Ubuntu
secureboot-db package

Merge ~sdeziel/ubuntu/+source/secureboot-db:not-in-containers into ubuntu/+source/secureboot-db:ubuntu/devel

  1. Git
  2. lp:~sdeziel/ubuntu/+source/secureboot-db
  3. not-in-containers
  4. Merge into ubuntu/devel
Proposed by Simon Déziel
Status: Needs review
Proposed branch: ~sdeziel/ubuntu/+source/secureboot-db:not-in-containers
Merge into: ubuntu/+source/secureboot-db:ubuntu/devel
Diff against target: 26 lines (+7/-0)
2 files modified
debian/changelog (+6/-0)
debian/secureboot-db.service (+1/-0)
Reviewer Review Type Date Requested Status
Dimitri John Ledkov (community) Needs Information
git-ubuntu import Pending
Review via email: mp+454748@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Bryce Harrington (bryce) wrote :

Hi Simon,

There seems not to be a changelog entry for this MP?
You might also consider Seth's suggestion in comment #2 on the bug.

Reply
~sdeziel/ubuntu/+source/secureboot-db:not-in-containers updated
6c2dc3f... by Simon Déziel

d/changelog: closes LP: #1840845

Signed-off-by: Simon Deziel <email address hidden>

Revision history for this message
Simon Déziel (sdeziel) wrote (last edit ):

@bryce, thanks for the nudge. Please take another look now that I've rebased the changes and included the detection of the live cd env.

Reply
Revision history for this message
Dimitri John Ledkov (xnox) wrote :

I have commented on the bug report.
I am happy with the proposed condition virtualization.
I am concerned that live session condition will regress security of our installations.

review: Needs Information
Reply
Revision history for this message
Simon Déziel (sdeziel) wrote :

@xnox, thanks. I dropped the livecd env detection/condition.

Reply

Unmerged commits

6c2dc3f... by Simon Déziel

d/changelog: closes LP: #1840845

Signed-off-by: Simon Deziel <email address hidden>

5baab0f... by Simon Déziel

d/secureboot-db.service: do not run inside containers

Fixes LP: #1840845

Signed-off-by: Simon Deziel <email address hidden>

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index fe81af4..54d704e 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,9 @@
6+secureboot-db (1.10) noble; urgency=medium
7+
8+ * d/secureboot-db.service: do not run inside containers (LP: #1840845)
9+
10+ -- Simon Deziel <simon.deziel@canonical.com> Tue, 21 Nov 2023 15:26:41 -0500
11+
12 secureboot-db (1.9) noble; urgency=medium
13
14 * Update packaging to debhelper 13
15diff --git a/debian/secureboot-db.service b/debian/secureboot-db.service
16index 7748e4a..3d34731 100644
17--- a/debian/secureboot-db.service
18+++ b/debian/secureboot-db.service
19@@ -1,6 +1,7 @@
20 [Unit]
21 Description=Secure Boot updates for DB and DBX
22 ConditionPathExists=/sys/firmware/efi/efivars/db-d719b2cb-3d3a-4596-a3bc-dad00e67656f
23+ConditionVirtualization=!container
24
25 [Service]
26 Type=oneshot

Subscribers

People subscribed via source and target branches