[MIR] sysprof
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
sysprof (Ubuntu) |
New
|
Undecided
|
Ubuntu Security Team |
Bug Description
[Availability]
The package sysprof is already in Ubuntu universe.
The package sysprof build for the architectures it is designed to work on.
It currently builds and works for all Ubuntu architectures.
Link to package https:/
[Rationale]
- The package sysprof is required in Ubuntu main
- The package sysprof will not generally be useful for a large part of our user base, but is important/helpful still because it is part of an Ubuntu initiative to focus on performance engineering, both for Ubuntu itself and for developers who build their projects on top of Ubuntu. The size of the sysprof app is fairly small and we envision sysprof as the latest of the small utilities that are included in a default Ubuntu desktop. (Disk Usage Analyzer [baobab] is another one of these utilities.)
+ Related to https:/
- There is no other/better way to solve this that is already in main or should go universe->main instead of this.
- The package sysprof is required in Ubuntu main no later than August 15 due to a Ubuntu Desktop goal of including sysprof in the default 24.10 install.
- The binary package sysprof needs to be in main to achieve the goal of providing a GUI performance profiling tool (command-line tools were included by default in Ubuntu 24.04 LTS, but the Desktop Team and others did not have the capacity to also handle getting sysprof into the default install then.)
[Security]
- No CVEs/security issues in this software in the past
+ https:/
+ https:/
- no `suid` or `sgid` binaries
- no executables in `/sbin` and `/usr/sbin`
- Package does install services, timers or recurring jobs
+ /usr/lib/
+ /usr/libexec/
+ /usr/share/
- Security has been kept in mind and common isolation/
+ App uses /usr/share/
- Package does not open privileged ports (ports < 1024).
- Package does not expose any external endpoints
- Package makes use of ptracing in the Linux kernel because it is required for the system-wide profiling feature that is essential to this app. I recommend Security Team review.
[Quality assurance - function/usage]
- The package works well right after install
[Quality assurance - maintenance]
- The package is maintained well in Debian/
- Ubuntu https:/
- Debian https:/
- Upstream https:/
- The package does not deal with exotic hardware we cannot support
[Quality assurance - testing]
- The package runs a test suite on build time, if it fails it makes the build fail, link to build log
https:/
- The package runs an autopkgtest, and is currently passing on all architectures except for i386
https:/
- We also will do manual testing of the GUI app
https:/
[Quality assurance - packaging]
- debian/watch is present and works
- debian/control defines a correct Maintainer field
- This package does not yield massive lintian Warnings, Errors
- Please link to a recent build log of the package
https:/
- Please attach the full output you have got from `lintian --pedantic` as an extra post to this bug.
- Lintian overrides are present, but ok because the overrides document why those Lintian warnings should be ignored.
- This package does not rely on obsolete or about to be demoted packages.
- This package has no python2 or GTK2 dependencies
- The package will be installed by default, but does not ask debconf questions
- Packaging and build is easy, link to debian/rules
https:/
[UI standards]
- Application is end-user facing, Translation is present, via standard gettext system
- End-user applications that ships a standard conformant desktop file
+ /usr/share/
[Dependencies]
- There are further runtime dependencies that are not yet in main
+ MIR for libdex is at LP: #2066262
+ MIR for libpanel is at LP: #2066272
[Standards compliance]
- This package correctly follows FHS and Debian Policy
[Maintenance/Owner]
- The owning team will be Ubuntu Desktop (~desktop-packages) and I have their acknowledgement for that commitment
- The future owning team is not yet subscribed, but will subscribe to the package before promotion
- This does not use static builds
- This does not use vendored code
- This package is not rust based
- The package has been built in the archive more recently than the last test rebuild
[Background information]
- The Package description explains the package well
- Upstream Name is sysprof
- Link to upstream project https:/
- There is a very large number of overrides in Ubuntu's supported seed to demote library -dev packages to universe to keep libsysprof-
https:/
description: | updated |
Changed in sysprof (Ubuntu): | |
assignee: | nobody → Jeremy Bícha (jbicha) |
description: | updated |
Changed in sysprof (Ubuntu): | |
assignee: | Jeremy Bícha (jbicha) → nobody |
Changed in sysprof (Ubuntu): | |
assignee: | nobody → Christian Ehrhardt (paelzer) |
description: | updated |
tags: | added: sec-4574 |
Running lintian... -version 4.7.0 (current is 4.6.2) sysprof- agent] entry-lacks- keywords- entry [usr/share/ applications/ org.gnome. Sysprof. desktop] tests/control] service- file-missing- documentation- key [usr/lib/ systemd/ system/ sysprof3. service] manual- page [debian/ sysprof- cli.1] manual- page [debian/sysprof.1] does-not- install- examples [examples/] 6-modules: lacks-ldconfig- trigger usr/lib/ x86_64- linux-gnu/ libsysprof- memory- 6.so usr/lib/ x86_64- linux-gnu/ libsysprof- speedtrack- 6.so usr/lib/ x86_64- linux-gnu/ libsysprof- tracer- 6.so 6-modules: no-shlibs usr/lib/ x86_64- linux-gnu/ libsysprof- memory- 6.so 6-modules: no-shlibs usr/lib/ x86_64- linux-gnu/ libsysprof- speedtrack- 6.so 6-modules: no-shlibs usr/lib/ x86_64- linux-gnu/ libsysprof- tracer- 6.so 6-modules: no-symbols- control- file usr/lib/ x86_64- linux-gnu/ libsysprof- memory- 6.so 6-modules: no-symbols- control- file usr/lib/ x86_64- linux-gnu/ libsysprof- speedtrack- 6.so 6-modules: no-symbols- control- file usr/lib/ x86_64- linux-gnu/ libsysprof- tracer- 6.so 6-modules: package- name-doesnt- match-sonames libsysprof-memory-6 libsysprof- speedtrack- 6 libsysprof-tracer-6 service- file-missing- install- key [usr/lib/ systemd/ system/ sysprof3. service]
W: sysprof source: newer-standards
W: sysprof: no-manual-page [usr/bin/
I: sysprof: desktop-
I: sysprof source: superficial-tests [debian/
I: sysprof: systemd-
P: sysprof source: maintainer-
P: sysprof source: maintainer-
P: sysprof source: package-
N: these are LD_PRELOAD modules, not libraries
O: libsysprof-
O: libsysprof-
O: libsysprof-
O: libsysprof-
O: libsysprof-
O: libsysprof-
O: libsysprof-
O: libsysprof-
N: sysprofd is D-Bus-activated and does not need to be started during boot.
O: sysprof: systemd-