[Pkg-rust-maintainers] Bug#1119142: trixie-pu: package rust-virtiofsd/1.13.2-1+deb13u1

Michael Tokarev mjt at tls.msk.ru
Mon Oct 27 14:41:56 GMT 2025 

Package: release.debian.org
Severity: normal
Tags: trixie
X-Debbugs-Cc: rust-virtiofsd at packages.debian.org
Control: affects -1 + src:rust-virtiofsd
User: release.debian.org at packages.debian.org
Usertags: pu

[ Reason ]
There's a dependency missing for virtiofsd package, -
which is bug #1109051.

The problem here is that virtiofsd does not run in its most
common and most secure configuration.  It is more, -- there's
no (visible) error messages anywhere, and the user faces a
void with cryptic error messages.  Even experienced debian
users are unable to figure out what's happening.

This update adds a new dependency for virtiofsd on uidmap package,
which provides the required functionality.

Arguable it can be added to Recommends instead, but I think
hard dependency is better in this case.

Speaking of the new dependency, - it is one of a few very basic
system packages which comes from shadow-utils source.  Yes, it
contains suid-root helpers, but overall it's a small self-contained
package for which there should be no issues to install.

[ Tests ]
It's basically not applicable.  Yes, with the installation of
uidmap package, the bug in question is fixed.

[ Risks ]
There's no change in the package itself besides adding a single
new entry to the Depends: line.  The only possible risk comes from
the uidmap package itself, - some might find it not good when there's
a new suid-root binary on their system.  We have `su' already, though.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable


Thanks,

/mjt


diff -Nru rust-virtiofsd-1.13.2/debian/changelog rust-virtiofsd-1.13.2/debian/changelog
--- rust-virtiofsd-1.13.2/debian/changelog	2025-07-10 20:02:47.000000000 +0300
+++ rust-virtiofsd-1.13.2/debian/changelog	2025-10-27 17:18:13.000000000 +0300
@@ -1,3 +1,12 @@
+rust-virtiofsd (1.13.2-1+deb13u1) trixie; urgency=medium
+
+  * add Depends: uidmap.  Closes: #1109051
+    virtiofsd uses uidmap when run in a user namespace,
+    and this is the most secure way to use it.
+    So uidmap package is basically required.
+
+ -- Michael Tokarev <mjt at tls.msk.ru>  Mon, 27 Oct 2025 17:18:13 +0300
+
 rust-virtiofsd (1.13.2-1) unstable; urgency=medium
 
   * Package virtiofsd 1.13.2 from crates.io using debcargo 2.7.8
diff -Nru rust-virtiofsd-1.13.2/debian/control rust-virtiofsd-1.13.2/debian/control
--- rust-virtiofsd-1.13.2/debian/control	2025-07-10 20:02:47.000000000 +0300
+++ rust-virtiofsd-1.13.2/debian/control	2025-10-27 17:18:13.000000000 +0300
@@ -101,7 +101,8 @@
 Depends:
  ${misc:Depends},
  ${shlibs:Depends},
- ${cargo:Depends}
+ ${cargo:Depends},
+ uidmap
 Recommends:
  ${cargo:Recommends}
 Suggests:
diff -Nru rust-virtiofsd-1.13.2/debian/debcargo.toml rust-virtiofsd-1.13.2/debian/debcargo.toml
--- rust-virtiofsd-1.13.2/debian/debcargo.toml	2025-07-10 20:02:47.000000000 +0300
+++ rust-virtiofsd-1.13.2/debian/debcargo.toml	2025-10-27 17:18:13.000000000 +0300
@@ -8,6 +8,7 @@
 
 [packages.bin]
 section = "otherosfs"
+depends = ["uidmap"]
 # we replace file in qemu-system-common:
 # /usr/share/qemu/vhost-user/50-qemu-virtiofsd.json
 extra_lines = [

More information about the Pkg-rust-maintainers mailing list