Ubuntu
shim-signed package

Bug #2004208
Activity log

Activity log for bug #2004208

Date	Who	What changed	Old value	New value	Message
2023-01-30 21:50:28	dann frazier	bug			added bug
2023-01-30 23:09:00	Launchpad Janitor	merge proposal linked		https://code.launchpad.net/~dannf/shim/+git/shim-signed/+merge/436567
2023-01-31 11:54:24	Julian Andres Klode	description	I couldn't figure out why the alternative wasn't being updated to the new shim after I installed a kernel installed w/ a 2022 key. Turns out its because we hardcode shimx64 in the kernel hook: ubuntu@ubuntu:~$ grep x64 /etc/kernel/postinst.d/zz-shim if update-alternatives --query shimx64.efi.signed \| grep "Best: /usr/lib/shim/shimx64.efi.signed.previous" -q; then There also seems to be a number of residual x64 references in the postinst: ubuntu@ubuntu:~$ grep x64 /var/lib/dpkg/info/shim-signed.* /var/lib/dpkg/info/shim-signed.postinst: for efi_arch in x64 aa64; do /var/lib/dpkg/info/shim-signed.postinst: update-alternatives --install /usr/lib/shim/shim${efi_arch}.efi.signed shimx64.efi.signed /usr/lib/shim/shim${efi_arch}.efi.signed.latest 100 /var/lib/dpkg/info/shim-signed.postinst: update-alternatives --install /usr/lib/shim/shim${efi_arch}.efi.signed shimx64.efi.signed /usr/lib/shim/shim${efi_arch}.efi.signed.previous 50 /var/lib/dpkg/info/shim-signed.postinst: update-alternatives --install /usr/lib/shim/shim${efi_arch}.efi.signed shimx64.efi.signed /usr/lib/shim/shim${efi_arch}.efi.signed.latest 50 /var/lib/dpkg/info/shim-signed.postinst: update-alternatives --install /usr/lib/shim/shim${efi_arch}.efi.signed shimx64.efi.signed /usr/lib/shim/shim${efi_arch}.efi.signed.previous 100 /var/lib/dpkg/info/shim-signed.postinst: if update-alternatives --query shimx64.efi.signed \| grep "Best: /usr/lib/shim/shimx64.efi.signed.previous" -q; then	[Impact] I couldn't figure out why the alternative wasn't being updated to the new shim after I installed a kernel installed w/ a 2022 key. Turns out its because we hardcode shimx64 in the kernel hook: ubuntu@ubuntu:~$ grep x64 /etc/kernel/postinst.d/zz-shim if update-alternatives --query shimx64.efi.signed \| grep "Best: /usr/lib/shim/shimx64.efi.signed.previous" -q; then There also seems to be a number of residual x64 references in the postinst: ubuntu@ubuntu:~$ grep x64 /var/lib/dpkg/info/shim-signed.* /var/lib/dpkg/info/shim-signed.postinst: for efi_arch in x64 aa64; do /var/lib/dpkg/info/shim-signed.postinst: update-alternatives --install /usr/lib/shim/shim${efi_arch}.efi.signed shimx64.efi.signed /usr/lib/shim/shim${efi_arch}.efi.signed.latest 100 /var/lib/dpkg/info/shim-signed.postinst: update-alternatives --install /usr/lib/shim/shim${efi_arch}.efi.signed shimx64.efi.signed /usr/lib/shim/shim${efi_arch}.efi.signed.previous 50 /var/lib/dpkg/info/shim-signed.postinst: update-alternatives --install /usr/lib/shim/shim${efi_arch}.efi.signed shimx64.efi.signed /usr/lib/shim/shim${efi_arch}.efi.signed.latest 50 /var/lib/dpkg/info/shim-signed.postinst: update-alternatives --install /usr/lib/shim/shim${efi_arch}.efi.signed shimx64.efi.signed /usr/lib/shim/shim${efi_arch}.efi.signed.previous 100 /var/lib/dpkg/info/shim-signed.postinst: if update-alternatives --query shimx64.efi.signed \| grep "Best: /usr/lib/shim/shimx64.efi.signed.previous" -q; then [Test plan] Install a kernel signed with 2022 key on arm64, make sure that shimaa64.efi.signed alternative points to latest [Where problems could occur] Added/changed code could potentially break stuff on amd64.
2023-01-31 13:15:43	Julian Andres Klode	bug task added		canonical-signing-jobs
2023-01-31 13:16:11	Julian Andres Klode	bug task deleted	canonical-signing-jobs
2023-01-31 13:16:41	Julian Andres Klode	nominated for series		Ubuntu Focal
2023-01-31 13:16:41	Julian Andres Klode	bug task added		shim-signed (Ubuntu Focal)
2023-01-31 13:16:41	Julian Andres Klode	nominated for series		Ubuntu Bionic
2023-01-31 13:16:41	Julian Andres Klode	bug task added		shim-signed (Ubuntu Bionic)
2023-01-31 13:16:41	Julian Andres Klode	nominated for series		Ubuntu Kinetic
2023-01-31 13:16:41	Julian Andres Klode	bug task added		shim-signed (Ubuntu Kinetic)
2023-01-31 13:16:41	Julian Andres Klode	nominated for series		Ubuntu Jammy
2023-01-31 13:16:41	Julian Andres Klode	bug task added		shim-signed (Ubuntu Jammy)
2023-01-31 13:16:59	Julian Andres Klode	bug task added		canonical-signing-jobs
2023-01-31 13:17:24	Julian Andres Klode	canonical-signing-jobs: status	New	Confirmed
2023-01-31 13:18:53	Andy Whitcroft	canonical-signing-jobs: status	Confirmed	In Progress
2023-01-31 13:18:55	Andy Whitcroft	canonical-signing-jobs: importance	Undecided	High
2023-01-31 13:18:57	Andy Whitcroft	canonical-signing-jobs: assignee		Andy Whitcroft (apw)
2023-01-31 13:32:33	Andy Whitcroft	bug task deleted	canonical-signing-jobs/task00
2023-01-31 13:58:57	Andy Whitcroft	canonical-signing-jobs/task00: importance	Undecided	Medium
2023-01-31 13:58:57	Andy Whitcroft	canonical-signing-jobs/task00: assignee		Andy Whitcroft (apw)
2023-01-31 13:58:57	Andy Whitcroft	canonical-signing-jobs/task00: importance explanation	unset	unset
2023-01-31 13:58:57	Andy Whitcroft	canonical-signing-jobs/task00: status explanation	unset	validate \ --exclude kinetic:shim --publications ~ubuntu-uefi-team/+archive/ubuntu/ppa/+sourcepub/14471577 copy \ --from ppa:ubuntu-uefi-team/ubuntu/ppa --from-suite kinetic --sources \ shim-signed/1.54/signing \ --to signing:ubuntu/4 --to-suite kinetic copy \ --from signing:ubuntu/4 --from-suite kinetic --sources \ shim-signed/1.54 \ --to ppa:ubuntu-uefi-team/ubuntu/proposed --to-suite kinetic delete \ --from signing:ubuntu/4 --from-suite kinetic --sources \ shim-signed/1.54
2023-01-31 13:58:58	Andy Whitcroft	canonical-signing-jobs/task00: status	New	Triaged
2023-01-31 14:00:02	Andy Whitcroft	canonical-signing-jobs/task01: importance	Undecided	Medium
2023-01-31 14:00:02	Andy Whitcroft	canonical-signing-jobs/task01: assignee		Andy Whitcroft (apw)
2023-01-31 14:00:02	Andy Whitcroft	canonical-signing-jobs/task01: importance explanation	unset	unset
2023-01-31 14:00:02	Andy Whitcroft	canonical-signing-jobs/task01: status explanation	unset	validate \ --exclude jammy:shim --publications ~ubuntu-uefi-team/+archive/ubuntu/ppa/+sourcepub/14471576 copy \ --from ppa:ubuntu-uefi-team/ubuntu/ppa --from-suite jammy --sources \ shim-signed/1.51.3/signing \ --to signing:ubuntu/4 --to-suite jammy copy \ --from signing:ubuntu/4 --from-suite jammy --sources \ shim-signed/1.51.3 \ --to ppa:ubuntu-uefi-team/ubuntu/proposed --to-suite jammy delete \ --from signing:ubuntu/4 --from-suite jammy --sources \ shim-signed/1.51.3
2023-01-31 14:00:03	Andy Whitcroft	canonical-signing-jobs/task01: status	New	Triaged
2023-01-31 14:00:29	Andy Whitcroft	canonical-signing-jobs/task02: importance	Undecided	Medium
2023-01-31 14:00:29	Andy Whitcroft	canonical-signing-jobs/task02: assignee		Andy Whitcroft (apw)
2023-01-31 14:00:29	Andy Whitcroft	canonical-signing-jobs/task02: importance explanation	unset	unset
2023-01-31 14:00:29	Andy Whitcroft	canonical-signing-jobs/task02: status explanation	unset	validate \ --exclude focal:shim --publications ~ubuntu-uefi-team/+archive/ubuntu/ppa/+sourcepub/14471540 copy \ --from ppa:ubuntu-uefi-team/ubuntu/ppa --from-suite focal --sources \ shim-signed/1.40.9/signing \ --to signing:ubuntu/4 --to-suite focal copy \ --from signing:ubuntu/4 --from-suite focal --sources \ shim-signed/1.40.9 \ --to ppa:ubuntu-uefi-team/ubuntu/proposed --to-suite focal delete \ --from signing:ubuntu/4 --from-suite focal --sources \ shim-signed/1.40.9
2023-01-31 14:00:30	Andy Whitcroft	canonical-signing-jobs/task02: status	New	Triaged
2023-01-31 14:00:45	Andy Whitcroft	canonical-signing-jobs/task03: importance	Undecided	Medium
2023-01-31 14:00:45	Andy Whitcroft	canonical-signing-jobs/task03: assignee		Andy Whitcroft (apw)
2023-01-31 14:00:45	Andy Whitcroft	canonical-signing-jobs/task03: importance explanation	unset	unset
2023-01-31 14:00:45	Andy Whitcroft	canonical-signing-jobs/task03: status explanation	unset	validate \ --exclude bionic:shim --publications ~ubuntu-uefi-team/+archive/ubuntu/ppa/+sourcepub/14471532 copy \ --from ppa:ubuntu-uefi-team/ubuntu/ppa --from-suite bionic --sources \ shim-signed/1.37~18.04.13/signing \ --to signing:ubuntu/4 --to-suite bionic copy \ --from signing:ubuntu/4 --from-suite bionic --sources \ shim-signed/1.37~18.04.13 \ --to ppa:ubuntu-uefi-team/ubuntu/proposed --to-suite bionic delete \ --from signing:ubuntu/4 --from-suite bionic --sources \ shim-signed/1.37~18.04.13
2023-01-31 14:00:46	Andy Whitcroft	canonical-signing-jobs/task03: status	New	Triaged
2023-01-31 14:01:32	Andy Whitcroft	canonical-signing-jobs/task00: status	Triaged	Confirmed
2023-01-31 14:01:42	Andy Whitcroft	canonical-signing-jobs/task01: status	Triaged	Confirmed
2023-01-31 14:01:52	Andy Whitcroft	canonical-signing-jobs/task02: status	Triaged	Confirmed
2023-01-31 14:02:00	Andy Whitcroft	canonical-signing-jobs/task03: status	Triaged	Confirmed
2023-01-31 14:05:09	Andy Whitcroft	canonical-signing-jobs/task00: status	Confirmed	In Progress
2023-01-31 14:05:12	Andy Whitcroft	canonical-signing-jobs/task01: status	Confirmed	In Progress
2023-01-31 14:05:14	Andy Whitcroft	canonical-signing-jobs/task02: status	Confirmed	In Progress
2023-01-31 14:05:17	Andy Whitcroft	canonical-signing-jobs/task03: status	Confirmed	In Progress
2023-01-31 14:06:36	Andy Whitcroft	canonical-signing-jobs: status	In Progress	Fix Committed
2023-01-31 14:55:56	Andy Whitcroft	canonical-signing-jobs/task00: status	In Progress	Invalid
2023-01-31 14:56:03	Andy Whitcroft	canonical-signing-jobs/task01: status	In Progress	Invalid
2023-01-31 14:56:14	Andy Whitcroft	canonical-signing-jobs/task02: status	In Progress	Invalid
2023-01-31 14:56:23	Andy Whitcroft	canonical-signing-jobs/task03: status	In Progress	Invalid
2023-01-31 14:56:56	Andy Whitcroft	canonical-signing-jobs/task00: status	Invalid	New
2023-01-31 14:56:56	Andy Whitcroft	canonical-signing-jobs/task00: status explanation	validate \ --exclude kinetic:shim --publications ~ubuntu-uefi-team/+archive/ubuntu/ppa/+sourcepub/14471577 copy \ --from ppa:ubuntu-uefi-team/ubuntu/ppa --from-suite kinetic --sources \ shim-signed/1.54/signing \ --to signing:ubuntu/4 --to-suite kinetic copy \ --from signing:ubuntu/4 --from-suite kinetic --sources \ shim-signed/1.54 \ --to ppa:ubuntu-uefi-team/ubuntu/proposed --to-suite kinetic delete \ --from signing:ubuntu/4 --from-suite kinetic --sources \ shim-signed/1.54	validate \ --exclude kinetic:shim --publications ~ubuntu-uefi-team/+archive/ubuntu/ppa/+sourcepub/14154501 ~ubuntu-uefi-team/+archive/ubuntu/ppa/+sourcepub/14471577 copy \ --from ppa:ubuntu-uefi-team/ubuntu/ppa --from-suite kinetic --sources \ shim/15.7-0ubuntu1 \ shim-signed/1.54/signing \ --to signing:ubuntu/4 --to-suite kinetic copy \ --from signing:ubuntu/4 --from-suite kinetic --sources \ shim/15.7-0ubuntu1 \ shim-signed/1.54 \ --to ppa:ubuntu-uefi-team/ubuntu/proposed --to-suite kinetic delete \ --from signing:ubuntu/4 --from-suite kinetic --sources \ shim/15.7-0ubuntu1 \ shim-signed/1.54
2023-01-31 14:56:57	Andy Whitcroft	canonical-signing-jobs/task00: status	New	Triaged
2023-01-31 14:57:08	Andy Whitcroft	canonical-signing-jobs/task01: status	Invalid	New
2023-01-31 14:57:08	Andy Whitcroft	canonical-signing-jobs/task01: status explanation	validate \ --exclude jammy:shim --publications ~ubuntu-uefi-team/+archive/ubuntu/ppa/+sourcepub/14471576 copy \ --from ppa:ubuntu-uefi-team/ubuntu/ppa --from-suite jammy --sources \ shim-signed/1.51.3/signing \ --to signing:ubuntu/4 --to-suite jammy copy \ --from signing:ubuntu/4 --from-suite jammy --sources \ shim-signed/1.51.3 \ --to ppa:ubuntu-uefi-team/ubuntu/proposed --to-suite jammy delete \ --from signing:ubuntu/4 --from-suite jammy --sources \ shim-signed/1.51.3	validate \ --exclude jammy:shim --publications ~ubuntu-uefi-team/+archive/ubuntu/ppa/+sourcepub/14464729 ~ubuntu-uefi-team/+archive/ubuntu/ppa/+sourcepub/14471576 copy \ --from ppa:ubuntu-uefi-team/ubuntu/ppa --from-suite jammy --sources \ shim/15.7-0ubuntu1 \ shim-signed/1.51.3/signing \ --to signing:ubuntu/4 --to-suite jammy copy \ --from signing:ubuntu/4 --from-suite jammy --sources \ shim/15.7-0ubuntu1 \ shim-signed/1.51.3 \ --to ppa:ubuntu-uefi-team/ubuntu/proposed --to-suite jammy delete \ --from signing:ubuntu/4 --from-suite jammy --sources \ shim/15.7-0ubuntu1 \ shim-signed/1.51.3
2023-01-31 14:57:09	Andy Whitcroft	canonical-signing-jobs/task01: status	New	Triaged
2023-01-31 14:57:22	Andy Whitcroft	canonical-signing-jobs/task02: status	Invalid	New
2023-01-31 14:57:22	Andy Whitcroft	canonical-signing-jobs/task02: status explanation	validate \ --exclude focal:shim --publications ~ubuntu-uefi-team/+archive/ubuntu/ppa/+sourcepub/14471540 copy \ --from ppa:ubuntu-uefi-team/ubuntu/ppa --from-suite focal --sources \ shim-signed/1.40.9/signing \ --to signing:ubuntu/4 --to-suite focal copy \ --from signing:ubuntu/4 --from-suite focal --sources \ shim-signed/1.40.9 \ --to ppa:ubuntu-uefi-team/ubuntu/proposed --to-suite focal delete \ --from signing:ubuntu/4 --from-suite focal --sources \ shim-signed/1.40.9	validate \ --exclude focal:shim --publications ~ubuntu-uefi-team/+archive/ubuntu/ppa/+sourcepub/14464730 ~ubuntu-uefi-team/+archive/ubuntu/ppa/+sourcepub/14471540 copy \ --from ppa:ubuntu-uefi-team/ubuntu/ppa --from-suite focal --sources \ shim/15.7-0ubuntu1 \ shim-signed/1.40.9/signing \ --to signing:ubuntu/4 --to-suite focal copy \ --from signing:ubuntu/4 --from-suite focal --sources \ shim/15.7-0ubuntu1 \ shim-signed/1.40.9 \ --to ppa:ubuntu-uefi-team/ubuntu/proposed --to-suite focal delete \ --from signing:ubuntu/4 --from-suite focal --sources \ shim/15.7-0ubuntu1 \ shim-signed/1.40.9
2023-01-31 14:57:24	Andy Whitcroft	canonical-signing-jobs/task02: status	New	Triaged
2023-01-31 14:57:34	Andy Whitcroft	canonical-signing-jobs/task03: status	Invalid	New
2023-01-31 14:57:34	Andy Whitcroft	canonical-signing-jobs/task03: status explanation	validate \ --exclude bionic:shim --publications ~ubuntu-uefi-team/+archive/ubuntu/ppa/+sourcepub/14471532 copy \ --from ppa:ubuntu-uefi-team/ubuntu/ppa --from-suite bionic --sources \ shim-signed/1.37~18.04.13/signing \ --to signing:ubuntu/4 --to-suite bionic copy \ --from signing:ubuntu/4 --from-suite bionic --sources \ shim-signed/1.37~18.04.13 \ --to ppa:ubuntu-uefi-team/ubuntu/proposed --to-suite bionic delete \ --from signing:ubuntu/4 --from-suite bionic --sources \ shim-signed/1.37~18.04.13	validate \ --exclude bionic:shim --publications ~ubuntu-uefi-team/+archive/ubuntu/ppa/+sourcepub/14464731 ~ubuntu-uefi-team/+archive/ubuntu/ppa/+sourcepub/14471532 copy \ --from ppa:ubuntu-uefi-team/ubuntu/ppa --from-suite bionic --sources \ shim/15.7-0ubuntu1 \ shim-signed/1.37~18.04.13/signing \ --to signing:ubuntu/4 --to-suite bionic copy \ --from signing:ubuntu/4 --from-suite bionic --sources \ shim/15.7-0ubuntu1 \ shim-signed/1.37~18.04.13 \ --to ppa:ubuntu-uefi-team/ubuntu/proposed --to-suite bionic delete \ --from signing:ubuntu/4 --from-suite bionic --sources \ shim/15.7-0ubuntu1 \ shim-signed/1.37~18.04.13
2023-01-31 14:57:36	Andy Whitcroft	canonical-signing-jobs/task03: status	New	Triaged
2023-01-31 14:58:49	Andy Whitcroft	canonical-signing-jobs/task00: status	Triaged	Confirmed
2023-01-31 14:58:56	Andy Whitcroft	canonical-signing-jobs/task01: status	Triaged	Confirmed
2023-01-31 14:59:07	Andy Whitcroft	canonical-signing-jobs/task02: status	Triaged	Confirmed
2023-01-31 14:59:15	Andy Whitcroft	canonical-signing-jobs/task03: status	Triaged	Confirmed
2023-01-31 15:00:09	Andy Whitcroft	canonical-signing-jobs/task00: status	Confirmed	In Progress
2023-01-31 15:00:12	Andy Whitcroft	canonical-signing-jobs/task01: status	Confirmed	In Progress
2023-01-31 15:00:16	Andy Whitcroft	canonical-signing-jobs/task02: status	Confirmed	In Progress
2023-01-31 15:00:20	Andy Whitcroft	canonical-signing-jobs/task03: status	Confirmed	In Progress
2023-01-31 16:45:26	Andy Whitcroft	canonical-signing-jobs/task00: status	In Progress	Fix Released
2023-01-31 16:45:26	Andy Whitcroft	canonical-signing-jobs/task00: importance explanation	unset	Successful
2023-01-31 16:45:31	Andy Whitcroft	canonical-signing-jobs/task01: status	In Progress	Fix Released
2023-01-31 16:45:31	Andy Whitcroft	canonical-signing-jobs/task01: importance explanation	unset	Successful
2023-01-31 16:45:33	Andy Whitcroft	canonical-signing-jobs/task02: status	In Progress	Fix Released
2023-01-31 16:45:33	Andy Whitcroft	canonical-signing-jobs/task02: importance explanation	unset	Successful
2023-01-31 16:45:35	Andy Whitcroft	canonical-signing-jobs/task03: status	In Progress	Fix Released
2023-01-31 16:45:35	Andy Whitcroft	canonical-signing-jobs/task03: importance explanation	unset	Successful
2023-01-31 17:07:05	Andy Whitcroft	canonical-signing-jobs: status	Fix Committed	Fix Released
2023-01-31 21:52:59	Steve Langasek	shim-signed (Ubuntu Kinetic): status	New	Fix Committed
2023-01-31 21:53:01	Steve Langasek	bug			added subscriber Ubuntu Stable Release Updates Team
2023-01-31 21:53:03	Steve Langasek	bug			added subscriber SRU Verification
2023-01-31 21:53:05	Steve Langasek	tags		verification-needed verification-needed-kinetic
2023-01-31 22:00:45	Steve Langasek	shim-signed (Ubuntu Jammy): status	New	Fix Committed
2023-01-31 22:00:50	Steve Langasek	tags	verification-needed verification-needed-kinetic	verification-needed verification-needed-jammy verification-needed-kinetic
2023-01-31 22:03:18	Steve Langasek	shim-signed (Ubuntu Focal): status	New	Fix Committed
2023-01-31 22:03:22	Steve Langasek	tags	verification-needed verification-needed-jammy verification-needed-kinetic	verification-needed verification-needed-focal verification-needed-jammy verification-needed-kinetic
2023-01-31 22:05:26	Steve Langasek	shim-signed (Ubuntu Bionic): status	New	Fix Committed
2023-01-31 22:05:32	Steve Langasek	tags	verification-needed verification-needed-focal verification-needed-jammy verification-needed-kinetic	verification-needed verification-needed-bionic verification-needed-focal verification-needed-jammy verification-needed-kinetic
2023-02-01 00:59:08	dann frazier	tags	verification-needed verification-needed-bionic verification-needed-focal verification-needed-jammy verification-needed-kinetic	verification-done-focal verification-done-jammy verification-done-kinetic verification-needed verification-needed-bionic
2023-02-01 15:43:37	dann frazier	tags	verification-done-focal verification-done-jammy verification-done-kinetic verification-needed verification-needed-bionic	verification-done verification-done-bionic verification-done-focal verification-done-jammy verification-done-kinetic
2023-02-16 10:47:58	Launchpad Janitor	shim-signed (Ubuntu Kinetic): status	Fix Committed	Fix Released
2023-02-16 10:47:58	Launchpad Janitor	cve linked		2022-28737
2023-02-16 10:48:15	Łukasz Zemczak	removed subscriber Ubuntu Stable Release Updates Team
2023-02-16 11:04:47	Launchpad Janitor	shim-signed (Ubuntu Jammy): status	Fix Committed	Fix Released
2023-02-16 11:10:59	Launchpad Janitor	shim-signed (Ubuntu Focal): status	Fix Committed	Fix Released
2023-02-16 16:27:50	Launchpad Janitor	shim-signed (Ubuntu): status	New	Fix Released
2023-02-16 19:50:34	dann frazier	shim-signed (Ubuntu Focal): status	Fix Released	Fix Committed
2023-03-14 15:15:18	Launchpad Janitor	shim-signed (Ubuntu Focal): status	Fix Committed	Fix Released
2023-06-22 23:31:43	Launchpad Janitor	shim-signed (Ubuntu Bionic): status	Fix Committed	Fix Released

Ubuntushim-signed package

Activity log for bug #2004208

Ubuntu
shim-signed package