[Bug 1267393] Re: [MIR] juju-core, juju-mongodb, gccgo, golang
Steve Langasek
steve.langasek at canonical.com
Fri Oct 16 18:01:06 UTC 2015
> golang 1.5 is now built on arm64 and ppc64el, however juju-core
> is built using gccgo. Is there a reason for it?
The reason for this is that the package is being backported directly to
trusty, under the juju Stable Release Exception for SRUs. Since there
is not a compatible version of golang in trusty, the package is
currently built for all releases using gccgo.
I believe we will want to revisit this in the future, but I think this
should be separable from the MIR question, do you agree?
> - the packaging is a copy of the mongodb package, however it looks
> like the packaging itself isn't merged / updated where needed.
> This problem is shared with the mongodb package in Ubuntu.
The mongodb package is in universe and unsupported. The juju-mongodb
package exists to support juju-core and provides a subset of
functionality specifically validated for use with juju. I don't think
this should be a blocker for the MIR?
> - google-perftools is available on all archs. Is there a need to
> disable that for some architectures?
It's not available on arm64 in trusty, so probably should not be enabled
on that architecture. It probably should be enabled on ppc64el and
powerpc.
> - the package should be built for the upcoming s390x architecture as
> well.
Yes, it should; the architecture list in debian/control should just be
dropped so that the package builds automatically for all architectures.
These last two points are good packaging feedback, but they don't seem
to be critical for the package's current supportability in main
(especially considering s390x is not in wily)
(https://wiki.ubuntu.com/UbuntuMainInclusionRequirements). Can this be
spun out into a bug report against the juju-mongodb package, unblocking
the MIR for this component?
** Changed in: juju-mongodb (Ubuntu)
Status: Incomplete => New
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to gccgo-5 in Ubuntu.
https://bugs.launchpad.net/bugs/1267393
Title:
[MIR] juju-core, juju-mongodb, gccgo, golang
Status in dh-golang package in Ubuntu:
Fix Released
Status in gccgo-5 package in Ubuntu:
Fix Released
Status in gccgo-go package in Ubuntu:
Invalid
Status in golang package in Ubuntu:
Incomplete
Status in golang-check.v1 package in Ubuntu:
Fix Committed
Status in golang-github-bmizerany-assert package in Ubuntu:
Fix Committed
Status in golang-github-bmizerany-pat package in Ubuntu:
Fix Committed
Status in golang-go-dbus package in Ubuntu:
Fix Committed
Status in golang-go.crypto package in Ubuntu:
Incomplete
Status in golang-go.net-dev package in Ubuntu:
Fix Committed
Status in golang-gocheck package in Ubuntu:
Incomplete
Status in golang-goyaml package in Ubuntu:
Incomplete
Status in golang-juju-loggo package in Ubuntu:
Incomplete
Status in golang-x-text package in Ubuntu:
Incomplete
Status in juju-core package in Ubuntu:
Triaged
Status in juju-mongodb package in Ubuntu:
New
Bug description:
>> golang <<
Availability
------------
In universe, limited to amd64, i386 and armhf archs.
Rationale
---------
golang is the primary focus of Go toolchain development; scale testing
of juju with gccgo and golang gc built binaries revealed that the
gccgo built binaries consume a significant amount of memory compared
to golang gc built versions.
As juju is focussed on building scale out service deployments,
choosing the toolchain that produces the most scalable binaries on the
architectures that most users are going to be using would make sense.
Security
--------
Can't find any interesting security history.
QA
--
OK; the toolchain does have a test suite but its not run by default
(yet).
Dependencies
------------
All build-deps are in main; some non-core packages depend on package
in universe (kate, vim addons) - recommend that these are left in
universe.
golang-go.tools can be demoted to a suggested to limit scope of main
inclusion.
Standards compliance
--------------------
OK
Maintenance
-----------
>> gccgo-go <<
Availability
------------
In universe, available on all required architectures (x86, armhf,
arm64, ppc64el).
Rationale
---------
'go' build tool built using gccgo, avoiding the need to promote two
golang toolchains to Ubuntu main.
Security
--------
Searching for golang CVE's turned up nothing (this package is a rename
of the golang 1.2 source package).
Quality assurance
-----------------
Package installs cleanly, go tool installed using alternatives at
higher priority that golang-go version in universe.
Dependencies
------------
gccgo is in universe, all other dependencies in main.
Standards compliance
--------------------
OK
Maintenance
-----------
Some bugs expected upfront but should stabilize before release.
Probably picked up by ubuntu-server if foundations team don't want to.
Background information
----------------------
This package is a re-cut of the golang upstream codebase with selected
cherry-picks from upstream VCS for gccgo support, along with a patch
to support building using gccgo + Make.
The only code actually used is in src/cmd/go.
>> juju-mongodb <<
Availability
------------
In universe, available on all required architectures (x86, armhf,
arm64, ppc64el).
Rationale
---------
MongoDB is a dependency for operating a Juju deployed Ubuntu
environment.
Security
--------
MongoDB has had some CVE's in the past, related to the use of the V8
and Spidermonkey Javascript engine in the Mongo Shell; however juju-
mongodb builds without support for Javascript scripting, avoiding the
historic CVE's (which where fixed upstream anyway).
Quality assurance
-----------------
Package installs cleanly, package build process runs upstream smoke
tests (minus jstests due to disabling javascript support). Tests
pass on all architectures.
Dependencies
------------
All in main already
Standards compliance
--------------------
OK (well is scons but we won't hold that against it)
Maintenance
-----------
Upstream MongoDB run stable releases with point updates; its intended
that a MRE is applied for this package so point releases can be pushed
as SRU's.
Its also possible that we might need to bump a major version (2.4.x ->
2.6.x); as this package is specific to Juju, we can constrain the
impact and regression testing to Juju only.
Background information
----------------------
Why a separate package? it was agreed at the last vUDS that having a
separate package allows us to limit a) use of v8 (disabled) which was
a security concern and b) allows us to potentially update at a later
date if need be only impacting juju itself.
>> juju-core <<
Availability
------------
In universe.
Rationale
---------
Juju is the recommended service orchestration tool for Ubuntu; as such
it really needs to be a core part of Ubuntu.
Security
--------
No security history, but it was agreed that a security review would be
undertaken as part of the MIR process.
Quality assurance
-----------------
No tests are run as part of the package build process; however
upstream do run these tests for all target series (12.04 -> 14.04)
prior to release so the overall quality of the codebase it pretty
good.
The package has some basic DEP-8 tests that bootstrap a local Juju
environment to ensure everything hangs together OK.
Dependencies
------------
juju-mongodb (see above)
gccgo + gccgo-go
Currently all required go dependencies are snapshotted at specific
upstream commits and bundled with Juju.
Standards compliance
--------------------
OK
Maintenance
-----------
Upstream Juju team intend to manage stable point releases against the
version shipped in 14.04. Ubuntu Server team will own the package in
distro.
Background information
----------------------
Some decisions still need to be made, mainly around toolchain.
Specifically the aim is to support a single Go toolchain in Ubuntu
main for all architectures; golang-go does not support arm64 or
ppc64el yet, whereas the gccgo implementation does.
Required changes to support gccgo have been upstreamed into the Juju
codebase.
Its also worth noting that the package and binaries in Ubuntu are used
for:
client tool (juju)
juju agent (jujud) - but only for local provider and where --upload-tools is used
Upstream released jujud binaries are/will be distributed officially
via simplestreams using a documented build process (details TBC). The
juju client will use these tools on public clouds and potentially in
private cloud deployments where tools are synced into the cloud using
the juju client tool (juju sync-tools).
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dh-golang/+bug/1267393/+subscriptions
More information about the foundations-bugs
mailing list