[Bug 2145317] Re: FFe: Enable cargo-auditable support for several important Rust packages

Launchpad Bug Tracker 2145317 at bugs.launchpad.net
Fri Mar 27 01:26:09 UTC 2026 

This bug was fixed in the package rust-sudo-rs - 0.2.12-0ubuntu3

---------------
rust-sudo-rs (0.2.12-0ubuntu3) resolute; urgency=medium

  * Disable cargo-auditable on i386

 -- Florent 'Skia' Jacquet <skia at ubuntu.com>  Tue, 24 Mar 2026 11:58:04
+0100

** Changed in: rust-sudo-rs (Ubuntu Resolute)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to rust-sudo-rs in Ubuntu.
https://bugs.launchpad.net/bugs/2145317

Title:
  FFe: Enable cargo-auditable support for several important Rust
  packages

Status in Ubuntu:
  New
Status in rust-alacritty package in Ubuntu:
  Fix Released
Status in rust-bat package in Ubuntu:
  New
Status in rust-du-dust package in Ubuntu:
  New
Status in rust-eza package in Ubuntu:
  New
Status in rust-fd-find package in Ubuntu:
  New
Status in rust-hyperfine package in Ubuntu:
  New
Status in rust-ripgrep package in Ubuntu:
  New
Status in rust-sd package in Ubuntu:
  New
Status in rust-sudo-rs package in Ubuntu:
  Fix Released
Status in The Resolute Raccoon:
  New
Status in rust-alacritty source package in Resolute:
  Fix Released
Status in rust-bat source package in Resolute:
  New
Status in rust-du-dust source package in Resolute:
  New
Status in rust-eza source package in Resolute:
  New
Status in rust-fd-find source package in Resolute:
  New
Status in rust-hyperfine source package in Resolute:
  New
Status in rust-ripgrep source package in Resolute:
  New
Status in rust-sd source package in Resolute:
  New
Status in rust-sudo-rs source package in Resolute:
  Fix Released

Bug description:
  Hello,

  For the past cycle I have been working on patching in cargo-auditable
  support to dh-cargo. Cargo-auditable is a tool that embeds dependency
  metadata into Rust binaries.[1] This is invaluable in the aftermath of
  a CVE, as it lets you know at-a-glance if a binary may have been
  compromised. It's also great for curious users!

  For 26.04, cargo-auditable will be *opt-in.* Developers of Rust
  packages that build using dh-cargo can export
  `UBUNTU_ENABLE_CARGO_AUDITABLE=1` near the top of their d/rules, and
  including `Build-Depends: cargo-auditable` in d/control.

  [1]: https://github.com/rust-secure-code/cargo-auditable

  ## FFe ##

  This bug tracks the FFe to enable cargo-auditable for the following popular Rust packages:
  - rust-alacritty
  - rust-bat
  - rust-du-dust
  - rust-eza
  - rust-fd-find
  - rust-hyperfine
  - rust-ripgrep
  - rust-sd
  - rust-sudo-rs

  This FFe is necessary because getting cargo-auditable support in is a
  26.04 roadmap item, and we want developers to have easy access to
  tools to make their packages more secure.

  You can see the packages building here:
  https://launchpad.net/~petrakat/+archive/ubuntu/cargo-auditable-prod-
  test

  There is no upstream changelog, as this is an Ubuntu-only change.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+bug/2145317/+subscriptions

More information about the foundations-bugs mailing list