[Bug 1957932] Re: [MIR] rustc, cargo, dh-cargo
rustc has been promoted without a need to promote cargo; and the tasks on the other packages are marked incomplete (maybe they should be closed?). Nothing further here for ubuntu-archive to do at the moment, so unsubscribing. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1957932 Title: [MIR] rustc, cargo, dh-cargo To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cargo/+bug/1957932/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1957932] Re: [MIR] rustc, cargo, dh-cargo
(binaries will be re-demoted as necessary) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1957932 Title: [MIR] rustc, cargo, dh-cargo To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cargo/+bug/1957932/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1957932] Re: [MIR] rustc, cargo, dh-cargo
Override component to main rustc 1.58.1+dfsg1~ubuntu1-0ubuntu2 in jammy: universe/misc -> main libstd-rust-1.58 1.58.1+dfsg1~ubuntu1-0ubuntu2 in jammy amd64: universe/libs/optional/100% -> main libstd-rust-1.58 1.58.1+dfsg1~ubuntu1-0ubuntu2 in jammy arm64: universe/libs/optional/100% -> main libstd-rust-1.58 1.58.1+dfsg1~ubuntu1-0ubuntu2 in jammy armhf: universe/libs/optional/100% -> main libstd-rust-1.58 1.58.1+dfsg1~ubuntu1-0ubuntu2 in jammy i386: universe/libs/optional/100% -> main libstd-rust-1.58 1.58.1+dfsg1~ubuntu1-0ubuntu2 in jammy ppc64el: universe/libs/optional/100% -> main libstd-rust-1.58 1.58.1+dfsg1~ubuntu1-0ubuntu2 in jammy riscv64: universe/libs/optional/100% -> main libstd-rust-1.58 1.58.1+dfsg1~ubuntu1-0ubuntu2 in jammy s390x: universe/libs/optional/100% -> main libstd-rust-dev 1.58.1+dfsg1~ubuntu1-0ubuntu2 in jammy amd64: universe/libdevel/extra/100% -> main libstd-rust-dev 1.58.1+dfsg1~ubuntu1-0ubuntu2 in jammy arm64: universe/libdevel/extra/100% -> main libstd-rust-dev 1.58.1+dfsg1~ubuntu1-0ubuntu2 in jammy armhf: universe/libdevel/extra/100% -> main libstd-rust-dev 1.58.1+dfsg1~ubuntu1-0ubuntu2 in jammy i386: universe/libdevel/extra/100% -> main libstd-rust-dev 1.58.1+dfsg1~ubuntu1-0ubuntu2 in jammy ppc64el: universe/libdevel/extra/100% -> main libstd-rust-dev 1.58.1+dfsg1~ubuntu1-0ubuntu2 in jammy riscv64: universe/libdevel/extra/100% -> main libstd-rust-dev 1.58.1+dfsg1~ubuntu1-0ubuntu2 in jammy s390x: universe/libdevel/extra/100% -> main rust-all 1.58.1+dfsg1~ubuntu1-0ubuntu2 in jammy amd64: universe/devel/optional/100% -> main rust-all 1.58.1+dfsg1~ubuntu1-0ubuntu2 in jammy arm64: universe/devel/optional/100% -> main rust-all 1.58.1+dfsg1~ubuntu1-0ubuntu2 in jammy armhf: universe/devel/optional/100% -> main rust-all 1.58.1+dfsg1~ubuntu1-0ubuntu2 in jammy i386: universe/devel/optional/100% -> main rust-all 1.58.1+dfsg1~ubuntu1-0ubuntu2 in jammy ppc64el: universe/devel/optional/100% -> main rust-all 1.58.1+dfsg1~ubuntu1-0ubuntu2 in jammy riscv64: universe/devel/optional/100% -> main rust-all 1.58.1+dfsg1~ubuntu1-0ubuntu2 in jammy s390x: universe/devel/optional/100% -> main rust-clippy 1.58.1+dfsg1~ubuntu1-0ubuntu2 in jammy amd64: universe/devel/optional/100% -> main rust-clippy 1.58.1+dfsg1~ubuntu1-0ubuntu2 in jammy arm64: universe/devel/optional/100% -> main rust-clippy 1.58.1+dfsg1~ubuntu1-0ubuntu2 in jammy armhf: universe/devel/optional/100% -> main rust-clippy 1.58.1+dfsg1~ubuntu1-0ubuntu2 in jammy i386: universe/devel/optional/100% -> main rust-clippy 1.58.1+dfsg1~ubuntu1-0ubuntu2 in jammy ppc64el: universe/devel/optional/100% -> main rust-clippy 1.58.1+dfsg1~ubuntu1-0ubuntu2 in jammy riscv64: universe/devel/optional/100% -> main rust-clippy 1.58.1+dfsg1~ubuntu1-0ubuntu2 in jammy s390x: universe/devel/optional/100% -> main rust-doc 1.58.1+dfsg1~ubuntu1-0ubuntu2 in jammy amd64: universe/doc/extra/100% -> main rust-doc 1.58.1+dfsg1~ubuntu1-0ubuntu2 in jammy arm64: universe/doc/extra/100% -> main rust-doc 1.58.1+dfsg1~ubuntu1-0ubuntu2 in jammy armhf: universe/doc/extra/100% -> main rust-doc 1.58.1+dfsg1~ubuntu1-0ubuntu2 in jammy i386: universe/doc/extra/100% -> main rust-doc 1.58.1+dfsg1~ubuntu1-0ubuntu2 in jammy ppc64el: universe/doc/extra/100% -> main rust-doc 1.58.1+dfsg1~ubuntu1-0ubuntu2 in jammy riscv64: universe/doc/extra/100% -> main rust-doc 1.58.1+dfsg1~ubuntu1-0ubuntu2 in jammy s390x: universe/doc/extra/100% -> main rust-gdb 1.58.1+dfsg1~ubuntu1-0ubuntu2 in jammy amd64: universe/devel/extra/100% -> main rust-gdb 1.58.1+dfsg1~ubuntu1-0ubuntu2 in jammy arm64: universe/devel/extra/100% -> main rust-gdb 1.58.1+dfsg1~ubuntu1-0ubuntu2 in jammy armhf: universe/devel/extra/100% -> main rust-gdb 1.58.1+dfsg1~ubuntu1-0ubuntu2 in jammy i386: universe/devel/extra/100% -> main rust-gdb 1.58.1+dfsg1~ubuntu1-0ubuntu2 in jammy ppc64el: universe/devel/extra/100% -> main rust-gdb 1.58.1+dfsg1~ubuntu1-0ubuntu2 in jammy riscv64: universe/devel/extra/100% -> main rust-gdb 1.58.1+dfsg1~ubuntu1-0ubuntu2 in jammy s390x: universe/devel/extra/100% -> main rust-lldb 1.58.1+dfsg1~ubuntu1-0ubuntu2 in jammy amd64: universe/devel/extra/100% -> main rust-lldb 1.58.1+dfsg1~ubuntu1-0ubuntu2 in jammy arm64: universe/devel/extra/100% -> main rust-lldb 1.58.1+dfsg1~ubuntu1-0ubuntu2 in jammy armhf: universe/devel/extra/100% -> main rust-lldb 1.58.1+dfsg1~ubuntu1-0ubuntu2 in jammy i386: universe/devel/extra/100% -> main rust-lldb 1.58.1+dfsg1~ubuntu1-0ubuntu2 in jammy ppc64el: universe/devel/extra/100% -> main rust-lldb 1.58.1+dfsg1~ubuntu1-0ubuntu2 in jammy riscv64: universe/devel/extra/100% -> main rust-lldb 1.58.1+dfsg1~ubuntu1-0ubuntu2 in jammy s390x: universe/devel/extra/100% -> main rust-src 1.58.1+dfsg1~ubuntu1-0ubuntu2 in jammy amd64: universe/devel/extra/100% -> main rust-src 1.58.1+dfsg1~ubuntu1-0ubuntu2 in jammy arm64: universe/devel/extra/100% -> main rust-src 1.58.1+dfsg1~ubuntu1-0ubuntu2 in jammy armhf: universe/devel/extra/100% -> main
[Bug 1957932] Re: [MIR] rustc, cargo, dh-cargo
The seed has been updated, we now need an AA to promote the following binaries: libstd-rust-1.58 libstd-rust-dev rustc ** Changed in: rustc (Ubuntu) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1957932 Title: [MIR] rustc, cargo, dh-cargo To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cargo/+bug/1957932/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1957932] Re: [MIR] rustc, cargo, dh-cargo
On Mon, Apr 04, 2022 at 09:31:39AM -, Simon Chopin wrote: > We also have a provisional ACK from the security team (I'll keep working > on surfacing the vendored deps data in a better way than Cargo.lock!). > > The seed changes are in a MP at > https://code.launchpad.net/~schopin/ubuntu-seeds/+git/ubuntu- > seeds/+merge/416688 > > @paelzer could you confirm that we can move ahead, and perhaps review > the seed change? From the Ubuntu Security Team's perspective, ACK for moving ahead. Thanks! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1957932 Title: [MIR] rustc, cargo, dh-cargo To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cargo/+bug/1957932/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1957932] Re: [MIR] rustc, cargo, dh-cargo
Now that the new rustc has migrated from -proposed, I'd like to move forward with the rustc MIR, as I believe all the issues raised during its review (#3) have been addressed one way or the other, see #7 and subsequent updates since. We also have a provisional ACK from the security team (I'll keep working on surfacing the vendored deps data in a better way than Cargo.lock!). The seed changes are in a MP at https://code.launchpad.net/~schopin/ubuntu-seeds/+git/ubuntu- seeds/+merge/416688 @paelzer could you confirm that we can move ahead, and perhaps review the seed change? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1957932 Title: [MIR] rustc, cargo, dh-cargo To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cargo/+bug/1957932/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1957932] Re: [MIR] rustc, cargo, dh-cargo
** Changed in: dh-cargo (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1957932 Title: [MIR] rustc, cargo, dh-cargo To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cargo/+bug/1957932/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1957932] Re: [MIR] rustc, cargo, dh-cargo
** Description changed: [Availability] The packages rustc and cargo are already in Ubuntu universe. The packages build for the architectures they are designed to work on, and are also built on platform with lesser upstream support, see https://doc.rust-lang.org/nightly/rustc/platform-support.html for details. They currently build and works for architectures: * amd64 * arm64 * armhf * i386 * ppc64el * riscv64 * s390x Link to packages: https://launchpad.net/ubuntu/+source/rustc https://launchpad.net/ubuntu/+source/cargo + https://launchpad.net/ubuntu/+source/dh-cargo Upcoming version: https://launchpad.net/~schopin/+archive/ubuntu/rustc-mir/+sourcepub/13264343/+listing-archive-extra - [Rationale] The packages rustc and cargo are required in Ubuntu main as the Rust programming language is gaining in popularity, and those two packages are, respectively, its - main compiler implementation and its dedicated build tool (and dependency manager). + main compiler implementation and its dedicated build tool (and dependency manager). dh-cargo is the standard packaging helper for Rust-based packages. There are a few packages in main already that have partially switched to Rust as their implementation language, and so rustc and cargo will be needed to keep us in sync with their upstream. See for instance https://bugs.launchpad.net/ubuntu/+source/mdevctl/+bug/1942394 and https://lists.debian.org/debian-python/2021/12/msg0.html (python-cryptography is in main) Note that the huge majority of our users will not use these packages, their purpose is to be a build-dependency for other packages. In particular, it is not particularly expected at this stage that those of our users that are Rust developers, which usually rely on their toolchain being managed in their $HOME by the `rustup` tool. [Security] cargo and rustc had 19 recorded security issues in the past, mostly in the Rust standard library (1 affecting cargo): https://nvd.nist.gov/vuln/search/results?form_type=Advanced_type=overview_type=all=false_vendor=cpe%3A%2F%3Arust- lang_product=cpe%3A%2F%3A%3Arust All issues are usually handled promptly by the Rust team. However, the fixes are rarely (if ever) backported to previous releases besides an occasional 1.X.1 point release for the latest stable. There is an official Rust Security working group that curates a database of security issues within the Rust ecosystem, including rustc/cargo: https://github.com/rustsec/advisory-db + There are no history of known security issues with dh-cargo. + - no `suid` or `sgid` binaries - no executables in `/sbin` and `/usr/sbin` - Package does not install services, timers or recurring jobs - Packages does not open privileged ports (ports < 1024) - Packages does not contain extensions to security-sensitive software (filters, scanners, plugins, UI skins, ...) - Note however that in typical use, building a project with cargo+rustc involves + Note however that in typical use outside of packaging, building a project with cargo+rustc involves executing code that has been downloaded from crates.io: cargo builds and executes the `build.rs` file for any pre-compilation task (a bit like a Makefile), and any use of a proc macro dependency basically implies running arbitrary code (the macro) within the execution context of rustc. [Quality assurance - function/usage] The packages work well right after install, one can easily create a simple Rust project and run it. [Quality assurance - maintenance] The packages do not deal with exotic hardware we cannot support [Quality assurance - testing] - The packages both run a test suite on build time. However, the rustc test suite + The cargo and rustc packages both run a test suite on build time. However, the rustc test suite does NOT make the build fail as of 1.57. The reason is that there are always a few tests that fail, and it was a tradeoff made due to limited resources. Please note that Debian has a strategy of only failing the build if there are *too many* errors. As the Foundations team commits more resources on this toolchain, we've reverted back to Debian's system and are planning to making the testing story more rigorous. Neither package has any autopkgtests in the versions currently in the release pocket. The upcoming rustc upload will have an autopkgtest consisting of rebuilding itself. Debian's cargo package now has a similar autopkgtest, that will be cherry-picked in the next cargo upload. + dh-cargo has neither build-time tests nor autopkgtests. + [Quality assurance - packaging] - debian/watch is present and works + debian/watch is present and works, dh-cargo is a native package. rustc yields quite a bit of lintian output, but they seem mostly harmless. https://lintian.debian.org/sources/rustc There are
