[Bug 1797011] Re: [FFE] Update mokutil to fb6250f2

Brian Murray brian at ubuntu.com
Tue Oct 23 21:54:49 UTC 2018 

Hello Mathieu, or anyone else affected,

Accepted mokutil into bionic-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/mokutil/0.3.0+1538710437.fb6250f-
0ubuntu2~18.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.  Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested and change the tag from
verification-needed-bionic to verification-done-bionic. If it does not
fix the bug for you, please add a comment stating that, and change the
tag to verification-failed-bionic. In either case, without details of
your testing we will not be able to proceed.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance for helping!

N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.

** Changed in: mokutil (Ubuntu Bionic)
       Status: New => Fix Committed

** Tags added: verification-needed verification-needed-bionic

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to mokutil in Ubuntu.
Matching subscriptions: mokutil-bugs
https://bugs.launchpad.net/bugs/1797011

Title:
  [FFE] Update mokutil to fb6250f2

Status in mokutil package in Ubuntu:
  Fix Released
Status in mokutil source package in Bionic:
  Fix Committed

Bug description:
  [Impact]
  All Ubuntu users on UEFI systems

  [Test case]

  == Disabling timeout ==
  1) Run 'sudo mokutil --timeout -1'.
  2) Run 'sudo mokutil --reset' (or another command that requires user interaction in MokManager)
  2) On reboot, validate that MokManager does not show a timeout screen, and instead immediately stops at the menu.

  == Changing timeout ==
  1) Run 'sudo mokutil --timeout 666'.
  2) Run 'sudo mokutil --reset' (or another command that requires user interaction in MokManager)
  2) On reboot, validate that MokManager shows a timer of 666 seconds before continuing to reboot, waiting for user input.

  == Exporting keys ==
  1) Run 'sudo mokutil --export --db'; 'sudo mokutil --export --kek', etc.
  2) Validate that mokutil allows exporting the contents of DB, KEK, etc.

  [Regression potential]
  This affects the userland tool used to communicate tasks to have done by MokManager at early boot. As such, any failure to enroll certificates, to disable validation in shim, to export keys or list keys should be investigated as possible regressions caused by this update.

  ---

  Update mokutil to a git snapshot of fb6250f2.

  Changes since cca7219 (current git snapshot in cosmic):

  fb6250f Update TODO
  af2387a Rename export_moks as export_db_keys
  4efbb0e Add support for exporting other keys
  f0217e5 add new --mok argument
  73c045b set list-enrolled command as default for some arguments
  382ba20 Add more info to --sb-state: show when we're in SetupMode or with shim validation disabled
  303ee33 Correct help: --set-timeout is really --timeout
  385a7dd generate_hash() / generate_pw_hash(): don't use strlen() for strncpy bounds
  c8b26c2 Add the type casting to silence the warning

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mokutil/+bug/1797011/+subscriptions

More information about the foundations-bugs mailing list