Yes, I'm aware that dropbear looks for that, but it won't be looking in the recipe folder. If you added it in SRC_URI then it would be in WORKDIR which is almost the right place, but not quite.
Patching default_options does seem like the best idea moving forwards though. Ross On 12 September 2018 at 22:04, <[email protected]> wrote: >>From: "Burton, Ross" >>To: [email protected] >>Cc: "[email protected]" >>Sent: Wednesday September 12 2018 7:20:27AM >>Subject: Re: [OE-core] [PATCH] disable medium-strength dropbear ssh ciphers >> >>Presumably this doesn't actually work as you're just adding a file to >>git without actually referring to it anywhere. >> > > Thanks for your email. I am still trying to get the Dropbear patch > upstreamed. (This is my first patch, so I am a bit of an open source noob.) > > To address your concern: Dropbear version 2018.76 and later build process > specifically looks for the localoptions.h file as the way to customize > dropbear. (Note the 2017.75 and earlier versions use a different mechanism > to customize.) See the Makefile.in file for details. > > However, now I am wondering if patching Dropbear's default_options.h file > would be a better way to make this change. Adding a localoption.h file is > the way to customize dropbear. But I want to change the *default* behavior > of dropbear so that it uses the same encryption ciphers as OpenSSH. I think > patching default_options.h would be better way to accomplish that goal. And > that patch could be applied to the Dropbear project itself. > >>Ross >> >>On 7 September 2018 at 20:16, <[email protected]> wrote: >> This changes the Dropbear SSH server configuration so it will not >> accept medium-strength encryption ciphers including: CBC mode, MD5, >> 96-bit MAC, and triple DES. >> >> Upstream-Status: Pending >> >> Signed-off-by: Joseph Reynolds <[email protected]> >> --- >> meta/recipes-core/dropbear/dropbear/localoptions.h | 8 ++++++++ >> 1 file changed, 8 insertions(+) >> create mode 100644 meta/recipes-core/dropbear/dropbear/localoptions.h >> >> diff --git a/meta/recipes-core/dropbear/dropbear/localoptions.h >> b/meta/recipes-core/dropbear/dropbear/localoptions.h >> new file mode 100644 >> index 0000000..ec48c26 >> --- /dev/null >> +++ b/meta/recipes-core/dropbear/dropbear/localoptions.h >> @@ -0,0 +1,8 @@ >> +/* Customize dropbear per default_options.h in the dropbear project */ >> + >> +/* Disable insecure ciphers */ >> +#define DROPBEAR_TWOFISH256 0 >> +#define DROPBEAR_TWOFISH128 0 >> +#define DROPBEAR_ENABLE_CBC_MODE 0 >> +#define DROPBEAR_SHA1_HMAC 0 >> +#define DROPBEAR_SHA1_96_HMAC 0 >> -- >> 2.7.2 >> >> >> >> -- >> _______________________________________________ >> Openembedded-core mailing list >> [email protected] >> > http://lists.openembedded.org/mailman/listinfo/openembedded-core > /> > -- _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
