--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: openssh-server: Please support dynamic motd (initscripts change)
- From: Roger Leigh <rleigh@debian.org>
- Date: Sat, 21 Apr 2012 10:06:34 +0100
- Message-id: <20120421090634.16883.42963.reportbug@ravenclaw.codelibre.net>
Package: openssh-server
Version: 1:5.9p1-5
Severity: normal
Tags: patch
Separation of static and dynamic motd components
================================================
Currently initscripts generates the motd, and stores it in
/var/run/motd. /etc/motd is a symlink to this file, and
/etc/motd.tail contains the static user-editable part. This is not
ideal for a number of reasons, including /etc/motd not being a file as
documented, and not behaving like a conffile, and being generally
complex and confusing. It also unnecessarily wastes space on /run.
In a future upload of initscripts, this will be simplified:
- /etc/motd will contain the user-editable part, and will be a regular
file; /etc/motd.tail will be migrated here.
- The dynamic part (uname -a) will be stored in /run/motd.dynamic;
this will be generated at boot like we do now. There is scope for
supporting other dynamically generated info in the future, should
there ever be any demand for that, but for now we are simply going
to retain the existing behaviour. Users can extend this should
they wish.
This does require two separate pam_motd lines in your pam service
file, one for the dynamic and one for the static parts (patch
attached). Enabling the use of /run/motd.dynamic before I create
it in initscripts is harmless, and it means we can seamlessly
switch over once you have made this change.
Thanks,
Roger
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (550, 'unstable'), (500, 'testing'), (400, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages openssh-server depends on:
ii adduser 3.113+nmu1
ii debconf [debconf-2.0] 1.5.42
ii dpkg 1.16.2
ii libc6 2.13-30
ii libcomerr2 1.42.2-2
ii libgssapi-krb5-2 1.10+dfsg~beta1-2
ii libkrb5-3 1.10+dfsg~beta1-2
ii libpam-modules 1.1.3-7
ii libpam-runtime 1.1.3-7
ii libpam0g 1.1.3-7
ii libselinux1 2.1.9-4
ii libssl1.0.0 1.0.1-4
ii libwrap0 7.6.q-23
ii lsb-base 4.1+Debian0
ii openssh-client 1:5.9p1-5
ii procps 1:3.3.2-3
ii zlib1g 1:1.2.6.dfsg-2
Versions of packages openssh-server recommends:
ii openssh-blacklist 0.4.1
ii openssh-blacklist-extra 0.4.1
ii xauth 1:1.0.6-1
Versions of packages openssh-server suggests:
pn molly-guard <none>
pn monkeysphere <none>
pn rssh <none>
pn ssh-askpass 1:1.2.4.1-9
pn ufw <none>
-- debconf information excluded
diff -urN openssh-5.9p1.original/debian/openssh-server.sshd.pam openssh-5.9p1/debian/openssh-server.sshd.pam
--- openssh-5.9p1.original/debian/openssh-server.sshd.pam 2010-08-23 23:07:51.000000000 +0100
+++ openssh-5.9p1/debian/openssh-server.sshd.pam 2012-04-21 09:48:09.441916691 +0100
@@ -24,6 +24,9 @@
@include common-session
# Print the message of the day upon successful login.
+# This includes a dynamically generated part from /run/motd.dynamic
+# and a static (admin-editable) part from /etc/motd.
+session optional pam_motd.so motd=/run/motd.dynamic
session optional pam_motd.so # [1]
# Print the status of the user's mailbox upon successful login.
--- End Message ---
--- Begin Message ---
Source: openssh
Source-Version: 1:6.0p1-1
We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive:
openssh-client-udeb_6.0p1-1_i386.udeb
to main/o/openssh/openssh-client-udeb_6.0p1-1_i386.udeb
openssh-client_6.0p1-1_i386.deb
to main/o/openssh/openssh-client_6.0p1-1_i386.deb
openssh-server-udeb_6.0p1-1_i386.udeb
to main/o/openssh/openssh-server-udeb_6.0p1-1_i386.udeb
openssh-server_6.0p1-1_i386.deb
to main/o/openssh/openssh-server_6.0p1-1_i386.deb
openssh_6.0p1-1.debian.tar.gz
to main/o/openssh/openssh_6.0p1-1.debian.tar.gz
openssh_6.0p1-1.dsc
to main/o/openssh/openssh_6.0p1-1.dsc
openssh_6.0p1.orig.tar.gz
to main/o/openssh/openssh_6.0p1.orig.tar.gz
ssh-askpass-gnome_6.0p1-1_i386.deb
to main/o/openssh/ssh-askpass-gnome_6.0p1-1_i386.deb
ssh-krb5_6.0p1-1_all.deb
to main/o/openssh/ssh-krb5_6.0p1-1_all.deb
ssh_6.0p1-1_all.deb
to main/o/openssh/ssh_6.0p1-1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 669699@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 26 May 2012 13:48:14 +0100
Source: openssh
Binary: openssh-client openssh-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source i386 all
Version: 1:6.0p1-1
Distribution: unstable
Urgency: low
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description:
openssh-client - secure shell (SSH) client, for secure access to remote machines
openssh-client-udeb - secure shell client for the Debian installer (udeb)
openssh-server - secure shell (SSH) server, for secure access from remote machines
openssh-server-udeb - secure shell server for the Debian installer (udeb)
ssh - secure shell client and server (metapackage)
ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
ssh-krb5 - secure shell client and server (transitional package)
Closes: 643312 650512 669667 669699 671010 671075
Changes:
openssh (1:6.0p1-1) unstable; urgency=low
.
[ Roger Leigh ]
* Display dynamic part of MOTD from /run/motd.dynamic, if it exists
(closes: #669699).
.
[ Colin Watson ]
* Update OpenSSH FAQ to revision 1.113, fixing missing line break (closes:
#669667).
* New upstream release (closes: #671010,
http://www.openssh.org/txt/release-6.0).
- Fix IPQoS not being set on non-mapped v4-in-v6 addressed connections
(closes: #643312, #650512, #671075).
- Add a new privilege separation sandbox implementation for Linux's new
seccomp sandbox, automatically enabled on platforms that support it.
(Note: privilege separation sandboxing is still experimental.)
* Fix a bashism in configure's seccomp_filter check.
* Add a sandbox fallback mechanism, so that behaviour on Linux depends on
whether the running system's kernel has seccomp_filter support, not the
build system's kernel (forwarded upstream as
https://bugzilla.mindrot.org/show_bug.cgi?id=2011).
Checksums-Sha1:
713f6ea84273a3d10aae59fe170f6e13f8222b11 2535 openssh_6.0p1-1.dsc
f691e53ef83417031a2854b8b1b661c9c08e4422 1126034 openssh_6.0p1.orig.tar.gz
0d7cfc8b2be51d79225e536bc55b17119dee7747 245085 openssh_6.0p1-1.debian.tar.gz
6b98e4210e9d32a0b0f8d6be8d328de802c9a7fa 1045028 openssh-client_6.0p1-1_i386.deb
8d06d2a8439c9bd4853cb7839d6279a72e2a0716 341484 openssh-server_6.0p1-1_i386.deb
49a0e4492a7da4add87fa1a39fac3f8e36d674c7 1246 ssh_6.0p1-1_all.deb
69aff554a4fa4a93f7131b208e937d71af4dad4e 88382 ssh-krb5_6.0p1-1_all.deb
f5739ffe6c550bd8730f561c03b5e274ee60aa77 96478 ssh-askpass-gnome_6.0p1-1_i386.deb
869cdcfc0e4cb0264be0a89937c79f3f3a338605 181002 openssh-client-udeb_6.0p1-1_i386.udeb
d11fdbedda23e7662896ee8cf5318e6c5d19bab3 193962 openssh-server-udeb_6.0p1-1_i386.udeb
Checksums-Sha256:
34421fd57463f72980eee7db2b2b4d3f5b5144856075a5a3a25c8d533e621850 2535 openssh_6.0p1-1.dsc
589d48e952d6c017e667873486b5df63222f9133d417d0002bd6429d9bd882de 1126034 openssh_6.0p1.orig.tar.gz
64979a504f2cc1c6a0f17ce04b74e11b73a4d204e81f6803b6630a7fd5955a5f 245085 openssh_6.0p1-1.debian.tar.gz
3cc6da79d3ac2102b49c268ed8114343a00e1386a7f102ed00825516446be2e5 1045028 openssh-client_6.0p1-1_i386.deb
49b2f7ce378d6e8a8001fa83a769b19e27ac29b49e9c33706d8fde7d597eabd4 341484 openssh-server_6.0p1-1_i386.deb
1e8642f3ffc24ee238a538b66820a59a6e8fbfe921f95b2a987c59e5f5979d54 1246 ssh_6.0p1-1_all.deb
ba50fdbf029c4fb418eaaa2297be7319bc9690593af25db048161546d96b74a8 88382 ssh-krb5_6.0p1-1_all.deb
b9daf62704f09f3dd855cd3426fd8f6473dad42ae3441e3e0c1f34762f686af4 96478 ssh-askpass-gnome_6.0p1-1_i386.deb
610ce905d03f24535833950b5f8712e8a79c0d347103ad02b39716742b470521 181002 openssh-client-udeb_6.0p1-1_i386.udeb
2e821d368477a26c56f7d6910147097b80be989c20aa42f2c3f45380f38f529c 193962 openssh-server-udeb_6.0p1-1_i386.udeb
Files:
c9363937ab3b7e81ed4a295c14924bb6 2535 net standard openssh_6.0p1-1.dsc
3c9347aa67862881c5da3f3b1c08da7b 1126034 net standard openssh_6.0p1.orig.tar.gz
da666358d83b7e57175e0a2b41163508 245085 net standard openssh_6.0p1-1.debian.tar.gz
a15232aa5ffd78ca120548b76bfbeac3 1045028 net standard openssh-client_6.0p1-1_i386.deb
1c5c1f1b7a8d8a5c85c5a580a673cb08 341484 net optional openssh-server_6.0p1-1_i386.deb
6bbf690dcefbc288ec71867622cf16c2 1246 net extra ssh_6.0p1-1_all.deb
4cd2b8d3f3bd27c3b33572f0ca6d9e70 88382 oldlibs extra ssh-krb5_6.0p1-1_all.deb
d46d11ef4a83561cdf630b235d41f20c 96478 gnome optional ssh-askpass-gnome_6.0p1-1_i386.deb
5e98e473c0bb456f40c79b0b4d240fe0 181002 debian-installer optional openssh-client-udeb_6.0p1-1_i386.udeb
7c8844e24a63ce2a66d42884a13da79d 193962 debian-installer optional openssh-server-udeb_6.0p1-1_i386.udeb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer
iQIVAwUBT8FfXTk1h9l9hlALAQjdaRAAlO5W2p2rXQJj4OW752b1Zhw5TB9X7wc5
xtKM92u+m1fAHf9oZnAMnsYr9o7lIsmxUEE2eb/aOmLViKH4etiqY02scGTQHsyV
flE3EQswPPnFzPOUMeCkhixFH/rDLTudNYY71KIR88EQGX5/7UU0BN3HwnHt3s/u
aPJrnXllBi6tC+K38UG8PZk/y6aXOmFJA4rQh/Oez28GiSpph+ti5LzJ5fYJMqKW
jymmGK4wyvCN/6gqFM+/R4eGemKUQGqagEP8LXXKIHCAcwJwJPl4BRpNtL390X1S
tIlo9qF7CM2zpZEcFWBoXHXFYgLcXoYasuhAuJ1OLgGx5KFtWxyNakkg994dGhSw
5GMNeZ4N9jd7MxCF6ytAODxsciWtLoAP7+8CUhIV3pL2qEQLll35SbjChBnQ8tT5
QLy1UW2+a+aBlzcWI4MeEylYEqmBYf8axVkG95yf+jR8llvaLYDzCHj2sOGiZA9T
ROPWDdaN640cNOvWLifn+YENmt3yUbY82xYPVS1Vekgx5Gv/poIu5Cj1i+wN0PRZ
/kypiLy+TYMqzQdWzpmxjIFtkWNwIw3WOPviYbwJeapP+haT9NJByoqBmmHh/mdY
IJ73I/kXpQD3f6yMu39ElawFoY5HKaNRZSJ+RWYQvIyG0ZqgoNagKQqOzpTqQhIN
wuvpAYfqLeQ=
=OyFo
-----END PGP SIGNATURE-----
--- End Message ---