[Bug 1854362] Re: [MIR] ceph-iscsi, tcmu, python-configshell-fb, python-rtslib-fb, urwid, targetcli-fb
Christian Ehrhardt
1854362 at bugs.launchpad.net
Tue Feb 25 08:48:19 UTC 2020
- Previous message (by thread): [Bug 1854362] Re: [MIR] ceph-iscsi, tcmu, python-configshell-fb, python-rtslib-fb, urwid, targetcli-fb
- Next message (by thread): [Bug 1854362] Re: [MIR] ceph-iscsi, tcmu, python-configshell-fb, python-rtslib-fb, urwid, targetcli-fb
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
## ceph-iscsi ##
[Summary]
MIR Team conditional ack. To be complete I'd recommend an update to v3.4 and I'd
request a security review. The updates are important, but no blocker for the
security review therefore I'm assigning the security Team.
TODOs:
@Jamespage - bug subscriber
I guess openstack will subscribe for this one right?
Jamespage could you make that happen?
@Jamespage - update to version 3.4 for a bunch of crash fixes
@security - please put this on your review queue.
[Duplication]
This is essentially a ceph/LIO gateway translating between the two.
Such functionality isn't in main, duplication is no issue.
[Dependencies]
- no other Dependencies to MIR due to this (only those listed in this bug
already)
- no -dev/-debug/-doc packages that need exclusion
[Embedded sources and static linking]
- no embedded source present
- no static linking
[Security]
OK:
- history of CVEs does not look concerning
- does not use webkit1,2
- does not process arbitrary web content
- does not use lib*v8 directly
- does not use centralized online accounts
- does not integrate arbitrary javascript into the desktop
- does not deal with system authentication (eg, pam), etc)
Problems:
- does run two daemons as root
- does parse data formats (via REST API)
- does open a port (for REST)
=> a security review is needed
[Common blockers]
OK:
- does not FTBFS currently
- does have a test suite that runs at build time
- test suite fails will fail the build upon error (Thanks James for enabling
these).
- no translation present, but none needed for this case (admin only)?
- no new python2 dependency
- uses dh_python
Problems:
- Does not yet have a team bug subscriber?
- does not have a test suite that runs as autopkgtest (sort of ok for now, if
tested e.g. in other openstack context)
[Packaging red flags]
OK:
- Ubuntu does carry a delta, but it is reasonable and maintenance under control
- symbols tracking not applicable for this kind of code.
- d/watch is present and looks ok
- Upstream update history is ok
- Debian/Ubuntu update history is not long enough to have a good insight how frequent they will be
- promoting this does not seem to cause issues for MOTUs that so far maintained the package
- no massive Lintian warnings
- d/rules is rather clean
- not using Built-Using
Problems:
- the current release is not packaged
=> https://github.com/ceph/ceph-iscsi/releases/tag/3.4
Fixing some crashes
=> https://github.com/ceph/ceph-iscsi/compare/3.3...3.4
@Jamespage would you mind getting this packaged?
[Upstream red flags]
OK:
- no Errors/warnings during the build
- no incautious use of malloc/sprintf (python)
- no use of sudo, gksu, pkexec, or LD_LIBRARY_PATH
- no use of user nobody
- no use of setuid (needs very careful design (prefer systemd to set those for services))
- no important open bugs (crashers, etc) in Debian or Ubuntu
- no dependency on webkit, qtwebkit, seed or libgoa-*
- no embedded source copies
- not part of the UI for extra checks
Problems:
- The upstream bug tracker has a list of bad bugs, but they seem to be actively
worked on so that should be ok.
** Changed in: ceph-iscsi (Ubuntu)
Assignee: Christian Ehrhardt (paelzer) => Ubuntu Security Team (ubuntu-security)
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to python-rtslib-fb in Ubuntu.
https://bugs.launchpad.net/bugs/1854362
Title:
[MIR] ceph-iscsi, tcmu, python-configshell-fb, python-rtslib-fb,
urwid, targetcli-fb
Status in ceph-iscsi package in Ubuntu:
Confirmed
Status in python-configshell-fb package in Ubuntu:
In Progress
Status in python-rtslib-fb package in Ubuntu:
Confirmed
Status in targetcli-fb package in Ubuntu:
Confirmed
Status in tcmu package in Ubuntu:
Confirmed
Status in urwid package in Ubuntu:
Confirmed
Bug description:
== ceph-iscsi ==
[Availability]
In universe
[Rationale]
Provides iSCSI gateway to a Ceph cluster, allowing clients which don't understand RBD to use Ceph storage.
[Security]
No security history found.
[Quality assurance]
Package runs tests during package build (submitted back to Debian).
[Dependencies]
All in main or on this MIR
[Standards compliance]
OK
[Maintenance]
ubuntu-openstack
== tcmu ==
[Availability]
In universe
[Rationale]
Dependency for ceph-iscsi
Handles the userspace side of the LIO TCM-User backstore allowing LIO
to use librbd for Ceph backed block devices.
[Security]
Some security history:
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=tcmu
All in older versions.
[Quality assurance]
No tests in source package for execution during package build.
[Dependencies]
All in main or on this MIR
[Standards compliance]
OK
[Maintenance]
ubuntu-openstack
== python-configshell-fb ==
[Availability]
In universe
[Rationale]
Dependency for ceph-iscsi
[Security]
No security history
[Quality assurance]
No tests in source package for execution during package build.
[Dependencies]
All in main or on this MIR
[Standards compliance]
OK
[Maintenance]
ubuntu-openstack
== python-rtslib-fb ==
[Availability]
In universe
[Rationale]
Dependency for ceph-iscsi
[Security]
No security history
[Quality assurance]
No tests in source package for execution during package build.
[Dependencies]
All in main or on this MIR
[Standards compliance]
OK
[Maintenance]
ubuntu-openstack
== urwid ==
[Availability]
In universe
[Rationale]
Dependency for python-configshell-fb
[Security]
No security history
[Quality assurance]
Tests present and executed during package build.
[Dependencies]
All in main or on this MIR
[Standards compliance]
OK
[Maintenance]
ubuntu-openstack
== targetcli-fb ==
[Availability]
In universe
[Rationale]
- Only CLI for iSCSI target feature in Linux Kernel
- Replaces with much better performance tgt iSCSI target
- tgt is being deprecated slowly and poorly updated
- LIO fully supports SCSI 3 reservations (for clustering)
[Security]
No security history
[Quality assurance]
Tests present and executed during package build.
[Dependencies]
- python3-configshell-fb (this MIR)
- python3-gi (main)
- python3-rtslib-fb (this MIR)
- python3-six (main)
[Standards compliance]
OK
[Maintenance]
ubuntu-server
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ceph-iscsi/+bug/1854362/+subscriptions
- Previous message (by thread): [Bug 1854362] Re: [MIR] ceph-iscsi, tcmu, python-configshell-fb, python-rtslib-fb, urwid, targetcli-fb
- Next message (by thread): [Bug 1854362] Re: [MIR] ceph-iscsi, tcmu, python-configshell-fb, python-rtslib-fb, urwid, targetcli-fb
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the Ubuntu-openstack-bugs
mailing list