Public bug reported: The Tracker developers have renamed tracker-miners to localsearch. To meet deadlines and uncouple the tinysparql transition from Debian's NEW queue, we have packaged localsearch 3.8 as tracker-miners. However, we will soon rename the source package to localsearch (perhaps in time for Ubuntu 25.04). It makes sense to file the rename MIR now since tinysparql & localsearch are closely related.
Once the localsearch source package migrates out of -proposed, the tracker-miners source package will be removed. This MIR should be processed along with the tinysparl MIR LP: #2099086 [Availability] The package localsearch is already in Ubuntu universe. The package localsearch build for the architectures it is designed to work on. It currently builds and works for all Ubuntu architectures except for i386 Link to package https://launchpad.net/ubuntu/+source/tracker-miners [Rationale] - The package localsearch is required in Ubuntu main because it powers GNOME's search indexer and is deeply integrated into nautilus. - The package localsearch will generally be useful for a large part of our user base - The package localsearch will not generally be useful for a large part of - The package localsearch is a new runtime dependency of package nautilus that we already support - There is no other/better way to solve this that is already in main or should go universe->main instead of this. - The binary package localsearch needs to be in main to achieve: the "tracker-miners" name doesn't exist upstream after the 3.7 series for GNOME 46. We want to use the upstream "localsearch" name instead. - The package localsearch is required in Ubuntu main for Ubuntu 25.04. The package rename was not uploaded to Ubuntu 25.04 before Feature Freeze however. [Security] - Had 1 security issue in the past + https://security-tracker.debian.org/tracker/CVE-2023-5557 + https://security-tracker.debian.org/tracker/CVE-2023-5557 + Ubuntu Security considered this a hardening fix more than a security vulnerability. - no `suid` or `sgid` binaries - no executables in `/sbin` and `/usr/sbin` - Package does install services, timers or recurring jobs systemd user services --------------------- localsearch-3.service localsearch-control-3.service localsearch-writeback-3.service dbus services ------------- org.freedesktop.LocalSearch3.Control.service org.freedesktop.LocalSearch3.Writeback.service org.freedesktop.LocalSearch3.service org.freedesktop.Tracker3.Miner.Files.Control.service org.freedesktop.Tracker3.Miner.Files.service org.freedesktop.Tracker3.Writeback.service - Security has been kept in mind and common isolation/risk-mitigation patterns are in place utilizing the following features: seccomp Landlock https://docs.kernel.org/userspace-api/landlock.html - Packages does not open privileged ports (ports < 1024). - Package does not expose any external endpoints TODO: - Packages does not contain extensions to security-sensitive software TODO: (filters, scanners, plugins, UI skins, ...) I'm not sure what those terms mean but I think this qualifies as an extension to security-sensitive software. GNOME provides this page for reporting security vulnerabilities in core GNOME components like tinysparql https://security.gnome.org/ [Quality assurance - function/usage] - The package works well right after install [Quality assurance - maintenance] - The package is maintained well in Debian/Ubuntu/Upstream and does not have too many, long-term & critical, open bugs - Ubuntu https://bugs.launchpad.net/ubuntu/+source/tracker-miners - Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=tracker-miners - Upstream https://gitlab.gnome.org/GNOME/localsearch/-/issues - The package does not deal with exotic hardware we cannot support [Quality assurance - testing] - The package runs a test suite on build time, if it fails it makes the build fail, link to build log https://launchpad.net/ubuntu/+source/tracker-miners/3.8.2-2 - The package does not run an autopkgtest because this packages is tested at build time instead. Notably, some of localsearch's build tests do not work correctly with the security hardening features landlock and seccomp; we can run those tests at build time but we can't use Ubuntu's binary packages for those tests. [Quality assurance - packaging] - debian/watch is present and works - debian/control defines a correct Maintainer field - This package does not yield massive lintian Warnings, Errors - Please link to a recent build log of the package https://launchpad.net/ubuntu/+source/tracker-miners/3.8.2-2 - Lintian overrides are present, but ok because they include an explanatory note. rpath is used to load private libraries. - This package does not rely on obsolete or about to be demoted packages. - This package has no python2 or GTK2 dependencies - The package will be installed by default, but does not ask debconf questions - Packaging and build is easy, link to debian/rules https://salsa.debian.org/gnome-team/localsearch/-/blob/debian/latest/debian/rules The package is built twice because the build tests fail if tracker- miners is built with landlock and seccomp. The build without those features is only used for the build tests and is not provided in Ubuntu binary packages. [UI standards] - Application is end-user facing, Translation is present, via standard intltool/gettext or similar build and runtime internationalization system - End-user applications without desktop file, not needed because it is more of a service than an app. However, it can be configured with gnome- control-center in the Search page. [Dependencies] - No further depends or recommends dependencies that are not yet in main [Standards compliance] - This package correctly follows FHS and Debian Policy [Maintenance/Owner] - The owning team will be Desktop Packages and I have their acknowledgement for that commitment - The future owning team is not yet subscribed, but will subscribe to the package before promotion - This does not use static builds - This does not use vendored code - This package is not rust based - The package has been built within the last 3 months in the archive - Build link on launchpad: https://launchpad.net/ubuntu/+source/tracker-miners/3.8.2-2 [Background information] The Package description explains the package well Upstream Name is localsearch https://gitlab.gnome.org/GNOME/localsearch Link to previous MIR LP: #1770877 Ubuntu 25.04 ships localsearch 3.8 (GNOME 47) because localsearch 3.9 (GNOME 48) switched to ffmpeg/libav (which are in Ubuntu universe) and the Ubuntu Desktop Team has not had time to evaluate the situation. https://gitlab.gnome.org/GNOME/localsearch/-/merge_requests/579 ** Affects: tracker-miners (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to tracker-miners in Ubuntu. https://bugs.launchpad.net/bugs/2099160 Title: [MIR] localsearch To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tracker-miners/+bug/2099160/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
