Please ship ec2-instance-connect.conf instead of creating it in postinst
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ec2-instance-connect (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Xenial |
Fix Released
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Undecided
|
Unassigned | ||
Eoan |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[Impact]
* The ssh.service drop-in is placed and removed in maintainer scripts based on the current ssh configuration checks which are incomplete. The drop-in is also not owned by the package.
[Test Case]
* Install the fixed package. The drop-in should be listed among the package's files:
$ dpkg -L ec2-instance-
...
/lib/systemd/
...
* Upgrade package from previous version. The drop-in should replace the old one.
* Change /etc/ssh/
Install the fixed package. A warning should appear and sshd should not be restarted by the package's maintainer scripts.
[Regression Potential]
* The change is made to make installation and upgrades more reliable. The test cases check package installs and upgrades where regressions could happen due to implementation mistakes.
* The unfixed version of the package did not place the drop-in when it detected setting AuthorizedKeysC
This is a known change in behavior and is mitigated by showing a warning when this potentially problematic configuration is detected. It is also worth noting that in case the drop-in overrides the configuration in sshd_conf it is still possible to log in via EC2 Instance Connect, the login method the package enables.
[Other Info]
description: | updated |
This bug was fixed in the package ec2-instance- connect - 1.1.12+ dfsg1-0ubuntu2
--------------- connect (1.1.12+ dfsg1-0ubuntu2) focal; urgency=medium
ec2-instance-
* Ship ssh.service drop-in instead of handling placement in maintainer scripts
(LP: #1861909)
-- Balint Reczey <email address hidden> Tue, 04 Feb 2020 18:39:50 +0100