[Bug 2061754] Re: nullboot 0.5.1

[Jeremy Bícha]

There was no comment on why the block-proposed tag was added. It looked
like it was added only to keep the package from reaching Noble. It is
also early in the Oracular cycle. Sorry if this caused extra work and
headache.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to nullboot in Ubuntu.
https://bugs.launchpad.net/bugs/2061754

Title:
  nullboot 0.5.1

Status in nullboot package in Ubuntu:
  Fix Released
Status in nullboot source package in Focal:
  New
Status in nullboot source package in Jammy:
  New
Status in nullboot source package in Noble:
  In Progress

Bug description:
  [Impact]
  new upstream release; usual vendored dependency updates per Go MIR policy (vendor/ directory is automatically generated by go mod vendor based on go.mod); aligning with snapd 2.62; and support for shim 15.8 per the secboot dependency update.

  Targeted releases:

  1. noble
  2. jammy; after/when shim 15.8 lands there
  3. focal; after/when shim 15.8 lands there

  [Test plan]
  * Test suite passes

  * Deploy Azure CVM and TPM FDE
  * Upgrade to this new package and reboot
  * Boot should be successful
  * Double check bios_measurements_log to ensure that the newly update shim was used for boot (https://github.com/canonical/tcglog-parser/tree/master/tcglog-dump can be used to extract checksum of the shim binary used at boot and compared to the one shipped in nullboot)

  * CPC - build new image with nullboot preinstalled, and attempt to
  register and boot such an images as first time.

  We have set block-proposed to allow testing in noble-proposed to be
  carried out before migration to noble release pocket.

  [Where problems could occur]
  Resealing of Azure CVM machines could fail and they would need to be unlocked with a recovery key.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nullboot/+bug/2061754/+subscriptions