diff options
Diffstat (limited to 'package/dropbear')
| -rw-r--r-- | package/dropbear/Makefile | 47 | ||||
| -rw-r--r-- | package/dropbear/files/dropbear.init | 15 | ||||
| -rw-r--r-- | package/dropbear/files/dropbear.postinst | 4 | ||||
| -rw-r--r-- | package/dropbear/patches/patch-Makefile_in | 23 | ||||
| -rw-r--r-- | package/dropbear/patches/patch-cli-runopts_c | 22 | ||||
| -rw-r--r-- | package/dropbear/patches/patch-options_h | 21 | ||||
| -rw-r--r-- | package/dropbear/patches/patch-src_svr-main_c | 16 | ||||
| -rw-r--r-- | package/dropbear/patches/patch-svr-authpubkey_c | 46 |
8 files changed, 60 insertions, 134 deletions
diff --git a/package/dropbear/Makefile b/package/dropbear/Makefile index 07dc414b3..51ea49aca 100644 --- a/package/dropbear/Makefile +++ b/package/dropbear/Makefile @@ -1,26 +1,32 @@ # This file is part of the OpenADK project. OpenADK is copyrighted # material, please see the LICENCE file in the top-level directory. -include $(TOPDIR)/rules.mk +include $(ADK_TOPDIR)/rules.mk PKG_NAME:= dropbear -PKG_VERSION:= 0.53.1 +PKG_VERSION:= 2025.88 PKG_RELEASE:= 1 -PKG_MD5SUM:= 6b8d901859d9b8a18e2f6bfe0a892a03 -PKG_DESCR:= SSH 2 server/client designed for embedded systems +PKG_HASH:= 783f50ea27b17c16da89578fafdb6decfa44bb8f6590e5698a4e4d3672dc53d4 +PKG_DESCR:= ssh server/client designed for embedded systems PKG_SECTION:= net/security PKG_URL:= http://matt.ucc.asn.au/dropbear/ PKG_SITES:= http://matt.ucc.asn.au/dropbear/releases/ -PKG_DFLT_DROPBEAR:= y if !ADK_TOOLCHAIN_ONLY +DISTFILES:= ${PKG_NAME}-${PKG_VERSION}.tar.bz2 + PKG_SUBPKGS:= DROPBEAR DBCONVERT -PKGSD_DBCONVERT:= Utility for converting SSH private keys +PKGSD_DBCONVERT:= utility for converting ssh private keys + +PKG_FLAVOURS_DROPBEAR:= WITH_UTMP +PKGFD_WITH_UTMP:= support writing /var/run/utmp -include $(TOPDIR)/mk/package.mk +include $(ADK_TOPDIR)/mk/package.mk -$(eval $(call PKG_template,DROPBEAR,$(PKG_NAME),$(PKG_VERSION)-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION})) +$(eval $(call PKG_template,DROPBEAR,dropbear,$(PKG_VERSION)-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION})) $(eval $(call PKG_template,DBCONVERT,dropbearconvert,$(PKG_VERSION)-${PKG_RELEASE},${PKG_DEPENDS},${PKGSD_DBCONVERT},${PKG_SECTION})) +TARGET_CFLAGS+= -fPIC + BUILD_STYLE:= manual INSTALL_STYLE:= manual CONFIGURE_ARGS+= --disable-pam \ @@ -28,18 +34,23 @@ CONFIGURE_ARGS+= --disable-pam \ --enable-syslog \ --enable-shadow \ --disable-lastlog \ - --disable-utmp \ --disable-utmpx \ --disable-wtmp \ --disable-wtmpx \ --disable-loginfunc \ - --disable-pututline \ --disable-pututxline \ + --disable-harden \ --disable-zlib +ifeq (${ADK_PACKAGE_DROPBEAR_WITH_UTMP},) +CONFIGURE_ARGS+= --disable-utmp --disable-pututline +else +CONFIGURE_ENV+= conf_utmp_location=/var/run/utmp +endif + pre-configure: - $(SED) 's,^/\* #define PKG_MULTI.*,#define PKG_MULTI,g' $(WRKBUILD)/options.h - $(SED) 's,^#define DO_HOST_LOOKUP,/* & */,g' $(WRKBUILD)/options.h + echo "#define DO_HOST_LOOKUP 0" >>$(WRKBUILD)/localoptions.h + echo "#define DROPBEAR_X11FWD 1" >>$(WRKBUILD)/localoptions.h do-build: cd ${WRKBUILD} && env ${MAKE_ENV} ${MAKE} \ @@ -49,12 +60,14 @@ do-build: do-install: # main package + $(INSTALL_DIR) $(IDIR_DROPBEAR)/etc/dropbear + $(INSTALL_DIR) $(IDIR_DROPBEAR)/bin $(INSTALL_DIR) $(IDIR_DROPBEAR)/usr/bin $(INSTALL_DIR) $(IDIR_DROPBEAR)/usr/sbin $(INSTALL_BIN) $(WRKBUILD)/dropbearmulti \ $(IDIR_DROPBEAR)/usr/sbin/dropbear - ln -sf ../sbin/dropbear $(IDIR_DROPBEAR)/usr/bin/scp - ln -sf ../sbin/dropbear $(IDIR_DROPBEAR)/usr/bin/ssh + ln -sf ../usr/sbin/dropbear $(IDIR_DROPBEAR)/bin/scp + ln -sf ../usr/sbin/dropbear $(IDIR_DROPBEAR)/bin/ssh ln -sf ../sbin/dropbear $(IDIR_DROPBEAR)/usr/bin/dbclient ln -sf ../sbin/dropbear $(IDIR_DROPBEAR)/usr/bin/dropbearkey # subpackage dropbearconvert @@ -63,9 +76,9 @@ do-install: $(IDIR_DBCONVERT)/usr/bin/dropbearconvert # ssh pubkey test -z $(ADK_RUNTIME_SSH_PUBKEY) || ( \ - $(INSTALL_DIR) $(IDIR_DROPBEAR)/etc/dropbear; \ + $(INSTALL_DIR) $(IDIR_DROPBEAR)/root/.ssh; \ echo $(ADK_RUNTIME_SSH_PUBKEY) \ - >$(IDIR_DROPBEAR)/etc/dropbear/authorized_keys; \ + >$(IDIR_DROPBEAR)/root/.ssh/authorized_keys; \ ) -include ${TOPDIR}/mk/pkg-bottom.mk +include ${ADK_TOPDIR}/mk/pkg-bottom.mk diff --git a/package/dropbear/files/dropbear.init b/package/dropbear/files/dropbear.init index 11b91db49..3e464e34b 100644 --- a/package/dropbear/files/dropbear.init +++ b/package/dropbear/files/dropbear.init @@ -7,6 +7,7 @@ case $1 in autostop) ;; autostart) test x"${dropbear:-NO}" = x"NO" && exit 0 + test x"$dropbear" = x"DAEMON" && test -x /bin/mksh && exec mksh -T- $0 start exec sh $0 start ;; start) @@ -23,11 +24,19 @@ start) test $rv = 0 || exit 1 test -f /etc/dropbear/dropbear_rsa_host_key || exit 1 fi - if test ! -f /etc/dropbear/dropbear_dss_host_key; then + if test ! -f /etc/dropbear/dropbear_ecdsa_host_key; then # take it easy here, since above already catched the worst cases if test -x /usr/bin/dropbearkey; then - echo "dropbear: generating SSH private key (DSS)" - /usr/bin/dropbearkey -f /etc/dropbear/dropbear_dss_host_key -t dss + echo "dropbear: generating SSH private key (ECDSA)" + /usr/bin/dropbearkey -f /etc/dropbear/dropbear_ecdsa_host_key -t ecdsa + echo "dropbear: key generation exited with code $?" + fi + fi + if test ! -f /etc/dropbear/dropbear_ed25519_host_key; then + # take it easy here, since above already catched the worst cases + if test -x /usr/bin/dropbearkey; then + echo "dropbear: generating SSH private key (ED25519)" + /usr/bin/dropbearkey -f /etc/dropbear/dropbear_ed25519_host_key -t ed25519 echo "dropbear: key generation exited with code $?" fi fi diff --git a/package/dropbear/files/dropbear.postinst b/package/dropbear/files/dropbear.postinst index 11c7923bb..deeead57e 100644 --- a/package/dropbear/files/dropbear.postinst +++ b/package/dropbear/files/dropbear.postinst @@ -1,4 +1,4 @@ #!/bin/sh . $IPKG_INSTROOT/etc/functions.sh -add_rcconf '"NO" to disable' dropbear_flags " " -add_rcconf dropbear dropbear YES +add_rcconf dropbear_flags " " +add_rcconf dropbear NO diff --git a/package/dropbear/patches/patch-Makefile_in b/package/dropbear/patches/patch-Makefile_in deleted file mode 100644 index 9f5447d74..000000000 --- a/package/dropbear/patches/patch-Makefile_in +++ /dev/null @@ -1,23 +0,0 @@ ---- dropbear-0.53.1.orig/Makefile.in 2011-03-02 14:23:34.000000000 +0100 -+++ dropbear-0.53.1/Makefile.in 2011-08-02 20:34:28.000000000 +0200 -@@ -28,7 +28,7 @@ COMMONOBJS=dbutil.o buffer.o \ - queue.o \ - atomicio.o compat.o fake-rfc2553.o - --SVROBJS=@CRYPTLIB@ svr-kex.o svr-algo.o svr-auth.o sshpty.o \ -+SVROBJS=svr-kex.o svr-algo.o svr-auth.o sshpty.o \ - svr-authpasswd.o svr-authpubkey.o svr-authpubkeyoptions.o svr-session.o svr-service.o \ - svr-chansession.o svr-runopts.o svr-agentfwd.o svr-main.o svr-x11fwd.o\ - svr-tcpfwd.o svr-authpam.o -@@ -75,9 +75,8 @@ AR=@AR@ - RANLIB=@RANLIB@ - STRIP=@STRIP@ - INSTALL=@INSTALL@ --CPPFLAGS=@CPPFLAGS@ --CFLAGS+=-I. -I$(srcdir) $(CPPFLAGS) @CFLAGS@ --LIBS+=@LIBS@ -+CPPFLAGS=@CPPFLAGS@ -I. -I$(srcdir) -+LIBS+=@LIBS@ @CRYPTLIB@ - LDFLAGS=@LDFLAGS@ - - EXEEXT=@EXEEXT@ diff --git a/package/dropbear/patches/patch-cli-runopts_c b/package/dropbear/patches/patch-cli-runopts_c deleted file mode 100644 index b2f98da81..000000000 --- a/package/dropbear/patches/patch-cli-runopts_c +++ /dev/null @@ -1,22 +0,0 @@ -$Id: update-patches 24 2008-08-31 14:56:13Z wbx $ ---- dropbear-0.53.1.orig/cli-runopts.c 2011-03-02 14:23:35.000000000 +0100 -+++ dropbear-0.53.1/cli-runopts.c 2011-08-02 20:03:12.000000000 +0200 -@@ -287,6 +287,10 @@ void cli_getopts(int argc, char ** argv) - debug_trace = 1; - break; - #endif -+ case 'o': -+ next = &dummy; -+ case 'x': -+ break; - case 'F': - case 'e': - case 'c': -@@ -298,7 +302,6 @@ void cli_getopts(int argc, char ** argv) - #ifndef ENABLE_CLI_LOCALTCPFWD - case 'L': - #endif -- case 'o': - case 'b': - next = &dummy; - default: diff --git a/package/dropbear/patches/patch-options_h b/package/dropbear/patches/patch-options_h deleted file mode 100644 index c6fbe7871..000000000 --- a/package/dropbear/patches/patch-options_h +++ /dev/null @@ -1,21 +0,0 @@ -$Id: update-patches 24 2008-08-31 14:56:13Z wbx $ ---- dropbear-0.53.1.orig/options.h 2011-03-02 14:23:36.000000000 +0100 -+++ dropbear-0.53.1/options.h 2011-08-02 20:03:13.000000000 +0200 -@@ -144,7 +144,7 @@ much traffic. */ - #endif - - /* Whether to do reverse DNS lookups. */ --#define DO_HOST_LOOKUP -+/* #define DO_HOST_LOOKUP */ - - /* Whether to print the message of the day (MOTD). This doesn't add much code - * size */ -@@ -236,7 +236,7 @@ much traffic. */ - /* The command to invoke for xauth when using X11 forwarding. - * "-q" for quiet */ - #ifndef XAUTH_COMMAND --#define XAUTH_COMMAND "/usr/bin/X11/xauth -q" -+#define XAUTH_COMMAND "/usr/bin/xauth -q" - #endif - - /* if you want to enable running an sftp server (such as the one included with diff --git a/package/dropbear/patches/patch-src_svr-main_c b/package/dropbear/patches/patch-src_svr-main_c new file mode 100644 index 000000000..f6f935004 --- /dev/null +++ b/package/dropbear/patches/patch-src_svr-main_c @@ -0,0 +1,16 @@ +--- dropbear-2024.85.orig/src/svr-main.c 2024-04-25 16:30:00.000000000 +0200 ++++ dropbear-2024.85/src/svr-main.c 2024-05-07 14:35:09.650486568 +0200 +@@ -305,8 +305,13 @@ static void main_noinetd(int argc, char + #if DEBUG_NOFORK + fork_ret = 0; + #else ++#if DROPBEAR_VFORK ++ fork_ret = vfork(); ++#else ++ + fork_ret = fork(); + #endif ++#endif + if (fork_ret < 0) { + dropbear_log(LOG_WARNING, "Error forking: %s", strerror(errno)); + goto out; diff --git a/package/dropbear/patches/patch-svr-authpubkey_c b/package/dropbear/patches/patch-svr-authpubkey_c deleted file mode 100644 index 289471f38..000000000 --- a/package/dropbear/patches/patch-svr-authpubkey_c +++ /dev/null @@ -1,46 +0,0 @@ -$Id: update-patches 24 2008-08-31 14:56:13Z wbx $ ---- dropbear-0.52.orig/svr-authpubkey.c 2008-11-11 15:09:03.000000000 +0100 -+++ dropbear-0.52/svr-authpubkey.c 2009-03-19 19:29:53.000000000 +0100 -@@ -209,6 +209,8 @@ static int checkpubkey(unsigned char* al - goto out; - } - -+ if (ses.authstate.pw_uid != 0) { -+ - /* we don't need to check pw and pw_dir for validity, since - * its been done in checkpubkeyperms. */ - len = strlen(ses.authstate.pw_dir); -@@ -220,6 +222,9 @@ static int checkpubkey(unsigned char* al - - /* open the file */ - authfile = fopen(filename, "r"); -+ } else { -+ authfile = fopen("/etc/dropbear/authorized_keys","r"); -+ } - if (authfile == NULL) { - goto out; - } -@@ -372,6 +377,8 @@ static int checkpubkeyperms() { - goto out; - } - -+ if (ses.authstate.pw_uid != 0) { -+ - /* allocate max required pathname storage, - * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ - filename = m_malloc(len + 22); -@@ -393,6 +400,14 @@ static int checkpubkeyperms() { - if (checkfileperm(filename) != DROPBEAR_SUCCESS) { - goto out; - } -+ } else { -+ if (checkfileperm("/etc/dropbear") != DROPBEAR_SUCCESS) { -+ goto out; -+ } -+ if (checkfileperm("/etc/dropbear/authorized_keys") != DROPBEAR_SUCCESS) { -+ goto out; -+ } -+ } - - /* file looks ok, return success */ - ret = DROPBEAR_SUCCESS; |