[Bug 1915536] Re: one grub
Dimitri John Ledkov
1915536 at bugs.launchpad.net
Tue Feb 23 17:53:19 UTC 2021
** Description changed:
[Impact]
- * The proposal is to rename modules in -bin to be shipped in the
- $platfrom-unsigned directory.
+ * The proposal is to split src:grub2 into two source packages
- * And make -signed-bin package ship modules
+ src:grub2 will continue to build most things, apart from bin|dbg
+ |signing-tempate binary packages for platforms that get signed.
- * And add dependency from the -bin onto > -signed-bin (>= $grub2-signed
- stem)
+ src:grub2-unsigned source package is source-full copy of src:grub2 that
+ only builds bin|dbg|signing-tempate binary packages for platforms that
+ get signed and submits monolithic binaries for signing.
- * This allows allows in the future for grub2-signed to pull appropriate
- grub modules for a given distro. For example, using 2.04 modules &
- signed images from focal on bionic to gain support for TPM verifies and
- other EFI platform specific developments without affecting userspace
- grub tooling.
+ src:grub2-signed is built as before, but its maintainer scripts should
+ be compatible across grub2-common from precise and up.
+
+ Stable series will receive grub2 update that drops building bin|dbg
+ |signing-template.
+
+ Stable series will receive binary-copy of grub2-unsigned & grub2-signed,
+ thus on signed platforms EFI apps and modules will be the same across
+ all series.
+
[Caveats]
- * In devel series, keep grub2 submitting things for signing by setting
- SB_SUBMIT := yes
+ * In devel series, always upload grub2 with matching src:grub2-unsigned
+ which can be build with ./debian/rules generate-grub2-unsigned command.
- * With every new upload bump the version number of the -signed-bin (>=
- $grub2-signed-ver) package, to the expected one from grub2-signed.
+ * In stable series, only upload src:grub2 when fixes needed in update-
+ grub / grub.cfg / grub-install / etc, but not in the efi modules & apps.
- * Upload new grub2-signed with the version set above or higher,
- vendoring the desired signed grub2.
-
- --
-
- In stable series to disable submitting signing set SB_SUBMIT := no.
-
- Then one can upload grub2-signed first, followed by grub2.
-
- Upload grub2 to bump the version number of the -signed-bin (>= $grub2
- -signed-ver) dependency, to the expected one from grub2-signed.
-
- Upload new grub2-signed pulling whichever signed grub from whichever
- series as needed.
+ * As needed, binary copy grub2-unsigned & grub2-signed from later series
+ to stable series.
[Test Case]
- * Upgrade to new grub-efi-amd64-bin and grub-efi-amd64-signed packages
+ * Upgrade to new packages
* Observe that system boots, one can use grub-mkimage / grub-mkrescue
without issues.
[Where problems could occur]
- * The binaries shipped by -signed packages are innert, they are
- bootloader binaries only. The only compatibility that has to be
- maintained is within the userspace tooling - specifically maintainer
- scripts, and file names and locations.
-
- [Other Info]
-
- * See all the bug reports that grub can't be installed or upgraded when
- people use -proposed.
+ * There might be regression on the EFI platforms with grub 2.04 that
+ have not so far been caught on Focal / Groovy / Hirsute.
** Description changed:
[Impact]
- * The proposal is to split src:grub2 into two source packages
+ The proposal is to split src:grub2 into two source packages.
src:grub2 will continue to build most things, apart from bin|dbg
|signing-tempate binary packages for platforms that get signed.
src:grub2-unsigned source package is source-full copy of src:grub2 that
only builds bin|dbg|signing-tempate binary packages for platforms that
get signed and submits monolithic binaries for signing.
src:grub2-signed is built as before, but its maintainer scripts should
be compatible across grub2-common from precise and up.
Stable series will receive grub2 update that drops building bin|dbg
|signing-template.
Stable series will receive binary-copy of grub2-unsigned & grub2-signed,
thus on signed platforms EFI apps and modules will be the same across
all series.
-
[Caveats]
* In devel series, always upload grub2 with matching src:grub2-unsigned
- which can be build with ./debian/rules generate-grub2-unsigned command.
+ and src:grub2-signed. The unsigned package can be build with
+ ./debian/rules generate-grub2-unsigned command from src:grub2.
* In stable series, only upload src:grub2 when fixes needed in update-
grub / grub.cfg / grub-install / etc, but not in the efi modules & apps.
* As needed, binary copy grub2-unsigned & grub2-signed from later series
to stable series.
[Test Case]
* Upgrade to new packages
* Observe that system boots, one can use grub-mkimage / grub-mkrescue
without issues.
[Where problems could occur]
* There might be regression on the EFI platforms with grub 2.04 that
have not so far been caught on Focal / Groovy / Hirsute.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2-signed in Ubuntu.
https://bugs.launchpad.net/bugs/1915536
Title:
one grub
Status in grub2 package in Ubuntu:
New
Status in grub2-signed package in Ubuntu:
New
Bug description:
[Impact]
The proposal is to split src:grub2 into two source packages.
src:grub2 will continue to build most things, apart from bin|dbg
|signing-tempate binary packages for platforms that get signed.
src:grub2-unsigned source package is source-full copy of src:grub2
that only builds bin|dbg|signing-tempate binary packages for platforms
that get signed and submits monolithic binaries for signing.
src:grub2-signed is built as before, but its maintainer scripts should
be compatible across grub2-common from precise and up.
Stable series will receive grub2 update that drops building bin|dbg
|signing-template.
Stable series will receive binary-copy of grub2-unsigned &
grub2-signed, thus on signed platforms EFI apps and modules will be
the same across all series.
[Caveats]
* In devel series, always upload grub2 with matching
src:grub2-unsigned and src:grub2-signed. The unsigned package can be
build with ./debian/rules generate-grub2-unsigned command from
src:grub2.
* In stable series, only upload src:grub2 when fixes needed in update-
grub / grub.cfg / grub-install / etc, but not in the efi modules &
apps.
* As needed, binary copy grub2-unsigned & grub2-signed from later
series to stable series.
[Test Case]
* Upgrade to new packages
* Observe that system boots, one can use grub-mkimage / grub-mkrescue
without issues.
[Where problems could occur]
* There might be regression on the EFI platforms with grub 2.04 that
have not so far been caught on Focal / Groovy / Hirsute.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1915536/+subscriptions
More information about the foundations-bugs
mailing list