I've triggered many successful builds, where grub2 deb & signing artefacts matched, and thus build succeeded.
To produce the race of missmatched grub2 deb & signing artefacts I did the following:
1) edit-acl on a ppa release pocket and self grant admin rights to myself
2) copy .deb from focal-proposed into said ppa
3) whilst signing tarball is still in Accepted queue, use queue tool with '-e' option to filter and reject signing tarball.
This resulted in a PPA that has the latest .deb, but will never have matching signing.
4) copy source-only grub2-signed into said PPA
Expecting a failure to build from source, as the archive that had the candidate deb, did not have matching signing.
I've triggered many successful builds, where grub2 deb & signing artefacts matched, and thus build succeeded.
To produce the race of missmatched grub2 deb & signing artefacts I did the following:
1) edit-acl on a ppa release pocket and self grant admin rights to myself
2) copy .deb from focal-proposed into said ppa
3) whilst signing tarball is still in Accepted queue, use queue tool with '-e' option to filter and reject signing tarball.
This resulted in a PPA that has the latest .deb, but will never have matching signing.
4) copy source-only grub2-signed into said PPA
Expecting a failure to build from source, as the archive that had the candidate deb, did not have matching signing.
make[1]: Entering directory '/<<PKGBUILDDIR>>' grub/x86_ 64-efi/ monolithic/ grubx64. efi grub/x86_ 64-efi/ monolithic/ grubx64. efi differ: byte 162, line 2
cmp current/grubx64.efi /usr/lib/
current/grubx64.efi /usr/lib/
make[1]: *** [Makefile:27: check] Error 1
And it failed correctly.
Successful builds are visibile in the Ubuntu Archive proposed it self. Thus the build-time check now works correctly.