summaryrefslogtreecommitdiff
path: root/debian
AgeCommit message (Collapse)Author
2025-07-07T861: add VyOS UEFI CA alongside Debian UEFI CAHEADvyos/currentChristian Breunig
2024-05-04Release 15.8-1debian/15.8-1Steve McIntyre
2024-05-04Clean up better after build. Closes: #1046268Steve McIntyre
2024-05-04Install a copy of the Debian CA certificate into /usr/share/shim.Steve McIntyre
Closes: #1069054
2024-05-04Tag bugfixesSteve McIntyre
2024-05-03Force usage of newest revocations at build timeSteve McIntyre
Force shim to use the latest revocations by default to block some older grub / peimage issues. This is: "shim,4\ngrub,4\ngrub.peimage,2\n" This should work with the current released grub builds in all of buster, bullseye, bookwork and trixie/unstable. Let's not leave known security holes in the wild.
2024-05-03Cherry-pick latest grub revocation patches from upstream shimSteve McIntyre
0001-sbat-Add-grub.peimage-2-to-latest-CVE-2024-2312.patch 0002-sbat-Also-bump-latest-for-grub-4-and-to-todays-date.patch
2024-05-03Log if the build is nx-compatible or notSteve McIntyre
Add a new simple script to do this: check_nx
2024-05-03Stop building shim for i386Steve McIntyre
Debian kernels are no longer signed for i386, it's time to stop supporting i386 SB.
2024-05-03Switch to 15.8 upstream and drop patchesSteve McIntyre
2024-05-02Tweak the UUID handling to be clearerSteve McIntyre
2024-05-02Add salsa-ci.ymlBastien Roucariès
2024-04-29Add changelog entryBastien Roucariès
2024-04-29Add verification of upstream releaseBastien Roucariès
2024-04-29Fix d/watchBastien Roucariès
2024-04-29Closes: #936009Bastien Roucariès
2024-04-29Apply multi-arch hints. + shim-unsigned: Add Multi-Arch: same.Debian Janitor
Changes-By: apply-multiarch-hints
2024-04-16Add machine smm=onBastien Roucariès
2024-04-15Fix test failureBastien Roucariès
2024-04-15Fix depreciation warningsBastien Roucariès
2024-04-15Use popen for lsb_releaseBastien Roucariès
2024-04-15Fix dependsBastien Roucariès
2024-04-15Update changelogBastien Roucariès
2024-04-15Port to debianBastien Roucariès
2024-04-15Add ubuntu testBastien Roucariès
2024-01-20generate_dbx_list: pick a fixed UUIDSteve McIntyre
otherwise our build won't be reproducible, doh!
2023-11-02Tweak building with pesign changesSteve McIntyre
We used to use efisiglist to generate the DBX list. Newer versions of the pesign package don't include it any more, and the recommended replacement tool is now efisecdb from efivar. Tweak the generate_dbx_list script to work with both old and new. Let's make backports easy...
2023-01-31Release 15.7-1debian/15.7-1Steve McIntyre
2023-01-30Swith to using the upstream "enable NX" patchSteve McIntyre
2023-01-29Block Debian grub binaries with sbat < 4 (see #1024617)Steve McIntyre
2023-01-24Enable NX support at build timeSteve McIntyre
As required by policy for signing new shim binaries.
2023-01-22Update upstream commit hash in buildSteve McIntyre
We're using 657b2483ca6e9fcf2ad8ac7ee577ff546d24c3aa, which is the 15.7 release plus the one patch we're applying.
2023-01-22Update to Standards-Version 4.6.2 (no changes needed)Steve McIntyre
2023-01-22Switch to using gcc-12Steve McIntyre
Closes: #1022180
2023-01-22Switch to new upstream (15.7)Steve McIntyre
Also import patch to deal with buggy binutils
2022-07-21Release 15.6-1debian/15.6-1Steve McIntyre
2022-06-23Start packaging updates for the new 15.6 upstream releaseSteve McIntyre
Remove all our patches, all upstream now
2022-05-01Update the 32-bit format patch after upstream reviewSteve McIntyre
2022-04-28Add patch headers for our patches now I've pushed PRsSteve McIntyre
2022-04-28Try again on the string format fixSteve McIntyre
2022-04-28Fix format strings for 32-bit buildsSteve McIntyre
2022-04-28Add new build-dep on libefivar-dev for testsSteve McIntyre
2022-04-28Try again with includesSteve McIntyre
2022-04-27Tweak setup for dh_auto_test so the tests workSteve McIntyre
2022-04-27Start packaging updates for the new 15.51 upstream releaseSteve McIntyre
Remove all our patches, all upstream now.
2021-07-12Tweak how we call grub-install; don't abort on errordebian/15.4-7Steve McIntyre
Not ideal behaviour either, but don't break upgrades. Copy the behaviour from the grub packages here. Closes: #990966
2021-06-23Release 15.4-6debian/15.4-6Steve McIntyre
2021-06-22In insecure mode, don't abort if we can't create the MokListXRT varSteve McIntyre
Upstream issue #372. Closes: #989962, #990158
2021-06-22Add arm64 patch to tweak section layout and stop crashing problemsSteve McIntyre
Upstream issue #371. Closes: #990082, #990190
2021-05-06Add defensive code around calls to db_getdebian/15.4-5Steve McIntyre
Don't fail if they return errors.
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-16 23:00:38 +0000