[Availability]
The package trace-cmd is already in Ubuntu universe (Debian sync)
The package trace-cmd build for the architectures it is designed to work on.
It currently builds and works for architectures: amd64, arm64, armhf, ppc64el, riscv64, s390x
Link to package https://launchpad.net/ubuntu/+source/trace-cmd
[Rationale]
- The package trace-cmd is required in Ubuntu main to help improve the experience of performance engineers working with Ubuntu
- The package trace-cmd will not generally be useful for a large part of our user base, but is helpful still because it will help enhance application developer experience while trying to find performance gain.
- There is no other/better way to solve this that is already in main or should go universe->main instead of this.
- The package trace-cmd is required in Ubuntu main no later than Feb 29 2024 (Feature Freeze) due to the will to have performance/tracing tools in Noble (LTS).
[Security]
- No CVEs/security issues in this software in the past. But one bug regarding a buffer overflow was found (see LP: #1955129) but not clearly identified as CVE/security bug.
- No `suid` or `sgid` binaries
- No executable in `/sbin` and `/usr/sbin`
- Package does not install services, timers or recurring jobs.
- Based on some quick tests, it looks like running trace-cmd is only making sense if run as root.
- Package can open privileged ports (ports < 1024) to listen for incoming connections to receive traces.
- I did not notice any use of apparmor/seccomp or any feature that could help mitigate an exploitation.
- Based on the previous elements, a more in-depth security review might be recommended.
- Packages does not contain extensions to security-sensitive software (filters, scanners, plugins, UI skins, ...)
[Quality assurance - function/usage]
- The package works well right after install
[Quality assurance - packaging]
- debian/watch is present and works
- debian/control defines a correct Maintainer field
- This package does not yield massive lintian Warnings, Errors
- Lintian overrides are not present
- This package does not rely on obsolete or about to be demoted packages.
- The package will not be installed by default
- Packaging and build is easy https://git.launchpad.net/ubuntu/+source/trace-cmd/tree/debian/rules
[UI standards]
- Application is not end-user facing (does not need translation)
[Dependencies]
- There are further dependencies that are not yet in main, MIR for them will follow:
- libtraceevent
- libtracefs
[Standards compliance]
- This package correctly follows FHS and Debian Policy
[Maintenance/Owner]
- The owning team will be Foundations and I have their acknowledgement for that commitment
- The future owning team is not yet subscribed, but will subscribe to the package before promotion
- The current bug subscriber (~chasedouglas) does not seem to be active anymore. Should we replace them by someone else?
- This does not use static builds
- This does not use vendored code
- The package was test rebuilt in a PPA recently https://launchpadlibrarian.net/712030593/buildlog_ubuntu-noble-amd64.trace-cmd_3.2-1build1_BUILDING.txt.gz
[Availability] /launchpad. net/ubuntu/ +source/ trace-cmd
The package trace-cmd is already in Ubuntu universe (Debian sync)
The package trace-cmd build for the architectures it is designed to work on.
It currently builds and works for architectures: amd64, arm64, armhf, ppc64el, riscv64, s390x
Link to package https:/
[Rationale]
- The package trace-cmd is required in Ubuntu main to help improve the experience of performance engineers working with Ubuntu
- The package trace-cmd will not generally be useful for a large part of our user base, but is helpful still because it will help enhance application developer experience while trying to find performance gain.
- There is no other/better way to solve this that is already in main or should go universe->main instead of this.
- The package trace-cmd is required in Ubuntu main no later than Feb 29 2024 (Feature Freeze) due to the will to have performance/tracing tools in Noble (LTS).
[Security]
- No CVEs/security issues in this software in the past. But one bug regarding a buffer overflow was found (see LP: #1955129) but not clearly identified as CVE/security bug.
- No `suid` or `sgid` binaries
- No executable in `/sbin` and `/usr/sbin`
- Package does not install services, timers or recurring jobs.
- Based on some quick tests, it looks like running trace-cmd is only making sense if run as root.
- Package can open privileged ports (ports < 1024) to listen for incoming connections to receive traces.
- I did not notice any use of apparmor/seccomp or any feature that could help mitigate an exploitation.
- Based on the previous elements, a more in-depth security review might be recommended.
- Packages does not contain extensions to security-sensitive software (filters, scanners, plugins, UI skins, ...)
[Quality assurance - function/usage]
- The package works well right after install
[Quality assurance - maintenance] Ubuntu/ Upstream and does /bugs.launchpad .net/ubuntu/ +source/ trace-cmd/ +bug /bugs.debian. org/cgi- bin/pkgreport. cgi?src= trace-cmd /bugzilla. kernel. org/buglist. cgi?component= Trace-cmd% 2FKernelshark
- The package is maintained well in Debian/
not have too many, long-term & critical, open bugs
- Ubuntu https:/
- Debian https:/
- Upstream's bug tracker https:/
- The package does not deal with exotic hardware we cannot support
[Quality assurance - testing] /autopkgtest. ubuntu. com/results/ autopkgtest- noble/noble/ amd64/t/ trace-cmd/ 20240117_ 073638_ c1c31@/ log.gz /autopkgtest. ubuntu. com/results/ autopkgtest- noble/noble/ arm64/t/ trace-cmd/ 20240119_ 054257_ 84abe@/ log.gz /autopkgtest. ubuntu. com/results/ autopkgtest- noble/noble/ ppc64el/ t/trace- cmd/20240117_ 070636_ bdbfa@/ log.gz /autopkgtest. ubuntu. com/results/ autopkgtest- noble/noble/ s390x/t/ trace-cmd/ 20240117_ 070802_ 84abe@/ log.gz
- The package does have a test suite but it is not run at build time. I will submit a patch to do so.
- The package runs an autopkgtest, but is a "superficial" one. It is currently passing on amd64, arm64, ppc64el, s390x:
- https:/
- https:/
- https:/
- https:/
- The package does have failing autopkgtests for armhf tests right now, but it seems they always failed. A quick look at the error (Permission denied) suggest it might be fixable.
[Quality assurance - packaging] /git.launchpad. net/ubuntu/ +source/ trace-cmd/ tree/debian/ rules
- debian/watch is present and works
- debian/control defines a correct Maintainer field
- This package does not yield massive lintian Warnings, Errors
- Lintian overrides are not present
- This package does not rely on obsolete or about to be demoted packages.
- The package will not be installed by default
- Packaging and build is easy https:/
[UI standards]
- Application is not end-user facing (does not need translation)
[Dependencies]
- There are further dependencies that are not yet in main, MIR for them will follow:
- libtraceevent
- libtracefs
[Standards compliance]
- This package correctly follows FHS and Debian Policy
[Maintenance/Owner] /launchpadlibra rian.net/ 712030593/ buildlog_ ubuntu- noble-amd64. trace-cmd_ 3.2-1build1_ BUILDING. txt.gz
- The owning team will be Foundations and I have their acknowledgement for that commitment
- The future owning team is not yet subscribed, but will subscribe to the package before promotion
- The current bug subscriber (~chasedouglas) does not seem to be active anymore. Should we replace them by someone else?
- This does not use static builds
- This does not use vendored code
- The package was test rebuilt in a PPA recently https:/
[Background information] /git.kernel. org/pub/ scm/utils/ trace-cmd/ trace-cmd. git/
The Package description explains the package well.
Upstream Name is trace-cmd
Link to upstream project https:/