Bug#925436: marked as done (unblock: fwupdate/12-4)

To: Niels Thykier <niels@thykier.net>
Subject: Bug#925436: marked as done (unblock: fwupdate/12-4)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Wed, 27 Mar 2019 21:45:04 +0000
Message-id: <[🔎] handler.925436.D925436.155372299019084.ackdone@bugs.debian.org>
Reply-to: 925436@bugs.debian.org
References: <9e1e5d05-1167-08dc-be18-950747c8261b@thykier.net> <[🔎] 155347595612.30869.14212615658240198178.reportbug@tack.local>

Your message dated Wed, 27 Mar 2019 21:42:00 +0000
with message-id <9e1e5d05-1167-08dc-be18-950747c8261b@thykier.net>
and subject line Re: Bug#925436: unblock: fwupdate/12-4
has caused the Debian Bug report #925436,
regarding unblock: fwupdate/12-4
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
925436: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925436
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: unblock: fwupdate/12-4
From: Steve McIntyre <steve@einval.com>
Date: Mon, 25 Mar 2019 01:05:56 +0000
Message-id: <[🔎] 155347595612.30869.14212615658240198178.reportbug@tack.local>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package fwupdate

I've just made the last minor tweaks around the signing service json
setup needed for UEFI Secure Boot support in Debian. There are also a
couple of small ignorable Ubuntu packaging diffs, and the addition of
a Recommends to also pull in the -signed version when possible during
installation.

Here's the debdiff.

diff -Nru fwupdate-12/debian/changelog fwupdate-12/debian/changelog
--- fwupdate-12/debian/changelog	2018-08-06 05:08:34.000000000 +0100
+++ fwupdate-12/debian/changelog	2019-03-25 00:47:29.000000000 +0000
@@ -1,3 +1,19 @@
+fwupdate (12-4) unstable; urgency=medium
+
+  [ Steve McIntyre ]
+  * debian/gen_signing_json: Update the format of the json metadata to
+    match new requirements:
+    + Move all the data under a new top-level "packages" key
+    + Add an empty "trusted_certs" key - our binaries do not do any
+      further verification with an embedded key.
+
+  [ Mario Limonciello ]
+  * Install signed packages for secure boot automatically
+  * Use a virtual package fwupdate-signed to resolve the correct package
+  * Stop producing UEFI archive for Ubuntu signed images (LP: #1787254)
+
+ -- Steve McIntyre <93sam@debian.org>  Mon, 25 Mar 2019 00:47:29 +0000
+
 fwupdate (12-3) unstable; urgency=medium
 
   * debian/rules: fix libexecdir location (Closes: #905549)
diff -Nru fwupdate-12/debian/control fwupdate-12/debian/control
--- fwupdate-12/debian/control	2018-08-06 05:02:24.000000000 +0100
+++ fwupdate-12/debian/control	2019-03-08 22:23:42.000000000 +0000
@@ -26,6 +26,7 @@
 Architecture: amd64 i386 armhf arm64
 Multi-Arch: foreign
 Depends: ${shlibs:Depends}, ${misc:Depends}, libfwup1 (= ${binary:Version}), efibootmgr, e2fsprogs
+Recommends: fwupdate-signed
 Description: Tools to manage UEFI firmware updates
  fwupdate provides functionality to update system firmware. It has been 
  initially designed to update firmware using UEFI capsule updates, but 
diff -Nru fwupdate-12/debian/gen_signing_json fwupdate-12/debian/gen_signing_json
--- fwupdate-12/debian/gen_signing_json	2018-08-06 05:02:24.000000000 +0100
+++ fwupdate-12/debian/gen_signing_json	2019-03-08 23:22:43.000000000 +0000
@@ -16,9 +16,14 @@
 
 rm -f $OUT
 
-printf '{"%s": {\n' "${SOURCE}" >> $OUT
-printf '  "files": [ \n' >> $OUT
-printf '    {"sig_type": "efi", "file": "%s"}\n' "${BINARY}" >> $OUT
-printf '  ]\n' >> $OUT
-printf '} }\n' >> $OUT
+printf '{\n' >> $OUT
+printf '  "packages": {\n' >> $OUT
+printf '    "%s": {\n' "${SOURCE}" >> $OUT
+printf '      "trusted_certs": [],\n' >> $OUT
+printf '      "files": [ \n' >> $OUT
+printf '        {"sig_type": "efi", "file": "%s"}\n' "${BINARY}" >> $OUT
+printf '      ]\n' >> $OUT
+printf '    }\n' >> $OUT
+printf '  }\n' >> $OUT
+printf '}\n' >> $OUT
 
diff -Nru fwupdate-12/debian/rules fwupdate-12/debian/rules
--- fwupdate-12/debian/rules	2018-08-06 05:07:22.000000000 +0100
+++ fwupdate-12/debian/rules	2019-03-08 22:23:42.000000000 +0000
@@ -10,7 +10,6 @@
 SB_STYLE := debian
 ifeq (yes,$(shell dpkg-vendor --derives-from Ubuntu && echo yes))
 	SB_STYLE := ubuntu
-	tar_name := fwupdate_$(deb_version)_$(DEB_HOST_ARCH).tar.gz
 else
 	TMPLDIR  := debian/fwupdate-$(DEB_HOST_ARCH)-signed-template/usr/share/code-signing/fwupdate-$(DEB_HOST_ARCH)-signed-template
 endif
@@ -68,17 +67,6 @@
 
 override_dh_auto_clean:
 	dh_auto_clean -- EFIDIR=$(EFIDIR)
-ifeq (ubuntu,$(SB_STYLE))
-	rm -rf debian/fwupdate-images
-endif
 
 override_dh_builddeb:
 	dh_builddeb -- -Zxz
-ifeq (ubuntu,$(SB_STYLE))
-		mkdir -p debian/fwupdate-images/$(deb_version)
-		cp efi/fwup*.efi debian/fwupdate-images/$(deb_version)
-		echo $(deb_version) \
-			> debian/fwupdate-images/$(deb_version)/version
-			cd debian/fwupdate-images && tar czvf ../../../$(tar_name) .
-			dpkg-distaddfile $(tar_name) raw-uefi -
-endif
diff -Nru fwupdate-12/debian/signing-template/control fwupdate-12/debian/signing-template/control
--- fwupdate-12/debian/signing-template/control	2018-08-06 05:02:24.000000000 +0100
+++ fwupdate-12/debian/signing-template/control	2019-03-08 22:23:42.000000000 +0000
@@ -12,6 +12,7 @@
 Package: fwupdate-SIGNARCH-signed
 Section: admin
 Architecture: SIGNARCH
+Provides: fwupdate-signed
 Depends: ${shlibs:Depends}, ${misc:Depends}, fwupdate (= SIGNVERSION)
 Description: Tools to manage UEFI firmware updates (signed)
  fwupdate provides functionality to update system firmware. It has been 


unblock fwupdate/12-4

-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

--- End Message ---

--- Begin Message ---

To: 925436-done@bugs.debian.org

Subject: Re: Bug#925436: unblock: fwupdate/12-4

From: Niels Thykier <niels@thykier.net>

Date: Wed, 27 Mar 2019 21:42:00 +0000

Message-id: <9e1e5d05-1167-08dc-be18-950747c8261b@thykier.net>

In-reply-to: <[🔎] 626a3671-013e-83f7-f335-aad8db16e3be@thykier.net>

References: <155347595612.30869.14212615658240198178.reportbug__25478.6633698799$1553476164$gmane$org@tack.local> <[🔎] 155347595612.30869.14212615658240198178.reportbug@tack.local> <[🔎] 87ftrbwf4p.fsf@43-1.org> <[🔎] 626a3671-013e-83f7-f335-aad8db16e3be@thykier.net> <[🔎] 626a3671-013e-83f7-f335-aad8db16e3be@thykier.net>
On Wed, 27 Mar 2019 21:11:00 +0000 Niels Thykier <niels@thykier.net> wrote:
> Ansgar Burchardt:
> > Steve McIntyre writes:
> >> Please unblock package fwupdate
> > 
> > Please also unblock
> > 
> >   fwupdate-amd64-signed/12+4
> >   fwupdate-arm64-signed/12+4
> >   fwupdate-armhf-signed/12+4
> >   fwupdate-i386-signed/12+4
> > 
> > at the same time.
> > 
> > Ansgar
> > 
> 
> Unblocked, thanks.
> ~Niels
> 
> 
> 

With a -done this time.
--- End Message ---

Reply to:

References:
- Bug#925436: unblock: fwupdate/12-4
  - From: Steve McIntyre <steve@einval.com>

Prev by Date: Bug#925436: unblock: fwupdate/12-4
Next by Date: Processed (with 1 error): retitle unblock: openipmi/2.0.25-2.1
Previous by thread: Bug#925436: unblock: fwupdate/12-4
Next by thread: Bug#925441: unblock: linux/4.19.28-2
Index(es):
- Date
- Thread