2020-02-04 17:39:00 |
Balint Reczey |
bug |
|
|
added bug |
2020-02-04 20:37:11 |
Balint Reczey |
description |
TODO finish
[Impact]
* The systemd drop-in is placed and removed in maintainer scripts based on the current system configuration.
[Test Case]
* detailed instructions how to reproduce the bug
* these should allow someone who is not familiar with the affected
package to reproduce the bug and verify that the updated package fixes
the problem.
[Regression Potential]
* discussion of how regressions are most likely to manifest as a result of this change.
* It is assumed that any SRU candidate patch is well-tested before
upload and has a low overall risk of regression, but it's important
to make the effort to think about what ''could'' happen in the
event of a regression.
* This both shows the SRU team that the risks have been considered,
and provides guidance to testers in regression-testing the SRU.
[Other Info] |
[Impact]
* The ssh.service drop-in is placed and removed in maintainer scripts based on the current ssh configuration checks which are incomplete. The drop-in is also not owned by the package.
[Test Case]
* Install the fixed package. The drop-in should be listed among the package's files:
$ dpkg -L ec2-instance-connect
...
/lib/systemd/system/ssh.service.d/ec2-instance-connect.conf
...
* Upgrade package from previous version. The drop-in should replace the old one.
* Change /etc/ssh/sshd_config to set AuthorizedKeysCommand
Install the fixed package. A warning should appear and sshd should not be restarted by the package's maintainer scripts.
[Regression Potential]
* The change is made to make installation and upgrades more reliable. The test cases check package installs and upgrades where regressions could happen due to implementation mistakes.
* The unfixed version of the package did not place the drop-in when it detected setting AuthorizedKeysCommand in sshd_conf, while the fixed version installs the drop-in, just does not restart the ssh service. This can block users from logging in via ssh if only the sshd_conf's AuthorizedKeysCommand configuration enabled their login and the ssh service got restarted after installing/upgrading ec2-instance-connect.
This is a known change in behavior and is mitigated by showing a warning when this potentially problematic configuration is detected. It is also worth noting that in case the drop-in overrides the configuration in sshd_conf it is still possible to log in via EC2 Instance Connect, the login method the package enables.
[Other Info] |
|
2020-02-04 21:40:33 |
Launchpad Janitor |
ec2-instance-connect (Ubuntu): status |
New |
Fix Released |
|
2020-02-17 10:46:47 |
Łukasz Zemczak |
ec2-instance-connect (Ubuntu Eoan): status |
New |
Fix Committed |
|
2020-02-17 10:46:48 |
Łukasz Zemczak |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2020-02-17 10:46:49 |
Łukasz Zemczak |
bug |
|
|
added subscriber SRU Verification |
2020-02-17 10:46:52 |
Łukasz Zemczak |
tags |
|
verification-needed verification-needed-eoan |
|
2020-02-17 11:10:08 |
Łukasz Zemczak |
ec2-instance-connect (Ubuntu Bionic): status |
New |
Fix Committed |
|
2020-02-17 11:10:11 |
Łukasz Zemczak |
tags |
verification-needed verification-needed-eoan |
verification-needed verification-needed-bionic verification-needed-eoan |
|
2020-02-17 11:18:10 |
Łukasz Zemczak |
ec2-instance-connect (Ubuntu Xenial): status |
New |
Fix Committed |
|
2020-02-17 11:18:13 |
Łukasz Zemczak |
tags |
verification-needed verification-needed-bionic verification-needed-eoan |
verification-needed verification-needed-bionic verification-needed-eoan verification-needed-xenial |
|
2020-02-24 17:06:17 |
Balint Reczey |
tags |
verification-needed verification-needed-bionic verification-needed-eoan verification-needed-xenial |
verification-done-bionic verification-needed verification-needed-eoan verification-needed-xenial |
|
2020-02-24 19:27:22 |
Balint Reczey |
tags |
verification-done-bionic verification-needed verification-needed-eoan verification-needed-xenial |
verification-done verification-done-bionic verification-done-eoan verification-done-xenial |
|
2020-02-27 15:33:10 |
Balint Reczey |
tags |
verification-done verification-done-bionic verification-done-eoan verification-done-xenial |
one one-eoan verification-done-eoan verification-done-xenial verification-dverification-needed-bionic verification-needed verification-needed-bionic verification-needed-xenial |
|
2020-02-27 17:38:28 |
Balint Reczey |
tags |
one one-eoan verification-done-eoan verification-done-xenial verification-dverification-needed-bionic verification-needed verification-needed-bionic verification-needed-xenial |
verification-done verification-done-bionic verification-done-eoan verification-done-xenial |
|
2020-02-27 18:24:22 |
Launchpad Janitor |
ec2-instance-connect (Ubuntu Eoan): status |
Fix Committed |
Fix Released |
|
2020-02-27 18:24:30 |
Łukasz Zemczak |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
2020-02-27 18:24:46 |
Launchpad Janitor |
ec2-instance-connect (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|
2020-02-27 18:24:54 |
Launchpad Janitor |
ec2-instance-connect (Ubuntu Xenial): status |
Fix Committed |
Fix Released |
|