[Bug 2110302] Re: nullboot 0.5.3 SRUs

Mate Kukri 2110302 at bugs.launchpad.net
Thu Oct 16 18:48:36 UTC 2025 

These builds always failed, nullboot is only supported on amd64
architecture and only on Azure CVM images specifically. ARM64 builds by
chance but we only ever cared about amd64. The package should probably
be limited to amd64 architecture, but these build failures are not new
and werent introduced by this upload but simply the supported
architectures set was always wrong.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to nullboot in Ubuntu.
https://bugs.launchpad.net/bugs/2110302

Title:
  nullboot 0.5.3 SRUs

Status in nullboot package in Ubuntu:
  Invalid
Status in nullboot source package in Jammy:
  Fix Committed
Status in nullboot source package in Noble:
  Fix Committed

Bug description:
  [Impact]
  new upstream release; usual vendored dependency updates per Go MIR policy (vendor/ directory is automatically generated by go mod vendor based on go.mod).

  Targeted releases: noble, jammy

  [Test plan]
  * Test suite passes

  * Deploy Azure CVM and TPM FDE
  * Upgrade to this new package and reboot
  * Boot should be successful
  * Double check bios_measurements_log to ensure that the newly update shim was used for boot (https://github.com/canonical/tcglog-parser/tree/master/tcglog-dump can be used to extract checksum of the shim binary used at boot and compared to the one shipped in nullboot)

  * CPC - build new image with nullboot preinstalled, and attempt to
  register and boot such an images as first time.

  We have set block-proposed to allow testing in {noble,jammy}-proposed
  to be carried out before migration to  release pockets.

  [Where problems could occur]
  Resealing of Azure CVM machines could fail and they would need to be unlocked with a recovery key.

  NOTE: this bug follows precedent set by
  https://bugs.launchpad.net/ubuntu/+source/nullboot/+bug/2061754

  [Additional information]
  * Added the ability to fetch shim from previous nullboot to allow rebuilds against old shim on shim update (to avoid breakage if e-c-i wasnt updated)
  * Set disable CGo envvar because nullboot does not use any Cgo things.
  * Go version bumped to 1.22 due to Go compiler requirements in updated vendored dependencies.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nullboot/+bug/2110302/+subscriptions

More information about the foundations-bugs mailing list