[Discuss] [Gt-eos] GSI-OpenSSH Packages for Ubuntu

Mischa Salle msalle at nikhef.nl
Thu Jul 4 11:57:27 CEST 2019 

On Thu, Jul 04, 2019 at 09:07:45AM +0200, Frank Scheiner wrote:
> On 7/3/19 21:55, Mischa Salle wrote:
> > On Wed, Jul 03, 2019 at 03:17:49PM +0200, Frank Scheiner wrote:
> > > On 7/2/19 13:23, Mischa Salle wrote:
> > > Would be nice to have, but I'm not sure about how much additional work that
> > > is. Mattias would have to maintain an additional patch (set) for each
> > > actively maintained Debian version (i.e. at least Sid, stable and
> > > oldstable), as the patch (set) for Fedora is much smaller than the regular
> > > one as they already integrate part of its functionality in their regular
> > > OpenSSH - IIRC.
> > 
> > Not sure I fully understand. We have a set of patches and debian sources
> > in the gct tree. Building those would use a specific version of openssh,
> > not per se matching the OS native version, but that's not such a
> > problem. Hence building it against different releases of Debian and
> > Ubuntu shouldn't be that much problem or am I missing something?
> 
> Debian uses different versions of OpenSSH in different versions of Debian:
> 
> 
> * Jessie (oldstable) - OpenSSH 6.7p1
> * Stretch (stable) - OpenSSH 7.4p1
> * Sid (unstable) - OpenSSH 7.9p1 => will also be in Buster (testing)
> 
> ...taken from [1].
> 
> [1]: https://packages.debian.org/search?suite=all&searchon=names&keywords=openssh-server
> 
> I don't expect that our current patch set (for 7.5p1) applies to these
> OpenSSH versions without further modification - but I can be wrong.
> 
> UPDATE: Ok, I think I understand what you mean. Though I'm not sure if
> that's so easy:
> 
> Don't different Debian versions incl. Ubuntu versions link their OpenSSH to
> different versions of its dependencies? How do we know if our version will
> always work correctly with the respective dependency on a specific version
> of Debian or Ubuntu?

If we build it against a certain Debian version, I don't see a reason
why it won't work for that Debian version? It's just a different binary
from the OS-openssh. and we have basically nothing to do with the
OS openssh.

> And what version of OpenSSH should we use, is the one in the GCT tree
> (7.5p1) still supported? I don't think so, so we would need to get or
> backport fixes from a 7.5p1 package that's still maintained somewhere.
That is indeed an issue, but not different from what we do for Fedora.
I'd suggest to use the newest upstream version for which we have a
patch-set, and compile that for the different Debians and Ubuntus we
think are useful.

Cheers,
Mischa

-- 
Nikhef                      Room  H155
Science Park 105            Tel.  +31-20-592 5102
1098 XG Amsterdam           Fax   +31-20-592 5155
The Netherlands             Email msalle at nikhef.nl
  __ .. ... _._. .... ._  ... ._ ._.. ._.. .._..
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4521 bytes
Desc: not available
URL: <http://mailman.egi.eu/pipermail/discuss/attachments/20190704/da6f84c8/attachment-0001.p7s>

More information about the discuss mailing list