[MIR] bpftrace
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
bpftrace (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[Availability]
- The package bpftrace is already in Ubuntu universe.
- The package bpftrace build for the architectures it is designed to work on.
- It currently builds and works for architectures: any
- Link to package https:/
[Rationale]
- The package bpftrace is to be supported in Ubuntu main as part of Canonical's
effort to make Ubuntu a great platform for performance engineering.
- There is no other/better way to solve this that is already in main or
should go universe->main instead of this.
- The package bpftrace is required in Ubuntu main as part of the Noble Numbat
realease, and hence should be promoted to main before NN feature freeze.
[Security]
- No CVEs/security issues in this software in the past
- No `suid` or `sgid` binaries
- Binary has *.bt in sbin, this is no problem because these are bpf tracers for
various things, and are part of the expected functionality of the package
- Package does not install services, timers or recurring jobs
- Security has been kept in mind and common isolation/
patterns are in place utilizing the following features:
the package is a debugging tool, and cannot be fully isolated.
- Packages does not open privileged ports (ports < 1024).
- Package does not expose any external endpoints
- Packages does not contain extensions to security-sensitive software
(filters, scanners, plugins, UI skins, ...)
[Quality assurance - function/usage]
- The package works well right after install
[Quality assurance - maintenance]
- The package is maintained well in Debian/
not have too many, long-term & critical, open bugs
- Ubuntu https:/
- Debian https:/
- Upstream's bug tracker: https:/
- The package does not deal with exotic hardware we cannot support
[Quality assurance - testing]
- The package does not run a test at build time
- The package does not run an autopkgtest
- The package does have not failing autopkgtests right now
[Quality assurance - packaging]
- debian/watch is present and works
- debian/control defines a correct Maintainer field
- This package does not yield massive lintian Warnings, Errors
- Please link to a recent build log of the package:
https:/
- Please attach the full output you have got from `lintian --pedantic` as an
extra post to this bug:
```
W: bpftrace source: superfluous-
P: bpftrace source: silent-
```
- Lintian overrides are present, but ok because unstripped binaries are
necessary for bpftrace to function
- This package does not rely on obsolete or about to be demoted packages.
- This package has no python2 or GTK2 dependencies
- The package will not be installed by default
- Packaging and build is easy, link to debian/rules:
```
#!/usr/bin/make -f
%:
dh $@
override_
dh_
STRIP_CMD=strip --keep-
override_
dh_strip -Xbpftrace -Xbpftrace-aotrt
$(STRIP_CMD) debian/
$(STRIP_CMD) debian/
override_
dh_auto_install
rm -rf debian/
# Move binaries to /usr/sbin
mkdir -p debian/
mv debian/
rm -rf debian/
rmdir debian/
```
[UI standards]
- Application is not end-user facing (does not need translation)
[Dependencies]
- There are further dependencies that are not yet in main, MIR for bpfcc is at
LP: #2052813
[Standards compliance]
- This package correctly follows FHS and Debian Policy
[Maintenance/Owner]
- The owning team will be Foundations and I have their acknowledgement for
that commitment
- The future owning team is not yet subscribed, but will subscribe to
the package before promotion
- This does not use static builds
- This does not use vendored code
- This package is not rust based
- The package has been built in the archive more recently than the last
test rebuild
[Background information]
- The Package description explains the package well
- Upstream Name is bpftrace
- Link to upstream project: https:/
- This is part of an effort by Canonical to provide performance tooling
CVE References
description: | updated |
Changed in bpftrace (Ubuntu): | |
assignee: | nobody → James Page (james-page) |
Changed in bpftrace (Ubuntu): | |
status: | New → In Progress |
tags: | added: sec-3898 |
NOTE: bpfcc MIR is WIP, and this have the issue of missing unit tests, and missing autopkgtest to resolve.