2020-05-05 08:15:51 |
Dimitri John Ledkov |
bug |
|
|
added bug |
2020-05-05 08:16:01 |
Dimitri John Ledkov |
bug task added |
|
grub2-signed (Ubuntu) |
|
2020-05-05 08:16:11 |
Dimitri John Ledkov |
bug task added |
|
s390-tools-signed (Ubuntu) |
|
2020-05-05 08:38:27 |
Dimitri John Ledkov |
attachment added |
|
0001-UBUNTU-download-signed-improve-to-support-grub2-down.patch https://bugs.launchpad.net/ubuntu/+source/s390-tools-signed/+bug/1876875/+attachment/5366680/+files/0001-UBUNTU-download-signed-improve-to-support-grub2-down.patch |
|
2020-05-05 12:31:43 |
Ubuntu Foundations Team Bug Bot |
tags |
|
patch |
|
2020-05-05 12:31:45 |
Ubuntu Foundations Team Bug Bot |
bug |
|
|
added subscriber Terry Rudd |
2020-05-05 12:54:47 |
Francis Ginther |
tags |
patch |
id-5eb1356d8ee9193c6cf7fc0b patch |
|
2020-05-20 12:26:33 |
Dimitri John Ledkov |
linux-signed (Ubuntu): status |
New |
In Progress |
|
2020-05-20 12:28:42 |
Dimitri John Ledkov |
description |
[Impact]
* Improve and generalise download-signed script to allow using it with any signed binaries we care about
* Add support to download simply the most current version
* Add support to download /uefi/ signed binaries
* Clean up arg parsing, add help, drop unused statements & imports.
[Test Case]
* Test downloading signed kernel works with public & private archives
* Test that rebuilt signed .debs are the same
[Regression Potential]
* This is a built time script, as long the binaries are downloaded & packaged up the same, there is no end-user facing impact.
[Other Info]
* With these changes, download-signed script can be used by s390-tools-signed & grub2-signed, as well as all the kernels. |
[Impact]
* Improve and generalise download-signed script to allow using it with any signed binaries we care about
* Add support to download simply the most current version
* Add support to download /uefi/ signed binaries
* Clean up arg parsing, add help, drop unused statements & imports.
[Test Case]
* Test downloading signed kernel works with public & private archives
* Test that rebuilt signed .debs are the same
[Regression Potential]
* This is a built time script, as long the binaries are downloaded & packaged up the same, there is no end-user facing impact.
[Other Info]
* With these changes, download-signed script can be used by s390-tools-signed & grub2-signed, as well as all the kernels.
* This is needed to support resigning with different keys for different ubuntu products. For example, UC20 uses the same grub binaries, but wants an additional trustpath to UC20 CA for grade:secured core images. At the moment creating such a signature is only possible via a round-trip in a PPA. |
|
2020-05-20 14:40:53 |
Launchpad Janitor |
grub2-signed (Ubuntu): status |
New |
Fix Released |
|
2020-06-03 11:56:50 |
Dimitri John Ledkov |
s390-tools-signed (Ubuntu): status |
New |
Won't Fix |
|
2020-06-03 11:56:57 |
Dimitri John Ledkov |
linux-signed (Ubuntu): importance |
Undecided |
Wishlist |
|
2020-06-03 11:57:59 |
Dimitri John Ledkov |
linux-signed (Ubuntu): status |
In Progress |
Fix Committed |
|
2020-06-04 10:31:25 |
Łukasz Zemczak |
grub2-signed (Ubuntu Focal): status |
New |
Fix Committed |
|
2020-06-04 10:31:27 |
Łukasz Zemczak |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2020-06-04 10:31:29 |
Łukasz Zemczak |
bug |
|
|
added subscriber SRU Verification |
2020-06-04 10:31:33 |
Łukasz Zemczak |
tags |
id-5eb1356d8ee9193c6cf7fc0b patch |
id-5eb1356d8ee9193c6cf7fc0b patch verification-needed verification-needed-focal |
|
2020-06-05 17:40:24 |
Dimitri John Ledkov |
tags |
id-5eb1356d8ee9193c6cf7fc0b patch verification-needed verification-needed-focal |
id-5eb1356d8ee9193c6cf7fc0b patch verification-done verification-done-focal |
|
2020-06-18 09:21:48 |
Łukasz Zemczak |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
2020-06-18 09:21:47 |
Launchpad Janitor |
grub2-signed (Ubuntu Focal): status |
Fix Committed |
Fix Released |
|
2020-08-26 08:57:32 |
Launchpad Janitor |
linux-signed (Ubuntu): status |
Fix Committed |
Fix Released |
|