Bug#1039058: shim-signed: Incorrectly depends on grub packages (grub-efi-amd64-bin, grub2-common)
Package: shim-signed
Version: 1.39+15.7-1
Severity: normal
X-Debbugs-Cc: wolfwings@gmail.com
Dear Maintainer,
* What led up to the situation?
Was attempting to uninstall grub after switching to systemd-boot
and adding it via mokutil to the allowed binaries for shim-signed.
* What exactly did you do (or not do) that was effective (or
ineffective)?
Effective workaround after shim-signed got uninstalled and system
could no longer boot Linux: Extracted the shim-signed bootloader from
the .deb and manually copied the file back into place as a stopgap.
Side effect of workaround:
No automatic updates when updates to shim-signed is released, need
to notice it + unpack the update manually.
* What was the outcome of this action?
Initially: System no longer booted to Linux successfully.
Work stopgap workarond: System continues to boot with Secure Boot
enabled without needing to juggle enrolling custom keys versus using
the Microsoft keys.
* What outcome did you expect instead?
shim-signed to stay installed when uninstalling grub, as there's no
direct requirement to pair it with grub, it just has the signatures for
grub pre-registered.
-- System Information:
Debian Release: 12.0
APT prefers stable-security
APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-9-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages shim-signed depends on:
pn grub-efi-amd64-bin <none>
pn grub2-common <none>
ii shim-helpers-amd64-signed 1+15.7+1
pn shim-signed-common <none>
Versions of packages shim-signed recommends:
pn secureboot-db <none>
shim-signed suggests no packages.
Reply to: