]>
git.proxmox.com Git - shim-signed.git/log
Fabian Grünbichler [Wed, 3 Jul 2024 10:14:05 +0000 (12:14 +0200)]
bump version to 1.44+pmx1
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fabian Grünbichler [Wed, 3 Jul 2024 10:13:22 +0000 (12:13 +0200)]
Merge tag 'debian/1.44' into proxmox/bookworm
releasing package shim-signed version 1.44
Steve McIntyre [Wed, 3 Jul 2024 00:09:32 +0000 (01:09 +0100)]
Release 1.44
With helpful fixes from Fabian Grünbichler
Steve McIntyre [Wed, 3 Jul 2024 00:05:26 +0000 (00:05 +0000)]
Merge branch 'fix-build' into 'master'
fix shim-helpers substvar handling
See merge request efi-team/shim-signed!2
Fabian Grünbichler [Mon, 1 Jul 2024 07:03:12 +0000 (09:03 +0200)]
d/rules: import architecture.mk earlier
else DEB_HOST_ARCH is not potentially not yet set and some invocations might
print a spurious warning.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fabian Grünbichler [Mon, 1 Jul 2024 07:01:53 +0000 (09:01 +0200)]
ensure shim-helpers is installed in build environment
else the dpkg-query doesn't work.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Steve McIntyre [Sat, 29 Jun 2024 12:00:24 +0000 (13:00 +0100)]
Fix broken usage of dpkg-query
Fabian Grünbichler [Fri, 28 Jun 2024 07:57:11 +0000 (09:57 +0200)]
bump version to 1.42+pmx1
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fabian Grünbichler [Fri, 28 Jun 2024 07:56:36 +0000 (09:56 +0200)]
Merge tag 'debian/1.42' into proxmox/bookworm
releasing package shim-signed version 1.42
Steve McIntyre [Thu, 27 Jun 2024 23:40:46 +0000 (00:40 +0100)]
Tweak versioning in runtime dependencies
using substvars to make things more automatic in future.
Fabian Grünbichler [Thu, 27 Jun 2024 07:21:59 +0000 (09:21 +0200)]
bump version to 1.41+pmx1
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Steve McIntyre [Wed, 26 Jun 2024 21:04:09 +0000 (22:04 +0100)]
Release shim-signed 1.41 for sid
Steve McIntyre [Wed, 26 Jun 2024 20:59:01 +0000 (21:59 +0100)]
Remove obsolete override for shimia32.efi.signed
Steve McIntyre [Wed, 26 Jun 2024 20:57:09 +0000 (21:57 +0100)]
Switch from debian/compat to build-dep on debhelper-compat (= 13)
Steve McIntyre [Wed, 26 Jun 2024 20:44:14 +0000 (21:44 +0100)]
New signed binaries corresponding to 15.8-1
Update build-dep on shim-unsigned to use 15.8-1.
Update SBAT to revoke grub binaries with sbat < 4.
Stop building for i386.
Fabian Grünbichler [Wed, 5 Jun 2024 10:48:00 +0000 (12:48 +0200)]
bump version to 1.40+pmx1
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fabian Grünbichler [Wed, 5 Jun 2024 10:47:35 +0000 (12:47 +0200)]
d/control: update shim and grub versions
and drop non-amd64 variants there as well.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Steve McIntyre [Fri, 4 Aug 2023 10:24:39 +0000 (11:24 +0100)]
Add Romanian translation for debconf templates
thanks to Remus-Gabriel Chelu. Closes: #
1039090
Steve McIntyre [Fri, 4 Aug 2023 10:05:13 +0000 (11:05 +0100)]
Stop recommending secureboot-db, we don't have that package
Closes: #1042964, #1041449, #932358
Fabian Grünbichler [Wed, 5 Jun 2024 10:42:30 +0000 (12:42 +0200)]
update to signed shim 15.8
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fabian Grünbichler [Mon, 20 Nov 2023 10:31:22 +0000 (11:31 +0100)]
bump version to 1.39+pmx1
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Fabian Grünbichler [Mon, 20 Nov 2023 10:23:47 +0000 (11:23 +0100)]
adapt packaging to Proxmox
- set Maintainer and repo URLs
- delete arch files we don't currently ship
- add our first signed shim binary
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Steve McIntyre [Fri, 4 Aug 2023 10:24:39 +0000 (11:24 +0100)]
Add Romanian translation for debconf templates
thanks to Remus-Gabriel Chelu. Closes: #
1039090
Steve McIntyre [Fri, 4 Aug 2023 10:05:13 +0000 (11:05 +0100)]
Stop recommending secureboot-db, we don't have that package
Closes: #1042964, #1041449, #932358
Steve McIntyre [Thu, 9 Mar 2023 01:00:02 +0000 (01:00 +0000)]
Tweak dependencies between packages
Steve McIntyre [Wed, 8 Mar 2023 22:32:34 +0000 (22:32 +0000)]
Add some Closes:, let's kill some bugs! :-)
Steve McIntyre [Wed, 8 Mar 2023 22:31:36 +0000 (22:31 +0000)]
Add pt_BR translation, thanks to Paulo Henrique de Lima Santana
Closes: #1026415
Steve McIntyre [Thu, 23 Feb 2023 22:43:04 +0000 (22:43 +0000)]
postinst/postrm: make config_item() more robust
Steve McIntyre [Sat, 18 Feb 2023 00:51:19 +0000 (00:51 +0000)]
Update Depends on grub2-common
Steve McIntyre [Sat, 18 Feb 2023 00:21:56 +0000 (00:21 +0000)]
Tweak changelog
Steve McIntyre [Sat, 18 Feb 2023 00:12:40 +0000 (00:12 +0000)]
Verify on all arches now
Steve McIntyre [Sat, 18 Feb 2023 00:09:43 +0000 (00:09 +0000)]
Remove the NEWS file, now we have working arm64 shim-signed
Steve McIntyre [Fri, 17 Feb 2023 13:39:35 +0000 (13:39 +0000)]
Fix up lintian overrides
Steve McIntyre [Fri, 17 Feb 2023 13:32:41 +0000 (13:32 +0000)]
New signed binaries corresponding to 15.7-1
We now have arm64 signed shims again \o/
Closes: #1008942, #992073
Pulls multiple other bugfixes in for the signed version:
Make sbat_var.S parse right with buggy gcc/binutils
Enable NX support at build time, as required by policy for signing
new shim binaries.
Update build-dep on shim-unsigned to use 15.7-1
Block Debian grub binaries with sbat < 4 (see #
1024617 )
Steve McIntyre [Mon, 12 Jul 2021 11:51:22 +0000 (12:51 +0100)]
Update build-dep on shim-unsigned to use 15.4-7
Steve McIntyre [Mon, 12 Jul 2021 11:48:44 +0000 (12:48 +0100)]
Tweak how we call grub-install; don't abort on error
Not ideal behaviour either, but don't break upgrades. Copy the
behaviour from the grub packages here. Closes: #990984
Steve McIntyre [Tue, 29 Jun 2021 10:54:11 +0000 (11:54 +0100)]
New signed binaries based on shim 15.4-6
Pulls multiple bugfixes in for the signed version:
* Add arm64 patch to tweak section layout and stop crashing
problems. Upstream issue #371. (#990082, #990190)
* In insecure mode, don't abort if we can't create the MokListXRT
variable. Upstream issue #372. (#989962, #990158)
Update build-dep on shim-unsigned to use 15.4-6~deb10u1
Steve McIntyre [Sun, 9 May 2021 00:00:36 +0000 (01:00 +0100)]
Fix duplicated word in the NEWS file
Steve McIntyre [Wed, 5 May 2021 23:54:04 +0000 (00:54 +0100)]
Update build-dep on shim-unsigned to use 15.4-5
Steve McIntyre [Wed, 5 May 2021 23:52:51 +0000 (00:52 +0100)]
Add defensive code around calls to db_get
Don't fail if they return errors. Closes: #988114
Steve McIntyre [Tue, 4 May 2021 17:48:00 +0000 (18:48 +0100)]
Update build-dep on shim-unsigned
Steve McIntyre [Tue, 4 May 2021 16:38:45 +0000 (17:38 +0100)]
Fix the old doc links for shim-signed. Closes: #988057
Steve McIntyre [Tue, 4 May 2021 16:37:50 +0000 (17:37 +0100)]
If we're not running on an EFI system then exit cleanly
in postinst and postrm. We have nothing to do here. Closes: #988059
Steve McIntyre [Tue, 4 May 2021 16:35:56 +0000 (17:35 +0100)]
Add explicit dependency from shim-signed to shim-signed-common
Closes: #988047, #988056
Steve McIntyre [Mon, 3 May 2021 19:13:01 +0000 (20:13 +0100)]
Release shim-signed 1.34 for sid
Steve McIntyre [Mon, 3 May 2021 17:31:45 +0000 (18:31 +0100)]
Add a NEWS file for shim-signed to talk about arm64
As it's in the package now, no need to link to the wiki.
Steve McIntyre [Mon, 3 May 2021 15:07:03 +0000 (16:07 +0100)]
This upload closes #987991 as well
Steve McIntyre [Mon, 3 May 2021 15:03:31 +0000 (16:03 +0100)]
Document the maint script changes in the changelog
Steve McIntyre [Mon, 3 May 2021 14:54:46 +0000 (15:54 +0100)]
Only run grub-install if we're actually running on an EFI system
Try to avoid errors if people are doing weird things
Steve McIntyre [Mon, 3 May 2021 14:51:21 +0000 (15:51 +0100)]
Move grub-install bits from the -common postinst
There's no guarantee that it will be called when needed, so switch to
the binary packages instead.
Steve McIntyre [Mon, 3 May 2021 13:58:34 +0000 (14:58 +0100)]
Also add a shim-signed.postrm
Similarly to the postinst, we need to call grub-install to ensure the
boot chain is correct. If we're being remove, *again* work out the
right grub EFI target arch and the grub-install options so we can call
grub-install safely.
Also: grub-install won't clean up after us if we've been uninstalled,
so also go and remove the shim binary from the ESP.
Steve McIntyre [Mon, 3 May 2021 13:52:04 +0000 (14:52 +0100)]
Important bugfixes for shim-signed-common.postinst
As we're calling grub-install and specifying the target EFI arch, make
sure that we're using the *right* EFI arch. If we're on a mixed-mode
x86 system (32-bit UEFI, 64-bit CPU), that means that we need to be
specifying i386-efi here.
Also check to see if grub-efi has been configured to use
--force-extra-removable or --no-nvram. If we're calling grub-install
here, then it's important we follow the same rules or we may end up
breaking installations. :-/
Steve McIntyre [Mon, 3 May 2021 13:27:26 +0000 (14:27 +0100)]
Fix typo
Steve McIntyre [Fri, 30 Apr 2021 20:07:15 +0000 (21:07 +0100)]
Fix command-line arguments for dh_gencontrol
The arguments going to dh_gencontrol need to e before the -- , doh!
Steve McIntyre [Fri, 30 Apr 2021 20:03:54 +0000 (21:03 +0100)]
Typo fix - remove space
Steve McIntyre [Fri, 30 Apr 2021 18:30:50 +0000 (19:30 +0100)]
Add Spanish translation for debconf templates
Thanks to Camaleón. Closes: #987339
Steve McIntyre [Fri, 30 Apr 2021 18:26:41 +0000 (19:26 +0100)]
Tweak dh_install* usage for docs
Newer versions of debhelper are not happy about setting up
cross-package links for (e.g.) copyright and changelog files between
binary-any and binary-all packages. Stop trying to do that now, just
include them in both the shim-signed and shim-signed-common packages
separately.
Steve McIntyre [Fri, 30 Apr 2021 18:24:54 +0000 (19:24 +0100)]
Don't include apport stuff in the Debian build, it's not useful
Steve McIntyre [Fri, 30 Apr 2021 18:23:18 +0000 (19:23 +0100)]
Tweak the Makefile setup
"make check" should not matter in terms of the package build.
Closes: #936002
Steve McIntyre [Fri, 30 Apr 2021 18:21:46 +0000 (19:21 +0100)]
The new shim build means we can close #971129
Steve McIntyre [Thu, 29 Apr 2021 21:08:19 +0000 (22:08 +0100)]
Tweak arm64 building a lot
And various other minor packaging tweaks
Add a different description at package build time to warn users that
shim-signed on arm64 is *not* actually signed. Add a doc link to the
wiki for more details.
Comment out a lintian override for arm64
Steve McIntyre [Wed, 28 Apr 2021 21:50:58 +0000 (22:50 +0100)]
Add the new signed binaries based on 15.4-2
Steve McIntyre [Sun, 9 Jun 2019 16:33:07 +0000 (17:33 +0100)]
Prepare 1.33 release
Steve McIntyre [Sun, 9 Jun 2019 16:29:42 +0000 (17:29 +0100)]
Ignore generated files
Steve McIntyre [Sun, 9 Jun 2019 16:17:24 +0000 (17:17 +0100)]
Display the sha256sums of the binaries as we check them
Steve McIntyre [Sun, 9 Jun 2019 15:54:15 +0000 (16:54 +0100)]
Drop the hard-coded version in Built-Using
Pick up the version of shim we're using properly.
Steve McIntyre [Sun, 9 Jun 2019 13:39:15 +0000 (14:39 +0100)]
Update to use the new signed binaried
* Build against new signed binaries corresponding to
15+
1533136590 .
3beb971 -7
* Update Build-Depends and Depends to match. Closes: #928107
Steve McIntyre [Sun, 9 Jun 2019 10:37:46 +0000 (11:37 +0100)]
New signed binaries from Microsoft
From "Signed_14173467011297444.zip"
Correspond to sources from shim-unsigned 15+
1533136590 .
3beb971 -7
Steve McIntyre [Tue, 28 May 2019 13:33:08 +0000 (14:33 +0100)]
Prepare 1.32 release
Steve McIntyre [Tue, 28 May 2019 13:27:03 +0000 (14:27 +0100)]
Add Breaks/Replaces to shim-signed-common
For update-secureboot-policy etc. Closes: #929673
Steve McIntyre [Mon, 27 May 2019 22:24:13 +0000 (23:24 +0100)]
Remove doc link used to quieten old lintian versions
Steve McIntyre [Mon, 27 May 2019 22:02:30 +0000 (23:02 +0100)]
Prepare 1.31 release
Steve McIntyre [Mon, 27 May 2019 21:58:24 +0000 (22:58 +0100)]
Move the translation bits to the -common package
Steve McIntyre [Mon, 27 May 2019 21:35:14 +0000 (22:35 +0100)]
Updated Dutch translation
Closes: #917580, #926664, thanks to Frans Spiesschaert
Steve McIntyre [Mon, 27 May 2019 21:29:16 +0000 (22:29 +0100)]
Add Russian translation
Closes: #922229, thanks to Lev Lamberov
Steve McIntyre [Mon, 27 May 2019 21:19:31 +0000 (22:19 +0100)]
Add Swedish translation
Closes: #921410, thanks to Matrin Bagge
Steve McIntyre [Mon, 27 May 2019 21:16:26 +0000 (22:16 +0100)]
Add Italian translation
Closes: #915993, thanks to Beatrice Torracca
Steve McIntyre [Mon, 27 May 2019 21:11:51 +0000 (22:11 +0100)]
Separate the helper scripts into a new shim-signed-common package
Separate this from the actual signed shim binaries so that we can
sensibly support co-installability using Multi-Arch. Closes: #928486
Steve McIntyre [Sat, 25 May 2019 01:26:17 +0000 (02:26 +0100)]
fix error if /var/lib/dkms does not exist. Closes: #923718
Steve McIntyre [Mon, 22 Apr 2019 23:02:58 +0000 (00:02 +0100)]
Release 1.30
Steve McIntyre [Mon, 22 Apr 2019 23:02:04 +0000 (00:02 +0100)]
Force the built-using version to be 15+
1533136590 .
3beb971 -6
That *does* match the source we've used, we're only using -5 due to
toolchain changes elsewhere. dak rejected us when using -5. Ick :-(
Steve McIntyre [Mon, 22 Apr 2019 21:58:02 +0000 (22:58 +0100)]
Really release 1.29
Steve McIntyre [Mon, 22 Apr 2019 21:57:26 +0000 (22:57 +0100)]
Update Standards-Version to 4.3.0
No changes needed...
Steve McIntyre [Mon, 22 Apr 2019 21:54:47 +0000 (22:54 +0100)]
Add lintian overrides for source-contains-prebuilt-windows-binary
Nothing we can do about this - this is how the package works!
Steve McIntyre [Mon, 22 Apr 2019 21:36:27 +0000 (22:36 +0100)]
Add Vcs-* fields for the shim-signed repo on salsa
Steve McIntyre [Mon, 22 Apr 2019 21:36:01 +0000 (22:36 +0100)]
Explain why we need a newer version of sbsigntool
Steve McIntyre [Mon, 22 Apr 2019 17:08:21 +0000 (18:08 +0100)]
Install the correct binary for this arch
Steve McIntyre [Mon, 22 Apr 2019 16:53:27 +0000 (17:53 +0100)]
For grub-install, work out the right target name
Don't assume that we're on amd64 so we want x86_64-efi ...
Steve McIntyre [Mon, 22 Apr 2019 16:23:02 +0000 (17:23 +0100)]
Release shim-signed version 1.29
Steve McIntyre [Fri, 19 Apr 2019 22:28:40 +0000 (23:28 +0100)]
Specifically depend on sbsigntool (>= 0.9.2-2)
To fix a bug in the PE/COFF checksum that otherwise breaks the build
Steve McIntyre [Fri, 19 Apr 2019 15:53:29 +0000 (16:53 +0100)]
Grab the version of shim-unsigned in debian/rules, not shim
Steve McIntyre [Fri, 19 Apr 2019 14:26:18 +0000 (15:26 +0100)]
Update changelog, describe what I've done
Steve McIntyre [Fri, 19 Apr 2019 14:21:12 +0000 (15:21 +0100)]
Add the new binaries as signed by MS
Steve McIntyre [Fri, 19 Apr 2019 14:19:43 +0000 (15:19 +0100)]
Instead of hard-coding amd64 (x64), use a per-arch variable
Steve McIntyre [Fri, 19 Apr 2019 14:10:21 +0000 (15:10 +0100)]
Update copyright file
Steve McIntyre [Fri, 19 Apr 2019 14:06:20 +0000 (15:06 +0100)]
Stop copying helper binaries into our package now
We just depend on shim-helpers-ARCH-signed now, much better
Steve McIntyre [Fri, 19 Apr 2019 13:29:10 +0000 (14:29 +0100)]
Tweak the binary package setup a lot
* We're now building for 3 arches
* Depend on the right grub-efi-$arch-bin package Gfor each arch
* Depend on the right shim-helpers-$arch-signed package for each
arch
* Remove the old Replaces: and Breaks:, as we don't clash with files
from the shim binary package any more.
Steve McIntyre [Fri, 19 Apr 2019 13:27:07 +0000 (14:27 +0100)]
Update the build-deps for a new upload:
* Specific version of shim-unsigned to avoid the binary changes
caused by toolchain updates between -5 and -6
* We now don't care about the version of sbsigntool, hopefully!
Steve McIntyre [Fri, 19 Apr 2019 13:26:25 +0000 (14:26 +0100)]
Change maintainer to be the EFI team
Add me and Steve Langasek as uploaders
Steve McIntyre [Sat, 9 Mar 2019 23:54:29 +0000 (23:54 +0000)]
New upload to fix bugs
* Add Breaks: shim (<= 0.9+
1474479173 .
6c180c6 -1), Closes: #924100
* +nmu2 fixed the installability problem caused by waiting for