group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #34611
[Bug 1861909] Re: Please ship ec2-instance-connect.conf instead of creating it in postinst
This bug was fixed in the package ec2-instance-connect -
1.1.12+dfsg1-0ubuntu3~18.04.0
---------------
ec2-instance-connect (1.1.12+dfsg1-0ubuntu3~18.04.0) bionic; urgency=medium
* Rebuild for Bionic
ec2-instance-connect (1.1.12+dfsg1-0ubuntu3) focal; urgency=medium
* debian/preinst: Don't remove ec2-instance-connect.conf manually on upgrade
* debian/prerm: Drop obsolete file
ec2-instance-connect (1.1.12+dfsg1-0ubuntu2) focal; urgency=medium
* Ship ssh.service drop-in instead of handling placement in maintainer scripts
(LP: #1861909)
ec2-instance-connect (1.1.12+dfsg1-0ubuntu1) focal; urgency=medium
[ Balint Reczey ]
* New upstream version 1.1.11:
- Removing errant write to /tmp
- Cleaning up bad bash practices, including umask race condition
- Fix for an update to openssl (or dependencies) affecting behavior
of CApath option on openssl verify
- Fixing Nitro behavior of hostkey harvesting
- Adding additional licensing headers
* New upstream version 1.1.12 (LP: #1860142):
- Adding support for Instance Metadata Service Version 2
- Modifying cURL invocation to avoid need for eval
- Cleaning up shellcheck catches
* debian/install: Adjust for new upstream source layout
* Suppress systemctl messages and ignore error in maintainer scripts
* Bump compat level to 10
[ LordAlfredo ]
* Rely on debhelper to enable and start systemd service
-- Balint Reczey <rbalint@xxxxxxxxxx> Mon, 10 Feb 2020 21:26:44 +0100
** Changed in: ec2-instance-connect (Ubuntu Bionic)
Status: Fix Committed => Fix Released
** Changed in: ec2-instance-connect (Ubuntu Xenial)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1861909
Title:
Please ship ec2-instance-connect.conf instead of creating it in
postinst
Status in ec2-instance-connect package in Ubuntu:
Fix Released
Status in ec2-instance-connect source package in Xenial:
Fix Released
Status in ec2-instance-connect source package in Bionic:
Fix Released
Status in ec2-instance-connect source package in Eoan:
Fix Released
Bug description:
[Impact]
* The ssh.service drop-in is placed and removed in maintainer scripts
based on the current ssh configuration checks which are incomplete.
The drop-in is also not owned by the package.
[Test Case]
* Install the fixed package. The drop-in should be listed among the package's files:
$ dpkg -L ec2-instance-connect
...
/lib/systemd/system/ssh.service.d/ec2-instance-connect.conf
...
* Upgrade package from previous version. The drop-in should replace
the old one.
* Change /etc/ssh/sshd_config to set AuthorizedKeysCommand
Install the fixed package. A warning should appear and sshd should not be restarted by the package's maintainer scripts.
[Regression Potential]
* The change is made to make installation and upgrades more reliable. The test cases check package installs and upgrades where regressions could happen due to implementation mistakes.
* The unfixed version of the package did not place the drop-in when it detected setting AuthorizedKeysCommand in sshd_conf, while the fixed version installs the drop-in, just does not restart the ssh service. This can block users from logging in via ssh if only the sshd_conf's AuthorizedKeysCommand configuration enabled their login and the ssh service got restarted after installing/upgrading ec2-instance-connect.
This is a known change in behavior and is mitigated by showing a warning when this potentially problematic configuration is detected. It is also worth noting that in case the drop-in overrides the configuration in sshd_conf it is still possible to log in via EC2 Instance Connect, the login method the package enables.
[Other Info]
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ec2-instance-connect/+bug/1861909/+subscriptions
