diff options
Diffstat (limited to 'meta/recipes-core/dropbear/dropbear.inc')
-rw-r--r-- | meta/recipes-core/dropbear/dropbear.inc | 46 |
1 files changed, 31 insertions, 15 deletions
diff --git a/meta/recipes-core/dropbear/dropbear.inc b/meta/recipes-core/dropbear/dropbear.inc index e187d04339..080ee26b2e 100644 --- a/meta/recipes-core/dropbear/dropbear.inc +++ b/meta/recipes-core/dropbear/dropbear.inc @@ -5,23 +5,23 @@ SECTION = "console/network" # some files are from other projects and have others license terms: # public domain, OpenSSH 3.5p1, OpenSSH3.6.1p2, PuTTY LICENSE = "MIT & BSD-3-Clause & BSD-2-Clause & PD" -LIC_FILES_CHKSUM = "file://LICENSE;md5=e3a1b9604afd1648b28b0c6f1709e9f4" +LIC_FILES_CHKSUM = "file://LICENSE;md5=25cf44512b7bc8966a48b6b1a9b7605f" -DEPENDS = "zlib" -RPROVIDES_${PN} = "ssh sshd" +DEPENDS = "zlib virtual/crypt" +RPROVIDES_${PN} = "ssh sshd" +RCONFLICTS_${PN} = "openssh-sshd openssh" DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \ file://0001-urandom-xauth-changes-to-options.h.patch \ - file://0003-configure.patch \ - file://0004-fix-2kb-keys.patch \ - file://0007-dropbear-fix-for-x32-abi.patch \ file://init \ file://dropbearkey.service \ file://dropbear@.service \ file://dropbear.socket \ - ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} " + file://dropbear.default \ + ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ + ${@bb.utils.contains('PACKAGECONFIG', 'disable-weak-ciphers', 'file://dropbear-disable-weak-ciphers.patch', '', d)} " PAM_SRC_URI = "file://0005-dropbear-enable-pam.patch \ file://0006-dropbear-configuration-file.patch \ @@ -36,20 +36,27 @@ RDEPENDS_${PN} += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_PLUGINS inherit autotools update-rc.d systemd +CVE_PRODUCT = "dropbear_ssh" + INITSCRIPT_NAME = "dropbear" INITSCRIPT_PARAMS = "defaults 10" SYSTEMD_SERVICE_${PN} = "dropbear.socket" -CFLAGS_prepend = " -I. " -LD = "${CC}" - SBINCOMMANDS = "dropbear dropbearkey dropbearconvert" BINCOMMANDS = "dbclient ssh scp" EXTRA_OEMAKE = 'MULTI=1 SCPPROGRESS=1 PROGRAMS="${SBINCOMMANDS} ${BINCOMMANDS}"' + +PACKAGECONFIG ?= "disable-weak-ciphers" +PACKAGECONFIG[system-libtom] = "--disable-bundled-libtom,--enable-bundled-libtom,libtommath libtomcrypt" +PACKAGECONFIG[disable-weak-ciphers] = "" + EXTRA_OECONF += "\ ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '--enable-pam', '--disable-pam', d)}" -CFLAGS += "-DSFTPSERVER_PATH=\\"${libdir}/openssh/sftp-server\\"" + +# This option appends to CFLAGS and LDFLAGS from OE +# This is causing [textrel] QA warning +EXTRA_OECONF += "--disable-harden" do_install() { install -d ${D}${sysconfdir} \ @@ -60,9 +67,16 @@ do_install() { ${D}${sbindir} \ ${D}${localstatedir} + install -m 0644 ${WORKDIR}/dropbear.default ${D}${sysconfdir}/default/dropbear + install -m 0755 dropbearmulti ${D}${sbindir}/ - ln -s ${sbindir}/dropbearmulti ${D}${bindir}/dbclient - + + for i in ${BINCOMMANDS} + do + # ssh and scp symlinks are created by update-alternatives + if [ $i = ssh ] || [ $i = scp ]; then continue; fi + ln -s ${sbindir}/dropbearmulti ${D}${bindir}/$i + done for i in ${SBINCOMMANDS} do ln -s ./dropbearmulti ${D}${sbindir}/$i @@ -73,7 +87,7 @@ do_install() { -e 's,/usr/bin,${bindir},g' \ -e 's,/usr,${prefix},g' ${WORKDIR}/init > ${D}${sysconfdir}/init.d/dropbear chmod 755 ${D}${sysconfdir}/init.d/dropbear - if [ "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam', '', d)}" = "pam" ]; then + if [ "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" ]; then install -d ${D}${sysconfdir}/pam.d install -m 0644 ${WORKDIR}/dropbear ${D}${sysconfdir}/pam.d/ fi @@ -92,7 +106,7 @@ do_install() { inherit update-alternatives ALTERNATIVE_PRIORITY = "20" -ALTERNATIVE_${PN} = "scp ssh" +ALTERNATIVE_${PN} = "${@bb.utils.filter('BINCOMMANDS', 'scp ssh', d)}" ALTERNATIVE_TARGET = "${sbindir}/dropbearmulti" @@ -104,3 +118,5 @@ pkg_postrm_append_${PN} () { rm ${sysconfdir}/dropbear/dropbear_dss_host_key fi } + +FILES_${PN} += "${bindir}" |