[MIR] ubuntu-advantage-desktop-daemon

Bug #1954909 reported by Sebastien Bacher
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ubuntu-advantage-desktop-daemon (Ubuntu)
Fix Released
High
Unassigned

Bug Description

[Availability]
The package ubuntu-advantage-desktop-daemon is already in Ubuntu universe.
The package ubuntu-advantage-desktop-daemon builds for the architectures it is designed to work on.
It currently builds and works for architectures: amd64 arm64 armhf ppc64el riscv64 s390x
Link to package https://launchpad.net/ubuntu/+source/ubuntu-advantage-desktop-daemon

[Rationale]
- The package will be used to handle Ubuntu Advantage subscriptions on the desktop, including ESM and livepatch integrations. Having a service will make easier to do integration with different parts of the desktop without having to reimplement similar code as we are doing today.

[Security]
- No CVEs/security issues in this software in the past as it's a new project.

- no `suid` or `sgid` binaries
- no executables in `/sbin` and `/usr/sbin`
- Package installs services but without rights restriction, those proposed changed make use of systemd to limit the permissions, https://github.com/canonical/ubuntu-advantage-desktop-daemon/pull/8
- Packages does not open privileged ports (ports < 1024)
- Packages does not contain extensions to security-sensitive software

[Quality assurance - function/usage]
- The package works well right after install

[Quality assurance - maintenance]
- The package is maintained well in Ubuntu and has not bug open yet
  - Ubuntu https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-desktop-daemon/+bug
- The package isn't availabe in Debian since the Ubuntu Advantage service is specific to our distro.
- The package does not deal with exotic hardware we cannot support

[Quality assurance - testing]
- The package includes a test suite on build time, if it fails it makes the build fail, link to build log
https://launchpadlibrarian.net/579670038/buildlog_ubuntu-jammy-amd64.ubuntu-advantage-desktop-daemon_1.3.1_BUILDING.txt.gz
- The package does not run an autopkgtest yet, the enabling of private subcription isn't easy to do on the infrastructure so we will follow a manual testplan, https://wiki.ubuntu.com/DesktopTeam/TestPlans/UbuntuAdvantageDesktopDaemon
- The package does have no failing autopkgtests right now since it doesn't have any

[Quality assurance - packaging]
- debian/watch is not present because it is a native package

- building from the current vcs, lintian has only one warning about the debhelper version being outdated

# lintian --pedantic
P: ubuntu-advantage-desktop-daemon source: package-uses-old-debhelper-compat-version 10

Using an outdated version is a choice because we aim at SRUing the service back to bionic with one source.

- Lintian overrides are not present

- This package does not rely on obsolete or about to be demoted packages.
- This package has no python2 or GTK2 dependencies

- The package will be installed by default, but does not ask debconf questions

- Packaging and build is easy, link to d/rules https://github.com/canonical/ubuntu-advantage-desktop-daemon/blob/main/debian/rules

[UI standards]
- Application is end-user facing through polkit permission prompts, Translation is present, via standard gettext, the package is translatable on launchpad, https://translations.launchpad.net/ubuntu/+source/ubuntu-advantage-desktop-daemon

[Dependencies]
- No further depends or recommends dependencies that are not yet in main

[Standards compliance]
- This package correctly follows FHS and Debian Policy

[Maintenance/Owner]
- Owning Team will be desktop-packages
- Team is not yet, but will subscribe to the package before promotion

- This does not use static builds
- This does not use vendored code

[Background information]
The Package description explains the package well
Upstream Name is ubuntu-advantage-desktop-daemon
Link to upstream project https://github.com/canonical/ubuntu-advantage-desktop-daemon

description: updated
description: updated
Revision history for this message
Sebastien Bacher (seb128) wrote :

I'm going to add the package to the MIR queue review at this point, the testplan wiki should be added in the next days as well as the improved systemd security

Changed in ubuntu-advantage-desktop-daemon (Ubuntu):
assignee: nobody → Lukas Märdian (slyon)
description: updated
description: updated
Changed in ubuntu-advantage-desktop-daemon (Ubuntu):
importance: Undecided → High
Revision history for this message
Lukas Märdian (slyon) wrote :
Download full text (4.3 KiB)

This was co-reviewed by @joalif and myself.

Review for Package: src:ubuntu-advantage-desktop-daemon

[Summary]
ubuntu-advantage-desktop-daemon is a rather small, new daemon that is providing
a DBus API for desktop application to talk with the UA client. The daemon is
run as a systemd service (as root), but it applies several isolation techniques
to lock the attack surface down to a minimum.

MIR team ACK under the constraint to resolve the below listed required
TODOs and as much as possible having a look at the recommended TODOs.

This does not need a security review.

List of specific binary packages to be promoted to main: ubuntu-advantage-desktop-daemon
Specific binary packages built, but NOT to be promoted to main: <none>

Notes:
Does not need a security review as the only red flag (root-daemon) is arleady
being mitigated in the systemd service.

Required TODOs:
- The package is installing a binary in
  /usr/lib/x86_64-linux-gnu/ubuntu-advantage-desktop-daemon
  Please let us know if there is any good reason for choosing this location or
  install the file at /usr/libexec instead.

Recommended TODOs:
- The package should get a team bug subscriber before being promoted
- Try further locking down the systemd service (root daemon), e.g. by running it
  under its own (dynamic) user/group: https://0pointer.net/blog/dynamic-users-with-systemd.html

[Duplication]
There is no other package in main providing the same functionality.

[Dependencies]
OK:
- no other Dependencies to MIR due to this
  - checked with check-mir
  - not listed in seeded-in-ubuntu
  - none of the (potentially auto-generated) dependencies (Depends
    and Recommends) that are present after build are not in main
- no -dev/-debug/-doc packages that need exclusion
- No dependencies in main that are only superficially tested requiring
   more tests now.

Problems: None

[Embedded sources and static linking]
OK:
- no embedded source present
- no static linking
- does not have odd Built-Using entries
- not a go package, no extra constraints to consider in that regard
- No vendoring used, all Built-Using are in main

Problems: None

[Security]
OK:
- history of CVEs does not look concerning (the package is pretty new, though,
  first published in Dec, 2021)
- does not use webkit1,2
- does not use lib*v8 directly
- does not parse data formats
- does not open a port/socket
- does not process arbitrary web content
- does not integrate arbitrary javascript into the desktop
- does not deal with system authentication (eg, pam), etc)
- does not deal with security attestation (secure boot, tpm, signatures)

Problems:
- uses centralized online accounts, but that's the intended purpose of UA
- does run a daemon as root, but uses systemd security features to confine it
  I wonder if that could be further confined by making it run in its own
  (dynamic) user and group.
  c.f. https://www.freedesktop.org/software/systemd/man/systemd.exec.html#User/Group%20Identity

[Common blockers]
OK:
- does not FTBFS currently
- does have a test suite that runs at build time
  - test suite fails will fail the build upon error.
- does not have test suite that runs as autopkgtest, but manual test plan is ...

Read more...

Changed in ubuntu-advantage-desktop-daemon (Ubuntu):
assignee: Lukas Märdian (slyon) → Sebastien Bacher (seb128)
status: New → Incomplete
Revision history for this message
Sebastien Bacher (seb128) wrote :

> Please let us know if there is any good reason for choosing this location or install the file at /usr/libexec instead.

We don't specify the location, it's coming from debhelper and the default for the compat level we are using, which we are using as stated in the description to be able to backport the package to older series without modifications.

If you consider it important to use libexecdir we could add a delta between series to update the compat or change the default

Revision history for this message
Lukas Märdian (slyon) wrote (last edit ):

Indeed, I can confirm that building with debhelper compat >= 12 would install the "ubuntu-advantage-desktop-daemon" binary in the correct /usr/libexec directory. So this is a fair tradeoff with good reason (backwards compatibility without introducing a delta). Therefore I'll downgrade this "Required TODO" to a "Recommended TODO".

=> Mir team ACK.

As discussed out-of-band, we should still consider using something like "--libexecdir=/usr/libexec" in debian/rules to install that binary to /usr/libexec in a backwards compatible way, while adhering to Standards-Version: 4.1.5, as being used by this package.

N: Debian adopted the Filesystem Hierarchy Specification (FHS) version 3.0
N: starting with our policy revision 4.1.5. The FHS 3.0 describes
N: /usr/libexec. Please use that location for executables.

Lukas Märdian (slyon)
Changed in ubuntu-advantage-desktop-daemon (Ubuntu):
status: Incomplete → In Progress
Revision history for this message
Sebastien Bacher (seb128) wrote :

Libexec changed in https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-desktop-daemon/1.6

I'm setting it to fix commited now

Changed in ubuntu-advantage-desktop-daemon (Ubuntu):
assignee: Sebastien Bacher (seb128) → nobody
status: In Progress → Fix Committed
Revision history for this message
Steve Langasek (vorlon) wrote :

Override component to main
ubuntu-advantage-desktop-daemon 1.6 in jammy amd64: universe/misc/optional/100% -> main
ubuntu-advantage-desktop-daemon 1.6 in jammy arm64: universe/misc/optional/100% -> main
ubuntu-advantage-desktop-daemon 1.6 in jammy armhf: universe/misc/optional/100% -> main
ubuntu-advantage-desktop-daemon 1.6 in jammy ppc64el: universe/misc/optional/100% -> main
ubuntu-advantage-desktop-daemon 1.6 in jammy riscv64: universe/misc/optional/100% -> main
ubuntu-advantage-desktop-daemon 1.6 in jammy s390x: universe/misc/optional/100% -> main
6 publications overridden.

Changed in ubuntu-advantage-desktop-daemon (Ubuntu):
status: Fix Committed → Fix Released
Revision history for this message
Didier Roche-Tolomelli (didrocks) wrote :

The source package was not promoted. Doing so now:
Override component to main
ubuntu-advantage-desktop-daemon 1.6 in jammy: universe/misc -> main
Override [y|N]? y
1 publication overridden.

Revision history for this message
Sebastien Bacher (seb128) wrote :

And just as a FYI, we added an issue on github about investigating the suggestion to user another user in the system service

https://github.com/canonical/ubuntu-advantage-desktop-daemon/issues/13

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.