1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.RC

  • Bug#1069410: NMU fix actually removed files from the package

    From Yves-Alexis Perez@21:1/5 to All on Tue Feb 25 11:10:01 2025
    Hi,

    it seems that the efitools NMU actually broke the package (at least for
    my use case).

    efitools 1.9.2-3 contains multiple .efi binaries in /u/l/*/efitools, for example on amd64 (https://packages.debian.org/bookworm/amd64/efitools/filelist):

    /usr/lib/efitools/x86_64-linux-gnu/HashTool.efi /usr/lib/efitools/x86_64-linux-gnu/HelloWorld.efi /usr/lib/efitools/x86_64-linux-gnu/KeyTool.efi /usr/lib/efitools/x86_64-linux-gnu/Loader.efi /usr/lib/efitools/x86_64-linux-gnu/LockDown.efi /usr/lib/efitools/x86_64-linux-gnu/ReadVars.efi /usr/lib/efitools/x86_64-linux-gnu/SetNull.efi /usr/lib/efitools/x86_64-linux-gnu/ShimReplace.efi /usr/lib/efitools/x86_64-linux-gnu/UpdateVars.efi

    With 1.9.2-3.1 none of those efi binaries are present: https://packages.debian.org/sid/amd64/efitools/filelist

    Maybe there's a problem building the HelloWorld.efi binary but please
    keep providing all the other ones.

    Regards,
    --
    Yves-Alexis

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Luca Boccassi@21:1/5 to Yves-Alexis Perez on Tue Feb 25 11:10:01 2025
    On Tue, 25 Feb 2025 at 09:57, Yves-Alexis Perez <corsac@debian.org> wrote:

    Hi,

    it seems that the efitools NMU actually broke the package (at least for
    my use case).

    efitools 1.9.2-3 contains multiple .efi binaries in /u/l/*/efitools, for example on amd64 (https://packages.debian.org/bookworm/amd64/efitools/filelist):

    /usr/lib/efitools/x86_64-linux-gnu/HashTool.efi /usr/lib/efitools/x86_64-linux-gnu/HelloWorld.efi /usr/lib/efitools/x86_64-linux-gnu/KeyTool.efi /usr/lib/efitools/x86_64-linux-gnu/Loader.efi /usr/lib/efitools/x86_64-linux-gnu/LockDown.efi /usr/lib/efitools/x86_64-linux-gnu/ReadVars.efi /usr/lib/efitools/x86_64-linux-gnu/SetNull.efi /usr/lib/efitools/x86_64-linux-gnu/ShimReplace.efi /usr/lib/efitools/x86_64-linux-gnu/UpdateVars.efi

    With 1.9.2-3.1 none of those efi binaries are present: https://packages.debian.org/sid/amd64/efitools/filelist

    Maybe there's a problem building the HelloWorld.efi binary but please
    keep providing all the other ones.

    As far as I can understand those do not build anymore, and that's why
    they were disabled.

    Would you be able to provide a patch that fixes them?

    efitools provides the only set of tools available to deal with
    authvars with detached signatures, so having it in trixie without the
    efi binaries seems better to me than not having it at all, as it was
    the case until now...

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Yves-Alexis Perez@21:1/5 to Yves-Alexis Perez on Tue Feb 25 11:40:01 2025
    On Tue, Feb 25, 2025 at 11:13:40AM +0100, Yves-Alexis Perez wrote:
    On Tue, Feb 25, 2025 at 10:03:37AM +0000, Luca Boccassi wrote:
    On Tue, 25 Feb 2025 at 09:57, Yves-Alexis Perez <corsac@debian.org> wrote: Would you be able to provide a patch that fixes them?

    Unfortunately no, but I only discovered the bug today while trying to
    use KeyTool.efi and not finding it. Is upstream aware of the issue?

    So I did a quick test by reverting the changes to the Makefile disabling
    the EFI binaries build and it *seems* to actually work just fine, at
    least here on my box.

    It's really a smoke test but I'm not sure how well the Ubuntu changes
    have been checked. It seems to me they did a lot of work to fix the
    FTBFS but the "stop building EFI binaries" might be unrelated.

    Regards,
    --
    Yves-Alexis Perez

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Luca Boccassi@21:1/5 to locutusofborg@debian.org on Thu Mar 13 14:30:01 2025
    On Wed, 12 Mar 2025 22:34:01 +0100 Gianfranco Costamagna <locutusofborg@debian.org> wrote:
    On Tue, 25 Feb 2025 11:27:36 +0100 Yves-Alexis Perez
    <corsac@debian.org> wrote:
    On Tue, Feb 25, 2025 at 11:26:58AM +0100, Yves-Alexis Perez wrote:
    On Tue, Feb 25, 2025 at 11:13:40AM +0100, Yves-Alexis Perez
    wrote:
    On Tue, Feb 25, 2025 at 10:03:37AM +0000, Luca Boccassi wrote:
    On Tue, 25 Feb 2025 at 09:57, Yves-Alexis Perez
    <corsac@debian.org> wrote:
    Would you be able to provide a patch that fixes them?

    Unfortunately no, but I only discovered the bug today while
    trying to
    use KeyTool.efi and not finding it. Is upstream aware of the
    issue?

    So I did a quick test by reverting the changes to the Makefile
    disabling
    the EFI binaries build and it *seems* to actually work just fine,
    at
    least here on my box.

    It's really a smoke test but I'm not sure how well the Ubuntu
    changes
    have been checked. It seems to me they did a lot of work to fix
    the
    FTBFS but the "stop building EFI binaries" might be unrelated.

    Here's the (trivial) patch I used.
    --
    Yves-Alexis Perez

    Hello, I took your patch to simplify the other one coming from
    Ubuntu.
    I also did some test in ppa, and the reason for the build to fail in
    Ubuntu
    was a missing symbol related to stack guards during build.
    I disabled stack-protector and uploaded in sid, now we should have
    everything back!

    Thanks for taking care of that - but unfortunately it looks like the
    FTFBS on arm64 is back with this upload:

    https://buildd.debian.org/status/fetch.php?pkg=efitools&arch=arm64&ver=1.9.2-3.3&stamp=1741817188&raw=0

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)