Download signed version from versioned URL

Hello Julian, or anyone else affected,

Accepted shim-signed into hirsute-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/shim-signed/1.50 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-hirsute to verification-done-hirsute. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-hirsute. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

This bug was fixed in the package shim-signed - 1.50

---------------
shim-signed (1.50) impish; urgency=medium

  * download-signed: Fetch signed artefacts from versioned URL instead
    of current/ symlink to work around caching (LP: #1936640)

 -- Julian Andres Klode <email address hidden> Fri, 16 Jul 2021 13:18:10 +0200

Hello Julian, or anyone else affected,

Accepted shim-signed into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/shim-signed/1.40.6 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello Julian, or anyone else affected,

Accepted shim-signed into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/shim-signed/1.37~18.04.9 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello Julian, or anyone else affected,

Accepted shim-signed into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/shim-signed/1.37~18.04.10 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

I checked the build logs for all releases (1.50, 1.40.6, and 1.37~18.04.10) and they all fetched via versioned URLs.

shim-signed 1.50 chainloads windows 10 correctly.

This bug was fixed in the package shim-signed - 1.50

---------------
shim-signed (1.50) impish; urgency=medium

  * download-signed: Fetch signed artefacts from versioned URL instead
    of current/ symlink to work around caching (LP: #1936640)

 -- Julian Andres Klode <email address hidden> Fri, 16 Jul 2021 13:18:10 +0200

The verification of the Stable Release Update for shim-signed has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

This bug was fixed in the package shim-signed - 1.40.6

---------------
shim-signed (1.40.6) focal; urgency=medium

  * Update to shim 15.4-0ubuntu7:
    - Fix load option parsing, and thus fwupd execution (LP: #1929471) (PR #379)
    - Fix occasional crashes in _relocate() on arm64 (LP: #1928010) (PR #383)
    - Fix accidental deletion of RT variables (LP: #1934506) (PR #387)
    - mok: relax the maximum variable size check (LP: #1934780) (PR #369)
  * download-signed: Fetch signed artefacts from versioned URL instead
    of current/ symlink to work around caching (LP: #1936640)

shim-signed (1.40.5) focal; urgency=medium

  * New upstream release 15.4. LP: #1921134
  * Synchronize packaging with 1.48, summary
    - Update packaging to pull fb and mm from shim-signed package as in
      later releases, dropping the runtime dependency on shim.
    - Add download-signed script from linux-signed package
    - Include reworked Makefile from devel to better assert the integrity of
      the executables.
    - Dual-signed shim
    - Set XB-Important: yes and Protected: yes on shim-signed package
      so that it cannot be removed by accident (LP: #1898729)
  * Update to shim 15.4-0ubuntu5:
    - Stop addending vendor dbx to MokListXRT during MokListX mirroring. This
      is causing systems to run out of EFI storage space, or just hang up
      when trying to write it (LP: #1924605) (LP: #1928434)
    - Further relax the check for variable mirroring on non-secureboot systems
      avoiding boot failures on out of space conditons (pull request #372)
    - Don't unhook ExitBootServices() when EBS protection is disabled
      (LP: #1931136) (pull request #378)

 -- Julian Andres Klode <email address hidden> Fri, 16 Jul 2021 13:33:00 +0200

This bug was fixed in the package shim-signed - 1.37~18.04.10

---------------
shim-signed (1.37~18.04.10) bionic; urgency=medium

  * Remove unnecessary efitools dependency that prevented build on arm64

shim-signed (1.37~18.04.9) bionic; urgency=medium

  * New upstream release 15.4. LP: #1921134
  * Synchronize packaging with 1.50, summary
    - Update packaging to pull fb and mm from shim-signed package as in
      later releases, dropping the runtime dependency on shim.
    - Add download-signed script from linux-signed package
    - Include reworked Makefile from devel to better assert the integrity of
      the executables.
    - Dual-signed shim
    - Set XB-Important: yes on shim-signed package so that it cannot be
      removed by accident (LP: #1898729)
    - download-signed: Fetch signed artefacts from versioned URL instead
      of current/ symlink to work around caching (LP: #1936640)
  * Update to shim 15.4-0ubuntu5:
    - Stop addending vendor dbx to MokListXRT during MokListX mirroring. This
      is causing systems to run out of EFI storage space, or just hang up
      when trying to write it (LP: #1924605) (LP: #1928434)
    - Further relax the check for variable mirroring on non-secureboot systems
      avoiding boot failures on out of space conditons (pull request #372)
    - Don't unhook ExitBootServices() when EBS protection is disabled
      (LP: #1931136) (pull request #378)
  * Update to shim 15.4-0ubuntu7:
    - Fix load option parsing, and thus fwupd execution (LP: #1929471) (PR #379)
    - Fix occasional crashes in _relocate() on arm64 (LP: #1928010) (PR #383)
    - Fix accidental deletion of RT variables (LP: #1934506) (PR #387)
    - mok: relax the maximum variable size check (LP: #1934780) (PR #369)

 -- Julian Andres Klode <email address hidden> Mon, 19 Jul 2021 17:01:19 +0200