diff options
Diffstat (limited to 'recipes/dropbear')
24 files changed, 584 insertions, 0 deletions
diff --git a/recipes/dropbear/dropbear-0.49/configure.patch b/recipes/dropbear/dropbear-0.49/configure.patch new file mode 100644 index 0000000000..8d11b23f14 --- /dev/null +++ b/recipes/dropbear/dropbear-0.49/configure.patch @@ -0,0 +1,27 @@ +Index: dropbear-0.49/configure.in +=================================================================== +--- dropbear-0.49.orig/configure.in ++++ dropbear-0.49/configure.in +@@ -164,14 +164,20 @@ AC_ARG_ENABLE(openpty, + AC_MSG_NOTICE(Not using openpty) + else + AC_MSG_NOTICE(Using openpty if available) +- AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY,,Have openpty() function)]) ++ AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes]) + fi + ], + [ + AC_MSG_NOTICE(Using openpty if available) +- AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY)]) ++ AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes]) + ] + ) ++ ++if test "x$dropbear_cv_func_have_openpty" = "xyes"; then ++ AC_DEFINE(HAVE_OPENPTY,,Have openpty() function) ++ no_ptc_check=yes ++ no_ptmx_check=yes ++fi + + + AC_ARG_ENABLE(syslog, diff --git a/recipes/dropbear/dropbear-0.49/scp-argument-fix.patch b/recipes/dropbear/dropbear-0.49/scp-argument-fix.patch new file mode 100644 index 0000000000..716a9670fe --- /dev/null +++ b/recipes/dropbear/dropbear-0.49/scp-argument-fix.patch @@ -0,0 +1,21 @@ +source: https://dev.openwrt.org/browser/trunk/openwrt/package/dropbear/patches/scp-argument-fix.patch?rev=453 +comment: remove unsupported default arguments in scp. Fixes OE bug 3227. + +diff -ur dropbear-0.49-orig/scp.c dropbear-0.49/scp.c +--- dropbear-0.49-orig/scp.c 2007-02-22 16:51:35.000000000 +0100 ++++ dropbear-0.49/scp.c 2007-10-19 14:19:08.000000000 +0200 +@@ -308,10 +308,10 @@ + memset(&args, '\0', sizeof(args)); + args.list = NULL; + addargs(&args, "%s", ssh_program); +- addargs(&args, "-x"); +- addargs(&args, "-oForwardAgent no"); +- addargs(&args, "-oPermitLocalCommand no"); +- addargs(&args, "-oClearAllForwardings yes"); ++// addargs(&args, "-x"); ++// addargs(&args, "-oForwardAgent no"); ++// addargs(&args, "-oPermitLocalCommand no"); ++// addargs(&args, "-oClearAllForwardings yes"); + + fflag = tflag = 0; + while ((ch = getopt(argc, argv, "dfl:prtvBCc:i:P:q1246S:o:F:")) != -1) diff --git a/recipes/dropbear/dropbear-0.51/allow-nopw.patch b/recipes/dropbear/dropbear-0.51/allow-nopw.patch new file mode 100644 index 0000000000..3f3e8b167f --- /dev/null +++ b/recipes/dropbear/dropbear-0.51/allow-nopw.patch @@ -0,0 +1,40 @@ +Index: dropbear-0.51/svr-auth.c +=================================================================== +--- dropbear-0.51.orig/svr-auth.c ++++ dropbear-0.51/svr-auth.c +@@ -270,7 +270,7 @@ static int checkusername(unsigned char * + send_msg_userauth_failure(0, 1); + return DROPBEAR_FAILURE; + } +- ++#ifdef DISALLOW_EMPTY_PW + /* check for an empty password */ + if (ses.authstate.pw_passwd[0] == '\0') { + TRACE(("leave checkusername: empty pword")) +@@ -279,7 +279,7 @@ static int checkusername(unsigned char * + send_msg_userauth_failure(0, 1); + return DROPBEAR_FAILURE; + } +- ++#endif + TRACE(("shell is %s", ses.authstate.pw_shell)) + + /* check that the shell is set */ +Index: dropbear-0.51/svr-authpasswd.c +=================================================================== +--- dropbear-0.51.orig/svr-authpasswd.c ++++ dropbear-0.51/svr-authpasswd.c +@@ -64,9 +64,13 @@ void svr_auth_password() { + * since the shadow password may differ to that tested + * in auth.c */ + if (passwdcrypt[0] == '\0') { ++#ifdef DISALLOW_EMPTY_PW + dropbear_log(LOG_WARNING, "user '%s' has blank password, rejected", + ses.authstate.pw_name); + send_msg_userauth_failure(0, 1); ++#else ++ send_msg_userauth_success(); ++#endif + return; + } + diff --git a/recipes/dropbear/dropbear-0.51/configure.patch b/recipes/dropbear/dropbear-0.51/configure.patch new file mode 100644 index 0000000000..fa24efc066 --- /dev/null +++ b/recipes/dropbear/dropbear-0.51/configure.patch @@ -0,0 +1,27 @@ +Index: dropbear-0.50/configure.in +=================================================================== +--- dropbear-0.50.orig/configure.in ++++ dropbear-0.50/configure.in +@@ -164,14 +164,20 @@ AC_ARG_ENABLE(openpty, + AC_MSG_NOTICE(Not using openpty) + else + AC_MSG_NOTICE(Using openpty if available) +- AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY,,Have openpty() function)]) ++ AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes]) + fi + ], + [ + AC_MSG_NOTICE(Using openpty if available) +- AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY)]) ++ AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes]) + ] + ) ++ ++if test "x$dropbear_cv_func_have_openpty" = "xyes"; then ++ AC_DEFINE(HAVE_OPENPTY,,Have openpty() function) ++ no_ptc_check=yes ++ no_ptmx_check=yes ++fi + + + AC_ARG_ENABLE(syslog, diff --git a/recipes/dropbear/dropbear-0.51/fix-2kb-keys.patch b/recipes/dropbear/dropbear-0.51/fix-2kb-keys.patch new file mode 100644 index 0000000000..bb7a4d32ac --- /dev/null +++ b/recipes/dropbear/dropbear-0.51/fix-2kb-keys.patch @@ -0,0 +1,12 @@ +Index: dropbear-0.50/kex.h +=================================================================== +--- dropbear-0.50.orig/kex.h ++++ dropbear-0.50/kex.h +@@ -59,6 +59,6 @@ struct KEXState { + + }; + +-#define MAX_KEXHASHBUF 2000 ++#define MAX_KEXHASHBUF 3000 + + #endif /* _KEX_H_ */ diff --git a/recipes/dropbear/dropbear-0.51/no-host-lookup.patch b/recipes/dropbear/dropbear-0.51/no-host-lookup.patch new file mode 100644 index 0000000000..d7c2ccdc62 --- /dev/null +++ b/recipes/dropbear/dropbear-0.51/no-host-lookup.patch @@ -0,0 +1,12 @@ +diff -urN dropbear-0.51/options.h dropbear-0.51.new/options.h +--- dropbear-0.51/options.h 2008-03-27 14:34:39.000000000 +0100 ++++ dropbear-0.51.new/options.h 2008-06-22 00:22:09.000000000 +0200 +@@ -112,7 +112,7 @@ + /* #define DSS_PROTOK */ + + /* Whether to do reverse DNS lookups. */ +-#define DO_HOST_LOOKUP ++/* #define DO_HOST_LOOKUP */ + + /* Whether to print the message of the day (MOTD). This doesn't add much code + * size */ diff --git a/recipes/dropbear/dropbear-0.51/urandom-xauth-changes-to-options.h.patch b/recipes/dropbear/dropbear-0.51/urandom-xauth-changes-to-options.h.patch new file mode 100644 index 0000000000..787b801643 --- /dev/null +++ b/recipes/dropbear/dropbear-0.51/urandom-xauth-changes-to-options.h.patch @@ -0,0 +1,13 @@ +Index: dropbear-0.50/options.h +=================================================================== +--- dropbear-0.50.orig/options.h ++++ dropbear-0.50/options.h +@@ -197,7 +197,7 @@ etc) slower (perhaps by 50%). Recommende + /* The command to invoke for xauth when using X11 forwarding. + * "-q" for quiet */ + #ifndef XAUTH_COMMAND +-#define XAUTH_COMMAND "/usr/X11R6/bin/xauth -q" ++#define XAUTH_COMMAND "xauth -q" + #endif + + /* if you want to enable running an sftp server (such as the one included with diff --git a/recipes/dropbear/dropbear-0.52/allow-nopw.patch b/recipes/dropbear/dropbear-0.52/allow-nopw.patch new file mode 100644 index 0000000000..3f3e8b167f --- /dev/null +++ b/recipes/dropbear/dropbear-0.52/allow-nopw.patch @@ -0,0 +1,40 @@ +Index: dropbear-0.51/svr-auth.c +=================================================================== +--- dropbear-0.51.orig/svr-auth.c ++++ dropbear-0.51/svr-auth.c +@@ -270,7 +270,7 @@ static int checkusername(unsigned char * + send_msg_userauth_failure(0, 1); + return DROPBEAR_FAILURE; + } +- ++#ifdef DISALLOW_EMPTY_PW + /* check for an empty password */ + if (ses.authstate.pw_passwd[0] == '\0') { + TRACE(("leave checkusername: empty pword")) +@@ -279,7 +279,7 @@ static int checkusername(unsigned char * + send_msg_userauth_failure(0, 1); + return DROPBEAR_FAILURE; + } +- ++#endif + TRACE(("shell is %s", ses.authstate.pw_shell)) + + /* check that the shell is set */ +Index: dropbear-0.51/svr-authpasswd.c +=================================================================== +--- dropbear-0.51.orig/svr-authpasswd.c ++++ dropbear-0.51/svr-authpasswd.c +@@ -64,9 +64,13 @@ void svr_auth_password() { + * since the shadow password may differ to that tested + * in auth.c */ + if (passwdcrypt[0] == '\0') { ++#ifdef DISALLOW_EMPTY_PW + dropbear_log(LOG_WARNING, "user '%s' has blank password, rejected", + ses.authstate.pw_name); + send_msg_userauth_failure(0, 1); ++#else ++ send_msg_userauth_success(); ++#endif + return; + } + diff --git a/recipes/dropbear/dropbear-0.52/configure.patch b/recipes/dropbear/dropbear-0.52/configure.patch new file mode 100644 index 0000000000..fa24efc066 --- /dev/null +++ b/recipes/dropbear/dropbear-0.52/configure.patch @@ -0,0 +1,27 @@ +Index: dropbear-0.50/configure.in +=================================================================== +--- dropbear-0.50.orig/configure.in ++++ dropbear-0.50/configure.in +@@ -164,14 +164,20 @@ AC_ARG_ENABLE(openpty, + AC_MSG_NOTICE(Not using openpty) + else + AC_MSG_NOTICE(Using openpty if available) +- AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY,,Have openpty() function)]) ++ AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes]) + fi + ], + [ + AC_MSG_NOTICE(Using openpty if available) +- AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY)]) ++ AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes]) + ] + ) ++ ++if test "x$dropbear_cv_func_have_openpty" = "xyes"; then ++ AC_DEFINE(HAVE_OPENPTY,,Have openpty() function) ++ no_ptc_check=yes ++ no_ptmx_check=yes ++fi + + + AC_ARG_ENABLE(syslog, diff --git a/recipes/dropbear/dropbear-0.52/fix-2kb-keys.patch b/recipes/dropbear/dropbear-0.52/fix-2kb-keys.patch new file mode 100644 index 0000000000..bb7a4d32ac --- /dev/null +++ b/recipes/dropbear/dropbear-0.52/fix-2kb-keys.patch @@ -0,0 +1,12 @@ +Index: dropbear-0.50/kex.h +=================================================================== +--- dropbear-0.50.orig/kex.h ++++ dropbear-0.50/kex.h +@@ -59,6 +59,6 @@ struct KEXState { + + }; + +-#define MAX_KEXHASHBUF 2000 ++#define MAX_KEXHASHBUF 3000 + + #endif /* _KEX_H_ */ diff --git a/recipes/dropbear/dropbear-0.52/no-host-lookup.patch b/recipes/dropbear/dropbear-0.52/no-host-lookup.patch new file mode 100644 index 0000000000..d7c2ccdc62 --- /dev/null +++ b/recipes/dropbear/dropbear-0.52/no-host-lookup.patch @@ -0,0 +1,12 @@ +diff -urN dropbear-0.51/options.h dropbear-0.51.new/options.h +--- dropbear-0.51/options.h 2008-03-27 14:34:39.000000000 +0100 ++++ dropbear-0.51.new/options.h 2008-06-22 00:22:09.000000000 +0200 +@@ -112,7 +112,7 @@ + /* #define DSS_PROTOK */ + + /* Whether to do reverse DNS lookups. */ +-#define DO_HOST_LOOKUP ++/* #define DO_HOST_LOOKUP */ + + /* Whether to print the message of the day (MOTD). This doesn't add much code + * size */ diff --git a/recipes/dropbear/dropbear-0.52/urandom-xauth-changes-to-options.h.patch b/recipes/dropbear/dropbear-0.52/urandom-xauth-changes-to-options.h.patch new file mode 100644 index 0000000000..787b801643 --- /dev/null +++ b/recipes/dropbear/dropbear-0.52/urandom-xauth-changes-to-options.h.patch @@ -0,0 +1,13 @@ +Index: dropbear-0.50/options.h +=================================================================== +--- dropbear-0.50.orig/options.h ++++ dropbear-0.50/options.h +@@ -197,7 +197,7 @@ etc) slower (perhaps by 50%). Recommende + /* The command to invoke for xauth when using X11 forwarding. + * "-q" for quiet */ + #ifndef XAUTH_COMMAND +-#define XAUTH_COMMAND "/usr/X11R6/bin/xauth -q" ++#define XAUTH_COMMAND "xauth -q" + #endif + + /* if you want to enable running an sftp server (such as the one included with diff --git a/recipes/dropbear/dropbear-early/dropbear-early b/recipes/dropbear/dropbear-early/dropbear-early new file mode 100644 index 0000000000..fa06a93003 --- /dev/null +++ b/recipes/dropbear/dropbear-early/dropbear-early @@ -0,0 +1,10 @@ +#!/bin/sh + +for x in $(cat /proc/cmdline); do + case $x in + dropbear=early) + echo "Starting dropbear early" + exec /etc/init.d/dropbear $* + ;; + esac +done diff --git a/recipes/dropbear/dropbear-early_1.0.bb b/recipes/dropbear/dropbear-early_1.0.bb new file mode 100644 index 0000000000..c947cf0e74 --- /dev/null +++ b/recipes/dropbear/dropbear-early_1.0.bb @@ -0,0 +1,18 @@ +DESCRIPTION = "Allow to start dropbear soon after boot, depending on kernel command line option." +SECTION = "devel" +RDEPENDS = "dropbear" +PR = "r3" + +SRC_URI = "file://dropbear-early" + +inherit update-rc.d + +do_install() { + install -d ${D}${sysconfdir}/init.d + install -m 0755 ${WORKDIR}/${INITSCRIPT_NAME} ${D}${sysconfdir}/init.d/ +} + +PACKAGE_ARCH = "all" + +INITSCRIPT_NAME = "dropbear-early" +INITSCRIPT_PARAMS = "start 00 S ." diff --git a/recipes/dropbear/dropbear.inc b/recipes/dropbear/dropbear.inc new file mode 100644 index 0000000000..364799f12e --- /dev/null +++ b/recipes/dropbear/dropbear.inc @@ -0,0 +1,83 @@ +DESCRIPTION = "Dropbear is a lightweight SSH and SCP implementation" +HOMEPAGE = "http://matt.ucc.asn.au/dropbear/dropbear.html" +SECTION = "console/network" +LICENSE = "MIT" +DEPENDS = "zlib" +PROVIDES = "ssh sshd" +RPROVIDES = "ssh sshd" + +SRC_URI = "\ + http://matt.ucc.asn.au/dropbear/dropbear-${PV}.tar.bz2 \ + file://urandom-xauth-changes-to-options.h.patch;patch=1 \ + file://configure.patch;patch=1 \ + file://fix-2kb-keys.patch;patch=1 \ + file://allow-nopw.patch \ + file://init \ +" +SRC_URI_append_openmoko = "\ + file://default \ +" + +inherit autotools update-rc.d + +INITSCRIPT_NAME = "dropbear" +INITSCRIPT_PARAMS = "defaults 10" + +CFLAGS =+ "-I." +LD = "${CC}" + +SBINCOMMANDS = "dropbear dropbearkey dropbearconvert" +BINCOMMANDS = "dbclient ssh scp" +EXTRA_OEMAKE = 'MULTI=1 SCPPROGRESS=1 PROGRAMS="${SBINCOMMANDS} ${BINCOMMANDS}"' + +do_configure_prepend() { + if [ "x${DISTRO_TYPE}" = "xdebug" ]; then + oenote "WARNING: applying allow-nopw.patch which allows password-less logins!" + patch -p1 < ${WORKDIR}/allow-nopw.patch + fi +} + +do_install() { + install -d ${D}${sysconfdir} + install -d ${D}${sysconfdir}/init.d + install -d ${D}${sysconfdir}/default + install -d ${D}${sysconfdir}/dropbear + install -d ${D}${bindir} + install -d ${D}${sbindir} + install -d ${D}${localstatedir} + + install -m 0755 dropbearmulti ${D}${sbindir}/ + ln -s ${sbindir}/dropbearmulti ${D}${bindir}/dbclient + + for i in ${SBINCOMMANDS} + do + ln -sf ./dropbearmulti ${D}${sbindir}/$i + done + cat ${WORKDIR}/init | sed -e 's,/etc,${sysconfdir},g' \ + -e 's,/usr/sbin,${sbindir},g' \ + -e 's,/var,${localstatedir},g' \ + -e 's,/usr/bin,${bindir},g' \ + -e 's,/usr,${prefix},g' > ${D}${sysconfdir}/init.d/dropbear + chmod 755 ${D}${sysconfdir}/init.d/dropbear + if test -e ${WORKDIR}/default ; then + install -m 0644 ${WORKDIR}/default ${D}${sysconfdir}/default/dropbear + fi +} + +pkg_postinst () { + update-alternatives --install ${bindir}/scp scp ${sbindir}/dropbearmulti 20 + update-alternatives --install ${bindir}/ssh ssh ${sbindir}/dropbearmulti 20 +} + +pkg_postrm_append () { + if [ -f "${sysconfdir}/dropbear/dropbear_rsa_host_key" ]; then + rm ${sysconfdir}/dropbear/dropbear_rsa_host_key + fi + if [ -f "${sysconfdir}/dropbear/dropbear_dss_host_key" ]; then + rm ${sysconfdir}/dropbear/dropbear_dss_host_key + fi + update-alternatives --remove ssh ${bindir}/dropbearmulti + update-alternatives --remove scp ${bindir}/dropbearmulti +} + +CONFFILES_${PN}_openmoko += "${sysconfdir}/default/dropbear" diff --git a/recipes/dropbear/dropbear/allow-nopw.patch b/recipes/dropbear/dropbear/allow-nopw.patch new file mode 100644 index 0000000000..1a709b8da0 --- /dev/null +++ b/recipes/dropbear/dropbear/allow-nopw.patch @@ -0,0 +1,37 @@ +diff -Nurd dropbear-0.45/svr-auth.c dropbear-0.45.patched/svr-auth.c +--- dropbear-0.45/svr-auth.c 2005-03-06 20:27:02.000000000 -0800 ++++ dropbear-0.45.patched/svr-auth.c 2005-03-08 15:22:43.998592744 -0800 +@@ -237,6 +237,7 @@ + } + + /* check for an empty password */ ++#ifdef DISALLOW_EMPTY_PW + if (ses.authstate.pw->pw_passwd[0] == '\0') { + TRACE(("leave checkusername: empty pword")) + dropbear_log(LOG_WARNING, "user '%s' has blank password, rejected", +@@ -244,7 +245,7 @@ + send_msg_userauth_failure(0, 1); + return DROPBEAR_FAILURE; + } +- ++#endif + TRACE(("shell is %s", ses.authstate.pw->pw_shell)) + + /* check that the shell is set */ +diff -Nurd dropbear-0.45/svr-authpasswd.c dropbear-0.45.patched/svr-authpasswd.c +--- dropbear-0.45/svr-authpasswd.c 2005-03-06 20:27:02.000000000 -0800 ++++ dropbear-0.45.patched/svr-authpasswd.c 2005-03-08 15:22:44.010591023 -0800 +@@ -64,9 +64,13 @@ + * since the shadow password may differ to that tested + * in auth.c */ + if (passwdcrypt[0] == '\0') { ++#ifdef DISALLOW_EMPTY_PASSWD + dropbear_log(LOG_WARNING, "user '%s' has blank password, rejected", + ses.authstate.printableuser); + send_msg_userauth_failure(0, 1); ++#else ++ send_msg_userauth_success(); ++#endif + return; + } + diff --git a/recipes/dropbear/dropbear/configure.patch b/recipes/dropbear/dropbear/configure.patch new file mode 100644 index 0000000000..9ae84b2604 --- /dev/null +++ b/recipes/dropbear/dropbear/configure.patch @@ -0,0 +1,27 @@ +diff -Nurd dropbear-0.45/configure.in dropbear-0.45.patched/configure.in +--- dropbear-0.45/configure.in 2005-03-06 20:27:02.000000000 -0800 ++++ dropbear-0.45.patched/configure.in 2005-03-08 15:22:44.040586721 -0800 +@@ -161,15 +161,20 @@ + AC_MSG_RESULT(Not using openpty) + else + AC_MSG_RESULT(Using openpty if available) +- AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY,,Have openpty() function)]) ++ AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes]) + fi + ], + [ + AC_MSG_RESULT(Using openpty if available) +- AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY)]) ++ AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes]) + ] + ) +- ++ ++if test "x$dropbear_cv_func_have_openpty" = "xyes"; then ++ AC_DEFINE(HAVE_OPENPTY,,Have openpty() function) ++ no_ptc_check=yes ++ no_ptmx_check=yes ++fi + + AC_ARG_ENABLE(syslog, + [ --disable-syslog Don't include syslog support], diff --git a/recipes/dropbear/dropbear/fix-2kb-keys.patch b/recipes/dropbear/dropbear/fix-2kb-keys.patch new file mode 100644 index 0000000000..ba2b19d44a --- /dev/null +++ b/recipes/dropbear/dropbear/fix-2kb-keys.patch @@ -0,0 +1,11 @@ +diff -Nurd dropbear-0.45/kex.h dropbear-0.45.patched/kex.h +--- dropbear-0.45/kex.h 2005-03-06 20:27:02.000000000 -0800 ++++ dropbear-0.45.patched/kex.h 2005-03-08 15:22:44.064583279 -0800 +@@ -64,6 +64,6 @@ + + }; + +-#define MAX_KEXHASHBUF 2000 ++#define MAX_KEXHASHBUF 3000 + + #endif /* _KEX_H_ */ diff --git a/recipes/dropbear/dropbear/init b/recipes/dropbear/dropbear/init new file mode 100755 index 0000000000..5c8dfc12a8 --- /dev/null +++ b/recipes/dropbear/dropbear/init @@ -0,0 +1,104 @@ +#!/bin/sh +# +# Do not configure this file. Edit /etc/default/dropbear instead! +# + +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +DAEMON=/usr/sbin/dropbear +NAME=dropbear +DESC="Dropbear SSH server" + +DROPBEAR_PORT=22 +DROPBEAR_EXTRA_ARGS= +NO_START=0 + +set -e + +test ! -r /etc/default/dropbear || . /etc/default/dropbear +test "$NO_START" = "0" || exit 0 +test -x "$DAEMON" || exit 0 +test ! -h /var/service/dropbear || exit 0 + +readonly_rootfs=0 +for flag in `awk '{ if ($2 == "/") { split($4,FLAGS,",") } }; END { for (f in FLAGS) print FLAGS[f] }' </proc/mounts`; do + case $flag in + ro) + readonly_rootfs=1 + ;; + esac +done + +if [ $readonly_rootfs = "1" ]; then + mkdir -p /var/lib/dropbear + DROPBEAR_RSAKEY_DEFAULT="/var/lib/dropbear/dropbear_rsa_host_key" + DROPBEAR_DSSKEY_DEFAULT="/var/lib/dropbear/dropbear_dss_host_key" +else + DROPBEAR_RSAKEY_DEFAULT="/etc/dropbear/dropbear_rsa_host_key" + DROPBEAR_DSSKEY_DEFAULT="/etc/dropbear/dropbear_dss_host_key" +fi + +test -z "$DROPBEAR_BANNER" || \ + DROPBEAR_EXTRA_ARGS="$DROPBEAR_EXTRA_ARGS -b $DROPBEAR_BANNER" +test -n "$DROPBEAR_RSAKEY" || \ + DROPBEAR_RSAKEY=$DROPBEAR_RSAKEY_DEFAULT +test -n "$DROPBEAR_DSSKEY" || \ + DROPBEAR_DSSKEY=$DROPBEAR_DSSKEY_DEFAULT +test -n "$DROPBEAR_KEYTYPES" || \ + DROPBEAR_KEYTYPES="rsa" + +gen_keys() { +for t in $DROPBEAR_KEYTYPES; do + case $t in + rsa) + if [ ! -f $DROPBEAR_RSAKEY ]; then + echo "Creating $DESC RSA host key." + dropbearkey -t rsa -f $DROPBEAR_RSAKEY + fi + ;; + dsa) + if [ ! -f $DROPBEAR_DSSKEY ]; then + echo "Creating $DESC DSA host key." + dropbearkey -t dss -f $DROPBEAR_DSSKEY + fi + ;; + esac +done +} + +case "$1" in + start) + gen_keys + echo -n "Starting $DESC: " + KEY_ARGS="" + test -f $DROPBEAR_DSSKEY && KEY_ARGS="$KEY_ARGS -d $DROPBEAR_DSSKEY" + test -f $DROPBEAR_RSAKEY && KEY_ARGS="$KEY_ARGS -r $DROPBEAR_RSAKEY" + start-stop-daemon -S \ + -x "$DAEMON" -- $KEY_ARGS \ + -p "$DROPBEAR_PORT" $DROPBEAR_EXTRA_ARGS + echo "$NAME." + ;; + stop) + echo -n "Stopping $DESC: " + start-stop-daemon -K -x "$DAEMON" + echo "$NAME." + ;; + restart|force-reload) + echo -n "Restarting $DESC: " + start-stop-daemon -K -x "$DAEMON" + sleep 1 + KEY_ARGS="" + test -f $DROPBEAR_DSSKEY && KEY_ARGS="$KEY_ARGS -d $DROPBEAR_DSSKEY" + test -f $DROPBEAR_RSAKEY && KEY_ARGS="$KEY_ARGS -r $DROPBEAR_RSAKEY" + start-stop-daemon -S \ + -x "$DAEMON" -- $KEY_ARGS \ + -p "$DROPBEAR_PORT" $DROPBEAR_EXTRA_ARGS + echo "$NAME." + ;; + *) + N=/etc/init.d/$NAME + echo "Usage: $N {start|stop|restart|force-reload}" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/recipes/dropbear/dropbear/openmoko/default b/recipes/dropbear/dropbear/openmoko/default new file mode 100644 index 0000000000..19816b32a6 --- /dev/null +++ b/recipes/dropbear/dropbear/openmoko/default @@ -0,0 +1 @@ +DROPBEAR_PORT=`ip addr list usb0 | awk 'BEGIN { FS="[ /]+" } /inet / { print $3 }'`:22 diff --git a/recipes/dropbear/dropbear/urandom-xauth-changes-to-options.h.patch b/recipes/dropbear/dropbear/urandom-xauth-changes-to-options.h.patch new file mode 100644 index 0000000000..e2b1dd5da5 --- /dev/null +++ b/recipes/dropbear/dropbear/urandom-xauth-changes-to-options.h.patch @@ -0,0 +1,21 @@ +diff -Nurd dropbear-0.45/options.h dropbear-0.45.patched/options.h +--- dropbear-0.45/options.h 2005-03-06 20:27:02.000000000 -0800 ++++ dropbear-0.45.patched/options.h 2005-03-08 15:25:09.368742090 -0800 +@@ -143,7 +143,7 @@ + * however significantly reduce the security of your ssh connections + * if the PRNG state becomes guessable - make sure you know what you are + * doing if you change this. */ +-#define DROPBEAR_RANDOM_DEV "/dev/random" ++#define DROPBEAR_RANDOM_DEV "/dev/urandom" + + /* prngd must be manually set up to produce output */ + /*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/ +@@ -167,7 +167,7 @@ + /* The command to invoke for xauth when using X11 forwarding. + * "-q" for quiet */ + #ifndef XAUTH_COMMAND +-#define XAUTH_COMMAND "/usr/X11R6/bin/xauth -q" ++#define XAUTH_COMMAND "xauth -q" + #endif + + /* if you want to enable running an sftp server (such as the one included with diff --git a/recipes/dropbear/dropbear_0.49.bb b/recipes/dropbear/dropbear_0.49.bb new file mode 100644 index 0000000000..bf2f2add60 --- /dev/null +++ b/recipes/dropbear/dropbear_0.49.bb @@ -0,0 +1,5 @@ +require dropbear.inc + +PR = "r2" + +SRC_URI += "file://scp-argument-fix.patch;patch=1" diff --git a/recipes/dropbear/dropbear_0.51.bb b/recipes/dropbear/dropbear_0.51.bb new file mode 100644 index 0000000000..2566fbbd9b --- /dev/null +++ b/recipes/dropbear/dropbear_0.51.bb @@ -0,0 +1,4 @@ +require dropbear.inc +PR = "r1.01" + +SRC_URI += "file://no-host-lookup.patch;patch=1" diff --git a/recipes/dropbear/dropbear_0.52.bb b/recipes/dropbear/dropbear_0.52.bb new file mode 100644 index 0000000000..6b2517b69a --- /dev/null +++ b/recipes/dropbear/dropbear_0.52.bb @@ -0,0 +1,7 @@ +require dropbear.inc +PR = "r0" + +SRC_URI += "file://no-host-lookup.patch;patch=1" + +DEFAULT_PREFERENCE = "-1" + |