[Bug 2003365] Re: 2022v1 resigning

Julian Andres Klode 2003365 at bugs.launchpad.net
Fri Jan 27 10:38:57 UTC 2023 

** Description changed:

  [Impact]
  Resign with new 2022v1 key, as the old key is revoked in shim 15.7-0ubuntu1.
  
  [Test plan]
  Check that fwupd.efi can be started from old and new shim.
  
  [Where problems could occur]
  We're building one signed binary for stable releases in kinetic now and copying it back. We last built it in jammy, there may be toolchain related regressions.
+ 
+ [Other info]
+ We have backported 1.51 wholesale. This matters mostly for focal as it had different version numbers so far, but the content was otherwise identical to 1.42.
+ 
+ This makes it clear that 1.51 is version signed with the new key and
+ where it is available, and saves a lot of time vs changing changelogs to
+ incorporate separate focal history in those ~20 uploads we do for the
+ rotation.

** Description changed:

  [Impact]
  Resign with new 2022v1 key, as the old key is revoked in shim 15.7-0ubuntu1.
  
  [Test plan]
  Check that fwupd.efi can be started from old and new shim.
  
  [Where problems could occur]
  We're building one signed binary for stable releases in kinetic now and copying it back. We last built it in jammy, there may be toolchain related regressions.
  
  [Other info]
  We have backported 1.51 wholesale. This matters mostly for focal as it had different version numbers so far, but the content was otherwise identical to 1.42.
  
  This makes it clear that 1.51 is version signed with the new key and
  where it is available, and saves a lot of time vs changing changelogs to
  incorporate separate focal history in those ~20 uploads we do for the
  rotation.
+ 
+ fwupd-efi was built in kinetic in the ppa:ubuntu-uefi-team/ppa and then
+ signed with the 2022v1 signing key, copied to ppa:ubuntu-uefi-
+ team/proposed and then copied (--unembargo) into ppa:ubuntu-uefi-
+ team/proposed-step before being copied to the main queues. The final
+ proposed-public should allow sensible SRU review.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to fwupd-signed in Ubuntu.
https://bugs.launchpad.net/bugs/2003365

Title:
  2022v1 resigning

Status in fwupd-signed package in Ubuntu:
  New
Status in fwupd-signed source package in Bionic:
  New
Status in fwupd-signed source package in Focal:
  New
Status in fwupd-signed source package in Jammy:
  New
Status in fwupd-signed source package in Kinetic:
  New
Status in fwupd-signed source package in Lunar:
  New

Bug description:
  [Impact]
  Resign with new 2022v1 key, as the old key is revoked in shim 15.7-0ubuntu1.

  [Test plan]
  Check that fwupd.efi can be started from old and new shim.

  [Where problems could occur]
  We're building one signed binary for stable releases in kinetic now and copying it back. We last built it in jammy, there may be toolchain related regressions.

  [Other info]
  We have backported 1.51 wholesale. This matters mostly for focal as it had different version numbers so far, but the content was otherwise identical to 1.42.

  This makes it clear that 1.51 is version signed with the new key and
  where it is available, and saves a lot of time vs changing changelogs
  to incorporate separate focal history in those ~20 uploads we do for
  the rotation.

  fwupd-efi was built in kinetic in the ppa:ubuntu-uefi-team/ppa and
  then signed with the 2022v1 signing key, copied to ppa:ubuntu-uefi-
  team/proposed and then copied (--unembargo) into ppa:ubuntu-uefi-
  team/proposed-step before being copied to the main queues. The final
  proposed-public should allow sensible SRU review.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/fwupd-signed/+bug/2003365/+subscriptions

More information about the foundations-bugs mailing list