Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package fwupdate
I've just made the last minor tweaks around the signing service json
setup needed for UEFI Secure Boot support in Debian. There are also a
couple of small ignorable Ubuntu packaging diffs, and the addition of
a Recommends to also pull in the -signed version when possible during
installation.
Here's the debdiff.
diff -Nru fwupdate-12/debian/changelog fwupdate-12/debian/changelog
--- fwupdate-12/debian/changelog2018-08-06 05:08:34.0 +0100
+++ fwupdate-12/debian/changelog2019-03-25 00:47:29.0 +
@@ -1,3 +1,19 @@
+fwupdate (12-4) unstable; urgency=medium
+
+ [ Steve McIntyre ]
+ * debian/gen_signing_json: Update the format of the json metadata to
+match new requirements:
++ Move all the data under a new top-level "packages" key
++ Add an empty "trusted_certs" key - our binaries do not do any
+ further verification with an embedded key.
+
+ [ Mario Limonciello ]
+ * Install signed packages for secure boot automatically
+ * Use a virtual package fwupdate-signed to resolve the correct package
+ * Stop producing UEFI archive for Ubuntu signed images (LP: #1787254)
+
+ -- Steve McIntyre <93...@debian.org> Mon, 25 Mar 2019 00:47:29 +
+
fwupdate (12-3) unstable; urgency=medium
* debian/rules: fix libexecdir location (Closes: #905549)
diff -Nru fwupdate-12/debian/control fwupdate-12/debian/control
--- fwupdate-12/debian/control 2018-08-06 05:02:24.0 +0100
+++ fwupdate-12/debian/control 2019-03-08 22:23:42.0 +
@@ -26,6 +26,7 @@
Architecture: amd64 i386 armhf arm64
Multi-Arch: foreign
Depends: ${shlibs:Depends}, ${misc:Depends}, libfwup1 (= ${binary:Version}),
efibootmgr, e2fsprogs
+Recommends: fwupdate-signed
Description: Tools to manage UEFI firmware updates
fwupdate provides functionality to update system firmware. It has been
initially designed to update firmware using UEFI capsule updates, but
diff -Nru fwupdate-12/debian/gen_signing_json
fwupdate-12/debian/gen_signing_json
--- fwupdate-12/debian/gen_signing_json 2018-08-06 05:02:24.0 +0100
+++ fwupdate-12/debian/gen_signing_json 2019-03-08 23:22:43.0 +
@@ -16,9 +16,14 @@
rm -f $OUT
-printf '{"%s": {\n' "${SOURCE}" >> $OUT
-printf ' "files": [ \n' >> $OUT
-printf '{"sig_type": "efi", "file": "%s"}\n' "${BINARY}" >> $OUT
-printf ' ]\n' >> $OUT
-printf '} }\n' >> $OUT
+printf '{\n' >> $OUT
+printf ' "packages": {\n' >> $OUT
+printf '"%s": {\n' "${SOURCE}" >> $OUT
+printf ' "trusted_certs": [],\n' >> $OUT
+printf ' "files": [ \n' >> $OUT
+printf '{"sig_type": "efi", "file": "%s"}\n' "${BINARY}" >> $OUT
+printf ' ]\n' >> $OUT
+printf '}\n' >> $OUT
+printf ' }\n' >> $OUT
+printf '}\n' >> $OUT
diff -Nru fwupdate-12/debian/rules fwupdate-12/debian/rules
--- fwupdate-12/debian/rules2018-08-06 05:07:22.0 +0100
+++ fwupdate-12/debian/rules2019-03-08 22:23:42.0 +
@@ -10,7 +10,6 @@
SB_STYLE := debian
ifeq (yes,$(shell dpkg-vendor --derives-from Ubuntu && echo yes))
SB_STYLE := ubuntu
- tar_name := fwupdate_$(deb_version)_$(DEB_HOST_ARCH).tar.gz
else
TMPLDIR :=
debian/fwupdate-$(DEB_HOST_ARCH)-signed-template/usr/share/code-signing/fwupdate-$(DEB_HOST_ARCH)-signed-template
endif
@@ -68,17 +67,6 @@
override_dh_auto_clean:
dh_auto_clean -- EFIDIR=$(EFIDIR)
-ifeq (ubuntu,$(SB_STYLE))
- rm -rf debian/fwupdate-images
-endif
override_dh_builddeb:
dh_builddeb -- -Zxz
-ifeq (ubuntu,$(SB_STYLE))
- mkdir -p debian/fwupdate-images/$(deb_version)
- cp efi/fwup*.efi debian/fwupdate-images/$(deb_version)
- echo $(deb_version) \
- > debian/fwupdate-images/$(deb_version)/version
- cd debian/fwupdate-images && tar czvf
../../../$(tar_name) .
- dpkg-distaddfile $(tar_name) raw-uefi -
-endif
diff -Nru fwupdate-12/debian/signing-template/control
fwupdate-12/debian/signing-template/control
--- fwupdate-12/debian/signing-template/control 2018-08-06 05:02:24.0
+0100
+++ fwupdate-12/debian/signing-template/control 2019-03-08 22:23:42.0
+
@@ -12,6 +12,7 @@
Package: fwupdate-SIGNARCH-signed
Section: admin
Architecture: SIGNARCH
+Provides: fwupdate-signed
Depends: ${shlibs:Depends}, ${misc:Depends}, fwupdate (= SIGNVERSION)
Description: Tools to manage UEFI firmware updates (signed)
fwupdate provides functionality to update system firmware. It has been
unblock fwupdate/12-4
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8),
LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /