Comment 2 for bug 1894824

I've triggered many successful builds, where grub2 deb & signing artefacts matched, and thus build succeeded.

To produce the race of missmatched grub2 deb & signing artefacts I did the following:

1) edit-acl on a ppa release pocket and self grant admin rights to myself
2) copy .deb from focal-proposed into said ppa
3) whilst signing tarball is still in Accepted queue, use queue tool with '-e' option to filter and reject signing tarball.

This resulted in a PPA that has the latest .deb, but will never have matching signing.

4) copy source-only grub2-signed into said PPA

Expecting a failure to build from source, as the archive that had the candidate deb, did not have matching signing.

make[1]: Entering directory '/<<PKGBUILDDIR>>'
cmp current/grubx64.efi /usr/lib/grub/x86_64-efi/monolithic/grubx64.efi
current/grubx64.efi /usr/lib/grub/x86_64-efi/monolithic/grubx64.efi differ: byte 162, line 2
make[1]: *** [Makefile:27: check] Error 1

And it failed correctly.

Successful builds are visibile in the Ubuntu Archive proposed it self. Thus the build-time check now works correctly.