[Touch-packages] [Bug 1993478] Re: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1
** Tags removed: foundations-todo -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1993478 Title: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1 Status in openssh package in Ubuntu: Fix Released Status in openssh source package in Kinetic: Fix Released Bug description: [Impact] Users with /etc/ssh/sshd_config's that contain ListenAddress entries with the port specified will not be migrated to socket-activated ssh correctly, or may be migrated when they should not be (e.g. if ListenAddress, with a port number, is specified more than once). This leaves users with a broken sshd configuration. [Test Plan] There are 4 tests that should be used to verify the fix: 1. Upgrade to Kinetic with just one ListenAddress entry, which specifies port number. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Before running the upgrade, make sure -proposed is enabled. * Upgrade to Kinetic by changing jammy -> kinetic in /etc/apt/sources.list, and then running apt dist-upgrade (-proposed is disabled when using ubuntu-release-upgrader). * On an affected system, ssh.socket will fail with `bad-setting` because /etc/systemd/system/ssh.socket.d/address.conf contains: [Socket] ListenStream= * On a patched system, ssh.socket will be active/listening, and /etc/systemd/system/ssh.socket.d/addresses.conf will contain the following: [Socket] ListenStream= ListenStream=0.0.0.0:1234 2. Upgrade to Kinetic with multiple ListenAddress entries, each specifying port number. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 ListenAddress [::]:4321 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Before running the upgrade, make sure -proposed is enabled. * Upgrade to Kinetic by changing jammy -> kinetic in /etc/apt/sources.list, and then running apt dist-upgrade (-proposed is disabled when using ubuntu-release-upgrader). * On an affected system, migration will be attempted despite the multiple ListenAddress options, and ssh.socket will fail with `bad-setting` because /etc/systemd/system/ssh.socket.d/address.conf contains: [Socket] ListenStream= * On a patched system, the ListenAddress option will be parsed correctly, and migration will not be attempted. 3. On a Kinetic system which was migrated, but with errors (e.g. test case #1, prior to being patched), installing the new package should correct the ssh.socket configuration. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Do NOT enable -proposed before the upgrade. * Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed). * After the openssh-server configuration fails, enable -proposed, and upgrade openssh-server. * The ssh.socket configuration should be fixed, and /etc/systemd/system/ssh.socket.d/addresses.conf should contain: [Socket] ListenStream= ListenStream=0.0.0.0:1234 4. On a Kinetic system which was incorrectly migrated to ssh socket activation (e.g. test case #2, prior to being patched), installing the new package reverts to the previous behavior. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 ListenAddress [::]:4321 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Do NOT enable -proposed before the upgrade. * Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed). * After the openssh-server configuration fails, enable -proposed, and upgrade openssh-server. * The socket-activated ssh migration should be reverted, and ssh.service should be running as before upgrade to Kinetic. [Where problems
[Touch-packages] [Bug 1993478] Re: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1
This bug was fixed in the package openssh - 1:9.0p1-1ubuntu8 --- openssh (1:9.0p1-1ubuntu8) lunar; urgency=medium * debian/openssh-server.postinst: Fix handling of ListenAddress when a port is specified (LP: #1993478): - Strip port before converting hostnames to numerical addresses. - Only append ports when the ListenAddress does not already specify a port. - Revert socket migration on upgrade if a previous version did the migration when it should not have. * debian/openssh-server.postinst: Ignore empty directory failure from rmdir when skipping socket migration (LP: #1995294). -- Nick Rosbrook Tue, 25 Oct 2022 11:57:43 -0400 ** Changed in: openssh (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1993478 Title: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1 Status in openssh package in Ubuntu: Fix Released Status in openssh source package in Kinetic: Fix Released Bug description: [Impact] Users with /etc/ssh/sshd_config's that contain ListenAddress entries with the port specified will not be migrated to socket-activated ssh correctly, or may be migrated when they should not be (e.g. if ListenAddress, with a port number, is specified more than once). This leaves users with a broken sshd configuration. [Test Plan] There are 4 tests that should be used to verify the fix: 1. Upgrade to Kinetic with just one ListenAddress entry, which specifies port number. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Before running the upgrade, make sure -proposed is enabled. * Upgrade to Kinetic by changing jammy -> kinetic in /etc/apt/sources.list, and then running apt dist-upgrade (-proposed is disabled when using ubuntu-release-upgrader). * On an affected system, ssh.socket will fail with `bad-setting` because /etc/systemd/system/ssh.socket.d/address.conf contains: [Socket] ListenStream= * On a patched system, ssh.socket will be active/listening, and /etc/systemd/system/ssh.socket.d/addresses.conf will contain the following: [Socket] ListenStream= ListenStream=0.0.0.0:1234 2. Upgrade to Kinetic with multiple ListenAddress entries, each specifying port number. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 ListenAddress [::]:4321 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Before running the upgrade, make sure -proposed is enabled. * Upgrade to Kinetic by changing jammy -> kinetic in /etc/apt/sources.list, and then running apt dist-upgrade (-proposed is disabled when using ubuntu-release-upgrader). * On an affected system, migration will be attempted despite the multiple ListenAddress options, and ssh.socket will fail with `bad-setting` because /etc/systemd/system/ssh.socket.d/address.conf contains: [Socket] ListenStream= * On a patched system, the ListenAddress option will be parsed correctly, and migration will not be attempted. 3. On a Kinetic system which was migrated, but with errors (e.g. test case #1, prior to being patched), installing the new package should correct the ssh.socket configuration. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Do NOT enable -proposed before the upgrade. * Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed). * After the openssh-server configuration fails, enable -proposed, and upgrade openssh-server. * The ssh.socket configuration should be fixed, and /etc/systemd/system/ssh.socket.d/addresses.conf should contain: [Socket] ListenStream= ListenStream=0.0.0.0:1234 4. On a Kinetic system which was incorrectly migrated to ssh socket activation (e.g. test case #2, prior to being patched), installing the new package reverts to the previous behavior. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the
[Touch-packages] [Bug 1993478] Re: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1
This bug was fixed in the package openssh - 1:9.0p1-1ubuntu7.1 --- openssh (1:9.0p1-1ubuntu7.1) kinetic; urgency=medium * debian/openssh-server.postinst: Fix handling of ListenAddress when a port is specified (LP: #1993478): - Strip port before converting hostnames to numerical addresses. - Only append ports when the ListenAddress does not already specify a port. - Revert socket migration on upgrade if a previous version did the migration when it should not have. * debian/openssh-server.postinst: Ignore empty directory failure from rmdir when skipping socket migration (LP: #1995294). -- Nick Rosbrook Tue, 25 Oct 2022 11:57:43 -0400 ** Changed in: openssh (Ubuntu Kinetic) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1993478 Title: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1 Status in openssh package in Ubuntu: Fix Committed Status in openssh source package in Kinetic: Fix Released Bug description: [Impact] Users with /etc/ssh/sshd_config's that contain ListenAddress entries with the port specified will not be migrated to socket-activated ssh correctly, or may be migrated when they should not be (e.g. if ListenAddress, with a port number, is specified more than once). This leaves users with a broken sshd configuration. [Test Plan] There are 4 tests that should be used to verify the fix: 1. Upgrade to Kinetic with just one ListenAddress entry, which specifies port number. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Before running the upgrade, make sure -proposed is enabled. * Upgrade to Kinetic by changing jammy -> kinetic in /etc/apt/sources.list, and then running apt dist-upgrade (-proposed is disabled when using ubuntu-release-upgrader). * On an affected system, ssh.socket will fail with `bad-setting` because /etc/systemd/system/ssh.socket.d/address.conf contains: [Socket] ListenStream= * On a patched system, ssh.socket will be active/listening, and /etc/systemd/system/ssh.socket.d/addresses.conf will contain the following: [Socket] ListenStream= ListenStream=0.0.0.0:1234 2. Upgrade to Kinetic with multiple ListenAddress entries, each specifying port number. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 ListenAddress [::]:4321 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Before running the upgrade, make sure -proposed is enabled. * Upgrade to Kinetic by changing jammy -> kinetic in /etc/apt/sources.list, and then running apt dist-upgrade (-proposed is disabled when using ubuntu-release-upgrader). * On an affected system, migration will be attempted despite the multiple ListenAddress options, and ssh.socket will fail with `bad-setting` because /etc/systemd/system/ssh.socket.d/address.conf contains: [Socket] ListenStream= * On a patched system, the ListenAddress option will be parsed correctly, and migration will not be attempted. 3. On a Kinetic system which was migrated, but with errors (e.g. test case #1, prior to being patched), installing the new package should correct the ssh.socket configuration. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Do NOT enable -proposed before the upgrade. * Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed). * After the openssh-server configuration fails, enable -proposed, and upgrade openssh-server. * The ssh.socket configuration should be fixed, and /etc/systemd/system/ssh.socket.d/addresses.conf should contain: [Socket] ListenStream= ListenStream=0.0.0.0:1234 4. On a Kinetic system which was incorrectly migrated to ssh socket activation (e.g. test case #2, prior to being patched), installing the new package reverts to the previous behavior. * On a Jammy system, edit /etc/ssh/sshd_config so that it
[Touch-packages] [Bug 1993478] Re: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1
The autopkgtest failures in kinetic have all been resolved with retries and/or hinting. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1993478 Title: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1 Status in openssh package in Ubuntu: Fix Committed Status in openssh source package in Kinetic: Fix Committed Bug description: [Impact] Users with /etc/ssh/sshd_config's that contain ListenAddress entries with the port specified will not be migrated to socket-activated ssh correctly, or may be migrated when they should not be (e.g. if ListenAddress, with a port number, is specified more than once). This leaves users with a broken sshd configuration. [Test Plan] There are 4 tests that should be used to verify the fix: 1. Upgrade to Kinetic with just one ListenAddress entry, which specifies port number. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Before running the upgrade, make sure -proposed is enabled. * Upgrade to Kinetic by changing jammy -> kinetic in /etc/apt/sources.list, and then running apt dist-upgrade (-proposed is disabled when using ubuntu-release-upgrader). * On an affected system, ssh.socket will fail with `bad-setting` because /etc/systemd/system/ssh.socket.d/address.conf contains: [Socket] ListenStream= * On a patched system, ssh.socket will be active/listening, and /etc/systemd/system/ssh.socket.d/addresses.conf will contain the following: [Socket] ListenStream= ListenStream=0.0.0.0:1234 2. Upgrade to Kinetic with multiple ListenAddress entries, each specifying port number. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 ListenAddress [::]:4321 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Before running the upgrade, make sure -proposed is enabled. * Upgrade to Kinetic by changing jammy -> kinetic in /etc/apt/sources.list, and then running apt dist-upgrade (-proposed is disabled when using ubuntu-release-upgrader). * On an affected system, migration will be attempted despite the multiple ListenAddress options, and ssh.socket will fail with `bad-setting` because /etc/systemd/system/ssh.socket.d/address.conf contains: [Socket] ListenStream= * On a patched system, the ListenAddress option will be parsed correctly, and migration will not be attempted. 3. On a Kinetic system which was migrated, but with errors (e.g. test case #1, prior to being patched), installing the new package should correct the ssh.socket configuration. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Do NOT enable -proposed before the upgrade. * Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed). * After the openssh-server configuration fails, enable -proposed, and upgrade openssh-server. * The ssh.socket configuration should be fixed, and /etc/systemd/system/ssh.socket.d/addresses.conf should contain: [Socket] ListenStream= ListenStream=0.0.0.0:1234 4. On a Kinetic system which was incorrectly migrated to ssh socket activation (e.g. test case #2, prior to being patched), installing the new package reverts to the previous behavior. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 ListenAddress [::]:4321 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Do NOT enable -proposed before the upgrade. * Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed). * After the openssh-server configuration fails, enable -proposed, and upgrade openssh-server. * The socket-activated ssh migration should be reverted, and ssh.service should be
[Touch-packages] [Bug 1993478] Re: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1
** Changed in: openssh (Ubuntu) Status: Fix Released => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1993478 Title: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1 Status in openssh package in Ubuntu: Fix Committed Status in openssh source package in Kinetic: Fix Committed Bug description: [Impact] Users with /etc/ssh/sshd_config's that contain ListenAddress entries with the port specified will not be migrated to socket-activated ssh correctly, or may be migrated when they should not be (e.g. if ListenAddress, with a port number, is specified more than once). This leaves users with a broken sshd configuration. [Test Plan] There are 4 tests that should be used to verify the fix: 1. Upgrade to Kinetic with just one ListenAddress entry, which specifies port number. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Before running the upgrade, make sure -proposed is enabled. * Upgrade to Kinetic by changing jammy -> kinetic in /etc/apt/sources.list, and then running apt dist-upgrade (-proposed is disabled when using ubuntu-release-upgrader). * On an affected system, ssh.socket will fail with `bad-setting` because /etc/systemd/system/ssh.socket.d/address.conf contains: [Socket] ListenStream= * On a patched system, ssh.socket will be active/listening, and /etc/systemd/system/ssh.socket.d/addresses.conf will contain the following: [Socket] ListenStream= ListenStream=0.0.0.0:1234 2. Upgrade to Kinetic with multiple ListenAddress entries, each specifying port number. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 ListenAddress [::]:4321 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Before running the upgrade, make sure -proposed is enabled. * Upgrade to Kinetic by changing jammy -> kinetic in /etc/apt/sources.list, and then running apt dist-upgrade (-proposed is disabled when using ubuntu-release-upgrader). * On an affected system, migration will be attempted despite the multiple ListenAddress options, and ssh.socket will fail with `bad-setting` because /etc/systemd/system/ssh.socket.d/address.conf contains: [Socket] ListenStream= * On a patched system, the ListenAddress option will be parsed correctly, and migration will not be attempted. 3. On a Kinetic system which was migrated, but with errors (e.g. test case #1, prior to being patched), installing the new package should correct the ssh.socket configuration. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Do NOT enable -proposed before the upgrade. * Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed). * After the openssh-server configuration fails, enable -proposed, and upgrade openssh-server. * The ssh.socket configuration should be fixed, and /etc/systemd/system/ssh.socket.d/addresses.conf should contain: [Socket] ListenStream= ListenStream=0.0.0.0:1234 4. On a Kinetic system which was incorrectly migrated to ssh socket activation (e.g. test case #2, prior to being patched), installing the new package reverts to the previous behavior. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 ListenAddress [::]:4321 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Do NOT enable -proposed before the upgrade. * Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed). * After the openssh-server configuration fails, enable -proposed, and upgrade openssh-server. * The socket-activated ssh migration should be reverted, and ssh.service should be running as
[Touch-packages] [Bug 1993478] Re: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1
** Changed in: openssh (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1993478 Title: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1 Status in openssh package in Ubuntu: Fix Released Status in openssh source package in Kinetic: Fix Committed Bug description: [Impact] Users with /etc/ssh/sshd_config's that contain ListenAddress entries with the port specified will not be migrated to socket-activated ssh correctly, or may be migrated when they should not be (e.g. if ListenAddress, with a port number, is specified more than once). This leaves users with a broken sshd configuration. [Test Plan] There are 4 tests that should be used to verify the fix: 1. Upgrade to Kinetic with just one ListenAddress entry, which specifies port number. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Before running the upgrade, make sure -proposed is enabled. * Upgrade to Kinetic by changing jammy -> kinetic in /etc/apt/sources.list, and then running apt dist-upgrade (-proposed is disabled when using ubuntu-release-upgrader). * On an affected system, ssh.socket will fail with `bad-setting` because /etc/systemd/system/ssh.socket.d/address.conf contains: [Socket] ListenStream= * On a patched system, ssh.socket will be active/listening, and /etc/systemd/system/ssh.socket.d/addresses.conf will contain the following: [Socket] ListenStream= ListenStream=0.0.0.0:1234 2. Upgrade to Kinetic with multiple ListenAddress entries, each specifying port number. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 ListenAddress [::]:4321 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Before running the upgrade, make sure -proposed is enabled. * Upgrade to Kinetic by changing jammy -> kinetic in /etc/apt/sources.list, and then running apt dist-upgrade (-proposed is disabled when using ubuntu-release-upgrader). * On an affected system, migration will be attempted despite the multiple ListenAddress options, and ssh.socket will fail with `bad-setting` because /etc/systemd/system/ssh.socket.d/address.conf contains: [Socket] ListenStream= * On a patched system, the ListenAddress option will be parsed correctly, and migration will not be attempted. 3. On a Kinetic system which was migrated, but with errors (e.g. test case #1, prior to being patched), installing the new package should correct the ssh.socket configuration. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Do NOT enable -proposed before the upgrade. * Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed). * After the openssh-server configuration fails, enable -proposed, and upgrade openssh-server. * The ssh.socket configuration should be fixed, and /etc/systemd/system/ssh.socket.d/addresses.conf should contain: [Socket] ListenStream= ListenStream=0.0.0.0:1234 4. On a Kinetic system which was incorrectly migrated to ssh socket activation (e.g. test case #2, prior to being patched), installing the new package reverts to the previous behavior. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 ListenAddress [::]:4321 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Do NOT enable -proposed before the upgrade. * Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed). * After the openssh-server configuration fails, enable -proposed, and upgrade openssh-server. * The socket-activated ssh migration should be reverted, and ssh.service should be running as
[Touch-packages] [Bug 1993478] Re: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1
** Changed in: openssh (Ubuntu) Status: Triaged => In Progress ** Changed in: openssh (Ubuntu) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1993478 Title: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1 Status in openssh package in Ubuntu: Fix Committed Status in openssh source package in Kinetic: Fix Committed Bug description: [Impact] Users with /etc/ssh/sshd_config's that contain ListenAddress entries with the port specified will not be migrated to socket-activated ssh correctly, or may be migrated when they should not be (e.g. if ListenAddress, with a port number, is specified more than once). This leaves users with a broken sshd configuration. [Test Plan] There are 4 tests that should be used to verify the fix: 1. Upgrade to Kinetic with just one ListenAddress entry, which specifies port number. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Before running the upgrade, make sure -proposed is enabled. * Upgrade to Kinetic by changing jammy -> kinetic in /etc/apt/sources.list, and then running apt dist-upgrade (-proposed is disabled when using ubuntu-release-upgrader). * On an affected system, ssh.socket will fail with `bad-setting` because /etc/systemd/system/ssh.socket.d/address.conf contains: [Socket] ListenStream= * On a patched system, ssh.socket will be active/listening, and /etc/systemd/system/ssh.socket.d/addresses.conf will contain the following: [Socket] ListenStream= ListenStream=0.0.0.0:1234 2. Upgrade to Kinetic with multiple ListenAddress entries, each specifying port number. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 ListenAddress [::]:4321 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Before running the upgrade, make sure -proposed is enabled. * Upgrade to Kinetic by changing jammy -> kinetic in /etc/apt/sources.list, and then running apt dist-upgrade (-proposed is disabled when using ubuntu-release-upgrader). * On an affected system, migration will be attempted despite the multiple ListenAddress options, and ssh.socket will fail with `bad-setting` because /etc/systemd/system/ssh.socket.d/address.conf contains: [Socket] ListenStream= * On a patched system, the ListenAddress option will be parsed correctly, and migration will not be attempted. 3. On a Kinetic system which was migrated, but with errors (e.g. test case #1, prior to being patched), installing the new package should correct the ssh.socket configuration. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Do NOT enable -proposed before the upgrade. * Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed). * After the openssh-server configuration fails, enable -proposed, and upgrade openssh-server. * The ssh.socket configuration should be fixed, and /etc/systemd/system/ssh.socket.d/addresses.conf should contain: [Socket] ListenStream= ListenStream=0.0.0.0:1234 4. On a Kinetic system which was incorrectly migrated to ssh socket activation (e.g. test case #2, prior to being patched), installing the new package reverts to the previous behavior. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 ListenAddress [::]:4321 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Do NOT enable -proposed before the upgrade. * Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed). * After the openssh-server configuration fails, enable -proposed, and upgrade openssh-server. * The socket-activated ssh
[Touch-packages] [Bug 1993478] Re: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1
** Changed in: openssh (Ubuntu) Assignee: (unassigned) => Nick Rosbrook (enr0n) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1993478 Title: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1 Status in openssh package in Ubuntu: Triaged Status in openssh source package in Kinetic: Fix Committed Bug description: [Impact] Users with /etc/ssh/sshd_config's that contain ListenAddress entries with the port specified will not be migrated to socket-activated ssh correctly, or may be migrated when they should not be (e.g. if ListenAddress, with a port number, is specified more than once). This leaves users with a broken sshd configuration. [Test Plan] There are 4 tests that should be used to verify the fix: 1. Upgrade to Kinetic with just one ListenAddress entry, which specifies port number. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Before running the upgrade, make sure -proposed is enabled. * Upgrade to Kinetic by changing jammy -> kinetic in /etc/apt/sources.list, and then running apt dist-upgrade (-proposed is disabled when using ubuntu-release-upgrader). * On an affected system, ssh.socket will fail with `bad-setting` because /etc/systemd/system/ssh.socket.d/address.conf contains: [Socket] ListenStream= * On a patched system, ssh.socket will be active/listening, and /etc/systemd/system/ssh.socket.d/addresses.conf will contain the following: [Socket] ListenStream= ListenStream=0.0.0.0:1234 2. Upgrade to Kinetic with multiple ListenAddress entries, each specifying port number. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 ListenAddress [::]:4321 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Before running the upgrade, make sure -proposed is enabled. * Upgrade to Kinetic by changing jammy -> kinetic in /etc/apt/sources.list, and then running apt dist-upgrade (-proposed is disabled when using ubuntu-release-upgrader). * On an affected system, migration will be attempted despite the multiple ListenAddress options, and ssh.socket will fail with `bad-setting` because /etc/systemd/system/ssh.socket.d/address.conf contains: [Socket] ListenStream= * On a patched system, the ListenAddress option will be parsed correctly, and migration will not be attempted. 3. On a Kinetic system which was migrated, but with errors (e.g. test case #1, prior to being patched), installing the new package should correct the ssh.socket configuration. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Do NOT enable -proposed before the upgrade. * Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed). * After the openssh-server configuration fails, enable -proposed, and upgrade openssh-server. * The ssh.socket configuration should be fixed, and /etc/systemd/system/ssh.socket.d/addresses.conf should contain: [Socket] ListenStream= ListenStream=0.0.0.0:1234 4. On a Kinetic system which was incorrectly migrated to ssh socket activation (e.g. test case #2, prior to being patched), installing the new package reverts to the previous behavior. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 ListenAddress [::]:4321 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Do NOT enable -proposed before the upgrade. * Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed). * After the openssh-server configuration fails, enable -proposed, and upgrade openssh-server. * The socket-activated ssh migration should be reverted, and ssh.service should be running as
[Touch-packages] [Bug 1993478] Re: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1
I've checked that it did not do the rollback if I manually enabled ssh.socket with the "configuration" ssh.socket.d/00-sockets.conf (and addresses.conf missing) LGTM -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1993478 Title: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1 Status in openssh package in Ubuntu: Triaged Status in openssh source package in Kinetic: Fix Committed Bug description: [Impact] Users with /etc/ssh/sshd_config's that contain ListenAddress entries with the port specified will not be migrated to socket-activated ssh correctly, or may be migrated when they should not be (e.g. if ListenAddress, with a port number, is specified more than once). This leaves users with a broken sshd configuration. [Test Plan] There are 4 tests that should be used to verify the fix: 1. Upgrade to Kinetic with just one ListenAddress entry, which specifies port number. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Before running the upgrade, make sure -proposed is enabled. * Upgrade to Kinetic by changing jammy -> kinetic in /etc/apt/sources.list, and then running apt dist-upgrade (-proposed is disabled when using ubuntu-release-upgrader). * On an affected system, ssh.socket will fail with `bad-setting` because /etc/systemd/system/ssh.socket.d/address.conf contains: [Socket] ListenStream= * On a patched system, ssh.socket will be active/listening, and /etc/systemd/system/ssh.socket.d/addresses.conf will contain the following: [Socket] ListenStream= ListenStream=0.0.0.0:1234 2. Upgrade to Kinetic with multiple ListenAddress entries, each specifying port number. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 ListenAddress [::]:4321 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Before running the upgrade, make sure -proposed is enabled. * Upgrade to Kinetic by changing jammy -> kinetic in /etc/apt/sources.list, and then running apt dist-upgrade (-proposed is disabled when using ubuntu-release-upgrader). * On an affected system, migration will be attempted despite the multiple ListenAddress options, and ssh.socket will fail with `bad-setting` because /etc/systemd/system/ssh.socket.d/address.conf contains: [Socket] ListenStream= * On a patched system, the ListenAddress option will be parsed correctly, and migration will not be attempted. 3. On a Kinetic system which was migrated, but with errors (e.g. test case #1, prior to being patched), installing the new package should correct the ssh.socket configuration. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Do NOT enable -proposed before the upgrade. * Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed). * After the openssh-server configuration fails, enable -proposed, and upgrade openssh-server. * The ssh.socket configuration should be fixed, and /etc/systemd/system/ssh.socket.d/addresses.conf should contain: [Socket] ListenStream= ListenStream=0.0.0.0:1234 4. On a Kinetic system which was incorrectly migrated to ssh socket activation (e.g. test case #2, prior to being patched), installing the new package reverts to the previous behavior. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 ListenAddress [::]:4321 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Do NOT enable -proposed before the upgrade. * Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed). * After the openssh-server configuration fails, enable -proposed, and upgrade openssh-server. * The
[Touch-packages] [Bug 1993478] Re: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1
I have verified each test case using openssh-server 1:9.0p1-1ubuntu7.1 from kinetic-proposed: Test #1: root@jammy:~# grep "^ListenAddress" /etc/ssh/sshd_config ListenAddress 0.0.0.0:1234 root@jammy:~# systemctl status ssh ● ssh.service - OpenBSD Secure Shell server Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled) Drop-In: /run/systemd/system/service.d └─zzz-lxc-service.conf Active: active (running) since Thu 2022-11-03 10:22:04 UTC; 30s ago Docs: man:sshd(8) man:sshd_config(5) Process: 868 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS) Main PID: 869 (sshd) Tasks: 1 (limit: 18901) Memory: 1.7M CPU: 19ms CGroup: /system.slice/ssh.service └─869 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups" Nov 03 10:22:04 jammy systemd[1]: Starting OpenBSD Secure Shell server... Nov 03 10:22:04 jammy sshd[869]: Server listening on 0.0.0.0 port 1234. Nov 03 10:22:04 jammy systemd[1]: Started OpenBSD Secure Shell server. root@jammy:~# vi /etc/apt/sources.list root@jammy:~# cat /etc/apt/sources.list deb http://archive.ubuntu.com/ubuntu kinetic main restricted universe multiverse deb http://archive.ubuntu.com/ubuntu kinetic-updates main restricted universe multiverse deb http://archive.ubuntu.com/ubuntu kinetic-proposed main restricted universe multiverse deb http://security.ubuntu.com/ubuntu kinetic-security main restricted universe multiverse root@jammy:~# apt update && apt dist-upgrade -y [...] root@jammy:~# cat /etc/systemd/system/ssh.socket.d/addresses.conf [Socket] ListenStream= ListenStream=0.0.0.0:1234 root@jammy:~# systemctl status ssh.socket ● ssh.socket - OpenBSD Secure Shell server socket Loaded: loaded (/lib/systemd/system/ssh.socket; enabled; preset: enabled) Drop-In: /etc/systemd/system/ssh.socket.d └─addresses.conf Active: active (listening) since Thu 2022-11-03 10:31:12 UTC; 23s ago Until: Thu 2022-11-03 10:31:12 UTC; 23s ago Triggers: ● ssh.service Listen: 0.0.0.0:1234 (Stream) Tasks: 0 (limit: 18901) Memory: 8.0K CPU: 332us CGroup: /system.slice/ssh.socket Nov 03 10:31:12 jammy systemd[1]: Listening on OpenBSD Secure Shell server socket. --- Test #2: root@jammy:~# grep "^ListenAddress" /etc/ssh/sshd_config ListenAddress 0.0.0.0:1234 ListenAddress [::]:4321 root@jammy:~# systemctl status ssh ● ssh.service - OpenBSD Secure Shell server Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled) Drop-In: /run/systemd/system/service.d └─zzz-lxc-service.conf Active: active (running) since Thu 2022-11-03 10:33:34 UTC; 4s ago Docs: man:sshd(8) man:sshd_config(5) Process: 868 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS) Main PID: 869 (sshd) Tasks: 1 (limit: 18901) Memory: 1.7M CPU: 42ms CGroup: /system.slice/ssh.service └─869 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups" Nov 03 10:33:34 jammy systemd[1]: Starting OpenBSD Secure Shell server... Nov 03 10:33:34 jammy sshd[869]: Server listening on :: port 4321. Nov 03 10:33:34 jammy sshd[869]: Server listening on 0.0.0.0 port 1234. Nov 03 10:33:34 jammy systemd[1]: Started OpenBSD Secure Shell server. root@jammy:~# vi /etc/apt/sources.list root@jammy:~# cat /etc/apt/sources.list deb http://archive.ubuntu.com/ubuntu kinetic main restricted universe multiverse deb http://archive.ubuntu.com/ubuntu kinetic-updates main restricted universe multiverse deb http://archive.ubuntu.com/ubuntu kinetic-proposed main restricted universe multiverse deb http://security.ubuntu.com/ubuntu kinetic-security main restricted universe multiverse root@jammy:~# apt update && apt dist-upgrade -y [...] root@jammy:~# ls -alh /etc/systemd/system/ssh* lrwxrwxrwx 1 root root 31 Nov 3 10:33 /etc/systemd/system/sshd.service -> /lib/systemd/system/ssh.service root@jammy:~# systemctl status ssh.socket ○ ssh.socket - OpenBSD Secure Shell server socket Loaded: loaded (/lib/systemd/system/ssh.socket; disabled; preset: enabled) Active: inactive (dead) Triggers: ● ssh.service Listen: [::]:22 (Stream) root@jammy:~# systemctl status ssh.service ● ssh.service - OpenBSD Secure Shell server Loaded: loaded (/lib/systemd/system/ssh.service; enabled; preset: enabled) Drop-In: /run/systemd/system/service.d └─zzz-lxc-service.conf Active: active (running) since Thu 2022-11-03 10:38:25 UTC; 33s ago Docs: man:sshd(8) man:sshd_config(5) Main PID: 7153 (sshd) Tasks: 1 (limit: 18901) Memory: 1.4M CPU: 13ms CGroup: /system.slice/ssh.service └─7153 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups" Nov 03 10:38:25 jammy systemd[1]: Starting OpenBSD Secure Shell server... Nov 03 10:38:25 jammy sshd[7153]: Server listening on :: port 4321. Nov 03
[Touch-packages] [Bug 1993478] Re: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1
Hello msaxl, or anyone else affected, Accepted openssh into kinetic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/openssh/1:9.0p1-1ubuntu7.1 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- kinetic to verification-done-kinetic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-kinetic. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: openssh (Ubuntu Kinetic) Status: Triaged => Fix Committed ** Tags added: verification-needed verification-needed-kinetic -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1993478 Title: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1 Status in openssh package in Ubuntu: Triaged Status in openssh source package in Kinetic: Fix Committed Bug description: [Impact] Users with /etc/ssh/sshd_config's that contain ListenAddress entries with the port specified will not be migrated to socket-activated ssh correctly, or may be migrated when they should not be (e.g. if ListenAddress, with a port number, is specified more than once). This leaves users with a broken sshd configuration. [Test Plan] There are 4 tests that should be used to verify the fix: 1. Upgrade to Kinetic with just one ListenAddress entry, which specifies port number. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Before running the upgrade, make sure -proposed is enabled. * Upgrade to Kinetic by changing jammy -> kinetic in /etc/apt/sources.list, and then running apt dist-upgrade (-proposed is disabled when using ubuntu-release-upgrader). * On an affected system, ssh.socket will fail with `bad-setting` because /etc/systemd/system/ssh.socket.d/address.conf contains: [Socket] ListenStream= * On a patched system, ssh.socket will be active/listening, and /etc/systemd/system/ssh.socket.d/addresses.conf will contain the following: [Socket] ListenStream= ListenStream=0.0.0.0:1234 2. Upgrade to Kinetic with multiple ListenAddress entries, each specifying port number. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 ListenAddress [::]:4321 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Before running the upgrade, make sure -proposed is enabled. * Upgrade to Kinetic by changing jammy -> kinetic in /etc/apt/sources.list, and then running apt dist-upgrade (-proposed is disabled when using ubuntu-release-upgrader). * On an affected system, migration will be attempted despite the multiple ListenAddress options, and ssh.socket will fail with `bad-setting` because /etc/systemd/system/ssh.socket.d/address.conf contains: [Socket] ListenStream= * On a patched system, the ListenAddress option will be parsed correctly, and migration will not be attempted. 3. On a Kinetic system which was migrated, but with errors (e.g. test case #1, prior to being patched), installing the new package should correct the ssh.socket configuration. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Do NOT enable -proposed before the upgrade. * Run
[Touch-packages] [Bug 1993478] Re: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1
This revised patch addresses Steve's review comments. ** Patch added: "openssh_9.0p1-1ubuntu8-v2.debdiff" https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1993478/+attachment/5628224/+files/openssh_9.0p1-1ubuntu8-v2.debdiff -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1993478 Title: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1 Status in openssh package in Ubuntu: Triaged Status in openssh source package in Kinetic: Triaged Bug description: [Impact] Users with /etc/ssh/sshd_config's that contain ListenAddress entries with the port specified will not be migrated to socket-activated ssh correctly, or may be migrated when they should not be (e.g. if ListenAddress, with a port number, is specified more than once). This leaves users with a broken sshd configuration. [Test Plan] There are 4 tests that should be used to verify the fix: 1. Upgrade to Kinetic with just one ListenAddress entry, which specifies port number. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Before running the upgrade, make sure -proposed is enabled. * Upgrade to Kinetic by changing jammy -> kinetic in /etc/apt/sources.list, and then running apt dist-upgrade (-proposed is disabled when using ubuntu-release-upgrader). * On an affected system, ssh.socket will fail with `bad-setting` because /etc/systemd/system/ssh.socket.d/address.conf contains: [Socket] ListenStream= * On a patched system, ssh.socket will be active/listening, and /etc/systemd/system/ssh.socket.d/addresses.conf will contain the following: [Socket] ListenStream= ListenStream=0.0.0.0:1234 2. Upgrade to Kinetic with multiple ListenAddress entries, each specifying port number. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 ListenAddress [::]:4321 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Before running the upgrade, make sure -proposed is enabled. * Upgrade to Kinetic by changing jammy -> kinetic in /etc/apt/sources.list, and then running apt dist-upgrade (-proposed is disabled when using ubuntu-release-upgrader). * On an affected system, migration will be attempted despite the multiple ListenAddress options, and ssh.socket will fail with `bad-setting` because /etc/systemd/system/ssh.socket.d/address.conf contains: [Socket] ListenStream= * On a patched system, the ListenAddress option will be parsed correctly, and migration will not be attempted. 3. On a Kinetic system which was migrated, but with errors (e.g. test case #1, prior to being patched), installing the new package should correct the ssh.socket configuration. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Do NOT enable -proposed before the upgrade. * Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed). * After the openssh-server configuration fails, enable -proposed, and upgrade openssh-server. * The ssh.socket configuration should be fixed, and /etc/systemd/system/ssh.socket.d/addresses.conf should contain: [Socket] ListenStream= ListenStream=0.0.0.0:1234 4. On a Kinetic system which was incorrectly migrated to ssh socket activation (e.g. test case #2, prior to being patched), installing the new package reverts to the previous behavior. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 ListenAddress [::]:4321 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Do NOT enable -proposed before the upgrade. * Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed). * After the openssh-server configuration fails,
[Touch-packages] [Bug 1993478] Re: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1
** Description changed: [Impact] Users with /etc/ssh/sshd_config's that contain ListenAddress entries with the port specified will not be migrated to socket-activated ssh correctly, or may be migrated when they should not be (e.g. if ListenAddress, with a port number, is specified more than once). This leaves users with a broken sshd configuration. [Test Plan] There are 4 tests that should be used to verify the fix: 1. Upgrade to Kinetic with just one ListenAddress entry, which specifies port number. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Before running the upgrade, make sure -proposed is enabled. - * Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed). + * Upgrade to Kinetic by changing jammy -> kinetic in /etc/apt/sources.list, and then running apt dist-upgrade (-proposed is disabled when using ubuntu-release-upgrader). * On an affected system, ssh.socket will fail with `bad-setting` because /etc/systemd/system/ssh.socket.d/address.conf contains: [Socket] ListenStream= * On a patched system, ssh.socket will be active/listening, and /etc/systemd/system/ssh.socket.d/addresses.conf will contain the following: [Socket] ListenStream= ListenStream=0.0.0.0:1234 2. Upgrade to Kinetic with multiple ListenAddress entries, each specifying port number. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 ListenAddress [::]:4321 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Before running the upgrade, make sure -proposed is enabled. - * Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed). + * Upgrade to Kinetic by changing jammy -> kinetic in /etc/apt/sources.list, and then running apt dist-upgrade (-proposed is disabled when using ubuntu-release-upgrader). * On an affected system, migration will be attempted despite the multiple ListenAddress options, and ssh.socket will fail with `bad-setting` because /etc/systemd/system/ssh.socket.d/address.conf contains: [Socket] ListenStream= * On a patched system, the ListenAddress option will be parsed correctly, and migration will not be attempted. 3. On a Kinetic system which was migrated, but with errors (e.g. test case #1, prior to being patched), installing the new package should correct the ssh.socket configuration. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Do NOT enable -proposed before the upgrade. * Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed). * After the openssh-server configuration fails, enable -proposed, and upgrade openssh-server. * The ssh.socket configuration should be fixed, and /etc/systemd/system/ssh.socket.d/addresses.conf should contain: [Socket] ListenStream= ListenStream=0.0.0.0:1234 4. On a Kinetic system which was incorrectly migrated to ssh socket activation (e.g. test case #2, prior to being patched), installing the new package reverts to the previous behavior. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 ListenAddress [::]:4321 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Do NOT enable -proposed before the upgrade. * Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed). * After the openssh-server configuration fails, enable -proposed, and upgrade openssh-server. * The socket-activated ssh migration should be reverted, and ssh.service should be running as before upgrade to Kinetic. [Where problems could occur] These changes are in the openssh-server.postinst script, specifically in the
[Touch-packages] [Bug 1993478] Re: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1
** Description changed: - [NOTE FOR SRU TEAM] - - I would prefer that vorlon review the attached patch before the upload - is accepted. I will remove this note when that has happened. - [Impact] Users with /etc/ssh/sshd_config's that contain ListenAddress entries with the port specified will not be migrated to socket-activated ssh correctly, or may be migrated when they should not be (e.g. if ListenAddress, with a port number, is specified more than once). This leaves users with a broken sshd configuration. [Test Plan] There are 4 tests that should be used to verify the fix: 1. Upgrade to Kinetic with just one ListenAddress entry, which specifies port number. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Before running the upgrade, make sure -proposed is enabled. * Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed). * On an affected system, ssh.socket will fail with `bad-setting` because /etc/systemd/system/ssh.socket.d/address.conf contains: [Socket] ListenStream= * On a patched system, ssh.socket will be active/listening, and /etc/systemd/system/ssh.socket.d/addresses.conf will contain the following: [Socket] ListenStream= ListenStream=0.0.0.0:1234 2. Upgrade to Kinetic with multiple ListenAddress entries, each specifying port number. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 ListenAddress [::]:4321 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Before running the upgrade, make sure -proposed is enabled. * Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed). * On an affected system, migration will be attempted despite the multiple ListenAddress options, and ssh.socket will fail with `bad-setting` because /etc/systemd/system/ssh.socket.d/address.conf contains: [Socket] ListenStream= * On a patched system, the ListenAddress option will be parsed correctly, and migration will not be attempted. 3. On a Kinetic system which was migrated, but with errors (e.g. test case #1, prior to being patched), installing the new package should correct the ssh.socket configuration. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Do NOT enable -proposed before the upgrade. * Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed). * After the openssh-server configuration fails, enable -proposed, and upgrade openssh-server. * The ssh.socket configuration should be fixed, and /etc/systemd/system/ssh.socket.d/addresses.conf should contain: [Socket] ListenStream= ListenStream=0.0.0.0:1234 4. On a Kinetic system which was incorrectly migrated to ssh socket activation (e.g. test case #2, prior to being patched), installing the new package reverts to the previous behavior. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 ListenAddress [::]:4321 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Do NOT enable -proposed before the upgrade. * Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed). * After the openssh-server configuration fails, enable -proposed, and upgrade openssh-server. * The socket-activated ssh migration should be reverted, and ssh.service should be running as before upgrade to Kinetic. [Where problems could occur] These changes are in the openssh-server.postinst script, specifically in the socket-activated ssh migration logic. Regressions would be seen in the migration logic, for example breaking a previously-working migration scenario. [Original Description] update
[Touch-packages] [Bug 1993478] Re: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1
+if dpkg --compare-versions "$2" lt-nl 1:9.0p1-1ubuntu8~ && [ -n "$NO_SOCKET_MIGRATION" ]; then I'm going to ask that we be ultra-conservative here. It is very difficult in general to un-do in a maintainer script something that we think we did previously, because the admin may have done who-knows-what in between and we may be undoing things that weren't actually ours. So whenever it's possible to detect that it wasn't us that did a thing, we should avoid trying to undo it. In the case of this particular failure, the state of the system of a user hit by this bug will be: - /etc/systemd/system/ssh.service.d/00-socket.conf and /etc/systemd/system/ssh.socket.d/addresses.conf both exist - $2 argument to postinst will be LESS than 1:9.0p1-1ubuntu8~ because the release version of openssh-server will have failed to configure So I suggest the following instead: if dpkg --compare-versions "$2" lt-nl 1:9.0p1-1ubuntu7~ \ && [ -e /etc/systemd/system/ssh.socket.d/addresses.conf ] \ && [ -e /etc/systemd/system/ssh.service.d/00-socket.conf ] \ && [ -n "$NO_SOCKET_MIGRATION" ]; then This ensures that if, for any other reason the user has enabled the ssh.socket unit but our script says NO_SOCKET_MIGRATION, we don't mangle the systemd units to disable socket activation that might not have been enabled by us in the first place. (As a bonus, it will simplify and shorten the de-migration code overall.) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1993478 Title: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1 Status in openssh package in Ubuntu: Triaged Status in openssh source package in Kinetic: Triaged Bug description: [NOTE FOR SRU TEAM] I would prefer that vorlon review the attached patch before the upload is accepted. I will remove this note when that has happened. [Impact] Users with /etc/ssh/sshd_config's that contain ListenAddress entries with the port specified will not be migrated to socket-activated ssh correctly, or may be migrated when they should not be (e.g. if ListenAddress, with a port number, is specified more than once). This leaves users with a broken sshd configuration. [Test Plan] There are 4 tests that should be used to verify the fix: 1. Upgrade to Kinetic with just one ListenAddress entry, which specifies port number. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Before running the upgrade, make sure -proposed is enabled. * Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed). * On an affected system, ssh.socket will fail with `bad-setting` because /etc/systemd/system/ssh.socket.d/address.conf contains: [Socket] ListenStream= * On a patched system, ssh.socket will be active/listening, and /etc/systemd/system/ssh.socket.d/addresses.conf will contain the following: [Socket] ListenStream= ListenStream=0.0.0.0:1234 2. Upgrade to Kinetic with multiple ListenAddress entries, each specifying port number. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 ListenAddress [::]:4321 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Before running the upgrade, make sure -proposed is enabled. * Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed). * On an affected system, migration will be attempted despite the multiple ListenAddress options, and ssh.socket will fail with `bad-setting` because /etc/systemd/system/ssh.socket.d/address.conf contains: [Socket] ListenStream= * On a patched system, the ListenAddress option will be parsed correctly, and migration will not be attempted. 3. On a Kinetic system which was migrated, but with errors (e.g. test case #1, prior to being patched), installing the new package should correct the ssh.socket configuration. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that
[Touch-packages] [Bug 1993478] Re: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1
** Description changed: + [NOTE FOR SRU TEAM] + + I would prefer that vorlon review the attached patch before the upload + is accepted. I will remove this note when that has happened. + [Impact] Users with /etc/ssh/sshd_config's that contain ListenAddress entries with the port specified will not be migrated to socket-activated ssh correctly, or may be migrated when they should not be (e.g. if ListenAddress, with a port number, is specified more than once). This leaves users with a broken sshd configuration. [Test Plan] There are 4 tests that should be used to verify the fix: 1. Upgrade to Kinetic with just one ListenAddress entry, which specifies port number. - * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: - + * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the + following: + [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Before running the upgrade, make sure -proposed is enabled. * Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed). * On an affected system, ssh.socket will fail with `bad-setting` because /etc/systemd/system/ssh.socket.d/address.conf contains: [Socket] ListenStream= * On a patched system, ssh.socket will be active/listening, and /etc/systemd/system/ssh.socket.d/addresses.conf will contain the following: [Socket] ListenStream= - ListenStream=0.0.0.0:1234 + ListenStream=0.0.0.0:1234 2. Upgrade to Kinetic with multiple ListenAddress entries, each specifying port number. - * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: - + * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the + following: + [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 ListenAddress [::]:4321 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Before running the upgrade, make sure -proposed is enabled. * Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed). * On an affected system, migration will be attempted despite the multiple ListenAddress options, and ssh.socket will fail with `bad-setting` because /etc/systemd/system/ssh.socket.d/address.conf contains: [Socket] ListenStream= * On a patched system, the ListenAddress option will be parsed correctly, and migration will not be attempted. 3. On a Kinetic system which was migrated, but with errors (e.g. test case #1, prior to being patched), installing the new package should correct the ssh.socket configuration. + * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the + following: - * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: - [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Do NOT enable -proposed before the upgrade. * Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed). * After the openssh-server configuration fails, enable -proposed, and upgrade openssh-server. * The ssh.socket configuration should be fixed, and /etc/systemd/system/ssh.socket.d/addresses.conf should contain: [Socket] ListenStream= - ListenStream=0.0.0.0:1234 + ListenStream=0.0.0.0:1234 4. On a Kinetic system which was incorrectly migrated to ssh socket activation (e.g. test case #2, prior to being patched), installing the new package reverts to the previous behavior. - * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: - + * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the + following: + [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 ListenAddress [::]:4321 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Do NOT enable -proposed before the upgrade. * Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed). * After the openssh-server configuration fails, enable -proposed, and upgrade openssh-server. * The
[Touch-packages] [Bug 1993478] Re: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1
The attachment "openssh_9.0p1-1ubuntu8.debdiff" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team. [This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.] ** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1993478 Title: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1 Status in openssh package in Ubuntu: Triaged Status in openssh source package in Kinetic: Triaged Bug description: [Impact] Users with /etc/ssh/sshd_config's that contain ListenAddress entries with the port specified will not be migrated to socket-activated ssh correctly, or may be migrated when they should not be (e.g. if ListenAddress, with a port number, is specified more than once). This leaves users with a broken sshd configuration. [Test Plan] There are 4 tests that should be used to verify the fix: 1. Upgrade to Kinetic with just one ListenAddress entry, which specifies port number. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Before running the upgrade, make sure -proposed is enabled. * Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed). * On an affected system, ssh.socket will fail with `bad-setting` because /etc/systemd/system/ssh.socket.d/address.conf contains: [Socket] ListenStream= * On a patched system, ssh.socket will be active/listening, and /etc/systemd/system/ssh.socket.d/addresses.conf will contain the following: [Socket] ListenStream= ListenStream=0.0.0.0:1234 2. Upgrade to Kinetic with multiple ListenAddress entries, each specifying port number. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 ListenAddress [::]:4321 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Before running the upgrade, make sure -proposed is enabled. * Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed). * On an affected system, migration will be attempted despite the multiple ListenAddress options, and ssh.socket will fail with `bad-setting` because /etc/systemd/system/ssh.socket.d/address.conf contains: [Socket] ListenStream= * On a patched system, the ListenAddress option will be parsed correctly, and migration will not be attempted. 3. On a Kinetic system which was migrated, but with errors (e.g. test case #1, prior to being patched), installing the new package should correct the ssh.socket configuration. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Do NOT enable -proposed before the upgrade. * Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed). * After the openssh-server configuration fails, enable -proposed, and upgrade openssh-server. * The ssh.socket configuration should be fixed, and /etc/systemd/system/ssh.socket.d/addresses.conf should contain: [Socket] ListenStream= ListenStream=0.0.0.0:1234 4. On a Kinetic system which was incorrectly migrated to ssh socket activation (e.g. test case #2, prior to being patched), installing the new package reverts to the previous behavior. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 ListenAddress [::]:4321 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Do NOT enable
[Touch-packages] [Bug 1993478] Re: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1
** Patch added: "openssh_9.0p1-1ubuntu8.debdiff" https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1993478/+attachment/5627076/+files/openssh_9.0p1-1ubuntu8.debdiff -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1993478 Title: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1 Status in openssh package in Ubuntu: Triaged Status in openssh source package in Kinetic: Triaged Bug description: [Impact] Users with /etc/ssh/sshd_config's that contain ListenAddress entries with the port specified will not be migrated to socket-activated ssh correctly, or may be migrated when they should not be (e.g. if ListenAddress, with a port number, is specified more than once). This leaves users with a broken sshd configuration. [Test Plan] There are 4 tests that should be used to verify the fix: 1. Upgrade to Kinetic with just one ListenAddress entry, which specifies port number. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Before running the upgrade, make sure -proposed is enabled. * Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed). * On an affected system, ssh.socket will fail with `bad-setting` because /etc/systemd/system/ssh.socket.d/address.conf contains: [Socket] ListenStream= * On a patched system, ssh.socket will be active/listening, and /etc/systemd/system/ssh.socket.d/addresses.conf will contain the following: [Socket] ListenStream= ListenStream=0.0.0.0:1234 2. Upgrade to Kinetic with multiple ListenAddress entries, each specifying port number. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 ListenAddress [::]:4321 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Before running the upgrade, make sure -proposed is enabled. * Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed). * On an affected system, migration will be attempted despite the multiple ListenAddress options, and ssh.socket will fail with `bad-setting` because /etc/systemd/system/ssh.socket.d/address.conf contains: [Socket] ListenStream= * On a patched system, the ListenAddress option will be parsed correctly, and migration will not be attempted. 3. On a Kinetic system which was migrated, but with errors (e.g. test case #1, prior to being patched), installing the new package should correct the ssh.socket configuration. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Do NOT enable -proposed before the upgrade. * Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed). * After the openssh-server configuration fails, enable -proposed, and upgrade openssh-server. * The ssh.socket configuration should be fixed, and /etc/systemd/system/ssh.socket.d/addresses.conf should contain: [Socket] ListenStream= ListenStream=0.0.0.0:1234 4. On a Kinetic system which was incorrectly migrated to ssh socket activation (e.g. test case #2, prior to being patched), installing the new package reverts to the previous behavior. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 ListenAddress [::]:4321 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Do NOT enable -proposed before the upgrade. * Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed). * After the openssh-server configuration fails, enable -proposed, and upgrade openssh-server. * The socket-activated ssh migration should be reverted, and ssh.service should be
[Touch-packages] [Bug 1993478] Re: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1
** Description changed: + [Impact] + + Users with /etc/ssh/sshd_config's that contain ListenAddress entries + with the port specified will not be migrated to socket-activated ssh + correctly, or may be migrated when they should not be (e.g. if + ListenAddress, with a port number, is specified more than once). This + leaves users with a broken sshd configuration. + + [Test Plan] + + There are 4 tests that should be used to verify the fix: + + 1. Upgrade to Kinetic with just one ListenAddress entry, which specifies + port number. + + * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: + + [...defaults everywhere else...] + + #Port 22 + #AddressFamily any + #ListenAddress 0.0.0.0 + #ListenAddress :: + ListenAddress 0.0.0.0:1234 + + [...defaults everywhere else...] + + * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. + * Before running the upgrade, make sure -proposed is enabled. + * Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed). + * On an affected system, ssh.socket will fail with `bad-setting` because /etc/systemd/system/ssh.socket.d/address.conf contains: + + [Socket] + ListenStream= + + * On a patched system, ssh.socket will be active/listening, and + /etc/systemd/system/ssh.socket.d/addresses.conf will contain the + following: + + [Socket] + ListenStream= + ListenStream=0.0.0.0:1234 + + 2. Upgrade to Kinetic with multiple ListenAddress entries, each + specifying port number. + + * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: + + [...defaults everywhere else...] + + #Port 22 + #AddressFamily any + #ListenAddress 0.0.0.0 + #ListenAddress :: + ListenAddress 0.0.0.0:1234 + ListenAddress [::]:4321 + + [...defaults everywhere else...] + + * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. + * Before running the upgrade, make sure -proposed is enabled. + * Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed). + * On an affected system, migration will be attempted despite the multiple ListenAddress options, and ssh.socket will fail with `bad-setting` because /etc/systemd/system/ssh.socket.d/address.conf contains: + + [Socket] + ListenStream= + + * On a patched system, the ListenAddress option will be parsed + correctly, and migration will not be attempted. + + 3. On a Kinetic system which was migrated, but with errors (e.g. test + case #1, prior to being patched), installing the new package should + correct the ssh.socket configuration. + + + * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: + + [...defaults everywhere else...] + + #Port 22 + #AddressFamily any + #ListenAddress 0.0.0.0 + #ListenAddress :: + ListenAddress 0.0.0.0:1234 + + [...defaults everywhere else...] + + * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. + * Do NOT enable -proposed before the upgrade. + * Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed). + * After the openssh-server configuration fails, enable -proposed, and upgrade openssh-server. + + * The ssh.socket configuration should be fixed, and /etc/systemd/system/ssh.socket.d/addresses.conf should contain: + [Socket] + ListenStream= + ListenStream=0.0.0.0:1234 + + 4. On a Kinetic system which was incorrectly migrated to ssh socket + activation (e.g. test case #2, prior to being patched), installing the + new package reverts to the previous behavior. + + * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: + + [...defaults everywhere else...] + + #Port 22 + #AddressFamily any + #ListenAddress 0.0.0.0 + #ListenAddress :: + ListenAddress 0.0.0.0:1234 + ListenAddress [::]:4321 + + [...defaults everywhere else...] + + * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. + * Do NOT enable -proposed before the upgrade. + * Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed). + * After the openssh-server configuration fails, enable -proposed, and upgrade openssh-server. + * The socket-activated ssh migration should be reverted, and ssh.service should be running as before upgrade to Kinetic. + + [Where problems could occur] + These changes are in the openssh-server.postinst script, specifically in the socket-activated ssh migration logic. Regressions would be seen in the migration logic, for example breaking a previously-working migration scenario. + + + [Original Description] + update failed... ProblemType: Package DistroRelease: Ubuntu 22.10 Package: openssh-server 1:9.0p1-1ubuntu7 ProcVersionSignature: Ubuntu
[Touch-packages] [Bug 1993478] Re: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1
** Also affects: openssh (Ubuntu Kinetic) Importance: Critical Status: Triaged -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1993478 Title: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1 Status in openssh package in Ubuntu: Triaged Status in openssh source package in Kinetic: Triaged Bug description: [Impact] Users with /etc/ssh/sshd_config's that contain ListenAddress entries with the port specified will not be migrated to socket-activated ssh correctly, or may be migrated when they should not be (e.g. if ListenAddress, with a port number, is specified more than once). This leaves users with a broken sshd configuration. [Test Plan] There are 4 tests that should be used to verify the fix: 1. Upgrade to Kinetic with just one ListenAddress entry, which specifies port number. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Before running the upgrade, make sure -proposed is enabled. * Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed). * On an affected system, ssh.socket will fail with `bad-setting` because /etc/systemd/system/ssh.socket.d/address.conf contains: [Socket] ListenStream= * On a patched system, ssh.socket will be active/listening, and /etc/systemd/system/ssh.socket.d/addresses.conf will contain the following: [Socket] ListenStream= ListenStream=0.0.0.0:1234 2. Upgrade to Kinetic with multiple ListenAddress entries, each specifying port number. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 ListenAddress [::]:4321 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Before running the upgrade, make sure -proposed is enabled. * Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed). * On an affected system, migration will be attempted despite the multiple ListenAddress options, and ssh.socket will fail with `bad-setting` because /etc/systemd/system/ssh.socket.d/address.conf contains: [Socket] ListenStream= * On a patched system, the ListenAddress option will be parsed correctly, and migration will not be attempted. 3. On a Kinetic system which was migrated, but with errors (e.g. test case #1, prior to being patched), installing the new package should correct the ssh.socket configuration. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Do NOT enable -proposed before the upgrade. * Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed). * After the openssh-server configuration fails, enable -proposed, and upgrade openssh-server. * The ssh.socket configuration should be fixed, and /etc/systemd/system/ssh.socket.d/addresses.conf should contain: [Socket] ListenStream= ListenStream=0.0.0.0:1234 4. On a Kinetic system which was incorrectly migrated to ssh socket activation (e.g. test case #2, prior to being patched), installing the new package reverts to the previous behavior. * On a Jammy system, edit /etc/ssh/sshd_config so that it contains the following: [...defaults everywhere else...] #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: ListenAddress 0.0.0.0:1234 ListenAddress [::]:4321 [...defaults everywhere else...] * Run `systemctl restart ssh.service` and confirm that the new configuration works as expected. * Do NOT enable -proposed before the upgrade. * Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed). * After the openssh-server configuration fails, enable -proposed, and upgrade openssh-server. * The socket-activated ssh migration should be reverted, and ssh.service should be running as before upgrade to Kinetic. [Where problems could occur] These changes are
[Touch-packages] [Bug 1993478] Re: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1
I deleted my account, so I had to create a new one. I used Linux headless, I'll move away to a Systemd Linux distro that doesn't pull shenanigans or tries to reinvent the wheel every update. Whomever pushed this script didn't test it with anything else than the default all commented ListenAddress and Port in the config. On my install it failed to convert a custom Listenaddress and Port formatted exactly as in the default sshd_config file: Port 622 ListenAddress 0.0.0.0 The machine that didn't return an openssh-server error post-upgrade had and almost untouched sshd_config with ListenAddress and Port commented to use opensshd-server default ListenAddress/Port. I know how to set ports with sockets. I didn't see the new # comment in the sshd_config at first I just didn't get why the third party systemd socket was taking precedence over the config from the original application package. The machine that didn't fail installing openssh-server post-upgrade had a /etc/systemd/system/ssh.socket.d/override.conf set. Sorry if I hijacked your bug report a bit. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1993478 Title: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1 Status in openssh package in Ubuntu: Triaged Bug description: update failed... ProblemType: Package DistroRelease: Ubuntu 22.10 Package: openssh-server 1:9.0p1-1ubuntu7 ProcVersionSignature: Ubuntu 5.15.0-48.54-generic 5.15.53 Uname: Linux 5.15.0-48-generic x86_64 NonfreeKernelModules: cpuid tcp_diag inet_diag tls authenc echainiv esp4 xfrm_user xfrm_algo sctp ip6_udp_tunnel udp_tunnel cfg80211 veth nft_chain_nat xt_REDIRECT nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_tcpudp nft_counter xt_policy nft_compat nf_tables nfnetlink bridge stp llc nls_iso8859_1 hid_generic joydev crct10dif_pclmul crc32_pclmul ghash_clmulni_intel usbhid virtio_net net_failover hid failover i2c_piix4 pata_acpi qemu_fw_cfg floppy sch_fq_codel ipmi_devintf ipmi_msghandler msr ramoops reed_solomon pstore_blk efi_pstore pstore_zone ip_tables x_tables autofs4 btrfs blake2b_generic zstd_compress dm_crypt raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx libcrc32c xor raid6_pq raid1 raid0 multipath linear bochs drm_vram_helper drm_ttm_helper ttm drm_kms_helper syscopyarea aesni_intel sysfillrect sysimgblt input_leds fb_sys_fops cec crypto_simd rc_core psmouse cryptd drm serio_raw virtio_scsi mac_hid ApportVersion: 2.23.1-0ubuntu3 Architecture: amd64 CasperMD5CheckResult: unknown Date: Wed Oct 19 08:41:28 2022 ErrorMessage: »installiertes post-installation-Skript des Paketes openssh-server«-Unterprozess gab den Fehlerwert 1 zurück InstallationDate: Installed on 2019-08-13 (1162 days ago) InstallationMedia: Ubuntu-Server 18.04.2 LTS "Bionic Beaver" - Release amd64 (20190210) Python3Details: /usr/bin/python3.10, Python 3.10.7, python3-minimal, 3.10.6-1 PythonDetails: N/A RebootRequiredPkgs: Error: path contained symlinks. RelatedPackageVersions: dpkg 1.21.9ubuntu1 apt 2.5.3 SourcePackage: openssh Title: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: »installiertes post-installation-Skript des Paketes openssh-server«-Unterprozess gab den Fehlerwert 1 zurück UpgradeStatus: Upgraded to kinetic on 2022-10-19 (0 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1993478/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1993478] Re: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1
@crhis34 actually socket activated ssh is not that difficult to setup. The issue for me is only that the upgrade of the configuration did not work quite right (and I think it is really challenging to do that right) but simply put you take the file /etc/systemd/system/ssh.socket.d/addresses.conf and write something like [Socket] ListenStream= ListenStream= (note the empty ListenStream=, that one is required to not listen on port 22) followed by a systemctl daemon-reload then if there is no /etc/systemd/system/ssh.service.d created by the upgrade script then what I did was systemctl enable ssh.socket && systemctl disable --now ssh.service && systemctl start ssh.socket an alternative might be doing that what the update script does: override_dir=/etc/systemd/system/ssh.service.d mkdir -p "$override_dir" echo '[Unit]' > "$override_dir"/00-socket.conf echo 'After=ssh.socket' >> "$override_dir"/00-socket.conf echo 'Requires=ssh.socket' >> "$override_dir"/00-socket.conf # deb-systemd-helper is inadequate for the task of # changing policy for the units on upgrade if [ -d /run/systemd/system ]; then systemctl daemon-reload systemctl disable ssh.service systemctl unmask ssh.service systemctl stop ssh.service systemctl enable ssh.socket fi -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1993478 Title: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1 Status in openssh package in Ubuntu: Triaged Bug description: update failed... ProblemType: Package DistroRelease: Ubuntu 22.10 Package: openssh-server 1:9.0p1-1ubuntu7 ProcVersionSignature: Ubuntu 5.15.0-48.54-generic 5.15.53 Uname: Linux 5.15.0-48-generic x86_64 NonfreeKernelModules: cpuid tcp_diag inet_diag tls authenc echainiv esp4 xfrm_user xfrm_algo sctp ip6_udp_tunnel udp_tunnel cfg80211 veth nft_chain_nat xt_REDIRECT nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_tcpudp nft_counter xt_policy nft_compat nf_tables nfnetlink bridge stp llc nls_iso8859_1 hid_generic joydev crct10dif_pclmul crc32_pclmul ghash_clmulni_intel usbhid virtio_net net_failover hid failover i2c_piix4 pata_acpi qemu_fw_cfg floppy sch_fq_codel ipmi_devintf ipmi_msghandler msr ramoops reed_solomon pstore_blk efi_pstore pstore_zone ip_tables x_tables autofs4 btrfs blake2b_generic zstd_compress dm_crypt raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx libcrc32c xor raid6_pq raid1 raid0 multipath linear bochs drm_vram_helper drm_ttm_helper ttm drm_kms_helper syscopyarea aesni_intel sysfillrect sysimgblt input_leds fb_sys_fops cec crypto_simd rc_core psmouse cryptd drm serio_raw virtio_scsi mac_hid ApportVersion: 2.23.1-0ubuntu3 Architecture: amd64 CasperMD5CheckResult: unknown Date: Wed Oct 19 08:41:28 2022 ErrorMessage: »installiertes post-installation-Skript des Paketes openssh-server«-Unterprozess gab den Fehlerwert 1 zurück InstallationDate: Installed on 2019-08-13 (1162 days ago) InstallationMedia: Ubuntu-Server 18.04.2 LTS "Bionic Beaver" - Release amd64 (20190210) Python3Details: /usr/bin/python3.10, Python 3.10.7, python3-minimal, 3.10.6-1 PythonDetails: N/A RebootRequiredPkgs: Error: path contained symlinks. RelatedPackageVersions: dpkg 1.21.9ubuntu1 apt 2.5.3 SourcePackage: openssh Title: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: »installiertes post-installation-Skript des Paketes openssh-server«-Unterprozess gab den Fehlerwert 1 zurück UpgradeStatus: Upgraded to kinetic on 2022-10-19 (0 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1993478/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1993478] Re: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1
Port Specifies the port number that sshd(8) listens on. The default is 22. Multiple options of this type are permitted. See also ListenAddress. Note: On Ubuntu, the openssh-server package is configured to use systemd socket-based activation by default. Therefore if you are using systemd with the default configuration, Port options will not be honored. Address configuration must be handled in /etc/systemd/system/ssh.socket.d instead. # Port and ListenAddress options are not used when sshd is socket-activated, # which is now the default in Ubuntu. See sshd_config(5) and # /usr/share/doc/openssh-server/README.Debian.gz for details. -- For me, the post upgrade error didn't happen on the machine that had the default openssh-server port 22, but on the machine that had a custom port and bind address. I had to purge and reinstall openssh-server to fix the broken, partially installed, package post-upgrade. I only noticed the new message in the sshd_config configuration file after purging/reinstalling openssh-server second time on one of my machine. I was multitasking during the upgrade process, if there was a message about the new port configuration being a systemd socket, I missed it. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1993478 Title: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1 Status in openssh package in Ubuntu: Triaged Bug description: update failed... ProblemType: Package DistroRelease: Ubuntu 22.10 Package: openssh-server 1:9.0p1-1ubuntu7 ProcVersionSignature: Ubuntu 5.15.0-48.54-generic 5.15.53 Uname: Linux 5.15.0-48-generic x86_64 NonfreeKernelModules: cpuid tcp_diag inet_diag tls authenc echainiv esp4 xfrm_user xfrm_algo sctp ip6_udp_tunnel udp_tunnel cfg80211 veth nft_chain_nat xt_REDIRECT nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_tcpudp nft_counter xt_policy nft_compat nf_tables nfnetlink bridge stp llc nls_iso8859_1 hid_generic joydev crct10dif_pclmul crc32_pclmul ghash_clmulni_intel usbhid virtio_net net_failover hid failover i2c_piix4 pata_acpi qemu_fw_cfg floppy sch_fq_codel ipmi_devintf ipmi_msghandler msr ramoops reed_solomon pstore_blk efi_pstore pstore_zone ip_tables x_tables autofs4 btrfs blake2b_generic zstd_compress dm_crypt raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx libcrc32c xor raid6_pq raid1 raid0 multipath linear bochs drm_vram_helper drm_ttm_helper ttm drm_kms_helper syscopyarea aesni_intel sysfillrect sysimgblt input_leds fb_sys_fops cec crypto_simd rc_core psmouse cryptd drm serio_raw virtio_scsi mac_hid ApportVersion: 2.23.1-0ubuntu3 Architecture: amd64 CasperMD5CheckResult: unknown Date: Wed Oct 19 08:41:28 2022 ErrorMessage: »installiertes post-installation-Skript des Paketes openssh-server«-Unterprozess gab den Fehlerwert 1 zurück InstallationDate: Installed on 2019-08-13 (1162 days ago) InstallationMedia: Ubuntu-Server 18.04.2 LTS "Bionic Beaver" - Release amd64 (20190210) Python3Details: /usr/bin/python3.10, Python 3.10.7, python3-minimal, 3.10.6-1 PythonDetails: N/A RebootRequiredPkgs: Error: path contained symlinks. RelatedPackageVersions: dpkg 1.21.9ubuntu1 apt 2.5.3 SourcePackage: openssh Title: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: »installiertes post-installation-Skript des Paketes openssh-server«-Unterprozess gab den Fehlerwert 1 zurück UpgradeStatus: Upgraded to kinetic on 2022-10-19 (0 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1993478/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1993478] Re: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1
slightly off-topic for those who find this before the 22.10 documentation: https://discourse.ubuntu.com/t/sshd-now-uses-socket-based-activation-ubuntu-22-10-and-later/30189 This bug is about the postinst script not being able to convert (or keep) every configuration around. In my case this is because the script is unable to parse ListenAddress with port. The script should understand this formats (quote from man sshd_config): ListenAddress hostname|address ListenAddress hostname:port ListenAddress IPv4_address:port ListenAddress [hostname|address]:port only the first is supported (and [hostname|address] without port) example of working statements ListenAddress localhost ListenAddress 127.0.0.1 ListenAddress [::1] ListenAddress ::1 example of valid but not working statements: ListenAddress localhost: ListenAddress 0.0.0.0: ListenAddress [::]: When converting [::] I think BindIPv6Only=yes should be used, but that's another topic -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1993478 Title: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1 Status in openssh package in Ubuntu: Triaged Bug description: update failed... ProblemType: Package DistroRelease: Ubuntu 22.10 Package: openssh-server 1:9.0p1-1ubuntu7 ProcVersionSignature: Ubuntu 5.15.0-48.54-generic 5.15.53 Uname: Linux 5.15.0-48-generic x86_64 NonfreeKernelModules: cpuid tcp_diag inet_diag tls authenc echainiv esp4 xfrm_user xfrm_algo sctp ip6_udp_tunnel udp_tunnel cfg80211 veth nft_chain_nat xt_REDIRECT nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_tcpudp nft_counter xt_policy nft_compat nf_tables nfnetlink bridge stp llc nls_iso8859_1 hid_generic joydev crct10dif_pclmul crc32_pclmul ghash_clmulni_intel usbhid virtio_net net_failover hid failover i2c_piix4 pata_acpi qemu_fw_cfg floppy sch_fq_codel ipmi_devintf ipmi_msghandler msr ramoops reed_solomon pstore_blk efi_pstore pstore_zone ip_tables x_tables autofs4 btrfs blake2b_generic zstd_compress dm_crypt raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx libcrc32c xor raid6_pq raid1 raid0 multipath linear bochs drm_vram_helper drm_ttm_helper ttm drm_kms_helper syscopyarea aesni_intel sysfillrect sysimgblt input_leds fb_sys_fops cec crypto_simd rc_core psmouse cryptd drm serio_raw virtio_scsi mac_hid ApportVersion: 2.23.1-0ubuntu3 Architecture: amd64 CasperMD5CheckResult: unknown Date: Wed Oct 19 08:41:28 2022 ErrorMessage: »installiertes post-installation-Skript des Paketes openssh-server«-Unterprozess gab den Fehlerwert 1 zurück InstallationDate: Installed on 2019-08-13 (1162 days ago) InstallationMedia: Ubuntu-Server 18.04.2 LTS "Bionic Beaver" - Release amd64 (20190210) Python3Details: /usr/bin/python3.10, Python 3.10.7, python3-minimal, 3.10.6-1 PythonDetails: N/A RebootRequiredPkgs: Error: path contained symlinks. RelatedPackageVersions: dpkg 1.21.9ubuntu1 apt 2.5.3 SourcePackage: openssh Title: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: »installiertes post-installation-Skript des Paketes openssh-server«-Unterprozess gab den Fehlerwert 1 zurück UpgradeStatus: Upgraded to kinetic on 2022-10-19 (0 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1993478/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1993478] Re: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1
It is exactly the same issue msaxl reported, the Opensshd returns an error 1 at the ends of the upgrade process, and after the upgrade it is impossible to bind/listen opensshd on anything else than :::22. The first issue which is that opensshd reported an error 1 at the end of the upgrade process, happened on one machine. I'll open a ticket for the bind/port issue as msaxl isn't really clear with what he said regarding the behavior of Opensshd post-upgrade, and I understood only because I had the exact same issue. The second that is about the sshd.socket, or whatever it is, unit that doesn't allow opensshd to listen or bind to anything other than :::22. In short it is impossible to bind or listen to a custom port with Opensshd after upgrading 22.04 to 22.10 on both of my machines. The machine that returned an error 1 and the other that didn't. Same as msaxl That second issue that msaxl reported happens to me on both of my machine, including the machine that did not report an opensshd error 1 at the end of the upgrade process. I joined the log from the machine that had the opensshd error 1 2022-10-21 14:59:29,800 ERROR got an error from dpkg for pkg: 'openssh-server': 'installed openssh-server package post-installation script subprocess returned error exit status 1' 2022-10-21 14:59:29,801 DEBUG running apport_pkgfailure() openssh-server: installed openssh-server package post-installation script subprocess returned error exit status 1 2022-10-21 15:00:17,041 ERROR Exception during pm.DoInstall() ** Attachment added: "Machine-1_dist-upgrade.zip" https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1993478/+attachment/5625850/+files/Machine-1_dist-upgrade.zip -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1993478 Title: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1 Status in openssh package in Ubuntu: Triaged Bug description: update failed... ProblemType: Package DistroRelease: Ubuntu 22.10 Package: openssh-server 1:9.0p1-1ubuntu7 ProcVersionSignature: Ubuntu 5.15.0-48.54-generic 5.15.53 Uname: Linux 5.15.0-48-generic x86_64 NonfreeKernelModules: cpuid tcp_diag inet_diag tls authenc echainiv esp4 xfrm_user xfrm_algo sctp ip6_udp_tunnel udp_tunnel cfg80211 veth nft_chain_nat xt_REDIRECT nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_tcpudp nft_counter xt_policy nft_compat nf_tables nfnetlink bridge stp llc nls_iso8859_1 hid_generic joydev crct10dif_pclmul crc32_pclmul ghash_clmulni_intel usbhid virtio_net net_failover hid failover i2c_piix4 pata_acpi qemu_fw_cfg floppy sch_fq_codel ipmi_devintf ipmi_msghandler msr ramoops reed_solomon pstore_blk efi_pstore pstore_zone ip_tables x_tables autofs4 btrfs blake2b_generic zstd_compress dm_crypt raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx libcrc32c xor raid6_pq raid1 raid0 multipath linear bochs drm_vram_helper drm_ttm_helper ttm drm_kms_helper syscopyarea aesni_intel sysfillrect sysimgblt input_leds fb_sys_fops cec crypto_simd rc_core psmouse cryptd drm serio_raw virtio_scsi mac_hid ApportVersion: 2.23.1-0ubuntu3 Architecture: amd64 CasperMD5CheckResult: unknown Date: Wed Oct 19 08:41:28 2022 ErrorMessage: »installiertes post-installation-Skript des Paketes openssh-server«-Unterprozess gab den Fehlerwert 1 zurück InstallationDate: Installed on 2019-08-13 (1162 days ago) InstallationMedia: Ubuntu-Server 18.04.2 LTS "Bionic Beaver" - Release amd64 (20190210) Python3Details: /usr/bin/python3.10, Python 3.10.7, python3-minimal, 3.10.6-1 PythonDetails: N/A RebootRequiredPkgs: Error: path contained symlinks. RelatedPackageVersions: dpkg 1.21.9ubuntu1 apt 2.5.3 SourcePackage: openssh Title: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: »installiertes post-installation-Skript des Paketes openssh-server«-Unterprozess gab den Fehlerwert 1 zurück UpgradeStatus: Upgraded to kinetic on 2022-10-19 (0 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1993478/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
Re: [Touch-packages] [Bug 1993478] Re: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1
On Fri, Oct 21, 2022 at 02:06:33PM -, Christophe M. wrote: > Hellow, same issue here. SSHD failed during the do-release-upgrade > process on one of my machines, and now it refuses to change the port to > anything else than 22 on both of my machines. If I start the sshd daemon > using systemd service -> systemctl start ssh.service Please file a separate bug report for your upgrade issue, including upgrade logs. It is not clear that what you are describing is the "same issue". -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1993478 Title: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1 Status in openssh package in Ubuntu: Triaged Bug description: update failed... ProblemType: Package DistroRelease: Ubuntu 22.10 Package: openssh-server 1:9.0p1-1ubuntu7 ProcVersionSignature: Ubuntu 5.15.0-48.54-generic 5.15.53 Uname: Linux 5.15.0-48-generic x86_64 NonfreeKernelModules: cpuid tcp_diag inet_diag tls authenc echainiv esp4 xfrm_user xfrm_algo sctp ip6_udp_tunnel udp_tunnel cfg80211 veth nft_chain_nat xt_REDIRECT nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_tcpudp nft_counter xt_policy nft_compat nf_tables nfnetlink bridge stp llc nls_iso8859_1 hid_generic joydev crct10dif_pclmul crc32_pclmul ghash_clmulni_intel usbhid virtio_net net_failover hid failover i2c_piix4 pata_acpi qemu_fw_cfg floppy sch_fq_codel ipmi_devintf ipmi_msghandler msr ramoops reed_solomon pstore_blk efi_pstore pstore_zone ip_tables x_tables autofs4 btrfs blake2b_generic zstd_compress dm_crypt raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx libcrc32c xor raid6_pq raid1 raid0 multipath linear bochs drm_vram_helper drm_ttm_helper ttm drm_kms_helper syscopyarea aesni_intel sysfillrect sysimgblt input_leds fb_sys_fops cec crypto_simd rc_core psmouse cryptd drm serio_raw virtio_scsi mac_hid ApportVersion: 2.23.1-0ubuntu3 Architecture: amd64 CasperMD5CheckResult: unknown Date: Wed Oct 19 08:41:28 2022 ErrorMessage: »installiertes post-installation-Skript des Paketes openssh-server«-Unterprozess gab den Fehlerwert 1 zurück InstallationDate: Installed on 2019-08-13 (1162 days ago) InstallationMedia: Ubuntu-Server 18.04.2 LTS "Bionic Beaver" - Release amd64 (20190210) Python3Details: /usr/bin/python3.10, Python 3.10.7, python3-minimal, 3.10.6-1 PythonDetails: N/A RebootRequiredPkgs: Error: path contained symlinks. RelatedPackageVersions: dpkg 1.21.9ubuntu1 apt 2.5.3 SourcePackage: openssh Title: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: »installiertes post-installation-Skript des Paketes openssh-server«-Unterprozess gab den Fehlerwert 1 zurück UpgradeStatus: Upgraded to kinetic on 2022-10-19 (0 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1993478/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1993478] Re: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1
** Tags added: fr-2890 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1993478 Title: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1 Status in openssh package in Ubuntu: Triaged Bug description: update failed... ProblemType: Package DistroRelease: Ubuntu 22.10 Package: openssh-server 1:9.0p1-1ubuntu7 ProcVersionSignature: Ubuntu 5.15.0-48.54-generic 5.15.53 Uname: Linux 5.15.0-48-generic x86_64 NonfreeKernelModules: cpuid tcp_diag inet_diag tls authenc echainiv esp4 xfrm_user xfrm_algo sctp ip6_udp_tunnel udp_tunnel cfg80211 veth nft_chain_nat xt_REDIRECT nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_tcpudp nft_counter xt_policy nft_compat nf_tables nfnetlink bridge stp llc nls_iso8859_1 hid_generic joydev crct10dif_pclmul crc32_pclmul ghash_clmulni_intel usbhid virtio_net net_failover hid failover i2c_piix4 pata_acpi qemu_fw_cfg floppy sch_fq_codel ipmi_devintf ipmi_msghandler msr ramoops reed_solomon pstore_blk efi_pstore pstore_zone ip_tables x_tables autofs4 btrfs blake2b_generic zstd_compress dm_crypt raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx libcrc32c xor raid6_pq raid1 raid0 multipath linear bochs drm_vram_helper drm_ttm_helper ttm drm_kms_helper syscopyarea aesni_intel sysfillrect sysimgblt input_leds fb_sys_fops cec crypto_simd rc_core psmouse cryptd drm serio_raw virtio_scsi mac_hid ApportVersion: 2.23.1-0ubuntu3 Architecture: amd64 CasperMD5CheckResult: unknown Date: Wed Oct 19 08:41:28 2022 ErrorMessage: »installiertes post-installation-Skript des Paketes openssh-server«-Unterprozess gab den Fehlerwert 1 zurück InstallationDate: Installed on 2019-08-13 (1162 days ago) InstallationMedia: Ubuntu-Server 18.04.2 LTS "Bionic Beaver" - Release amd64 (20190210) Python3Details: /usr/bin/python3.10, Python 3.10.7, python3-minimal, 3.10.6-1 PythonDetails: N/A RebootRequiredPkgs: Error: path contained symlinks. RelatedPackageVersions: dpkg 1.21.9ubuntu1 apt 2.5.3 SourcePackage: openssh Title: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: »installiertes post-installation-Skript des Paketes openssh-server«-Unterprozess gab den Fehlerwert 1 zurück UpgradeStatus: Upgraded to kinetic on 2022-10-19 (0 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1993478/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1993478] Re: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1
Some additional info: drop in settings from sshd.config.d seem to be applied normally, the issue seem to be only for IP binding and custom ports. If I change Accept=no by Accept=yes in ssh.socket and reloads the socket unit, I can start sshd on a different port and I can also bind the IP to something else than :: There's an issue still, an instance of sshd is still listening to :::22 that is not started by SSHD but by init. root@ubuntulocal:~# netstat -antp Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp0 0 0.0.0.0:21 0.0.0.0:* LISTEN 568/vsftpd tcp0 0 0.0.0.0:622 0.0.0.0:* LISTEN 571/sshd: /usr/sbin tcp0272 192.168.1.225:622 192.168.1.220:2473 ESTABLISHED 1027/sshd: root@pts tcp6 0 0 :::22 :::*LISTEN 1/init If I reboot after changing this no to yes in ssh.socket does not survive a reboot and fails to load sshd with a "Failed to queue service startup job" error. Oct 21 15:41:56 ubuntulocal systemd[1]: ssh.socket: Failed to queue service startup job (Maybe the service file is missing or not a template unit?): Invalid argument Oct 21 15:41:56 ubuntulocal systemd[1]: ssh.socket: Failed with result 'resources'. I had to mask/stop the sshd.socket unit and create a custom sshd service in /etc/systemd/system to be able start sshd on a custom port and IP. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1993478 Title: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1 Status in openssh package in Ubuntu: Triaged Bug description: update failed... ProblemType: Package DistroRelease: Ubuntu 22.10 Package: openssh-server 1:9.0p1-1ubuntu7 ProcVersionSignature: Ubuntu 5.15.0-48.54-generic 5.15.53 Uname: Linux 5.15.0-48-generic x86_64 NonfreeKernelModules: cpuid tcp_diag inet_diag tls authenc echainiv esp4 xfrm_user xfrm_algo sctp ip6_udp_tunnel udp_tunnel cfg80211 veth nft_chain_nat xt_REDIRECT nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_tcpudp nft_counter xt_policy nft_compat nf_tables nfnetlink bridge stp llc nls_iso8859_1 hid_generic joydev crct10dif_pclmul crc32_pclmul ghash_clmulni_intel usbhid virtio_net net_failover hid failover i2c_piix4 pata_acpi qemu_fw_cfg floppy sch_fq_codel ipmi_devintf ipmi_msghandler msr ramoops reed_solomon pstore_blk efi_pstore pstore_zone ip_tables x_tables autofs4 btrfs blake2b_generic zstd_compress dm_crypt raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx libcrc32c xor raid6_pq raid1 raid0 multipath linear bochs drm_vram_helper drm_ttm_helper ttm drm_kms_helper syscopyarea aesni_intel sysfillrect sysimgblt input_leds fb_sys_fops cec crypto_simd rc_core psmouse cryptd drm serio_raw virtio_scsi mac_hid ApportVersion: 2.23.1-0ubuntu3 Architecture: amd64 CasperMD5CheckResult: unknown Date: Wed Oct 19 08:41:28 2022 ErrorMessage: »installiertes post-installation-Skript des Paketes openssh-server«-Unterprozess gab den Fehlerwert 1 zurück InstallationDate: Installed on 2019-08-13 (1162 days ago) InstallationMedia: Ubuntu-Server 18.04.2 LTS "Bionic Beaver" - Release amd64 (20190210) Python3Details: /usr/bin/python3.10, Python 3.10.7, python3-minimal, 3.10.6-1 PythonDetails: N/A RebootRequiredPkgs: Error: path contained symlinks. RelatedPackageVersions: dpkg 1.21.9ubuntu1 apt 2.5.3 SourcePackage: openssh Title: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: »installiertes post-installation-Skript des Paketes openssh-server«-Unterprozess gab den Fehlerwert 1 zurück UpgradeStatus: Upgraded to kinetic on 2022-10-19 (0 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1993478/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1993478] Re: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1
Hellow, same issue here. SSHD failed during the do-release-upgrade process on one of my machines, and now it refuses to change the port to anything else than 22 on both of my machines. If I start the sshd daemon using systemd service -> systemctl start ssh.service ssh does change the port if I load the config using the -f command after manually launching the binary. /usr/sbin/sshd -f /path/to/my/config.conf -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1993478 Title: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1 Status in openssh package in Ubuntu: Triaged Bug description: update failed... ProblemType: Package DistroRelease: Ubuntu 22.10 Package: openssh-server 1:9.0p1-1ubuntu7 ProcVersionSignature: Ubuntu 5.15.0-48.54-generic 5.15.53 Uname: Linux 5.15.0-48-generic x86_64 NonfreeKernelModules: cpuid tcp_diag inet_diag tls authenc echainiv esp4 xfrm_user xfrm_algo sctp ip6_udp_tunnel udp_tunnel cfg80211 veth nft_chain_nat xt_REDIRECT nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_tcpudp nft_counter xt_policy nft_compat nf_tables nfnetlink bridge stp llc nls_iso8859_1 hid_generic joydev crct10dif_pclmul crc32_pclmul ghash_clmulni_intel usbhid virtio_net net_failover hid failover i2c_piix4 pata_acpi qemu_fw_cfg floppy sch_fq_codel ipmi_devintf ipmi_msghandler msr ramoops reed_solomon pstore_blk efi_pstore pstore_zone ip_tables x_tables autofs4 btrfs blake2b_generic zstd_compress dm_crypt raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx libcrc32c xor raid6_pq raid1 raid0 multipath linear bochs drm_vram_helper drm_ttm_helper ttm drm_kms_helper syscopyarea aesni_intel sysfillrect sysimgblt input_leds fb_sys_fops cec crypto_simd rc_core psmouse cryptd drm serio_raw virtio_scsi mac_hid ApportVersion: 2.23.1-0ubuntu3 Architecture: amd64 CasperMD5CheckResult: unknown Date: Wed Oct 19 08:41:28 2022 ErrorMessage: »installiertes post-installation-Skript des Paketes openssh-server«-Unterprozess gab den Fehlerwert 1 zurück InstallationDate: Installed on 2019-08-13 (1162 days ago) InstallationMedia: Ubuntu-Server 18.04.2 LTS "Bionic Beaver" - Release amd64 (20190210) Python3Details: /usr/bin/python3.10, Python 3.10.7, python3-minimal, 3.10.6-1 PythonDetails: N/A RebootRequiredPkgs: Error: path contained symlinks. RelatedPackageVersions: dpkg 1.21.9ubuntu1 apt 2.5.3 SourcePackage: openssh Title: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: »installiertes post-installation-Skript des Paketes openssh-server«-Unterprozess gab den Fehlerwert 1 zurück UpgradeStatus: Upgraded to kinetic on 2022-10-19 (0 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1993478/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1993478] Re: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1
** Changed in: openssh (Ubuntu) Status: Incomplete => Triaged -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1993478 Title: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1 Status in openssh package in Ubuntu: Triaged Bug description: update failed... ProblemType: Package DistroRelease: Ubuntu 22.10 Package: openssh-server 1:9.0p1-1ubuntu7 ProcVersionSignature: Ubuntu 5.15.0-48.54-generic 5.15.53 Uname: Linux 5.15.0-48-generic x86_64 NonfreeKernelModules: cpuid tcp_diag inet_diag tls authenc echainiv esp4 xfrm_user xfrm_algo sctp ip6_udp_tunnel udp_tunnel cfg80211 veth nft_chain_nat xt_REDIRECT nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_tcpudp nft_counter xt_policy nft_compat nf_tables nfnetlink bridge stp llc nls_iso8859_1 hid_generic joydev crct10dif_pclmul crc32_pclmul ghash_clmulni_intel usbhid virtio_net net_failover hid failover i2c_piix4 pata_acpi qemu_fw_cfg floppy sch_fq_codel ipmi_devintf ipmi_msghandler msr ramoops reed_solomon pstore_blk efi_pstore pstore_zone ip_tables x_tables autofs4 btrfs blake2b_generic zstd_compress dm_crypt raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx libcrc32c xor raid6_pq raid1 raid0 multipath linear bochs drm_vram_helper drm_ttm_helper ttm drm_kms_helper syscopyarea aesni_intel sysfillrect sysimgblt input_leds fb_sys_fops cec crypto_simd rc_core psmouse cryptd drm serio_raw virtio_scsi mac_hid ApportVersion: 2.23.1-0ubuntu3 Architecture: amd64 CasperMD5CheckResult: unknown Date: Wed Oct 19 08:41:28 2022 ErrorMessage: »installiertes post-installation-Skript des Paketes openssh-server«-Unterprozess gab den Fehlerwert 1 zurück InstallationDate: Installed on 2019-08-13 (1162 days ago) InstallationMedia: Ubuntu-Server 18.04.2 LTS "Bionic Beaver" - Release amd64 (20190210) Python3Details: /usr/bin/python3.10, Python 3.10.7, python3-minimal, 3.10.6-1 PythonDetails: N/A RebootRequiredPkgs: Error: path contained symlinks. RelatedPackageVersions: dpkg 1.21.9ubuntu1 apt 2.5.3 SourcePackage: openssh Title: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: »installiertes post-installation-Skript des Paketes openssh-server«-Unterprozess gab den Fehlerwert 1 zurück UpgradeStatus: Upgraded to kinetic on 2022-10-19 (0 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1993478/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1993478] Re: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1
> Why do you mention this? I don't see anything in the log file that mentions Port settings. Because the automatically attached file has that setting and thus does not reflect my real configuration anyway, a issue seems to be that hostnames_to_addresses does not handle ListenAddress 1.2.3.4:1234, only ListenAddress 1.2.3.4 (without port) addresses=$(hostnames_to_addresses "$addresses") empties/breaks the list in my case, but somehow this addresses.conf is created: [Socket] ListenStream= -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1993478 Title: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1 Status in openssh package in Ubuntu: Incomplete Bug description: update failed... ProblemType: Package DistroRelease: Ubuntu 22.10 Package: openssh-server 1:9.0p1-1ubuntu7 ProcVersionSignature: Ubuntu 5.15.0-48.54-generic 5.15.53 Uname: Linux 5.15.0-48-generic x86_64 NonfreeKernelModules: cpuid tcp_diag inet_diag tls authenc echainiv esp4 xfrm_user xfrm_algo sctp ip6_udp_tunnel udp_tunnel cfg80211 veth nft_chain_nat xt_REDIRECT nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_tcpudp nft_counter xt_policy nft_compat nf_tables nfnetlink bridge stp llc nls_iso8859_1 hid_generic joydev crct10dif_pclmul crc32_pclmul ghash_clmulni_intel usbhid virtio_net net_failover hid failover i2c_piix4 pata_acpi qemu_fw_cfg floppy sch_fq_codel ipmi_devintf ipmi_msghandler msr ramoops reed_solomon pstore_blk efi_pstore pstore_zone ip_tables x_tables autofs4 btrfs blake2b_generic zstd_compress dm_crypt raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx libcrc32c xor raid6_pq raid1 raid0 multipath linear bochs drm_vram_helper drm_ttm_helper ttm drm_kms_helper syscopyarea aesni_intel sysfillrect sysimgblt input_leds fb_sys_fops cec crypto_simd rc_core psmouse cryptd drm serio_raw virtio_scsi mac_hid ApportVersion: 2.23.1-0ubuntu3 Architecture: amd64 CasperMD5CheckResult: unknown Date: Wed Oct 19 08:41:28 2022 ErrorMessage: »installiertes post-installation-Skript des Paketes openssh-server«-Unterprozess gab den Fehlerwert 1 zurück InstallationDate: Installed on 2019-08-13 (1162 days ago) InstallationMedia: Ubuntu-Server 18.04.2 LTS "Bionic Beaver" - Release amd64 (20190210) Python3Details: /usr/bin/python3.10, Python 3.10.7, python3-minimal, 3.10.6-1 PythonDetails: N/A RebootRequiredPkgs: Error: path contained symlinks. RelatedPackageVersions: dpkg 1.21.9ubuntu1 apt 2.5.3 SourcePackage: openssh Title: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: »installiertes post-installation-Skript des Paketes openssh-server«-Unterprozess gab den Fehlerwert 1 zurück UpgradeStatus: Upgraded to kinetic on 2022-10-19 (0 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1993478/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1993478] Re: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1
Based on what you quote of the contents of your sshd_config, my expectation would be that we NOT migrate to socket activation on upgrade. ** Changed in: openssh (Ubuntu) Importance: Undecided => Critical ** Tags added: foundations-todo -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1993478 Title: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1 Status in openssh package in Ubuntu: Incomplete Bug description: update failed... ProblemType: Package DistroRelease: Ubuntu 22.10 Package: openssh-server 1:9.0p1-1ubuntu7 ProcVersionSignature: Ubuntu 5.15.0-48.54-generic 5.15.53 Uname: Linux 5.15.0-48-generic x86_64 NonfreeKernelModules: cpuid tcp_diag inet_diag tls authenc echainiv esp4 xfrm_user xfrm_algo sctp ip6_udp_tunnel udp_tunnel cfg80211 veth nft_chain_nat xt_REDIRECT nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_tcpudp nft_counter xt_policy nft_compat nf_tables nfnetlink bridge stp llc nls_iso8859_1 hid_generic joydev crct10dif_pclmul crc32_pclmul ghash_clmulni_intel usbhid virtio_net net_failover hid failover i2c_piix4 pata_acpi qemu_fw_cfg floppy sch_fq_codel ipmi_devintf ipmi_msghandler msr ramoops reed_solomon pstore_blk efi_pstore pstore_zone ip_tables x_tables autofs4 btrfs blake2b_generic zstd_compress dm_crypt raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx libcrc32c xor raid6_pq raid1 raid0 multipath linear bochs drm_vram_helper drm_ttm_helper ttm drm_kms_helper syscopyarea aesni_intel sysfillrect sysimgblt input_leds fb_sys_fops cec crypto_simd rc_core psmouse cryptd drm serio_raw virtio_scsi mac_hid ApportVersion: 2.23.1-0ubuntu3 Architecture: amd64 CasperMD5CheckResult: unknown Date: Wed Oct 19 08:41:28 2022 ErrorMessage: »installiertes post-installation-Skript des Paketes openssh-server«-Unterprozess gab den Fehlerwert 1 zurück InstallationDate: Installed on 2019-08-13 (1162 days ago) InstallationMedia: Ubuntu-Server 18.04.2 LTS "Bionic Beaver" - Release amd64 (20190210) Python3Details: /usr/bin/python3.10, Python 3.10.7, python3-minimal, 3.10.6-1 PythonDetails: N/A RebootRequiredPkgs: Error: path contained symlinks. RelatedPackageVersions: dpkg 1.21.9ubuntu1 apt 2.5.3 SourcePackage: openssh Title: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: »installiertes post-installation-Skript des Paketes openssh-server«-Unterprozess gab den Fehlerwert 1 zurück UpgradeStatus: Upgraded to kinetic on 2022-10-19 (0 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1993478/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1993478] Re: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1
> sshdconfig.txt actually does NOT contain a line with Port 22 (it is commented out) Why do you mention this? I don't see anything in the log file that mentions Port settings. Your dpkg log shows: > Failed to restart ssh.socket: Unit ssh.socket has a bad unit file setting. > See system logs and 'systemctl status ssh.socket' for details. > Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 145. > dpkg: Fehler beim Bearbeiten des Paketes openssh-server (--configure): > »installiertes post-installation-Skript des Paketes > openssh-server«-Unterprozess gab den > Fehlerwert 1 zurück Can you run this 'systemctl status ssh.socket' command and attach the output? For developer reference, the logs show this is an upgrade from the jammy version of openssh-server package to 1:9.0p1-1ubuntu7 in kinetic. ** Changed in: openssh (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1993478 Title: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1 Status in openssh package in Ubuntu: Incomplete Bug description: update failed... ProblemType: Package DistroRelease: Ubuntu 22.10 Package: openssh-server 1:9.0p1-1ubuntu7 ProcVersionSignature: Ubuntu 5.15.0-48.54-generic 5.15.53 Uname: Linux 5.15.0-48-generic x86_64 NonfreeKernelModules: cpuid tcp_diag inet_diag tls authenc echainiv esp4 xfrm_user xfrm_algo sctp ip6_udp_tunnel udp_tunnel cfg80211 veth nft_chain_nat xt_REDIRECT nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_tcpudp nft_counter xt_policy nft_compat nf_tables nfnetlink bridge stp llc nls_iso8859_1 hid_generic joydev crct10dif_pclmul crc32_pclmul ghash_clmulni_intel usbhid virtio_net net_failover hid failover i2c_piix4 pata_acpi qemu_fw_cfg floppy sch_fq_codel ipmi_devintf ipmi_msghandler msr ramoops reed_solomon pstore_blk efi_pstore pstore_zone ip_tables x_tables autofs4 btrfs blake2b_generic zstd_compress dm_crypt raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx libcrc32c xor raid6_pq raid1 raid0 multipath linear bochs drm_vram_helper drm_ttm_helper ttm drm_kms_helper syscopyarea aesni_intel sysfillrect sysimgblt input_leds fb_sys_fops cec crypto_simd rc_core psmouse cryptd drm serio_raw virtio_scsi mac_hid ApportVersion: 2.23.1-0ubuntu3 Architecture: amd64 CasperMD5CheckResult: unknown Date: Wed Oct 19 08:41:28 2022 ErrorMessage: »installiertes post-installation-Skript des Paketes openssh-server«-Unterprozess gab den Fehlerwert 1 zurück InstallationDate: Installed on 2019-08-13 (1162 days ago) InstallationMedia: Ubuntu-Server 18.04.2 LTS "Bionic Beaver" - Release amd64 (20190210) Python3Details: /usr/bin/python3.10, Python 3.10.7, python3-minimal, 3.10.6-1 PythonDetails: N/A RebootRequiredPkgs: Error: path contained symlinks. RelatedPackageVersions: dpkg 1.21.9ubuntu1 apt 2.5.3 SourcePackage: openssh Title: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: »installiertes post-installation-Skript des Paketes openssh-server«-Unterprozess gab den Fehlerwert 1 zurück UpgradeStatus: Upgraded to kinetic on 2022-10-19 (0 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1993478/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
