** Description changed: [Impact] - * The proposal is to rename modules in -bin to be shipped in the - $platfrom-unsigned directory. + * The proposal is to split src:grub2 into two source packages - * And make -signed-bin package ship modules + src:grub2 will continue to build most things, apart from bin|dbg + |signing-tempate binary packages for platforms that get signed. - * And add dependency from the -bin onto > -signed-bin (>= $grub2-signed - stem) + src:grub2-unsigned source package is source-full copy of src:grub2 that + only builds bin|dbg|signing-tempate binary packages for platforms that + get signed and submits monolithic binaries for signing. - * This allows allows in the future for grub2-signed to pull appropriate - grub modules for a given distro. For example, using 2.04 modules & - signed images from focal on bionic to gain support for TPM verifies and - other EFI platform specific developments without affecting userspace - grub tooling. + src:grub2-signed is built as before, but its maintainer scripts should + be compatible across grub2-common from precise and up. + + Stable series will receive grub2 update that drops building bin|dbg + |signing-template. + + Stable series will receive binary-copy of grub2-unsigned & grub2-signed, + thus on signed platforms EFI apps and modules will be the same across + all series. + [Caveats] - * In devel series, keep grub2 submitting things for signing by setting - SB_SUBMIT := yes + * In devel series, always upload grub2 with matching src:grub2-unsigned + which can be build with ./debian/rules generate-grub2-unsigned command. - * With every new upload bump the version number of the -signed-bin (>= - $grub2-signed-ver) package, to the expected one from grub2-signed. + * In stable series, only upload src:grub2 when fixes needed in update- + grub / grub.cfg / grub-install / etc, but not in the efi modules & apps. - * Upload new grub2-signed with the version set above or higher, - vendoring the desired signed grub2. - - -- - - In stable series to disable submitting signing set SB_SUBMIT := no. - - Then one can upload grub2-signed first, followed by grub2. - - Upload grub2 to bump the version number of the -signed-bin (>= $grub2 - -signed-ver) dependency, to the expected one from grub2-signed. - - Upload new grub2-signed pulling whichever signed grub from whichever - series as needed. + * As needed, binary copy grub2-unsigned & grub2-signed from later series + to stable series. [Test Case] - * Upgrade to new grub-efi-amd64-bin and grub-efi-amd64-signed packages + * Upgrade to new packages * Observe that system boots, one can use grub-mkimage / grub-mkrescue without issues. [Where problems could occur] - * The binaries shipped by -signed packages are innert, they are - bootloader binaries only. The only compatibility that has to be - maintained is within the userspace tooling - specifically maintainer - scripts, and file names and locations. - - [Other Info] - - * See all the bug reports that grub can't be installed or upgraded when - people use -proposed. + * There might be regression on the EFI platforms with grub 2.04 that + have not so far been caught on Focal / Groovy / Hirsute.
** Description changed: [Impact] - * The proposal is to split src:grub2 into two source packages + The proposal is to split src:grub2 into two source packages. src:grub2 will continue to build most things, apart from bin|dbg |signing-tempate binary packages for platforms that get signed. src:grub2-unsigned source package is source-full copy of src:grub2 that only builds bin|dbg|signing-tempate binary packages for platforms that get signed and submits monolithic binaries for signing. src:grub2-signed is built as before, but its maintainer scripts should be compatible across grub2-common from precise and up. Stable series will receive grub2 update that drops building bin|dbg |signing-template. Stable series will receive binary-copy of grub2-unsigned & grub2-signed, thus on signed platforms EFI apps and modules will be the same across all series. - [Caveats] * In devel series, always upload grub2 with matching src:grub2-unsigned - which can be build with ./debian/rules generate-grub2-unsigned command. + and src:grub2-signed. The unsigned package can be build with + ./debian/rules generate-grub2-unsigned command from src:grub2. * In stable series, only upload src:grub2 when fixes needed in update- grub / grub.cfg / grub-install / etc, but not in the efi modules & apps. * As needed, binary copy grub2-unsigned & grub2-signed from later series to stable series. [Test Case] * Upgrade to new packages * Observe that system boots, one can use grub-mkimage / grub-mkrescue without issues. [Where problems could occur] * There might be regression on the EFI platforms with grub 2.04 that have not so far been caught on Focal / Groovy / Hirsute. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1915536 Title: one grub To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1915536/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
