Bug 57292 – UCS@School installs "unmaintained" packages

Bug 57292 - UCS@School installs "unmaintained" packages


Summary:	UCS@School installs "unmaintained" packages

Status:	NEW

Product:	UCS@school
Classification:	Unclassified
Component:	General
Version:	UCS@school 5.0
Hardware:	Other All

Importance:	P5 normal (vote)
Target Milestone:	---
Assigned To:	UCS@school maintainers
QA Contact:

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2024-05-16 13:01 CEST by Dirk Ahrnke
Modified:	2024-05-21 13:10 CEST (History)
CC List:	2 users (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?:	3: Will affect average number of installed domains
How will those affected feel about the bug?:	2: A Pain – users won’t like this once they notice it
User Pain:	0.103
Enterprise Customer affected?:
School Customer affected?:	Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
ucsschool unmaintained dependencies (1.23 KB, application/x-shellscript) 2024-05-21 13:06 CEST, Jürn Brodersen	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Dirk Ahrnke

2024-05-16 13:01:21 CEST

According to the documentation UCS differentiates between "maintained" and "unmaintained" packages. 
https://docs.software-univention.de/manual/5.0/en/software/repository-server.html#software-config-repo states

"unmaintained packages are not covered by security updates or other maintenance."

When installing UCS@School several additional packages are installed depending on the role of the system. Some (?) of them are not included in the maintained-packages list for example erlang and its dependencies, python-django, rabbitmq and even univention-postgresql-9.6 (on a primary). On a school server some packages related to school-specific functionality like printing, printermoderation or webproxy can be found.

Support/Service staff as well as customers themselves may be confused about the support status of the system.

Comment 1 Norbert Tretkowski

2024-05-16 16:44:52 CEST

After a fresh setup of UCS 5.0-7:

```
root@srv00-ucs01:~# univention-app info
UCS: 5.0-7 errata1050
Installed: 
Upgradable: 
root@srv00-ucs01:~# univention-list-installed-unmaintained-packages 
No unmaintained packages installed.
root@srv00-ucs01:~# univention-app install ucsschool
[...]
root@srv00-ucs01:~# univention-list-installed-unmaintained-packages 
The following packages are unmaintained:
 python-colorlog python3-colorlog
root@srv00-ucs01:~#
```

And after setting up an UCS@school single server environment:

```
root@srv00-ucs01:~# univention-list-installed-unmaintained-packages 
The following packages are unmaintained:
 erlang-asn1 erlang-base erlang-crypto erlang-eldap erlang-ftp erlang-inets erlang-mnesia erlang-os-mon erlang-parsetools erlang-public-key erlang-runtime-tools erlang-snmp erlang-ssl erlang-syntax-tools erlang-tftp erlang-tools erlang-xmerl fonts-font-awesome fonts-glewlwyd gunicorn3 libsctp1 printer-driver-cups-pdf python-amqp python-anyjson python-attr
 python-billiard python-celery python-celery-common python-colorlog python-coreapi python-coreschema python-cups python-django python-django-common python-django-filters python-django-guardian python-djangorestframework python-ephem python-functools32 python-itypes python-kombu python-mailer python-pampy python-pathlib python-sqlparse python-vine
 python3-amqp python3-anyjson python3-attr python3-billiard python3-celery python3-colorlog python3-coreapi python3-coreschema python3-cups python3-django python3-django-celery-results python3-django-filters python3-django-guardian python3-djangorestframework python3-ephem python3-gunicorn python3-itypes python3-kombu python3-pampy python3-sqlparse
 python3-vine rabbitmq-server squidguard
root@srv00-ucs01:~#
```

Comment 2 Jürn Brodersen

2024-05-21 13:06:59 CEST

Created attachment 11211 [details]
ucsschool unmaintained dependencies

Small script to find which packages we have defined as explicit dependencies.

These packages need to be added to the trigger list:
https://git.knut.univention.de/univention/ucs-maintained


ucs-school-import/debian/control
gunicorn3
#######
ucs-test-ucsschool/debian/control
ucs-school-import/debian/control
python-attr
#######
ucs-school-import/debian/control
python-celery
#######
ucs-school-import/debian/control
python-celery-common
#######
ucs-school-lib/debian/control
python-colorlog
#######
ucs-school-umc-printermoderation/debian/control
python-cups
#######
django-pam/debian/control
ucs-school-import/debian/control
python-django
#######
ucs-school-import/debian/control
python-django-filters
#######
ucs-school-import/debian/control
python-djangorestframework
#######
ucs-school-import/debian/control
python-pampy
#######
ucs-test-ucsschool/debian/control
ucs-school-import/debian/control
python3-attr
#######
ucs-school-import/debian/control
python3-celery
#######
ucs-school-lib/debian/control
python3-colorlog
#######
ucs-school-umc-printermoderation/debian/control
python3-cups
#######
django-pam/debian/control
ucs-school-import/debian/control
python3-django
#######
ucs-school-import/debian/control
python3-django-celery-results
#######
ucs-school-import/debian/control
python3-django-filters
#######
ucs-school-import/debian/control
python3-djangorestframework
#######
ucs-school-import/debian/control
python3-pampy
#######
ucs-school-import/debian/control
rabbitmq-server
#######
ucs-school-webproxy/debian/control
squidguard
#######

Comment 3 Jürn Brodersen

2024-05-21 13:10:57 CEST

We need a test for this.
UCS does test this as an extra job:  https://jenkins2022.knut.univention.de/job/UCS-5.0/job/UCS-5.0-7/job/CheckMaintainedList/

It is not just a ucs-test because ucs-test installs a lot of packages which are not maintained. So we need to test on a machine that doesn't have ucs-test installed.