[Buildroot] [PATCH 1/1] dropbear: add extra build customization options
thomas.petazzoni at free-electrons.com
Tue Feb 3 14:04:37 UTC 2015
Dear Floris Bos,
On Thu, 11 Sep 2014 17:43:31 +0200, Floris Bos wrote:
> - Option to disable password authentication,
> to only allow public key authentication instead
This can be done at runtime using the -s option, and presumably
disabling it at build time doesn't give much space savings, so we'd
rather not have a Config.in option for this.
> - Option to disable TCP forwarding.
> Defaults to y, as most legitimate users are not using it,
> and the feature is very popular with spammers that scan
> for devices with weak passwords and use them to relay spam.
This can be done at runtime using the -j and -k options, so same logic
as for the password authentication disabling.
We'd however be open to merge the option to install or not the clients,
but we do have some comments/questions below.
> +ifeq ($(BR2_PACKAGE_DROPBEAR_CLIENT),y)
> DROPBEAR_TARGET_BINS = dbclient dropbearkey dropbearconvert scp ssh
> DROPBEAR_MAKE = $(MAKE) MULTI=1 SCPPROGRESS=1 \
> PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp"
> -DROPBEAR_LICENSE = MIT, BSD-2c-like, BSD-2c
> -DROPBEAR_LICENSE_FILES = LICENSE
> +DROPBEAR_TARGET_BINS = dropbearkey dropbearconvert scp
> +DROPBEAR_MAKE = $(MAKE) MULTI=1 SCPPROGRESS=1 \
> + PROGRAMS="dropbear dropbearkey dropbearconvert scp"
Why is scp part of the server-only installation?
Also, can you make this a bit smarter to avoid duplication. For example:
DROPBEAR_TARGET_BINS = dropbearkey dropbearconvert scp
DROPBEAR_TARGET_BINS += ssh dbclient
And then use:
When doing the $(MAKE) call.
We'll mark your patch as 'Changes Requested' in patchwork, so can you
resend an updated version that takes into account those comments?
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
More information about the buildroot