Bug#925436: unblock: fwupdate/12-4

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#925436: unblock: fwupdate/12-4
From: Steve McIntyre <steve@einval.com>
Date: Mon, 25 Mar 2019 01:05:56 +0000
Message-id: <[🔎] 155347595612.30869.14212615658240198178.reportbug@tack.local>
Reply-to: Steve McIntyre <steve@einval.com>, 925436@bugs.debian.org

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package fwupdate

I've just made the last minor tweaks around the signing service json
setup needed for UEFI Secure Boot support in Debian. There are also a
couple of small ignorable Ubuntu packaging diffs, and the addition of
a Recommends to also pull in the -signed version when possible during
installation.

Here's the debdiff.

diff -Nru fwupdate-12/debian/changelog fwupdate-12/debian/changelog
--- fwupdate-12/debian/changelog	2018-08-06 05:08:34.000000000 +0100
+++ fwupdate-12/debian/changelog	2019-03-25 00:47:29.000000000 +0000
@@ -1,3 +1,19 @@
+fwupdate (12-4) unstable; urgency=medium
+
+  [ Steve McIntyre ]
+  * debian/gen_signing_json: Update the format of the json metadata to
+    match new requirements:
+    + Move all the data under a new top-level "packages" key
+    + Add an empty "trusted_certs" key - our binaries do not do any
+      further verification with an embedded key.
+
+  [ Mario Limonciello ]
+  * Install signed packages for secure boot automatically
+  * Use a virtual package fwupdate-signed to resolve the correct package
+  * Stop producing UEFI archive for Ubuntu signed images (LP: #1787254)
+
+ -- Steve McIntyre <93sam@debian.org>  Mon, 25 Mar 2019 00:47:29 +0000
+
 fwupdate (12-3) unstable; urgency=medium
 
   * debian/rules: fix libexecdir location (Closes: #905549)
diff -Nru fwupdate-12/debian/control fwupdate-12/debian/control
--- fwupdate-12/debian/control	2018-08-06 05:02:24.000000000 +0100
+++ fwupdate-12/debian/control	2019-03-08 22:23:42.000000000 +0000
@@ -26,6 +26,7 @@
 Architecture: amd64 i386 armhf arm64
 Multi-Arch: foreign
 Depends: ${shlibs:Depends}, ${misc:Depends}, libfwup1 (= ${binary:Version}), efibootmgr, e2fsprogs
+Recommends: fwupdate-signed
 Description: Tools to manage UEFI firmware updates
  fwupdate provides functionality to update system firmware. It has been 
  initially designed to update firmware using UEFI capsule updates, but 
diff -Nru fwupdate-12/debian/gen_signing_json fwupdate-12/debian/gen_signing_json
--- fwupdate-12/debian/gen_signing_json	2018-08-06 05:02:24.000000000 +0100
+++ fwupdate-12/debian/gen_signing_json	2019-03-08 23:22:43.000000000 +0000
@@ -16,9 +16,14 @@
 
 rm -f $OUT
 
-printf '{"%s": {\n' "${SOURCE}" >> $OUT
-printf '  "files": [ \n' >> $OUT
-printf '    {"sig_type": "efi", "file": "%s"}\n' "${BINARY}" >> $OUT
-printf '  ]\n' >> $OUT
-printf '} }\n' >> $OUT
+printf '{\n' >> $OUT
+printf '  "packages": {\n' >> $OUT
+printf '    "%s": {\n' "${SOURCE}" >> $OUT
+printf '      "trusted_certs": [],\n' >> $OUT
+printf '      "files": [ \n' >> $OUT
+printf '        {"sig_type": "efi", "file": "%s"}\n' "${BINARY}" >> $OUT
+printf '      ]\n' >> $OUT
+printf '    }\n' >> $OUT
+printf '  }\n' >> $OUT
+printf '}\n' >> $OUT
 
diff -Nru fwupdate-12/debian/rules fwupdate-12/debian/rules
--- fwupdate-12/debian/rules	2018-08-06 05:07:22.000000000 +0100
+++ fwupdate-12/debian/rules	2019-03-08 22:23:42.000000000 +0000
@@ -10,7 +10,6 @@
 SB_STYLE := debian
 ifeq (yes,$(shell dpkg-vendor --derives-from Ubuntu && echo yes))
 	SB_STYLE := ubuntu
-	tar_name := fwupdate_$(deb_version)_$(DEB_HOST_ARCH).tar.gz
 else
 	TMPLDIR  := debian/fwupdate-$(DEB_HOST_ARCH)-signed-template/usr/share/code-signing/fwupdate-$(DEB_HOST_ARCH)-signed-template
 endif
@@ -68,17 +67,6 @@
 
 override_dh_auto_clean:
 	dh_auto_clean -- EFIDIR=$(EFIDIR)
-ifeq (ubuntu,$(SB_STYLE))
-	rm -rf debian/fwupdate-images
-endif
 
 override_dh_builddeb:
 	dh_builddeb -- -Zxz
-ifeq (ubuntu,$(SB_STYLE))
-		mkdir -p debian/fwupdate-images/$(deb_version)
-		cp efi/fwup*.efi debian/fwupdate-images/$(deb_version)
-		echo $(deb_version) \
-			> debian/fwupdate-images/$(deb_version)/version
-			cd debian/fwupdate-images && tar czvf ../../../$(tar_name) .
-			dpkg-distaddfile $(tar_name) raw-uefi -
-endif
diff -Nru fwupdate-12/debian/signing-template/control fwupdate-12/debian/signing-template/control
--- fwupdate-12/debian/signing-template/control	2018-08-06 05:02:24.000000000 +0100
+++ fwupdate-12/debian/signing-template/control	2019-03-08 22:23:42.000000000 +0000
@@ -12,6 +12,7 @@
 Package: fwupdate-SIGNARCH-signed
 Section: admin
 Architecture: SIGNARCH
+Provides: fwupdate-signed
 Depends: ${shlibs:Depends}, ${misc:Depends}, fwupdate (= SIGNVERSION)
 Description: Tools to manage UEFI firmware updates (signed)
  fwupdate provides functionality to update system firmware. It has been 


unblock fwupdate/12-4

-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Reply to:

Prev by Date: Bug#925435: unblock: fwupd/1.2.5-2
Next by Date: Processing of fwupd_1.2.5-2_source.changes
Previous by thread: Bug#925435: unblock: fwupd/1.2.5-2
Next by thread: Processing of fwupd_1.2.5-2_source.changes
Index(es):
- Date
- Thread