[Buildroot] [PATCH] added package sftpserver

[Buildroot] [PATCH] added package sftpserver

[Kiril Maler]

> Date: Fri, 1 Jun 2012 16:57:41 +0200
> From: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
> To: buildroot at busybox.net
> Subject: Re: [Buildroot] [PATCH] added package sftpserver
> Message-ID: <20120601165741.04be3924@skate>
> Content-Type: text/plain; charset=UTF-8
>
> Hello,
>
> Le Fri, 1 Jun 2012 16:35:31 +0200,
> Kiril Maler <kiril.maler@gmail.com> a ?crit :
>
>> +++ b/package/sftpserver/Config.in
>> @@ -0,0 +1,14 @@
>> +config BR2_PACKAGE_SFTPSERVER
>> + ? ? bool "sftpserver"
>> + ? ? depends on BR2_PACKAGE_DROPBEAR
>> + ? ? select BR2_PACKAGE_ZLIB
>> + ? ? help
>> + ? ? ? sftp-server only from openssh suite. It allows mounting
>> + ? ? ? the rootfs of embedded board through sshfs, for example
>> + ? ? ? sshfs root at 192.168.2.1:/ /mnt/board-rootfs
>> +
>> + ? ? ? Unmount with 'fusermount -u -z /mnt/board-rootfs'
>
>> +OPENSSH_VERSION = 5.9p1
>> +SFTPSERVER_SITE = http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable
>> +SFTPSERVER_SOURCE=openssh-$(OPENSSH_VERSION).tar.gz
>> +SFTPSERVER_VERSION=openssh-$(OPENSSH_VERSION)
>
> We already have a package for openssh. Since this is also using the
> same source tarball, I think it should rather be integrated as options
> to the openssh package.
>
> Regards,
>
> Thomas
> --


Hello,

I see three main reasons for not adding sftpserver as option in openssh package:

1. It is more intuitive for a developer configuring a small embedded
system to see
the sftp-server under dropbear ssh suite:
 ...
 [ ] dnsmasq
 [*] dropbear
 [*]   disable reverse DNS lookups
 [*]   optimize for size
 [ ]   log dropbear access to wtmp
 [ ]   log dropbear access to lastlog
 [*]   sftpserver               <--------------- ~50k single binary,
no libs/dependencies
 [ ] ebtables
 [ ] ethtool
 ...

2. My patch changes the openssh source code in such a way, that it
becomes completely incompatible
with openssh  - openssl+libcrypt are not compiled/required, a openssl
.h file is faked with symbol link,
the only TARGET left in Makefille.in is sftp-server, etc subtle fixes.
Extracting a binary from openssh without pulling 10's  of *.h files
and openssl+libcrypt+cyphers is like pulling a tooth ...
That is why the package is compiled in own directory
.../output/sftpserver-openssh-5.9p1/

3. I do not see an easy way to apply one patch, but ignore another in buildroot.
If I add my patch in packages/openssh, then a person compiling openssh
will get only sftp-server,
because of changed Configure.ac/Makefile.in rules.


Thomas, probably it is possible to build only sftp-server from openssh
by doing deep changes
in Confgiure.ac, and adding a flag --sftp-server-only   or something
similar, but I am not so familiar
with 'autotools' to do this, and I do not see any added value from
such an exercise.

I see one (possible) reason to add sftp-server as part of openssh
configuration and directory -
if in the future there is any security patch, concerning also
sftp-server source code file,
then the security fix patch must be added in .../packages/openssh
only. Most probably this will be fixed by
moving to next openssh version.

Best regards,
Kiril

[Buildroot] [PATCH] added package sftpserver

[Thomas Petazzoni]

Le Mon, 4 Jun 2012 09:26:39 +0200,
Kiril Maler <kiril.maler@gmail.com> a ?crit :

> I see one (possible) reason to add sftp-server as part of openssh
> configuration and directory -
> if in the future there is any security patch, concerning also
> sftp-server source code file,
> then the security fix patch must be added in .../packages/openssh
> only. Most probably this will be fixed by
> moving to next openssh version.

That's the problem I have with your approach: when we want to upgrade
openssh, we will have to upgrade in two different places.

I would very much prefer to see a contribution made to openssh to get
the capability of building / installing only sftp-server, but I'm not
the Buildroot maintainer, so my opinion is just one amongst many
others :)

Thomas
-- 
Thomas Petazzoni, Free Electrons
Kernel, drivers, real-time and embedded Linux
development, consulting, training and support.
http://free-electrons.com

[Buildroot] [PATCH] added package sftpserver

[Peter Korsgaard]

>>>>> "Thomas" == Thomas Petazzoni <thomas.petazzoni@free-electrons.com> writes:

Hi,

 Thomas> That's the problem I have with your approach: when we want to upgrade
 Thomas> openssh, we will have to upgrade in two different places.

 Thomas> I would very much prefer to see a contribution made to openssh to get
 Thomas> the capability of building / installing only sftp-server, but I'm not
 Thomas> the Buildroot maintainer, so my opinion is just one amongst many
 Thomas> others :)

I agree that would be a much nicer long term solution, yes. I haven't
looked at the patch yet to see how easy that is to do though.

-- 
Bye, Peter Korsgaard

[Buildroot] [PATCH] added package sftpserver

[Arnout Vandecappelle]

On 06/04/12 09:26, Kiril Maler wrote:
> 1. It is more intuitive for a developer configuring a small embedded
> system to see
> the sftp-server under dropbear ssh suite:

  Wouldn't it be even better to add the sftpserver feature to buildroot, reusing the
openssh implementation?  Or would there be a license issue?

  Regards,
  Arnout

-- 
Arnout Vandecappelle                               arnout at mind be
Senior Embedded Software Architect                 +32-16-286540
Essensium/Mind                                     http://www.mind.be
G.Geenslaan 9, 3001 Leuven, Belgium                BE 872 984 063 RPR Leuven
LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
GPG fingerprint:  7CB5 E4CC 6C2E EFD4 6E3D A754 F963 ECAB 2450 2F1F

[Buildroot] [PATCH] added package sftpserver

[Thomas Petazzoni]

Hello,

Le Mon, 11 Jun 2012 23:22:58 +0200,
Arnout Vandecappelle <arnout@mind.be> a ?crit :

> On 06/04/12 09:26, Kiril Maler wrote:
> > 1. It is more intuitive for a developer configuring a small embedded
> > system to see
> > the sftp-server under dropbear ssh suite:
> 
>   Wouldn't it be even better to add the sftpserver feature to buildroot, reusing the
> openssh implementation?  Or would there be a license issue?

What do you mean exactly? Adding sftpserver as a suboption of openssh?
Something else?

Thomas
-- 
Thomas Petazzoni, Free Electrons
Kernel, drivers, real-time and embedded Linux
development, consulting, training and support.
http://free-electrons.com

[Buildroot] [PATCH] added package sftpserver

[Arnout Vandecappelle]

On 06/12/12 14:12, Thomas Petazzoni wrote:
> Hello,
>
> Le Mon, 11 Jun 2012 23:22:58 +0200,
> Arnout Vandecappelle<arnout@mind.be>  a ?crit :
>
>> On 06/04/12 09:26, Kiril Maler wrote:
>>> 1. It is more intuitive for a developer configuring a small embedded
>>> system to see
>>> the sftp-server under dropbear ssh suite:
>>
>>    Wouldn't it be even better to add the sftpserver feature to buildroot, reusing the
>> openssh implementation?  Or would there be a license issue?
>
> What do you mean exactly? Adding sftpserver as a suboption of openssh?
> Something else?

  Sorry I wasn't very clear.

  If I understand correctly, the intention is to be able to use sftp with
dropbear.  Rather than hacking the compilation of openssh, it makes more
sense to extend dropbear with the sftp feature (by stealing code from
openssh).  So this isn't really a buildroot thing, but rather a dropbear
thing.  Given that dropbear already reuses some code from openssh, I don't
think it would be much of a problem for the dropbear developers.

  Regards,
  Arnout

-- 
Arnout Vandecappelle                               arnout at mind be
Senior Embedded Software Architect                 +32-16-286540
Essensium/Mind                                     http://www.mind.be
G.Geenslaan 9, 3001 Leuven, Belgium                BE 872 984 063 RPR Leuven
LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
GPG fingerprint:  7CB5 E4CC 6C2E EFD4 6E3D A754 F963 ECAB 2450 2F1F

[Buildroot] [PATCH] added package sftpserver

[Kiril Maler]

[Buildroot] [PATCH] added package sftpserver

[Thomas Petazzoni]

Hello,

Le Fri, 1 Jun 2012 16:35:31 +0200,
Kiril Maler <kiril.maler@gmail.com> a ?crit :

> +++ b/package/sftpserver/Config.in
> @@ -0,0 +1,14 @@
> +config BR2_PACKAGE_SFTPSERVER
> +	bool "sftpserver"
> +	depends on BR2_PACKAGE_DROPBEAR
> +	select BR2_PACKAGE_ZLIB
> +	help
> +	  sftp-server only from openssh suite. It allows mounting
> +	  the rootfs of embedded board through sshfs, for example
> +	  sshfs root at 192.168.2.1:/ /mnt/board-rootfs
> +
> +	  Unmount with 'fusermount -u -z /mnt/board-rootfs'

> +OPENSSH_VERSION = 5.9p1
> +SFTPSERVER_SITE = http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable
> +SFTPSERVER_SOURCE=openssh-$(OPENSSH_VERSION).tar.gz
> +SFTPSERVER_VERSION=openssh-$(OPENSSH_VERSION)

We already have a package for openssh. Since this is also using the
same source tarball, I think it should rather be integrated as options
to the openssh package.

Regards,

Thomas
-- 
Thomas Petazzoni, Free Electrons
Kernel, drivers, real-time and embedded Linux
development, consulting, training and support.
http://free-electrons.com