← Back to team overview

sts-sponsors team mailing list archive

  1. sts-sponsors team
  2. Mailing list archive
  3. Message #06307

[Bug 1978144] Re: [MIR] ipmitool

  Thread PreviousDate PreviousThread Next 
Hello MAAS and archive admins :)

Does the ipmitool use in maas need to be discussed in light of
https://lwn.net/Articles/926101/ saying that the archive has been locked
and concerns raised during MIRs?

Thanks

-- 
You received this bug notification because you are a member of MAAS,
which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1978144

Title:
  [MIR] ipmitool

Status in ipmitool package in Ubuntu:
  Won't Fix

Bug description:
  An MIR was originally attempted a few years ago (see LP: #1576812) but
  was denied as the package was not yet in a good enough state. In that
  time ipmitool has become a more reasonable candidate for main
  inclusion.

  ipmitool is used often by MAAS and has shown up in component
  mismatches for a few years. It is also used often for high
  availability systems.

  [Availability]
  The package ipmitool is already in Ubuntu universe.
  The package ipmitool builds for the architectures it is designed to work on.
  It currently builds and works for architectures: any
  Link to package https://launchpad.net/ubuntu/+source/ipmitool

  [Rationale]
  - The package ipmitool will generally be useful for a large part of our
    user base since it is widely used in systems management and in various
    HA components. It is also suggested by tools such as cluster-glue which
    is in main

  [Security]
  - Based on CVE trackers ipmitool had 2 relevant security issues
  - CVE-2020-5208 (https://ubuntu.com/security/CVE-2020-5208): handled in
    1.8.19 upstream and in a set of 6 patches in 1.8.18-10.1 Debian/Ubuntu
  - CVE-2011-4339 (https://ubuntu.com/security/CVE-2011-4339): Fixed
    in 1.8.11-5

  - The binary ipmievd is installed to /usr/sbin. It has a fairly limited
    scope with limited exposure, acting as a daemon for sending IPMI events
    to syslog. ipmievd requires super user priveleges to access syslog.
  - The package installs a service corresponding to ipmievd located at:
    /etc/init.d/ipmievd and /lib/systemd/system/ipmievd.service
  - The package does not open privileged ports (ports < 1024), but defaults to
    using port 514 in certain situations.
  - The package does not contain extensions to security-sensitive software

  [Quality assurance - function/usage]
  - The package works well right after install. Site-specific options for
    accessing a BMC may be necessary, but are documented in the man page.

  [Quality assurance - maintenance]
  - Ubuntu https://bugs.launchpad.net/ubuntu/+source/ipmitool/+bug
  - Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=ipmitool
  - The package is maintained well in Debian/Ubuntu and does not have too
    many bugs with nothing long term and critical open
  - The package does not deal with exotic hardware we cannot support

  [Quality assurance - testing]
  - The package does not run a test at build time because it has no test
    suite. If it had tests they would likely have strict hardware
    dependencies.
  - The package does not have any autopkgtests

  [Quality assurance - packaging]
  - debian/watch is present and works

  - This package does not yield massive lintian Warnings, Errors
  Lintain results:
  W: ipmitool-dbgsym: elf-error In program headers: Unable to find program interpreter name [usr/lib/debug/.build-id/83/f454e3ecf71ef36fda026461a8785a747ec163.debug]
  W: ipmitool-dbgsym: elf-error In program headers: Unable to find program interpreter name [usr/lib/debug/.build-id/d9/d138606f42a79ef56f95617d3f57b765b3afe4.debug]

  - Lintian overrides are no longer present in the package

  - This package does not rely on obsolete or about to be demoted packages.
  - This package has no python2 or GTK2 dependencies
  - The package will not be installed by default
  - Packaging and build is easy

  [UI standards]
  - Outside of the comand-line tool, the application is not end-user facing.
    It has no translations present though.
  - ipmitool has no desktop file, and is primarily used via the
    command-line on servers

  [Dependencies]
  - No further depends or recommends dependencies that are not yet in main

  [Standards compliance]
  - This package correctly follows FHS and Debian Policy

  [Maintenance/Owner]
  - Owning Team will be Ubuntu Server
  - Team is already subscribed to the package

  - This does not use static builds
  - This does not use vendored code

  [Background information]
  The Package description explains the package well
  Upstream Name is ipmitool
  Link to upstream project https://github.com/ipmitool/ipmitool

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ipmitool/+bug/1978144/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next