Comment 8 for bug 1948748
Revision history for this message
| Steve Langasek (vorlon) wrote Re: [Bug 1948748] Re: [MIR] swtpm | #8 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
a60fb26
(Get the code!)
On Fri, Oct 29, 2021 at 07:04:51AM -0000, Christian Ehrhardt wrote:
> Review for Package: libtpms
> Required TODOs:
> - please package the current v0.9
This has been uploaded.
> - Fix the ppc64 FTBFS
> https:/
I would argue that, given that this is a virtual implementation of hardware
that is not present on the ppc64el architecture, portability to ppc64el
should not be a blocker for MIR. I looked into the failure, but it's
non-trivial; as far as I can tell the current failure is a toolchain bug,
and if I work around it, there is another build failure (Debian bug #997969)
which is also toolchain weirdness. Neither issue indicates a problem with
the quality of the code, so I don't think this should block support of the
package on architectures where it is currently supportable.
> - Track and resolve https:/
> to ensure this works well with openssl3.0 in Ubuntu 22.04
A test build of libtpms 0.9.0 against openssl 3 succeeds (0.8.2 fails).
> Recommended TODOs:
> - Right now it has no autopkgtest, maybe - like swtpm this could at least run
> the build time tests to spot things as early as dependency-update
> instead of "on the next rebuild"?
I've added an autopkgtest now; it's a simple 'make check' which
unfortunately means it builds and tests against a rebuilt library instead of
against the binaries from the archive, but I think this is better than
nothing as a first pass.
> - The package should get a team bug subscriber before being promoted
Foundations is now subscribed.
> Problems:
> - important open bugs (crashers, etc) in Debian or Ubuntu
> IMHO there is one worthile to track (but no immediate action needed)
> FIPS: https:/
Well, as far as I'm aware Canonical has no product for FIPS certification of
a virtualization stack, so I don't see any reason that FIPS for libtpms
would be "important" for us.
On Thu, Oct 28, 2021 at 12:35:24PM -0000, Christian Ehrhardt wrote:
> FYI - via discussion we found that swtpm-tools will be needed, that
> either needs to get the dependencies adapted (to not depend on gnutls-
> bin or have them not depend on libopts25) or to promote those as well.
> I'll re-evaluate swtpm with that in mind and update my former post
> (probably tomorrow).
swtpm 0.6.1-0ubuntu4 now uploaded to trade the gnutls-bin dependency for
openssl.
On Thu, Oct 28, 2021 at 10:07:58AM -0000, Christian Ehrhardt wrote:
> Required TODOs:
> - Please fixup the user/group creation (see bug 1949060)
This is done.
> - libtpms-dev doesn't exist on ppc64el and thereby IMHO blocks too many
> important use cases from being generally working. Please investigate to
> add that and/or explain why this shall be considered not a problem.
Discussed above.
> - The autopkgtest suite needs to pass (actually run) on arm64 (stalled
> by long queue)
This has passed now (several times, in fact).
> Recommended TODOs:
> - While the lib is internal, .symbols tracking usually is cheap and protects
> even internal libs from some mistakes, consider adding it.
I disagree that this is worthwhile; any changes to the symbols of an
internal library that cause us to have to make changes to a symbols file are
busywork.
> - Version 0.7.0 seems rather close please update it later this cycle
> https:/
Thanks, will track.
> - The package should get a team bug subscriber before being promoted
> Right now I do not see it subscribed by "foundations-bugs" yet
Foundations is now subscribed.
> - evaluate the possibility and impact of having "tcsd" in the build environment
The problem is that the trousers package is itself buggy and frequently
fails to install, so build-depending on it for the testsuite is not an
improvement in QA.
I believe that addresses everything except for the security review.