** Description changed:

+ [Impact]
+ Validating signature using sbsigntool for EFI binaries on Precise and Trusty.
+ 
+ [Test case]
+ 1) pull-lp-source shim-signed
+ 2) sbverify --cert MicCorUEFCA2011_2011-06-27.crt shim.efi.signed
+ 
+ [Regression potential]
+ Complex signing scenarios may pass validation when they should not due to the 
unavailability of the issuer cert; but I can't think of a specific case where 
this might happen.
+ 
+ ---
+ 
  An upload of shim-signed with no source changes is now failing to build
  in wily, because sbverify fails:
  
-   sbverify --cert MicCorUEFCA2011_2011-06-27.crt shim.efi.signed
-   warning: data remaining[1170360 vs 1289424]: gaps between PE/COFF sections?
-   PKCS7 verification failed
-   139919811188368:error:21075075:PKCS7 routines:PKCS7_verify:certificate 
verify error:pk7_smime.c:328:Verify error:unable to get issuer certificate
-   Signature verification failed
+   sbverify --cert MicCorUEFCA2011_2011-06-27.crt shim.efi.signed
+   warning: data remaining[1170360 vs 1289424]: gaps between PE/COFF sections?
+   PKCS7 verification failed
+   139919811188368:error:21075075:PKCS7 routines:PKCS7_verify:certificate 
verify error:pk7_smime.c:328:Verify error:unable to get issuer certificate
+   Signature verification failed
  
  (https://launchpad.net/ubuntu/+source/shim-signed/1.10/+build/7652431)
  
  The package builds successfully on vivid but fails on wily.  sbsigntool
  has not changed since vivid.  Upgrading to the wily version of
  libssl1.0.0 in a vivid chroot reproduces the failure.
  
  I'm not sure if this is a regression in libssl1.0.0 or a bug in
  sbsigntool.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1474541

Title:
  sbsigntool broken by update to openssl 1.0.2c

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1474541/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to