Bug#836867: marked as done (ITP: sicherboot -- Installs systemd-boot and kernels to ESP, signed for secure boot)
Your message dated Fri, 14 Oct 2016 10:00:19 +0000
with message-id <E1buzHn-0007VJ-9e@franck.debian.org>
and subject line Bug#836867: fixed in sicherboot 0.1.0
has caused the Debian Bug report #836867,
regarding ITP: sicherboot -- Installs systemd-boot and kernels to ESP, signed for secure boot
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
836867: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=836867
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: ITP: sicherboot -- Installs systemd-boot and kernels to ESP, signed for secure boot
- From: Julian Andres Klode <jak@debian.org>
- Date: Tue, 6 Sep 2016 18:23:46 +0200
- Message-id: <20160906182016.GA28115@debian.org>
Package: wnpp
Severity: wishlist
Owner: Julian Andres Klode <jak@debian.org>
* Package name : sicherboot
Version : 0.1.0
Upstream Author : Julian Andres Klode <jak@jak-linux.org>
* URL : https://github.com/julian-klode/sicherboot
* License : MIT
Programming Lang: Shell
Description : Installs systemd-boot and kernels to ESP, signed for secure boot
sicherboot manages kernels and systemd-boot on a secure boot
machine. It installs kernels and systemd-boot, generates signing keys to
enroll in the machine, and signs the kernels and the bootloader with it.
.
The keys used to sign the UEFI binaries are located in /var/lib. If /var/lib
is not encrypted, the whole setup is unsafe: One of the files generated is
rm_PK.auth, which, when written to UEFI, reverts the system to setup mode
where no checks are performed.
.
Currently, the package only supports amd64 architecture. It also has to
divert the /etc/kernel/postinst.d/dracut file and replace it with its
own file that calls the diverted one and updates the ESP afterwards, as
dracut does not support any form of hooks.
Lifting the amd64 restriction requires a bit more work: Triggers
need to be adjusted and the correct EFI binaries need to be found
at run time (for the EFI stub which allows us to merge a kernel
with an initramfs).
--
Debian Developer - deb.li/jak | jak-linux.org - free software dev
When replying, only quote what is necessary, and write each reply
directly below the part(s) it pertains to (`inline'). Thank you.
--- End Message ---
--- Begin Message ---
- To: 836867-close@bugs.debian.org
- Subject: Bug#836867: fixed in sicherboot 0.1.0
- From: Julian Andres Klode <jak@debian.org>
- Date: Fri, 14 Oct 2016 10:00:19 +0000
- Message-id: <E1buzHn-0007VJ-9e@franck.debian.org>
Source: sicherboot
Source-Version: 0.1.0
We believe that the bug you reported is fixed in the latest version of
sicherboot, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 836867@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Julian Andres Klode <jak@debian.org> (supplier of updated sicherboot package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 06 Sep 2016 22:24:52 +0200
Source: sicherboot
Binary: sicherboot
Architecture: source all
Version: 0.1.0
Distribution: unstable
Urgency: low
Maintainer: Julian Andres Klode <jak@debian.org>
Changed-By: Julian Andres Klode <jak@debian.org>
Description:
sicherboot - systemd-boot integration with UEFI secure boot support
Closes: 836867
Changes:
sicherboot (0.1.0) unstable; urgency=low
.
* Initial upload (Closes: #836867)
Checksums-Sha1:
a56779b0b87b1d74dba8a2271a05b6b22ce719b0 1566 sicherboot_0.1.0.dsc
79c8d2fee61e80ca929e563adca7e66592cf4ffb 7236 sicherboot_0.1.0.tar.xz
521d7648bb25fe61b922c72fa3fcc064c8bd07a6 8014 sicherboot_0.1.0_all.deb
Checksums-Sha256:
f09744266aee23c32df61769db9308addbaa73291351d78565e33151e5fe3ecd 1566 sicherboot_0.1.0.dsc
bc978167805b1543c833b6b754b69c284f04847157b567cbef3c0f8d7fea32ea 7236 sicherboot_0.1.0.tar.xz
cd141f6f809adb3bd3bc1a59516a06de247bfbfeb4e10c8946d30c5c868599e9 8014 sicherboot_0.1.0_all.deb
Files:
9da939f1c05ff968e3ee427a4526be45 1566 utils optional sicherboot_0.1.0.dsc
f37314f03b38f02619c4584f8f60b0b0 7236 utils optional sicherboot_0.1.0.tar.xz
3741aec40edd25082770d11807aac471 8014 utils optional sicherboot_0.1.0_all.deb
-----BEGIN PGP SIGNATURE-----
iQIsBAEBCgAWBQJXzyYpDxxqYWtAZGViaWFuLm9yZwAKCRDXPDnlZYCzht66D/0f
53IXgffpp84lFpDPFpwnGlDnFPbj3so2LV/K5v51BN32NlGV/zNRPboiKEi4RExe
vSwN53riXS58Qg+xaXcC+ykvocE7LUT024YOiXIOxQGCnDLQxBVRY7nTjzTl6dUJ
QexVwFhKcJfxnwG5R6XK9V/KSIku1f9afHUwhYukWVJcPX5YDInZlCSkIzswHI1a
GzbbBx3e9YA8F9mP79QHMHqdBuUPWUn4gq64QNcpqGnfUjMNsV0t7Y+OaI7VTile
SGWM6HmGZcSs19hTHPSiIQvKxpdEzx/BToXBlEapsTAQikENw9/exQ8Yy1FLs2UI
ETaQtA3Mkh5fvuDampDf4S9Fapcq3S9jqebj8Azl6gFIZD4AfxFn2OIsjDtqz5nI
1Vd/CDyoy6xU3Oohvo9enWF/hd6cnLqhsBcYaSSpgP+3ktrYVFQoEh91puVTS7Qq
+16irA3pTAdSrlKKI+EfhkQKPxPQXWi0CG7bsVA23XUxurt4Rtl4HHcc8gvTslFH
epXvlusMZoBPlKExQebjzQe6JDXP/Ror+oFHC8kal9KARo3PG6FRVwWcLC4wqkbm
xnfRkSQYMlwnXvct4O+SddKhWvYBK7HBHNIzO0J3DOo1o4Z6orqZAZmCylffrgGP
iOeN4zRTGSR76LmZRYnhQeSKbKoDDRyGF+RQQBd7nA==
=8Uo3
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: