subtree updates
poky: 110ee701b3..5950c63d54:
Alexander Kanavin (19):
ovmf: update 202308 -> 202402
attr: update 2.5.1 -> 2.5.2
dpkg: update 1.22.0 -> 1.22.5
gptfdisk: update 1.0.9 -> 1.0.10
icu: update 74-1 -> 74-2
go-helloworld: update to latest revision
libpam: update 1.5.3 -> 1.6.0
libtraceevent: update 1.7.3 -> 1.8.2
mdadm: update 4.2 -> 4.3
npth: update 1.6 -> 1.7
python3-lxml: update 5.0.0 -> 5.1.0
rpm: update 4.19.1 -> 4.19.1.1
ruby: update 3.2.2 -> 3.3.0
tcl: update 8.6.13 -> 8.6.14
texinfo: update 7.0.3 -> 7.1
waffle: update 1.7.2 -> 1.8.0
shadow: update 4.14.2 -> 4.15.0
meta/lib/oe/sstatesig.py: do not error out if sstate files fail on os.stat()
scripts/oe-setup-build: write a build environment initialization one-liner into the build directory
Bruce Ashfield (1):
perf: make bpf asm include arch conditional
Chen Qi (2):
ovmf: set CVE_STATUS for CVE-2014-8271
ovmf: set CVE_STATUS for a few CVEs
Denys Dmytriyenko (3):
mtd-utils: upgrade 2.1.6 -> 2.2.0
lzip: upgrade 1.24 -> 1.24.1
wayland-protocols: upgrade 1.33 -> 1.34
Harish Sadineni (1):
rust: set CVE_STATUS for CVE-2024-24576
Joao Marcos Costa (6):
classes: document new go-vendor class
migration updates for 5.0
release-notes updates for 5.0
ref-manual/variables: add new variables for v5.0
release-notes-5.0: add updates
release-notes-5.0: mention cmake-qemu.bbclass
Joe Slater (2):
init-ifupdown: modify interfaces for busybox
packagegroup-core-boot: recommend ifupdown
Jon Mason (4):
acpica: use github for SRC_URI
acpica: update to 20240322 release
yocto-bsp/linux-yocto-dev: add genericarm64
yocto-bsp/genericarm64: add virtio-gpu
Joshua Watt (1):
bitbake: siggen: Capture SSL environment for hashserver
Julien Stephan (1):
devtool: standard: throws appropriate error if source is in detached HEAD
Jörg Sommer (1):
kernel-dev: join mkdir commands with -p
K Sanjay Nayak (1):
xorg-xserver-config: Disable screen blanking for qemu images
Khem Raj (5):
llvm: Upgrade to 18.1.3 bugfix release
sanity: Use diff instead of meld by default
libseccomp: Fix build when python packageconfig is enabled
linux-yocto: Enable nft modules for ptest images
mdadm: Fix build with new musl
Lee Chee Yang (2):
release-notes-4.0.17: reorder CVEs
migration-guides: add release notes for 4.3.4
Max Krummenacher (1):
perf: add asm include required for v6.9+
Michael Haener (1):
iproute2: add bridge package
Michael Opdenacker (19):
manuals: fix duplicate "stylecheck" target
manuals: add initial sphinx-lint support
manuals: fix trailing spaces
manuals: fix incorrect double backticks
migration-guides: add missing opening tag colon
release-notes-5.0: documentation highlights
manuals: remove tab characters
dev-manual/debugging: mention new ``taskexp_ncurses`` option
migration-guides: release-notes-5.0: update docs highlights
bitbake: prserv: simplify the PRServerClient() interface
bitbake: prserv: use double quotes by default
bitbake: bitbake-prserv: replace deprecated optparse by argparse
bitbake: prserv: use self.logger instead of logger directly
bitbake: asyncrpc: include parse_address from hashserv
bitbake: prserv: capitalization and spacing improvements
bitbake: prserv: add extra requests
bitbake: prserv: remove redundant exception handler
bitbake: prserv: correct error message
bitbake: prserv: remove unnecessary code
Mikko Rapeli (1):
linux-yocto-dev: remove duplicate DEPENDS
Ninette Adhikari (3):
oe-build-perf-report: Add apache echarts to make report interactive
oe-build-perf-report: Display more than 300 commits and date instead of commit number
oe-build-perf-report: Improve report styling and add descriptions
Oleh Matiusha (1):
nativesdk-gzip: fix reproducibility issues
Peter Hoyes (1):
u-boot-tools: Package mkeficapsule
Peter Marko (2):
bitbake.conf: remove comment about oldincludedir
systemd: make predictable name mac policy opt-out
Quentin Schulz (2):
docs: conf.py: properly escape backslashes for latex_elements
manuals: refer to new yocto-patches mailing list wherever appropriate
Richard Purdie (10):
xwayland: Upgrade 23.2.4 -> 23.2.5
curl: Upgrade 8.6.0 -> 8.7.1
nghttp2: Upgrade 1.60.1 -> 1.61.0
pseudo: Update to pull in fchmodat fix
bitbake: doc/user-manual: Add BB_LOADFACTOR_MAX
bitbake: BBHandler: Handle unclosed functions correctly
testimage: Enable runtime 'login' screenshot tests
Revert "testimage: Enable runtime 'login' screenshot tests"
python3-websockets: Import from meta-python
buildtools-tarball: Add python3-websockets
Rob Woolley (1):
bitbake: wget: Make wget --passive-ftp option conditional on ftp/ftps
Ross Burton (2):
eudev: update Upstream-Status on netifnames.patch
classes/pypi: don't expose PYPI_ARCHIVE_NAME
Simone Weiß (1):
bitbake: doc: Add section for variable context
Wang Mingyu (87):
debianutils: upgrade 5.16 -> 5.17
diffoscope: upgrade 259 -> 260
encodings: upgrade 1.0.7 -> 1.1.0
gcr: upgrade 4.2.0 -> 4.2.1
ghostscript: upgrade 10.02.1 -> 10.03.0
libassuan: upgrade 2.5.6 -> 2.5.7
libfontenc: upgrade 1.1.7 -> 1.1.8
libpng: upgrade 1.6.42 -> 1.6.43
libsdl2: upgrade 2.30.0 -> 2.30.1
libxcb: upgrade 1.16 -> 1.16.1
libxcursor: upgrade 1.2.1 -> 1.2.2
libxdmcp: upgrade 1.1.4 -> 1.1.5
mkfontscale: upgrade 1.2.2 -> 1.2.3
pango: upgrade 1.52.0 -> 1.52.1
psmisc: upgrade 23.6 -> 23.7
python3-cython: upgrade 3.0.8 -> 3.0.9
python3-hypothesis: upgrade 6.98.15 -> 6.99.4
python3-importlib-metadata: upgrade 7.0.1 -> 7.0.2
python3-libarchive-c: upgrade 5.0 -> 5.1
python3-pygobject: update 3.46.0 -> 3.48.1
python3-pyopenssl: upgrade 24.0.0 -> 24.1.0
python3-pyparsing: upgrade 3.1.1 -> 3.1.2
python3-pytest-subtests: upgrade 0.11.0 -> 0.12.1
python3-pytest: upgrade 8.0.2 -> 8.1.1
python3-trove-classifiers: upgrade 2024.2.23 -> 2024.3.3
repo: upgrade 2.42 -> 2.44
shaderc: update 2023.8 -> 2024.0
stress-ng: upgrade 0.17.05 -> 0.17.06
xauth: upgrade 1.1.2 -> 1.1.3
xev: update 1.2.5 -> 1.2.6
gnupg: upgrade 2.4.4 -> 2.4.5
adwaita-icon-theme: upgrade 45.0 -> 46.0
at-spi2-core: upgrade 2.50.1 -> 2.52.0
bind: upgrade 9.18.24 -> 9.18.25
createrepo-c: upgrade 1.0.4 -> 1.1.0
enchant2: upgrade 2.6.7 -> 2.6.8
harfbuzz: upgrade 8.3.0 -> 8.3.1
libbsd: upgrade 0.12.1 -> 0.12.2
libcomps: upgrade 0.1.20 -> 0.1.21
libpciaccess: upgrade 0.18 -> 0.18.1
libwpe: upgrade 1.14.2 -> 1.16.0
libxkbcommon: upgrade 1.6.0 -> 1.7.0
libxml2: upgrade 2.12.5 -> 2.12.6
lighttpd: upgrade 1.4.74 -> 1.4.75
openssh: upgrade 9.6p1 -> 9.7p1
python3-hatchling: upgrade 1.21.1 -> 1.22.4
python3-importlib-metadata: upgrade 7.0.2 -> 7.1.0
python3-license-expression: upgrade 30.2.0 -> 30.3.0
python3-markdown: upgrade 3.5.2 -> 3.6
python3-packaging: upgrade 23.2 -> 24.0
python3-pyelftools: upgrade 0.30 -> 0.31
python3-referencing: upgrade 0.33.0 -> 0.34.0
python3-scons: upgrade 4.6.0 -> 4.7.0
python3-setuptools: upgrade 69.1.1 -> 69.2.0
python3-wheel: upgrade 0.42.0 -> 0.43.0
python3-zipp: upgrade 3.17.0 -> 3.18.1
vala: upgrade 0.56.15 -> 0.56.16
wget: upgrade 1.21.4 -> 1.24.5
mesa: upgrade 24.0.2 -> 24.0.3
vulkan: upgrade 1.3.275.0 -> 1.3.280.0
babeltrace2: upgrade 2.0.5 -> 2.0.6
bash-completion: upgrade 2.12.0 -> 2.13.0
btrfs-tools: upgrade 6.7.1 -> 6.8
coreutils: upgrade 9.4 -> 9.5
dnf: upgrade 4.19.0 -> 4.19.2
ell: upgrade 0.63 -> 0.64
enchant2: upgrade 2.6.8 -> 2.6.9
libdnf: upgrade 0.73.0 -> 0.73.1
libical: upgrade 3.0.17 -> 3.0.18
liburi-perl: upgrade 5.27 -> 5.28
libx11: upgrade 1.8.7 -> 1.8.9
libxmlb: upgrade 0.3.15 -> 0.3.17
libxmu: upgrade 1.1.4 -> 1.2.0
lttng-tools: upgrade 2.13.11 -> 2.13.13
man-db: upgrade 2.12.0 -> 2.12.1
mpg123: upgrade 1.32.5 -> 1.32.6
mtdev: upgrade 1.1.6 -> 1.1.7
pkgconf: upgrade 2.1.1 -> 2.2.0
python3-beartype: upgrade 0.17.2 -> 0.18.2
python3-build: upgrade 1.1.1 -> 1.2.1
python3-git: upgrade 3.1.42 -> 3.1.43
python3-pyasn1: upgrade 0.5.1 -> 0.6.0
python3-typing-extensions: upgrade 4.10.0 -> 4.11.0
rsync: upgrade 3.2.7 -> 3.3.0
ttyrun: upgrade 2.31.0 -> 2.32.0
u-boot: upgrade 2024.01 -> 2024.04
xorgproto: upgrade 2023.2 -> 2024.1
Yoann Congal (2):
ref-manual: variables: document CVE_DB_INCR_UPDATE_AGE_THRES variable
release-notes-5.0: document some cve, strace and qa changes
meta-raspberrypi: d072cc8a48..1879cb831f:
Max Stepanov (1):
rpi-eeprom: Update to support raspberrypi5 machine
meta-arm: d9e18ce792..17df9c4ebc:
Anusmita Dutta Mazumder (2):
arm-bsp/u-boot:corstone1000: add unique guid for fvp and mps3
arm-bsp/tf-m:corstone1000: add unique guid for fvp and mps3
Debbie Martin (1):
arm-systemready: Change get_json_result_dir helper
Harsimran Singh Tungal (1):
corstone1000:arm-bsp/tftf: upgrade tftf version to v2.10
Jon Mason (7):
arm-bsp: remove unused recipes
arm-bsp: Remove tc1
CI: update to kas 4.3.2
arm/optee-ftpm: update to the latest SHA
arm/trusted-firmware-a: update to 2.10.3 release
arm/opencsd: update to 1.5.2
arm-bsp/corstone1000: reformat u-boot patches
meta-security: 283a773f24..d1522af21d:
Armin Kuster (1):
README.md: update to new patches mailing list
meta-openembedded: a6bcdca5b4..4958bfe013:
Alex Kiernan (1):
mdns: Upgrade 2200.80.16 -> 2200.100.94.0.2
Beniamin Sandu (5):
mbedtls: upgrade 3.5.2 -> 3.6.0
mbedtls: upgrade 2.28.7 -> 2.28.8
unbound: upgrade 1.19.1 -> 1.19.3
libtorrent: remove CVE mention
libtorrent-rasterbar: add initial recipe for 2.0.10
Changqing Li (1):
nodejs: don't always disable io_uring
Dan McGregor (2):
dash: correct licence
libfido2: new recipe
Fathi Boudra (1):
composefs: add a new recipe
Guðni Már Gilbert (1):
python3-ecdsa: upgrade 0.18.0 -> 0.19.0
Khem Raj (17):
python3-pydantic-core: Enable benchmark tests
python3-pydbus: Fix typo in ptest package name
python3-netaddr: Ignore failing tests on musl
python3-pydantic: Ignore failing testcases
python3-pydantic-core: Skip failing ptests
python3-whoosh: Fix an intermittent ptest
python3-pyzmq: Fix ptests
Revert "libqmi: upgrade 1.34.0 -> 1.35.2"
Revert "libmbim: upgrade 1.30.0 -> 1.31.2"
nftables: Fix ptest runs
python3-flexparser,python3-flexcache: Add recipes
python3-pint: Switch to using github SRC_URI
libxml++: Delete recipe for 2.42.1
jemalloc: Update to tip of dev branch
libteam: Add missing dependencies revealed by ptests
oprofile: Fix failing ptests
ptest-packagelists-meta-oe: jemalloc and oprofile are passing now
Markus Volk (1):
dav1d: update 1.4.0 -> 1.4.1
Maxim Perevozchikov (1):
nginx: Disable login for www user
Peter Kjellerstedt (1):
libnice: Update to 0.1.22
Peter Marko (1):
syslog-ng: fix build without ipv6 in distro features
Randy MacLeod (5):
ncftp: Upgrade to 3.2.7
pimd: switch SRC_URI to https
tnftp: switch the SRC_URI to https
postfix: switch SRC_URI to http
libmad: switch links/SRC_URI to https sites
Rui Costa (1):
avro: add recipe for c++
Tom Geelen (4):
python3-casttube: upgrade 0.2.0 -> 0.2.1
python3-sqlalchemy: upgrade 2.0.25 --> 2.0.27
python3-charset-normalizer: add native build option to recipe
python3-chromecast: upgrade 13.1.0 -> 14.0.0
Xiangyu Chen (1):
libgpiod: fix QA error in ptest RDEPENDS
Yi Zhao (2):
rocksdb: fix build error for DEBUG_BUILD
rocksdb: fix build error for multilib
Yongchang Qiao (1):
packagegroup-meta-filesystems: Fix utils typo
alperak (5):
python3-bleak: enable ptest and add missing runtime dependency
python3-pillow: Upgrade 10.1.0 -> 10.3.0 and fix ptest
python3-flexcache: enable ptest
python3-flexparser: enable ptest and add missing runtime dependencies
python3-flexcache: add missing runtime dependencies
Change-Id: I06aa4dd845848eec6e165878d482977f48422765
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
diff --git a/poky/meta/recipes-connectivity/openssh/openssh_9.7p1.bb b/poky/meta/recipes-connectivity/openssh/openssh_9.7p1.bb
new file mode 100644
index 0000000..3b0b470
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssh/openssh_9.7p1.bb
@@ -0,0 +1,201 @@
+SUMMARY = "A suite of security-related network utilities based on \
+the SSH protocol including the ssh client and sshd server"
+DESCRIPTION = "Secure rlogin/rsh/rcp/telnet replacement (OpenSSH) \
+Ssh (Secure Shell) is a program for logging into a remote machine \
+and for executing commands on a remote machine."
+HOMEPAGE = "http://www.openssh.com/"
+SECTION = "console/network"
+LICENSE = "BSD-2-Clause & BSD-3-Clause & ISC & MIT"
+LIC_FILES_CHKSUM = "file://LICENCE;md5=072979064e691d342002f43cd89c0394"
+
+DEPENDS = "zlib openssl virtual/crypt"
+DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
+
+SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.gz \
+ file://sshd_config \
+ file://ssh_config \
+ file://init \
+ ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
+ file://sshd.service \
+ file://sshd.socket \
+ file://sshd@.service \
+ file://sshdgenkeys.service \
+ file://volatiles.99_sshd \
+ file://run-ptest \
+ file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \
+ file://sshd_check_keys \
+ file://add-test-support-for-busybox.patch \
+ file://0001-regress-banner.sh-log-input-and-output-files-on-erro.patch \
+ file://0001-systemd-Add-optional-support-for-systemd-sd_notify.patch \
+ "
+SRC_URI[sha256sum] = "490426f766d82a2763fcacd8d83ea3d70798750c7bd2aff2e57dc5660f773ffd"
+
+CVE_STATUS[CVE-2007-2768] = "not-applicable-config: This CVE is specific to OpenSSH with the pam opie which we don't build/use here."
+
+# This CVE is specific to OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7
+# and when running in a Kerberos environment. As such it is not relevant to OpenEmbedded
+CVE_STATUS[CVE-2014-9278] = "not-applicable-platform: This CVE is specific to OpenSSH server, as used in Fedora and \
+Red Hat Enterprise Linux 7 and when running in a Kerberos environment"
+
+CVE_STATUS[CVE-2008-3844] = "not-applicable-platform: Only applies to some distributed RHEL binaries."
+
+PAM_SRC_URI = "file://sshd"
+
+inherit manpages useradd update-rc.d update-alternatives systemd
+
+USERADD_PACKAGES = "${PN}-sshd"
+USERADD_PARAM:${PN}-sshd = "--system --no-create-home --home-dir /var/run/sshd --shell /bin/false --user-group sshd"
+INITSCRIPT_PACKAGES = "${PN}-sshd"
+INITSCRIPT_NAME:${PN}-sshd = "sshd"
+INITSCRIPT_PARAMS:${PN}-sshd = "defaults 9"
+
+SYSTEMD_PACKAGES = "${PN}-sshd"
+SYSTEMD_SERVICE:${PN}-sshd = "${@bb.utils.contains('PACKAGECONFIG','systemd-sshd-socket-mode','sshd.socket', '', d)} ${@bb.utils.contains('PACKAGECONFIG','systemd-sshd-service-mode','sshd.service', '', d)}"
+
+inherit autotools-brokensep ptest pkgconfig
+DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d)}"
+
+# systemd-sshd-socket-mode means installing sshd.socket
+# and systemd-sshd-service-mode corresponding to sshd.service
+PACKAGECONFIG ??= "systemd-sshd-socket-mode"
+PACKAGECONFIG[kerberos] = "--with-kerberos5,--without-kerberos5,krb5"
+PACKAGECONFIG[ldns] = "--with-ldns,--without-ldns,ldns"
+PACKAGECONFIG[libedit] = "--with-libedit,--without-libedit,libedit"
+PACKAGECONFIG[manpages] = "--with-mantype=man,--with-mantype=cat"
+PACKAGECONFIG[systemd-sshd-socket-mode] = ""
+PACKAGECONFIG[systemd-sshd-service-mode] = ""
+
+EXTRA_AUTORECONF += "--exclude=aclocal"
+
+# login path is hardcoded in sshd
+EXTRA_OECONF = "'LOGIN_PROGRAM=${base_bindir}/login' \
+ ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '--with-pam', '--without-pam', d)} \
+ --without-zlib-version-check \
+ --with-privsep-path=${localstatedir}/run/sshd \
+ --sysconfdir=${sysconfdir}/ssh \
+ --with-xauth=${bindir}/xauth \
+ --disable-strip \
+ ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '--with-systemd', '--without-systemd', d)} \
+ "
+
+# musl doesn't implement wtmp/utmp and logwtmp
+EXTRA_OECONF:append:libc-musl = " --disable-wtmp --disable-lastlog"
+
+# Work around ICE on mips/mips64 starting in 9.6p1
+EXTRA_OECONF:append:mips = " --without-hardening"
+EXTRA_OECONF:append:mips64 = " --without-hardening"
+
+# Work around ICE on powerpc64le starting in 9.6p1
+EXTRA_OECONF:append:powerpc64le = " --without-hardening"
+
+# Since we do not depend on libbsd, we do not want configure to use it
+# just because it finds libutil.h. But, specifying --disable-libutil
+# causes compile errors, so...
+CACHED_CONFIGUREVARS += "ac_cv_header_bsd_libutil_h=no ac_cv_header_libutil_h=no"
+
+# passwd path is hardcoded in sshd
+CACHED_CONFIGUREVARS += "ac_cv_path_PATH_PASSWD_PROG=${bindir}/passwd"
+
+# We don't want to depend on libblockfile
+CACHED_CONFIGUREVARS += "ac_cv_header_maillock_h=no"
+
+do_configure:prepend () {
+ export LD="${CC}"
+ install -m 0644 ${WORKDIR}/sshd_config ${B}/
+ install -m 0644 ${WORKDIR}/ssh_config ${B}/
+}
+
+do_compile_ptest() {
+ oe_runmake regress-binaries regress-unit-binaries
+}
+
+do_install:append () {
+ if [ "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" ]; then
+ install -D -m 0644 ${WORKDIR}/sshd ${D}${sysconfdir}/pam.d/sshd
+ sed -i -e 's:#UsePAM no:UsePAM yes:' ${D}${sysconfdir}/ssh/sshd_config
+ fi
+
+ if [ "${@bb.utils.filter('DISTRO_FEATURES', 'x11', d)}" ]; then
+ sed -i -e 's:#X11Forwarding no:X11Forwarding yes:' ${D}${sysconfdir}/ssh/sshd_config
+ fi
+
+ install -d ${D}${sysconfdir}/init.d
+ install -m 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/sshd
+ rm -f ${D}${bindir}/slogin ${D}${datadir}/Ssh.bin
+ rmdir ${D}${localstatedir}/run/sshd ${D}${localstatedir}/run ${D}${localstatedir}
+ install -d ${D}/${sysconfdir}/default/volatiles
+ install -m 644 ${WORKDIR}/volatiles.99_sshd ${D}/${sysconfdir}/default/volatiles/99_sshd
+ install -m 0755 ${S}/contrib/ssh-copy-id ${D}${bindir}
+
+ # Create config files for read-only rootfs
+ install -d ${D}${sysconfdir}/ssh
+ install -m 644 ${D}${sysconfdir}/ssh/sshd_config ${D}${sysconfdir}/ssh/sshd_config_readonly
+ sed -i '/HostKey/d' ${D}${sysconfdir}/ssh/sshd_config_readonly
+ echo "HostKey /var/run/ssh/ssh_host_rsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
+ echo "HostKey /var/run/ssh/ssh_host_ecdsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
+ echo "HostKey /var/run/ssh/ssh_host_ed25519_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
+
+ install -d ${D}${systemd_system_unitdir}
+ if ${@bb.utils.contains('PACKAGECONFIG','systemd-sshd-socket-mode','true','false',d)}; then
+ install -c -m 0644 ${WORKDIR}/sshd.socket ${D}${systemd_system_unitdir}
+ install -c -m 0644 ${WORKDIR}/sshd@.service ${D}${systemd_system_unitdir}
+ sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \
+ -e 's,@SBINDIR@,${sbindir},g' \
+ -e 's,@BINDIR@,${bindir},g' \
+ -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \
+ ${D}${systemd_system_unitdir}/sshd.socket
+ fi
+ if ${@bb.utils.contains('PACKAGECONFIG','systemd-sshd-service-mode','true','false',d)}; then
+ install -c -m 0644 ${WORKDIR}/sshd.service ${D}${systemd_system_unitdir}
+ fi
+ install -c -m 0644 ${WORKDIR}/sshdgenkeys.service ${D}${systemd_system_unitdir}
+ sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \
+ -e 's,@SBINDIR@,${sbindir},g' \
+ -e 's,@BINDIR@,${bindir},g' \
+ -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \
+ ${D}${systemd_system_unitdir}/*.service
+
+ sed -i -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \
+ ${D}${sysconfdir}/init.d/sshd
+
+ install -D -m 0755 ${WORKDIR}/sshd_check_keys ${D}${libexecdir}/${BPN}/sshd_check_keys
+}
+
+do_install_ptest () {
+ sed -i -e "s|^SFTPSERVER=.*|SFTPSERVER=${libexecdir}/sftp-server|" regress/test-exec.sh
+ cp -r regress ${D}${PTEST_PATH}
+ cp config.h ${D}${PTEST_PATH}
+}
+
+ALLOW_EMPTY:${PN} = "1"
+
+PACKAGES =+ "${PN}-keygen ${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-sftp ${PN}-misc ${PN}-sftp-server"
+FILES:${PN}-scp = "${bindir}/scp.${BPN}"
+FILES:${PN}-ssh = "${bindir}/ssh.${BPN} ${sysconfdir}/ssh/ssh_config"
+FILES:${PN}-sshd = "${sbindir}/sshd ${sysconfdir}/init.d/sshd ${systemd_system_unitdir}"
+FILES:${PN}-sshd += "${sysconfdir}/ssh/moduli ${sysconfdir}/ssh/sshd_config ${sysconfdir}/ssh/sshd_config_readonly ${sysconfdir}/default/volatiles/99_sshd ${sysconfdir}/pam.d/sshd"
+FILES:${PN}-sshd += "${libexecdir}/${BPN}/sshd_check_keys"
+FILES:${PN}-sftp = "${bindir}/sftp"
+FILES:${PN}-sftp-server = "${libexecdir}/sftp-server"
+FILES:${PN}-misc = "${bindir}/ssh* ${libexecdir}/ssh*"
+FILES:${PN}-keygen = "${bindir}/ssh-keygen"
+
+RDEPENDS:${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen ${PN}-sftp-server"
+RDEPENDS:${PN}-sshd += "${PN}-keygen ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}"
+# gdb would make attach-ptrace test pass rather than skip but not worth the build dependencies
+RDEPENDS:${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make sed coreutils openssl-bin"
+
+RPROVIDES:${PN}-ssh = "ssh"
+RPROVIDES:${PN}-sshd = "sshd"
+
+RCONFLICTS:${PN} = "dropbear"
+RCONFLICTS:${PN}-sshd = "dropbear"
+
+CONFFILES:${PN}-sshd = "${sysconfdir}/ssh/sshd_config"
+CONFFILES:${PN}-ssh = "${sysconfdir}/ssh/ssh_config"
+
+ALTERNATIVE_PRIORITY = "90"
+ALTERNATIVE:${PN}-scp = "scp"
+ALTERNATIVE:${PN}-ssh = "ssh"
+
+BBCLASSEXTEND += "nativesdk"