFAULT
DROPBEAR_RSAKEY="${DROPBEAR_RSAKEY_DIR}/dropbear_rsa_host_key"
gen_keys() {
if [ -f "$DROPBEAR_RSAKEY" -a ! -s "$DROPBEAR_RSAKEY" ]; then
rm $DROPBEAR_RSAKEY || true
fi
test -f $DROPBEAR_RSAKEY || dropbearkey -t rsa -f $DROPBEAR_RSAKEY $DROPBEAR_RSAKEY_ARGS
if [ ! -f "$DROPBEAR_RSAKEY" ]; then
mkdir -p ${DROPBEAR_RSAKEY%/*}
dropbearkey -t rsa -f $DROPBEAR_RSAKEY $DROPBEAR_RSAKEY_ARGS
fi
}
case "$1" in

43
recipes-core/dropbear/dropbear/support-out-of-tree-builds.patch
View File

@ -1,43 +0,0 @@
From: =?UTF-8?q?Henrik=20Nordstr=C3=B6m?= <henrik@knc.nu>
Date: Wed, 11 May 2016 12:35:06 +0200
Subject: [PATCH] Support out-of-tree builds usign bundled libtom
When building out-of-tree we need both source and generated
folders in include paths to find both distributed and generated
headers.
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Upstream-Status: Backport
---
libtomcrypt/Makefile.in | 2 +-
libtommath/Makefile.in | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/libtomcrypt/Makefile.in b/libtomcrypt/Makefile.in
index 3056ef0..7970700 100644
--- a/libtomcrypt/Makefile.in
+++ b/libtomcrypt/Makefile.in
@@ -19,7 +19,7 @@ srcdir=@srcdir@
# Compilation flags. Note the += does not write over the user's CFLAGS!
# The rest of the flags come from the parent Dropbear makefile
-CFLAGS += -c -I$(srcdir)/src/headers/ -I$(srcdir)/../ -DLTC_SOURCE -I$(srcdir)/../libtommath/
+CFLAGS += -c -Isrc/headers/ -I$(srcdir)/src/headers/ -I../ -I$(srcdir)/../ -DLTC_SOURCE -I../libtommath/ -I$(srcdir)/../libtommath/
# additional warnings (newer GCC 3.4 and higher)
ifdef GCC_34
diff --git a/libtommath/Makefile.in b/libtommath/Makefile.in
index 06aba68..019c50b 100644
--- a/libtommath/Makefile.in
+++ b/libtommath/Makefile.in
@@ -9,7 +9,7 @@ VPATH=@srcdir@
srcdir=@srcdir@
# So that libtommath can include Dropbear headers for options and m_burn()
-CFLAGS += -I$(srcdir)/../libtomcrypt/src/headers/ -I$(srcdir)/../
+CFLAGS += -I. -I$(srcdir) -I../libtomcrypt/src/headers/ -I$(srcdir)/../libtomcrypt/src/headers/ -I../ -I$(srcdir)/../
ifndef IGNORE_SPEED

7
recipes-core/dropbear/dropbear_2016.74.bb
View File

@ -1,7 +0,0 @@
require dropbear.inc
SRC_URI += "file://support-out-of-tree-builds.patch"
SRC_URI[md5sum] = "9ad0172731e0f16623937804643b5bd8"
SRC_URI[sha256sum] = "2720ea54ed009af812701bcc290a2a601d5c107d12993e5d92c0f5f81f718891"

76
recipes-core/dropbear/dropbear.inc → recipes-core/dropbear/dropbear_2022.83.bb
View File

@ -1,28 +1,29 @@
SUMMARY = "A lightweight SSH and SCP implementation"
HOMEPAGE = "http://matt.ucc.asn.au/dropbear/dropbear.html"
DESCRIPTION = "Dropbear is a relatively small SSH server and client. It runs on a variety of POSIX-based platforms. Dropbear is open source software, distributed under a MIT-style license. Dropbear is particularly useful for "embedded"-type Linux (or other Unix) systems, such as wireless routers."
SECTION = "console/network"
# some files are from other projects and have others license terms:
# public domain, OpenSSH 3.5p1, OpenSSH3.6.1p2, PuTTY
LICENSE = "MIT & BSD-3-Clause & BSD-2-Clause & PD"
LIC_FILES_CHKSUM = "file://LICENSE;md5=a5ec40cafba26fc4396d0b550f824e01"
LIC_FILES_CHKSUM = "file://LICENSE;md5=25cf44512b7bc8966a48b6b1a9b7605f"
DEPENDS = "zlib"
RPROVIDES_${PN} = "ssh sshd"
DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
DEPENDS = "zlib virtual/crypt"
RPROVIDES:${PN} = "ssh sshd"
RCONFLICTS:${PN} = "openssh-sshd openssh"
SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \
file://0001-urandom-xauth-changes-to-options.h.patch \
file://0003-configure.patch \
file://0004-fix-2kb-keys.patch \
file://0007-dropbear-fix-for-x32-abi.patch \
file://fix-libtomcrypt-libtommath-ordering.patch \
file://init \
file://dropbearkey.service \
file://dropbear@.service \
file://dropbear.socket \
${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} "
file://dropbear.default \
${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
${@bb.utils.contains('PACKAGECONFIG', 'disable-weak-ciphers', 'file://dropbear-disable-weak-ciphers.patch', '', d)} \
"
SRC_URI[sha256sum] = "bc5a121ffbc94b5171ad5ebe01be42746d50aa797c9549a4639894a16749443b"
PAM_SRC_URI = "file://0005-dropbear-enable-pam.patch \
file://0006-dropbear-configuration-file.patch \
@ -33,24 +34,38 @@ PAM_PLUGINS = "libpam-runtime \
pam-plugin-permit \
pam-plugin-unix \
"
RDEPENDS_${PN} += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_PLUGINS}', '', d)}"
inherit autotools update-rc.d systemd
CVE_PRODUCT = "dropbear_ssh"
INITSCRIPT_NAME = "dropbear"
INITSCRIPT_PARAMS = "defaults 10"
SYSTEMD_SERVICE_${PN} = "dropbear.socket"
SYSTEMD_SERVICE:${PN} = "dropbear.socket"
SBINCOMMANDS = "dropbear dropbearkey dropbearconvert"
BINCOMMANDS = "dbclient ssh scp"
EXTRA_OEMAKE = 'MULTI=1 SCPPROGRESS=1 PROGRAMS="${SBINCOMMANDS} ${BINCOMMANDS}"'
PACKAGECONFIG ?= ""
PACKAGECONFIG ?= "disable-weak-ciphers ${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}"
PACKAGECONFIG[pam] = "--enable-pam,--disable-pam,libpam,${PAM_PLUGINS}"
PACKAGECONFIG[system-libtom] = "--disable-bundled-libtom,--enable-bundled-libtom,libtommath libtomcrypt"
PACKAGECONFIG[disable-weak-ciphers] = ""
PACKAGECONFIG[enable-x11-forwarding] = ""
EXTRA_OECONF += "\
${@bb.utils.contains('DISTRO_FEATURES', 'pam', '--enable-pam', '--disable-pam', d)}"
# This option appends to CFLAGS and LDFLAGS from OE
# This is causing [textrel] QA warning
EXTRA_OECONF += "--disable-harden"
# musl does not implement wtmp/logwtmp APIs
EXTRA_OECONF:append:libc-musl = " --disable-wtmp --disable-lastlog"
do_configure:append() {
echo "/* Dropbear features */" > ${B}/localoptions.h
if ${@bb.utils.contains('PACKAGECONFIG', 'enable-x11-forwarding', 'true', 'false', d)}; then
echo "#define DROPBEAR_X11FWD 1" >> ${B}/localoptions.h
fi
}
do_install() {
install -d ${D}${sysconfdir} \
@ -61,9 +76,16 @@ do_install() {
${D}${sbindir} \
${D}${localstatedir}
install -m 0755 dropbearmulti ${D}${sbindir}/
ln -s ${sbindir}/dropbearmulti ${D}${bindir}/dbclient
install -m 0644 ${WORKDIR}/dropbear.default ${D}${sysconfdir}/default/dropbear
install -m 0755 dropbearmulti ${D}${sbindir}/
for i in ${BINCOMMANDS}
do
# ssh and scp symlinks are created by update-alternatives
if [ $i = ssh ] || [ $i = scp ]; then continue; fi
ln -s ${sbindir}/dropbearmulti ${D}${bindir}/$i
done
for i in ${SBINCOMMANDS}
do
ln -s ./dropbearmulti ${D}${sbindir}/$i
@ -80,24 +102,24 @@ do_install() {
fi
# deal with systemd unit files
install -d ${D}${systemd_unitdir}/system
install -m 0644 ${WORKDIR}/dropbearkey.service ${D}${systemd_unitdir}/system
install -m 0644 ${WORKDIR}/dropbear@.service ${D}${systemd_unitdir}/system
install -m 0644 ${WORKDIR}/dropbear.socket ${D}${systemd_unitdir}/system
install -d ${D}${systemd_system_unitdir}
install -m 0644 ${WORKDIR}/dropbearkey.service ${D}${systemd_system_unitdir}
install -m 0644 ${WORKDIR}/dropbear@.service ${D}${systemd_system_unitdir}
install -m 0644 ${WORKDIR}/dropbear.socket ${D}${systemd_system_unitdir}
sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \
-e 's,@BINDIR@,${bindir},g' \
-e 's,@SBINDIR@,${sbindir},g' \
${D}${systemd_unitdir}/system/dropbear.socket ${D}${systemd_unitdir}/system/*.service
${D}${systemd_system_unitdir}/dropbear.socket ${D}${systemd_system_unitdir}/*.service
}
inherit update-alternatives
ALTERNATIVE_PRIORITY = "20"
ALTERNATIVE_${PN} = "scp ssh"
ALTERNATIVE:${PN} = "${@bb.utils.filter('BINCOMMANDS', 'scp ssh', d)}"
ALTERNATIVE_TARGET = "${sbindir}/dropbearmulti"
pkg_postrm_append_${PN} () {
pkg_postrm:${PN} () {
if [ -f "${sysconfdir}/dropbear/dropbear_rsa_host_key" ]; then
rm ${sysconfdir}/dropbear/dropbear_rsa_host_key
fi
@ -105,3 +127,7 @@ pkg_postrm_append_${PN} () {
rm ${sysconfdir}/dropbear/dropbear_dss_host_key
fi
}
CONFFILES:${PN} = "${sysconfdir}/default/dropbear"
FILES:${PN} += "${bindir}"