-
shim-signed (1.33.1~14.04.5) trusty; urgency=medium
* debian/control: make the sbsigntool dependency versioned to ensure updates
include getting the new sbsigntool so DKMS modules can be correctly signed.
(LP: #1818929)
-- Mathieu Trudel-Lapierre <email address hidden> Mon, 01 Apr 2019 12:20:03 -0400
-
shim-signed (1.33.1~14.04.4) trusty; urgency=medium
* update-secureboot-policy: (LP: #1748983)
- Backport update-secureboot-policy changes to generate a MOK and guide
users through re-enabling validation and automatically signing DKMS
modules.
* debian/shim-signed.postinst:
- When triggered, explicitly try to enroll the available MOK.
* debian/shim-signed.install, openssl.cnf: Install some default configuration
for creating our self-signed key.
* debian/shim-signed.dirs: make sure we have a directory where to put a MOK.
* debian/templates: update templates for update-secureboot-policy changes.
* debian/control: Breaks dkms (<< 2.2.0.3-1.1ubuntu5.14.04.10~) since we're
changing the behavior of update-secureboot-policy.
-- Mathieu Trudel-Lapierre <email address hidden> Mon, 28 Jan 2019 11:02:00 -0500
-
shim-signed (1.33.1~14.04.3) trusty; urgency=medium
* debian/control: Add a Pre-Depends on dpkg (>= 1.17.5ubuntu5.8) in order
to help ensure upgrades have the right dpkg to be able to extract shim.
(LP: #1792497)
-- Mathieu Trudel-Lapierre <email address hidden> Thu, 25 Oct 2018 11:21:09 -0400
-
shim-signed (1.33.1~14.04.2) trusty; urgency=medium
* Depend on the correct version of grub2-common: 2.02~beta2-9ubuntu1.15.
shim-signed (1.33.1~14.04.1) trusty; urgency=medium
* Backport shim-signed 1.33.1 to 14.04. (LP: #1708245)
shim-signed (1.33.1) bionic; urgency=medium
* Update to the signed 13-0ubuntu2 binary from Microsoft. (LP: #1708245)
* Stop generating and install BOOT.CSV, shim will do that by itself now.
* Add Vcs-* fields.
-- Mathieu Trudel-Lapierre <email address hidden> Wed, 05 Sep 2018 16:00:53 -0400
-
shim-signed (1.33.1~14.04.1) trusty; urgency=medium
* Backport shim-signed 1.33.1 to 14.04. (LP: #1708245)
-- Mathieu Trudel-Lapierre <email address hidden> Thu, 11 Jan 2018 15:55:06 -0500
-
shim-signed (1.32~14.04.2) trusty; urgency=medium
* Backport shim-signed 1.32 to 14.04. (LP: #1700170)
shim-signed (1.32) artful; urgency=medium
* Handle cleanup of /var/lib/shim-signed on package purge.
shim-signed (1.31) artful; urgency=medium
* Fix regression in postinst when /var/lib/dkms does not exist.
(LP #1700195)
* Sort the list of dkms modules when recording.
shim-signed (1.30) artful; urgency=medium
* update-secureboot-policy: track the installed DKMS modules so we can skip
failing unattended upgrades if they hasn't changed (ie. if no new DKMS
modules have been installed, just honour the user's previous decision to
not disable shim validation). (LP: #1695578)
* update-secureboot-policy: allow re-enabling shim validation when no DKMS
packages are installed. (LP: #1673904)
* debian/source_shim-signed.py: add the textual representation of SecureBoot
and MokSBStateRT EFI variables rather than just adding the files directly;
also, make sure we include the relevant EFI bits from kernel log.
(LP: #1680279)
shim-signed (1.29) artful; urgency=medium
* Makefile: Generate BOOT$arch.CSV, for use with fallback.
* debian/rules: make sure we can do per-arch EFI files.
shim-signed (1.28) zesty; urgency=medium
* Adjust apport hook to include key files that tell us about the system's
current SB state. LP: #1680279.
shim-signed (1.27) zesty; urgency=medium
[ Steve Langasek ]
* Update to the signed 0.9+1474479173.6c180c6-1ubuntu1 binary from
Microsoft.
* update-secureboot-policy:
- detect when we have no debconf prompting and error out instead of ending
up in an infinite loop. LP: #1673817.
- refactor to make the code easier to follow.
- remove a confusing boolean that would always re-prompt on a request to
--enable, but not on a request to --disable.
[ Mathieu Trudel-Lapierre ]
* update-secureboot-policy:
- some more fixes to properly handle non-interactive mode. (LP: #1673817)
shim-signed (1.23) zesty; urgency=medium
* debian/control: bump the Depends on grub2-common since that's needed to
install with the new updated EFI binaries filenames.
shim-signed (1.22) yakkety; urgency=medium
* Update to the signed 0.9+1474479173.6c180c6-0ubuntu1 binary from Microsoft.
* Update paths now that the shim binary has been renamed to include the
target architecture.
* debian/shim-signed.postinst: clean up old MokManager.efi from EFI/ubuntu;
since it's being replaced by mm$arch.efi.
shim-signed (1.21.3) vivid; urgency=medium
* No-change rebuild for shim 0.9+1465500757.14a5905.is.0.8-0ubuntu3.
shim-signed (1.21.2) vivid; urgency=medium
* Revert to signed shim from 0.8-0ubuntu2.
- shim.efi.signed originally built from shim 0.8-0ubuntu2 in wily.
shim-signed (1.20) yakkety; urgency=medium
* Update to the signed 0.9+1465500757.14a5905-0ubuntu1 binary from Microsoft.
(LP: #1581299)
-- Mathieu Trudel-Lapierre <email address hidden> Mon, 10 Jul 2017 20:29:28 -0400
-
shim-signed (1.32~14.04.1) trusty; urgency=medium
* Backport shim-signed 1.32 to 14.04. (LP: #1700170)
shim-signed (1.32) artful; urgency=medium
* Handle cleanup of /var/lib/shim-signed on package purge.
shim-signed (1.31) artful; urgency=medium
* Fix regression in postinst when /var/lib/dkms does not exist.
(LP #1700195)
* Sort the list of dkms modules when recording.
shim-signed (1.30) artful; urgency=medium
* update-secureboot-policy: track the installed DKMS modules so we can skip
failing unattended upgrades if they hasn't changed (ie. if no new DKMS
modules have been installed, just honour the user's previous decision to
not disable shim validation). (LP: #1695578)
* update-secureboot-policy: allow re-enabling shim validation when no DKMS
packages are installed. (LP: #1673904)
* debian/source_shim-signed.py: add the textual representation of SecureBoot
and MokSBStateRT EFI variables rather than just adding the files directly;
also, make sure we include the relevant EFI bits from kernel log.
(LP: #1680279)
shim-signed (1.29) artful; urgency=medium
* Makefile: Generate BOOT$arch.CSV, for use with fallback.
* debian/rules: make sure we can do per-arch EFI files.
shim-signed (1.28) zesty; urgency=medium
* Adjust apport hook to include key files that tell us about the system's
current SB state. LP: #1680279.
shim-signed (1.27) zesty; urgency=medium
[ Steve Langasek ]
* Update to the signed 0.9+1474479173.6c180c6-1ubuntu1 binary from
Microsoft.
* update-secureboot-policy:
- detect when we have no debconf prompting and error out instead of ending
up in an infinite loop. LP: #1673817.
- refactor to make the code easier to follow.
- remove a confusing boolean that would always re-prompt on a request to
--enable, but not on a request to --disable.
[ Mathieu Trudel-Lapierre ]
* update-secureboot-policy:
- some more fixes to properly handle non-interactive mode. (LP: #1673817)
shim-signed (1.23) zesty; urgency=medium
* debian/control: bump the Depends on grub2-common since that's needed to
install with the new updated EFI binaries filenames.
shim-signed (1.22) yakkety; urgency=medium
* Update to the signed 0.9+1474479173.6c180c6-0ubuntu1 binary from Microsoft.
* Update paths now that the shim binary has been renamed to include the
target architecture.
* debian/shim-signed.postinst: clean up old MokManager.efi from EFI/ubuntu;
since it's being replaced by mm$arch.efi.
shim-signed (1.21.3) vivid; urgency=medium
* No-change rebuild for shim 0.9+1465500757.14a5905.is.0.8-0ubuntu3.
shim-signed (1.21.2) vivid; urgency=medium
* Revert to signed shim from 0.8-0ubuntu2.
- shim.efi.signed originally built from shim 0.8-0ubuntu2 in wily.
shim-signed (1.20) yakkety; urgency=medium
* Update to the signed 0.9+1465500757.14a5905-0ubuntu1 binary from Microsoft.
(LP: #1581299)
-- Mathieu Trudel-Lapierre <email address hidden> Mon, 10 Jul 2017 20:29:28 -0400
-
shim-signed (1.21.4~14.04.1) trusty; urgency=medium
* Update to the signed 0.9+1474479173.6c180c6-0ubuntu1 binary from Microsoft.
(LP: #1637290, #1581299)
* Update paths now that the shim binary has been renamed to include the
target architecture.
* debian/shim-signed.postinst: clean up old MokManager.efi from EFI/ubuntu;
since it's being replaced by mm$arch.efi.
* debian/control: bump the Depends on grub2-common since that's needed to
install with the new updated EFI binaries filenames.
-- Mathieu Trudel-Lapierre <email address hidden> Tue, 08 Nov 2016 14:50:24 -0500
-
shim-signed (1.19~14.04.1) trusty; urgency=medium
* update-secureboot-policy:
- Add a --help option, document other options. (LP: #1604936)
- Rework prompting to display our Secure Boot warning and explanation
text more prominently, rather than forcing graphical users to hit
"Help" to see the full explanation for why we ask about disabling
Secure Boot. (LP: #1595611)
-- Mathieu Trudel-Lapierre <email address hidden> Tue, 02 Aug 2016 15:18:33 -0400
-
shim-signed (1.18~14.04.1) trusty; urgency=medium
* update-secureboot-policy: If /proc/sys/kernel/moksbstate_disabled is
present, prefer this unconditionally over MokSBStateRT. LP: #1604873.
-- Steve Langasek <email address hidden> Wed, 20 Jul 2016 16:21:36 -0700
-
shim-signed (1.17~14.04.1) trusty; urgency=medium
* Backport shim-signed 1.17 to 14.04. (LP: #1574727)
-- Mathieu Trudel-Lapierre <email address hidden> Thu, 07 Jul 2016 20:17:24 -0400
-
shim-signed (1.16~14.04.1) trusty; urgency=medium
* Backport shim-signed 1.16 to 14.04. (LP: #1574727)
-- Mathieu Trudel-Lapierre <email address hidden> Tue, 28 Jun 2016 19:39:14 -0400
-
shim-signed (1.15~14.04.1) trusty; urgency=medium
* Backport shim-signed 1.15 to 14.04. (LP: #1574727)
-- Mathieu Trudel-Lapierre <email address hidden> Tue, 21 Jun 2016 10:18:29 -0400
-
shim-signed (1.9) wily; urgency=medium
* Update to the signed 0.8-0ubuntu2 binary from Microsoft.
-- Steve Langasek <email address hidden> Sun, 07 Jun 2015 19:27:35 +0000
-
shim-signed (1.6) trusty; urgency=low
* Also add a build-dependency on grub2-common, to ensure that our
grub-install is the correct one - since grub-efi-amd64-bin is
coinstallable with grub1. LP: #1259558.
-- Steve Langasek <email address hidden> Tue, 10 Dec 2013 09:10:23 -0800
-
shim-signed (1.5) trusty; urgency=low
* Pass --target=x86_64-efi to grub-install from the postinst and depend on
grub-efi-amd64-bin, so that package upgrades will do the right thing
even if the system has been rebooted under BIOS. LP: #1246910.
* Kubuntu sets GRUB_DISTRIBUTOR to a different value which doesn't match
the path under /boot/efi; fix this up so shim-signed upgrades properly
on Kubuntu systems. LP: #1242417.
-- Steve Langasek <email address hidden> Thu, 31 Oct 2013 17:06:21 -0700
-
shim-signed (1.4) trusty; urgency=low
* Add a dependency on shim, so that we can pull in MokManager for use.
* Update to the signed 0.4-0ubuntu4 binary from Microsoft.
-- Steve Langasek <email address hidden> Wed, 30 Oct 2013 15:04:23 -0700
-
shim-signed (1.3) saucy; urgency=low
* Build-depend on sbsigntool (>= 0.6-0ubuntu4) and check the integrity of
our signed binary at build time.
* Update to the signed 0.4-0ubuntu3 binary from Microsoft.
-- Steve Langasek <email address hidden> Sat, 07 Sep 2013 22:09:22 +0000
