Jamin W. Collins wrote:
>
> I'm going to look into how hard it would be to get dropbear compiled for
> and functional on the MVP. Just wanted to see if anyone else is
> interested or has possibly already done so.
Looks like I've had some success in adding dropbear to the mvpmc build
structure. The attached patch is built against the 0.3.1 release. The
new scons/build_dropbear.sh script will need to be chmod'd to have
execute rights (don't believe this can be conveyed in a patch). I built
the new dongle with the following commands:
tar xzf mvpmc-0.3.1.tar.gz
cd mvpmc-0.3.1
patch -p1 < ../mvpmc-dropbear.patch
chmod +x scons/build_dropbear.sh
make kernel_31
make mvp
The resulting dropbear build included within the dongle contains some
patches from the OpenWRT project. Namely, using /dev/urandom vs
/dev/random and looking for /etc/dropbear/authorized_keys.
I use the following snippet in my dongle.conf to start dropbear:
if [ -x /sbin/dropbear ]; then
tftp -g -r passwd -l /etc/passwd $TFTP
mkdir /etc/dropbear
mkdir /var/run
tftp -g -r authorized_keys -l /etc/dropbear/authorized_keys $TFTP
tftp -g -r $HNAME-dropbear_dss_host_key \
-l /etc/dropbear/dropbear_dss_host_key $TFTP
tftp -g -r $HNAME-dropbear_rsa_host_key \
-l /etc/dropbear/dropbear_rsa_host_key $TFTP
if [ -r /var/run/dropbear.pid ]; then
kill `cat /var/run/dropbear.pid`
fi
dropbear -s &
fi
--
Jamin W. Collins
diff -Naur mvpmc-0.3.1.orig/dongle/apps/dropbear/patches/100-pubkey_path.patch mvpmc-0.3.1/dongle/apps/dropbear/patches/100-pubkey_path.patch
--- mvpmc-0.3.1.orig/dongle/apps/dropbear/patches/100-pubkey_path.patch 1969-12-31 19:00:00.000000000 -0500
+++ mvpmc-0.3.1/dongle/apps/dropbear/patches/100-pubkey_path.patch 2006-11-26 23:22:25.000000000 -0500
@@ -0,0 +1,45 @@
+--- dropbear.old/svr-authpubkey.c.orig 2006-06-03 14:54:43.000000000 +0000
++++ dropbear.dev/svr-authpubkey.c 2006-06-03 15:03:19.000000000 +0000
+@@ -176,6 +176,8 @@
+ goto out;
+ }
+
++ if (ses.authstate.pw->pw_uid != 0) {
++
+ /* we don't need to check pw and pw_dir for validity, since
+ * its been done in checkpubkeyperms. */
+ len = strlen(ses.authstate.pw->pw_dir);
+@@ -187,6 +189,9 @@
+
+ /* open the file */
+ authfile = fopen(filename, "r");
++ } else {
++ authfile = fopen("/etc/dropbear/authorized_keys","r");
++ }
+ if (authfile == NULL) {
+ goto out;
+ }
+@@ -274,6 +279,8 @@
+ goto out;
+ }
+
++ if (ses.authstate.pw->pw_uid != 0) {
++
+ /* allocate max required pathname storage,
+ * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
+ filename = m_malloc(len + 22);
+@@ -295,6 +302,14 @@
+ if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
+ goto out;
+ }
++ } else {
++ if (checkfileperm("/etc/dropbear") != DROPBEAR_SUCCESS) {
++ goto out;
++ }
++ if (checkfileperm("/etc/dropbear/authorized_keys") != DROPBEAR_SUCCESS) {
++ goto out;
++ }
++ }
+
+ /* file looks ok, return success */
+ ret = DROPBEAR_SUCCESS;
diff -Naur mvpmc-0.3.1.orig/dongle/apps/dropbear/patches/140-use_dev_urandom.patch mvpmc-0.3.1/dongle/apps/dropbear/patches/140-use_dev_urandom.patch
--- mvpmc-0.3.1.orig/dongle/apps/dropbear/patches/140-use_dev_urandom.patch 1969-12-31 19:00:00.000000000 -0500
+++ mvpmc-0.3.1/dongle/apps/dropbear/patches/140-use_dev_urandom.patch 2006-11-26 23:22:25.000000000 -0500
@@ -0,0 +1,12 @@
+diff -urN dropbear-0.45.old/options.h dropbear-0.45/options.h
+--- dropbear-0.45.old/options.h 2005-03-14 17:12:22.000000000 +0100
++++ dropbear-0.45/options.h 2005-03-14 17:13:49.000000000 +0100
+@@ -143,7 +143,7 @@
+ * however significantly reduce the security of your ssh connections
+ * if the PRNG state becomes guessable - make sure you know what you are
+ * doing if you change this. */
+-#define DROPBEAR_RANDOM_DEV "/dev/random"
++#define DROPBEAR_RANDOM_DEV "/dev/urandom"
+
+ /* prngd must be manually set up to produce output */
+ /*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/
diff -Naur mvpmc-0.3.1.orig/dongle/apps/dropbear/patches/makefile.patch mvpmc-0.3.1/dongle/apps/dropbear/patches/makefile.patch
--- mvpmc-0.3.1.orig/dongle/apps/dropbear/patches/makefile.patch 1969-12-31 19:00:00.000000000 -0500
+++ mvpmc-0.3.1/dongle/apps/dropbear/patches/makefile.patch 2006-11-26 23:22:25.000000000 -0500
@@ -0,0 +1,25 @@
+--- dropbear-0.48.1/Makefile.in 2006-03-11 23:52:51.000000000 -0500
++++ dropbear-0.48.1-modified/Makefile.in 2006-11-26 17:18:08.000000000 -0500
+@@ -135,14 +135,18 @@
+
+ # dropbear should go in sbin, so it needs a seperate rule
+ inst_dropbear: dropbear
+- $(INSTALL) -d -m 755 $(DESTDIR)$(sbindir)
+- $(INSTALL) -m 755 dropbear$(EXEEXT) $(DESTDIR)$(sbindir)
++ install -d -m 755 $(DESTDIR)$(sbindir)
++ install -m 755 dropbear$(EXEEXT) $(DESTDIR)$(sbindir)
+ -chown root $(DESTDIR)$(sbindir)/dropbear$(EXEEXT)
+ -chgrp 0 $(DESTDIR)$(sbindir)/dropbear$(EXEEXT)
+
++inst_dropbearmulti: dropbearmulti
++ install -d -m 755 $(DESTDIR)$(sbindir)
++ install -m 755 dropbearmulti $(DESTDIR)$(sbindir)
++
+ inst_%: $*
+- $(INSTALL) -d -m 755 $(DESTDIR)$(bindir)
+- $(INSTALL) -m 755 $*$(EXEEXT) $(DESTDIR)$(bindir)
++ install -d -m 755 $(DESTDIR)$(bindir)
++ install -m 755 $*$(EXEEXT) $(DESTDIR)$(bindir)
+ -chown root $(DESTDIR)$(bindir)/$*$(EXEEXT)
+ -chgrp 0 $(DESTDIR)$(bindir)/$*$(EXEEXT)
+
diff -Naur mvpmc-0.3.1.orig/dongle/apps/dropbear/SConscript mvpmc-0.3.1/dongle/apps/dropbear/SConscript
--- mvpmc-0.3.1.orig/dongle/apps/dropbear/SConscript 1969-12-31 19:00:00.000000000 -0500
+++ mvpmc-0.3.1/dongle/apps/dropbear/SConscript 2006-11-26 23:22:25.000000000 -0500
@@ -0,0 +1,48 @@
+#!/usr/bin/python
+#
+# build dropbear
+#
+
+import os
+
+Import('env')
+
+home = os.environ['HOME']
+cc = env['CC']
+cross = env['CROSS']
+downloads = env['DOWNLOADS']
+target = env['TARG']
+
+file = downloads + '/dropbear-0.48.1.tar.gz'
+
+e = Environment()
+e.Tool('WGet', toolpath=['../../../scons'])
+
+def GetSourceFile(url, output_dir, env):
+ '''
+ Create a node for a file retrieved via wget.
+ This node can be used as a dependency in other rules.
+ '''
+ # Nab everything after the last slash as the filename
+ basefilename = str(url)[str( url).rfind(os.sep) + 1:]
+ munged = output_dir + os.sep + basefilename + os.sep + url
+ node = env.SourceCode( munged, env.WGet() )
+ return node
+
+url = 'http://matt.ucc.asn.au/dropbear/releases/dropbear-0.48.1.tar.gz'
+pwd = os.getcwd()
+
+build = env.Command('../../install/' + target + '/sbin/dropbear', 0,
+ 'scons/build_dropbear.sh -d ' + pwd + '/' + target +
+ '/dropbear-0.48.1 -i ' + file + ' ' +
+ '-c ' + cross + ' ' +
+ '-I ' + pwd + '/../../install/' + target + ' ' +
+ '-p patches/100-pubkey_path.patch ' +
+ '-p patches/140-use_dev_urandom.patch ' +
+ '-p patches/makefile.patch ' )
+
+if not os.path.exists(file):
+ dl = GetSourceFile(url, '#' + downloads, e)
+ env.Depends(build, dl)
+
+Return('build')
diff -Naur mvpmc-0.3.1.orig/dongle/apps/SConscript mvpmc-0.3.1/dongle/apps/SConscript
--- mvpmc-0.3.1.orig/dongle/apps/SConscript 2006-10-23 21:02:37.000000000 -0400
+++ mvpmc-0.3.1/dongle/apps/SConscript 2006-11-26 23:22:25.000000000 -0500
@@ -6,7 +6,9 @@
busybox = env.SConscript(['busybox/SConscript'])
ntp = env.SConscript(['ntpclient/SConscript'])
+dropbear = env.SConscript(['dropbear/SConscript'])
apps = env.Depends(ntp, busybox)
+apps = env.Depends(busybox, dropbear)
Return('apps')
diff -Naur mvpmc-0.3.1.orig/dongle/dongle.sh mvpmc-0.3.1/dongle/dongle.sh
--- mvpmc-0.3.1.orig/dongle/dongle.sh 2006-10-23 21:02:37.000000000 -0400
+++ mvpmc-0.3.1/dongle/dongle.sh 2006-11-26 23:22:37.000000000 -0500
@@ -11,9 +11,9 @@
DIRS="bin sbin usr/bin usr/sbin lib dev proc var usr/share usr/share/mvpmc usr/share/udhcpc etc tmp"
-BIN="busybox mvpmc ntpclient"
+BIN="busybox mvpmc ntpclient scp"
-SBIN=""
+SBIN="dropbearmulti dropbear dropbearkey"
USRBIN=""
diff -Naur mvpmc-0.3.1.orig/scons/build_dropbear.sh mvpmc-0.3.1/scons/build_dropbear.sh
--- mvpmc-0.3.1.orig/scons/build_dropbear.sh 1969-12-31 19:00:00.000000000 -0500
+++ mvpmc-0.3.1/scons/build_dropbear.sh 2006-11-26 23:22:25.000000000 -0500
@@ -0,0 +1,91 @@
+#!/bin/bash
+#
+# $Id: build_app.sh 20 2006-03-14 05:26:56Z gettler $
+#
+# build_app.sh - build an application
+#
+
+help() {
+ echo "build_app.sh [options]"
+ echo " -c CROSS cross-compiler prefix"
+ echo " -d dir application directory"
+ echo " -h print this help"
+ echo " -i file input file to build"
+ echo " -I dir install directory"
+ echo " -p file patch file (applied in order)"
+ exit 0
+}
+
+PATCHES=
+INPUT=
+DIR=
+
+while getopts "c:d:hi:I:p:" i
+ do case "$i" in
+ c) CROSS=$OPTARG;;
+ d) DIR=$OPTARG;;
+ h) help ;;
+ i) INPUT=$OPTARG;;
+ I) INSTALL=$OPTARG;;
+ p) PATCHES="$PATCHES $OPTARG";;
+ *) echo error ; exit 1 ;;
+ esac
+done
+
+echo "PATCHES: $PATCHES"
+echo "INPUT: $INPUT"
+echo "DIR: $DIR"
+echo "CROSS: $CROSS"
+echo "INSTALL: $INSTALL"
+
+if [ "$DIR" = "" ] ; then
+ echo "Application directory not specified!"
+ exit 1;
+fi
+
+if [ "$INPUT" = "" ] ; then
+ echo "Application input file not specified!"
+ exit 1
+fi
+
+if [ ! -f $INPUT ] ; then
+ echo "Application input file does not exist!"
+ exit 1
+fi
+
+if [ -d $DIR ] ; then
+ rm -rf $DIR
+fi
+
+mkdir -p `dirname $DIR` || exit 1
+cd `dirname $DIR` || exit 1
+
+case "${INPUT##*.}" in
+ gz|tgz) tar -xzf $INPUT ;;
+ bz2) tar --bzip2 -xf $INPUT ;;
+ *) echo unknown file type ; exit 1 ;;
+esac
+
+cd $DIR || exit 1
+
+for i in $PATCHES ; do
+ patch -p1 < ../../$i
+done
+
+export CROSS_PREFIX=$CROSS
+export CC=${CROSS}gcc
+export INSTALL=$INSTALL
+export INSTALL_PREFIX=$INSTALL
+
+if [ -f configure ] ; then
+ ./configure --disable-zlib --prefix=$INSTALL --host=powerpc
+ make clean
+ make PROGRAMS="dropbear dropbearkey scp" MULTI=1 STATIC=1
+ cp dropbearmulti $INSTALL/sbin/dropbearmulti
+ ln -s ./dropbearmulti $INSTALL/sbin/dropbear
+ ln -s ./dropbearmulti $INSTALL/sbin/dropbearkey
+ ln -s ../sbin/dropbearmulti $INSTALL/bin/scp
+else
+ make oldconfig
+ make install
+fi
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Mvpmc-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mvpmc-users
mvpmc wiki: http://mvpmc.wikispaces.com/
