summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity
diff options
context:
space:
mode:
authorMatthieu Crapet <Matthieu.Crapet@ingenico.com>2014-04-14 15:56:05 +0200
committerRichard Purdie <richard.purdie@linuxfoundation.org>2014-04-23 11:43:27 +0100
commit920bfc33444f2bd6ebf30f462fa41610c5e68545 (patch)
treeb15722f58ec684ca7bef07eaded4e09526443272 /meta/recipes-connectivity
parentedb5f34b79d2a3781dbe3d9d15287d067c731701 (diff)
downloadpoky-920bfc33444f2bd6ebf30f462fa41610c5e68545.tar.gz
openssh-sshd: host contamination fix
If you do a readelf -x .rodata /path/.../to/openssh/6.5p1-r0/packages-split/openssh-sshd/usr/sbin/sshd You'll see two references to OE's sysroots/${BUILD_SYS} login and passwd binaries. First one can be overridden with LOGIN_PROGRAM environment variable (see configure.ac), second needs a cached variable definition. (From OE-Core rev: 2127c80d0cc2a3a4d676bd3c0890454a175fba8e) Signed-off-by: Matthieu Crapet <Matthieu.Crapet@ingenico.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity')
-rw-r--r--meta/recipes-connectivity/openssh/openssh_6.5p1.bb12
1 files changed, 7 insertions, 5 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh_6.5p1.bb b/meta/recipes-connectivity/openssh/openssh_6.5p1.bb
index 2c4da70988..d19cc5a6b2 100644
--- a/meta/recipes-connectivity/openssh/openssh_6.5p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_6.5p1.bb
@@ -7,7 +7,6 @@ SECTION = "console/network"
7LICENSE = "BSD" 7LICENSE = "BSD"
8LIC_FILES_CHKSUM = "file://LICENCE;md5=e326045657e842541d3f35aada442507" 8LIC_FILES_CHKSUM = "file://LICENCE;md5=e326045657e842541d3f35aada442507"
9 9
10
11DEPENDS = "zlib openssl" 10DEPENDS = "zlib openssl"
12DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" 11DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
13 12
@@ -55,7 +54,9 @@ inherit autotools-brokensep
55CFLAGS += "-D__FILE_OFFSET_BITS=64" 54CFLAGS += "-D__FILE_OFFSET_BITS=64"
56export LD = "${CC}" 55export LD = "${CC}"
57 56
58EXTRA_OECONF = "${@base_contains('DISTRO_FEATURES', 'pam', '--with-pam', '--without-pam', d)} \ 57# login path is hardcoded in sshd
58EXTRA_OECONF = "'LOGIN_PROGRAM=${base_bindir}/login' \
59 ${@base_contains('DISTRO_FEATURES', 'pam', '--with-pam', '--without-pam', d)} \
59 --without-zlib-version-check \ 60 --without-zlib-version-check \
60 --with-privsep-path=/var/run/sshd \ 61 --with-privsep-path=/var/run/sshd \
61 --sysconfdir=${sysconfdir}/ssh \ 62 --sysconfdir=${sysconfdir}/ssh \
@@ -64,9 +65,11 @@ EXTRA_OECONF = "${@base_contains('DISTRO_FEATURES', 'pam', '--with-pam', '--with
64# Since we do not depend on libbsd, we do not want configure to use it 65# Since we do not depend on libbsd, we do not want configure to use it
65# just because it finds libutil.h. But, specifying --disable-libutil 66# just because it finds libutil.h. But, specifying --disable-libutil
66# causes compile errors, so... 67# causes compile errors, so...
67#
68CACHED_CONFIGUREVARS += "ac_cv_header_bsd_libutil_h=no ac_cv_header_libutil_h=no" 68CACHED_CONFIGUREVARS += "ac_cv_header_bsd_libutil_h=no ac_cv_header_libutil_h=no"
69 69
70# passwd path is hardcoded in sshd
71CACHED_CONFIGUREVARS += "ac_cv_path_PATH_PASSWD_PROG=${bindir}/passwd"
72
70# This is a workaround for uclibc because including stdio.h 73# This is a workaround for uclibc because including stdio.h
71# pulls in pthreads.h and causes conflicts in function prototypes. 74# pulls in pthreads.h and causes conflicts in function prototypes.
72# This results in compilation failure, so unless this is fixed, 75# This results in compilation failure, so unless this is fixed,
@@ -97,7 +100,7 @@ do_install_append () {
97 install -d ${D}/${sysconfdir}/default/volatiles 100 install -d ${D}/${sysconfdir}/default/volatiles
98 install -m 644 ${WORKDIR}/volatiles.99_sshd ${D}/${sysconfdir}/default/volatiles/99_sshd 101 install -m 644 ${WORKDIR}/volatiles.99_sshd ${D}/${sysconfdir}/default/volatiles/99_sshd
99 102
100 # Create config files for read-only rootfs 103 # Create config files for read-only rootfs
101 install -d ${D}${sysconfdir}/ssh 104 install -d ${D}${sysconfdir}/ssh
102 install -m 644 ${D}${sysconfdir}/ssh/sshd_config ${D}${sysconfdir}/ssh/sshd_config_readonly 105 install -m 644 ${D}${sysconfdir}/ssh/sshd_config ${D}${sysconfdir}/ssh/sshd_config_readonly
103 sed -i '/HostKey/d' ${D}${sysconfdir}/ssh/sshd_config_readonly 106 sed -i '/HostKey/d' ${D}${sysconfdir}/ssh/sshd_config_readonly
@@ -130,7 +133,6 @@ FILES_${PN}-keygen = "${bindir}/ssh-keygen"
130RDEPENDS_${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen" 133RDEPENDS_${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen"
131RDEPENDS_${PN}-sshd += "${PN}-keygen ${@base_contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}" 134RDEPENDS_${PN}-sshd += "${PN}-keygen ${@base_contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}"
132 135
133
134CONFFILES_${PN}-sshd = "${sysconfdir}/ssh/sshd_config" 136CONFFILES_${PN}-sshd = "${sysconfdir}/ssh/sshd_config"
135CONFFILES_${PN}-ssh = "${sysconfdir}/ssh/ssh_config" 137CONFFILES_${PN}-ssh = "${sysconfdir}/ssh/ssh_config"
136 138