X-Git-Url: http://git.openwrt.org/?a=blobdiff_plain;f=package%2Fnetwork%2Fservices%2Fdropbear%2FMakefile;h=22b769f1529a7786cc588e962f60bc107f3f1e9e;hb=80568e58545fc2c3622022bbbc77ea36987fefa5;hp=9d62e926b41787a226f73a00fd28b76aaa9dfff4;hpb=4d1c75c601b3675f802ff3e7658e46be9aeabd6b;p=openwrt%2Fopenwrt.git diff --git a/package/network/services/dropbear/Makefile b/package/network/services/dropbear/Makefile index 9d62e926b4..22b769f152 100644 --- a/package/network/services/dropbear/Makefile +++ b/package/network/services/dropbear/Makefile @@ -8,27 +8,32 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dropbear -PKG_VERSION:=2016.73 +PKG_VERSION:=2019.78 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:= \ http://matt.ucc.asn.au/dropbear/releases/ \ https://dropbear.nl/mirror/releases/ -PKG_MD5SUM:=8d6d78ce60ca52350ec04fcbd711ce9b +PKG_HASH:=525965971272270995364a0eb01f35180d793182e63dd0b0c3eb0292291644a4 PKG_LICENSE:=MIT PKG_LICENSE_FILES:=LICENSE libtomcrypt/LICENSE libtommath/LICENSE +PKG_CPE_ID:=cpe:/a:matt_johnston:dropbear_ssh_server PKG_BUILD_PARALLEL:=1 PKG_USE_MIPS16:=0 +PKG_FIXUP:=autoreconf -PKG_CONFIG_DEPENDS:=CONFIG_TARGET_INIT_PATH CONFIG_DROPBEAR_ECC CONFIG_DROPBEAR_CURVE25519 +PKG_CONFIG_DEPENDS:= \ + CONFIG_TARGET_INIT_PATH CONFIG_DROPBEAR_ECC CONFIG_DROPBEAR_ECC_FULL \ + CONFIG_DROPBEAR_CURVE25519 CONFIG_DROPBEAR_ZLIB \ + CONFIG_DROPBEAR_UTMP CONFIG_DROPBEAR_PUTUTLINE include $(INCLUDE_DIR)/package.mk ifneq ($(DUMP),1) - STAMP_CONFIGURED:=$(strip $(STAMP_CONFIGURED))_$(shell $(SH_FUNC) echo $(CONFIG_TARGET_INIT_PATH) | md5s) + STAMP_CONFIGURED:=$(strip $(STAMP_CONFIGURED))_$(shell echo $(CONFIG_TARGET_INIT_PATH) | mkhash md5) endif define Package/dropbear/Default @@ -44,6 +49,11 @@ define Package/dropbear SECTION:=net CATEGORY:=Base system TITLE:=Small SSH2 client/server + DEPENDS:= +DROPBEAR_ZLIB:zlib + ALTERNATIVES:=\ + 100:/usr/bin/ssh:/usr/sbin/dropbear \ + 100:/usr/bin/scp:/usr/sbin/dropbear \ + endef define Package/dropbear/description @@ -51,8 +61,9 @@ define Package/dropbear/description endef define Package/dropbear/conffiles +$(if $(CONFIG_DROPBEAR_ECC),/etc/dropbear/dropbear_ecdsa_host_key) /etc/dropbear/dropbear_rsa_host_key -/etc/config/dropbear +/etc/config/dropbear endef define Package/dropbearconvert @@ -66,7 +77,6 @@ CONFIGURE_ARGS += \ --disable-pam \ --enable-openpty \ --enable-syslog \ - $(if $(CONFIG_SHADOW_PASSWORDS),,--disable-shadow) \ --disable-lastlog \ --disable-utmpx \ $(if $(CONFIG_DROPBEAR_UTMP),,--disable-utmp) \ @@ -75,34 +85,44 @@ CONFIGURE_ARGS += \ --disable-loginfunc \ $(if $(CONFIG_DROPBEAR_PUTUTLINE),,--disable-pututline) \ --disable-pututxline \ - --disable-zlib \ + $(if $(CONFIG_DROPBEAR_ZLIB),,--disable-zlib) \ --enable-bundled-libtom -TARGET_CFLAGS += -DDEFAULT_PATH=\\\"$(CONFIG_TARGET_INIT_PATH)\\\" -DARGTYPE=3 -ffunction-sections -fdata-sections -TARGET_LDFLAGS += -Wl,--gc-sections +TARGET_CFLAGS += -DARGTYPE=3 -ffunction-sections -fdata-sections -flto +TARGET_LDFLAGS += -Wl,--gc-sections -flto=jobserver define Build/Configure + : > $(PKG_BUILD_DIR)/localoptions.h + $(Build/Configure/Default) - $(SED) 's,^#define DEFAULT_PATH .*$$$$,#define DEFAULT_PATH "$(CONFIG_TARGET_INIT_PATH)",g' \ - $(PKG_BUILD_DIR)/options.h + echo '#define DEFAULT_PATH "$(TARGET_INIT_PATH)"' >> \ + $(PKG_BUILD_DIR)/localoptions.h - awk 'BEGIN { rc = 1 } \ - /'DROPBEAR_CURVE25519'/ { $$$$0 = "$(if $(CONFIG_DROPBEAR_CURVE25519),,// )#define 'DROPBEAR_CURVE25519'"; rc = 0 } \ - { print } \ - END { exit(rc) }' $(PKG_BUILD_DIR)/options.h \ - >$(PKG_BUILD_DIR)/options.h.new && \ - mv $(PKG_BUILD_DIR)/options.h.new $(PKG_BUILD_DIR)/options.h + echo '#define DROPBEAR_CURVE25519 $(if $(CONFIG_DROPBEAR_CURVE25519),1,0)' >> \ + $(PKG_BUILD_DIR)/localoptions.h - # Enforce that all replacements are made, otherwise options.h has changed - # format and this logic is broken. for OPTION in DROPBEAR_ECDSA DROPBEAR_ECDH; do \ - awk 'BEGIN { rc = 1 } \ - /'$$$$OPTION'/ { $$$$0 = "$(if $(CONFIG_DROPBEAR_ECC),,// )#define '$$$$OPTION'"; rc = 0 } \ - { print } \ - END { exit(rc) }' $(PKG_BUILD_DIR)/options.h \ - >$(PKG_BUILD_DIR)/options.h.new && \ - mv $(PKG_BUILD_DIR)/options.h.new $(PKG_BUILD_DIR)/options.h || exit 1; \ + echo "#define $$$$OPTION $(if $(CONFIG_DROPBEAR_ECC),1,0)" >> \ + $(PKG_BUILD_DIR)/localoptions.h; \ + done + + # remove protocol idented software version number + $(ESED) 's,^(#define LOCAL_IDENT) .*$$$$,\1 "SSH-2.0-dropbear",g' \ + $(PKG_BUILD_DIR)/sysoptions.h + + # disable legacy/unsafe methods and unused functionality + for OPTION in INETD_MODE DROPBEAR_CLI_NETCAT \ + DROPBEAR_3DES DROPBEAR_DSS DROPBEAR_ENABLE_CBC_MODE \ + DROPBEAR_SHA1_96_HMAC DROPBEAR_USE_PASSWORD_ENV; do \ + echo "#define $$$$OPTION 0" >> \ + $(PKG_BUILD_DIR)/localoptions.h; \ + done + + # enable nistp384 and nistp521 only if full ECC support was requested + for OPTION in DROPBEAR_ECC_384 DROPBEAR_ECC_521; do \ + $(ESED) 's,^(#define '$$$$OPTION') .*$$$$,\1 $(if $(CONFIG_DROPBEAR_ECC_FULL),1,0),g' \ + $(PKG_BUILD_DIR)/sysoptions.h; \ done # Enforce rebuild of svr-chansession.c @@ -123,16 +143,15 @@ define Package/dropbear/install $(INSTALL_DIR) $(1)/usr/sbin $(INSTALL_BIN) $(PKG_BUILD_DIR)/dropbearmulti $(1)/usr/sbin/dropbear $(INSTALL_DIR) $(1)/usr/bin - $(LN) ../sbin/dropbear $(1)/usr/bin/scp - $(LN) ../sbin/dropbear $(1)/usr/bin/ssh $(LN) ../sbin/dropbear $(1)/usr/bin/dbclient $(LN) ../sbin/dropbear $(1)/usr/bin/dropbearkey $(INSTALL_DIR) $(1)/etc/config - $(INSTALL_DATA) ./files/dropbear.config $(1)/etc/config/dropbear + $(INSTALL_CONF) ./files/dropbear.config $(1)/etc/config/dropbear $(INSTALL_DIR) $(1)/etc/init.d $(INSTALL_BIN) ./files/dropbear.init $(1)/etc/init.d/dropbear $(INSTALL_DIR) $(1)/usr/lib/opkg/info $(INSTALL_DIR) $(1)/etc/dropbear + $(if $(CONFIG_DROPBEAR_ECC),touch $(1)/etc/dropbear/dropbear_ecdsa_host_key) touch $(1)/etc/dropbear/dropbear_rsa_host_key endef