Public bug reported:
[Impact]
* When resigning grub in a PPA, one can satisfy the build-depends from the
main Ubuntu Archive, without PPA signature ready yet.
* In such cases, grub2-signed is missbuilt with signature from an old PPA
build attached to a newer binary, resulting in validation errors.
* Add a check to ensure that signed grub & build-depends grub are the same
[Test Case]
* Copy grub2 from -updates into PPA and await signing
* Copy grub2-signed from Ubuntu Archive -proposed into PPA
* Observe that grub2-signed FTBFS, instead of successfully producing
uninstallable/unverifiable debs
* Copy grub2 from -proposed into PPA, and await signing
* Retry grub2-signed build, which should now succeed
[Regression Potential]
* Only a build-time quickcheck is added, without any other changes of
how signed grub efi images are assembled.
[Other Info]
* Previously this issue resulted in miss built UC20 grub copies
** Affects: grub2-signed (Ubuntu)
Importance: Undecided
Status: Fix Released
** Affects: grub2-signed (Ubuntu Focal)
Importance: Undecided
Status: New
** Affects: grub2-signed (Ubuntu Groovy)
Importance: Undecided
Status: Fix Released
** Also affects: grub2-signed (Ubuntu Groovy)
Importance: Undecided
Status: New
** Also affects: grub2-signed (Ubuntu Focal)
Importance: Undecided
Status: New
** Changed in: grub2-signed (Ubuntu Groovy)
Status: New => Incomplete
** Changed in: grub2-signed (Ubuntu Groovy)
Status: Incomplete => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1894824
Title:
compare grub efi during build
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2-signed/+bug/1894824/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
