<feed xmlns='http://www.w3.org/2005/Atom'>
<title>shim-signed.git/debian/shim-signed.install, branch rolling</title>
<subtitle>VyOS code for the shim-signed package (mirror of https://github.com/vyos/shim-signed.git)
</subtitle>
<id>https://git.amelek.net/vyos/shim-signed.git/atom?h=rolling</id>
<link rel='self' href='https://git.amelek.net/vyos/shim-signed.git/atom?h=rolling'/>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/shim-signed.git/'/>
<updated>2026-05-17T21:40:01+00:00</updated>
<entry>
<title>Move shim signature checks to preinst</title>
<updated>2026-05-17T21:40:01+00:00</updated>
<author>
<name>Steve McIntyre</name>
<email>steve@einval.com</email>
</author>
<published>2026-05-17T21:34:26+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/shim-signed.git/commit/?id=32c23f8e7c8dace4677a5393a86cb91857630ff0'/>
<id>urn:sha1:32c23f8e7c8dace4677a5393a86cb91857630ff0</id>
<content type='text'>
It's safer to do it here before a new shim is installed.

As we don't have any files installed at this point, we can't look up
knowwn signatures from a file. Instead, we now substitute the
signature fingerprints directly into shim-signed.preinst at package
build time.

Put the postinst back to where it was before the signature checks were
added.
</content>
</entry>
<entry>
<title>Grab the sha1 fingerprint of each used cert as we match them</title>
<updated>2026-05-14T05:38:14+00:00</updated>
<author>
<name>Steve McIntyre</name>
<email>steve@einval.com</email>
</author>
<published>2026-05-13T23:18:16+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/shim-signed.git/commit/?id=51d7291fc779e9c961c942fb503ffa2d02205b3c'/>
<id>urn:sha1:51d7291fc779e9c961c942fb503ffa2d02205b3c</id>
<content type='text'>
Later, install that data alongside the shim binaries in the package.

We can then use this data to check that we can boot the signed shim
we're installing.
</content>
</entry>
<entry>
<title>Separate the helper scripts into a new shim-signed-common package</title>
<updated>2019-05-27T21:11:51+00:00</updated>
<author>
<name>Steve McIntyre</name>
<email>steve@einval.com</email>
</author>
<published>2019-05-27T21:11:51+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/shim-signed.git/commit/?id=f3393e69ed073007cda61d57c60e5c907c4faf51'/>
<id>urn:sha1:f3393e69ed073007cda61d57c60e5c907c4faf51</id>
<content type='text'>
Separate this from the actual signed shim binaries so that we can
sensibly support co-installability using Multi-Arch. Closes: #928486
</content>
</entry>
<entry>
<title>Install the correct binary for this arch</title>
<updated>2019-04-22T17:08:21+00:00</updated>
<author>
<name>Steve McIntyre</name>
<email>steve@einval.com</email>
</author>
<published>2019-04-22T17:08:21+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/shim-signed.git/commit/?id=4bb62853d6562ff75a1c292ac38444106fd88036'/>
<id>urn:sha1:4bb62853d6562ff75a1c292ac38444106fd88036</id>
<content type='text'>
</content>
</entry>
<entry>
<title>Import Debian version 1.28</title>
<updated>2019-03-06T21:15:15+00:00</updated>
<author>
<name>Steve Langasek</name>
<email>vorlon@debian.org</email>
</author>
<published>2017-04-14T21:44:06+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/shim-signed.git/commit/?id=bf3018eb1399f512672127987fbc134e898d3102'/>
<id>urn:sha1:bf3018eb1399f512672127987fbc134e898d3102</id>
<content type='text'>
shim-signed (1.28) unstable; urgency=medium

  * Initial Debian upload, based on Ubuntu package.
</content>
</entry>
</feed>
