Foundations Team Updates - Thursday 2024/04/18

Previous status: Foundations Team Updates - Thursday 2024/04/11
Next status: Foundations Team Updates - Thursday 2024/04/25

1 Like



Investigated and fixed:

1 Like


  • coordinated with desktop team to address an installer refresh related issue Bug #2061756 “HTTP Error 409 (Conflict) when Subiquity receives ...” : Bugs : subiquity
  • investigated Bug #2061757 “HTTP Error 500: http+unix://%2Frun%2Fsnapd.socket/...” : Bugs : subiquity. The root cause is not yet determined but I added snapd response logging in case of errors. This should help us find the root cause post 24.04.0.
  • reworked how installations behave when APT mirror connectivity test fails:
    • for automated installations and interactive desktop installations, the default policy was changed from “abort” to “offline-install”. This means that we now revert automatically to a semi-offline installation (i.e., we only fetch packages from the pool, not from the archive).
    • for interactive server installations, the user must now decide between going back (and edit the settings) or proceeding with a semi-offline installation. The “Continue anyway” option is no longer offered, after the connectivity test fails. This was approved as a UI freeze exception. Bug #2059898 “[UIFe] Subiquity fails to download packages after ...” : Bugs : subiquity
  • spent time investigating slow subiquity startup in VMs when run by the desktop installer. Nothing obvious came up from the investigation.
  • brainstormed on how to properly handle already mounted partitions in the installer.
  • did some non regression testing with subiquity on focal and jammy.


1 Like


  • Backlog grooming
  • Prepared a 3.4 release and promoted it to latest/candidate.
  • Reviewed and approved #210 - Root improved for
  • Rework how we run the TICS analysis in CI to automatically update the official report.
  • PR # 215 - Fix gpg tmp dir path (see LP: #2057885)
    • Done and merged
  • Discussed packaging ubuntu-images as a deb to declare it as a dependecy of livecd-rootfs
  • Trying to answer some questions:
    • Is a gadget.yaml file without volume valid? Yes
    • Is a gadget.yaml file with several volumes valid? Yes
    • The answer to life, the universe, and everything? 42
  • Making sure ubuntu-image can properly build an image with a gadget.yaml defining several volumes.


  • Explore setting up the snap auto-build (LP? GH?)
  • PR # 30 - Package imagecraft as a snap
    • Merged
  • PR # 27 - Sync imagecraft with current imagecraft.yaml proposition
    • In review
  • PR # 23 - Use “standard” package-repositories key in imagecraft.yaml
    • In progress
  • Preparing everything to run regular TICS analysis
    • Setup the token
    • Asked TIOBE to add the project
    • PR #32 - Configure TICS report in CI
      • In review and waiting for TIOBE to setup the project.


  • Biannual check-in
  • Went down the ubuntu core/snaps/gadget/etc. rabbit hole. This is severely lacking documentation but this is identified and will hopefully improve in the future.
1 Like


[Spec] TLS 1.0 and 1.1 are disabled by default

The specification is now approved! TLS 1.0 and 1.1 is recognized as deprecated in Ubuntu too and while some softare stil enable these by default, this is considered a bug rather than a feature.


I got the package in a better shape, especially its testsuite which was superficial, and fixed/skipped/ignored half a dozen different issues in CI. The package has migrated and is in now in main. Thanks @upils , @slyon and @paelzer !


Prepared 3.8.5-2ubuntu1 which merges from debian and uses the upstream fix for the regression observed in 3.8.5 (no configuration file led to the wrong default configuration for a new setting). This is a late update in order to have as many fixes as possible for this core package, including security ones, and also future-proofing for the Ubuntu LTS as gnutls finally offers a way to disable RSAES-PKCS1-v1_5 which has been deprecated for decades and has been considered legacy for years. Thanks @vpa19771 for the review.


Like with gnutls28, I’m looking at using the most recent version possible for openssl. At the moment, 3.0.13 is already in the archive but there are fixes in the openssl-3.0 git branch which I’ve picked up in order to create 3.0.13+20240415.45c2a8-0ubuntu1.


1 Like


  • PowerVM secure boot evaluation
    • new “dynamic key” proposal by IBM
    • updated previous spec
  • shim chainloading
    • improved existing shim loader protocol
    • done testing with shim->shim and shim->Windows chainloading
  • Looked at various GRUB bug reports


  • openjdk-21 x openjdk-23 proposed migration resolved by retrying
1 Like




  • hiring
  • checking & scheduling Madrid breakout sessions
  • DebConf 24 travel planning
    • travel request
    • Registration
    • BoF proposal
1 Like
1 Like

RISC-V release images

  • Beta testing went fine
  • We still need to respin cd-boot-images-riscv64 (LP: #2062166) Sponsor needed


  • In upstream U-Boot the loading of device-trees from directory /dtb in ESP currently is not working for the UEFI boot manager boot method. I am working on a fix.

Milk-V Mars CM

  • Patches for support in U-Boot sent upstream. Currently under upstream review.


  • Review submissions
1 Like



  • Reviewed a take home test
1 Like


  • golang-1.21 is demoted to universe. Investigate the blocker packages which want to keep it in main. (LP: #2061745)


1 Like
  • Patch piloting shift on Monday
  • Investigated state of armhf containers under LXD; they don’t work on noble (LP: #2062176), yet they do on mantic…
  • Tested variation of wait-online patch for netplan under Pi server images (LP: #2060311)
  • Verified mesa patch clears up GTK4 icons issue (LP: #2060679) and adjusted release notes accordingly
  • Talked with Tom’s Hardware about noble and GPIO on Pi 5
  • Fixed GPIO2/3 issue in rpi-lgpio (LP: #2060754)
  • Proposed removal of pi-bluetooth from platform seed for raspi (it’s now an empty transitional package)
  • Proposed removal of pi armhf image definitions
  • Removed nvidia hack from initramfs-tools (LP: #2060032) as the underlying issue was fixed (LP: #1970069)
  • Requested removal of mtd-utils on armhf architecture (tests failing on armhf, and the consequences of failure here are too severe to ignore) (LP: #2061990)
  • Pi meetings


  • Enabled setting the embedded switch mode on an SR-IOV interface when it doesn’t have virtual functions, I did some refactoring and lots of testing along the way. PR#454
  • Imported my random Netplan YAML generator to our tests and enabled it in our CI. It will generate thousands of (controlled) random Netplan YAMLs and call the parser against them to try to detect problems such as memory leaks and crashes PR#453
  • Fixed a couple of new issues found with the config generator PR#451 PR#450
  • Helped with lots of testing with the new networkd wait-online strategy that Lukas is working on PR#456
  • Currently trying to move forward with the parser flags work to ignore parser errors.


  • Tried for a while to get swiftlang building on Noble. After a few patches I’ve got it working on amd64 but the swift compiler is crashing on arm64. The culprit seems to be the vendored LLVM 13. I added the details in the LP ticket. LP#2060818 and PPA
1 Like

(Combined report for this and last week.)

  • .NET April Update packaging & regression testing:
    • .NET 6 SRU – LP: #2060259
    • .NET 7 SRU – LP: #2060260
    • .NET 8 SRU – LP: #2060261
      (they all need attention from the SRU team)
  • MIR:
    • attended MIR meetings
    • MP: #463928 – jammy seed change
    • MP: #463929 – mantic seed change
    • MP: #463930 – noble seed change
    • Special thanks to:
      • the MIR Team for the due diligence during the entire MIR process (which nearly lasted ONE YEAR)
      • @paelzer for promoting dotnet6 & dotnet8 to main on mantic & jammy
      • @slyon for providing feedback on how to do the seed change
  • .NET backports PPA
  • Archived .NET Bootstrap builds
  • Update Upstream Install Instructions & Support Information
  • reviewed .NET related release notes for noble
  • .NET Build Conference preparations
  • attended .NET security partners meeting
  • 24.10 Roadmap planning
  • Bug grooming
  • dotnet-test-runner
    • PR #3 reviewed & merged
    • Started packging this and dotnet-regular-tests. Planning to introduce this with 24.10
  • looked into building dotnet-runtime-deps-{6,7,8}.0 as per upstream recommended packages doc (LP: #2062374)
1 Like



  • dcmstack 0.9-1ubuntu1: Replace python3-dicom by python3-pydicom
  • python-zeep 4.2.1-2ubuntu1: Drop libxmlsec1 and libxmlsec1-openssl build dependencies.
  • autopilot 1.6.1+21.04.20210120-0ubuntu14: Replace removed deprecated unittest methods in Python 3.12
  • nfs-ganesha 4.3-8build1 fails to build on armhf
  • xf86-input-multitouch 1.0~rc3-2ubuntu1



proposed migration

personal work

In my personal spare time I published

1 Like

+1 Maintenance week

Re-ran some tests with the right targets, eliminating them from the update_excuses

  • pyfai vs pocl
  • dotnet8 vs. ltt-control
  • gnucobol3 vs gmp
  • nauty vs gmp
  • silx
  • gmp vs normaliz

Found bugs and fixed them for:


Adoptium Workgroup Meeting

1 Like


Beta testing

  • Tested the beta candidate on NVIDIA+UEFI+SecureBoot
1 Like


  • Worked on creating a demo app for the MS Build 2024 chiseled Ubuntu presentation
  • Investigated ways to fix the “missing libicu” message from the new .NET snaps due to classic snaps dynamic linkage issues.
  • Did some cleaning up on the .NET Installer CLI commands (PR #12)
  • Attended weekly .NET partners sync meeting
1 Like


  • Handing out some API keys
  • tmpfile config file fix
  • MP that allows us to update percentage of workers taking upstream requests on the fly
  • Investigation into and latter resizing of our tmp partitions
  • Investigating and making an MP for an issue we saw where our Content-Length headers stopped being provided on static files
  • Investigating an issue regarding double reboot on arm64
  • Rewrote an old MP which reports our apache access codes to grafana
  • Working on an MP which allows admins to stop tests from the webpage


  • Made an MP re-enabling the expectation of the Content-Length header


  • Lots and lots of isotesting :slight_smile:
  • Lots of apport reviews
  • Worked on the NBS package list
  • put together a new glibc package for CVE-2024-2961
1 Like