[Bug 1787254] Re: Possibly demote fwupdate to universe?
Steve Langasek
steve.langasek at canonical.com
Wed Aug 15 20:16:36 UTC 2018
As an archive admin I've said that we should not be signing two parallel
streams of EFI binaries implementing this functionality. If fwupd is
considered the preferred implementation upstream and Ubuntu is going to
adopt this, then we should remove fwupdate-signed entirely from the
archive and stop producing artifacts from fwupdate source package for
EFI signing.
If there are design reasons why Ubuntu Core should prefer fwupx64.efi
over fwupdx64.efi going forward, then we should clarify what these are
and evaluate whether Ubuntu classic should follow suit. Otherwise, we
should drop fwupdate-signed from the archive, adjust the fwupdate source
package to not generate EFI artifacts for signing, and ensure that snapd
migrates to fwupd by 20.04.
John, I suggested your name to Mario as a possible first contact for
this on the Snappy side, but please escalate this as appropriate.
NB I can't see anywhere in the snapd code or in the pc gadget snap where
fwupx64.efi is ever installed to the ESP, so it's entirely unclear to me
how this currently works on Ubuntu Core either.
** Changed in: snapd (Ubuntu)
Assignee: (unassigned) => John Lenton (chipaca)
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to fwupdate-signed in Ubuntu.
https://bugs.launchpad.net/bugs/1787254
Title:
Possibly demote fwupdate to universe?
Status in fwupdate package in Ubuntu:
New
Status in fwupdate-signed package in Ubuntu:
New
Status in snapd package in Ubuntu:
New
Bug description:
In cosmic there has been a major transition in the firmware updating
stack. fwupdate's library and EFI application were subsumed into
fwupd 1.1.0+.
fwupd will manage the installation of the EFI binary now at runtime.
fwupdate is still around as a reference implementation that doesn't
use glib or support CAB packaged files.
As such should fwupdate be dropped down to universe and fwupdate-
signed be dropped from the archive?
I'm hesitant to say yes because it's used in system-image seed and
installed into ubuntu core. I don't know how this will affect Ubuntu
core.
If it is decided to demote to universe and drop the signed package
then the packaging needs to be configured to strip the generation of
the EFI signing archive too.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/fwupdate/+bug/1787254/+subscriptions
More information about the foundations-bugs
mailing list