Bug#504290: [PATCH] Re: #504290: openssh-server: The sftp-server binary should have its own package

To: 504290@bugs.debian.org
Cc: Stefan Monnier <monnier@iro.umontreal.ca>
Subject: Bug#504290: [PATCH] Re: #504290: openssh-server: The sftp-server binary should have its own package
From: Axel Beckert <abe@debian.org>
Date: Thu, 29 Apr 2010 14:08:24 +0200
Message-id: <[🔎] 20100429120824.GQ3641@sym.noone.org>
Reply-to: Axel Beckert <abe@debian.org>, 504290@bugs.debian.org

tag 504290 + patch
retitle 504290 openssh-server: The sftp-server binary should have its own package
kthxbye

Hi,

First a note about the retitling: I retitled the bug, because the
previous title was ambiguous and the text of the bug report clearly
talks about the SFTP server side and not client side:

Stefan Monnier <monnier@iro.umontreal.ca> wrote:
> the /usr/lib/sftp-server binary should be moved to a separate
> package. The reason for it is that it is very useful in conjunction
> with other ssh servers such as dropbear.

I'd be happy if that would happen, too, because dropbear doesn't
contain an sftp-server binary and therefore all the sftp based tools
like sshfs don't work with dropbear on the server-side unless you
install (but disable) the whole openssh-server package with all its
dependencies, too.

OpenWRT for example does have a separate sftp-server package and
therefore dropbear can be easily expanded to offer sftp support.

Following a patch against openssh 1:5.5p1-3 which splits off the
sftp-server binary into its own package. Tested with openssh-server
and dropbear on the server side and OpenSSH's sftp on the client side.

diff -ruN openssh-5.5p1.orig/debian/changelog openssh-5.5p1/debian/changelog
--- openssh-5.5p1.orig/debian/changelog 2010-04-28 23:12:49.000000000 +0200
+++ openssh-5.5p1/debian/changelog      2010-04-29 12:00:09.000000000 +0200
@@ -1,3 +1,11 @@
+openssh (1:5.5p1-4) unstable; urgency=low
+
+  [ Axel Beckert ]
+  * Split sftp-server into its own package to allow it being used also by
+    other SSH server implementations like dropbear. (Closes: #504290)
+
+ -- Axel Beckert <abe@debian.org>  Thu, 29 Apr 2010 10:51:04 +0200
+
 openssh (1:5.5p1-3) unstable; urgency=low
 
   * Discard error messages while checking whether rsh, rlogin, and rcp
diff -ruN openssh-5.5p1.orig/debian/control openssh-5.5p1/debian/control
--- openssh-5.5p1.orig/debian/control   2010-04-08 10:33:14.000000000 +0200
+++ openssh-5.5p1/debian/control        2010-04-29 12:03:17.000000000 +0200
@@ -44,7 +44,7 @@
 Priority: optional
 Architecture: any
 Depends: ${shlibs:Depends}, ${misc:Depends}, debconf (>= 1.2.0) | debconf-2.0, libpam-runtime (>= 0.76-14), libpam-modules (>= 0.72-9), adduser (>= 3.9), dpkg (>= 1.9.0), openssh-client (= ${binary:Version}), lsb-base (>= 3.2-13), libssl0.9.8 (>= 0.9.8g-9), openssh-blacklist, procps
-Recommends: xauth, openssh-blacklist-extra
+Recommends: xauth, openssh-blacklist-extra, openssh-sftp-server
 Conflicts: ssh (<< 1:3.8.1p1-9), ssh-nonfree (<<2), ssh-socks, ssh2, sftp, rsh-client (<<0.16.1-1), ssh-krb5 (<< 1:4.3p2-7)
 Replaces: ssh, openssh-client (<< 1:3.8.1p1-11), ssh-krb5
 Suggests: ssh-askpass, rssh, molly-guard, ufw
@@ -70,6 +70,31 @@
  sshd replaces the insecure rshd program, which is obsolete for most
  purposes.
 
+Package: openssh-sftp-server
+Priority: optional
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}
+Recommends: openssh-server | ssh-server
+Conflicts: openssh-server (<= 1:5.5p1-3)
+Replaces: openssh-server (<= 1:5.5p1-3)
+Enhances: openssh-server, ssh-server
+Description: secure shell (SSH) sftp server module, for SFTP access from remote machines
+ This is the portable version of OpenSSH, a free implementation of
+ the Secure Shell protocol as specified by the IETF secsh working
+ group.
+ .
+ Ssh (Secure Shell) is a program for logging into a remote machine
+ and for executing commands on a remote machine.
+ It provides secure encrypted communications between two untrusted
+ hosts over an insecure network. X11 connections and arbitrary TCP/IP
+ ports can also be forwarded over the secure channel.
+ It can be used to provide applications with a secure communication
+ channel.
+ .
+ This package provides the SFTP server module for the SSH server. It
+ is needed if you want to access your SSH server with SFTP. The SFTP
+ server module also with other SSH daemons like dropbear.
+
 Package: ssh
 Priority: extra
 Architecture: all
diff -ruN openssh-5.5p1.orig/debian/NEWS openssh-5.5p1/debian/NEWS
--- openssh-5.5p1.orig/debian/NEWS      2010-04-10 02:09:11.000000000 +0200
+++ openssh-5.5p1/debian/NEWS   2010-04-29 11:52:53.000000000 +0200
@@ -1,3 +1,12 @@
+openssh (1:5.5p1-4) unstable; urgency=low
+
+  The sftp-server binary has been split out into its own package which is
+  only recommended by openssh-server. If you don't install recommended
+  packages by default, but need SFTP functionality on your SSH server,
+  please install also the new openssh-sftp-server package.
+
+ -- Axel Beckert <abe@debian.org>  Thu, 29 Apr 2010 10:55:40 +0200
+
 openssh (1:5.4p1-2) unstable; urgency=low
 
   Smartcard support is now available using PKCS#11 tokens.  If you were
diff -ruN openssh-5.5p1.orig/debian/openssh-server.install openssh-5.5p1/debian/openssh-server.install
--- openssh-5.5p1.orig/debian/openssh-server.install    2010-04-08 10:19:25.000000000 +0200
+++ openssh-5.5p1/debian/openssh-server.install 2010-04-29 10:45:50.000000000 +0200
@@ -1,6 +1,4 @@
-usr/lib/openssh/sftp-server
 usr/sbin/sshd
 usr/share/man/man5/authorized_keys.5
 usr/share/man/man5/sshd_config.5
-usr/share/man/man8/sftp-server.8
 usr/share/man/man8/sshd.8
diff -ruN openssh-5.5p1.orig/debian/openssh-server.links openssh-5.5p1/debian/openssh-server.links
--- openssh-5.5p1.orig/debian/openssh-server.links      2010-04-07 13:37:59.000000000 +0200
+++ openssh-5.5p1/debian/openssh-server.links   1970-01-01 01:00:00.000000000 +0100
@@ -1 +0,0 @@
-usr/lib/openssh/sftp-server usr/lib/sftp-server
diff -ruN openssh-5.5p1.orig/debian/openssh-sftp-server.install openssh-5.5p1/debian/openssh-sftp-server.install
--- openssh-5.5p1.orig/debian/openssh-sftp-server.install       1970-01-01 01:00:00.000000000 +0100
+++ openssh-5.5p1/debian/openssh-sftp-server.install    2010-04-29 10:47:44.000000000 +0200
@@ -0,0 +1,2 @@
+usr/lib/openssh/sftp-server
+usr/share/man/man8/sftp-server.8
diff -ruN openssh-5.5p1.orig/debian/openssh-sftp-server.links openssh-5.5p1/debian/openssh-sftp-server.links
--- openssh-5.5p1.orig/debian/openssh-sftp-server.links 1970-01-01 01:00:00.000000000 +0100
+++ openssh-5.5p1/debian/openssh-sftp-server.links      2010-04-07 13:37:59.000000000 +0200
@@ -0,0 +1 @@
+usr/lib/openssh/sftp-server usr/lib/sftp-server

		Regards, Axel
-- 
 ,''`.  |  Axel Beckert <abe@debian.org>, http://people.debian.org/~abe/
: :' :  |  Debian Developer, ftp.ch.debian.org Admin
`. `'   |  1024D: F067 EA27 26B9 C3FC 1486  202E C09E 1D89 9593 0EDE
  `-    |  4096R: 2517 B724 C5F6 CA99 5329  6E61 2FF9 CD59 6126 16B5

Reply to:

Follow-Ups:
- Processed: [PATCH] Re: #504290: openssh-server: The sftp-server binary should have its own package
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#579570: marked as done (openssh-server: asks for (empty) "old passphrase" on upgrade)
Next by Date: Processed: [PATCH] Re: #504290: openssh-server: The sftp-server binary should have its own package
Previous by thread: Accepted openssh 1:5.5p1-3 (source i386 all)
Next by thread: Processed: [PATCH] Re: #504290: openssh-server: The sftp-server binary should have its own package
Index(es):
- Date
- Thread