Your message dated Thu, 07 Dec 2023 19:00:12 +0000
with message-id <[email protected]>
and subject line Bug#1052243: fixed in dkms 3.0.12-2
has caused the Debian Bug report #1052243,
regarding dkms: Signature keys unexpectedly overridden
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1052243: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052243
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: dkms
Version: 3.0.11-3
Severity: critical
Justification: breaks unrelated software
Dear Maintainer,
* What led up to the situation?
Enrolled my own secureboot key chain (PK, KEK, db) and wanted dkms to sign
kernel modules automatically.
* What exactly did you do (or not do) that was effective (or ineffective)?
Set `mok_signing_key=` and `mok_certificate` in `/etc/dkms/framework.conf` to
my DB.key/DB.crt and then installed the `nvidia-driver` using apt.
* What was the outcome of this action?
My DB.key and DB.crt were overridden by some new keys.
* What outcome did you expect instead?
Even if my configuration is wrong, I would never expect that setting
`mok_signing_key=` overriddes anything.
-- System Information:
Debian Release: trixie/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 6.4.0-4-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages dkms depends on:
ii build-essential 12.10
ii dpkg-dev 1.22.0
ii gcc [c-compiler] 4:13.2.0-1
ii gcc-13 [c-compiler] 13.2.0-3
ii kmod 30+20230601-1
ii lsb-release 12.0-2
ii make 4.3-4.1
ii patch 2.7.6-7
Versions of packages dkms recommends:
ii fakeroot 1.32.1-1
ii linux-headers-amd64 [linux-headers-generic] 6.4.13-1
ii sudo 1.9.14p2-1
Versions of packages dkms suggests:
ii e2fsprogs 1.47.0-2+b1
pn menu <none>
-- Configuration Files:
/etc/dkms/framework.conf changed:
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: dkms
Source-Version: 3.0.12-2
Done: Andreas Beckmann <[email protected]>
We believe that the bug you reported is fixed in the latest version of
dkms, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Beckmann <[email protected]> (supplier of updated dkms package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 06 Dec 2023 00:48:28 +0100
Source: dkms
Binary: dh-dkms dkms dkms-noautoinstall-test-dkms dkms-test-dkms
Architecture: source all
Version: 3.0.12-2
Distribution: experimental
Urgency: medium
Maintainer: Dynamic Kernel Module System Team <[email protected]>
Changed-By: Andreas Beckmann <[email protected]>
Description:
dh-dkms - debhelper addon for the Dynamic Kernel Module System (DKMS)
dkms - Dynamic Kernel Module System (DKMS)
dkms-noautoinstall-test-dkms - trivial dkms noautoinstall test kernel module
dkms-test-dkms - trivial dkms test kernel module
Closes: 621846 660043 736803 894250 1034013 1040401 1052243 1056949
Changes:
dkms (3.0.12-2) experimental; urgency=medium
.
* Cherry-pick upstream patches:
- Use 'unbuild' instead of 'remove' in kernel prerm script to keep the
modules in 'added' state. (Closes: #621846, #894250)
- Document MOK key *and* cert recreation behavior if MOK key *or* cert is
missing. (Closes: #1052243)
* kernel/header_postinst.d hook: On header upgrades w/o package name change,
'unbuild' all 'autoinstall'ed modules built against the old version first
to ensure they get rebuilt against the upgraded headers on the next
'autoinstall'. (Closes: #1040401, #1034013)
* common.postinst: Only build AUTOINSTALL="yes" modules on installation.
* Clean up obsolete /etc/kernel/install.d/dkms, renamed to 40-dkms.install.
(Closes: #1056949)
* postinst: Clean up modules with empty $arch from dkms tree. (Cf. #1036033)
* postinst: Clean up dangling source links from dkms tree. (LP: #830915)
* dh_dkms: Strip epoch from upstream version. (Closes: #660043)
* dh_dkms: Error out on invalid package versions.
* dh_dkms: Always substitute #MODULE_VERSION#. (Closes: #736803)
* Add dkms-noautoinstall-test-dkms package with a trivial kernel module for
dkms tests.
* Add autopkgtests using dkms-noautoinstall-test-dkms.
* Upload to experimental.
Checksums-Sha1:
bbf02bea77d722fb4c2ee30296ecfa4a0cfcb486 2360 dkms_3.0.12-2.dsc
691d39fce2b580f77822f0cd2445a8b1710ee3a3 32108 dkms_3.0.12-2.debian.tar.xz
5923aee13ea6046f487c694313155dbde1aa15a3 14820 dh-dkms_3.0.12-2_all.deb
4c82f7c24a0f692dda747a6a99e72d1cf6bc30bd 10264
dkms-noautoinstall-test-dkms_3.0.12-2_all.deb
9caf7791fce0261ea1ff026f8686d1d8ac81efee 10220 dkms-test-dkms_3.0.12-2_all.deb
6503fbbe73826d179df7ec6187b73f3f02c6d4ac 51300 dkms_3.0.12-2_all.deb
d852f4c6c7721989eb9103f9c8c14ce860bafbf3 6690 dkms_3.0.12-2_amd64.buildinfo
Checksums-Sha256:
e7abf1d00bde7a799f1b3eb60c1978b3b8c08bd2cfdf8196bdc1710c325eef52 2360
dkms_3.0.12-2.dsc
6555df61844aa3d8a571ab481284ff1809c7da028c365541863d840ed5d641ba 32108
dkms_3.0.12-2.debian.tar.xz
f7d40156a053d12fa4ea2e6c00405fcd531637cfce4a88e8d7ca2bd0da315911 14820
dh-dkms_3.0.12-2_all.deb
ec3c3af17cad24417451e32724331ca6580b1d63d80efc76ae1f0adeadc9b79a 10264
dkms-noautoinstall-test-dkms_3.0.12-2_all.deb
63cdfd46d37f3532d5b72b1f048b860531950f5e3b7bc48e48ee6ee0a6af777d 10220
dkms-test-dkms_3.0.12-2_all.deb
0fa8bf19ced655b6c4a66cc4930af76ec806c2d41bcac705448a65f787b2d700 51300
dkms_3.0.12-2_all.deb
8eb02f6eaf3e5dd62097da702a58aa872df28fe9c0f487386ade4a610fab07d9 6690
dkms_3.0.12-2_amd64.buildinfo
Files:
2742f7dfe00bd4e93e6dc76e4a5aacc7 2360 kernel optional dkms_3.0.12-2.dsc
4321a7e85c65425f43ae0a23d482a238 32108 kernel optional
dkms_3.0.12-2.debian.tar.xz
71d9d4a9070a61c009d14751881bcc5b 14820 kernel optional dh-dkms_3.0.12-2_all.deb
366508c236e35d6ce86e26ff7c1ac864 10264 kernel optional
dkms-noautoinstall-test-dkms_3.0.12-2_all.deb
c47f7c6079762e0ab57bf63411fd439f 10220 kernel optional
dkms-test-dkms_3.0.12-2_all.deb
4943b3ae618a326bd1e12ec8969f28d4 51300 kernel optional dkms_3.0.12-2_all.deb
b359fa07789732d15fd1c26a6522f7f4 6690 kernel optional
dkms_3.0.12-2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJEBAEBCAAuFiEE6/MKMKjZxjvaRMaUX7M/k1np7QgFAmVvt0IQHGFuYmVAZGVi
aWFuLm9yZwAKCRBfsz+TWentCNBtEACEoQcOWeywgshlgDw+jsPvQ7ZLyxffnRuI
Jf1B/zIXG6DnVyWeX9IQ/7z+qwmc02UWDdIRibcfYudbXILcHsodl4XRt8nIWRiG
OfMeJtX9A/jhmhEJfO/W2l/rE+tXlWK4doj3qEsFAqA/2qPiK2LA1Ts/MmQyaf7+
lTvxohrbm9F/SMo49HFcwDr10lWcNMpZZfvjqFeiIqUmXlW1Qhdri+PbqCSpjzJf
kc7YOge77Cf2q62+lqc9GPDCVifHLdQee3Rf+wWt1+reUBMQmqBOTMBijATlvHBm
JiD7hAT7G2kjlFzPHGPkrb8P+bizxem9hJ2T9jmOWGJWJBzVCLaMghIsjxj+gRAt
aHttzvu31EdKIdeWB+t6rSpXDmu3hPC1smnhA7fC26+u2U1ZN6CcRfnQEwSNj8I6
KgQuApWb1uA3dPZPZDj0lvyMIj0dX8encPHwFsy1xzsnusr+a8eDJJSBryl9AFjd
jaPocKfw0oiaEnYvQaXXgtbxWQn7PtDrhRAXqZ0Lx3IRWIXJJ3EsPfXl1ews3088
mkTniEFroG4jiAQIn3drhrFcnLQmlc4/ccrr0Vk5BuzZCbVLiDVAZ9wtuTXWfJhk
LBg5P+8mzIjfPJknnwc/djnezq1POAkoN7xXZuCJuOQEL3IL/8Q1VudPje2IgOQ2
+7rIgyN2NA==
=oqzX
-----END PGP SIGNATURE-----
--- End Message ---
