From: Mikael Magnusson Date: Wed, 26 Mar 2025 23:15:26 +0000 (+0100) Subject: Revert "openssh: Add FIDO2 hardware token support" X-Git-Url: http://git.99rst.org/?a=commitdiff_plain;h=0a3ef8cbf4fc1fe9099e68ac8fa10f57b2545019;p=openwrt-packages.git Revert "openssh: Add FIDO2 hardware token support" This reverts commit 855db864b0c4d2dcc5ed2f0182ea4a7942314086. The reverted commit doesn't make sense since the component (ssh-sk-helper) that uses libfido2, which is mentioned in the commit message, isn't packaged. Signed-off-by: Mikael Magnusson --- diff --git a/net/openssh/Config.in b/net/openssh/Config.in deleted file mode 100644 index 3690ced2b..000000000 --- a/net/openssh/Config.in +++ /dev/null @@ -1,12 +0,0 @@ -if PACKAGE_openssh-server - -config OPENSSH_LIBFIDO2 - bool - default y - prompt "Include libfido2 support in openssh-server" - help - OpenSSH version 8.2 added two new ssh authentication methods, - namely `ecdsa_sk` and `ed25519_sk`. These two methods make use - of hardware keys that implement the FIDO and FIDO2 protocols. - In order to use these two types, libfido2 is required. -endif diff --git a/net/openssh/Makefile b/net/openssh/Makefile index 2e05d9591..5897768e9 100644 --- a/net/openssh/Makefile +++ b/net/openssh/Makefile @@ -25,10 +25,6 @@ PKG_CPE_ID:=cpe:/a:openssh:openssh #While bumping new version, make sure that it works without it, so it can be removed. PKG_FIXUP:=autoreconf PKG_REMOVE_FILES:= -PKG_CONFIG_DEPENDS := \ - CONFIG_OPENSSH_LIBFIDO2 - -PKG_BUILD_DEPENDS += OPENSSH_LIBFIDO2:libfido2 include $(INCLUDE_DIR)/package.mk @@ -92,16 +88,12 @@ endef define Package/openssh-server $(call Package/openssh/Default) - DEPENDS+= +libopenssl +zlib +openssh-keygen +OPENSSH_LIBFIDO2:libfido2 + DEPENDS+= +libopenssl +zlib +openssh-keygen TITLE+= server USERID:=sshd=22:sshd=22 VARIANT:=without-pam endef -define Package/openssh-server/config - source "$(SOURCE)/Config.in" -endef - define Package/openssh-server/description OpenSSH server. endef @@ -182,7 +174,6 @@ CONFIGURE_ARGS += \ --without-kerberos5 \ --with-stackprotect \ --with$(if $(CONFIG_OPENSSL_ENGINE),,out)-ssl-engine \ - --with$(if $(CONFIG_OPENSSH_LIBFIDO2),,out)-security-key-builtin \ --with-cflags-after=-fzero-call-used-regs=skip ifeq ($(BUILD_VARIANT),with-pam)