shim

Merge ~ubuntu-core-dev/shim/+git/shim-signed:cyphermox into ~ubuntu-core-dev/shim/+git/shim-signed:master

  1. Git
  2. lp:~ubuntu-core-dev/shim/+git/shim-signed
  3. cyphermox
  4. Merge into master
Proposed by Mathieu Trudel-Lapierre
Status: Merged
Approved by: Steve Langasek
Approved revision: d50f9ecb9ac053d9e430e3cf4c63d176d61db01d
Merged at revision: d50f9ecb9ac053d9e430e3cf4c63d176d61db01d
Proposed branch: ~ubuntu-core-dev/shim/+git/shim-signed:cyphermox
Merge into: ~ubuntu-core-dev/shim/+git/shim-signed:master
Diff against target: 54 lines (+17/-4)
2 files modified
debian/changelog (+9/-0)
update-secureboot-policy (+8/-4)
Reviewer Review Type Date Requested Status
Steve Langasek Approve
Review via email: mp+347167@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Steve Langasek (vorlon) wrote :

LGTM

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index ce6bb71..a11d646 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,12 @@
6+shim-signed (1.35) UNRELEASED; urgency=medium
7+
8+ * update-secureboot-policy: fix quoting for key/again password handling to
9+ mokutil. (LP: #1770579)
10+ * update-secureboot-policy: don't allow backtracking at the "main" question
11+ for whether to enroll a new MOK. (LP: #1767091)
12+
13+ -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Wed, 30 May 2018 16:24:42 -0400
14+
15 shim-signed (1.34.9) bionic; urgency=medium
16
17 * debian/shim-signed.postinst: check for MOK existence rather than ignoring
18diff --git a/update-secureboot-policy b/update-secureboot-policy
19index 5b61c8e..e9aeb25 100755
20--- a/update-secureboot-policy
21+++ b/update-secureboot-policy
22@@ -87,8 +87,8 @@ clear_passwords()
23
24 toggle_validation()
25 {
26- local key=$1
27- local again=$2
28+ local key="$1"
29+ local again="$2"
30
31 echo "Enabling shim validation."
32 printf '%s\n%s\n' "$key" "$again" | mokutil --enable-validation >/dev/null || true
33@@ -96,8 +96,8 @@ toggle_validation()
34
35 enroll_mok()
36 {
37- local key=$1
38- local again=$2
39+ local key="$1"
40+ local again="$2"
41
42 echo "Adding '$SB_KEY' to shim:"
43 printf '%s\n%s\n' "$key" "$again" | mokutil --import "$SB_KEY" >/dev/null || true
44@@ -116,6 +116,10 @@ do_it()
45 ;;
46 2)
47 if [ "$do_toggle" -eq 1 ]; then
48+ # Force no backtracking here; otherwise the GNOME backend
49+ # might allow it due to displaying the explanation just before.
50+ # Fixes LP: #1767091
51+ db_capb
52 # Allow the user to skip toggling Secure Boot.
53 db_fset shim/enable_secureboot seen false
54 db_input critical shim/enable_secureboot || true

Subscribers

People subscribed via source and target branches