← Back to team overview

group.of.nepali.translators team mailing list archive

[Bug 1861909] Re: Please ship ec2-instance-connect.conf instead of creating it in postinst

 

This bug was fixed in the package ec2-instance-connect -
1.1.12+dfsg1-0ubuntu3~18.04.0

---------------
ec2-instance-connect (1.1.12+dfsg1-0ubuntu3~18.04.0) bionic; urgency=medium

  * Rebuild for Bionic

ec2-instance-connect (1.1.12+dfsg1-0ubuntu3) focal; urgency=medium

  * debian/preinst: Don't remove ec2-instance-connect.conf manually on upgrade
  * debian/prerm: Drop obsolete file

ec2-instance-connect (1.1.12+dfsg1-0ubuntu2) focal; urgency=medium

  * Ship ssh.service drop-in instead of handling placement in maintainer scripts
    (LP: #1861909)

ec2-instance-connect (1.1.12+dfsg1-0ubuntu1) focal; urgency=medium

  [ Balint Reczey ]
  * New upstream version 1.1.11:
    - Removing errant write to /tmp
    - Cleaning up bad bash practices, including umask race condition
    - Fix for an update to openssl (or dependencies) affecting behavior
      of CApath option on openssl verify
    - Fixing Nitro behavior of hostkey harvesting
    - Adding additional licensing headers
  * New upstream version 1.1.12 (LP: #1860142):
    - Adding support for Instance Metadata Service Version 2
    - Modifying cURL invocation to avoid need for eval
    - Cleaning up shellcheck catches
  * debian/install: Adjust for new upstream source layout
  * Suppress systemctl messages and ignore error in maintainer scripts
  * Bump compat level to 10

  [ LordAlfredo ]
  * Rely on debhelper to enable and start systemd service

 -- Balint Reczey <rbalint@xxxxxxxxxx>  Mon, 10 Feb 2020 21:26:44 +0100

** Changed in: ec2-instance-connect (Ubuntu Bionic)
       Status: Fix Committed => Fix Released

** Changed in: ec2-instance-connect (Ubuntu Xenial)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1861909

Title:
  Please ship ec2-instance-connect.conf instead of creating it in
  postinst

Status in ec2-instance-connect package in Ubuntu:
  Fix Released
Status in ec2-instance-connect source package in Xenial:
  Fix Released
Status in ec2-instance-connect source package in Bionic:
  Fix Released
Status in ec2-instance-connect source package in Eoan:
  Fix Released

Bug description:
  [Impact]

   * The ssh.service drop-in is placed and removed in maintainer scripts
  based on the current ssh configuration checks which are incomplete.
  The drop-in is also not owned by the package.

  [Test Case]

   * Install the fixed package. The drop-in should be listed among the package's files:
  $ dpkg -L ec2-instance-connect 
  ...
  /lib/systemd/system/ssh.service.d/ec2-instance-connect.conf
  ...

  * Upgrade package from previous version. The drop-in should replace
  the old one.

  * Change /etc/ssh/sshd_config to set AuthorizedKeysCommand
    Install the fixed package. A warning should appear and sshd should not be restarted by the package's maintainer scripts.

  [Regression Potential]

  * The change is made to make installation and upgrades more reliable. The test cases check package installs and upgrades where regressions could happen due to implementation mistakes.
  * The unfixed version of the package did not place the drop-in when it detected setting AuthorizedKeysCommand in sshd_conf, while the fixed version installs the drop-in, just does not restart the ssh service. This can block users from logging in via ssh if only the sshd_conf's AuthorizedKeysCommand configuration enabled their login and the ssh service got restarted after installing/upgrading ec2-instance-connect.
  This is a known change in behavior and is mitigated by showing a warning when this potentially problematic configuration is detected. It is also worth noting that in case the drop-in overrides the configuration in sshd_conf it is still possible to log in via EC2 Instance Connect, the login method the package enables.

  [Other Info]

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ec2-instance-connect/+bug/1861909/+subscriptions