[Bug 1876875] Re: Improve download-signed script to support current & grub2

Launchpad Bug Tracker 1876875 at bugs.launchpad.net
Thu Jun 18 09:21:47 UTC 2020 

This bug was fixed in the package grub2-signed - 1.142.1

---------------
grub2-signed (1.142.1) focal; urgency=medium

  * Support downloads from PPAs for additional signatures. LP: #1876875

 -- Dimitri John Ledkov <xnox at ubuntu.com>  Fri, 24 Apr 2020 23:48:15
+0100

** Changed in: grub2-signed (Ubuntu Focal)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2-signed in Ubuntu.
https://bugs.launchpad.net/bugs/1876875

Title:
  Improve download-signed script to support current & grub2

Status in grub2-signed package in Ubuntu:
  Fix Released
Status in linux-signed package in Ubuntu:
  Fix Committed
Status in s390-tools-signed package in Ubuntu:
  Won't Fix
Status in grub2-signed source package in Focal:
  Fix Released

Bug description:
  [Impact]

   * Improve and generalise download-signed script to allow using it with any signed binaries we care about
   * Add support to download simply the most current version
   * Add support to download /uefi/ signed binaries
   * Clean up arg parsing, add help, drop unused statements & imports.

  [Test Case]

   * Test downloading signed kernel works with public & private archives
   * Test that rebuilt signed .debs are the same

  [Regression Potential]

   * This is a built time script, as long the binaries are downloaded &
  packaged up the same, there is no end-user facing impact.

  [Other Info]

   * With these changes, download-signed script can be used by s390-tools-signed & grub2-signed, as well as all the kernels.
   * This is needed to support resigning with different keys for different ubuntu products. For example, UC20 uses the same grub binaries, but wants an additional trustpath to UC20 CA for grade:secured core images. At the moment creating such a signature is only possible via a round-trip in a PPA.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2-signed/+bug/1876875/+subscriptions

More information about the foundations-bugs mailing list