new package: add package 'openssh'

Signed-off-by: Stephan Raue <stephan@openelec.tv>

packages/network/install

@@ -23,8 +23,8 @@
 . config/options $1
 
 $SCRIPTS/install connman
-$SCRIPTS/install dropbear
 $SCRIPTS/install ethtool
+$SCRIPTS/install openssh
 
 if [ "$NETMOUNT" = "yes" ]; then
   $SCRIPTS/install netmount

packages/network/openssh/build

@@ -0,0 +1,44 @@
+#!/bin/sh
+
+################################################################################
+#      This file is part of OpenELEC - http://www.openelec.tv
+#      Copyright (C) 2009-2011 Stephan Raue (stephan@openelec.tv)
+#
+#  This Program is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 2, or (at your option)
+#  any later version.
+#
+#  This Program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with OpenELEC.tv; see the file COPYING.  If not, write to
+#  the Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA.
+#  http://www.gnu.org/copyleft/gpl.html
+################################################################################
+
+. config/options $1
+
+export LD="$TARGET_CC"
+export LDFLAGS="$TARGET_CFLAGS $TARGET_LDFLAGS"
+
+cd $PKG_BUILD
+ac_cv_have_space_for_dirent_d_name=yes \
+./configure --host=$TARGET_NAME \
+            --build=$HOST_NAME \
+            --prefix=/usr \
+            --sysconfdir=/etc \
+            --disable-strip \
+            --disable-lastlog \
+            --disable-utmp \
+            --disable-utmpx \
+            --disable-wtmp \
+            --disable-wtmpx \
+            --without-rpath \
+            --with-ssl-engine \
+            --without-pam
+
+make

packages/network/openssh/config/ssh_config

@@ -0,0 +1,47 @@
+#	$OpenBSD: ssh_config,v 1.26 2010/01/11 01:39:46 dtucker Exp $
+
+# This is the ssh client system-wide configuration file.  See
+# ssh_config(5) for more information.  This file provides defaults for
+# users, and the values can be changed in per-user configuration files
+# or on the command line.
+
+# Configuration data is parsed as follows:
+#  1. command line options
+#  2. user-specific file
+#  3. system-wide file
+# Any configuration value is only changed the first time it is set.
+# Thus, host-specific definitions should be at the beginning of the
+# configuration file, and defaults at the end.
+
+# Site-wide defaults for some commonly used options.  For a comprehensive
+# list of available options, their meanings and defaults, please see the
+# ssh_config(5) man page.
+
+# Host *
+#   ForwardAgent no
+#   ForwardX11 no
+#   RhostsRSAAuthentication no
+#   RSAAuthentication yes
+#   PasswordAuthentication yes
+#   HostbasedAuthentication no
+#   GSSAPIAuthentication no
+#   GSSAPIDelegateCredentials no
+#   BatchMode no
+#   CheckHostIP yes
+#   AddressFamily any
+#   ConnectTimeout 0
+#   StrictHostKeyChecking ask
+#   IdentityFile ~/.ssh/identity
+#   IdentityFile ~/.ssh/id_rsa
+#   IdentityFile ~/.ssh/id_dsa
+#   Port 22
+#   Protocol 2,1
+#   Cipher 3des
+#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
+#   MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
+#   EscapeChar ~
+#   Tunnel no
+#   TunnelDevice any:any
+#   PermitLocalCommand no
+#   VisualHostKey no
+#   ProxyCommand ssh -q -W %h:%p gateway.example.com

packages/network/openssh/config/sshd_config

@@ -0,0 +1,118 @@
+#	$OpenBSD: sshd_config,v 1.82 2010/09/06 17:10:19 naddy Exp $
+
+# This is the sshd server system-wide configuration file.  See
+# sshd_config(5) for more information.
+
+# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented.  Uncommented options change a
+# default value.
+
+#Port 22
+#AddressFamily any
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+# The default requires explicit activation of protocol 1
+#Protocol 2
+
+# HostKey for protocol version 1
+#HostKey ~/.cache/ssh/ssh_host_key
+# HostKeys for protocol version 2
+HostKey ~/.cache/ssh/ssh_host_rsa_key
+HostKey ~/.cache/ssh/ssh_host_dsa_key
+#HostKey ~/.cache/ssh/ssh_host_ecdsa_key
+
+# Lifetime and size of ephemeral version 1 server key
+#KeyRegenerationInterval 1h
+#ServerKeyBits 1024
+
+# Logging
+# obsoletes QuietMode and FascistLogging
+#SyslogFacility AUTH
+#LogLevel INFO
+
+# Authentication:
+
+#LoginGraceTime 2m
+#PermitRootLogin yes
+#StrictModes yes
+#MaxAuthTries 6
+#MaxSessions 10
+
+#RSAAuthentication yes
+#PubkeyAuthentication yes
+#AuthorizedKeysFile	.ssh/authorized_keys
+
+# For this to work you will also need host keys in /etc/ssh_known_hosts
+#RhostsRSAAuthentication no
+# similar for protocol version 2
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# RhostsRSAAuthentication and HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+
+# To disable tunneled clear text passwords, change to no here!
+#PasswordAuthentication yes
+#PermitEmptyPasswords no
+
+# Change to no to disable s/key passwords
+#ChallengeResponseAuthentication yes
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+
+# Set this to 'yes' to enable PAM authentication, account processing, 
+# and session processing. If this is enabled, PAM authentication will 
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+#UsePAM no
+
+#AllowAgentForwarding yes
+#AllowTcpForwarding yes
+#GatewayPorts no
+#X11Forwarding no
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PrintMotd yes
+#PrintLastLog yes
+#TCPKeepAlive yes
+#UseLogin no
+#UsePrivilegeSeparation yes
+#PermitUserEnvironment no
+#Compression delayed
+#ClientAliveInterval 0
+#ClientAliveCountMax 3
+#UseDNS yes
+#PidFile /var/run/sshd.pid
+#MaxStartups 10
+#PermitTunnel no
+#ChrootDirectory none
+
+# no default banner path
+#Banner none
+
+# override default of no subsystems
+Subsystem	sftp	/usr/libexec/sftp-server
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+#	X11Forwarding no
+#	AllowTcpForwarding no
+#	ForceCommand cvs server

packages/network/openssh/init.d/51_sshd

@@ -0,0 +1,72 @@
+################################################################################
+#      Copyright (C) 2009-2010 OpenELEC.tv
+#      http://www.openelec.tv
+#
+#  This Program is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 2, or (at your option)
+#  any later version.
+#
+#  This Program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with OpenELEC.tv; see the file COPYING.  If not, write to
+#  the Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA.
+#  http://www.gnu.org/copyleft/gpl.html
+################################################################################
+
+# start ssh server
+#
+# runlevels: openelec, textmode
+
+(
+  RSA1_KEY="/storage/.cache/ssh/ssh_host_key"
+  RSA2_KEY="/storage/.cache/ssh/ssh_host_rsa_key"
+  DSA2_KEY="/storage/.cache/ssh/ssh_host_dsa_key"
+
+  KEYGEN="/usr/bin/ssh-keygen"
+  SSHD="/usr/sbin/sshd"
+
+  # Check for the SSH1 RSA key
+    if [ ! -f $RSA1_KEY ] ; then
+      progress "SSH: generating SSH1 RSA key"
+
+      mkdir -p /storage/.cache/ssh
+        $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null
+    fi
+
+  # Check for the SSH2 RSA key
+    if [ ! -f $RSA2_KEY ] ; then
+      progress "SSH: generating SSH2 RSA key"
+
+      mkdir -p /storage/.cache/ssh
+        $KEYGEN -q -t rsa -f $RSA2_KEY -C '' -N '' >&/dev/null
+    fi
+
+  # Check for the SSH2 DSA key
+    if [ ! -f $DSA2_KEY ] ; then
+      progress "SSH: generating SSH2 DSA key"
+
+      mkdir -p /storage/.cache/ssh
+        $KEYGEN -q -t dsa -f $DSA2_KEY -C '' -N '' >&/dev/null
+    fi
+
+  # Check for predifined known hosts file
+    if [ -f /etc/ssh/known_hosts -a ! -f $HOME/.ssh/known_hosts ] ; then
+      progress "SSH: setup predifined known hosts"
+
+      mkdir -p /$HOME/.ssh
+        cp /etc/ssh/known_hosts $HOME/.ssh
+    fi
+
+  progress "Starting SSH Server"
+
+    wait_for_network
+
+    mkdir -p /var/empty
+    $SSHD
+
+)&

packages/network/openssh/install

@@ -0,0 +1,39 @@
+#!/bin/sh
+
+################################################################################
+#      This file is part of OpenELEC - http://www.openelec.tv
+#      Copyright (C) 2009-2011 Stephan Raue (stephan@openelec.tv)
+#
+#  This Program is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 2, or (at your option)
+#  any later version.
+#
+#  This Program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with OpenELEC.tv; see the file COPYING.  If not, write to
+#  the Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA.
+#  http://www.gnu.org/copyleft/gpl.html
+################################################################################
+
+. config/options $1
+
+add_user sshd x 74 74 "Privilege-separated SSH" "/var/empty/sshd" "/bin/sh"
+add_group sshd 74
+
+mkdir -p $INSTALL/etc
+  cp $PKG_DIR/config/* $INSTALL/etc
+
+mkdir -p $INSTALL/usr/bin
+  cp $PKG_BUILD/scp $INSTALL/usr/bin/
+  cp $PKG_BUILD/ssh $INSTALL/usr/bin/
+  cp $PKG_BUILD/ssh-add $INSTALL/usr/bin/
+  cp $PKG_BUILD/ssh-agent $INSTALL/usr/bin/
+  cp $PKG_BUILD/ssh-keygen $INSTALL/usr/bin/
+
+mkdir -p $INSTALL/usr/sbin
+  cp $PKG_BUILD/sshd $INSTALL/usr/sbin/

packages/network/openssh/meta

@@ -0,0 +1,36 @@
+################################################################################
+#      This file is part of OpenELEC - http://www.openelec.tv
+#      Copyright (C) 2009-2011 Stephan Raue (stephan@openelec.tv)
+#
+#  This Program is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 2, or (at your option)
+#  any later version.
+#
+#  This Program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with OpenELEC.tv; see the file COPYING.  If not, write to
+#  the Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA.
+#  http://www.gnu.org/copyleft/gpl.html
+################################################################################
+
+PKG_NAME="openssh"
+PKG_VERSION="5.8p2"
+PKG_REV="1"
+PKG_ARCH="any"
+PKG_LICENSE="OSS"
+PKG_SITE="http://www.openssh.com/"
+PKG_URL="ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/$PKG_NAME-$PKG_VERSION.tar.gz"
+PKG_DEPENDS="zlib openssl"
+PKG_BUILD_DEPENDS="toolchain zlib openssl"
+PKG_PRIORITY="optional"
+PKG_SECTION="network"
+PKG_SHORTDESC="openssh: An open re-implementation of the SSH package"
+PKG_LONGDESC="This is a Linux port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups. SSH (Secure Shell) is a program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another. It provides strong authentication and secure communications over insecure channels. It is intended as a replacement for rlogin, rsh, rcp, and rdist."
+PKG_IS_ADDON="no"
+
+PKG_AUTORECONF="yes"

packages/network/openssh/patches/openssh-5.8p2-000-crosscompiling.patch

@@ -0,0 +1,53 @@
+diff -Naur openssh-5.8p1-old/configure.ac openssh-5.8p1-new/configure.ac
+--- openssh-5.8p1-old/configure.ac	2011-02-21 17:41:23.000000000 -0800
++++ openssh-5.8p1-new/configure.ac	2011-02-21 17:42:20.000000000 -0800
+@@ -41,7 +41,7 @@
+ AC_PROG_RANLIB
+ AC_PROG_INSTALL
+ AC_PROG_EGREP
+-AC_PATH_PROG(AR, ar)
++AC_PATH_TOOL(AR, ar)
+ AC_PATH_PROG(CAT, cat)
+ AC_PATH_PROG(KILL, kill)
+ AC_PATH_PROGS(PERL, perl5 perl)
+@@ -1188,25 +1188,25 @@
+ 
+ AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
+ 
+-AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
+-AC_RUN_IFELSE(
+-	[AC_LANG_SOURCE([[
++AC_CACHE_CHECK(
++	[whether struct dirent allocates space for d_name],
++	[ac_cv_have_space_for_dirent_d_name],
++	[AC_RUN_IFELSE(
++		[AC_LANG_SOURCE([[
+ #include <sys/types.h>
+ #include <dirent.h>
+ int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
+-	]])],
+-	[AC_MSG_RESULT(yes)],
+-	[
+-		AC_MSG_RESULT(no)
+-		AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
+-			[Define if your struct dirent expects you to
+-			allocate extra space for d_name])
+-	],
+-	[
+-		AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
+-		AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
+-	]
++		]])],
++		[ ac_cv_have_space_for_dirent_d_name="yes" ],
++		[ ac_cv_have_space_for_dirent_d_name="no"  ],
++		[ ac_cv_have_space_for_dirent_d_name="no"  ]
++	)]
+ )
++if test "x$ac_cv_have_space_for_dirent_d_name" = "xno" ; then
++	AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
++		[Define if your struct dirent expects you to
++		allocate extra space for d_name])
++fi
+ 
+ AC_MSG_CHECKING([for /proc/pid/fd directory])
+ if test -d "/proc/$$/fd" ; then

packages/network/openssh/patches/openssh-5.8p2-001-abstract_socket.patch

@@ -0,0 +1,49 @@
+diff -Naur openssh-5.8p1-old/channels.c openssh-5.8p1-new/channels.c
+--- openssh-5.8p1-old/channels.c	2010-11-30 17:02:35.000000000 -0800
++++ openssh-5.8p1-new/channels.c	2011-02-21 17:41:34.000000000 -0800
+@@ -61,6 +61,7 @@
+ #include <termios.h>
+ #include <unistd.h>
+ #include <stdarg.h>
++#include <stddef.h>
+ 
+ #include "openbsd-compat/sys-queue.h"
+ #include "xmalloc.h"
+@@ -3353,6 +3354,8 @@
+ {
+ 	int sock;
+ 	struct sockaddr_un addr;
++	int abstract = 0;
++	int addrsize = 0;
+ 
+ 	sock = socket(AF_UNIX, SOCK_STREAM, 0);
+ 	if (sock < 0)
+@@ -3360,8 +3363,15 @@
+ 	memset(&addr, 0, sizeof(addr));
+ 	addr.sun_family = AF_UNIX;
+ 	strlcpy(addr.sun_path, pathname, sizeof addr.sun_path);
+-	if (connect(sock, (struct sockaddr *)&addr, sizeof(addr)) == 0)
++	addrsize = offsetof(struct sockaddr_un, sun_path) + strlen(addr.sun_path);
++	if (addr.sun_path[0] = '@')
++		abstract = 1;
++	if (abstract)
++		addr.sun_path[0] = '\0';
++	if (connect(sock, (struct sockaddr *)&addr, addrsize) == 0)
+ 		return sock;
++	if (abstract)
++		addr.sun_path[0] = '@';
+ 	close(sock);
+ 	error("connect %.100s: %.100s", addr.sun_path, strerror(errno));
+ 	return -1;
+diff -Naur openssh-5.8p1-old/defines.h openssh-5.8p1-new/defines.h
+--- openssh-5.8p1-old/defines.h	2011-01-17 02:15:31.000000000 -0800
++++ openssh-5.8p1-new/defines.h	2011-02-21 17:41:34.000000000 -0800
+@@ -411,7 +411,7 @@
+ #  ifdef __hpux
+ #    define X_UNIX_PATH "/var/spool/sockets/X11/%u"
+ #  else
+-#    define X_UNIX_PATH "/tmp/.X11-unix/X%u"
++#    define X_UNIX_PATH "@/tmp/.X11-unix/X%u"
+ #  endif
+ #endif /* X_UNIX_PATH */
+ #define _PATH_UNIX_X X_UNIX_PATH