Build toolchain

Author: bjw-s

.github/workflows/build.yaml

@@ -9,112 +9,70 @@ on:
 
 concurrency:
   group: build-kobo-ssh
-  cancel-in-progress: true
+  cancel-in-progress: false
 
 jobs:
   filter-changes:
     name: Filter changes
     runs-on: ubuntu-latest
     outputs:
-      toolchain_changed: ${{ steps.toolchain-changed-files.outputs.any_changed }}
-      build_changed: ${{ steps.build-changed-files.outputs.any_changed }}
+      build_changed: ${{ steps.build-files-changed.outputs.any_changed }}
     steps:
       - name: Checkout
         uses: actions/checkout@v4
 
-      - name: Toolchain Changed Files
-        id: toolchain-changed-files
-        uses: tj-actions/changed-files@v45
-        with:
-          files: |
-            toolchain/**
-
-      - name: Build Changed Files
-        id: build-changed-files
+      - name: Build files changed
+        id: build-files-changed
         uses: tj-actions/changed-files@v45
         with:
           files: |
             .github/workflows/build.yaml
             KoboRoot/**
-            compile.sh
+            Dockerfile
 
-  build-toolchain-image:
-    if: ${{ needs.filter-changes.outputs.toolchain_changed == 'true' }}
-    name: Build toolchain image
+  build-koboroot:
+    if: ${{ needs.filter-changes.outputs.build_changed == 'true' }}
+    name: Build KoboRoot
     runs-on: ubuntu-latest
+    needs:
+      - filter-changes
     permissions:
-      contents: read
-      packages: write
+      contents: write
+    env:
+      TOOLCHAIN_IMAGE: kobo-ssh-toolchain:latest
     steps:
       - name: Checkout
         uses: actions/checkout@v4
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
-      - name: Login to image registry
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ github.token }}
-
-      - name: Docker meta
-        id: meta
-        uses: docker/metadata-action@v5
-        with:
-          images: |
-            ghcr.io/${{ github.repository_owner }}/kobo-ssh-toolchain
-          tags: |
-            type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }}
-            type=ref,event=branch
-            type=ref,event=tag
-
       - name: Build image
         uses: docker/build-push-action@v6
         id: build
+        env:
+          DOCKER_BUILD_RECORD_UPLOAD: false
+          DOCKER_BUILD_SUMMARY: false
         with:
-          context: toolchain
-          file: ./Dockerfile
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
+          push: false
+          load: true
+          tags: ${{ env.TOOLCHAIN_IMAGE }}
           cache-from: type=gha
           cache-to: type=gha,mode=max
 
-  build-koboroot:
-    if: ${{ needs.filter-changes.outputs.build_changed == 'true' }}
-    name: Build KoboRoot
-    runs-on: ubuntu-latest
-    needs:
-      - filter-changes
-      - build-toolchain-image
-    permissions:
-      contents: read
-      packages: read
-    env:
-      TOOLCHAIN_IMAGE: ghcr.io/${{ github.repository_owner }}/kobo-ssh-toolchain:latest
-      DROPBEAR_TAG: DROPBEAR_2025.87
-      OPENSSH_TAG: V_9_9_P2
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Clone dropbear sources
-        run: |
-          git clone --depth 1 --branch "${{ env.DROPBEAR_TAG }}" https://github.com/mkj/dropbear.git external/dropbear
-
-      - name: Build dropbear
-        uses: kohlerdominik/docker-run-action@v2
+      - name: Fetch build output
+        uses: kohlerdominik/[email protected]
         with:
           image: ${{ env.TOOLCHAIN_IMAGE }}
           volumes: |
-            ${{ github.workspace }}:/workspace
-          workdir: /workspace
+            ${{ github.workspace }}/dist:/dist
           run: |
-            export PATH="/root/x-tools/arm-kobo-linux-gnueabihf/bin:$PATH"
-            autoconf
-            autoheader
-            ./configure --host=arm-kobo-linux-gnueabihf --disable-zlib --disable-zlib CC="arm-kobo-linux-gnueabihf"-gcc LD="arm-kobo-linux-gnueabihf"-ld --disable-wtmp --disable-lastlog --disable-syslog --disable-utmpx --disable-utmp --disable-wtmpx --disable-loginfunc --disable-pututxline --disable-pututline --enable-bundled-libtom --disable-pam
-            make clean
-            make PROGRAMS="dropbear dropbearkey" MULTI=1
+            cp /output/KoboRoot.tgz /dist/
+
+      - name: Release artifact
+        uses: softprops/action-gh-release@v2
+        with:
+          tag_name: "2025.87"
+          body: |
+            Dropbear 2025.87 for Kobo eReaders
+          files: dist/KoboRoot.tgz

.gitignore

@@ -1,8 +1,2 @@
-# Compiled binaries
-KoboRoot/usr/bin/dropbearmulti
-KoboRoot/usr/libexec/sftp-server
-
-# Remote sources
-external/
 # Generated files
 dist/

Dockerfile

@@ -0,0 +1,47 @@
+FROM koreader/kokobo:0.3.6-20.04 AS build
+ENV PATH=/usr/local/x-tools/arm-kobo-linux-gnueabihf/bin:$PATH
+
+ARG DROPBEAR_TAG="DROPBEAR_2025.87"
+ARG OPENSSH_TAG="V_9_9_P2"
+
+WORKDIR /source
+RUN <<EOF
+  git clone --branch "${DROPBEAR_TAG}" --depth 1 https://github.com/mkj/dropbear.git dropbear
+  git clone --branch "${OPENSSH_TAG}" --depth 1 https://github.com/openssh/openssh-portable.git openssh-portable
+EOF
+
+WORKDIR /source/dropbear
+COPY <<EOF localoptions.h
+#define DROPBEAR_MLKEM768 0
+#define DSS_PRIV_FILENAME "/usr/local/dropbear/dss_host_key"
+#define RSA_PRIV_FILENAME "/usr/local/dropbear/rsa_host_key"
+#define ECDSA_PRIV_FILENAME "/usr/local/dropbear/ecdsa_host_key"
+#define ED25519_PRIV_FILENAME "/usr/local/dropbear/ed25519_host_key"
+#define SFTPSERVER_PATH "/usr/bin/sftp-server"
+EOF
+
+RUN <<EOF
+  ./configure --host=arm-kobo-linux-gnueabihf CC="arm-kobo-linux-gnueabihf"-gcc LD="arm-kobo-linux-gnueabihf"-ld --disable-zlib --disable-wtmp --disable-lastlog --disable-syslog --disable-utmpx --disable-utmp --disable-wtmpx --disable-loginfunc --disable-pututxline --disable-pututline --enable-bundled-libtom --disable-pam
+  make clean
+  make -j PROGRAMS="dropbear dropbearkey"
+EOF
+
+WORKDIR /source/openssh-portable
+RUN <<EOF
+  autoreconf
+  ./configure --host=arm-kobo-linux-gnueabihf --without-openssl --without-zlib --without-pam --without-xauth CC="arm-kobo-linux-gnueabihf"-gcc LD="arm-kobo-linux-gnueabihf"-ld
+  make clean
+  make -j sftp-server
+EOF
+
+FROM ubuntu:latest
+WORKDIR /output
+COPY --chown=root:root KoboRoot /KoboRoot
+COPY --chown=root:root --chmod=777 --from=build /source/openssh-portable/sftp-server /KoboRoot/usr/bin/sftp-server
+COPY --chown=root:root --chmod=777 --from=build /source/dropbear/dropbear /KoboRoot/usr/bin/dropbear
+COPY --chown=root:root --chmod=777 --from=build /source/dropbear/dropbearkey /KoboRoot/usr/bin/dropbearkey
+
+RUN <<EOF
+  tar -cvzf KoboRoot.tgz -C /KoboRoot .
+  rm -rf /KoboRoot
+EOF

KoboRoot/usr/local/dropbear/on-boot.sh

@@ -2,7 +2,7 @@
 
 case "$(pidof dropbear | wc -w)" in
 # Add the desired dropbear options here
-0) dropbearmulti dropbear -R -F -K 15 -s &
+0) dropbear -R -F -K 15 &
    ;;
 *) ;;
 esac

README.md

@@ -1,4 +1,36 @@
 # kobo-ssh
-Build pipeline to compile Dropbear for Kobo
 
-Based on the work of https://github.com/obynio/kobopatch-ssh
+This repository contains the tools needed to compile [dropbear](https://matt.ucc.asn.au/dropbear/dropbear.html) and [sftp-server](https://github.com/openssh/openssh-portable) for the `arm-kobo-linux-gnueabihf` system (all recent [Kobo](https://www.kobo.com/) products).
+This binary is used for root shell access on Kobo devices which, in my case, is used to deploy and debug software on e-readers. As of now, these binaries have been tested on a Kobo Libra H2o and a Kobo Libra 2.
+
+### Features:
+- Recent Dropbear version
+- `scp` to the SSH server works
+- Host keys will be generated automatically as required.
+
+## Compiling locally
+
+This project can be compiled locally by building the [toolchain container image](toolchain/Dockerfile) and then running the `compile.sh` script.
+
+```sh
+docker buildx build --tag kobo-ssh-toolchain:latest ./toolchain --load
+./compile.sh
+```
+
+This will compile all the required binaries and generate a `dist/KoboRoot.tgz` file.
+
+## Prebuilt binaries
+
+A prebuilt KoboRoot.tgz can be found on the [releases page](https://github.com/bjw-s-labs/kobo-ssh/releases).
+
+## Kobo setup
+
+Once you have generated the `KoboRoot.tgz` file you can transfer this to your Kobo device by connecting the device to your computer and placing the file in the `.kobo` folder on the exposed drive.
+
+Finally, disconnect the device from your computer and wait for it to restart. Once the restart is complete you should have a working SSH server.
+
+## Credits
+
+Many thanks to the following for their original work on this subject:
+- https://github.com/Ewpratten/KoboSSH
+- https://github.com/obynio/kobopatch-ssh

compile.sh

@@ -1,44 +1,7 @@
 #!/usr/bin/env bash
 set -e
 
-TOOLCHAIN_IMAGE="ghcr.io/bjw-s-labs/kobo-ssh-toolchain:latest"
-DROPBEAR_TAG="DROPBEAR_2025.87"
-OPENSSH_TAG="V_9_9_P2"
+TOOLCHAIN_IMAGE="kobo-ssh-toolchain:latest"
 
-# Download sources
-mkdir -p external
-
-rm -rf external/dropbear
-git clone --branch "${DROPBEAR_TAG}" --depth 1 https://github.com/mkj/dropbear.git external/dropbear
-
-rm -rf external/openssh-portable
-git clone --branch "${OPENSSH_TAG}" --depth 1 https://github.com/openssh/openssh-portable.git external/openssh-portable
-
-# Compile Dropbear
-cat > external/dropbear/localoptions.h<< EOF
-#define DROPBEAR_MLKEM768 0
-#define DSS_PRIV_FILENAME "/usr/local/dropbear/dss_host_key"
-#define RSA_PRIV_FILENAME "/usr/local/dropbear/rsa_host_key"
-#define ECDSA_PRIV_FILENAME "/usr/local/dropbear/ecdsa_host_key"
-#define ED25519_PRIV_FILENAME "/usr/local/dropbear/ed25519_host_key"
-EOF
-
-docker run --platform linux/amd64 -v "${PWD}/external/dropbear:/work" "${TOOLCHAIN_IMAGE}" /bin/bash -c 'cd /work; autoconf; autoheader'
-docker run --platform linux/amd64 -v "${PWD}/external/dropbear:/work" "${TOOLCHAIN_IMAGE}" /bin/bash -c 'export PATH="/root/x-tools/arm-kobo-linux-gnueabihf/bin:$PATH"; cd /work; ./configure --host=arm-kobo-linux-gnueabihf --disable-zlib --disable-zlib CC="arm-kobo-linux-gnueabihf"-gcc LD="arm-kobo-linux-gnueabihf"-ld --disable-wtmp --disable-lastlog --disable-syslog --disable-utmpx --disable-utmp --disable-wtmpx --disable-loginfunc --disable-pututxline --disable-pututline --enable-bundled-libtom --disable-pam'
-docker run --platform linux/amd64 -v "${PWD}/external/dropbear:/work" "${TOOLCHAIN_IMAGE}" /bin/bash -c 'export PATH="/root/x-tools/arm-kobo-linux-gnueabihf/bin:$PATH"; cd /work; make clean'
-docker run --platform linux/amd64 -v "${PWD}/external/dropbear:/work" "${TOOLCHAIN_IMAGE}" /bin/bash -c 'export PATH="/root/x-tools/arm-kobo-linux-gnueabihf/bin:$PATH"; cd /work; make PROGRAMS="dropbear dropbearkey" MULTI=1'
-
-# Compile sftp-server
-docker run --platform linux/amd64 -v "${PWD}/external/openssh-portable:/work" "${TOOLCHAIN_IMAGE}" /bin/bash -c 'cd /work; autoconf; autoheader'
-docker run --platform linux/amd64 -v "${PWD}/external/openssh-portable:/work" "${TOOLCHAIN_IMAGE}" /bin/bash -c 'export PATH="/root/x-tools/arm-kobo-linux-gnueabihf/bin:$PATH"; cd /work; ./configure --host=arm-kobo-linux-gnueabihf --without-openssl --without-zlib --without-pam --without-xauth CC="arm-kobo-linux-gnueabihf"-gcc LD="arm-kobo-linux-gnueabihf"-ld'
-docker run --platform linux/amd64 -v "${PWD}/external/openssh-portable:/work" "${TOOLCHAIN_IMAGE}" /bin/bash -c 'export PATH="/root/x-tools/arm-kobo-linux-gnueabihf/bin:$PATH"; cd /work; make clean'
-docker run --platform linux/amd64 -v "${PWD}/external/openssh-portable:/work" "${TOOLCHAIN_IMAGE}" /bin/bash -c 'export PATH="/root/x-tools/arm-kobo-linux-gnueabihf/bin:$PATH"; cd /work; make sftp-server'
-
-# Build KoboRoot.tgz
-mkdir -p KoboRoot/usr/bin
-mv external/dropbear/dropbearmulti KoboRoot/usr/bin/dropbearmulti
-mkdir -p KoboRoot/usr/libexec
-mv external/openssh-portable/sftp-server KoboRoot/usr/libexec/sftp-server
-
-mkdir -p dist
-tar -cvzf dist/KoboRoot.tgz --exclude='.DS_Store' -C KoboRoot .
+docker buildx build --tag "${TOOLCHAIN_IMAGE}" . --load
+docker run --rm -it -v "${PWD}/dist:/dist" "${TOOLCHAIN_IMAGE}" bash -c "cp /output/KoboRoot.tgz /dist/"