Hey Niels! On Sat, Jan 04, 2025 at 09:59:06AM +0100, Niels Thykier wrote: >On Sat, 28 Dec 2024 13:00:45 +0100 Niels Thykier <ni...@thykier.net> wrote: >> Control: tags -1 patch >> >> [...] >> >> There is an MR at >> https://salsa.debian.org/efi-team/shim/-/merge_requests/17 with a patch >> for how to solve this. >> >> Best regards, >> Niels >> > >Hi > >The bugs are now become RC (both this for shim and the one for >shim-helpers-arm64-signed).
ACK. >I can do an NMU for this package to resolve the RC bug. However, I am not >sure if will be helpful or just be in the way. My end goal is to have the bug >fixed in testing and I am not sure my fix would transition (I am unclear on >how the shim signing interacts with the packages and the transition). Thanks for being cautious and reaching out to me! In general, NMUing shim is *never* the correct thing to do due to its special nature. The interaction with the Microsoft signing (etc.) makes things difficult here. >Note the patch does not affect the produced binaries but there has been >changes to the toolchains changing a "MinorLinkerVersion" and a "CheckSum" >field in many of the efi files. I assume this means it will need a resign on >upload and I don't remember if it is something Debian can just do. > >There are also a lot of changes in shim-helpers-amd64-helpers that I do not >understand which includes a whole debian/ subdir under >"usr/share/code-signing/shim-helpers-amd64-signed-template/source-template", >which are unrelated to my change (FWIW, I built from git rather than a >minimum patch on top of latest sid version). > >So, we are back to: Would it be helpful if I NMUed the shim or/and >shim-helpres-arm64-signed package? If not, then I will leave it in your >capable hands. I'm looking at your MR now, thanks! I should warn you: I'm *not* planning on doing a new upload of the current packages soon, even so. There's a new upstream version due soon, and I'll fold things in there. -- Steve McIntyre, Cambridge, UK. st...@einval.com "C++ ate my sanity" -- Jon Rabone
