GNU bug report logs - #77154
[PATCH 0/1] Update libssh2 and change crypto backend

Previous Next

Package: guix-patches;

Reported by: Christoph Buck <dev <at> icepic.de>

Date: Fri, 21 Mar 2025 15:29:02 UTC

Severity: normal

Tags: moreinfo, patch

Full log

Message #31 received at control <at> debbugs.gnu.org (full text, mbox):

From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
To: Christoph Buck <dev <at> icepic.de>
Cc: GNU Debbugs <control <at> debbugs.gnu.org>, 77154 <at> debbugs.gnu.org
Subject: Re: [bug#77154] [PATCH v3 2/2] gnu: libssh2: Change crypto backend
 to openssl
Date: Wed, 23 Apr 2025 11:39:02 +0900

tag 77154 + moreinfo
quit

Hi,

Christoph Buck <dev <at> icepic.de> writes:

> * gnu/packages/ssh.scm (libssh2): Change crypto backend to openssl
> [arguments]: Replace libgcrypt with openssl
> [propagated-inputs]: Replace libgcrypt with openssl
>
> Change crypto backend to openssl to support ed25519 hostkeys.
>
> Change-Id: I7603149d6e3a3c251bdc6c3238769a63b6a04d26
> ---
>  gnu/packages/ssh.scm | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm
> index 66d9656caf..9a6f79bb30 100644
> --- a/gnu/packages/ssh.scm
> +++ b/gnu/packages/ssh.scm
> @@ -193,9 +193,9 @@ (define-public libssh2
>     (build-system gnu-build-system)
>     ;; The installed libssh2.pc file does not include paths to libgcrypt and
>     ;; zlib libraries, so we need to propagate the inputs.
> -   (propagated-inputs (list libgcrypt zlib))
> +   (propagated-inputs (list openssl zlib))
>     (arguments
> -    (list #:configure-flags #~'("--with-libgcrypt"
> +    (list #:configure-flags #~'("--with-crypto=openssl"
>                                  "--disable-static"
>                                  "--disable-docker-tests" )))
>     (synopsis "Client-side C library implementing the SSH2 protocol")

I believe this series may be obsolete; libgcrypt 1.11 (already packaged
in Guix) appears to come with ed25519 support.  The release notes
https://lists.gnu.org/archive/html/info-gnu/2024-06/msg00004.html
mention for example:

GCRY_KEM_RAW_X25519                   NEW kem algo.
GCRY_KEM_DHKEM25519                   NEW kem algo.

introduced since libgcrypt 1.10.

Is the original issue resolved?  It seems that there is some support for
elliptic curve crypto using libgcrypt in libssh2 already, according to
[0].

[0]  https://github.com/libssh2/libssh2/discussions/1255

Could you please report the exact issue you are having when using
libgcrypt?

-- 
Thanks,
Maxim
This bug report was last modified 50 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.