[Bug 1915536] Re: one grub
Dimitri John Ledkov
1915536 at bugs.launchpad.net
Fri Feb 19 23:51:51 UTC 2021
** Description changed:
[Impact]
* The proposal is to rename modules in -bin to be shipped in the
$platfrom-unsigned directory.
* And make -signed-bin package ship modules
* And add dependency from the -bin onto > -signed-bin (>= $grub2-signed
stem)
* This allows allows in the future for grub2-signed to pull appropriate
grub modules for a given distro. For example, using 2.04 modules &
signed images from focal on bionic to gain support for TPM verifies and
other EFI platform specific developments without affecting userspace
grub tooling.
[Caveats]
- * In devel series, keep grub2 submitting things for signing SB_SUBMIT :=
- yes
+ * In devel series, keep grub2 submitting things for signing by setting
+ SB_SUBMIT := yes
* With every new upload bump the version number of the -signed-bin (>=
$grub2-signed-ver) package, to the expected one from grub2-signed.
- * Upload new grub2-signed, vendoring the desired signed grub2
+ * Upload new grub2-signed with the version set above or higher,
+ vendoring the desired signed grub2.
--
- In stable series, disable submitting signing SB_SUBMIT := no
+ In stable series to disable submitting signing set SB_SUBMIT := no.
+
+ Then one can upload grub2-signed first, followed by grub2.
Upload grub2 to bump the version number of the -signed-bin (>= $grub2
-signed-ver) dependency, to the expected one from grub2-signed.
Upload new grub2-signed pulling whichever signed grub from whichever
series as needed.
-
[Test Case]
* Upgrade to new grub-efi-amd64-bin and grub-efi-amd64-signed packages
* Observe that system boots, one can use grub-mkimage / grub-mkrescue
without issues.
[Where problems could occur]
* The binaries shipped by -signed packages are innert, they are
bootloader binaries only. The only compatibility that has to be
maintained is within the userspace tooling - specifically maintainer
scripts, and file names and locations.
[Other Info]
* See all the bug reports that grub can't be installed or upgraded when
people use -proposed.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2-signed in Ubuntu.
https://bugs.launchpad.net/bugs/1915536
Title:
one grub
Status in grub2 package in Ubuntu:
New
Status in grub2-signed package in Ubuntu:
New
Bug description:
[Impact]
* The proposal is to rename modules in -bin to be shipped in the
$platfrom-unsigned directory.
* And make -signed-bin package ship modules
* And add dependency from the -bin onto > -signed-bin (>=
$grub2-signed stem)
* This allows allows in the future for grub2-signed to pull
appropriate grub modules for a given distro. For example, using 2.04
modules & signed images from focal on bionic to gain support for TPM
verifies and other EFI platform specific developments without
affecting userspace grub tooling.
[Caveats]
* In devel series, keep grub2 submitting things for signing by setting
SB_SUBMIT := yes
* With every new upload bump the version number of the -signed-bin (>=
$grub2-signed-ver) package, to the expected one from grub2-signed.
* Upload new grub2-signed with the version set above or higher,
vendoring the desired signed grub2.
--
In stable series to disable submitting signing set SB_SUBMIT := no.
Then one can upload grub2-signed first, followed by grub2.
Upload grub2 to bump the version number of the -signed-bin (>= $grub2
-signed-ver) dependency, to the expected one from grub2-signed.
Upload new grub2-signed pulling whichever signed grub from whichever
series as needed.
[Test Case]
* Upgrade to new grub-efi-amd64-bin and grub-efi-amd64-signed
packages
* Observe that system boots, one can use grub-mkimage / grub-mkrescue
without issues.
[Where problems could occur]
* The binaries shipped by -signed packages are innert, they are
bootloader binaries only. The only compatibility that has to be
maintained is within the userspace tooling - specifically maintainer
scripts, and file names and locations.
[Other Info]
* See all the bug reports that grub can't be installed or upgraded
when people use -proposed.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1915536/+subscriptions
More information about the foundations-bugs
mailing list