group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #15880
[Bug 1700170] Re: backport shim-signed 1.30 from artful to supported releases
This bug was fixed in the package shim-signed - 1.32~14.04.2
---------------
shim-signed (1.32~14.04.2) trusty; urgency=medium
* Backport shim-signed 1.32 to 14.04. (LP: #1700170)
shim-signed (1.32) artful; urgency=medium
* Handle cleanup of /var/lib/shim-signed on package purge.
shim-signed (1.31) artful; urgency=medium
* Fix regression in postinst when /var/lib/dkms does not exist.
(LP #1700195)
* Sort the list of dkms modules when recording.
shim-signed (1.30) artful; urgency=medium
* update-secureboot-policy: track the installed DKMS modules so we can skip
failing unattended upgrades if they hasn't changed (ie. if no new DKMS
modules have been installed, just honour the user's previous decision to
not disable shim validation). (LP: #1695578)
* update-secureboot-policy: allow re-enabling shim validation when no DKMS
packages are installed. (LP: #1673904)
* debian/source_shim-signed.py: add the textual representation of SecureBoot
and MokSBStateRT EFI variables rather than just adding the files directly;
also, make sure we include the relevant EFI bits from kernel log.
(LP: #1680279)
shim-signed (1.29) artful; urgency=medium
* Makefile: Generate BOOT$arch.CSV, for use with fallback.
* debian/rules: make sure we can do per-arch EFI files.
shim-signed (1.28) zesty; urgency=medium
* Adjust apport hook to include key files that tell us about the system's
current SB state. LP: #1680279.
shim-signed (1.27) zesty; urgency=medium
[ Steve Langasek ]
* Update to the signed 0.9+1474479173.6c180c6-1ubuntu1 binary from
Microsoft.
* update-secureboot-policy:
- detect when we have no debconf prompting and error out instead of ending
up in an infinite loop. LP: #1673817.
- refactor to make the code easier to follow.
- remove a confusing boolean that would always re-prompt on a request to
--enable, but not on a request to --disable.
[ Mathieu Trudel-Lapierre ]
* update-secureboot-policy:
- some more fixes to properly handle non-interactive mode. (LP: #1673817)
shim-signed (1.23) zesty; urgency=medium
* debian/control: bump the Depends on grub2-common since that's needed to
install with the new updated EFI binaries filenames.
shim-signed (1.22) yakkety; urgency=medium
* Update to the signed 0.9+1474479173.6c180c6-0ubuntu1 binary from Microsoft.
* Update paths now that the shim binary has been renamed to include the
target architecture.
* debian/shim-signed.postinst: clean up old MokManager.efi from EFI/ubuntu;
since it's being replaced by mm$arch.efi.
shim-signed (1.21.3) vivid; urgency=medium
* No-change rebuild for shim 0.9+1465500757.14a5905.is.0.8-0ubuntu3.
shim-signed (1.21.2) vivid; urgency=medium
* Revert to signed shim from 0.8-0ubuntu2.
- shim.efi.signed originally built from shim 0.8-0ubuntu2 in wily.
shim-signed (1.20) yakkety; urgency=medium
* Update to the signed 0.9+1465500757.14a5905-0ubuntu1 binary from Microsoft.
(LP: #1581299)
-- Mathieu Trudel-Lapierre <cyphermox@xxxxxxxxxx> Mon, 10 Jul 2017
20:29:28 -0400
** Changed in: shim-signed (Ubuntu Trusty)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1700170
Title:
backport shim-signed 1.30 from artful to supported releases
Status in shim-signed package in Ubuntu:
Fix Released
Status in shim-signed source package in Trusty:
Fix Released
Status in shim-signed source package in Xenial:
Fix Released
Status in shim-signed source package in Yakkety:
Fix Committed
Status in shim-signed source package in Zesty:
Fix Released
Bug description:
[Impact]
shim-signed ships the signed shim$arch.efi binary that goes with the shim package available in each release, which should remain synchronized across all supported releases as to make sure the security sensitive binary can be appropriately supported.
shim-signed also ships some additional bits that are useful to go
along with the shim binary; and this is what is actually targetted on
this SRU: shim itself does not change, but in the interest of making
support as easy as possible, the supporting files shipped with it are
also kept synchronized across releases.
These files are the following:
- an apport hook, useful to let users report issues in updating the Boot Entries on their firmware, debugging upgrade issues, etc; and provides critical information about the system on which a bug is reported about the state of that system's EFI firmware: whether EFI validation is enabled, whether Secure Boot is enabled, whether it was properly started by the kernel;
- a BOOT$arch.CSV file, to be installed by grub2 if present, where grub2 has that feature (in artful only), or to be installed manually by the user if wanted. This file is a text file that provides the location of shim on a system when running the shim fallback binary (also not installed prior to artful).
[Test case]
See the other closed bugs for this backport, which include their own test cases.
== boot.csv ==
1) Verify that /usr/lib/shim/BOOTX64.CSV contains:
shimx64.efi,ubuntu,,This is the boot entry for Ubuntu
[Regression potential]
See the other closed bugs for this backport, which include their own test cases.
Shipping the BOOT$arch.CSV file alone has no risk of regression, it
constitutes a single text file shipped in a location where it is not
used; it is only contained in the backport to simplify keeping the
shim-signed packages synchronized.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shim-signed/+bug/1700170/+subscriptions
