From 7207af6bf17c77dc72f0d6bbcca32a061dfbf881 Mon Sep 17 00:00:00 2001 From: Oliver Smith Date: Thu, 27 Apr 2023 10:58:12 +0200 Subject: [PATCH] dropbear: import from generic-poky Prepare to upgrade dropbear by importing it first from: https://gitea.sysmocom.de/sysmo-bts/generic-poky/src/branch/pyro/meta/recipes-core/dropbear Related: SYS#6402 Change-Id: I8e1290373c1ed44c612f9ed50240e6313027f47a --- recipes-core/dropbear/dropbear.inc | 107 +++++++++++++ ...1-urandom-xauth-changes-to-options.h.patch | 23 +++ .../dropbear/dropbear/0003-configure.patch | 42 ++++++ .../dropbear/dropbear/0004-fix-2kb-keys.patch | 22 +++ .../dropbear/0005-dropbear-enable-pam.patch | 36 +++++ .../0006-dropbear-configuration-file.patch | 22 +++ .../0007-dropbear-fix-for-x32-abi.patch | 140 ++++++++++++++++++ recipes-core/dropbear/dropbear/dropbear | 4 + .../dropbear/dropbear/dropbear.socket | 10 ++ .../dropbear/dropbear/dropbear@.service | 12 ++ .../dropbear/dropbear/dropbearkey.service | 13 ++ .../fix-libtomcrypt-libtommath-ordering.patch | 48 ++++++ recipes-core/dropbear/dropbear/init | 89 +++++++++++ .../dropbear/support-out-of-tree-builds.patch | 43 ++++++ recipes-core/dropbear/dropbear_2016.74.bb | 7 + 15 files changed, 618 insertions(+) create mode 100644 recipes-core/dropbear/dropbear.inc create mode 100644 recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch create mode 100644 recipes-core/dropbear/dropbear/0003-configure.patch create mode 100644 recipes-core/dropbear/dropbear/0004-fix-2kb-keys.patch create mode 100644 recipes-core/dropbear/dropbear/0005-dropbear-enable-pam.patch create mode 100644 recipes-core/dropbear/dropbear/0006-dropbear-configuration-file.patch create mode 100644 recipes-core/dropbear/dropbear/0007-dropbear-fix-for-x32-abi.patch create mode 100644 recipes-core/dropbear/dropbear/dropbear create mode 100644 recipes-core/dropbear/dropbear/dropbear.socket create mode 100644 recipes-core/dropbear/dropbear/dropbear@.service create mode 100644 recipes-core/dropbear/dropbear/dropbearkey.service create mode 100644 recipes-core/dropbear/dropbear/fix-libtomcrypt-libtommath-ordering.patch create mode 100755 recipes-core/dropbear/dropbear/init create mode 100644 recipes-core/dropbear/dropbear/support-out-of-tree-builds.patch create mode 100644 recipes-core/dropbear/dropbear_2016.74.bb diff --git a/recipes-core/dropbear/dropbear.inc b/recipes-core/dropbear/dropbear.inc new file mode 100644 index 0000000..b6b436c --- /dev/null +++ b/recipes-core/dropbear/dropbear.inc @@ -0,0 +1,107 @@ +SUMMARY = "A lightweight SSH and SCP implementation" +HOMEPAGE = "http://matt.ucc.asn.au/dropbear/dropbear.html" +SECTION = "console/network" + +# some files are from other projects and have others license terms: +# public domain, OpenSSH 3.5p1, OpenSSH3.6.1p2, PuTTY +LICENSE = "MIT & BSD-3-Clause & BSD-2-Clause & PD" +LIC_FILES_CHKSUM = "file://LICENSE;md5=a5ec40cafba26fc4396d0b550f824e01" + +DEPENDS = "zlib" +RPROVIDES_${PN} = "ssh sshd" + +DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" + +SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \ + file://0001-urandom-xauth-changes-to-options.h.patch \ + file://0003-configure.patch \ + file://0004-fix-2kb-keys.patch \ + file://0007-dropbear-fix-for-x32-abi.patch \ + file://fix-libtomcrypt-libtommath-ordering.patch \ + file://init \ + file://dropbearkey.service \ + file://dropbear@.service \ + file://dropbear.socket \ + ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} " + +PAM_SRC_URI = "file://0005-dropbear-enable-pam.patch \ + file://0006-dropbear-configuration-file.patch \ + file://dropbear" + +PAM_PLUGINS = "libpam-runtime \ + pam-plugin-deny \ + pam-plugin-permit \ + pam-plugin-unix \ + " +RDEPENDS_${PN} += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_PLUGINS}', '', d)}" + +inherit autotools update-rc.d systemd + +INITSCRIPT_NAME = "dropbear" +INITSCRIPT_PARAMS = "defaults 10" + +SYSTEMD_SERVICE_${PN} = "dropbear.socket" + +SBINCOMMANDS = "dropbear dropbearkey dropbearconvert" +BINCOMMANDS = "dbclient ssh scp" +EXTRA_OEMAKE = 'MULTI=1 SCPPROGRESS=1 PROGRAMS="${SBINCOMMANDS} ${BINCOMMANDS}"' + +PACKAGECONFIG ?= "" +PACKAGECONFIG[system-libtom] = "--disable-bundled-libtom,--enable-bundled-libtom,libtommath libtomcrypt" + +EXTRA_OECONF += "\ + ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '--enable-pam', '--disable-pam', d)}" + +do_install() { + install -d ${D}${sysconfdir} \ + ${D}${sysconfdir}/init.d \ + ${D}${sysconfdir}/default \ + ${D}${sysconfdir}/dropbear \ + ${D}${bindir} \ + ${D}${sbindir} \ + ${D}${localstatedir} + + install -m 0755 dropbearmulti ${D}${sbindir}/ + ln -s ${sbindir}/dropbearmulti ${D}${bindir}/dbclient + + for i in ${SBINCOMMANDS} + do + ln -s ./dropbearmulti ${D}${sbindir}/$i + done + sed -e 's,/etc,${sysconfdir},g' \ + -e 's,/usr/sbin,${sbindir},g' \ + -e 's,/var,${localstatedir},g' \ + -e 's,/usr/bin,${bindir},g' \ + -e 's,/usr,${prefix},g' ${WORKDIR}/init > ${D}${sysconfdir}/init.d/dropbear + chmod 755 ${D}${sysconfdir}/init.d/dropbear + if [ "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" ]; then + install -d ${D}${sysconfdir}/pam.d + install -m 0644 ${WORKDIR}/dropbear ${D}${sysconfdir}/pam.d/ + fi + + # deal with systemd unit files + install -d ${D}${systemd_unitdir}/system + install -m 0644 ${WORKDIR}/dropbearkey.service ${D}${systemd_unitdir}/system + install -m 0644 ${WORKDIR}/dropbear@.service ${D}${systemd_unitdir}/system + install -m 0644 ${WORKDIR}/dropbear.socket ${D}${systemd_unitdir}/system + sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ + -e 's,@BINDIR@,${bindir},g' \ + -e 's,@SBINDIR@,${sbindir},g' \ + ${D}${systemd_unitdir}/system/dropbear.socket ${D}${systemd_unitdir}/system/*.service +} + +inherit update-alternatives + +ALTERNATIVE_PRIORITY = "20" +ALTERNATIVE_${PN} = "scp ssh" + +ALTERNATIVE_TARGET = "${sbindir}/dropbearmulti" + +pkg_postrm_append_${PN} () { + if [ -f "${sysconfdir}/dropbear/dropbear_rsa_host_key" ]; then + rm ${sysconfdir}/dropbear/dropbear_rsa_host_key + fi + if [ -f "${sysconfdir}/dropbear/dropbear_dss_host_key" ]; then + rm ${sysconfdir}/dropbear/dropbear_dss_host_key + fi +} diff --git a/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch b/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch new file mode 100644 index 0000000..dc9d578 --- /dev/null +++ b/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch @@ -0,0 +1,23 @@ +Subject: [PATCH 1/6] urandom-xauth-changes-to-options.h + +Upstream-Status: Inappropriate [configuration] +--- + options.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/options.h b/options.h +index 7d06322..71a21c2 100644 +--- a/options.h ++++ b/options.h +@@ -247,7 +247,7 @@ much traffic. */ + /* The command to invoke for xauth when using X11 forwarding. + * "-q" for quiet */ + #ifndef XAUTH_COMMAND +-#define XAUTH_COMMAND "/usr/bin/xauth -q" ++#define XAUTH_COMMAND "xauth -q" + #endif + + /* if you want to enable running an sftp server (such as the one included with +-- +1.7.11.7 + diff --git a/recipes-core/dropbear/dropbear/0003-configure.patch b/recipes-core/dropbear/dropbear/0003-configure.patch new file mode 100644 index 0000000..c53ab01 --- /dev/null +++ b/recipes-core/dropbear/dropbear/0003-configure.patch @@ -0,0 +1,42 @@ +From c5f5c5054c1b15539dccf866e2c3faba7ed68456 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Eric=20B=C3=A9nard?= +Date: Thu, 25 Apr 2013 00:27:25 +0200 +Subject: [PATCH 3/6] configure: add a variable to allow openpty check to be cached + +Upstream-Status: Pending + +--- + configure.ac | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 05461f3..9c16d90 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -166,15 +166,20 @@ AC_ARG_ENABLE(openpty, + AC_MSG_NOTICE(Not using openpty) + else + AC_MSG_NOTICE(Using openpty if available) +- AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY,,Have openpty() function)]) ++ AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes]) + fi + ], + [ + AC_MSG_NOTICE(Using openpty if available) +- AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY)]) ++ AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes]) + ] + ) +- ++ ++if test "x$dropbear_cv_func_have_openpty" = "xyes"; then ++ AC_DEFINE(HAVE_OPENPTY,,Have openpty() function) ++ no_ptc_check=yes ++ no_ptmx_check=yes ++fi + + AC_ARG_ENABLE(syslog, + [ --disable-syslog Don't include syslog support], +-- +1.7.11.7 + diff --git a/recipes-core/dropbear/dropbear/0004-fix-2kb-keys.patch b/recipes-core/dropbear/dropbear/0004-fix-2kb-keys.patch new file mode 100644 index 0000000..7539d20 --- /dev/null +++ b/recipes-core/dropbear/dropbear/0004-fix-2kb-keys.patch @@ -0,0 +1,22 @@ +Subject: [PATCH 4/6] fix 2kb keys + +Upstream-Status: Inappropriate [configuration] +--- + kex.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/kex.h b/kex.h +index 72430e9..375c677 100644 +--- a/kex.h ++++ b/kex.h +@@ -67,6 +67,6 @@ struct KEXState { + }; + + +-#define MAX_KEXHASHBUF 2000 ++#define MAX_KEXHASHBUF 3000 + + #endif /* _KEX_H_ */ +-- +1.7.11.7 + diff --git a/recipes-core/dropbear/dropbear/0005-dropbear-enable-pam.patch b/recipes-core/dropbear/dropbear/0005-dropbear-enable-pam.patch new file mode 100644 index 0000000..539cb12 --- /dev/null +++ b/recipes-core/dropbear/dropbear/0005-dropbear-enable-pam.patch @@ -0,0 +1,36 @@ +From b8cece92ba19aa77ac013ea161bfe4c7147747c9 Mon Sep 17 00:00:00 2001 +From: Jussi Kukkonen +Date: Wed, 2 Dec 2015 11:36:02 +0200 +Subject: Enable pam + +We need modify file option.h besides enabling pam in +configure if we want dropbear to support pam. + +Upstream-Status: Pending + +Signed-off-by: Xiaofeng Yan +Signed-off-by: Jussi Kukkonen +--- + options.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/options.h b/options.h +index 94261f6..90bfe2f 100644 +--- a/options.h ++++ b/options.h +@@ -208,10 +208,10 @@ If you test it please contact the Dropbear author */ + + /* This requires crypt() */ + #ifdef HAVE_CRYPT +-#define ENABLE_SVR_PASSWORD_AUTH ++/*#define ENABLE_SVR_PASSWORD_AUTH*/ + #endif + /* PAM requires ./configure --enable-pam */ +-/*#define ENABLE_SVR_PAM_AUTH */ ++#define ENABLE_SVR_PAM_AUTH + #define ENABLE_SVR_PUBKEY_AUTH + + /* Whether to take public key options in +-- +2.1.4 + diff --git a/recipes-core/dropbear/dropbear/0006-dropbear-configuration-file.patch b/recipes-core/dropbear/dropbear/0006-dropbear-configuration-file.patch new file mode 100644 index 0000000..fa4c8d0 --- /dev/null +++ b/recipes-core/dropbear/dropbear/0006-dropbear-configuration-file.patch @@ -0,0 +1,22 @@ +Subject: [PATCH 6/6] dropbear configuration file + +dropbear: Change the path ("/etc/pam.d/sshd" as default) to find a pam configuration file \ +to "/etc/pam.d/dropbear for dropbear when enabling pam supporting" + +Upstream-Status: Inappropriate [configuration] + +Signed-off-by: Maxin B. John +Signed-off-by: Xiaofeng Yan +--- +diff -Naur dropbear-2013.60-orig/svr-authpam.c dropbear-2013.60/svr-authpam.c +--- dropbear-2013.60-orig/svr-authpam.c 2013-10-16 16:34:53.000000000 +0200 ++++ dropbear-2013.60/svr-authpam.c 2013-10-21 17:04:04.969416055 +0200 +@@ -211,7 +211,7 @@ + userData.passwd = password; + + /* Init pam */ +- if ((rc = pam_start("sshd", NULL, &pamConv, &pamHandlep)) != PAM_SUCCESS) { ++ if ((rc = pam_start("dropbear", NULL, &pamConv, &pamHandlep)) != PAM_SUCCESS) { + dropbear_log(LOG_WARNING, "pam_start() failed, rc=%d, %s", + rc, pam_strerror(pamHandlep, rc)); + goto cleanup; diff --git a/recipes-core/dropbear/dropbear/0007-dropbear-fix-for-x32-abi.patch b/recipes-core/dropbear/dropbear/0007-dropbear-fix-for-x32-abi.patch new file mode 100644 index 0000000..60b302b --- /dev/null +++ b/recipes-core/dropbear/dropbear/0007-dropbear-fix-for-x32-abi.patch @@ -0,0 +1,140 @@ +Upstream-Status: Pending + +The dropbearkey utility built in x32 abi format, when generating ssh +keys, was getting lost in the infinite loop. + +This patch fixes the issue by fixing types of variables and +parameters of functions used in the code, which were getting +undesired size, when compiled with the x32 abi toolchain. + +2013/05/23 +Received this fix from H J Lu. + +Signed-off-by: Nitin A Kamble + +# HG changeset patch +# User H.J. Lu +# Date 1369344079 25200 +# Node ID a10a1c46b857cc8a3923c3bb6d1504aa25b6052f +# Parent e76614145aea67f66e4a4257685c771efba21aa1 +Typdef mp_digit to unsigned long long for MP_64BIT + +When GCC is used with MP_64BIT, we should typedef mp_digit to unsigned +long long instead of unsigned long since for x32, unsigned long is +32-bit and unsigned long long is 64-bit and it is safe to use unsigned +long long for 64-bit integer with GCC. + +diff -r e76614145aea -r a10a1c46b857 libtommath/tommath.h +--- a/libtommath/tommath.h Thu Apr 18 22:57:47 2013 +0800 ++++ b/libtommath/tommath.h Thu May 23 14:21:19 2013 -0700 +@@ -73,7 +73,7 @@ + typedef signed long long long64; + #endif + +- typedef unsigned long mp_digit; ++ typedef unsigned long long mp_digit; + typedef unsigned long mp_word __attribute__ ((mode(TI))); + + #define DIGIT_BIT 60 +# HG changeset patch +# User H.J. Lu +# Date 1369344241 25200 +# Node ID c7555a4cb7ded3a88409ba85f4027baa7af5f536 +# Parent a10a1c46b857cc8a3923c3bb6d1504aa25b6052f +Cast to mp_digit when updating *rho + +There is + +int +mp_montgomery_setup (mp_int * n, mp_digit * rho) + +We should cast to mp_digit instead of unsigned long when updating +*rho since mp_digit may be unsigned long long and unsigned long long +may be different from unsigned long, like in x32. + +diff -r a10a1c46b857 -r c7555a4cb7de libtommath/bn_mp_montgomery_setup.c +--- a/libtommath/bn_mp_montgomery_setup.c Thu May 23 14:21:19 2013 -0700 ++++ b/libtommath/bn_mp_montgomery_setup.c Thu May 23 14:24:01 2013 -0700 +@@ -48,7 +48,7 @@ + #endif + + /* rho = -1/m mod b */ +- *rho = (unsigned long)(((mp_word)1 << ((mp_word) DIGIT_BIT)) - x) & MP_MASK; ++ *rho = (mp_digit)(((mp_word)1 << ((mp_word) DIGIT_BIT)) - x) & MP_MASK; + + return MP_OKAY; + } +# HG changeset patch +# User H.J. Lu +# Date 1369344541 25200 +# Node ID 7c656e7071a6412688b2f30a529a9afac6c7bf5a +# Parent c7555a4cb7ded3a88409ba85f4027baa7af5f536 +Define LTC_FAST_TYPE to unsigned long long for __x86_64__ + +We should define LTC_FAST_TYPE to unsigned long long instead of unsigned +long if __x86_64__ to support x32 where unsigned long long is 64-bit +and unsigned long is 32-bit. + +diff -r c7555a4cb7de -r 7c656e7071a6 libtomcrypt/src/headers/tomcrypt_cfg.h +--- a/libtomcrypt/src/headers/tomcrypt_cfg.h Thu May 23 14:24:01 2013 -0700 ++++ b/libtomcrypt/src/headers/tomcrypt_cfg.h Thu May 23 14:29:01 2013 -0700 +@@ -74,7 +74,7 @@ + #define ENDIAN_LITTLE + #define ENDIAN_64BITWORD + #define LTC_FAST +- #define LTC_FAST_TYPE unsigned long ++ #define LTC_FAST_TYPE unsigned long long + #endif + + /* detect PPC32 */ +# HG changeset patch +# User H.J. Lu +# Date 1369344730 25200 +# Node ID a7d4690158fae4ede2c4e5b56233e83730bf38ee +# Parent 7c656e7071a6412688b2f30a529a9afac6c7bf5a +Use unsigned long long aas unsigned 64-bit integer for x86-64 GCC + +We should use unsigned long long instead of unsigned long as unsigned +64-bit integer for x86-64 GCC to support x32 where unsigned long is +32-bit. + +diff -r 7c656e7071a6 -r a7d4690158fa libtomcrypt/src/headers/tomcrypt_macros.h +--- a/libtomcrypt/src/headers/tomcrypt_macros.h Thu May 23 14:29:01 2013 -0700 ++++ b/libtomcrypt/src/headers/tomcrypt_macros.h Thu May 23 14:32:10 2013 -0700 +@@ -343,7 +343,7 @@ + /* 64-bit Rotates */ + #if !defined(__STRICT_ANSI__) && defined(__GNUC__) && defined(__x86_64__) && !defined(LTC_NO_ASM) + +-static inline unsigned long ROL64(unsigned long word, int i) ++static inline unsigned long long ROL64(unsigned long long word, int i) + { + asm("rolq %%cl,%0" + :"=r" (word) +@@ -351,7 +351,7 @@ + return word; + } + +-static inline unsigned long ROR64(unsigned long word, int i) ++static inline unsigned long long ROR64(unsigned long long word, int i) + { + asm("rorq %%cl,%0" + :"=r" (word) +@@ -361,7 +361,7 @@ + + #ifndef LTC_NO_ROLC + +-static inline unsigned long ROL64c(unsigned long word, const int i) ++static inline unsigned long long ROL64c(unsigned long long word, const int i) + { + asm("rolq %2,%0" + :"=r" (word) +@@ -369,7 +369,7 @@ + return word; + } + +-static inline unsigned long ROR64c(unsigned long word, const int i) ++static inline unsigned long long ROR64c(unsigned long long word, const int i) + { + asm("rorq %2,%0" + :"=r" (word) + diff --git a/recipes-core/dropbear/dropbear/dropbear b/recipes-core/dropbear/dropbear/dropbear new file mode 100644 index 0000000..47e787f --- /dev/null +++ b/recipes-core/dropbear/dropbear/dropbear @@ -0,0 +1,4 @@ +#%PAM-1.0 + +auth include common-auth +account include common-account diff --git a/recipes-core/dropbear/dropbear/dropbear.socket b/recipes-core/dropbear/dropbear/dropbear.socket new file mode 100644 index 0000000..e5c61b7 --- /dev/null +++ b/recipes-core/dropbear/dropbear/dropbear.socket @@ -0,0 +1,10 @@ +[Unit] +Conflicts=dropbear.service + +[Socket] +ListenStream=22 +Accept=yes + +[Install] +WantedBy=sockets.target +Also=dropbearkey.service diff --git a/recipes-core/dropbear/dropbear/dropbear@.service b/recipes-core/dropbear/dropbear/dropbear@.service new file mode 100644 index 0000000..b420bcd --- /dev/null +++ b/recipes-core/dropbear/dropbear/dropbear@.service @@ -0,0 +1,12 @@ +[Unit] +Description=SSH Per-Connection Server +Wants=dropbearkey.service +After=syslog.target dropbearkey.service + +[Service] +Environment="DROPBEAR_RSAKEY_DIR=/etc/dropbear" +EnvironmentFile=-/etc/default/dropbear +ExecStart=-@SBINDIR@/dropbear -i -r ${DROPBEAR_RSAKEY_DIR}/dropbear_rsa_host_key $DROPBEAR_EXTRA_ARGS +ExecReload=@BASE_BINDIR@/kill -HUP $MAINPID +StandardInput=socket +KillMode=process diff --git a/recipes-core/dropbear/dropbear/dropbearkey.service b/recipes-core/dropbear/dropbear/dropbearkey.service new file mode 100644 index 0000000..c49053d --- /dev/null +++ b/recipes-core/dropbear/dropbear/dropbearkey.service @@ -0,0 +1,13 @@ +[Unit] +Description=SSH Key Generation +RequiresMountsFor=/var /var/lib +ConditionPathExists=!/etc/dropbear/dropbear_rsa_host_key +ConditionPathExists=!/var/lib/dropbear/dropbear_rsa_host_key + +[Service] +Environment="DROPBEAR_RSAKEY_DIR=/etc/dropbear" +EnvironmentFile=-/etc/default/dropbear +Type=oneshot +ExecStart=@BASE_BINDIR@/mkdir -p ${DROPBEAR_RSAKEY_DIR} +ExecStart=@SBINDIR@/dropbearkey -t rsa -f ${DROPBEAR_RSAKEY_DIR}/dropbear_rsa_host_key +RemainAfterExit=yes diff --git a/recipes-core/dropbear/dropbear/fix-libtomcrypt-libtommath-ordering.patch b/recipes-core/dropbear/dropbear/fix-libtomcrypt-libtommath-ordering.patch new file mode 100644 index 0000000..de930f2 --- /dev/null +++ b/recipes-core/dropbear/dropbear/fix-libtomcrypt-libtommath-ordering.patch @@ -0,0 +1,48 @@ +From 2fd8d2aedad0c50cdf1e43edd2387874b720ad4c Mon Sep 17 00:00:00 2001 +From: Andre McCurdy +Date: Fri, 16 Sep 2016 12:18:23 -0700 +Subject: [PATCH] fix libtomcrypt/libtommath ordering + +To prevent build failures when using system libtom libraries and +linking with --as-needed, LIBTOM_LIBS should be in the order +-ltomcrypt -ltommath, not the other way around, ie libs should be +prepended to LIBTOM_LIBS as they are found, not appended. + +Note that LIBTOM_LIBS is not used when linking with the bundled +libtom libs. + +Upstream-Status: Pending + +Signed-off-by: Andre McCurdy +--- + configure.ac | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/configure.ac b/configure.ac +index b6abe4c..85bb8bc 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -390,16 +390,16 @@ AC_ARG_ENABLE(bundled-libtom, + AC_MSG_NOTICE(Forcing bundled libtom*) + else + BUNDLED_LIBTOM=0 +- AC_CHECK_LIB(tommath, mp_exptmod, LIBTOM_LIBS="$LIBTOM_LIBS -ltommath", ++ AC_CHECK_LIB(tommath, mp_exptmod, LIBTOM_LIBS="-ltommath $LIBTOM_LIBS", + [AC_MSG_ERROR([Missing system libtommath and --disable-bundled-libtom was specified])] ) +- AC_CHECK_LIB(tomcrypt, register_cipher, LIBTOM_LIBS="$LIBTOM_LIBS -ltomcrypt", ++ AC_CHECK_LIB(tomcrypt, register_cipher, LIBTOM_LIBS="-ltomcrypt $LIBTOM_LIBS", + [AC_MSG_ERROR([Missing system libtomcrypt and --disable-bundled-libtom was specified])] ) + fi + ], + [ + BUNDLED_LIBTOM=0 +- AC_CHECK_LIB(tommath, mp_exptmod, LIBTOM_LIBS="$LIBTOM_LIBS -ltommath", BUNDLED_LIBTOM=1) +- AC_CHECK_LIB(tomcrypt, register_cipher, LIBTOM_LIBS="$LIBTOM_LIBS -ltomcrypt", BUNDLED_LIBTOM=1) ++ AC_CHECK_LIB(tommath, mp_exptmod, LIBTOM_LIBS="-ltommath $LIBTOM_LIBS", BUNDLED_LIBTOM=1) ++ AC_CHECK_LIB(tomcrypt, register_cipher, LIBTOM_LIBS="-ltomcrypt $LIBTOM_LIBS", BUNDLED_LIBTOM=1) + ] + ) + +-- +1.9.1 + diff --git a/recipes-core/dropbear/dropbear/init b/recipes-core/dropbear/dropbear/init new file mode 100755 index 0000000..f6e1c46 --- /dev/null +++ b/recipes-core/dropbear/dropbear/init @@ -0,0 +1,89 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: sshd +# Required-Start: $remote_fs $syslog $networking +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 1 +# Short-Description: Dropbear Secure Shell server +### END INIT INFO +# +# Do not configure this file. Edit /etc/default/dropbear instead! +# + +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +DAEMON=/usr/sbin/dropbear +NAME=dropbear +DESC="Dropbear SSH server" +PIDFILE=/var/run/dropbear.pid + +DROPBEAR_PORT=22 +DROPBEAR_EXTRA_ARGS= +NO_START=0 + +set -e + +test ! -r /etc/default/dropbear || . /etc/default/dropbear +test "$NO_START" = "0" || exit 0 +test -x "$DAEMON" || exit 0 +test ! -h /var/service/dropbear || exit 0 + +readonly_rootfs=0 +for flag in `awk '{ if ($2 == "/") { split($4,FLAGS,",") } }; END { for (f in FLAGS) print FLAGS[f] }' &2 + exit 1 + ;; +esac + +exit 0 diff --git a/recipes-core/dropbear/dropbear/support-out-of-tree-builds.patch b/recipes-core/dropbear/dropbear/support-out-of-tree-builds.patch new file mode 100644 index 0000000..df6efb4 --- /dev/null +++ b/recipes-core/dropbear/dropbear/support-out-of-tree-builds.patch @@ -0,0 +1,43 @@ +From: =?UTF-8?q?Henrik=20Nordstr=C3=B6m?= +Date: Wed, 11 May 2016 12:35:06 +0200 +Subject: [PATCH] Support out-of-tree builds usign bundled libtom + +When building out-of-tree we need both source and generated +folders in include paths to find both distributed and generated +headers. + + + +Signed-off-by: Jussi Kukkonen +Upstream-Status: Backport +--- + libtomcrypt/Makefile.in | 2 +- + libtommath/Makefile.in | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/libtomcrypt/Makefile.in b/libtomcrypt/Makefile.in +index 3056ef0..7970700 100644 +--- a/libtomcrypt/Makefile.in ++++ b/libtomcrypt/Makefile.in +@@ -19,7 +19,7 @@ srcdir=@srcdir@ + + # Compilation flags. Note the += does not write over the user's CFLAGS! + # The rest of the flags come from the parent Dropbear makefile +-CFLAGS += -c -I$(srcdir)/src/headers/ -I$(srcdir)/../ -DLTC_SOURCE -I$(srcdir)/../libtommath/ ++CFLAGS += -c -Isrc/headers/ -I$(srcdir)/src/headers/ -I../ -I$(srcdir)/../ -DLTC_SOURCE -I../libtommath/ -I$(srcdir)/../libtommath/ + + # additional warnings (newer GCC 3.4 and higher) + ifdef GCC_34 +diff --git a/libtommath/Makefile.in b/libtommath/Makefile.in +index 06aba68..019c50b 100644 +--- a/libtommath/Makefile.in ++++ b/libtommath/Makefile.in +@@ -9,7 +9,7 @@ VPATH=@srcdir@ + srcdir=@srcdir@ + + # So that libtommath can include Dropbear headers for options and m_burn() +-CFLAGS += -I$(srcdir)/../libtomcrypt/src/headers/ -I$(srcdir)/../ ++CFLAGS += -I. -I$(srcdir) -I../libtomcrypt/src/headers/ -I$(srcdir)/../libtomcrypt/src/headers/ -I../ -I$(srcdir)/../ + + ifndef IGNORE_SPEED + diff --git a/recipes-core/dropbear/dropbear_2016.74.bb b/recipes-core/dropbear/dropbear_2016.74.bb new file mode 100644 index 0000000..a702097 --- /dev/null +++ b/recipes-core/dropbear/dropbear_2016.74.bb @@ -0,0 +1,7 @@ +require dropbear.inc + +SRC_URI += "file://support-out-of-tree-builds.patch" + +SRC_URI[md5sum] = "9ad0172731e0f16623937804643b5bd8" +SRC_URI[sha256sum] = "2720ea54ed009af812701bcc290a2a601d5c107d12993e5d92c0f5f81f718891" +