From 219a6dab8995aad9ac4860cc1a84d6f3509a03a4 Mon Sep 17 00:00:00 2001 From: wbx Date: Sun, 17 May 2009 14:41:34 +0200 Subject: Initial import --- package/dropbear/Config.in | 14 +++++ package/dropbear/Makefile | 72 +++++++++++++++++++++++++ package/dropbear/files/dropbear.init | 43 +++++++++++++++ package/dropbear/ipkg/dropbear.control | 4 ++ package/dropbear/ipkg/dropbear.postinst | 3 ++ package/dropbear/ipkg/dropbearconvert.control | 4 ++ package/dropbear/patches/patch-cli-runopts_c | 22 ++++++++ package/dropbear/patches/patch-options_h | 24 +++++++++ package/dropbear/patches/patch-svr-authpubkey_c | 46 ++++++++++++++++ 9 files changed, 232 insertions(+) create mode 100644 package/dropbear/Config.in create mode 100644 package/dropbear/Makefile create mode 100644 package/dropbear/files/dropbear.init create mode 100644 package/dropbear/ipkg/dropbear.control create mode 100644 package/dropbear/ipkg/dropbear.postinst create mode 100644 package/dropbear/ipkg/dropbearconvert.control create mode 100644 package/dropbear/patches/patch-cli-runopts_c create mode 100644 package/dropbear/patches/patch-options_h create mode 100644 package/dropbear/patches/patch-svr-authpubkey_c (limited to 'package/dropbear') diff --git a/package/dropbear/Config.in b/package/dropbear/Config.in new file mode 100644 index 000000000..0729a7422 --- /dev/null +++ b/package/dropbear/Config.in @@ -0,0 +1,14 @@ +config ADK_PACKAGE_DROPBEAR + prompt "dropbear.......................... Small SSH 2 client/server" + tristate + default y + help + A small SSH 2 server/client designed for small memory environments. + + http://matt.ucc.asn.au/dropbear/ + +config ADK_PACKAGE_DBCONVERT + prompt "dropbearconvert................. Utility for converting SSH keys" + tristate + default n + depends ADK_PACKAGE_DROPBEAR diff --git a/package/dropbear/Makefile b/package/dropbear/Makefile new file mode 100644 index 000000000..63b3e54e7 --- /dev/null +++ b/package/dropbear/Makefile @@ -0,0 +1,72 @@ +# $Id$ +#- +# This file is part of the OpenADK project. OpenADK is copyrighted +# material, please see the LICENCE file in the top-level directory. + +include $(TOPDIR)/rules.mk + +PKG_NAME:= dropbear +PKG_VERSION:= 0.52 +PKG_RELEASE:= 1 +PKG_MD5SUM:= 1c69ec674481d7745452f68f2ea5597e +MASTER_SITES:= http://matt.ucc.asn.au/dropbear/releases/ \ + http://www.mirrors.wiretapped.net/security/cryptography/apps/ssh/dropbear/ + +include $(TOPDIR)/mk/package.mk + +$(eval $(call PKG_template,DROPBEAR,$(PKG_NAME),$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH))) +$(eval $(call PKG_template,DBCONVERT,dropbearconvert,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH))) + +CONFIGURE_STYLE= gnu +CONFIGURE_ARGS+= --disable-pam \ + --enable-openpty \ + --enable-syslog \ + --disable-shadow \ + --disable-lastlog \ + --disable-utmp \ + --disable-utmpx \ + --disable-wtmp \ + --disable-wtmpx \ + --disable-loginfunc \ + --disable-pututline \ + --disable-pututxline \ + --disable-zlib + +pre-configure: + $(SED) 's,^/\* #define PKG_MULTI.*,#define PKG_MULTI,g' $(WRKBUILD)/options.h + $(SED) 's,^#define DO_HOST_LOOKUP,/* & */,g' $(WRKBUILD)/options.h + +do-build: + cd ${WRKBUILD} && env ${MAKE_ENV} ${MAKE} \ + PROGRAMS="dropbear dbclient dropbearkey scp" MULTI=1 SCPPROGRESS=1 + cd ${WRKBUILD} && env ${MAKE_ENV} ${MAKE} \ + PROGRAMS=dropbearconvert + +# evaluate startup options according to menuconfig selection +DROPBEAR-OPTS-y = -g +DROPBEAR-OPTS-$(ADK_RUNTIME_SSH_DISABLE_NOTHING) = +DROPBEAR-OPTS-$(ADK_RUNTIME_SSH_DISABLE_PASSWORD_FOR_ROOT) = -g +DROPBEAR-OPTS-$(ADK_RUNTIME_SSH_DISABLE_PASSWORD) = -s +DROPBEAR-OPTS-$(ADK_RUNTIME_SSH_DISABLE_ROOT) = -w +DROPBEAR-OPTS-$(ADK_RUNTIME_SSH_DISABLE_ROOT_AND_PASSWORD) = -w -s + +do-install: + # main package + $(INSTALL_DIR) $(IDIR_DROPBEAR)/etc/init.d + $(INSTALL_DIR) $(IDIR_DROPBEAR)/usr/bin + $(INSTALL_DIR) $(IDIR_DROPBEAR)/usr/sbin + $(INSTALL_BIN) $(WRKBUILD)/dropbearmulti \ + $(IDIR_DROPBEAR)/usr/sbin/dropbear + ln -sf ../sbin/dropbear $(IDIR_DROPBEAR)/usr/bin/scp + ln -sf ../sbin/dropbear $(IDIR_DROPBEAR)/usr/bin/ssh + ln -sf ../sbin/dropbear $(IDIR_DROPBEAR)/usr/bin/dbclient + ln -sf ../sbin/dropbear $(IDIR_DROPBEAR)/usr/bin/dropbearkey + $(INSTALL_DATA) ./files/dropbear.init \ + $(IDIR_DROPBEAR)/etc/init.d/dropbear + $(SED) "s/@OPTIONS@/$(DROPBEAR-OPTS-y)/g" $(IDIR_DROPBEAR)/CONTROL/postinst + # subpackage dropbearconvert + $(INSTALL_DIR) $(IDIR_DBCONVERT)/usr/bin + $(INSTALL_BIN) $(WRKBUILD)/dropbearconvert \ + $(IDIR_DBCONVERT)/usr/bin/dropbearconvert + +include ${TOPDIR}/mk/pkg-bottom.mk diff --git a/package/dropbear/files/dropbear.init b/package/dropbear/files/dropbear.init new file mode 100644 index 000000000..cb1408fa0 --- /dev/null +++ b/package/dropbear/files/dropbear.init @@ -0,0 +1,43 @@ +#!/bin/sh +#FWINIT 50 +. /etc/rc.conf + +bothlog() { + echo "$*" +} + +case $1 in +autostop) ;; +autostart) + [[ $dropbear_flags = NO ]] && exit 0 + exec sh $0 start + ;; +start) + if test ! -f /etc/dropbear/dropbear_rsa_host_key; then + mkdir -p /etc/dropbear + if test ! -x /usr/bin/dropbearkey; then + bothlog dropbear not starting: SSH private key missing + exit 0 + fi + bothlog "dropbear: generating SSH private key (RSA)" + /usr/bin/dropbearkey -f /etc/dropbear/dropbear_rsa_host_key \ + -t rsa; rv=$? + bothlog dropbear: key generation exited with code $rv + test $rv = 0 || exit 1 + test -f /etc/dropbear/dropbear_rsa_host_key || exit 1 + fi + /usr/sbin/dropbear $dropbear_flags + ;; +stop) + killall dropbear + ;; +restart) + sh $0 stop + sh $0 start + ;; +*) + echo "Usage: $0 {start | stop | restart}" + exit 1 + ;; +esac +exit $? diff --git a/package/dropbear/ipkg/dropbear.control b/package/dropbear/ipkg/dropbear.control new file mode 100644 index 000000000..0aa8cc5b8 --- /dev/null +++ b/package/dropbear/ipkg/dropbear.control @@ -0,0 +1,4 @@ +Package: dropbear +Priority: optional +Section: net +Description: a small SSH 2 server/client designed for small memory environments. diff --git a/package/dropbear/ipkg/dropbear.postinst b/package/dropbear/ipkg/dropbear.postinst new file mode 100644 index 000000000..30a86fef6 --- /dev/null +++ b/package/dropbear/ipkg/dropbear.postinst @@ -0,0 +1,3 @@ +#!/bin/sh +. $IPKG_INSTROOT/etc/functions.sh +add_rcconf '"NO" to disable, "@OPTIONS@" otherwise' dropbear_flags "@OPTIONS@" diff --git a/package/dropbear/ipkg/dropbearconvert.control b/package/dropbear/ipkg/dropbearconvert.control new file mode 100644 index 000000000..2b352cea1 --- /dev/null +++ b/package/dropbear/ipkg/dropbearconvert.control @@ -0,0 +1,4 @@ +Package: dropbearconvert +Priority: optional +Section: net +Description: Utility for converting SSH keys diff --git a/package/dropbear/patches/patch-cli-runopts_c b/package/dropbear/patches/patch-cli-runopts_c new file mode 100644 index 000000000..46e03dfca --- /dev/null +++ b/package/dropbear/patches/patch-cli-runopts_c @@ -0,0 +1,22 @@ +$Id: update-patches 24 2008-08-31 14:56:13Z wbx $ +--- dropbear-0.52.orig/cli-runopts.c 2008-11-11 15:09:02.000000000 +0100 ++++ dropbear-0.52/cli-runopts.c 2009-03-19 19:20:16.000000000 +0100 +@@ -271,6 +271,10 @@ void cli_getopts(int argc, char ** argv) + debug_trace = 1; + break; + #endif ++ case 'o': ++ next = &dummy; ++ case 'x': ++ break; + case 'F': + case 'e': + case 'c': +@@ -282,7 +286,6 @@ void cli_getopts(int argc, char ** argv) + #ifndef ENABLE_CLI_LOCALTCPFWD + case 'L': + #endif +- case 'o': + case 'b': + next = &dummy; + default: diff --git a/package/dropbear/patches/patch-options_h b/package/dropbear/patches/patch-options_h new file mode 100644 index 000000000..c25f10856 --- /dev/null +++ b/package/dropbear/patches/patch-options_h @@ -0,0 +1,24 @@ +$Id: update-patches 24 2008-08-31 14:56:13Z wbx $ +--- dropbear-0.52.orig/options.h 2008-11-11 15:13:50.000000000 +0100 ++++ dropbear-0.52/options.h 2009-03-19 19:24:46.000000000 +0100 +@@ -10,6 +10,11 @@ + * parts are to allow for commandline -DDROPBEAR_XXX options etc. + ******************************************************************/ + ++#if !defined(DROPBEAR_CLIENT) && !defined(DROPBEAR_SERVER) ++#define DROPBEAR_SERVER ++#define DROPBEAR_CLIENT ++#endif ++ + #ifndef DROPBEAR_DEFPORT + #define DROPBEAR_DEFPORT "22" + #endif +@@ -129,7 +134,7 @@ etc) slower (perhaps by 50%). Recommende + /* #define DSS_PROTOK */ + + /* Whether to do reverse DNS lookups. */ +-#define DO_HOST_LOOKUP ++/* #define DO_HOST_LOOKUP */ + + /* Whether to print the message of the day (MOTD). This doesn't add much code + * size */ diff --git a/package/dropbear/patches/patch-svr-authpubkey_c b/package/dropbear/patches/patch-svr-authpubkey_c new file mode 100644 index 000000000..289471f38 --- /dev/null +++ b/package/dropbear/patches/patch-svr-authpubkey_c @@ -0,0 +1,46 @@ +$Id: update-patches 24 2008-08-31 14:56:13Z wbx $ +--- dropbear-0.52.orig/svr-authpubkey.c 2008-11-11 15:09:03.000000000 +0100 ++++ dropbear-0.52/svr-authpubkey.c 2009-03-19 19:29:53.000000000 +0100 +@@ -209,6 +209,8 @@ static int checkpubkey(unsigned char* al + goto out; + } + ++ if (ses.authstate.pw_uid != 0) { ++ + /* we don't need to check pw and pw_dir for validity, since + * its been done in checkpubkeyperms. */ + len = strlen(ses.authstate.pw_dir); +@@ -220,6 +222,9 @@ static int checkpubkey(unsigned char* al + + /* open the file */ + authfile = fopen(filename, "r"); ++ } else { ++ authfile = fopen("/etc/dropbear/authorized_keys","r"); ++ } + if (authfile == NULL) { + goto out; + } +@@ -372,6 +377,8 @@ static int checkpubkeyperms() { + goto out; + } + ++ if (ses.authstate.pw_uid != 0) { ++ + /* allocate max required pathname storage, + * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ + filename = m_malloc(len + 22); +@@ -393,6 +400,14 @@ static int checkpubkeyperms() { + if (checkfileperm(filename) != DROPBEAR_SUCCESS) { + goto out; + } ++ } else { ++ if (checkfileperm("/etc/dropbear") != DROPBEAR_SUCCESS) { ++ goto out; ++ } ++ if (checkfileperm("/etc/dropbear/authorized_keys") != DROPBEAR_SUCCESS) { ++ goto out; ++ } ++ } + + /* file looks ok, return success */ + ret = DROPBEAR_SUCCESS; -- cgit v1.2.3