[openssh] Introduce custom openssh-server package for supporting reverse console SSH (#5717)

* Build and install openssh from source * Copy openssh deb package to dest folder * Update make rule * Update sonic debian extension * Append empty line before EOF * Update openssh patch * Add openssh-server to base image dependency * Fix indent type * Fix comments * Use commit id instead of tag id and add comment Signed-off-by: Jing Kan jika@microsoft.com
2020-11-02 10:31:15 +08:00 · 2020-11-02 10:31:15 +08:00 · 698b5544c9
commit 698b5544c9
parent f2a258aca9
7 changed files with 91 additions and 0 deletions
--- a/files/build_templates/sonic_debian_extension.j2
+++ b/files/build_templates/sonic_debian_extension.j2
@ -263,6 +263,9 @@ sudo chmod 600 $FILESYSTEM_ROOT/etc/monit/conf.d/*
 sudo cp $IMAGE_CONFIGS/monit/process_checker $FILESYSTEM_ROOT/usr/bin/
 sudo chmod 755 $FILESYSTEM_ROOT/usr/bin/process_checker

+# Install custom-built openssh sshd
+sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/openssh-server_*.deb
+
 # Copy crontabs
 sudo cp -f $IMAGE_CONFIGS/cron.d/* $FILESYSTEM_ROOT/etc/cron.d/

--- a/rules/openssh.dep
+++ b/rules/openssh.dep
@ -0,0 +1,8 @@
+SPATH       := $($(OPENSSH_SERVER)_SRC_PATH)
+DEP_FILES   := $(SONIC_COMMON_FILES_LIST) rules/openssh.mk rules/openssh.dep   
+DEP_FILES   += $(SONIC_COMMON_BASE_FILES_LIST)
+DEP_FILES   += $(shell git ls-files $(SPATH))
+
+$(OPENSSH_SERVER)_CACHE_MODE  := GIT_CONTENT_SHA 
+$(OPENSSH_SERVER)_DEP_FLAGS   := $(SONIC_COMMON_FLAGS_LIST)
+$(OPENSSH_SERVER)_DEP_FILES   := $(DEP_FILES)
--- a/rules/openssh.mk
+++ b/rules/openssh.mk
@ -0,0 +1,14 @@
+# openssh package
+
+OPENSSH_VERSION = 7.9p1-10+deb10u2
+
+export OPENSSH_VERSION
+
+OPENSSH_SERVER = openssh-server_$(OPENSSH_VERSION)_$(CONFIGURED_ARCH).deb
+$(OPENSSH_SERVER)_SRC_PATH = $(SRC_PATH)/openssh
+SONIC_MAKE_DEBS += $(OPENSSH_SERVER)
+
+# The .c, .cpp, .h & .hpp files under src/{$DBG_SRC_ARCHIVE list}
+# are archived into debug one image to facilitate debugging.
+#
+DBG_SRC_ARCHIVE += openssh
--- a/slave.mk
+++ b/slave.mk
@ -802,6 +802,7 @@ $(addprefix $(TARGET_PATH)/, $(SONIC_INSTALLERS)) : $(TARGET_PATH)/% : \
                $(LIBPAM_TACPLUS) \
                $(LIBNSS_TACPLUS) \
                $(MONIT) \
+                $(OPENSSH_SERVER) \
                $(PYTHON_SWSSCOMMON) \
                $(PYTHON3_SWSSCOMMON) \
                $(SONIC_UTILITIES_DATA) \
--- a/src/openssh/Makefile
+++ b/src/openssh/Makefile
@ -0,0 +1,28 @@
+.ONESHELL:
+SHELL = /bin/bash
+.SHELLFLAGS += -e
+
+MAIN_TARGET = openssh-server_$(OPENSSH_VERSION)_$(CONFIGURED_ARCH).deb
+DERIVED_TARGETS = openssh-server-dbgsym_$(OPENSSH_VERSION)_$(CONFIGURED_ARCH).deb
+
+$(addprefix $(DEST)/, $(MAIN_TARGET)): $(DEST)/% :
+	# Obtain openssh: https://salsa.debian.org/ssh-team/openssh/-/tree/debian/1%257.9p1-10+deb10u2
+	rm -rf ./openssh-server
+	git clone https://salsa.debian.org/ssh-team/openssh.git openssh-server
+	pushd ./openssh-server
+
+	# Check out tag: debian/1%7.9p1-10+deb10u2
+	git checkout -b openssh-src -f 6d9ca74c48d9911342c6ca5aaac8a25974fa2619
+
+	# Apply patch series
+	stg init
+	stg import -s ../patch/series
+
+	# Build package
+	sudo apt-get -y build-dep openssh
+	dpkg-buildpackage -rfakeroot -b -us -uc -j$(SONIC_CONFIG_MAKE_JOBS)
+	popd
+
+	mv $(DERIVED_TARGETS) $* $(DEST)/
+
+$(addprefix $(DEST)/, $(DERIVED_TARGETS)): $(DEST)/% : $(DEST)/$(MAIN_TARGET)
--- a/src/openssh/patch/0001-Put-style-as-line-number-to-ssh-session-environment-.patch
+++ b/src/openssh/patch/0001-Put-style-as-line-number-to-ssh-session-environment-.patch
@ -0,0 +1,36 @@
+From 6e8cca780dab4680292192058b90a4a28f35d4ab Mon Sep 17 00:00:00 2001
+From: Blueve <blueve@users.noreply.github.com>
+Date: Mon, 26 Oct 2020 06:44:59 +0000
+Subject: [PATCH 1/1] Put style as line number to ssh session environment
+ variable
+
+By default, the content between : and @ will be trimmed by sshd before it do
+authentication and the trimmed string will be dropped silently. To use this
+segment as line number for reverse SSH feature, we need to modify the source
+code of OpenSSH and put this segment to a environment variable
+SSH_TARGET_CONSOLE_LINE, then we can insert a short script into /etc/bash.bashrc
+and run command consutil connect $SSH_TARGET_CONSOLE_LINE to enter the
+management session automatically after user login.
+---
+ session.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/session.c b/session.c
+index 19f38637e..654371447 100644
+--- a/session.c
+++ b/session.c
+@@ -1209,6 +1209,11 @@ do_setup_env(struct ssh *ssh, Session *s, const char *shell)
+ 		child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND",
+ 		    original_command);
+ 
+	/* Take advantage of authentication style field */
+	if (s->authctxt->style)
+		child_set_env(&env, &envsize, "SSH_TARGET_CONSOLE_LINE",
+		    s->authctxt->style);
+
+ 	if (debug_flag) {
+ 		/* dump the environment */
+ 		fprintf(stderr, "Environment:\n");
+-- 
+2.25.1
+
--- a/src/openssh/patch/series
+++ b/src/openssh/patch/series
@ -0,0 +1 @@
+0001-Put-style-as-line-number-to-ssh-session-environment-.patch
				`@ -0,0 +1 @@`
				`0001-Put-style-as-line-number-to-ssh-session-environment-.patch`