diff options
author | Sudip Mukherjee <sudipm.mukherjee@gmail.com> | 2023-09-02 15:24:15 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2023-09-03 10:34:20 +0100 |
commit | e4ac4b116cca421d55c845cdcf5d018ae20561de (patch) | |
tree | 1abe587784876b4519d1bd36b60233a7b197b886 /meta/recipes-connectivity/openssh/openssh_9.4p1.bb | |
parent | e2d82c3691fe932360b9af21a023b6460f815132 (diff) | |
download | poky-e4ac4b116cca421d55c845cdcf5d018ae20561de.tar.gz |
openssh: upgrade to v9.4p1
Changes:
Update sha256sum
Remove backported patch
(From OE-Core rev: 51a6e56fcb28ec97ba3a4b40bbcd3d64e6d390d5)
Signed-off-by: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity/openssh/openssh_9.4p1.bb')
-rw-r--r-- | meta/recipes-connectivity/openssh/openssh_9.4p1.bb | 175 |
1 files changed, 175 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh_9.4p1.bb b/meta/recipes-connectivity/openssh/openssh_9.4p1.bb new file mode 100644 index 0000000000..3f232a839d --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh_9.4p1.bb | |||
@@ -0,0 +1,175 @@ | |||
1 | SUMMARY = "A suite of security-related network utilities based on \ | ||
2 | the SSH protocol including the ssh client and sshd server" | ||
3 | DESCRIPTION = "Secure rlogin/rsh/rcp/telnet replacement (OpenSSH) \ | ||
4 | Ssh (Secure Shell) is a program for logging into a remote machine \ | ||
5 | and for executing commands on a remote machine." | ||
6 | HOMEPAGE = "http://www.openssh.com/" | ||
7 | SECTION = "console/network" | ||
8 | LICENSE = "BSD-2-Clause & BSD-3-Clause & ISC & MIT" | ||
9 | LIC_FILES_CHKSUM = "file://LICENCE;md5=072979064e691d342002f43cd89c0394" | ||
10 | |||
11 | DEPENDS = "zlib openssl virtual/crypt" | ||
12 | DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" | ||
13 | |||
14 | SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.gz \ | ||
15 | file://sshd_config \ | ||
16 | file://ssh_config \ | ||
17 | file://init \ | ||
18 | ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ | ||
19 | file://sshd.socket \ | ||
20 | file://sshd@.service \ | ||
21 | file://sshdgenkeys.service \ | ||
22 | file://volatiles.99_sshd \ | ||
23 | file://run-ptest \ | ||
24 | file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \ | ||
25 | file://sshd_check_keys \ | ||
26 | file://add-test-support-for-busybox.patch \ | ||
27 | " | ||
28 | SRC_URI[sha256sum] = "3608fd9088db2163ceb3e600c85ab79d0de3d221e59192ea1923e23263866a85" | ||
29 | |||
30 | CVE_STATUS[CVE-2007-2768] = "not-applicable-config: This CVE is specific to OpenSSH with the pam opie which we don't build/use here." | ||
31 | |||
32 | # This CVE is specific to OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 | ||
33 | # and when running in a Kerberos environment. As such it is not relevant to OpenEmbedded | ||
34 | CVE_STATUS[CVE-2014-9278] = "not-applicable-platform: This CVE is specific to OpenSSH server, as used in Fedora and \ | ||
35 | Red Hat Enterprise Linux 7 and when running in a Kerberos environment" | ||
36 | |||
37 | CVE_STATUS[CVE-2008-3844] = "not-applicable-platform: Only applies to some distributed RHEL binaries." | ||
38 | |||
39 | PAM_SRC_URI = "file://sshd" | ||
40 | |||
41 | inherit manpages useradd update-rc.d update-alternatives systemd | ||
42 | |||
43 | USERADD_PACKAGES = "${PN}-sshd" | ||
44 | USERADD_PARAM:${PN}-sshd = "--system --no-create-home --home-dir /var/run/sshd --shell /bin/false --user-group sshd" | ||
45 | INITSCRIPT_PACKAGES = "${PN}-sshd" | ||
46 | INITSCRIPT_NAME:${PN}-sshd = "sshd" | ||
47 | INITSCRIPT_PARAMS:${PN}-sshd = "defaults 9" | ||
48 | |||
49 | SYSTEMD_PACKAGES = "${PN}-sshd" | ||
50 | SYSTEMD_SERVICE:${PN}-sshd = "sshd.socket" | ||
51 | |||
52 | inherit autotools-brokensep ptest | ||
53 | |||
54 | PACKAGECONFIG ??= "" | ||
55 | PACKAGECONFIG[kerberos] = "--with-kerberos5,--without-kerberos5,krb5" | ||
56 | PACKAGECONFIG[ldns] = "--with-ldns,--without-ldns,ldns" | ||
57 | PACKAGECONFIG[libedit] = "--with-libedit,--without-libedit,libedit" | ||
58 | PACKAGECONFIG[manpages] = "--with-mantype=man,--with-mantype=cat" | ||
59 | |||
60 | EXTRA_AUTORECONF += "--exclude=aclocal" | ||
61 | |||
62 | # login path is hardcoded in sshd | ||
63 | EXTRA_OECONF = "'LOGIN_PROGRAM=${base_bindir}/login' \ | ||
64 | ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '--with-pam', '--without-pam', d)} \ | ||
65 | --without-zlib-version-check \ | ||
66 | --with-privsep-path=${localstatedir}/run/sshd \ | ||
67 | --sysconfdir=${sysconfdir}/ssh \ | ||
68 | --with-xauth=${bindir}/xauth \ | ||
69 | --disable-strip \ | ||
70 | " | ||
71 | |||
72 | # musl doesn't implement wtmp/utmp and logwtmp | ||
73 | EXTRA_OECONF:append:libc-musl = " --disable-wtmp --disable-lastlog" | ||
74 | |||
75 | # Since we do not depend on libbsd, we do not want configure to use it | ||
76 | # just because it finds libutil.h. But, specifying --disable-libutil | ||
77 | # causes compile errors, so... | ||
78 | CACHED_CONFIGUREVARS += "ac_cv_header_bsd_libutil_h=no ac_cv_header_libutil_h=no" | ||
79 | |||
80 | # passwd path is hardcoded in sshd | ||
81 | CACHED_CONFIGUREVARS += "ac_cv_path_PATH_PASSWD_PROG=${bindir}/passwd" | ||
82 | |||
83 | # We don't want to depend on libblockfile | ||
84 | CACHED_CONFIGUREVARS += "ac_cv_header_maillock_h=no" | ||
85 | |||
86 | do_configure:prepend () { | ||
87 | export LD="${CC}" | ||
88 | install -m 0644 ${WORKDIR}/sshd_config ${B}/ | ||
89 | install -m 0644 ${WORKDIR}/ssh_config ${B}/ | ||
90 | } | ||
91 | |||
92 | do_compile_ptest() { | ||
93 | oe_runmake regress-binaries regress-unit-binaries | ||
94 | } | ||
95 | |||
96 | do_install:append () { | ||
97 | if [ "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" ]; then | ||
98 | install -D -m 0644 ${WORKDIR}/sshd ${D}${sysconfdir}/pam.d/sshd | ||
99 | sed -i -e 's:#UsePAM no:UsePAM yes:' ${D}${sysconfdir}/ssh/sshd_config | ||
100 | fi | ||
101 | |||
102 | if [ "${@bb.utils.filter('DISTRO_FEATURES', 'x11', d)}" ]; then | ||
103 | sed -i -e 's:#X11Forwarding no:X11Forwarding yes:' ${D}${sysconfdir}/ssh/sshd_config | ||
104 | fi | ||
105 | |||
106 | install -d ${D}${sysconfdir}/init.d | ||
107 | install -m 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/sshd | ||
108 | rm -f ${D}${bindir}/slogin ${D}${datadir}/Ssh.bin | ||
109 | rmdir ${D}${localstatedir}/run/sshd ${D}${localstatedir}/run ${D}${localstatedir} | ||
110 | install -d ${D}/${sysconfdir}/default/volatiles | ||
111 | install -m 644 ${WORKDIR}/volatiles.99_sshd ${D}/${sysconfdir}/default/volatiles/99_sshd | ||
112 | install -m 0755 ${S}/contrib/ssh-copy-id ${D}${bindir} | ||
113 | |||
114 | # Create config files for read-only rootfs | ||
115 | install -d ${D}${sysconfdir}/ssh | ||
116 | install -m 644 ${D}${sysconfdir}/ssh/sshd_config ${D}${sysconfdir}/ssh/sshd_config_readonly | ||
117 | sed -i '/HostKey/d' ${D}${sysconfdir}/ssh/sshd_config_readonly | ||
118 | echo "HostKey /var/run/ssh/ssh_host_rsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly | ||
119 | echo "HostKey /var/run/ssh/ssh_host_ecdsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly | ||
120 | echo "HostKey /var/run/ssh/ssh_host_ed25519_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly | ||
121 | |||
122 | install -d ${D}${systemd_system_unitdir} | ||
123 | install -c -m 0644 ${WORKDIR}/sshd.socket ${D}${systemd_system_unitdir} | ||
124 | install -c -m 0644 ${WORKDIR}/sshd@.service ${D}${systemd_system_unitdir} | ||
125 | install -c -m 0644 ${WORKDIR}/sshdgenkeys.service ${D}${systemd_system_unitdir} | ||
126 | sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ | ||
127 | -e 's,@SBINDIR@,${sbindir},g' \ | ||
128 | -e 's,@BINDIR@,${bindir},g' \ | ||
129 | -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \ | ||
130 | ${D}${systemd_system_unitdir}/sshd.socket ${D}${systemd_system_unitdir}/*.service | ||
131 | |||
132 | sed -i -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \ | ||
133 | ${D}${sysconfdir}/init.d/sshd | ||
134 | |||
135 | install -D -m 0755 ${WORKDIR}/sshd_check_keys ${D}${libexecdir}/${BPN}/sshd_check_keys | ||
136 | } | ||
137 | |||
138 | do_install_ptest () { | ||
139 | sed -i -e "s|^SFTPSERVER=.*|SFTPSERVER=${libexecdir}/sftp-server|" regress/test-exec.sh | ||
140 | cp -r regress ${D}${PTEST_PATH} | ||
141 | cp config.h ${D}${PTEST_PATH} | ||
142 | } | ||
143 | |||
144 | ALLOW_EMPTY:${PN} = "1" | ||
145 | |||
146 | PACKAGES =+ "${PN}-keygen ${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-sftp ${PN}-misc ${PN}-sftp-server" | ||
147 | FILES:${PN}-scp = "${bindir}/scp.${BPN}" | ||
148 | FILES:${PN}-ssh = "${bindir}/ssh.${BPN} ${sysconfdir}/ssh/ssh_config" | ||
149 | FILES:${PN}-sshd = "${sbindir}/sshd ${sysconfdir}/init.d/sshd ${systemd_system_unitdir}" | ||
150 | FILES:${PN}-sshd += "${sysconfdir}/ssh/moduli ${sysconfdir}/ssh/sshd_config ${sysconfdir}/ssh/sshd_config_readonly ${sysconfdir}/default/volatiles/99_sshd ${sysconfdir}/pam.d/sshd" | ||
151 | FILES:${PN}-sshd += "${libexecdir}/${BPN}/sshd_check_keys" | ||
152 | FILES:${PN}-sftp = "${bindir}/sftp" | ||
153 | FILES:${PN}-sftp-server = "${libexecdir}/sftp-server" | ||
154 | FILES:${PN}-misc = "${bindir}/ssh* ${libexecdir}/ssh*" | ||
155 | FILES:${PN}-keygen = "${bindir}/ssh-keygen" | ||
156 | |||
157 | RDEPENDS:${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen ${PN}-sftp-server" | ||
158 | RDEPENDS:${PN}-sshd += "${PN}-keygen ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}" | ||
159 | # gdb would make attach-ptrace test pass rather than skip but not worth the build dependencies | ||
160 | RDEPENDS:${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make sed sudo coreutils openssl-bin" | ||
161 | |||
162 | RPROVIDES:${PN}-ssh = "ssh" | ||
163 | RPROVIDES:${PN}-sshd = "sshd" | ||
164 | |||
165 | RCONFLICTS:${PN} = "dropbear" | ||
166 | RCONFLICTS:${PN}-sshd = "dropbear" | ||
167 | |||
168 | CONFFILES:${PN}-sshd = "${sysconfdir}/ssh/sshd_config" | ||
169 | CONFFILES:${PN}-ssh = "${sysconfdir}/ssh/ssh_config" | ||
170 | |||
171 | ALTERNATIVE_PRIORITY = "90" | ||
172 | ALTERNATIVE:${PN}-scp = "scp" | ||
173 | ALTERNATIVE:${PN}-ssh = "ssh" | ||
174 | |||
175 | BBCLASSEXTEND += "nativesdk" | ||