All of lore.kernel.org
 help / color / mirror / Atom feed
* [meta-networking][PATCH] net-snmp: control smux via PACKAGECONFIG
@ 2021-01-20 16:22 Diego Santa Cruz
  0 siblings, 0 replies; only message in thread
From: Diego Santa Cruz @ 2021-01-20 16:22 UTC (permalink / raw)
  To: openembedded-devel; +Cc: Diego Santa Cruz

Support for smux is always enabled by the recipe, but it can be a
security risk since it makes the snmpd daemon listen on TCP port 199.

This makes it contrallable via PACKAGECONFIG, so that it can be easily
disabled from the distro or local config. The mechanism makes it easy
to add control for other MIB modules via PACKAGECONFIG later if need
be.

For compatibility smux is added to the default PACKAGECONFIG, so there
is no change in the default build configuration.

Signed-off-by: Diego Santa Cruz <Diego.SantaCruz@spinetix.com>
---
 .../recipes-protocols/net-snmp/net-snmp_5.9.bb            | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.bb b/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.bb
index 5df1f9340..bee83c4d1 100644
--- a/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.bb
+++ b/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.bb
@@ -40,7 +40,7 @@ CCACHE = ""
 
 TARGET_CC_ARCH += "${LDFLAGS}"
 
-PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} des"
+PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} des smux"
 PACKAGECONFIG[elfutils] = "--with-elf, --without-elf, elfutils"
 PACKAGECONFIG[libnl] = "--with-nl, --without-nl, libnl"
 
@@ -49,6 +49,7 @@ PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,,"
 PACKAGECONFIG[perl] = "--enable-embedded-perl --with-perl-modules=yes, --disable-embedded-perl --with-perl-modules=no,\
                        perl,"
 PACKAGECONFIG[des] = "--enable-des,--disable-des"
+PACKAGECONFIG[smux] = ""
 
 EXTRA_OECONF = "--enable-shared \
                 --disable-manuals \
@@ -57,10 +58,11 @@ EXTRA_OECONF = "--enable-shared \
                 --with-persistent-directory=${localstatedir}/lib/net-snmp \
                 ${@oe.utils.conditional('SITEINFO_ENDIANNESS', 'le', '--with-endianness=little', '--with-endianness=big', d)} \
                 --with-openssl=${STAGING_EXECPREFIXDIR} \
+                --with-mib-modules='${MIB_MODULES}' \
 "
 
-# net-snmp needs to have mib-modules=smux enabled to enable quagga to support snmp
-EXTRA_OECONF += "--with-mib-modules=smux"
+MIB_MODULES = ""
+MIB_MODULES_append = " ${@bb.utils.filter('PACKAGECONFIG', 'smux', d)}"
 
 CACHED_CONFIGUREVARS = " \
     ac_cv_header_valgrind_valgrind_h=no \
-- 
2.18.4


^ permalink raw reply related	[flat|nested] only message in thread
only message in thread, other threads:[~2021-01-20 16:22 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-01-20 16:22 [meta-networking][PATCH] net-snmp: control smux via PACKAGECONFIG Diego Santa Cruz

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.