Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package shim for openSUSE:Factory checked in at 2026-05-27 16:13:22 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/shim (Old) and /work/SRC/openSUSE:Factory/.shim.new.1937 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "shim" Wed May 27 16:13:22 2026 rev:136 rq:1355290 version:16.1 Changes: -------- --- /work/SRC/openSUSE:Factory/shim/shim.changes 2025-12-01 11:11:39.382281053 +0100 +++ /work/SRC/openSUSE:Factory/.shim.new.1937/shim.changes 2026-05-27 16:13:44.216971349 +0200 @@ -1,0 +2,22 @@ +Thu Mar 12 08:23:36 UTC 2026 - Joey Lee <[email protected]> + +- Modified the pretrans Lua script to work around the broken DB issue + caused by buggy firmware when Secure Boot is disabled. + It is impossible for the db to be empty while Secure Boot is enabled. + If the db is empty, the installation behavior will be treated the + same as when Secure Boot is disabled. We allow the shim installation + process to continue and display a message reminding the user to add + the appropriate certificate. (bsc#1259096) + +------------------------------------------------------------------- +Tue Dec 16 09:41:56 UTC 2025 - Joey Lee <[email protected]> + +- shim-install: Add ca_string for SL Micro to update fallback loader + + The fallback loader, /boot/efi/EFI/BOOT/bootaa64.efi or bootx64.efi, + cannot be upgraded by shim-install on SL Micro. The issue case is + SL Micro 6.0. It causes that system gets regression bug because it's + fallback to a old shim. So this patch adds ca_string to SL Micro. + (bsc#1254336) + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ shim.spec ++++++ --- /var/tmp/diff_new_pack.avjdSr/_old 2026-05-27 16:13:49.781200582 +0200 +++ /var/tmp/diff_new_pack.avjdSr/_new 2026-05-27 16:13:49.809201736 +0200 @@ -481,6 +481,14 @@ end end +-- It is impossible for the db to be empty while Secure Boot is enabled. +if db_content == "" or #db_content == 0 then + -- If the db is empty, the installation behavior will be treated the same as when Secure Boot is disabled. + print("WARNING: db variable is empty (no certificates found); proceeding with install.") + print("Please add the appropriate certificate to the db for Secure Boot support.") + return 0 +end + -- Check all target certificates for i, cert_hex in ipairs(TARGET_CERT_HEXES) do ++++++ _scmsync.obsinfo ++++++ --- /var/tmp/diff_new_pack.avjdSr/_old 2026-05-27 16:13:50.397225961 +0200 +++ /var/tmp/diff_new_pack.avjdSr/_new 2026-05-27 16:13:50.429227279 +0200 @@ -1,6 +1,6 @@ -mtime: 1764318903 -commit: 23696729d53bda76217327908e4e22794e6b9c1a067ba7f43d0ddf7f319c1546 -url: https://src.opensuse.org/devel-factory/shim.git -revision: 23696729d53bda76217327908e4e22794e6b9c1a067ba7f43d0ddf7f319c1546 +mtime: 1773304354 +commit: f38c3e6d430bb360664c85a60c2ffe66ec7152b4df13ea58b169a80ddd8a9bf1 +url: https://src.opensuse.org/devel-factory/shim +revision: f38c3e6d430bb360664c85a60c2ffe66ec7152b4df13ea58b169a80ddd8a9bf1 projectscmsync: https://src.opensuse.org/devel-factory/_ObsPrj.git ++++++ build.specials.obscpio ++++++ ++++++ build.specials.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/.gitignore new/.gitignore --- old/.gitignore 1970-01-01 01:00:00.000000000 +0100 +++ new/.gitignore 2026-03-12 09:32:34.000000000 +0100 @@ -0,0 +1 @@ +.osc ++++++ shim-install ++++++ --- /var/tmp/diff_new_pack.avjdSr/_old 2026-05-27 16:13:51.549273423 +0200 +++ /var/tmp/diff_new_pack.avjdSr/_new 2026-05-27 16:13:51.577274577 +0200 @@ -71,9 +71,12 @@ efi_distributor="$bootloader_id" bootloader_id="${bootloader_id}-secureboot" +# bsc#1254336 The sl is for SL Micro. It can be removed afrer SL Micro is EoL case "$bootloader_id" in "sle"*) ca_string='SUSE Linux Enterprise Secure Boot CA1';; + "sl"*) + ca_string='SUSE Linux Enterprise Secure Boot CA1';; "opensuse"*) ca_string='openSUSE Secure Boot CA1';; *) ca_string="";;
