So, looking through this diff: (holy crap, the grub-installer script is getting big! :-()
On that front, I'm *tempted* to say it's time to stop caring about and supporting grub-legacy here, maybe? On Sat, Jan 12, 2019 at 01:51:41PM +0000, Colin Watson wrote: >diff --git a/grub-installer b/grub-installer >index 04016fb7..7fbcf7ee 100755 >--- a/grub-installer >+++ b/grub-installer >@@ -346,7 +346,7 @@ case $ARCH in > if [ -f /sys/firmware/efi/fw_platform_size ] ; then > SIZE=$(cat /sys/firmware/efi/fw_platform_size) > if [ $SIZE -eq 64 ] ; then >- grub_package="grub-efi-amd64" >+ grub_package="grub-efi-amd64-signed" > elif [ $SIZE -eq 32 ] ; then > grub_package="grub-efi-ia32" > fi I'm minded to not take this - I feel that grub-efi-amd64-signed is more of an equivalent to grub-efi-amd64-bin, just containing the actual grub binaries for the other packages to use. The metapackage grub-efi-amd64 is still the correct thing to be installing here. >@@ -484,14 +484,17 @@ db_progress INFO grub-installer/progress/step_install > # to grub legacy, or vice-versa > case "$grub_package" in > grub) >- log-output -t grub-installer $chroot $ROOT dpkg -P grub-pc-bin grub-pc >grub-efi grub-efi-amd64-bin grub-efi-amd64 grub-efi-ia32-bin grub-efi-ia32 >+ log-output -t grub-installer $chroot $ROOT dpkg -P grub-pc-bin grub-pc >grub-efi grub-efi-amd64-bin grub-efi-amd64 grub-efi-amd64-signed >grub-efi-ia32-bin grub-efi-ia32 > ;; > grub-pc) >- log-output -t grub-installer $chroot $ROOT dpkg -P grub grub-legacy >grub-efi grub-efi-amd64-bin grub-efi-amd64 grub-efi-ia32-bin grub-efi-ia32 >- ;; >- grub-efi*) >+ log-output -t grub-installer $chroot $ROOT dpkg -P grub grub-legacy >grub-efi grub-efi-amd64-bin grub-efi-amd64 grub-efi-amd64-signed >grub-efi-ia32-bin grub-efi-ia32 >+ ;; >+ grub-efi-amd64-signed) > log-output -t grub-installer $chroot $ROOT dpkg -P grub grub-legacy > grub-pc-bin grub-pc >- ;; >+ ;; >+ grub-efi*) >+ log-output -t grub-installer $chroot $ROOT dpkg -P grub grub-legacy >grub-pc-bin grub-pc grub-efi-amd64-signed >+ ;; > esac > > exit_code=0 all obviously the right thing. I'm thinking it's time to wrap and reformat those long command lines, though! >@@ -507,6 +510,11 @@ case "$grub_package" in > *) > # Will pull in os-prober based on global setting for Recommends > apt-install $grub_package || exit_code=$? >+ case $grub_package in >+ *-signed) >+ apt-install shim-signed || true >+ ;; >+ esac > ;; > esac This would clearly be the right thing to do too if we changed the grub_package setting at the top. Maybe if we just change that to match grub-efi-amd64 for now? I'm about to test this lot locally and double-check it DTRT for both amd64/efi with -signed and i386/efi (without), anyway. -- Steve McIntyre, Cambridge, UK. st...@einval.com Google-bait: http://www.debian.org/CD/free-linux-cd Debian does NOT ship free CDs. Please do NOT contact the mailing lists asking us to send them to you.
