On Tue, 11 Jul 2017 at 23:11:35 +0100, Colin Watson wrote: > On Tue, Jul 11, 2017 at 11:14:34PM +0800, Matt Johnston wrote: >> On Tue 11/7/2017, at 10:00 pm, Colin Watson <cjwatson@debian.org> wrote: >>> But I think dropbear-bin can only reasonably provide the ssh-client >>> virtual package if it ships /usr/bin/ssh, and that would also be needed >>> in order to avoid having to say "scp -S dbclient". What do you want to >>> do about this? I'm not sure how disruptive it would be to make >>> dropbear-bin non-coinstallable with openssh-client; quite possibly very >>> disruptive. >> >> Can an alternative symlink provide /usr/bin/ssh -> dbclient if >> openssh-client isn't installed, but openssh-client as a higher >> priority? I'm pretty sure there are people using Dropbear for >> initramfs but OpenSSH for the main system, so making them conflict >> would be a problem there. > > It's of course not impossible, but I'm quite reluctant to add > alternatives into the mix, because my experience suggests that I > basically always regret doing that if I don't have to - they make things > generally more brittle. Makes sense. Moreover OpenSSH's and dropbear's clients have a different set of options, and even the destination format is different for multi-hops. > It sounded from the earlier discussion as though the main requirement > was to have scp alongside a Dropbear server in order to serve as the > endpoint for the scp protocol (such as it is). Is there actually much > need for it on the client side? Like you I suspect the main requirement is the former; I asked for clarification 2 years ago in #495795's Message #25 [0] but unfortunately never got a clear answer. > Maybe such need as there is could be addressed more easily with a > script called something like "dbscp" that's basically just: > > #! /bin/sh > exec scp -S dbclient "$@" > > After all, being /usr/bin/scp matters on the server side, but isn't > vital on the client side, and presumably people already cope with the > main client program being called "dbclient". IMHO that would be a totally acceptable way of closing that bug. (After all nobody objected when I suggested to ship dropbear scp binary as /usr/bin/dbscp in Message #25 to provide client-side scp.) “That” meaning 1/ not making dropbear-bin provide ssh-client but adding openssh-scp to its list of Recommends, 2/ fixing the warnings currently shown when calling `scp -S dbclient` with OpenSSH's scp(1), and 3/ shipping the above wrapper. Cheers, -- Guilhem. [0] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495795#25
Attachment:
signature.asc
Description: PGP signature