Build toolchain

Author: bjw-s

.github/workflows/build.yaml

@@ -0,0 +1,120 @@
+---
+name: Build kobo-ssh
+
+on:
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+
+concurrency:
+  group: build-kobo-ssh
+  cancel-in-progress: true
+
+jobs:
+  filter-changes:
+    name: Filter changes
+    runs-on: ubuntu-latest
+    outputs:
+      toolchain_changed: ${{ steps.toolchain-changed-files.outputs.any_changed }}
+      build_changed: ${{ steps.build-changed-files.outputs.any_changed }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Toolchain Changed Files
+        id: toolchain-changed-files
+        uses: tj-actions/changed-files@v45
+        with:
+          files: |
+            toolchain/**
+
+      - name: Build Changed Files
+        id: build-changed-files
+        uses: tj-actions/changed-files@v45
+        with:
+          files: |
+            .github/workflows/build.yaml
+            KoboRoot/**
+            compile.sh
+
+  build-toolchain-image:
+    if: ${{ needs.filter-changes.outputs.toolchain_changed == 'true' }}
+    name: Build toolchain image
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to image registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ github.token }}
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ghcr.io/${{ github.repository_owner }}/kobo-ssh-toolchain
+          tags: |
+            type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }}
+            type=ref,event=branch
+            type=ref,event=tag
+
+      - name: Build image
+        uses: docker/build-push-action@v6
+        id: build
+        with:
+          context: toolchain
+          file: ./Dockerfile
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+  build-koboroot:
+    if: ${{ needs.filter-changes.outputs.build_changed == 'true' }}
+    name: Build KoboRoot
+    runs-on: ubuntu-latest
+    needs:
+      - filter-changes
+      - build-toolchain-image
+    permissions:
+      contents: read
+      packages: read
+    env:
+      TOOLCHAIN_IMAGE: ghcr.io/${{ github.repository_owner }}/kobo-ssh-toolchain:latest
+      DROPBEAR_TAG: DROPBEAR_2025.87
+      OPENSSH_TAG: V_9_9_P2
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Clone dropbear sources
+        run: |
+          git clone --depth 1 --branch "${{ env.DROPBEAR_TAG }}" https://github.com/mkj/dropbear.git external/dropbear
+
+      - name: Build dropbear
+        uses: kohlerdominik/docker-run-action@v2
+        with:
+          image: ${{ env.TOOLCHAIN_IMAGE }}
+          volumes: |
+            ${{ github.workspace }}:/workspace
+          workdir: /workspace
+          run: |
+            export PATH="/root/x-tools/arm-kobo-linux-gnueabihf/bin:$PATH"
+            autoconf
+            autoheader
+            ./configure --host=arm-kobo-linux-gnueabihf --disable-zlib --disable-zlib CC="arm-kobo-linux-gnueabihf"-gcc LD="arm-kobo-linux-gnueabihf"-ld --disable-wtmp --disable-lastlog --disable-syslog --disable-utmpx --disable-utmp --disable-wtmpx --disable-loginfunc --disable-pututxline --disable-pututline --enable-bundled-libtom --disable-pam
+            make clean
+            make PROGRAMS="dropbear dropbearkey" MULTI=1

.gitignore

@@ -0,0 +1,8 @@
+# Compiled binaries
+KoboRoot/usr/bin/dropbearmulti
+KoboRoot/usr/libexec/sftp-server
+
+# Remote sources
+external/
+# Generated files
+dist/

KoboRoot/etc/udev/rules.d/96-dropbear.rules

@@ -0,0 +1 @@
+KERNEL=="loop0", RUN+="/bin/sh -c '/usr/local/dropbear/launcher.sh'"

KoboRoot/usr/local/dropbear/launcher.sh

@@ -0,0 +1,10 @@
+#!/bin/sh
+
+# Start by renicing ourselves to a neutral value, to avoid any mishap...
+renice 0 -p $$
+
+# Launch in the background, with a clean env, after a setsid call to make very very sure udev won't kill us ;).
+env -i -- setsid /usr/local/dropbear/on-boot.sh &
+
+# Done :)
+exit 0

KoboRoot/usr/local/dropbear/on-boot.sh

@@ -0,0 +1,10 @@
+#!/bin/sh
+
+case "$(pidof dropbear | wc -w)" in
+# Add the desired dropbear options here
+0) dropbearmulti dropbear -R -F -K 15 -s &
+   ;;
+*) ;;
+esac
+
+exit 0