Re: [gentoo-dev] openssh sftplogging patch

Re: [gentoo-dev] openssh sftplogging patch

[Rumi Szabolcs]

Hi,

On Sun, 13 May 2007 22:16:35 +0000
bugzilla-daemon@gentoo.org wrote:

> Clear-Text: http://bugs.gentoo.org/show_bug.cgi?id=178302
>
>------- Comment #1 from vapier@gentoo.org  2007-05-13 22:16 0000 -------
> hey look i provided an answer there as well:
> http://article.gmane.org/gmane.linux.gentoo.devel/44313

Even back then I didn't really know how to interpret that:

"no, get it upgraded upstream"

You mean I should get the OpenSSH people to integrate the
chmod/chown/umask functionality into their mainline sources?

It took them several years to get the logging part integrated,
and they probably have seen the sftplogging patch, did know
that there is that chmod/chown/umask functionality, and they
haven't integrated that for some (to me, unimaginable) reason.
What do you think how long it would take for me or anybody
else to convince them to integrate that as well?

I'm running an sftp fileserver which can only be secured by
using that functionality so I could not upgrade the OpenSSH
on that server for about a year now since the sftplogging
patch has been removed from the ebuild. Do you really think
that we, who are using that functionality, want to wait some
more years for the OpenSSH people to integrate the another
half of the functionality of that patch?

Shouldn't it be done so that you don't just ditch a function
set that is heavily used and depended on by several people
until the upstream folks don't fully integrate it?

I really don't understand the way you're thinking.
Maybe I'm wrong, maybe I'm stupid, please enlighten me!

Thanks,

Sab
-- 
gentoo-dev@gentoo.org mailing list

[gentoo-dev] openssh sftplogging patch

[Rumi Szabolcs]

Hi!

Recently I have noticed that the openssh-4.4p1 ebuild lists the sftplogging
use flag as deprecated (4.3 does have it). I found no mention of this being
removed for any reason in the ChangeLog. Could anybody please tell what
happened?

Thanks!

Regards,

Sab
-- 
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] openssh sftplogging patch

[Mike Frysinger]

On Sunday 12 November 2006 11:38, Rumi Szabolcs wrote:
> Could anybody please tell what happened?

it's been integrated upstream so there's no point in having a patch anymore
-mike
-- 
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] openssh sftplogging patch

[Rumi Szabolcs]

On Sun, 12 Nov 2006 23:11:09 -0500
Mike Frysinger <vapier@gentoo.org> wrote:

> On Sunday 12 November 2006 11:38, Rumi Szabolcs wrote:
> > Could anybody please tell what happened?
> 
> it's been integrated upstream so there's no point in having a patch anymore
> -mike

Shouldn't this be mentioned in the ChangeLog somewhere?

This is the 4.4p1 ebuild we are talking about and I could not find
too much of a difference between the patches against 4.3 and 4.4:

http://sftplogging.sourceforge.net/download/v1.5/openssh-4.4p1.sftplogging-v1.5.patch

To me this doesn't look like as if it would have been integrated...

Thanks!

Sab
-- 
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] openssh sftplogging patch

[Wolfram Schlich]

* Rumi Szabolcs <rumi_ml@rtfm.hu> [2006-11-13 09:15]:
> On Sun, 12 Nov 2006 23:11:09 -0500
> Mike Frysinger <vapier@gentoo.org> wrote:
> 
> > On Sunday 12 November 2006 11:38, Rumi Szabolcs wrote:
> > > Could anybody please tell what happened?
> > 
> > it's been integrated upstream so there's no point in having a patch anymore
> > -mike
> 
> Shouldn't this be mentioned in the ChangeLog somewhere?

In what ChangeLog, the portage package ChangeLog?
Yeah, I also had to look at the OpenSSH ChangeLog to find out that
SFTP logging has been added as a new feature.

> This is the 4.4p1 ebuild we are talking about and I could not find
> too much of a difference between the patches against 4.3 and 4.4:
> 
> http://sftplogging.sourceforge.net/download/v1.5/openssh-4.4p1.sftplogging-v1.5.patch
> 
> To me this doesn't look like as if it would have been integrated...

The sftp-server(8) binary has new command line options that influence
SFTP logging:

	-f log_facility
	-l log_level

The sftplogging also contains functionality to control umask and permit
chmod and chgrp, which the upstream sftp-server does not provide.
-- 
Wolfram Schlich
-- 
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] openssh sftplogging patch

[Rumi Szabolcs]

On Mon, 13 Nov 2006 13:15:46 +0100
Wolfram Schlich <lists@wolfram.schlich.org> wrote:

> In what ChangeLog, the portage package ChangeLog?
> Yeah, I also had to look at the OpenSSH ChangeLog to find out that
> SFTP logging has been added as a new feature.

Yep, of course I meant the openssh package ChangeLog in portage
which IMHO should contain a word about why a USE flag has been
removed.

> > To me this doesn't look like as if it would have been integrated...
> 
> The sftp-server(8) binary has new command line options that influence
> SFTP logging:
> 
> 	-f log_facility
> 	-l log_level
> 
> The sftplogging also contains functionality to control umask and permit
> chmod and chgrp, which the upstream sftp-server does not provide.

Hmm... do I understand correctly that the sftplogging patch has not
been integrated but only a part of it's functions has been implemented
in a different way than it is in the patch?

Well, the syslog logging is useful but those settings about umask and
chmod/chgrp are essential in managing an sftp-based file repository with
multiuser access which is a great alternative to cleartext FTP access.
Using the settings the sftplogging patch provides I can set up an sftp
server in a usable and secure way which would otherwise be impossible.

So here is a big PLEASE to keep/put back the sftplogging patch and
the use flag in the openssh ebuild!

Thanks!

Best regards,

Sab
-- 
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] openssh sftplogging patch

[Mike Frysinger]

[-- Attachment #1: Type: text/plain, Size: 199 bytes --]

On Tuesday 14 November 2006 01:40, Rumi Szabolcs wrote:
> So here is a big PLEASE to keep/put back the sftplogging patch and
> the use flag in the openssh ebuild!

no, get it upgraded upstream
-mike

[-- Attachment #2: Type: application/pgp-signature, Size: 827 bytes --]

Re: [gentoo-dev] openssh sftplogging patch

[Rumi Szabolcs]

On Tue, 14 Nov 2006 03:26:23 -0500
Mike Frysinger <vapier@gentoo.org> wrote:

> On Tuesday 14 November 2006 01:40, Rumi Szabolcs wrote:
> > So here is a big PLEASE to keep/put back the sftplogging patch and
> > the use flag in the openssh ebuild!
> 
> no, get it upgraded upstream
> -mike

As I pointed out previously, the sftp logging functionality
which has been integrated into the mainline openssh package
is NOT the same as that of the sftplogging patch. In fact it
is missing very important things!

Michael Martinez has created a new patch against the recent
openssh packages which adds the part of the sftplogging
functionality that is still missing from upstream. All this
is very important if you are going to run a file repository
that is made available by sftp.

Please take a look and please add it to the openssh ebuild:

http://sftpfilecontrol.sourceforge.net/

Thank you!

Best regards,

Sab
-- 
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] openssh sftplogging patch

[Wolfram Schlich]

* Rumi Szabolcs <rumi_ml@rtfm.hu> [2006-11-14 07:42]:
> On Mon, 13 Nov 2006 13:15:46 +0100
> Wolfram Schlich <lists@wolfram.schlich.org> wrote:
> 
> > In what ChangeLog, the portage package ChangeLog?
> > Yeah, I also had to look at the OpenSSH ChangeLog to find out that
> > SFTP logging has been added as a new feature.
> 
> Yep, of course I meant the openssh package ChangeLog in portage
> which IMHO should contain a word about why a USE flag has been
> removed.

Ok. Well, I don't know of any "standard procedure" to notify
the user of a reason for a USE flag removal... :(

> > > To me this doesn't look like as if it would have been integrated...
> > 
> > The sftp-server(8) binary has new command line options that influence
> > SFTP logging:
> > 
> > 	-f log_facility
> > 	-l log_level
> > 
> > The sftplogging also contains functionality to control umask and permit
> > chmod and chgrp, which the upstream sftp-server does not provide.
> 
> Hmm... do I understand correctly that the sftplogging patch has not
> been integrated but only a part of it's functions has been implemented
> in a different way than it is in the patch?

Yes. 

> Well, the syslog logging is useful but those settings about umask and
> chmod/chgrp are essential in managing an sftp-based file repository with
> multiuser access which is a great alternative to cleartext FTP access.
> Using the settings the sftplogging patch provides I can set up an sftp
> server in a usable and secure way which would otherwise be impossible.
> 
> So here is a big PLEASE to keep/put back the sftplogging patch and
> the use flag in the openssh ebuild!

Well, the patch was called "sftplogging". umask+chmod/chgrp has
absolutely *nothing* to do with "SFTP logging".
I believe this code was misplaced in a patch called "sftplogging".

So, I see it in a similar way as vapier does:
Get the OpenSSH developers to include such functionality -OR-
produce a patch that doesn't touch upstream SFTP logging but
just adds umask+chmod/chgrp control features, maybe we can
think about adding such a small patch as long as upstream does
not provide such features. Just an idea.
-- 
Regards,
Wolfram Schlich <wschlich@gentoo.org>
Gentoo Linux * http://dev.gentoo.org/~wschlich/
-- 
gentoo-dev@gentoo.org mailing list