From 16ef4c53ca41807ee191219987108268a5b8fb2a Mon Sep 17 00:00:00 2001 From: Miroslav Rezanina Date: Fri, 10 Sep 2021 02:16:06 -0400 Subject: [PATCH] * Fri Sep 10 2021 Miroslav Rezanina - 21.1-9 - ci-ssh_utils.py-ignore-when-sshd_config-options-are-not.patch [bz#2002302] - Resolves: bz#2002302 (cloud-init fails with ValueError: need more than 1 value to unpack[rhel-9]) --- ...ore-when-sshd_config-options-are-not.patch | 86 +++++++++++++++++++ cloud-init.spec | 9 +- 2 files changed, 94 insertions(+), 1 deletion(-) create mode 100644 ci-ssh_utils.py-ignore-when-sshd_config-options-are-not.patch diff --git a/ci-ssh_utils.py-ignore-when-sshd_config-options-are-not.patch b/ci-ssh_utils.py-ignore-when-sshd_config-options-are-not.patch new file mode 100644 index 0000000..1fe2bc1 --- /dev/null +++ b/ci-ssh_utils.py-ignore-when-sshd_config-options-are-not.patch @@ -0,0 +1,86 @@ +From ce346f6057377c7bb9b89703fb8855ccf4947a61 Mon Sep 17 00:00:00 2001 +From: Emanuele Giuseppe Esposito +Date: Wed, 8 Sep 2021 16:08:12 +0200 +Subject: [PATCH] ssh_utils.py: ignore when sshd_config options are not + key/value pairs + +RH-Author: Emanuele Giuseppe Esposito +RH-MergeRequest: 10: ssh_utils.py: ignore when sshd_config options are not key/value pairs +RH-Commit: [1/1] 546081571e8b6b1415aae1a04660137070532fae (eesposit/cloud-init-centos-) +RH-Bugzilla: 2002302 +RH-Acked-by: Eduardo Otubo +RH-Acked-by: Vitaly Kuznetsov +RH-Acked-by: Mohamed Gamal Morsy + +TESTED: by me +BREW: 39622506 + +commit 2ce857248162957a785af61c135ca8433fdbbcde +Author: Emanuele Giuseppe Esposito +Date: Wed Sep 8 02:08:36 2021 +0200 + + ssh_utils.py: ignore when sshd_config options are not key/value pairs (#1007) + + As specified in #LP 1845552, + In cloudinit/ssh_util.py, in parse_ssh_config_lines(), we attempt to + parse each line of sshd_config. This function expects each line to + be one of the following forms: + + \# comment + key value + key=value + + However, options like DenyGroups and DenyUsers are specified to + *optionally* accepts values in sshd_config. + Cloud-init should comply to this and skip the option if a value + is not provided. + + Signed-off-by: Emanuele Giuseppe Esposito + +Signed-off-by: Emanuele Giuseppe Esposito +--- + cloudinit/ssh_util.py | 8 +++++++- + tests/unittests/test_sshutil.py | 8 ++++++++ + 2 files changed, 15 insertions(+), 1 deletion(-) + +diff --git a/cloudinit/ssh_util.py b/cloudinit/ssh_util.py +index 9ccadf09..33679dcc 100644 +--- a/cloudinit/ssh_util.py ++++ b/cloudinit/ssh_util.py +@@ -484,7 +484,13 @@ def parse_ssh_config_lines(lines): + try: + key, val = line.split(None, 1) + except ValueError: +- key, val = line.split('=', 1) ++ try: ++ key, val = line.split('=', 1) ++ except ValueError: ++ LOG.debug( ++ "sshd_config: option \"%s\" has no key/value pair," ++ " skipping it", line) ++ continue + ret.append(SshdConfigLine(line, key, val)) + return ret + +diff --git a/tests/unittests/test_sshutil.py b/tests/unittests/test_sshutil.py +index a66788bf..08e20050 100644 +--- a/tests/unittests/test_sshutil.py ++++ b/tests/unittests/test_sshutil.py +@@ -525,6 +525,14 @@ class TestUpdateSshConfigLines(test_helpers.CiTestCase): + self.assertEqual([self.pwauth], result) + self.check_line(lines[-1], self.pwauth, "no") + ++ def test_option_without_value(self): ++ """Implementation only accepts key-value pairs.""" ++ extended_exlines = self.exlines.copy() ++ denyusers_opt = "DenyUsers" ++ extended_exlines.append(denyusers_opt) ++ lines = ssh_util.parse_ssh_config_lines(list(extended_exlines)) ++ self.assertNotIn(denyusers_opt, str(lines)) ++ + def test_single_option_updated(self): + """A single update should have change made and line updated.""" + opt, val = ("UsePAM", "no") +-- +2.27.0 + diff --git a/cloud-init.spec b/cloud-init.spec index bea3513..b1ff965 100644 --- a/cloud-init.spec +++ b/cloud-init.spec @@ -1,6 +1,6 @@ Name: cloud-init Version: 21.1 -Release: 8%{?dist} +Release: 9%{?dist} Summary: Cloud instance init scripts License: ASL 2.0 or GPLv3 URL: http://launchpad.net/cloud-init @@ -22,6 +22,8 @@ Patch7: ci-ssh-util-allow-cloudinit-to-merge-all-ssh-keys-into-.patch Patch8: ci-Stop-copying-ssh-system-keys-and-check-folder-permis.patch # For bz#1995843 - [cloudinit] Fix home permissions modified by ssh module Patch9: ci-Fix-home-permissions-modified-by-ssh-module-SC-338-9.patch +# For bz#2002302 - cloud-init fails with ValueError: need more than 1 value to unpack[rhel-9] +Patch10: ci-ssh_utils.py-ignore-when-sshd_config-options-are-not.patch # Source-git patches @@ -219,6 +221,11 @@ fi %config(noreplace) %{_sysconfdir}/rsyslog.d/21-cloudinit.conf %changelog +* Fri Sep 10 2021 Miroslav Rezanina - 21.1-9 +- ci-ssh_utils.py-ignore-when-sshd_config-options-are-not.patch [bz#2002302] +- Resolves: bz#2002302 + (cloud-init fails with ValueError: need more than 1 value to unpack[rhel-9]) + * Fri Sep 03 2021 Miroslav Rezanina - 21.1-8 - ci-Fix-home-permissions-modified-by-ssh-module-SC-338-9.patch [bz#1995843] - Resolves: bz#1995843