From 0a3ef8cbf4fc1fe9099e68ac8fa10f57b2545019 Mon Sep 17 00:00:00 2001 From: Mikael Magnusson Date: Thu, 27 Mar 2025 00:15:26 +0100 Subject: [PATCH] Revert "openssh: Add FIDO2 hardware token support" This reverts commit 855db864b0c4d2dcc5ed2f0182ea4a7942314086. The reverted commit doesn't make sense since the component (ssh-sk-helper) that uses libfido2, which is mentioned in the commit message, isn't packaged. Signed-off-by: Mikael Magnusson --- net/openssh/Config.in | 12 ------------ net/openssh/Makefile | 11 +---------- 2 files changed, 1 insertion(+), 22 deletions(-) delete mode 100644 net/openssh/Config.in diff --git a/net/openssh/Config.in b/net/openssh/Config.in deleted file mode 100644 index 3690ced2bd..0000000000 --- a/net/openssh/Config.in +++ /dev/null @@ -1,12 +0,0 @@ -if PACKAGE_openssh-server - -config OPENSSH_LIBFIDO2 - bool - default y - prompt "Include libfido2 support in openssh-server" - help - OpenSSH version 8.2 added two new ssh authentication methods, - namely `ecdsa_sk` and `ed25519_sk`. These two methods make use - of hardware keys that implement the FIDO and FIDO2 protocols. - In order to use these two types, libfido2 is required. -endif diff --git a/net/openssh/Makefile b/net/openssh/Makefile index 2e05d95918..5897768e97 100644 --- a/net/openssh/Makefile +++ b/net/openssh/Makefile @@ -25,10 +25,6 @@ PKG_CPE_ID:=cpe:/a:openssh:openssh #While bumping new version, make sure that it works without it, so it can be removed. PKG_FIXUP:=autoreconf PKG_REMOVE_FILES:= -PKG_CONFIG_DEPENDS := \ - CONFIG_OPENSSH_LIBFIDO2 - -PKG_BUILD_DEPENDS += OPENSSH_LIBFIDO2:libfido2 include $(INCLUDE_DIR)/package.mk @@ -92,16 +88,12 @@ endef define Package/openssh-server $(call Package/openssh/Default) - DEPENDS+= +libopenssl +zlib +openssh-keygen +OPENSSH_LIBFIDO2:libfido2 + DEPENDS+= +libopenssl +zlib +openssh-keygen TITLE+= server USERID:=sshd=22:sshd=22 VARIANT:=without-pam endef -define Package/openssh-server/config - source "$(SOURCE)/Config.in" -endef - define Package/openssh-server/description OpenSSH server. endef @@ -182,7 +174,6 @@ CONFIGURE_ARGS += \ --without-kerberos5 \ --with-stackprotect \ --with$(if $(CONFIG_OPENSSL_ENGINE),,out)-ssl-engine \ - --with$(if $(CONFIG_OPENSSH_LIBFIDO2),,out)-security-key-builtin \ --with-cflags-after=-fzero-call-used-regs=skip ifeq ($(BUILD_VARIANT),with-pam) -- 2.30.2