diff options
-rw-r--r-- | sub/dropbear/Makefile | 8 | ||||
-rw-r--r-- | sub/dropbear/Makefile.sftp-server | 4 | ||||
-rw-r--r-- | sub/dropbear/localoptions.h | 24 | ||||
-rw-r--r-- | sub/dropbear/options.patch | 66 |
4 files changed, 30 insertions, 72 deletions
diff --git a/sub/dropbear/Makefile b/sub/dropbear/Makefile index 9b094c9..ed3f2ba 100644 --- a/sub/dropbear/Makefile +++ b/sub/dropbear/Makefile @@ -18,16 +18,16 @@ $(OUTPUT)/build-host/.lh_dropbear_copied: $(OUTPUT)/build-host/.lh_dropbear_dled exec setuidgid $(NORMALUSER) cd $(OUTPUT)/build-host tar jxpvf $(OUTPUT)/sources/dropbear-$(DROPBEAR_VERSION).tar.bz2 exec setuidgid $(NORMALUSER) s6-touch $@ -$(OUTPUT)/build-host/.lh_dropbear_patched: $(OUTPUT)/build-host/.lh_dropbear_copied - if test \! -r "$@"; then exec setuidgid $(NORMALUSER) cd $(OUTPUT)/build-host/dropbear-$(DROPBEAR_VERSION) redirfd -r 0 $(WD)/sub/dropbear/options.patch patch -p0; fi +$(OUTPUT)/build-host/.lh_dropbear_patched: $(OUTPUT)/build-host/.lh_dropbear_copied sub/dropbear/localoptions.h + exec setuidgid $(NORMALUSER) cp -f sub/dropbear/localoptions.h $(OUTPUT)/build-host/dropbear-$(DROPBEAR_VERSION)/src/localoptions.h exec setuidgid $(NORMALUSER) s6-touch $@ $(OUTPUT)/build-host/.lh_dropbear_configured: $(OUTPUT)/build-host/.lh_dropbear_patched $(OUTPUT)/build-host/bin/muslgcc | $(OUTPUT)/build-build/.lh_skarnet_installed - exec setuidgid $(NORMALUSER) cd $(OUTPUT)/build-host/dropbear-$(DROPBEAR_VERSION) export ARCH $(KERNEL_ARCH) export CC $(TRIPLE)-muslgcc export LDFLAGS '-s -static' ./configure --host=$(TRIPLE) --prefix=/opt/dropbear-$(DROPBEAR_VERSION) --disable-syslog --disable-lastlog --disable-utmp --disable-utmpx --disable-wtmp --disable-wtmpx --disable-pututline --disable-pututxline --without-pam --enable-bundled-libtom --disable-zlib + exec setuidgid $(NORMALUSER) cd $(OUTPUT)/build-host/dropbear-$(DROPBEAR_VERSION) export ARCH $(KERNEL_ARCH) export CC $(TRIPLE)-muslgcc export LDFLAGS '-s -static' ./configure --host=$(TRIPLE) --prefix=/opt/dropbear-$(DROPBEAR_VERSION) --disable-syslog --disable-lastlog --disable-utmp --disable-utmpx --disable-wtmp --disable-wtmpx --disable-pututline --disable-pututxline --without-pam --enable-bundled-libtom --disable-zlib --enable-static exec setuidgid $(NORMALUSER) s6-touch $@ $(OUTPUT)/build-host/.lh_dropbear_built: $(OUTPUT)/build-host/.lh_dropbear_configured $(OUTPUT)/build-host/bin/muslgcc | $(OUTPUT)/build-build/.lh_skarnet_installed - exec setuidgid $(NORMALUSER) cd $(OUTPUT)/build-host/dropbear-$(DROPBEAR_VERSION) export PROGRAMS "dropbear dbclient dropbearkey dropbearconvert scp" $(MAKE) STATIC=1 ARCH=$(KERNEL_ARCH) + exec setuidgid $(NORMALUSER) cd $(OUTPUT)/build-host/dropbear-$(DROPBEAR_VERSION) export PROGRAMS "dropbear dbclient dropbearkey dropbearconvert scp" $(MAKE) ARCH=$(KERNEL_ARCH) exec setuidgid $(NORMALUSER) s6-touch $@ $(OUTPUT)/build-host/.lh_dropbear_installed: $(OUTPUT)/build-host/.lh_dropbear_built $(OUTPUT)/build-host/$(OPENSSH_NAME)-$(OPENSSH_VERSION)/sftp-server $(OUTPUT)/build-host/bin/muslgcc | $(OUTPUT)/tmp/.lh_prepared $(OUTPUT)/build-build/.lh_skarnet_installed diff --git a/sub/dropbear/Makefile.sftp-server b/sub/dropbear/Makefile.sftp-server index 970ef20..9d44911 100644 --- a/sub/dropbear/Makefile.sftp-server +++ b/sub/dropbear/Makefile.sftp-server @@ -27,7 +27,7 @@ $(OUTPUT)/build-host/.lh_zlib_installed: $(OUTPUT)/build-host/.lh_zlib_built $(O LIBRESSL_NAME := libressl -LIBRESSL_VERSION := 2.5.5 +LIBRESSL_VERSION := 2.7.0 LIBRESSL_URLDIR := https://ftp.openbsd.org/pub/OpenBSD/LibreSSL LIBRESSL_TAREXT := tar.gz LIBRESSL_TARLETTER := z @@ -63,7 +63,7 @@ $(OUTPUT)/build-host/.lh_$(LIBRESSL_NAME)_installed: $(OUTPUT)/build-host/.lh_$( OPENSSH_NAME := openssh -OPENSSH_VERSION := 7.5p1 +OPENSSH_VERSION := 7.6p1 OPENSSH_URLDIR := http://ftp2.fr.openbsd.org/pub/OpenBSD/OpenSSH/portable OPENSSH_TAREXT := tar.gz OPENSSH_TARLETTER := z diff --git a/sub/dropbear/localoptions.h b/sub/dropbear/localoptions.h new file mode 100644 index 0000000..493cec3 --- /dev/null +++ b/sub/dropbear/localoptions.h @@ -0,0 +1,24 @@ +#ifndef LOCALOPTIONS_H + +#define NON_INETD_MODE 0 +#define INETD_MODE 1 + +#define DROPBEAR_SMALL_CODE 0 +#define DROPBEAR_X11FWD 0 +#define DROPBEAR_BLOWFISH 0 +#define DROPBEAR_TWOFISH256 0 +#define DROPBEAR_TWOFISH128 0 + +#define DROPBEAR_DELAY_HOSTKEY 0 +#define DROPBEAR_CURVE25519 1 + +#define DROPBEAR_DH_GROUP1 0 +#define DROPBEAR_DH_GROUP16 1 + +#define XAUTH_COMMAND "/bin/xauth -q" +#define SFTPSERVER_PATH "/opt/dropbear/bin/sftp-server" +#define DROPBEAR_PATH_SSH_PROGRAM "/bin/dbclient" +#define DEFAULT_PATH "/command:/bin" + +#endif + diff --git a/sub/dropbear/options.patch b/sub/dropbear/options.patch deleted file mode 100644 index 6e653d1..0000000 --- a/sub/dropbear/options.patch +++ /dev/null @@ -1,66 +0,0 @@ ---- options.h.old -+++ options.h -@@ -40,7 +40,7 @@ - * - * Both of these flags can be defined at once, don't compile without at least - * one of them. */ --#define NON_INETD_MODE -+/* #define NON_INETD_MODE */ - #define INETD_MODE - - /* Setting this disables the fast exptmod bignum code. It saves ~5kB, but is -@@ -52,10 +52,10 @@ - several kB in binary size however will make the symmetrical ciphers and hashes - slower, perhaps by 50%. Recommended for small systems that aren't doing - much traffic. */ --#define DROPBEAR_SMALL_CODE -+/* #define DROPBEAR_SMALL_CODE */ - - /* Enable X11 Forwarding - server only */ --#define ENABLE_X11FWD -+/* #define ENABLE_X11FWD */ - - /* Enable TCP Fowarding */ - /* 'Local' is "-L" style (client listening port forwarded via server) -@@ -157,7 +157,7 @@ - with badly seeded /dev/urandom when systems first boot. - This also requires a runtime flag "-R". This adds ~4kB to binary size (or hardly - anything if dropbearkey is linked in a "dropbearmulti" binary) */ --#define DROPBEAR_DELAY_HOSTKEY -+/* #define DROPBEAR_DELAY_HOSTKEY */ - - /* Enable Curve25519 for key exchange. This is another elliptic - * curve method with good security properties. Increases binary size -@@ -244,7 +244,7 @@ - * specified in the SSH_ASKPASS environment variable, and dbclient - * should be run with DISPLAY set and no tty. The program should - * return the password on standard output */ --/*#define ENABLE_CLI_ASKPASS_HELPER*/ -+#define ENABLE_CLI_ASKPASS_HELPER - - /* Save a network roundtrip by sendng a real auth request immediately after - * sending a query for the available methods. It is at the expense of < 100 -@@ -295,12 +295,12 @@ - * OpenSSH), set the path below. If the path isn't defined, sftp will not - * be enabled */ - #ifndef SFTPSERVER_PATH --#define SFTPSERVER_PATH "/usr/libexec/sftp-server" -+#define SFTPSERVER_PATH "/opt/dropbear/bin/sftp-server" - #endif - - /* This is used by the scp binary when used as a client binary. If you're - * not using the Dropbear client, you'll need to change it */ --#define DROPBEAR_PATH_SSH_PROGRAM "/usr/bin/dbclient" -+#define DROPBEAR_PATH_SSH_PROGRAM "/bin/dbclient" - - /* Whether to log commands executed by a client. This only logs the - * (single) command sent to the server, not what a user did in a -@@ -342,7 +342,7 @@ - #define DEFAULT_IDLE_TIMEOUT 0 - - /* The default path. This will often get replaced by the shell */ --#define DEFAULT_PATH "/usr/bin:/bin" -+#define DEFAULT_PATH "/command:/bin" - - /* Some other defines (that mostly should be left alone) are defined - * in sysoptions.h */ |