Bug#1106024: marked as done (systemd-boot: creates a useless CSV file)

[Debian Bug Tracking System]

Your message dated Thu, 29 May 2025 20:58:35 +0000
with message-id <e1ukkkh-006sen...@fasolo.debian.org>
and subject line Bug#1106024: fixed in systemd 257.6-1
has caused the Debian Bug report #1106024,
regarding systemd-boot: creates a useless CSV file
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1106024: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106024
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: systemd-boot
Version: 257.2-3

Hi,





This won't work for several reasons:







All necessary information about shim's fallback helper can be found here:

https://github.com/rhboot/shim/blob/main/README.fallback

So systemd-boot's postinst script can be fixed by:

- Also copy fb{efi_arch}.efi to \EFI\BOOT (in addition of shim)

- Create the CSV file with something like:







Regards,

--
Raphaël Halimi

systemd-boot's postinst script creates the CSV file for shim's fallback helper with the following line: echo "shim${efi_arch}.efi,${vendor},,This is the boot entry for ${vendor}" > "${esp_path}/EFI/${vendor}/BOOT${efi_arch_upper}.CSV" 1/ This creates a file with ASCII text, whereas fb${efi_arch}.efi expects UCS-2 text 2/ There is no parameter for shim${efi_arch}.efi to know what to chainload, so it will try to load grub${efi_arch}.efi, which won't exist anymore (since the whole stanza will only run if GRUB is removed) 3/ The copy of shim${efi_arch}.efi in \EFI\BOOT is useless by itself, since without any parameter or fb{efi_arch}.efi, it will also try to chainload a missing grub${efi_arch}.efi (note that this theoretically also applies to GRUB, see below) echo "shim${efi_arch}.efi,${vendor_upper},\\EFI\systemd\systemd-boot${efi_arch}.efi \\0,This is the boot entry for ${vendor_upper}" | iconv -t UCS-2 > "${esp_path}/EFI/${vendor}/BOOT${efi_arch_upper}.CSV" With these modifications, shim's fallback helper would re-create an UEFI boot entry almost identical to the one that the current postinst creates with `efibootmgr` (it will prepend shim's path with a backslash, maybe it should also be done in the `efibootmgr` command to more closely follow shim's behavior, although it currently works as-is) which actually works as intended. To test it, after applying those two modifications, delete the UEFI boot entry that was created with `efibootmgr`, use the firmware's boot menu to boot from the hard disk, wait for the countdown, and the fallback helper will re-create an UEFI boot entry identical to the one created by the postinst's `efibootmgr` command.
--- End Message ---

--- Begin Message ---

Source: systemd
Source-Version: 257.6-1
Done: Luca Boccassi <bl...@debian.org>

We believe that the bug you reported is fixed in the latest version of
systemd, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1106...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Luca Boccassi <bl...@debian.org> (supplier of updated systemd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 29 May 2025 17:52:48 +0100
Source: systemd
Architecture: source
Version: 257.6-1
Distribution: unstable
Urgency: medium
Maintainer: Debian systemd Maintainers 
<pkg-systemd-maintain...@lists.alioth.debian.org>
Changed-By: Luca Boccassi <bl...@debian.org>
Closes: 1005282 1104663 1105743 1106024
Changes:
 systemd (257.6-1) unstable; urgency=medium
 .
   [ Luca Boccassi ]
   * d/copyright: use GPL URL instead of old FSF postal address.
   * d/signing-template/copyright: use GPL URL instead of old FSF postal
     address.
   * d/control: bump Standards-Version to 4.7.2, no changes
   * Add version to systemd-boot-efi-signed virtual package. Otherwise
     dependency on systemd-boot-efi-signed (>= 257.5-2) is not satisfiable
     (Closes: #1104663)
   * systemd-homed: add dependency on polkitd (Closes: #1105743)
   * systemd-boot: fix BOOT.CSV usage (Closes: #1106024)
   * Update upstream source from tag 'upstream/257.6' Update to upstream
     version '257.6' with Debian dir
     907f7fd2ae07adbab0ffd7b9235fc25435f12bab
     (Fixes CVE-2025-4598)
   * Drop patches, merged upstream
 .
   [ Tim Small ]
   * document requirement to sync *.link files with initrd (Closes:
     #1005282)
 .
   [ Kirill Rekhov ]
   * Set upstream metadata fields: Security-Contact
Checksums-Sha1:
 87938213a9da8345691d6c6bac05e26e91afa66f 8614 systemd_257.6-1.dsc
 d9022cbcc23f7a8e08f3779be69139cc4307bfef 16321562 systemd_257.6.orig.tar.gz
 6ae3dbcbc9182966e06e7d196caabce28c35628d 182228 systemd_257.6-1.debian.tar.xz
 8d500b4d27a549ee71f5d860d20e4358745df791 14075 systemd_257.6-1_source.buildinfo
Checksums-Sha256:
 6edd1e36ac1c7759796182701b83f45a9e96c86a708d153ca64a83b82e4383f3 8614 
systemd_257.6-1.dsc
 1ac656c61e595cc6e653883d554caadd2053f323d9065c0daff69f83368b120c 16321562 
systemd_257.6.orig.tar.gz
 e93575db3db98d4f0612798560a1f334ebcaf3033212635dd9d5ee4a11bc1455 182228 
systemd_257.6-1.debian.tar.xz
 4f29e95dc64569d042c06fcfb8cdb0bdd2787061e2112d27c2a6090808826c01 14075 
systemd_257.6-1_source.buildinfo
Files:
 7fbba721bf8da174573a1a8c0e3dc9e4 8614 admin optional systemd_257.6-1.dsc
 458b07e140cd65d25baf7752398c5d13 16321562 admin optional 
systemd_257.6.orig.tar.gz
 794e08b0d1fb23ce41b0c8191d531f50 182228 admin optional 
systemd_257.6-1.debian.tar.xz
 49446e74337626a3d96e8ac006c7be41 14075 admin optional 
systemd_257.6-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEErCSqx93EIPGOymuRKGv37813JB4FAmg4l3gRHGJsdWNhQGRl
Ymlhbi5vcmcACgkQKGv37813JB777xAAigUaGDHOLqMMp7LpfoYOtS/2cCHNIYWU
3b8rrJGH5cNyEcE28qyf3UvQQlYrqhvuyQ1VIY3jjvgb3hfiiX/GMq+vULAlhKxR
9eIIWjNEeJctQIXfkG95bf5ZlqtbzTUCtwZjTxNPiQwArCZJkiSfCwsukLRemTrf
Kvu9J05GCnZfMuGTRjdRkylwLE41vEXJC03qiLDqCbP561rA9RtEs8Ph+NqSCyBN
bxR9zdQsjtyTbwnNod8RiuQXZdDf+y41oBPqW/5FuSvDyUrNQCCl4X1nX+U0mlji
a7N/UlJvawCIq42Rr+YbLqQb9mbs0eV76ETrccFHwrJOmdp24hFtCCF+4N7hnBs+
uIVIo/B7rkeHaBB+IQtepSVIbrwWnykyAMK9RTkmQGBKWK87+mX4vAb48PK/UY1P
fsk16rWxD4Mn535i+aNSwDeJE0SZua+iP4n+vNw7GtZrwIJKLHIr6fyl0zTk5JBM
xv+ejvcgEO6iYM5lfKcA7itdPrqZ14ObJWCq0yQOc9TvlGWv2h/EUbjfJ6sCjrAh
3tU/2gtRJFx3LO3KRq40Dg74i80nRwJEibt/xLtnlNaB1XRwPWeuX2mlbS0ApDaP
wombzmV/soNQhSv0ysytPzwngmCVeTrjs1L5uxLHeUy0/PcxeY8lp7WOhkw9l42Q
M/Y+8TyUrjg=
=4a98
-----END PGP SIGNATURE-----

pgpTpl0lpHW7w.pgp
Description: PGP signature

--- End Message ---