From patchwork Sun Feb 22 17:45:50 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Yann E. MORIN" <yann.morin.1998@free.fr>
X-Patchwork-Id: 442301
Return-Path: <buildroot-bounces@busybox.net>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from hemlock.osuosl.org (hemlock.osuosl.org [140.211.166.133])
	by ozlabs.org (Postfix) with ESMTP id 184D5140111
	for <incoming@patchwork.ozlabs.org>;
	Mon, 23 Feb 2015 04:46:14 +1100 (AEDT)
Received: from localhost (localhost [127.0.0.1])
	by hemlock.osuosl.org (Postfix) with ESMTP id E2EED92101;
	Sun, 22 Feb 2015 17:46:11 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from hemlock.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id Z3nUBSRxtMuE; Sun, 22 Feb 2015 17:46:10 +0000 (UTC)
Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34])
	by hemlock.osuosl.org (Postfix) with ESMTP id 91FCF950C1;
	Sun, 22 Feb 2015 17:46:09 +0000 (UTC)
X-Original-To: buildroot@lists.busybox.net
Delivered-To: buildroot@osuosl.org
Received: from whitealder.osuosl.org (whitealder.osuosl.org
	[140.211.166.138])
	by ash.osuosl.org (Postfix) with ESMTP id E9CE01C1F80
	for <buildroot@lists.busybox.net>;
	Sun, 22 Feb 2015 17:46:05 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by whitealder.osuosl.org (Postfix) with ESMTP id E4C8691826
	for <buildroot@lists.busybox.net>;
	Sun, 22 Feb 2015 17:46:05 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from whitealder.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id bordSc5kl9AG for <buildroot@lists.busybox.net>;
	Sun, 22 Feb 2015 17:46:04 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from mail-wg0-f48.google.com (mail-wg0-f48.google.com
	[74.125.82.48])
	by whitealder.osuosl.org (Postfix) with ESMTPS id 8957B91818
	for <buildroot@buildroot.org>; Sun, 22 Feb 2015 17:46:04 +0000 (UTC)
Received: by mail-wg0-f48.google.com with SMTP id l18so21704284wgh.7
	for <buildroot@buildroot.org>; Sun, 22 Feb 2015 09:46:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=sender:from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=ugr7gHvAa1mo5GEw70w2RXrRDHmMGCoSqmCaLX5RtLg=;
	b=u8vK4p7AhmE3BHCvtjGV6+MW/zdj/d7MDHXh7J845DvPZfBgPG6nqc7QpbCCW0WP/W
	Z0E2ACaD61OQxrJolYZsVGsU5ndag1cBsqVZAPNrSQDK/ujZ4q80FKwftndUtIOy3p4i
	VpzH9yOmk72sJiH8a50HgYROd3UHWZq4qycDrCRlS5/nJsUOGiS/0q9MvMzJ8Uq1tx2j
	/HVNCdBGzBVBrP9pGiU3j1/3aAqaNQzE1eO/wz+rdgymaGAepdUrJkDoz6FPU++0kIQw
	9BearLayBKuORZG5pDcS6qybHMUgNeF0/8sCazU6iz/zNLYHLInZ4XFvzMLYuunSVhkd
	Jksg==
X-Received: by 10.180.189.35 with SMTP id gf3mr5710472wic.5.1424627163191;
	Sun, 22 Feb 2015 09:46:03 -0800 (PST)
Received: from gourin.bzh.lan (ns304657.ip-46-105-103.eu. [46.105.103.66])
	by mx.google.com with ESMTPSA id
	a1sm52003869wjs.40.2015.02.22.09.46.01
	(version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Sun, 22 Feb 2015 09:46:02 -0800 (PST)
From: "Yann E. MORIN" <yann.morin.1998@free.fr>
To: buildroot@buildroot.org
Date: Sun, 22 Feb 2015 18:45:50 +0100
Message-Id: <1424627150-2594-2-git-send-email-yann.morin.1998@free.fr>
X-Mailer: git-send-email 1.9.1
In-Reply-To: <1424627150-2594-1-git-send-email-yann.morin.1998@free.fr>
References: <1424627150-2594-1-git-send-email-yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>,
	"Yann E. MORIN" <yann.morin.1998@free.fr>
Subject: [Buildroot] [PATCH 2/2] package/freerdp: Always install key and
	certificate
X-BeenThere: buildroot@busybox.net
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: Discussion and development of buildroot <buildroot.busybox.net>
List-Unsubscribe: <http://lists.busybox.net/mailman/options/buildroot>,
	<mailto:buildroot-request@busybox.net?subject=unsubscribe>
List-Archive: <http://lists.busybox.net/pipermail/buildroot/>
List-Post: <mailto:buildroot@busybox.net>
List-Help: <mailto:buildroot-request@busybox.net?subject=help>
List-Subscribe: <http://lists.busybox.net/mailman/listinfo/buildroot>,
	<mailto:buildroot-request@busybox.net?subject=subscribe>
MIME-Version: 1.0
Errors-To: buildroot-bounces@busybox.net
Sender: "buildroot" <buildroot-bounces@busybox.net>

Currently, the keys are only installed if the server is enabled.

However, other packages (e.g. weston) may implement an RDP server,
using the FreeRDP library.

So, we must always install the key and certificate.

Install them world-readable so non-root users may start an RDP server
without requiring to generate their own keys.

Add a comment in the help text about key and certificate management.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
---
 package/freerdp/Config.in  |  6 ++++++
 package/freerdp/freerdp.mk | 23 ++++++++++++++---------
 2 files changed, 20 insertions(+), 9 deletions(-)

diff --git a/package/freerdp/Config.in b/package/freerdp/Config.in
index 47fd8be..1c203c7 100644
--- a/package/freerdp/Config.in
+++ b/package/freerdp/Config.in
@@ -10,6 +10,12 @@ config BR2_PACKAGE_FREERDP
 
 	  http://www.freerdp.com/
 
+	  Note: this also installs a key and certificate in
+	  /etc/freerdp/keys/ . These are publicly-known, as they
+	  are present in FreeRDP's source tree. It is strongly
+	  suggested that you overwrite them with your own set,
+	  either in an overlay rootfs or in a post-build script.
+
 if BR2_PACKAGE_FREERDP
 
 config BR2_PACKAGE_FREERDP_SERVER
diff --git a/package/freerdp/freerdp.mk b/package/freerdp/freerdp.mk
index 50b8f18..f73bdd7 100644
--- a/package/freerdp/freerdp.mk
+++ b/package/freerdp/freerdp.mk
@@ -71,15 +71,6 @@ endif
 
 ifeq ($(BR2_PACKAGE_FREERDP_SERVER),y)
 FREERDP_CONF_OPTS += -DWITH_SERVER=ON -DWITH_SERVER_INTERFACE=ON
-# Install the server key and certificate, so that a client can connect.
-# A user can override them with its own in a post-build script, if needed.
-define FREERDP_INSTALL_KEYS
-	$(INSTALL) -D $(@D)/server/X11/server.key \
-		      $(TARGET_DIR)/etc/freerdp/keys/server.key
-	$(INSTALL) -D $(@D)/server/X11/server.crt \
-		      $(TARGET_DIR)/etc/freerdp/keys/server.crt
-endef
-FREERDP_POST_INSTALL_TARGET_HOOKS += FREERDP_INSTALL_KEYS
 else
 FREERDP_CONF_OPTS += -DWITH_SERVER=OFF -DWITH_SERVER_INTERFACE=OFF
 endif
@@ -178,4 +169,18 @@ FREERDP_CONF_OPTS += -DWITH_X11=OFF
 
 endif # ! SERVER && ! CLIENT
 
+# Install the server key and certificate, so that a client can connect.
+# A user can override them with its own in a post-build script, if needed.
+# We install them even if the server is not enabled, since another server
+# can be built and linked with libfreerdp (e.g. weston with the  RDP
+# backend). Key and cert are installed world-readable, so non-root users
+# can start a server.
+define FREERDP_INSTALL_KEYS
+	$(INSTALL) -m 0644 -D $(@D)/server/X11/server.key \
+		      $(TARGET_DIR)/etc/freerdp/keys/server.key
+	$(INSTALL) -m 0644 -D $(@D)/server/X11/server.crt \
+		      $(TARGET_DIR)/etc/freerdp/keys/server.crt
+endef
+FREERDP_POST_INSTALL_TARGET_HOOKS += FREERDP_INSTALL_KEYS
+
 $(eval $(cmake-package))