group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1680279] Re: attach secureboot state files to shim-signed apport reports

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1680279@xxxxxxxxxxxxxxxxxx>
Date: Fri, 28 Jul 2017 00:46:31 -0000
Reply-to: Bug 1680279 <1680279@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package shim-signed - 1.32~16.04.1

---------------
shim-signed (1.32~16.04.1) xenial; urgency=medium

  * Backport shim-signed 1.32 to 16.04. (LP: #1700170)

shim-signed (1.32) artful; urgency=medium

  * Handle cleanup of /var/lib/shim-signed on package purge.

shim-signed (1.31) artful; urgency=medium

  * Fix regression in postinst when /var/lib/dkms does not exist.
    (LP#1700195)
  * Sort the list of dkms modules when recording.

shim-signed (1.30) artful; urgency=medium

  * update-secureboot-policy: track the installed DKMS modules so we can skip
    failing unattended upgrades if they hasn't changed (ie. if no new DKMS
    modules have been installed, just honour the user's previous decision to
    not disable shim validation). (LP: #1695578)
  * update-secureboot-policy: allow re-enabling shim validation when no DKMS
    packages are installed. (LP: #1673904)
  * debian/source_shim-signed.py: add the textual representation of SecureBoot
    and MokSBStateRT EFI variables rather than just adding the files directly;
    also, make sure we include the relevant EFI bits from kernel log.
    (LP: #1680279)

shim-signed (1.29) artful; urgency=medium

  * Makefile: Generate BOOT$arch.CSV, for use with fallback.
  * debian/rules: make sure we can do per-arch EFI files.

 -- Mathieu Trudel-Lapierre <cyphermox@xxxxxxxxxx>  Mon, 10 Jul 2017
17:43:10 -0400

** Changed in: shim-signed (Ubuntu Xenial)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1680279

Title:
  attach secureboot state files to shim-signed apport reports

Status in shim-signed package in Ubuntu:
  Fix Released
Status in shim-signed source package in Trusty:
  Fix Committed
Status in shim-signed source package in Xenial:
  Fix Released
Status in shim-signed source package in Yakkety:
  Fix Committed
Status in shim-signed source package in Zesty:
  Fix Released

Bug description:
  [SRU Justification]
  I'm asking the same questions repeatedly of bug submitters about the state of secureboot on their systems, so we should just include these files in the apport hook.  Since shim-signed changes in stable releases for policy reasons, this should be SRUed back in as well.

  [Test case]
  1. Install the shim-signed package from -proposed
  2. Run apport-bug shim-signed
  3. Confirm that the apport collection succeeds
  4. Verify that the report to be sent includes keys for two files under /sys/firmware/efi/efivars and for /proc/sys/kernel/moksbstate_disabled

  [Regression potential]
  If I done messed up, we could fail to get bug reports about shim that we really need.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shim-signed/+bug/1680279/+subscriptions