openembedded-core.git/meta/recipes-core/dropbear, branch master-next Mirror of openembedded-core dropbear: drop support for DSA host keys in dropbear init script 2017-03-10T10:15:44+00:00 Andre McCurdy armccurdy@gmail.com 2017-03-07T01:42:25+00:00 6bd7341a38a8bb5387ea81dbccfed327370569f3 Bring the dropbear init script into sync with the systemd service file (dropbearkey.service supports RSA host keys only) and with recent versions of openssh which deprecate DSA host keys. https://www.gentoo.org/support/news-items/2015-08-13-openssh-weak-keys.html Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
Bring the dropbear init script into sync with the systemd service
file (dropbearkey.service supports RSA host keys only) and with
recent versions of openssh which deprecate DSA host keys.

  https://www.gentoo.org/support/news-items/2015-08-13-openssh-weak-keys.html

Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
recipes: Make use of the new bb.utils.filter() function 2017-03-01T11:17:22+00:00 Peter Kjellerstedt peter.kjellerstedt@axis.com 2017-02-27T13:02:50+00:00 0a1427bf9aeeda6bee2cc0af8da4ea5fd90aef6f Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
dropbear: deterministic selection of system -vs- bundled libtom libs 2016-09-19T22:57:20+00:00 Andre McCurdy armccurdy@gmail.com 2016-09-16T22:29:12+00:00 b7c2edd2d6ded287d8b34dd047ae84d3fd69d4c6 Dropbear will use system versions of libtommath and libtomcrypt if available. To make builds deterministic, add a PACKAGECONFIG option to choose system libs or force use of the bundled versions. Note that currently there are no libtommath or libtomcrypt recipes in oe-core, so default to using the bundled versions. Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Dropbear will use system versions of libtommath and libtomcrypt if
available. To make builds deterministic, add a PACKAGECONFIG option
to choose system libs or force use of the bundled versions.

Note that currently there are no libtommath or libtomcrypt recipes
in oe-core, so default to using the bundled versions.

Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
dropbear: fix -ltomcrypt -ltommath order when using system libtom libs 2016-09-19T22:57:20+00:00 Andre McCurdy armccurdy@gmail.com 2016-09-16T22:29:11+00:00 62e96283fe77469e24e8df86c6c037c92009b00a To prevent build failures when using system libtom libraries and linking with --as-needed, LIBTOM_LIBS should be in the order -ltomcrypt -ltommath, not the other way around, ie libs should be prepended to LIBTOM_LIBS as they are found, not appended. Note that LIBTOM_LIBS is not used when linking with the bundled libtom libs. Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
To prevent build failures when using system libtom libraries and
linking with --as-needed, LIBTOM_LIBS should be in the order
-ltomcrypt -ltommath, not the other way around, ie libs should be
prepended to LIBTOM_LIBS as they are found, not appended.

Note that LIBTOM_LIBS is not used when linking with the bundled
libtom libs.

Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
dropbear/init: Allow extra arguments for key generation 2016-08-17T09:31:01+00:00 Mike Looijmans mike.looijmans@topic.nl 2016-08-09T12:19:00+00:00 c0efbcb47ab37c2d9c298fcd40ecaadd3ca050a7 This patch adds DROPBEAR_RSAKEY_ARGS and DROPBEAR_DSSKEY_ARGS optional parameters to /etc/default/dropbear. The contents are simply passed to the 'dropbearkey' program when generating a host key. The default keysize for RSA is currently 2048 bits. It takes a CortexA9 running at 700MHz between 4 and 10 seconds to calculate a keypair. The board boots Linux in about a second, but you have to wait for several seconds because of the keypair generation. This patch allows one to put the line DROPBEAR_RSAKEY_ARGS="-s 1024" into /etc/default/dropbear, and have a host key generated in about 0.2 seconds on the same CPU. This is particulary useful for read-only rootfs systems which generate a key on each boot. Signed-off-by: Mike Looijmans <mike.looijmans@topic.nl> Signed-off-by: Ross Burton <ross.burton@intel.com> 
This patch adds DROPBEAR_RSAKEY_ARGS and DROPBEAR_DSSKEY_ARGS optional
parameters to /etc/default/dropbear. The contents are simply passed to
the 'dropbearkey' program when generating a host key.

The default keysize for RSA is currently 2048 bits. It takes a CortexA9
running at 700MHz between 4 and 10 seconds to calculate a keypair. The
board boots Linux in about a second, but you have to wait for several
seconds because of the keypair generation. This patch allows one to put
the line DROPBEAR_RSAKEY_ARGS="-s 1024" into /etc/default/dropbear, and
have a host key generated in about 0.2 seconds on the same CPU. This is
particulary useful for read-only rootfs systems which generate a key on
each boot.

Signed-off-by: Mike Looijmans <mike.looijmans@topic.nl>
Signed-off-by: Ross Burton <ross.burton@intel.com>
dropbear: upgrade to 2016.74 2016-08-01T10:46:36+00:00 Maxin B. John maxin.john@intel.com 2016-07-27T13:02:53+00:00 1513e77d3f7ea9910d6ac8aab7a2f38dd6c7cd24 2016.73 -> 2016.74 Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
2016.73 -> 2016.74

Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
meta: update patch metadata 2016-07-08T08:55:40+00:00 Ross Burton ross.burton@intel.com 2016-06-27T19:59:19+00:00 606a43dc38a00cc243f933722db657aea4129f8e Enforce the correct tag names across all of oe-core for consistency. Signed-off-by: Ross Burton <ross.burton@intel.com> 
Enforce the correct tag names across all of oe-core for consistency.

Signed-off-by: Ross Burton <ross.burton@intel.com>
dropbear: Remove incorrect SFTPSERVER_PATH from CFLAGS 2016-05-30T08:30:31+00:00 Dominic Sacré dominic.sacre@gmx.de 2016-05-25T11:13:44+00:00 df798bca330583103b2301678236cc841cc861dd Openssh now installs the sftp-server binary as /usr/libexec/sftp-server, whereas the dropbear recipe assumes a different path. Dropbear uses the correct path by default, so it's no longer necessary to override SFTPSERVER_PATH via CFLAGS. This fixes SFTP access to systems using dropbear as the SSH server. Signed-off-by: Dominic Sacré <dominic.sacre@gmx.de> Signed-off-by: Ross Burton <ross.burton@intel.com> 
Openssh now installs the sftp-server binary as /usr/libexec/sftp-server,
whereas the dropbear recipe assumes a different path.
Dropbear uses the correct path by default, so it's no longer necessary
to override SFTPSERVER_PATH via CFLAGS.

This fixes SFTP access to systems using dropbear as the SSH server.

Signed-off-by: Dominic Sacré <dominic.sacre@gmx.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
dropbear: Upgrade 2015.71 -> 2016.73 2016-05-25T06:49:54+00:00 Jussi Kukkonen jussi.kukkonen@intel.com 2016-05-23T12:44:05+00:00 b1613c946d1d6e5d7f5964e4d24f1d3146dfe39e Backport a patch to fix out-of-tree build. Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Backport a patch to fix out-of-tree build.

Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
dropbear.inc: drop legacy CFLAGS and LD tweaks 2015-12-12T23:31:42+00:00 Andre McCurdy armccurdy@gmail.com 2015-12-08T21:42:50+00:00 4b17606fbca63a17cafbc285e3efe48c4c54a266 The CFLAGS and LD tweaks in dropbear.inc date back to 2005/2006 and whatever issue they worked around back then seems to have been fixed in the latest versions of dropbear. Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
The CFLAGS and LD tweaks in dropbear.inc date back to 2005/2006 and
whatever issue they worked around back then seems to have been fixed
in the latest versions of dropbear.

Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>