[Bug 2072561] Re: [MIR] rust-hwlib

Thu, 05 Jun 2025 14:30:41 -0700 

I reviewed rust-hwlib 0.9.1 as checked into questing. This shouldn't be
considered a full audit but rather a quick gauge of maintainability. This
is a second audit run, the first being:
https://bugs.launchpad.net/ubuntu/+bug/2072561/comments/10

rust-hwlib is a library and client application that collects hardware and
OS information and check certification status with a server.

- CVE History
  - None
- Build-Depends
  - cargo:native; jq; libssl-dev; python3; rustc:native
- pre/post inst/rm scripts
  - Install/Remove AppArmor profile
- init scripts
  - None
- systemd units
  - None
- dbus services
  - None
- setuid binaries
  - None
- binaries in PATH
  - ./usr/bin/hwctl
- sudo fragments
  - None
- polkit files
  - None
- udev rules
  - None
- unit tests / autopkgtests
  - unittests for hwlib, running in build time
  - autopkgtest also present, validating hwctl and the apparmor profile
- cron jobs
  - None
- Build logs
  - OK. a few warnings mainly from rust-vendor/ code.

- Processes spawned
  - OK
- Memory management
  - OK
- File IO
  - OK
- Logging
  - OK
- Environment variable usage
  - OK
- Use of privileged functions
  - OK
- Use of cryptography / random number sources etc
  - OK
- Use of temp files
  - OK
- Use of networking
  - OK
- Use of WebKit
  - None
- Use of PolicyKit
  - None

- Any significant cppcheck results
  - None
- Any significant Coverity results
  - Coverity not available for Rust
- Any significant shellcheck results
  - None
- Any significant bandit results
  - None
- Any significant govulncheck results
  - None
- Any significant Semgrep results
  - None

The rust-hwlib code itself seems consistent and the interactions with the
in-house upstream were very satisfying giving us confidence that the
package will have the support needed. The main challenge is with the rust
vendored code environment, a known fact that we can live and work with.

Security team ACK for promoting rust-hwlib to main.


** Changed in: rust-hwlib (Ubuntu Questing)
       Status: New => In Progress

** Changed in: rust-hwlib (Ubuntu Questing)
     Assignee: Ubuntu Security Team (ubuntu-security) => (unassigned)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2072561

Title:
  [MIR] rust-hwlib

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+bug/2072561/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to