grub

Merge ~ubuntu-core-dev/grub/+git/ubuntu:lp.1795291 into ~ubuntu-core-dev/grub/+git/ubuntu:ubuntu

  1. Git
  2. lp:~ubuntu-core-dev/grub/+git/ubuntu
  3. lp.1795291
  4. Merge into ubuntu
Proposed by Steve Langasek
Status: Merged
Approved by: Mathieu Trudel-Lapierre
Approved revision: 00b2d12755af8b435fcda84918ebdd9a3ee662c1
Merged at revision: 00b2d12755af8b435fcda84918ebdd9a3ee662c1
Proposed branch: ~ubuntu-core-dev/grub/+git/ubuntu:lp.1795291
Merge into: ~ubuntu-core-dev/grub/+git/ubuntu:ubuntu
Diff against target: 31 lines (+10/-1)
2 files modified
debian/changelog (+7/-0)
debian/grub-check-signatures (+3/-1)
Reviewer Review Type Date Requested Status
Mathieu Trudel-Lapierre Approve
Julian Andres Klode Needs Information
Review via email: mp+355904@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Julian Andres Klode (juliank) wrote :

Just skipping vmlinuz binaries where .efi.signed exist seems like a better approach IMO, we can just do that by adding a

  if [ -e "$kernel.efi.signed" ]; then
   continue
  fi

before or after the dpkg check.

review: Needs Information
Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :

With juliank's proposed changes.

review: Approve

There was an error fetching revisions from git servers. Please try again in a few minutes. If the problem persists, contact Launchpad support.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index 56b66c9..ea769d5 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,10 @@
6+grub2 (2.02+dfsg1-5ubuntu6) UNRELEASED; urgency=medium
7+
8+ * debian/grub-check-signatures: Handle the case where we have unsigned
9+ vmlinuz and signed vmlinuz.efi.signed. LP: #1795291.
10+
11+ -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 01 Oct 2018 00:58:46 -0700
12+
13 grub2 (2.02+dfsg1-5ubuntu5) cosmic; urgency=medium
14
15 [ Mathieu Trudel-Lapierre ]
16diff --git a/debian/grub-check-signatures b/debian/grub-check-signatures
17index 3a466ec..647c405 100755
18--- a/debian/grub-check-signatures
19+++ b/debian/grub-check-signatures
20@@ -60,8 +60,10 @@ find_unsigned() {
21 if dpkg --compare-versions "$this_uname_r" lt "$uname_r"; then
22 continue
23 fi
24- if ! is_signed $kernel; then
25+ if ! is_signed $kernel && ! echo "$signed" | grep -q "\b$this_uname_r"; then
26 echo "$this_uname_r"
27+ else
28+ signed="$signed $this_uname_r"
29 fi
30 done
31 }

Subscribers

People subscribed via source and target branches