[Bug 1948748] Re: [MIR] swtpm
Christian Ehrhardt
1948748 at bugs.launchpad.net
Tue Nov 9 07:58:24 UTC 2021
> > - Fix the ppc64 FTBFS
> > https://launchpadlibrarian.net/557789130/buildlog_ubuntu-impish-ppc64el.libtpms_0.8.2-1ubuntu1_BUILDING.txt.gz
...
> Neither issue indicates a problem with
> the quality of the code, so I don't think this should block support of the
> package on architectures where it is currently supportable.
Agreed, thanks for having a look at the details
> > Problems:
> > - important open bugs (crashers, etc) in Debian or Ubuntu
> > IMHO there is one worthile to track (but no immediate action needed)
> > FIPS: https://github.com/stefanberger/libtpms/issues/51
>
> Well, as far as I'm aware Canonical has no product for FIPS certification of
> a virtualization stack, so I don't see any reason that FIPS for libtpms
> would be "important" for us.
Yeah, as I said this was "track (but no immediate action needed)" and
mostly meant as a hint for awareness if we ever need to work on it.
> > Recommended TODOs:
> > - While the lib is internal, .symbols tracking usually is cheap and protects
> > even internal libs from some mistakes, consider adding it.
>
> I disagree that this is worthwhile; any changes to the symbols of an
> internal library that cause us to have to make changes to a symbols file are
> busywork.
It has helped in some odd cases, but yeah if you prefer iti without
that or consider it busy-work then I'm totally ok to leave it as is
(that is why it was only in the recommended section).
> > - evaluate the possibility and impact of having "tcsd" in the build
> environment
>
> The problem is that the trousers package is itself buggy and frequently
> fails to install, so build-depending on it for the testsuite is not an
> improvement in QA.
Ok, still thanks for checking that
>
> I believe that addresses everything except for the security review.
Thank you for resolving all the little itches and scratches on this case!
I agree, I think we are good except for the security review.
MIR team ACK (all mandatory requests from the initial review are
fulfilled).
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to gnutls28 in Ubuntu.
https://bugs.launchpad.net/bugs/1948748
Title:
[MIR] swtpm
Status in autogen package in Ubuntu:
Won't Fix
Status in gnutls28 package in Ubuntu:
Won't Fix
Status in libtpms package in Ubuntu:
New
Status in swtpm package in Ubuntu:
New
Bug description:
[Availability]
Available in universe in jammy.
[Rationale]
Needed in order to provide TPM functionality to VMs through kvm/libvirt; should be a Recommends: of qemu-system-x86
[Security]
Several security bugs found and fixed in libtpms this year http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=libtpms
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3746 currently
remains unfixed in the version present in jammy (DoS bug).
[Quality assurance]
Limited history: package not present in Debian, and only in Ubuntu since jammy.
[UI standards]
N/A
[Dependencies]
swtpm and libtpms; no further dependencies outside of main.
[Standards compliance]
OK
[Maintenance]
To be maintained by the Foundations Team.
[Background information]
N/A
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/autogen/+bug/1948748/+subscriptions
More information about the foundations-bugs
mailing list