<feed xmlns='http://www.w3.org/2005/Atom'>
<title>shim-signed.git/debian/shim-signed.preinst.in, branch rolling</title>
<subtitle>VyOS code for the shim-signed package (mirror of https://github.com/vyos/shim-signed.git)
</subtitle>
<id>https://git.amelek.net/vyos/shim-signed.git/atom?h=rolling</id>
<link rel='self' href='https://git.amelek.net/vyos/shim-signed.git/atom?h=rolling'/>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/shim-signed.git/'/>
<updated>2026-05-19T22:45:00+00:00</updated>
<entry>
<title>Fix up stupid omission in the previous package upload</title>
<updated>2026-05-19T22:45:00+00:00</updated>
<author>
<name>Steve McIntyre</name>
<email>steve@einval.com</email>
</author>
<published>2026-05-19T22:45:00+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/shim-signed.git/commit/?id=d94c2b0f2abfe9873e0ebad99a43f9b160397df3'/>
<id>urn:sha1:d94c2b0f2abfe9873e0ebad99a43f9b160397df3</id>
<content type='text'>
the changes in 1.49 did not take into account the "SecureBoot enabled"
case when adding a default error trap. Closes: #1137098, #1137101.
</content>
</entry>
<entry>
<title>Make mokutil parsing more robust. Closes: #1137063</title>
<updated>2026-05-19T08:43:36+00:00</updated>
<author>
<name>Steve McIntyre</name>
<email>steve@einval.com</email>
</author>
<published>2026-05-19T08:43:36+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/shim-signed.git/commit/?id=1c4e702c99a185924a847ba464cd2205796ecce2'/>
<id>urn:sha1:1c4e702c99a185924a847ba464cd2205796ecce2</id>
<content type='text'>
Cope with "Platform is in Setup Mode" message
If we get any other unexpected output, print what we got for debugging.
</content>
</entry>
<entry>
<title>Switch to using debconf to display signature errors</title>
<updated>2026-05-17T23:56:13+00:00</updated>
<author>
<name>Steve McIntyre</name>
<email>steve@einval.com</email>
</author>
<published>2026-05-17T23:52:29+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/shim-signed.git/commit/?id=04a3449adcd413433c45774ac7b150ededaa1c4e'/>
<id>urn:sha1:04a3449adcd413433c45774ac7b150ededaa1c4e</id>
<content type='text'>
</content>
</entry>
<entry>
<title>Update changelog</title>
<updated>2026-05-17T21:49:28+00:00</updated>
<author>
<name>Steve McIntyre</name>
<email>steve@einval.com</email>
</author>
<published>2026-05-17T21:46:17+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/shim-signed.git/commit/?id=5bf524a5960e24df055123cb491d52fe8f265c94'/>
<id>urn:sha1:5bf524a5960e24df055123cb491d52fe8f265c94</id>
<content type='text'>
</content>
</entry>
<entry>
<title>Add more text to the failure messsage</title>
<updated>2026-05-17T21:45:41+00:00</updated>
<author>
<name>Steve McIntyre</name>
<email>steve@einval.com</email>
</author>
<published>2026-05-17T21:45:41+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/shim-signed.git/commit/?id=ca8556f025821178897986b431bf1bfdc38abb09'/>
<id>urn:sha1:ca8556f025821178897986b431bf1bfdc38abb09</id>
<content type='text'>
And link to a wiki page for more info. Need to write that page!
</content>
</entry>
<entry>
<title>Move shim signature checks to preinst</title>
<updated>2026-05-17T21:40:01+00:00</updated>
<author>
<name>Steve McIntyre</name>
<email>steve@einval.com</email>
</author>
<published>2026-05-17T21:34:26+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/shim-signed.git/commit/?id=32c23f8e7c8dace4677a5393a86cb91857630ff0'/>
<id>urn:sha1:32c23f8e7c8dace4677a5393a86cb91857630ff0</id>
<content type='text'>
It's safer to do it here before a new shim is installed.

As we don't have any files installed at this point, we can't look up
knowwn signatures from a file. Instead, we now substitute the
signature fingerprints directly into shim-signed.preinst at package
build time.

Put the postinst back to where it was before the signature checks were
added.
</content>
</entry>
</feed>
