[Bug 2145317] Re: Enable cargo-auditable support for several important Rust packages

Launchpad Bug Tracker 2145317 at bugs.launchpad.net
Tue Mar 24 11:11:19 UTC 2026 

This bug was fixed in the package rust-alacritty - 0.16.1-2ubuntu1

---------------
rust-alacritty (0.16.1-2ubuntu1) resolute; urgency=medium

  * d/{control,rules}: Enable cargo-auditable metadata. (LP: #2145317)

 -- Petrichor Park <petrichor.park at canonical.com>  Mon, 23 Mar 2026
10:55:32 -0500

** Changed in: rust-alacritty (Ubuntu Resolute)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to rust-sudo-rs in Ubuntu.
https://bugs.launchpad.net/bugs/2145317

Title:
  Enable cargo-auditable support for several important Rust packages

Status in Ubuntu:
  New
Status in rust-alacritty package in Ubuntu:
  Fix Released
Status in rust-bat package in Ubuntu:
  New
Status in rust-du-dust package in Ubuntu:
  New
Status in rust-eza package in Ubuntu:
  New
Status in rust-fd-find package in Ubuntu:
  New
Status in rust-hyperfine package in Ubuntu:
  New
Status in rust-ripgrep package in Ubuntu:
  New
Status in rust-sd package in Ubuntu:
  New
Status in rust-sudo-rs package in Ubuntu:
  Fix Committed
Status in The Resolute Raccoon:
  New
Status in rust-alacritty source package in Resolute:
  Fix Released
Status in rust-bat source package in Resolute:
  New
Status in rust-du-dust source package in Resolute:
  New
Status in rust-eza source package in Resolute:
  New
Status in rust-fd-find source package in Resolute:
  New
Status in rust-hyperfine source package in Resolute:
  New
Status in rust-ripgrep source package in Resolute:
  New
Status in rust-sd source package in Resolute:
  New
Status in rust-sudo-rs source package in Resolute:
  Fix Committed

Bug description:
  Hello,

  For the past cycle I have been working on patching in cargo-auditable
  support to dh-cargo. Cargo-auditable is a tool that embeds dependency
  metadata into Rust binaries.[1] This is invaluable in the aftermath of
  a CVE, as it lets you know at-a-glance if a binary may have been
  compromised. It's also great for curious users!

  For 26.04, cargo-auditable will be *opt-in.* Developers of Rust
  packages that build using dh-cargo can export
  `UBUNTU_ENABLE_CARGO_AUDITABLE=1` near the top of their d/rules, and
  including `Build-Depends: cargo-auditable` in d/control.

  This bug tracks the FFE to enable cargo-auditable for the following popular Rust packages:
  - rust-alacritty
  - rust-bat
  - rust-du-dust
  - rust-eza
  - rust-fd-find
  - rust-hyperfine
  - rust-ripgrep
  - rust-sd
  - rust-sudo-rs

  [1]: https://github.com/rust-secure-code/cargo-auditable

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+bug/2145317/+subscriptions

More information about the foundations-bugs mailing list