[arch-commits] Commit in dropbear/trunk (PKGBUILD dropbear.service localoptions.h)

Wed Oct 3 08:15:26 UTC 2018

Date: Wednesday, October 3, 2018 @ 08:15:26
  Author: arodseth
Revision: 389116

upgpkg: dropbear 2018.76-2

Added:
  dropbear/trunk/localoptions.h
Modified:
  dropbear/trunk/PKGBUILD
  dropbear/trunk/dropbear.service

------------------+
 PKGBUILD         |   15 ++++++++-------
 dropbear.service |    2 +-
 localoptions.h   |   41 +++++++++++++++++++++++++++++++++++++++++
 3 files changed, 50 insertions(+), 8 deletions(-)

Modified: PKGBUILD
===================================================================

--- PKGBUILD	2018-10-03 06:57:29 UTC (rev 389115)
+++ PKGBUILD	2018-10-03 08:15:26 UTC (rev 389116)
@@ -1,4 +1,4 @@
-# Maintainer: Alexander F Rødseth <xyproto at archlinux.org>
+# Maintainer: Alexander F. Rødseth <xyproto at archlinux.org>
 # Contributor: Timothy Redaelli <timothy.redaelli at gmail.com>
 # Contributor: Bartlomiej Piotrowski <nospam at bpiotrowski.pl>
 # Contributor: Jaroslav Lichtblau <dragonlord at aur.archlinux.org>
@@ -9,28 +9,29 @@
 pkgbase=dropbear
 pkgname=(dropbear scp)
 pkgver=2018.76
-pkgrel=1
+pkgrel=2
 pkgdesc='Lightweight SSH server'
 arch=('x86_64')
 url='https://matt.ucc.asn.au/dropbear/dropbear.html'
 license=('MIT')
-options=(!emptydirs)
+options=(emptydirs)
 validpgpkeys=('F7347EF2EE2E07A267628CA944931494F29C6773')
 source=("https://matt.ucc.asn.au/$pkgname/releases/$pkgname-$pkgver.tar.bz2"{,.asc}
+        'localoptions.h'
         "$pkgname.service")
 sha256sums=('f2fb9167eca8cf93456a5fc1d4faf709902a3ab70dd44e352f3acbc3ffdaea65'
             'SKIP'
-            '8890a35b6cb14745c1b22f80d3a8532de2a853c78a30eac72b954012e286504a')
+            'ad524b470170ecb297df2c4a7307f56d4c56b65fb643b0356775799c4928e879'
+            '0c0e5b9d121b9d728fed92d6574f2a96d74e4f8a61169dc1e452488f43bb1484')
 
 prepare() {
-  sed -i 's,usr/libexec/sftp,usr/lib/ssh/sftp,;/#define DROPBEAR_SMALL_CODE/d' \
-    "$pkgname-$pkgver/options.h"
+  cp -f localoptions.h "$pkgname-$pkgver/"
 }
 
 build() {
   cd "$pkgname-$pkgver"
 
-  ./configure --prefix=/usr --bindir=/usr/bin --sbindir=/usr/bin
+  ./configure --bindir=/usr/bin --prefix=/usr --sbindir=/usr/bin
   make PROGRAMS="dbclient dropbear dropbearconvert dropbearkey scp" SCPPROGRESS=1
 }
 

Modified: dropbear.service
===================================================================
--- dropbear.service	2018-10-03 06:57:29 UTC (rev 389115)
+++ dropbear.service	2018-10-03 08:15:26 UTC (rev 389116)
@@ -1,5 +1,5 @@
 [Unit]
-Description=Dropbear SSH Daemon
+Description=Dropbear SSH Server
 After=network.target
 
 [Service]

Added: localoptions.h
===================================================================
--- localoptions.h	                        (rev 0)
+++ localoptions.h	2018-10-03 08:15:26 UTC (rev 389116)
@@ -0,0 +1,41 @@
+/*
+ * Arch Linux configuration for DropBear
+ *
+ * The majority of these options are disabled or enabled as a result of
+ * running ssh-audit.
+ *
+ * https://github.com/arthepsy/ssh-audit
+ */
+
+/* Disable CBC mode for ciphers */
+#define DROPBEAR_ENABLE_CBC_MODE 0
+
+/* Disable X11 Forwarding on the server */
+#define DROPBEAR_X11FWD 0
+
+/* Disable reverse DNS lookups */
+#define DO_HOST_LOOKUP 0
+
+/* Enable twofish128 and twofish256 */
+#define DROPBEAR_TWOFISH128 1
+#define DROPBEAR_TWOFISH256 1
+
+/* Disable SHA-96 */
+#define DROPBEAR_SHA1_HMAC 0
+#define DROPBEAR_SHA1_96_HMAC 0
+
+/* Disable DSS */
+#define DROPBEAR_DSS 0
+
+/* Disable ECDH */
+#define DROPBEAR_ECDH 0
+#define DROPBEAR_ECDSA 0
+
+/* SFTP server path */
+#define SFTPSERVER_PATH "/usr/lib/ssh/sftp-server"
+
+/* Spend a small mount of bytes for an increase in performance */
+#define DROPBEAR_SMALL_CODE 0
+
+/* Default path */
+#define DEFAULT_PATH "/usr/bin"

