From 7bb2006007c1996f33758e41db070252d4d3607f Mon Sep 17 00:00:00 2001 From: Laurent Bercot Date: Sat, 4 May 2019 00:10:26 +0000 Subject: Make a lean and mean version, as a basis for filling an initramfs --- sub/dropbear/Makefile | 18 +++---- sub/dropbear/Makefile.sftp-server | 107 -------------------------------------- sub/dropbear/localoptions.h | 2 +- 3 files changed, 9 insertions(+), 118 deletions(-) delete mode 100644 sub/dropbear/Makefile.sftp-server (limited to 'sub/dropbear') diff --git a/sub/dropbear/Makefile b/sub/dropbear/Makefile index f804b07..d0941ca 100644 --- a/sub/dropbear/Makefile +++ b/sub/dropbear/Makefile @@ -1,4 +1,3 @@ -include sub/dropbear/Makefile.sftp-server DROPBEAR_VERSION ?= 2019.78 @@ -22,20 +21,19 @@ $(OUTPUT)/build-host/.lh_dropbear_patched: $(OUTPUT)/build-host/.lh_dropbear_cop exec setuidgid $(NORMALUSER) cp -f sub/dropbear/localoptions.h $(OUTPUT)/build-host/dropbear-$(DROPBEAR_VERSION)/localoptions.h exec setuidgid $(NORMALUSER) s6-touch $@ -$(OUTPUT)/build-host/.lh_dropbear_configured: $(OUTPUT)/build-host/.lh_dropbear_patched $(OUTPUT)/build-host/bin/muslgcc | $(OUTPUT)/build-build/.lh_skarnet_installed - exec setuidgid $(NORMALUSER) cd $(OUTPUT)/build-host/dropbear-$(DROPBEAR_VERSION) export ARCH $(KERNEL_ARCH) export CC $(TRIPLE)-muslgcc export LDFLAGS '-s -static' ./configure --host=$(TRIPLE) --prefix=/opt/dropbear-$(DROPBEAR_VERSION) --disable-syslog --disable-lastlog --disable-utmp --disable-utmpx --disable-wtmp --disable-wtmpx --disable-pututline --disable-pututxline --without-pam --enable-bundled-libtom --disable-zlib --enable-static +$(OUTPUT)/build-host/.lh_dropbear_configured: $(OUTPUT)/build-host/.lh_dropbear_patched | $(OUTPUT)/build-build/.lh_skarnet_installed + exec setuidgid $(NORMALUSER) cd $(OUTPUT)/build-host/dropbear-$(DROPBEAR_VERSION) export ARCH $(KERNEL_ARCH) export CC $(BUILD_HOST_CC) export LDFLAGS '-s -static' ./configure --host=$(TRIPLE) --prefix=/opt/dropbear-$(DROPBEAR_VERSION) --disable-syslog --disable-lastlog --disable-utmp --disable-utmpx --disable-wtmp --disable-wtmpx --disable-pututline --disable-pututxline --without-pam --enable-bundled-libtom --disable-zlib --enable-static exec setuidgid $(NORMALUSER) s6-touch $@ -$(OUTPUT)/build-host/.lh_dropbear_built: $(OUTPUT)/build-host/.lh_dropbear_configured $(OUTPUT)/build-host/bin/muslgcc | $(OUTPUT)/build-build/.lh_skarnet_installed - exec setuidgid $(NORMALUSER) cd $(OUTPUT)/build-host/dropbear-$(DROPBEAR_VERSION) export PROGRAMS "dropbear dbclient dropbearkey dropbearconvert scp" $(MAKE) ARCH=$(KERNEL_ARCH) +$(OUTPUT)/build-host/.lh_dropbear_built: $(OUTPUT)/build-host/.lh_dropbear_configured | $(OUTPUT)/build-build/.lh_skarnet_installed + exec setuidgid $(NORMALUSER) cd $(OUTPUT)/build-host/dropbear-$(DROPBEAR_VERSION) $(MAKE) ARCH=$(KERNEL_ARCH) PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp" exec setuidgid $(NORMALUSER) s6-touch $@ - -$(OUTPUT)/build-host/.lh_dropbear_installed: $(OUTPUT)/build-host/.lh_dropbear_built $(OUTPUT)/build-host/$(OPENSSH_NAME)-$(OPENSSH_VERSION)/sftp-server $(OUTPUT)/build-host/bin/muslgcc | $(OUTPUT)/tmp/.lh_prepared $(OUTPUT)/build-build/.lh_skarnet_installed + +$(OUTPUT)/build-host/.lh_dropbear_installed: $(OUTPUT)/build-host/.lh_dropbear_built | $(OUTPUT)/tmp/.lh_prepared $(OUTPUT)/build-build/.lh_skarnet_installed exec cd $(OUTPUT)/build-host/dropbear-$(DROPBEAR_VERSION) $(MAKE) install DESTDIR=$(OUTPUT)/rootfs exec makenamelink $(OUTPUT)/rootfs/opt dropbear dropbear-$(DROPBEAR_VERSION) $(OUTPUT)/tmp exec cp -f $(OUTPUT)/build-host/dropbear-$(DROPBEAR_VERSION)/scp $(OUTPUT)/rootfs/opt/dropbear-$(DROPBEAR_VERSION)/bin/scp + exec mv -f $(OUTPUT)/rootfs/opt/dropbear-$(DROPBEAR_VERSION)/sbin/dropbear $(OUTPUT)/rootfs/opt/dropbear-$(DROPBEAR_VERSION)/bin/dropbear + exec rmdir $(OUTPUT)/rootfs/opt/dropbear-$(DROPBEAR_VERSION)/sbin exec makelinks $(OUTPUT)/rootfs /bin /opt/dropbear/bin - exec makelinks $(OUTPUT)/rootfs /bin /opt/dropbear/sbin - # The following line happens after the makelinks on purpose: we don't want the sftp-server binary to be exported to /bin - exec cp -f $(OUTPUT)/build-host/$(OPENSSH_NAME)-$(OPENSSH_VERSION)/sftp-server $(OUTPUT)/rootfs/opt/dropbear-$(DROPBEAR_VERSION)/bin/sftp-server exec setuidgid $(NORMALUSER) s6-touch $@ diff --git a/sub/dropbear/Makefile.sftp-server b/sub/dropbear/Makefile.sftp-server deleted file mode 100644 index 9d44911..0000000 --- a/sub/dropbear/Makefile.sftp-server +++ /dev/null @@ -1,107 +0,0 @@ - -ZLIB_VERSION := 1.2.11 - -$(OUTPUT)/sources/zlib-$(ZLIB_VERSION).tar.gz: | $(OUTPUT)/tmp/.lh_prepared $(OUTPUT)/build-build/.lh_skarnet_installed - exec setuidgid $(NORMALUSER) cd $(OUTPUT)/sources wget http://zlib.net/zlib-$(ZLIB_VERSION).tar.gz - -$(OUTPUT)/sources/.lh_zlib_dled: $(OUTPUT)/sources/zlib-$(ZLIB_VERSION).tar.gz - exec setuidgid $(NORMALUSER) s6-touch $@ - -$(OUTPUT)/build-host/.lh_zlib_copied: $(OUTPUT)/sources/.lh_zlib_dled $(OUTPUT)/build-build/.lh_skarnet_installed - exec setuidgid $(NORMALUSER) s6-rmrf $(OUTPUT)/build-host/zlib-$(ZLIB_VERSION) - exec setuidgid $(NORMALUSER) cd $(OUTPUT)/build-host tar zxpvf $(OUTPUT)/sources/zlib-$(ZLIB_VERSION).tar.gz - exec setuidgid $(NORMALUSER) s6-touch $@ - -$(OUTPUT)/build-host/.lh_zlib_configured: $(OUTPUT)/build-host/.lh_zlib_copied $(OUTPUT)/build-host/bin/muslgcc | $(OUTPUT)/build-build/.lh_skarnet_installed - exec setuidgid $(NORMALUSER) cd $(OUTPUT)/build-host/zlib-$(ZLIB_VERSION) export CHOST $(TRIPLE) ./configure --prefix=/opt/zlib-$(ZLIB_VERSION) --static - exec setuidgid $(NORMALUSER) s6-touch $@ - -$(OUTPUT)/build-host/.lh_zlib_built: $(OUTPUT)/build-host/.lh_zlib_configured $(OUTPUT)/build-host/bin/muslgcc | $(OUTPUT)/build-build/.lh_skarnet_installed - exec setuidgid $(NORMALUSER) cd $(OUTPUT)/build-host/zlib-$(ZLIB_VERSION) $(MAKE) CHOST=$(TRIPLE) CC=$(TRIPLE)-muslgcc - exec setuidgid $(NORMALUSER) s6-touch $@ - -$(OUTPUT)/build-host/.lh_zlib_installed: $(OUTPUT)/build-host/.lh_zlib_built $(OUTPUT)/build-host/bin/muslgcc | $(OUTPUT)/tmp/.lh_prepared $(OUTPUT)/build-build/.lh_skarnet_installed - exec cd $(OUTPUT)/build-host/zlib-$(ZLIB_VERSION) $(MAKE) install CHOST=$(TRIPLE) CC=$(TRIPLE)-muslgcc DESTDIR=$(OUTPUT)/build-host - exec makenamelink $(OUTPUT)/build-host/opt zlib zlib-$(ZLIB_VERSION) $(OUTPUT)/tmp - exec setuidgid $(NORMALUSER) s6-touch $@ - - -LIBRESSL_NAME := libressl -LIBRESSL_VERSION := 2.7.0 -LIBRESSL_URLDIR := https://ftp.openbsd.org/pub/OpenBSD/LibreSSL -LIBRESSL_TAREXT := tar.gz -LIBRESSL_TARLETTER := z -LIBRESSL_CONFIGURE_OPTIONS := --enable-extratests --disable-shared --enable-static --with-gnu-ld -LIBRESSL_CFLAGS := "" -LIBRESSL_CONFLDFLAGS := "-s -static" -LIBRESSL_MAKELDFLAGS := "-s -all-static" - -$(OUTPUT)/sources/$(LIBRESSL_NAME)-$(LIBRESSL_VERSION).$(LIBRESSL_TAREXT): | $(OUTPUT)/tmp/.lh_prepared $(OUTPUT)/build-build/.lh_skarnet_installed - exec setuidgid $(NORMALUSER) cd $(OUTPUT)/sources wget $(LIBRESSL_URLDIR)/$(LIBRESSL_NAME)-$(LIBRESSL_VERSION).$(LIBRESSL_TAREXT) - -$(OUTPUT)/sources/.lh_$(LIBRESSL_NAME)_dled: $(OUTPUT)/sources/$(LIBRESSL_NAME)-$(LIBRESSL_VERSION).$(LIBRESSL_TAREXT) | $(OUTPUT)/build-build/.lh_skarnet_installed - exec setuidgid $(NORMALUSER) s6-touch $@ - -$(OUTPUT)/build-host/.lh_$(LIBRESSL_NAME)_copied: $(OUTPUT)/sources/.lh_$(LIBRESSL_NAME)_dled | $(OUTPUT)/build-build/.lh_skarnet_installed - exec setuidgid $(NORMALUSER) s6-rmrf $(OUTPUT)/build-host/$(LIBRESSL_NAME)-$(LIBRESSL_VERSION) - exec setuidgid $(NORMALUSER) cd $(OUTPUT)/build-host tar $(LIBRESSL_TARLETTER)xpvf $(OUTPUT)/sources/$(LIBRESSL_NAME)-$(LIBRESSL_VERSION).$(LIBRESSL_TAREXT) - exec setuidgid $(NORMALUSER) s6-touch $@ - -$(OUTPUT)/build-host/.lh_$(LIBRESSL_NAME)_configured: $(OUTPUT)/build-host/.lh_$(LIBRESSL_NAME)_copied $(OUTPUT)/build-host/.lh_zlib_installed $(OUTPUT)/build-host/bin/muslgcc | $(OUTPUT)/build-build/.lh_skarnet_installed - exec setuidgid $(NORMALUSER) cd $(OUTPUT)/build-host/$(LIBRESSL_NAME)-$(LIBRESSL_VERSION) export CFLAGS $(LIBRESSL_CFLAGS) export LDFLAGS $(LIBRESSL_CONFLDFLAGS) export CC muslgcc ./configure --host=$(TRIPLE) --prefix=/opt/$(LIBRESSL_NAME)-$(LIBRESSL_VERSION) $(LIBRESSL_CONFIGURE_OPTIONS) - exec setuidgid $(NORMALUSER) s6-touch $@ - -$(OUTPUT)/build-host/.lh_$(LIBRESSL_NAME)_built: $(OUTPUT)/build-host/.lh_$(LIBRESSL_NAME)_configured $(OUTPUT)/build-host/bin/muslgcc | $(OUTPUT)/build-build/.lh_skarnet_installed - exec setuidgid $(NORMALUSER) cd $(OUTPUT)/build-host/$(LIBRESSL_NAME)-$(LIBRESSL_VERSION) $(MAKE) LDFLAGS=$(LIBRESSL_MAKELDFLAGS) CC=muslgcc - exec setuidgid $(NORMALUSER) s6-touch $@ - -$(OUTPUT)/build-host/.lh_$(LIBRESSL_NAME)_installed: $(OUTPUT)/build-host/.lh_$(LIBRESSL_NAME)_built $(OUTPUT)/build-host/bin/muslgcc | $(OUTPUT)/tmp/.lh_prepared $(OUTPUT)/build-build/.lh_skarnet_installed - exec cd $(OUTPUT)/build-host/$(LIBRESSL_NAME)-$(LIBRESSL_VERSION) $(MAKE) install DESTDIR=$(OUTPUT)/build-host - exec makenamelink $(OUTPUT)/build-host/opt $(LIBRESSL_NAME) $(LIBRESSL_NAME)-$(LIBRESSL_VERSION) $(OUTPUT)/tmp - exec makelinks $(OUTPUT)/build-host /bin /opt/$(LIBRESSL_NAME)/bin - exec setuidgid $(NORMALUSER) s6-touch $@ - - -OPENSSH_NAME := openssh -OPENSSH_VERSION := 7.6p1 -OPENSSH_URLDIR := http://ftp2.fr.openbsd.org/pub/OpenBSD/OpenSSH/portable -OPENSSH_TAREXT := tar.gz -OPENSSH_TARLETTER := z -OPENSSH_CONFIGURE_OPTIONS := \ - --disable-etc-default-login \ - --disable-lastlog \ - --disable-utmp \ - --disable-utmpx \ - --disable-wtmp \ - --disable-wtmpx \ - --disable-libutil \ - --disable-pututline \ - --disable-pututxline \ - --without-rpath \ - --without-pie \ - --with-ssl-dir=$(OUTPUT)/build-host/opt/libressl \ - --with-cflags="-I$(OUTPUT)/build-host/opt/zlib/include -I$(OUTPUT)/build-host/opt/libressl/include" \ - --with-ldflags="-s -static -L$(OUTPUT)/build-host/opt/zlib/lib -L$(OUTPUT)/build-host/opt/libressl/lib" - --with-privsep-user=65534 \ - --with-sandbox=rlimit \ - --with-mantype=cat \ - --with-md5-passwords - - -$(OUTPUT)/sources/$(OPENSSH_NAME)-$(OPENSSH_VERSION).$(OPENSSH_TAREXT): | $(OUTPUT)/tmp/.lh_prepared $(OUTPUT)/build-build/.lh_skarnet_installed - exec setuidgid $(NORMALUSER) cd $(OUTPUT)/sources wget $(OPENSSH_URLDIR)/$(OPENSSH_NAME)-$(OPENSSH_VERSION).$(OPENSSH_TAREXT) - -$(OUTPUT)/sources/.lh_$(OPENSSH_NAME)_dled: $(OUTPUT)/sources/$(OPENSSH_NAME)-$(OPENSSH_VERSION).$(OPENSSH_TAREXT) | $(OUTPUT)/build-build/.lh_skarnet_installed - exec setuidgid $(NORMALUSER) s6-touch $@ - -$(OUTPUT)/build-host/.lh_$(OPENSSH_NAME)_copied: $(OUTPUT)/sources/.lh_$(OPENSSH_NAME)_dled | $(OUTPUT)/build-build/.lh_skarnet_installed - exec setuidgid $(NORMALUSER) s6-rmrf $(OUTPUT)/build-host/$(OPENSSH_NAME)-$(OPENSSH_VERSION) - exec setuidgid $(NORMALUSER) cd $(OUTPUT)/build-host tar $(OPENSSH_TARLETTER)xpvf $(OUTPUT)/sources/$(OPENSSH_NAME)-$(OPENSSH_VERSION).$(OPENSSH_TAREXT) - exec setuidgid $(NORMALUSER) s6-touch $@ - -$(OUTPUT)/build-host/.lh_$(OPENSSH_NAME)_configured: $(OUTPUT)/build-host/.lh_$(OPENSSH_NAME)_copied $(OUTPUT)/build-host/.lh_zlib_installed $(OUTPUT)/build-host/.lh_$(LIBRESSL_NAME)_installed $(OUTPUT)/build-host/bin/muslgcc | $(OUTPUT)/build-build/.lh_skarnet_installed - exec setuidgid $(NORMALUSER) cd $(OUTPUT)/build-host/$(OPENSSH_NAME)-$(OPENSSH_VERSION) export CC "muslgcc -I$(OUTPUT)/build-host/opt/zlib/include -I$(OUTPUT)/build-host/opt/libressl/include -L$(OUTPUT)/build-host/opt/zlib/lib -L$(OUTPUT)/build-host/opt/libressl/lib -s -static" ./configure --host=$(TRIPLE) --prefix=/opt/$(OPENSSH_NAME)-$(OPENSSH_VERSION) $(OPENSSH_CONFIGURE_OPTIONS) - exec setuidgid $(NORMALUSER) s6-touch $@ - -$(OUTPUT)/build-host/$(OPENSSH_NAME)-$(OPENSSH_VERSION)/sftp-server: $(OUTPUT)/build-host/.lh_$(OPENSSH_NAME)_configured $(OUTPUT)/build-host/bin/muslgcc | $(OUTPUT)/build-build/.lh_skarnet_installed - exec setuidgid $(NORMALUSER) cd $(OUTPUT)/build-host/$(OPENSSH_NAME)-$(OPENSSH_VERSION) $(MAKE) sftp-server CC=muslgcc diff --git a/sub/dropbear/localoptions.h b/sub/dropbear/localoptions.h index 493cec3..bdf864b 100644 --- a/sub/dropbear/localoptions.h +++ b/sub/dropbear/localoptions.h @@ -16,7 +16,7 @@ #define DROPBEAR_DH_GROUP16 1 #define XAUTH_COMMAND "/bin/xauth -q" -#define SFTPSERVER_PATH "/opt/dropbear/bin/sftp-server" +#undef SFTPSERVER_PATH #define DROPBEAR_PATH_SSH_PROGRAM "/bin/dbclient" #define DEFAULT_PATH "/command:/bin" -- cgit v1.2.3