Bug#1039913: Please add hook for self-signing systemd-boot after upgrade
Jan Naumann
jan at jans-seite.de
Thu Jun 29 13:37:13 BST 2023
Package: systemd-boot
Version: 253-4
Severity: minor
Dear maintainers,
the systemd-boot package calls `bootctl update` after the upgrade of the
package. Therefore, it overwrites the currently installed systemd-boot image
(which could be signed for secure boot with a local key) on the ESP with a new,
but unsigned image.
Could you please add a hook to the postinst that either a local script can be
called on installation time which takes care of signing the image (similar to
the `/etc/kernel/postinst.d/ mechamism) or add some call to `sbsign` yourself if
e.g. the signing key is available at a specific path.
Thank you very much in advance
Jan Naumann
-- System Information:
Debian Release: trixie/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.3.0-1-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages systemd-boot depends on:
ii libc6 2.36-9
ii libsystemd-shared 253-4
ii systemd-boot-efi 253-4
Versions of packages systemd-boot recommends:
ii efibootmgr 17-2
systemd-boot suggests no packages.
-- no debconf information
More information about the Pkg-systemd-maintainers
mailing list