Comment 4 for bug 1136343

== recreate / test instructions ==

# get cloud-init updated deb to cloud-init_all.deb
$ rel="raring"
$ imgurl="http://cloud-images.ubuntu.com/raring/current/$rel-server-cloudimg-amd64-disk1.img"

$ wget $imgurl -O $rel.img.orig
$ qemu-img convert -O qcow2 $rel.img.orig $rel.img.dist

$ chmod 444 $rel.img.dist
$ qemu-img create -f qcow2 -b $rel.img.dist patched.img.dist

# patch the patched.img.dist with new cloud-init
 bzr branch lp:~smoser/+junk/backdoor-image ./bi
 sudo ./bi/mount-callback-umount patched.img.dist -- \
    sh -ec 'mp=$MOUNTPOINT; cp cloud-init.deb $mp/tmp &&
            LANG=C chroot $mp dpkg -i /tmp/cloud-init.deb ;
            rm $mp/tmp/cloud-init.deb' --

$ cat > user-data <<EOF
#cloud-config
password: passw0rd
chpasswd: { expire: False }
ssh_pwauth: True
ssh_authorized_keys:
  - ssh-rsa AAAAB3...NzaC1= Scott Moser
EOF

$ cloud-localds my-seed.img user-data

$ qemu-img create -f qcow2 -b $rel.img.dist unpatched.img
$ qemu-img create -f qcow2 -b patched.img.dist patched.img

$ kvm -net nic -net user,hostfwd=tcp::2222-:22 -drive file=patched.img,if=virtio -drive file=my-seed.img,if=virtio -curses

# then log in, you should be able to log in with ubuntu and passw0rd.
# sudo cat /root/.ssh/authorized_keys
# that would previously show the provided key above without a prefix
# the correct fix is to have 'options' string that disables root.