[Bug 2145317] Re: [FFE] Enable cargo-auditable support for several important Rust packages
Petrichor Park
2145317 at bugs.launchpad.net
Tue Mar 24 18:17:38 UTC 2026
** Summary changed:
- Enable cargo-auditable support for several important Rust packages
+ [FFE] Enable cargo-auditable support for several important Rust packages
** Description changed:
Hello,
For the past cycle I have been working on patching in cargo-auditable
support to dh-cargo. Cargo-auditable is a tool that embeds dependency
metadata into Rust binaries.[1] This is invaluable in the aftermath of a
CVE, as it lets you know at-a-glance if a binary may have been
compromised. It's also great for curious users!
For 26.04, cargo-auditable will be *opt-in.* Developers of Rust packages
that build using dh-cargo can export `UBUNTU_ENABLE_CARGO_AUDITABLE=1`
near the top of their d/rules, and including `Build-Depends: cargo-
auditable` in d/control.
+ [1]: https://github.com/rust-secure-code/cargo-auditable
+
+ ## FFE ##
+
This bug tracks the FFE to enable cargo-auditable for the following popular Rust packages:
- rust-alacritty
- rust-bat
- rust-du-dust
- rust-eza
- rust-fd-find
- rust-hyperfine
- rust-ripgrep
- rust-sd
- rust-sudo-rs
- [1]: https://github.com/rust-secure-code/cargo-auditable
+ This FFE is necessary because getting cargo-auditable support in is a
+ 26.04 roadmap item, and we want developers to have easy access to tools
+ to make their packages more secure.
+
+ You can see the packages building here:
+ https://launchpad.net/~petrakat/+archive/ubuntu/cargo-auditable-prod-
+ test
+
+ There is no upstream changelog, as this is an Ubuntu-only change.
** Summary changed:
- [FFE] Enable cargo-auditable support for several important Rust packages
+ FFe: Enable cargo-auditable support for several important Rust packages
** Description changed:
Hello,
For the past cycle I have been working on patching in cargo-auditable
support to dh-cargo. Cargo-auditable is a tool that embeds dependency
metadata into Rust binaries.[1] This is invaluable in the aftermath of a
CVE, as it lets you know at-a-glance if a binary may have been
compromised. It's also great for curious users!
For 26.04, cargo-auditable will be *opt-in.* Developers of Rust packages
that build using dh-cargo can export `UBUNTU_ENABLE_CARGO_AUDITABLE=1`
near the top of their d/rules, and including `Build-Depends: cargo-
auditable` in d/control.
[1]: https://github.com/rust-secure-code/cargo-auditable
- ## FFE ##
+ ## FFe ##
- This bug tracks the FFE to enable cargo-auditable for the following popular Rust packages:
+ This bug tracks the FFe to enable cargo-auditable for the following popular Rust packages:
- rust-alacritty
- rust-bat
- rust-du-dust
- rust-eza
- rust-fd-find
- rust-hyperfine
- rust-ripgrep
- rust-sd
- rust-sudo-rs
- This FFE is necessary because getting cargo-auditable support in is a
+ This FFe is necessary because getting cargo-auditable support in is a
26.04 roadmap item, and we want developers to have easy access to tools
to make their packages more secure.
You can see the packages building here:
https://launchpad.net/~petrakat/+archive/ubuntu/cargo-auditable-prod-
test
There is no upstream changelog, as this is an Ubuntu-only change.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to rust-sudo-rs in Ubuntu.
https://bugs.launchpad.net/bugs/2145317
Title:
FFe: Enable cargo-auditable support for several important Rust
packages
Status in Ubuntu:
New
Status in rust-alacritty package in Ubuntu:
Fix Released
Status in rust-bat package in Ubuntu:
New
Status in rust-du-dust package in Ubuntu:
New
Status in rust-eza package in Ubuntu:
New
Status in rust-fd-find package in Ubuntu:
New
Status in rust-hyperfine package in Ubuntu:
New
Status in rust-ripgrep package in Ubuntu:
New
Status in rust-sd package in Ubuntu:
New
Status in rust-sudo-rs package in Ubuntu:
Fix Committed
Status in The Resolute Raccoon:
New
Status in rust-alacritty source package in Resolute:
Fix Released
Status in rust-bat source package in Resolute:
New
Status in rust-du-dust source package in Resolute:
New
Status in rust-eza source package in Resolute:
New
Status in rust-fd-find source package in Resolute:
New
Status in rust-hyperfine source package in Resolute:
New
Status in rust-ripgrep source package in Resolute:
New
Status in rust-sd source package in Resolute:
New
Status in rust-sudo-rs source package in Resolute:
Fix Committed
Bug description:
Hello,
For the past cycle I have been working on patching in cargo-auditable
support to dh-cargo. Cargo-auditable is a tool that embeds dependency
metadata into Rust binaries.[1] This is invaluable in the aftermath of
a CVE, as it lets you know at-a-glance if a binary may have been
compromised. It's also great for curious users!
For 26.04, cargo-auditable will be *opt-in.* Developers of Rust
packages that build using dh-cargo can export
`UBUNTU_ENABLE_CARGO_AUDITABLE=1` near the top of their d/rules, and
including `Build-Depends: cargo-auditable` in d/control.
[1]: https://github.com/rust-secure-code/cargo-auditable
## FFe ##
This bug tracks the FFe to enable cargo-auditable for the following popular Rust packages:
- rust-alacritty
- rust-bat
- rust-du-dust
- rust-eza
- rust-fd-find
- rust-hyperfine
- rust-ripgrep
- rust-sd
- rust-sudo-rs
This FFe is necessary because getting cargo-auditable support in is a
26.04 roadmap item, and we want developers to have easy access to
tools to make their packages more secure.
You can see the packages building here:
https://launchpad.net/~petrakat/+archive/ubuntu/cargo-auditable-prod-
test
There is no upstream changelog, as this is an Ubuntu-only change.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+bug/2145317/+subscriptions
More information about the foundations-bugs
mailing list