[ubuntu/disco-proposed] grub2 2.02+dfsg1-12ubuntu1 (Accepted)
Mathieu Trudel-Lapierre
cyphermox at ubuntu.com
Wed Mar 6 01:07:14 UTC 2019
grub2 (2.02+dfsg1-12ubuntu1) disco; urgency=medium
* Merge against Debian unstable; remaining changes (LP: #564853):
- debian/control: Update Vcs fields for code location on Ubuntu.
- debian/control: Breaks shim (<< 13).
- Secure Boot support: use newer patchset from rhboot repo:
- many linuxefi_* patches added and modified
- dropped debian/patches/linuxefi_require_shim.patch
- renamed: debian/patches/no_insmod_on_sb.patch ->
debian/patches/linuxefi_no_insmod_on_sb.patch
- debian/patches/install_signed.patch, grub-install-extra-removable.patch:
- Make sure if we install shim; it should also be exported as the default
bootloader to install later to a removable path, if we do.
- Rework grub-install-extra-removable.patch to reverse its logic: in the
default case, install the bootloader to /EFI/BOOT, unless we're trying
to install on a removable device, or explicitly telling grub *not* to
do it.
- Install a BOOT.CSV for fallback to use.
- Make sure postinst and templates know about the replacement of
--force-extra-removable with --no-extra-removable.
- debian/patches/add-an-auto-nvram-option-to-grub-install.patch: Add the
--auto-nvram option to grub-install for auto-detecting NVRAM availability
before attempting NVRAM updates.
- debian/build-efi-images: provide a new grub EFI image which enforces that
loaded kernels are signed for Secure Boot: build gsb$arch.efi; which is
the same as grub$arch.efi minus the 'linux' module. Without fallback to
'linux' for unsigned loading, this makes it effectively enforce having a
signed kernel.
- Verify that the current and newer kernels are signed when grub is
updated, to make sure people do not accidentally shutdown without a
signed kernel.
- debian/default/grub: replace GRUB_HIDDEN_* variables with the less
confusing GRUB_TIMEOUT_STYLE=hidden.
- debian/patches/support_initrd-less_boot.patch: Added knobs to allow
non-initrd boot config.
- Disable os-prober for ppc64el on the PowerNV platform, to reduce the
number of entries/clutter from other OSes in Petitboot
- debian/patches/shorter_version_info.patch: Only show the upstream version
in menu and console, and hide the package one in a package_version
variable.
- debian/patches/skip_text_gfxpayload_where_not_supported.patch: Skip the
'text' payload if it's not supported but present in gfxpayload, such as
on EFI systems.
- debian/patches/bufio_sensible_block_sizes.patch: Don't use arbitrary file
fizes as block sizes in bufio: this avoids potentially seeking back in
the files unnecessarily, which may require re-open files that cannot be
seeked into, such as via TFTP.
- debian/patches/ofnet-init-structs-in-bootpath-parser.patch: initialize
structs in bootpath parser.
- debian/rules: shuffle files around for now to keep build artefacts
for signing at the same location as they were expected by Launchpad.
- debian/rules, debian/control: enable dh-systemd.
- debian/grub-common.install.in: install the systemd unit that's part of
initrd fallback handling, missed when the feature landed.
- debian/patches/quick-boot-lvm.patch: If we don't have writable
grubenv and we're on EFI, always show the menu.
- debian/patches/mkconfig_leave_breadcrumbs.patch: make sure grub-mkconfig
leaves a trace of what files were sourced to help generate the config
we're building.
- debian/patches/linuxefi_truncate_overlong_reloc_section.patch: Windows
7 bootloader has inconsistent headers; truncate to the smaller, correct
size to fix chainloading Windows 7.
- debian/patches/linuxefi_fix_relocate_coff.patch: fix typo in
relocate_coff() causing issues with relocation of code in chainload.
- debian/patches/add-initrd-less-boot-fallback.patch: add initrd-less
capabilities. If a kernel fails to boot without initrd, we will fallback
to trying to boot the kernel with an initrd. Patch by Chris Glass.
- debian/patches/grub-reboot-warn.patch: Warn when "for the next
boot only" promise cannot be kept.
* Refreshed patches and fixed up attribution to the right authors after
merge with Debian.
* debian/patches/linuxefi_missing_include.patch,
debian/patches/linuxefi_fixing_more_errors.patch: Apply some additional
small fixes to casts, format strings, includes and Makefile to make sure
the newer linuxefi patches apply and build properly.
grub2 (2.02+dfsg1-12) unstable; urgency=medium
[ Colin Watson ]
* Remove code to migrate grub-pc/install_devices to persistent device
names under /dev/disk/by-id/. This migration happened in
1.98+20100702-1, which was in squeeze (four stable releases ago), so we
no longer need to carry around this complex code.
* Preserve previous answer to grub-pc/install_devices if we have to ask
grub-pc/install_devices_disks_changed and the user chooses not to
install to any devices, so that we can recover from temporary bugs that
cause /dev/disk/by-id/ paths to change (closes: #919029).
* debian/signing-template.json.in: Add trusted_certs key (empty, since
GRUB has no hardcoded list of trusted certificates).
* util: Detect more I/O errors (closes: #922741).
[ Leif Lindholm ]
* arm64/efi: Fix grub_efi_get_ram_base().
[ Steve McIntyre ]
* grub-install: Check for arm-efi as a default target (closes: #922104).
[ James Clarke ]
* osdep/freebsd: Fix partition calculation for EBR entries (closes:
#923253).
grub2 (2.02+dfsg1-11) unstable; urgency=medium
[ Colin Watson ]
* Apply patches from Alexander Graf to set arm64-efi code offset to
EFI_PAGE_SIZE (closes: #919012, LP: #1812317).
* Upgrade to debhelper v10.
* Set Rules-Requires-Root: no.
* Add help and ls modules to signed UEFI images (closes: #919955).
* Fix application of answers from dpkg-reconfigure to /etc/default/grub
(based loosely on a patch by Steve Langasek, for which thanks; closes:
#921702).
[ Steve McIntyre ]
* Make grub-efi-amd64-signed recommend shim-signed (closes: #919067).
[ Jeroen Dekkers ]
* Initialize keyboard in at_keyboard module init if keyboard is ready
(closes: #741464).
[ John Paul Adrian Glaubitz ]
* Include a.out header in assembly of sparc64 boot loader (closes:
#921249).
[ Hervé Werner ]
* Fix setup on Secure Boot systems where cryptodisk is in use (closes:
#917117).
[ Debconf translations ]
* [de] German (Helge Kreutzmann and Holger Wansing; closes: #921018).
grub2 (2.02+dfsg1-10) unstable; urgency=medium
* Apply patch from Heinrich Schuchardt (mentioned in #916695 though
unrelated):
- grub-core/loader/efi/fdt.c: do not copy random memory
* Add luks modules to signed UEFI images (pointed out by Alex Griffin and
Hervé Werner; closes: #908162, LP: #1565950).
* Keep track of the previous version of /usr/share/grub/default/grub and
set UCF_FORCE_CONFFOLD=1 when running ucf if it hasn't changed; ucf
can't figure this out for itself since we apply debconf-based
customisations on top of the template configuration file (closes:
#812574, LP: #564853).
* Backport Xen PVH guest support from upstream (closes: #776450). Thanks
to Hans van Kranenburg for testing.
grub2 (2.02+dfsg1-9) unstable; urgency=medium
[ Colin Watson ]
* Sync Maintainer/Uploaders in debian/signing-template/control.in with the
main packaging.
* Tell reportbug to submit bug reports against unsigned packages rather
than generated signed packages.
* Update Homepage, debian/copyright Source, and debian/watch to use HTTPS.
* Move bash completions to /usr/share/bash-completion/completions/grub and
add appropriate symlinks (closes: #912852).
* Build with GCC 8 (closes: #915735).
[ Leif Lindholm ]
* Apply patch series (mostly) from upstream to switch the arm loader over
to use the arm64 loader code and improve arm/arm64 initrd handling
(closes: #907596, #909420, #915091).
[ Matthew Garrett ]
* Don't enforce Shim signature validation if Secure Boot is disabled.
grub2 (2.02+dfsg1-8) unstable; urgency=medium
* Revise grub-<platform>-bin and grub-<platform> package descriptions to
try to explain better how they fit together and which one should be used
(based loosely on work by Justin B Rye, for which thanks; closes:
#630224).
* Skip flaky grub_cmd_set_date test (closes: #906470).
* Work around bug in obsolete init-select package: add Conflicts/Replaces
from grub-common, and take over /etc/default/grub.d/init-select.cfg with
a no-op stub (thanks to Guillem Jover for the suggestion; closes:
#863801).
* Build-depend on dosfstools and mtools on non-Linux variants of
i386/amd64/arm64 as well, to match debian/rules.
* Cherry-pick from upstream:
- i386/linux: Add support for ext_lfb_base (LP: #1785033).
* Don't source /etc/default/grub.d/*.cfg in config maintainer scripts,
since otherwise we incorrectly merge settings from there into
/etc/default/grub (closes: #872637, LP: #1797894).
* Add xfs module to signed UEFI images (closes: #911147, LP: #1652822).
* Cope with / being on a ZFS root dataset (closes: #886178).
[ Debconf translations ]
* [sv] Swedish (Martin Bagge and Anders Jonsson; closes: #851964).
grub2 (2.02+dfsg1-7) unstable; urgency=medium
* Move kernel maintainer script snippets into grub2-common (thanks,
Bastian Blank; closes: #910959).
* Add cryptodisk and gcry_* modules to signed UEFI images (closes:
#908162, LP: #1565950).
* Remove dh_builddeb override to use xz compression; this has been the
default since dpkg 1.17.0.
grub2 (2.02+dfsg1-6) unstable; urgency=medium
* Only build *-signed packages on their native architecture for now, since
otherwise we end up with clashing source packages (closes: #906596).
* Refer to source packages in Built-Using, not binary packages (closes:
#907483).
Date: Tue, 05 Mar 2019 17:05:09 -0500
Changed-By: Mathieu Trudel-Lapierre <cyphermox at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/grub2/2.02+dfsg1-12ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 05 Mar 2019 17:05:09 -0500
Source: grub2
Architecture: source
Version: 2.02+dfsg1-12ubuntu1
Distribution: disco
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Mathieu Trudel-Lapierre <cyphermox at ubuntu.com>
Closes: 630224 741464 776450 812574 851964 863801 872637 886178 906470 906596 907483 907596 908162 909420 910959 911147 912852 915091 915735 917117 919012 919029 919067 919955 921018 921249 921702 922104 922741 923253
Launchpad-Bugs-Fixed: 564853 1565950 1652822 1785033 1797894 1812317
Changes:
grub2 (2.02+dfsg1-12ubuntu1) disco; urgency=medium
.
* Merge against Debian unstable; remaining changes (LP: #564853):
- debian/control: Update Vcs fields for code location on Ubuntu.
- debian/control: Breaks shim (<< 13).
- Secure Boot support: use newer patchset from rhboot repo:
- many linuxefi_* patches added and modified
- dropped debian/patches/linuxefi_require_shim.patch
- renamed: debian/patches/no_insmod_on_sb.patch ->
debian/patches/linuxefi_no_insmod_on_sb.patch
- debian/patches/install_signed.patch, grub-install-extra-removable.patch:
- Make sure if we install shim; it should also be exported as the default
bootloader to install later to a removable path, if we do.
- Rework grub-install-extra-removable.patch to reverse its logic: in the
default case, install the bootloader to /EFI/BOOT, unless we're trying
to install on a removable device, or explicitly telling grub *not* to
do it.
- Install a BOOT.CSV for fallback to use.
- Make sure postinst and templates know about the replacement of
--force-extra-removable with --no-extra-removable.
- debian/patches/add-an-auto-nvram-option-to-grub-install.patch: Add the
--auto-nvram option to grub-install for auto-detecting NVRAM availability
before attempting NVRAM updates.
- debian/build-efi-images: provide a new grub EFI image which enforces that
loaded kernels are signed for Secure Boot: build gsb$arch.efi; which is
the same as grub$arch.efi minus the 'linux' module. Without fallback to
'linux' for unsigned loading, this makes it effectively enforce having a
signed kernel.
- Verify that the current and newer kernels are signed when grub is
updated, to make sure people do not accidentally shutdown without a
signed kernel.
- debian/default/grub: replace GRUB_HIDDEN_* variables with the less
confusing GRUB_TIMEOUT_STYLE=hidden.
- debian/patches/support_initrd-less_boot.patch: Added knobs to allow
non-initrd boot config.
- Disable os-prober for ppc64el on the PowerNV platform, to reduce the
number of entries/clutter from other OSes in Petitboot
- debian/patches/shorter_version_info.patch: Only show the upstream version
in menu and console, and hide the package one in a package_version
variable.
- debian/patches/skip_text_gfxpayload_where_not_supported.patch: Skip the
'text' payload if it's not supported but present in gfxpayload, such as
on EFI systems.
- debian/patches/bufio_sensible_block_sizes.patch: Don't use arbitrary file
fizes as block sizes in bufio: this avoids potentially seeking back in
the files unnecessarily, which may require re-open files that cannot be
seeked into, such as via TFTP.
- debian/patches/ofnet-init-structs-in-bootpath-parser.patch: initialize
structs in bootpath parser.
- debian/rules: shuffle files around for now to keep build artefacts
for signing at the same location as they were expected by Launchpad.
- debian/rules, debian/control: enable dh-systemd.
- debian/grub-common.install.in: install the systemd unit that's part of
initrd fallback handling, missed when the feature landed.
- debian/patches/quick-boot-lvm.patch: If we don't have writable
grubenv and we're on EFI, always show the menu.
- debian/patches/mkconfig_leave_breadcrumbs.patch: make sure grub-mkconfig
leaves a trace of what files were sourced to help generate the config
we're building.
- debian/patches/linuxefi_truncate_overlong_reloc_section.patch: Windows
7 bootloader has inconsistent headers; truncate to the smaller, correct
size to fix chainloading Windows 7.
- debian/patches/linuxefi_fix_relocate_coff.patch: fix typo in
relocate_coff() causing issues with relocation of code in chainload.
- debian/patches/add-initrd-less-boot-fallback.patch: add initrd-less
capabilities. If a kernel fails to boot without initrd, we will fallback
to trying to boot the kernel with an initrd. Patch by Chris Glass.
- debian/patches/grub-reboot-warn.patch: Warn when "for the next
boot only" promise cannot be kept.
* Refreshed patches and fixed up attribution to the right authors after
merge with Debian.
* debian/patches/linuxefi_missing_include.patch,
debian/patches/linuxefi_fixing_more_errors.patch: Apply some additional
small fixes to casts, format strings, includes and Makefile to make sure
the newer linuxefi patches apply and build properly.
.
grub2 (2.02+dfsg1-12) unstable; urgency=medium
.
[ Colin Watson ]
* Remove code to migrate grub-pc/install_devices to persistent device
names under /dev/disk/by-id/. This migration happened in
1.98+20100702-1, which was in squeeze (four stable releases ago), so we
no longer need to carry around this complex code.
* Preserve previous answer to grub-pc/install_devices if we have to ask
grub-pc/install_devices_disks_changed and the user chooses not to
install to any devices, so that we can recover from temporary bugs that
cause /dev/disk/by-id/ paths to change (closes: #919029).
* debian/signing-template.json.in: Add trusted_certs key (empty, since
GRUB has no hardcoded list of trusted certificates).
* util: Detect more I/O errors (closes: #922741).
.
[ Leif Lindholm ]
* arm64/efi: Fix grub_efi_get_ram_base().
.
[ Steve McIntyre ]
* grub-install: Check for arm-efi as a default target (closes: #922104).
.
[ James Clarke ]
* osdep/freebsd: Fix partition calculation for EBR entries (closes:
#923253).
.
grub2 (2.02+dfsg1-11) unstable; urgency=medium
.
[ Colin Watson ]
* Apply patches from Alexander Graf to set arm64-efi code offset to
EFI_PAGE_SIZE (closes: #919012, LP: #1812317).
* Upgrade to debhelper v10.
* Set Rules-Requires-Root: no.
* Add help and ls modules to signed UEFI images (closes: #919955).
* Fix application of answers from dpkg-reconfigure to /etc/default/grub
(based loosely on a patch by Steve Langasek, for which thanks; closes:
#921702).
.
[ Steve McIntyre ]
* Make grub-efi-amd64-signed recommend shim-signed (closes: #919067).
.
[ Jeroen Dekkers ]
* Initialize keyboard in at_keyboard module init if keyboard is ready
(closes: #741464).
.
[ John Paul Adrian Glaubitz ]
* Include a.out header in assembly of sparc64 boot loader (closes:
#921249).
.
[ Hervé Werner ]
* Fix setup on Secure Boot systems where cryptodisk is in use (closes:
#917117).
.
[ Debconf translations ]
* [de] German (Helge Kreutzmann and Holger Wansing; closes: #921018).
.
grub2 (2.02+dfsg1-10) unstable; urgency=medium
.
* Apply patch from Heinrich Schuchardt (mentioned in #916695 though
unrelated):
- grub-core/loader/efi/fdt.c: do not copy random memory
* Add luks modules to signed UEFI images (pointed out by Alex Griffin and
Hervé Werner; closes: #908162, LP: #1565950).
* Keep track of the previous version of /usr/share/grub/default/grub and
set UCF_FORCE_CONFFOLD=1 when running ucf if it hasn't changed; ucf
can't figure this out for itself since we apply debconf-based
customisations on top of the template configuration file (closes:
#812574, LP: #564853).
* Backport Xen PVH guest support from upstream (closes: #776450). Thanks
to Hans van Kranenburg for testing.
.
grub2 (2.02+dfsg1-9) unstable; urgency=medium
.
[ Colin Watson ]
* Sync Maintainer/Uploaders in debian/signing-template/control.in with the
main packaging.
* Tell reportbug to submit bug reports against unsigned packages rather
than generated signed packages.
* Update Homepage, debian/copyright Source, and debian/watch to use HTTPS.
* Move bash completions to /usr/share/bash-completion/completions/grub and
add appropriate symlinks (closes: #912852).
* Build with GCC 8 (closes: #915735).
.
[ Leif Lindholm ]
* Apply patch series (mostly) from upstream to switch the arm loader over
to use the arm64 loader code and improve arm/arm64 initrd handling
(closes: #907596, #909420, #915091).
.
[ Matthew Garrett ]
* Don't enforce Shim signature validation if Secure Boot is disabled.
.
grub2 (2.02+dfsg1-8) unstable; urgency=medium
.
* Revise grub-<platform>-bin and grub-<platform> package descriptions to
try to explain better how they fit together and which one should be used
(based loosely on work by Justin B Rye, for which thanks; closes:
#630224).
* Skip flaky grub_cmd_set_date test (closes: #906470).
* Work around bug in obsolete init-select package: add Conflicts/Replaces
from grub-common, and take over /etc/default/grub.d/init-select.cfg with
a no-op stub (thanks to Guillem Jover for the suggestion; closes:
#863801).
* Build-depend on dosfstools and mtools on non-Linux variants of
i386/amd64/arm64 as well, to match debian/rules.
* Cherry-pick from upstream:
- i386/linux: Add support for ext_lfb_base (LP: #1785033).
* Don't source /etc/default/grub.d/*.cfg in config maintainer scripts,
since otherwise we incorrectly merge settings from there into
/etc/default/grub (closes: #872637, LP: #1797894).
* Add xfs module to signed UEFI images (closes: #911147, LP: #1652822).
* Cope with / being on a ZFS root dataset (closes: #886178).
.
[ Debconf translations ]
* [sv] Swedish (Martin Bagge and Anders Jonsson; closes: #851964).
.
grub2 (2.02+dfsg1-7) unstable; urgency=medium
.
* Move kernel maintainer script snippets into grub2-common (thanks,
Bastian Blank; closes: #910959).
* Add cryptodisk and gcry_* modules to signed UEFI images (closes:
#908162, LP: #1565950).
* Remove dh_builddeb override to use xz compression; this has been the
default since dpkg 1.17.0.
.
grub2 (2.02+dfsg1-6) unstable; urgency=medium
.
* Only build *-signed packages on their native architecture for now, since
otherwise we end up with clashing source packages (closes: #906596).
* Refer to source packages in Built-Using, not binary packages (closes:
#907483).
Checksums-Sha1:
15dec8753d69550d9b02b98519c75faa98739065 6900 grub2_2.02+dfsg1-12ubuntu1.dsc
85b5454692d7948a24a940c18b96ed0b0932d517 1157444 grub2_2.02+dfsg1-12ubuntu1.debian.tar.xz
806b799048c082f58f84b7b16a0d5a627258cf80 15318 grub2_2.02+dfsg1-12ubuntu1_source.buildinfo
Checksums-Sha256:
efd327e487ba47a7907ac9fdb8a85ee0c9096dab6e0a0609b58875350e09210e 6900 grub2_2.02+dfsg1-12ubuntu1.dsc
b9ba1ac90ed2e8cde97e7ee8f2c27930c6bc90d89a62cb214be34633a8bb6d22 1157444 grub2_2.02+dfsg1-12ubuntu1.debian.tar.xz
99b265797e13941a11299d5cf8610f70a1c1e993dcad4f71bd9d25bb5526fca7 15318 grub2_2.02+dfsg1-12ubuntu1_source.buildinfo
Files:
b09a5265e496613bf83b6af6d08a7887 6900 admin optional grub2_2.02+dfsg1-12ubuntu1.dsc
b1bc84fdbe72c384963d7031a2dabdb2 1157444 admin optional grub2_2.02+dfsg1-12ubuntu1.debian.tar.xz
ffab08d1fd2aa69e2ed4d9575e91e03c 15318 admin optional grub2_2.02+dfsg1-12ubuntu1_source.buildinfo
Original-Maintainer: GRUB Maintainers <pkg-grub-devel at alioth-lists.debian.net>
-----BEGIN PGP SIGNATURE-----
iQJJBAEBCgAzFiEEkD8wCvN9L2OcLX06AGlaQEyevacFAlx+83MVHGN5cGhlcm1v
eEB1YnVudHUuY29tAAoJEABpWkBMnr2nAloP/jo14IDdPq9ksVC/eukmSz+TZWi/
qpVBr5a6bA6g+q4zltPOD2AsEpTeuJYxpLuymXOAAYS1QoFiJ8kULQemxytNZzHO
Tiho5he6wVJe9wufT6SLLxOke3EU0uA7ENysuoBweoELHQHKV2R0Ox8d+6pEg6Uy
QuK9KfRpqLGpXkOSN7cq2FccF61U/SM5k7RBLn1hfdNI9QZ/Xib0NGyzD0NQXNjL
AhGju/kW8Xo+VyWon9RnO+qvngUTE7PDmsaOZ/917LqYQXXGivCC3zljwFazyeU9
v6UhiSxW/V+/oUYXq9r5kVFmLKjX/6W7y05us8hCPKaaCQ3wmlVmznT/V4C+OF5A
MTptJgITAphGMrFusjwaF5NcBPq2TRUaFCJ313XgeFW3A3VjszpBNyj5Mvd+lEIg
isyMgGSw8W3XtISFzGN3yRe+40W4Ldi5o/Kz5/9l25MDP8/OT9mUPfy5fsGJadmR
hHs3yAb5fe/ncv4i5/d9t4X9DzFcsOj8u3WEc/xqj3+3iQclwFb4kMFnUKjixY3R
90R7TIMMZyUbgjWhIzl96ihkyoge9umEvxYibCrU8JtO0NZNOhl+eMIg4IeYVFLJ
SfCm7uH4B4eNi/rA2GEAzrZDBqYBXQsUq463110WzoPzUcMW+Bbj5h4tBadI1vl1
rVSnstcbeMMIAFFs
=PvRM
-----END PGP SIGNATURE-----
More information about the Disco-changes
mailing list