Merge pull request #14415 from linosgian/openssh_add_fido2_support
openssh: Add FIDO2 hardware token support
This commit is contained in:
Rosen Penev
GitHub
commit
8ede7162e5
4 changed files with 123 additions and 4 deletions
47
libs/libcbor/Makefile
Normal file
47
libs/libcbor/Makefile
Normal file
|
|
@ -0,0 +1,47 @@
|
|||
#
|
||||
# Copyright (C) 2020 Linos Giannopoulos
|
||||
#
|
||||
# This is free software, licensed under the GNU General Public License v2.
|
||||
# See /LICENSE for more information.
|
||||
#
|
||||
|
||||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=libcbor
|
||||
PKG_VERSION:=0.8.0
|
||||
PKG_RELEASE:=1
|
||||
|
||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
|
||||
PKG_SOURCE_URL:=https://codeload.github.com/PJK/libcbor/tar.gz/v$(PKG_VERSION)?
|
||||
PKG_HASH:=618097166ea4a54499646998ccaa949a5816e6a665cf1d6df383690895217c8b
|
||||
|
||||
PKG_LICENSE:=GPL-3.0-or-later
|
||||
PKG_LICENSE_FILES:=COPYING
|
||||
PKG_MAINTAINER:=Linos Giannopoulos <linosgian00+openwrt@gmail.com>
|
||||
|
||||
CMAKE_OPTIONS += \
|
||||
-DBUILD_SHARED_LIBS=ON
|
||||
CMAKE_INSTALL:=1
|
||||
|
||||
include $(INCLUDE_DIR)/package.mk
|
||||
include $(INCLUDE_DIR)/cmake.mk
|
||||
|
||||
define Package/libcbor
|
||||
SECTION:=libs
|
||||
CATEGORY:=Libraries
|
||||
TITLE:=libcbor
|
||||
URL:=https://github.com/PJK/libcbor
|
||||
ABI_VERSION:=0
|
||||
endef
|
||||
|
||||
define Package/libcbor/description
|
||||
libcbor is a C library for parsing and generating CBOR, the general-purpose schema-less binary data format.
|
||||
endef
|
||||
|
||||
|
||||
define Package/libcbor/install
|
||||
$(INSTALL_DIR) $(1)/usr/lib
|
||||
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libcbor.so.* $(1)/usr/lib/
|
||||
endef
|
||||
|
||||
$(eval $(call BuildPackage,libcbor))
|
||||
51
libs/libfido2/Makefile
Normal file
51
libs/libfido2/Makefile
Normal file
|
|
@ -0,0 +1,51 @@
|
|||
#
|
||||
# Copyright (C) 2020 Linos Giannopoulos
|
||||
#
|
||||
# This is free software, licensed under the GNU General Public License v2.
|
||||
# See /LICENSE for more information.
|
||||
#
|
||||
|
||||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=libfido2
|
||||
PKG_VERSION:=1.6.0
|
||||
PKG_RELEASE:=1
|
||||
|
||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
|
||||
PKG_SOURCE_URL:=https://codeload.github.com/Yubico/libfido2/tar.gz/$(PKG_VERSION)?
|
||||
PKG_HASH:=6aed47aafd22be49c38f9281fb88ccd08c98678d9b8c39cdc87d1bb3ea2c63e4
|
||||
|
||||
PKG_FORTIFY_SOURCE:=0
|
||||
CMAKE_INSTALL:=1
|
||||
|
||||
TARGET_CFLAGS += -Wno-error=overflow -Wno-error=sign-conversion
|
||||
|
||||
PKG_MAINTAINER:=Linos Giannopoulos <linosgian00+openwrt@gmail.com>
|
||||
PKG_LICENSE:=GPL-3.0-or-later
|
||||
PKG_LICENSE_FILES:=COPYING
|
||||
|
||||
include $(INCLUDE_DIR)/package.mk
|
||||
include $(INCLUDE_DIR)/cmake.mk
|
||||
|
||||
define Package/libfido2
|
||||
SECTION:=libs
|
||||
CATEGORY:=Libraries
|
||||
TITLE:=FIDO2 Library
|
||||
URL:=https://github.com/Yubico/libfido2
|
||||
ABI_VERSION:=1
|
||||
DEPENDS += +libcbor +libopenssl +libudev
|
||||
endef
|
||||
|
||||
define Package/libfido2/description
|
||||
libfido2 provides library functionality and command-line tools to communicate with a FIDO device over USB, and to verify attestation and assertion signatures.
|
||||
|
||||
libfido2 supports the FIDO U2F (CTAP 1) and FIDO 2.0 (CTAP 2) protocols.
|
||||
endef
|
||||
|
||||
|
||||
define Package/libfido2/install
|
||||
$(INSTALL_DIR) $(1)/usr/lib
|
||||
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libfido2.so.* $(1)/usr/lib/
|
||||
endef
|
||||
|
||||
$(eval $(call BuildPackage,libfido2))
|
||||
12
net/openssh/Config.in
Normal file
12
net/openssh/Config.in
Normal file
|
|
@ -0,0 +1,12 @@
|
|||
if PACKAGE_openssh-server
|
||||
|
||||
config OPENSSH_LIBFIDO2
|
||||
bool
|
||||
default y
|
||||
prompt "Include libfido2 support in openssh-server"
|
||||
help
|
||||
OpenSSH version 8.2 added two new ssh authentication methods,
|
||||
namely `ecdsa_sk` and `ed25519_sk`. These two methods make use
|
||||
of hardware keys that implement the FIDO and FIDO2 protocols.
|
||||
In order to use these two types, libfido2 is required.
|
||||
endif
|
||||
|
|
@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
|
|||
|
||||
PKG_NAME:=openssh
|
||||
PKG_VERSION:=8.4p1
|
||||
PKG_RELEASE:=3
|
||||
PKG_RELEASE:=4
|
||||
|
||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
|
||||
PKG_SOURCE_URL:=https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \
|
||||
|
|
@ -21,6 +21,10 @@ PKG_LICENSE_FILES:=LICENCE
|
|||
PKG_CPE_ID:=cpe:/a:openssh:openssh
|
||||
|
||||
PKG_REMOVE_FILES:=
|
||||
PKG_CONFIG_DEPENDS := \
|
||||
CONFIG_OPENSSH_LIBFIDO2
|
||||
|
||||
PKG_BUILD_DEPENDS += OPENSSH_LIBFIDO2:libfido2
|
||||
|
||||
include $(INCLUDE_DIR)/package.mk
|
||||
|
||||
|
|
@ -82,11 +86,15 @@ endef
|
|||
|
||||
define Package/openssh-server
|
||||
$(call Package/openssh/Default)
|
||||
DEPENDS+= +openssh-keygen
|
||||
DEPENDS+= +openssh-keygen +OPENSSH_LIBFIDO2:libfido2
|
||||
TITLE+= server
|
||||
USERID:=sshd=22:sshd=22
|
||||
endef
|
||||
|
||||
define Package/openssh-server/config
|
||||
source "$(SOURCE)/Config.in"
|
||||
endef
|
||||
|
||||
define Package/openssh-server/description
|
||||
OpenSSH server.
|
||||
endef
|
||||
|
|
@ -164,8 +172,9 @@ CONFIGURE_ARGS += \
|
|||
--without-bsd-auth \
|
||||
--without-kerberos5 \
|
||||
--with-stackprotect \
|
||||
--with$(if $(CONFIG_OPENSSL_ENGINE),,out)-ssl-engine
|
||||
|
||||
--with$(if $(CONFIG_OPENSSL_ENGINE),,out)-ssl-engine \
|
||||
--with$(if $(CONFIG_OPENSSH_LIBFIDO2),,out)-security-key-builtin
|
||||
|
||||
ifeq ($(BUILD_VARIANT),with-pam)
|
||||
CONFIGURE_ARGS += \
|
||||
--with-pam
|
||||
|
|
|
|||
Loading…
Reference in a new issue