diff options
author | Willy Tu <wltu@google.com> | 2021-02-10 20:52:53 +0300 |
---|---|---|
committer | William A. Kennington III <wak@google.com> | 2021-02-16 23:37:24 +0300 |
commit | 74a3a8aef4287dddc77c11d70c0c19401c461991 (patch) | |
tree | 27fbc2163a5053567a02a779fe153d12a2f13950 /meta-google/recipes-google | |
parent | 72a9b771c6f66dfde3906b783dec28326a671bc7 (diff) | |
download | openbmc-74a3a8aef4287dddc77c11d70c0c19401c461991.tar.xz |
meta-google: recipes-google: networking: gbmc-sslh: Import from gBMC
Initial recipes-google/networking gbmc-sslh code from gBMC.
Google-Bug-Id: 179617830
Upstream: 8ac594bdf054082ca6dbe35c4345759fe4c31669
Change-Id: I9d7cdcad8a816dd878cdbb2e30272ac7f223d49e
Signed-off-by: Willy Tu <wltu@google.com>
Diffstat (limited to 'meta-google/recipes-google')
-rw-r--r-- | meta-google/recipes-google/networking/files/sslh.service | 20 | ||||
-rw-r--r-- | meta-google/recipes-google/networking/files/sslh.socket | 8 | ||||
-rw-r--r-- | meta-google/recipes-google/networking/gbmc-sslh.bb | 23 |
3 files changed, 51 insertions, 0 deletions
diff --git a/meta-google/recipes-google/networking/files/sslh.service b/meta-google/recipes-google/networking/files/sslh.service new file mode 100644 index 000000000..b6bc04a4c --- /dev/null +++ b/meta-google/recipes-google/networking/files/sslh.service @@ -0,0 +1,20 @@ +[Unit] +Description=SSL/SSH multiplexer +Requires=sslh.socket + +[Service] +ExecStart=/usr/sbin/sslh -n -f --ssh [::1]:22 --http [::1]:80 --tls [::1]:443 +KillMode=process +#Hardening +PrivateTmp=true +ProtectSystem=strict +ProtectHome=true +ProtectKernelModules=true +ProtectKernelTunables=true +ProtectControlGroups=true +MountFlags=private +NoNewPrivileges=true +PrivateDevices=true +RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX +MemoryDenyWriteExecute=true +DynamicUser=true diff --git a/meta-google/recipes-google/networking/files/sslh.socket b/meta-google/recipes-google/networking/files/sslh.socket new file mode 100644 index 000000000..2540e5961 --- /dev/null +++ b/meta-google/recipes-google/networking/files/sslh.socket @@ -0,0 +1,8 @@ +[Unit] +Before=sslh.service + +[Socket] +ListenStream=3967 + +[Install] +WantedBy=sockets.target diff --git a/meta-google/recipes-google/networking/gbmc-sslh.bb b/meta-google/recipes-google/networking/gbmc-sslh.bb new file mode 100644 index 000000000..ec16f078f --- /dev/null +++ b/meta-google/recipes-google/networking/gbmc-sslh.bb @@ -0,0 +1,23 @@ +PR = "r1" + +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10" + +inherit systemd + +RDEPENDS_${PN} += "sslh" + +SRC_URI_append = " \ + file://sslh.service \ + file://sslh.socket \ +" + +SYSTEMD_SERVICE_${PN} += "sslh.service" +SYSTEMD_SERVICE_${PN} += "sslh.socket" + +do_install() { + # Install service definitions + install -d -m 0755 ${D}${systemd_system_unitdir} + install -m 0644 ${WORKDIR}/sslh.service ${D}${systemd_system_unitdir} + install -m 0644 ${WORKDIR}/sslh.socket ${D}${systemd_system_unitdir} +} |