Package: systemd-boot Version: 253-4 Severity: minor Dear maintainers,
the systemd-boot package calls `bootctl update` after the upgrade of the package. Therefore, it overwrites the currently installed systemd-boot image (which could be signed for secure boot with a local key) on the ESP with a new, but unsigned image. Could you please add a hook to the postinst that either a local script can be called on installation time which takes care of signing the image (similar to the `/etc/kernel/postinst.d/ mechamism) or add some call to `sbsign` yourself if e.g. the signing key is available at a specific path. Thank you very much in advance Jan Naumann -- System Information: Debian Release: trixie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.3.0-1-amd64 (SMP w/8 CPU threads; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages systemd-boot depends on: ii libc6 2.36-9 ii libsystemd-shared 253-4 ii systemd-boot-efi 253-4 Versions of packages systemd-boot recommends: ii efibootmgr 17-2 systemd-boot suggests no packages. -- no debconf information
