From 8f5a97d6ed8b4e2f85a834b641f19ad843522aa1 Mon Sep 17 00:00:00 2001 From: Matthieu Crapet Date: Mon, 14 Apr 2014 15:56:05 +0200 Subject: openssh-sshd: host contamination fix If you do a readelf -x .rodata /path/.../to/openssh/6.5p1-r0/packages-split/openssh-sshd/usr/sbin/sshd You'll see two references to OE's sysroots/${BUILD_SYS} login and passwd binaries. First one can be overridden with LOGIN_PROGRAM environment variable (see configure.ac), second needs a cached variable definition. (From OE-Core rev: 2127c80d0cc2a3a4d676bd3c0890454a175fba8e) Signed-off-by: Matthieu Crapet Signed-off-by: Richard Purdie --- meta/recipes-connectivity/openssh/openssh_6.5p1.bb | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/meta/recipes-connectivity/openssh/openssh_6.5p1.bb b/meta/recipes-connectivity/openssh/openssh_6.5p1.bb index 2c4da70988..d19cc5a6b2 100644 --- a/meta/recipes-connectivity/openssh/openssh_6.5p1.bb +++ b/meta/recipes-connectivity/openssh/openssh_6.5p1.bb @@ -7,7 +7,6 @@ SECTION = "console/network" LICENSE = "BSD" LIC_FILES_CHKSUM = "file://LICENCE;md5=e326045657e842541d3f35aada442507" - DEPENDS = "zlib openssl" DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" @@ -55,7 +54,9 @@ inherit autotools-brokensep CFLAGS += "-D__FILE_OFFSET_BITS=64" export LD = "${CC}" -EXTRA_OECONF = "${@base_contains('DISTRO_FEATURES', 'pam', '--with-pam', '--without-pam', d)} \ +# login path is hardcoded in sshd +EXTRA_OECONF = "'LOGIN_PROGRAM=${base_bindir}/login' \ + ${@base_contains('DISTRO_FEATURES', 'pam', '--with-pam', '--without-pam', d)} \ --without-zlib-version-check \ --with-privsep-path=/var/run/sshd \ --sysconfdir=${sysconfdir}/ssh \ @@ -64,9 +65,11 @@ EXTRA_OECONF = "${@base_contains('DISTRO_FEATURES', 'pam', '--with-pam', '--with # Since we do not depend on libbsd, we do not want configure to use it # just because it finds libutil.h. But, specifying --disable-libutil # causes compile errors, so... -# CACHED_CONFIGUREVARS += "ac_cv_header_bsd_libutil_h=no ac_cv_header_libutil_h=no" +# passwd path is hardcoded in sshd +CACHED_CONFIGUREVARS += "ac_cv_path_PATH_PASSWD_PROG=${bindir}/passwd" + # This is a workaround for uclibc because including stdio.h # pulls in pthreads.h and causes conflicts in function prototypes. # This results in compilation failure, so unless this is fixed, @@ -97,7 +100,7 @@ do_install_append () { install -d ${D}/${sysconfdir}/default/volatiles install -m 644 ${WORKDIR}/volatiles.99_sshd ${D}/${sysconfdir}/default/volatiles/99_sshd - # Create config files for read-only rootfs + # Create config files for read-only rootfs install -d ${D}${sysconfdir}/ssh install -m 644 ${D}${sysconfdir}/ssh/sshd_config ${D}${sysconfdir}/ssh/sshd_config_readonly sed -i '/HostKey/d' ${D}${sysconfdir}/ssh/sshd_config_readonly @@ -130,7 +133,6 @@ FILES_${PN}-keygen = "${bindir}/ssh-keygen" RDEPENDS_${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen" RDEPENDS_${PN}-sshd += "${PN}-keygen ${@base_contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}" - CONFFILES_${PN}-sshd = "${sysconfdir}/ssh/sshd_config" CONFFILES_${PN}-ssh = "${sysconfdir}/ssh/ssh_config" -- cgit 1.2.3-korg