Bug#1108714: systemd-ukify: Consider depending on python3-cryptography for systemd-ukify
Jarl Gullberg
jarl.gullberg at algiz.nu
Thu Jul 3 19:51:12 BST 2025
Package: systemd-ukify
Version: 257.6-1
Severity: normal
X-Debbugs-Cc: jarl.gullberg at algiz.nu
Dear Maintainer,
This is a request to consider upping the systemd-ukify's recommendation of
python3-cryptograhy to a full dependency.
I've been experimenting with systemd-ukify for a while now on trixie, and I've
noticed that any secure boot-related operations fail unless I either install
recommended packages or (if that is disabled by default) manually install
python3-cryptography.
I assume the reason systemd-ukify doesn't depend on python3-cryptography is
because secure boot signing isn't strictly neccesary; however, I believe it is
a common enough use case to warrant always pulling in python3-cryptography.
The error is not super obvious (just a Python import error) and may appear to
be an outright crash bug to novice users.
-- System Information:
Debian Release: 13.0
APT prefers testing-security
APT policy: (500, 'testing-security'), (500, 'testing')
Architecture: arm64 (aarch64)
Kernel: Linux 6.12.20-arm64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_CRAP
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages systemd-ukify depends on:
ii python3 3.13.3-1
ii python3-pefile 2024.8.26-2.1
ii python3-zstandard 0.23.0-4
Versions of packages systemd-ukify recommends:
ii python3-cryptography 43.0.0-3
pn python3-lz4 <none>
ii systemd 257.6-1
ii systemd-boot-efi 257.6-1
pn systemd-repart <none>
systemd-ukify suggests no packages.
-- no debconf information
More information about the Pkg-systemd-maintainers
mailing list