- awk 'BEGIN { rc = 1 } \
- /'$$$$OPTION'/ { $$$$0 = "$(if $(CONFIG_DROPBEAR_ECC),,// )#define '$$$$OPTION'"; rc = 0 } \
- { print } \
- END { exit(rc) }' $(PKG_BUILD_DIR)/options.h \
- >$(PKG_BUILD_DIR)/options.h.new && \
- mv $(PKG_BUILD_DIR)/options.h.new $(PKG_BUILD_DIR)/options.h || exit 1; \
+ echo "#define $$$$OPTION $(if $(CONFIG_DROPBEAR_ECC),1,0)" >> \
+ $(PKG_BUILD_DIR)/localoptions.h; \
+ done
+
+ # remove protocol idented software version number
+ $(ESED) 's,^(#define LOCAL_IDENT) .*$$$$,\1 "SSH-2.0-dropbear",g' \
+ $(PKG_BUILD_DIR)/sysoptions.h
+
+ # disable legacy/unsafe methods and unused functionality
+ for OPTION in INETD_MODE DROPBEAR_CLI_NETCAT \
+ DROPBEAR_3DES DROPBEAR_DSS DROPBEAR_ENABLE_CBC_MODE \
+ DROPBEAR_SHA1_96_HMAC DROPBEAR_USE_PASSWORD_ENV; do \
+ echo "#define $$$$OPTION 0" >> \
+ $(PKG_BUILD_DIR)/localoptions.h; \
+ done
+
+ # enable nistp384 and nistp521 only if full ECC support was requested
+ for OPTION in DROPBEAR_ECC_384 DROPBEAR_ECC_521; do \
+ $(ESED) 's,^(#define '$$$$OPTION') .*$$$$,\1 $(if $(CONFIG_DROPBEAR_ECC_FULL),1,0),g' \
+ $(PKG_BUILD_DIR)/sysoptions.h; \