Bug#925436: unblock: fwupdate/12-4

2019-03-27 Thread Niels Thykier 
Ansgar Burchardt:
> Steve McIntyre writes:
>> Please unblock package fwupdate
> 
> Please also unblock
> 
>   fwupdate-amd64-signed/12+4
>   fwupdate-arm64-signed/12+4
>   fwupdate-armhf-signed/12+4
>   fwupdate-i386-signed/12+4
> 
> at the same time.
> 
> Ansgar
> 

Unblocked, thanks.
~Niels

Bug#925436: unblock: fwupdate/12-4

2019-03-25 Thread Ansgar Burchardt 
Steve McIntyre writes:
> Please unblock package fwupdate

Please also unblock

  fwupdate-amd64-signed/12+4
  fwupdate-arm64-signed/12+4
  fwupdate-armhf-signed/12+4
  fwupdate-i386-signed/12+4

at the same time.

Ansgar

Bug#925436: unblock: fwupdate/12-4

2019-03-24 Thread Steve McIntyre 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package fwupdate

I've just made the last minor tweaks around the signing service json
setup needed for UEFI Secure Boot support in Debian. There are also a
couple of small ignorable Ubuntu packaging diffs, and the addition of
a Recommends to also pull in the -signed version when possible during
installation.

Here's the debdiff.

diff -Nru fwupdate-12/debian/changelog fwupdate-12/debian/changelog
--- fwupdate-12/debian/changelog2018-08-06 05:08:34.0 +0100
+++ fwupdate-12/debian/changelog2019-03-25 00:47:29.0 +
@@ -1,3 +1,19 @@
+fwupdate (12-4) unstable; urgency=medium
+
+  [ Steve McIntyre ]
+  * debian/gen_signing_json: Update the format of the json metadata to
+match new requirements:
++ Move all the data under a new top-level "packages" key
++ Add an empty "trusted_certs" key - our binaries do not do any
+  further verification with an embedded key.
+
+  [ Mario Limonciello ]
+  * Install signed packages for secure boot automatically
+  * Use a virtual package fwupdate-signed to resolve the correct package
+  * Stop producing UEFI archive for Ubuntu signed images (LP: #1787254)
+
+ -- Steve McIntyre <93...@debian.org>  Mon, 25 Mar 2019 00:47:29 +
+
 fwupdate (12-3) unstable; urgency=medium
 
   * debian/rules: fix libexecdir location (Closes: #905549)
diff -Nru fwupdate-12/debian/control fwupdate-12/debian/control
--- fwupdate-12/debian/control  2018-08-06 05:02:24.0 +0100
+++ fwupdate-12/debian/control  2019-03-08 22:23:42.0 +
@@ -26,6 +26,7 @@
 Architecture: amd64 i386 armhf arm64
 Multi-Arch: foreign
 Depends: ${shlibs:Depends}, ${misc:Depends}, libfwup1 (= ${binary:Version}), 
efibootmgr, e2fsprogs
+Recommends: fwupdate-signed
 Description: Tools to manage UEFI firmware updates
  fwupdate provides functionality to update system firmware. It has been 
  initially designed to update firmware using UEFI capsule updates, but 
diff -Nru fwupdate-12/debian/gen_signing_json 
fwupdate-12/debian/gen_signing_json
--- fwupdate-12/debian/gen_signing_json 2018-08-06 05:02:24.0 +0100
+++ fwupdate-12/debian/gen_signing_json 2019-03-08 23:22:43.0 +
@@ -16,9 +16,14 @@
 
 rm -f $OUT
 
-printf '{"%s": {\n' "${SOURCE}" >> $OUT
-printf '  "files": [ \n' >> $OUT
-printf '{"sig_type": "efi", "file": "%s"}\n' "${BINARY}" >> $OUT
-printf '  ]\n' >> $OUT
-printf '} }\n' >> $OUT
+printf '{\n' >> $OUT
+printf '  "packages": {\n' >> $OUT
+printf '"%s": {\n' "${SOURCE}" >> $OUT
+printf '  "trusted_certs": [],\n' >> $OUT
+printf '  "files": [ \n' >> $OUT
+printf '{"sig_type": "efi", "file": "%s"}\n' "${BINARY}" >> $OUT
+printf '  ]\n' >> $OUT
+printf '}\n' >> $OUT
+printf '  }\n' >> $OUT
+printf '}\n' >> $OUT
 
diff -Nru fwupdate-12/debian/rules fwupdate-12/debian/rules
--- fwupdate-12/debian/rules2018-08-06 05:07:22.0 +0100
+++ fwupdate-12/debian/rules2019-03-08 22:23:42.0 +
@@ -10,7 +10,6 @@
 SB_STYLE := debian
 ifeq (yes,$(shell dpkg-vendor --derives-from Ubuntu && echo yes))
SB_STYLE := ubuntu
-   tar_name := fwupdate_$(deb_version)_$(DEB_HOST_ARCH).tar.gz
 else
TMPLDIR  := 
debian/fwupdate-$(DEB_HOST_ARCH)-signed-template/usr/share/code-signing/fwupdate-$(DEB_HOST_ARCH)-signed-template
 endif
@@ -68,17 +67,6 @@
 
 override_dh_auto_clean:
dh_auto_clean -- EFIDIR=$(EFIDIR)
-ifeq (ubuntu,$(SB_STYLE))
-   rm -rf debian/fwupdate-images
-endif
 
 override_dh_builddeb:
dh_builddeb -- -Zxz
-ifeq (ubuntu,$(SB_STYLE))
-   mkdir -p debian/fwupdate-images/$(deb_version)
-   cp efi/fwup*.efi debian/fwupdate-images/$(deb_version)
-   echo $(deb_version) \
-   > debian/fwupdate-images/$(deb_version)/version
-   cd debian/fwupdate-images && tar czvf 
../../../$(tar_name) .
-   dpkg-distaddfile $(tar_name) raw-uefi -
-endif
diff -Nru fwupdate-12/debian/signing-template/control 
fwupdate-12/debian/signing-template/control
--- fwupdate-12/debian/signing-template/control 2018-08-06 05:02:24.0 
+0100
+++ fwupdate-12/debian/signing-template/control 2019-03-08 22:23:42.0 
+
@@ -12,6 +12,7 @@
 Package: fwupdate-SIGNARCH-signed
 Section: admin
 Architecture: SIGNARCH
+Provides: fwupdate-signed
 Depends: ${shlibs:Depends}, ${misc:Depends}, fwupdate (= SIGNVERSION)
 Description: Tools to manage UEFI firmware updates (signed)
  fwupdate provides functionality to update system firmware. It has been 


unblock fwupdate/12-4

-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: