| Message ID | 22269_1665146445_63401E4D_22269_436_1_6b44a0c69cdefac160c38dfa526662d35a77ec0e.1665146097.git.yann.morin@orange.com |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [1/1] package/mosquitto: add host variant | expand |
>>>>> <yann.morin@orange.com> writes: > mosquitto can be configured to use password files. Those have a very > trivial layout, with one "username:password" tuple per line, not unlike > Apache's htpasswd file format, but unlike htpasswd files, the password > can be either in clear (boo!), or encrypted (by calling into openssl's > libcrypto). > Encryption of passwords is done with an ad-hoc tool, mosquitto_passwd, > again very like Apache's htpasswd, but the encrypted form is different > (of course). This encryption is handled by mosquitto_passwd, which can > create, update, or delete users, all while storing their encrypted > password, or it can also convert a password file with clear-text > passwords into a password file with encrypted passwords, e.g. it turns > each "foo:bar" entry to their corresponding encrypted form, like > "foo:$7$101$yLPgk5fn46d....==". > It can be very interesting to maintain a clear-text DB of > users:passwords in configuration management [0], and only convert it to > encrypted passwords when embedded on the target. > Add a host variant for mosquitto, which only installs mosquitto_passwd. > [0] ensuring safety, confidentiality, and integrity of that DB is left > as an exercise to the user, and is clearly out of scope for Buildroot, > like storing the root password in the .config is. > Signed-off-by: Yann E. MORIN <yann.morin@orange.com> > Cc: Peter Korsgaard <peter@korsgaard.com> > Cc: Titouan Christophe <titouanchristophe@gmail.com> > Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Committed, thanks.
diff --git a/package/Config.in.host b/package/Config.in.host index f437ef680c..84517787cc 100644 --- a/package/Config.in.host +++ b/package/Config.in.host @@ -57,6 +57,7 @@ menu "Host utilities" source "package/mfgtools/Config.in.host" source "package/mkpasswd/Config.in.host" source "package/moby-buildkit/Config.in.host" + source "package/mosquitto/Config.in.host" source "package/mtd/Config.in.host" source "package/mtools/Config.in.host" source "package/mxsldr/Config.in.host" diff --git a/package/mosquitto/Config.in.host b/package/mosquitto/Config.in.host new file mode 100644 index 0000000000..39e287ee89 --- /dev/null +++ b/package/mosquitto/Config.in.host @@ -0,0 +1,4 @@ +config BR2_PACKAGE_HOST_MOSQUITTO + bool "host mosquitto (mosquitto_passwd)" + help + Only installs mosquitto_passwd. diff --git a/package/mosquitto/mosquitto.mk b/package/mosquitto/mosquitto.mk index 12de2946b7..a95a2cac4d 100644 --- a/package/mosquitto/mosquitto.mk +++ b/package/mosquitto/mosquitto.mk @@ -128,4 +128,24 @@ define MOSQUITTO_USERS endef endif +HOST_MOSQUITTO_DEPENDENCIES = host-pkgconf host-openssl + +HOST_MOSQUITTO_MAKE_OPTS = \ + $(HOST_CONFIGURE_OPTS) \ + UNAME=Linux \ + STRIP=true \ + prefix=$(HOST_DIR) \ + WITH_WRAP=no \ + WITH_DOCS=no \ + WITH_TLS=yes + +define HOST_MOSQUITTO_BUILD_CMDS + $(MAKE) -C $(@D)/apps/mosquitto_passwd $(HOST_MOSQUITTO_MAKE_OPTS) +endef + +define HOST_MOSQUITTO_INSTALL_CMDS + $(MAKE) -C $(@D)/apps/mosquitto_passwd $(HOST_MOSQUITTO_MAKE_OPTS) install +endef + $(eval $(generic-package)) +$(eval $(host-generic-package))
mosquitto can be configured to use password files. Those have a very trivial layout, with one "username:password" tuple per line, not unlike Apache's htpasswd file format, but unlike htpasswd files, the password can be either in clear (boo!), or encrypted (by calling into openssl's libcrypto). Encryption of passwords is done with an ad-hoc tool, mosquitto_passwd, again very like Apache's htpasswd, but the encrypted form is different (of course). This encryption is handled by mosquitto_passwd, which can create, update, or delete users, all while storing their encrypted password, or it can also convert a password file with clear-text passwords into a password file with encrypted passwords, e.g. it turns each "foo:bar" entry to their corresponding encrypted form, like "foo:$7$101$yLPgk5fn46d....==". It can be very interesting to maintain a clear-text DB of users:passwords in configuration management [0], and only convert it to encrypted passwords when embedded on the target. Add a host variant for mosquitto, which only installs mosquitto_passwd. [0] ensuring safety, confidentiality, and integrity of that DB is left as an exercise to the user, and is clearly out of scope for Buildroot, like storing the root password in the .config is. Signed-off-by: Yann E. MORIN <yann.morin@orange.com> Cc: Peter Korsgaard <peter@korsgaard.com> Cc: Titouan Christophe <titouanchristophe@gmail.com> Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com> --- package/Config.in.host | 1 + package/mosquitto/Config.in.host | 4 ++++ package/mosquitto/mosquitto.mk | 20 ++++++++++++++++++++ 3 files changed, 25 insertions(+) create mode 100644 package/mosquitto/Config.in.host