[MIR] usrmerge

Bug #1906671 reported by Dimitri John Ledkov
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
debootstrap (Ubuntu)
Fix Released
Undecided
Unassigned
ubuntu-meta (Ubuntu)
Fix Released
Undecided
Unassigned
usrmerge (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

[Availability]

In universe.

[Rationale]

Since Disco, Ubuntu has defaulted to merged usr systems, specifically that /lib is a symlink to /usr/lib.

However, we have not yet completed this transition for systems that were installed pre-disco.

This package performs such transition using maintainer scripts. It has been tested and improved thoroughly and has managed to work with all sorts of packages that happened to be installed on the system.

For systems that were installed post disco, this package is effectively a no-op. Systems that use nfs mounting with split /usr care must be taken to ensure that initrd mounts nfs-backed /usr. The package aborts configuration if such rare configuration is detected to avoid potentially bracking reboot.

For all other systems, we always provide a fallback initrd which has been mounting both / and /usr whenever possible.

[Security]

The package ships two perl scripts, which are executed by root from maintainer scripts.

[Quality assurance]

There is debconf question one can preseed to prevent the migration, there is README.Debian explaining what it does and how. It is a one-way / one-time migration, removing the package will not undo the migration.

[Dependencies]

Perl, and many documented conflicts to ensure that usrmerge compatible packages are on disk prior to migration.

[Standards compliance]

Adheres to Debian Policy.

[Maintenance]

Maintained in Debian, merged and supported by Foundations, foundations-bugs is subscribed.

[Background information]

This will complete usrmerge migration, and will allow to switch buildds to build packages with merged-usr by default.

Tags: hirsute
Changed in usrmerge (Ubuntu):
status: Incomplete → Confirmed
Changed in usrmerge (Ubuntu):
status: Confirmed → New
Changed in usrmerge (Ubuntu):
assignee: nobody → Dan Streetman (ddstreet)
Revision history for this message
Dan Streetman (ddstreet) wrote :
Download full text (3.8 KiB)

[Summary]
This is a small package which installs only only 2 perl scripts,
which are called only from maintainer scripts.

I don't see any security aspect of this package which would
require a review by the security team.

There is only one issue I see as potentially blocking MIR,
that the two installed perl scripts are in /usr/lib.

The FHS appears to prefer that binaries/scripts that are not
intended for direct user use should be located in /usr/libexec
instead of /usr/lib, though it does still allow use of /usr/lib.
But it does state, both for /usr/lib and /usr/libexec, that the
application should use a single subdirectory. While it does not
explicitly state that applications must use a single subdirectory
instead of placing files directly into /usr/lib, my reading of
it infers that.
https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch04s06.html
https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch04s07.html

However, this wouldn't be the first package in main that chose
to drop scripts directly into /usr/lib (e.g. command-not-found).
But it would be very rare. I think this should be changed,
to place the files into a subdirectory of either /usr/lib or
/usr/libexec, or at minimum provide a rationale for dropping the
scripts directly into /usr/lib.

List of specific binary packages to be promoted to main:
- usrmerge

Notes:
There are a few other trivial issues that I don't believe
need to block MIR; I will list them for completeness:
1. the test(s) are not run at build or via autopkgtest
   (this package is infrequently updated and the
   developer-run tests are likely sufficient)
2. the d/* maintainter scripts are not chmod +x
   (the build will set them +x so this is inconsequential)
3. the d/copyright is not in DEP5 format
   (nice to fix but also inconsequential)

[Duplication]
There is no other package in main providing the same functionality.

[Dependencies]
OK:
- no other Dependencies to MIR due to this
- no -dev/-debug/-doc packages that need exclusion

[Embedded sources and static linking]
OK:
- no embedded source present
- no static linking

[Security]
OK:
- history of CVEs does not look concerning
- does not run a daemon as root
- does not use webkit1,2
- does not use lib*v8 directly
- does not parse data formats
- does not open a port
- does not process arbitrary web content
- does not use centralized online accounts
- does not integrate arbitrary javascript into the desktop
- does not deal with system authentication (eg, pam), etc)

[Common blockers]
OK:
- does not FTBFS currently
- The package has a team bug subscriber (foundations)
- translation present
- not a python/go package, no extra constraints to consider int hat regard

Problems:
- does not have a test suite that runs at build time
- does not have a test suite that runs as autopkgtest

[Packaging red flags]
OK:
- Ubuntu does not carry a delta
- symbols tracking not applicable for this kind of code.
- d/watch is not present, as this is native package
- Upstream update history not applicable (native package)
- Debian/Ubuntu update history is good but slowed in recent releases
- the current release is packaged
- promoting this does not seem to cause issues for MOTUs that so...

Read more...

Revision history for this message
Dan Streetman (ddstreet) wrote :

For clarity, the only action I believe is pending is either of:
- move the installed perl scripts into a subdir of /usr/lib/ or /usr/libexec/
- provide justification for why the perl scripts should remain directly in /usr/lib

I don't believe their location is important enough to *require* moving them to a subdir, but I also believe we shouldn't clutter /usr/lib with scripts without some justification.

Changed in usrmerge (Ubuntu):
assignee: Dan Streetman (ddstreet) → Dimitri John Ledkov (xnox)
Revision history for this message
Dimitri John Ledkov (xnox) wrote :

I agree that scripts should have been in a subdir. I have uploaded this into hirsute now.

I have discussed this with upstream too, they are receptive to make the same or similar change in Debian. When they do it too, we will be able to be in-sync.

Changed in usrmerge (Ubuntu):
assignee: Dimitri John Ledkov (xnox) → Dan Streetman (ddstreet)
Revision history for this message
Dan Streetman (ddstreet) wrote :

thanks, ACK from MIR team.

Changed in usrmerge (Ubuntu):
status: New → In Progress
assignee: Dan Streetman (ddstreet) → nobody
Dan Streetman (ddstreet)
Changed in usrmerge (Ubuntu):
status: In Progress → Fix Committed
Revision history for this message
Steve Langasek (vorlon) wrote :

Override component to main
usrmerge 23ubuntu1 in hirsute amd64: universe/admin/extra/100% -> main
usrmerge 23ubuntu1 in hirsute arm64: universe/admin/extra/100% -> main
usrmerge 23ubuntu1 in hirsute armhf: universe/admin/extra/100% -> main
usrmerge 23ubuntu1 in hirsute i386: universe/admin/extra/100% -> main
usrmerge 23ubuntu1 in hirsute ppc64el: universe/admin/extra/100% -> main
usrmerge 23ubuntu1 in hirsute riscv64: universe/admin/extra/100% -> main
usrmerge 23ubuntu1 in hirsute s390x: universe/admin/extra/100% -> main
7 publications overridden.

Changed in usrmerge (Ubuntu):
status: Fix Committed → Fix Released
Revision history for this message
Dimitri John Ledkov (xnox) wrote :

seems it has gone back to universe, preparing upload of ubuntu-meta and will block it proposed to ensure we can test any fallouts.

tags: added: block-proposed
Revision history for this message
Dimitri John Ledkov (xnox) wrote :

oh the binary is in main, it's the source that is in the universe never mind.

Revision history for this message
Dimitri John Ledkov (xnox) wrote :

Ok, need to patch debootstrap to switch to usrmerge by default + make it list usrmerge package; then update script in ubuntu-meta adds it to minimal. Will upload all that to bileto ppa and test upgrades since non-usrmerged systems.

Revision history for this message
Dimitri John Ledkov (xnox) wrote :

letting just the dep update of ubuntu-meta through.

tags: removed: block-proposed
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

This is already promoted, but new tasks were added and appear in the MIR review queue but are not actually meant to also be promoted. If you really need something prepare it accordingly and add back the mir Team subscription.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ubuntu-meta - 1.463

---------------
ubuntu-meta (1.463) hirsute; urgency=medium

  * Refreshed dependencies
  * Added libraspberrypi-bin to desktop-raspi [arm64 armhf], server-
    raspi [arm64 armhf]
  * Added libraspberrypi0 to desktop-raspi [arm64 armhf], server-raspi
    [arm64 armhf]
  * Added rpi-eeprom to desktop-raspi [arm64 armhf], server-raspi [arm64
    armhf]
  * Added usrmerge to minimal LP: #1906671
  * Added wpasupplicant to desktop-raspi

 -- Dimitri John Ledkov <email address hidden> Fri, 19 Feb 2021 21:38:48 +0000

Changed in ubuntu-meta (Ubuntu):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package debootstrap - 1.0.123ubuntu4

---------------
debootstrap (1.0.123ubuntu4) hirsute; urgency=medium

  * No-change rebuild to drop the udeb package.

 -- Matthias Klose <email address hidden> Mon, 22 Feb 2021 10:30:44 +0100

Changed in debootstrap (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers