/srv/irclogs.ubuntu.com/2013/08/24/#ubuntu-release.txt

RAOFslangasek: You're busy, but at some point I want to pick your brains about why I can't seem to get Ubuntu to secure-boot on this laptop. Just a heads up.00:15
slangasekRAOF: ASUS?00:43
RAOFslangasek: System7600:44
RAOFSo this is purely opt-in.00:44
slangasekhmm!00:44
slangasekwhich keys does System76 ship in KEK?00:44
slangasek+db00:44
RAOFNone; I've added my own.00:44
slangasekoh. your own personal keys, or the Canonical key?00:44
RAOFPersonal key in the PK, personal, Canonical, and MS keys in KEK & DB00:45
RAOFRoughly following https://wiki.ubuntu.com/SecurityTeam/SecureBoot and http://jk.ozlabs.org/docs/sbkeysync-maintaing-uefi-key-databases/00:46
slangasekand what's the behavior you're seeing?00:47
RAOFWindows boots fine, but Ubuntu fails to verify.00:47
RAOFsbverify claims that /boot/efi/EFI/ubuntu/grubx64.whatever has a valid signature from the Canonical public key, though.00:48
slangasekand you're booting grub directly, or via shim?00:52
RAOFBooting to grub directly00:53
slangasekwell hmm00:53
slangasekand you're sure you have the signing key in db, not the CA key?00:54
RAOFHm. I may have the CA key in db.00:55
slangasekRAOF: you can dump the var via  /sys/firmware/efi/efivars/db-d719b2cb-3d3a-4596-a3bc-dad00e67656f01:00
RAOFAh, yeah. Got the CA key in there.01:05
RAOFI need the signing key instead, I take it?01:06
slangasekRAOF: yep01:09
darkxstinfinity, stgraber, can I get ddebs enabled on ppa:gnome3-team/gnome3-next01:10
infinitydarkxst: I suspect the people who can twiddle that are all gone for the week.01:11
RAOFslangasek: Ta. I'll give that a try after I finish bashing my head on X01:11
slangasek:-)01:11
darkxstinfinity, ok, will try again next week then01:12
RAOFTo be clear - I'd need the CA key in KEK and the signing key in db, right?01:12
RAOFOr just the signing key everywhere?01:12
infinitydarkxst: Asking through answers.lp.net may get someone to see it if/when they're bored, or just poke me on Monday, and I'll get someone to do it.01:12
darkxstinfinity, ok thanks, Monday is fine01:14
slangasekRAOF: yep, CA key in KEK, signing key in db01:17
slangasekthat's the standard config01:17
phillwIf there is someone available, could you tell me the difference between sudo do-release-upgrade and the apt-get update & dist-upgrade route?01:54
phillwbrian intimated that they are not the same.01:55
ScottKThey aren't.  The first one uses ubuntu-release-upgrader.  To really understand the difference you probably need to look at the code, but the simple version is it does lots of special casing to make release upgrades smoother.02:09
ScottKYou could ask that on -devel.  It's nothing to do with the release team.02:09
phillwScottK: thanks, heading there now :)02:13
=== Ursinha is now known as Ursinha-afk
=== Ursinha-afk is now known as Ursinha
Laneyplease to promote ubuntu-wallpapers-saucy08:10
infinityLaney: Iz done.08:35
RAOFslangasek: Thanks; now that I've got the Canonical signing key in db everything works marvelously.09:37
xnoxPlease reject ocaml-estrings from saucy new queue, its orig tarball is full of .... upstream .git/objects14:55
xnoxslangasek: thanks.15:13
slangasekwasna me15:13
slangaseksome other archive admin working on the weekend and not fessing up :)15:13
infinityIf only it emailed the uploader so you knew who rejected it.15:13
xnox=)15:29
=== Ursinha-afk is now known as Ursinha
=== charles_ is now known as charles

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!