wok-tiny rev 163
dropbear: disable X11 forwarding
| author | Pascal Bellard <pascal.bellard@slitaz.org> |
|---|---|
| date | Thu Jun 25 11:05:15 2020 +0000 (2020-06-25) |
| parents | c21687abfa6a |
| children | 5f5bea2af6b6 |
| files | dropbear-client-without-zlib/receipt dropbear-without-zlib/recept dropbear/receipt |
line diff
1.1 --- a/dropbear-client-without-zlib/receipt Thu Jun 11 16:42:53 2020 +0000 1.2 +++ b/dropbear-client-without-zlib/receipt Thu Jun 25 11:05:15 2020 +0000 1.3 @@ -24,17 +24,17 @@ 1.4 local DROPBEARS 1.5 DROPBEARS="dbclient scp" 1.6 sed -i -e 's|/usr/X11R6/bin/xauth|/usr/bin/xauth|' \ 1.7 - -e 's|/usr/libexec/sftp-server|/usr/sbin/sftp-server|' \ 1.8 + -e 's|.*define NON_INETD_MODE.*|/*&*/|' \ 1.9 + -e 's|.*sftp-server.*|/*&*/|' \ 1.10 -e 's|.*MD5_HMAC.*|/*&*/|' \ 1.11 -e 's|.*_AES128.*|/*&*/|' \ 1.12 -e 's|.*TWOFISH128.*|/*&*/|' \ 1.13 options.h 1.14 - [ -d $WOK/zlib/taz ] || cook zlib 1.15 - ln -s $WOK/zlib/taz/*/fs/usr/lib/* /usr/share/uclibc-cross-compiler-$TARGET/lib/ 2> /dev/null 1.16 - ln -s /usr/include/z*.h /usr/share/uclibc-cross-compiler-$TARGET/include/ 2> /dev/null 1.17 + echo "#define DISABLE_X11FWD" >> options.h 1.18 ./configure --prefix=/usr --without-pam --host=$TARGET-pc-linux-gnu \ 1.19 --disable-lastlog --disable-utmp --disable-utmpx \ 1.20 --disable-wtmp --disable-wtmpx \ 1.21 + --disable-pututline --disable-pututxline \ 1.22 --disable-zlib CC=uclibc-$TARGET-cc && 1.23 make PROGRAMS="$DROPBEARS" MULTI=1 && 1.24 install -d -m 755 $DESTDIR/usr/bin &&
2.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 2.2 +++ b/dropbear-without-zlib/recept Thu Jun 25 11:05:15 2020 +0000 2.3 @@ -0,0 +1,143 @@ 2.4 +# SliTaz package receipt. 2.5 + 2.6 +PACKAGE="dropbear-without-zlib" 2.7 +SOURCE="dropbear" 2.8 +VERSION="0.53" 2.9 +CATEGORY="security" 2.10 +SHORT_DESC="Light SSH client and server without compression support." 2.11 +MAINTAINER="pascal.bellard@slitaz.org" 2.12 +LICENSE="MIT" 2.13 +TARBALL="$SOURCE-$VERSION.tar.gz" 2.14 +DEPENDS="libutil busybox-net" 2.15 +[ -n "$TARGET" ] || TARGET="i486" 2.16 +BUILD_DEPENDS="dropbear uclibc-cross-compiler-$TARGET" 2.17 +WEB_SITE="http://matt.ucc.asn.au/dropbear/dropbear.html" 2.18 +WGET_URL="http://matt.ucc.asn.au/dropbear/releases/$TARBALL" 2.19 +CONFIG_FILES="/etc/dropbear /etc/daemons.conf /etc/rcS.conf" 2.20 +PROVIDE="ssh dropbear scp dropbear-client" 2.21 +TAGS="ssh" 2.22 + 2.23 +# Rules to configure and make the package. 2.24 +compile_rules() 2.25 +{ 2.26 + local i 2.27 + local DROPBEARS 2.28 + DROPBEARS="dbclient scp" 2.29 + sed -i -e 's|/usr/X11R6/bin/xauth|/usr/bin/xauth|' \ 2.30 + -e 's|.*define NON_INETD_MODE.*|/*&*/|' \ 2.31 + -e 's|.*sftp-server.*|/*&*/|' \ 2.32 + -e 's|.*MD5_HMAC.*|/*&*/|' \ 2.33 + -e 's|.*_AES128.*|/*&*/|' \ 2.34 + -e 's|.*TWOFISH128.*|/*&*/|' \ 2.35 + options.h 2.36 + echo "#define DISABLE_X11FWD" >> options.h 2.37 + ./configure --prefix=/usr --without-pam --host=$TARGET-pc-linux-gnu \ 2.38 + --disable-zlib CC=uclibc-$TARGET-cc && 2.39 + make PROGRAMS="dropbear $DROPBEARS" MULTI=1 && 2.40 + install -d -m 755 $DESTDIR/usr/sbin && 2.41 + install -m 755 dropbearmulti $DESTDIR/usr/sbin/dropbear && 2.42 + chown root $DESTDIR/usr/sbin/dropbear && 2.43 + chgrp 0 $DESTDIR/usr/sbin/dropbear && 2.44 + install -d -m 755 $DESTDIR/usr/bin && 2.45 + for i in $DROPBEARS ssh; do 2.46 + ln $DESTDIR/usr/sbin/dropbear $DESTDIR/usr/bin/$i 2.47 + done 2.48 +} 2.49 + 2.50 +# Rules to gen a SliTaz package suitable for Tazpkg. 2.51 +genpkg_rules() 2.52 +{ 2.53 + mkdir -p $fs/usr/sbin $fs/etc/init.d $fs/etc/dropbear 2.54 + cp -a $install/usr/bin $fs/usr 2.55 + ln $fs/usr/bin/dbclient $fs/usr/sbin/dropbear 2.56 + ln -s daemon $fs/etc/init.d/dropbear 2.57 + cat > $fs/etc/dropbear/banner <<EOT 2.58 + 2.59 +Secure login on Tiny SliTaz GNU/Linux powered by Dropbear. 2.60 +EOT 2.61 + 2.62 + # Fix dropbear initscript perms 2.63 + chown -R root.root $fs 2.64 +} 2.65 + 2.66 +# Post message when installing. 2.67 +post_install() 2.68 +{ 2.69 + if [ "$STARTDAEMON" = "ON" ]; then 2.70 + grep -q inetd $1/etc/rcS.conf || 2.71 + sed -i 's/^RUN_DAEMONS="/&inetd /' $1/etc/rcS.conf 2.72 + grep -q dropbear $1/etc/inetd.conf || cat >> $1/etc/inetd.conf <<EOT 2.73 +ssh stream tcp nowait root /usr/sbin/dropbear /usr/sbin/dropbear -i $DROPBEAR_OPTS 2.74 +EOT 2.75 + fi 2.76 + dos2unix <<EOT | uudecode - > $1/etc/dropbear/dropbear_dss_host_key 2.77 +$DSSKEY 2.78 +EOT 2.79 + dos2unix <<EOT | uudecode - > $1/etc/dropbear/dropbear_rsa_host_key 2.80 +$RSAKEY 2.81 +EOT 2.82 + chmod 600 $1/etc/dropbear/dropbear_*_host_key 2.83 +} 2.84 + 2.85 +config_form() 2.86 +{ 2.87 + [ -n "$DROPBEAR_OPTS" ] || DROPBEAR_OPTS="-b /etc/dropbear/banner" 2.88 + if [ -z "$DSSKEY" ]; then 2.89 + dropbearkey -t dss -f /tmp/mkssh$$ > /dev/null 2>&1 2.90 + DSSKEY="$(uuencode -m - < /tmp/mkssh$$)" 2.91 + rm -f /tmp/mkssh$$ 2.92 + fi 2.93 + uudecode - > /tmp/mkssh$$ <<EOT 2.94 +$DSSKEY 2.95 +EOT 2.96 + DSSPUB="$(dropbearkey -y -f /tmp/mkssh$$ | grep ^ssh)" 2.97 + rm -f /tmp/mkssh$$ 2.98 + if [ -z "$RSAKEY" ]; then 2.99 + dropbearkey -t rsa -f /tmp/mkssh$$ > /dev/null 2>&1 2.100 + RSAKEY="$(uuencode -m - < /tmp/mkssh$$)" 2.101 + rm -f /tmp/mkssh$$ 2.102 + fi 2.103 + uudecode - > /tmp/mkssh$$ <<EOT 2.104 +$RSAKEY 2.105 +EOT 2.106 + RSAPUB="$(dropbearkey -y -f /tmp/mkssh$$ | grep ^ssh)" 2.107 + rm -f /tmp/mkssh$$ 2.108 + cat <<EOT 2.109 +<input type="checkbox" name="STARTDAEMON" value="ON" ${STARTDAEMON:+checked="checked" }/> 2.110 +Start server during boot<br> 2.111 +<table> 2.112 +<tr> 2.113 +<td>Server options</td> 2.114 +<td><input type="text" name="DROPBEAR_OPTS" value="$DROPBEAR_OPTS" /></td> 2.115 +</tr> 2.116 +<tr> 2.117 +<td>DSS key</td> 2.118 +<td><textarea name="DSSKEY" cols="60" rows="13" wrap="off"> 2.119 +$DSSKEY 2.120 +</textarea></td> 2.121 +</tr> 2.122 +<tr> 2.123 +<td>RSA key</td> 2.124 +<td><textarea name="RSAKEY" cols="60" rows="12" wrap="off"> 2.125 +$RSAKEY 2.126 +</textarea></td> 2.127 +</tr> 2.128 +</table> 2.129 +You can set your dropbear key 2.130 +<pre> 2.131 +# uuencode -m - < /etc/dropbear/dropbear_dss_host_key 2.132 +</pre> 2.133 +Or your ssh key 2.134 +<pre> 2.135 +# dropbearconvert openssh dropbear /etc/ssh/id_dsa /dev/stdout | uuencode -m - 2.136 +</pre> 2.137 +Default DSS public key is 2.138 +<pre> 2.139 +$DSSPUB 2.140 +</pre> 2.141 +Default RSA public key is 2.142 +<pre> 2.143 +$RSAPUB 2.144 +</pre> 2.145 +EOT 2.146 +}
3.1 --- a/dropbear/receipt Thu Jun 11 16:42:53 2020 +0000 3.2 +++ b/dropbear/receipt Thu Jun 25 11:05:15 2020 +0000 3.3 @@ -23,11 +23,13 @@ 3.4 local DROPBEARS 3.5 DROPBEARS="dbclient scp" 3.6 sed -i -e 's|/usr/X11R6/bin/xauth|/usr/bin/xauth|' \ 3.7 - -e 's|/usr/libexec/sftp-server|/usr/sbin/sftp-server|' \ 3.8 + -e 's|.*define NON_INETD_MODE.*|/*&*/|' \ 3.9 + -e 's|.*sftp-server.*|/*&*/|' \ 3.10 -e 's|.*MD5_HMAC.*|/*&*/|' \ 3.11 -e 's|.*_AES128.*|/*&*/|' \ 3.12 -e 's|.*TWOFISH128.*|/*&*/|' \ 3.13 options.h 3.14 + echo "#define DISABLE_X11FWD" >> options.h 3.15 [ -d $WOK/zlib/taz ] || cook zlib 3.16 ln -s $WOK/zlib/taz/*/fs/usr/lib/* /usr/share/uclibc-cross-compiler-$TARGET/lib/ 2> /dev/null 3.17 ln -s /usr/include/z*.h /usr/share/uclibc-cross-compiler-$TARGET/include/ 2> /dev/null