Bug 1784546

Summary: shim-unsigned-x64: FTBFS in Fedora, hasn't been rebuilt since Fedora 28
Product: [Fedora] Fedora Reporter: Miro Hrončok <mhroncok>
Component: shim-unsigned-x64Assignee: Peter Jones <pjones>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: 32CC: bcotton, pbrobinson, pjones, rharwood, tomek
Target Milestone: ---Flags: bcotton: fedora_prioritized_bug-
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
URL: https://koschei.fedoraproject.org/package/shim-unsigned-x64
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-04-29 17:27:39 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1700317, 1750908, 1674516, 1803234, 1938630    

Description Miro Hrončok 2019-12-17 16:58:58 UTC
Description of problem:
Package shim-unsigned-x64 fails to build from source in Fedora rawhide, Fedora 31 and Fedora 30. It has been not rebuilt since Fedora 28.

According to the policy, it is set to be retired cca a week before the branching. That is during the first week of February 2020.

https://docs.fedoraproject.org/en-US/fesco/Fails_to_build_from_source_Fails_to_install/
https://fedorapeople.org/groups/schedule/f-32/f-32-key-tasks.html

I am afraid that this might be a crucial package and its retirement might hurt the Fedora project, hence I am opening this bugzilla. Please rebuild the package to avoid the retirement.

If rebuilding is not possible nor desired, please work with FESCo to get a policy exception.

Version-Release number of selected component (if applicable):
15-1.fc28

Steps to Reproduce:
$ fedpkg build

Additional info:
This package is tracked by Koschei. See:
https://koschei.fedoraproject.org/package/shim-unsigned-x64

The build log says:

gcc: command not found

I will see if that's the only problem.

Comment 1 Miro Hrončok 2019-12-17 17:03:54 UTC
(In reply to Miro Hrončok from comment #0)
> The build log says:
> 
> gcc: command not found
> 
> I will see if that's the only problem.

The current problem is:

In file included from /builddir/build/BUILD/shim-13/netboot.c:36:
/usr/include/efi/efi.h:41:10: fatal error: efibind.h: No such file or directory
   41 | #include "efibind.h"
      |          ^~~~~~~~~~~
compilation terminated.

Comment 2 Fedora Release Engineering 2019-12-29 04:23:15 UTC
Dear Maintainer,

your package has not been built successfully in 31. Action is required from you.

If you can fix your package to build, perform a build in koji, and either create
an update in bodhi, or close this bug without creating an update, if updating is
not appropriate [1]. If you are working on a fix, set the status to ASSIGNED to
acknowledge this. Following the latest policy for such packages [2], your package
will be orphaned if this bug remains in NEW state more than 8 weeks.

A week before the mass branching of Fedora 32 according to the schedule [3],
any packages not successfully rebuilt at least on Fedora 30 will be
retired regardless of the status of this bug.

[1] https://fedoraproject.org/wiki/Updates_Policy
[2] https://docs.fedoraproject.org/en-US/fesco/Fails_to_build_from_source_Fails_to_install/
[3] https://fedoraproject.org/wiki/Releases/32/Schedule

Comment 3 Peter Robinson 2019-12-31 12:07:11 UTC
Actually looks like an issue with gnu-efi. Also note due to secure-boot signing ACL requirements this package can only be built by people in the ACL.

Comment 4 Miro Hrončok 2020-01-06 12:44:07 UTC
Nominating as prioritized bug, because, as said on the devel mailing list, we want booting x86 images with secure-boot.

Comment 5 Peter Jones 2020-01-06 20:01:47 UTC
Right now the plan for this is to rebuild it when the next version of shim is released, which will happen once I've gotten sufficient feedback on the proposed openssl changes.  It really doesn't matter that it hasn't been rebuilt, the current build works just fine and it doesn't link against anything at all in the distro.

Comment 6 Ben Cotton 2020-01-15 19:54:37 UTC
Discussed in today's Prioritized Bugs meeting. Rejected as a prioritized bug since it is not a bug, but an edge case in policy. shim, shim-unsigned-x64, and shim-unsigned-aarch64 should be excepted from the long-term FTBFS cleanup.

Comment 7 Miro Hrončok 2020-01-16 08:30:29 UTC
Peter, will you please request the exception trough https://pagure.io/fesco/issues ? You know the technical reasons why this package should not follow the policy.

Comment 8 Ben Cotton 2020-02-11 17:35:16 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 32 development cycle.
Changing version to 32.

Comment 9 Fedora Program Management 2021-04-29 16:51:10 UTC
This message is a reminder that Fedora 32 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora 32 on 2021-05-25.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
Fedora 'version' of '32'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora 32 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora, you are encouraged  change the 'version' to a later Fedora 
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.