summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2022-01-16 21:07:07 +0100
committerChristian Poessinger <christian@poessinger.com>2022-01-16 21:10:43 +0100
commit52f75193f3afe799017e17504d5785aa7817d455 (patch)
tree44884053dfa2ad109303152469e79b0bca42e71d
parent4ce1c21078a0f6890c0a7004285d8f393a4156b3 (diff)
downloadvyos-build-52f75193f3afe799017e17504d5785aa7817d455.tar.gz
vyos-build-52f75193f3afe799017e17504d5785aa7817d455.zip
packages: T3164: build Dropbear from source with PAM support
Dropbear version shipped in Debian does not have PAM support enabled. For the VyOS console server it would be nice to have the possibility to use RADIUS authentication.
-rw-r--r--packages/dropbear/.gitignore6
-rw-r--r--packages/dropbear/Jenkinsfile30
-rwxr-xr-xpackages/dropbear/build.sh23
-rw-r--r--packages/dropbear/patches/0001-Enable-PAM-support.patch46
4 files changed, 105 insertions, 0 deletions
diff --git a/packages/dropbear/.gitignore b/packages/dropbear/.gitignore
new file mode 100644
index 00000000..249ed456
--- /dev/null
+++ b/packages/dropbear/.gitignore
@@ -0,0 +1,6 @@
+dropbear/
+*.deb
+*.dsc
+*.buildinfo
+*.changes
+*.git
diff --git a/packages/dropbear/Jenkinsfile b/packages/dropbear/Jenkinsfile
new file mode 100644
index 00000000..3a29c378
--- /dev/null
+++ b/packages/dropbear/Jenkinsfile
@@ -0,0 +1,30 @@
+// Copyright (C) 2022 VyOS maintainers and contributors
+//
+// This program is free software; you can redistribute it and/or modify
+// in order to easy exprort images built to "external" world
+// it under the terms of the GNU General Public License version 2 or later as
+// published by the Free Software Foundation.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program. If not, see <http://www.gnu.org/licenses/>.
+@NonCPS
+
+// Using a version specifier library, use 'current' branch. The underscore (_)
+// is not a typo! You need this underscore if the line immediately after the
+// @Library annotation is not an import statement!
+@Library('vyos-build@current')_
+
+def pkgList = [
+ ['name': 'dropbear',
+ 'scmCommit': 'debian/2020.81-5',
+ 'scmUrl': 'https://salsa.debian.org/debian/dropbear.git',
+ 'buildCmd': 'cd ..; ./build.sh'],
+]
+
+// Start package build using library function from https://github.com/vyos/vyos-build
+buildPackage('dropbear', pkgList, null, true, "**/packages/dropbear/*")
diff --git a/packages/dropbear/build.sh b/packages/dropbear/build.sh
new file mode 100755
index 00000000..0934f4f7
--- /dev/null
+++ b/packages/dropbear/build.sh
@@ -0,0 +1,23 @@
+#!/bin/sh
+CWD=$(pwd)
+set -e
+
+SRC=dropbear
+if [ ! -d ${SRC} ]; then
+ echo "Source directory does not exists, please 'git clone'"
+ exit 1
+fi
+
+PATCH_DIR=${CWD}/patches
+if [ -d $PATCH_DIR ]; then
+ for patch in $(ls ${PATCH_DIR})
+ do
+ echo "I: Apply patch: ${patch} to main repository"
+ cp ${PATCH_DIR}/${patch} ${SRC}/debian/patches/
+ echo ${patch} >> ${SRC}/debian/patches/series
+ done
+fi
+
+cd ${SRC}
+echo "I: Build Debian Package"
+dpkg-buildpackage -uc -us -tc -b
diff --git a/packages/dropbear/patches/0001-Enable-PAM-support.patch b/packages/dropbear/patches/0001-Enable-PAM-support.patch
new file mode 100644
index 00000000..a9713225
--- /dev/null
+++ b/packages/dropbear/patches/0001-Enable-PAM-support.patch
@@ -0,0 +1,46 @@
+From 3ac8b338e248801eca917e6091ff6b601e55a1fc Mon Sep 17 00:00:00 2001
+From: Christian Poessinger <christian@poessinger.com>
+Date: Sun, 16 Jan 2022 21:04:35 +0100
+Subject: [PATCH] Enable PAM support
+
+---
+ debian/rules | 2 +-
+ default_options.h | 4 ++--
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/debian/rules b/debian/rules
+index 673a5a3..4092be7 100755
+--- a/debian/rules
++++ b/debian/rules
+@@ -27,5 +27,5 @@ override_dh_installinit:
+ dh_installinit -R --name dropbear
+
+ override_dh_auto_configure:
+- dh_auto_configure -- --disable-bundled-libtom \
++ dh_auto_configure -- --disable-bundled-libtom --enable-pam \
+ CC='$(CC)' CFLAGS='$(CFLAGS)' $(CONFFLAGS)
+diff --git a/default_options.h b/default_options.h
+index 375506d..e4fc5bf 100644
+--- a/default_options.h
++++ b/default_options.h
+@@ -193,7 +193,7 @@ group1 in Dropbear server too */
+
+ /* Authentication Types - at least one required.
+ RFC Draft requires pubkey auth, and recommends password */
+-#define DROPBEAR_SVR_PASSWORD_AUTH 1
++#define DROPBEAR_SVR_PASSWORD_AUTH 0
+
+ /* Note: PAM auth is quite simple and only works for PAM modules which just do
+ * a simple "Login: " "Password: " (you can edit the strings in svr-authpam.c).
+@@ -201,7 +201,7 @@ group1 in Dropbear server too */
+ * but there's an interface via a PAM module. It won't work for more complex
+ * PAM challenge/response.
+ * You can't enable both PASSWORD and PAM. */
+-#define DROPBEAR_SVR_PAM_AUTH 0
++#define DROPBEAR_SVR_PAM_AUTH 1
+
+ /* ~/.ssh/authorized_keys authentication */
+ #define DROPBEAR_SVR_PUBKEY_AUTH 1
+--
+2.20.1
+