Re: RFS: libssh - SSH and SCP library
On Sunday 17 December 2006 10:29, Mikhail Gusarov wrote: > You ([EMAIL PROTECTED]) wrote: > >> Probably we should accurately specify suffixes of packages, > >> e.g. make them libssh-0 and libssh2-0 to avoid libssh2 package > >> which is actually libssh with soname bumped to 2. Source packages > >> libssh and libssh2 are ok. > > JGB> Do you mean libssh-SONAME and libssh2-SONAME ? > > Yes. > > JGB> If so, I agree to it. > > Ok, let's do it. I've updated my package. It now builds libssh-2, libssh-2-dev, and libssh-2-dbg. -- Jean-Philippe Garcia Ballester pgpTv0Wl6AMrj.pgp Description: PGP signature
Re: RFS: libssh - SSH and SCP library
On Sunday 17 December 2006 05:54, Mikhail Gusarov wrote: > You ([EMAIL PROTECTED]) wrote: > > JGB> Hi everybody, I'm looking for a sponsor for the libssh package : > JGB> * Package name: libssh > > I have to raise the problem that two projects 'libssh' and 'libssh2' > (http://libssh2.org/) are existing (and I will ITP libssh2 soon). > > This may easily lead to the clash of names. I'm aware of this problem, but is there any solution other than one package changing its name ? -- Jean-Philippe Garcia Ballester pgpYFoYtAVE9U.pgp Description: PGP signature
RFS: libssh - SSH and SCP library
Hi everybody, I'm looking for a sponsor for the libssh package : * Package name: libssh Version : 0.2rc Upstream Author : "Aris Adamantiadis" <[EMAIL PROTECTED]> * URL : http://www.0xbadc0de.be/libssh:libssh * License : LGPL Description : SSH and SCP library The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote programs. With its SFTP implementation, you can play with remote files easily. I already had made an RFS one year and a half ago, and was replied that it was needed to use SONAME and also that it would be much better if it use libgcrypt instead of libcrypto (from OpenSSL). I made patches for this changes, and gained write access to the repository to maintain the port to libgcrypt. I worked with Laurent Bigonville, which had also made a package for libssh, and we merged our packages in libssh main tree. The package can be downloaded at http://dgnr.free.fr/debian/unstable, or with apt-get with "deb http://dgnr.free.fr/debian/ unstable/" Regards, -- Jean-Philippe Garcia Ballester pgpLMQfTv4Vkh.pgp Description: PGP signature
Re: Lack of transparency of automatic actions
On Friday 13 October 2006 17:18, John Goerzen wrote: > Even worse, you again have to use KDE or Gnome to take advantage of > network-manager. Why are we leaving CLI users out in the cold? It is > quite possible to use mutt, ssh, and ftp on a laptop. And it's > frustrating to know that my network setup will be useless when I'm not > running in X. Ifplugd and wpa_supplicant works fine on my laptop. All actions are sh scripts, so you can configure the behavior to fit your needs. -- Jean-Philippe Garcia Ballester pgpFpc4a9DyxE.pgp Description: PGP signature
Re: libssh request, any sponsor for it
On Tuesday 20 June 2006 23:01, Luciano Bello wrote: > hi dudes! Hi, > Some packages need libssh2. The ITP I filed was against libssh[1] made by Aris Adamentiadis, not the libssh2 you mention. Maybe we should do something about the name, since it seems some people get confused. > We have a pending RFS[2]. Somebody know > what happened? For libssh by Aris, I still have packages of latest relase and up-to-date svn. If someone wish to sponsor it, I of course agree, but since there is not much activity on the project lately, I'm not sure it is such a great idea until Aris comes back on it. Regards, [1] http://0xbadc0de.be/wiki/doku.php?id=libssh:libssh -- Jean-Philippe Garcia Ballester pgpYsFr6sLzvo.pgp Description: PGP signature
Debian package and OpenSSL stuff
Hi, I heard OpenSSL's license is incompatible with GPL. Does this apply to binary package only or both binary and source package? The thing is, the library I'm packaging can use both libcrypto (from OpenSSL) and libgcrypt, using ifdef. The binary package is built with libgcrypt support only. Should I remove OpenSSL support in the source, or is it okay to leave it? Regards, -- Jean-Philippe Garcia Ballester signature.asc Description: Digital signature
Re: RFS: libssh - SSH and SCP library
Hi, > > > You will probably want to look at the following code: > > > > > > gnutls:libextra/gnutls_openssl.c > > > This code is incomplete, but does most of the things > > > > The part that misses is the part I need :( (ie PEM_read_DSAPrivateKey > > and PEM_read_RSAPrivateKey) > > Considering they should be really necessary for decent crypto; > I would dig up code from the existing ssh implementations. By using libcrypto code and websites, I managed to rewrite the code that was missing. Hope I didn't do this to ugly. I updated my packages (deb http://dgnr.free.fr/ repository/) So I ask for RFS again, if nobody complains about it. Regards, -- Jean-Philippe Garcia Ballester signature.asc Description: Digital signature
Re: RFS: libssh - SSH and SCP library
On Sun, Jul 10, 2005 at 02:04:32PM +0900, Junichi Uekawa wrote : > > > > That said, I think too we should favor libgcrypt, because it has a > > > > lighter security record. > > > > > > I mailed him about that and SONAME versionning. > > > > I got his reply. As Junichi thought, he doesn't know about SONAME > > versionning. I pointed to him chapter 6 of the libtool manual. > > He said he's only using "basic cryptographic stuff from libcrypto, > > which are less likely to have security problems." As he has been > > approved by google's "Summer of Code", the next two months' work will > > only be functionnality adds. Changing cryptographic library is not a > > priority, but at queue of the TODO. > > You could do that kind of dirty work for him; I've started doing it. It's a bit difficult since I knew nothing about cryptography, but it's nearly finished. The main problem is that upstream use libcrypto functions for reading DSA and RSA private key files that have no equivalent in libgcrypt. I've started to look libcrypto source to see how they work, but it seems complicated. Should I try to understand libcrypto code and adapt it to libssh? Regards, -- Jean-Philippe Garcia Ballester signature.asc Description: Digital signature
Re: RFS: libssh - SSH and SCP library
On Fri, Jul 08, 2005 at 02:32:27PM +0200, Jean-Philippe Garcia Ballester wrote : > On Thu, Jul 07, 2005 at 11:56:51PM +0200, Josselin Mouette wrote : > > Le vendredi 08 juillet 2005 ? 06:46 +0900, Junichi Uekawa a ?crit : > > > > > 1. It's linking with openssl, and claiming to be LGPL, which > > > > > I understand to be incompatible. > > > > > > > > It is compatible. > > > > > > Are you sure? > > > People were running around GPL is not compatible with > > > openssl license; and LGPL has a option to make the > > > code GPL. > > > > The point of the LGPL is to avoid such incompatibilities. If you can > > link it with proprietary code, you can also link it to code under the > > OpenSSL license. > > > > That said, I think too we should favor libgcrypt, because it has a > > lighter security record. > > I mailed him about that and SONAME versionning. I got his reply. As Junichi thought, he doesn't know about SONAME versionning. I pointed to him chapter 6 of the libtool manual. He said he's only using "basic cryptographic stuff from libcrypto, which are less likely to have security problems." As he has been approved by google's "Summer of Code", the next two months' work will only be functionnality adds. Changing cryptographic library is not a priority, but at queue of the TODO. Regards, -- Jean-Philippe Garcia Ballester signature.asc Description: Digital signature
Re: RFS: libssh - SSH and SCP library
On Thu, Jul 07, 2005 at 11:56:51PM +0200, Josselin Mouette wrote : > Le vendredi 08 juillet 2005 ? 06:46 +0900, Junichi Uekawa a ?crit : > > > > 1. It's linking with openssl, and claiming to be LGPL, which > > > > I understand to be incompatible. > > > > > > It is compatible. > > > > Are you sure? > > People were running around GPL is not compatible with > > openssl license; and LGPL has a option to make the > > code GPL. > > The point of the LGPL is to avoid such incompatibilities. If you can > link it with proprietary code, you can also link it to code under the > OpenSSL license. > > That said, I think too we should favor libgcrypt, because it has a > lighter security record. I mailed him about that and SONAME versionning. Regards, -- Jean-Philippe Garcia Ballester signature.asc Description: Digital signature
Re: RFS: libssh - SSH and SCP library
On Thu, Jul 07, 2005 at 08:36:39AM +0900, Junichi Uekawa wrote : > > Hi, > > > > > Should the package name contain the version number? (like the libssl > > > > packages) > > > > > > Yes, it should be called libssh-0.11-0. > > > > I'd rather call it libssh0.11 or libssh-0.11, since the -0 is the > > package version number (I took the libssl0.9.7 package as example : > > package name is libssl0.9.7, package version is 0.9.7g-1, and package > > filename is libssl0.9.7_0.9.7g-1_i386.deb). > > You are looking at the wrong part of the wrong package, > because libssl is one of the few exceptional packages which > really do have that soname, > > > $ objdump -p /usr/lib/libssl.so.0.9.7 | grep SONAME > SONAME libssl.so.0.9.7 > > > > Call your package libssh-0.11-0. This has been corrected. I assume the -0 part is the SONAME major version? Is there any other mistake? > > Quoting from the libpkg-guide (which itself is a quote from vorlon) > I pointed out to you and you probably have not read yet: > > $ objdump -p /path/to/libfoo-bar.so.1.2.3 | sed -n > -e's/^[[:space:]]*SONAME[[:space:]]*//p' | sed -e's/\([0-9]\)\.so\./\1-/; > s/\.so\.//' I read it, but my not-so-good english and my lack of sleep made me misunderstand a lot of things (in this thread and in the guide you mention). Sorry about that. I am very grateful for the help you've given and time you spend for me. Even if this package is not perfect, and if I don't find a sponsor in the end, I at least learnt a lot of things. Regards -- Jean-Philippe Garcia Ballester signature.asc Description: Digital signature
Re: RFS: libssh - SSH and SCP library
On Tue, Jul 05, 2005 at 10:24:29PM +0200, Jean-Philippe Garcia Ballester wrote : > On Tue, Jul 05, 2005 at 07:34:37PM +0200, Josselin Mouette wrote : > > Le mardi 05 juillet 2005 ? 18:27 +0200, Jean-Philippe Garcia Ballester a > > ?crit : > > > I see your point. I tried to fix that. Hope I didn't do it wrong > > > (again). If someone could check... > > > > I don't understand your modifications. There are differences in the > > Makefile.in and configure files, but no differences in the Makefile.am > > and configure.ac files. Also, I don't understand the shlibs.local file. > > > > The modifications in Makefile.in were made to change the SONAME and > filename of the library (now libssh-0.11.so.0). I also did some modifications for creating both shared and static library, and installing files correctly. > I don't remember changing anything in the configure file. The modifications in configure file were made since the upstream compiled an example binary which I think has nothing to do in the package. > There is indeed no changes in Makefile.am and configure.ac files since > they don't exist. > The shlibs.local was designed to be the shlibs file for the package, but > was useless since the shlibs file used is the one created by > dh_makeshlibs. > > > > Should the package name contain the version number? (like the libssl > > > packages) > > > > Yes, it should be called libssh-0.11-0. > > I'd rather call it libssh0.11 or libssh-0.11, since the -0 is the > package version number (I took the libssl0.9.7 package as example : > package name is libssl0.9.7, package version is 0.9.7g-1, and package > filename is libssl0.9.7_0.9.7g-1_i386.deb). Regards, -- Jean-Philippe Garcia Ballester signature.asc Description: Digital signature
Re: RFS: libssh - SSH and SCP library
On Tue, Jul 05, 2005 at 07:34:37PM +0200, Josselin Mouette wrote : > Le mardi 05 juillet 2005 ? 18:27 +0200, Jean-Philippe Garcia Ballester a > ?crit : > > I see your point. I tried to fix that. Hope I didn't do it wrong > > (again). If someone could check... > > I don't understand your modifications. There are differences in the > Makefile.in and configure files, but no differences in the Makefile.am > and configure.ac files. Also, I don't understand the shlibs.local file. > The modifications in Makefile.in were made to change the SONAME and filename of the library (now libssh-0.11.so.0). I don't remember changing anything in the configure file. There is indeed no changes in Makefile.am and configure.ac files since they don't exist. The shlibs.local was designed to be the shlibs file for the package, but was useless since the shlibs file used is the one created by dh_makeshlibs. > > Should the package name contain the version number? (like the libssl > > packages) > > Yes, it should be called libssh-0.11-0. I'd rather call it libssh0.11 or libssh-0.11, since the -0 is the package version number (I took the libssl0.9.7 package as example : package name is libssl0.9.7, package version is 0.9.7g-1, and package filename is libssl0.9.7_0.9.7g-1_i386.deb). Regards, -- Jean-Philippe Garcia Ballester signature.asc Description: Digital signature
Re: RFS: libssh - SSH and SCP library
On Tue, Jul 05, 2005 at 04:39:14PM +0200, Josselin Mouette wrote : > Le mardi 05 juillet 2005 ? 16:34 +0200, Jean-Philippe Garcia Ballester a > ?crit : > > > 1. It's linking with openssl, and claiming to be LGPL, which > > > I understand to be incompatible. > > > > I assume that linking with libcrypto.so and not libssl.so does not > > change the problem? > > I'll talk to upstream about that, and see if he could add an exception > > for linking with openssl, as said in the openssl faq. > > There is no need for an exception for LGPL software. > > > What I don't understand is that "objdump -p /usr/lib/libssh.so.0 | grep > > SONAME" returns 'libssh.so.0'. Doesn't this mean its SONAME is > > 'libssh.so.0'? If it does, where is the problem? > > I set the shared library version to 0.0.0 since it's the first debian > > package release. > > I was planning to version next release 1.0.0, since interfaces will be > > removed and since it will break backward compatibility, independantly > > of the version number upstream will give to his release. Is this wrong? > > It is wrong, because upstream can decide at some point in the future > that the ABI is stable, and then start to call it libssh.so.0 or > libssh.so.1. It is much safer to use libtool' -release flag, so that it > is called libssh-$VERSION.so.0. To achieve that, just use something like > this in Makefile.am: > > UP_VERSION=$(something that returns 0.11, the current version) > libssh_la_LDFLAGS = -release $(UP_VERSION) > I see your point. I tried to fix that. Hope I didn't do it wrong (again). If someone could check... Should the package name contain the version number? (like the libssl packages) Thanks for your help. Regards, -- Jean-Philippe Garcia Ballester signature.asc Description: Digital signature
Re: RFS: libssh - SSH and SCP library
On Tue, Jul 05, 2005 at 04:34:42PM +0200, Jean-Philippe Garcia Ballester wrote : > On Tue, Jul 05, 2005 at 08:26:25PM +0900, Junichi Uekawa wrote : > > Hi, > > > > > > > The package can be downloaded at http://dgnr.free.fr/repository, or > > > > > with apt-get with "deb http://dgnr.free.fr/ repository/" > > > > > > > > From the look of it, your packaging looks wrong. > > > > You're probably creating a package that ignores SONAME versioning. > > > > > > I'm not exactly sure to completely understand what you meant, since I'm > > > only a beginner, but I tried to correct it. Could you please check it > > > again? > > > Thanks anyway for your help > > > > > > I have two comments: > > > > 1. It's linking with openssl, and claiming to be LGPL, which > > I understand to be incompatible. > > > > I assume that linking with libcrypto.so and not libssl.so does not > change the problem? > I'll talk to upstream about that, and see if he could add an exception > for linking with openssl, as said in the openssl faq. > > > > > 2. I think the upstream either doesn't care or much understand > > shared library versioning; it's a nascent shared library which > > will undergo several revisions of ABI/API changes. > > I would consider calling its SONAME 'libssh.so.0' to be > > something prone to failure. > > What I don't understand is that "objdump -p /usr/lib/libssh.so.0 | grep > SONAME" returns 'libssh.so.0'. Doesn't this mean its SONAME is > 'libssh.so.0'? If it does, where is the problem? I misread you. Forget what I said. > I set the shared library version to 0.0.0 since it's the first debian > package release. > I was planning to version next release 1.0.0, since interfaces will be > removed and since it will break backward compatibility, independantly > of the version number upstream will give to his release. Is this wrong? > > > > > > > > > > > --- libssh-0.11.orig/debian/shlibs.local > > > > +++ libssh-0.11/debian/shlibs.local > > > > @@ -0,0 +1 @@ > > > > +liblibssh 0.11 libssh (>> 0.11-0), libssh (<< 0.11-99) > > > > A F.A.Q. I assembled for shared libraries in Debian is available here, > > it might help you as a starting point: > > http://www.netfort.gr.jp/~dancer/column/libpkg-guide/libpkg-guide.html > > This and libtool-doc package has been very useful. > I am very grateful for all your help. > -- Jean-Philippe Garcia Ballester signature.asc Description: Digital signature
Re: RFS: libssh - SSH and SCP library
On Tue, Jul 05, 2005 at 08:26:25PM +0900, Junichi Uekawa wrote : > Hi, > > > > > The package can be downloaded at http://dgnr.free.fr/repository, or > > > > with apt-get with "deb http://dgnr.free.fr/ repository/" > > > > > > From the look of it, your packaging looks wrong. > > > You're probably creating a package that ignores SONAME versioning. > > > > I'm not exactly sure to completely understand what you meant, since I'm > > only a beginner, but I tried to correct it. Could you please check it > > again? > > Thanks anyway for your help > > > I have two comments: > > 1. It's linking with openssl, and claiming to be LGPL, which > I understand to be incompatible. > I assume that linking with libcrypto.so and not libssl.so does not change the problem? I'll talk to upstream about that, and see if he could add an exception for linking with openssl, as said in the openssl faq. > > 2. I think the upstream either doesn't care or much understand > shared library versioning; it's a nascent shared library which > will undergo several revisions of ABI/API changes. > I would consider calling its SONAME 'libssh.so.0' to be > something prone to failure. What I don't understand is that "objdump -p /usr/lib/libssh.so.0 | grep SONAME" returns 'libssh.so.0'. Doesn't this mean its SONAME is 'libssh.so.0'? If it does, where is the problem? I set the shared library version to 0.0.0 since it's the first debian package release. I was planning to version next release 1.0.0, since interfaces will be removed and since it will break backward compatibility, independantly of the version number upstream will give to his release. Is this wrong? > > > > > > > --- libssh-0.11.orig/debian/shlibs.local > > > +++ libssh-0.11/debian/shlibs.local > > > @@ -0,0 +1 @@ > > > +liblibssh 0.11 libssh (>> 0.11-0), libssh (<< 0.11-99) > > A F.A.Q. I assembled for shared libraries in Debian is available here, > it might help you as a starting point: > http://www.netfort.gr.jp/~dancer/column/libpkg-guide/libpkg-guide.html This and libtool-doc package has been very useful. I am very grateful for all your help. -- Jean-Philippe Garcia Ballester signature.asc Description: Digital signature
Re: RFS: libssh - SSH and SCP library
On Tue, Jul 05, 2005 at 10:37:00AM +0900, Junichi Uekawa wrote : > > Hi, > > > The package can be downloaded at http://dgnr.free.fr/repository, or > > with apt-get with "deb http://dgnr.free.fr/ repository/" > > From the look of it, your packaging looks wrong. > You're probably creating a package that ignores SONAME versioning. I'm not exactly sure to completely understand what you meant, since I'm only a beginner, but I tried to correct it. Could you please check it again? Thanks anyway for your help > > > --- libssh-0.11.orig/debian/shlibs.local > +++ libssh-0.11/debian/shlibs.local > @@ -0,0 +1 @@ > +liblibssh 0.11 libssh (>> 0.11-0), libssh (<< 0.11-99) -- Jean-Philippe Garcia Ballester signature.asc Description: Digital signature
RFS: libssh - SSH and SCP library
Hi everybody, I'm looking for a sponsor for the libssh package : * Package name: libssh Version : 0.11 Upstream Author : "Aris Adamantiadis" <[EMAIL PROTECTED]> * URL : http://www.0xbadc0de.be/?part=libssh * License : LGPL Description : SSH and SCP library The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote programs. With its Secure FTP implementation, you can play with remote files easily, without third-party programs others than libcrypto The package can be downloaded at http://dgnr.free.fr/repository, or with apt-get with "deb http://dgnr.free.fr/ repository/" Thanks, Jean-Philippe Garcia Ballester signature.asc Description: Digital signature
Bug#316872: ITP: libssh -- SSH and SCP library
Package: wnpp Severity: wishlist Owner: "Jean-Philippe Garcia Ballester" <[EMAIL PROTECTED]> * Package name: libssh Version : 0.11 Upstream Author : "Aris Adamantiadis" <[EMAIL PROTECTED]> * URL : http://freshmeat.net/redir/libssh/54537/url_homepage/www.0xbadc0de.be * License : LGPL Description : SSH and SCP library The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote programs. With its Secure FTP implementation, you can play with remote files easily, without third-party programs others than libcrypto -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.10 Locale: LANG=en_US.UTF-8, LC_CTYPE=ja_JP.UTF-8 (charmap=UTF-8) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]