Re: [OpenWrt-Devel] [PATCH] [package] dnsmasq: use host-record instead of address

[Toke Høiland-Jørgensen]

Adam Gensler open...@gnslr.us writes:

 TL;DR - using --address for individual host A records is broken, use
 --host-record instead.

Tried it in cerowrt (openwrt trunk-based) and seems to work well
(although I had to mangle the patch a bit by hand before `git am` would
accept it; the top-level package/ dir was missing from the paths in the
patch).

I'd love for the add_local_hostname option to also add the ipv6 address
of the router to the generated host-record. Tried adding it in, but got
stuck figuring out how to get the configured ipv6 address from the
ip6assign logic (network_get_ipaddr6 returns nothing, as does getting
the value from uci). I realise this is orthogonal to your host-record
patch, but since you're messing with it anyway, I thought maybe you
could figure out how to add that as well.

Doing a host record with mixed v4/v6 addresses manually from the config
works as expected. :)

-Toke


signature.asc
Description: PGP signature
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] openssh-server configure in attitude_adjustment

[Peter Wagner]

Hi,

Try to set the pw for the root user again from the telnet login with

passwd

and try to login afterwards with ssh.

Also set PasswordAuthentication yes - allthough the default value should be yes.

With kind regards,
Peter Wagner

On Sun, 16 Jun 2013 12:27:08 +0800 (CST)
jinzhcheng bjzhoug...@126.com wrote:

 Dear Sir
 
 
 (1)
 This my config file in attitude_adjustment about openssh-server:
 CONFIG_DEFAULT_dropbear=y
 # CONFIG_PACKAGE_dropbear is not set
 #
 # SSH
 #
 # CONFIG_PACKAGE_openssh-client is not set
 # CONFIG_PACKAGE_openssh-client-utils is not set
 CONFIG_PACKAGE_openssh-keygen=y
 CONFIG_PACKAGE_openssh-moduli=y
 CONFIG_PACKAGE_openssh-server=y
 # CONFIG_PACKAGE_openssh-sftp-client is not set
 # CONFIG_PACKAGE_openssh-sftp-server is not set
 
 
 
 (2)
 after telnet openwrt, I changed root passwd
 and modify /etc/ssh/sshd_config:
 
 
 Port 22
 #AddressFamily any 
 #ListenAddress 0.0.0.0 
 #ListenAddress ::  

 # The default requires explicit activation of protocol 1   
 Protocol 2 

 # HostKey for protocol version 1   
 #HostKey /etc/ssh/ssh_host_key 
 # HostKeys for protocol version 2
 HostKey /etc/ssh/ssh_host_rsa_key
 HostKey /etc/ssh/ssh_host_dsa_key   
 #HostKey /etc/ssh/ssh_host_ecdsa_key
 
 # Lifetime and size of ephemeral version 1 server key   
 KeyRegenerationInterval 1h  
 ServerKeyBits 1024  
  
 # Logging
 # obsoletes QuietMode and FascistLogging
 SyslogFacility AUTH 
 LogLevel INFO
  
 # Authentication:
  
 LoginGraceTime 2m
 PermitRootLogin yes  
 StrictModes yes 
 #MaxAuthTries 6 
 #MaxSessions 10 
 
 RSAAuthentication yes   
 PubkeyAuthentication yes
 
 # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
 # but this is overridden so installations will only check .ssh/authorized_keys
 #AuthorizedKeysFile .ssh/authorized_keys  
   
 #AuthorizedPrincipalsFile none
 # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
 RhostsRSAAuthentication no 
 # similar for protocol version 2   
 HostbasedAuthentication no 
 # Change to yes if you don't trust ~/.ssh/known_hosts for
 # RhostsRSAAuthentication and HostbasedAuthentication 
 #IgnoreUserKnownHosts no  
 # Don't read the user's ~/.rhosts and ~/.shosts files  
 IgnoreRhosts yes  
   
 # To disable tunneled clear text passwords, change to no here! 
 #PasswordAuthentication yes
 PermitEmptyPasswords no 
 
 # Change to no to disable s/key passwords
 #ChallengeResponseAuthentication yes 
  
 # Kerberos options
 #KerberosAuthentication no
 #KerberosOrLocalPasswd yes  
 #KerberosTicketCleanup yes
 #KerberosGetAFSToken no   

 # GSSAPI options   
 #GSSAPIAuthentication no  

Re: [OpenWrt-Devel] Fwd: [PATCH][include] Update CyaSSL library to last version 2.6.0

[Ben West]

I can confirm the 100-sizeof_long_long.patch patch for curl provided by
Massimo does work fine for me under ar71xx and atheros platforms.  That is,
I can now successfully have libcurl link to cyassl instead of openssl.

What additional steps are needed to close this thread, specifically to
update the cyassl Makefile to pull version 2.6.0?

On Thu, May 23, 2013 at 3:17 PM, Massimo Vellucci vema...@gmail.com wrote:

 Hi,
 sorry for the delay, I found the problem about the curl library. There
 is a bug in configure.ac file of curl package.
 You have to add the file 100-sizeof_long_long.patch in the 
 pathtrunk/feeds/packages/libs/curl/patches

 diff -u a/configure.ac b/configure.ac
 --- a/configure.ac  2013-02-06 10:47:19.0 +0100
 +++ b/configure.ac  2013-05-23 22:00:59.233980076 +0200
 @@ -2928,6 +2928,7 @@

  AC_CHECK_SIZEOF(size_t)
  AC_CHECK_SIZEOF(long)
 +AC_CHECK_SIZEOF(long long)
  AC_CHECK_SIZEOF(int)
  AC_CHECK_SIZEOF(short)
  CURL_CONFIGURE_LONG


 Curl did not determine the size of the type long long that is a value
 necessary to CyaSSL.


 My libs/curl/Makefile

 --- libs/curl/Makefile
 +++ libs/curl/Makefile

 @@ -43,7 +43,7 @@
$(call Package/curl/Default)
SECTION:=libs
CATEGORY:=Libraries
 -  DEPENDS:=+libopenssl +zlib
 +  DEPENDS:=+libcyassl +zlib
TITLE:=A client-side URL transfer library
  endef

 @@ -70,7 +70,8 @@
  --enable-tftp \
  --disable-verbose \
  --with-random=/dev/urandom \
 ---with-ssl=$(STAGING_DIR)/usr \
 +--with-cyassl=$(STAGING_DIR)/usr \
 +--without-ssl
  --without-ca-bundle \
  --without-gnutls \
  --without-krb4 \
 @@ -81,7 +82,7 @@
  $(call autoconf_bool,CONFIG_IPV6,ipv6) \

  CONFIGURE_VARS += \
 -LIBS=-lcrypto -lssl -lz \
 +LIBS=-lcyassl -lz \
  CC=$(filter-out ccache,$(TARGET_CC))


 With these settings I was able to compile curl for atheros 71xx


 Bye
 Massimo




 2013/5/21 Massimo Vellucci vema...@gmail.com

 I'm sorry but these days I have been very busy with work. I have not
 found the time to do the tests.
 I would like to remove OpenSSL from my application that I am developing and
 using CyaSSL.
 The problem of porting applications from OpenSSL to CyaSSL is requires a
 lot of work. The two libraries are not compatible 100%


 2013/5/21 Ben West b...@gowasabi.net

 For an update, I have since been able to get libcurl to link to the new
 cyassl package, provided I explicitly insert sizeof_long definitions into
 libcurl header files, shown in the patch below.  It is unusual that libcurl
 seems to require these additional defines to link to libcyassl.so, but
 uhttpd-mod-tls does not.

 I'm not sure if this patch resides properly with the package curl,
 perhaps accompanied by another patch that defines a new sub-package
 libcurl-cyassl.

 Massimo, are you using the newer version of cyassl for anything besides
 uhttpd?

 --- curl-7.29.0/include/curl/curl.h.201305182013-05-17
 23:25:23.816083944 -0500
 +++ curl-7.29.0/include/curl/curl.h2013-05-17 23:30:43.304082086
 -0500
 @@ -118,6 +118,13 @@ typedef void CURL;
  #endif
  #endif

 +/* These definitions needed for cyassl */
 +/* The size of `long', as computed by sizeof. */
 +#define SIZEOF_LONG 4
 +
 +/* The size of `long long', as computed by sizeof. */
 +#define SIZEOF_LONG_LONG 8
 +
  #ifndef curl_socket_typedef
  /* socket typedef */
  #if defined(WIN32)  !defined(__LWIP_OPT_H__)



 On Fri, May 17, 2013 at 12:00 PM, Ben West b...@gowasabi.net wrote:

 Thank you for responding.  Below is the diff of the curl Makefile,
 against that included in the Attitude Adjustment v12.09 packages 
 herehttps://dev.openwrt.org/browser/branches/packages_12.09/libs/curl/Makefile
 .

 Note that the addition of -lm to libraries for curl to link to came
 from my own research in pending OpenWRT issues about compiling curl with
 cyassl.  However, the error about long long size mismatch occurs whether
 libm.so is included or not.

 Index: libs/curl/Makefile
 ===
 --- libs/curl/Makefile(revision 36652)
 +++ libs/curl/Makefile(working copy)
 @@ -43,7 +43,7 @@
$(call Package/curl/Default)
SECTION:=libs
CATEGORY:=Libraries
 -  DEPENDS:=+libopenssl +zlib
 +  DEPENDS:=+libcyassl +zlib
TITLE:=A client-side URL transfer library
  endef

 @@ -70,7 +70,8 @@
  --enable-tftp \
  --disable-verbose \
  --with-random=/dev/urandom \
 ---with-ssl=$(STAGING_DIR)/usr \
 +--with-cyassl=$(STAGING_DIR)/usr \
 +--without-ssl
  --without-ca-bundle \
  --without-gnutls \
  --without-krb4 \
 @@ -81,7 +82,7 @@
  $(call autoconf_bool,CONFIG_IPV6,ipv6) \

  CONFIGURE_VARS += \
 -LIBS=-lcrypto -lssl -lz \
 +LIBS=-lm -lcyassl -lz \
  CC=$(filter-out ccache,$(TARGET_CC))

  define Build/Compile


 On Fri, May 17, 2013 at 2:10 AM, Massimo Vellucci vema...@gmail.comwrote:

 CyaSSL must determine the environment to recognize the size of