stokito
commented
6 months ago The Debian susyemd service has only a few dirrerences:
It has:
Documentation=man:sslh(8) It uses EnvironmentFile=/etc/default/sslh instead of /etc/conf.d/sslh.
In Debian almost all configs are located in the /etc/default/ but the /etc/conf.d/ folder maybe a default in other distros like in Gentoo https://wiki.gentoo.org/wiki//etc/conf.d
On the RedHat is also used the /etc/default. So let's change it too here.
It has an additional CAP_SETGID CAP_SETUID which is not needed anymore we set a user on the SystemD unit file https://salsa.debian.org/debian/sslh/-/merge_requests/2/diffs?commit_id=02703eebaf9c1089447ccaa0828c69ee3a5e773d.
So basically not so many changes needed in the service file.
yrutschle
ftasnetamot
@stokito makes good points:
It turned out that the Ubuntu just republish the package from Debian. It contains some patches that maybe you can grab to here https://salsa.debian.org/debian/sslh/-/tree/master/debian/patches?ref_type=heads
I created a PR to the
debian/defaultfile to replace the--sslhttps://salsa.debian.org/debian/sslh/-/merge_requests/2The Debian package is maintained by @dondelelcaro (don@debian.org Debian IRC: dondelelcaro)
Maybe you guys can collaborate closer? Maybe you @yrutschle can also become a maintainer of own package. And grab the
debianfolder into the repo and then @dondelelcaro can make direct commits into the folder. With .github/CODEOWNERS you can grant a commit access to a specific folder.As you see, for me this was tricky to understand to whom and where to report and fix the problem. The idea that configuration file
/etc/default/sslhis not here but in Debian salsa Gitlab repo makes me sad. First of all you as an author didn't know that that config use the deprecated-ssl. If the file will be here then you will easily found this yourself.Also I believe that other distros (e.g. Arch, AlmaLinux) may have exactly same config file but with different content that may add a confusion for users who need to use different instructions. That also means that those distros may have a similar bug and use the
--ssl.I just checked my OpenWrt router and it uses the
--tlseverywhere, 👍Generally speaking, I would ask you to un-deprecate the option in v2 ether. For me it looks like not a big deal but many howtos and vidoe tutorials may use the
-ssl. This product is used in sensitive situations when users trying to unlock restrictions and they may not have a good instruction. Many of them are non English speakers. You won't rename the sslh to tlsh, right? 😉P.S. some bugs are reported in Ubuntu bug tracker that may be interesting for you (one was mine): https://bugs.launchpad.net/ubuntu/+source/sslh
Originally posted by @stokito in https://github.com/yrutschle/sslh/issues/416#issuecomment-1861669433