Ubuntu
grub2-signed package

Merge ~xnox/ubuntu/+source/grub2-signed:one-grub into ~ubuntu-core-dev/ubuntu/+source/grub2-signed:ubuntu/hirsute-devel

  1. Git
  2. lp:~xnox/ubuntu/+source/grub2-signed
  3. one-grub
  4. Merge into ubuntu/hirsute-devel
Proposed by Dimitri John Ledkov
Status: Rejected
Rejected by: Dimitri John Ledkov
Proposed branch: ~xnox/ubuntu/+source/grub2-signed:one-grub
Merge into: ~ubuntu-core-dev/ubuntu/+source/grub2-signed:ubuntu/hirsute-devel
Diff against target: 279 lines (+98/-55)
11 files modified
debian/changelog (+8/-0)
debian/control (+53/-3)
debian/grub-efi-amd64-signed-bin.install (+1/-0)
debian/grub-efi-amd64-signed-dbg.dirs (+1/-0)
debian/grub-efi-amd64-signed.install (+1/-0)
debian/grub-efi-arm64-signed-bin.install (+1/-0)
debian/grub-efi-arm64-signed-dbg.dirs (+1/-0)
debian/grub-efi-arm64-signed.install (+1/-0)
debian/rules (+17/-12)
dev/null (+0/-35)
download-signed (+14/-5)
Reviewer Review Type Date Requested Status
Dimitri John Ledkov Needs Resubmitting
Steve Langasek Needs Fixing
Julian Andres Klode Pending
Andy Whitcroft Pending
Review via email: mp+398409@code.launchpad.net

Commit message

One grub

To post a comment you must log in.
Revision history for this message
Steve Langasek (vorlon) :
review: Needs Fixing
Revision history for this message
Dimitri John Ledkov (xnox) wrote :

rejected.

review: Needs Resubmitting

Unmerged commits

4ebeec1... by Dimitri John Ledkov

releasing package grub2-signed version 1.163

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/Makefile b/Makefile
2deleted file mode 100644
3index c3acf21..0000000
4--- a/Makefile
5+++ /dev/null
6@@ -1,35 +0,0 @@
7-include /usr/share/dpkg/default.mk
8-
9-PLATFORM := UNKNOWN-PLATFORM
10-EFI_NAME := UNKNOWN-EFI-NAME
11-
12-ifeq ($(DEB_HOST_ARCH),amd64)
13-PLATFORM := x86_64-efi
14-EFI_NAME := x64
15-endif
16-
17-ifeq ($(DEB_HOST_ARCH),arm64)
18-PLATFORM := arm64-efi
19-EFI_NAME := aa64
20-endif
21-
22-SIGNED := \
23- current/grub$(EFI_NAME).efi.signed \
24- current/gcd$(EFI_NAME).efi.signed \
25- current/grubnet$(EFI_NAME).efi.signed
26-
27-all: $(SIGNED)
28-
29-$(SIGNED):
30- ./download-signed grub2-common current grub2 uefi
31-
32-check:
33- cmp current/grub$(EFI_NAME).efi /usr/lib/grub/$(PLATFORM)/monolithic/grub$(EFI_NAME).efi
34-
35-install: $(SIGNED)
36- install -d $(DESTDIR)/usr/lib/grub/$(PLATFORM)-signed
37- install -m0644 $(SIGNED) current/version \
38- $(DESTDIR)/usr/lib/grub/$(PLATFORM)-signed/
39-
40-clean:
41- rm -rf current/
42diff --git a/debian/changelog b/debian/changelog
43index c220554..93ac4e1 100644
44--- a/debian/changelog
45+++ b/debian/changelog
46@@ -1,3 +1,11 @@
47+grub2-signed (1.163) hirsute; urgency=medium
48+
49+ * Add {-bin,-dbg} packages that ship matching modules for the signed EFI
50+ apps. LP: #1915536
51+ * Use raw-singing input from grub2. LP: #1915536
52+
53+ -- Dimitri John Ledkov <xnox@ubuntu.com> Thu, 18 Feb 2021 01:02:04 +0000
54+
55 grub2-signed (1.162) hirsute; urgency=medium
56
57 * Rebuild with correct permissions, and higher version number.
58diff --git a/debian/control b/debian/control
59index 0b045b4..489fbca 100644
60--- a/debian/control
61+++ b/debian/control
62@@ -2,14 +2,15 @@ Source: grub2-signed
63 Section: utils
64 Priority: optional
65 Maintainer: Colin Watson <cjwatson@ubuntu.com>
66-Build-Depends: debhelper-compat (= 12), lsb-release, python3, python3-apt, grub-efi-amd64-bin (>= 2.04-1ubuntu39) [amd64], grub-efi-arm64-bin (>= 2.04-1ubuntu39) [arm64]
67+Build-Depends: debhelper-compat (= 12), lsb-release, python3, python3-apt
68 Standards-Version: 3.9.5
69 Vcs-Browser: https://code.launchpad.net/~ubuntu-core-dev/ubuntu/+source/grub2-signed/+git/grub2-signed/+ref/ubuntu/hirsute-devel
70 Vcs-Git: https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/grub2-signed -b ubuntu/hirsute-devel
71+Rules-Requires-Root: no
72
73 Package: grub-efi-amd64-signed
74 Architecture: amd64
75-Depends: ${misc:Depends}, grub-efi-amd64-bin (= ${grub2:Version}), grub-efi-amd64 | grub-pc
76+Depends: ${misc:Depends}, grub-efi-amd64-signed-bin (= ${binary:Version}), grub-efi-amd64 | grub-pc
77 Recommends: secureboot-db
78 Built-Using: grub2 (= ${grub2:Version})
79 Description: GRand Unified Bootloader, version 2 (EFI-AMD64 version, signed)
80@@ -25,9 +26,34 @@ Description: GRand Unified Bootloader, version 2 (EFI-AMD64 version, signed)
81 This package contains a version of GRUB built for use with the EFI-AMD64
82 architecture, signed with Canonical's UEFI signing key.
83
84+Package: grub-efi-amd64-signed-bin
85+Architecture: any-amd64
86+Depends: ${misc:Depends}
87+Replaces: grub-efi-amd64-bin (<< 2.04-1ubuntu41)
88+Breaks: grub-efi-amd64-bin (<< 2.04-1ubuntu41)
89+Multi-Arch: foreign
90+Description: GRand Unified Bootloader, version 2 (EFI-AMD64 signed modules)
91+ This package contains GRUB modules that have been built for use with the
92+ EFI-AMD64 architecture, as used by Intel Macs (unless a BIOS interface has
93+ been activated). It can be installed in parallel with other flavours, but
94+ will not automatically install GRUB as the active boot loader nor
95+ automatically update grub.cfg on upgrade unless shim-signed is also
96+ installed.
97+
98+Package: grub-efi-amd64-signed-dbg
99+Section: debug
100+Architecture: any-amd64
101+Depends: ${misc:Depends}, grub-efi-amd64-signed-bin (= ${binary:Version})
102+Replaces: grub-efi-amd64-dbg (<< 2.04-1ubuntu41)
103+Breaks: grub-efi-amd64-dbg (<< 2.04-1ubuntu41)
104+Multi-Arch: foreign
105+Description: GRand Unified Bootloader, version 2 (AMD64 UEFI debug files signed)
106+ This package contains debugging files for grub-efi-amd64-signed-bin. You only
107+ need these if you are trying to debug GRUB using its GDB stub.
108+
109 Package: grub-efi-arm64-signed
110 Architecture: arm64
111-Depends: ${misc:Depends}, grub-efi-arm64 (= ${grub2:Version})
112+Depends: ${misc:Depends}, grub-efi-arm64, grub-efi-arm64-signed-bin (= ${binary:Version})
113 Recommends: secureboot-db
114 Built-Using: grub2 (= ${grub2:Version})
115 Description: GRand Unified Bootloader, version 2 (EFI-ARM64 version, signed)
116@@ -42,3 +68,27 @@ Description: GRand Unified Bootloader, version 2 (EFI-ARM64 version, signed)
117 .
118 This package contains a version of GRUB built for use with the EFI-ARM64
119 architecture, signed with Canonical's UEFI signing key.
120+
121+Package: grub-efi-arm64-signed-bin
122+Architecture: any-arm64
123+Depends: ${shlibs:Depends}, ${misc:Depends}
124+Replaces: grub-efi-arm64-bin (<< 2.04-1ubuntu41)
125+Breaks: grub-efi-arm64-bin (<< 2.04-1ubuntu41)
126+Multi-Arch: foreign
127+Description: GRand Unified Bootloader, version 2 (EFI-ARM64 signed modules)
128+ This package contains GRUB modules that have been built for use with
129+ the EFI-ARM64 architecture. It can be installed in parallel with
130+ other flavours, but will not automatically install GRUB as the active
131+ boot loader nor automatically update grub.cfg on upgrade unless
132+ shim-signed is also installed.
133+
134+Package: grub-efi-arm64-signed-dbg
135+Section: debug
136+Architecture: any-arm64
137+Depends: ${misc:Depends}, grub-efi-arm64-signed-bin (= ${binary:Version})
138+Replaces: grub-efi-arm64-dbg (<< 2.04-1ubuntu41)
139+Breaks: grub-efi-arm64-dbg (<< 2.04-1ubuntu41)
140+Multi-Arch: foreign
141+Description: GRand Unified Bootloader, version 2 (ARM64 UEFI debug files signed)
142+ This package contains debugging files for grub-efi-arm64-signed. You only
143+ need these if you are trying to debug GRUB using its GDB stub.
144diff --git a/debian/grub-efi-amd64-signed-bin.install b/debian/grub-efi-amd64-signed-bin.install
145new file mode 100644
146index 0000000..9750827
147--- /dev/null
148+++ b/debian/grub-efi-amd64-signed-bin.install
149@@ -0,0 +1 @@
150+*-efi/ usr/lib/grub/
151diff --git a/debian/grub-efi-amd64-signed-dbg.dirs b/debian/grub-efi-amd64-signed-dbg.dirs
152new file mode 100644
153index 0000000..b565418
154--- /dev/null
155+++ b/debian/grub-efi-amd64-signed-dbg.dirs
156@@ -0,0 +1 @@
157+usr/lib/grub/x86_64-efi
158diff --git a/debian/grub-efi-amd64-signed.install b/debian/grub-efi-amd64-signed.install
159new file mode 100644
160index 0000000..0de3587
161--- /dev/null
162+++ b/debian/grub-efi-amd64-signed.install
163@@ -0,0 +1 @@
164+*-efi-signed/ usr/lib/grub/
165diff --git a/debian/grub-efi-arm64-signed-bin.install b/debian/grub-efi-arm64-signed-bin.install
166new file mode 100644
167index 0000000..9750827
168--- /dev/null
169+++ b/debian/grub-efi-arm64-signed-bin.install
170@@ -0,0 +1 @@
171+*-efi/ usr/lib/grub/
172diff --git a/debian/grub-efi-arm64-signed-dbg.dirs b/debian/grub-efi-arm64-signed-dbg.dirs
173new file mode 100644
174index 0000000..4b2f9c8
175--- /dev/null
176+++ b/debian/grub-efi-arm64-signed-dbg.dirs
177@@ -0,0 +1 @@
178+usr/lib/grub/arm64-efi
179diff --git a/debian/grub-efi-arm64-signed.install b/debian/grub-efi-arm64-signed.install
180new file mode 100644
181index 0000000..0de3587
182--- /dev/null
183+++ b/debian/grub-efi-arm64-signed.install
184@@ -0,0 +1 @@
185+*-efi-signed/ usr/lib/grub/
186diff --git a/debian/rules b/debian/rules
187index 5c83889..c83af55 100755
188--- a/debian/rules
189+++ b/debian/rules
190@@ -2,21 +2,26 @@
191
192 include /usr/share/dpkg/default.mk
193
194+SUITE:=hirsute-proposed
195+VERSION:=2.04-1ubuntu41
196+
197 %:
198 dh $@
199
200-destdir := debian/grub-efi-$(DEB_HOST_ARCH)-signed
201-docdir := $(destdir)/usr/share/doc/grub-efi-$(DEB_HOST_ARCH)-signed
202-
203-override_dh_installchangelogs:
204- dh_installchangelogs
205- # Quieten lintian, which otherwise gets confused by our odd version
206- # number.
207- ln $(docdir)/changelog $(docdir)/changelog.Debian
208+override_dh_install:
209+ ./download-signed grub2-common $(VERSION) grub2 signed $(SUITE)
210+ # don't need control
211+ rm -rvf $(VERSION)/control
212+ # fixup location of unsigned binaries
213+ mkdir -p $(VERSION)/*-efi/monolithic
214+ mv $(VERSION)/*-efi-signed/*.efi $(VERSION)/*-efi/monolithic
215+ dh_install --sourcedir=$(VERSION)
216+ # move debug modules into the debug package
217+ mv debian/grub-efi-$(DEB_HOST_ARCH)-signed-bin/usr/lib/grub/*/*.module \
218+ debian/grub-efi-$(DEB_HOST_ARCH)-signed-dbg/usr/lib/grub/*/
219
220 override_dh_gencontrol:
221- dh_gencontrol -- -v$(DEB_VERSION)+$(shell cat current/version) \
222- -Vgrub2:Version=$(shell cat current/version)
223+ dh_gencontrol -- -v$(DEB_VERSION)+$(VERSION) -Vgrub2:Version=$(VERSION)
224
225-override_dh_auto_install:
226- dh_auto_install --destdir=$(destdir)
227+override_dh_clean:
228+ rm -rvf $(VERSION)
229diff --git a/download-signed b/download-signed
230index 72ee1e5..67025c9 100755
231--- a/download-signed
232+++ b/download-signed
233@@ -35,6 +35,10 @@ parser.add_argument(
234 nargs='?',
235 default='signed',
236 help="subdirectory type in the url, 'signed' or 'uefi'")
237+parser.add_argument(
238+ "suite",
239+ nargs='?',
240+ help="force to download from a non-candidate suite")
241 args = parser.parse_args()
242
243
244@@ -46,7 +50,7 @@ class SignedDownloader:
245 identify the members and to validate them once downloaded.
246 """
247
248- def __init__(self, package_name, package_version, src_package, signed_type='signed'):
249+ def __init__(self, package_name, package_version, src_package, signed_type='signed', suite=None):
250 self.package_name = package_name
251 self.package_version = package_version
252 self.src_package = src_package
253@@ -57,7 +61,7 @@ class SignedDownloader:
254 cache = apt.Cache()
255
256 self.package = None
257- if self.package_version == "current":
258+ if self.package_version == "current" or suite:
259 self.package = cache[package_name].candidate
260 else:
261 for version in cache[package_name].versions:
262@@ -70,9 +74,14 @@ class SignedDownloader:
263
264 origin = self.package.origins[0]
265 pool_parsed = urlparse(self.package.uri)
266- self.package_dir = "%s/%s/%s/%s-%s/%s/" % (
267- origin.archive, 'main', signed_type,
268- self.src_package, self.package.architecture, self.package_version)
269+ if suite:
270+ self.package_dir = "%s/../%s/%s/%s/%s-%s/%s/" % (
271+ origin.archive, suite, 'main', signed_type,
272+ self.src_package, self.package.architecture, self.package_version)
273+ else:
274+ self.package_dir = "%s/%s/%s/%s-%s/%s/" % (
275+ origin.archive, 'main', signed_type,
276+ self.src_package, self.package.architecture, self.package_version)
277
278 # Prepare the master url stem and pull out any username/password. If present
279 # replace the default opener with one which offers that password.

Subscribers

People subscribed via source and target branches