proxmox-mirrors/shim-signed
1
0
Fork 0
mirror of https://git.proxmox.com/git/shim-signed synced 2025-04-28 13:50:37 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
103 Commits 1 Branch 0 Tags 4.6 MiB
proxmox/bookworm
Commit Graph

98 Commits

Author SHA1 Message Date
Fabian Grünbichler
dee3eefb1b bump version to 1.44+pmx1 
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2024-07-03 12:14:05 +02:00
Fabian Grünbichler
36943f297f releasing package shim-signed version 1.44 
-----BEGIN PGP SIGNATURE-----
 
 iQJFBAABCAAvFiEEzrtSMB1hfpEDkP4WWHl5VzRCaE4FAmaElwURHHN0ZXZlQGVp
 bnZhbC5jb20ACgkQWHl5VzRCaE79og//ffsKbx01ScxviqFMw1Bl0VeeN8B770sX
 DKqwaGRQocjLs2BrV8nNeuOQv96owJp0WRekhcEktRYOWxa3LEWvECgodEkZDDvz
 HkHydHtZWi1G+haDrVpdnRN3qAk5SaKufB1kq5Eyrv02zTVcHmvwHrFkaBcMJ+vq
 vbnlrWBHDRU5N3N322NJfiRkuH22OndlsyvbNlYfdeLhoY/9absqqpkE8gVz1vLo
 BxOp3ieOXTnBeLCHeY48hciLY2PEMxfj2kQ8/fBJgBJES+VnBrZsTLIG7oCwKE/Z
 Dew8peDyO3s6MDtPNrNzNgUJ1m49YqH7lZt96IN4R9GO5mvXIHO39RSpZWJcSKpk
 YmVeb7lbXAbBhLkZ+B5oRCp9cEPvANM7KDQX7Sijj+KzGptoLAwfXodg5+HOdmmW
 ayztJCZzjiN6q8fWvt7zy3P4xQc5IhFG7mPCRFdW/jNHxw06jJW2lsz8xv4QADBQ
 2gt2Dg9FLsaly6HKYY3NOOC52JB30khR/f1hp97hEyVZAPJi3xgLXNTL+POPm3u2
 KDMv8USU/kMmsk2GfDb8sQsOczEO87/stUrRyQppPNMtPmApOrYR1qX4cdGRLjlH
 JPD20wwB4DmvXVhGKWCWGUrbjCKbQA16c2UnA1VDnGfbOvhfkCJhB341DtXpcoj0
 MEnyQFMREYQ=
 =hDAR
 -----END PGP SIGNATURE-----

Merge tag 'debian/1.44' into proxmox/bookworm

releasing package shim-signed version 1.44
 2024-07-03 12:13:22 +02:00
Steve McIntyre
1388b86276 Release 1.44 
With helpful fixes from Fabian Grünbichler
 2024-07-03 01:09:32 +01:00
Fabian Grünbichler
c49e24245a d/rules: import architecture.mk earlier 
else DEB_HOST_ARCH is not potentially not yet set and some invocations might
print a spurious warning.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2024-07-01 09:06:44 +02:00
Fabian Grünbichler
eae47c67a6 ensure shim-helpers is installed in build environment 
else the dpkg-query doesn't work.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2024-07-01 09:06:39 +02:00
Steve McIntyre
b00cc39a71 Fix broken usage of dpkg-query 2024-06-29 13:00:43 +01:00
Fabian Grünbichler
76517a102e bump version to 1.42+pmx1 
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2024-06-28 10:03:54 +02:00
Fabian Grünbichler
0a17a484ae releasing package shim-signed version 1.42 
-----BEGIN PGP SIGNATURE-----
 
 iQJFBAABCAAvFiEEzrtSMB1hfpEDkP4WWHl5VzRCaE4FAmZ9+gIRHHN0ZXZlQGVp
 bnZhbC5jb20ACgkQWHl5VzRCaE486A/+OphutthWPQMDGodem4THuEgZN4QsSYBa
 mE0hZnpXW2NzyvIijWg+anAGObB4MWS/h30aIbS5Fbwy3jiej0YkjMuPlBs3AaXe
 NA896JxsCdxwwBdUFIRlUxclnGdVb8rdeQEcYlQDQgB4nHrnj4dKUNpHBiJ+1wk1
 lwPutZcK7mBqHoKE2NvNAxpV1BYTq9NAGAxrIl/wjD43vk4XqWUDMBs+JhVlRYrt
 cEgsrKF7t9NBu4QPpdazr4r+PD9kRmRbrAoErqBZOD+5JKPxI63b4kEw1nGkiyU/
 9d3STp8hmnOk7RAsXEjekNUuocRdDK44HNTZqA21WThuhOHt2bvzKhKUYKJioEli
 m+K5ApyteqEMdmCLoe6qDHHl4xEvtHkqrKsQfvdATggE8hxFHoGyMY6oWJTzOOlq
 6IINp2wr9EQSLt2UQaJwG3/HqlA2X9IgxzDdros4NduKBZKx+EUUu4XqVb4WgBhF
 AbV2uvgu5RdiWQzmoG+Gpm7vWSVe/E9z1GbtVGlGBLy+z+4Qy31aWlNyCZExzpmP
 9ikZ2z1zQqAu0zuqKiYvSM5L370SjWQVOIAqH1i0jmOFi1sv02aYBP25MYOYu/+l
 2G755Erx5E6uhPL5Oe8ljk69z1jH0DSChwXf8nq4aRyO8+t9YX/T5ovLEQ4EhI9D
 dYR9MV3Eurw=
 =a7RS
 -----END PGP SIGNATURE-----

Merge tag 'debian/1.42' into proxmox/bookworm

releasing package shim-signed version 1.42
 2024-06-28 09:56:36 +02:00
Steve McIntyre
1a43945677 Tweak versioning in runtime dependencies 
using substvars to make things more automatic in future.
 2024-06-28 00:43:32 +01:00
Fabian Grünbichler
f4385ec76c bump version to 1.41+pmx1 
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2024-06-27 09:21:59 +02:00
Steve McIntyre
579934ab14 Release shim-signed 1.41 for sid 2024-06-26 22:04:09 +01:00
Steve McIntyre
39a58b6a50 Remove obsolete override for shimia32.efi.signed 2024-06-26 21:59:01 +01:00
Steve McIntyre
83ca439fd0 Switch from debian/compat to build-dep on debhelper-compat (= 13) 2024-06-26 21:57:43 +01:00
Steve McIntyre
af6228fb12 New signed binaries corresponding to 15.8-1 
Update build-dep on shim-unsigned to use 15.8-1.
Update SBAT to revoke grub binaries with sbat < 4.
Stop building for i386.
 2024-06-26 21:54:35 +01:00
Fabian Grünbichler
2685f4f398 bump version to 1.40+pmx1 
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2024-06-05 12:48:14 +02:00
Fabian Grünbichler
efed1f8c12 d/control: update shim and grub versions 
and drop non-amd64 variants there as well.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2024-06-05 12:47:35 +02:00
Steve McIntyre
18d6115bb9 Add Romanian translation for debconf templates 
thanks to Remus-Gabriel Chelu. Closes: #1039090
 2024-06-05 12:45:12 +02:00
Steve McIntyre
121f77b81d Stop recommending secureboot-db, we don't have that package 
Closes: #1042964, #1041449, #932358
 2024-06-05 12:45:07 +02:00
Fabian Grünbichler
0e65ec51df bump version to 1.39+pmx1 
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2023-11-20 11:31:22 +01:00
Fabian Grünbichler
cc12fb33f8 adapt packaging to Proxmox 
- set Maintainer and repo URLs
- delete arch files we don't currently ship
- add our first signed shim binary

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
 2023-11-20 11:23:47 +01:00
Steve McIntyre
5f7e08d081 Add Romanian translation for debconf templates 
thanks to Remus-Gabriel Chelu. Closes: #1039090
 2023-08-04 11:24:39 +01:00
Steve McIntyre
f8fb9d97bb Stop recommending secureboot-db, we don't have that package 
Closes: #1042964, #1041449, #932358
 2023-08-04 11:05:13 +01:00
Steve McIntyre
70afb966ea Tweak dependencies between packages 2023-03-09 01:00:02 +00:00
Steve McIntyre
f42c3ad26c Add some Closes:, let's kill some bugs! :-) 2023-03-08 22:34:12 +00:00
Steve McIntyre
91ca6febe6 Add pt_BR translation, thanks to Paulo Henrique de Lima Santana 
Closes: #1026415
 2023-03-08 22:32:13 +00:00
Steve McIntyre
3d8d2c2219 postinst/postrm: make config_item() more robust 2023-02-23 22:50:36 +00:00
Steve McIntyre
f819cbfdb4 Update Depends on grub2-common 2023-02-18 00:51:19 +00:00
Steve McIntyre
f54efb4ac0 Tweak changelog 2023-02-18 00:21:56 +00:00
Steve McIntyre
730d7a4eac Remove the NEWS file, now we have working arm64 shim-signed 2023-02-18 00:09:43 +00:00
Steve McIntyre
99e1903af8 Fix up lintian overrides 2023-02-17 13:42:10 +00:00
Steve McIntyre
1555ce2256 New signed binaries corresponding to 15.7-1 
We now have arm64 signed shims again \o/
    Closes: #1008942, #992073

  Pulls multiple other bugfixes in for the signed version:
    Make sbat_var.S parse right with buggy gcc/binutils
    Enable NX support at build time, as required by policy for signing
    new shim binaries.

  Update build-dep on shim-unsigned to use 15.7-1
  Block Debian grub binaries with sbat < 4 (see #1024617)
 2023-02-17 13:32:41 +00:00
Steve McIntyre
52f43dc447 Update build-dep on shim-unsigned to use 15.4-7 2021-07-12 12:51:22 +01:00
Steve McIntyre
da0843e7d4 Tweak how we call grub-install; don't abort on error 
Not ideal behaviour either, but don't break upgrades. Copy the
behaviour from the grub packages here. Closes: #990984
 2021-07-12 12:48:44 +01:00
Steve McIntyre
5cf4d57e20 New signed binaries based on shim 15.4-6 
Pulls multiple bugfixes in for the signed version:

 * Add arm64 patch to tweak section layout and stop crashing
   problems. Upstream issue #371. (#990082, #990190)
 * In insecure mode, don't abort if we can't create the MokListXRT
   variable. Upstream issue #372. (#989962, #990158)

Update build-dep on shim-unsigned to use 15.4-6~deb10u1
 2021-06-29 12:19:03 +01:00
Steve McIntyre
6c669d4cdf Fix duplicated word in the NEWS file 2021-05-09 01:09:20 +01:00
Steve McIntyre
3c632d7410 Update build-dep on shim-unsigned to use 15.4-5 2021-05-06 00:54:04 +01:00
Steve McIntyre
73769cac91 Add defensive code around calls to db_get 
Don't fail if they return errors. Closes: #988114
 2021-05-06 00:52:51 +01:00
Steve McIntyre
a4168ea001 Update build-dep on shim-unsigned 2021-05-04 18:48:00 +01:00
Steve McIntyre
70da2cb6c9 Fix the old doc links for shim-signed. Closes: #988057 2021-05-04 18:47:13 +01:00
Steve McIntyre
52ef752276 If we're not running on an EFI system then exit cleanly 
in postinst and postrm. We have nothing to do here. Closes: #988059
 2021-05-04 17:37:50 +01:00
Steve McIntyre
8a90bd14b0 Add explicit dependency from shim-signed to shim-signed-common 
Closes: #988047, #988056
 2021-05-04 17:35:56 +01:00
Steve McIntyre
43ef6b2363 Release shim-signed 1.34 for sid 2021-05-03 20:13:01 +01:00
Steve McIntyre
e76fa65f42 Add a NEWS file for shim-signed to talk about arm64 
As it's in the package now, no need to link to the wiki.
 2021-05-03 17:38:30 +00:00
Steve McIntyre
7011153faa This upload closes #987991 as well 2021-05-03 16:07:03 +01:00
Steve McIntyre
30a06d5184 Document the maint script changes in the changelog 2021-05-03 16:03:31 +01:00
Steve McIntyre
5f3cdb4f68 Only run grub-install if we're actually running on an EFI system 
Try to avoid errors if people are doing weird things
 2021-05-03 15:03:14 +00:00
Steve McIntyre
3eddc534b7 Move grub-install bits from the -common postinst 
There's no guarantee that it will be called when needed, so switch to
the binary packages instead.
 2021-05-03 15:54:12 +01:00
Steve McIntyre
5e861c3788 Also add a shim-signed.postrm 
Similarly to the postinst, we need to call grub-install to ensure the
boot chain is correct. If we're being remove, *again* work out the
right grub EFI target arch and the grub-install options so we can call
grub-install safely.

Also: grub-install won't clean up after us if we've been uninstalled,
so also go and remove the shim binary from the ESP.
 2021-05-03 14:58:34 +01:00
Steve McIntyre
98f1c68761 Important bugfixes for shim-signed-common.postinst 
As we're calling grub-install and specifying the target EFI arch, make
sure that we're using the *right* EFI arch. If we're on a mixed-mode
x86 system (32-bit UEFI, 64-bit CPU), that means that we need to be
specifying i386-efi here.

Also check to see if grub-efi has been configured to use
--force-extra-removable or --no-nvram. If we're calling grub-install
here, then it's important we follow the same rules or we may end up
breaking installations. :-/
 2021-05-03 14:57:27 +01:00
Steve McIntyre
42609c41b6 Fix typo 2021-05-03 14:27:36 +01:00