| Age | Commit message (Collapse) | Author |
|---|
|
Signed-off-by: Dengke Du <dengke.du@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Drop patch support-out-of-tree-builds.patch:
Because the upstream has already contain it.
Signed-off-by: Dengke Du <dengke.du@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Bring the dropbear init script into sync with the systemd service
file (dropbearkey.service supports RSA host keys only) and with
recent versions of openssh which deprecate DSA host keys.
https://www.gentoo.org/support/news-items/2015-08-13-openssh-weak-keys.html
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Dropbear will use system versions of libtommath and libtomcrypt if
available. To make builds deterministic, add a PACKAGECONFIG option
to choose system libs or force use of the bundled versions.
Note that currently there are no libtommath or libtomcrypt recipes
in oe-core, so default to using the bundled versions.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
To prevent build failures when using system libtom libraries and
linking with --as-needed, LIBTOM_LIBS should be in the order
-ltomcrypt -ltommath, not the other way around, ie libs should be
prepended to LIBTOM_LIBS as they are found, not appended.
Note that LIBTOM_LIBS is not used when linking with the bundled
libtom libs.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This patch adds DROPBEAR_RSAKEY_ARGS and DROPBEAR_DSSKEY_ARGS optional
parameters to /etc/default/dropbear. The contents are simply passed to
the 'dropbearkey' program when generating a host key.
The default keysize for RSA is currently 2048 bits. It takes a CortexA9
running at 700MHz between 4 and 10 seconds to calculate a keypair. The
board boots Linux in about a second, but you have to wait for several
seconds because of the keypair generation. This patch allows one to put
the line DROPBEAR_RSAKEY_ARGS="-s 1024" into /etc/default/dropbear, and
have a host key generated in about 0.2 seconds on the same CPU. This is
particulary useful for read-only rootfs systems which generate a key on
each boot.
Signed-off-by: Mike Looijmans <mike.looijmans@topic.nl>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
2016.73 -> 2016.74
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Enforce the correct tag names across all of oe-core for consistency.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Openssh now installs the sftp-server binary as /usr/libexec/sftp-server,
whereas the dropbear recipe assumes a different path.
Dropbear uses the correct path by default, so it's no longer necessary
to override SFTPSERVER_PATH via CFLAGS.
This fixes SFTP access to systems using dropbear as the SSH server.
Signed-off-by: Dominic Sacré <dominic.sacre@gmx.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Backport a patch to fix out-of-tree build.
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The CFLAGS and LD tweaks in dropbear.inc date back to 2005/2006 and
whatever issue they worked around back then seems to have been fixed
in the latest versions of dropbear.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
2015.71 - 3 December 2015
- Fix "bad buf_incrpos" when data is transferred, broke in 2015.69
- Fix crash on exit when -p address:port is used, broke in 2015.68
- Fix building with only ENABLE_CLI_REMOTETCPFWD given, patch from Konstantin Tokarev
- Fix bad configure script test which didn't work with dash shell, patch from Juergen Daubert,
broke in 2015.70
- Fix server race condition that could cause sessions to hang on exit,
https://github.com/robotframework/SSHLibrary/issues/128
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Tweak a pam patch to make it apply on current source.
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
LICENSE checksum has changed because the copyright year was changed
from 2014 to 2015 in it:
https://github.com/mkj/dropbear/commit/19e1afbd1ca6d306166ce74bcd6c6889f8d196f3
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
|
* Upgrade to upstream 2014.66; incorporates several minor bugfix
releases.
* LIC_FILES_CHKSUM changed because the copyright year changed; there was
no change to the license text itself.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
|
|
If pam distro feature enabled, dropbear will need below pam rpms
to work:
* libpam-runtime
* pam-plugin-deny
* pam-plugin-permit
* pam-plugin-unix
Just add the runtime dependencies explicitly.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
* Add a brief subject mentioning what the patch is for
* Add Upstream-Status
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Replace:
cat <file> | sed -e xxx
By:
sed -e xxx <file>
+ fix indentation
Signed-off-by: Matthieu Crapet <Matthieu.Crapet@ingenico.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
The base_contains is kept as a compatibility method and we ought to
not use it in OE-Core so we can remove it from base metadata in
future.
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Drop 0002-static_build_fix.patch since an equivalent fix has been merged
upstream.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This patch mainly comes from meta-systemd with a few modifications.
The purpose is to get rid of the LSB init scripts in systemd images.
[YOCTO #4420]
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Patch application failed on the autobuilder for pam, this refresh of the
patch should resolve the build failure.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
LIC_FILES_CHKSUM has changed with the introduction of a BSD-3-Clause
algorithm (curve25519-donna); this has prompted a re-evaluation of the
LICENSE value which should now reflect the licenses declared in the
upstream documentation. Thanks to Beth Flanagan for helping with this.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Using the contains function results in more optimal sstate checksums
resulting in better cache reuse as we as more consistent code.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
update to latest version 2013.60
Update 0006-dropbear-configuration-file.patch for 2013.60
Signed-off-by: Maxin B. John <maxin.john@enea.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
The default value of SFTPSERVER_PATH is "/usr/libexec/sftp-server" defined in
dropbear-2013.58/option.h, but after commit 406bd38b423[bitbake.conf: change
libexecdir to ${libdir}/${BPN}], sftp-server is provided by openssh package,
and is installed into ${libdir}/openssh, so we pass it explicitly.
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This commit fixes runtime hang of 'dropbearkey' utility, built for a x32
target abi system. The hang was observed while generating ssh keys, with
this command:
dropbearkey -t dss -f private
The issue is fixed by changing the code, where 'long' in x86_64 mode is
assumed as 64bit quantity. With the x32 abi, the processor is in x86_64
mode, but the 'long' is a 32bit quantity. Hence the fix uses 'long long'
instead of 'long' to define/access 64bit data variables.
Fixes bug:
[YOCTO #4496]
Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
- patches updated
- nopw-option.patch dropped as the option is integrated since 2013.56
- compile tested for ARMv5 target
Signed-off-by: Eric Bénard <eric@eukrea.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Blank password option patch has now been accepted upstream.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Old init script killed all dropbear processes when doing stop/restart
including open SSH sessions which is very annoying.
Signed-off-by: Roman I Khimov <khimov@altell.ru>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Dropbear does not start when the host key is empty and it is possible
that a device is switched off before the host key is generated. This
is possible because the dropbearkey code doesn't create a temporary
file first. Detect truncated keys and then remove them which will lead
to the re-generation. This way the dropbear process will always start.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Instead of using IMAGE_FEATURES to control something within a recipe,
allow this to be set at runtime, avoiding the need to rebuild dropbear
when we want to change this option.
First half of the fix for [YOCTO #2578].
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
|
Signed-off-by: Steffen Sledz <sledz@dresearch-fe.de>
|
|
Re-running the debug_patch task would cause the build to fail. This patch
moves the extra patch handling directly into SRC_URI and removes the need
for the separate task, allowing safe re-execution of each task.
[YOCTO #2194]
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Shane Wang <shane.wang@intel.com>
|
|
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
This new version added ALLOW_BLANK_PASSWORD option. So change the allow-nopw.patch content to enable this function.
Signed-off-by: Mei Lei <lei.mei@intel.com>
|
|
Signed-off-by: Mei Lei <lei.mei@intel.com>
|
|
Signed-off-by: Koen Kooi <koen@dominion.thruhere.net>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
file for dropbear
dropbear will check "/etc/pam.d/sshd" which comes from package "openssh" \
When enabling pam supporting. But if we only install dropbear \
package without package "openssh", then "dropbear" will not \
find a configuration file.
The changes are as follow for fixing this bug:
- Change the path to find configuration file (/etc/pam.d/sshd --> /etc/pam.d/dropbear)
- Add a configuration file "/etc/pam.d/dropbear"
Signed-off-by: Xiaofeng Yan <xiaofeng.yan@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
I make a patch and some changes in dropbear.inc for supporting pam.
- Enable pam in configure
- Modify file option.h to open pam supporting
Signed-off-by: Xiaofeng Yan <xiaofeng.yan@windriver.com>
|
|
The long term solution is to remove the IMAGE_FEATURE check since images are not allowed to influence recipe compile options.
Signed-off-by: Koen Kooi <koen@dominion.thruhere.net>
|
|
Nothing in the system actually uses the PROVIDES field for these
recipes, its usually the runtime packages that are used. We can
therefore remove the PROVIDES and hence quieten the associated
warnings from bitbake.
If these recipes do really need the PROVIDES, they would be better
as virtuals and adding that to MULTI_PROVIDER_WHITELIST.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
We need to avoid applying a patch in configure, because a rebuild could
trigger this, without triggering do_patch.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
Dengke Du
Andre McCurdy
Peter Kjellerstedt
Mike Looijmans
Maxin B. John
Ross Burton
Dominic Sacré
Jussi Kukkonen
Alexander Kanavin
Robert Yang
Paul Eggleton
Wenzong Fan
Matthieu Crapet
Otavio Salvador
Chen Qi
Richard Purdie
Maxin B. John
Roy Li
Nitin A Kamble
Eric Bénard
Roman I Khimov
Martin Jansa
Holger Hans Peter Freyther
Mark Hatle
Steffen Sledz
Shane Wang
Saul Wold
Mei Lei
Koen Kooi
Xiaofeng Yan