Thomas Lamprecht [Fri, 21 Jun 2024 09:10:12 +0000 (11:10 +0200)]
d/lintian: add override fir package-installs-apt-preferences
it's indeed not really nice that we have to resort to this but we
found no good alternative so this is by design -> avoid erroring out
on lintian checking.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
this should ensure that a shim-signed package from a non-Proxmox repository
cannot overtake ours, even if the version is newer. since
proxmox-secure-boot-support is optional, this is entirely opt-in.
Thomas Lamprecht [Fri, 19 Apr 2024 08:41:51 +0000 (10:41 +0200)]
d/control: support last two grub versions as valid dependency
Uploading grub is a two-step process, where code-signing is done
through an HSM on a separate, isolated, and secured host.
So, it happens that the repo contains the newer proxmox-grub already
but still the old signed shim, with throws of our check that ensures
installability w.r.t. dependency constraints in the whole repo.
Allowing both versions is additionally providing some slightly better
UX, as users can more easily downgrade (without scary apt removal
warnings).
We might to have to do the same for the shim, but wait for that until
we actually have a newer version that is supported and asses then if
that's OK w.r.t. security promises to factory provided secure boot
project.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Thu, 11 Apr 2024 10:46:56 +0000 (12:46 +0200)]
buildsys: fix DEB variable name, just one package now
earlier this was part of another repo, now it's separate and there is
just one package anymore, so use the correct DEB variable to refer to
the binary debian packages that get build.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>