diff options
author | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2018-08-31 13:25:51 +0300 |
---|---|---|
committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2018-09-06 14:44:12 +0300 |
commit | ff075f6ee795a590b244d70a90cc312ba1f2d83d (patch) | |
tree | a617790bdbfdeef960665ba0242e1f0c93e5301a /meta-phosphor/recipes-core/dropbear | |
parent | 3e4da38c127bb7e7641adc2fc41f4c33744cb918 (diff) | |
download | openbmc-ff075f6ee795a590b244d70a90cc312ba1f2d83d.tar.xz |
meta-phosphor: Move layer content from common/
Adopt a more conventional directory hierarchy. meta-phosphor is still
a _long_ way from suitable for hosting on yoctoproject.org but things
like this don't help.
(From meta-phosphor rev: 471cfcefa74b8c7ceb704cb670e6d915cf27c63b)
Change-Id: I3f106b2f6cdc6cec734be28a6090800546f362eb
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Diffstat (limited to 'meta-phosphor/recipes-core/dropbear')
4 files changed, 158 insertions, 0 deletions
diff --git a/meta-phosphor/recipes-core/dropbear/dropbear/0001-Only-load-dropbear-default-host-keys-if-a-key-is-not.patch b/meta-phosphor/recipes-core/dropbear/dropbear/0001-Only-load-dropbear-default-host-keys-if-a-key-is-not.patch new file mode 100644 index 0000000000..e32baec83f --- /dev/null +++ b/meta-phosphor/recipes-core/dropbear/dropbear/0001-Only-load-dropbear-default-host-keys-if-a-key-is-not.patch @@ -0,0 +1,42 @@ +From 95eff1ca0beea55259c2cdc7f1bb9f930bf57bc8 Mon Sep 17 00:00:00 2001 +From: CamVan Nguyen <ctnguyen@us.ibm.com> +Date: Tue, 13 Feb 2018 15:37:47 -0600 +Subject: [PATCH 1/1] Only load dropbear default host keys if a key is not + specified + +--- + svr-runopts.c | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +diff --git a/svr-runopts.c b/svr-runopts.c +index 8f60059..c5c2148 100644 +--- a/svr-runopts.c ++++ b/svr-runopts.c +@@ -488,17 +488,21 @@ void load_all_hostkeys() { + m_free(hostkey_file); + } + ++ /* Only load default host keys if a host key is not specified by the ++ * user */ ++ if (0 == svr_opts.num_hostkey_files) { + #ifdef DROPBEAR_RSA +- loadhostkey(RSA_PRIV_FILENAME, 0); ++ loadhostkey(RSA_PRIV_FILENAME, 0); + #endif + + #ifdef DROPBEAR_DSS +- loadhostkey(DSS_PRIV_FILENAME, 0); ++ loadhostkey(DSS_PRIV_FILENAME, 0); + #endif + + #ifdef DROPBEAR_ECDSA +- loadhostkey(ECDSA_PRIV_FILENAME, 0); ++ loadhostkey(ECDSA_PRIV_FILENAME, 0); + #endif ++ } + + #ifdef DROPBEAR_DELAY_HOSTKEY + if (svr_opts.delay_hostkey) { +-- +1.8.2.2 + diff --git a/meta-phosphor/recipes-core/dropbear/dropbear/0001-dropbear-Add-c-command-option-to-force-a-specific-co.patch b/meta-phosphor/recipes-core/dropbear/dropbear/0001-dropbear-Add-c-command-option-to-force-a-specific-co.patch new file mode 100644 index 0000000000..88d0ac0bb1 --- /dev/null +++ b/meta-phosphor/recipes-core/dropbear/dropbear/0001-dropbear-Add-c-command-option-to-force-a-specific-co.patch @@ -0,0 +1,91 @@ +From b4e094381ec846f4387dc6a3c210c2205a8db58a Mon Sep 17 00:00:00 2001 +From: Jeremy Kerr <jk@ozlabs.org> +Date: Tue, 12 Apr 2016 11:11:40 +0800 +Subject: [PATCH] dropbear: Add -c <command> option to force a specific command + +This change adds a -c option to dropbear, to force the session to use a +specific command, in a similar fashion to OpenSSH's ForceCommand +configuration option. + +This is useful to provide a simple fixed service over ssh, without +requiring an authorized key file for the per-key forced_command option. + +This setting takes precedence over the channel session's provided +command, and the per-key forced_command setting. + +Signed-off-by: Jeremy Kerr <jk@ozlabs.org> +--- + runopts.h | 2 ++ + svr-chansession.c | 12 ++++++++++-- + svr-runopts.c | 5 +++++ + 3 files changed, 17 insertions(+), 2 deletions(-) + +diff --git a/runopts.h b/runopts.h +index f7c869d..ffb573e 100644 +--- a/runopts.h ++++ b/runopts.h +@@ -114,6 +114,8 @@ typedef struct svr_runopts { + buffer * banner; + char * pidfile; + ++ char * command; ++ + } svr_runopts; + + extern svr_runopts svr_opts; +diff --git a/svr-chansession.c b/svr-chansession.c +index bfaf7f6..d6c9330 100644 +--- a/svr-chansession.c ++++ b/svr-chansession.c +@@ -671,8 +671,16 @@ static int sessioncommand(struct Channel *channel, struct ChanSess *chansess, + } + } + +- /* take public key option 'command' into account */ +- svr_pubkey_set_forced_command(chansess); ++ ++ /* take global command into account */ ++ if (svr_opts.command) { ++ chansess->original_command = chansess->cmd ? : m_strdup(""); ++ chansess->cmd = m_strdup(svr_opts.command); ++ } else { ++ /* take public key option 'command' into account */ ++ svr_pubkey_set_forced_command(chansess); ++ } ++ + + #ifdef LOG_COMMANDS + if (chansess->cmd) { +diff --git a/svr-runopts.c b/svr-runopts.c +index 8f60059..f845300 100644 +--- a/svr-runopts.c ++++ b/svr-runopts.c +@@ -79,6 +79,7 @@ static void printhelp(const char * progname) { + #ifdef ENABLE_SVR_REMOTETCPFWD + "-k Disable remote port forwarding\n" + "-a Allow connections to forwarded ports from any host\n" ++ "-c command Force executed command\n" + #endif + "-p [address:]port\n" + " Listen on specified tcp port (and optionally address),\n" +@@ -125,6 +126,7 @@ void svr_getopts(int argc, char ** argv) { + /* see printhelp() for options */ + svr_opts.bannerfile = NULL; + svr_opts.banner = NULL; ++ svr_opts.command = NULL; + svr_opts.forkbg = 1; + svr_opts.norootlogin = 0; + svr_opts.noauthpass = 0; +@@ -177,6 +179,9 @@ void svr_getopts(int argc, char ** argv) { + case 'b': + next = &svr_opts.bannerfile; + break; ++ case 'c': ++ next = &svr_opts.command; ++ break; + case 'd': + case 'r': + next = &keyfile; +-- +2.5.0 + diff --git a/meta-phosphor/recipes-core/dropbear/dropbear/dropbearkey.service b/meta-phosphor/recipes-core/dropbear/dropbear/dropbearkey.service new file mode 100644 index 0000000000..dfeb17f41d --- /dev/null +++ b/meta-phosphor/recipes-core/dropbear/dropbear/dropbearkey.service @@ -0,0 +1,18 @@ +[Unit] +Description=SSH Key Generation + +[Service] +# Set the default RSA key path then load environment variables from the +# environment file, which might override the default RSA key path. +Environment="DROPBEAR_RSAKEY_DIR=/etc/dropbear" +EnvironmentFile=-/etc/default/dropbear +Type=oneshot +ExecStart=@BASE_BINDIR@/sh -c \ + "if [[ ! -f ${DROPBEAR_RSAKEY_DIR}/dropbear_rsa_host_key ]]; then \ + @BASE_BINDIR@/mkdir -p ${DROPBEAR_RSAKEY_DIR}; \ + @SBINDIR@/dropbearkey -t rsa -f ${DROPBEAR_RSAKEY_DIR}/dropbear_rsa_host_key; \ + fi" +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target diff --git a/meta-phosphor/recipes-core/dropbear/dropbear_%.bbappend b/meta-phosphor/recipes-core/dropbear/dropbear_%.bbappend new file mode 100644 index 0000000000..80714977b7 --- /dev/null +++ b/meta-phosphor/recipes-core/dropbear/dropbear_%.bbappend @@ -0,0 +1,7 @@ +# 0001-Only-load-dropbear-default-host-keys-if-a-key-is-not.patch +# has been upstreamed. This patch can be removed once we upgrade +# to yocto 2.5 or later which will pull in the latest dropbear code. +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" +SRC_URI += "file://dropbearkey.service \ + file://0001-dropbear-Add-c-command-option-to-force-a-specific-co.patch \ + file://0001-Only-load-dropbear-default-host-keys-if-a-key-is-not.patch" |