[Bug 2003365] Re: 2022v1 resigning

Jeremy BĂ­cha 2003365 at bugs.launchpad.net
Fri Feb 24 14:28:59 UTC 2023 

** Changed in: fwupd-efi (Ubuntu Lunar)
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to fwupd-signed in Ubuntu.
https://bugs.launchpad.net/bugs/2003365

Title:
  2022v1 resigning

Status in fwupd-efi package in Ubuntu:
  Fix Released
Status in fwupd-signed package in Ubuntu:
  Fix Released
Status in fwupd-efi source package in Bionic:
  New
Status in fwupd-signed source package in Bionic:
  In Progress
Status in fwupd-efi source package in Focal:
  Fix Released
Status in fwupd-signed source package in Focal:
  Fix Released
Status in fwupd-efi source package in Jammy:
  Fix Released
Status in fwupd-signed source package in Jammy:
  Fix Released
Status in fwupd-efi source package in Kinetic:
  Fix Released
Status in fwupd-signed source package in Kinetic:
  Fix Released
Status in fwupd-efi source package in Lunar:
  Fix Released
Status in fwupd-signed source package in Lunar:
  Fix Released

Bug description:
  [Impact]
  Resign with new 2022v1 key, as the old key is revoked in shim 15.7-0ubuntu1.

  [Test plan]
  Check that fwupd.efi can be started from old and new shim.

  [Where problems could occur]
  We're building one signed binary for stable releases in kinetic now and copying it back. We last built it in jammy, there may be toolchain related regressions.

  [Other info]
  We have backported 1.51 wholesale. This matters mostly for focal as it had different version numbers so far, but the content was otherwise identical to 1.42.

  This makes it clear that 1.51 is version signed with the new key and
  where it is available, and saves a lot of time vs changing changelogs
  to incorporate separate focal history in those ~20 uploads we do for
  the rotation.

  fwupd-efi was built in kinetic in the ppa:ubuntu-uefi-team/ppa and
  then signed with the 2022v1 signing key, copied to ppa:ubuntu-uefi-
  team/proposed and then copied (--unembargo) into ppa:ubuntu-uefi-
  team/proposed-step before being copied to the main queues. The final
  proposed-public should allow sensible SRU review.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/fwupd-efi/+bug/2003365/+subscriptions

More information about the foundations-bugs mailing list