[MIR] adcli
Bug #1868159 reported by
Jason Edgecombe
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
adcli (Ubuntu) |
Fix Released
|
Medium
|
Unassigned |
Bug Description
I request that the adcli package be included in main.
adcli is a key support tool for the many organizations that use Linux machines with Active Directory. Many enterprises are requiring that Linux machine join their AD domains and use AD authentication.
adcli is a necessity for using kerberized NFS4 in an Active Directory environment. NFS4 with kerberos (sec=krb5 mount option). adcli is used to add the nfs/hostname service name to the machine's keytab and AD computer account, which is required on the NFS server and any NFS4 clients using leases.
Note this MIR is related to MIR in bug 1868154
Related branches
~ahasenack/ubuntu-seeds:focal-realmd-adcli
Merged
into
~ubuntu-core-dev/ubuntu-seeds/+git/platform:focal
at
revision 7b82818b00881ea4a54c6c731661408728eff106
- Seth Arnold (community): Approve
- Bryce Harrington: Approve
- Canonical Server Core Reviewers: Pending requested
-
Diff: 12 lines (+2/-0)1 file modifiedsupported-misc-servers (+2/-0)
~ahasenack/ubuntu-seeds/+git/platform:groovy-realmd-adcli-mir
Merged
into
~ubuntu-core-dev/ubuntu-seeds/+git/platform:groovy
at
revision 227cd2d3bed15cbac8bd39f085071799e7a1aa15
- Lucas Kanashiro: Approve
- Canonical Server Core Reviewers: Pending requested
-
Diff: 12 lines (+2/-0)1 file modifiedsupported-misc-servers (+2/-0)
Changed in adcli (Ubuntu): | |
assignee: | nobody → Dan Streetman (ddstreet) |
Changed in adcli (Ubuntu): | |
status: | New → In Progress |
Changed in adcli (Ubuntu): | |
assignee: | nobody → Dan Streetman (ddstreet) |
description: | updated |
Changed in adcli (Ubuntu): | |
status: | In Progress → Fix Released |
To post a comment you must log in.
[Summary]
This package is acceptable for MIR, with my only concern being the very
long period between releases upstream, and the lack of upstream commits
pulled into Debian and/or Ubuntu between upstream releases.
This does need a security review, so I'll assign ubuntu-security after
the next MIR team mtg, if the team agrees with my review.
Notes/TODOs:
As I'm new to the MIR team, I am making this approval conditional on
MIR team review of my review at the next MIR team mtg.
[Duplication] on/steps for similar functionality; this package
- There is no other package in main providing the same functionality.
- Note: as with my review for realmd, it is possible perform manual
configurati
automates and simplifies much of the manual work.
[Dependencies]
OK:
- no other Dependencies to MIR due to this
- includes build dep from universe, but all binary deps are from main
- no -dev/-debug/-doc packages that need exclusion
[Embedded sources and static linking]
OK:
- no embedded source present
- no static linking
[Security]
OK:
- history of CVEs does not look concerning
- does not run a daemon as root
- does not use webkit1,2
- does not use lib*v8 directly
- does not open a port
- does not process arbitrary web content
- does not use centralized online accounts
- does not integrate arbitrary javascript into the desktop
Problems:
- does parse data formats
- does deal with system authentication (eg, pam), etc)
[Common blockers]
OK:
- does not FTBFS currently
- does have a test suite that runs at build time
- test suite fails will fail the build upon error.
- added forced error to src pkg to verify
- The package has a team bug subscriber
- MIR requestor is subscribed to all realmd bugs in Ubuntu
- not a python package
- not a Go package
Problems:
- does have a test suite that runs as autopkgtest
- this is probably ok, since there are build-time tests run, and this
is a relatively simple package
- no translation present
- translation would be good to have, but probably is not a requirement
as this package provides only a single tool, and that tool is at least
partially used by end-users indirectly through realmd.
[Packaging red flags]
OK:
- Ubuntu does not carry a delta
- symbols tracking not applicable for this kind of code.
- d/watch is present and looks ok
- Upstream update history is good
- the current release is packaged
- promoting this does not seem to cause issues for MOTUs
- rarely, if ever, patched in Ubuntu
- no massive Lintian warnings
- d/rules is rather clean
- Does not have Built-Using
- Not Go Package
Problems:
- Debian update history is slow
- only updates are new upstream releases
- while upstream does commit to git often, upstream releases are sparse
last upstream release was 6 months ago (good) but before that
~3.5 years ago (bad)
- Ubuntu update history is nonexistent
- no Ubuntu patches to package for any currently supported release
[Upstream red flags]
OK:
- no Errors/warnings during the build
- no incautious use of malloc/sprintf (as far as I can check it)
- no use of sudo, gksu, pkexec, or LD_LIBRARY_PATH
- no use of user nobody
- no use of setuid
- no important open bugs...