WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki
« previous next »
Pages: [1]   Go Down

Author Topic: Newer version of dropbear is available  (Read 2122 times)

Offline jim

  • Newbie
  • *
  • Posts: 15
Newer version of dropbear is available
« on: April 28, 2018, 05:14:13 AM »
Hello, I have noticed that dropbear is still at v2014.65 whereas the current version is v2018.76

The current build has trouble with scp from other machines unless you link scp to the expected location
ln -s /usr/local/bin/scp   /usr/bin

The same problem with xauth from remote machines for X forwarding
ln -s /usr/local/bin/xauth /usr/bin

In both cases it appears that the path comes from the remote machine and expects the binaries or a link
at the hardcoded location.  It is quite possible I am wrong however.

I can try building the package under compiletc but it is a trust issue.
I do not see any notes about the configuration used to build the .tcz

Now it looks like I am going in search of unshare and overlay_fs for building in a sandbox.

Thank you,

Jim

Logged

Offline Rich

  • Administrator
  • Hero Member
  • *****
  • Posts: 11619
Re: Newer version of dropbear is available
« Reply #1 on: April 28, 2018, 09:57:23 AM »
Hi jim
Quote from: jim on April 28, 2018, 05:14:13 AM
I can try building the package under compiletc but it is a trust issue.
I do not see any notes about the configuration used to build the .tcz
I'm not sure what you mean by  trust issue.  As far as build notes are concerned, there is a build script and an  init,d  file
here that may be of some use:
http://tinycorelinux.net/6.x/x86/tcz/src/dropbear/
« Last Edit: April 28, 2018, 10:16:00 AM by Rich »
Logged

Offline jim

  • Newbie
  • *
  • Posts: 15
Re: Newer version of dropbear is available
« Reply #2 on: May 01, 2018, 11:07:52 AM »
Hi Rich,

By trust issue, I just meant that dropbear is one of those programs that a bunch of people are very security sensitive on.
And having random user "Jim" update the dropbear package might worry them.

For myself I just made the symlinks and added them to /opt/.filetool.lst along with usr/local/etc/dropbear so that
the dropbear_{rsa,dss}_host_key files don't change and cause my other computer to stop with the warning
that the TinyCore machines' key has changed.

But to fix it properly requires changing the configure setting in build and we should likely update the key paths with localoptions.h

I found another issue dropbear will not allow root logins "/root must be owned by user or root, and not writable by others"
since root has rwx for group staff dropbear complains and that would need a fix in the initramfs

Anyway I have been poking at it, enclosed is a short patch for dropbear.build and localoptions.src but I am still not doing it
correctly when I build it, it does not want to start from the services button so I have likely forgotten something.

Ok, I just realized I registered here 8+ years ago, thank you very much for all your great work.
Tinycore has been a pleasure to use.

Thank you,

Jim
Logged
Pages: [1]   Go Up
« previous next »