Add obsoletes and provides to fix errors in shim-unsigned upgrade to shim#11245
Merged
christopherco merged 2 commits into3.0-devfrom Dec 2, 2024
Merged
Add obsoletes and provides to fix errors in shim-unsigned upgrade to shim#11245christopherco merged 2 commits into3.0-devfrom
christopherco merged 2 commits into3.0-devfrom
Conversation
Prior ARM64 images and installations historically used "shim-unsigned" v15.4 in order to boot without Secure Boot enforcing. To ensure a seamless upgrade experience from the older unsigned shim to this new signed shim, include additional RPM dependency logic so older installations will upgrade cleanly from the unsigned shim v15.4 to this new signed version of the shim v15.8+ Signed-off-by: Chris Co <chrco@microsoft.com>
christopherco
changed the title
gjswalling
approved these changes
Nov 29, 2024
Unlike dnf, our current tdnf does not gracefully handle Obsoletes properly. When the user runs "tdnf install shim-unsigned". The proper behavior with Obsoletes only in place is for this transaction to complete with nothing to do, which is what dnf does. However tdnf still attempts to perform the transaction, which yields undesired results. As a workaround to tdnf's lack of correct support of Obsoletes, add an additional Provides to the shim package to have it "provide" for shim-unsigned as well. This workaround can be removed when tdnf is updated with proper RPM Obsoletes behavior. Signed-off-by: Chris Co <chrco@microsoft.com>
christopherco
changed the title
Collaborator
Author
jslobodzian
approved these changes
Dec 2, 2024
arc9693
pushed a commit
that referenced
this pull request
Dec 12, 2024
…shim (#11245) Prior ARM64 images and installations historically used "shim-unsigned" v15.4 in order to boot without Secure Boot enforcing. To ensure a seamless upgrade experience from the older unsigned shim to this new signed shim, include additional RPM dependency logic (Obsoletes on "shim-unsigned" so older installations with "shim-unsigned" installed will upgrade cleanly from the unsigned shim v15.4 to this new signed version of the shim v15.8+ Unlike dnf, our current tdnf does not gracefully handle Obsoletes properly. When the user runs "tdnf install shim-unsigned". The proper behavior with Obsoletes only in place is for this transaction to complete with nothing to do, which is what dnf does. However tdnf still attempts to perform the transaction, which yields undesired results. As a workaround to tdnf's lack of correct support of Obsoletes, add an additional Provides to the shim package to have it "provide" for shim-unsigned as well. This workaround can be removed when tdnf is updated with proper RPM Obsoletes behavior. Signed-off-by: Chris Co <chrco@microsoft.com>
durgajagadeesh
pushed a commit
to durgajagadeesh/azurelinux_djpalli
that referenced
this pull request
Dec 31, 2024
…shim (microsoft#11245) Prior ARM64 images and installations historically used "shim-unsigned" v15.4 in order to boot without Secure Boot enforcing. To ensure a seamless upgrade experience from the older unsigned shim to this new signed shim, include additional RPM dependency logic (Obsoletes on "shim-unsigned" so older installations with "shim-unsigned" installed will upgrade cleanly from the unsigned shim v15.4 to this new signed version of the shim v15.8+ Unlike dnf, our current tdnf does not gracefully handle Obsoletes properly. When the user runs "tdnf install shim-unsigned". The proper behavior with Obsoletes only in place is for this transaction to complete with nothing to do, which is what dnf does. However tdnf still attempts to perform the transaction, which yields undesired results. As a workaround to tdnf's lack of correct support of Obsoletes, add an additional Provides to the shim package to have it "provide" for shim-unsigned as well. This workaround can be removed when tdnf is updated with proper RPM Obsoletes behavior. Signed-off-by: Chris Co <chrco@microsoft.com>
SumitJenaHCL
pushed a commit
to SumitJenaHCL/azurelinux
that referenced
this pull request
Feb 24, 2025
…shim (microsoft#11245) Prior ARM64 images and installations historically used "shim-unsigned" v15.4 in order to boot without Secure Boot enforcing. To ensure a seamless upgrade experience from the older unsigned shim to this new signed shim, include additional RPM dependency logic (Obsoletes on "shim-unsigned" so older installations with "shim-unsigned" installed will upgrade cleanly from the unsigned shim v15.4 to this new signed version of the shim v15.8+ Unlike dnf, our current tdnf does not gracefully handle Obsoletes properly. When the user runs "tdnf install shim-unsigned". The proper behavior with Obsoletes only in place is for this transaction to complete with nothing to do, which is what dnf does. However tdnf still attempts to perform the transaction, which yields undesired results. As a workaround to tdnf's lack of correct support of Obsoletes, add an additional Provides to the shim package to have it "provide" for shim-unsigned as well. This workaround can be removed when tdnf is updated with proper RPM Obsoletes behavior. Signed-off-by: Chris Co <chrco@microsoft.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Merge Checklist
All boxes should be checked before merging the PR (just tick any boxes which don't apply to this PR)
*-staticsubpackages, etc.) have had theirReleasetag incremented../cgmanifest.json,./toolkit/scripts/toolchain/cgmanifest.json,.github/workflows/cgmanifest.json)./LICENSES-AND-NOTICES/SPECS/data/licenses.json,./LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md,./LICENSES-AND-NOTICES/SPECS/LICENSE-EXCEPTIONS.PHOTON)*.signatures.jsonfilessudo make go-tidy-allandsudo make go-test-coveragepassSummary
Prior ARM64 images and installations historically used "shim-unsigned" v15.4 in order to boot without Secure Boot enforcing.
To ensure a seamless upgrade experience from the older unsigned shim to this new signed shim, include additional RPM dependency logic (Obsoletes on "shim-unsigned" so older installations with "shim-unsigned" installed will upgrade cleanly from the unsigned shim v15.4 to this new signed version of the shim v15.8+
Unlike dnf, our current tdnf does not gracefully handle Obsoletes properly.
When the user runs "tdnf install shim-unsigned". The proper
behavior with Obsoletes only in place is for this transaction to
complete with nothing to do, which is what dnf does. However tdnf still
attempts to perform the transaction, which yields undesired results.
As a workaround to tdnf's lack of correct support of Obsoletes, add an
additional Provides to the shim package to have it "provide" for
shim-unsigned as well.
This workaround can be removed when tdnf is updated with proper RPM
Obsoletes behavior.
Signed-off-by: Chris Co chrco@microsoft.com
Does this affect the toolchain?
NO
Associated issues
Test Methodology