# $Id$

PNAME="dropbear"
PVER="2020.80"
PBUILD="r1"

PCAT="net-misc"

DESCRIPTION="Dropbear SSH2 has a small memory footprint and is suitable for memory-constrained environments."
HOMEPAGE="http://matt.ucc.asn.au/dropbear/dropbear.html"

DEPEND=">= sys-libs/zlib-1.2.5
	>= dev-libs/libtommath-1.1"

SDEPEND=">= sys-libs/zlib-dev-1.2.5
	>= dev-libs/libtommath-dev-1.1"

PROVIDE="virtual/ssh-server
	virtual/ssh-client"

SRCFILE="${PNAME}-${PVER}.tar.bz2"
SRCDIR="${BUILDDIR}/${PNAME}-${PVER}"

DROPBEAR_SVC_REV=1.2
KEYGEN_DSS_SVC_REV=1.2
KEYGEN_RSA_SVC_REV=1.2
KEYGEN_ECDSA_SVC_REV=1.2

# no check target in Makefile
msetfeature "!check"

# todo: remove dbclient too?
ALX_PKG_KEEP="etc
	usr/bin/dbclient
	usr/bin/dropbearkey
	usr/bin/dropbearconvert
	usr/bin/scp
	usr/sbin/dropbear
	usr/bin/dropbearmulti
	usr/lib/systemd
	var"
sminclude mbuild mtools systemd alx-split

SRC_URI=(
	http://matt.ucc.asn.au/${PNAME}/releases/${SRCFILE}
	mirror://${PNAME}/${SRCFILE}
	mirror://${PNAME}/dropbear.service-${DROPBEAR_SVC_REV}
	mirror://${PNAME}/dropbear-keygen-dss.service-${KEYGEN_DSS_SVC_REV}
	mirror://${PNAME}/dropbear-keygen-rsa.service-${KEYGEN_RSA_SVC_REV}
	mirror://${PNAME}/dropbear-keygen-ecdsa.service-${KEYGEN_ECDSA_SVC_REV}
	mirror://${PNAME}/dropbear.conf.tempfile
)

UP2DATE="updatecmd 'http://matt.ucc.asn.au/dropbear/releases/?C=M;O=A' | grep ${PNAME}- | lasttarball"

src_prepare()
{
	munpack ${SRCFILE} || die
	cd ${SRCDIR}

	# see: https://github.com/balena-os/meta-balena/issues/1161
	# and check: https://github.com/arthepsy/ssh-audit	
	echo > ${SRCDIR}/localoptions.h || die
	# disable weak cyphers/options for security reasons
	echo '#define DROPBEAR_ENABLE_CBC_MODE 0' >> ${SRCDIR}/localoptions.h || die
	echo '#define DROPBEAR_SHA1_HMAC 0' >> ${SRCDIR}/localoptions.h || die
	echo '#define DROPBEAR_SHA1_96_HMAC 0' >> ${SRCDIR}/localoptions.h || die
	# enable twofish
	echo '#define DROPBEAR_TWOFISH128 1' >> ${SRCDIR}/localoptions.h || die
	echo '#define DROPBEAR_TWOFISH256 1' >> ${SRCDIR}/localoptions.h || die
	# disable x11 fwd by default
	echo '#define DROPBEAR_X11FWD 0' >> ${SRCDIR}/localoptions.h || die
}
src_compile()
{
	cd ${SRCDIR}

	mconfigure --enable-zlib --disable-pam || die
	mmake PROGRAMS="dbclient scp dropbearkey dropbearconvert dropbear" MULTI=1 || die
}

alx_generic_src_install()
{
	cd ${SRCDIR}
	mmake DESTDIR=${BINDIR} PROGRAMS="dbclient scp dropbearkey dropbearconvert dropbear" MULTI=1 install || die

	# create missing symlinks
	minstalldir /usr/sbin || die
	mlink dropbearmulti /usr/bin/dbclient || die
	mlink dropbearmulti /usr/bin/scp || die
	mlink dropbearmulti /usr/bin/dropbearkey || die
	mlink ../bin/dropbearmulti /usr/sbin/dropbear || die

	# systemd units
	minstallunit dropbear.service-${DROPBEAR_SVC_REV} dropbear.service || die
	minstallunit dropbear-keygen-dss.service-${KEYGEN_DSS_SVC_REV} dropbear-keygen-dss.service || die
	minstallunit dropbear-keygen-rsa.service-${KEYGEN_RSA_SVC_REV} dropbear-keygen-rsa.service || die
	minstallunit dropbear-keygen-ecdsa.service-${KEYGEN_ECDSA_SVC_REV} dropbear-keygen-ecdsa.service || die
	minstalltmp dropbear.conf.tempfile dropbear.conf || die

	# needed to run sshd
	mkeepdir /etc/dropbear || die
	mkeepdir /var/empty || die
	mchown root:sys /var/empty || die

	minstalldocs CHANGES INSTALL LICENSE _MTN MULTI SMALL TODO || die
}

preinstall_dropbear()
{
	add_conf_prot_mask /etc/tmpfiles.d

	# adding ssh user
	${MLIBDIR}/mgroupadd -o "-g 22" sshd
	${MLIBDIR}/museradd -o "-u 22 -g sshd -d /var/empty -s /bin/false" sshd
}

postinstall_dropbear()
{
	# cleanup old symlinks
	local i
	for i in dsa rsa ecdsa
	do
		if [ -L ${MROOT}/etc/systemd/system/multi-user.target.wants/dropbear-keygen-${i}.service ]
		then
			rm ${MROOT}/etc/systemd/system/multi-user.target.wants/dropbear-keygen-${i}.service
		fi
	done

	mstartunit dropbear.service
}

postremove_dropbear()
{
	mstopunit dropbear.service
}