Bug#504290: [PATCH] Re: #504290: openssh-server: The sftp-server binary should have its own package
On Thu, Apr 29, 2010 at 02:08:24PM +0200, Axel Beckert wrote:
> Stefan Monnier <monnier@iro.umontreal.ca> wrote:
> > the /usr/lib/sftp-server binary should be moved to a separate
> > package. The reason for it is that it is very useful in conjunction
> > with other ssh servers such as dropbear.
>
> I'd be happy if that would happen, too, because dropbear doesn't
> contain an sftp-server binary and therefore all the sftp based tools
> like sshfs don't work with dropbear on the server-side unless you
> install (but disable) the whole openssh-server package with all its
> dependencies, too.
>
> OpenWRT for example does have a separate sftp-server package and
> therefore dropbear can be easily expanded to offer sftp support.
>
> Following a patch against openssh 1:5.5p1-3 which splits off the
> sftp-server binary into its own package. Tested with openssh-server
> and dropbear on the server side and OpenSSH's sftp on the client side.
Thanks. Sorry I've left this for so long, mostly because I never wanted
to end up waiting in NEW. Just a few notes about things I would prefer
to be done differently (though no need to send a new patch):
> diff -ruN openssh-5.5p1.orig/debian/control openssh-5.5p1/debian/control
> --- openssh-5.5p1.orig/debian/control 2010-04-08 10:33:14.000000000 +0200
> +++ openssh-5.5p1/debian/control 2010-04-29 12:03:17.000000000 +0200
> @@ -44,7 +44,7 @@
> Priority: optional
> Architecture: any
> Depends: ${shlibs:Depends}, ${misc:Depends}, debconf (>= 1.2.0) | debconf-2.0, libpam-runtime (>= 0.76-14), libpam-modules (>= 0.72-9), adduser (>= 3.9), dpkg (>= 1.9.0), openssh-client (= ${binary:Version}), lsb-base (>= 3.2-13), libssl0.9.8 (>= 0.9.8g-9), openssh-blacklist, procps
> -Recommends: xauth, openssh-blacklist-extra
> +Recommends: xauth, openssh-blacklist-extra, openssh-sftp-server
> Conflicts: ssh (<< 1:3.8.1p1-9), ssh-nonfree (<<2), ssh-socks, ssh2, sftp, rsh-client (<<0.16.1-1), ssh-krb5 (<< 1:4.3p2-7)
> Replaces: ssh, openssh-client (<< 1:3.8.1p1-11), ssh-krb5
> Suggests: ssh-askpass, rssh, molly-guard, ufw
> diff -ruN openssh-5.5p1.orig/debian/NEWS openssh-5.5p1/debian/NEWS
> --- openssh-5.5p1.orig/debian/NEWS 2010-04-10 02:09:11.000000000 +0200
> +++ openssh-5.5p1/debian/NEWS 2010-04-29 11:52:53.000000000 +0200
> @@ -1,3 +1,12 @@
> +openssh (1:5.5p1-4) unstable; urgency=low
> +
> + The sftp-server binary has been split out into its own package which is
> + only recommended by openssh-server. If you don't install recommended
> + packages by default, but need SFTP functionality on your SSH server,
> + please install also the new openssh-sftp-server package.
> +
> + -- Axel Beckert <abe@debian.org> Thu, 29 Apr 2010 10:55:40 +0200
> +
> openssh (1:5.4p1-2) unstable; urgency=low
>
> Smartcard support is now available using PKCS#11 tokens. If you were
I can see the rationale for openssh-sftp-server only recommending an SSH
server. But I see no sense in openssh-server only recommending
openssh-sftp-server; this bug doesn't ask for anything that would
require that, and it just brings us transitional pain. openssh-server
should simply depend on openssh-sftp-server.
> +Conflicts: openssh-server (<= 1:5.5p1-3)
> +Replaces: openssh-server (<= 1:5.5p1-3)
This should be Breaks/Replaces nowadays (I don't remember whether that
was standard practice at the time you sent your patch).
> + This package provides the SFTP server module for the SSH server. It
> + is needed if you want to access your SSH server with SFTP. The SFTP
> + server module also with other SSH daemons like dropbear.
"... also works with ...".
With these modifications, I've committed this to a local git branch,
which I'll merge after I get 6.5p1 into testing. Feel free to poke me
on IRC or whatever if I seem to have forgotten again.
Thanks,
--
Colin Watson [cjwatson@debian.org]
Reply to: