diff options
| author | Joseph Reynolds <jrey@linux.ibm.com> | 2019-06-20 16:29:15 -0500 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2019-06-21 15:32:36 +0100 |
| commit | d52b1dfc1baac551350617bd683e8978bfae11c0 (patch) | |
| tree | bc4b875c49ea642d44b605f6c001240bc5941d37 /meta/recipes-core/dropbear/dropbear.inc | |
| parent | d4d8e851062ce5cc43bfe1cc65df4343b6572bfa (diff) | |
| download | poky-d52b1dfc1baac551350617bd683e8978bfae11c0.tar.gz | |
dropbear: new feature: disable-weak-ciphers
Enhances dropbear with a new feature "disable-weak-ciphers", on by default.
This feature disables all CBC, SHA1, and diffie-hellman group1 ciphers in
the dropbear ssh server and client.
Disable this feature if you need to connect to the ssh server from older
clients. Additional customization can be done with local_options.h as usual.
Tested: On dropbear_2019.78.
Upstream-Status: Inappropriate [configuration]
(From OE-Core rev: b11521ce1b1d1f8b4dddf830b41f5ea809730d22)
Signed-off-by: Joseph Reynolds <joseph.reynolds1@ibm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core/dropbear/dropbear.inc')
| -rw-r--r-- | meta/recipes-core/dropbear/dropbear.inc | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/meta/recipes-core/dropbear/dropbear.inc b/meta/recipes-core/dropbear/dropbear.inc index b74d186cd4..dcbda741c3 100644 --- a/meta/recipes-core/dropbear/dropbear.inc +++ b/meta/recipes-core/dropbear/dropbear.inc | |||
| @@ -20,7 +20,8 @@ SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \ | |||
| 20 | file://dropbear@.service \ | 20 | file://dropbear@.service \ |
| 21 | file://dropbear.socket \ | 21 | file://dropbear.socket \ |
| 22 | file://dropbear.default \ | 22 | file://dropbear.default \ |
| 23 | ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} " | 23 | ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ |
| 24 | ${@bb.utils.contains('PACKAGECONFIG', 'disable-weak-ciphers', 'file://dropbear-disable-weak-ciphers.patch', '', d)} " | ||
| 24 | 25 | ||
| 25 | PAM_SRC_URI = "file://0005-dropbear-enable-pam.patch \ | 26 | PAM_SRC_URI = "file://0005-dropbear-enable-pam.patch \ |
| 26 | file://0006-dropbear-configuration-file.patch \ | 27 | file://0006-dropbear-configuration-file.patch \ |
| @@ -46,8 +47,9 @@ SBINCOMMANDS = "dropbear dropbearkey dropbearconvert" | |||
| 46 | BINCOMMANDS = "dbclient ssh scp" | 47 | BINCOMMANDS = "dbclient ssh scp" |
| 47 | EXTRA_OEMAKE = 'MULTI=1 SCPPROGRESS=1 PROGRAMS="${SBINCOMMANDS} ${BINCOMMANDS}"' | 48 | EXTRA_OEMAKE = 'MULTI=1 SCPPROGRESS=1 PROGRAMS="${SBINCOMMANDS} ${BINCOMMANDS}"' |
| 48 | 49 | ||
| 49 | PACKAGECONFIG ?= "" | 50 | PACKAGECONFIG ?= "disable-weak-ciphers" |
| 50 | PACKAGECONFIG[system-libtom] = "--disable-bundled-libtom,--enable-bundled-libtom,libtommath libtomcrypt" | 51 | PACKAGECONFIG[system-libtom] = "--disable-bundled-libtom,--enable-bundled-libtom,libtommath libtomcrypt" |
| 52 | PACKAGECONFIG[disable-weak-ciphers] = "" | ||
| 51 | 53 | ||
| 52 | EXTRA_OECONF += "\ | 54 | EXTRA_OECONF += "\ |
| 53 | ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '--enable-pam', '--disable-pam', d)}" | 55 | ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '--enable-pam', '--disable-pam', d)}" |