grub

Merge ~xnox/grub:one-grub into ~ubuntu-core-dev/grub/+git/ubuntu:ubuntu

  1. Git
  2. lp:~xnox/grub
  3. one-grub
  4. Merge into ubuntu
Proposed by Dimitri John Ledkov
Status: Rejected
Rejected by: Dimitri John Ledkov
Proposed branch: ~xnox/grub:one-grub
Merge into: ~ubuntu-core-dev/grub/+git/ubuntu:ubuntu
Diff against target: 125 lines (+43/-7)
3 files modified
debian/changelog (+11/-0)
debian/control (+4/-4)
debian/rules (+28/-3)
Reviewer Review Type Date Requested Status
Dimitri John Ledkov Needs Resubmitting
Andy Whitcroft Pending
Julian Andres Klode Pending
Steve Langasek Pending
Review via email: mp+398407@code.launchpad.net

Commit message

One grub

To post a comment you must log in.
~xnox/grub:one-grub updated
52f0f11... by Dimitri John Ledkov

correct next grub2-signed version.

Revision history for this message
Dimitri John Ledkov (xnox) wrote :

rejected.

review: Needs Resubmitting

Unmerged commits

52f0f11... by Dimitri John Ledkov

correct next grub2-signed version.

3f5da3b... by Dimitri John Ledkov

One grub

LP: #1915536

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index fca9ce3..29c39a2 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,14 @@
6+grub2 (2.04-1ubuntu41) hirsute; urgency=medium
7+
8+ * In grub-efi-*-{bin,dbg} packages ship modules & kernel.img in the
9+ -unsigned platform directory, and instead depend on
10+ grub-efi-*-signed-{bin,dbg} packages that will provide modules
11+ matching the signed images. LP: #1915536
12+ * Use raw-signing tarball which includes modules and images. Previously
13+ raw-uefi was used that provides only unpacked images. LP: #1915536
14+
15+ -- Dimitri John Ledkov <xnox@ubuntu.com> Thu, 18 Feb 2021 00:50:30 +0000
16+
17 grub2 (2.04-1ubuntu40) hirsute; urgency=medium
18
19 * Revert: rhboot-f34-tcp-add-window-scaling-support.patch,
20diff --git a/debian/control b/debian/control
21index 9aafb52..a691460 100644
22--- a/debian/control
23+++ b/debian/control
24@@ -313,7 +313,7 @@ Description: GRand Unified Bootloader, version 2 (EFI-IA32 signing template)
25
26 Package: grub-efi-amd64-bin
27 Architecture: i386 kopensolaris-i386 any-amd64
28-Depends: ${shlibs:Depends}, ${misc:Depends}, grub-common (= ${binary:Version})
29+Depends: ${shlibs:Depends}, ${misc:Depends}, grub-common (= ${binary:Version}), grub-efi-amd64-signed-bin (>> ${grub2-signed-nextversion})
30 Recommends: grub-efi-amd64-signed, efibootmgr [linux-any]
31 Replaces: grub2 (<< ${source:Version}), grub-common (<= 1.97~beta2-1), grub-efi-amd64 (<< 1.99-1)
32 Multi-Arch: foreign
33@@ -338,7 +338,7 @@ Description: GRand Unified Bootloader, version 2 (EFI-AMD64 modules)
34 Package: grub-efi-amd64-dbg
35 Section: debug
36 Architecture: i386 kopensolaris-i386 any-amd64
37-Depends: ${misc:Depends}, grub-efi-amd64-bin (= ${binary:Version}), grub-common (= ${binary:Version})
38+Depends: ${misc:Depends}, grub-efi-amd64-bin (= ${binary:Version}), grub-common (= ${binary:Version}), grub-efi-amd64-signed-dbg (>> ${grub2-signed-nextversion})
39 Multi-Arch: foreign
40 Description: GRand Unified Bootloader, version 2 (EFI-AMD64 debug files)
41 This package contains debugging files for grub-efi-amd64-bin. You only
42@@ -474,7 +474,7 @@ Description: GRand Unified Bootloader, version 2 (ARM UEFI version)
43
44 Package: grub-efi-arm64-bin
45 Architecture: any-arm64
46-Depends: ${shlibs:Depends}, ${misc:Depends}, grub-common (= ${binary:Version})
47+Depends: ${shlibs:Depends}, ${misc:Depends}, grub-common (= ${binary:Version}), grub-efi-arm64-signed-bin (>> ${grub2-signed-nextversion})
48 Recommends: grub-efi-arm64-signed, efibootmgr [linux-any]
49 Multi-Arch: foreign
50 XB-Efi-Vendor: ${efi:Vendor}
51@@ -497,7 +497,7 @@ Description: GRand Unified Bootloader, version 2 (ARM64 UEFI modules)
52 Package: grub-efi-arm64-dbg
53 Section: debug
54 Architecture: any-arm64
55-Depends: ${misc:Depends}, grub-efi-arm64-bin (= ${binary:Version}), grub-common (= ${binary:Version})
56+Depends: ${misc:Depends}, grub-efi-arm64-bin (= ${binary:Version}), grub-common (= ${binary:Version}), grub-efi-arm64-signed-dbg (>> ${grub2-signed-nextversion})
57 Multi-Arch: foreign
58 Description: GRand Unified Bootloader, version 2 (ARM64 UEFI debug files)
59 This package contains debugging files for grub-efi-arm64-bin. You only
60diff --git a/debian/rules b/debian/rules
61index 6ccb2dc..202c125 100755
62--- a/debian/rules
63+++ b/debian/rules
64@@ -121,14 +121,22 @@ debian/stamps/build-grub-efi-arm64 install/grub-efi-arm64: export SB_PLATFORM :=
65 debian/stamps/build-grub-efi-arm64 install/grub-efi-arm64: export SB_EFI_NAME := aa64
66 SB_PACKAGE :=
67 ifeq (yes,$(shell dpkg-vendor --derives-from Ubuntu && echo yes))
68+# Submit this build of grub for raw-uefi signing?
69+SB_SUBMIT := yes
70+# What version of next grub2-signed package to depend on, to trigger upgrades?
71+substvars += \
72+ -Vgrub2-signed-nextversion="1.163"
73 ifeq ($(DEB_HOST_ARCH),amd64)
74 SB_PACKAGE := grub-efi-amd64
75+override_dh_install override_dh_builddeb: SB_PLATFORM := x86_64-efi
76 endif
77 ifeq ($(DEB_HOST_ARCH),arm64)
78 SB_PACKAGE := grub-efi-arm64
79+override_dh_install override_dh_builddeb: SB_PLATFORM := arm64-efi
80 endif
81 endif
82
83+
84 # Downstream distributions that want to support SB and build images, but do not
85 # rebuild grub, need a programmatic way to get the vendor, as it's used by build-efi-images
86 # to create the monolithic Grub image and thus is needed to create the partitions on the EFI
87@@ -546,6 +554,11 @@ ifneq (,$(filter grub-pc,$(BUILD_PACKAGES)))
88 patch debian/grub-pc/usr/lib/grub-legacy/update-grub \
89 < debian/legacy/update-grub.ubuntu.patch
90 endif
91+ifneq (,$(SB_PACKAGE))
92+ mv debian/$(SB_PACKAGE)-bin/usr/lib/grub/$(SB_PLATFORM) debian/$(SB_PACKAGE)-bin/usr/lib/grub/$(SB_PLATFORM)-unsigned
93+ mv debian/$(SB_PACKAGE)-dbg/usr/lib/grub/$(SB_PLATFORM) debian/$(SB_PACKAGE)-dbg/usr/lib/grub/$(SB_PLATFORM)-unsigned
94+ sed -i 's/$(SB_PLATFORM)/$(SB_PLATFORM)-unsigned/g' debian/$(SB_PACKAGE)-bin/usr/share/lintian/overrides/$(SB_PACKAGE)-bin
95+endif
96 endif
97
98 override_dh_installdocs:
99@@ -589,11 +602,23 @@ ifeq (yes,$(shell dpkg-vendor --derives-from Ubuntu && echo yes))
100 if [ -d obj/monolithic/$(SB_PACKAGE)/$(deb_version) ]; then \
101 rm -rf obj/monolithic/$(SB_PACKAGE)/$(deb_version); \
102 fi
103- mkdir -v obj/monolithic/$(SB_PACKAGE)/$(deb_version)
104- ln -v obj/monolithic/$(SB_PACKAGE)/* obj/monolithic/$(SB_PACKAGE)/$(deb_version) || :
105+ mkdir -vp obj/monolithic/$(SB_PACKAGE)/$(deb_version)/control
106+ echo 'tarball' > obj/monolithic/$(SB_PACKAGE)/$(deb_version)/control/options
107+ mkdir -p obj/monolithic/$(SB_PACKAGE)/$(deb_version)/$(SB_PLATFORM)/ obj/monolithic/$(SB_PACKAGE)/$(deb_version)/$(SB_PLATFORM)-signed
108+ # move version
109+ cp obj/monolithic/$(SB_PACKAGE)/version obj/monolithic/$(SB_PACKAGE)/$(deb_version)/$(SB_PLATFORM)-signed
110+ # copy in modules
111+ cp -r debian/$(SB_PACKAGE)-bin/usr/lib/grub/$(SB_PLATFORM)-unsigned/* obj/monolithic/$(SB_PACKAGE)/$(deb_version)/$(SB_PLATFORM)/
112+ # copy in dbg modules
113+ cp -r debian/$(SB_PACKAGE)-dbg/usr/lib/grub/$(SB_PLATFORM)-unsigned/* obj/monolithic/$(SB_PACKAGE)/$(deb_version)/$(SB_PLATFORM)/
114+ # move .efi apps where they are expected as signed
115+ mv obj/monolithic/$(SB_PACKAGE)/$(deb_version)/$(SB_PLATFORM)/monolithic/* obj/monolithic/$(SB_PACKAGE)/$(deb_version)/$(SB_PLATFORM)-signed
116+ # this way signed tarball more-or-less will look like how everything needs to be in /usr/lib/grub/
117 endif
118 tar -c -f ../$(TARNAME) -a -C obj/monolithic/$(SB_PACKAGE) -v $(deb_version)
119- dpkg-distaddfile $(TARNAME) raw-uefi -
120+ifneq (,$(SB_SUBMIT))
121+ dpkg-distaddfile $(TARNAME) raw-signing -
122+endif
123 endif
124
125 override_dh_auto_clean:

Subscribers

People subscribed via source and target branches