[Bug 1904741] Please test proposed package

Ɓukasz Zemczak 1904741 at bugs.launchpad.net
Thu Nov 19 10:26:07 UTC 2020 

Hello Balint, or anyone else affected,

Accepted ec2-instance-connect into groovy-proposed. The package will
build now and be available at https://launchpad.net/ubuntu/+source/ec2
-instance-connect/1.1.12+dfsg1-0ubuntu3.20.10.0 in a few hours, and then
in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.  Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, what testing has been
performed on the package and change the tag from verification-needed-
groovy to verification-done-groovy. If it does not fix the bug for you,
please add a comment stating that, and change the tag to verification-
failed-groovy. In either case, without details of your testing we will
not be able to proceed.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance for helping!

N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.

** Changed in: ec2-instance-connect (Ubuntu Focal)
       Status: New => Fix Committed

** Tags added: verification-needed-focal

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to ec2-instance-connect in Ubuntu.
https://bugs.launchpad.net/bugs/1904741

Title:
  Verify that domain returned from IMDS is an AWS domain

Status in ec2-instance-connect package in Ubuntu:
  Fix Released
Status in ec2-instance-connect source package in Xenial:
  Fix Committed
Status in ec2-instance-connect source package in Bionic:
  Fix Committed
Status in ec2-instance-connect source package in Focal:
  Fix Committed
Status in ec2-instance-connect source package in Groovy:
  Fix Committed

Bug description:
  [Impact]

  The domain returned from IMDS is not verified if it was and AWS
  domain.

  [Test Cases]

  0) Deploy an Amazon AWS instance with Instance Connect feature enabled
  1) Connect to the instance using Instance Connect, for example by pressing the "Connect" button on the web UI.
  2. Within a few ten seconds of connecting run (assuming using the ubuntu username):

   bash -x /usr/share/ec2-instance-connect/eic_curl_authorized_keys
  ubuntu

  3) The debug output should show successful validation:
  ...
  ++ /usr/bin/curl -s -f -m 1 -H 'X-aws-ec2-metadata-token: ...XXX...==' http://169.254.169.254/latest/meta-data/services/domain/
  + domain=amazonaws.com
  + domain_exit=0
  + '[' 0 -ne 0 ']'
  + is_domain_valid=1
  + for valid_domain in amazonaws.com amazonaws.com.cn c2s.ic.gov sc2s.sgov.gov
  + '[' amazonaws.com = amazonaws.com ']'
  + is_domain_valid=0
  + break
  + '[' 0 -eq 1 ']'
  ++ /usr/bin/printf managed-ssh-signer.%s.%s us-east-2 amazonaws.com
  ...

  [Regression Potential]

  The validation code can fail preventing connection to the VM. Considering that this is a very small amount of code an looks OK this is unlikely.
  The validation could also falsely pass, but that would not be a regression since the validation was not there before.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ec2-instance-connect/+bug/1904741/+subscriptions

More information about the foundations-bugs mailing list