[MIR] realmd
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
realmd (Ubuntu) |
Fix Released
|
Medium
|
Unassigned |
Bug Description
I request that the realmd package be included in the main repository.
I've checked the following things:
---
1. Availability: realmd is already in universe. It's compiled for all platforms.
2. Rationale: This is used by many enterprise or organizations that use Microsoft's Active Directory as their main directory system. This package is the most sensible way to have Linux machines join an AD domain. As security policies become tighter, more enterprises are requiring the Linux machines use Active Directory for authentication.
3. Security:
The changelog goes from 2013 to Oct 2019. It has been supported for a while and is receiving updates.
4. Quality Assurance:
The realm tool is well documented. It asks no debconf questions that I'm aware of.
I'm using it in production systems. It's been very stable. I've reviewed the debian and ubuntu bugs for realmd. I don't see any show-stopper bugs. The bugs that are open are no longer applicable or have workarounds.
The packages have no exotic hardware dependencies.
5. UI Standards: This is a backend package. UI standards don't apply.
---
I'm not fluent enough with Ubuntu packaging to handle the in-depth package checking.
Note this MIR is related to MIR in bug 1868159
Related branches
- Seth Arnold (community): Approve
- Bryce Harrington: Approve
- Canonical Server Core Reviewers: Pending requested
-
Diff: 12 lines (+2/-0)1 file modifiedsupported-misc-servers (+2/-0)
- Lucas Kanashiro: Approve
- Canonical Server Core Reviewers: Pending requested
-
Diff: 12 lines (+2/-0)1 file modifiedsupported-misc-servers (+2/-0)
CVE References
Changed in realmd (Ubuntu): | |
assignee: | nobody → Dan Streetman (ddstreet) |
description: | updated |
Changed in realmd (Ubuntu): | |
status: | In Progress → Fix Released |
[Summary]
This package is acceptable for MIR, with 2 concerns:
1) There has been no upstream release in years and neither Debian nor
Ubuntu has actively pulled upstream bug fixes since the last upstream
release. I would prefer to see more upstream bug fixes pulled into
the Debian (and/or Ubuntu) package. Obviously, it would also be good
for upstream to produce a new release, but that's out of scope here.
2) The 'realm' command may install other packages (e.g. adcli or samba)
as needed, which is not ideal; I would prefer needed packages are
added as actual dependencies. However, since needed packages can
vary based on configuration (i.e. adcli or samba), it is arguably
ok to attempt to install only needed deps from the 'realm' command.
I would prefer if all packages that might be installed are listed
as Recommends: so it's clear from the packaging perspective.
This does need a security review, so I'll assign ubuntu-security after
the next MIR team mtg, if the team agrees with my review.
Notes/TODOs:
As I'm new to the MIR team, I am making this approval conditional on
MIR team review of my review at the next MIR team mtg.
[Duplication]
- There is no other package in main providing the same functionality
- Note: it is possible perform manual configuration/steps for
similar functionality; this package automates and simplifies much
of the manual work.
[Dependencies]
OK:
- no other Dependencies to MIR due to this
- does have Build-Depends: in universe, but all runtime deps are in main
- no -dev/-debug/-doc packages that need exclusion
[Embedded sources and static linking]
OK:
- no embedded source present
- Note, see Upstream red flags section
- no static linking
[Security]
OK:
- history of CVEs does not look concerning
- does not use webkit1,2
- does not use lib*v8 directly
- does not open a port
- does not process arbitrary web content
- does not use centralized online accounts
- does not integrate arbitrary javascript into the desktop
Problems:
- does parse data formats
- does run a daemon as root
- does deal with system authentication (eg, pam), etc)
[Common blockers]
OK:
- does not FTBFS currently
- does have a test suite that runs at build time
- test suite fails will fail the build upon error.
- added forced error to src pkg to verify
- The package has a team bug subscriber
- MIR requestor is subscribed to all realmd bugs in Ubuntu
- translation is present
- not a python package, no extra constraints to consider int hat regard
- does include a single python3 script, but used only for build testing
- no new python2 dependency
- not golang package
Problems:
- does not have a test suite that runs as autopkgtest
- this is probably ok, since there are build-time tests run, and this
is a relatively simple package
[Packaging red flags]
OK:
- Ubuntu does not carry a delta
- symbols tracking not applicable for this kind of code.
- does not provide any libs
- d/watch is present and looks ok
- the current release is packaged
- However, as noted in Problems, last upstream relase was ~3.5 years ago
- promoting this does not seem to cause issues for MOTUs that so far
maintained...