The verification of the Stable Release Update for pam has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pam in Ubuntu. https://bugs.launchpad.net/bugs/1855092 Title: [SRU] Please set MOTD_SHOWN=pam when MOTD was shown Status in pam package in Ubuntu: Fix Released Status in pam source package in Eoan: Fix Released Bug description: [Impact] * Users of containers may never see the MOTD of the container if they are always to the container's shell without PAM being involved. * MOTD contains important information about the system's health including the security updates to be installed thus it is desired to show MOTD in container shells, too. * The fix in update-motd is creating a snippet in /etc/profile.d which shows MOTD, but only if UPDATE_MOTD is not set, to avoid printing MOTD twice. [Test Case] * Log in to the system, where PAM prints the MOTD. * After seeing the MOTD observe MOTD_SHOWN set: $ echo $MOTD_SHOWN pam $ [Regression Potential] * The fix is simple thus it is unlikely to see any regression due to bad implementation. * The newly set environment variable may interact with existing software, but this variable seems to be not used: https://codesearch.debian.net/search?q=MOTD_SHOWN&literal=1 * With this change pam_motd module starts reporting errors and, most of the time, success. This is being refined at upstream to not report success, just PAM_IGNORE and errors: https://github.com/linux-pam/linux-pam/pull/157 . The behaviour change should not cause any issue on real-life systems since the return value of pam_motd is not used by default nor can we expect any configuration using it since it always returned PAM_IGNORE: $ grep -A1 -B5 pam_motd /etc/pam.d/login # Prints the message of the day upon successful login. # (Replaces the `MOTD_FILE' option in login.defs) # This includes a dynamically generated part from /run/motd.dynamic # and a static (admin-editable) part from /etc/motd. session optional pam_motd.so motd=/run/motd.dynamic session optional pam_motd.so noupdate However, I plan reverting the behaviour change in the follow-up upload (LP: #1856703) right after it is finalized at upstream. I propose releasing this change in the current form to Eoan, because it is needed by the update-motd SRU and the ubuntu-meta SRU that enables printing MOTD in the Eoan Ubuntu WSL instances. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1855092/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
