# HG changeset patch
# User Pascal Bellard <pascal.bellard@slitaz.org>
# Date 1593083115 0
# Node ID 86fb26b8cd187025c1bee097b861502ba62921a4
# Parent  c21687abfa6a15530aacc28132a527a4e64f727a
dropbear: disable X11 forwarding

diff -r c21687abfa6a -r 86fb26b8cd18 dropbear-client-without-zlib/receipt
--- a/dropbear-client-without-zlib/receipt	Thu Jun 11 16:42:53 2020 +0000
+++ b/dropbear-client-without-zlib/receipt	Thu Jun 25 11:05:15 2020 +0000
@@ -24,17 +24,17 @@
 	local DROPBEARS
 	DROPBEARS="dbclient scp"
 	sed -i  -e 's|/usr/X11R6/bin/xauth|/usr/bin/xauth|' \
-		-e 's|/usr/libexec/sftp-server|/usr/sbin/sftp-server|' \
+		-e 's|.*define NON_INETD_MODE.*|/*&*/|' \
+		-e 's|.*sftp-server.*|/*&*/|' \
 		-e 's|.*MD5_HMAC.*|/*&*/|' \
 		-e 's|.*_AES128.*|/*&*/|' \
 		-e 's|.*TWOFISH128.*|/*&*/|' \
 		options.h
-	[ -d $WOK/zlib/taz ] || cook zlib
-	ln -s $WOK/zlib/taz/*/fs/usr/lib/* /usr/share/uclibc-cross-compiler-$TARGET/lib/ 2> /dev/null
-	ln -s /usr/include/z*.h /usr/share/uclibc-cross-compiler-$TARGET/include/ 2> /dev/null
+	echo "#define DISABLE_X11FWD" >> options.h
 	./configure --prefix=/usr --without-pam --host=$TARGET-pc-linux-gnu \
 		--disable-lastlog --disable-utmp --disable-utmpx \
 		--disable-wtmp --disable-wtmpx \
+		--disable-pututline --disable-pututxline \
 		--disable-zlib CC=uclibc-$TARGET-cc &&
 	make PROGRAMS="$DROPBEARS" MULTI=1 &&
 	install -d -m 755 $DESTDIR/usr/bin &&
diff -r c21687abfa6a -r 86fb26b8cd18 dropbear-without-zlib/recept
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/dropbear-without-zlib/recept	Thu Jun 25 11:05:15 2020 +0000
@@ -0,0 +1,143 @@
+# SliTaz package receipt.
+
+PACKAGE="dropbear-without-zlib"
+SOURCE="dropbear"
+VERSION="0.53"
+CATEGORY="security"
+SHORT_DESC="Light SSH client and server without compression support."
+MAINTAINER="pascal.bellard@slitaz.org"
+LICENSE="MIT"
+TARBALL="$SOURCE-$VERSION.tar.gz"
+DEPENDS="libutil busybox-net"
+[ -n "$TARGET" ] || TARGET="i486"
+BUILD_DEPENDS="dropbear uclibc-cross-compiler-$TARGET"
+WEB_SITE="http://matt.ucc.asn.au/dropbear/dropbear.html"
+WGET_URL="http://matt.ucc.asn.au/dropbear/releases/$TARBALL"
+CONFIG_FILES="/etc/dropbear /etc/daemons.conf /etc/rcS.conf"
+PROVIDE="ssh dropbear scp dropbear-client"
+TAGS="ssh"
+
+# Rules to configure and make the package.
+compile_rules()
+{
+	local i
+	local DROPBEARS
+	DROPBEARS="dbclient scp"
+	sed -i  -e 's|/usr/X11R6/bin/xauth|/usr/bin/xauth|' \
+		-e 's|.*define NON_INETD_MODE.*|/*&*/|' \
+		-e 's|.*sftp-server.*|/*&*/|' \
+		-e 's|.*MD5_HMAC.*|/*&*/|' \
+		-e 's|.*_AES128.*|/*&*/|' \
+		-e 's|.*TWOFISH128.*|/*&*/|' \
+		options.h
+	echo "#define DISABLE_X11FWD" >> options.h
+	./configure --prefix=/usr --without-pam --host=$TARGET-pc-linux-gnu \
+		--disable-zlib CC=uclibc-$TARGET-cc &&
+	make PROGRAMS="dropbear $DROPBEARS" MULTI=1 &&
+	install -d -m 755 $DESTDIR/usr/sbin &&
+	install -m 755 dropbearmulti $DESTDIR/usr/sbin/dropbear &&
+	chown root $DESTDIR/usr/sbin/dropbear &&
+	chgrp 0 $DESTDIR/usr/sbin/dropbear &&
+	install -d -m 755 $DESTDIR/usr/bin &&
+	for i in $DROPBEARS ssh; do
+		ln  $DESTDIR/usr/sbin/dropbear $DESTDIR/usr/bin/$i
+	done
+}
+
+# Rules to gen a SliTaz package suitable for Tazpkg.
+genpkg_rules()
+{
+	mkdir -p $fs/usr/sbin $fs/etc/init.d $fs/etc/dropbear
+	cp -a $install/usr/bin $fs/usr
+	ln $fs/usr/bin/dbclient $fs/usr/sbin/dropbear
+	ln -s daemon $fs/etc/init.d/dropbear
+	cat > $fs/etc/dropbear/banner <<EOT
+
+Secure login on Tiny SliTaz GNU/Linux powered by Dropbear.
+EOT
+	
+	# Fix dropbear initscript perms
+	chown -R root.root $fs
+}
+
+# Post message when installing.
+post_install()
+{
+	if [ "$STARTDAEMON" = "ON" ]; then
+		grep -q inetd $1/etc/rcS.conf ||
+		sed -i 's/^RUN_DAEMONS="/&inetd /' $1/etc/rcS.conf
+		grep -q dropbear $1/etc/inetd.conf || cat >> $1/etc/inetd.conf <<EOT
+ssh	stream	tcp	nowait	root	/usr/sbin/dropbear	/usr/sbin/dropbear -i $DROPBEAR_OPTS
+EOT
+	fi
+	dos2unix <<EOT | uudecode - > $1/etc/dropbear/dropbear_dss_host_key
+$DSSKEY
+EOT
+	dos2unix <<EOT | uudecode - > $1/etc/dropbear/dropbear_rsa_host_key
+$RSAKEY
+EOT
+	chmod 600 $1/etc/dropbear/dropbear_*_host_key
+}
+
+config_form()
+{
+	[ -n "$DROPBEAR_OPTS" ] || DROPBEAR_OPTS="-b /etc/dropbear/banner"
+	if [ -z "$DSSKEY" ]; then
+		dropbearkey -t dss -f /tmp/mkssh$$ > /dev/null 2>&1
+		DSSKEY="$(uuencode -m - < /tmp/mkssh$$)"
+		rm -f /tmp/mkssh$$
+	fi
+	uudecode - > /tmp/mkssh$$ <<EOT
+$DSSKEY
+EOT
+	DSSPUB="$(dropbearkey  -y -f /tmp/mkssh$$ | grep ^ssh)"
+	rm -f /tmp/mkssh$$
+	if [ -z "$RSAKEY" ]; then
+		dropbearkey -t rsa -f /tmp/mkssh$$ > /dev/null 2>&1
+		RSAKEY="$(uuencode -m - < /tmp/mkssh$$)"
+		rm -f /tmp/mkssh$$
+	fi
+	uudecode - > /tmp/mkssh$$ <<EOT
+$RSAKEY
+EOT
+	RSAPUB="$(dropbearkey  -y -f /tmp/mkssh$$ | grep ^ssh)"
+	rm -f /tmp/mkssh$$
+	cat <<EOT
+<input type="checkbox" name="STARTDAEMON" value="ON" ${STARTDAEMON:+checked="checked" }/>
+Start server during boot<br>
+<table>
+<tr>
+<td>Server options</td>
+<td><input type="text" name="DROPBEAR_OPTS" value="$DROPBEAR_OPTS" /></td>
+</tr>
+<tr>
+<td>DSS key</td>
+<td><textarea name="DSSKEY" cols="60" rows="13" wrap="off">
+$DSSKEY
+</textarea></td>
+</tr>
+<tr>
+<td>RSA key</td>
+<td><textarea name="RSAKEY" cols="60" rows="12" wrap="off">
+$RSAKEY
+</textarea></td>
+</tr>
+</table>
+You can set your dropbear key
+<pre>
+# uuencode -m - < /etc/dropbear/dropbear_dss_host_key
+</pre>
+Or your ssh key
+<pre>
+# dropbearconvert openssh dropbear /etc/ssh/id_dsa /dev/stdout | uuencode -m -
+</pre>
+Default DSS public key is
+<pre>
+$DSSPUB
+</pre>
+Default RSA public key is
+<pre>
+$RSAPUB
+</pre>
+EOT
+}
diff -r c21687abfa6a -r 86fb26b8cd18 dropbear/receipt
--- a/dropbear/receipt	Thu Jun 11 16:42:53 2020 +0000
+++ b/dropbear/receipt	Thu Jun 25 11:05:15 2020 +0000
@@ -23,11 +23,13 @@
 	local DROPBEARS
 	DROPBEARS="dbclient scp"
 	sed -i  -e 's|/usr/X11R6/bin/xauth|/usr/bin/xauth|' \
-		-e 's|/usr/libexec/sftp-server|/usr/sbin/sftp-server|' \
+		-e 's|.*define NON_INETD_MODE.*|/*&*/|' \
+		-e 's|.*sftp-server.*|/*&*/|' \
 		-e 's|.*MD5_HMAC.*|/*&*/|' \
 		-e 's|.*_AES128.*|/*&*/|' \
 		-e 's|.*TWOFISH128.*|/*&*/|' \
 		options.h
+	echo "#define DISABLE_X11FWD" >> options.h
 	[ -d $WOK/zlib/taz ] || cook zlib
 	ln -s $WOK/zlib/taz/*/fs/usr/lib/* /usr/share/uclibc-cross-compiler-$TARGET/lib/ 2> /dev/null
 	ln -s /usr/include/z*.h /usr/share/uclibc-cross-compiler-$TARGET/include/ 2> /dev/null