I've had a reply from Mark (ftpteam) in IRC: On Sun, Mar 03, 2019 at 11:35:45PM +0000, Steve McIntyre wrote: ... >So, we're looking at three hacky options options here to work our way >out of this hole. In (probably?) descending order of hackitude: > > 1. Ask the nice ftpmaster people to bodge the archive by hand: > 1a. Remove the current shim source and binary packages from > unstable (version 15+1533136590.3beb971-2) > 1b. Copy the older source and binary from buster back into > unstable for us. > 1c. We're not even sure if this is *possible*, let alone a nice > thing to do - thoughts? > 1d. Expecting that this might break all kinds of tools inside and > outside of the archive maybe? And Mark says: "we don't want to go rewinding version numbers in unstable; that could lead to all sorts of unforeseeable breakage. much as we'd expected. Any more feedback please? Cyril prefers approach #2 below, I prefer #3. > OR > > 2. Upload new bodged versions of shim and shim-signed to get us > back to working with the previously-signed shimx64.efi.signed > binary > 2a. Create new shim and shim-signed source packages, along with > matching binary packages. > 2b. These binary packages will contain the *exact* same EFI > binaries as we have in buster but with a higher version number > in the packaging. > 2c. As we cannot *exactly* reproduce the binaries sensibly, we > will have to hand-hack the contents of the binary packages. > 2d. We *know* this is grotty too, but we can at least make this > work entirely at a package level. > 2e. Already tested and working: Cyril has built packages like this > and I have tested the results successfully on my test SB > system here. > > Current versions in buster: > - shim: > - source: 0.9+1474479173.6c180c6-1 > - binary: 0.9+1474479173.6c180c6-1 > - shim-signed: > - source: 1.28+nmu1 > - binary: 1.28+nmu1+0.9+1474479173.6c180c6-1 > > Possible versions targetting sid: > - shim: > - source: 16+1474479173.6c180c6-1 (bumped “epoch-like” N+ > prefix, but same contents as 0.9+1474479173.6c180c6-1) > - binary: 16+1474479173.6c180c6-1 > - shim-signed: > - source: 1.28+nmu2 (new upload to adjust the Depends) > - binary: 1.28+nmu2+16+1474479173.6c180c6-1 > > OR > > 3. Upload new version of the shim-signed source package and a > (lightly) bodged binary package > 3a. Use versions: > - source: 1.28+nmu2 > - binary: 1.28+nmu2+0.9+1474479173.6c180c6-1 > 3b. Needs as build-deps an old version of sbsigntool (0.6-3.2) and > specifically version 0.9+1474479173.6c180c6-1 of shim in the > build chroot > 3c. Then upload source+amd64 > 3d. New shim-signed binary package changes in a few ways: > * new version of the binary now include fbx64.efi.signed and > mmx64.efi.signed (copied across from the shim binary package) > * add Replaces: shim (= 0.9+1474479173.6c180c6-1) so we don't > conflict on those binaries > * remove Depends: shim (the whole point!) > * change Build-Depends to list the specific versions used for > shim and sbsigntool > 3e. Already tested and working. I built this (source and binary > debdiffs attached) and tested OK on SB system > 3f. This package is instantly RC-buggy due to the unavailable > build-deps. We know... -- Steve McIntyre, Cambridge, UK. firstname.lastname@example.org Is there anybody out there?
Description: PGP signature