[gentoo-commits] repo/gentoo:master commit in: net-misc/dropbear/files/, net-misc/dropbear/

[gentoo-commits] repo/gentoo:master commit in: net-misc/dropbear/files/, net-misc/dropbear/

[Lars Wendler]

commit:     771c517d7b4bee11550c8e13514c0d9ab256124f
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Thu Nov 14 09:09:28 2019 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Thu Nov 14 09:09:39 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=771c517d

net-misc/dropbear: Bump to version 2019.78

Closes: https://bugs.gentoo.org/697534
Package-Manager: Portage-2.3.79, Repoman-2.3.18
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 net-misc/dropbear/Manifest                        |   1 +
 net-misc/dropbear/dropbear-2019.78.ebuild         | 107 ++++++++++++++++++++++
 net-misc/dropbear/files/dropbear-0.46-dbscp.patch |   4 +-
 3 files changed, 110 insertions(+), 2 deletions(-)

diff --git a/net-misc/dropbear/Manifest b/net-misc/dropbear/Manifest
index f44bf5a4201..bd290b6381e 100644
--- a/net-misc/dropbear/Manifest
+++ b/net-misc/dropbear/Manifest
@@ -1,2 +1,3 @@
 DIST dropbear-2017.75.tar.bz2 1623392 BLAKE2B c024037d3ebcb3f16aed2a5f24e07c06699a510b327a0ea528db7160ad2a8e554af2a233a266f869e0e30c78f3b0b7792a817d9c07f058f605dbf2dc749a4fda SHA512 9c2f2a5e718339f83abc0ad7719bda12bfc75e5bcb87a7c0eec0afefc743e5c0a1575d290d5fde152ff2100b0f0e6fd5ef4431f7bbcb5ca9a332d93c20f5a8f4
 DIST dropbear-2018.76.tar.bz2 2688697 BLAKE2B 1c22d38487e94427b2678d070f8d370eb09bb2d69253fd6f76d8d80fd637ff86a44b00ab42e1f6d84042c72cbcbd4bb6cbb415f961502e0437c7c8c1b812f059 SHA512 82323279f7e78c366ba1ea07ff242259132b2576122429f54326518dd6092aba8ae5de4a0b8a3cef7efc3507015741abe2ac23376c03b40b247527da7a88120e
+DIST dropbear-2019.78.tar.bz2 2708659 BLAKE2B 212b173cfea8655b43a8d93422dd4d3e0d669a67681cb17d6494b6083e6e4c58d21d52850c0cdf414617ee3dcaa071e376d0b5b156b6856cee2e4fe111550f7d SHA512 f667ba8dae17ea89c118642b566f2c134c71bfd0b8bacea5cf7ec87d75ac79bd7cd1864a8788367a89d30ee35427d389ef6416375adff6e83caae30ff3e0549f

diff --git a/net-misc/dropbear/dropbear-2019.78.ebuild b/net-misc/dropbear/dropbear-2019.78.ebuild
new file mode 100644
index 00000000000..0ebbf521589
--- /dev/null
+++ b/net-misc/dropbear/dropbear-2019.78.ebuild
@@ -0,0 +1,107 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit savedconfig pam user
+
+DESCRIPTION="small SSH 2 client/server designed for small memory environments"
+HOMEPAGE="https://matt.ucc.asn.au/dropbear/dropbear.html"
+SRC_URI="https://matt.ucc.asn.au/dropbear/releases/${P}.tar.bz2
+	https://matt.ucc.asn.au/dropbear/testing/${P}.tar.bz2"
+
+LICENSE="MIT"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux"
+IUSE="bsdpty minimal multicall pam +shadow static +syslog zlib"
+
+LIB_DEPEND="zlib? ( sys-libs/zlib[static-libs(+)] )
+	dev-libs/libtommath[static-libs(+)]"
+RDEPEND="!static? ( ${LIB_DEPEND//\[static-libs(+)]} )
+	pam? ( sys-libs/pam )"
+DEPEND="${RDEPEND}
+	static? ( ${LIB_DEPEND} )"
+RDEPEND+=" pam? ( >=sys-auth/pambase-20080219.1 )"
+
+REQUIRED_USE="pam? ( !static )"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-0.46-dbscp.patch
+)
+
+set_options() {
+	progs=(
+		dropbear dbclient dropbearkey
+		$(usex minimal "" "dropbearconvert scp")
+	)
+	makeopts=(
+		MULTI=$(usex multicall 1 0)
+	)
+}
+
+src_prepare() {
+	default
+	sed \
+		-e '/SFTPSERVER_PATH/s:".*":"/usr/lib/misc/sftp-server":' \
+		default_options.h > localoptions.h || die
+	sed \
+		-e '/pam_start/s:sshd:dropbear:' \
+		-i svr-authpam.c || die
+	restore_config localoptions.h
+}
+
+src_configure() {
+	# XXX: Need to add libtomcrypt to the tree and re-enable this.
+	#	--disable-bundled-libtom
+	# We disable the hardening flags as our compiler already enables them
+	# by default as is appropriate for the target.
+	local myeconfargs=(
+		--disable-harden
+		$(use_enable zlib)
+		$(use_enable pam)
+		$(use_enable !bsdpty openpty)
+		$(use_enable shadow)
+		$(use_enable static)
+		$(use_enable syslog)
+	)
+	econf "${myeconfargs[@]}"
+}
+
+src_compile() {
+	set_options
+	emake "${makeopts[@]}" PROGRAMS="${progs[*]}"
+}
+
+src_install() {
+	set_options
+	emake "${makeopts[@]}" PROGRAMS="${progs[*]}" DESTDIR="${D}" install
+	doman *.8
+	newinitd "${FILESDIR}"/dropbear.init.d dropbear
+	newconfd "${FILESDIR}"/dropbear.conf.d dropbear
+	dodoc CHANGES README SMALL MULTI
+
+	# The multi install target does not install the links right.
+	if use multicall ; then
+		cd "${ED}"/usr/bin || die
+		local x
+		for x in "${progs[@]}" ; do
+			ln -sf dropbearmulti ${x} || die "ln -s dropbearmulti to ${x} failed"
+		done
+		rm -f dropbear
+		dodir /usr/sbin
+		dosym ../bin/dropbearmulti /usr/sbin/dropbear
+		cd "${S}" || die
+	fi
+	save_config localoptions.h
+
+	if ! use minimal ; then
+		mv "${ED}"/usr/bin/{,db}scp || die
+	fi
+
+	pamd_mimic system-remote-login dropbear auth account password session
+}
+
+pkg_preinst() {
+	enewgroup sshd 22
+	enewuser sshd 22 -1 /var/empty sshd
+}

diff --git a/net-misc/dropbear/files/dropbear-0.46-dbscp.patch b/net-misc/dropbear/files/dropbear-0.46-dbscp.patch
index 18873f24c5a..ea0d17066d6 100644
--- a/net-misc/dropbear/files/dropbear-0.46-dbscp.patch
+++ b/net-misc/dropbear/files/dropbear-0.46-dbscp.patch
@@ -1,5 +1,5 @@
---- dbmulti.c	2005-07-17 07:00:07.000000000 -0400
-+++ dbmulti.c	2005-07-17 06:59:35.000000000 -0400
+--- a/dbmulti.c
++++ b/dbmulti.c
 @@ -60,7 +60,7 @@
  		}
  #endif

[gentoo-commits] repo/gentoo:master commit in: net-misc/dropbear/files/, net-misc/dropbear/

[Conrad Kostecki]

commit:     78c789a9d72d495eb4eddcbb8e28883fd976f9d8
Author:     Conrad Kostecki <conikost <AT> gentoo <DOT> org>
AuthorDate: Sat Apr 23 21:32:06 2022 +0000
Commit:     Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Sat Apr 23 21:34:54 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=78c789a9

net-misc/dropbear: fix compilation with enabled x11

Closes: https://bugs.gentoo.org/837164
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>

 net-misc/dropbear/dropbear-2022.82.ebuild          |  1 +
 net-misc/dropbear/files/dropbear-2022.82-x11.patch | 22 ++++++++++++++++++++++
 2 files changed, 23 insertions(+)

diff --git a/net-misc/dropbear/dropbear-2022.82.ebuild b/net-misc/dropbear/dropbear-2022.82.ebuild
index 27bbc8b51dd6..1df3c22e1a2c 100644
--- a/net-misc/dropbear/dropbear-2022.82.ebuild
+++ b/net-misc/dropbear/dropbear-2022.82.ebuild
@@ -45,6 +45,7 @@ REQUIRED_USE="pam? ( !static )"
 
 PATCHES=(
 	"${FILESDIR}"/${PN}-0.46-dbscp.patch
+	"${FILESDIR}"/${PN}-2022.82-x11.patch
 )
 
 set_options() {

diff --git a/net-misc/dropbear/files/dropbear-2022.82-x11.patch b/net-misc/dropbear/files/dropbear-2022.82-x11.patch
new file mode 100644
index 000000000000..82cb9c812ebe
--- /dev/null
+++ b/net-misc/dropbear/files/dropbear-2022.82-x11.patch
@@ -0,0 +1,22 @@
+From 0292aacdf0aa57d03f2a3ab7e53cf650e6f29389 Mon Sep 17 00:00:00 2001
+From: Matt Johnston <matt@ucc.asn.au>
+Date: Sat, 23 Apr 2022 22:33:31 +0800
+Subject: [PATCH] Fix X11 build failure, use DROPBEAR_PRIO_LOWDELAY
+
+---
+ svr-x11fwd.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/svr-x11fwd.c b/svr-x11fwd.c
+index 353cb12e..5d9e6a96 100644
+--- a/svr-x11fwd.c
++++ b/svr-x11fwd.c
+@@ -206,7 +206,7 @@ void x11cleanup(struct ChanSess *chansess) {
+ }
+ 
+ static int x11_inithandler(struct Channel *channel) {
+-	channel->prio = DROPBEAR_CHANNEL_PRIO_INTERACTIVE;
++	channel->prio = DROPBEAR_PRIO_LOWDELAY;
+ 	return 0;
+ }
+ 

[gentoo-commits] repo/gentoo:master commit in: net-misc/dropbear/files/, net-misc/dropbear/

[Viorel Munteanu]

commit:     ca104be35e918af32f622d4f2e0850085e36da63
Author:     Viorel Munteanu <ceamac <AT> gentoo <DOT> org>
AuthorDate: Sat Apr  6 05:52:39 2024 +0000
Commit:     Viorel Munteanu <ceamac <AT> gentoo <DOT> org>
CommitDate: Sat Apr  6 05:54:50 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ca104be3

net-misc/dropbear: add 2024.84

Make the tests non-interactive just in case.
Disable the tests that fail.

Closes: https://bugs.gentoo.org/732294
Bug: https://bugs.gentoo.org/920293
Signed-off-by: Viorel Munteanu <ceamac <AT> gentoo.org>

 net-misc/dropbear/Manifest                         |   2 +
 net-misc/dropbear/dropbear-2024.84.ebuild          | 184 +++++++++++++++++++++
 .../dropbear/files/dropbear-2024.84-dbscp.patch    |  20 +++
 .../dropbear-2024.84-non-interactive-tests.patch   |  13 ++
 4 files changed, 219 insertions(+)

diff --git a/net-misc/dropbear/Manifest b/net-misc/dropbear/Manifest
index c762d488c638..34b3afeaf523 100644
--- a/net-misc/dropbear/Manifest
+++ b/net-misc/dropbear/Manifest
@@ -1,2 +1,4 @@
 DIST dropbear-2022.83.tar.bz2 2322904 BLAKE2B 4e26667458fb068a8c997b44dfd3c4f15146f051713a3ea90980db04c6345174d34214269665d74c863c1c1947d6837034aa4c264101b11971c8a3e97f491393 SHA512 c63afa615d64b0c8c5e739c758eb8ae277ecc36a4223b766bf562702de69910904cbc3ea98d22989df478ae419e1f81057fe1ee09616c80cb859f58f44175422
 DIST dropbear-2022.83.tar.bz2.asc 833 BLAKE2B 7dfcf13804738aed3136c264412f8c2f96cd3ff71482815af736346c9441c8f00adef26f4e8f89082cbbb4033249501adbc545c08f678e1cac4afc88a8fc9ed0 SHA512 e5cbd01dcbaeabb04dc473bd11933a422fda03ceb5bc02fb5c99abafd0841e3ac1f436cc1798500b33fbbc81923fa03c2a28c971fa26794ed5888d496fb7e2ad
+DIST dropbear-2024.84.tar.bz2 2306278 BLAKE2B ba5a433f2a313aeeabc8e3e3696c4d79e96095dfc5cf045f15e6de5912f2f44bdddee103d86f659ee58fe8013fc9c2fb8c3af9cba089ee415e2f28179a365dca SHA512 254daea819c5aeaa65bb43449386fb964f4aa13e3b3037fe11064120205c6e265925e7ef2d84f7ebe66c6a00cf0a22e6010314c065ed49a3815f47137b7aca44
+DIST dropbear-2024.84.tar.bz2.asc 833 BLAKE2B 0b8c9fdf8c24836b03f36d3e98b6b906a3aaeda9bd283b3d2001b9b1e363a19e02a536febfe19c3c851c378d32a3efb067910a68dd4a7b2174b96fd8faedf1b3 SHA512 69ce84ea8f6ba2c7f7718578befa301c3a0342b7f6acb3ecb5d6ac4b82710fb22d0bc11f5632ae00f222c1cc2b50f48e50d16eee4ebb93bf08069774769ebb13

diff --git a/net-misc/dropbear/dropbear-2024.84.ebuild b/net-misc/dropbear/dropbear-2024.84.ebuild
new file mode 100644
index 000000000000..68f1c4674d72
--- /dev/null
+++ b/net-misc/dropbear/dropbear-2024.84.ebuild
@@ -0,0 +1,184 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{10..12} )
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/dropbear.asc
+inherit pam python-any-r1 savedconfig verify-sig
+
+DESCRIPTION="Small SSH 2 client/server designed for small memory environments"
+HOMEPAGE="https://matt.ucc.asn.au/dropbear/dropbear.html"
+SRC_URI="https://matt.ucc.asn.au/dropbear/releases/${P}.tar.bz2
+	https://matt.ucc.asn.au/dropbear/testing/${P}.tar.bz2"
+SRC_URI+=" verify-sig? (
+		https://matt.ucc.asn.au/dropbear/releases/${P}.tar.bz2.asc
+		https://matt.ucc.asn.au/dropbear/testing/${P}.tar.bz2.asc
+	)"
+
+LICENSE="MIT GPL-2" # (init script is GPL-2 #426056)
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-macos"
+IUSE="bsdpty minimal multicall pam +shadow static +syslog test zlib"
+RESTRICT="!test? ( test )"
+
+LIB_DEPEND="
+	virtual/libcrypt[static-libs(+)]
+	zlib? ( sys-libs/zlib[static-libs(+)] )
+"
+RDEPEND="
+	acct-group/sshd
+	acct-user/sshd
+	!static? (
+		>=dev-libs/libtomcrypt-1.18.2-r2[libtommath]
+		>=dev-libs/libtommath-1.2.0
+		${LIB_DEPEND//\[static-libs(+)]}
+	)
+	pam? ( sys-libs/pam )
+"
+DEPEND="
+	${RDEPEND}
+	static? ( ${LIB_DEPEND} )
+"
+RDEPEND+=" pam? ( >=sys-auth/pambase-20080219.1 )"
+BDEPEND="
+	test? (
+		$(python_gen_any_dep '
+			dev-python/attrs[${PYTHON_USEDEP}]
+			dev-python/iniconfig[${PYTHON_USEDEP}]
+			dev-python/packaging[${PYTHON_USEDEP}]
+			dev-python/pluggy[${PYTHON_USEDEP}]
+			dev-python/py[${PYTHON_USEDEP}]
+			dev-python/pyparsing[${PYTHON_USEDEP}]
+			dev-python/pytest[${PYTHON_USEDEP}]
+			dev-python/psutil[${PYTHON_USEDEP}]
+		')
+	)
+	verify-sig? ( sec-keys/openpgp-keys-dropbear )
+"
+
+REQUIRED_USE="pam? ( !static )"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-2024.84-dbscp.patch
+	"${FILESDIR}"/${PN}-2022.82-tests.patch
+	"${FILESDIR}"/${PN}-2024.84-non-interactive-tests.patch
+)
+
+set_options() {
+	progs=(
+		dropbear dbclient dropbearkey
+		$(usev !minimal "dropbearconvert scp")
+	)
+	makeopts=(
+		MULTI=$(usex multicall 1 0)
+	)
+}
+
+python_check_deps() {
+	python_has_version "dev-python/attrs[${PYTHON_USEDEP}]" && \
+		python_has_version "dev-python/iniconfig[${PYTHON_USEDEP}]" && \
+		python_has_version "dev-python/packaging[${PYTHON_USEDEP}]" && \
+		python_has_version "dev-python/pluggy[${PYTHON_USEDEP}]" && \
+		python_has_version "dev-python/py[${PYTHON_USEDEP}]" && \
+		python_has_version "dev-python/pyparsing[${PYTHON_USEDEP}]" && \
+		python_has_version "dev-python/pytest[${PYTHON_USEDEP}]" && \
+		python_has_version "dev-python/psutil[${PYTHON_USEDEP}]"
+}
+
+pkg_setup() {
+	use test && python-any-r1_pkg_setup
+
+	if use static ; then
+		ewarn "Using bundled copies of libtommath and libtomcrypt"
+	fi
+}
+
+src_prepare() {
+	default
+	sed \
+		-e '/SFTPSERVER_PATH/s:".*":"/usr/lib/misc/sftp-server":' \
+		-e '/DROPBEAR_X11FWD/s:0:1:' \
+		src/default_options.h > localoptions.h || die
+	sed \
+		-e '/pam_start/s:sshd:dropbear:' \
+		-i src/svr-authpam.c || die
+	restore_config localoptions.h
+
+	# remove tests that fail
+	rm test/test_aslr.py test/test_channels.py || die
+
+	# dropbearconver is not build with USE minimal
+	if use minimal; then
+		rm test/test_dropbearconvert.py || die
+	fi
+}
+
+src_configure() {
+	# Notes:
+	# 1) We use bundled libtom* when static build is enabled because
+	#    libtomcrypt lacks it and we don't particularly want to add it.
+	# 2) We disable the hardening flags as our compiler already enables them
+	#    by default as is appropriate for the target.
+	local myeconfargs=(
+		--disable-harden
+
+		# bug #836900
+		$(use_enable !elibc_musl lastlog)
+		$(use_enable !elibc_musl wtmp)
+
+		$(use_enable static bundled-libtom)
+		$(use_enable zlib)
+		$(use_enable pam)
+		$(use_enable !bsdpty openpty)
+		$(use_enable shadow)
+		$(use_enable static)
+		$(use_enable syslog)
+	)
+
+	econf "${myeconfargs[@]}"
+}
+
+src_compile() {
+	set_options
+	emake "${makeopts[@]}" PROGRAMS="${progs[*]}"
+
+	# need symlinks for tests
+	if use multicall && use test; then
+		local x
+		for x in "${progs[@]}" ; do
+			ln -sf dropbearmulti ${x} || die "ln -s dropbearmulti to ${x} failed"
+		done
+	fi
+}
+
+src_install() {
+	set_options
+	emake "${makeopts[@]}" PROGRAMS="${progs[*]}" DESTDIR="${D}" install
+	doman manpages/*.8
+	newinitd "${FILESDIR}"/dropbear.init.d dropbear
+	newconfd "${FILESDIR}"/dropbear.conf.d dropbear
+	dodoc CHANGES README.md SMALL.md MULTI.md
+
+	# The multi install target does not install the links right.
+	if use multicall ; then
+		pushd "${ED}"/usr/bin &> /dev/null || die
+		local x
+		for x in "${progs[@]}" ; do
+			ln -sf dropbearmulti ${x} || die "ln -s dropbearmulti to ${x} failed"
+		done
+		rm -f dropbear
+		dodir /usr/sbin
+		dosym -r /usr/bin/dropbearmulti /usr/sbin/dropbear
+		popd &> /dev/null || die
+	fi
+	save_config localoptions.h
+
+	if ! use minimal ; then
+		mv "${ED}"/usr/bin/{,db}scp || die
+	fi
+
+	if use pam; then
+		pamd_mimic system-remote-login dropbear auth account password session
+	fi
+}

diff --git a/net-misc/dropbear/files/dropbear-2024.84-dbscp.patch b/net-misc/dropbear/files/dropbear-2024.84-dbscp.patch
new file mode 100644
index 000000000000..52095e1427de
--- /dev/null
+++ b/net-misc/dropbear/files/dropbear-2024.84-dbscp.patch
@@ -0,0 +1,20 @@
+--- a/src/dbmulti.c
++++ b/src/dbmulti.c
+@@ -60,7 +60,7 @@
+ 		}
+ #endif
+ #ifdef DBMULTI_scp
+-		if (strcmp(progname, "scp") == 0) {
++		if ((strcmp(progname, "scp") == 0) || (strcmp(progname, "dbscp") == 0)) {
+ 			return scp_main(argc, argv);
+ 		}
+ #endif
+@@ -81,7 +81,7 @@
+ 			"'dropbearconvert' - the key converter\n"
+ #endif
+ #ifdef DBMULTI_scp
+-			"'scp' - secure copy\n"
++			"'dbscp' - secure copy\n"
+ #endif
+ 			,
+ 			DROPBEAR_VERSION);

diff --git a/net-misc/dropbear/files/dropbear-2024.84-non-interactive-tests.patch b/net-misc/dropbear/files/dropbear-2024.84-non-interactive-tests.patch
new file mode 100644
index 000000000000..84314f5fd7fa
--- /dev/null
+++ b/net-misc/dropbear/files/dropbear-2024.84-non-interactive-tests.patch
@@ -0,0 +1,13 @@
+Force tests to be non-interactive
+
+--- a/test/test_dropbear.py
++++ b/test/test_dropbear.py
+@@ -23,7 +23,7 @@
+ 	args = opt.dropbear.split() + [
+ 		"-p", LOCALADDR + ":" + opt.port, # bind locally only
+ 		"-r", opt.hostkey,
+-		"-F", "-E",
++		"-F", "-E", "-s",
+ 		]
+ 	print("subprocess args: ", args)
+ 

[gentoo-commits] repo/gentoo:master commit in: net-misc/dropbear/files/, net-misc/dropbear/

[Viorel Munteanu]

commit:     03ebacb8bc393df7f4d133eef7007445da1d43a0
Author:     Viorel Munteanu <ceamac <AT> gentoo <DOT> org>
AuthorDate: Sun Apr  7 06:34:32 2024 +0000
Commit:     Viorel Munteanu <ceamac <AT> gentoo <DOT> org>
CommitDate: Sun Apr  7 06:36:10 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=03ebacb8

net-misc/dropbear: xfail one test

One test fails only when run by portage.

Signed-off-by: Viorel Munteanu <ceamac <AT> gentoo.org>

 net-misc/dropbear/dropbear-2024.84.ebuild                  |  1 +
 .../dropbear/files/dropbear-2024.84-test-bg-sleep.patch    | 14 ++++++++++++++
 2 files changed, 15 insertions(+)

diff --git a/net-misc/dropbear/dropbear-2024.84.ebuild b/net-misc/dropbear/dropbear-2024.84.ebuild
index 83d23fbcf782..85944fe6b816 100644
--- a/net-misc/dropbear/dropbear-2024.84.ebuild
+++ b/net-misc/dropbear/dropbear-2024.84.ebuild
@@ -65,6 +65,7 @@ PATCHES=(
 	"${FILESDIR}"/${PN}-2022.82-tests.patch
 	"${FILESDIR}"/${PN}-2024.84-non-interactive-tests.patch
 	"${FILESDIR}"/${PN}-2024.84-fix-channels-tests.patch
+	"${FILESDIR}"/${PN}-2024.84-test-bg-sleep.patch
 )
 
 set_options() {

diff --git a/net-misc/dropbear/files/dropbear-2024.84-test-bg-sleep.patch b/net-misc/dropbear/files/dropbear-2024.84-test-bg-sleep.patch
new file mode 100644
index 000000000000..a078eb2e68b6
--- /dev/null
+++ b/net-misc/dropbear/files/dropbear-2024.84-test-bg-sleep.patch
@@ -0,0 +1,14 @@
+One test passes when run with ebuild ... test, but fails when run by portage.
+Mark it as xfail.
+
+--- a/test/test_channels.py
++++ b/test/test_channels.py
+@@ -45,7 +45,7 @@
+ 	r.check_returncode()
+ 	assert r.stdout.decode() == dat
+ 
+-@pytest.mark.parametrize("fd", [1, 2])
++@pytest.mark.parametrize("fd", [1, pytest.param(2, marks=pytest.mark.xfail(reason="Fails sometimes"))])
+ def test_bg_sleep(request, fd, dropbear):
+ 	# https://lists.ucc.asn.au/pipermail/dropbear/2006q1/000362.html
+ 	# Rob Landley "Is this a bug?" 24 Mar 2006

[gentoo-commits] repo/gentoo:master commit in: net-misc/dropbear/files/, net-misc/dropbear/

[Viorel Munteanu]

commit:     c52263280244bbcc756012c3bef6b3f3aa5f7d90
Author:     Viorel Munteanu <ceamac <AT> gentoo <DOT> org>
AuthorDate: Tue Aug 27 18:18:26 2024 +0000
Commit:     Viorel Munteanu <ceamac <AT> gentoo <DOT> org>
CommitDate: Tue Aug 27 18:18:26 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c5226328

net-misc/dropbear: disable generating the dss key

Bug: https://bugs.gentoo.org/931505
Signed-off-by: Viorel Munteanu <ceamac <AT> gentoo.org>

 .../dropbear/{dropbear-2022.83.ebuild => dropbear-2022.83-r1.ebuild}    | 2 +-
 .../dropbear/{dropbear-2024.85.ebuild => dropbear-2024.85-r1.ebuild}    | 0
 net-misc/dropbear/files/dropbear.init.d                                 | 2 +-
 3 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/net-misc/dropbear/dropbear-2022.83.ebuild b/net-misc/dropbear/dropbear-2022.83-r1.ebuild
similarity index 99%
rename from net-misc/dropbear/dropbear-2022.83.ebuild
rename to net-misc/dropbear/dropbear-2022.83-r1.ebuild
index 94e79a2f42d8..6c2b03dbdd0d 100644
--- a/net-misc/dropbear/dropbear-2022.83.ebuild
+++ b/net-misc/dropbear/dropbear-2022.83-r1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2023 Gentoo Authors
+# Copyright 1999-2024 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=7

diff --git a/net-misc/dropbear/dropbear-2024.85.ebuild b/net-misc/dropbear/dropbear-2024.85-r1.ebuild
similarity index 100%
rename from net-misc/dropbear/dropbear-2024.85.ebuild
rename to net-misc/dropbear/dropbear-2024.85-r1.ebuild

diff --git a/net-misc/dropbear/files/dropbear.init.d b/net-misc/dropbear/files/dropbear.init.d
index ef744b73c9b5..473c548ba5e0 100644
--- a/net-misc/dropbear/files/dropbear.init.d
+++ b/net-misc/dropbear/files/dropbear.init.d
@@ -11,7 +11,7 @@ check_config() {
 	mkdir -p /etc/dropbear
 
 	local t k
-	for t in dss rsa ecdsa ed25519; do
+	for t in rsa ecdsa ed25519; do
 		k="/etc/dropbear/dropbear_${t}_host_key"
 		if [ ! -e ${k} ] ; then
 			# See if support is enabled for this key type.

[gentoo-commits] repo/gentoo:master commit in: net-misc/dropbear/files/, net-misc/dropbear/

[Viorel Munteanu]

commit:     6757782157ef4888d55f4a7173402040f87268c0
Author:     Viorel Munteanu <ceamac <AT> gentoo <DOT> org>
AuthorDate: Sat Sep 14 11:19:54 2024 +0000
Commit:     Viorel Munteanu <ceamac <AT> gentoo <DOT> org>
CommitDate: Sat Sep 14 11:24:21 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=67577821

net-misc/dropbear: Fix tests

Add support for python3.11;
Disable tests that fail with USE=bsdpty;
Fix tests when built with USE=-syslog;
Fix testing server auth;
Fix aslr test.

Closes: https://bugs.gentoo.org/939601
Signed-off-by: Viorel Munteanu <ceamac <AT> gentoo.org>

 net-misc/dropbear/dropbear-2024.85-r2.ebuild       | 199 +++++++++++++++++++++
 .../dropbear-2024.84-fix-aslr-test-no-venv.patch   |  15 ++
 ...r-2024.84-non-interactive-tests-no-syslog.patch |  13 ++
 .../dropbear/files/dropbear-2024.84-tests.patch    |  57 ++++++
 4 files changed, 284 insertions(+)

diff --git a/net-misc/dropbear/dropbear-2024.85-r2.ebuild b/net-misc/dropbear/dropbear-2024.85-r2.ebuild
new file mode 100644
index 000000000000..609bbb453aa4
--- /dev/null
+++ b/net-misc/dropbear/dropbear-2024.85-r2.ebuild
@@ -0,0 +1,199 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{10..13} )
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/dropbear.asc
+inherit pam python-any-r1 savedconfig verify-sig
+
+DESCRIPTION="Small SSH 2 client/server designed for small memory environments"
+HOMEPAGE="https://matt.ucc.asn.au/dropbear/dropbear.html"
+SRC_URI="https://matt.ucc.asn.au/dropbear/releases/${P}.tar.bz2
+	https://matt.ucc.asn.au/dropbear/testing/${P}.tar.bz2"
+SRC_URI+=" verify-sig? (
+		https://matt.ucc.asn.au/dropbear/releases/${P}.tar.bz2.asc
+		https://matt.ucc.asn.au/dropbear/testing/${P}.tar.bz2.asc
+	)"
+
+LICENSE="MIT GPL-2" # (init script is GPL-2 #426056)
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x64-macos"
+IUSE="bsdpty minimal multicall pam +shadow static +syslog test zlib"
+RESTRICT="!test? ( test )"
+
+LIB_DEPEND="
+	virtual/libcrypt[static-libs(+)]
+	zlib? ( sys-libs/zlib[static-libs(+)] )
+"
+RDEPEND="
+	acct-group/sshd
+	acct-user/sshd
+	!static? (
+		>=dev-libs/libtomcrypt-1.18.2-r2[libtommath]
+		>=dev-libs/libtommath-1.2.0
+		${LIB_DEPEND//\[static-libs(+)]}
+	)
+	pam? ( sys-libs/pam )
+"
+DEPEND="
+	${RDEPEND}
+	static? ( ${LIB_DEPEND} )
+"
+RDEPEND+=" pam? ( >=sys-auth/pambase-20080219.1 )"
+BDEPEND="
+	test? (
+		sys-libs/nss_wrapper
+		$(python_gen_any_dep '
+			dev-python/attrs[${PYTHON_USEDEP}]
+			dev-python/iniconfig[${PYTHON_USEDEP}]
+			dev-python/packaging[${PYTHON_USEDEP}]
+			dev-python/pluggy[${PYTHON_USEDEP}]
+			dev-python/py[${PYTHON_USEDEP}]
+			dev-python/pyparsing[${PYTHON_USEDEP}]
+			dev-python/pytest[${PYTHON_USEDEP}]
+			dev-python/psutil[${PYTHON_USEDEP}]
+		')
+	)
+	verify-sig? ( sec-keys/openpgp-keys-dropbear )
+"
+
+REQUIRED_USE="pam? ( !static )"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-2024.84-dbscp.patch
+	"${FILESDIR}"/${PN}-2024.84-tests.patch
+	"${FILESDIR}"/${PN}-2024.84-test-bg-sleep.patch
+	"${FILESDIR}"/${PN}-2024.84-fix-aslr-test-no-venv.patch
+)
+
+set_options() {
+	progs=(
+		dropbear dbclient dropbearkey
+		$(usev !minimal "dropbearconvert scp")
+	)
+	makeopts=(
+		MULTI=$(usex multicall 1 0)
+	)
+}
+
+python_check_deps() {
+	python_has_version "dev-python/attrs[${PYTHON_USEDEP}]" && \
+		python_has_version "dev-python/iniconfig[${PYTHON_USEDEP}]" && \
+		python_has_version "dev-python/packaging[${PYTHON_USEDEP}]" && \
+		python_has_version "dev-python/pluggy[${PYTHON_USEDEP}]" && \
+		python_has_version "dev-python/py[${PYTHON_USEDEP}]" && \
+		python_has_version "dev-python/pyparsing[${PYTHON_USEDEP}]" && \
+		python_has_version "dev-python/pytest[${PYTHON_USEDEP}]" && \
+		python_has_version "dev-python/psutil[${PYTHON_USEDEP}]"
+}
+
+pkg_setup() {
+	use test && python-any-r1_pkg_setup
+
+	if use static ; then
+		ewarn "Using bundled copies of libtommath and libtomcrypt"
+	fi
+}
+
+src_prepare() {
+	default
+
+	# dropbear does not accept -E if built w/o syslog support and fails the tests
+	if use syslog; then
+		eapply "${FILESDIR}"/${PN}-2024.84-non-interactive-tests.patch
+	else
+		eapply "${FILESDIR}"/${PN}-2024.84-non-interactive-tests-no-syslog.patch
+	fi
+
+	sed \
+		-e '/SFTPSERVER_PATH/s:".*":"/usr/lib/misc/sftp-server":' \
+		-e '/DROPBEAR_X11FWD/s:0:1:' \
+		src/default_options.h > localoptions.h || die
+	sed \
+		-e '/pam_start/s:sshd:dropbear:' \
+		-i src/svr-authpam.c || die
+	restore_config localoptions.h
+
+	use test && python_fix_shebang test/parent_dropbear_map.py
+
+	# dropbearconver is not built with USE minimal
+	if use minimal; then
+		rm test/test_dropbearconvert.py || die
+	fi
+
+	# bsdpty requires CONFIG_LEGACY_PTYS in kernel; disable tests.
+	# bug #939601
+	if use bsdpty; then
+		rm test/test_channels.py || die
+	fi
+}
+
+src_configure() {
+	# Notes:
+	# 1) We use bundled libtom* when static build is enabled because
+	#    libtomcrypt lacks it and we don't particularly want to add it.
+	# 2) We disable the hardening flags as our compiler already enables them
+	#    by default as is appropriate for the target.
+	local myeconfargs=(
+		--disable-harden
+
+		# bug #836900
+		$(use_enable !elibc_musl lastlog)
+		$(use_enable !elibc_musl wtmp)
+
+		$(use_enable static bundled-libtom)
+		$(use_enable zlib)
+		$(use_enable pam)
+		$(use_enable !bsdpty openpty)
+		$(use_enable shadow)
+		$(use_enable static)
+		$(use_enable syslog)
+	)
+
+	econf "${myeconfargs[@]}"
+}
+
+src_compile() {
+	set_options
+	emake "${makeopts[@]}" PROGRAMS="${progs[*]}"
+
+	# need symlinks for tests
+	if use multicall && use test; then
+		local x
+		for x in "${progs[@]}" ; do
+			ln -sf dropbearmulti ${x} || die "ln -s dropbearmulti to ${x} failed"
+		done
+	fi
+}
+
+src_install() {
+	set_options
+	emake "${makeopts[@]}" PROGRAMS="${progs[*]}" DESTDIR="${D}" install
+	doman manpages/*.8
+	newinitd "${FILESDIR}"/dropbear.init.d dropbear
+	newconfd "${FILESDIR}"/dropbear.conf.d dropbear
+	dodoc CHANGES README.md SMALL.md MULTI.md
+
+	# The multi install target does not install the links right.
+	if use multicall ; then
+		pushd "${ED}"/usr/bin &> /dev/null || die
+		local x
+		for x in "${progs[@]}" ; do
+			ln -sf dropbearmulti ${x} || die "ln -s dropbearmulti to ${x} failed"
+		done
+		rm -f dropbear
+		dodir /usr/sbin
+		dosym -r /usr/bin/dropbearmulti /usr/sbin/dropbear
+		popd &> /dev/null || die
+	fi
+	save_config localoptions.h
+
+	if ! use minimal ; then
+		mv "${ED}"/usr/bin/{,db}scp || die
+	fi
+
+	if use pam; then
+		pamd_mimic system-remote-login dropbear auth account password session
+	fi
+}

diff --git a/net-misc/dropbear/files/dropbear-2024.84-fix-aslr-test-no-venv.patch b/net-misc/dropbear/files/dropbear-2024.84-fix-aslr-test-no-venv.patch
new file mode 100644
index 000000000000..62e87f230974
--- /dev/null
+++ b/net-misc/dropbear/files/dropbear-2024.84-fix-aslr-test-no-venv.patch
@@ -0,0 +1,15 @@
+We don't use a venv for this test, remove it.
+
+--- a/test/test_aslr.py
++++ b/test/test_aslr.py
+@@ -9,9 +9,7 @@
+ 	This indicates that re-exec makes ASLR work
+ 	"""
+ 	map_script = (Path(request.node.fspath).parent / "parent_dropbear_map.py").resolve()
+-	# run within the same venv, for python deps
+-	activate = own_venv_command()
+-	cmd = f"{activate}; {map_script}"
++	cmd = f"{map_script}"
+ 	print(cmd)
+ 	r = dbclient(request, cmd, capture_output=True, text=True)
+ 	map1 = r.stdout.rstrip()

diff --git a/net-misc/dropbear/files/dropbear-2024.84-non-interactive-tests-no-syslog.patch b/net-misc/dropbear/files/dropbear-2024.84-non-interactive-tests-no-syslog.patch
new file mode 100644
index 000000000000..b5a464884d20
--- /dev/null
+++ b/net-misc/dropbear/files/dropbear-2024.84-non-interactive-tests-no-syslog.patch
@@ -0,0 +1,13 @@
+Force tests to be non-interactive
+
+--- a/test/test_dropbear.py
++++ b/test/test_dropbear.py
+@@ -23,7 +23,7 @@
+ 	args = opt.dropbear.split() + [
+ 		"-p", LOCALADDR + ":" + opt.port, # bind locally only
+ 		"-r", opt.hostkey,
+-		"-F", "-E",
++		"-F", "-s",
+ 		]
+ 	print("subprocess args: ", args)
+ 

diff --git a/net-misc/dropbear/files/dropbear-2024.84-tests.patch b/net-misc/dropbear/files/dropbear-2024.84-tests.patch
new file mode 100644
index 000000000000..a7c53a42884e
--- /dev/null
+++ b/net-misc/dropbear/files/dropbear-2024.84-tests.patch
@@ -0,0 +1,57 @@
+Create all the keys needed for the tests.
+Enable testing server auth.
+
+dbclient obeys $HOME, but dropbear (the server) resolves HOME using getpwnam.
+Use sys-libs/nss_wrapper to fake it during tests.
+
+--- a/test/Makefile.in
++++ b/test/Makefile.in
+@@ -4,18 +4,24 @@
+ 
+ all: test
+ 
+-test: venv/bin/pytest fakekey
+-	(source ./venv/bin/activate; pytest --hostkey=fakekey --dbclient=../dbclient --dropbear=../dropbear $(srcdir) )
++uid:=$(shell id -u)
++gid:=$(shell id -g)
++test: fakekey
++	mkdir -p ~/.ssh
++	../dropbearkey -t ecdsa -f ~/.ssh/id_dropbear
++	../dropbearkey -y -f ~/.ssh/id_dropbear | grep ^ecdsa > ~/.ssh/authorized_keys
++	../dropbearkey -t ecdsa -f ~/.ssh/id_dropbear_key2 | grep ^ecdsa | sed 's/[^ ]*$$/key2 extra/' >> ~/.ssh/authorized_keys
++	../dropbearkey -t ecdsa -f ~/.ssh/id_dropbear_key3 | grep ^ecdsa | sed 's/[^ ]*$$/key3%char/' >> ~/.ssh/authorized_keys
++	../dropbearkey -t ecdsa -f ~/.ssh/id_dropbear_key4 | grep ^ecdsa | sed 's/[^ ]*$$/key4,char/' >> ~/.ssh/authorized_keys
++	echo "$(LOGNAME)::$(uid):$(gid):$(USER):$(HOME):/bin/bash" >> ~/passwd
++	echo "$(LOGNAME)::$(gid):" >> ~/group
++	chmod 0700 ~ ~/.ssh ~/.ssh/authorized_keys ~/passwd ~/group
++	DBTEST_IN_ACTION=y pytest --hostkey=fakekey --dbclient=../dbclient --dropbear=../dropbear $(srcdir)
+ 
+-one: venv/bin/pytest fakekey
+-	(source ./venv/bin/activate; pytest --hostkey=fakekey --dbclient=../dbclient --dropbear=../dropbear $(srcdir) -k exit)
++one: fakekey
++	pytest --hostkey=fakekey --dbclient=../dbclient --dropbear=../dropbear $(srcdir) -k exit
+ 
+ fakekey:
+ 	../dropbearkey -t ecdsa -f $@
+ 
+-venv/bin/pytest: $(srcdir)/requirements.txt
+-	python3 -m venv init venv
+-	./venv/bin/pip install --upgrade pip
+-	./venv/bin/pip install -r $(srcdir)/requirements.txt
+-
+ .PHONY: test
+--- a/test/test_dropbear.py
++++ b/test/test_dropbear.py
+@@ -27,7 +27,11 @@ def dropbear(request):
+ 		]
+ 	print("subprocess args: ", args)
+ 
+-	p = subprocess.Popen(args, stderr=subprocess.PIPE, text=True)
++	env = os.environ
++	env['LD_PRELOAD'] = 'libnss_wrapper.so'
++	env['NSS_WRAPPER_PASSWD'] = env['HOME'] + '/passwd'
++	env['NSS_WRAPPER_GROUP'] = env['HOME'] + '/group'
++	p = subprocess.Popen(args, stderr=subprocess.PIPE, text=True, env=env)
+ 	# Wait until it has started listening
+ 	for l in p.stderr:
+ 		if "Not backgrounding" in l: