Skip to content

lamboot-tools v0.8.0

Choose a tag to compare

View all tags
@glamberson glamberson released this 04 Jun 05:46
· 1 commit to main since this release
v0.8.0
5804e3b

[0.8.0] — 2026-06-03

Re-architecture release. The toolkit returns to a shell-only codebase; the two
Rust components it grew during the 0.7.x line now live in their own
repositories and ship as prebuilt binaries. No tool behavior changed: this is a
structural, packaging, and ownership release.

Changed

  • Architecture: lamboot-tools is now shell-only and federated. The Rust
    crates developed across the 0.7.x line were extracted to their own
    repositories:

    • grub-cfg became lamboot-reader (GRUB config reader and resolver), and
    • capcheck became lamboot-capcheck (firmware and platform capability
      auditor).

    The toolkit no longer compiles Rust. It bundles their prebuilt, statically
    linked (musl) binaries instead (see Added), so the installed product keeps
    the same capability. lamboot-doctor and lamboot-migrate --capcheck-gate
    continue to consume lamboot-capcheck from PATH and degrade gracefully when
    it is absent.

  • Copyright holder is now Lamco Development LLC across LICENSE-MIT,
    LICENSE-APACHE, the generated man pages, the website footer, the SBAT vendor
    field, and the X.509 signing-certificate subject. (IP transfer completed
    2026-06-02.)

  • Umbrella version reconciled to 0.8.0. The last public release was 0.3.0;
    internal development reached 0.7.12 (the capcheck work that has now been
    extracted). 0.8.0 is the first public release of the federated, shell-only
    product.

Added

  • Bundled component binaries, shipped in the new arch-specific
    lamboot-tools-firmware RPM subpackage and inside the release tarball:
    lamboot-capcheck (12-domain firmware auditor) and lamboot-reader
    (standalone GRUB-config CLI), built static-musl for x86_64 and aarch64,
    vendored under vendor/bin/<arch>/ with per-component THIRD_PARTY_NOTICES
    and a vendor/BINARY-PROVENANCE.txt audit record.
  • publish/vendor-binaries.sh: a manifest-driven pipeline that builds and
    vendors the sibling binaries at a pinned tag. The aarch64 binaries are
    cross-linked with the toolchain's bundled rust-lld, so no C cross-toolchain
    is required.
  • Makefile vendor and install-firmware targets, and vendor/ inclusion
    in publish/build-tarball.sh.
  • Hand-authored man pages lamboot-capcheck(1) and lamboot-reader(1).

Removed

  • The in-repo Rust workspace and its build targets (the crates moved to their
    own repositories). make clean now also removes the stale target/ cache.
Assets 12
Loading