Vagrant Cascadian

Apologies, I'm not likely to come up with fixes for those issues; I do get the impression they are actual bugs. Regarding overriding CFLAGS/LDFLAGS, ok, I guess you can override...

This would be nice to add, as it simplifies the debian packaging considerably, and correctly supports hardening build flags passed via CFLAGS, CPPFLAGS and LDFLAGS.

The bug in debian is https://bugs.debian.org/1020087 also has the reported log failures from guile-ssh 0.13.x, if that is helpful.

I can also confirm that updating libssh to 0.10.4 and guile-ssh 0.16.0 on Guix also triggers the same issue, so it is not specific to Debian.

Maybe this change with RSA key sizes: https://salsa.debian.org/debian/libssh/-/blob/debian/CHANGELOG#L26 And DSA key support was disabled by default: https://salsa.debian.org/debian/libssh/-/blob/debian/CHANGELOG#L37 Could be part of the issue.

Looks like tests/key.scm "string->public-key, ECDSA" is failing, and I found this error log which might be relevant: ==> tests/key/private-key-to-file-libssh.log

@marcprux hit a lot of important points, thanks! The problem of doing something "bit-for-bit identical except for ..." presents pragmatic challenges. - more complicated verification process becomes a software development...

> While I understand the desire for reproducible builds, in case such as Java where timestamps are introduced in to the zip-file archives (.jar, .war, and .ear files for those...

Another proof-of-concept patch that allows tests/keys.scm to build successfully with libssh 0.10.x [tests-key-libssh-version-check.diff.txt](https://github.com/artyom-poptsov/guile-ssh/files/10149748/tests-key-libssh-version-check.diff.txt) Obviously it should be adapted to also support libssh 0.9.x, or maybe > 0.9.x ...

I can confirm that building with a libssh 0.10.x built with -DWITH_DSA=on allows the tests/server.scm to pass without patches.