[Bug 1700170] Re: backport shim-signed 1.30 from artful to supported releases

Thu Jul 13 20:54:38 UTC 2017

Hello Mathieu, or anyone else affected,

Accepted shim-signed into zesty-proposed. The package will build now and
be available at https://launchpad.net/ubuntu/+source/shim-
signed/1.32~17.04.1 in a few hours, and then in the -proposed
repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested and change the tag from
verification-needed-zesty to verification-done-zesty. If it does not fix
the bug for you, please add a comment stating that, and change the tag
to verification-failed-zesty. In either case, details of your testing
will help us make a better decision.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance!

** Changed in: shim-signed (Ubuntu Zesty)
       Status: New => Fix Committed

** Tags added: verification-needed verification-needed-zesty

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to shim-signed in Ubuntu.
https://bugs.launchpad.net/bugs/1700170

Title:
  backport shim-signed 1.30 from artful to supported releases

Status in shim-signed package in Ubuntu:
  Fix Released
Status in shim-signed source package in Zesty:
  Fix Committed

Bug description:
  [Impact]
  shim-signed ships the signed shim$arch.efi binary that goes with the shim package available in each release, which should remain synchronized across all supported releases as to make sure the security sensitive binary can be appropriately supported.

  shim-signed also ships some additional bits that are useful to go
  along with the shim binary; and this is what is actually targetted on
  this SRU: shim itself does not change, but in the interest of making
  support as easy as possible, the supporting files shipped with it are
  also kept synchronized across releases.

  These files are the following:
   - an apport hook, useful to let users report issues in updating the Boot Entries on their firmware, debugging upgrade issues, etc; and provides critical information about the system on which a bug is reported about the state of that system's EFI firmware: whether EFI validation is enabled, whether Secure Boot is enabled, whether it was properly started by the kernel;
   - a BOOT$arch.CSV file, to be installed by grub2 if present, where grub2 has that feature (in artful only), or to be installed manually by the user if wanted. This file is a text file that provides the location of shim on a system when running the shim fallback binary (also not installed prior to artful).

  [Test case]
  See the other closed bugs for this backport, which include their own test cases.

  == boot.csv ==
  1) Verify that /usr/lib/shim/BOOTX64.CSV contains:
  shimx64.efi,ubuntu,,This is the boot entry for Ubuntu

  [Regression potential]
  See the other closed bugs for this backport, which include their own test cases.

  Shipping the BOOT$arch.CSV file alone has no risk of regression, it
  constitutes a single text file shipped in a location where it is not
  used; it is only contained in the backport to simplify keeping the
  shim-signed packages synchronized.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shim-signed/+bug/1700170/+subscriptions