date:20221006

Status changed to 'Confirmed' because the bug affects multiple users.

** Changed in: ifupdown (Ubuntu)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ifupdown in Ubuntu.
https://bugs.launchpad.net/bugs/1978351

Title:
  MITM vector: ifupdown puts .domains TLD in resolv.conf

Status in ifupdown package in Ubuntu:
  Confirmed

Bug description:
  The bug described in
  https://bugs.launchpad.net/ubuntu/+source/ifupdown/+bug/1907878?comments=all
  is a security vulnerability because DNS names that would normally fail
  are now attempted as "foo.domains".

  ".domains" is a real TLD, with the registrar "Donuts, Inc." based in Bellvue, 
WA.
  "google.com.domains" is registered, for example. So is "test.domains".

  For users with ifupdown, any Internet request (especially that does
  not involve some cryptographic payload and destination signature
  verification) is potentially sending packets to an unintended
  audience. It's impossible to say, but likely, that malicious
  registrants are squatting sensitive and common names in the .domains
  TLD.

  The ifupdown package is still used by some cloud providers that have not 
adopted netplan.
  This vulnerability affects 22.04 and potentially other releases.

  This issue has not been corrected in 0.8.36+nmu1ubuntu4.

  With 0.8.36+nmu1ubuntu3 and after an update to 0.8.36+nmu1ubuntu4, the
  resolv.conf looks like the following (which is vulnerable to mitm
  attacks):

  ```
  root@foo:~# cat /etc/resolv.conf
  # This is /run/systemd/resolve/stub-resolv.conf managed by 
man:systemd-resolved(8).
  # Do not edit.
  #
  # This file might be symlinked as /etc/resolv.conf. If you're looking at
  # /etc/resolv.conf and seeing this text, you have followed the symlink.
  #
  # This is a dynamic resolv.conf file for connecting local clients to the
  # internal DNS stub resolver of systemd-resolved. This file lists all
  # configured search domains.
  #
  # Run "resolvectl status" to see details about the uplink DNS servers
  # currently in use.
  #
  # Third party programs should typically not access this file directly, but 
only
  # through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a
  # different way, replace this symlink by a static file or a different symlink.
  #
  # See man:systemd-resolved.service(8) for details about the supported modes of
  # operation for /etc/resolv.conf.

  nameserver 127.0.0.53
  options edns0 trust-ad
  search DOMAINS
  ```

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ifupdown/+bug/1978351/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1969976] Re: DynamicUser=1 doesn't get along with services that need dbus-daemon

2022-10-06 Thread Yuan-Chen Cheng

** Also affects: oem-priority
   Importance: Undecided
   Status: New

** Changed in: oem-priority
   Importance: Undecided => High

** Changed in: oem-priority
   Status: New => Confirmed

** Changed in: oem-priority
 Assignee: (unassigned) => Yuan-Chen Cheng (ycheng-twn)

** Tags removed: verification-done-jammy verification-needed
** Tags added: fwupd

** Tags added: oem-priority

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1969976

Title:
  DynamicUser=1 doesn't get along with services that need dbus-daemon

Status in Fwupd:
  Fix Released
Status in OEM Priority Project:
  Confirmed
Status in systemd:
  New
Status in fwupd package in Ubuntu:
  Fix Released
Status in systemd package in Ubuntu:
  Won't Fix
Status in fwupd source package in Focal:
  Confirmed
Status in systemd source package in Focal:
  Won't Fix
Status in fwupd source package in Impish:
  Won't Fix
Status in systemd source package in Impish:
  Won't Fix
Status in fwupd source package in Jammy:
  Confirmed
Status in systemd source package in Jammy:
  Won't Fix

Bug description:
  Updating to systemd 245.4-4ubuntu3.16 has caused a regression in
  Ubuntu 20.04, that fwupd-refresh.service always fails to run.

  This has been root caused down to the changes in
  https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1871538

  Unfortunately this is an upstream issue introduced by stable systemd.
  https://github.com/systemd/systemd/issues/22737

  The problem also occurs in Ubuntu 22.04 with a newer systemd release.
  As discussed in 
https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1871538/comments/61
 it's a tradeoff of issues.  So within Ubuntu something probably needs to be 
done about fwupd-refresh.service.

  One proposal is to remove DynamicUser=yes from the systemd unit, but
  this will mean fwupdgmr refresh runs as root.  It's relatively
  sandboxed by other security mechanisms, but still not ideal.  Could we
  repurpose any other service account?  Or alternatively we can make a
  new fwupd service account that this systemd unit uses.

To manage notifications about this bug go to:
https://bugs.launchpad.net/fwupd/+bug/1969976/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1992025] Re: When sudo does not require a password, it alters stty as though it is reading a password

2022-10-06 Thread Seth Arnold

I wasn't able to reproduce on 20.04 LTS.

I was able to reproduce on 22.04 LTS.

This little script should work out of the box:

$ cat /tmp/sudo-stty 
#!/bin/bash

sudo ls
mkdir /tmp/stty

for i in `seq -w 1 999`; do stty -a > /tmp/stty/before.${i}; sudo sleep
1 & stty -a  >  /tmp/stty/after.${i} 2>&1 ; done


Your terminal won't echo anything you type afterwards if it happens, so it's 
not exactly subtle :) but with all those outputs saved aside, you can check:

md5sum /tmp/stty/* | sort

to see where exactly the race is lost on your own system.

(reset(1) will restore the terminal to something useful, but clears the
output when you run it.)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to sudo in Ubuntu.
https://bugs.launchpad.net/bugs/1992025

Title:
  When sudo does not require a password, it alters stty as though it is
  reading a password

Status in sudo package in Ubuntu:
  Confirmed

Bug description:
  Summary:
  Executing a sudo (that does not require a password) in a /bin/bash script 
leaves the terminal as though it is reading a password (-echo, -icrnl, -ixon, 
-opost, -isig, -icanon, -iexten)

  To recreate the problem: (See attached log)

  In a fresh install of 22.04.1 (desktop, minimal, do not load updates,
  no update done beyond iso data, running under Virtualbox on a Mac), I
  set up a new user that can run "sudo sleep" without a password.  In a
  Terminal, I demonstrate this, running "stty -a" before and after the
  "sudo sleep". Then I create a bash script with those same commands.
  When that script is run, the stty after the "sudo sleep" shows that
  the state of the terminal has been altered (-echo, etc.)

  The log starts immediately after the reboot after installing 22.04.1.
  I decline to do the update when it is offered. (The bug appears even
  if I do the update on 22.04.1, but I decline the update to make sure
  this is repeatable.)

  Basically, the steps are
Create user "testuser"
Add a file to /etc/sudoers.d that gives testuser sudo privs, with no 
password required for sleep.  (nor for "grep", but I dropped the use of grep in 
the demo)
su - testuser
Interactively, in the terminal, I show that "sudo sleep 30 &"  does not 
mess with the terminal settings.
I create a /bin/bash script that includes the same commands (stty -a; sudo 
sleep 10 &; sleep 3; stty -a)
I execute the script, which alters the terminal settings.(Quite visible on 
the Terminal; not as easily visible in the log file.)

  
  I expect the second "stty -a" to be the same as the first.

  I originally saw the bug in 20.04.5 (repeatable but on someone else's
  computer) for "sudo tcpdump" but wasn't able to reproduce it in a
  fresh install.

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: sudo 1.9.9-1ubuntu2
  ProcVersionSignature: Ubuntu 5.15.0-48.54-generic 5.15.53
  Uname: Linux 5.15.0-48-generic x86_64
  ApportVersion: 2.20.11-0ubuntu82.1
  Architecture: amd64
  CasperMD5CheckResult: pass
  CurrentDesktop: ubuntu:GNOME
  Date: Thu Oct  6 10:40:03 2022
  InstallationDate: Installed on 2022-10-06 (0 days ago)
  InstallationMedia: Ubuntu 22.04.1 LTS "Jammy Jellyfish" - Release amd64 
(20220809.1)
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: sudo
  UpgradeStatus: No upgrade log present (probably fresh install)
  VisudoCheck:
   Error: command ['pkexec', '/usr/sbin/visudo', '-c'] failed with exit code 1: 
/etc/sudoers.d/testuser: bad permissions, should be mode 0440
   /etc/sudoers: parsed OK
   /etc/sudoers.d/README: parsed OK
  modified.conffile..etc.sudoers: [inaccessible: [Errno 13] Permission denied: 
'/etc/sudoers']
  modified.conffile..etc.sudoers.d.README: [inaccessible: [Errno 13] Permission 
denied: '/etc/sudoers.d/README']

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1992025/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1992025] Re: When sudo does not require a password, it alters stty as though it is reading a password

2022-10-06 Thread Seth Arnold

** Changed in: sudo (Ubuntu)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to sudo in Ubuntu.
https://bugs.launchpad.net/bugs/1992025

Title:
  When sudo does not require a password, it alters stty as though it is
  reading a password

Status in sudo package in Ubuntu:
  Confirmed

Bug description:
  Summary:
  Executing a sudo (that does not require a password) in a /bin/bash script 
leaves the terminal as though it is reading a password (-echo, -icrnl, -ixon, 
-opost, -isig, -icanon, -iexten)

  To recreate the problem: (See attached log)

  In a fresh install of 22.04.1 (desktop, minimal, do not load updates,
  no update done beyond iso data, running under Virtualbox on a Mac), I
  set up a new user that can run "sudo sleep" without a password.  In a
  Terminal, I demonstrate this, running "stty -a" before and after the
  "sudo sleep". Then I create a bash script with those same commands.
  When that script is run, the stty after the "sudo sleep" shows that
  the state of the terminal has been altered (-echo, etc.)

  The log starts immediately after the reboot after installing 22.04.1.
  I decline to do the update when it is offered. (The bug appears even
  if I do the update on 22.04.1, but I decline the update to make sure
  this is repeatable.)

  Basically, the steps are
Create user "testuser"
Add a file to /etc/sudoers.d that gives testuser sudo privs, with no 
password required for sleep.  (nor for "grep", but I dropped the use of grep in 
the demo)
su - testuser
Interactively, in the terminal, I show that "sudo sleep 30 &"  does not 
mess with the terminal settings.
I create a /bin/bash script that includes the same commands (stty -a; sudo 
sleep 10 &; sleep 3; stty -a)
I execute the script, which alters the terminal settings.(Quite visible on 
the Terminal; not as easily visible in the log file.)

  
  I expect the second "stty -a" to be the same as the first.

  I originally saw the bug in 20.04.5 (repeatable but on someone else's
  computer) for "sudo tcpdump" but wasn't able to reproduce it in a
  fresh install.

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: sudo 1.9.9-1ubuntu2
  ProcVersionSignature: Ubuntu 5.15.0-48.54-generic 5.15.53
  Uname: Linux 5.15.0-48-generic x86_64
  ApportVersion: 2.20.11-0ubuntu82.1
  Architecture: amd64
  CasperMD5CheckResult: pass
  CurrentDesktop: ubuntu:GNOME
  Date: Thu Oct  6 10:40:03 2022
  InstallationDate: Installed on 2022-10-06 (0 days ago)
  InstallationMedia: Ubuntu 22.04.1 LTS "Jammy Jellyfish" - Release amd64 
(20220809.1)
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: sudo
  UpgradeStatus: No upgrade log present (probably fresh install)
  VisudoCheck:
   Error: command ['pkexec', '/usr/sbin/visudo', '-c'] failed with exit code 1: 
/etc/sudoers.d/testuser: bad permissions, should be mode 0440
   /etc/sudoers: parsed OK
   /etc/sudoers.d/README: parsed OK
  modified.conffile..etc.sudoers: [inaccessible: [Errno 13] Permission denied: 
'/etc/sudoers']
  modified.conffile..etc.sudoers.d.README: [inaccessible: [Errno 13] Permission 
denied: '/etc/sudoers.d/README']

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1992025/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1992100] Re: LibreOffice Failure

2022-10-06 Thread Daniel van Vugt

Please explain in more detail (ideally with photos or a video) what the
main problem is.


** Package changed: xorg (Ubuntu) => libreoffice (Ubuntu)

** Package changed: libreoffice (Ubuntu) => ubuntu

** Changed in: ubuntu
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to xorg in Ubuntu.
https://bugs.launchpad.net/bugs/1992100

Title:
  LibreOffice Failure

Status in Ubuntu:
  Incomplete

Bug description:
  I’ve made tree reports thinking that it was some extension of the
  Firefox browser, such as the dark reader and Grammarly, in fact I
  deactivated them and my computer worked better.

  Last night I reinstalled them, but the fault reappeared. I uninstalled
  Grammarly and reported it assuming that was the bug. Instead, I
  installed another text corrector that is endorsed by the extension
  community web browser and has worked very well.

  A few minutes ago, while using the LibreOffice, Google Translate and
  the new text corrector, the bug appeared again.

  This time was by placing a small window with the browser name in the
  upper left of my LibreOffice, something that is not the first time I
  saw.

  Other times the fail has manifested more severely and as a flickering
  video glitch not only with the Firefox browser and add-ons, but with
  other features of the computer. But this time I think it's a
  LibreOffice word processor bug.

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: xorg 1:7.7+23ubuntu2
  ProcVersionSignature: Ubuntu 5.15.0-48.54-generic 5.15.53
  Uname: Linux 5.15.0-48-generic x86_64
  ApportVersion: 2.20.11-0ubuntu82.1
  Architecture: amd64
  BootLog: Error: [Errno 13] Permiso denegado: '/var/log/boot.log'
  CasperMD5CheckResult: pass
  CompositorRunning: None
  CurrentDesktop: ubuntu:GNOME
  Date: Thu Oct  6 15:02:44 2022
  DistUpgraded: Fresh install
  DistroCodename: jammy
  DistroVariant: ubuntu
  ExtraDebuggingInterest: Yes, if not too technical
  GraphicsCard:
   Intel Corporation Haswell-ULT Integrated Graphics Controller [8086:0a06] 
(rev 0b) (prog-if 00 [VGA controller])
 Subsystem: Dell Haswell-ULT Integrated Graphics Controller [1028:0651]
  InstallationDate: Installed on 2022-09-30 (6 days ago)
  InstallationMedia: Ubuntu 22.04.1 LTS "Jammy Jellyfish" - Release amd64 
(20220809.1)
  MachineType: Dell Inc. Inspiron 3442
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.15.0-48-generic 
root=UUID=2cd3ff22-e8b5-40a0-a450-10456d1ac17a ro quiet splash vt.handoff=7
  SourcePackage: xorg
  Symptom: display
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 02/24/2014
  dmi.bios.release: 0.0
  dmi.bios.vendor: Dell Inc.
  dmi.bios.version: A00
  dmi.board.name: 0878RH
  dmi.board.vendor: Dell Inc.
  dmi.board.version: A00
  dmi.chassis.type: 8
  dmi.chassis.vendor: Dell Inc.
  dmi.chassis.version: Not Specified
  dmi.ec.firmware.release: 0.0
  dmi.modalias: 
dmi:bvnDellInc.:bvrA00:bd02/24/2014:br0.0:efr0.0:svnDellInc.:pnInspiron3442:pvrNotSpecified:rvnDellInc.:rn0878RH:rvrA00:cvnDellInc.:ct8:cvrNotSpecified:sku0651:
  dmi.product.name: Inspiron 3442
  dmi.product.sku: 0651
  dmi.product.version: Not Specified
  dmi.sys.vendor: Dell Inc.
  version.compiz: compiz N/A
  version.libdrm2: libdrm2 2.4.110-1ubuntu1
  version.libgl1-mesa-dri: libgl1-mesa-dri 22.0.5-0ubuntu0.1
  version.libgl1-mesa-glx: libgl1-mesa-glx N/A
  version.xserver-xorg-core: xserver-xorg-core 2:21.1.3-2ubuntu2.1
  version.xserver-xorg-input-evdev: xserver-xorg-input-evdev N/A
  version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:19.1.0-2ubuntu1
  version.xserver-xorg-video-intel: xserver-xorg-video-intel 
2:2.99.917+git20210115-1
  version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 
1:1.0.17-2build1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+bug/1992100/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Re: [Touch-packages] [Bug 1991592] Re: openssh-server should ship a systemd generator to generate ssh socket port configuration from sshd_config

2022-10-06 Thread Steve Langasek

On Thu, Oct 06, 2022 at 07:32:54AM -, msaxl wrote:
> I think the biggest issue is the automatic upgrade from "classic" to
> systemd.socket

> It is very hard to consistently migrate every configuration.

> I was hit by this issue because I had set
> /proc/sys/net/ipv6/bindv6only=1, so ipv4 was disabled

Please file a separate bug explaining exactly what problem you encountered
on upgrade.  Setting /proc/sys/net/ipv6/bindv6only=1 (which is not something
I consider a sensible deviation from the Ubuntu defaults) should not have
caused you to experience upgrade issues, and is independent from the
question of using a generator.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1991592

Title:
  openssh-server should ship a systemd generator to generate ssh socket
  port configuration from sshd_config

Status in openssh package in Ubuntu:
  Triaged

Bug description:
  A criticism of the existing sshd socket activation implementation is
  that Port/ListenAddress options are migrated on a one-time basis at
  package upgrade time, and afterwards users get the surprising behavior
  that Port/ListenAddress settings added to sshd_config are ignored.

  A systemd generator could be used to change the ssh socket unit
  configuration on boot, and on each change of /etc/ssh/sshd_config.
  Sample implementation from Dimitri:

  ssh.socket:
  [Unit]
  Wants=sshd-config.path

  #
  # Note the below defaults are cleared and overriden by
  #/lib/systemd/system-generators/sshd-generator
  # based on the sshd config from the sshd -T output
  #
  ListenStream=[::]:22
  ListenStream=0.0.0.0:22

  diff --git a/systemd/sshd-config.path b/systemd/sshd-config.path
  new file mode 100644
  index 0..cfa9674a3
  --- /dev/null
  +++ b/systemd/sshd-config.path
  @@ -0,0 +1,4 @@
  +[Unit]
  +ConditionPathExists=!/etc/ssh/sshd_not_to_be_run
  +[Path]
  +PathChanged=/etc/ssh/sshd_config
  diff --git a/systemd/sshd-config.service b/systemd/sshd-config.service
  new file mode 100644
  index 0..b009ea52c
  --- /dev/null
  +++ b/systemd/sshd-config.service
  @@ -0,0 +1,5 @@
  +[Unit]
  +Description=Regenerate ssh.socket.d/ssh-listen.conf drop-in
  +
  +[Service]
  +ExecStart=/bin/systemctl daemon-reload
  diff --git a/systemd/sshd-generator b/systemd/sshd-generator
  new file mode 100755
  index 0..72c6aac04
  --- /dev/null
  +++ b/systemd/sshd-generator
  @@ -0,0 +1,10 @@
  +#!/bin/sh
  +set -eu
  +mkdir -p /run/sshd
  +sshd -t
  +mkdir -p $1/ssh.socket.d
  +target="$1/ssh.socket.d/ssh-listen.conf"
  +echo '[Socket]' > $target
  +echo 'ListenStream=' >> $target
  +sshd -T | sed -n 's/^listenaddress /ListenStream=/p' >> $target
  +rmdir --ignore-fail-on-non-empty /run/sshd

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1991592/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1991975] Re: dev file system is mounted without nosuid

** Description changed:

+ [ SRU TEMPLATE ]
+ [ Impact ]
+
+ * nosuid, and noexec bits are not set on /dev
+ * This has the potential for nefarious actors to use this as an avenue for
attack. see https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1450960 for more
discussion around this.
+ * It is not best security practice.
+
+ [ Test Plan ]
+
+1.Boot a Canonical Supplied EC2 instance
+2.Check the mount options for /dev.
+3.You will notice the lack of nosuid and noexec on /dev.
+
+ [ Where problems could occur ]
+
+ * As of 2022/10/06, I need to test this, but don't know how to build
+ -aws flavored ubuntu kernels. Instructions welcome.
+
+ * If this is applied to non initramfs-less kernels it could potentially
cause a regression for very old hardware that does nefarious things with
memory. For a larger discussion about that see:
+
https://lore.kernel.org/lkml/YcMfDOyrg647RCmd@debian-BULLSEYE-live-builder-AMD64/T/
+
+ * Low risk if a driver depends on /dev allowing suid or exec this might
+ prevent boot. That being said, all kernels that have been booting with
+ an initramfs have been getting nosuid, and noexec set so hopefully we
+ can consider that risk fairly well tested.
+
+ [ Other Info ]
+
+ * Patch is accepted into 5.17, and will drop out quickly
+ * Any server booting with an initramfs already has nosuid, and noexec set,
so hopefully
+
+
+ <<< ORIGINAL TEXT
+
This is similar to
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1450960 but new.

I discovered that my ec2 instances based off of Canonical supplied AMI
ami-0a23d90349664c6ee *(us-east-2), have dev mounted mounted without the
nosuid option.

https://us-east-2.console.aws.amazon.com/ec2/home?region=us-
east-2#Images:visibility=public-images;imageId=ami-0a23d90349664c6ee

My usb installed 20.04.4 home machine does not have this problem, but it
has been installed for quite some time. My 22.04 laptop machine also
does not have this issue.

Reproduce.
Start an ec2 instance based off of ami-0a23d90349664c6ee.
$ mount | grep devtmpfs
nosuid is not found in the options list.

I've checked the initrd, and /etc/init.d/udev script and all places I
know of where dev gets mounted set nosuid, so it's non-obvious what boot
code-path is being taken that results in nosuid missing.

ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: udev 245.4-4ubuntu3.18
ProcVersionSignature: Ubuntu 5.15.0-1020.24~20.04.1-aws 5.15.53
Uname: Linux 5.15.0-1020-aws x86_64
ApportVersion: 2.20.11-0ubuntu27.24
Architecture: amd64
CasperMD5CheckResult: skip
CustomUdevRuleFiles: 60-cdrom_id.rules 70-snap.snapd.rules
Date: Thu Oct 6 17:39:42 2022
Ec2AMI: ami-0a23d90349664c6ee
Ec2AMIManifest: (unknown)
Ec2AvailabilityZone: us-east-2c
Ec2InstanceType: t2.medium
Ec2Kernel: unavailable
Ec2Ramdisk: unavailable
Lsusb: Error: command ['lsusb'] failed with exit code 1:
Lsusb-t:

Lsusb-v: Error: command ['lsusb', '-v'] failed with exit code 1:
MachineType: Xen HVM domU
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
LANG=C.UTF-8
SHELL=/bin/bash
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.15.0-1020-aws
root=PARTUUID=5bb90437-9efc-421d-aa94-c512c3b666a3 ro console=tty1
console=ttyS0 nvme_core.io_timeout=4294967295 panic=-1
SourcePackage: systemd
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 08/24/2006
dmi.bios.release: 4.2
dmi.bios.vendor: Xen
dmi.bios.version: 4.2.amazon
dmi.chassis.type: 1
dmi.chassis.vendor: Xen
dmi.modalias:
dmi:bvnXen:bvr4.2.amazon:bd08/24/2006:br4.2:svnXen:pnHVMdomU:pvr4.2.amazon:cvnXen:ct1:cvr:sku:
dmi.product.name: HVM domU
dmi.product.version: 4.2.amazon
dmi.sys.vendor: Xen

** Description changed:

[ SRU TEMPLATE ]
- [ Impact ]
+ [ Impact ]

- * nosuid, and noexec bits are not set on /dev
- * This has the potential for nefarious actors to use this as an avenue for
attack. see https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1450960 for more
discussion around this.
- * It is not best security practice.
+ * nosuid, and noexec bits are not set on /dev
+ * This has the potential for nefarious actors to use this as an avenue for
attack. see https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1450960 for more
discussion around this.
+ * It is not best security practice.

[ Test Plan ]

-1.Boot a Canonical Supplied EC2 instance
-2.Check the mount options for /dev.
-3.You will notice the lack of nosuid and noexec on /dev.
+ 1.Boot a Canonical Supplied EC2 instance
+ 2.Check the mount options for /dev.
+ 3.You will notice the lack of nosuid and noexec on /dev.

[ Where problems could occur ]

- * As of 2022/10/06, I need to test this, but don't know how to build
- -aws flavored ubuntu kernels. Instructions welcome.
+ * As of 2022/10/06, I need to test this, but don't know how to build
+

[Touch-packages] [Bug 1958019]

2022-10-06 Thread cam

(In reply to toyeisfree from comment #701)
> Created attachment 302941 [details]
> dmesg for Legion S7 16ARHA7-82UG
> 
> dmesg for this laptop (
> https://psref.lenovo.com/Detail/Legion/Legion_S7_16ARHA7?M=82UG0029SP )

Because your ACPI table is missing the _DSD entries just like mine:
[6.111053] cs35l41-hda i2c-CSC3551:00-cs35l41-hda.0: error -EINVAL: 
Platform not supported -22
[6.111082] cs35l41-hda: probe of i2c-CSC3551:00-cs35l41-hda.0 failed with 
error -22
[6.38] cs35l41-hda i2c-CSC3551:00-cs35l41-hda.1: error -EINVAL: 
Platform not supported -22
[6.55] cs35l41-hda: probe of i2c-CSC3551:00-cs35l41-hda.1 failed with 
error -22

jochemp...@gmail.com,

Looks like I had you grepping for the wrong thing. This is likely your
issue as well if you want to share your dmesg.


jochemp...@gmail.com & toyeisf...@gmail.com,
My suggestion for both of you is to follow up with Lenovo support as I 
mentioned and see where that gets us. If enough of us take issue, they might be 
inclined to fix it.

Failing that, if enough of us are affected, maybe we can start a
petition?

I still haven't been able to follow up on my ticket. Too busy with
work/life.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to alsa-driver in Ubuntu.
https://bugs.launchpad.net/bugs/1958019

Title:
  [Lenovo Legion7 16ACHg6 82N6, Realtek ALC287, Speaker, Internal] No
  sound at all

Status in sound-2.6 (alsa-kernel):
  Confirmed
Status in alsa-driver package in Ubuntu:
  Confirmed

Bug description:
  On my Lenovo Legion-7-16ACHg6 laptop I can't hear any sound by
  internal speakers, but it work by headphones connected to standard
  jack aux.

  uname -r
  5.11.0-44-generic

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: alsa-base 1.0.25+dfsg-0ubuntu5
  ProcVersionSignature: Ubuntu 5.11.0-44.48~20.04.2-generic 5.11.22
  Uname: Linux 5.11.0-44-generic x86_64
  NonfreeKernelModules: nvidia_modeset nvidia
  ApportVersion: 2.20.11-0ubuntu27.21
  Architecture: amd64
  AudioDevicesInUse:
   USERPID ACCESS COMMAND
   /dev/snd/controlC2:  i3draven   1266 F pulseaudio
   /dev/snd/controlC0:  i3draven   1266 F pulseaudio
   /dev/snd/controlC1:  i3draven   1266 F pulseaudio
   /dev/snd/pcmC1D0p:   i3draven   1266 F...m pulseaudio
  CasperMD5CheckResult: skip
  CurrentDesktop: ubuntu:GNOME
  Date: Sat Jan 15 15:10:53 2022
  InstallationDate: Installed on 2021-10-11 (96 days ago)
  InstallationMedia: Ubuntu 20.04.3 LTS "Focal Fossa" - Release amd64 (20210819)
  PackageArchitecture: all
  SourcePackage: alsa-driver
  Symptom: audio
  Symptom_AlsaPlaybackTest: ALSA playback test through plughw:Generic failed
  Symptom_Card: Family 17h (Models 10h-1fh) HD Audio Controller - HD-Audio 
Generic
  Symptom_DevicesInUse:
   USERPID ACCESS COMMAND
   /dev/snd/controlC2:  i3draven   1266 F pulseaudio
   /dev/snd/controlC0:  i3draven   1266 F pulseaudio
   /dev/snd/controlC1:  i3draven   1266 F pulseaudio
   /dev/snd/pcmC1D0p:   i3draven   1266 F...m pulseaudio
  Symptom_Jack: Speaker, Internal
  Symptom_Type: No sound at all
  Title: [82N6, Realtek ALC287, Speaker, Internal] No sound at all
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 11/08/2021
  dmi.bios.release: 1.49
  dmi.bios.vendor: LENOVO
  dmi.bios.version: GKCN49WW
  dmi.board.asset.tag: NO Asset Tag
  dmi.board.name: LNVNB161216
  dmi.board.vendor: LENOVO
  dmi.board.version: SDK0R32862 WIN
  dmi.chassis.asset.tag: NO Asset Tag
  dmi.chassis.type: 10
  dmi.chassis.vendor: LENOVO
  dmi.chassis.version: Legion 7 16ACHg6
  dmi.ec.firmware.release: 1.49
  dmi.modalias: 
dmi:bvnLENOVO:bvrGKCN49WW:bd11/08/2021:br1.49:efr1.49:svnLENOVO:pn82N6:pvrLegion716ACHg6:skuLENOVO_MT_82N6_BU_idea_FM_Legion716ACHg6:rvnLENOVO:rnLNVNB161216:rvrSDK0R32862WIN:cvnLENOVO:ct10:cvrLegion716ACHg6:
  dmi.product.family: Legion 7 16ACHg6
  dmi.product.name: 82N6
  dmi.product.sku: LENOVO_MT_82N6_BU_idea_FM_Legion 7 16ACHg6
  dmi.product.version: Legion 7 16ACHg6
  dmi.sys.vendor: LENOVO

To manage notifications about this bug go to:
https://bugs.launchpad.net/sound-2.6/+bug/1958019/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1958019]

2022-10-06 Thread toyeisfree

Created attachment 302941
dmesg for Legion S7 16ARHA7-82UG

dmesg for this laptop (
https://psref.lenovo.com/Detail/Legion/Legion_S7_16ARHA7?M=82UG0029SP )

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to alsa-driver in Ubuntu.
https://bugs.launchpad.net/bugs/1958019

Title:
  [Lenovo Legion7 16ACHg6 82N6, Realtek ALC287, Speaker, Internal] No
  sound at all

Status in sound-2.6 (alsa-kernel):
  Confirmed
Status in alsa-driver package in Ubuntu:
  Confirmed

Bug description:
  On my Lenovo Legion-7-16ACHg6 laptop I can't hear any sound by
  internal speakers, but it work by headphones connected to standard
  jack aux.

  uname -r
  5.11.0-44-generic

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: alsa-base 1.0.25+dfsg-0ubuntu5
  ProcVersionSignature: Ubuntu 5.11.0-44.48~20.04.2-generic 5.11.22
  Uname: Linux 5.11.0-44-generic x86_64
  NonfreeKernelModules: nvidia_modeset nvidia
  ApportVersion: 2.20.11-0ubuntu27.21
  Architecture: amd64
  AudioDevicesInUse:
   USERPID ACCESS COMMAND
   /dev/snd/controlC2:  i3draven   1266 F pulseaudio
   /dev/snd/controlC0:  i3draven   1266 F pulseaudio
   /dev/snd/controlC1:  i3draven   1266 F pulseaudio
   /dev/snd/pcmC1D0p:   i3draven   1266 F...m pulseaudio
  CasperMD5CheckResult: skip
  CurrentDesktop: ubuntu:GNOME
  Date: Sat Jan 15 15:10:53 2022
  InstallationDate: Installed on 2021-10-11 (96 days ago)
  InstallationMedia: Ubuntu 20.04.3 LTS "Focal Fossa" - Release amd64 (20210819)
  PackageArchitecture: all
  SourcePackage: alsa-driver
  Symptom: audio
  Symptom_AlsaPlaybackTest: ALSA playback test through plughw:Generic failed
  Symptom_Card: Family 17h (Models 10h-1fh) HD Audio Controller - HD-Audio 
Generic
  Symptom_DevicesInUse:
   USERPID ACCESS COMMAND
   /dev/snd/controlC2:  i3draven   1266 F pulseaudio
   /dev/snd/controlC0:  i3draven   1266 F pulseaudio
   /dev/snd/controlC1:  i3draven   1266 F pulseaudio
   /dev/snd/pcmC1D0p:   i3draven   1266 F...m pulseaudio
  Symptom_Jack: Speaker, Internal
  Symptom_Type: No sound at all
  Title: [82N6, Realtek ALC287, Speaker, Internal] No sound at all
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 11/08/2021
  dmi.bios.release: 1.49
  dmi.bios.vendor: LENOVO
  dmi.bios.version: GKCN49WW
  dmi.board.asset.tag: NO Asset Tag
  dmi.board.name: LNVNB161216
  dmi.board.vendor: LENOVO
  dmi.board.version: SDK0R32862 WIN
  dmi.chassis.asset.tag: NO Asset Tag
  dmi.chassis.type: 10
  dmi.chassis.vendor: LENOVO
  dmi.chassis.version: Legion 7 16ACHg6
  dmi.ec.firmware.release: 1.49
  dmi.modalias: 
dmi:bvnLENOVO:bvrGKCN49WW:bd11/08/2021:br1.49:efr1.49:svnLENOVO:pn82N6:pvrLegion716ACHg6:skuLENOVO_MT_82N6_BU_idea_FM_Legion716ACHg6:rvnLENOVO:rnLNVNB161216:rvrSDK0R32862WIN:cvnLENOVO:ct10:cvrLegion716ACHg6:
  dmi.product.family: Legion 7 16ACHg6
  dmi.product.name: 82N6
  dmi.product.sku: LENOVO_MT_82N6_BU_idea_FM_Legion 7 16ACHg6
  dmi.product.version: Legion 7 16ACHg6
  dmi.sys.vendor: LENOVO

To manage notifications about this bug go to:
https://bugs.launchpad.net/sound-2.6/+bug/1958019/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1958019]

2022-10-06 Thread toyeisfree

Created attachment 302940
alsa info for this laptop ( 
https://psref.lenovo.com/Detail/Legion/Legion_S7_16ARHA7?M=82UG0029SP )

alsa info for this laptop (
https://psref.lenovo.com/Detail/Legion/Legion_S7_16ARHA7?M=82UG0029SP )

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to alsa-driver in Ubuntu.
https://bugs.launchpad.net/bugs/1958019

Title:
  [Lenovo Legion7 16ACHg6 82N6, Realtek ALC287, Speaker, Internal] No
  sound at all

Status in sound-2.6 (alsa-kernel):
  Confirmed
Status in alsa-driver package in Ubuntu:
  Confirmed

Bug description:
  On my Lenovo Legion-7-16ACHg6 laptop I can't hear any sound by
  internal speakers, but it work by headphones connected to standard
  jack aux.

  uname -r
  5.11.0-44-generic

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: alsa-base 1.0.25+dfsg-0ubuntu5
  ProcVersionSignature: Ubuntu 5.11.0-44.48~20.04.2-generic 5.11.22
  Uname: Linux 5.11.0-44-generic x86_64
  NonfreeKernelModules: nvidia_modeset nvidia
  ApportVersion: 2.20.11-0ubuntu27.21
  Architecture: amd64
  AudioDevicesInUse:
   USERPID ACCESS COMMAND
   /dev/snd/controlC2:  i3draven   1266 F pulseaudio
   /dev/snd/controlC0:  i3draven   1266 F pulseaudio
   /dev/snd/controlC1:  i3draven   1266 F pulseaudio
   /dev/snd/pcmC1D0p:   i3draven   1266 F...m pulseaudio
  CasperMD5CheckResult: skip
  CurrentDesktop: ubuntu:GNOME
  Date: Sat Jan 15 15:10:53 2022
  InstallationDate: Installed on 2021-10-11 (96 days ago)
  InstallationMedia: Ubuntu 20.04.3 LTS "Focal Fossa" - Release amd64 (20210819)
  PackageArchitecture: all
  SourcePackage: alsa-driver
  Symptom: audio
  Symptom_AlsaPlaybackTest: ALSA playback test through plughw:Generic failed
  Symptom_Card: Family 17h (Models 10h-1fh) HD Audio Controller - HD-Audio 
Generic
  Symptom_DevicesInUse:
   USERPID ACCESS COMMAND
   /dev/snd/controlC2:  i3draven   1266 F pulseaudio
   /dev/snd/controlC0:  i3draven   1266 F pulseaudio
   /dev/snd/controlC1:  i3draven   1266 F pulseaudio
   /dev/snd/pcmC1D0p:   i3draven   1266 F...m pulseaudio
  Symptom_Jack: Speaker, Internal
  Symptom_Type: No sound at all
  Title: [82N6, Realtek ALC287, Speaker, Internal] No sound at all
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 11/08/2021
  dmi.bios.release: 1.49
  dmi.bios.vendor: LENOVO
  dmi.bios.version: GKCN49WW
  dmi.board.asset.tag: NO Asset Tag
  dmi.board.name: LNVNB161216
  dmi.board.vendor: LENOVO
  dmi.board.version: SDK0R32862 WIN
  dmi.chassis.asset.tag: NO Asset Tag
  dmi.chassis.type: 10
  dmi.chassis.vendor: LENOVO
  dmi.chassis.version: Legion 7 16ACHg6
  dmi.ec.firmware.release: 1.49
  dmi.modalias: 
dmi:bvnLENOVO:bvrGKCN49WW:bd11/08/2021:br1.49:efr1.49:svnLENOVO:pn82N6:pvrLegion716ACHg6:skuLENOVO_MT_82N6_BU_idea_FM_Legion716ACHg6:rvnLENOVO:rnLNVNB161216:rvrSDK0R32862WIN:cvnLENOVO:ct10:cvrLegion716ACHg6:
  dmi.product.family: Legion 7 16ACHg6
  dmi.product.name: 82N6
  dmi.product.sku: LENOVO_MT_82N6_BU_idea_FM_Legion 7 16ACHg6
  dmi.product.version: Legion 7 16ACHg6
  dmi.sys.vendor: LENOVO

To manage notifications about this bug go to:
https://bugs.launchpad.net/sound-2.6/+bug/1958019/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1981794] Re: Duplicate/retried DNS queries fail with REFUSED (Fixed in upstream)

** Merge proposal linked:
   
https://code.launchpad.net/~lvoytek/ubuntu/+source/dnsmasq/+git/dnsmasq/+merge/431166

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to dnsmasq in Ubuntu.
https://bugs.launchpad.net/bugs/1981794

Title:
  Duplicate/retried DNS queries fail with REFUSED (Fixed in upstream)

Status in dnsmasq package in Ubuntu:
  In Progress
Status in dnsmasq source package in Jammy:
  Confirmed
Status in dnsmasq source package in Kinetic:
  In Progress

Bug description:
  Duplicate or retried DNS queries will return REFUSED for one of the
  queries causing intermittent failures in clients.

  This probably breaks lots of things, but for me is causing 22.04's
  internet connection sharing to be unstable. It's particularly bad for
  my Xbox which seems to like sending duplicate queries.

  Here's an example capture:
  22:37:25.308212 IP 10.42.0.16.54248 > 10.42.0.1.53: 22442+ A? 
title.auth.xboxlive.com. (41)
  22:37:25.332711 IP 10.42.0.16.54248 > 10.42.0.1.53: 22442+ A? 
title.auth.xboxlive.com. (41)
  22:37:25.332740 IP 10.42.0.1.53 > 10.42.0.16.54248: 22442 Refused 0/0/0 (41)
  22:37:25.353003 IP 10.42.0.1.53 > 10.42.0.16.54248: 22442 2/0/0 CNAME 
title.auth.xboxlive.com.akadns.net., A 40.64.90.82 (105)

  This has been fixed in upstream as of Sept 2021 in the unreleased 2.87
  version. It's apparently a regression in version 2.86 (also released
  in Sept 2021). Ubuntu 22.04 and later all use the broken 2.86 version.

  Upstream fix:
  
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=2561f9fe0eb9c0be1df48da1e2bd3d3feaa138c2

  Upstream bug thread:
  
https://www.mail-archive.com/search?l=dnsmasq-discuss%40lists.thekelleys.org.uk=subject:%22%5C%5BDnsmasq%5C-discuss%5C%5D+REFUSED+after+dropped+packets%22=oldest=1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1981794/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1992105] [NEW] missing httpform plugin for saslauthd

2022-10-06 Thread Amit

Public bug reported:

Hi, we noticed missing httpform plugin for saslauthd.  We are migrating
from Centos.

== On Centos (Notice the httpform at the end)

/usr/sbin/saslauthd -v
saslauthd 2.1.26
authentication mechanisms: getpwent kerberos5 pam rimap shadow ldap httpform


== On Ubuntu jammy
/usr/sbin/saslauthd -v
saslauthd 2.1.27
authentication mechanisms: sasldb getpwent kerberos5 pam rimap shadow ldap


== Potential fix

add the "--enable-httpform" flag to the sasl2-bin package build

ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: sasl2-bin 2.1.27+dfsg2-3ubuntu1
ProcVersionSignature: Ubuntu 5.15.0-48.54-generic 5.15.53
Uname: Linux 5.15.0-48-generic aarch64
ApportVersion: 2.20.11-0ubuntu82.1
Architecture: arm64
CasperMD5CheckResult: unknown
Date: Thu Oct  6 14:54:13 2022
ProcEnviron:
 TERM=xterm-256color
 PATH=(custom, no user)
 LANG=C.UTF-8
 SHELL=/bin/bash
SourcePackage: cyrus-sasl2
UpgradeStatus: No upgrade log present (probably fresh install)

** Affects: cyrus-sasl2 (Ubuntu)
 Importance: Undecided
 Status: New


** Tags: apport-bug arm64 jammy uec-images

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu.
https://bugs.launchpad.net/bugs/1992105

Title:
  missing httpform plugin for saslauthd

Status in cyrus-sasl2 package in Ubuntu:
  New

Bug description:
  Hi, we noticed missing httpform plugin for saslauthd.  We are
  migrating from Centos.

  == On Centos (Notice the httpform at the end)

  /usr/sbin/saslauthd -v
  saslauthd 2.1.26
  authentication mechanisms: getpwent kerberos5 pam rimap shadow ldap httpform

  
  == On Ubuntu jammy
  /usr/sbin/saslauthd -v
  saslauthd 2.1.27
  authentication mechanisms: sasldb getpwent kerberos5 pam rimap shadow ldap

  
  == Potential fix

  add the "--enable-httpform" flag to the sasl2-bin package build

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: sasl2-bin 2.1.27+dfsg2-3ubuntu1
  ProcVersionSignature: Ubuntu 5.15.0-48.54-generic 5.15.53
  Uname: Linux 5.15.0-48-generic aarch64
  ApportVersion: 2.20.11-0ubuntu82.1
  Architecture: arm64
  CasperMD5CheckResult: unknown
  Date: Thu Oct  6 14:54:13 2022
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   LANG=C.UTF-8
   SHELL=/bin/bash
  SourcePackage: cyrus-sasl2
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/1992105/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1991975] Re: dev file system is mounted without nosuid

** Changed in: linux (Ubuntu Jammy)
   Status: New => Confirmed

** Changed in: systemd (Ubuntu Jammy)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1991975

Title:
  dev file system is mounted without nosuid

Status in linux package in Ubuntu:
  Confirmed
Status in systemd package in Ubuntu:
  Confirmed
Status in linux source package in Focal:
  Confirmed
Status in systemd source package in Focal:
  Confirmed
Status in linux source package in Jammy:
  Confirmed
Status in systemd source package in Jammy:
  Confirmed

Bug description:
  This is similar to
  https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1450960 but new.

  I discovered that my ec2 instances based off of Canonical supplied AMI
  ami-0a23d90349664c6ee *(us-east-2), have dev mounted mounted without
  the nosuid option.

  https://us-east-2.console.aws.amazon.com/ec2/home?region=us-
  east-2#Images:visibility=public-images;imageId=ami-0a23d90349664c6ee

  My usb installed 20.04.4 home machine does not have this problem, but
  it has been installed for quite some time.  My 22.04 laptop machine
  also does not have this issue.

  Reproduce.
  Start an ec2 instance based off of ami-0a23d90349664c6ee.
  $ mount | grep devtmpfs
  nosuid is not found in the options list.

  I've checked the initrd, and /etc/init.d/udev script and all places I
  know of where dev gets mounted set nosuid, so it's non-obvious what
  boot code-path is being taken that results in nosuid missing.

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: udev 245.4-4ubuntu3.18
  ProcVersionSignature: Ubuntu 5.15.0-1020.24~20.04.1-aws 5.15.53
  Uname: Linux 5.15.0-1020-aws x86_64
  ApportVersion: 2.20.11-0ubuntu27.24
  Architecture: amd64
  CasperMD5CheckResult: skip
  CustomUdevRuleFiles: 60-cdrom_id.rules 70-snap.snapd.rules
  Date: Thu Oct  6 17:39:42 2022
  Ec2AMI: ami-0a23d90349664c6ee
  Ec2AMIManifest: (unknown)
  Ec2AvailabilityZone: us-east-2c
  Ec2InstanceType: t2.medium
  Ec2Kernel: unavailable
  Ec2Ramdisk: unavailable
  Lsusb: Error: command ['lsusb'] failed with exit code 1:
  Lsusb-t:

  Lsusb-v: Error: command ['lsusb', '-v'] failed with exit code 1:
  MachineType: Xen HVM domU
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   LANG=C.UTF-8
   SHELL=/bin/bash
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.15.0-1020-aws 
root=PARTUUID=5bb90437-9efc-421d-aa94-c512c3b666a3 ro console=tty1 
console=ttyS0 nvme_core.io_timeout=4294967295 panic=-1
  SourcePackage: systemd
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 08/24/2006
  dmi.bios.release: 4.2
  dmi.bios.vendor: Xen
  dmi.bios.version: 4.2.amazon
  dmi.chassis.type: 1
  dmi.chassis.vendor: Xen
  dmi.modalias: 
dmi:bvnXen:bvr4.2.amazon:bd08/24/2006:br4.2:svnXen:pnHVMdomU:pvr4.2.amazon:cvnXen:ct1:cvr:sku:
  dmi.product.name: HVM domU
  dmi.product.version: 4.2.amazon
  dmi.sys.vendor: Xen

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1991975/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1992102] [NEW] package initramfs-tools 0.140ubuntu13 failed to install/upgrade: installed initramfs-tools package post-installation script subprocess returned error exit status 1

2022-10-06 Thread Mark Fisher

Public bug reported:

using synaptic package manager to install uogrades, error message at
end.

ProblemType: Package
DistroRelease: Ubuntu 22.04
Package: initramfs-tools 0.140ubuntu13
ProcVersionSignature: Ubuntu 5.15.0-48.54-generic 5.15.53
Uname: Linux 5.15.0-48-generic x86_64
ApportVersion: 2.20.11-0ubuntu82.1
Architecture: amd64
CasperMD5CheckResult: unknown
Date: Thu Oct  6 22:23:55 2022
ErrorMessage: installed initramfs-tools package post-installation script 
subprocess returned error exit status 1
InstallationDate: Installed on 2014-12-08 (2859 days ago)
InstallationMedia: Ubuntu 14.04.1 LTS "Trusty Tahr" - Release amd64 (20140722.2)
PackageArchitecture: all
Python3Details: /usr/bin/python3.10, Python 3.10.6, python3-minimal, 
3.10.6-1~22.04
PythonDetails: N/A
RelatedPackageVersions:
 dpkg 1.21.1ubuntu2.1
 apt  2.4.8
SourcePackage: initramfs-tools
Title: package initramfs-tools 0.140ubuntu13 failed to install/upgrade: 
installed initramfs-tools package post-installation script subprocess returned 
error exit status 1
UpgradeStatus: Upgraded to jammy on 2022-08-20 (47 days ago)

** Affects: initramfs-tools (Ubuntu)
 Importance: Undecided
 Status: New


** Tags: amd64 apport-package jammy need-duplicate-check

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to initramfs-tools in Ubuntu.
https://bugs.launchpad.net/bugs/1992102

Title:
  package initramfs-tools 0.140ubuntu13 failed to install/upgrade:
  installed initramfs-tools package post-installation script subprocess
  returned error exit status 1

Status in initramfs-tools package in Ubuntu:
  New

Bug description:
  using synaptic package manager to install uogrades, error message at
  end.

  ProblemType: Package
  DistroRelease: Ubuntu 22.04
  Package: initramfs-tools 0.140ubuntu13
  ProcVersionSignature: Ubuntu 5.15.0-48.54-generic 5.15.53
  Uname: Linux 5.15.0-48-generic x86_64
  ApportVersion: 2.20.11-0ubuntu82.1
  Architecture: amd64
  CasperMD5CheckResult: unknown
  Date: Thu Oct  6 22:23:55 2022
  ErrorMessage: installed initramfs-tools package post-installation script 
subprocess returned error exit status 1
  InstallationDate: Installed on 2014-12-08 (2859 days ago)
  InstallationMedia: Ubuntu 14.04.1 LTS "Trusty Tahr" - Release amd64 
(20140722.2)
  PackageArchitecture: all
  Python3Details: /usr/bin/python3.10, Python 3.10.6, python3-minimal, 
3.10.6-1~22.04
  PythonDetails: N/A
  RelatedPackageVersions:
   dpkg 1.21.1ubuntu2.1
   apt  2.4.8
  SourcePackage: initramfs-tools
  Title: package initramfs-tools 0.140ubuntu13 failed to install/upgrade: 
installed initramfs-tools package post-installation script subprocess returned 
error exit status 1
  UpgradeStatus: Upgraded to jammy on 2022-08-20 (47 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/1992102/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1991975] Re: dev file system is mounted without nosuid

** Also affects: linux (Ubuntu Jammy)
   Importance: Undecided
   Status: New

** Also affects: systemd (Ubuntu Jammy)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1991975

Title:
  dev file system is mounted without nosuid

Status in linux package in Ubuntu:
  Confirmed
Status in systemd package in Ubuntu:
  Confirmed
Status in linux source package in Focal:
  Confirmed
Status in systemd source package in Focal:
  Confirmed
Status in linux source package in Jammy:
  New
Status in systemd source package in Jammy:
  New

Bug description:
  This is similar to
  https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1450960 but new.

  I discovered that my ec2 instances based off of Canonical supplied AMI
  ami-0a23d90349664c6ee *(us-east-2), have dev mounted mounted without
  the nosuid option.

  https://us-east-2.console.aws.amazon.com/ec2/home?region=us-
  east-2#Images:visibility=public-images;imageId=ami-0a23d90349664c6ee

  My usb installed 20.04.4 home machine does not have this problem, but
  it has been installed for quite some time.  My 22.04 laptop machine
  also does not have this issue.

  Reproduce.
  Start an ec2 instance based off of ami-0a23d90349664c6ee.
  $ mount | grep devtmpfs
  nosuid is not found in the options list.

  I've checked the initrd, and /etc/init.d/udev script and all places I
  know of where dev gets mounted set nosuid, so it's non-obvious what
  boot code-path is being taken that results in nosuid missing.

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: udev 245.4-4ubuntu3.18
  ProcVersionSignature: Ubuntu 5.15.0-1020.24~20.04.1-aws 5.15.53
  Uname: Linux 5.15.0-1020-aws x86_64
  ApportVersion: 2.20.11-0ubuntu27.24
  Architecture: amd64
  CasperMD5CheckResult: skip
  CustomUdevRuleFiles: 60-cdrom_id.rules 70-snap.snapd.rules
  Date: Thu Oct  6 17:39:42 2022
  Ec2AMI: ami-0a23d90349664c6ee
  Ec2AMIManifest: (unknown)
  Ec2AvailabilityZone: us-east-2c
  Ec2InstanceType: t2.medium
  Ec2Kernel: unavailable
  Ec2Ramdisk: unavailable
  Lsusb: Error: command ['lsusb'] failed with exit code 1:
  Lsusb-t:

  Lsusb-v: Error: command ['lsusb', '-v'] failed with exit code 1:
  MachineType: Xen HVM domU
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   LANG=C.UTF-8
   SHELL=/bin/bash
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.15.0-1020-aws 
root=PARTUUID=5bb90437-9efc-421d-aa94-c512c3b666a3 ro console=tty1 
console=ttyS0 nvme_core.io_timeout=4294967295 panic=-1
  SourcePackage: systemd
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 08/24/2006
  dmi.bios.release: 4.2
  dmi.bios.vendor: Xen
  dmi.bios.version: 4.2.amazon
  dmi.chassis.type: 1
  dmi.chassis.vendor: Xen
  dmi.modalias: 
dmi:bvnXen:bvr4.2.amazon:bd08/24/2006:br4.2:svnXen:pnHVMdomU:pvr4.2.amazon:cvnXen:ct1:cvr:sku:
  dmi.product.name: HVM domU
  dmi.product.version: 4.2.amazon
  dmi.sys.vendor: Xen

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1991975/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1991975] Re: dev file system is mounted without nosuid

Looks like Kees already found this years ago.  
https://lore.kernel.org/lkml/YcMfDOyrg647RCmd@debian-BULLSEYE-live-builder-AMD64/T/

Looks like it was accepted as commit 28f0c335dd4a1 in 5.17.  So I think
we should apply this patch and the corresponding set
CONFIG_DEVTMPFS_SAFE=y at least for the aws kernel and preferably all
the 5.15 kernels.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1991975

Title:
  dev file system is mounted without nosuid

Status in linux package in Ubuntu:
  Confirmed
Status in systemd package in Ubuntu:
  Confirmed
Status in linux source package in Focal:
  Confirmed
Status in systemd source package in Focal:
  Confirmed
Status in linux source package in Jammy:
  New
Status in systemd source package in Jammy:
  New

Bug description:
  This is similar to
  https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1450960 but new.

  I discovered that my ec2 instances based off of Canonical supplied AMI
  ami-0a23d90349664c6ee *(us-east-2), have dev mounted mounted without
  the nosuid option.

  https://us-east-2.console.aws.amazon.com/ec2/home?region=us-
  east-2#Images:visibility=public-images;imageId=ami-0a23d90349664c6ee

  My usb installed 20.04.4 home machine does not have this problem, but
  it has been installed for quite some time.  My 22.04 laptop machine
  also does not have this issue.

  Reproduce.
  Start an ec2 instance based off of ami-0a23d90349664c6ee.
  $ mount | grep devtmpfs
  nosuid is not found in the options list.

  I've checked the initrd, and /etc/init.d/udev script and all places I
  know of where dev gets mounted set nosuid, so it's non-obvious what
  boot code-path is being taken that results in nosuid missing.

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: udev 245.4-4ubuntu3.18
  ProcVersionSignature: Ubuntu 5.15.0-1020.24~20.04.1-aws 5.15.53
  Uname: Linux 5.15.0-1020-aws x86_64
  ApportVersion: 2.20.11-0ubuntu27.24
  Architecture: amd64
  CasperMD5CheckResult: skip
  CustomUdevRuleFiles: 60-cdrom_id.rules 70-snap.snapd.rules
  Date: Thu Oct  6 17:39:42 2022
  Ec2AMI: ami-0a23d90349664c6ee
  Ec2AMIManifest: (unknown)
  Ec2AvailabilityZone: us-east-2c
  Ec2InstanceType: t2.medium
  Ec2Kernel: unavailable
  Ec2Ramdisk: unavailable
  Lsusb: Error: command ['lsusb'] failed with exit code 1:
  Lsusb-t:

  Lsusb-v: Error: command ['lsusb', '-v'] failed with exit code 1:
  MachineType: Xen HVM domU
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   LANG=C.UTF-8
   SHELL=/bin/bash
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.15.0-1020-aws 
root=PARTUUID=5bb90437-9efc-421d-aa94-c512c3b666a3 ro console=tty1 
console=ttyS0 nvme_core.io_timeout=4294967295 panic=-1
  SourcePackage: systemd
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 08/24/2006
  dmi.bios.release: 4.2
  dmi.bios.vendor: Xen
  dmi.bios.version: 4.2.amazon
  dmi.chassis.type: 1
  dmi.chassis.vendor: Xen
  dmi.modalias: 
dmi:bvnXen:bvr4.2.amazon:bd08/24/2006:br4.2:svnXen:pnHVMdomU:pvr4.2.amazon:cvnXen:ct1:cvr:sku:
  dmi.product.name: HVM domU
  dmi.product.version: 4.2.amazon
  dmi.sys.vendor: Xen

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1991975/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1992100] [NEW] LibreOffice Failure

2022-10-06 Thread Alexander Zuniga U.

Public bug reported:

I’ve made tree reports thinking that it was some extension of the
Firefox browser, such as the dark reader and Grammarly, in fact I
deactivated them and my computer worked better.

Last night I reinstalled them, but the fault reappeared. I uninstalled
Grammarly and reported it assuming that was the bug. Instead, I
installed another text corrector that is endorsed by the extension
community web browser and has worked very well.

A few minutes ago, while using the LibreOffice, Google Translate and the
new text corrector, the bug appeared again.

This time was by placing a small window with the browser name in the
upper left of my LibreOffice, something that is not the first time I
saw.

Other times the fail has manifested more severely and as a flickering
video glitch not only with the Firefox browser and add-ons, but with
other features of the computer. But this time I think it's a LibreOffice
word processor bug.

ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: xorg 1:7.7+23ubuntu2
ProcVersionSignature: Ubuntu 5.15.0-48.54-generic 5.15.53
Uname: Linux 5.15.0-48-generic x86_64
ApportVersion: 2.20.11-0ubuntu82.1
Architecture: amd64
BootLog: Error: [Errno 13] Permiso denegado: '/var/log/boot.log'
CasperMD5CheckResult: pass
CompositorRunning: None
CurrentDesktop: ubuntu:GNOME
Date: Thu Oct  6 15:02:44 2022
DistUpgraded: Fresh install
DistroCodename: jammy
DistroVariant: ubuntu
ExtraDebuggingInterest: Yes, if not too technical
GraphicsCard:
 Intel Corporation Haswell-ULT Integrated Graphics Controller [8086:0a06] (rev 
0b) (prog-if 00 [VGA controller])
   Subsystem: Dell Haswell-ULT Integrated Graphics Controller [1028:0651]
InstallationDate: Installed on 2022-09-30 (6 days ago)
InstallationMedia: Ubuntu 22.04.1 LTS "Jammy Jellyfish" - Release amd64 
(20220809.1)
MachineType: Dell Inc. Inspiron 3442
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.15.0-48-generic 
root=UUID=2cd3ff22-e8b5-40a0-a450-10456d1ac17a ro quiet splash vt.handoff=7
SourcePackage: xorg
Symptom: display
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 02/24/2014
dmi.bios.release: 0.0
dmi.bios.vendor: Dell Inc.
dmi.bios.version: A00
dmi.board.name: 0878RH
dmi.board.vendor: Dell Inc.
dmi.board.version: A00
dmi.chassis.type: 8
dmi.chassis.vendor: Dell Inc.
dmi.chassis.version: Not Specified
dmi.ec.firmware.release: 0.0
dmi.modalias: 
dmi:bvnDellInc.:bvrA00:bd02/24/2014:br0.0:efr0.0:svnDellInc.:pnInspiron3442:pvrNotSpecified:rvnDellInc.:rn0878RH:rvrA00:cvnDellInc.:ct8:cvrNotSpecified:sku0651:
dmi.product.name: Inspiron 3442
dmi.product.sku: 0651
dmi.product.version: Not Specified
dmi.sys.vendor: Dell Inc.
version.compiz: compiz N/A
version.libdrm2: libdrm2 2.4.110-1ubuntu1
version.libgl1-mesa-dri: libgl1-mesa-dri 22.0.5-0ubuntu0.1
version.libgl1-mesa-glx: libgl1-mesa-glx N/A
version.xserver-xorg-core: xserver-xorg-core 2:21.1.3-2ubuntu2.1
version.xserver-xorg-input-evdev: xserver-xorg-input-evdev N/A
version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:19.1.0-2ubuntu1
version.xserver-xorg-video-intel: xserver-xorg-video-intel 
2:2.99.917+git20210115-1
version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 1:1.0.17-2build1

** Affects: xorg (Ubuntu)
 Importance: Undecided
 Status: New


** Tags: amd64 apport-bug corruption jammy ubuntu wayland-session

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to xorg in Ubuntu.
https://bugs.launchpad.net/bugs/1992100

Title:
  LibreOffice Failure

Status in xorg package in Ubuntu:
  New

Bug description:
  I’ve made tree reports thinking that it was some extension of the
  Firefox browser, such as the dark reader and Grammarly, in fact I
  deactivated them and my computer worked better.

  Last night I reinstalled them, but the fault reappeared. I uninstalled
  Grammarly and reported it assuming that was the bug. Instead, I
  installed another text corrector that is endorsed by the extension
  community web browser and has worked very well.

  A few minutes ago, while using the LibreOffice, Google Translate and
  the new text corrector, the bug appeared again.

  This time was by placing a small window with the browser name in the
  upper left of my LibreOffice, something that is not the first time I
  saw.

  Other times the fail has manifested more severely and as a flickering
  video glitch not only with the Firefox browser and add-ons, but with
  other features of the computer. But this time I think it's a
  LibreOffice word processor bug.

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: xorg 1:7.7+23ubuntu2
  ProcVersionSignature: Ubuntu 5.15.0-48.54-generic 5.15.53
  Uname: Linux 5.15.0-48-generic x86_64
  ApportVersion: 2.20.11-0ubuntu82.1
  Architecture: amd64
  BootLog: Error: [Errno 13] Permiso denegado: '/var/log/boot.log'
  CasperMD5CheckResult: pass
  CompositorRunning: None
  CurrentDesktop: ubuntu:GNOME
  Date: Thu Oct  6 15:02:44

[Touch-packages] [Bug 1991975] Re: dev file system is mounted without nosuid

2022-10-06 Thread Simon Déziel

I can confirm the issue on an *old* GCP instance:

$ mount | grep devtmp
devtmpfs on /dev type devtmpfs 
(rw,relatime,size=490260k,nr_inodes=122565,mode=755,inode64)

$ cat /etc/cloud/build.info
build_name: server
serial: 20200902

$ uname -a
Linux mx1 5.15.0-1018-gcp #24~20.04.1-Ubuntu SMP Mon Sep 12 06:14:01 UTC 2022 
x86_64 x86_64 x86_64 GNU/Linux

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1991975

Title:
  dev file system is mounted without nosuid

Status in linux package in Ubuntu:
  Confirmed
Status in systemd package in Ubuntu:
  Confirmed
Status in linux source package in Focal:
  Confirmed
Status in systemd source package in Focal:
  Confirmed

Bug description:
  This is similar to
  https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1450960 but new.

  I discovered that my ec2 instances based off of Canonical supplied AMI
  ami-0a23d90349664c6ee *(us-east-2), have dev mounted mounted without
  the nosuid option.

  https://us-east-2.console.aws.amazon.com/ec2/home?region=us-
  east-2#Images:visibility=public-images;imageId=ami-0a23d90349664c6ee

  My usb installed 20.04.4 home machine does not have this problem, but
  it has been installed for quite some time.  My 22.04 laptop machine
  also does not have this issue.

  Reproduce.
  Start an ec2 instance based off of ami-0a23d90349664c6ee.
  $ mount | grep devtmpfs
  nosuid is not found in the options list.

  I've checked the initrd, and /etc/init.d/udev script and all places I
  know of where dev gets mounted set nosuid, so it's non-obvious what
  boot code-path is being taken that results in nosuid missing.

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: udev 245.4-4ubuntu3.18
  ProcVersionSignature: Ubuntu 5.15.0-1020.24~20.04.1-aws 5.15.53
  Uname: Linux 5.15.0-1020-aws x86_64
  ApportVersion: 2.20.11-0ubuntu27.24
  Architecture: amd64
  CasperMD5CheckResult: skip
  CustomUdevRuleFiles: 60-cdrom_id.rules 70-snap.snapd.rules
  Date: Thu Oct  6 17:39:42 2022
  Ec2AMI: ami-0a23d90349664c6ee
  Ec2AMIManifest: (unknown)
  Ec2AvailabilityZone: us-east-2c
  Ec2InstanceType: t2.medium
  Ec2Kernel: unavailable
  Ec2Ramdisk: unavailable
  Lsusb: Error: command ['lsusb'] failed with exit code 1:
  Lsusb-t:

  Lsusb-v: Error: command ['lsusb', '-v'] failed with exit code 1:
  MachineType: Xen HVM domU
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   LANG=C.UTF-8
   SHELL=/bin/bash
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.15.0-1020-aws 
root=PARTUUID=5bb90437-9efc-421d-aa94-c512c3b666a3 ro console=tty1 
console=ttyS0 nvme_core.io_timeout=4294967295 panic=-1
  SourcePackage: systemd
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 08/24/2006
  dmi.bios.release: 4.2
  dmi.bios.vendor: Xen
  dmi.bios.version: 4.2.amazon
  dmi.chassis.type: 1
  dmi.chassis.vendor: Xen
  dmi.modalias: 
dmi:bvnXen:bvr4.2.amazon:bd08/24/2006:br4.2:svnXen:pnHVMdomU:pvr4.2.amazon:cvnXen:ct1:cvr:sku:
  dmi.product.name: HVM domU
  dmi.product.version: 4.2.amazon
  dmi.sys.vendor: Xen

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1991975/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1991975] Re: dev file system is mounted without nosuid

Status changed to 'Confirmed' because the bug affects multiple users.

** Changed in: systemd (Ubuntu Focal)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1991975

Title:
  dev file system is mounted without nosuid

Status in linux package in Ubuntu:
  Confirmed
Status in systemd package in Ubuntu:
  Confirmed
Status in linux source package in Focal:
  Confirmed
Status in systemd source package in Focal:
  Confirmed

Bug description:
  This is similar to
  https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1450960 but new.

  I discovered that my ec2 instances based off of Canonical supplied AMI
  ami-0a23d90349664c6ee *(us-east-2), have dev mounted mounted without
  the nosuid option.

  https://us-east-2.console.aws.amazon.com/ec2/home?region=us-
  east-2#Images:visibility=public-images;imageId=ami-0a23d90349664c6ee

  My usb installed 20.04.4 home machine does not have this problem, but
  it has been installed for quite some time.  My 22.04 laptop machine
  also does not have this issue.

  Reproduce.
  Start an ec2 instance based off of ami-0a23d90349664c6ee.
  $ mount | grep devtmpfs
  nosuid is not found in the options list.

  I've checked the initrd, and /etc/init.d/udev script and all places I
  know of where dev gets mounted set nosuid, so it's non-obvious what
  boot code-path is being taken that results in nosuid missing.

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: udev 245.4-4ubuntu3.18
  ProcVersionSignature: Ubuntu 5.15.0-1020.24~20.04.1-aws 5.15.53
  Uname: Linux 5.15.0-1020-aws x86_64
  ApportVersion: 2.20.11-0ubuntu27.24
  Architecture: amd64
  CasperMD5CheckResult: skip
  CustomUdevRuleFiles: 60-cdrom_id.rules 70-snap.snapd.rules
  Date: Thu Oct  6 17:39:42 2022
  Ec2AMI: ami-0a23d90349664c6ee
  Ec2AMIManifest: (unknown)
  Ec2AvailabilityZone: us-east-2c
  Ec2InstanceType: t2.medium
  Ec2Kernel: unavailable
  Ec2Ramdisk: unavailable
  Lsusb: Error: command ['lsusb'] failed with exit code 1:
  Lsusb-t:

  Lsusb-v: Error: command ['lsusb', '-v'] failed with exit code 1:
  MachineType: Xen HVM domU
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   LANG=C.UTF-8
   SHELL=/bin/bash
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.15.0-1020-aws 
root=PARTUUID=5bb90437-9efc-421d-aa94-c512c3b666a3 ro console=tty1 
console=ttyS0 nvme_core.io_timeout=4294967295 panic=-1
  SourcePackage: systemd
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 08/24/2006
  dmi.bios.release: 4.2
  dmi.bios.vendor: Xen
  dmi.bios.version: 4.2.amazon
  dmi.chassis.type: 1
  dmi.chassis.vendor: Xen
  dmi.modalias: 
dmi:bvnXen:bvr4.2.amazon:bd08/24/2006:br4.2:svnXen:pnHVMdomU:pvr4.2.amazon:cvnXen:ct1:cvr:sku:
  dmi.product.name: HVM domU
  dmi.product.version: 4.2.amazon
  dmi.sys.vendor: Xen

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1991975/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1991975] Re: dev file system is mounted without nosuid

Status changed to 'Confirmed' because the bug affects multiple users.

** Changed in: linux (Ubuntu Focal)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1991975

Title:
  dev file system is mounted without nosuid

Status in linux package in Ubuntu:
  Confirmed
Status in systemd package in Ubuntu:
  Confirmed
Status in linux source package in Focal:
  Confirmed
Status in systemd source package in Focal:
  Confirmed

Bug description:
  This is similar to
  https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1450960 but new.

  I discovered that my ec2 instances based off of Canonical supplied AMI
  ami-0a23d90349664c6ee *(us-east-2), have dev mounted mounted without
  the nosuid option.

  https://us-east-2.console.aws.amazon.com/ec2/home?region=us-
  east-2#Images:visibility=public-images;imageId=ami-0a23d90349664c6ee

  My usb installed 20.04.4 home machine does not have this problem, but
  it has been installed for quite some time.  My 22.04 laptop machine
  also does not have this issue.

  Reproduce.
  Start an ec2 instance based off of ami-0a23d90349664c6ee.
  $ mount | grep devtmpfs
  nosuid is not found in the options list.

  I've checked the initrd, and /etc/init.d/udev script and all places I
  know of where dev gets mounted set nosuid, so it's non-obvious what
  boot code-path is being taken that results in nosuid missing.

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: udev 245.4-4ubuntu3.18
  ProcVersionSignature: Ubuntu 5.15.0-1020.24~20.04.1-aws 5.15.53
  Uname: Linux 5.15.0-1020-aws x86_64
  ApportVersion: 2.20.11-0ubuntu27.24
  Architecture: amd64
  CasperMD5CheckResult: skip
  CustomUdevRuleFiles: 60-cdrom_id.rules 70-snap.snapd.rules
  Date: Thu Oct  6 17:39:42 2022
  Ec2AMI: ami-0a23d90349664c6ee
  Ec2AMIManifest: (unknown)
  Ec2AvailabilityZone: us-east-2c
  Ec2InstanceType: t2.medium
  Ec2Kernel: unavailable
  Ec2Ramdisk: unavailable
  Lsusb: Error: command ['lsusb'] failed with exit code 1:
  Lsusb-t:

  Lsusb-v: Error: command ['lsusb', '-v'] failed with exit code 1:
  MachineType: Xen HVM domU
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   LANG=C.UTF-8
   SHELL=/bin/bash
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.15.0-1020-aws 
root=PARTUUID=5bb90437-9efc-421d-aa94-c512c3b666a3 ro console=tty1 
console=ttyS0 nvme_core.io_timeout=4294967295 panic=-1
  SourcePackage: systemd
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 08/24/2006
  dmi.bios.release: 4.2
  dmi.bios.vendor: Xen
  dmi.bios.version: 4.2.amazon
  dmi.chassis.type: 1
  dmi.chassis.vendor: Xen
  dmi.modalias: 
dmi:bvnXen:bvr4.2.amazon:bd08/24/2006:br4.2:svnXen:pnHVMdomU:pvr4.2.amazon:cvnXen:ct1:cvr:sku:
  dmi.product.name: HVM domU
  dmi.product.version: 4.2.amazon
  dmi.sys.vendor: Xen

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1991975/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1991975] Re: dev file system is mounted without nosuid

Status changed to 'Confirmed' because the bug affects multiple users.

** Changed in: systemd (Ubuntu)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1991975

Title:
  dev file system is mounted without nosuid

Status in linux package in Ubuntu:
  Confirmed
Status in systemd package in Ubuntu:
  Confirmed
Status in linux source package in Focal:
  Confirmed
Status in systemd source package in Focal:
  Confirmed

Bug description:
  This is similar to
  https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1450960 but new.

  I discovered that my ec2 instances based off of Canonical supplied AMI
  ami-0a23d90349664c6ee *(us-east-2), have dev mounted mounted without
  the nosuid option.

  https://us-east-2.console.aws.amazon.com/ec2/home?region=us-
  east-2#Images:visibility=public-images;imageId=ami-0a23d90349664c6ee

  My usb installed 20.04.4 home machine does not have this problem, but
  it has been installed for quite some time.  My 22.04 laptop machine
  also does not have this issue.

  Reproduce.
  Start an ec2 instance based off of ami-0a23d90349664c6ee.
  $ mount | grep devtmpfs
  nosuid is not found in the options list.

  I've checked the initrd, and /etc/init.d/udev script and all places I
  know of where dev gets mounted set nosuid, so it's non-obvious what
  boot code-path is being taken that results in nosuid missing.

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: udev 245.4-4ubuntu3.18
  ProcVersionSignature: Ubuntu 5.15.0-1020.24~20.04.1-aws 5.15.53
  Uname: Linux 5.15.0-1020-aws x86_64
  ApportVersion: 2.20.11-0ubuntu27.24
  Architecture: amd64
  CasperMD5CheckResult: skip
  CustomUdevRuleFiles: 60-cdrom_id.rules 70-snap.snapd.rules
  Date: Thu Oct  6 17:39:42 2022
  Ec2AMI: ami-0a23d90349664c6ee
  Ec2AMIManifest: (unknown)
  Ec2AvailabilityZone: us-east-2c
  Ec2InstanceType: t2.medium
  Ec2Kernel: unavailable
  Ec2Ramdisk: unavailable
  Lsusb: Error: command ['lsusb'] failed with exit code 1:
  Lsusb-t:

  Lsusb-v: Error: command ['lsusb', '-v'] failed with exit code 1:
  MachineType: Xen HVM domU
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   LANG=C.UTF-8
   SHELL=/bin/bash
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.15.0-1020-aws 
root=PARTUUID=5bb90437-9efc-421d-aa94-c512c3b666a3 ro console=tty1 
console=ttyS0 nvme_core.io_timeout=4294967295 panic=-1
  SourcePackage: systemd
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 08/24/2006
  dmi.bios.release: 4.2
  dmi.bios.vendor: Xen
  dmi.bios.version: 4.2.amazon
  dmi.chassis.type: 1
  dmi.chassis.vendor: Xen
  dmi.modalias: 
dmi:bvnXen:bvr4.2.amazon:bd08/24/2006:br4.2:svnXen:pnHVMdomU:pvr4.2.amazon:cvnXen:ct1:cvr:sku:
  dmi.product.name: HVM domU
  dmi.product.version: 4.2.amazon
  dmi.sys.vendor: Xen

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1991975/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1991592] Re: openssh-server should ship a systemd generator to generate ssh socket port configuration from sshd_config

2022-10-06 Thread Corey Reichle

> False. It is documented in the manpage,

I looked in the manpage for my install, and no mention of socket
activation.

I looked in the README.Debian, and it indicated you can switch to socket
activation, over standard daemonization, if you choose, by masking sshd,
and enabling sshd.socket, and starting sshd.socket instead.

Maybe it's in the new release.  I am basing my info on where I
encountered this issue.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1991592

Title:
  openssh-server should ship a systemd generator to generate ssh socket
  port configuration from sshd_config

Status in openssh package in Ubuntu:
  Triaged

Bug description:
  A criticism of the existing sshd socket activation implementation is
  that Port/ListenAddress options are migrated on a one-time basis at
  package upgrade time, and afterwards users get the surprising behavior
  that Port/ListenAddress settings added to sshd_config are ignored.

  A systemd generator could be used to change the ssh socket unit
  configuration on boot, and on each change of /etc/ssh/sshd_config.
  Sample implementation from Dimitri:

  ssh.socket:
  [Unit]
  Wants=sshd-config.path

  #
  # Note the below defaults are cleared and overriden by
  #/lib/systemd/system-generators/sshd-generator
  # based on the sshd config from the sshd -T output
  #
  ListenStream=[::]:22
  ListenStream=0.0.0.0:22

  diff --git a/systemd/sshd-config.path b/systemd/sshd-config.path
  new file mode 100644
  index 0..cfa9674a3
  --- /dev/null
  +++ b/systemd/sshd-config.path
  @@ -0,0 +1,4 @@
  +[Unit]
  +ConditionPathExists=!/etc/ssh/sshd_not_to_be_run
  +[Path]
  +PathChanged=/etc/ssh/sshd_config
  diff --git a/systemd/sshd-config.service b/systemd/sshd-config.service
  new file mode 100644
  index 0..b009ea52c
  --- /dev/null
  +++ b/systemd/sshd-config.service
  @@ -0,0 +1,5 @@
  +[Unit]
  +Description=Regenerate ssh.socket.d/ssh-listen.conf drop-in
  +
  +[Service]
  +ExecStart=/bin/systemctl daemon-reload
  diff --git a/systemd/sshd-generator b/systemd/sshd-generator
  new file mode 100755
  index 0..72c6aac04
  --- /dev/null
  +++ b/systemd/sshd-generator
  @@ -0,0 +1,10 @@
  +#!/bin/sh
  +set -eu
  +mkdir -p /run/sshd
  +sshd -t
  +mkdir -p $1/ssh.socket.d
  +target="$1/ssh.socket.d/ssh-listen.conf"
  +echo '[Socket]' > $target
  +echo 'ListenStream=' >> $target
  +sshd -T | sed -n 's/^listenaddress /ListenStream=/p' >> $target
  +rmdir --ignore-fail-on-non-empty /run/sshd

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1991592/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1991975] Re: dev file system is mounted without nosuid

I was hoping to work around this in /etc/init.d/udev, but it looks like that 
gets redirected to systemctl via
. lib/lsb/init-functions


** Description changed:

  This is similar to
  https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1450960 but new.
  
  I discovered that my ec2 instances based off of Canonical supplied AMI
  ami-0a23d90349664c6ee *(us-east-2), have dev mounted mounted without the
  nosuid option.
  
  https://us-east-2.console.aws.amazon.com/ec2/home?region=us-
  east-2#Images:visibility=public-images;imageId=ami-0a23d90349664c6ee
  
  My usb installed 20.04.4 home machine does not have this problem, but it
  has been installed for quite some time.  My 22.04 laptop machine also
  does not have this issue.
  
  Reproduce.
  Start an ec2 instance based off of ami-0a23d90349664c6ee.
- $ mount | grep devtmpfs 
- nosuid found in the options list.
+ $ mount | grep devtmpfs
+ nosuid is not found in the options list.
  
  I've checked the initrd, and /etc/init.d/udev script and all places I
  know of where dev gets mounted set nosuid, so it's non-obvious what boot
  code-path is being taken that results in nosuid missing.
  
  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: udev 245.4-4ubuntu3.18
  ProcVersionSignature: Ubuntu 5.15.0-1020.24~20.04.1-aws 5.15.53
  Uname: Linux 5.15.0-1020-aws x86_64
  ApportVersion: 2.20.11-0ubuntu27.24
  Architecture: amd64
  CasperMD5CheckResult: skip
  CustomUdevRuleFiles: 60-cdrom_id.rules 70-snap.snapd.rules
  Date: Thu Oct  6 17:39:42 2022
  Ec2AMI: ami-0a23d90349664c6ee
  Ec2AMIManifest: (unknown)
  Ec2AvailabilityZone: us-east-2c
  Ec2InstanceType: t2.medium
  Ec2Kernel: unavailable
  Ec2Ramdisk: unavailable
  Lsusb: Error: command ['lsusb'] failed with exit code 1:
  Lsusb-t:
-  
+ 
  Lsusb-v: Error: command ['lsusb', '-v'] failed with exit code 1:
  MachineType: Xen HVM domU
  ProcEnviron:
-  TERM=xterm-256color
-  PATH=(custom, no user)
-  LANG=C.UTF-8
-  SHELL=/bin/bash
+  TERM=xterm-256color
+  PATH=(custom, no user)
+  LANG=C.UTF-8
+  SHELL=/bin/bash
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.15.0-1020-aws 
root=PARTUUID=5bb90437-9efc-421d-aa94-c512c3b666a3 ro console=tty1 
console=ttyS0 nvme_core.io_timeout=4294967295 panic=-1
  SourcePackage: systemd
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 08/24/2006
  dmi.bios.release: 4.2
  dmi.bios.vendor: Xen
  dmi.bios.version: 4.2.amazon
  dmi.chassis.type: 1
  dmi.chassis.vendor: Xen
  dmi.modalias: 
dmi:bvnXen:bvr4.2.amazon:bd08/24/2006:br4.2:svnXen:pnHVMdomU:pvr4.2.amazon:cvnXen:ct1:cvr:sku:
  dmi.product.name: HVM domU
  dmi.product.version: 4.2.amazon
  dmi.sys.vendor: Xen

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1991975

Title:
  dev file system is mounted without nosuid

Status in linux package in Ubuntu:
  Confirmed
Status in systemd package in Ubuntu:
  New
Status in linux source package in Focal:
  New
Status in systemd source package in Focal:
  New

Bug description:
  This is similar to
  https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1450960 but new.

  I discovered that my ec2 instances based off of Canonical supplied AMI
  ami-0a23d90349664c6ee *(us-east-2), have dev mounted mounted without
  the nosuid option.

  https://us-east-2.console.aws.amazon.com/ec2/home?region=us-
  east-2#Images:visibility=public-images;imageId=ami-0a23d90349664c6ee

  My usb installed 20.04.4 home machine does not have this problem, but
  it has been installed for quite some time.  My 22.04 laptop machine
  also does not have this issue.

  Reproduce.
  Start an ec2 instance based off of ami-0a23d90349664c6ee.
  $ mount | grep devtmpfs
  nosuid is not found in the options list.

  I've checked the initrd, and /etc/init.d/udev script and all places I
  know of where dev gets mounted set nosuid, so it's non-obvious what
  boot code-path is being taken that results in nosuid missing.

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: udev 245.4-4ubuntu3.18
  ProcVersionSignature: Ubuntu 5.15.0-1020.24~20.04.1-aws 5.15.53
  Uname: Linux 5.15.0-1020-aws x86_64
  ApportVersion: 2.20.11-0ubuntu27.24
  Architecture: amd64
  CasperMD5CheckResult: skip
  CustomUdevRuleFiles: 60-cdrom_id.rules 70-snap.snapd.rules
  Date: Thu Oct  6 17:39:42 2022
  Ec2AMI: ami-0a23d90349664c6ee
  Ec2AMIManifest: (unknown)
  Ec2AvailabilityZone: us-east-2c
  Ec2InstanceType: t2.medium
  Ec2Kernel: unavailable
  Ec2Ramdisk: unavailable
  Lsusb: Error: command ['lsusb'] failed with exit code 1:
  Lsusb-t:

  Lsusb-v: Error: command ['lsusb', '-v'] failed with exit code 1:
  MachineType: Xen HVM domU
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   LANG=C.UTF-8
   SHELL=/bin/bash
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.15.0-1020-aws 
root=PARTUUID=5bb90437-9efc-421d-aa94-c512c3b666a3 ro console=tty1 
console=ttyS0

[Touch-packages] [Bug 1991492] Re: Upgrade to version 1.1.0

2022-10-06 Thread IOhannes m zmoelnig

libsndfile-1.1.0 is now (2022-09-06) packaged in Debian and will
automatically be imported into Ubuntu with the next DebianImport.

Unfortunately we missed the freeze deadline for 22.10/kinetic, which
means that the first Ubuntu version with the new library version will be
23.04

** Changed in: libsndfile (Ubuntu)
   Status: New => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libsndfile in Ubuntu.
https://bugs.launchpad.net/bugs/1991492

Title:
  Upgrade to version 1.1.0

Status in libsndfile package in Ubuntu:
  Fix Committed

Bug description:
  Version 1.1.0 (released in March 2022) brings MP3 encoding/decoding
  support. It would be great if the version here could be updated.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libsndfile/+bug/1991492/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1991975] Re: dev file system is mounted without nosuid

So far I've only tested focal AWS images, but this may likely exist
elsewhere as well.

** Also affects: linux (Ubuntu Focal)
   Importance: Undecided
   Status: New

** Also affects: systemd (Ubuntu Focal)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1991975

Title:
  dev file system is mounted without nosuid

Status in linux package in Ubuntu:
  Confirmed
Status in systemd package in Ubuntu:
  New
Status in linux source package in Focal:
  New
Status in systemd source package in Focal:
  New

Bug description:
  This is similar to
  https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1450960 but new.

  I discovered that my ec2 instances based off of Canonical supplied AMI
  ami-0a23d90349664c6ee *(us-east-2), have dev mounted mounted without
  the nosuid option.

  https://us-east-2.console.aws.amazon.com/ec2/home?region=us-
  east-2#Images:visibility=public-images;imageId=ami-0a23d90349664c6ee

  My usb installed 20.04.4 home machine does not have this problem, but
  it has been installed for quite some time.  My 22.04 laptop machine
  also does not have this issue.

  Reproduce.
  Start an ec2 instance based off of ami-0a23d90349664c6ee.
  $ mount | grep devtmpfs 
  nosuid found in the options list.

  I've checked the initrd, and /etc/init.d/udev script and all places I
  know of where dev gets mounted set nosuid, so it's non-obvious what
  boot code-path is being taken that results in nosuid missing.

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: udev 245.4-4ubuntu3.18
  ProcVersionSignature: Ubuntu 5.15.0-1020.24~20.04.1-aws 5.15.53
  Uname: Linux 5.15.0-1020-aws x86_64
  ApportVersion: 2.20.11-0ubuntu27.24
  Architecture: amd64
  CasperMD5CheckResult: skip
  CustomUdevRuleFiles: 60-cdrom_id.rules 70-snap.snapd.rules
  Date: Thu Oct  6 17:39:42 2022
  Ec2AMI: ami-0a23d90349664c6ee
  Ec2AMIManifest: (unknown)
  Ec2AvailabilityZone: us-east-2c
  Ec2InstanceType: t2.medium
  Ec2Kernel: unavailable
  Ec2Ramdisk: unavailable
  Lsusb: Error: command ['lsusb'] failed with exit code 1:
  Lsusb-t:
   
  Lsusb-v: Error: command ['lsusb', '-v'] failed with exit code 1:
  MachineType: Xen HVM domU
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   LANG=C.UTF-8
   SHELL=/bin/bash
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.15.0-1020-aws 
root=PARTUUID=5bb90437-9efc-421d-aa94-c512c3b666a3 ro console=tty1 
console=ttyS0 nvme_core.io_timeout=4294967295 panic=-1
  SourcePackage: systemd
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 08/24/2006
  dmi.bios.release: 4.2
  dmi.bios.vendor: Xen
  dmi.bios.version: 4.2.amazon
  dmi.chassis.type: 1
  dmi.chassis.vendor: Xen
  dmi.modalias: 
dmi:bvnXen:bvr4.2.amazon:bd08/24/2006:br4.2:svnXen:pnHVMdomU:pvr4.2.amazon:cvnXen:ct1:cvr:sku:
  dmi.product.name: HVM domU
  dmi.product.version: 4.2.amazon
  dmi.sys.vendor: Xen

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1991975/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1992025] [NEW] When sudo does not require a password, it alters stty as though it is reading a password

2022-10-06 Thread M Tyson

Public bug reported:

Summary:
Executing a sudo (that does not require a password) in a /bin/bash script 
leaves the terminal as though it is reading a password (-echo, -icrnl, -ixon, 
-opost, -isig, -icanon, -iexten)

To recreate the problem: (See attached log)

In a fresh install of 22.04.1 (desktop, minimal, do not load updates, no
update done beyond iso data, running under Virtualbox on a Mac), I set
up a new user that can run "sudo sleep" without a password.  In a
Terminal, I demonstrate this, running "stty -a" before and after the
"sudo sleep". Then I create a bash script with those same commands.
When that script is run, the stty after the "sudo sleep" shows that the
state of the terminal has been altered (-echo, etc.)

The log starts immediately after the reboot after installing 22.04.1. I
decline to do the update when it is offered. (The bug appears even if I
do the update on 22.04.1, but I decline the update to make sure this is
repeatable.)

Basically, the steps are
  Create user "testuser"
  Add a file to /etc/sudoers.d that gives testuser sudo privs, with no password 
required for sleep.  (nor for "grep", but I dropped the use of grep in the demo)
  su - testuser
  Interactively, in the terminal, I show that "sudo sleep 30 &"  does not mess 
with the terminal settings.
  I create a /bin/bash script that includes the same commands (stty -a; sudo 
sleep 10 &; sleep 3; stty -a)
  I execute the script, which alters the terminal settings.(Quite visible on 
the Terminal; not as easily visible in the log file.)


I expect the second "stty -a" to be the same as the first.

I originally saw the bug in 20.04.5 (repeatable but on someone else's
computer) for "sudo tcpdump" but wasn't able to reproduce it in a fresh
install.

ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: sudo 1.9.9-1ubuntu2
ProcVersionSignature: Ubuntu 5.15.0-48.54-generic 5.15.53
Uname: Linux 5.15.0-48-generic x86_64
ApportVersion: 2.20.11-0ubuntu82.1
Architecture: amd64
CasperMD5CheckResult: pass
CurrentDesktop: ubuntu:GNOME
Date: Thu Oct  6 10:40:03 2022
InstallationDate: Installed on 2022-10-06 (0 days ago)
InstallationMedia: Ubuntu 22.04.1 LTS "Jammy Jellyfish" - Release amd64 
(20220809.1)
ProcEnviron:
 TERM=xterm-256color
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: sudo
UpgradeStatus: No upgrade log present (probably fresh install)
VisudoCheck:
 Error: command ['pkexec', '/usr/sbin/visudo', '-c'] failed with exit code 1: 
/etc/sudoers.d/testuser: bad permissions, should be mode 0440
 /etc/sudoers: parsed OK
 /etc/sudoers.d/README: parsed OK
modified.conffile..etc.sudoers: [inaccessible: [Errno 13] Permission denied: 
'/etc/sudoers']
modified.conffile..etc.sudoers.d.README: [inaccessible: [Errno 13] Permission 
denied: '/etc/sudoers.d/README']

** Affects: sudo (Ubuntu)
 Importance: Undecided
 Status: New


** Tags: amd64 apport-bug jammy wayland-session

** Attachment added: "Log of demoing the bug in a fresh install of Ub22.04.1"
   
https://bugs.launchpad.net/bugs/1992025/+attachment/5621792/+files/sudobug.log

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to sudo in Ubuntu.
https://bugs.launchpad.net/bugs/1992025

Title:
  When sudo does not require a password, it alters stty as though it is
  reading a password

Status in sudo package in Ubuntu:
  New

Bug description:
  Summary:
  Executing a sudo (that does not require a password) in a /bin/bash script 
leaves the terminal as though it is reading a password (-echo, -icrnl, -ixon, 
-opost, -isig, -icanon, -iexten)

  To recreate the problem: (See attached log)

  In a fresh install of 22.04.1 (desktop, minimal, do not load updates,
  no update done beyond iso data, running under Virtualbox on a Mac), I
  set up a new user that can run "sudo sleep" without a password.  In a
  Terminal, I demonstrate this, running "stty -a" before and after the
  "sudo sleep". Then I create a bash script with those same commands.
  When that script is run, the stty after the "sudo sleep" shows that
  the state of the terminal has been altered (-echo, etc.)

  The log starts immediately after the reboot after installing 22.04.1.
  I decline to do the update when it is offered. (The bug appears even
  if I do the update on 22.04.1, but I decline the update to make sure
  this is repeatable.)

  Basically, the steps are
Create user "testuser"
Add a file to /etc/sudoers.d that gives testuser sudo privs, with no 
password required for sleep.  (nor for "grep", but I dropped the use of grep in 
the demo)
su - testuser
Interactively, in the terminal, I show that "sudo sleep 30 &"  does not 
mess with the terminal settings.
I create a /bin/bash script that includes the same commands (stty -a; sudo 
sleep 10 &; sleep 3; stty -a)
I execute the script, which alters the terminal settings.(Quite visible on 
the Terminal; not as easily visible in

Re: [Touch-packages] [Bug 1991592] Re: openssh-server should ship a systemd generator to generate ssh socket port configuration from sshd_config

2022-10-06 Thread Steve Langasek

On Thu, Oct 06, 2022 at 02:34:40PM -, Corey Reichle wrote:
> Nowhere was it documented that sshd now needs two configuration files,
> just to tell it to listen on a port, and address it was already told to
> do.

False.  It is documented in the manpage, in the default sshd_config file
shipped in the package, and in the kinetic release notes.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1991592

Title:
  openssh-server should ship a systemd generator to generate ssh socket
  port configuration from sshd_config

Status in openssh package in Ubuntu:
  Triaged

Bug description:
  A criticism of the existing sshd socket activation implementation is
  that Port/ListenAddress options are migrated on a one-time basis at
  package upgrade time, and afterwards users get the surprising behavior
  that Port/ListenAddress settings added to sshd_config are ignored.

  A systemd generator could be used to change the ssh socket unit
  configuration on boot, and on each change of /etc/ssh/sshd_config.
  Sample implementation from Dimitri:

  ssh.socket:
  [Unit]
  Wants=sshd-config.path

  #
  # Note the below defaults are cleared and overriden by
  #/lib/systemd/system-generators/sshd-generator
  # based on the sshd config from the sshd -T output
  #
  ListenStream=[::]:22
  ListenStream=0.0.0.0:22

  diff --git a/systemd/sshd-config.path b/systemd/sshd-config.path
  new file mode 100644
  index 0..cfa9674a3
  --- /dev/null
  +++ b/systemd/sshd-config.path
  @@ -0,0 +1,4 @@
  +[Unit]
  +ConditionPathExists=!/etc/ssh/sshd_not_to_be_run
  +[Path]
  +PathChanged=/etc/ssh/sshd_config
  diff --git a/systemd/sshd-config.service b/systemd/sshd-config.service
  new file mode 100644
  index 0..b009ea52c
  --- /dev/null
  +++ b/systemd/sshd-config.service
  @@ -0,0 +1,5 @@
  +[Unit]
  +Description=Regenerate ssh.socket.d/ssh-listen.conf drop-in
  +
  +[Service]
  +ExecStart=/bin/systemctl daemon-reload
  diff --git a/systemd/sshd-generator b/systemd/sshd-generator
  new file mode 100755
  index 0..72c6aac04
  --- /dev/null
  +++ b/systemd/sshd-generator
  @@ -0,0 +1,10 @@
  +#!/bin/sh
  +set -eu
  +mkdir -p /run/sshd
  +sshd -t
  +mkdir -p $1/ssh.socket.d
  +target="$1/ssh.socket.d/ssh-listen.conf"
  +echo '[Socket]' > $target
  +echo 'ListenStream=' >> $target
  +sshd -T | sed -n 's/^listenaddress /ListenStream=/p' >> $target
  +rmdir --ignore-fail-on-non-empty /run/sshd

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1991592/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1991975] Status changed to Confirmed

2022-10-06 Thread Ubuntu Kernel Bot

This change was made by a bot.

** Changed in: linux (Ubuntu)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1991975

Title:
  dev file system is mounted without nosuid

Status in linux package in Ubuntu:
  Confirmed
Status in systemd package in Ubuntu:
  New

Bug description:
  This is similar to
  https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1450960 but new.

  I discovered that my ec2 instances based off of Canonical supplied AMI
  ami-0a23d90349664c6ee *(us-east-2), have dev mounted mounted without
  the nosuid option.

  https://us-east-2.console.aws.amazon.com/ec2/home?region=us-
  east-2#Images:visibility=public-images;imageId=ami-0a23d90349664c6ee

  My usb installed 20.04.4 home machine does not have this problem, but
  it has been installed for quite some time.  My 22.04 laptop machine
  also does not have this issue.

  Reproduce.
  Start an ec2 instance based off of ami-0a23d90349664c6ee.
  $ mount | grep devtmpfs 
  nosuid found in the options list.

  I've checked the initrd, and /etc/init.d/udev script and all places I
  know of where dev gets mounted set nosuid, so it's non-obvious what
  boot code-path is being taken that results in nosuid missing.

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: udev 245.4-4ubuntu3.18
  ProcVersionSignature: Ubuntu 5.15.0-1020.24~20.04.1-aws 5.15.53
  Uname: Linux 5.15.0-1020-aws x86_64
  ApportVersion: 2.20.11-0ubuntu27.24
  Architecture: amd64
  CasperMD5CheckResult: skip
  CustomUdevRuleFiles: 60-cdrom_id.rules 70-snap.snapd.rules
  Date: Thu Oct  6 17:39:42 2022
  Ec2AMI: ami-0a23d90349664c6ee
  Ec2AMIManifest: (unknown)
  Ec2AvailabilityZone: us-east-2c
  Ec2InstanceType: t2.medium
  Ec2Kernel: unavailable
  Ec2Ramdisk: unavailable
  Lsusb: Error: command ['lsusb'] failed with exit code 1:
  Lsusb-t:
   
  Lsusb-v: Error: command ['lsusb', '-v'] failed with exit code 1:
  MachineType: Xen HVM domU
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   LANG=C.UTF-8
   SHELL=/bin/bash
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.15.0-1020-aws 
root=PARTUUID=5bb90437-9efc-421d-aa94-c512c3b666a3 ro console=tty1 
console=ttyS0 nvme_core.io_timeout=4294967295 panic=-1
  SourcePackage: systemd
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 08/24/2006
  dmi.bios.release: 4.2
  dmi.bios.vendor: Xen
  dmi.bios.version: 4.2.amazon
  dmi.chassis.type: 1
  dmi.chassis.vendor: Xen
  dmi.modalias: 
dmi:bvnXen:bvr4.2.amazon:bd08/24/2006:br4.2:svnXen:pnHVMdomU:pvr4.2.amazon:cvnXen:ct1:cvr:sku:
  dmi.product.name: HVM domU
  dmi.product.version: 4.2.amazon
  dmi.sys.vendor: Xen

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1991975/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1991975] Re: dev file system is mounted without nosuid

** Also affects: linux (Ubuntu)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1991975

Title:
  dev file system is mounted without nosuid

Status in linux package in Ubuntu:
  Confirmed
Status in systemd package in Ubuntu:
  New

Bug description:
  This is similar to
  https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1450960 but new.

  I discovered that my ec2 instances based off of Canonical supplied AMI
  ami-0a23d90349664c6ee *(us-east-2), have dev mounted mounted without
  the nosuid option.

  https://us-east-2.console.aws.amazon.com/ec2/home?region=us-
  east-2#Images:visibility=public-images;imageId=ami-0a23d90349664c6ee

  My usb installed 20.04.4 home machine does not have this problem, but
  it has been installed for quite some time.  My 22.04 laptop machine
  also does not have this issue.

  Reproduce.
  Start an ec2 instance based off of ami-0a23d90349664c6ee.
  $ mount | grep devtmpfs 
  nosuid found in the options list.

  I've checked the initrd, and /etc/init.d/udev script and all places I
  know of where dev gets mounted set nosuid, so it's non-obvious what
  boot code-path is being taken that results in nosuid missing.

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: udev 245.4-4ubuntu3.18
  ProcVersionSignature: Ubuntu 5.15.0-1020.24~20.04.1-aws 5.15.53
  Uname: Linux 5.15.0-1020-aws x86_64
  ApportVersion: 2.20.11-0ubuntu27.24
  Architecture: amd64
  CasperMD5CheckResult: skip
  CustomUdevRuleFiles: 60-cdrom_id.rules 70-snap.snapd.rules
  Date: Thu Oct  6 17:39:42 2022
  Ec2AMI: ami-0a23d90349664c6ee
  Ec2AMIManifest: (unknown)
  Ec2AvailabilityZone: us-east-2c
  Ec2InstanceType: t2.medium
  Ec2Kernel: unavailable
  Ec2Ramdisk: unavailable
  Lsusb: Error: command ['lsusb'] failed with exit code 1:
  Lsusb-t:
   
  Lsusb-v: Error: command ['lsusb', '-v'] failed with exit code 1:
  MachineType: Xen HVM domU
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   LANG=C.UTF-8
   SHELL=/bin/bash
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.15.0-1020-aws 
root=PARTUUID=5bb90437-9efc-421d-aa94-c512c3b666a3 ro console=tty1 
console=ttyS0 nvme_core.io_timeout=4294967295 panic=-1
  SourcePackage: systemd
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 08/24/2006
  dmi.bios.release: 4.2
  dmi.bios.vendor: Xen
  dmi.bios.version: 4.2.amazon
  dmi.chassis.type: 1
  dmi.chassis.vendor: Xen
  dmi.modalias: 
dmi:bvnXen:bvr4.2.amazon:bd08/24/2006:br4.2:svnXen:pnHVMdomU:pvr4.2.amazon:cvnXen:ct1:cvr:sku:
  dmi.product.name: HVM domU
  dmi.product.version: 4.2.amazon
  dmi.sys.vendor: Xen

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1991975/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1991975] Re: dev file system is mounted without nosuid

2022-10-06 Thread Dan Watkins

I suspect this is something to do with initrd-less boot: it's usually
the initramfs which mounts /dev:
https://git.launchpad.net/ubuntu/+source/initramfs-tools/tree/init#n40

The comment above that line is:

# Note that this only becomes /dev on the real filesystem if udev's scripts
# are used; which they will be, but it's worth pointing out

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1991975

Title:
  dev file system is mounted without nosuid

Status in linux package in Ubuntu:
  New
Status in systemd package in Ubuntu:
  New

Bug description:
  This is similar to
  https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1450960 but new.

  I discovered that my ec2 instances based off of Canonical supplied AMI
  ami-0a23d90349664c6ee *(us-east-2), have dev mounted mounted without
  the nosuid option.

  https://us-east-2.console.aws.amazon.com/ec2/home?region=us-
  east-2#Images:visibility=public-images;imageId=ami-0a23d90349664c6ee

  My usb installed 20.04.4 home machine does not have this problem, but
  it has been installed for quite some time.  My 22.04 laptop machine
  also does not have this issue.

  Reproduce.
  Start an ec2 instance based off of ami-0a23d90349664c6ee.
  $ mount | grep devtmpfs 
  nosuid found in the options list.

  I've checked the initrd, and /etc/init.d/udev script and all places I
  know of where dev gets mounted set nosuid, so it's non-obvious what
  boot code-path is being taken that results in nosuid missing.

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: udev 245.4-4ubuntu3.18
  ProcVersionSignature: Ubuntu 5.15.0-1020.24~20.04.1-aws 5.15.53
  Uname: Linux 5.15.0-1020-aws x86_64
  ApportVersion: 2.20.11-0ubuntu27.24
  Architecture: amd64
  CasperMD5CheckResult: skip
  CustomUdevRuleFiles: 60-cdrom_id.rules 70-snap.snapd.rules
  Date: Thu Oct  6 17:39:42 2022
  Ec2AMI: ami-0a23d90349664c6ee
  Ec2AMIManifest: (unknown)
  Ec2AvailabilityZone: us-east-2c
  Ec2InstanceType: t2.medium
  Ec2Kernel: unavailable
  Ec2Ramdisk: unavailable
  Lsusb: Error: command ['lsusb'] failed with exit code 1:
  Lsusb-t:
   
  Lsusb-v: Error: command ['lsusb', '-v'] failed with exit code 1:
  MachineType: Xen HVM domU
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   LANG=C.UTF-8
   SHELL=/bin/bash
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.15.0-1020-aws 
root=PARTUUID=5bb90437-9efc-421d-aa94-c512c3b666a3 ro console=tty1 
console=ttyS0 nvme_core.io_timeout=4294967295 panic=-1
  SourcePackage: systemd
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 08/24/2006
  dmi.bios.release: 4.2
  dmi.bios.vendor: Xen
  dmi.bios.version: 4.2.amazon
  dmi.chassis.type: 1
  dmi.chassis.vendor: Xen
  dmi.modalias: 
dmi:bvnXen:bvr4.2.amazon:bd08/24/2006:br4.2:svnXen:pnHVMdomU:pvr4.2.amazon:cvnXen:ct1:cvr:sku:
  dmi.product.name: HVM domU
  dmi.product.version: 4.2.amazon
  dmi.sys.vendor: Xen

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1991975/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1974196] Re: Installing libudev1 on a new Jammy installation uninstalls many packages.

2022-10-06 Thread bamwu

Glad this got fixed. Just looked at the diff. Seems like it should work
as advertised. What about those of use who got leveled by this bug? Is
there a recommended way to get a 1974196-horked installation working
again without a full reinstall? ... keeping in mind that networking is
somehow screwed up too, so even though I can log in (sans-gui) and see
all of my files, I can't run apt or download anything with curl.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1974196

Title:
  Installing libudev1 on a new Jammy installation uninstalls many
  packages.

Status in apt package in Ubuntu:
  Fix Released
Status in apt source package in Jammy:
  Fix Released
Status in apt source package in Kinetic:
  Fix Released

Bug description:
  [Impact]
  On an Ubuntu 22.04 desktop system created using the current installation 
image without enabling package updates over the network, installing the package 
libudev1 results in a large number of critical packages being removed and 
rendering the system essentially unusable.

  [Test plan]
  Comprehensive regression test suite validating a full solver dump with the 
issue is run as autopkgtest.

  [Where problems could occur]
  We could break other things from resolving. The solver is a bit finicky. 
Hopefully this is isolated enough.

  [Other info]

  https://github.com/tfoote/udevdebug/blob/main/Dockerfile is a Dockerfile 
which also demonstrates the issue.
  Building the image, which will install udev 249.11-0ubuntu3 and init 1.62, 
and then running `apt install libudev1` in the generated image results in

  The following packages will be REMOVED:
    libnss-systemd libpam-systemd systemd-timesyncd udev
  The following packages will be upgraded:
    libudev1

  This is completely prevented by ensuring that updates are installed
  from the jammy-updates repository before installing any additional
  packages and that is almost certainly the correct thing to do. But
  this is a punishing result for such a mistake.

  I would expect the installation to either force the upgrade of the
  other systemd packages or refuse to install libudev1 at the incorrect
  version relative to the other systemd packages until the system is
  upgraded.

  We found this out via a user report for ROS 2 Humble which is
  releasing on top of Ubuntu 22.04 next week:
  https://github.com/ros2/ros2/issues/1272

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1974196/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1991975] [NEW] dev file system is mounted without nosuid

Public bug reported:

This is similar to
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1450960 but new.

I discovered that my ec2 instances based off of Canonical supplied AMI
ami-0a23d90349664c6ee *(us-east-2), have dev mounted mounted without the
nosuid option.

https://us-east-2.console.aws.amazon.com/ec2/home?region=us-
east-2#Images:visibility=public-images;imageId=ami-0a23d90349664c6ee

My usb installed 20.04.4 home machine does not have this problem, but it
has been installed for quite some time.  My 22.04 laptop machine also
does not have this issue.

Reproduce.
Start an ec2 instance based off of ami-0a23d90349664c6ee.
$ mount | grep devtmpfs 
nosuid found in the options list.

I've checked the initrd, and /etc/init.d/udev script and all places I
know of where dev gets mounted set nosuid, so it's non-obvious what boot
code-path is being taken that results in nosuid missing.

ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: udev 245.4-4ubuntu3.18
ProcVersionSignature: Ubuntu 5.15.0-1020.24~20.04.1-aws 5.15.53
Uname: Linux 5.15.0-1020-aws x86_64
ApportVersion: 2.20.11-0ubuntu27.24
Architecture: amd64
CasperMD5CheckResult: skip
CustomUdevRuleFiles: 60-cdrom_id.rules 70-snap.snapd.rules
Date: Thu Oct  6 17:39:42 2022
Ec2AMI: ami-0a23d90349664c6ee
Ec2AMIManifest: (unknown)
Ec2AvailabilityZone: us-east-2c
Ec2InstanceType: t2.medium
Ec2Kernel: unavailable
Ec2Ramdisk: unavailable
Lsusb: Error: command ['lsusb'] failed with exit code 1:
Lsusb-t:
 
Lsusb-v: Error: command ['lsusb', '-v'] failed with exit code 1:
MachineType: Xen HVM domU
ProcEnviron:
 TERM=xterm-256color
 PATH=(custom, no user)
 LANG=C.UTF-8
 SHELL=/bin/bash
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.15.0-1020-aws 
root=PARTUUID=5bb90437-9efc-421d-aa94-c512c3b666a3 ro console=tty1 
console=ttyS0 nvme_core.io_timeout=4294967295 panic=-1
SourcePackage: systemd
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 08/24/2006
dmi.bios.release: 4.2
dmi.bios.vendor: Xen
dmi.bios.version: 4.2.amazon
dmi.chassis.type: 1
dmi.chassis.vendor: Xen
dmi.modalias: 
dmi:bvnXen:bvr4.2.amazon:bd08/24/2006:br4.2:svnXen:pnHVMdomU:pvr4.2.amazon:cvnXen:ct1:cvr:sku:
dmi.product.name: HVM domU
dmi.product.version: 4.2.amazon
dmi.sys.vendor: Xen

** Affects: systemd (Ubuntu)
 Importance: Undecided
 Status: New


** Tags: amd64 apport-bug ec2-images focal

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1991975

Title:
  dev file system is mounted without nosuid

Status in systemd package in Ubuntu:
  New

Bug description:
  This is similar to
  https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1450960 but new.

  I discovered that my ec2 instances based off of Canonical supplied AMI
  ami-0a23d90349664c6ee *(us-east-2), have dev mounted mounted without
  the nosuid option.

  https://us-east-2.console.aws.amazon.com/ec2/home?region=us-
  east-2#Images:visibility=public-images;imageId=ami-0a23d90349664c6ee

  My usb installed 20.04.4 home machine does not have this problem, but
  it has been installed for quite some time.  My 22.04 laptop machine
  also does not have this issue.

  Reproduce.
  Start an ec2 instance based off of ami-0a23d90349664c6ee.
  $ mount | grep devtmpfs 
  nosuid found in the options list.

  I've checked the initrd, and /etc/init.d/udev script and all places I
  know of where dev gets mounted set nosuid, so it's non-obvious what
  boot code-path is being taken that results in nosuid missing.

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: udev 245.4-4ubuntu3.18
  ProcVersionSignature: Ubuntu 5.15.0-1020.24~20.04.1-aws 5.15.53
  Uname: Linux 5.15.0-1020-aws x86_64
  ApportVersion: 2.20.11-0ubuntu27.24
  Architecture: amd64
  CasperMD5CheckResult: skip
  CustomUdevRuleFiles: 60-cdrom_id.rules 70-snap.snapd.rules
  Date: Thu Oct  6 17:39:42 2022
  Ec2AMI: ami-0a23d90349664c6ee
  Ec2AMIManifest: (unknown)
  Ec2AvailabilityZone: us-east-2c
  Ec2InstanceType: t2.medium
  Ec2Kernel: unavailable
  Ec2Ramdisk: unavailable
  Lsusb: Error: command ['lsusb'] failed with exit code 1:
  Lsusb-t:
   
  Lsusb-v: Error: command ['lsusb', '-v'] failed with exit code 1:
  MachineType: Xen HVM domU
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   LANG=C.UTF-8
   SHELL=/bin/bash
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.15.0-1020-aws 
root=PARTUUID=5bb90437-9efc-421d-aa94-c512c3b666a3 ro console=tty1 
console=ttyS0 nvme_core.io_timeout=4294967295 panic=-1
  SourcePackage: systemd
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 08/24/2006
  dmi.bios.release: 4.2
  dmi.bios.vendor: Xen
  dmi.bios.version: 4.2.amazon
  dmi.chassis.type: 1
  dmi.chassis.vendor: Xen
  dmi.modalias: 
dmi:bvnXen:bvr4.2.amazon:bd08/24/2006:br4.2:svnXen:pnHVMdomU:pvr4.2.amazon:cvnXen:ct1:cvr:sku:
  dmi.product.name: HVM domU
  dmi.product.version:

Re: [Touch-packages] [Bug 1991592] Re: openssh-server should ship a systemd generator to generate ssh socket port configuration from sshd_config

On Thu, Oct 06, 2022 at 02:34:40PM -, Corey Reichle wrote:
> > Socket activation provides a smoother (runtime) UX for users
> 
> SSHD configuration is not a user issue, but a systems administration
> issue.

Maybe, but more important is the UX for users of ssh clients who aren't
trying to deviate from default configuration, and for users who want
density by default and don't need sshd running on every instance. Socket
activation provides a smoother UX for these user stories.

It sounds like your objections relate to the use of socket activation
and how it is implemented in configuration files in general, rather than
ssh specifically. The same goes for your ideas about moving daemon
configuration into systemd unit files. I think your views on both of
these issues contradict the general direction that our entire ecosystem
is taking. Essentially you seem to be asking for a complete reversal in
direction of how socket activation is used and configured in Debian and
Ubuntu.

You're entitled to your opinions and I wouldn't want to rule anything
out, but this is the wrong venue for these discussions as they are far
wider reaching than just ssh. I suggest you use
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss instead.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1991592

Title:
  openssh-server should ship a systemd generator to generate ssh socket
  port configuration from sshd_config

Status in openssh package in Ubuntu:
  Triaged

Bug description:
  A criticism of the existing sshd socket activation implementation is
  that Port/ListenAddress options are migrated on a one-time basis at
  package upgrade time, and afterwards users get the surprising behavior
  that Port/ListenAddress settings added to sshd_config are ignored.

  A systemd generator could be used to change the ssh socket unit
  configuration on boot, and on each change of /etc/ssh/sshd_config.
  Sample implementation from Dimitri:

  ssh.socket:
  [Unit]
  Wants=sshd-config.path

  #
  # Note the below defaults are cleared and overriden by
  #/lib/systemd/system-generators/sshd-generator
  # based on the sshd config from the sshd -T output
  #
  ListenStream=[::]:22
  ListenStream=0.0.0.0:22

  diff --git a/systemd/sshd-config.path b/systemd/sshd-config.path
  new file mode 100644
  index 0..cfa9674a3
  --- /dev/null
  +++ b/systemd/sshd-config.path
  @@ -0,0 +1,4 @@
  +[Unit]
  +ConditionPathExists=!/etc/ssh/sshd_not_to_be_run
  +[Path]
  +PathChanged=/etc/ssh/sshd_config
  diff --git a/systemd/sshd-config.service b/systemd/sshd-config.service
  new file mode 100644
  index 0..b009ea52c
  --- /dev/null
  +++ b/systemd/sshd-config.service
  @@ -0,0 +1,5 @@
  +[Unit]
  +Description=Regenerate ssh.socket.d/ssh-listen.conf drop-in
  +
  +[Service]
  +ExecStart=/bin/systemctl daemon-reload
  diff --git a/systemd/sshd-generator b/systemd/sshd-generator
  new file mode 100755
  index 0..72c6aac04
  --- /dev/null
  +++ b/systemd/sshd-generator
  @@ -0,0 +1,10 @@
  +#!/bin/sh
  +set -eu
  +mkdir -p /run/sshd
  +sshd -t
  +mkdir -p $1/ssh.socket.d
  +target="$1/ssh.socket.d/ssh-listen.conf"
  +echo '[Socket]' > $target
  +echo 'ListenStream=' >> $target
  +sshd -T | sed -n 's/^listenaddress /ListenStream=/p' >> $target
  +rmdir --ignore-fail-on-non-empty /run/sshd

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1991592/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1700814] Re: Default capability of cap_setfcap+i should be set on setcap

2022-10-06 Thread Dan Bungert

Yes, this appears to be deliberate upstream behavior and I'm not sure we
should revert that.  Marking incomplete, if there is further info please
share.

** Tags removed: foundations-triage-discuss

** Changed in: libcap2 (Ubuntu)
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libcap2 in Ubuntu.
https://bugs.launchpad.net/bugs/1700814

Title:
  Default capability of cap_setfcap+i should be set on setcap

Status in libcap2 package in Ubuntu:
  Incomplete

Bug description:
  If I grant a user (via pam_cap) cap_setfcap+i, I would then expect
  them to be able to use setcap without sudo. setcap is not provided
  with any default file capabilities however, so either the user has to
  sudo, or I have to grant the setfcap capability to setcap with setcap.

  In my mind, it would be reasonable to grant setfcap+i to setcap by
  default on installation.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libcap2/+bug/1700814/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1991829] Re: machinectl read-only does not work

** Changed in: systemd (Ubuntu Kinetic)
   Status: New => Triaged

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1991829

Title:
  machinectl read-only does not work

Status in systemd package in Ubuntu:
  Triaged
Status in systemd source package in Focal:
  New
Status in systemd source package in Jammy:
  New
Status in systemd source package in Kinetic:
  Triaged

Bug description:
  [impact]

  machinectl read-only does not work

  [test case]

  On a system where the systemd machines dir is *not* on a btrfs volume
  (e.g. it's on a normal ext4 fs), create an image 'test' and then:

  $ sudo machinectl image-status test
  test
  Type: directory
  Path: /var/lib/machines/test
  Hostname: ubuntu
OS: Ubuntu 20.04.5 LTS
RO: writable
   Created: Wed 2022-10-05 13:41:15 EDT; 34s ago

  $ sudo machinectl read-only test
  Could not mark image read-only: Access denied

  [regression potential]

  failure marking images ro or rw

  [scope]

  this is needed in all releases that include machinectl

  this is fixed upstream by 137d162c42ed858613afc3d7493d08d4ae6d5c1b

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1991829/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1977630] Re: machinectl pull-tar/pull-raw Operation not permitted

2022-10-06 Thread Matthieu Clemenceau

** Tags removed: foundations-triage-discuss
** Tags added: foundations-todo

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1977630

Title:
  machinectl pull-tar/pull-raw Operation not permitted

Status in systemd package in Ubuntu:
  Fix Released
Status in systemd source package in Jammy:
  Triaged

Bug description:
  [impact]

  machinectl pull-tar does not work, ever

  [test case]

  see comment 2

  [regression potential]

  problems/failures during pull-tar operation

  [scope]

  needed only in j

  fixed (indirectly) by upstream commit referenced in original
  description, which is included in v250, so fixed already in k

  pull-tar does not fail on f; no fix needed there

  [original description]

  There is a bug in systemd 249, where one can't pull any images. This
  was fixed in version 250, and never got backported. (FIX:
  
https://github.com/systemd/systemd/commit/c40d82abf7b23803aa7394a7a7e24c40c32af851)

  Hopefully this can be addressed.

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: systemd-container 249.11-0ubuntu3.1
  ProcVersionSignature: Ubuntu 5.15.0-35.36-generic 5.15.35
  Uname: Linux 5.15.0-35-generic x86_64
  NonfreeKernelModules: zfs zunicode zcommon znvpair zavl icp
  ApportVersion: 2.20.11-0ubuntu82.1
  Architecture: amd64
  CasperMD5CheckResult: pass
  CurrentDesktop: ubuntu:GNOME
  Date: Sat Jun  4 04:51:42 2022
  InstallationDate: Installed on 2022-06-01 (2 days ago)
  InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - Release amd64 
(20220419)
  SourcePackage: systemd
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1977630/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1795278] Re: software-properties-{qt, kde} attempts to use KUrl but it doesn't exist

2022-10-06 Thread Steve Langasek

** Tags removed: rls-kk-incoming
** Tags added: rls-kk-notfix

** Tags removed: rls-kk-notfix
** Tags added: rls-kk-notfixing

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to software-properties in
Ubuntu.
https://bugs.launchpad.net/bugs/1795278

Title:
  software-properties-{qt,kde} attempts to use KUrl but it doesn't exist

Status in software-properties package in Ubuntu:
  Triaged
Status in software-properties source package in Focal:
  Triaged
Status in software-properties source package in Jammy:
  Triaged
Status in software-properties source package in Kinetic:
  Triaged

Bug description:
  Release: Kubuntu 18.04
  Version: 0.96.24.32.1

  When clicking the "Import Key" button in the "Authentication" section
  of the panel it throws this error:

  Traceback (most recent call last):
File 
"/usr/lib/python3/dist-packages/softwareproperties/kde/SoftwarePropertiesKDE.py",
 line 667, in add_key_clicked
  url = KUrl.fromPath(home)
  NameError: name 'KUrl' is not defined

  While this doesn't crash the program it causes nothing to happen when
  clicking the button. Running the program in a terminal reveals the
  error being printed to stderr.

  After debugging it appears KUrl doesn't exist anywhere and I'm not
  sure if's a python module that has changed.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1795278/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1991598] Re: laptop not reliably going to sleep when lid closed on battery power

2022-10-06 Thread Jonathan Kamens

See: https://github.com/jikamens/remember-the-yubikey

The relevant part here is that the unit file just starts up a shell
script that checks if my YubiKey is plugged in, and if it isn't it
exits.

I don't keep my YubiKey plugged in when the laptop is closed and idle —
and it certainly wasn't plugged in when I observed it staying up for
hours despite being closed and idle before filing this ticket — so I
doubt this is relevant. Also, if it WERE relevant, the problem wouldn't
be intermittent.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1991598

Title:
  laptop not reliably going to sleep when lid closed on battery power

Status in linux package in Ubuntu:
  Incomplete
Status in systemd package in Ubuntu:
  Incomplete

Bug description:
  I have the shell configured to lock the screen when I close the lid
  and go to sleep after 20 idle minutes on battery power.

  Immediately before I opened my laptop and unlocked it to submit this
  bug, the laptop was unplugged from battery power and sitting with the
  lid closed for hours and never went to sleep.

  When I opened the lid I found it locked as it should have been, so
  that's apparently not the issue. The issue is that it just never went
  to sleep even though it was idle for hours.

  This is a regression from Jammy.

  ProblemType: Bug
  DistroRelease: Ubuntu 22.10
  Package: gnome-shell 43.0-1ubuntu1
  ProcVersionSignature: Ubuntu 5.19.0-15.15-generic 5.19.0
  Uname: Linux 5.19.0-15-generic x86_64
  ApportVersion: 2.23.0-0ubuntu2
  Architecture: amd64
  CasperMD5CheckResult: unknown
  CurrentDesktop: ubuntu:GNOME
  Date: Mon Oct  3 21:24:57 2022
  DisplayManager: gdm3
  InstallationDate: Installed on 2019-08-16 (1144 days ago)
  InstallationMedia: Ubuntu 19.04 "Disco Dingo" - Release amd64 (20190416)
  RelatedPackageVersions: mutter-common 43.0-1ubuntu1
  SourcePackage: gnome-shell
  UpgradeStatus: Upgraded to kinetic on 2022-09-24 (9 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1991598/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1991761] Re: Backport packages for 22.04.2 HWE stack

** Tags added: foundations-triage-discuss

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to mesa in Ubuntu.
https://bugs.launchpad.net/bugs/1991761

Title:
  Backport packages for 22.04.2 HWE stack

Status in directx-headers package in Ubuntu:
  Invalid
Status in libdrm package in Ubuntu:
  Invalid
Status in llvm-toolchain-15 package in Ubuntu:
  Invalid
Status in mesa package in Ubuntu:
  Invalid
Status in directx-headers source package in Jammy:
  New
Status in libdrm source package in Jammy:
  New
Status in llvm-toolchain-15 source package in Jammy:
  New
Status in mesa source package in Jammy:
  New

Bug description:
  WIP

  directx-headers

  libdrm

  llvm-15

  mesa

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/directx-headers/+bug/1991761/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1991598] Re: laptop not reliably going to sleep when lid closed on battery power

Looking at the attached journal logs, there's a lot of Yubikey service
activity between the lid closed and lid opened lines. Do you use a
third-party package to handle your Yubikey, by any chance?

** Changed in: systemd (Ubuntu)
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1991598

Title:
  laptop not reliably going to sleep when lid closed on battery power

Status in linux package in Ubuntu:
  Incomplete
Status in systemd package in Ubuntu:
  Incomplete

Bug description:
  I have the shell configured to lock the screen when I close the lid
  and go to sleep after 20 idle minutes on battery power.

  Immediately before I opened my laptop and unlocked it to submit this
  bug, the laptop was unplugged from battery power and sitting with the
  lid closed for hours and never went to sleep.

  When I opened the lid I found it locked as it should have been, so
  that's apparently not the issue. The issue is that it just never went
  to sleep even though it was idle for hours.

  This is a regression from Jammy.

  ProblemType: Bug
  DistroRelease: Ubuntu 22.10
  Package: gnome-shell 43.0-1ubuntu1
  ProcVersionSignature: Ubuntu 5.19.0-15.15-generic 5.19.0
  Uname: Linux 5.19.0-15-generic x86_64
  ApportVersion: 2.23.0-0ubuntu2
  Architecture: amd64
  CasperMD5CheckResult: unknown
  CurrentDesktop: ubuntu:GNOME
  Date: Mon Oct  3 21:24:57 2022
  DisplayManager: gdm3
  InstallationDate: Installed on 2019-08-16 (1144 days ago)
  InstallationMedia: Ubuntu 19.04 "Disco Dingo" - Release amd64 (20190416)
  RelatedPackageVersions: mutter-common 43.0-1ubuntu1
  SourcePackage: gnome-shell
  UpgradeStatus: Upgraded to kinetic on 2022-09-24 (9 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1991598/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1991592] Re: openssh-server should ship a systemd generator to generate ssh socket port configuration from sshd_config

2022-10-06 Thread Corey Reichle

> Socket activation provides a smoother (runtime) UX for users

SSHD configuration is not a user issue, but a systems administration
issue.  A smoother UX for system administrators is a) Fully documented
solutions, or b) One source of truth for all things regarding a service,
hence the push for infrastructure as code - The repo is the one source
of truth for the service.

> Why do you think it's preferable to have the daemon not started and
without socket activation?

Because, when a systems administrator, or devops person decides to
enable SSH listening...  they expect ssh to be listening.  And they both
expect the documented configuration of openssh to be standard across
everywhere openssh-server is installed.

> Why? What user story is broken by socket activation here?

The user story that prompted this ticket:

I configured ssh to listen on one family, and one address, with another
service listening on 22 on another address, for both families.

Regardless of my nginx configuration and my openssh-server
configuration, unbeknownst to me...  a socket file was dropped for
openssh-server, making nginx failing to start, because it could not bind
to the required ports.

Nowhere was it documented that sshd now needs two configuration files,
just to tell it to listen on a port, and address it was already told to
do.  openssh-server when started didn't mention that it's configure on a
port, that requires a socket.  And my only way to intuit it was to find
init listening on 22 for some god awful reason.

> I'm pretty sure this would result in far more pushback from the
community than merely enabling socket activation.

Are we sure about this?  Pretty certain the push to systemd for the
linux world, would make it pretty easy to figure out the configuration
is now in a unit file, where it should be anyways.  Just like how people
now know that /etc/network/interfaces it not the place to configure the
network now, but rather /etc/netplan/*.yaml.  Its documented, and the
way.

> We'd end up with an order of magnitude more upgrade path issues in
doing this, and we'd be diverging from the entire rest of the community.

This design choice already diverges from the rest of the community.
This is the only distro where a very common service has undocumented
methods of configuring ports.  It's almost like there's a push to re-
create inetd here, without making the required changes to use such a
supervisor service.

>  or even a "ban", on the use of socket activation across all packages
in Ubuntu

I'm not proposing a ban on socket activation, even for this package.
Just one place to configure the service, not two, or three.

> As long as socket activation is a generally acceptable pattern in
Ubuntu, I see no reason why sshd would be expected to be special and not
use it.

If Ubuntu is going the route of multiple places to configure everything,
then perhaps the problem is me, and I need to search for another
solution over Ubuntu.  Because two and three sources of truth is not
optimal, especially when undocumented, at all.  Regardless of an
"accepted pattern".

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1991592

Title:
  openssh-server should ship a systemd generator to generate ssh socket
  port configuration from sshd_config

Status in openssh package in Ubuntu:
  Triaged

Bug description:
  A criticism of the existing sshd socket activation implementation is
  that Port/ListenAddress options are migrated on a one-time basis at
  package upgrade time, and afterwards users get the surprising behavior
  that Port/ListenAddress settings added to sshd_config are ignored.

  A systemd generator could be used to change the ssh socket unit
  configuration on boot, and on each change of /etc/ssh/sshd_config.
  Sample implementation from Dimitri:

  ssh.socket:
  [Unit]
  Wants=sshd-config.path

  #
  # Note the below defaults are cleared and overriden by
  #/lib/systemd/system-generators/sshd-generator
  # based on the sshd config from the sshd -T output
  #
  ListenStream=[::]:22
  ListenStream=0.0.0.0:22

  diff --git a/systemd/sshd-config.path b/systemd/sshd-config.path
  new file mode 100644
  index 0..cfa9674a3
  --- /dev/null
  +++ b/systemd/sshd-config.path
  @@ -0,0 +1,4 @@
  +[Unit]
  +ConditionPathExists=!/etc/ssh/sshd_not_to_be_run
  +[Path]
  +PathChanged=/etc/ssh/sshd_config
  diff --git a/systemd/sshd-config.service b/systemd/sshd-config.service
  new file mode 100644
  index 0..b009ea52c
  --- /dev/null
  +++ b/systemd/sshd-config.service
  @@ -0,0 +1,5 @@
  +[Unit]
  +Description=Regenerate ssh.socket.d/ssh-listen.conf drop-in
  +
  +[Service]
  +ExecStart=/bin/systemctl daemon-reload
  diff --git a/systemd/sshd-generator b/systemd/sshd-generator
  new file mode 100755
  index 0..72c6aac04
  --- /dev/null
  +++ b/systemd/sshd-generator
  @@ -0,0 +1,10 @@

[Touch-packages] [Bug 1977630] Re: machinectl pull-tar/pull-raw Operation not permitted

** Changed in: systemd (Ubuntu)
   Importance: Undecided => High

** Changed in: systemd (Ubuntu Jammy)
   Importance: Undecided => High

** Changed in: systemd (Ubuntu Jammy)
   Status: New => Triaged

** Tags added: foundations-triage-discuss

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1977630

Title:
  machinectl pull-tar/pull-raw Operation not permitted

Status in systemd package in Ubuntu:
  Fix Released
Status in systemd source package in Jammy:
  Triaged

Bug description:
  [impact]

  machinectl pull-tar does not work, ever

  [test case]

  see comment 2

  [regression potential]

  problems/failures during pull-tar operation

  [scope]

  needed only in j

  fixed (indirectly) by upstream commit referenced in original
  description, which is included in v250, so fixed already in k

  pull-tar does not fail on f; no fix needed there

  [original description]

  There is a bug in systemd 249, where one can't pull any images. This
  was fixed in version 250, and never got backported. (FIX:
  
https://github.com/systemd/systemd/commit/c40d82abf7b23803aa7394a7a7e24c40c32af851)

  Hopefully this can be addressed.

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: systemd-container 249.11-0ubuntu3.1
  ProcVersionSignature: Ubuntu 5.15.0-35.36-generic 5.15.35
  Uname: Linux 5.15.0-35-generic x86_64
  NonfreeKernelModules: zfs zunicode zcommon znvpair zavl icp
  ApportVersion: 2.20.11-0ubuntu82.1
  Architecture: amd64
  CasperMD5CheckResult: pass
  CurrentDesktop: ubuntu:GNOME
  Date: Sat Jun  4 04:51:42 2022
  InstallationDate: Installed on 2022-06-01 (2 days ago)
  InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - Release amd64 
(20220419)
  SourcePackage: systemd
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1977630/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Re: [Touch-packages] [Bug 1991592] Re: openssh-server should ship a systemd generator to generate ssh socket port configuration from sshd_config

On Thu, Oct 06, 2022 at 01:04:05PM -, Corey Reichle wrote:
> If the point is to increase density, then sshd should just be off, and
> not automatically started, unless it's required for work.

Socket activation provides a smoother (runtime) UX for users, and is
well established as a mechanism to reduce runtime footprint without any
impact to users who want to use the service. Why do you think it's
preferable to have the daemon not started and without socket activation?

> If ssh is selected at install time, to be installed, and listening, then
> the user expectation is that it is installed, and listening.  Not just
> "listening as needed".

Why? What user story is broken by socket activation here?

> Or, conversely, as I proposed in the original ticket (That somehow got
> marked as a duplicate of this ticket, that was created later):  Migrate
> all configuration for openssh-server out of /etc/ssh/sshd_config, and
> into it's unit file.

I'm pretty sure this would result in far more pushback from the
community than merely enabling socket activation. We'd end up with an
order of magnitude more upgrade path issues in doing this, and we'd be
diverging from the entire rest of the community.

> No, there isn't generally an expectation that you will require two
> wholly unconnected places to be configured for something that is only
> configured in one place for every other distro, and every other OS that
> openssh-server runs on.

It's increasingly common to use socket activation on systemd-based
distros. Ubuntu may be pushing ahead on the sshd side, but socket
activation in general is already in place in various other packages.

I accept that the "two different places" configuration issue arises as a
consequence of socket activation, and this is poor UX. But the general
concept already exists in other areas (eg. After=network-online.service,
and AppArmor), and doing otherwise in the general case would require a
reversal, or even a "ban", on the use of socket activation across all
packages in Ubuntu. I don't think that makes sense, but even if it did,
it'd have to be a bigger discussion than just in this bug. As long as
socket activation is a generally acceptable pattern in Ubuntu, I see no
reason why sshd would be expected to be special and not use it.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1991592

Title:
  openssh-server should ship a systemd generator to generate ssh socket
  port configuration from sshd_config

Status in openssh package in Ubuntu:
  Triaged

Bug description:
  A criticism of the existing sshd socket activation implementation is
  that Port/ListenAddress options are migrated on a one-time basis at
  package upgrade time, and afterwards users get the surprising behavior
  that Port/ListenAddress settings added to sshd_config are ignored.

  A systemd generator could be used to change the ssh socket unit
  configuration on boot, and on each change of /etc/ssh/sshd_config.
  Sample implementation from Dimitri:

  ssh.socket:
  [Unit]
  Wants=sshd-config.path

  #
  # Note the below defaults are cleared and overriden by
  #/lib/systemd/system-generators/sshd-generator
  # based on the sshd config from the sshd -T output
  #
  ListenStream=[::]:22
  ListenStream=0.0.0.0:22

  diff --git a/systemd/sshd-config.path b/systemd/sshd-config.path
  new file mode 100644
  index 0..cfa9674a3
  --- /dev/null
  +++ b/systemd/sshd-config.path
  @@ -0,0 +1,4 @@
  +[Unit]
  +ConditionPathExists=!/etc/ssh/sshd_not_to_be_run
  +[Path]
  +PathChanged=/etc/ssh/sshd_config
  diff --git a/systemd/sshd-config.service b/systemd/sshd-config.service
  new file mode 100644
  index 0..b009ea52c
  --- /dev/null
  +++ b/systemd/sshd-config.service
  @@ -0,0 +1,5 @@
  +[Unit]
  +Description=Regenerate ssh.socket.d/ssh-listen.conf drop-in
  +
  +[Service]
  +ExecStart=/bin/systemctl daemon-reload
  diff --git a/systemd/sshd-generator b/systemd/sshd-generator
  new file mode 100755
  index 0..72c6aac04
  --- /dev/null
  +++ b/systemd/sshd-generator
  @@ -0,0 +1,10 @@
  +#!/bin/sh
  +set -eu
  +mkdir -p /run/sshd
  +sshd -t
  +mkdir -p $1/ssh.socket.d
  +target="$1/ssh.socket.d/ssh-listen.conf"
  +echo '[Socket]' > $target
  +echo 'ListenStream=' >> $target
  +sshd -T | sed -n 's/^listenaddress /ListenStream=/p' >> $target
  +rmdir --ignore-fail-on-non-empty /run/sshd

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1991592/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1955804] Re: make and make test fail

Marking this as invalid, as the correct way to install libcap2 in Ubuntu
would be to use the package manager to do so, e.g. `apt install
libcap2`.

Glad that the issue was eventually resolved, though :)

** Changed in: libcap2 (Ubuntu)
   Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libcap2 in Ubuntu.
https://bugs.launchpad.net/bugs/1955804

Title:
  make and make test fail

Status in libcap2 package in Ubuntu:
  Invalid

Bug description:
  Hello,

  
  make and make test fail like the printscreen following : 

  CGO_LDFLAGS_ALLOW="-Wl,-wrap,.+" 
CGO_CFLAGS="-I/home/ubuntu/programs/libcap-2.32/libcap/include" 
CGO_LDFLAGS="-L/home/ubuntu/programs/libcap-2.32/libcap" 
GOPATH="/home/ubuntu/programs/libcap-2.32/go" go install libcap/psx
  go install: version is required when current directory is not in a module
Try 'go install libcap/psx@latest' to install the latest version
  make[1]: *** [Makefile:37 : pkg/linux_amd64/libcap/psx.a] Erreur 1
  make[1] : on quitte le répertoire « /home/ubuntu/programs/libcap-2.32/go »
  make: *** [Makefile:13 : all] Erreur 2
  root@ubuntu-ThinkPad-X250:/home/ubuntu/programs/libcap-2.32# go install 
libcap/psx@latest
  go install: libcap/psx@latest: malformed module path "libcap/psx": missing 
dot in first path element
  root@ubuntu-ThinkPad-X250:/home/ubuntu/programs/libcap-2.32# 

  thank you in advance to help myself fully install your program,

  Regards.

  
  Dorian ROSSE.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libcap2/+bug/1955804/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1899103] Re: libpam-cap causes PAM applications to crash

** Changed in: libcap2 (Ubuntu)
   Status: Confirmed => Triaged

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libcap2 in Ubuntu.
https://bugs.launchpad.net/bugs/1899103

Title:
  libpam-cap causes PAM applications to crash

Status in libcap2 package in Ubuntu:
  Triaged

Bug description:
  Install ocserv and setup for PAM authentication. On second connection,
  ocserv crashes due to a double free in PAM.

  Repro steps:
  1. Create Dockerfile that installs ocserv + libpam-cap
  ```
  FROM ubuntu:20.04

  RUN apt update && apt install -y ocserv libpam-cap && apt autoremove
  && apt clean

  COPY server-cert.pem /etc/ssl/ocserv_test.cert
  COPY server-key.pem /etc/ssl/ocserv_test.key
  COPY ca-cert.pem /etc/ssl/certs/ssl-cert-snakeoil.pem
  COPY ocserv.conf /etc/ocserv/ocserv.conf

  RUN useradd test
  RUN echo "test\ntest" | passwd test

  ENV MALLOC_CHECK_=3
  CMD ocserv -f -d 1
  ```

  2. Build container:
  ```
  sudo docker build -t ocserv:20.04 .
  ```

  3. Launch container:
  ```
  docker run -p 443:443/tcp -p 443:443/udp -it --rm --device /dev/net/tun 
--cap-add net_admin ocserv:20.04
  ```

  4. From another console, connect / disconnect:
  ```
  while true; do echo test | openconnect https://localhost -u test 
--passwd-on-stdin --servercert 
pin-sha256:qBLVTyoXiFdn+0pW+eSGqnVCEnMbLigVf5vAl1ZewW4= --background && sleep 2 
&& pkill openconnect && sleep 2;done
  ```

  5. ocserv crashes:
  free(): invalid pointer
  ocserv[8]: main: main-sec-mod-cmd.c:106: command socket for sec-mod closed
  ocserv[8]: main: main.c:1179: error in command from sec-mod
  ocserv[8]: main: termination request received; waiting for children to die

  For more details see:
  https://gitlab.com/openconnect/ocserv/-/issues/361

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libcap2/+bug/1899103/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Re: [Touch-packages] [Bug 1991530] Re: After upgrading to Ubuntu 22.10-beta I lost the sound.

2022-10-06 Thread jmst

Hi,

Searching the internet, I found a valid solution for the problem (after 
many failed attempts...). Will the solution last?

https://askubuntu.com/questions/1406646/ubuntu-22-04-audio-output-not-working-dummy-audio

This looks very similar to No sound output devices listed after upgrade 
from 21.10 to 22.04 

that I could solve with:

|sudo touch /usr/share/pipewire/media-session.d/with-pulseaudio 
systemctl --user restart pipewire-session-manager |

(credits go to https://askubuntu.com/users/1156299/adam)

Best regards,

Joaquim Torres

On 03/10/22 15:22, Aaron Rainbolt wrote:
> Can you try running "sudo apt install firmware-sof-signed" and see if
> that resolves the problem?
>

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to alsa-driver in Ubuntu.
https://bugs.launchpad.net/bugs/1991530

Title:
  After upgrading to Ubuntu 22.10-beta I lost the sound.

Status in alsa-driver package in Ubuntu:
  New

Bug description:
  In the list of devices for testing sound I get only "Dummy Output".
  With 22.04 everything was ok.

  ProblemType: Bug
  DistroRelease: Ubuntu 22.10
  Package: alsa-base 1.0.25+dfsg-0ubuntu7
  ProcVersionSignature: Ubuntu 5.19.0-15.15-generic 5.19.0
  Uname: Linux 5.19.0-15-generic x86_64
  ApportVersion: 2.23.0-0ubuntu2
  Architecture: amd64
  AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/by-path', 
'/dev/snd/controlC0', '/dev/snd/hwC0D2', '/dev/snd/hwC0D0', 
'/dev/snd/pcmC0D10p', '/dev/snd/pcmC0D9p', '/dev/snd/pcmC0D8p', 
'/dev/snd/pcmC0D7p', '/dev/snd/pcmC0D3p', '/dev/snd/pcmC0D0c', 
'/dev/snd/pcmC0D0p', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1:
  CasperMD5CheckResult: unknown
  CurrentDesktop: ubuntu:GNOME
  Date: Mon Oct  3 14:27:59 2022
  InstallationDate: Installed on 2019-07-01 (1190 days ago)
  InstallationMedia: Ubuntu 19.04 "Disco Dingo" - Release amd64 (20190416)
  PackageArchitecture: all
  PulseList: Error: command ['pacmd', 'list'] failed with exit code 1: No 
PulseAudio daemon running, or not running as session daemon.
  SourcePackage: alsa-driver
  Symptom: audio
  UpgradeStatus: Upgraded to kinetic on 2022-09-30 (2 days ago)
  dmi.bios.date: 07/15/2022
  dmi.bios.release: 1.33
  dmi.bios.vendor: LENOVO
  dmi.bios.version: R0YET50W (1.33 )
  dmi.board.asset.tag: Not Available
  dmi.board.name: 20NB002BPG
  dmi.board.vendor: LENOVO
  dmi.board.version: SDK0J40697 WIN
  dmi.chassis.asset.tag: No Asset Information
  dmi.chassis.type: 10
  dmi.chassis.vendor: LENOVO
  dmi.chassis.version: None
  dmi.ec.firmware.release: 1.23
  dmi.modalias: 
dmi:bvnLENOVO:bvrR0YET50W(1.33):bd07/15/2022:br1.33:efr1.23:svnLENOVO:pn20NB002BPG:pvrThinkPadE590:rvnLENOVO:rn20NB002BPG:rvrSDK0J40697WIN:cvnLENOVO:ct10:cvrNone:skuLENOVO_MT_20NB_BU_SMB_FM_ThinkPadE590:
  dmi.product.family: ThinkPad E590
  dmi.product.name: 20NB002BPG
  dmi.product.sku: LENOVO_MT_20NB_BU_SMB_FM_ThinkPad E590
  dmi.product.version: ThinkPad E590
  dmi.sys.vendor: LENOVO

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/alsa-driver/+bug/1991530/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1781917] Re: Misleading error message when adding PPA source

Status changed to 'Confirmed' because the bug affects multiple users.

** Changed in: software-properties (Ubuntu)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to software-properties in
Ubuntu.
https://bugs.launchpad.net/bugs/1781917

Title:
  Misleading error message when adding PPA source

Status in software-properties package in Ubuntu:
  Confirmed

Bug description:
  Ubuntu 16.04 LTS

  Please add the exception message to stdout, preferably in all cases
  where an exception is caught.

  When trying to add a ppa source, following error message was displayed

  ~$ sudo add-apt-repository ppa:ubuntu-toolchain-r/test
  Cannot add PPA: 'ppa:~ubuntu-toolchain-r/ubuntu/test'.
  ERROR: '~ubuntu-toolchain-r' user or team does not exist.

  After reading code and adding print statements in ppa.py, came to following 
exception:
   'Error reading 
https://launchpad.net/api/1.0/~ubuntu-toolchain-r/+archive/ubuntu/test: [SSL: 
CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)'

  Exception was thrown by 'get_ppa_info_from_lp(user, ppa)' called in
  'get_ppa_info(shortcut)'

  This has nothing to do with user or team, but was due to wrong
  time/date setting on my machine.

  Googling found that there are more users with the same problem having
  a different root-cause (e.g. proxy server settings)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1781917/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1991592] Re: openssh-server should ship a systemd generator to generate ssh socket port configuration from sshd_config

2022-10-06 Thread Corey Reichle

> The point is to reduce footprint for greater density in production
environments. Most instances don't need an ssh daemon running all the
time.

If the point is to increase density, then sshd should just be off, and
not automatically started, unless it's required for work.

People install openssh-server, so a container/server/whatever has 22
listening on the ports required.

If people need to squeeze 3MB from RAM, a better solution is to just
have them never enable it, except when they need it, using a container
entry point, or some other hook system that turns it on as required, and
then off.

If ssh is selected at install time, to be installed, and listening, then
the user expectation is that it is installed, and listening.  Not just
"listening as needed".

Or, conversely, as I proposed in the original ticket (That somehow got
marked as a duplicate of this ticket, that was created later):  Migrate
all configuration for openssh-server out of /etc/ssh/sshd_config, and
into it's unit file.

No, there isn't generally an expectation that you will require two
wholly unconnected places to be configured for something that is only
configured in one place for every other distro, and every other OS that
openssh-server runs on.

One configuration to rule them all, so to speak.  And I think at this
point, moving config for openssh-server into a unit file, is probably
the best course.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1991592

Title:
  openssh-server should ship a systemd generator to generate ssh socket
  port configuration from sshd_config

Status in openssh package in Ubuntu:
  Triaged

Bug description:
  A criticism of the existing sshd socket activation implementation is
  that Port/ListenAddress options are migrated on a one-time basis at
  package upgrade time, and afterwards users get the surprising behavior
  that Port/ListenAddress settings added to sshd_config are ignored.

  A systemd generator could be used to change the ssh socket unit
  configuration on boot, and on each change of /etc/ssh/sshd_config.
  Sample implementation from Dimitri:

  ssh.socket:
  [Unit]
  Wants=sshd-config.path

  #
  # Note the below defaults are cleared and overriden by
  #/lib/systemd/system-generators/sshd-generator
  # based on the sshd config from the sshd -T output
  #
  ListenStream=[::]:22
  ListenStream=0.0.0.0:22

  diff --git a/systemd/sshd-config.path b/systemd/sshd-config.path
  new file mode 100644
  index 0..cfa9674a3
  --- /dev/null
  +++ b/systemd/sshd-config.path
  @@ -0,0 +1,4 @@
  +[Unit]
  +ConditionPathExists=!/etc/ssh/sshd_not_to_be_run
  +[Path]
  +PathChanged=/etc/ssh/sshd_config
  diff --git a/systemd/sshd-config.service b/systemd/sshd-config.service
  new file mode 100644
  index 0..b009ea52c
  --- /dev/null
  +++ b/systemd/sshd-config.service
  @@ -0,0 +1,5 @@
  +[Unit]
  +Description=Regenerate ssh.socket.d/ssh-listen.conf drop-in
  +
  +[Service]
  +ExecStart=/bin/systemctl daemon-reload
  diff --git a/systemd/sshd-generator b/systemd/sshd-generator
  new file mode 100755
  index 0..72c6aac04
  --- /dev/null
  +++ b/systemd/sshd-generator
  @@ -0,0 +1,10 @@
  +#!/bin/sh
  +set -eu
  +mkdir -p /run/sshd
  +sshd -t
  +mkdir -p $1/ssh.socket.d
  +target="$1/ssh.socket.d/ssh-listen.conf"
  +echo '[Socket]' > $target
  +echo 'ListenStream=' >> $target
  +sshd -T | sed -n 's/^listenaddress /ListenStream=/p' >> $target
  +rmdir --ignore-fail-on-non-empty /run/sshd

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1991592/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1991592] Re: openssh-server should ship a systemd generator to generate ssh socket port configuration from sshd_config

I'm not sure about this. What's the pattern that users can expect to see
across all packages that provide socket activated services in Ubuntu in
the future? I think there are three options here: "always", "sometimes"
and "never". We could ensure that there's _always_ a generator that
creates the corresponding socket unit by doing ad-hoc, probably
incomplete parsing of the relevant configuration file; that there
_never_ is a generator and users must tweak it by hand; or that there
_sometimes_ might be a generator and sometimes not, depending on the
service, so manual tweaking may or may not be necessary.

The problem with "always" is the difficulty of parsing the relevant
configuration file. So if users start expecting "always" behaviour
across all socket activated services across the archive, that's going to
be unreliable in a way that we will never be able to fully fix.

"Sometimes" seems horribly inconsistent and unpredictable.

For "never", in https://discourse.ubuntu.com/t/spec-definition-of-an-
online-system/27838 I think we agreed that "There will always be cases
where if you configure one thing in one place, you’re expected/required
to configure another thing in another place to match." I don't think
it's unreasonable for the "correct" way to customize an Ubuntu system is
to make those other related configuration changes. It's not perfect for
UX; neither is any alternative, but at least this way would be
consistent and predictable. The pain is in the upgrade path and
discoverability of what is required, but we can work to make those
things smoother for common use cases. This principle would then apply
not only to socket activated services, but also to network-online.target
and AppArmor rules that users already have to fix when tweaking system
configuration today.

Given the problems with making "always" work in all cases in practice, I
think I'd prefer to see us doing what we can as one-off "heuristic" type
special handling in the upgrade path in return for a consistent and
complete experience for users starting afresh.

> Its just wholly unrequired to allocate an on-demand socket for a
daemon that listens all the time, anyways.

The point is to reduce footprint for greater density in production
environments. Most instances don't need an ssh daemon running all the
time. There's lots of demand from users to make the default installation
less "bloated", and I think Ubuntu developers are agreed that one aspect
to that is to use socket activation wherever possible. Socket activation
for ssh is included in that list.

> If ubuntu wants to use .socket, then please do this only for new
openssh-server installations, never on upgrades. You will lock out too
many people

I like this idea in principle, but I think it'd just be kicking the can
down the road. For example, in a few releases time, we'll inevitably
touch something that might break users who upgraded up without
converting to socket activation because that will have become a non-
obvious configuration. Preventing this would require conditional
handling of this special case indefinitely, and maintaining and QA-ing
the special case would become impractically difficult over time.
Instead, I think there comes a point where "ripping the band-aid off"
becomes necessary, and a release upgrade - particularly the one
immediately following an LTS - is the least-worst time to do that.

However, please note that I'm not meaning to dismiss the feedback here,
or imply that the current upgrade path problems are OK. We should do
what we can to automatically handle the common upgrade path issues, and
I appreciate the reports because that helps us identify what those are
and gives us a set of test cases that might not previously have been
identified.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1991592

Title:
  openssh-server should ship a systemd generator to generate ssh socket
  port configuration from sshd_config

Status in openssh package in Ubuntu:
  Triaged

Bug description:
  A criticism of the existing sshd socket activation implementation is
  that Port/ListenAddress options are migrated on a one-time basis at
  package upgrade time, and afterwards users get the surprising behavior
  that Port/ListenAddress settings added to sshd_config are ignored.

  A systemd generator could be used to change the ssh socket unit
  configuration on boot, and on each change of /etc/ssh/sshd_config.
  Sample implementation from Dimitri:

  ssh.socket:
  [Unit]
  Wants=sshd-config.path

  #
  # Note the below defaults are cleared and overriden by
  #/lib/systemd/system-generators/sshd-generator
  # based on the sshd config from the sshd -T output
  #
  ListenStream=[::]:22
  ListenStream=0.0.0.0:22

  diff --git a/systemd/sshd-config.path b/systemd/sshd-config.path
  new file mode 100644
  index 0..cfa9674a3
  --- /dev/null
  +++

[Touch-packages] [Bug 1991592] Re: openssh-server should ship a systemd generator to generate ssh socket port configuration from sshd_config