kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #177976
[Bug 1532198] Re: [MIR] zfs-linux
** Changed in: zfs-linux (Ubuntu)
Assignee: (unassigned) => Colin Ian King (colin-king)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to zfs-linux in Ubuntu.
https://bugs.launchpad.net/bugs/1532198
Title:
[MIR] zfs-linux
Status in zfs-linux package in Ubuntu:
Incomplete
Bug description:
Following the process documented at
https://wiki.ubuntu.com/MainInclusionProcess , the following template
needs to be filled in to start the MIR for zfs-linux in 16.04
Below are my answers to the various main inclusion requirements,
marked by a * prefix:
[Availability]:
"The package must already be in the Ubuntu universe, and must
build for the architectures it is designed to work on."
* http://packages.ubuntu.com/xenial/admin/zfsutils-linux
* Yes - built for 64 bit arches only, because ZFS is designed to run
well only on 64 bit architectures.
[Rationale]:
"There must be a certain level of demand for the package, for example:
The package is useful for a large part of our user base."
* Yes - there is a lot of interest in ZFS in the server space and for
users wanting to use a file system that supports huge collections of
disks with excellent reliable features such as checksummed raid, mirroring
striping with easy configuration and also simple data sanity checking and
fixing.
* Being requested by Kiko
"The package is a new build dependency or dependency of a package that we
already support (additionally, the official image builder requires all
used packages be in main)."
* Yes, already in Wily as a technology demo.
"The package helps meet a specific Blueprint goal."
* No blueprint goal.
"The package replaces another package we currently support and promises
higher quality and/or better features, so that we can drop the old
package from the supported set."
* Not applicable
[Security]:
"The security history and the current state of security issues in
the package must allow us to support the package for at least 18 months
without exposing its users to an inappropriate level of security risks.
This requires checking of several things that are explained in detail in
the subsection Security checks."
"Check how many vulnerabilities the package had in the past and how they
were handled by upstream and the Debian/Ubuntu package:"
"http://cve.mitre.org/cve/cve.html: Search in the National Vulnerability
Database using the package as a keyword"
NO ZFS Linux CVEs found, here is the complete list from Mitre:
CVE-2015-1415
The bsdinstall installer in FreeBSD 10.x before 10.1 p9, when configuring
full disk encrypted ZFS, uses world-readable permissions for the GELI
keyfile (/boot/encryption.key), which allows local users to obtain sensitive
key information by reading the file.
CVE-2015-0448
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to
affect confidentiality, integrity, and availability via vectors related to
ZFS File system.
CVE-2013-3266
The nfsrvd_readdir function in sys/fs/nfsserver/nfs_nfsdport.c in the new
NFS server in FreeBSD 8.0 through 9.1-RELEASE-p3 does not verify that a
READDIR request is for a directory node, which allows remote attackers to
cause a denial of service (memory corruption) or possibly execute arbitrary
code by specifying a plain file instead of a directory.
CVE-2011-2313
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect
availability, related to ZFS.
CVE-2011-2312
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect
confidentiality, related to ZFS.
CVE-2011-2311
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect
availability, related to ZFS.
CVE-2011-2286
Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows remote
authenticated users to affect availability, related to ZFS.
CVE-2010-4458
Unspecified vulnerability in Oracle Solaris 11 Express allows local users
to affect availability, related to ZFS.
CVE-2010-3540
Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local
users to affect availability, related to ZFS.
CVE-2010-2392
Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local
users to affect integrity and availability, related to ZFS.
CVE-2010-0318
The replay functionality for ZFS Intent Log (ZIL) in FreeBSD 7.1, 7.2,
and 8.0, when creating files during replay of a setattr transaction, uses
7777 permissions instead of the original permissions, which might allow
local users to read or modify unauthorized files in opportunistic
circumstances after a system crash or power failure.
CVE-2009-3706
Unspecified vulnerability in the ZFS filesystem in Sun Solaris 10, and
OpenSolaris snv_100 through snv_117, allows local users to bypass intended
limitations of the file_chown_self privilege via certain uses of the chown
system call.
"http://secunia.com/advisories/search/: search for the package as a
keyword"
* No security advisories found
Ubuntu CVE Tracker:
http://people.ubuntu.com/~ubuntu-security/cve/main.html
* No
http://people.ubuntu.com/~ubuntu-security/cve/universe.html
* No
http://people.ubuntu.com/~ubuntu-security/cve/partner.html
* No
"Check for security relevant binaries. If any are present, this
requires a more in-depth security review."
"Executables which have the suid or sgid bit set."
* Not applicable
"Executables in /sbin, /usr/sbin."
* Applicable. This requires security review
"Packages which install daemons (/etc/init.d/*)"
* Applicable. This requires security review
"Packages which open privileged ports (ports < 1024)."
* Not applicable
"Add-ons and plugins to security-sensitive software (filters,
scanners, UI skins, etc)"
* Not applicable
[Quality assurance]
"After installing the package it must be possible to make it working with a reasonable effort of configuration and documentation reading."
* Will work "out-of-the-box" once zfsutils-linux installed with 4.4 kernel
* Quick start ZFS reference guide written:
https://wiki.ubuntu.com/Kernel/Reference/ZFS
* Package contains main pages
"The package must not ask debconf questions higher than medium if it is
going to be installed by default. The debconf questions must have
reasonable defaults."
* Does not apply.
"There are no long-term outstanding bugs which affect the usability of the program to a major degree. To support a package, we must be reasonably convinced that upstream supports and cares for the package."
* We have good upstream support from ZFS maintainers, response to bugs
file upstream is within 24 hours
"The status of important bugs in Debian's, Ubuntu's, and upstream's bug
tracking systems must be evaluated. Links to these bug trackers need to
be provided in the MIR report. Important bugs must be pointed out and
discussed in the MIR report."
Upsteam bug tracking:
ZFS - https://github.com/zfsonlinux/zfs/issues
SPL - https://github.com/zfsonlinux/spl/issues
Ubuntu bug tracking:
https://bugs.launchpad.net/ubuntu/+source/zfs-linux
Resolved bugs:
LP#1521952 Add dependency on dh-systemd for zfs-linux
LP#1513124 Fix FTBFSs on ppc64el and arm64
"The package is maintained well in Debian/Ubuntu (check out the Debian PTS)"
Maintained by Kernel team in sync with kernel
Testing: We have several sets of ZFS specific regression tests in the
kernel team autotest test infrastructure:
* The ZFS test suite:
http://kernel.ubuntu.com/git/ubuntu/autotest-client-tests.git/tree/ubuntu_zfs
* fstest (Linux POSIX file system test suite)
http://kernel.ubuntu.com/git/ubuntu/autotest-client-tests.git/tree/ubuntu_zfs_fstest
* ZFS I/O stress tests:
http://kernel.ubuntu.com/git/ubuntu/autotest-client-tests.git/tree/ubuntu_zfs_stress
* XFS generic tests on ZFS:
http://kernel.ubuntu.com/git/ubuntu/autotest-client-tests.git/tree/ubuntu_zfs_xfs_generic
Note: currently working on a adt set of tests for ZFS to cover core features as
as set of kernel team smoke tests.
[Dependencies]:
All build and binary dependencies (including Recommends:) must be
satisfyable in main (i. e. the preferred alternative must be in main).
If not, these dependencies need a separate MIR report (this can be a
separate bug or another task on the main MIR bug)
zfs-linux:
* autotools-dev - Yes
* autoconf - Yes
* autogen - Yes
* automake - Yes
* debhelper - Yes
* dh-autoreconf - Yes
* dh-systemd - Yes
* dkms - Yes
* libselinux1-dev - Yes
* libtool - Yes
* uuid-dev - Yes
* zlib1g-dev - Yes
[Standards compliance]
"Standards compliance: The package should meet the FHS and Debian Policy
standards. Major violations should be documented and justified. Also, the
source packaging should be reasonably easy to understand and maintain."
Yes, I believe so.
[Maintenance]
"The package must have an acceptable level of maintenance
corresponding to its complexity:
Simple packages (e.g. language bindings, simple Perl modules, small
command-line programs, etc.) might not need very much maintenance effort,
and if they are maintained well in Debian we can just keep them synced
More complex packages will usually need a developer or team of
developers paying attention to their bugs, whether that be in Ubuntu or
elsewhere (often Debian). Packages that deliver major new headline
features in Ubuntu need to have commitment from Ubuntu developers
willing to spend substantial time on them."
* Falls into the complex package category. Colin King will primarily
maintain this package, with ownership owned and covered by the
Canonical Kernel Team. We have already performed SRU on ZFS in
Wily, showing we have the means to actively support this package.
"All packages must have a designated "owning" team, regardless of
complexity, which is set as a package bug contact."
* Yes, Canononical Kernel Team
https://launchpad.net/~canonical-kernel-team
[Background information]
"The package descriptions should explain the general purpose and context
of the package. Additional explanations/justifications should be done
in the MIR report."
* Yes, package description covers the scope of the package
"If the package was renamed recently, or has a different upstream name,
this needs to be explained in the MIR report."
The ZFS on Linux provides ZFS packaged under the debian-zfs. Debian
provides zfsutils for *BSD based kernels (kFreeBSD). The package name
zfsutils-linux was chosen for Linux based arches.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/zfs-linux/+bug/1532198/+subscriptions