Bug #16918 “smartcard support is not enabled in openssh” : Bugs : openssh package : Ubuntu

Revision history for this message

In Debian Bug tracker #231472, Eric Dorland (eric-debian) wrote on 2004-03-09: cloning 231472, reassign -1 to ssh-krb5

#1

# Automatically generated email from bts, devscripts version 2.7.95.1
clone 231472 -1
reassign -1 ssh-krb5

Revision history for this message

In Debian Bug tracker #231472, Colin Watson (cjwatson) wrote on 2004-03-25: Re: Bug#240077: ssh: why not to compile with opensc?

#2

tags 240077 - experimental sid
merge 231472 240077
thanks

On Thu, Mar 25, 2004 at 07:02:41PM +0100, Alessandro Razeto wrote:
> Package: ssh
> Version: 1:3.8p1-2
> Severity: wishlist
> Tags: experimental sid
>
> I think it could be usefull to compile ssh with opensc support, which
> is already included in the source files.
> One need only to add to debian/rules the --opensc=/usr directive to
> configure and add the source dependancy to libopensc0-dev.

Wouldn't that produce a binary package that depends on libopensc0,
thereby requiring everyone with ssh to install that library? It would
have to be a separate package, and I have concerns about the
maintainability of that approach.

Please search for existing bugs before filing new ones, by the way;
searching for "opensc" in ssh's bug page immediately finds #231472.

Cheers,

--
Colin Watson [<email address hidden>]

Revision history for this message

In Debian Bug tracker #231472, Andreas Jellinghaus (tolonuga) wrote on 2004-03-25:

#3

> Wouldn't that produce a binary package that depends on libopensc0,
> thereby requiring everyone with ssh to install that library?

yes, and opensc is compiled to use either openct or pcsc-lite
(has a library package, too) or both. and opensc is usualy linked
against openssl.

so yes, the result might be considered big and fat.

in comparison, microsoft has it's crypto api with the
cryptografic service provider, which is a nice design.
step by step the unix collection of grown libraries
is improved towards a similar architecture.

the whole situation is made worse by the fact, there
are many different projects implementing a similiar
set of functions, for example the many crypto libraries
out there, or openssl, gnutls and other library offering
tls (libnss is there at least, maybe others?).

and there is the plan of every project to support everything,
for example opensc not only supports pcsc-lite so ifdhandler
format drivers can be used, it also has build in support for
ct-api format drivers, it had for a while an internal framework
for usb tokens, which was replaced by the new openct driver
and middleware that opensc supports, too.

also while opensc currently uses openssl (but can be compiled
without at reduced functionality), there are aims to be able
to use gnutls as well, but to my knowledge gnutls has a long
way to go for offering the same features that openssl has.
and opensc not only uses openssl, but also has two libraries,
so called engines, that openssl can use to access smart
cards.

and don't forget nss, which cannot be used by opensc so far,
but nss can use any library implementing the pkcs#11 interface,
and opensc is implementing that.

if all that double and tripple functionality isn't enough,
opensc supports quite a number of smart cards, and is
gaining support for new ones step by step. each smart
card (operating system) is incompatible to each other,
so these (opensc internal) drivers are necesssary.

confused? I'm sorry. Let's go back to openssh.

While it would be utterly cool to have opensc support
in debian, I already expectet that you don't want it,
because of the many libraries.

But could you create a second package with opensc support
and maintain both? the differences are:
- one configure flage: --with-opensc
- one build dependency in the control: libopensc-dev
   (which results in several build and runtime library
   dependencies)
- one patch (for ssh to ask for the pin openssh needs
   a redesign of some part, which markus (openssh developer)
   didn't find time so far to do. out patch is not that ugly,
   but not the clean design they like to have either. it does
   not touch anything outside the smart card related code.)

everything else is the same, not even changes in documentation,
config files, or debconf questions or anything. so three
simple changes, that's why it might be easier for you
to maintain two openssh versions in parallel.

Thanks for your attention.

Regards, Andreas Jellinghaus
(opensc & openct developer :-)

> Wouldn't that produce a binary package that depends on libopensc0,
> thereby requiring everyone with ssh to install that library?

yes, and opensc is compiled to use either openct or pcsc-lite
(has a library package, too) or both. and opensc is usualy linked
against openssl.

so yes, the result might be considered big and fat.

in comparison, microsoft has it's crypto api with the
cryptografic service provider, which is a nice design.
step by step the unix collection of grown libraries
is improved towards a similar architecture.

the whole situation is made worse by the fact, there
are many different projects implementing a similiar
set of functions, for example the many crypto libraries
out there, or openssl, gnutls and other library offering
tls (libnss is there at least, maybe others?).

and there is the plan of every project to support everything,
for example opensc not only supports pcsc-lite so ifdhandler
format drivers can be used, it also has build in support for
ct-api format drivers, it had for a while an internal framework
for usb tokens, which was replaced by the new openct driver
and middleware that opensc supports, too.

also while opensc currently uses openssl (but can be compiled
without at reduced functionality), there are aims to be able
to use gnutls as well, but to my knowledge gnutls has a long
way to go for offering the same features that openssl has.
and opensc not only uses openssl, but also has two libraries,
so called engines, that openssl can use to access smart
cards.

and don't forget nss, which cannot be used by opensc so far,
but nss can use any library implementing the pkcs#11 interface,
and opensc is implementing that.

if all that double and tripple functionality isn't enough,
opensc supports quite a number of smart cards, and is
gaining support for new ones step by step. each smart
card (operating system) is incompatible to each other,
so these (opensc internal) drivers are necesssary.

confused? I'm sorry. Let's go back to openssh.

While it would be utterly cool to have opensc support
in debian, I already expectet that you don't want it,
because of the many libraries.

But could you create a second package with opensc support
and maintain both? the differences are:
 - one configure flage: --with-opensc
 - one build dependency in the control: libopensc-dev
   (which results in several build and runtime library
   dependencies)
 - one patch (for ssh to ask for the pin openssh needs
   a redesign of some part, which markus (openssh developer)
   didn't find time so far to do. out patch is not that ugly,
   but not the clean design they like to have either. it does
   not touch anything outside the smart card related code.)

everything else is the same, not even changes in documentation,
config files, or debconf questions or anything. so three
simple changes, that's why it might be easier for you
to maintain two openssh versions in parallel.

Thanks for your attention.

Regards, Andreas Jellinghaus
(opensc & openct developer :-)

Revision history for this message

In Debian Bug tracker #231472, Eric Dorland (eric-debian) wrote on 2004-05-03: patch to build a ssh-opensc package

#4

tags 240077 patch
tags 231472 patch
thanks

And here's the patch. I basically kept the same rules file and just
added some makefile magic to make it compile box versions of the
packages. Let me know what you think/any problems.

--
Eric Dorland <email address hidden>
ICQ: #61138586, Jabber: <email address hidden>
1024D/16D970C6 097C 4861 9934 27A0 8E1C 2B0A 61E9 8ECF 16D9 70C6

-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS d- s++: a-- C+++ UL+++ P++ L++ E++ W++ N+ o K- w+
O? M++ V-- PS+ PE Y+ PGP++ t++ 5++ X+ R tv++ b+++ DI+ D+
G e h! r- y+
------END GEEK CODE BLOCK------

Revision history for this message

In Debian Bug tracker #231472, Colin Watson (cjwatson) wrote on 2004-05-03: Re: Bug#240077: patch to build a ssh-opensc package

#5

On Mon, May 03, 2004 at 12:12:03AM -0400, Eric Dorland wrote:
> And here's the patch. I basically kept the same rules file and just
> added some makefile magic to make it compile box versions of the
> packages. Let me know what you think/any problems.

It's unlikely to apply very well the first time when this can be looked
at, i.e. after sarge, since the client and server will be split out
then.

I have a general objection, though: consider N features in OpenSSH which
require extra libraries (there are a few filed as other bugs, IIRC). How
many packages am I supposed to build? N? 2^N? Dealing with configuration
files would be a total nightmare. And so on. As I said in my original
mail to you, "It would have to be a separate package, and I have
concerns about the maintainability of that approach."

I'd rather wait until we split out client and server, then build the
server with some extra features by default since the server will be in
optional rather than standard.

Thanks,

--
Colin Watson [<email address hidden>]

Revision history for this message

In Debian Bug tracker #231472, Eric Dorland (eric-debian) wrote on 2004-05-04:

#6

* Colin Watson (<email address hidden>) wrote:
> On Mon, May 03, 2004 at 12:12:03AM -0400, Eric Dorland wrote:
> > And here's the patch. I basically kept the same rules file and just
> > added some makefile magic to make it compile box versions of the
> > packages. Let me know what you think/any problems.
>
> It's unlikely to apply very well the first time when this can be looked
> at, i.e. after sarge, since the client and server will be split out
> then.

No problem, I can redo the patch then, but lets keep it around for
reference.

> I have a general objection, though: consider N features in OpenSSH which
> require extra libraries (there are a few filed as other bugs, IIRC). How
> many packages am I supposed to build? N? 2^N? Dealing with configuration
> files would be a total nightmare. And so on. As I said in my original
> mail to you, "It would have to be a separate package, and I have
> concerns about the maintainability of that approach."

I understand that point of view, but I also would love to see this
functionality in ssh (and I'm sure others have features they'd like to
see). Would you be amenable to doing something similar to the exim4
maintainers -heavy and -light packages? This way you only need C=2
packages :)

I'm not sure what you mean by dealing with the configuration files,
but I don't think the opensc support adds any addition configuration
options...

> I'd rather wait until we split out client and server, then build the
> server with some extra features by default since the server will be in
> optional rather than standard.

Well the opensc library would affect the client, not the server
(actually it may be used on the server as well, I'm not sure...), so
it wouldn't be used in the server.

--
Eric Dorland <email address hidden>
ICQ: #61138586, Jabber: <email address hidden>
1024D/16D970C6 097C 4861 9934 27A0 8E1C 2B0A 61E9 8ECF 16D9 70C6

-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS d- s++: a-- C+++ UL+++ P++ L++ E++ W++ N+ o K- w+
O? M++ V-- PS+ PE Y+ PGP++ t++ 5++ X+ R tv++ b+++ DI+ D+
G e h! r- y+
------END GEEK CODE BLOCK------

* Colin Watson (cjwatson@debian.org) wrote:
> On Mon, May 03, 2004 at 12:12:03AM -0400, Eric Dorland wrote:
> > And here's the patch. I basically kept the same rules file and just
> > added some makefile magic to make it compile box versions of the
> > packages. Let me know what you think/any problems.
> 
> It's unlikely to apply very well the first time when this can be looked
> at, i.e. after sarge, since the client and server will be split out
> then.

No problem, I can redo the patch then, but lets keep it around for
reference.

> I have a general objection, though: consider N features in OpenSSH which
> require extra libraries (there are a few filed as other bugs, IIRC). How
> many packages am I supposed to build? N? 2^N? Dealing with configuration
> files would be a total nightmare. And so on. As I said in my original
> mail to you, "It would have to be a separate package, and I have
> concerns about the maintainability of that approach."

I understand that point of view, but I also would love to see this
functionality in ssh (and I'm sure others have features they'd like to
see). Would you be amenable to doing something similar to the exim4
maintainers -heavy and -light packages? This way you only need C=2
packages :)

I'm not sure what you mean by dealing with the configuration files,
but I don't think the opensc support adds any addition configuration
options...
 
> I'd rather wait until we split out client and server, then build the
> server with some extra features by default since the server will be in
> optional rather than standard.

Well the opensc library would affect the client, not the server
(actually it may be used on the server as well, I'm not sure...), so
it wouldn't be used in the server.

-- 
Eric Dorland <eric.dorland@mail.mcgill.ca>
ICQ: #61138586, Jabber: hooty@jabber.com
1024D/16D970C6 097C 4861 9934 27A0 8E1C  2B0A 61E9 8ECF 16D9 70C6

-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS d- s++: a-- C+++ UL+++ P++ L++ E++ W++ N+ o K- w+ 
O? M++ V-- PS+ PE Y+ PGP++ t++ 5++ X+ R tv++ b+++ DI+ D+ 
G e h! r- y+ 
------END GEEK CODE BLOCK------

Revision history for this message

Nicolas Romero (nicolas-romero) wrote on 2005-05-11:

#7

It is not possible to use an usb token to store keys because openssh is not
compiled with opensc support.

To enable the smartcard support it is necessary to
* get the sources with apt-get source openssh
* modify debian/rules to add --with-opensc at the end of ./configure... lines
* rebuild the package with dpkg-buildpackage

Revision history for this message

Colin Watson (cjwatson) wrote on 2005-05-11:

#8

Right. The reason this hasn't been done yet is because I've been concerned about
pulling so many extra library dependencies into such a frequently installed package.

Revision history for this message

Nicolas Romero (nicolas-romero) wrote on 2005-05-11:

#9

And if the smartcard support was enabled, it would add at least an other
dependency with opensc !
Maybe it would be better to create openssh-smartcard-* packages instead of
overbloating the existing ones with additional dependencies ?

But I don't know what is the best way from a maintainer point of view...

Revision history for this message

In Debian Bug tracker #231472, Eric Dorland (eric-debian) wrote on 2005-06-13: opensc support

#10

Package: openssh
Followup-For: Bug #231472

Hi,

Now that sarge is released (horray), any thoughts on including this
support in your package. I'm willing to do the heavy lifting, and
probably the best approach would be a seperate package with the opensc
support built in. Let me know what you think.

-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.11
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)

Revision history for this message

Debian Bug Importer (debzilla) wrote on 2005-09-22:

#11

Message-Id: <20040206202243.707AD5CAFF4@nightcrawler>
Date: Fri, 06 Feb 2004 15:22:43 -0500
From: Eric Dorland <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: please include opensc support

Package: ssh
Version: 1:3.6.1p2-11
Severity: wishlist

I've recently uploaded the opensc package to unstable. It contains
infrastructure for supporting smart cards and usb tokens. OpenSSH can be
compiled with opensc support (see ./configure --help, --with-opensc
switch). It would be great to be able to incorporate the opensc support
into openssh. I'm eager to send you a patch for enable this support, but
I'm not sure how you would like to go about it. If it was enabled in the
current openssh package, I would need to put opensc in standard which
may not be popular (although if smart card usage takes off this move may
make sense). Or would you prefer to have a seperate package (ssh-sc or
something) that is contains the opensc enabled ssh?

Eagerly awaiting your reponse :)

-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.0
Locale: LANG=en_US, LC_CTYPE=en_US

Versions of packages ssh depends on:
ii adduser 3.51 Add and remove users and groups
ii debconf 1.4.8 Debian configuration management sy
ii dpkg 1.10.18 Package maintenance system for Deb
ii libc6 2.3.2.ds1-11 GNU C Library: Shared libraries an
ii libpam-modules 0.76-15 Pluggable Authentication Modules f
ii libpam-runtime 0.76-15 Runtime support for the PAM librar
ii libpam0g 0.76-15 Pluggable Authentication Modules l
ii libssl0.9.7 0.9.7c-5 SSL shared libraries
ii libwrap0 7.6-ipv6.1-3 Wietse Venema's TCP wrappers libra
ii zlib1g 1:1.2.1-3 compression library - runtime

-- debconf information excluded

Message-Id: <20040206202243.707AD5CAFF4@nightcrawler>
Date: Fri, 06 Feb 2004 15:22:43 -0500
From: Eric Dorland <eric@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: please include opensc support

Package: ssh
Version: 1:3.6.1p2-11
Severity: wishlist

I've recently uploaded the opensc package to unstable. It contains
infrastructure for supporting smart cards and usb tokens. OpenSSH can be
compiled with opensc support (see ./configure --help, --with-opensc
switch). It would be great to be able to incorporate the opensc support
into openssh. I'm eager to send you a patch for enable this support, but
I'm not sure how you would like to go about it. If it was enabled in the
current openssh package, I would need to put opensc in standard which
may not be popular (although if smart card usage takes off this move may
make sense). Or would you prefer to have a seperate package (ssh-sc or
something) that is contains the opensc enabled ssh?

Eagerly awaiting your reponse :)

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.0
Locale: LANG=en_US, LC_CTYPE=en_US

Versions of packages ssh depends on:
ii  adduser                     3.51         Add and remove users and groups
ii  debconf                     1.4.8        Debian configuration management sy
ii  dpkg                        1.10.18      Package maintenance system for Deb
ii  libc6                       2.3.2.ds1-11 GNU C Library: Shared libraries an
ii  libpam-modules              0.76-15      Pluggable Authentication Modules f
ii  libpam-runtime              0.76-15      Runtime support for the PAM librar
ii  libpam0g                    0.76-15      Pluggable Authentication Modules l
ii  libssl0.9.7                 0.9.7c-5     SSL shared libraries
ii  libwrap0                    7.6-ipv6.1-3 Wietse Venema's TCP wrappers libra
ii  zlib1g                      1:1.2.1-3    compression library - runtime

-- debconf information excluded

Revision history for this message

Debian Bug Importer (debzilla) wrote on 2005-09-22:

#12

Message-Id: <20040309053510.00753198CC7@nightcrawler>
Date: Tue, 9 Mar 2004 00:35:10 -0500
From: Eric Dorland <email address hidden>
To: <email address hidden>
Subject: cloning 231472, reassign -1 to ssh-krb5

# Automatically generated email from bts, devscripts version 2.7.95.1
clone 231472 -1
reassign -1 ssh-krb5

Revision history for this message

Debian Bug Importer (debzilla) wrote on 2005-09-22:

#13

Message-ID: <email address hidden>
Date: Thu, 25 Mar 2004 18:56:47 +0000
From: Colin Watson <email address hidden>
To: Alessandro Razeto <email address hidden>, <email address hidden>
Cc: <email address hidden>, <email address hidden>
Subject: Re: Bug#240077: ssh: why not to compile with opensc?

tags 240077 - experimental sid
merge 231472 240077
thanks

On Thu, Mar 25, 2004 at 07:02:41PM +0100, Alessandro Razeto wrote:
> Package: ssh
> Version: 1:3.8p1-2
> Severity: wishlist
> Tags: experimental sid
>
> I think it could be usefull to compile ssh with opensc support, which
> is already included in the source files.
> One need only to add to debian/rules the --opensc=/usr directive to
> configure and add the source dependancy to libopensc0-dev.

Wouldn't that produce a binary package that depends on libopensc0,
thereby requiring everyone with ssh to install that library? It would
have to be a separate package, and I have concerns about the
maintainability of that approach.

Please search for existing bugs before filing new ones, by the way;
searching for "opensc" in ssh's bug page immediately finds #231472.

Cheers,

--
Colin Watson [<email address hidden>]

Revision history for this message

Debian Bug Importer (debzilla) wrote on 2005-09-22:

#14

Download full text (3.3 KiB)

Message-Id: <1080252636.2543.18.camel@simulacron>
Date: Thu, 25 Mar 2004 23:10:37 +0100
From: Andreas Jellinghaus <email address hidden>
To: Colin Watson <email address hidden>, <email address hidden>
Cc: Alessandro Razeto <email address hidden>, <email address hidden>
Subject: Re: Bug#240077: ssh: why not to compile with opensc?

> Wouldn't that produce a binary package that depends on libopensc0,
> thereby requiring everyone with ssh to install that library?

yes, and opensc is compiled to use either openct or pcsc-lite
(has a library package, too) or both. and opensc is usualy linked
against openssl.

so yes, the result might be considered big and fat.

in comparison, microsoft has it's crypto api with the
cryptografic service provider, which is a nice design.
step by step the unix collection of grown libraries
is improved towards a similar architecture.

the whole situation is made worse by the fact, there
are many different projects implementing a similiar
set of functions, for example the many crypto libraries
out there, or openssl, gnutls and other library offering
tls (libnss is there at least, maybe others?).

and there is the plan of every project to support everything,
for example opensc not only supports pcsc-lite so ifdhandler
format drivers can be used, it also has build in support for
ct-api format drivers, it had for a while an internal framework
for usb tokens, which was replaced by the new openct driver
and middleware that opensc supports, too.

also while opensc currently uses openssl (but can be compiled
without at reduced functionality), there are aims to be able
to use gnutls as well, but to my knowledge gnutls has a long
way to go for offering the same features that openssl has.
and opensc not only uses openssl, but also has two libraries,
so called engines, that openssl can use to access smart
cards.

and don't forget nss, which cannot be used by opensc so far,
but nss can use any library implementing the pkcs#11 interface,
and opensc is implementing that.

if all that double and tripple functionality isn't enough,
opensc supports quite a number of smart cards, and is
gaining support for new ones step by step. each smart
card (operating system) is incompatible to each other,
so these (opensc internal) drivers are necesssary.

confused? I'm sorry. Let's go back to openssh.

While it would be utterly cool to have opensc support
in debian, I already expectet that you don't want it,
because of the many libraries.

But could you create a second package with opensc support
and maintain both? the differences are:
- one configure flage: --with-opensc
- one build dependency in the control: libopensc-dev
   (which results in several build and runtime library
   dependencies)
- one patch (for ssh to ask for the pin openssh needs
   a redesign of some part, which markus (openssh developer)
   didn't find time so far to do. out patch is not that ugly,
   but not the clean design they like to have either. it does
   not touch anything outside the smart card related code.)

everything else is the same, not even changes in documentation,
config files, or debconf questions or anything. so three
simple changes, that's why it might be easier for...

Message-Id: <1080252636.2543.18.camel@simulacron>
Date: Thu, 25 Mar 2004 23:10:37 +0100
From: Andreas Jellinghaus <aj@dungeon.inka.de>
To: Colin Watson <cjwatson@debian.org>, 240077@bugs.debian.org
Cc: Alessandro Razeto <eto@linux.it>, 231472@bugs.debian.org
Subject: Re: Bug#240077: ssh: why not to compile with opensc?

> Wouldn't that produce a binary package that depends on libopensc0,
> thereby requiring everyone with ssh to install that library?

yes, and opensc is compiled to use either openct or pcsc-lite
(has a library package, too) or both. and opensc is usualy linked
against openssl.

so yes, the result might be considered big and fat.

in comparison, microsoft has it's crypto api with the
cryptografic service provider, which is a nice design.
step by step the unix collection of grown libraries
is improved towards a similar architecture.

the whole situation is made worse by the fact, there
are many different projects implementing a similiar
set of functions, for example the many crypto libraries
out there, or openssl, gnutls and other library offering
tls (libnss is there at least, maybe others?).

and there is the plan of every project to support everything,
for example opensc not only supports pcsc-lite so ifdhandler
format drivers can be used, it also has build in support for
ct-api format drivers, it had for a while an internal framework
for usb tokens, which was replaced by the new openct driver
and middleware that opensc supports, too.

also while opensc currently uses openssl (but can be compiled
without at reduced functionality), there are aims to be able
to use gnutls as well, but to my knowledge gnutls has a long
way to go for offering the same features that openssl has.
and opensc not only uses openssl, but also has two libraries,
so called engines, that openssl can use to access smart
cards.

and don't forget nss, which cannot be used by opensc so far,
but nss can use any library implementing the pkcs#11 interface,
and opensc is implementing that.

if all that double and tripple functionality isn't enough,
opensc supports quite a number of smart cards, and is
gaining support for new ones step by step. each smart
card (operating system) is incompatible to each other,
so these (opensc internal) drivers are necesssary.

confused? I'm sorry. Let's go back to openssh.

While it would be utterly cool to have opensc support
in debian, I already expectet that you don't want it,
because of the many libraries.

But could you create a second package with opensc support
and maintain both? the differences are:
 - one configure flage: --with-opensc
 - one build dependency in the control: libopensc-dev
   (which results in several build and runtime library
   dependencies)
 - one patch (for ssh to ask for the pin openssh needs
   a redesign of some part, which markus (openssh developer)
   didn't find time so far to do. out patch is not that ugly,
   but not the clean design they like to have either. it does
   not touch anything outside the smart card related code.)

everything else is the same, not even changes in documentation,
config files, or debconf questions or anything. so three
simple changes, that's why it might be easier for you
to maintain two openssh versions in parallel.

Thanks for your attention.

Regards, Andreas Jellinghaus
(opensc & openct developer :-)

Revision history for this message

Debian Bug Importer (debzilla) wrote on 2005-09-22:

#15

Download full text (12.1 KiB)

Message-ID: <email address hidden>
Date: Mon, 3 May 2004 00:12:03 -0400
From: Eric Dorland <email address hidden>
To: <email address hidden>, <email address hidden>
Cc: <email address hidden>
Subject: patch to build a ssh-opensc package

--gmhhrsDozM2n+uz5
Content-Type: multipart/mixed; boundary="UlsYxwg8UDQn+EKZ"
Content-Disposition: inline

--UlsYxwg8UDQn+EKZ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

tags 240077 patch
tags 231472 patch
thanks

And here's the patch. I basically kept the same rules file and just
added some makefile magic to make it compile box versions of the
packages. Let me know what you think/any problems.

--=20
Eric Dorland <email address hidden>
ICQ: #61138586, Jabber: <email address hidden>
1024D/16D970C6 097C 4861 9934 27A0 8E1C 2B0A 61E9 8ECF 16D9 70C6

-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS d- s++: a-- C+++ UL+++ P++ L++ E++ W++ N+ o K- w+=20
O? M++ V-- PS+ PE Y+ PGP++ t++ 5++ X+ R tv++ b+++ DI+ D+=20
G e h! r- y+=20
------END GEEK CODE BLOCK------

--UlsYxwg8UDQn+EKZ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="ssh-opensc.diff"
Content-Transfer-Encoding: quoted-printable

diff -ruN openssh-3.8p1/debian/control openssh-3.8p1.new/debian/control
--- openssh-3.8p1/debian/control 2004-05-02 23:43:35.000000000 -0400
+++ openssh-3.8p1.new/debian/control 2004-05-02 23:46:57.000000000 -0400
@@ -2,14 +2,15 @@
Section: net
Priority: standard
Maintainer: Matthew Vernon <email address hidden>
-Build-Depends: libwrap0-dev | libwrap-dev, zlib1g-dev | libz-dev, libssl-d=
ev, libpam0g-dev | libpam-dev, libgnomeui-dev (>=3D 2.0.0) | libgnome-dev, =
groff, debhelper (>=3D1.1.17), sharutils
+Build-Depends: libwrap0-dev | libwrap-dev, zlib1g-dev | libz-dev, libssl-d=
ev, libpam0g-dev | libpam-dev, libgnomeui-dev (>=3D 2.0.0) | libgnome-dev, =
groff, debhelper (>=3D1.1.17), sharutils, libopensc0-dev
Standards-Version: 3.6.1
Uploaders: Colin Watson <email address hidden>
=20
Package: ssh
Architecture: any
Depends: ${shlibs:Depends}, ${debconf-depends}, ${pam-depends}, libpam-mod=
ules (>=3D 0.72-9), adduser (>=3D 3.9), dpkg (>=3D 1.9.0)
-Conflicts: ssh-nonfree (<<2), ssh-socks, ssh2, sftp, rsh-client (<<0.16.1-=
1)
+Conflicts: ssh-opensc, ssh-nonfree (<<2), ssh-socks, ssh2, sftp, rsh-clien=
t (<<0.16.1-1)
+Replaces: ssh-opensc
Suggests: ssh-askpass, xbase-clients, dnsutils
Provides: rsh-client
Description: Secure rlogin/rsh/rcp replacement (OpenSSH)
@@ -32,6 +33,35 @@
In some countries it may be illegal to use any encryption at all
without a special permit.
=20
+Package: ssh-opensc
+Architecture: any
+Priority: extra
+Depends: ${shlibs:Depends}, ${debconf-depends}, ${pam-depends}, libpam-mod=
ules (>=3D 0.72-9), adduser (>=3D 3.9), dpkg (>=3D 1.9.0)
+Conflicts: ssh, ssh-nonfree (<<2), ssh-socks, ssh2, sftp, rsh-client (<<0.=
16.1-1)
+Replaces: ssh
+Suggests: ssh-askpass, xbase-clients, dnsutils
+Provides: ssh, rsh-client
+Description: Secure rlogin/rsh/rcp replacement (OpenSSH with OpenSC suppor=
t)
+ This is the portable version of OpenSSH, a free implementation of
+ the Secu...

Message-ID: <20040503041203.GM3388@nightcrawler.kuroneko.lan>
Date: Mon, 3 May 2004 00:12:03 -0400
From: Eric Dorland <eric@debian.org>
To: 240077@bugs.debian.org, 231472@bugs.debian.org
Cc: control@bugs.debian.org
Subject: patch to build a ssh-opensc package

--gmhhrsDozM2n+uz5
Content-Type: multipart/mixed; boundary="UlsYxwg8UDQn+EKZ"
Content-Disposition: inline

--UlsYxwg8UDQn+EKZ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

tags 240077 patch
tags 231472 patch
thanks

And here's the patch. I basically kept the same rules file and just
added some makefile magic to make it compile box versions of the
packages. Let me know what you think/any problems.

--=20
Eric Dorland <eric.dorland@mail.mcgill.ca>
ICQ: #61138586, Jabber: hooty@jabber.com
1024D/16D970C6 097C 4861 9934 27A0 8E1C  2B0A 61E9 8ECF 16D9 70C6

-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS d- s++: a-- C+++ UL+++ P++ L++ E++ W++ N+ o K- w+=20
O? M++ V-- PS+ PE Y+ PGP++ t++ 5++ X+ R tv++ b+++ DI+ D+=20
G e h! r- y+=20
------END GEEK CODE BLOCK------

--UlsYxwg8UDQn+EKZ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="ssh-opensc.diff"
Content-Transfer-Encoding: quoted-printable

diff -ruN openssh-3.8p1/debian/control openssh-3.8p1.new/debian/control
--- openssh-3.8p1/debian/control	2004-05-02 23:43:35.000000000 -0400
+++ openssh-3.8p1.new/debian/control	2004-05-02 23:46:57.000000000 -0400
@@ -2,14 +2,15 @@
 Section: net
 Priority: standard
 Maintainer: Matthew Vernon <matthew@debian.org>
-Build-Depends: libwrap0-dev | libwrap-dev, zlib1g-dev | libz-dev, libssl-d=
ev, libpam0g-dev | libpam-dev, libgnomeui-dev (>=3D 2.0.0) | libgnome-dev, =
groff, debhelper (>=3D1.1.17), sharutils
+Build-Depends: libwrap0-dev | libwrap-dev, zlib1g-dev | libz-dev, libssl-d=
ev, libpam0g-dev | libpam-dev, libgnomeui-dev (>=3D 2.0.0) | libgnome-dev, =
groff, debhelper (>=3D1.1.17), sharutils, libopensc0-dev
 Standards-Version: 3.6.1
 Uploaders: Colin Watson <cjwatson@debian.org>
=20
 Package: ssh
 Architecture: any
 Depends: ${shlibs:Depends}, ${debconf-depends}, ${pam-depends}, libpam-mod=
ules (>=3D 0.72-9), adduser (>=3D 3.9), dpkg (>=3D 1.9.0)
-Conflicts: ssh-nonfree (<<2), ssh-socks, ssh2, sftp, rsh-client (<<0.16.1-=
1)
+Conflicts: ssh-opensc, ssh-nonfree (<<2), ssh-socks, ssh2, sftp, rsh-clien=
t (<<0.16.1-1)
+Replaces: ssh-opensc
 Suggests: ssh-askpass, xbase-clients, dnsutils
 Provides: rsh-client
 Description: Secure rlogin/rsh/rcp replacement (OpenSSH)
@@ -32,6 +33,35 @@
  In some countries it may be illegal to use any encryption at all
  without a special permit.
=20
+Package: ssh-opensc
+Architecture: any
+Priority: extra
+Depends: ${shlibs:Depends}, ${debconf-depends}, ${pam-depends}, libpam-mod=
ules (>=3D 0.72-9), adduser (>=3D 3.9), dpkg (>=3D 1.9.0)
+Conflicts: ssh, ssh-nonfree (<<2), ssh-socks, ssh2, sftp, rsh-client (<<0.=
16.1-1)
+Replaces: ssh
+Suggests: ssh-askpass, xbase-clients, dnsutils
+Provides: ssh, rsh-client
+Description: Secure rlogin/rsh/rcp replacement (OpenSSH with OpenSC suppor=
t)
+ This is the portable version of OpenSSH, a free implementation of
+ the Secure Shell protocol as specified by the IETF secsh working
+ group.
+ .
+ Ssh (Secure Shell) is a program for logging into a remote machine
+ and for executing commands on a remote machine.
+ It provides secure encrypted communications between two untrusted
+ hosts over an insecure network.  X11 connections and arbitrary TCP/IP
+ ports can also be forwarded over the secure channel.
+ It is intended as a replacement for rlogin, rsh and rcp, and can be
+ used to provide applications with a secure communication channel.
+ .
+ This package provides both the ssh client and the sshd server. This
+ package is compiled with OpenSC support.
+ .
+ --------------------------------------------------------------------
+ .
+ In some countries it may be illegal to use any encryption at all
+ without a special permit.
+
 Package: ssh-askpass-gnome
 Section: gnome
 Priority: optional
diff -ruN openssh-3.8p1/debian/rules openssh-3.8p1.new/debian/rules
--- openssh-3.8p1/debian/rules	2004-05-02 23:43:35.000000000 -0400
+++ openssh-3.8p1.new/debian/rules	2004-05-02 23:17:11.000000000 -0400
@@ -39,30 +39,45 @@
 PAMDEP :=3D libpam-runtime
 endif
=20
+# nice shell expansion for the target dirs
+PACKAGE_DIRS :=3D debian/{tmp,ssh-opensc}
+
+# Configure flags
+CONFIGURE_OPTS :=3D --prefix=3D/usr --sysconfdir=3D/etc/ssh --libexecdir=
=3D/usr/lib --mandir=3D/usr/share/man --with-tcp-wrappers --with-xauth=3D/u=
sr/bin/X11/xauth --with-default-path=3D/usr/local/bin:/bin:/usr/bin:/usr/X1=
1R6/bin --with-superuser-path=3D/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sb=
in:/usr/local/bin:/usr/X11R6/bin --with-pam --with-4in6 --with-privsep-path=
=3D/var/run/sshd  --without-rand-helper
+
 # Change the version string to include the Debian version
 SSH_VERSION :=3D $(shell sed -e '/define/!d; s/.*\"$.*$\".*/\1/; q' <ver=
sion.h) Debian $(shell dpkg-parsechangelog | sed -n -e '/^Version:/s/Versio=
n: //p')
=20
-build: build-deb-stamp
-build-deb-stamp:
+build-regular build-opensc: build-% : build-deb-%-stamp
+build-deb-regular-stamp: BUILD_DEB_DIR :=3D build-deb-regular
+build-deb-opensc-stamp: BUILD_DEB_DIR :=3D build-deb-opensc
+build-deb-opensc-stamp: CONFIGURE_OPTS +=3D --with-opensc=3D/usr
+build-deb-regular-stamp build-deb-opensc-stamp:
 	dh_testdir
-	mkdir -p build-deb
-	cd build-deb && ../configure --prefix=3D/usr --sysconfdir=3D/etc/ssh --li=
bexecdir=3D/usr/lib --mandir=3D/usr/share/man --with-tcp-wrappers --with-xa=
uth=3D/usr/bin/X11/xauth --with-default-path=3D/usr/local/bin:/bin:/usr/bin=
:/usr/X11R6/bin --with-superuser-path=3D/sbin:/bin:/usr/sbin:/usr/bin:/usr/=
local/sbin:/usr/local/bin:/usr/X11R6/bin --with-pam --with-4in6 --with-priv=
sep-path=3D/var/run/sshd  --without-rand-helper
+	mkdir -p $(BUILD_DEB_DIR)
+	cd $(BUILD_DEB_DIR) && ../configure $(CONFIGURE_OPTS)
 	# Some 2.2 kernels have trouble with setres[ug]id() (bug #239999).
-	perl -pi -e 's/.*#undef (BROKEN_SETRES[UG]ID).*/#define $$1 1/' build-deb=
/config.h
-	$(MAKE) -C build-deb -j 2 ASKPASS_PROGRAM=3D'/usr/bin/ssh-askpass' CFLAGS=
=3D'$(OPTFLAGS) -g -Wall -DLOGIN_PROGRAM=3D\"/bin/login\" -DLOGIN_NO_ENDOPT=
 -DSSHD_PAM_SERVICE=3D\"ssh\" -DSSH_VERSION=3D"\"$(SSH_VERSION)\""' SSH_KEY=
SIGN=3D'/usr/lib/ssh-keysign'
+	perl -pi -e 's/.*#undef (BROKEN_SETRES[UG]ID).*/#define $$1 1/' $(BUILD_D=
EB_DIR)/config.h
+	$(MAKE) -C $(BUILD_DEB_DIR) -j 2 ASKPASS_PROGRAM=3D'/usr/bin/ssh-askpass'=
 CFLAGS=3D'$(OPTFLAGS) -g -Wall -DLOGIN_PROGRAM=3D\"/bin/login\" -DLOGIN_NO=
_ENDOPT -DSSHD_PAM_SERVICE=3D\"ssh\" -DSSH_VERSION=3D"\"$(SSH_VERSION)\""' =
SSH_KEYSIGN=3D'/usr/lib/ssh-keysign'
+ifeq ($@,build-deb-regular-stamp)
 	# Support building on Debian 3.0 (with GNOME 1.4) and later.
 	if [ -f /usr/include/libgnomeui-2.0/gnome.h ]; then \
 		$(MAKE) -C contrib gnome-ssh-askpass2 CC=3D'gcc $(OPTFLAGS) -g -Wall'; \
 	elif [ -f /usr/include/gnome-1.0/gnome.h ]; then \
 		$(MAKE) -C contrib gnome-ssh-askpass1 CC=3D'gcc $(OPTFLAGS) -g -Wall'; \
 	fi
+endif
+
+	touch $@
=20
-	touch build-deb-stamp
+build: build-regular
+	# build the regular build
=20
 clean:
 	dh_testdir
-	rm -f build-deb-stamp
-	rm -rf build-deb
+	rm -f build-deb-regular-stamp build-deb-opensc-stamp
+	rm -f debian/ssh-opensc.*			#rm links
+	rm -rf build-deb-regular build-deb-opensc
 	-$(MAKE) -C contrib clean
 	rm -f config.log
 ifeq ($(PO2DEBCONF),yes)
@@ -83,45 +98,61 @@
 endif
 	dh_clean
=20
-install: DH_OPTIONS=3D
-install: build
-	dh_testdir
-	dh_testroot
-	dh_clean -k
-	dh_installdirs
-
+install-regular: BUILD_DEB_DIR :=3D build-deb-regular
+install-regular: PACKAGE_DIR :=3D debian/tmp
+install-regular: PACKAGE :=3D ssh
+install-regular: DH_OPTIONS=3D
+install-opensc: BUILD_DEB_DIR :=3D build-deb-opensc
+install-opensc: PACKAGE_DIR :=3D debian/ssh-opensc
+install-opensc: PACKAGE :=3D ssh-opensc
+install-opensc: DH_OPTIONS=3D
+install-regular install-opensc: install-% : build-%
 	# Add here commands to install the package into debian/tmp.
-	$(MAKE) -C build-deb DESTDIR=3D`pwd`/debian/tmp install-nokeys
+	$(MAKE) -C $(BUILD_DEB_DIR) DESTDIR=3D$(CURDIR)/$(PACKAGE_DIR) install-no=
keys
=20
-	rm -f debian/tmp/etc/ssh/sshd_config
+	rm -f $(PACKAGE_DIR)/etc/ssh/sshd_config
 	#Temporary hack: remove /usr/share/Ssh.bin, since we have no smartcard su=
pport anyway.
-	rm -f debian/tmp/usr/share/Ssh.bin
+	rm -f $(PACKAGE_DIR)/usr/share/Ssh.bin
=20
-	install -m 755 contrib/ssh-copy-id debian/tmp/usr/bin/ssh-copy-id
-	install -m 644 -c contrib/ssh-copy-id.1 debian/tmp/usr/share/man/man1/ssh=
-copy-id.1
-	install -m 644 debian/moduli.5 debian/tmp/usr/share/man/man5/moduli.5
+	install -m 755 contrib/ssh-copy-id $(PACKAGE_DIR)/usr/bin/ssh-copy-id
+	install -m 644 -c contrib/ssh-copy-id.1 $(PACKAGE_DIR)/usr/share/man/man1=
/ssh-copy-id.1
+	install -m 644 debian/moduli.5 $(PACKAGE_DIR)/usr/share/man/man5/moduli.5
=20
+ifeq ($(PACKAGE),ssh)
 	if [ -f contrib/gnome-ssh-askpass2 ]; then \
 		install -s -o root -g root -m 755 contrib/gnome-ssh-askpass2 debian/ssh-=
askpass-gnome/usr/lib/ssh/gnome-ssh-askpass; \
 	elif [ -f contrib/gnome-ssh-askpass1 ]; then \
 		install -s -o root -g root -m 755 contrib/gnome-ssh-askpass1 debian/ssh-=
askpass-gnome/usr/lib/ssh/gnome-ssh-askpass; \
 	fi
 	install -m 644 debian/gnome-ssh-askpass.1 debian/ssh-askpass-gnome/usr/sh=
are/man/man1/gnome-ssh-askpass.1
+endif
+
+	install -m 755 debian/ssh-argv0 $(PACKAGE_DIR)/usr/bin/ssh-argv0
+	install -m 644 debian/ssh-argv0.1 $(PACKAGE_DIR)/usr/share/man/man1/ssh-a=
rgv0.1
+
+	install -o root -g root debian/init $(PACKAGE_DIR)/etc/init.d/ssh
+	install -o root -g root -m 644 debian/ssh.default $(PACKAGE_DIR)/etc/defa=
ult/ssh
=20
-	install -m 755 debian/ssh-argv0 debian/tmp/usr/bin/ssh-argv0
-	install -m 644 debian/ssh-argv0.1 debian/tmp/usr/share/man/man1/ssh-argv0=
=2E1
+	install -o root -g root -m 755 -d $(PACKAGE_DIR)/var/run/sshd
=20
-	install -o root -g root debian/init debian/tmp/etc/init.d/ssh
-	install -o root -g root -m 644 debian/ssh.default debian/tmp/etc/default/=
ssh
+install:
+	dh_testdir
+	dh_testroot
+	dh_clean -k
+	for file in config dirs postinst postrm preinst prerm ; do \
+		ln -sf "$$file" "debian/ssh-opensc.$$file"; \
+	done
+	dh_installdirs
=20
-	install -o root -g root -m 755 -d debian/tmp/var/run/sshd
+	$(MAKE) -f debian/rules install-regular
+	$(MAKE) -f debian/rules install-opensc
=20
 # Build architecture-independent files here.
-binary-indep: build install
+binary-indep: install
 	# nothing to do
=20
 # Build architecture-dependent files here.
-binary-arch: build install
+binary-arch: install
 	dh_testdir
 	dh_testroot
 ifeq ($(PO2DEBCONF),yes)
@@ -129,10 +160,12 @@
 endif
 	dh_installdebconf
 	dh_installdocs OVERVIEW README
-	cat debian/copyright.head LICENCE > debian/tmp/usr/share/doc/ssh/copyright
-	nroff RFC.nroff > debian/tmp/usr/share/doc/ssh/RFC
-	gzip -9 debian/tmp/usr/share/doc/ssh/RFC
-	rm -rf debian/tmp/usr/share/doc/ssh/RFC.nroff.gz
+	cat debian/copyright.head LICENCE \
+		| tee $(PACKAGE_DIRS)/usr/share/doc/$(PACKAGE)/copyright > /dev/null
+	nroff RFC.nroff | tee $(PACKAGE_DIRS)/usr/share/doc/$(PACKAGE)/RFC \
+		> /dev/null
+	gzip -9 $(PACKAGE_DIRS)/usr/share/doc/$(PACKAGE)/RFC
+	rm -rf $(PACKAGE_DIRS)/usr/share/doc/$(PACKAGE)/RFC.nroff.gz
 ifeq ($(PAMSUBST),yes)
 	# Clean up if we've done this already, to ensure idempotency.
 	if [ -f debian/ssh.pam.new-style ]; then \
@@ -151,8 +184,10 @@
 	dh_compress
 	dh_fixperms
 	dh_installdeb
-	test ! -e debian/tmp/etc/ssh/ssh_prng_cmds \
-	  || echo "/etc/ssh/ssh_prng_cmds" >> debian/tmp/DEBIAN/conffiles
+	for dir in $(PACKAGE_DIRS) ; do \
+		test ! -e "$$dir/etc/ssh/ssh_prng_cmds" \
+			|| echo "/etc/ssh/ssh_prng_cmds" >> "$$dir/DEBIAN/conffiles"; \
+	done
 	dh_shlibdeps
 	dh_gencontrol -- -V'debconf-depends=3Ddebconf (>=3D $(MINDEBCONFVER))' \
 	                 -V'pam-depends=3D$(PAMDEP)'

--UlsYxwg8UDQn+EKZ--

--gmhhrsDozM2n+uz5
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAlcaTYemOzxbZcMYRAi2tAJ4j9y2DY6CedJAf5lIaYndJKBTfagCggFpc
cUTEi3PeukG0+eSEKUD1InY=
=bvHX
-----END PGP SIGNATURE-----

--gmhhrsDozM2n+uz5--

Revision history for this message

Debian Bug Importer (debzilla) wrote on 2005-09-22:

#16

Message-ID: <email address hidden>
Date: Mon, 3 May 2004 09:17:28 +0100
From: Colin Watson <email address hidden>
To: Eric Dorland <email address hidden>, <email address hidden>
Cc: <email address hidden>
Subject: Re: Bug#240077: patch to build a ssh-opensc package

On Mon, May 03, 2004 at 12:12:03AM -0400, Eric Dorland wrote:
> And here's the patch. I basically kept the same rules file and just
> added some makefile magic to make it compile box versions of the
> packages. Let me know what you think/any problems.

It's unlikely to apply very well the first time when this can be looked
at, i.e. after sarge, since the client and server will be split out
then.

I have a general objection, though: consider N features in OpenSSH which
require extra libraries (there are a few filed as other bugs, IIRC). How
many packages am I supposed to build? N? 2^N? Dealing with configuration
files would be a total nightmare. And so on. As I said in my original
mail to you, "It would have to be a separate package, and I have
concerns about the maintainability of that approach."

I'd rather wait until we split out client and server, then build the
server with some extra features by default since the server will be in
optional rather than standard.

Thanks,

--
Colin Watson [<email address hidden>]

Revision history for this message

Debian Bug Importer (debzilla) wrote on 2005-09-22:

#17

Message-ID: <email address hidden>
Date: Mon, 3 May 2004 20:56:21 -0400
From: Eric Dorland <email address hidden>
To: Colin Watson <email address hidden>
Cc: Eric Dorland <email address hidden>, <email address hidden>,
<email address hidden>
Subject: Re: Bug#240077: patch to build a ssh-opensc package

--a8Wt8u1KmwUX3Y2C
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

* Colin Watson (<email address hidden>) wrote:
> On Mon, May 03, 2004 at 12:12:03AM -0400, Eric Dorland wrote:
> > And here's the patch. I basically kept the same rules file and just
> > added some makefile magic to make it compile box versions of the
> > packages. Let me know what you think/any problems.
>=20
> It's unlikely to apply very well the first time when this can be looked
> at, i.e. after sarge, since the client and server will be split out
> then.

No problem, I can redo the patch then, but lets keep it around for
reference.=20

> I have a general objection, though: consider N features in OpenSSH which
> require extra libraries (there are a few filed as other bugs, IIRC). How
> many packages am I supposed to build? N? 2^N? Dealing with configuration
> files would be a total nightmare. And so on. As I said in my original
> mail to you, "It would have to be a separate package, and I have
> concerns about the maintainability of that approach."

I understand that point of view, but I also would love to see this
functionality in ssh (and I'm sure others have features they'd like to
see). Would you be amenable to doing something similar to the exim4
maintainers -heavy and -light packages? This way you only need C=3D2
packages :)

I'm not sure what you mean by dealing with the configuration files,
but I don't think the opensc support adds any addition configuration
options...
=20
> I'd rather wait until we split out client and server, then build the
> server with some extra features by default since the server will be in
> optional rather than standard.

Well the opensc library would affect the client, not the server
(actually it may be used on the server as well, I'm not sure...), so
it wouldn't be used in the server.=20

--=20
Eric Dorland <email address hidden>
ICQ: #61138586, Jabber: <email address hidden>
1024D/16D970C6 097C 4861 9934 27A0 8E1C 2B0A 61E9 8ECF 16D9 70C6

-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS d- s++: a-- C+++ UL+++ P++ L++ E++ W++ N+ o K- w+=20
O? M++ V-- PS+ PE Y+ PGP++ t++ 5++ X+ R tv++ b+++ DI+ D+=20
G e h! r- y+=20
------END GEEK CODE BLOCK------

--a8Wt8u1KmwUX3Y2C
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAluo0YemOzxbZcMYRApbXAKCjwb7rJ9jwuk5ougmSkp8qvsp0IQCffy8J
OkyoGQfP+fA5n5Jbkcgw4yE=
=do8r
-----END PGP SIGNATURE-----

--a8Wt8u1KmwUX3Y2C--

Message-ID: <20040504005620.GA3493@nightcrawler.kuroneko.lan>
Date: Mon, 3 May 2004 20:56:21 -0400
From: Eric Dorland <eric@debian.org>
To: Colin Watson <cjwatson@debian.org>
Cc: Eric Dorland <eric@debian.org>, 240077@bugs.debian.org,
	231472@bugs.debian.org
Subject: Re: Bug#240077: patch to build a ssh-opensc package

--a8Wt8u1KmwUX3Y2C
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

* Colin Watson (cjwatson@debian.org) wrote:
> On Mon, May 03, 2004 at 12:12:03AM -0400, Eric Dorland wrote:
> > And here's the patch. I basically kept the same rules file and just
> > added some makefile magic to make it compile box versions of the
> > packages. Let me know what you think/any problems.
>=20
> It's unlikely to apply very well the first time when this can be looked
> at, i.e. after sarge, since the client and server will be split out
> then.