[Buildroot] [PATCH] added package sftpserver
Kiril Maler
kiril.maler at gmail.com
Mon Jun 4 07:26:39 UTC 2012
> Date: Fri, 1 Jun 2012 16:57:41 +0200
> From: Thomas Petazzoni <thomas.petazzoni at free-electrons.com>
> To: buildroot at busybox.net
> Subject: Re: [Buildroot] [PATCH] added package sftpserver
> Message-ID: <20120601165741.04be3924 at skate>
> Content-Type: text/plain; charset=UTF-8
>
> Hello,
>
> Le Fri, 1 Jun 2012 16:35:31 +0200,
> Kiril Maler <kiril.maler at gmail.com> a ?crit :
>
>> +++ b/package/sftpserver/Config.in
>> @@ -0,0 +1,14 @@
>> +config BR2_PACKAGE_SFTPSERVER
>> + bool "sftpserver"
>> + depends on BR2_PACKAGE_DROPBEAR
>> + select BR2_PACKAGE_ZLIB
>> + help
>> + sftp-server only from openssh suite. It allows mounting
>> + the rootfs of embedded board through sshfs, for example
>> + sshfs root at 192.168.2.1:/ /mnt/board-rootfs
>> +
>> + Unmount with 'fusermount -u -z /mnt/board-rootfs'
>
>> +OPENSSH_VERSION = 5.9p1
>> +SFTPSERVER_SITE = http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable
>> +SFTPSERVER_SOURCE=openssh-$(OPENSSH_VERSION).tar.gz
>> +SFTPSERVER_VERSION=openssh-$(OPENSSH_VERSION)
>
> We already have a package for openssh. Since this is also using the
> same source tarball, I think it should rather be integrated as options
> to the openssh package.
>
> Regards,
>
> Thomas
> --
Hello,
I see three main reasons for not adding sftpserver as option in openssh package:
1. It is more intuitive for a developer configuring a small embedded
system to see
the sftp-server under dropbear ssh suite:
...
[ ] dnsmasq
[*] dropbear
[*] disable reverse DNS lookups
[*] optimize for size
[ ] log dropbear access to wtmp
[ ] log dropbear access to lastlog
[*] sftpserver <--------------- ~50k single binary,
no libs/dependencies
[ ] ebtables
[ ] ethtool
...
2. My patch changes the openssh source code in such a way, that it
becomes completely incompatible
with openssh - openssl+libcrypt are not compiled/required, a openssl
.h file is faked with symbol link,
the only TARGET left in Makefille.in is sftp-server, etc subtle fixes.
Extracting a binary from openssh without pulling 10's of *.h files
and openssl+libcrypt+cyphers is like pulling a tooth ...
That is why the package is compiled in own directory
.../output/sftpserver-openssh-5.9p1/
3. I do not see an easy way to apply one patch, but ignore another in buildroot.
If I add my patch in packages/openssh, then a person compiling openssh
will get only sftp-server,
because of changed Configure.ac/Makefile.in rules.
Thomas, probably it is possible to build only sftp-server from openssh
by doing deep changes
in Confgiure.ac, and adding a flag --sftp-server-only or something
similar, but I am not so familiar
with 'autotools' to do this, and I do not see any added value from
such an exercise.
I see one (possible) reason to add sftp-server as part of openssh
configuration and directory -
if in the future there is any security patch, concerning also
sftp-server source code file,
then the security fix patch must be added in .../packages/openssh
only. Most probably this will be fixed by
moving to next openssh version.
Best regards,
Kiril
More information about the buildroot
mailing list