[MIR] mdevctl 1.0.0 (rust switch)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
mdevctl |
Fix Released
|
Unknown
|
|||
mdevctl (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
This template uses the new proposed format that covers Rust packages, submitted
through https:/
[Availability]
The package mdevctl is already in main via LP: #1889248, but Version 1.0
switched from the most simple (shell) to the least easy supportable (rust) =>
https:/
The latest version of mdevctl available in Debian unstable was changed to adapt
to the MIR rules, as proposed in
https:/
The package builds and works for all supported architectures, and is available
at
https:/
The original (shell based) package is available at
https:/
[Rationale]
This has 3 reasons:
1. it is a very nice tool to handle meidiated devices in general.
It more and more becomes the one tool people refer to (other than fully
manual working through sysfs)
2. it is a Recomments for libvirt-
3. the previous (shell based) version of the package is already in main.
It would be great to have mdevctl in Ubuntu main for kinetic, to avoid more
gaps between Ubuntu and Debian unstable, which could potentialy hinder the
merge processes, but there is no definitive deadline.
[Security]
No CVEs/security issues in this software in the past;
No `suid` or `sgid` binaries;
No executables in `/sbin` and `/usr/sbin`;
The package does not install services, timers or recurring jobs;
The package does not open privileged ports (ports < 1024); and
The package does not contain extensions to security-sensitive software
(filters, scanners, plugins, UI skins, etc).
[Quality assurance - function/usage]
The package works well right after install. It is composed of a single binary
file, a manpage and documentation.
[Quality assurance - maintenance]
The package is maintained well in Debian/Ubuntu and has not too many and long
term critical bugs open.
Ubuntu https:/
Debian https:/
At the moment this was written, the only Ubuntu bug open was this MIR one.
Debian has 2 open bugs, as described below:
https:/
This has been fixed in salsa through
https:/
available in the next debian release. It is also already included in the
proposed merge in the PPA at
https:/
intend to upload to Ubuntu once this MIR is accepted.
https:/
This is valid, but can be fixed in Debian first and then pushed to Ubuntu. The
next upstream version will improve the error message as per
https:/
On top of that, we should ensure that /etc/mdevctl.d/ is part of this package.
[Quality assurance - testing]
The package runs a test suite on build time, if it fails it makes the build fail.
You can verify that at https:/
The package does not run an autopkgtest because the rust tooling does not provide an out-of-the-box manner to run the test suite for packages with vendorized code as it does for packages without vendorized code. This is something we should pursue in the mid/long term.
[Quality assurance - packaging]
debian/watch is present and works. It levarages the support for Multiple
Upstream Tarballs (MUT) to pull in the vendored sources. This process is
described in debian/
debian/control defines a correct Maintainer field.
This package does not yield massive lintian Warnings, Errors
A recent build log of the package is available at
https:/
A no comprehensive "lintian --pedantic" output (without --no-tag-
E: mdevctl source: unpack-
E: mdevctl source: unpack-
E: mdevctl source: unpack-
E: mdevctl source: unpack-
P: mdevctl source: update-
P: mdevctl source: very-long-
P: mdevctl source: very-long-
P: mdevctl source: very-long-
P: mdevctl source: very-long-
Lintian overrides are not present.
This package does not rely on obsolete or about to be demoted packages.
This package has no python2 or GTK2 dependencies.
The package will not be installed by default. Still, it does not ask debconf
questions.
Packaging is more complex than avarage due to the source vendoring
process, which differs to Debian. This should be ok because
debian/
[UI standards]
No end user UI
Just a few CLI bits used by admins and parsable output used by tools.
[Dependencies]
No further depends or recommends dependencies that are not yet in main. Do note
that this package includes vendored Rust code.
[Standards compliance]
This package correctly follows FHS and Debian Policy. Do note that it does
include embedded copies of otehr software (vendorized rust code), which is
discouraged by
https:/
This is done to the current state of the rust stack/support.
[Maintenance/Owner]
The Server Team is already subscribed to the package and maintains it in Debian
and Ubuntu.
The Server Team is aware of the implications by a static build and
commits to test no-change-rebuilds and to fix any issues found for the
lifetime of the release (including ESM).
The Server Team is aware of the implications of vendored code and (as alerted
by the security team) commits to provide updates and backports to the security
team for any affected vendored code for the lifetime of the release (including
ESM).
This package uses vendored rust code tracked in Cargo.lock as shipped, in the
package (at /usr/share/
refreshing that code is outlined in debian/
vendored code, refreshing that code is outlined in debian/
This package is rust based and vendors all non language-runtime dependencies.
The package was test rebuilt in a PPA, as pointed out above.
The latest version of mdevctl available in Debian unstable was changed to adapt
to the MIR rules, as proposed in
https:/
The package builds and works for all supported architectures, and is available
at
https:/
where one can check the build logs for all supported architectures.
[Background information]
The Package description explains the package well:
Mediated device management utility for Linux mdevctl is a utility for managing
and persisting devices in the mediated device framework of the Linux kernel.
Mediated devices are sub-devices of a parent device (ex. a vGPU) which can be
dynamically created and potentially used by drivers like vfio-mdev for
assignment to virtual machines.
Upstream Name is mdevctl, and is available at https:/
Note that, for the former MIR process, jq and libonig were included in main
because mdevctl < 1 depends on those packages. This is no longer true for
mdevctl >= 1 and their demotion should be evaluated.
[Former Bug Description - NO LONGER PART OF MIR DOCS]
This is in main via bug 1889248 already, but Version 1.0 switched from the most simple (shell) to the least easy supportable (rust)
=> https:/
This worked fine in Debian
=> https:/
But for Ubuntu the Server team isn't gonna own the full rust toolchain just because of this helper.
IMHO that needs a discussion how we want to handle rust in general and then the long MIR road for all the way too many dependencies.
I'll start the discussion internally ...
This bug is meant to be a reference from the sync avoidance override as well as the component mismatches - so that everyone can re-check here what the current state is.
Right now it is *intentionally* incomplete and has no full MIR template here.
Changed in mdevctl (Ubuntu): | |
status: | New → Incomplete |
description: | updated |
Changed in mdevctl: | |
status: | Unknown → Fix Released |
tags: | added: needs-sync |
Changed in mdevctl (Ubuntu): | |
milestone: | none → ubuntu-22.06 |
tags: | added: packaging |
Changed in mdevctl (Ubuntu): | |
assignee: | nobody → Athos Ribeiro (athos-ribeiro) |
description: | updated |
description: | updated |
Changed in mdevctl (Ubuntu): | |
assignee: | nobody → Lukas Märdian (slyon) |
tags: | added: fr-2559 |
tags: | added: sec-1214 |
Changed in mdevctl (Ubuntu): | |
milestone: | ubuntu-22.07 → ubuntu-22.08 |
Hi,
@ubuntu-archive - since [1] is a junk repo I can't propose an MR to it.
I subscribed you to please merge the attached diff to sync-blacklist.txt to not make this even more pain by auto-syncing 1.0 over once 22.04 opens up.
[1]: https:/ /bazaar. launchpad. net/~ubuntu- archive/ +junk/sync- blacklist/ view/head: /sync-blacklist .txt