Backport gnu-efi 3.0.8 to all supported releases for SHIM

Bug #1790709 reported by Mathieu Trudel-Lapierre on 2018-09-04
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
gnu-efi (Ubuntu)
Undecided
Unassigned
Trusty
Undecided
Unassigned
Xenial
Undecided
Unassigned
Bionic
Undecided
Unassigned
syslinux (Ubuntu)
High
Mathieu Trudel-Lapierre
Bionic
Undecided
Unassigned

Bug Description

[Impact]
All users on UEFI systems.

Gnu-efi needs to be backported everywhere to support new shim releases. This applies to bionic, xenial, and trusty.

This is to properly build the new shim releases on these releases of Ubuntu.

[Test cases]
-- build tests --
Validate that the following reverse-dependencies build correctly:

Reverse-Build-Depends-Indep
===========================
* syslinux

Reverse-Build-Depends
=====================
* dell-recovery
* efitools
* fwupd
* fwupdate
* kexec-tools
* refind
* sbsigntool
* shim
* systemd

Rebuild tests will happen in https://launchpad.net/~cyphermox/+archive/ubuntu/rebuild-tests

== Functionality tests ==

Run the following tests after the packages have been rebuilt against the new gnu-efi.

=== mokutil ===
Validate that mokutil can process:
- Certificate import: mokutil --import <file.der>
- List enrolled certificates: mokutil --list-enrolled
- Set verbosity: mokutil --set-verbosity true

Reboot, and validate that MokManager processes the requested changes.

[Regression potential]
gnu-efi is a library that supports applications in handling EFI variables in and outside of the runtime environment, along with supporting standard library features for EFI applications. As such, any application that makes uses of EFI variables on a running system or as their own EFI application should be validated against possible corruption of the contents of the variables, as well as doing smoketesting of the EFI applications themselves for incorrect behavior, crashes, and other runtime issues.

syslinux in bionic and newer need a small fix to avoid FTBFS now that gnu-efi provides memset() and memcpy().

description: updated
Changed in gnu-efi (Ubuntu):
status: New → Fix Released
Changed in syslinux (Ubuntu):
status: New → In Progress
assignee: nobody → Mathieu Trudel-Lapierre (cyphermox)
importance: Undecided → High
description: updated

Hello Mathieu, or anyone else affected,

Accepted gnu-efi into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/gnu-efi/3.0.8-0ubuntu1~18.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in gnu-efi (Ubuntu Bionic):
status: New → Fix Committed
tags: added: verification-needed verification-needed-bionic
Changed in gnu-efi (Ubuntu Xenial):
status: New → Fix Committed
tags: added: verification-needed-xenial
Steve Langasek (vorlon) wrote :

Hello Mathieu, or anyone else affected,

Accepted gnu-efi into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/gnu-efi/3.0.8-0ubuntu1~16.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in gnu-efi (Ubuntu Trusty):
status: New → Fix Committed
tags: added: verification-needed-trusty
Steve Langasek (vorlon) wrote :

Hello Mathieu, or anyone else affected,

Accepted gnu-efi into trusty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/gnu-efi/3.0.8-0ubuntu1~14.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-trusty to verification-done-trusty. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-trusty. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package syslinux - 3:6.04~git20171011.af7e95c3+dfsg1-4ubuntu1

---------------
syslinux (3:6.04~git20171011.af7e95c3+dfsg1-4ubuntu1) cosmic; urgency=medium

  * Rebuild against gnu-efi 3.0.8 with necessary porting (LP: #1790709)
    - debian/patches/remove-VPrint.patch: Don't redefine VPrint(), since it's
      provided by gnu-efi.
    - debian/patches/gnu-efi_3.0.8_support.patch: filter out memset, memcpy
      objects, since they are provided by gnu-efi.

 -- Mathieu Trudel-Lapierre <email address hidden> Fri, 07 Sep 2018 16:21:11 -0400

Changed in syslinux (Ubuntu):
status: In Progress → Fix Released

Rebuilds in PPA have all passed -- the failures for efitools are exactly the same as they previously were and due to EFI not being available (or sbsigntool, efivar, etc.) on those architectures:

https://launchpad.net/~cyphermox/+archive/ubuntu/rebuild-tests/+packages

In any case, amd64 (the only arch that built for efitools) has not regressed.

syslinux for bionic needs a patch, which in currently waiting in the bionic unapproved queue.

tags: added: verification-done-bionic verification-done-trusty verification-done-xenial
removed: verification-needed verification-needed-bionic verification-needed-trusty verification-needed-xenial

The verification of the Stable Release Update for gnu-efi has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gnu-efi - 3.0.8-0ubuntu1~18.04.1

---------------
gnu-efi (3.0.8-0ubuntu1~18.04.1) bionic; urgency=medium

  * New upstream version 3.0.8. (LP: #1790709)
  * debian/patches: drop patches, included upstream.
  * Reinstate d/p/ARM-hide-hidden-pragma-for-hosted-build.patch; otherwise
    sbsigntool fails to build on armhf.

 -- Mathieu Trudel-Lapierre <email address hidden> Tue, 04 Sep 2018 15:09:02 -0400

Changed in gnu-efi (Ubuntu Bionic):
status: Fix Committed → Fix Released
Steve Langasek (vorlon) wrote :

shouldn't syslinux also get a versioned build-dependency on gnu-efi for this?

Changed in syslinux (Ubuntu Bionic):
status: New → Incomplete
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gnu-efi - 3.0.8-0ubuntu1~16.04.1

---------------
gnu-efi (3.0.8-0ubuntu1~16.04.1) xenial; urgency=medium

  * New upstream version 3.0.8. (LP: #1790709)
  * debian/patches: drop patches, included upstream.
  * Reinstate d/p/ARM-hide-hidden-pragma-for-hosted-build.patch; otherwise
    sbsigntool fails to build on armhf.

 -- Mathieu Trudel-Lapierre <email address hidden> Tue, 04 Sep 2018 15:28:31 -0400

Changed in gnu-efi (Ubuntu Xenial):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gnu-efi - 3.0.8-0ubuntu1~14.04.1

---------------
gnu-efi (3.0.8-0ubuntu1~14.04.1) trusty; urgency=medium

  * New upstream version 3.0.8. (LP: #1790709)
  * debian/patches: drop patches, included upstream.
  * Reinstate d/p/ARM-hide-hidden-pragma-for-hosted-build.patch; otherwise
    sbsigntool fails to build on armhf.
  * debian/patches/intptr_define.patch: include stdint.h from inc/efilink.h.

 -- Mathieu Trudel-Lapierre <email address hidden> Tue, 04 Sep 2018 15:30:59 -0400

Changed in gnu-efi (Ubuntu Trusty):
status: Fix Committed → Fix Released

Hello Mathieu, or anyone else affected,

Accepted syslinux into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/syslinux/3:6.03+dfsg1-2ubuntu0.18.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in syslinux (Ubuntu Bionic):
status: Incomplete → Fix Committed
Łukasz Zemczak (sil2100) wrote :

The verification-done-bionic tag has not been re-set after the syslinux package has been accepted. Did all the validation steps have been performed for the package after it has been re-built? I see the test-case defines some functionality tests - are those also required in this case?

tags: added: verification-needed-bionic
removed: verification-done-bionic
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers