Bug#983912: grub2: consider renaming signed source packages to grub2-signed-*

J.A. Bezemer j.a.bezemer at opensourcepartners.nl
Mon Nov 21 20:05:20 GMT 2022


On Sun, 20 Nov 2022, Salvatore Bonaccorso wrote:
> On Wed, Mar 03, 2021 at 10:52:39AM +0100, Ansgar wrote:
>> Source: grub2
>> Version: 2.04-16
>> Severity: normal
>> X-Debbugs-Cc: ftpmaster at debian.org, debian-release at lists.debian.org
>>
>> grub2 currently uses grub-efi-signed-* as source package names for the
>> Secure Boot signed packages.  While releasing the last security update
>> we found a small issue with these names:
>>
>> dak processes source packages in lexiographic order, so it would
>> process grub-efi-signed-* before grub2 when accepting all packages at
>> once from the "embargoed" policy queue.  But the grub-efi-signed-*
>> binary packages have Built-Using: grub2; as grub2 is not accepted from
>> embargoed at this point in time, the /binary/ uploads will be rejected
>> in this case.  (This problem exists in principle with all Built-Using
>> relations.)

How hard would it be to enhance dak to not require any specific ordering?

One way could be to process the same list repeatedly, until no additional 
packages have been accepted for an entire pass.

Regards,
Anne Bezemer



More information about the Pkg-grub-devel mailing list