From:
[email protected]
Package: systemd-ukify
Version: 257.6-1
Severity: normal
X-Debbugs-Cc:
[email protected]
Dear Maintainer,
This is a request to consider upping the systemd-ukify's recommendation of python3-cryptograhy to a full dependency.
I've been experimenting with systemd-ukify for a while now on trixie, and I've noticed that any secure boot-related operations fail unless I either install recommended packages or (if that is disabled by default) manually install python3-cryptography.
I assume the reason systemd-ukify doesn't depend on python3-cryptography is because secure boot signing isn't strictly neccesary; however, I believe it is a common enough use case to warrant always pulling in python3-cryptography.
The error is not super obvious (just a Python import error) and may appear to be an outright crash bug to novice users.
-- System Information:
Debian Release: 13.0
APT prefers testing-security
APT policy: (500, 'testing-security'), (500, 'testing')
Architecture: arm64 (aarch64)
Kernel: Linux 6.12.20-arm64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_CRAP
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages systemd-ukify depends on:
ii python3 3.13.3-1
ii python3-pefile 2024.8.26-2.1
ii python3-zstandard 0.23.0-4
Versions of packages systemd-ukify recommends:
ii python3-cryptography 43.0.0-3
pn python3-lz4 <none>
ii systemd 257.6-1
ii systemd-boot-efi 257.6-1
pn systemd-repart <none>
systemd-ukify suggests no packages.
-- no debconf information
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)