Since openssh-6.0, the ssh-keygen app has supported a -A option,
which creates any missing keys. This frees us of having to add
new ssh-keygen invocations as new key types are introduced. This
also frees us of having to know the default key names and locations.
So this patch replaces all the the init.d script invocations with
a single "ssh-keygen -A" call.
Note: the systemd service script *already* uses this option.
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes build failure reported here:
http://autobuild.buildroot.net/results/262/26218e028f3d2c77c5192b45154627f08384b688/
uClibc toolchain for ARC doesn't support PIE
Attempt to build anything with "-pie" option lead to linker failure:
arc-buildroot-linux-uclibc-gcc -pie test.c
ld: ../4.8-r3/bin/../arc-buildroot-linux-uclibc/sysroot/usr/lib/crt1.o: warning: unresolvable relocation against symbol `__uClibc_main' from .text section
ld: ../4.8-r3/bin/../lib/gcc/arc-buildroot-linux-uclibc/4.8.0/crtbegin.o: warning: unresolvable relocation against symbol `__deregister_frame_info@@GCC_3.0' from .text section
ld: ../4.8-r3/bin/../lib/gcc/arc-buildroot-linux-uclibc/4.8.0/crtbegin.o: warning: unresolvable relocation against symbol `__deregister_frame_info@@GCC_3.0' from .text section
ld: ../4.8-r3/bin/../lib/gcc/arc-buildroot-linux-uclibc/4.8.0/crtbegin.o: warning: unresolvable relocation against symbol `__register_frame_info@@GCC_3.0' from .text section
ld: ../4.8-r3/bin/../lib/gcc/arc-buildroot-linux-uclibc/4.8.0/crtbegin.o: warning: unresolvable relocation against symbol `__register_frame_info@@GCC_3.0' from .text section
In its turn this behavior confuses configure script of openssh so some options
get set improperly. In particular "strnvis" gets determined as existing which
causes failure during compilation:
log.c:67:25: error: 'VIS_SAFE' undeclared (first use in this function)
#define LOG_STDERR_VIS (VIS_SAFE|VIS_OCTAL)
With disabled PIE ("--without-pie") openssh gets built without issues.
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Gustavo Zacarias <gustavo@zacarias.com.ar>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Anton Kolesov <akolesov@synopsys.com>
Acked-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Convert the ever growing drop-SUSv3-legacy patch to a sed expression.
Modify the initscript to create ed25519 server key.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
And only install sysV-style script when appropiate.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
From the announcement:
This release fixes a security bug:
* sshd(8): fix a memory corruption problem triggered during rekeying
when an AES-GCM cipher is selected. Full details of the vulnerability
are available at: http://www.openssh.com/txt/gcmrekey.adv
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Several of the lines in S50sshd script have a strange mix of spaces
and tabs, that at least do not look consistent with neighboring lines.
This patch makes the spacing consistent, and also strips the trailing
spaces.
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
sftp expects to find sftp-server in the standard (/usr/libexec) location,
so ensure it gets installed there.
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Thanks to the pkgparentdir and pkgname functions, we can rewrite the
AUTOTARGETS macro in a way that avoids the need for each package to
repeat its name and the directory in which it is present.
[Peter: pkgdir->pkgparentdir]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
We already pass the LD variable to openssl in order to use gcc as the
driver for the link process, instead of directly using the ld
linker. However, we were not passing LDFLAGS so that the compiler
flags are passed, which means that with multilib toolchains, the
incorrect library variant could be used at link time, leading to
invalid binaries (partly ARMv4, partly ARMv5) or broken compilation
(when the build took place in soft-float, but the link stage takes
place against hard-float libraries).
This fixes a problem reported on IRC by amo-ej1 when compiling ssh on
PowerPC e500v2 with a CodeSourcery toolchain ("crtbegin.o uses hard
float, sshd uses soft float").
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Now that <pkg>_INSTALL_TARGET_OPT always defaults to
'DESTDIR=$(TARGET_DIR) install', we can remove the
<pkg>_INSTALL_TARGET_OPT definition from a lot of packages.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Now that TARGET_CC contains several space-separated words, it must be
used quoted everywhere.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This patch converts building of OpenSSH to use Makefile.autotools.in instead
and in the same process bump to latest upstream version 5.1p1.
The openssh.path is also cleaned up a bit to reflect the new release, i.e. some
of the patch is already applied/fixed upstream.
Signed-off-by: Hans-Christian Egtvedt <hans-christian.egtvedt@atmel.com>
- will need some program_invocation_name touchup, from the looks.
Sounds like Ulf is supporting this: http://buildroot.uclibc.org/lists/buildroot/2007-August/004651.html
Ulf> Go ahead, since it is permanently broken.
It was for ARM for the most part. Some others did work, fwiw.
they should be configured with --prefix=/usr and we then need to use
make DESTDIR=$(STAGING_DIR) install to get things installed into the
staging directory. The current situation for many packages, which use
--prefix=$(STAGING_DIR) results in the staging_dir paths getting compiled
into the binary itself.
This also adds in a pile of libtool fixups. Between broken pkgconfig,
broken libtool handling, and broken --prefix settings, its a wonder
things have worked as well as they have up till now.
-Erik
