rustc has been promoted without a need to promote cargo; and the tasks
on the other packages are marked incomplete (maybe they should be
closed?). Nothing further here for ubuntu-archive to do at the moment,
so unsubscribing.
--
You received this bug notification because you are a member of
(binaries will be re-demoted as necessary)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1957932
Title:
[MIR] rustc, cargo, dh-cargo
To manage notifications about this bug go to:
Override component to main
rustc 1.58.1+dfsg1~ubuntu1-0ubuntu2 in jammy: universe/misc -> main
libstd-rust-1.58 1.58.1+dfsg1~ubuntu1-0ubuntu2 in jammy amd64:
universe/libs/optional/100% -> main
libstd-rust-1.58 1.58.1+dfsg1~ubuntu1-0ubuntu2 in jammy arm64:
universe/libs/optional/100% -> main
The seed has been updated, we now need an AA to promote the following
binaries: libstd-rust-1.58 libstd-rust-dev rustc
** Changed in: rustc (Ubuntu)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
On Mon, Apr 04, 2022 at 09:31:39AM -, Simon Chopin wrote:
> We also have a provisional ACK from the security team (I'll keep working
> on surfacing the vendored deps data in a better way than Cargo.lock!).
>
> The seed changes are in a MP at
>
Now that the new rustc has migrated from -proposed, I'd like to move
forward with the rustc MIR, as I believe all the issues raised during
its review (#3) have been addressed one way or the other, see #7 and
subsequent updates since.
We also have a provisional ACK from the security team (I'll
** Changed in: dh-cargo (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1957932
Title:
[MIR] rustc, cargo, dh-cargo
To manage notifications about this bug
** Description changed:
[Availability]
The packages rustc and cargo are already in Ubuntu universe.
The packages build for the architectures they are designed to work on,
and are also built on platform with lesser upstream support, see
** Also affects: dh-cargo (Ubuntu)
Importance: Undecided
Status: New
** Summary changed:
- [MIR] rustc, cargo
+ [MIR] rustc, cargo, dh-cargo
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Regarding the Suggests downgrade, I filed an FFe before uploading:
https://bugs.launchpad.net/ubuntu/+source/rustc/+bug/1966200
Regarding the Vendored-Copy field, I opened a discussion on the MIR
rules changes directly as I'd rather have the thing hashed out before
changing the rustc packaging.
> @paelzer, assuming rustc gets to main, do we need to downgrade the Recommends:
> cargo into a Suggests?
Yes if Cargo isn't ready for promotion to main yet you can't promote
anything that has a Recommends/Depends onto it.
--
You received this bug notification because you are a member of Ubuntu
I think the XS-Vendored-Copy or whatever should be split out onto a ML
thread so that we can work on something that's equally applicable for
the Go ecosystem, even if retroactively. I'll take care of it soon.
I'm preparing an upload for rustc that fixes the crossbeam-utils CVE in
*both* copies,
On Tue, Mar 15, 2022 at 05:14:00PM -, Simon Chopin wrote:
> Before even starting to address the various points further, I must ask
> whether they're showstopper for the *rustc* MIR.
> I ask because some of the concerns raised here are irrelevant for rustc
> itself. For instance, the
Before even starting to address the various points further, I must ask
whether they're showstopper for the *rustc* MIR.
I ask because some of the concerns raised here are irrelevant for rustc
itself. For instance, the X-Cargo-Built-Using is not only not used by
the rustc packaging at all, it
On Fri, Mar 11, 2022 at 10:17:47AM -, Simon Chopin wrote:
> @sbeattie there's some context on those various fields in
> https://github.com/cpaelzer/ubuntu-mir/pull/3
Thanks for this.
> Basically X-Cargo-Built-Using should be folded into Built-Using.
I agree with this, but is there a plan to
@sbeattie there's some context on those various fields in
https://github.com/cpaelzer/ubuntu-mir/pull/3
Basically X-Cargo-Built-Using should be folded into Built-Using. There
has been no talk of automating detection of packages that ought to have
those fields, but that does sound like a good
> 'Built-Using' vs 'X-Cargo-Built-Using' dh-cargo behavior
So there is no plan to change this in dh-cargo? The tool the security
team has that queries Built-Using can be modified to use the alternate
field, if necessary, but we need to know if that's what we need to do.
Are the tools that help
@paelzer I'm not exactly sure of where we are in the status diagram for
rustc in the MIR. I put it as "In Progress" by default.
Given the conclusion in bug #1964098 as well as the various answers
brought in comments #7 and #10 I think I've addressed all comments. As I
believe rustc to be useful
** Merge proposal linked:
https://code.launchpad.net/~schopin/ubuntu-seeds/+git/ubuntu-seeds/+merge/416688
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1957932
Title:
[MIR] rustc, cargo
To
** Changed in: rustc (Ubuntu)
Status: Incomplete => Confirmed
** Changed in: rustc (Ubuntu)
Status: Confirmed => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1957932
For reference:
https://bugs.launchpad.net/ubuntu/+source/rustc/+bug/1964098
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1957932
Title:
[MIR] rustc, cargo
To manage notifications about this bug
After sitting down with some members of the MIR team and an archive
admin, here's our plan for future rustc releases:
We'll go for versioned source packages, so that packages that are stuck
depending on older rustc versions for some reason can still work. To
avoid having too many versions
@Steve Beattie,
I concur with Simon, the foundations team will backport llvm to 22.04 if
an updated rustc requires it.
Matthieu
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1957932
Title:
[MIR]
Built-Using is already used in all pure-Rust binaries, e.g. ripgrep.
However, it only stores the version of rustc itself. The non-vendored
libraries are currently recorded using the non-standard field 'X-Cargo-
Built-Using'. Sadly, this doesn't apply to all packages that currently
Build-Depend on
I reviewed rustc 1.57.0+dfsg1+llvm-0ubuntu2 as checked into jammy
(but also peeked briefly at 1.58.1+dfsg1~ubuntu1-0ubuntu1~ppa5
in Simon's ppa). This shouldn't be considered a full audit but
rather a quick gauge of maintainability, and this is a bit more
streamlined review than normal due to the
Rustc update: I plan on uploading rustc 1.58.1 to the archive tomorrow
before feature freeze, as I've identified the failing tests as being
failing ever since Impish, and not "mission-critical", as they are
related to debug info, which is IMO mostly for developers, making it out
of scope for this
** Changed in: rustc (Ubuntu)
Assignee: Simon Chopin (schopin) => Ubuntu Security Team (ubuntu-security)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1957932
Title:
[MIR] rustc, cargo
To
** Description changed:
[Availability]
The packages rustc and cargo are already in Ubuntu universe.
The packages build for the architectures they are designed to work on,
and are also built on platform with lesser upstream support, see
Status of the rustc part of the MIR:
There's a package available at
https://launchpad.net/~schopin/+archive/ubuntu/rustc-mir/+packages
(still building...). I'm aware that there are issues with the armhf
build and am still investigating them. Barring that, I feel the package
is ready for security
Review for package: cargo
List of specific binary packages to be promoted to main was proposed
only cargo, but cargo-doc could go as well IMHO.
MIR team ACK given the constaint of having the security-review processed as it
downloads crate from the Internet and acked and the Required TODOs
Hi,
This is just a partial update while I'm working on the rustc packaging.
We're still debating the LLVM situation (item #10), but once that's done
I'll upload the newer 1.58.1 which comes with the security fix for
CVE-2022-21658 (item #13). I'm also looking into the test suite issue
(items #5,
Back to incomplete until at least the open questions e.g. if you want to
go with embedded or system llvm are answered.
Once you have answered those please set rustc back to "New" and assign
"ubuntu-security".
It can be in their queue for reviews at the same time that you are then working
on the
Review for Package: rustc
[Summary]
MIR team ACK under the constraint to resolve the below listed
required TODOs and as much as possible having a look at the
recommended TODOs.
This does need a security review, so I'll assign ubuntu-security
In addition security has to check and state if keeping
** Description changed:
[Availability]
The packages rustc and cargo are already in Ubuntu universe.
The packages build for the architectures they are designed to work on,
and are also built on platform with lesser upstream support, see
** Changed in: rustc (Ubuntu)
Assignee: (unassigned) => Christian Ehrhardt (paelzer)
** Changed in: cargo (Ubuntu)
Assignee: (unassigned) => Didier Roche (didrocks)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Setting review priorities and milestones and moving status to "New" as I
have been told this is now ready for review.
** Changed in: rustc (Ubuntu)
Status: Incomplete => New
** Changed in: cargo (Ubuntu)
Status: Incomplete => New
--
You received this bug notification because you
** Changed in: rustc (Ubuntu)
Milestone: None => ubuntu-22.04-beta
** Changed in: cargo (Ubuntu)
Milestone: None => ubuntu-22.04-beta
** Changed in: rustc (Ubuntu)
Importance: Undecided => Critical
** Changed in: cargo (Ubuntu)
Importance: Undecided => Critical
--
You received
** Description changed:
[Availability]
The packages rustc and cargo are already in Ubuntu universe.
The packages build for the architectures they are designed to work on,
and are also built on platform with lesser upstream support, see
Thanks for working on this Simon!
On the testing front, I think this is just pragmatism. There are always
a few failing tests for not very interesting reasons, and a few more on
!amd64. Debian does something slightly different and asserts no more
than a certain (per-architecture) number of test
** Summary changed:
- MIR: rustc, cargo
+ [MIR] rustc, cargo
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1957932
Title:
[MIR] rustc, cargo
To manage notifications about this bug go to:
** Changed in: cargo (Ubuntu)
Status: New => Incomplete
** Changed in: rustc (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1957932
Title:
MIR:
41 matches
Mail list logo