[Bug 2003365] Re: 2022v1 resigning

Launchpad Bug Tracker 2003365 at bugs.launchpad.net
Tue Feb 7 08:39:44 UTC 2023 

This bug was fixed in the package fwupd-signed - 1.51

---------------
fwupd-signed (1.51) lunar; urgency=medium

  * Remove i386 and armhf from the architecture list
  * Check that we are signing the correct version of fwupd and it is not revoked

fwupd-signed (1.48) lunar; urgency=medium

  [ Julian Andres Klode ]
  * Rebuild for 2022v1 resigning (LP: #2003365)

  [ Andy Whitcroft ]
  * Fix signing artifact download when faced with an authenticated archive
    pool.  Switch to using common download-signed from grub2/kernel.

 -- Julian Andres Klode <juliank at ubuntu.com>  Thu, 26 Jan 2023 16:52:24
+0100

** Changed in: fwupd-signed (Ubuntu Lunar)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to fwupd-signed in Ubuntu.
https://bugs.launchpad.net/bugs/2003365

Title:
  2022v1 resigning

Status in fwupd-efi package in Ubuntu:
  New
Status in fwupd-signed package in Ubuntu:
  Fix Released
Status in fwupd-efi source package in Bionic:
  New
Status in fwupd-signed source package in Bionic:
  In Progress
Status in fwupd-efi source package in Focal:
  Fix Committed
Status in fwupd-signed source package in Focal:
  Fix Committed
Status in fwupd-efi source package in Jammy:
  Fix Committed
Status in fwupd-signed source package in Jammy:
  Fix Committed
Status in fwupd-efi source package in Kinetic:
  Fix Committed
Status in fwupd-signed source package in Kinetic:
  Fix Committed
Status in fwupd-efi source package in Lunar:
  New
Status in fwupd-signed source package in Lunar:
  Fix Released

Bug description:
  [Impact]
  Resign with new 2022v1 key, as the old key is revoked in shim 15.7-0ubuntu1.

  [Test plan]
  Check that fwupd.efi can be started from old and new shim.

  [Where problems could occur]
  We're building one signed binary for stable releases in kinetic now and copying it back. We last built it in jammy, there may be toolchain related regressions.

  [Other info]
  We have backported 1.51 wholesale. This matters mostly for focal as it had different version numbers so far, but the content was otherwise identical to 1.42.

  This makes it clear that 1.51 is version signed with the new key and
  where it is available, and saves a lot of time vs changing changelogs
  to incorporate separate focal history in those ~20 uploads we do for
  the rotation.

  fwupd-efi was built in kinetic in the ppa:ubuntu-uefi-team/ppa and
  then signed with the 2022v1 signing key, copied to ppa:ubuntu-uefi-
  team/proposed and then copied (--unembargo) into ppa:ubuntu-uefi-
  team/proposed-step before being copied to the main queues. The final
  proposed-public should allow sensible SRU review.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/fwupd-efi/+bug/2003365/+subscriptions

More information about the foundations-bugs mailing list