dropbear: debian/rules annotate

annotate debian/rules @ 1790:42745af83b7d

Introduce extra delay before closing unauthenticated sessions To make it harder for attackers, introduce a delay to keep an unauthenticated session open a bit longer, thus blocking a connection slot until after the delay. Without this, while there is a limit on the amount of attempts an attacker can make at the same time (MAX_UNAUTH_PER_IP), the time taken by dropbear to handle one attempt is still short and thus for each of the allowed parallel attempts many attempts can be chained one after the other. The attempt rate is then: "MAX_UNAUTH_PER_IP / <process time of one attempt>". With the delay, this rate becomes: "MAX_UNAUTH_PER_IP / UNAUTH_CLOSE_DELAY".

author	Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
date	Wed, 15 Feb 2017 13:53:04 +0100
parents	7b68e581985f
children

rev	line source
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1 #!/usr/bin/make -f
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	2
824 7b68e581985f Fix up debian build Matt Johnston <matt@ucc.asn.au> parents: 823 diff changeset	3 export DEB_BUILD_MAINT_OPTIONS = hardening=+all
7b68e581985f Fix up debian build Matt Johnston <matt@ucc.asn.au> parents: 823 diff changeset	4 DPKG_EXPORT_BUILDFLAGS = 1
7b68e581985f Fix up debian build Matt Johnston <matt@ucc.asn.au> parents: 823 diff changeset	5 include /usr/share/dpkg/buildflags.mk
7b68e581985f Fix up debian build Matt Johnston <matt@ucc.asn.au> parents: 823 diff changeset	6
70 b0316ce64e4b Merging in the changes from 0.41-0.43 main Dropbear tree Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	7 #export DH_OPTIONS
b0316ce64e4b Merging in the changes from 0.41-0.43 main Dropbear tree Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	8 DEB_HOST_GNU_TYPE ?=$(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
b0316ce64e4b Merging in the changes from 0.41-0.43 main Dropbear tree Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	9 DEB_BUILD_GNU_TYPE ?=$(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	10
70 b0316ce64e4b Merging in the changes from 0.41-0.43 main Dropbear tree Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	11 STRIP =strip
b0316ce64e4b Merging in the changes from 0.41-0.43 main Dropbear tree Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	12 ifneq (,$(findstring nostrip,$(DEB_BUILD_OPTIONS)))
b0316ce64e4b Merging in the changes from 0.41-0.43 main Dropbear tree Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	13 STRIP =: nostrip
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	14 endif
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	15
180 743fce568f49 Merge in Debian package changes from 0.45-3, grab the dbclient manpage Matt Johnston <matt@ucc.asn.au> parents: 76 diff changeset	16 CONFFLAGS =
70 b0316ce64e4b Merging in the changes from 0.41-0.43 main Dropbear tree Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	17 CC =gcc
b0316ce64e4b Merging in the changes from 0.41-0.43 main Dropbear tree Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	18 ifneq (,$(findstring diet,$(DEB_BUILD_OPTIONS)))
180 743fce568f49 Merge in Debian package changes from 0.45-3, grab the dbclient manpage Matt Johnston <matt@ucc.asn.au> parents: 76 diff changeset	19 CONFFLAGS =--disable-zlib
743fce568f49 Merge in Debian package changes from 0.45-3, grab the dbclient manpage Matt Johnston <matt@ucc.asn.au> parents: 76 diff changeset	20 CC =diet -v -Os gcc -nostdinc
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	21 endif
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	22
180 743fce568f49 Merge in Debian package changes from 0.45-3, grab the dbclient manpage Matt Johnston <matt@ucc.asn.au> parents: 76 diff changeset	23 DIR =$(shell pwd)/debian/dropbear
70 b0316ce64e4b Merging in the changes from 0.41-0.43 main Dropbear tree Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	24
b0316ce64e4b Merging in the changes from 0.41-0.43 main Dropbear tree Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	25 patch: deb-checkdir patch-stamp
b0316ce64e4b Merging in the changes from 0.41-0.43 main Dropbear tree Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	26 patch-stamp:
180 743fce568f49 Merge in Debian package changes from 0.45-3, grab the dbclient manpage Matt Johnston <matt@ucc.asn.au> parents: 76 diff changeset	27 for i in `ls -1 debian/diff/*.diff \|\| :`; do \
469 8c2d2edadf2a Update to debian 0.50-4 diff Matt Johnston <matt@ucc.asn.au> parents: 220 diff changeset	28 patch -p1 <$$i \|\| exit 1; \
180 743fce568f49 Merge in Debian package changes from 0.45-3, grab the dbclient manpage Matt Johnston <matt@ucc.asn.au> parents: 76 diff changeset	29 done
70 b0316ce64e4b Merging in the changes from 0.41-0.43 main Dropbear tree Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	30 touch patch-stamp
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	31
70 b0316ce64e4b Merging in the changes from 0.41-0.43 main Dropbear tree Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	32 config.status: patch-stamp configure
180 743fce568f49 Merge in Debian package changes from 0.45-3, grab the dbclient manpage Matt Johnston <matt@ucc.asn.au> parents: 76 diff changeset	33 CC='$(CC)' \
743fce568f49 Merge in Debian package changes from 0.45-3, grab the dbclient manpage Matt Johnston <matt@ucc.asn.au> parents: 76 diff changeset	34 CFLAGS='$(CFLAGS)'' -DSFTPSERVER_PATH="\"/usr/lib/sftp-server\""' \
743fce568f49 Merge in Debian package changes from 0.45-3, grab the dbclient manpage Matt Johnston <matt@ucc.asn.au> parents: 76 diff changeset	35 ./configure --host='$(DEB_HOST_GNU_TYPE)' \
743fce568f49 Merge in Debian package changes from 0.45-3, grab the dbclient manpage Matt Johnston <matt@ucc.asn.au> parents: 76 diff changeset	36 --build='$(DEB_BUILD_GNU_TYPE)' --prefix=/usr \
743fce568f49 Merge in Debian package changes from 0.45-3, grab the dbclient manpage Matt Johnston <matt@ucc.asn.au> parents: 76 diff changeset	37 --mandir=\$${prefix}/share/man --infodir=\$${prefix}/share/info \
743fce568f49 Merge in Debian package changes from 0.45-3, grab the dbclient manpage Matt Johnston <matt@ucc.asn.au> parents: 76 diff changeset	38 $(CONFFLAGS)
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	39
70 b0316ce64e4b Merging in the changes from 0.41-0.43 main Dropbear tree Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	40 build: deb-checkdir build-stamp
b0316ce64e4b Merging in the changes from 0.41-0.43 main Dropbear tree Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	41 build-stamp: config.status
180 743fce568f49 Merge in Debian package changes from 0.45-3, grab the dbclient manpage Matt Johnston <matt@ucc.asn.au> parents: 76 diff changeset	42 $(MAKE) CC='$(CC)' LD='$(CC)'
70 b0316ce64e4b Merging in the changes from 0.41-0.43 main Dropbear tree Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	43 touch build-stamp
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	44
70 b0316ce64e4b Merging in the changes from 0.41-0.43 main Dropbear tree Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	45 clean: deb-checkdir deb-checkuid
469 8c2d2edadf2a Update to debian 0.50-4 diff Matt Johnston <matt@ucc.asn.au> parents: 220 diff changeset	46 test ! -r Makefile \|\| $(MAKE) distclean
8c2d2edadf2a Update to debian 0.50-4 diff Matt Johnston <matt@ucc.asn.au> parents: 220 diff changeset	47 rm -f libtomcrypt/Makefile libtommath/Makefile
180 743fce568f49 Merge in Debian package changes from 0.45-3, grab the dbclient manpage Matt Johnston <matt@ucc.asn.au> parents: 76 diff changeset	48 test ! -e patch-stamp \|\| \
743fce568f49 Merge in Debian package changes from 0.45-3, grab the dbclient manpage Matt Johnston <matt@ucc.asn.au> parents: 76 diff changeset	49 for i in `ls -1r debian/diff/*.diff \|\| :`; do \
469 8c2d2edadf2a Update to debian 0.50-4 diff Matt Johnston <matt@ucc.asn.au> parents: 220 diff changeset	50 patch -p1 -R <$$i; \
180 743fce568f49 Merge in Debian package changes from 0.45-3, grab the dbclient manpage Matt Johnston <matt@ucc.asn.au> parents: 76 diff changeset	51 done
70 b0316ce64e4b Merging in the changes from 0.41-0.43 main Dropbear tree Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	52 rm -f patch-stamp build-stamp config.log config.status
180 743fce568f49 Merge in Debian package changes from 0.45-3, grab the dbclient manpage Matt Johnston <matt@ucc.asn.au> parents: 76 diff changeset	53 rm -rf '$(DIR)'
70 b0316ce64e4b Merging in the changes from 0.41-0.43 main Dropbear tree Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	54 rm -f debian/files debian/substvars debian/copyright changelog
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	55
70 b0316ce64e4b Merging in the changes from 0.41-0.43 main Dropbear tree Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	56 install: deb-checkdir deb-checkuid build-stamp
180 743fce568f49 Merge in Debian package changes from 0.45-3, grab the dbclient manpage Matt Johnston <matt@ucc.asn.au> parents: 76 diff changeset	57 rm -rf '$(DIR)'
743fce568f49 Merge in Debian package changes from 0.45-3, grab the dbclient manpage Matt Johnston <matt@ucc.asn.au> parents: 76 diff changeset	58 install -d -m0755 '$(DIR)'/etc/dropbear
70 b0316ce64e4b Merging in the changes from 0.41-0.43 main Dropbear tree Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	59 # programs
180 743fce568f49 Merge in Debian package changes from 0.45-3, grab the dbclient manpage Matt Johnston <matt@ucc.asn.au> parents: 76 diff changeset	60 install -d -m0755 '$(DIR)'/usr/sbin
743fce568f49 Merge in Debian package changes from 0.45-3, grab the dbclient manpage Matt Johnston <matt@ucc.asn.au> parents: 76 diff changeset	61 install -m0755 dropbear '$(DIR)'/usr/sbin/dropbear
743fce568f49 Merge in Debian package changes from 0.45-3, grab the dbclient manpage Matt Johnston <matt@ucc.asn.au> parents: 76 diff changeset	62 install -d -m0755 '$(DIR)'/usr/bin
743fce568f49 Merge in Debian package changes from 0.45-3, grab the dbclient manpage Matt Johnston <matt@ucc.asn.au> parents: 76 diff changeset	63 install -m0755 dbclient '$(DIR)'/usr/bin/dbclient
743fce568f49 Merge in Debian package changes from 0.45-3, grab the dbclient manpage Matt Johnston <matt@ucc.asn.au> parents: 76 diff changeset	64 install -m0755 dropbearkey '$(DIR)'/usr/bin/dropbearkey
743fce568f49 Merge in Debian package changes from 0.45-3, grab the dbclient manpage Matt Johnston <matt@ucc.asn.au> parents: 76 diff changeset	65 install -d -m0755 '$(DIR)'/usr/lib/dropbear
70 b0316ce64e4b Merging in the changes from 0.41-0.43 main Dropbear tree Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	66 install -m0755 dropbearconvert \
180 743fce568f49 Merge in Debian package changes from 0.45-3, grab the dbclient manpage Matt Johnston <matt@ucc.asn.au> parents: 76 diff changeset	67 '$(DIR)'/usr/lib/dropbear/dropbearconvert
743fce568f49 Merge in Debian package changes from 0.45-3, grab the dbclient manpage Matt Johnston <matt@ucc.asn.au> parents: 76 diff changeset	68 $(STRIP) -R .comment -R .note '$(DIR)'/usr/sbin/* \
743fce568f49 Merge in Debian package changes from 0.45-3, grab the dbclient manpage Matt Johnston <matt@ucc.asn.au> parents: 76 diff changeset	69 '$(DIR)'/usr/bin/* '$(DIR)'/usr/lib/dropbear/*
70 b0316ce64e4b Merging in the changes from 0.41-0.43 main Dropbear tree Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	70 # init and run scripts
180 743fce568f49 Merge in Debian package changes from 0.45-3, grab the dbclient manpage Matt Johnston <matt@ucc.asn.au> parents: 76 diff changeset	71 install -d -m0755 '$(DIR)'/etc/init.d
743fce568f49 Merge in Debian package changes from 0.45-3, grab the dbclient manpage Matt Johnston <matt@ucc.asn.au> parents: 76 diff changeset	72 install -m0755 debian/dropbear.init '$(DIR)'/etc/init.d/dropbear
743fce568f49 Merge in Debian package changes from 0.45-3, grab the dbclient manpage Matt Johnston <matt@ucc.asn.au> parents: 76 diff changeset	73 install -m0755 debian/service/run '$(DIR)'/etc/dropbear/run
743fce568f49 Merge in Debian package changes from 0.45-3, grab the dbclient manpage Matt Johnston <matt@ucc.asn.au> parents: 76 diff changeset	74 install -d -m0755 '$(DIR)'/etc/dropbear/log
743fce568f49 Merge in Debian package changes from 0.45-3, grab the dbclient manpage Matt Johnston <matt@ucc.asn.au> parents: 76 diff changeset	75 install -m0755 debian/service/log '$(DIR)'/etc/dropbear/log/run
743fce568f49 Merge in Debian package changes from 0.45-3, grab the dbclient manpage Matt Johnston <matt@ucc.asn.au> parents: 76 diff changeset	76 ln -s /var/log/dropbear '$(DIR)'/etc/dropbear/log/main
70 b0316ce64e4b Merging in the changes from 0.41-0.43 main Dropbear tree Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	77 # man pages
180 743fce568f49 Merge in Debian package changes from 0.45-3, grab the dbclient manpage Matt Johnston <matt@ucc.asn.au> parents: 76 diff changeset	78 install -d -m0755 '$(DIR)'/usr/share/man/man8
823 cb3cfcea1c8d Fix debian installation of manpages Matt Johnston <matt@ucc.asn.au> parents: 469 diff changeset	79 install -d -m0755 '$(DIR)'/usr/share/man/man1
cb3cfcea1c8d Fix debian installation of manpages Matt Johnston <matt@ucc.asn.au> parents: 469 diff changeset	80 install -m644 dropbear.8 '$(DIR)'/usr/share/man/man8/
cb3cfcea1c8d Fix debian installation of manpages Matt Johnston <matt@ucc.asn.au> parents: 469 diff changeset	81 for i in dbclient.1 dropbearkey.1 dropbearconvert.1; do \
cb3cfcea1c8d Fix debian installation of manpages Matt Johnston <matt@ucc.asn.au> parents: 469 diff changeset	82 install -m644 $$i '$(DIR)'/usr/share/man/man1/ \|\| exit 1; \
70 b0316ce64e4b Merging in the changes from 0.41-0.43 main Dropbear tree Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	83 done
180 743fce568f49 Merge in Debian package changes from 0.45-3, grab the dbclient manpage Matt Johnston <matt@ucc.asn.au> parents: 76 diff changeset	84 gzip -9 '$(DIR)'/usr/share/man/man8/*.8
743fce568f49 Merge in Debian package changes from 0.45-3, grab the dbclient manpage Matt Johnston <matt@ucc.asn.au> parents: 76 diff changeset	85 gzip -9 '$(DIR)'/usr/share/man/man1/*.1
70 b0316ce64e4b Merging in the changes from 0.41-0.43 main Dropbear tree Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	86 # copyright, changelog
b0316ce64e4b Merging in the changes from 0.41-0.43 main Dropbear tree Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	87 cat debian/copyright.in LICENSE >debian/copyright
180 743fce568f49 Merge in Debian package changes from 0.45-3, grab the dbclient manpage Matt Johnston <matt@ucc.asn.au> parents: 76 diff changeset	88 test -r changelog \|\| ln -s CHANGES changelog
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	89
70 b0316ce64e4b Merging in the changes from 0.41-0.43 main Dropbear tree Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	90 binary-indep:
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	91
70 b0316ce64e4b Merging in the changes from 0.41-0.43 main Dropbear tree Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	92 binary-arch: install dropbear.deb
180 743fce568f49 Merge in Debian package changes from 0.45-3, grab the dbclient manpage Matt Johnston <matt@ucc.asn.au> parents: 76 diff changeset	93 test '$(CC)' != 'gcc' \|\| \
743fce568f49 Merge in Debian package changes from 0.45-3, grab the dbclient manpage Matt Johnston <matt@ucc.asn.au> parents: 76 diff changeset	94 dpkg-shlibdeps '$(DIR)'/usr/sbin/* '$(DIR)'/usr/bin/* \
743fce568f49 Merge in Debian package changes from 0.45-3, grab the dbclient manpage Matt Johnston <matt@ucc.asn.au> parents: 76 diff changeset	95 '$(DIR)'/usr/lib/dropbear/*
743fce568f49 Merge in Debian package changes from 0.45-3, grab the dbclient manpage Matt Johnston <matt@ucc.asn.au> parents: 76 diff changeset	96 dpkg-gencontrol -isp -pdropbear -P'$(DIR)'
743fce568f49 Merge in Debian package changes from 0.45-3, grab the dbclient manpage Matt Johnston <matt@ucc.asn.au> parents: 76 diff changeset	97 dpkg -b '$(DIR)' ..
70 b0316ce64e4b Merging in the changes from 0.41-0.43 main Dropbear tree Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	98
b0316ce64e4b Merging in the changes from 0.41-0.43 main Dropbear tree Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	99 binary: binary-arch binary-indep
b0316ce64e4b Merging in the changes from 0.41-0.43 main Dropbear tree Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	100
b0316ce64e4b Merging in the changes from 0.41-0.43 main Dropbear tree Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	101 .PHONY: patch build clean install binary-indep binary-arch binary
b0316ce64e4b Merging in the changes from 0.41-0.43 main Dropbear tree Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	102
b0316ce64e4b Merging in the changes from 0.41-0.43 main Dropbear tree Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	103 include debian/implicit

Mercurial > dropbear

annotate debian/rules @ 1790:42745af83b7d