Bug#927816: unblock: shim-signed/1.30

To: Steve McIntyre <steve@einval.com>, 927816@bugs.debian.org
Subject: Bug#927816: unblock: shim-signed/1.30
From: Niels Thykier <niels@thykier.net>
Date: Tue, 23 Apr 2019 19:41:00 +0000
Message-id: <[🔎] 041665d7-da85-7cbc-da71-51d2168fa97c@thykier.net>
Reply-to: Niels Thykier <niels@thykier.net>, 927816@bugs.debian.org
In-reply-to: <[🔎] 155604571496.11508.6927050010419489997.reportbug@tack.local>
References: <[🔎] 155604571496.11508.6927050010419489997.reportbug@tack.local> <[🔎] 155604571496.11508.6927050010419489997.reportbug@tack.local>

Control: tags -1 moreinfo

Steve McIntyre:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> 
> Please unblock package shim-signed
> 
> We've just got new signatures back from Microsoft to match our shim
> binaries for amd64, i386 and arm64. I've fixed up the packaging a lot
> to accommodate the new arches (previously we had amd64 only).
> 
> We've made a lot of progress with shim, and we're nearing the end of
> the process for Secure Boot in Buster. I'm asking for this unblock
> today to cover most of what we need, with potentially a further
> unblock for a new set of signed binaries with some shim bugfixes to
> come. That'll depend on how long new signatures take to come. (Yay!).
> 
> The main set of changes here are in version 1.29.
> 
> [...]

Hi,

Thanks for the work on shim-signed.

I am mostly happy with the changes, except for ...

> diff -Nru shim-signed-1.28+nmu1/debian/control shim-signed-1.30/debian/control
> --- shim-signed-1.28+nmu1/debian/control	2018-11-04 07:09:26.000000000 +0000
> +++ shim-signed-1.30/debian/control	2019-04-22 23:59:15.000000000 +0100
> @@ -1,15 +1,34 @@
>  Source: shim-signed
>  Section: utils
>  Priority: optional
> -Maintainer: Steve Langasek <vorlon@debian.org>
> -Build-Depends: debhelper (>= 9), shim, sbsigntool (>= 0.6-0ubuntu4), po-debconf
> -Standards-Version: 3.9.4
> +Maintainer: Debian EFI Team <debian-efi@lists.debian.org>
> +Uploaders: Steve McIntyre <93sam@debian.org>, Steve Langasek <vorlon@debian.org>
> +Build-Depends: debhelper (>= 9),
> +# Need shim-unsigned version 15+1533136590.3beb971-5 so we can check the
> +# signature on the right version of shim. Version -6 saw arm64 toolchain
> +# changes that changed the binary. Ugh. :-(
> + shim-unsigned (= 15+1533136590.3beb971-5),
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Testing has -6, so shim-signed is B-D'ing on a non-existent package
version.  IOW it will not be buildable in buster and unblocking it (plus
forcing it) would imply breaking the self-containedness of buster.

Thanks,
~Niels

Reply to:

Follow-Ups:
- Bug#927816: unblock: shim-signed/1.30
  - From: Steve McIntyre <steve@einval.com>

References:
- Bug#927816: unblock: shim-signed/1.30
  - From: Steve McIntyre <steve@einval.com>

Prev by Date: Processed: Re: Bug#927816: unblock: shim-signed/1.30
Next by Date: Bug#927819: marked as done (unblock: distro-info-data/0.40)
Previous by thread: Processed: Re: Bug#927816: unblock: shim-signed/1.30
Next by thread: Bug#927816: unblock: shim-signed/1.30
Index(es):
- Date
- Thread