Description of problem:
Package shim-unsigned-x64 fails to build from source in Fedora rawhide, Fedora 31 and Fedora 30. It has been not rebuilt since Fedora 28.
According to the policy, it is set to be retired cca a week before the branching. That is during the first week of February 2020.
I am afraid that this might be a crucial package and its retirement might hurt the Fedora project, hence I am opening this bugzilla. Please rebuild the package to avoid the retirement.
If rebuilding is not possible nor desired, please work with FESCo to get a policy exception.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
$ fedpkg build
This package is tracked by Koschei. See:
The build log says:
gcc: command not found
I will see if that's the only problem.
(In reply to Miro Hrončok from comment #0)
> The build log says:
> gcc: command not found
> I will see if that's the only problem.
The current problem is:
In file included from /builddir/build/BUILD/shim-13/netboot.c:36:
/usr/include/efi/efi.h:41:10: fatal error: efibind.h: No such file or directory
41 | #include "efibind.h"
your package has not been built successfully in 31. Action is required from you.
If you can fix your package to build, perform a build in koji, and either create
an update in bodhi, or close this bug without creating an update, if updating is
not appropriate . If you are working on a fix, set the status to ASSIGNED to
acknowledge this. Following the latest policy for such packages , your package
will be orphaned if this bug remains in NEW state more than 8 weeks.
A week before the mass branching of Fedora 32 according to the schedule ,
any packages not successfully rebuilt at least on Fedora 30 will be
retired regardless of the status of this bug.
Actually looks like an issue with gnu-efi. Also note due to secure-boot signing ACL requirements this package can only be built by people in the ACL.
Nominating as prioritized bug, because, as said on the devel mailing list, we want booting x86 images with secure-boot.
Right now the plan for this is to rebuild it when the next version of shim is released, which will happen once I've gotten sufficient feedback on the proposed openssl changes. It really doesn't matter that it hasn't been rebuilt, the current build works just fine and it doesn't link against anything at all in the distro.
Discussed in today's Prioritized Bugs meeting. Rejected as a prioritized bug since it is not a bug, but an edge case in policy. shim, shim-unsigned-x64, and shim-unsigned-aarch64 should be excepted from the long-term FTBFS cleanup.
Peter, will you please request the exception trough https://pagure.io/fesco/issues ? You know the technical reasons why this package should not follow the policy.
This bug appears to have been reported against 'rawhide' during the Fedora 32 development cycle.
Changing version to 32.
This message is a reminder that Fedora 32 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora 32 on 2021-05-25.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
Fedora 'version' of '32'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version'
to a later Fedora version.
Thank you for reporting this issue and we are sorry that we were not
able to fix it before Fedora 32 is end of life. If you would still like
to see this bug fixed and are able to reproduce it against a later version
of Fedora, you are encouraged change the 'version' to a later Fedora
version prior this bug is closed as described in the policy above.
Although we aim to fix as many bugs as possible during every release's
lifetime, sometimes those efforts are overtaken by events. Often a
more recent Fedora release includes newer upstream software that fixes
bugs or makes them obsolete.