From c527fd1f14c27855a37f2e8ac5346ce8d940ced2 Mon Sep 17 00:00:00 2001 From: Tudor Florea Date: Thu, 16 Oct 2014 03:05:19 +0200 Subject: initial commit for Enea Linux 4.0-140929 Migrated from the internal git server on the daisy-enea-point-release branch Signed-off-by: Tudor Florea --- .../dropbear/dropbear-2013.58/build_test.patch | 229 +++++++++++++++++++++ meta/recipes-core/dropbear/dropbear.inc | 99 +++++++++ .../0001-urandom-xauth-changes-to-options.h.patch | 23 +++ .../dropbear/dropbear/0003-configure.patch | 40 ++++ .../dropbear/dropbear/0004-fix-2kb-keys.patch | 22 ++ .../dropbear/0005-dropbear-enable-pam.patch | 28 +++ .../0006-dropbear-configuration-file.patch | 22 ++ .../dropbear/0007-dropbear-fix-for-x32-abi.patch | 140 +++++++++++++ meta/recipes-core/dropbear/dropbear/dropbear | 4 + .../recipes-core/dropbear/dropbear/dropbear.socket | 10 + .../dropbear/dropbear/dropbear@.service | 11 + .../dropbear/dropbear/dropbearkey.service | 8 + meta/recipes-core/dropbear/dropbear/init | 113 ++++++++++ meta/recipes-core/dropbear/dropbear/run-ptest | 2 + meta/recipes-core/dropbear/dropbear_2014.63.bb | 4 + 15 files changed, 755 insertions(+) create mode 100644 meta/recipes-core/dropbear/dropbear-2013.58/build_test.patch create mode 100644 meta/recipes-core/dropbear/dropbear.inc create mode 100644 meta/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch create mode 100644 meta/recipes-core/dropbear/dropbear/0003-configure.patch create mode 100644 meta/recipes-core/dropbear/dropbear/0004-fix-2kb-keys.patch create mode 100644 meta/recipes-core/dropbear/dropbear/0005-dropbear-enable-pam.patch create mode 100644 meta/recipes-core/dropbear/dropbear/0006-dropbear-configuration-file.patch create mode 100644 meta/recipes-core/dropbear/dropbear/0007-dropbear-fix-for-x32-abi.patch create mode 100644 meta/recipes-core/dropbear/dropbear/dropbear create mode 100644 meta/recipes-core/dropbear/dropbear/dropbear.socket create mode 100644 meta/recipes-core/dropbear/dropbear/dropbear@.service create mode 100644 meta/recipes-core/dropbear/dropbear/dropbearkey.service create mode 100755 meta/recipes-core/dropbear/dropbear/init create mode 100644 meta/recipes-core/dropbear/dropbear/run-ptest create mode 100644 meta/recipes-core/dropbear/dropbear_2014.63.bb (limited to 'meta/recipes-core/dropbear') diff --git a/meta/recipes-core/dropbear/dropbear-2013.58/build_test.patch b/meta/recipes-core/dropbear/dropbear-2013.58/build_test.patch new file mode 100644 index 0000000000..6f828cfc51 --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear-2013.58/build_test.patch @@ -0,0 +1,229 @@ +Fix various linkage errors for LibTomCrypt library in order to run tests +using ANSI-C PRNG algorithm. Also check that XCLOCKS_PER_SEC is larger than 1000000 +so that there may be a valid PRNG (Pseudo Random Number Generator). +Customize the tests output to be ptest-compliant . + +Upstream-Status: Pending +Signed-off-by: Dorin Gheorghe + +diff -Naur dropbear-2012.55/libtomcrypt/Makefile.in dropbear-2012.55.modified/libtomcrypt/Makefile.in +--- dropbear-2012.55/libtomcrypt/Makefile.in 2013-04-16 14:20:45.270448945 +0200 ++++ dropbear-2012.55.modified/libtomcrypt/Makefile.in 2013-04-16 11:00:06.517614900 +0200 +@@ -19,7 +19,7 @@ + + # Compilation flags. Note the += does not write over the user's CFLAGS! + # The rest of the flags come from the parent Dropbear makefile +-CFLAGS += -c -I$(srcdir)/src/headers/ -I$(srcdir)/../ ++CFLAGS += -c -I$(srcdir)/src/headers/ -I$(srcdir)/../ -I./testprof + + # additional warnings (newer GCC 3.4 and higher) + ifdef GCC_34 +@@ -175,6 +175,7 @@ + MULTIS=demos/multi.o + TIMINGS=demos/timing.o + TESTS=demos/test.o ++YARROW=src/prngs/yarrow.o src/prngs/rng_make_prng.o src/prngs/rng_get_bytes.o + + #Files left over from making the crypt.pdf. + LEFTOVERS=*.dvi *.log *.aux *.toc *.idx *.ilg *.ind *.out +@@ -227,8 +228,8 @@ + timing: library testprof/$(LIBTEST) $(TIMINGS) + $(CC) $(LDFLAGS) $(TIMINGS) testprof/$(LIBTEST) $(LIBNAME) $(EXTRALIBS) -o $(TIMING) + +-test: library testprof/$(LIBTEST) $(TESTS) +- $(CC) $(LDFLAGS) $(TESTS) testprof/$(LIBTEST) $(LIBNAME) $(EXTRALIBS) -o $(TEST) ++test: library testprof/$(LIBTEST) $(TESTS) $(YARROW) ++ $(CC) $(LDFLAGS) $(TESTS) $(YARROW) testprof/$(LIBTEST) $(LIBNAME) $(EXTRALIBS) -o $(TEST) + + #This rule installs the library and the header files. This must be run + #as root in order to have a high enough permission to write to the correct +diff -Naur dropbear-2012.55/libtomcrypt/demos/test.c dropbear-2012.55.modified/libtomcrypt/demos/test.c +--- dropbear-2012.55/libtomcrypt/demos/test.c 2012-02-23 14:47:05.000000000 +0100 ++++ dropbear-2012.55.modified/libtomcrypt/demos/test.c 2013-04-18 14:30:44.519839797 +0200 +@@ -12,21 +12,21 @@ + #elif defined(USE_GMP) + ltc_mp = gmp_desc; + #else +- extern ltc_math_descriptor EXT_MATH_LIB; ++ ltc_math_descriptor EXT_MATH_LIB; + ltc_mp = EXT_MATH_LIB; + #endif + + printf("build == \n%s\n", crypt_build_settings); +- printf("\nstore_test...."); fflush(stdout); x = store_test(); printf(x ? "failed" : "passed");if (x) exit(EXIT_FAILURE); +- printf("\ncipher_test..."); fflush(stdout); x = cipher_hash_test(); printf(x ? "failed" : "passed");if (x) exit(EXIT_FAILURE); +- printf("\nmodes_test...."); fflush(stdout); x = modes_test(); printf(x ? "failed" : "passed");if (x) exit(EXIT_FAILURE); +- printf("\nder_test......"); fflush(stdout); x = der_tests(); printf(x ? "failed" : "passed");if (x) exit(EXIT_FAILURE); +- printf("\nmac_test......"); fflush(stdout); x = mac_test(); printf(x ? "failed" : "passed");if (x) exit(EXIT_FAILURE); +- printf("\npkcs_1_test..."); fflush(stdout); x = pkcs_1_test(); printf(x ? "failed" : "passed");if (x) exit(EXIT_FAILURE); +- printf("\nrsa_test......"); fflush(stdout); x = rsa_test(); printf(x ? "failed" : "passed");if (x) exit(EXIT_FAILURE); +- printf("\necc_test......"); fflush(stdout); x = ecc_tests(); printf(x ? "failed" : "passed");if (x) exit(EXIT_FAILURE); +- printf("\ndsa_test......"); fflush(stdout); x = dsa_test(); printf(x ? "failed" : "passed");if (x) exit(EXIT_FAILURE); +- printf("\nkatja_test...."); fflush(stdout); x = katja_test(); printf(x ? "failed" : "passed");if (x) exit(EXIT_FAILURE); ++ fflush(stdout); x = store_test(); printf(x ? "FAIL: " : "PASS: "); printf("store_test\n"); if (x) exit(EXIT_FAILURE); ++ fflush(stdout); x = cipher_hash_test(); printf(x ? "FAIL: " : "PASS: "); printf("cipher_test\n"); if (x) exit(EXIT_FAILURE); ++ fflush(stdout); x = modes_test(); printf(x ? "FAIL: " : "PASS: "); printf("modes_test\n"); if (x) exit(EXIT_FAILURE); ++ fflush(stdout); x = der_tests(); printf(x ? "FAIL: " : "PASS: "); printf("der_test\n"); if (x) exit(EXIT_FAILURE); ++ fflush(stdout); x = mac_test(); printf(x ? "FAIL: " : "PASS: "); printf("mac_test\n"); if (x) exit(EXIT_FAILURE); ++ fflush(stdout); x = pkcs_1_test(); printf(x ? "FAIL: " : "PASS: "); printf("pkcs_1_test\n"); if (x) exit(EXIT_FAILURE); ++ fflush(stdout); x = rsa_test(); printf(x ? "FAIL: " : "PASS: "); printf("rsa_test\n"); if (x) exit(EXIT_FAILURE); ++ fflush(stdout); x = ecc_tests(); printf(x ? "FAIL: " : "PASS: "); printf("ecc_test\n"); if (x) exit(EXIT_FAILURE); ++ fflush(stdout); x = dsa_test(); printf(x ? "FAIL: " : "PASS: "); printf("dsa_test\n"); if (x) exit(EXIT_FAILURE); ++ fflush(stdout); x = katja_test(); printf(x ? "FAIL: " : "PASS: "); printf("katja_test\n"); if (x) exit(EXIT_FAILURE); + printf("\n"); + return EXIT_SUCCESS; + } +diff -Naur dropbear-2012.55/libtomcrypt/src/ciphers/des.c dropbear-2012.55.modified/libtomcrypt/src/ciphers/des.c +--- dropbear-2012.55/libtomcrypt/src/ciphers/des.c 2012-02-23 14:47:05.000000000 +0100 ++++ dropbear-2012.55.modified/libtomcrypt/src/ciphers/des.c 2013-04-16 11:05:46.171309548 +0200 +@@ -20,7 +20,7 @@ + #define EN0 0 + #define DE1 1 + +-#if 0 ++#if 1 + const struct ltc_cipher_descriptor des_desc = + { + "des", +@@ -1520,7 +1520,7 @@ + } + #endif + +-#if 0 ++#if 1 + /** + Initialize the DES block cipher + @param key The symmetric key you wish to pass +@@ -1581,7 +1581,7 @@ + return CRYPT_OK; + } + +-#if 0 ++#if 1 + /** + Encrypts a block of text with DES + @param pt The input plaintext (8 bytes) +@@ -1672,7 +1672,7 @@ + return CRYPT_OK; + } + +-#if 0 ++#if 1 + /** + Performs a self-test of the DES block cipher + @return CRYPT_OK if functional, CRYPT_NOP if self-test has been disabled +@@ -1857,7 +1857,7 @@ + #endif + } + +-#if 0 ++#if 1 + /** Terminate the context + @param skey The scheduled key + */ +@@ -1874,7 +1874,7 @@ + } + + +-#if 0 ++#if 1 + /** + Gets suitable key size + @param keysize [in/out] The length of the recommended key (in bytes). This function will store the suitable size back in this variable. +diff -Naur dropbear-2012.55/libtomcrypt/src/headers/tomcrypt_cipher.h dropbear-2012.55.modified/libtomcrypt/src/headers/tomcrypt_cipher.h +--- dropbear-2012.55/libtomcrypt/src/headers/tomcrypt_cipher.h 2012-02-23 14:47:05.000000000 +0100 ++++ dropbear-2012.55.modified/libtomcrypt/src/headers/tomcrypt_cipher.h 2013-04-16 10:41:21.916943343 +0200 +@@ -187,6 +187,7 @@ + void *data; + } symmetric_key; + ++#define LTC_ECB_MODE + #ifdef LTC_ECB_MODE + /** A block cipher ECB structure */ + typedef struct { +diff -Naur dropbear-2012.55/libtomcrypt/src/headers/tomcrypt_custom.h dropbear-2012.55.modified/libtomcrypt/src/headers/tomcrypt_custom.h +--- dropbear-2012.55/libtomcrypt/src/headers/tomcrypt_custom.h 2012-02-23 14:47:05.000000000 +0100 ++++ dropbear-2012.55.modified/libtomcrypt/src/headers/tomcrypt_custom.h 2013-04-16 14:02:10.794122645 +0200 +@@ -72,13 +72,15 @@ + + /* Enable self-test test vector checking */ + /* Not for dropbear */ +-/*#define LTC_TEST*/ ++#define LTC_TEST ++ ++#define YARROW + + /* clean the stack of functions which put private information on stack */ + /* #define LTC_CLEAN_STACK */ + + /* disable all file related functions */ +-#define LTC_NO_FILE ++//#define LTC_NO_FILE + + /* disable all forms of ASM */ + /* #define LTC_NO_ASM */ +diff -Naur dropbear-2012.55/libtomcrypt/src/misc/crypt/crypt.c dropbear-2012.55.modified/libtomcrypt/src/misc/crypt/crypt.c +--- dropbear-2012.55/libtomcrypt/src/misc/crypt/crypt.c 2012-02-23 14:47:06.000000000 +0100 ++++ dropbear-2012.55.modified/libtomcrypt/src/misc/crypt/crypt.c 2013-04-16 10:46:33.359842595 +0200 +@@ -15,7 +15,6 @@ + Build strings, Tom St Denis + */ + +-/* + const char *crypt_build_settings = + "LibTomCrypt " SCRYPT " (Tom St Denis, tomstdenis@gmail.com)\n" + "LibTomCrypt is public domain software.\n" +@@ -358,7 +357,7 @@ + "\n" + "\n\n\n" + ; +- */ ++ + + + /* $Source: /cvs/libtom/libtomcrypt/src/misc/crypt/crypt.c,v $ */ +diff -Naur dropbear-2012.55/libtomcrypt/src/prngs/rng_get_bytes.c dropbear-2012.55.modified/libtomcrypt/src/prngs/rng_get_bytes.c +--- dropbear-2012.55/libtomcrypt/src/prngs/rng_get_bytes.c 2012-02-23 14:47:06.000000000 +0100 ++++ dropbear-2012.55.modified/libtomcrypt/src/prngs/rng_get_bytes.c 2013-04-18 14:20:03.974930313 +0200 +@@ -60,7 +60,7 @@ + clock_t t1; + int l, acc, bits, a, b; + +- if (XCLOCKS_PER_SEC < 100 || XCLOCKS_PER_SEC > 10000) { ++ if (XCLOCKS_PER_SEC < 100 || XCLOCKS_PER_SEC > 1000000) { + return 0; + } + +diff -Naur dropbear-2012.55/libtomcrypt/testprof/cipher_hash_test.c dropbear-2012.55.modified/libtomcrypt/testprof/cipher_hash_test.c +--- dropbear-2012.55/libtomcrypt/testprof/cipher_hash_test.c 2012-02-23 14:47:06.000000000 +0100 ++++ dropbear-2012.55.modified/libtomcrypt/testprof/cipher_hash_test.c 2013-04-16 14:08:22.042234657 +0200 +@@ -11,6 +11,8 @@ + + /* test ciphers */ + for (x = 0; cipher_descriptor[x].name != NULL; x++) { ++ /* md5 test is failing with segfault */ ++ if (!strcmp(cipher_descriptor[x].name, "md5")) break; + DO(cipher_descriptor[x].test()); + } + +diff -Naur dropbear-2012.55/libtomcrypt/testprof/makefile dropbear-2012.55.modified/libtomcrypt/testprof/makefile +--- dropbear-2012.55/libtomcrypt/testprof/makefile 2012-02-23 14:47:06.000000000 +0100 ++++ dropbear-2012.55.modified/libtomcrypt/testprof/makefile 2013-04-16 10:35:21.200110690 +0200 +@@ -1,4 +1,4 @@ +-CFLAGS += -I../src/headers -I./ -Wall -W ++CFLAGS += -I../src/headers -I./ -I./../../ -Wall -W + + # ranlib tools + ifndef RANLIB +diff -Naur dropbear-2012.55/libtomcrypt/testprof/modes_test.c dropbear-2012.55.modified/libtomcrypt/testprof/modes_test.c +--- dropbear-2012.55/libtomcrypt/testprof/modes_test.c 2012-02-23 14:47:06.000000000 +0100 ++++ dropbear-2012.55.modified/libtomcrypt/testprof/modes_test.c 2013-04-16 10:50:53.820882559 +0200 +@@ -1,6 +1,8 @@ + /* test CFB/OFB/CBC modes */ + #include + ++extern unsigned long yarrow_read(unsigned char *out, unsigned long outlen, prng_state *prng); ++ + int modes_test(void) + { + unsigned char pt[64], ct[64], tmp[64], key[16], iv[16], iv2[16]; diff --git a/meta/recipes-core/dropbear/dropbear.inc b/meta/recipes-core/dropbear/dropbear.inc new file mode 100644 index 0000000000..40ed9d261d --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear.inc @@ -0,0 +1,99 @@ +SUMMARY = "A lightweight SSH and SCP implementation" +HOMEPAGE = "http://matt.ucc.asn.au/dropbear/dropbear.html" +SECTION = "console/network" + +# some files are from other projects and have others license terms: +# public domain, OpenSSH 3.5p1, OpenSSH3.6.1p2, PuTTY +LICENSE = "MIT & BSD-3-Clause & BSD-2-Clause & PD" +LIC_FILES_CHKSUM = "file://LICENSE;md5=4d290ce0ac102c828dfc9ce836784688" + +DEPENDS = "zlib" +RPROVIDES_${PN} = "ssh sshd" + +DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" + +SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \ + file://0001-urandom-xauth-changes-to-options.h.patch \ + file://0003-configure.patch \ + file://0004-fix-2kb-keys.patch \ + file://0007-dropbear-fix-for-x32-abi.patch \ + file://init \ + file://dropbearkey.service \ + file://dropbear@.service \ + file://dropbear.socket \ + ${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} " + +PAM_SRC_URI = "file://0005-dropbear-enable-pam.patch \ + file://0006-dropbear-configuration-file.patch \ + file://dropbear" + +inherit autotools update-rc.d systemd + +INITSCRIPT_NAME = "dropbear" +INITSCRIPT_PARAMS = "defaults 10" + +SYSTEMD_SERVICE_${PN} = "dropbear.socket" + +CFLAGS_prepend = " -I. " +LD = "${CC}" + +SBINCOMMANDS = "dropbear dropbearkey dropbearconvert" +BINCOMMANDS = "dbclient ssh scp" +EXTRA_OEMAKE = 'MULTI=1 SCPPROGRESS=1 PROGRAMS="${SBINCOMMANDS} ${BINCOMMANDS}"' +EXTRA_OECONF += "\ + ${@base_contains('DISTRO_FEATURES', 'pam', '--enable-pam', '--disable-pam', d)}" +CFLAGS += "-DSFTPSERVER_PATH=\\"${libdir}/openssh/sftp-server\\"" + +do_install() { + install -d ${D}${sysconfdir} \ + ${D}${sysconfdir}/init.d \ + ${D}${sysconfdir}/default \ + ${D}${sysconfdir}/dropbear \ + ${D}${bindir} \ + ${D}${sbindir} \ + ${D}${localstatedir} + + install -m 0755 dropbearmulti ${D}${sbindir}/ + ln -s ${sbindir}/dropbearmulti ${D}${bindir}/dbclient + + for i in ${SBINCOMMANDS} + do + ln -s ./dropbearmulti ${D}${sbindir}/$i + done + cat ${WORKDIR}/init | sed -e 's,/etc,${sysconfdir},g' \ + -e 's,/usr/sbin,${sbindir},g' \ + -e 's,/var,${localstatedir},g' \ + -e 's,/usr/bin,${bindir},g' \ + -e 's,/usr,${prefix},g' > ${D}${sysconfdir}/init.d/dropbear + chmod 755 ${D}${sysconfdir}/init.d/dropbear + if [ "${@base_contains('DISTRO_FEATURES', 'pam', 'pam', '', d)}" = "pam" ]; then + install -d ${D}${sysconfdir}/pam.d + install -m 0644 ${WORKDIR}/dropbear ${D}${sysconfdir}/pam.d/ + fi + + # deal with systemd unit files + install -d ${D}${systemd_unitdir}/system + install -m 0644 ${WORKDIR}/dropbearkey.service ${D}${systemd_unitdir}/system + install -m 0644 ${WORKDIR}/dropbear@.service ${D}${systemd_unitdir}/system + install -m 0644 ${WORKDIR}/dropbear.socket ${D}${systemd_unitdir}/system + sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ + -e 's,@BINDIR@,${bindir},g' \ + -e 's,@SBINDIR@,${sbindir},g' \ + ${D}${systemd_unitdir}/system/dropbear.socket ${D}${systemd_unitdir}/system/*.service +} + +inherit update-alternatives + +ALTERNATIVE_PRIORITY = "20" +ALTERNATIVE_${PN} = "scp ssh" + +ALTERNATIVE_TARGET = "${sbindir}/dropbearmulti" + +pkg_postrm_append_${PN} () { + if [ -f "${sysconfdir}/dropbear/dropbear_rsa_host_key" ]; then + rm ${sysconfdir}/dropbear/dropbear_rsa_host_key + fi + if [ -f "${sysconfdir}/dropbear/dropbear_dss_host_key" ]; then + rm ${sysconfdir}/dropbear/dropbear_dss_host_key + fi +} diff --git a/meta/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch b/meta/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch new file mode 100644 index 0000000000..71a4666b5c --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch @@ -0,0 +1,23 @@ +Subject: [PATCH 1/6] urandom-xauth-changes-to-options.h + +Upstream-Status: Inappropriate [configuration] +--- + options.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/options.h b/options.h +index 7d06322..71a21c2 100644 +--- a/options.h ++++ b/options.h +@@ -247,7 +247,7 @@ much traffic. */ + /* The command to invoke for xauth when using X11 forwarding. + * "-q" for quiet */ + #ifndef XAUTH_COMMAND +-#define XAUTH_COMMAND "/usr/bin/X11/xauth -q" ++#define XAUTH_COMMAND "xauth -q" + #endif + + /* if you want to enable running an sftp server (such as the one included with +-- +1.7.11.7 + diff --git a/meta/recipes-core/dropbear/dropbear/0003-configure.patch b/meta/recipes-core/dropbear/dropbear/0003-configure.patch new file mode 100644 index 0000000000..2baf665ae4 --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear/0003-configure.patch @@ -0,0 +1,40 @@ +From c5f5c5054c1b15539dccf866e2c3faba7ed68456 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Eric=20B=C3=A9nard?= +Date: Thu, 25 Apr 2013 00:27:25 +0200 +Subject: [PATCH 3/6] configure + +--- + configure.ac | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 05461f3..9c16d90 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -166,15 +166,20 @@ AC_ARG_ENABLE(openpty, + AC_MSG_NOTICE(Not using openpty) + else + AC_MSG_NOTICE(Using openpty if available) +- AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY,,Have openpty() function)]) ++ AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes]) + fi + ], + [ + AC_MSG_NOTICE(Using openpty if available) +- AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY)]) ++ AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes]) + ] + ) +- ++ ++if test "x$dropbear_cv_func_have_openpty" = "xyes"; then ++ AC_DEFINE(HAVE_OPENPTY,,Have openpty() function) ++ no_ptc_check=yes ++ no_ptmx_check=yes ++fi + + AC_ARG_ENABLE(syslog, + [ --disable-syslog Don't include syslog support], +-- +1.7.11.7 + diff --git a/meta/recipes-core/dropbear/dropbear/0004-fix-2kb-keys.patch b/meta/recipes-core/dropbear/dropbear/0004-fix-2kb-keys.patch new file mode 100644 index 0000000000..7539d2034f --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear/0004-fix-2kb-keys.patch @@ -0,0 +1,22 @@ +Subject: [PATCH 4/6] fix 2kb keys + +Upstream-Status: Inappropriate [configuration] +--- + kex.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/kex.h b/kex.h +index 72430e9..375c677 100644 +--- a/kex.h ++++ b/kex.h +@@ -67,6 +67,6 @@ struct KEXState { + }; + + +-#define MAX_KEXHASHBUF 2000 ++#define MAX_KEXHASHBUF 3000 + + #endif /* _KEX_H_ */ +-- +1.7.11.7 + diff --git a/meta/recipes-core/dropbear/dropbear/0005-dropbear-enable-pam.patch b/meta/recipes-core/dropbear/dropbear/0005-dropbear-enable-pam.patch new file mode 100644 index 0000000000..c408c571e6 --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear/0005-dropbear-enable-pam.patch @@ -0,0 +1,28 @@ +Subject: [PATCH 5/6] dropbear enable pam + +dropbear: We need modify file option.h besides enabling pam in \ +configure if we want dropbear to support pam. + +Upstream-Status: Pending + +Signed-off-by: Xiaofeng Yan +--- + options.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +Index: dropbear-2013.62/options.h +=================================================================== +--- dropbear-2013.62.orig/options.h 2014-01-14 21:53:02.803262009 +0000 ++++ dropbear-2013.62/options.h 2014-01-14 21:53:56.119263462 +0000 +@@ -192,9 +192,9 @@ + * PAM challenge/response. + * You can't enable both PASSWORD and PAM. */ + +-#define ENABLE_SVR_PASSWORD_AUTH ++/*#define ENABLE_SVR_PASSWORD_AUTH*/ + /* PAM requires ./configure --enable-pam */ +-/*#define ENABLE_SVR_PAM_AUTH */ ++#define ENABLE_SVR_PAM_AUTH + #define ENABLE_SVR_PUBKEY_AUTH + + /* Whether to take public key options in diff --git a/meta/recipes-core/dropbear/dropbear/0006-dropbear-configuration-file.patch b/meta/recipes-core/dropbear/dropbear/0006-dropbear-configuration-file.patch new file mode 100644 index 0000000000..fa4c8d0a67 --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear/0006-dropbear-configuration-file.patch @@ -0,0 +1,22 @@ +Subject: [PATCH 6/6] dropbear configuration file + +dropbear: Change the path ("/etc/pam.d/sshd" as default) to find a pam configuration file \ +to "/etc/pam.d/dropbear for dropbear when enabling pam supporting" + +Upstream-Status: Inappropriate [configuration] + +Signed-off-by: Maxin B. John +Signed-off-by: Xiaofeng Yan +--- +diff -Naur dropbear-2013.60-orig/svr-authpam.c dropbear-2013.60/svr-authpam.c +--- dropbear-2013.60-orig/svr-authpam.c 2013-10-16 16:34:53.000000000 +0200 ++++ dropbear-2013.60/svr-authpam.c 2013-10-21 17:04:04.969416055 +0200 +@@ -211,7 +211,7 @@ + userData.passwd = password; + + /* Init pam */ +- if ((rc = pam_start("sshd", NULL, &pamConv, &pamHandlep)) != PAM_SUCCESS) { ++ if ((rc = pam_start("dropbear", NULL, &pamConv, &pamHandlep)) != PAM_SUCCESS) { + dropbear_log(LOG_WARNING, "pam_start() failed, rc=%d, %s", + rc, pam_strerror(pamHandlep, rc)); + goto cleanup; diff --git a/meta/recipes-core/dropbear/dropbear/0007-dropbear-fix-for-x32-abi.patch b/meta/recipes-core/dropbear/dropbear/0007-dropbear-fix-for-x32-abi.patch new file mode 100644 index 0000000000..b4501211c3 --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear/0007-dropbear-fix-for-x32-abi.patch @@ -0,0 +1,140 @@ +Upstream-Status: Pending + +The dropbearkey utility built in x32 abi format, when generating ssh +keys, was getting lost in the infinite loop. + +This patch fixes the issue by fixing types of variables and +parameters of functions used in the code, which were getting +undesired size, when compiled with the x32 abi toolchain. + +2013/05/23 +Received this fix from H J Lu. + +Signed-Off-By: Nitin A Kamble + +# HG changeset patch +# User H.J. Lu +# Date 1369344079 25200 +# Node ID a10a1c46b857cc8a3923c3bb6d1504aa25b6052f +# Parent e76614145aea67f66e4a4257685c771efba21aa1 +Typdef mp_digit to unsigned long long for MP_64BIT + +When GCC is used with MP_64BIT, we should typedef mp_digit to unsigned +long long instead of unsigned long since for x32, unsigned long is +32-bit and unsigned long long is 64-bit and it is safe to use unsigned +long long for 64-bit integer with GCC. + +diff -r e76614145aea -r a10a1c46b857 libtommath/tommath.h +--- a/libtommath/tommath.h Thu Apr 18 22:57:47 2013 +0800 ++++ b/libtommath/tommath.h Thu May 23 14:21:19 2013 -0700 +@@ -73,7 +73,7 @@ + typedef signed long long long64; + #endif + +- typedef unsigned long mp_digit; ++ typedef unsigned long long mp_digit; + typedef unsigned long mp_word __attribute__ ((mode(TI))); + + #define DIGIT_BIT 60 +# HG changeset patch +# User H.J. Lu +# Date 1369344241 25200 +# Node ID c7555a4cb7ded3a88409ba85f4027baa7af5f536 +# Parent a10a1c46b857cc8a3923c3bb6d1504aa25b6052f +Cast to mp_digit when updating *rho + +There is + +int +mp_montgomery_setup (mp_int * n, mp_digit * rho) + +We should cast to mp_digit instead of unsigned long when updating +*rho since mp_digit may be unsigned long long and unsigned long long +may be different from unsigned long, like in x32. + +diff -r a10a1c46b857 -r c7555a4cb7de libtommath/bn_mp_montgomery_setup.c +--- a/libtommath/bn_mp_montgomery_setup.c Thu May 23 14:21:19 2013 -0700 ++++ b/libtommath/bn_mp_montgomery_setup.c Thu May 23 14:24:01 2013 -0700 +@@ -48,7 +48,7 @@ + #endif + + /* rho = -1/m mod b */ +- *rho = (unsigned long)(((mp_word)1 << ((mp_word) DIGIT_BIT)) - x) & MP_MASK; ++ *rho = (mp_digit)(((mp_word)1 << ((mp_word) DIGIT_BIT)) - x) & MP_MASK; + + return MP_OKAY; + } +# HG changeset patch +# User H.J. Lu +# Date 1369344541 25200 +# Node ID 7c656e7071a6412688b2f30a529a9afac6c7bf5a +# Parent c7555a4cb7ded3a88409ba85f4027baa7af5f536 +Define LTC_FAST_TYPE to unsigned long long for __x86_64__ + +We should define LTC_FAST_TYPE to unsigned long long instead of unsigned +long if __x86_64__ to support x32 where unsigned long long is 64-bit +and unsigned long is 32-bit. + +diff -r c7555a4cb7de -r 7c656e7071a6 libtomcrypt/src/headers/tomcrypt_cfg.h +--- a/libtomcrypt/src/headers/tomcrypt_cfg.h Thu May 23 14:24:01 2013 -0700 ++++ b/libtomcrypt/src/headers/tomcrypt_cfg.h Thu May 23 14:29:01 2013 -0700 +@@ -74,7 +74,7 @@ + #define ENDIAN_LITTLE + #define ENDIAN_64BITWORD + #define LTC_FAST +- #define LTC_FAST_TYPE unsigned long ++ #define LTC_FAST_TYPE unsigned long long + #endif + + /* detect PPC32 */ +# HG changeset patch +# User H.J. Lu +# Date 1369344730 25200 +# Node ID a7d4690158fae4ede2c4e5b56233e83730bf38ee +# Parent 7c656e7071a6412688b2f30a529a9afac6c7bf5a +Use unsigned long long aas unsigned 64-bit integer for x86-64 GCC + +We should use unsigned long long instead of unsigned long as unsigned +64-bit integer for x86-64 GCC to support x32 where unsigned long is +32-bit. + +diff -r 7c656e7071a6 -r a7d4690158fa libtomcrypt/src/headers/tomcrypt_macros.h +--- a/libtomcrypt/src/headers/tomcrypt_macros.h Thu May 23 14:29:01 2013 -0700 ++++ b/libtomcrypt/src/headers/tomcrypt_macros.h Thu May 23 14:32:10 2013 -0700 +@@ -343,7 +343,7 @@ + /* 64-bit Rotates */ + #if !defined(__STRICT_ANSI__) && defined(__GNUC__) && defined(__x86_64__) && !defined(LTC_NO_ASM) + +-static inline unsigned long ROL64(unsigned long word, int i) ++static inline unsigned long long ROL64(unsigned long long word, int i) + { + asm("rolq %%cl,%0" + :"=r" (word) +@@ -351,7 +351,7 @@ + return word; + } + +-static inline unsigned long ROR64(unsigned long word, int i) ++static inline unsigned long long ROR64(unsigned long long word, int i) + { + asm("rorq %%cl,%0" + :"=r" (word) +@@ -361,7 +361,7 @@ + + #ifndef LTC_NO_ROLC + +-static inline unsigned long ROL64c(unsigned long word, const int i) ++static inline unsigned long long ROL64c(unsigned long long word, const int i) + { + asm("rolq %2,%0" + :"=r" (word) +@@ -369,7 +369,7 @@ + return word; + } + +-static inline unsigned long ROR64c(unsigned long word, const int i) ++static inline unsigned long long ROR64c(unsigned long long word, const int i) + { + asm("rorq %2,%0" + :"=r" (word) + diff --git a/meta/recipes-core/dropbear/dropbear/dropbear b/meta/recipes-core/dropbear/dropbear/dropbear new file mode 100644 index 0000000000..47e787fb10 --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear/dropbear @@ -0,0 +1,4 @@ +#%PAM-1.0 + +auth include common-auth +account include common-account diff --git a/meta/recipes-core/dropbear/dropbear/dropbear.socket b/meta/recipes-core/dropbear/dropbear/dropbear.socket new file mode 100644 index 0000000000..e5c61b755e --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear/dropbear.socket @@ -0,0 +1,10 @@ +[Unit] +Conflicts=dropbear.service + +[Socket] +ListenStream=22 +Accept=yes + +[Install] +WantedBy=sockets.target +Also=dropbearkey.service diff --git a/meta/recipes-core/dropbear/dropbear/dropbear@.service b/meta/recipes-core/dropbear/dropbear/dropbear@.service new file mode 100644 index 0000000000..6fe9942090 --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear/dropbear@.service @@ -0,0 +1,11 @@ +[Unit] +Description=SSH Per-Connection Server +Wants=dropbearkey.service +After=syslog.target dropbearkey.service + +[Service] +EnvironmentFile=-/etc/default/dropbear +ExecStart=-@SBINDIR@/dropbear -i -r /etc/dropbear/dropbear_rsa_host_key $DROPBEAR_EXTRA_ARGS +ExecReload=@BASE_BINDIR@/kill -HUP $MAINPID +StandardInput=socket +KillMode=process diff --git a/meta/recipes-core/dropbear/dropbear/dropbearkey.service b/meta/recipes-core/dropbear/dropbear/dropbearkey.service new file mode 100644 index 0000000000..ccc21d5cca --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear/dropbearkey.service @@ -0,0 +1,8 @@ +[Unit] +Description=SSH Key Generation +ConditionPathExists=|!/etc/dropbear/dropbear_rsa_host_key + +[Service] +Type=oneshot +ExecStart=@SBINDIR@/dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key +RemainAfterExit=yes diff --git a/meta/recipes-core/dropbear/dropbear/init b/meta/recipes-core/dropbear/dropbear/init new file mode 100755 index 0000000000..e8fed3f94d --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear/init @@ -0,0 +1,113 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: sshd +# Required-Start: $remote_fs $syslog $networking +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 1 +# Short-Description: Dropbear Secure Shell server +### END INIT INFO +# +# Do not configure this file. Edit /etc/default/dropbear instead! +# + +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +DAEMON=/usr/sbin/dropbear +NAME=dropbear +DESC="Dropbear SSH server" +PIDFILE=/var/run/dropbear.pid + +DROPBEAR_PORT=22 +DROPBEAR_EXTRA_ARGS= +NO_START=0 + +set -e + +test ! -r /etc/default/dropbear || . /etc/default/dropbear +test "$NO_START" = "0" || exit 0 +test -x "$DAEMON" || exit 0 +test ! -h /var/service/dropbear || exit 0 + +readonly_rootfs=0 +for flag in `awk '{ if ($2 == "/") { split($4,FLAGS,",") } }; END { for (f in FLAGS) print FLAGS[f] }' &2 + exit 1 + ;; +esac + +exit 0 diff --git a/meta/recipes-core/dropbear/dropbear/run-ptest b/meta/recipes-core/dropbear/dropbear/run-ptest new file mode 100644 index 0000000000..61f1e0c0dd --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear/run-ptest @@ -0,0 +1,2 @@ +#!/bin/sh +cd libtomcrypt; ./test 2>&1 | sed 's/NOPPASS/SKIP/' diff --git a/meta/recipes-core/dropbear/dropbear_2014.63.bb b/meta/recipes-core/dropbear/dropbear_2014.63.bb new file mode 100644 index 0000000000..bb7e6178bc --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear_2014.63.bb @@ -0,0 +1,4 @@ +require dropbear.inc + +SRC_URI[md5sum] = "7066bb9a2da708f3ed06314fdc9c47fd" +SRC_URI[sha256sum] = "595992de432ba586a0e7e191bbb1ad587727678bb3e345b018c395b8c55b57ae" -- cgit v1.2.3-54-g00ecf