[Bug 1841595] Re: [MIR] tpm2-tss
FYI related bug 1852347 approved as well -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1841595 Title: [MIR] tpm2-tss To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tpm2-tss/+bug/1841595/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1841595] Re: [MIR] tpm2-tss
libtss2-esys0 promoted now ** Changed in: tpm2-tss (Ubuntu) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1841595 Title: [MIR] tpm2-tss To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tpm2-tss/+bug/1841595/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1841595] Re: [MIR] tpm2-tss
Thanks for the update Mario, so this should now be as ready as it can be for an AA to promote it I guess -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1841595 Title: [MIR] tpm2-tss To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tpm2-tss/+bug/1841595/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1841595] Re: [MIR] tpm2-tss
s390x build problem is fixed and the new version migrated from proposed into release pocket. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1841595 Title: [MIR] tpm2-tss To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tpm2-tss/+bug/1841595/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1841595] Re: [MIR] tpm2-tss
> Note: The AAs might want to see this build error fixed before promoting I guess. The s390x build error solution is waiting to be merged upstream (https://github.com/tpm2-software/tpm2-tss/pull/1549) and then will be included. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1841595 Title: [MIR] tpm2-tss To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tpm2-tss/+bug/1841595/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1841595] Re: [MIR] tpm2-tss
FYI: They usually spot it in component mismatches, but once the build errors are resolved you could subscribe archive-admins here. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1841595 Title: [MIR] tpm2-tss To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tpm2-tss/+bug/1841595/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1841595] Re: [MIR] tpm2-tss
Former list of things that should be improved/resolved before promoting this: - the package needs a bug subscribing Team => I checked foundations-bugs is subscribed as mentioned, thanks - please update to 2.1.4 or 2.3.1 before we promote it => we have 2.3.1-2, thanks! although it only is in -proposed for now => you have a s390x FTFBS left to fix I guess - also ensure that it will be updated regularly in the future => well this part we can't check in advance :-) - please add proper symbols tracking via a .symbols file => done, thanks - please help to resolve Debian bug 918973 => done and extra fixes in tpm-udev, great - in any case the package needs a security review => was done before as agreed Yeah, aside from the surely known s390x build issue (the upload is just one day old and I guess you are aware) this LGTM now. => MIR Team ack. Note: The AAs might want to see this build error fixed before promoting I guess. Thanks to everyone for all the cleanups to make this a good main package! P.S. it already wants to be pulled in by fwupd, so per [1] the right state is fix committed for now. [1]: https://wiki.ubuntu.com/MIRTeam#Process_states ** Changed in: tpm2-tss (Ubuntu) Assignee: Christian Ehrhardt (paelzer) => (unassigned) ** Changed in: tpm2-tss (Ubuntu) Status: Confirmed => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1841595 Title: [MIR] tpm2-tss To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tpm2-tss/+bug/1841595/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1841595] Re: [MIR] tpm2-tss
Brian subscribed the foundations-bugs team now -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1841595 Title: [MIR] tpm2-tss To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tpm2-tss/+bug/1841595/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1841595] Re: [MIR] tpm2-tss
As of tpm2-tss 2.3.1-2 all reported issues above should be resolved. ** Changed in: tpm2-tss (Ubuntu) Assignee: Mathieu Trudel-Lapierre (cyphermox) => Christian Ehrhardt (paelzer) ** Changed in: tpm2-tss (Ubuntu) Status: Incomplete => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1841595 Title: [MIR] tpm2-tss To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tpm2-tss/+bug/1841595/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1841595] Re: [MIR] tpm2-tss
It appears tpm-udev was now accepted into unstable. https://tracker.debian.org/pkg/tpm-udev -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1841595 Title: [MIR] tpm2-tss To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tpm2-tss/+bug/1841595/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1841595] Re: [MIR] tpm2-tss
fwupd 1.3.2-5 is in focal proposed now and won't be able to migrate until this MIR is finished. CC @paulliu I know that you had an ITP bug filed (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940807) for tpm-udev for fixing https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918973. Can you please upload https://salsa.debian.org/debian/tpm-udev to finish it up? This MIR is blocked on that. ** Bug watch added: Debian Bug tracker #940807 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940807 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1841595 Title: [MIR] tpm2-tss To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tpm2-tss/+bug/1841595/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1841595] Re: [MIR] tpm2-tss
@cyphermox, Ping on this? fwupd 1.3.2 will sync to Ubuntu during focal cycle and this MIR will become more important. ** Changed in: tpm2-tss (Ubuntu) Assignee: Mario Limonciello (superm1) => Mathieu Trudel-Lapierre (cyphermox) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1841595 Title: [MIR] tpm2-tss To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tpm2-tss/+bug/1841595/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1841595] Re: [MIR] tpm2-tss
Sure, if you stage something in a PPA or so I can do some tests. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1841595 Title: [MIR] tpm2-tss To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tpm2-tss/+bug/1841595/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1841595] Re: [MIR] tpm2-tss
Yes, those probably should be addressed. I don't necessarily do all the work on these packages though; but I might have time next week to look at them, and prepare a proper new release (with the testing that should go with). Mario, let's see if we can block out just a bit of time to do this? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1841595 Title: [MIR] tpm2-tss To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tpm2-tss/+bug/1841595/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1841595] Re: [MIR] tpm2-tss
I would suspect that's no problem, but @cyphermox is actually maintainer in Debian, so I think he should comment if those are doable :) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1841595 Title: [MIR] tpm2-tss To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tpm2-tss/+bug/1841595/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1841595] Re: [MIR] tpm2-tss
Perfect Mario, the timing for FF-release should be good :-) Thanks for the clarification. And it seems on the security review you had a shortcut since this was already reviewed internally. That leaves just the open points that I asked for on the MIR review. Do you know if you can work on resolving these to make 20.04? P.S. Per [1] I'll set the bug to incomplete reflecting that we wait on packaging changes to be in place. [1]: https://wiki.ubuntu.com/MIRTeam#Process_states ** Changed in: tpm2-tss (Ubuntu) Assignee: (unassigned) => Mario Limonciello (superm1) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1841595 Title: [MIR] tpm2-tss To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tpm2-tss/+bug/1841595/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1841595] Re: [MIR] tpm2-tss
Christian, Ff I realize was confusing. I meant FF release not feature freeze. Sorry! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1841595 Title: [MIR] tpm2-tss To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tpm2-tss/+bug/1841595/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1841595] Re: [MIR] tpm2-tss
@ebarretto from ~ubuntu-security previously reviewed tpm2-tss internally - so am pasting that review here for completeness: I've reviewed tpm2-tss 2.1.0-4 as checked into disco. This shouldn't be considered a full audit but rather a quick gauge of maintainability. tpm2-tss is TCG's (Trusted Computing Group) implementation of TPM2 Software Stack (TSS2). No CVE history Build-Depends: autoconf autoconf-archive debhelper docbook-xsl libcmocka-dev libgcrypt20-dev libtool pkg-config xsltproc postinst file on libtss2-udev_2.1.0-4_iall/DEBIAN/postinst No post/prm rm for libtss2-udev No postinst and post/pre rm for libtss2-dev and libtss2-esys0 No init scripts No systemd services No DBus services No setuid No binaries in PATH No sudo fragments Udev rule in libtss2-udev: # tpm devices can only be accessed by the tss user but the tss # group members can access tpmrm devices KERNEL=="tpm[0-9]*", MODE="0660", OWNER="tss" KERNEL=="tpmrm[0-9]*", MODE="0660", OWNER="tss", GROUP="tss" Test suite under test/. vTPM needed to run it, shouldn't be run against an actual TPM. test/unit/ - run during build test/helper, test/integration and test/tpmclient also available. No cron jobs Some warnings but nothing to worry dpkg-scanpackages: warning: Packages in archive but missing from override file: dpkg-scanpackages: warning: sbuild-build-depends-core-dummy dpkg-scanpackages: warning: Packages in archive but missing from override file: dpkg-scanpackages: warning: sbuild-build-depends-core-dummy sbuild-build-depends-tpm2-tss-dummy dpkg-source: warning: extracting unsigned source package (tpm2-tss_2.1.0-4.dsc) Makefile-test.am:66: warning: variable 'ESYSCRY_LDFLAGS' is defined but no program or configure: WARNING: unrecognized options: --disable-maintainer-mode configure: WARNING: doxygen not found - will not generate any doxygen documentation configure: WARNING: unrecognized options: --disable-maintainer-mode debian/resourcemgr.xml:62: warning: failed to load external entity "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd; debian/tpmclient.xml:62: warning: failed to load external entity "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd; debian/tpmtest.xml:62: warning: failed to load external entity "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd; # ERROR: 0 libtool: warning: relinking 'src/tss2-tcti/libtss2-tcti-device.la' libtool: warning: relinking 'src/tss2-tcti/libtss2-tcti-mssim.la' libtool: warning: relinking 'src/tss2-sys/libtss2-sys.la' libtool: warning: relinking 'src/tss2-esys/libtss2-esys.la' libtool: warning: remember to run 'libtool --finish /usr/lib/x86_64-linux-gnu' dpkg-gencontrol: warning: Depends field of package libtss2-dev: substitution variable ${shlibs:Depends} used, but is not defined dpkg-scanpackages: warning: Packages in archive but missing from override file: dpkg-scanpackages: warning: sbuild-build-depends-core-dummy sbuild-build-depends-lintian-dummy sbuild-build-depends-tpm2-tss-dummy No subprocesses spawned Lots of memory operations, a quick look at them, they look safe Just a few file IO operations, they all look ok Lots of logging. A quick look at them, they look safe tpm2-tss make use of the following environment variables: ./test/integration/sapi-test-options.c:107:env_str = getenv(ENV_TCTI_NAME); ./test/integration/sapi-test-options.c:110:env_str = getenv(ENV_DEVICE_FILE); ./test/integration/sapi-test-options.c:113:env_str = getenv(ENV_SOCKET_ADDRESS); ./test/integration/sapi-test-options.c:116:env_str = getenv(ENV_SOCKET_PORT); ./src/util/log.c:159:char *envlevel = getenv("TSS2_LOG"); No privileged operations Encryption src/tss2-esys/esys_crypto_ossl.c: make use of openssl crypto functions/structures and so on. To name a few: RSA, EVP MD. src/tss2-esys/esys_crypto_gcrypt.c: make use of libgcrypt functions/structures to calculate hashes/HMAC/RSA/ECC/AES and so on. Networking is used in TPM Command Transimission Interface (TCTI) module for interaction with the Microsoft TPM2 simulator. tcti-socket - TPM simulator TCTI library tcti-socket is a library that abstracts the details of direct communication with the interface and protocol exposed by the daemon hosting the TPM2 reference implementation. The interface exposed by this library is defined in the “TSS System Level API and TPM Command Transmission Interface Specification” specification. No WebKit No PolicyKit Some shellcheck warnings for test scripts The overall quality of the code looks good, really mature as one would expect from a software stack. Security team ACK for promoting tpm2-tss to main. -- You
[Bug 1841595] Re: [MIR] tpm2-tss
And finally, you said the deadline is Feature Freeze, I hope/expect you meant that of Ubuntu 20.04 as the one for 19.10 already passed and given the todos I identified seems out of reach even for a feature freeze exception :-) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1841595 Title: [MIR] tpm2-tss To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tpm2-tss/+bug/1841595/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1841595] Re: [MIR] tpm2-tss
[Summary] It looks rather good in general, but there are a few things that should be improved/resolved before promoting this: - the package needs a bug subscribing Team - please update to 2.1.4 or 2.3.1 before we promote it - also ensure that it will be updated regularly in the future - please add proper symbols tracking via a .symbols file - please help to resolve Debian bug 918973 - in any case the package needs a security review - we can add you to the security review queue now, but for the MIR ack please resolve the above [Duplication] OK: Upstream switched from the optional universe tools tpm2-abrmd/tpm2-tools to the hard dependency to this package. >From just the description it seems similar to IBM TSS2 (http://ibmswtpm.sourceforge.net/ibmtss2.html). But on one hand that is not in Main either and it seems that tpm2-tss is what upstream projects select. There are a few reverse deps to tpm2-tss but non to the IBM TSS2 atm. The projects seem to know and coexist e.g. IBM-TSS2 simulator is used to test tpm2-tss. The short answer to this is, that there is no other equivalent functionality in main yet. [Embedded sources and static linking] OK: - no embedded libraries - no static linking - no go code [Security] OK: - no past CVEs in tpm2-tss itself but e.g. CVE-2017-7524 in related tools - runs no daemon as root - does not use webkit1,2 - does not use lib*v8 directly - does not opens a port - does not use centralized online accounts - does not integrate arbitrary javascript into the desktop - does not deal with system authentication (eg, pam), etc) Reasons to consider it security critical: - it doesn't parses "data formats" but data on API calls which is the same - it doesn't really processes arbitrary web content - but the scope in which this came up is fwupd which means it will be part of processing content (for updates). And since that content is downloaded it is to some extend processing web content. - while it doesn't deal with system auth with more FIDO2 coming up and the TPM being the core of that it might still be important. - Furthermore the whole purpose of this lib is to deal with the TPM which is by default security relevant. [Common blockers] - builds fine currently (no FTBFS) - unit tests are present which run at build time - code isn't translatable, but also not end user facing - no python code, so no special checks for that Need to be resolved: - no bug subscriber yet [Packaging red flags] OK: - no Ubuntu delta - debian/watch is present - current maintainers are not MOTUs - no massive Lintian warnings - d/rules is small and clean - d/control has no Built-Using - does not use golang - all sub-dependencies are in main libc6, libgcrypt20 and adduser Should be resolved: - updates are not slow or sporadic, but on the old version - The current release is not packaged 2.1.0 October 2018 There is 2.3.1 most recent of August 2019 or at least 2.1.4 of May 28 (stable fixed for 2.1) - It's a library, but lacks symbol tracking [Upstream red flags] OK: - no Errors/warnings during the build - no Incautious use of malloc/sprintf (that I'd have seen) - no use of sudo, gksu, pkexec, or LD_LIBRARY_PATH (only in Dockerfile and install.md) - no use of User nobody - no use of setuid - no known important bugs (crashers, etc) in Debian or Ubuntu - but https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918973 seems to be bad enough that it should be resolved before promotion especially if needed to be right for fwupd - no Dependency on webkit, qtwebkit, seed or libgoa-* - no Embedded source copies - not in scope for the Unity Dash ** Bug watch added: Debian Bug tracker #918973 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918973 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-7524 ** Changed in: tpm2-tss (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1841595 Title: [MIR] tpm2-tss To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tpm2-tss/+bug/1841595/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1841595] Re: [MIR] tpm2-tss
** Description changed: [Availability] Available in Ubuntu universe and Debian unstable, builds for all architectures Ubuntu supports. + The binaries requested to move to main is libtss2-esys0 and + libtss2-udev. + [Rationale] - fwupd 1.3.1 will be dropping support for using tpm2-tools/tpm2-abrmd and instead will be using tpm2-tss. It's no longer an optional support, but a required dependency to build fwupd now. + An upcoming fwupd release (1.3.1) will be dropping support for using tpm2-tools/tpm2-abrmd and instead will rely upon tpm2-tss. Previously the tpm2-abrmd and tpm2-tools packages were Recommends that were dropped when merging with Debian. They could be optionally used. + TPM support is no longer optional and libtss2-dev package is now a required dependency to build fwupd w/ uefi support now. https://github.com/fwupd/fwupd/commit/1b5f1da2028189d5f743ea7e6ea5c45ebc09e4b8 + The libtss2-esys0 is a required runtime dependency for fwupd. [Security] - No CVE's, no binaries. Just library + No CVE's, no binaries. [Quality assurance] No configuration No debconf questions Long outstanding bugs in Debian: Need to avoid conflict with TPM1.2 udev rules package (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918973) Deals with mainstream tpm2 hardware + Includes watch file + Doesn't rely upon obsolete packages + + [UI Standards] + N/A [Dependencies] + libc6 + libgcrypt20 + adduser [Standards compliance] - Just needs to rev up one more version of debian policy + Just needs to rev up one more version of debian policy. + No major policy violations. + Packaging is straightforward [Maintenance] Propose owning team to foundations, but should generally just sync from Debian. ** Changed in: tpm2-tss (Ubuntu) Status: Incomplete => New ** Description changed: [Availability] Available in Ubuntu universe and Debian unstable, builds for all architectures Ubuntu supports. The binaries requested to move to main is libtss2-esys0 and libtss2-udev. [Rationale] An upcoming fwupd release (1.3.1) will be dropping support for using tpm2-tools/tpm2-abrmd and instead will rely upon tpm2-tss. Previously the tpm2-abrmd and tpm2-tools packages were Recommends that were dropped when merging with Debian. They could be optionally used. TPM support is no longer optional and libtss2-dev package is now a required dependency to build fwupd w/ uefi support now. https://github.com/fwupd/fwupd/commit/1b5f1da2028189d5f743ea7e6ea5c45ebc09e4b8 The libtss2-esys0 is a required runtime dependency for fwupd. + libtss2-udev is a dependency of libtss2-esys0. [Security] No CVE's, no binaries. [Quality assurance] No configuration No debconf questions Long outstanding bugs in Debian: Need to avoid conflict with TPM1.2 udev rules package (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918973) Deals with mainstream tpm2 hardware Includes watch file Doesn't rely upon obsolete packages [UI Standards] N/A [Dependencies] libc6 libgcrypt20 adduser [Standards compliance] Just needs to rev up one more version of debian policy. No major policy violations. Packaging is straightforward [Maintenance] Propose owning team to foundations, but should generally just sync from Debian. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1841595 Title: [MIR] tpm2-tss To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tpm2-tss/+bug/1841595/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1841595] Re: [MIR] tpm2-tss
@Christian, Thanks for your notes. I will review that template and add more detail where I can and update the status back to New when I'm done. As for the timing on this; it is for FF. My experience with MIR in the past was them taking a while so I wanted to make sure I got this in early so there was plenty of time to land it in FF as fwupd 1.3.x will go into FF. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1841595 Title: [MIR] tpm2-tss To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tpm2-tss/+bug/1841595/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1841595] Re: [MIR] tpm2-tss
Finally since we are in Eoan FF, this is for 20.04 right, or is this super-urgent? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1841595 Title: [MIR] tpm2-tss To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tpm2-tss/+bug/1841595/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1841595] Re: [MIR] tpm2-tss
"It's no longer an optional support, but a required dependency to build fwupd now. https://github.com/fwupd/fwupd/commit/1b5f1da2028189d5f743ea7e6ea5c45ebc09e4b8; Most likely, but did you check if it also ends up as a runtime dependency? Because if it is not then no MIR would be needed. If it does add a runtime dependency, please update the bug to state so. Furthermore the report is a bit "light" on content. I'd (and I expect all fellow MIR reviewers as well) if you could add some more. I usually use this template: https://git.launchpad.net/~paelzer/+git/MIR/tree/MIR-template-file.txt which is based on the entries in the Wiki. And the most important part is not to remove all entries that do not apply, but to state that they don't apply. That way a reviewer has much more info, e.g. the empty entry on [Dependencies] above, does this mean it has none, does it mean you'll add them later, ... ** Changed in: tpm2-tss (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1841595 Title: [MIR] tpm2-tss To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tpm2-tss/+bug/1841595/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1841595] Re: [MIR] tpm2-tss
** Description changed: [Availability] Available in Ubuntu universe and Debian unstable, builds for all architectures Ubuntu supports. [Rationale] - fwupd 1.2.11 will be dropping support for using tpm2-tools/tpm2-abrmd and instead will be using tpm2-tss. It's no longer an optional support, but a required dependency to build fwupd now. + fwupd 1.3.1 will be dropping support for using tpm2-tools/tpm2-abrmd and instead will be using tpm2-tss. It's no longer an optional support, but a required dependency to build fwupd now. https://github.com/fwupd/fwupd/commit/1b5f1da2028189d5f743ea7e6ea5c45ebc09e4b8 [Security] No CVE's, no binaries. Just library [Quality assurance] No configuration No debconf questions Long outstanding bugs in Debian: Need to avoid conflict with TPM1.2 udev rules package (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918973) Deals with mainstream tpm2 hardware [Dependencies] [Standards compliance] Just needs to rev up one more version of debian policy [Maintenance] Propose owning team to foundations, but should generally just sync from Debian. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1841595 Title: [MIR] tpm2-tss To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tpm2-tss/+bug/1841595/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs