[Bug 2094805] Re: [MIR] raspi-utils
Only in proposed, nothing in -release $ rmadison -u ubuntu -s plucky,plucky-proposed raspi-utils-core raspi-utils-otp raspi-utils-dt raspi-utils-eeprom raspinfo raspi-utils-core | 20240903-0ubuntu3 | plucky-proposed/universe | arm64, armhf raspi-utils-otp| 20240903-0ubuntu3 | plucky-proposed/universe | all raspi-utils-dt | 20240903-0ubuntu3 | plucky-proposed/universe | arm64, armhf raspi-utils-eeprom | 20240903-0ubuntu3 | plucky-proposed/universe | arm64, armhf raspinfo | 20240903-0ubuntu3 | plucky-proposed/universe | arm64, armhf libraspberrypi-bin already was in main - no problem $ ./change-override --component main --suite plucky-proposed --source-and-binary raspi-utils Override component to main raspi-utils 20240903-0ubuntu3 in plucky: universe/utils -> main libraspberrypi-bin 20240903-0ubuntu3 in plucky arm64: main/misc/optional/100% -> main libraspberrypi-bin 20240903-0ubuntu3 in plucky armhf: main/misc/optional/100% -> main raspi-utils 20240903-0ubuntu3 in plucky arm64: universe/utils/optional/100% -> main raspi-utils 20240903-0ubuntu3 in plucky armhf: universe/utils/optional/100% -> main raspi-utils-core 20240903-0ubuntu3 in plucky arm64: universe/utils/optional/100% -> main raspi-utils-core 20240903-0ubuntu3 in plucky armhf: universe/utils/optional/100% -> main raspi-utils-dt 20240903-0ubuntu3 in plucky arm64: universe/utils/optional/100% -> main raspi-utils-dt 20240903-0ubuntu3 in plucky armhf: universe/utils/optional/100% -> main raspi-utils-eeprom 20240903-0ubuntu3 in plucky arm64: universe/utils/optional/100% -> main raspi-utils-eeprom 20240903-0ubuntu3 in plucky armhf: universe/utils/optional/100% -> main raspi-utils-otp 20240903-0ubuntu3 in plucky amd64: universe/utils/optional/100% -> main raspi-utils-otp 20240903-0ubuntu3 in plucky arm64: universe/utils/optional/100% -> main raspi-utils-otp 20240903-0ubuntu3 in plucky armhf: universe/utils/optional/100% -> main raspi-utils-otp 20240903-0ubuntu3 in plucky i386: universe/utils/optional/100% -> main raspi-utils-otp 20240903-0ubuntu3 in plucky ppc64el: universe/utils/optional/100% -> main raspi-utils-otp 20240903-0ubuntu3 in plucky riscv64: universe/utils/optional/100% -> main raspi-utils-otp 20240903-0ubuntu3 in plucky s390x: universe/utils/optional/100% -> main raspinfo 20240903-0ubuntu3 in plucky arm64: universe/utils/optional/100% -> main raspinfo 20240903-0ubuntu3 in plucky armhf: universe/utils/optional/100% -> main Override [y|N]? y libraspberrypi-bin 20240903-0ubuntu3 in plucky arm64 remained the same libraspberrypi-bin 20240903-0ubuntu3 in plucky armhf remained the same 18 publications overridden; 2 publications remained the same ** Changed in: raspi-utils (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2094805 Title: [MIR] raspi-utils To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/raspi-utils/+bug/2094805/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2094805] Re: [MIR] raspi-utils
yep - Approved and in component mismatches -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2094805 Title: [MIR] raspi-utils To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/raspi-utils/+bug/2094805/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2094805] Re: [MIR] raspi-utils
This looks ready to be promoted. Please make sure to also drive the demotion of raspberrypi-userland forward at the same time. ** Changed in: raspi-utils (Ubuntu) Status: Incomplete => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2094805 Title: [MIR] raspi-utils To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/raspi-utils/+bug/2094805/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2094805] Re: [MIR] raspi-utils
Hi, all the associated MPs have been merged. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2094805 Title: [MIR] raspi-utils To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/raspi-utils/+bug/2094805/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2094805] Re: [MIR] raspi-utils
Thanks a lot for your efforts, we're getting close. Let's try to get those changes landed to make the package ready for "main". SUMMARY: #2 ACK. raspberrypi-userland to be unseeded when raspi-utils becomes seeded. #4 kms++ to be dropped to Suggests, pending in https://code.launchpad.net/~r41k0u/ubuntu/+source/raspi- utils/+git/raspi-utils/+merge/480344 #5 test-plan pending in https://code.launchpad.net/~r41k0u/ubuntu- manual-tests/+git/ubuntu-manual-tests/+merge/480718 #6.1 fix for raspinfo pending in https://code.launchpad.net/~r41k0u/ubuntu/+source/raspi-utils/+git/raspi-utils/+merge/480344 #6.2 fix for over overlaycheck pending in https://code.launchpad.net/~r41k0u/ubuntu/+source/raspi-utils/+git/raspi-utils/+merge/480344 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2094805 Title: [MIR] raspi-utils To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/raspi-utils/+bug/2094805/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2094805] Re: [MIR] raspi-utils
Removal of overlaycheck and moving kms++-utils to Suggests is added to https://code.launchpad.net/~r41k0u/ubuntu/+source/raspi- utils/+git/raspi-utils/+merge/480344 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2094805 Title: [MIR] raspi-utils To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/raspi-utils/+bug/2094805/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2094805] Re: [MIR] raspi-utils
Thanks for the review! IMO we can drop overlaycheck from this package. That is not a replacement for anything in raspberrypi-userland and would not be useful to a large part of our user base. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2094805 Title: [MIR] raspi-utils To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/raspi-utils/+bug/2094805/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2094805] Re: [MIR] raspi-utils
I can answer a couple of these quickly: re: #2 Yes the plan is to replace raspberrypi-userland with raspi-utils in the seeds. At least initially raspberrypi-userland would drop out of main and, if possible (I haven't check reverse-depends yet) be removed entirely. re: #4 The plan is to drop kms++ to suggests. We're intending to add it to the archive, but we don't want this in main, if possible. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2094805 Title: [MIR] raspi-utils To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/raspi-utils/+bug/2094805/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2094805] Re: [MIR] raspi-utils
re #1: ACK, understood. So, rpi-eeprom will stay around in "main" regardless. re #2: Thanks for pointing out the Breaks/Replaces! The upstream raspberrypi-userland README states that it is deprecated and improved tools from raspi-utils should be used instead. So, what's the transitioning plan for raspberrypi-userland -> raspi-utils? Ideally, we would have only one of them in "main" at all times. Can the old package be demoted & dropped from the seeds? re #3: ACK, ignoring. re #4: see bug #2092065 (needs-packaging: kms++) => This also needs MIR, if we keep it as a Recommends here! re #5: Thanks, looks reasonable. Fix pending in https://code.launchpad.net/~r41k0u/ubuntu-manual-tests/+git/ubuntu- manual-tests/+merge/480718 re #6: - Fix for raspinfo (checking for elevated privileges, instead of calling sudo) pending in https://code.launchpad.net/~r41k0u/ubuntu/+source/raspi-utils/+git/raspi-utils/+merge/480344 - How about overlaycheck? You say it's meant to be used in a kernel git tree, that sounds very developer specific. Is this really something needed in "main"? Could it be split to a separate binary package that we keep in "universe" instead? re #7: ACK, team bug subscriber confirmed. re #8: see LP comment #6: have you considered some of those options for hardening the raspi-utils .service unit? Without knowing much about the context, there are some hardening options that sound generally useful, e.g.: - PrivateTmp= - PrivateUsers= - PrivateNetwork= - ProtectHome=vestigate if we can have some automated build-time tests. Thinking of the device-tree overlay merging util, - ProtectProc= - ProtectSystem= - PrivateDevices= # maybe this can be limited - DeviceAllow=# to just the device needed for flashing the eeprom? - ProtectKernelModules= - ProtectControlGroups= - ProtectKernelLogs= - NoNewPrivileges= - User=/DynamicUser= # can it run as non-root? - ProtectClock= re #9: ACK, thanks. Every little bit that can be tested automatically is better than nothing! Please reference/link the changes here, once ready. re #10: ACK, thanks. Please reference/link the lintian fixes here, once ready. re #11: Yes, consider my suggestion to be optional. It just feels weird pulling a tarball from the rpi.org deb repository instead of from the upstream project. re #12: ACK, thanks. Please reference/link the CMake fix here, once ready. re #13: ACK, fixed with GCC 14.2 (Noble+) see LP comment #8 Thank you for your continued work on this! This leaves us with the following tasks blocking the MIR: - #2 demote src:raspberrypi-userland? - #4 MIR kms++ (LP: #2092065) - #5 manual test plan pending in https://code.launchpad.net/~r41k0u/ubuntu-manual-tests/+git/ubuntu-manual-tests/+merge/480718 - #6 fix for raspinfo pending in https://code.launchpad.net/~r41k0u/ubuntu/+source/raspi-utils/+git/raspi-utils/+merge/480344, open question about overlaycheck -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2094805 Title: [MIR] raspi-utils To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/raspi-utils/+bug/2094805/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2094805] Re: [MIR] raspi-utils
The MP for image tests has been added to the bug, which will satisfy #5 ** Merge proposal linked: https://code.launchpad.net/~r41k0u/ubuntu-manual-tests/+git/ubuntu-manual-tests/+merge/480718 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2094805 Title: [MIR] raspi-utils To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/raspi-utils/+bug/2094805/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2094805] Re: [MIR] raspi-utils
https://code.launchpad.net/~r41k0u/ubuntu/+source/raspi-utils/+git/raspi-utils/+merge/480344 for removing sudo from raspinfo ** Merge proposal linked: https://code.launchpad.net/~r41k0u/ubuntu/+source/raspi-utils/+git/raspi-utils/+merge/480344 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2094805 Title: [MIR] raspi-utils To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/raspi-utils/+bug/2094805/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2094805] Re: [MIR] raspi-utils
https://github.com/raspberrypi/utils/issues/87 does not show up with gcc 14.2, which is the GCC version on noble and above. So this is fixed by upgrading GCC -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2094805 Title: [MIR] raspi-utils To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/raspi-utils/+bug/2094805/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2094805] Re: [MIR] raspi-utils
overlaycheck is meant to run in a linux kernel git tree. So LD_LIBRARY_PATH is set to the working dir's lib instead of /lib -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2094805 Title: [MIR] raspi-utils To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/raspi-utils/+bug/2094805/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2094805] Re: [MIR] raspi-utils
$ sudo systemd-analyze security rpi-eeprom-update.service --no-pager NAMEDESCRIPTION EXPOSURE ✗ RootDirectory=/RootImage= Service runs within the host's root directory0.1 SupplementaryGroups=Service runs as root, option does not matter RemoveIPC= Service runs as root, option does not apply ✗ User=/DynamicUser= Service runs as root user0.4 ✗ CapabilityBoundingSet=~CAP_SYS_TIME Service processes may change the system clock0.2 ✗ NoNewPrivileges=Service processes may acquire new privileges 0.2 ✓ AmbientCapabilities=Service process does not receive ambient capabilities ✗ PrivateDevices= Service potentially has access to hardware devices 0.2 ✗ ProtectClock= Service may write to the hardware clock or system clock 0.2 ✗ CapabilityBoundingSet=~CAP_SYS_PACCTService may use acct() 0.1 ✗ CapabilityBoundingSet=~CAP_KILL Service may send UNIX signals to arbitrary processes 0.1 ✗ ProtectKernelLogs= Service may read from or write to the kernel log ring buffer 0.2 ✗ CapabilityBoundingSet=~CAP_WAKE_ALARM Service may program timers that wake up the system 0.1 ✗ CapabilityBoundingSet=~CAP_(DAC_*|FOWNER|IPC_OWNER) Service may override UNIX file/IPC permission checks 0.2 ✗ ProtectControlGroups= Service may modify the control group file system 0.2 ✗ CapabilityBoundingSet=~CAP_LINUX_IMMUTABLE Service may mark files immutable 0.1 ✗ CapabilityBoundingSet=~CAP_IPC_LOCK Service may lock memory into RAM 0.1 ✗ ProtectKernelModules= Service may load or read kernel modules 0.2 ✗ CapabilityBoundingSet=~CAP_SYS_MODULE Service may load kernel modules 0.2 ✗ CapabilityBoundingSet=~CAP_BPF Service may load BPF programs0.1 ✗ CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG Service may issue vhangup() 0.1 ✗ CapabilityBoundingSet=~CAP_SYS_BOOT Service may issue reboot() 0.1 ✗ CapabilityBoundingSet=~CAP_SYS_CHROOT Service may issue chroot() 0.1 ✗ PrivateMounts= Service may install system mounts0.2 ✗ SystemCallArchitectures=Service may execute system calls with all ABIs 0.2 ✗ CapabilityBoundingSet=~CAP_BLOCK_SUSPENDService may establish wake locks 0.1 ✗ MemoryDenyWriteExecute= Service may create writable executable memory mappings 0.1 ✗ RestrictNamespaces=~userService may create user namespaces 0.3 ✗ RestrictNamespaces=~pid Service may create process namespaces0.1 ✗ RestrictNamespaces=~net Service may create network namespaces0.1 ✗ RestrictNamespaces=~uts Service may create hostname namespaces 0.1 ✗ RestrictNamespaces=~mnt Service may create file system namespaces0.1 ✗ CapabilityBoundingSet=~CAP_LEASEService may create file leases 0.1 ✗ CapabilityBoundingSet=~CAP_MKNOD
[Bug 2094805] Re: [MIR] raspi-utils
Team bug subscriber added. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2094805 Title: [MIR] raspi-utils To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/raspi-utils/+bug/2094805/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2094805] Re: [MIR] raspi-utils
A needs-packaging bug for kms++-utils is up, and this is likely to be in the archive. So I think we can skip #4. https://bugs.launchpad.net/ubuntu/+bug/2092065 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2094805 Title: [MIR] raspi-utils To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/raspi-utils/+bug/2094805/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2094805] Re: [MIR] raspi-utils
https://ubuntu-archive-team.ubuntu.com/proposed- migration/plucky/update_excuses.html#raspi-utils -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2094805 Title: [MIR] raspi-utils To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/raspi-utils/+bug/2094805/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2094805] Re: [MIR] raspi-utils
Hi Lukas Thanks for reviewing. I must amend some things in this MIR. Some things are wrong in the MIR draft. raspi-utils is not a runtime dependency for rpi-eeprom, but it contains utils which replace the previous raspi-userland package. The README at https://github.com/raspberrypi/userland states this in the header. So primarily, we want this promoted to main because dtoverlay, dtmerge, vcmailbox and vcgencmd will now be updated as part of the raspi-utils package (which were in raspi-userland previously) #1 - raspi-utils-eeprom is different from rpi-eeprom, as it deals with HAT EEPROMs instead of Raspberry Pi's on-board EEPROM. An example of the usage of tools provided by raspi-utils-eeprom is here: https://www.madebymikal.com/raspberry-pi-hat-identity-eeproms-a-simple- guide/ #2 - Yes, there is a Breaks/Replaces: https://git.launchpad.net/ubuntu/+source/raspi-utils/tree/debian/control #3 - No, this is not a runtime dependency of rpi-eeprom (I am sorry for this mistake). But this is a replacement for some tools present in raspi-userland. #4 - Yes, I will put up an MP for that. #5 - I will add a link to these tests #6 - Right. If these are flagged as problematic, we can opt to remove these tools (as these were not in raspi-userland previously). We don't explicitly need raspinfo as it is used to collect info for bug reports (apport does the same thing). I am not sure about a replacement for overlaycheck, though. #7 - Right, will do this #8 - I am attaching the output in the next comment. But since this is not a runtime dependency of rpi-eeprom, I don't thin most of it applies to this package. #9 - We can write tests for a couple of tools here, but that won't cover the whole package. I will try to create a build test for dtmerge and add it. #10, #12, #13 - Right, I will do these #11 - I am apprehensive about this because the GitHub source only has 2 branches (master and otpset), and none of them are stable. We can surely do this (I see new utils like kdtc and piolib on the GitHub source), but this approach can lead to breaking changes in future. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2094805 Title: [MIR] raspi-utils To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/raspi-utils/+bug/2094805/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2094805] Re: [MIR] raspi-utils
Review for Source Package: raspi-utils [Summary] This is a collection of offical tools from RaspberryPi Ltd. Especially, "vcgencmd" and "dtoverlay". It replaces the "libraspberrypi-bin" package (from src:raspberrpi-userland). The utilities are required by "rpi-eeprom" for updating the boot EEPROM on Raspberry Pi. This package is not shipped in Debian, but taken from the Raspbian repository, and has a few packaging shortcomings, which should be improved (see below). MIR team ACK under the constraint to resolve the below listed required TODOs and as much as possible having a look at the recommended TODOs. This does need a security review, so I'll assign ubuntu-security List of specific binary packages to be promoted to main: raspi-utils-core, raspi-utils-otp, raspi-utils-dt, raspi-utils-eeprom, raspinfo Specific binary packages built, but NOT to be promoted to main: Notes: #0 I'm requesting security review for the extensive use of sprintf/malloc, the use of sudo & LD_LIBRARY_PATH as part of the utility scripts and the parsing of device tree (overlay) data. Required TODOs: #1 Can you please clarif how rpi-eeprom did function previously, without those utils? Was it all part of "libraspberrypi-bin"? How is that going to be replaced in "main"? Does it require additional test cases, now that we have rpi-eeprom and raspi-utils? #2 Please clarify: How are you going to replace the "libraspberrypi-bin" binary from src:raspberrypi-userland? Do we need to Conflict/Replace the old libraspberrypi-bin package? #3 You mention "Due to this being a runtime dependency of rpi-eeprom [...]" => I could not confirm this dependency. Can you please clarify? Also, would that introduce a circular dependency, as there's also the Dependency of raspinfo->rpi-eeprom #4 kms++-utils is listed as a Recommends but does not exist (not in main, nor in Debian/Ubuntu at all). Please drop it (or downgrade to Suggests at least). #5 Please specify the exact manual test case(es), as used during ISO testing to verify this package and link them from the MIR bug description. => Maybe something from here? https://iso.qa.ubuntu.com/qatracker/milestones/464/builds/321949/testcases #6 avoid usage of "sudo" in raspinfo and LD_LIBRARY_PATH in overlaycheck Recommended TODOs: #7 The package should get a team bug subscriber before being promoted #8 can you run "systemd-analyze security rpi-eeprom-update.service" to find suggestions for isolating this functionality (I know that services is from a different source package, but it's related and might give good hints for this package, too). #9 Please investigate if we can have some automated build-time tests. Thinking of the device-tree overlay merging util, this sounds like something which can be done offline (during tests) and validated at build-time. There might be other cases like this for the different raspi-utils tools. #10 Consider fixing some of the Lintian warning listed below in [Packaging red flags] #11 debian/watch is tracking the raspberrypi.org archive. Consider if we should rather track the upstream GitHub repository and spin date-based snapshots ourselves. This would allow pulling in the latest version (including the new "kdtc" tool). #12 Consider fixing the CMake warning listed below in [Upstream red flags] #13 help fixing FTBFS with gcc 14.1, https://github.com/raspberrypi/utils/issues/87 [Rationale, Duplication and Ownership] - There is no other package in main providing the same functionality. - A team is committed to own long term maintenance of this package. => Foundations Architecture - The rationale given in the report seems valid and useful for Ubuntu [Dependencies] OK: - no -dev/-debug/-doc packages that need exclusion Problems: - other Dependencies to MIR due to this + rpi-eeprom (not detected by check-mir, but seems fine) + kms++-utils (Recommends, not packages, should be Suggests) - dependencies in main that are only superficially tested requiring more tests now. (rpi-eeprom, bug 1895137) [Embedded sources and static linking] OK: - no embedded source present (all included tools are part of the upstream repo) - no static linking - does not have unexpected Built-Using entries - not a go package, no extra constraints to consider in that regard - not a rust package, no extra constraints to consider in that regard Problems: None [Security] OK: - history of CVEs does not look concerning - does not run a daemon as root - does not use webkit1,2 - does not use lib*v8 directly - does not expose any external endpoint (port/socket/... or similar) - does not process arbitrary web content - does not use centralized online accounts - does not integrate arbitrary javascript into the desktop - does not deal with system authentication (eg, pam), etc) - does not deal with security attestation (secure boot, tpm, signatures) - does not deal with cryptography (en-/decryption, certificates, signing, ...) Problems: - does parse da
[Bug 2094805] Re: [MIR] raspi-utils
** Changed in: raspi-utils (Ubuntu) Assignee: (unassigned) => Lukas Märdian (slyon) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2094805 Title: [MIR] raspi-utils To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/raspi-utils/+bug/2094805/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2094805] Re: [MIR] raspi-utils
** Merge proposal linked: https://code.launchpad.net/~r41k0u/ubuntu/+source/raspi-utils/+git/raspi-utils/+merge/479362 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2094805 Title: [MIR] raspi-utils To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/raspi-utils/+bug/2094805/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
