Message ID | 20220720194416.89631-1-daniel@qtec.com |
---|---|
State | Superseded |
Headers | show |
Series | dropbear: Enable x11 forwarding | expand |
> On 20 Jul 2022, at 20:44, Daniel Gomez via lists.openembedded.org <daniel=qtec.com@lists.openembedded.org> wrote: > + ${@bb.utils.contains('DISTRO_FEATURES', 'x11', ' \ > + file://0007-Fix-X11-build-failure-use-DROPBEAR_PRIO_LOWDELAY.patch \ This patch should be always applied, as it doesn’t cause any breakage when applied if not used. Patches which are conditional tend to cause breakage when they’re not always applied. > + file://0008-default_options-Enable-x11-forwarding.patch', '', d)}” This should be a PACKAGECONFIG instead of a forced on/off based on DISTRO_FEATURES. Upstreaming a configure option to expose this as —enable-x-forwarding would be great, but for now you can easily sed this file as needed based on the value of PACKAGECONFIG. Ross
On Thu, 21 Jul 2022 at 11:13, Ross Burton <Ross.Burton@arm.com> wrote: > > > > On 20 Jul 2022, at 20:44, Daniel Gomez via lists.openembedded.org <daniel=qtec.com@lists.openembedded.org> wrote: > > + ${@bb.utils.contains('DISTRO_FEATURES', 'x11', ' \ > > + file://0007-Fix-X11-build-failure-use-DROPBEAR_PRIO_LOWDELAY.patch \ > > This patch should be always applied, as it doesn’t cause any breakage when applied if not used. Patches which are conditional tend to cause breakage when they’re not always applied. > > > + file://0008-default_options-Enable-x11-forwarding.patch', '', d)}” > > This should be a PACKAGECONFIG instead of a forced on/off based on DISTRO_FEATURES. > > Upstreaming a configure option to expose this as —enable-x-forwarding would be great, but for now you can easily sed this file as needed based on the value of PACKAGECONFIG. Thanks Ross for the review. I'll send a v2 with the changes and look into the upstream option. > > Ross
On Thu, 2022-07-21 at 09:12 +0000, Ross Burton wrote: > > On 20 Jul 2022, at 20:44, Daniel Gomez via lists.openembedded.org > > <daniel=qtec.com@lists.openembedded.org> wrote: > > + > > file://0008-default_options-Enable-x11-forwarding.patch', '', d)}” > > This should be a PACKAGECONFIG instead of a forced on/off based on > DISTRO_FEATURES. > > Upstreaming a configure option to expose this as —enable-x-forwarding would > be great, but for now you can easily sed this file as needed based on the > value of PACKAGECONFIG. The upstream method for Dropbear configuration is #define entries in a localoptions.h file. default_options.h should be left untouched. Adding it to CFLAGS for configure would also work, as ./configure CFLAGS="-Os -Wall -DDROPBEAR_X11FWD=1" Cheers, Matt (Dropbear upstream)
On 25 Jul 2022, at 04:11, Matt Johnston <matt@codeconstruct.com.au> wrote: > The upstream method for Dropbear configuration is #define entries in a > localoptions.h file. default_options.h should be left untouched. Adding it > to CFLAGS for configure would also work, as > > ./configure CFLAGS="-Os -Wall -DDROPBEAR_X11FWD=1” Perfect, thanks Matt! Ross
On Mon, 25 Jul 2022 at 10:49, Ross Burton <Ross.Burton@arm.com> wrote: > > On 25 Jul 2022, at 04:11, Matt Johnston <matt@codeconstruct.com.au> wrote: > > The upstream method for Dropbear configuration is #define entries in a > > localoptions.h file. default_options.h should be left untouched. Adding it > > to CFLAGS for configure would also work, as > > > > ./configure CFLAGS="-Os -Wall -DDROPBEAR_X11FWD=1” > > Perfect, thanks Matt! I've just sent a new version [1] using CFLAGS but I think I should have used localoptions.h instead as that will match the upstream configuration method. What do you think? Shall I change to localoptions.h instead? I think that should be a more elegant solution. [1] https://lore.kernel.org/all/20220927102904.722281-1-daniel@qtec.com/ > > Ross >
diff --git a/meta/recipes-core/dropbear/dropbear.inc b/meta/recipes-core/dropbear/dropbear.inc index e170587d08..7ee808db61 100644 --- a/meta/recipes-core/dropbear/dropbear.inc +++ b/meta/recipes-core/dropbear/dropbear.inc @@ -22,7 +22,10 @@ SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \ file://dropbear.socket \ file://dropbear.default \ ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ - ${@bb.utils.contains('PACKAGECONFIG', 'disable-weak-ciphers', 'file://dropbear-disable-weak-ciphers.patch', '', d)} " + ${@bb.utils.contains('PACKAGECONFIG', 'disable-weak-ciphers', 'file://dropbear-disable-weak-ciphers.patch', '', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'x11', ' \ + file://0007-Fix-X11-build-failure-use-DROPBEAR_PRIO_LOWDELAY.patch \ + file://0008-default_options-Enable-x11-forwarding.patch', '', d)}" PAM_SRC_URI = "file://0005-dropbear-enable-pam.patch \ file://0006-dropbear-configuration-file.patch \ diff --git a/meta/recipes-core/dropbear/dropbear/0007-Fix-X11-build-failure-use-DROPBEAR_PRIO_LOWDELAY.patch b/meta/recipes-core/dropbear/dropbear/0007-Fix-X11-build-failure-use-DROPBEAR_PRIO_LOWDELAY.patch new file mode 100644 index 0000000000..994bbdd42a --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear/0007-Fix-X11-build-failure-use-DROPBEAR_PRIO_LOWDELAY.patch @@ -0,0 +1,27 @@ +From 0292aacdf0aa57d03f2a3ab7e53cf650e6f29389 Mon Sep 17 00:00:00 2001 +From: Matt Johnston <matt@ucc.asn.au> +Date: Sat, 23 Apr 2022 22:33:31 +0800 +Subject: [PATCH] Fix X11 build failure, use DROPBEAR_PRIO_LOWDELAY + +Upstream-Status: Backport + +--- + svr-x11fwd.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/svr-x11fwd.c b/svr-x11fwd.c +index 353cb12..5d9e6a9 100644 +--- a/svr-x11fwd.c ++++ b/svr-x11fwd.c +@@ -206,7 +206,7 @@ void x11cleanup(struct ChanSess *chansess) { + } + + static int x11_inithandler(struct Channel *channel) { +- channel->prio = DROPBEAR_CHANNEL_PRIO_INTERACTIVE; ++ channel->prio = DROPBEAR_PRIO_LOWDELAY; + return 0; + } + +-- +2.35.1 + diff --git a/meta/recipes-core/dropbear/dropbear/0008-default_options-Enable-x11-forwarding.patch b/meta/recipes-core/dropbear/dropbear/0008-default_options-Enable-x11-forwarding.patch new file mode 100644 index 0000000000..b604c0e850 --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear/0008-default_options-Enable-x11-forwarding.patch @@ -0,0 +1,32 @@ +From bbdd4e27431df123e9f39c5fea6d1a90e90a4385 Mon Sep 17 00:00:00 2001 +From: Daniel Gomez <daniel@qtec.com> +Date: Wed, 20 Jul 2022 18:07:51 +0200 +Subject: [PATCH] default_options: Enable x11 forwarding + +Activate dropbear X11 forwarding feature. + +Disabled by default at rev: a27e8b053e520117b20993b8e51103c5bd22da8c + +Upstream-Status: Inappropriate [configuration] + +Signed-off-by: Daniel Gomez <daniel@qtec.com> +--- + default_options.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/default_options.h b/default_options.h +index 1a6a911..cd637a1 100644 +--- a/default_options.h ++++ b/default_options.h +@@ -60,7 +60,7 @@ IMPORTANT: Some options will require "make clean" after changes */ + #define DROPBEAR_SMALL_CODE 1 + + /* Enable X11 Forwarding - server only */ +-#define DROPBEAR_X11FWD 0 ++#define DROPBEAR_X11FWD 1 + + /* Enable TCP Fowarding */ + /* 'Local' is "-L" style (client listening port forwarded via server) +-- +2.35.1 +
Enable X11 forwarding whenever X11 is part of the DISTRO_FEATURES. Add backport patch to fix X11 forwarding in the current 2022.82 version. Signed-off-by: Daniel Gomez <daniel@qtec.com> --- meta/recipes-core/dropbear/dropbear.inc | 5 ++- ...d-failure-use-DROPBEAR_PRIO_LOWDELAY.patch | 27 ++++++++++++++++ ...efault_options-Enable-x11-forwarding.patch | 32 +++++++++++++++++++ 3 files changed, 63 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-core/dropbear/dropbear/0007-Fix-X11-build-failure-use-DROPBEAR_PRIO_LOWDELAY.patch create mode 100644 meta/recipes-core/dropbear/dropbear/0008-default_options-Enable-x11-forwarding.patch -- 2.35.1