Hello Vagrant, CC'ing the upstream maintainers, in case I speak nonsense here.
Vagrant Cascadian [2022-12-04 16:45 -0800]: > In libssh 0.10.x versions, DSA support is deprecated and disabled by > default. This was indeed intended [1]. > This causes test suite failures when building guile-ssh which > tests support for DSA keys. > > The attached patch enables DSA support, as was supported in previous > versions. > -DEB_CMAKE_EXTRA_FLAGS := -DBUILD_STATIC_LIB=ON > -DLIB_INSTALL_DIR=/usr/lib/$(DEB_HOST_MULTIARCH) -DUNIT_TESTING=$(if $(filter > nocheck,$(DEB_BUILD_OPTIONS)),OFF,ON) -DWITH_GSSAPI=ON > +DEB_CMAKE_EXTRA_FLAGS := -DBUILD_STATIC_LIB=ON > -DLIB_INSTALL_DIR=/usr/lib/$(DEB_HOST_MULTIARCH) -DUNIT_TESTING=$(if $(filter > nocheck,$(DEB_BUILD_OPTIONS)),OFF,ON) -DWITH_GSSAPI=ON -DWITH_DSA=ON > If that is not an option in time for bookworm freeze, please let me know > ASAP so I can patch guile-ssh instead. If at all possible, I'd rather not enable it in the Debian package. DSA isn't an acceptable crypt algorithm any more, and I'd rather not support it for another Debian release. OpenSSH deprecated it two years ago [2], the Fedora package does not enable it either [3], and libssh upstream will remove it in the next major version. Can guile-ssh be built easily without DSA support? If so, that'd be great (and then let's reassign or just close this bug). Otherwise I can have a look and help you with disabling the DSA feature in guile. Thanks, Martin [1] https://www.libssh.org/2022/08/26/libssh-0-10-0/ [2] http://www.openssh.com/legacy.html [3] https://src.fedoraproject.org/rpms/libssh/blob/rawhide/f/libssh.spec#_74
signature.asc
Description: PGP signature