@@ -51,7 +51,7 @@ config DROPBEAR_ECC_FULL
config DROPBEAR_ED25519
bool "Ed25519 support"
- default n
+ default y if !SMALL_FLASH
help
This enables the following public key algorithm:
ssh-ed25519
@@ -1,5 +1,5 @@
#
-# Copyright (C) 2006-2016 OpenWrt.org
+# Copyright (C) 2006-2020 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=dropbear
PKG_VERSION:=2020.80
-PKG_RELEASE:=2
+PKG_RELEASE:=3
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:= \
@@ -25,6 +25,7 @@ PKG_BUILD_PARALLEL:=1
PKG_ASLR_PIE_REGULAR:=1
PKG_USE_MIPS16:=0
PKG_FIXUP:=autoreconf
+PKG_FLAGS:=nonshared
PKG_CONFIG_DEPENDS:= \
CONFIG_TARGET_INIT_PATH CONFIG_DROPBEAR_ECC CONFIG_DROPBEAR_ECC_FULL \
The Ed25519 key pairs are much shorter than RSA pairs and are supported by default in OpenSSH. Looking at websites explaining how to create new SSH keys, many suggest using Ed25519 rather than RSA, however consider the former as not yet widely established. OpenWrt likely has a positive influence on that development. As enabling Ed25519 is a compile time option, it is currently not possible to install the feature via `opkg` nor select that option in an ImageBuilder. Due to the size impact of **12kB** the option should only be enabled for devices with `!SMALL_FLASH`. This approach seems cleaner than splitting `dropbear` into two packages like `dropbear` and `dropbear-ed25519`. Signed-off-by: Paul Spooren <mail@aparcar.org> --- v3: * Add PKG_FLAGS:=nonshared to avoid trouble with legacy `tiny` targets package/network/services/dropbear/Config.in | 2 +- package/network/services/dropbear/Makefile | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-)