Bug#504290: [PATCH] Re: #504290: openssh-server: The sftp-server binary should have its own package

2014-02-21 Thread Colin Watson 
Control: tag -1 pending

On Thu, Feb 13, 2014 at 01:36:59PM +, Colin Watson wrote:
 With these modifications, I've committed this to a local git branch,
 which I'll merge after I get 6.5p1 into testing.  Feel free to poke me
 on IRC or whatever if I seem to have forgotten again.

testing now has 1:6.5p1-4, so I've merged this into master for my next
upload.

-- 
Colin Watson   [cjwat...@debian.org]


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#504290: [PATCH] Re: #504290: openssh-server: The sftp-server binary should have its own package

2014-02-13 Thread Colin Watson 
On Thu, Apr 29, 2010 at 02:08:24PM +0200, Axel Beckert wrote:
 Stefan Monnier monn...@iro.umontreal.ca wrote:
  the /usr/lib/sftp-server binary should be moved to a separate
  package. The reason for it is that it is very useful in conjunction
  with other ssh servers such as dropbear.
 
 I'd be happy if that would happen, too, because dropbear doesn't
 contain an sftp-server binary and therefore all the sftp based tools
 like sshfs don't work with dropbear on the server-side unless you
 install (but disable) the whole openssh-server package with all its
 dependencies, too.
 
 OpenWRT for example does have a separate sftp-server package and
 therefore dropbear can be easily expanded to offer sftp support.
 
 Following a patch against openssh 1:5.5p1-3 which splits off the
 sftp-server binary into its own package. Tested with openssh-server
 and dropbear on the server side and OpenSSH's sftp on the client side.

Thanks.  Sorry I've left this for so long, mostly because I never wanted
to end up waiting in NEW.  Just a few notes about things I would prefer
to be done differently (though no need to send a new patch):

 diff -ruN openssh-5.5p1.orig/debian/control openssh-5.5p1/debian/control
 --- openssh-5.5p1.orig/debian/control   2010-04-08 10:33:14.0 +0200
 +++ openssh-5.5p1/debian/control2010-04-29 12:03:17.0 +0200
 @@ -44,7 +44,7 @@
  Priority: optional
  Architecture: any
  Depends: ${shlibs:Depends}, ${misc:Depends}, debconf (= 1.2.0) | 
 debconf-2.0, libpam-runtime (= 0.76-14), libpam-modules (= 0.72-9), adduser 
 (= 3.9), dpkg (= 1.9.0), openssh-client (= ${binary:Version}), lsb-base (= 
 3.2-13), libssl0.9.8 (= 0.9.8g-9), openssh-blacklist, procps
 -Recommends: xauth, openssh-blacklist-extra
 +Recommends: xauth, openssh-blacklist-extra, openssh-sftp-server
  Conflicts: ssh ( 1:3.8.1p1-9), ssh-nonfree (2), ssh-socks, ssh2, sftp, 
 rsh-client (0.16.1-1), ssh-krb5 ( 1:4.3p2-7)
  Replaces: ssh, openssh-client ( 1:3.8.1p1-11), ssh-krb5
  Suggests: ssh-askpass, rssh, molly-guard, ufw
 diff -ruN openssh-5.5p1.orig/debian/NEWS openssh-5.5p1/debian/NEWS
 --- openssh-5.5p1.orig/debian/NEWS  2010-04-10 02:09:11.0 +0200
 +++ openssh-5.5p1/debian/NEWS   2010-04-29 11:52:53.0 +0200
 @@ -1,3 +1,12 @@
 +openssh (1:5.5p1-4) unstable; urgency=low
 +
 +  The sftp-server binary has been split out into its own package which is
 +  only recommended by openssh-server. If you don't install recommended
 +  packages by default, but need SFTP functionality on your SSH server,
 +  please install also the new openssh-sftp-server package.
 +
 + -- Axel Beckert a...@debian.org  Thu, 29 Apr 2010 10:55:40 +0200
 +
  openssh (1:5.4p1-2) unstable; urgency=low
  
Smartcard support is now available using PKCS#11 tokens.  If you were

I can see the rationale for openssh-sftp-server only recommending an SSH
server.  But I see no sense in openssh-server only recommending
openssh-sftp-server; this bug doesn't ask for anything that would
require that, and it just brings us transitional pain.  openssh-server
should simply depend on openssh-sftp-server.

 +Conflicts: openssh-server (= 1:5.5p1-3)
 +Replaces: openssh-server (= 1:5.5p1-3)

This should be Breaks/Replaces nowadays (I don't remember whether that
was standard practice at the time you sent your patch).

 + This package provides the SFTP server module for the SSH server. It
 + is needed if you want to access your SSH server with SFTP. The SFTP
 + server module also with other SSH daemons like dropbear.

... also works with 

With these modifications, I've committed this to a local git branch,
which I'll merge after I get 6.5p1 into testing.  Feel free to poke me
on IRC or whatever if I seem to have forgotten again.

Thanks,

-- 
Colin Watson   [cjwat...@debian.org]


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#504290: [PATCH] Re: #504290: openssh-server: The sftp-server binary should have its own package

2010-04-29 Thread Axel Beckert 
tag 504290 + patch
retitle 504290 openssh-server: The sftp-server binary should have its own 
package
kthxbye

Hi,

First a note about the retitling: I retitled the bug, because the
previous title was ambiguous and the text of the bug report clearly
talks about the SFTP server side and not client side:

Stefan Monnier monn...@iro.umontreal.ca wrote:
 the /usr/lib/sftp-server binary should be moved to a separate
 package. The reason for it is that it is very useful in conjunction
 with other ssh servers such as dropbear.

I'd be happy if that would happen, too, because dropbear doesn't
contain an sftp-server binary and therefore all the sftp based tools
like sshfs don't work with dropbear on the server-side unless you
install (but disable) the whole openssh-server package with all its
dependencies, too.

OpenWRT for example does have a separate sftp-server package and
therefore dropbear can be easily expanded to offer sftp support.

Following a patch against openssh 1:5.5p1-3 which splits off the
sftp-server binary into its own package. Tested with openssh-server
and dropbear on the server side and OpenSSH's sftp on the client side.

diff -ruN openssh-5.5p1.orig/debian/changelog openssh-5.5p1/debian/changelog
--- openssh-5.5p1.orig/debian/changelog 2010-04-28 23:12:49.0 +0200
+++ openssh-5.5p1/debian/changelog  2010-04-29 12:00:09.0 +0200
@@ -1,3 +1,11 @@
+openssh (1:5.5p1-4) unstable; urgency=low
+
+  [ Axel Beckert ]
+  * Split sftp-server into its own package to allow it being used also by
+other SSH server implementations like dropbear. (Closes: #504290)
+
+ -- Axel Beckert a...@debian.org  Thu, 29 Apr 2010 10:51:04 +0200
+
 openssh (1:5.5p1-3) unstable; urgency=low
 
   * Discard error messages while checking whether rsh, rlogin, and rcp
diff -ruN openssh-5.5p1.orig/debian/control openssh-5.5p1/debian/control
--- openssh-5.5p1.orig/debian/control   2010-04-08 10:33:14.0 +0200
+++ openssh-5.5p1/debian/control2010-04-29 12:03:17.0 +0200
@@ -44,7 +44,7 @@
 Priority: optional
 Architecture: any
 Depends: ${shlibs:Depends}, ${misc:Depends}, debconf (= 1.2.0) | debconf-2.0, 
libpam-runtime (= 0.76-14), libpam-modules (= 0.72-9), adduser (= 3.9), dpkg 
(= 1.9.0), openssh-client (= ${binary:Version}), lsb-base (= 3.2-13), 
libssl0.9.8 (= 0.9.8g-9), openssh-blacklist, procps
-Recommends: xauth, openssh-blacklist-extra
+Recommends: xauth, openssh-blacklist-extra, openssh-sftp-server
 Conflicts: ssh ( 1:3.8.1p1-9), ssh-nonfree (2), ssh-socks, ssh2, sftp, 
rsh-client (0.16.1-1), ssh-krb5 ( 1:4.3p2-7)
 Replaces: ssh, openssh-client ( 1:3.8.1p1-11), ssh-krb5
 Suggests: ssh-askpass, rssh, molly-guard, ufw
@@ -70,6 +70,31 @@
  sshd replaces the insecure rshd program, which is obsolete for most
  purposes.
 
+Package: openssh-sftp-server
+Priority: optional
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}
+Recommends: openssh-server | ssh-server
+Conflicts: openssh-server (= 1:5.5p1-3)
+Replaces: openssh-server (= 1:5.5p1-3)
+Enhances: openssh-server, ssh-server
+Description: secure shell (SSH) sftp server module, for SFTP access from 
remote machines
+ This is the portable version of OpenSSH, a free implementation of
+ the Secure Shell protocol as specified by the IETF secsh working
+ group.
+ .
+ Ssh (Secure Shell) is a program for logging into a remote machine
+ and for executing commands on a remote machine.
+ It provides secure encrypted communications between two untrusted
+ hosts over an insecure network. X11 connections and arbitrary TCP/IP
+ ports can also be forwarded over the secure channel.
+ It can be used to provide applications with a secure communication
+ channel.
+ .
+ This package provides the SFTP server module for the SSH server. It
+ is needed if you want to access your SSH server with SFTP. The SFTP
+ server module also with other SSH daemons like dropbear.
+
 Package: ssh
 Priority: extra
 Architecture: all
diff -ruN openssh-5.5p1.orig/debian/NEWS openssh-5.5p1/debian/NEWS
--- openssh-5.5p1.orig/debian/NEWS  2010-04-10 02:09:11.0 +0200
+++ openssh-5.5p1/debian/NEWS   2010-04-29 11:52:53.0 +0200
@@ -1,3 +1,12 @@
+openssh (1:5.5p1-4) unstable; urgency=low
+
+  The sftp-server binary has been split out into its own package which is
+  only recommended by openssh-server. If you don't install recommended
+  packages by default, but need SFTP functionality on your SSH server,
+  please install also the new openssh-sftp-server package.
+
+ -- Axel Beckert a...@debian.org  Thu, 29 Apr 2010 10:55:40 +0200
+
 openssh (1:5.4p1-2) unstable; urgency=low
 
   Smartcard support is now available using PKCS#11 tokens.  If you were
diff -ruN openssh-5.5p1.orig/debian/openssh-server.install 
openssh-5.5p1/debian/openssh-server.install
--- openssh-5.5p1.orig/debian/openssh-server.install2010-04-08 
10:19:25.0 +0200
+++ openssh-5.5p1/debian/openssh-server.install 2010-04-29 10:45:50.0 
+0200
@@ -1,6 +1,4 @@