Backport gnu-efi 3.0.8 to all supported releases for SHIM

Bug #1790709 reported by Mathieu Trudel-Lapierre on 2018-09-04
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
gnu-efi (Ubuntu)
High
Unassigned
Trusty
High
Unassigned
Xenial
High
Unassigned
Bionic
High
Unassigned
Cosmic
High
Unassigned
syslinux (Ubuntu)
High
Mathieu Trudel-Lapierre
Bionic
High
Unassigned
Cosmic
High
Unassigned

Bug Description

[Impact]
All users on UEFI systems.

Gnu-efi needs to be backported everywhere to support new shim releases. This applies to bionic, xenial, and trusty.

This is to properly build the new shim releases on these releases of Ubuntu.

[Test cases]
-- build tests --
Validate that the following reverse-dependencies build correctly:

Reverse-Build-Depends-Indep
===========================
* syslinux

Reverse-Build-Depends
=====================
* dell-recovery
* efitools
* fwupd
* fwupdate
* kexec-tools
* refind
* sbsigntool
* shim
* systemd

Rebuild tests will happen in https://launchpad.net/~cyphermox/+archive/ubuntu/rebuild-tests

== Functionality tests ==

Run the following tests after the packages have been rebuilt against the new gnu-efi.

=== mokutil ===
Validate that mokutil can process:
- Certificate import: mokutil --import <file.der>
- List enrolled certificates: mokutil --list-enrolled
- Set verbosity: mokutil --set-verbosity true

Reboot, and validate that MokManager processes the requested changes.

[Regression potential]
gnu-efi is a library that supports applications in handling EFI variables in and outside of the runtime environment, along with supporting standard library features for EFI applications. As such, any application that makes uses of EFI variables on a running system or as their own EFI application should be validated against possible corruption of the contents of the variables, as well as doing smoketesting of the EFI applications themselves for incorrect behavior, crashes, and other runtime issues.

syslinux in bionic and newer need a small fix to avoid FTBFS now that gnu-efi provides memset() and memcpy().

description: updated
Changed in gnu-efi (Ubuntu):
status: New → Fix Released
Changed in syslinux (Ubuntu):
status: New → In Progress
assignee: nobody → Mathieu Trudel-Lapierre (cyphermox)
importance: Undecided → High
description: updated

Hello Mathieu, or anyone else affected,

Accepted gnu-efi into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/gnu-efi/3.0.8-0ubuntu1~18.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in gnu-efi (Ubuntu Bionic):
status: New → Fix Committed
tags: added: verification-needed verification-needed-bionic
Changed in gnu-efi (Ubuntu Xenial):
status: New → Fix Committed
tags: added: verification-needed-xenial
Steve Langasek (vorlon) wrote :

Hello Mathieu, or anyone else affected,

Accepted gnu-efi into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/gnu-efi/3.0.8-0ubuntu1~16.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in gnu-efi (Ubuntu Trusty):
status: New → Fix Committed
tags: added: verification-needed-trusty
Steve Langasek (vorlon) wrote :

Hello Mathieu, or anyone else affected,

Accepted gnu-efi into trusty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/gnu-efi/3.0.8-0ubuntu1~14.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-trusty to verification-done-trusty. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-trusty. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package syslinux - 3:6.04~git20171011.af7e95c3+dfsg1-4ubuntu1

---------------
syslinux (3:6.04~git20171011.af7e95c3+dfsg1-4ubuntu1) cosmic; urgency=medium

  * Rebuild against gnu-efi 3.0.8 with necessary porting (LP: #1790709)
    - debian/patches/remove-VPrint.patch: Don't redefine VPrint(), since it's
      provided by gnu-efi.
    - debian/patches/gnu-efi_3.0.8_support.patch: filter out memset, memcpy
      objects, since they are provided by gnu-efi.

 -- Mathieu Trudel-Lapierre <email address hidden> Fri, 07 Sep 2018 16:21:11 -0400

Changed in syslinux (Ubuntu):
status: In Progress → Fix Released

Rebuilds in PPA have all passed -- the failures for efitools are exactly the same as they previously were and due to EFI not being available (or sbsigntool, efivar, etc.) on those architectures:

https://launchpad.net/~cyphermox/+archive/ubuntu/rebuild-tests/+packages

In any case, amd64 (the only arch that built for efitools) has not regressed.

syslinux for bionic needs a patch, which in currently waiting in the bionic unapproved queue.

tags: added: verification-done-bionic verification-done-trusty verification-done-xenial
removed: verification-needed verification-needed-bionic verification-needed-trusty verification-needed-xenial

The verification of the Stable Release Update for gnu-efi has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gnu-efi - 3.0.8-0ubuntu1~18.04.1

---------------
gnu-efi (3.0.8-0ubuntu1~18.04.1) bionic; urgency=medium

  * New upstream version 3.0.8. (LP: #1790709)
  * debian/patches: drop patches, included upstream.
  * Reinstate d/p/ARM-hide-hidden-pragma-for-hosted-build.patch; otherwise
    sbsigntool fails to build on armhf.

 -- Mathieu Trudel-Lapierre <email address hidden> Tue, 04 Sep 2018 15:09:02 -0400

Changed in gnu-efi (Ubuntu Bionic):
status: Fix Committed → Fix Released
Steve Langasek (vorlon) wrote :

shouldn't syslinux also get a versioned build-dependency on gnu-efi for this?

Changed in syslinux (Ubuntu Bionic):
status: New → Incomplete
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gnu-efi - 3.0.8-0ubuntu1~16.04.1

---------------
gnu-efi (3.0.8-0ubuntu1~16.04.1) xenial; urgency=medium

  * New upstream version 3.0.8. (LP: #1790709)
  * debian/patches: drop patches, included upstream.
  * Reinstate d/p/ARM-hide-hidden-pragma-for-hosted-build.patch; otherwise
    sbsigntool fails to build on armhf.

 -- Mathieu Trudel-Lapierre <email address hidden> Tue, 04 Sep 2018 15:28:31 -0400

Changed in gnu-efi (Ubuntu Xenial):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gnu-efi - 3.0.8-0ubuntu1~14.04.1

---------------
gnu-efi (3.0.8-0ubuntu1~14.04.1) trusty; urgency=medium

  * New upstream version 3.0.8. (LP: #1790709)
  * debian/patches: drop patches, included upstream.
  * Reinstate d/p/ARM-hide-hidden-pragma-for-hosted-build.patch; otherwise
    sbsigntool fails to build on armhf.
  * debian/patches/intptr_define.patch: include stdint.h from inc/efilink.h.

 -- Mathieu Trudel-Lapierre <email address hidden> Tue, 04 Sep 2018 15:30:59 -0400

Changed in gnu-efi (Ubuntu Trusty):
status: Fix Committed → Fix Released

Hello Mathieu, or anyone else affected,

Accepted syslinux into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/syslinux/3:6.03+dfsg1-2ubuntu0.18.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in syslinux (Ubuntu Bionic):
status: Incomplete → Fix Committed
Łukasz Zemczak (sil2100) wrote :

The verification-done-bionic tag has not been re-set after the syslinux package has been accepted. Did all the validation steps have been performed for the package after it has been re-built? I see the test-case defines some functionality tests - are those also required in this case?

tags: added: verification-needed-bionic
removed: verification-done-bionic
Changed in syslinux (Ubuntu Bionic):
importance: Undecided → High
Changed in gnu-efi (Ubuntu):
importance: Undecided → High
Changed in gnu-efi (Ubuntu Trusty):
importance: Undecided → High
Changed in gnu-efi (Ubuntu Xenial):
importance: Undecided → High
Changed in gnu-efi (Ubuntu Bionic):
importance: Undecided → High

Looks like there are some cases where syslinux will fail to load modules with the proposed rebuild patch with the new gnu-efi. This is a regression in syslinux; marking as verification-failed.

tags: added: verification-failed-bionic
removed: verification-needed-bionic
tags: removed: verification-done-trusty verification-done-xenial

Fixing is required in cosmic as well since the issue is with the patch used for gnu-efi 3.0.8 support. Disco is "unaffected"; I've synced with Debian which has already fixed the issue.

Changed in gnu-efi (Ubuntu Cosmic):
status: New → Fix Released
Changed in syslinux (Ubuntu Cosmic):
status: New → In Progress
Brian Murray (brian-murray) wrote :

Hello Mathieu, or anyone else affected,

Accepted syslinux into cosmic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/syslinux/3:6.04~git20171011.af7e95c3+dfsg1-4ubuntu1.18.10.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-cosmic to verification-done-cosmic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-cosmic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in syslinux (Ubuntu Cosmic):
status: In Progress → Fix Committed
Adam Conrad (adconrad) wrote :

Hello Mathieu, or anyone else affected,

Accepted syslinux into cosmic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/syslinux/3:6.04~git20171011.af7e95c3+dfsg1-4ubuntu1.18.10.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-cosmic to verification-done-cosmic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-cosmic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Adam Conrad (adconrad) wrote :

Hello Mathieu, or anyone else affected,

Accepted syslinux into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/syslinux/3:6.03+dfsg1-2ubuntu0.18.04.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

tags: added: verification-needed-bionic verification-needed-cosmic
removed: verification-failed-bionic
Changed in gnu-efi (Ubuntu Cosmic):
importance: Undecided → High
Changed in syslinux (Ubuntu Cosmic):
importance: Undecided → High

syslinux 3:6.04~git20171011.af7e95c3+dfsg1-4ubuntu1.18.10.2 verification-done in cosmic:

I've build new d-i images (mini.iso for netboot) in a PPA with the use of the new syslinux in cosmic-proposed; the images were bootable and correctly showing the minimal gfxboot menu expected for mini.iso.

So, obviously no issues in rebuilding syslinux with the new version of gnu-efi.

tags: added: verification-done-cosmic
removed: verification-needed-cosmic
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package syslinux - 3:6.04~git20171011.af7e95c3+dfsg1-4ubuntu1.18.10.2

---------------
syslinux (3:6.04~git20171011.af7e95c3+dfsg1-4ubuntu1.18.10.2) cosmic; urgency=medium

  * debian/patches/gnu-efi_3.0.8_support.patch: We're using -zuldefs, but also
    still need to be doing the LIBS filtering correctly. Oops. (LP: #1790709)

syslinux (3:6.04~git20171011.af7e95c3+dfsg1-4ubuntu1.18.10.1) cosmic; urgency=medium

  * debian/patches/gnu-efi_3.0.8_support.patch: link syslinux.so using
    -zmuldefs rather than filtering out memset and mcmcpy; as it won't risk
    symbol errors when running vesamenu in some scenarios. (LP: #1790709)

 -- Mathieu Trudel-Lapierre <email address hidden> Mon, 18 Feb 2019 10:14:13 +0100

Changed in syslinux (Ubuntu Cosmic):
status: Fix Committed → Fix Released

The fix for this bug has been awaiting testing feedback in the -proposed repository for bionic for more than 90 days. Please test this fix and update the bug appropriately with the results. In the event that the fix for this bug is still not verified 15 days from now, the package will be removed from the -proposed repository.

tags: added: removal-candidate
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers