------ src:vulkan (Bionic) ------ [Summary] TODO: MIR team ACK, pending some requested changes (see below) and security review. The legacy src:vulkan package is quite big and contains embedded sources. It is of much bigger scope than the vulkan-tools and vulkan-loader packages there were split out of it in newer series. Any required changes would need to be SRUed into Bionic first. I wonder if this is really worth the effort to get it MIRed? I'd also like to ask for a security review with special regard to the embedded sources, as those have not been covered by the newer vulkan-loader MIR (LP: #1742711). This does need a security review, so I'll assign ubuntu-security List of specific binary packages to be promoted to main: vulkan-utils, libvulkan1 (libvulkan-dev can be excluded) Notes: The src:vulkan MIR in Bionic basically combines the MIRs of src:vulkan-loader (libvulkan1) and src:vulkan-tools (vulkan-utils) that are already (being) accepted in newer series. Therefore, it is pretty similar to the "vulkan-tools" MIR above and the "vulkan-loader" MIR in LP: #1742711, but due to embedded sources it is of much bigger scope. Required TODOs: * get rid of the embedded sources (or take maintenance of those, in coordination with the security team) * make use of the integrated test suite, so that it fails the build if any tests fails * keep track of symbol names & changes in a debian/libvulkan1.symbols file Recommended TODOs: * Add a team bug subscriber * add autopkgtests * fix lintian errors * fix some build warnings [Duplication] * There is no other package in main providing the same functionality. [Dependencies] OK: * no other Dependencies to MIR due to this (quilt is only a build-dep) * No dependencies in main that are only superficially tested requiring more tests now? [Embedded sources and static linking] OK: * no static linking (some static linking in loader/ and external/glsl is only used for Windows builds) Problems: * embedded glslang, spirv-{tools,headers}, hlsl, glm and vkjson sources [Security] OK: * history of CVEs does not look concerning * does not run a daemon as root * does not use webkit1,2 * does not use lib*v8 directly * does not parse data formats * does not open a port * does not process arbitrary web content * does not use centralized online accounts * does not integrate arbitrary javascript into the desktop * does not deal with system authentication (eg, pam), etc) [Common blockers] OK: * does not FTBFS currently * no translation present, but none needed for this case (user visible)? * not a python/go package, no extra constraints to consider in that regard Problems: * does have a test suite, but that doesn't seem to run during build * no autopkgtest [Packaging red flags] OK: * Ubuntu does not carry a delta (but might need one to carry the proposed changes) * d/watch is present and looks ok (if needed, e.g. non-native) * the current release is packaged (almost, lacking 1 release behind, afterwards the package was split into vulkan-loader and vulkan-tools) * Upstream update history is good * Debian/Ubuntu update history is slow (but acceptable) * promoting this does not seem to cause issues for MOTUs that so far maintained the package * d/rules is rather clean * Does not have Built-Using * is not on the lto-disabled list (LTO hasn't been a thing for Bionic) Recommendation: * fix lintian errors (those only affect libvulkan-dev, that we do not want to promote): + E: libvulkan-dev: missing-dependency-on-libc needed by usr/lib/x86_64-linux-gnu/libVkLayer_core_validation.so and 5 others (missing ${shlibs:Depends}?) + E: libvulkan-dev: package-must-activate-ldconfig-trigger usr/lib/x86_64-linux-gnu/libVkLayer_utils.so Problems: * symbols tracking is NOT in place [Upstream red flags] OK: * no use of sudo, gksu, pkexec, or LD_LIBRARY_PATH (usage is OK inside tests) * no use of user nobody * no use of setuid * no important open bugs (crashers, etc) in Debian or Ubuntu * no dependency on webkit, qtwebkit, seed or libgoa-* * not part of the UI for extra checks Recommended: * There is some fishy usage of malloc (passing the argument count into malloc) in cube.c and cube.cpp inside the "WinMain" function, but this seems to be unused inside the linux build. * attempt to fix external/glslang build warnings + glslang/MachineIndependent/attribute.cpp:85:16: warning: comparison between signed and unsigned integer expressions [-Wsign-compare] + SPIRV/GlslangToSpv.cpp:780:38: warning: comparison between signed and unsigned integer expressions [-Wsign-compare] * attempt to fix vulkan build warnings: + layers/vk_layer_logging.h:1029:13: warning: ‘void InsertCmdDebugUtilsLabel(debug_report_data*, VkCommandBuffer, const VkDebugUtilsLabelEXT*)’ defined but not used [-Wunused-function] + layers/vk_layer_logging.h:1013:13: warning: ‘void EndCmdDebugUtilsLabel(debug_report_data*, VkCommandBuffer)’ defined but not used [-Wunused-function] + layers/vk_layer_logging.h:991:13: warning: ‘void BeginCmdDebugUtilsLabel(debug_report_data*, VkCommandBuffer, const VkDebugUtilsLabelEXT*)’ defined but not used [-Wunused-function] + layers/vk_layer_logging.h:968:13: warning: ‘void InsertQueueDebugUtilsLabel(debug_report_data*, VkQueue, const VkDebugUtilsLabelEXT*)’ defined but not used [-Wunused-function] + layers/vk_layer_logging.h:952:13: warning: ‘void EndQueueDebugUtilsLabel(debug_report_data*, VkQueue)’ defined but not used [-Wunused-function] + layers/vk_layer_logging.h:931:13: warning: ‘void BeginQueueDebugUtilsLabel(debug_report_data*, VkQueue, const VkDebugUtilsLabelEXT*)’ defined but not used [-Wunused-function] + layers/vk_layer_logging.h:749:13: warning: ‘void layer_disable_tmp_debug_messengers(debug_report_data*, uint32_t, VkDebugUtilsMessengerEXT_T**)’ defined but not used [-Wunused-function] + layers/vk_layer_logging.h:732:17: warning: ‘VkResult layer_enable_tmp_debug_messengers(debug_report_data*, uint32_t, VkDebugUtilsMessengerCreateInfoEXT*, VkDebugUtilsMessengerEXT_T**)’ defined but not used [-Wunused-function] + layers/vk_layer_logging.h:725:13: warning: ‘void layer_free_tmp_debug_messengers(VkDebugUtilsMessengerCreateInfoEXT*, VkDebugUtilsMessengerEXT_T**)’ defined but not used [-Wunused-function] + layers/vk_layer_logging.h:679:17: warning: ‘VkResult layer_copy_tmp_debug_messengers(const void*, uint32_t*, VkDebugUtilsMessengerCreateInfoEXT**, VkDebugUtilsMessengerEXT_T***)’ defined but not used [-Wunused-function] + build/vk_object_types.h:294:35: warning: ‘VkDebugReportObjectTypeEXT convertCoreObjectToDebugReportObject(VkObjectType)’ defined but not used [-Wunused-function] + loader/debug_utils.c:524:17: warning: ‘severity’ may be used uninitialized in this function [-Wmaybe-uninitialized]