1SUMMARY = "A lightweight SSH and SCP implementation" 2HOMEPAGE = "http://matt.ucc.asn.au/dropbear/dropbear.html" 3DESCRIPTION = "Dropbear is a relatively small SSH server and client. It runs on a variety of POSIX-based platforms. Dropbear is open source software, distributed under a MIT-style license. Dropbear is particularly useful for "embedded"-type Linux (or other Unix) systems, such as wireless routers." 4SECTION = "console/network" 5 6# some files are from other projects and have others license terms: 7# public domain, OpenSSH 3.5p1, OpenSSH3.6.1p2, PuTTY 8LICENSE = "MIT & BSD-3-Clause & BSD-2-Clause & PD" 9LIC_FILES_CHKSUM = "file://LICENSE;md5=25cf44512b7bc8966a48b6b1a9b7605f" 10 11DEPENDS = "zlib virtual/crypt" 12RPROVIDES:${PN} = "ssh sshd" 13RCONFLICTS:${PN} = "openssh-sshd openssh" 14 15SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \ 16 file://0001-urandom-xauth-changes-to-options.h.patch \ 17 file://init \ 18 file://dropbearkey.service \ 19 file://dropbear@.service \ 20 file://dropbear.socket \ 21 file://dropbear.default \ 22 ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ 23 ${@bb.utils.contains('PACKAGECONFIG', 'disable-weak-ciphers', 'file://dropbear-disable-weak-ciphers.patch', '', d)} \ 24 file://CVE-2023-36328.patch \ 25 " 26 27SRC_URI[sha256sum] = "bc5a121ffbc94b5171ad5ebe01be42746d50aa797c9549a4639894a16749443b" 28 29PAM_SRC_URI = "file://0005-dropbear-enable-pam.patch \ 30 file://0006-dropbear-configuration-file.patch \ 31 file://dropbear" 32 33PAM_PLUGINS = "libpam-runtime \ 34 pam-plugin-deny \ 35 pam-plugin-permit \ 36 pam-plugin-unix \ 37 " 38inherit autotools update-rc.d systemd 39 40CVE_PRODUCT = "dropbear_ssh" 41 42INITSCRIPT_NAME = "dropbear" 43INITSCRIPT_PARAMS = "defaults 10" 44 45SYSTEMD_SERVICE:${PN} = "dropbear.socket" 46 47SBINCOMMANDS = "dropbear dropbearkey dropbearconvert" 48BINCOMMANDS = "dbclient ssh scp" 49EXTRA_OEMAKE = 'MULTI=1 SCPPROGRESS=1 PROGRAMS="${SBINCOMMANDS} ${BINCOMMANDS}"' 50 51PACKAGECONFIG ?= "disable-weak-ciphers ${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" 52PACKAGECONFIG[pam] = "--enable-pam,--disable-pam,libpam,${PAM_PLUGINS}" 53PACKAGECONFIG[system-libtom] = "--disable-bundled-libtom,--enable-bundled-libtom,libtommath libtomcrypt" 54PACKAGECONFIG[disable-weak-ciphers] = "" 55PACKAGECONFIG[enable-x11-forwarding] = "" 56 57# This option appends to CFLAGS and LDFLAGS from OE 58# This is causing [textrel] QA warning 59EXTRA_OECONF += "--disable-harden" 60 61# musl does not implement wtmp/logwtmp APIs 62EXTRA_OECONF:append:libc-musl = " --disable-wtmp --disable-lastlog" 63 64do_configure:append() { 65 echo "/* Dropbear features */" > ${B}/localoptions.h 66 if ${@bb.utils.contains('PACKAGECONFIG', 'enable-x11-forwarding', 'true', 'false', d)}; then 67 echo "#define DROPBEAR_X11FWD 1" >> ${B}/localoptions.h 68 fi 69} 70 71do_install() { 72 install -d ${D}${sysconfdir} \ 73 ${D}${sysconfdir}/init.d \ 74 ${D}${sysconfdir}/default \ 75 ${D}${sysconfdir}/dropbear \ 76 ${D}${bindir} \ 77 ${D}${sbindir} \ 78 ${D}${localstatedir} 79 80 install -m 0644 ${WORKDIR}/dropbear.default ${D}${sysconfdir}/default/dropbear 81 82 install -m 0755 dropbearmulti ${D}${sbindir}/ 83 84 for i in ${BINCOMMANDS} 85 do 86 # ssh and scp symlinks are created by update-alternatives 87 if [ $i = ssh ] || [ $i = scp ]; then continue; fi 88 ln -s ${sbindir}/dropbearmulti ${D}${bindir}/$i 89 done 90 for i in ${SBINCOMMANDS} 91 do 92 ln -s ./dropbearmulti ${D}${sbindir}/$i 93 done 94 sed -e 's,/etc,${sysconfdir},g' \ 95 -e 's,/usr/sbin,${sbindir},g' \ 96 -e 's,/var,${localstatedir},g' \ 97 -e 's,/usr/bin,${bindir},g' \ 98 -e 's,/usr,${prefix},g' ${WORKDIR}/init > ${D}${sysconfdir}/init.d/dropbear 99 chmod 755 ${D}${sysconfdir}/init.d/dropbear 100 if [ "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" ]; then 101 install -d ${D}${sysconfdir}/pam.d 102 install -m 0644 ${WORKDIR}/dropbear ${D}${sysconfdir}/pam.d/ 103 fi 104 105 # deal with systemd unit files 106 install -d ${D}${systemd_system_unitdir} 107 install -m 0644 ${WORKDIR}/dropbearkey.service ${D}${systemd_system_unitdir} 108 install -m 0644 ${WORKDIR}/dropbear@.service ${D}${systemd_system_unitdir} 109 install -m 0644 ${WORKDIR}/dropbear.socket ${D}${systemd_system_unitdir} 110 sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ 111 -e 's,@BINDIR@,${bindir},g' \ 112 -e 's,@SBINDIR@,${sbindir},g' \ 113 ${D}${systemd_system_unitdir}/dropbear.socket ${D}${systemd_system_unitdir}/*.service 114} 115 116inherit update-alternatives 117 118ALTERNATIVE_PRIORITY = "20" 119ALTERNATIVE:${PN} = "${@bb.utils.filter('BINCOMMANDS', 'scp ssh', d)}" 120 121ALTERNATIVE_TARGET = "${sbindir}/dropbearmulti" 122 123pkg_postrm:${PN} () { 124 if [ -f "${sysconfdir}/dropbear/dropbear_rsa_host_key" ]; then 125 rm ${sysconfdir}/dropbear/dropbear_rsa_host_key 126 fi 127 if [ -f "${sysconfdir}/dropbear/dropbear_dss_host_key" ]; then 128 rm ${sysconfdir}/dropbear/dropbear_dss_host_key 129 fi 130} 131 132CONFFILES:${PN} = "${sysconfdir}/default/dropbear" 133 134FILES:${PN} += "${bindir}" 135