core/dropbear/dropbear-2020.80-r1.smage2

# $Id$

PNAME="dropbear"
PVER="2020.80"
PBUILD="r1"

PCAT="net-misc"

DESCRIPTION="Dropbear SSH2 has a small memory footprint and is suitable for memory-constrained environments."
HOMEPAGE="http://matt.ucc.asn.au/dropbear/dropbear.html"

DEPEND=">= sys-libs/zlib-1.2.5
	>= dev-libs/libtommath-1.1"

SDEPEND=">= sys-libs/zlib-dev-1.2.5
	>= dev-libs/libtommath-dev-1.1"

PROVIDE="virtual/ssh-server
	virtual/ssh-client"

SRCFILE="${PNAME}-${PVER}.tar.bz2"
SRCDIR="${BUILDDIR}/${PNAME}-${PVER}"

DROPBEAR_SVC_REV=1.2
KEYGEN_DSS_SVC_REV=1.2
KEYGEN_RSA_SVC_REV=1.2
KEYGEN_ECDSA_SVC_REV=1.2

# no check target in Makefile
msetfeature "!check"

# todo: remove dbclient too?
ALX_PKG_KEEP="etc
	usr/bin/dbclient
	usr/bin/dropbearkey
	usr/bin/dropbearconvert
	usr/bin/scp
	usr/sbin/dropbear
	usr/bin/dropbearmulti
	usr/lib/systemd
	var"
sminclude mbuild mtools systemd alx-split

SRC_URI=(
	http://matt.ucc.asn.au/${PNAME}/releases/${SRCFILE}
	mirror://${PNAME}/${SRCFILE}
	mirror://${PNAME}/dropbear.service-${DROPBEAR_SVC_REV}
	mirror://${PNAME}/dropbear-keygen-dss.service-${KEYGEN_DSS_SVC_REV}
	mirror://${PNAME}/dropbear-keygen-rsa.service-${KEYGEN_RSA_SVC_REV}
	mirror://${PNAME}/dropbear-keygen-ecdsa.service-${KEYGEN_ECDSA_SVC_REV}
	mirror://${PNAME}/dropbear.conf.tempfile
)

UP2DATE="updatecmd 'http://matt.ucc.asn.au/dropbear/releases/?C=M;O=A' | grep ${PNAME}- | lasttarball"

src_prepare()
{
	munpack ${SRCFILE} || die
	cd ${SRCDIR}

	# see: https://github.com/balena-os/meta-balena/issues/1161
	# and check: https://github.com/arthepsy/ssh-audit	
	echo > ${SRCDIR}/localoptions.h || die
	# disable weak cyphers/options for security reasons
	echo '#define DROPBEAR_ENABLE_CBC_MODE 0' >> ${SRCDIR}/localoptions.h || die
	echo '#define DROPBEAR_SHA1_HMAC 0' >> ${SRCDIR}/localoptions.h || die
	echo '#define DROPBEAR_SHA1_96_HMAC 0' >> ${SRCDIR}/localoptions.h || die
	# enable twofish
	echo '#define DROPBEAR_TWOFISH128 1' >> ${SRCDIR}/localoptions.h || die
	echo '#define DROPBEAR_TWOFISH256 1' >> ${SRCDIR}/localoptions.h || die
	# disable x11 fwd by default
	echo '#define DROPBEAR_X11FWD 0' >> ${SRCDIR}/localoptions.h || die
}
src_compile()
{
	cd ${SRCDIR}

	mconfigure --enable-zlib --disable-pam || die
	mmake PROGRAMS="dbclient scp dropbearkey dropbearconvert dropbear" MULTI=1 || die
}

alx_generic_src_install()
{
	cd ${SRCDIR}
	mmake DESTDIR=${BINDIR} PROGRAMS="dbclient scp dropbearkey dropbearconvert dropbear" MULTI=1 install || die

	# create missing symlinks
	minstalldir /usr/sbin || die
	mlink dropbearmulti /usr/bin/dbclient || die
	mlink dropbearmulti /usr/bin/scp || die
	mlink dropbearmulti /usr/bin/dropbearkey || die
	mlink ../bin/dropbearmulti /usr/sbin/dropbear || die

	# systemd units
	minstallunit dropbear.service-${DROPBEAR_SVC_REV} dropbear.service || die
	minstallunit dropbear-keygen-dss.service-${KEYGEN_DSS_SVC_REV} dropbear-keygen-dss.service || die
	minstallunit dropbear-keygen-rsa.service-${KEYGEN_RSA_SVC_REV} dropbear-keygen-rsa.service || die
	minstallunit dropbear-keygen-ecdsa.service-${KEYGEN_ECDSA_SVC_REV} dropbear-keygen-ecdsa.service || die
	minstalltmp dropbear.conf.tempfile dropbear.conf || die

	# needed to run sshd
	mkeepdir /etc/dropbear || die
	mkeepdir /var/empty || die
	mchown root:sys /var/empty || die

	minstalldocs CHANGES INSTALL LICENSE _MTN MULTI SMALL TODO || die
}

preinstall_dropbear()
{
	add_conf_prot_mask /etc/tmpfiles.d

	# adding ssh user
	${MLIBDIR}/mgroupadd -o "-g 22" sshd
	${MLIBDIR}/museradd -o "-u 22 -g sshd -d /var/empty -s /bin/false" sshd
}

postinstall_dropbear()
{
	# cleanup old symlinks
	local i
	for i in dsa rsa ecdsa
	do
		if [ -L ${MROOT}/etc/systemd/system/multi-user.target.wants/dropbear-keygen-${i}.service ]
		then
			rm ${MROOT}/etc/systemd/system/multi-user.target.wants/dropbear-keygen-${i}.service
		fi
	done

	mstartunit dropbear.service
}

postremove_dropbear()
{
	mstopunit dropbear.service
}
1	# $Id$
2
3	PNAME="dropbear"
4	PVER="2020.80"
5	PBUILD="r1"
6
7	PCAT="net-misc"
8
9	DESCRIPTION="Dropbear SSH2 has a small memory footprint and is suitable for memory-constrained environments."
10	HOMEPAGE="http://matt.ucc.asn.au/dropbear/dropbear.html"
11
12	DEPEND=">= sys-libs/zlib-1.2.5
13	>= dev-libs/libtommath-1.1"
14
15	SDEPEND=">= sys-libs/zlib-dev-1.2.5
16	>= dev-libs/libtommath-dev-1.1"
17
18	PROVIDE="virtual/ssh-server
19	virtual/ssh-client"
20
21	SRCFILE="${PNAME}-${PVER}.tar.bz2"
22	SRCDIR="${BUILDDIR}/${PNAME}-${PVER}"
23
24	DROPBEAR_SVC_REV=1.2
25	KEYGEN_DSS_SVC_REV=1.2
26	KEYGEN_RSA_SVC_REV=1.2
27	KEYGEN_ECDSA_SVC_REV=1.2
28
29	# no check target in Makefile
30	msetfeature "!check"
31
32	# todo: remove dbclient too?
33	ALX_PKG_KEEP="etc
34	usr/bin/dbclient
35	usr/bin/dropbearkey
36	usr/bin/dropbearconvert
37	usr/bin/scp
38	usr/sbin/dropbear
39	usr/bin/dropbearmulti
40	usr/lib/systemd
41	var"
42	sminclude mbuild mtools systemd alx-split
43
44	SRC_URI=(
45	http://matt.ucc.asn.au/${PNAME}/releases/${SRCFILE}
46	mirror://${PNAME}/${SRCFILE}
47	mirror://${PNAME}/dropbear.service-${DROPBEAR_SVC_REV}
48	mirror://${PNAME}/dropbear-keygen-dss.service-${KEYGEN_DSS_SVC_REV}
49	mirror://${PNAME}/dropbear-keygen-rsa.service-${KEYGEN_RSA_SVC_REV}
50	mirror://${PNAME}/dropbear-keygen-ecdsa.service-${KEYGEN_ECDSA_SVC_REV}
51	mirror://${PNAME}/dropbear.conf.tempfile
52	)
53
54	UP2DATE="updatecmd 'http://matt.ucc.asn.au/dropbear/releases/?C=M;O=A' \| grep ${PNAME}- \| lasttarball"
55
56	src_prepare()
57	{
58	munpack ${SRCFILE} \|\| die
59	cd ${SRCDIR}
60
61	# see: https://github.com/balena-os/meta-balena/issues/1161
62	# and check: https://github.com/arthepsy/ssh-audit
63	echo > ${SRCDIR}/localoptions.h \|\| die
64	# disable weak cyphers/options for security reasons
65	echo '#define DROPBEAR_ENABLE_CBC_MODE 0' >> ${SRCDIR}/localoptions.h \|\| die
66	echo '#define DROPBEAR_SHA1_HMAC 0' >> ${SRCDIR}/localoptions.h \|\| die
67	echo '#define DROPBEAR_SHA1_96_HMAC 0' >> ${SRCDIR}/localoptions.h \|\| die
68	# enable twofish
69	echo '#define DROPBEAR_TWOFISH128 1' >> ${SRCDIR}/localoptions.h \|\| die
70	echo '#define DROPBEAR_TWOFISH256 1' >> ${SRCDIR}/localoptions.h \|\| die
71	# disable x11 fwd by default
72	echo '#define DROPBEAR_X11FWD 0' >> ${SRCDIR}/localoptions.h \|\| die
73	}
74	src_compile()
75	{
76	cd ${SRCDIR}
77
78	mconfigure --enable-zlib --disable-pam \|\| die
79	mmake PROGRAMS="dbclient scp dropbearkey dropbearconvert dropbear" MULTI=1 \|\| die
80	}
81
82	alx_generic_src_install()
83	{
84	cd ${SRCDIR}
85	mmake DESTDIR=${BINDIR} PROGRAMS="dbclient scp dropbearkey dropbearconvert dropbear" MULTI=1 install \|\| die
86
87	# create missing symlinks
88	minstalldir /usr/sbin \|\| die
89	mlink dropbearmulti /usr/bin/dbclient \|\| die
90	mlink dropbearmulti /usr/bin/scp \|\| die
91	mlink dropbearmulti /usr/bin/dropbearkey \|\| die
92	mlink ../bin/dropbearmulti /usr/sbin/dropbear \|\| die
93
94	# systemd units
95	minstallunit dropbear.service-${DROPBEAR_SVC_REV} dropbear.service \|\| die
96	minstallunit dropbear-keygen-dss.service-${KEYGEN_DSS_SVC_REV} dropbear-keygen-dss.service \|\| die
97	minstallunit dropbear-keygen-rsa.service-${KEYGEN_RSA_SVC_REV} dropbear-keygen-rsa.service \|\| die
98	minstallunit dropbear-keygen-ecdsa.service-${KEYGEN_ECDSA_SVC_REV} dropbear-keygen-ecdsa.service \|\| die
99	minstalltmp dropbear.conf.tempfile dropbear.conf \|\| die
100
101	# needed to run sshd
102	mkeepdir /etc/dropbear \|\| die
103	mkeepdir /var/empty \|\| die
104	mchown root:sys /var/empty \|\| die
105
106	minstalldocs CHANGES INSTALL LICENSE _MTN MULTI SMALL TODO \|\| die
107	}
108
109	preinstall_dropbear()
110	{
111	add_conf_prot_mask /etc/tmpfiles.d
112
113	# adding ssh user
114	${MLIBDIR}/mgroupadd -o "-g 22" sshd
115	${MLIBDIR}/museradd -o "-u 22 -g sshd -d /var/empty -s /bin/false" sshd
116	}
117
118	postinstall_dropbear()
119	{
120	# cleanup old symlinks
121	local i
122	for i in dsa rsa ecdsa
123	do
124	if [ -L ${MROOT}/etc/systemd/system/multi-user.target.wants/dropbear-keygen-${i}.service ]
125	then
126	rm ${MROOT}/etc/systemd/system/multi-user.target.wants/dropbear-keygen-${i}.service
127	fi
128	done
129
130	mstartunit dropbear.service
131	}
132
133	postremove_dropbear()
134	{
135	mstopunit dropbear.service
136	}