diff options
| -rw-r--r-- | debian/README.runit | 16 | ||||
| -rw-r--r-- | debian/changelog | 67 | ||||
| -rw-r--r-- | debian/control | 4 | ||||
| -rw-r--r-- | debian/dropbear.README.Debian | 55 | ||||
| -rw-r--r-- | debian/dropbear.init | 11 | ||||
| -rw-r--r-- | debian/dropbear.postinst | 8 | ||||
| -rwxr-xr-x | debian/rules | 9 |
7 files changed, 103 insertions, 67 deletions
diff --git a/debian/README.runit b/debian/README.runit index 4ac2814..0a32176 100644 --- a/debian/README.runit +++ b/debian/README.runit @@ -31,16 +31,16 @@ run script # vi /etc/dropbear/run -Finally enable the service by linking dropbear's service directory to -/var/service/. The service will be started within five seconds, and -automatically at boot time. The sysv init script is disabled; see the -runsvctrl(8) program for information on how to control services handled by -runit. See the svlogd(8) program on how to configure the log service. +Finally enable the service through runit's update-service(8) program, the +service will be started within five seconds, and automatically at boot +time, and the sysv init script will automatically be disabled; see the +sv(8) program for information on how to control services handled by runit. +See the svlogd(8) program on how to configure the log service. - # ln -s /etc/dropbear /var/service/ + # update-service --add /etc/dropbear Optionally check the status of the service a few seconds later - # runsvstat -l /var/service/dropbear + # sv status dropbear - -- Gerrit Pape <pape@smarden.org>, Sun, 16 May 2004 15:52:34 +0000 + -- Gerrit Pape <pape@smarden.org>, Fri, 02 Mar 2007 20:41:08 +0000 diff --git a/debian/changelog b/debian/changelog index e7d4141..78dcea9 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,14 +1,69 @@ -dropbear (0.50-0.1) unstable; urgency=low +dropbear (0.50-4) unstable; urgency=low - * New upstream release. + * debian/dropbear.init: apply patch from Petter Reinholdtsen: add LSB + formatted dependency info in init.d script (closes: #466257). + * debian/rules: no longer include symlinks for ./supervise/ subdirectories. + * debian/dropbear.postinst: upgrade from << 0.50-4: if dropbear is managed + by runit, remove service, and re-add using update-service(8). + * debian/control: Standards-Version: 3.7.3.0. + * debian/rules: target clean: don't ignore errors but check for readable + ./Makefile. - -- Matt Johnston <matt@ucc.asn.au> Wed, 8 Aug 2007 11:22:33 +0800 + -- Gerrit Pape <pape@smarden.org> Thu, 06 Mar 2008 19:06:58 +0000 -dropbear (0.49-0.1) unstable; urgency=low +dropbear (0.50-3) unstable; urgency=low - * New upstream release. + * debian/dropbear.init: use the update-service(8) program from the runit + package instead of directly checking for the symlink in /var/service/. + * debian/README.runit: talk about update-service(8) instead of symlinks + in /var/service/. + + -- Gerrit Pape <pape@smarden.org> Fri, 15 Feb 2008 00:32:37 +0000 + +dropbear (0.50-2) unstable; urgency=low + + * debian/dropbear.README.Debian: no longer talk about entropy from + /dev/random, /dev/urandom is now used by default (thx Joey Hess, + closes: #441515). + + -- Gerrit Pape <pape@smarden.org> Mon, 24 Sep 2007 16:49:17 +0000 + +dropbear (0.50-1) unstable; urgency=low + + * debian/README.runit: minor. + * new upstream version. + * debian/diff/0001-options.h-use-dev-urandom-instead-of-dev-random-a.diff: + remove; fixed upstream. + + -- Gerrit Pape <pape@smarden.org> Thu, 09 Aug 2007 23:01:01 +0000 + +dropbear (0.49-2) unstable; urgency=low + + * debian/rules: apply diffs from debian/diff/ with patch -p1 instead of + -p0. + * debian/diff/0001-options.h-use-dev-urandom-instead-of-dev-random-a.diff: + new; options.h: use /dev/urandom instead of /dev/random as + DROPBEAR_RANDOM_DEV (closes: #386976). + * debian/rules: target clean: remove libtomcrypt/Makefile, + libtommath/Makefile. + + -- Gerrit Pape <pape@smarden.org> Sat, 09 Jun 2007 08:59:59 +0000 + +dropbear (0.49-1) unstable; urgency=high + + * new upstream release, fixes + * CVE-2007-1099: dropbear dbclient insufficient warning on hostkey + mismatch (closes: #412899). + * dbclient uses static "Password:" prompt instead of using the server's + prompt (closes: #394996). + * debian/control: Suggests: openssh-client, not ssh (closes: #405686); + Standards-Version: 3.7.2.2. + * debian/README.Debian: ssh -> openssh-server, openssh-client; remove + 'Replacing OpenSSH "sshd" with Dropbear' part, this is simply done by not + installing the openssh-server package. + * debian/README.runit: runsvstat -> sv status. - -- Matt Johnston <matt@ucc.asn.au> Fri, 23 Feb 2007 00:44:00 +0900 + -- Gerrit Pape <pape@smarden.org> Fri, 2 Mar 2007 20:48:18 +0000 dropbear (0.48.1-1) unstable; urgency=medium diff --git a/debian/control b/debian/control index 81835b3..e2731f6 100644 --- a/debian/control +++ b/debian/control @@ -3,12 +3,12 @@ Section: net Priority: optional Maintainer: Gerrit Pape <pape@smarden.org> Build-Depends: libz-dev -Standards-Version: 3.6.2.1 +Standards-Version: 3.7.3.0 Package: dropbear Architecture: any Depends: ${shlibs:Depends} -Suggests: ssh, runit +Suggests: openssh-client, runit Description: lightweight SSH2 server and client dropbear is a SSH 2 server and client designed to be small enough to be used in small memory environments, while still being functional and diff --git a/debian/dropbear.README.Debian b/debian/dropbear.README.Debian index 7eec3e6..0ce1874 100644 --- a/debian/dropbear.README.Debian +++ b/debian/dropbear.README.Debian @@ -1,52 +1,19 @@ Dropbear for Debian ------------------- -This package will attempt to listen on port 22. If the OpenSSH -package ("ssh") is installed, the file /etc/default/dropbear -will be set up so that the server does not start by default. +This package will attempt to setup the Dropbear ssh server to listen on +port 22. If the OpenSSH server package ("openssh-server") is installed, +the file /etc/default/dropbear will be set up so that the server does not +start by default. -You can run Dropbear concurrently with OpenSSH 'sshd' by -modifying /etc/default/dropbear so that "NO_START" is set to -"0" and changing the port number that Dropbear runs on. Follow -the instructions in the file. +You can run Dropbear concurrently with OpenSSH 'sshd' by modifying +/etc/default/dropbear so that "NO_START" is set to "0", and changing the +port number that Dropbear runs on. Follow the instructions in the file. -This package suggests you install the "ssh" package. This package -provides the "ssh" client program, as well as the "/usr/bin/scp" -binary you will need to be able to retrieve files from a server -running Dropbear via SCP. - -Replacing OpenSSH "sshd" with Dropbear --------------------------------------- - -You will still want to have the "ssh" package installed, as it -provides the "ssh" and "scp" binaries. When you install this -package, it checks for existing OpenSSH host keys and if found, -converts them to the Dropbear format. - -If this appears to have worked, you should be able to change over -by following these steps: - -1. Stop the OpenSSH server - % /etc/init.d/ssh stop -2. Prevent the OpenSSH server from starting in the future - % touch /etc/ssh/sshd_not_to_be_run -3. Modify the Dropbear defaults file, set NO_START to 0 and - ensure DROPBEAR_PORT is set to 22. - % editor /etc/default/dropbear -4. Restart the Dropbear server. - % /etc/init.d/dropbear restart +This package suggests you install the "openssh-client" package, which +provides the "ssh" client program, as well as the "/usr/bin/scp" binary +you will need to be able to retrieve files via SCP from a server running +Dropbear. See the Dropbear homepage for more information: http://matt.ucc.asn.au/dropbear/dropbear.html - - -Entropy from /dev/random ------------------------- - -The dropbear binary package is configured at compile time to read -entropy from /dev/random. If /dev/random on a system blocks when -reading data from it, client logins may be delayed until the client -times out. The dropbear server writes a notice to the logs when it -sees /dev/random blocking. A workaround for such systems is to -re-compile the package with DROPBEAR_RANDOM_DEV set to /dev/urandom -in options.h. diff --git a/debian/dropbear.init b/debian/dropbear.init index ee69076..1705330 100644 --- a/debian/dropbear.init +++ b/debian/dropbear.init @@ -1,4 +1,11 @@ #!/bin/sh +### BEGIN INIT INFO +# Provides: dropbear +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +### END INIT INFO # # Do not configure this file. Edit /etc/default/dropbear instead! # @@ -17,8 +24,8 @@ set -e cancel() { echo "$1" >&2; exit 0; }; test ! -r /etc/default/dropbear || . /etc/default/dropbear test -x "$DAEMON" || cancel "$DAEMON does not exist or is not executable." -test ! -h /var/service/dropbear || \ - cancel '/var/service/dropbear exists, service is controlled through runit.' +test ! -x /usr/sbin/update-service || ! update-service --check dropbear || + cancel 'The dropbear service is controlled through runit, use the sv(8) program' test -z "$DROPBEAR_BANNER" || \ DROPBEAR_EXTRA_ARGS="$DROPBEAR_EXTRA_ARGS -b $DROPBEAR_BANNER" diff --git a/debian/dropbear.postinst b/debian/dropbear.postinst index e51e2b7..7c95cfa 100644 --- a/debian/dropbear.postinst +++ b/debian/dropbear.postinst @@ -69,3 +69,11 @@ if test -x /etc/init.d/dropbear; then /etc/init.d/dropbear restart fi fi + +if test -n "$2" && dpkg --compare-versions "$2" lt '0.50-4' && +update-service --check dropbear; then + update-service --remove /etc/dropbear 2>/dev/null || : + sleep 6 + rm -rf /var/run/dropbear /var/run/dropbear.log + update-service --add /etc/dropbear || : +fi diff --git a/debian/rules b/debian/rules index 52c3ea8..605754e 100755 --- a/debian/rules +++ b/debian/rules @@ -28,7 +28,7 @@ DIR =$(shell pwd)/debian/dropbear patch: deb-checkdir patch-stamp patch-stamp: for i in `ls -1 debian/diff/*.diff || :`; do \ - patch -p0 <$$i || exit 1; \ + patch -p1 <$$i || exit 1; \ done touch patch-stamp @@ -46,10 +46,11 @@ build-stamp: config.status touch build-stamp clean: deb-checkdir deb-checkuid - -$(MAKE) distclean + test ! -r Makefile || $(MAKE) distclean + rm -f libtomcrypt/Makefile libtommath/Makefile test ! -e patch-stamp || \ for i in `ls -1r debian/diff/*.diff || :`; do \ - patch -p0 -R <$$i; \ + patch -p1 -R <$$i; \ done rm -f patch-stamp build-stamp config.log config.status rm -rf '$(DIR)' @@ -76,8 +77,6 @@ install: deb-checkdir deb-checkuid build-stamp install -d -m0755 '$(DIR)'/etc/dropbear/log install -m0755 debian/service/log '$(DIR)'/etc/dropbear/log/run ln -s /var/log/dropbear '$(DIR)'/etc/dropbear/log/main - ln -s /var/run/dropbear '$(DIR)'/etc/dropbear/supervise - ln -s /var/run/dropbear.log '$(DIR)'/etc/dropbear/log/supervise # man pages install -d -m0755 '$(DIR)'/usr/share/man/man8 for i in dropbear.8 dropbearkey.8; do \ |