From 0d28ec11cf489bcf7d3ccf4cc1719e99b11552d2 Mon Sep 17 00:00:00 2001 From: Wang Mingyu Date: Wed, 10 Apr 2024 10:01:39 +0800 Subject: dropbear: upgrade 2022.83 -> 2024.84 0001-urandom-xauth-changes-to-options.h.patch dropbear-disable-weak-ciphers.patch 0005-dropbear-enable-pam.patch 0006-dropbear-configuration-file.patch refreshed for 2024.84 CVE-2023-36328.patch removed since it's included in 2024.84 (From OE-Core rev: c50a0d013137338ac1dec60f6aed32ff3a185839) Signed-off-by: Wang Mingyu Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie --- .../0001-urandom-xauth-changes-to-options.h.patch | 14 +- .../dropbear/0005-dropbear-enable-pam.patch | 8 +- .../0006-dropbear-configuration-file.patch | 8 +- .../dropbear/dropbear/CVE-2023-36328.patch | 144 --------------------- .../dropbear/dropbear-disable-weak-ciphers.patch | 8 +- meta/recipes-core/dropbear/dropbear_2022.83.bb | 132 ------------------- meta/recipes-core/dropbear/dropbear_2024.84.bb | 131 +++++++++++++++++++ 7 files changed, 150 insertions(+), 295 deletions(-) delete mode 100644 meta/recipes-core/dropbear/dropbear/CVE-2023-36328.patch delete mode 100644 meta/recipes-core/dropbear/dropbear_2022.83.bb create mode 100644 meta/recipes-core/dropbear/dropbear_2024.84.bb (limited to 'meta') diff --git a/meta/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch b/meta/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch index 99adcfd770..c74f09e484 100644 --- a/meta/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch +++ b/meta/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch @@ -2,14 +2,14 @@ Subject: [PATCH 1/6] urandom-xauth-changes-to-options.h Upstream-Status: Inappropriate [configuration] --- - default_options.h | 2 +- + src/default_options.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -diff --git a/default_options.h b/default_options.h -index 349338c..5ffac25 100644 ---- a/default_options.h -+++ b/default_options.h -@@ -289,7 +289,7 @@ group1 in Dropbear server too */ +diff --git a/src/default_options.h b/src/default_options.h +index 6e970bb..ccc8b47 100644 +--- a/src/default_options.h ++++ b/src/default_options.h +@@ -311,7 +311,7 @@ group1 in Dropbear server too */ /* The command to invoke for xauth when using X11 forwarding. * "-q" for quiet */ @@ -19,5 +19,5 @@ index 349338c..5ffac25 100644 /* If you want to enable running an sftp server (such as the one included with -- -2.25.1 +2.34.1 diff --git a/meta/recipes-core/dropbear/dropbear/0005-dropbear-enable-pam.patch b/meta/recipes-core/dropbear/dropbear/0005-dropbear-enable-pam.patch index 32c3ea5f08..fe667ddc25 100644 --- a/meta/recipes-core/dropbear/dropbear/0005-dropbear-enable-pam.patch +++ b/meta/recipes-core/dropbear/dropbear/0005-dropbear-enable-pam.patch @@ -11,13 +11,13 @@ Upstream-Status: Pending Signed-off-by: Xiaofeng Yan Signed-off-by: Jussi Kukkonen --- - default_options.h | 4 ++-- + src/default_options.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) -diff --git a/default_options.h b/default_options.h +diff --git a/src/default_options.h b/src/default_options.h index 0e3d027..349338c 100644 ---- a/default_options.h -+++ b/default_options.h +--- a/src/default_options.h ++++ b/src/default_options.h @@ -210,7 +210,7 @@ group1 in Dropbear server too */ /* Authentication Types - at least one required. diff --git a/meta/recipes-core/dropbear/dropbear/0006-dropbear-configuration-file.patch b/meta/recipes-core/dropbear/dropbear/0006-dropbear-configuration-file.patch index deed78ffb9..f54f634a4e 100644 --- a/meta/recipes-core/dropbear/dropbear/0006-dropbear-configuration-file.patch +++ b/meta/recipes-core/dropbear/dropbear/0006-dropbear-configuration-file.patch @@ -12,13 +12,13 @@ Signed-off-by: Maxin B. John Signed-off-by: Xiaofeng Yan Signed-off-by: Mingli Yu --- - svr-authpam.c | 2 +- + src/svr-authpam.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -diff --git a/svr-authpam.c b/svr-authpam.c +diff --git a/srec/svr-authpam.c b/src/svr-authpam.c index d201bc9..165ec5c 100644 ---- a/svr-authpam.c -+++ b/svr-authpam.c +--- a/src/svr-authpam.c ++++ b/src/svr-authpam.c @@ -223,7 +223,7 @@ void svr_auth_pam(int valid_user) { } diff --git a/meta/recipes-core/dropbear/dropbear/CVE-2023-36328.patch b/meta/recipes-core/dropbear/dropbear/CVE-2023-36328.patch deleted file mode 100644 index ec50d69816..0000000000 --- a/meta/recipes-core/dropbear/dropbear/CVE-2023-36328.patch +++ /dev/null @@ -1,144 +0,0 @@ -From beba892bc0d4e4ded4d667ab1d2a94f4d75109a9 Mon Sep 17 00:00:00 2001 -From: czurnieden -Date: Fri, 8 Sep 2023 10:07:32 +0000 -Subject: [PATCH] Fix possible integer overflow - -CVE: CVE-2023-36328 - -Upstream-Status: Backport [https://github.com/libtom/libtommath/commit/beba892bc0d4e4ded4d667ab1d2a94f4d75109a9] - -Signed-off-by: Yogita Urade ---- - libtommath/bn_mp_2expt.c | 4 ++++ - libtommath/bn_mp_grow.c | 4 ++++ - libtommath/bn_mp_init_size.c | 5 +++++ - libtommath/bn_mp_mul_2d.c | 4 ++++ - libtommath/bn_s_mp_mul_digs.c | 4 ++++ - libtommath/bn_s_mp_mul_digs_fast.c | 4 ++++ - libtommath/bn_s_mp_mul_high_digs.c | 4 ++++ - libtommath/bn_s_mp_mul_high_digs_fast.c | 4 ++++ - 8 files changed, 33 insertions(+) - -diff --git a/libtommath/bn_mp_2expt.c b/libtommath/bn_mp_2expt.c -index 0ae3df1..ca6fbc3 100644 ---- a/libtommath/bn_mp_2expt.c -+++ b/libtommath/bn_mp_2expt.c -@@ -12,6 +12,10 @@ mp_err mp_2expt(mp_int *a, int b) - { - mp_err err; - -+ if (b < 0) { -+ return MP_VAL; -+ } -+ - /* zero a as per default */ - mp_zero(a); - -diff --git a/libtommath/bn_mp_grow.c b/libtommath/bn_mp_grow.c -index 9e904c5..2b16826 100644 ---- a/libtommath/bn_mp_grow.c -+++ b/libtommath/bn_mp_grow.c -@@ -9,6 +9,10 @@ mp_err mp_grow(mp_int *a, int size) - int i; - mp_digit *tmp; - -+ if (size < 0) { -+ return MP_VAL; -+ } -+ - /* if the alloc size is smaller alloc more ram */ - if (a->alloc < size) { - /* reallocate the array a->dp -diff --git a/libtommath/bn_mp_init_size.c b/libtommath/bn_mp_init_size.c -index d622687..5fefa96 100644 ---- a/libtommath/bn_mp_init_size.c -+++ b/libtommath/bn_mp_init_size.c -@@ -6,6 +6,11 @@ - /* init an mp_init for a given size */ - mp_err mp_init_size(mp_int *a, int size) - { -+ -+ if (size < 0) { -+ return MP_VAL; -+ } -+ - size = MP_MAX(MP_MIN_PREC, size); - - /* alloc mem */ -diff --git a/libtommath/bn_mp_mul_2d.c b/libtommath/bn_mp_mul_2d.c -index 87354de..2744163 100644 ---- a/libtommath/bn_mp_mul_2d.c -+++ b/libtommath/bn_mp_mul_2d.c -@@ -9,6 +9,10 @@ mp_err mp_mul_2d(const mp_int *a, int b, mp_int *c) - mp_digit d; - mp_err err; - -+ if (b < 0) { -+ return MP_VAL; -+ } -+ - /* copy */ - if (a != c) { - if ((err = mp_copy(a, c)) != MP_OKAY) { -diff --git a/libtommath/bn_s_mp_mul_digs.c b/libtommath/bn_s_mp_mul_digs.c -index 64509d4..2d2f5b0 100644 ---- a/libtommath/bn_s_mp_mul_digs.c -+++ b/libtommath/bn_s_mp_mul_digs.c -@@ -16,6 +16,10 @@ mp_err s_mp_mul_digs(const mp_int *a, const mp_int *b, mp_int *c, int digs) - mp_word r; - mp_digit tmpx, *tmpt, *tmpy; - -+ if (digs < 0) { -+ return MP_VAL; -+ } -+ - /* can we use the fast multiplier? */ - if ((digs < MP_WARRAY) && - (MP_MIN(a->used, b->used) < MP_MAXFAST)) { -diff --git a/libtommath/bn_s_mp_mul_digs_fast.c b/libtommath/bn_s_mp_mul_digs_fast.c -index b2a287b..d6dd3cc 100644 ---- a/libtommath/bn_s_mp_mul_digs_fast.c -+++ b/libtommath/bn_s_mp_mul_digs_fast.c -@@ -26,6 +26,10 @@ mp_err s_mp_mul_digs_fast(const mp_int *a, const mp_int *b, mp_int *c, int digs) - mp_digit W[MP_WARRAY]; - mp_word _W; - -+ if (digs < 0) { -+ return MP_VAL; -+ } -+ - /* grow the destination as required */ - if (c->alloc < digs) { - if ((err = mp_grow(c, digs)) != MP_OKAY) { -diff --git a/libtommath/bn_s_mp_mul_high_digs.c b/libtommath/bn_s_mp_mul_high_digs.c -index 2bb2a50..c9dd355 100644 ---- a/libtommath/bn_s_mp_mul_high_digs.c -+++ b/libtommath/bn_s_mp_mul_high_digs.c -@@ -15,6 +15,10 @@ mp_err s_mp_mul_high_digs(const mp_int *a, const mp_int *b, mp_int *c, int digs) - mp_word r; - mp_digit tmpx, *tmpt, *tmpy; - -+ if (digs < 0) { -+ return MP_VAL; -+ } -+ - /* can we use the fast multiplier? */ - if (MP_HAS(S_MP_MUL_HIGH_DIGS_FAST) - && ((a->used + b->used + 1) < MP_WARRAY) -diff --git a/libtommath/bn_s_mp_mul_high_digs_fast.c b/libtommath/bn_s_mp_mul_high_digs_fast.c -index a2c4fb6..afe3e4b 100644 ---- a/libtommath/bn_s_mp_mul_high_digs_fast.c -+++ b/libtommath/bn_s_mp_mul_high_digs_fast.c -@@ -19,6 +19,10 @@ mp_err s_mp_mul_high_digs_fast(const mp_int *a, const mp_int *b, mp_int *c, int - mp_digit W[MP_WARRAY]; - mp_word _W; - -+ if (digs < 0) { -+ return MP_VAL; -+ } -+ - /* grow the destination as required */ - pa = a->used + b->used; - if (c->alloc < pa) { --- -2.35.5 diff --git a/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch b/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch index 5c60868ed8..f998caa255 100644 --- a/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch +++ b/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch @@ -10,13 +10,13 @@ and we want to support the stong algorithms. Upstream-Status: Inappropriate [configuration] Signed-off-by: Joseph Reynolds --- - default_options.h | 2 +- + src/default_options.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -diff --git a/default_options.h b/default_options.h +diff --git a/src/default_options.h b/src/default_options.h index d417588..bc5200f 100644 ---- a/default_options.h -+++ b/default_options.h +--- a/src/default_options.h ++++ b/src/default_options.h @@ -180,7 +180,7 @@ IMPORTANT: Some options will require "make clean" after changes */ * Small systems should generally include either curve25519 or ecdh for performance. * curve25519 is less widely supported but is faster diff --git a/meta/recipes-core/dropbear/dropbear_2022.83.bb b/meta/recipes-core/dropbear/dropbear_2022.83.bb deleted file mode 100644 index 528eff1a10..0000000000 --- a/meta/recipes-core/dropbear/dropbear_2022.83.bb +++ /dev/null @@ -1,132 +0,0 @@ -SUMMARY = "A lightweight SSH and SCP implementation" -HOMEPAGE = "http://matt.ucc.asn.au/dropbear/dropbear.html" -DESCRIPTION = "Dropbear is a relatively small SSH server and client. It runs on a variety of POSIX-based platforms. Dropbear is open source software, distributed under a MIT-style license. Dropbear is particularly useful for "embedded"-type Linux (or other Unix) systems, such as wireless routers." -SECTION = "console/network" - -# some files are from other projects and have others license terms: -# public domain, OpenSSH 3.5p1, OpenSSH3.6.1p2, PuTTY -LICENSE = "MIT & BSD-3-Clause & BSD-2-Clause & PD" -LIC_FILES_CHKSUM = "file://LICENSE;md5=25cf44512b7bc8966a48b6b1a9b7605f" - -DEPENDS = "zlib virtual/crypt" -RPROVIDES:${PN} = "ssh sshd" -RCONFLICTS:${PN} = "openssh-sshd openssh" - -SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \ - file://0001-urandom-xauth-changes-to-options.h.patch \ - file://init \ - file://dropbearkey.service \ - file://dropbear@.service \ - file://dropbear.socket \ - file://dropbear.default \ - ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ - ${@bb.utils.contains('PACKAGECONFIG', 'disable-weak-ciphers', 'file://dropbear-disable-weak-ciphers.patch', '', d)} \ - file://CVE-2023-36328.patch \ - " - -SRC_URI[sha256sum] = "bc5a121ffbc94b5171ad5ebe01be42746d50aa797c9549a4639894a16749443b" - -PAM_SRC_URI = "file://0005-dropbear-enable-pam.patch \ - file://0006-dropbear-configuration-file.patch \ - file://dropbear" - -PAM_PLUGINS = "libpam-runtime \ - pam-plugin-deny \ - pam-plugin-permit \ - pam-plugin-unix \ - " -inherit autotools update-rc.d systemd - -CVE_PRODUCT = "dropbear_ssh" - -INITSCRIPT_NAME = "dropbear" -INITSCRIPT_PARAMS = "defaults 10" - -SYSTEMD_SERVICE:${PN} = "dropbear.socket" - -SBINCOMMANDS = "dropbear dropbearkey dropbearconvert" -BINCOMMANDS = "dbclient ssh scp" -EXTRA_OEMAKE = 'MULTI=1 SCPPROGRESS=1 PROGRAMS="${SBINCOMMANDS} ${BINCOMMANDS}"' - -PACKAGECONFIG ?= "disable-weak-ciphers ${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" -PACKAGECONFIG[pam] = "--enable-pam,--disable-pam,libpam,${PAM_PLUGINS}" -PACKAGECONFIG[system-libtom] = "--disable-bundled-libtom,--enable-bundled-libtom,libtommath libtomcrypt" -PACKAGECONFIG[disable-weak-ciphers] = "" -PACKAGECONFIG[enable-x11-forwarding] = "" - -# This option appends to CFLAGS and LDFLAGS from OE -# This is causing [textrel] QA warning -EXTRA_OECONF += "--disable-harden" - -# musl does not implement wtmp/logwtmp APIs -EXTRA_OECONF:append:libc-musl = " --disable-wtmp --disable-lastlog" - -do_configure:append() { - echo "/* Dropbear features */" > ${B}/localoptions.h - if ${@bb.utils.contains('PACKAGECONFIG', 'enable-x11-forwarding', 'true', 'false', d)}; then - echo "#define DROPBEAR_X11FWD 1" >> ${B}/localoptions.h - fi -} - -do_install() { - install -d ${D}${sysconfdir} \ - ${D}${sysconfdir}/init.d \ - ${D}${sysconfdir}/default \ - ${D}${sysconfdir}/dropbear \ - ${D}${bindir} \ - ${D}${sbindir} \ - ${D}${localstatedir} - - install -m 0644 ${WORKDIR}/dropbear.default ${D}${sysconfdir}/default/dropbear - - install -m 0755 dropbearmulti ${D}${sbindir}/ - - for i in ${BINCOMMANDS} - do - # ssh and scp symlinks are created by update-alternatives - if [ $i = ssh ] || [ $i = scp ]; then continue; fi - ln -s ${sbindir}/dropbearmulti ${D}${bindir}/$i - done - for i in ${SBINCOMMANDS} - do - ln -s ./dropbearmulti ${D}${sbindir}/$i - done - sed -e 's,/etc,${sysconfdir},g' \ - -e 's,/usr/sbin,${sbindir},g' \ - -e 's,/var,${localstatedir},g' \ - -e 's,/usr/bin,${bindir},g' \ - -e 's,/usr,${prefix},g' ${WORKDIR}/init > ${D}${sysconfdir}/init.d/dropbear - chmod 755 ${D}${sysconfdir}/init.d/dropbear - if [ "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" ]; then - install -d ${D}${sysconfdir}/pam.d - install -m 0644 ${WORKDIR}/dropbear ${D}${sysconfdir}/pam.d/ - fi - - # deal with systemd unit files - install -d ${D}${systemd_system_unitdir} - install -m 0644 ${WORKDIR}/dropbearkey.service ${D}${systemd_system_unitdir} - install -m 0644 ${WORKDIR}/dropbear@.service ${D}${systemd_system_unitdir} - install -m 0644 ${WORKDIR}/dropbear.socket ${D}${systemd_system_unitdir} - sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ - -e 's,@BINDIR@,${bindir},g' \ - -e 's,@SBINDIR@,${sbindir},g' \ - ${D}${systemd_system_unitdir}/dropbear.socket ${D}${systemd_system_unitdir}/*.service -} - -inherit update-alternatives - -ALTERNATIVE_PRIORITY = "20" -ALTERNATIVE:${PN} = "${@bb.utils.filter('BINCOMMANDS', 'scp ssh', d)}" - -ALTERNATIVE_TARGET = "${sbindir}/dropbearmulti" - -pkg_postrm:${PN} () { - if [ -f "${sysconfdir}/dropbear/dropbear_rsa_host_key" ]; then - rm ${sysconfdir}/dropbear/dropbear_rsa_host_key - fi - if [ -f "${sysconfdir}/dropbear/dropbear_dss_host_key" ]; then - rm ${sysconfdir}/dropbear/dropbear_dss_host_key - fi -} - -CONFFILES:${PN} = "${sysconfdir}/default/dropbear" diff --git a/meta/recipes-core/dropbear/dropbear_2024.84.bb b/meta/recipes-core/dropbear/dropbear_2024.84.bb new file mode 100644 index 0000000000..69c7b04c55 --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear_2024.84.bb @@ -0,0 +1,131 @@ +SUMMARY = "A lightweight SSH and SCP implementation" +HOMEPAGE = "http://matt.ucc.asn.au/dropbear/dropbear.html" +DESCRIPTION = "Dropbear is a relatively small SSH server and client. It runs on a variety of POSIX-based platforms. Dropbear is open source software, distributed under a MIT-style license. Dropbear is particularly useful for "embedded"-type Linux (or other Unix) systems, such as wireless routers." +SECTION = "console/network" + +# some files are from other projects and have others license terms: +# public domain, OpenSSH 3.5p1, OpenSSH3.6.1p2, PuTTY +LICENSE = "MIT & BSD-3-Clause & BSD-2-Clause & PD" +LIC_FILES_CHKSUM = "file://LICENSE;md5=25cf44512b7bc8966a48b6b1a9b7605f" + +DEPENDS = "zlib virtual/crypt" +RPROVIDES:${PN} = "ssh sshd" +RCONFLICTS:${PN} = "openssh-sshd openssh" + +SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \ + file://0001-urandom-xauth-changes-to-options.h.patch \ + file://init \ + file://dropbearkey.service \ + file://dropbear@.service \ + file://dropbear.socket \ + file://dropbear.default \ + ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ + ${@bb.utils.contains('PACKAGECONFIG', 'disable-weak-ciphers', 'file://dropbear-disable-weak-ciphers.patch', '', d)} \ + " + +SRC_URI[sha256sum] = "16e22b66b333d6b7e504c43679d04ed6ca30f2838db40a21f935c850dfc01009" + +PAM_SRC_URI = "file://0005-dropbear-enable-pam.patch \ + file://0006-dropbear-configuration-file.patch \ + file://dropbear" + +PAM_PLUGINS = "libpam-runtime \ + pam-plugin-deny \ + pam-plugin-permit \ + pam-plugin-unix \ + " +inherit autotools update-rc.d systemd + +CVE_PRODUCT = "dropbear_ssh" + +INITSCRIPT_NAME = "dropbear" +INITSCRIPT_PARAMS = "defaults 10" + +SYSTEMD_SERVICE:${PN} = "dropbear.socket" + +SBINCOMMANDS = "dropbear dropbearkey dropbearconvert" +BINCOMMANDS = "dbclient ssh scp" +EXTRA_OEMAKE = 'MULTI=1 SCPPROGRESS=1 PROGRAMS="${SBINCOMMANDS} ${BINCOMMANDS}"' + +PACKAGECONFIG ?= "disable-weak-ciphers ${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" +PACKAGECONFIG[pam] = "--enable-pam,--disable-pam,libpam,${PAM_PLUGINS}" +PACKAGECONFIG[system-libtom] = "--disable-bundled-libtom,--enable-bundled-libtom,libtommath libtomcrypt" +PACKAGECONFIG[disable-weak-ciphers] = "" +PACKAGECONFIG[enable-x11-forwarding] = "" + +# This option appends to CFLAGS and LDFLAGS from OE +# This is causing [textrel] QA warning +EXTRA_OECONF += "--disable-harden" + +# musl does not implement wtmp/logwtmp APIs +EXTRA_OECONF:append:libc-musl = " --disable-wtmp --disable-lastlog" + +do_configure:append() { + echo "/* Dropbear features */" > ${B}/localoptions.h + if ${@bb.utils.contains('PACKAGECONFIG', 'enable-x11-forwarding', 'true', 'false', d)}; then + echo "#define DROPBEAR_X11FWD 1" >> ${B}/localoptions.h + fi +} + +do_install() { + install -d ${D}${sysconfdir} \ + ${D}${sysconfdir}/init.d \ + ${D}${sysconfdir}/default \ + ${D}${sysconfdir}/dropbear \ + ${D}${bindir} \ + ${D}${sbindir} \ + ${D}${localstatedir} + + install -m 0644 ${WORKDIR}/dropbear.default ${D}${sysconfdir}/default/dropbear + + install -m 0755 dropbearmulti ${D}${sbindir}/ + + for i in ${BINCOMMANDS} + do + # ssh and scp symlinks are created by update-alternatives + if [ $i = ssh ] || [ $i = scp ]; then continue; fi + ln -s ${sbindir}/dropbearmulti ${D}${bindir}/$i + done + for i in ${SBINCOMMANDS} + do + ln -s ./dropbearmulti ${D}${sbindir}/$i + done + sed -e 's,/etc,${sysconfdir},g' \ + -e 's,/usr/sbin,${sbindir},g' \ + -e 's,/var,${localstatedir},g' \ + -e 's,/usr/bin,${bindir},g' \ + -e 's,/usr,${prefix},g' ${WORKDIR}/init > ${D}${sysconfdir}/init.d/dropbear + chmod 755 ${D}${sysconfdir}/init.d/dropbear + if [ "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" ]; then + install -d ${D}${sysconfdir}/pam.d + install -m 0644 ${WORKDIR}/dropbear ${D}${sysconfdir}/pam.d/ + fi + + # deal with systemd unit files + install -d ${D}${systemd_system_unitdir} + install -m 0644 ${WORKDIR}/dropbearkey.service ${D}${systemd_system_unitdir} + install -m 0644 ${WORKDIR}/dropbear@.service ${D}${systemd_system_unitdir} + install -m 0644 ${WORKDIR}/dropbear.socket ${D}${systemd_system_unitdir} + sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ + -e 's,@BINDIR@,${bindir},g' \ + -e 's,@SBINDIR@,${sbindir},g' \ + ${D}${systemd_system_unitdir}/dropbear.socket ${D}${systemd_system_unitdir}/*.service +} + +inherit update-alternatives + +ALTERNATIVE_PRIORITY = "20" +ALTERNATIVE:${PN} = "${@bb.utils.filter('BINCOMMANDS', 'scp ssh', d)}" + +ALTERNATIVE_TARGET = "${sbindir}/dropbearmulti" + +pkg_postrm:${PN} () { + if [ -f "${sysconfdir}/dropbear/dropbear_rsa_host_key" ]; then + rm ${sysconfdir}/dropbear/dropbear_rsa_host_key + fi + if [ -f "${sysconfdir}/dropbear/dropbear_dss_host_key" ]; then + rm ${sysconfdir}/dropbear/dropbear_dss_host_key + fi +} + +CONFFILES:${PN} = "${sysconfdir}/default/dropbear" -- cgit v1.2.3-54-g00ecf