From 08e318096831eb3aae369910ba75e27f59367e2f Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Sun, 15 Sep 2024 12:11:39 +0100 Subject: gentoo auto-resync : 15:09:2024 - 12:11:38 --- net-misc/dropbear/Manifest | 4 + net-misc/dropbear/dropbear-2024.85-r2.ebuild | 199 +++++++++++++++++++++ .../dropbear-2024.84-fix-aslr-test-no-venv.patch | 15 ++ ...r-2024.84-non-interactive-tests-no-syslog.patch | 13 ++ .../dropbear/files/dropbear-2024.84-tests.patch | 57 ++++++ 5 files changed, 288 insertions(+) create mode 100644 net-misc/dropbear/dropbear-2024.85-r2.ebuild create mode 100644 net-misc/dropbear/files/dropbear-2024.84-fix-aslr-test-no-venv.patch create mode 100644 net-misc/dropbear/files/dropbear-2024.84-non-interactive-tests-no-syslog.patch create mode 100644 net-misc/dropbear/files/dropbear-2024.84-tests.patch (limited to 'net-misc/dropbear') diff --git a/net-misc/dropbear/Manifest b/net-misc/dropbear/Manifest index 4ed54f0d5666..835a93993064 100644 --- a/net-misc/dropbear/Manifest +++ b/net-misc/dropbear/Manifest @@ -1,9 +1,12 @@ AUX dropbear-0.46-dbscp.patch 432 BLAKE2B 93f27fb4f5806d7a5e637ccc3ed14b6929d25b395d4731807895761a3cec76de8fcc154db85bb4913214ecac4f65a85489e0091d36c213be38b7b1f7719d5694 SHA512 071a346dbd98490a1ad967b582bb54ef07c45bb25e3b130eb7f22405dd361d6a54061a800e687385f37b2efd4057efcac8e4d07506b9100e51a334c0be12e2d6 AUX dropbear-2022.82-tests.patch 820 BLAKE2B 8b8d7bbc80962fd4be56078d54c12097bd6cedf8cf11ca1b07a3fb39ebd795e3be9f2183482e7e3b06d1be644a2b9afcde372362c6cd4a2baf8f3254cc63b00a SHA512 4ddc65f2e1e86f50fff732d3141b18a3a5260755715e46bcfb5c5e4a261f9c22dff48c19797de972f61b9bb526d0b93f067832c38229c2c1a7e630d30dfcba01 AUX dropbear-2024.84-dbscp.patch 440 BLAKE2B e0fd05c59a289e605c6b50e740b1f714bb14fd3c5ec3fb1c9a3d003d52ea28494bb26898e5771aab9af23c686b26601641d1333c5636bcb752e119a0b4af1a17 SHA512 8850dc3fc9e7a36970a9388d06dae1789fccc3b564a33efc75d328d875fff67ecb7f8d4e2b200710137ffcd333f22aa457723b843b1bfe81c613012583a58cd1 +AUX dropbear-2024.84-fix-aslr-test-no-venv.patch 489 BLAKE2B 8fe5d284b11c5ebfb3474877278550adb0813e8e8a776b900ce83a8a61c9ce0f2633beb20766c916c5544dd5db44cf92db660b37307bea2a1423db48e221b1bd SHA512 dba51eba70c08b29ee01bf0303e432531bfd0c9d44c19866ee894042bf67471e9fd3c09142d972ddfcc2bac6c0d7aa68219b0019527250bd4eea17dd364772cb AUX dropbear-2024.84-fix-channels-tests.patch 1233 BLAKE2B e06ebd5b9b6ef3efa2d2c103bb5a54eb9748aeb7ec16a741abac67f232ad6e9a8a9e84ff6dd4cb1818903dbbafdbbc0c3969a24aa5e00b5ecd3c927d669525c3 SHA512 db07cb4dbf504192b53c4f89b7b52def06dc08536f6d00bff5c015e87676890938a44aabfeff518cb4db0517a2464af57f8339b3bfdfb2d9f037c389dc88007b +AUX dropbear-2024.84-non-interactive-tests-no-syslog.patch 294 BLAKE2B 66658bb831c2a555bf3b40e5e6ab0e93534db67bfef57285bb2fa59282390170085c096dd8624201c4200c3e4da938c665ab4d7a5e6b26726bfff6d19d861d08 SHA512 79d702d79cac7c12e224e85653fb1bb2b7a08017cbad8ed13e25c7b14bcfe39bfa05a31a2532dab550947868972bcfaf79bf4ab09e87f6a60d8a1734bbbda962 AUX dropbear-2024.84-non-interactive-tests.patch 300 BLAKE2B 5055d8abee9234cd9a5325bc6fcd4cea2794a8ebe7660afb30727ca893f8caedf3c73e8d0f9a90f0348d58f6569e0f68d18887c2f6b2ab5b3fcde9566c47f16d SHA512 68949b92339e2421e518595aada28ca4c7eec8f7734087e4753da4f7794a038f1fceae61b505ee8f7ac22890ef0ffebac8b773c7e53a5704d584a89670886127 AUX dropbear-2024.84-test-bg-sleep.patch 530 BLAKE2B 96836fae965d463eab7fba7f5cf3a358e7fac0281739f9911441d5afdb986495caa0ebb7f6e05978fa1740ae6aa6a009f674e8c071718a64e4cb305b4532ddba SHA512 b5758b3f21b1ddf127d2d95363708c67bbe2b584850c7b693a825093222046ffb6682b700a2ef71245d28d147d1ee4fe6dbc96a0e8132aa85fcbc4229d54db4b +AUX dropbear-2024.84-tests.patch 2296 BLAKE2B c00997667892049c14e877f503843628f9074bb7b99488eb4b6ce98b9b42d20cde375a8158c8a25104c04a6e6404cc0053491780d7c933ad69987ac380647c7b SHA512 1ff5b8dd16fc7f6918b7413bd1b1881d254a0c79340658eef2cd3ab32d95c6a8869cc12d156de54dc9834ebc021c845a90f7a5b19914d21de7c88598f6b72877 AUX dropbear.conf.d 190 BLAKE2B b89e59ae84f23f00162d78cb900e4fef05fe01123a6ee7533ed3d39625f43580012591b2cf8dcc9ea5f093a64d3ed81fa590c44389bacb369b9123929ca2bb69 SHA512 83f2c1eaf7687917a4b2bae7d599d4378c4bd64f9126ba42fc5d235f2b3c9a474d1b3168d70ed64bb4101cc251d30bc9ae20604da9b5d819fcd635ee4d0ebb0f AUX dropbear.init.d 735 BLAKE2B e3d3c388033934da2e8ea684b9f380cb92147ae359434fd9a03523f683ab553a50dbb8cb879f4bdd12d59b40ddc8d8bede19be7fe9904298a1e273a14a4603ca SHA512 5b8dd52125360967c43d0a3a4ae8748eb33be2fe23b4d54d81cddfb0ef7e6a78b011e3028f41adab7706f83a292bbc8f07711a02c29e6a89488db72aa3ff259d DIST dropbear-2022.83.tar.bz2 2322904 BLAKE2B 4e26667458fb068a8c997b44dfd3c4f15146f051713a3ea90980db04c6345174d34214269665d74c863c1c1947d6837034aa4c264101b11971c8a3e97f491393 SHA512 c63afa615d64b0c8c5e739c758eb8ae277ecc36a4223b766bf562702de69910904cbc3ea98d22989df478ae419e1f81057fe1ee09616c80cb859f58f44175422 @@ -12,4 +15,5 @@ DIST dropbear-2024.85.tar.bz2 2304594 BLAKE2B 631b71733437a256267057a1c4846afa4d DIST dropbear-2024.85.tar.bz2.asc 833 BLAKE2B 1d0cc37fb1c528c6f7f6e064d3ec3d7c63617b568d8889592ca162171a325a46e84a23f24c16069b5396c806b2270434552833138ba95c7f34c8b5e6e425fcc7 SHA512 d2ad10b60f53d8d598a7a57337fe890c26c60bea115fb919f6135a01fe3f8f7e5863b0a7ed6c7eacbd5a3b810169b600c0004251a8d748d4b40584933c2c7383 EBUILD dropbear-2022.83-r1.ebuild 4433 BLAKE2B 6cd0edb8789dcabbfaaed58db535ee6bca645ea687eb2e2d5f15d0fd16b370cdd1075d99960315492182065219b11823101db489233b8ea26392f0c4e9e41776 SHA512 61ab7e9ea1856586e8e15e4089be296a2d2730fe236ea3d07ddf2652ec3cf123d07ec782d0d7bb51e96ef537c09b4421f83a6ef04fa5253e4536740aa66f3854 EBUILD dropbear-2024.85-r1.ebuild 5062 BLAKE2B d6c63a168ef0e040794cca2cdbc4b77ad386bf34f3c6d3073d5d7fd30ebec8af213f709958e0832fc626e2c18bd38f5fcf1bca4b7573ffe28fa2c79555720af5 SHA512 033e4d740310b0ab6efd00ab1df08239058b613f31843aa679015755c25c75c8dfa248efe46ced583eb52fbe6f9c9d817936a9f4cbfb2f4de4e1ad6cfbd49ab3 +EBUILD dropbear-2024.85-r2.ebuild 5408 BLAKE2B 3eedb9e3f8b436fc7d132d263f4aa7e92466c8b7a4899b4ef7fb045bda7819306ec3284399336d71daccf9b5f11884bb24849d45a2660ad0c165ec5dab4202c1 SHA512 100994259d94fc1d47a514aa475988aabb45a2a528daa7684e4b044ff1b7b16baf57d60443f74c063e51d57cdc6687fe3c847593f42a80a534d11dade7529c49 MISC metadata.xml 1866 BLAKE2B 820902b27de934f6d7f0edc5d9f8c7bccf5c5f51d0e81ebd13fb53d6ba9e385c924d4fd0a191096fb191c253800227ff6b30f7bd44edfb532307e7076f39df8f SHA512 8e073a34877f230207ef391084b99014db9482aec680a1b292ac95e3bade426ecf362092337b7fcb19091f273085a06ae81cfd7d5e69a46a28067ae68f615cd4 diff --git a/net-misc/dropbear/dropbear-2024.85-r2.ebuild b/net-misc/dropbear/dropbear-2024.85-r2.ebuild new file mode 100644 index 000000000000..609bbb453aa4 --- /dev/null +++ b/net-misc/dropbear/dropbear-2024.85-r2.ebuild @@ -0,0 +1,199 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..13} ) +VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/dropbear.asc +inherit pam python-any-r1 savedconfig verify-sig + +DESCRIPTION="Small SSH 2 client/server designed for small memory environments" +HOMEPAGE="https://matt.ucc.asn.au/dropbear/dropbear.html" +SRC_URI="https://matt.ucc.asn.au/dropbear/releases/${P}.tar.bz2 + https://matt.ucc.asn.au/dropbear/testing/${P}.tar.bz2" +SRC_URI+=" verify-sig? ( + https://matt.ucc.asn.au/dropbear/releases/${P}.tar.bz2.asc + https://matt.ucc.asn.au/dropbear/testing/${P}.tar.bz2.asc + )" + +LICENSE="MIT GPL-2" # (init script is GPL-2 #426056) +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-macos" +IUSE="bsdpty minimal multicall pam +shadow static +syslog test zlib" +RESTRICT="!test? ( test )" + +LIB_DEPEND=" + virtual/libcrypt[static-libs(+)] + zlib? ( sys-libs/zlib[static-libs(+)] ) +" +RDEPEND=" + acct-group/sshd + acct-user/sshd + !static? ( + >=dev-libs/libtomcrypt-1.18.2-r2[libtommath] + >=dev-libs/libtommath-1.2.0 + ${LIB_DEPEND//\[static-libs(+)]} + ) + pam? ( sys-libs/pam ) +" +DEPEND=" + ${RDEPEND} + static? ( ${LIB_DEPEND} ) +" +RDEPEND+=" pam? ( >=sys-auth/pambase-20080219.1 )" +BDEPEND=" + test? ( + sys-libs/nss_wrapper + $(python_gen_any_dep ' + dev-python/attrs[${PYTHON_USEDEP}] + dev-python/iniconfig[${PYTHON_USEDEP}] + dev-python/packaging[${PYTHON_USEDEP}] + dev-python/pluggy[${PYTHON_USEDEP}] + dev-python/py[${PYTHON_USEDEP}] + dev-python/pyparsing[${PYTHON_USEDEP}] + dev-python/pytest[${PYTHON_USEDEP}] + dev-python/psutil[${PYTHON_USEDEP}] + ') + ) + verify-sig? ( sec-keys/openpgp-keys-dropbear ) +" + +REQUIRED_USE="pam? ( !static )" + +PATCHES=( + "${FILESDIR}"/${PN}-2024.84-dbscp.patch + "${FILESDIR}"/${PN}-2024.84-tests.patch + "${FILESDIR}"/${PN}-2024.84-test-bg-sleep.patch + "${FILESDIR}"/${PN}-2024.84-fix-aslr-test-no-venv.patch +) + +set_options() { + progs=( + dropbear dbclient dropbearkey + $(usev !minimal "dropbearconvert scp") + ) + makeopts=( + MULTI=$(usex multicall 1 0) + ) +} + +python_check_deps() { + python_has_version "dev-python/attrs[${PYTHON_USEDEP}]" && \ + python_has_version "dev-python/iniconfig[${PYTHON_USEDEP}]" && \ + python_has_version "dev-python/packaging[${PYTHON_USEDEP}]" && \ + python_has_version "dev-python/pluggy[${PYTHON_USEDEP}]" && \ + python_has_version "dev-python/py[${PYTHON_USEDEP}]" && \ + python_has_version "dev-python/pyparsing[${PYTHON_USEDEP}]" && \ + python_has_version "dev-python/pytest[${PYTHON_USEDEP}]" && \ + python_has_version "dev-python/psutil[${PYTHON_USEDEP}]" +} + +pkg_setup() { + use test && python-any-r1_pkg_setup + + if use static ; then + ewarn "Using bundled copies of libtommath and libtomcrypt" + fi +} + +src_prepare() { + default + + # dropbear does not accept -E if built w/o syslog support and fails the tests + if use syslog; then + eapply "${FILESDIR}"/${PN}-2024.84-non-interactive-tests.patch + else + eapply "${FILESDIR}"/${PN}-2024.84-non-interactive-tests-no-syslog.patch + fi + + sed \ + -e '/SFTPSERVER_PATH/s:".*":"/usr/lib/misc/sftp-server":' \ + -e '/DROPBEAR_X11FWD/s:0:1:' \ + src/default_options.h > localoptions.h || die + sed \ + -e '/pam_start/s:sshd:dropbear:' \ + -i src/svr-authpam.c || die + restore_config localoptions.h + + use test && python_fix_shebang test/parent_dropbear_map.py + + # dropbearconver is not built with USE minimal + if use minimal; then + rm test/test_dropbearconvert.py || die + fi + + # bsdpty requires CONFIG_LEGACY_PTYS in kernel; disable tests. + # bug #939601 + if use bsdpty; then + rm test/test_channels.py || die + fi +} + +src_configure() { + # Notes: + # 1) We use bundled libtom* when static build is enabled because + # libtomcrypt lacks it and we don't particularly want to add it. + # 2) We disable the hardening flags as our compiler already enables them + # by default as is appropriate for the target. + local myeconfargs=( + --disable-harden + + # bug #836900 + $(use_enable !elibc_musl lastlog) + $(use_enable !elibc_musl wtmp) + + $(use_enable static bundled-libtom) + $(use_enable zlib) + $(use_enable pam) + $(use_enable !bsdpty openpty) + $(use_enable shadow) + $(use_enable static) + $(use_enable syslog) + ) + + econf "${myeconfargs[@]}" +} + +src_compile() { + set_options + emake "${makeopts[@]}" PROGRAMS="${progs[*]}" + + # need symlinks for tests + if use multicall && use test; then + local x + for x in "${progs[@]}" ; do + ln -sf dropbearmulti ${x} || die "ln -s dropbearmulti to ${x} failed" + done + fi +} + +src_install() { + set_options + emake "${makeopts[@]}" PROGRAMS="${progs[*]}" DESTDIR="${D}" install + doman manpages/*.8 + newinitd "${FILESDIR}"/dropbear.init.d dropbear + newconfd "${FILESDIR}"/dropbear.conf.d dropbear + dodoc CHANGES README.md SMALL.md MULTI.md + + # The multi install target does not install the links right. + if use multicall ; then + pushd "${ED}"/usr/bin &> /dev/null || die + local x + for x in "${progs[@]}" ; do + ln -sf dropbearmulti ${x} || die "ln -s dropbearmulti to ${x} failed" + done + rm -f dropbear + dodir /usr/sbin + dosym -r /usr/bin/dropbearmulti /usr/sbin/dropbear + popd &> /dev/null || die + fi + save_config localoptions.h + + if ! use minimal ; then + mv "${ED}"/usr/bin/{,db}scp || die + fi + + if use pam; then + pamd_mimic system-remote-login dropbear auth account password session + fi +} diff --git a/net-misc/dropbear/files/dropbear-2024.84-fix-aslr-test-no-venv.patch b/net-misc/dropbear/files/dropbear-2024.84-fix-aslr-test-no-venv.patch new file mode 100644 index 000000000000..62e87f230974 --- /dev/null +++ b/net-misc/dropbear/files/dropbear-2024.84-fix-aslr-test-no-venv.patch @@ -0,0 +1,15 @@ +We don't use a venv for this test, remove it. + +--- a/test/test_aslr.py ++++ b/test/test_aslr.py +@@ -9,9 +9,7 @@ + This indicates that re-exec makes ASLR work + """ + map_script = (Path(request.node.fspath).parent / "parent_dropbear_map.py").resolve() +- # run within the same venv, for python deps +- activate = own_venv_command() +- cmd = f"{activate}; {map_script}" ++ cmd = f"{map_script}" + print(cmd) + r = dbclient(request, cmd, capture_output=True, text=True) + map1 = r.stdout.rstrip() diff --git a/net-misc/dropbear/files/dropbear-2024.84-non-interactive-tests-no-syslog.patch b/net-misc/dropbear/files/dropbear-2024.84-non-interactive-tests-no-syslog.patch new file mode 100644 index 000000000000..b5a464884d20 --- /dev/null +++ b/net-misc/dropbear/files/dropbear-2024.84-non-interactive-tests-no-syslog.patch @@ -0,0 +1,13 @@ +Force tests to be non-interactive + +--- a/test/test_dropbear.py ++++ b/test/test_dropbear.py +@@ -23,7 +23,7 @@ + args = opt.dropbear.split() + [ + "-p", LOCALADDR + ":" + opt.port, # bind locally only + "-r", opt.hostkey, +- "-F", "-E", ++ "-F", "-s", + ] + print("subprocess args: ", args) + diff --git a/net-misc/dropbear/files/dropbear-2024.84-tests.patch b/net-misc/dropbear/files/dropbear-2024.84-tests.patch new file mode 100644 index 000000000000..a7c53a42884e --- /dev/null +++ b/net-misc/dropbear/files/dropbear-2024.84-tests.patch @@ -0,0 +1,57 @@ +Create all the keys needed for the tests. +Enable testing server auth. + +dbclient obeys $HOME, but dropbear (the server) resolves HOME using getpwnam. +Use sys-libs/nss_wrapper to fake it during tests. + +--- a/test/Makefile.in ++++ b/test/Makefile.in +@@ -4,18 +4,24 @@ + + all: test + +-test: venv/bin/pytest fakekey +- (source ./venv/bin/activate; pytest --hostkey=fakekey --dbclient=../dbclient --dropbear=../dropbear $(srcdir) ) ++uid:=$(shell id -u) ++gid:=$(shell id -g) ++test: fakekey ++ mkdir -p ~/.ssh ++ ../dropbearkey -t ecdsa -f ~/.ssh/id_dropbear ++ ../dropbearkey -y -f ~/.ssh/id_dropbear | grep ^ecdsa > ~/.ssh/authorized_keys ++ ../dropbearkey -t ecdsa -f ~/.ssh/id_dropbear_key2 | grep ^ecdsa | sed 's/[^ ]*$$/key2 extra/' >> ~/.ssh/authorized_keys ++ ../dropbearkey -t ecdsa -f ~/.ssh/id_dropbear_key3 | grep ^ecdsa | sed 's/[^ ]*$$/key3%char/' >> ~/.ssh/authorized_keys ++ ../dropbearkey -t ecdsa -f ~/.ssh/id_dropbear_key4 | grep ^ecdsa | sed 's/[^ ]*$$/key4,char/' >> ~/.ssh/authorized_keys ++ echo "$(LOGNAME)::$(uid):$(gid):$(USER):$(HOME):/bin/bash" >> ~/passwd ++ echo "$(LOGNAME)::$(gid):" >> ~/group ++ chmod 0700 ~ ~/.ssh ~/.ssh/authorized_keys ~/passwd ~/group ++ DBTEST_IN_ACTION=y pytest --hostkey=fakekey --dbclient=../dbclient --dropbear=../dropbear $(srcdir) + +-one: venv/bin/pytest fakekey +- (source ./venv/bin/activate; pytest --hostkey=fakekey --dbclient=../dbclient --dropbear=../dropbear $(srcdir) -k exit) ++one: fakekey ++ pytest --hostkey=fakekey --dbclient=../dbclient --dropbear=../dropbear $(srcdir) -k exit + + fakekey: + ../dropbearkey -t ecdsa -f $@ + +-venv/bin/pytest: $(srcdir)/requirements.txt +- python3 -m venv init venv +- ./venv/bin/pip install --upgrade pip +- ./venv/bin/pip install -r $(srcdir)/requirements.txt +- + .PHONY: test +--- a/test/test_dropbear.py ++++ b/test/test_dropbear.py +@@ -27,7 +27,11 @@ def dropbear(request): + ] + print("subprocess args: ", args) + +- p = subprocess.Popen(args, stderr=subprocess.PIPE, text=True) ++ env = os.environ ++ env['LD_PRELOAD'] = 'libnss_wrapper.so' ++ env['NSS_WRAPPER_PASSWD'] = env['HOME'] + '/passwd' ++ env['NSS_WRAPPER_GROUP'] = env['HOME'] + '/group' ++ p = subprocess.Popen(args, stderr=subprocess.PIPE, text=True, env=env) + # Wait until it has started listening + for l in p.stderr: + if "Not backgrounding" in l: -- cgit v1.2.3