diff options
author | Matthieu Crapet <Matthieu.Crapet@ingenico.com> | 2014-04-14 15:56:05 +0200 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2014-04-23 11:43:27 +0100 |
commit | 920bfc33444f2bd6ebf30f462fa41610c5e68545 (patch) | |
tree | b15722f58ec684ca7bef07eaded4e09526443272 /meta/recipes-connectivity | |
parent | edb5f34b79d2a3781dbe3d9d15287d067c731701 (diff) | |
download | poky-920bfc33444f2bd6ebf30f462fa41610c5e68545.tar.gz |
openssh-sshd: host contamination fix
If you do a readelf -x .rodata /path/.../to/openssh/6.5p1-r0/packages-split/openssh-sshd/usr/sbin/sshd
You'll see two references to OE's sysroots/${BUILD_SYS} login and passwd binaries.
First one can be overridden with LOGIN_PROGRAM environment variable (see configure.ac),
second needs a cached variable definition.
(From OE-Core rev: 2127c80d0cc2a3a4d676bd3c0890454a175fba8e)
Signed-off-by: Matthieu Crapet <Matthieu.Crapet@ingenico.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity')
-rw-r--r-- | meta/recipes-connectivity/openssh/openssh_6.5p1.bb | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh_6.5p1.bb b/meta/recipes-connectivity/openssh/openssh_6.5p1.bb index 2c4da70988..d19cc5a6b2 100644 --- a/meta/recipes-connectivity/openssh/openssh_6.5p1.bb +++ b/meta/recipes-connectivity/openssh/openssh_6.5p1.bb | |||
@@ -7,7 +7,6 @@ SECTION = "console/network" | |||
7 | LICENSE = "BSD" | 7 | LICENSE = "BSD" |
8 | LIC_FILES_CHKSUM = "file://LICENCE;md5=e326045657e842541d3f35aada442507" | 8 | LIC_FILES_CHKSUM = "file://LICENCE;md5=e326045657e842541d3f35aada442507" |
9 | 9 | ||
10 | |||
11 | DEPENDS = "zlib openssl" | 10 | DEPENDS = "zlib openssl" |
12 | DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" | 11 | DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" |
13 | 12 | ||
@@ -55,7 +54,9 @@ inherit autotools-brokensep | |||
55 | CFLAGS += "-D__FILE_OFFSET_BITS=64" | 54 | CFLAGS += "-D__FILE_OFFSET_BITS=64" |
56 | export LD = "${CC}" | 55 | export LD = "${CC}" |
57 | 56 | ||
58 | EXTRA_OECONF = "${@base_contains('DISTRO_FEATURES', 'pam', '--with-pam', '--without-pam', d)} \ | 57 | # login path is hardcoded in sshd |
58 | EXTRA_OECONF = "'LOGIN_PROGRAM=${base_bindir}/login' \ | ||
59 | ${@base_contains('DISTRO_FEATURES', 'pam', '--with-pam', '--without-pam', d)} \ | ||
59 | --without-zlib-version-check \ | 60 | --without-zlib-version-check \ |
60 | --with-privsep-path=/var/run/sshd \ | 61 | --with-privsep-path=/var/run/sshd \ |
61 | --sysconfdir=${sysconfdir}/ssh \ | 62 | --sysconfdir=${sysconfdir}/ssh \ |
@@ -64,9 +65,11 @@ EXTRA_OECONF = "${@base_contains('DISTRO_FEATURES', 'pam', '--with-pam', '--with | |||
64 | # Since we do not depend on libbsd, we do not want configure to use it | 65 | # Since we do not depend on libbsd, we do not want configure to use it |
65 | # just because it finds libutil.h. But, specifying --disable-libutil | 66 | # just because it finds libutil.h. But, specifying --disable-libutil |
66 | # causes compile errors, so... | 67 | # causes compile errors, so... |
67 | # | ||
68 | CACHED_CONFIGUREVARS += "ac_cv_header_bsd_libutil_h=no ac_cv_header_libutil_h=no" | 68 | CACHED_CONFIGUREVARS += "ac_cv_header_bsd_libutil_h=no ac_cv_header_libutil_h=no" |
69 | 69 | ||
70 | # passwd path is hardcoded in sshd | ||
71 | CACHED_CONFIGUREVARS += "ac_cv_path_PATH_PASSWD_PROG=${bindir}/passwd" | ||
72 | |||
70 | # This is a workaround for uclibc because including stdio.h | 73 | # This is a workaround for uclibc because including stdio.h |
71 | # pulls in pthreads.h and causes conflicts in function prototypes. | 74 | # pulls in pthreads.h and causes conflicts in function prototypes. |
72 | # This results in compilation failure, so unless this is fixed, | 75 | # This results in compilation failure, so unless this is fixed, |
@@ -97,7 +100,7 @@ do_install_append () { | |||
97 | install -d ${D}/${sysconfdir}/default/volatiles | 100 | install -d ${D}/${sysconfdir}/default/volatiles |
98 | install -m 644 ${WORKDIR}/volatiles.99_sshd ${D}/${sysconfdir}/default/volatiles/99_sshd | 101 | install -m 644 ${WORKDIR}/volatiles.99_sshd ${D}/${sysconfdir}/default/volatiles/99_sshd |
99 | 102 | ||
100 | # Create config files for read-only rootfs | 103 | # Create config files for read-only rootfs |
101 | install -d ${D}${sysconfdir}/ssh | 104 | install -d ${D}${sysconfdir}/ssh |
102 | install -m 644 ${D}${sysconfdir}/ssh/sshd_config ${D}${sysconfdir}/ssh/sshd_config_readonly | 105 | install -m 644 ${D}${sysconfdir}/ssh/sshd_config ${D}${sysconfdir}/ssh/sshd_config_readonly |
103 | sed -i '/HostKey/d' ${D}${sysconfdir}/ssh/sshd_config_readonly | 106 | sed -i '/HostKey/d' ${D}${sysconfdir}/ssh/sshd_config_readonly |
@@ -130,7 +133,6 @@ FILES_${PN}-keygen = "${bindir}/ssh-keygen" | |||
130 | RDEPENDS_${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen" | 133 | RDEPENDS_${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen" |
131 | RDEPENDS_${PN}-sshd += "${PN}-keygen ${@base_contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}" | 134 | RDEPENDS_${PN}-sshd += "${PN}-keygen ${@base_contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}" |
132 | 135 | ||
133 | |||
134 | CONFFILES_${PN}-sshd = "${sysconfdir}/ssh/sshd_config" | 136 | CONFFILES_${PN}-sshd = "${sysconfdir}/ssh/sshd_config" |
135 | CONFFILES_${PN}-ssh = "${sysconfdir}/ssh/ssh_config" | 137 | CONFFILES_${PN}-ssh = "${sysconfdir}/ssh/ssh_config" |
136 | 138 | ||