Backport IMDSv2 support && do nothing if ODH is configured
Bug #2043739 reported by
Mitchell Dzurick
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
hibagent (Ubuntu) |
Fix Released
|
Undecided
|
Mitchell Dzurick | ||
Xenial |
Fix Released
|
Undecided
|
Mitchell Dzurick | ||
Bionic |
Fix Released
|
Undecided
|
Mitchell Dzurick | ||
Focal |
Fix Released
|
Undecided
|
Mitchell Dzurick | ||
Jammy |
Fix Released
|
Undecided
|
Mitchell Dzurick | ||
Lunar |
Fix Released
|
Undecided
|
Mitchell Dzurick | ||
Mantic |
Fix Released
|
Undecided
|
Mitchell Dzurick | ||
Noble |
Fix Released
|
Undecided
|
Mitchell Dzurick |
Bug Description
2 commits need to be backported back to Xenial:
1. IMDSv2 support
https:/
2. Do nothing if ODH is configured
https:/
IMDSv2 enablement is a security update as IMDSv1 uses an insecure protocol
Related branches
~mitchdz/ubuntu/+source/hibagent:mitch/bionic-imdsv2
Merged
into
ubuntu/+source/hibagent:ubuntu/bionic-devel
at
revision ad55c074c947bc0cfba3c0bdab32d3baabec9d8e
- git-ubuntu import: Pending requested
-
Diff: 202 lines (+157/-0)6 files modifieddebian/changelog (+14/-0)
debian/control (+1/-0)
debian/patches/disable-hibernate-test.patch (+18/-0)
debian/patches/do-nothing-if-ODH-is-configured.patch (+77/-0)
debian/patches/series (+3/-0)
debian/patches/use-imdsv2.patch (+44/-0)
~mitchdz/ubuntu/+source/hibagent:mitch/xenial-imdsv2
Merged
into
ubuntu/+source/hibagent:ubuntu/xenial-devel
at
revision ef48ca8a611aa13347fe7684cdbca8b19b185482
- git-ubuntu import: Pending requested
-
Diff: 202 lines (+157/-0)6 files modifieddebian/changelog (+14/-0)
debian/control (+1/-0)
debian/patches/disable-hibernate-test.patch (+18/-0)
debian/patches/do-nothing-if-ODH-is-configured.patch (+77/-0)
debian/patches/series (+3/-0)
debian/patches/use-imdsv2.patch (+44/-0)
~mitchdz/ubuntu/+source/hibagent:mitch/focal-imdsv2
Merged
into
ubuntu/+source/hibagent:ubuntu/focal-devel
at
revision afb55f8eedeabfeb09d79f4454375566b938d544
- git-ubuntu import: Pending requested
-
Diff: 202 lines (+157/-0)6 files modifieddebian/changelog (+14/-0)
debian/control (+1/-0)
debian/patches/disable-hibernate-test.patch (+18/-0)
debian/patches/do-nothing-if-ODH-is-configured.patch (+77/-0)
debian/patches/series (+3/-0)
debian/patches/use-imdsv2.patch (+44/-0)
~mitchdz/ubuntu/+source/hibagent:mitch/jammy-imdsv2
Merged
into
ubuntu/+source/hibagent:ubuntu/jammy-devel
at
revision 338eda96064f2b4570371bd69f5f2f2b910f571c
- git-ubuntu import: Pending requested
-
Diff: 202 lines (+157/-0)6 files modifieddebian/changelog (+14/-0)
debian/control (+1/-0)
debian/patches/disable-hibernate-test.patch (+18/-0)
debian/patches/do-nothing-if-ODH-is-configured.patch (+77/-0)
debian/patches/series (+3/-0)
debian/patches/use-imdsv2.patch (+44/-0)
~mitchdz/ubuntu/+source/hibagent:mitch/lunar-imdsv2
Merged
into
ubuntu/+source/hibagent:ubuntu/lunar-devel
at
revision b39ef9e02e0bfc36b5eac7ee437676a063f7fd92
- git-ubuntu import: Pending requested
-
Diff: 121 lines (+88/-0)4 files modifieddebian/changelog (+9/-0)
debian/control (+1/-0)
debian/patches/do-nothing-if-ODH-is-configured.patch (+77/-0)
debian/patches/series (+1/-0)
~mitchdz/ubuntu/+source/hibagent:mitch/mantic-imdsv2
Merged
into
ubuntu/+source/hibagent:ubuntu/mantic-devel
at
revision 135171b6fb2cbf4e246f49bdeee6dded9e132a68
- git-ubuntu import: Pending requested
-
Diff: 121 lines (+88/-0)4 files modifieddebian/changelog (+9/-0)
debian/control (+1/-0)
debian/patches/do-nothing-if-ODH-is-configured.patch (+77/-0)
debian/patches/series (+1/-0)
~mitchdz/ubuntu/+source/hibagent:mitch/noble-imdsv2
Merged
into
ubuntu/+source/hibagent:ubuntu/devel
at
revision 528f788317390c111f894c83f2727dfb7ee2731b
- git-ubuntu import: Pending requested
-
Diff: 121 lines (+88/-0)4 files modifieddebian/changelog (+9/-0)
debian/control (+1/-0)
debian/patches/do-nothing-if-ODH-is-configured.patch (+77/-0)
debian/patches/series (+1/-0)
description: | updated |
Changed in hibagent (Ubuntu Xenial): | |
assignee: | nobody → Mitchell Dzurick (mitchdz) |
Changed in hibagent (Ubuntu Bionic): | |
assignee: | nobody → Mitchell Dzurick (mitchdz) |
Changed in hibagent (Ubuntu Focal): | |
assignee: | nobody → Mitchell Dzurick (mitchdz) |
Changed in hibagent (Ubuntu Jammy): | |
assignee: | nobody → Mitchell Dzurick (mitchdz) |
Changed in hibagent (Ubuntu Lunar): | |
assignee: | nobody → Mitchell Dzurick (mitchdz) |
Changed in hibagent (Ubuntu Mantic): | |
assignee: | nobody → Mitchell Dzurick (mitchdz) |
Changed in hibagent (Ubuntu Noble): | |
assignee: | nobody → Mitchell Dzurick (mitchdz) |
Changed in hibagent (Ubuntu Xenial): | |
status: | New → Fix Released |
Changed in hibagent (Ubuntu Bionic): | |
status: | New → Fix Released |
To post a comment you must log in.
This bug was fixed in the package hibagent - 1.0.1-0ubuntu2. 22.04.2
--------------- 0ubuntu2. 22.04.2) jammy-security; urgency=medium
hibagent (1.0.1-
* Use imdsv2 and do nothing if ODH is configured (LP: #2043739). hibernate- test.patch: disable a test that only works on an nothing- if-ODH- is-configured. patch: do nothing if ODH is configured
- d/p/disable-
actual EC2 instance.
- d/p/use-imdsv2: use IMDSv2 instead of IMDSv1. This is important because
IMDSv1 is an insecure protocol.
- d/control: add python3-requests as Depends.
- d/p/do-
this fixes an issue when this package and ec2-hibinit-agent are installed
and configured at the same time.
-- Mitchell Dzurick <email address hidden> Thu, 16 Nov 2023 16:19:12 -0700