[MIR] provd
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
provd (Ubuntu) |
New
|
Undecided
|
Ubuntu Security Team |
Bug Description
[Availability]
- The package provd is already in Ubuntu universe.
- The package provd build for the architectures it is designed to work on.
It currently builds and works for architectures: amd64 arm64 armhf ppc64el riscv64 s390x
Link to package https:/
[Rationale]
- The package provd is required in Ubuntu main for our new 'initial setup' desktop experience
- Package provd covers the same use case as gnome-initial-setup and oem-config, but is better
because it's more consistent with the rest of our provisioning flow. It also allows us to
implement ubuntu specific functionalities like Ubuntu Pro integration without having
to distro patch diverge an upstream project, thereby we want to replace it.
The provd package is the backend side implementation, the UI is provided by the
ubuntu-
- We will demote gnome-initial-setup and ubiquity/oem-config as a result
- The binary package provd needs to be in main as it will provide the backend used
but the Ubuntu Desktop initial setup GUI.
- The package provd is required in Ubuntu main no later than August 15th (oracular feature freeze)
[Security]
- No CVEs/security issues in this software in the past (which is to be expected since it's a new codebase made for Ubuntu which hasn't been used yet)
- it provides `/usr/libexec/
- no executables in `/sbin` and `/usr/sbin`
- Package does not install services, timers or recurring jobs
- Packages does not open privileged ports (ports < 1024).
- Package does not expose any external endpoints
- Packages does not contain extensions to security-sensitive software
[Quality assurance - function/usage]
- The package works well right after install
[Quality assurance - maintenance]
- The package is maintained well in Ubuntu as a Canonical project. It has currently no open bug on launchpad and a few non-major ones on github. The package is not in Debian since it's an Ubuntu specific component.
- Ubuntu https:/
- Upstream's bug tracker, https:/
- The package has currently no important open bugs reported
- The package does not deal with exotic hardware we cannot support
[Quality assurance - testing]
- The package runs a test suite on build time, if it fails
it makes the build fail, link to build log https:/
- The package runs an autopkgtest, and is currently passing on
amd64 arm64 armhf ppc64el riscv64 s390x, link to test logs https:/
- The package does have not failing autopkgtests right now
[Quality assurance - packaging]
- debian/watch is not present because it is a native package
- debian/control defines Ubuntu Developers as Maintainer
- This package does only has minor lintian warnings
- Please link to a recent build log of the package https:/
- `lintian --pedantic` log
# lintian --pedantic provd_0.
E: provd source: mail-address-
E: provd: mail-address-
E: provd-dbgsym: mail-address-
E: provd changes: mail-address-
W: provd: debian-
W: provd source: no-nmu-in-changelog [debian/
W: provd source: source-
Those are noise or infra issues
- This package does not rely on obsolete or about to be demoted packages.
- This package has no python2 or GTK2 dependencies
- The package will be installed by default, but does not ask debconf questions
- Packaging and build is easy, link to debian/rules https:/
[UI standards]
- Application is not end-user facing (does not need translation)
[Dependencies]
- No further depends or recommends dependencies that are not yet in main
[Standards compliance]
- This package correctly follows FHS and Debian Policy
[Maintenance/Owner]
- The owning team will be desktop-packages and I have their acknowledgement for that commitment
- The future owning team is already subscribed to the package
- This does not use static builds
TODO: - This package uses vendored go code tracked in go.sum as shipped in the
TODO: package, refreshing that code is outlined in debian/
- This package is not rust based
- The package has been built in the archive more recently than the last test rebuild
[Background information]
The Package description explains the package well
Upstream Name is ubuntu-
Link to upstream project https:/
Changed in provd (Ubuntu): | |
assignee: | nobody → Lukas Märdian (slyon) |
tags: | added: sec-4374 |
Review for Source Package: provd
[Summary] setup, but enhanced by Ubuntu Pro components initial- setup" and "oem-config" in main.
This is the backend for Ubuntu "initial setup" provisioning story for Desktop
systems, similar to gnome-initial-
and others. It's a relatively new Ubuntu native package, supposed to replace
"gnome-
MIR team ACK under the constraint to resolve the below listed
required TODOs and as much as possible having a look at the
recommended TODOs.
This does need a security review, so I'll assign ubuntu-security
List of specific binary packages to be promoted to main: provd
Specific binary packages built, but NOT to be promoted to main: <None>
Notes: desktop- init" snap?
#0 Generic questions
#0.a Why not ship this as part of the "ubuntu-
(i.e. together with its frontend)
#0.b Could you please briefly differentiate this tool from cloud-init,
which is also used as part of the new Desktop installer?
#1 team bug subscriber ~desktop-packages is already subscribed
Required TODOs: initial- setup" needs to be dropped initial- setup" & "oem-config" need to be demoted README. source) that explains how to refresh the vendored sources
#2 Dependency on "gnome-
#3 "gnome-
#4 Improve Go packaging, I'm not an expert here, but I think we should at least have an "Built-Using" in debian/control, to indicate the toolchain that was used to build this
#5 Add files (debian/
#5.a Please give rational why all the vendoring is needed (c.f. recommendation #6)
Recommended TODOs: Built-Using" in debian/control to avoid some vendoring desktop- init" snap), in addition to the "go test" unit-tests.
#6 Consider using more "golang-*-dev" packages from the archive where possible, indicated by "Static-
#7 Consider using more mitigation features (dropping permissions, using temporary environments, restricted users/groups, seccomp, systemd isolation features, apparmor, ...), especially setting suid via systemd
#8 Consider running more complex integration tests as autopkgtest (e.g. integration with the ubuntu-
#9 Consider fixing some of the lintian warnings (see "Packaging red flags" below)
#10 Consider fixing some of the build-time warnings (see "Upstream red flags" below)
[Rationale, Duplication and Ownership]
- A team is committed to own long term maintenance of this package. (~desktop-packages)
- The rationale given in the report seems valid and useful for Ubuntu
Problems:
- Depends on gnome-initial-setup
- There are other package in main providing the same functionality.
=> gnome-initial-setup and ubiquity/oem-config (to be demoted)
=> cloud-init (used in desktop-installer) – please differentiate
[Dependencies]
OK:
- no other Dependencies to MIR due to this
- SRCPKG checked with `check-mir`
- all dependencies can be found in `seeded-in-ubuntu` (already in main)
- none of the (potentially auto-generated) dependencies (Depends
and Recommends) that are present after build are not in main
- no -dev/-debug/-doc packages that need exclusion
- No dependencies in main that are only superficially tested requiring
more tests now.
Problems: None
[Embedded sources and static linking]
Problems:
- embedded source present
- static linking
- lacking [S...