Ubuntu
gnome-bluetooth3 package

[MIR] gnome-bluetooth3

Bug #1964600 reported by Jeremy Bícha
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
gnome-bluetooth3 (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

[Availability]
Already in Ubuntu universe.
Builds and works for all supported architectures except i386 (i386 is not needed)
https://launchpad.net/ubuntu/+source/gnome-bluetooth3

[Rationale]
- gnome-bluetooth3 is a new runtime dependency of package gnome-shell that
we already support

- gnome-bluetooth3 is requested in Ubuntu main no later than March 24 to
allow for a FFE to be reviewed in time to land this changeset before 22.04 Beta Freeze

[Security]
- https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=gnome-bluetooth
- Ubuntu CVE Tracker: https://ubuntu.com/security/cve?package=gnome-bluetooth
- Had 1 security issue in the past
https://ubuntu.com/security/CVE-2018-10910 says that the bug was actually
in bluez but we were able to use a gnome-bluetooth workaround to avoid
needing to release a security update for bluez

- no `suid` or `sgid` binaries
- no executables in `/sbin` and `/usr/sbin`
- Package does not install services, timers or recurring jobs
- Package does not open privileged ports (ports < 1024)
- Package does not contain extensions to security-sensitive software
(filters, scanners, plugins, UI skins, ...)
- debian/rules builds with all standard hardening flags

[Quality assurance - function/usage]
The package works well right after install

[Quality assurance - maintenance]
- The package is maintained well in Debian/Ubuntu and has not too many
  and long term critical bugs open
- Ubuntu https://bugs.launchpad.net/ubuntu/+source/gnome-bluetooth3
- Ubuntu older series https://bugs.launchpad.net/ubuntu/+source/gnome-bluetooth3
- Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=gnome-bluetooth3
- Debian older series https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=gnome-bluetooth
- GNOME https://gitlab.gnome.org/GNOME/gnome-bluetooth/-/issues
- The package does not deal with exotic hardware we cannot support

[Quality assurance - testing]
- Runs a test suite on build time, if it fails it makes the build fail, link to build log:
https://launchpadlibrarian.net/590053720/buildlog_ubuntu-jammy-amd64.gnome-bluetooth3_42~rc-1_BUILDING.txt.gz

- Does not run an autopkgtest because we haven't created one yet

[Quality assurance - packaging]
- debian/watch is present and works (only checks for stable releases)

- Does not yield massive lintian Warnings or Errors
- Lintian overrides are not present

- Des not rely on obsolete or about to be demoted packages.
- Has no python2 or GTK2 dependencies

- Does not ask debconf questions

- Packaging and build is easy:
https://salsa.debian.org/gnome-team/gnome-bluetooth3/-/blob/debian/master/debian/rules

[UI standards]
For Ubuntu 22.04 LTS we are not building the very minimal /usr/bin/bluetooth-sendto app
because it is not fully working after the port to GTK4 yet.
The older binary package gnome-bluetooth builds this app.

- Application is end-user facing, Translation is present, via standard
  gettext internationalization system

- End-user application that ships a standard conformant desktop file,
The .desktop has NoDisplay=true set. The intended way to run the app on a
default Ubuntu install is by opening the GNOME Settings app (gnome-control-center).
Click Bluetooth in the side panel. Click your Bluetooth device. Then click Send Files.
The window that appears is the bluetooth-sendto app.

[Dependencies]
- There are further dependencies that are not yet in main, MIR for libadwaita-1
is at https://launchpad.net/bugs/1962568

[Standards compliance]
- This package correctly follows FHS and Debian Policy

[Maintenance/Owner]
- Owning Team will be Ubuntu Desktop (Co-maintained with Debian GNOME team.)
- Team is not yet, but will subscribe to the package before promotion

- This does not use static builds
- This does not use vendored code

- The package built successfully yesterday.

[Background information]
- The Package description explains the package well
- https://gitlab.gnome.org/GNOME/gnome-bluetooth

The old library source package name is gnome-bluetooth; the new library source package name is gnome-bluetooth3.

gnome-bluetooth is in main because of 3 things:
- gir and library used by gnome-shell
- library used by gnome-control-center
- small bluetooth-sendto app used in gnome-control-center

gnome-bluetooth 42 had a major API version bump. The UI part was split to a separate library.
The UI library was ported to GTK4. gnome-control-center and budgie-control-center are the only known users of the UI library. (budgie-control-center is a fork because Budgie intends to avoid GTK4/libadwaita for now.). We cannot use the updated UI library in Ubuntu 22.04 LTS because we are still using gnome-control-center 41 which is GTK3.

GNOME Shell 42 uses API from the new gnome-bluetooth library to fix LP: #1738838
The API changes do not look practical to forward-port (switch to a new GListModel API).
Ubuntu's gnome-shell packaging has to revert ~6 commits to keep using the older gnome-bluetooth library, which is more awkward to maintain.

Because of how GNOME Shell extensions work, if an extension tries to modify the bluetooth part of the system status menu in the top right corner of the screen, the extension may not work because Ubuntu's GNOME Shell 42 is different than what every other distro provides. This is a minor concern since extensions are "use at your own risk" and there aren't many working bluetooth extensions.

The Ubuntu Desktop Team requests that gnome-bluetooth3 be allowed in to main alongside the older gnome-bluetooth library for 22.04 LTS. For 22.10, the older gnome-bluetooth library will be demoted to universe (because Ubuntu Budgie still uses it).

If this MIR is approved, we will also ask approval for a FFe to switch gnome-shell to use the new gnome-bluetooth3 and drop the unused gir1.2-gnome-bluetooth-1.0 from the older gnome-bluetooth package since gnome-shell was its only user.

Tags: jammy
Jeremy Bícha (jbicha)
tags: added: jammy
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in gnome-bluetooth3 (Ubuntu):
status: New → Confirmed
Ioanna Alifieraki (joalif)
Changed in gnome-bluetooth3 (Ubuntu):
assignee: nobody → Ioanna Alifieraki (joalif)
Revision history for this message
Ioanna Alifieraki (joalif) wrote :
Download full text (3.2 KiB)

Review for Package: gnome-bluetooth3

[Summary]
MIR team ACK under the constraint to resolve the below listed
required TODOs and as much as possible having a look at the
recommended TODOs.

This does not need a security review

List of specific binary packages to be promoted to main:
libgnome-bluetooth-3.0-13
libgnome-bluetooth-ui-3.0-13
libgnome-bluetooth-3.0-dev
libgnome-bluetooth-ui-3.0-dev
gir1.2-gnomebluetooth-3.0
libgnome-bluetooth-doc
gnome-bluetooth-3-common

Notes:

Required TODOs:
1. Add some autopackage tests
2.The package should get a team bug subscriber before being promoted

Recommended TODOs:
- Fix the the build warnings upstream ( https://pastebin.canonical.com/p/dKrn86DtDY/ )

[Duplication]
- There is no other package in main providing the same functionality
IIUC gnome-bluetooth which is already in main provides the same functionality, however the analysis in the [Background information] in bug description seems convincing to promote gnome-bluetooth3 to main along side gnome-bluethooth which will be demoted in 20.10.

[Dependencies]
OK:
- no other Dependencies to MIR due to this
- no -dev/-debug/-doc packages that need exclusion
- No dependencies in main that are only superficially tested requiring
  more tests now.

Problems: None

[Embedded sources and static linking]
OK:
- no embedded source present
- no static linking
- does not have odd Built-Using entries
- not a go package, no extra constraints to consider in that regard
- No vendoring used, all Built-Using are in main

Problems: None

[Security]
OK:
- history of CVEs does not look concerning
- does not run a daemon as root
- does not use webkit1,2
- does not use lib*v8 directly
- does not open a port/socket
- does not parse data formats
- does not process arbitrary web content
- does not use centralized online accounts
- does not integrate arbitrary javascript into the desktop
- does not deal with system authentication (eg, pam), etc)
- does not deal with security attestation (secure boot, tpm, signatures)

Problems: None

[Common blockers]
OK:
- does not FTBFS currently
- does have a test suite that runs at build time
  - test suite fails will fail the build upon error.
- no new python2 dependency

Problems:
- does not have test suite that runs as autopkgtest

[Packaging red flags]
OK:
- Ubuntu does not carry a delta
- symbols tracking is in place
- d/watch is present and looks ok (if needed, e.g. non-native)
- Upstream update history is good
- Debian/Ubuntu update history is good
- the current release is packaged
- promoting this does not seem to cause issues for MOTUs that so far
  maintained the package
- no massive Lintian warnings
- d/rules is rather clean
- It is not on the lto-disabled list

Problems: None

[Upstream red flags]
OK:
- no incautious use of malloc/sprintf (as far as we can check it)
- no use of sudo, gksu, pkexec, or LD_LIBRARY_PATH (usage is OK inside
   tests)
- no use of user nobody
- no use of setuid
- no important open bugs (crashers, etc) in Debian or Ubuntu
- no dependency on webkit, qtwebkit, seed or libgoa-*
- part of the UI, desktop file is ok
- translation present

Problems:
- Errors/warnings during the build
  - Upstream build prod...

Read more...

Changed in gnome-bluetooth3 (Ubuntu):
status: Confirmed → Incomplete
Christian Ehrhardt  (paelzer)
Changed in gnome-bluetooth3 (Ubuntu):
assignee: Ioanna Alifieraki (joalif) → nobody
Revision history for this message
Jeremy Bícha (jbicha) wrote :

Hi again! Sorry for the delay.

Required TODO 1/2: Done
-----------------------
I have added a trivial autopkgtest to ensure that basic functionality of the gir package keeps working and the test is passing on all architectures (except i386 where this package isn't built).

https://salsa.debian.org/gnome-team/gnome-bluetooth3/-/tree/debian/master/debian/tests
https://autopkgtest.ubuntu.com/packages/g/gnome-bluetooth3

The GIR is only intended for use by GNOME Shell. The C library has been stripped down since its only intended use is by gnome-control-center so it only really provides BluetoothSettingsWidget

I will file a bug upstream to ask that the extensive gnome-bluetooth build tests be converted to installed tests which will significantly improve our autopkgtest coverage but that won't be ready this release cycle.

Required TODO: 2/2: DONE
------------------------
We subscribed the Desktop Bugs Team.

Other
-----
I filed the FFE as https://launchpad.net/bugs/1968364

Jeremy Bícha (jbicha)
Changed in gnome-bluetooth3 (Ubuntu):
status: Incomplete → New
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Thank you Jeremy, yes this looks all complete by now.
Thanks for addressing the remaining tasks.

MIR Team Ack.

Thereby this would be ready to be promoted once the dependency is present.
Which will happen once you upload for the FFE bug you have open.

Changed in gnome-bluetooth3 (Ubuntu):
status: New → In Progress
Jeremy Bícha (jbicha)
Changed in gnome-bluetooth3 (Ubuntu):
status: In Progress → Fix Committed
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

I'm not seeing the dependency yet on [1] or [2].
What upload exactly are we waiting for here to have it show up?

[1]: https://people.canonical.com/~ubuntu-archive/component-mismatches-proposed.html
[2]: https://people.canonical.com/~ubuntu-archive/component-mismatches.html

Revision history for this message
Jeremy Bícha (jbicha) wrote :

Christian, sorry it hasn't fully been published yet:
https://launchpad.net/ubuntu/+source/gnome-shell/42.0-2ubuntu1

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :
Download full text (4.6 KiB)

Ok, it is there now:
https://people.canonical.com/~ubuntu-archive/component-mismatches-proposed.html

gnome-bluetooth3: gir1.2-gnomebluetooth-3.0 gnome-bluetooth-3-common libgnome-bluetooth-3.0-13 libgnome-bluetooth-3.0-dev libgnome-bluetooth-doc libgnome-bluetooth-ui-3.0-13 libgnome-bluetooth-ui-3.0-dev

[Reverse-Depends: Rescued from gnome-bluetooth3 (Uploader: jbicha), gir1.2-gnomebluetooth-3.0, gnome-shell (Uploader: 3v1n0) (MAIN), libgnome-bluetooth-3.0-13, libgnome-bluetooth-ui-3.0-dev]

All Acks are present, no further dependencies, subscription present.
Resolving this to get migrations done and have less noise left towards the release week.

Override component to main
gnome-bluetooth3 42.0-5 in jammy: universe/misc -> main
gir1.2-gnomebluetooth-3.0 42.0-5 in jammy amd64: universe/introspection/optional/100% -> main
gir1.2-gnomebluetooth-3.0 42.0-5 in jammy arm64: universe/introspection/optional/100% -> main
gir1.2-gnomebluetooth-3.0 42.0-5 in jammy armhf: universe/introspection/optional/100% -> main
gir1.2-gnomebluetooth-3.0 42.0-5 in jammy ppc64el: universe/introspection/optional/100% -> main
gir1.2-gnomebluetooth-3.0 42.0-5 in jammy riscv64: universe/introspection/optional/100% -> main
gir1.2-gnomebluetooth-3.0 42.0-5 in jammy s390x: universe/introspection/optional/100% -> main
gnome-bluetooth-3-common 42.0-5 in jammy amd64: universe/gnome/optional/100% -> main
gnome-bluetooth-3-common 42.0-5 in jammy arm64: universe/gnome/optional/100% -> main
gnome-bluetooth-3-common 42.0-5 in jammy armhf: universe/gnome/optional/100% -> main
gnome-bluetooth-3-common 42.0-5 in jammy i386: universe/gnome/optional/100% -> main
gnome-bluetooth-3-common 42.0-5 in jammy ppc64el: universe/gnome/optional/100% -> main
gnome-bluetooth-3-common 42.0-5 in jammy riscv64: universe/gnome/optional/100% -> main
gnome-bluetooth-3-common 42.0-5 in jammy s390x: universe/gnome/optional/100% -> main
libgnome-bluetooth-3.0-13 42.0-5 in jammy amd64: universe/libs/optional/100% -> main
libgnome-bluetooth-3.0-13 42.0-5 in jammy arm64: universe/libs/optional/100% -> main
libgnome-bluetooth-3.0-13 42.0-5 in jammy armhf: universe/libs/optional/100% -> main
libgnome-bluetooth-3.0-13 42.0-5 in jammy ppc64el: universe/libs/optional/100% -> main
libgnome-bluetooth-3.0-13 42.0-5 in jammy riscv64: universe/libs/optional/100% -> main
libgnome-bluetooth-3.0-13 42.0-5 in jammy s390x: universe/libs/optional/100% -> main
libgnome-bluetooth-3.0-dev 42.0-5 in jammy amd64: universe/libdevel/optional/100% -> main
libgnome-bluetooth-3.0-dev 42.0-5 in jammy arm64: universe/libdevel/optional/100% -> main
libgnome-bluetooth-3.0-dev 42.0-5 in jammy armhf: universe/libdevel/optional/100% -> main
libgnome-bluetooth-3.0-dev 42.0-5 in jammy ppc64el: universe/libdevel/optional/100% -> main
libgnome-bluetooth-3.0-dev 42.0-5 in jammy riscv64: universe/libdevel/optional/100% -> main
libgnome-bluetooth-3.0-dev 42.0-5 in jammy s390x: universe/libdevel/optional/100% -> main
libgnome-bluetooth-doc 42.0-5 in jammy amd64: universe/doc/optional/100% -> main
libgnome-bluetooth-doc 42.0-5 in jammy arm64: universe/doc/optional/100% -> main
libgnome-bluetooth-doc 42.0-5 in jammy armhf: universe/doc/optional/100%...

Read more...

Changed in gnome-bluetooth3 (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.