Package: base-files
Version: 9.8
Severity: normal

This is a super easy to fix, but hard to explain bug, so bear with me :)
This is also a jessie -> stretch regression and a limited change should
probably be merged now, rather than post-stretch.

The motd situation in jessie was quite broken[1] but in a typical Debian
fashion it has been largely fixed in stretch without much further
coordination :) In the current scheme of things:

- Both login and ssh now execute pam_motd twice: once with
  /run/motd.dynamic and once with the default file (/etc/motd) and
  noupdate:
    session    optional   pam_motd.so motd=/run/motd.dynamic
    session    optional   pam_motd.so noupdate

- For the first of those invocations (the one without noupdate),
  pam_motd run-parts /etc/update-motd.d and stores its output to
  /run/motd.dynamic, then it displays the contents of that file. This is
  a patch from Ubuntu that was previously merged in Debian and further
  adjusted during the stretch cycle (#743286).

  The second part of this invocation just displays /etc/motd, as shipped
  by base-files or modified by the local sysadmin.

- The login PAM change is new in stretch (since 1:4.4-3) and syncs with
  what Ubuntu has been doing. Debian previously had:
    session optional pam_exec.so type=open_session stdout /bin/uname -snrvm

  …but this now gone, and therefore so is the first line of the motd
  that displays the kernel version and hostname of the system that is
  being logged into. This is effectively a jessie -> stretch regression.

base-files needs to follow suit.

At minimum, it should be shipping an empty /etc/update-motd.d directory.
This is being run-part'ed by pam_motd and has been even documented for
years in the Debian wiki[2]. base-files is the logical place for the
base, default /etc/update-motd.d to be, as base-files currently ships
the /etc/motd license/warranty boilerplate. This is where Ubuntu ships
the base /etc/update-motd.d a well.

The second step would be to ship an /etc/update-motd.d/10uname file as
well, just with these contents:
      #!/bin/sh
      uname -snrvm
This would bring us back exactly where jessie was, fixing the immediate
regression. No other changes in the stack are needed to support this --
pam, login and ssh all support and expect this apparently.

Going further than that, the possibilities are endless. Ubuntu includes
a lot more functionality by default (LSB release, documentation links,
system information/news etc.). A look at Ubuntu's base-files' source
will give you an idea of how this is being used.

Thanks,
Faidon

1: https://lists.debian.org/debian-devel/2014/12/msg00368.html
2: https://wiki.debian.org/motd

Reply via email to