Public bug reported: [Impact]
* When resigning grub in a PPA, one can satisfy the build-depends from the main Ubuntu Archive, without PPA signature ready yet. * In such cases, grub2-signed is missbuilt with signature from an old PPA build attached to a newer binary, resulting in validation errors. * Add a check to ensure that signed grub & build-depends grub are the same [Test Case] * Copy grub2 from -updates into PPA and await signing * Copy grub2-signed from Ubuntu Archive -proposed into PPA * Observe that grub2-signed FTBFS, instead of successfully producing uninstallable/unverifiable debs * Copy grub2 from -proposed into PPA, and await signing * Retry grub2-signed build, which should now succeed [Regression Potential] * Only a build-time quickcheck is added, without any other changes of how signed grub efi images are assembled. [Other Info] * Previously this issue resulted in miss built UC20 grub copies ** Affects: grub2-signed (Ubuntu) Importance: Undecided Status: Fix Released ** Affects: grub2-signed (Ubuntu Focal) Importance: Undecided Status: New ** Affects: grub2-signed (Ubuntu Groovy) Importance: Undecided Status: Fix Released ** Also affects: grub2-signed (Ubuntu Groovy) Importance: Undecided Status: New ** Also affects: grub2-signed (Ubuntu Focal) Importance: Undecided Status: New ** Changed in: grub2-signed (Ubuntu Groovy) Status: New => Incomplete ** Changed in: grub2-signed (Ubuntu Groovy) Status: Incomplete => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1894824 Title: compare grub efi during build To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/grub2-signed/+bug/1894824/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs