There are at least two web interface projects for managing bacula: https://baculum.app/ https://bacularis.app/ https://bacularis.app/baculum-vs-bacularis
** Description changed: - TBD + [Availability] + https://launchpad.net/ubuntu/+source/bacula + currently in universe + builds for amd64, arm64, armhf, ppc64el, riscv64, s390x + + [Rationale] + bacula is required in Ubuntu main for 25.10. + it will generally be useful for a large part of our user base and our ubuntu's own services. + + bacula is a very complete backup solution which we want to use and + support. + + All binary packages built by bacula need to be in main to be our + supported backup solution. + + bacula: network backup service - metapackage + bacula-bscan: network backup service - bscan tool + bacula-client: network backup service - client metapackage + bacula-common: network backup service - common support files + bacula-common-mysql: network backup service - MySQL common files + bacula-common-pgsql: network backup service - PostgreSQL common files + bacula-common-sqlite3: network backup service - SQLite v3 common files + bacula-console: network backup service - text console + bacula-console-qt: network backup service - Bacula Administration Tool + bacula-director: network backup service - Director daemon + bacula-director-mysql: network backup service - MySQL storage for Director + bacula-director-pgsql: network backup service - PostgreSQL storage for Director + bacula-director-sqlite3: network backup service - SQLite 3 storage for Director + bacula-fd: network backup service - file daemon + bacula-sd: network backup service - storage daemon + bacula-server: network backup service - server metapackage + bacula-tray-monitor: network backup service - Bacula Tray Monitor + + The main inclusion is required in Ubuntu main no later than for 25.10 + due to canonical's plan to use it. + + [Security] + bacula had a few security issues in distance past, which were fixed quickly. + - CVE-2020-11061 heap overflow https://gitlab.bacula.org/bacula-community-edition/bacula-community/-/commit/f9472227317b8e1d26a781d042e0efdf432a633f + - CVE-2017-15367 sql injection + - CVE-2014-8295 sql injection + - CVE-2012-4430 acl rules not enforced https://gitlab.bacula.org/bacula-community-edition/bacula-community/-/commit/67debcecd3d530c429e817e1d778e79dcd1db905 + - CVE-2008-5373 symlink attack on arbitrary files + - CVE-2007-5626 mysql password disclosure through commandline/email + - CVE-2005-2995 symlink attack + - CVE-2005-2096 denial of service through zlib + + All binaries of bacula are in sbin, but that is no problem because: + - all binaries in /sbin have 0755, and they could be moved to bin/ + - no suid or sgid flags + + Package does install services, timers or recurring jobs: + - bacula-director.service + - bacula-fd.service + - bacula-sd.service + + - Security has been kept in mind and common isolation/risk-mitigation + patterns are in place utilizing the following features: + - only for backing up contents root privileges are used + - other services run as the "bacula" user + - encryption passwords stored in /etc/bacula/ are readable by default for bacula/root only + - Packages does not open privileged ports (ports < 1024) + - it opens: director=9101, file-daemon=9102, storage-daemon=9103 + - Packages do not contain extensions to security-sensitive software + (filters, scanners, plugins, UI skins, ...) + - _FORTIFY_SOURCE is undefined for the build since + - "bacula uses is own memory manager" + - "Bacula uses its own variant of fortified functions, which predates the implementation in GCC" + - a patch to re-enable glibc's fortifications was tested, and the build still works with it. + + [Quality assurance - function/usage] + - The package works well right after install + - it even has integrated postgresql database setup + - Due to the complexity of its desired application, it still needs post install configuration + + [Quality assurance - maintenance] + - The package is maintained well in Debian/Ubuntu/Upstream and does + not have too many, long-term & critical, open bugs + - Ubuntu https://bugs.launchpad.net/ubuntu/+source/bacula/+bug + - Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=bacula + - https://gitlab.bacula.org/bacula-community-edition/bacula-community/-/issues + - Some minor bugs are currently open, but they don't have major scope and are not critical + + [Quality assurance - testing] + - The package does not run a test at build time + - The package runs an autopkgtest, and is currently passing on amd64, arm64, armhf, i386, ppc64el, s390x + - It creates and restores a backup + - Test log: https://autopkgtest.ubuntu.com/results/autopkgtest-questing/questing/amd64/b/bacula/20250623_212933_7d1f6@/log.gz + - More logs: https://autopkgtest.ubuntu.com/packages/bacula + - The package does have not failing autopkgtests right now + + [Quality assurance - packaging] + - debian/watch is present and works, and there's debian/README.source + - debian/control defines a correct Maintainer field + - This package does not yield massive lintian Warnings, Errors + `lintian --pedantic` output: + P: bacula-common: manual-page-for-system-command [usr/sbin/bsmtp] + P: bacula-console-qt: manual-page-for-system-command [usr/sbin/bat] + P: bacula-tray-monitor: manual-page-for-system-command [usr/sbin/bacula-tray-monitor] + - Lintian overrides are present, but ok because: + - hardening-no-fortify-functions is set for all binaries since _FORTIFY_SOURCE is undefined + - spelling-error-in-binary for a false positive + - maintainer-script-should-not-use-piuparts-variable for a working around warning about storage space in debian/bacula-common.preinst + - executable-in-usr-lib for nagios checker in /usr/lib/nagios/plugins/check_bacula + - This package does not rely on obsolete or about to be demoted packages. + - This package has no python2 or GTK2 dependencies + - The package will not be installed by default + - Packaging is medium complex, but that is ok because bacula has multiple independent components split up to several binary packages + + [UI standards] + - Application is end-user facing, Translation is present, via standard gettext runtime internationalization system (translations in po/) + - End-user application "bacula-console-qt" that ships a standard conformant desktop file in /usr/share/applications/bat.desktop + + [Dependencies] + - There are further dependencies that are not yet in main: + - mt-st -> make "Suggested" dependency if not needed by Canonical IS + - dbconfig + - dbconfig-common + - dbconfig-psql + - dbconfig-sqlite3 + - dbconfig-mysql + - dbconfig-no-thanks + -> promote dbconfig-no-thanks to main, so database setup has to be done manually (which would be better anyway, since the dbconfig actions are quite intransparent and hard to debug, I think) + + [Standards compliance] + - This package correctly follows FHS and Debian Policy + + [Maintenance/Owner] + - The owning team will be "server" and I have their acknowledgement for that commitment + - This does not use static builds + - This does not use vendored code + - This package is not rust based + + - The package has been built within the last 3 months in the archive + e.g. https://launchpad.net/ubuntu/+source/bacula/15.0.3-3/+build/30667108 + + [Background information] + - The Package description explains the package well + - Upstream Name is bacula + - upstream repo: https://gitlab.bacula.org/bacula-community-edition/bacula-community -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2112455 Title: [MIR] bacula To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bacula/+bug/2112455/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
