From e58e07b010988781ee2e772e3ca25bcde81c2bec Mon Sep 17 00:00:00 2001 From: Diego Santa Cruz Date: Wed, 20 Jan 2021 17:22:27 +0100 Subject: net-snmp: control smux via PACKAGECONFIG Support for smux is always enabled by the recipe, but it can be a security risk since it makes the snmpd daemon listen on TCP port 199. This makes it contrallable via PACKAGECONFIG, so that it can be easily disabled from the distro or local config. The mechanism makes it easy to add control for other MIB modules via PACKAGECONFIG later if need be. For compatibility smux is added to the default PACKAGECONFIG, so there is no change in the default build configuration. Signed-off-by: Diego Santa Cruz Signed-off-by: Khem Raj --- meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.bb | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'meta-networking') diff --git a/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.bb b/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.bb index 5df1f9340e..bee83c4d13 100644 --- a/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.bb +++ b/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.bb @@ -40,7 +40,7 @@ CCACHE = "" TARGET_CC_ARCH += "${LDFLAGS}" -PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} des" +PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} des smux" PACKAGECONFIG[elfutils] = "--with-elf, --without-elf, elfutils" PACKAGECONFIG[libnl] = "--with-nl, --without-nl, libnl" @@ -49,6 +49,7 @@ PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,," PACKAGECONFIG[perl] = "--enable-embedded-perl --with-perl-modules=yes, --disable-embedded-perl --with-perl-modules=no,\ perl," PACKAGECONFIG[des] = "--enable-des,--disable-des" +PACKAGECONFIG[smux] = "" EXTRA_OECONF = "--enable-shared \ --disable-manuals \ @@ -57,10 +58,11 @@ EXTRA_OECONF = "--enable-shared \ --with-persistent-directory=${localstatedir}/lib/net-snmp \ ${@oe.utils.conditional('SITEINFO_ENDIANNESS', 'le', '--with-endianness=little', '--with-endianness=big', d)} \ --with-openssl=${STAGING_EXECPREFIXDIR} \ + --with-mib-modules='${MIB_MODULES}' \ " -# net-snmp needs to have mib-modules=smux enabled to enable quagga to support snmp -EXTRA_OECONF += "--with-mib-modules=smux" +MIB_MODULES = "" +MIB_MODULES_append = " ${@bb.utils.filter('PACKAGECONFIG', 'smux', d)}" CACHED_CONFIGUREVARS = " \ ac_cv_header_valgrind_valgrind_h=no \ -- cgit v1.2.3-54-g00ecf