* Fri Sep 10 2021 Miroslav Rezanina <mrezanin@redhat.com> - 21.1-9

- ci-ssh_utils.py-ignore-when-sshd_config-options-are-not.patch [bz#2002302]
- Resolves: bz#2002302
  (cloud-init fails with ValueError: need more than 1 value to unpack[rhel-9])
This commit is contained in:
Miroslav Rezanina 2021-09-10 02:16:06 -04:00
parent 2dd4fe8b30
commit 16ef4c53ca
2 changed files with 94 additions and 1 deletions

View File

@ -0,0 +1,86 @@
From ce346f6057377c7bb9b89703fb8855ccf4947a61 Mon Sep 17 00:00:00 2001
From: Emanuele Giuseppe Esposito <eesposit@redhat.com>
Date: Wed, 8 Sep 2021 16:08:12 +0200
Subject: [PATCH] ssh_utils.py: ignore when sshd_config options are not
key/value pairs
RH-Author: Emanuele Giuseppe Esposito <eesposit@redhat.com>
RH-MergeRequest: 10: ssh_utils.py: ignore when sshd_config options are not key/value pairs
RH-Commit: [1/1] 546081571e8b6b1415aae1a04660137070532fae (eesposit/cloud-init-centos-)
RH-Bugzilla: 2002302
RH-Acked-by: Eduardo Otubo <otubo@redhat.com>
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
RH-Acked-by: Mohamed Gamal Morsy <mmorsy@redhat.com>
TESTED: by me
BREW: 39622506
commit 2ce857248162957a785af61c135ca8433fdbbcde
Author: Emanuele Giuseppe Esposito <eesposit@redhat.com>
Date: Wed Sep 8 02:08:36 2021 +0200
ssh_utils.py: ignore when sshd_config options are not key/value pairs (#1007)
As specified in #LP 1845552,
In cloudinit/ssh_util.py, in parse_ssh_config_lines(), we attempt to
parse each line of sshd_config. This function expects each line to
be one of the following forms:
\# comment
key value
key=value
However, options like DenyGroups and DenyUsers are specified to
*optionally* accepts values in sshd_config.
Cloud-init should comply to this and skip the option if a value
is not provided.
Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
---
cloudinit/ssh_util.py | 8 +++++++-
tests/unittests/test_sshutil.py | 8 ++++++++
2 files changed, 15 insertions(+), 1 deletion(-)
diff --git a/cloudinit/ssh_util.py b/cloudinit/ssh_util.py
index 9ccadf09..33679dcc 100644
--- a/cloudinit/ssh_util.py
+++ b/cloudinit/ssh_util.py
@@ -484,7 +484,13 @@ def parse_ssh_config_lines(lines):
try:
key, val = line.split(None, 1)
except ValueError:
- key, val = line.split('=', 1)
+ try:
+ key, val = line.split('=', 1)
+ except ValueError:
+ LOG.debug(
+ "sshd_config: option \"%s\" has no key/value pair,"
+ " skipping it", line)
+ continue
ret.append(SshdConfigLine(line, key, val))
return ret
diff --git a/tests/unittests/test_sshutil.py b/tests/unittests/test_sshutil.py
index a66788bf..08e20050 100644
--- a/tests/unittests/test_sshutil.py
+++ b/tests/unittests/test_sshutil.py
@@ -525,6 +525,14 @@ class TestUpdateSshConfigLines(test_helpers.CiTestCase):
self.assertEqual([self.pwauth], result)
self.check_line(lines[-1], self.pwauth, "no")
+ def test_option_without_value(self):
+ """Implementation only accepts key-value pairs."""
+ extended_exlines = self.exlines.copy()
+ denyusers_opt = "DenyUsers"
+ extended_exlines.append(denyusers_opt)
+ lines = ssh_util.parse_ssh_config_lines(list(extended_exlines))
+ self.assertNotIn(denyusers_opt, str(lines))
+
def test_single_option_updated(self):
"""A single update should have change made and line updated."""
opt, val = ("UsePAM", "no")
--
2.27.0

View File

@ -1,6 +1,6 @@
Name: cloud-init Name: cloud-init
Version: 21.1 Version: 21.1
Release: 8%{?dist} Release: 9%{?dist}
Summary: Cloud instance init scripts Summary: Cloud instance init scripts
License: ASL 2.0 or GPLv3 License: ASL 2.0 or GPLv3
URL: http://launchpad.net/cloud-init URL: http://launchpad.net/cloud-init
@ -22,6 +22,8 @@ Patch7: ci-ssh-util-allow-cloudinit-to-merge-all-ssh-keys-into-.patch
Patch8: ci-Stop-copying-ssh-system-keys-and-check-folder-permis.patch Patch8: ci-Stop-copying-ssh-system-keys-and-check-folder-permis.patch
# For bz#1995843 - [cloudinit] Fix home permissions modified by ssh module # For bz#1995843 - [cloudinit] Fix home permissions modified by ssh module
Patch9: ci-Fix-home-permissions-modified-by-ssh-module-SC-338-9.patch Patch9: ci-Fix-home-permissions-modified-by-ssh-module-SC-338-9.patch
# For bz#2002302 - cloud-init fails with ValueError: need more than 1 value to unpack[rhel-9]
Patch10: ci-ssh_utils.py-ignore-when-sshd_config-options-are-not.patch
# Source-git patches # Source-git patches
@ -219,6 +221,11 @@ fi
%config(noreplace) %{_sysconfdir}/rsyslog.d/21-cloudinit.conf %config(noreplace) %{_sysconfdir}/rsyslog.d/21-cloudinit.conf
%changelog %changelog
* Fri Sep 10 2021 Miroslav Rezanina <mrezanin@redhat.com> - 21.1-9
- ci-ssh_utils.py-ignore-when-sshd_config-options-are-not.patch [bz#2002302]
- Resolves: bz#2002302
(cloud-init fails with ValueError: need more than 1 value to unpack[rhel-9])
* Fri Sep 03 2021 Miroslav Rezanina <mrezanin@redhat.com> - 21.1-8 * Fri Sep 03 2021 Miroslav Rezanina <mrezanin@redhat.com> - 21.1-8
- ci-Fix-home-permissions-modified-by-ssh-module-SC-338-9.patch [bz#1995843] - ci-Fix-home-permissions-modified-by-ssh-module-SC-338-9.patch [bz#1995843]
- Resolves: bz#1995843 - Resolves: bz#1995843