Make a lean and mean version, as a basis for filling an initramfs

3 files changed, 9 insertions, 118 deletions

diff --git a/sub/dropbear/Makefile b/sub/dropbear/Makefile
index f804b07..d0941ca 100644
--- a/sub/dropbear/Makefile
+++ b/sub/dropbear/Makefile
@@ -1,4 +1,3 @@
-include sub/dropbear/Makefile.sftp-server
 
 DROPBEAR_VERSION ?= 2019.78
 
@@ -22,20 +21,19 @@ $(OUTPUT)/build-host/.lh_dropbear_patched: $(OUTPUT)/build-host/.lh_dropbear_cop
 	exec setuidgid $(NORMALUSER) cp -f sub/dropbear/localoptions.h $(OUTPUT)/build-host/dropbear-$(DROPBEAR_VERSION)/localoptions.h
 	exec setuidgid $(NORMALUSER) s6-touch $@
 
-$(OUTPUT)/build-host/.lh_dropbear_configured: $(OUTPUT)/build-host/.lh_dropbear_patched $(OUTPUT)/build-host/bin/muslgcc | $(OUTPUT)/build-build/.lh_skarnet_installed
-	exec setuidgid $(NORMALUSER) cd $(OUTPUT)/build-host/dropbear-$(DROPBEAR_VERSION) export ARCH $(KERNEL_ARCH) export CC $(TRIPLE)-muslgcc export LDFLAGS '-s -static' ./configure --host=$(TRIPLE) --prefix=/opt/dropbear-$(DROPBEAR_VERSION) --disable-syslog --disable-lastlog --disable-utmp --disable-utmpx --disable-wtmp --disable-wtmpx --disable-pututline --disable-pututxline --without-pam --enable-bundled-libtom --disable-zlib --enable-static
+$(OUTPUT)/build-host/.lh_dropbear_configured: $(OUTPUT)/build-host/.lh_dropbear_patched | $(OUTPUT)/build-build/.lh_skarnet_installed
+	exec setuidgid $(NORMALUSER) cd $(OUTPUT)/build-host/dropbear-$(DROPBEAR_VERSION) export ARCH $(KERNEL_ARCH) export CC $(BUILD_HOST_CC) export LDFLAGS '-s -static' ./configure --host=$(TRIPLE) --prefix=/opt/dropbear-$(DROPBEAR_VERSION) --disable-syslog --disable-lastlog --disable-utmp --disable-utmpx --disable-wtmp --disable-wtmpx --disable-pututline --disable-pututxline --without-pam --enable-bundled-libtom --disable-zlib --enable-static
 	exec setuidgid $(NORMALUSER) s6-touch $@
 
-$(OUTPUT)/build-host/.lh_dropbear_built: $(OUTPUT)/build-host/.lh_dropbear_configured $(OUTPUT)/build-host/bin/muslgcc | $(OUTPUT)/build-build/.lh_skarnet_installed
-	exec setuidgid $(NORMALUSER) cd $(OUTPUT)/build-host/dropbear-$(DROPBEAR_VERSION) export PROGRAMS "dropbear dbclient dropbearkey dropbearconvert scp" $(MAKE) ARCH=$(KERNEL_ARCH)
+$(OUTPUT)/build-host/.lh_dropbear_built: $(OUTPUT)/build-host/.lh_dropbear_configured | $(OUTPUT)/build-build/.lh_skarnet_installed
+	exec setuidgid $(NORMALUSER) cd $(OUTPUT)/build-host/dropbear-$(DROPBEAR_VERSION) $(MAKE) ARCH=$(KERNEL_ARCH) PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp"
 	exec setuidgid $(NORMALUSER) s6-touch $@
-
-$(OUTPUT)/build-host/.lh_dropbear_installed: $(OUTPUT)/build-host/.lh_dropbear_built $(OUTPUT)/build-host/$(OPENSSH_NAME)-$(OPENSSH_VERSION)/sftp-server $(OUTPUT)/build-host/bin/muslgcc | $(OUTPUT)/tmp/.lh_prepared $(OUTPUT)/build-build/.lh_skarnet_installed
+	
+$(OUTPUT)/build-host/.lh_dropbear_installed: $(OUTPUT)/build-host/.lh_dropbear_built | $(OUTPUT)/tmp/.lh_prepared $(OUTPUT)/build-build/.lh_skarnet_installed
 	exec cd $(OUTPUT)/build-host/dropbear-$(DROPBEAR_VERSION) $(MAKE) install DESTDIR=$(OUTPUT)/rootfs
 	exec makenamelink $(OUTPUT)/rootfs/opt dropbear dropbear-$(DROPBEAR_VERSION) $(OUTPUT)/tmp
 	exec cp -f $(OUTPUT)/build-host/dropbear-$(DROPBEAR_VERSION)/scp $(OUTPUT)/rootfs/opt/dropbear-$(DROPBEAR_VERSION)/bin/scp
+	exec mv -f $(OUTPUT)/rootfs/opt/dropbear-$(DROPBEAR_VERSION)/sbin/dropbear $(OUTPUT)/rootfs/opt/dropbear-$(DROPBEAR_VERSION)/bin/dropbear
+	exec rmdir $(OUTPUT)/rootfs/opt/dropbear-$(DROPBEAR_VERSION)/sbin
 	exec makelinks $(OUTPUT)/rootfs /bin /opt/dropbear/bin
-	exec makelinks $(OUTPUT)/rootfs /bin /opt/dropbear/sbin
-	# The following line happens after the makelinks on purpose: we don't want the sftp-server binary to be exported to /bin
-	exec cp -f $(OUTPUT)/build-host/$(OPENSSH_NAME)-$(OPENSSH_VERSION)/sftp-server $(OUTPUT)/rootfs/opt/dropbear-$(DROPBEAR_VERSION)/bin/sftp-server
 	exec setuidgid $(NORMALUSER) s6-touch $@
diff --git a/sub/dropbear/Makefile.sftp-server b/sub/dropbear/Makefile.sftp-server
deleted file mode 100644
index 9d44911..0000000
--- a/sub/dropbear/Makefile.sftp-server
+++ /dev/null
@@ -1,107 +0,0 @@
-
-ZLIB_VERSION := 1.2.11
-
-$(OUTPUT)/sources/zlib-$(ZLIB_VERSION).tar.gz: | $(OUTPUT)/tmp/.lh_prepared $(OUTPUT)/build-build/.lh_skarnet_installed
-	exec setuidgid $(NORMALUSER) cd $(OUTPUT)/sources wget http://zlib.net/zlib-$(ZLIB_VERSION).tar.gz
-
-$(OUTPUT)/sources/.lh_zlib_dled: $(OUTPUT)/sources/zlib-$(ZLIB_VERSION).tar.gz
-	exec setuidgid $(NORMALUSER) s6-touch $@
-
-$(OUTPUT)/build-host/.lh_zlib_copied: $(OUTPUT)/sources/.lh_zlib_dled $(OUTPUT)/build-build/.lh_skarnet_installed
-	exec setuidgid $(NORMALUSER) s6-rmrf $(OUTPUT)/build-host/zlib-$(ZLIB_VERSION)
-	exec setuidgid $(NORMALUSER) cd $(OUTPUT)/build-host tar zxpvf $(OUTPUT)/sources/zlib-$(ZLIB_VERSION).tar.gz
-	exec setuidgid $(NORMALUSER) s6-touch $@
-
-$(OUTPUT)/build-host/.lh_zlib_configured: $(OUTPUT)/build-host/.lh_zlib_copied $(OUTPUT)/build-host/bin/muslgcc | $(OUTPUT)/build-build/.lh_skarnet_installed
-	exec setuidgid $(NORMALUSER) cd $(OUTPUT)/build-host/zlib-$(ZLIB_VERSION) export CHOST $(TRIPLE) ./configure --prefix=/opt/zlib-$(ZLIB_VERSION) --static
-	exec setuidgid $(NORMALUSER) s6-touch $@
-
-$(OUTPUT)/build-host/.lh_zlib_built: $(OUTPUT)/build-host/.lh_zlib_configured $(OUTPUT)/build-host/bin/muslgcc | $(OUTPUT)/build-build/.lh_skarnet_installed
-	exec setuidgid $(NORMALUSER) cd $(OUTPUT)/build-host/zlib-$(ZLIB_VERSION) $(MAKE) CHOST=$(TRIPLE) CC=$(TRIPLE)-muslgcc
-	exec setuidgid $(NORMALUSER) s6-touch $@
-
-$(OUTPUT)/build-host/.lh_zlib_installed: $(OUTPUT)/build-host/.lh_zlib_built $(OUTPUT)/build-host/bin/muslgcc | $(OUTPUT)/tmp/.lh_prepared $(OUTPUT)/build-build/.lh_skarnet_installed
-	exec cd $(OUTPUT)/build-host/zlib-$(ZLIB_VERSION) $(MAKE) install CHOST=$(TRIPLE) CC=$(TRIPLE)-muslgcc DESTDIR=$(OUTPUT)/build-host
-	exec makenamelink $(OUTPUT)/build-host/opt zlib zlib-$(ZLIB_VERSION) $(OUTPUT)/tmp
-	exec setuidgid $(NORMALUSER) s6-touch $@
-
-
-LIBRESSL_NAME := libressl
-LIBRESSL_VERSION := 2.7.0
-LIBRESSL_URLDIR := https://ftp.openbsd.org/pub/OpenBSD/LibreSSL
-LIBRESSL_TAREXT := tar.gz
-LIBRESSL_TARLETTER := z
-LIBRESSL_CONFIGURE_OPTIONS := --enable-extratests --disable-shared --enable-static --with-gnu-ld
-LIBRESSL_CFLAGS := ""
-LIBRESSL_CONFLDFLAGS := "-s -static"
-LIBRESSL_MAKELDFLAGS := "-s -all-static"
-
-$(OUTPUT)/sources/$(LIBRESSL_NAME)-$(LIBRESSL_VERSION).$(LIBRESSL_TAREXT): | $(OUTPUT)/tmp/.lh_prepared $(OUTPUT)/build-build/.lh_skarnet_installed
-	exec setuidgid $(NORMALUSER) cd $(OUTPUT)/sources wget $(LIBRESSL_URLDIR)/$(LIBRESSL_NAME)-$(LIBRESSL_VERSION).$(LIBRESSL_TAREXT)
-
-$(OUTPUT)/sources/.lh_$(LIBRESSL_NAME)_dled: $(OUTPUT)/sources/$(LIBRESSL_NAME)-$(LIBRESSL_VERSION).$(LIBRESSL_TAREXT) | $(OUTPUT)/build-build/.lh_skarnet_installed
-	exec setuidgid $(NORMALUSER) s6-touch $@
-
-$(OUTPUT)/build-host/.lh_$(LIBRESSL_NAME)_copied: $(OUTPUT)/sources/.lh_$(LIBRESSL_NAME)_dled | $(OUTPUT)/build-build/.lh_skarnet_installed
-	exec setuidgid $(NORMALUSER) s6-rmrf $(OUTPUT)/build-host/$(LIBRESSL_NAME)-$(LIBRESSL_VERSION)
-	exec setuidgid $(NORMALUSER) cd $(OUTPUT)/build-host tar $(LIBRESSL_TARLETTER)xpvf $(OUTPUT)/sources/$(LIBRESSL_NAME)-$(LIBRESSL_VERSION).$(LIBRESSL_TAREXT)
-	exec setuidgid $(NORMALUSER) s6-touch $@
-
-$(OUTPUT)/build-host/.lh_$(LIBRESSL_NAME)_configured: $(OUTPUT)/build-host/.lh_$(LIBRESSL_NAME)_copied $(OUTPUT)/build-host/.lh_zlib_installed $(OUTPUT)/build-host/bin/muslgcc | $(OUTPUT)/build-build/.lh_skarnet_installed
-	exec setuidgid $(NORMALUSER) cd $(OUTPUT)/build-host/$(LIBRESSL_NAME)-$(LIBRESSL_VERSION) export CFLAGS $(LIBRESSL_CFLAGS) export LDFLAGS $(LIBRESSL_CONFLDFLAGS) export CC muslgcc ./configure --host=$(TRIPLE) --prefix=/opt/$(LIBRESSL_NAME)-$(LIBRESSL_VERSION) $(LIBRESSL_CONFIGURE_OPTIONS)
-	exec setuidgid $(NORMALUSER) s6-touch $@
-
-$(OUTPUT)/build-host/.lh_$(LIBRESSL_NAME)_built: $(OUTPUT)/build-host/.lh_$(LIBRESSL_NAME)_configured $(OUTPUT)/build-host/bin/muslgcc | $(OUTPUT)/build-build/.lh_skarnet_installed
-	exec setuidgid $(NORMALUSER) cd $(OUTPUT)/build-host/$(LIBRESSL_NAME)-$(LIBRESSL_VERSION) $(MAKE) LDFLAGS=$(LIBRESSL_MAKELDFLAGS) CC=muslgcc
-	exec setuidgid $(NORMALUSER) s6-touch $@
-
-$(OUTPUT)/build-host/.lh_$(LIBRESSL_NAME)_installed: $(OUTPUT)/build-host/.lh_$(LIBRESSL_NAME)_built $(OUTPUT)/build-host/bin/muslgcc | $(OUTPUT)/tmp/.lh_prepared $(OUTPUT)/build-build/.lh_skarnet_installed
-	exec cd $(OUTPUT)/build-host/$(LIBRESSL_NAME)-$(LIBRESSL_VERSION) $(MAKE) install DESTDIR=$(OUTPUT)/build-host
-	exec makenamelink $(OUTPUT)/build-host/opt $(LIBRESSL_NAME) $(LIBRESSL_NAME)-$(LIBRESSL_VERSION) $(OUTPUT)/tmp
-	exec makelinks $(OUTPUT)/build-host /bin /opt/$(LIBRESSL_NAME)/bin
-	exec setuidgid $(NORMALUSER) s6-touch $@
-
-
-OPENSSH_NAME := openssh
-OPENSSH_VERSION := 7.6p1
-OPENSSH_URLDIR := http://ftp2.fr.openbsd.org/pub/OpenBSD/OpenSSH/portable
-OPENSSH_TAREXT := tar.gz
-OPENSSH_TARLETTER := z
-OPENSSH_CONFIGURE_OPTIONS := \
- --disable-etc-default-login \
- --disable-lastlog \
- --disable-utmp \
- --disable-utmpx \
- --disable-wtmp \
- --disable-wtmpx \
- --disable-libutil \
- --disable-pututline \
- --disable-pututxline \
- --without-rpath \
- --without-pie \
- --with-ssl-dir=$(OUTPUT)/build-host/opt/libressl \
- --with-cflags="-I$(OUTPUT)/build-host/opt/zlib/include -I$(OUTPUT)/build-host/opt/libressl/include" \
- --with-ldflags="-s -static -L$(OUTPUT)/build-host/opt/zlib/lib -L$(OUTPUT)/build-host/opt/libressl/lib"
- --with-privsep-user=65534 \
- --with-sandbox=rlimit \
- --with-mantype=cat \
- --with-md5-passwords
-
-
-$(OUTPUT)/sources/$(OPENSSH_NAME)-$(OPENSSH_VERSION).$(OPENSSH_TAREXT): | $(OUTPUT)/tmp/.lh_prepared $(OUTPUT)/build-build/.lh_skarnet_installed
-	exec setuidgid $(NORMALUSER) cd $(OUTPUT)/sources wget $(OPENSSH_URLDIR)/$(OPENSSH_NAME)-$(OPENSSH_VERSION).$(OPENSSH_TAREXT)
-
-$(OUTPUT)/sources/.lh_$(OPENSSH_NAME)_dled: $(OUTPUT)/sources/$(OPENSSH_NAME)-$(OPENSSH_VERSION).$(OPENSSH_TAREXT) | $(OUTPUT)/build-build/.lh_skarnet_installed
-	exec setuidgid $(NORMALUSER) s6-touch $@
-
-$(OUTPUT)/build-host/.lh_$(OPENSSH_NAME)_copied: $(OUTPUT)/sources/.lh_$(OPENSSH_NAME)_dled | $(OUTPUT)/build-build/.lh_skarnet_installed
-	exec setuidgid $(NORMALUSER) s6-rmrf $(OUTPUT)/build-host/$(OPENSSH_NAME)-$(OPENSSH_VERSION)
-	exec setuidgid $(NORMALUSER) cd $(OUTPUT)/build-host tar $(OPENSSH_TARLETTER)xpvf $(OUTPUT)/sources/$(OPENSSH_NAME)-$(OPENSSH_VERSION).$(OPENSSH_TAREXT)
-	exec setuidgid $(NORMALUSER) s6-touch $@
-
-$(OUTPUT)/build-host/.lh_$(OPENSSH_NAME)_configured: $(OUTPUT)/build-host/.lh_$(OPENSSH_NAME)_copied $(OUTPUT)/build-host/.lh_zlib_installed $(OUTPUT)/build-host/.lh_$(LIBRESSL_NAME)_installed $(OUTPUT)/build-host/bin/muslgcc | $(OUTPUT)/build-build/.lh_skarnet_installed
-	exec setuidgid $(NORMALUSER) cd $(OUTPUT)/build-host/$(OPENSSH_NAME)-$(OPENSSH_VERSION) export CC "muslgcc -I$(OUTPUT)/build-host/opt/zlib/include -I$(OUTPUT)/build-host/opt/libressl/include -L$(OUTPUT)/build-host/opt/zlib/lib -L$(OUTPUT)/build-host/opt/libressl/lib -s -static" ./configure --host=$(TRIPLE) --prefix=/opt/$(OPENSSH_NAME)-$(OPENSSH_VERSION) $(OPENSSH_CONFIGURE_OPTIONS)
-	exec setuidgid $(NORMALUSER) s6-touch $@
-
-$(OUTPUT)/build-host/$(OPENSSH_NAME)-$(OPENSSH_VERSION)/sftp-server: $(OUTPUT)/build-host/.lh_$(OPENSSH_NAME)_configured $(OUTPUT)/build-host/bin/muslgcc | $(OUTPUT)/build-build/.lh_skarnet_installed
-	exec setuidgid $(NORMALUSER) cd $(OUTPUT)/build-host/$(OPENSSH_NAME)-$(OPENSSH_VERSION) $(MAKE) sftp-server CC=muslgcc
diff --git a/sub/dropbear/localoptions.h b/sub/dropbear/localoptions.h
index 493cec3..bdf864b 100644
--- a/sub/dropbear/localoptions.h
+++ b/sub/dropbear/localoptions.h
@@ -16,7 +16,7 @@
 #define DROPBEAR_DH_GROUP16 1
 
 #define XAUTH_COMMAND "/bin/xauth -q"
-#define SFTPSERVER_PATH "/opt/dropbear/bin/sftp-server"
+#undef SFTPSERVER_PATH
 #define DROPBEAR_PATH_SSH_PROGRAM "/bin/dbclient"
 #define DEFAULT_PATH "/command:/bin"