Bug#925436: unblock: fwupdate/12-4

Sun, 24 Mar 2019 18:09:53 -0700 

Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock

Please unblock package fwupdate

I've just made the last minor tweaks around the signing service json
setup needed for UEFI Secure Boot support in Debian. There are also a
couple of small ignorable Ubuntu packaging diffs, and the addition of
a Recommends to also pull in the -signed version when possible during
installation.

Here's the debdiff.

diff -Nru fwupdate-12/debian/changelog fwupdate-12/debian/changelog
--- fwupdate-12/debian/changelog        2018-08-06 05:08:34.000000000 +0100
+++ fwupdate-12/debian/changelog        2019-03-25 00:47:29.000000000 +0000
@@ -1,3 +1,19 @@
+fwupdate (12-4) unstable; urgency=medium
+
+  [ Steve McIntyre ]
+  * debian/gen_signing_json: Update the format of the json metadata to
+    match new requirements:
+    + Move all the data under a new top-level "packages" key
+    + Add an empty "trusted_certs" key - our binaries do not do any
+      further verification with an embedded key.
+
+  [ Mario Limonciello ]
+  * Install signed packages for secure boot automatically
+  * Use a virtual package fwupdate-signed to resolve the correct package
+  * Stop producing UEFI archive for Ubuntu signed images (LP: #1787254)
+
+ -- Steve McIntyre <93...@debian.org>  Mon, 25 Mar 2019 00:47:29 +0000
+
 fwupdate (12-3) unstable; urgency=medium
 
   * debian/rules: fix libexecdir location (Closes: #905549)
diff -Nru fwupdate-12/debian/control fwupdate-12/debian/control
--- fwupdate-12/debian/control  2018-08-06 05:02:24.000000000 +0100
+++ fwupdate-12/debian/control  2019-03-08 22:23:42.000000000 +0000
@@ -26,6 +26,7 @@
 Architecture: amd64 i386 armhf arm64
 Multi-Arch: foreign
 Depends: ${shlibs:Depends}, ${misc:Depends}, libfwup1 (= ${binary:Version}), 
efibootmgr, e2fsprogs
+Recommends: fwupdate-signed
 Description: Tools to manage UEFI firmware updates
  fwupdate provides functionality to update system firmware. It has been 
  initially designed to update firmware using UEFI capsule updates, but 
diff -Nru fwupdate-12/debian/gen_signing_json 
fwupdate-12/debian/gen_signing_json
--- fwupdate-12/debian/gen_signing_json 2018-08-06 05:02:24.000000000 +0100
+++ fwupdate-12/debian/gen_signing_json 2019-03-08 23:22:43.000000000 +0000
@@ -16,9 +16,14 @@
 
 rm -f $OUT
 
-printf '{"%s": {\n' "${SOURCE}" >> $OUT
-printf '  "files": [ \n' >> $OUT
-printf '    {"sig_type": "efi", "file": "%s"}\n' "${BINARY}" >> $OUT
-printf '  ]\n' >> $OUT
-printf '} }\n' >> $OUT
+printf '{\n' >> $OUT
+printf '  "packages": {\n' >> $OUT
+printf '    "%s": {\n' "${SOURCE}" >> $OUT
+printf '      "trusted_certs": [],\n' >> $OUT
+printf '      "files": [ \n' >> $OUT
+printf '        {"sig_type": "efi", "file": "%s"}\n' "${BINARY}" >> $OUT
+printf '      ]\n' >> $OUT
+printf '    }\n' >> $OUT
+printf '  }\n' >> $OUT
+printf '}\n' >> $OUT
 
diff -Nru fwupdate-12/debian/rules fwupdate-12/debian/rules
--- fwupdate-12/debian/rules    2018-08-06 05:07:22.000000000 +0100
+++ fwupdate-12/debian/rules    2019-03-08 22:23:42.000000000 +0000
@@ -10,7 +10,6 @@
 SB_STYLE := debian
 ifeq (yes,$(shell dpkg-vendor --derives-from Ubuntu && echo yes))
        SB_STYLE := ubuntu
-       tar_name := fwupdate_$(deb_version)_$(DEB_HOST_ARCH).tar.gz
 else
        TMPLDIR  := 
debian/fwupdate-$(DEB_HOST_ARCH)-signed-template/usr/share/code-signing/fwupdate-$(DEB_HOST_ARCH)-signed-template
 endif
@@ -68,17 +67,6 @@
 
 override_dh_auto_clean:
        dh_auto_clean -- EFIDIR=$(EFIDIR)
-ifeq (ubuntu,$(SB_STYLE))
-       rm -rf debian/fwupdate-images
-endif
 
 override_dh_builddeb:
        dh_builddeb -- -Zxz
-ifeq (ubuntu,$(SB_STYLE))
-               mkdir -p debian/fwupdate-images/$(deb_version)
-               cp efi/fwup*.efi debian/fwupdate-images/$(deb_version)
-               echo $(deb_version) \
-                       > debian/fwupdate-images/$(deb_version)/version
-                       cd debian/fwupdate-images && tar czvf 
../../../$(tar_name) .
-                       dpkg-distaddfile $(tar_name) raw-uefi -
-endif
diff -Nru fwupdate-12/debian/signing-template/control 
fwupdate-12/debian/signing-template/control
--- fwupdate-12/debian/signing-template/control 2018-08-06 05:02:24.000000000 
+0100
+++ fwupdate-12/debian/signing-template/control 2019-03-08 22:23:42.000000000 
+0000
@@ -12,6 +12,7 @@
 Package: fwupdate-SIGNARCH-signed
 Section: admin
 Architecture: SIGNARCH
+Provides: fwupdate-signed
 Depends: ${shlibs:Depends}, ${misc:Depends}, fwupdate (= SIGNVERSION)
 Description: Tools to manage UEFI firmware updates (signed)
  fwupdate provides functionality to update system firmware. It has been 


unblock fwupdate/12-4

-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Reply via email to