Import buildroot 2016.02.01

firmware/buildroot/package/dropbear/Config.in

@@ -0,0 +1,58 @@
+config BR2_PACKAGE_DROPBEAR
+	bool "dropbear"
+	select BR2_PACKAGE_ZLIB if !BR2_PACKAGE_DROPBEAR_SMALL
+	help
+	  A small SSH 2 server designed for small memory environments.
+
+	  Note that dropbear requires a per-device unique host key. The
+	  key will be generated when dropbear starts, but it is not
+	  persistent over reboot (if you have a read-only rootfs) or
+	  upgrade (if you have a read-write rootfs). To make the key
+	  persistent, replace /etc/dropbear with a symlink to a
+	  directory on a persistent, writeable filesystem.
+	  Alternatively, mount a persistent unionfs over your root
+	  filesystem.
+
+	  http://matt.ucc.asn.au/dropbear/dropbear.html
+
+if BR2_PACKAGE_DROPBEAR
+
+config BR2_PACKAGE_DROPBEAR_CLIENT
+	bool "client programs"
+	default y
+	help
+	  Provides the programs: dbclient, ssh
+
+	  Note that the following programs are also used server-side
+	  and are therefore always build regardless this setting:
+	  dropbear, dropbearkey, dropbearconvert, scp
+
+config BR2_PACKAGE_DROPBEAR_DISABLE_REVERSEDNS
+	bool "disable reverse DNS lookups"
+	help
+	  Disable reverse DNS lookups on connection. This can be handy
+	  on systems without working DNS, as connections otherwise
+	  stall until DNS times out.
+
+config BR2_PACKAGE_DROPBEAR_SMALL
+	bool "optimize for size"
+	default y
+	help
+	  Compile dropbear for the smallest possible binary size.
+
+	  Tradeoffs are slower hashes and ciphers, and disabling of the
+	  blowfish cipher and zlib.
+
+config BR2_PACKAGE_DROPBEAR_WTMP
+	bool "log dropbear access to wtmp"
+	help
+	  Enable logging of dropbear access to wtmp. Notice that
+	  Buildroot does not generate wtmp by default.
+
+config BR2_PACKAGE_DROPBEAR_LASTLOG
+	bool "log dropbear access to lastlog"
+	help
+	  Enable logging of dropbear access to lastlog. Notice that
+	  Buildroot does not generate lastlog by default.
+
+endif

firmware/buildroot/package/dropbear/S50dropbear

@@ -0,0 +1,61 @@
+#!/bin/sh
+#
+# Starts dropbear sshd.
+#
+
+# Allow a few customizations from a config file
+test -r /etc/default/dropbear && . /etc/default/dropbear
+
+start() {
+	DROPBEAR_ARGS="$DROPBEAR_ARGS -R"
+
+	# If /etc/dropbear is a symlink to /var/run/dropbear, and
+	#   - the filesystem is RO (i.e. we can not rm the symlink),
+	#     create the directory pointed to by the symlink.
+	#   - the filesystem is RW (i.e. we can rm the symlink),
+	#     replace the symlink with an actual directory
+	if [ -L /etc/dropbear \
+	     -a "$(readlink /etc/dropbear)" = "/var/run/dropbear" ]
+	then
+		if rm -f /etc/dropbear >/dev/null 2>&1; then
+			mkdir -p /etc/dropbear
+		else
+			echo "No persistent location to store SSH host keys. New keys will be"
+			echo "generated at each boot. Are you sure this is what you want to do?"
+			mkdir -p "$(readlink /etc/dropbear)"
+		fi
+	fi
+
+	printf "Starting dropbear sshd: "
+	umask 077
+
+	start-stop-daemon -S -q -p /var/run/dropbear.pid \
+		--exec /usr/sbin/dropbear -- $DROPBEAR_ARGS
+	[ $? = 0 ] && echo "OK" || echo "FAIL"
+}
+stop() {
+	printf "Stopping dropbear sshd: "
+	start-stop-daemon -K -q -p /var/run/dropbear.pid
+	[ $? = 0 ] && echo "OK" || echo "FAIL"
+}
+restart() {
+	stop
+	start
+}
+
+case "$1" in
+  start)
+  	start
+	;;
+  stop)
+  	stop
+	;;
+  restart|reload)
+  	restart
+	;;
+  *)
+	echo "Usage: $0 {start|stop|restart}"
+	exit 1
+esac
+
+exit $?

firmware/buildroot/package/dropbear/dropbear.hash

@@ -0,0 +1,2 @@
+# From https://matt.ucc.asn.au/dropbear/releases/SHA256SUM.asc
+sha256	376214169c0e187ee9f48ae1a99b3f835016ad5b98ede4bfd1cf581deba783af  dropbear-2015.71.tar.bz2

firmware/buildroot/package/dropbear/dropbear.mk

@@ -0,0 +1,99 @@
+################################################################################
+#
+# dropbear
+#
+################################################################################
+
+DROPBEAR_VERSION = 2015.71
+DROPBEAR_SITE = http://matt.ucc.asn.au/dropbear/releases
+DROPBEAR_SOURCE = dropbear-$(DROPBEAR_VERSION).tar.bz2
+DROPBEAR_LICENSE = MIT, BSD-2c-like, BSD-2c
+DROPBEAR_LICENSE_FILES = LICENSE
+DROPBEAR_TARGET_BINS = dropbearkey dropbearconvert scp
+DROPBEAR_PROGRAMS = dropbear $(DROPBEAR_TARGET_BINS)
+
+ifeq ($(BR2_PACKAGE_DROPBEAR_CLIENT),y)
+# Build dbclient, and create a convenience symlink named ssh
+DROPBEAR_PROGRAMS += dbclient
+DROPBEAR_TARGET_BINS += dbclient ssh
+endif
+
+DROPBEAR_MAKE = \
+	$(MAKE) MULTI=1 SCPPROGRESS=1 \
+	PROGRAMS="$(DROPBEAR_PROGRAMS)"
+
+ifeq ($(BR2_STATIC_LIBS),y)
+DROPBEAR_MAKE += STATIC=1
+endif
+
+define DROPBEAR_FIX_XAUTH
+	$(SED) 's,^#define XAUTH_COMMAND.*/xauth,#define XAUTH_COMMAND "/usr/bin/xauth,g' $(@D)/options.h
+endef
+
+DROPBEAR_POST_EXTRACT_HOOKS += DROPBEAR_FIX_XAUTH
+
+define DROPBEAR_ENABLE_REVERSE_DNS
+	$(SED) 's:.*\(#define DO_HOST_LOOKUP\).*:\1:' $(@D)/options.h
+endef
+
+define DROPBEAR_BUILD_SMALL
+	$(SED) 's:.*\(#define NO_FAST_EXPTMOD\).*:\1:' $(@D)/options.h
+endef
+
+define DROPBEAR_BUILD_FEATURED
+	$(SED) 's:^#define DROPBEAR_SMALL_CODE::' $(@D)/options.h
+	$(SED) 's:.*\(#define DROPBEAR_BLOWFISH\).*:\1:' $(@D)/options.h
+	$(SED) 's:.*\(#define DROPBEAR_TWOFISH128\).*:\1:' $(@D)/options.h
+	$(SED) 's:.*\(#define DROPBEAR_TWOFISH256\).*:\1:' $(@D)/options.h
+endef
+
+define DROPBEAR_DISABLE_STANDALONE
+	$(SED) 's:\(#define NON_INETD_MODE\):/*\1 */:' $(@D)/options.h
+endef
+
+define DROPBEAR_INSTALL_INIT_SYSTEMD
+	$(INSTALL) -D -m 644 package/dropbear/dropbear.service \
+		$(TARGET_DIR)/usr/lib/systemd/system/dropbear.service
+	mkdir -p $(TARGET_DIR)/etc/systemd/system/multi-user.target.wants
+	ln -fs ../../../../usr/lib/systemd/system/dropbear.service \
+		$(TARGET_DIR)/etc/systemd/system/multi-user.target.wants/dropbear.service
+endef
+
+ifeq ($(BR2_USE_MMU),y)
+define DROPBEAR_INSTALL_INIT_SYSV
+	$(INSTALL) -D -m 755 package/dropbear/S50dropbear \
+		$(TARGET_DIR)/etc/init.d/S50dropbear
+endef
+else
+DROPBEAR_POST_EXTRACT_HOOKS += DROPBEAR_DISABLE_STANDALONE
+endif
+
+ifeq ($(BR2_PACKAGE_DROPBEAR_DISABLE_REVERSEDNS),)
+DROPBEAR_POST_EXTRACT_HOOKS += DROPBEAR_ENABLE_REVERSE_DNS
+endif
+
+ifeq ($(BR2_PACKAGE_DROPBEAR_SMALL),y)
+DROPBEAR_POST_EXTRACT_HOOKS += DROPBEAR_BUILD_SMALL
+DROPBEAR_CONF_OPTS += --disable-zlib
+else
+DROPBEAR_POST_EXTRACT_HOOKS += DROPBEAR_BUILD_FEATURED
+DROPBEAR_DEPENDENCIES += zlib
+endif
+
+ifneq ($(BR2_PACKAGE_DROPBEAR_WTMP),y)
+DROPBEAR_CONF_OPTS += --disable-wtmp
+endif
+
+ifneq ($(BR2_PACKAGE_DROPBEAR_LASTLOG),y)
+DROPBEAR_CONF_OPTS += --disable-lastlog
+endif
+
+define DROPBEAR_INSTALL_TARGET_CMDS
+	$(INSTALL) -m 755 $(@D)/dropbearmulti $(TARGET_DIR)/usr/sbin/dropbear
+	for f in $(DROPBEAR_TARGET_BINS); do \
+		ln -snf ../sbin/dropbear $(TARGET_DIR)/usr/bin/$$f ; \
+	done
+	ln -snf /var/run/dropbear $(TARGET_DIR)/etc/dropbear
+endef
+
+$(eval $(autotools-package))

firmware/buildroot/package/dropbear/dropbear.service

@@ -0,0 +1,27 @@
+[Unit]
+Description=Dropbear SSH daemon
+After=syslog.target network.target auditd.service
+
+[Service]
+# If /etc/dropbear is a symlink to /var/run/dropbear, and
+#   - the filesystem is RO (i.e. we can not rm the symlink),
+#     create the directory pointed to by the symlink.
+#   - the filesystem is RW (i.e. we can rm the symlink),
+#     replace the symlink with an actual directory
+ExecStartPre=/bin/sh -c '\
+if [ -L /etc/dropbear \
+     -a "$(readlink /etc/dropbear)" = "/var/run/dropbear" ]; then \
+    if rm -f /etc/dropbear >/dev/null 2>&1; then \
+        mkdir -p /etc/dropbear; \
+    else \
+        echo "No persistent location to store SSH host keys. New keys will be"; \
+        echo "generated at each boot. Are you sure this is what you want to do?"; \
+        mkdir -p "$(readlink /etc/dropbear)"; \
+    fi; \
+fi'
+EnvironmentFile=-/etc/default/dropbear
+ExecStart=/usr/sbin/dropbear -F -R $DROPBEAR_ARGS
+ExecReload=/bin/kill -HUP $MAINPID
+
+[Install]
+WantedBy=multi-user.target