© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0f7b58d
(Get the code!)
[Availability]
The package trace-cmd is already in Ubuntu universe (Debian sync)
The package trace-cmd build for the architectures it is designed to work on.
It currently builds and works for architectures: amd64, arm64, armhf, ppc64el, riscv64, s390x
Link to package https:/
[Rationale]
- The package trace-cmd is required in Ubuntu main to help improve the experience of performance engineers working with Ubuntu
- The package trace-cmd will not generally be useful for a large part of our user base, but is helpful still because it will help enhance application developer experience while trying to find performance gain.
- There is no other/better way to solve this that is already in main or should go universe->main instead of this.
- The package trace-cmd is required in Ubuntu main no later than Feb 29 2024 (Feature Freeze) due to the will to have performance/tracing tools in Noble (LTS).
[Security]
- No CVEs/security issues in this software in the past. But one bug regarding a buffer overflow was found (see LP: #1955129) but not clearly identified as CVE/security bug.
- No `suid` or `sgid` binaries
- No executable in `/sbin` and `/usr/sbin`
- Package does not install services, timers or recurring jobs.
- Based on some quick tests, it looks like running trace-cmd is only making sense if run as root.
- Package can open privileged ports (ports < 1024) to listen for incoming connections to receive traces.
- I did not notice any use of apparmor/seccomp or any feature that could help mitigate an exploitation.
- Based on the previous elements, a more in-depth security review might be recommended.
- Packages does not contain extensions to security-sensitive software (filters, scanners, plugins, UI skins, ...)
[Quality assurance - function/usage]
- The package works well right after install
[Quality assurance - maintenance]
- The package is maintained well in Debian/
not have too many, long-term & critical, open bugs
- Ubuntu https:/
- Debian https:/
- Upstream's bug tracker https:/
- The package does not deal with exotic hardware we cannot support
[Quality assurance - testing]
- The package does have a test suite but it is not run at build time. I will submit a patch to do so.
- The package runs an autopkgtest, but is a "superficial" one. It is currently passing on amd64, arm64, ppc64el, s390x:
- https:/
- https:/
- https:/
- https:/
- The package does have failing autopkgtests for armhf tests right now, but it seems they always failed. A quick look at the error (Permission denied) suggest it might be fixable.
[Quality assurance - packaging]
- debian/watch is present and works
- debian/control defines a correct Maintainer field
- This package does not yield massive lintian Warnings, Errors
- Lintian overrides are not present
- This package does not rely on obsolete or about to be demoted packages.
- The package will not be installed by default
- Packaging and build is easy https:/
[UI standards]
- Application is not end-user facing (does not need translation)
[Dependencies]
- There are further dependencies that are not yet in main, MIR for them will follow:
- libtraceevent
- libtracefs
[Standards compliance]
- This package correctly follows FHS and Debian Policy
[Maintenance/Owner]
- The owning team will be Foundations and I have their acknowledgement for that commitment
- The future owning team is not yet subscribed, but will subscribe to the package before promotion
- The current bug subscriber (~chasedouglas) does not seem to be active anymore. Should we replace them by someone else?
- This does not use static builds
- This does not use vendored code
- The package was test rebuilt in a PPA recently https:/
[Background information]
The Package description explains the package well.
Upstream Name is trace-cmd
Link to upstream project https:/