Debian Bug report logs - #592550
Provide support for SSH-Key authentication (Supports Eucalyptus and Amazon EC2)

version graph

Package: network-console; Maintainer for network-console is Debian Install System Team <debian-boot@lists.debian.org>; Source for network-console is src:network-console.

Reported by: Kyle Moffett <Kyle.D.Moffett@boeing.com>

Date: Tue, 10 Aug 2010 20:51:02 UTC

Severity: wishlist

Tags: patch

Fixed in version network-console/1.31

Done: Christian Perrier <bubulle@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, kyle@moffetthome.net, Matthew.L.Robertson@boeing.com, Debian Install System Team <debian-boot@lists.debian.org>:
Bug#592550; Package network-console. (Tue, 10 Aug 2010 20:51:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Kyle Moffett <Kyle.D.Moffett@boeing.com>:
New Bug report received and forwarded. Copy sent to kyle@moffetthome.net, Matthew.L.Robertson@boeing.com, Debian Install System Team <debian-boot@lists.debian.org>. (Tue, 10 Aug 2010 20:51:05 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Kyle Moffett <Kyle.D.Moffett@boeing.com>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Provide support for SSH-Key authentication (Supports Eucalyptus and Amazon EC2)
Date: Tue, 10 Aug 2010 16:49:51 -0400
Package: network-console
Severity: wishlist

When performing partially-automated virtual-server installations (using
services such as Eucalyptus or Amazon EC2, for example), it's not really
practical or secure to use password-based authentication for the
installer.

Furthermore, such virtual server environments provide an automatic
method of provisioning public SSH keys during the installation process
via an HTTP URL.

The Ubuntu guys seem to have a patch for this that never got merged:
  https://bugs.launchpad.net/ubuntu/+source/network-console/+bug/184108

For example, access to the following URL from an Amazon EC2 instance
will retrieve the SSH public key assigned during instance creation.
With the Ubuntu patch above I can just directly preseed this URL:
  http://169.254.169.254/2010-06-15//meta-data/public-keys/0/openssh-key

Cheers,
Kyle Moffett




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Install System Team <debian-boot@lists.debian.org>:
Bug#592550; Package network-console. (Wed, 11 Aug 2010 06:03:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Petter Reinholdtsen <pere@hungry.com>:
Extra info received and forwarded to list. Copy sent to Debian Install System Team <debian-boot@lists.debian.org>. (Wed, 11 Aug 2010 06:03:03 GMT) Full text and rfc822 format available.

Message #10 received at 592550@bugs.debian.org (full text, mbox):

From: Petter Reinholdtsen <pere@hungry.com>
To: Kyle Moffett <Kyle.D.Moffett@boeing.com>
Cc: 592550@bugs.debian.org
Subject: Re: Bug#592550: Provide support for SSH-Key authentication (Supports Eucalyptus and Amazon EC2)
Date: Wed, 11 Aug 2010 08:00:32 +0200
[Kyle Moffett]
> Package: network-console
> Severity: wishlist
>
> When performing partially-automated virtual-server installations (using
> services such as Eucalyptus or Amazon EC2, for example), it's not really
> practical or secure to use password-based authentication for the
> installer.
>
> Furthermore, such virtual server environments provide an automatic
> method of provisioning public SSH keys during the installation process
> via an HTTP URL.

I believe you can get similar behaviour by preseeding t the
early_command to insert the ssh key into /root/.authorized_keys.  I
agree that this is less elegant than a native solution.

Happy hacking,
-- 
Petter Reinholdtsen




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Install System Team <debian-boot@lists.debian.org>:
Bug#592550; Package network-console. (Thu, 12 Aug 2010 00:12:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Kyle Moffett <Kyle.D.Moffett@boeing.com>:
Extra info received and forwarded to list. Copy sent to Debian Install System Team <debian-boot@lists.debian.org>. (Thu, 12 Aug 2010 00:12:03 GMT) Full text and rfc822 format available.

Message #15 received at 592550@bugs.debian.org (full text, mbox):

From: Kyle Moffett <Kyle.D.Moffett@boeing.com>
To: Debian Bug Tracking System <592550@bugs.debian.org>
Subject: Re: support for SSH-Key authentication (Supports Eucalyptus and Amazon EC2)
Date: Wed, 11 Aug 2010 19:58:04 -0400
[Message part 1 (text/plain, inline)]
Package: network-console
Severity: normal
Tags: patch

I've spent some time fiddling with this feature, and I've prepared a
modified patch that makes the feature more secure and easier to use.

The modified installer now retrieves a "public-ip-url" and displays that
address in the console output instead of the IP found on the network
interface.  This correctly interoperates with Eucalyptus and Amazon EC2.

In those environments you would use the following bit of preseed:

  d-i network-console/password-disabled boolean true
  d-i network-console/public-ip-url string \
    http://169.254.169.254/2007-01-19/meta-data/public-ipv4
  d-i network-console/public-key-url string \
    http://169.254.169.254/2007-01-19/meta-data/public-keys/0/openssh-key

I'm also in the process of working on a small Debian-Installer patch to
automatically prepare a partially-preseeded D-I image following those
conventions.

I've built a modified network-console with this patch into a slightly
patched Debian-Installer and successfully used it to begin a network
install on an Amazon EC2 instance.

There are still several partitioning and bootloader-related things which
don't work yet, but this part seems to be fully functional.

Cheers,
Kyle Moffett
[network-console-eucalyptus.patch (text/x-diff, attachment)]

Added tag(s) patch. Request was from "Moffett, Kyle D" <Kyle.D.Moffett@boeing.com> to control@bugs.debian.org. (Tue, 31 Aug 2010 17:42:03 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Install System Team <debian-boot@lists.debian.org>:
Bug#592550; Package network-console. (Wed, 20 Jul 2011 17:03:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Kyle Moffett <Kyle.D.Moffett@boeing.com>:
Extra info received and forwarded to list. Copy sent to Debian Install System Team <debian-boot@lists.debian.org>. (Wed, 20 Jul 2011 17:03:06 GMT) Full text and rfc822 format available.

Message #22 received at 592550@bugs.debian.org (full text, mbox):

From: Kyle Moffett <Kyle.D.Moffett@boeing.com>
To: Charles Plessy <plessy@debian.org>
Cc: "592550@bugs.debian.org" <592550@bugs.debian.org>
Subject: Re: support for SSH-Key authentication (Supports Eucalyptus and Amazon EC2)
Date: Wed, 20 Jul 2011 12:55:23 -0400
On Jul 19, 2011, at 19:22, Charles Plessy wrote:
> Le Wed, Aug 11, 2010 at 07:58:04PM -0400, Kyle Moffett a écrit :
>> 
>> The modified installer now retrieves a "public-ip-url" and displays that
>> address in the console output instead of the IP found on the network
>> interface.  This correctly interoperates with Eucalyptus and Amazon EC2.
>> 
>> In those environments you would use the following bit of preseed:
>> 
>>  d-i network-console/password-disabled boolean true
>>  d-i network-console/public-ip-url string \
>>    http://169.254.169.254/2007-01-19/meta-data/public-ipv4
>>  d-i network-console/public-key-url string \
>>    http://169.254.169.254/2007-01-19/meta-data/public-keys/0/openssh-key
>> 
>> I'm also in the process of working on a small Debian-Installer patch to
>> automatically prepare a partially-preseeded D-I image following those
>> conventions.
>> 
>> I've built a modified network-console with this patch into a slightly
>> patched Debian-Installer and successfully used it to begin a network
>> install on an Amazon EC2 instance.
> 
> Dear Kyle and Debian Installer team,
> 
> this would be a very interesting feature.  Since the Amazon EC2 can boot on
> custom kernels, it looks like that with this patch (or using Petter's
> workaround), it would be possible to prepare an Amazon Machine Image (AMI) of
> Debian-Installer itself, boot it from GRUB (through Amazon's kernels using
> PVGRUB and preseed it via initrd, in order to install Debian on an Amazon
> Elastic Block.  Is that what you have tried ?

That is exactly what I have done.

The actual construction of the AMI containing the Debian-Installer is a bit of
a pain; I have a shell-script wrapper around the Amazon EC2 tools in order to
do marshall it into the official EC2 format, but the patches necessary to make
the SSH Console and Debian-Installer play nicely were surprisingly small.

Basically, I created a new Debian-Installer image variant with a built-in
preseed file containing references to the standard Amazon EC2 infrastructure
for loading SSH keys and downloading additional preseed from EC2 "user-data".

I will see if I don't have 15 minutes some time soon to dust off those patches
to update and resubmit them.

Cheers,
Kyle Moffett



Information forwarded to debian-bugs-dist@lists.debian.org, Debian Install System Team <debian-boot@lists.debian.org>:
Bug#592550; Package network-console. (Sun, 24 Jul 2011 03:57:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Charles Plessy <plessy@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Install System Team <debian-boot@lists.debian.org>. (Sun, 24 Jul 2011 03:57:03 GMT) Full text and rfc822 format available.

Message #27 received at 592550@bugs.debian.org (full text, mbox):

From: Charles Plessy <plessy@debian.org>
To: 592550@bugs.debian.org
Subject: Re: support for SSH-Key authentication (Supports Eucalyptus and Amazon EC2)
Date: Sun, 24 Jul 2011 12:52:50 +0900
Le Wed, Jul 20, 2011 at 12:55:23PM -0400, Kyle Moffett a écrit :
> On Jul 19, 2011, at 19:22, Charles Plessy wrote:
> > 
> > Since the Amazon EC2 can boot on
> > custom kernels, it looks like that with this patch (or using Petter's
> > workaround), it would be possible to prepare an Amazon Machine Image (AMI) of
> > Debian-Installer itself, boot it from GRUB (through Amazon's kernels using
> > PVGRUB and preseed it via initrd, in order to install Debian on an Amazon
> > Elastic Block.  Is that what you have tried ?
> 
> That is exactly what I have done.
> 
> The actual construction of the AMI containing the Debian-Installer is a bit of
> a pain; I have a shell-script wrapper around the Amazon EC2 tools in order to
> do marshall it into the official EC2 format, but the patches necessary to make
> the SSH Console and Debian-Installer play nicely were surprisingly small.
> 
> Basically, I created a new Debian-Installer image variant with a built-in
> preseed file containing references to the standard Amazon EC2 infrastructure
> for loading SSH keys and downloading additional preseed from EC2 "user-data".

This is really exciting.

I was also wondering if the init and grub scripts that are usually installed on
EC2 images could be properly packaged, so that the creation of an AMI would be a
purely native Debian installation, with d-i preseeding.

If you like the idea, would you be interested to co-maintain such a package,
after inviting the other AMI producers (http://wiki.debian.org/Cloud/AmazonEC2Image) ?
The source package could be team-maintained on Alioth within the collab-maint
project, or incubated in the pkg-escience project for instance.

Have a nice day,

-- 
Charles Plessy
Debian Med packaging team,
http://www.debian.org/devel/debian-med
Tsurumi, Kanagawa, Japan




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Install System Team <debian-boot@lists.debian.org>:
Bug#592550; Package network-console. (Sat, 10 Sep 2011 13:33:09 GMT) Full text and rfc822 format available.

Acknowledgement sent to Charles Plessy <plessy@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Install System Team <debian-boot@lists.debian.org>. (Sat, 10 Sep 2011 13:33:09 GMT) Full text and rfc822 format available.

Message #32 received at 592550@bugs.debian.org (full text, mbox):

From: Charles Plessy <plessy@debian.org>
To: Kyle Moffett <Kyle.D.Moffett@boeing.com>, 592550@bugs.debian.org
Subject: Re: Provide support for SSH-Key authentication (Supports Eucalyptus and Amazon EC2)
Date: Sat, 10 Sep 2011 22:30:08 +0900
Le Tue, Aug 10, 2010 at 04:49:51PM -0400, Kyle Moffett a écrit :
> 
> When performing partially-automated virtual-server installations (using
> services such as Eucalyptus or Amazon EC2, for example), it's not really
> practical or secure to use password-based authentication for the
> installer.
> 
> Furthermore, such virtual server environments provide an automatic
> method of provisioning public SSH keys during the installation process
> via an HTTP URL.
> 
> The Ubuntu guys seem to have a patch for this that never got merged:
>   https://bugs.launchpad.net/ubuntu/+source/network-console/+bug/184108

Dear all,

I think that it would wonderful if Ubuntu's patch were applied in Debian.  Here
is a slimmed down version of it, where I removed the Ubuntu-specific parts
changing debian/control, the changelog and .gitignore files, …

http://patches.ubuntu.com/n/network-console/network-console_1.28ubuntu1.patch

--- 1.28/debian/network-console.postinst	2011-01-19 04:51:17.000000000 +0000
+++ 1.28ubuntu1/debian/network-console.postinst	2011-05-04 00:19:29.000000000 +0100
@@ -26,7 +26,30 @@ case "$ARCHDETECT" in
 	;;
 esac
 
-while [ -z "$PASSWORD" ]; do
+db_get $TEMPLATE_ROOT/authorized_keys_url
+
+AUTHORIZED_KEYS_URL="$RET"
+AUTHORIZED_KEYS_DIRECTORY="/.ssh"
+AUTHORIZED_KEYS_FILE="$AUTHORIZED_KEYS_DIRECTORY/authorized_keys"
+
+if [ -n "$AUTHORIZED_KEYS_URL" ]; then
+	if [ ! -f "$AUTHORIZED_KEYS_FILE" ]; then
+		[ -d "$AUTHORIZED_KEYS_DIRECTORY" ] || \
+		    mkdir "$AUTHORIZED_KEYS_DIRECTORY"
+		chmod 0700 "$AUTHORIZED_KEYS_DIRECTORY"
+		if ! wget -q "$AUTHORIZED_KEYS_URL" -O "$AUTHORIZED_KEYS_FILE"; then
+			db_subst $TEMPLATE_ROOT/authorized_keys_fetch_failure \
+			    LOCATION "$AUTHORIZED_KEYS_URL"
+			db_input critical $TEMPLATE_ROOT/authorized_keys_fetch_failure \
+			    || true
+			db_go
+			exit 1
+		fi
+		chmod 0644 "$AUTHORIZED_KEYS_FILE" || true
+	fi
+fi
+
+while [ ! -f "$AUTHORIZED_KEYS_FILE" ] && [ -z "$PASSWORD" ]; do
 	db_input critical $TEMPLATE_ROOT/password || true
 	COMPARE_PW=''
 	db_input high $TEMPLATE_ROOT/password-again && COMPARE_PW=1 || true
diff -pruN 1.28/debian/network-console.templates 1.28ubuntu1/debian/network-console.templates
--- 1.28/debian/network-console.templates	2011-01-19 04:51:17.000000000 +0000
+++ 1.28ubuntu1/debian/network-console.templates	2011-05-04 00:19:29.000000000 +0100
@@ -75,3 +75,19 @@ _Description: Start SSH
  .
  Please check this carefully against the fingerprint reported by
  your SSH client.
+
+Template: network-console/authorized_keys_url
+Type: string
+Description: for internal use; can be preseeded
+ What URL contains a list of authorized SSH public keys?
+ .
+ The file at the given URL should be of the same form as a standard OpenSSH
+ authorized_keys file.
+
+Template: network-console/authorized_keys_fetch_failure
+Type: error
+# should be translated when committed upstream
+Description: Could not fetch OpenSSH authorized keys
+ An error occurred while fetching OpenSSH authorized keys from ${LOCATION}.
+ .
+ Check /var/log/syslog or see virtual console 4 for the details.


Please let me know how I can help to make this happen.

Cheers,

-- 
Charles Plessy
Tsurumi, Kanagawa, Japan




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Install System Team <debian-boot@lists.debian.org>:
Bug#592550; Package network-console. (Mon, 12 Sep 2011 15:03:08 GMT) Full text and rfc822 format available.

Acknowledgement sent to Kyle Moffett <Kyle.D.Moffett@boeing.com>:
Extra info received and forwarded to list. Copy sent to Debian Install System Team <debian-boot@lists.debian.org>. (Mon, 12 Sep 2011 15:03:08 GMT) Full text and rfc822 format available.

Message #37 received at 592550@bugs.debian.org (full text, mbox):

From: Kyle Moffett <Kyle.D.Moffett@boeing.com>
To: Charles Plessy <plessy@debian.org>
Cc: "592550@bugs.debian.org" <592550@bugs.debian.org>
Subject: Re: Provide support for SSH-Key authentication (Supports Eucalyptus and Amazon EC2)
Date: Mon, 12 Sep 2011 10:56:05 -0400
[Message part 1 (text/plain, inline)]
On Sep 10, 2011, at 09:30, Charles Plessy wrote:
> Le Tue, Aug 10, 2010 at 04:49:51PM -0400, Kyle Moffett a écrit :
>> The Ubuntu guys seem to have a patch for this that never got merged:
>>  https://bugs.launchpad.net/ubuntu/+source/network-console/+bug/184108
> 
> I think that it would wonderful if Ubuntu's patch were applied in Debian.  Here
> is a slimmed down version of it, where I removed the Ubuntu-specific parts
> changing debian/control, the changelog and .gitignore files, …
> 
> http://patches.ubuntu.com/n/network-console/network-console_1.28ubuntu1.patch
> 
> [... patch snipped ...]
> 
> Please let me know how I can help to make this happen.


Charles,

My latest patch (attached) provides a bunch more features for installing
in virtualized environments.  You can also download it at this URL:
  http://opensource.exmeritus.com/debian-ami/network-console-1.29+euca01.patch

Specifically, my patch allows you enable both password and public-key auth,
by preseeding both a password and the authorized_keys URL.  If you don't
want to enable password authentication, you can preseed "password-disabled"
instead.

Additionally, I add a "publi-ip-url" key which causes the "IP" value in the
network-console message to be obtained from the virtualized hosting system.

Finally, I rewrite the post-base-installer hook to automatically copy the
authorized_keys file to the newly created user on the target system.  If
a non-root user was created during the installation then the key is copied
to that user, otherwise it is copied to root.

Cheers,
Kyle Moffett

[network-console-1.29+euca01-1.patch (application/octet-stream, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Install System Team <debian-boot@lists.debian.org>:
Bug#592550; Package network-console. (Mon, 12 Sep 2011 16:09:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Bastian Blank <waldi@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Install System Team <debian-boot@lists.debian.org>. (Mon, 12 Sep 2011 16:09:03 GMT) Full text and rfc822 format available.

Message #42 received at 592550@bugs.debian.org (full text, mbox):

From: Bastian Blank <waldi@debian.org>
To: Kyle Moffett <Kyle.D.Moffett@boeing.com>, 592550@bugs.debian.org
Cc: Charles Plessy <plessy@debian.org>
Subject: Re: Bug#592550: Provide support for SSH-Key authentication (Supports Eucalyptus and Amazon EC2)
Date: Mon, 12 Sep 2011 18:04:05 +0200
On Mon, Sep 12, 2011 at 10:56:05AM -0400, Kyle Moffett wrote:
> Specifically, my patch allows you enable both password and public-key auth,
> by preseeding both a password and the authorized_keys URL.  If you don't
> want to enable password authentication, you can preseed "password-disabled"
> instead.

Please explain the use for this.

Anyway. Please append the key to the initrd instead of using another
insecure transport. Or are you prepared to actually check the validity
of the keys?

Bastian

-- 
A Vulcan can no sooner be disloyal than he can exist without breathing.
		-- Kirk, "The Menagerie", stardate 3012.4




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Install System Team <debian-boot@lists.debian.org>:
Bug#592550; Package network-console. (Tue, 13 Sep 2011 16:30:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Moffett, Kyle D" <Kyle.D.Moffett@boeing.com>:
Extra info received and forwarded to list. Copy sent to Debian Install System Team <debian-boot@lists.debian.org>. (Tue, 13 Sep 2011 16:30:03 GMT) Full text and rfc822 format available.

Message #47 received at 592550@bugs.debian.org (full text, mbox):

From: "Moffett, Kyle D" <Kyle.D.Moffett@boeing.com>
To: Bastian Blank <waldi@debian.org>
Cc: "592550@bugs.debian.org" <592550@bugs.debian.org>, Charles Plessy <plessy@debian.org>
Subject: Re: Bug#592550: Provide support for SSH-Key authentication (Supports Eucalyptus and Amazon EC2)
Date: Tue, 13 Sep 2011 11:08:03 -0500
On Sep 12, 2011, at 12:04, Bastian Blank wrote:
> On Mon, Sep 12, 2011 at 10:56:05AM -0400, Kyle Moffett wrote:
>> Specifically, my patch allows you enable both password and public-key auth,
>> by preseeding both a password and the authorized_keys URL.  If you don't
>> want to enable password authentication, you can preseed "password-disabled"
>> instead.
> 
> Please explain the use for this.
> 
> Anyway. Please append the key to the initrd instead of using another
> insecure transport. Or are you prepared to actually check the validity
> of the keys?


Bastian,

The intent of this is that the virtualization system provides an HTTP
service on 169.254.169.254 which is unique for each and every VM.
The traffic goes directly to the management plane; it is unspoofable
and unsnoopable, so it just as secure as the virtual hard disks that
you install onto.

Certain provisioning metadata (such as public user SSH keys) can be
obtained from that HTTP server, EG:

http://169.254.169.254/2007-09-19/meta-data/public-keys/0/openssh-key

So the intent is to be able to preseed that URL (which is always the
same value for Amazon EC2 and possibly other virtualization systems)
into the Debian-Installer.

That allows me to start up virtual installers with different security
parameters using the native EC2 provisioning tools, without having to
upload a new image each time.

I assume that if your initramfs includes HTTPS support then you could
also use a secured HTTPS URL, but that's unnecessary for the virtual
infrastructure use-case.

Cheers,
Kyle Moffett







Information forwarded to debian-bugs-dist@lists.debian.org, Debian Install System Team <debian-boot@lists.debian.org>:
Bug#592550; Package network-console. (Wed, 14 Sep 2011 01:45:09 GMT) Full text and rfc822 format available.

Acknowledgement sent to Charles Plessy <plessy@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Install System Team <debian-boot@lists.debian.org>. (Wed, 14 Sep 2011 01:45:09 GMT) Full text and rfc822 format available.

Message #52 received at 592550@bugs.debian.org (full text, mbox):

From: Charles Plessy <plessy@debian.org>
To: Kyle Moffett <Kyle.D.Moffett@boeing.com>
Cc: 592550@bugs.debian.org
Subject: Re: Provide support for SSH-Key authentication (Supports Eucalyptus and Amazon EC2)
Date: Wed, 14 Sep 2011 10:43:38 +0900
Le Mon, Sep 12, 2011 at 10:56:05AM -0400, Kyle Moffett a écrit :
> 
> My latest patch (attached) provides a bunch more features for installing
> in virtualized environments.  You can also download it at this URL:
>   http://opensource.exmeritus.com/debian-ami/network-console-1.29+euca01.patch
> 
> Specifically, my patch allows you enable both password and public-key auth,
> by preseeding both a password and the authorized_keys URL.  If you don't
> want to enable password authentication, you can preseed "password-disabled"
> instead.
> 
> Additionally, I add a "publi-ip-url" key which causes the "IP" value in the
> network-console message to be obtained from the virtualized hosting system.
> 
> Finally, I rewrite the post-base-installer hook to automatically copy the
> authorized_keys file to the newly created user on the target system.  If
> a non-root user was created during the installation then the key is copied
> to that user, otherwise it is copied to root.

Hi Kyle,

the two first features are good additions.  However, I think that the third
feature, to add the SSH keys to the target system, should be at least disabled
by default, or removed, for the following two reasons:

 1) Public images should not contain public SSH keys that allow the owner of
    the private key to gain administrator priviledges, see:
    -  http://alestic.com/2011/06/ec2-ami-security
    -  https://forums.aws.amazon.com/thread.jspa?threadID=67299

 2) The same functionality could be achieved by dowloading the public keys
    at the first run of fresh images, from the same special URL.  I think that
    this is more flexible, and more images would benefit of this (for instance
    images that were not created through the network console).  Let's have
    this function in a separate package.

Have a nice day,

-- 
Charles Plessy
Tsurumi, Kanagawa, Japan




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Install System Team <debian-boot@lists.debian.org>:
Bug#592550; Package network-console. (Wed, 28 Mar 2012 00:33:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Charles Plessy <plessy@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Install System Team <debian-boot@lists.debian.org>. (Wed, 28 Mar 2012 00:33:03 GMT) Full text and rfc822 format available.

Message #57 received at 592550@bugs.debian.org (full text, mbox):

From: Charles Plessy <plessy@debian.org>
To: 592550@bugs.debian.org
Subject: Re: Bug#592550: Provide support for SSH-Key authentication (Supports Eucalyptus and Amazon EC2)
Date: Wed, 28 Mar 2012 09:31:03 +0900
Dear all,

Ubuntu's patched network-console can retrieve a public key from a fixed and
secure location, which allows one to log in the installer without pre-defined
password (such as "r00tme" in the example preseed file).  I am not aware of
problems arising from this patch, and Colin Watson was quite postitive in 2008
about applying merging it in Debian.  Would that be possible ?  I can help
the preparation of the update if needed.

In this bug report, a more extensive patch also was proposed by Kyle Moffett.
It has functions that are off-topic for network-console, and that can be taken
care of by the 'cloud-init' package that I hope will be uploaded to Debian
soon.  (See the debian-python mailing list archives in March).

I propose to simply merge Ubuntu and Debian's difference, which would provide
enough functionality to close this bug.

Please let me know if I can help.

Have a nice day,

-- 
Charles Plessy
Tsurumi, Kanagawa, Japan




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Install System Team <debian-boot@lists.debian.org>:
Bug#592550; Package network-console. (Wed, 04 Apr 2012 07:15:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Charles Plessy <plessy@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Install System Team <debian-boot@lists.debian.org>. (Wed, 04 Apr 2012 07:15:03 GMT) Full text and rfc822 format available.

Message #62 received at 592550@bugs.debian.org (full text, mbox):

From: Charles Plessy <plessy@debian.org>
To: 592550@bugs.debian.org
Subject: Re: String freeze for Debian Installer
Date: Wed, 4 Apr 2012 16:11:16 +0900
Le Wed, Apr 04, 2012 at 07:03:14AM +0200, Christian PERRIER a écrit :
> 
> I would like to call for a "string freeze" in Debian Installer
> packages. As you may have read elsewhere (mostly through my boring
> blog posts), I'm currently fighting for bringing localization back to
> completeness for several languages. And this is a very time consuming
> task.

Dear Christian,

in #592550, I and others are proposing to add a functionality
to network-console, and the proposed patch would introduce the
following templates:

diff -pruN 1.29/debian/network-console.templates 1.29ubuntu1/debian/network-console.templates
--- 1.29/debian/network-console.templates	2011-06-19 02:40:08.000000000 +0000
+++ 1.29ubuntu1/debian/network-console.templates	2011-10-18 17:23:42.000000000 +0000
@@ -75,3 +75,19 @@ _Description: Start SSH
  .
  Please check this carefully against the fingerprint reported by
  your SSH client.
+
+Template: network-console/authorized_keys_url
+Type: string
+Description: for internal use; can be preseeded
+ What URL contains a list of authorized SSH public keys?
+ .
+ The file at the given URL should be of the same form as a standard OpenSSH
+ authorized_keys file.
+
+Template: network-console/authorized_keys_fetch_failure
+Type: error
+# should be translated when committed upstream
+Description: Could not fetch OpenSSH authorized keys
+ An error occurred while fetching OpenSSH authorized keys from ${LOCATION}.
+ .
+ Check /var/log/syslog or see virtual console 4 for the details.

How are considered the templates that are purposed for preseeding ?  Do you
think that, from an i18n point of view, it would still be possible to get that
patch in D-I for Wheezy ?  To be fair, this function is not essential; but it
is neat, as it allows to log in D-I with the same procedure as on some
high-profile machine images (like http://alestic.com/).

Reading the explanation about sublevels that you posted in 2007 (
http://lists.debian.org/debian-boot/2007/12/msg00480.html ), it looks like the
propose patch is actually missing an indication of sublevel.  Would sublevel 5
be relevant ?  I would like to update the patch and propose a NMU (depending on
your answer about string freeze).

Have a nice day,

-- 
Charles Plessy
Debian Med packaging team,
http://www.debian.org/devel/debian-med
Tsurumi, Kanagawa, Japan




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Install System Team <debian-boot@lists.debian.org>:
Bug#592550; Package network-console. (Wed, 04 Apr 2012 18:51:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Christian PERRIER <bubulle@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Install System Team <debian-boot@lists.debian.org>. (Wed, 04 Apr 2012 18:51:03 GMT) Full text and rfc822 format available.

Message #67 received at 592550@bugs.debian.org (full text, mbox):

From: Christian PERRIER <bubulle@debian.org>
To: Charles Plessy <plessy@debian.org>, 592550@bugs.debian.org
Subject: Re: Bug#592550: String freeze for Debian Installer
Date: Wed, 4 Apr 2012 18:51:37 +0200
[Message part 1 (text/plain, inline)]
Quoting Charles Plessy (plessy@debian.org):

> in #592550, I and others are proposing to add a functionality
> to network-console, and the proposed patch would introduce the
> following templates:
> 
> diff -pruN 1.29/debian/network-console.templates 1.29ubuntu1/debian/network-console.templates
> --- 1.29/debian/network-console.templates	2011-06-19 02:40:08.000000000 +0000
> +++ 1.29ubuntu1/debian/network-console.templates	2011-10-18 17:23:42.000000000 +0000
> @@ -75,3 +75,19 @@ _Description: Start SSH
>   .
>   Please check this carefully against the fingerprint reported by
>   your SSH client.
> +
> +Template: network-console/authorized_keys_url
> +Type: string
> +Description: for internal use; can be preseeded
> + What URL contains a list of authorized SSH public keys?
> + .
> + The file at the given URL should be of the same form as a standard OpenSSH
> + authorized_keys file.
> +
> +Template: network-console/authorized_keys_fetch_failure
> +Type: error
> +# should be translated when committed upstream
> +Description: Could not fetch OpenSSH authorized keys
> + An error occurred while fetching OpenSSH authorized keys from ${LOCATION}.
> + .
> + Check /var/log/syslog or see virtual console 4 for the details.
> 
> How are considered the templates that are purposed for preseeding ?  Do you

They shouldn't be marked as translatable. Indeed the long description
will never be used.

The 2nd template should be translatable and is a good candidate for my
proposed "sublevel 6" that wouldn't be counted in statistics (at least
those that I track)


> think that, from an i18n point of view, it would still be possible to get that
> patch in D-I for Wheezy ?  To be fair, this function is not essential; but it
> is neat, as it allows to log in D-I with the same procedure as on some
> high-profile machine images (like http://alestic.com/).
> 
> Reading the explanation about sublevels that you posted in 2007 (
> http://lists.debian.org/debian-boot/2007/12/msg00480.html ), it looks like the
> propose patch is actually missing an indication of sublevel.  Would sublevel 5
> be relevant ?  I would like to update the patch and propose a NMU (depending on
> your answer about string freeze).

I propose you use sublevel 6.

Then update the patch...then propose a patch to the D-I documentation
(the part about preseeding as any preseedable value should be
documented there).

I don't think an NMU for a -boot maintained package is the best
solution. Once the patch is OK for the D-I team, then we can commit it
and upload the package.


[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Install System Team <debian-boot@lists.debian.org>:
Bug#592550; Package network-console. (Sat, 21 Apr 2012 04:57:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Charles Plessy <plessy@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Install System Team <debian-boot@lists.debian.org>. (Sat, 21 Apr 2012 04:57:03 GMT) Full text and rfc822 format available.

Message #72 received at 592550@bugs.debian.org (full text, mbox):

From: Charles Plessy <plessy@debian.org>
To: 592550@bugs.debian.org
Subject: Re: Bug#592550: String freeze for Debian Installer
Date: Sat, 21 Apr 2012 13:52:22 +0900
[Message part 1 (text/plain, inline)]
Le Wed, Apr 04, 2012 at 06:51:37PM +0200, Christian PERRIER a écrit :
> 
> I propose you use sublevel 6.
> 
> Then update the patch...then propose a patch to the D-I documentation
> (the part about preseeding as any preseedable value should be
> documented there).

Dear Christian and everybody,

here is an updated patch to network-console, to implement SSH connection via
authorized keys downloaded at run time.

I am still studying how to test the patched udeb...

I will submit a patch to the D-I documentation separately.  In the meantime,
please let me know if you spot a problem with the attached patches.

Have a nice week-end,

-- 
Charles Plessy
Tsurumi, Kanagawa, Japan
[0001-Add-support-for-public-key-authentication-Matt-T.-Pr.patch (text/x-diff, attachment)]
[0002-Mark-network-console-authorized_keys_fetch_failure-f.patch (text/x-diff, attachment)]
[0003-Simplification-of-the-authorized_keys-entries.patch (text/x-diff, attachment)]
[0004-New-changelog-entry-for-1.31-about-SSH-public-key-au.patch (text/x-diff, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Install System Team <debian-boot@lists.debian.org>:
Bug#592550; Package network-console. (Sat, 21 Apr 2012 06:09:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Christian PERRIER <bubulle@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Install System Team <debian-boot@lists.debian.org>. (Sat, 21 Apr 2012 06:09:03 GMT) Full text and rfc822 format available.

Message #77 received at 592550@bugs.debian.org (full text, mbox):

From: Christian PERRIER <bubulle@debian.org>
To: Charles Plessy <plessy@debian.org>, 592550@bugs.debian.org
Subject: Re: Bug#592550: String freeze for Debian Installer
Date: Sat, 21 Apr 2012 08:05:02 +0200
[Message part 1 (text/plain, inline)]
Quoting Charles Plessy (plessy@debian.org):
> Le Wed, Apr 04, 2012 at 06:51:37PM +0200, Christian PERRIER a écrit :
> > 
> > I propose you use sublevel 6.
> > 
> > Then update the patch...then propose a patch to the D-I documentation
> > (the part about preseeding as any preseedable value should be
> > documented there).
> 
> Dear Christian and everybody,
> 
> here is an updated patch to network-console, to implement SSH connection via
> authorized keys downloaded at run time.

Thanks Charles,

Review added to my TODO list for this week-end. Please yell if I
didn't answer by Sunday evening (european time).


[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Install System Team <debian-boot@lists.debian.org>:
Bug#592550; Package network-console. (Tue, 24 Apr 2012 00:48:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Charles Plessy <plessy@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Install System Team <debian-boot@lists.debian.org>. (Tue, 24 Apr 2012 00:48:03 GMT) Full text and rfc822 format available.

Message #82 received at 592550@bugs.debian.org (full text, mbox):

From: Charles Plessy <plessy@debian.org>
To: 592550@bugs.debian.org
Subject: Re: Bug#592550: String freeze for Debian Installer
Date: Tue, 24 Apr 2012 09:44:14 +0900
[Message part 1 (text/plain, inline)]
Le Sat, Apr 21, 2012 at 04:13:53PM +0200, Christian PERRIER a écrit :

> Even if not very important, I recommend avoiding interrogative form in
> the long part.

> Add a comment for translators and move to sublevel 6

Thanks for the proofreading.  I attached an additional patch that can be
applied on top of the other ones.

I have the impression that I may have confused you by sending a stack of
interdependant patches in my previous email.  If you are not going to apply
them with the 'git am' command, I attached a monolithic patch as a replacement.

Have a nice day,

-- 
Charles Plessy
Tsurumi, Kanagawa, Japan
[0005-Proofread-by-C.-Perrier.patch (text/x-diff, attachment)]
[592550-monolithic.patch (text/x-diff, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Install System Team <debian-boot@lists.debian.org>:
Bug#592550; Package network-console. (Tue, 24 Apr 2012 05:24:13 GMT) Full text and rfc822 format available.

Acknowledgement sent to Christian PERRIER <bubulle@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Install System Team <debian-boot@lists.debian.org>. (Tue, 24 Apr 2012 05:24:13 GMT) Full text and rfc822 format available.

Message #87 received at 592550@bugs.debian.org (full text, mbox):

From: Christian PERRIER <bubulle@debian.org>
To: Charles Plessy <plessy@debian.org>, 592550@bugs.debian.org
Subject: Re: Bug#592550: String freeze for Debian Installer
Date: Tue, 24 Apr 2012 07:22:53 +0200
[Message part 1 (text/plain, inline)]
Quoting Charles Plessy (plessy@debian.org):

> Thanks for the proofreading.  I attached an additional patch that can be
> applied on top of the other ones.
> 
> I have the impression that I may have confused you by sending a stack of
> interdependant patches in my previous email.  If you are not going to apply
> them with the 'git am' command, I attached a monolithic patch as a
> replacement

This patch is fine by me. Any objections from someone else in what
remains of D-I team?


[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Install System Team <debian-boot@lists.debian.org>:
Bug#592550; Package network-console. (Wed, 25 Apr 2012 20:09:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Christian PERRIER <bubulle@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Install System Team <debian-boot@lists.debian.org>. (Wed, 25 Apr 2012 20:09:03 GMT) Full text and rfc822 format available.

Message #92 received at 592550@bugs.debian.org (full text, mbox):

From: Christian PERRIER <bubulle@debian.org>
To: Charles Plessy <plessy@debian.org>, 592550@bugs.debian.org
Subject: Re: Bug#592550: String freeze for Debian Installer
Date: Wed, 25 Apr 2012 22:07:46 +0200
[Message part 1 (text/plain, inline)]
Quoting Charles Plessy (plessy@debian.org):
> Le Sat, Apr 21, 2012 at 04:13:53PM +0200, Christian PERRIER a écrit :
> 
> > Even if not very important, I recommend avoiding interrogative form in
> > the long part.
> 
> > Add a comment for translators and move to sublevel 6
> 
> Thanks for the proofreading.  I attached an additional patch that can be
> applied on top of the other ones.
> 
> I have the impression that I may have confused you by sending a stack of
> interdependant patches in my previous email.  If you are not going to apply
> them with the 'git am' command, I attached a monolithic patch as a
> replacement

I just committed the patch. THanks for your work on this!


[signature.asc (application/pgp-signature, inline)]

Reply sent to Christian Perrier <bubulle@debian.org>:
You have taken responsibility. (Fri, 15 Jun 2012 17:54:12 GMT) Full text and rfc822 format available.

Notification sent to Kyle Moffett <Kyle.D.Moffett@boeing.com>:
Bug acknowledged by developer. (Fri, 15 Jun 2012 17:54:12 GMT) Full text and rfc822 format available.

Message #97 received at 592550-close@bugs.debian.org (full text, mbox):

From: Christian Perrier <bubulle@debian.org>
To: 592550-close@bugs.debian.org
Subject: Bug#592550: fixed in network-console 1.31
Date: Fri, 15 Jun 2012 17:50:37 +0000
Source: network-console
Source-Version: 1.31

We believe that the bug you reported is fixed in the latest version of
network-console, which is due to be installed in the Debian FTP archive:

network-console_1.31.dsc
  to main/n/network-console/network-console_1.31.dsc
network-console_1.31.tar.gz
  to main/n/network-console/network-console_1.31.tar.gz
network-console_1.31_i386.udeb
  to main/n/network-console/network-console_1.31_i386.udeb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 592550@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christian Perrier <bubulle@debian.org> (supplier of updated network-console package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 15 Jun 2012 19:29:35 +0200
Source: network-console
Binary: network-console
Architecture: source i386
Version: 1.31
Distribution: unstable
Urgency: low
Maintainer: Debian Install System Team <debian-boot@lists.debian.org>
Changed-By: Christian Perrier <bubulle@debian.org>
Description: 
 network-console - Continue installation remotely using SSH (udeb)
Closes: 592550 670941
Changes: 
 network-console (1.31) unstable; urgency=low
 .
   * Team upload
   * Replace XC-Package-Type by Package-Type
 .
   [ Matt T. Proud ]
   * Add support for public-key authentication (Closes:#592550, LP: #184108).
 .
   [ Charles Plessy ]
   * Mark authorized_keys_fetch_failure for translation, sublevel 6.
 .
   [ Simon Guinot ]
   * Set LED signal on LaCie Kirkwood NAS devices when SSH is ready
     (Closes: #670941).
 .
   [ Updated translations ]
   * Arabic (ar.po) by Ossama Khayat
   * Asturian (ast.po) by ivarela
   * Belarusian (be.po) by Viktar Siarheichyk
   * Bulgarian (bg.po) by Damyan Ivanov
   * Tibetan (bo.po) by Tennom
   * Bosnian (bs.po) by Armin Besirovic
   * Catalan (ca.po) by Jordi Mallach
   * Czech (cs.po) by Miroslav Kure
   * Welsh (cy.po) by Dafydd Tomos
   * Danish (da.po) by Joe Hansen
   * German (de.po) by Holger Wansing
   * Greek, Modern (1453-) (el.po)
   * Esperanto (eo.po) by Felipe Castro
   * Spanish (es.po) by Javier Fernández-Sanguino Peña
   * Basque (eu.po) by Piarres Beobide
   * Finnish (fi.po) by Timo Jyrinki
   * French (fr.po) by Christian Perrier
   * Irish (ga.po) by Kevin Patrick Scannell
   * Galician (gl.po) by Jorge Barreiro
   * Hebrew (he.po) by Omer Zak
   * Hindi (hi.po) by Kumar Appaiah
   * Croatian (hr.po) by Tomislav Krznar
   * Hungarian (hu.po) by SZERVÁC Attila
   * Icelandic (is.po) by Sveinn í Felli
   * Italian (it.po) by Milo Casagrande
   * Japanese (ja.po) by Kenshi Muto
   * Kazakh (kk.po) by Baurzhan Muftakhidinov
   * Korean (ko.po) by Changwoo Ryu
   * Lao (lo.po) by Anousak Souphavanh
   * Lithuanian (lt.po) by Rimas Kudelis
   * Latvian (lv.po) by RÅ«dolfs Mazurs
   * Macedonian (mk.po) by Arangel Angov
   * Malayalam (ml.po) by Praveen Arimbrathodiyil
   * Marathi (mr.po) by sampada
   * Dutch (nl.po) by Jeroen Schot
   * Panjabi (pa.po) by A S Alam
   * Polish (pl.po) by Michał Kułach
   * Portuguese (Brazil) (pt_BR.po) by Felipe Augusto van de Wiel (faw)
   * Portuguese (pt.po) by Miguel Figueiredo
   * Romanian (ro.po) by ioan-eugen stan
   * Russian (ru.po) by Yuri Kozlov
   * Slovak (sk.po) by Ivan Masár
   * Slovenian (sl.po) by Vanja Cvelbar
   * Swedish (sv.po) by Martin Bagge / brother
   * Telugu (te.po) by Arjuna Rao Chavala
   * Thai (th.po) by Theppitak Karoonboonyanan
   * Turkish (tr.po) by Mert Dirik
   * Uyghur (ug.po) by Sahran
   * Vietnamese (vi.po) by Hai-Nam Nguyen
   * Simplified Chinese (zh_CN.po) by YunQiang Su
   * Traditional Chinese (zh_TW.po) by Yao Wei
Checksums-Sha1: 
 ea3863c5aaee0f5c92f2ae456ff0be683ae2fa9c 1645 network-console_1.31.dsc
 f5ba702a616c48ffba8a0a9dfd0e62c625b41f61 112369 network-console_1.31.tar.gz
 e8a2b60f95b407acb00987c86b76bd3206f7ec1a 80318 network-console_1.31_i386.udeb
Checksums-Sha256: 
 a14cdd5b9cebefcfc00c352ff6755824ba4ce7f2dfb46892bcfa4fe7f39e086d 1645 network-console_1.31.dsc
 9d96d2c158e5c0eaf21bfd95a2b5b6da5c940a356a8a8ac75f14b2161ebf8052 112369 network-console_1.31.tar.gz
 095030898f084bde884a7c05360fdbe711b1ca23a4eaa7d34486cbfbacaa7f06 80318 network-console_1.31_i386.udeb
Files: 
 ca081d58e5dee3684350a363953b98e1 1645 debian-installer optional network-console_1.31.dsc
 97c34d7b86d4dc3f9a6185de9094f242 112369 debian-installer optional network-console_1.31.tar.gz
 6ae16ecec0a154a2b2bfea52b2b036b4 80318 debian-installer optional network-console_1.31_i386.udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIVAwUBT9tyhYcvcCxNbiWoAQJKYRAAlBell2XZJa5pQoyWdMKLKnmOj6xatEMg
2PQq+tzum7U3kcfv0SS/FXTdYUFHG2Y4m4ZSiF+jyN0LkwwvXBnpC3ElIkLxpDSC
xAAeXj58GMp/UgJiFN3y6zzohD/PQJF5vwhzuU+vPtdhmMIEIwTTya4J8W1XpbAn
/QxGC/kC4TSK/vEGG0aGJz1XtIW26HFjFw0s+GPz3p2K7GSmhGEVibwK4DeJgxDG
eA+2nJORUc4HuiHyvd4Q5wcckoKksUWSDXbY1of3tD+REsYxsF2IL5GAywKOO2gD
CAecz8KKabMICaRfq1EW9X1YJLAMlEUcCELAFWS74757W6gtaNyvhZAFlQ2XNDal
L7n0Jp+cHc/fo5kdQgZwlvW9sICfU9UtuqntukH8n+MK4wVJaoGgbsBzdpvqPWQb
mC7Zwo17gsxCYDxXSp1KqWwMa0WXemdi83VmaiHQC7o43w8Q75I3lBMBqncMbolV
Hj8NE2Yw64LgYT1/idBIJ7gpSbaciXRGwUAQA2KpNRUq0oTqmyr08Uef1lABgMMl
44p/xm0DD+aPO92isDsfPyBTTonIILqu4+97dcQgV0ABESJjfwafEv99BzTjbrIE
jMlaMyXO1chvJDJY1oNckJJzBlQDQij8J7xGkhFeJtUZ4hS1IJ01nBwRZWYD/jFr
GI31+DZ+Ifw=
=P2xV
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 15 Jul 2012 07:30:15 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 06:10:11 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.