From 6d46321a15134bf5b7ebf9789ce8e464d0153d04 Mon Sep 17 00:00:00 2001 From: zhengruoqin Date: Mon, 18 Apr 2022 20:27:14 +0800 Subject: openssh: upgrade 8.9p1 -> 9.0p1 (From OE-Core rev: ee2b6da307512beecebc468194d614ba5de33d01) Signed-off-by: Zheng Ruoqin Signed-off-by: Richard Purdie --- ...to-not-using-sandbox-when-cross-compiling.patch | 33 ---- .../f107467179428a0e3ea9e4aa9738ac12ff02822d.patch | 35 ---- meta/recipes-connectivity/openssh/openssh_8.9p1.bb | 185 --------------------- meta/recipes-connectivity/openssh/openssh_9.0p1.bb | 183 ++++++++++++++++++++ 4 files changed, 183 insertions(+), 253 deletions(-) delete mode 100644 meta/recipes-connectivity/openssh/openssh/0001-Default-to-not-using-sandbox-when-cross-compiling.patch delete mode 100644 meta/recipes-connectivity/openssh/openssh/f107467179428a0e3ea9e4aa9738ac12ff02822d.patch delete mode 100644 meta/recipes-connectivity/openssh/openssh_8.9p1.bb create mode 100644 meta/recipes-connectivity/openssh/openssh_9.0p1.bb (limited to 'meta/recipes-connectivity/openssh') diff --git a/meta/recipes-connectivity/openssh/openssh/0001-Default-to-not-using-sandbox-when-cross-compiling.patch b/meta/recipes-connectivity/openssh/openssh/0001-Default-to-not-using-sandbox-when-cross-compiling.patch deleted file mode 100644 index 0241c290ac..0000000000 --- a/meta/recipes-connectivity/openssh/openssh/0001-Default-to-not-using-sandbox-when-cross-compiling.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 56194e9a6043873b0ec84f9d15c6e4caca2580c8 Mon Sep 17 00:00:00 2001 -From: Darren Tucker -Date: Tue, 8 Mar 2022 20:04:06 +1100 -Subject: [PATCH] Default to not using sandbox when cross compiling. - -On most systems poll(2) does not work when the number of FDs is reduced -with setrlimit, so assume it doesn't when cross compiling and we can't -run the test. bz#3398. - -Signed-off-by: Khem Raj -Upstream-Status: Backport [https://anongit.mindrot.org/openssh.git/patch/?id=8cf5275452a950869cb90eeac7d220b01f77b12e] ---- - configure.ac | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 17fb1e6..a165d08 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -3574,8 +3574,8 @@ AC_RUN_IFELSE( - select_works_with_rlimit=yes], - [AC_MSG_RESULT([no]) - select_works_with_rlimit=no], -- [AC_MSG_WARN([cross compiling: assuming yes]) -- select_works_with_rlimit=yes] -+ [AC_MSG_WARN([cross compiling: assuming no]) -+ select_works_with_rlimit=no] - ) - - AC_CHECK_MEMBERS([struct pollfd.fd], [], [], [[ --- -2.35.1 - diff --git a/meta/recipes-connectivity/openssh/openssh/f107467179428a0e3ea9e4aa9738ac12ff02822d.patch b/meta/recipes-connectivity/openssh/openssh/f107467179428a0e3ea9e4aa9738ac12ff02822d.patch deleted file mode 100644 index 847c0a143c..0000000000 --- a/meta/recipes-connectivity/openssh/openssh/f107467179428a0e3ea9e4aa9738ac12ff02822d.patch +++ /dev/null @@ -1,35 +0,0 @@ -From f107467179428a0e3ea9e4aa9738ac12ff02822d Mon Sep 17 00:00:00 2001 -From: Colin Watson -Date: Thu, 24 Feb 2022 16:04:18 +0000 -Subject: [PATCH] Improve detection of -fzero-call-used-regs=all support - -GCC doesn't tell us whether this option is supported unless it runs into -the situation where it would need to emit corresponding code. - -Upstream-Status: Backport -Signed-off-by: Alexander Kanavin ---- - m4/openssh.m4 | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/m4/openssh.m4 b/m4/openssh.m4 -index 4f9c3792dc1..8c33c701b8b 100644 ---- a/m4/openssh.m4 -+++ b/m4/openssh.m4 -@@ -14,6 +14,8 @@ AC_DEFUN([OSSH_CHECK_CFLAG_COMPILE], [{ - AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ - #include - #include -+/* Trivial function to help test for -fzero-call-used-regs */ -+void f(int n) {} - int main(int argc, char **argv) { - (void)argv; - /* Some math to catch -ftrapv problems in the toolchain */ -@@ -21,6 +23,7 @@ int main(int argc, char **argv) { - float l = i * 2.1; - double m = l / 0.5; - long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; -+ f(0); - printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); - /* - * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does diff --git a/meta/recipes-connectivity/openssh/openssh_8.9p1.bb b/meta/recipes-connectivity/openssh/openssh_8.9p1.bb deleted file mode 100644 index f306b1245a..0000000000 --- a/meta/recipes-connectivity/openssh/openssh_8.9p1.bb +++ /dev/null @@ -1,185 +0,0 @@ -SUMMARY = "A suite of security-related network utilities based on \ -the SSH protocol including the ssh client and sshd server" -DESCRIPTION = "Secure rlogin/rsh/rcp/telnet replacement (OpenSSH) \ -Ssh (Secure Shell) is a program for logging into a remote machine \ -and for executing commands on a remote machine." -HOMEPAGE = "http://www.openssh.com/" -SECTION = "console/network" -LICENSE = "BSD-2-Clause & BSD-3-Clause & ISC & MIT" -LIC_FILES_CHKSUM = "file://LICENCE;md5=8baf365614c9bdd63705f298c9afbfb9" - -DEPENDS = "zlib openssl virtual/crypt" -DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" - -SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.gz \ - file://sshd_config \ - file://ssh_config \ - file://init \ - ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ - file://sshd.socket \ - file://sshd@.service \ - file://sshdgenkeys.service \ - file://volatiles.99_sshd \ - file://run-ptest \ - file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \ - file://sshd_check_keys \ - file://add-test-support-for-busybox.patch \ - file://f107467179428a0e3ea9e4aa9738ac12ff02822d.patch \ - file://0001-Default-to-not-using-sandbox-when-cross-compiling.patch \ - " -SRC_URI[sha256sum] = "fd497654b7ab1686dac672fb83dfb4ba4096e8b5ffcdaccd262380ae58bec5e7" - -# This CVE is specific to OpenSSH with the pam opie which we don't build/use here -CVE_CHECK_IGNORE += "CVE-2007-2768" - -# This CVE is specific to OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 -# and when running in a Kerberos environment. As such it is not relevant to OpenEmbedded -CVE_CHECK_IGNORE += "CVE-2014-9278" - -# CVE only applies to some distributed RHEL binaries -CVE_CHECK_IGNORE += "CVE-2008-3844" - -PAM_SRC_URI = "file://sshd" - -inherit manpages useradd update-rc.d update-alternatives systemd - -USERADD_PACKAGES = "${PN}-sshd" -USERADD_PARAM:${PN}-sshd = "--system --no-create-home --home-dir /var/run/sshd --shell /bin/false --user-group sshd" -INITSCRIPT_PACKAGES = "${PN}-sshd" -INITSCRIPT_NAME:${PN}-sshd = "sshd" -INITSCRIPT_PARAMS:${PN}-sshd = "defaults 9" - -SYSTEMD_PACKAGES = "${PN}-sshd" -SYSTEMD_SERVICE:${PN}-sshd = "sshd.socket" - -inherit autotools-brokensep ptest - -PACKAGECONFIG ??= "rng-tools" -PACKAGECONFIG[kerberos] = "--with-kerberos5,--without-kerberos5,krb5" -PACKAGECONFIG[ldns] = "--with-ldns,--without-ldns,ldns" -PACKAGECONFIG[libedit] = "--with-libedit,--without-libedit,libedit" -PACKAGECONFIG[manpages] = "--with-mantype=man,--with-mantype=cat" - -# Add RRECOMMENDS to rng-tools for sshd package -PACKAGECONFIG[rng-tools] = "" - -EXTRA_AUTORECONF += "--exclude=aclocal" - -# login path is hardcoded in sshd -EXTRA_OECONF = "'LOGIN_PROGRAM=${base_bindir}/login' \ - ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '--with-pam', '--without-pam', d)} \ - --without-zlib-version-check \ - --with-privsep-path=${localstatedir}/run/sshd \ - --sysconfdir=${sysconfdir}/ssh \ - --with-xauth=${bindir}/xauth \ - --disable-strip \ - " - -# musl doesn't implement wtmp/utmp and logwtmp -EXTRA_OECONF:append:libc-musl = " --disable-wtmp --disable-lastlog" - -# Since we do not depend on libbsd, we do not want configure to use it -# just because it finds libutil.h. But, specifying --disable-libutil -# causes compile errors, so... -CACHED_CONFIGUREVARS += "ac_cv_header_bsd_libutil_h=no ac_cv_header_libutil_h=no" - -# passwd path is hardcoded in sshd -CACHED_CONFIGUREVARS += "ac_cv_path_PATH_PASSWD_PROG=${bindir}/passwd" - -# We don't want to depend on libblockfile -CACHED_CONFIGUREVARS += "ac_cv_header_maillock_h=no" - -do_configure:prepend () { - export LD="${CC}" - install -m 0644 ${WORKDIR}/sshd_config ${B}/ - install -m 0644 ${WORKDIR}/ssh_config ${B}/ -} - -do_compile_ptest() { - oe_runmake regress-binaries regress-unit-binaries -} - -do_install:append () { - if [ "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" ]; then - install -D -m 0644 ${WORKDIR}/sshd ${D}${sysconfdir}/pam.d/sshd - sed -i -e 's:#UsePAM no:UsePAM yes:' ${D}${sysconfdir}/ssh/sshd_config - fi - - if [ "${@bb.utils.filter('DISTRO_FEATURES', 'x11', d)}" ]; then - sed -i -e 's:#X11Forwarding no:X11Forwarding yes:' ${D}${sysconfdir}/ssh/sshd_config - fi - - install -d ${D}${sysconfdir}/init.d - install -m 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/sshd - rm -f ${D}${bindir}/slogin ${D}${datadir}/Ssh.bin - rmdir ${D}${localstatedir}/run/sshd ${D}${localstatedir}/run ${D}${localstatedir} - install -d ${D}/${sysconfdir}/default/volatiles - install -m 644 ${WORKDIR}/volatiles.99_sshd ${D}/${sysconfdir}/default/volatiles/99_sshd - install -m 0755 ${S}/contrib/ssh-copy-id ${D}${bindir} - - # Create config files for read-only rootfs - install -d ${D}${sysconfdir}/ssh - install -m 644 ${D}${sysconfdir}/ssh/sshd_config ${D}${sysconfdir}/ssh/sshd_config_readonly - sed -i '/HostKey/d' ${D}${sysconfdir}/ssh/sshd_config_readonly - echo "HostKey /var/run/ssh/ssh_host_rsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly - echo "HostKey /var/run/ssh/ssh_host_ecdsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly - echo "HostKey /var/run/ssh/ssh_host_ed25519_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly - - install -d ${D}${systemd_system_unitdir} - install -c -m 0644 ${WORKDIR}/sshd.socket ${D}${systemd_system_unitdir} - install -c -m 0644 ${WORKDIR}/sshd@.service ${D}${systemd_system_unitdir} - install -c -m 0644 ${WORKDIR}/sshdgenkeys.service ${D}${systemd_system_unitdir} - sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ - -e 's,@SBINDIR@,${sbindir},g' \ - -e 's,@BINDIR@,${bindir},g' \ - -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \ - ${D}${systemd_system_unitdir}/sshd.socket ${D}${systemd_system_unitdir}/*.service - - sed -i -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \ - ${D}${sysconfdir}/init.d/sshd - - install -D -m 0755 ${WORKDIR}/sshd_check_keys ${D}${libexecdir}/${BPN}/sshd_check_keys -} - -do_install_ptest () { - sed -i -e "s|^SFTPSERVER=.*|SFTPSERVER=${libexecdir}/sftp-server|" regress/test-exec.sh - cp -r regress ${D}${PTEST_PATH} - cp config.h ${D}${PTEST_PATH} -} - -ALLOW_EMPTY:${PN} = "1" - -PACKAGES =+ "${PN}-keygen ${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-sftp ${PN}-misc ${PN}-sftp-server" -FILES:${PN}-scp = "${bindir}/scp.${BPN}" -FILES:${PN}-ssh = "${bindir}/ssh.${BPN} ${sysconfdir}/ssh/ssh_config" -FILES:${PN}-sshd = "${sbindir}/sshd ${sysconfdir}/init.d/sshd ${systemd_system_unitdir}" -FILES:${PN}-sshd += "${sysconfdir}/ssh/moduli ${sysconfdir}/ssh/sshd_config ${sysconfdir}/ssh/sshd_config_readonly ${sysconfdir}/default/volatiles/99_sshd ${sysconfdir}/pam.d/sshd" -FILES:${PN}-sshd += "${libexecdir}/${BPN}/sshd_check_keys" -FILES:${PN}-sftp = "${bindir}/sftp" -FILES:${PN}-sftp-server = "${libexecdir}/sftp-server" -FILES:${PN}-misc = "${bindir}/ssh* ${libexecdir}/ssh*" -FILES:${PN}-keygen = "${bindir}/ssh-keygen" - -RDEPENDS:${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen" -RDEPENDS:${PN}-sshd += "${PN}-keygen ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}" -RRECOMMENDS:${PN}-sshd:append:class-target = "\ - ${@bb.utils.filter('PACKAGECONFIG', 'rng-tools', d)} \ -" - -# gdb would make attach-ptrace test pass rather than skip but not worth the build dependencies -RDEPENDS:${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make sed sudo coreutils" - -RPROVIDES:${PN}-ssh = "ssh" -RPROVIDES:${PN}-sshd = "sshd" - -RCONFLICTS:${PN} = "dropbear" -RCONFLICTS:${PN}-sshd = "dropbear" - -CONFFILES:${PN}-sshd = "${sysconfdir}/ssh/sshd_config" -CONFFILES:${PN}-ssh = "${sysconfdir}/ssh/ssh_config" - -ALTERNATIVE_PRIORITY = "90" -ALTERNATIVE:${PN}-scp = "scp" -ALTERNATIVE:${PN}-ssh = "ssh" - -BBCLASSEXTEND += "nativesdk" diff --git a/meta/recipes-connectivity/openssh/openssh_9.0p1.bb b/meta/recipes-connectivity/openssh/openssh_9.0p1.bb new file mode 100644 index 0000000000..975faed547 --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh_9.0p1.bb @@ -0,0 +1,183 @@ +SUMMARY = "A suite of security-related network utilities based on \ +the SSH protocol including the ssh client and sshd server" +DESCRIPTION = "Secure rlogin/rsh/rcp/telnet replacement (OpenSSH) \ +Ssh (Secure Shell) is a program for logging into a remote machine \ +and for executing commands on a remote machine." +HOMEPAGE = "http://www.openssh.com/" +SECTION = "console/network" +LICENSE = "BSD-2-Clause & BSD-3-Clause & ISC & MIT" +LIC_FILES_CHKSUM = "file://LICENCE;md5=8baf365614c9bdd63705f298c9afbfb9" + +DEPENDS = "zlib openssl virtual/crypt" +DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" + +SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.gz \ + file://sshd_config \ + file://ssh_config \ + file://init \ + ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ + file://sshd.socket \ + file://sshd@.service \ + file://sshdgenkeys.service \ + file://volatiles.99_sshd \ + file://run-ptest \ + file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \ + file://sshd_check_keys \ + file://add-test-support-for-busybox.patch \ + " +SRC_URI[sha256sum] = "03974302161e9ecce32153cfa10012f1e65c8f3750f573a73ab1befd5972a28a" + +# This CVE is specific to OpenSSH with the pam opie which we don't build/use here +CVE_CHECK_IGNORE += "CVE-2007-2768" + +# This CVE is specific to OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 +# and when running in a Kerberos environment. As such it is not relevant to OpenEmbedded +CVE_CHECK_IGNORE += "CVE-2014-9278" + +# CVE only applies to some distributed RHEL binaries +CVE_CHECK_IGNORE += "CVE-2008-3844" + +PAM_SRC_URI = "file://sshd" + +inherit manpages useradd update-rc.d update-alternatives systemd + +USERADD_PACKAGES = "${PN}-sshd" +USERADD_PARAM:${PN}-sshd = "--system --no-create-home --home-dir /var/run/sshd --shell /bin/false --user-group sshd" +INITSCRIPT_PACKAGES = "${PN}-sshd" +INITSCRIPT_NAME:${PN}-sshd = "sshd" +INITSCRIPT_PARAMS:${PN}-sshd = "defaults 9" + +SYSTEMD_PACKAGES = "${PN}-sshd" +SYSTEMD_SERVICE:${PN}-sshd = "sshd.socket" + +inherit autotools-brokensep ptest + +PACKAGECONFIG ??= "rng-tools" +PACKAGECONFIG[kerberos] = "--with-kerberos5,--without-kerberos5,krb5" +PACKAGECONFIG[ldns] = "--with-ldns,--without-ldns,ldns" +PACKAGECONFIG[libedit] = "--with-libedit,--without-libedit,libedit" +PACKAGECONFIG[manpages] = "--with-mantype=man,--with-mantype=cat" + +# Add RRECOMMENDS to rng-tools for sshd package +PACKAGECONFIG[rng-tools] = "" + +EXTRA_AUTORECONF += "--exclude=aclocal" + +# login path is hardcoded in sshd +EXTRA_OECONF = "'LOGIN_PROGRAM=${base_bindir}/login' \ + ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '--with-pam', '--without-pam', d)} \ + --without-zlib-version-check \ + --with-privsep-path=${localstatedir}/run/sshd \ + --sysconfdir=${sysconfdir}/ssh \ + --with-xauth=${bindir}/xauth \ + --disable-strip \ + " + +# musl doesn't implement wtmp/utmp and logwtmp +EXTRA_OECONF:append:libc-musl = " --disable-wtmp --disable-lastlog" + +# Since we do not depend on libbsd, we do not want configure to use it +# just because it finds libutil.h. But, specifying --disable-libutil +# causes compile errors, so... +CACHED_CONFIGUREVARS += "ac_cv_header_bsd_libutil_h=no ac_cv_header_libutil_h=no" + +# passwd path is hardcoded in sshd +CACHED_CONFIGUREVARS += "ac_cv_path_PATH_PASSWD_PROG=${bindir}/passwd" + +# We don't want to depend on libblockfile +CACHED_CONFIGUREVARS += "ac_cv_header_maillock_h=no" + +do_configure:prepend () { + export LD="${CC}" + install -m 0644 ${WORKDIR}/sshd_config ${B}/ + install -m 0644 ${WORKDIR}/ssh_config ${B}/ +} + +do_compile_ptest() { + oe_runmake regress-binaries regress-unit-binaries +} + +do_install:append () { + if [ "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" ]; then + install -D -m 0644 ${WORKDIR}/sshd ${D}${sysconfdir}/pam.d/sshd + sed -i -e 's:#UsePAM no:UsePAM yes:' ${D}${sysconfdir}/ssh/sshd_config + fi + + if [ "${@bb.utils.filter('DISTRO_FEATURES', 'x11', d)}" ]; then + sed -i -e 's:#X11Forwarding no:X11Forwarding yes:' ${D}${sysconfdir}/ssh/sshd_config + fi + + install -d ${D}${sysconfdir}/init.d + install -m 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/sshd + rm -f ${D}${bindir}/slogin ${D}${datadir}/Ssh.bin + rmdir ${D}${localstatedir}/run/sshd ${D}${localstatedir}/run ${D}${localstatedir} + install -d ${D}/${sysconfdir}/default/volatiles + install -m 644 ${WORKDIR}/volatiles.99_sshd ${D}/${sysconfdir}/default/volatiles/99_sshd + install -m 0755 ${S}/contrib/ssh-copy-id ${D}${bindir} + + # Create config files for read-only rootfs + install -d ${D}${sysconfdir}/ssh + install -m 644 ${D}${sysconfdir}/ssh/sshd_config ${D}${sysconfdir}/ssh/sshd_config_readonly + sed -i '/HostKey/d' ${D}${sysconfdir}/ssh/sshd_config_readonly + echo "HostKey /var/run/ssh/ssh_host_rsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly + echo "HostKey /var/run/ssh/ssh_host_ecdsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly + echo "HostKey /var/run/ssh/ssh_host_ed25519_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly + + install -d ${D}${systemd_system_unitdir} + install -c -m 0644 ${WORKDIR}/sshd.socket ${D}${systemd_system_unitdir} + install -c -m 0644 ${WORKDIR}/sshd@.service ${D}${systemd_system_unitdir} + install -c -m 0644 ${WORKDIR}/sshdgenkeys.service ${D}${systemd_system_unitdir} + sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ + -e 's,@SBINDIR@,${sbindir},g' \ + -e 's,@BINDIR@,${bindir},g' \ + -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \ + ${D}${systemd_system_unitdir}/sshd.socket ${D}${systemd_system_unitdir}/*.service + + sed -i -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \ + ${D}${sysconfdir}/init.d/sshd + + install -D -m 0755 ${WORKDIR}/sshd_check_keys ${D}${libexecdir}/${BPN}/sshd_check_keys +} + +do_install_ptest () { + sed -i -e "s|^SFTPSERVER=.*|SFTPSERVER=${libexecdir}/sftp-server|" regress/test-exec.sh + cp -r regress ${D}${PTEST_PATH} + cp config.h ${D}${PTEST_PATH} +} + +ALLOW_EMPTY:${PN} = "1" + +PACKAGES =+ "${PN}-keygen ${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-sftp ${PN}-misc ${PN}-sftp-server" +FILES:${PN}-scp = "${bindir}/scp.${BPN}" +FILES:${PN}-ssh = "${bindir}/ssh.${BPN} ${sysconfdir}/ssh/ssh_config" +FILES:${PN}-sshd = "${sbindir}/sshd ${sysconfdir}/init.d/sshd ${systemd_system_unitdir}" +FILES:${PN}-sshd += "${sysconfdir}/ssh/moduli ${sysconfdir}/ssh/sshd_config ${sysconfdir}/ssh/sshd_config_readonly ${sysconfdir}/default/volatiles/99_sshd ${sysconfdir}/pam.d/sshd" +FILES:${PN}-sshd += "${libexecdir}/${BPN}/sshd_check_keys" +FILES:${PN}-sftp = "${bindir}/sftp" +FILES:${PN}-sftp-server = "${libexecdir}/sftp-server" +FILES:${PN}-misc = "${bindir}/ssh* ${libexecdir}/ssh*" +FILES:${PN}-keygen = "${bindir}/ssh-keygen" + +RDEPENDS:${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen" +RDEPENDS:${PN}-sshd += "${PN}-keygen ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}" +RRECOMMENDS:${PN}-sshd:append:class-target = "\ + ${@bb.utils.filter('PACKAGECONFIG', 'rng-tools', d)} \ +" + +# gdb would make attach-ptrace test pass rather than skip but not worth the build dependencies +RDEPENDS:${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make sed sudo coreutils" + +RPROVIDES:${PN}-ssh = "ssh" +RPROVIDES:${PN}-sshd = "sshd" + +RCONFLICTS:${PN} = "dropbear" +RCONFLICTS:${PN}-sshd = "dropbear" + +CONFFILES:${PN}-sshd = "${sysconfdir}/ssh/sshd_config" +CONFFILES:${PN}-ssh = "${sysconfdir}/ssh/ssh_config" + +ALTERNATIVE_PRIORITY = "90" +ALTERNATIVE:${PN}-scp = "scp" +ALTERNATIVE:${PN}-ssh = "ssh" + +BBCLASSEXTEND += "nativesdk" -- cgit v1.2.3-54-g00ecf