X-Git-Url: http://git.openwrt.org/?a=blobdiff_plain;f=package%2Fnetwork%2Fservices%2Fdropbear%2FMakefile;h=77104431db9092edd93a5327243b7e6750e7f75b;hb=7f6fcaa3bf89ded78886e0b2238fe019cd9705cd;hp=b7708b1d05540b9d19331449bba12a8a27a84f07;hpb=9e355444a65cbde194e6a404d16d09eab3fe2fd6;p=openwrt%2Fstaging%2Fjow.git diff --git a/package/network/services/dropbear/Makefile b/package/network/services/dropbear/Makefile index b7708b1d05..77104431db 100644 --- a/package/network/services/dropbear/Makefile +++ b/package/network/services/dropbear/Makefile @@ -1,5 +1,5 @@ # -# Copyright (C) 2006-2012 OpenWrt.org +# Copyright (C) 2006-2020 OpenWrt.org # # This is free software, licensed under the GNU General Public License v2. # See /LICENSE for more information. @@ -8,24 +8,45 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dropbear -PKG_VERSION:=2012.55 -PKG_RELEASE:=2 +PKG_VERSION:=2022.83 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:= \ - http://matt.ucc.asn.au/dropbear/releases/ \ - http://www.mirrors.wiretapped.net/security/cryptography/apps/ssh/dropbear/ -PKG_MD5SUM:=8c784baec3054cdb1bb4bfa792c87812 + https://matt.ucc.asn.au/dropbear/releases/ \ + https://dropbear.nl/mirror/releases/ +PKG_HASH:=bc5a121ffbc94b5171ad5ebe01be42746d50aa797c9549a4639894a16749443b PKG_LICENSE:=MIT PKG_LICENSE_FILES:=LICENSE libtomcrypt/LICENSE libtommath/LICENSE +PKG_CPE_ID:=cpe:/a:matt_johnston:dropbear_ssh_server PKG_BUILD_PARALLEL:=1 +PKG_ASLR_PIE_REGULAR:=1 +PKG_BUILD_FLAGS:=no-mips16 gc-sections lto +PKG_FIXUP:=autoreconf +PKG_FLAGS:=nonshared + +PKG_CONFIG_DEPENDS:= \ + CONFIG_TARGET_INIT_PATH CONFIG_DROPBEAR_ECC CONFIG_DROPBEAR_ECC_FULL \ + CONFIG_DROPBEAR_CURVE25519 CONFIG_DROPBEAR_ZLIB \ + CONFIG_DROPBEAR_ED25519 CONFIG_DROPBEAR_CHACHA20POLY1305 \ + CONFIG_DROPBEAR_UTMP CONFIG_DROPBEAR_PUTUTLINE \ + CONFIG_DROPBEAR_DBCLIENT CONFIG_DROPBEAR_SCP CONFIG_DROPBEAR_ASKPASS \ + CONFIG_DROPBEAR_DBCLIENT_AGENTFORWARD CONFIG_DROPBEAR_AGENTFORWARD include $(INCLUDE_DIR)/package.mk +ifneq ($(DUMP),1) + STAMP_CONFIGURED:=$(strip $(STAMP_CONFIGURED))_$(shell echo $(CONFIG_TARGET_INIT_PATH) | $(MKHASH) md5) +endif + define Package/dropbear/Default - URL:=http://matt.ucc.asn.au/dropbear/ + URL:=https://matt.ucc.asn.au/dropbear/ +endef + +define Package/dropbear/config + source "$(SOURCE)/Config.in" endef define Package/dropbear @@ -33,6 +54,13 @@ define Package/dropbear SECTION:=net CATEGORY:=Base system TITLE:=Small SSH2 client/server + DEPENDS:= +DROPBEAR_ZLIB:zlib + ALTERNATIVES:= + $(if $(CONFIG_DROPBEAR_SCP),ALTERNATIVES+= \ + 100:/usr/bin/scp:/usr/sbin/dropbear,) + $(if $(CONFIG_DROPBEAR_DBCLIENT),ALTERNATIVES+= \ + 100:/usr/bin/ssh:/usr/sbin/dropbear,) + endef define Package/dropbear/description @@ -40,9 +68,10 @@ define Package/dropbear/description endef define Package/dropbear/conffiles +$(if $(CONFIG_DROPBEAR_ED25519),/etc/dropbear/dropbear_ed25519_host_key) +$(if $(CONFIG_DROPBEAR_ECC),/etc/dropbear/dropbear_ecdsa_host_key) /etc/dropbear/dropbear_rsa_host_key -/etc/dropbear/dropbear_dss_host_key -/etc/config/dropbear +/etc/config/dropbear endef define Package/dropbearconvert @@ -50,35 +79,126 @@ define Package/dropbearconvert SECTION:=utils CATEGORY:=Utilities TITLE:=Utility for converting SSH keys + DEPENDS:= +DROPBEAR_ZLIB:zlib endef CONFIGURE_ARGS += \ - --with-shared \ --disable-pam \ --enable-openpty \ --enable-syslog \ - $(if $(CONFIG_SHADOW_PASSWORDS),,--disable-shadow) \ --disable-lastlog \ - --disable-utmp \ --disable-utmpx \ + $(if $(CONFIG_DROPBEAR_UTMP),,--disable-utmp) \ --disable-wtmp \ --disable-wtmpx \ --disable-loginfunc \ - --disable-pututline \ + $(if $(CONFIG_DROPBEAR_PUTUTLINE),,--disable-pututline) \ --disable-pututxline \ - --disable-zlib \ + $(if $(CONFIG_DROPBEAR_ZLIB),,--disable-zlib) \ --enable-bundled-libtom -TARGET_CFLAGS += -DARGTYPE=3 -ffunction-sections -fdata-sections -TARGET_LDFLAGS += -Wl,--gc-sections +############################################################################## +# +# option,value - add option to localoptions.h +# !!option,value - replace option in sysoptions.h +# +############################################################################## + +# remove protocol idented software version number: +# - LOCAL_IDENT +# disable legacy/unsafe methods and unused functionality: +# - DROPBEAR_CLI_NETCAT +# - DROPBEAR_DSS +# - DO_MOTD +# - DROPBEAR_DH_GROUP14_SHA1 +# - DROPBEAR_SHA1_HMAC +DB_OPT_COMMON = \ + !!LOCAL_IDENT,"SSH-2.0-dropbear" \ + DEFAULT_PATH,"$(TARGET_INIT_PATH)" \ + DEFAULT_ROOT_PATH,"$(TARGET_INIT_PATH)" \ + DROPBEAR_DSS,0 \ + DROPBEAR_CLI_NETCAT,0 \ + DO_MOTD,0 \ + DROPBEAR_DH_GROUP14_SHA1,0 \ + DROPBEAR_SHA1_HMAC,0 \ + + +############################################################################## +# +# option,config,enabled,disabled = add option to localoptions.h +# !!option,config,enabled,disabled = replace option in sysoptions.h +# +# option := (config) ? enabled : disabled +# +############################################################################## + +DB_OPT_CONFIG = \ + !!DROPBEAR_ECC_384,CONFIG_DROPBEAR_ECC_FULL,1,0 \ + !!DROPBEAR_ECC_521,CONFIG_DROPBEAR_ECC_FULL,1,0 \ + DROPBEAR_CURVE25519,CONFIG_DROPBEAR_CURVE25519,1,0 \ + DROPBEAR_CHACHA20POLY1305,CONFIG_DROPBEAR_CHACHA20POLY1305,1,0 \ + DROPBEAR_ED25519,CONFIG_DROPBEAR_ED25519,1,0 \ + DROPBEAR_SK_ED25519,CONFIG_DROPBEAR_ED25519,1,0 \ + DROPBEAR_ECDSA,CONFIG_DROPBEAR_ECC,1,0 \ + DROPBEAR_SK_ECDSA,CONFIG_DROPBEAR_ECC,1,0 \ + DROPBEAR_ECDH,CONFIG_DROPBEAR_ECC,1,0 \ + DROPBEAR_CLI_ASKPASS_HELPER,CONFIG_DROPBEAR_ASKPASS,1,0 \ + DROPBEAR_CLI_AGENTFWD,CONFIG_DROPBEAR_DBCLIENT_AGENTFORWARD,1,0 \ + DROPBEAR_SVR_AGENTFWD,CONFIG_DROPBEAR_AGENTFORWARD,1,0 \ + + +TARGET_CFLAGS += -DARGTYPE=3 + +xsedx:=$(shell printf '\027') + +db_opt_add =echo '\#define $(1) $(2)' >> $(PKG_BUILD_DIR)/localoptions.h +db_opt_replace =$(ESED) '/^\#define $(1) .*$$$$/{h;:a;$$$$!n;/^\#.+$$$$/bb;/^$$$$/bb;H;ba;:b;x;s$(xsedx)^.+$$$$$(xsedx)\#define $(1) $(2)$(xsedx)p;x};p' -n $(PKG_BUILD_DIR)/sysoptions.h + +define Build/Configure/dropbear_headers + $(strip $(foreach s,$(DB_OPT_COMMON), \ + $(if $(filter !!%,$(word 1,$(subst $(comma),$(space),$(s)))), \ + $(call db_opt_replace,$(patsubst !!%,%,$(word 1,$(subst $(comma),$(space),$(s)))),$(subst $(space),$(comma),$(wordlist 2,$(words $(subst $(comma),$(space),$(s))),$(subst $(comma),$(space),$(s))))), \ + $(call db_opt_add,$(word 1,$(subst $(comma),$(space),$(s))),$(subst $(space),$(comma),$(wordlist 2,$(words $(subst $(comma),$(space),$(s))),$(subst $(comma),$(space),$(s))))) \ + ) ; \ + )) + + $(strip $(foreach s,$(DB_OPT_CONFIG), \ + $(if $(filter !!%,$(word 1,$(subst $(comma),$(space),$(s)))), \ + $(call db_opt_replace,$(patsubst !!%,%,$(word 1,$(subst $(comma),$(space),$(s)))),$(if $($(word 2,$(subst $(comma),$(space),$(s)))),$(word 3,$(subst $(comma),$(space),$(s))),$(word 4,$(subst $(comma),$(space),$(s))))), \ + $(call db_opt_add,$(word 1,$(subst $(comma),$(space),$(s))),$(if $($(word 2,$(subst $(comma),$(space),$(s)))),$(word 3,$(subst $(comma),$(space),$(s))),$(word 4,$(subst $(comma),$(space),$(s))))) \ + ) ; \ + )) +endef + +define Build/Configure/dropbear_objects + grep -ERZl -e '($(subst $(space),|,$(strip $(sort $(patsubst !!%,%,$(foreach s,$(DB_OPT_COMMON) $(DB_OPT_CONFIG),$(word 1,$(subst $(comma),$(space),$(s)))))))))' \ + $(PKG_BUILD_DIR)/ | sed -zE 's/^(.+)\.[^.]+$$$$/\1.o/' | sort -uV | xargs -0 -r rm -fv || : +endef + +define Build/Configure + rm -f $(PKG_BUILD_DIR)/localoptions.h + $(Build/Configure/Default) + + : > $(PKG_BUILD_DIR)/localoptions.h + $(Build/Configure/dropbear_headers) + + # Enforce rebuild of files depending on configured options + $(Build/Configure/dropbear_objects) + + # Rebuild them on config change + +$(MAKE) -C $(PKG_BUILD_DIR)/libtomcrypt clean + +$(MAKE) -C $(PKG_BUILD_DIR)/libtommath clean +endef define Build/Compile +$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \ $(TARGET_CONFIGURE_OPTS) \ - PROGRAMS="dropbear dbclient dropbearkey scp" \ + IGNORE_SPEED=1 \ + PROGRAMS="dropbear $(if $(CONFIG_DROPBEAR_DBCLIENT),dbclient,) dropbearkey $(if $(CONFIG_DROPBEAR_SCP),scp,)" \ MULTI=1 SCPPROGRESS=1 +$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \ $(TARGET_CONFIGURE_OPTS) \ + IGNORE_SPEED=1 \ PROGRAMS="dropbearconvert" endef @@ -86,18 +206,19 @@ define Package/dropbear/install $(INSTALL_DIR) $(1)/usr/sbin $(INSTALL_BIN) $(PKG_BUILD_DIR)/dropbearmulti $(1)/usr/sbin/dropbear $(INSTALL_DIR) $(1)/usr/bin - ln -sf ../sbin/dropbear $(1)/usr/bin/scp - ln -sf ../sbin/dropbear $(1)/usr/bin/ssh - ln -sf ../sbin/dropbear $(1)/usr/bin/dbclient - ln -sf ../sbin/dropbear $(1)/usr/bin/dropbearkey + $(if $(CONFIG_DROPBEAR_DBCLIENT),$(LN) ../sbin/dropbear $(1)/usr/bin/dbclient,) + $(LN) ../sbin/dropbear $(1)/usr/bin/dropbearkey $(INSTALL_DIR) $(1)/etc/config - $(INSTALL_DATA) ./files/dropbear.config $(1)/etc/config/dropbear + $(INSTALL_CONF) ./files/dropbear.config $(1)/etc/config/dropbear $(INSTALL_DIR) $(1)/etc/init.d $(INSTALL_BIN) ./files/dropbear.init $(1)/etc/init.d/dropbear $(INSTALL_DIR) $(1)/usr/lib/opkg/info $(INSTALL_DIR) $(1)/etc/dropbear + $(INSTALL_DIR) $(1)/lib/preinit + $(INSTALL_DATA) ./files/dropbear.failsafe $(1)/lib/preinit/99_10_failsafe_dropbear + $(if $(CONFIG_DROPBEAR_ED25519),touch $(1)/etc/dropbear/dropbear_ed25519_host_key) + $(if $(CONFIG_DROPBEAR_ECC),touch $(1)/etc/dropbear/dropbear_ecdsa_host_key) touch $(1)/etc/dropbear/dropbear_rsa_host_key - touch $(1)/etc/dropbear/dropbear_dss_host_key endef define Package/dropbearconvert/install