uefi archive files don't have signed checksums

Bug #1285919 reported by Julian Edwards on 2014-02-28
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Launchpad itself
High
Andy Whitcroft
ubuntu-archive-publishing
High
Colin Watson

Bug Description

Files under /ubuntu/dists/<release>/main/uefi don't have MD5SUMS/SHA256SUMS etc.

Compare to /ubuntu/dists/<release>/main/installer-<arch>/current/images/ which do.

MAAS downloads netboot installer files and is about to sprout support for UEFI. We previously had a CVE raised because the netboot installer downloads were not verified against the archive signature, so it makes sense to ensure these .efi files also get signed checksums.

Related branches

Colin Watson (cjwatson) on 2016-05-24
tags: added: soyuz-publish
Changed in launchpad:
status: New → Triaged
importance: Undecided → High
information type: Public → Public Security
Andy Whitcroft (apw) on 2016-05-24
Changed in launchpad:
assignee: nobody → Andy Whitcroft (apw)
Andy Whitcroft (apw) on 2016-05-24
Changed in launchpad:
status: Triaged → In Progress
Launchpad QA Bot (lpqabot) wrote :
tags: added: qa-needstesting
Andy Whitcroft (apw) wrote :

Tested copies and uploads of all types to PPAs and to the main archive. Confirmed SHA256SUMS was created. Downloaded a representative sample and confirmed the checksums are correct.

tags: added: qa-ok
removed: qa-needstesting
Colin Watson (cjwatson) on 2016-06-20
Changed in ubuntu-archive-publishing:
status: New → In Progress
importance: Undecided → High
assignee: nobody → Colin Watson (cjwatson)
Launchpad QA Bot (lpqabot) wrote :
tags: added: qa-needstesting
removed: qa-ok
Changed in launchpad:
status: In Progress → Fix Committed
Colin Watson (cjwatson) on 2016-06-21
Changed in ubuntu-archive-publishing:
status: In Progress → Fix Committed
Andy Whitcroft (apw) wrote :

Tested changes to launchpad for signing of the new checksum files. Functions correctly in a PPA context.

tags: added: qa-ok
removed: qa-needstesting
Colin Watson (cjwatson) wrote :

I've rolled out the ubuntu-archive-publishing change on pepo.

Changed in ubuntu-archive-publishing:
status: Fix Committed → Fix Released
Colin Watson (cjwatson) on 2016-06-22
Changed in launchpad:
status: Fix Committed → In Progress
Launchpad QA Bot (lpqabot) wrote :
tags: added: qa-needstesting
removed: qa-ok
Changed in launchpad:
status: In Progress → Fix Committed
Andy Whitcroft (apw) wrote :

Confirmed update performs as before.

tags: added: qa-ok
removed: qa-needstesting
Colin Watson (cjwatson) on 2016-06-27
Changed in launchpad:
status: Fix Committed → Fix Released
Andy Whitcroft (apw) wrote :

Final testing on production PPA looks good.

To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers