[MIR] u-boot-menu

Bug #1907284 reported by Dimitri John Ledkov
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
u-boot-menu (Ubuntu)
Fix Released
Undecided
Unassigned
Focal
Fix Released
Undecided
Unassigned

Bug Description

[Availability]

In universe.

[Rationale]

Devices that have u-boot (such as HiFive SiFive boards in their onboard SPI flash) can discover and use extlinux/extlinux.conf config file to render a boot menu and give users interactive choice of kernels to boot.

This is similar to `update-grub` functionality for the grub based bootloaders that find all the kernels and generate `Ubuntu` menuentry.

It is a trivial shell script, that is maintained as a Debian native package to automatically integrated with kernel postinst scripts to generate said config file automatically upon kernel installs.

Thus this package is intended to be seeded on the uboot based preinstalled ubuntu-server images such as riscv64 one.

[Security]

Faily minimal shell script, with an optional configuration file (for overrides, unused by default) that is executed as root as part of kernel postinst machinery.

[Quality assurance]

Maintained in Debian, and in Ubuntu by Foundations Team.

[Dependencies]

It's fairly freestanding, depends on linux-base only. As bootloader is expected to be provided externally which will discover, parse, and use the conf file this package generates in /boot.

[Standards compliance]

Adheres to the Debian Policy.
[Maintenance]

[Background information]

In use on riscv64 ubuntu-cpc cloud-images & preinstalled ubuntu-server.

Changed in u-boot-menu (Ubuntu):
assignee: nobody → Dan Streetman (ddstreet)
Revision history for this message
Dan Streetman (ddstreet) wrote :

[Summary]
This is a small package that provides only a bash script and some
kernel postinst/prerm hooks.

There are no concerning problems with the package, so ACK from MIR team.

As this script deals with configuration of the boot-time menu, and thus
affects code started at boot time, this does need a security review,
so I'll assign ubuntu-security

List of specific binary packages to be promoted to main: u-boot-menu

Notes:
There are 2 identified issues (aside from needing security review),
as listed in the details below, but I don't feel either are
important enough to block MIR:

1. There is no build-time or autopkgtest test cases, but this is a
single simple script.

2. The Ubuntu devel version lags behind Debian but only by a single
minor version.

[Duplication]
There is no other package in main providing the same functionality.

[Dependencies]
OK:
- no other Dependencies to MIR due to this
- no -dev/-debug/-doc packages that need exclusion

[Embedded sources and static linking]
OK:
- no embedded source present
- no static linking

[Security]
OK:
- no CVEs found
- does not run a daemon as root
- does not use webkit1,2
- does not use lib*v8 directly
- does not parse data formats
- does not open a port
- does not process arbitrary web content
- does not use centralized online accounts
- does not integrate arbitrary javascript into the desktop
- does not deal with system authentication (eg, pam), etc)

Problems:
- does involve control of boot

[Common blockers]
OK:
- does not FTBFS currently
- The package has a team bug subscriber
- no translation present, but none needed for this case
- not a python/go package, no extra constraints to consider int hat regard

Problems:
- does not have a test suite that runs at build time
- does not have a test suite that runs as autopkgtest

[Packaging red flags]
OK:
- Ubuntu does carry a delta, but it is reasonable and maintenance under control
- symbols tracking not applicable for this kind of code.
- d/watch not applicable, native package
- Upstream update history is good
- Debian/Ubuntu update history is good
- promoting this does not seem to cause issues for MOTUs that so far
  maintained the package
- no massive Lintian warnings
- d/rules is rather clean
- Does not have Built-Using
- Not Go Package

Problems:
- the current release is not packaged in hirsute, but 1 minor version behind

[Upstream red flags]
OK:
- no Errors/warnings during the build
- no incautious use of malloc/sprintf (as far as I can check it)
- no use of sudo, gksu, pkexec, or LD_LIBRARY_PATH
- no use of user nobody
- no use of setuid
- no important open bugs (crashers, etc) in Debian or Ubuntu
- no dependency on webkit, qtwebkit, seed or libgoa-*
- not part of the UI for extra checks

Changed in u-boot-menu (Ubuntu):
assignee: Dan Streetman (ddstreet) → Ubuntu Security Team (ubuntu-security)
Changed in u-boot-menu (Ubuntu):
assignee: Ubuntu Security Team (ubuntu-security) → nobody
Revision history for this message
Seth Arnold (seth-arnold) wrote :

This is a short and sweet package, so I'll skip the full boilerplate:

No cves, no setuid executables, no use of complex frameworks, no sudo fragments, no initscripts or systemd units, it's really just a few shellscripts that look like they were well-written.

I wish it were a quilt package rather than a patchless package but changing that just on the off-chance that we have to do work on this is probably more work than it deserves.

There were some shellcheck results, but they're probably not security critical, there shouldn't be untrusted inputs into this tool.

Security team ACK for promoting u-boot-menu to main.

Thanks

shellcheck results (I trimmed it a bit):

./u-boot-update:100:8: note: read without -r will mangle backslashes. [SC2162]
./u-boot-update:103:1: note: read without -r will mangle backslashes. [SC2162]
./u-boot-update:103:24: warning: _FS_VFSTYPE appears unused. Verify it or export it. [SC2034]
./u-boot-update:103:36: warning: _FS_MNTOPS appears unused. Verify it or export it. [SC2034]
./u-boot-update:103:47: warning: _FS_FREQ appears unused. Verify it or export it. [SC2034]
./u-boot-update:103:56: warning: _FS_PASSNO appears unused. Verify it or export it. [SC2034]
./u-boot-update:121:15: note: To read lines rather than words, pipe/redirect to a 'while read' loop. [SC2013]
./u-boot-update:172:27: note: Double quote to prevent globbing and word splitting. [SC2086]
./u-boot-update:178:23: note: Double quote to prevent globbing and word splitting. [SC2086]
./u-boot-update:178:40: note: Double quote to prevent globbing and word splitting. [SC2086]
./u-boot-update:178:52: note: Double quote to prevent globbing and word splitting. [SC2086]
./u-boot-update:181:25: note: Double quote to prevent globbing and word splitting. [SC2086]
./u-boot-update:181:42: note: Double quote to prevent globbing and word splitting. [SC2086]
./u-boot-update:184:25: note: Double quote to prevent globbing and word splitting. [SC2086]
./u-boot-update:184:42: note: Double quote to prevent globbing and word splitting. [SC2086]
./u-boot-update:194:10: note: Double quote to prevent globbing and word splitting. [SC2086]
./u-boot-update:209:10: note: Double quote to prevent globbing and word splitting. [SC2086]
./u-boot-update:220:26: note: See if you can use ${variable//search/replace} instead. [SC2001]
./u-boot-update:220:31: note: Double quote to prevent globbing and word splitting. [SC2086]
./u-boot-update:225:14: note: $/${} is unnecessary on arithmetic variables. [SC2004]
./zz-sync-dtb:30:17: note: Double quote to prevent globbing and word splitting. [SC2086]

Changed in u-boot-menu (Ubuntu):
status: New → In Progress
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

This is in component mismatches, thereby Fix Committed and ready for an AA to promote.

Changed in u-boot-menu (Ubuntu):
status: In Progress → Fix Committed
Revision history for this message
Matthias Klose (doko) wrote :

Override component to main
u-boot-menu 4.0.2ubuntu3 in hirsute: universe/misc -> main
u-boot-menu 4.0.2ubuntu3 in hirsute amd64: universe/admin/optional/100% -> main
u-boot-menu 4.0.2ubuntu3 in hirsute arm64: universe/admin/optional/100% -> main
u-boot-menu 4.0.2ubuntu3 in hirsute armhf: universe/admin/optional/100% -> main
u-boot-menu 4.0.2ubuntu3 in hirsute i386: universe/admin/optional/100% -> main
u-boot-menu 4.0.2ubuntu3 in hirsute ppc64el: universe/admin/optional/100% -> main
u-boot-menu 4.0.2ubuntu3 in hirsute riscv64: universe/admin/optional/100% -> main
u-boot-menu 4.0.2ubuntu3 in hirsute s390x: universe/admin/optional/100% -> main
8 publications overridden.

Changed in u-boot-menu (Ubuntu):
status: Fix Committed → Fix Released
Revision history for this message
Łukasz Zemczak (sil2100) wrote :

As we're backporting riscv unmatched board support to 20.04.3, along with the hirsute version of the package, we will need to promote u-boot-menu from universe to main in focal-proposed (and focal-updates then). There are no real rdeps of this - and since the package is identical to the one in hirsute that is already in main, let me perform the promotion.

Revision history for this message
Łukasz Zemczak (sil2100) wrote :

Override component to main
u-boot-menu 4.0.2ubuntu5~20.04.1 in focal: universe/misc -> main
u-boot-menu 4.0.2ubuntu5~20.04.1 in focal amd64: universe/admin/optional/100% -> main
u-boot-menu 4.0.2ubuntu5~20.04.1 in focal arm64: universe/admin/optional/100% -> main
u-boot-menu 4.0.2ubuntu5~20.04.1 in focal armhf: universe/admin/optional/100% -> main
u-boot-menu 4.0.2ubuntu5~20.04.1 in focal i386: universe/admin/optional/100% -> main
u-boot-menu 4.0.2ubuntu5~20.04.1 in focal ppc64el: universe/admin/optional/100% -> main
u-boot-menu 4.0.2ubuntu5~20.04.1 in focal riscv64: universe/admin/optional/100% -> main
u-boot-menu 4.0.2ubuntu5~20.04.1 in focal s390x: universe/admin/optional/100% -> main
Override [y|N]? y
8 publications overridden.

Changed in u-boot-menu (Ubuntu Focal):
status: New → Fix Released
Revision history for this message
Steve Beattie (sbeattie) wrote :

Łukasz, the Ubuntu Security Team is indeed okay with promoting this to main for focal as well. Thanks.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers