12 Apr 2026
Planet Debian
Dirk Eddelbuettel: littler 0.3.23 on CRAN: Mostly Internal Fixes
The twentyfourth release of littler as a CRAN package landed on CRAN just now, following in the now twenty-one year history (!!) as a (initially non-CRAN) package started by Jeff in 2006, and joined by me a few weeks later.
littler is the first command-line interface for R as it predates Rscript. It allows for piping as well for shebang scripting via #!, uses command-line arguments more consistently and still starts faster. It also always loaded the methods package which Rscript only began to do in later years.
littler lives on Linux and Unix, has its difficulties on macOS due to some-braindeadedness there (who ever thought case-insensitive filesystems as a default were a good idea?) and simply does not exist on Windows (yet - the build system could be extended - see RInside for an existence proof, and volunteers are welcome!). See the FAQ vignette on how to add it to your PATH. A few examples are highlighted at the Github repo:, as well as in the examples vignette.
This release, which comes just two months after the previous 0.3.22 release that brought a few new features, is mostly internal. (The previous release erroneously had 0.3.23 in its blog and social media posts, it really was 0.3.22 and this one now is is 0.3.23.) Mattias Ellert address a nag (when building for a distribution) about one example file with a shebang not have excutable modes. I accommodated the ever-changing interface the C API of R (within about twelve hours of being notified). A few other smaller changes were made as well polishing a script or two or usual, see below for more.
The full change description follows.
Changes in littler version 0.3.23 (2026-04-12)
Changes in examples scripts
Correct spelling in
installGithub.rto lower-case hThe
r2u.rnow recognises 'resolute' aka 26.06
installRub.rcan install (more easily) from r-multiverseA file permission was corrected (Mattias Ellert in #131)
Changes in package
Update script count and examples in README.md
Continuous intgegration scripts received minor updates
The C level access to the R API was updated to reflect most recent standards (Dirk in #132)
My CRANberries service provides a comparison to the previous release. Full details for the littler release are provided as usual at the ChangeLog page, and also on the package docs website. The code is available via the GitHub repo, from tarballs and now of course also from its CRAN page and via install.packages("littler"). Binary packages are available directly in Debian as well as (in a day or two) Ubuntu binaries at CRAN thanks to the tireless Michael Rutter. Comments and suggestions are welcome at the GitHub repo.
This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. If you like this or other open-source work I do, you can sponsor me at GitHub. You can also sponsor my Tour de Shore 2026 ride in support of the Maywood Fine Arts Center.
12 Apr 2026 2:47pm GMT
Colin Watson: Free software activity in March 2026
My Debian contributions this month were all sponsored by Freexian.
You can also support my work directly via Liberapay or GitHub Sponsors.
OpenSSH
I fixed CVE-2026-3497 in unstable, thanks to a fix in Ubuntu by Marc Deslauriers. Relatedly, I applied an Ubuntu patch by Athos Ribeiro to not default to weak GSS-API exchange algorithms.
I'm looking forward to being able to split out GSS-API key exchange support in OpenSSH once Ubuntu 26.04 LTS has been released! This stuff will still be my problem, but at least it won't be in packages that nearly everyone has installed.
Python packaging
New upstream versions:
- dill
- django-modeltranslation
- isort
- langtable
- pathos
- pendulum
- pox
- ppft
- pydantic-extra-types
- pytango
- python-asyncssh
- python-datamodel-code-generator
- python-evalidate
- python-packaging (including fixes for python-hatch-requirements-txt and python-pyproject-examples)
- python-zxcvbn-rs-py
- rpds-py
- smart-open
- trove-classifiers
I packaged pybind11-stubgen, needed for new upstream versions of pytango. Tests of reproducible builds revealed that it didn't generate imports in a stable order; I contributed a fix for that upstream.
I worked with the security team to release DSA-6161-1 in multipart, fixing CVE-2026-28356 (upstream discussion). (Most of the work for this was in February, but the vulnerability was still embargoed when I published my last monthly update.)
In trixie-backports, I updated pytest-django to 4.12.0.
I fixed a number of packages to support building with pyo3 0.28:
- pendulum
- pydantic-core
- python-jellyfish
- python-zxcvbn-rs-py
- rpds-py
Other build/test failures:
- python-bcrypt: Upcoming rust-getrandom update
- python-cotengrust: FTBFS: error[E0432]: unresolved import
rand::rngs::OsRng - austin: FTBFS: E ModuleNotFoundError: No module named 'pycparser.plyparser' (contributed upstream)
- taurus: FTBFS: dh_auto_build: error: pybuild -build -i python{version} -p "3.14 3.13" returned exit code 13
- python-datamodel-code-generator: Depends: python3-isort (< 8) but 8.0.0-1 is to be installed (contributed upstream)
Rust packaging
New upstream versions:
- rust-rpds
Other bits and pieces
I upgraded tango to 10.1.2, and yubihsm-shell to 2.7.2.
Code reviews
- python-backports.zstd: Obsolete with Python 3.14 (sponsored partial fix from YOKOTA Hiroshi)
12 Apr 2026 10:13am GMT
Vasudev Kamath: Hardening the Unpacakgeable: A systemd-run Sandbox for Third-Party Binaries
The Shift in Software Consumption
Historically, I have been a "distribution-first" user. Sticking to tools packaged within the Debian archives provides a layer of trust; maintainers validate licenses, audit code, and ensure the entire dependency chain is verified. However, the rapid pace of development in the Generative AI space-specifically with new tools like Gemini-CLI-has made this traditional approach difficult to sustain.
Many modern CLI tools are built within the npm or Python ecosystems. For a distribution packager, these are a nightmare; packaging a single tool often requires packaging a massive, shifting dependency chain. Consequently, I found myself forced to use third-party binaries, bypassing the safety of the Debian archive.
The Supply Chain Risk
Recent supply chain attacks affecting widely used packages like axios and LiteLLM have made it clear: running unvetted binaries on a personal system is a significant risk. These scripts often have full access to your $HOME directory, SSH keys, and the system D-Bus.
After discussing these concerns with a colleague, I was inspired by his approach-using a Flatpak-style sandbox for even basic applications like Google Chrome. I decided to build a generalized version of this using OpenCode and Qwen 3.6 Fast (which was available for free use at the time) to create a robust, transient sandbox utility.
The Solution: safe-run-binary
My script, safe-run-binary, leverages systemd-run to execute binaries within an isolated scope. It implements strict filesystem masking and resource control to ensure that even if a dependency is compromised, the "blast radius" is contained.
Key Technical Features
- 1. Virtualized Home Directory (tmpfs)
- Instead of exposing my real home directory, the script mounts a tmpfs over $HOME. It then selectively creates and bind-mounts only the necessary subdirectories (like .cache or .config) into a virtual structure. This prevents the application from ever "seeing" sensitive files like ~/.ssh or ~/.gnupg.
- 2. D-Bus Isolation via xdg-dbus-proxy
- For GUI applications, providing raw access to the D-Bus is a security hole. The script uses xdg-dbus-proxy to sit between the application and the system bus. By using the --filter and --talk=org.freedesktop.portal.* flags, the app can only communicate with necessary portals (like the file picker) rather than sniffing the entire bus.
- 3. Linux Namespace Restrictions
-
The sandbox utilizes several systemd execution properties to harden the process:
- RestrictNamespaces=yes: For CLI tools, this prevents the app from creating its own nested namespaces.
- PrivateTmp=yes: Ensures a private /tmp space that isn't shared with the host.
- NoNewPrivileges=yes: Prevents the binary from gaining elevated permissions through SUID/SGID bits.
- 4. GPU and Audio Passthrough
- The script intelligently detects and binds Wayland, PipeWire, and NVIDIA/DRI device nodes. This allows browsers like Firefox to run with full hardware acceleration and audio support while remaining locked out of the rest of the filesystem.
Usage
To run a CLI tool like Gemini-CLI with access only to a specific directory:
safe-run-binary -b ~/.gemini-config -- npx @google/gemini-cli
For a GUI application like Firefox:
safe-run-binary --gui -b ~/.mozilla -b ~/.cache/mozilla -b ~/Downloads -- firefox
Conclusion
While it is not always possible to escape the need for third-party software, it is possible to control the environment in which it operates. By leveraging native Linux primitives like systemd and namespaces, high-grade isolation is achievable.
PS: If you spot any issues or have suggestions for improving the script, feel free to raise a PR on the repo.
12 Apr 2026 7:23am GMT