[Bug 2061754] Re: nullboot 0.5.1

Launchpad Bug Tracker 2061754 at bugs.launchpad.net
Mon May 20 22:00:19 UTC 2024 

This bug was fixed in the package nullboot - 0.5.1-0ubuntu1

---------------
nullboot (0.5.1-0ubuntu1) noble; urgency=medium

  [ Julian Andres Klode ]
  * New release adding support for shim 15.8-0ubuntu1 (LP: #2061754)
  * ci: Test against go 1.22
  * Update secboot for shim 15.8-1
  * Update snapd to 2.62
  * Build against shim 15.8-0ubuntu1

  [ dependabot[bot] ]
  * build(deps): bump github/codeql-action from 2 to 3
  * build(deps): bump actions/setup-go from 4 to 5
  * build(deps): bump golang.org/x/crypto from 0.16.0 to 0.17.0
  * build(deps): bump golang.org/x/sys from 0.15.0 to 0.19.0

 -- Julian Andres Klode <juliank at ubuntu.com>  Tue, 16 Apr 2024 10:53:07
+0200

** Changed in: nullboot (Ubuntu)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to nullboot in Ubuntu.
https://bugs.launchpad.net/bugs/2061754

Title:
  nullboot 0.5.1

Status in nullboot package in Ubuntu:
  Fix Released
Status in nullboot source package in Focal:
  New
Status in nullboot source package in Jammy:
  New
Status in nullboot source package in Noble:
  In Progress

Bug description:
  [Impact]
  new upstream release; usual vendored dependency updates per Go MIR policy (vendor/ directory is automatically generated by go mod vendor based on go.mod); aligning with snapd 2.62; and support for shim 15.8 per the secboot dependency update.

  Targeted releases:

  1. noble
  2. jammy; after/when shim 15.8 lands there
  3. focal; after/when shim 15.8 lands there

  [Test plan]
  * Test suite passes

  * Deploy Azure CVM and TPM FDE
  * Upgrade to this new package and reboot
  * Boot should be successful
  * Double check bios_measurements_log to ensure that the newly update shim was used for boot (https://github.com/canonical/tcglog-parser/tree/master/tcglog-dump can be used to extract checksum of the shim binary used at boot and compared to the one shipped in nullboot)

  * CPC - build new image with nullboot preinstalled, and attempt to
  register and boot such an images as first time.

  We have set block-proposed to allow testing in noble-proposed to be
  carried out before migration to noble release pocket.

  [Where problems could occur]
  Resealing of Azure CVM machines could fail and they would need to be unlocked with a recovery key.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nullboot/+bug/2061754/+subscriptions

More information about the foundations-bugs mailing list