Re: Disable locale forwarding in OpenSSH

2021-09-10 Thread Yanko Kaneti 
On Thu, 2021-09-09 at 12:07 +0200, Florian Weimer wrote:
> There is a movement towards C.UTF-8 for small images (containers and
> VMs).  C.UTF-8 has both size and performance improvements over the more
> traditional en_US.UTF-8 locale.  (The performance improvement is
> currently in upstream glibc only, but we plan to bring it to rawhide and
> Fedora 35 shortly.)
> 
> However, in a world where glibc-langpack-en (or glibc-all-langpacks) is
> not installed on target systems, logging in over SSH does not result in
> a viable locale if the client use en_US.UTF-8 (or any other locale
> except C or C.UTF-8).  This causes a severe degradation in user
> experience.  It's not only that UTF-8 output does not work, there are
> also frequent warning messages from various tools.  Some may even refuse
> to run completely.
> 
> I tried to bring up this topic on the OpenSSH list to get some
> cross-distribution consensus, but the discussion didn't actually go
> anywhere:
> 
>   Phasing out forwarding of locale settings
>   
> 
> 
> I think Fedora should do this unilaterally, dropping the downstream
> additions that enable locale forwarding in both the default client and
> server configurations.  If we do that, the OpenSSH server will use the
> locale as configured with localectl for new interactive and
> non-interactive sessions, which is C.UTF-8 in many cases.  At least
> that's what my testing on Fedora 33 suggests.
> 
> Comments?

Wouldn't it be less disruptive to add only to the C.UTF-8-only
environments:

Match *
SetEnv LC_xxx=C.UTF-8 .. 


In a sshd_config_d snippet or something... ?

- Yanko
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Disable locale forwarding in OpenSSH

2021-09-09 Thread patrakov 
Florian Weimer wrote:
> I tried to bring up this topic on the OpenSSH list to get some
> cross-distribution consensus, but the discussion didn't actually go
> anywhere:
> 
>   Phasing out forwarding of locale settings
>   
>  
> I think Fedora should do this unilaterally, dropping the downstream
> additions that enable locale forwarding in both the default client and
> server configurations.  If we do that, the OpenSSH server will use the
> locale as configured with localectl for new interactive and
> non-interactive sessions, which is C.UTF-8 in many cases.  At least
> that's what my testing on Fedora 33 suggests.
> 
> Comments?

We have a big problem that nobody speaks about: MacOS.

The default and correct value of LC_CTYPE on MacOS is "UTF-8", but this is not 
a valid Linux locale string. And MacOS sends this by default - so, given the 
popularity of MacOS, the only sensible thing to do for Linux is not to accept 
locale-related environment variables. Or at least, filter out known bad values 
somewhere, but that would be a lot of fragile distribution-specific logic that 
I would rather not see.

See more details on this issue at 
https://lists.mindrot.org/pipermail/openssh-unix-dev/2021-September/039618.html
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Disable locale forwarding in OpenSSH

2021-09-09 Thread Florian Weimer 
* Iñaki Ucar:

> This would work... if the target system has a properly configured
> locale, which is not the case many times. E.g., [1] is still
> unresolved.
>
> [1] https://github.com/CentOS/sig-cloud-instance-images/issues/154

Right, this looks like an inconsistent /etc/locale.conf setting.  It
doesn't look related to locale forwarding.

Thanks,
Florian
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Disable locale forwarding in OpenSSH

2021-09-09 Thread Iñaki Ucar 
On Thu, 9 Sept 2021 at 12:17, Florian Weimer  wrote:
>
> There is a movement towards C.UTF-8 for small images (containers and
> VMs).  C.UTF-8 has both size and performance improvements over the more
> traditional en_US.UTF-8 locale.  (The performance improvement is
> currently in upstream glibc only, but we plan to bring it to rawhide and
> Fedora 35 shortly.)
>
> However, in a world where glibc-langpack-en (or glibc-all-langpacks) is
> not installed on target systems, logging in over SSH does not result in
> a viable locale if the client use en_US.UTF-8 (or any other locale
> except C or C.UTF-8).  This causes a severe degradation in user
> experience.  It's not only that UTF-8 output does not work, there are
> also frequent warning messages from various tools.  Some may even refuse
> to run completely.
>
> I tried to bring up this topic on the OpenSSH list to get some
> cross-distribution consensus, but the discussion didn't actually go
> anywhere:
>
>   Phasing out forwarding of locale settings
>   
> 
>
> I think Fedora should do this unilaterally, dropping the downstream
> additions that enable locale forwarding in both the default client and
> server configurations.  If we do that, the OpenSSH server will use the
> locale as configured with localectl for new interactive and
> non-interactive sessions, which is C.UTF-8 in many cases.  At least
> that's what my testing on Fedora 33 suggests.
>
> Comments?

This would work... if the target system has a properly configured
locale, which is not the case many times. E.g., [1] is still
unresolved.

[1] https://github.com/CentOS/sig-cloud-instance-images/issues/154

-- 
Iñaki Úcar
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Disable locale forwarding in OpenSSH

2021-09-09 Thread Florian Weimer 
There is a movement towards C.UTF-8 for small images (containers and
VMs).  C.UTF-8 has both size and performance improvements over the more
traditional en_US.UTF-8 locale.  (The performance improvement is
currently in upstream glibc only, but we plan to bring it to rawhide and
Fedora 35 shortly.)

However, in a world where glibc-langpack-en (or glibc-all-langpacks) is
not installed on target systems, logging in over SSH does not result in
a viable locale if the client use en_US.UTF-8 (or any other locale
except C or C.UTF-8).  This causes a severe degradation in user
experience.  It's not only that UTF-8 output does not work, there are
also frequent warning messages from various tools.  Some may even refuse
to run completely.

I tried to bring up this topic on the OpenSSH list to get some
cross-distribution consensus, but the discussion didn't actually go
anywhere:

  Phasing out forwarding of locale settings
  


I think Fedora should do this unilaterally, dropping the downstream
additions that enable locale forwarding in both the default client and
server configurations.  If we do that, the OpenSSH server will use the
locale as configured with localectl for new interactive and
non-interactive sessions, which is C.UTF-8 in many cases.  At least
that's what my testing on Fedora 33 suggests.

Comments?

Thanks,
Florian
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure