[SRU] 50-motd-news costs 5 seconds every login on firewalled systems

I've adjusted the bug description to match my understanding of the actual problem.

AIUI this does not happen on a disconnected system; if motd.ubuntu.com cannot resolve or returns ECONNREFUSED or EHOSTUNREACH, there should be no 5-second delay. The error only happens on a system which has routes, but has a firewall that drops packets instead of responding to the request. (Or when motd.u.c is actually down.)

So, what you appear to be describing here is a deliberate design tradeoff. Unless you are recommending a different timeout (if so, what value?) or asking for this to be disabled altogether (in which case I will refer you to Dustin), I think the only solution here is for your lab to have suitable firewall+proxy settings.

Steve,
It should not be a requirement to have connectivity to motd.ubuntu.com to have quick login.
Its quite common to have ingress networking like we see in our labs.

I suggest the fix would be better to background the download and to atomically move it the content into place. Then the reader would just display it if it were present.

Then,
 a.) pure failure to reach (ECONNREFUSED or EHOSTUNREACH) would simply show no data in motd.
 b.) hang would be gone and would simply not have data in the motd
 c.) fast success would be shown on this login
 d.) slower success would be shown on next login (possibly stale, which is always going to be a possibility)

For reference, 2 ways to disable this:
a.) disable motd entirely
sudo sed -i '/^[^#].*pam_motd/s/^/#/' /etc/pam.d/sshd

b.) disable 50-motd-news
sudo chmod -x /etc/update-motd.d/50-motd-news

You can also edit /etc/default/motd-news and:

 a) set ENABLED=0

 b) changed the URL to a custom one that does resolve or work for you

 c) change the time to wait

By design, the cache file, /var/cache/motd-news, should be populated in the background by a systemd timer that runs roughly once a day.

If that file is populated, then there should be zero impact on login.

Perhaps the background cache population should create an empty file, if it can't reach the $URL?

suggested fix is
 http://paste.ubuntu.com/24964373/

16:03 <rbasak> kirkland: ^ what happens on first login? That'll still be delayed, right? So the bug is being reduced in scope, but not being fixed entirely?

16:03 <rbasak> If the first login is before the timer has run for the first time, that is, which seems likely.

16:04 <kirkland> rbasak: true

16:04 <kirkland> rbasak: that's an easy fix, though, just one more line to add

16:05 <kirkland> rbasak: would you like me to fix that?

16:05 <kirkland> I think it would be a good idea, yeah

16:05 <rbasak> kirkland: yes please. Probably better for the SRU process to do it fewer times :)

This bug was fixed in the package base-files - 9.6ubuntu101

---------------
base-files (9.6ubuntu101) artful; urgency=medium

  * update-motd.d/50-news: Fix LP: #1691901
    - when the curl fails (perhaps due to a firewall issue), we should
      create an empty cache file, so that subsequent runs are not
      penalized; ensure that we *only* print when we're not forced

 -- Dustin Kirkland <email address hidden> Thu, 29 Jun 2017 10:35:06 -0500

Hello Scott, or anyone else affected,

Accepted base-files into zesty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/base-files/9.6ubuntu13.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-zesty to verification-done-zesty.If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-zesty. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

The fix for this bug has been awaiting testing feedback in the -proposed repository for zesty for more than 90 days. Please test this fix and update the bug appropriately with the results. In the event that the fix for this bug is still not verified 15 days from now, the package will be removed from the -proposed repository.

I've run through the test case as described, and confirm that this takes care of the login delay problem.

The verification of the Stable Release Update for base-files has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

This bug was fixed in the package base-files - 9.6ubuntu13.1

---------------
base-files (9.6ubuntu13.1) zesty-proposed; urgency=medium

  * update-motd.d/50-news: Fix LP: #1691901
    - when the curl fails (perhaps due to a firewall issue), we should
      create an empty cache file, so that subsequent runs are not
      penalized; ensure that we *only* print when we're not forced

 -- Dustin Kirkland <email address hidden> Thu, 29 Jun 2017 09:22:56 -0500