Rust Coreutils 0.5.0 Release: 87.75% compatibility with GNU Coreutils
141 comments
·December 14, 2025ottah
cogman10
The question is going to be how much of that unknown/untested percentage actually matters. I mean, there's even a question of how much the 12.25% of known test regressions actually matter.
> Also, I have major issues with dumping GPL userspace utilities, for an MIT license suite, that is known to not be feature complete, only, and literally only because it was written in Rust. This does not make sense, and this is not good for users.
Thinking about it, I guess I have to agree. This allows ubuntu to avoid releasing security fixing patches if they so choose. You can't do that with GPLed code. It means they can send out binary security fixes and delay the source code release for as long as they like or indefinitely. Which is pretty convenient for a company that sells extended security support packages.
SkiFire13
> This allows ubuntu to avoid releasing security fixing patches if they so choose. You can't do that with GPLed code. It means they can send out binary security fixes and delay the source code release for as long as they like or indefinitely
The GPL does not state that the source code for any modification must be released immediately, it doesn't even set some kind of time limit so it technically doesn't prevent indefinite delays either.
tremon
there's even a question of how much the 12.25% of known test regressions actually matter.
I would think that the regression tests are actually the most worthwhile targets for the new project to validate against: they represent real-world usage and logic corner cases that are evidently easy to get wrong. These are not the kind of bugs that Rust is designed to eliminate.
cogman10
I agree. But I don't know that the 12.25% of test regressions are regression tests or unit tests from the gnu core utils.
I believe Ubuntu simply copied and transposed a bunch of tests from gnu core utils and that's where these ultimately came from. That doesn't really mean that all these tests arose due to regressions. (for sure some probably did).
ekjhgkejhgk
To me moving from MIT to GPL is a downgrade regardless of features. Not everything is about features. Some people also care that their work can't be re-utilized as a tool by Big Corp in their march forward to subjugate their users.
thayne
Part of this project has been writing a lot of new tests, which are run on both GNU coreutils and rust coreutils. Some of these tests have found bugs in the original GNU coreutils.
egorfine
This does not make sense to you because you are looking from a technological standpoint. The reason to rewrite coreutils (or sudo) in Rust is not technological, as there is no merit. Coreutuils are titanium rock stable tools that no one asked to rewrite.
And this is precisely why the worst Rust evangelists aim to rewrite it: virtue signaling with no suffering of the opposing party is not good enough.
tremon
Also, I don't really get why coreutils would be a worthwhile candidate for a Rust rewrite. A rewrite of curl/wget or sudo I can understand, but what's the security benefit to improved memory safety for CLI tools that are only ever run with same-user privileges? Even if there's an exploitable bug there, there's no avenue for privilege escalation.
thayne
> CLI tools that are only ever run with same-user privileges?
You don't think these are ever run with sudo/runas/pkexec/run0 or otherwise invoked by a program running as root?
That said I do think things like sudo, ssh, gpg, maybe systemd, http servers like nginx and apache etc. are more valuable to replace with tools written in rust (or more generally a "memory safe language"). But that doesn't mean rewriting coreutils isn't valuable.
egorfine
Because the reasons to replace coreutils with the Rust rewrite are not technological, they are political. And thus aiming to rewrite something very core and stable is the correct approach to enrage the opposite party.
paulddraper
> comprehensive, but incomplete
????
MangoToupe
The gnu project is more than welcome to make its own moves away from C.
stackghost
The GNU project can't go to the men's room without a thumbs up from Stallman, who is so disconnected from how real people do their computing that by his own statement he hasn't written any material amount of code in almost 20 years and can't even figure out how to update his own website, instead relying on volunteers to do so.
Stallman comes from the era when C was good enough, because computing was not a hostile environment like it is today.
GNU is never going to "rewrite it in rust" as long as he's living, and probably for several years afterwards.
In other words, it's a social problem not a technical one.
c0l0
In fact, it is not a problem at all.
Let new generations of Free Software orgs come along and supplant GNU with a GBIR (GNU But In Rust), but don't insist on existing, established things that are perfectly good for who and what they are to change into whatever you prefer at any given moment.
throwaway613745
If you want 100% compatibility:
sudo apt purge --autoremove --allow-remove-essential coreutils-from-uutils # reinstalls gnu coreutils
sudo update-alternatives --config sudo # can switch back to regular sudo from sudo-rs
(for Ubuntu 25.10)
hu3
why isn't that the default?
why ship broken implementation prematurely?
throwaway613745
Because Canonical has completely lost the plot and become infected by Rust zealots.
akagusu
With you want 100% compatibility with GNU Coreutils + memory safety just compile Coreutils with Fil-C. 100% compatibility with 0 rewrite.
josephg
In the short term, yeah 4x slower coreutils is probably worth it for memory safe code. In the long run, I’m glad rust coreutils is slowly working through these compatibility issues so we don’t have to pay for memory safety. Yeah, it'll have new bugs. And right now it’s slightly incompatible. But give it a few more years to cook. I’m sure they’ll get there.
As an aside, I find it weird how much negativity rewrites like this get. If someone decided to make a new web browser, C compiler or kernel people would be congratulating them. I really don’t understand the conservatism when it comes to Linux. Is the current implementation perfect? Should it be preserved in amber? The gnu runtime seems like a messy, badly specified hairball of hacky, inconsistent scripts to me. Some guys in a certain room in the 70s and 80s wrote some C programs. And now every bad idea they had lives in perpetuity in my /usr/bin directory? In the decades since, these tools have sprouted hundreds of weird features that almost nobody uses. And now what, people care what language it’s all written in? This code must never be changed?? Who cares.
ottah
GNU utils is battle tested, well reviewed, and STABLE. That's really what I want in an OS, stability. Rust solves only one case of security issues, but it cannot solve logical errors, which there will be many of in a new software project.
I just don't see what's to gain, to suffer through years of instability, waiting for a userspace suite to mature, and reach feature parity, when we have a well understood, and safe tool set know.
Maybe in five years, when coreutils is complete, I'd be okay with Ubuntu replacing user land with it. But we're not there, and it's a problem we shouldn't have to tolerate.
Also I can't stand we're leaving GPL code behind for MIT.
steveklabnik
Luckily, the existence of uutils doesn’t change the fact that GNU coreutils exists. In fact, it’s helped improve the stability of the GNU coreutils by clarifying intended behavior and adding test cases. So if you prefer them, you should stick to them. Nobody is taking anything from you.
josephg
It sounds like your beef is with Ubuntu for shipping some of this code. Not with the project for existing and fixing all the compatibility issues that you seem to care a great deal about.
If you want a purely gnu userland with gpl code and strong stability guarantees, Ubuntu is almost certainly the wrong distribution for you. Plenty of Linux distributions are far more stable, and won’t replace coreutils, maybe forever. (And if this is aiming to be bug for bug compatible, they won’t ever have to.)
As for the gpl, this isn’t new. there’s been bsd/mit licensed alternatives to coreutils for decades. You know, in FreeBSD and friends. It’s only aiming for 100% Linux compatibility that’s new. And I guess, shipping it in Linux. But let’s be real, the gpl v3 is a pretty toxic license. By trying so hard to preserve user freedom, it becomes a new tyranny for developers. If you build a web based startup today hosted on top of Linux, you might be in breach of the gpl. What a waste of everyone’s time. The point of opensource to me is nobody can tell me what I’m allowed to do with my computer. And that includes RMS.
wavemode
> 4x slower coreutils
I doubt this is true in practice. The majority of coreutils spend the majority of their time waiting for the results of IO/syscalls. (The exception would probably be, the hashing utilities like md5sum.)
stefan_
I tried md5sum and sha256sum and there was exactly zero difference in runtime (the Fil-C version of sha256sum was consistently faster, in fact..)
bfrog
Is Fil-C free of runtime overhead?
bitbasher
The problem is in the unknowns. The "unknowns" in a C implementation means arbitrary code execution and all kinds of nasty. The unknowns in a Rust implementation means a crash/denial of service.
I know which I prefer.
yjftsjthsd-h
> The "unknowns" in a C implementation means arbitrary code execution and all kinds of nasty.
In Fil-C?
stefan_
There is no "arbitrary code execution and all kinds of nasty" in the Fil-C version and it profits from the decades spent fixing all the logic bugs, races, environment variable mess in coreutils.
Meanwhile, the Rust version of course is vulnerable to all of those: https://ubuntu.com/security/notices/USN-7867-1
zorked
Thanks for fixing imaginary memory safety issues in /bin/cat...
squirrellous
Honest question. Why is a Rust rewrite of coreutils getting traction? Nobody thought it’s a good idea to rewrite coreutils with Go, Java, Python, C++, etc etc. It can’t just be memory safety.
estebank
> uutils coreutils aims to be a drop-in replacement for the GNU utils. Differences with GNU are treated as bugs.
> Our key objectives include:
> Matching GNU's output (stdout and error code) exactly
> Better error messages
> Providing comprehensive internationalization support (UTF-8)
> Improved performances
> Extensions when relevant (example: --progress)
> uutils aims to work on as many platforms as possible, to be able to use the same utils on Linux, macOS, Windows and other platforms. This ensures, for example, that scripts can be easily transferred between platforms.
Experimenting with better error messages, as test-bed for extensions that might not be able to be tried or accepted in GNU coreutils (for technical, social or other reasons), and being able to use the same tools in all major OS are very reasonable divergences from GNU's project to "justify" its existence.
The project was originally just a learning project for someone who wanted to learn Rust by reimplementing tools that were small, not a moving target and useful. From there, it grew as it found an audience of developers interested in productionalizing it. There have been coreutils ports for the languages you mention (go-coreutils, pycoreutils, coreutils-cpp, etc.), they just didn't (yet?) hit critical mass. It is a harder sell for GC-based projects in this case because they are unlikely to ever be included as part of a dirtribution's base. Lets not forget that coreutils themselves are a rewrite of previously existing tools to begin with.
WD-42
It’s a cool project but does anyone else find the choice of MIT kinda icky/disrespectful? Like maintainers have put decades of work into the GNU coreutils under the gpl and all that entails, and then some people decide to rewrite it and just say “nah”.
I know they claim it’s a clean implementation but cmon, there’s no way they aren’t peeking at the existing coreutils source.
steveklabnik
Do you think it was disrespectful for the GNU project to reimplement the original tools in a different license than the original authors had written them in?
WD-42
AFAIK the GNU authors didn’t have access to the original source code because they were proprietary. I don’t know why this matters but it feels different in a purely “feels” way.
electroly
The GNU authors almost certainly did have access to the AT&T UNIX source code, and they had to be reminded not to refer to UNIX source code when writing GNU replacements. GNU made intentional efforts to design their programs along completely different lines to avoid similarity to the originals. This is described at https://www.gnu.org/prep/standards/standards.html#Reading-No... under "Referring to Proprietary Programs".
steveklabnik
Gotcha! I don’t, but that’s why I asked, I wasn’t sure if this was about any specific license or what.
I’m also curious about this: does that it’s in a different language make any difference here? Like I could also maybe see what you’re saying if these were also in C, but being in Rust, it’s not like they can literally copy the code, regardless. I know you’re talking about feelings and not hard and fast rules, but do you think that plays into any of the feelings at all?
gjsman-1000
Yes and no; due to antitrust laws with AT&T, almost everyone had copies of UNIX source code, especially if you were near any universities (why does BSD still honor UC Berkeley on bootup, do you think?). Easy as pie to get; but extremely difficult to legally use without a license.
The question about whether Linux and GNU copied from the proprietary originals caused the famous SCO lawsuits. Even though this was proven false, there’s very little chance the originals weren’t used as reference in GNU.
null
lnkl
Were they also open source?
swiftcoder
Legally, no, but plenty of people had copies of the source.
gjsman-1000
No. The original UNIX utilities were under proprietary licenses for an extremely long time, before eventually they broke free under BSD. The BSD tools are descendants of the originals and are also the versions used by macOS.
BSD wasn’t under an open license when GNU got started, so GNU reimplemented the proprietary UNIX utilities with their own enhancements and their own GPL license.
As such, complaining about the license is rich, considering GNU basically stole it themselves from the first round. And to this day, HN complaining about macOS’s utilities is also rich considering they are actually more standard and authentically UNIX than GNU.
null
josephg
Only if you think it’s also icky for OpenJDK to have a clean room port of Java. I’m sure oracle would love to force Android and everyone else using Java to pay licensing fees in perpetuity.
vasac
OpenJDK isn't a clean room port - it was created from the original source code of Sun's JDK.
testdelacc1
It’s uncharitable to assume they’re lying. In which case, it’s perfectly ethical and legal to reimplement an existing program.
hnthrow82910
[dead]
burnt-resistor
While I <3 Rust, rewriting major things in Rust but then taking an additional step of releasing incomplete, incompatible code as "production" like Canonical has done without day 1 full compatibility is inherently unethical, problematic, and counterproductive.
Related: Because of Redhat/Fedora's decision; CentOS Stream, Alma, and Rocky 9 & 10 Docker images use a statically-linked "multi-call" variant of coreutils that is also problematic in real-world usage. This can be fixed with the following:
sudo dnf install coreutils --allowerasing -yBarrin92
>but then taking an additional step of releasing incomplete, incompatible code as "production"
nobody runs Ubuntu's six-month releases in production. Like Fedora it's cutting edge in the literal sense of that term, and if you deploy Ubuntu anywhere in the business world you're on the LTS release.
That the rust coreutils aren't at full parity yet is explicitly mentioned in the release notes of 25.10, if you're installing a distribution with a lifespan of half a year it pretty much goes without saying you're a beta tester for the next LTS release. Like, even if everything was pristine and stable it makes no sense to use an operating system with six months of support in production.
burnt-resistor
True that, however coreutils-single is already rolled out in Docker images for RH-derived distros. It's not the same thing, but it has breaking incompatibilities that don't appear when the regular coreutils is installed. Small changes done unwisely lead to big breakage in ways arrogant distro maintainers shove down users' throats. Canonical makes reckless changes regularly.
knorker
For context, how "compatible" is BSD utils with either one?
IOW: how much does it matter?
pseudalopex
These utilities' purpose is to replace GNU utilities. BSD utilities' purpose is not.
knorker
Seems like there's more uproar with this than with changing the /bin/sh symlink to dash, and that difference seems much bigger.
NekkoDroid
To be fair, `/bin/sh` is suppose to be the POSIX shell, so as long as they are compliant it really doesn't matter. The problem with `/bin/sh` being bash, is that it provides extensions (even when running in POSIX mode from what I remember) and relying on them makes those scripts technically broken.
It would be more of a comparison if dash was aiming to be a drop-in replacement for bash and not a POSIX shell.
pseudalopex
Ubuntu made /bin/sh dash in 2006 according to Wikipedia. Many fewer people used Ubuntu then.
IshKebab
Not very. Most notably `env -S` doesn't work on some systems. I did get bitten by one script on Ubuntu using uutils where the script expected `uname -p` to work but it just prints `unknown` (technically legal I guess). But when I went to fix it they already had.
Probably was a bit premature for Ubuntu to enable it by default. Looking at the graph uutils will be fully compatible (or as close as makes no difference) in about 2 years, so I would have waited until then.
Still, I think most of the push-back is just the usual anti-Rust luddites.
knorker
> expected `uname -p` to work but it just prints `unknown`
I just tried that on three very different Linux systems of mine, and all print `unknown`.
drnick1
What's the point of that? The C version has been around for ages, works well, and is GPL'ed. Reexamining the code carefully for a rewrite does provide the opportunity to catch some bugs, but the rewrite will most likely introduce countless new bugs. It's not clear what is gained by the Rust rewrite, it's not like Rust is faster than C, it should be very similar or perhaps slower.
egorfine
The point is virtue signaling. There is no technical merit to it.
nonameiguess
This is going to sound like a gripe and I swear it isn't, but is there a plan for a reasonably full suite of minimal userspace tools? I don't expect util-linux itself in Rust, but something like:
- coreutils
- findutils
- libmagic and file
- tar and some compression libs
- grep, awk, sed
- the shell and all of its builtins
- something functionally equivalent to openssl or GnuTLS
- some ssh client and server
- curl
- a terminal-based editor
- man-db and texinfo
- some init system and bootloader
- pick a package manager, any package manager, and rewrite it in Rust
Barring all of that, maybe just busybox but written in Rust. That should give you roughly what you need for a non-graphical system. coreutils isn't nothing, but it's a pretty small part of the system, with much of it ending up implemented by the shell in most distros.
egorfine
systemd sort of did this to certain parts and it's the worst thing that happened to Linux. Standardizing on Rust political rewrites of tar and libmagic is going to be an epic disaster and a decade of never-ending fun for Rust evangelicals.
steveklabnik
I’m not aware of a unified plan to do this. uutils was started as a fun project, not some plan to build a Rust-only userland.
adgjlsfhk1
also worth mentioning that the ones that are user facing are much lower priority than machine facing one. no one cares about CVEs in ed, but a CVE in cp would be really bad
panick21_
There are already many of these. fd, httpie, rg, and so on.
There is of course RustTLS that already exists and is already very advanced.
For package manager see for example AerynOS (or its new name that I can't remember).
There are lots of rust editors, terminal and otherwise.
And of course the complete Cosmic Desktop is written in Rust, so you don't have to go 'non-graphical' at all.
So AerynOS, with uutils and Cosmic is very close I would say.
steveklabnik
Most (all?) of these projects aren’t aiming for drop-in compatibility.
panick21_
I didn't realize this is what the person was wanting.
kachapopopow
I really don't understand the hate, it's not 1.0 and majority of unsupported cases probably haven't seen use since 1990's and especially dumb cases where it's 100x slower when providing unrealistic values like parsing e9000000 which is actually because it attempts to actually parse it due to bigint support instead of clamping to i128.
also people complaining about inclusion of it in ubuntu versions, wait till you find out about the linux kernel.
tormeh
The hateable part is the license. I love Rust but this is a huge step backwards.
groundzeros2015
> wait till you find out about the linux kernel
Check the extent to which this is true. Also are we rewriting good kernel code that works?
kachapopopow
this has nothing to do with rust, kernel regulary ships rather experiemental features in some of the releases, there is a reason why only specific kernel versions become LTS
pseudalopex
> kernel regulary ships rather experiemental features in some of the releases
Does the Linux kernel ship with rather experimental features as default? When was the rule not to break user space revoked?
IshKebab
> good kernel code that works
The fallacy here is that code is either "good code that works" or "bad code that needs to be rewritten". It doesn't work like that. "If it aint broke don't fix it" is actually terrible advice.
groundzeros2015
> If it aint broke don't fix it" is actually terrible advice.
We want to give up good things to get better things.
What is the vision for improving these tools with rust? What user benefit are they promising?
I’ve heard nothing but nebulous arguments about memory or security purity. There is no insight into how to do them better or faster; and in most cases they have demonstrated they didn’t even understand them fully to begin with, such as missing locales.
There isn’t even subjective value for users demanding it, it’s driven by rust developers.
burnt-resistor
Yep, nuance is definitely needed. The greater issue is orthogonal: pushing out unfinished and incompatible code as production-usable rather code written in another language.
Rust, by itself, isn't a panacea to add formal verification but one leg on the footstool of formal verification methodologies to produce safe(r/ish) software rather than subtly buggy software that's difficult to prove correct and more expensive to maintain.
"If it aint broke don't fix it" =~= "I've never gotten into an accident until now, so airbags and seatbelts are pointless." ==> reactive methodology / failure / hubris
mynameismon
I mean, why is Ubuntu using it as default when it isnt 1.0?
steveklabnik
Ubuntu is evaluating it as the default in order to see if it’s ready. That’s something you want to do before declaring something 1.0.
If it’s not ready, they’ll roll it back.
Part of why you have to do something like this is because the test suite just isn’t comprehensive, nor should we expect it to be. Real world usage is what shakes out the long tail of bugs. You just have to have some sort of stage like this in order to get things into a good state.
egorfine
> they’ll roll it back.
They will absolutely not roll it back, not matter how broken they are.
The reasons to switch from coreutils to the Rust rewrite are purely political.
pseudalopex
> Ubuntu is evaluating it as the default in order to see if it’s ready.
Did 100% of tests pass when Ubuntu made this decision? My understanding was no.
itsn0tm3
They are testing it in a real world scenario before putting it into a LTS of theirs.
kachapopopow
so they see issues that rise up from real world issues that tests might not cover? the same ubuntu version also bundles the latest kernel which is not considered stable to begin with.
master_korin
[dead]
87.75% compatibility, as measured by a comprehensive, but incomplete test suite. They want 87.75% compatibility to be an accurate measure, but we know that in reality the real number is lower.
Also, I have major issues with dumping GPL userspace utilities, for an MIT license suite, that is known to not be feature complete, only, and literally only because it was written in Rust. This does not make sense, and this is not good for users.