[ubuntu/precise-updates] shim-signed 1.18~12.04.1 (Accepted)

Brian Murray brian at ubuntu.com
Thu Sep 15 18:03:31 UTC 2016

shim-signed (1.18~12.04.1) precise; urgency=medium

  * update-secureboot-policy:  If /proc/sys/kernel/moksbstate_disabled is
    present, prefer this unconditionally over MokSBStateRT.  LP: #1604873.

shim-signed (1.17~12.04.1) precise; urgency=medium

  * Backport shim-signed 1.17 to 12.04. (LP: #1574727)
  * debian/shim-signed.postinst: don't use --target to install the binary.
  * debian/control:
    - soften the Depends on grub-common; since we don't use --target.
    - allow using the backported versions of sbsigntool as a Build-Depends.

shim-signed (1.17) yakkety; urgency=medium

  * update-secureboot-policy: rework setting capabilities to stop having
    the backup capability while showing an error message; which won't affect
    the Dialog debconf frontend but otherwise made the GTK frontend confusing.
  * update-secureboot-policy: all debconf prompts should be at priority
    critical: there is no good default to pick, we must prompt the user.
  * debian/templates: make the password inputs be standard inputs; this is an
    unfortunate workaround to aptdaemon not having access to the debconf
    password database on desktop; since the frontend runs as an unprivileged
    user. See bug LP#1599981 (LP: #1599051)

shim-signed (1.16) yakkety; urgency=medium

  * debian/shim-signed.postinst: call for the trigger on update of shim-signed.

shim-signed (1.15) yakkety; urgency=medium

  * update-secureboot-policy: validate the state of MokSBStateRT against what
    the kernel believes it to be via /proc/sys/kernel/moksbstate_disabled,
    in case we have the kernel which knows about shim's validation policy but
    an old shim that doesn't export MokSBStateRT.

shim-signed (1.14) yakkety; urgency=medium

  * update-secureboot-policy:
    - Make it easier for users to really re-enable Secure Boot via an --enable
    - Don't prompt for action if there are no DKMS packages installed, as per
      checking if there are any subdirectories in /var/lib/dkms.

shim-signed (1.13) yakkety; urgency=medium

  * update-secureboot-policy: have a trigger-ready script available to deal
    with the necessity to change Secure Boot policy on a system.
  * debian/shim-signed.templates: ship the necessary templates for secureboot.
  * debian/shim-signed.postinst: Run our trigger script to update Secure Boot
    policy when necessary at the end of installs, without calling dpkg-trigger

shim-signed (1.12) xenial; urgency=medium

  * debian/control: add Depends on mokutil, to ship a way for users to
    control shim features, such as enrolling new keys.

shim-signed (1.11) wily; urgency=medium

  * Add in an apport package hook for shim-signed and shim. (LP: #1490030)

shim-signed (1.10) wily; urgency=medium

  * Add a versioned dependency on grub2-common, so that partial upgrades from
    Ubuntu 12.04 don't break due to a lack of --target option to grub-install.
    LP: #1474203.

shim-signed (1.9) wily; urgency=medium

  * Update to the signed 0.8-0ubuntu2 binary from Microsoft.

Date: 2016-07-20 23:24:16.588068+00:00
Changed-By: Steve Langasek <steve.langasek at canonical.com>
Signed-By: Brian Murray <brian at ubuntu.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Precise-changes mailing list