Hi all,
As discussed in the Fedora Rust channel on Matrix, I am planning to do a mini-mass-rebuild of all Rust applications (that are co-maintained by the Rust SIG), likely by the end of this week. I estimate that it will involve just shy of 200 packages per branch.
The motivation for a mini-mass-rebuild is two-fold:
1. Until very recently, the Rust standard library (shipped as a static archive by the "rust" package) was accidentally shipped with stripped debuginfo, which resulted in Rust applications that linked the standard library to have incomplete debuginfo - and as a result, they produced incomplete backtraces for any stack traces that involved the Rust standard library. This has been fixed since rust 1.78, but applications need to be rebuilt to pick up this improvement.
2. I regularly rebuild applications for "major" / "high priority" security issues in Rust crates, but there are a few accumulated "minor" / "low priority" security issues where I didn't yet have the time to rebuild the affected applications against the library versions that contain the necessary fixes. A mini-mass-rebuild would take care of all of these at the same time.
I plan to only rebuild Rust applications that are associated with the Rust SIG (i.e. packages "rust-*"), but no other packages (for example, firefox, thunderbird, or librsvg2). If any maintainers of packages that contain Rust code but that are not co-maintained by the Rust SIG would like their packages to be included in the mini-mass-rebuild as well, just let me know and I'll add them to my list.
Fabio
PS: Packages that build with vendored Rust dependencies (there are a handful of them, and most are not co-maintained by the Rust SIG) would only benefit from better debuginfo / backtraces, but not from security updates (that would require manually updating the vendor tarball), which is why I will not include them in the mini-mass-rebuild.
Thanks for doing this!!
Could you please add Helix [1] to this mass rebuild?
[1] https://src.fedoraproject.org/rpms/helix
Hussein
Am 20.05.24 um 9:29 PM schrieb Fabio Valentini:
Hi all,
As discussed in the Fedora Rust channel on Matrix, I am planning to do a mini-mass-rebuild of all Rust applications (that are co-maintained by the Rust SIG), likely by the end of this week. I estimate that it will involve just shy of 200 packages per branch.
The motivation for a mini-mass-rebuild is two-fold:
- Until very recently, the Rust standard library (shipped as a static
archive by the "rust" package) was accidentally shipped with stripped debuginfo, which resulted in Rust applications that linked the standard library to have incomplete debuginfo - and as a result, they produced incomplete backtraces for any stack traces that involved the Rust standard library. This has been fixed since rust 1.78, but applications need to be rebuilt to pick up this improvement.
- I regularly rebuild applications for "major" / "high priority"
security issues in Rust crates, but there are a few accumulated "minor" / "low priority" security issues where I didn't yet have the time to rebuild the affected applications against the library versions that contain the necessary fixes. A mini-mass-rebuild would take care of all of these at the same time.
I plan to only rebuild Rust applications that are associated with the Rust SIG (i.e. packages "rust-*"), but no other packages (for example, firefox, thunderbird, or librsvg2). If any maintainers of packages that contain Rust code but that are not co-maintained by the Rust SIG would like their packages to be included in the mini-mass-rebuild as well, just let me know and I'll add them to my list.
Fabio
PS: Packages that build with vendored Rust dependencies (there are a handful of them, and most are not co-maintained by the Rust SIG) would only benefit from better debuginfo / backtraces, but not from security updates (that would require manually updating the vendor tarball), which is why I will not include them in the mini-mass-rebuild. -- _______________________________________________ Rust mailing list -- rust@lists.fedoraproject.org To unsubscribe send an email to rust-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/rust@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
On Mon, May 20, 2024 at 9:29 PM Fabio Valentini decathorpe@gmail.com wrote:
Hi all,
As discussed in the Fedora Rust channel on Matrix, I am planning to do a mini-mass-rebuild of all Rust applications (that are co-maintained by the Rust SIG), likely by the end of this week. I estimate that it will involve just shy of 200 packages per branch.
This is now done. The updates are in bodhi:
https://bodhi.fedoraproject.org/updates/FEDORA-2024-c4bf73eb40 https://bodhi.fedoraproject.org/updates/FEDORA-2024-ce2936b568 https://bodhi.fedoraproject.org/updates/FEDORA-2024-40ee18b2e7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-74745ddb2a
I have included some additional (non rust-*) packages, including some GNOME applications (gnome-tour, snapshot, loupe, librsvg2). The EPEL9 builds have only picked up security fixes but not the better debuginfo, since that change has not yet landed in RHEL 9's Rust toolchain.
A quick check shows that debuginfo seems to be 10-15 MB larger after the toolchain changes that landed in the package for Rust 1.78 in Fedora. So it looks like debuginfo should indeed be more complete now - and hopefully backtraces should now be on par with backtraces generated by binaries that were built with the "official" upstream Rust toolchain.
Fabio
-
Fabio Valentini -
h-k-81@hotmail.com