diff -Nru grub2-2.02~beta2/debian/changelog grub2-2.02~beta2/debian/changelog --- grub2-2.02~beta2/debian/changelog 2016-05-16 14:39:25.000000000 +0000 +++ grub2-2.02~beta2/debian/changelog 2016-05-20 16:35:11.000000000 +0000 @@ -1,3 +1,20 @@ +grub2 (2.02~beta2-36ubuntu8) yakkety; urgency=medium + + * debian/grub-common.init: Don't source /lib/init/vars.sh, we don't depend + on initscripts (and don't want to). There is no reason why we would not + use the LSB log_action_msg in non-verbose (default) mode, most other + packages use it unconditionally. (LP: #1584134) + + -- Martin Pitt Fri, 20 May 2016 18:33:35 +0200 + +grub2 (2.02~beta2-36ubuntu7) yakkety; urgency=medium + + * debian/postinst.in: replace setup_mok_validation with a call to + update-secureboot-policy, a script shipped by shim-signed. + * debian/control: drop Depends on mokutil, we're not calling it directly. + + -- Mathieu Trudel-Lapierre Wed, 18 May 2016 11:05:43 -0400 + grub2 (2.02~beta2-36ubuntu6) yakkety; urgency=medium * Fix booting on Hyper-V gen 2 VMs due to the lack of PIT there; we can deal diff -Nru grub2-2.02~beta2/debian/control grub2-2.02~beta2/debian/control --- grub2-2.02~beta2/debian/control 2016-04-15 16:46:50.000000000 +0000 +++ grub2-2.02~beta2/debian/control 2016-05-18 14:58:04.000000000 +0000 @@ -275,7 +275,7 @@ Package: grub-efi-ia32 Architecture: any-i386 any-amd64 Pre-Depends: ${misc:Pre-Depends} -Depends: ${shlibs:Depends}, ${misc:Depends}, grub2-common (= ${binary:Version}), grub-efi-ia32-bin (= ${binary:Version}), ucf, mokutil +Depends: ${shlibs:Depends}, ${misc:Depends}, grub2-common (= ${binary:Version}), grub-efi-ia32-bin (= ${binary:Version}), ucf Replaces: grub, grub-legacy, grub2 (<< ${source:Version}), grub-common (<= 1.97~beta2-1), grub-efi, grub-efi-amd64, grub-pc, grub-coreboot, grub-ieee1275 Conflicts: grub (<< 0.97-54), grub-legacy, grub-efi-amd64, grub-pc, grub-coreboot, grub-ieee1275, grub-xen, elilo Multi-Arch: foreign @@ -326,7 +326,7 @@ Package: grub-efi-amd64 Architecture: i386 kopensolaris-i386 any-amd64 Pre-Depends: ${misc:Pre-Depends} -Depends: ${shlibs:Depends}, ${misc:Depends}, grub2-common (= ${binary:Version}), grub-efi-amd64-bin (= ${binary:Version}), ucf, mokutil +Depends: ${shlibs:Depends}, ${misc:Depends}, grub2-common (= ${binary:Version}), grub-efi-amd64-bin (= ${binary:Version}), ucf Replaces: grub, grub-legacy, grub2 (<< ${source:Version}), grub-common (<= 1.97~beta2-1), grub-pc, grub-efi-ia32, grub-coreboot, grub-ieee1275 Conflicts: grub, grub-legacy, grub-efi-ia32, grub-pc, grub-coreboot, grub-ieee1275, grub-xen, elilo Multi-Arch: foreign @@ -375,7 +375,7 @@ Package: grub-efi-ia64 Architecture: any-ia64 Pre-Depends: ${misc:Pre-Depends} -Depends: ${shlibs:Depends}, ${misc:Depends}, grub2-common (= ${binary:Version}), grub-efi-ia64-bin (= ${binary:Version}), ucf, mokutil +Depends: ${shlibs:Depends}, ${misc:Depends}, grub2-common (= ${binary:Version}), grub-efi-ia64-bin (= ${binary:Version}), ucf Conflicts: elilo Multi-Arch: foreign Description: GRand Unified Bootloader, version 2 (IA64 version) @@ -422,7 +422,7 @@ Package: grub-efi-arm Architecture: any-arm Pre-Depends: ${misc:Pre-Depends} -Depends: ${shlibs:Depends}, ${misc:Depends}, grub2-common (= ${binary:Version}), grub-efi-arm-bin (= ${binary:Version}), ucf, mokutil +Depends: ${shlibs:Depends}, ${misc:Depends}, grub2-common (= ${binary:Version}), grub-efi-arm-bin (= ${binary:Version}), ucf Conflicts: grub-uboot Multi-Arch: foreign Description: GRand Unified Bootloader, version 2 (ARM UEFI version) @@ -469,7 +469,7 @@ Package: grub-efi-arm64 Architecture: any-arm64 Pre-Depends: ${misc:Pre-Depends} -Depends: ${shlibs:Depends}, ${misc:Depends}, grub2-common (= ${binary:Version}), grub-efi-arm64-bin (= ${binary:Version}), ucf, mokutil +Depends: ${shlibs:Depends}, ${misc:Depends}, grub2-common (= ${binary:Version}), grub-efi-arm64-bin (= ${binary:Version}), ucf Multi-Arch: foreign Description: GRand Unified Bootloader, version 2 (ARM64 UEFI version) GRUB is a portable, powerful bootloader. This version of GRUB is based on a diff -Nru grub2-2.02~beta2/debian/grub-common.init grub2-2.02~beta2/debian/grub-common.init --- grub2-2.02~beta2/debian/grub-common.init 2016-03-15 18:08:17.000000000 +0000 +++ grub2-2.02~beta2/debian/grub-common.init 2016-05-20 16:33:30.000000000 +0000 @@ -13,20 +13,17 @@ which grub-editenv >/dev/null 2>&1 || exit 0 -# Load the VERBOSE setting and other rcS variables -. /lib/init/vars.sh - # Define LSB log_* functions. # Depend on lsb-base (>= 3.0-6) to ensure that this file is present. . /lib/lsb/init-functions case $1 in start|restart|force-reload) - [ "$VERBOSE" != no ] && log_action_msg "Recording successful boot for GRUB" + log_action_msg "Recording successful boot for GRUB" [ -s /boot/grub/grubenv ] || rm -f /boot/grub/grubenv mkdir -p /boot/grub grub-editenv /boot/grub/grubenv unset recordfail - [ "$VERBOSE" != no ] && log_end_msg $? + log_end_msg $? ;; stop) ;; diff -Nru grub2-2.02~beta2/debian/postinst.in grub2-2.02~beta2/debian/postinst.in --- grub2-2.02~beta2/debian/postinst.in 2016-03-19 00:53:38.000000000 +0000 +++ grub2-2.02~beta2/debian/postinst.in 2016-05-18 14:55:19.000000000 +0000 @@ -307,97 +307,6 @@ fi } -setup_mok_validation() -{ - local sb_enabled moksb moksbstatert - local efivars secureboot_var moksb_var moksbstatert_var - efivars=/sys/firmware/efi/efivars - secureboot_var=SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c - moksb_var=MokSB-605dab50-e046-4300-abb6-3dd810dd8b23 - moksbstatert_var=MokSBStateRT-605dab50-e046-4300-abb6-3dd810dd8b23 - - # nothing to do if there is no dkms package installed. - if ! dpkg -l dkms | grep -qc ii; then - return - fi - - if [ -d $efivars ] && [ -f $efivars/$secureboot_var ]; then - sb_enabled=$(od -An -t u1 $efivars/$secureboot_var | awk '{ print $NF; }') - moksb=0 - moksbstatert=0 - if [ -f $efivars/$moksb_var ]; then - # if MokSB exists we've likely already run mokutil since last boot - moksb=1 - fi - if [ -f $efivars/$moksbstatert_var ]; then - # MokSBStateRT set to 1 means validation is disabled - moksbstatert=$(od -An -t u1 $efivars/$moksbstatert_var | \ - awk '{ print $NF; }') - fi - if [ $sb_enabled -eq 1 ]; then - if [ $moksb -eq 0 ] && [ $moksbstatert -eq 0 ]; then - db_capb backup - STATE=1 - db_settitle dkms/title/secureboot - while true; do - case "$STATE" in - 1) - # Allow the user to skip disabling Secure Boot. - db_input high dkms/disable_secureboot || true - ;; - 2) - db_get dkms/disable_secureboot - if [ "$RET" = "false" ]; then - break - fi - - db_input high dkms/secureboot_key || true - db_input high dkms/secureboot_key_again || true - ;; - 3) - db_get dkms/secureboot_key - key="$RET" - db_get dkms/secureboot_key_again - again="$RET" - - if [ "$key" != "$again" ]; then - db_fset dkms/error/secureboot_key_mismatch seen false - db_input critical dkms/error/secureboot_key_mismatch - STATE=$(($STATE - 2)) - else - length=`echo "$key" | wc -c` - if [ $length -lt 8 ] || [ $length -gt 16 ]; then - db_fset dkms/error/bad_secureboot_key seen false - db_input critical dkms/error/bad_secureboot_key - STATE=$(($STATE - 2)) - elif [ $length -ne 0 ]; then - printf '%s\n%s\n' "$RET" "$RET" | mokutil --disable-validation >/dev/null || true - fi - fi - - # Always clear secureboot key. - db_set dkms/secureboot_key '' - db_fset dkms/secureboot_key seen false - db_set dkms/secureboot_key_again '' - db_fset dkms/secureboot_key_again seen false - ;; - *) - break - ;; - esac; - - if db_go; then - STATE=$(($STATE + 1)) - else - STATE=$(($STATE - 1)) - fi - done - db_capb - fi - fi - fi -} - case "$1" in configure) . /usr/share/debconf/confmodule @@ -800,7 +709,9 @@ fi done - setup_mok_validation + if type update-secureboot-policy >/dev/null 2>&1; then + update-secureboot-policy || true + fi ;; grub-ieee1275)