core/dropbear/dropbear-2020.80-r2.smage2

# $Id$

PNAME="dropbear"
PVER="2020.80"
PBUILD="r2"

PCAT="net-misc"

DESCRIPTION="Dropbear SSH2 has a small memory footprint and is suitable for memory-constrained environments."
HOMEPAGE="http://matt.ucc.asn.au/dropbear/dropbear.html"

DEPEND=">= sys-libs/zlib-1.2.5
	>= dev-libs/libtommath-1.1"

SDEPEND=">= sys-libs/zlib-dev-1.2.5
	>= dev-libs/libtommath-dev-1.1"

PROVIDE="virtual/ssh-server
	virtual/ssh-client"

SRCFILE="${PNAME}-${PVER}.tar.bz2"
SRCDIR="${BUILDDIR}/${PNAME}-${PVER}"

DROPBEAR_SVC_REV=1.2
KEYGEN_DSS_SVC_REV=1.2
KEYGEN_RSA_SVC_REV=1.2
KEYGEN_ECDSA_SVC_REV=1.2

# no check target in Makefile
msetfeature "!check"

# todo: remove dbclient too?
ALX_PKG_KEEP="etc
	usr/bin/dbclient
	usr/bin/dropbearkey
	usr/bin/dropbearconvert
	usr/bin/scp
	usr/bin/ssh
	usr/sbin/dropbear
	usr/bin/dropbearmulti
	usr/lib/systemd
	var"
sminclude mbuild mtools systemd alx-split

SRC_URI=(
	http://matt.ucc.asn.au/${PNAME}/releases/${SRCFILE}
	mirror://${PNAME}/${SRCFILE}
	mirror://${PNAME}/dropbear.service-${DROPBEAR_SVC_REV}
	mirror://${PNAME}/dropbear-keygen-dss.service-${KEYGEN_DSS_SVC_REV}
	mirror://${PNAME}/dropbear-keygen-rsa.service-${KEYGEN_RSA_SVC_REV}
	mirror://${PNAME}/dropbear-keygen-ecdsa.service-${KEYGEN_ECDSA_SVC_REV}
	mirror://${PNAME}/dropbear.conf.tempfile
)

UP2DATE="updatecmd 'http://matt.ucc.asn.au/dropbear/releases/?C=M;O=A' | grep ${PNAME}- | lasttarball"

src_prepare()
{
	munpack ${SRCFILE} || die
	cd ${SRCDIR}

	# see: https://github.com/balena-os/meta-balena/issues/1161
	# and check: https://github.com/arthepsy/ssh-audit	
	echo > ${SRCDIR}/localoptions.h || die
	# disable weak cyphers/options for security reasons
	echo '#define DROPBEAR_ENABLE_CBC_MODE 0' >> ${SRCDIR}/localoptions.h || die
	echo '#define DROPBEAR_SHA1_HMAC 0' >> ${SRCDIR}/localoptions.h || die
	echo '#define DROPBEAR_SHA1_96_HMAC 0' >> ${SRCDIR}/localoptions.h || die
	# enable twofish
	echo '#define DROPBEAR_TWOFISH128 1' >> ${SRCDIR}/localoptions.h || die
	echo '#define DROPBEAR_TWOFISH256 1' >> ${SRCDIR}/localoptions.h || die
	# disable x11 fwd by default
	echo '#define DROPBEAR_X11FWD 0' >> ${SRCDIR}/localoptions.h || die
}
src_compile()
{
	cd ${SRCDIR}

	mconfigure --enable-zlib --disable-pam || die
	mmake PROGRAMS="dbclient scp dropbearkey dropbearconvert dropbear" MULTI=1 || die
}

alx_generic_src_install()
{
	cd ${SRCDIR}
	mmake DESTDIR=${BINDIR} PROGRAMS="dbclient scp dropbearkey dropbearconvert dropbear" MULTI=1 install || die

	# create missing symlinks
	minstalldir /usr/sbin || die
	mlink dropbearmulti /usr/bin/dbclient || die
	mlink dropbearmulti /usr/bin/scp || die
	mlink dropbearmulti /usr/bin/ssh || die
	mlink dropbearmulti /usr/bin/dropbearkey || die
	mlink ../bin/dropbearmulti /usr/sbin/dropbear || die

	# systemd units
	minstallunit dropbear.service-${DROPBEAR_SVC_REV} dropbear.service || die
	minstallunit dropbear-keygen-dss.service-${KEYGEN_DSS_SVC_REV} dropbear-keygen-dss.service || die
	minstallunit dropbear-keygen-rsa.service-${KEYGEN_RSA_SVC_REV} dropbear-keygen-rsa.service || die
	minstallunit dropbear-keygen-ecdsa.service-${KEYGEN_ECDSA_SVC_REV} dropbear-keygen-ecdsa.service || die
	minstalltmp dropbear.conf.tempfile dropbear.conf || die

	# needed to run sshd
	mkeepdir /etc/dropbear || die
	mkeepdir /var/empty || die
	mchown root:sys /var/empty || die

	minstalldocs CHANGES INSTALL LICENSE _MTN MULTI SMALL TODO || die
}

preinstall_dropbear()
{
	add_conf_prot_mask /etc/tmpfiles.d

	# adding ssh user
	${MLIBDIR}/mgroupadd -o "-g 22" sshd
	${MLIBDIR}/museradd -o "-u 22 -g sshd -d /var/empty -s /bin/false" sshd
}

postinstall_dropbear()
{
	# cleanup old symlinks
	local i
	for i in dsa rsa ecdsa
	do
		if [ -L ${MROOT}/etc/systemd/system/multi-user.target.wants/dropbear-keygen-${i}.service ]
		then
			rm ${MROOT}/etc/systemd/system/multi-user.target.wants/dropbear-keygen-${i}.service
		fi
	done

	mstartunit dropbear.service
}

postremove_dropbear()
{
	mstopunit dropbear.service
}
1	# $Id$
2
3	PNAME="dropbear"
4	PVER="2020.80"
5	PBUILD="r2"
6
7	PCAT="net-misc"
8
9	DESCRIPTION="Dropbear SSH2 has a small memory footprint and is suitable for memory-constrained environments."
10	HOMEPAGE="http://matt.ucc.asn.au/dropbear/dropbear.html"
11
12	DEPEND=">= sys-libs/zlib-1.2.5
13	>= dev-libs/libtommath-1.1"
14
15	SDEPEND=">= sys-libs/zlib-dev-1.2.5
16	>= dev-libs/libtommath-dev-1.1"
17
18	PROVIDE="virtual/ssh-server
19	virtual/ssh-client"
20
21	SRCFILE="${PNAME}-${PVER}.tar.bz2"
22	SRCDIR="${BUILDDIR}/${PNAME}-${PVER}"
23
24	DROPBEAR_SVC_REV=1.2
25	KEYGEN_DSS_SVC_REV=1.2
26	KEYGEN_RSA_SVC_REV=1.2
27	KEYGEN_ECDSA_SVC_REV=1.2
28
29	# no check target in Makefile
30	msetfeature "!check"
31
32	# todo: remove dbclient too?
33	ALX_PKG_KEEP="etc
34	usr/bin/dbclient
35	usr/bin/dropbearkey
36	usr/bin/dropbearconvert
37	usr/bin/scp
38	usr/bin/ssh
39	usr/sbin/dropbear
40	usr/bin/dropbearmulti
41	usr/lib/systemd
42	var"
43	sminclude mbuild mtools systemd alx-split
44
45	SRC_URI=(
46	http://matt.ucc.asn.au/${PNAME}/releases/${SRCFILE}
47	mirror://${PNAME}/${SRCFILE}
48	mirror://${PNAME}/dropbear.service-${DROPBEAR_SVC_REV}
49	mirror://${PNAME}/dropbear-keygen-dss.service-${KEYGEN_DSS_SVC_REV}
50	mirror://${PNAME}/dropbear-keygen-rsa.service-${KEYGEN_RSA_SVC_REV}
51	mirror://${PNAME}/dropbear-keygen-ecdsa.service-${KEYGEN_ECDSA_SVC_REV}
52	mirror://${PNAME}/dropbear.conf.tempfile
53	)
54
55	UP2DATE="updatecmd 'http://matt.ucc.asn.au/dropbear/releases/?C=M;O=A' \| grep ${PNAME}- \| lasttarball"
56
57	src_prepare()
58	{
59	munpack ${SRCFILE} \|\| die
60	cd ${SRCDIR}
61
62	# see: https://github.com/balena-os/meta-balena/issues/1161
63	# and check: https://github.com/arthepsy/ssh-audit
64	echo > ${SRCDIR}/localoptions.h \|\| die
65	# disable weak cyphers/options for security reasons
66	echo '#define DROPBEAR_ENABLE_CBC_MODE 0' >> ${SRCDIR}/localoptions.h \|\| die
67	echo '#define DROPBEAR_SHA1_HMAC 0' >> ${SRCDIR}/localoptions.h \|\| die
68	echo '#define DROPBEAR_SHA1_96_HMAC 0' >> ${SRCDIR}/localoptions.h \|\| die
69	# enable twofish
70	echo '#define DROPBEAR_TWOFISH128 1' >> ${SRCDIR}/localoptions.h \|\| die
71	echo '#define DROPBEAR_TWOFISH256 1' >> ${SRCDIR}/localoptions.h \|\| die
72	# disable x11 fwd by default
73	echo '#define DROPBEAR_X11FWD 0' >> ${SRCDIR}/localoptions.h \|\| die
74	}
75	src_compile()
76	{
77	cd ${SRCDIR}
78
79	mconfigure --enable-zlib --disable-pam \|\| die
80	mmake PROGRAMS="dbclient scp dropbearkey dropbearconvert dropbear" MULTI=1 \|\| die
81	}
82
83	alx_generic_src_install()
84	{
85	cd ${SRCDIR}
86	mmake DESTDIR=${BINDIR} PROGRAMS="dbclient scp dropbearkey dropbearconvert dropbear" MULTI=1 install \|\| die
87
88	# create missing symlinks
89	minstalldir /usr/sbin \|\| die
90	mlink dropbearmulti /usr/bin/dbclient \|\| die
91	mlink dropbearmulti /usr/bin/scp \|\| die
92	mlink dropbearmulti /usr/bin/ssh \|\| die
93	mlink dropbearmulti /usr/bin/dropbearkey \|\| die
94	mlink ../bin/dropbearmulti /usr/sbin/dropbear \|\| die
95
96	# systemd units
97	minstallunit dropbear.service-${DROPBEAR_SVC_REV} dropbear.service \|\| die
98	minstallunit dropbear-keygen-dss.service-${KEYGEN_DSS_SVC_REV} dropbear-keygen-dss.service \|\| die
99	minstallunit dropbear-keygen-rsa.service-${KEYGEN_RSA_SVC_REV} dropbear-keygen-rsa.service \|\| die
100	minstallunit dropbear-keygen-ecdsa.service-${KEYGEN_ECDSA_SVC_REV} dropbear-keygen-ecdsa.service \|\| die
101	minstalltmp dropbear.conf.tempfile dropbear.conf \|\| die
102
103	# needed to run sshd
104	mkeepdir /etc/dropbear \|\| die
105	mkeepdir /var/empty \|\| die
106	mchown root:sys /var/empty \|\| die
107
108	minstalldocs CHANGES INSTALL LICENSE _MTN MULTI SMALL TODO \|\| die
109	}
110
111	preinstall_dropbear()
112	{
113	add_conf_prot_mask /etc/tmpfiles.d
114
115	# adding ssh user
116	${MLIBDIR}/mgroupadd -o "-g 22" sshd
117	${MLIBDIR}/museradd -o "-u 22 -g sshd -d /var/empty -s /bin/false" sshd
118	}
119
120	postinstall_dropbear()
121	{
122	# cleanup old symlinks
123	local i
124	for i in dsa rsa ecdsa
125	do
126	if [ -L ${MROOT}/etc/systemd/system/multi-user.target.wants/dropbear-keygen-${i}.service ]
127	then
128	rm ${MROOT}/etc/systemd/system/multi-user.target.wants/dropbear-keygen-${i}.service
129	fi
130	done
131
132	mstartunit dropbear.service
133	}
134
135	postremove_dropbear()
136	{
137	mstopunit dropbear.service
138	}