[Bug 1860142] Re: Please update ec2-instance-connect to 1.1.12 release

Chris Halse Rogers raof at ubuntu.com
Tue Jan 21 15:18:11 UTC 2020 

Hello Balint, or anyone else affected,

Accepted ec2-instance-connect into xenial-proposed. The package will
build now and be available at https://launchpad.net/ubuntu/+source/ec2
-instance-connect/1.1.12+dfsg1-0ubuntu1~16.04.0 in a few hours, and then
in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.  Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested and change the tag from
verification-needed-xenial to verification-done-xenial. If it does not
fix the bug for you, please add a comment stating that, and change the
tag to verification-failed-xenial. In either case, without details of
your testing we will not be able to proceed.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance for helping!

N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.

** Changed in: ec2-instance-connect (Ubuntu Xenial)
       Status: New => Fix Committed

** Tags added: verification-needed-xenial

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to ec2-instance-connect in Ubuntu.
https://bugs.launchpad.net/bugs/1860142

Title:
  Please update ec2-instance-connect to 1.1.12 release

Status in ec2-instance-connect package in Ubuntu:
  Fix Released
Status in ec2-instance-connect source package in Xenial:
  Fix Committed
Status in ec2-instance-connect source package in Bionic:
  Fix Committed
Status in ec2-instance-connect source package in Disco:
  Won't Fix
Status in ec2-instance-connect source package in Eoan:
  Fix Committed

Bug description:
  [Impact]

  New upstream release of the package providing SSH access to instances;
  available to any AWS users. The most notable new feature is supporting
  Instance Metadata Service Version 2, but since the release included
  major rewrite which honored on Security Team's input the package is
  backported in full.

  [Test Cases]
  This is manually tested by Amazon:

  0) Deploy an Amazon AWS instance with Instance Connect feature enabled
  1) Install the previous version of the ec2-instance-connect package
  2) Verify that the sshd process has been restarted with the changed command-line, now including "AuthorizedKeysCommand*" options.
  3) Attempt to connect to the instance using a SSH key that is known by the Instance Connect service.
  4) Upgrade to the new version of the package
  5) Attempt to connect to the instance using a SSH key that is known by the Instance Connect service.
  6) Purge the ec2-instance-connect package
  7) Configure the instance to use IMDSv2
  8) Install the new ec2-instance-connect again and verify that is working again (steps 2 and 3)

  
  [Regression Potential]
  Limited to SSH access on instances where the package gets installed. This package will be installed by default for a new service called "Instance Connect" provided to AWS customers. In the case of an issue, things to watch out for would be for some keys to not be usable to connect to the instance when they are expected to be, as the list of authorized keys is collated by the service to include both the usual authorized_keys contents, as well as keys provided by the Instance Connect service.

  The package upgrade is covered in the test case.

  [Other Info]
  The source difference for the SRUs contain a lot of extra files because the source now contains almost the full upstream tarball, but the difference between the binary packages is still minimal and it maybe easier to reviewing that difference.

  Disco SRU is skipped because it goes EOL before the aging of the
  package would finish.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ec2-instance-connect/+bug/1860142/+subscriptions

More information about the foundations-bugs mailing list