-
shim-signed (1.32~16.10.1) yakkety; urgency=medium
* Backport shim-signed 1.32 to 16.10. (LP: #1700170)
shim-signed (1.32) artful; urgency=medium
* Handle cleanup of /var/lib/shim-signed on package purge.
shim-signed (1.31) artful; urgency=medium
* Fix regression in postinst when /var/lib/dkms does not exist.
(LP#1700195)
* Sort the list of dkms modules when recording.
shim-signed (1.30) artful; urgency=medium
* update-secureboot-policy: track the installed DKMS modules so we can skip
failing unattended upgrades if they hasn't changed (ie. if no new DKMS
modules have been installed, just honour the user's previous decision to
not disable shim validation). (LP: #1695578)
* update-secureboot-policy: allow re-enabling shim validation when no DKMS
packages are installed. (LP: #1673904)
* debian/source_shim-signed.py: add the textual representation of SecureBoot
and MokSBStateRT EFI variables rather than just adding the files directly;
also, make sure we include the relevant EFI bits from kernel log.
(LP: #1680279)
shim-signed (1.29) artful; urgency=medium
* Makefile: Generate BOOT$arch.CSV, for use with fallback.
* debian/rules: make sure we can do per-arch EFI files.
-- Mathieu Trudel-Lapierre <email address hidden> Mon, 10 Jul 2017 17:27:42 -0400
-
shim-signed (1.28~16.10.1) yakkety; urgency=medium
* Adjust apport hook to include key files that tell us about the system's
current SB state. LP: #1680279.
-- Steve Langasek <email address hidden> Wed, 05 Apr 2017 15:14:49 -0700
-
shim-signed (1.27~16.10.1) yakkety; urgency=medium
* Backport shim 0.9+1474479173.6c180c6-1ubuntu1 to 16.10. (LP: #1637290)
shim-signed (1.27) zesty; urgency=medium
[ Steve Langasek ]
* Update to the signed 0.9+1474479173.6c180c6-1ubuntu1 binary from
Microsoft.
* update-secureboot-policy:
- detect when we have no debconf prompting and error out instead of ending
up in an infinite loop. LP: #1673817.
- refactor to make the code easier to follow.
- remove a confusing boolean that would always re-prompt on a request to
--enable, but not on a request to --disable.
[ Mathieu Trudel-Lapierre ]
* update-secureboot-policy:
- some more fixes to properly handle non-interactive mode. (LP: #1673817)
shim-signed (1.23) zesty; urgency=medium
* debian/control: bump the Depends on grub2-common since that's needed to
install with the new updated EFI binaries filenames.
shim-signed (1.22) yakkety; urgency=medium
* Update to the signed 0.9+1474479173.6c180c6-0ubuntu1 binary from Microsoft.
(LP: #1581299)
* Update paths now that the shim binary has been renamed to include the
target architecture.
* debian/shim-signed.postinst: clean up old MokManager.efi from EFI/ubuntu;
since it's being replaced by mm$arch.efi.
-- Mathieu Trudel-Lapierre <email address hidden> Thu, 23 Mar 2017 16:58:44 -0400
-
shim-signed (1.21.4) yakkety; urgency=medium
* Update to the signed 0.9+1474479173.6c180c6-0ubuntu1 binary from Microsoft.
(LP: #1637290, #1581299)
* Update paths now that the shim binary has been renamed to include the
target architecture.
* debian/shim-signed.postinst: clean up old MokManager.efi from EFI/ubuntu;
since it's being replaced by mm$arch.efi.
* debian/control: bump the Depends on grub2-common since that's needed to
install with the new updated EFI binaries filenames.
-- Mathieu Trudel-Lapierre <email address hidden> Thu, 13 Oct 2016 13:49:17 -0400
-
shim-signed (1.21.3) vivid; urgency=medium
* No-change rebuild for shim 0.9+1465500757.14a5905.is.0.8-0ubuntu3.
-- Mathieu Trudel-Lapierre <email address hidden> Thu, 06 Oct 2016 19:20:36 -0400
-
shim-signed (1.21.2) vivid; urgency=medium
* Revert to signed shim from 0.8-0ubuntu2. (LP: #1624096)
- shim.efi.signed originally built from shim 0.8-0ubuntu2 in wily.
-- Mathieu Trudel-Lapierre <email address hidden> Mon, 03 Oct 2016 17:17:54 -0400
-
shim-signed (1.20) yakkety; urgency=medium
* Update to the signed 0.9+1465500757.14a5905-0ubuntu1 binary from Microsoft.
(LP: #1581299)
-- Mathieu Trudel-Lapierre <email address hidden> Mon, 08 Aug 2016 11:14:21 -0400
-
shim-signed (1.19) yakkety; urgency=medium
* update-secureboot-policy:
- Add a --help option, document other options. (LP: #1604936)
- Rework prompting to display our Secure Boot warning and explanation
text more prominently, rather than forcing graphical users to hit
"Help" to see the full explanation for why we ask about disabling
Secure Boot. (LP: #1595611)
-- Mathieu Trudel-Lapierre <email address hidden> Tue, 02 Aug 2016 11:01:50 -0400
-
shim-signed (1.18) yakkety; urgency=medium
* update-secureboot-policy: If /proc/sys/kernel/moksbstate_disabled is
present, prefer this unconditionally over MokSBStateRT. LP: #1604873.
-- Steve Langasek <email address hidden> Wed, 20 Jul 2016 08:31:17 -0700
-
shim-signed (1.17) yakkety; urgency=medium
* update-secureboot-policy: rework setting capabilities to stop having
the backup capability while showing an error message; which won't affect
the Dialog debconf frontend but otherwise made the GTK frontend confusing.
* update-secureboot-policy: all debconf prompts should be at priority
critical: there is no good default to pick, we must prompt the user.
* debian/templates: make the password inputs be standard inputs; this is an
unfortunate workaround to aptdaemon not having access to the debconf
password database on desktop; since the frontend runs as an unprivileged
user. See bug LP#1599981 (LP: #1599051)
-- Mathieu Trudel-Lapierre <email address hidden> Thu, 07 Jul 2016 16:58:45 -0400
-
shim-signed (1.16) yakkety; urgency=medium
* debian/shim-signed.postinst: call for the trigger on update of shim-signed.
-- Mathieu Trudel-Lapierre <email address hidden> Tue, 28 Jun 2016 17:34:23 -0400
-
shim-signed (1.15) yakkety; urgency=medium
* update-secureboot-policy: validate the state of MokSBStateRT against what
the kernel believes it to be via /proc/sys/kernel/moksbstate_disabled,
in case we have the kernel which knows about shim's validation policy but
an old shim that doesn't export MokSBStateRT.
-- Mathieu Trudel-Lapierre <email address hidden> Fri, 17 Jun 2016 16:47:40 +0300
-
shim-signed (1.14) yakkety; urgency=medium
* update-secureboot-policy:
- Make it easier for users to really re-enable Secure Boot via an --enable
option.
- Don't prompt for action if there are no DKMS packages installed, as per
checking if there are any subdirectories in /var/lib/dkms.
-- Mathieu Trudel-Lapierre <email address hidden> Tue, 07 Jun 2016 16:09:53 -0400
-
shim-signed (1.13) yakkety; urgency=medium
* update-secureboot-policy: have a trigger-ready script available to deal
with the necessity to change Secure Boot policy on a system.
* debian/shim-signed.templates: ship the necessary templates for secureboot.
* debian/shim-signed.postinst: Run our trigger script to update Secure Boot
policy when necessary at the end of installs, without calling dpkg-trigger
again.
-- Mathieu Trudel-Lapierre <email address hidden> Mon, 16 May 2016 15:29:27 -0400
-
shim-signed (1.12) xenial; urgency=medium
* debian/control: add Depends on mokutil, to ship a way for users to
control shim features, such as enrolling new keys.
-- Mathieu Trudel-Lapierre <email address hidden> Wed, 16 Dec 2015 10:19:23 -0500
