New Rust Xen guest tools

flakpyro

With the release of Debian 13 apt now complains that the repo is not signed. Also Debain has changed to using .sources files for repos.

For example,, the new format would be:

Types: deb
URIs: https://gitlab.com/api/v4/projects/xen-project%2Fxen-guest-agent/packages/generic/deb-amd64/
Suites: release/
Components: 
Signed-By: https://path/to/release.gpg
Trusted: yes

Maybe worth addding a release.gpg to the repo and updating documentation when configuring the repo on newer Debian / Ubuntu releases?

Example of the error when no key is present:

Ign:8 https://gitlab.com/api/v4/projects/xen-project%2Fxen-guest-agent/packages/generic/deb-amd64 release/ InRelease
Hit:9 https://gitlab.com/api/v4/projects/xen-project%2Fxen-guest-agent/packages/generic/deb-amd64 release/ Release
Ign:10 https://gitlab.com/api/v4/projects/xen-project%2Fxen-guest-agent/packages/generic/deb-amd64 release/ Release.gpg
Fetched 176 kB in 1s (154 kB/s)
All packages are up to date.    
Notice: Missing Signed-By in the sources.list(5) entry for 'https://gitlab.com/api/v4/projects/xen-project%2Fxen-guest-agent/packages/generic/deb-amd64'

olivierlambert

@yann can you update the README accordingly?

yann

@olivierlambert updating the README will be quick enough... but if the sig is indeed mandatory we need to setup something for this first... and autosigning from a CI rather requires doing that on a trusted runner rather than on gitlab-provided ones, so that requires some provisioning and IT work first.

yann

@flakpyro the old format is still supported, and actually the [trusted=yes] in the old-style configuration shown in the release notes does work in my quick test with our own Debian 13 hub template.

David_5.1

One-line format should work fine with Trixie, but as the “new” deb822 format has been supported since Debian Jessie, it should be usable on most installs.

Jessie manpage for reference : https://manpages.debian.org/jessie/apt/sources.list.5.en.html#:~:text=rfc822

john.c

@yann Though the deb822 format allows for that file in sources format, to have the signing key tied to that file’s specified repositories. Very important as it ensures that the key is only used by that repository, unless otherwise specified. The old format typically tends to apply that key to all repositories. So even repositories which shouldn’t use it could, worse the key was trusted for all repositories by the client.

In the new format the repositories can have the specific key tied to them, on the client side as well as the server side.

yann

@john.c OK, that will be useful when the repo is signed, but for now I don't see what adverse effect it can have. Do I miss something?

Also we try to avoid breaking support for older OS versions, so we'll likely continue to advertise the old format for older versions of Debian.

john.c

@yann said in New Rust Xen guest tools:

@john.c OK, that will be useful when the repo is signed, but for now I don't see what adverse effect it can have. Do I miss something?

Also we try to avoid breaking support for older OS versions, so we'll likely continue to advertise the old format for older versions of Debian.

@yann From Debian 13.0.0 (code name Trixie) having repository signing is mandatory. Without it apt will straight refuse to install, update or upgrade its packages.

Also doing with deb822 format will help to protect the GPG Key, used by Vates from abuse by another repository. Especially if that repository is hosting malware laden deb packages. As only the Vates repository can then use that signing key, as defined in the sources file.

Refusing to install, update or upgrade is an adverse effect wouldn’t you say?

DustyArmstrong

Testing the agent out on Arch Linux (mainly due to the spotty 'support' in the AUR/generally) and it is working fine - better than what I had before (which did not report VM info properly). I've set it up as a systemd service to replace the previous one I had, also working as expected.

This would be fun to contribute towards.

Tristis Oris

Not sure is it an issue. Agent itself is working.

Welcome to Ubuntu 24.04.3 LTS (GNU/Linux 6.14.0-37-generic x86_64)

systemctl status xen-guest-agent
● xen-guest-agent.service - Xen guest agent
     Loaded: loaded (/usr/lib/systemd/system/xen-guest-agent.service; enabled; preset: enabled)
     Active: active (running) since Mon 2026-02-09 14:28:41 MSK; 36min ago
   Main PID: 959 (xen-guest-agent)
      Tasks: 17 (limit: 19041)
     Memory: 4.8M (peak: 6.7M)
        CPU: 76ms
     CGroup: /system.slice/xen-guest-agent.service
             └─959 /usr/sbin/xen-guest-agent

Feb 09 14:28:41 oris systemd[1]: Started xen-guest-agent.service - Xen guest agent.
Feb 09 14:28:41 oris xen-guest-agent[959]: cannot parse yet os version Custom("24.04")

Welcome to Ubuntu 24.04.3 LTS (GNU/Linux 6.17.0-14-generic x86_64)

systemctl status xen-guest-agent
● xen-guest-agent.service - Xen guest agent
     Loaded: loaded (/usr/lib/systemd/system/xen-guest-agent.service; enabled; preset: enabled)
     Active: active (running) since Mon 2026-02-09 15:04:31 MSK; 1s ago
   Main PID: 9058 (xen-guest-agent)
      Tasks: 17 (limit: 76999)
     Memory: 2.5M (peak: 4.7M)
        CPU: 32ms
     CGroup: /system.slice/xen-guest-agent.service
             └─9058 /usr/sbin/xen-guest-agent

Feb 09 15:04:31 k3s xen-guest-agent[9058]: Specified IFLA_INET6_CONF NLA attribute holds more(most likely new kernel) data which is unknown to netlink-packet-route crate, expecting 236, got 240
Feb 09 15:04:31 k3s xen-guest-agent[9058]: Specified IFLA_INET6_CONF NLA attribute holds more(most likely new kernel) data which is unknown to netlink-packet-route crate, expecting 236, got 240
Feb 09 15:04:31 k3s xen-guest-agent[9058]: Specified IFLA_INET6_CONF NLA attribute holds more(most likely new kernel) data which is unknown to netlink-packet-route crate, expecting 236, got 240
Feb 09 15:04:31 k3s xen-guest-agent[9058]: Specified IFLA_INET6_CONF NLA attribute holds more(most likely new kernel) data which is unknown to netlink-packet-route crate, expecting 236, got 240
Feb 09 15:04:31 k3s xen-guest-agent[9058]: Specified IFLA_INET6_CONF NLA attribute holds more(most likely new kernel) data which is unknown to netlink-packet-route crate, expecting 236, got 240
Feb 09 15:04:31 k3s xen-guest-agent[9058]: Specified IFLA_INET6_CONF NLA attribute holds more(most likely new kernel) data which is unknown to netlink-packet-route crate, expecting 236, got 240
Feb 09 15:04:31 k3s xen-guest-agent[9058]: Specified IFLA_INET6_CONF NLA attribute holds more(most likely new kernel) data which is unknown to netlink-packet-route crate, expecting 236, got 240
Feb 09 15:04:31 k3s xen-guest-agent[9058]: Specified IFLA_INET6_CONF NLA attribute holds more(most likely new kernel) data which is unknown to netlink-packet-route crate, expecting 236, got 240
Feb 09 15:04:31 k3s xen-guest-agent[9058]: Specified IFLA_INET6_CONF NLA attribute holds more(most likely new kernel) data which is unknown to netlink-packet-route crate, expecting 236, got 240
Feb 09 15:04:31 k3s xen-guest-agent[9058]: Specified IFLA_INET6_CONF NLA attribute holds more(most likely new kernel) data which is unknown to netlink-packet-route crate, expecting 236, got 240

olivierlambert

Question for @yann or @teddyastie I assume

john.c

@Tristis-Oris said in New Rust Xen guest tools:

Not sure is it an issue. Agent itself is working.

Welcome to Ubuntu 24.04.3 LTS (GNU/Linux 6.14.0-37-generic x86_64)

systemctl status xen-guest-agent
● xen-guest-agent.service - Xen guest agent
     Loaded: loaded (/usr/lib/systemd/system/xen-guest-agent.service; enabled; preset: enabled)
     Active: active (running) since Mon 2026-02-09 14:28:41 MSK; 36min ago
   Main PID: 959 (xen-guest-agent)
      Tasks: 17 (limit: 19041)
     Memory: 4.8M (peak: 6.7M)
        CPU: 76ms
     CGroup: /system.slice/xen-guest-agent.service
             └─959 /usr/sbin/xen-guest-agent

Feb 09 14:28:41 oris systemd[1]: Started xen-guest-agent.service - Xen guest agent.
Feb 09 14:28:41 oris xen-guest-agent[959]: cannot parse yet os version Custom("24.04")

Welcome to Ubuntu 24.04.3 LTS (GNU/Linux 6.17.0-14-generic x86_64)

systemctl status xen-guest-agent
● xen-guest-agent.service - Xen guest agent
     Loaded: loaded (/usr/lib/systemd/system/xen-guest-agent.service; enabled; preset: enabled)
     Active: active (running) since Mon 2026-02-09 15:04:31 MSK; 1s ago
   Main PID: 9058 (xen-guest-agent)
      Tasks: 17 (limit: 76999)
     Memory: 2.5M (peak: 4.7M)
        CPU: 32ms
     CGroup: /system.slice/xen-guest-agent.service
             └─9058 /usr/sbin/xen-guest-agent

Feb 09 15:04:31 k3s xen-guest-agent[9058]: Specified IFLA_INET6_CONF NLA attribute holds more(most likely new kernel) data which is unknown to netlink-packet-route crate, expecting 236, got 240
Feb 09 15:04:31 k3s xen-guest-agent[9058]: Specified IFLA_INET6_CONF NLA attribute holds more(most likely new kernel) data which is unknown to netlink-packet-route crate, expecting 236, got 240
Feb 09 15:04:31 k3s xen-guest-agent[9058]: Specified IFLA_INET6_CONF NLA attribute holds more(most likely new kernel) data which is unknown to netlink-packet-route crate, expecting 236, got 240
Feb 09 15:04:31 k3s xen-guest-agent[9058]: Specified IFLA_INET6_CONF NLA attribute holds more(most likely new kernel) data which is unknown to netlink-packet-route crate, expecting 236, got 240
Feb 09 15:04:31 k3s xen-guest-agent[9058]: Specified IFLA_INET6_CONF NLA attribute holds more(most likely new kernel) data which is unknown to netlink-packet-route crate, expecting 236, got 240
Feb 09 15:04:31 k3s xen-guest-agent[9058]: Specified IFLA_INET6_CONF NLA attribute holds more(most likely new kernel) data which is unknown to netlink-packet-route crate, expecting 236, got 240
Feb 09 15:04:31 k3s xen-guest-agent[9058]: Specified IFLA_INET6_CONF NLA attribute holds more(most likely new kernel) data which is unknown to netlink-packet-route crate, expecting 236, got 240
Feb 09 15:04:31 k3s xen-guest-agent[9058]: Specified IFLA_INET6_CONF NLA attribute holds more(most likely new kernel) data which is unknown to netlink-packet-route crate, expecting 236, got 240
Feb 09 15:04:31 k3s xen-guest-agent[9058]: Specified IFLA_INET6_CONF NLA attribute holds more(most likely new kernel) data which is unknown to netlink-packet-route crate, expecting 236, got 240
Feb 09 15:04:31 k3s xen-guest-agent[9058]: Specified IFLA_INET6_CONF NLA attribute holds more(most likely new kernel) data which is unknown to netlink-packet-route crate, expecting 236, got 240

Is this a graphical (desktop) based VM running the agent?

@olivierlambert If his VM is a desktop graphical Ubuntu then, it’s Kernel will be regularly updated with each new standard lifecycle point be an upgraded HWE kernel. So will be frequently getting this message, new info in the kernel. HWE kernels are default in modern Ubuntu desktop environments!

Tristis Oris

@john.c server, no UI.