Foundations Team Updates - Thursday 29 Jun 2023

The previous status is here: Foundations Team Updates - Thursday 22 Jun 2023

1 Like




  • DebConf prep
  • Candidate interviews
  • Take-home test reviews
  • Spec work
1 Like


  • Finished bootstrap packages for dotnet8 targeting amd64 and arm64
    • Downstreamed two patches to fix a .NET 7 prebuilt still showing up for nuget-client and fsharp that didn’t make it in time for the preview 5 release
    • AMD64 PPA / ARM64 PPA
  • Packaged dotnet8 archive package and submitted LP bug
    • [needs-packaging] dotnet8 (LP: #2025261)
    • Brought improved autopkgtests from dotnet7 and adapted them to work with the dotnet8 package
    • Worked on cleaning up lintian errors and warnings


  • Working on nvme-stas MIR


  • added missing active-directory section from JSON schema in server’s autoinstall documentation. PR 1704
  • implemented last bits for OEM meta-packages handling:
  • filed feature request for ubuntu-drivers install-oem #2024883
  • bug triage


  • fixed failing pyparted test-suite (thanks @mwhudson for sponsoring!). Forwarded and applied in Debian. Back to syncing since today.


  • had half a day off
  • internal meetings
1 Like


  • integrating MS smoke tests (WIP)
  • LP: #2023531 [MIR] dotnet6
    • talked to Miriam España Acebal (~mirespace) about MIR
    • subscribed MIR Team and discussed at MIR Team Meeting
  • attended weekly .NET Source-Build Partner Sync Meeting
  • triaged bug in dotnet autopkgtest
1 Like

+1 Maintenance


  • crypto-configuration: busy creating a testsuite to use for a sort of TDD but also to gain vision into the current software configuration
1 Like

Short week, swap day on Tuesday

  • armhf time_t investigation: batch 35
  • Candidate interview
  • Fixed python-django FTBFS with Python 3.11.4
  • Travel planning
  • HR stuff
  • Merge Party prep
1 Like


  • Vlan support for the keyfile parser (merged) (PR#370)
  • Add support for the Wireguard property listen-port to the keyfile parser (PR#372)
  • Investigated an LP bug related to an issue with Wireguard connections created with Network Manager when the private key is stored in an external agent (LP: #2024661) and proposed a solution for that in PR#371
  • Some refactoring in the Veth support PR after merging support for VLANs in the keyfile parser (PR#368)
  • Investigating a better solution for loading keyfiles into Netplan’s state in a way it tries to maintain the consistency between interfaces. (PoC)
  • PR#374 review
  • Spec review
  • Bug triaging


  • Investigating why libwww-mechanize-perl is getting stuck in autopkgtests
1 Like

Short week, I was out on Friday.

package management

  • Stared at aptsources in python-apt for ages figuring out which approach to take for making the distro module (which changes mirrors, enables components, pockets) work reliably with mixed deb822 source entries, as the existing matching code would now potentially match parts of the template.

    Decided to go with a model where we explode the deb822 paragraph into multiple paragraphs each referring to a single InRelease file basically (which corresponds to a legacy sources.list line) and then have aptsources.distro operate on the exploded view, and have the save() method merge entries back together before writing them out if they remain mergable.

    Started implementing the proxy class representing an exploded part of the entry and on writes to it, explodes the parent entry and then reparents itself to the new entry corresponding to itself.

  • In apt, implemented a notice for missing Signed-By fields in deb822 sources during the update command. The intention is to guide users towards best practices to improve safety.

  • In apt, started a bit rewriting the verification code to use gpgv directly instead of calling out to the apt-key shell script. This will remove the last bit of internal apt-key use. Also bumped the versions in the documentation saying when apt-key will last be shipped to Debian 12 and Ubuntu 23.10.

secure boot

  • In grub upstream, I implemented support for SDL2 in the emulator, as SDL1 is being deprecated in Debian, and we had a chance to still sneak this in for grub 2.12 rather than carry a patch downstream for months or years or whenever 2.12+1 comes.

  • Evaluated how we want to securely boot in grub 2.12. Upstream significantly reworked their UEFI bootloader story, now using a single UEFI boot loader across all UEFI architectures.

    However, this revamp caused x86 to stop booting with shim (that’s why we have no 2.12 RC1 yet), because the boot loader uses LoadImage() for which shim does not check signatures itself, but just proxies to the firmware, causing them to be rejected if they are signed with keys embedded into shim or the MOK.

    Upstream will be fixing this on x86 by falling back to the legacy loader. Long IRC discussions :slight_smile:

    For Debian and Ubuntu, I do want to use this new UEFI loader and just replace the calls to LoadImage() and friends with custom implementations based on the peimage that @xypron wrote , rather than continue down the rabbit hole of the separate rhboot loaders.

    This will signifcantly reduce our patch queue, and brings us into an optimal position for a future where shim does implement a protocol for these functions and everyone will be using the upstream loader.

    Let’s be first now rather than first in 24.04 and avoid having to spend time rebasing wildly different boot loader patch sets.

  • dug into investigating how to boot OVMF_CODE.secboot.fd based on a partner email, but eventually gave up and deferred the question to @dannf, while providing insight into how I test secure boot using the “normal” OVMF_CODE.fd


  • Resolved various armhf time_t check compilation failures. One remaining is libgivaro-dev which has so many horribly broken headers that I think we should probably just skip it, excluding them will not lead to sensible coverage.

  • Reviewed a written interview if I recall correctly. Checking again, new ones seem to have accumulated, sigh.

  • Provided a ton of feedback to the QA team about using apt-get install satdep.deb instead of dpkg -i && apt-get install -f.

  • I had my patch pilot shift this morning which was pretty uneventful.



  • initramfs-tools:
  • python-tz: Uploaded 2023.3-3 to Debian unstable to restore the change from 2022.7.1-4 to fix the autopkgtest
  • dput: Upload 1.1.3ubuntu3 to make PEP 440 version conversion more robust for SRUs (LP: #1991606)


armhf time_t

1 Like

Report covering the past two weeks (last week is short due to PTO).

1 Like


  • simplification of riscv64 script was merged

Vendor images

  • Working on vendor image support

console setup

  • Migration of new Debian version LP #2025363
1 Like


  • +1 maintenance this week (will put details in report to ubuntu-devel)
  • A bit of systemd bug triaging


  • Conducted an interview last week
1 Like
  • Reviewed initramfs-tools test suite for @bdrung (very nice!)
  • Patch pilot shift
  • Finished 4K 60Hz blog post
  • Blog post writing (make a desktop image with cloud-init)
  • Running armhf profiles for @schopin (LP: #1999551)
  • Debhelper fix rears its ugly head again on google-guest-agent tests (LP: #2019089 after LP: #1959054)
  • Debugging daily mantic images for raspi desktop
  • Merged flash-kernel 3.107 from Debian (LP: #2024672)
  • Pi meetings
  • Take home test
1 Like


  • Performed a test, which passed, of seed-new-release where we only read the objects in swift as a part of identifying why seed-new-release fails regularly.
  • Later performed a test of seed-new-release which writes to a fake release container and recreated the issue we see at release opening.
  • Provided a code review of @andersson123’s MP regarding adding a script for choosing the fastest mirror for a data center.
  • Tested the above code in production as best I could given network issues with bos01.
  • Added, then removed, debvm to never_run as its tests were looping and there is not a way to remove items from the queu
    e which are already being ran.
  • Dealing with a lack of free space on an autopkgtest-cloud-worker unit, the root cause was found and resolved.
  • Submitted an RT regarding networking issues in bos01 and one regarding an inability to launch some port instances in bos01.

ISO Tracker

  • Research into the sending email address for new build notifications from the ISO tracker. I’m fairly certain I now understand what is misconfigured and submitted an RT to fix the sending address.
  • Documented how the server behind the ISO tracker is setup / configured.


  • Investigation into debvm / mmdebstrap autopkgtests looping.


  • Reviewing candidate applications.
  • Conducted an interview with a candidate.
  • Attended Developer Membership Board meeting.
  • Attempted to release verified SRUs but ran into Launchpad OOPSes when copying packages. Released them a day later but not a dollar short.
1 Like



1 Like


  • Ensured that the various bugs being closed by the SRUs were verified
  • Spent a long time on the benchmarks for the arm64 mem* patches, along with @waveform. Work still ongoing, but already fruitful as the focal SRU will need to be retooled.


  • reviewed and sponsored src:rustc with bundled cargo for @liushuyu-011
  • reviewed versioned rust toolchain packages spec
1 Like


  • Worked on mirror testing script MP
  • Worked on --test-release flag for seed-new-release script
  • Worked on linting MP’s with @paride which also add various linting things to lpci via pre-commit.
  • Researching issue with mmdebstrap test looping


  • Implemented script to run hourly via cron to undefine and clean up dead vm’s.
  • Improved said script to destroy vm’s that are running but inactive. Going to add to cron tomorrow.


  • Looking into using .fif format instead of raw json for instance template.
  • Nearly finished writing an installer test for installing with manual partitioning (part of an attempt to write a suite of tests to cover all the mandatory tests in the iso tracker)
  • Will have a meeting next week with @bdmurray and @paride discussing a plan for actual infrastructure instead of running tests locally on my machine lol


  • Had a meeting with Jürgen Gmach discussing my idea to put git information in logs for lpci builds. Implemented said idea and it’s ready for review.
1 Like


  • raised mps for batch 31 1 2 3. Still working through libmlir-15-dev and libmapnik-dev.


  • review comments/updates to openjdk-fips package specification
  • some minor merge requests for openjdk packaging 1 2
  • investigated Java games crash, started discussion about restoring map files.


  • groomed libheif MIR epic AV1 codec part
1 Like