[Bug 1861472] Re: upgrade from fresh bionic to focal needlessly prompts user

2020-07-27 Thread Christian Ehrhardt  
Fixed in 1:8.2p1-1 and
 openssh | 1:8.2p1-4   | focal| source
 openssh | 1:8.2p1-4ubuntu0.1  | focal-updates| source
 openssh | 1:8.3p1-1   | groovy   | source

So this should be fix released, btu wasn't updated.

** Changed in: openssh (Ubuntu)
   Status: Fix Committed => Fix Released

** Changed in: openssh (Ubuntu Focal)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861472

Title:
  upgrade from fresh bionic to focal needlessly prompts user

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1861472/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1861472] Re: upgrade from fresh bionic to focal needlessly prompts user

2020-05-24 Thread T Jeske 
Another problem is that while showing this prompt, you can't log in via
SSH. If you leave your upgrade unattended and lose the connection to
your server, you won't be able to log in via SSH again to
complete/continue the upgrade.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861472

Title:
  upgrade from fresh bionic to focal needlessly prompts user

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1861472/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1861472] Re: upgrade from fresh bionic to focal needlessly prompts user

2020-02-27 Thread Steve Langasek 
** Also affects: openssh (Ubuntu Focal)
   Importance: High
 Assignee: Colin Watson (cjwatson)
   Status: Fix Committed

** Tags removed: rls-ff-incoming

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861472

Title:
  upgrade from fresh bionic to focal needlessly prompts user

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1861472/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1861472] Re: upgrade from fresh bionic to focal needlessly prompts user

2020-02-24 Thread Colin Watson 
** Changed in: openssh (Ubuntu)
   Status: Triaged => Fix Committed

** Changed in: openssh (Ubuntu)
 Assignee: (unassigned) => Colin Watson (cjwatson)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861472

Title:
  upgrade from fresh bionic to focal needlessly prompts user

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1861472/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1861472] Re: upgrade from fresh bionic to focal needlessly prompts user

2020-02-24 Thread Bug Watch Updater 
** Changed in: openssh (Debian)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861472

Title:
  upgrade from fresh bionic to focal needlessly prompts user

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1861472/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1861472] Re: upgrade from fresh bionic to focal needlessly prompts user

2020-02-16 Thread Christian Ehrhardt  
** Merge proposal linked:
   
https://code.launchpad.net/~bryce/ubuntu/+source/openssh/+git/openssh/+merge/378685

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861472

Title:
  upgrade from fresh bionic to focal needlessly prompts user

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1861472/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1861472] Re: upgrade from fresh bionic to focal needlessly prompts user

2020-02-14 Thread Bug Watch Updater 
** Changed in: openssh (Debian)
   Status: New => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861472

Title:
  upgrade from fresh bionic to focal needlessly prompts user

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1861472/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1861472] Re: upgrade from fresh bionic to focal needlessly prompts user

2020-02-12 Thread Bug Watch Updater 
** Changed in: openssh (Debian)
   Status: Unknown => New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861472

Title:
  upgrade from fresh bionic to focal needlessly prompts user

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1861472/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1861472] Re: upgrade from fresh bionic to focal needlessly prompts user

2020-02-12 Thread Bryce Harrington 
** Bug watch added: Debian Bug tracker #951220
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951220

** Also affects: openssh (Debian) via
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951220
   Importance: Unknown
   Status: Unknown

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861472

Title:
  upgrade from fresh bionic to focal needlessly prompts user

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1861472/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1861472] Re: upgrade from fresh bionic to focal needlessly prompts user

2020-02-06 Thread Bryce Harrington 
So, the trivial fix is to simply append 203e9b92fe3623aeba277ee44297f7dd
to openssh-server.ucf-md5sum, as Marc had suggested above.

I can proceed with that as the fix.

---

But this suggests a few direct questions/thoughts:

0.  Does the installer use the openssh-server.ucf-md5sum from the new
package, or the previously installed one?  If the latter, then the
md5sum will need added via SRU.

1.  Where in the process did the md5sum get out of sync?  I'm not
spotting conf changes from the CVE patches by our security team, so
looks like this got to us via debian?

2.  Our merge review processes need to account for conf file changes
with ucf packages.  Although, in this case openssh presumably got sync'd
so Ubuntu-side process changes would not have caught it.

3.  There have been other reports of similar misbehavior with wrongly
detected conf file changes (Robie's LP #1747464 mentioned above may be
one, there's likely others).  Is ucf also being used in these cases, and
are those problems likewise caused by missing md5sums in their packages?

4.  Is this failure mode something that can be caught in autopkgtests?
If so, then per-package checks seem warranted to prevent this in the
future.

5.  Even better than #3 would be a distro-wide CI check for all packages
using ucf, to ensure all distro-default installed conf files (from all
pockets) have their conf file md5sums registered.


In addition, some broader scoped / philosophical / "dumb" questions:

1.  Are md5sums the best way to identify config file changes?  E.g. if
the change is just a timestamp and commented out line (such as in this
case) that shouldn't count as a "change".  What about like filtering out
commented lines, and checksumming that?

2.  Why are commented out lines included in distro-provided conf files?
Is it just for documentation, in which case those would be better kept
elsewhere and just referenced?  (Yes, this is more a debian/upstream
policy question which we probably don't have say on...)

3.  Is upgrade the right time to be prompting users about config file
changes, even if they have legitimate local config changes?  With cloud
instances, unattended-upgrades, etc. it's not so safe to assume a human
is babysitting the dist-upgrade, and breakages during dist-upgrades can
be pretty catastrophic for users.  It's also a frequently seen pattern
in our own bug triaging workloads.  Are there any other ways to solve
this need?

(Yes, much of the above is better fodder for blogs, and no need to
discuss it in depth here...)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861472

Title:
  upgrade from fresh bionic to focal needlessly prompts user

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1861472/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1861472] Re: upgrade from fresh bionic to focal needlessly prompts user

2020-02-06 Thread Bryce Harrington 
Marc's comment #3 seems plausible:

stirling:~/ubuntu/Openssh$  lxc exec u18 -- bash
root@u18:~# md5sum /etc/ssh/sshd_config 
203e9b92fe3623aeba277ee44297f7dd  /etc/ssh/sshd_config
root@u18:~# grep -c 203e9b92fe3623aeba277ee44297f7dd 
/usr/share/openssh/sshd_config.md5sum
0
root@u18:~# 

Looking at sshd_config on a fresh installed 18.04 lxc and a fresh 20.04,
the sshd_config files do indeed differ by exactly the diff shown during
upgrade (and provided in comment #2).

The md5sum checking was introduced in Debian on Dec 2016 with openssh
(1:7.4p1-1)

  * Start handling /etc/ssh/sshd_config using ucf.  The immediate motivation
for this is to deal with deprecations of options related to protocol 1,
but something like this has been needed for a long time (closes:
#419574, #848089):
- sshd_config is now a slightly-patched version of upstream's, and only
  contains non-default settings (closes: #147201).
- I've included as many historical md5sums of default versions of
  sshd_config as I could reconstruct from version control, but I'm sure
  I've missed some.
- Explicitly synchronise the debconf database with the current
  configuration file state in openssh-server.config, to ensure that the
  PermitRootLogin setting is properly preserved.
- UsePrivilegeSeparation now defaults to the stronger "sandbox" rather
  than "yes", per upstream.

It's implemented in openssh-server.postinst:

...
... sed statements to customize $new_config from upstream for debian
...
mkdir -p /etc/ssh
ucf --three-way --debconf-ok \
--sum-file /usr/share/openssh/sshd_config.md5sum \
"$new_config" /etc/ssh/sshd_config
ucfr openssh-server /etc/ssh/sshd_config

AFAICT the /usr/share/openssh/sshd_config.md5sum is identical on freshly
lxc'd 18.04 and 20.04.

Running the ucf command on a focal lxc container with the 18.04 and
20.04 sshd_config files captured from fresh lxc installs reproduces the
same debconf prompt about the changed config, and then issues this
output:

stirling:~/ubuntu/Openssh/fix-apt-misprompt$ sudo ucf --no-action --three-way 
--debconf-ok --sum-file /usr/share/openssh/sshd_config.md5sum 
./sshd_config.20.04 ./sshd_config.18.04 
[sudo] password for bryce: 
Replacing config file 
/home/bryce/ubuntu/Openssh/fix-apt-misprompt/sshd_config.18.04 with new version
cp -pf /home/bryce/ubuntu/Openssh/fix-apt-misprompt/sshd_config.18.04 
/home/bryce/ubuntu/Openssh/fix-apt-misprompt/sshd_config.18.04.ucf-old
cp -pf /home/bryce/ubuntu/Openssh/fix-apt-misprompt/sshd_config.20.04 
/home/bryce/ubuntu/Openssh/fix-apt-misprompt/sshd_config.18.04
cp -pf /var/lib/ucf/hashfile.6 /var/lib/ucf/hashfile.7
cp -pf /var/lib/ucf/hashfile.5 /var/lib/ucf/hashfile.6
cp -pf /var/lib/ucf/hashfile.4 /var/lib/ucf/hashfile.5
cp -pf /var/lib/ucf/hashfile.3 /var/lib/ucf/hashfile.4
cp -pf /var/lib/ucf/hashfile.2 /var/lib/ucf/hashfile.3
cp -pf /var/lib/ucf/hashfile.1 /var/lib/ucf/hashfile.2
cp -pf /var/lib/ucf/hashfile.0 /var/lib/ucf/hashfile.1
cp -pf /var/lib/ucf/hashfile /var/lib/ucf/hashfile.0
(egrep -v 
"[[:space:]]\/home\/bryce\/ubuntu\/Openssh\/fix\-apt\-misprompt\/sshd_config\.18\.04$"
 "/var/lib/ucf/hashfile"
 md5sum "/home/bryce/ubuntu/Openssh/fix-apt-misprompt/sshd_config.20.04" | sed 
"s|/home/bryce/ubuntu/Openssh/fix-apt-misprompt/sshd_config.20.04|/home/bryce/ubuntu/Openssh/fix-apt-misprompt/sshd_config.18.04|";
 
) | sort > "/var/lib/ucf/hashfile"
cp -pf /home/bryce/ubuntu/Openssh/fix-apt-misprompt/sshd_config.20.04 
/var/lib/ucf/cache/:home:bryce:ubuntu:Openssh:fix-apt-misprompt:sshd_config.18.04


If I append the bionic sshd_config md5sum to the list and then check against 
that, no prompt is displayed, with the following output:

$ (cat /usr/share/openssh/sshd_config.md5sum; sudo md5sum sshd_config.18.04  | 
cut -d' ' -f1) > /tmp/sshd_config.md5sum
$ sudo ucf --no-action --three-way --debconf-ok --sum-file 
/tmp/sshd_config.md5sum ./sshd_config.20.04 ./sshd_config.18.04 
cp -pf /home/bryce/ubuntu/Openssh/fix-apt-misprompt/sshd_config.20.04 
/home/bryce/ubuntu/Openssh/fix-apt-misprompt/sshd_config.18.04
cp -pf /var/lib/ucf/hashfile.6 /var/lib/ucf/hashfile.7
cp -pf /var/lib/ucf/hashfile.5 /var/lib/ucf/hashfile.6
cp -pf /var/lib/ucf/hashfile.4 /var/lib/ucf/hashfile.5
cp -pf /var/lib/ucf/hashfile.3 /var/lib/ucf/hashfile.4
cp -pf /var/lib/ucf/hashfile.2 /var/lib/ucf/hashfile.3
cp -pf /var/lib/ucf/hashfile.1 /var/lib/ucf/hashfile.2
cp -pf /var/lib/ucf/hashfile.0 /var/lib/ucf/hashfile.1
cp -pf /var/lib/ucf/hashfile /var/lib/ucf/hashfile.0
(egrep -v 
"[[:space:]]\/home\/bryce\/ubuntu\/Openssh\/fix\-apt\-misprompt\/sshd_config\.18\.04$"
 "/var/lib/ucf/hashfile"
 md5sum "/home/bryce/ubuntu/Openssh/fix-apt-misprompt/sshd_config.20.04" | sed 
"s|/home/bryce/ubuntu/Openssh/fix-apt-misprompt/sshd_config.20.04|/home/bryce/ubuntu/Openssh/fix-apt-misprompt/sshd_config.18.04|";
 
) | sort > "/var/lib/ucf/hashfile"
cp -pf

[Bug 1861472] Re: upgrade from fresh bionic to focal needlessly prompts user

2020-02-06 Thread Robie Basak 
Is this related to bug 1747464 perhaps?

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861472

Title:
  upgrade from fresh bionic to focal needlessly prompts user

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1861472/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1861472] Re: upgrade from fresh bionic to focal needlessly prompts user

2020-02-05 Thread Bryce Harrington 
I'm able to easily reproduce this in lxc using the steps provided.

** Changed in: openssh (Ubuntu)
   Importance: Undecided => High

** Changed in: openssh (Ubuntu)
   Status: New => Triaged

** Tags added: server-next

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861472

Title:
  upgrade from fresh bionic to focal needlessly prompts user

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1861472/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1861472] Re: upgrade from fresh bionic to focal needlessly prompts user

2020-01-31 Thread Marc Deslauriers 
Perhaps the hash is missing in debian/openssh-server.ucf-md5sum?

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861472

Title:
  upgrade from fresh bionic to focal needlessly prompts user

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1861472/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1861472] Re: upgrade from fresh bionic to focal needlessly prompts user

2020-01-31 Thread Sebastien Bacher 
** Tags added: rls-ff-incoming

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861472

Title:
  upgrade from fresh bionic to focal needlessly prompts user

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1861472/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1861472] Re: upgrade from fresh bionic to focal needlessly prompts user

2020-01-30 Thread Seth Arnold 
** Patch added: "The proposed changes"
   
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1861472/+attachment/5324364/+files/sshd_config.diff

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861472

Title:
  upgrade from fresh bionic to focal needlessly prompts user

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1861472/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs