[MIR] wireplumber

Review for Package: wireplumber

[Summary]
- The essence of the review result from the MIR POV
MIR team ACK constrained to an answer or fix to the questions below.

Required TODOs:
- There is no autopkgtests here and there is no statement on why they can’t be included. Can you investigate aroud here to see if we can leverage the package quality this way and avoid regressions?

Recommended TODOs:
- As you mentioned, this FTBFS on s390x. Can you try building with the patch you mentioned (https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/1747) so that we can have s390x and promote them all in one go? Would be great to have it in debian and resync.

This does not need a security review
List of specific binary packages to be promoted to main: libwireplumber-0.4-0, wireplumber
Specific binary packages built, but NOT to be promoted to main: libwireplumber-0.4-dev, gir1.2-wp-0.4

[Duplication]
There is no other package in main providing the same functionality.

[Dependencies]
OK:
- no other Dependencies to MIR due to this
 - checked with check-mir
 - not listed in seeded-in-ubuntu
 - none of the built reverse-depends are in universe
- no -dev/-debug/-doc packages that need exclusion
- No dependencies in main that are only superficially tested requiring
more tests now.

[Embedded sources and static linking]

OK:
- no embedded source present
- no static linking
- does not have odd Built-Using entries

OK:
- not a go package, no extra constraints to consider in that regard

[Security]

OK:
- history of CVEs does not look concerning
- does run a daemon as root, but the service files drops a lot of priviledges first
- does not use webkit1,2
- does not use lib*v8 directly
- does not parse data formats
- does not open a port/socket
- does not process arbitrary web content
- does not use centralized online accounts
- does not integrate arbitrary javascript into the desktop
- does not deal with system authentication (eg, pam), etc)
- does not deal with security attestation (secure boot, tpm, signatures)

[Common blockers]

OK:
- does not FTBFS currently but on x390x (see recommended TODO on top)
- does have a test suite that runs at build time
- no new python2 dependency
- Python package, but using dh_python
- Go package, but using dh-golang

Problems:
- does not have autopkgtests

[Packaging red flags]

OK:
- Ubuntu does not carry a delta
- symbols tracking is in place
- d/watch is present and looks ok
- Upstream update history is good
- Debian/Ubuntu update history is good
- the current release is not packaged, but lag by only one minor version behind
- promoting this does not seem to cause issues for MOTUs that so far
- no massive Lintian warnings
- d/rules is rather clean
- It is not on the lto-disabled list

[Upstream red flags]

OK:
- no excessive Errors/warnings during the build
- no incautious use of malloc/sprintf (as far as we can check it)
- no use of sudo, gksu, pkexec, or LD_LIBRARY_PATH (usage is OK inside tests)
- no use of user nobody
- no use of setuid
- no important open bugs (crashers, etc) in Debian or Ubuntu
- no dependency on webkit, qtwebkit, seed or libgoa-*
- not part of the UI for extra checks
- no translation present, but...

Thanks Didier. After extra consideration to the 'We need to ensure that pipewire isn't started instead of pulseaudio' question Debian decided to go for https://launchpad.net/ubuntu/+source/pipewire/0.3.40-2 and default to pipewire-media-session instead of wireplumber until pipewire is made the default sound service.

It probably makes sense for us to follow and stick the tested and simple alternative for the LTS so I'm going to open a new MIR for that one, hopefully it's easy since it's a split of code that was already in main as part of pipewire.

We will still be interested to promote wireplumber after the LTS, hopefully by then the build issues since after checking the git fix wasn't enough. I've updated the description to cover that and the lack of autopkgtests. What's the right way to put the request on hold? Keep it this way or should we close as invalid and reopen when it's time to request a review again?

I unsuscribed the MIR team so that we can revisit it all once we are wanting to promote it to main again and review it. Once this is the case, please resuscribe, update any needed information and set the bug report state back to New.

Reopening as we are ready to switch to pipewire now

We added an autopkgtest now which was the required todolist (and also forwarded to Debian)
https://autopkgtest.ubuntu.com/packages/w/wireplumber

The s390x fix has also been fixed which was the recommended action

2 things blocking it before definitive ack:

* Current wireplubmer is blocked on proposed due to failing on armhf for now.
* An autopkgtest was added, but this one is only about building the package which isn’t sufficient IMHO to ensure a good tested package when releasing.
I suggest thus that you link here a global "pipewire" test plan which is exercising all those related components together.

Thanks Didier,

I've added a testplan for pipewire now, https://wiki.ubuntu.com/DesktopTeam/TestPlans/Pipewire. It does cover the basis but we will improve it going forward according to the feedback we will receive and the issues reported.

The armhf build failure was a builder issue, retry worked, https://launchpad.net/ubuntu/+source/wireplumber/0.4.10-1ubuntu3/+build/23766120

This is a good initial plan, thanks for working on this! Just a side note: maybe precise on the doc that this is both for pipewire AND wireplumber updates (you only mentioned the last).

Ack on the armhf build failure too. MIR team ACK then!

> Just a side note: maybe precise on the doc that this is both for pipewire AND wireplumber updates (you only mentioned the last).

Thanks for catching that, I updated the description now

Override component to main
wireplumber 0.4.10-2 in kinetic: universe/misc -> main
gir1.2-wp-0.4 0.4.10-2 in kinetic amd64: universe/introspection/optional/100% -> main
gir1.2-wp-0.4 0.4.10-2 in kinetic arm64: universe/introspection/optional/100% -> main
gir1.2-wp-0.4 0.4.10-2 in kinetic armhf: universe/introspection/optional/100% -> main
gir1.2-wp-0.4 0.4.10-2 in kinetic ppc64el: universe/introspection/optional/100% -> main
gir1.2-wp-0.4 0.4.10-2 in kinetic riscv64: universe/introspection/optional/100% -> main
gir1.2-wp-0.4 0.4.10-2 in kinetic s390x: universe/introspection/optional/100% -> main
libwireplumber-0.4-0 0.4.10-2 in kinetic amd64: universe/libs/optional/100% -> main
libwireplumber-0.4-0 0.4.10-2 in kinetic arm64: universe/libs/optional/100% -> main
libwireplumber-0.4-0 0.4.10-2 in kinetic armhf: universe/libs/optional/100% -> main
libwireplumber-0.4-0 0.4.10-2 in kinetic ppc64el: universe/libs/optional/100% -> main
libwireplumber-0.4-0 0.4.10-2 in kinetic riscv64: universe/libs/optional/100% -> main
libwireplumber-0.4-0 0.4.10-2 in kinetic s390x: universe/libs/optional/100% -> main
libwireplumber-0.4-dev 0.4.10-2 in kinetic amd64: universe/libdevel/optional/100% -> main
libwireplumber-0.4-dev 0.4.10-2 in kinetic arm64: universe/libdevel/optional/100% -> main
libwireplumber-0.4-dev 0.4.10-2 in kinetic armhf: universe/libdevel/optional/100% -> main
libwireplumber-0.4-dev 0.4.10-2 in kinetic ppc64el: universe/libdevel/optional/100% -> main
libwireplumber-0.4-dev 0.4.10-2 in kinetic riscv64: universe/libdevel/optional/100% -> main
libwireplumber-0.4-dev 0.4.10-2 in kinetic s390x: universe/libdevel/optional/100% -> main
wireplumber 0.4.10-2 in kinetic amd64: universe/video/optional/100% -> main
wireplumber 0.4.10-2 in kinetic arm64: universe/video/optional/100% -> main
wireplumber 0.4.10-2 in kinetic armhf: universe/video/optional/100% -> main
wireplumber 0.4.10-2 in kinetic ppc64el: universe/video/optional/100% -> main
wireplumber 0.4.10-2 in kinetic riscv64: universe/video/optional/100% -> main
wireplumber 0.4.10-2 in kinetic s390x: universe/video/optional/100% -> main
25 publications overridden.