[Bug 1790709] Re: Backport gnu-efi 3.0.8 to all supported releases for SHIM

Mathieu Trudel-Lapierre mathieu.tl at gmail.com
Tue Sep 11 21:11:40 UTC 2018 

Rebuilds in PPA have all passed -- the failures for efitools are exactly
the same as they previously were and due to EFI not being available (or
sbsigntool, efivar, etc.) on those architectures:

https://launchpad.net/~cyphermox/+archive/ubuntu/rebuild-tests/+packages

In any case, amd64 (the only arch that built for efitools) has not
regressed.

syslinux for bionic needs a patch, which in currently waiting in the
bionic unapproved queue.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to syslinux in Ubuntu.
https://bugs.launchpad.net/bugs/1790709

Title:
  Backport gnu-efi 3.0.8 to all supported releases for SHIM

Status in gnu-efi package in Ubuntu:
  Fix Released
Status in syslinux package in Ubuntu:
  Fix Released
Status in gnu-efi source package in Trusty:
  Fix Committed
Status in gnu-efi source package in Xenial:
  Fix Committed
Status in gnu-efi source package in Bionic:
  Fix Committed
Status in syslinux source package in Bionic:
  New

Bug description:
  [Impact]
  All users on UEFI systems.

  Gnu-efi needs to be backported everywhere to support new shim
  releases. This applies to bionic, xenial, and trusty.

  This is to properly build the new shim releases on these releases of
  Ubuntu.

  [Test cases]
  -- build tests --
  Validate that the following reverse-dependencies build correctly:

  Reverse-Build-Depends-Indep
  ===========================
  * syslinux

  Reverse-Build-Depends
  =====================
  * dell-recovery
  * efitools
  * fwupd
  * fwupdate
  * kexec-tools
  * refind
  * sbsigntool
  * shim
  * systemd

  Rebuild tests will happen in
  https://launchpad.net/~cyphermox/+archive/ubuntu/rebuild-tests

  
  == Functionality tests ==

  Run the following tests after the packages have been rebuilt against
  the new gnu-efi.

  === mokutil ===
  Validate that mokutil can process:
  - Certificate import: mokutil --import <file.der>
  - List enrolled certificates: mokutil --list-enrolled
  - Set verbosity: mokutil --set-verbosity true

  Reboot, and validate that MokManager processes the requested changes.

  
  [Regression potential]
  gnu-efi is a library that supports applications in handling EFI variables in and outside of the runtime environment, along with supporting standard library features for EFI applications. As such, any application that makes uses of EFI variables on a running system or as their own EFI application should be validated against possible corruption of the contents of the variables, as well as doing smoketesting of the EFI applications themselves for incorrect behavior, crashes, and other runtime issues.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnu-efi/+bug/1790709/+subscriptions

More information about the foundations-bugs mailing list