1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#1108231: unblock: shim-signed/1.46 systemd-boot-installer/0.10

    From Luca Boccassi@1:229/2 to All on Thu Jul 3 02:00:02 2025
    XPost: linux.debian.devel.release
    From: [email protected]

    On Mon, 30 Jun 2025 13:20:13 +0100 Luca Boccassi <[email protected]>
    wrote:
    Control: tags -1 -moreinfo

    On Thu, 26 Jun 2025 at 19:42, Luca Boccassi <[email protected]> wrote:

    On Thu, 26 Jun 2025 at 19:41, Paul Gevers <[email protected]>
    wrote:

    [re-sending because I got the grub2 mail address wrong]

    Control: tags -1 moreinfo

    Hi,

    On 23-06-2025 19:29, Luca Boccassi wrote:
    The latest upload of shim-signed allows alternative
    dependencies on
    the systemd-boot signed packages.


    Reading the MR related to this change [1] I got the impression
    that the
    bookworm branch of src:grub2 needs to land in bookworm first to
    prevent
    the risks of apt removing the bootloader. AFAICT this didn't
    happen yet.
    What's the plan here?

    IIRC that was waiting for this:

    https://salsa.debian.org/grub-team/grub/-/merge_requests/77

    Julian and Mate still waiting on that one before uploading to
    bookworm-p-u?

    Julian says on Matrix:

    we don't technically need the backport in stable for testing, apt
    applies the Protected: yes at a package level, and will accordingly
    refuse to move grub from stable because the flag is set in the testing
    one

    So I believe we don't need to wait for a grub upload in order to have shim-signed unblocked. Thanks.

    systemd-boot-installer has been pulled into testing (and into D-I RC2),
    but shim-signed wasn't, despite the single unblock ticket grouping
    them. So now the functionality is broken in D-I RC2. If possible, it
    would be great if this was processed soon, to unbreak it, please.

    Thanks!

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)
  • From Luca Boccassi@1:229/2 to Paul Gevers on Thu Jul 3 19:00:01 2025
    XPost: linux.debian.devel.release
    From: [email protected]

    On Thu, 3 Jul 2025 at 17:52, Paul Gevers <[email protected]> wrote:

    Hi,

    On 03-07-2025 01:55, Luca Boccassi wrote:
    systemd-boot-installer has been pulled into testing (and into D-I RC2),
    but shim-signed wasn't, despite the single unblock ticket grouping
    them. So now the functionality is broken in D-I RC2.


    Does this mean there's a versioned dependency missing?

    It's a udeb, it can't and shouldn't have a dependency on a non-udeb
    package that gets installed in the target, no? It's an installer
    script that installs the package in the installed target

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)
  • From Julian Andres Klode@1:229/2 to Paul Gevers on Thu Jul 3 19:10:01 2025
    XPost: linux.debian.devel.release
    From: [email protected]

    On Thu, Jul 03, 2025 at 06:46:05PM +0200, Paul Gevers wrote:
    Hi Julian,

    On 30-06-2025 14:20, Luca Boccassi wrote:
    On Thu, 26 Jun 2025 at 19:42, Luca Boccassi <[email protected]> wrote:
    On Thu, 26 Jun 2025 at 19:41, Paul Gevers <[email protected]> wrote:
    Reading the MR related to this change [1] I got the impression that the bookworm branch of src:grub2 needs to land in bookworm first to prevent the risks of apt removing the bootloader. AFAICT this didn't happen yet.
    What's the plan here?

    Julian says on Matrix:

    we don't technically need the backport in stable for testing, apt applies the Protected: yes at a package level, and will accordingly refuse to move grub from stable because the flag is set in the testing one


    You sounded quite concerned in [2] but the information in the quote above doesn't sound like it's new information to you. What made you change you mind?

    I did not consider that Essential and Protected are evaluated by apt at
    the package level rather than the version level :D

    It just occured to me again when Luca pinged me :D

    --
    debian developer - deb.li/jak | jak-linux.org - free software dev
    ubuntu core developer i speak de, en

    -----BEGIN PGP SIGNATURE-----

    iQIzBAABCgAdFiEET7WIqEwt3nmnTHeHb6RY3R2wP3EFAmhmtwUACgkQb6RY3R2w P3GbGBAAgnfXrFd2vkrktUVHVhzOZ9BUbtJr6j8SqUb9oCdj52EEsqxSJjqAz1sF fD4TZRq8jTseq3qGmvHeZx8qRfyr1VDE+OkIZbMBlb0SXKeTNQYFSVGB5RhdHG6a SU3ltGqTmvFV7SO2V3enBS5PQ/6lk3+a/pri9oHz3/xb+z+DLZtmXzbzmCRZQ+VM IyD/3M6dCPa0O2ZyZBTYqiOJ+PhO4kU13p6yKXHPlMdiDxGynt/mqLJOTglI3Fb5 eh7Ubo0lAZ0UKIwasVaiRXUolFkWB48gvilPbUcXGS447q6H7MTuDtHoYfcJWOXU 0ps5p178yDXSHij8t9b+Fv4WzkL2Ygh6/HM+gaB4oOZyAN24++6biRn4IJoh3mHn pPAgY+1EF1ajUlvnZ3cUXPMsiwiGY2LboejKRVQ4tA+VQvJIsIJwD2rsojLUidmk dJF233wB6V/6CoZ5K2DgRMNPC5et8nklghdm4CVaKBr6bjYKiFv4tc50mkwuenKs duYv7VP9v2MxrKVvCffHg4u+Z62wtvbRltLZH1nlIexBtguH5t4v4uZx2Ey+14KZ ml4l4V7cjVFwmoOFAzzLrBlDRkmfucRfLJnRniqM94MQAmPjjUGLrVoL5hh38Fyu GAwvdTOI/ACiBdPN1aAPysF/TekpGt/weGTUmuRNqd484MG2BOs=
    =fUd1
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Ori