[Bug 2110302] Re: nullboot 0.5.3 SRUs

Julian Andres Klode 2110302 at bugs.launchpad.net
Tue Sep 9 09:21:08 UTC 2025 

Hello Mate, or anyone else affected,

Accepted nullboot into noble-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/nullboot/0.5.3-0ubuntu0.24.04.1 in
a few hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.  Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, what testing has been
performed on the package and change the tag from verification-needed-
noble to verification-done-noble. If it does not fix the bug for you,
please add a comment stating that, and change the tag to verification-
failed-noble. In either case, without details of your testing we will
not be able to proceed.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance for helping!

N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.

** Changed in: nullboot (Ubuntu Noble)
       Status: New => Fix Committed

** Tags added: verification-needed verification-needed-noble

** Description changed:

  [Impact]
  new upstream release; usual vendored dependency updates per Go MIR policy (vendor/ directory is automatically generated by go mod vendor based on go.mod).
  
  Targeted releases: noble, jammy
  
  [Test plan]
  * Test suite passes
  
  * Deploy Azure CVM and TPM FDE
  * Upgrade to this new package and reboot
  * Boot should be successful
  * Double check bios_measurements_log to ensure that the newly update shim was used for boot (https://github.com/canonical/tcglog-parser/tree/master/tcglog-dump can be used to extract checksum of the shim binary used at boot and compared to the one shipped in nullboot)
  
  * CPC - build new image with nullboot preinstalled, and attempt to
  register and boot such an images as first time.
  
  We have set block-proposed to allow testing in {noble,jammy}-proposed to
  be carried out before migration to  release pockets.
  
  [Where problems could occur]
  Resealing of Azure CVM machines could fail and they would need to be unlocked with a recovery key.
  
  NOTE: this bug follows precedent set by
  https://bugs.launchpad.net/ubuntu/+source/nullboot/+bug/2061754
  
  [Additional information]
  * Added the ability to fetch shim from previous nullboot to allow rebuilds against old shim on shim update (to avoid breakage if e-c-i wasnt updated)
  * Set disable CGo envvar because nullboot does not use any Cgo things.
+ * Go version bumped to 1.22 due to Go compiler requirements in updated vendored dependencies.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to nullboot in Ubuntu.
https://bugs.launchpad.net/bugs/2110302

Title:
  nullboot 0.5.3 SRUs

Status in nullboot package in Ubuntu:
  Invalid
Status in nullboot source package in Jammy:
  New
Status in nullboot source package in Noble:
  Fix Committed

Bug description:
  [Impact]
  new upstream release; usual vendored dependency updates per Go MIR policy (vendor/ directory is automatically generated by go mod vendor based on go.mod).

  Targeted releases: noble, jammy

  [Test plan]
  * Test suite passes

  * Deploy Azure CVM and TPM FDE
  * Upgrade to this new package and reboot
  * Boot should be successful
  * Double check bios_measurements_log to ensure that the newly update shim was used for boot (https://github.com/canonical/tcglog-parser/tree/master/tcglog-dump can be used to extract checksum of the shim binary used at boot and compared to the one shipped in nullboot)

  * CPC - build new image with nullboot preinstalled, and attempt to
  register and boot such an images as first time.

  We have set block-proposed to allow testing in {noble,jammy}-proposed
  to be carried out before migration to  release pockets.

  [Where problems could occur]
  Resealing of Azure CVM machines could fail and they would need to be unlocked with a recovery key.

  NOTE: this bug follows precedent set by
  https://bugs.launchpad.net/ubuntu/+source/nullboot/+bug/2061754

  [Additional information]
  * Added the ability to fetch shim from previous nullboot to allow rebuilds against old shim on shim update (to avoid breakage if e-c-i wasnt updated)
  * Set disable CGo envvar because nullboot does not use any Cgo things.
  * Go version bumped to 1.22 due to Go compiler requirements in updated vendored dependencies.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nullboot/+bug/2110302/+subscriptions

More information about the foundations-bugs mailing list