Your message dated Sat, 15 Nov 2025 11:21:45 +0000
with message-id
<736c7150dc08501cc89945035c406eaf9688e144.ca...@adam-barratt.org.uk>
and subject line Closing requests for updates included in 13.2
has caused the Debian Bug report #1119142,
regarding trixie-pu: package rust-virtiofsd/1.13.2-1+deb13u1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1119142: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119142
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: trixie
X-Debbugs-Cc: [email protected]
Control: affects -1 + src:rust-virtiofsd
User: [email protected]
Usertags: pu
[ Reason ]
There's a dependency missing for virtiofsd package, -
which is bug #1109051.
The problem here is that virtiofsd does not run in its most
common and most secure configuration. It is more, -- there's
no (visible) error messages anywhere, and the user faces a
void with cryptic error messages. Even experienced debian
users are unable to figure out what's happening.
This update adds a new dependency for virtiofsd on uidmap package,
which provides the required functionality.
Arguable it can be added to Recommends instead, but I think
hard dependency is better in this case.
Speaking of the new dependency, - it is one of a few very basic
system packages which comes from shadow-utils source. Yes, it
contains suid-root helpers, but overall it's a small self-contained
package for which there should be no issues to install.
[ Tests ]
It's basically not applicable. Yes, with the installation of
uidmap package, the bug in question is fixed.
[ Risks ]
There's no change in the package itself besides adding a single
new entry to the Depends: line. The only possible risk comes from
the uidmap package itself, - some might find it not good when there's
a new suid-root binary on their system. We have `su' already, though.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
Thanks,
/mjt
diff -Nru rust-virtiofsd-1.13.2/debian/changelog
rust-virtiofsd-1.13.2/debian/changelog
--- rust-virtiofsd-1.13.2/debian/changelog 2025-07-10 20:02:47.000000000
+0300
+++ rust-virtiofsd-1.13.2/debian/changelog 2025-10-27 17:18:13.000000000
+0300
@@ -1,3 +1,12 @@
+rust-virtiofsd (1.13.2-1+deb13u1) trixie; urgency=medium
+
+ * add Depends: uidmap. Closes: #1109051
+ virtiofsd uses uidmap when run in a user namespace,
+ and this is the most secure way to use it.
+ So uidmap package is basically required.
+
+ -- Michael Tokarev <[email protected]> Mon, 27 Oct 2025 17:18:13 +0300
+
rust-virtiofsd (1.13.2-1) unstable; urgency=medium
* Package virtiofsd 1.13.2 from crates.io using debcargo 2.7.8
diff -Nru rust-virtiofsd-1.13.2/debian/control
rust-virtiofsd-1.13.2/debian/control
--- rust-virtiofsd-1.13.2/debian/control 2025-07-10 20:02:47.000000000
+0300
+++ rust-virtiofsd-1.13.2/debian/control 2025-10-27 17:18:13.000000000
+0300
@@ -101,7 +101,8 @@
Depends:
${misc:Depends},
${shlibs:Depends},
- ${cargo:Depends}
+ ${cargo:Depends},
+ uidmap
Recommends:
${cargo:Recommends}
Suggests:
diff -Nru rust-virtiofsd-1.13.2/debian/debcargo.toml
rust-virtiofsd-1.13.2/debian/debcargo.toml
--- rust-virtiofsd-1.13.2/debian/debcargo.toml 2025-07-10 20:02:47.000000000
+0300
+++ rust-virtiofsd-1.13.2/debian/debcargo.toml 2025-10-27 17:18:13.000000000
+0300
@@ -8,6 +8,7 @@
[packages.bin]
section = "otherosfs"
+depends = ["uidmap"]
# we replace file in qemu-system-common:
# /usr/share/qemu/vhost-user/50-qemu-virtiofsd.json
extra_lines = [
--- End Message ---
--- Begin Message ---
Package: release.debian.org
Version: 13.2
Hi,
The updates referenced in each of these bugs were included in today's
13.2 trixie point release.
Regards,
Adam
--- End Message ---
