All of lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [PATCH 1/1] package/mosquitto: add host variant
@ 2022-10-07 12:40 yann.morin
  2022-10-07 15:40 ` Peter Korsgaard
  0 siblings, 1 reply; 2+ messages in thread
From: yann.morin @ 2022-10-07 12:40 UTC (permalink / raw)
  To: buildroot; +Cc: Titouan Christophe, Thomas Petazzoni

mosquitto can be configured to use password files. Those have a very
trivial layout, with one "username:password" tuple per line, not unlike
Apache's htpasswd file format, but unlike htpasswd files, the password
can be either in clear (boo!), or encrypted (by calling into openssl's
libcrypto).

Encryption of passwords is done with an ad-hoc tool, mosquitto_passwd,
again very like Apache's htpasswd, but the encrypted form is different
(of course). This encryption is handled by mosquitto_passwd, which can
create, update, or delete users, all while storing their encrypted
password, or it can also convert a password file with clear-text
passwords into a password file with encrypted passwords, e.g. it turns
each "foo:bar" entry to their corresponding encrypted form, like
"foo:$7$101$yLPgk5fn46d....==".

It can be very interesting to maintain a clear-text DB of
users:passwords in configuration management [0], and only convert it to
encrypted passwords when embedded on the target.

Add a host variant for mosquitto, which only installs mosquitto_passwd.

[0] ensuring safety, confidentiality, and integrity of that DB is left
as an exercise to the user, and is clearly out of scope for Buildroot,
like storing the root password in the .config is.

Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Titouan Christophe <titouanchristophe@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
 package/Config.in.host           |  1 +
 package/mosquitto/Config.in.host |  4 ++++
 package/mosquitto/mosquitto.mk   | 20 ++++++++++++++++++++
 3 files changed, 25 insertions(+)
 create mode 100644 package/mosquitto/Config.in.host

diff --git a/package/Config.in.host b/package/Config.in.host
index f437ef680c..84517787cc 100644
--- a/package/Config.in.host
+++ b/package/Config.in.host
@@ -57,6 +57,7 @@ menu "Host utilities"
 	source "package/mfgtools/Config.in.host"
 	source "package/mkpasswd/Config.in.host"
 	source "package/moby-buildkit/Config.in.host"
+	source "package/mosquitto/Config.in.host"
 	source "package/mtd/Config.in.host"
 	source "package/mtools/Config.in.host"
 	source "package/mxsldr/Config.in.host"
diff --git a/package/mosquitto/Config.in.host b/package/mosquitto/Config.in.host
new file mode 100644
index 0000000000..39e287ee89
--- /dev/null
+++ b/package/mosquitto/Config.in.host
@@ -0,0 +1,4 @@
+config BR2_PACKAGE_HOST_MOSQUITTO
+	bool "host mosquitto (mosquitto_passwd)"
+	help
+	  Only installs mosquitto_passwd.
diff --git a/package/mosquitto/mosquitto.mk b/package/mosquitto/mosquitto.mk
index 12de2946b7..a95a2cac4d 100644
--- a/package/mosquitto/mosquitto.mk
+++ b/package/mosquitto/mosquitto.mk
@@ -128,4 +128,24 @@ define MOSQUITTO_USERS
 endef
 endif
 
+HOST_MOSQUITTO_DEPENDENCIES = host-pkgconf host-openssl
+
+HOST_MOSQUITTO_MAKE_OPTS = \
+	$(HOST_CONFIGURE_OPTS) \
+	UNAME=Linux \
+	STRIP=true \
+	prefix=$(HOST_DIR) \
+	WITH_WRAP=no \
+	WITH_DOCS=no \
+	WITH_TLS=yes
+
+define HOST_MOSQUITTO_BUILD_CMDS
+	$(MAKE) -C $(@D)/apps/mosquitto_passwd $(HOST_MOSQUITTO_MAKE_OPTS)
+endef
+
+define HOST_MOSQUITTO_INSTALL_CMDS
+	$(MAKE) -C $(@D)/apps/mosquitto_passwd $(HOST_MOSQUITTO_MAKE_OPTS) install
+endef
+
 $(eval $(generic-package))
+$(eval $(host-generic-package))
-- 
2.25.1


_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/mosquitto: add host variant
  2022-10-07 12:40 [Buildroot] [PATCH 1/1] package/mosquitto: add host variant yann.morin
@ 2022-10-07 15:40 ` Peter Korsgaard
  0 siblings, 0 replies; 2+ messages in thread
From: Peter Korsgaard @ 2022-10-07 15:40 UTC (permalink / raw)
  To: yann.morin; +Cc: Titouan Christophe, Thomas Petazzoni, buildroot

>>>>>   <yann.morin@orange.com> writes:

 > mosquitto can be configured to use password files. Those have a very
 > trivial layout, with one "username:password" tuple per line, not unlike
 > Apache's htpasswd file format, but unlike htpasswd files, the password
 > can be either in clear (boo!), or encrypted (by calling into openssl's
 > libcrypto).

 > Encryption of passwords is done with an ad-hoc tool, mosquitto_passwd,
 > again very like Apache's htpasswd, but the encrypted form is different
 > (of course). This encryption is handled by mosquitto_passwd, which can
 > create, update, or delete users, all while storing their encrypted
 > password, or it can also convert a password file with clear-text
 > passwords into a password file with encrypted passwords, e.g. it turns
 > each "foo:bar" entry to their corresponding encrypted form, like
 > "foo:$7$101$yLPgk5fn46d....==".

 > It can be very interesting to maintain a clear-text DB of
 > users:passwords in configuration management [0], and only convert it to
 > encrypted passwords when embedded on the target.

 > Add a host variant for mosquitto, which only installs mosquitto_passwd.

 > [0] ensuring safety, confidentiality, and integrity of that DB is left
 > as an exercise to the user, and is clearly out of scope for Buildroot,
 > like storing the root password in the .config is.

 > Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
 > Cc: Peter Korsgaard <peter@korsgaard.com>
 > Cc: Titouan Christophe <titouanchristophe@gmail.com>
 > Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

Committed, thanks.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-10-07 15:40 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-10-07 12:40 [Buildroot] [PATCH 1/1] package/mosquitto: add host variant yann.morin
2022-10-07 15:40 ` Peter Korsgaard

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.