Am 26/01/2024 um 13:05 schrieb Fabian Grünbichler: > installing it at least gives the admin a heads up if our base Debian release > is > ever faster shipping a newer version of shim or Grub, which would look > (something) like this: > > Reading package lists... Done > Building dependency tree... Done > Reading state information... Done > The following package was automatically installed and is no longer required: > proxmox-grub > Use 'sudo apt autoremove' to remove it. > The following packages will be REMOVED: > proxmox-secure-boot-support > The following packages will be upgraded: > shim-signed shim-signed-common > 2 upgraded, 0 newly installed, 1 to remove and 0 not upgraded. > > it also allows us to pull in additional signed packages as they become > available. > > Signed-off-by: Fabian Grünbichler <f.gruenbich...@proxmox.com> > --- > it could also be "armed" similar to proxmox-ve, and require some special > action > before being removed.. but since the worst case is that the system fails to > boot with SB enabled, which still should be possible to disable on all systems > where PVE normally runs, that might be overkill..
seems OK w.r.t. change, but do we want this to be either part of the shim, or a separate repo? So that we do not need to ship a new kernel meta package when the shim version pinning needs an update? As it feels a bit unrelated to the kernel meta package in general to me. _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
