initial buildroot for linux 5.15

This commit is contained in:
Huan.Feng
2021-12-06 14:12:13 +08:00
parent d7767d594e
commit 7b6fc358fa
12736 changed files with 508822 additions and 0 deletions
+76
View File
@@ -0,0 +1,76 @@
config BR2_PACKAGE_DROPBEAR
bool "dropbear"
select BR2_PACKAGE_ZLIB if !BR2_PACKAGE_DROPBEAR_SMALL
select BR2_PACKAGE_LIBTOMCRYPT if !BR2_PACKAGE_DROPBEAR_SMALL
help
A small SSH 2 server designed for small memory environments.
Note that dropbear requires a per-device unique host key. The
key will be generated when dropbear starts, but it is not
persistent over reboot (if you have a read-only rootfs) or
upgrade (if you have a read-write rootfs). To make the key
persistent, replace /etc/dropbear with a symlink to a
directory on a persistent, writeable filesystem.
Alternatively, mount a persistent unionfs over your root
filesystem.
https://matt.ucc.asn.au/dropbear/dropbear.html
if BR2_PACKAGE_DROPBEAR
config BR2_PACKAGE_DROPBEAR_CLIENT
bool "client programs"
default y
help
Provides the programs: dbclient, ssh
Note that the following programs are also used server-side
and are therefore always build regardless this setting:
dropbear, dropbearkey, dropbearconvert, scp
config BR2_PACKAGE_DROPBEAR_DISABLE_REVERSEDNS
bool "disable reverse DNS lookups"
help
Disable reverse DNS lookups on connection. This can be handy
on systems without working DNS, as connections otherwise
stall until DNS times out.
config BR2_PACKAGE_DROPBEAR_SMALL
bool "optimize for size"
default y
help
Compile dropbear for the smallest possible binary size.
Tradeoffs are slower hashes and ciphers, and disabling of the
blowfish cipher and zlib.
config BR2_PACKAGE_DROPBEAR_WTMP
bool "log dropbear access to wtmp"
help
Enable logging of dropbear access to wtmp. Notice that
Buildroot does not generate wtmp by default.
config BR2_PACKAGE_DROPBEAR_LASTLOG
bool "log dropbear access to lastlog"
help
Enable logging of dropbear access to lastlog. Notice that
Buildroot does not generate lastlog by default.
config BR2_PACKAGE_DROPBEAR_LEGACY_CRYPTO
bool "enable legacy crypto"
help
Enable legacy and possibly insecure algorithms:
3DES encryption
SHA1-96 message integrity
CBC encryption mode
DSA public keys
Diffie-Hellman Group1 key exchange
config BR2_PACKAGE_DROPBEAR_LOCALOPTIONS_FILE
string "path to custom localoptions.h definitions file"
help
Path to a file whose contents will be appended to Dropbear
localoptions.h. It can be used to tweak the Dropbear
configuration.
endif
+61
View File
@@ -0,0 +1,61 @@
#!/bin/sh
#
# Starts dropbear sshd.
#
# Allow a few customizations from a config file
test -r /etc/default/dropbear && . /etc/default/dropbear
start() {
DROPBEAR_ARGS="$DROPBEAR_ARGS -R"
# If /etc/dropbear is a symlink to /var/run/dropbear, and
# - the filesystem is RO (i.e. we can not rm the symlink),
# create the directory pointed to by the symlink.
# - the filesystem is RW (i.e. we can rm the symlink),
# replace the symlink with an actual directory
if [ -L /etc/dropbear \
-a "$(readlink /etc/dropbear)" = "/var/run/dropbear" ]
then
if rm -f /etc/dropbear >/dev/null 2>&1; then
mkdir -p /etc/dropbear
else
echo "No persistent location to store SSH host keys. New keys will be"
echo "generated at each boot. Are you sure this is what you want to do?"
mkdir -p "$(readlink /etc/dropbear)"
fi
fi
printf "Starting dropbear sshd: "
umask 077
start-stop-daemon -S -q -p /var/run/dropbear.pid \
--exec /usr/sbin/dropbear -- $DROPBEAR_ARGS
[ $? = 0 ] && echo "OK" || echo "FAIL"
}
stop() {
printf "Stopping dropbear sshd: "
start-stop-daemon -K -q -p /var/run/dropbear.pid
[ $? = 0 ] && echo "OK" || echo "FAIL"
}
restart() {
stop
start
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart|reload)
restart
;;
*)
echo "Usage: $0 {start|stop|restart}"
exit 1
esac
exit $?
+7
View File
@@ -0,0 +1,7 @@
# From https://matt.ucc.asn.au/dropbear/releases/SHA256SUM.asc
sha256 48235d10b37775dbda59341ac0c4b239b82ad6318c31568b985730c788aac53b dropbear-2020.81.tar.bz2
# License file, locally computed
sha256 a99ce657d790b761c132ee7e0de18edb437ae6361e536d991c6a12f36e770445 LICENSE
sha256 8f196cb13afd271f5e267fd29543fc454596382ad580e7592709492843996ac8 libtomcrypt/LICENSE
sha256 2fa64b163659f41965c9815882a8296d3d03ff546b76153e11445f9bdecf955a libtommath/LICENSE
+144
View File
@@ -0,0 +1,144 @@
################################################################################
#
# dropbear
#
################################################################################
DROPBEAR_VERSION = 2020.81
DROPBEAR_SITE = https://matt.ucc.asn.au/dropbear/releases
DROPBEAR_SOURCE = dropbear-$(DROPBEAR_VERSION).tar.bz2
DROPBEAR_LICENSE = MIT, BSD-2-Clause, Public domain
DROPBEAR_LICENSE_FILES = LICENSE
DROPBEAR_TARGET_BINS = dropbearkey dropbearconvert scp
DROPBEAR_PROGRAMS = dropbear $(DROPBEAR_TARGET_BINS)
DROPBEAR_CPE_ID_VENDOR = dropbear_ssh_project
DROPBEAR_CPE_ID_PRODUCT = dropbear_ssh
# Disable hardening flags added by dropbear configure.ac, and let
# Buildroot add them when the relevant options are enabled. This
# prevents dropbear from using SSP support when not available.
DROPBEAR_CONF_OPTS = --disable-harden
ifeq ($(BR2_PACKAGE_DROPBEAR_CLIENT),y)
# Build dbclient, and create a convenience symlink named ssh
DROPBEAR_PROGRAMS += dbclient
DROPBEAR_TARGET_BINS += dbclient ssh
endif
DROPBEAR_MAKE = \
$(MAKE) MULTI=1 SCPPROGRESS=1 \
PROGRAMS="$(DROPBEAR_PROGRAMS)"
# With BR2_SHARED_STATIC_LIBS=y the generic infrastructure adds a
# --enable-static flags causing dropbear to be built as a static
# binary. Adding a --disable-static reverts this
ifeq ($(BR2_SHARED_STATIC_LIBS),y)
DROPBEAR_CONF_OPTS += --disable-static
endif
ifeq ($(BR2_PACKAGE_LINUX_PAM),y)
define DROPBEAR_SVR_PAM_AUTH
echo '#define DROPBEAR_SVR_PASSWORD_AUTH 0' >> $(@D)/localoptions.h
echo '#define DROPBEAR_SVR_PAM_AUTH 1' >> $(@D)/localoptions.h
endef
define DROPBEAR_INSTALL_PAM_CONF
$(INSTALL) -D -m 644 package/dropbear/etc-pam.d-sshd $(TARGET_DIR)/etc/pam.d/sshd
endef
DROPBEAR_DEPENDENCIES += linux-pam
DROPBEAR_CONF_OPTS += --enable-pam
DROPBEAR_POST_EXTRACT_HOOKS += DROPBEAR_SVR_PAM_AUTH
DROPBEAR_POST_INSTALL_TARGET_HOOKS += DROPBEAR_INSTALL_PAM_CONF
else
# Ensure that dropbear doesn't use crypt() when it's not available
define DROPBEAR_SVR_PASSWORD_AUTH
echo '#if !HAVE_CRYPT' >> $(@D)/localoptions.h
echo '#define DROPBEAR_SVR_PASSWORD_AUTH 0' >> $(@D)/localoptions.h
echo '#endif' >> $(@D)/localoptions.h
endef
DROPBEAR_POST_EXTRACT_HOOKS += DROPBEAR_SVR_PASSWORD_AUTH
endif
ifeq ($(BR2_PACKAGE_DROPBEAR_LEGACY_CRYPTO),y)
define DROPBEAR_ENABLE_LEGACY_CRYPTO
echo '#define DROPBEAR_3DES 1' >> $(@D)/localoptions.h
echo '#define DROPBEAR_ENABLE_CBC_MODE 1' >> $(@D)/localoptions.h
echo '#define DROPBEAR_SHA1_96_HMAC 1' >> $(@D)/localoptions.h
endef
DROPBEAR_POST_EXTRACT_HOOKS += DROPBEAR_ENABLE_LEGACY_CRYPTO
else
define DROPBEAR_DISABLE_LEGACY_CRYPTO
echo '#define DROPBEAR_DSS 0' >> $(@D)/localoptions.h
echo '#define DROPBEAR_DH_GROUP1 0' >> $(@D)/localoptions.h
endef
DROPBEAR_POST_EXTRACT_HOOKS += DROPBEAR_DISABLE_LEGACY_CRYPTO
endif
ifeq ($(BR2_PACKAGE_DROPBEAR_DISABLE_REVERSEDNS),)
define DROPBEAR_ENABLE_REVERSE_DNS
echo '#define DO_HOST_LOOKUP 1' >> $(@D)/localoptions.h
endef
DROPBEAR_POST_EXTRACT_HOOKS += DROPBEAR_ENABLE_REVERSE_DNS
endif
ifeq ($(BR2_PACKAGE_DROPBEAR_SMALL),y)
DROPBEAR_LICENSE += , Unlicense, WTFPL
DROPBEAR_LICENSE_FILES += libtommath/LICENSE libtomcrypt/LICENSE
DROPBEAR_CONF_OPTS += --disable-zlib --enable-bundled-libtom
else
define DROPBEAR_BUILD_FEATURED
echo '#define DROPBEAR_SMALL_CODE 0' >> $(@D)/localoptions.h
echo '#define DROPBEAR_TWOFISH128 1' >> $(@D)/localoptions.h
echo '#define DROPBEAR_TWOFISH256 1' >> $(@D)/localoptions.h
endef
DROPBEAR_POST_EXTRACT_HOOKS += DROPBEAR_BUILD_FEATURED
DROPBEAR_DEPENDENCIES += zlib libtomcrypt
DROPBEAR_CONF_OPTS += --disable-bundled-libtom
endif
define DROPBEAR_CUSTOM_PATH
echo '#define DEFAULT_PATH $(BR2_SYSTEM_DEFAULT_PATH)' >>$(@D)/localoptions.h
endef
DROPBEAR_POST_EXTRACT_HOOKS += DROPBEAR_CUSTOM_PATH
define DROPBEAR_INSTALL_INIT_SYSTEMD
$(INSTALL) -D -m 644 package/dropbear/dropbear.service \
$(TARGET_DIR)/usr/lib/systemd/system/dropbear.service
endef
ifeq ($(BR2_USE_MMU),y)
define DROPBEAR_INSTALL_INIT_SYSV
$(INSTALL) -D -m 755 package/dropbear/S50dropbear \
$(TARGET_DIR)/etc/init.d/S50dropbear
endef
else
define DROPBEAR_DISABLE_STANDALONE
echo '#define NON_INETD_MODE 0' >> $(@D)/localoptions.h
endef
DROPBEAR_POST_EXTRACT_HOOKS += DROPBEAR_DISABLE_STANDALONE
endif
ifneq ($(BR2_PACKAGE_DROPBEAR_WTMP),y)
DROPBEAR_CONF_OPTS += --disable-wtmp
endif
ifneq ($(BR2_PACKAGE_DROPBEAR_LASTLOG),y)
DROPBEAR_CONF_OPTS += --disable-lastlog
endif
DROPBEAR_LOCALOPTIONS_FILE = $(call qstrip,$(BR2_PACKAGE_DROPBEAR_LOCALOPTIONS_FILE))
ifneq ($(DROPBEAR_LOCALOPTIONS_FILE),)
define DROPBEAR_APPEND_LOCALOPTIONS_FILE
cat $(DROPBEAR_LOCALOPTIONS_FILE) >> $(@D)/localoptions.h
endef
DROPBEAR_POST_EXTRACT_HOOKS += DROPBEAR_APPEND_LOCALOPTIONS_FILE
endif
define DROPBEAR_INSTALL_TARGET_CMDS
$(INSTALL) -m 755 $(@D)/dropbearmulti $(TARGET_DIR)/usr/sbin/dropbear
for f in $(DROPBEAR_TARGET_BINS); do \
ln -snf ../sbin/dropbear $(TARGET_DIR)/usr/bin/$$f ; \
done
ln -snf /var/run/dropbear $(TARGET_DIR)/etc/dropbear
endef
$(eval $(autotools-package))
+27
View File
@@ -0,0 +1,27 @@
[Unit]
Description=Dropbear SSH daemon
After=syslog.target network.target auditd.service
[Service]
# If /etc/dropbear is a symlink to /var/run/dropbear, and
# - the filesystem is RO (i.e. we can not rm the symlink),
# create the directory pointed to by the symlink.
# - the filesystem is RW (i.e. we can rm the symlink),
# replace the symlink with an actual directory
ExecStartPre=/bin/sh -c '\
if [ -L /etc/dropbear \
-a "$(readlink /etc/dropbear)" = "/var/run/dropbear" ]; then \
if rm -f /etc/dropbear >/dev/null 2>&1; then \
mkdir -p /etc/dropbear; \
else \
echo "No persistent location to store SSH host keys. New keys will be"; \
echo "generated at each boot. Are you sure this is what you want to do?"; \
mkdir -p "$(readlink /etc/dropbear)"; \
fi; \
fi'
EnvironmentFile=-/etc/default/dropbear
ExecStart=/usr/sbin/dropbear -F -R $DROPBEAR_ARGS
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
+7
View File
@@ -0,0 +1,7 @@
#%PAM-1.0
auth required pam_unix.so shadow nodelay
account required pam_nologin.so
account required pam_unix.so
password required pam_unix.so shadow nullok use_authtok
session required pam_unix.so
session required pam_limits.so